@oneblink/apps-react 11.0.0-beta.2 → 11.0.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,4 +1,29 @@
1
- export { checkIsMfaEnabled, getMfaSettings, updateUserPhoneNumber, removeUserPhoneNumber, sendPhoneNumberVerificationCode, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupMfaAuthenticatorApp, setupSmsMfa, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, } from './services/cognito';
2
- export type { MfaMethod, MfaRequirementCheckResult, MfaSettings, } from './services/cognito';
1
+ import { MiscTypes } from '@oneblink/types';
2
+ import { getMfaSettings } from './services/cognito';
3
+ export { getMfaSettings };
4
+ export { updateUserPhoneNumber, removeUserPhoneNumber, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupMfaAuthenticatorApp, setupSmsMfa, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, } from './services/cognito';
5
+ export type { MfaMethod, MfaSettings } from './services/cognito';
3
6
  export { isMfaRequired, mfaRequirementToSelectedMethods, mfaSelectedMethodsToMfaRequirement, formatMfaRequirementLabel, formatMfaRequirementMethodLabel, userMeetsMfaRequirement, formatMfaSetupRequiredMessage, formatMfaMethodNotAcceptedMessage, } from '../utils/mfa-requirement';
4
7
  export type { MfaRequirementMethod } from '../utils/mfa-requirement';
8
+ export type MfaRequirementCheckResult = {
9
+ mfaSettings: Awaited<ReturnType<typeof getMfaSettings>>;
10
+ userMeetsMfaRequirement: boolean;
11
+ };
12
+ /**
13
+ * Check if the current user meets an MFA requirement.
14
+ *
15
+ * #### Example
16
+ *
17
+ * ```js
18
+ * const { mfaSettings, userMeetsMfaRequirement } =
19
+ * await mfaService.checkIsMfaEnabled('any')
20
+ * if (userMeetsMfaRequirement) {
21
+ * // User has met the MFA requirement
22
+ * } else {
23
+ * // Prompt user to set up MFA
24
+ * }
25
+ * ```
26
+ *
27
+ * @returns
28
+ */
29
+ export declare function checkIsMfaEnabled(mfaRequirement: MiscTypes.MfaRequirement | undefined): Promise<MfaRequirementCheckResult>;
@@ -1,3 +1,30 @@
1
- export { checkIsMfaEnabled, getMfaSettings, updateUserPhoneNumber, removeUserPhoneNumber, sendPhoneNumberVerificationCode, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupMfaAuthenticatorApp, setupSmsMfa, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, } from './services/cognito';
1
+ import { getMfaSettings } from './services/cognito';
2
+ import { userMeetsMfaRequirement } from '../utils/mfa-requirement';
3
+ export { getMfaSettings };
4
+ export { updateUserPhoneNumber, removeUserPhoneNumber, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupMfaAuthenticatorApp, setupSmsMfa, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, } from './services/cognito';
2
5
  export { isMfaRequired, mfaRequirementToSelectedMethods, mfaSelectedMethodsToMfaRequirement, formatMfaRequirementLabel, formatMfaRequirementMethodLabel, userMeetsMfaRequirement, formatMfaSetupRequiredMessage, formatMfaMethodNotAcceptedMessage, } from '../utils/mfa-requirement';
6
+ /**
7
+ * Check if the current user meets an MFA requirement.
8
+ *
9
+ * #### Example
10
+ *
11
+ * ```js
12
+ * const { mfaSettings, userMeetsMfaRequirement } =
13
+ * await mfaService.checkIsMfaEnabled('any')
14
+ * if (userMeetsMfaRequirement) {
15
+ * // User has met the MFA requirement
16
+ * } else {
17
+ * // Prompt user to set up MFA
18
+ * }
19
+ * ```
20
+ *
21
+ * @returns
22
+ */
23
+ export async function checkIsMfaEnabled(mfaRequirement) {
24
+ const mfaSettings = await getMfaSettings();
25
+ return {
26
+ mfaSettings,
27
+ userMeetsMfaRequirement: userMeetsMfaRequirement(mfaRequirement, mfaSettings),
28
+ };
29
+ }
3
30
  //# sourceMappingURL=mfa-service.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"mfa-service.js","sourceRoot":"","sources":["../../src/apps/mfa-service.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,qBAAqB,EACrB,qBAAqB,EACrB,+BAA+B,EAC/B,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,oCAAoC,EACpC,oBAAoB,GACrB,MAAM,oBAAoB,CAAA;AAM3B,OAAO,EACL,aAAa,EACb,+BAA+B,EAC/B,kCAAkC,EAClC,yBAAyB,EACzB,+BAA+B,EAC/B,uBAAuB,EACvB,6BAA6B,EAC7B,iCAAiC,GAClC,MAAM,0BAA0B,CAAA","sourcesContent":["export {\r\n checkIsMfaEnabled,\r\n getMfaSettings,\r\n updateUserPhoneNumber,\r\n removeUserPhoneNumber,\r\n sendPhoneNumberVerificationCode,\r\n verifyUserPhoneNumber,\r\n disableMfaMethod,\r\n setPreferredMfaMethod,\r\n setupMfaAuthenticatorApp,\r\n setupSmsMfa,\r\n generateMfaAuthenticatorAppQrCodeUrl,\r\n DEFAULT_MFA_SETTINGS,\r\n} from './services/cognito'\r\nexport type {\r\n MfaMethod,\r\n MfaRequirementCheckResult,\r\n MfaSettings,\r\n} from './services/cognito'\r\nexport {\r\n isMfaRequired,\r\n mfaRequirementToSelectedMethods,\r\n mfaSelectedMethodsToMfaRequirement,\r\n formatMfaRequirementLabel,\r\n formatMfaRequirementMethodLabel,\r\n userMeetsMfaRequirement,\r\n formatMfaSetupRequiredMessage,\r\n formatMfaMethodNotAcceptedMessage,\r\n} from '../utils/mfa-requirement'\r\nexport type { MfaRequirementMethod } from '../utils/mfa-requirement'\r\n"]}
1
+ {"version":3,"file":"mfa-service.js","sourceRoot":"","sources":["../../src/apps/mfa-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AAElE,OAAO,EAAE,cAAc,EAAE,CAAA;AACzB,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,oCAAoC,EACpC,oBAAoB,GACrB,MAAM,oBAAoB,CAAA;AAE3B,OAAO,EACL,aAAa,EACb,+BAA+B,EAC/B,kCAAkC,EAClC,yBAAyB,EACzB,+BAA+B,EAC/B,uBAAuB,EACvB,6BAA6B,EAC7B,iCAAiC,GAClC,MAAM,0BAA0B,CAAA;AAQjC;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,cAAoD;IAEpD,MAAM,WAAW,GAAG,MAAM,cAAc,EAAE,CAAA;IAE1C,OAAO;QACL,WAAW;QACX,uBAAuB,EAAE,uBAAuB,CAC9C,cAAc,EACd,WAAW,CACZ;KACF,CAAA;AACH,CAAC","sourcesContent":["import { MiscTypes } from '@oneblink/types'\r\nimport { getMfaSettings } from './services/cognito'\r\nimport { userMeetsMfaRequirement } from '../utils/mfa-requirement'\r\n\r\nexport { getMfaSettings }\r\nexport {\r\n updateUserPhoneNumber,\r\n removeUserPhoneNumber,\r\n verifyUserPhoneNumber,\r\n disableMfaMethod,\r\n setPreferredMfaMethod,\r\n setupMfaAuthenticatorApp,\r\n setupSmsMfa,\r\n generateMfaAuthenticatorAppQrCodeUrl,\r\n DEFAULT_MFA_SETTINGS,\r\n} from './services/cognito'\r\nexport type { MfaMethod, MfaSettings } from './services/cognito'\r\nexport {\r\n isMfaRequired,\r\n mfaRequirementToSelectedMethods,\r\n mfaSelectedMethodsToMfaRequirement,\r\n formatMfaRequirementLabel,\r\n formatMfaRequirementMethodLabel,\r\n userMeetsMfaRequirement,\r\n formatMfaSetupRequiredMessage,\r\n formatMfaMethodNotAcceptedMessage,\r\n} from '../utils/mfa-requirement'\r\nexport type { MfaRequirementMethod } from '../utils/mfa-requirement'\r\n\r\nexport type MfaRequirementCheckResult = {\r\n mfaSettings: Awaited<ReturnType<typeof getMfaSettings>>\r\n userMeetsMfaRequirement: boolean\r\n}\r\n\r\n/**\r\n * Check if the current user meets an MFA requirement.\r\n *\r\n * #### Example\r\n *\r\n * ```js\r\n * const { mfaSettings, userMeetsMfaRequirement } =\r\n * await mfaService.checkIsMfaEnabled('any')\r\n * if (userMeetsMfaRequirement) {\r\n * // User has met the MFA requirement\r\n * } else {\r\n * // Prompt user to set up MFA\r\n * }\r\n * ```\r\n *\r\n * @returns\r\n */\r\nexport async function checkIsMfaEnabled(\r\n mfaRequirement: MiscTypes.MfaRequirement | undefined,\r\n): Promise<MfaRequirementCheckResult> {\r\n const mfaSettings = await getMfaSettings()\r\n\r\n return {\r\n mfaSettings,\r\n userMeetsMfaRequirement: userMeetsMfaRequirement(\r\n mfaRequirement,\r\n mfaSettings,\r\n ),\r\n }\r\n}\r\n"]}
@@ -1,5 +1,4 @@
1
1
  import { AuthenticationResultType, CognitoIdentityProviderClient, InitiateAuthResponse } from '@aws-sdk/client-cognito-identity-provider';
2
- import { MiscTypes } from '@oneblink/types';
3
2
  export type MfaMethod = 'authenticator' | 'sms';
4
3
  export type MfaSettings = {
5
4
  authenticator: {
@@ -14,9 +13,13 @@ export type MfaSettings = {
14
13
  };
15
14
  };
16
15
  export declare const DEFAULT_MFA_SETTINGS: MfaSettings;
17
- export type MfaRequirementCheckResult = {
18
- mfaSettings: MfaSettings;
19
- userMeetsMfaRequirement: boolean;
16
+ export declare function resolveMfaPreferredFlags({ authenticatorEnabled, smsEnabled, preferredMfaSetting, }: {
17
+ authenticatorEnabled: boolean;
18
+ smsEnabled: boolean;
19
+ preferredMfaSetting: string | undefined;
20
+ }): {
21
+ authenticatorPreferred: boolean;
22
+ smsPreferred: boolean;
20
23
  };
21
24
  export type LoginAttemptResponse = {
22
25
  resetPasswordCallback?: (newPassword: string) => Promise<LoginAttemptResponse>;
@@ -69,12 +72,10 @@ export default class AWSCognitoClient {
69
72
  getIdToken(): Promise<string | undefined>;
70
73
  getAccessToken(): Promise<string | undefined>;
71
74
  getMfaSettings(abortSignal?: AbortSignal): Promise<MfaSettings>;
72
- checkIsMfaEnabled(mfaRequirement: MiscTypes.MfaRequirement | undefined): Promise<MfaRequirementCheckResult>;
73
75
  updateUserPhoneNumber(phoneNumber: string): Promise<{
74
76
  isPhoneNumberVerified: boolean;
75
77
  }>;
76
78
  removeUserPhoneNumber(): Promise<void>;
77
- sendPhoneNumberVerificationCode(): Promise<import("@aws-sdk/client-cognito-identity-provider").GetUserAttributeVerificationCodeCommandOutput | undefined>;
78
79
  verifyUserPhoneNumber(code: string): Promise<void>;
79
80
  setPreferredMfaMethod(method: MfaMethod): Promise<void>;
80
81
  disableMfaMethod(method: MfaMethod): Promise<void>;
@@ -1,4 +1,4 @@
1
- import { AssociateSoftwareTokenCommand, ChangePasswordCommand, CognitoIdentityProviderClient, ConfirmForgotPasswordCommand, DeleteUserAttributesCommand, GetUserAttributeVerificationCodeCommand, GetUserCommand, GlobalSignOutCommand, InitiateAuthCommand, RespondToAuthChallengeCommand, SetUserMFAPreferenceCommand, UpdateUserAttributesCommand, VerifySoftwareTokenCommand, VerifyUserAttributeCommand, } from '@aws-sdk/client-cognito-identity-provider';
1
+ import { AssociateSoftwareTokenCommand, ChangePasswordCommand, CognitoIdentityProviderClient, ConfirmForgotPasswordCommand, DeleteUserAttributesCommand, GetUserCommand, GlobalSignOutCommand, InitiateAuthCommand, RespondToAuthChallengeCommand, SetUserMFAPreferenceCommand, UpdateUserAttributesCommand, VerifySoftwareTokenCommand, VerifyUserAttributeCommand, } from '@aws-sdk/client-cognito-identity-provider';
2
2
  import Sentry from '../Sentry';
3
3
  import { OneBlinkAppsError } from '..';
4
4
  export const DEFAULT_MFA_SETTINGS = {
@@ -10,19 +10,22 @@ export const DEFAULT_MFA_SETTINGS = {
10
10
  isPhoneNumberVerified: false,
11
11
  },
12
12
  };
13
- const MFA_REQUIREMENT_METHOD_CHECKS = {
14
- sms: (mfaSettings) => mfaSettings.sms.enabled,
15
- authenticatorApp: (mfaSettings) => mfaSettings.authenticator.enabled,
16
- };
17
- function checkUserMeetsMfaRequirement(mfaRequirement, mfaSettings) {
18
- if (!mfaRequirement) {
19
- return true;
13
+ export function resolveMfaPreferredFlags({ authenticatorEnabled, smsEnabled, preferredMfaSetting, }) {
14
+ const cognitoAuthenticatorPreferred = preferredMfaSetting === 'SOFTWARE_TOKEN_MFA';
15
+ const cognitoSmsPreferred = preferredMfaSetting === 'SMS_MFA';
16
+ if (cognitoAuthenticatorPreferred && authenticatorEnabled) {
17
+ return { authenticatorPreferred: true, smsPreferred: false };
18
+ }
19
+ if (cognitoSmsPreferred && smsEnabled) {
20
+ return { authenticatorPreferred: false, smsPreferred: true };
20
21
  }
21
- const requiredMethods = Object.keys(MFA_REQUIREMENT_METHOD_CHECKS).filter((method) => mfaRequirement[method]);
22
- if (requiredMethods.length === 0) {
23
- return true;
22
+ if (authenticatorEnabled && smsEnabled) {
23
+ return { authenticatorPreferred: true, smsPreferred: false };
24
24
  }
25
- return requiredMethods.some((method) => MFA_REQUIREMENT_METHOD_CHECKS[method](mfaSettings));
25
+ return {
26
+ authenticatorPreferred: authenticatorEnabled,
27
+ smsPreferred: smsEnabled,
28
+ };
26
29
  }
27
30
  export default class AWSCognitoClient {
28
31
  constructor({ clientId, region, loginDomain, redirectUri, logoutUri, }) {
@@ -376,26 +379,26 @@ export default class AWSCognitoClient {
376
379
  const preferredMfaSetting = user.PreferredMfaSetting;
377
380
  const phoneNumber = (_b = (_a = user.UserAttributes) === null || _a === void 0 ? void 0 : _a.find((attribute) => attribute.Name === 'phone_number')) === null || _b === void 0 ? void 0 : _b.Value;
378
381
  const isPhoneNumberVerified = ((_d = (_c = user.UserAttributes) === null || _c === void 0 ? void 0 : _c.find((attribute) => attribute.Name === 'phone_number_verified')) === null || _d === void 0 ? void 0 : _d.Value) === 'true';
382
+ const authenticatorEnabled = mfaList.includes('SOFTWARE_TOKEN_MFA');
383
+ const smsEnabled = mfaList.includes('SMS_MFA');
384
+ const { authenticatorPreferred, smsPreferred } = resolveMfaPreferredFlags({
385
+ authenticatorEnabled,
386
+ smsEnabled,
387
+ preferredMfaSetting,
388
+ });
379
389
  return {
380
390
  authenticator: {
381
- enabled: mfaList.includes('SOFTWARE_TOKEN_MFA'),
382
- preferred: preferredMfaSetting === 'SOFTWARE_TOKEN_MFA',
391
+ enabled: authenticatorEnabled,
392
+ preferred: authenticatorPreferred,
383
393
  },
384
394
  sms: {
385
- enabled: mfaList.includes('SMS_MFA'),
386
- preferred: preferredMfaSetting === 'SMS_MFA',
395
+ enabled: smsEnabled,
396
+ preferred: smsPreferred,
387
397
  phoneNumber,
388
398
  isPhoneNumberVerified,
389
399
  },
390
400
  };
391
401
  }
392
- async checkIsMfaEnabled(mfaRequirement) {
393
- const mfaSettings = await this.getMfaSettings();
394
- return {
395
- mfaSettings,
396
- userMeetsMfaRequirement: checkUserMeetsMfaRequirement(mfaRequirement, mfaSettings),
397
- };
398
- }
399
402
  async updateUserPhoneNumber(phoneNumber) {
400
403
  const accessToken = await this.getAccessToken();
401
404
  if (!accessToken) {
@@ -423,16 +426,6 @@ export default class AWSCognitoClient {
423
426
  UserAttributeNames: ['phone_number'],
424
427
  }));
425
428
  }
426
- async sendPhoneNumberVerificationCode() {
427
- const accessToken = await this.getAccessToken();
428
- if (!accessToken) {
429
- return;
430
- }
431
- return await this.cognitoIdentityProviderClient.send(new GetUserAttributeVerificationCodeCommand({
432
- AccessToken: accessToken,
433
- AttributeName: 'phone_number',
434
- }));
435
- }
436
429
  async verifyUserPhoneNumber(code) {
437
430
  const accessToken = await this.getAccessToken();
438
431
  if (!accessToken) {
@@ -1 +1 @@
1
- {"version":3,"file":"AWSCognitoClient.js","sourceRoot":"","sources":["../../../src/apps/services/AWSCognitoClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAE7B,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,2BAA2B,EAC3B,uCAAuC,EACvC,cAAc,EACd,oBAAoB,EACpB,mBAAmB,EAEnB,6BAA6B,EAC7B,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,2CAA2C,CAAA;AAClD,OAAO,MAAM,MAAM,WAAW,CAAA;AAC9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAA;AAkBtC,MAAM,CAAC,MAAM,oBAAoB,GAAgB;IAC/C,aAAa,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE;IACnD,GAAG,EAAE;QACH,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,KAAK;QAChB,WAAW,EAAE,SAAS;QACtB,qBAAqB,EAAE,KAAK;KAC7B;CACF,CAAA;AAOD,MAAM,6BAA6B,GAAG;IACpC,GAAG,EAAE,CAAC,WAAwB,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO;IAC1D,gBAAgB,EAAE,CAAC,WAAwB,EAAE,EAAE,CAC7C,WAAW,CAAC,aAAa,CAAC,OAAO;CAIpC,CAAA;AAED,SAAS,4BAA4B,CACnC,cAAoD,EACpD,WAAwB;IAExB,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,eAAe,GACnB,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAG1C,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAA;IAE5C,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CACrC,6BAA6B,CAAC,MAAM,CAAC,CAAC,WAAW,CAAC,CACnD,CAAA;AACH,CAAC;AAUD,MAAM,CAAC,OAAO,OAAO,gBAAgB;IAQnC,YAAY,EACV,QAAQ,EACR,MAAM,EACN,WAAW,EACX,WAAW,EACX,SAAS,GAOV;QACC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;QAC9D,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAA;QAC5D,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,EAAE,CAAA;QACnB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,IAAI,CAAC,6BAA6B,GAAG,IAAI,6BAA6B,CAAC;YACrE,MAAM;SACP,CAAC,CAAA;IACJ,CAAC;IAED,qBAAqB;IACrB,IAAI,UAAU;QACZ,OAAO,WAAW,IAAI,CAAC,QAAQ,aAAa,CAAA;IAC9C,CAAC;IACD,IAAI,YAAY;QACd,OAAO,WAAW,IAAI,CAAC,QAAQ,eAAe,CAAA;IAChD,CAAC;IACD,IAAI,QAAQ;QACV,OAAO,WAAW,IAAI,CAAC,QAAQ,WAAW,CAAA;IAC5C,CAAC;IACD,IAAI,aAAa;QACf,OAAO,WAAW,IAAI,CAAC,QAAQ,gBAAgB,CAAA;IACjD,CAAC;IACD,IAAI,KAAK;QACP,OAAO,WAAW,IAAI,CAAC,QAAQ,QAAQ,CAAA;IACzC,CAAC;IACD,IAAI,kBAAkB;QACpB,OAAO,WAAW,IAAI,CAAC,QAAQ,qBAAqB,CAAA;IACtD,CAAC;IAED,iBAAiB;QACf,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,QAAQ,EAAE,CAAA;YACZ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAA;gBAC9B,8BAA8B;gBAC9B,OAAO,CAAC,IAAI,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B,CAAC,oBAA8C;QACvE,qFAAqF;QACrF,MAAM,SAAS,GACZ,oBAAoB,CAAC,SAAoB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA;QACvE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;QAC3D,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,YAAY,EACjB,oBAAoB,CAAC,WAAqB,CAC3C,CAAA;QACD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC,OAAiB,CAAC,CAAA;QAC3E,IAAI,oBAAoB,CAAC,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,aAAa,EAClB,oBAAoB,CAAC,YAAY,CAClC,CAAA;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,2BAA2B;QACzB,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACxC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC1C,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACtC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAE3C,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,eAAe;QACb,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,SAAS,CAAA;IAC7D,CAAC;IAED,WAAW;QACT,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAA;IACzD,CAAC;IAED,gBAAgB;QACd,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,SAAS,CAAA;IAC9D,CAAC;IAED,eAAe;QACb,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAM;QACR,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAM;QACR,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC1D,IAAI,mBAAmB,CAAC;gBACtB,QAAQ,EAAE,oBAAoB;gBAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,cAAc,EAAE;oBACd,aAAa,EAAE,YAAY;iBAC5B;aACF,CAAC,CACH,CAAA;YACD,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAChC,IAAI,CAAC,0BAA0B,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAA;YAChE,IAAI,CAAC,2BAA2B,EAAE,CAAA;YAClC,MAAM,IAAI,iBAAiB,CACzB,kFAAkF,EAClF;gBACE,aAAa,EAAE,IAAI;gBACnB,aAAa,EAAE,KAAc;aAC9B,CACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,gBAAgB,CAAC,QAAuB;QACtC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAE7B,OAAO,GAAG,EAAE;YACV,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;YAC9C,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;gBACjB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;YACjC,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,QAAgB,EAChB,oBAA0C;QAE1C,IAAI,oBAAoB,CAAC,oBAAoB,EAAE,CAAC;YAC9C,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,CAAA;YAC1E,OAAO,EAAE,CAAA;QACX,CAAC;QAED,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAA;QACxD,QAAQ,aAAa,EAAE,CAAC;YACtB,KAAK,uBAAuB,CAAC,CAAC,CAAC;gBAC7B,OAAO;oBACL,qBAAqB,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;wBAC3C,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;4BAChC,aAAa;4BACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;4BACrC,kBAAkB,EAAE;gCAClB,QAAQ,EAAE,QAAQ;gCAClB,YAAY,EAAE,WAAW;6BAC1B;yBACF,CAAC,CACH,CAAA;wBACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;oBACH,CAAC;iBACF,CAAA;YACH,CAAC;YACD,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,OAAO;oBACL,GAAG,EAAE;wBACH,MAAM,EAAE,eAAe;wBACvB,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;4BAC3B,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;gCAChC,aAAa;gCACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;gCACrC,kBAAkB,EAAE;oCAClB,QAAQ,EAAE,QAAQ;oCAClB,uBAAuB,EAAE,IAAI;iCAC9B;6BACF,CAAC,CACH,CAAA;4BACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAA;YACH,CAAC;YACD,KAAK,WAAW,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YACD,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,OAAO;oBACL,GAAG,EAAE;wBACH,MAAM,EAAE,KAAK;wBACb,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;4BAC3B,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;gCAChC,aAAa;gCACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;gCACrC,kBAAkB,EAAE;oCAClB,QAAQ,EAAE,QAAQ;oCAClB,YAAY,EAAE,IAAI;iCACnB;6BACF,CAAC,CACH,CAAA;4BACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,kBAAkB,CACnB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,CAAC,IAAI,CACV,uFAAuF,EACvF,oBAAoB,CACrB,CAAA;QACD,MAAM,IAAI,KAAK,CACb,mIAAmI,CACpI,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,QAAgB,EAChB,QAAgB;QAEhB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC/D,IAAI,mBAAmB,CAAC;YACtB,QAAQ,EAAE,oBAAoB;YAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE;gBACd,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ;aACnB;SACF,CAAC,CACH,CAAA;QAED,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,oBAA6B;QAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,6GAA6G,CAC9G,CAAA;QACH,CAAC;QAED,0CAA0C;QAC1C,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAA;QACpC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QAEvC,0EAA0E;QAC1E,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAA;QAC3C,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAA;QAE3D,+DAA+D;QAC/D,MAAM,cAAc,GAAG,MAAM,yBAAyB,CAAC,YAAY,CAAC,CAAA;QAEpE,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,mBAAmB;gBACzC,qBAAqB;gBACrB,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,SAAS;gBACT,kBAAkB,CAAC,KAAK,CAAC;gBACzB,SAAS;gBACT,kBAAkB,CAAC,oDAAoD,CAAC;gBACxE,gBAAgB;gBAChB,kBAAkB,CAAC,WAAW,CAAC;gBAC/B,kBAAkB;gBAClB,kBAAkB,CAAC,cAAc,CAAC;gBAClC,6BAA6B;gBAC7B,CAAC,oBAAoB;oBACnB,CAAC,CAAC,qBAAqB,GAAG,kBAAkB,CAAC,oBAAoB,CAAC;oBAClE,CAAC,CAAC,EAAE,CAAC,CAAA;IACX,CAAC;IAED,KAAK,CAAC,oBAAoB;QACxB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,sHAAsH,CACvH,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QACzD,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACrC,MAAM,qBAAqB,GAAG,KAAK,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAE5D,+CAA+C;QAC/C,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,GAAG,UAAU,MACX,OAAO,qBAAqB,KAAK,QAAQ;gBACvC,CAAC,CAAC,qBAAqB;gBACvB,CAAC,CAAC,gCACN,EAAE,CACH,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;QACtE,CAAC;QAED,IAAI,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;QAClC,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEnE,kDAAkD;QAClD,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACnC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEhD,sDAAsD;QACtD,MAAM,MAAM,GAA4B,MAAM,IAAI,OAAO,CACvD,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClB,eAAe,CACb,WAAW,WAAW,eAAe,EACrC;gBACE,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,YAAY,EAAE,WAAW;gBACzB,aAAa;aACd,EACD,OAAO,EACP,CAAC,KAAK,EAAE,EAAE;gBACR,MAAM,CACJ,IAAI,KAAK,CACP,KAAK,CAAC,iBAAiB;oBACrB,KAAK,CAAC,OAAO;oBACb,oEAAoE,CACvE,CACF,CAAA;YACH,CAAC,CACF,CAAA;QACH,CAAC,CACF,CAAA;QAED,IAAI,CAAC,0BAA0B,CAAC;YAC9B,WAAW,EAAE,MAAM,CAAC,YAAsB;YAC1C,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,OAAO,EAAE,MAAM,CAAC,QAAkB;YAClC,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,YAAY,EAAE,MAAM,CAAC,aAAuB;SAC7C,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,gBAAwB,EACxB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,qBAAqB,CAAC;YACxB,WAAW,EAAE,WAAW,IAAI,EAAE;YAC9B,gBAAgB,EAAE,gBAAgB;YAClC,gBAAgB,EAAE,WAAW;SAC9B,CAAC,CACH,CAAA;IACH,CAAC;IACD,KAAK,CAAC,qBAAqB,CAAC,EAC1B,QAAQ,EACR,IAAI,EACJ,QAAQ,GAKT;QACC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,4BAA4B,CAAC;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,gBAAgB,EAAE,IAAI;YACtB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;SACnB,CAAC,CACH,CAAA;IACH,CAAC;IAED,cAAc;QACZ,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,WAAW,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,MAAM,IAAI,SAAS,CACjB,4GAA4G,CAC7G,CAAA;QACH,CAAC;QAED,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,SAAS;gBAC/B,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,cAAc;gBACd,kBAAkB,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM;QACV,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;YAC5C,4DAA4D;YAC5D,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;YAC9B,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA;YAC1C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,oBAAoB,CAAC;oBACvB,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAE,KAA2B,CAAC,aAAa,EAAE,CAAC;gBAChD,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,2BAA2B,EAAE,CAAA;QACpC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,WAAW,EAAE,CAAA;IAC3B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,eAAe,EAAE,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,WAAyB;;QAC5C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,oBAAoB,CAAA;QAC7B,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CACxD,IAAI,cAAc,CAAC;YACjB,WAAW,EAAE,WAAW;SACzB,CAAC,EACF,EAAE,WAAW,EAAE,CAChB,CAAA;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAA;QAC7C,MAAM,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,CAAA;QACpD,MAAM,WAAW,GAAG,MAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,cAAc,CACjD,0CAAE,KAAK,CAAA;QACR,MAAM,qBAAqB,GACzB,CAAA,MAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,IAAI,CACvB,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,uBAAuB,CAC1D,0CAAE,KAAK,MAAK,MAAM,CAAA;QAErB,OAAO;YACL,aAAa,EAAE;gBACb,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;gBAC/C,SAAS,EAAE,mBAAmB,KAAK,oBAAoB;aACxD;YACD,GAAG,EAAE;gBACH,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACpC,SAAS,EAAE,mBAAmB,KAAK,SAAS;gBAC5C,WAAW;gBACX,qBAAqB;aACtB;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,cAAoD;QAEpD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAE/C,OAAO;YACL,WAAW;YACX,uBAAuB,EAAE,4BAA4B,CACnD,cAAc,EACd,WAAW,CACZ;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,EAAE,qBAAqB,EAAE,KAAK,EAAE,CAAA;QACzC,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE;gBACd;oBACE,IAAI,EAAE,cAAc;oBACpB,KAAK,EAAE,WAAW;iBACnB;aACF;SACF,CAAC,CACH,CAAA;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,OAAO,EAAE,qBAAqB,EAAE,WAAW,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,kBAAkB,EAAE,CAAC,cAAc,CAAC;SACrC,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,+BAA+B;QACnC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAClD,IAAI,uCAAuC,CAAC;YAC1C,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,cAAc;SAC9B,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAAY;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;YAC7B,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,cAAc;YAC7B,IAAI,EAAE,IAAI;SACX,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,MAAiB;QAC3C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAEnD,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,GAAG,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;gBACvC,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,KAAK,eAAe;qBACzC;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO;gBAC7B,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,KAAK,KAAK;qBAC/B;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAiB;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QACnD,MAAM,YAAY,GAChB,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS;YACzC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAA;QACnC,MAAM,WAAW,GACf,MAAM,KAAK,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,CAAA;QACtD,MAAM,aAAa,GACjB,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,eAAe,CAAC,GAAG;YACrB,CAAC,CAAC,eAAe,CAAC,aAAa,CAAA;QAEnC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,GAAG,CAAC,MAAM,KAAK,eAAe;gBAC5B,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,KAAK;qBACpB;iBACF;gBACH,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,KAAK;qBACpB;iBACF,CAAC;YACN,GAAG,CAAC,YAAY,IAAI,aAAa,CAAC,OAAO;gBACvC,CAAC,CAAC,WAAW,KAAK,eAAe;oBAC/B,CAAC,CAAC;wBACE,wBAAwB,EAAE;4BACxB,OAAO,EAAE,IAAI;4BACb,YAAY,EAAE,IAAI;yBACnB;qBACF;oBACH,CAAC,CAAC;wBACE,cAAc,EAAE;4BACd,OAAO,EAAE,IAAI;4BACb,YAAY,EAAE,IAAI;yBACnB;qBACF;gBACL,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAE,SAAS,KAA8B,EAAE;QAC3D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QACnD,MAAM,kBAAkB,GACtB,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;YACpC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC;YAC1C,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAChE,MAAM,iBAAiB,GACrB,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,CAAC,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAEpE,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE;gBACd,OAAO,EAAE,IAAI;gBACb,YAAY,EAAE,iBAAiB;aAChC;YACD,GAAG,CAAC,iBAAiB,IAAI,eAAe,CAAC,aAAa,CAAC,OAAO;gBAC5D,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,KAAK;qBACpB;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,EAAE,SAAS,KAA8B,EAAE;QACxE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAClE,IAAI,6BAA6B,CAAC;YAChC,WAAW,EAAE,WAAW;SACzB,CAAC,CACH,CAAA;QAED,OAAO;YACL,UAAU,EAAE,UAAU;YACtB,eAAe,EAAE,KAAK,EAAE,IAAY,EAAE,EAAE;gBACtC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;oBAC7B,WAAW,EAAE,WAAW;oBACxB,QAAQ,EAAE,IAAI;iBACf,CAAC,CACH,CAAA;gBAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;gBACnD,MAAM,kBAAkB,GACtB,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;oBACpC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC;oBAC1C,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;gBAChE,MAAM,iBAAiB,GACrB,SAAS,aAAT,SAAS,cAAT,SAAS,GACT,CAAC,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;gBAEjE,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;oBAC9B,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,iBAAiB;qBAChC;oBACD,GAAG,CAAC,iBAAiB,IAAI,eAAe,CAAC,GAAG,CAAC,OAAO;wBAClD,CAAC,CAAC;4BACE,cAAc,EAAE;gCACd,OAAO,EAAE,IAAI;gCACb,YAAY,EAAE,KAAK;6BACpB;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;oBACP,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;SACF,CAAA;IACH,CAAC;CACF;AAED,sEAAsE;AACtE,2BAA2B;AAE3B,qDAAqD;AACrD,SAAS,eAAe,CACtB,GAAW,EACX,MAA+B,EAC/B,OAAiD,EACjD,KAAsE;IAEtE,MAAM,OAAO,GAAG,IAAI,cAAc,EAAE,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;IAC/B,OAAO,CAAC,gBAAgB,CACtB,cAAc,EACd,kDAAkD,CACnD,CAAA;IACD,OAAO,CAAC,MAAM,GAAG;QACf,IAAI,IAAI,GAAG,EAAE,CAAA;QACb,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAA;YAC1B,aAAa;QACf,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,CAAA;QACf,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,CAAA;QACb,CAAC;IACH,CAAC,CAAA;IACD,OAAO,CAAC,OAAO,GAAG;QAChB,KAAK,CAAC,EAAE,CAAC,CAAA;IACX,CAAC,CAAA;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;SAC7B,MAAM,CAAC,CAAC,IAAc,EAAE,GAAG,EAAE,EAAE;QAC9B,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAA;QACpC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,EAAE,EAAE,CAAC;SACL,IAAI,CAAC,GAAG,CAAC,CAAA;IACZ,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACpB,CAAC;AAED,sEAAsE;AACtE,wBAAwB;AAExB,qEAAqE;AACrE,SAAS,oBAAoB;IAC3B,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAA;IACjC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IACpC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CACzE,EAAE,CACH,CAAA;AACH,CAAC;AAED,+CAA+C;AAC/C,oDAAoD;AACpD,SAAS,MAAM,CAAC,KAAa;IAC3B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;AACrD,CAAC;AAED,qCAAqC;AACrC,SAAS,eAAe,CAAC,GAAgB;IACvC,sFAAsF;IACtF,sEAAsE;IACtE,uDAAuD;IACvD,0DAA0D;IAC1D,mBAAmB;IACnB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;SAC9D,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AACvB,CAAC;AAED,kEAAkE;AAClE,KAAK,UAAU,yBAAyB,CAAC,CAAS;IAChD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,CAAC,CAAC,CAAA;IAC9B,OAAO,eAAe,CAAC,MAAM,CAAC,CAAA;AAChC,CAAC","sourcesContent":["import {\n AssociateSoftwareTokenCommand,\n AuthenticationResultType,\n ChangePasswordCommand,\n CognitoIdentityProviderClient,\n ConfirmForgotPasswordCommand,\n DeleteUserAttributesCommand,\n GetUserAttributeVerificationCodeCommand,\n GetUserCommand,\n GlobalSignOutCommand,\n InitiateAuthCommand,\n InitiateAuthResponse,\n RespondToAuthChallengeCommand,\n SetUserMFAPreferenceCommand,\n UpdateUserAttributesCommand,\n VerifySoftwareTokenCommand,\n VerifyUserAttributeCommand,\n} from '@aws-sdk/client-cognito-identity-provider'\nimport Sentry from '../Sentry'\nimport { OneBlinkAppsError } from '..'\nimport { MiscTypes } from '@oneblink/types'\n\nexport type MfaMethod = 'authenticator' | 'sms'\n\nexport type MfaSettings = {\n authenticator: {\n enabled: boolean\n preferred: boolean\n }\n sms: {\n enabled: boolean\n preferred: boolean\n phoneNumber: string | undefined\n isPhoneNumberVerified: boolean\n }\n}\n\nexport const DEFAULT_MFA_SETTINGS: MfaSettings = {\n authenticator: { enabled: false, preferred: false },\n sms: {\n enabled: false,\n preferred: false,\n phoneNumber: undefined,\n isPhoneNumberVerified: false,\n },\n}\n\nexport type MfaRequirementCheckResult = {\n mfaSettings: MfaSettings\n userMeetsMfaRequirement: boolean\n}\n\nconst MFA_REQUIREMENT_METHOD_CHECKS = {\n sms: (mfaSettings: MfaSettings) => mfaSettings.sms.enabled,\n authenticatorApp: (mfaSettings: MfaSettings) =>\n mfaSettings.authenticator.enabled,\n} satisfies Record<\n keyof MiscTypes.MfaRequirement,\n (mfaSettings: MfaSettings) => boolean\n>\n\nfunction checkUserMeetsMfaRequirement(\n mfaRequirement: MiscTypes.MfaRequirement | undefined,\n mfaSettings: MfaSettings,\n): boolean {\n if (!mfaRequirement) {\n return true\n }\n\n const requiredMethods = (\n Object.keys(MFA_REQUIREMENT_METHOD_CHECKS) as Array<\n keyof MiscTypes.MfaRequirement\n >\n ).filter((method) => mfaRequirement[method])\n\n if (requiredMethods.length === 0) {\n return true\n }\n\n return requiredMethods.some((method) =>\n MFA_REQUIREMENT_METHOD_CHECKS[method](mfaSettings),\n )\n}\n\nexport type LoginAttemptResponse = {\n resetPasswordCallback?: (newPassword: string) => Promise<LoginAttemptResponse>\n mfa?: {\n codeCallback: (code: string) => Promise<LoginAttemptResponse>\n method: MfaMethod\n }\n}\n\nexport default class AWSCognitoClient {\n clientId: string\n cognitoIdentityProviderClient: CognitoIdentityProviderClient\n loginDomain: string | void\n redirectUri: string | void\n logoutUri: string | void\n listeners: Array<() => unknown>\n\n constructor({\n clientId,\n region,\n loginDomain,\n redirectUri,\n logoutUri,\n }: {\n clientId: string\n region: string\n redirectUri?: string\n logoutUri?: string\n loginDomain?: string\n }) {\n if (!clientId) {\n throw new TypeError('\"clientId\" is required in constructor')\n }\n if (!region) {\n throw new TypeError('\"region\" is required in constructor')\n }\n\n this.listeners = []\n this.redirectUri = redirectUri\n this.logoutUri = logoutUri\n this.loginDomain = loginDomain\n this.clientId = clientId\n this.cognitoIdentityProviderClient = new CognitoIdentityProviderClient({\n region,\n })\n }\n\n // Local Storage Keys\n get EXPIRES_AT() {\n return `COGNITO_${this.clientId}_EXPIRES_AT`\n }\n get ACCESS_TOKEN() {\n return `COGNITO_${this.clientId}_ACCESS_TOKEN`\n }\n get ID_TOKEN() {\n return `COGNITO_${this.clientId}_ID_TOKEN`\n }\n get REFRESH_TOKEN() {\n return `COGNITO_${this.clientId}_REFRESH_TOKEN`\n }\n get STATE() {\n return `COGNITO_${this.clientId}_STATE`\n }\n get PKCE_CODE_VERIFIER() {\n return `COGNITO_${this.clientId}_PKCE_CODE_VERIFIER`\n }\n\n _executeListeners() {\n for (const listener of this.listeners) {\n try {\n listener()\n } catch (error) {\n Sentry.captureException(error)\n // Ignore error from listeners\n console.warn('AWSCognitoClient listener error', error)\n }\n }\n }\n\n _storeAuthenticationResult(authenticationResult: AuthenticationResultType) {\n // Take off 5 seconds to ensure a request does not become unauthenticated mid request\n const expiresAt =\n (authenticationResult.ExpiresIn as number) * 1000 + Date.now() - 5000\n localStorage.setItem(this.EXPIRES_AT, expiresAt.toString())\n localStorage.setItem(\n this.ACCESS_TOKEN,\n authenticationResult.AccessToken as string,\n )\n localStorage.setItem(this.ID_TOKEN, authenticationResult.IdToken as string)\n if (authenticationResult.RefreshToken) {\n localStorage.setItem(\n this.REFRESH_TOKEN,\n authenticationResult.RefreshToken,\n )\n }\n\n this._executeListeners()\n }\n\n _removeAuthenticationResult() {\n localStorage.removeItem(this.EXPIRES_AT)\n localStorage.removeItem(this.ACCESS_TOKEN)\n localStorage.removeItem(this.ID_TOKEN)\n localStorage.removeItem(this.REFRESH_TOKEN)\n\n this._executeListeners()\n }\n\n _getAccessToken(): string | undefined {\n return localStorage.getItem(this.ACCESS_TOKEN) || undefined\n }\n\n _getIdToken(): string | undefined {\n return localStorage.getItem(this.ID_TOKEN) || undefined\n }\n\n _getRefreshToken(): string | undefined {\n return localStorage.getItem(this.REFRESH_TOKEN) || undefined\n }\n\n _isSessionValid(): boolean {\n const expiresAt = localStorage.getItem(this.EXPIRES_AT)\n if (!expiresAt) {\n return false\n }\n return parseInt(expiresAt, 10) > Date.now()\n }\n\n async _refreshSession(): Promise<void> {\n if (this._isSessionValid()) {\n return\n }\n\n const refreshToken = this._getRefreshToken()\n if (!refreshToken) {\n return\n }\n\n try {\n const result = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'REFRESH_TOKEN_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n REFRESH_TOKEN: refreshToken,\n },\n }),\n )\n if (result.AuthenticationResult) {\n this._storeAuthenticationResult(result.AuthenticationResult)\n }\n } catch (error) {\n console.warn('Error while attempting to refresh session', error)\n this._removeAuthenticationResult()\n throw new OneBlinkAppsError(\n 'Your session has expired. Please login again to continue to use the application.',\n {\n requiresLogin: true,\n originalError: error as Error,\n },\n )\n }\n }\n\n registerListener(listener: () => unknown): () => void {\n this.listeners.push(listener)\n\n return () => {\n const index = this.listeners.indexOf(listener)\n if (index !== -1) {\n this.listeners.splice(index, 1)\n }\n }\n }\n\n async responseToAuthChallenge(\n username: string,\n initiateAuthResponse: InitiateAuthResponse,\n ): Promise<LoginAttemptResponse> {\n if (initiateAuthResponse.AuthenticationResult) {\n this._storeAuthenticationResult(initiateAuthResponse.AuthenticationResult)\n return {}\n }\n\n const ChallengeName = initiateAuthResponse.ChallengeName\n switch (ChallengeName) {\n case 'NEW_PASSWORD_REQUIRED': {\n return {\n resetPasswordCallback: async (newPassword) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n NEW_PASSWORD: newPassword,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n }\n }\n case 'SOFTWARE_TOKEN_MFA': {\n return {\n mfa: {\n method: 'authenticator',\n codeCallback: async (code) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SOFTWARE_TOKEN_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n },\n }\n }\n case 'EMAIL_OTP': {\n throw new Error('Email OTP is not supported')\n }\n case 'SMS_MFA': {\n return {\n mfa: {\n method: 'sms',\n codeCallback: async (code) => {\n const smsChallengeResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SMS_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n smsChallengeResult,\n )\n },\n },\n }\n }\n }\n\n console.warn(\n '\"CognitoIdentityServiceProvider.InitiateAuthResponse\" challenge has not been catered.',\n initiateAuthResponse,\n )\n throw new Error(\n 'An unexpected error occurred while attempting to process your login. Please try again or contact support if the problem persists.',\n )\n }\n\n async loginUsernamePassword(\n username: string,\n password: string,\n ): Promise<LoginAttemptResponse> {\n const loginResult = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'USER_PASSWORD_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n USERNAME: username,\n PASSWORD: password,\n },\n }),\n )\n\n return await this.responseToAuthChallenge(username, loginResult)\n }\n\n async loginHostedUI(identityProviderName?: string): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to login.',\n )\n }\n\n // Create and store a random \"state\" value\n const state = generateRandomString()\n localStorage.setItem(this.STATE, state)\n\n // Create and store a new PKCE code_verifier (the plaintext random secret)\n const codeVerifier = generateRandomString()\n localStorage.setItem(this.PKCE_CODE_VERIFIER, codeVerifier)\n\n // Hash and base64-urlencode the secret to use as the challenge\n const code_challenge = await pkceChallengeFromVerifier(codeVerifier)\n\n window.location.href =\n `https://${loginDomain}/oauth2/authorize` +\n '?response_type=code' +\n '&client_id=' +\n encodeURIComponent(this.clientId) +\n '&state=' +\n encodeURIComponent(state) +\n '&scope=' +\n encodeURIComponent('openid email profile aws.cognito.signin.user.admin') +\n '&redirect_uri=' +\n encodeURIComponent(redirectUri) +\n '&code_challenge=' +\n encodeURIComponent(code_challenge) +\n '&code_challenge_method=S256' +\n (identityProviderName\n ? '&identity_provider=' + encodeURIComponent(identityProviderName)\n : '')\n }\n\n async handleAuthentication(): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to handle a login.',\n )\n }\n\n const query = new URLSearchParams(window.location.search)\n const queryError = query.get('error')\n const queryErrorDescription = query.get('error_description')\n\n // Check if the server returned an error string\n if (typeof queryError === 'string') {\n throw new Error(\n `${queryError} - ${\n typeof queryErrorDescription === 'string'\n ? queryErrorDescription\n : 'An unknown error has occurred.'\n }`,\n )\n }\n\n const code = query.get('code')\n if (typeof code !== 'string') {\n throw new Error('\"code\" was not including in query string to parse')\n }\n\n if (localStorage.getItem(this.STATE) !== query.get('state')) {\n throw new Error('Invalid login')\n }\n\n const code_verifier = localStorage.getItem(this.PKCE_CODE_VERIFIER)\n\n // Clean these up since we don't need them anymore\n localStorage.removeItem(this.STATE)\n localStorage.removeItem(this.PKCE_CODE_VERIFIER)\n\n // Exchange the authorization code for an access token\n const result: Record<string, unknown> = await new Promise(\n (resolve, reject) => {\n sendPostRequest(\n `https://${loginDomain}/oauth2/token`,\n {\n grant_type: 'authorization_code',\n code,\n client_id: this.clientId,\n redirect_uri: redirectUri,\n code_verifier,\n },\n resolve,\n (error) => {\n reject(\n new Error(\n error.error_description ||\n error.message ||\n 'An unknown error has occurred while processing authentication code',\n ),\n )\n },\n )\n },\n )\n\n this._storeAuthenticationResult({\n AccessToken: result.access_token as string,\n ExpiresIn: result.expires_in as number,\n IdToken: result.id_token as string,\n TokenType: result.token_type as string,\n RefreshToken: result.refresh_token as string,\n })\n }\n\n async changePassword(\n existingPassword: string,\n newPassword: string,\n ): Promise<void> {\n const accessToken = await this.getAccessToken()\n await this.cognitoIdentityProviderClient.send(\n new ChangePasswordCommand({\n AccessToken: accessToken || '',\n PreviousPassword: existingPassword,\n ProposedPassword: newPassword,\n }),\n )\n }\n async confirmForgotPassword({\n username,\n code,\n password,\n }: {\n username: string\n code: string\n password: string\n }) {\n await this.cognitoIdentityProviderClient.send(\n new ConfirmForgotPasswordCommand({\n ClientId: this.clientId,\n ConfirmationCode: code,\n Password: password,\n Username: username,\n }),\n )\n }\n\n logoutHostedUI(): void {\n const loginDomain = this.loginDomain\n const logoutUri = this.logoutUri\n if (!loginDomain || !logoutUri) {\n throw new TypeError(\n '\"loginDomain\" or \"logoutUri\" was not passed to constructor. Both are required before attempting to logout.',\n )\n }\n\n window.location.href =\n `https://${loginDomain}/logout` +\n '?client_id=' +\n encodeURIComponent(this.clientId) +\n '&logout_uri=' +\n encodeURIComponent(logoutUri)\n }\n\n async logout(): Promise<void> {\n try {\n const refreshToken = this._getRefreshToken()\n // Refresh session to allow access token to perform sign out\n if (refreshToken) {\n await this._refreshSession()\n }\n\n const accessToken = this._getAccessToken()\n if (accessToken) {\n await this.cognitoIdentityProviderClient.send(\n new GlobalSignOutCommand({\n AccessToken: accessToken,\n }),\n )\n }\n } catch (error) {\n if (!(error as OneBlinkAppsError).requiresLogin) {\n throw error\n }\n } finally {\n this._removeAuthenticationResult()\n }\n }\n\n async getIdToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getIdToken()\n }\n\n async getAccessToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getAccessToken()\n }\n\n async getMfaSettings(abortSignal?: AbortSignal): Promise<MfaSettings> {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return DEFAULT_MFA_SETTINGS\n }\n\n const user = await this.cognitoIdentityProviderClient.send(\n new GetUserCommand({\n AccessToken: accessToken,\n }),\n { abortSignal },\n )\n\n const mfaList = user.UserMFASettingList || []\n const preferredMfaSetting = user.PreferredMfaSetting\n const phoneNumber = user.UserAttributes?.find(\n (attribute) => attribute.Name === 'phone_number',\n )?.Value\n const isPhoneNumberVerified =\n user.UserAttributes?.find(\n (attribute) => attribute.Name === 'phone_number_verified',\n )?.Value === 'true'\n\n return {\n authenticator: {\n enabled: mfaList.includes('SOFTWARE_TOKEN_MFA'),\n preferred: preferredMfaSetting === 'SOFTWARE_TOKEN_MFA',\n },\n sms: {\n enabled: mfaList.includes('SMS_MFA'),\n preferred: preferredMfaSetting === 'SMS_MFA',\n phoneNumber,\n isPhoneNumberVerified,\n },\n }\n }\n\n async checkIsMfaEnabled(\n mfaRequirement: MiscTypes.MfaRequirement | undefined,\n ): Promise<MfaRequirementCheckResult> {\n const mfaSettings = await this.getMfaSettings()\n\n return {\n mfaSettings,\n userMeetsMfaRequirement: checkUserMeetsMfaRequirement(\n mfaRequirement,\n mfaSettings,\n ),\n }\n }\n\n async updateUserPhoneNumber(\n phoneNumber: string,\n ): Promise<{ isPhoneNumberVerified: boolean }> {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return { isPhoneNumberVerified: false }\n }\n\n await this.cognitoIdentityProviderClient.send(\n new UpdateUserAttributesCommand({\n AccessToken: accessToken,\n UserAttributes: [\n {\n Name: 'phone_number',\n Value: phoneNumber,\n },\n ],\n }),\n )\n\n const mfaSettings = await this.getMfaSettings()\n return { isPhoneNumberVerified: mfaSettings.sms.isPhoneNumberVerified }\n }\n\n async removeUserPhoneNumber() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new DeleteUserAttributesCommand({\n AccessToken: accessToken,\n UserAttributeNames: ['phone_number'],\n }),\n )\n }\n\n async sendPhoneNumberVerificationCode() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n return await this.cognitoIdentityProviderClient.send(\n new GetUserAttributeVerificationCodeCommand({\n AccessToken: accessToken,\n AttributeName: 'phone_number',\n }),\n )\n }\n\n async verifyUserPhoneNumber(code: string) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new VerifyUserAttributeCommand({\n AccessToken: accessToken,\n AttributeName: 'phone_number',\n Code: code,\n }),\n )\n }\n\n async setPreferredMfaMethod(method: MfaMethod) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n ...(currentSettings.authenticator.enabled\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: method === 'authenticator',\n },\n }\n : {}),\n ...(currentSettings.sms.enabled\n ? {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: method === 'sms',\n },\n }\n : {}),\n }),\n )\n }\n\n async disableMfaMethod(method: MfaMethod) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n const wasPreferred =\n method === 'authenticator'\n ? currentSettings.authenticator.preferred\n : currentSettings.sms.preferred\n const otherMethod: MfaMethod =\n method === 'authenticator' ? 'sms' : 'authenticator'\n const otherSettings =\n method === 'authenticator'\n ? currentSettings.sms\n : currentSettings.authenticator\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n ...(method === 'authenticator'\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n }\n : {\n SMSMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n }),\n ...(wasPreferred && otherSettings.enabled\n ? otherMethod === 'authenticator'\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n }\n : {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n }\n : {}),\n }),\n )\n }\n\n async setupSmsMfa({ preferred }: { preferred?: boolean } = {}) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n const hasPreferredMethod =\n (currentSettings.authenticator.enabled &&\n currentSettings.authenticator.preferred) ||\n (currentSettings.sms.enabled && currentSettings.sms.preferred)\n const shouldBePreferred =\n preferred ?? (!hasPreferredMethod && !currentSettings.sms.enabled)\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: shouldBePreferred,\n },\n ...(shouldBePreferred && currentSettings.authenticator.enabled\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: false,\n },\n }\n : {}),\n }),\n )\n }\n\n async setupMfaAuthenticatorApp({ preferred }: { preferred?: boolean } = {}) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const { SecretCode } = await this.cognitoIdentityProviderClient.send(\n new AssociateSoftwareTokenCommand({\n AccessToken: accessToken,\n }),\n )\n\n return {\n secretCode: SecretCode,\n mfaCodeCallback: async (code: string) => {\n await this.cognitoIdentityProviderClient.send(\n new VerifySoftwareTokenCommand({\n AccessToken: accessToken,\n UserCode: code,\n }),\n )\n\n const currentSettings = await this.getMfaSettings()\n const hasPreferredMethod =\n (currentSettings.authenticator.enabled &&\n currentSettings.authenticator.preferred) ||\n (currentSettings.sms.enabled && currentSettings.sms.preferred)\n const shouldBePreferred =\n preferred ??\n (!hasPreferredMethod && !currentSettings.authenticator.enabled)\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: shouldBePreferred,\n },\n ...(shouldBePreferred && currentSettings.sms.enabled\n ? {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: false,\n },\n }\n : {}),\n AccessToken: accessToken,\n }),\n )\n },\n }\n }\n}\n\n//////////////////////////////////////////////////////////////////////\n// GENERAL HELPER FUNCTIONS\n\n// Make a POST request and parse the response as JSON\nfunction sendPostRequest(\n url: string,\n params: Record<string, unknown>,\n success: (value: Record<string, unknown>) => void,\n error: (err: { message?: string; error_description?: string }) => void,\n) {\n const request = new XMLHttpRequest()\n request.open('POST', url, true)\n request.setRequestHeader(\n 'Content-Type',\n 'application/x-www-form-urlencoded; charset=UTF-8',\n )\n request.onload = function () {\n let body = {}\n try {\n body = JSON.parse(request.response)\n } catch (e) {\n Sentry.captureException(e)\n // Do nothing\n }\n\n if (request.status == 200) {\n success(body)\n } else {\n error(body)\n }\n }\n request.onerror = function () {\n error({})\n }\n const body = Object.keys(params)\n .reduce((keys: string[], key) => {\n if (params[key]) {\n keys.push(key + '=' + params[key])\n }\n return keys\n }, [])\n .join('&')\n request.send(body)\n}\n\n//////////////////////////////////////////////////////////////////////\n// PKCE HELPER FUNCTIONS\n\n// Generate a secure random string using the browser crypto functions\nfunction generateRandomString() {\n const array = new Uint32Array(28)\n window.crypto.getRandomValues(array)\n return Array.from(array, (dec) => ('0' + dec.toString(16)).substr(-2)).join(\n '',\n )\n}\n\n// Calculate the SHA256 hash of the input text.\n// Returns a promise that resolves to an ArrayBuffer\nfunction sha256(plain: string) {\n const encoder = new TextEncoder()\n const data = encoder.encode(plain)\n return window.crypto.subtle.digest('SHA-256', data)\n}\n\n// Base64-urlencodes the input string\nfunction base64urlencode(str: ArrayBuffer) {\n // Convert the ArrayBuffer to string using Uint8 array to conver to what btoa accepts.\n // btoa accepts chars only within ascii 0-255 and base64 encodes them.\n // Then convert the base64 encoded to base64url encoded\n // (replace + with -, replace / with _, trim trailing =)\n // @ts-expect-error\n return btoa(String.fromCharCode.apply(null, new Uint8Array(str)))\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '')\n}\n\n// Return the base64-urlencoded sha256 hash for the PKCE challenge\nasync function pkceChallengeFromVerifier(v: string) {\n const hashed = await sha256(v)\n return base64urlencode(hashed)\n}\n"]}
1
+ {"version":3,"file":"AWSCognitoClient.js","sourceRoot":"","sources":["../../../src/apps/services/AWSCognitoClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAE7B,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,2BAA2B,EAC3B,cAAc,EACd,oBAAoB,EACpB,mBAAmB,EAEnB,6BAA6B,EAC7B,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,2CAA2C,CAAA;AAClD,OAAO,MAAM,MAAM,WAAW,CAAA;AAC9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAA;AAiBtC,MAAM,CAAC,MAAM,oBAAoB,GAAgB;IAC/C,aAAa,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE;IACnD,GAAG,EAAE;QACH,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,KAAK;QAChB,WAAW,EAAE,SAAS;QACtB,qBAAqB,EAAE,KAAK;KAC7B;CACF,CAAA;AAED,MAAM,UAAU,wBAAwB,CAAC,EACvC,oBAAoB,EACpB,UAAU,EACV,mBAAmB,GAKpB;IAIC,MAAM,6BAA6B,GACjC,mBAAmB,KAAK,oBAAoB,CAAA;IAC9C,MAAM,mBAAmB,GAAG,mBAAmB,KAAK,SAAS,CAAA;IAE7D,IAAI,6BAA6B,IAAI,oBAAoB,EAAE,CAAC;QAC1D,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAA;IAC9D,CAAC;IAED,IAAI,mBAAmB,IAAI,UAAU,EAAE,CAAC;QACtC,OAAO,EAAE,sBAAsB,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,CAAA;IAC9D,CAAC;IAED,IAAI,oBAAoB,IAAI,UAAU,EAAE,CAAC;QACvC,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAA;IAC9D,CAAC;IAED,OAAO;QACL,sBAAsB,EAAE,oBAAoB;QAC5C,YAAY,EAAE,UAAU;KACzB,CAAA;AACH,CAAC;AAUD,MAAM,CAAC,OAAO,OAAO,gBAAgB;IAQnC,YAAY,EACV,QAAQ,EACR,MAAM,EACN,WAAW,EACX,WAAW,EACX,SAAS,GAOV;QACC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;QAC9D,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAA;QAC5D,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,EAAE,CAAA;QACnB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,IAAI,CAAC,6BAA6B,GAAG,IAAI,6BAA6B,CAAC;YACrE,MAAM;SACP,CAAC,CAAA;IACJ,CAAC;IAED,qBAAqB;IACrB,IAAI,UAAU;QACZ,OAAO,WAAW,IAAI,CAAC,QAAQ,aAAa,CAAA;IAC9C,CAAC;IACD,IAAI,YAAY;QACd,OAAO,WAAW,IAAI,CAAC,QAAQ,eAAe,CAAA;IAChD,CAAC;IACD,IAAI,QAAQ;QACV,OAAO,WAAW,IAAI,CAAC,QAAQ,WAAW,CAAA;IAC5C,CAAC;IACD,IAAI,aAAa;QACf,OAAO,WAAW,IAAI,CAAC,QAAQ,gBAAgB,CAAA;IACjD,CAAC;IACD,IAAI,KAAK;QACP,OAAO,WAAW,IAAI,CAAC,QAAQ,QAAQ,CAAA;IACzC,CAAC;IACD,IAAI,kBAAkB;QACpB,OAAO,WAAW,IAAI,CAAC,QAAQ,qBAAqB,CAAA;IACtD,CAAC;IAED,iBAAiB;QACf,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,QAAQ,EAAE,CAAA;YACZ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAA;gBAC9B,8BAA8B;gBAC9B,OAAO,CAAC,IAAI,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B,CAAC,oBAA8C;QACvE,qFAAqF;QACrF,MAAM,SAAS,GACZ,oBAAoB,CAAC,SAAoB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA;QACvE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;QAC3D,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,YAAY,EACjB,oBAAoB,CAAC,WAAqB,CAC3C,CAAA;QACD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC,OAAiB,CAAC,CAAA;QAC3E,IAAI,oBAAoB,CAAC,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,aAAa,EAClB,oBAAoB,CAAC,YAAY,CAClC,CAAA;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,2BAA2B;QACzB,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACxC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC1C,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACtC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAE3C,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,eAAe;QACb,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,SAAS,CAAA;IAC7D,CAAC;IAED,WAAW;QACT,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAA;IACzD,CAAC;IAED,gBAAgB;QACd,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,SAAS,CAAA;IAC9D,CAAC;IAED,eAAe;QACb,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAM;QACR,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAM;QACR,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC1D,IAAI,mBAAmB,CAAC;gBACtB,QAAQ,EAAE,oBAAoB;gBAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,cAAc,EAAE;oBACd,aAAa,EAAE,YAAY;iBAC5B;aACF,CAAC,CACH,CAAA;YACD,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAChC,IAAI,CAAC,0BAA0B,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAA;YAChE,IAAI,CAAC,2BAA2B,EAAE,CAAA;YAClC,MAAM,IAAI,iBAAiB,CACzB,kFAAkF,EAClF;gBACE,aAAa,EAAE,IAAI;gBACnB,aAAa,EAAE,KAAc;aAC9B,CACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,gBAAgB,CAAC,QAAuB;QACtC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAE7B,OAAO,GAAG,EAAE;YACV,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;YAC9C,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;gBACjB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;YACjC,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,QAAgB,EAChB,oBAA0C;QAE1C,IAAI,oBAAoB,CAAC,oBAAoB,EAAE,CAAC;YAC9C,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,CAAA;YAC1E,OAAO,EAAE,CAAA;QACX,CAAC;QAED,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAA;QACxD,QAAQ,aAAa,EAAE,CAAC;YACtB,KAAK,uBAAuB,CAAC,CAAC,CAAC;gBAC7B,OAAO;oBACL,qBAAqB,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;wBAC3C,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;4BAChC,aAAa;4BACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;4BACrC,kBAAkB,EAAE;gCAClB,QAAQ,EAAE,QAAQ;gCAClB,YAAY,EAAE,WAAW;6BAC1B;yBACF,CAAC,CACH,CAAA;wBACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;oBACH,CAAC;iBACF,CAAA;YACH,CAAC;YACD,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,OAAO;oBACL,GAAG,EAAE;wBACH,MAAM,EAAE,eAAe;wBACvB,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;4BAC3B,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;gCAChC,aAAa;gCACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;gCACrC,kBAAkB,EAAE;oCAClB,QAAQ,EAAE,QAAQ;oCAClB,uBAAuB,EAAE,IAAI;iCAC9B;6BACF,CAAC,CACH,CAAA;4BACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAA;YACH,CAAC;YACD,KAAK,WAAW,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YACD,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,OAAO;oBACL,GAAG,EAAE;wBACH,MAAM,EAAE,KAAK;wBACb,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;4BAC3B,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;gCAChC,aAAa;gCACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;gCACrC,kBAAkB,EAAE;oCAClB,QAAQ,EAAE,QAAQ;oCAClB,YAAY,EAAE,IAAI;iCACnB;6BACF,CAAC,CACH,CAAA;4BACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,kBAAkB,CACnB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,CAAC,IAAI,CACV,uFAAuF,EACvF,oBAAoB,CACrB,CAAA;QACD,MAAM,IAAI,KAAK,CACb,mIAAmI,CACpI,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,QAAgB,EAChB,QAAgB;QAEhB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC/D,IAAI,mBAAmB,CAAC;YACtB,QAAQ,EAAE,oBAAoB;YAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE;gBACd,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ;aACnB;SACF,CAAC,CACH,CAAA;QAED,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,oBAA6B;QAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,6GAA6G,CAC9G,CAAA;QACH,CAAC;QAED,0CAA0C;QAC1C,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAA;QACpC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QAEvC,0EAA0E;QAC1E,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAA;QAC3C,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAA;QAE3D,+DAA+D;QAC/D,MAAM,cAAc,GAAG,MAAM,yBAAyB,CAAC,YAAY,CAAC,CAAA;QAEpE,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,mBAAmB;gBACzC,qBAAqB;gBACrB,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,SAAS;gBACT,kBAAkB,CAAC,KAAK,CAAC;gBACzB,SAAS;gBACT,kBAAkB,CAAC,oDAAoD,CAAC;gBACxE,gBAAgB;gBAChB,kBAAkB,CAAC,WAAW,CAAC;gBAC/B,kBAAkB;gBAClB,kBAAkB,CAAC,cAAc,CAAC;gBAClC,6BAA6B;gBAC7B,CAAC,oBAAoB;oBACnB,CAAC,CAAC,qBAAqB,GAAG,kBAAkB,CAAC,oBAAoB,CAAC;oBAClE,CAAC,CAAC,EAAE,CAAC,CAAA;IACX,CAAC;IAED,KAAK,CAAC,oBAAoB;QACxB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,sHAAsH,CACvH,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QACzD,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACrC,MAAM,qBAAqB,GAAG,KAAK,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAE5D,+CAA+C;QAC/C,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,GAAG,UAAU,MACX,OAAO,qBAAqB,KAAK,QAAQ;gBACvC,CAAC,CAAC,qBAAqB;gBACvB,CAAC,CAAC,gCACN,EAAE,CACH,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;QACtE,CAAC;QAED,IAAI,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;QAClC,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEnE,kDAAkD;QAClD,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACnC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEhD,sDAAsD;QACtD,MAAM,MAAM,GAA4B,MAAM,IAAI,OAAO,CACvD,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClB,eAAe,CACb,WAAW,WAAW,eAAe,EACrC;gBACE,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,YAAY,EAAE,WAAW;gBACzB,aAAa;aACd,EACD,OAAO,EACP,CAAC,KAAK,EAAE,EAAE;gBACR,MAAM,CACJ,IAAI,KAAK,CACP,KAAK,CAAC,iBAAiB;oBACrB,KAAK,CAAC,OAAO;oBACb,oEAAoE,CACvE,CACF,CAAA;YACH,CAAC,CACF,CAAA;QACH,CAAC,CACF,CAAA;QAED,IAAI,CAAC,0BAA0B,CAAC;YAC9B,WAAW,EAAE,MAAM,CAAC,YAAsB;YAC1C,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,OAAO,EAAE,MAAM,CAAC,QAAkB;YAClC,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,YAAY,EAAE,MAAM,CAAC,aAAuB;SAC7C,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,gBAAwB,EACxB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,qBAAqB,CAAC;YACxB,WAAW,EAAE,WAAW,IAAI,EAAE;YAC9B,gBAAgB,EAAE,gBAAgB;YAClC,gBAAgB,EAAE,WAAW;SAC9B,CAAC,CACH,CAAA;IACH,CAAC;IACD,KAAK,CAAC,qBAAqB,CAAC,EAC1B,QAAQ,EACR,IAAI,EACJ,QAAQ,GAKT;QACC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,4BAA4B,CAAC;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,gBAAgB,EAAE,IAAI;YACtB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;SACnB,CAAC,CACH,CAAA;IACH,CAAC;IAED,cAAc;QACZ,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,WAAW,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,MAAM,IAAI,SAAS,CACjB,4GAA4G,CAC7G,CAAA;QACH,CAAC;QAED,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,SAAS;gBAC/B,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,cAAc;gBACd,kBAAkB,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM;QACV,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;YAC5C,4DAA4D;YAC5D,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;YAC9B,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA;YAC1C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,oBAAoB,CAAC;oBACvB,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAE,KAA2B,CAAC,aAAa,EAAE,CAAC;gBAChD,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,2BAA2B,EAAE,CAAA;QACpC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,WAAW,EAAE,CAAA;IAC3B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,eAAe,EAAE,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,WAAyB;;QAC5C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,oBAAoB,CAAA;QAC7B,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CACxD,IAAI,cAAc,CAAC;YACjB,WAAW,EAAE,WAAW;SACzB,CAAC,EACF,EAAE,WAAW,EAAE,CAChB,CAAA;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAA;QAC7C,MAAM,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,CAAA;QACpD,MAAM,WAAW,GAAG,MAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,cAAc,CACjD,0CAAE,KAAK,CAAA;QACR,MAAM,qBAAqB,GACzB,CAAA,MAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,IAAI,CACvB,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,uBAAuB,CAC1D,0CAAE,KAAK,MAAK,MAAM,CAAA;QAErB,MAAM,oBAAoB,GAAG,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAA;QACnE,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;QAC9C,MAAM,EAAE,sBAAsB,EAAE,YAAY,EAAE,GAAG,wBAAwB,CAAC;YACxE,oBAAoB;YACpB,UAAU;YACV,mBAAmB;SACpB,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE;gBACb,OAAO,EAAE,oBAAoB;gBAC7B,SAAS,EAAE,sBAAsB;aAClC;YACD,GAAG,EAAE;gBACH,OAAO,EAAE,UAAU;gBACnB,SAAS,EAAE,YAAY;gBACvB,WAAW;gBACX,qBAAqB;aACtB;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,EAAE,qBAAqB,EAAE,KAAK,EAAE,CAAA;QACzC,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE;gBACd;oBACE,IAAI,EAAE,cAAc;oBACpB,KAAK,EAAE,WAAW;iBACnB;aACF;SACF,CAAC,CACH,CAAA;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,OAAO,EAAE,qBAAqB,EAAE,WAAW,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,kBAAkB,EAAE,CAAC,cAAc,CAAC;SACrC,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAAY;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;YAC7B,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,cAAc;YAC7B,IAAI,EAAE,IAAI;SACX,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,MAAiB;QAC3C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAEnD,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,GAAG,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;gBACvC,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,KAAK,eAAe;qBACzC;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO;gBAC7B,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,KAAK,KAAK;qBAC/B;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAiB;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QACnD,MAAM,YAAY,GAChB,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS;YACzC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAA;QACnC,MAAM,WAAW,GACf,MAAM,KAAK,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,CAAA;QACtD,MAAM,aAAa,GACjB,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,eAAe,CAAC,GAAG;YACrB,CAAC,CAAC,eAAe,CAAC,aAAa,CAAA;QAEnC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,GAAG,CAAC,MAAM,KAAK,eAAe;gBAC5B,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,KAAK;qBACpB;iBACF;gBACH,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,KAAK;qBACpB;iBACF,CAAC;YACN,GAAG,CAAC,YAAY,IAAI,aAAa,CAAC,OAAO;gBACvC,CAAC,CAAC,WAAW,KAAK,eAAe;oBAC/B,CAAC,CAAC;wBACE,wBAAwB,EAAE;4BACxB,OAAO,EAAE,IAAI;4BACb,YAAY,EAAE,IAAI;yBACnB;qBACF;oBACH,CAAC,CAAC;wBACE,cAAc,EAAE;4BACd,OAAO,EAAE,IAAI;4BACb,YAAY,EAAE,IAAI;yBACnB;qBACF;gBACL,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAE,SAAS,KAA8B,EAAE;QAC3D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QACnD,MAAM,kBAAkB,GACtB,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;YACpC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC;YAC1C,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAChE,MAAM,iBAAiB,GACrB,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,CAAC,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAEpE,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE;gBACd,OAAO,EAAE,IAAI;gBACb,YAAY,EAAE,iBAAiB;aAChC;YACD,GAAG,CAAC,iBAAiB,IAAI,eAAe,CAAC,aAAa,CAAC,OAAO;gBAC5D,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,KAAK;qBACpB;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,EAAE,SAAS,KAA8B,EAAE;QACxE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAClE,IAAI,6BAA6B,CAAC;YAChC,WAAW,EAAE,WAAW;SACzB,CAAC,CACH,CAAA;QAED,OAAO;YACL,UAAU,EAAE,UAAU;YACtB,eAAe,EAAE,KAAK,EAAE,IAAY,EAAE,EAAE;gBACtC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;oBAC7B,WAAW,EAAE,WAAW;oBACxB,QAAQ,EAAE,IAAI;iBACf,CAAC,CACH,CAAA;gBAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;gBACnD,MAAM,kBAAkB,GACtB,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;oBACpC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC;oBAC1C,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;gBAChE,MAAM,iBAAiB,GACrB,SAAS,aAAT,SAAS,cAAT,SAAS,GACT,CAAC,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;gBAEjE,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;oBAC9B,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,iBAAiB;qBAChC;oBACD,GAAG,CAAC,iBAAiB,IAAI,eAAe,CAAC,GAAG,CAAC,OAAO;wBAClD,CAAC,CAAC;4BACE,cAAc,EAAE;gCACd,OAAO,EAAE,IAAI;gCACb,YAAY,EAAE,KAAK;6BACpB;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;oBACP,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;SACF,CAAA;IACH,CAAC;CACF;AAED,sEAAsE;AACtE,2BAA2B;AAE3B,qDAAqD;AACrD,SAAS,eAAe,CACtB,GAAW,EACX,MAA+B,EAC/B,OAAiD,EACjD,KAAsE;IAEtE,MAAM,OAAO,GAAG,IAAI,cAAc,EAAE,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;IAC/B,OAAO,CAAC,gBAAgB,CACtB,cAAc,EACd,kDAAkD,CACnD,CAAA;IACD,OAAO,CAAC,MAAM,GAAG;QACf,IAAI,IAAI,GAAG,EAAE,CAAA;QACb,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAA;YAC1B,aAAa;QACf,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,CAAA;QACf,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,CAAA;QACb,CAAC;IACH,CAAC,CAAA;IACD,OAAO,CAAC,OAAO,GAAG;QAChB,KAAK,CAAC,EAAE,CAAC,CAAA;IACX,CAAC,CAAA;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;SAC7B,MAAM,CAAC,CAAC,IAAc,EAAE,GAAG,EAAE,EAAE;QAC9B,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAA;QACpC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,EAAE,EAAE,CAAC;SACL,IAAI,CAAC,GAAG,CAAC,CAAA;IACZ,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACpB,CAAC;AAED,sEAAsE;AACtE,wBAAwB;AAExB,qEAAqE;AACrE,SAAS,oBAAoB;IAC3B,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAA;IACjC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IACpC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CACzE,EAAE,CACH,CAAA;AACH,CAAC;AAED,+CAA+C;AAC/C,oDAAoD;AACpD,SAAS,MAAM,CAAC,KAAa;IAC3B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;AACrD,CAAC;AAED,qCAAqC;AACrC,SAAS,eAAe,CAAC,GAAgB;IACvC,sFAAsF;IACtF,sEAAsE;IACtE,uDAAuD;IACvD,0DAA0D;IAC1D,mBAAmB;IACnB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;SAC9D,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AACvB,CAAC;AAED,kEAAkE;AAClE,KAAK,UAAU,yBAAyB,CAAC,CAAS;IAChD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,CAAC,CAAC,CAAA;IAC9B,OAAO,eAAe,CAAC,MAAM,CAAC,CAAA;AAChC,CAAC","sourcesContent":["import {\n AssociateSoftwareTokenCommand,\n AuthenticationResultType,\n ChangePasswordCommand,\n CognitoIdentityProviderClient,\n ConfirmForgotPasswordCommand,\n DeleteUserAttributesCommand,\n GetUserCommand,\n GlobalSignOutCommand,\n InitiateAuthCommand,\n InitiateAuthResponse,\n RespondToAuthChallengeCommand,\n SetUserMFAPreferenceCommand,\n UpdateUserAttributesCommand,\n VerifySoftwareTokenCommand,\n VerifyUserAttributeCommand,\n} from '@aws-sdk/client-cognito-identity-provider'\nimport Sentry from '../Sentry'\nimport { OneBlinkAppsError } from '..'\n\nexport type MfaMethod = 'authenticator' | 'sms'\n\nexport type MfaSettings = {\n authenticator: {\n enabled: boolean\n preferred: boolean\n }\n sms: {\n enabled: boolean\n preferred: boolean\n phoneNumber: string | undefined\n isPhoneNumberVerified: boolean\n }\n}\n\nexport const DEFAULT_MFA_SETTINGS: MfaSettings = {\n authenticator: { enabled: false, preferred: false },\n sms: {\n enabled: false,\n preferred: false,\n phoneNumber: undefined,\n isPhoneNumberVerified: false,\n },\n}\n\nexport function resolveMfaPreferredFlags({\n authenticatorEnabled,\n smsEnabled,\n preferredMfaSetting,\n}: {\n authenticatorEnabled: boolean\n smsEnabled: boolean\n preferredMfaSetting: string | undefined\n}): {\n authenticatorPreferred: boolean\n smsPreferred: boolean\n} {\n const cognitoAuthenticatorPreferred =\n preferredMfaSetting === 'SOFTWARE_TOKEN_MFA'\n const cognitoSmsPreferred = preferredMfaSetting === 'SMS_MFA'\n\n if (cognitoAuthenticatorPreferred && authenticatorEnabled) {\n return { authenticatorPreferred: true, smsPreferred: false }\n }\n\n if (cognitoSmsPreferred && smsEnabled) {\n return { authenticatorPreferred: false, smsPreferred: true }\n }\n\n if (authenticatorEnabled && smsEnabled) {\n return { authenticatorPreferred: true, smsPreferred: false }\n }\n\n return {\n authenticatorPreferred: authenticatorEnabled,\n smsPreferred: smsEnabled,\n }\n}\n\nexport type LoginAttemptResponse = {\n resetPasswordCallback?: (newPassword: string) => Promise<LoginAttemptResponse>\n mfa?: {\n codeCallback: (code: string) => Promise<LoginAttemptResponse>\n method: MfaMethod\n }\n}\n\nexport default class AWSCognitoClient {\n clientId: string\n cognitoIdentityProviderClient: CognitoIdentityProviderClient\n loginDomain: string | void\n redirectUri: string | void\n logoutUri: string | void\n listeners: Array<() => unknown>\n\n constructor({\n clientId,\n region,\n loginDomain,\n redirectUri,\n logoutUri,\n }: {\n clientId: string\n region: string\n redirectUri?: string\n logoutUri?: string\n loginDomain?: string\n }) {\n if (!clientId) {\n throw new TypeError('\"clientId\" is required in constructor')\n }\n if (!region) {\n throw new TypeError('\"region\" is required in constructor')\n }\n\n this.listeners = []\n this.redirectUri = redirectUri\n this.logoutUri = logoutUri\n this.loginDomain = loginDomain\n this.clientId = clientId\n this.cognitoIdentityProviderClient = new CognitoIdentityProviderClient({\n region,\n })\n }\n\n // Local Storage Keys\n get EXPIRES_AT() {\n return `COGNITO_${this.clientId}_EXPIRES_AT`\n }\n get ACCESS_TOKEN() {\n return `COGNITO_${this.clientId}_ACCESS_TOKEN`\n }\n get ID_TOKEN() {\n return `COGNITO_${this.clientId}_ID_TOKEN`\n }\n get REFRESH_TOKEN() {\n return `COGNITO_${this.clientId}_REFRESH_TOKEN`\n }\n get STATE() {\n return `COGNITO_${this.clientId}_STATE`\n }\n get PKCE_CODE_VERIFIER() {\n return `COGNITO_${this.clientId}_PKCE_CODE_VERIFIER`\n }\n\n _executeListeners() {\n for (const listener of this.listeners) {\n try {\n listener()\n } catch (error) {\n Sentry.captureException(error)\n // Ignore error from listeners\n console.warn('AWSCognitoClient listener error', error)\n }\n }\n }\n\n _storeAuthenticationResult(authenticationResult: AuthenticationResultType) {\n // Take off 5 seconds to ensure a request does not become unauthenticated mid request\n const expiresAt =\n (authenticationResult.ExpiresIn as number) * 1000 + Date.now() - 5000\n localStorage.setItem(this.EXPIRES_AT, expiresAt.toString())\n localStorage.setItem(\n this.ACCESS_TOKEN,\n authenticationResult.AccessToken as string,\n )\n localStorage.setItem(this.ID_TOKEN, authenticationResult.IdToken as string)\n if (authenticationResult.RefreshToken) {\n localStorage.setItem(\n this.REFRESH_TOKEN,\n authenticationResult.RefreshToken,\n )\n }\n\n this._executeListeners()\n }\n\n _removeAuthenticationResult() {\n localStorage.removeItem(this.EXPIRES_AT)\n localStorage.removeItem(this.ACCESS_TOKEN)\n localStorage.removeItem(this.ID_TOKEN)\n localStorage.removeItem(this.REFRESH_TOKEN)\n\n this._executeListeners()\n }\n\n _getAccessToken(): string | undefined {\n return localStorage.getItem(this.ACCESS_TOKEN) || undefined\n }\n\n _getIdToken(): string | undefined {\n return localStorage.getItem(this.ID_TOKEN) || undefined\n }\n\n _getRefreshToken(): string | undefined {\n return localStorage.getItem(this.REFRESH_TOKEN) || undefined\n }\n\n _isSessionValid(): boolean {\n const expiresAt = localStorage.getItem(this.EXPIRES_AT)\n if (!expiresAt) {\n return false\n }\n return parseInt(expiresAt, 10) > Date.now()\n }\n\n async _refreshSession(): Promise<void> {\n if (this._isSessionValid()) {\n return\n }\n\n const refreshToken = this._getRefreshToken()\n if (!refreshToken) {\n return\n }\n\n try {\n const result = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'REFRESH_TOKEN_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n REFRESH_TOKEN: refreshToken,\n },\n }),\n )\n if (result.AuthenticationResult) {\n this._storeAuthenticationResult(result.AuthenticationResult)\n }\n } catch (error) {\n console.warn('Error while attempting to refresh session', error)\n this._removeAuthenticationResult()\n throw new OneBlinkAppsError(\n 'Your session has expired. Please login again to continue to use the application.',\n {\n requiresLogin: true,\n originalError: error as Error,\n },\n )\n }\n }\n\n registerListener(listener: () => unknown): () => void {\n this.listeners.push(listener)\n\n return () => {\n const index = this.listeners.indexOf(listener)\n if (index !== -1) {\n this.listeners.splice(index, 1)\n }\n }\n }\n\n async responseToAuthChallenge(\n username: string,\n initiateAuthResponse: InitiateAuthResponse,\n ): Promise<LoginAttemptResponse> {\n if (initiateAuthResponse.AuthenticationResult) {\n this._storeAuthenticationResult(initiateAuthResponse.AuthenticationResult)\n return {}\n }\n\n const ChallengeName = initiateAuthResponse.ChallengeName\n switch (ChallengeName) {\n case 'NEW_PASSWORD_REQUIRED': {\n return {\n resetPasswordCallback: async (newPassword) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n NEW_PASSWORD: newPassword,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n }\n }\n case 'SOFTWARE_TOKEN_MFA': {\n return {\n mfa: {\n method: 'authenticator',\n codeCallback: async (code) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SOFTWARE_TOKEN_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n },\n }\n }\n case 'EMAIL_OTP': {\n throw new Error('Email OTP is not supported')\n }\n case 'SMS_MFA': {\n return {\n mfa: {\n method: 'sms',\n codeCallback: async (code) => {\n const smsChallengeResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SMS_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n smsChallengeResult,\n )\n },\n },\n }\n }\n }\n\n console.warn(\n '\"CognitoIdentityServiceProvider.InitiateAuthResponse\" challenge has not been catered.',\n initiateAuthResponse,\n )\n throw new Error(\n 'An unexpected error occurred while attempting to process your login. Please try again or contact support if the problem persists.',\n )\n }\n\n async loginUsernamePassword(\n username: string,\n password: string,\n ): Promise<LoginAttemptResponse> {\n const loginResult = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'USER_PASSWORD_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n USERNAME: username,\n PASSWORD: password,\n },\n }),\n )\n\n return await this.responseToAuthChallenge(username, loginResult)\n }\n\n async loginHostedUI(identityProviderName?: string): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to login.',\n )\n }\n\n // Create and store a random \"state\" value\n const state = generateRandomString()\n localStorage.setItem(this.STATE, state)\n\n // Create and store a new PKCE code_verifier (the plaintext random secret)\n const codeVerifier = generateRandomString()\n localStorage.setItem(this.PKCE_CODE_VERIFIER, codeVerifier)\n\n // Hash and base64-urlencode the secret to use as the challenge\n const code_challenge = await pkceChallengeFromVerifier(codeVerifier)\n\n window.location.href =\n `https://${loginDomain}/oauth2/authorize` +\n '?response_type=code' +\n '&client_id=' +\n encodeURIComponent(this.clientId) +\n '&state=' +\n encodeURIComponent(state) +\n '&scope=' +\n encodeURIComponent('openid email profile aws.cognito.signin.user.admin') +\n '&redirect_uri=' +\n encodeURIComponent(redirectUri) +\n '&code_challenge=' +\n encodeURIComponent(code_challenge) +\n '&code_challenge_method=S256' +\n (identityProviderName\n ? '&identity_provider=' + encodeURIComponent(identityProviderName)\n : '')\n }\n\n async handleAuthentication(): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to handle a login.',\n )\n }\n\n const query = new URLSearchParams(window.location.search)\n const queryError = query.get('error')\n const queryErrorDescription = query.get('error_description')\n\n // Check if the server returned an error string\n if (typeof queryError === 'string') {\n throw new Error(\n `${queryError} - ${\n typeof queryErrorDescription === 'string'\n ? queryErrorDescription\n : 'An unknown error has occurred.'\n }`,\n )\n }\n\n const code = query.get('code')\n if (typeof code !== 'string') {\n throw new Error('\"code\" was not including in query string to parse')\n }\n\n if (localStorage.getItem(this.STATE) !== query.get('state')) {\n throw new Error('Invalid login')\n }\n\n const code_verifier = localStorage.getItem(this.PKCE_CODE_VERIFIER)\n\n // Clean these up since we don't need them anymore\n localStorage.removeItem(this.STATE)\n localStorage.removeItem(this.PKCE_CODE_VERIFIER)\n\n // Exchange the authorization code for an access token\n const result: Record<string, unknown> = await new Promise(\n (resolve, reject) => {\n sendPostRequest(\n `https://${loginDomain}/oauth2/token`,\n {\n grant_type: 'authorization_code',\n code,\n client_id: this.clientId,\n redirect_uri: redirectUri,\n code_verifier,\n },\n resolve,\n (error) => {\n reject(\n new Error(\n error.error_description ||\n error.message ||\n 'An unknown error has occurred while processing authentication code',\n ),\n )\n },\n )\n },\n )\n\n this._storeAuthenticationResult({\n AccessToken: result.access_token as string,\n ExpiresIn: result.expires_in as number,\n IdToken: result.id_token as string,\n TokenType: result.token_type as string,\n RefreshToken: result.refresh_token as string,\n })\n }\n\n async changePassword(\n existingPassword: string,\n newPassword: string,\n ): Promise<void> {\n const accessToken = await this.getAccessToken()\n await this.cognitoIdentityProviderClient.send(\n new ChangePasswordCommand({\n AccessToken: accessToken || '',\n PreviousPassword: existingPassword,\n ProposedPassword: newPassword,\n }),\n )\n }\n async confirmForgotPassword({\n username,\n code,\n password,\n }: {\n username: string\n code: string\n password: string\n }) {\n await this.cognitoIdentityProviderClient.send(\n new ConfirmForgotPasswordCommand({\n ClientId: this.clientId,\n ConfirmationCode: code,\n Password: password,\n Username: username,\n }),\n )\n }\n\n logoutHostedUI(): void {\n const loginDomain = this.loginDomain\n const logoutUri = this.logoutUri\n if (!loginDomain || !logoutUri) {\n throw new TypeError(\n '\"loginDomain\" or \"logoutUri\" was not passed to constructor. Both are required before attempting to logout.',\n )\n }\n\n window.location.href =\n `https://${loginDomain}/logout` +\n '?client_id=' +\n encodeURIComponent(this.clientId) +\n '&logout_uri=' +\n encodeURIComponent(logoutUri)\n }\n\n async logout(): Promise<void> {\n try {\n const refreshToken = this._getRefreshToken()\n // Refresh session to allow access token to perform sign out\n if (refreshToken) {\n await this._refreshSession()\n }\n\n const accessToken = this._getAccessToken()\n if (accessToken) {\n await this.cognitoIdentityProviderClient.send(\n new GlobalSignOutCommand({\n AccessToken: accessToken,\n }),\n )\n }\n } catch (error) {\n if (!(error as OneBlinkAppsError).requiresLogin) {\n throw error\n }\n } finally {\n this._removeAuthenticationResult()\n }\n }\n\n async getIdToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getIdToken()\n }\n\n async getAccessToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getAccessToken()\n }\n\n async getMfaSettings(abortSignal?: AbortSignal): Promise<MfaSettings> {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return DEFAULT_MFA_SETTINGS\n }\n\n const user = await this.cognitoIdentityProviderClient.send(\n new GetUserCommand({\n AccessToken: accessToken,\n }),\n { abortSignal },\n )\n\n const mfaList = user.UserMFASettingList || []\n const preferredMfaSetting = user.PreferredMfaSetting\n const phoneNumber = user.UserAttributes?.find(\n (attribute) => attribute.Name === 'phone_number',\n )?.Value\n const isPhoneNumberVerified =\n user.UserAttributes?.find(\n (attribute) => attribute.Name === 'phone_number_verified',\n )?.Value === 'true'\n\n const authenticatorEnabled = mfaList.includes('SOFTWARE_TOKEN_MFA')\n const smsEnabled = mfaList.includes('SMS_MFA')\n const { authenticatorPreferred, smsPreferred } = resolveMfaPreferredFlags({\n authenticatorEnabled,\n smsEnabled,\n preferredMfaSetting,\n })\n\n return {\n authenticator: {\n enabled: authenticatorEnabled,\n preferred: authenticatorPreferred,\n },\n sms: {\n enabled: smsEnabled,\n preferred: smsPreferred,\n phoneNumber,\n isPhoneNumberVerified,\n },\n }\n }\n\n async updateUserPhoneNumber(\n phoneNumber: string,\n ): Promise<{ isPhoneNumberVerified: boolean }> {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return { isPhoneNumberVerified: false }\n }\n\n await this.cognitoIdentityProviderClient.send(\n new UpdateUserAttributesCommand({\n AccessToken: accessToken,\n UserAttributes: [\n {\n Name: 'phone_number',\n Value: phoneNumber,\n },\n ],\n }),\n )\n\n const mfaSettings = await this.getMfaSettings()\n return { isPhoneNumberVerified: mfaSettings.sms.isPhoneNumberVerified }\n }\n\n async removeUserPhoneNumber() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new DeleteUserAttributesCommand({\n AccessToken: accessToken,\n UserAttributeNames: ['phone_number'],\n }),\n )\n }\n\n async verifyUserPhoneNumber(code: string) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new VerifyUserAttributeCommand({\n AccessToken: accessToken,\n AttributeName: 'phone_number',\n Code: code,\n }),\n )\n }\n\n async setPreferredMfaMethod(method: MfaMethod) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n ...(currentSettings.authenticator.enabled\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: method === 'authenticator',\n },\n }\n : {}),\n ...(currentSettings.sms.enabled\n ? {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: method === 'sms',\n },\n }\n : {}),\n }),\n )\n }\n\n async disableMfaMethod(method: MfaMethod) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n const wasPreferred =\n method === 'authenticator'\n ? currentSettings.authenticator.preferred\n : currentSettings.sms.preferred\n const otherMethod: MfaMethod =\n method === 'authenticator' ? 'sms' : 'authenticator'\n const otherSettings =\n method === 'authenticator'\n ? currentSettings.sms\n : currentSettings.authenticator\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n ...(method === 'authenticator'\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n }\n : {\n SMSMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n }),\n ...(wasPreferred && otherSettings.enabled\n ? otherMethod === 'authenticator'\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n }\n : {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n }\n : {}),\n }),\n )\n }\n\n async setupSmsMfa({ preferred }: { preferred?: boolean } = {}) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n const hasPreferredMethod =\n (currentSettings.authenticator.enabled &&\n currentSettings.authenticator.preferred) ||\n (currentSettings.sms.enabled && currentSettings.sms.preferred)\n const shouldBePreferred =\n preferred ?? (!hasPreferredMethod && !currentSettings.sms.enabled)\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: shouldBePreferred,\n },\n ...(shouldBePreferred && currentSettings.authenticator.enabled\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: false,\n },\n }\n : {}),\n }),\n )\n }\n\n async setupMfaAuthenticatorApp({ preferred }: { preferred?: boolean } = {}) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const { SecretCode } = await this.cognitoIdentityProviderClient.send(\n new AssociateSoftwareTokenCommand({\n AccessToken: accessToken,\n }),\n )\n\n return {\n secretCode: SecretCode,\n mfaCodeCallback: async (code: string) => {\n await this.cognitoIdentityProviderClient.send(\n new VerifySoftwareTokenCommand({\n AccessToken: accessToken,\n UserCode: code,\n }),\n )\n\n const currentSettings = await this.getMfaSettings()\n const hasPreferredMethod =\n (currentSettings.authenticator.enabled &&\n currentSettings.authenticator.preferred) ||\n (currentSettings.sms.enabled && currentSettings.sms.preferred)\n const shouldBePreferred =\n preferred ??\n (!hasPreferredMethod && !currentSettings.authenticator.enabled)\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: shouldBePreferred,\n },\n ...(shouldBePreferred && currentSettings.sms.enabled\n ? {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: false,\n },\n }\n : {}),\n AccessToken: accessToken,\n }),\n )\n },\n }\n }\n}\n\n//////////////////////////////////////////////////////////////////////\n// GENERAL HELPER FUNCTIONS\n\n// Make a POST request and parse the response as JSON\nfunction sendPostRequest(\n url: string,\n params: Record<string, unknown>,\n success: (value: Record<string, unknown>) => void,\n error: (err: { message?: string; error_description?: string }) => void,\n) {\n const request = new XMLHttpRequest()\n request.open('POST', url, true)\n request.setRequestHeader(\n 'Content-Type',\n 'application/x-www-form-urlencoded; charset=UTF-8',\n )\n request.onload = function () {\n let body = {}\n try {\n body = JSON.parse(request.response)\n } catch (e) {\n Sentry.captureException(e)\n // Do nothing\n }\n\n if (request.status == 200) {\n success(body)\n } else {\n error(body)\n }\n }\n request.onerror = function () {\n error({})\n }\n const body = Object.keys(params)\n .reduce((keys: string[], key) => {\n if (params[key]) {\n keys.push(key + '=' + params[key])\n }\n return keys\n }, [])\n .join('&')\n request.send(body)\n}\n\n//////////////////////////////////////////////////////////////////////\n// PKCE HELPER FUNCTIONS\n\n// Generate a secure random string using the browser crypto functions\nfunction generateRandomString() {\n const array = new Uint32Array(28)\n window.crypto.getRandomValues(array)\n return Array.from(array, (dec) => ('0' + dec.toString(16)).substr(-2)).join(\n '',\n )\n}\n\n// Calculate the SHA256 hash of the input text.\n// Returns a promise that resolves to an ArrayBuffer\nfunction sha256(plain: string) {\n const encoder = new TextEncoder()\n const data = encoder.encode(plain)\n return window.crypto.subtle.digest('SHA-256', data)\n}\n\n// Base64-urlencodes the input string\nfunction base64urlencode(str: ArrayBuffer) {\n // Convert the ArrayBuffer to string using Uint8 array to conver to what btoa accepts.\n // btoa accepts chars only within ascii 0-255 and base64 encodes them.\n // Then convert the base64 encoded to base64url encoded\n // (replace + with -, replace / with _, trim trailing =)\n // @ts-expect-error\n return btoa(String.fromCharCode.apply(null, new Uint8Array(str)))\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '')\n}\n\n// Return the base64-urlencoded sha256 hash for the PKCE challenge\nasync function pkceChallengeFromVerifier(v: string) {\n const hashed = await sha256(v)\n return base64urlencode(hashed)\n}\n"]}
@@ -1,4 +1,4 @@
1
- import { DEFAULT_MFA_SETTINGS, LoginAttemptResponse, MfaMethod, MfaRequirementCheckResult, MfaSettings } from './AWSCognitoClient';
1
+ import { DEFAULT_MFA_SETTINGS, LoginAttemptResponse, MfaMethod, MfaSettings } from './AWSCognitoClient';
2
2
  import { MiscTypes } from '@oneblink/types';
3
3
  interface CognitoServiceData {
4
4
  oAuthClientId: string;
@@ -252,30 +252,11 @@ declare function getUserFriendlyName(): string | undefined;
252
252
  * @returns
253
253
  */
254
254
  declare function generateMfaAuthenticatorAppQrCodeUrl(mfaAuthenticatorAppSetup: Awaited<ReturnType<typeof setupMfaAuthenticatorApp>>): string | undefined;
255
- /**
256
- * Check if the current user meets an MFA requirement.
257
- *
258
- * #### Example
259
- *
260
- * ```js
261
- * const { mfaSettings, userMeetsMfaRequirement } =
262
- * await mfaService.checkIsMfaEnabled('any')
263
- * if (userMeetsMfaRequirement) {
264
- * // User has met the MFA requirement
265
- * } else {
266
- * // Prompt user to set up MFA
267
- * }
268
- * ```
269
- *
270
- * @returns
271
- */
272
- declare function checkIsMfaEnabled(mfaRequirement: MiscTypes.MfaRequirement | undefined): Promise<MfaRequirementCheckResult>;
273
255
  declare function getMfaSettings(abortSignal?: AbortSignal): Promise<MfaSettings>;
274
256
  declare function updateUserPhoneNumber(phoneNumber: string): Promise<{
275
257
  isPhoneNumberVerified: boolean;
276
258
  }>;
277
259
  declare function removeUserPhoneNumber(): Promise<void>;
278
- declare function sendPhoneNumberVerificationCode(): Promise<import("@aws-sdk/client-cognito-identity-provider").GetUserAttributeVerificationCodeCommandOutput | undefined>;
279
260
  declare function verifyUserPhoneNumber(code: string): Promise<void>;
280
261
  declare function setupSmsMfa(options?: {
281
262
  preferred?: boolean;
@@ -307,5 +288,5 @@ declare function setupMfaAuthenticatorApp(options?: {
307
288
  secretCode: string | undefined;
308
289
  mfaCodeCallback: (code: string) => Promise<void>;
309
290
  } | undefined>;
310
- export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName, checkIsMfaEnabled, getMfaSettings, updateUserPhoneNumber, removeUserPhoneNumber, sendPhoneNumberVerificationCode, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupSmsMfa, setupMfaAuthenticatorApp, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, };
311
- export type { LoginAttemptResponse, MfaMethod, MfaRequirementCheckResult, MfaSettings, };
291
+ export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName, getMfaSettings, updateUserPhoneNumber, removeUserPhoneNumber, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupSmsMfa, setupMfaAuthenticatorApp, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, };
292
+ export type { LoginAttemptResponse, MfaMethod, MfaSettings };
@@ -378,29 +378,6 @@ function generateMfaAuthenticatorAppQrCodeUrl(mfaAuthenticatorAppSetup) {
378
378
  }
379
379
  return `otpauth://totp/${tenants.current.productShortName}:${profile.email}?secret=${mfaAuthenticatorAppSetup.secretCode}&issuer=${tenants.current.productShortName}`;
380
380
  }
381
- /**
382
- * Check if the current user meets an MFA requirement.
383
- *
384
- * #### Example
385
- *
386
- * ```js
387
- * const { mfaSettings, userMeetsMfaRequirement } =
388
- * await mfaService.checkIsMfaEnabled('any')
389
- * if (userMeetsMfaRequirement) {
390
- * // User has met the MFA requirement
391
- * } else {
392
- * // Prompt user to set up MFA
393
- * }
394
- * ```
395
- *
396
- * @returns
397
- */
398
- async function checkIsMfaEnabled(mfaRequirement) {
399
- if (!awsCognitoClient) {
400
- throw new Error('"authService" has not been initiated. You must call the init() function before checking if the current user has MFA enabled.');
401
- }
402
- return await awsCognitoClient.checkIsMfaEnabled(mfaRequirement);
403
- }
404
381
  async function getMfaSettings(abortSignal) {
405
382
  if (!awsCognitoClient) {
406
383
  throw new Error('"authService" has not been initiated. You must call the init() function before checking MFA settings.');
@@ -419,12 +396,6 @@ async function removeUserPhoneNumber() {
419
396
  }
420
397
  return await awsCognitoClient.removeUserPhoneNumber();
421
398
  }
422
- async function sendPhoneNumberVerificationCode() {
423
- if (!awsCognitoClient) {
424
- throw new Error('"authService" has not been initiated. You must call the init() function before sending a phone number verification code.');
425
- }
426
- return await awsCognitoClient.sendPhoneNumberVerificationCode();
427
- }
428
399
  async function verifyUserPhoneNumber(code) {
429
400
  if (!awsCognitoClient) {
430
401
  throw new Error('"authService" has not been initiated. You must call the init() function before verifying the user phone number.');
@@ -474,5 +445,5 @@ async function setupMfaAuthenticatorApp(options) {
474
445
  }
475
446
  return await awsCognitoClient.setupMfaAuthenticatorApp(options);
476
447
  }
477
- export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName, checkIsMfaEnabled, getMfaSettings, updateUserPhoneNumber, removeUserPhoneNumber, sendPhoneNumberVerificationCode, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupSmsMfa, setupMfaAuthenticatorApp, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, };
448
+ export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName, getMfaSettings, updateUserPhoneNumber, removeUserPhoneNumber, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupSmsMfa, setupMfaAuthenticatorApp, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, };
478
449
  //# sourceMappingURL=cognito.js.map