@prove-identity/prove-auth 2.3.2

package/build/lib/proveauth/internal/report-error-step.js

@@ -0,0 +1,88 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const logger_1 = require("../common/logger");
+const auth_error_1 = __importDefault(require("./auth-error"));
+const base_authenticator_1 = __importDefault(require("./base-authenticator"));
+const device_passive_register_step_1 = __importDefault(require("./device-passive-register-step"));
+const device_passive_silent_step_1 = __importDefault(require("./device-passive-silent-step"));
+const device_passive_step_1 = __importDefault(require("./device-passive-step"));
+const device_passive_verify_step_1 = __importDefault(require("./device-passive-verify-step"));
+const mobile_instant_step_1 = __importDefault(require("./mobile-instant-step"));
+const mobile_instantlink_step_1 = __importDefault(require("./mobile-instantlink-step"));
+const mobile_otp_step_1 = __importDefault(require("./mobile-otp-step"));
+const user_present_step_1 = __importDefault(require("./user-present-step"));
+class ReportErrorStep {
+    constructor(error) {
+        this.logger = logger_1.LoggerFactory.getLogger('report-error-step');
+        this._message = 'Unknown error';
+        this.reportable = true;
+        this.name = 'error';
+        if (error instanceof auth_error_1.default) {
+            const authError = error;
+            this._message = authError.message;
+            this._code = authError.code;
+            this.nextStep = authError.nextStep;
+            this.reportable = authError.reportable;
+        }
+        else if (error) {
+            this._message = auth_error_1.default.extractMessage(error);
+        }
+        if (!this._message) {
+            this.logger.warn('Unexpected error: ' + error);
+        }
+    }
+    get code() {
+        return this._code;
+    }
+    get message() {
+        return this._message;
+    }
+    execute(session) {
+        let logMessage = `Authentication step ${session.lastStep} failed`;
+        if (this._code) {
+            logMessage = logMessage + ', code: ' + this._code;
+        }
+        if (this._message) {
+            logMessage = logMessage + ', message: ' + this._message;
+        }
+        this.logger.error(logMessage);
+        if (this.nextStep === base_authenticator_1.default.AUTH_DONE) {
+            return Promise.resolve(base_authenticator_1.default.AUTH_DONE);
+        }
+        else if (!this.nextStep || this.reportable) {
+            return new Promise((resolve, reject) => {
+                const errorKind = this.getKind(session.lastStep);
+                session
+                    .fetchFromBackend(`/v1/client/${errorKind}/error`, {
+                    code: this._code ? this._code : undefined,
+                    message: this._message,
+                })
+                    .then((response) => {
+                    resolve(response.next);
+                })
+                    .catch(reject);
+            });
+        }
+        else {
+            return Promise.resolve(this.nextStep);
+        }
+    }
+    getKind(last) {
+        const defaultKind = 'device/passive';
+        return last ? ReportErrorStep.errorKinds.get(last) || defaultKind : defaultKind;
+    }
+}
+ReportErrorStep.errorKinds = new Map([
+    [device_passive_step_1.default.NAME, 'device/passive'],
+    [device_passive_silent_step_1.default.NAME, 'device/passive'],
+    [device_passive_register_step_1.default.NAME, 'device/fido2'],
+    [device_passive_verify_step_1.default.NAME, 'device/fido2'],
+    [mobile_instant_step_1.default.NAME, 'mobile/instant'],
+    [mobile_instantlink_step_1.default.NAME, 'mobile/instantlink'],
+    [mobile_otp_step_1.default.NAME, 'mobile/otp'],
+    [user_present_step_1.default.NAME, 'user/mobileactive'],
+]);
+exports.default = ReportErrorStep;

package/build/lib/proveauth/internal/request-signer-v3.d.ts

@@ -0,0 +1,10 @@
+import { AuthSessionIntegration, RequestSignature, RequestSigner } from './platform';
+export default class RequestSignerV3 implements RequestSigner {
+    private readonly log;
+    private readonly session;
+    private cachedChallenge?;
+    constructor(session: AuthSessionIntegration);
+    sign(method: string, path: string, query: string, contentType: string, body: string): Promise<RequestSignature | null>;
+    private getChallenge;
+    private getHash;
+}

package/build/lib/proveauth/internal/request-signer-v3.js

@@ -0,0 +1,104 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const logger_1 = require("../common/logger");
+const platform_1 = require("./platform");
+const SIGNATURE_VERSION = '3';
+const FUDGE_FACTOR = 60;
+const SIGN_REQUESTS = [
+    '/v1/client/stepup/unregister',
+    '/v1/client/device/unregister',
+    '/v1/client/device/passive/error',
+    '/v1/client/mobile/instant/error',
+    '/v1/client/mobile/otp/error',
+    '/v1/client/user/mobileactive',
+    '/v1/client/user/mobileactive/error',
+];
+class RequestSignerV3 {
+    constructor(session) {
+        this.log = logger_1.LoggerFactory.getLogger('request-signer');
+        this.session = session;
+    }
+    sign(method, path, query, contentType, body) {
+        return new Promise((resolve, reject) => {
+            this.session
+                .getDeviceRegistration()
+                .then((registration) => {
+                if (!registration || !registration.deviceId) {
+                    this.log.debug('Device not registered, cannot sign');
+                    resolve(null);
+                    return;
+                }
+                if (!SIGN_REQUESTS.includes(path)) {
+                    this.log.debug('No signing needed for ' + path);
+                    resolve(null);
+                    return;
+                }
+                Promise.all([this.getChallenge(registration.deviceId), this.getHash(body)])
+                    .then((results) => {
+                    const challenge = results[0];
+                    const bodyHash = results[1];
+                    const dataToSign = method +
+                        '\n' +
+                        path +
+                        '\n' +
+                        query +
+                        '\n' +
+                        contentType +
+                        '\n' +
+                        challenge +
+                        '\n' +
+                        bodyHash;
+                    registration
+                        .sign(dataToSign)
+                        .then((signature) => resolve({
+                        version: SIGNATURE_VERSION,
+                        challenge: challenge,
+                        signature: signature,
+                        keyId: registration.keyId,
+                    }))
+                        .catch(reject);
+                })
+                    .catch(reject);
+            })
+                .catch(reject);
+        });
+    }
+    getChallenge(deviceId) {
+        return new Promise((resolve, reject) => {
+            if (this.cachedChallenge &&
+                this.cachedChallenge.receivedAt &&
+                this.cachedChallenge.ttl &&
+                this.cachedChallenge.deviceId === deviceId &&
+                this.cachedChallenge.receivedAt + this.cachedChallenge.ttl - FUDGE_FACTOR > (0, platform_1.getUnixTime)()) {
+                resolve(this.cachedChallenge.challenge);
+                return;
+            }
+            this.session
+                .fetchFromBackend('/v1/client/challenge', {
+                deviceId: deviceId,
+            })
+                .then((response) => response)
+                .then((response) => {
+                var _a;
+                if (response.error) {
+                    reject((_a = response.error) === null || _a === void 0 ? void 0 : _a.message);
+                }
+                else {
+                    response.receivedAt = (0, platform_1.getUnixTime)();
+                    this.cachedChallenge = response;
+                    resolve(response.challenge);
+                }
+            })
+                .catch(reject);
+        });
+    }
+    getHash(data) {
+        return new Promise((resolve, reject) => {
+            crypto.subtle
+                .digest('SHA-256', (0, platform_1.stringToArrayBuffer)(data))
+                .then((hash) => resolve((0, platform_1.arrayBufferToHexString)(hash)))
+                .catch(reject);
+        });
+    }
+}
+exports.default = RequestSignerV3;

package/build/lib/proveauth/internal/scan-message-step.d.ts

@@ -0,0 +1,11 @@
+import { AuthMessageHandler } from '../authenticator-builder';
+import AuthSession from './auth-session';
+import AuthStep from './auth-step';
+export default class ScanMessageStep implements AuthStep {
+    static readonly NAME = "scan/message";
+    private readonly log;
+    private readonly authMessageHandler;
+    constructor(authMessageHandler: AuthMessageHandler | undefined);
+    readonly name = "scan/message";
+    execute(session: AuthSession): Promise<string>;
+}

package/build/lib/proveauth/internal/scan-message-step.js

@@ -0,0 +1,45 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const auth_error_1 = __importDefault(require("./auth-error"));
+const logger_1 = require("../common/logger");
+class ScanMessageStep {
+    constructor(authMessageHandler) {
+        this.log = logger_1.LoggerFactory.getLogger('scan-message-step');
+        this.name = ScanMessageStep.NAME;
+        this.authMessageHandler = authMessageHandler;
+    }
+    execute(session) {
+        return new Promise((resolve, reject) => {
+            if (!this.authMessageHandler) {
+                reject(new auth_error_1.default('Failed to process auth message, the handler was not specified'));
+            }
+            else {
+                if (!session.authMessage) {
+                    this.log.warn('Auth message is missing');
+                    session.authMessage = {};
+                }
+                this.authMessageHandler(session.authMessage)
+                    .then((status) => {
+                    session
+                        .fetchFromBackend('/v1/client/user/response', {
+                        response: status,
+                    })
+                        .then((response) => {
+                        if (response.error) {
+                            reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                        }
+                        else {
+                            resolve(response.next);
+                        }
+                    });
+                })
+                    .catch(reject);
+            }
+        });
+    }
+}
+ScanMessageStep.NAME = 'scan/message';
+exports.default = ScanMessageStep;

package/build/lib/proveauth/internal/secondary-authenticator.d.ts

@@ -0,0 +1,10 @@
+import AuthFinishStep from '../auth-finish-step';
+import AuthSession from './auth-session';
+import Platform from './platform';
+import CancelablePromise from '../common/cancelable-promise';
+import AuthStep from './auth-step';
+import PrimaryAuthenticator from './primary-authenticator';
+export default class SecondaryAuthenticator extends PrimaryAuthenticator {
+    constructor(platform?: Platform, storage?: Storage, finishStep?: AuthFinishStep, steps?: Array<AuthStep>);
+    process(session: AuthSession): CancelablePromise<void>;
+}

package/build/lib/proveauth/internal/secondary-authenticator.js

@@ -0,0 +1,65 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const logger_1 = require("../common/logger");
+const cancelable_promise_1 = __importDefault(require("../common/cancelable-promise"));
+const auth_error_1 = __importDefault(require("./auth-error"));
+const primary_authenticator_1 = __importDefault(require("./primary-authenticator"));
+class SecondaryAuthenticator extends primary_authenticator_1.default {
+    constructor(platform, storage, finishStep, steps) {
+        super(platform, storage, finishStep, steps);
+        this.log = logger_1.LoggerFactory.getLogger('secondary-authenticator');
+    }
+    process(session) {
+        return new cancelable_promise_1.default((resolve, reject, onCancel) => {
+            var gotResponse = false;
+            var channel;
+            var runSteps = super.process(session);
+            runSteps
+                .then(() => {
+                channel = session.createMessageChannel('/v1/client/status', () => {
+                    if (!gotResponse) {
+                        reject(new auth_error_1.default('Failed to receive secondary authentication status, no response'));
+                    }
+                }, (errorMessage) => {
+                    gotResponse = true;
+                    this.log.error('Failed: ' + errorMessage);
+                    reject(new auth_error_1.default('Failed to receive secondary authentication status: ' + errorMessage));
+                }, (data) => {
+                    gotResponse = true;
+                    try {
+                        this.log.debug(('Secondary authentication status: ' + data));
+                        const response = JSON.parse(data);
+                        if (response.error) {
+                            reject(new auth_error_1.default(response.error.message, response.error.code, response.next));
+                        }
+                        else {
+                            session.lastStep = response.next;
+                            resolve();
+                        }
+                    }
+                    catch (e) {
+                        reject(e);
+                    }
+                    finally {
+                        channel.close();
+                    }
+                });
+            })
+                .catch(reject);
+            onCancel(() => {
+                gotResponse = true;
+                if (runSteps) {
+                    runSteps.cancel();
+                }
+                if (channel) {
+                    channel.close();
+                }
+                resolve();
+            });
+        });
+    }
+}
+exports.default = SecondaryAuthenticator;

package/build/lib/proveauth/internal/settings.d.ts

@@ -0,0 +1,18 @@
+export default class Settings {
+    static readonly KEY_PREFIX = "ProveAuth";
+    static readonly DEVICE_ID_KEY = "DeviceId";
+    static readonly NAMESPACE_KEY = "namespace";
+    static readonly FIDO_PASSKEY_REGISTERED_KEY = "fidoPasskeyRegistered";
+    private readonly log;
+    private storage;
+    constructor(storage: Storage);
+    reset(): void;
+    get deviceId(): string | null;
+    set deviceId(val: string | null);
+    get fidoPasskeyRegistered(): boolean;
+    set fidoPasskeyRegistered(val: boolean);
+    get namespace(): string | null;
+    set namespace(val: string | null);
+    private getKey;
+    private setOrRemove;
+}

package/build/lib/proveauth/internal/settings.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const logger_1 = require("../common/logger");
+class Settings {
+    constructor(storage) {
+        this.log = logger_1.LoggerFactory.getLogger('settings');
+        this.storage = storage;
+    }
+    reset() {
+        this.log.trace('reset');
+        this.deviceId = null;
+        this.namespace = null;
+        this.fidoPasskeyRegistered = false;
+    }
+    get deviceId() {
+        return this.storage.getItem(this.getKey(Settings.DEVICE_ID_KEY));
+    }
+    set deviceId(val) {
+        this.setOrRemove(Settings.DEVICE_ID_KEY, val);
+    }
+    get fidoPasskeyRegistered() {
+        return this.storage.getItem(this.getKey(Settings.FIDO_PASSKEY_REGISTERED_KEY)) === 'true';
+    }
+    set fidoPasskeyRegistered(val) {
+        this.setOrRemove(Settings.FIDO_PASSKEY_REGISTERED_KEY, val ? 'true' : null);
+    }
+    get namespace() {
+        return this.storage.getItem(this.getKey(Settings.NAMESPACE_KEY));
+    }
+    set namespace(val) {
+        this.log.trace('namespace set to ' + val);
+        this.setOrRemove(Settings.NAMESPACE_KEY, val);
+    }
+    getKey(key) {
+        return `${Settings.KEY_PREFIX}.${key}`;
+    }
+    setOrRemove(key, val) {
+        if (val) {
+            this.storage.setItem(this.getKey(key), val);
+        }
+        else {
+            this.storage.removeItem(this.getKey(key));
+        }
+    }
+}
+Settings.KEY_PREFIX = 'ProveAuth';
+Settings.DEVICE_ID_KEY = 'DeviceId';
+Settings.NAMESPACE_KEY = 'namespace';
+Settings.FIDO_PASSKEY_REGISTERED_KEY = 'fidoPasskeyRegistered';
+exports.default = Settings;

package/build/lib/proveauth/internal/user-mobileactive-step.d.ts

@@ -0,0 +1,7 @@
+import AuthSession from './auth-session';
+import AuthStep from './auth-step';
+export default class UserMobileActiveStep implements AuthStep {
+    static readonly NAME = "user/mobileactive";
+    readonly name = "user/mobileactive";
+    execute(session: AuthSession): Promise<string>;
+}

package/build/lib/proveauth/internal/user-mobileactive-step.js

@@ -0,0 +1,18 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const auth_error_1 = __importDefault(require("./auth-error"));
+class UserMobileActiveStep {
+    constructor() {
+        this.name = UserMobileActiveStep.NAME;
+    }
+    execute(session) {
+        return new Promise((resolve, reject) => {
+            reject(new auth_error_1.default(`Step ${this.name} is not supported yet`));
+        });
+    }
+}
+UserMobileActiveStep.NAME = 'user/mobileactive';
+exports.default = UserMobileActiveStep;

package/build/lib/proveauth/internal/user-present-step.d.ts

@@ -0,0 +1,7 @@
+import AuthSession from './auth-session';
+import AuthStep from './auth-step';
+export default class UserPresentStep implements AuthStep {
+    static readonly NAME = "user/present";
+    readonly name = "user/present";
+    execute(session: AuthSession): Promise<string>;
+}

package/build/lib/proveauth/internal/user-present-step.js

@@ -0,0 +1,18 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const auth_error_1 = __importDefault(require("./auth-error"));
+class UserPresentStep {
+    constructor() {
+        this.name = UserPresentStep.NAME;
+    }
+    execute(session) {
+        return new Promise((resolve, reject) => {
+            reject(new auth_error_1.default(`Step ${this.name} is not supported yet`));
+        });
+    }
+}
+UserPresentStep.NAME = 'user/present';
+exports.default = UserPresentStep;

package/build/lib/proveauth/internal/web-device-auth.d.ts

@@ -0,0 +1,32 @@
+import { AuthRegistration } from './auth-request';
+import DeviceAuth, { DeviceRegistration, DeviceRegistrationOptions } from './device-auth';
+export declare class WebDeviceRegistration implements DeviceRegistration {
+    private keys?;
+    deviceId: string | null;
+    readonly namespace: string;
+    readonly keyId: string;
+    readonly algorithm: string;
+    readonly endpoint: string;
+    readonly createdAt: number;
+    constructor(options: DeviceRegistrationOptions | any);
+    sign(data: string): Promise<string>;
+    getPublicKey(): Promise<string>;
+    getAuthRegistration(challenge: string): Promise<AuthRegistration>;
+    private initialize;
+    private p1363ToDer;
+    private lenVal;
+}
+export default class WebDeviceAuth implements DeviceAuth {
+    static readonly DB_VERSION = 1;
+    static readonly DB_NAME = "ProveAuth";
+    static readonly DB_STORE = "Registrations";
+    private readonly dbFactory;
+    private readonly log;
+    constructor(dbFactory: IDBFactory);
+    createRegistration(options: DeviceRegistrationOptions): Promise<DeviceRegistration>;
+    getRegistration(namespace: string): Promise<DeviceRegistration | null>;
+    storeRegistration(registration: DeviceRegistration): Promise<void>;
+    deleteRegistration(namespace: string): Promise<void>;
+    reset(): Promise<void>;
+    private openDatabase;
+}