@schibsted/account-sdk-browser 5.0.0-beta.2 → 5.0.1-beta

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@schibsted/account-sdk-browser",
-  "version": "5.0.0-beta.2",
+  "version": "5.0.1-beta",
   "description": "Schibsted account SDK for browsers",
   "main": "index.js",
   "type": "module",

package/src/cache.d.ts

@@ -14,7 +14,6 @@ export default class Cache {
     /**
      * Get a value from cache (checks that the object has not expired)
      * @param {string} key
-     * @private
      * @returns {*} - The value if it exists, otherwise null
      */
     private get;
@@ -23,14 +22,12 @@ export default class Cache {
      * @param {string} key
      * @param {*} value
      * @param {Number} expiresIn - Value in milliseconds until the entry expires
-     * @private
      * @returns {void}
      */
     private set;
     /**
      * Delete a cache entry
      * @param {string} key
-     * @private
      * @returns {void}
      */
     private delete;

package/src/cache.js

@@ -89,7 +89,6 @@ export default class Cache {
     /**
      * Get a value from cache (checks that the object has not expired)
      * @param {string} key
-     * @private
      * @returns {*} - The value if it exists, otherwise null
      */
     get(key) {
@@ -124,7 +123,6 @@ export default class Cache {
      * @param {string} key
      * @param {*} value
      * @param {Number} expiresIn - Value in milliseconds until the entry expires
-     * @private
      * @returns {void}
      */
     set(key, value, expiresIn = 0) {
@@ -145,7 +143,6 @@ export default class Cache {
     /**
      * Delete a cache entry
      * @param {string} key
-     * @private
      * @returns {void}
      */
     delete(key) {

package/src/identity.d.ts

@@ -45,23 +45,20 @@ export class Identity extends TinyEmitter {
      */
     private _getTabId;
     /**
-     * Checks if getting session is blocked
+     * Checks if calling get session is blocked
      * @private
-     *
      * @returns {boolean|void}
      */
     private _isSessionCallBlocked;
     /**
-     * Block calls to get session
+     * Block calls to get session. This is done to prevent concurrent calls which can log user out if session is refreshed by one of them
      * @private
-     *
      * @returns {void}
      */
     private _blockSessionCall;
     /**
-     * Unblocks calls to get session
+     * Unblocks calls to get session if the lock was put by the same tab
      * @private
-     *
      * @returns {void}
      */
     private _unblockSessionCall;
@@ -106,7 +103,7 @@ export class Identity extends TinyEmitter {
     private _setGlobalSessionServiceUrl;
     _globalSessionService: RESTClient;
     /**
-     * Emits the relevant events based on the previous and new reply from hassession
+     * Emits the relevant events based on the previous and new reply from {@link Identity#hasSession}
      * @private
      * @param {object} previous
      * @param {object} current
@@ -121,7 +118,7 @@ export class Identity extends TinyEmitter {
     private _closePopup;
     popup: Window;
     /**
-     * Set the Varnish cookie (`SP_ID`) when hasSession() is called. Note that most browsers require
+     * Set the Varnish cookie (`SP_ID`) when {@link Identity#hasSession} is called. Note that most browsers require
      * that you are on a "real domain" for this to work — so, **not** `localhost`
      * @param {object} [options]
      * @param {number} [options.expiresIn] Override this to set number of seconds before the varnish
@@ -224,7 +221,7 @@ export class Identity extends TinyEmitter {
      * @description This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the user isn't connected to the merchant
-     * @return {Promise<string>} The `userId` field (not to be confused with the `uuid`)
+     * @return {number} The `userId` field (not to be confused with the `uuid`)
      */
     getUserId(): Promise<string>;
     /**
@@ -384,7 +381,7 @@ export type LoginOptions = {
      * `password` (will force password confirmation, even if user is already logged in), `eid`. Those values might
      * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
      * to verify AMR (Authentication Methods References) claim in ID token.
-     * Might also be used to ensure additional acr (sms, otp, eid) for already logged in users.
+     * Might also be used to ensure additional acr (sms, otp, eid) for already logged-in users.
      * Supported value is also 'otp-email' means one time password using email.
      */
     acrValues?: string;
@@ -453,7 +450,7 @@ export type SimplifiedLoginWidgetLoginOptions = {
      * `password` (will force password confirmation, even if user is already logged in). Those values might
      * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
      * to verify AMR (Authentication Methods References) claim in ID token.
-     * Might also be used to ensure additional acr (sms, otp) for already logged in users.
+     * Might also be used to ensure additional acr (sms, otp) for already logged-in users.
      * Supported value is also 'otp-email' means one time password using email.
      */
     acrValues?: string;
@@ -621,7 +618,7 @@ export type HasSessionFailureResponse = {
 };
 export type SimplifiedLoginData = {
     /**
-     * - Deprecated: User UUID, to be be used as `loginHint` for {@link Identity#login}
+     * - Deprecated: User UUID, to be used as `loginHint` for {@link Identity#login}
      */
     identifier: string;
     /**

package/src/identity.js

@@ -26,7 +26,7 @@ import version from './version.js';
  * `password` (will force password confirmation, even if user is already logged in), `eid`. Those values might
  * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
  * to verify AMR (Authentication Methods References) claim in ID token.
- * Might also be used to ensure additional acr (sms, otp) for already logged in users.
+ * Might also be used to ensure additional acr (sms, otp) for already logged-in users.
  * Supported value is also 'otp-email' means one time password using email.
  * @property {string} [scope] - The OAuth scopes for the tokens. This is a list of
  * scopes, separated by space. If the list of scopes contains `openid`, the generated tokens
@@ -60,7 +60,7 @@ import version from './version.js';
  * `password` (will force password confirmation, even if user is already logged in). Those values might
  * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
  * to verify AMR (Authentication Methods References) claim in ID token.
- * Might also be used to ensure additional acr (sms, otp) for already logged in users.
+ * Might also be used to ensure additional acr (sms, otp) for already logged-in users.
  * Supported value is also 'otp-email' means one time password using email.
  * @property {string} [scope] - The OAuth scopes for the tokens. This is a list of
  * scopes, separated by space. If the list of scopes contains `openid`, the generated tokens
@@ -134,7 +134,7 @@ import version from './version.js';
 
 /**
  * @typedef {object} SimplifiedLoginData
- * @property {string} identifier - Deprecated: User UUID, to be be used as `loginHint` for {@link Identity#login}
+ * @property {string} identifier - Deprecated: User UUID, to be as `loginHint` for {@link Identity#login}
  * @property {string} display_text - Human-readable user identifier
  * @property {string} client_name - Client name
  */
@@ -146,7 +146,7 @@ import version from './version.js';
 
 const HAS_SESSION_CACHE_KEY = 'hasSession-cache';
 const SESSION_CALL_BLOCKED_CACHE_KEY = 'sessionCallBlocked-cache';
-const SESSION_CALL_BLOCKED_TTL = 1000 * 60 * 5;
+const SESSION_CALL_BLOCKED_TTL = 1000 * 30;
 
 const TAB_ID_KEY = 'tab-id-cache';
 const TAB_ID = Math.floor(Math.random() * 100000)
@@ -155,7 +155,7 @@ const TAB_ID_TTL = 1000 * 60 * 60 * 24 * 30;
 const globalWindow = () => window;
 
 /**
- * Provides Identity functionalty to a web page
+ * Provides Identity functionality to a web page
  */
 export class Identity extends EventEmitter {
     /**
@@ -186,19 +186,21 @@ export class Identity extends EventEmitter {
         assert(sessionDomain && isUrl(sessionDomain), 'sessionDomain parameter is not a valid URL');
 
         spidTalk.emulate(window);
+
+        // Internal hack: set as false to always refresh from hasSession
+        this._enableSessionCaching = true;
+
         this._sessionInitiatedSent = false;
         this.window = window;
         this.clientId = clientId;
-        this.sessionStorageCache = new Cache(() => this.window && this.window.sessionStorage);
-        this.localStorageCache = new Cache(() => this.window && this.window.localStorage);
+        this.sessionStorageCache = new Cache(this.window && this.window.sessionStorage);
+        this.localStorageCache = new Cache(this.window && this.window.localStorage);
         this.redirectUri = redirectUri;
         this.env = env;
         this.log = log;
         this.callbackBeforeRedirect = callbackBeforeRedirect;
         this._sessionDomain = sessionDomain;
-
-        // Internal hack: set to false to always refresh from hassession
-        this._enableSessionCaching = true;
+        this._tabId = this._getTabId();
 
         // Old session
         this._session = {};
@@ -208,12 +210,11 @@ export class Identity extends EventEmitter {
         this._setBffServerUrl(env);
         this._setOauthServerUrl(env);
         this._setGlobalSessionServiceUrl(env);
-
-        this._unblockSessionCall();
+        this._unblockSessionCallByTab();
     }
 
     /**
-     * Read tabId from session storage
+     * Read tabId from session storage if possible, otherwise save tabId to session storage and return it
      * @returns {number}
      * @private
      */
@@ -222,47 +223,47 @@ export class Identity extends EventEmitter {
             const tabId = this.sessionStorageCache.get(TAB_ID_KEY);
             if (!tabId) {
                 this.sessionStorageCache.set(TAB_ID_KEY, TAB_ID, TAB_ID_TTL);
+
                 return TAB_ID;
             }
 
             return tabId;
         }
+
+        return TAB_ID;
     }
 
     /**
-     * Checks if getting session is blocked
+     * Checks if calling GET session is blocked
      * @private
-     *
-     * @returns {boolean|void}
+     * @returns {number|null}
      */
     _isSessionCallBlocked(){
         return this.localStorageCache.get(SESSION_CALL_BLOCKED_CACHE_KEY);
     }
 
     /**
-     * Block calls to get session
+     * Block calls to get session. This is done to prevent concurrent calls which can log user out if session is refreshed by one of them
      * @private
-     *
      * @returns {void}
      */
     _blockSessionCall(){
-        const SESSION_CALL_BLOCKED = true;
-
         this.localStorageCache.set(
             SESSION_CALL_BLOCKED_CACHE_KEY,
-            SESSION_CALL_BLOCKED,
+            this._tabId,
             SESSION_CALL_BLOCKED_TTL
         );
     }
 
     /**
-     * Unblocks calls to get session
+     * Unblocks calls to get session if the lock was put by the same tab
      * @private
-     *
      * @returns {void}
      */
-    _unblockSessionCall(){
-        this.localStorageCache.delete(SESSION_CALL_BLOCKED_CACHE_KEY);
+    _unblockSessionCallByTab() {
+        if (this._isSessionCallBlocked() === this._tabId) {
+            this.localStorageCache.delete(SESSION_CALL_BLOCKED_CACHE_KEY);
+        }
     }
 
     /**
@@ -343,7 +344,7 @@ export class Identity extends EventEmitter {
     }
 
     /**
-     * Emits the relevant events based on the previous and new reply from hassession
+     * Emits the relevant events based on the previous and new reply from {@link Identity#hasSession}
      * @private
      * @param {object} previous
      * @param {object} current
@@ -423,7 +424,7 @@ export class Identity extends EventEmitter {
     }
 
     /**
-     * Set the Varnish cookie (`SP_ID`) when hasSession() is called. Note that most browsers require
+     * Set the Varnish cookie (`SP_ID`) when {@link Identity#hasSession} is called. Note that most browsers require
      * that you are on a "real domain" for this to work — so, **not** `localhost`
      * @param {object} [options]
      * @param {number} [options.expiresIn] Override this to set number of seconds before the varnish
@@ -587,9 +588,10 @@ export class Identity extends EventEmitter {
                     return _postProcess(cachedSession);
                 }
             }
+
             let sessionData = null;
             try {
-                sessionData = await this._sessionService.get('/v2/session', {tabId: this._getTabId()});
+                sessionData = await this._sessionService.get('/v2/session', {tabId: this._tabId});
             } catch (err) {
                 if (err && err.code === 400 && this._enableSessionCaching) {
                     const expiresIn = 1000 * (err.expiresIn || 300);
@@ -712,7 +714,7 @@ export class Identity extends EventEmitter {
      * @description This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the user isn't connected to the merchant
-     * @return {Promise<string>} The `userId` field (not to be confused with the `uuid`)
+     * @return {number} The `userId` field (not to be confused with the `uuid`)
      */
     async getUserId() {
         const user = await this.hasSession();

package/src/version.js

@@ -1,5 +1,5 @@
 // Automatically generated in 'npm version' by scripts/genversion.js
 
 'use strict'
-const version = '5.0.0-beta.2';
+const version = '5.0.1-beta';
 export default version;