@vaadin/hilla-frontend 24.4.0-beta5 → 24.5.0-alpha1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/Authentication.d.ts +28 -2
  2. package/Authentication.d.ts.map +1 -1
  3. package/Authentication.js +35 -4
  4. package/Authentication.js.map +2 -2
  5. package/index.js +1 -1
  6. package/package.json +1 -1
package/Authentication.d.ts CHANGED
@@ -7,11 +7,37 @@ export interface LoginResult {
7
7
  redirectUrl?: string;
8
8
  defaultUrl?: string;
9
9
  }
10
+ export type SuccessCallback = () => Promise<void> | void;
11
+ export type NavigateFunction = (path: string) => void;
10
12
  export interface LoginOptions {
11
- loginProcessingUrl?: string;
13
+ /**
14
+ * The URL for login request, defaults to `/login`.
15
+ */
16
+ loginProcessingUrl?: URL | string;
17
+ /**
18
+ * The success callback.
19
+ */
20
+ onSuccess?: SuccessCallback;
21
+ /**
22
+ * The navigation callback, called after successful login. The default
23
+ * reloads the page.
24
+ */
25
+ navigate?: NavigateFunction;
12
26
  }
13
27
  export interface LogoutOptions {
14
- logoutUrl?: string;
28
+ /**
29
+ * The URL for logout request, defaults to `/logout`.
30
+ */
31
+ logoutUrl?: URL | string;
32
+ /**
33
+ * The success callback.
34
+ */
35
+ onSuccess?: SuccessCallback;
36
+ /**
37
+ * The navigation callback, called after successful logout. The default
38
+ * reloads the page.
39
+ */
40
+ navigate?: NavigateFunction;
15
41
  }
16
42
  /**
17
43
  * A helper method for Spring Security based form login.
package/Authentication.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"Authentication.d.ts","sourceRoot":"","sources":["src/Authentication.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAoDvF,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC3B,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;GAKG;AACH,wBAAsB,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CA2D5G;AAED;;;GAGG;AACH,wBAAsB,MAAM,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAqBnE;AAED;;;;;GAKG;AACH,MAAM,MAAM,wBAAwB,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;AAElE;;;;GAIG;AACH,qBAAa,wBAAyB,YAAW,eAAe;IAC9D,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAA2B;gBAExD,wBAAwB,EAAE,wBAAwB;IAIxD,MAAM,CAAC,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC;CAalF"}
1
+ {"version":3,"file":"Authentication.d.ts","sourceRoot":"","sources":["src/Authentication.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAsDvF,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAEzD,MAAM,MAAM,gBAAgB,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;AAEtD,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,kBAAkB,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC;IAElC;;OAEG;IACH,SAAS,CAAC,EAAE,eAAe,CAAC;IAE5B;;;OAGG;IACH,QAAQ,CAAC,EAAE,gBAAgB,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,SAAS,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC;IAEzB;;OAEG;IACH,SAAS,CAAC,EAAE,eAAe,CAAC;IAE5B;;;OAGG;IACH,QAAQ,CAAC,EAAE,gBAAgB,CAAC;CAC7B;AA+BD;;;;;GAKG;AACH,wBAAsB,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CAoE5G;AAED;;;GAGG;AACH,wBAAsB,MAAM,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CA8BnE;AAED;;;;;GAKG;AACH,MAAM,MAAM,wBAAwB,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;AAElE;;;;GAIG;AACH,qBAAa,wBAAyB,YAAW,eAAe;IAC9D,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAA2B;gBAExD,wBAAwB,EAAE,wBAAwB;IAIxD,MAAM,CAAC,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC;CAalF"}
package/Authentication.js CHANGED
@@ -38,6 +38,21 @@ async function doLogout(logoutUrl, headers) {
38
38
  throw new Error(`failed to logout with response ${response.status}`);
39
39
  }
40
40
  await updateCsrfTokensBasedOnResponse(response);
41
+ return response;
42
+ }
43
+ function normalizePath(url) {
44
+ const effectiveBaseURL = new URL(".", document.baseURI);
45
+ const effectiveBaseURI = effectiveBaseURL.toString();
46
+ let normalized = url;
47
+ if (normalized.startsWith(effectiveBaseURL.pathname)) {
48
+ return `/${normalized.slice(effectiveBaseURL.pathname.length)}`;
49
+ }
50
+ normalized = normalized.startsWith(effectiveBaseURI) ? `/${normalized.slice(effectiveBaseURI.length)}` : normalized;
51
+ return normalized;
52
+ }
53
+ function navigateWithPageReload(to) {
54
+ const url = to.startsWith("/") ? new URL(`.${to}`, document.baseURI) : to;
55
+ window.location.replace(url);
41
56
  }
42
57
  async function login(username, password, options) {
43
58
  try {
@@ -66,6 +81,13 @@ async function login(username, password, options) {
66
81
  springCsrfTokenInfo._csrf_header = springCsrfHeader;
67
82
  updateSpringCsrfMetaTags(springCsrfTokenInfo);
68
83
  }
84
+ if (options?.onSuccess) {
85
+ await options.onSuccess();
86
+ }
87
+ const url = savedUrl ?? defaultUrl ?? document.baseURI;
88
+ const toPath = normalizePath(url);
89
+ const navigate = options?.navigate ?? navigateWithPageReload;
90
+ navigate(toPath);
69
91
  return {
70
92
  defaultUrl,
71
93
  error: false,
@@ -91,22 +113,31 @@ async function login(username, password, options) {
91
113
  }
92
114
  async function logout(options) {
93
115
  const logoutUrl = options?.logoutUrl ?? "logout";
116
+ let response;
94
117
  try {
95
118
  const headers = getSpringCsrfTokenHeadersForAuthRequest(document);
96
- await doLogout(logoutUrl, headers);
119
+ response = await doLogout(logoutUrl, headers);
97
120
  } catch {
98
121
  try {
99
- const response = await fetch("?nocache");
100
- const responseText = await response.text();
122
+ const noCacheResponse = await fetch("?nocache");
123
+ const responseText = await noCacheResponse.text();
101
124
  const doc = new DOMParser().parseFromString(responseText, "text/html");
102
125
  const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);
103
- await doLogout(logoutUrl, headers);
126
+ response = await doLogout(logoutUrl, headers);
104
127
  } catch (error) {
105
128
  clearSpringCsrfMetaTags();
106
129
  throw error;
107
130
  }
108
131
  } finally {
109
132
  CookieManager.remove(JWT_COOKIE_NAME);
133
+ if (response && response.ok && response.redirected) {
134
+ if (options?.onSuccess) {
135
+ await options.onSuccess();
136
+ }
137
+ const toPath = normalizePath(response.url);
138
+ const navigate = options?.navigate ?? navigateWithPageReload;
139
+ navigate(toPath);
140
+ }
110
141
  }
111
142
  }
112
143
  class InvalidSessionMiddleware {
package/Authentication.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["src/Authentication.ts"],
4
- "sourcesContent": ["import type { MiddlewareClass, MiddlewareContext, MiddlewareNext } from './Connect.js';\nimport CookieManager from './CookieManager.js';\nimport { getSpringCsrfInfo, getSpringCsrfTokenHeadersForAuthRequest, VAADIN_CSRF_HEADER } from './CsrfUtils.js';\n\nconst JWT_COOKIE_NAME = 'jwt.headerAndPayload';\n\nfunction getSpringCsrfTokenFromResponseBody(body: string): Record<string, string> {\n const doc = new DOMParser().parseFromString(body, 'text/html');\n return getSpringCsrfInfo(doc);\n}\n\nfunction clearSpringCsrfMetaTags() {\n Array.from(document.head.querySelectorAll('meta[name=\"_csrf\"], meta[name=\"_csrf_header\"]')).forEach((el) =>\n el.remove(),\n );\n}\n\nfunction updateSpringCsrfMetaTags(springCsrfInfo: Record<string, string>) {\n clearSpringCsrfMetaTags();\n const headerNameMeta: HTMLMetaElement = document.createElement('meta');\n headerNameMeta.name = '_csrf_header';\n headerNameMeta.content = springCsrfInfo._csrf_header;\n document.head.appendChild(headerNameMeta);\n const tokenMeta: HTMLMetaElement = document.createElement('meta');\n tokenMeta.name = '_csrf';\n tokenMeta.content = springCsrfInfo._csrf;\n document.head.appendChild(tokenMeta);\n}\n\nconst getVaadinCsrfTokenFromResponseBody = (body: string): string | undefined => {\n const match = /window\\.Vaadin = \\{TypeScript: \\{\"csrfToken\":\"([0-9a-zA-Z\\\\-]{36})\"\\}\\};/iu.exec(body);\n return match ? match[1] : undefined;\n};\n\nasync function updateCsrfTokensBasedOnResponse(response: Response): Promise<string | undefined> {\n const responseText = await response.text();\n const token = getVaadinCsrfTokenFromResponseBody(responseText);\n const springCsrfTokenInfo = getSpringCsrfTokenFromResponseBody(responseText);\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n\n return token;\n}\n\nasync function doLogout(logoutUrl: string, headers: Record<string, string>) {\n const response = await fetch(logoutUrl, { headers, method: 'POST' });\n if (!response.ok) {\n throw new Error(`failed to logout with response ${response.status}`);\n }\n\n await updateCsrfTokensBasedOnResponse(response);\n}\n\nexport interface LoginResult {\n error: boolean;\n token?: string;\n errorTitle?: string;\n errorMessage?: string;\n redirectUrl?: string;\n defaultUrl?: string;\n}\n\nexport interface LoginOptions {\n loginProcessingUrl?: string;\n}\n\nexport interface LogoutOptions {\n logoutUrl?: string;\n}\n\n/**\n * A helper method for Spring Security based form login.\n * @param username - username\n * @param password - password\n * @param options - defines additional options, e.g, the loginProcessingUrl etc.\n */\nexport async function login(username: string, password: string, options?: LoginOptions): Promise<LoginResult> {\n try {\n const data = new FormData();\n data.append('username', username);\n data.append('password', password);\n\n const loginProcessingUrl = options?.loginProcessingUrl ?? 'login';\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n headers.source = 'typescript';\n const response = await fetch(loginProcessingUrl, {\n body: data,\n headers,\n method: 'POST',\n });\n\n // This code assumes that a VaadinSavedRequestAwareAuthenticationSuccessHandler is used on the server side,\n // setting these header values based on the \"source=typescript\" header set above\n\n const result = response.headers.get('Result');\n const savedUrl = response.headers.get('Saved-url') ?? undefined;\n const defaultUrl = response.headers.get('Default-url') ?? undefined;\n const loginSuccessful = response.ok && result === 'success';\n\n if (loginSuccessful) {\n const vaadinCsrfToken = response.headers.get('Vaadin-CSRF') ?? undefined;\n\n const springCsrfHeader = response.headers.get('Spring-CSRF-header') ?? undefined;\n const springCsrfToken = response.headers.get('Spring-CSRF-token') ?? undefined;\n if (springCsrfHeader && springCsrfToken) {\n const springCsrfTokenInfo: Record<string, string> = {};\n springCsrfTokenInfo._csrf = springCsrfToken;\n // eslint-disable-next-line camelcase\n springCsrfTokenInfo._csrf_header = springCsrfHeader;\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n }\n\n return {\n defaultUrl,\n error: false,\n redirectUrl: savedUrl,\n token: vaadinCsrfToken,\n };\n }\n return {\n error: true,\n errorMessage: 'Check that you have entered the correct username and password and try again.',\n errorTitle: 'Incorrect username or password.',\n };\n } catch (e: unknown) {\n if (e instanceof Error) {\n return {\n error: true,\n errorMessage: e.message,\n errorTitle: e.name,\n };\n }\n\n throw e;\n }\n}\n\n/**\n * A helper method for Spring Security based form logout\n * @param options - defines additional options, e.g, the logoutUrl.\n */\nexport async function logout(options?: LogoutOptions): Promise<void> {\n // this assumes the default Spring Security logout configuration (handler URL)\n const logoutUrl = options?.logoutUrl ?? 'logout';\n try {\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n await doLogout(logoutUrl, headers);\n } catch {\n try {\n const response = await fetch('?nocache');\n const responseText = await response.text();\n const doc = new DOMParser().parseFromString(responseText, 'text/html');\n const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);\n await doLogout(logoutUrl, headers);\n } catch (error) {\n // clear the token if the call fails\n clearSpringCsrfMetaTags();\n throw error;\n }\n } finally {\n CookieManager.remove(JWT_COOKIE_NAME);\n }\n}\n\n/**\n * It defines what to do when it detects a session is invalid. E.g.,\n * show a login view.\n * It takes an <code>EndpointCallContinue</code> parameter, which can be\n * used to continue the endpoint call.\n */\nexport type OnInvalidSessionCallback = () => Promise<LoginResult>;\n\n/**\n * A helper class for handling invalid sessions during an endpoint call.\n * E.g., you can use this to show user a login page when the session has\n * expired.\n */\nexport class InvalidSessionMiddleware implements MiddlewareClass {\n private readonly onInvalidSessionCallback: OnInvalidSessionCallback;\n\n constructor(onInvalidSessionCallback: OnInvalidSessionCallback) {\n this.onInvalidSessionCallback = onInvalidSessionCallback;\n }\n\n async invoke(context: MiddlewareContext, next: MiddlewareNext): Promise<Response> {\n const clonedContext = { ...context };\n clonedContext.request = context.request.clone();\n const response = await next(context);\n if (response.status === 401) {\n const loginResult = await this.onInvalidSessionCallback();\n if (loginResult.token) {\n clonedContext.request.headers.set(VAADIN_CSRF_HEADER, loginResult.token);\n return next(clonedContext) as Promise<Response>;\n }\n }\n return response;\n }\n}\n"],
5
- "mappings": "AACA,OAAO,mBAAmB;AAC1B,SAAS,mBAAmB,yCAAyC,0BAA0B;AAE/F,MAAM,kBAAkB;AAExB,SAAS,mCAAmC,MAAsC;AAChF,QAAM,MAAM,IAAI,UAAU,EAAE,gBAAgB,MAAM,WAAW;AAC7D,SAAO,kBAAkB,GAAG;AAC9B;AAEA,SAAS,0BAA0B;AACjC,QAAM,KAAK,SAAS,KAAK,iBAAiB,+CAA+C,CAAC,EAAE;AAAA,IAAQ,CAAC,OACnG,GAAG,OAAO;AAAA,EACZ;AACF;AAEA,SAAS,yBAAyB,gBAAwC;AACxE,0BAAwB;AACxB,QAAM,iBAAkC,SAAS,cAAc,MAAM;AACrE,iBAAe,OAAO;AACtB,iBAAe,UAAU,eAAe;AACxC,WAAS,KAAK,YAAY,cAAc;AACxC,QAAM,YAA6B,SAAS,cAAc,MAAM;AAChE,YAAU,OAAO;AACjB,YAAU,UAAU,eAAe;AACnC,WAAS,KAAK,YAAY,SAAS;AACrC;AAEA,MAAM,qCAAqC,CAAC,SAAqC;AAC/E,QAAM,QAAQ,6EAA6E,KAAK,IAAI;AACpG,SAAO,QAAQ,MAAM,CAAC,IAAI;AAC5B;AAEA,eAAe,gCAAgC,UAAiD;AAC9F,QAAM,eAAe,MAAM,SAAS,KAAK;AACzC,QAAM,QAAQ,mCAAmC,YAAY;AAC7D,QAAM,sBAAsB,mCAAmC,YAAY;AAC3E,2BAAyB,mBAAmB;AAE5C,SAAO;AACT;AAEA,eAAe,SAAS,WAAmB,SAAiC;AAC1E,QAAM,WAAW,MAAM,MAAM,WAAW,EAAE,SAAS,QAAQ,OAAO,CAAC;AACnE,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,IAAI,MAAM,kCAAkC,SAAS,MAAM,EAAE;AAAA,EACrE;AAEA,QAAM,gCAAgC,QAAQ;AAChD;AAyBA,eAAsB,MAAM,UAAkB,UAAkB,SAA8C;AAC5G,MAAI;AACF,UAAM,OAAO,IAAI,SAAS;AAC1B,SAAK,OAAO,YAAY,QAAQ;AAChC,SAAK,OAAO,YAAY,QAAQ;AAEhC,UAAM,qBAAqB,SAAS,sBAAsB;AAC1D,UAAM,UAAU,wCAAwC,QAAQ;AAChE,YAAQ,SAAS;AACjB,UAAM,WAAW,MAAM,MAAM,oBAAoB;AAAA,MAC/C,MAAM;AAAA,MACN;AAAA,MACA,QAAQ;AAAA,IACV,CAAC;AAKD,UAAM,SAAS,SAAS,QAAQ,IAAI,QAAQ;AAC5C,UAAM,WAAW,SAAS,QAAQ,IAAI,WAAW,KAAK;AACtD,UAAM,aAAa,SAAS,QAAQ,IAAI,aAAa,KAAK;AAC1D,UAAM,kBAAkB,SAAS,MAAM,WAAW;AAElD,QAAI,iBAAiB;AACnB,YAAM,kBAAkB,SAAS,QAAQ,IAAI,aAAa,KAAK;AAE/D,YAAM,mBAAmB,SAAS,QAAQ,IAAI,oBAAoB,KAAK;AACvE,YAAM,kBAAkB,SAAS,QAAQ,IAAI,mBAAmB,KAAK;AACrE,UAAI,oBAAoB,iBAAiB;AACvC,cAAM,sBAA8C,CAAC;AACrD,4BAAoB,QAAQ;AAE5B,4BAAoB,eAAe;AACnC,iCAAyB,mBAAmB;AAAA,MAC9C;AAEA,aAAO;AAAA,QACL;AAAA,QACA,OAAO;AAAA,QACP,aAAa;AAAA,QACb,OAAO;AAAA,MACT;AAAA,IACF;AACA,WAAO;AAAA,MACL,OAAO;AAAA,MACP,cAAc;AAAA,MACd,YAAY;AAAA,IACd;AAAA,EACF,SAAS,GAAY;AACnB,QAAI,aAAa,OAAO;AACtB,aAAO;AAAA,QACL,OAAO;AAAA,QACP,cAAc,EAAE;AAAA,QAChB,YAAY,EAAE;AAAA,MAChB;AAAA,IACF;AAEA,UAAM;AAAA,EACR;AACF;AAMA,eAAsB,OAAO,SAAwC;AAEnE,QAAM,YAAY,SAAS,aAAa;AACxC,MAAI;AACF,UAAM,UAAU,wCAAwC,QAAQ;AAChE,UAAM,SAAS,WAAW,OAAO;AAAA,EACnC,QAAQ;AACN,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,UAAU;AACvC,YAAM,eAAe,MAAM,SAAS,KAAK;AACzC,YAAM,MAAM,IAAI,UAAU,EAAE,gBAAgB,cAAc,WAAW;AACrE,YAAM,UAAU,wCAAwC,GAAG;AAC3D,YAAM,SAAS,WAAW,OAAO;AAAA,IACnC,SAAS,OAAO;AAEd,8BAAwB;AACxB,YAAM;AAAA,IACR;AAAA,EACF,UAAE;AACA,kBAAc,OAAO,eAAe;AAAA,EACtC;AACF;AAeO,MAAM,yBAAoD;AAAA,EAC9C;AAAA,EAEjB,YAAY,0BAAoD;AAC9D,SAAK,2BAA2B;AAAA,EAClC;AAAA,EAEA,MAAM,OAAO,SAA4B,MAAyC;AAChF,UAAM,gBAAgB,EAAE,GAAG,QAAQ;AACnC,kBAAc,UAAU,QAAQ,QAAQ,MAAM;AAC9C,UAAM,WAAW,MAAM,KAAK,OAAO;AACnC,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAM,cAAc,MAAM,KAAK,yBAAyB;AACxD,UAAI,YAAY,OAAO;AACrB,sBAAc,QAAQ,QAAQ,IAAI,oBAAoB,YAAY,KAAK;AACvE,eAAO,KAAK,aAAa;AAAA,MAC3B;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACF;",
4
+ "sourcesContent": ["import type { MiddlewareClass, MiddlewareContext, MiddlewareNext } from './Connect.js';\nimport CookieManager from './CookieManager.js';\nimport { getSpringCsrfInfo, getSpringCsrfTokenHeadersForAuthRequest, VAADIN_CSRF_HEADER } from './CsrfUtils.js';\n\nconst JWT_COOKIE_NAME = 'jwt.headerAndPayload';\n\nfunction getSpringCsrfTokenFromResponseBody(body: string): Record<string, string> {\n const doc = new DOMParser().parseFromString(body, 'text/html');\n return getSpringCsrfInfo(doc);\n}\n\nfunction clearSpringCsrfMetaTags() {\n Array.from(document.head.querySelectorAll('meta[name=\"_csrf\"], meta[name=\"_csrf_header\"]')).forEach((el) =>\n el.remove(),\n );\n}\n\nfunction updateSpringCsrfMetaTags(springCsrfInfo: Record<string, string>) {\n clearSpringCsrfMetaTags();\n const headerNameMeta: HTMLMetaElement = document.createElement('meta');\n headerNameMeta.name = '_csrf_header';\n headerNameMeta.content = springCsrfInfo._csrf_header;\n document.head.appendChild(headerNameMeta);\n const tokenMeta: HTMLMetaElement = document.createElement('meta');\n tokenMeta.name = '_csrf';\n tokenMeta.content = springCsrfInfo._csrf;\n document.head.appendChild(tokenMeta);\n}\n\nconst getVaadinCsrfTokenFromResponseBody = (body: string): string | undefined => {\n const match = /window\\.Vaadin = \\{TypeScript: \\{\"csrfToken\":\"([0-9a-zA-Z\\\\-]{36})\"\\}\\};/iu.exec(body);\n return match ? match[1] : undefined;\n};\n\nasync function updateCsrfTokensBasedOnResponse(response: Response): Promise<string | undefined> {\n const responseText = await response.text();\n const token = getVaadinCsrfTokenFromResponseBody(responseText);\n const springCsrfTokenInfo = getSpringCsrfTokenFromResponseBody(responseText);\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n\n return token;\n}\n\nasync function doLogout(logoutUrl: URL | string, headers: Record<string, string>) {\n const response = await fetch(logoutUrl, { headers, method: 'POST' });\n if (!response.ok) {\n throw new Error(`failed to logout with response ${response.status}`);\n }\n\n await updateCsrfTokensBasedOnResponse(response);\n\n return response;\n}\n\nexport interface LoginResult {\n error: boolean;\n token?: string;\n errorTitle?: string;\n errorMessage?: string;\n redirectUrl?: string;\n defaultUrl?: string;\n}\n\nexport type SuccessCallback = () => Promise<void> | void;\n\nexport type NavigateFunction = (path: string) => void;\n\nexport interface LoginOptions {\n /**\n * The URL for login request, defaults to `/login`.\n */\n loginProcessingUrl?: URL | string;\n\n /**\n * The success callback.\n */\n onSuccess?: SuccessCallback;\n\n /**\n * The navigation callback, called after successful login. The default\n * reloads the page.\n */\n navigate?: NavigateFunction;\n}\n\nexport interface LogoutOptions {\n /**\n * The URL for logout request, defaults to `/logout`.\n */\n logoutUrl?: URL | string;\n\n /**\n * The success callback.\n */\n onSuccess?: SuccessCallback;\n\n /**\n * The navigation callback, called after successful logout. The default\n * reloads the page.\n */\n navigate?: NavigateFunction;\n}\n\nfunction normalizePath(url: string): string {\n // URL with context path\n const effectiveBaseURL = new URL('.', document.baseURI);\n const effectiveBaseURI = effectiveBaseURL.toString();\n\n let normalized = url;\n\n // Strip context path prefix\n if (normalized.startsWith(effectiveBaseURL.pathname)) {\n return `/${normalized.slice(effectiveBaseURL.pathname.length)}`;\n }\n\n // Strip base URI\n normalized = normalized.startsWith(effectiveBaseURI) ? `/${normalized.slice(effectiveBaseURI.length)}` : normalized;\n\n return normalized;\n}\n\n/**\n * Navigates to the provided path using page reload.\n *\n * @param to - navigation target path\n */\nfunction navigateWithPageReload(to: string) {\n // Consider absolute path to be within application context\n const url = to.startsWith('/') ? new URL(`.${to}`, document.baseURI) : to;\n window.location.replace(url);\n}\n\n/**\n * A helper method for Spring Security based form login.\n * @param username - username\n * @param password - password\n * @param options - defines additional options, e.g, the loginProcessingUrl etc.\n */\nexport async function login(username: string, password: string, options?: LoginOptions): Promise<LoginResult> {\n try {\n const data = new FormData();\n data.append('username', username);\n data.append('password', password);\n\n const loginProcessingUrl = options?.loginProcessingUrl ?? 'login';\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n headers.source = 'typescript';\n const response = await fetch(loginProcessingUrl, {\n body: data,\n headers,\n method: 'POST',\n });\n\n // This code assumes that a VaadinSavedRequestAwareAuthenticationSuccessHandler is used on the server side,\n // setting these header values based on the \"source=typescript\" header set above\n\n const result = response.headers.get('Result');\n const savedUrl = response.headers.get('Saved-url') ?? undefined;\n const defaultUrl = response.headers.get('Default-url') ?? undefined;\n const loginSuccessful = response.ok && result === 'success';\n\n if (loginSuccessful) {\n const vaadinCsrfToken = response.headers.get('Vaadin-CSRF') ?? undefined;\n\n const springCsrfHeader = response.headers.get('Spring-CSRF-header') ?? undefined;\n const springCsrfToken = response.headers.get('Spring-CSRF-token') ?? undefined;\n if (springCsrfHeader && springCsrfToken) {\n const springCsrfTokenInfo: Record<string, string> = {};\n springCsrfTokenInfo._csrf = springCsrfToken;\n // eslint-disable-next-line camelcase\n springCsrfTokenInfo._csrf_header = springCsrfHeader;\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n }\n\n if (options?.onSuccess) {\n await options.onSuccess();\n }\n\n const url = savedUrl ?? defaultUrl ?? document.baseURI;\n const toPath = normalizePath(url);\n const navigate = options?.navigate ?? navigateWithPageReload;\n navigate(toPath);\n\n return {\n defaultUrl,\n error: false,\n redirectUrl: savedUrl,\n token: vaadinCsrfToken,\n };\n }\n return {\n error: true,\n errorMessage: 'Check that you have entered the correct username and password and try again.',\n errorTitle: 'Incorrect username or password.',\n };\n } catch (e: unknown) {\n if (e instanceof Error) {\n return {\n error: true,\n errorMessage: e.message,\n errorTitle: e.name,\n };\n }\n\n throw e;\n }\n}\n\n/**\n * A helper method for Spring Security based form logout\n * @param options - defines additional options, e.g, the logoutUrl.\n */\nexport async function logout(options?: LogoutOptions): Promise<void> {\n // this assumes the default Spring Security logout configuration (handler URL)\n const logoutUrl = options?.logoutUrl ?? 'logout';\n let response: Response | undefined;\n try {\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n response = await doLogout(logoutUrl, headers);\n } catch {\n try {\n const noCacheResponse = await fetch('?nocache');\n const responseText = await noCacheResponse.text();\n const doc = new DOMParser().parseFromString(responseText, 'text/html');\n const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);\n response = await doLogout(logoutUrl, headers);\n } catch (error) {\n // clear the token if the call fails\n clearSpringCsrfMetaTags();\n throw error;\n }\n } finally {\n CookieManager.remove(JWT_COOKIE_NAME);\n if (response && response.ok && response.redirected) {\n if (options?.onSuccess) {\n await options.onSuccess();\n }\n const toPath = normalizePath(response.url);\n const navigate = options?.navigate ?? navigateWithPageReload;\n navigate(toPath);\n }\n }\n}\n\n/**\n * It defines what to do when it detects a session is invalid. E.g.,\n * show a login view.\n * It takes an <code>EndpointCallContinue</code> parameter, which can be\n * used to continue the endpoint call.\n */\nexport type OnInvalidSessionCallback = () => Promise<LoginResult>;\n\n/**\n * A helper class for handling invalid sessions during an endpoint call.\n * E.g., you can use this to show user a login page when the session has\n * expired.\n */\nexport class InvalidSessionMiddleware implements MiddlewareClass {\n private readonly onInvalidSessionCallback: OnInvalidSessionCallback;\n\n constructor(onInvalidSessionCallback: OnInvalidSessionCallback) {\n this.onInvalidSessionCallback = onInvalidSessionCallback;\n }\n\n async invoke(context: MiddlewareContext, next: MiddlewareNext): Promise<Response> {\n const clonedContext = { ...context };\n clonedContext.request = context.request.clone();\n const response = await next(context);\n if (response.status === 401) {\n const loginResult = await this.onInvalidSessionCallback();\n if (loginResult.token) {\n clonedContext.request.headers.set(VAADIN_CSRF_HEADER, loginResult.token);\n return next(clonedContext) as Promise<Response>;\n }\n }\n return response;\n }\n}\n"],
5
+ "mappings": "AACA,OAAO,mBAAmB;AAC1B,SAAS,mBAAmB,yCAAyC,0BAA0B;AAE/F,MAAM,kBAAkB;AAExB,SAAS,mCAAmC,MAAsC;AAChF,QAAM,MAAM,IAAI,UAAU,EAAE,gBAAgB,MAAM,WAAW;AAC7D,SAAO,kBAAkB,GAAG;AAC9B;AAEA,SAAS,0BAA0B;AACjC,QAAM,KAAK,SAAS,KAAK,iBAAiB,+CAA+C,CAAC,EAAE;AAAA,IAAQ,CAAC,OACnG,GAAG,OAAO;AAAA,EACZ;AACF;AAEA,SAAS,yBAAyB,gBAAwC;AACxE,0BAAwB;AACxB,QAAM,iBAAkC,SAAS,cAAc,MAAM;AACrE,iBAAe,OAAO;AACtB,iBAAe,UAAU,eAAe;AACxC,WAAS,KAAK,YAAY,cAAc;AACxC,QAAM,YAA6B,SAAS,cAAc,MAAM;AAChE,YAAU,OAAO;AACjB,YAAU,UAAU,eAAe;AACnC,WAAS,KAAK,YAAY,SAAS;AACrC;AAEA,MAAM,qCAAqC,CAAC,SAAqC;AAC/E,QAAM,QAAQ,6EAA6E,KAAK,IAAI;AACpG,SAAO,QAAQ,MAAM,CAAC,IAAI;AAC5B;AAEA,eAAe,gCAAgC,UAAiD;AAC9F,QAAM,eAAe,MAAM,SAAS,KAAK;AACzC,QAAM,QAAQ,mCAAmC,YAAY;AAC7D,QAAM,sBAAsB,mCAAmC,YAAY;AAC3E,2BAAyB,mBAAmB;AAE5C,SAAO;AACT;AAEA,eAAe,SAAS,WAAyB,SAAiC;AAChF,QAAM,WAAW,MAAM,MAAM,WAAW,EAAE,SAAS,QAAQ,OAAO,CAAC;AACnE,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,IAAI,MAAM,kCAAkC,SAAS,MAAM,EAAE;AAAA,EACrE;AAEA,QAAM,gCAAgC,QAAQ;AAE9C,SAAO;AACT;AAmDA,SAAS,cAAc,KAAqB;AAE1C,QAAM,mBAAmB,IAAI,IAAI,KAAK,SAAS,OAAO;AACtD,QAAM,mBAAmB,iBAAiB,SAAS;AAEnD,MAAI,aAAa;AAGjB,MAAI,WAAW,WAAW,iBAAiB,QAAQ,GAAG;AACpD,WAAO,IAAI,WAAW,MAAM,iBAAiB,SAAS,MAAM,CAAC;AAAA,EAC/D;AAGA,eAAa,WAAW,WAAW,gBAAgB,IAAI,IAAI,WAAW,MAAM,iBAAiB,MAAM,CAAC,KAAK;AAEzG,SAAO;AACT;AAOA,SAAS,uBAAuB,IAAY;AAE1C,QAAM,MAAM,GAAG,WAAW,GAAG,IAAI,IAAI,IAAI,IAAI,EAAE,IAAI,SAAS,OAAO,IAAI;AACvE,SAAO,SAAS,QAAQ,GAAG;AAC7B;AAQA,eAAsB,MAAM,UAAkB,UAAkB,SAA8C;AAC5G,MAAI;AACF,UAAM,OAAO,IAAI,SAAS;AAC1B,SAAK,OAAO,YAAY,QAAQ;AAChC,SAAK,OAAO,YAAY,QAAQ;AAEhC,UAAM,qBAAqB,SAAS,sBAAsB;AAC1D,UAAM,UAAU,wCAAwC,QAAQ;AAChE,YAAQ,SAAS;AACjB,UAAM,WAAW,MAAM,MAAM,oBAAoB;AAAA,MAC/C,MAAM;AAAA,MACN;AAAA,MACA,QAAQ;AAAA,IACV,CAAC;AAKD,UAAM,SAAS,SAAS,QAAQ,IAAI,QAAQ;AAC5C,UAAM,WAAW,SAAS,QAAQ,IAAI,WAAW,KAAK;AACtD,UAAM,aAAa,SAAS,QAAQ,IAAI,aAAa,KAAK;AAC1D,UAAM,kBAAkB,SAAS,MAAM,WAAW;AAElD,QAAI,iBAAiB;AACnB,YAAM,kBAAkB,SAAS,QAAQ,IAAI,aAAa,KAAK;AAE/D,YAAM,mBAAmB,SAAS,QAAQ,IAAI,oBAAoB,KAAK;AACvE,YAAM,kBAAkB,SAAS,QAAQ,IAAI,mBAAmB,KAAK;AACrE,UAAI,oBAAoB,iBAAiB;AACvC,cAAM,sBAA8C,CAAC;AACrD,4BAAoB,QAAQ;AAE5B,4BAAoB,eAAe;AACnC,iCAAyB,mBAAmB;AAAA,MAC9C;AAEA,UAAI,SAAS,WAAW;AACtB,cAAM,QAAQ,UAAU;AAAA,MAC1B;AAEA,YAAM,MAAM,YAAY,cAAc,SAAS;AAC/C,YAAM,SAAS,cAAc,GAAG;AAChC,YAAM,WAAW,SAAS,YAAY;AACtC,eAAS,MAAM;AAEf,aAAO;AAAA,QACL;AAAA,QACA,OAAO;AAAA,QACP,aAAa;AAAA,QACb,OAAO;AAAA,MACT;AAAA,IACF;AACA,WAAO;AAAA,MACL,OAAO;AAAA,MACP,cAAc;AAAA,MACd,YAAY;AAAA,IACd;AAAA,EACF,SAAS,GAAY;AACnB,QAAI,aAAa,OAAO;AACtB,aAAO;AAAA,QACL,OAAO;AAAA,QACP,cAAc,EAAE;AAAA,QAChB,YAAY,EAAE;AAAA,MAChB;AAAA,IACF;AAEA,UAAM;AAAA,EACR;AACF;AAMA,eAAsB,OAAO,SAAwC;AAEnE,QAAM,YAAY,SAAS,aAAa;AACxC,MAAI;AACJ,MAAI;AACF,UAAM,UAAU,wCAAwC,QAAQ;AAChE,eAAW,MAAM,SAAS,WAAW,OAAO;AAAA,EAC9C,QAAQ;AACN,QAAI;AACF,YAAM,kBAAkB,MAAM,MAAM,UAAU;AAC9C,YAAM,eAAe,MAAM,gBAAgB,KAAK;AAChD,YAAM,MAAM,IAAI,UAAU,EAAE,gBAAgB,cAAc,WAAW;AACrE,YAAM,UAAU,wCAAwC,GAAG;AAC3D,iBAAW,MAAM,SAAS,WAAW,OAAO;AAAA,IAC9C,SAAS,OAAO;AAEd,8BAAwB;AACxB,YAAM;AAAA,IACR;AAAA,EACF,UAAE;AACA,kBAAc,OAAO,eAAe;AACpC,QAAI,YAAY,SAAS,MAAM,SAAS,YAAY;AAClD,UAAI,SAAS,WAAW;AACtB,cAAM,QAAQ,UAAU;AAAA,MAC1B;AACA,YAAM,SAAS,cAAc,SAAS,GAAG;AACzC,YAAM,WAAW,SAAS,YAAY;AACtC,eAAS,MAAM;AAAA,IACjB;AAAA,EACF;AACF;AAeO,MAAM,yBAAoD;AAAA,EAC9C;AAAA,EAEjB,YAAY,0BAAoD;AAC9D,SAAK,2BAA2B;AAAA,EAClC;AAAA,EAEA,MAAM,OAAO,SAA4B,MAAyC;AAChF,UAAM,gBAAgB,EAAE,GAAG,QAAQ;AACnC,kBAAc,UAAU,QAAQ,QAAQ,MAAM;AAC9C,UAAM,WAAW,MAAM,KAAK,OAAO;AACnC,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAM,cAAc,MAAM,KAAK,yBAAyB;AACxD,UAAI,YAAY,OAAO;AACrB,sBAAc,QAAQ,QAAQ,IAAI,oBAAoB,YAAY,KAAK;AACvE,eAAO,KAAK,aAAa;AAAA,MAC3B;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACF;",
6
6
  "names": []
7
7
  }
package/index.js CHANGED
@@ -2,7 +2,7 @@ function __REGISTER__(feature, vaadinObj = window.Vaadin ??= {}) {
2
2
  vaadinObj.registrations ??= [];
3
3
  vaadinObj.registrations.push({
4
4
  is: feature ? `${"@vaadin/hilla-frontend"}/${feature}` : "@vaadin/hilla-frontend",
5
- version: "24.4.0-beta5"
5
+ version: "24.5.0-alpha1"
6
6
  });
7
7
  }
8
8
  export * from "./Authentication.js";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vaadin/hilla-frontend",
3
- "version": "24.4.0-beta5",
3
+ "version": "24.5.0-alpha1",
4
4
  "description": "Hilla core frontend utils",
5
5
  "main": "index.js",
6
6
  "module": "index.js",