@thoughtspot/visual-embed-sdk 1.10.0 → 1.10.1

package/src/auth.spec.ts

@@ -9,12 +9,12 @@ const password = '12345678';
 const samalLoginUrl = `${thoughtSpotHost}/callosum/v1/saml/login?targetURLPath=%235e16222e-ef02-43e9-9fbd-24226bf3ce5b`;
 
 const embedConfig: any = {
-    doTokenAuthSuccess: {
+    doTokenAuthSuccess: (token: string) => ({
         thoughtSpotHost,
         username,
         authEndpoint: 'auth',
-        getAuthToken: jest.fn(() => Promise.resolve('authToken')),
-    },
+        getAuthToken: jest.fn(() => Promise.resolve(token)),
+    }),
     doTokenAuthFailureWithoutAuthEndPoint: {
         thoughtSpotHost,
         username,
@@ -35,9 +35,15 @@ const embedConfig: any = {
     doSamlAuth: {
         thoughtSpotHost,
     },
+    doOidcAuth: {
+        thoughtSpotHost,
+    },
     SSOAuth: {
         authType: AuthType.SSO,
     },
+    OIDCAuth: {
+        authType: AuthType.OIDC,
+    },
     authServerFailure: {
         thoughtSpotHost,
         username,
@@ -107,12 +113,14 @@ describe('Unit test for auth', () => {
                 status: 200,
             }),
         );
-        await authInstance.doTokenAuth(embedConfig.doTokenAuthSuccess);
+        await authInstance.doTokenAuth(
+            embedConfig.doTokenAuthSuccess('authToken'),
+        );
         expect(authService.fetchSessionInfoService).toBeCalled();
         expect(authInstance.loggedInStatus).toBe(true);
     });
 
-    test('doTokenAuth: when user is not loggedIn & getAuthToken have response, isLoggedIn should called', async () => {
+    test('doTokenAuth: when user is not loggedIn & getAuthToken have response', async () => {
         jest.spyOn(authService, 'fetchSessionInfoService').mockImplementation(
             () => false,
         );
@@ -120,13 +128,19 @@ describe('Unit test for auth', () => {
             authService,
             'fetchAuthTokenService',
         ).mockImplementation(() => ({ text: () => Promise.resolve('abc') }));
-        jest.spyOn(authService, 'fetchAuthService');
-        await authInstance.doTokenAuth(embedConfig.doTokenAuthSuccess);
+        jest.spyOn(authService, 'fetchAuthService').mockImplementation(() =>
+            Promise.resolve({
+                status: 200,
+            }),
+        );
+        await authInstance.doTokenAuth(
+            embedConfig.doTokenAuthSuccess('authToken2'),
+        );
         expect(authService.fetchSessionInfoService).toBeCalled();
         expect(authService.fetchAuthService).toBeCalledWith(
             thoughtSpotHost,
             username,
-            'authToken',
+            'authToken2',
         );
     });
 
@@ -140,7 +154,12 @@ describe('Unit test for auth', () => {
         ).mockImplementation(() =>
             Promise.resolve({ text: () => Promise.resolve('abc') }),
         );
-        jest.spyOn(authService, 'fetchAuthService');
+        jest.spyOn(authService, 'fetchAuthService').mockImplementation(() =>
+            Promise.resolve({
+                status: 200,
+                ok: true,
+            }),
+        );
         await authInstance.doTokenAuth(
             embedConfig.doTokenAuthFailureWithoutGetAuthToken,
         );
@@ -155,6 +174,38 @@ describe('Unit test for auth', () => {
         });
     });
 
+    test('doTokenAuth: Should raise error when duplicate token is used', async () => {
+        jest.spyOn(authService, 'fetchSessionInfoService').mockResolvedValue({
+            status: 401,
+        });
+        jest.spyOn(window, 'alert').mockClear();
+        jest.spyOn(window, 'alert').mockReturnValue(undefined);
+        jest.spyOn(authService, 'fetchAuthService').mockReset();
+        jest.spyOn(authService, 'fetchAuthService').mockImplementation(() =>
+            Promise.resolve({
+                status: 200,
+                ok: true,
+            }),
+        );
+        await authInstance.doTokenAuth(
+            embedConfig.doTokenAuthSuccess('authToken3'),
+        );
+
+        try {
+            await authInstance.doTokenAuth(
+                embedConfig.doTokenAuthSuccess('authToken3'),
+            );
+            expect(false).toBe(true);
+        } catch (e) {
+            expect(e.message).toContain('Duplicate token');
+        }
+        await executeAfterWait(() => {
+            expect(authInstance.loggedInStatus).toBe(false);
+            expect(window.alert).toBeCalled();
+            expect(authService.fetchAuthService).toHaveBeenCalledTimes(1);
+        });
+    });
+
     describe('doBasicAuth', () => {
         beforeEach(() => {
             global.fetch = window.fetch;
@@ -181,7 +232,7 @@ describe('Unit test for auth', () => {
             jest.spyOn(
                 authService,
                 'fetchBasicAuthService',
-            ).mockImplementation(() => ({ status: 200 }));
+            ).mockImplementation(() => ({ status: 200, ok: true }));
 
             await authInstance.doBasicAuth(embedConfig.doBasicAuth);
             expect(authService.fetchSessionInfoService).toBeCalled();
@@ -253,6 +304,7 @@ describe('Unit test for auth', () => {
                 },
             });
             spyOn(authInstance, 'samlCompletionPromise');
+            global.window.open = jest.fn();
             jest.spyOn(
                 authService,
                 'fetchSessionInfoService',
@@ -263,8 +315,28 @@ describe('Unit test for auth', () => {
                     ...embedConfig.doSamlAuth,
                     noRedirect: true,
                 }),
-            ).toBe(undefined);
+            ).toBe(true);
+            expect(authService.fetchSessionInfoService).toBeCalled();
+        });
+    });
+
+    describe('doOIDCAuth', () => {
+        afterEach(() => {
+            delete global.window;
+            global.window = Object.create(originalWindow);
+            global.window.open = jest.fn();
+            global.fetch = window.fetch;
+        });
+
+        it('when user is not loggedIn & isAtSSORedirectUrl is true', async () => {
+            jest.spyOn(
+                authService,
+                'fetchSessionInfoService',
+            ).mockImplementation(() => Promise.reject());
+            await authInstance.doOIDCAuth(embedConfig.doOidcAuth);
             expect(authService.fetchSessionInfoService).toBeCalled();
+            expect(window.location.hash).toBe('');
+            expect(authInstance.loggedInStatus).toBe(false);
         });
     });
 
@@ -275,6 +347,13 @@ describe('Unit test for auth', () => {
         expect(authInstance.doSamlAuth).toBeCalled();
     });
 
+    it('authenticate: when authType is OIDC', async () => {
+        jest.spyOn(authInstance, 'doOIDCAuth');
+        await authInstance.authenticate(embedConfig.OIDCAuth);
+        expect(window.location.hash).toBe('');
+        expect(authInstance.doOIDCAuth).toBeCalled();
+    });
+
     it('authenticate: when authType is AuthServer', async () => {
         spyOn(authInstance, 'doTokenAuth');
         await authInstance.authenticate(embedConfig.authServerFailure);

package/src/auth.ts

@@ -7,6 +7,7 @@ import {
     fetchAuthTokenService,
     fetchAuthService,
     fetchBasicAuthService,
+    fetchLogoutService,
 } from './utils/authService';
 
 // eslint-disable-next-line import/no-mutable-exports
@@ -29,8 +30,22 @@ export const EndPoints = {
         `/callosum/v1/oidc/login?targetURLPath=${targetUrl}`,
     TOKEN_LOGIN: '/callosum/v1/session/login/token',
     BASIC_LOGIN: '/callosum/v1/session/login',
+    LOGOUT: '/callosum/v1/session/logout',
 };
 
+export enum AuthFailureType {
+    SDK = 'SDK',
+    NO_COOKIE_ACCESS = 'NO_COOKIE_ACCESS',
+    EXPIRY = 'EXPIRY',
+    OTHER = 'OTHER',
+}
+
+export enum AuthStatus {
+    FAILURE = 'FAILURE',
+    SUCCESS = 'SUCCESS',
+    LOGOUT = 'LOGOUT',
+}
+
 /**
  * Check if we are logged into the ThoughtSpot cluster
  * @param thoughtSpotHost The ThoughtSpot cluster hostname or IP
@@ -58,6 +73,19 @@ export function initSession(sessionDetails: any) {
     initMixpanel(sessionInfo);
 }
 
+const DUPLICATE_TOKEN_ERR =
+    'Duplicate token, please issue a new token every time getAuthToken callback is called.' +
+    'See https://developers.thoughtspot.com/docs/?pageid=embed-auth#trusted-auth-embed for more details.';
+let prevAuthToken: string = null;
+function alertForDuplicateToken(authtoken: string) {
+    if (prevAuthToken === authtoken) {
+        // eslint-disable-next-line no-alert
+        alert(DUPLICATE_TOKEN_ERR);
+        throw new Error(DUPLICATE_TOKEN_ERR);
+    }
+    prevAuthToken = authtoken;
+}
+
 /**
  * Check if we are stuck at the SSO redirect URL
  */
@@ -83,7 +111,9 @@ function removeSSORedirectUrlMarker(): void {
  * Perform token based authentication
  * @param embedConfig The embed configuration
  */
-export const doTokenAuth = async (embedConfig: EmbedConfig): Promise<void> => {
+export const doTokenAuth = async (
+    embedConfig: EmbedConfig,
+): Promise<boolean> => {
     const {
         thoughtSpotHost,
         username,
@@ -95,20 +125,25 @@ export const doTokenAuth = async (embedConfig: EmbedConfig): Promise<void> => {
             'Either auth endpoint or getAuthToken function must be provided',
         );
     }
-    const loggedIn = await isLoggedIn(thoughtSpotHost);
-    if (!loggedIn) {
+    loggedInStatus = await isLoggedIn(thoughtSpotHost);
+    if (!loggedInStatus) {
         let authToken = null;
         if (getAuthToken) {
             authToken = await getAuthToken();
+            alertForDuplicateToken(authToken);
         } else {
             const response = await fetchAuthTokenService(authEndpoint);
             authToken = await response.text();
         }
-        await fetchAuthService(thoughtSpotHost, username, authToken);
-        loggedInStatus = false;
+        const resp = await fetchAuthService(
+            thoughtSpotHost,
+            username,
+            authToken,
+        );
+        // token login issues a 302 when successful
+        loggedInStatus = resp.ok || resp.type === 'opaqueredirect';
     }
-
-    loggedInStatus = true;
+    return loggedInStatus;
 };
 
 /**
@@ -119,7 +154,9 @@ export const doTokenAuth = async (embedConfig: EmbedConfig): Promise<void> => {
  * strongly advised not to use this authentication method in production.
  * @param embedConfig The embed configuration
  */
-export const doBasicAuth = async (embedConfig: EmbedConfig): Promise<void> => {
+export const doBasicAuth = async (
+    embedConfig: EmbedConfig,
+): Promise<boolean> => {
     const { thoughtSpotHost, username, password } = embedConfig;
     const loggedIn = await isLoggedIn(thoughtSpotHost);
     if (!loggedIn) {
@@ -128,10 +165,11 @@ export const doBasicAuth = async (embedConfig: EmbedConfig): Promise<void> => {
             username,
             password,
         );
-        loggedInStatus = response.status === 200;
+        loggedInStatus = response.ok;
+    } else {
+        loggedInStatus = true;
     }
-
-    loggedInStatus = true;
+    return loggedInStatus;
 };
 
 async function samlPopupFlow(ssoURL: string) {
@@ -198,6 +236,7 @@ const doSSOAuth = async (
     const ssoURL = `${thoughtSpotHost}${ssoEndPoint}`;
     if (embedConfig.noRedirect) {
         await samlPopupFlow(ssoURL);
+        loggedInStatus = true;
         return;
     }
 
@@ -218,6 +257,7 @@ export const doSamlAuth = async (embedConfig: EmbedConfig) => {
     )}`;
 
     await doSSOAuth(embedConfig, ssoEndPoint);
+    return loggedInStatus;
 };
 
 export const doOIDCAuth = async (embedConfig: EmbedConfig) => {
@@ -234,13 +274,23 @@ export const doOIDCAuth = async (embedConfig: EmbedConfig) => {
     )}`;
 
     await doSSOAuth(embedConfig, ssoEndPoint);
+    return loggedInStatus;
+};
+
+export const logout = async (embedConfig: EmbedConfig): Promise<boolean> => {
+    const { thoughtSpotHost } = embedConfig;
+    const response = await fetchLogoutService(thoughtSpotHost);
+    loggedInStatus = false;
+    return loggedInStatus;
 };
 
 /**
  * Perform authentication on the ThoughtSpot cluster
  * @param embedConfig The embed configuration
  */
-export const authenticate = async (embedConfig: EmbedConfig): Promise<void> => {
+export const authenticate = async (
+    embedConfig: EmbedConfig,
+): Promise<boolean> => {
     const { authType } = embedConfig;
     switch (authType) {
         case AuthType.SSO:
@@ -252,7 +302,7 @@ export const authenticate = async (embedConfig: EmbedConfig): Promise<void> => {
         case AuthType.Basic:
             return doBasicAuth(embedConfig);
         default:
-            return Promise.resolve();
+            return Promise.resolve(true);
     }
 };
 

package/src/embed/base.spec.ts

@@ -1,4 +1,7 @@
+import EventEmitter from 'eventemitter3';
+import * as auth from '../auth';
 import * as index from '../index';
+import * as base from './base';
 import {
     executeAfterWait,
     getAllIframeEl,
@@ -9,10 +12,11 @@ import {
 } from '../test/test-utils';
 
 const thoughtSpotHost = 'tshost';
+let authEE: EventEmitter;
 
 describe('Base TS Embed', () => {
     beforeAll(() => {
-        index.init({
+        authEE = index.init({
             thoughtSpotHost,
             authType: index.AuthType.None,
         });
@@ -38,10 +42,12 @@ describe('Base TS Embed', () => {
             },
             '*',
         );
-
-        jest.spyOn(window, 'alert').mockImplementation(() => {
+        jest.spyOn(window, 'alert').mockReset();
+        jest.spyOn(window, 'alert').mockImplementation(() => undefined);
+        authEE.on(auth.AuthStatus.FAILURE, (reason) => {
+            expect(reason).toEqual(auth.AuthFailureType.NO_COOKIE_ACCESS);
             expect(window.alert).toBeCalledWith(
-                'Third party cookie access is blocked on this browser, please allow third party cookies for ThoughtSpot to work properly',
+                'Third party cookie access is blocked on this browser, please allow third party cookies for this to work properly. \nYou can use `suppressNoCookieAccessAlert` to suppress this message.',
             );
             done();
         });
@@ -92,4 +98,50 @@ describe('Base TS Embed', () => {
             expect(getIFrameSrc()).toContain('disableLoginRedirect=true');
         });
     });
+
+    test('handleAuth notifies for SDK auth failure', (done) => {
+        jest.spyOn(auth, 'authenticate').mockResolvedValue(false);
+        const authEmitter = index.init({
+            thoughtSpotHost,
+            authType: index.AuthType.Basic,
+            username: 'test',
+            password: 'test',
+        });
+        authEmitter.on(auth.AuthStatus.FAILURE, (reason) => {
+            expect(reason).toBe(auth.AuthFailureType.SDK);
+            done();
+        });
+    });
+
+    test('Logout method should disable autoLogin', () => {
+        jest.spyOn(window, 'fetch').mockResolvedValue({
+            type: 'opaque',
+        });
+        index.init({
+            thoughtSpotHost,
+            authType: index.AuthType.None,
+            autoLogin: true,
+        });
+        index.logout();
+        expect(window.fetch).toHaveBeenCalledWith(
+            `http://${thoughtSpotHost}${auth.EndPoints.LOGOUT}`,
+            {
+                credentials: 'include',
+                mode: 'no-cors',
+                method: 'POST',
+            },
+        );
+        expect(base.getEmbedConfig().autoLogin).toBe(false);
+    });
+});
+
+describe('Base without init', () => {
+    test('notify should error when called without init', () => {
+        base.reset();
+        jest.spyOn(global.console, 'error').mockImplementation(() => undefined);
+        base.notifyAuthSuccess();
+        base.notifyAuthFailure(auth.AuthFailureType.SDK);
+        base.notifyLogout();
+        expect(global.console.error).toHaveBeenCalledTimes(3);
+    });
 });

package/src/embed/base.ts

@@ -7,31 +7,72 @@
  * @summary Base classes
  * @author Ayon Ghosh <ayon.ghosh@thoughtspot.com>
  */
+import EventEmitter from 'eventemitter3';
 import { getThoughtSpotHost } from '../config';
-import { EmbedConfig } from '../types';
-import { authenticate } from '../auth';
+import { AuthType, EmbedConfig } from '../types';
+import {
+    authenticate,
+    logout as _logout,
+    AuthFailureType,
+    AuthStatus,
+} from '../auth';
 import { uploadMixpanelEvent, MIXPANEL_EVENT } from '../mixpanel-service';
 
 let config = {} as EmbedConfig;
+const CONFIG_DEFAULTS: Partial<EmbedConfig> = {
+    loginFailedMessage: 'Not logged in',
+    authType: AuthType.None,
+};
+
+export let authPromise: Promise<boolean>;
+
+export const getEmbedConfig = (): EmbedConfig => config;
+
+export const getAuthPromise = (): Promise<boolean> => authPromise;
 
-export let authPromise: Promise<void>;
+let authEE: EventEmitter;
 
+export function notifyAuthSuccess(): void {
+    if (!authEE) {
+        console.error('SDK not initialized');
+        return;
+    }
+    authEE.emit(AuthStatus.SUCCESS);
+}
+
+export function notifyAuthFailure(failureType: AuthFailureType): void {
+    if (!authEE) {
+        console.error('SDK not initialized');
+        return;
+    }
+    authEE.emit(AuthStatus.FAILURE, failureType);
+}
+
+export function notifyLogout(): void {
+    if (!authEE) {
+        console.error('SDK not initialized');
+        return;
+    }
+    authEE.emit(AuthStatus.LOGOUT);
+}
 /**
  * Perform authentication on the ThoughtSpot app as applicable.
  */
-export const handleAuth = (): Promise<void> => {
-    const authConfig = {
-        ...config,
-        thoughtSpotHost: getThoughtSpotHost(config),
-    };
-    authPromise = authenticate(authConfig);
+export const handleAuth = (): Promise<boolean> => {
+    authPromise = authenticate(config);
+    authPromise.then(
+        (isLoggedIn) => {
+            if (!isLoggedIn) {
+                notifyAuthFailure(AuthFailureType.SDK);
+            }
+        },
+        () => {
+            notifyAuthFailure(AuthFailureType.SDK);
+        },
+    );
     return authPromise;
 };
 
-export const getEmbedConfig = (): EmbedConfig => config;
-
-export const getAuthPromise = (): Promise<void> => authPromise;
-
 /**
  * Prefetches static resources from the specified URL. Web browsers can then cache the prefetched resources and serve them from the user's local disk to provide faster access to your app.
  * @param url The URL provided for prefetch
@@ -59,8 +100,13 @@ export const prefetch = (url?: string): void => {
  *
  * @returns authPromise Promise which resolves when authentication is complete.
  */
-export const init = (embedConfig: EmbedConfig): Promise<void> => {
-    config = embedConfig;
+export const init = (embedConfig: EmbedConfig): EventEmitter => {
+    config = {
+        ...CONFIG_DEFAULTS,
+        ...embedConfig,
+        thoughtSpotHost: getThoughtSpotHost(embedConfig),
+    };
+    authEE = new EventEmitter();
     handleAuth();
 
     uploadMixpanelEvent(MIXPANEL_EVENT.VISUAL_SDK_CALLED_INIT, {
@@ -71,7 +117,21 @@ export const init = (embedConfig: EmbedConfig): Promise<void> => {
     if (config.callPrefetch) {
         prefetch(config.thoughtSpotHost);
     }
-    return authPromise;
+    return authEE;
+};
+
+export function disableAutoLogin(): void {
+    config.autoLogin = false;
+}
+
+export const logout = (doNotDisableAutoLogin = false): Promise<boolean> => {
+    if (!doNotDisableAutoLogin) {
+        disableAutoLogin();
+    }
+    return _logout(config).then((isLoggedIn) => {
+        notifyLogout();
+        return isLoggedIn;
+    });
 };
 
 let renderQueue: Promise<any> = Promise.resolve();
@@ -89,3 +149,10 @@ export const renderInQueue = (fn: (next?: (val?: any) => void) => void) => {
         fn(() => {}); // eslint-disable-line @typescript-eslint/no-empty-function
     }
 };
+
+// For testing purposes only
+export function reset(): void {
+    config = {} as any;
+    authEE = null;
+    authPromise = null;
+}

package/src/embed/embed.spec.ts

@@ -71,7 +71,7 @@ describe('Custom CSS Url', () => {
         document.body.innerHTML = getDocumentBody();
     });
 
-    test.only('passing customCssUrl should set the correct query params on the iframe', async (done) => {
+    test('passing customCssUrl should set the correct query params on the iframe', async (done) => {
         init({
             thoughtSpotHost,
             authType: AuthType.None,

package/src/embed/ts-embed.spec.ts

@@ -165,15 +165,16 @@ describe('Unit test case for ts embed', () => {
         });
     });
 
-    describe('when thoughtSpotHost have value and authPromise return success response', () => {
+    describe('when thoughtSpotHost have value and authPromise return response true/false', () => {
         beforeAll(() => {
             init({
                 thoughtSpotHost,
                 authType: AuthType.None,
+                loginFailedMessage: 'Failed to Login',
             });
         });
 
-        beforeEach(() => {
+        const setup = async (isLoggedIn = false) => {
             jest.spyOn(window, 'addEventListener').mockImplementationOnce(
                 (event, handler, options) => {
                     handler({
@@ -186,10 +187,9 @@ describe('Unit test case for ts embed', () => {
                 },
             );
             const iFrame: any = document.createElement('div');
-            jest.spyOn(
-                baseInstance,
-                'getAuthPromise',
-            ).mockResolvedValueOnce(() => Promise.resolve());
+            jest.spyOn(baseInstance, 'getAuthPromise').mockResolvedValueOnce(
+                isLoggedIn,
+            );
             const tsEmbed = new SearchEmbed(getRootEl(), {});
             iFrame.contentWindow = null;
             tsEmbed.on(EmbedEvent.CustomAction, jest.fn());
@@ -199,10 +199,11 @@ describe('Unit test case for ts embed', () => {
                 },
             );
             jest.spyOn(document, 'createElement').mockReturnValueOnce(iFrame);
-            tsEmbed.render();
-        });
+            await tsEmbed.render();
+        };
 
-        test('mixpanel should call with VISUAL_SDK_RENDER_COMPLETE', () => {
+        test('mixpanel should call with VISUAL_SDK_RENDER_COMPLETE', async () => {
+            await setup(true);
             expect(mockMixPanelEvent).toBeCalledWith(
                 MIXPANEL_EVENT.VISUAL_SDK_RENDER_START,
             );
@@ -212,11 +213,20 @@ describe('Unit test case for ts embed', () => {
         });
 
         test('Should remove prefetch iframe', async () => {
+            await setup(true);
             const prefetchIframe = document.querySelectorAll<HTMLIFrameElement>(
                 '.prefetchIframe',
             );
             expect(prefetchIframe.length).toBe(0);
         });
+
+        test('Should render failure when login fails', async (done) => {
+            setup(false);
+            executeAfterWait(() => {
+                expect(getRootEl().innerHTML).toContain('Failed to Login');
+                done();
+            });
+        });
     });
 
     describe('when thoughtSpotHost have value and authPromise return error', () => {