@steedos/accounts 2.2.52-beta.38 → 2.2.52-beta.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/database-mongo/mongo.js +12 -12
- package/lib/database-mongo/mongo.js.map +1 -1
- package/lib/index.js +2 -19
- package/lib/index.js.map +1 -1
- package/package.json +9 -13
- package/src/database-mongo/mongo.ts +26 -26
- package/src/index.ts +2 -16
- package/lib/oauth2/client.js +0 -1
- package/lib/oauth2/client.js.map +0 -1
- package/lib/oauth2/config.js +0 -14
- package/lib/oauth2/config.js.map +0 -1
- package/lib/oauth2/consent.js +0 -192
- package/lib/oauth2/consent.js.map +0 -1
- package/lib/oauth2/login.js +0 -166
- package/lib/oauth2/login.js.map +0 -1
- package/lib/oauth2/logout.js +0 -60
- package/lib/oauth2/logout.js.map +0 -1
- package/lib/oauth2/stub/oidc-cert.js +0 -67
- package/lib/oauth2/stub/oidc-cert.js.map +0 -1
- package/lib/saml-idp/config.js +0 -82
- package/lib/saml-idp/config.js.map +0 -1
- package/lib/saml-idp/connectedApps.js +0 -20
- package/lib/saml-idp/connectedApps.js.map +0 -1
- package/lib/saml-idp/express-middleware.js +0 -684
- package/lib/saml-idp/express-middleware.js.map +0 -1
- package/lib/saml-idp/index.js +0 -13
- package/lib/saml-idp/index.js.map +0 -1
- package/lib/saml-idp/simpleProfileMapper.js +0 -75
- package/lib/saml-idp/simpleProfileMapper.js.map +0 -1
- package/src/oauth2/client.ts +0 -0
- package/src/oauth2/config.ts +0 -15
- package/src/oauth2/consent.ts +0 -208
- package/src/oauth2/login.ts +0 -179
- package/src/oauth2/logout.ts +0 -66
- package/src/oauth2/stub/oidc-cert.ts +0 -86
- package/src/saml-idp/config.js +0 -85
- package/src/saml-idp/connectedApps.ts +0 -16
- package/src/saml-idp/express-middleware.js +0 -811
- package/src/saml-idp/index.ts +0 -14
- package/src/saml-idp/simpleProfileMapper.js +0 -82
- package/src/saml-idp/views/error.hbs +0 -11
- package/src/saml-idp/views/layout.hbs +0 -72
- package/src/saml-idp/views/samlresponse.hbs +0 -20
- package/src/saml-idp/views/settings.hbs +0 -175
- package/src/saml-idp/views/user.hbs +0 -261
- package/views/oauth2/consent.pug +0 -141
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"express-middleware.js","sourceRoot":"","sources":["../../src/saml-idp/express-middleware.js"],"names":[],"mappings":"AACA;;GAEG;;AAEH,IAAM,KAAK,GAAiB,OAAO,CAAC,OAAO,CAAC,EACtC,OAAO,GAAe,OAAO,CAAC,SAAS,CAAC,EACxC,EAAE,GAAoB,OAAO,CAAC,IAAI,CAAC,EACnC,EAAE,GAAoB,OAAO,CAAC,IAAI,CAAC,EACnC,IAAI,GAAkB,OAAO,CAAC,MAAM,CAAC,EACrC,KAAK,GAAiB,OAAO,CAAC,OAAO,CAAC,EACtC,IAAI,GAAkB,OAAO,CAAC,MAAM,CAAC,EACrC,MAAM,GAAgB,OAAO,CAAC,QAAQ,CAAC,EACvC,GAAG,GAAmB,OAAO,CAAC,KAAK,CAAC,EACpC,MAAM,GAAgB,OAAO,CAAC,QAAQ,CAAC,EACvC,UAAU,GAAY,OAAO,CAAC,aAAa,CAAC,EAC5C,OAAO,GAAe,OAAO,CAAC,iBAAiB,CAAC,EAChD,KAAK,GAAiB,OAAO,CAAC,aAAa,CAAC,EAC5C,SAAS,GAAa,OAAO,CAAC,eAAe,CAAC,EAC9C,KAAK,GAAiB,OAAO,CAAC,OAAO,CAAC,EACtC,MAAM,GAAgB,OAAO,CAAC,QAAQ,CAAC,CAAC,SAAS,EACjD,mBAAmB,GAAG,OAAO,CAAC,+BAA+B,CAAC,EAC9D,mBAAmB,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;AAEhE;;GAEG;AAEH,IAAM,SAAS,GAAG;IAChB,GAAG,EAAE,UAAU;IACf,GAAG,EAAE,UAAU;IACf,QAAQ,EAAE,WAAW;IACrB,OAAO,EAAE,SAAS;IAClB,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,WAAW;CACtB,CAAA;AACD,IAAM,YAAY,GAAG;IACnB,MAAM;IACN,KAAK;IACL,gBAAgB;IAChB,qBAAqB;IACrB,iBAAiB;IACjB,WAAW;CACZ,CAAC;AACF,IAAM,kBAAkB,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AAC7C,IAAM,eAAe,GAAG,MAAM,CAAC;AAC/B,IAAM,WAAW,GAAG;IAClB,WAAW,EAAE,2DAA2D;IACxE,iBAAiB,EAAE,uEAAuE;IAC1F,YAAY,EAAE,6DAA6D;CAC5E,CAAC;AACF,IAAM,kBAAkB,GAAG,MAAM,CAAC,KAAK,mUAAA,4SAME,IACxC,CAAC;AAEF,SAAS,eAAe,CAAC,KAAK,EAAE,IAAI;IAClC,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,eAAe,CAAC,QAAQ;IAE/B,IAAI,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;QACpC,6EAA6E;QAC7E,IAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,UAAG,SAAS,MAAG,CAAC,CAAC,CAAC;QACxF,OAAO,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,YAAY,CAAC;KACpD;IACD,IAAI,YAAY,CAAC;IACjB,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;QAC3B,OAAO,QAAQ,CAAC;KACjB;IACD,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QAC7B,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE;YAC/B,OAAO,YAAY,CAAC;SACrB;aAAM;YACL,6CAA6C;YAC7C,OAAO,QAAQ,CAAC;SACjB;KACF;IACD,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC;SACpB,GAAG,CAAC,UAAA,IAAI,IAAI,OAAA,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,EAA5B,CAA4B,CAAC;SACzC,IAAI,CAAC,UAAA,YAAY,IAAI,OAAA,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAA3B,CAA2B,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ;IACtD,OAAO,SAAS,eAAe,CAAC,KAAK;QACnC,IAAI,eAAe,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE;YAChC,OAAO,KAAK,CAAC;SACd;QAED,IAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,QAAQ,EAAE;YACZ,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;SACjC;QACD,MAAM,IAAI,KAAK,CACb,KAAK,+HAAA,+BAAgC,EAAW,uDAAwD,EAA+B,EAAE,IAApG,WAAW,EAAwD,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,EACxI,CAAA;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,GAAG;IACtB,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACjC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QAC/B,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,GAAG,CAAC,CAAC,IAAI,IAAE,CAAC,CAAC,GAAC,IAAI,CAAC,GAAC,IAAI,CAAC;QAC7B,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,2BAA2B;KAChD;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,MAAM,CAAC,GAAG;IACjB,2EAA2E;IAC3E,IAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACpC,IAAI,CAAC,KAAK,EAAE;QACV,OAAO,GAAG,CAAC;KACZ;IACD,IAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,YAAK,KAAK,CAAC,CAAC,CAAC,CAAE,EAAE,GAAG,CAAC,CAAC;IAClD,OAAO,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAG,EAAE,KAAK;IACnC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;QAC7B,OAAO,KAAK,CAAC;KACd;IACD,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QAC9B,OAAO,KAAK,uDAAA,EAAG,EAIf,gBAAW,IAHT,KAAK,CAAC,QAAQ,EAAE;aACb,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC;aAChC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EACT;KACb;IACD,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,KAAK,EAAE;QAC7B,OAAO,eAAe,CAAC;KACxB;IACD,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE;QAC/B,IAAM,KAAK,GAAG,UAAG,KAAK,CAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;KAC9B;IACD,OAAO,UAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAE,CAAC;AACpC,CAAC;AAED,SAAS,cAAc,CAAC,GAAG,EAAE,MAAM;IACjC,8EAA8E;IAC9E,IAAM,SAAS,GAAG,SAAS,CAAC,GAAG,EAAE,EAAC,WAAW,EAAE,IAAI,EAAC,CAAC;QACnD,kCAAkC;SACjC,OAAO,CAAC,uCAAuC,EAAE,KAAK,8DAAA,2BAA2B,IAAC;QACnF,kCAAkC;SACjC,OAAO,CAAC,oBAAoB,EAAE,KAAK,8DAAA,2BAAyB,IAAC,CAAC;IACjE,IAAI,MAAM,EAAE;QACV,OAAO,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,YAAK,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAE,CAAC,CAAC;KAChE;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAAI,EAAE,OAAO;IAChC,IAAI,QAAQ,CAAC;IAEb,IAAI,OAAO,EAAE;QACX,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;KACxC;SAAM;QACL,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;KACxB;IACD,OAAO,QAAQ;SACZ,KAAK,CAAC,oDAAoD;QACvD,2GAA2G;QAC3G,8CAA8C,CAAC;SAClD,KAAK,CAAC,EAAC,CAAC,EAAE,MAAM,EAAC,CAAC;SAClB,OAAO,CAAC;QACP,IAAI,EAAE;YACJ,WAAW,EAAE,8BAA8B;YAC3C,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,WAAW;SACrB;QACD,IAAI,EAAE;YACJ,WAAW,EAAE,8BAA8B;YAC3C,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,GAAG;YACV,OAAO,EAAE,IAAI;SACd;QACD,IAAI,EAAE;YACJ,WAAW,EAAE,qCAAqC;YAClD,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,uBAAuB;YAChC,MAAM,EAAE,mBAAmB,CAAC,aAAa,EAAE,qCAAqC,EAAE,kBAAkB,CAAC;SACtG;QACD,GAAG,EAAE;YACH,WAAW,EAAE,sCAAsC;YACnD,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,uBAAuB;YAChC,MAAM,EAAE,mBAAmB,CAAC,iBAAiB,EAAE,sCAAsC,EAAE,kBAAkB,CAAC;SAC3G;QACD,MAAM,EAAE;YACN,WAAW,EAAE,gBAAgB;YAC7B,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,iBAAiB;SAC3B;QACD,MAAM,EAAE;YACN,WAAW,EAAE,2BAA2B;YACxC,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,KAAK;SACb;QACD,MAAM,EAAE;YACN,WAAW,EAAE,sBAAsB;YACnC,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,KAAK;SACb;QACD,QAAQ,EAAE;YACR,WAAW,EAAE,iBAAiB;YAC9B,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,KAAK;SACb;QACD,iBAAiB,EAAE;YACjB,WAAW,EAAE,sBAAsB;YACnC,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,MAAM;YACb,MAAM,EAAE,IAAI;SACb;QACD,UAAU,EAAE;YACV,WAAW,EAAE,0CAA0C;YACvD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,IAAI;SACZ;QACD,oBAAoB,EAAE;YACpB,WAAW,EAAE,wEAAwE;YACrF,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,KAAK;SACf;QACD,gBAAgB,EAAE;YAChB,WAAW,EAAE,uCAAuC;YACpD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,KAAK;SACf;QACD,cAAc,EAAE;YACd,WAAW,EAAE,+CAA+C;YAC5D,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,mBAAmB,CAAC,aAAa,EAAE,iBAAiB,CAAC;SAC9D;QACD,mBAAmB,EAAE;YACnB,WAAW,EAAE,mDAAmD;gBAChE,oDAAoD;YACpD,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,QAAQ;YACf,MAAM,EAAE,mBAAmB,CAAC,YAAY,EAAE,uBAAuB,CAAC;SACnE;QACD,eAAe,EAAE;YACf,WAAW,EAAE,sCAAsC;YACnD,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,mBAAmB,CAAC,iBAAiB,CAAC;SAC/C;QACD,SAAS,EAAE;YACT,WAAW,EAAE,sCAAsC;YACnD,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,mBAAmB,CAAC,aAAa,CAAC;SAC3C;QACD,KAAK,EAAE;YACL,WAAW,EAAE,iEAAiE;YAC9E,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;SACf;QACD,YAAY,EAAE;YACZ,WAAW,EAAE,8BAA8B;YAC3C,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,cAAc;SACtB;QACD,UAAU,EAAE;YACV,WAAW,EAAE,sCAAsC;YACnD,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,oBAAoB;YAC7B,KAAK,EAAE,MAAM;SACd;QACD,WAAW,EAAE;YACX,WAAW,EAAE,qFAAqF;YAClG,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;SACf;QACD,oBAAoB,EAAE;YACpB,WAAW,EAAE,wCAAwC;YACrD,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,mEAAmE;YAC5E,KAAK,EAAE,KAAK;SACb;QACD,gBAAgB,EAAE;YAChB,WAAW,EAAE,mDAAmD;YAChE,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,UAAU,KAAK;gBACrB,IAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;gBACxC,IAAI,QAAQ,EAAE;oBACZ,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;iBACzC;YACH,CAAC;SACF;KACF,CAAC;SACD,OAAO,CAAC,qIAAqI,EAAE,EAAE,CAAC;SAClJ,KAAK,CAAC,UAAS,IAAI,EAAE,OAAO;QAC3B,IAAI,IAAI,CAAC,gBAAgB,EAAE;YACzB,IAAI,IAAI,CAAC,mBAAmB,KAAK,SAAS,EAAE;gBAC1C,OAAO,wEAAwE,CAAC;aACjF;YACD,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE;gBACrC,OAAO,mEAAmE,CAAC;aAC5E;SACF;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;SACD,KAAK,CAAC,UAAS,IAAI,EAAE,OAAO;QAC3B,IAAI,IAAI,CAAC,MAAM,EAAE;YACf,OAAO,IAAI,CAAC;SACb;QACD,IAAM,cAAc,GAAG,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAExD,IAAI,CAAC,cAAc,EAAE;YACnB,OAAO,mCAAmC,GAAG,IAAI,CAAC,UAAU,GAAG,0BAA0B,CAAC;SAC3F;QACD,IAAI;YACF,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;SACvC;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,qEAAqE,GAAG,cAAc,GAAG,MAAM,GAAG,KAAK,CAAC;SAChH;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;SACD,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,IAAM,GAAG,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;AAE7B,SAAS,UAAU,CAAC,IAAI;IAEtB,IAAM,MAAM,GAAG,EAAE,CAAC;IAElB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,osBAAA,oCAEZ,EAAS,GAAI,EAAS,qCAEtB,EAAU,+EAKV,EAAW,6CAEX,EAAiB,yCAEjB,EAAqB,8DAErB,EAA4C,0DAE5C,EAAwC,0CAExC,EAAkC,yFAKlC,EAAyC,oCAEzC,EAAgC,+BAEhC,EAA8B,+BAE9B,EAA8B,gDAE9B,EAA0B,OACrC,IA/BW,IAAI,CAAC,IAAI,EAAI,IAAI,CAAC,IAAI,EAEtB,IAAI,CAAC,KAAK,EAKV,IAAI,CAAC,MAAM,EAEX,IAAI,CAAC,YAAY,EAEjB,IAAI,CAAC,gBAAgB,EAErB,IAAI,CAAC,oBAAoB,IAAI,eAAe,EAE5C,IAAI,CAAC,gBAAgB,IAAI,eAAe,EAExC,IAAI,CAAC,UAAU,IAAI,eAAe,EAKlC,IAAI,CAAC,iBAAiB,IAAI,eAAe,EAEzC,IAAI,CAAC,QAAQ,IAAI,eAAe,EAEhC,IAAI,CAAC,MAAM,IAAI,eAAe,EAE9B,IAAI,CAAC,MAAM,IAAI,eAAe,EAE9B,CAAC,IAAI,CAAC,oBAAoB,EACpC,CAAC,CAAC;IAGJ;;OAEG;IAEH,IAAM,UAAU,GAAG;QACjB,MAAM,EAAkB,IAAI,CAAC,MAAM;QACnC,iBAAiB,EAAO,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,QAAQ;QAC/D,IAAI,EAAoB,IAAI,CAAC,IAAI;QACjC,GAAG,EAAqB,IAAI,CAAC,GAAG;QAChC,QAAQ,EAAgB,IAAI,CAAC,QAAQ;QACrC,SAAS,EAAe,IAAI,CAAC,MAAM;QACnC,WAAW,EAAa,IAAI,CAAC,MAAM;QACnC,MAAM,EAAkB,IAAI,CAAC,MAAM;QACnC,MAAM,EAAkB,IAAI,CAAC,MAAM;QACnC,UAAU,EAAc,IAAI,CAAC,UAAU;QACvC,kBAAkB,EAAM,CAAC,IAAI,CAAC,oBAAoB;QAClD,eAAe,EAAS,QAAQ;QAChC,kBAAkB,EAAM,YAAY;QACpC,YAAY,EAAY,IAAI,CAAC,YAAY;QACzC,gBAAgB,EAAQ,IAAI,CAAC,gBAAgB;QAC7C,cAAc,EAAU,IAAI,CAAC,cAAc;QAC3C,mBAAmB,EAAK,IAAI,CAAC,mBAAmB;QAChD,mBAAmB,EAAK,6CAA6C;QACrE,sBAAsB,EAAE,iDAAiD;QACzE,iBAAiB,EAAO,IAAI;QAC5B,oBAAoB,EAAI,IAAI,CAAC,oBAAoB;QACjD,gBAAgB,EAAQ,IAAI,CAAC,gBAAgB;QAC7C,0BAA0B,EAAE,IAAI;QAChC,aAAa,EAAW,mBAAmB,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC9E,gBAAgB,EAAQ,SAAS,CAAC,GAAG;QACrC,oBAAoB,EAAI,SAAS,CAAC,GAAG;QACrC,mBAAmB,EAAK,IAAI,CAAC,MAAM,CAAC,CAAC;YACb;gBACE,QAAQ,EAAE,SAAS,CAAC,GAAG;gBACvB,IAAI,EAAE,SAAS,CAAC,GAAG;aACpB,CAAC,CAAC,CAAC,EAAE;QAC9B,kBAAkB,EAAM,UAAS,GAAG,IAAI,OAAO,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,UAAU,EAAc,UAAU,QAAQ,EAAE,eAAe,EAAE,GAAG,EAAE,QAAQ;YAChD,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;gBACnE,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;gBACzB,IAAI,CAAC,MAAM,CAAC,CAAC;QACjB,CAAC;QACzB,kBAAkB,EAAM,UAAS,YAAY;YACnB,IAAI,IAAI,CAAC,gBAAgB,EAAE;gBACzB,IAAI,OAAO,CAAC;gBACZ,IAAI;oBACF,OAAO,GAAG,IAAI,MAAM,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;iBAC/D;gBAAC,OAAM,GAAG,EAAC;oBACV,OAAO,CAAC,GAAG,CAAC,wDAAwD,EAAE,GAAG,CAAC,CAAC;iBAC5E;gBACD,IAAI,OAAO,EAAE;oBACX,IAAM,kBAAkB,GAAG,YAAY,CAAC,eAAe,CAAC,uCAAuC,EAAE,uBAAuB,CAAC,CAAC;oBAC1H,kBAAkB,CAAC,WAAW,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;oBACxD,IAAM,cAAc,GAAG,YAAY,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;oBACjF,cAAc,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;iBAChD;aACF;QACH,CAAC;QACzB,eAAe,EAAS,UAAS,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI;YACrC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,iRAAA,mEACW,EAAY,0GAEjC,EAAkC,6DACrB,IAHQ,IAAI,CAAC,OAAO,EAEjC,IAAI,CAAC,UAAU,IAAI,eAAe,EAE/C,CAAC,CAAC;YAEH,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;YAEpD,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE;gBACzB,MAAM,EAAE,IAAI,CAAC,OAAO;gBACpB,YAAY,EAAE,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACzC,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC,CAAC;QACL,CAAC;KAC1B,CAAA;IAED;;OAEG;IAEH,kDAAkD;IAClD,kDAAkD;IAClD,mDAAmD;IAEnD;;OAEG;IAEH,iCAAiC;IACjC,gDAAgD;IAChD,2CAA2C;IAE3C,mBAAmB;IACnB,GAAG,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAS,IAAI,EAAE,OAAO;QACjD,IAAI,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC,KAAK,EAAE;YACV,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;SAC3B;QAED,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,cAAc,CAAC,OAAO,EAAE,UAAS,IAAI;QACvC,IAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,kBAAkB;QAClB,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QAClB,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;IAGH,GAAG,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAS,QAAQ,EAAE,OAAO;QACrD,OAAO,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAC7B,IAAI,MAAM,CAAC,WAAW,GAAG,QAAQ,GAAG,IAAI,CAAC,EAAE,wBAAwB,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,UAAS,SAAS,EAAE,OAAO;QAC3D,OAAO,OAAO,CAAC,SAAS,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,cAAc,CAAC,WAAW,EAAE,UAAS,OAAO;QAC9C,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH;;OAEG;IAEH,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,kEAAkE,EAAE;QACjF,IAAI,EAAE,UAAU,GAAG,EAAE,GAAG;YAEpB,OAAO,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;QAChF,CAAC;KACJ,CAAC,CAAC,CAAC;IACJ,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;IACxD,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC;QACd,MAAM,EAAE,mFAAmF;QAC3F,MAAM,EAAE,KAAK;QACb,iBAAiB,EAAE,IAAI;QACvB,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE;KACnC,CAAC,CAAC,CAAC;IAEJ;;OAEG;IAEH,IAAM,QAAQ,GAAG,UAAU,GAAG,EAAE,GAAG,EAAE,IAAI;QACvC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE;YACjB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO;YACpB,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;IACL,CAAC,CAAA;IAED;;OAEG;IAEH,IAAM,gBAAgB,GAAG,UAAS,GAAG,EAAE,GAAG,EAAE,IAAI;QAC9C,KAAK,CAAC,YAAY,CAAC,GAAG,EAAE,UAAS,GAAG,EAAE,IAAI;YACxC,IAAI,GAAG,EAAE;gBACP,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE;oBACzB,OAAO,EAAE,iCAAiC,GAAG,GAAG,CAAC,OAAO;oBACxD,KAAK,EAAE,GAAG;iBACX,CAAC,CAAC;aACJ;YAAA,CAAC;YACF,IAAI,IAAI,EAAE;gBACR,GAAG,CAAC,YAAY,GAAG;oBACjB,UAAU,EAAE,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU;oBACvD,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,MAAM,EAAE,IAAI,CAAC,2BAA2B;oBACxC,UAAU,EAAE,IAAI,CAAC,UAAU,KAAK,MAAM;iBACvC,CAAC;gBACF,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC;aAC9D;YACD,IAAI,GAAG,CAAC,IAAI,IAAI,SAAS,EAAC;gBACxB,OAAO,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;aACjC;iBAAM;gBACL,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;gBACvC,GAAG,CAAC,QAAQ,CAAC,mCAAmC,GAAE,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC;gBACvF,OAAO,GAAG,CAAC,GAAG,EAAE,CAAC;aAClB;QACH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC;IAEF,IAAM,eAAe,GAAG,UAAS,GAAG;QAClC,IAAI,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE;YACtB,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;SACzD;IACH,CAAC,CAAA;IAED,IAAM,cAAc,GAAG,UAAS,GAAG;QACjC,OAAO;YACL,iBAAiB,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB;YACpD,YAAY,EAAE,eAAe,CAAC,GAAG,CAAC;YAClC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;YACzB,YAAY,EAAE,GAAG,CAAC,IAAI,CAAC,YAAY;YACnC,wBAAwB,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM;SACjD,CAAA;IACH,CAAC,CAAA;IAED,IAAM,kBAAkB,GAAG,UAAS,GAAG,EAAE,GAAG,EAAE,IAAI;QAChD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE;YAC3B,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE;gBACzB,OAAO,EAAE,iEAAiE;aAC3E,CAAC,CAAC;SACJ;QAAA,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,mDAAmD,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;QAElF,OAAO,KAAK,CAAC,MAAM,CAAC;YAClB,MAAM,EAAkB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM;YAC9C,IAAI,EAAoB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI;YAC5C,GAAG,EAAqB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG;YAC3C,eAAe,EAAS,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe;YACvD,kBAAkB,EAAM,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB;YAC1D,mBAAmB,EAAK,IAAI,mBAAmB,CAC/C;gBACE,GAAG,CAAC,WAAW;aAChB,CAAC;YACF,eAAe,EAAE,UAAS,QAAQ;gBAChC,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,GAAG,CAAC,OAAO,CAAC,EAAE,GAAG,kBAAkB,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;gBAC1F,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBACtB,QAAQ,EAAE,CAAC;YACb,CAAC;SACF,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACrB,CAAC,CAAA;IAED;;OAEG;IAEH,GAAG,CAAC,GAAG,CAAC,UAAS,GAAG,EAAE,GAAG,EAAE,IAAI;QAC7B,IAAI,IAAI,CAAC,WAAW,EAAE;YACpB,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,UAAS,GAAG;gBACjC,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC,CAAC,CAAC;SACJ;aAAM;YACL,IAAI,EAAE,CAAA;SACP;IACH,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,UAAS,GAAG,EAAE,GAAG,EAAE,IAAI;QAC7B,8BAA8B;QAC9B,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;QACpC,GAAG,CAAC,GAAG,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;QAClC,IAAI,GAAG,CAAC,IAAI;YACV,GAAG,CAAC,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,EAAE,gBAAgB,CAAC,CAAC;IACxD,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,EAAE,gBAAgB,CAAC,CAAC;IAEzD,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;IAC3C,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;IAE5C,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,UAAS,GAAG,EAAE,GAAG;QAC3C,IAAM,WAAW,GAAG,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,UAAS,GAAG;YACxC,IAAI,MAAM,CAAC;YACX,IAAI,GAAG,KAAK,eAAe,EAAE;gBAC3B,MAAM,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;gBAC7C,GAAG,CAAC,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;gBAEvD,4BAA4B;gBAC5B,WAAW,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC/C,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE;oBACjE,WAAW,CAAC,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC;oBAC7C,WAAW,CAAC,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC;oBAChD,WAAW,CAAC,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC;oBAClD,WAAW,CAAC,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,UAAU,CAAC;iBACtD;gBACD,IAAI,GAAG,CAAC,YAAY,CAAC,UAAU,EAAE;oBAC/B,WAAW,CAAC,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,UAAU,CAAC;iBACtD;aACF;iBAAM;gBACL,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aAC/B;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE;YACjC,OAAO,WAAW,CAAC,cAAc,CAAC;YAClC,OAAO,WAAW,CAAC,mBAAmB,CAAC;SACxC;QAED,oBAAoB;QACpB,WAAW,CAAC,YAAY,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QAEhD,+BAA+B;QAC/B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,uJAAA,oEAEH,EAEP,oCACgB,EAEhB,QACb,IANoB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,UAAC,EAAY;gBAAX,GAAG,QAAA,EAAE,KAAK,QAAA;YAAM,OAAA,KAAK,kEAAA,cACjE,EAAG,UAAW,EAAK,GAAG,IAAtB,GAAG,EAAW,KAAK;QADyC,CACtC,CACzB,CAAC,IAAI,CAAC,EAAE,CAAC,EACgB,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,UAAC,EAAY;gBAAX,GAAG,QAAA,EAAE,KAAK,QAAA;YAAM,OAAA,KAAK,kEAAA,cAC7E,EAAG,UAAW,EAA6B,GAAG,IAA9C,GAAG,EAAW,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC;QAD6B,CAC1B,CACjD,CAAC,IAAI,CAAC,EAAE,CAAC,EACZ,CAAC,CAAC;QACJ,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAS,GAAG,EAAE,GAAG,EAAE,IAAI;QACjD,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAS,GAAG,EAAE,GAAG,EAAE,IAAI;QAClD,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;YACvD,IAAI,eAAe,GAAG,KAAK,CAAC;YAC5B,IAAM,WAAS,GAAG;gBAChB,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,aAAa;gBAC1B,QAAQ,EAAE,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI;gBACnB,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE;gBACvC,UAAU,EAAE,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,OAAO;aAC3C,CAAC;YAEF,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAS,KAAK;gBACjC,IAAI,KAAK,CAAC,EAAE,KAAK,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE;oBACvC,KAAK,GAAG,WAAS,CAAC;oBAClB,eAAe,GAAG,IAAI,CAAC;iBACxB;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,eAAe,EAAE;gBACpB,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAS,CAAC,CAAC;aAC9B;YACD,OAAO,CAAC,GAAG,CAAC,uCAAuC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAA;YAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;SACvB;IACH,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAS,GAAG,EAAE,GAAG,EAAE,IAAI;QACjD,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE;YAC1B,OAAO,CAAC,GAAG,CAAC,wCAAwC,GAAG,GAAG,CAAC,IAAI,CAAC,QAAQ;gBACxE,sBAAsB,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/C,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;YACtE,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,UAAS,GAAG;gBAC9B,IAAI,GAAG,EAAE;oBACP,MAAM,GAAG,CAAC;iBACX;gBACD,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACvB,CAAC,CAAC,CAAA;SACH;IACH,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,UAAS,GAAG,EAAE,GAAG,EAAE,IAAI;QACnD,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE;YACrB,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO;SACrB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,UAAS,GAAG,EAAE,GAAG,EAAE,IAAI;QACpD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,UAAS,GAAG;YACxC,QAAO,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAC;gBACjC,KAAK,MAAM,CAAC;gBAAC,KAAK,KAAK,CAAC;gBAAC,KAAK,GAAG;oBAC/B,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;oBAC5B,MAAM;gBACR,KAAK,OAAO,CAAC;gBAAC,KAAK,IAAI,CAAC;gBAAC,KAAK,GAAG;oBAC/B,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;oBAC7B,MAAM;gBACR;oBACE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACrC,MAAM;aACT;YAED,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;gBAChC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;aACtD;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAChE,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;IAEH,yCAAyC;IACzC,GAAG,CAAC,GAAG,CAAC,UAAS,GAAG,EAAE,GAAG,EAAE,IAAI;QAC7B,IAAM,GAAG,GAAG,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACzC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC;QACjB,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC,CAAC,CAAC;IAEH,4BAA4B;IAC5B,GAAG,CAAC,GAAG,CAAC,UAAS,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI;QAClC,IAAI,GAAG,EAAE;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC;YAC9B,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE;gBAChB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,KAAK,EAAE,GAAG;aACb,CAAC,CAAC;SACJ;IACH,CAAC,CAAC,CAAC;AAEL,CAAC;AAED,SAAS,SAAS,CAAC,OAAO;IACxB,IAAM,IAAI,GAAG,WAAW,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACtC,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,IAAI;IACX,IAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AAGD,MAAM,CAAC,OAAO,GAAG;IACf,OAAO,EAAE;QACP,GAAG,EAAE,SAAS;QACd,iBAAiB,EAAE,GAAG;KACvB;CACF,CAAC"}
|
package/lib/saml-idp/index.js
DELETED
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
var express_middleware_1 = require("./express-middleware");
|
|
4
|
-
var connectedApps = require("./connectedApps").connectedApps;
|
|
5
|
-
var issuer = process.env.ROOT_URL ? process.env.ROOT_URL : 'http://127.0.0.1:4000/';
|
|
6
|
-
var app = connectedApps["salesforce"];
|
|
7
|
-
// samlIdp.run({
|
|
8
|
-
// issuer: app.issuer,
|
|
9
|
-
// acsUrl: app.acsUrl,
|
|
10
|
-
// audience: app.audience,
|
|
11
|
-
// });
|
|
12
|
-
exports.default = express_middleware_1.samlIdp.expressMiddleware;
|
|
13
|
-
//# sourceMappingURL=index.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/saml-idp/index.ts"],"names":[],"mappings":";;AAAA,2DAA+C;AAEvC,IAAA,aAAa,GAAK,OAAO,CAAC,iBAAiB,CAAC,cAA/B,CAAgC;AAErD,IAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAA,CAAC,CAAA,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAA,CAAC,CAAA,wBAAwB,CAAC;AAClF,IAAM,GAAG,GAAG,aAAa,CAAC,YAAY,CAAC,CAAC;AAExC,gBAAgB;AAChB,wBAAwB;AACxB,wBAAwB;AACxB,4BAA4B;AAC5B,MAAM;AAEN,kBAAe,4BAAO,CAAC,iBAAiB,CAAC"}
|
|
@@ -1,75 +0,0 @@
|
|
|
1
|
-
function SimpleProfileMapper(pu) {
|
|
2
|
-
if (!(this instanceof SimpleProfileMapper)) {
|
|
3
|
-
return new SimpleProfileMapper(pu);
|
|
4
|
-
}
|
|
5
|
-
this._pu = pu;
|
|
6
|
-
}
|
|
7
|
-
SimpleProfileMapper.fromMetadata = function (metadata) {
|
|
8
|
-
function CustomProfileMapper(user) {
|
|
9
|
-
if (!(this instanceof CustomProfileMapper)) {
|
|
10
|
-
return new CustomProfileMapper(user);
|
|
11
|
-
}
|
|
12
|
-
SimpleProfileMapper.call(this, user);
|
|
13
|
-
}
|
|
14
|
-
CustomProfileMapper.prototype = Object.create(SimpleProfileMapper.prototype);
|
|
15
|
-
CustomProfileMapper.prototype.metadata = metadata;
|
|
16
|
-
return CustomProfileMapper;
|
|
17
|
-
};
|
|
18
|
-
SimpleProfileMapper.prototype.getClaims = function () {
|
|
19
|
-
var self = this;
|
|
20
|
-
var claims = {};
|
|
21
|
-
this.metadata.forEach(function (entry) {
|
|
22
|
-
claims[entry.id] = entry.multiValue ?
|
|
23
|
-
self._pu[entry.id].split(',') :
|
|
24
|
-
self._pu[entry.id];
|
|
25
|
-
});
|
|
26
|
-
return Object.keys(claims).length && claims;
|
|
27
|
-
};
|
|
28
|
-
SimpleProfileMapper.prototype.getNameIdentifier = function () {
|
|
29
|
-
return {
|
|
30
|
-
nameIdentifier: this._pu.username,
|
|
31
|
-
nameIdentifierFormat: this._pu.nameIdFormat,
|
|
32
|
-
nameIdentifierNameQualifier: this._pu.nameIdNameQualifier,
|
|
33
|
-
nameIdentifierSPNameQualifier: this._pu.nameIdSPNameQualifier,
|
|
34
|
-
nameIdentifierSPProvidedID: this._pu.nameIdSPProvidedID
|
|
35
|
-
};
|
|
36
|
-
};
|
|
37
|
-
SimpleProfileMapper.prototype.metadata = [{
|
|
38
|
-
id: "firstName",
|
|
39
|
-
optional: false,
|
|
40
|
-
displayName: 'First Name',
|
|
41
|
-
description: 'The given name of the user',
|
|
42
|
-
multiValue: false
|
|
43
|
-
}, {
|
|
44
|
-
id: "lastName",
|
|
45
|
-
optional: false,
|
|
46
|
-
displayName: 'Last Name',
|
|
47
|
-
description: 'The surname of the user',
|
|
48
|
-
multiValue: false
|
|
49
|
-
}, {
|
|
50
|
-
id: "name",
|
|
51
|
-
optional: true,
|
|
52
|
-
displayName: 'Name',
|
|
53
|
-
description: 'The display name of the user',
|
|
54
|
-
multiValue: false
|
|
55
|
-
}, {
|
|
56
|
-
id: "email",
|
|
57
|
-
optional: false,
|
|
58
|
-
displayName: 'E-Mail Address',
|
|
59
|
-
description: 'The e-mail address of the user',
|
|
60
|
-
multiValue: false
|
|
61
|
-
}, {
|
|
62
|
-
id: "mobilePhone",
|
|
63
|
-
optional: true,
|
|
64
|
-
displayName: 'Mobile Phone',
|
|
65
|
-
description: 'The mobile phone of the user',
|
|
66
|
-
multiValue: false
|
|
67
|
-
}, {
|
|
68
|
-
id: "groups",
|
|
69
|
-
optional: true,
|
|
70
|
-
displayName: 'Groups',
|
|
71
|
-
description: 'Group memberships of the user',
|
|
72
|
-
multiValue: true
|
|
73
|
-
}];
|
|
74
|
-
module.exports = SimpleProfileMapper;
|
|
75
|
-
//# sourceMappingURL=simpleProfileMapper.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"simpleProfileMapper.js","sourceRoot":"","sources":["../../src/saml-idp/simpleProfileMapper.js"],"names":[],"mappings":"AAAA,SAAS,mBAAmB,CAAE,EAAE;IAC9B,IAAG,CAAC,CAAC,IAAI,YAAY,mBAAmB,CAAC,EAAE;QACzC,OAAO,IAAI,mBAAmB,CAAC,EAAE,CAAC,CAAC;KACpC;IACD,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,mBAAmB,CAAC,YAAY,GAAG,UAAU,QAAQ;IACnD,SAAS,mBAAmB,CAAC,IAAI;QAC/B,IAAG,CAAC,CAAC,IAAI,YAAY,mBAAmB,CAAC,EAAE;YACzC,OAAO,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC;SACtC;QACD,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,CAAC;IACD,mBAAmB,CAAC,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;IAC7E,mBAAmB,CAAC,SAAS,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAClD,OAAO,mBAAmB,CAAC;AAC7B,CAAC,CAAA;AAED,mBAAmB,CAAC,SAAS,CAAC,SAAS,GAAG;IACxC,IAAI,IAAI,GAAG,IAAI,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAS,KAAK;QAClC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC;YACnC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,IAAI,MAAM,CAAC;AAC9C,CAAC,CAAC;AAEF,mBAAmB,CAAC,SAAS,CAAC,iBAAiB,GAAG;IAChD,OAAO;QACL,cAAc,EAAmB,IAAI,CAAC,GAAG,CAAC,QAAQ;QAClD,oBAAoB,EAAa,IAAI,CAAC,GAAG,CAAC,YAAY;QACtD,2BAA2B,EAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB;QAC7D,6BAA6B,EAAI,IAAI,CAAC,GAAG,CAAC,qBAAqB;QAC/D,0BAA0B,EAAO,IAAI,CAAC,GAAG,CAAC,kBAAkB;KAC7D,CAAC;AACJ,CAAC,CAAC;AAGF,mBAAmB,CAAC,SAAS,CAAC,QAAQ,GAAG,CAAE;QACzC,EAAE,EAAE,WAAW;QACf,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,YAAY;QACzB,WAAW,EAAE,4BAA4B;QACzC,UAAU,EAAE,KAAK;KAClB,EAAE;QACD,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,WAAW;QACxB,WAAW,EAAE,yBAAyB;QACtC,UAAU,EAAE,KAAK;KAClB,EAAE;QACD,EAAE,EAAE,MAAM;QACV,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,MAAM;QACnB,WAAW,EAAE,8BAA8B;QAC3C,UAAU,EAAE,KAAK;KAClB,EAAE;QACD,EAAE,EAAE,OAAO;QACX,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,gBAAgB;QAC7B,WAAW,EAAE,gCAAgC;QAC7C,UAAU,EAAE,KAAK;KAClB,EAAC;QACA,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,cAAc;QAC3B,WAAW,EAAE,8BAA8B;QAC3C,UAAU,EAAE,KAAK;KAClB,EAAE;QACD,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,QAAQ;QACrB,WAAW,EAAE,+BAA+B;QAC5C,UAAU,EAAE,IAAI;KACjB,CAAC,CAAC;AAEH,MAAM,CAAC,OAAO,GAAG,mBAAmB,CAAC"}
|
package/src/oauth2/client.ts
DELETED
|
File without changes
|
package/src/oauth2/config.ts
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
import { AdminApi, Configuration } from '@oryd/hydra-client'
|
|
2
|
-
const baseOptions: any = {}
|
|
3
|
-
|
|
4
|
-
if (process.env.STEEDOS_MOCK_TLS_TERMINATION) {
|
|
5
|
-
baseOptions.headers = { 'X-Forwarded-Proto': 'https' }
|
|
6
|
-
}
|
|
7
|
-
|
|
8
|
-
const hydraAdmin = new AdminApi(
|
|
9
|
-
new Configuration({
|
|
10
|
-
basePath: process.env.STEEDOS_HYDRA_ADMIN_URL,
|
|
11
|
-
baseOptions
|
|
12
|
-
})
|
|
13
|
-
)
|
|
14
|
-
|
|
15
|
-
export { hydraAdmin }
|
package/src/oauth2/consent.ts
DELETED
|
@@ -1,208 +0,0 @@
|
|
|
1
|
-
import * as express from 'express'
|
|
2
|
-
import * as url from 'url'
|
|
3
|
-
import { hydraAdmin } from './config'
|
|
4
|
-
import { oidcConformityMaybeFakeSession } from './stub/oidc-cert'
|
|
5
|
-
import { ConsentRequestSession } from '@oryd/hydra-client'
|
|
6
|
-
const _ = require('lodash');
|
|
7
|
-
const csrf = require('csurf');
|
|
8
|
-
const urljoin = require('url-join');
|
|
9
|
-
const pug = require('pug');
|
|
10
|
-
const path = require('path');
|
|
11
|
-
// Sets up csrf protection
|
|
12
|
-
const csrfProtection = csrf({ cookie: true })
|
|
13
|
-
const router = express.Router()
|
|
14
|
-
declare const Meteor;
|
|
15
|
-
|
|
16
|
-
const getOAuthSession = (user, grantScope) => {
|
|
17
|
-
// The session allows us to set session data for id and access tokens
|
|
18
|
-
let session: ConsentRequestSession = {
|
|
19
|
-
// This data will be available when introspecting the token. Try to avoid sensitive information here,
|
|
20
|
-
// unless you limit who can introspect tokens.
|
|
21
|
-
access_token: {
|
|
22
|
-
// foo: 'bar'
|
|
23
|
-
},
|
|
24
|
-
|
|
25
|
-
// This data will be available in the ID token.
|
|
26
|
-
id_token: {
|
|
27
|
-
// baz: 'bar'
|
|
28
|
-
}
|
|
29
|
-
}
|
|
30
|
-
let _grantScope = grantScope
|
|
31
|
-
if (!_.isArray(_grantScope)) {
|
|
32
|
-
_grantScope = [_grantScope];
|
|
33
|
-
}
|
|
34
|
-
_.each(_grantScope, (scope) => {
|
|
35
|
-
if (scope === 'profile') {
|
|
36
|
-
(session.id_token as any).steedos_id = user.steedos_id;
|
|
37
|
-
(session.id_token as any).name = user.name;
|
|
38
|
-
(session.id_token as any).username = user.username;
|
|
39
|
-
(session.id_token as any).mobile = user.mobile;
|
|
40
|
-
(session.id_token as any).email = user.email;
|
|
41
|
-
// (session.id_token as any).job_number = user.job_number;
|
|
42
|
-
(session.id_token as any).locale = user.locale;
|
|
43
|
-
(session.id_token as any).space = user.spaces && user.spaces.length > 0 ? user.spaces[0] : null;
|
|
44
|
-
// (session.id_token as any).profile = user.profile;
|
|
45
|
-
(session.id_token as any).userId = user.userId;
|
|
46
|
-
(session.id_token as any).mobile_verified = user.mobile_verified;
|
|
47
|
-
(session.id_token as any).email_verified = user.email_verified;
|
|
48
|
-
(session.id_token as any).utcOffset = user.utcOffset;
|
|
49
|
-
}
|
|
50
|
-
})
|
|
51
|
-
|
|
52
|
-
return session;
|
|
53
|
-
}
|
|
54
|
-
|
|
55
|
-
router.get('/', csrfProtection, (req, res, next) => {
|
|
56
|
-
// Parses the URL query
|
|
57
|
-
const query = url.parse(req.url, true).query
|
|
58
|
-
|
|
59
|
-
// The challenge is used to fetch information about the consent request from ORY hydraAdmin.
|
|
60
|
-
const challenge = String(query.consent_challenge)
|
|
61
|
-
if (!challenge) {
|
|
62
|
-
next(new Error('Expected a consent challenge to be set but received none.'))
|
|
63
|
-
return
|
|
64
|
-
}
|
|
65
|
-
const user = (req as any).user
|
|
66
|
-
if (!user) {
|
|
67
|
-
return res.redirect("/accounts/a/#/login?redirect_uri=" + encodeURIComponent(Meteor.absoluteUrl(`/oauth2/consent?consent_challenge=${challenge}`)))
|
|
68
|
-
}
|
|
69
|
-
// This section processes consent requests and either shows the consent UI or
|
|
70
|
-
// accepts the consent request right away if the user has given consent to this
|
|
71
|
-
// app before
|
|
72
|
-
(hydraAdmin
|
|
73
|
-
.getConsentRequest(challenge) as any)
|
|
74
|
-
// This will be called if the HTTP request was successful
|
|
75
|
-
.then(({ data: body }) => {
|
|
76
|
-
// If a user has granted this application the requested scope, hydra will tell us to not show the UI.
|
|
77
|
-
if (body.skip) {
|
|
78
|
-
// You can apply logic here, for example grant another scope, or do whatever...
|
|
79
|
-
// ...
|
|
80
|
-
|
|
81
|
-
// Now it's time to grant the consent request. You could also deny the request if something went terribly wrong
|
|
82
|
-
return hydraAdmin
|
|
83
|
-
.acceptConsentRequest(challenge, {
|
|
84
|
-
// We can grant all scopes that have been requested - hydra already checked for us that no additional scopes
|
|
85
|
-
// are requested accidentally.
|
|
86
|
-
grant_scope: body.requested_scope,
|
|
87
|
-
|
|
88
|
-
// ORY Hydra checks if requested audiences are allowed by the client, so we can simply echo this.
|
|
89
|
-
grant_access_token_audience: body.requested_access_token_audience,
|
|
90
|
-
|
|
91
|
-
// The session allows us to set session data for id and access tokens
|
|
92
|
-
session: getOAuthSession(user, body.requested_scope)
|
|
93
|
-
})
|
|
94
|
-
.then(({ data: body }) => {
|
|
95
|
-
// All we need to do now is to redirect the user back to hydra!
|
|
96
|
-
res.redirect(String(body.redirect_to))
|
|
97
|
-
})
|
|
98
|
-
}
|
|
99
|
-
|
|
100
|
-
// If consent can't be skipped we MUST show the consent UI.
|
|
101
|
-
// return res.status(200).send({
|
|
102
|
-
// csrfToken: (req as any).csrfToken(),
|
|
103
|
-
// challenge: challenge,
|
|
104
|
-
// // We have a bunch of data available from the response, check out the API docs to find what these values mean
|
|
105
|
-
// // and what additional data you have available.
|
|
106
|
-
// requested_scope: body.requested_scope,
|
|
107
|
-
// user: body.subject,
|
|
108
|
-
// client: body.client,
|
|
109
|
-
// action: urljoin(process.env.BASE_URL || '', '/consent')
|
|
110
|
-
// })
|
|
111
|
-
var fn = pug.compileFile(path.join(__dirname, '..', '..', './views/oauth2/consent.pug'), {});
|
|
112
|
-
return res.status(200).send(fn({
|
|
113
|
-
csrfToken: (req as any).csrfToken(),
|
|
114
|
-
challenge: challenge,
|
|
115
|
-
// We have a bunch of data available from the response, check out the API docs to find what these values mean
|
|
116
|
-
// and what additional data you have available.
|
|
117
|
-
requested_scope: body.requested_scope,
|
|
118
|
-
user: body.subject,
|
|
119
|
-
userInfo: user,
|
|
120
|
-
client: body.client,
|
|
121
|
-
action: Meteor.absoluteUrl(`/oauth2/consent`)
|
|
122
|
-
}));
|
|
123
|
-
})
|
|
124
|
-
// This will handle any error that happens when making HTTP calls to hydra
|
|
125
|
-
.catch(next)
|
|
126
|
-
// The consent request has now either been accepted automatically or rendered.
|
|
127
|
-
})
|
|
128
|
-
|
|
129
|
-
router.post('/', csrfProtection, (req, res, next) => {
|
|
130
|
-
const user = (req as any).user
|
|
131
|
-
|
|
132
|
-
// The challenge is now a hidden input field, so let's take it from the request body instead
|
|
133
|
-
const challenge = req.body.challenge
|
|
134
|
-
if (!challenge) {
|
|
135
|
-
next(new Error('Expected a consent challenge to be set but received none.'))
|
|
136
|
-
return
|
|
137
|
-
}
|
|
138
|
-
if (!user) {
|
|
139
|
-
return res.redirect("/accounts/a/#/login?redirect_uri=" + encodeURIComponent(Meteor.absoluteUrl(`/oauth2/consent?consent_challenge=${challenge}`)))
|
|
140
|
-
}
|
|
141
|
-
|
|
142
|
-
// Let's see if the user decided to accept or reject the consent request..
|
|
143
|
-
if (req.body.submit === 'Deny access') {
|
|
144
|
-
// Looks like the consent request was denied by the user
|
|
145
|
-
return (
|
|
146
|
-
hydraAdmin
|
|
147
|
-
.rejectConsentRequest(challenge, {
|
|
148
|
-
error: 'access_denied',
|
|
149
|
-
error_description: 'The resource owner denied the request'
|
|
150
|
-
})
|
|
151
|
-
.then(({ data: body }) => {
|
|
152
|
-
// All we need to do now is to redirect the browser back to hydra!
|
|
153
|
-
res.redirect(String(body.redirect_to))
|
|
154
|
-
})
|
|
155
|
-
// This will handle any error that happens when making HTTP calls to hydra
|
|
156
|
-
.catch(next)
|
|
157
|
-
)
|
|
158
|
-
}
|
|
159
|
-
// label:consent-deny-end
|
|
160
|
-
|
|
161
|
-
let grantScope = req.body.grant_scope
|
|
162
|
-
if (!Array.isArray(grantScope)) {
|
|
163
|
-
grantScope = [grantScope]
|
|
164
|
-
}
|
|
165
|
-
|
|
166
|
-
// The session allows us to set session data for id and access tokens
|
|
167
|
-
let session: ConsentRequestSession = getOAuthSession(user, grantScope)
|
|
168
|
-
|
|
169
|
-
// Let's fetch the consent request again to be able to set `grantAccessTokenAudience` properly.
|
|
170
|
-
hydraAdmin
|
|
171
|
-
.getConsentRequest(challenge)
|
|
172
|
-
// This will be called if the HTTP request was successful
|
|
173
|
-
.then(({ data: body }) => {
|
|
174
|
-
return hydraAdmin
|
|
175
|
-
.acceptConsentRequest(challenge, {
|
|
176
|
-
// We can grant all scopes that have been requested - hydra already checked for us that no additional scopes
|
|
177
|
-
// are requested accidentally.
|
|
178
|
-
grant_scope: grantScope,
|
|
179
|
-
|
|
180
|
-
// If the environment variable CONFORMITY_FAKE_CLAIMS is set we are assuming that
|
|
181
|
-
// the app is built for the automated OpenID Connect Conformity Test Suite. You
|
|
182
|
-
// can peak inside the code for some ideas, but be aware that all data is fake
|
|
183
|
-
// and this only exists to fake a login system which works in accordance to OpenID Connect.
|
|
184
|
-
//
|
|
185
|
-
// If that variable is not set, the session will be used as-is.
|
|
186
|
-
session: oidcConformityMaybeFakeSession(grantScope, body, session),
|
|
187
|
-
|
|
188
|
-
// ORY Hydra checks if requested audiences are allowed by the client, so we can simply echo this.
|
|
189
|
-
grant_access_token_audience: body.requested_access_token_audience,
|
|
190
|
-
|
|
191
|
-
// This tells hydra to remember this consent request and allow the same client to request the same
|
|
192
|
-
// scopes from the same user, without showing the UI, in the future.
|
|
193
|
-
remember: Boolean(req.body.remember),
|
|
194
|
-
|
|
195
|
-
// When this "remember" sesion expires, in seconds. Set this to 0 so it will never expire.
|
|
196
|
-
remember_for: 3600
|
|
197
|
-
})
|
|
198
|
-
.then(({ data: body }) => {
|
|
199
|
-
// All we need to do now is to redirect the user back to hydra!
|
|
200
|
-
res.redirect(String(body.redirect_to))
|
|
201
|
-
})
|
|
202
|
-
})
|
|
203
|
-
// This will handle any error that happens when making HTTP calls to hydra
|
|
204
|
-
.catch(next)
|
|
205
|
-
// label:docs-accept-consent
|
|
206
|
-
})
|
|
207
|
-
|
|
208
|
-
export default router
|
package/src/oauth2/login.ts
DELETED
|
@@ -1,179 +0,0 @@
|
|
|
1
|
-
import * as express from 'express'
|
|
2
|
-
import * as url from 'url'
|
|
3
|
-
import { hydraAdmin } from './config'
|
|
4
|
-
import { oidcConformityMaybeFakeAcr } from './stub/oidc-cert'
|
|
5
|
-
const csrf = require('csurf');
|
|
6
|
-
const urljoin = require('url-join');
|
|
7
|
-
// Sets up csrf protection
|
|
8
|
-
const csrfProtection = csrf({ cookie: true })
|
|
9
|
-
const router = express.Router()
|
|
10
|
-
|
|
11
|
-
declare const Meteor;
|
|
12
|
-
|
|
13
|
-
router.get('/', csrfProtection, (req, res, next) => {
|
|
14
|
-
// Parses the URL query
|
|
15
|
-
const query = url.parse(req.url, true).query
|
|
16
|
-
|
|
17
|
-
// The challenge is used to fetch information about the login request from ORY Hydra.
|
|
18
|
-
const challenge = String(query.login_challenge)
|
|
19
|
-
if (!challenge) {
|
|
20
|
-
next(new Error('Expected a login challenge to be set but received none.'))
|
|
21
|
-
return
|
|
22
|
-
}
|
|
23
|
-
(hydraAdmin.getLoginRequest(challenge) as any)
|
|
24
|
-
.then(({ data: body }) => {
|
|
25
|
-
// If hydra was already able to authenticate the user, skip will be true and we do not need to re-authenticate
|
|
26
|
-
// the user.
|
|
27
|
-
if (body.skip) {
|
|
28
|
-
// You can apply logic here, for example update the number of times the user logged in.
|
|
29
|
-
// ...
|
|
30
|
-
|
|
31
|
-
// Now it's time to grant the login request. You could also deny the request if something went terribly wrong
|
|
32
|
-
// (e.g. your arch-enemy logging in...)
|
|
33
|
-
return hydraAdmin
|
|
34
|
-
.acceptLoginRequest(challenge, {
|
|
35
|
-
// All we need to do is to confirm that we indeed want to log in the user.
|
|
36
|
-
subject: String(body.subject)
|
|
37
|
-
})
|
|
38
|
-
.then(({ data: body }) => {
|
|
39
|
-
// All we need to do now is to redirect the user back to hydra!
|
|
40
|
-
res.redirect(String(body.redirect_to))
|
|
41
|
-
})
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
// If authentication can't be skipped we MUST show the login UI.
|
|
45
|
-
// return res.json({
|
|
46
|
-
// csrfToken: (req as any).csrfToken(),
|
|
47
|
-
// challenge: challenge,
|
|
48
|
-
// action: urljoin(process.env.BASE_URL || '', '/login'),
|
|
49
|
-
// hint: body.oidc_context?.login_hint || ''
|
|
50
|
-
// })
|
|
51
|
-
const user = (req as any).user
|
|
52
|
-
if (user) {
|
|
53
|
-
hydraAdmin
|
|
54
|
-
.acceptLoginRequest(challenge, {
|
|
55
|
-
// Subject is an alias for user ID. A subject can be a random string, a UUID, an email address, ....
|
|
56
|
-
subject: user.userId,
|
|
57
|
-
|
|
58
|
-
// This tells hydra to remember the browser and automatically authenticate the user in future requests. This will
|
|
59
|
-
// set the "skip" parameter in the other route to true on subsequent requests!
|
|
60
|
-
remember: Boolean(req.body.remember),
|
|
61
|
-
|
|
62
|
-
// When the session expires, in seconds. Set this to 0 so it will never expire.
|
|
63
|
-
remember_for: 3600,
|
|
64
|
-
|
|
65
|
-
// Sets which "level" (e.g. 2-factor authentication) of authentication the user has. The value is really arbitrary
|
|
66
|
-
// and optional. In the context of OpenID Connect, a value of 0 indicates the lowest authorization level.
|
|
67
|
-
// acr: '0',
|
|
68
|
-
//
|
|
69
|
-
// If the environment variable CONFORMITY_FAKE_CLAIMS is set we are assuming that
|
|
70
|
-
// the app is built for the automated OpenID Connect Conformity Test Suite. You
|
|
71
|
-
// can peak inside the code for some ideas, but be aware that all data is fake
|
|
72
|
-
// and this only exists to fake a login system which works in accordance to OpenID Connect.
|
|
73
|
-
//
|
|
74
|
-
// If that variable is not set, the ACR value will be set to the default passed here ('0')
|
|
75
|
-
acr: oidcConformityMaybeFakeAcr(body, '0')
|
|
76
|
-
})
|
|
77
|
-
.then(({ data: body }) => {
|
|
78
|
-
// All we need to do now is to redirect the user back to hydra!
|
|
79
|
-
res.redirect(String(body.redirect_to))
|
|
80
|
-
}).catch((error) => {
|
|
81
|
-
console.log(`oauth2 login acceptLoginRequest error`, error.message);
|
|
82
|
-
next()
|
|
83
|
-
})
|
|
84
|
-
} else {
|
|
85
|
-
res.redirect("/accounts/a/#/login?redirect_uri=" + encodeURIComponent(Meteor.absoluteUrl(`/oauth2/login?login_challenge=${challenge}`)))
|
|
86
|
-
}
|
|
87
|
-
})
|
|
88
|
-
// This will handle any error that happens when making HTTP calls to hydra
|
|
89
|
-
.catch((error) => {
|
|
90
|
-
console.log(`oauth2 login error`, error.message);
|
|
91
|
-
next()
|
|
92
|
-
})
|
|
93
|
-
})
|
|
94
|
-
|
|
95
|
-
// router.post('/', csrfProtection, (req, res, next) => {
|
|
96
|
-
// // The challenge is now a hidden input field, so let's take it from the request body instead
|
|
97
|
-
// const challenge = req.body.challenge
|
|
98
|
-
|
|
99
|
-
// // Let's see if the user decided to accept or reject the consent request..
|
|
100
|
-
// if (req.body.submit === 'Deny access') {
|
|
101
|
-
// // Looks like the consent request was denied by the user
|
|
102
|
-
// return (
|
|
103
|
-
// hydraAdmin
|
|
104
|
-
// .rejectLoginRequest(challenge, {
|
|
105
|
-
// error: 'access_denied',
|
|
106
|
-
// error_description: 'The resource owner denied the request'
|
|
107
|
-
// })
|
|
108
|
-
// .then(({ data: body }) => {
|
|
109
|
-
// // All we need to do now is to redirect the browser back to hydra!
|
|
110
|
-
// res.redirect(String(body.redirect_to))
|
|
111
|
-
// })
|
|
112
|
-
// // This will handle any error that happens when making HTTP calls to hydra
|
|
113
|
-
// .catch(next)
|
|
114
|
-
// )
|
|
115
|
-
// }
|
|
116
|
-
|
|
117
|
-
// // Let's check if the user provided valid credentials. Of course, you'd use a database or some third-party service
|
|
118
|
-
// // for this!
|
|
119
|
-
// if (!(req.body.email === 'foo@bar.com' && req.body.password === 'foobar')) {
|
|
120
|
-
// // Looks like the user provided invalid credentials, let's show the ui again...
|
|
121
|
-
|
|
122
|
-
// return res.json({
|
|
123
|
-
// csrfToken: (req as any).csrfToken(),
|
|
124
|
-
// challenge: challenge,
|
|
125
|
-
// error: 'The username / password combination is not correct'
|
|
126
|
-
// });
|
|
127
|
-
// }
|
|
128
|
-
|
|
129
|
-
// // Seems like the user authenticated! Let's tell hydra...
|
|
130
|
-
|
|
131
|
-
// hydraAdmin
|
|
132
|
-
// .getLoginRequest(challenge)
|
|
133
|
-
// .then(({ data: loginRequest }) =>
|
|
134
|
-
// hydraAdmin
|
|
135
|
-
// .acceptLoginRequest(challenge, {
|
|
136
|
-
// // Subject is an alias for user ID. A subject can be a random string, a UUID, an email address, ....
|
|
137
|
-
// subject: 'foo@bar.com',
|
|
138
|
-
|
|
139
|
-
// // This tells hydra to remember the browser and automatically authenticate the user in future requests. This will
|
|
140
|
-
// // set the "skip" parameter in the other route to true on subsequent requests!
|
|
141
|
-
// remember: Boolean(req.body.remember),
|
|
142
|
-
|
|
143
|
-
// // When the session expires, in seconds. Set this to 0 so it will never expire.
|
|
144
|
-
// remember_for: 3600,
|
|
145
|
-
|
|
146
|
-
// // Sets which "level" (e.g. 2-factor authentication) of authentication the user has. The value is really arbitrary
|
|
147
|
-
// // and optional. In the context of OpenID Connect, a value of 0 indicates the lowest authorization level.
|
|
148
|
-
// // acr: '0',
|
|
149
|
-
// //
|
|
150
|
-
// // If the environment variable CONFORMITY_FAKE_CLAIMS is set we are assuming that
|
|
151
|
-
// // the app is built for the automated OpenID Connect Conformity Test Suite. You
|
|
152
|
-
// // can peak inside the code for some ideas, but be aware that all data is fake
|
|
153
|
-
// // and this only exists to fake a login system which works in accordance to OpenID Connect.
|
|
154
|
-
// //
|
|
155
|
-
// // If that variable is not set, the ACR value will be set to the default passed here ('0')
|
|
156
|
-
// acr: oidcConformityMaybeFakeAcr(loginRequest, '0')
|
|
157
|
-
// })
|
|
158
|
-
// .then(({ data: body }) => {
|
|
159
|
-
// // All we need to do now is to redirect the user back to hydra!
|
|
160
|
-
// res.redirect(String(body.redirect_to))
|
|
161
|
-
// })
|
|
162
|
-
// )
|
|
163
|
-
// // This will handle any error that happens when making HTTP calls to hydra
|
|
164
|
-
// .catch(next)
|
|
165
|
-
|
|
166
|
-
// // You could also deny the login request which tells hydra that no one authenticated!
|
|
167
|
-
// // hydra.rejectLoginRequest(challenge, {
|
|
168
|
-
// // error: 'invalid_request',
|
|
169
|
-
// // errorDescription: 'The user did something stupid...'
|
|
170
|
-
// // })
|
|
171
|
-
// // .then(({body}) => {
|
|
172
|
-
// // // All we need to do now is to redirect the browser back to hydra!
|
|
173
|
-
// // res.redirect(String(body.redirectTo));
|
|
174
|
-
// // })
|
|
175
|
-
// // // This will handle any error that happens when making HTTP calls to hydra
|
|
176
|
-
// // .catch(next);
|
|
177
|
-
// })
|
|
178
|
-
|
|
179
|
-
export default router
|
package/src/oauth2/logout.ts
DELETED
|
@@ -1,66 +0,0 @@
|
|
|
1
|
-
import * as express from 'express'
|
|
2
|
-
import * as url from 'url'
|
|
3
|
-
import { hydraAdmin } from './config'
|
|
4
|
-
const csrf = require('csurf');
|
|
5
|
-
const urljoin = require('url-join');
|
|
6
|
-
// Sets up csrf protection
|
|
7
|
-
const csrfProtection = csrf({ cookie: true })
|
|
8
|
-
const router = express.Router()
|
|
9
|
-
|
|
10
|
-
router.get('/', csrfProtection, (req, res, next) => {
|
|
11
|
-
// Parses the URL query
|
|
12
|
-
const query = url.parse(req.url, true).query
|
|
13
|
-
|
|
14
|
-
// The challenge is used to fetch information about the logout request from ORY Hydra.
|
|
15
|
-
const challenge = String(query.logout_challenge)
|
|
16
|
-
if (!challenge) {
|
|
17
|
-
next(new Error('Expected a logout challenge to be set but received none.'))
|
|
18
|
-
return
|
|
19
|
-
}
|
|
20
|
-
|
|
21
|
-
hydraAdmin
|
|
22
|
-
.getLogoutRequest(challenge)
|
|
23
|
-
// This will be called if the HTTP request was successful
|
|
24
|
-
.then(() => {
|
|
25
|
-
// Here we have access to e.g. response.subject, response.sid, ...
|
|
26
|
-
|
|
27
|
-
// The most secure way to perform a logout request is by asking the user if he/she really want to log out.
|
|
28
|
-
return res.status(200).send({
|
|
29
|
-
csrfToken: (req as any).csrfToken(),
|
|
30
|
-
challenge: challenge,
|
|
31
|
-
action: urljoin(process.env.BASE_URL || '', '/logout')
|
|
32
|
-
})
|
|
33
|
-
})
|
|
34
|
-
// This will handle any error that happens when making HTTP calls to hydra
|
|
35
|
-
.catch(next)
|
|
36
|
-
})
|
|
37
|
-
|
|
38
|
-
router.post('/', csrfProtection, (req, res, next) => {
|
|
39
|
-
// The challenge is now a hidden input field, so let's take it from the request body instead
|
|
40
|
-
const challenge = req.body.challenge
|
|
41
|
-
|
|
42
|
-
if (req.body.submit === 'No') {
|
|
43
|
-
return (
|
|
44
|
-
hydraAdmin
|
|
45
|
-
.rejectLogoutRequest(challenge)
|
|
46
|
-
.then(() => {
|
|
47
|
-
// The user did not want to log out. Let's redirect him back somewhere or do something else.
|
|
48
|
-
res.redirect('https://www.ory.sh/')
|
|
49
|
-
})
|
|
50
|
-
// This will handle any error that happens when making HTTP calls to hydra
|
|
51
|
-
.catch(next)
|
|
52
|
-
)
|
|
53
|
-
}
|
|
54
|
-
|
|
55
|
-
// The user agreed to log out, let's accept the logout request.
|
|
56
|
-
hydraAdmin
|
|
57
|
-
.acceptLogoutRequest(challenge)
|
|
58
|
-
.then(({ data: body }) => {
|
|
59
|
-
// All we need to do now is to redirect the user back to hydra!
|
|
60
|
-
res.redirect(String(body.redirect_to))
|
|
61
|
-
})
|
|
62
|
-
// This will handle any error that happens when making HTTP calls to hydra
|
|
63
|
-
.catch(next)
|
|
64
|
-
})
|
|
65
|
-
|
|
66
|
-
export default router
|