@omni2fa/core 0.8.0 → 0.8.1

package/dist/index.js

@@ -52,8 +52,25 @@ const a = {
 function T(t) {
   return S[t] ?? S[a.Unknown];
 }
-const W = "X-Omni2FA-StepUp", F = "omni2fa:preauth", L = "omni2fa:session", b = "http://omni2fa.local";
-class K {
+const W = "X-Omni2FA-StepUp", F = "omni2fa:preauth", K = "omni2fa:session";
+function b(t) {
+  let e = t;
+  const r = /^[a-zA-Z][a-zA-Z\d+\-.]*:\/\//.exec(e);
+  if (r) {
+    e = e.slice(r[0].length);
+    const l = e.indexOf("/");
+    e = l === -1 ? "/" : e.slice(l);
+  } else if (e.startsWith("//")) {
+    e = e.slice(2);
+    const l = e.indexOf("/");
+    e = l === -1 ? "/" : e.slice(l);
+  }
+  const n = e.indexOf("#");
+  n !== -1 && (e = e.slice(0, n));
+  const o = e.indexOf("?");
+  return o !== -1 && (e = e.slice(0, o)), e.startsWith("/") ? e : `/${e}`;
+}
+class $ {
   storage;
   preAuthKey;
   sessionKey;
@@ -61,7 +78,7 @@ class K {
   inner;
   stepUpHandler = null;
   constructor(e) {
-    this.storage = e.storage ?? new _(), this.preAuthKey = e.preAuthStorageKey ?? F, this.sessionKey = e.sessionStorageKey ?? L, this.basePath = new URL(e.baseUrl, b).pathname.replace(/\/$/, ""), this.inner = J({
+    this.storage = e.storage ?? new _(), this.preAuthKey = e.preAuthStorageKey ?? F, this.sessionKey = e.sessionStorageKey ?? K, this.basePath = b(e.baseUrl).replace(/\/$/, ""), this.inner = J({
       baseUrl: e.baseUrl,
       fetch: e.fetch ?? globalThis.fetch.bind(globalThis),
       ...e.credentials ? { credentials: e.credentials } : {}
@@ -76,7 +93,7 @@ class K {
   }
   /** Pre-auth endpoints are exactly the ones mounted under <c>{basePath}/challenge/</c>. */
   isPreAuthEndpoint(e) {
-    const r = new URL(e, b).pathname;
+    const r = b(e);
     return (r.startsWith(this.basePath) ? r.slice(this.basePath.length) : r).startsWith("/challenge/");
   }
   setPreAuthToken(e) {
@@ -230,7 +247,7 @@ class s extends Error {
     super(r), this.name = "Omni2FaApiError", this.code = e, this.httpStatus = n, this.details = o;
   }
 }
-const $ = {
+const L = {
   enrollmentId: null,
   otpAuthUri: null,
   secret: null,
@@ -266,7 +283,7 @@ function H(t) {
   }).createMachine({
     id: "totpEnrollment",
     initial: "idle",
-    context: $,
+    context: L,
     states: {
       idle: {
         on: {
@@ -483,7 +500,7 @@ function d(t) {
     r += String.fromCharCode(n);
   return btoa(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-function D(t) {
+function R(t) {
   return (t ?? []).map((e) => ({ ...e, id: m(e.id) }));
 }
 async function q(t) {
@@ -491,7 +508,7 @@ async function q(t) {
     ...e,
     challenge: m(e.challenge),
     user: { ...e.user, id: m(e.user.id) },
-    excludeCredentials: D(e.excludeCredentials)
+    excludeCredentials: R(e.excludeCredentials)
     // Cast through unknown: the spread carries Fido2's index-signature fields the DOM type omits.
   }, n = await navigator.credentials.create({ publicKey: r });
   if (n === null)
@@ -512,7 +529,7 @@ async function P(t) {
   const e = JSON.parse(t), r = {
     ...e,
     challenge: m(e.challenge),
-    allowCredentials: D(e.allowCredentials)
+    allowCredentials: R(e.allowCredentials)
   }, n = await navigator.credentials.get({ publicKey: r });
   if (n === null)
     throw new Error("WebAuthn authentication produced no credential.");
@@ -530,7 +547,7 @@ async function P(t) {
     }
   });
 }
-const B = {
+const z = {
   enrollmentId: null,
   optionsJson: null,
   name: null,
@@ -539,7 +556,7 @@ const B = {
   errorCode: null,
   errorMessage: null
 };
-function G(t) {
+function B(t) {
   return h({
     types: {
       context: {},
@@ -566,7 +583,7 @@ function G(t) {
   }).createMachine({
     id: "webauthnEnrollment",
     initial: "idle",
-    context: B,
+    context: z,
     states: {
       idle: {
         on: {
@@ -630,7 +647,7 @@ function U({ context: t }) {
 function O(t, e) {
   e instanceof s ? (t.errorCode = e.code, t.errorMessage = e.message) : (t.errorCode = "UNKNOWN", t.errorMessage = e instanceof Error ? e.message : null);
 }
-const X = {
+const G = {
   methodId: null,
   methodType: null,
   userId: null,
@@ -641,7 +658,7 @@ const X = {
   errorCode: null,
   errorMessage: null
 };
-function j(t) {
+function X(t) {
   return h({
     types: {
       context: {},
@@ -682,7 +699,7 @@ function j(t) {
   }).createMachine({
     id: "challenge",
     initial: "idle",
-    context: X,
+    context: G,
     states: {
       idle: {
         on: {
@@ -824,12 +841,12 @@ function C({ context: t }) {
 function c(t, e) {
   e instanceof s ? (t.errorCode = e.code, t.errorMessage = e.message) : (t.errorCode = "UNKNOWN", t.errorMessage = e instanceof Error ? e.message : null);
 }
-const z = {
+const j = {
   items: [],
   errorCode: null,
   errorMessage: null
 };
-function Q(t) {
+function Z(t) {
   return h({
     types: {
       context: {},
@@ -852,7 +869,7 @@ function Q(t) {
   }).createMachine({
     id: "methods",
     initial: "idle",
-    context: z,
+    context: j,
     states: {
       idle: {
         on: {
@@ -903,13 +920,13 @@ function Q(t) {
       failed: {
         on: {
           load: { target: "loading" },
-          reset: { target: "idle", actions: Z }
+          reset: { target: "idle", actions: Q }
         }
       }
     }
   });
 }
-function Z({ context: t }) {
+function Q({ context: t }) {
   t.items = [], t.errorCode = null, t.errorMessage = null;
 }
 function N(t, e) {
@@ -1003,7 +1020,7 @@ function ee(t) {
           },
           onDone: {
             target: "verified",
-            actions: ({ context: e, event: r }) => R(e, r.output.stepUpToken)
+            actions: ({ context: e, event: r }) => D(e, r.output.stepUpToken)
           },
           onError: {
             target: "failed",
@@ -1045,7 +1062,7 @@ function ee(t) {
           },
           onDone: {
             target: "verified",
-            actions: ({ context: e, event: r }) => R(e, r.output.stepUpToken)
+            actions: ({ context: e, event: r }) => D(e, r.output.stepUpToken)
           },
           onError: {
             target: "awaitingCode",
@@ -1070,7 +1087,7 @@ function ee(t) {
 function I(t, e) {
   t.methodType = e.type, t.expiresAt = e.expiresAt ?? null, t.resendAvailableAt = e.resendAvailableAt ?? null, t.optionsJson = e.optionsJson ?? null, t.errorCode = null, t.errorMessage = null;
 }
-function R(t, e) {
+function D(t, e) {
   t.stepUpToken = e, t.errorCode = null, t.errorMessage = null;
 }
 function A({ context: t }) {
@@ -1080,7 +1097,7 @@ function g(t, e) {
   e instanceof s ? (t.errorCode = e.code, t.errorMessage = e.message) : (t.errorCode = "UNKNOWN", t.errorMessage = e instanceof Error ? e.message : null);
 }
 function se(t) {
-  const e = new K(t), r = u(H(e)), n = u(Y(e)), o = u(G(e)), l = u(j(e)), p = u(ee(e)), f = u(Q(e));
+  const e = new $(t), r = u(H(e)), n = u(Y(e)), o = u(B(e)), l = u(X(e)), p = u(ee(e)), f = u(Z(e));
   return r.start(), n.start(), o.start(), l.start(), p.start(), f.start(), {
     client: e,
     totpEnrollment: r,
@@ -1098,17 +1115,17 @@ export {
   oe as LocalStorageStorage,
   _ as MemoryStorage,
   s as Omni2FaApiError,
-  K as Omni2FaClient,
+  $ as Omni2FaClient,
   a as Omni2FaErrorCodes,
   W as STEP_UP_HEADER,
   ne as SessionStorageStorage,
-  j as createChallengeMachine,
+  X as createChallengeMachine,
   Y as createEmailEnrollmentMachine,
-  Q as createMethodsMachine,
+  Z as createMethodsMachine,
   se as createOmni2Fa,
   ee as createStepUpMachine,
   H as createTotpEnrollmentMachine,
-  G as createWebAuthnEnrollmentMachine,
+  B as createWebAuthnEnrollmentMachine,
   T as getDefaultMessage,
   P as startAuthentication,
   q as startRegistration