@ollaid/native-sso 2.7.8 → 2.8.0

package/dist/index.d.ts

@@ -9,7 +9,7 @@
  * } />
  * ```
  *
- * @version 2.7.8
+ * @version 2.7.9
  */
 export { NativeSSOPage } from './components/NativeSSOPage';
 export type { NativeSSOPageProps } from './components/NativeSSOPage';

package/dist/index.js

@@ -2,7 +2,7 @@ var __defProp = Object.defineProperty;
 var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
 var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
 import { jsx, jsxs, Fragment } from "react/jsx-runtime";
-import { createContext, forwardRef, useEffect, useContext, useRef, useState, useCallback, useMemo } from "react";
+import { createContext, forwardRef, useEffect, useContext, useRef, useState, useCallback, useMemo, createElement } from "react";
 const iconProps = { width: "100%", height: "100%", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: 2, strokeLinecap: "round", strokeLinejoin: "round" };
 function IconShieldCheck(props) {
   return /* @__PURE__ */ jsxs("svg", { ...iconProps, ...props, children: [
@@ -8888,6 +8888,25 @@ function useTokenHealthCheck(options) {
     };
   }, [enabled, saasApiUrl, performCheck, debug]);
 }
+function normalizeNativeUser(user) {
+  if (!user) return null;
+  const input = user;
+  return {
+    reference: input.reference ?? input.iam_reference ?? input.alias_reference ?? "",
+    name: input.name ?? "",
+    email: input.email ?? void 0,
+    phone: input.phone,
+    ccphone: input.ccphone,
+    image_url: input.image_url ?? input.image,
+    account_type: input.account_type,
+    town: input.town,
+    country: input.country,
+    address: input.address,
+    auth_2fa: input.auth_2fa,
+    alias_reference: input.alias_reference,
+    iam_reference: input.iam_reference
+  };
+}
 function saveSession(exchangeResult, accountType) {
   var _a, _b;
   const storage = getNativeStorage();
@@ -9004,7 +9023,8 @@ function useNativeAuth(options) {
     if (storedRaw) {
       try {
         const stored = JSON.parse(storedRaw);
-        const merged = { ...stored, ...userInfos };
+        const merged = normalizeNativeUser({ ...stored, ...userInfos });
+        if (!merged) return;
         getNativeStorage().setItem(STORAGE.USER, JSON.stringify(merged));
         setState((prev) => ({ ...prev, user: merged }));
       } catch {
@@ -9027,13 +9047,10 @@ function useNativeAuth(options) {
       }
       const res = await nativeAuthService.refresh();
       if (res.success) {
-        const storedUser = getNativeStorage().getItem(STORAGE.USER);
-        if (storedUser) {
-          try {
-            const user = JSON.parse(storedUser);
-            setState((prev) => ({ ...prev, user, status: "completed" }));
-          } catch {
-          }
+        const snapshot = getSsoSessionSnapshot();
+        const user = normalizeNativeUser(snapshot.user);
+        if (user) {
+          setState((prev) => ({ ...prev, user, status: "completed" }));
         }
         return "recovered";
       }
@@ -9072,16 +9089,10 @@ function useNativeAuth(options) {
     return () => clearTimeout(t);
   }, [state.status, state.user, tryRefreshSession]);
   useEffect(() => {
-    const storage2 = getNativeStorage();
-    const storedToken = storage2.getItem(STORAGE.AUTH_TOKEN) || storage2.getItem(STORAGE.TOKEN);
-    const storedUser = storage2.getItem(STORAGE.USER);
-    if (storedToken && storedUser) {
-      try {
-        const user = JSON.parse(storedUser);
-        setState((prev) => ({ ...prev, user, status: "completed" }));
-      } catch {
-        clearSession();
-      }
+    const snapshot = getSsoSessionSnapshot();
+    const user = normalizeNativeUser(snapshot.user);
+    if (snapshot.authToken && user) {
+      setState((prev) => ({ ...prev, user, status: "completed" }));
     }
   }, []);
   useEffect(() => {
@@ -11241,7 +11252,7 @@ function SuccessOrbit() {
       justifyContent: "center",
       zIndex: 2
     }, children: /* @__PURE__ */ jsx(IconLink, { style: { width: "1.7rem", height: "1.7rem", color: C$1.green } }) }),
-    orbitIcons.map((Icon, i) => {
+    orbitIcons.map((Icon2, i) => {
       const angle = i * 360 / orbitIcons.length;
       return /* @__PURE__ */ jsx("div", { style: {
         position: "absolute",
@@ -11260,7 +11271,7 @@ function SuccessOrbit() {
         display: "flex",
         alignItems: "center",
         justifyContent: "center"
-      }, children: /* @__PURE__ */ jsx(Icon, { style: { width: "1rem", height: "1rem", color: C$1.gray500 } }) }) }, i);
+      }, children: /* @__PURE__ */ jsx(Icon2, { style: { width: "1rem", height: "1rem", color: C$1.gray500 } }) }) }, i);
     })
   ] });
 }
@@ -13298,7 +13309,248 @@ function OnboardingModal({
     renderConfirmDialog()
   ] });
 }
-function DebugPanel({ saasApiUrl, iamApiUrl, onOpenLogin, onOpenSignup, onOpenOnboarding, onResetProfilePrompt }) {
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const toKebabCase = (string) => string.replace(/([a-z0-9])([A-Z])/g, "$1-$2").toLowerCase();
+const mergeClasses = (...classes) => classes.filter((className, index, array) => {
+  return Boolean(className) && className.trim() !== "" && array.indexOf(className) === index;
+}).join(" ").trim();
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+var defaultAttributes = {
+  xmlns: "http://www.w3.org/2000/svg",
+  width: 24,
+  height: 24,
+  viewBox: "0 0 24 24",
+  fill: "none",
+  stroke: "currentColor",
+  strokeWidth: 2,
+  strokeLinecap: "round",
+  strokeLinejoin: "round"
+};
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const Icon = forwardRef(
+  ({
+    color = "currentColor",
+    size = 24,
+    strokeWidth = 2,
+    absoluteStrokeWidth,
+    className = "",
+    children,
+    iconNode,
+    ...rest
+  }, ref) => {
+    return createElement(
+      "svg",
+      {
+        ref,
+        ...defaultAttributes,
+        width: size,
+        height: size,
+        stroke: color,
+        strokeWidth: absoluteStrokeWidth ? Number(strokeWidth) * 24 / Number(size) : strokeWidth,
+        className: mergeClasses("lucide", className),
+        ...rest
+      },
+      [
+        ...iconNode.map(([tag, attrs]) => createElement(tag, attrs)),
+        ...Array.isArray(children) ? children : [children]
+      ]
+    );
+  }
+);
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const createLucideIcon = (iconName, iconNode) => {
+  const Component = forwardRef(
+    ({ className, ...props }, ref) => createElement(Icon, {
+      ref,
+      iconNode,
+      className: mergeClasses(`lucide-${toKebabCase(iconName)}`, className),
+      ...props
+    })
+  );
+  Component.displayName = `${iconName}`;
+  return Component;
+};
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const ExternalLink = createLucideIcon("ExternalLink", [
+  ["path", { d: "M15 3h6v6", key: "1q9fwt" }],
+  ["path", { d: "M10 14 21 3", key: "gplh6r" }],
+  ["path", { d: "M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6", key: "a6xqqp" }]
+]);
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const LoaderCircle = createLucideIcon("LoaderCircle", [
+  ["path", { d: "M21 12a9 9 0 1 1-6.219-8.56", key: "13zald" }]
+]);
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const LockKeyhole = createLucideIcon("LockKeyhole", [
+  ["circle", { cx: "12", cy: "16", r: "1", key: "1au0dj" }],
+  ["rect", { x: "3", y: "10", width: "18", height: "12", rx: "2", key: "6s8ecr" }],
+  ["path", { d: "M7 10V7a5 5 0 0 1 10 0v3", key: "1pqi11" }]
+]);
+/**
+ * @license lucide-react v0.462.0 - ISC
+ *
+ * This source code is licensed under the ISC license.
+ * See the LICENSE file in the root directory of this source tree.
+ */
+const ShieldCheck = createLucideIcon("ShieldCheck", [
+  [
+    "path",
+    {
+      d: "M20 13c0 5-3.5 7.5-7.66 8.95a1 1 0 0 1-.67-.01C7.5 20.5 4 18 4 13V6a1 1 0 0 1 1-1c2 0 4.5-1.2 6.24-2.72a1.17 1.17 0 0 1 1.52 0C14.51 3.81 17 5 19 5a1 1 0 0 1 1 1z",
+      key: "oel41y"
+    }
+  ],
+  ["path", { d: "m9 12 2 2 4-4", key: "dzmm74" }]
+]);
+const PasswordRedirectModal = ({ open, onOpenChange, saasApiUrl, iamApiUrl }) => {
+  const [confirmOpen, setConfirmOpen] = useState(false);
+  const [loading, setLoading] = useState(false);
+  const [errorMessage, setErrorMessage] = useState(null);
+  const apiBaseUrl = useMemo(() => {
+    const source = saasApiUrl || iamApiUrl;
+    if (!source) {
+      return "";
+    }
+    const normalized = source.replace(/\/$/, "");
+    return normalized.endsWith("/api") ? normalized : `${normalized}/api`;
+  }, [saasApiUrl, iamApiUrl]);
+  const buildUrl = (redirectUrl, magicToken) => {
+    if (redirectUrl) {
+      return redirectUrl;
+    }
+    if (magicToken) {
+      const fallbackUrl = new URL("/auth/auto-connect", "https://iam.ollaid.com");
+      fallbackUrl.searchParams.set("magic_token", magicToken);
+      return fallbackUrl.toString();
+    }
+    return "";
+  };
+  const handleRedirect = async () => {
+    if (loading) return;
+    setLoading(true);
+    setErrorMessage(null);
+    try {
+      const authToken = getAuthToken();
+      const appAccessTokenRef = getNativeStorage().getItem(STORAGE.APP_ACCESS_TOKEN_REF);
+      if (!authToken && !appAccessTokenRef) {
+        throw new Error("Session Native SSO introuvable");
+      }
+      if (!apiBaseUrl) {
+        throw new Error("saasApiUrl non configurée");
+      }
+      const result = await fetchWithTimeout(
+        `${apiBaseUrl}/native/password-link`,
+        {
+          method: "POST",
+          headers: getHeaders(authToken || void 0, true)
+        },
+        2e4
+      );
+      if (!result.success) {
+        throw new Error(result.message || "Impossible de générer le lien");
+      }
+      const redirectUrl = buildUrl(
+        typeof result.redirect_url === "string" && result.redirect_url.length > 0 ? result.redirect_url : typeof result.sso_url === "string" && result.sso_url.length > 0 ? result.sso_url : "",
+        result.magic_token
+      );
+      if (!redirectUrl) {
+        throw new Error("URL de redirection manquante");
+      }
+      window.open(redirectUrl, "_blank", "noopener,noreferrer");
+      onOpenChange(false);
+      setConfirmOpen(false);
+    } catch (error) {
+      const message = error instanceof ApiError ? error.message : (error == null ? void 0 : error.message) || "Impossible de lancer le flux de mot de passe";
+      setErrorMessage(message);
+    } finally {
+      setLoading(false);
+    }
+  };
+  return /* @__PURE__ */ jsxs(Fragment, { children: [
+    /* @__PURE__ */ jsx(Dialog, { open, onOpenChange, children: /* @__PURE__ */ jsxs(DialogContent, { style: { maxWidth: "28rem", borderRadius: "16px", background: "#fff" }, children: [
+      /* @__PURE__ */ jsxs(DialogHeader, { children: [
+        /* @__PURE__ */ jsx("div", { style: { margin: "0 auto 12px", width: 56, height: 56, borderRadius: "50%", background: "rgba(232, 67, 10, 0.1)", display: "flex", alignItems: "center", justifyContent: "center", color: "#e8430a" }, children: /* @__PURE__ */ jsx(LockKeyhole, { size: 28 }) }),
+        /* @__PURE__ */ jsx(DialogTitle, { className: "text-center", children: "Mot de passe géré par OLLAID SSO" }),
+        /* @__PURE__ */ jsx(DialogDescription, { className: "text-center", children: "Ce bouton sert à tester la redirection vers IAM et l'ouverture du modal de changement de mot de passe." })
+      ] }),
+      /* @__PURE__ */ jsxs("div", { style: { border: "1px solid #e5e7eb", borderRadius: 12, padding: 16, background: "#f8fafc", color: "#475569", fontSize: 13, display: "grid", gap: 8 }, children: [
+        /* @__PURE__ */ jsxs("div", { style: { display: "flex", gap: 8, alignItems: "flex-start" }, children: [
+          /* @__PURE__ */ jsx(ShieldCheck, { size: 16, color: "#e8430a" }),
+          /* @__PURE__ */ jsx("span", { children: "Le SaaS agit comme relais. Le backend SaaS appelle IAM côté serveur, puis renvoie l'URL de redirection." })
+        ] }),
+        /* @__PURE__ */ jsxs("div", { style: { display: "flex", gap: 8, alignItems: "flex-start" }, children: [
+          /* @__PURE__ */ jsx(ExternalLink, { size: 16, color: "#e8430a" }),
+          /* @__PURE__ */ jsx("span", { children: "Une fenêtre IAM va s'ouvrir avec auto-connexion temporaire, sans appel direct du navigateur vers IAM." })
+        ] })
+      ] }),
+      /* @__PURE__ */ jsxs(DialogFooter, { style: { gap: 12 }, children: [
+        /* @__PURE__ */ jsx(Button, { variant: "outline", onClick: () => onOpenChange(false), style: { flex: 1 }, disabled: loading, children: "Fermer" }),
+        /* @__PURE__ */ jsx(Button, { onClick: () => setConfirmOpen(true), disabled: loading, style: { flex: 1 }, children: loading ? /* @__PURE__ */ jsxs(Fragment, { children: [
+          /* @__PURE__ */ jsx(LoaderCircle, { size: 16, style: { marginRight: 8, animation: "spin 1s linear infinite" } }),
+          "Préparation..."
+        ] }) : "Changer mon mot de passe" })
+      ] })
+    ] }) }),
+    /* @__PURE__ */ jsx(Dialog, { open: confirmOpen, onOpenChange: (nextOpen) => {
+      if (!loading) {
+        setConfirmOpen(nextOpen);
+      }
+    }, children: /* @__PURE__ */ jsxs(DialogContent, { style: { maxWidth: "26rem", borderRadius: "16px", background: "#fff" }, children: [
+      /* @__PURE__ */ jsxs(DialogHeader, { children: [
+        /* @__PURE__ */ jsx(DialogTitle, { className: "text-center", children: "Êtes-vous sûr de rediriger vers le SSO ?" }),
+        /* @__PURE__ */ jsx(DialogDescription, { className: "text-center", children: "Cette action ouvre IAM dans un nouvel onglet et prépare l'auto-connexion pour tester le changement de mot de passe." })
+      ] }),
+      errorMessage && /* @__PURE__ */ jsx("div", { style: { border: "1px solid #fecaca", background: "#fef2f2", color: "#b91c1c", borderRadius: 12, padding: 12, fontSize: 13 }, children: errorMessage }),
+      loading && /* @__PURE__ */ jsxs("div", { style: { display: "flex", flexDirection: "column", alignItems: "center", gap: 10, padding: "8px 0 4px" }, children: [
+        /* @__PURE__ */ jsx(LoaderCircle, { size: 26, style: { animation: "spin 1s linear infinite", color: "#e8430a" } }),
+        /* @__PURE__ */ jsx("div", { style: { fontSize: 13, color: "#475569", textAlign: "center" }, children: "Création de la session en cours..." })
+      ] }),
+      /* @__PURE__ */ jsxs(DialogFooter, { style: { gap: 12 }, children: [
+        /* @__PURE__ */ jsx(Button, { variant: "outline", onClick: () => setConfirmOpen(false), style: { flex: 1 }, disabled: loading, children: "Annuler" }),
+        /* @__PURE__ */ jsx(Button, { onClick: handleRedirect, style: { flex: 1 }, disabled: loading, children: loading ? /* @__PURE__ */ jsxs(Fragment, { children: [
+          /* @__PURE__ */ jsx(LoaderCircle, { size: 16, style: { marginRight: 8, animation: "spin 1s linear infinite" } }),
+          "Confirmer..."
+        ] }) : "Confirmer" })
+      ] })
+    ] }) })
+  ] });
+};
+function DebugPanel({ saasApiUrl, iamApiUrl, onOpenLogin, onOpenSignup, onOpenOnboarding, onOpenPassword, onResetProfilePrompt }) {
   const [logs, setLogs] = useState([]);
   const [expanded, setExpanded] = useState(true);
   const [selectedLog, setSelectedLog] = useState(null);
@@ -13438,6 +13690,18 @@ function DebugPanel({ saasApiUrl, iamApiUrl, onOpenLogin, onOpenSignup, onOpenOn
               children: "Infos profile"
             }
           ),
+          /* @__PURE__ */ jsx(
+            "button",
+            {
+              onClick: (e) => {
+                e.stopPropagation();
+                onOpenPassword == null ? void 0 : onOpenPassword();
+              },
+              disabled: !onOpenPassword,
+              style: { background: "#334155", color: "#e2e8f0", border: "none", borderRadius: "4px", padding: "2px 8px", cursor: onOpenPassword ? "pointer" : "not-allowed", fontSize: "11px", opacity: onOpenPassword ? 1 : 0.5 },
+              children: "Mot de passe"
+            }
+          ),
           /* @__PURE__ */ jsx(
             "button",
             {
@@ -13631,6 +13895,7 @@ function NativeSSOPage({
   const [showOnboarding, setShowOnboarding] = useState(false);
   const [pendingSession, setPendingSession] = useState(null);
   const [debugOnboardingState, setDebugOnboardingState] = useState(null);
+  const [passwordRedirectOpen, setPasswordRedirectOpen] = useState(false);
   const [redirectingTarget, setRedirectingTarget] = useState(null);
   const [redirectingReason, setRedirectingReason] = useState(null);
   const [session, setSession] = useState(() => {
@@ -14003,6 +14268,9 @@ function NativeSSOPage({
       setShowOnboarding(true);
     }
   }, [session, clearOnboardingTimers]);
+  const openDebugPassword = useCallback(() => {
+    setPasswordRedirectOpen(true);
+  }, []);
   useEffect(() => {
     syncProfilePrompt(session);
     return () => {
@@ -14150,8 +14418,18 @@ function NativeSSOPage({
           onOpenLogin: openDebugLogin,
           onOpenSignup: openDebugSignup,
           onOpenOnboarding: openDebugOnboarding,
+          onOpenPassword: openDebugPassword,
           onResetProfilePrompt: resetDebugProfilePrompt
         }
+      ),
+      /* @__PURE__ */ jsx(
+        PasswordRedirectModal,
+        {
+          open: passwordRedirectOpen,
+          onOpenChange: setPasswordRedirectOpen,
+          saasApiUrl,
+          iamApiUrl
+        }
       )
     ] });
   }
@@ -14231,8 +14509,18 @@ function NativeSSOPage({
         onOpenLogin: openDebugLogin,
         onOpenSignup: openDebugSignup,
         onOpenOnboarding: openDebugOnboarding,
+        onOpenPassword: openDebugPassword,
         onResetProfilePrompt: resetDebugProfilePrompt
       }
+    ),
+    /* @__PURE__ */ jsx(
+      PasswordRedirectModal,
+      {
+        open: passwordRedirectOpen,
+        onOpenChange: setPasswordRedirectOpen,
+        saasApiUrl,
+        iamApiUrl
+      }
     )
   ] });
 }