@omni2fa/core 0.7.1 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/Interfaces/IOmni2Fa.d.ts +3 -0
- package/dist/Interfaces/IOmni2Fa.d.ts.map +1 -1
- package/dist/client/Interfaces/IOmni2FaClient.d.ts +14 -1
- package/dist/client/Interfaces/IOmni2FaClient.d.ts.map +1 -1
- package/dist/client/Omni2FaClient.d.ts +13 -2
- package/dist/client/Omni2FaClient.d.ts.map +1 -1
- package/dist/createOmni2Fa.d.ts.map +1 -1
- package/dist/errors/codes.d.ts +1 -0
- package/dist/errors/codes.d.ts.map +1 -1
- package/dist/errors/messages.d.ts.map +1 -1
- package/dist/index.cjs +1 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +7 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +360 -159
- package/dist/index.js.map +1 -1
- package/dist/machines/challenge/challengeMachine.d.ts +0 -6
- package/dist/machines/challenge/challengeMachine.d.ts.map +1 -1
- package/dist/machines/methods/methodsMachine.d.ts.map +1 -1
- package/dist/machines/stepup/StepUpContext.d.ts +17 -0
- package/dist/machines/stepup/StepUpContext.d.ts.map +1 -0
- package/dist/machines/stepup/StepUpEvent.d.ts +13 -0
- package/dist/machines/stepup/StepUpEvent.d.ts.map +1 -0
- package/dist/machines/stepup/stepUpMachine.d.ts +96 -0
- package/dist/machines/stepup/stepUpMachine.d.ts.map +1 -0
- package/dist/stepup/constants.d.ts +3 -0
- package/dist/stepup/constants.d.ts.map +1 -0
- package/dist/types/api.d.ts +204 -5
- package/dist/types/api.d.ts.map +1 -1
- package/dist/types/dtos.d.ts +1 -0
- package/dist/types/dtos.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import
|
|
2
|
-
import { setup as h, fromPromise as
|
|
3
|
-
class
|
|
1
|
+
import J from "openapi-fetch";
|
|
2
|
+
import { setup as h, fromPromise as i, createActor as u } from "xstate";
|
|
3
|
+
class _ {
|
|
4
4
|
map = /* @__PURE__ */ new Map();
|
|
5
5
|
get(e) {
|
|
6
6
|
return this.map.get(e) ?? null;
|
|
@@ -12,7 +12,7 @@ class N {
|
|
|
12
12
|
this.map.delete(e);
|
|
13
13
|
}
|
|
14
14
|
}
|
|
15
|
-
const
|
|
15
|
+
const a = {
|
|
16
16
|
InvalidCode: "INVALID_CODE",
|
|
17
17
|
PreAuthExpired: "PREAUTH_EXPIRED",
|
|
18
18
|
PreAuthInvalid: "PREAUTH_INVALID",
|
|
@@ -27,38 +27,41 @@ const s = {
|
|
|
27
27
|
RecoveryCodeUsed: "RECOVERY_CODE_USED",
|
|
28
28
|
WebAuthnVerificationFailed: "WEBAUTHN_VERIFICATION_FAILED",
|
|
29
29
|
ValidationFailed: "VALIDATION_FAILED",
|
|
30
|
+
StepUpRequired: "STEP_UP_REQUIRED",
|
|
30
31
|
NetworkError: "NETWORK_ERROR",
|
|
31
32
|
Unknown: "UNKNOWN"
|
|
32
|
-
},
|
|
33
|
-
[
|
|
34
|
-
[
|
|
35
|
-
[
|
|
36
|
-
[
|
|
37
|
-
[
|
|
38
|
-
[
|
|
39
|
-
[
|
|
40
|
-
[
|
|
41
|
-
[
|
|
42
|
-
[
|
|
43
|
-
[
|
|
44
|
-
[
|
|
45
|
-
[
|
|
46
|
-
[
|
|
47
|
-
[
|
|
48
|
-
[
|
|
33
|
+
}, S = {
|
|
34
|
+
[a.InvalidCode]: "The code you entered is invalid.",
|
|
35
|
+
[a.PreAuthExpired]: "Your session has expired. Please sign in again.",
|
|
36
|
+
[a.PreAuthInvalid]: "Your session is invalid. Please sign in again.",
|
|
37
|
+
[a.ChallengeNotFound]: "No active verification step. Please restart.",
|
|
38
|
+
[a.ChallengeConsumed]: "This verification step was already used. Please sign in again.",
|
|
39
|
+
[a.TooManyAttempts]: "Too many attempts. Please wait before trying again.",
|
|
40
|
+
[a.MethodNotFound]: "The selected 2FA method was not found.",
|
|
41
|
+
[a.TypeAlreadyEnrolled]: "You already have this type of 2FA enabled.",
|
|
42
|
+
[a.MaxMethodsReached]: "You have reached the maximum number of 2FA methods.",
|
|
43
|
+
[a.LastMethodProtected]: "You cannot remove your last 2FA method.",
|
|
44
|
+
[a.RecoveryCodeInvalid]: "The recovery code is invalid.",
|
|
45
|
+
[a.RecoveryCodeUsed]: "This recovery code has already been used.",
|
|
46
|
+
[a.WebAuthnVerificationFailed]: "Security key verification failed.",
|
|
47
|
+
[a.ValidationFailed]: "The request was malformed.",
|
|
48
|
+
[a.StepUpRequired]: "Please confirm two-factor authentication to continue.",
|
|
49
|
+
[a.NetworkError]: "Network error. Please check your connection.",
|
|
50
|
+
[a.Unknown]: "An unexpected error occurred."
|
|
49
51
|
};
|
|
50
|
-
function
|
|
51
|
-
return
|
|
52
|
+
function T(t) {
|
|
53
|
+
return S[t] ?? S[a.Unknown];
|
|
52
54
|
}
|
|
53
|
-
const
|
|
54
|
-
class
|
|
55
|
+
const W = "X-Omni2FA-StepUp", F = "omni2fa:preauth", L = "omni2fa:session", b = "http://omni2fa.local";
|
|
56
|
+
class K {
|
|
55
57
|
storage;
|
|
56
58
|
preAuthKey;
|
|
57
59
|
sessionKey;
|
|
58
60
|
basePath;
|
|
59
61
|
inner;
|
|
62
|
+
stepUpHandler = null;
|
|
60
63
|
constructor(e) {
|
|
61
|
-
this.storage = e.storage ?? new
|
|
64
|
+
this.storage = e.storage ?? new _(), this.preAuthKey = e.preAuthStorageKey ?? F, this.sessionKey = e.sessionStorageKey ?? L, this.basePath = new URL(e.baseUrl, b).pathname.replace(/\/$/, ""), this.inner = J({
|
|
62
65
|
baseUrl: e.baseUrl,
|
|
63
66
|
fetch: e.fetch ?? globalThis.fetch.bind(globalThis),
|
|
64
67
|
...e.credentials ? { credentials: e.credentials } : {}
|
|
@@ -73,7 +76,7 @@ class P {
|
|
|
73
76
|
}
|
|
74
77
|
/** Pre-auth endpoints are exactly the ones mounted under <c>{basePath}/challenge/</c>. */
|
|
75
78
|
isPreAuthEndpoint(e) {
|
|
76
|
-
const r = new URL(e,
|
|
79
|
+
const r = new URL(e, b).pathname;
|
|
77
80
|
return (r.startsWith(this.basePath) ? r.slice(this.basePath.length) : r).startsWith("/challenge/");
|
|
78
81
|
}
|
|
79
82
|
setPreAuthToken(e) {
|
|
@@ -88,6 +91,23 @@ class P {
|
|
|
88
91
|
getSessionToken() {
|
|
89
92
|
return this.storage.get(this.sessionKey);
|
|
90
93
|
}
|
|
94
|
+
setStepUpHandler(e) {
|
|
95
|
+
this.stepUpHandler = e;
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Run a request and, if it comes back 403 STEP_UP_REQUIRED with a handler registered, confirm 2FA
|
|
99
|
+
* and retry once with the step-up header. Used by the library's own sensitive endpoints; other calls
|
|
100
|
+
* invoke openapi-fetch directly.
|
|
101
|
+
*/
|
|
102
|
+
async sendWithStepUp(e) {
|
|
103
|
+
const r = await e({});
|
|
104
|
+
if (r.error !== void 0 && r.response.status === 403 && r.error.code === a.StepUpRequired && this.stepUpHandler !== null) {
|
|
105
|
+
const n = r.error.details?.availableMethods ?? [], o = await this.stepUpHandler(n);
|
|
106
|
+
if (o)
|
|
107
|
+
return e({ [W]: o });
|
|
108
|
+
}
|
|
109
|
+
return r;
|
|
110
|
+
}
|
|
91
111
|
setToken(e, r) {
|
|
92
112
|
r === null || r.length === 0 ? this.storage.remove(e) : this.storage.set(e, r);
|
|
93
113
|
}
|
|
@@ -96,11 +116,13 @@ class P {
|
|
|
96
116
|
return this.toCall(e, r, n);
|
|
97
117
|
}
|
|
98
118
|
async removeMethod(e) {
|
|
99
|
-
const { error: r, response: n } = await this.
|
|
119
|
+
const { error: r, response: n } = await this.sendWithStepUp(
|
|
120
|
+
(o) => this.inner.DELETE("/methods/{methodId}", { params: { path: { methodId: e } }, headers: o })
|
|
121
|
+
);
|
|
100
122
|
return r ? this.errorCall(r, n) : { ok: !0, value: void 0 };
|
|
101
123
|
}
|
|
102
124
|
async startTotpEnrollment() {
|
|
103
|
-
const { data: e, error: r, response: n } = await this.inner.POST("/enroll/totp/start");
|
|
125
|
+
const { data: e, error: r, response: n } = await this.sendWithStepUp((o) => this.inner.POST("/enroll/totp/start", { headers: o }));
|
|
104
126
|
return this.toCall(e, r, n);
|
|
105
127
|
}
|
|
106
128
|
async confirmTotpEnrollment(e) {
|
|
@@ -108,7 +130,7 @@ class P {
|
|
|
108
130
|
return this.toCall(r, n, o);
|
|
109
131
|
}
|
|
110
132
|
async startEmailEnrollment(e) {
|
|
111
|
-
const { data: r, error: n, response: o } = await this.inner.POST("/enroll/email/start", { body: e });
|
|
133
|
+
const { data: r, error: n, response: o } = await this.sendWithStepUp((l) => this.inner.POST("/enroll/email/start", { body: e, headers: l }));
|
|
112
134
|
return this.toCall(r, n, o);
|
|
113
135
|
}
|
|
114
136
|
async confirmEmailEnrollment(e) {
|
|
@@ -120,7 +142,7 @@ class P {
|
|
|
120
142
|
return this.toCall(r, n, o);
|
|
121
143
|
}
|
|
122
144
|
async startWebAuthnEnrollment() {
|
|
123
|
-
const { data: e, error: r, response: n } = await this.inner.POST("/enroll/webauthn/start");
|
|
145
|
+
const { data: e, error: r, response: n } = await this.sendWithStepUp((o) => this.inner.POST("/enroll/webauthn/start", { headers: o }));
|
|
124
146
|
return this.toCall(e, r, n);
|
|
125
147
|
}
|
|
126
148
|
async confirmWebAuthnEnrollment(e) {
|
|
@@ -143,30 +165,42 @@ class P {
|
|
|
143
165
|
const { data: r, error: n, response: o } = await this.inner.POST("/challenge/recovery-code", { body: e });
|
|
144
166
|
return this.toCall(r, n, o);
|
|
145
167
|
}
|
|
168
|
+
async startStepUp(e) {
|
|
169
|
+
const { data: r, error: n, response: o } = await this.inner.POST("/stepup/start", { body: e });
|
|
170
|
+
return this.toCall(r, n, o);
|
|
171
|
+
}
|
|
172
|
+
async resendStepUp(e) {
|
|
173
|
+
const { data: r, error: n, response: o } = await this.inner.POST("/stepup/resend", { body: e });
|
|
174
|
+
return this.toCall(r, n, o);
|
|
175
|
+
}
|
|
176
|
+
async verifyStepUp(e) {
|
|
177
|
+
const { data: r, error: n, response: o } = await this.inner.POST("/stepup/verify", { body: e });
|
|
178
|
+
return this.toCall(r, n, o);
|
|
179
|
+
}
|
|
146
180
|
async regenerateRecoveryCodes() {
|
|
147
|
-
const { data: e, error: r, response: n } = await this.inner.POST("/recovery-codes/regenerate");
|
|
181
|
+
const { data: e, error: r, response: n } = await this.sendWithStepUp((o) => this.inner.POST("/recovery-codes/regenerate", { headers: o }));
|
|
148
182
|
return this.toCall(e, r, n);
|
|
149
183
|
}
|
|
150
184
|
toCall(e, r, n) {
|
|
151
185
|
return r !== void 0 ? this.errorCall(r, n) : e === void 0 ? {
|
|
152
186
|
ok: !1,
|
|
153
|
-
code:
|
|
154
|
-
message:
|
|
187
|
+
code: a.NetworkError,
|
|
188
|
+
message: T(a.NetworkError),
|
|
155
189
|
httpStatus: n.status
|
|
156
190
|
} : { ok: !0, value: e };
|
|
157
191
|
}
|
|
158
192
|
errorCall(e, r) {
|
|
159
|
-
const n = e.code ||
|
|
193
|
+
const n = e.code || a.Unknown;
|
|
160
194
|
return {
|
|
161
195
|
ok: !1,
|
|
162
196
|
code: n,
|
|
163
|
-
message: e.message ||
|
|
197
|
+
message: e.message || T(n),
|
|
164
198
|
httpStatus: r.status,
|
|
165
199
|
details: e.details ?? null
|
|
166
200
|
};
|
|
167
201
|
}
|
|
168
202
|
}
|
|
169
|
-
class
|
|
203
|
+
class ne {
|
|
170
204
|
get(e) {
|
|
171
205
|
return globalThis.sessionStorage?.getItem(e) ?? null;
|
|
172
206
|
}
|
|
@@ -177,7 +211,7 @@ class z {
|
|
|
177
211
|
globalThis.sessionStorage?.removeItem(e);
|
|
178
212
|
}
|
|
179
213
|
}
|
|
180
|
-
class
|
|
214
|
+
class oe {
|
|
181
215
|
get(e) {
|
|
182
216
|
return globalThis.localStorage?.getItem(e) ?? null;
|
|
183
217
|
}
|
|
@@ -188,7 +222,7 @@ class X {
|
|
|
188
222
|
globalThis.localStorage?.removeItem(e);
|
|
189
223
|
}
|
|
190
224
|
}
|
|
191
|
-
class
|
|
225
|
+
class s extends Error {
|
|
192
226
|
code;
|
|
193
227
|
httpStatus;
|
|
194
228
|
details;
|
|
@@ -196,7 +230,7 @@ class a extends Error {
|
|
|
196
230
|
super(r), this.name = "Omni2FaApiError", this.code = e, this.httpStatus = n, this.details = o;
|
|
197
231
|
}
|
|
198
232
|
}
|
|
199
|
-
const
|
|
233
|
+
const $ = {
|
|
200
234
|
enrollmentId: null,
|
|
201
235
|
otpAuthUri: null,
|
|
202
236
|
secret: null,
|
|
@@ -205,34 +239,34 @@ const U = {
|
|
|
205
239
|
errorCode: null,
|
|
206
240
|
errorMessage: null
|
|
207
241
|
};
|
|
208
|
-
function
|
|
242
|
+
function H(t) {
|
|
209
243
|
return h({
|
|
210
244
|
types: {
|
|
211
245
|
context: {},
|
|
212
246
|
events: {}
|
|
213
247
|
},
|
|
214
248
|
actors: {
|
|
215
|
-
startEnrollment:
|
|
249
|
+
startEnrollment: i(async () => {
|
|
216
250
|
const e = await t.startTotpEnrollment();
|
|
217
251
|
if (!e.ok)
|
|
218
|
-
throw new
|
|
252
|
+
throw new s(e.code, e.message, e.httpStatus, e.details ?? null);
|
|
219
253
|
return e.value;
|
|
220
254
|
}),
|
|
221
|
-
confirmEnrollment:
|
|
255
|
+
confirmEnrollment: i(async ({ input: e }) => {
|
|
222
256
|
const r = await t.confirmTotpEnrollment({
|
|
223
257
|
enrollmentId: e.enrollmentId,
|
|
224
258
|
code: e.code,
|
|
225
259
|
name: e.name
|
|
226
260
|
});
|
|
227
261
|
if (!r.ok)
|
|
228
|
-
throw new
|
|
262
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
229
263
|
return r.value;
|
|
230
264
|
})
|
|
231
265
|
}
|
|
232
266
|
}).createMachine({
|
|
233
267
|
id: "totpEnrollment",
|
|
234
268
|
initial: "idle",
|
|
235
|
-
context:
|
|
269
|
+
context: $,
|
|
236
270
|
states: {
|
|
237
271
|
idle: {
|
|
238
272
|
on: {
|
|
@@ -250,14 +284,14 @@ function _(t) {
|
|
|
250
284
|
},
|
|
251
285
|
onError: {
|
|
252
286
|
target: "failed",
|
|
253
|
-
actions: ({ context: e, event: r }) =>
|
|
287
|
+
actions: ({ context: e, event: r }) => k(e, r.error)
|
|
254
288
|
}
|
|
255
289
|
}
|
|
256
290
|
},
|
|
257
291
|
awaitingCode: {
|
|
258
292
|
on: {
|
|
259
293
|
submit: { target: "confirming" },
|
|
260
|
-
reset: { target: "idle", actions:
|
|
294
|
+
reset: { target: "idle", actions: y }
|
|
261
295
|
}
|
|
262
296
|
},
|
|
263
297
|
confirming: {
|
|
@@ -276,31 +310,31 @@ function _(t) {
|
|
|
276
310
|
},
|
|
277
311
|
onError: {
|
|
278
312
|
target: "awaitingCode",
|
|
279
|
-
actions: ({ context: e, event: r }) =>
|
|
313
|
+
actions: ({ context: e, event: r }) => k(e, r.error)
|
|
280
314
|
}
|
|
281
315
|
}
|
|
282
316
|
},
|
|
283
317
|
enrolled: {
|
|
284
318
|
on: {
|
|
285
|
-
reset: { target: "idle", actions:
|
|
319
|
+
reset: { target: "idle", actions: y }
|
|
286
320
|
}
|
|
287
321
|
},
|
|
288
322
|
failed: {
|
|
289
323
|
on: {
|
|
290
324
|
start: { target: "starting" },
|
|
291
|
-
reset: { target: "idle", actions:
|
|
325
|
+
reset: { target: "idle", actions: y }
|
|
292
326
|
}
|
|
293
327
|
}
|
|
294
328
|
}
|
|
295
329
|
});
|
|
296
330
|
}
|
|
297
|
-
function
|
|
331
|
+
function y({ context: t }) {
|
|
298
332
|
t.enrollmentId = null, t.otpAuthUri = null, t.secret = null, t.methodId = null, t.recoveryCodes = null, t.errorCode = null, t.errorMessage = null;
|
|
299
333
|
}
|
|
300
|
-
function
|
|
301
|
-
e instanceof
|
|
334
|
+
function k(t, e) {
|
|
335
|
+
e instanceof s ? (t.errorCode = e.code, t.errorMessage = e.message) : (t.errorCode = "UNKNOWN", t.errorMessage = e instanceof Error ? e.message : null);
|
|
302
336
|
}
|
|
303
|
-
const
|
|
337
|
+
const V = {
|
|
304
338
|
enrollmentId: null,
|
|
305
339
|
email: null,
|
|
306
340
|
expiresAt: null,
|
|
@@ -310,40 +344,40 @@ const J = {
|
|
|
310
344
|
errorCode: null,
|
|
311
345
|
errorMessage: null
|
|
312
346
|
};
|
|
313
|
-
function
|
|
347
|
+
function Y(t) {
|
|
314
348
|
return h({
|
|
315
349
|
types: {
|
|
316
350
|
context: {},
|
|
317
351
|
events: {}
|
|
318
352
|
},
|
|
319
353
|
actors: {
|
|
320
|
-
startEnrollment:
|
|
354
|
+
startEnrollment: i(async ({ input: e }) => {
|
|
321
355
|
const r = await t.startEmailEnrollment(e.email !== void 0 ? { email: e.email } : {});
|
|
322
356
|
if (!r.ok)
|
|
323
|
-
throw new
|
|
357
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
324
358
|
return r.value;
|
|
325
359
|
}),
|
|
326
|
-
resendEnrollment:
|
|
360
|
+
resendEnrollment: i(async ({ input: e }) => {
|
|
327
361
|
const r = await t.resendEmailEnrollment({ enrollmentId: e.enrollmentId });
|
|
328
362
|
if (!r.ok)
|
|
329
|
-
throw new
|
|
363
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
330
364
|
return r.value;
|
|
331
365
|
}),
|
|
332
|
-
confirmEnrollment:
|
|
366
|
+
confirmEnrollment: i(async ({ input: e }) => {
|
|
333
367
|
const r = await t.confirmEmailEnrollment({
|
|
334
368
|
enrollmentId: e.enrollmentId,
|
|
335
369
|
code: e.code,
|
|
336
370
|
name: e.name
|
|
337
371
|
});
|
|
338
372
|
if (!r.ok)
|
|
339
|
-
throw new
|
|
373
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
340
374
|
return r.value;
|
|
341
375
|
})
|
|
342
376
|
}
|
|
343
377
|
}).createMachine({
|
|
344
378
|
id: "emailEnrollment",
|
|
345
379
|
initial: "idle",
|
|
346
|
-
context:
|
|
380
|
+
context: V,
|
|
347
381
|
states: {
|
|
348
382
|
idle: {
|
|
349
383
|
on: {
|
|
@@ -361,11 +395,11 @@ function F(t) {
|
|
|
361
395
|
input: ({ context: e }) => ({ email: e.email ?? void 0 }),
|
|
362
396
|
onDone: {
|
|
363
397
|
target: "awaitingCode",
|
|
364
|
-
actions: ({ context: e, event: r }) =>
|
|
398
|
+
actions: ({ context: e, event: r }) => M(e, r.output)
|
|
365
399
|
},
|
|
366
400
|
onError: {
|
|
367
401
|
target: "failed",
|
|
368
|
-
actions: ({ context: e, event: r }) =>
|
|
402
|
+
actions: ({ context: e, event: r }) => v(e, r.error)
|
|
369
403
|
}
|
|
370
404
|
}
|
|
371
405
|
},
|
|
@@ -373,7 +407,7 @@ function F(t) {
|
|
|
373
407
|
on: {
|
|
374
408
|
submit: { target: "confirming" },
|
|
375
409
|
resend: { target: "resending" },
|
|
376
|
-
reset: { target: "idle", actions:
|
|
410
|
+
reset: { target: "idle", actions: w }
|
|
377
411
|
}
|
|
378
412
|
},
|
|
379
413
|
resending: {
|
|
@@ -385,11 +419,11 @@ function F(t) {
|
|
|
385
419
|
},
|
|
386
420
|
onDone: {
|
|
387
421
|
target: "awaitingCode",
|
|
388
|
-
actions: ({ context: e, event: r }) =>
|
|
422
|
+
actions: ({ context: e, event: r }) => M(e, r.output)
|
|
389
423
|
},
|
|
390
424
|
onError: {
|
|
391
425
|
target: "awaitingCode",
|
|
392
|
-
actions: ({ context: e, event: r }) =>
|
|
426
|
+
actions: ({ context: e, event: r }) => v(e, r.error)
|
|
393
427
|
}
|
|
394
428
|
}
|
|
395
429
|
},
|
|
@@ -409,37 +443,37 @@ function F(t) {
|
|
|
409
443
|
},
|
|
410
444
|
onError: {
|
|
411
445
|
target: "awaitingCode",
|
|
412
|
-
actions: ({ context: e, event: r }) =>
|
|
446
|
+
actions: ({ context: e, event: r }) => v(e, r.error)
|
|
413
447
|
}
|
|
414
448
|
}
|
|
415
449
|
},
|
|
416
450
|
enrolled: {
|
|
417
451
|
on: {
|
|
418
|
-
reset: { target: "idle", actions:
|
|
452
|
+
reset: { target: "idle", actions: w }
|
|
419
453
|
}
|
|
420
454
|
},
|
|
421
455
|
failed: {
|
|
422
456
|
on: {
|
|
423
457
|
start: { target: "starting" },
|
|
424
|
-
reset: { target: "idle", actions:
|
|
458
|
+
reset: { target: "idle", actions: w }
|
|
425
459
|
}
|
|
426
460
|
}
|
|
427
461
|
}
|
|
428
462
|
});
|
|
429
463
|
}
|
|
430
|
-
function
|
|
464
|
+
function M(t, e) {
|
|
431
465
|
t.enrollmentId = e.enrollmentId, t.expiresAt = e.expiresAt, t.resendAvailableAt = e.resendAvailableAt, t.errorCode = null, t.errorMessage = null;
|
|
432
466
|
}
|
|
433
|
-
function
|
|
467
|
+
function w({ context: t }) {
|
|
434
468
|
t.enrollmentId = null, t.email = null, t.expiresAt = null, t.resendAvailableAt = null, t.methodId = null, t.recoveryCodes = null, t.errorCode = null, t.errorMessage = null;
|
|
435
469
|
}
|
|
436
|
-
function
|
|
437
|
-
e instanceof
|
|
470
|
+
function v(t, e) {
|
|
471
|
+
e instanceof s ? (t.errorCode = e.code, t.errorMessage = e.message) : (t.errorCode = "UNKNOWN", t.errorMessage = e instanceof Error ? e.message : null);
|
|
438
472
|
}
|
|
439
|
-
function
|
|
473
|
+
function m(t) {
|
|
440
474
|
const e = t.replace(/-/g, "+").replace(/_/g, "/"), r = e.padEnd(Math.ceil(e.length / 4) * 4, "="), n = atob(r), o = new Uint8Array(n.length);
|
|
441
|
-
for (let
|
|
442
|
-
o[
|
|
475
|
+
for (let l = 0; l < n.length; l++)
|
|
476
|
+
o[l] = n.charCodeAt(l);
|
|
443
477
|
return o.buffer;
|
|
444
478
|
}
|
|
445
479
|
function d(t) {
|
|
@@ -449,15 +483,15 @@ function d(t) {
|
|
|
449
483
|
r += String.fromCharCode(n);
|
|
450
484
|
return btoa(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
451
485
|
}
|
|
452
|
-
function
|
|
453
|
-
return (t ?? []).map((e) => ({ ...e, id:
|
|
486
|
+
function D(t) {
|
|
487
|
+
return (t ?? []).map((e) => ({ ...e, id: m(e.id) }));
|
|
454
488
|
}
|
|
455
|
-
async function
|
|
489
|
+
async function q(t) {
|
|
456
490
|
const e = JSON.parse(t), r = {
|
|
457
491
|
...e,
|
|
458
|
-
challenge:
|
|
459
|
-
user: { ...e.user, id:
|
|
460
|
-
excludeCredentials:
|
|
492
|
+
challenge: m(e.challenge),
|
|
493
|
+
user: { ...e.user, id: m(e.user.id) },
|
|
494
|
+
excludeCredentials: D(e.excludeCredentials)
|
|
461
495
|
// Cast through unknown: the spread carries Fido2's index-signature fields the DOM type omits.
|
|
462
496
|
}, n = await navigator.credentials.create({ publicKey: r });
|
|
463
497
|
if (n === null)
|
|
@@ -474,11 +508,11 @@ async function L(t) {
|
|
|
474
508
|
}
|
|
475
509
|
});
|
|
476
510
|
}
|
|
477
|
-
async function
|
|
511
|
+
async function P(t) {
|
|
478
512
|
const e = JSON.parse(t), r = {
|
|
479
513
|
...e,
|
|
480
|
-
challenge:
|
|
481
|
-
allowCredentials:
|
|
514
|
+
challenge: m(e.challenge),
|
|
515
|
+
allowCredentials: D(e.allowCredentials)
|
|
482
516
|
}, n = await navigator.credentials.get({ publicKey: r });
|
|
483
517
|
if (n === null)
|
|
484
518
|
throw new Error("WebAuthn authentication produced no credential.");
|
|
@@ -496,7 +530,7 @@ async function K(t) {
|
|
|
496
530
|
}
|
|
497
531
|
});
|
|
498
532
|
}
|
|
499
|
-
const
|
|
533
|
+
const B = {
|
|
500
534
|
enrollmentId: null,
|
|
501
535
|
optionsJson: null,
|
|
502
536
|
name: null,
|
|
@@ -505,34 +539,34 @@ const W = {
|
|
|
505
539
|
errorCode: null,
|
|
506
540
|
errorMessage: null
|
|
507
541
|
};
|
|
508
|
-
function
|
|
542
|
+
function G(t) {
|
|
509
543
|
return h({
|
|
510
544
|
types: {
|
|
511
545
|
context: {},
|
|
512
546
|
events: {}
|
|
513
547
|
},
|
|
514
548
|
actors: {
|
|
515
|
-
startEnrollment:
|
|
549
|
+
startEnrollment: i(async () => {
|
|
516
550
|
const e = await t.startWebAuthnEnrollment();
|
|
517
551
|
if (!e.ok)
|
|
518
|
-
throw new
|
|
552
|
+
throw new s(e.code, e.message, e.httpStatus, e.details ?? null);
|
|
519
553
|
return e.value;
|
|
520
554
|
}),
|
|
521
|
-
registerAndConfirm:
|
|
522
|
-
const r = await
|
|
555
|
+
registerAndConfirm: i(async ({ input: e }) => {
|
|
556
|
+
const r = await q(e.optionsJson), n = await t.confirmWebAuthnEnrollment({
|
|
523
557
|
enrollmentId: e.enrollmentId,
|
|
524
558
|
attestationResponseJson: r,
|
|
525
559
|
name: e.name
|
|
526
560
|
});
|
|
527
561
|
if (!n.ok)
|
|
528
|
-
throw new
|
|
562
|
+
throw new s(n.code, n.message, n.httpStatus, n.details ?? null);
|
|
529
563
|
return n.value;
|
|
530
564
|
})
|
|
531
565
|
}
|
|
532
566
|
}).createMachine({
|
|
533
567
|
id: "webauthnEnrollment",
|
|
534
568
|
initial: "idle",
|
|
535
|
-
context:
|
|
569
|
+
context: B,
|
|
536
570
|
states: {
|
|
537
571
|
idle: {
|
|
538
572
|
on: {
|
|
@@ -553,7 +587,7 @@ function $(t) {
|
|
|
553
587
|
},
|
|
554
588
|
onError: {
|
|
555
589
|
target: "failed",
|
|
556
|
-
actions: ({ context: e, event: r }) =>
|
|
590
|
+
actions: ({ context: e, event: r }) => O(e, r.error)
|
|
557
591
|
}
|
|
558
592
|
}
|
|
559
593
|
},
|
|
@@ -572,31 +606,31 @@ function $(t) {
|
|
|
572
606
|
},
|
|
573
607
|
onError: {
|
|
574
608
|
target: "failed",
|
|
575
|
-
actions: ({ context: e, event: r }) =>
|
|
609
|
+
actions: ({ context: e, event: r }) => O(e, r.error)
|
|
576
610
|
}
|
|
577
611
|
}
|
|
578
612
|
},
|
|
579
613
|
enrolled: {
|
|
580
614
|
on: {
|
|
581
|
-
reset: { target: "idle", actions:
|
|
615
|
+
reset: { target: "idle", actions: U }
|
|
582
616
|
}
|
|
583
617
|
},
|
|
584
618
|
failed: {
|
|
585
619
|
on: {
|
|
586
620
|
retry: { target: "starting" },
|
|
587
|
-
reset: { target: "idle", actions:
|
|
621
|
+
reset: { target: "idle", actions: U }
|
|
588
622
|
}
|
|
589
623
|
}
|
|
590
624
|
}
|
|
591
625
|
});
|
|
592
626
|
}
|
|
593
|
-
function
|
|
627
|
+
function U({ context: t }) {
|
|
594
628
|
t.enrollmentId = null, t.optionsJson = null, t.name = null, t.methodId = null, t.recoveryCodes = null, t.errorCode = null, t.errorMessage = null;
|
|
595
629
|
}
|
|
596
|
-
function
|
|
597
|
-
e instanceof
|
|
630
|
+
function O(t, e) {
|
|
631
|
+
e instanceof s ? (t.errorCode = e.code, t.errorMessage = e.message) : (t.errorCode = "UNKNOWN", t.errorMessage = e instanceof Error ? e.message : null);
|
|
598
632
|
}
|
|
599
|
-
const
|
|
633
|
+
const X = {
|
|
600
634
|
methodId: null,
|
|
601
635
|
methodType: null,
|
|
602
636
|
userId: null,
|
|
@@ -607,48 +641,48 @@ const H = {
|
|
|
607
641
|
errorCode: null,
|
|
608
642
|
errorMessage: null
|
|
609
643
|
};
|
|
610
|
-
function
|
|
644
|
+
function j(t) {
|
|
611
645
|
return h({
|
|
612
646
|
types: {
|
|
613
647
|
context: {},
|
|
614
648
|
events: {}
|
|
615
649
|
},
|
|
616
650
|
actors: {
|
|
617
|
-
startChallenge:
|
|
651
|
+
startChallenge: i(async ({ input: e }) => {
|
|
618
652
|
const r = await t.startChallenge({ methodId: e.methodId });
|
|
619
653
|
if (!r.ok)
|
|
620
|
-
throw new
|
|
654
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
621
655
|
return r.value;
|
|
622
656
|
}),
|
|
623
|
-
resendChallenge:
|
|
657
|
+
resendChallenge: i(async ({ input: e }) => {
|
|
624
658
|
const r = await t.resendChallenge({ methodId: e.methodId });
|
|
625
659
|
if (!r.ok)
|
|
626
|
-
throw new
|
|
660
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
627
661
|
return r.value;
|
|
628
662
|
}),
|
|
629
|
-
verifyChallenge:
|
|
663
|
+
verifyChallenge: i(async ({ input: e }) => {
|
|
630
664
|
const r = await t.verifyChallenge({ methodId: e.methodId, code: e.code });
|
|
631
665
|
if (!r.ok)
|
|
632
|
-
throw new
|
|
666
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
633
667
|
return r.value;
|
|
634
668
|
}),
|
|
635
|
-
assertChallenge:
|
|
636
|
-
const r = await
|
|
669
|
+
assertChallenge: i(async ({ input: e }) => {
|
|
670
|
+
const r = await P(e.optionsJson), n = await t.verifyChallenge({ methodId: e.methodId, assertionResponseJson: r });
|
|
637
671
|
if (!n.ok)
|
|
638
|
-
throw new
|
|
672
|
+
throw new s(n.code, n.message, n.httpStatus, n.details ?? null);
|
|
639
673
|
return n.value;
|
|
640
674
|
}),
|
|
641
|
-
verifyRecoveryCode:
|
|
675
|
+
verifyRecoveryCode: i(async ({ input: e }) => {
|
|
642
676
|
const r = await t.verifyRecoveryCode({ recoveryCode: e.code });
|
|
643
677
|
if (!r.ok)
|
|
644
|
-
throw new
|
|
678
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
645
679
|
return r.value;
|
|
646
680
|
})
|
|
647
681
|
}
|
|
648
682
|
}).createMachine({
|
|
649
683
|
id: "challenge",
|
|
650
684
|
initial: "idle",
|
|
651
|
-
context:
|
|
685
|
+
context: X,
|
|
652
686
|
states: {
|
|
653
687
|
idle: {
|
|
654
688
|
on: {
|
|
@@ -670,11 +704,11 @@ function Y(t) {
|
|
|
670
704
|
{
|
|
671
705
|
guard: ({ event: e }) => e.output.type === "WebAuthn",
|
|
672
706
|
target: "asserting",
|
|
673
|
-
actions: ({ context: e, event: r }) =>
|
|
707
|
+
actions: ({ context: e, event: r }) => E(e, r.output)
|
|
674
708
|
},
|
|
675
709
|
{
|
|
676
710
|
target: "awaitingCode",
|
|
677
|
-
actions: ({ context: e, event: r }) =>
|
|
711
|
+
actions: ({ context: e, event: r }) => E(e, r.output)
|
|
678
712
|
}
|
|
679
713
|
],
|
|
680
714
|
onError: {
|
|
@@ -707,7 +741,7 @@ function Y(t) {
|
|
|
707
741
|
submit: { target: "verifying" },
|
|
708
742
|
resend: { target: "resending" },
|
|
709
743
|
useRecoveryCode: { target: "verifyingRecovery" },
|
|
710
|
-
reset: { target: "idle", actions:
|
|
744
|
+
reset: { target: "idle", actions: C }
|
|
711
745
|
}
|
|
712
746
|
},
|
|
713
747
|
verifyingRecovery: {
|
|
@@ -738,7 +772,7 @@ function Y(t) {
|
|
|
738
772
|
},
|
|
739
773
|
onDone: {
|
|
740
774
|
target: "awaitingCode",
|
|
741
|
-
actions: ({ context: e, event: r }) =>
|
|
775
|
+
actions: ({ context: e, event: r }) => E(e, r.output)
|
|
742
776
|
},
|
|
743
777
|
onError: {
|
|
744
778
|
target: "awaitingCode",
|
|
@@ -768,57 +802,57 @@ function Y(t) {
|
|
|
768
802
|
},
|
|
769
803
|
verified: {
|
|
770
804
|
on: {
|
|
771
|
-
reset: { target: "idle", actions:
|
|
805
|
+
reset: { target: "idle", actions: C }
|
|
772
806
|
}
|
|
773
807
|
},
|
|
774
808
|
failed: {
|
|
775
809
|
on: {
|
|
776
810
|
pick: { target: "starting" },
|
|
777
811
|
useRecoveryCode: { target: "verifyingRecovery" },
|
|
778
|
-
reset: { target: "idle", actions:
|
|
812
|
+
reset: { target: "idle", actions: C }
|
|
779
813
|
}
|
|
780
814
|
}
|
|
781
815
|
}
|
|
782
816
|
});
|
|
783
817
|
}
|
|
784
|
-
function
|
|
818
|
+
function E(t, e) {
|
|
785
819
|
t.methodType = e.type, t.expiresAt = e.expiresAt ?? null, t.resendAvailableAt = e.resendAvailableAt ?? null, t.optionsJson = e.optionsJson ?? null, t.errorCode = null, t.errorMessage = null;
|
|
786
820
|
}
|
|
787
|
-
function
|
|
821
|
+
function C({ context: t }) {
|
|
788
822
|
t.methodId = null, t.methodType = null, t.userId = null, t.verifiedToken = null, t.expiresAt = null, t.resendAvailableAt = null, t.optionsJson = null, t.errorCode = null, t.errorMessage = null;
|
|
789
823
|
}
|
|
790
824
|
function c(t, e) {
|
|
791
|
-
e instanceof
|
|
825
|
+
e instanceof s ? (t.errorCode = e.code, t.errorMessage = e.message) : (t.errorCode = "UNKNOWN", t.errorMessage = e instanceof Error ? e.message : null);
|
|
792
826
|
}
|
|
793
|
-
const
|
|
827
|
+
const z = {
|
|
794
828
|
items: [],
|
|
795
829
|
errorCode: null,
|
|
796
830
|
errorMessage: null
|
|
797
831
|
};
|
|
798
|
-
function
|
|
832
|
+
function Q(t) {
|
|
799
833
|
return h({
|
|
800
834
|
types: {
|
|
801
835
|
context: {},
|
|
802
836
|
events: {}
|
|
803
837
|
},
|
|
804
838
|
actors: {
|
|
805
|
-
load:
|
|
839
|
+
load: i(async () => {
|
|
806
840
|
const e = await t.listMethods();
|
|
807
841
|
if (!e.ok)
|
|
808
|
-
throw new
|
|
842
|
+
throw new s(e.code, e.message, e.httpStatus, e.details ?? null);
|
|
809
843
|
return e.value;
|
|
810
844
|
}),
|
|
811
|
-
remove:
|
|
845
|
+
remove: i(async ({ input: e }) => {
|
|
812
846
|
const r = await t.removeMethod(e.methodId);
|
|
813
847
|
if (!r.ok)
|
|
814
|
-
throw new
|
|
848
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
815
849
|
return e.methodId;
|
|
816
850
|
})
|
|
817
851
|
}
|
|
818
852
|
}).createMachine({
|
|
819
853
|
id: "methods",
|
|
820
854
|
initial: "idle",
|
|
821
|
-
context:
|
|
855
|
+
context: z,
|
|
822
856
|
states: {
|
|
823
857
|
idle: {
|
|
824
858
|
on: {
|
|
@@ -836,7 +870,7 @@ function B(t) {
|
|
|
836
870
|
},
|
|
837
871
|
onError: {
|
|
838
872
|
target: "failed",
|
|
839
|
-
actions: ({ context: e, event: r }) =>
|
|
873
|
+
actions: ({ context: e, event: r }) => N(e, r.error)
|
|
840
874
|
}
|
|
841
875
|
}
|
|
842
876
|
},
|
|
@@ -862,54 +896,221 @@ function B(t) {
|
|
|
862
896
|
},
|
|
863
897
|
onError: {
|
|
864
898
|
target: "ready",
|
|
865
|
-
actions: ({ context: e, event: r }) =>
|
|
899
|
+
actions: ({ context: e, event: r }) => N(e, r.error)
|
|
866
900
|
}
|
|
867
901
|
}
|
|
868
902
|
},
|
|
869
903
|
failed: {
|
|
870
904
|
on: {
|
|
871
905
|
load: { target: "loading" },
|
|
872
|
-
reset: { target: "idle", actions:
|
|
906
|
+
reset: { target: "idle", actions: Z }
|
|
873
907
|
}
|
|
874
908
|
}
|
|
875
909
|
}
|
|
876
910
|
});
|
|
877
911
|
}
|
|
878
|
-
function
|
|
912
|
+
function Z({ context: t }) {
|
|
879
913
|
t.items = [], t.errorCode = null, t.errorMessage = null;
|
|
880
914
|
}
|
|
881
|
-
function
|
|
882
|
-
e instanceof
|
|
915
|
+
function N(t, e) {
|
|
916
|
+
e instanceof s ? (t.errorCode = e.code, t.errorMessage = e.message) : (t.errorCode = "UNKNOWN", t.errorMessage = e instanceof Error ? e.message : null);
|
|
883
917
|
}
|
|
884
|
-
|
|
885
|
-
|
|
886
|
-
|
|
918
|
+
const x = {
|
|
919
|
+
methodId: null,
|
|
920
|
+
methodType: null,
|
|
921
|
+
stepUpToken: null,
|
|
922
|
+
expiresAt: null,
|
|
923
|
+
resendAvailableAt: null,
|
|
924
|
+
optionsJson: null,
|
|
925
|
+
errorCode: null,
|
|
926
|
+
errorMessage: null
|
|
927
|
+
};
|
|
928
|
+
function ee(t) {
|
|
929
|
+
return h({
|
|
930
|
+
types: {
|
|
931
|
+
context: {},
|
|
932
|
+
events: {}
|
|
933
|
+
},
|
|
934
|
+
actors: {
|
|
935
|
+
startStepUp: i(async ({ input: e }) => {
|
|
936
|
+
const r = await t.startStepUp({ methodId: e.methodId });
|
|
937
|
+
if (!r.ok)
|
|
938
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
939
|
+
return r.value;
|
|
940
|
+
}),
|
|
941
|
+
resendStepUp: i(async ({ input: e }) => {
|
|
942
|
+
const r = await t.resendStepUp({ methodId: e.methodId });
|
|
943
|
+
if (!r.ok)
|
|
944
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
945
|
+
return r.value;
|
|
946
|
+
}),
|
|
947
|
+
verifyStepUp: i(async ({ input: e }) => {
|
|
948
|
+
const r = await t.verifyStepUp({ methodId: e.methodId, code: e.code });
|
|
949
|
+
if (!r.ok)
|
|
950
|
+
throw new s(r.code, r.message, r.httpStatus, r.details ?? null);
|
|
951
|
+
return r.value;
|
|
952
|
+
}),
|
|
953
|
+
assertStepUp: i(async ({ input: e }) => {
|
|
954
|
+
const r = await P(e.optionsJson), n = await t.verifyStepUp({ methodId: e.methodId, assertionResponseJson: r });
|
|
955
|
+
if (!n.ok)
|
|
956
|
+
throw new s(n.code, n.message, n.httpStatus, n.details ?? null);
|
|
957
|
+
return n.value;
|
|
958
|
+
})
|
|
959
|
+
}
|
|
960
|
+
}).createMachine({
|
|
961
|
+
id: "stepup",
|
|
962
|
+
initial: "idle",
|
|
963
|
+
context: x,
|
|
964
|
+
states: {
|
|
965
|
+
idle: {
|
|
966
|
+
on: {
|
|
967
|
+
pick: { target: "starting" }
|
|
968
|
+
}
|
|
969
|
+
},
|
|
970
|
+
starting: {
|
|
971
|
+
entry: ({ context: e, event: r }) => {
|
|
972
|
+
r.type === "pick" && (e.methodId = r.methodId);
|
|
973
|
+
},
|
|
974
|
+
invoke: {
|
|
975
|
+
src: "startStepUp",
|
|
976
|
+
input: ({ context: e }) => {
|
|
977
|
+
if (!e.methodId) throw new Error("no methodId");
|
|
978
|
+
return { methodId: e.methodId };
|
|
979
|
+
},
|
|
980
|
+
onDone: [
|
|
981
|
+
{
|
|
982
|
+
guard: ({ event: e }) => e.output.type === "WebAuthn",
|
|
983
|
+
target: "asserting",
|
|
984
|
+
actions: ({ context: e, event: r }) => I(e, r.output)
|
|
985
|
+
},
|
|
986
|
+
{
|
|
987
|
+
target: "awaitingCode",
|
|
988
|
+
actions: ({ context: e, event: r }) => I(e, r.output)
|
|
989
|
+
}
|
|
990
|
+
],
|
|
991
|
+
onError: {
|
|
992
|
+
target: "failed",
|
|
993
|
+
actions: ({ context: e, event: r }) => g(e, r.error)
|
|
994
|
+
}
|
|
995
|
+
}
|
|
996
|
+
},
|
|
997
|
+
asserting: {
|
|
998
|
+
invoke: {
|
|
999
|
+
src: "assertStepUp",
|
|
1000
|
+
input: ({ context: e }) => {
|
|
1001
|
+
if (!e.methodId || !e.optionsJson) throw new Error("no assertion options");
|
|
1002
|
+
return { methodId: e.methodId, optionsJson: e.optionsJson };
|
|
1003
|
+
},
|
|
1004
|
+
onDone: {
|
|
1005
|
+
target: "verified",
|
|
1006
|
+
actions: ({ context: e, event: r }) => R(e, r.output.stepUpToken)
|
|
1007
|
+
},
|
|
1008
|
+
onError: {
|
|
1009
|
+
target: "failed",
|
|
1010
|
+
actions: ({ context: e, event: r }) => g(e, r.error)
|
|
1011
|
+
}
|
|
1012
|
+
}
|
|
1013
|
+
},
|
|
1014
|
+
awaitingCode: {
|
|
1015
|
+
on: {
|
|
1016
|
+
submit: { target: "verifying" },
|
|
1017
|
+
resend: { target: "resending" },
|
|
1018
|
+
reset: { target: "idle", actions: A }
|
|
1019
|
+
}
|
|
1020
|
+
},
|
|
1021
|
+
resending: {
|
|
1022
|
+
invoke: {
|
|
1023
|
+
src: "resendStepUp",
|
|
1024
|
+
input: ({ context: e }) => {
|
|
1025
|
+
if (!e.methodId) throw new Error("no methodId");
|
|
1026
|
+
return { methodId: e.methodId };
|
|
1027
|
+
},
|
|
1028
|
+
onDone: {
|
|
1029
|
+
target: "awaitingCode",
|
|
1030
|
+
actions: ({ context: e, event: r }) => I(e, r.output)
|
|
1031
|
+
},
|
|
1032
|
+
onError: {
|
|
1033
|
+
target: "awaitingCode",
|
|
1034
|
+
actions: ({ context: e, event: r }) => g(e, r.error)
|
|
1035
|
+
}
|
|
1036
|
+
}
|
|
1037
|
+
},
|
|
1038
|
+
verifying: {
|
|
1039
|
+
invoke: {
|
|
1040
|
+
src: "verifyStepUp",
|
|
1041
|
+
input: ({ context: e, event: r }) => {
|
|
1042
|
+
if (r.type !== "submit") throw new Error("verifying requires submit event");
|
|
1043
|
+
if (!e.methodId) throw new Error("no methodId");
|
|
1044
|
+
return { methodId: e.methodId, code: r.code };
|
|
1045
|
+
},
|
|
1046
|
+
onDone: {
|
|
1047
|
+
target: "verified",
|
|
1048
|
+
actions: ({ context: e, event: r }) => R(e, r.output.stepUpToken)
|
|
1049
|
+
},
|
|
1050
|
+
onError: {
|
|
1051
|
+
target: "awaitingCode",
|
|
1052
|
+
actions: ({ context: e, event: r }) => g(e, r.error)
|
|
1053
|
+
}
|
|
1054
|
+
}
|
|
1055
|
+
},
|
|
1056
|
+
verified: {
|
|
1057
|
+
on: {
|
|
1058
|
+
reset: { target: "idle", actions: A }
|
|
1059
|
+
}
|
|
1060
|
+
},
|
|
1061
|
+
failed: {
|
|
1062
|
+
on: {
|
|
1063
|
+
pick: { target: "starting" },
|
|
1064
|
+
reset: { target: "idle", actions: A }
|
|
1065
|
+
}
|
|
1066
|
+
}
|
|
1067
|
+
}
|
|
1068
|
+
});
|
|
1069
|
+
}
|
|
1070
|
+
function I(t, e) {
|
|
1071
|
+
t.methodType = e.type, t.expiresAt = e.expiresAt ?? null, t.resendAvailableAt = e.resendAvailableAt ?? null, t.optionsJson = e.optionsJson ?? null, t.errorCode = null, t.errorMessage = null;
|
|
1072
|
+
}
|
|
1073
|
+
function R(t, e) {
|
|
1074
|
+
t.stepUpToken = e, t.errorCode = null, t.errorMessage = null;
|
|
1075
|
+
}
|
|
1076
|
+
function A({ context: t }) {
|
|
1077
|
+
t.methodId = null, t.methodType = null, t.stepUpToken = null, t.expiresAt = null, t.resendAvailableAt = null, t.optionsJson = null, t.errorCode = null, t.errorMessage = null;
|
|
1078
|
+
}
|
|
1079
|
+
function g(t, e) {
|
|
1080
|
+
e instanceof s ? (t.errorCode = e.code, t.errorMessage = e.message) : (t.errorCode = "UNKNOWN", t.errorMessage = e instanceof Error ? e.message : null);
|
|
1081
|
+
}
|
|
1082
|
+
function se(t) {
|
|
1083
|
+
const e = new K(t), r = u(H(e)), n = u(Y(e)), o = u(G(e)), l = u(j(e)), p = u(ee(e)), f = u(Q(e));
|
|
1084
|
+
return r.start(), n.start(), o.start(), l.start(), p.start(), f.start(), {
|
|
887
1085
|
client: e,
|
|
888
1086
|
totpEnrollment: r,
|
|
889
1087
|
emailEnrollment: n,
|
|
890
1088
|
webauthnEnrollment: o,
|
|
891
|
-
challenge:
|
|
892
|
-
|
|
1089
|
+
challenge: l,
|
|
1090
|
+
stepUp: p,
|
|
1091
|
+
methods: f,
|
|
893
1092
|
dispose() {
|
|
894
|
-
r.stop(), n.stop(), o.stop(),
|
|
1093
|
+
r.stop(), n.stop(), o.stop(), l.stop(), p.stop(), f.stop();
|
|
895
1094
|
}
|
|
896
1095
|
};
|
|
897
1096
|
}
|
|
898
1097
|
export {
|
|
899
|
-
|
|
900
|
-
|
|
901
|
-
|
|
902
|
-
|
|
903
|
-
|
|
904
|
-
|
|
905
|
-
|
|
906
|
-
|
|
907
|
-
|
|
908
|
-
Q as
|
|
909
|
-
|
|
910
|
-
|
|
911
|
-
|
|
912
|
-
|
|
913
|
-
|
|
1098
|
+
oe as LocalStorageStorage,
|
|
1099
|
+
_ as MemoryStorage,
|
|
1100
|
+
s as Omni2FaApiError,
|
|
1101
|
+
K as Omni2FaClient,
|
|
1102
|
+
a as Omni2FaErrorCodes,
|
|
1103
|
+
W as STEP_UP_HEADER,
|
|
1104
|
+
ne as SessionStorageStorage,
|
|
1105
|
+
j as createChallengeMachine,
|
|
1106
|
+
Y as createEmailEnrollmentMachine,
|
|
1107
|
+
Q as createMethodsMachine,
|
|
1108
|
+
se as createOmni2Fa,
|
|
1109
|
+
ee as createStepUpMachine,
|
|
1110
|
+
H as createTotpEnrollmentMachine,
|
|
1111
|
+
G as createWebAuthnEnrollmentMachine,
|
|
1112
|
+
T as getDefaultMessage,
|
|
1113
|
+
P as startAuthentication,
|
|
1114
|
+
q as startRegistration
|
|
914
1115
|
};
|
|
915
1116
|
//# sourceMappingURL=index.js.map
|