@oneblink/apps-react 11.0.0-beta.2 → 11.0.0-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/apps/mfa-service.d.ts +27 -2
- package/dist/apps/mfa-service.js +28 -1
- package/dist/apps/mfa-service.js.map +1 -1
- package/dist/apps/services/AWSCognitoClient.d.ts +7 -6
- package/dist/apps/services/AWSCognitoClient.js +26 -33
- package/dist/apps/services/AWSCognitoClient.js.map +1 -1
- package/dist/apps/services/cognito.d.ts +3 -22
- package/dist/apps/services/cognito.js +1 -30
- package/dist/apps/services/cognito.js.map +1 -1
- package/dist/components/mfa/MfaPhoneNumberDialog.js +10 -14
- package/dist/components/mfa/MfaPhoneNumberDialog.js.map +1 -1
- package/dist/form-elements/FormElementBarcodeScanner.js +65 -18
- package/dist/form-elements/FormElementBarcodeScanner.js.map +1 -1
- package/dist/hooks/useMfa.d.ts +0 -2
- package/dist/hooks/useMfa.js +0 -19
- package/dist/hooks/useMfa.js.map +1 -1
- package/dist/utils/mfa-requirement.js +11 -7
- package/dist/utils/mfa-requirement.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,4 +1,29 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
import { MiscTypes } from '@oneblink/types';
|
|
2
|
+
import { getMfaSettings } from './services/cognito';
|
|
3
|
+
export { getMfaSettings };
|
|
4
|
+
export { updateUserPhoneNumber, removeUserPhoneNumber, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupMfaAuthenticatorApp, setupSmsMfa, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, } from './services/cognito';
|
|
5
|
+
export type { MfaMethod, MfaSettings } from './services/cognito';
|
|
3
6
|
export { isMfaRequired, mfaRequirementToSelectedMethods, mfaSelectedMethodsToMfaRequirement, formatMfaRequirementLabel, formatMfaRequirementMethodLabel, userMeetsMfaRequirement, formatMfaSetupRequiredMessage, formatMfaMethodNotAcceptedMessage, } from '../utils/mfa-requirement';
|
|
4
7
|
export type { MfaRequirementMethod } from '../utils/mfa-requirement';
|
|
8
|
+
export type MfaRequirementCheckResult = {
|
|
9
|
+
mfaSettings: Awaited<ReturnType<typeof getMfaSettings>>;
|
|
10
|
+
userMeetsMfaRequirement: boolean;
|
|
11
|
+
};
|
|
12
|
+
/**
|
|
13
|
+
* Check if the current user meets an MFA requirement.
|
|
14
|
+
*
|
|
15
|
+
* #### Example
|
|
16
|
+
*
|
|
17
|
+
* ```js
|
|
18
|
+
* const { mfaSettings, userMeetsMfaRequirement } =
|
|
19
|
+
* await mfaService.checkIsMfaEnabled('any')
|
|
20
|
+
* if (userMeetsMfaRequirement) {
|
|
21
|
+
* // User has met the MFA requirement
|
|
22
|
+
* } else {
|
|
23
|
+
* // Prompt user to set up MFA
|
|
24
|
+
* }
|
|
25
|
+
* ```
|
|
26
|
+
*
|
|
27
|
+
* @returns
|
|
28
|
+
*/
|
|
29
|
+
export declare function checkIsMfaEnabled(mfaRequirement: MiscTypes.MfaRequirement | undefined): Promise<MfaRequirementCheckResult>;
|
package/dist/apps/mfa-service.js
CHANGED
|
@@ -1,3 +1,30 @@
|
|
|
1
|
-
|
|
1
|
+
import { getMfaSettings } from './services/cognito';
|
|
2
|
+
import { userMeetsMfaRequirement } from '../utils/mfa-requirement';
|
|
3
|
+
export { getMfaSettings };
|
|
4
|
+
export { updateUserPhoneNumber, removeUserPhoneNumber, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupMfaAuthenticatorApp, setupSmsMfa, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, } from './services/cognito';
|
|
2
5
|
export { isMfaRequired, mfaRequirementToSelectedMethods, mfaSelectedMethodsToMfaRequirement, formatMfaRequirementLabel, formatMfaRequirementMethodLabel, userMeetsMfaRequirement, formatMfaSetupRequiredMessage, formatMfaMethodNotAcceptedMessage, } from '../utils/mfa-requirement';
|
|
6
|
+
/**
|
|
7
|
+
* Check if the current user meets an MFA requirement.
|
|
8
|
+
*
|
|
9
|
+
* #### Example
|
|
10
|
+
*
|
|
11
|
+
* ```js
|
|
12
|
+
* const { mfaSettings, userMeetsMfaRequirement } =
|
|
13
|
+
* await mfaService.checkIsMfaEnabled('any')
|
|
14
|
+
* if (userMeetsMfaRequirement) {
|
|
15
|
+
* // User has met the MFA requirement
|
|
16
|
+
* } else {
|
|
17
|
+
* // Prompt user to set up MFA
|
|
18
|
+
* }
|
|
19
|
+
* ```
|
|
20
|
+
*
|
|
21
|
+
* @returns
|
|
22
|
+
*/
|
|
23
|
+
export async function checkIsMfaEnabled(mfaRequirement) {
|
|
24
|
+
const mfaSettings = await getMfaSettings();
|
|
25
|
+
return {
|
|
26
|
+
mfaSettings,
|
|
27
|
+
userMeetsMfaRequirement: userMeetsMfaRequirement(mfaRequirement, mfaSettings),
|
|
28
|
+
};
|
|
29
|
+
}
|
|
3
30
|
//# sourceMappingURL=mfa-service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mfa-service.js","sourceRoot":"","sources":["../../src/apps/mfa-service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"mfa-service.js","sourceRoot":"","sources":["../../src/apps/mfa-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AAElE,OAAO,EAAE,cAAc,EAAE,CAAA;AACzB,OAAO,EACL,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,EACrB,wBAAwB,EACxB,WAAW,EACX,oCAAoC,EACpC,oBAAoB,GACrB,MAAM,oBAAoB,CAAA;AAE3B,OAAO,EACL,aAAa,EACb,+BAA+B,EAC/B,kCAAkC,EAClC,yBAAyB,EACzB,+BAA+B,EAC/B,uBAAuB,EACvB,6BAA6B,EAC7B,iCAAiC,GAClC,MAAM,0BAA0B,CAAA;AAQjC;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,cAAoD;IAEpD,MAAM,WAAW,GAAG,MAAM,cAAc,EAAE,CAAA;IAE1C,OAAO;QACL,WAAW;QACX,uBAAuB,EAAE,uBAAuB,CAC9C,cAAc,EACd,WAAW,CACZ;KACF,CAAA;AACH,CAAC","sourcesContent":["import { MiscTypes } from '@oneblink/types'\r\nimport { getMfaSettings } from './services/cognito'\r\nimport { userMeetsMfaRequirement } from '../utils/mfa-requirement'\r\n\r\nexport { getMfaSettings }\r\nexport {\r\n updateUserPhoneNumber,\r\n removeUserPhoneNumber,\r\n verifyUserPhoneNumber,\r\n disableMfaMethod,\r\n setPreferredMfaMethod,\r\n setupMfaAuthenticatorApp,\r\n setupSmsMfa,\r\n generateMfaAuthenticatorAppQrCodeUrl,\r\n DEFAULT_MFA_SETTINGS,\r\n} from './services/cognito'\r\nexport type { MfaMethod, MfaSettings } from './services/cognito'\r\nexport {\r\n isMfaRequired,\r\n mfaRequirementToSelectedMethods,\r\n mfaSelectedMethodsToMfaRequirement,\r\n formatMfaRequirementLabel,\r\n formatMfaRequirementMethodLabel,\r\n userMeetsMfaRequirement,\r\n formatMfaSetupRequiredMessage,\r\n formatMfaMethodNotAcceptedMessage,\r\n} from '../utils/mfa-requirement'\r\nexport type { MfaRequirementMethod } from '../utils/mfa-requirement'\r\n\r\nexport type MfaRequirementCheckResult = {\r\n mfaSettings: Awaited<ReturnType<typeof getMfaSettings>>\r\n userMeetsMfaRequirement: boolean\r\n}\r\n\r\n/**\r\n * Check if the current user meets an MFA requirement.\r\n *\r\n * #### Example\r\n *\r\n * ```js\r\n * const { mfaSettings, userMeetsMfaRequirement } =\r\n * await mfaService.checkIsMfaEnabled('any')\r\n * if (userMeetsMfaRequirement) {\r\n * // User has met the MFA requirement\r\n * } else {\r\n * // Prompt user to set up MFA\r\n * }\r\n * ```\r\n *\r\n * @returns\r\n */\r\nexport async function checkIsMfaEnabled(\r\n mfaRequirement: MiscTypes.MfaRequirement | undefined,\r\n): Promise<MfaRequirementCheckResult> {\r\n const mfaSettings = await getMfaSettings()\r\n\r\n return {\r\n mfaSettings,\r\n userMeetsMfaRequirement: userMeetsMfaRequirement(\r\n mfaRequirement,\r\n mfaSettings,\r\n ),\r\n }\r\n}\r\n"]}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { AuthenticationResultType, CognitoIdentityProviderClient, InitiateAuthResponse } from '@aws-sdk/client-cognito-identity-provider';
|
|
2
|
-
import { MiscTypes } from '@oneblink/types';
|
|
3
2
|
export type MfaMethod = 'authenticator' | 'sms';
|
|
4
3
|
export type MfaSettings = {
|
|
5
4
|
authenticator: {
|
|
@@ -14,9 +13,13 @@ export type MfaSettings = {
|
|
|
14
13
|
};
|
|
15
14
|
};
|
|
16
15
|
export declare const DEFAULT_MFA_SETTINGS: MfaSettings;
|
|
17
|
-
export
|
|
18
|
-
|
|
19
|
-
|
|
16
|
+
export declare function resolveMfaPreferredFlags({ authenticatorEnabled, smsEnabled, preferredMfaSetting, }: {
|
|
17
|
+
authenticatorEnabled: boolean;
|
|
18
|
+
smsEnabled: boolean;
|
|
19
|
+
preferredMfaSetting: string | undefined;
|
|
20
|
+
}): {
|
|
21
|
+
authenticatorPreferred: boolean;
|
|
22
|
+
smsPreferred: boolean;
|
|
20
23
|
};
|
|
21
24
|
export type LoginAttemptResponse = {
|
|
22
25
|
resetPasswordCallback?: (newPassword: string) => Promise<LoginAttemptResponse>;
|
|
@@ -69,12 +72,10 @@ export default class AWSCognitoClient {
|
|
|
69
72
|
getIdToken(): Promise<string | undefined>;
|
|
70
73
|
getAccessToken(): Promise<string | undefined>;
|
|
71
74
|
getMfaSettings(abortSignal?: AbortSignal): Promise<MfaSettings>;
|
|
72
|
-
checkIsMfaEnabled(mfaRequirement: MiscTypes.MfaRequirement | undefined): Promise<MfaRequirementCheckResult>;
|
|
73
75
|
updateUserPhoneNumber(phoneNumber: string): Promise<{
|
|
74
76
|
isPhoneNumberVerified: boolean;
|
|
75
77
|
}>;
|
|
76
78
|
removeUserPhoneNumber(): Promise<void>;
|
|
77
|
-
sendPhoneNumberVerificationCode(): Promise<import("@aws-sdk/client-cognito-identity-provider").GetUserAttributeVerificationCodeCommandOutput | undefined>;
|
|
78
79
|
verifyUserPhoneNumber(code: string): Promise<void>;
|
|
79
80
|
setPreferredMfaMethod(method: MfaMethod): Promise<void>;
|
|
80
81
|
disableMfaMethod(method: MfaMethod): Promise<void>;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AssociateSoftwareTokenCommand, ChangePasswordCommand, CognitoIdentityProviderClient, ConfirmForgotPasswordCommand, DeleteUserAttributesCommand,
|
|
1
|
+
import { AssociateSoftwareTokenCommand, ChangePasswordCommand, CognitoIdentityProviderClient, ConfirmForgotPasswordCommand, DeleteUserAttributesCommand, GetUserCommand, GlobalSignOutCommand, InitiateAuthCommand, RespondToAuthChallengeCommand, SetUserMFAPreferenceCommand, UpdateUserAttributesCommand, VerifySoftwareTokenCommand, VerifyUserAttributeCommand, } from '@aws-sdk/client-cognito-identity-provider';
|
|
2
2
|
import Sentry from '../Sentry';
|
|
3
3
|
import { OneBlinkAppsError } from '..';
|
|
4
4
|
export const DEFAULT_MFA_SETTINGS = {
|
|
@@ -10,19 +10,22 @@ export const DEFAULT_MFA_SETTINGS = {
|
|
|
10
10
|
isPhoneNumberVerified: false,
|
|
11
11
|
},
|
|
12
12
|
};
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
13
|
+
export function resolveMfaPreferredFlags({ authenticatorEnabled, smsEnabled, preferredMfaSetting, }) {
|
|
14
|
+
const cognitoAuthenticatorPreferred = preferredMfaSetting === 'SOFTWARE_TOKEN_MFA';
|
|
15
|
+
const cognitoSmsPreferred = preferredMfaSetting === 'SMS_MFA';
|
|
16
|
+
if (cognitoAuthenticatorPreferred && authenticatorEnabled) {
|
|
17
|
+
return { authenticatorPreferred: true, smsPreferred: false };
|
|
18
|
+
}
|
|
19
|
+
if (cognitoSmsPreferred && smsEnabled) {
|
|
20
|
+
return { authenticatorPreferred: false, smsPreferred: true };
|
|
20
21
|
}
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
return true;
|
|
22
|
+
if (authenticatorEnabled && smsEnabled) {
|
|
23
|
+
return { authenticatorPreferred: true, smsPreferred: false };
|
|
24
24
|
}
|
|
25
|
-
return
|
|
25
|
+
return {
|
|
26
|
+
authenticatorPreferred: authenticatorEnabled,
|
|
27
|
+
smsPreferred: smsEnabled,
|
|
28
|
+
};
|
|
26
29
|
}
|
|
27
30
|
export default class AWSCognitoClient {
|
|
28
31
|
constructor({ clientId, region, loginDomain, redirectUri, logoutUri, }) {
|
|
@@ -376,26 +379,26 @@ export default class AWSCognitoClient {
|
|
|
376
379
|
const preferredMfaSetting = user.PreferredMfaSetting;
|
|
377
380
|
const phoneNumber = (_b = (_a = user.UserAttributes) === null || _a === void 0 ? void 0 : _a.find((attribute) => attribute.Name === 'phone_number')) === null || _b === void 0 ? void 0 : _b.Value;
|
|
378
381
|
const isPhoneNumberVerified = ((_d = (_c = user.UserAttributes) === null || _c === void 0 ? void 0 : _c.find((attribute) => attribute.Name === 'phone_number_verified')) === null || _d === void 0 ? void 0 : _d.Value) === 'true';
|
|
382
|
+
const authenticatorEnabled = mfaList.includes('SOFTWARE_TOKEN_MFA');
|
|
383
|
+
const smsEnabled = mfaList.includes('SMS_MFA');
|
|
384
|
+
const { authenticatorPreferred, smsPreferred } = resolveMfaPreferredFlags({
|
|
385
|
+
authenticatorEnabled,
|
|
386
|
+
smsEnabled,
|
|
387
|
+
preferredMfaSetting,
|
|
388
|
+
});
|
|
379
389
|
return {
|
|
380
390
|
authenticator: {
|
|
381
|
-
enabled:
|
|
382
|
-
preferred:
|
|
391
|
+
enabled: authenticatorEnabled,
|
|
392
|
+
preferred: authenticatorPreferred,
|
|
383
393
|
},
|
|
384
394
|
sms: {
|
|
385
|
-
enabled:
|
|
386
|
-
preferred:
|
|
395
|
+
enabled: smsEnabled,
|
|
396
|
+
preferred: smsPreferred,
|
|
387
397
|
phoneNumber,
|
|
388
398
|
isPhoneNumberVerified,
|
|
389
399
|
},
|
|
390
400
|
};
|
|
391
401
|
}
|
|
392
|
-
async checkIsMfaEnabled(mfaRequirement) {
|
|
393
|
-
const mfaSettings = await this.getMfaSettings();
|
|
394
|
-
return {
|
|
395
|
-
mfaSettings,
|
|
396
|
-
userMeetsMfaRequirement: checkUserMeetsMfaRequirement(mfaRequirement, mfaSettings),
|
|
397
|
-
};
|
|
398
|
-
}
|
|
399
402
|
async updateUserPhoneNumber(phoneNumber) {
|
|
400
403
|
const accessToken = await this.getAccessToken();
|
|
401
404
|
if (!accessToken) {
|
|
@@ -423,16 +426,6 @@ export default class AWSCognitoClient {
|
|
|
423
426
|
UserAttributeNames: ['phone_number'],
|
|
424
427
|
}));
|
|
425
428
|
}
|
|
426
|
-
async sendPhoneNumberVerificationCode() {
|
|
427
|
-
const accessToken = await this.getAccessToken();
|
|
428
|
-
if (!accessToken) {
|
|
429
|
-
return;
|
|
430
|
-
}
|
|
431
|
-
return await this.cognitoIdentityProviderClient.send(new GetUserAttributeVerificationCodeCommand({
|
|
432
|
-
AccessToken: accessToken,
|
|
433
|
-
AttributeName: 'phone_number',
|
|
434
|
-
}));
|
|
435
|
-
}
|
|
436
429
|
async verifyUserPhoneNumber(code) {
|
|
437
430
|
const accessToken = await this.getAccessToken();
|
|
438
431
|
if (!accessToken) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AWSCognitoClient.js","sourceRoot":"","sources":["../../../src/apps/services/AWSCognitoClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAE7B,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,2BAA2B,EAC3B,uCAAuC,EACvC,cAAc,EACd,oBAAoB,EACpB,mBAAmB,EAEnB,6BAA6B,EAC7B,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,2CAA2C,CAAA;AAClD,OAAO,MAAM,MAAM,WAAW,CAAA;AAC9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAA;AAkBtC,MAAM,CAAC,MAAM,oBAAoB,GAAgB;IAC/C,aAAa,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE;IACnD,GAAG,EAAE;QACH,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,KAAK;QAChB,WAAW,EAAE,SAAS;QACtB,qBAAqB,EAAE,KAAK;KAC7B;CACF,CAAA;AAOD,MAAM,6BAA6B,GAAG;IACpC,GAAG,EAAE,CAAC,WAAwB,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO;IAC1D,gBAAgB,EAAE,CAAC,WAAwB,EAAE,EAAE,CAC7C,WAAW,CAAC,aAAa,CAAC,OAAO;CAIpC,CAAA;AAED,SAAS,4BAA4B,CACnC,cAAoD,EACpD,WAAwB;IAExB,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,eAAe,GACnB,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAG1C,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAA;IAE5C,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CACrC,6BAA6B,CAAC,MAAM,CAAC,CAAC,WAAW,CAAC,CACnD,CAAA;AACH,CAAC;AAUD,MAAM,CAAC,OAAO,OAAO,gBAAgB;IAQnC,YAAY,EACV,QAAQ,EACR,MAAM,EACN,WAAW,EACX,WAAW,EACX,SAAS,GAOV;QACC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;QAC9D,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAA;QAC5D,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,EAAE,CAAA;QACnB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,IAAI,CAAC,6BAA6B,GAAG,IAAI,6BAA6B,CAAC;YACrE,MAAM;SACP,CAAC,CAAA;IACJ,CAAC;IAED,qBAAqB;IACrB,IAAI,UAAU;QACZ,OAAO,WAAW,IAAI,CAAC,QAAQ,aAAa,CAAA;IAC9C,CAAC;IACD,IAAI,YAAY;QACd,OAAO,WAAW,IAAI,CAAC,QAAQ,eAAe,CAAA;IAChD,CAAC;IACD,IAAI,QAAQ;QACV,OAAO,WAAW,IAAI,CAAC,QAAQ,WAAW,CAAA;IAC5C,CAAC;IACD,IAAI,aAAa;QACf,OAAO,WAAW,IAAI,CAAC,QAAQ,gBAAgB,CAAA;IACjD,CAAC;IACD,IAAI,KAAK;QACP,OAAO,WAAW,IAAI,CAAC,QAAQ,QAAQ,CAAA;IACzC,CAAC;IACD,IAAI,kBAAkB;QACpB,OAAO,WAAW,IAAI,CAAC,QAAQ,qBAAqB,CAAA;IACtD,CAAC;IAED,iBAAiB;QACf,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,QAAQ,EAAE,CAAA;YACZ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAA;gBAC9B,8BAA8B;gBAC9B,OAAO,CAAC,IAAI,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B,CAAC,oBAA8C;QACvE,qFAAqF;QACrF,MAAM,SAAS,GACZ,oBAAoB,CAAC,SAAoB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA;QACvE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;QAC3D,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,YAAY,EACjB,oBAAoB,CAAC,WAAqB,CAC3C,CAAA;QACD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC,OAAiB,CAAC,CAAA;QAC3E,IAAI,oBAAoB,CAAC,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,aAAa,EAClB,oBAAoB,CAAC,YAAY,CAClC,CAAA;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,2BAA2B;QACzB,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACxC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC1C,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACtC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAE3C,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,eAAe;QACb,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,SAAS,CAAA;IAC7D,CAAC;IAED,WAAW;QACT,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAA;IACzD,CAAC;IAED,gBAAgB;QACd,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,SAAS,CAAA;IAC9D,CAAC;IAED,eAAe;QACb,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAM;QACR,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAM;QACR,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC1D,IAAI,mBAAmB,CAAC;gBACtB,QAAQ,EAAE,oBAAoB;gBAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,cAAc,EAAE;oBACd,aAAa,EAAE,YAAY;iBAC5B;aACF,CAAC,CACH,CAAA;YACD,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAChC,IAAI,CAAC,0BAA0B,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAA;YAChE,IAAI,CAAC,2BAA2B,EAAE,CAAA;YAClC,MAAM,IAAI,iBAAiB,CACzB,kFAAkF,EAClF;gBACE,aAAa,EAAE,IAAI;gBACnB,aAAa,EAAE,KAAc;aAC9B,CACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,gBAAgB,CAAC,QAAuB;QACtC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAE7B,OAAO,GAAG,EAAE;YACV,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;YAC9C,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;gBACjB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;YACjC,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,QAAgB,EAChB,oBAA0C;QAE1C,IAAI,oBAAoB,CAAC,oBAAoB,EAAE,CAAC;YAC9C,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,CAAA;YAC1E,OAAO,EAAE,CAAA;QACX,CAAC;QAED,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAA;QACxD,QAAQ,aAAa,EAAE,CAAC;YACtB,KAAK,uBAAuB,CAAC,CAAC,CAAC;gBAC7B,OAAO;oBACL,qBAAqB,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;wBAC3C,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;4BAChC,aAAa;4BACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;4BACrC,kBAAkB,EAAE;gCAClB,QAAQ,EAAE,QAAQ;gCAClB,YAAY,EAAE,WAAW;6BAC1B;yBACF,CAAC,CACH,CAAA;wBACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;oBACH,CAAC;iBACF,CAAA;YACH,CAAC;YACD,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,OAAO;oBACL,GAAG,EAAE;wBACH,MAAM,EAAE,eAAe;wBACvB,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;4BAC3B,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;gCAChC,aAAa;gCACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;gCACrC,kBAAkB,EAAE;oCAClB,QAAQ,EAAE,QAAQ;oCAClB,uBAAuB,EAAE,IAAI;iCAC9B;6BACF,CAAC,CACH,CAAA;4BACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAA;YACH,CAAC;YACD,KAAK,WAAW,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YACD,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,OAAO;oBACL,GAAG,EAAE;wBACH,MAAM,EAAE,KAAK;wBACb,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;4BAC3B,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;gCAChC,aAAa;gCACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;gCACrC,kBAAkB,EAAE;oCAClB,QAAQ,EAAE,QAAQ;oCAClB,YAAY,EAAE,IAAI;iCACnB;6BACF,CAAC,CACH,CAAA;4BACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,kBAAkB,CACnB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,CAAC,IAAI,CACV,uFAAuF,EACvF,oBAAoB,CACrB,CAAA;QACD,MAAM,IAAI,KAAK,CACb,mIAAmI,CACpI,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,QAAgB,EAChB,QAAgB;QAEhB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC/D,IAAI,mBAAmB,CAAC;YACtB,QAAQ,EAAE,oBAAoB;YAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE;gBACd,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ;aACnB;SACF,CAAC,CACH,CAAA;QAED,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,oBAA6B;QAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,6GAA6G,CAC9G,CAAA;QACH,CAAC;QAED,0CAA0C;QAC1C,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAA;QACpC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QAEvC,0EAA0E;QAC1E,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAA;QAC3C,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAA;QAE3D,+DAA+D;QAC/D,MAAM,cAAc,GAAG,MAAM,yBAAyB,CAAC,YAAY,CAAC,CAAA;QAEpE,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,mBAAmB;gBACzC,qBAAqB;gBACrB,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,SAAS;gBACT,kBAAkB,CAAC,KAAK,CAAC;gBACzB,SAAS;gBACT,kBAAkB,CAAC,oDAAoD,CAAC;gBACxE,gBAAgB;gBAChB,kBAAkB,CAAC,WAAW,CAAC;gBAC/B,kBAAkB;gBAClB,kBAAkB,CAAC,cAAc,CAAC;gBAClC,6BAA6B;gBAC7B,CAAC,oBAAoB;oBACnB,CAAC,CAAC,qBAAqB,GAAG,kBAAkB,CAAC,oBAAoB,CAAC;oBAClE,CAAC,CAAC,EAAE,CAAC,CAAA;IACX,CAAC;IAED,KAAK,CAAC,oBAAoB;QACxB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,sHAAsH,CACvH,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QACzD,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACrC,MAAM,qBAAqB,GAAG,KAAK,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAE5D,+CAA+C;QAC/C,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,GAAG,UAAU,MACX,OAAO,qBAAqB,KAAK,QAAQ;gBACvC,CAAC,CAAC,qBAAqB;gBACvB,CAAC,CAAC,gCACN,EAAE,CACH,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;QACtE,CAAC;QAED,IAAI,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;QAClC,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEnE,kDAAkD;QAClD,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACnC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEhD,sDAAsD;QACtD,MAAM,MAAM,GAA4B,MAAM,IAAI,OAAO,CACvD,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClB,eAAe,CACb,WAAW,WAAW,eAAe,EACrC;gBACE,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,YAAY,EAAE,WAAW;gBACzB,aAAa;aACd,EACD,OAAO,EACP,CAAC,KAAK,EAAE,EAAE;gBACR,MAAM,CACJ,IAAI,KAAK,CACP,KAAK,CAAC,iBAAiB;oBACrB,KAAK,CAAC,OAAO;oBACb,oEAAoE,CACvE,CACF,CAAA;YACH,CAAC,CACF,CAAA;QACH,CAAC,CACF,CAAA;QAED,IAAI,CAAC,0BAA0B,CAAC;YAC9B,WAAW,EAAE,MAAM,CAAC,YAAsB;YAC1C,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,OAAO,EAAE,MAAM,CAAC,QAAkB;YAClC,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,YAAY,EAAE,MAAM,CAAC,aAAuB;SAC7C,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,gBAAwB,EACxB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,qBAAqB,CAAC;YACxB,WAAW,EAAE,WAAW,IAAI,EAAE;YAC9B,gBAAgB,EAAE,gBAAgB;YAClC,gBAAgB,EAAE,WAAW;SAC9B,CAAC,CACH,CAAA;IACH,CAAC;IACD,KAAK,CAAC,qBAAqB,CAAC,EAC1B,QAAQ,EACR,IAAI,EACJ,QAAQ,GAKT;QACC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,4BAA4B,CAAC;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,gBAAgB,EAAE,IAAI;YACtB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;SACnB,CAAC,CACH,CAAA;IACH,CAAC;IAED,cAAc;QACZ,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,WAAW,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,MAAM,IAAI,SAAS,CACjB,4GAA4G,CAC7G,CAAA;QACH,CAAC;QAED,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,SAAS;gBAC/B,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,cAAc;gBACd,kBAAkB,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM;QACV,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;YAC5C,4DAA4D;YAC5D,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;YAC9B,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA;YAC1C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,oBAAoB,CAAC;oBACvB,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAE,KAA2B,CAAC,aAAa,EAAE,CAAC;gBAChD,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,2BAA2B,EAAE,CAAA;QACpC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,WAAW,EAAE,CAAA;IAC3B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,eAAe,EAAE,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,WAAyB;;QAC5C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,oBAAoB,CAAA;QAC7B,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CACxD,IAAI,cAAc,CAAC;YACjB,WAAW,EAAE,WAAW;SACzB,CAAC,EACF,EAAE,WAAW,EAAE,CAChB,CAAA;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAA;QAC7C,MAAM,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,CAAA;QACpD,MAAM,WAAW,GAAG,MAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,cAAc,CACjD,0CAAE,KAAK,CAAA;QACR,MAAM,qBAAqB,GACzB,CAAA,MAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,IAAI,CACvB,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,uBAAuB,CAC1D,0CAAE,KAAK,MAAK,MAAM,CAAA;QAErB,OAAO;YACL,aAAa,EAAE;gBACb,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;gBAC/C,SAAS,EAAE,mBAAmB,KAAK,oBAAoB;aACxD;YACD,GAAG,EAAE;gBACH,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACpC,SAAS,EAAE,mBAAmB,KAAK,SAAS;gBAC5C,WAAW;gBACX,qBAAqB;aACtB;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,cAAoD;QAEpD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAE/C,OAAO;YACL,WAAW;YACX,uBAAuB,EAAE,4BAA4B,CACnD,cAAc,EACd,WAAW,CACZ;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,EAAE,qBAAqB,EAAE,KAAK,EAAE,CAAA;QACzC,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE;gBACd;oBACE,IAAI,EAAE,cAAc;oBACpB,KAAK,EAAE,WAAW;iBACnB;aACF;SACF,CAAC,CACH,CAAA;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,OAAO,EAAE,qBAAqB,EAAE,WAAW,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,kBAAkB,EAAE,CAAC,cAAc,CAAC;SACrC,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,+BAA+B;QACnC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAClD,IAAI,uCAAuC,CAAC;YAC1C,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,cAAc;SAC9B,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAAY;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;YAC7B,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,cAAc;YAC7B,IAAI,EAAE,IAAI;SACX,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,MAAiB;QAC3C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAEnD,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,GAAG,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;gBACvC,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,KAAK,eAAe;qBACzC;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO;gBAC7B,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,KAAK,KAAK;qBAC/B;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAiB;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QACnD,MAAM,YAAY,GAChB,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS;YACzC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAA;QACnC,MAAM,WAAW,GACf,MAAM,KAAK,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,CAAA;QACtD,MAAM,aAAa,GACjB,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,eAAe,CAAC,GAAG;YACrB,CAAC,CAAC,eAAe,CAAC,aAAa,CAAA;QAEnC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,GAAG,CAAC,MAAM,KAAK,eAAe;gBAC5B,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,KAAK;qBACpB;iBACF;gBACH,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,KAAK;qBACpB;iBACF,CAAC;YACN,GAAG,CAAC,YAAY,IAAI,aAAa,CAAC,OAAO;gBACvC,CAAC,CAAC,WAAW,KAAK,eAAe;oBAC/B,CAAC,CAAC;wBACE,wBAAwB,EAAE;4BACxB,OAAO,EAAE,IAAI;4BACb,YAAY,EAAE,IAAI;yBACnB;qBACF;oBACH,CAAC,CAAC;wBACE,cAAc,EAAE;4BACd,OAAO,EAAE,IAAI;4BACb,YAAY,EAAE,IAAI;yBACnB;qBACF;gBACL,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAE,SAAS,KAA8B,EAAE;QAC3D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QACnD,MAAM,kBAAkB,GACtB,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;YACpC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC;YAC1C,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAChE,MAAM,iBAAiB,GACrB,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,CAAC,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAEpE,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE;gBACd,OAAO,EAAE,IAAI;gBACb,YAAY,EAAE,iBAAiB;aAChC;YACD,GAAG,CAAC,iBAAiB,IAAI,eAAe,CAAC,aAAa,CAAC,OAAO;gBAC5D,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,KAAK;qBACpB;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,EAAE,SAAS,KAA8B,EAAE;QACxE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAClE,IAAI,6BAA6B,CAAC;YAChC,WAAW,EAAE,WAAW;SACzB,CAAC,CACH,CAAA;QAED,OAAO;YACL,UAAU,EAAE,UAAU;YACtB,eAAe,EAAE,KAAK,EAAE,IAAY,EAAE,EAAE;gBACtC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;oBAC7B,WAAW,EAAE,WAAW;oBACxB,QAAQ,EAAE,IAAI;iBACf,CAAC,CACH,CAAA;gBAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;gBACnD,MAAM,kBAAkB,GACtB,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;oBACpC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC;oBAC1C,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;gBAChE,MAAM,iBAAiB,GACrB,SAAS,aAAT,SAAS,cAAT,SAAS,GACT,CAAC,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;gBAEjE,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;oBAC9B,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,iBAAiB;qBAChC;oBACD,GAAG,CAAC,iBAAiB,IAAI,eAAe,CAAC,GAAG,CAAC,OAAO;wBAClD,CAAC,CAAC;4BACE,cAAc,EAAE;gCACd,OAAO,EAAE,IAAI;gCACb,YAAY,EAAE,KAAK;6BACpB;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;oBACP,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;SACF,CAAA;IACH,CAAC;CACF;AAED,sEAAsE;AACtE,2BAA2B;AAE3B,qDAAqD;AACrD,SAAS,eAAe,CACtB,GAAW,EACX,MAA+B,EAC/B,OAAiD,EACjD,KAAsE;IAEtE,MAAM,OAAO,GAAG,IAAI,cAAc,EAAE,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;IAC/B,OAAO,CAAC,gBAAgB,CACtB,cAAc,EACd,kDAAkD,CACnD,CAAA;IACD,OAAO,CAAC,MAAM,GAAG;QACf,IAAI,IAAI,GAAG,EAAE,CAAA;QACb,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAA;YAC1B,aAAa;QACf,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,CAAA;QACf,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,CAAA;QACb,CAAC;IACH,CAAC,CAAA;IACD,OAAO,CAAC,OAAO,GAAG;QAChB,KAAK,CAAC,EAAE,CAAC,CAAA;IACX,CAAC,CAAA;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;SAC7B,MAAM,CAAC,CAAC,IAAc,EAAE,GAAG,EAAE,EAAE;QAC9B,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAA;QACpC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,EAAE,EAAE,CAAC;SACL,IAAI,CAAC,GAAG,CAAC,CAAA;IACZ,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACpB,CAAC;AAED,sEAAsE;AACtE,wBAAwB;AAExB,qEAAqE;AACrE,SAAS,oBAAoB;IAC3B,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAA;IACjC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IACpC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CACzE,EAAE,CACH,CAAA;AACH,CAAC;AAED,+CAA+C;AAC/C,oDAAoD;AACpD,SAAS,MAAM,CAAC,KAAa;IAC3B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;AACrD,CAAC;AAED,qCAAqC;AACrC,SAAS,eAAe,CAAC,GAAgB;IACvC,sFAAsF;IACtF,sEAAsE;IACtE,uDAAuD;IACvD,0DAA0D;IAC1D,mBAAmB;IACnB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;SAC9D,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AACvB,CAAC;AAED,kEAAkE;AAClE,KAAK,UAAU,yBAAyB,CAAC,CAAS;IAChD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,CAAC,CAAC,CAAA;IAC9B,OAAO,eAAe,CAAC,MAAM,CAAC,CAAA;AAChC,CAAC","sourcesContent":["import {\n AssociateSoftwareTokenCommand,\n AuthenticationResultType,\n ChangePasswordCommand,\n CognitoIdentityProviderClient,\n ConfirmForgotPasswordCommand,\n DeleteUserAttributesCommand,\n GetUserAttributeVerificationCodeCommand,\n GetUserCommand,\n GlobalSignOutCommand,\n InitiateAuthCommand,\n InitiateAuthResponse,\n RespondToAuthChallengeCommand,\n SetUserMFAPreferenceCommand,\n UpdateUserAttributesCommand,\n VerifySoftwareTokenCommand,\n VerifyUserAttributeCommand,\n} from '@aws-sdk/client-cognito-identity-provider'\nimport Sentry from '../Sentry'\nimport { OneBlinkAppsError } from '..'\nimport { MiscTypes } from '@oneblink/types'\n\nexport type MfaMethod = 'authenticator' | 'sms'\n\nexport type MfaSettings = {\n authenticator: {\n enabled: boolean\n preferred: boolean\n }\n sms: {\n enabled: boolean\n preferred: boolean\n phoneNumber: string | undefined\n isPhoneNumberVerified: boolean\n }\n}\n\nexport const DEFAULT_MFA_SETTINGS: MfaSettings = {\n authenticator: { enabled: false, preferred: false },\n sms: {\n enabled: false,\n preferred: false,\n phoneNumber: undefined,\n isPhoneNumberVerified: false,\n },\n}\n\nexport type MfaRequirementCheckResult = {\n mfaSettings: MfaSettings\n userMeetsMfaRequirement: boolean\n}\n\nconst MFA_REQUIREMENT_METHOD_CHECKS = {\n sms: (mfaSettings: MfaSettings) => mfaSettings.sms.enabled,\n authenticatorApp: (mfaSettings: MfaSettings) =>\n mfaSettings.authenticator.enabled,\n} satisfies Record<\n keyof MiscTypes.MfaRequirement,\n (mfaSettings: MfaSettings) => boolean\n>\n\nfunction checkUserMeetsMfaRequirement(\n mfaRequirement: MiscTypes.MfaRequirement | undefined,\n mfaSettings: MfaSettings,\n): boolean {\n if (!mfaRequirement) {\n return true\n }\n\n const requiredMethods = (\n Object.keys(MFA_REQUIREMENT_METHOD_CHECKS) as Array<\n keyof MiscTypes.MfaRequirement\n >\n ).filter((method) => mfaRequirement[method])\n\n if (requiredMethods.length === 0) {\n return true\n }\n\n return requiredMethods.some((method) =>\n MFA_REQUIREMENT_METHOD_CHECKS[method](mfaSettings),\n )\n}\n\nexport type LoginAttemptResponse = {\n resetPasswordCallback?: (newPassword: string) => Promise<LoginAttemptResponse>\n mfa?: {\n codeCallback: (code: string) => Promise<LoginAttemptResponse>\n method: MfaMethod\n }\n}\n\nexport default class AWSCognitoClient {\n clientId: string\n cognitoIdentityProviderClient: CognitoIdentityProviderClient\n loginDomain: string | void\n redirectUri: string | void\n logoutUri: string | void\n listeners: Array<() => unknown>\n\n constructor({\n clientId,\n region,\n loginDomain,\n redirectUri,\n logoutUri,\n }: {\n clientId: string\n region: string\n redirectUri?: string\n logoutUri?: string\n loginDomain?: string\n }) {\n if (!clientId) {\n throw new TypeError('\"clientId\" is required in constructor')\n }\n if (!region) {\n throw new TypeError('\"region\" is required in constructor')\n }\n\n this.listeners = []\n this.redirectUri = redirectUri\n this.logoutUri = logoutUri\n this.loginDomain = loginDomain\n this.clientId = clientId\n this.cognitoIdentityProviderClient = new CognitoIdentityProviderClient({\n region,\n })\n }\n\n // Local Storage Keys\n get EXPIRES_AT() {\n return `COGNITO_${this.clientId}_EXPIRES_AT`\n }\n get ACCESS_TOKEN() {\n return `COGNITO_${this.clientId}_ACCESS_TOKEN`\n }\n get ID_TOKEN() {\n return `COGNITO_${this.clientId}_ID_TOKEN`\n }\n get REFRESH_TOKEN() {\n return `COGNITO_${this.clientId}_REFRESH_TOKEN`\n }\n get STATE() {\n return `COGNITO_${this.clientId}_STATE`\n }\n get PKCE_CODE_VERIFIER() {\n return `COGNITO_${this.clientId}_PKCE_CODE_VERIFIER`\n }\n\n _executeListeners() {\n for (const listener of this.listeners) {\n try {\n listener()\n } catch (error) {\n Sentry.captureException(error)\n // Ignore error from listeners\n console.warn('AWSCognitoClient listener error', error)\n }\n }\n }\n\n _storeAuthenticationResult(authenticationResult: AuthenticationResultType) {\n // Take off 5 seconds to ensure a request does not become unauthenticated mid request\n const expiresAt =\n (authenticationResult.ExpiresIn as number) * 1000 + Date.now() - 5000\n localStorage.setItem(this.EXPIRES_AT, expiresAt.toString())\n localStorage.setItem(\n this.ACCESS_TOKEN,\n authenticationResult.AccessToken as string,\n )\n localStorage.setItem(this.ID_TOKEN, authenticationResult.IdToken as string)\n if (authenticationResult.RefreshToken) {\n localStorage.setItem(\n this.REFRESH_TOKEN,\n authenticationResult.RefreshToken,\n )\n }\n\n this._executeListeners()\n }\n\n _removeAuthenticationResult() {\n localStorage.removeItem(this.EXPIRES_AT)\n localStorage.removeItem(this.ACCESS_TOKEN)\n localStorage.removeItem(this.ID_TOKEN)\n localStorage.removeItem(this.REFRESH_TOKEN)\n\n this._executeListeners()\n }\n\n _getAccessToken(): string | undefined {\n return localStorage.getItem(this.ACCESS_TOKEN) || undefined\n }\n\n _getIdToken(): string | undefined {\n return localStorage.getItem(this.ID_TOKEN) || undefined\n }\n\n _getRefreshToken(): string | undefined {\n return localStorage.getItem(this.REFRESH_TOKEN) || undefined\n }\n\n _isSessionValid(): boolean {\n const expiresAt = localStorage.getItem(this.EXPIRES_AT)\n if (!expiresAt) {\n return false\n }\n return parseInt(expiresAt, 10) > Date.now()\n }\n\n async _refreshSession(): Promise<void> {\n if (this._isSessionValid()) {\n return\n }\n\n const refreshToken = this._getRefreshToken()\n if (!refreshToken) {\n return\n }\n\n try {\n const result = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'REFRESH_TOKEN_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n REFRESH_TOKEN: refreshToken,\n },\n }),\n )\n if (result.AuthenticationResult) {\n this._storeAuthenticationResult(result.AuthenticationResult)\n }\n } catch (error) {\n console.warn('Error while attempting to refresh session', error)\n this._removeAuthenticationResult()\n throw new OneBlinkAppsError(\n 'Your session has expired. Please login again to continue to use the application.',\n {\n requiresLogin: true,\n originalError: error as Error,\n },\n )\n }\n }\n\n registerListener(listener: () => unknown): () => void {\n this.listeners.push(listener)\n\n return () => {\n const index = this.listeners.indexOf(listener)\n if (index !== -1) {\n this.listeners.splice(index, 1)\n }\n }\n }\n\n async responseToAuthChallenge(\n username: string,\n initiateAuthResponse: InitiateAuthResponse,\n ): Promise<LoginAttemptResponse> {\n if (initiateAuthResponse.AuthenticationResult) {\n this._storeAuthenticationResult(initiateAuthResponse.AuthenticationResult)\n return {}\n }\n\n const ChallengeName = initiateAuthResponse.ChallengeName\n switch (ChallengeName) {\n case 'NEW_PASSWORD_REQUIRED': {\n return {\n resetPasswordCallback: async (newPassword) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n NEW_PASSWORD: newPassword,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n }\n }\n case 'SOFTWARE_TOKEN_MFA': {\n return {\n mfa: {\n method: 'authenticator',\n codeCallback: async (code) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SOFTWARE_TOKEN_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n },\n }\n }\n case 'EMAIL_OTP': {\n throw new Error('Email OTP is not supported')\n }\n case 'SMS_MFA': {\n return {\n mfa: {\n method: 'sms',\n codeCallback: async (code) => {\n const smsChallengeResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SMS_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n smsChallengeResult,\n )\n },\n },\n }\n }\n }\n\n console.warn(\n '\"CognitoIdentityServiceProvider.InitiateAuthResponse\" challenge has not been catered.',\n initiateAuthResponse,\n )\n throw new Error(\n 'An unexpected error occurred while attempting to process your login. Please try again or contact support if the problem persists.',\n )\n }\n\n async loginUsernamePassword(\n username: string,\n password: string,\n ): Promise<LoginAttemptResponse> {\n const loginResult = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'USER_PASSWORD_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n USERNAME: username,\n PASSWORD: password,\n },\n }),\n )\n\n return await this.responseToAuthChallenge(username, loginResult)\n }\n\n async loginHostedUI(identityProviderName?: string): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to login.',\n )\n }\n\n // Create and store a random \"state\" value\n const state = generateRandomString()\n localStorage.setItem(this.STATE, state)\n\n // Create and store a new PKCE code_verifier (the plaintext random secret)\n const codeVerifier = generateRandomString()\n localStorage.setItem(this.PKCE_CODE_VERIFIER, codeVerifier)\n\n // Hash and base64-urlencode the secret to use as the challenge\n const code_challenge = await pkceChallengeFromVerifier(codeVerifier)\n\n window.location.href =\n `https://${loginDomain}/oauth2/authorize` +\n '?response_type=code' +\n '&client_id=' +\n encodeURIComponent(this.clientId) +\n '&state=' +\n encodeURIComponent(state) +\n '&scope=' +\n encodeURIComponent('openid email profile aws.cognito.signin.user.admin') +\n '&redirect_uri=' +\n encodeURIComponent(redirectUri) +\n '&code_challenge=' +\n encodeURIComponent(code_challenge) +\n '&code_challenge_method=S256' +\n (identityProviderName\n ? '&identity_provider=' + encodeURIComponent(identityProviderName)\n : '')\n }\n\n async handleAuthentication(): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to handle a login.',\n )\n }\n\n const query = new URLSearchParams(window.location.search)\n const queryError = query.get('error')\n const queryErrorDescription = query.get('error_description')\n\n // Check if the server returned an error string\n if (typeof queryError === 'string') {\n throw new Error(\n `${queryError} - ${\n typeof queryErrorDescription === 'string'\n ? queryErrorDescription\n : 'An unknown error has occurred.'\n }`,\n )\n }\n\n const code = query.get('code')\n if (typeof code !== 'string') {\n throw new Error('\"code\" was not including in query string to parse')\n }\n\n if (localStorage.getItem(this.STATE) !== query.get('state')) {\n throw new Error('Invalid login')\n }\n\n const code_verifier = localStorage.getItem(this.PKCE_CODE_VERIFIER)\n\n // Clean these up since we don't need them anymore\n localStorage.removeItem(this.STATE)\n localStorage.removeItem(this.PKCE_CODE_VERIFIER)\n\n // Exchange the authorization code for an access token\n const result: Record<string, unknown> = await new Promise(\n (resolve, reject) => {\n sendPostRequest(\n `https://${loginDomain}/oauth2/token`,\n {\n grant_type: 'authorization_code',\n code,\n client_id: this.clientId,\n redirect_uri: redirectUri,\n code_verifier,\n },\n resolve,\n (error) => {\n reject(\n new Error(\n error.error_description ||\n error.message ||\n 'An unknown error has occurred while processing authentication code',\n ),\n )\n },\n )\n },\n )\n\n this._storeAuthenticationResult({\n AccessToken: result.access_token as string,\n ExpiresIn: result.expires_in as number,\n IdToken: result.id_token as string,\n TokenType: result.token_type as string,\n RefreshToken: result.refresh_token as string,\n })\n }\n\n async changePassword(\n existingPassword: string,\n newPassword: string,\n ): Promise<void> {\n const accessToken = await this.getAccessToken()\n await this.cognitoIdentityProviderClient.send(\n new ChangePasswordCommand({\n AccessToken: accessToken || '',\n PreviousPassword: existingPassword,\n ProposedPassword: newPassword,\n }),\n )\n }\n async confirmForgotPassword({\n username,\n code,\n password,\n }: {\n username: string\n code: string\n password: string\n }) {\n await this.cognitoIdentityProviderClient.send(\n new ConfirmForgotPasswordCommand({\n ClientId: this.clientId,\n ConfirmationCode: code,\n Password: password,\n Username: username,\n }),\n )\n }\n\n logoutHostedUI(): void {\n const loginDomain = this.loginDomain\n const logoutUri = this.logoutUri\n if (!loginDomain || !logoutUri) {\n throw new TypeError(\n '\"loginDomain\" or \"logoutUri\" was not passed to constructor. Both are required before attempting to logout.',\n )\n }\n\n window.location.href =\n `https://${loginDomain}/logout` +\n '?client_id=' +\n encodeURIComponent(this.clientId) +\n '&logout_uri=' +\n encodeURIComponent(logoutUri)\n }\n\n async logout(): Promise<void> {\n try {\n const refreshToken = this._getRefreshToken()\n // Refresh session to allow access token to perform sign out\n if (refreshToken) {\n await this._refreshSession()\n }\n\n const accessToken = this._getAccessToken()\n if (accessToken) {\n await this.cognitoIdentityProviderClient.send(\n new GlobalSignOutCommand({\n AccessToken: accessToken,\n }),\n )\n }\n } catch (error) {\n if (!(error as OneBlinkAppsError).requiresLogin) {\n throw error\n }\n } finally {\n this._removeAuthenticationResult()\n }\n }\n\n async getIdToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getIdToken()\n }\n\n async getAccessToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getAccessToken()\n }\n\n async getMfaSettings(abortSignal?: AbortSignal): Promise<MfaSettings> {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return DEFAULT_MFA_SETTINGS\n }\n\n const user = await this.cognitoIdentityProviderClient.send(\n new GetUserCommand({\n AccessToken: accessToken,\n }),\n { abortSignal },\n )\n\n const mfaList = user.UserMFASettingList || []\n const preferredMfaSetting = user.PreferredMfaSetting\n const phoneNumber = user.UserAttributes?.find(\n (attribute) => attribute.Name === 'phone_number',\n )?.Value\n const isPhoneNumberVerified =\n user.UserAttributes?.find(\n (attribute) => attribute.Name === 'phone_number_verified',\n )?.Value === 'true'\n\n return {\n authenticator: {\n enabled: mfaList.includes('SOFTWARE_TOKEN_MFA'),\n preferred: preferredMfaSetting === 'SOFTWARE_TOKEN_MFA',\n },\n sms: {\n enabled: mfaList.includes('SMS_MFA'),\n preferred: preferredMfaSetting === 'SMS_MFA',\n phoneNumber,\n isPhoneNumberVerified,\n },\n }\n }\n\n async checkIsMfaEnabled(\n mfaRequirement: MiscTypes.MfaRequirement | undefined,\n ): Promise<MfaRequirementCheckResult> {\n const mfaSettings = await this.getMfaSettings()\n\n return {\n mfaSettings,\n userMeetsMfaRequirement: checkUserMeetsMfaRequirement(\n mfaRequirement,\n mfaSettings,\n ),\n }\n }\n\n async updateUserPhoneNumber(\n phoneNumber: string,\n ): Promise<{ isPhoneNumberVerified: boolean }> {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return { isPhoneNumberVerified: false }\n }\n\n await this.cognitoIdentityProviderClient.send(\n new UpdateUserAttributesCommand({\n AccessToken: accessToken,\n UserAttributes: [\n {\n Name: 'phone_number',\n Value: phoneNumber,\n },\n ],\n }),\n )\n\n const mfaSettings = await this.getMfaSettings()\n return { isPhoneNumberVerified: mfaSettings.sms.isPhoneNumberVerified }\n }\n\n async removeUserPhoneNumber() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new DeleteUserAttributesCommand({\n AccessToken: accessToken,\n UserAttributeNames: ['phone_number'],\n }),\n )\n }\n\n async sendPhoneNumberVerificationCode() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n return await this.cognitoIdentityProviderClient.send(\n new GetUserAttributeVerificationCodeCommand({\n AccessToken: accessToken,\n AttributeName: 'phone_number',\n }),\n )\n }\n\n async verifyUserPhoneNumber(code: string) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new VerifyUserAttributeCommand({\n AccessToken: accessToken,\n AttributeName: 'phone_number',\n Code: code,\n }),\n )\n }\n\n async setPreferredMfaMethod(method: MfaMethod) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n ...(currentSettings.authenticator.enabled\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: method === 'authenticator',\n },\n }\n : {}),\n ...(currentSettings.sms.enabled\n ? {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: method === 'sms',\n },\n }\n : {}),\n }),\n )\n }\n\n async disableMfaMethod(method: MfaMethod) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n const wasPreferred =\n method === 'authenticator'\n ? currentSettings.authenticator.preferred\n : currentSettings.sms.preferred\n const otherMethod: MfaMethod =\n method === 'authenticator' ? 'sms' : 'authenticator'\n const otherSettings =\n method === 'authenticator'\n ? currentSettings.sms\n : currentSettings.authenticator\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n ...(method === 'authenticator'\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n }\n : {\n SMSMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n }),\n ...(wasPreferred && otherSettings.enabled\n ? otherMethod === 'authenticator'\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n }\n : {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n }\n : {}),\n }),\n )\n }\n\n async setupSmsMfa({ preferred }: { preferred?: boolean } = {}) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n const hasPreferredMethod =\n (currentSettings.authenticator.enabled &&\n currentSettings.authenticator.preferred) ||\n (currentSettings.sms.enabled && currentSettings.sms.preferred)\n const shouldBePreferred =\n preferred ?? (!hasPreferredMethod && !currentSettings.sms.enabled)\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: shouldBePreferred,\n },\n ...(shouldBePreferred && currentSettings.authenticator.enabled\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: false,\n },\n }\n : {}),\n }),\n )\n }\n\n async setupMfaAuthenticatorApp({ preferred }: { preferred?: boolean } = {}) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const { SecretCode } = await this.cognitoIdentityProviderClient.send(\n new AssociateSoftwareTokenCommand({\n AccessToken: accessToken,\n }),\n )\n\n return {\n secretCode: SecretCode,\n mfaCodeCallback: async (code: string) => {\n await this.cognitoIdentityProviderClient.send(\n new VerifySoftwareTokenCommand({\n AccessToken: accessToken,\n UserCode: code,\n }),\n )\n\n const currentSettings = await this.getMfaSettings()\n const hasPreferredMethod =\n (currentSettings.authenticator.enabled &&\n currentSettings.authenticator.preferred) ||\n (currentSettings.sms.enabled && currentSettings.sms.preferred)\n const shouldBePreferred =\n preferred ??\n (!hasPreferredMethod && !currentSettings.authenticator.enabled)\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: shouldBePreferred,\n },\n ...(shouldBePreferred && currentSettings.sms.enabled\n ? {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: false,\n },\n }\n : {}),\n AccessToken: accessToken,\n }),\n )\n },\n }\n }\n}\n\n//////////////////////////////////////////////////////////////////////\n// GENERAL HELPER FUNCTIONS\n\n// Make a POST request and parse the response as JSON\nfunction sendPostRequest(\n url: string,\n params: Record<string, unknown>,\n success: (value: Record<string, unknown>) => void,\n error: (err: { message?: string; error_description?: string }) => void,\n) {\n const request = new XMLHttpRequest()\n request.open('POST', url, true)\n request.setRequestHeader(\n 'Content-Type',\n 'application/x-www-form-urlencoded; charset=UTF-8',\n )\n request.onload = function () {\n let body = {}\n try {\n body = JSON.parse(request.response)\n } catch (e) {\n Sentry.captureException(e)\n // Do nothing\n }\n\n if (request.status == 200) {\n success(body)\n } else {\n error(body)\n }\n }\n request.onerror = function () {\n error({})\n }\n const body = Object.keys(params)\n .reduce((keys: string[], key) => {\n if (params[key]) {\n keys.push(key + '=' + params[key])\n }\n return keys\n }, [])\n .join('&')\n request.send(body)\n}\n\n//////////////////////////////////////////////////////////////////////\n// PKCE HELPER FUNCTIONS\n\n// Generate a secure random string using the browser crypto functions\nfunction generateRandomString() {\n const array = new Uint32Array(28)\n window.crypto.getRandomValues(array)\n return Array.from(array, (dec) => ('0' + dec.toString(16)).substr(-2)).join(\n '',\n )\n}\n\n// Calculate the SHA256 hash of the input text.\n// Returns a promise that resolves to an ArrayBuffer\nfunction sha256(plain: string) {\n const encoder = new TextEncoder()\n const data = encoder.encode(plain)\n return window.crypto.subtle.digest('SHA-256', data)\n}\n\n// Base64-urlencodes the input string\nfunction base64urlencode(str: ArrayBuffer) {\n // Convert the ArrayBuffer to string using Uint8 array to conver to what btoa accepts.\n // btoa accepts chars only within ascii 0-255 and base64 encodes them.\n // Then convert the base64 encoded to base64url encoded\n // (replace + with -, replace / with _, trim trailing =)\n // @ts-expect-error\n return btoa(String.fromCharCode.apply(null, new Uint8Array(str)))\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '')\n}\n\n// Return the base64-urlencoded sha256 hash for the PKCE challenge\nasync function pkceChallengeFromVerifier(v: string) {\n const hashed = await sha256(v)\n return base64urlencode(hashed)\n}\n"]}
|
|
1
|
+
{"version":3,"file":"AWSCognitoClient.js","sourceRoot":"","sources":["../../../src/apps/services/AWSCognitoClient.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAE7B,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,2BAA2B,EAC3B,cAAc,EACd,oBAAoB,EACpB,mBAAmB,EAEnB,6BAA6B,EAC7B,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,2CAA2C,CAAA;AAClD,OAAO,MAAM,MAAM,WAAW,CAAA;AAC9B,OAAO,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAA;AAiBtC,MAAM,CAAC,MAAM,oBAAoB,GAAgB;IAC/C,aAAa,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE;IACnD,GAAG,EAAE;QACH,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,KAAK;QAChB,WAAW,EAAE,SAAS;QACtB,qBAAqB,EAAE,KAAK;KAC7B;CACF,CAAA;AAED,MAAM,UAAU,wBAAwB,CAAC,EACvC,oBAAoB,EACpB,UAAU,EACV,mBAAmB,GAKpB;IAIC,MAAM,6BAA6B,GACjC,mBAAmB,KAAK,oBAAoB,CAAA;IAC9C,MAAM,mBAAmB,GAAG,mBAAmB,KAAK,SAAS,CAAA;IAE7D,IAAI,6BAA6B,IAAI,oBAAoB,EAAE,CAAC;QAC1D,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAA;IAC9D,CAAC;IAED,IAAI,mBAAmB,IAAI,UAAU,EAAE,CAAC;QACtC,OAAO,EAAE,sBAAsB,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,CAAA;IAC9D,CAAC;IAED,IAAI,oBAAoB,IAAI,UAAU,EAAE,CAAC;QACvC,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAA;IAC9D,CAAC;IAED,OAAO;QACL,sBAAsB,EAAE,oBAAoB;QAC5C,YAAY,EAAE,UAAU;KACzB,CAAA;AACH,CAAC;AAUD,MAAM,CAAC,OAAO,OAAO,gBAAgB;IAQnC,YAAY,EACV,QAAQ,EACR,MAAM,EACN,WAAW,EACX,WAAW,EACX,SAAS,GAOV;QACC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;QAC9D,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,SAAS,CAAC,qCAAqC,CAAC,CAAA;QAC5D,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,EAAE,CAAA;QACnB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,IAAI,CAAC,6BAA6B,GAAG,IAAI,6BAA6B,CAAC;YACrE,MAAM;SACP,CAAC,CAAA;IACJ,CAAC;IAED,qBAAqB;IACrB,IAAI,UAAU;QACZ,OAAO,WAAW,IAAI,CAAC,QAAQ,aAAa,CAAA;IAC9C,CAAC;IACD,IAAI,YAAY;QACd,OAAO,WAAW,IAAI,CAAC,QAAQ,eAAe,CAAA;IAChD,CAAC;IACD,IAAI,QAAQ;QACV,OAAO,WAAW,IAAI,CAAC,QAAQ,WAAW,CAAA;IAC5C,CAAC;IACD,IAAI,aAAa;QACf,OAAO,WAAW,IAAI,CAAC,QAAQ,gBAAgB,CAAA;IACjD,CAAC;IACD,IAAI,KAAK;QACP,OAAO,WAAW,IAAI,CAAC,QAAQ,QAAQ,CAAA;IACzC,CAAC;IACD,IAAI,kBAAkB;QACpB,OAAO,WAAW,IAAI,CAAC,QAAQ,qBAAqB,CAAA;IACtD,CAAC;IAED,iBAAiB;QACf,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,QAAQ,EAAE,CAAA;YACZ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAA;gBAC9B,8BAA8B;gBAC9B,OAAO,CAAC,IAAI,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B,CAAC,oBAA8C;QACvE,qFAAqF;QACrF,MAAM,SAAS,GACZ,oBAAoB,CAAC,SAAoB,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA;QACvE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;QAC3D,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,YAAY,EACjB,oBAAoB,CAAC,WAAqB,CAC3C,CAAA;QACD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC,OAAiB,CAAC,CAAA;QAC3E,IAAI,oBAAoB,CAAC,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,OAAO,CAClB,IAAI,CAAC,aAAa,EAClB,oBAAoB,CAAC,YAAY,CAClC,CAAA;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,2BAA2B;QACzB,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACxC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC1C,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACtC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAE3C,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED,eAAe;QACb,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,SAAS,CAAA;IAC7D,CAAC;IAED,WAAW;QACT,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAA;IACzD,CAAC;IAED,gBAAgB;QACd,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,SAAS,CAAA;IAC9D,CAAC;IAED,eAAe;QACb,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC3B,OAAM;QACR,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAM;QACR,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC1D,IAAI,mBAAmB,CAAC;gBACtB,QAAQ,EAAE,oBAAoB;gBAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,cAAc,EAAE;oBACd,aAAa,EAAE,YAAY;iBAC5B;aACF,CAAC,CACH,CAAA;YACD,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAChC,IAAI,CAAC,0BAA0B,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAA;YAChE,IAAI,CAAC,2BAA2B,EAAE,CAAA;YAClC,MAAM,IAAI,iBAAiB,CACzB,kFAAkF,EAClF;gBACE,aAAa,EAAE,IAAI;gBACnB,aAAa,EAAE,KAAc;aAC9B,CACF,CAAA;QACH,CAAC;IACH,CAAC;IAED,gBAAgB,CAAC,QAAuB;QACtC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAE7B,OAAO,GAAG,EAAE;YACV,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;YAC9C,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;gBACjB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;YACjC,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,QAAgB,EAChB,oBAA0C;QAE1C,IAAI,oBAAoB,CAAC,oBAAoB,EAAE,CAAC;YAC9C,IAAI,CAAC,0BAA0B,CAAC,oBAAoB,CAAC,oBAAoB,CAAC,CAAA;YAC1E,OAAO,EAAE,CAAA;QACX,CAAC;QAED,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAA;QACxD,QAAQ,aAAa,EAAE,CAAC;YACtB,KAAK,uBAAuB,CAAC,CAAC,CAAC;gBAC7B,OAAO;oBACL,qBAAqB,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;wBAC3C,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;4BAChC,aAAa;4BACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;4BACrC,kBAAkB,EAAE;gCAClB,QAAQ,EAAE,QAAQ;gCAClB,YAAY,EAAE,WAAW;6BAC1B;yBACF,CAAC,CACH,CAAA;wBACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;oBACH,CAAC;iBACF,CAAA;YACH,CAAC;YACD,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,OAAO;oBACL,GAAG,EAAE;wBACH,MAAM,EAAE,eAAe;wBACvB,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;4BAC3B,MAAM,mBAAmB,GACvB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;gCAChC,aAAa;gCACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;gCACrC,kBAAkB,EAAE;oCAClB,QAAQ,EAAE,QAAQ;oCAClB,uBAAuB,EAAE,IAAI;iCAC9B;6BACF,CAAC,CACH,CAAA;4BACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,mBAAmB,CACpB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAA;YACH,CAAC;YACD,KAAK,WAAW,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YACD,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,OAAO;oBACL,GAAG,EAAE;wBACH,MAAM,EAAE,KAAK;wBACb,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;4BAC3B,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,6BAA6B,CAAC;gCAChC,aAAa;gCACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,OAAO,EAAE,oBAAoB,CAAC,OAAO;gCACrC,kBAAkB,EAAE;oCAClB,QAAQ,EAAE,QAAQ;oCAClB,YAAY,EAAE,IAAI;iCACnB;6BACF,CAAC,CACH,CAAA;4BACH,OAAO,MAAM,IAAI,CAAC,uBAAuB,CACvC,QAAQ,EACR,kBAAkB,CACnB,CAAA;wBACH,CAAC;qBACF;iBACF,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,CAAC,IAAI,CACV,uFAAuF,EACvF,oBAAoB,CACrB,CAAA;QACD,MAAM,IAAI,KAAK,CACb,mIAAmI,CACpI,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,QAAgB,EAChB,QAAgB;QAEhB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC/D,IAAI,mBAAmB,CAAC;YACtB,QAAQ,EAAE,oBAAoB;YAC9B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE;gBACd,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ;aACnB;SACF,CAAC,CACH,CAAA;QAED,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,oBAA6B;QAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,6GAA6G,CAC9G,CAAA;QACH,CAAC;QAED,0CAA0C;QAC1C,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAA;QACpC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QAEvC,0EAA0E;QAC1E,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAA;QAC3C,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAA;QAE3D,+DAA+D;QAC/D,MAAM,cAAc,GAAG,MAAM,yBAAyB,CAAC,YAAY,CAAC,CAAA;QAEpE,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,mBAAmB;gBACzC,qBAAqB;gBACrB,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,SAAS;gBACT,kBAAkB,CAAC,KAAK,CAAC;gBACzB,SAAS;gBACT,kBAAkB,CAAC,oDAAoD,CAAC;gBACxE,gBAAgB;gBAChB,kBAAkB,CAAC,WAAW,CAAC;gBAC/B,kBAAkB;gBAClB,kBAAkB,CAAC,cAAc,CAAC;gBAClC,6BAA6B;gBAC7B,CAAC,oBAAoB;oBACnB,CAAC,CAAC,qBAAqB,GAAG,kBAAkB,CAAC,oBAAoB,CAAC;oBAClE,CAAC,CAAC,EAAE,CAAC,CAAA;IACX,CAAC;IAED,KAAK,CAAC,oBAAoB;QACxB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CACjB,sHAAsH,CACvH,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QACzD,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACrC,MAAM,qBAAqB,GAAG,KAAK,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAE5D,+CAA+C;QAC/C,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,GAAG,UAAU,MACX,OAAO,qBAAqB,KAAK,QAAQ;gBACvC,CAAC,CAAC,qBAAqB;gBACvB,CAAC,CAAC,gCACN,EAAE,CACH,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;QACtE,CAAC;QAED,IAAI,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;QAClC,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEnE,kDAAkD;QAClD,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACnC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;QAEhD,sDAAsD;QACtD,MAAM,MAAM,GAA4B,MAAM,IAAI,OAAO,CACvD,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAClB,eAAe,CACb,WAAW,WAAW,eAAe,EACrC;gBACE,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,QAAQ;gBACxB,YAAY,EAAE,WAAW;gBACzB,aAAa;aACd,EACD,OAAO,EACP,CAAC,KAAK,EAAE,EAAE;gBACR,MAAM,CACJ,IAAI,KAAK,CACP,KAAK,CAAC,iBAAiB;oBACrB,KAAK,CAAC,OAAO;oBACb,oEAAoE,CACvE,CACF,CAAA;YACH,CAAC,CACF,CAAA;QACH,CAAC,CACF,CAAA;QAED,IAAI,CAAC,0BAA0B,CAAC;YAC9B,WAAW,EAAE,MAAM,CAAC,YAAsB;YAC1C,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,OAAO,EAAE,MAAM,CAAC,QAAkB;YAClC,SAAS,EAAE,MAAM,CAAC,UAAoB;YACtC,YAAY,EAAE,MAAM,CAAC,aAAuB;SAC7C,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,gBAAwB,EACxB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,qBAAqB,CAAC;YACxB,WAAW,EAAE,WAAW,IAAI,EAAE;YAC9B,gBAAgB,EAAE,gBAAgB;YAClC,gBAAgB,EAAE,WAAW;SAC9B,CAAC,CACH,CAAA;IACH,CAAC;IACD,KAAK,CAAC,qBAAqB,CAAC,EAC1B,QAAQ,EACR,IAAI,EACJ,QAAQ,GAKT;QACC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,4BAA4B,CAAC;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,gBAAgB,EAAE,IAAI;YACtB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;SACnB,CAAC,CACH,CAAA;IACH,CAAC;IAED,cAAc;QACZ,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,WAAW,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,MAAM,IAAI,SAAS,CACjB,4GAA4G,CAC7G,CAAA;QACH,CAAC;QAED,MAAM,CAAC,QAAQ,CAAC,IAAI;YAClB,WAAW,WAAW,SAAS;gBAC/B,aAAa;gBACb,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACjC,cAAc;gBACd,kBAAkB,CAAC,SAAS,CAAC,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM;QACV,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;YAC5C,4DAA4D;YAC5D,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;YAC9B,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA;YAC1C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,oBAAoB,CAAC;oBACvB,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAE,KAA2B,CAAC,aAAa,EAAE,CAAC;gBAChD,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,2BAA2B,EAAE,CAAA;QACpC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,WAAW,EAAE,CAAA;IAC3B,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;QAE5B,OAAO,IAAI,CAAC,eAAe,EAAE,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,WAAyB;;QAC5C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,oBAAoB,CAAA;QAC7B,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CACxD,IAAI,cAAc,CAAC;YACjB,WAAW,EAAE,WAAW;SACzB,CAAC,EACF,EAAE,WAAW,EAAE,CAChB,CAAA;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAA;QAC7C,MAAM,mBAAmB,GAAG,IAAI,CAAC,mBAAmB,CAAA;QACpD,MAAM,WAAW,GAAG,MAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,IAAI,CAC3C,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,cAAc,CACjD,0CAAE,KAAK,CAAA;QACR,MAAM,qBAAqB,GACzB,CAAA,MAAA,MAAA,IAAI,CAAC,cAAc,0CAAE,IAAI,CACvB,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,uBAAuB,CAC1D,0CAAE,KAAK,MAAK,MAAM,CAAA;QAErB,MAAM,oBAAoB,GAAG,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAA;QACnE,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;QAC9C,MAAM,EAAE,sBAAsB,EAAE,YAAY,EAAE,GAAG,wBAAwB,CAAC;YACxE,oBAAoB;YACpB,UAAU;YACV,mBAAmB;SACpB,CAAC,CAAA;QAEF,OAAO;YACL,aAAa,EAAE;gBACb,OAAO,EAAE,oBAAoB;gBAC7B,SAAS,EAAE,sBAAsB;aAClC;YACD,GAAG,EAAE;gBACH,OAAO,EAAE,UAAU;gBACnB,SAAS,EAAE,YAAY;gBACvB,WAAW;gBACX,qBAAqB;aACtB;SACF,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,WAAmB;QAEnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,EAAE,qBAAqB,EAAE,KAAK,EAAE,CAAA;QACzC,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE;gBACd;oBACE,IAAI,EAAE,cAAc;oBACpB,KAAK,EAAE,WAAW;iBACnB;aACF;SACF,CAAC,CACH,CAAA;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,OAAO,EAAE,qBAAqB,EAAE,WAAW,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,kBAAkB,EAAE,CAAC,cAAc,CAAC;SACrC,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAAY;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;YAC7B,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,cAAc;YAC7B,IAAI,EAAE,IAAI;SACX,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,MAAiB;QAC3C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAEnD,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,GAAG,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;gBACvC,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,KAAK,eAAe;qBACzC;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO;gBAC7B,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,MAAM,KAAK,KAAK;qBAC/B;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAiB;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QACnD,MAAM,YAAY,GAChB,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS;YACzC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAA;QACnC,MAAM,WAAW,GACf,MAAM,KAAK,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,CAAA;QACtD,MAAM,aAAa,GACjB,MAAM,KAAK,eAAe;YACxB,CAAC,CAAC,eAAe,CAAC,GAAG;YACrB,CAAC,CAAC,eAAe,CAAC,aAAa,CAAA;QAEnC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,GAAG,CAAC,MAAM,KAAK,eAAe;gBAC5B,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,KAAK;qBACpB;iBACF;gBACH,CAAC,CAAC;oBACE,cAAc,EAAE;wBACd,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,KAAK;qBACpB;iBACF,CAAC;YACN,GAAG,CAAC,YAAY,IAAI,aAAa,CAAC,OAAO;gBACvC,CAAC,CAAC,WAAW,KAAK,eAAe;oBAC/B,CAAC,CAAC;wBACE,wBAAwB,EAAE;4BACxB,OAAO,EAAE,IAAI;4BACb,YAAY,EAAE,IAAI;yBACnB;qBACF;oBACH,CAAC,CAAC;wBACE,cAAc,EAAE;4BACd,OAAO,EAAE,IAAI;4BACb,YAAY,EAAE,IAAI;yBACnB;qBACF;gBACL,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAE,SAAS,KAA8B,EAAE;QAC3D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QACnD,MAAM,kBAAkB,GACtB,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;YACpC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC;YAC1C,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAChE,MAAM,iBAAiB,GACrB,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,CAAC,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAEpE,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;YAC9B,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE;gBACd,OAAO,EAAE,IAAI;gBACb,YAAY,EAAE,iBAAiB;aAChC;YACD,GAAG,CAAC,iBAAiB,IAAI,eAAe,CAAC,aAAa,CAAC,OAAO;gBAC5D,CAAC,CAAC;oBACE,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,KAAK;qBACpB;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,EAAE,SAAS,KAA8B,EAAE;QACxE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAM;QACR,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAClE,IAAI,6BAA6B,CAAC;YAChC,WAAW,EAAE,WAAW;SACzB,CAAC,CACH,CAAA;QAED,OAAO;YACL,UAAU,EAAE,UAAU;YACtB,eAAe,EAAE,KAAK,EAAE,IAAY,EAAE,EAAE;gBACtC,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,0BAA0B,CAAC;oBAC7B,WAAW,EAAE,WAAW;oBACxB,QAAQ,EAAE,IAAI;iBACf,CAAC,CACH,CAAA;gBAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAA;gBACnD,MAAM,kBAAkB,GACtB,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO;oBACpC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC;oBAC1C,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;gBAChE,MAAM,iBAAiB,GACrB,SAAS,aAAT,SAAS,cAAT,SAAS,GACT,CAAC,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;gBAEjE,MAAM,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAC3C,IAAI,2BAA2B,CAAC;oBAC9B,wBAAwB,EAAE;wBACxB,OAAO,EAAE,IAAI;wBACb,YAAY,EAAE,iBAAiB;qBAChC;oBACD,GAAG,CAAC,iBAAiB,IAAI,eAAe,CAAC,GAAG,CAAC,OAAO;wBAClD,CAAC,CAAC;4BACE,cAAc,EAAE;gCACd,OAAO,EAAE,IAAI;gCACb,YAAY,EAAE,KAAK;6BACpB;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;oBACP,WAAW,EAAE,WAAW;iBACzB,CAAC,CACH,CAAA;YACH,CAAC;SACF,CAAA;IACH,CAAC;CACF;AAED,sEAAsE;AACtE,2BAA2B;AAE3B,qDAAqD;AACrD,SAAS,eAAe,CACtB,GAAW,EACX,MAA+B,EAC/B,OAAiD,EACjD,KAAsE;IAEtE,MAAM,OAAO,GAAG,IAAI,cAAc,EAAE,CAAA;IACpC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;IAC/B,OAAO,CAAC,gBAAgB,CACtB,cAAc,EACd,kDAAkD,CACnD,CAAA;IACD,OAAO,CAAC,MAAM,GAAG;QACf,IAAI,IAAI,GAAG,EAAE,CAAA;QACb,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAA;YAC1B,aAAa;QACf,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,CAAA;QACf,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,CAAA;QACb,CAAC;IACH,CAAC,CAAA;IACD,OAAO,CAAC,OAAO,GAAG;QAChB,KAAK,CAAC,EAAE,CAAC,CAAA;IACX,CAAC,CAAA;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;SAC7B,MAAM,CAAC,CAAC,IAAc,EAAE,GAAG,EAAE,EAAE;QAC9B,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAA;QACpC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC,EAAE,EAAE,CAAC;SACL,IAAI,CAAC,GAAG,CAAC,CAAA;IACZ,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACpB,CAAC;AAED,sEAAsE;AACtE,wBAAwB;AAExB,qEAAqE;AACrE,SAAS,oBAAoB;IAC3B,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAA;IACjC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IACpC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CACzE,EAAE,CACH,CAAA;AACH,CAAC;AAED,+CAA+C;AAC/C,oDAAoD;AACpD,SAAS,MAAM,CAAC,KAAa;IAC3B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;AACrD,CAAC;AAED,qCAAqC;AACrC,SAAS,eAAe,CAAC,GAAgB;IACvC,sFAAsF;IACtF,sEAAsE;IACtE,uDAAuD;IACvD,0DAA0D;IAC1D,mBAAmB;IACnB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;SAC9D,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AACvB,CAAC;AAED,kEAAkE;AAClE,KAAK,UAAU,yBAAyB,CAAC,CAAS;IAChD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,CAAC,CAAC,CAAA;IAC9B,OAAO,eAAe,CAAC,MAAM,CAAC,CAAA;AAChC,CAAC","sourcesContent":["import {\n AssociateSoftwareTokenCommand,\n AuthenticationResultType,\n ChangePasswordCommand,\n CognitoIdentityProviderClient,\n ConfirmForgotPasswordCommand,\n DeleteUserAttributesCommand,\n GetUserCommand,\n GlobalSignOutCommand,\n InitiateAuthCommand,\n InitiateAuthResponse,\n RespondToAuthChallengeCommand,\n SetUserMFAPreferenceCommand,\n UpdateUserAttributesCommand,\n VerifySoftwareTokenCommand,\n VerifyUserAttributeCommand,\n} from '@aws-sdk/client-cognito-identity-provider'\nimport Sentry from '../Sentry'\nimport { OneBlinkAppsError } from '..'\n\nexport type MfaMethod = 'authenticator' | 'sms'\n\nexport type MfaSettings = {\n authenticator: {\n enabled: boolean\n preferred: boolean\n }\n sms: {\n enabled: boolean\n preferred: boolean\n phoneNumber: string | undefined\n isPhoneNumberVerified: boolean\n }\n}\n\nexport const DEFAULT_MFA_SETTINGS: MfaSettings = {\n authenticator: { enabled: false, preferred: false },\n sms: {\n enabled: false,\n preferred: false,\n phoneNumber: undefined,\n isPhoneNumberVerified: false,\n },\n}\n\nexport function resolveMfaPreferredFlags({\n authenticatorEnabled,\n smsEnabled,\n preferredMfaSetting,\n}: {\n authenticatorEnabled: boolean\n smsEnabled: boolean\n preferredMfaSetting: string | undefined\n}): {\n authenticatorPreferred: boolean\n smsPreferred: boolean\n} {\n const cognitoAuthenticatorPreferred =\n preferredMfaSetting === 'SOFTWARE_TOKEN_MFA'\n const cognitoSmsPreferred = preferredMfaSetting === 'SMS_MFA'\n\n if (cognitoAuthenticatorPreferred && authenticatorEnabled) {\n return { authenticatorPreferred: true, smsPreferred: false }\n }\n\n if (cognitoSmsPreferred && smsEnabled) {\n return { authenticatorPreferred: false, smsPreferred: true }\n }\n\n if (authenticatorEnabled && smsEnabled) {\n return { authenticatorPreferred: true, smsPreferred: false }\n }\n\n return {\n authenticatorPreferred: authenticatorEnabled,\n smsPreferred: smsEnabled,\n }\n}\n\nexport type LoginAttemptResponse = {\n resetPasswordCallback?: (newPassword: string) => Promise<LoginAttemptResponse>\n mfa?: {\n codeCallback: (code: string) => Promise<LoginAttemptResponse>\n method: MfaMethod\n }\n}\n\nexport default class AWSCognitoClient {\n clientId: string\n cognitoIdentityProviderClient: CognitoIdentityProviderClient\n loginDomain: string | void\n redirectUri: string | void\n logoutUri: string | void\n listeners: Array<() => unknown>\n\n constructor({\n clientId,\n region,\n loginDomain,\n redirectUri,\n logoutUri,\n }: {\n clientId: string\n region: string\n redirectUri?: string\n logoutUri?: string\n loginDomain?: string\n }) {\n if (!clientId) {\n throw new TypeError('\"clientId\" is required in constructor')\n }\n if (!region) {\n throw new TypeError('\"region\" is required in constructor')\n }\n\n this.listeners = []\n this.redirectUri = redirectUri\n this.logoutUri = logoutUri\n this.loginDomain = loginDomain\n this.clientId = clientId\n this.cognitoIdentityProviderClient = new CognitoIdentityProviderClient({\n region,\n })\n }\n\n // Local Storage Keys\n get EXPIRES_AT() {\n return `COGNITO_${this.clientId}_EXPIRES_AT`\n }\n get ACCESS_TOKEN() {\n return `COGNITO_${this.clientId}_ACCESS_TOKEN`\n }\n get ID_TOKEN() {\n return `COGNITO_${this.clientId}_ID_TOKEN`\n }\n get REFRESH_TOKEN() {\n return `COGNITO_${this.clientId}_REFRESH_TOKEN`\n }\n get STATE() {\n return `COGNITO_${this.clientId}_STATE`\n }\n get PKCE_CODE_VERIFIER() {\n return `COGNITO_${this.clientId}_PKCE_CODE_VERIFIER`\n }\n\n _executeListeners() {\n for (const listener of this.listeners) {\n try {\n listener()\n } catch (error) {\n Sentry.captureException(error)\n // Ignore error from listeners\n console.warn('AWSCognitoClient listener error', error)\n }\n }\n }\n\n _storeAuthenticationResult(authenticationResult: AuthenticationResultType) {\n // Take off 5 seconds to ensure a request does not become unauthenticated mid request\n const expiresAt =\n (authenticationResult.ExpiresIn as number) * 1000 + Date.now() - 5000\n localStorage.setItem(this.EXPIRES_AT, expiresAt.toString())\n localStorage.setItem(\n this.ACCESS_TOKEN,\n authenticationResult.AccessToken as string,\n )\n localStorage.setItem(this.ID_TOKEN, authenticationResult.IdToken as string)\n if (authenticationResult.RefreshToken) {\n localStorage.setItem(\n this.REFRESH_TOKEN,\n authenticationResult.RefreshToken,\n )\n }\n\n this._executeListeners()\n }\n\n _removeAuthenticationResult() {\n localStorage.removeItem(this.EXPIRES_AT)\n localStorage.removeItem(this.ACCESS_TOKEN)\n localStorage.removeItem(this.ID_TOKEN)\n localStorage.removeItem(this.REFRESH_TOKEN)\n\n this._executeListeners()\n }\n\n _getAccessToken(): string | undefined {\n return localStorage.getItem(this.ACCESS_TOKEN) || undefined\n }\n\n _getIdToken(): string | undefined {\n return localStorage.getItem(this.ID_TOKEN) || undefined\n }\n\n _getRefreshToken(): string | undefined {\n return localStorage.getItem(this.REFRESH_TOKEN) || undefined\n }\n\n _isSessionValid(): boolean {\n const expiresAt = localStorage.getItem(this.EXPIRES_AT)\n if (!expiresAt) {\n return false\n }\n return parseInt(expiresAt, 10) > Date.now()\n }\n\n async _refreshSession(): Promise<void> {\n if (this._isSessionValid()) {\n return\n }\n\n const refreshToken = this._getRefreshToken()\n if (!refreshToken) {\n return\n }\n\n try {\n const result = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'REFRESH_TOKEN_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n REFRESH_TOKEN: refreshToken,\n },\n }),\n )\n if (result.AuthenticationResult) {\n this._storeAuthenticationResult(result.AuthenticationResult)\n }\n } catch (error) {\n console.warn('Error while attempting to refresh session', error)\n this._removeAuthenticationResult()\n throw new OneBlinkAppsError(\n 'Your session has expired. Please login again to continue to use the application.',\n {\n requiresLogin: true,\n originalError: error as Error,\n },\n )\n }\n }\n\n registerListener(listener: () => unknown): () => void {\n this.listeners.push(listener)\n\n return () => {\n const index = this.listeners.indexOf(listener)\n if (index !== -1) {\n this.listeners.splice(index, 1)\n }\n }\n }\n\n async responseToAuthChallenge(\n username: string,\n initiateAuthResponse: InitiateAuthResponse,\n ): Promise<LoginAttemptResponse> {\n if (initiateAuthResponse.AuthenticationResult) {\n this._storeAuthenticationResult(initiateAuthResponse.AuthenticationResult)\n return {}\n }\n\n const ChallengeName = initiateAuthResponse.ChallengeName\n switch (ChallengeName) {\n case 'NEW_PASSWORD_REQUIRED': {\n return {\n resetPasswordCallback: async (newPassword) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n NEW_PASSWORD: newPassword,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n }\n }\n case 'SOFTWARE_TOKEN_MFA': {\n return {\n mfa: {\n method: 'authenticator',\n codeCallback: async (code) => {\n const resetPasswordResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SOFTWARE_TOKEN_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n resetPasswordResult,\n )\n },\n },\n }\n }\n case 'EMAIL_OTP': {\n throw new Error('Email OTP is not supported')\n }\n case 'SMS_MFA': {\n return {\n mfa: {\n method: 'sms',\n codeCallback: async (code) => {\n const smsChallengeResult =\n await this.cognitoIdentityProviderClient.send(\n new RespondToAuthChallengeCommand({\n ChallengeName,\n ClientId: this.clientId,\n Session: initiateAuthResponse.Session,\n ChallengeResponses: {\n USERNAME: username,\n SMS_MFA_CODE: code,\n },\n }),\n )\n return await this.responseToAuthChallenge(\n username,\n smsChallengeResult,\n )\n },\n },\n }\n }\n }\n\n console.warn(\n '\"CognitoIdentityServiceProvider.InitiateAuthResponse\" challenge has not been catered.',\n initiateAuthResponse,\n )\n throw new Error(\n 'An unexpected error occurred while attempting to process your login. Please try again or contact support if the problem persists.',\n )\n }\n\n async loginUsernamePassword(\n username: string,\n password: string,\n ): Promise<LoginAttemptResponse> {\n const loginResult = await this.cognitoIdentityProviderClient.send(\n new InitiateAuthCommand({\n AuthFlow: 'USER_PASSWORD_AUTH',\n ClientId: this.clientId,\n AuthParameters: {\n USERNAME: username,\n PASSWORD: password,\n },\n }),\n )\n\n return await this.responseToAuthChallenge(username, loginResult)\n }\n\n async loginHostedUI(identityProviderName?: string): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to login.',\n )\n }\n\n // Create and store a random \"state\" value\n const state = generateRandomString()\n localStorage.setItem(this.STATE, state)\n\n // Create and store a new PKCE code_verifier (the plaintext random secret)\n const codeVerifier = generateRandomString()\n localStorage.setItem(this.PKCE_CODE_VERIFIER, codeVerifier)\n\n // Hash and base64-urlencode the secret to use as the challenge\n const code_challenge = await pkceChallengeFromVerifier(codeVerifier)\n\n window.location.href =\n `https://${loginDomain}/oauth2/authorize` +\n '?response_type=code' +\n '&client_id=' +\n encodeURIComponent(this.clientId) +\n '&state=' +\n encodeURIComponent(state) +\n '&scope=' +\n encodeURIComponent('openid email profile aws.cognito.signin.user.admin') +\n '&redirect_uri=' +\n encodeURIComponent(redirectUri) +\n '&code_challenge=' +\n encodeURIComponent(code_challenge) +\n '&code_challenge_method=S256' +\n (identityProviderName\n ? '&identity_provider=' + encodeURIComponent(identityProviderName)\n : '')\n }\n\n async handleAuthentication(): Promise<void> {\n const loginDomain = this.loginDomain\n const redirectUri = this.redirectUri\n if (!loginDomain || !redirectUri) {\n throw new TypeError(\n '\"loginDomain\" or \"redirectUri\" was not passed to constructor. Both are required before attempting to handle a login.',\n )\n }\n\n const query = new URLSearchParams(window.location.search)\n const queryError = query.get('error')\n const queryErrorDescription = query.get('error_description')\n\n // Check if the server returned an error string\n if (typeof queryError === 'string') {\n throw new Error(\n `${queryError} - ${\n typeof queryErrorDescription === 'string'\n ? queryErrorDescription\n : 'An unknown error has occurred.'\n }`,\n )\n }\n\n const code = query.get('code')\n if (typeof code !== 'string') {\n throw new Error('\"code\" was not including in query string to parse')\n }\n\n if (localStorage.getItem(this.STATE) !== query.get('state')) {\n throw new Error('Invalid login')\n }\n\n const code_verifier = localStorage.getItem(this.PKCE_CODE_VERIFIER)\n\n // Clean these up since we don't need them anymore\n localStorage.removeItem(this.STATE)\n localStorage.removeItem(this.PKCE_CODE_VERIFIER)\n\n // Exchange the authorization code for an access token\n const result: Record<string, unknown> = await new Promise(\n (resolve, reject) => {\n sendPostRequest(\n `https://${loginDomain}/oauth2/token`,\n {\n grant_type: 'authorization_code',\n code,\n client_id: this.clientId,\n redirect_uri: redirectUri,\n code_verifier,\n },\n resolve,\n (error) => {\n reject(\n new Error(\n error.error_description ||\n error.message ||\n 'An unknown error has occurred while processing authentication code',\n ),\n )\n },\n )\n },\n )\n\n this._storeAuthenticationResult({\n AccessToken: result.access_token as string,\n ExpiresIn: result.expires_in as number,\n IdToken: result.id_token as string,\n TokenType: result.token_type as string,\n RefreshToken: result.refresh_token as string,\n })\n }\n\n async changePassword(\n existingPassword: string,\n newPassword: string,\n ): Promise<void> {\n const accessToken = await this.getAccessToken()\n await this.cognitoIdentityProviderClient.send(\n new ChangePasswordCommand({\n AccessToken: accessToken || '',\n PreviousPassword: existingPassword,\n ProposedPassword: newPassword,\n }),\n )\n }\n async confirmForgotPassword({\n username,\n code,\n password,\n }: {\n username: string\n code: string\n password: string\n }) {\n await this.cognitoIdentityProviderClient.send(\n new ConfirmForgotPasswordCommand({\n ClientId: this.clientId,\n ConfirmationCode: code,\n Password: password,\n Username: username,\n }),\n )\n }\n\n logoutHostedUI(): void {\n const loginDomain = this.loginDomain\n const logoutUri = this.logoutUri\n if (!loginDomain || !logoutUri) {\n throw new TypeError(\n '\"loginDomain\" or \"logoutUri\" was not passed to constructor. Both are required before attempting to logout.',\n )\n }\n\n window.location.href =\n `https://${loginDomain}/logout` +\n '?client_id=' +\n encodeURIComponent(this.clientId) +\n '&logout_uri=' +\n encodeURIComponent(logoutUri)\n }\n\n async logout(): Promise<void> {\n try {\n const refreshToken = this._getRefreshToken()\n // Refresh session to allow access token to perform sign out\n if (refreshToken) {\n await this._refreshSession()\n }\n\n const accessToken = this._getAccessToken()\n if (accessToken) {\n await this.cognitoIdentityProviderClient.send(\n new GlobalSignOutCommand({\n AccessToken: accessToken,\n }),\n )\n }\n } catch (error) {\n if (!(error as OneBlinkAppsError).requiresLogin) {\n throw error\n }\n } finally {\n this._removeAuthenticationResult()\n }\n }\n\n async getIdToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getIdToken()\n }\n\n async getAccessToken(): Promise<string | undefined> {\n await this._refreshSession()\n\n return this._getAccessToken()\n }\n\n async getMfaSettings(abortSignal?: AbortSignal): Promise<MfaSettings> {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return DEFAULT_MFA_SETTINGS\n }\n\n const user = await this.cognitoIdentityProviderClient.send(\n new GetUserCommand({\n AccessToken: accessToken,\n }),\n { abortSignal },\n )\n\n const mfaList = user.UserMFASettingList || []\n const preferredMfaSetting = user.PreferredMfaSetting\n const phoneNumber = user.UserAttributes?.find(\n (attribute) => attribute.Name === 'phone_number',\n )?.Value\n const isPhoneNumberVerified =\n user.UserAttributes?.find(\n (attribute) => attribute.Name === 'phone_number_verified',\n )?.Value === 'true'\n\n const authenticatorEnabled = mfaList.includes('SOFTWARE_TOKEN_MFA')\n const smsEnabled = mfaList.includes('SMS_MFA')\n const { authenticatorPreferred, smsPreferred } = resolveMfaPreferredFlags({\n authenticatorEnabled,\n smsEnabled,\n preferredMfaSetting,\n })\n\n return {\n authenticator: {\n enabled: authenticatorEnabled,\n preferred: authenticatorPreferred,\n },\n sms: {\n enabled: smsEnabled,\n preferred: smsPreferred,\n phoneNumber,\n isPhoneNumberVerified,\n },\n }\n }\n\n async updateUserPhoneNumber(\n phoneNumber: string,\n ): Promise<{ isPhoneNumberVerified: boolean }> {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return { isPhoneNumberVerified: false }\n }\n\n await this.cognitoIdentityProviderClient.send(\n new UpdateUserAttributesCommand({\n AccessToken: accessToken,\n UserAttributes: [\n {\n Name: 'phone_number',\n Value: phoneNumber,\n },\n ],\n }),\n )\n\n const mfaSettings = await this.getMfaSettings()\n return { isPhoneNumberVerified: mfaSettings.sms.isPhoneNumberVerified }\n }\n\n async removeUserPhoneNumber() {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new DeleteUserAttributesCommand({\n AccessToken: accessToken,\n UserAttributeNames: ['phone_number'],\n }),\n )\n }\n\n async verifyUserPhoneNumber(code: string) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n await this.cognitoIdentityProviderClient.send(\n new VerifyUserAttributeCommand({\n AccessToken: accessToken,\n AttributeName: 'phone_number',\n Code: code,\n }),\n )\n }\n\n async setPreferredMfaMethod(method: MfaMethod) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n ...(currentSettings.authenticator.enabled\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: method === 'authenticator',\n },\n }\n : {}),\n ...(currentSettings.sms.enabled\n ? {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: method === 'sms',\n },\n }\n : {}),\n }),\n )\n }\n\n async disableMfaMethod(method: MfaMethod) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n const wasPreferred =\n method === 'authenticator'\n ? currentSettings.authenticator.preferred\n : currentSettings.sms.preferred\n const otherMethod: MfaMethod =\n method === 'authenticator' ? 'sms' : 'authenticator'\n const otherSettings =\n method === 'authenticator'\n ? currentSettings.sms\n : currentSettings.authenticator\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n ...(method === 'authenticator'\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n }\n : {\n SMSMfaSettings: {\n Enabled: false,\n PreferredMfa: false,\n },\n }),\n ...(wasPreferred && otherSettings.enabled\n ? otherMethod === 'authenticator'\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n }\n : {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: true,\n },\n }\n : {}),\n }),\n )\n }\n\n async setupSmsMfa({ preferred }: { preferred?: boolean } = {}) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const currentSettings = await this.getMfaSettings()\n const hasPreferredMethod =\n (currentSettings.authenticator.enabled &&\n currentSettings.authenticator.preferred) ||\n (currentSettings.sms.enabled && currentSettings.sms.preferred)\n const shouldBePreferred =\n preferred ?? (!hasPreferredMethod && !currentSettings.sms.enabled)\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n AccessToken: accessToken,\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: shouldBePreferred,\n },\n ...(shouldBePreferred && currentSettings.authenticator.enabled\n ? {\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: false,\n },\n }\n : {}),\n }),\n )\n }\n\n async setupMfaAuthenticatorApp({ preferred }: { preferred?: boolean } = {}) {\n const accessToken = await this.getAccessToken()\n if (!accessToken) {\n return\n }\n\n const { SecretCode } = await this.cognitoIdentityProviderClient.send(\n new AssociateSoftwareTokenCommand({\n AccessToken: accessToken,\n }),\n )\n\n return {\n secretCode: SecretCode,\n mfaCodeCallback: async (code: string) => {\n await this.cognitoIdentityProviderClient.send(\n new VerifySoftwareTokenCommand({\n AccessToken: accessToken,\n UserCode: code,\n }),\n )\n\n const currentSettings = await this.getMfaSettings()\n const hasPreferredMethod =\n (currentSettings.authenticator.enabled &&\n currentSettings.authenticator.preferred) ||\n (currentSettings.sms.enabled && currentSettings.sms.preferred)\n const shouldBePreferred =\n preferred ??\n (!hasPreferredMethod && !currentSettings.authenticator.enabled)\n\n await this.cognitoIdentityProviderClient.send(\n new SetUserMFAPreferenceCommand({\n SoftwareTokenMfaSettings: {\n Enabled: true,\n PreferredMfa: shouldBePreferred,\n },\n ...(shouldBePreferred && currentSettings.sms.enabled\n ? {\n SMSMfaSettings: {\n Enabled: true,\n PreferredMfa: false,\n },\n }\n : {}),\n AccessToken: accessToken,\n }),\n )\n },\n }\n }\n}\n\n//////////////////////////////////////////////////////////////////////\n// GENERAL HELPER FUNCTIONS\n\n// Make a POST request and parse the response as JSON\nfunction sendPostRequest(\n url: string,\n params: Record<string, unknown>,\n success: (value: Record<string, unknown>) => void,\n error: (err: { message?: string; error_description?: string }) => void,\n) {\n const request = new XMLHttpRequest()\n request.open('POST', url, true)\n request.setRequestHeader(\n 'Content-Type',\n 'application/x-www-form-urlencoded; charset=UTF-8',\n )\n request.onload = function () {\n let body = {}\n try {\n body = JSON.parse(request.response)\n } catch (e) {\n Sentry.captureException(e)\n // Do nothing\n }\n\n if (request.status == 200) {\n success(body)\n } else {\n error(body)\n }\n }\n request.onerror = function () {\n error({})\n }\n const body = Object.keys(params)\n .reduce((keys: string[], key) => {\n if (params[key]) {\n keys.push(key + '=' + params[key])\n }\n return keys\n }, [])\n .join('&')\n request.send(body)\n}\n\n//////////////////////////////////////////////////////////////////////\n// PKCE HELPER FUNCTIONS\n\n// Generate a secure random string using the browser crypto functions\nfunction generateRandomString() {\n const array = new Uint32Array(28)\n window.crypto.getRandomValues(array)\n return Array.from(array, (dec) => ('0' + dec.toString(16)).substr(-2)).join(\n '',\n )\n}\n\n// Calculate the SHA256 hash of the input text.\n// Returns a promise that resolves to an ArrayBuffer\nfunction sha256(plain: string) {\n const encoder = new TextEncoder()\n const data = encoder.encode(plain)\n return window.crypto.subtle.digest('SHA-256', data)\n}\n\n// Base64-urlencodes the input string\nfunction base64urlencode(str: ArrayBuffer) {\n // Convert the ArrayBuffer to string using Uint8 array to conver to what btoa accepts.\n // btoa accepts chars only within ascii 0-255 and base64 encodes them.\n // Then convert the base64 encoded to base64url encoded\n // (replace + with -, replace / with _, trim trailing =)\n // @ts-expect-error\n return btoa(String.fromCharCode.apply(null, new Uint8Array(str)))\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '')\n}\n\n// Return the base64-urlencoded sha256 hash for the PKCE challenge\nasync function pkceChallengeFromVerifier(v: string) {\n const hashed = await sha256(v)\n return base64urlencode(hashed)\n}\n"]}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { DEFAULT_MFA_SETTINGS, LoginAttemptResponse, MfaMethod,
|
|
1
|
+
import { DEFAULT_MFA_SETTINGS, LoginAttemptResponse, MfaMethod, MfaSettings } from './AWSCognitoClient';
|
|
2
2
|
import { MiscTypes } from '@oneblink/types';
|
|
3
3
|
interface CognitoServiceData {
|
|
4
4
|
oAuthClientId: string;
|
|
@@ -252,30 +252,11 @@ declare function getUserFriendlyName(): string | undefined;
|
|
|
252
252
|
* @returns
|
|
253
253
|
*/
|
|
254
254
|
declare function generateMfaAuthenticatorAppQrCodeUrl(mfaAuthenticatorAppSetup: Awaited<ReturnType<typeof setupMfaAuthenticatorApp>>): string | undefined;
|
|
255
|
-
/**
|
|
256
|
-
* Check if the current user meets an MFA requirement.
|
|
257
|
-
*
|
|
258
|
-
* #### Example
|
|
259
|
-
*
|
|
260
|
-
* ```js
|
|
261
|
-
* const { mfaSettings, userMeetsMfaRequirement } =
|
|
262
|
-
* await mfaService.checkIsMfaEnabled('any')
|
|
263
|
-
* if (userMeetsMfaRequirement) {
|
|
264
|
-
* // User has met the MFA requirement
|
|
265
|
-
* } else {
|
|
266
|
-
* // Prompt user to set up MFA
|
|
267
|
-
* }
|
|
268
|
-
* ```
|
|
269
|
-
*
|
|
270
|
-
* @returns
|
|
271
|
-
*/
|
|
272
|
-
declare function checkIsMfaEnabled(mfaRequirement: MiscTypes.MfaRequirement | undefined): Promise<MfaRequirementCheckResult>;
|
|
273
255
|
declare function getMfaSettings(abortSignal?: AbortSignal): Promise<MfaSettings>;
|
|
274
256
|
declare function updateUserPhoneNumber(phoneNumber: string): Promise<{
|
|
275
257
|
isPhoneNumberVerified: boolean;
|
|
276
258
|
}>;
|
|
277
259
|
declare function removeUserPhoneNumber(): Promise<void>;
|
|
278
|
-
declare function sendPhoneNumberVerificationCode(): Promise<import("@aws-sdk/client-cognito-identity-provider").GetUserAttributeVerificationCodeCommandOutput | undefined>;
|
|
279
260
|
declare function verifyUserPhoneNumber(code: string): Promise<void>;
|
|
280
261
|
declare function setupSmsMfa(options?: {
|
|
281
262
|
preferred?: boolean;
|
|
@@ -307,5 +288,5 @@ declare function setupMfaAuthenticatorApp(options?: {
|
|
|
307
288
|
secretCode: string | undefined;
|
|
308
289
|
mfaCodeCallback: (code: string) => Promise<void>;
|
|
309
290
|
} | undefined>;
|
|
310
|
-
export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName,
|
|
311
|
-
export type { LoginAttemptResponse, MfaMethod,
|
|
291
|
+
export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName, getMfaSettings, updateUserPhoneNumber, removeUserPhoneNumber, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupSmsMfa, setupMfaAuthenticatorApp, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, };
|
|
292
|
+
export type { LoginAttemptResponse, MfaMethod, MfaSettings };
|
|
@@ -378,29 +378,6 @@ function generateMfaAuthenticatorAppQrCodeUrl(mfaAuthenticatorAppSetup) {
|
|
|
378
378
|
}
|
|
379
379
|
return `otpauth://totp/${tenants.current.productShortName}:${profile.email}?secret=${mfaAuthenticatorAppSetup.secretCode}&issuer=${tenants.current.productShortName}`;
|
|
380
380
|
}
|
|
381
|
-
/**
|
|
382
|
-
* Check if the current user meets an MFA requirement.
|
|
383
|
-
*
|
|
384
|
-
* #### Example
|
|
385
|
-
*
|
|
386
|
-
* ```js
|
|
387
|
-
* const { mfaSettings, userMeetsMfaRequirement } =
|
|
388
|
-
* await mfaService.checkIsMfaEnabled('any')
|
|
389
|
-
* if (userMeetsMfaRequirement) {
|
|
390
|
-
* // User has met the MFA requirement
|
|
391
|
-
* } else {
|
|
392
|
-
* // Prompt user to set up MFA
|
|
393
|
-
* }
|
|
394
|
-
* ```
|
|
395
|
-
*
|
|
396
|
-
* @returns
|
|
397
|
-
*/
|
|
398
|
-
async function checkIsMfaEnabled(mfaRequirement) {
|
|
399
|
-
if (!awsCognitoClient) {
|
|
400
|
-
throw new Error('"authService" has not been initiated. You must call the init() function before checking if the current user has MFA enabled.');
|
|
401
|
-
}
|
|
402
|
-
return await awsCognitoClient.checkIsMfaEnabled(mfaRequirement);
|
|
403
|
-
}
|
|
404
381
|
async function getMfaSettings(abortSignal) {
|
|
405
382
|
if (!awsCognitoClient) {
|
|
406
383
|
throw new Error('"authService" has not been initiated. You must call the init() function before checking MFA settings.');
|
|
@@ -419,12 +396,6 @@ async function removeUserPhoneNumber() {
|
|
|
419
396
|
}
|
|
420
397
|
return await awsCognitoClient.removeUserPhoneNumber();
|
|
421
398
|
}
|
|
422
|
-
async function sendPhoneNumberVerificationCode() {
|
|
423
|
-
if (!awsCognitoClient) {
|
|
424
|
-
throw new Error('"authService" has not been initiated. You must call the init() function before sending a phone number verification code.');
|
|
425
|
-
}
|
|
426
|
-
return await awsCognitoClient.sendPhoneNumberVerificationCode();
|
|
427
|
-
}
|
|
428
399
|
async function verifyUserPhoneNumber(code) {
|
|
429
400
|
if (!awsCognitoClient) {
|
|
430
401
|
throw new Error('"authService" has not been initiated. You must call the init() function before verifying the user phone number.');
|
|
@@ -474,5 +445,5 @@ async function setupMfaAuthenticatorApp(options) {
|
|
|
474
445
|
}
|
|
475
446
|
return await awsCognitoClient.setupMfaAuthenticatorApp(options);
|
|
476
447
|
}
|
|
477
|
-
export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName,
|
|
448
|
+
export { init, registerAuthListener, loginUsernamePassword, loginHostedUI, handleAuthentication, changePassword, forgotPassword, logoutHostedUI, logout, isLoggedIn, getCognitoIdToken, getUserProfile, getUserFriendlyName, getMfaSettings, updateUserPhoneNumber, removeUserPhoneNumber, verifyUserPhoneNumber, disableMfaMethod, setPreferredMfaMethod, setupSmsMfa, setupMfaAuthenticatorApp, generateMfaAuthenticatorAppQrCodeUrl, DEFAULT_MFA_SETTINGS, };
|
|
478
449
|
//# sourceMappingURL=cognito.js.map
|