@okta/okta-auth-js 6.3.2 → 6.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +28 -0
- package/README.md +6 -0
- package/cjs/AuthStateManager.js +1 -0
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +10 -11
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/TokenManager.js.map +1 -1
- package/cjs/crypto/verifyToken.js +2 -1
- package/cjs/crypto/verifyToken.js.map +1 -1
- package/cjs/errors/AuthApiError.js.map +1 -1
- package/cjs/errors/OAuthError.js +7 -1
- package/cjs/errors/OAuthError.js.map +1 -1
- package/cjs/fetch/fetchRequest.js +17 -3
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/request.js +7 -3
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/idxState/index.js +55 -0
- package/cjs/idx/idxState/index.js.map +1 -0
- package/cjs/idx/{idx-js → idxState}/v1/actionParser.js +1 -0
- package/cjs/idx/idxState/v1/actionParser.js.map +1 -0
- package/cjs/idx/{idx-js → idxState}/v1/generateIdxAction.js +43 -30
- package/cjs/idx/idxState/v1/generateIdxAction.js.map +1 -0
- package/cjs/idx/{idx-js → idxState}/v1/idxResponseParser.js +8 -8
- package/cjs/idx/idxState/v1/idxResponseParser.js.map +1 -0
- package/cjs/idx/{idx-js → idxState}/v1/makeIdxState.js +3 -2
- package/cjs/idx/idxState/v1/makeIdxState.js.map +1 -0
- package/cjs/idx/{idx-js → idxState}/v1/parsers.js +1 -0
- package/cjs/idx/idxState/v1/parsers.js.map +1 -0
- package/cjs/idx/{idx-js → idxState}/v1/remediationParser.js +4 -2
- package/cjs/idx/idxState/v1/remediationParser.js.map +1 -0
- package/cjs/idx/interact.js +42 -21
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +37 -12
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/remediate.js +56 -132
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorVerificationData.js +7 -6
- package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +12 -2
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
- package/cjs/idx/remediators/Skip.js.map +1 -1
- package/cjs/idx/run.js +16 -12
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/types/idx-js.js +2 -0
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +0 -138
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/idx/util.js +127 -5
- package/cjs/idx/util.js.map +1 -1
- package/cjs/server/serverStorage.js +1 -0
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/types/Token.js +0 -1
- package/cjs/types/Token.js.map +1 -1
- package/cjs/util/object.js.map +1 -1
- package/cjs/util/types.js.map +1 -1
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.umd.js +1 -1
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/esm.browser.js +599 -684
- package/esm/esm.browser.js.map +1 -1
- package/esm/esm.node.mjs +599 -684
- package/esm/esm.node.mjs.map +1 -1
- package/lib/TokenManager.d.ts +2 -2
- package/lib/errors/OAuthError.d.ts +2 -0
- package/lib/idx/flow/RemediationFlow.d.ts +2 -2
- package/lib/idx/idxState/index.d.ts +7 -0
- package/lib/idx/{idx-js → idxState}/v1/actionParser.d.ts +0 -0
- package/lib/idx/{idx-js → idxState}/v1/generateIdxAction.d.ts +3 -1
- package/lib/idx/{idx-js → idxState}/v1/idxResponseParser.d.ts +3 -2
- package/lib/idx/{idx-js → idxState}/v1/makeIdxState.d.ts +3 -2
- package/lib/idx/{idx-js → idxState}/v1/parsers.d.ts +0 -0
- package/lib/idx/{idx-js → idxState}/v1/remediationParser.d.ts +2 -1
- package/lib/idx/interact.d.ts +22 -0
- package/lib/idx/remediate.d.ts +9 -12
- package/lib/idx/remediators/AuthenticatorEnrollmentData.d.ts +1 -2
- package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +3 -3
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +3 -4
- package/lib/idx/remediators/Base/Remediator.d.ts +8 -4
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +2 -3
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +3 -4
- package/lib/idx/remediators/ChallengeAuthenticator.d.ts +1 -2
- package/lib/idx/remediators/EnrollAuthenticator.d.ts +1 -2
- package/lib/idx/remediators/EnrollPoll.d.ts +1 -2
- package/lib/idx/remediators/EnrollProfile.d.ts +1 -2
- package/lib/idx/remediators/EnrollmentChannelData.d.ts +1 -2
- package/lib/idx/remediators/Identify.d.ts +1 -2
- package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +1 -2
- package/lib/idx/remediators/ResetAuthenticator.d.ts +1 -2
- package/lib/idx/remediators/SelectAuthenticatorAuthenticate.d.ts +1 -2
- package/lib/idx/remediators/SelectAuthenticatorEnroll.d.ts +1 -2
- package/lib/idx/remediators/SelectAuthenticatorUnlockAccount.d.ts +1 -2
- package/lib/idx/remediators/SelectEnrollProfile.d.ts +1 -2
- package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +1 -2
- package/lib/idx/remediators/Skip.d.ts +1 -2
- package/lib/idx/types/idx-js.d.ts +5 -2
- package/lib/idx/types/index.d.ts +26 -17
- package/lib/idx/util.d.ts +7 -4
- package/lib/types/EventEmitter.d.ts +3 -3
- package/lib/types/Service.d.ts +6 -6
- package/lib/types/Storage.d.ts +6 -6
- package/lib/types/TokenManager.d.ts +5 -2
- package/lib/types/UserClaims.d.ts +1 -1
- package/lib/util/types.d.ts +1 -1
- package/package.json +9 -10
- package/cjs/idx/headers.js +0 -59
- package/cjs/idx/headers.js.map +0 -1
- package/cjs/idx/idx-js/client.js +0 -91
- package/cjs/idx/idx-js/client.js.map +0 -1
- package/cjs/idx/idx-js/index.js +0 -40
- package/cjs/idx/idx-js/index.js.map +0 -1
- package/cjs/idx/idx-js/interact.js +0 -83
- package/cjs/idx/idx-js/interact.js.map +0 -1
- package/cjs/idx/idx-js/introspect.js +0 -62
- package/cjs/idx/idx-js/introspect.js.map +0 -1
- package/cjs/idx/idx-js/parsers.js +0 -41
- package/cjs/idx/idx-js/parsers.js.map +0 -1
- package/cjs/idx/idx-js/util.js +0 -34
- package/cjs/idx/idx-js/util.js.map +0 -1
- package/cjs/idx/idx-js/v1/actionParser.js.map +0 -1
- package/cjs/idx/idx-js/v1/generateIdxAction.js.map +0 -1
- package/cjs/idx/idx-js/v1/idxResponseParser.js.map +0 -1
- package/cjs/idx/idx-js/v1/makeIdxState.js.map +0 -1
- package/cjs/idx/idx-js/v1/parsers.js.map +0 -1
- package/cjs/idx/idx-js/v1/remediationParser.js.map +0 -1
- package/lib/idx/headers.d.ts +0 -16
- package/lib/idx/idx-js/client.d.ts +0 -36
- package/lib/idx/idx-js/index.d.ts +0 -35
- package/lib/idx/idx-js/interact.d.ts +0 -25
- package/lib/idx/idx-js/introspect.d.ts +0 -21
- package/lib/idx/idx-js/parsers.d.ts +0 -15
- package/lib/idx/idx-js/util.d.ts +0 -12
package/cjs/idx/interact.js
CHANGED
|
@@ -1,11 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
-
|
|
5
3
|
exports.interact = interact;
|
|
6
4
|
|
|
7
|
-
var _idxJs = _interopRequireDefault(require("./idx-js"));
|
|
8
|
-
|
|
9
5
|
var _transactionMeta = require("./transactionMeta");
|
|
10
6
|
|
|
11
7
|
var _oidc = require("../oidc");
|
|
@@ -14,6 +10,8 @@ var _ = require(".");
|
|
|
14
10
|
|
|
15
11
|
var _util = require("../util");
|
|
16
12
|
|
|
13
|
+
var _http = require("../http");
|
|
14
|
+
|
|
17
15
|
/* eslint-disable @typescript-eslint/no-non-null-assertion */
|
|
18
16
|
|
|
19
17
|
/*!
|
|
@@ -29,6 +27,8 @@ var _util = require("../util");
|
|
|
29
27
|
*/
|
|
30
28
|
|
|
31
29
|
/* eslint complexity:[0,8] */
|
|
30
|
+
|
|
31
|
+
/* eslint-enable camelcase */
|
|
32
32
|
function getResponse(meta) {
|
|
33
33
|
return {
|
|
34
34
|
meta,
|
|
@@ -39,7 +39,7 @@ function getResponse(meta) {
|
|
|
39
39
|
|
|
40
40
|
|
|
41
41
|
async function interact(authClient, options = {}) {
|
|
42
|
-
var _meta;
|
|
42
|
+
var _meta, _withCredentials;
|
|
43
43
|
|
|
44
44
|
options = (0, _util.removeNils)(options);
|
|
45
45
|
let meta = (0, _transactionMeta.getSavedTransactionMeta)(authClient, options); // If meta exists, it has been validated against all options
|
|
@@ -65,26 +65,47 @@ async function interact(authClient, options = {}) {
|
|
|
65
65
|
recoveryToken
|
|
66
66
|
} = meta;
|
|
67
67
|
const clientSecret = options.clientSecret || authClient.options.clientSecret;
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
redirectUri,
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
68
|
+
withCredentials = (_withCredentials = withCredentials) !== null && _withCredentials !== void 0 ? _withCredentials : true;
|
|
69
|
+
/* eslint-disable camelcase */
|
|
70
|
+
|
|
71
|
+
const url = `${baseUrl}/v1/interact`;
|
|
72
|
+
const params = {
|
|
73
|
+
client_id: clientId,
|
|
74
|
+
scope: scopes.join(' '),
|
|
75
|
+
redirect_uri: redirectUri,
|
|
76
|
+
code_challenge: codeChallenge,
|
|
77
|
+
code_challenge_method: codeChallengeMethod,
|
|
78
|
+
state
|
|
79
|
+
};
|
|
80
|
+
|
|
81
|
+
if (activationToken) {
|
|
82
|
+
params.activation_token = activationToken;
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
if (recoveryToken) {
|
|
86
|
+
params.recovery_token = recoveryToken;
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
if (clientSecret) {
|
|
83
90
|
// X-Device-Token header need to pair with `client_secret`
|
|
84
91
|
// eslint-disable-next-line max-len
|
|
85
92
|
// https://oktawiki.atlassian.net/wiki/spaces/eng/pages/2445902453/Support+Device+Binding+in+interact#Scenario-1%3A-Non-User-Agent-with-Confidential-Client-(top-priority)
|
|
86
|
-
clientSecret
|
|
93
|
+
params.client_secret = clientSecret;
|
|
94
|
+
}
|
|
95
|
+
/* eslint-enable camelcase */
|
|
96
|
+
|
|
97
|
+
|
|
98
|
+
const headers = {
|
|
99
|
+
'Content-Type': 'application/x-www-form-urlencoded'
|
|
100
|
+
};
|
|
101
|
+
const resp = await (0, _http.httpRequest)(authClient, {
|
|
102
|
+
method: 'POST',
|
|
103
|
+
url,
|
|
104
|
+
headers,
|
|
105
|
+
withCredentials,
|
|
106
|
+
args: params
|
|
87
107
|
});
|
|
108
|
+
const interactionHandle = resp.interaction_handle;
|
|
88
109
|
const newMeta = { ...meta,
|
|
89
110
|
interactionHandle,
|
|
90
111
|
// Options which can be passed into interact() should be saved in the meta
|
package/cjs/idx/interact.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/interact.ts"],"names":["getResponse","meta","interactionHandle","state","interact","authClient","options","baseUrl","clientId","redirectUri","scopes","withCredentials","codeChallenge","codeChallengeMethod","activationToken","recoveryToken","clientSecret","
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/interact.ts"],"names":["getResponse","meta","interactionHandle","state","interact","authClient","options","baseUrl","clientId","redirectUri","scopes","withCredentials","codeChallenge","codeChallengeMethod","activationToken","recoveryToken","clientSecret","url","params","client_id","scope","join","redirect_uri","code_challenge","code_challenge_method","activation_token","recovery_token","client_secret","headers","resp","method","args","interaction_handle","newMeta"],"mappings":";;;;AAcA;;AACA;;AACA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AAqCA;AAEA,SAASA,WAAT,CAAqBC,IAArB,EAAiE;AAC/D,SAAO;AACLA,IAAAA,IADK;AAELC,IAAAA,iBAAiB,EAAED,IAAI,CAACC,iBAFnB;AAGLC,IAAAA,KAAK,EAAEF,IAAI,CAACE;AAHP,GAAP;AAKD,C,CAED;;;AACO,eAAeC,QAAf,CACLC,UADK,EAELC,OAAwB,GAAG,EAFtB,EAGsB;AAAA;;AAC3BA,EAAAA,OAAO,GAAG,sBAAWA,OAAX,CAAV;AAEA,MAAIL,IAAI,GAAG,8CAAwBI,UAAxB,EAAoCC,OAApC,CAAX,CAH2B,CAI3B;;AAEA,eAAIL,IAAJ,kCAAI,MAAMC,iBAAV,EAA6B;AAC3B,WAAOF,WAAW,CAACC,IAAD,CAAlB,CAD2B,CACD;AAC3B,GAR0B,CAU3B;;;AACAA,EAAAA,IAAI,GAAG,MAAM,6BAAsBI,UAAtB,EAAkC,EAAE,GAAGJ,IAAL;AAAW,OAAGK;AAAd,GAAlC,CAAb;AACA,QAAMC,OAAO,GAAG,2BAAgBF,UAAhB,CAAhB;AACA,MAAI;AACFG,IAAAA,QADE;AAEFC,IAAAA,WAFE;AAGFN,IAAAA,KAHE;AAIFO,IAAAA,MAJE;AAKFC,IAAAA,eALE;AAMFC,IAAAA,aANE;AAOFC,IAAAA,mBAPE;AAQFC,IAAAA,eARE;AASFC,IAAAA;AATE,MAUAd,IAVJ;AAWA,QAAMe,YAAY,GAAGV,OAAO,CAACU,YAAR,IAAwBX,UAAU,CAACC,OAAX,CAAmBU,YAAhE;AACAL,EAAAA,eAAe,uBAAGA,eAAH,+DAAsB,IAArC;AAEA;;AACA,QAAMM,GAAG,GAAI,GAAEV,OAAQ,cAAvB;AACA,QAAMW,MAAM,GAAG;AACbC,IAAAA,SAAS,EAAEX,QADE;AAEbY,IAAAA,KAAK,EAAEV,MAAM,CAACW,IAAP,CAAY,GAAZ,CAFM;AAGbC,IAAAA,YAAY,EAAEb,WAHD;AAIbc,IAAAA,cAAc,EAAEX,aAJH;AAKbY,IAAAA,qBAAqB,EAAEX,mBALV;AAMbV,IAAAA;AANa,GAAf;;AAQA,MAAIW,eAAJ,EAAqB;AACnBI,IAAAA,MAAM,CAACO,gBAAP,GAA0BX,eAA1B;AACD;;AACD,MAAIC,aAAJ,EAAmB;AACjBG,IAAAA,MAAM,CAACQ,cAAP,GAAwBX,aAAxB;AACD;;AACD,MAAIC,YAAJ,EAAkB;AAClB;AACA;AACA;AACEE,IAAAA,MAAM,CAACS,aAAP,GAAuBX,YAAvB;AACD;AACD;;;AAEA,QAAMY,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,QAAMC,IAAI,GAAG,MAAM,uBAAYxB,UAAZ,EAAwB;AACzCyB,IAAAA,MAAM,EAAE,MADiC;AAEzCb,IAAAA,GAFyC;AAGzCW,IAAAA,OAHyC;AAIzCjB,IAAAA,eAJyC;AAKzCoB,IAAAA,IAAI,EAAEb;AALmC,GAAxB,CAAnB;AAOA,QAAMhB,iBAAiB,GAAG2B,IAAI,CAACG,kBAA/B;AAEA,QAAMC,OAAO,GAAG,EACd,GAAGhC,IADW;AAEdC,IAAAA,iBAFc;AAId;AACAS,IAAAA,eALc;AAMdR,IAAAA,KANc;AAOdO,IAAAA,MAPc;AAQdK,IAAAA,aARc;AASdD,IAAAA;AATc,GAAhB,CAhE2B,CA2E3B;;AACA,4CAAoBT,UAApB,EAAgC4B,OAAhC;AAEA,SAAOjC,WAAW,CAACiC,OAAD,CAAlB;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* eslint complexity:[0,8] */\nimport { OktaAuthInterface, IdxTransactionMeta } from '../types';\nimport { getSavedTransactionMeta, saveTransactionMeta } from './transactionMeta';\nimport { getOAuthBaseUrl } from '../oidc';\nimport { createTransactionMeta } from '.';\nimport { removeNils } from '../util';\nimport { httpRequest } from '../http';\n\nexport interface InteractOptions {\n withCredentials?: boolean;\n state?: string;\n scopes?: string[];\n codeChallenge?: string;\n codeChallengeMethod?: string;\n activationToken?: string;\n recoveryToken?: string;\n clientSecret?: string;\n}\n\nexport interface InteractResponse {\n state?: string;\n interactionHandle: string;\n meta: IdxTransactionMeta;\n}\n\n/* eslint-disable camelcase */\nexport interface InteractParams {\n client_id: string;\n scope: string;\n redirect_uri: string;\n code_challenge: string;\n code_challenge_method: string;\n state: string;\n activation_token?: string;\n recovery_token?: string;\n client_secret?: string;\n}\n/* eslint-enable camelcase */\n\nfunction getResponse(meta: IdxTransactionMeta): InteractResponse {\n return {\n meta,\n interactionHandle: meta.interactionHandle!,\n state: meta.state\n };\n}\n\n// Begin or resume a transaction. Returns an interaction handle\nexport async function interact (\n authClient: OktaAuthInterface, \n options: InteractOptions = {}\n): Promise<InteractResponse> {\n options = removeNils(options);\n\n let meta = getSavedTransactionMeta(authClient, options);\n // If meta exists, it has been validated against all options\n\n if (meta?.interactionHandle) {\n return getResponse(meta); // Saved transaction, return meta\n }\n\n // Create new meta, respecting previous meta if it has been set and is not overridden\n meta = await createTransactionMeta(authClient, { ...meta, ...options });\n const baseUrl = getOAuthBaseUrl(authClient);\n let {\n clientId,\n redirectUri,\n state,\n scopes,\n withCredentials,\n codeChallenge,\n codeChallengeMethod,\n activationToken,\n recoveryToken,\n } = meta as IdxTransactionMeta;\n const clientSecret = options.clientSecret || authClient.options.clientSecret;\n withCredentials = withCredentials ?? true;\n\n /* eslint-disable camelcase */\n const url = `${baseUrl}/v1/interact`;\n const params = {\n client_id: clientId,\n scope: scopes.join(' '),\n redirect_uri: redirectUri,\n code_challenge: codeChallenge,\n code_challenge_method: codeChallengeMethod,\n state,\n } as InteractParams;\n if (activationToken) {\n params.activation_token = activationToken;\n }\n if (recoveryToken) {\n params.recovery_token = recoveryToken;\n }\n if (clientSecret) {\n // X-Device-Token header need to pair with `client_secret`\n // eslint-disable-next-line max-len\n // https://oktawiki.atlassian.net/wiki/spaces/eng/pages/2445902453/Support+Device+Binding+in+interact#Scenario-1%3A-Non-User-Agent-with-Confidential-Client-(top-priority)\n params.client_secret = clientSecret;\n }\n /* eslint-enable camelcase */\n\n const headers = {\n 'Content-Type': 'application/x-www-form-urlencoded',\n };\n\n const resp = await httpRequest(authClient, {\n method: 'POST',\n url,\n headers,\n withCredentials,\n args: params\n });\n const interactionHandle = resp.interaction_handle;\n\n const newMeta = {\n ...meta,\n interactionHandle,\n \n // Options which can be passed into interact() should be saved in the meta\n withCredentials,\n state,\n scopes,\n recoveryToken,\n activationToken\n };\n // Save transaction meta so it can be resumed\n saveTransactionMeta(authClient, newMeta);\n\n return getResponse(newMeta);\n}\n"],"file":"interact.js"}
|
package/cjs/idx/introspect.js
CHANGED
|
@@ -1,17 +1,21 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
-
|
|
5
3
|
exports.introspect = introspect;
|
|
6
4
|
|
|
7
|
-
var
|
|
5
|
+
var _idxState = require("./idxState");
|
|
8
6
|
|
|
9
|
-
var
|
|
7
|
+
var _idxJs = require("./types/idx-js");
|
|
10
8
|
|
|
11
9
|
var _oidc = require("../oidc");
|
|
12
10
|
|
|
13
11
|
var _constants = require("../constants");
|
|
14
12
|
|
|
13
|
+
var _http = require("../http");
|
|
14
|
+
|
|
15
|
+
var _errors = require("../errors");
|
|
16
|
+
|
|
17
|
+
/* eslint-disable complexity */
|
|
18
|
+
|
|
15
19
|
/*!
|
|
16
20
|
* Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
17
21
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -36,19 +40,40 @@ async function introspect(authClient, options = {}) {
|
|
|
36
40
|
|
|
37
41
|
|
|
38
42
|
if (!rawIdxResponse) {
|
|
43
|
+
var _options$withCredenti;
|
|
44
|
+
|
|
39
45
|
const version = options.version || _constants.IDX_API_VERSION;
|
|
40
46
|
const domain = (0, _oidc.getOAuthDomain)(authClient);
|
|
47
|
+
const {
|
|
48
|
+
interactionHandle,
|
|
49
|
+
stateHandle
|
|
50
|
+
} = options;
|
|
51
|
+
const withCredentials = (_options$withCredenti = options.withCredentials) !== null && _options$withCredenti !== void 0 ? _options$withCredenti : true;
|
|
41
52
|
|
|
42
53
|
try {
|
|
43
|
-
rawIdxResponse = await _idxJs.default.introspect({
|
|
44
|
-
domain,
|
|
45
|
-
...options,
|
|
46
|
-
version
|
|
47
|
-
});
|
|
48
54
|
requestDidSucceed = true;
|
|
55
|
+
(0, _idxState.validateVersionConfig)(version);
|
|
56
|
+
const url = `${domain}/idp/idx/introspect`;
|
|
57
|
+
const body = stateHandle ? {
|
|
58
|
+
stateToken: stateHandle
|
|
59
|
+
} : {
|
|
60
|
+
interactionHandle
|
|
61
|
+
};
|
|
62
|
+
const headers = {
|
|
63
|
+
'Content-Type': `application/ion+json; okta-version=${version}`,
|
|
64
|
+
// Server wants this version info
|
|
65
|
+
Accept: `application/ion+json; okta-version=${version}`
|
|
66
|
+
};
|
|
67
|
+
rawIdxResponse = await (0, _http.httpRequest)(authClient, {
|
|
68
|
+
method: 'POST',
|
|
69
|
+
url,
|
|
70
|
+
headers,
|
|
71
|
+
withCredentials,
|
|
72
|
+
args: body
|
|
73
|
+
});
|
|
49
74
|
} catch (err) {
|
|
50
|
-
if ((0,
|
|
51
|
-
rawIdxResponse = err;
|
|
75
|
+
if ((0, _errors.isAuthApiError)(err) && err.xhr && (0, _idxJs.isRawIdxResponse)(err.xhr.responseJSON)) {
|
|
76
|
+
rawIdxResponse = err.xhr.responseJSON;
|
|
52
77
|
requestDidSucceed = false;
|
|
53
78
|
} else {
|
|
54
79
|
throw err;
|
|
@@ -59,7 +84,7 @@ async function introspect(authClient, options = {}) {
|
|
|
59
84
|
const {
|
|
60
85
|
withCredentials
|
|
61
86
|
} = options;
|
|
62
|
-
return
|
|
87
|
+
return (0, _idxState.makeIdxState)(authClient, rawIdxResponse, {
|
|
63
88
|
withCredentials
|
|
64
89
|
}, requestDidSucceed);
|
|
65
90
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/introspect.ts"],"names":["introspect","authClient","options","rawIdxResponse","requestDidSucceed","savedIdxResponse","transactionManager","loadIdxResponse","version","IDX_API_VERSION","domain","
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/introspect.ts"],"names":["introspect","authClient","options","rawIdxResponse","requestDidSucceed","savedIdxResponse","transactionManager","loadIdxResponse","version","IDX_API_VERSION","domain","interactionHandle","stateHandle","withCredentials","url","body","stateToken","headers","Accept","method","args","err","xhr","responseJSON"],"mappings":";;;;AAaA;;AAEA;;AACA;;AACA;;AACA;;AACA;;AAnBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAiBO,eAAeA,UAAf,CACLC,UADK,EAELC,OAA0B,GAAG,EAFxB,EAGiB;AACtB,MAAIC,cAAJ;AACA,MAAIC,iBAAJ,CAFsB,CAItB;;AACA,QAAMC,gBAAgB,GAAGJ,UAAU,CAACK,kBAAX,CAA8BC,eAA9B,EAAzB;;AACA,MAAIF,gBAAJ,EAAsB;AACpBF,IAAAA,cAAc,GAAGE,gBAAgB,CAACF,cAAlC;AACAC,IAAAA,iBAAiB,GAAGC,gBAAgB,CAACD,iBAArC;AACD,GATqB,CAWtB;;;AACA,MAAI,CAACD,cAAL,EAAqB;AAAA;;AACnB,UAAMK,OAAO,GAAGN,OAAO,CAACM,OAAR,IAAmBC,0BAAnC;AACA,UAAMC,MAAM,GAAG,0BAAeT,UAAf,CAAf;AACA,UAAM;AAAEU,MAAAA,iBAAF;AAAqBC,MAAAA;AAArB,QAAqCV,OAA3C;AACA,UAAMW,eAAe,4BAAGX,OAAO,CAACW,eAAX,yEAA8B,IAAnD;;AACA,QAAI;AACFT,MAAAA,iBAAiB,GAAG,IAApB;AACA,2CAAsBI,OAAtB;AACA,YAAMM,GAAG,GAAI,GAAEJ,MAAO,qBAAtB;AACA,YAAMK,IAAI,GAAGH,WAAW,GAAG;AAAEI,QAAAA,UAAU,EAAEJ;AAAd,OAAH,GAAiC;AAAED,QAAAA;AAAF,OAAzD;AACA,YAAMM,OAAO,GAAG;AACd,wBAAiB,sCAAqCT,OAAQ,EADhD;AACmD;AACjEU,QAAAA,MAAM,EAAG,sCAAqCV,OAAQ;AAFxC,OAAhB;AAIAL,MAAAA,cAAc,GAAG,MAAM,uBAAYF,UAAZ,EAAwB;AAC7CkB,QAAAA,MAAM,EAAE,MADqC;AAE7CL,QAAAA,GAF6C;AAG7CG,QAAAA,OAH6C;AAI7CJ,QAAAA,eAJ6C;AAK7CO,QAAAA,IAAI,EAAEL;AALuC,OAAxB,CAAvB;AAOD,KAhBD,CAgBE,OAAOM,GAAP,EAAY;AACZ,UAAI,4BAAeA,GAAf,KAAuBA,GAAG,CAACC,GAA3B,IAAkC,6BAAiBD,GAAG,CAACC,GAAJ,CAAQC,YAAzB,CAAtC,EAA8E;AAC5EpB,QAAAA,cAAc,GAAGkB,GAAG,CAACC,GAAJ,CAAQC,YAAzB;AACAnB,QAAAA,iBAAiB,GAAG,KAApB;AACD,OAHD,MAGO;AACL,cAAMiB,GAAN;AACD;AACF;AACF;;AAED,QAAM;AAAER,IAAAA;AAAF,MAAsBX,OAA5B;AACA,SAAO,4BAAaD,UAAb,EAAyBE,cAAzB,EAAyC;AAAEU,IAAAA;AAAF,GAAzC,EAA8DT,iBAA9D,CAAP;AACD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { makeIdxState, validateVersionConfig } from './idxState';\nimport { OktaAuthInterface } from '../types';\nimport { IdxResponse, isRawIdxResponse } from './types/idx-js';\nimport { getOAuthDomain } from '../oidc';\nimport { IDX_API_VERSION } from '../constants';\nimport { httpRequest } from '../http';\nimport { isAuthApiError } from '../errors';\n\nexport interface IntrospectOptions {\n withCredentials?: boolean;\n interactionHandle?: string;\n stateHandle?: string;\n version?: string;\n}\n\nexport async function introspect (\n authClient: OktaAuthInterface, \n options: IntrospectOptions = {}\n): Promise<IdxResponse> {\n let rawIdxResponse;\n let requestDidSucceed;\n\n // try load from storage first\n const savedIdxResponse = authClient.transactionManager.loadIdxResponse();\n if (savedIdxResponse) {\n rawIdxResponse = savedIdxResponse.rawIdxResponse;\n requestDidSucceed = savedIdxResponse.requestDidSucceed;\n }\n\n // call idx.introspect if no existing idx response available in storage\n if (!rawIdxResponse) {\n const version = options.version || IDX_API_VERSION;\n const domain = getOAuthDomain(authClient);\n const { interactionHandle, stateHandle } = options;\n const withCredentials = options.withCredentials ?? true;\n try {\n requestDidSucceed = true;\n validateVersionConfig(version);\n const url = `${domain}/idp/idx/introspect`;\n const body = stateHandle ? { stateToken: stateHandle } : { interactionHandle };\n const headers = {\n 'Content-Type': `application/ion+json; okta-version=${version}`, // Server wants this version info\n Accept: `application/ion+json; okta-version=${version}`,\n };\n rawIdxResponse = await httpRequest(authClient, {\n method: 'POST',\n url,\n headers,\n withCredentials,\n args: body\n });\n } catch (err) {\n if (isAuthApiError(err) && err.xhr && isRawIdxResponse(err.xhr.responseJSON)) {\n rawIdxResponse = err.xhr.responseJSON;\n requestDidSucceed = false;\n } else {\n throw err;\n }\n }\n }\n\n const { withCredentials } = options;\n return makeIdxState(authClient, rawIdxResponse, { withCredentials }, requestDidSucceed);\n}\n"],"file":"introspect.js"}
|
package/cjs/idx/remediate.js
CHANGED
|
@@ -2,27 +2,22 @@
|
|
|
2
2
|
|
|
3
3
|
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
4
|
|
|
5
|
-
exports.getRemediator = getRemediator;
|
|
6
5
|
exports.remediate = remediate;
|
|
7
6
|
|
|
8
7
|
var _find = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/find"));
|
|
9
8
|
|
|
10
|
-
var _includes = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/includes"));
|
|
11
|
-
|
|
12
9
|
var _keys = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/keys"));
|
|
13
10
|
|
|
11
|
+
var _includes = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/includes"));
|
|
12
|
+
|
|
14
13
|
var _filter = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/filter"));
|
|
15
14
|
|
|
16
15
|
var _reduce = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/reduce"));
|
|
17
16
|
|
|
18
17
|
var _errors = require("../errors");
|
|
19
18
|
|
|
20
|
-
var _idxJs = require("./types/idx-js");
|
|
21
|
-
|
|
22
19
|
var _util = require("./util");
|
|
23
20
|
|
|
24
|
-
var _util2 = require("../util");
|
|
25
|
-
|
|
26
21
|
/*!
|
|
27
22
|
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
28
23
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -36,111 +31,32 @@ var _util2 = require("../util");
|
|
|
36
31
|
*/
|
|
37
32
|
|
|
38
33
|
/* eslint-disable max-statements, max-depth, complexity */
|
|
39
|
-
// Return first match idxRemediation in allowed remediators
|
|
40
|
-
function getRemediator(idxRemediations, values, options) {
|
|
41
|
-
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
42
|
-
const remediators = options.remediators;
|
|
43
|
-
let remediator; // remediation name specified by caller - fast-track remediator lookup
|
|
44
|
-
|
|
45
|
-
if (options.step) {
|
|
46
|
-
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
47
|
-
const remediation = (0, _find.default)(idxRemediations).call(idxRemediations, ({
|
|
48
|
-
name
|
|
49
|
-
}) => name === options.step);
|
|
50
|
-
|
|
51
|
-
if (remediation) {
|
|
52
|
-
const T = remediation ? remediators[remediation.name] : undefined;
|
|
53
|
-
return T ? new T(remediation, values, options) : undefined;
|
|
54
|
-
} else {
|
|
55
|
-
// step was specified, but remediation was not found. This is unexpected!
|
|
56
|
-
(0, _util2.warn)(`step "${options.step}" did not match any remediations`);
|
|
57
|
-
return;
|
|
58
|
-
}
|
|
59
|
-
}
|
|
60
|
-
|
|
61
|
-
const remediatorCandidates = [];
|
|
62
|
-
|
|
63
|
-
for (let remediation of idxRemediations) {
|
|
64
|
-
var _context;
|
|
65
|
-
|
|
66
|
-
const isRemeditionInFlow = (0, _includes.default)(_context = (0, _keys.default)(remediators)).call(_context, remediation.name);
|
|
67
|
-
|
|
68
|
-
if (!isRemeditionInFlow) {
|
|
69
|
-
continue;
|
|
70
|
-
}
|
|
71
|
-
|
|
72
|
-
const T = remediators[remediation.name];
|
|
73
|
-
remediator = new T(remediation, values, options);
|
|
74
|
-
|
|
75
|
-
if (remediator.canRemediate()) {
|
|
76
|
-
// found the remediator
|
|
77
|
-
return remediator;
|
|
78
|
-
} // remediator cannot handle the current values
|
|
79
|
-
// maybe return for next step
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
remediatorCandidates.push(remediator);
|
|
83
|
-
}
|
|
84
|
-
|
|
85
|
-
return remediatorCandidates[0];
|
|
86
|
-
}
|
|
87
|
-
|
|
88
|
-
function getNextStep(remediator, idxResponse) {
|
|
89
|
-
const nextStep = remediator.getNextStep(idxResponse.context);
|
|
90
|
-
const canSkip = (0, _util.canSkipFn)(idxResponse);
|
|
91
|
-
const canResend = (0, _util.canResendFn)(idxResponse);
|
|
92
|
-
return { ...nextStep,
|
|
93
|
-
...(canSkip && {
|
|
94
|
-
canSkip
|
|
95
|
-
}),
|
|
96
|
-
...(canResend && {
|
|
97
|
-
canResend
|
|
98
|
-
})
|
|
99
|
-
};
|
|
100
|
-
}
|
|
101
|
-
|
|
102
|
-
function handleIdxError(e, remediator) {
|
|
103
|
-
// Handle idx messages
|
|
104
|
-
const idxResponse = (0, _idxJs.isIdxResponse)(e) ? e : null;
|
|
105
|
-
|
|
106
|
-
if (!idxResponse) {
|
|
107
|
-
// Thrown error terminates the interaction with idx
|
|
108
|
-
throw e;
|
|
109
|
-
}
|
|
110
|
-
|
|
111
|
-
idxResponse.requestDidSucceed = false;
|
|
112
|
-
const terminal = (0, _util.isTerminalResponse)(idxResponse);
|
|
113
|
-
const messages = (0, _util.getMessagesFromResponse)(idxResponse);
|
|
114
|
-
|
|
115
|
-
if (terminal) {
|
|
116
|
-
return {
|
|
117
|
-
idxResponse,
|
|
118
|
-
terminal,
|
|
119
|
-
messages
|
|
120
|
-
};
|
|
121
|
-
} else {
|
|
122
|
-
const nextStep = remediator && getNextStep(remediator, idxResponse);
|
|
123
|
-
return {
|
|
124
|
-
idxResponse,
|
|
125
|
-
messages,
|
|
126
|
-
...(nextStep && {
|
|
127
|
-
nextStep
|
|
128
|
-
})
|
|
129
|
-
};
|
|
130
|
-
}
|
|
131
|
-
}
|
|
132
|
-
|
|
133
34
|
function getActionFromValues(values, idxResponse) {
|
|
134
|
-
var
|
|
35
|
+
var _context;
|
|
135
36
|
|
|
136
37
|
// Currently support resend actions only
|
|
137
|
-
return (0, _find.default)(
|
|
38
|
+
return (0, _find.default)(_context = (0, _keys.default)(idxResponse.actions)).call(_context, action => !!values.resend && (0, _includes.default)(action).call(action, '-resend'));
|
|
138
39
|
}
|
|
139
40
|
|
|
140
41
|
function removeActionFromValues(values) {
|
|
141
42
|
// Currently support resend actions only
|
|
142
|
-
|
|
143
|
-
|
|
43
|
+
return { ...values,
|
|
44
|
+
resend: undefined
|
|
45
|
+
};
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
function removeActionFromOptions(options, actionName) {
|
|
49
|
+
let actions = options.actions || [];
|
|
50
|
+
actions = (0, _filter.default)(actions).call(actions, entry => {
|
|
51
|
+
if (typeof entry === 'string') {
|
|
52
|
+
return entry !== actionName;
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
return entry.name !== actionName;
|
|
56
|
+
});
|
|
57
|
+
return { ...options,
|
|
58
|
+
actions
|
|
59
|
+
};
|
|
144
60
|
} // This function is called recursively until it reaches success or cannot be remediated
|
|
145
61
|
|
|
146
62
|
|
|
@@ -171,7 +87,7 @@ async function remediate(idxResponse, values, options) {
|
|
|
171
87
|
};
|
|
172
88
|
}
|
|
173
89
|
|
|
174
|
-
const remediator = getRemediator(neededToProceed, values, options); // Try actions in idxResponse first
|
|
90
|
+
const remediator = (0, _util.getRemediator)(neededToProceed, values, options); // Try actions in idxResponse first
|
|
175
91
|
|
|
176
92
|
const actionFromValues = getActionFromValues(values, idxResponse);
|
|
177
93
|
const actionFromOptions = options.actions || [];
|
|
@@ -179,17 +95,25 @@ async function remediate(idxResponse, values, options) {
|
|
|
179
95
|
|
|
180
96
|
if (actions) {
|
|
181
97
|
for (let action of actions) {
|
|
98
|
+
// Action can either be specified as a string, or as an object with name and optional params
|
|
99
|
+
let params = {};
|
|
100
|
+
|
|
101
|
+
if (typeof action !== 'string') {
|
|
102
|
+
params = action.params || {};
|
|
103
|
+
action = action.name;
|
|
104
|
+
}
|
|
105
|
+
|
|
182
106
|
let valuesWithoutExecutedAction = removeActionFromValues(values);
|
|
183
|
-
let optionsWithoutExecutedAction =
|
|
184
|
-
actions: (0, _filter.default)(actionFromOptions).call(actionFromOptions, entry => entry !== action)
|
|
185
|
-
};
|
|
107
|
+
let optionsWithoutExecutedAction = removeActionFromOptions(options, action);
|
|
186
108
|
|
|
187
109
|
if (typeof idxResponse.actions[action] === 'function') {
|
|
188
110
|
try {
|
|
189
|
-
idxResponse = await idxResponse.actions[action]();
|
|
190
|
-
idxResponse
|
|
111
|
+
idxResponse = await idxResponse.actions[action](params);
|
|
112
|
+
idxResponse = { ...idxResponse,
|
|
113
|
+
requestDidSucceed: true
|
|
114
|
+
};
|
|
191
115
|
} catch (e) {
|
|
192
|
-
return handleIdxError(e, remediator);
|
|
116
|
+
return (0, _util.handleIdxError)(e, remediator);
|
|
193
117
|
}
|
|
194
118
|
|
|
195
119
|
if (action === 'cancel') {
|
|
@@ -209,10 +133,12 @@ async function remediate(idxResponse, values, options) {
|
|
|
209
133
|
|
|
210
134
|
if (remediationAction) {
|
|
211
135
|
try {
|
|
212
|
-
idxResponse = await idxResponse.proceed(action,
|
|
213
|
-
idxResponse
|
|
136
|
+
idxResponse = await idxResponse.proceed(action, params);
|
|
137
|
+
idxResponse = { ...idxResponse,
|
|
138
|
+
requestDidSucceed: true
|
|
139
|
+
};
|
|
214
140
|
} catch (e) {
|
|
215
|
-
return handleIdxError(e, remediator);
|
|
141
|
+
return (0, _util.handleIdxError)(e, remediator);
|
|
216
142
|
}
|
|
217
143
|
|
|
218
144
|
return remediate(idxResponse, values, optionsWithoutExecutedAction); // recursive call
|
|
@@ -222,16 +148,18 @@ async function remediate(idxResponse, values, options) {
|
|
|
222
148
|
|
|
223
149
|
if (!remediator) {
|
|
224
150
|
if (options.step) {
|
|
225
|
-
values = (0, _util.filterValuesForRemediation)(idxResponse, values); // include only requested values
|
|
151
|
+
values = (0, _util.filterValuesForRemediation)(idxResponse, options.step, values); // include only requested values
|
|
226
152
|
|
|
227
153
|
try {
|
|
228
154
|
idxResponse = await idxResponse.proceed(options.step, values);
|
|
229
|
-
idxResponse
|
|
155
|
+
idxResponse = { ...idxResponse,
|
|
156
|
+
requestDidSucceed: true
|
|
157
|
+
};
|
|
230
158
|
return {
|
|
231
159
|
idxResponse
|
|
232
160
|
};
|
|
233
161
|
} catch (e) {
|
|
234
|
-
return handleIdxError(e);
|
|
162
|
+
return (0, _util.handleIdxError)(e);
|
|
235
163
|
}
|
|
236
164
|
}
|
|
237
165
|
|
|
@@ -245,23 +173,15 @@ async function remediate(idxResponse, values, options) {
|
|
|
245
173
|
No remediation can match current flow, check policy settings in your org.
|
|
246
174
|
Remediations: [${(0, _reduce.default)(neededToProceed).call(neededToProceed, (acc, curr) => acc ? acc + ' ,' + curr.name : curr.name, '')}]
|
|
247
175
|
`);
|
|
248
|
-
}
|
|
249
|
-
|
|
250
|
-
if (messages.length) {
|
|
251
|
-
const nextStep = getNextStep(remediator, idxResponse);
|
|
252
|
-
return {
|
|
253
|
-
idxResponse,
|
|
254
|
-
nextStep,
|
|
255
|
-
messages
|
|
256
|
-
};
|
|
257
176
|
} // Return next step to the caller
|
|
258
177
|
|
|
259
178
|
|
|
260
179
|
if (!remediator.canRemediate()) {
|
|
261
|
-
const nextStep = getNextStep(remediator, idxResponse);
|
|
180
|
+
const nextStep = (0, _util.getNextStep)(remediator, idxResponse);
|
|
262
181
|
return {
|
|
263
182
|
idxResponse,
|
|
264
|
-
nextStep
|
|
183
|
+
nextStep,
|
|
184
|
+
messages: messages.length ? messages : undefined
|
|
265
185
|
};
|
|
266
186
|
}
|
|
267
187
|
|
|
@@ -270,15 +190,19 @@ async function remediate(idxResponse, values, options) {
|
|
|
270
190
|
|
|
271
191
|
try {
|
|
272
192
|
idxResponse = await idxResponse.proceed(name, data);
|
|
273
|
-
idxResponse
|
|
193
|
+
idxResponse = { ...idxResponse,
|
|
194
|
+
requestDidSucceed: true
|
|
195
|
+
}; // We may want to trim the values bag for the next remediation
|
|
274
196
|
// Let the remediator decide what the values should be (default to current values)
|
|
275
197
|
|
|
276
198
|
values = remediator.getValuesAfterProceed();
|
|
277
|
-
|
|
199
|
+
options = { ...options,
|
|
200
|
+
step: undefined
|
|
201
|
+
}; // do not re-use the step
|
|
278
202
|
|
|
279
203
|
return remediate(idxResponse, values, options); // recursive call
|
|
280
204
|
} catch (e) {
|
|
281
|
-
return handleIdxError(e, remediator);
|
|
205
|
+
return (0, _util.handleIdxError)(e, remediator);
|
|
282
206
|
}
|
|
283
207
|
}
|
|
284
208
|
//# sourceMappingURL=remediate.js.map
|
package/cjs/idx/remediate.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/remediate.ts"],"names":["getRemediator","idxRemediations","values","options","remediators","remediator","step","remediation","name","T","undefined","remediatorCandidates","isRemeditionInFlow","canRemediate","push","getNextStep","idxResponse","nextStep","context","canSkip","canResend","handleIdxError","e","requestDidSucceed","terminal","messages","getActionFromValues","actions","action","resend","removeActionFromValues","remediate","neededToProceed","interactionCode","flow","actionFromValues","actionFromOptions","valuesWithoutExecutedAction","optionsWithoutExecutedAction","entry","canceled","remediationAction","proceed","AuthSdkError","acc","curr","length","getName","data","getData","getValuesAfterProceed"],"mappings":";;;;;;;;;;;;;;;;;AAcA;;AAIA;;AAKA;;AAOA;;AA9BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAiCA;AACO,SAASA,aAAT,CACLC,eADK,EAELC,MAFK,EAGLC,OAHK,EAImB;AACxB;AACA,QAAMC,WAAW,GAAGD,OAAO,CAACC,WAA5B;AAEA,MAAIC,UAAJ,CAJwB,CAKxB;;AACA,MAAIF,OAAO,CAACG,IAAZ,EAAkB;AAChB;AACA,UAAMC,WAAW,GAAG,mBAAAN,eAAe,MAAf,CAAAA,eAAe,EAAM,CAAC;AAAEO,MAAAA;AAAF,KAAD,KAAcA,IAAI,KAAKL,OAAO,CAACG,IAArC,CAAnC;;AACA,QAAIC,WAAJ,EAAiB;AACf,YAAME,CAAC,GAAGF,WAAW,GAAGH,WAAW,CAACG,WAAW,CAACC,IAAb,CAAd,GAAmCE,SAAxD;AACA,aAAOD,CAAC,GAAG,IAAIA,CAAJ,CAAMF,WAAN,EAAmBL,MAAnB,EAA2BC,OAA3B,CAAH,GAAyCO,SAAjD;AACD,KAHD,MAGO;AACL;AACA,uBAAM,SAAQP,OAAO,CAACG,IAAK,kCAA3B;AACA;AACD;AACF;;AAED,QAAMK,oBAAoB,GAAG,EAA7B;;AACA,OAAK,IAAIJ,WAAT,IAAwBN,eAAxB,EAAyC;AAAA;;AACvC,UAAMW,kBAAkB,GAAG,qDAAYR,WAAZ,kBAA4CG,WAAW,CAACC,IAAxD,CAA3B;;AACA,QAAI,CAACI,kBAAL,EAAyB;AACvB;AACD;;AAED,UAAMH,CAAC,GAAGL,WAAW,CAACG,WAAW,CAACC,IAAb,CAArB;AACAH,IAAAA,UAAU,GAAG,IAAII,CAAJ,CAAMF,WAAN,EAAmBL,MAAnB,EAA2BC,OAA3B,CAAb;;AACA,QAAIE,UAAU,CAACQ,YAAX,EAAJ,EAA+B;AAC7B;AACA,aAAOR,UAAP;AACD,KAXsC,CAYvC;AACA;;;AACAM,IAAAA,oBAAoB,CAACG,IAArB,CAA0BT,UAA1B;AACD;;AAED,SAAOM,oBAAoB,CAAC,CAAD,CAA3B;AACD;;AAED,SAASI,WAAT,CACEV,UADF,EAC0BW,WAD1B,EAEY;AACV,QAAMC,QAAQ,GAAGZ,UAAU,CAACU,WAAX,CAAuBC,WAAW,CAACE,OAAnC,CAAjB;AACA,QAAMC,OAAO,GAAG,qBAAUH,WAAV,CAAhB;AACA,QAAMI,SAAS,GAAG,uBAAYJ,WAAZ,CAAlB;AACA,SAAO,EACL,GAAGC,QADE;AAEL,QAAIE,OAAO,IAAI;AAACA,MAAAA;AAAD,KAAf,CAFK;AAGL,QAAIC,SAAS,IAAI;AAACA,MAAAA;AAAD,KAAjB;AAHK,GAAP;AAKD;;AAED,SAASC,cAAT,CAAwBC,CAAxB,EAA2BjB,UAA3B,EAAyE;AACvE;AACA,QAAMW,WAAW,GAAG,0BAAcM,CAAd,IAAmBA,CAAnB,GAAuB,IAA3C;;AACA,MAAI,CAACN,WAAL,EAAkB;AAChB;AACA,UAAMM,CAAN;AACD;;AACDN,EAAAA,WAAW,CAACO,iBAAZ,GAAgC,KAAhC;AACA,QAAMC,QAAQ,GAAG,8BAAmBR,WAAnB,CAAjB;AACA,QAAMS,QAAQ,GAAG,mCAAwBT,WAAxB,CAAjB;;AACA,MAAIQ,QAAJ,EAAc;AACZ,WAAO;AAAER,MAAAA,WAAF;AAAeQ,MAAAA,QAAf;AAAyBC,MAAAA;AAAzB,KAAP;AACD,GAFD,MAEO;AACL,UAAMR,QAAQ,GAAGZ,UAAU,IAAIU,WAAW,CAACV,UAAD,EAAaW,WAAb,CAA1C;AACA,WAAO;AACLA,MAAAA,WADK;AAELS,MAAAA,QAFK;AAGL,UAAIR,QAAQ,IAAI;AAAEA,QAAAA;AAAF,OAAhB;AAHK,KAAP;AAKD;AACF;;AAED,SAASS,mBAAT,CAA6BxB,MAA7B,EAAqCc,WAArC,EAAmF;AAAA;;AACjF;AACA,SAAO,kDAAYA,WAAW,CAACW,OAAxB,mBAAsCC,MAAM,IAAI,CAAC,CAAC1B,MAAM,CAAC2B,MAAT,IAAmB,uBAAAD,MAAM,MAAN,CAAAA,MAAM,EAAU,SAAV,CAAzE,CAAP;AACD;;AAED,SAASE,sBAAT,CAAgC5B,MAAhC,EAAwC;AACtC;AACAA,EAAAA,MAAM,CAAC2B,MAAP,GAAgBnB,SAAhB;AACA,SAAOR,MAAP;AACD,C,CAED;;;AACO,eAAe6B,SAAf,CACLf,WADK,EAELd,MAFK,EAGLC,OAHK,EAIyB;AAC9B,MAAI;AAAE6B,IAAAA,eAAF;AAAmBC,IAAAA;AAAnB,MAAuCjB,WAA3C;AACA,QAAM;AAAEkB,IAAAA;AAAF,MAAW/B,OAAjB,CAF8B,CAI9B;;AACA,MAAI8B,eAAJ,EAAqB;AACnB,WAAO;AAAEjB,MAAAA;AAAF,KAAP;AACD,GAP6B,CAS9B;;;AACA,QAAMQ,QAAQ,GAAG,8BAAmBR,WAAnB,CAAjB;AACA,QAAMS,QAAQ,GAAG,mCAAwBT,WAAxB,CAAjB;;AACA,MAAIQ,QAAJ,EAAc;AACZ,WAAO;AAAER,MAAAA,WAAF;AAAeQ,MAAAA,QAAf;AAAyBC,MAAAA;AAAzB,KAAP;AACD;;AAED,QAAMpB,UAAU,GAAGL,aAAa,CAACgC,eAAD,EAAkB9B,MAAlB,EAA0BC,OAA1B,CAAhC,CAhB8B,CAkB9B;;AACA,QAAMgC,gBAAgB,GAAGT,mBAAmB,CAACxB,MAAD,EAASc,WAAT,CAA5C;AACA,QAAMoB,iBAAiB,GAAGjC,OAAO,CAACwB,OAAR,IAAmB,EAA7C;AACA,QAAMA,OAAO,GAAG,CACd,GAAGS,iBADW,EAEd,IAAID,gBAAgB,IAAI,CAACA,gBAAD,CAApB,IAA0C,EAA9C,CAFc,CAAhB;;AAIA,MAAIR,OAAJ,EAAa;AACX,SAAK,IAAIC,MAAT,IAAmBD,OAAnB,EAA4B;AAC1B,UAAIU,2BAA2B,GAAGP,sBAAsB,CAAC5B,MAAD,CAAxD;AACA,UAAIoC,4BAA4B,GAAG,EAAE,GAAGnC,OAAL;AAAcwB,QAAAA,OAAO,EAAE,qBAAAS,iBAAiB,MAAjB,CAAAA,iBAAiB,EAAQG,KAAK,IAAIA,KAAK,KAAKX,MAA3B;AAAxC,OAAnC;;AACA,UAAI,OAAOZ,WAAW,CAACW,OAAZ,CAAoBC,MAApB,CAAP,KAAuC,UAA3C,EAAuD;AACrD,YAAI;AACFZ,UAAAA,WAAW,GAAG,MAAMA,WAAW,CAACW,OAAZ,CAAoBC,MAApB,GAApB;AACAZ,UAAAA,WAAW,CAACO,iBAAZ,GAAgC,IAAhC;AACD,SAHD,CAGE,OAAOD,CAAP,EAAU;AACV,iBAAOD,cAAc,CAACC,CAAD,EAAIjB,UAAJ,CAArB;AACD;;AACD,YAAIuB,MAAM,KAAK,QAAf,EAAyB;AACvB,iBAAO;AAAEZ,YAAAA,WAAF;AAAewB,YAAAA,QAAQ,EAAE;AAAzB,WAAP;AACD;;AACD,eAAOT,SAAS,CAACf,WAAD,EAAcqB,2BAAd,EAA2CC,4BAA3C,CAAhB,CAVqD,CAUqC;AAC3F,OAdyB,CAgB1B;;;AACA,YAAMG,iBAAiB,GAAG,mBAAAT,eAAe,MAAf,CAAAA,eAAe,EAAM,CAAC;AAAExB,QAAAA;AAAF,OAAD,KAAcA,IAAI,KAAKoB,MAA7B,CAAzC;;AACA,UAAIa,iBAAJ,EAAuB;AACrB,YAAI;AACFzB,UAAAA,WAAW,GAAG,MAAMA,WAAW,CAAC0B,OAAZ,CAAoBd,MAApB,EAA4B,EAA5B,CAApB;AACAZ,UAAAA,WAAW,CAACO,iBAAZ,GAAgC,IAAhC;AACD,SAHD,CAIA,OAAOD,CAAP,EAAU;AACR,iBAAOD,cAAc,CAACC,CAAD,EAAIjB,UAAJ,CAArB;AACD;;AAED,eAAO0B,SAAS,CAACf,WAAD,EAAcd,MAAd,EAAsBoC,4BAAtB,CAAhB,CATqB,CASgD;AACtE;AACF;AACF;;AAED,MAAI,CAACjC,UAAL,EAAiB;AACf,QAAIF,OAAO,CAACG,IAAZ,EAAkB;AAChBJ,MAAAA,MAAM,GAAG,sCAA2Bc,WAA3B,EAAwCd,MAAxC,CAAT,CADgB,CAC0C;;AAC1D,UAAI;AACFc,QAAAA,WAAW,GAAG,MAAMA,WAAW,CAAC0B,OAAZ,CAAoBvC,OAAO,CAACG,IAA5B,EAAkCJ,MAAlC,CAApB;AACAc,QAAAA,WAAW,CAACO,iBAAZ,GAAgC,IAAhC;AACA,eAAO;AAAEP,UAAAA;AAAF,SAAP;AACD,OAJD,CAIE,OAAMM,CAAN,EAAS;AACT,eAAOD,cAAc,CAACC,CAAD,CAArB;AACD;AACF;;AACD,QAAIY,IAAI,KAAK,SAAb,EAAwB;AACtB,aAAO;AAAElB,QAAAA;AAAF,OAAP;AACD;;AACD,UAAM,IAAI2B,oBAAJ,CAAkB;AAC5B;AACA,uBAAuB,qBAAAX,eAAe,MAAf,CAAAA,eAAe,EAAQ,CAACY,GAAD,EAAMC,IAAN,KAAeD,GAAG,GAAGA,GAAG,GAAG,IAAN,GAAaC,IAAI,CAACrC,IAArB,GAA4BqC,IAAI,CAACrC,IAA3D,EAAiE,EAAjE,CAAqE;AAC3G,KAHU,CAAN;AAID;;AAED,MAAIiB,QAAQ,CAACqB,MAAb,EAAqB;AACnB,UAAM7B,QAAQ,GAAGF,WAAW,CAACV,UAAD,EAAaW,WAAb,CAA5B;AACA,WAAO;AAAEA,MAAAA,WAAF;AAAeC,MAAAA,QAAf;AAAyBQ,MAAAA;AAAzB,KAAP;AACD,GAjF6B,CAmF9B;;;AACA,MAAI,CAACpB,UAAU,CAACQ,YAAX,EAAL,EAAgC;AAC9B,UAAMI,QAAQ,GAAGF,WAAW,CAACV,UAAD,EAAaW,WAAb,CAA5B;AACA,WAAO;AAAEA,MAAAA,WAAF;AAAeC,MAAAA;AAAf,KAAP;AACD;;AAED,QAAMT,IAAI,GAAGH,UAAU,CAAC0C,OAAX,EAAb;AACA,QAAMC,IAAI,GAAG3C,UAAU,CAAC4C,OAAX,EAAb;;AACA,MAAI;AACFjC,IAAAA,WAAW,GAAG,MAAMA,WAAW,CAAC0B,OAAZ,CAAoBlC,IAApB,EAA0BwC,IAA1B,CAApB;AACAhC,IAAAA,WAAW,CAACO,iBAAZ,GAAgC,IAAhC,CAFE,CAGF;AACA;;AACArB,IAAAA,MAAM,GAAGG,UAAU,CAAC6C,qBAAX,EAAT;AACA,WAAO/C,OAAO,CAACG,IAAf,CANE,CAMmB;;AACrB,WAAOyB,SAAS,CAACf,WAAD,EAAcd,MAAd,EAAsBC,OAAtB,CAAhB,CAPE,CAO8C;AACjD,GARD,CAQE,OAAOmB,CAAP,EAAU;AACV,WAAOD,cAAc,CAACC,CAAD,EAAIjB,UAAJ,CAArB;AACD;AACF","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, max-depth, complexity */\nimport { AuthSdkError } from '../errors';\nimport { Remediator, RemediationValues } from './remediators';\nimport { NextStep, IdxMessage, FlowIdentifier } from './types';\nimport { RemediationFlow } from './flow';\nimport { \n IdxResponse, \n IdxRemediation,\n isIdxResponse, \n} from './types/idx-js';\nimport {\n canResendFn,\n canSkipFn,\n getMessagesFromResponse,\n isTerminalResponse,\n filterValuesForRemediation\n} from './util';\nimport { warn } from '../util';\n\ninterface RemediationResponse {\n idxResponse: IdxResponse;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n terminal?: boolean;\n canceled?: boolean;\n}\nexport interface RemediateOptions {\n remediators?: RemediationFlow;\n actions?: string[];\n flow?: FlowIdentifier;\n step?: string;\n}\n\n// Return first match idxRemediation in allowed remediators\nexport function getRemediator(\n idxRemediations: IdxRemediation[],\n values: RemediationValues,\n options: RemediateOptions,\n): Remediator | undefined {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediators = options.remediators!;\n\n let remediator;\n // remediation name specified by caller - fast-track remediator lookup \n if (options.step) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const remediation = idxRemediations.find(({ name }) => name === options.step)!;\n if (remediation) {\n const T = remediation ? remediators[remediation.name] : undefined;\n return T ? new T(remediation, values, options) : undefined;\n } else {\n // step was specified, but remediation was not found. This is unexpected!\n warn(`step \"${options.step}\" did not match any remediations`);\n return;\n }\n }\n\n const remediatorCandidates = [];\n for (let remediation of idxRemediations) {\n const isRemeditionInFlow = Object.keys(remediators as object).includes(remediation.name);\n if (!isRemeditionInFlow) {\n continue;\n }\n\n const T = remediators[remediation.name];\n remediator = new T(remediation, values, options);\n if (remediator.canRemediate()) {\n // found the remediator\n return remediator;\n }\n // remediator cannot handle the current values\n // maybe return for next step\n remediatorCandidates.push(remediator as never); \n }\n \n return remediatorCandidates[0];\n}\n\nfunction getNextStep(\n remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n const nextStep = remediator.getNextStep(idxResponse.context);\n const canSkip = canSkipFn(idxResponse);\n const canResend = canResendFn(idxResponse);\n return {\n ...nextStep,\n ...(canSkip && {canSkip}),\n ...(canResend && {canResend}),\n };\n}\n\nfunction handleIdxError(e, remediator?: Remediator): RemediationResponse {\n // Handle idx messages\n const idxResponse = isIdxResponse(e) ? e : null;\n if (!idxResponse) {\n // Thrown error terminates the interaction with idx\n throw e;\n }\n idxResponse.requestDidSucceed = false;\n const terminal = isTerminalResponse(idxResponse);\n const messages = getMessagesFromResponse(idxResponse);\n if (terminal) {\n return { idxResponse, terminal, messages };\n } else {\n const nextStep = remediator && getNextStep(remediator, idxResponse);\n return { \n idxResponse,\n messages, \n ...(nextStep && { nextStep }) \n };\n }\n}\n\nfunction getActionFromValues(values, idxResponse: IdxResponse): string | undefined {\n // Currently support resend actions only\n return Object.keys(idxResponse.actions).find(action => !!values.resend && action.includes('-resend'));\n}\n\nfunction removeActionFromValues(values) {\n // Currently support resend actions only\n values.resend = undefined;\n return values;\n}\n\n// This function is called recursively until it reaches success or cannot be remediated\nexport async function remediate(\n idxResponse: IdxResponse,\n values: RemediationValues,\n options: RemediateOptions\n): Promise<RemediationResponse> {\n let { neededToProceed, interactionCode } = idxResponse;\n const { flow } = options;\n\n // If the response contains an interaction code, there is no need to remediate\n if (interactionCode) {\n return { idxResponse };\n }\n\n // Reach to terminal state\n const terminal = isTerminalResponse(idxResponse);\n const messages = getMessagesFromResponse(idxResponse);\n if (terminal) {\n return { idxResponse, terminal, messages };\n }\n\n const remediator = getRemediator(neededToProceed, values, options);\n \n // Try actions in idxResponse first\n const actionFromValues = getActionFromValues(values, idxResponse);\n const actionFromOptions = options.actions || [];\n const actions = [\n ...actionFromOptions,\n ...(actionFromValues && [actionFromValues] || []),\n ];\n if (actions) {\n for (let action of actions) {\n let valuesWithoutExecutedAction = removeActionFromValues(values);\n let optionsWithoutExecutedAction = { ...options, actions: actionFromOptions.filter(entry => entry !== action) };\n if (typeof idxResponse.actions[action] === 'function') {\n try {\n idxResponse = await idxResponse.actions[action]();\n idxResponse.requestDidSucceed = true;\n } catch (e) {\n return handleIdxError(e, remediator);\n }\n if (action === 'cancel') {\n return { idxResponse, canceled: true };\n }\n return remediate(idxResponse, valuesWithoutExecutedAction, optionsWithoutExecutedAction); // recursive call\n }\n\n // search for action in remediation list\n const remediationAction = neededToProceed.find(({ name }) => name === action);\n if (remediationAction) {\n try {\n idxResponse = await idxResponse.proceed(action, {});\n idxResponse.requestDidSucceed = true;\n }\n catch (e) {\n return handleIdxError(e, remediator);\n }\n\n return remediate(idxResponse, values, optionsWithoutExecutedAction); // recursive call\n }\n }\n }\n\n if (!remediator) {\n if (options.step) {\n values = filterValuesForRemediation(idxResponse, values); // include only requested values\n try {\n idxResponse = await idxResponse.proceed(options.step, values);\n idxResponse.requestDidSucceed = true;\n return { idxResponse };\n } catch(e) {\n return handleIdxError(e);\n }\n }\n if (flow === 'default') {\n return { idxResponse };\n }\n throw new AuthSdkError(`\n No remediation can match current flow, check policy settings in your org.\n Remediations: [${neededToProceed.reduce((acc, curr) => acc ? acc + ' ,' + curr.name : curr.name, '')}]\n `);\n }\n\n if (messages.length) {\n const nextStep = getNextStep(remediator, idxResponse);\n return { idxResponse, nextStep, messages };\n }\n\n // Return next step to the caller\n if (!remediator.canRemediate()) {\n const nextStep = getNextStep(remediator, idxResponse);\n return { idxResponse, nextStep };\n }\n\n const name = remediator.getName();\n const data = remediator.getData();\n try {\n idxResponse = await idxResponse.proceed(name, data);\n idxResponse.requestDidSucceed = true;\n // We may want to trim the values bag for the next remediation\n // Let the remediator decide what the values should be (default to current values)\n values = remediator.getValuesAfterProceed();\n delete options.step; // do not re-use the step\n return remediate(idxResponse, values, options); // recursive call\n } catch (e) {\n return handleIdxError(e, remediator);\n }\n}\n"],"file":"remediate.js"}
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/remediate.ts"],"names":["getActionFromValues","values","idxResponse","actions","action","resend","removeActionFromValues","undefined","removeActionFromOptions","options","actionName","entry","name","remediate","neededToProceed","interactionCode","flow","terminal","messages","remediator","actionFromValues","actionFromOptions","params","valuesWithoutExecutedAction","optionsWithoutExecutedAction","requestDidSucceed","e","canceled","remediationAction","proceed","step","AuthSdkError","acc","curr","canRemediate","nextStep","length","getName","data","getData","getValuesAfterProceed"],"mappings":";;;;;;;;;;;;;;;;AAcA;;AAQA;;AAtBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAiCA,SAASA,mBAAT,CAA6BC,MAA7B,EAAwDC,WAAxD,EAAsG;AAAA;;AACpG;AACA,SAAO,iDAAYA,WAAW,CAACC,OAAxB,kBAAsCC,MAAM,IAAI,CAAC,CAACH,MAAM,CAACI,MAAT,IAAmB,uBAAAD,MAAM,MAAN,CAAAA,MAAM,EAAU,SAAV,CAAzE,CAAP;AACD;;AAED,SAASE,sBAAT,CAAgCL,MAAhC,EAA8E;AAC5E;AACA,SAAO,EACL,GAAGA,MADE;AAELI,IAAAA,MAAM,EAAEE;AAFH,GAAP;AAID;;AAED,SAASC,uBAAT,CAAiCC,OAAjC,EAA4DC,UAA5D,EAAkG;AAChG,MAAIP,OAAO,GAAGM,OAAO,CAACN,OAAR,IAAmB,EAAjC;AACAA,EAAAA,OAAO,GAAG,qBAAAA,OAAO,MAAP,CAAAA,OAAO,EAAQQ,KAAK,IAAI;AAChC,QAAI,OAAOA,KAAP,KAAiB,QAArB,EAA+B;AAC7B,aAAOA,KAAK,KAAKD,UAAjB;AACD;;AACD,WAAOC,KAAK,CAACC,IAAN,KAAeF,UAAtB;AACD,GALgB,CAAjB;AAOA,SAAO,EAAE,GAAGD,OAAL;AAAcN,IAAAA;AAAd,GAAP;AACD,C,CAED;;;AACO,eAAeU,SAAf,CACLX,WADK,EAELD,MAFK,EAGLQ,OAHK,EAIyB;AAC9B,MAAI;AAAEK,IAAAA,eAAF;AAAmBC,IAAAA;AAAnB,MAAuCb,WAA3C;AACA,QAAM;AAAEc,IAAAA;AAAF,MAAWP,OAAjB,CAF8B,CAI9B;;AACA,MAAIM,eAAJ,EAAqB;AACnB,WAAO;AAAEb,MAAAA;AAAF,KAAP;AACD,GAP6B,CAS9B;;;AACA,QAAMe,QAAQ,GAAG,8BAAmBf,WAAnB,CAAjB;AACA,QAAMgB,QAAQ,GAAG,mCAAwBhB,WAAxB,CAAjB;;AACA,MAAIe,QAAJ,EAAc;AACZ,WAAO;AAAEf,MAAAA,WAAF;AAAee,MAAAA,QAAf;AAAyBC,MAAAA;AAAzB,KAAP;AACD;;AAED,QAAMC,UAAU,GAAG,yBAAcL,eAAd,EAA+Bb,MAA/B,EAAuCQ,OAAvC,CAAnB,CAhB8B,CAkB9B;;AACA,QAAMW,gBAAgB,GAAGpB,mBAAmB,CAACC,MAAD,EAASC,WAAT,CAA5C;AACA,QAAMmB,iBAAiB,GAAGZ,OAAO,CAACN,OAAR,IAAmB,EAA7C;AACA,QAAMA,OAAO,GAAG,CACd,GAAGkB,iBADW,EAEd,IAAID,gBAAgB,IAAI,CAACA,gBAAD,CAApB,IAA0C,EAA9C,CAFc,CAAhB;;AAIA,MAAIjB,OAAJ,EAAa;AACX,SAAK,IAAIC,MAAT,IAAmBD,OAAnB,EAA4B;AAC1B;AACA,UAAImB,MAAuB,GAAG,EAA9B;;AACA,UAAI,OAAOlB,MAAP,KAAkB,QAAtB,EAAgC;AAC9BkB,QAAAA,MAAM,GAAGlB,MAAM,CAACkB,MAAP,IAAiB,EAA1B;AACAlB,QAAAA,MAAM,GAAGA,MAAM,CAACQ,IAAhB;AACD;;AACD,UAAIW,2BAA2B,GAAGjB,sBAAsB,CAACL,MAAD,CAAxD;AACA,UAAIuB,4BAA4B,GAAGhB,uBAAuB,CAACC,OAAD,EAAUL,MAAV,CAA1D;;AAEA,UAAI,OAAOF,WAAW,CAACC,OAAZ,CAAoBC,MAApB,CAAP,KAAuC,UAA3C,EAAuD;AACrD,YAAI;AACFF,UAAAA,WAAW,GAAG,MAAMA,WAAW,CAACC,OAAZ,CAAoBC,MAApB,EAA4BkB,MAA5B,CAApB;AACApB,UAAAA,WAAW,GAAG,EAAE,GAAGA,WAAL;AAAkBuB,YAAAA,iBAAiB,EAAE;AAArC,WAAd;AACD,SAHD,CAGE,OAAOC,CAAP,EAAU;AACV,iBAAO,0BAAeA,CAAf,EAAkBP,UAAlB,CAAP;AACD;;AACD,YAAIf,MAAM,KAAK,QAAf,EAAyB;AACvB,iBAAO;AAAEF,YAAAA,WAAF;AAAeyB,YAAAA,QAAQ,EAAE;AAAzB,WAAP;AACD;;AACD,eAAOd,SAAS,CAACX,WAAD,EAAcqB,2BAAd,EAA2CC,4BAA3C,CAAhB,CAVqD,CAUqC;AAC3F,OArByB,CAuB1B;;;AACA,YAAMI,iBAAiB,GAAG,mBAAAd,eAAe,MAAf,CAAAA,eAAe,EAAM,CAAC;AAAEF,QAAAA;AAAF,OAAD,KAAcA,IAAI,KAAKR,MAA7B,CAAzC;;AACA,UAAIwB,iBAAJ,EAAuB;AACrB,YAAI;AACF1B,UAAAA,WAAW,GAAG,MAAMA,WAAW,CAAC2B,OAAZ,CAAoBzB,MAApB,EAA4BkB,MAA5B,CAApB;AACApB,UAAAA,WAAW,GAAG,EAAE,GAAGA,WAAL;AAAkBuB,YAAAA,iBAAiB,EAAE;AAArC,WAAd;AACD,SAHD,CAIA,OAAOC,CAAP,EAAU;AACR,iBAAO,0BAAeA,CAAf,EAAkBP,UAAlB,CAAP;AACD;;AAED,eAAON,SAAS,CAACX,WAAD,EAAcD,MAAd,EAAsBuB,4BAAtB,CAAhB,CATqB,CASgD;AACtE;AACF;AACF;;AAED,MAAI,CAACL,UAAL,EAAiB;AACf,QAAIV,OAAO,CAACqB,IAAZ,EAAkB;AAChB7B,MAAAA,MAAM,GAAG,sCAA2BC,WAA3B,EAAwCO,OAAO,CAACqB,IAAhD,EAAsD7B,MAAtD,CAAT,CADgB,CACwD;;AACxE,UAAI;AACFC,QAAAA,WAAW,GAAG,MAAMA,WAAW,CAAC2B,OAAZ,CAAoBpB,OAAO,CAACqB,IAA5B,EAAkC7B,MAAlC,CAApB;AACAC,QAAAA,WAAW,GAAG,EAAE,GAAGA,WAAL;AAAkBuB,UAAAA,iBAAiB,EAAE;AAArC,SAAd;AACA,eAAO;AAAEvB,UAAAA;AAAF,SAAP;AACD,OAJD,CAIE,OAAMwB,CAAN,EAAS;AACT,eAAO,0BAAeA,CAAf,CAAP;AACD;AACF;;AACD,QAAIV,IAAI,KAAK,SAAb,EAAwB;AACtB,aAAO;AAAEd,QAAAA;AAAF,OAAP;AACD;;AACD,UAAM,IAAI6B,oBAAJ,CAAkB;AAC5B;AACA,uBAAuB,qBAAAjB,eAAe,MAAf,CAAAA,eAAe,EAAQ,CAACkB,GAAD,EAAMC,IAAN,KAAeD,GAAG,GAAGA,GAAG,GAAG,IAAN,GAAaC,IAAI,CAACrB,IAArB,GAA4BqB,IAAI,CAACrB,IAA3D,EAAiE,EAAjE,CAAqE;AAC3G,KAHU,CAAN;AAID,GAnF6B,CAqF9B;;;AACA,MAAI,CAACO,UAAU,CAACe,YAAX,EAAL,EAAgC;AAC9B,UAAMC,QAAQ,GAAG,uBAAYhB,UAAZ,EAAwBjB,WAAxB,CAAjB;AACA,WAAO;AACLA,MAAAA,WADK;AAELiC,MAAAA,QAFK;AAGLjB,MAAAA,QAAQ,EAAEA,QAAQ,CAACkB,MAAT,GAAkBlB,QAAlB,GAA4BX;AAHjC,KAAP;AAKD;;AAED,QAAMK,IAAI,GAAGO,UAAU,CAACkB,OAAX,EAAb;AACA,QAAMC,IAAI,GAAGnB,UAAU,CAACoB,OAAX,EAAb;;AACA,MAAI;AACFrC,IAAAA,WAAW,GAAG,MAAMA,WAAW,CAAC2B,OAAZ,CAAoBjB,IAApB,EAA0B0B,IAA1B,CAApB;AACApC,IAAAA,WAAW,GAAG,EAAE,GAAGA,WAAL;AAAkBuB,MAAAA,iBAAiB,EAAE;AAArC,KAAd,CAFE,CAGF;AACA;;AACAxB,IAAAA,MAAM,GAAGkB,UAAU,CAACqB,qBAAX,EAAT;AACA/B,IAAAA,OAAO,GAAG,EAAE,GAAGA,OAAL;AAAcqB,MAAAA,IAAI,EAAEvB;AAApB,KAAV,CANE,CAMyC;;AAC3C,WAAOM,SAAS,CAACX,WAAD,EAAcD,MAAd,EAAsBQ,OAAtB,CAAhB,CAPE,CAO8C;AACjD,GARD,CAQE,OAAOiB,CAAP,EAAU;AACV,WAAO,0BAAeA,CAAf,EAAkBP,UAAlB,CAAP;AACD;AACF","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, max-depth, complexity */\nimport { AuthSdkError } from '../errors';\nimport { RemediationValues } from './remediators';\nimport { FlowIdentifier, RemediationResponse } from './types';\nimport { RemediationFlow } from './flow';\nimport { \n IdxResponse,\n IdxActionParams, \n} from './types/idx-js';\nimport {\n getMessagesFromResponse,\n isTerminalResponse,\n filterValuesForRemediation,\n getRemediator,\n getNextStep,\n handleIdxError\n} from './util';\n\nexport interface RemediateActionWithOptionalParams {\n name: string;\n params?: IdxActionParams;\n}\n\nexport type RemediateAction = string | RemediateActionWithOptionalParams;\nexport interface RemediateOptions {\n remediators?: RemediationFlow;\n actions?: RemediateAction[];\n flow?: FlowIdentifier;\n step?: string;\n shouldProceedWithEmailAuthenticator?: boolean; // will be removed in next major version\n}\n\n\nfunction getActionFromValues(values: RemediationValues, idxResponse: IdxResponse): string | undefined {\n // Currently support resend actions only\n return Object.keys(idxResponse.actions).find(action => !!values.resend && action.includes('-resend'));\n}\n\nfunction removeActionFromValues(values: RemediationValues): RemediationValues {\n // Currently support resend actions only\n return {\n ...values,\n resend: undefined\n };\n}\n\nfunction removeActionFromOptions(options: RemediateOptions, actionName: string): RemediateOptions {\n let actions = options.actions || [];\n actions = actions.filter(entry => {\n if (typeof entry === 'string') {\n return entry !== actionName;\n }\n return entry.name !== actionName;\n });\n\n return { ...options, actions };\n}\n\n// This function is called recursively until it reaches success or cannot be remediated\nexport async function remediate(\n idxResponse: IdxResponse,\n values: RemediationValues,\n options: RemediateOptions\n): Promise<RemediationResponse> {\n let { neededToProceed, interactionCode } = idxResponse;\n const { flow } = options;\n\n // If the response contains an interaction code, there is no need to remediate\n if (interactionCode) {\n return { idxResponse };\n }\n\n // Reach to terminal state\n const terminal = isTerminalResponse(idxResponse);\n const messages = getMessagesFromResponse(idxResponse);\n if (terminal) {\n return { idxResponse, terminal, messages };\n }\n\n const remediator = getRemediator(neededToProceed, values, options);\n\n // Try actions in idxResponse first\n const actionFromValues = getActionFromValues(values, idxResponse);\n const actionFromOptions = options.actions || [];\n const actions = [\n ...actionFromOptions,\n ...(actionFromValues && [actionFromValues] || []),\n ];\n if (actions) {\n for (let action of actions) {\n // Action can either be specified as a string, or as an object with name and optional params\n let params: IdxActionParams = {};\n if (typeof action !== 'string') {\n params = action.params || {};\n action = action.name;\n }\n let valuesWithoutExecutedAction = removeActionFromValues(values);\n let optionsWithoutExecutedAction = removeActionFromOptions(options, action);\n\n if (typeof idxResponse.actions[action] === 'function') {\n try {\n idxResponse = await idxResponse.actions[action](params);\n idxResponse = { ...idxResponse, requestDidSucceed: true };\n } catch (e) {\n return handleIdxError(e, remediator);\n }\n if (action === 'cancel') {\n return { idxResponse, canceled: true };\n }\n return remediate(idxResponse, valuesWithoutExecutedAction, optionsWithoutExecutedAction); // recursive call\n }\n\n // search for action in remediation list\n const remediationAction = neededToProceed.find(({ name }) => name === action);\n if (remediationAction) {\n try {\n idxResponse = await idxResponse.proceed(action, params);\n idxResponse = { ...idxResponse, requestDidSucceed: true };\n }\n catch (e) {\n return handleIdxError(e, remediator);\n }\n\n return remediate(idxResponse, values, optionsWithoutExecutedAction); // recursive call\n }\n }\n }\n\n if (!remediator) {\n if (options.step) {\n values = filterValuesForRemediation(idxResponse, options.step, values); // include only requested values\n try {\n idxResponse = await idxResponse.proceed(options.step, values);\n idxResponse = { ...idxResponse, requestDidSucceed: true };\n return { idxResponse };\n } catch(e) {\n return handleIdxError(e);\n }\n }\n if (flow === 'default') {\n return { idxResponse };\n }\n throw new AuthSdkError(`\n No remediation can match current flow, check policy settings in your org.\n Remediations: [${neededToProceed.reduce((acc, curr) => acc ? acc + ' ,' + curr.name : curr.name, '')}]\n `);\n }\n\n // Return next step to the caller\n if (!remediator.canRemediate()) {\n const nextStep = getNextStep(remediator, idxResponse);\n return {\n idxResponse,\n nextStep,\n messages: messages.length ? messages: undefined\n };\n }\n\n const name = remediator.getName();\n const data = remediator.getData();\n try {\n idxResponse = await idxResponse.proceed(name, data);\n idxResponse = { ...idxResponse, requestDidSucceed: true };\n // We may want to trim the values bag for the next remediation\n // Let the remediator decide what the values should be (default to current values)\n values = remediator.getValuesAfterProceed();\n options = { ...options, step: undefined }; // do not re-use the step\n return remediate(idxResponse, values, options); // recursive call\n } catch (e) {\n return handleIdxError(e, remediator);\n }\n}\n"],"file":"remediate.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/remediators/AuthenticatorEnrollmentData.ts"],"names":["AuthenticatorEnrollmentData","AuthenticatorData","mapAuthenticator","authenticatorData","getAuthenticatorData","authenticatorFromRemediation","remediation","id","form","value","name","methodType","phoneNumber","getInputAuthenticator","type","required","label","mapAuthenticatorDataFromValues","data"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAUO,MAAMA,2BAAN,SAA0CC,oCAA1C,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/remediators/AuthenticatorEnrollmentData.ts"],"names":["AuthenticatorEnrollmentData","AuthenticatorData","mapAuthenticator","authenticatorData","getAuthenticatorData","authenticatorFromRemediation","remediation","id","form","value","name","methodType","phoneNumber","getInputAuthenticator","type","required","label","mapAuthenticatorDataFromValues","data"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAUO,MAAMA,2BAAN,SAA0CC,oCAA1C,CAA+F;AAGpGC,EAAAA,gBAAgB,GAAG;AAAA;;AACjB,UAAMC,iBAAiB,GAAG,KAAKC,oBAAL,EAA1B;AACA,UAAMC,4BAA4B,GAAG,2CAAgC,KAAKC,WAArC,CAArC;AACA,WAAO;AACLC,MAAAA,EAAE,EAAE,8BAAAF,4BAA4B,CAACG,IAA7B,CAAmCC,KAAnC,iBACI,CAAC;AAAEC,QAAAA;AAAF,OAAD,KAAcA,IAAI,KAAK,IAD3B,EACkCD,KAFjC;AAGLE,MAAAA,UAAU,EAAER,iBAAiB,CAAEQ,UAH1B;AAILC,MAAAA,WAAW,EAAET,iBAAiB,CAAES;AAJ3B,KAAP;AAMD;;AAEDC,EAAAA,qBAAqB,GAAG;AACtB,WAAO,CACL;AAAEH,MAAAA,IAAI,EAAE,YAAR;AAAsBI,MAAAA,IAAI,EAAE,QAA5B;AAAsCC,MAAAA,QAAQ,EAAE;AAAhD,KADK,EAEL;AAAEL,MAAAA,IAAI,EAAE,aAAR;AAAuBI,MAAAA,IAAI,EAAE,QAA7B;AAAuCC,MAAAA,QAAQ,EAAE,IAAjD;AAAuDC,MAAAA,KAAK,EAAE;AAA9D,KAFK,CAAP;AAID;;AAESC,EAAAA,8BAA8B,CAACC,IAAD,EAAQ;AAC9C;AACAA,IAAAA,IAAI,GAAG,MAAMD,8BAAN,CAAqCC,IAArC,CAAP,CAF8C,CAG9C;;AACA,UAAM;AAAEN,MAAAA;AAAF,6BAAkB,IAAlB,CAAN;;AACA,QAAI,CAACM,IAAD,IAAS,CAACN,WAAd,EAA2B;AACzB;AACD;;AAED,WAAO,EACL,IAAIM,IAAI,IAAIA,IAAZ,CADK;AAEL,UAAIN,WAAW,IAAI;AAAEA,QAAAA;AAAF,OAAnB;AAFK,KAAP;AAID;;AAlCmG;;;8BAAzFZ,2B,qBACc,+B","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthenticatorData, AuthenticatorDataValues } from './Base/AuthenticatorData';\nimport { getAuthenticatorFromRemediation } from './util';\n\nexport type AuthenticatorEnrollmentDataValues = AuthenticatorDataValues & {\n phoneNumber?: string;\n resend?: boolean; // resend is not a remediator value - revise when IdxResponse structure is updated\n}\nexport class AuthenticatorEnrollmentData extends AuthenticatorData<AuthenticatorEnrollmentDataValues> {\n static remediationName = 'authenticator-enrollment-data';\n\n mapAuthenticator() {\n const authenticatorData = this.getAuthenticatorData();\n const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation)!;\n return { \n id: authenticatorFromRemediation.form!.value\n .find(({ name }) => name === 'id')!.value,\n methodType: authenticatorData!.methodType,\n phoneNumber: authenticatorData!.phoneNumber,\n };\n }\n\n getInputAuthenticator() {\n return [\n { name: 'methodType', type: 'string', required: true },\n { name: 'phoneNumber', type: 'string', required: true, label: 'Phone Number' },\n ];\n }\n\n protected mapAuthenticatorDataFromValues(data?) {\n // get mapped authenticator from base class\n data = super.mapAuthenticatorDataFromValues(data);\n // add phoneNumber to authenticator if it exists in values\n const { phoneNumber } = this.values;\n if (!data && !phoneNumber) {\n return;\n }\n\n return { \n ...(data && data), \n ...(phoneNumber && { phoneNumber }) \n };\n }\n\n}\n"],"file":"AuthenticatorEnrollmentData.js"}
|
|
@@ -34,15 +34,16 @@ var _AuthenticatorData = require("./Base/AuthenticatorData");
|
|
|
34
34
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
35
35
|
*/
|
|
36
36
|
class AuthenticatorVerificationData extends _AuthenticatorData.AuthenticatorData {
|
|
37
|
-
|
|
38
|
-
|
|
37
|
+
// will be removed in next major version
|
|
38
|
+
constructor(remediation, values = {}, options = {}) {
|
|
39
|
+
super(remediation, values); // will be removed in next major version
|
|
39
40
|
|
|
40
|
-
this.shouldProceedWithEmailAuthenticator = this.authenticator.methods.length === 1 && this.authenticator.methods[0].type === 'email';
|
|
41
|
+
this.shouldProceedWithEmailAuthenticator = options.shouldProceedWithEmailAuthenticator !== false && this.authenticator.methods.length === 1 && this.authenticator.methods[0].type === 'email';
|
|
41
42
|
}
|
|
42
43
|
|
|
43
44
|
canRemediate() {
|
|
44
|
-
// auto proceed if there is only one method
|
|
45
|
-
if (this.shouldProceedWithEmailAuthenticator) {
|
|
45
|
+
// auto proceed if there is only one method (will be removed in next major version)
|
|
46
|
+
if (this.shouldProceedWithEmailAuthenticator !== false) {
|
|
46
47
|
return true;
|
|
47
48
|
}
|
|
48
49
|
|
|
@@ -51,7 +52,7 @@ class AuthenticatorVerificationData extends _AuthenticatorData.AuthenticatorData
|
|
|
51
52
|
|
|
52
53
|
mapAuthenticator() {
|
|
53
54
|
// auto proceed with the only methodType option
|
|
54
|
-
if (this.shouldProceedWithEmailAuthenticator) {
|
|
55
|
+
if (this.shouldProceedWithEmailAuthenticator !== false) {
|
|
55
56
|
var _authenticatorFromRem, _context;
|
|
56
57
|
|
|
57
58
|
const authenticatorFromRemediation = this.getAuthenticatorFromRemediation();
|