npm - @stack-spot/auth-react - Versions diffs - 2.14.1-beta.1 → 2.14.1 - Mend

@stack-spot/auth-react 2.14.1-beta.1 → 2.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/CHANGELOG.md +249 -242
package/out/index.d.ts +103 -4
package/out/index.js +797 -20
package/out/index.js.map +1 -1
package/out/index.mjs +797 -4
package/out/index.mjs.map +1 -1
package/package.json +39 -39
package/rollup.config.mjs +37 -37
package/src/Authenticated.tsx +65 -65
package/src/IDPLogin.tsx +102 -102
package/src/Login.tsx +206 -206
package/src/SSOLogin.tsx +39 -39
package/src/SessionManager.ts +313 -296
package/src/dictionary.ts +48 -48
package/src/hooks.ts +34 -34
package/src/index.ts +5 -5
package/src/last-login-type.ts +20 -20
package/src/provider-icons/Github.tsx +21 -21
package/src/provider-icons/Google.tsx +17 -17
package/src/provider-icons/Microsoft.tsx +10 -10
package/src/types.ts +29 -29
package/src/utils/cookies.ts +24 -24
package/src/utils/redirect.ts +20 -20
package/tsconfig.json +11 -11

package/src/SessionManager.ts CHANGED Viewed

@@ -1,296 +1,313 @@
-import { AccessTokenPayload, AuthConfig, AuthManager, GenericLogger, Session, ThirdPartyAuthType, ThirdPartyLoginParams } from '@stack-spot/auth'
-import { sessionCookie } from './utils/cookies'
-import { redirect } from './utils/redirect'
-const sessionKey = 'session'
-interface SessionManagerConfig extends Pick<AuthConfig, 'accountUrl' | 'authUrl' | 'clientId' | 'defaultTenant' | 'retry' | 'retryDelay' | 'logger'> {
-  /**
-   * The URL to redirect to when the user logs out.
-   * @default location.origin
-   */
-  loginUrl?: string,
-  /**
-   * The URL to redirect to when the login completes in the authentication app. If not provided, will be the same as `loginUrl`.
-   * @default loginUrl
-   */
-  redirectUrl?: string,
-  /**
-   * Forbidden authentication types to this Session Manager.
-   */
-  blockedAuthTypes?: ThirdPartyAuthType[]
-  /**
-   * A URL to send login events to (observability).
-   */
-  rdUrl?: string,
-}
-type AuthExtraData = { from?: string | null, finalRedirect?: string | null }
-type ChangeListener = (session: Session | undefined) => void
-/**
- * Controls the current session in a browser.
- *
- * This should not be used under a Node.JS environment.
- *
- * This is a singleton. To create the first instance or recover the current one, use `SessionManager.create`.
- */
-export class SessionManager {
-  private current: Session | undefined
-  private readonly auth: AuthManager<AuthExtraData>
-  private config: SessionManagerConfig
-  private changeListeners: ChangeListener[] = []
-  private logger: GenericLogger
-  static instance: SessionManager | undefined
-  private constructor(config: SessionManagerConfig) {
-    config.loginUrl ||= location.origin
-    const redirectUrl = (config.redirectUrl || config.loginUrl).replace(/([^/])$/, '$1/') // the trailing "/" is required by Stackspot IAM.
-    this.config = config
-    this.auth = new AuthManager<AuthExtraData>({
-      ...config,
-      redirectUrl,
-      storage: localStorage,
-      sessionPersistence: {
-        load: () => localStorage.getItem(sessionKey),
-        save: (session) => localStorage.setItem(sessionKey, session),
-      },
-    })
-    this.logger = this.auth.config.logger
-    SessionManager.instance = this
-    // Keep session in sync with other app's session
-    addEventListener('focus', () => this.validateSharedSession())
-  }
-  static create(config: SessionManagerConfig) {
-    return SessionManager.instance ?? new SessionManager(config)
-  }
-  private setSession(session: Session | undefined) {
-    this.current = session
-    this.changeListeners.forEach(l => l(session))
-    if (session) this.setSessionCookie(session)
-  }
-  async restoreSession() {
-    const session = await this.auth.restoreSession()
-    this.logger.log('Validating shared session.')
-    const sessionValid = await this.validateSharedSession(session)
-    this.setSession(sessionValid ? session : undefined)
-  }
-  async validateSharedSession(session: Session | undefined = this.current): Promise<boolean> {
-    // skipping because authentication is in progress
-    if (this.urlHasThirdPartyLoginData()) {
-      this.logger.log('Session is invalid because there\'s another authentication in progress.')
-      return false
-    }
-    const sharedSessionCookie = sessionCookie.get()
-    // It has been logged out on another portal, so logout on this one too
-    if (!sharedSessionCookie) {
-      this.logger.log('Session is invalid because no shared session cookie was found, i.e, a logout was performed in another portal. Forcing log off.')
-      session && await this.logout()
-      return false
-    }
-    const isDifferentSessionActive = sharedSessionCookie.sub != session?.getTokenData().sub
-    const isSharedSessionTypeBlocked = this.config.blockedAuthTypes?.includes(sharedSessionCookie.type)
-    if (isSharedSessionTypeBlocked) {
-      this.logger.log('Session is invalid because shared sessions have been blocked in the SessionManager\'s configuration (blockedAuthTypes).')
-      return false
-    } else if (isDifferentSessionActive || !session) {
-      this.logger.log(isDifferentSessionActive
-        ? 'Session is invalid because a different session is already active.'
-        : 'Session is invalid because it\'s undefined.'
-      )
-      this.logger.log('Starting login with tenant from the session cookie.')
-      await this.startThirdPartyLoginUsingTenant(sharedSessionCookie)
-      return false
-    }
-    return true
-  }
-  hasSession() {
-    return !!this.current && !this.current.isExpired()
-  }
-  getSession() {
-    if (!this.hasSession()) {
-      this.endSession()
-      throw new Error('Session is not available, redirecting to login.')
-    }
-    return this.current!
-  }
-  async endSession(redirectToLogin = true) {
-    this.current = undefined
-    localStorage.removeItem(sessionKey)
-    sessionCookie.delete()
-    if (redirectToLogin && this.config.loginUrl) await redirect(this.config.loginUrl)
-  }
-  async restartSession() {
-    await this.logout({ endSession: false })
-    this.current = undefined
-    localStorage.removeItem(sessionKey)
-    await this.restoreSession()
-  }
-  async logout({ endSession }: { endSession?: boolean } | undefined = { endSession: true }) {
-    try {
-      await this.current?.logout()
-    } catch (error) {
-      // eslint-disable-next-line no-console
-      console.error(`Could not logout from IDM.\n${error}`)
-    }
-    if (!endSession) return
-    await this.endSession()
-  }
-  async startThirdPartyLogin(data: ThirdPartyLoginParams) {
-    const params = new URLSearchParams(location.search)
-    const authUrl = await this.auth.startThirdPartyLogin(data, {
-      from: location.href,
-      finalRedirect: params.get('finalRedirect'),
-    })
-    await redirect(authUrl)
-  }
-  urlHasThirdPartyLoginData() {
-    const url = new URL(location.toString())
-    return url.searchParams.has('state') && !url.searchParams.has('error')
-  }
-  async startThirdPartyLoginUsingTenant(data: ThirdPartyLoginParams) {
-    const params = new URLSearchParams(location.search)
-    const cookie = sessionCookie.get()
-    if (!cookie || !cookie.tenant) {
-      this.logger.log('Login out because no tenant information is available in the following data:', JSON.stringify(data))
-      //If no tenant is available we should log out the user
-      await this.logout()
-      return
-    }
-    const authUrl = await this.auth.getThirdPartyLoginFromTenant(data, cookie.tenant, {
-      from: location.href,
-      finalRedirect: params.get('finalRedirect'),
-    }
-    )
-    await redirect(authUrl)
-  }
-  async completeThirdPartyLogin() {
-    const url = new URL(location.toString())
-    if (url.searchParams.has('error')) {
-      throw new Error(`Error while signing in: ${url.searchParams.get('error_description')}`)
-    }
-    const { session, data: { from, finalRedirect } } = await this.auth.completeThirdPartyLogin(location.search)
-    this.setSession(session)
-    history.replaceState(null, '', from || location.toString().replace(/\?.*$/, ''))
-    this.sendLoginEventRd(this.current?.getTokenData())
-    if (finalRedirect) await redirect(finalRedirect)
-  }
-  getEmailForLogin() {
-    const session = sessionCookie.get()
-    return session?.type == 'sso' ? session.email : undefined
-  }
-  async switchAccount(accountId: string) {
-    this.logger.log('Switching accounts', accountId, this.current?.getTokenData().account_id_v2)
-    try {
-      this.current && await this.auth.switchAccount(accountId, this.current)
-    } catch (error) {
-      this.logger.error('Error while switching accounts', error)
-      throw error
-    }
-    this.setSession(this.current)
-  }
-  onChange(listener: ChangeListener) {
-    this.changeListeners.push(listener)
-    return () => {
-      const index = this.changeListeners.indexOf(listener)
-      if (index != -1) this.changeListeners.splice(index, 1)
-    }
-  }
-  private setSessionCookie(session: Session) {
-    const { email, account_type, sub, tenant } = session.getTokenData()
-    const { provider, refresh_expires_in } = session.getSessionData()
-    if (!email || !sub || !tenant) return
-    const isFreemium = account_type == 'FREEMIUM'
-    const cookieAttributes =  { 'Max-Age': refresh_expires_in,  path: '/' }
-    if (isFreemium) {
-      sessionCookie.set({ type: 'idp', provider: provider!, sub, tenant }, cookieAttributes)
-    } else {
-      sessionCookie.set({ email, type: 'sso', sub, tenant }, cookieAttributes)
-    }
-  }
-  private async sendLoginEventRd(tokenData?: AccessTokenPayload) {
-    if (!this.config.rdUrl) return
-    if (!tokenData) {
-      // eslint-disable-next-line no-console
-      console.error('Unable to trigger login hook. No sessionEmail or name identified.')
-      return
-    }
-    const { email, name, account_type, client_id, account_name, trial_account_status } = tokenData
-    const isLoginAI = client_id === "stackspot-portal-ai"
-    const isLoginEDP = client_id === "stackspot-portal"
-    if (!isLoginAI && !isLoginEDP && trial_account_status === 'PENDING') return
-    const leadType = account_type === 'FREEMIUM' ? 'TRIAL' : 'ENTERPRISE'
-    const rdObject = {
-      event_type: 'CONVERSION',
-      event_family: 'CDP',
-      payload: {
-        email,
-        name,
-        conversion_identifier: isLoginAI ? 'login_ai' : 'login_edp',
-        cf_leadtype: leadType,
-        cf_account_name: leadType === 'TRIAL' ? leadType : account_name,
-      },
-    }
-    const response = await fetch(this.config.rdUrl, {
-      method: 'POST',
-      body: JSON.stringify(rdObject),
-      headers: {
-        'content-type': 'application/json',
-      },
-    })
-    const data = await response.json()
-    if (!response.ok) {
-      // eslint-disable-next-line no-console
-      console.error('Error while sending event to RD Station', data)
-    }
-  }
-  async getTrialEnabledProviders() {
-    try {
-      const response = await fetch(`${this.config.accountUrl}/v1/accounts/trial/sso`)
-      const trialProviders = await response.json()
-      if (!response.ok) {
-        // eslint-disable-next-line no-console
-        console.error('Error while fetching available login providers', trialProviders)
-      }
-      const providerKeys = Object.keys(trialProviders || {})
-      return providerKeys.filter(key => trialProviders[key] === true)
-    } catch (error) {
-      console.error('Error while fetching available login providers', error)
-      return []
-    }
-  }
-}
+import { AccessTokenPayload, AuthConfig, AuthManager, GenericLogger, Session, ThirdPartyAuthType, ThirdPartyLoginParams } from '@stack-spot/auth'
+import { sessionCookie } from './utils/cookies'
+import { redirect } from './utils/redirect'
+const sessionKey = 'session'
+interface SessionManagerConfig extends Pick<AuthConfig, 'accountUrl' | 'authUrl' | 'clientId' | 'defaultTenant' | 'retry' | 'retryDelay' | 'logger'> {
+  /**
+   * The URL to redirect to when the user logs out.
+   * @default location.origin
+   */
+  loginUrl?: string,
+  /**
+   * The URL to redirect to when the login completes in the authentication app. If not provided, will be the same as `loginUrl`.
+   * @default loginUrl
+   */
+  redirectUrl?: string,
+  /**
+   * Forbidden authentication types to this Session Manager.
+   */
+  blockedAuthTypes?: ThirdPartyAuthType[]
+  /**
+   * A URL to send login events to (observability).
+   */
+  rdUrl?: string,
+}
+type AuthExtraData = { from?: string | null, finalRedirect?: string | null }
+type ChangeListener = (session: Session | undefined) => void
+/**
+ * Controls the current session in a browser.
+ *
+ * This should not be used under a Node.JS environment.
+ *
+ * This is a singleton. To create the first instance or recover the current one, use `SessionManager.create`.
+ */
+export class SessionManager {
+  private current: Session | undefined
+  private readonly auth: AuthManager<AuthExtraData>
+  private config: SessionManagerConfig
+  private changeListeners: ChangeListener[] = []
+  private logger: GenericLogger
+  static instance: SessionManager | undefined
+  private constructor(config: SessionManagerConfig) {
+    config.loginUrl ||= location.origin
+    const redirectUrl = (config.redirectUrl || config.loginUrl).replace(/([^/])$/, '$1/') // the trailing "/" is required by Stackspot IAM.
+    this.config = config
+    this.auth = new AuthManager<AuthExtraData>({
+      ...config,
+      redirectUrl,
+      storage: localStorage,
+      sessionPersistence: {
+        load: () => localStorage.getItem(sessionKey),
+        save: (session) => localStorage.setItem(sessionKey, session),
+      },
+    })
+    this.logger = this.auth.config.logger
+    SessionManager.instance = this
+    // Keep session in sync with other app's session
+    addEventListener('focus', () => this.validateSharedSession())
+  }
+  static create(config: SessionManagerConfig) {
+    return SessionManager.instance ?? new SessionManager(config)
+  }
+  private setSession(session: Session | undefined) {
+    this.current = session
+    this.changeListeners.forEach(l => l(session))
+    if (session) this.setSessionCookie(session)
+  }
+  async restoreSession() {
+    const session = await this.auth.restoreSession()
+    this.logger.log('Validating shared session.')
+    const sessionValid = await this.validateSharedSession(session)
+    this.setSession(sessionValid ? session : undefined)
+  }
+  async validateSharedSession(session: Session | undefined = this.current): Promise<boolean> {
+    // skipping because authentication is in progress
+    if (this.urlHasThirdPartyLoginData()) {
+      this.logger.log('Session is invalid because there\'s another authentication in progress.')
+      return false
+    }
+    const sharedSessionCookie = sessionCookie.get()
+    // It has been logged out on another portal, so logout on this one too
+    if (!sharedSessionCookie) {
+      this.logger.log('Session is invalid because no shared session cookie was found, i.e, a logout was performed in another portal. Forcing log off.')
+      session && await this.logout()
+      return false
+    }
+    const isDifferentSessionActive = sharedSessionCookie.sub != session?.getTokenData().sub
+    const isSharedSessionTypeBlocked = this.config.blockedAuthTypes?.includes(sharedSessionCookie.type)
+    if (isSharedSessionTypeBlocked) {
+      this.logger.log('Session is invalid because shared sessions have been blocked in the SessionManager\'s configuration (blockedAuthTypes).')
+      return false
+    } else if (isDifferentSessionActive || !session) {
+      this.logger.log(isDifferentSessionActive
+        ? 'Session is invalid because a different session is already active.'
+        : 'Session is invalid because it\'s undefined.'
+      )
+      this.logger.log('Starting login with tenant from the session cookie.')
+      await this.startThirdPartyLoginUsingTenant(sharedSessionCookie)
+      return false
+    }
+    return true
+  }
+  hasSession() {
+    return !!this.current && !this.current.isExpired()
+  }
+  getSession() {
+    if (!this.hasSession()) {
+      if (!this.current) {
+        this.logger.warn('getSession() was called, but no session object available in memory. i.e. the user is not logged in.')
+      } else {
+        const data = {
+          createdAt: `${new Date(this.current.getSessionData().clientTimeMs)}`,
+          expiresIn: `${this.current.getSessionData().expires_in}ms`,
+          mustBeRefreshedIn: `${this.current.getSessionData().refresh_expires_in}ms`,
+          state: this.current.getSessionData().session_state,
+        }
+        this.logger.warn(
+          `getSession() was called, but the current session is expired. See the details below\n${JSON.stringify(data, null, 2)}`,
+        )
+      }
+      this.endSession()
+      throw new Error('Session is not available, redirecting to login.')
+    }
+    return this.current!
+  }
+  async endSession(redirectToLogin = true) {
+    this.logger.log('Running the end session routine.')
+    this.current = undefined
+    localStorage.removeItem(sessionKey)
+    sessionCookie.delete()
+    if (redirectToLogin && this.config.loginUrl) {
+      this.logger.log('Redirecting to the login page.')
+      await redirect(this.config.loginUrl)
+    }
+  }
+  async restartSession() {
+    await this.logout({ endSession: false })
+    this.current = undefined
+    localStorage.removeItem(sessionKey)
+    await this.restoreSession()
+  }
+  async logout({ endSession }: { endSession?: boolean } | undefined = { endSession: true }) {
+    try {
+      await this.current?.logout()
+    } catch (error) {
+      // eslint-disable-next-line no-console
+      console.error(`Could not logout from IDM.\n${error}`)
+    }
+    if (!endSession) return
+    await this.endSession()
+  }
+  async startThirdPartyLogin(data: ThirdPartyLoginParams) {
+    const params = new URLSearchParams(location.search)
+    const authUrl = await this.auth.startThirdPartyLogin(data, {
+      from: location.href,
+      finalRedirect: params.get('finalRedirect'),
+    })
+    await redirect(authUrl)
+  }
+  urlHasThirdPartyLoginData() {
+    const url = new URL(location.toString())
+    return url.searchParams.has('state') && !url.searchParams.has('error')
+  }
+  async startThirdPartyLoginUsingTenant(data: ThirdPartyLoginParams) {
+    const params = new URLSearchParams(location.search)
+    const cookie = sessionCookie.get()
+    if (!cookie || !cookie.tenant) {
+      this.logger.log('Login out because no tenant information is available in the following data:', JSON.stringify(data))
+      //If no tenant is available we should log out the user
+      await this.logout()
+      return
+    }
+    const authUrl = await this.auth.getThirdPartyLoginFromTenant(data, cookie.tenant, {
+      from: location.href,
+      finalRedirect: params.get('finalRedirect'),
+    }
+    )
+    await redirect(authUrl)
+  }
+  async completeThirdPartyLogin() {
+    const url = new URL(location.toString())
+    if (url.searchParams.has('error')) {
+      throw new Error(`Error while signing in: ${url.searchParams.get('error_description')}`)
+    }
+    const { session, data: { from, finalRedirect } } = await this.auth.completeThirdPartyLogin(location.search)
+    this.setSession(session)
+    history.replaceState(null, '', from || location.toString().replace(/\?.*$/, ''))
+    this.sendLoginEventRd(this.current?.getTokenData())
+    if (finalRedirect) await redirect(finalRedirect)
+  }
+  getEmailForLogin() {
+    const session = sessionCookie.get()
+    return session?.type == 'sso' ? session.email : undefined
+  }
+  async switchAccount(accountId: string) {
+    this.logger.log('Switching accounts', accountId, this.current?.getTokenData().account_id_v2)
+    try {
+      this.current && await this.auth.switchAccount(accountId, this.current)
+    } catch (error) {
+      this.logger.error('Error while switching accounts', error)
+      throw error
+    }
+    this.setSession(this.current)
+  }
+  onChange(listener: ChangeListener) {
+    this.changeListeners.push(listener)
+    return () => {
+      const index = this.changeListeners.indexOf(listener)
+      if (index != -1) this.changeListeners.splice(index, 1)
+    }
+  }
+  private setSessionCookie(session: Session) {
+    const { email, account_type, sub, tenant } = session.getTokenData()
+    const { provider, refresh_expires_in } = session.getSessionData()
+    if (!email || !sub || !tenant) return
+    const isFreemium = account_type == 'FREEMIUM'
+    const cookieAttributes =  { 'Max-Age': refresh_expires_in,  path: '/' }
+    if (isFreemium) {
+      sessionCookie.set({ type: 'idp', provider: provider!, sub, tenant }, cookieAttributes)
+    } else {
+      sessionCookie.set({ email, type: 'sso', sub, tenant }, cookieAttributes)
+    }
+  }
+  private async sendLoginEventRd(tokenData?: AccessTokenPayload) {
+    if (!this.config.rdUrl) return
+    if (!tokenData) {
+      // eslint-disable-next-line no-console
+      console.error('Unable to trigger login hook. No sessionEmail or name identified.')
+      return
+    }
+    const { email, name, account_type, client_id, account_name, trial_account_status } = tokenData
+    const isLoginAI = client_id === "stackspot-portal-ai"
+    const isLoginEDP = client_id === "stackspot-portal"
+    if (!isLoginAI && !isLoginEDP && trial_account_status === 'PENDING') return
+    const leadType = account_type === 'FREEMIUM' ? 'TRIAL' : 'ENTERPRISE'
+    const rdObject = {
+      event_type: 'CONVERSION',
+      event_family: 'CDP',
+      payload: {
+        email,
+        name,
+        conversion_identifier: isLoginAI ? 'login_ai' : 'login_edp',
+        cf_leadtype: leadType,
+        cf_account_name: leadType === 'TRIAL' ? leadType : account_name,
+      },
+    }
+    const response = await fetch(this.config.rdUrl, {
+      method: 'POST',
+      body: JSON.stringify(rdObject),
+      headers: {
+        'content-type': 'application/json',
+      },
+    })
+    const data = await response.json()
+    if (!response.ok) {
+      // eslint-disable-next-line no-console
+      console.error('Error while sending event to RD Station', data)
+    }
+  }
+  async getTrialEnabledProviders() {
+    try {
+      const response = await fetch(`${this.config.accountUrl}/v1/accounts/trial/sso`)
+      const trialProviders = await response.json()
+      if (!response.ok) {
+        // eslint-disable-next-line no-console
+        console.error('Error while fetching available login providers', trialProviders)
+      }
+      const providerKeys = Object.keys(trialProviders || {})
+      return providerKeys.filter(key => trialProviders[key] === true)
+    } catch (error) {
+      console.error('Error while fetching available login providers', error)
+      return []
+    }
+  }
+}