@okta/okta-signin-widget 7.13.0 → 7.13.1

package/package.json

@@ -2,7 +2,7 @@
     "private": false,
     "name": "@okta/okta-signin-widget",
     "description": "The Okta Sign-In Widget",
-    "version": "7.13.0",
+    "version": "7.13.1",
     "homepage": "https://github.com/okta/okta-signin-widget",
     "license": "Apache-2.0",
     "repository": {
@@ -291,7 +291,7 @@
         "workerDirectory": "playground"
     },
     "okta": {
-        "commitSha": "5b4209868ac0b0027d926e6a95cd97bda5752782",
-        "fullVersion": "7.13.0-g5b42098"
+        "commitSha": "a1ffb10459f45fb281da734bbea061e5bbed5d30",
+        "fullVersion": "7.13.1-ga1ffb10"
     }
 }

package/src/config/config.json

@@ -1,6 +1,6 @@
 {
   "defaultLanguage": "en",
-  "version": "7.13.0",
+  "version": "7.13.1",
   "supportedLanguages": [
     "en",
     "cs",

package/src/v3/hooks/useOnSubmit.ts

@@ -20,7 +20,6 @@ import {
 } from '@okta/okta-auth-js';
 import { cloneDeep, merge, omit } from 'lodash';
 import { useCallback } from 'preact/hooks';
-import { generateDeviceFingerprint } from 'src/util/deviceFingerprintingUtils';
 
 import { IDX_STEP, ON_PREM_TOKEN_CHANGE_ERROR_KEY } from '../constants';
 import { useWidgetContext } from '../contexts';
@@ -28,7 +27,6 @@ import { MessageType } from '../types';
 import {
   areTransactionsEqual,
   containsMessageKey,
-  getBaseUrl,
   getErrorEventContext,
   getImmutableData,
   isConfigRecoverFlow,
@@ -211,16 +209,6 @@ export const useOnSubmit = (): (options: OnSubmitHandlerOptions) => Promise<void
     if (step === IDX_STEP.CANCEL_TRANSACTION) {
       SessionStorage.removeStateHandle();
     }
-    if (step === IDX_STEP.IDENTIFY && features?.deviceFingerprinting) {
-      const baseUrl = getBaseUrl(widgetProps);
-      if (baseUrl) {
-        // Proceeds with form submission even if device fingerprinting fails
-        const fingerprint = await generateDeviceFingerprint(baseUrl).catch(() => undefined);
-        if (fingerprint) {
-          authClient.http.setRequestHeader('X-Device-Fingerprint', fingerprint);
-        }
-      }
-    }
     setMessage(undefined);
     try {
       let newTransaction = await fn(payload);

package/src/v3/src/hooks/useOnSubmit.ts

@@ -20,7 +20,6 @@ import {
 } from '@okta/okta-auth-js';
 import { cloneDeep, merge, omit } from 'lodash';
 import { useCallback } from 'preact/hooks';
-import { generateDeviceFingerprint } from 'src/util/deviceFingerprintingUtils';
 
 import { IDX_STEP, ON_PREM_TOKEN_CHANGE_ERROR_KEY } from '../constants';
 import { useWidgetContext } from '../contexts';
@@ -28,7 +27,6 @@ import { MessageType } from '../types';
 import {
   areTransactionsEqual,
   containsMessageKey,
-  getBaseUrl,
   getErrorEventContext,
   getImmutableData,
   isConfigRecoverFlow,
@@ -211,16 +209,6 @@ export const useOnSubmit = (): (options: OnSubmitHandlerOptions) => Promise<void
     if (step === IDX_STEP.CANCEL_TRANSACTION) {
       SessionStorage.removeStateHandle();
     }
-    if (step === IDX_STEP.IDENTIFY && features?.deviceFingerprinting) {
-      const baseUrl = getBaseUrl(widgetProps);
-      if (baseUrl) {
-        // Proceeds with form submission even if device fingerprinting fails
-        const fingerprint = await generateDeviceFingerprint(baseUrl).catch(() => undefined);
-        if (fingerprint) {
-          authClient.http.setRequestHeader('X-Device-Fingerprint', fingerprint);
-        }
-      }
-    }
     setMessage(undefined);
     try {
       let newTransaction = await fn(payload);

package/src/v3/src/util/browserUtils.ts

@@ -24,7 +24,3 @@ export const isIOS = (): boolean => (
 );
 
 export const isAndroidOrIOS = (): boolean => isAndroid() || isIOS();
-
-export const getUserAgent = (): string => navigator.userAgent;
-
-export const isWindowsPhone = (userAgent: string): RegExpMatchArray | null => userAgent.match(/windows phone|iemobile|wpdesktop/i);

package/src/v3/util/browserUtils.ts

@@ -24,7 +24,3 @@ export const isIOS = (): boolean => (
 );
 
 export const isAndroidOrIOS = (): boolean => isAndroid() || isIOS();
-
-export const getUserAgent = (): string => navigator.userAgent;
-
-export const isWindowsPhone = (userAgent: string): RegExpMatchArray | null => userAgent.match(/windows phone|iemobile|wpdesktop/i);

package/src/v3/src/util/deviceFingerprintingUtils.test.ts

@@ -1,144 +0,0 @@
-/*
- * Copyright (c) 2023-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- */
-
-import * as DeviceFingerprintingUtils from './deviceFingerprintingUtils';
-
-describe('DeviceFingerprintingUtils', () => {
-  const oktaDomainUrl = '';
-
-  beforeAll(() => {
-    const mockForm = document.createElement('form');
-    mockForm.setAttribute('data-se', 'o-form');
-    document.body.append(mockForm);
-  });
-
-  const mockIFrameMessages = (success: boolean, errorMessage?: { type: string }) => {
-    const message = success
-      ? { type: 'FingerprintAvailable', fingerprint: 'thisIsTheFingerprint' }
-      : errorMessage;
-
-    // TODO (jest): event is missing `origin` property
-    window.postMessage(JSON.stringify(message), '*');
-  };
-
-  const mockUserAgent = (userAgent: string) => {
-    jest.spyOn(navigator, 'userAgent', 'get').mockReturnValue(userAgent);
-  };
-
-  const bypassMessageSourceCheck = () => {
-    jest.spyOn(DeviceFingerprintingUtils, 'isMessageFromCorrectSource').mockReturnValue(true);
-  };
-
-  it('creates hidden iframe during fingerprint generation', async () => {
-    mockIFrameMessages(true);
-    bypassMessageSourceCheck();
-    const fingerprintPromise = DeviceFingerprintingUtils.generateDeviceFingerprint(oktaDomainUrl);
-    let iframe = document.getElementById('device-fingerprint-container');
-    expect(iframe).not.toBeNull();
-    expect(iframe).not.toBeVisible();
-    expect(iframe?.getAttribute('src')).toBe('/auth/services/devicefingerprint');
-    await fingerprintPromise;
-    iframe = document.getElementById('device-fingerprint-container');
-    expect(iframe).toBeNull();
-  });
-
-  it('returns a fingerprint if the communication with the iframe is successful', async () => {
-    mockIFrameMessages(true);
-    bypassMessageSourceCheck();
-    const fingerprint = await DeviceFingerprintingUtils.generateDeviceFingerprint(oktaDomainUrl);
-    expect(fingerprint).toBe('thisIsTheFingerprint');
-  });
-
-  it('fails if the iframe does not load', async () => {
-    await expect(DeviceFingerprintingUtils.generateDeviceFingerprint(oktaDomainUrl))
-      .rejects
-      .toThrow('Service not available');
-    const iframe = document.getElementById('device-fingerprint-container');
-    expect(iframe).toBeNull();
-  });
-
-  it('clears iframe timeout once the iframe loads', async () => {
-    mockIFrameMessages(true);
-    bypassMessageSourceCheck();
-
-    const clearTimeoutSpy = jest.spyOn(window, 'clearTimeout');
-
-    await expect(DeviceFingerprintingUtils.generateDeviceFingerprint(oktaDomainUrl))
-      .resolves
-      .toBe('thisIsTheFingerprint');
-    expect(clearTimeoutSpy).toHaveBeenCalled();
-  });
-
-  it('fails if there is a problem with communicating with the iframe', async () => {
-    mockIFrameMessages(false);
-    bypassMessageSourceCheck();
-
-    await expect(DeviceFingerprintingUtils.generateDeviceFingerprint(oktaDomainUrl))
-      .rejects
-      .toThrow('No data');
-    const iframe = document.getElementById('device-fingerprint-container');
-    expect(iframe).toBeNull();
-  });
-
-  it('fails if there iframe sends and invalid message content', async () => {
-    mockIFrameMessages(false, { type: 'InvalidMessageType' });
-    bypassMessageSourceCheck();
-
-    await expect(DeviceFingerprintingUtils.generateDeviceFingerprint(oktaDomainUrl))
-      .rejects
-      .toThrow('No data');
-    const iframe = document.getElementById('device-fingerprint-container');
-    expect(iframe).toBeNull();
-  });
-
-  it('fails if user agent is not defined', async () => {
-    mockUserAgent('');
-    mockIFrameMessages(true);
-
-    await expect(DeviceFingerprintingUtils.generateDeviceFingerprint(oktaDomainUrl))
-      .rejects
-      .toThrow('User agent is not defined');
-    const iframe = document.getElementById('device-fingerprint-container');
-    expect(iframe).toBeNull();
-  });
-
-  it('fails if it is called from a Windows phone', async () => {
-    mockUserAgent('Windows Phone');
-    mockIFrameMessages(true);
-
-    await expect(DeviceFingerprintingUtils.generateDeviceFingerprint(oktaDomainUrl))
-      .rejects
-      .toThrow('Device fingerprint is not supported on Windows phones');
-    const iframe = document.getElementById('device-fingerprint-container');
-    expect(iframe).toBeNull();
-  });
-
-  it('fails if it the iframe does not load or there is a slow connection', async () => {
-    // Not sending any mock messages should trigger a timeout
-    await expect(DeviceFingerprintingUtils.generateDeviceFingerprint(oktaDomainUrl))
-      .rejects
-      .toThrow('Service not available');
-    const iframe = document.getElementById('device-fingerprint-container');
-    expect(iframe).toBeNull();
-  });
-
-  it('fails if it there is no form to attach the iframe to', async () => {
-    const form = document.querySelector('form[data-se="o-form"]');
-    expect(form).not.toBeNull();
-    document.body.removeChild(form!);
-    await expect(DeviceFingerprintingUtils.generateDeviceFingerprint(oktaDomainUrl))
-      .rejects
-      .toThrow('Form does not exist');
-    const iframe = document.getElementById('device-fingerprint-container');
-    expect(iframe).toBeNull();
-  });
-});

package/src/v3/src/util/deviceFingerprintingUtils.ts

@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 2023-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- */
-
-import { getUserAgent, isWindowsPhone } from './browserUtils';
-
-export const isMessageFromCorrectSource = (iframe: HTMLIFrameElement, event: MessageEvent)
-: boolean => (
-  event.source === iframe.contentWindow
-);
-
-// NOTE: This utility is similar to the DeviceFingerprinting.js file used for V2 authentication flows.
-export const generateDeviceFingerprint = (oktaDomainUrl: string): Promise<string> => {
-  const userAgent = getUserAgent();
-  if (!userAgent) {
-    return Promise.reject(new Error('User agent is not defined'));
-  }
-  if (isWindowsPhone(userAgent)) {
-    return Promise.reject(new Error('Device fingerprint is not supported on Windows phones'));
-  }
-
-  return new Promise((resolve, reject) => {
-    let iframe: HTMLIFrameElement;
-    let iframeTimeout: NodeJS.Timeout;
-    let onMessageReceivedFromOkta: (event: MessageEvent) => void;
-
-    const removeIframe = () => {
-      iframe.remove();
-      window.removeEventListener('message', onMessageReceivedFromOkta);
-    };
-
-    const handleError = (reason: string) => {
-      removeIframe();
-      reject(new Error(reason));
-    };
-
-    const sendMessageToOkta = (message: { type: string }) => {
-      const win = iframe.contentWindow;
-
-      if (win) {
-        win.postMessage(JSON.stringify(message), oktaDomainUrl);
-      }
-    };
-
-    onMessageReceivedFromOkta = (event: MessageEvent) => {
-      if (!isMessageFromCorrectSource(iframe, event)) {
-        return;
-      }
-      // deviceFingerprint service is available, clear timeout
-      clearTimeout(iframeTimeout);
-      if (!event || !event.data || event.origin !== oktaDomainUrl) {
-        handleError('No data');
-      }
-      try {
-        const message = JSON.parse(event.data);
-
-        if (message && message.type === 'FingerprintServiceReady') {
-          sendMessageToOkta({
-            type: 'GetFingerprint',
-          });
-        } else if (message && message.type === 'FingerprintAvailable') {
-          removeIframe();
-          resolve(message.fingerprint);
-        } else {
-          handleError('No data');
-        }
-      } catch (error) {
-        // Ignore any errors since we could get other messages too
-      }
-    };
-
-    // Attach listener
-    window.addEventListener('message', onMessageReceivedFromOkta, false);
-    iframe = document.createElement('iframe');
-    iframe.id = 'device-fingerprint-container';
-    iframe.style.display = 'none';
-    // Create and load devicefingerprint page inside the iframe
-    iframe.src = `${oktaDomainUrl}/auth/services/devicefingerprint`;
-
-    const formElement = document.querySelector('form[data-se="o-form"]');
-    if (formElement === null) {
-      handleError('Form does not exist');
-    }
-    formElement!.appendChild(iframe);
-
-    iframeTimeout = setTimeout(() => {
-      // If the iframe does not load or there is a slow connection, throw an error
-      handleError('Service not available');
-    }, 2000);
-  });
-};

package/src/v3/util/deviceFingerprintingUtils.ts

@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 2023-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- */
-
-import { getUserAgent, isWindowsPhone } from './browserUtils';
-
-export const isMessageFromCorrectSource = (iframe: HTMLIFrameElement, event: MessageEvent)
-: boolean => (
-  event.source === iframe.contentWindow
-);
-
-// NOTE: This utility is similar to the DeviceFingerprinting.js file used for V2 authentication flows.
-export const generateDeviceFingerprint = (oktaDomainUrl: string): Promise<string> => {
-  const userAgent = getUserAgent();
-  if (!userAgent) {
-    return Promise.reject(new Error('User agent is not defined'));
-  }
-  if (isWindowsPhone(userAgent)) {
-    return Promise.reject(new Error('Device fingerprint is not supported on Windows phones'));
-  }
-
-  return new Promise((resolve, reject) => {
-    let iframe: HTMLIFrameElement;
-    let iframeTimeout: NodeJS.Timeout;
-    let onMessageReceivedFromOkta: (event: MessageEvent) => void;
-
-    const removeIframe = () => {
-      iframe.remove();
-      window.removeEventListener('message', onMessageReceivedFromOkta);
-    };
-
-    const handleError = (reason: string) => {
-      removeIframe();
-      reject(new Error(reason));
-    };
-
-    const sendMessageToOkta = (message: { type: string }) => {
-      const win = iframe.contentWindow;
-
-      if (win) {
-        win.postMessage(JSON.stringify(message), oktaDomainUrl);
-      }
-    };
-
-    onMessageReceivedFromOkta = (event: MessageEvent) => {
-      if (!isMessageFromCorrectSource(iframe, event)) {
-        return;
-      }
-      // deviceFingerprint service is available, clear timeout
-      clearTimeout(iframeTimeout);
-      if (!event || !event.data || event.origin !== oktaDomainUrl) {
-        handleError('No data');
-      }
-      try {
-        const message = JSON.parse(event.data);
-
-        if (message && message.type === 'FingerprintServiceReady') {
-          sendMessageToOkta({
-            type: 'GetFingerprint',
-          });
-        } else if (message && message.type === 'FingerprintAvailable') {
-          removeIframe();
-          resolve(message.fingerprint);
-        } else {
-          handleError('No data');
-        }
-      } catch (error) {
-        // Ignore any errors since we could get other messages too
-      }
-    };
-
-    // Attach listener
-    window.addEventListener('message', onMessageReceivedFromOkta, false);
-    iframe = document.createElement('iframe');
-    iframe.id = 'device-fingerprint-container';
-    iframe.style.display = 'none';
-    // Create and load devicefingerprint page inside the iframe
-    iframe.src = `${oktaDomainUrl}/auth/services/devicefingerprint`;
-
-    const formElement = document.querySelector('form[data-se="o-form"]');
-    if (formElement === null) {
-      handleError('Form does not exist');
-    }
-    formElement!.appendChild(iframe);
-
-    iframeTimeout = setTimeout(() => {
-      // If the iframe does not load or there is a slow connection, throw an error
-      handleError('Service not available');
-    }, 2000);
-  });
-};