@schibsted/account-sdk-browser 4.8.7 → 5.0.0-beta.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@schibsted/account-sdk-browser",
-  "version": "4.8.7",
+  "version": "5.0.0-beta.2",
   "description": "Schibsted account SDK for browsers",
   "main": "index.js",
   "type": "module",

package/src/identity.d.ts

@@ -13,26 +13,58 @@ export class Identity extends TinyEmitter {
      * @param {function} [options.log] - A function that receives debug log information. If not set,
      * no logging will be done
      * @param {object} [options.window] - window object
+     * @param {function} [options.callbackBeforeRedirect] - callback triggered before session refresh redirect happen
      * @throws {SDKError} - If any of options are invalid
      */
-    constructor({ clientId, redirectUri, sessionDomain, env, log, window }: {
+    constructor({ clientId, redirectUri, sessionDomain, env, log, window, callbackBeforeRedirect }: {
         clientId: string;
         sessionDomain: string;
         redirectUri: string;
         env?: string;
         log?: Function;
         window?: any;
+        callbackBeforeRedirect?: Function;
     });
     _sessionInitiatedSent: boolean;
     window: any;
     clientId: string;
-    cache: any;
+    sessionStorageCache: any;
+    localStorageCache: any;
     redirectUri: string;
     env: string;
     log: Function;
+    callbackBeforeRedirect: Function;
     _sessionDomain: string;
     _enableSessionCaching: boolean;
     _session: {};
+
+    /**
+     * Read tabId from session storage
+     * @returns {number}
+     * @private
+     */
+    private _getTabId;
+    /**
+     * Checks if getting session is blocked
+     * @private
+     *
+     * @returns {boolean|void}
+     */
+    private _isSessionCallBlocked;
+    /**
+     * Block calls to get session
+     * @private
+     *
+     * @returns {void}
+     */
+    private _blockSessionCall;
+    /**
+     * Unblocks calls to get session
+     * @private
+     *
+     * @returns {void}
+     */
+    private _unblockSessionCall;
     /**
      * Set SPiD server URL
      * @private

package/src/identity.js

@@ -145,6 +145,13 @@ import version from './version.js';
  */
 
 const HAS_SESSION_CACHE_KEY = 'hasSession-cache';
+const SESSION_CALL_BLOCKED_CACHE_KEY = 'sessionCallBlocked-cache';
+const SESSION_CALL_BLOCKED_TTL = 1000 * 60 * 5;
+
+const TAB_ID_KEY = 'tab-id-cache';
+const TAB_ID = Math.floor(Math.random() * 100000)
+const TAB_ID_TTL = 1000 * 60 * 60 * 24 * 30;
+
 const globalWindow = () => window;
 
 /**
@@ -160,9 +167,18 @@ export class Identity extends EventEmitter {
      * @param {function} [options.log] - A function that receives debug log information. If not set,
      * no logging will be done
      * @param {object} [options.window] - window object
+     * @param {function} [options.callbackBeforeRedirect] - callback triggered before session refresh redirect happen
      * @throws {SDKError} - If any of options are invalid
      */
-    constructor({ clientId, redirectUri, sessionDomain, env = 'PRE', log, window = globalWindow() }) {
+    constructor({
+        clientId,
+        redirectUri,
+        sessionDomain,
+        env = 'PRE',
+        log,
+        window = globalWindow(),
+        callbackBeforeRedirect = ()=>{}
+    }) {
         super();
         assert(isNonEmptyString(clientId), 'clientId parameter is required');
         assert(isObject(window), 'The reference to window is missing');
@@ -173,10 +189,12 @@ export class Identity extends EventEmitter {
         this._sessionInitiatedSent = false;
         this.window = window;
         this.clientId = clientId;
-        this.cache = new Cache(() => this.window && this.window.sessionStorage);
+        this.sessionStorageCache = new Cache(() => this.window && this.window.sessionStorage);
+        this.localStorageCache = new Cache(() => this.window && this.window.localStorage);
         this.redirectUri = redirectUri;
         this.env = env;
         this.log = log;
+        this.callbackBeforeRedirect = callbackBeforeRedirect;
         this._sessionDomain = sessionDomain;
 
         // Internal hack: set to false to always refresh from hassession
@@ -190,6 +208,61 @@ export class Identity extends EventEmitter {
         this._setBffServerUrl(env);
         this._setOauthServerUrl(env);
         this._setGlobalSessionServiceUrl(env);
+
+        this._unblockSessionCall();
+    }
+
+    /**
+     * Read tabId from session storage
+     * @returns {number}
+     * @private
+     */
+    _getTabId() {
+        if (this._enableSessionCaching) {
+            const tabId = this.sessionStorageCache.get(TAB_ID_KEY);
+            if (!tabId) {
+                this.sessionStorageCache.set(TAB_ID_KEY, TAB_ID, TAB_ID_TTL);
+                return TAB_ID;
+            }
+
+            return tabId;
+        }
+    }
+
+    /**
+     * Checks if getting session is blocked
+     * @private
+     *
+     * @returns {boolean|void}
+     */
+    _isSessionCallBlocked(){
+        return this.localStorageCache.get(SESSION_CALL_BLOCKED_CACHE_KEY);
+    }
+
+    /**
+     * Block calls to get session
+     * @private
+     *
+     * @returns {void}
+     */
+    _blockSessionCall(){
+        const SESSION_CALL_BLOCKED = true;
+
+        this.localStorageCache.set(
+            SESSION_CALL_BLOCKED_CACHE_KEY,
+            SESSION_CALL_BLOCKED,
+            SESSION_CALL_BLOCKED_TTL
+        );
+    }
+
+    /**
+     * Unblocks calls to get session
+     * @private
+     *
+     * @returns {void}
+     */
+    _unblockSessionCall(){
+        this.localStorageCache.delete(SESSION_CALL_BLOCKED_CACHE_KEY);
     }
 
     /**
@@ -480,9 +553,15 @@ export class Identity extends EventEmitter {
      * @return {Promise<HasSessionSuccessResponse|HasSessionFailureResponse>}
      */
     hasSession() {
+        const isSessionCallBlocked = this._isSessionCallBlocked()
+        if (isSessionCallBlocked) {
+            return this._session;
+        }
+
         if (this._hasSessionInProgress) {
             return this._hasSessionInProgress;
         }
+
         const _postProcess = (sessionData) => {
             if (sessionData.error) {
                 throw new SDKError('HasSession failed', sessionData.error);
@@ -492,35 +571,60 @@ export class Identity extends EventEmitter {
             this._session = sessionData;
             return sessionData;
         };
+
+        const _checkRedirectionNeed = (sessionData={})=>{
+            const sessionDataKeys = Object.keys(sessionData);
+
+            return sessionDataKeys.length === 1 &&
+                sessionDataKeys[0] === 'redirectURL';
+        }
+
         const _getSession = async () => {
             if (this._enableSessionCaching) {
                 // Try to resolve from cache (it has a TTL)
-                let cachedSession = this.cache.get(HAS_SESSION_CACHE_KEY);
+                let cachedSession = this.sessionStorageCache.get(HAS_SESSION_CACHE_KEY);
                 if (cachedSession) {
                     return _postProcess(cachedSession);
                 }
             }
             let sessionData = null;
             try {
-                sessionData = await this._sessionService.get('/session');
+                sessionData = await this._sessionService.get('/v2/session', {tabId: this._getTabId()});
             } catch (err) {
                 if (err && err.code === 400 && this._enableSessionCaching) {
                     const expiresIn = 1000 * (err.expiresIn || 300);
-                    this.cache.set(HAS_SESSION_CACHE_KEY, { error: err }, expiresIn);
+                    this.sessionStorageCache.set(HAS_SESSION_CACHE_KEY, { error: err }, expiresIn);
                 }
                 throw err;
             }
 
-            if (sessionData && this._enableSessionCaching) {
-                const expiresIn = 1000 * (sessionData.expiresIn || 300);
-                this.cache.set(HAS_SESSION_CACHE_KEY, sessionData, expiresIn);
+            if (sessionData){
+                // for expiring session and safari browser do full page redirect to gain new session
+                if(_checkRedirectionNeed(sessionData)){
+                    this._blockSessionCall();
+
+                    await this.callbackBeforeRedirect();
+
+                    return this._sessionService.makeUrl(sessionData.redirectURL, {tabId: this._getTabId()});
+                }
+
+                if (this._enableSessionCaching) {
+                    const expiresIn = 1000 * (sessionData.expiresIn || 300);
+                    this.sessionStorageCache.set(HAS_SESSION_CACHE_KEY, sessionData, expiresIn);
+                }
             }
+
             return _postProcess(sessionData);
         };
         this._hasSessionInProgress = _getSession()
             .then(
                 sessionData => {
                     this._hasSessionInProgress = false;
+
+                    if (isUrl(sessionData)) {
+                        return this.window.location.href = sessionData;
+                    }
+
                     return sessionData;
                 },
                 err => {
@@ -554,7 +658,7 @@ export class Identity extends EventEmitter {
      * @returns {void}
      */
     clearCachedUserSession() {
-        this.cache.delete(HAS_SESSION_CACHE_KEY);
+        this.sessionStorageCache.delete(HAS_SESSION_CACHE_KEY);
     }
 
     /**
@@ -632,10 +736,10 @@ export class Identity extends EventEmitter {
      * meaning the same user's ID will differ between merchants.
      * Additionally, this identifier is bound to the external party provided as argument.
      *
-     * @description This function calls {@link Identity#hasSession} internally and thus has the side
-     * effect that it might perform an auto-login on the user
      * @param {string} externalParty
      * @param {string|null} optionalSuffix
+     * @description This function calls {@link Identity#hasSession} internally and thus has the side
+     * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the `pairId` is missing in user session.
      * @throws {SDKError} If the `externalParty` is not defined
      * @return {Promise<string>} The merchant- and 3rd-party-specific `externalId`
@@ -765,7 +869,7 @@ export class Identity extends EventEmitter {
         prompt = 'select_account'
     }) {
         this._closePopup();
-        this.cache.delete(HAS_SESSION_CACHE_KEY);
+        this.sessionStorageCache.delete(HAS_SESSION_CACHE_KEY);
         const url = this.loginUrl({
             state,
             acrValues,
@@ -814,7 +918,7 @@ export class Identity extends EventEmitter {
      * @return {void}
      */
     logout(redirectUri = this.redirectUri) {
-        this.cache.delete(HAS_SESSION_CACHE_KEY);
+        this.sessionStorageCache.delete(HAS_SESSION_CACHE_KEY);
         this._maybeClearVarnishCookie();
         this.emit('logout');
         this.window.location.href = this.logoutUrl(redirectUri);

package/src/version.js

@@ -1,5 +1,5 @@
 // Automatically generated in 'npm version' by scripts/genversion.js
 
 'use strict'
-const version = '4.8.7';
+const version = '5.0.0-beta.2';
 export default version;