@schibsted/account-sdk-browser 5.0.0 → 5.0.1-beta

package/es5/identity.js

@@ -982,7 +982,7 @@ function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.g
  * `password` (will force password confirmation, even if user is already logged in), `eid`. Those values might
  * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
  * to verify AMR (Authentication Methods References) claim in ID token.
- * Might also be used to ensure additional acr (sms, otp) for already logged in users.
+ * Might also be used to ensure additional acr (sms, otp) for already logged-in users.
  * Supported value is also 'otp-email' means one time password using email.
  * @property {string} [scope] - The OAuth scopes for the tokens. This is a list of
  * scopes, separated by space. If the list of scopes contains `openid`, the generated tokens
@@ -1016,7 +1016,7 @@ function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.g
  * `password` (will force password confirmation, even if user is already logged in). Those values might
  * be mixed as space-separated string. To make sure that user has authenticated with 2FA you need
  * to verify AMR (Authentication Methods References) claim in ID token.
- * Might also be used to ensure additional acr (sms, otp) for already logged in users.
+ * Might also be used to ensure additional acr (sms, otp) for already logged-in users.
  * Supported value is also 'otp-email' means one time password using email.
  * @property {string} [scope] - The OAuth scopes for the tokens. This is a list of
  * scopes, separated by space. If the list of scopes contains `openid`, the generated tokens
@@ -1090,7 +1090,7 @@ function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.g
 
 /**
  * @typedef {object} SimplifiedLoginData
- * @property {string} identifier - Deprecated: User UUID, to be be used as `loginHint` for {@link Identity#login}
+ * @property {string} identifier - Deprecated: User UUID, to be as `loginHint` for {@link Identity#login}
  * @property {string} display_text - Human-readable user identifier
  * @property {string} client_name - Client name
  */
@@ -1102,13 +1102,16 @@ function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.g
 
 var HAS_SESSION_CACHE_KEY = 'hasSession-cache';
 var SESSION_CALL_BLOCKED_CACHE_KEY = 'sessionCallBlocked-cache';
-var SESSION_CALL_BLOCKED_TTL = 1000 * 60 * 5;
+var SESSION_CALL_BLOCKED_TTL = 1000 * 30;
+var TAB_ID_KEY = 'tab-id-cache';
+var TAB_ID = Math.floor(Math.random() * 100000);
+var TAB_ID_TTL = 1000 * 60 * 60 * 24 * 30;
 var globalWindow = function globalWindow() {
   return window;
 };
 
 /**
- * Provides Identity functionalty to a web page
+ * Provides Identity functionality to a web page
  */
 var Identity = /*#__PURE__*/function (_EventEmitter) {
   _inherits(Identity, _EventEmitter);
@@ -1144,20 +1147,20 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
     Object(_validate_js__WEBPACK_IMPORTED_MODULE_55__["assert"])(!redirectUri || Object(_validate_js__WEBPACK_IMPORTED_MODULE_55__["isUrl"])(redirectUri), 'redirectUri parameter is invalid');
     Object(_validate_js__WEBPACK_IMPORTED_MODULE_55__["assert"])(sessionDomain && Object(_validate_js__WEBPACK_IMPORTED_MODULE_55__["isUrl"])(sessionDomain), 'sessionDomain parameter is not a valid URL');
     _spidTalk_js__WEBPACK_IMPORTED_MODULE_64__["emulate"](window);
+
+    // Internal hack: set as false to always refresh from hasSession
+    _this._enableSessionCaching = true;
     _this._sessionInitiatedSent = false;
     _this.window = window;
     _this.clientId = clientId;
-    _this.cache = new _cache_js__WEBPACK_IMPORTED_MODULE_60__["default"](function () {
-      return _this.window && _this.window.sessionStorage;
-    });
+    _this.sessionStorageCache = new _cache_js__WEBPACK_IMPORTED_MODULE_60__["default"](_this.window && _this.window.sessionStorage);
+    _this.localStorageCache = new _cache_js__WEBPACK_IMPORTED_MODULE_60__["default"](_this.window && _this.window.localStorage);
     _this.redirectUri = redirectUri;
     _this.env = env;
     _this.log = log;
     _this.callbackBeforeRedirect = callbackBeforeRedirect;
     _this._sessionDomain = sessionDomain;
-
-    // Internal hack: set to false to always refresh from hassession
-    _this._enableSessionCaching = true;
+    _this._tabId = _this._getTabId();
 
     // Old session
     _this._session = {};
@@ -1166,50 +1169,61 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
     _this._setBffServerUrl(env);
     _this._setOauthServerUrl(env);
     _this._setGlobalSessionServiceUrl(env);
-    _this._unblockSessionCall();
+    _this._unblockSessionCallByTab();
     return _this;
   }
 
   /**
-   * Checks if getting session is blocked
+   * Read tabId from session storage if possible, otherwise save tabId to session storage and return it
+   * @returns {number}
    * @private
-   *
-   * @returns {boolean|void}
    */
   _createClass(Identity, [{
-    key: "_isSessionCallBlocked",
-    value: function _isSessionCallBlocked() {
+    key: "_getTabId",
+    value: function _getTabId() {
       if (this._enableSessionCaching) {
-        return this.cache.get(SESSION_CALL_BLOCKED_CACHE_KEY);
+        var tabId = this.sessionStorageCache.get(TAB_ID_KEY);
+        if (!tabId) {
+          this.sessionStorageCache.set(TAB_ID_KEY, TAB_ID, TAB_ID_TTL);
+          return TAB_ID;
+        }
+        return tabId;
       }
+      return TAB_ID;
     }
 
     /**
-     * Block calls to get session
+     * Checks if calling GET session is blocked
+     * @private
+     * @returns {number|null}
+     */
+  }, {
+    key: "_isSessionCallBlocked",
+    value: function _isSessionCallBlocked() {
+      return this.localStorageCache.get(SESSION_CALL_BLOCKED_CACHE_KEY);
+    }
+
+    /**
+     * Block calls to get session. This is done to prevent concurrent calls which can log user out if session is refreshed by one of them
      * @private
-     *
      * @returns {void}
      */
   }, {
     key: "_blockSessionCall",
     value: function _blockSessionCall() {
-      if (this._enableSessionCaching) {
-        var SESSION_CALL_BLOCKED = true;
-        this.cache.set(SESSION_CALL_BLOCKED_CACHE_KEY, SESSION_CALL_BLOCKED, SESSION_CALL_BLOCKED_TTL);
-      }
+      this.localStorageCache.set(SESSION_CALL_BLOCKED_CACHE_KEY, this._tabId, SESSION_CALL_BLOCKED_TTL);
     }
 
     /**
-     * Unblocks calls to get session
+     * Unblocks calls to get session if the lock was put by the same tab
      * @private
-     *
      * @returns {void}
      */
   }, {
-    key: "_unblockSessionCall",
-    value: function _unblockSessionCall() {
-      if (this._enableSessionCaching) {
-        this.cache.delete(SESSION_CALL_BLOCKED_CACHE_KEY);
+    key: "_unblockSessionCallByTab",
+    value: function _unblockSessionCallByTab() {
+      if (this._isSessionCallBlocked() === this._tabId) {
+        this.localStorageCache.delete(SESSION_CALL_BLOCKED_CACHE_KEY);
       }
     }
 
@@ -1317,7 +1331,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
     }
 
     /**
-     * Emits the relevant events based on the previous and new reply from hassession
+     * Emits the relevant events based on the previous and new reply from {@link Identity#hasSession}
      * @private
      * @param {object} previous
      * @param {object} current
@@ -1401,7 +1415,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
     }
 
     /**
-     * Set the Varnish cookie (`SP_ID`) when hasSession() is called. Note that most browsers require
+     * Set the Varnish cookie (`SP_ID`) when {@link Identity#hasSession} is called. Note that most browsers require
      * that you are on a "real domain" for this to work — so, **not** `localhost`
      * @param {object} [options]
      * @param {number} [options.expiresIn] Override this to set number of seconds before the varnish
@@ -1554,7 +1568,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
                   break;
                 }
                 // Try to resolve from cache (it has a TTL)
-                cachedSession = _this2.cache.get(HAS_SESSION_CACHE_KEY);
+                cachedSession = _this2.sessionStorageCache.get(HAS_SESSION_CACHE_KEY);
                 if (!cachedSession) {
                   _context.next = 4;
                   break;
@@ -1564,7 +1578,9 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
                 sessionData = null;
                 _context.prev = 5;
                 _context.next = 8;
-                return _this2._sessionService.get('/v2/session');
+                return _this2._sessionService.get('/v2/session', {
+                  tabId: _this2._tabId
+                });
               case 8:
                 sessionData = _context.sent;
                 _context.next = 15;
@@ -1574,7 +1590,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
                 _context.t0 = _context["catch"](5);
                 if (_context.t0 && _context.t0.code === 400 && _this2._enableSessionCaching) {
                   expiresIn = 1000 * (_context.t0.expiresIn || 300);
-                  _this2.cache.set(HAS_SESSION_CACHE_KEY, {
+                  _this2.sessionStorageCache.set(HAS_SESSION_CACHE_KEY, {
                     error: _context.t0
                   }, expiresIn);
                 }
@@ -1592,11 +1608,13 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
                 _context.next = 20;
                 return _this2.callbackBeforeRedirect();
               case 20:
-                return _context.abrupt("return", _this2._sessionService.makeUrl(sessionData.redirectURL));
+                return _context.abrupt("return", _this2._sessionService.makeUrl(sessionData.redirectURL, {
+                  tabId: _this2._getTabId()
+                }));
               case 21:
                 if (_this2._enableSessionCaching) {
                   _expiresIn = 1000 * (sessionData.expiresIn || 300);
-                  _this2.cache.set(HAS_SESSION_CACHE_KEY, sessionData, _expiresIn);
+                  _this2.sessionStorageCache.set(HAS_SESSION_CACHE_KEY, sessionData, _expiresIn);
                 }
               case 22:
                 return _context.abrupt("return", _postProcess(sessionData));
@@ -1667,7 +1685,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
   }, {
     key: "clearCachedUserSession",
     value: function clearCachedUserSession() {
-      this.cache.delete(HAS_SESSION_CACHE_KEY);
+      this.sessionStorageCache.delete(HAS_SESSION_CACHE_KEY);
     }
 
     /**
@@ -1761,7 +1779,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
      * @description This function calls {@link Identity#hasSession} internally and thus has the side
      * effect that it might perform an auto-login on the user
      * @throws {SDKError} If the user isn't connected to the merchant
-     * @return {Promise<string>} The `userId` field (not to be confused with the `uuid`)
+     * @return {number} The `userId` field (not to be confused with the `uuid`)
      */
   }, {
     key: "getUserId",
@@ -2062,7 +2080,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
         _ref4$prompt = _ref4.prompt,
         prompt = _ref4$prompt === void 0 ? 'select_account' : _ref4$prompt;
       this._closePopup();
-      this.cache.delete(HAS_SESSION_CACHE_KEY);
+      this.sessionStorageCache.delete(HAS_SESSION_CACHE_KEY);
       var url = this.loginUrl({
         state: state,
         acrValues: acrValues,
@@ -2135,7 +2153,7 @@ var Identity = /*#__PURE__*/function (_EventEmitter) {
     key: "logout",
     value: function logout() {
       var redirectUri = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : this.redirectUri;
-      this.cache.delete(HAS_SESSION_CACHE_KEY);
+      this.sessionStorageCache.delete(HAS_SESSION_CACHE_KEY);
       this._maybeClearVarnishCookie();
       this.emit('logout');
       this.window.location.href = this.logoutUrl(redirectUri);
@@ -10992,7 +11010,6 @@ var Cache = /*#__PURE__*/function () {
   /**
    * Get a value from cache (checks that the object has not expired)
    * @param {string} key
-   * @private
    * @returns {*} - The value if it exists, otherwise null
    */
   _createClass(Cache, [{
@@ -11028,7 +11045,6 @@ var Cache = /*#__PURE__*/function () {
      * @param {string} key
      * @param {*} value
      * @param {Number} expiresIn - Value in milliseconds until the entry expires
-     * @private
      * @returns {void}
      */
   }, {
@@ -11057,7 +11073,6 @@ var Cache = /*#__PURE__*/function () {
     /**
      * Delete a cache entry
      * @param {string} key
-     * @private
      * @returns {void}
      */
   }, {
@@ -11977,7 +11992,7 @@ __webpack_require__.r(__webpack_exports__);
 
 
 
-var version = '5.0.0';
+var version = '5.0.1-beta';
 /* harmony default export */ __webpack_exports__["default"] = (version);
 
 /***/ })