@schibsted/account-sdk-browser 5.0.0-beta.2 → 5.0.1-beta

package/es5/index.js

@@ -988,7 +988,7 @@ function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.g
  * `password` (will force password confirmation, even if user is already logged in), `eid`. Those values might
  * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
  * to verify AMR (Authentication Methods References) claim in ID token.
- * Might also be used to ensure additional acr (sms, otp) for already logged in users.
+ * Might also be used to ensure additional acr (sms, otp) for already logged-in users.
  * Supported value is also 'otp-email' means one time password using email.
  * @property {string} [scope] - The OAuth scopes for the tokens. This is a list of
  * scopes, separated by space. If the list of scopes contains `openid`, the generated tokens
@@ -1022,7 +1022,7 @@ function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.g
  * `password` (will force password confirmation, even if user is already logged in). Those values might
  * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
  * to verify AMR (Authentication Methods References) claim in ID token.
- * Might also be used to ensure additional acr (sms, otp) for already logged in users.
+ * Might also be used to ensure additional acr (sms, otp) for already logged-in users.
  * Supported value is also 'otp-email' means one time password using email.
  * @property {string} [scope] - The OAuth scopes for the tokens. This is a list of
  * scopes, separated by space. If the list of scopes contains `openid`, the generated tokens
@@ -1096,7 +1096,7 @@ function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.g
 
 /**
  * @typedef {object} SimplifiedLoginData
- * @property {string} identifier - Deprecated: User UUID, to be be used as `loginHint` for {@link Identity#login}
+ * @property {string} identifier - Deprecated: User UUID, to be as `loginHint` for {@link Identity#login}
  * @property {string} display_text - Human-readable user identifier
  * @property {string} client_name - Client name
  */
@@ -1108,7 +1108,7 @@ function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.g
 
 var HAS_SESSION_CACHE_KEY = 'hasSession-cache';
 var SESSION_CALL_BLOCKED_CACHE_KEY = 'sessionCallBlocked-cache';
-var SESSION_CALL_BLOCKED_TTL = 1000 * 60 * 5;
+var SESSION_CALL_BLOCKED_TTL = 1000 * 30;
 var TAB_ID_KEY = 'tab-id-cache';
 var TAB_ID = Math.floor(Math.random() * 100000);
 var TAB_ID_TTL = 1000 * 60 * 60 * 24 * 30;
@@ -1117,7 +1117,7 @@ var globalWindow = function globalWindow() {
 };
 
 /**
- * Provides Identity functionalty to a web page
+ * Provides Identity functionality to a web page
  */
 var Identity = /*#__PURE__*/function (_EventEmitter) {
   _inherits(Identity, _EventEmitter);
@@ -1153,23 +1153,20 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
     Object(_validate_js__WEBPACK_IMPORTED_MODULE_55__["assert"])(!redirectUri || Object(_validate_js__WEBPACK_IMPORTED_MODULE_55__["isUrl"])(redirectUri), 'redirectUri parameter is invalid');
     Object(_validate_js__WEBPACK_IMPORTED_MODULE_55__["assert"])(sessionDomain && Object(_validate_js__WEBPACK_IMPORTED_MODULE_55__["isUrl"])(sessionDomain), 'sessionDomain parameter is not a valid URL');
     _spidTalk_js__WEBPACK_IMPORTED_MODULE_64__["emulate"](window);
+
+    // Internal hack: set as false to always refresh from hasSession
+    _this._enableSessionCaching = true;
     _this._sessionInitiatedSent = false;
     _this.window = window;
     _this.clientId = clientId;
-    _this.sessionStorageCache = new _cache_js__WEBPACK_IMPORTED_MODULE_60__["default"](function () {
-      return _this.window && _this.window.sessionStorage;
-    });
-    _this.localStorageCache = new _cache_js__WEBPACK_IMPORTED_MODULE_60__["default"](function () {
-      return _this.window && _this.window.localStorage;
-    });
+    _this.sessionStorageCache = new _cache_js__WEBPACK_IMPORTED_MODULE_60__["default"](_this.window && _this.window.sessionStorage);
+    _this.localStorageCache = new _cache_js__WEBPACK_IMPORTED_MODULE_60__["default"](_this.window && _this.window.localStorage);
     _this.redirectUri = redirectUri;
     _this.env = env;
     _this.log = log;
     _this.callbackBeforeRedirect = callbackBeforeRedirect;
     _this._sessionDomain = sessionDomain;
-
-    // Internal hack: set to false to always refresh from hassession
-    _this._enableSessionCaching = true;
+    _this._tabId = _this._getTabId();
 
     // Old session
     _this._session = {};
@@ -1178,12 +1175,12 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
     _this._setBffServerUrl(env);
     _this._setOauthServerUrl(env);
     _this._setGlobalSessionServiceUrl(env);
-    _this._unblockSessionCall();
+    _this._unblockSessionCallByTab();
     return _this;
   }
 
   /**
-   * Read tabId from session storage
+   * Read tabId from session storage if possible, otherwise save tabId to session storage and return it
    * @returns {number}
    * @private
    */
@@ -1198,13 +1195,13 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
         }
         return tabId;
       }
+      return TAB_ID;
     }
 
     /**
-     * Checks if getting session is blocked
+     * Checks if calling GET session is blocked
      * @private
-     *
-     * @returns {boolean|void}
+     * @returns {number|null}
      */
   }, {
     key: "_isSessionCallBlocked",
@@ -1213,28 +1210,27 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
     }
 
     /**
-     * Block calls to get session
+     * Block calls to get session. This is done to prevent concurrent calls which can log user out if session is refreshed by one of them
      * @private
-     *
      * @returns {void}
      */
   }, {
     key: "_blockSessionCall",
     value: function _blockSessionCall() {
-      var SESSION_CALL_BLOCKED = true;
-      this.localStorageCache.set(SESSION_CALL_BLOCKED_CACHE_KEY, SESSION_CALL_BLOCKED, SESSION_CALL_BLOCKED_TTL);
+      this.localStorageCache.set(SESSION_CALL_BLOCKED_CACHE_KEY, this._tabId, SESSION_CALL_BLOCKED_TTL);
     }
 
     /**
-     * Unblocks calls to get session
+     * Unblocks calls to get session if the lock was put by the same tab
      * @private
-     *
      * @returns {void}
      */
   }, {
-    key: "_unblockSessionCall",
-    value: function _unblockSessionCall() {
-      this.localStorageCache.delete(SESSION_CALL_BLOCKED_CACHE_KEY);
+    key: "_unblockSessionCallByTab",
+    value: function _unblockSessionCallByTab() {
+      if (this._isSessionCallBlocked() === this._tabId) {
+        this.localStorageCache.delete(SESSION_CALL_BLOCKED_CACHE_KEY);
+      }
     }
 
     /**
@@ -1341,7 +1337,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
     }
 
     /**
-     * Emits the relevant events based on the previous and new reply from hassession
+     * Emits the relevant events based on the previous and new reply from {@link Identity#hasSession}
      * @private
      * @param {object} previous
      * @param {object} current
@@ -1425,7 +1421,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
     }
 
     /**
-     * Set the Varnish cookie (`SP_ID`) when hasSession() is called. Note that most browsers require
+     * Set the Varnish cookie (`SP_ID`) when {@link Identity#hasSession} is called. Note that most browsers require
      * that you are on a "real domain" for this to work — so, **not** `localhost`
      * @param {object} [options]
      * @param {number} [options.expiresIn] Override this to set number of seconds before the varnish
@@ -1589,7 +1585,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
                 _context.prev = 5;
                 _context.next = 8;
                 return _this2._sessionService.get('/v2/session', {
-                  tabId: _this2._getTabId()
+                  tabId: _this2._tabId
                 });
               case 8:
                 sessionData = _context.sent;
@@ -1789,7 +1785,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
      * @description This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the user isn't connected to the merchant
-     * @return {Promise<string>} The `userId` field (not to be confused with the `uuid`)
+     * @return {number} The `userId` field (not to be confused with the `uuid`)
      */
   }, {
     key: "getUserId",
@@ -11020,7 +11016,6 @@ var Cache = /*#__PURE__*/function () {
   /**
    * Get a value from cache (checks that the object has not expired)
    * @param {string} key
-   * @private
    * @returns {*} - The value if it exists, otherwise null
    */
   _createClass(Cache, [{
@@ -11056,7 +11051,6 @@ var Cache = /*#__PURE__*/function () {
      * @param {string} key
      * @param {*} value
      * @param {Number} expiresIn - Value in milliseconds until the entry expires
-     * @private
      * @returns {void}
      */
   }, {
@@ -11085,7 +11079,6 @@ var Cache = /*#__PURE__*/function () {
     /**
      * Delete a cache entry
      * @param {string} key
-     * @private
      * @returns {void}
      */
   }, {
@@ -12005,7 +11998,7 @@ __webpack_require__.r(__webpack_exports__);
 
 
 
-var version = '5.0.0-beta.2';
+var version = '5.0.1-beta';
 /* harmony default export */ __webpack_exports__["default"] = (version);
 
 /***/ }),