@rockcarver/frodo-lib 2.0.0-3 → 2.0.0-4

package/cjs/ops/AuthenticateOps.js

@@ -89,31 +89,49 @@ function _determineCookieName() {
     var data = yield (0, _ServerInfoApi.getServerInfo)({
       state
     });
-    (0, _Console.debugMessage)("AuthenticateOps.determineCookieName: cookieName=".concat(data.cookieName));
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.determineCookieName: cookieName=".concat(data.cookieName),
+      state
+    });
     return data.cookieName;
   });
   return _determineCookieName.apply(this, arguments);
 }
 function checkAndHandle2FA(payload, state) {
-  (0, _Console.debugMessage)("AuthenticateOps.checkAndHandle2FA: start");
+  (0, _Console.debugMessage)({
+    message: "AuthenticateOps.checkAndHandle2FA: start",
+    state
+  });
   // let skippable = false;
   if ('callbacks' in payload) {
     for (var callback of payload.callbacks) {
       // select localAuthentication if Admin Federation is enabled
       if (callback.type === 'SelectIdPCallback') {
-        (0, _Console.debugMessage)("AuthenticateOps.checkAndHandle2FA: Admin federation enabled. Allowed providers:");
+        (0, _Console.debugMessage)({
+          message: "AuthenticateOps.checkAndHandle2FA: Admin federation enabled. Allowed providers:",
+          state
+        });
         var localAuth = false;
         for (var value of callback.output[0].value) {
-          (0, _Console.debugMessage)("".concat(value.provider));
+          (0, _Console.debugMessage)({
+            message: "".concat(value.provider),
+            state
+          });
           if (value.provider === 'localAuthentication') {
             localAuth = true;
           }
         }
         if (localAuth) {
-          (0, _Console.debugMessage)("local auth allowed");
+          (0, _Console.debugMessage)({
+            message: "local auth allowed",
+            state
+          });
           callback.input[0].value = 'localAuthentication';
         } else {
-          (0, _Console.debugMessage)("local auth NOT allowed");
+          (0, _Console.debugMessage)({
+            message: "local auth NOT allowed",
+            state
+          });
         }
       }
       if (callback.type === 'HiddenValueCallback') {
@@ -134,7 +152,10 @@ function checkAndHandle2FA(payload, state) {
 
         if (callback.input[0].value.includes('webAuthnOutcome')) {
           // webauthn!!!
-          (0, _Console.debugMessage)("AuthenticateOps.checkAndHandle2FA: end [need2fa=true, unsupported factor: webauthn]");
+          (0, _Console.debugMessage)({
+            message: "AuthenticateOps.checkAndHandle2FA: end [need2fa=true, unsupported factor: webauthn]",
+            state
+          });
           return {
             nextStep: false,
             need2fa: true,
@@ -147,11 +168,20 @@ function checkAndHandle2FA(payload, state) {
       if (callback.type === 'NameCallback') {
         if (callback.output[0].value.includes('code')) {
           // skippable = false;
-          (0, _Console.debugMessage)("AuthenticateOps.checkAndHandle2FA: need2fa=true, skippable=false");
-          (0, _Console.printMessage)('2FA is enabled and required for this user...');
+          (0, _Console.debugMessage)({
+            message: "AuthenticateOps.checkAndHandle2FA: need2fa=true, skippable=false",
+            state
+          });
+          (0, _Console.printMessage)({
+            message: '2FA is enabled and required for this user...',
+            state
+          });
           var code = _readlineSync.default.question("".concat(callback.output[0].value, ": "));
           callback.input[0].value = code;
-          (0, _Console.debugMessage)("AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=false, factor=Code]");
+          (0, _Console.debugMessage)({
+            message: "AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=false, factor=Code]",
+            state
+          });
           return {
             nextStep: true,
             need2fa: true,
@@ -169,7 +199,10 @@ function checkAndHandle2FA(payload, state) {
         callback.input[0].value = state.getPassword();
       }
     }
-    (0, _Console.debugMessage)("AuthenticateOps.checkAndHandle2FA: end [need2fa=false]");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.checkAndHandle2FA: end [need2fa=false]",
+      state
+    });
     // debugMessage(payload);
     return {
       nextStep: true,
@@ -179,7 +212,10 @@ function checkAndHandle2FA(payload, state) {
       payload
     };
   }
-  (0, _Console.debugMessage)("AuthenticateOps.checkAndHandle2FA: end [need2fa=false]");
+  (0, _Console.debugMessage)({
+    message: "AuthenticateOps.checkAndHandle2FA: end [need2fa=false]",
+    state
+  });
   // debugMessage(payload);
   return {
     nextStep: false,
@@ -244,7 +280,10 @@ function _determineDeploymentType() {
       var _e$response, _e$response$headers, _e$response$headers$l;
       // debugMessage(e.response);
       if (((_e$response = e.response) === null || _e$response === void 0 ? void 0 : _e$response.status) === 302 && ((_e$response$headers = e.response.headers) === null || _e$response$headers === void 0 ? void 0 : (_e$response$headers$l = _e$response$headers.location) === null || _e$response$headers$l === void 0 ? void 0 : _e$response$headers$l.indexOf('code=')) > -1) {
-        (0, _Console.verboseMessage)("ForgeRock Identity Cloud"['brightCyan'] + " detected.");
+        (0, _Console.verboseMessage)({
+          message: "ForgeRock Identity Cloud"['brightCyan'] + " detected.",
+          state
+        });
         deploymentType = globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;
       } else {
         try {
@@ -259,10 +298,16 @@ function _determineDeploymentType() {
           var _ex$response, _ex$response$headers, _ex$response$headers$;
           if (((_ex$response = ex.response) === null || _ex$response === void 0 ? void 0 : _ex$response.status) === 302 && ((_ex$response$headers = ex.response.headers) === null || _ex$response$headers === void 0 ? void 0 : (_ex$response$headers$ = _ex$response$headers.location) === null || _ex$response$headers$ === void 0 ? void 0 : _ex$response$headers$.indexOf('code=')) > -1) {
             adminClientId = forgeopsClientId;
-            (0, _Console.verboseMessage)("ForgeOps deployment"['brightCyan'] + " detected.");
+            (0, _Console.verboseMessage)({
+              message: "ForgeOps deployment"['brightCyan'] + " detected.",
+              state
+            });
             deploymentType = globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY;
           } else {
-            (0, _Console.verboseMessage)("Classic deployment"['brightCyan'] + " detected.");
+            (0, _Console.verboseMessage)({
+              message: "Classic deployment"['brightCyan'] + " detected.",
+              state
+            });
           }
         }
       }
@@ -299,7 +344,10 @@ function authenticate(_x3) {
  */
 function _authenticate() {
   _authenticate = _asyncToGenerator(function* (state) {
-    (0, _Console.debugMessage)("AuthenticateOps.authenticate: start");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.authenticate: start",
+      state
+    });
     var config = {
       headers: {
         'X-OpenAM-Username': state.getUsername(),
@@ -329,11 +377,17 @@ function _authenticate() {
         });
       }
       if ('tokenId' in response) {
-        (0, _Console.debugMessage)("AuthenticateOps.authenticate: end [tokenId=".concat(response['tokenId'], "]"));
+        (0, _Console.debugMessage)({
+          message: "AuthenticateOps.authenticate: end [tokenId=".concat(response['tokenId'], "]"),
+          state
+        });
         return response['tokenId'];
       }
     } while (skip2FA.nextStep && steps < maxSteps);
-    (0, _Console.debugMessage)("AuthenticateOps.authenticate: end [no session]");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.authenticate: end [no session]",
+      state
+    });
     return null;
   });
   return _authenticate.apply(this, arguments);
@@ -369,8 +423,16 @@ function _getAuthCode() {
         response = error.response;
       }
       if (response.status < 200 || response.status > 399) {
-        (0, _Console.printMessage)('error getting auth code', 'error');
-        (0, _Console.printMessage)('likely cause: mismatched parameters with OAuth client config', 'error');
+        (0, _Console.printMessage)({
+          message: 'error getting auth code',
+          type: 'error',
+          state
+        });
+        (0, _Console.printMessage)({
+          message: 'likely cause: mismatched parameters with OAuth client config',
+          type: 'error',
+          state
+        });
         return null;
       }
       var redirectLocationURL = (_response$headers = response.headers) === null || _response$headers === void 0 ? void 0 : _response$headers.location;
@@ -378,13 +440,28 @@ function _getAuthCode() {
       if ('code' in queryObject) {
         return queryObject.code;
       }
-      (0, _Console.printMessage)('auth code not found', 'error');
+      (0, _Console.printMessage)({
+        message: 'auth code not found',
+        type: 'error',
+        state
+      });
       return null;
     } catch (error) {
       var _error$response;
-      (0, _Console.printMessage)("error getting auth code - ".concat(error.message), 'error');
-      (0, _Console.printMessage)((_error$response = error.response) === null || _error$response === void 0 ? void 0 : _error$response.data, 'error');
-      (0, _Console.debugMessage)(error.stack);
+      (0, _Console.printMessage)({
+        message: "error getting auth code - ".concat(error.message),
+        type: 'error',
+        state
+      });
+      (0, _Console.printMessage)({
+        message: (_error$response = error.response) === null || _error$response === void 0 ? void 0 : _error$response.data,
+        type: 'error',
+        state
+      });
+      (0, _Console.debugMessage)({
+        message: error.stack,
+        state
+      });
       return null;
     }
   });
@@ -395,7 +472,10 @@ function getAccessTokenForUser(_x8) {
 }
 function _getAccessTokenForUser() {
   _getAccessTokenForUser = _asyncToGenerator(function* (state) {
-    (0, _Console.debugMessage)("AuthenticateOps.getAccessTokenForUser: start");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.getAccessTokenForUser: start",
+      state
+    });
     try {
       var verifier = (0, _Base.encodeBase64Url)((0, _crypto.randomBytes)(32));
       var challenge = (0, _Base.encodeBase64Url)((0, _crypto.createHash)('sha256').update(verifier).digest());
@@ -403,7 +483,11 @@ function _getAccessTokenForUser() {
       var redirectURL = _url.default.resolve(state.getHost(), redirectUrlTemplate);
       var authCode = yield getAuthCode(redirectURL, challenge, challengeMethod, state);
       if (authCode == null) {
-        (0, _Console.printMessage)('error getting auth code', 'error');
+        (0, _Console.printMessage)({
+          message: 'error getting auth code',
+          type: 'error',
+          state
+        });
         return null;
       }
       var response = null;
@@ -431,16 +515,32 @@ function _getAccessTokenForUser() {
         });
       }
       if ('access_token' in response.data) {
-        (0, _Console.debugMessage)("AuthenticateOps.getAccessTokenForUser: end with token");
+        (0, _Console.debugMessage)({
+          message: "AuthenticateOps.getAccessTokenForUser: end with token",
+          state
+        });
         return response.data.access_token;
       }
-      (0, _Console.printMessage)('No access token in response.', 'error');
+      (0, _Console.printMessage)({
+        message: 'No access token in response.',
+        type: 'error',
+        state
+      });
     } catch (error) {
       var _error$response2;
-      (0, _Console.debugMessage)("Error getting access token for user: ".concat(error));
-      (0, _Console.debugMessage)((_error$response2 = error.response) === null || _error$response2 === void 0 ? void 0 : _error$response2.data);
+      (0, _Console.debugMessage)({
+        message: "Error getting access token for user: ".concat(error),
+        state
+      });
+      (0, _Console.debugMessage)({
+        message: (_error$response2 = error.response) === null || _error$response2 === void 0 ? void 0 : _error$response2.data,
+        state
+      });
     }
-    (0, _Console.debugMessage)("AuthenticateOps.getAccessTokenForUser: end without token");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.getAccessTokenForUser: end without token",
+      state
+    });
     return null;
   });
   return _getAccessTokenForUser.apply(this, arguments);
@@ -489,13 +589,28 @@ function _getAccessTokenForServiceAccount() {
     } = _ref;
     saId = saId ? saId : state.getServiceAccountId();
     saJwk = saJwk ? saJwk : state.getServiceAccountJwk();
-    (0, _Console.debugMessage)("AuthenticateOps.getAccessTokenForServiceAccount: start");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.getAccessTokenForServiceAccount: start",
+      state
+    });
     var payload = createPayload(saId, state.getHost());
-    (0, _Console.debugMessage)("AuthenticateOps.getAccessTokenForServiceAccount: payload:");
-    (0, _Console.debugMessage)(payload);
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.getAccessTokenForServiceAccount: payload:",
+      state
+    });
+    (0, _Console.debugMessage)({
+      message: payload,
+      state
+    });
     var jwt = yield (0, _JoseOps.createSignedJwtToken)(payload, saJwk);
-    (0, _Console.debugMessage)("AuthenticateOps.getAccessTokenForServiceAccount: jwt:");
-    (0, _Console.debugMessage)(jwt);
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.getAccessTokenForServiceAccount: jwt:",
+      state
+    });
+    (0, _Console.debugMessage)({
+      message: jwt,
+      state
+    });
     var bodyFormData = "assertion=".concat(jwt, "&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=").concat(serviceAccountScopes);
     var response = yield (0, _OAuth2OIDCApi.accessToken)({
       amBaseUrl: state.getHost(),
@@ -504,13 +619,28 @@ function _getAccessTokenForServiceAccount() {
       state
     });
     if ('access_token' in response.data) {
-      (0, _Console.debugMessage)("AuthenticateOps.getAccessTokenForServiceAccount: token:");
-      (0, _Console.debugMessage)(response.data.access_token);
-      (0, _Console.debugMessage)("AuthenticateOps.getAccessTokenForServiceAccount: end");
+      (0, _Console.debugMessage)({
+        message: "AuthenticateOps.getAccessTokenForServiceAccount: token:",
+        state
+      });
+      (0, _Console.debugMessage)({
+        message: response.data.access_token,
+        state
+      });
+      (0, _Console.debugMessage)({
+        message: "AuthenticateOps.getAccessTokenForServiceAccount: end",
+        state
+      });
       return response.data.access_token;
     }
-    (0, _Console.debugMessage)("AuthenticateOps.getAccessTokenForServiceAccount: No access token in response.");
-    (0, _Console.debugMessage)("AuthenticateOps.getAccessTokenForServiceAccount: end");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.getAccessTokenForServiceAccount: No access token in response.",
+      state
+    });
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.getAccessTokenForServiceAccount: end",
+      state
+    });
     return null;
   });
   return _getAccessTokenForServiceAccount.apply(this, arguments);
@@ -525,21 +655,33 @@ function determineDeploymentTypeAndDefaultRealmAndVersion(_x10) {
  */
 function _determineDeploymentTypeAndDefaultRealmAndVersion() {
   _determineDeploymentTypeAndDefaultRealmAndVersion = _asyncToGenerator(function* (state) {
-    (0, _Console.debugMessage)("AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start",
+      state
+    });
     if (!state.getDeploymentType()) {
       state.setDeploymentType(yield determineDeploymentType(state));
     }
     determineDefaultRealm(state);
-    (0, _Console.debugMessage)("AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=".concat(state.getRealm(), ", type=").concat(state.getDeploymentType()));
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=".concat(state.getRealm(), ", type=").concat(state.getDeploymentType()),
+      state
+    });
     var versionInfo = yield (0, _ServerInfoApi.getServerVersionInfo)({
       state
     });
 
     // https://github.com/rockcarver/frodo-cli/issues/109
-    (0, _Console.debugMessage)("Full version: ".concat(versionInfo.fullVersion));
+    (0, _Console.debugMessage)({
+      message: "Full version: ".concat(versionInfo.fullVersion),
+      state
+    });
     var version = yield getSemanticVersion(versionInfo);
     state.setAmVersion(version);
-    (0, _Console.debugMessage)("AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end",
+      state
+    });
   });
   return _determineDeploymentTypeAndDefaultRealmAndVersion.apply(this, arguments);
 }
@@ -579,9 +721,16 @@ function _getTokens() {
       forceLoginAsUser = false,
       state
     } = _ref2;
-    (0, _Console.debugMessage)("AuthenticateOps.getTokens: start");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.getTokens: start",
+      state
+    });
     if (!state.getHost()) {
-      (0, _Console.printMessage)("No host specified and FRODO_HOST env variable not set!", 'error');
+      (0, _Console.printMessage)({
+        message: "No host specified and FRODO_HOST env variable not set!",
+        type: 'error',
+        state
+      });
       return false;
     }
     try {
@@ -620,7 +769,10 @@ function _getTokens() {
 
       // use service account to login?
       if (!forceLoginAsUser && state.getServiceAccountId() && state.getServiceAccountJwk()) {
-        (0, _Console.debugMessage)("AuthenticateOps.getTokens: Authenticating with service account ".concat(state.getServiceAccountId()));
+        (0, _Console.debugMessage)({
+          message: "AuthenticateOps.getTokens: Authenticating with service account ".concat(state.getServiceAccountId()),
+          state
+        });
         try {
           var token = yield getAccessTokenForServiceAccount({
             state
@@ -630,14 +782,23 @@ function _getTokens() {
           yield determineDeploymentTypeAndDefaultRealmAndVersion(state);
         } catch (saErr) {
           var _saErr$response, _saErr$response2, _saErr$response2$data, _saErr$response3, _saErr$response3$data;
-          (0, _Console.debugMessage)(((_saErr$response = saErr.response) === null || _saErr$response === void 0 ? void 0 : _saErr$response.data) || saErr);
-          (0, _Console.debugMessage)(state);
+          (0, _Console.debugMessage)({
+            message: ((_saErr$response = saErr.response) === null || _saErr$response === void 0 ? void 0 : _saErr$response.data) || saErr,
+            state
+          });
+          (0, _Console.debugMessage)({
+            message: state,
+            state
+          });
           throw new Error("Service account login error: ".concat(((_saErr$response2 = saErr.response) === null || _saErr$response2 === void 0 ? void 0 : (_saErr$response2$data = _saErr$response2.data) === null || _saErr$response2$data === void 0 ? void 0 : _saErr$response2$data.error_description) || ((_saErr$response3 = saErr.response) === null || _saErr$response3 === void 0 ? void 0 : (_saErr$response3$data = _saErr$response3.data) === null || _saErr$response3$data === void 0 ? void 0 : _saErr$response3$data.message) || saErr));
         }
       }
       // use user account to login
       else if (state.getUsername() && state.getPassword()) {
-        (0, _Console.debugMessage)("AuthenticateOps.getTokens: Authenticating with user account ".concat(state.getUsername()));
+        (0, _Console.debugMessage)({
+          message: "AuthenticateOps.getTokens: Authenticating with user account ".concat(state.getUsername()),
+          state
+        });
         var _token = yield authenticate(state);
         if (_token) state.setCookieValue(_token);
         yield determineDeploymentTypeAndDefaultRealmAndVersion(state);
@@ -648,29 +809,61 @@ function _getTokens() {
       }
       // incomplete or no credentials
       else {
-        (0, _Console.printMessage)("Incomplete or no credentials!", 'error');
+        (0, _Console.printMessage)({
+          message: "Incomplete or no credentials!",
+          type: 'error',
+          state
+        });
         return false;
       }
       if (state.getCookieValue() || state.getUseBearerTokenForAmApis() && state.getBearerToken()) {
         // https://github.com/rockcarver/frodo-cli/issues/102
-        (0, _Console.printMessage)("Connected to ".concat(state.getHost(), " [").concat(state.getRealm() ? state.getRealm() : 'root', "] as ").concat(yield getLoggedInSubject(state)), 'info');
-        (0, _Console.debugMessage)("AuthenticateOps.getTokens: end with tokens");
+        (0, _Console.printMessage)({
+          message: "Connected to ".concat(state.getHost(), " [").concat(state.getRealm() ? state.getRealm() : 'root', "] as ").concat(yield getLoggedInSubject(state)),
+          type: 'info',
+          state
+        });
+        (0, _Console.debugMessage)({
+          message: "AuthenticateOps.getTokens: end with tokens",
+          state
+        });
         return true;
       }
     } catch (error) {
       var _error$response3, _error$response3$data, _error$response4, _error$response4$data, _error$response5;
       // regular error
-      (0, _Console.printMessage)(error.message, 'error');
+      (0, _Console.printMessage)({
+        message: error.message,
+        type: 'error',
+        state
+      });
       // axios error am api
-      (0, _Console.printMessage)((_error$response3 = error.response) === null || _error$response3 === void 0 ? void 0 : (_error$response3$data = _error$response3.data) === null || _error$response3$data === void 0 ? void 0 : _error$response3$data.message, 'error');
+      (0, _Console.printMessage)({
+        message: (_error$response3 = error.response) === null || _error$response3 === void 0 ? void 0 : (_error$response3$data = _error$response3.data) === null || _error$response3$data === void 0 ? void 0 : _error$response3$data.message,
+        type: 'error',
+        state
+      });
       // axios error am oauth2 api
-      (0, _Console.printMessage)((_error$response4 = error.response) === null || _error$response4 === void 0 ? void 0 : (_error$response4$data = _error$response4.data) === null || _error$response4$data === void 0 ? void 0 : _error$response4$data.error_description, 'error');
+      (0, _Console.printMessage)({
+        message: (_error$response4 = error.response) === null || _error$response4 === void 0 ? void 0 : (_error$response4$data = _error$response4.data) === null || _error$response4$data === void 0 ? void 0 : _error$response4$data.error_description,
+        type: 'error',
+        state
+      });
       // axios error data
-      (0, _Console.debugMessage)((_error$response5 = error.response) === null || _error$response5 === void 0 ? void 0 : _error$response5.data);
+      (0, _Console.debugMessage)({
+        message: (_error$response5 = error.response) === null || _error$response5 === void 0 ? void 0 : _error$response5.data,
+        state
+      });
       // stack trace
-      (0, _Console.debugMessage)(error.stack || new Error().stack);
+      (0, _Console.debugMessage)({
+        message: error.stack || new Error().stack,
+        state
+      });
     }
-    (0, _Console.debugMessage)("AuthenticateOps.getTokens: end without tokens");
+    (0, _Console.debugMessage)({
+      message: "AuthenticateOps.getTokens: end without tokens",
+      state
+    });
     return false;
   });
   return _getTokens.apply(this, arguments);