@osovitny/anatoly 3.16.36 → 3.16.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/esm2022/lib/iam/b2c/b2c.mjs +5 -8
  2. package/esm2022/lib/iam/b2c/consts.mjs +3 -3
  3. package/esm2022/lib/iam/configs.mjs +2 -2
  4. package/esm2022/lib/iam/services/auth.service.mjs +114 -25
  5. package/esm2022/lib/iam/utils.mjs +8 -2
  6. package/fesm2022/osovitny-anatoly.mjs +243 -153
  7. package/fesm2022/osovitny-anatoly.mjs.map +1 -1
  8. package/lib/iam/b2c/b2c.d.ts +0 -1
  9. package/lib/iam/b2c/consts.d.ts +1 -1
  10. package/lib/iam/services/auth.service.d.ts +4 -2
  11. package/lib/iam/utils.d.ts +1 -0
  12. package/package.json +1 -1
package/fesm2022/osovitny-anatoly.mjs CHANGED
@@ -22,7 +22,7 @@ import * as i1$4 from '@angular/platform-browser';
22
22
  import { v4 } from 'uuid';
23
23
  import * as i4 from '@azure/msal-angular';
24
24
  import { MSAL_GUARD_CONFIG, MsalGuard, MsalInterceptor, MSAL_INTERCEPTOR_CONFIG, MSAL_INSTANCE, MsalService, MsalBroadcastService, MsalModule } from '@azure/msal-angular';
25
- import { EventType, InteractionStatus, InteractionType, InteractionRequiredAuthError, BrowserUtils, PublicClientApplication, LogLevel } from '@azure/msal-browser';
25
+ import { BrowserUtils, EventType, InteractionStatus, InteractionType, InteractionRequiredAuthError, PromptValue, PublicClientApplication, LogLevel } from '@azure/msal-browser';
26
26
  import * as i1$6 from '@fortawesome/angular-fontawesome';
27
27
  import { FontAwesomeModule } from '@fortawesome/angular-fontawesome';
28
28
  import * as i1$7 from '@progress/kendo-angular-pager';
@@ -2500,6 +2500,137 @@ class MSALRedirect {
2500
2500
  }
2501
2501
  }
2502
2502
 
2503
+ /*
2504
+ <file>
2505
+ Project:
2506
+ @osovitny/anatoly
2507
+
2508
+ Authors:
2509
+ Vadim Osovitny vadim@osovitny.com
2510
+ Anatoly Osovitny anatoly@osovitny.com
2511
+
2512
+ Created:
2513
+ 27 Nov 2023
2514
+
2515
+ Description:
2516
+ Identity and Access Management
2517
+
2518
+ Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
2519
+ </file>
2520
+ */
2521
+ //Node
2522
+ class MSALUtils {
2523
+ static isB2C() {
2524
+ if (MSALB2CConfig) {
2525
+ return true;
2526
+ }
2527
+ return false;
2528
+ }
2529
+ // Don't perform initial navigation in iframes or popups
2530
+ static initialNavigation() {
2531
+ return !BrowserUtils.isInIframe() && !BrowserUtils.isInPopup() ? 'enabledNonBlocking' : 'disabled';
2532
+ }
2533
+ static getApis() {
2534
+ let map = new Map();
2535
+ for (const api of MSALApiConfig) {
2536
+ map.set(api.uri, api.scopes);
2537
+ }
2538
+ return map;
2539
+ }
2540
+ static getApiScopes() {
2541
+ let scopes = [];
2542
+ for (const api of MSALApiConfig) {
2543
+ for (const scope of api.scopes) {
2544
+ scopes.push(scope);
2545
+ }
2546
+ }
2547
+ return scopes;
2548
+ }
2549
+ }
2550
+
2551
+ /*
2552
+ <file>
2553
+ Project:
2554
+ @osovitny/anatoly
2555
+
2556
+ Authors:
2557
+ Vadim Osovitny vadim@osovitny.com
2558
+ Anatoly Osovitny anatoly@osovitny.com
2559
+
2560
+ Created:
2561
+ 20 Sep 2023
2562
+
2563
+ Description:
2564
+ Identity and Access Management
2565
+
2566
+ Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
2567
+ </file>
2568
+ */
2569
+ //App
2570
+ class MSALB2C {
2571
+ static getAuthorityByType(type) {
2572
+ let policy = MSALB2C.getPolicyByType(type);
2573
+ return policy?.authority;
2574
+ }
2575
+ static getPolicyByType(type) {
2576
+ let policies = MSALB2CConfig?.policies;
2577
+ if (!policies) {
2578
+ return null;
2579
+ }
2580
+ for (let i = 0; i < policies.length; i++) {
2581
+ let policy = policies[i];
2582
+ if (policy.type == type) {
2583
+ return policy;
2584
+ }
2585
+ }
2586
+ return null;
2587
+ }
2588
+ }
2589
+
2590
+ /*
2591
+ <file>
2592
+ Project:
2593
+ @osovitny/anatoly
2594
+
2595
+ Authors:
2596
+ Vadim Osovitny vadim@osovitny.com
2597
+ Anatoly Osovitny anatoly@osovitny.com
2598
+
2599
+ Created:
2600
+ 20 Sep 2023
2601
+
2602
+ Description:
2603
+ Identity and Access Management
2604
+
2605
+ Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
2606
+ </file>
2607
+ */
2608
+ const PolicyType = {
2609
+ signUpSignIn: 'signUpSignIn',
2610
+ signUp: 'signUp',
2611
+ editProfile: 'editProfile',
2612
+ resetPassword: 'resetPassword'
2613
+ };
2614
+
2615
+ /*
2616
+ <file>
2617
+ Project:
2618
+ @osovitny/anatoly
2619
+
2620
+ Authors:
2621
+ Vadim Osovitny vadim@osovitny.com
2622
+ Anatoly Osovitny anatoly@osovitny.com
2623
+
2624
+ Created:
2625
+ 20 Sep 2023
2626
+
2627
+ Description:
2628
+ Identity and Access Management
2629
+
2630
+ Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
2631
+ </file>
2632
+ */
2633
+
2503
2634
  class AuthService extends ApiServiceBase {
2504
2635
  http;
2505
2636
  router;
@@ -2534,8 +2665,10 @@ class AuthService extends ApiServiceBase {
2534
2665
  }
2535
2666
  setDefaults() {
2536
2667
  }
2668
+ /*
2669
+ https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/samples/msal-angular-v3-samples/angular-b2c-sample-app/src/app/app.component.ts
2670
+ */
2537
2671
  initMSAL() {
2538
- this.msalService.instance.enableAccountStorageEvents();
2539
2672
  this.msalService.handleRedirectObservable().subscribe({
2540
2673
  next: (result) => {
2541
2674
  console.log(`msal.app: handleRedirectObservable`);
@@ -2544,35 +2677,106 @@ class AuthService extends ApiServiceBase {
2544
2677
  console.log(error);
2545
2678
  }
2546
2679
  });
2547
- this.msalBroadcastService.msalSubject$
2548
- .pipe(filter((msg) => msg.eventType === EventType.INITIALIZE_END ||
2680
+ this.msalService.instance.enableAccountStorageEvents();
2681
+ this.msalBroadcastService.msalSubject$.pipe(filter((msg) => msg.eventType === EventType.INITIALIZE_END ||
2682
+ //ACCOUNT_ADDED and ACCOUNT_REMOVED events emitted when a user logs in or out of another tab or window
2549
2683
  msg.eventType === EventType.ACCOUNT_ADDED ||
2550
2684
  msg.eventType === EventType.ACCOUNT_REMOVED ||
2551
- msg.eventType === EventType.LOGIN_SUCCESS ||
2685
+ //Login Failure
2552
2686
  msg.eventType === EventType.LOGIN_FAILURE ||
2687
+ msg.eventType === EventType.ACQUIRE_TOKEN_FAILURE ||
2688
+ //LogOut
2553
2689
  msg.eventType === EventType.LOGOUT_SUCCESS ||
2554
- msg.eventType === EventType.LOGOUT_FAILURE), takeUntil(this.msalDestroying$))
2690
+ //LogIn
2691
+ msg.eventType === EventType.LOGIN_SUCCESS ||
2692
+ msg.eventType === EventType.ACQUIRE_TOKEN_SUCCESS ||
2693
+ msg.eventType === EventType.SSO_SILENT_SUCCESS), takeUntil(this.msalDestroying$))
2555
2694
  .subscribe((msg) => {
2695
+ //B2C
2696
+ let signUpSignIn = MSALB2C.getPolicyByType(PolicyType.signUpSignIn);
2697
+ let editProfile = MSALB2C.getPolicyByType(PolicyType.editProfile);
2698
+ let resetPassword = MSALB2C.getPolicyByType(PolicyType.resetPassword);
2556
2699
  switch (msg.eventType) {
2557
2700
  case EventType.INITIALIZE_END:
2558
2701
  console.log(`msal.app: INITIALIZE_END fired`);
2559
2702
  break;
2560
2703
  case EventType.ACCOUNT_ADDED:
2704
+ case EventType.ACCOUNT_REMOVED:
2705
+ if (this.msalService.instance.getAllAccounts().length === 0) {
2706
+ window.location.pathname = "/";
2707
+ }
2708
+ break;
2709
+ case EventType.LOGIN_FAILURE:
2710
+ case EventType.ACQUIRE_TOKEN_FAILURE:
2711
+ if (!MSALUtils.isB2C()) {
2712
+ return;
2713
+ }
2714
+ //Check for forgot password error. Learn more about AAD error codes at
2715
+ //https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes
2716
+ if (msg.error && msg.error.message.indexOf('AADB2C90118') > -1) {
2717
+ let resetPasswordFlowRequest = {
2718
+ authority: resetPassword.authority,
2719
+ scopes: [],
2720
+ };
2721
+ this.login(resetPasswordFlowRequest);
2722
+ }
2723
+ ;
2724
+ break;
2561
2725
  case EventType.LOGIN_SUCCESS:
2726
+ case EventType.ACQUIRE_TOKEN_SUCCESS:
2727
+ case EventType.SSO_SILENT_SUCCESS:
2562
2728
  let payload = msg.payload;
2563
- if (payload) {
2729
+ if (!payload) {
2730
+ return;
2731
+ }
2732
+ if (!MSALUtils.isB2C()) {
2564
2733
  this.msalService.instance.setActiveAccount(payload.account);
2734
+ return;
2565
2735
  }
2566
- break;
2567
- case EventType.ACCOUNT_REMOVED:
2568
- if (this.msalService.instance.getAllAccounts().length === 0) {
2569
- window.location.pathname = "/";
2736
+ //B2C
2737
+ let idtoken = payload.idTokenClaims;
2738
+ /**
2739
+ *
2740
+ * signUpSignIn
2741
+ *
2742
+ */
2743
+ if (idtoken.acr === signUpSignIn.name || idtoken.tfp === signUpSignIn.name) {
2744
+ this.msalService.instance.setActiveAccount(payload.account);
2745
+ }
2746
+ /**
2747
+ *
2748
+ * editProfile
2749
+ *
2750
+ * For the purpose of setting an active account for UI update, we want to consider only the auth response resulting
2751
+ * from SUSI flow. "acr" claim in the id token tells us the policy (NOTE: newer policies may use the "tfp" claim instead).
2752
+ * To learn more about B2C tokens, visit https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview
2753
+ */
2754
+ if (idtoken.acr === editProfile.name || idtoken.tfp === editProfile.name) {
2755
+ const signInAccount = this.msalService.instance.getAllAccounts()
2756
+ .find((account) => account.idTokenClaims?.oid === idtoken.oid &&
2757
+ account.idTokenClaims?.sub === idtoken.sub &&
2758
+ (account.idTokenClaims.acr === signUpSignIn.name ||
2759
+ account.idTokenClaims.tfp === signUpSignIn.name));
2760
+ this.forceReauthenticate(signInAccount);
2761
+ }
2762
+ /**
2763
+ *
2764
+ * resetPassword
2765
+ *
2766
+ * Below we are checking if the user is returning from the reset password flow.
2767
+ * If so, we will ask the user to reauthenticate with their new password.
2768
+ * If you do not want this behavior and prefer your users to stay signed in instead,
2769
+ * you can replace the code below with the same pattern used for handling the return from
2770
+ * profile edit flow
2771
+ */
2772
+ if (idtoken.acr === resetPassword.name || idtoken.tfp === resetPassword.name) {
2773
+ this.forceReauthenticate();
2570
2774
  }
2571
2775
  break;
2572
2776
  }
2777
+ return msg;
2573
2778
  });
2574
- this.msalBroadcastService.inProgress$
2575
- .pipe(filter((status) => status === InteractionStatus.Startup ||
2779
+ this.msalBroadcastService.inProgress$.pipe(filter((status) => status === InteractionStatus.Startup ||
2576
2780
  status === InteractionStatus.None), takeUntil(this.msalDestroying$))
2577
2781
  .subscribe((status) => {
2578
2782
  switch (status) {
@@ -2664,7 +2868,21 @@ class AuthService extends ApiServiceBase {
2664
2868
  }
2665
2869
  return this.acquireToken();
2666
2870
  }
2667
- login(popup) {
2871
+ forceReauthenticate(account) {
2872
+ if (MSALUtils.isB2C()) {
2873
+ let signUpSignIn = MSALB2C.getPolicyByType(PolicyType.signUpSignIn);
2874
+ let signUpSignInFlowRequest = {
2875
+ authority: signUpSignIn.authority,
2876
+ scopes: [],
2877
+ prompt: PromptValue.LOGIN,
2878
+ account: account
2879
+ };
2880
+ this.login(signUpSignInFlowRequest);
2881
+ }
2882
+ else {
2883
+ }
2884
+ }
2885
+ login(userFlowRequest, popup) {
2668
2886
  let authRequestCfg = this.msalGuardConfig.authRequest;
2669
2887
  let authRequest = null;
2670
2888
  if (authRequestCfg) {
@@ -2672,37 +2890,37 @@ class AuthService extends ApiServiceBase {
2672
2890
  }
2673
2891
  if (this.isPopup(popup)) {
2674
2892
  if (authRequest) {
2675
- return this.msalService.loginPopup({ ...authRequest }).pipe(map$1((response) => {
2893
+ this.msalService.loginPopup({ ...authRequest, ...userFlowRequest }).subscribe((response) => {
2676
2894
  this.msalService.instance.setActiveAccount(response.account);
2677
- }));
2895
+ });
2678
2896
  }
2679
2897
  else {
2680
- return this.msalService.loginPopup().pipe(map$1((response) => {
2898
+ this.msalService.loginPopup(userFlowRequest).subscribe((response) => {
2681
2899
  this.msalService.instance.setActiveAccount(response.account);
2682
- }));
2900
+ });
2683
2901
  }
2684
2902
  }
2685
2903
  else {
2686
2904
  if (authRequest) {
2687
- return this.msalService.loginRedirect({ ...authRequest });
2905
+ this.msalService.loginRedirect({ ...this.msalGuardConfig.authRequest, ...userFlowRequest });
2688
2906
  }
2689
2907
  else {
2690
- return this.msalService.loginRedirect();
2908
+ this.msalService.loginRedirect(userFlowRequest);
2691
2909
  }
2692
2910
  }
2693
2911
  }
2694
2912
  logout(popup) {
2695
2913
  let activeAccount = this.getActiveAccount();
2696
2914
  if (!activeAccount) {
2697
- return of(null);
2915
+ return;
2698
2916
  }
2699
2917
  if (this.isPopup(popup)) {
2700
- return this.msalService.logoutPopup({ account: activeAccount, mainWindowRedirectUri: "/" }).pipe(map$1(() => {
2918
+ this.msalService.logoutPopup({ account: activeAccount, mainWindowRedirectUri: "/" }).subscribe(() => {
2701
2919
  this.appContext.clearWebStorage();
2702
- }));
2920
+ });
2703
2921
  }
2704
2922
  else {
2705
- return this.msalService.logoutRedirect({ account: activeAccount }).pipe(map$1(() => {
2923
+ this.msalService.logoutRedirect({ account: activeAccount }).pipe(map$1(() => {
2706
2924
  this.appContext.clearWebStorage();
2707
2925
  }));
2708
2926
  }
@@ -2822,48 +3040,6 @@ class AuthenticationGuard extends MsalGuard {
2822
3040
  </file>
2823
3041
  */
2824
3042
 
2825
- /*
2826
- <file>
2827
- Project:
2828
- @osovitny/anatoly
2829
-
2830
- Authors:
2831
- Vadim Osovitny vadim@osovitny.com
2832
- Anatoly Osovitny anatoly@osovitny.com
2833
-
2834
- Created:
2835
- 27 Nov 2023
2836
-
2837
- Description:
2838
- Identity and Access Management
2839
-
2840
- Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
2841
- </file>
2842
- */
2843
- //Node
2844
- class MSALUtils {
2845
- // Don't perform initial navigation in iframes or popups
2846
- static initialNavigation() {
2847
- return !BrowserUtils.isInIframe() && !BrowserUtils.isInPopup() ? 'enabledNonBlocking' : 'disabled';
2848
- }
2849
- static getApis() {
2850
- let map = new Map();
2851
- for (const api of MSALApiConfig) {
2852
- map.set(api.uri, api.scopes);
2853
- }
2854
- return map;
2855
- }
2856
- static getApiScopes() {
2857
- let scopes = [];
2858
- for (const api of MSALApiConfig) {
2859
- for (const scope of api.scopes) {
2860
- scopes.push(scope);
2861
- }
2862
- }
2863
- return scopes;
2864
- }
2865
- }
2866
-
2867
3043
  /*
2868
3044
  <file>
2869
3045
  Project:
@@ -5964,92 +6140,6 @@ class AnatolyDataModule {
5964
6140
  }], null, null); })();
5965
6141
  (function () { (typeof ngJitMode === "undefined" || ngJitMode) && i0.ɵɵsetNgModuleScope(AnatolyDataModule, { imports: [CommonModule] }); })();
5966
6142
 
5967
- /*
5968
- <file>
5969
- Project:
5970
- @osovitny/anatoly
5971
-
5972
- Authors:
5973
- Vadim Osovitny vadim@osovitny.com
5974
- Anatoly Osovitny anatoly@osovitny.com
5975
-
5976
- Created:
5977
- 20 Sep 2023
5978
-
5979
- Description:
5980
- Identity and Access Management
5981
-
5982
- Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
5983
- </file>
5984
- */
5985
- //App
5986
- class MSALB2C {
5987
- static isEnabled() {
5988
- if (MSALB2CConfig) {
5989
- return true;
5990
- }
5991
- return false;
5992
- }
5993
- static getAuthorityByType(type) {
5994
- let policy = MSALB2C.getPolicyByType(type);
5995
- return policy?.authority;
5996
- }
5997
- static getPolicyByType(type) {
5998
- let policies = MSALB2CConfig.policies;
5999
- for (let i = 0; i < policies.length; i++) {
6000
- let policy = policies[i];
6001
- if (policy.type == type) {
6002
- return policy;
6003
- }
6004
- }
6005
- return null;
6006
- }
6007
- }
6008
-
6009
- /*
6010
- <file>
6011
- Project:
6012
- @osovitny/anatoly
6013
-
6014
- Authors:
6015
- Vadim Osovitny vadim@osovitny.com
6016
- Anatoly Osovitny anatoly@osovitny.com
6017
-
6018
- Created:
6019
- 20 Sep 2023
6020
-
6021
- Description:
6022
- Identity and Access Management
6023
-
6024
- Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
6025
- </file>
6026
- */
6027
- const PolicyType = {
6028
- signUpSignIn: 'signUpSignIn',
6029
- signUp: 'signUp',
6030
- resetPassword: 'resetPassword',
6031
- editProfile: 'editProfile'
6032
- };
6033
-
6034
- /*
6035
- <file>
6036
- Project:
6037
- @osovitny/anatoly
6038
-
6039
- Authors:
6040
- Vadim Osovitny vadim@osovitny.com
6041
- Anatoly Osovitny anatoly@osovitny.com
6042
-
6043
- Created:
6044
- 20 Sep 2023
6045
-
6046
- Description:
6047
- Identity and Access Management
6048
-
6049
- Copyright (c) 2016-2022 Osovitny Inc. All rights reserved.
6050
- </file>
6051
- */
6052
-
6053
6143
  /*
6054
6144
  <file>
6055
6145
  Project:
@@ -6124,7 +6214,7 @@ function MSALInstanceFactory() {
6124
6214
  }
6125
6215
  }
6126
6216
  };
6127
- if (MSALB2C.isEnabled()) {
6217
+ if (MSALUtils.isB2C()) {
6128
6218
  configuration.auth.authority = MSALB2C.getAuthorityByType(PolicyType.signUpSignIn);
6129
6219
  configuration.auth.knownAuthorities = [MSALB2CConfig.authorityDomain];
6130
6220
  }