@osovitny/anatoly 3.16.35 → 3.16.37

package/fesm2022/osovitny-anatoly.mjs

@@ -22,7 +22,7 @@ import * as i1$4 from '@angular/platform-browser';
 import { v4 } from 'uuid';
 import * as i4 from '@azure/msal-angular';
 import { MSAL_GUARD_CONFIG, MsalGuard, MsalInterceptor, MSAL_INTERCEPTOR_CONFIG, MSAL_INSTANCE, MsalService, MsalBroadcastService, MsalModule } from '@azure/msal-angular';
-import { EventType, InteractionStatus, InteractionType, InteractionRequiredAuthError, BrowserUtils, PublicClientApplication, LogLevel } from '@azure/msal-browser';
+import { BrowserUtils, EventType, InteractionStatus, InteractionType, InteractionRequiredAuthError, PromptValue, PublicClientApplication, LogLevel } from '@azure/msal-browser';
 import * as i1$6 from '@fortawesome/angular-fontawesome';
 import { FontAwesomeModule } from '@fortawesome/angular-fontawesome';
 import * as i1$7 from '@progress/kendo-angular-pager';
@@ -2455,6 +2455,9 @@ const MSALStorageKeys = {
 };
 class MSALStorage {
     static saveRedirectState(redirectTo, calledBy) {
+        if (redirectTo.indexOf('iam') >= 0) {
+            return;
+        }
         localStorage.setItem(MSALStorageKeys.redirectTo, redirectTo);
         console.log(`msal.app: redirect state saved: ${redirectTo}. Called by: ${calledBy}`);
     }
@@ -2497,6 +2500,137 @@ class MSALRedirect {
     }
 }
 
+/*
+<file>
+  Project:
+    @osovitny/anatoly
+
+  Authors:
+    Vadim Osovitny vadim@osovitny.com
+    Anatoly Osovitny anatoly@osovitny.com
+
+    Created:
+        27 Nov 2023
+
+  Description:
+    Identity and Access Management
+
+    Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
+</file>
+*/
+//Node
+class MSALUtils {
+    static isB2C() {
+        if (MSALB2CConfig) {
+            return true;
+        }
+        return false;
+    }
+    // Don't perform initial navigation in iframes or popups
+    static initialNavigation() {
+        return !BrowserUtils.isInIframe() && !BrowserUtils.isInPopup() ? 'enabledNonBlocking' : 'disabled';
+    }
+    static getApis() {
+        let map = new Map();
+        for (const api of MSALApiConfig) {
+            map.set(api.uri, api.scopes);
+        }
+        return map;
+    }
+    static getApiScopes() {
+        let scopes = [];
+        for (const api of MSALApiConfig) {
+            for (const scope of api.scopes) {
+                scopes.push(scope);
+            }
+        }
+        return scopes;
+    }
+}
+
+/*
+<file>
+  Project:
+    @osovitny/anatoly
+
+  Authors:
+    Vadim Osovitny vadim@osovitny.com
+    Anatoly Osovitny anatoly@osovitny.com
+
+    Created:
+        20 Sep 2023
+
+  Description:
+    Identity and Access Management
+
+    Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
+</file>
+*/
+//App
+class MSALB2C {
+    static getAuthorityByType(type) {
+        let policy = MSALB2C.getPolicyByType(type);
+        return policy?.authority;
+    }
+    static getPolicyByType(type) {
+        let policies = MSALB2CConfig?.policies;
+        if (!policies) {
+            return null;
+        }
+        for (let i = 0; i < policies.length; i++) {
+            let policy = policies[i];
+            if (policy.type == type) {
+                return policy;
+            }
+        }
+        return null;
+    }
+}
+
+/*
+<file>
+  Project:
+    @osovitny/anatoly
+
+  Authors:
+    Vadim Osovitny vadim@osovitny.com
+    Anatoly Osovitny anatoly@osovitny.com
+
+    Created:
+        20 Sep 2023
+
+  Description:
+    Identity and Access Management
+
+    Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
+</file>
+*/
+const PolicyType = {
+    signUpSignIn: 'signUpSignIn',
+    signUp: 'signUp',
+    editProfile: 'editProfile',
+    resetPassword: 'resetPassword'
+};
+
+/*
+<file>
+  Project:
+    @osovitny/anatoly
+
+  Authors:
+    Vadim Osovitny vadim@osovitny.com
+    Anatoly Osovitny anatoly@osovitny.com
+
+  Created:
+    20 Sep 2023
+
+  Description:
+    Identity and Access Management
+
+  Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
+</file>
+*/
+
 class AuthService extends ApiServiceBase {
     http;
     router;
@@ -2531,8 +2665,10 @@ class AuthService extends ApiServiceBase {
     }
     setDefaults() {
     }
+    /*
+      https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/samples/msal-angular-v3-samples/angular-b2c-sample-app/src/app/app.component.ts
+    */
     initMSAL() {
-        this.msalService.instance.enableAccountStorageEvents();
         this.msalService.handleRedirectObservable().subscribe({
             next: (result) => {
                 console.log(`msal.app: handleRedirectObservable`);
@@ -2541,35 +2677,106 @@ class AuthService extends ApiServiceBase {
                 console.log(error);
             }
         });
-        this.msalBroadcastService.msalSubject$
-            .pipe(filter((msg) => msg.eventType === EventType.INITIALIZE_END ||
+        this.msalService.instance.enableAccountStorageEvents();
+        this.msalBroadcastService.msalSubject$.pipe(filter((msg) => msg.eventType === EventType.INITIALIZE_END ||
+            //ACCOUNT_ADDED and ACCOUNT_REMOVED events emitted when a user logs in or out of another tab or window
             msg.eventType === EventType.ACCOUNT_ADDED ||
             msg.eventType === EventType.ACCOUNT_REMOVED ||
-            msg.eventType === EventType.LOGIN_SUCCESS ||
+            //Login Failure
             msg.eventType === EventType.LOGIN_FAILURE ||
+            msg.eventType === EventType.ACQUIRE_TOKEN_FAILURE ||
+            //LogOut
             msg.eventType === EventType.LOGOUT_SUCCESS ||
-            msg.eventType === EventType.LOGOUT_FAILURE), takeUntil(this.msalDestroying$))
+            //LogIn
+            msg.eventType === EventType.LOGIN_SUCCESS ||
+            msg.eventType === EventType.ACQUIRE_TOKEN_SUCCESS ||
+            msg.eventType === EventType.SSO_SILENT_SUCCESS), takeUntil(this.msalDestroying$))
             .subscribe((msg) => {
+            //B2C
+            let signUpSignIn = MSALB2C.getPolicyByType(PolicyType.signUpSignIn);
+            let editProfile = MSALB2C.getPolicyByType(PolicyType.editProfile);
+            let resetPassword = MSALB2C.getPolicyByType(PolicyType.resetPassword);
             switch (msg.eventType) {
                 case EventType.INITIALIZE_END:
                     console.log(`msal.app: INITIALIZE_END fired`);
                     break;
                 case EventType.ACCOUNT_ADDED:
+                case EventType.ACCOUNT_REMOVED:
+                    if (this.msalService.instance.getAllAccounts().length === 0) {
+                        window.location.pathname = "/";
+                    }
+                    break;
+                case EventType.LOGIN_FAILURE:
+                case EventType.ACQUIRE_TOKEN_FAILURE:
+                    if (!MSALUtils.isB2C()) {
+                        return;
+                    }
+                    //Check for forgot password error. Learn more about AAD error codes at
+                    //https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes
+                    if (msg.error && msg.error.message.indexOf('AADB2C90118') > -1) {
+                        let resetPasswordFlowRequest = {
+                            authority: resetPassword.authority,
+                            scopes: [],
+                        };
+                        this.login(resetPasswordFlowRequest);
+                    }
+                    ;
+                    break;
                 case EventType.LOGIN_SUCCESS:
+                case EventType.ACQUIRE_TOKEN_SUCCESS:
+                case EventType.SSO_SILENT_SUCCESS:
                     let payload = msg.payload;
-                    if (payload) {
+                    if (!payload) {
+                        return;
+                    }
+                    if (!MSALUtils.isB2C()) {
                         this.msalService.instance.setActiveAccount(payload.account);
+                        return;
                     }
-                    break;
-                case EventType.ACCOUNT_REMOVED:
-                    if (this.msalService.instance.getAllAccounts().length === 0) {
-                        window.location.pathname = "/";
+                    //B2C
+                    let idtoken = payload.idTokenClaims;
+                    /**
+                     *
+                     * signUpSignIn
+                     *
+                     */
+                    if (idtoken.acr === signUpSignIn.name || idtoken.tfp === signUpSignIn.name) {
+                        this.msalService.instance.setActiveAccount(payload.account);
+                    }
+                    /**
+                     *
+                     * editProfile
+                     *
+                     * For the purpose of setting an active account for UI update, we want to consider only the auth response resulting
+                     * from SUSI flow. "acr" claim in the id token tells us the policy (NOTE: newer policies may use the "tfp" claim instead).
+                     * To learn more about B2C tokens, visit https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview
+                     */
+                    if (idtoken.acr === editProfile.name || idtoken.tfp === editProfile.name) {
+                        const signInAccount = this.msalService.instance.getAllAccounts()
+                            .find((account) => account.idTokenClaims?.oid === idtoken.oid &&
+                            account.idTokenClaims?.sub === idtoken.sub &&
+                            (account.idTokenClaims.acr === signUpSignIn.name ||
+                                account.idTokenClaims.tfp === signUpSignIn.name));
+                        this.forceReauthenticate(signInAccount);
+                    }
+                    /**
+                     *
+                     * resetPassword
+                     *
+                     * Below we are checking if the user is returning from the reset password flow.
+                     * If so, we will ask the user to reauthenticate with their new password.
+                     * If you do not want this behavior and prefer your users to stay signed in instead,
+                     * you can replace the code below with the same pattern used for handling the return from
+                     * profile edit flow
+                     */
+                    if (idtoken.acr === resetPassword.name || idtoken.tfp === resetPassword.name) {
+                        this.forceReauthenticate();
                     }
                     break;
             }
+            return msg;
         });
-        this.msalBroadcastService.inProgress$
-            .pipe(filter((status) => status === InteractionStatus.Startup ||
+        this.msalBroadcastService.inProgress$.pipe(filter((status) => status === InteractionStatus.Startup ||
             status === InteractionStatus.None), takeUntil(this.msalDestroying$))
             .subscribe((status) => {
             switch (status) {
@@ -2661,7 +2868,21 @@ class AuthService extends ApiServiceBase {
         }
         return this.acquireToken();
     }
-    login(popup) {
+    forceReauthenticate(account) {
+        if (MSALUtils.isB2C()) {
+            let signUpSignIn = MSALB2C.getPolicyByType(PolicyType.signUpSignIn);
+            let signUpSignInFlowRequest = {
+                authority: signUpSignIn.authority,
+                scopes: [],
+                prompt: PromptValue.LOGIN,
+                account: account
+            };
+            this.login(signUpSignInFlowRequest);
+        }
+        else {
+        }
+    }
+    login(userFlowRequest, popup) {
         let authRequestCfg = this.msalGuardConfig.authRequest;
         let authRequest = null;
         if (authRequestCfg) {
@@ -2669,37 +2890,37 @@ class AuthService extends ApiServiceBase {
         }
         if (this.isPopup(popup)) {
             if (authRequest) {
-                return this.msalService.loginPopup({ ...authRequest }).pipe(map$1((response) => {
+                this.msalService.loginPopup({ ...authRequest, ...userFlowRequest }).subscribe((response) => {
                     this.msalService.instance.setActiveAccount(response.account);
-                }));
+                });
             }
             else {
-                return this.msalService.loginPopup().pipe(map$1((response) => {
+                this.msalService.loginPopup(userFlowRequest).subscribe((response) => {
                     this.msalService.instance.setActiveAccount(response.account);
-                }));
+                });
             }
         }
         else {
             if (authRequest) {
-                return this.msalService.loginRedirect({ ...authRequest });
+                this.msalService.loginRedirect({ ...this.msalGuardConfig.authRequest, ...userFlowRequest });
             }
             else {
-                return this.msalService.loginRedirect();
+                this.msalService.loginRedirect(userFlowRequest);
             }
         }
     }
     logout(popup) {
         let activeAccount = this.getActiveAccount();
         if (!activeAccount) {
-            return of(null);
+            return;
         }
         if (this.isPopup(popup)) {
-            return this.msalService.logoutPopup({ account: activeAccount, mainWindowRedirectUri: "/" }).pipe(map$1(() => {
+            this.msalService.logoutPopup({ account: activeAccount, mainWindowRedirectUri: "/" }).subscribe(() => {
                 this.appContext.clearWebStorage();
-            }));
+            });
         }
         else {
-            return this.msalService.logoutRedirect({ account: activeAccount }).pipe(map$1(() => {
+            this.msalService.logoutRedirect({ account: activeAccount }).pipe(map$1(() => {
                 this.appContext.clearWebStorage();
             }));
         }
@@ -2819,46 +3040,6 @@ class AuthenticationGuard extends MsalGuard {
 </file>
 */
 
-/*
-<file>
-  Project:
-    @osovitny/anatoly
-
-  Authors:
-    Vadim Osovitny vadim@osovitny.com
-    Anatoly Osovitny anatoly@osovitny.com
-
-    Created:
-        27 Nov 2023
-
-  Description:
-    Identity and Access Management
-
-    Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
-</file>
-*/
-//Node
-class MSALUtils {
-    // Don't perform initial navigation in iframes or popups
-    static initialNavigation() {
-        return !BrowserUtils.isInIframe() && !BrowserUtils.isInPopup() ? 'enabledNonBlocking' : 'disabled';
-    }
-    static getApis() {
-        let map = new Map();
-        for (const api of MSALApiConfig) {
-            map.set(api.uri, api.scopes);
-        }
-        return map;
-    }
-    static getApiScopes() {
-        let scopes = [];
-        for (const api of MSALApiConfig) {
-            scopes.push(api.scopes);
-        }
-        return scopes;
-    }
-}
-
 /*
 <file>
   Project:
@@ -5959,92 +6140,6 @@ class AnatolyDataModule {
     }], null, null); })();
 (function () { (typeof ngJitMode === "undefined" || ngJitMode) && i0.ɵɵsetNgModuleScope(AnatolyDataModule, { imports: [CommonModule] }); })();
 
-/*
-<file>
-  Project:
-    @osovitny/anatoly
-
-  Authors:
-    Vadim Osovitny vadim@osovitny.com
-    Anatoly Osovitny anatoly@osovitny.com
-
-    Created:
-        20 Sep 2023
-
-  Description:
-    Identity and Access Management
-
-    Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
-</file>
-*/
-//App
-class MSALB2C {
-    static isEnabled() {
-        if (MSALB2CConfig) {
-            return true;
-        }
-        return false;
-    }
-    static getAuthorityByType(type) {
-        let policy = MSALB2C.getPolicyByType(type);
-        return policy?.authority;
-    }
-    static getPolicyByType(type) {
-        let policies = MSALB2CConfig.policies;
-        for (let i = 0; i < policies.length; i++) {
-            let policy = policies[i];
-            if (policy.type == type) {
-                return policy;
-            }
-        }
-        return null;
-    }
-}
-
-/*
-<file>
-  Project:
-    @osovitny/anatoly
-
-  Authors:
-    Vadim Osovitny vadim@osovitny.com
-    Anatoly Osovitny anatoly@osovitny.com
-
-    Created:
-        20 Sep 2023
-
-  Description:
-    Identity and Access Management
-
-    Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
-</file>
-*/
-const PolicyType = {
-    signUpSignIn: 'signUpSignIn',
-    signUp: 'signUp',
-    resetPassword: 'resetPassword',
-    editProfile: 'editProfile'
-};
-
-/*
-<file>
-  Project:
-    @osovitny/anatoly
-
-  Authors:
-    Vadim Osovitny vadim@osovitny.com
-    Anatoly Osovitny anatoly@osovitny.com
-
-  Created:
-    20 Sep 2023
-
-  Description:
-    Identity and Access Management
-
-  Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
-</file>
-*/
-
 /*
 <file>
   Project:
@@ -6119,7 +6214,7 @@ function MSALInstanceFactory() {
             }
         }
     };
-    if (MSALB2C.isEnabled()) {
+    if (MSALUtils.isB2C()) {
         configuration.auth.authority = MSALB2C.getAuthorityByType(PolicyType.signUpSignIn);
         configuration.auth.knownAuthorities = [MSALB2CConfig.authorityDomain];
     }