@ollaid/native-sso 2.7.2 → 2.7.3

package/dist/index.d.ts

@@ -40,8 +40,9 @@ export { mobilePasswordService } from './services/mobilePassword';
 export { profileChangeService } from './services/profileChange';
 export { profileMediaService } from './services/profileMedia';
 export { iamAccountService } from './services/iamAccount';
-export { setNativeAuthConfig, getNativeAuthConfig, setNativeStorage, getNativeStorage, ApiError, getAuthToken, getAuthUser, getAccountType, clearAuthToken, logout, getSsoSessionSnapshot, hasSsoSession, getDeviceId, getSessionUuid, STORAGE_KEYS, PROFILE_PROMPT_KEYS, getProfilePromptState, setProfilePromptState, markProfilePromptComplete, snoozeProfilePrompt, } from './services/api';
+export { setNativeAuthConfig, getNativeAuthConfig, setNativeStorage, getNativeStorage, ApiError, getAuthToken, getAuthUser, getAccountType, clearAuthToken, clearNativeSsoStorage, repairNativeSsoStorage, logout, getSsoSessionSnapshot, hasSsoSession, getDeviceId, getSessionUuid, STORAGE_KEYS, PROFILE_PROMPT_KEYS, getProfilePromptState, setProfilePromptState, markProfilePromptComplete, snoozeProfilePrompt, } from './services/api';
 export type { NativeAuthConfig, NativeStorageAdapter, ApiErrorType, ProfilePromptState } from './services/api';
+export type { NativeSsoStorageRepairResult } from './services/api';
 export type { SsoSessionSnapshot } from './services/api';
 export type { NativeAuthType, NativeAuthStatus, AccountType, RegistrationType, NativeCredentials, NativeEncryptRequest, NativeEncryptResponse, NativeConfigResponse, NativeInitResponse, NativeValidateResponse, NativeGrantAccessResponse, NativeResendOtpResponse, NativeExchangeResponse, NativeRefreshResponse, NativeUser, NativeAuthState, UserInfos, LinkPhoneRequest, LinkPhoneResponse, LinkEmailRequest, LinkEmailResponse, RefreshUserInfoSingleRequest, RefreshUserInfoSingleResponse, RefreshUserInfoBulkRequest, RefreshUserInfoBulkResponse, UpdateAvatarRequest, UpdateAvatarResponse, ResetAvatarRequest, ResetAvatarResponse, CheckTokenResponse, } from './types/native';
 export type { MobilePasswordState, MobilePasswordStatus, } from './types/mobile';

package/dist/index.js

@@ -7106,6 +7106,27 @@ function isRawStorageKey(key) {
 function getLegacyStorageKey(key) {
   return LEGACY_STORAGE_KEYS[key] || null;
 }
+function normalizeStorageValue(value) {
+  if (typeof value === "string") return value;
+  if (value === null || value === void 0) return "";
+  if (typeof value === "number" || typeof value === "boolean" || typeof value === "bigint") {
+    return String(value);
+  }
+  try {
+    const serialized = JSON.stringify(value);
+    return serialized ?? "";
+  } catch {
+    return String(value);
+  }
+}
+function safeJSONStringify(value) {
+  try {
+    const serialized = JSON.stringify(value);
+    return serialized ?? "null";
+  } catch {
+    return "null";
+  }
+}
 function migrateLegacyValue(base, key, legacyKey, rawValue) {
   base.setItem(key, encryptStorageValue(rawValue));
   base.removeItem(legacyKey);
@@ -7114,31 +7135,44 @@ function migrateLegacyValue(base, key, legacyKey, rawValue) {
 function getStorageEncryptionSecret() {
   var _a;
   const storage = rawStorageAdapter;
-  let seed = storage.getItem("native_sso_storage_seed");
+  let seed = storage.getItem(STORAGE_SEED_KEY);
   if (!seed) {
     seed = `seed_${Date.now()}_${Math.random().toString(36).substring(2, 15)}_${Math.random().toString(36).substring(2, 15)}`;
-    storage.setItem("native_sso_storage_seed", seed);
+    storage.setItem(STORAGE_SEED_KEY, seed);
   }
   const origin = typeof window !== "undefined" && ((_a = window.location) == null ? void 0 : _a.origin) ? window.location.origin : "unknown-origin";
   const prefix = config.configPrefix || "iam";
   return `${STORAGE_ENCRYPTION_SECRET_PREFIX}::${origin}::${prefix}::${seed}`;
 }
 function encryptStorageValue(value) {
-  const secret = getStorageEncryptionSecret();
-  const ciphertext = cryptoJsExports.AES.encrypt(value, secret).toString();
-  return `${STORAGE_ENCRYPTION_PREFIX}${ciphertext}`;
+  const normalizedValue = normalizeStorageValue(value);
+  try {
+    const secret = getStorageEncryptionSecret();
+    const ciphertext = cryptoJsExports.AES.encrypt(normalizedValue, secret).toString();
+    return `${STORAGE_ENCRYPTION_PREFIX}${ciphertext}`;
+  } catch (error) {
+    if (isDebugMode()) {
+      console.warn("⚠️ [native-sso] Encryption storage fallback to plain value", error);
+    }
+    return normalizedValue;
+  }
 }
 function decryptStorageValue(value) {
-  if (!value.startsWith(STORAGE_ENCRYPTION_PREFIX)) {
-    return value;
+  const normalizedValue = normalizeStorageValue(value);
+  if (!normalizedValue.startsWith(STORAGE_ENCRYPTION_PREFIX)) {
+    return normalizedValue;
   }
-  const secret = getStorageEncryptionSecret();
-  const ciphertext = value.slice(STORAGE_ENCRYPTION_PREFIX.length);
+  const ciphertext = normalizedValue.slice(STORAGE_ENCRYPTION_PREFIX.length);
+  if (!ciphertext) return null;
   try {
+    const secret = getStorageEncryptionSecret();
     const bytes = cryptoJsExports.AES.decrypt(ciphertext, secret);
     const plaintext = bytes.toString(cryptoJsExports.enc.Utf8);
     return plaintext || null;
-  } catch {
+  } catch (error) {
+    if (isDebugMode()) {
+      console.warn("⚠️ [native-sso] Failed to decrypt storage value, clearing corrupted entry", error);
+    }
     return null;
   }
 }
@@ -7154,8 +7188,9 @@ function createEncryptedStorageAdapter(base) {
         if (decrypted !== null) {
           return decrypted;
         }
-        if (rawValue.length > 0) {
-          base.setItem(key, encryptStorageValue(rawValue));
+        if (normalizeStorageValue(rawValue).startsWith(STORAGE_ENCRYPTION_PREFIX)) {
+          base.removeItem(key);
+          return null;
         }
         return rawValue;
       }
@@ -7176,7 +7211,7 @@ function createEncryptedStorageAdapter(base) {
     },
     setItem: (key, value) => {
       if (isRawStorageKey(key)) {
-        base.setItem(key, value);
+        base.setItem(key, normalizeStorageValue(value));
         return;
       }
       base.setItem(key, encryptStorageValue(value));
@@ -7228,6 +7263,7 @@ const getIamApiBaseUrl = () => {
 };
 const DEVICE_ID_KEY = "sso_device_id";
 const SESSION_UUID_KEY = "sso_session_uuid";
+const STORAGE_SEED_KEY = "native_sso_storage_seed";
 function generateUuid() {
   const globalCrypto = typeof globalThis !== "undefined" ? globalThis.crypto : void 0;
   if (globalCrypto && typeof globalCrypto.randomUUID === "function") {
@@ -7335,8 +7371,26 @@ const PROFILE_STORAGE = {
   IMAGE_LAST_CHECK: "sso_image_last_check",
   IMAGE_RECHECK_AT: "sso_image_recheck_at"
 };
+const ALL_SESSION_STORAGE_KEYS = [
+  STORAGE.AUTH_TOKEN,
+  STORAGE.TOKEN,
+  STORAGE.USER,
+  STORAGE.ACCOUNT_TYPE,
+  STORAGE.ALIAS_REFERENCE,
+  STORAGE.APP_ACCESS_TOKEN_REF,
+  STORAGE.REFRESH_TOKEN,
+  STORAGE.TOKEN_EXPIRES_AT,
+  STORAGE.REFRESH_EXPIRES_AT,
+  PROFILE_STORAGE.IMAGE_LAST_STATUS,
+  PROFILE_STORAGE.IMAGE_LAST_CHECK,
+  PROFILE_STORAGE.IMAGE_RECHECK_AT,
+  DEVICE_ID_KEY,
+  SESSION_UUID_KEY,
+  STORAGE_SEED_KEY
+];
 const setAuthToken = (token) => {
   const storage = getNativeStorage();
+  if (typeof token !== "string" || token.length === 0) return;
   storage.setItem(STORAGE.AUTH_TOKEN, token);
 };
 const getAuthToken = () => {
@@ -7355,13 +7409,45 @@ const clearAuthToken = () => {
   storage.removeItem(STORAGE.TOKEN_EXPIRES_AT);
   storage.removeItem(STORAGE.REFRESH_EXPIRES_AT);
 };
+const clearNativeSsoStorage = (options) => {
+  const storage = getNativeStorage();
+  const preserveDeviceIdentity = (options == null ? void 0 : options.preserveDeviceIdentity) === true;
+  ALL_SESSION_STORAGE_KEYS.forEach((key) => {
+    if (preserveDeviceIdentity && (key === DEVICE_ID_KEY || key === SESSION_UUID_KEY || key === STORAGE_SEED_KEY)) {
+      return;
+    }
+    storage.removeItem(key);
+  });
+};
+const repairNativeSsoStorage = () => {
+  const storage = getNativeStorage();
+  const authToken = getAuthToken();
+  const userRaw = storage.getItem(STORAGE.USER);
+  if (userRaw && !authToken) {
+    clearNativeSsoStorage();
+    return { cleaned: true, reason: "incomplete_session" };
+  }
+  if (authToken && !userRaw) {
+    clearNativeSsoStorage();
+    return { cleaned: true, reason: "incomplete_session" };
+  }
+  if (userRaw) {
+    try {
+      JSON.parse(userRaw);
+    } catch {
+      clearNativeSsoStorage();
+      return { cleaned: true, reason: "invalid_user_json" };
+    }
+  }
+  return { cleaned: false, reason: null };
+};
 const logout = async () => {
   const { nativeAuthService: nativeAuthService2 } = await Promise.resolve().then(() => nativeAuth);
   const token = getAuthToken();
   return nativeAuthService2.logout(token || void 0);
 };
 const setAuthUser = (user) => {
-  getNativeStorage().setItem(STORAGE.USER, JSON.stringify(user));
+  getNativeStorage().setItem(STORAGE.USER, safeJSONStringify(user));
 };
 const getAuthUser = () => {
   const user = getNativeStorage().getItem(STORAGE.USER);
@@ -13286,6 +13372,16 @@ function NativeSSOPage({
   useEffect(() => {
     sessionRef.current = session;
   }, [session]);
+  useEffect(() => {
+    const repairResult = repairNativeSsoStorage();
+    if (repairResult.cleaned) {
+      setSession(null);
+      const isDev = Boolean(false);
+      if (isDev) {
+        console.warn("🔧 [NativeSSOPage] Storage SSO réparé", repairResult.reason);
+      }
+    }
+  }, []);
   useEffect(() => {
     if (!redirectingTarget) return;
     const timer = window.setTimeout(() => {
@@ -14034,6 +14130,7 @@ export {
   STORAGE as STORAGE_KEYS,
   SignupModal,
   clearAuthToken,
+  clearNativeSsoStorage,
   getAccountType,
   getAuthToken,
   getAuthUser,
@@ -14054,6 +14151,7 @@ export {
   nativeAuthService,
   profileChangeService,
   profileMediaService,
+  repairNativeSsoStorage,
   searchCountries,
   setNativeAuthConfig,
   setNativeStorage,