@oneblink/apps-react 10.3.1 → 11.0.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/apps/auth-service.d.ts +3 -2
- package/dist/apps/auth-service.js +2 -2
- package/dist/apps/auth-service.js.map +1 -1
- package/dist/apps/services/AWSCognitoClient.d.ts +39 -4
- package/dist/apps/services/AWSCognitoClient.js +238 -23
- package/dist/apps/services/AWSCognitoClient.js.map +1 -1
- package/dist/apps/services/cognito.d.ts +50 -41
- package/dist/apps/services/cognito.js +85 -48
- package/dist/apps/services/cognito.js.map +1 -1
- package/dist/components/mfa/MfaAuthenticatorAppDialog.d.ts +12 -0
- package/dist/components/mfa/MfaAuthenticatorAppDialog.js +64 -0
- package/dist/components/mfa/MfaAuthenticatorAppDialog.js.map +1 -0
- package/dist/components/mfa/MfaDisableDialog.d.ts +10 -0
- package/dist/components/mfa/MfaDisableDialog.js +31 -0
- package/dist/components/mfa/MfaDisableDialog.js.map +1 -0
- package/dist/components/mfa/MfaErrorSnackbar.d.ts +10 -0
- package/dist/components/mfa/MfaErrorSnackbar.js +17 -0
- package/dist/components/mfa/MfaErrorSnackbar.js.map +1 -0
- package/dist/components/mfa/MfaMethodRow.d.ts +19 -0
- package/dist/components/mfa/MfaMethodRow.js +10 -0
- package/dist/components/mfa/MfaMethodRow.js.map +1 -0
- package/dist/components/mfa/MfaPhoneNumberDialog.d.ts +11 -0
- package/dist/components/mfa/MfaPhoneNumberDialog.js +120 -0
- package/dist/components/mfa/MfaPhoneNumberDialog.js.map +1 -0
- package/dist/components/mfa/MfaRemovePhoneNumberDialog.d.ts +10 -0
- package/dist/components/mfa/MfaRemovePhoneNumberDialog.js +24 -0
- package/dist/components/mfa/MfaRemovePhoneNumberDialog.js.map +1 -0
- package/dist/components/mfa/MfaStatusChip.d.ts +10 -0
- package/dist/components/mfa/MfaStatusChip.js +29 -0
- package/dist/components/mfa/MfaStatusChip.js.map +1 -0
- package/dist/components/mfa/MfaSuccessSnackbar.d.ts +10 -0
- package/dist/components/mfa/MfaSuccessSnackbar.js +17 -0
- package/dist/components/mfa/MfaSuccessSnackbar.js.map +1 -0
- package/dist/components/mfa/MultiFactorAuthentication.d.ts +1 -2
- package/dist/components/mfa/MultiFactorAuthentication.js +30 -30
- package/dist/components/mfa/MultiFactorAuthentication.js.map +1 -1
- package/dist/hooks/useLogin.d.ts +14 -8
- package/dist/hooks/useLogin.js +16 -6
- package/dist/hooks/useLogin.js.map +1 -1
- package/dist/hooks/useMfa.d.ts +46 -14
- package/dist/hooks/useMfa.js +388 -43
- package/dist/hooks/useMfa.js.map +1 -1
- package/dist/index.d.ts +7 -0
- package/dist/index.js +7 -0
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
- package/dist/components/mfa/MfaDialog.d.ts +0 -9
- package/dist/components/mfa/MfaDialog.js +0 -47
- package/dist/components/mfa/MfaDialog.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AWSCognitoClient.js","sourceRoot":"","sources":["../../../src/apps/services/AWSCognitoClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAE7B,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,cAAc,EACd,oBAAoB,EACpB,mBAAmB,EAEnB,6BAA6B,EAC7B,2BAA2B,EAC3B,0BAA0B,GAC3B,MAAM,2CAA2C,CAAA;AAClD,OAAO,MAAM,MAAM,WAAW,CAAA;AAC9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAA;AAOtC,MAAM,CAAC,OAAO,OAAO,gBAAgB;IAQnC,YAAY,EACV,QAAQ,EACR,MAAM,EACN,WAAW,EACX,WAAW,EACX,SAAS,GAOV;QACC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;QAC9D,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAA;QAC5D,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,EAAE,CAAA;QACnB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,IAAI,CAAC,6BAA6B,GAAG,IAAI,6BAA6B,CAAC;YACrE,MAAM;SACP,CAAC,CAAA;IACJ,CAAC;IAED,qBAAqB;IACrB,IAAI,UAAU;QACZ,OAAO,WAAW,IAAI,CAAC,QAAQ,aAAa,CAAA;IAC9C,CAAC;IACD,IAAI,YAAY;QACd,OAAO,WAAW,IAAI,CAAC,QAAQ,eAAe,CAAA;IAChD,CAAC;IACD,IAAI,QAAQ;QACV,OAAO,WAAW,IAAI,CAAC,QAAQ,WAAW,CAAA;IAC5C,CAAC;IACD,IAAI,aAAa;QACf,OAAO,WAAW,IAAI,CAAC,QAAQ,gBAAgB,CAAA;IACjD,CAAC;IACD,IAAI,KAAK;QACP,OAAO,WAAW,IAAI,CAAC,QAAQ,QAAQ,CAAA;IACzC,CAAC;IACD,IAAI,kBAAkB;QACpB,OAAO,WAAW,IAAI,CAAC,QAAQ,qBAAqB,CAAA;IACtD,CAAC;IAED,iBAAiB;QACf,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,QAAQ,EAAE,CAAA;YACZ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAA;gBAC9B,8BAA8B;gBAC9B,OAAO,CAAC,IAAI,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B,CAAC,oBAA8C;QACvE,qFAAqF;QACrF,MAAM,SAAS,GACZ,oBAAoB,CAAC,SAAoB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA;QACvE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;QAC3D,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,YAAY,EACjB,oBAAoB,CAAC,WAAqB,CAC3C,CAAA;QACD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC,OAAiB,CAAC,CAAA;QAC3E,IAAI,oBAAoB,CAAC,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,aAAa,EAClB,oBAAoB,CAAC,YAAY,CAClC,CAAA;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,2BAA2B;QACzB,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACxC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC1C,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACtC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAE3C,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,eAAe;QACb,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,SAAS,CAAA;IAC7D,CAAC;IAED,WAAW;QACT,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAA;IACzD,CAAC;IAED,gBAAgB;QACd,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,SAAS,CAAA;IAC9D,CAAC;IAED,eAAe;QACb,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAM;QACR,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAM;QACR,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC1D,IAAI,mBAAmB,CAAC;gBACtB,QAAQ,EAAE,oBAAoB;gBAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,cAAc,EAAE;oBACd,aAAa,EAAE,YAAY;iBAC5B;aACF,CAAC,CACH,CAAA;YACD,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAChC,IAAI,CAAC,0BAA0B,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAA;YAChE,IAAI,CAAC,2BAA2B,EAAE,CAAA;YAClC,MAAM,IAAI,iBAAiB,CACzB,kFAAkF,EAClF;gBACE,aAAa,EAAE,IAAI;gBACnB,aAAa,EAAE,KAAc;aAC9B,CACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,gBAAgB,CAAC,QAAuB;QACtC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAE7B,OAAO,GAAG,EAAE;YACV,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;YAC9C,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;gBACjB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;YACjC,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,QAAgB,EAChB,oBAA0C;QAE1C,IAAI,oBAAoB,CAAC,oBAAoB,EAAE,CAAC;YAC9C,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,CAAA;YAC1E,OAAO,EAAE,CAAA;QACX,CAAC;QAED,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAA;QACxD,QAAQ,aAAa,EAAE,CAAC;YACtB,KAAK,uBAAuB,CAAC,CAAC,CAAC;gBAC7B,OAAO;oBACL,qBAAqB,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;wBAC3C,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;4BAChC,aAAa;4BACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;4BACrC,kBAAkB,EAAE;gCAClB,QAAQ,EAAE,QAAQ;gCAClB,YAAY,EAAE,WAAW;6BAC1B;yBACF,CAAC,CACH,CAAA;wBACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;oBACH,CAAC;iBACF,CAAA;YACH,CAAC;YACD,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,OAAO;oBACL,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;wBAC9B,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;4BAChC,aAAa;4BACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;4BACrC,kBAAkB,EAAE;gCAClB,QAAQ,EAAE,QAAQ;gCAClB,uBAAuB,EAAE,IAAI;6BAC9B;yBACF,CAAC,CACH,CAAA;wBACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;oBACH,CAAC;iBACF,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,CAAC,IAAI,CACV,uFAAuF,EACvF,oBAAoB,CACrB,CAAA;QACD,MAAM,IAAI,KAAK,CACb,mIAAmI,CACpI,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,QAAgB,EAChB,QAAgB;QAEhB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC/D,IAAI,mBAAmB,CAAC;YACtB,QAAQ,EAAE,oBAAoB;YAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE;gBACd,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ;aACnB;SACF,CAAC,CACH,CAAA;QAED,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,oBAA6B;QAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,6GAA6G,CAC9G,CAAA;QACH,CAAC;QAED,0CAA0C;QAC1C,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAA;QACpC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QAEvC,0EAA0E;QAC1E,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAA;QAC3C,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAA;QAE3D,+DAA+D;QAC/D,MAAM,cAAc,GAAG,MAAM,yBAAyB,CAAC,YAAY,CAAC,CAAA;QAEpE,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,mBAAmB;gBACzC,qBAAqB;gBACrB,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,SAAS;gBACT,kBAAkB,CAAC,KAAK,CAAC;gBACzB,SAAS;gBACT,kBAAkB,CAAC,oDAAoD,CAAC;gBACxE,gBAAgB;gBAChB,kBAAkB,CAAC,WAAW,CAAC;gBAC/B,kBAAkB;gBAClB,kBAAkB,CAAC,cAAc,CAAC;gBAClC,6BAA6B;gBAC7B,CAAC,oBAAoB;oBACnB,CAAC,CAAC,qBAAqB,GAAG,kBAAkB,CAAC,oBAAoB,CAAC;oBAClE,CAAC,CAAC,EAAE,CAAC,CAAA;IACX,CAAC;IAED,KAAK,CAAC,oBAAoB;QACxB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,sHAAsH,CACvH,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QACzD,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACrC,MAAM,qBAAqB,GAAG,KAAK,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAE5D,+CAA+C;QAC/C,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,GAAG,UAAU,MACX,OAAO,qBAAqB,KAAK,QAAQ;gBACvC,CAAC,CAAC,qBAAqB;gBACvB,CAAC,CAAC,gCACN,EAAE,CACH,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;QACtE,CAAC;QAED,IAAI,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;QAClC,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEnE,kDAAkD;QAClD,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACnC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEhD,sDAAsD;QACtD,MAAM,MAAM,GAA4B,MAAM,IAAI,OAAO,CACvD,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClB,eAAe,CACb,WAAW,WAAW,eAAe,EACrC;gBACE,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,YAAY,EAAE,WAAW;gBACzB,aAAa;aACd,EACD,OAAO,EACP,CAAC,KAAK,EAAE,EAAE;gBACR,MAAM,CACJ,IAAI,KAAK,CACP,KAAK,CAAC,iBAAiB;oBACrB,KAAK,CAAC,OAAO;oBACb,oEAAoE,CACvE,CACF,CAAA;YACH,CAAC,CACF,CAAA;QACH,CAAC,CACF,CAAA;QAED,IAAI,CAAC,0BAA0B,CAAC;YAC9B,WAAW,EAAE,MAAM,CAAC,YAAsB;YAC1C,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,OAAO,EAAE,MAAM,CAAC,QAAkB;YAClC,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,YAAY,EAAE,MAAM,CAAC,aAAuB;SAC7C,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,gBAAwB,EACxB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,qBAAqB,CAAC;YACxB,WAAW,EAAE,WAAW,IAAI,EAAE;YAC9B,gBAAgB,EAAE,gBAAgB;YAClC,gBAAgB,EAAE,WAAW;SAC9B,CAAC,CACH,CAAA;IACH,CAAC;IACD,KAAK,CAAC,qBAAqB,CAAC,EAC1B,QAAQ,EACR,IAAI,EACJ,QAAQ,GAKT;QACC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,4BAA4B,CAAC;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,gBAAgB,EAAE,IAAI;YACtB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;SACnB,CAAC,CACH,CAAA;IACH,CAAC;IAED,cAAc;QACZ,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,WAAW,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,MAAM,IAAI,SAAS,CACjB,4GAA4G,CAC7G,CAAA;QACH,CAAC;QAED,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,SAAS;gBAC/B,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,cAAc;gBACd,kBAAkB,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM;QACV,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;YAC5C,4DAA4D;YAC5D,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;YAC9B,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA;YAC1C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,oBAAoB,CAAC;oBACvB,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAE,KAA2B,CAAC,aAAa,EAAE,CAAC;gBAChD,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,2BAA2B,EAAE,CAAA;QACpC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,WAAW,EAAE,CAAA;IAC3B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,eAAe,EAAE,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,iBAAiB;;QACrB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CACxD,IAAI,cAAc,CAAC;YACjB,WAAW,EAAE,WAAW;SACzB,CAAC,CACH,CAAA;QAED,OAAO,CAAC,CAAC,CAAA,MAAA,IAAI,CAAC,kBAAkB,0CAAE,MAAM,CAAA,CAAA;IAC1C,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,wBAAwB,EAAE;gBACxB,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,KAAK;aACpB;YACD,WAAW,EAAE,WAAW;SACzB,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAClE,IAAI,6BAA6B,CAAC;YAChC,WAAW,EAAE,WAAW;SACzB,CAAC,CACH,CAAA;QAED,OAAO;YACL,UAAU,EAAE,UAAU;YACtB,eAAe,EAAE,KAAK,EAAE,IAAY,EAAE,EAAE;gBACtC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;oBAC7B,WAAW,EAAE,WAAW;oBACxB,QAAQ,EAAE,IAAI;iBACf,CAAC,CACH,CAAA;gBACD,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;oBAC9B,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,IAAI;qBACnB;oBACD,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;SACF,CAAA;IACH,CAAC;CACF;AAED,sEAAsE;AACtE,2BAA2B;AAE3B,qDAAqD;AACrD,SAAS,eAAe,CACtB,GAAW,EACX,MAA+B,EAC/B,OAAiD,EACjD,KAAsE;IAEtE,MAAM,OAAO,GAAG,IAAI,cAAc,EAAE,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;IAC/B,OAAO,CAAC,gBAAgB,CACtB,cAAc,EACd,kDAAkD,CACnD,CAAA;IACD,OAAO,CAAC,MAAM,GAAG;QACf,IAAI,IAAI,GAAG,EAAE,CAAA;QACb,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAA;YAC1B,aAAa;QACf,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,CAAA;QACf,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,CAAA;QACb,CAAC;IACH,CAAC,CAAA;IACD,OAAO,CAAC,OAAO,GAAG;QAChB,KAAK,CAAC,EAAE,CAAC,CAAA;IACX,CAAC,CAAA;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;SAC7B,MAAM,CAAC,CAAC,IAAc,EAAE,GAAG,EAAE,EAAE;QAC9B,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAA;QACpC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,EAAE,EAAE,CAAC;SACL,IAAI,CAAC,GAAG,CAAC,CAAA;IACZ,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACpB,CAAC;AAED,sEAAsE;AACtE,wBAAwB;AAExB,qEAAqE;AACrE,SAAS,oBAAoB;IAC3B,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAA;IACjC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IACpC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CACzE,EAAE,CACH,CAAA;AACH,CAAC;AAED,+CAA+C;AAC/C,oDAAoD;AACpD,SAAS,MAAM,CAAC,KAAa;IAC3B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;AACrD,CAAC;AAED,qCAAqC;AACrC,SAAS,eAAe,CAAC,GAAgB;IACvC,sFAAsF;IACtF,sEAAsE;IACtE,uDAAuD;IACvD,0DAA0D;IAC1D,mBAAmB;IACnB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;SAC9D,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AACvB,CAAC;AAED,kEAAkE;AAClE,KAAK,UAAU,yBAAyB,CAAC,CAAS;IAChD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,CAAC,CAAC,CAAA;IAC9B,OAAO,eAAe,CAAC,MAAM,CAAC,CAAA;AAChC,CAAC","sourcesContent":["import {\n AssociateSoftwareTokenCommand,\n AuthenticationResultType,\n ChangePasswordCommand,\n CognitoIdentityProviderClient,\n ConfirmForgotPasswordCommand,\n GetUserCommand,\n GlobalSignOutCommand,\n InitiateAuthCommand,\n InitiateAuthResponse,\n RespondToAuthChallengeCommand,\n SetUserMFAPreferenceCommand,\n VerifySoftwareTokenCommand,\n} from '@aws-sdk/client-cognito-identity-provider'\nimport Sentry from '../Sentry'\nimport { OneBlinkAppsError } from '..'\n\nexport type LoginAttemptResponse = {\n resetPasswordCallback?: (newPassword: string) => Promise<LoginAttemptResponse>\n mfaCodeCallback?: (code: string) => Promise<LoginAttemptResponse>\n}\n\nexport default class AWSCognitoClient {\n clientId: string\n cognitoIdentityProviderClient: CognitoIdentityProviderClient\n loginDomain: string | void\n redirectUri: string | void\n logoutUri: string | void\n listeners: Array<() => unknown>\n\n constructor({\n clientId,\n region,\n loginDomain,\n redirectUri,\n logoutUri,\n }: {\n clientId: string\n region: string\n redirectUri?: string\n logoutUri?: string\n loginDomain?: string\n }) {\n if (!clientId) {\n throw new TypeError('\"clientId\" is required in constructor')\n }\n if (!region) {\n throw new TypeError('\"region\" is required in constructor')\n }\n\n this.listeners = []\n this.redirectUri = redirectUri\n this.logoutUri = logoutUri\n this.loginDomain = loginDomain\n this.clientId = clientId\n this.cognitoIdentityProviderClient = new CognitoIdentityProviderClient({\n region,\n })\n }\n\n // Local Storage Keys\n get EXPIRES_AT() {\n return `COGNITO_${this.clientId}_EXPIRES_AT`\n }\n get ACCESS_TOKEN() {\n return `COGNITO_${this.clientId}_ACCESS_TOKEN`\n }\n get ID_TOKEN() {\n return `COGNITO_${this.clientId}_ID_TOKEN`\n }\n get REFRESH_TOKEN() {\n return `COGNITO_${this.clientId}_REFRESH_TOKEN`\n }\n get STATE() {\n return `COGNITO_${this.clientId}_STATE`\n }\n get PKCE_CODE_VERIFIER() {\n return `COGNITO_${this.clientId}_PKCE_CODE_VERIFIER`\n }\n\n _executeListeners() {\n for (const listener of this.listeners) {\n try {\n listener()\n } catch (error) {\n Sentry.captureException(error)\n // Ignore error from listeners\n console.warn('AWSCognitoClient listener error', error)\n }\n }\n }\n\n _storeAuthenticationResult(authenticationResult: AuthenticationResultType) {\n // Take off 5 seconds to ensure a request does not become unauthenticated mid request\n const expiresAt =\n (authenticationResult.ExpiresIn as number) * 1000 + Date.now() - 5000\n localStorage.setItem(this.EXPIRES_AT, expiresAt.toString())\n localStorage.setItem(\n this.ACCESS_TOKEN,\n authenticationResult.AccessToken as string,\n )\n localStorage.setItem(this.ID_TOKEN, authenticationResult.IdToken as string)\n if (authenticationResult.RefreshToken) {\n localStorage.setItem(\n this.REFRESH_TOKEN,\n authenticationResult.RefreshToken,\n )\n }\n\n this._executeListeners()\n }\n\n _removeAuthenticationResult() {\n localStorage.removeItem(this.EXPIRES_AT)\n localStorage.removeItem(this.ACCESS_TOKEN)\n localStorage.removeItem(this.ID_TOKEN)\n localStorage.removeItem(this.REFRESH_TOKEN)\n\n this._executeListeners()\n }\n\n _getAccessToken(): string | undefined {\n return localStorage.getItem(this.ACCESS_TOKEN) || undefined\n }\n\n _getIdToken(): string | undefined {\n return localStorage.getItem(this.ID_TOKEN) || undefined\n }\n\n _getRefreshToken(): string | undefined {\n return localStorage.getItem(this.REFRESH_TOKEN) || undefined\n }\n\n _isSessionValid(): boolean {\n const expiresAt = localStorage.getItem(this.EXPIRES_AT)\n if (!expiresAt) {\n return false\n }\n return parseInt(expiresAt, 10) > Date.now()\n }\n\n async _refreshSession(): Promise<void> {\n if (this._isSessionValid()) {\n return\n }\n\n const refreshToken = this._getRefreshToken()\n if (!refreshToken) {\n return\n }\n\n try {\n const result = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'REFRESH_TOKEN_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n REFRESH_TOKEN: refreshToken,\n },\n }),\n )\n if (result.AuthenticationResult) {\n this._storeAuthenticationResult(result.AuthenticationResult)\n }\n } catch (error) {\n console.warn('Error while attempting to refresh session', error)\n this._removeAuthenticationResult()\n throw new OneBlinkAppsError(\n 'Your session has expired. Please login again to continue to use the application.',\n {\n requiresLogin: true,\n originalError: error as Error,\n },\n )\n }\n }\n\n registerListener(listener: () => unknown): () => void {\n this.listeners.push(listener)\n\n return () => {\n const index = this.listeners.indexOf(listener)\n if (index !== -1) {\n this.listeners.splice(index, 1)\n }\n }\n }\n\n async responseToAuthChallenge(\n username: string,\n initiateAuthResponse: InitiateAuthResponse,\n ): Promise<LoginAttemptResponse> {\n if (initiateAuthResponse.AuthenticationResult) {\n this._storeAuthenticationResult(initiateAuthResponse.AuthenticationResult)\n return {}\n }\n\n const ChallengeName = initiateAuthResponse.ChallengeName\n switch (ChallengeName) {\n case 'NEW_PASSWORD_REQUIRED': {\n return {\n resetPasswordCallback: async (newPassword) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n NEW_PASSWORD: newPassword,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n }\n }\n case 'SOFTWARE_TOKEN_MFA': {\n return {\n mfaCodeCallback: async (code) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SOFTWARE_TOKEN_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n }\n }\n }\n\n console.warn(\n '\"CognitoIdentityServiceProvider.InitiateAuthResponse\" challenge has not been catered.',\n initiateAuthResponse,\n )\n throw new Error(\n 'An unexpected error occurred while attempting to process your login. Please try again or contact support if the problem persists.',\n )\n }\n\n async loginUsernamePassword(\n username: string,\n password: string,\n ): Promise<LoginAttemptResponse> {\n const loginResult = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'USER_PASSWORD_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n USERNAME: username,\n PASSWORD: password,\n },\n }),\n )\n\n return await this.responseToAuthChallenge(username, loginResult)\n }\n\n async loginHostedUI(identityProviderName?: string): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to login.',\n )\n }\n\n // Create and store a random \"state\" value\n const state = generateRandomString()\n localStorage.setItem(this.STATE, state)\n\n // Create and store a new PKCE code_verifier (the plaintext random secret)\n const codeVerifier = generateRandomString()\n localStorage.setItem(this.PKCE_CODE_VERIFIER, codeVerifier)\n\n // Hash and base64-urlencode the secret to use as the challenge\n const code_challenge = await pkceChallengeFromVerifier(codeVerifier)\n\n window.location.href =\n `https://${loginDomain}/oauth2/authorize` +\n '?response_type=code' +\n '&client_id=' +\n encodeURIComponent(this.clientId) +\n '&state=' +\n encodeURIComponent(state) +\n '&scope=' +\n encodeURIComponent('openid email profile aws.cognito.signin.user.admin') +\n '&redirect_uri=' +\n encodeURIComponent(redirectUri) +\n '&code_challenge=' +\n encodeURIComponent(code_challenge) +\n '&code_challenge_method=S256' +\n (identityProviderName\n ? '&identity_provider=' + encodeURIComponent(identityProviderName)\n : '')\n }\n\n async handleAuthentication(): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to handle a login.',\n )\n }\n\n const query = new URLSearchParams(window.location.search)\n const queryError = query.get('error')\n const queryErrorDescription = query.get('error_description')\n\n // Check if the server returned an error string\n if (typeof queryError === 'string') {\n throw new Error(\n `${queryError} - ${\n typeof queryErrorDescription === 'string'\n ? queryErrorDescription\n : 'An unknown error has occurred.'\n }`,\n )\n }\n\n const code = query.get('code')\n if (typeof code !== 'string') {\n throw new Error('\"code\" was not including in query string to parse')\n }\n\n if (localStorage.getItem(this.STATE) !== query.get('state')) {\n throw new Error('Invalid login')\n }\n\n const code_verifier = localStorage.getItem(this.PKCE_CODE_VERIFIER)\n\n // Clean these up since we don't need them anymore\n localStorage.removeItem(this.STATE)\n localStorage.removeItem(this.PKCE_CODE_VERIFIER)\n\n // Exchange the authorization code for an access token\n const result: Record<string, unknown> = await new Promise(\n (resolve, reject) => {\n sendPostRequest(\n `https://${loginDomain}/oauth2/token`,\n {\n grant_type: 'authorization_code',\n code,\n client_id: this.clientId,\n redirect_uri: redirectUri,\n code_verifier,\n },\n resolve,\n (error) => {\n reject(\n new Error(\n error.error_description ||\n error.message ||\n 'An unknown error has occurred while processing authentication code',\n ),\n )\n },\n )\n },\n )\n\n this._storeAuthenticationResult({\n AccessToken: result.access_token as string,\n ExpiresIn: result.expires_in as number,\n IdToken: result.id_token as string,\n TokenType: result.token_type as string,\n RefreshToken: result.refresh_token as string,\n })\n }\n\n async changePassword(\n existingPassword: string,\n newPassword: string,\n ): Promise<void> {\n const accessToken = await this.getAccessToken()\n await this.cognitoIdentityProviderClient.send(\n new ChangePasswordCommand({\n AccessToken: accessToken || '',\n PreviousPassword: existingPassword,\n ProposedPassword: newPassword,\n }),\n )\n }\n async confirmForgotPassword({\n username,\n code,\n password,\n }: {\n username: string\n code: string\n password: string\n }) {\n await this.cognitoIdentityProviderClient.send(\n new ConfirmForgotPasswordCommand({\n ClientId: this.clientId,\n ConfirmationCode: code,\n Password: password,\n Username: username,\n }),\n )\n }\n\n logoutHostedUI(): void {\n const loginDomain = this.loginDomain\n const logoutUri = this.logoutUri\n if (!loginDomain || !logoutUri) {\n throw new TypeError(\n '\"loginDomain\" or \"logoutUri\" was not passed to constructor. Both are required before attempting to logout.',\n )\n }\n\n window.location.href =\n `https://${loginDomain}/logout` +\n '?client_id=' +\n encodeURIComponent(this.clientId) +\n '&logout_uri=' +\n encodeURIComponent(logoutUri)\n }\n\n async logout(): Promise<void> {\n try {\n const refreshToken = this._getRefreshToken()\n // Refresh session to allow access token to perform sign out\n if (refreshToken) {\n await this._refreshSession()\n }\n\n const accessToken = this._getAccessToken()\n if (accessToken) {\n await this.cognitoIdentityProviderClient.send(\n new GlobalSignOutCommand({\n AccessToken: accessToken,\n }),\n )\n }\n } catch (error) {\n if (!(error as OneBlinkAppsError).requiresLogin) {\n throw error\n }\n } finally {\n this._removeAuthenticationResult()\n }\n }\n\n async getIdToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getIdToken()\n }\n\n async getAccessToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getAccessToken()\n }\n\n async checkIsMfaEnabled() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return false\n }\n\n const user = await this.cognitoIdentityProviderClient.send(\n new GetUserCommand({\n AccessToken: accessToken,\n }),\n )\n\n return !!user.UserMFASettingList?.length\n }\n\n async disableMfa() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n SoftwareTokenMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n AccessToken: accessToken,\n }),\n )\n }\n\n async setupMfa() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const { SecretCode } = await this.cognitoIdentityProviderClient.send(\n new AssociateSoftwareTokenCommand({\n AccessToken: accessToken,\n }),\n )\n\n return {\n secretCode: SecretCode,\n mfaCodeCallback: async (code: string) => {\n await this.cognitoIdentityProviderClient.send(\n new VerifySoftwareTokenCommand({\n AccessToken: accessToken,\n UserCode: code,\n }),\n )\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n AccessToken: accessToken,\n }),\n )\n },\n }\n }\n}\n\n//////////////////////////////////////////////////////////////////////\n// GENERAL HELPER FUNCTIONS\n\n// Make a POST request and parse the response as JSON\nfunction sendPostRequest(\n url: string,\n params: Record<string, unknown>,\n success: (value: Record<string, unknown>) => void,\n error: (err: { message?: string; error_description?: string }) => void,\n) {\n const request = new XMLHttpRequest()\n request.open('POST', url, true)\n request.setRequestHeader(\n 'Content-Type',\n 'application/x-www-form-urlencoded; charset=UTF-8',\n )\n request.onload = function () {\n let body = {}\n try {\n body = JSON.parse(request.response)\n } catch (e) {\n Sentry.captureException(e)\n // Do nothing\n }\n\n if (request.status == 200) {\n success(body)\n } else {\n error(body)\n }\n }\n request.onerror = function () {\n error({})\n }\n const body = Object.keys(params)\n .reduce((keys: string[], key) => {\n if (params[key]) {\n keys.push(key + '=' + params[key])\n }\n return keys\n }, [])\n .join('&')\n request.send(body)\n}\n\n//////////////////////////////////////////////////////////////////////\n// PKCE HELPER FUNCTIONS\n\n// Generate a secure random string using the browser crypto functions\nfunction generateRandomString() {\n const array = new Uint32Array(28)\n window.crypto.getRandomValues(array)\n return Array.from(array, (dec) => ('0' + dec.toString(16)).substr(-2)).join(\n '',\n )\n}\n\n// Calculate the SHA256 hash of the input text.\n// Returns a promise that resolves to an ArrayBuffer\nfunction sha256(plain: string) {\n const encoder = new TextEncoder()\n const data = encoder.encode(plain)\n return window.crypto.subtle.digest('SHA-256', data)\n}\n\n// Base64-urlencodes the input string\nfunction base64urlencode(str: ArrayBuffer) {\n // Convert the ArrayBuffer to string using Uint8 array to conver to what btoa accepts.\n // btoa accepts chars only within ascii 0-255 and base64 encodes them.\n // Then convert the base64 encoded to base64url encoded\n // (replace + with -, replace / with _, trim trailing =)\n // @ts-expect-error\n return btoa(String.fromCharCode.apply(null, new Uint8Array(str)))\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '')\n}\n\n// Return the base64-urlencoded sha256 hash for the PKCE challenge\nasync function pkceChallengeFromVerifier(v: string) {\n const hashed = await sha256(v)\n return base64urlencode(hashed)\n}\n"]}
|
|
1
|
+
{"version":3,"file":"AWSCognitoClient.js","sourceRoot":"","sources":["../../../src/apps/services/AWSCognitoClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAE7B,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,2BAA2B,EAC3B,uCAAuC,EACvC,cAAc,EACd,oBAAoB,EACpB,mBAAmB,EAEnB,6BAA6B,EAC7B,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,2CAA2C,CAAA;AAClD,OAAO,MAAM,MAAM,WAAW,CAAA;AAC9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAA;AAkBtC,MAAM,CAAC,MAAM,oBAAoB,GAAgB;IAC/C,aAAa,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE;IACnD,GAAG,EAAE;QACH,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,KAAK;QAChB,WAAW,EAAE,SAAS;QACtB,qBAAqB,EAAE,KAAK;KAC7B;CACF,CAAA;AAOD,MAAM,6BAA6B,GAAG;IACpC,GAAG,EAAE,CAAC,WAAwB,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO;IAC1D,gBAAgB,EAAE,CAAC,WAAwB,EAAE,EAAE,CAC7C,WAAW,CAAC,aAAa,CAAC,OAAO;CAIpC,CAAA;AAED,SAAS,4BAA4B,CACnC,cAAoD,EACpD,WAAwB;IAExB,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,eAAe,GACnB,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAG1C,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAA;IAE5C,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CACrC,6BAA6B,CAAC,MAAM,CAAC,CAAC,WAAW,CAAC,CACnD,CAAA;AACH,CAAC;AAUD,MAAM,CAAC,OAAO,OAAO,gBAAgB;IAQnC,YAAY,EACV,QAAQ,EACR,MAAM,EACN,WAAW,EACX,WAAW,EACX,SAAS,GAOV;QACC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;QAC9D,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAA;QAC5D,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,EAAE,CAAA;QACnB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,IAAI,CAAC,6BAA6B,GAAG,IAAI,6BAA6B,CAAC;YACrE,MAAM;SACP,CAAC,CAAA;IACJ,CAAC;IAED,qBAAqB;IACrB,IAAI,UAAU;QACZ,OAAO,WAAW,IAAI,CAAC,QAAQ,aAAa,CAAA;IAC9C,CAAC;IACD,IAAI,YAAY;QACd,OAAO,WAAW,IAAI,CAAC,QAAQ,eAAe,CAAA;IAChD,CAAC;IACD,IAAI,QAAQ;QACV,OAAO,WAAW,IAAI,CAAC,QAAQ,WAAW,CAAA;IAC5C,CAAC;IACD,IAAI,aAAa;QACf,OAAO,WAAW,IAAI,CAAC,QAAQ,gBAAgB,CAAA;IACjD,CAAC;IACD,IAAI,KAAK;QACP,OAAO,WAAW,IAAI,CAAC,QAAQ,QAAQ,CAAA;IACzC,CAAC;IACD,IAAI,kBAAkB;QACpB,OAAO,WAAW,IAAI,CAAC,QAAQ,qBAAqB,CAAA;IACtD,CAAC;IAED,iBAAiB;QACf,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,QAAQ,EAAE,CAAA;YACZ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAA;gBAC9B,8BAA8B;gBAC9B,OAAO,CAAC,IAAI,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B,CAAC,oBAA8C;QACvE,qFAAqF;QACrF,MAAM,SAAS,GACZ,oBAAoB,CAAC,SAAoB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA;QACvE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;QAC3D,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,YAAY,EACjB,oBAAoB,CAAC,WAAqB,CAC3C,CAAA;QACD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC,OAAiB,CAAC,CAAA;QAC3E,IAAI,oBAAoB,CAAC,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,aAAa,EAClB,oBAAoB,CAAC,YAAY,CAClC,CAAA;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,2BAA2B;QACzB,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACxC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC1C,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACtC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAE3C,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,eAAe;QACb,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,SAAS,CAAA;IAC7D,CAAC;IAED,WAAW;QACT,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAA;IACzD,CAAC;IAED,gBAAgB;QACd,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,SAAS,CAAA;IAC9D,CAAC;IAED,eAAe;QACb,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAM;QACR,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAM;QACR,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC1D,IAAI,mBAAmB,CAAC;gBACtB,QAAQ,EAAE,oBAAoB;gBAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,cAAc,EAAE;oBACd,aAAa,EAAE,YAAY;iBAC5B;aACF,CAAC,CACH,CAAA;YACD,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAChC,IAAI,CAAC,0BAA0B,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAA;YAChE,IAAI,CAAC,2BAA2B,EAAE,CAAA;YAClC,MAAM,IAAI,iBAAiB,CACzB,kFAAkF,EAClF;gBACE,aAAa,EAAE,IAAI;gBACnB,aAAa,EAAE,KAAc;aAC9B,CACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,gBAAgB,CAAC,QAAuB;QACtC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAE7B,OAAO,GAAG,EAAE;YACV,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;YAC9C,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;gBACjB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;YACjC,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,QAAgB,EAChB,oBAA0C;QAE1C,IAAI,oBAAoB,CAAC,oBAAoB,EAAE,CAAC;YAC9C,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,CAAA;YAC1E,OAAO,EAAE,CAAA;QACX,CAAC;QAED,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAA;QACxD,QAAQ,aAAa,EAAE,CAAC;YACtB,KAAK,uBAAuB,CAAC,CAAC,CAAC;gBAC7B,OAAO;oBACL,qBAAqB,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;wBAC3C,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;4BAChC,aAAa;4BACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;4BACrC,kBAAkB,EAAE;gCAClB,QAAQ,EAAE,QAAQ;gCAClB,YAAY,EAAE,WAAW;6BAC1B;yBACF,CAAC,CACH,CAAA;wBACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;oBACH,CAAC;iBACF,CAAA;YACH,CAAC;YACD,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,OAAO;oBACL,GAAG,EAAE;wBACH,MAAM,EAAE,eAAe;wBACvB,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;4BAC3B,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;gCAChC,aAAa;gCACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;gCACrC,kBAAkB,EAAE;oCAClB,QAAQ,EAAE,QAAQ;oCAClB,uBAAuB,EAAE,IAAI;iCAC9B;6BACF,CAAC,CACH,CAAA;4BACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAA;YACH,CAAC;YACD,KAAK,WAAW,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YACD,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,OAAO;oBACL,GAAG,EAAE;wBACH,MAAM,EAAE,KAAK;wBACb,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;4BAC3B,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;gCAChC,aAAa;gCACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;gCACrC,kBAAkB,EAAE;oCAClB,QAAQ,EAAE,QAAQ;oCAClB,YAAY,EAAE,IAAI;iCACnB;6BACF,CAAC,CACH,CAAA;4BACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,kBAAkB,CACnB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,CAAC,IAAI,CACV,uFAAuF,EACvF,oBAAoB,CACrB,CAAA;QACD,MAAM,IAAI,KAAK,CACb,mIAAmI,CACpI,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,QAAgB,EAChB,QAAgB;QAEhB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC/D,IAAI,mBAAmB,CAAC;YACtB,QAAQ,EAAE,oBAAoB;YAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE;gBACd,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ;aACnB;SACF,CAAC,CACH,CAAA;QAED,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,oBAA6B;QAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,6GAA6G,CAC9G,CAAA;QACH,CAAC;QAED,0CAA0C;QAC1C,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAA;QACpC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QAEvC,0EAA0E;QAC1E,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAA;QAC3C,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAA;QAE3D,+DAA+D;QAC/D,MAAM,cAAc,GAAG,MAAM,yBAAyB,CAAC,YAAY,CAAC,CAAA;QAEpE,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,mBAAmB;gBACzC,qBAAqB;gBACrB,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,SAAS;gBACT,kBAAkB,CAAC,KAAK,CAAC;gBACzB,SAAS;gBACT,kBAAkB,CAAC,oDAAoD,CAAC;gBACxE,gBAAgB;gBAChB,kBAAkB,CAAC,WAAW,CAAC;gBAC/B,kBAAkB;gBAClB,kBAAkB,CAAC,cAAc,CAAC;gBAClC,6BAA6B;gBAC7B,CAAC,oBAAoB;oBACnB,CAAC,CAAC,qBAAqB,GAAG,kBAAkB,CAAC,oBAAoB,CAAC;oBAClE,CAAC,CAAC,EAAE,CAAC,CAAA;IACX,CAAC;IAED,KAAK,CAAC,oBAAoB;QACxB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,sHAAsH,CACvH,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QACzD,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACrC,MAAM,qBAAqB,GAAG,KAAK,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAE5D,+CAA+C;QAC/C,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,GAAG,UAAU,MACX,OAAO,qBAAqB,KAAK,QAAQ;gBACvC,CAAC,CAAC,qBAAqB;gBACvB,CAAC,CAAC,gCACN,EAAE,CACH,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;QACtE,CAAC;QAED,IAAI,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;QAClC,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEnE,kDAAkD;QAClD,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACnC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEhD,sDAAsD;QACtD,MAAM,MAAM,GAA4B,MAAM,IAAI,OAAO,CACvD,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClB,eAAe,CACb,WAAW,WAAW,eAAe,EACrC;gBACE,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,YAAY,EAAE,WAAW;gBACzB,aAAa;aACd,EACD,OAAO,EACP,CAAC,KAAK,EAAE,EAAE;gBACR,MAAM,CACJ,IAAI,KAAK,CACP,KAAK,CAAC,iBAAiB;oBACrB,KAAK,CAAC,OAAO;oBACb,oEAAoE,CACvE,CACF,CAAA;YACH,CAAC,CACF,CAAA;QACH,CAAC,CACF,CAAA;QAED,IAAI,CAAC,0BAA0B,CAAC;YAC9B,WAAW,EAAE,MAAM,CAAC,YAAsB;YAC1C,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,OAAO,EAAE,MAAM,CAAC,QAAkB;YAClC,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,YAAY,EAAE,MAAM,CAAC,aAAuB;SAC7C,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,gBAAwB,EACxB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,qBAAqB,CAAC;YACxB,WAAW,EAAE,WAAW,IAAI,EAAE;YAC9B,gBAAgB,EAAE,gBAAgB;YAClC,gBAAgB,EAAE,WAAW;SAC9B,CAAC,CACH,CAAA;IACH,CAAC;IACD,KAAK,CAAC,qBAAqB,CAAC,EAC1B,QAAQ,EACR,IAAI,EACJ,QAAQ,GAKT;QACC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,4BAA4B,CAAC;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,gBAAgB,EAAE,IAAI;YACtB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;SACnB,CAAC,CACH,CAAA;IACH,CAAC;IAED,cAAc;QACZ,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,WAAW,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,MAAM,IAAI,SAAS,CACjB,4GAA4G,CAC7G,CAAA;QACH,CAAC;QAED,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,SAAS;gBAC/B,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,cAAc;gBACd,kBAAkB,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM;QACV,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;YAC5C,4DAA4D;YAC5D,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;YAC9B,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA;YAC1C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,oBAAoB,CAAC;oBACvB,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAE,KAA2B,CAAC,aAAa,EAAE,CAAC;gBAChD,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,2BAA2B,EAAE,CAAA;QACpC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,WAAW,EAAE,CAAA;IAC3B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,eAAe,EAAE,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,WAAyB;;QAC5C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,oBAAoB,CAAA;QAC7B,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CACxD,IAAI,cAAc,CAAC;YACjB,WAAW,EAAE,WAAW;SACzB,CAAC,EACF,EAAE,WAAW,EAAE,CAChB,CAAA;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAA;QAC7C,MAAM,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,CAAA;QACpD,MAAM,WAAW,GAAG,MAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,cAAc,CACjD,0CAAE,KAAK,CAAA;QACR,MAAM,qBAAqB,GACzB,CAAA,MAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,IAAI,CACvB,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,uBAAuB,CAC1D,0CAAE,KAAK,MAAK,MAAM,CAAA;QAErB,OAAO;YACL,aAAa,EAAE;gBACb,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;gBAC/C,SAAS,EAAE,mBAAmB,KAAK,oBAAoB;aACxD;YACD,GAAG,EAAE;gBACH,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACpC,SAAS,EAAE,mBAAmB,KAAK,SAAS;gBAC5C,WAAW;gBACX,qBAAqB;aACtB;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,cAAoD;QAEpD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAE/C,OAAO;YACL,WAAW;YACX,uBAAuB,EAAE,4BAA4B,CACnD,cAAc,EACd,WAAW,CACZ;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,EAAE,qBAAqB,EAAE,KAAK,EAAE,CAAA;QACzC,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE;gBACd;oBACE,IAAI,EAAE,cAAc;oBACpB,KAAK,EAAE,WAAW;iBACnB;aACF;SACF,CAAC,CACH,CAAA;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,OAAO,EAAE,qBAAqB,EAAE,WAAW,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,kBAAkB,EAAE,CAAC,cAAc,CAAC;SACrC,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,+BAA+B;QACnC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAClD,IAAI,uCAAuC,CAAC;YAC1C,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,cAAc;SAC9B,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAAY;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;YAC7B,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,cAAc;YAC7B,IAAI,EAAE,IAAI;SACX,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,MAAiB;QAC3C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAEnD,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,GAAG,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;gBACvC,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,KAAK,eAAe;qBACzC;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO;gBAC7B,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,KAAK,KAAK;qBAC/B;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAiB;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QACnD,MAAM,YAAY,GAChB,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS;YACzC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAA;QACnC,MAAM,WAAW,GACf,MAAM,KAAK,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,CAAA;QACtD,MAAM,aAAa,GACjB,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,eAAe,CAAC,GAAG;YACrB,CAAC,CAAC,eAAe,CAAC,aAAa,CAAA;QAEnC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,GAAG,CAAC,MAAM,KAAK,eAAe;gBAC5B,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,KAAK;qBACpB;iBACF;gBACH,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,KAAK;qBACpB;iBACF,CAAC;YACN,GAAG,CAAC,YAAY,IAAI,aAAa,CAAC,OAAO;gBACvC,CAAC,CAAC,WAAW,KAAK,eAAe;oBAC/B,CAAC,CAAC;wBACE,wBAAwB,EAAE;4BACxB,OAAO,EAAE,IAAI;4BACb,YAAY,EAAE,IAAI;yBACnB;qBACF;oBACH,CAAC,CAAC;wBACE,cAAc,EAAE;4BACd,OAAO,EAAE,IAAI;4BACb,YAAY,EAAE,IAAI;yBACnB;qBACF;gBACL,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAE,SAAS,KAA8B,EAAE;QAC3D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QACnD,MAAM,kBAAkB,GACtB,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;YACpC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC;YAC1C,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAChE,MAAM,iBAAiB,GACrB,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,CAAC,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAEpE,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE;gBACd,OAAO,EAAE,IAAI;gBACb,YAAY,EAAE,iBAAiB;aAChC;YACD,GAAG,CAAC,iBAAiB,IAAI,eAAe,CAAC,aAAa,CAAC,OAAO;gBAC5D,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,KAAK;qBACpB;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,EAAE,SAAS,KAA8B,EAAE;QACxE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAClE,IAAI,6BAA6B,CAAC;YAChC,WAAW,EAAE,WAAW;SACzB,CAAC,CACH,CAAA;QAED,OAAO;YACL,UAAU,EAAE,UAAU;YACtB,eAAe,EAAE,KAAK,EAAE,IAAY,EAAE,EAAE;gBACtC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;oBAC7B,WAAW,EAAE,WAAW;oBACxB,QAAQ,EAAE,IAAI;iBACf,CAAC,CACH,CAAA;gBAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;gBACnD,MAAM,kBAAkB,GACtB,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;oBACpC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC;oBAC1C,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;gBAChE,MAAM,iBAAiB,GACrB,SAAS,aAAT,SAAS,cAAT,SAAS,GACT,CAAC,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;gBAEjE,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;oBAC9B,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,iBAAiB;qBAChC;oBACD,GAAG,CAAC,iBAAiB,IAAI,eAAe,CAAC,GAAG,CAAC,OAAO;wBAClD,CAAC,CAAC;4BACE,cAAc,EAAE;gCACd,OAAO,EAAE,IAAI;gCACb,YAAY,EAAE,KAAK;6BACpB;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;oBACP,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;SACF,CAAA;IACH,CAAC;CACF;AAED,sEAAsE;AACtE,2BAA2B;AAE3B,qDAAqD;AACrD,SAAS,eAAe,CACtB,GAAW,EACX,MAA+B,EAC/B,OAAiD,EACjD,KAAsE;IAEtE,MAAM,OAAO,GAAG,IAAI,cAAc,EAAE,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;IAC/B,OAAO,CAAC,gBAAgB,CACtB,cAAc,EACd,kDAAkD,CACnD,CAAA;IACD,OAAO,CAAC,MAAM,GAAG;QACf,IAAI,IAAI,GAAG,EAAE,CAAA;QACb,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAA;YAC1B,aAAa;QACf,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,CAAA;QACf,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,CAAA;QACb,CAAC;IACH,CAAC,CAAA;IACD,OAAO,CAAC,OAAO,GAAG;QAChB,KAAK,CAAC,EAAE,CAAC,CAAA;IACX,CAAC,CAAA;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;SAC7B,MAAM,CAAC,CAAC,IAAc,EAAE,GAAG,EAAE,EAAE;QAC9B,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAA;QACpC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,EAAE,EAAE,CAAC;SACL,IAAI,CAAC,GAAG,CAAC,CAAA;IACZ,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACpB,CAAC;AAED,sEAAsE;AACtE,wBAAwB;AAExB,qEAAqE;AACrE,SAAS,oBAAoB;IAC3B,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAA;IACjC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IACpC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CACzE,EAAE,CACH,CAAA;AACH,CAAC;AAED,+CAA+C;AAC/C,oDAAoD;AACpD,SAAS,MAAM,CAAC,KAAa;IAC3B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;AACrD,CAAC;AAED,qCAAqC;AACrC,SAAS,eAAe,CAAC,GAAgB;IACvC,sFAAsF;IACtF,sEAAsE;IACtE,uDAAuD;IACvD,0DAA0D;IAC1D,mBAAmB;IACnB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;SAC9D,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AACvB,CAAC;AAED,kEAAkE;AAClE,KAAK,UAAU,yBAAyB,CAAC,CAAS;IAChD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,CAAC,CAAC,CAAA;IAC9B,OAAO,eAAe,CAAC,MAAM,CAAC,CAAA;AAChC,CAAC","sourcesContent":["import {\n AssociateSoftwareTokenCommand,\n AuthenticationResultType,\n ChangePasswordCommand,\n CognitoIdentityProviderClient,\n ConfirmForgotPasswordCommand,\n DeleteUserAttributesCommand,\n GetUserAttributeVerificationCodeCommand,\n GetUserCommand,\n GlobalSignOutCommand,\n InitiateAuthCommand,\n InitiateAuthResponse,\n RespondToAuthChallengeCommand,\n SetUserMFAPreferenceCommand,\n UpdateUserAttributesCommand,\n VerifySoftwareTokenCommand,\n VerifyUserAttributeCommand,\n} from '@aws-sdk/client-cognito-identity-provider'\nimport Sentry from '../Sentry'\nimport { OneBlinkAppsError } from '..'\nimport { MiscTypes } from '@oneblink/types'\n\nexport type MfaMethod = 'authenticator' | 'sms'\n\nexport type MfaSettings = {\n authenticator: {\n enabled: boolean\n preferred: boolean\n }\n sms: {\n enabled: boolean\n preferred: boolean\n phoneNumber: string | undefined\n isPhoneNumberVerified: boolean\n }\n}\n\nexport const DEFAULT_MFA_SETTINGS: MfaSettings = {\n authenticator: { enabled: false, preferred: false },\n sms: {\n enabled: false,\n preferred: false,\n phoneNumber: undefined,\n isPhoneNumberVerified: false,\n },\n}\n\nexport type MfaRequirementCheckResult = {\n mfaSettings: MfaSettings\n userMeetsMfaRequirement: boolean\n}\n\nconst MFA_REQUIREMENT_METHOD_CHECKS = {\n sms: (mfaSettings: MfaSettings) => mfaSettings.sms.enabled,\n authenticatorApp: (mfaSettings: MfaSettings) =>\n mfaSettings.authenticator.enabled,\n} satisfies Record<\n keyof MiscTypes.MfaRequirement,\n (mfaSettings: MfaSettings) => boolean\n>\n\nfunction checkUserMeetsMfaRequirement(\n mfaRequirement: MiscTypes.MfaRequirement | undefined,\n mfaSettings: MfaSettings,\n): boolean {\n if (!mfaRequirement) {\n return true\n }\n\n const requiredMethods = (\n Object.keys(MFA_REQUIREMENT_METHOD_CHECKS) as Array<\n keyof MiscTypes.MfaRequirement\n >\n ).filter((method) => mfaRequirement[method])\n\n if (requiredMethods.length === 0) {\n return true\n }\n\n return requiredMethods.some((method) =>\n MFA_REQUIREMENT_METHOD_CHECKS[method](mfaSettings),\n )\n}\n\nexport type LoginAttemptResponse = {\n resetPasswordCallback?: (newPassword: string) => Promise<LoginAttemptResponse>\n mfa?: {\n codeCallback: (code: string) => Promise<LoginAttemptResponse>\n method: MfaMethod\n }\n}\n\nexport default class AWSCognitoClient {\n clientId: string\n cognitoIdentityProviderClient: CognitoIdentityProviderClient\n loginDomain: string | void\n redirectUri: string | void\n logoutUri: string | void\n listeners: Array<() => unknown>\n\n constructor({\n clientId,\n region,\n loginDomain,\n redirectUri,\n logoutUri,\n }: {\n clientId: string\n region: string\n redirectUri?: string\n logoutUri?: string\n loginDomain?: string\n }) {\n if (!clientId) {\n throw new TypeError('\"clientId\" is required in constructor')\n }\n if (!region) {\n throw new TypeError('\"region\" is required in constructor')\n }\n\n this.listeners = []\n this.redirectUri = redirectUri\n this.logoutUri = logoutUri\n this.loginDomain = loginDomain\n this.clientId = clientId\n this.cognitoIdentityProviderClient = new CognitoIdentityProviderClient({\n region,\n })\n }\n\n // Local Storage Keys\n get EXPIRES_AT() {\n return `COGNITO_${this.clientId}_EXPIRES_AT`\n }\n get ACCESS_TOKEN() {\n return `COGNITO_${this.clientId}_ACCESS_TOKEN`\n }\n get ID_TOKEN() {\n return `COGNITO_${this.clientId}_ID_TOKEN`\n }\n get REFRESH_TOKEN() {\n return `COGNITO_${this.clientId}_REFRESH_TOKEN`\n }\n get STATE() {\n return `COGNITO_${this.clientId}_STATE`\n }\n get PKCE_CODE_VERIFIER() {\n return `COGNITO_${this.clientId}_PKCE_CODE_VERIFIER`\n }\n\n _executeListeners() {\n for (const listener of this.listeners) {\n try {\n listener()\n } catch (error) {\n Sentry.captureException(error)\n // Ignore error from listeners\n console.warn('AWSCognitoClient listener error', error)\n }\n }\n }\n\n _storeAuthenticationResult(authenticationResult: AuthenticationResultType) {\n // Take off 5 seconds to ensure a request does not become unauthenticated mid request\n const expiresAt =\n (authenticationResult.ExpiresIn as number) * 1000 + Date.now() - 5000\n localStorage.setItem(this.EXPIRES_AT, expiresAt.toString())\n localStorage.setItem(\n this.ACCESS_TOKEN,\n authenticationResult.AccessToken as string,\n )\n localStorage.setItem(this.ID_TOKEN, authenticationResult.IdToken as string)\n if (authenticationResult.RefreshToken) {\n localStorage.setItem(\n this.REFRESH_TOKEN,\n authenticationResult.RefreshToken,\n )\n }\n\n this._executeListeners()\n }\n\n _removeAuthenticationResult() {\n localStorage.removeItem(this.EXPIRES_AT)\n localStorage.removeItem(this.ACCESS_TOKEN)\n localStorage.removeItem(this.ID_TOKEN)\n localStorage.removeItem(this.REFRESH_TOKEN)\n\n this._executeListeners()\n }\n\n _getAccessToken(): string | undefined {\n return localStorage.getItem(this.ACCESS_TOKEN) || undefined\n }\n\n _getIdToken(): string | undefined {\n return localStorage.getItem(this.ID_TOKEN) || undefined\n }\n\n _getRefreshToken(): string | undefined {\n return localStorage.getItem(this.REFRESH_TOKEN) || undefined\n }\n\n _isSessionValid(): boolean {\n const expiresAt = localStorage.getItem(this.EXPIRES_AT)\n if (!expiresAt) {\n return false\n }\n return parseInt(expiresAt, 10) > Date.now()\n }\n\n async _refreshSession(): Promise<void> {\n if (this._isSessionValid()) {\n return\n }\n\n const refreshToken = this._getRefreshToken()\n if (!refreshToken) {\n return\n }\n\n try {\n const result = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'REFRESH_TOKEN_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n REFRESH_TOKEN: refreshToken,\n },\n }),\n )\n if (result.AuthenticationResult) {\n this._storeAuthenticationResult(result.AuthenticationResult)\n }\n } catch (error) {\n console.warn('Error while attempting to refresh session', error)\n this._removeAuthenticationResult()\n throw new OneBlinkAppsError(\n 'Your session has expired. Please login again to continue to use the application.',\n {\n requiresLogin: true,\n originalError: error as Error,\n },\n )\n }\n }\n\n registerListener(listener: () => unknown): () => void {\n this.listeners.push(listener)\n\n return () => {\n const index = this.listeners.indexOf(listener)\n if (index !== -1) {\n this.listeners.splice(index, 1)\n }\n }\n }\n\n async responseToAuthChallenge(\n username: string,\n initiateAuthResponse: InitiateAuthResponse,\n ): Promise<LoginAttemptResponse> {\n if (initiateAuthResponse.AuthenticationResult) {\n this._storeAuthenticationResult(initiateAuthResponse.AuthenticationResult)\n return {}\n }\n\n const ChallengeName = initiateAuthResponse.ChallengeName\n switch (ChallengeName) {\n case 'NEW_PASSWORD_REQUIRED': {\n return {\n resetPasswordCallback: async (newPassword) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n NEW_PASSWORD: newPassword,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n }\n }\n case 'SOFTWARE_TOKEN_MFA': {\n return {\n mfa: {\n method: 'authenticator',\n codeCallback: async (code) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SOFTWARE_TOKEN_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n },\n }\n }\n case 'EMAIL_OTP': {\n throw new Error('Email OTP is not supported')\n }\n case 'SMS_MFA': {\n return {\n mfa: {\n method: 'sms',\n codeCallback: async (code) => {\n const smsChallengeResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SMS_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n smsChallengeResult,\n )\n },\n },\n }\n }\n }\n\n console.warn(\n '\"CognitoIdentityServiceProvider.InitiateAuthResponse\" challenge has not been catered.',\n initiateAuthResponse,\n )\n throw new Error(\n 'An unexpected error occurred while attempting to process your login. Please try again or contact support if the problem persists.',\n )\n }\n\n async loginUsernamePassword(\n username: string,\n password: string,\n ): Promise<LoginAttemptResponse> {\n const loginResult = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'USER_PASSWORD_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n USERNAME: username,\n PASSWORD: password,\n },\n }),\n )\n\n return await this.responseToAuthChallenge(username, loginResult)\n }\n\n async loginHostedUI(identityProviderName?: string): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to login.',\n )\n }\n\n // Create and store a random \"state\" value\n const state = generateRandomString()\n localStorage.setItem(this.STATE, state)\n\n // Create and store a new PKCE code_verifier (the plaintext random secret)\n const codeVerifier = generateRandomString()\n localStorage.setItem(this.PKCE_CODE_VERIFIER, codeVerifier)\n\n // Hash and base64-urlencode the secret to use as the challenge\n const code_challenge = await pkceChallengeFromVerifier(codeVerifier)\n\n window.location.href =\n `https://${loginDomain}/oauth2/authorize` +\n '?response_type=code' +\n '&client_id=' +\n encodeURIComponent(this.clientId) +\n '&state=' +\n encodeURIComponent(state) +\n '&scope=' +\n encodeURIComponent('openid email profile aws.cognito.signin.user.admin') +\n '&redirect_uri=' +\n encodeURIComponent(redirectUri) +\n '&code_challenge=' +\n encodeURIComponent(code_challenge) +\n '&code_challenge_method=S256' +\n (identityProviderName\n ? '&identity_provider=' + encodeURIComponent(identityProviderName)\n : '')\n }\n\n async handleAuthentication(): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to handle a login.',\n )\n }\n\n const query = new URLSearchParams(window.location.search)\n const queryError = query.get('error')\n const queryErrorDescription = query.get('error_description')\n\n // Check if the server returned an error string\n if (typeof queryError === 'string') {\n throw new Error(\n `${queryError} - ${\n typeof queryErrorDescription === 'string'\n ? queryErrorDescription\n : 'An unknown error has occurred.'\n }`,\n )\n }\n\n const code = query.get('code')\n if (typeof code !== 'string') {\n throw new Error('\"code\" was not including in query string to parse')\n }\n\n if (localStorage.getItem(this.STATE) !== query.get('state')) {\n throw new Error('Invalid login')\n }\n\n const code_verifier = localStorage.getItem(this.PKCE_CODE_VERIFIER)\n\n // Clean these up since we don't need them anymore\n localStorage.removeItem(this.STATE)\n localStorage.removeItem(this.PKCE_CODE_VERIFIER)\n\n // Exchange the authorization code for an access token\n const result: Record<string, unknown> = await new Promise(\n (resolve, reject) => {\n sendPostRequest(\n `https://${loginDomain}/oauth2/token`,\n {\n grant_type: 'authorization_code',\n code,\n client_id: this.clientId,\n redirect_uri: redirectUri,\n code_verifier,\n },\n resolve,\n (error) => {\n reject(\n new Error(\n error.error_description ||\n error.message ||\n 'An unknown error has occurred while processing authentication code',\n ),\n )\n },\n )\n },\n )\n\n this._storeAuthenticationResult({\n AccessToken: result.access_token as string,\n ExpiresIn: result.expires_in as number,\n IdToken: result.id_token as string,\n TokenType: result.token_type as string,\n RefreshToken: result.refresh_token as string,\n })\n }\n\n async changePassword(\n existingPassword: string,\n newPassword: string,\n ): Promise<void> {\n const accessToken = await this.getAccessToken()\n await this.cognitoIdentityProviderClient.send(\n new ChangePasswordCommand({\n AccessToken: accessToken || '',\n PreviousPassword: existingPassword,\n ProposedPassword: newPassword,\n }),\n )\n }\n async confirmForgotPassword({\n username,\n code,\n password,\n }: {\n username: string\n code: string\n password: string\n }) {\n await this.cognitoIdentityProviderClient.send(\n new ConfirmForgotPasswordCommand({\n ClientId: this.clientId,\n ConfirmationCode: code,\n Password: password,\n Username: username,\n }),\n )\n }\n\n logoutHostedUI(): void {\n const loginDomain = this.loginDomain\n const logoutUri = this.logoutUri\n if (!loginDomain || !logoutUri) {\n throw new TypeError(\n '\"loginDomain\" or \"logoutUri\" was not passed to constructor. Both are required before attempting to logout.',\n )\n }\n\n window.location.href =\n `https://${loginDomain}/logout` +\n '?client_id=' +\n encodeURIComponent(this.clientId) +\n '&logout_uri=' +\n encodeURIComponent(logoutUri)\n }\n\n async logout(): Promise<void> {\n try {\n const refreshToken = this._getRefreshToken()\n // Refresh session to allow access token to perform sign out\n if (refreshToken) {\n await this._refreshSession()\n }\n\n const accessToken = this._getAccessToken()\n if (accessToken) {\n await this.cognitoIdentityProviderClient.send(\n new GlobalSignOutCommand({\n AccessToken: accessToken,\n }),\n )\n }\n } catch (error) {\n if (!(error as OneBlinkAppsError).requiresLogin) {\n throw error\n }\n } finally {\n this._removeAuthenticationResult()\n }\n }\n\n async getIdToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getIdToken()\n }\n\n async getAccessToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getAccessToken()\n }\n\n async getMfaSettings(abortSignal?: AbortSignal): Promise<MfaSettings> {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return DEFAULT_MFA_SETTINGS\n }\n\n const user = await this.cognitoIdentityProviderClient.send(\n new GetUserCommand({\n AccessToken: accessToken,\n }),\n { abortSignal },\n )\n\n const mfaList = user.UserMFASettingList || []\n const preferredMfaSetting = user.PreferredMfaSetting\n const phoneNumber = user.UserAttributes?.find(\n (attribute) => attribute.Name === 'phone_number',\n )?.Value\n const isPhoneNumberVerified =\n user.UserAttributes?.find(\n (attribute) => attribute.Name === 'phone_number_verified',\n )?.Value === 'true'\n\n return {\n authenticator: {\n enabled: mfaList.includes('SOFTWARE_TOKEN_MFA'),\n preferred: preferredMfaSetting === 'SOFTWARE_TOKEN_MFA',\n },\n sms: {\n enabled: mfaList.includes('SMS_MFA'),\n preferred: preferredMfaSetting === 'SMS_MFA',\n phoneNumber,\n isPhoneNumberVerified,\n },\n }\n }\n\n async checkIsMfaEnabled(\n mfaRequirement: MiscTypes.MfaRequirement | undefined,\n ): Promise<MfaRequirementCheckResult> {\n const mfaSettings = await this.getMfaSettings()\n\n return {\n mfaSettings,\n userMeetsMfaRequirement: checkUserMeetsMfaRequirement(\n mfaRequirement,\n mfaSettings,\n ),\n }\n }\n\n async updateUserPhoneNumber(\n phoneNumber: string,\n ): Promise<{ isPhoneNumberVerified: boolean }> {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return { isPhoneNumberVerified: false }\n }\n\n await this.cognitoIdentityProviderClient.send(\n new UpdateUserAttributesCommand({\n AccessToken: accessToken,\n UserAttributes: [\n {\n Name: 'phone_number',\n Value: phoneNumber,\n },\n ],\n }),\n )\n\n const mfaSettings = await this.getMfaSettings()\n return { isPhoneNumberVerified: mfaSettings.sms.isPhoneNumberVerified }\n }\n\n async removeUserPhoneNumber() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new DeleteUserAttributesCommand({\n AccessToken: accessToken,\n UserAttributeNames: ['phone_number'],\n }),\n )\n }\n\n async sendPhoneNumberVerificationCode() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n return await this.cognitoIdentityProviderClient.send(\n new GetUserAttributeVerificationCodeCommand({\n AccessToken: accessToken,\n AttributeName: 'phone_number',\n }),\n )\n }\n\n async verifyUserPhoneNumber(code: string) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new VerifyUserAttributeCommand({\n AccessToken: accessToken,\n AttributeName: 'phone_number',\n Code: code,\n }),\n )\n }\n\n async setPreferredMfaMethod(method: MfaMethod) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n ...(currentSettings.authenticator.enabled\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: method === 'authenticator',\n },\n }\n : {}),\n ...(currentSettings.sms.enabled\n ? {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: method === 'sms',\n },\n }\n : {}),\n }),\n )\n }\n\n async disableMfaMethod(method: MfaMethod) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n const wasPreferred =\n method === 'authenticator'\n ? currentSettings.authenticator.preferred\n : currentSettings.sms.preferred\n const otherMethod: MfaMethod =\n method === 'authenticator' ? 'sms' : 'authenticator'\n const otherSettings =\n method === 'authenticator'\n ? currentSettings.sms\n : currentSettings.authenticator\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n ...(method === 'authenticator'\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n }\n : {\n SMSMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n }),\n ...(wasPreferred && otherSettings.enabled\n ? otherMethod === 'authenticator'\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n }\n : {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n }\n : {}),\n }),\n )\n }\n\n async setupSmsMfa({ preferred }: { preferred?: boolean } = {}) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n const hasPreferredMethod =\n (currentSettings.authenticator.enabled &&\n currentSettings.authenticator.preferred) ||\n (currentSettings.sms.enabled && currentSettings.sms.preferred)\n const shouldBePreferred =\n preferred ?? (!hasPreferredMethod && !currentSettings.sms.enabled)\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: shouldBePreferred,\n },\n ...(shouldBePreferred && currentSettings.authenticator.enabled\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: false,\n },\n }\n : {}),\n }),\n )\n }\n\n async setupMfaAuthenticatorApp({ preferred }: { preferred?: boolean } = {}) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const { SecretCode } = await this.cognitoIdentityProviderClient.send(\n new AssociateSoftwareTokenCommand({\n AccessToken: accessToken,\n }),\n )\n\n return {\n secretCode: SecretCode,\n mfaCodeCallback: async (code: string) => {\n await this.cognitoIdentityProviderClient.send(\n new VerifySoftwareTokenCommand({\n AccessToken: accessToken,\n UserCode: code,\n }),\n )\n\n const currentSettings = await this.getMfaSettings()\n const hasPreferredMethod =\n (currentSettings.authenticator.enabled &&\n currentSettings.authenticator.preferred) ||\n (currentSettings.sms.enabled && currentSettings.sms.preferred)\n const shouldBePreferred =\n preferred ??\n (!hasPreferredMethod && !currentSettings.authenticator.enabled)\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: shouldBePreferred,\n },\n ...(shouldBePreferred && currentSettings.sms.enabled\n ? {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: false,\n },\n }\n : {}),\n AccessToken: accessToken,\n }),\n )\n },\n }\n }\n}\n\n//////////////////////////////////////////////////////////////////////\n// GENERAL HELPER FUNCTIONS\n\n// Make a POST request and parse the response as JSON\nfunction sendPostRequest(\n url: string,\n params: Record<string, unknown>,\n success: (value: Record<string, unknown>) => void,\n error: (err: { message?: string; error_description?: string }) => void,\n) {\n const request = new XMLHttpRequest()\n request.open('POST', url, true)\n request.setRequestHeader(\n 'Content-Type',\n 'application/x-www-form-urlencoded; charset=UTF-8',\n )\n request.onload = function () {\n let body = {}\n try {\n body = JSON.parse(request.response)\n } catch (e) {\n Sentry.captureException(e)\n // Do nothing\n }\n\n if (request.status == 200) {\n success(body)\n } else {\n error(body)\n }\n }\n request.onerror = function () {\n error({})\n }\n const body = Object.keys(params)\n .reduce((keys: string[], key) => {\n if (params[key]) {\n keys.push(key + '=' + params[key])\n }\n return keys\n }, [])\n .join('&')\n request.send(body)\n}\n\n//////////////////////////////////////////////////////////////////////\n// PKCE HELPER FUNCTIONS\n\n// Generate a secure random string using the browser crypto functions\nfunction generateRandomString() {\n const array = new Uint32Array(28)\n window.crypto.getRandomValues(array)\n return Array.from(array, (dec) => ('0' + dec.toString(16)).substr(-2)).join(\n '',\n )\n}\n\n// Calculate the SHA256 hash of the input text.\n// Returns a promise that resolves to an ArrayBuffer\nfunction sha256(plain: string) {\n const encoder = new TextEncoder()\n const data = encoder.encode(plain)\n return window.crypto.subtle.digest('SHA-256', data)\n}\n\n// Base64-urlencodes the input string\nfunction base64urlencode(str: ArrayBuffer) {\n // Convert the ArrayBuffer to string using Uint8 array to conver to what btoa accepts.\n // btoa accepts chars only within ascii 0-255 and base64 encodes them.\n // Then convert the base64 encoded to base64url encoded\n // (replace + with -, replace / with _, trim trailing =)\n // @ts-expect-error\n return btoa(String.fromCharCode.apply(null, new Uint8Array(str)))\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '')\n}\n\n// Return the base64-urlencoded sha256 hash for the PKCE challenge\nasync function pkceChallengeFromVerifier(v: string) {\n const hashed = await sha256(v)\n return base64urlencode(hashed)\n}\n"]}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { LoginAttemptResponse } from './AWSCognitoClient';
|
|
1
|
+
import { DEFAULT_MFA_SETTINGS, LoginAttemptResponse, MfaMethod, MfaRequirementCheckResult, MfaSettings } from './AWSCognitoClient';
|
|
2
2
|
import { MiscTypes } from '@oneblink/types';
|
|
3
3
|
interface CognitoServiceData {
|
|
4
4
|
oAuthClientId: string;
|
|
@@ -33,19 +33,19 @@ declare function registerAuthListener(listener: () => unknown): () => void;
|
|
|
33
33
|
* Create a session for a user by entering a username and password. If the user
|
|
34
34
|
* requires a password reset, the "resetPasswordCallback" property will be
|
|
35
35
|
* returned. This function should be called with the new password once entered
|
|
36
|
-
* by the user. If the user requires an MFA token, the "
|
|
37
|
-
*
|
|
38
|
-
*
|
|
39
|
-
*
|
|
40
|
-
*
|
|
41
|
-
*
|
|
36
|
+
* by the user. If the user requires an MFA token, the "mfa" property will be
|
|
37
|
+
* returned. Its "codeCallback" should be called with the one-time token. The
|
|
38
|
+
* functions returned are recursive and the result from each of them is the same
|
|
39
|
+
* result from the loginUsernamePassword() function. Each time the response
|
|
40
|
+
* includes a callback, you will need to begin the process again until all
|
|
41
|
+
* callbacks are handled.
|
|
42
42
|
*
|
|
43
43
|
* #### Example
|
|
44
44
|
*
|
|
45
45
|
* ```js
|
|
46
46
|
* async function handleLoginAttemptResponse({
|
|
47
47
|
* resetPasswordCallback,
|
|
48
|
-
*
|
|
48
|
+
* mfa,
|
|
49
49
|
* }) {
|
|
50
50
|
* // "resetPasswordCallback" will be undefined if a password reset was not required.
|
|
51
51
|
* if (resetPasswordCallback) {
|
|
@@ -58,13 +58,15 @@ declare function registerAuthListener(listener: () => unknown): () => void;
|
|
|
58
58
|
* return await handleLoginAttemptResponse(resetPasswordResponse)
|
|
59
59
|
* }
|
|
60
60
|
*
|
|
61
|
-
* // "
|
|
62
|
-
* if (
|
|
61
|
+
* // "mfa" will be undefined if MFA is not setup.
|
|
62
|
+
* if (mfa) {
|
|
63
63
|
* // Prompt the user to enter an MFA code
|
|
64
64
|
* const code = prompt(
|
|
65
|
-
*
|
|
65
|
+
* mfa.method === 'email'
|
|
66
|
+
* ? 'Please enter the one-time code sent to your email.'
|
|
67
|
+
* : 'Please enter a one-time code from your MFA app.',
|
|
66
68
|
* )
|
|
67
|
-
* const mfaCodeResponse = await
|
|
69
|
+
* const mfaCodeResponse = await mfa.codeCallback(code)
|
|
68
70
|
* return await handleLoginAttemptResponse(mfaCodeResponse)
|
|
69
71
|
* }
|
|
70
72
|
* }
|
|
@@ -234,58 +236,62 @@ export declare function getUsername(): string | undefined;
|
|
|
234
236
|
*/
|
|
235
237
|
declare function getUserFriendlyName(): string | undefined;
|
|
236
238
|
/**
|
|
237
|
-
* Generate a QR code link to display to a user after they have initiated
|
|
238
|
-
* setup.
|
|
239
|
+
* Generate a QR code link to display to a user after they have initiated
|
|
240
|
+
* authenticator app MFA setup.
|
|
239
241
|
*
|
|
240
242
|
* #### Example
|
|
241
243
|
*
|
|
242
244
|
* ```js
|
|
243
|
-
* const
|
|
244
|
-
*
|
|
245
|
-
*
|
|
245
|
+
* const mfaAuthenticatorAppSetupQrCodeUrl =
|
|
246
|
+
* authService.generateMfaAuthenticatorAppQrCodeUrl()
|
|
247
|
+
* if (mfaAuthenticatorAppSetupQrCodeUrl) {
|
|
248
|
+
* // use mfaAuthenticatorAppSetupQrCodeUrl to display QR code to user
|
|
246
249
|
* }
|
|
247
250
|
* ```
|
|
248
251
|
*
|
|
249
252
|
* @returns
|
|
250
253
|
*/
|
|
251
|
-
declare function
|
|
254
|
+
declare function generateMfaAuthenticatorAppQrCodeUrl(mfaAuthenticatorAppSetup: Awaited<ReturnType<typeof setupMfaAuthenticatorApp>>): string | undefined;
|
|
252
255
|
/**
|
|
253
|
-
* Check if
|
|
256
|
+
* Check if the current user meets an MFA requirement.
|
|
254
257
|
*
|
|
255
258
|
* #### Example
|
|
256
259
|
*
|
|
257
260
|
* ```js
|
|
258
|
-
* const
|
|
259
|
-
*
|
|
260
|
-
*
|
|
261
|
+
* const { mfaSettings, userMeetsMfaRequirement } =
|
|
262
|
+
* await authService.checkIsMfaEnabled('any')
|
|
263
|
+
* if (userMeetsMfaRequirement) {
|
|
264
|
+
* // User has met the MFA requirement
|
|
261
265
|
* } else {
|
|
262
|
-
* //
|
|
266
|
+
* // Prompt user to set up MFA
|
|
263
267
|
* }
|
|
264
268
|
* ```
|
|
265
269
|
*
|
|
266
270
|
* @returns
|
|
267
271
|
*/
|
|
268
|
-
declare function checkIsMfaEnabled(): Promise<
|
|
272
|
+
declare function checkIsMfaEnabled(mfaRequirement: MiscTypes.MfaRequirement | undefined): Promise<MfaRequirementCheckResult>;
|
|
273
|
+
declare function getMfaSettings(abortSignal?: AbortSignal): Promise<MfaSettings>;
|
|
274
|
+
declare function updateUserPhoneNumber(phoneNumber: string): Promise<{
|
|
275
|
+
isPhoneNumberVerified: boolean;
|
|
276
|
+
}>;
|
|
277
|
+
declare function removeUserPhoneNumber(): Promise<void>;
|
|
278
|
+
declare function sendPhoneNumberVerificationCode(): Promise<import("@aws-sdk/client-cognito-identity-provider").GetUserAttributeVerificationCodeCommandOutput | undefined>;
|
|
279
|
+
declare function verifyUserPhoneNumber(code: string): Promise<void>;
|
|
280
|
+
declare function setupSmsMfa(options?: {
|
|
281
|
+
preferred?: boolean;
|
|
282
|
+
}): Promise<void>;
|
|
283
|
+
declare function disableMfaMethod(method: MfaMethod): Promise<void>;
|
|
284
|
+
declare function setPreferredMfaMethod(method: MfaMethod): Promise<void>;
|
|
269
285
|
/**
|
|
270
|
-
*
|
|
286
|
+
* Setup authenticator app MFA for the current user. The result will include a
|
|
287
|
+
* callback that should be called with the valid TOTP from an authenticator
|
|
288
|
+
* app.
|
|
271
289
|
*
|
|
272
290
|
* #### Example
|
|
273
291
|
*
|
|
274
292
|
* ```js
|
|
275
|
-
*
|
|
276
|
-
*
|
|
277
|
-
*
|
|
278
|
-
* @returns
|
|
279
|
-
*/
|
|
280
|
-
declare function disableMfa(): Promise<void>;
|
|
281
|
-
/**
|
|
282
|
-
* Setup MFA for the current user. The result will include a callback that
|
|
283
|
-
* should be called with the valid TOTP from an authenticator app.
|
|
284
|
-
*
|
|
285
|
-
* #### Example
|
|
286
|
-
*
|
|
287
|
-
* ```js
|
|
288
|
-
* const { secretCode, mfaCodeCallback } = await authService.setupMfa()
|
|
293
|
+
* const { secretCode, mfaCodeCallback } =
|
|
294
|
+
* await authService.setupMfaAuthenticatorApp()
|
|
289
295
|
* // Prompt the user to enter an MFA code
|
|
290
296
|
* const code = prompt(
|
|
291
297
|
* `Please enter a one-time code from your MFA app after creating a new entry with secret: ${secretCode}.`,
|
|
@@ -295,8 +301,11 @@ declare function disableMfa(): Promise<void>;
|
|
|
295
301
|
*
|
|
296
302
|
* @returns
|
|
297
303
|
*/
|
|
298
|
-
declare function
|
|
304
|
+
declare function setupMfaAuthenticatorApp(options?: {
|
|
305
|
+
preferred?: boolean;
|
|
306
|
+
}): Promise<{
|
|
299
307
|
secretCode: string | undefined;
|
|
300
308
|
mfaCodeCallback: (code: string) => Promise<void>;
|
|
301
309
|
} | undefined>;
|
|
302
|
-
export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName,
|
|
310
|
+
export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName, checkIsMfaEnabled, getMfaSettings, updateUserPhoneNumber, removeUserPhoneNumber, sendPhoneNumberVerificationCode, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupSmsMfa, setupMfaAuthenticatorApp, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, };
|
|
311
|
+
export type { LoginAttemptResponse, MfaMethod, MfaRequirementCheckResult, MfaSettings, };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { jwtDecode } from 'jwt-decode';
|
|
2
|
-
import AWSCognitoClient from './AWSCognitoClient';
|
|
2
|
+
import AWSCognitoClient, { DEFAULT_MFA_SETTINGS, } from './AWSCognitoClient';
|
|
3
3
|
import * as offlineService from '../offline-service';
|
|
4
4
|
import { userService } from '@oneblink/sdk-core';
|
|
5
5
|
import { postRequest } from './fetch';
|
|
@@ -47,19 +47,19 @@ function registerAuthListener(listener) {
|
|
|
47
47
|
* Create a session for a user by entering a username and password. If the user
|
|
48
48
|
* requires a password reset, the "resetPasswordCallback" property will be
|
|
49
49
|
* returned. This function should be called with the new password once entered
|
|
50
|
-
* by the user. If the user requires an MFA token, the "
|
|
51
|
-
*
|
|
52
|
-
*
|
|
53
|
-
*
|
|
54
|
-
*
|
|
55
|
-
*
|
|
50
|
+
* by the user. If the user requires an MFA token, the "mfa" property will be
|
|
51
|
+
* returned. Its "codeCallback" should be called with the one-time token. The
|
|
52
|
+
* functions returned are recursive and the result from each of them is the same
|
|
53
|
+
* result from the loginUsernamePassword() function. Each time the response
|
|
54
|
+
* includes a callback, you will need to begin the process again until all
|
|
55
|
+
* callbacks are handled.
|
|
56
56
|
*
|
|
57
57
|
* #### Example
|
|
58
58
|
*
|
|
59
59
|
* ```js
|
|
60
60
|
* async function handleLoginAttemptResponse({
|
|
61
61
|
* resetPasswordCallback,
|
|
62
|
-
*
|
|
62
|
+
* mfa,
|
|
63
63
|
* }) {
|
|
64
64
|
* // "resetPasswordCallback" will be undefined if a password reset was not required.
|
|
65
65
|
* if (resetPasswordCallback) {
|
|
@@ -72,13 +72,15 @@ function registerAuthListener(listener) {
|
|
|
72
72
|
* return await handleLoginAttemptResponse(resetPasswordResponse)
|
|
73
73
|
* }
|
|
74
74
|
*
|
|
75
|
-
* // "
|
|
76
|
-
* if (
|
|
75
|
+
* // "mfa" will be undefined if MFA is not setup.
|
|
76
|
+
* if (mfa) {
|
|
77
77
|
* // Prompt the user to enter an MFA code
|
|
78
78
|
* const code = prompt(
|
|
79
|
-
*
|
|
79
|
+
* mfa.method === 'email'
|
|
80
|
+
* ? 'Please enter the one-time code sent to your email.'
|
|
81
|
+
* : 'Please enter a one-time code from your MFA app.',
|
|
80
82
|
* )
|
|
81
|
-
* const mfaCodeResponse = await
|
|
83
|
+
* const mfaCodeResponse = await mfa.codeCallback(code)
|
|
82
84
|
* return await handleLoginAttemptResponse(mfaCodeResponse)
|
|
83
85
|
* }
|
|
84
86
|
* }
|
|
@@ -354,74 +356,109 @@ function getUserFriendlyName() {
|
|
|
354
356
|
return userService.getUserFriendlyName(profile);
|
|
355
357
|
}
|
|
356
358
|
/**
|
|
357
|
-
* Generate a QR code link to display to a user after they have initiated
|
|
358
|
-
* setup.
|
|
359
|
+
* Generate a QR code link to display to a user after they have initiated
|
|
360
|
+
* authenticator app MFA setup.
|
|
359
361
|
*
|
|
360
362
|
* #### Example
|
|
361
363
|
*
|
|
362
364
|
* ```js
|
|
363
|
-
* const
|
|
364
|
-
*
|
|
365
|
-
*
|
|
365
|
+
* const mfaAuthenticatorAppSetupQrCodeUrl =
|
|
366
|
+
* authService.generateMfaAuthenticatorAppQrCodeUrl()
|
|
367
|
+
* if (mfaAuthenticatorAppSetupQrCodeUrl) {
|
|
368
|
+
* // use mfaAuthenticatorAppSetupQrCodeUrl to display QR code to user
|
|
366
369
|
* }
|
|
367
370
|
* ```
|
|
368
371
|
*
|
|
369
372
|
* @returns
|
|
370
373
|
*/
|
|
371
|
-
function
|
|
374
|
+
function generateMfaAuthenticatorAppQrCodeUrl(mfaAuthenticatorAppSetup) {
|
|
372
375
|
const profile = getUserProfile();
|
|
373
|
-
if (!profile || !
|
|
376
|
+
if (!profile || !mfaAuthenticatorAppSetup) {
|
|
374
377
|
return;
|
|
375
378
|
}
|
|
376
|
-
return `otpauth://totp/${tenants.current.productShortName}:${profile.email}?secret=${
|
|
379
|
+
return `otpauth://totp/${tenants.current.productShortName}:${profile.email}?secret=${mfaAuthenticatorAppSetup.secretCode}&issuer=${tenants.current.productShortName}`;
|
|
377
380
|
}
|
|
378
381
|
/**
|
|
379
|
-
* Check if
|
|
382
|
+
* Check if the current user meets an MFA requirement.
|
|
380
383
|
*
|
|
381
384
|
* #### Example
|
|
382
385
|
*
|
|
383
386
|
* ```js
|
|
384
|
-
* const
|
|
385
|
-
*
|
|
386
|
-
*
|
|
387
|
+
* const { mfaSettings, userMeetsMfaRequirement } =
|
|
388
|
+
* await authService.checkIsMfaEnabled('any')
|
|
389
|
+
* if (userMeetsMfaRequirement) {
|
|
390
|
+
* // User has met the MFA requirement
|
|
387
391
|
* } else {
|
|
388
|
-
* //
|
|
392
|
+
* // Prompt user to set up MFA
|
|
389
393
|
* }
|
|
390
394
|
* ```
|
|
391
395
|
*
|
|
392
396
|
* @returns
|
|
393
397
|
*/
|
|
394
|
-
async function checkIsMfaEnabled() {
|
|
398
|
+
async function checkIsMfaEnabled(mfaRequirement) {
|
|
395
399
|
if (!awsCognitoClient) {
|
|
396
400
|
throw new Error('"authService" has not been initiated. You must call the init() function before checking if the current user has MFA enabled.');
|
|
397
401
|
}
|
|
398
|
-
return await awsCognitoClient.checkIsMfaEnabled();
|
|
402
|
+
return await awsCognitoClient.checkIsMfaEnabled(mfaRequirement);
|
|
399
403
|
}
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
404
|
+
async function getMfaSettings(abortSignal) {
|
|
405
|
+
if (!awsCognitoClient) {
|
|
406
|
+
throw new Error('"authService" has not been initiated. You must call the init() function before checking MFA settings.');
|
|
407
|
+
}
|
|
408
|
+
return await awsCognitoClient.getMfaSettings(abortSignal);
|
|
409
|
+
}
|
|
410
|
+
async function updateUserPhoneNumber(phoneNumber) {
|
|
411
|
+
if (!awsCognitoClient) {
|
|
412
|
+
throw new Error('"authService" has not been initiated. You must call the init() function before updating the user phone number.');
|
|
413
|
+
}
|
|
414
|
+
return await awsCognitoClient.updateUserPhoneNumber(phoneNumber);
|
|
415
|
+
}
|
|
416
|
+
async function removeUserPhoneNumber() {
|
|
417
|
+
if (!awsCognitoClient) {
|
|
418
|
+
throw new Error('"authService" has not been initiated. You must call the init() function before removing the user phone number.');
|
|
419
|
+
}
|
|
420
|
+
return await awsCognitoClient.removeUserPhoneNumber();
|
|
421
|
+
}
|
|
422
|
+
async function sendPhoneNumberVerificationCode() {
|
|
423
|
+
if (!awsCognitoClient) {
|
|
424
|
+
throw new Error('"authService" has not been initiated. You must call the init() function before sending a phone number verification code.');
|
|
425
|
+
}
|
|
426
|
+
return await awsCognitoClient.sendPhoneNumberVerificationCode();
|
|
427
|
+
}
|
|
428
|
+
async function verifyUserPhoneNumber(code) {
|
|
429
|
+
if (!awsCognitoClient) {
|
|
430
|
+
throw new Error('"authService" has not been initiated. You must call the init() function before verifying the user phone number.');
|
|
431
|
+
}
|
|
432
|
+
return await awsCognitoClient.verifyUserPhoneNumber(code);
|
|
433
|
+
}
|
|
434
|
+
async function setupSmsMfa(options) {
|
|
435
|
+
if (!awsCognitoClient) {
|
|
436
|
+
throw new Error('"authService" has not been initiated. You must call the init() function before attempting to setup SMS MFA.');
|
|
437
|
+
}
|
|
438
|
+
return await awsCognitoClient.setupSmsMfa(options);
|
|
439
|
+
}
|
|
440
|
+
async function disableMfaMethod(method) {
|
|
441
|
+
if (!awsCognitoClient) {
|
|
442
|
+
throw new Error('"authService" has not been initiated. You must call the init() function before attempting to disable an MFA method.');
|
|
443
|
+
}
|
|
444
|
+
return await awsCognitoClient.disableMfaMethod(method);
|
|
445
|
+
}
|
|
446
|
+
async function setPreferredMfaMethod(method) {
|
|
412
447
|
if (!awsCognitoClient) {
|
|
413
|
-
throw new Error('"authService" has not been initiated. You must call the init() function before attempting to
|
|
448
|
+
throw new Error('"authService" has not been initiated. You must call the init() function before attempting to set the preferred MFA method.');
|
|
414
449
|
}
|
|
415
|
-
return await awsCognitoClient.
|
|
450
|
+
return await awsCognitoClient.setPreferredMfaMethod(method);
|
|
416
451
|
}
|
|
417
452
|
/**
|
|
418
|
-
* Setup MFA for the current user. The result will include a
|
|
419
|
-
* should be called with the valid TOTP from an authenticator
|
|
453
|
+
* Setup authenticator app MFA for the current user. The result will include a
|
|
454
|
+
* callback that should be called with the valid TOTP from an authenticator
|
|
455
|
+
* app.
|
|
420
456
|
*
|
|
421
457
|
* #### Example
|
|
422
458
|
*
|
|
423
459
|
* ```js
|
|
424
|
-
* const { secretCode, mfaCodeCallback } =
|
|
460
|
+
* const { secretCode, mfaCodeCallback } =
|
|
461
|
+
* await authService.setupMfaAuthenticatorApp()
|
|
425
462
|
* // Prompt the user to enter an MFA code
|
|
426
463
|
* const code = prompt(
|
|
427
464
|
* `Please enter a one-time code from your MFA app after creating a new entry with secret: ${secretCode}.`,
|
|
@@ -431,11 +468,11 @@ async function disableMfa() {
|
|
|
431
468
|
*
|
|
432
469
|
* @returns
|
|
433
470
|
*/
|
|
434
|
-
async function
|
|
471
|
+
async function setupMfaAuthenticatorApp(options) {
|
|
435
472
|
if (!awsCognitoClient) {
|
|
436
|
-
throw new Error('"authService" has not been initiated. You must call the init() function before attempting to setup MFA.');
|
|
473
|
+
throw new Error('"authService" has not been initiated. You must call the init() function before attempting to setup authenticator app MFA.');
|
|
437
474
|
}
|
|
438
|
-
return await awsCognitoClient.
|
|
475
|
+
return await awsCognitoClient.setupMfaAuthenticatorApp(options);
|
|
439
476
|
}
|
|
440
|
-
export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName, checkIsMfaEnabled,
|
|
477
|
+
export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName, checkIsMfaEnabled, getMfaSettings, updateUserPhoneNumber, removeUserPhoneNumber, sendPhoneNumberVerificationCode, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupSmsMfa, setupMfaAuthenticatorApp, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, };
|
|
441
478
|
//# sourceMappingURL=cognito.js.map
|