@ollaid/native-sso 2.7.1 → 2.7.3

package/dist/index.cjs

@@ -7108,6 +7108,27 @@ function isRawStorageKey(key) {
 function getLegacyStorageKey(key) {
   return LEGACY_STORAGE_KEYS[key] || null;
 }
+function normalizeStorageValue(value) {
+  if (typeof value === "string") return value;
+  if (value === null || value === void 0) return "";
+  if (typeof value === "number" || typeof value === "boolean" || typeof value === "bigint") {
+    return String(value);
+  }
+  try {
+    const serialized = JSON.stringify(value);
+    return serialized ?? "";
+  } catch {
+    return String(value);
+  }
+}
+function safeJSONStringify(value) {
+  try {
+    const serialized = JSON.stringify(value);
+    return serialized ?? "null";
+  } catch {
+    return "null";
+  }
+}
 function migrateLegacyValue(base, key, legacyKey, rawValue) {
   base.setItem(key, encryptStorageValue(rawValue));
   base.removeItem(legacyKey);
@@ -7116,31 +7137,44 @@ function migrateLegacyValue(base, key, legacyKey, rawValue) {
 function getStorageEncryptionSecret() {
   var _a;
   const storage = rawStorageAdapter;
-  let seed = storage.getItem("native_sso_storage_seed");
+  let seed = storage.getItem(STORAGE_SEED_KEY);
   if (!seed) {
     seed = `seed_${Date.now()}_${Math.random().toString(36).substring(2, 15)}_${Math.random().toString(36).substring(2, 15)}`;
-    storage.setItem("native_sso_storage_seed", seed);
+    storage.setItem(STORAGE_SEED_KEY, seed);
   }
   const origin = typeof window !== "undefined" && ((_a = window.location) == null ? void 0 : _a.origin) ? window.location.origin : "unknown-origin";
   const prefix = config.configPrefix || "iam";
   return `${STORAGE_ENCRYPTION_SECRET_PREFIX}::${origin}::${prefix}::${seed}`;
 }
 function encryptStorageValue(value) {
-  const secret = getStorageEncryptionSecret();
-  const ciphertext = cryptoJsExports.AES.encrypt(value, secret).toString();
-  return `${STORAGE_ENCRYPTION_PREFIX}${ciphertext}`;
+  const normalizedValue = normalizeStorageValue(value);
+  try {
+    const secret = getStorageEncryptionSecret();
+    const ciphertext = cryptoJsExports.AES.encrypt(normalizedValue, secret).toString();
+    return `${STORAGE_ENCRYPTION_PREFIX}${ciphertext}`;
+  } catch (error) {
+    if (isDebugMode()) {
+      console.warn("⚠️ [native-sso] Encryption storage fallback to plain value", error);
+    }
+    return normalizedValue;
+  }
 }
 function decryptStorageValue(value) {
-  if (!value.startsWith(STORAGE_ENCRYPTION_PREFIX)) {
-    return value;
+  const normalizedValue = normalizeStorageValue(value);
+  if (!normalizedValue.startsWith(STORAGE_ENCRYPTION_PREFIX)) {
+    return normalizedValue;
   }
-  const secret = getStorageEncryptionSecret();
-  const ciphertext = value.slice(STORAGE_ENCRYPTION_PREFIX.length);
+  const ciphertext = normalizedValue.slice(STORAGE_ENCRYPTION_PREFIX.length);
+  if (!ciphertext) return null;
   try {
+    const secret = getStorageEncryptionSecret();
     const bytes = cryptoJsExports.AES.decrypt(ciphertext, secret);
     const plaintext = bytes.toString(cryptoJsExports.enc.Utf8);
     return plaintext || null;
-  } catch {
+  } catch (error) {
+    if (isDebugMode()) {
+      console.warn("⚠️ [native-sso] Failed to decrypt storage value, clearing corrupted entry", error);
+    }
     return null;
   }
 }
@@ -7156,8 +7190,9 @@ function createEncryptedStorageAdapter(base) {
         if (decrypted !== null) {
           return decrypted;
         }
-        if (rawValue.length > 0) {
-          base.setItem(key, encryptStorageValue(rawValue));
+        if (normalizeStorageValue(rawValue).startsWith(STORAGE_ENCRYPTION_PREFIX)) {
+          base.removeItem(key);
+          return null;
         }
         return rawValue;
       }
@@ -7178,7 +7213,7 @@ function createEncryptedStorageAdapter(base) {
     },
     setItem: (key, value) => {
       if (isRawStorageKey(key)) {
-        base.setItem(key, value);
+        base.setItem(key, normalizeStorageValue(value));
         return;
       }
       base.setItem(key, encryptStorageValue(value));
@@ -7230,6 +7265,7 @@ const getIamApiBaseUrl = () => {
 };
 const DEVICE_ID_KEY = "sso_device_id";
 const SESSION_UUID_KEY = "sso_session_uuid";
+const STORAGE_SEED_KEY = "native_sso_storage_seed";
 function generateUuid() {
   const globalCrypto = typeof globalThis !== "undefined" ? globalThis.crypto : void 0;
   if (globalCrypto && typeof globalCrypto.randomUUID === "function") {
@@ -7337,8 +7373,26 @@ const PROFILE_STORAGE = {
   IMAGE_LAST_CHECK: "sso_image_last_check",
   IMAGE_RECHECK_AT: "sso_image_recheck_at"
 };
+const ALL_SESSION_STORAGE_KEYS = [
+  STORAGE.AUTH_TOKEN,
+  STORAGE.TOKEN,
+  STORAGE.USER,
+  STORAGE.ACCOUNT_TYPE,
+  STORAGE.ALIAS_REFERENCE,
+  STORAGE.APP_ACCESS_TOKEN_REF,
+  STORAGE.REFRESH_TOKEN,
+  STORAGE.TOKEN_EXPIRES_AT,
+  STORAGE.REFRESH_EXPIRES_AT,
+  PROFILE_STORAGE.IMAGE_LAST_STATUS,
+  PROFILE_STORAGE.IMAGE_LAST_CHECK,
+  PROFILE_STORAGE.IMAGE_RECHECK_AT,
+  DEVICE_ID_KEY,
+  SESSION_UUID_KEY,
+  STORAGE_SEED_KEY
+];
 const setAuthToken = (token) => {
   const storage = getNativeStorage();
+  if (typeof token !== "string" || token.length === 0) return;
   storage.setItem(STORAGE.AUTH_TOKEN, token);
 };
 const getAuthToken = () => {
@@ -7357,13 +7411,45 @@ const clearAuthToken = () => {
   storage.removeItem(STORAGE.TOKEN_EXPIRES_AT);
   storage.removeItem(STORAGE.REFRESH_EXPIRES_AT);
 };
+const clearNativeSsoStorage = (options) => {
+  const storage = getNativeStorage();
+  const preserveDeviceIdentity = (options == null ? void 0 : options.preserveDeviceIdentity) === true;
+  ALL_SESSION_STORAGE_KEYS.forEach((key) => {
+    if (preserveDeviceIdentity && (key === DEVICE_ID_KEY || key === SESSION_UUID_KEY || key === STORAGE_SEED_KEY)) {
+      return;
+    }
+    storage.removeItem(key);
+  });
+};
+const repairNativeSsoStorage = () => {
+  const storage = getNativeStorage();
+  const authToken = getAuthToken();
+  const userRaw = storage.getItem(STORAGE.USER);
+  if (userRaw && !authToken) {
+    clearNativeSsoStorage();
+    return { cleaned: true, reason: "incomplete_session" };
+  }
+  if (authToken && !userRaw) {
+    clearNativeSsoStorage();
+    return { cleaned: true, reason: "incomplete_session" };
+  }
+  if (userRaw) {
+    try {
+      JSON.parse(userRaw);
+    } catch {
+      clearNativeSsoStorage();
+      return { cleaned: true, reason: "invalid_user_json" };
+    }
+  }
+  return { cleaned: false, reason: null };
+};
 const logout = async () => {
   const { nativeAuthService: nativeAuthService2 } = await Promise.resolve().then(() => nativeAuth);
   const token = getAuthToken();
   return nativeAuthService2.logout(token || void 0);
 };
 const setAuthUser = (user) => {
-  getNativeStorage().setItem(STORAGE.USER, JSON.stringify(user));
+  getNativeStorage().setItem(STORAGE.USER, safeJSONStringify(user));
 };
 const getAuthUser = () => {
   const user = getNativeStorage().getItem(STORAGE.USER);
@@ -9617,6 +9703,8 @@ function LoginModal({
   const [loginSuccess, setLoginSuccess] = react.useState(false);
   const [loginData, setLoginData] = react.useState(null);
   const [showPasswordRecovery, setShowPasswordRecovery] = react.useState(false);
+  const [passwordSubmitting, setPasswordSubmitting] = react.useState(false);
+  const successCallbackTimerRef = react.useRef(null);
   const CCPHONE = "+221";
   const isSubmitting = authLoading || loading;
   const error = localError || authError;
@@ -9634,15 +9722,11 @@ function LoginModal({
       setResendCooldown(60);
     }
   }, [status, step]);
-  react.useEffect(() => {
-    if (loginSuccess && loginData) {
-      const timer = setTimeout(() => {
-        onLoginSuccess == null ? void 0 : onLoginSuccess(loginData.token, loginData.user);
-      }, 1e3);
-      return () => clearTimeout(timer);
-    }
-  }, [loginSuccess, loginData, onLoginSuccess]);
   const resetState = react.useCallback(() => {
+    if (successCallbackTimerRef.current) {
+      clearTimeout(successCallbackTimerRef.current);
+      successCallbackTimerRef.current = null;
+    }
     setStep("choice");
     setEmail("");
     setPassword("");
@@ -9656,6 +9740,7 @@ function LoginModal({
     setLoginSuccess(false);
     setLoginData(null);
     setResendCooldown(0);
+    setPasswordSubmitting(false);
     resetAuth();
   }, [resetAuth]);
   react.useEffect(() => {
@@ -9668,12 +9753,34 @@ function LoginModal({
     }
   }, [open, initialPhone]);
   const finalizeLogin = (result) => {
-    if (result.success && result.user) {
+    if (result.success) {
       const token = getAuthToken() || "";
-      setLoginData({ token, user: result.user });
-      setLoginSuccess(true);
+      const resolvedUser = result.user || user;
+      if (resolvedUser) {
+        setLoginData({ token, user: resolvedUser });
+        setLoginSuccess(true);
+      }
     }
   };
+  react.useEffect(() => {
+    if (!loginSuccess || !loginData || !onLoginSuccess) return;
+    if (successCallbackTimerRef.current) {
+      clearTimeout(successCallbackTimerRef.current);
+    }
+    successCallbackTimerRef.current = setTimeout(() => {
+      try {
+        onLoginSuccess(loginData.token, loginData.user);
+      } catch (callbackError) {
+        console.error("Erreur dans onLoginSuccess", callbackError);
+      }
+    }, 900);
+    return () => {
+      if (successCallbackTimerRef.current) {
+        clearTimeout(successCallbackTimerRef.current);
+        successCallbackTimerRef.current = null;
+      }
+    };
+  }, [loginSuccess, loginData, onLoginSuccess]);
   const handleEmailCheck = async () => {
     setLocalError(null);
     clearError();
@@ -9690,18 +9797,24 @@ function LoginModal({
   };
   const handleEmailPasswordSubmit = async (e) => {
     e.preventDefault();
+    if (passwordSubmitting || isSubmitting) return;
+    setPasswordSubmitting(true);
     setLocalError(null);
     clearError();
-    if (!password) {
-      setLocalError("Le mot de passe est requis");
-      return;
-    }
-    if (password.length < 8) {
-      setLocalError("Le mot de passe doit contenir au moins 8 caractères");
-      return;
+    try {
+      if (!password) {
+        setLocalError("Le mot de passe est requis");
+        return;
+      }
+      if (password.length < 8) {
+        setLocalError("Le mot de passe doit contenir au moins 8 caractères");
+        return;
+      }
+      const result = await submitPassword(password);
+      finalizeLogin(result);
+    } finally {
+      setPasswordSubmitting(false);
     }
-    const result = await submitPassword(password);
-    finalizeLogin(result);
   };
   const handleEmailOtpVerify = async () => {
     setLocalError(null);
@@ -9965,7 +10078,7 @@ function LoginModal({
                     placeholder: "••••••••",
                     value: password,
                     onChange: (e) => setPassword(e.target.value),
-                    disabled: isSubmitting,
+                    disabled: isSubmitting || passwordSubmitting,
                     style: { paddingRight: "2.5rem" }
                   }
                 ),
@@ -9981,7 +10094,7 @@ function LoginModal({
               ] })
             ] })
           ] }) }),
-          /* @__PURE__ */ jsxRuntime.jsx(DialogFooter, { children: /* @__PURE__ */ jsxRuntime.jsx(Button, { type: "submit", disabled: isSubmitting || !password, style: { width: "100%" }, children: isSubmitting ? /* @__PURE__ */ jsxRuntime.jsxs("span", { style: { display: "flex", alignItems: "center", gap: "0.5rem" }, children: [
+          /* @__PURE__ */ jsxRuntime.jsx(DialogFooter, { children: /* @__PURE__ */ jsxRuntime.jsx(Button, { type: "submit", disabled: isSubmitting || passwordSubmitting || !password, style: { width: "100%" }, children: isSubmitting ? /* @__PURE__ */ jsxRuntime.jsxs("span", { style: { display: "flex", alignItems: "center", gap: "0.5rem" }, children: [
             /* @__PURE__ */ jsxRuntime.jsx(IconLoader2, { style: { width: "1rem", height: "1rem" } }),
             "Connexion..."
           ] }) : "Se connecter" }) })
@@ -13237,6 +13350,8 @@ function NativeSSOPage({
   const [showOnboarding, setShowOnboarding] = react.useState(false);
   const [pendingSession, setPendingSession] = react.useState(null);
   const [debugOnboardingState, setDebugOnboardingState] = react.useState(null);
+  const [redirectingTarget, setRedirectingTarget] = react.useState(null);
+  const [redirectingReason, setRedirectingReason] = react.useState(null);
   const [session, setSession] = react.useState(() => {
     try {
       const storage2 = getNativeStorage();
@@ -13259,6 +13374,27 @@ function NativeSSOPage({
   react.useEffect(() => {
     sessionRef.current = session;
   }, [session]);
+  react.useEffect(() => {
+    const repairResult = repairNativeSsoStorage();
+    if (repairResult.cleaned) {
+      setSession(null);
+      const isDev = Boolean(false);
+      if (isDev) {
+        console.warn("🔧 [NativeSSOPage] Storage SSO réparé", repairResult.reason);
+      }
+    }
+  }, []);
+  react.useEffect(() => {
+    if (!redirectingTarget) return;
+    const timer = window.setTimeout(() => {
+      const redirected = safeRedirect(redirectingTarget);
+      if (!redirected) {
+        setRedirectingTarget(null);
+        setRedirectingReason(null);
+      }
+    }, 200);
+    return () => window.clearTimeout(timer);
+  }, [redirectingTarget]);
   const clearOnboardingTimers = react.useCallback(() => {
     if (onboardingPromptTimerRef.current) {
       clearTimeout(onboardingPromptTimerRef.current);
@@ -13426,6 +13562,12 @@ function NativeSSOPage({
     setLoginInitialPhone(phone);
     setTimeout(() => setModal("login"), 150);
   }, []);
+  const beginRedirect = react.useCallback((target, reason = "login") => {
+    if (!target) return false;
+    setRedirectingReason(reason);
+    setRedirectingTarget(target);
+    return true;
+  }, []);
   const handleLoginSuccess = react.useCallback((token, user) => {
     const userObj = {
       reference: "",
@@ -13442,10 +13584,14 @@ function NativeSSOPage({
     void refreshSessionProfile(true);
     if (!needsOnboarding(userObj)) {
       markProfilePromptComplete();
-      onLoginSuccess == null ? void 0 : onLoginSuccess(token, user);
-      safeRedirect(redirectAfterLogin);
+      try {
+        onLoginSuccess == null ? void 0 : onLoginSuccess(token, user);
+      } catch (callbackError) {
+        console.error("Erreur dans le callback onLoginSuccess du wrapper SSO", callbackError);
+      }
+      beginRedirect(redirectAfterLogin, "login");
     }
-  }, [onLoginSuccess, redirectAfterLogin, persistSessionUser, syncProfilePrompt, refreshSessionProfile, accountType]);
+  }, [onLoginSuccess, redirectAfterLogin, persistSessionUser, syncProfilePrompt, refreshSessionProfile, accountType, beginRedirect]);
   const handleOnboardingComplete = react.useCallback((data) => {
     const activeSession = debugOnboardingState || pendingSession;
     if (!activeSession) return;
@@ -13489,11 +13635,15 @@ function NativeSSOPage({
     if (!debugOnboardingState) {
       persistSessionUser(activeSession.token, activeSession.user);
       snoozeProfilePrompt(PROFILE_PROMPT_SNOOZE_MS / (60 * 60 * 1e3));
-      onLoginSuccess == null ? void 0 : onLoginSuccess(activeSession.token, activeSession.user);
-      safeRedirect(redirectAfterLogin);
+      try {
+        onLoginSuccess == null ? void 0 : onLoginSuccess(activeSession.token, activeSession.user);
+      } catch (callbackError) {
+        console.error("Erreur dans le callback onLoginSuccess du wrapper SSO", callbackError);
+      }
+      beginRedirect(redirectAfterLogin, "login");
       return;
     }
-  }, [pendingSession, debugOnboardingState, onLoginSuccess, redirectAfterLogin, persistSessionUser]);
+  }, [pendingSession, debugOnboardingState, onLoginSuccess, redirectAfterLogin, persistSessionUser, beginRedirect]);
   const handleOnboardingDismiss = react.useCallback(() => {
     setShowOnboarding(false);
     setPendingSession(null);
@@ -13506,8 +13656,8 @@ function NativeSSOPage({
     setDebugOnboardingState(null);
     clearOnboardingTimers();
     onLogout == null ? void 0 : onLogout();
-    safeRedirect(redirectAfterLogout);
-  }, [onLogout, redirectAfterLogout, clearOnboardingTimers]);
+    beginRedirect(redirectAfterLogout, "logout");
+  }, [onLogout, redirectAfterLogout, clearOnboardingTimers, beginRedirect]);
   const openDebugLogin = react.useCallback(() => {
     clearOnboardingTimers();
     setShowOnboarding(false);
@@ -13522,6 +13672,10 @@ function NativeSSOPage({
     setDebugOnboardingState(null);
     setModal("signup");
   }, [clearOnboardingTimers]);
+  react.useEffect(() => {
+    if (!(session == null ? void 0 : session.token) || !redirectAfterLogin || redirectingTarget) return;
+    beginRedirect(redirectAfterLogin, "already-authenticated");
+  }, [session == null ? void 0 : session.token, redirectAfterLogin, redirectingTarget, beginRedirect]);
   const openDebugOnboarding = react.useCallback((preset = "current") => {
     if (!session) return;
     clearOnboardingTimers();
@@ -13644,14 +13798,18 @@ function NativeSSOPage({
       overflow: "hidden"
     }, children: /* @__PURE__ */ jsxRuntime.jsx(AppsLogoSlider, { iamApiUrl, speed: "normal" }) }) })
   ] }) });
+  if (redirectingTarget) {
+    return /* @__PURE__ */ jsxRuntime.jsxs("div", { style: containerStyle, children: [
+      /* @__PURE__ */ jsxRuntime.jsx(TopBranding, { subtitle: title }),
+      /* @__PURE__ */ jsxRuntime.jsx(SliderBadge, {}),
+      /* @__PURE__ */ jsxRuntime.jsx("div", { style: cardStyle, children: /* @__PURE__ */ jsxRuntime.jsxs("div", { style: { padding: "2rem 1.5rem 1.5rem", textAlign: "center" }, children: [
+        /* @__PURE__ */ jsxRuntime.jsx("h2", { style: { fontSize: "1.25rem", fontWeight: 600, color: COLORS.cardForeground }, children: redirectingReason === "logout" ? "Déconnexion réussie" : redirectingReason === "already-authenticated" ? "Session déjà valide" : "Connexion réussie" }),
+        /* @__PURE__ */ jsxRuntime.jsx("p", { style: { fontSize: "0.875rem", color: COLORS.muted, marginTop: "0.5rem" }, children: "Redirection en cours..." })
+      ] }) }),
+      /* @__PURE__ */ jsxRuntime.jsx(Footer, { hideFooter })
+    ] });
+  }
   if (session) {
-    if (redirectAfterLogin) {
-      safeRedirect(redirectAfterLogin);
-      return /* @__PURE__ */ jsxRuntime.jsxs("div", { style: containerStyle, children: [
-        /* @__PURE__ */ jsxRuntime.jsx(TopBranding, { subtitle: title }),
-        /* @__PURE__ */ jsxRuntime.jsx("p", { style: { color: "rgba(255,255,255,0.7)", fontSize: "0.875rem" }, children: "Redirection en cours..." })
-      ] });
-    }
     return /* @__PURE__ */ jsxRuntime.jsxs("div", { style: containerStyle, children: [
       /* @__PURE__ */ jsxRuntime.jsx(TopBranding, { subtitle: title }),
       /* @__PURE__ */ jsxRuntime.jsx(SliderBadge, {}),
@@ -13973,6 +14131,7 @@ exports.PhoneInput = PhoneInput;
 exports.STORAGE_KEYS = STORAGE;
 exports.SignupModal = SignupModal;
 exports.clearAuthToken = clearAuthToken;
+exports.clearNativeSsoStorage = clearNativeSsoStorage;
 exports.getAccountType = getAccountType;
 exports.getAuthToken = getAuthToken;
 exports.getAuthUser = getAuthUser;
@@ -13993,6 +14152,7 @@ exports.mobilePasswordService = mobilePasswordService;
 exports.nativeAuthService = nativeAuthService;
 exports.profileChangeService = profileChangeService;
 exports.profileMediaService = profileMediaService;
+exports.repairNativeSsoStorage = repairNativeSsoStorage;
 exports.searchCountries = searchCountries;
 exports.setNativeAuthConfig = setNativeAuthConfig;
 exports.setNativeStorage = setNativeStorage;