@propelauth/nextjs 0.0.115 → 0.0.119
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/index.d.ts +119 -2
- package/dist/client/index.js +146 -12
- package/dist/client/index.js.map +1 -1
- package/dist/client/index.mjs +146 -12
- package/dist/client/index.mjs.map +1 -1
- package/dist/server/app-router/index.d.ts +113 -2
- package/dist/server/app-router/index.js +232 -36
- package/dist/server/app-router/index.js.map +1 -1
- package/dist/server/app-router/index.mjs +232 -36
- package/dist/server/app-router/index.mjs.map +1 -1
- package/dist/server/index.d.ts +111 -1
- package/dist/server/index.js +67 -16
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +67 -16
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.d.ts +111 -1
- package/dist/server/pages/index.js +82 -24
- package/dist/server/pages/index.js.map +1 -1
- package/dist/server/pages/index.mjs +82 -24
- package/dist/server/pages/index.mjs.map +1 -1
- package/package.json +1 -1
package/dist/server/index.mjs
CHANGED
|
@@ -19,10 +19,36 @@ var __async = (__this, __arguments, generator) => {
|
|
|
19
19
|
});
|
|
20
20
|
};
|
|
21
21
|
|
|
22
|
+
// src/loginMethod.ts
|
|
23
|
+
function toLoginMethod(snake_case) {
|
|
24
|
+
if (!snake_case) {
|
|
25
|
+
return { loginMethod: "unknown" };
|
|
26
|
+
}
|
|
27
|
+
switch (snake_case.login_method) {
|
|
28
|
+
case "password":
|
|
29
|
+
return { loginMethod: "password" };
|
|
30
|
+
case "magic_link":
|
|
31
|
+
return { loginMethod: "magic_link" };
|
|
32
|
+
case "social_sso":
|
|
33
|
+
return { loginMethod: "social_sso", provider: snake_case.provider };
|
|
34
|
+
case "email_confirmation_link":
|
|
35
|
+
return { loginMethod: "email_confirmation_link" };
|
|
36
|
+
case "saml_sso":
|
|
37
|
+
return { loginMethod: "saml_sso", provider: snake_case.provider, orgId: snake_case.org_id };
|
|
38
|
+
case "impersonation":
|
|
39
|
+
return { loginMethod: "impersonation" };
|
|
40
|
+
case "generated_from_backend_api":
|
|
41
|
+
return { loginMethod: "generated_from_backend_api" };
|
|
42
|
+
default:
|
|
43
|
+
return { loginMethod: "unknown" };
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
|
|
22
47
|
// src/user.ts
|
|
23
48
|
var UserFromToken = class {
|
|
24
|
-
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
|
|
49
|
+
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
|
|
25
50
|
this.userId = userId;
|
|
51
|
+
this.activeOrgId = activeOrgId;
|
|
26
52
|
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
|
|
27
53
|
this.email = email;
|
|
28
54
|
this.firstName = firstName;
|
|
@@ -31,6 +57,16 @@ var UserFromToken = class {
|
|
|
31
57
|
this.legacyUserId = legacyUserId;
|
|
32
58
|
this.impersonatorUserId = impersonatorUserId;
|
|
33
59
|
this.properties = properties;
|
|
60
|
+
this.loginMethod = loginMethod;
|
|
61
|
+
}
|
|
62
|
+
getActiveOrg() {
|
|
63
|
+
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
|
|
64
|
+
return void 0;
|
|
65
|
+
}
|
|
66
|
+
return this.orgIdToOrgMemberInfo[this.activeOrgId];
|
|
67
|
+
}
|
|
68
|
+
getActiveOrgId() {
|
|
69
|
+
return this.activeOrgId;
|
|
34
70
|
}
|
|
35
71
|
getOrg(orgId) {
|
|
36
72
|
if (!this.orgIdToOrgMemberInfo) {
|
|
@@ -64,9 +100,7 @@ var UserFromToken = class {
|
|
|
64
100
|
const obj = JSON.parse(json);
|
|
65
101
|
const orgIdToOrgMemberInfo = {};
|
|
66
102
|
for (const orgId in obj.orgIdToOrgMemberInfo) {
|
|
67
|
-
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
|
|
68
|
-
JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
|
|
69
|
-
);
|
|
103
|
+
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
|
|
70
104
|
}
|
|
71
105
|
return new UserFromToken(
|
|
72
106
|
obj.userId,
|
|
@@ -77,7 +111,34 @@ var UserFromToken = class {
|
|
|
77
111
|
obj.username,
|
|
78
112
|
obj.legacyUserId,
|
|
79
113
|
obj.impersonatorUserId,
|
|
80
|
-
obj.properties
|
|
114
|
+
obj.properties,
|
|
115
|
+
obj.activeOrgId,
|
|
116
|
+
obj.loginMethod
|
|
117
|
+
);
|
|
118
|
+
}
|
|
119
|
+
static fromJwtPayload(payload) {
|
|
120
|
+
let activeOrgId;
|
|
121
|
+
let orgIdToOrgMemberInfo;
|
|
122
|
+
if (payload.org_member_info) {
|
|
123
|
+
activeOrgId = payload.org_member_info.org_id;
|
|
124
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
|
|
125
|
+
} else {
|
|
126
|
+
activeOrgId = void 0;
|
|
127
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
|
|
128
|
+
}
|
|
129
|
+
const loginMethod = toLoginMethod(payload.login_method);
|
|
130
|
+
return new UserFromToken(
|
|
131
|
+
payload.user_id,
|
|
132
|
+
payload.email,
|
|
133
|
+
orgIdToOrgMemberInfo,
|
|
134
|
+
payload.first_name,
|
|
135
|
+
payload.last_name,
|
|
136
|
+
payload.username,
|
|
137
|
+
payload.legacy_user_id,
|
|
138
|
+
payload.impersonatorUserId,
|
|
139
|
+
payload.properties,
|
|
140
|
+
activeOrgId,
|
|
141
|
+
loginMethod
|
|
81
142
|
);
|
|
82
143
|
}
|
|
83
144
|
};
|
|
@@ -128,17 +189,7 @@ var OrgMemberInfo = class {
|
|
|
128
189
|
}
|
|
129
190
|
};
|
|
130
191
|
function toUser(snake_case) {
|
|
131
|
-
return
|
|
132
|
-
snake_case.user_id,
|
|
133
|
-
snake_case.email,
|
|
134
|
-
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
|
|
135
|
-
snake_case.first_name,
|
|
136
|
-
snake_case.last_name,
|
|
137
|
-
snake_case.username,
|
|
138
|
-
snake_case.legacy_user_id,
|
|
139
|
-
snake_case.impersonatorUserId,
|
|
140
|
-
snake_case.properties
|
|
141
|
-
);
|
|
192
|
+
return UserFromToken.fromJwtPayload(snake_case);
|
|
142
193
|
}
|
|
143
194
|
function toOrgIdToOrgMemberInfo(snake_case) {
|
|
144
195
|
if (snake_case === void 0) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/user.ts","../../src/server/exceptions.ts","../../src/server/shared.ts","../../src/server/api.ts"],"sourcesContent":["export class UserFromToken {\n public userId: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n ) {\n this.userId = userId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, \"-\")\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(\n JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])\n )\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\nexport type InternalUser = {\n user_id: string\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return new UserFromToken(\n snake_case.user_id,\n snake_case.email,\n toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),\n snake_case.first_name,\n snake_case.last_name,\n snake_case.username,\n snake_case.legacy_user_id,\n snake_case.impersonatorUserId,\n snake_case.properties,\n )\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import {ResponseCookie} from \"next/dist/compiled/@edge-runtime/cookies\";\nimport {InternalUser, toUser, UserFromToken} from \"../user\";\nimport {ConfigurationException, UnauthorizedException} from \"./exceptions\";\nimport * as jose from \"jose\";\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: \"none\"\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: \"unauthorized\"\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: \"unexpected\"\n}\n\nexport type RefreshTokenResponse =\n RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = \"/api/auth/login\"\nexport const CALLBACK_PATH = \"/api/auth/callback\"\nexport const USERINFO_PATH = \"/api/auth/userinfo\"\nexport const LOGOUT_PATH = \"/api/auth/logout\"\nexport const ACCESS_TOKEN_COOKIE_NAME = \"__pa_at\"\nexport const REFRESH_TOKEN_COOKIE_NAME = \"__pa_rt\"\nexport const STATE_COOKIE_NAME = \"__pa_state\"\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = \"x-propelauth-access-token\"\nexport const RETURN_TO_PATH_COOKIE_NAME = \"__pa_return_to_path\"\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: \"lax\",\n secure: true,\n path: \"/\",\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error(\"NEXT_PUBLIC_AUTH_URL is not set\")\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error(\"PROPELAUTH_REDIRECT_URI is not set\")\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error(\"PROPELAUTH_API_KEY is not set\")\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error(\"PROPELAUTH_VERIFIER_KEY is not set\")\n }\n return verifierKey.replace(/\\\\n/g, \"\\n\")\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(refreshToken: string): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token`\n const response = await fetch(url, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: \"Bearer \" + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const {\n access_token: accessToken,\n expires_at_seconds: expiresAtSeconds,\n } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: \"none\",\n }\n } else if (response.status === 400 || response.status === 401) {\n return {error: \"unauthorized\"}\n } else {\n return {error: \"unexpected\"}\n }\n}\n\nexport async function validateAccessTokenOrUndefined(accessToken: string | undefined): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info(\"Error validating access token\", err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), \"RS256\")\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException(\"Invalid verifier key\")\n }\n\n if (!accessToken) {\n throw new UnauthorizedException(\"No access token provided\")\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith(\"bearer \")) {\n accessTokenWithoutBearer = accessToken.substring(\"bearer \".length)\n }\n\n try {\n const {payload} = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: [\"RS256\"],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException(\"Unable to decode jwt\")\n }\n }\n}\n","import {getApis} from \"@propelauth/node-apis\";\nimport {getAuthUrl, getIntegrationApiKey} from \"./shared\";\n\nexport const getPropelAuthApis = () => {\n const authUrl = getAuthUrl()\n const integrationApiKey = getIntegrationApiKey()\n\n return getApis(authUrl, integrationApiKey)\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAO,IAAM,gBAAN,MAAoB;AAAA,EAgBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACF;AACE,SAAK,SAAS;AACd,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAAA,EACtB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc;AAAA,QACxC,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC;AAAA,MAClD;AAAA,IACJ;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AA4BO,SAAS,OAAO,YAAyC;AAC5D,SAAO,IAAI;AAAA,IACP,WAAW;AAAA,IACX,WAAW;AAAA,IACX,uBAAuB,WAAW,yBAAyB;AAAA,IAC3D,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,IACX,WAAW;AAAA,EACf;AACJ;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AClPO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,YAAY,UAAU;AAsCf,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAoCA,SAAsB,+BAA+B,aAAqE;AAAA;AACtH,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAC,QAAO,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QACxE,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;AC9JA,SAAQ,eAAc;AAGf,IAAM,oBAAoB,MAAM;AACnC,QAAM,UAAU,WAAW;AAC3B,QAAM,oBAAoB,qBAAqB;AAE/C,SAAO,QAAQ,SAAS,iBAAiB;AAC7C;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../src/loginMethod.ts","../../src/user.ts","../../src/server/exceptions.ts","../../src/server/shared.ts","../../src/server/api.ts"],"sourcesContent":["export enum SocialLoginProvider {\n Google = 'Google',\n GitHub = 'GitHub',\n Microsoft = 'Microsoft',\n Slack = 'Slack',\n LinkedIn = 'LinkedIn',\n Salesforce = 'Salesforce',\n Xero = 'Xero',\n QuickBooksOnline = 'QuickBooks Online',\n}\n\nexport enum SamlLoginProvider {\n Google = 'Google',\n Rippling = 'Rippling',\n OneLogin = 'OneLogin',\n JumpCloud = 'JumpCloud',\n Okta = 'Okta',\n Azure = 'Azure',\n Duo = 'Duo',\n Generic = 'Generic',\n}\n\ntype InternalPasswordLoginMethod = {\n login_method: 'password'\n}\n\ntype InternalMagicLinkLoginMethod = {\n login_method: 'magic_link'\n}\n\ntype InternalSocialSsoLoginMethod = {\n login_method: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype InternalEmailConfirmationLinkLoginMethod = {\n login_method: 'email_confirmation_link'\n}\n\ntype InternalSamlSsoLoginMethod = {\n login_method: 'saml_sso'\n provider: SamlLoginProvider\n org_id: string\n}\n\ntype InternalImpersonationLoginMethod = {\n login_method: 'impersonation'\n}\n\ntype InternalGeneratedFromBackendApiLoginMethod = {\n login_method: 'generated_from_backend_api'\n}\n\ntype InternalUnknownLoginMethod = {\n login_method: 'unknown'\n}\n\nexport type InternalLoginMethod =\n | InternalPasswordLoginMethod\n | InternalMagicLinkLoginMethod\n | InternalSocialSsoLoginMethod\n | InternalEmailConfirmationLinkLoginMethod\n | InternalSamlSsoLoginMethod\n | InternalImpersonationLoginMethod\n | InternalGeneratedFromBackendApiLoginMethod\n | InternalUnknownLoginMethod\n\ntype PasswordLoginMethod = {\n loginMethod: 'password'\n}\n\ntype MagicLinkLoginMethod = {\n loginMethod: 'magic_link'\n}\n\ntype SocialSsoLoginMethod = {\n loginMethod: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype EmailConfirmationLinkLoginMethod = {\n loginMethod: 'email_confirmation_link'\n}\n\ntype SamlSsoLoginMethod = {\n loginMethod: 'saml_sso'\n provider: SamlLoginProvider\n orgId: string\n}\n\ntype ImpersonationLoginMethod = {\n loginMethod: 'impersonation'\n}\n\ntype GeneratedFromBackendApiLoginMethod = {\n loginMethod: 'generated_from_backend_api'\n}\n\ntype UnknownLoginMethod = {\n loginMethod: 'unknown'\n}\n\nexport type LoginMethod =\n | PasswordLoginMethod\n | MagicLinkLoginMethod\n | SocialSsoLoginMethod\n | EmailConfirmationLinkLoginMethod\n | SamlSsoLoginMethod\n | ImpersonationLoginMethod\n | GeneratedFromBackendApiLoginMethod\n | UnknownLoginMethod\n\nexport function toLoginMethod(snake_case?: InternalLoginMethod): LoginMethod {\n if (!snake_case) {\n return { loginMethod: 'unknown' }\n }\n\n switch (snake_case.login_method) {\n case 'password':\n return { loginMethod: 'password' }\n case 'magic_link':\n return { loginMethod: 'magic_link' }\n case 'social_sso':\n return { loginMethod: 'social_sso', provider: snake_case.provider }\n case 'email_confirmation_link':\n return { loginMethod: 'email_confirmation_link' }\n case 'saml_sso':\n return { loginMethod: 'saml_sso', provider: snake_case.provider, orgId: snake_case.org_id }\n case 'impersonation':\n return { loginMethod: 'impersonation' }\n case 'generated_from_backend_api':\n return { loginMethod: 'generated_from_backend_api' }\n default:\n return { loginMethod: 'unknown' }\n }\n}\n","import { InternalLoginMethod, LoginMethod, toLoginMethod } from './loginMethod'\n\nexport class UserFromToken {\n public userId: string\n\n public activeOrgId?: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n public loginMethod?: LoginMethod\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n activeOrgId?: string,\n loginMethod?: LoginMethod\n ) {\n this.userId = userId\n\n this.activeOrgId = activeOrgId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n this.loginMethod = loginMethod\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[this.activeOrgId]\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n obj.activeOrgId,\n obj.loginMethod\n )\n }\n\n public static fromJwtPayload(payload: InternalUser): UserFromToken {\n let activeOrgId: string | undefined\n let orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo | undefined\n\n if (payload.org_member_info) {\n activeOrgId = payload.org_member_info.org_id\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info })\n } else {\n activeOrgId = undefined\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info)\n }\n\n const loginMethod = toLoginMethod(payload.login_method)\n\n return new UserFromToken(\n payload.user_id,\n payload.email,\n orgIdToOrgMemberInfo,\n payload.first_name,\n payload.last_name,\n payload.username,\n payload.legacy_user_id,\n payload.impersonatorUserId,\n payload.properties,\n activeOrgId,\n loginMethod\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n return this.userAssignedRole === role\n }\n\n public isAtLeastRole(role: string): boolean {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n return this.userInheritedRolesPlusCurrentRole\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n}\n\nexport type InternalUser = {\n user_id: string\n\n org_member_info?: InternalOrgMemberInfo\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n login_method?: InternalLoginMethod\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return UserFromToken.fromJwtPayload(snake_case)\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import { ResponseCookie } from 'next/dist/compiled/@edge-runtime/cookies'\nimport { InternalUser, toUser, UserFromToken } from '../user'\nimport { ConfigurationException, UnauthorizedException } from './exceptions'\nimport * as jose from 'jose'\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: 'none'\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: 'unauthorized'\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: 'unexpected'\n}\n\nexport type RefreshTokenResponse =\n | RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = '/api/auth/login'\nexport const CALLBACK_PATH = '/api/auth/callback'\nexport const USERINFO_PATH = '/api/auth/userinfo'\nexport const LOGOUT_PATH = '/api/auth/logout'\nexport const ACCESS_TOKEN_COOKIE_NAME = '__pa_at'\nexport const REFRESH_TOKEN_COOKIE_NAME = '__pa_rt'\nexport const STATE_COOKIE_NAME = '__pa_state'\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = 'x-propelauth-access-token'\nexport const RETURN_TO_PATH_COOKIE_NAME = '__pa_return_to_path'\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: 'lax',\n secure: true,\n path: '/',\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error('NEXT_PUBLIC_AUTH_URL is not set')\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error('PROPELAUTH_REDIRECT_URI is not set')\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error('PROPELAUTH_API_KEY is not set')\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error('PROPELAUTH_VERIFIER_KEY is not set')\n }\n return verifierKey.replace(/\\\\n/g, '\\n')\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(\n refreshToken: string,\n activeOrgId?: string\n): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n\n const queryParams = new URLSearchParams()\n if (activeOrgId) {\n queryParams.set('with_active_org_support', 'true')\n queryParams.set('active_org_id', activeOrgId)\n }\n\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(body),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: 'none',\n }\n } else if (response.status === 400 || response.status === 401) {\n return { error: 'unauthorized' }\n } else {\n return { error: 'unexpected' }\n }\n}\n\nexport async function validateAccessTokenOrUndefined(\n accessToken: string | undefined\n): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info('Error validating access token', err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), 'RS256')\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException('Invalid verifier key')\n }\n\n if (!accessToken) {\n throw new UnauthorizedException('No access token provided')\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith('bearer ')) {\n accessTokenWithoutBearer = accessToken.substring('bearer '.length)\n }\n\n try {\n const { payload } = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: ['RS256'],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException('Unable to decode jwt')\n }\n }\n}\n","import {getApis} from \"@propelauth/node-apis\";\nimport {getAuthUrl, getIntegrationApiKey} from \"./shared\";\n\nexport const getPropelAuthApis = () => {\n const authUrl = getAuthUrl()\n const integrationApiKey = getIntegrationApiKey()\n\n return getApis(authUrl, integrationApiKey)\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAgHO,SAAS,cAAc,YAA+C;AACzE,MAAI,CAAC,YAAY;AACb,WAAO,EAAE,aAAa,UAAU;AAAA,EACpC;AAEA,UAAQ,WAAW,cAAc;AAAA,IAC7B,KAAK;AACD,aAAO,EAAE,aAAa,WAAW;AAAA,IACrC,KAAK;AACD,aAAO,EAAE,aAAa,aAAa;AAAA,IACvC,KAAK;AACD,aAAO,EAAE,aAAa,cAAc,UAAU,WAAW,SAAS;AAAA,IACtE,KAAK;AACD,aAAO,EAAE,aAAa,0BAA0B;AAAA,IACpD,KAAK;AACD,aAAO,EAAE,aAAa,YAAY,UAAU,WAAW,UAAU,OAAO,WAAW,OAAO;AAAA,IAC9F,KAAK;AACD,aAAO,EAAE,aAAa,gBAAgB;AAAA,IAC1C,KAAK;AACD,aAAO,EAAE,aAAa,6BAA6B;AAAA,IACvD;AACI,aAAO,EAAE,aAAa,UAAU;AAAA,EACxC;AACJ;;;ACrIO,IAAM,gBAAN,MAAoB;AAAA,EAmBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACA,aACF;AACE,SAAK,SAAS;AAEd,SAAK,cAAc;AACnB,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAClB,SAAK,cAAc;AAAA,EACvB;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,eAAe,CAAC,KAAK,sBAAsB;AACjD,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK,WAAW;AAAA,EACrD;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA,EAEA,OAAc,eAAe,SAAsC;AAC/D,QAAI;AACJ,QAAI;AAEJ,QAAI,QAAQ,iBAAiB;AACzB,oBAAc,QAAQ,gBAAgB;AACtC,6BAAuB,uBAAuB,EAAE,CAAC,WAAW,GAAG,QAAQ,gBAAgB,CAAC;AAAA,IAC5F,OAAO;AACH,oBAAc;AACd,6BAAuB,uBAAuB,QAAQ,yBAAyB;AAAA,IACnF;AAEA,UAAM,cAAc,cAAc,QAAQ,YAAY;AAEtD,WAAO,IAAI;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AACJ;AAMO,IAAM,gBAAN,MAAoB;AAAA,EAUvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AAEtB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AAAA,EAC3B;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,WAAO,KAAK,qBAAqB;AAAA,EACrC;AAAA,EAEO,cAAc,MAAuB;AACxC,WAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,EAC/D;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAA0C;AAC1C,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AAgCO,SAAS,OAAO,YAAyC;AAC5D,SAAO,cAAc,eAAe,UAAU;AAClD;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AC/RO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,YAAY,UAAU;AAsCf,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AA2CA,SAAsB,+BAClB,aACkC;AAAA;AAClC,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAE,QAAQ,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QAC1E,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;ACvKA,SAAQ,eAAc;AAGf,IAAM,oBAAoB,MAAM;AACnC,QAAM,UAAU,WAAW;AAC3B,QAAM,oBAAoB,qBAAqB;AAE/C,SAAO,QAAQ,SAAS,iBAAiB;AAC7C;","names":[]}
|
|
@@ -1,7 +1,85 @@
|
|
|
1
1
|
import { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next';
|
|
2
2
|
|
|
3
|
+
declare enum SocialLoginProvider {
|
|
4
|
+
Google = "Google",
|
|
5
|
+
GitHub = "GitHub",
|
|
6
|
+
Microsoft = "Microsoft",
|
|
7
|
+
Slack = "Slack",
|
|
8
|
+
LinkedIn = "LinkedIn",
|
|
9
|
+
Salesforce = "Salesforce",
|
|
10
|
+
Xero = "Xero",
|
|
11
|
+
QuickBooksOnline = "QuickBooks Online"
|
|
12
|
+
}
|
|
13
|
+
declare enum SamlLoginProvider {
|
|
14
|
+
Google = "Google",
|
|
15
|
+
Rippling = "Rippling",
|
|
16
|
+
OneLogin = "OneLogin",
|
|
17
|
+
JumpCloud = "JumpCloud",
|
|
18
|
+
Okta = "Okta",
|
|
19
|
+
Azure = "Azure",
|
|
20
|
+
Duo = "Duo",
|
|
21
|
+
Generic = "Generic"
|
|
22
|
+
}
|
|
23
|
+
type InternalPasswordLoginMethod = {
|
|
24
|
+
login_method: 'password';
|
|
25
|
+
};
|
|
26
|
+
type InternalMagicLinkLoginMethod = {
|
|
27
|
+
login_method: 'magic_link';
|
|
28
|
+
};
|
|
29
|
+
type InternalSocialSsoLoginMethod = {
|
|
30
|
+
login_method: 'social_sso';
|
|
31
|
+
provider: SocialLoginProvider;
|
|
32
|
+
};
|
|
33
|
+
type InternalEmailConfirmationLinkLoginMethod = {
|
|
34
|
+
login_method: 'email_confirmation_link';
|
|
35
|
+
};
|
|
36
|
+
type InternalSamlSsoLoginMethod = {
|
|
37
|
+
login_method: 'saml_sso';
|
|
38
|
+
provider: SamlLoginProvider;
|
|
39
|
+
org_id: string;
|
|
40
|
+
};
|
|
41
|
+
type InternalImpersonationLoginMethod = {
|
|
42
|
+
login_method: 'impersonation';
|
|
43
|
+
};
|
|
44
|
+
type InternalGeneratedFromBackendApiLoginMethod = {
|
|
45
|
+
login_method: 'generated_from_backend_api';
|
|
46
|
+
};
|
|
47
|
+
type InternalUnknownLoginMethod = {
|
|
48
|
+
login_method: 'unknown';
|
|
49
|
+
};
|
|
50
|
+
type InternalLoginMethod = InternalPasswordLoginMethod | InternalMagicLinkLoginMethod | InternalSocialSsoLoginMethod | InternalEmailConfirmationLinkLoginMethod | InternalSamlSsoLoginMethod | InternalImpersonationLoginMethod | InternalGeneratedFromBackendApiLoginMethod | InternalUnknownLoginMethod;
|
|
51
|
+
type PasswordLoginMethod = {
|
|
52
|
+
loginMethod: 'password';
|
|
53
|
+
};
|
|
54
|
+
type MagicLinkLoginMethod = {
|
|
55
|
+
loginMethod: 'magic_link';
|
|
56
|
+
};
|
|
57
|
+
type SocialSsoLoginMethod = {
|
|
58
|
+
loginMethod: 'social_sso';
|
|
59
|
+
provider: SocialLoginProvider;
|
|
60
|
+
};
|
|
61
|
+
type EmailConfirmationLinkLoginMethod = {
|
|
62
|
+
loginMethod: 'email_confirmation_link';
|
|
63
|
+
};
|
|
64
|
+
type SamlSsoLoginMethod = {
|
|
65
|
+
loginMethod: 'saml_sso';
|
|
66
|
+
provider: SamlLoginProvider;
|
|
67
|
+
orgId: string;
|
|
68
|
+
};
|
|
69
|
+
type ImpersonationLoginMethod = {
|
|
70
|
+
loginMethod: 'impersonation';
|
|
71
|
+
};
|
|
72
|
+
type GeneratedFromBackendApiLoginMethod = {
|
|
73
|
+
loginMethod: 'generated_from_backend_api';
|
|
74
|
+
};
|
|
75
|
+
type UnknownLoginMethod = {
|
|
76
|
+
loginMethod: 'unknown';
|
|
77
|
+
};
|
|
78
|
+
type LoginMethod = PasswordLoginMethod | MagicLinkLoginMethod | SocialSsoLoginMethod | EmailConfirmationLinkLoginMethod | SamlSsoLoginMethod | ImpersonationLoginMethod | GeneratedFromBackendApiLoginMethod | UnknownLoginMethod;
|
|
79
|
+
|
|
3
80
|
declare class UserFromToken {
|
|
4
81
|
userId: string;
|
|
82
|
+
activeOrgId?: string;
|
|
5
83
|
orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo;
|
|
6
84
|
email: string;
|
|
7
85
|
firstName?: string;
|
|
@@ -10,16 +88,20 @@ declare class UserFromToken {
|
|
|
10
88
|
properties?: {
|
|
11
89
|
[key: string]: unknown;
|
|
12
90
|
};
|
|
91
|
+
loginMethod?: LoginMethod;
|
|
13
92
|
legacyUserId?: string;
|
|
14
93
|
impersonatorUserId?: string;
|
|
15
94
|
constructor(userId: string, email: string, orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo, firstName?: string, lastName?: string, username?: string, legacyUserId?: string, impersonatorUserId?: string, properties?: {
|
|
16
95
|
[key: string]: unknown;
|
|
17
|
-
});
|
|
96
|
+
}, activeOrgId?: string, loginMethod?: LoginMethod);
|
|
97
|
+
getActiveOrg(): OrgMemberInfo | undefined;
|
|
98
|
+
getActiveOrgId(): string | undefined;
|
|
18
99
|
getOrg(orgId: string): OrgMemberInfo | undefined;
|
|
19
100
|
getOrgByName(orgName: string): OrgMemberInfo | undefined;
|
|
20
101
|
getOrgs(): OrgMemberInfo[];
|
|
21
102
|
isImpersonating(): boolean;
|
|
22
103
|
static fromJSON(json: string): UserFromToken;
|
|
104
|
+
static fromJwtPayload(payload: InternalUser): UserFromToken;
|
|
23
105
|
}
|
|
24
106
|
type OrgIdToOrgMemberInfo = {
|
|
25
107
|
[orgId: string]: OrgMemberInfo;
|
|
@@ -46,6 +128,34 @@ declare class OrgMemberInfo {
|
|
|
46
128
|
get inheritedRolesPlusCurrentRole(): string[];
|
|
47
129
|
get permissions(): string[];
|
|
48
130
|
}
|
|
131
|
+
type InternalOrgMemberInfo = {
|
|
132
|
+
org_id: string;
|
|
133
|
+
org_name: string;
|
|
134
|
+
org_metadata: {
|
|
135
|
+
[key: string]: any;
|
|
136
|
+
};
|
|
137
|
+
url_safe_org_name: string;
|
|
138
|
+
user_role: string;
|
|
139
|
+
inherited_user_roles_plus_current_role: string[];
|
|
140
|
+
user_permissions: string[];
|
|
141
|
+
};
|
|
142
|
+
type InternalUser = {
|
|
143
|
+
user_id: string;
|
|
144
|
+
org_member_info?: InternalOrgMemberInfo;
|
|
145
|
+
org_id_to_org_member_info?: {
|
|
146
|
+
[org_id: string]: InternalOrgMemberInfo;
|
|
147
|
+
};
|
|
148
|
+
email: string;
|
|
149
|
+
first_name?: string;
|
|
150
|
+
last_name?: string;
|
|
151
|
+
username?: string;
|
|
152
|
+
properties?: {
|
|
153
|
+
[key: string]: unknown;
|
|
154
|
+
};
|
|
155
|
+
login_method?: InternalLoginMethod;
|
|
156
|
+
legacy_user_id?: string;
|
|
157
|
+
impersonatorUserId?: string;
|
|
158
|
+
};
|
|
49
159
|
|
|
50
160
|
declare function getUserFromServerSideProps(props: GetServerSidePropsContext, forceRefresh?: boolean): Promise<UserFromToken | undefined>;
|
|
51
161
|
declare function getUserFromApiRouteRequest(req: NextApiRequest, res: NextApiResponse, forceRefresh?: boolean): Promise<UserFromToken | undefined>;
|
|
@@ -55,10 +55,36 @@ __export(pages_index_exports, {
|
|
|
55
55
|
});
|
|
56
56
|
module.exports = __toCommonJS(pages_index_exports);
|
|
57
57
|
|
|
58
|
+
// src/loginMethod.ts
|
|
59
|
+
function toLoginMethod(snake_case) {
|
|
60
|
+
if (!snake_case) {
|
|
61
|
+
return { loginMethod: "unknown" };
|
|
62
|
+
}
|
|
63
|
+
switch (snake_case.login_method) {
|
|
64
|
+
case "password":
|
|
65
|
+
return { loginMethod: "password" };
|
|
66
|
+
case "magic_link":
|
|
67
|
+
return { loginMethod: "magic_link" };
|
|
68
|
+
case "social_sso":
|
|
69
|
+
return { loginMethod: "social_sso", provider: snake_case.provider };
|
|
70
|
+
case "email_confirmation_link":
|
|
71
|
+
return { loginMethod: "email_confirmation_link" };
|
|
72
|
+
case "saml_sso":
|
|
73
|
+
return { loginMethod: "saml_sso", provider: snake_case.provider, orgId: snake_case.org_id };
|
|
74
|
+
case "impersonation":
|
|
75
|
+
return { loginMethod: "impersonation" };
|
|
76
|
+
case "generated_from_backend_api":
|
|
77
|
+
return { loginMethod: "generated_from_backend_api" };
|
|
78
|
+
default:
|
|
79
|
+
return { loginMethod: "unknown" };
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
|
|
58
83
|
// src/user.ts
|
|
59
84
|
var UserFromToken = class {
|
|
60
|
-
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties) {
|
|
85
|
+
constructor(userId, email, orgIdToOrgMemberInfo, firstName, lastName, username, legacyUserId, impersonatorUserId, properties, activeOrgId, loginMethod) {
|
|
61
86
|
this.userId = userId;
|
|
87
|
+
this.activeOrgId = activeOrgId;
|
|
62
88
|
this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo;
|
|
63
89
|
this.email = email;
|
|
64
90
|
this.firstName = firstName;
|
|
@@ -67,6 +93,16 @@ var UserFromToken = class {
|
|
|
67
93
|
this.legacyUserId = legacyUserId;
|
|
68
94
|
this.impersonatorUserId = impersonatorUserId;
|
|
69
95
|
this.properties = properties;
|
|
96
|
+
this.loginMethod = loginMethod;
|
|
97
|
+
}
|
|
98
|
+
getActiveOrg() {
|
|
99
|
+
if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {
|
|
100
|
+
return void 0;
|
|
101
|
+
}
|
|
102
|
+
return this.orgIdToOrgMemberInfo[this.activeOrgId];
|
|
103
|
+
}
|
|
104
|
+
getActiveOrgId() {
|
|
105
|
+
return this.activeOrgId;
|
|
70
106
|
}
|
|
71
107
|
getOrg(orgId) {
|
|
72
108
|
if (!this.orgIdToOrgMemberInfo) {
|
|
@@ -100,9 +136,7 @@ var UserFromToken = class {
|
|
|
100
136
|
const obj = JSON.parse(json);
|
|
101
137
|
const orgIdToOrgMemberInfo = {};
|
|
102
138
|
for (const orgId in obj.orgIdToOrgMemberInfo) {
|
|
103
|
-
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(
|
|
104
|
-
JSON.stringify(obj.orgIdToOrgMemberInfo[orgId])
|
|
105
|
-
);
|
|
139
|
+
orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]));
|
|
106
140
|
}
|
|
107
141
|
return new UserFromToken(
|
|
108
142
|
obj.userId,
|
|
@@ -113,7 +147,34 @@ var UserFromToken = class {
|
|
|
113
147
|
obj.username,
|
|
114
148
|
obj.legacyUserId,
|
|
115
149
|
obj.impersonatorUserId,
|
|
116
|
-
obj.properties
|
|
150
|
+
obj.properties,
|
|
151
|
+
obj.activeOrgId,
|
|
152
|
+
obj.loginMethod
|
|
153
|
+
);
|
|
154
|
+
}
|
|
155
|
+
static fromJwtPayload(payload) {
|
|
156
|
+
let activeOrgId;
|
|
157
|
+
let orgIdToOrgMemberInfo;
|
|
158
|
+
if (payload.org_member_info) {
|
|
159
|
+
activeOrgId = payload.org_member_info.org_id;
|
|
160
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info });
|
|
161
|
+
} else {
|
|
162
|
+
activeOrgId = void 0;
|
|
163
|
+
orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info);
|
|
164
|
+
}
|
|
165
|
+
const loginMethod = toLoginMethod(payload.login_method);
|
|
166
|
+
return new UserFromToken(
|
|
167
|
+
payload.user_id,
|
|
168
|
+
payload.email,
|
|
169
|
+
orgIdToOrgMemberInfo,
|
|
170
|
+
payload.first_name,
|
|
171
|
+
payload.last_name,
|
|
172
|
+
payload.username,
|
|
173
|
+
payload.legacy_user_id,
|
|
174
|
+
payload.impersonatorUserId,
|
|
175
|
+
payload.properties,
|
|
176
|
+
activeOrgId,
|
|
177
|
+
loginMethod
|
|
117
178
|
);
|
|
118
179
|
}
|
|
119
180
|
};
|
|
@@ -164,17 +225,7 @@ var OrgMemberInfo = class {
|
|
|
164
225
|
}
|
|
165
226
|
};
|
|
166
227
|
function toUser(snake_case) {
|
|
167
|
-
return
|
|
168
|
-
snake_case.user_id,
|
|
169
|
-
snake_case.email,
|
|
170
|
-
toOrgIdToOrgMemberInfo(snake_case.org_id_to_org_member_info),
|
|
171
|
-
snake_case.first_name,
|
|
172
|
-
snake_case.last_name,
|
|
173
|
-
snake_case.username,
|
|
174
|
-
snake_case.legacy_user_id,
|
|
175
|
-
snake_case.impersonatorUserId,
|
|
176
|
-
snake_case.properties
|
|
177
|
-
);
|
|
228
|
+
return UserFromToken.fromJwtPayload(snake_case);
|
|
178
229
|
}
|
|
179
230
|
function toOrgIdToOrgMemberInfo(snake_case) {
|
|
180
231
|
if (snake_case === void 0) {
|
|
@@ -242,12 +293,17 @@ function getVerifierKey() {
|
|
|
242
293
|
}
|
|
243
294
|
return verifierKey.replace(/\\n/g, "\n");
|
|
244
295
|
}
|
|
245
|
-
function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
|
296
|
+
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
|
|
246
297
|
return __async(this, null, function* () {
|
|
247
298
|
const body = {
|
|
248
299
|
refresh_token: refreshToken
|
|
249
300
|
};
|
|
250
|
-
const
|
|
301
|
+
const queryParams = new URLSearchParams();
|
|
302
|
+
if (activeOrgId) {
|
|
303
|
+
queryParams.set("with_active_org_support", "true");
|
|
304
|
+
queryParams.set("active_org_id", activeOrgId);
|
|
305
|
+
}
|
|
306
|
+
const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`;
|
|
251
307
|
const response = yield fetch(url, {
|
|
252
308
|
method: "POST",
|
|
253
309
|
body: JSON.stringify(body),
|
|
@@ -259,10 +315,7 @@ function refreshTokenWithAccessAndRefreshToken(refreshToken) {
|
|
|
259
315
|
if (response.ok) {
|
|
260
316
|
const data = yield response.json();
|
|
261
317
|
const newRefreshToken = data.refresh_token;
|
|
262
|
-
const {
|
|
263
|
-
access_token: accessToken,
|
|
264
|
-
expires_at_seconds: expiresAtSeconds
|
|
265
|
-
} = data.access_token;
|
|
318
|
+
const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token;
|
|
266
319
|
return {
|
|
267
320
|
refreshToken: newRefreshToken,
|
|
268
321
|
accessToken,
|
|
@@ -323,11 +376,15 @@ function validateAccessToken(accessToken) {
|
|
|
323
376
|
});
|
|
324
377
|
}
|
|
325
378
|
|
|
379
|
+
// src/shared.ts
|
|
380
|
+
var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
|
|
381
|
+
|
|
326
382
|
// src/server/pages.ts
|
|
327
383
|
function getUserFromServerSideProps(props, forceRefresh = false) {
|
|
328
384
|
return __async(this, null, function* () {
|
|
329
385
|
const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME];
|
|
330
386
|
const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME];
|
|
387
|
+
const activeOrgId = props.req.cookies[ACTIVE_ORG_ID_COOKIE_NAME];
|
|
331
388
|
if (accessToken && !forceRefresh) {
|
|
332
389
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
|
333
390
|
if (user) {
|
|
@@ -335,7 +392,7 @@ function getUserFromServerSideProps(props, forceRefresh = false) {
|
|
|
335
392
|
}
|
|
336
393
|
}
|
|
337
394
|
if (refreshToken) {
|
|
338
|
-
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
|
|
395
|
+
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
|
339
396
|
if (response.error === "unexpected") {
|
|
340
397
|
throw new Error("Unexpected error while refreshing access token");
|
|
341
398
|
} else if (response.error === "unauthorized") {
|
|
@@ -360,6 +417,7 @@ function getUserFromApiRouteRequest(req, res, forceRefresh = false) {
|
|
|
360
417
|
return __async(this, null, function* () {
|
|
361
418
|
const accessToken = req.cookies[ACCESS_TOKEN_COOKIE_NAME];
|
|
362
419
|
const refreshToken = req.cookies[REFRESH_TOKEN_COOKIE_NAME];
|
|
420
|
+
const activeOrgId = req.cookies[ACTIVE_ORG_ID_COOKIE_NAME];
|
|
363
421
|
if (accessToken && !forceRefresh) {
|
|
364
422
|
const user = yield validateAccessTokenOrUndefined(accessToken);
|
|
365
423
|
if (user) {
|
|
@@ -367,7 +425,7 @@ function getUserFromApiRouteRequest(req, res, forceRefresh = false) {
|
|
|
367
425
|
}
|
|
368
426
|
}
|
|
369
427
|
if (refreshToken) {
|
|
370
|
-
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken);
|
|
428
|
+
const response = yield refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId);
|
|
371
429
|
if (response.error === "unexpected") {
|
|
372
430
|
throw new Error("Unexpected error while refreshing access token");
|
|
373
431
|
} else if (response.error === "unauthorized") {
|