npm - @ollaid/native-sso - Versions diffs - 2.7.2 → 2.7.3 - Mend

@ollaid/native-sso 2.7.2 → 2.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -7108,6 +7108,27 @@ function isRawStorageKey(key) {
 function getLegacyStorageKey(key) {
   return LEGACY_STORAGE_KEYS[key] || null;
 }
+function normalizeStorageValue(value) {
+  if (typeof value === "string") return value;
+  if (value === null || value === void 0) return "";
+  if (typeof value === "number" || typeof value === "boolean" || typeof value === "bigint") {
+    return String(value);
+  }
+  try {
+    const serialized = JSON.stringify(value);
+    return serialized ?? "";
+  } catch {
+    return String(value);
+  }
+}
+function safeJSONStringify(value) {
+  try {
+    const serialized = JSON.stringify(value);
+    return serialized ?? "null";
+  } catch {
+    return "null";
+  }
+}
 function migrateLegacyValue(base, key, legacyKey, rawValue) {
   base.setItem(key, encryptStorageValue(rawValue));
   base.removeItem(legacyKey);
@@ -7116,31 +7137,44 @@ function migrateLegacyValue(base, key, legacyKey, rawValue) {
 function getStorageEncryptionSecret() {
   var _a;
   const storage = rawStorageAdapter;
-  let seed = storage.getItem("native_sso_storage_seed");
+  let seed = storage.getItem(STORAGE_SEED_KEY);
   if (!seed) {
     seed = `seed_${Date.now()}_${Math.random().toString(36).substring(2, 15)}_${Math.random().toString(36).substring(2, 15)}`;
-    storage.setItem("native_sso_storage_seed", seed);
+    storage.setItem(STORAGE_SEED_KEY, seed);
   }
   const origin = typeof window !== "undefined" && ((_a = window.location) == null ? void 0 : _a.origin) ? window.location.origin : "unknown-origin";
   const prefix = config.configPrefix || "iam";
   return `${STORAGE_ENCRYPTION_SECRET_PREFIX}::${origin}::${prefix}::${seed}`;
 }
 function encryptStorageValue(value) {
-  const secret = getStorageEncryptionSecret();
-  const ciphertext = cryptoJsExports.AES.encrypt(value, secret).toString();
-  return `${STORAGE_ENCRYPTION_PREFIX}${ciphertext}`;
+  const normalizedValue = normalizeStorageValue(value);
+  try {
+    const secret = getStorageEncryptionSecret();
+    const ciphertext = cryptoJsExports.AES.encrypt(normalizedValue, secret).toString();
+    return `${STORAGE_ENCRYPTION_PREFIX}${ciphertext}`;
+  } catch (error) {
+    if (isDebugMode()) {
+      console.warn("⚠️ [native-sso] Encryption storage fallback to plain value", error);
+    }
+    return normalizedValue;
+  }
 }
 function decryptStorageValue(value) {
-  if (!value.startsWith(STORAGE_ENCRYPTION_PREFIX)) {
-    return value;
+  const normalizedValue = normalizeStorageValue(value);
+  if (!normalizedValue.startsWith(STORAGE_ENCRYPTION_PREFIX)) {
+    return normalizedValue;
   }
-  const secret = getStorageEncryptionSecret();
-  const ciphertext = value.slice(STORAGE_ENCRYPTION_PREFIX.length);
+  const ciphertext = normalizedValue.slice(STORAGE_ENCRYPTION_PREFIX.length);
+  if (!ciphertext) return null;
   try {
+    const secret = getStorageEncryptionSecret();
     const bytes = cryptoJsExports.AES.decrypt(ciphertext, secret);
     const plaintext = bytes.toString(cryptoJsExports.enc.Utf8);
     return plaintext || null;
-  } catch {
+  } catch (error) {
+    if (isDebugMode()) {
+      console.warn("⚠️ [native-sso] Failed to decrypt storage value, clearing corrupted entry", error);
+    }
     return null;
   }
 }
@@ -7156,8 +7190,9 @@ function createEncryptedStorageAdapter(base) {
         if (decrypted !== null) {
           return decrypted;
         }
-        if (rawValue.length > 0) {
-          base.setItem(key, encryptStorageValue(rawValue));
+        if (normalizeStorageValue(rawValue).startsWith(STORAGE_ENCRYPTION_PREFIX)) {
+          base.removeItem(key);
+          return null;
         }
         return rawValue;
       }
@@ -7178,7 +7213,7 @@ function createEncryptedStorageAdapter(base) {
     },
     setItem: (key, value) => {
       if (isRawStorageKey(key)) {
-        base.setItem(key, value);
+        base.setItem(key, normalizeStorageValue(value));
         return;
       }
       base.setItem(key, encryptStorageValue(value));
@@ -7230,6 +7265,7 @@ const getIamApiBaseUrl = () => {
 };
 const DEVICE_ID_KEY = "sso_device_id";
 const SESSION_UUID_KEY = "sso_session_uuid";
+const STORAGE_SEED_KEY = "native_sso_storage_seed";
 function generateUuid() {
   const globalCrypto = typeof globalThis !== "undefined" ? globalThis.crypto : void 0;
   if (globalCrypto && typeof globalCrypto.randomUUID === "function") {
@@ -7337,8 +7373,26 @@ const PROFILE_STORAGE = {
   IMAGE_LAST_CHECK: "sso_image_last_check",
   IMAGE_RECHECK_AT: "sso_image_recheck_at"
 };
+const ALL_SESSION_STORAGE_KEYS = [
+  STORAGE.AUTH_TOKEN,
+  STORAGE.TOKEN,
+  STORAGE.USER,
+  STORAGE.ACCOUNT_TYPE,
+  STORAGE.ALIAS_REFERENCE,
+  STORAGE.APP_ACCESS_TOKEN_REF,
+  STORAGE.REFRESH_TOKEN,
+  STORAGE.TOKEN_EXPIRES_AT,
+  STORAGE.REFRESH_EXPIRES_AT,
+  PROFILE_STORAGE.IMAGE_LAST_STATUS,
+  PROFILE_STORAGE.IMAGE_LAST_CHECK,
+  PROFILE_STORAGE.IMAGE_RECHECK_AT,
+  DEVICE_ID_KEY,
+  SESSION_UUID_KEY,
+  STORAGE_SEED_KEY
+];
 const setAuthToken = (token) => {
   const storage = getNativeStorage();
+  if (typeof token !== "string" || token.length === 0) return;
   storage.setItem(STORAGE.AUTH_TOKEN, token);
 };
 const getAuthToken = () => {
@@ -7357,13 +7411,45 @@ const clearAuthToken = () => {
   storage.removeItem(STORAGE.TOKEN_EXPIRES_AT);
   storage.removeItem(STORAGE.REFRESH_EXPIRES_AT);
 };
+const clearNativeSsoStorage = (options) => {
+  const storage = getNativeStorage();
+  const preserveDeviceIdentity = (options == null ? void 0 : options.preserveDeviceIdentity) === true;
+  ALL_SESSION_STORAGE_KEYS.forEach((key) => {
+    if (preserveDeviceIdentity && (key === DEVICE_ID_KEY || key === SESSION_UUID_KEY || key === STORAGE_SEED_KEY)) {
+      return;
+    }
+    storage.removeItem(key);
+  });
+};
+const repairNativeSsoStorage = () => {
+  const storage = getNativeStorage();
+  const authToken = getAuthToken();
+  const userRaw = storage.getItem(STORAGE.USER);
+  if (userRaw && !authToken) {
+    clearNativeSsoStorage();
+    return { cleaned: true, reason: "incomplete_session" };
+  }
+  if (authToken && !userRaw) {
+    clearNativeSsoStorage();
+    return { cleaned: true, reason: "incomplete_session" };
+  }
+  if (userRaw) {
+    try {
+      JSON.parse(userRaw);
+    } catch {
+      clearNativeSsoStorage();
+      return { cleaned: true, reason: "invalid_user_json" };
+    }
+  }
+  return { cleaned: false, reason: null };
+};
 const logout = async () => {
   const { nativeAuthService: nativeAuthService2 } = await Promise.resolve().then(() => nativeAuth);
   const token = getAuthToken();
   return nativeAuthService2.logout(token || void 0);
 };
 const setAuthUser = (user) => {
-  getNativeStorage().setItem(STORAGE.USER, JSON.stringify(user));
+  getNativeStorage().setItem(STORAGE.USER, safeJSONStringify(user));
 };
 const getAuthUser = () => {
   const user = getNativeStorage().getItem(STORAGE.USER);
@@ -13288,6 +13374,16 @@ function NativeSSOPage({
   react.useEffect(() => {
     sessionRef.current = session;
   }, [session]);
+  react.useEffect(() => {
+    const repairResult = repairNativeSsoStorage();
+    if (repairResult.cleaned) {
+      setSession(null);
+      const isDev = Boolean(false);
+      if (isDev) {
+        console.warn("🔧 [NativeSSOPage] Storage SSO réparé", repairResult.reason);
+      }
+    }
+  }, []);
   react.useEffect(() => {
     if (!redirectingTarget) return;
     const timer = window.setTimeout(() => {
@@ -14035,6 +14131,7 @@ exports.PhoneInput = PhoneInput;
 exports.STORAGE_KEYS = STORAGE;
 exports.SignupModal = SignupModal;
 exports.clearAuthToken = clearAuthToken;
+exports.clearNativeSsoStorage = clearNativeSsoStorage;
 exports.getAccountType = getAccountType;
 exports.getAuthToken = getAuthToken;
 exports.getAuthUser = getAuthUser;
@@ -14055,6 +14152,7 @@ exports.mobilePasswordService = mobilePasswordService;
 exports.nativeAuthService = nativeAuthService;
 exports.profileChangeService = profileChangeService;
 exports.profileMediaService = profileMediaService;
+exports.repairNativeSsoStorage = repairNativeSsoStorage;
 exports.searchCountries = searchCountries;
 exports.setNativeAuthConfig = setNativeAuthConfig;
 exports.setNativeStorage = setNativeStorage;