@proveanything/smartlinks-auth-ui 0.4.10 → 0.4.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/components/SmartlinksAuthUI.d.ts.map +1 -1
  2. package/dist/index.esm.js +20 -6
  3. package/dist/index.esm.js.map +1 -1
  4. package/dist/index.js +20 -6
  5. package/dist/index.js.map +1 -1
  6. package/package.json +1 -1
package/dist/components/SmartlinksAuthUI.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SmartlinksAuthUI.d.ts","sourceRoot":"","sources":["../../src/components/SmartlinksAuthUI.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAuC,MAAM,OAAO,CAAC;AAY5D,OAAO,KAAK,EAAE,qBAAqB,EAAyF,MAAM,UAAU,CAAC;AA4N7I,QAAA,MAAM,mBAAmB,QAAa,OAAO,CAAC,IAAI,CAqBjD,CAAC;AAqDF,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAI/B,eAAO,MAAM,gBAAgB,EAAE,KAAK,CAAC,EAAE,CAAC,qBAAqB,CAk5D5D,CAAC"}
1
+ {"version":3,"file":"SmartlinksAuthUI.d.ts","sourceRoot":"","sources":["../../src/components/SmartlinksAuthUI.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAuC,MAAM,OAAO,CAAC;AAY5D,OAAO,KAAK,EAAE,qBAAqB,EAAyF,MAAM,UAAU,CAAC;AA0O7I,QAAA,MAAM,mBAAmB,QAAa,OAAO,CAAC,IAAI,CAqBjD,CAAC;AAqDF,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAI/B,eAAO,MAAM,gBAAgB,EAAE,KAAK,CAAC,EAAE,CAAC,qBAAqB,CAk5D5D,CAAC"}
package/dist/index.esm.js CHANGED
@@ -12597,6 +12597,18 @@ const useAuth = () => {
12597
12597
  // VERSION: Update this when making changes to help identify which version is running
12598
12598
  const AUTH_UI_VERSION = '46';
12599
12599
  const LOG_PREFIX = `[SmartlinksAuthUI:v${AUTH_UI_VERSION}]`;
12600
+ // Normalize malformed query strings where a second '?' is used instead of '&'.
12601
+ // Some host platforms append "?mode=...&token=..." to a URL that already has a "?pageId=...",
12602
+ // resulting in "?pageId=xxx?mode=resetPassword&token=yyy". Convert any extra '?' to '&'
12603
+ // so URLSearchParams can parse mode/token correctly.
12604
+ const normalizeQueryString = (query) => {
12605
+ // Strip a single leading '?' if present, then replace any remaining '?' with '&'
12606
+ const withoutLead = query.startsWith('?') ? query.slice(1) : query;
12607
+ return withoutLead.replace(/\?/g, '&');
12608
+ };
12609
+ const buildSearchParams = (rawQuery) => {
12610
+ return new URLSearchParams(normalizeQueryString(rawQuery));
12611
+ };
12600
12612
  // Helper to check for URL auth params synchronously (runs during initialization)
12601
12613
  // This prevents the form from flashing before detecting deep-link flows
12602
12614
  const getInitialUrlAuthParams = () => {
@@ -12604,8 +12616,8 @@ const getInitialUrlAuthParams = () => {
12604
12616
  const hash = window.location.hash;
12605
12617
  const hashQueryIndex = hash.indexOf('?');
12606
12618
  const params = hashQueryIndex !== -1
12607
- ? new URLSearchParams(hash.substring(hashQueryIndex + 1))
12608
- : new URLSearchParams(window.location.search);
12619
+ ? buildSearchParams(hash.substring(hashQueryIndex + 1))
12620
+ : buildSearchParams(window.location.search);
12609
12621
  return {
12610
12622
  mode: params.get('mode'),
12611
12623
  token: params.get('token'),
@@ -12651,7 +12663,9 @@ const WHITELISTED_GOOGLE_OAUTH_HOSTS = [
12651
12663
  ];
12652
12664
  /**
12653
12665
  * Check if the current domain is whitelisted for direct Google OAuth.
12654
- * Uses exact hostname match (plus subdomain match for smartlinks.app production).
12666
+ * Uses EXACT hostname match only subdomains (e.g. hubdev.smartlinks.app)
12667
+ * are NOT auto-whitelisted because they're not registered with Google Cloud Console.
12668
+ * Unregistered domains must route through the Google OAuth proxy.
12655
12669
  * Merges the hardcoded list with any additional domains from auth kit config.
12656
12670
  * Returns true if OneTap/inline flow can work without a proxy.
12657
12671
  */
@@ -12660,7 +12674,7 @@ const isWhitelistedGoogleDomain = (additionalDomains) => {
12660
12674
  const allDomains = additionalDomains?.length
12661
12675
  ? [...WHITELISTED_GOOGLE_OAUTH_HOSTS, ...additionalDomains]
12662
12676
  : WHITELISTED_GOOGLE_OAUTH_HOSTS;
12663
- return allDomains.some(domain => hostname === domain || hostname.endsWith(`.${domain}`));
12677
+ return allDomains.some(domain => hostname === domain);
12664
12678
  };
12665
12679
  // Default auth UI configuration when no clientId is provided
12666
12680
  const DEFAULT_AUTH_CONFIG = {
@@ -13079,10 +13093,10 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
13079
13093
  if (hashQueryIndex !== -1) {
13080
13094
  // Extract query string from hash (e.g., #/test?mode=verifyEmail&token=abc)
13081
13095
  const hashQuery = hash.substring(hashQueryIndex + 1);
13082
- return new URLSearchParams(hashQuery);
13096
+ return buildSearchParams(hashQuery);
13083
13097
  }
13084
13098
  // Fall back to regular search params (for non-hash routing)
13085
- return new URLSearchParams(window.location.search);
13099
+ return buildSearchParams(window.location.search);
13086
13100
  };
13087
13101
  const params = getUrlParams();
13088
13102
  const urlMode = params.get('mode');