@vaadin/hilla-frontend 24.7.0-alpha9 → 24.8.0-alpha1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/Authentication.d.ts +53 -54
  2. package/Authentication.js +161 -145
  3. package/Authentication.js.map +1 -7
  4. package/Connect.d.ts +150 -146
  5. package/Connect.js +228 -177
  6. package/Connect.js.map +1 -7
  7. package/CookieManager.d.ts +2 -2
  8. package/CookieManager.js +5 -12
  9. package/CookieManager.js.map +1 -7
  10. package/CsrfUtils.d.ts +1 -13
  11. package/CsrfUtils.js +51 -51
  12. package/CsrfUtils.js.map +1 -7
  13. package/EndpointErrors.d.ts +73 -74
  14. package/EndpointErrors.js +108 -101
  15. package/EndpointErrors.js.map +1 -7
  16. package/FluxConnection.d.ts +51 -52
  17. package/FluxConnection.js +278 -259
  18. package/FluxConnection.js.map +1 -7
  19. package/FluxMessages.d.ts +14 -15
  20. package/FluxMessages.js +3 -6
  21. package/FluxMessages.js.map +1 -7
  22. package/index.d.ts +4 -5
  23. package/index.js +9 -15
  24. package/index.js.map +1 -7
  25. package/package.json +8 -28
  26. package/types.d.ts +17 -0
  27. package/Authentication.d.ts.map +0 -1
  28. package/Connect.d.ts.map +0 -1
  29. package/CookieManager.d.ts.map +0 -1
  30. package/CsrfUtils.d.ts.map +0 -1
  31. package/EndpointErrors.d.ts.map +0 -1
  32. package/FluxConnection.d.ts.map +0 -1
  33. package/FluxMessages.d.ts.map +0 -1
  34. package/index.d.ts.map +0 -1
package/Authentication.d.ts CHANGED
@@ -1,71 +1,70 @@
1
- import type { MiddlewareClass, MiddlewareContext, MiddlewareNext } from './Connect.js';
1
+ import type { MiddlewareClass, MiddlewareContext, MiddlewareNext } from "./Connect.js";
2
2
  export interface LoginResult {
3
- error: boolean;
4
- token?: string;
5
- errorTitle?: string;
6
- errorMessage?: string;
7
- redirectUrl?: string;
8
- defaultUrl?: string;
3
+ error: boolean;
4
+ token?: string;
5
+ errorTitle?: string;
6
+ errorMessage?: string;
7
+ redirectUrl?: string;
8
+ defaultUrl?: string;
9
9
  }
10
10
  export type SuccessCallback = () => Promise<void> | void;
11
11
  export type NavigateFunction = (path: string) => void;
12
12
  export interface LoginOptions {
13
- /**
14
- * The URL for login request, defaults to `/login`.
15
- */
16
- loginProcessingUrl?: URL | string;
17
- /**
18
- * The success callback.
19
- */
20
- onSuccess?: SuccessCallback;
21
- /**
22
- * The navigation callback, called after successful login. The default
23
- * reloads the page.
24
- */
25
- navigate?: NavigateFunction;
13
+ /**
14
+ * The URL for login request, defaults to `/login`.
15
+ */
16
+ loginProcessingUrl?: URL | string;
17
+ /**
18
+ * The success callback.
19
+ */
20
+ onSuccess?: SuccessCallback;
21
+ /**
22
+ * The navigation callback, called after successful login. The default
23
+ * reloads the page.
24
+ */
25
+ navigate?: NavigateFunction;
26
26
  }
27
27
  export interface LogoutOptions {
28
- /**
29
- * The URL for logout request, defaults to `/logout`.
30
- */
31
- logoutUrl?: URL | string;
32
- /**
33
- * The success callback.
34
- */
35
- onSuccess?: SuccessCallback;
36
- /**
37
- * The navigation callback, called after successful logout. The default
38
- * reloads the page.
39
- */
40
- navigate?: NavigateFunction;
28
+ /**
29
+ * The URL for logout request, defaults to `/logout`.
30
+ */
31
+ logoutUrl?: URL | string;
32
+ /**
33
+ * The success callback.
34
+ */
35
+ onSuccess?: SuccessCallback;
36
+ /**
37
+ * The navigation callback, called after successful logout. The default
38
+ * reloads the page.
39
+ */
40
+ navigate?: NavigateFunction;
41
41
  }
42
42
  /**
43
- * A helper method for Spring Security based form login.
44
- * @param username - username
45
- * @param password - password
46
- * @param options - defines additional options, e.g, the loginProcessingUrl etc.
47
- */
43
+ * A helper method for Spring Security based form login.
44
+ * @param username - username
45
+ * @param password - password
46
+ * @param options - defines additional options, e.g, the loginProcessingUrl etc.
47
+ */
48
48
  export declare function login(username: string, password: string, options?: LoginOptions): Promise<LoginResult>;
49
49
  /**
50
- * A helper method for Spring Security based form logout
51
- * @param options - defines additional options, e.g, the logoutUrl.
52
- */
50
+ * A helper method for Spring Security based form logout
51
+ * @param options - defines additional options, e.g, the logoutUrl.
52
+ */
53
53
  export declare function logout(options?: LogoutOptions): Promise<void>;
54
54
  /**
55
- * It defines what to do when it detects a session is invalid. E.g.,
56
- * show a login view.
57
- * It takes an <code>EndpointCallContinue</code> parameter, which can be
58
- * used to continue the endpoint call.
59
- */
55
+ * It defines what to do when it detects a session is invalid. E.g.,
56
+ * show a login view.
57
+ * It takes an <code>EndpointCallContinue</code> parameter, which can be
58
+ * used to continue the endpoint call.
59
+ */
60
60
  export type OnInvalidSessionCallback = () => Promise<LoginResult>;
61
61
  /**
62
- * A helper class for handling invalid sessions during an endpoint call.
63
- * E.g., you can use this to show user a login page when the session has
64
- * expired.
65
- */
62
+ * A helper class for handling invalid sessions during an endpoint call.
63
+ * E.g., you can use this to show user a login page when the session has
64
+ * expired.
65
+ */
66
66
  export declare class InvalidSessionMiddleware implements MiddlewareClass {
67
- private readonly onInvalidSessionCallback;
68
- constructor(onInvalidSessionCallback: OnInvalidSessionCallback);
69
- invoke(context: MiddlewareContext, next: MiddlewareNext): Promise<Response>;
67
+ private readonly onInvalidSessionCallback;
68
+ constructor(onInvalidSessionCallback: OnInvalidSessionCallback);
69
+ invoke(context: MiddlewareContext, next: MiddlewareNext): Promise<Response>;
70
70
  }
71
- //# sourceMappingURL=Authentication.d.ts.map
package/Authentication.js CHANGED
@@ -2,166 +2,182 @@ import CookieManager from "./CookieManager.js";
2
2
  import { getSpringCsrfInfo, getSpringCsrfTokenHeadersForAuthRequest, VAADIN_CSRF_HEADER } from "./CsrfUtils.js";
3
3
  const JWT_COOKIE_NAME = "jwt.headerAndPayload";
4
4
  function getSpringCsrfTokenFromResponseBody(body) {
5
- const doc = new DOMParser().parseFromString(body, "text/html");
6
- return getSpringCsrfInfo(doc);
5
+ const doc = new DOMParser().parseFromString(body, "text/html");
6
+ return getSpringCsrfInfo(doc);
7
7
  }
8
8
  function clearSpringCsrfMetaTags() {
9
- Array.from(document.head.querySelectorAll('meta[name="_csrf"], meta[name="_csrf_header"]')).forEach(
10
- (el) => el.remove()
11
- );
9
+ Array.from(document.head.querySelectorAll("meta[name=\"_csrf\"], meta[name=\"_csrf_header\"]")).forEach((el) => el.remove());
12
10
  }
13
11
  function updateSpringCsrfMetaTags(springCsrfInfo) {
14
- clearSpringCsrfMetaTags();
15
- const headerNameMeta = document.createElement("meta");
16
- headerNameMeta.name = "_csrf_header";
17
- headerNameMeta.content = springCsrfInfo._csrf_header;
18
- document.head.appendChild(headerNameMeta);
19
- const tokenMeta = document.createElement("meta");
20
- tokenMeta.name = "_csrf";
21
- tokenMeta.content = springCsrfInfo._csrf;
22
- document.head.appendChild(tokenMeta);
12
+ clearSpringCsrfMetaTags();
13
+ const headerNameMeta = document.createElement("meta");
14
+ headerNameMeta.name = "_csrf_header";
15
+ headerNameMeta.content = springCsrfInfo._csrf_header;
16
+ document.head.appendChild(headerNameMeta);
17
+ const tokenMeta = document.createElement("meta");
18
+ tokenMeta.name = "_csrf";
19
+ tokenMeta.content = springCsrfInfo._csrf;
20
+ document.head.appendChild(tokenMeta);
23
21
  }
24
22
  const getVaadinCsrfTokenFromResponseBody = (body) => {
25
- const match = /window\.Vaadin = \{TypeScript: \{"csrfToken":"([0-9a-zA-Z\\-]{36})"\}\};/iu.exec(body);
26
- return match ? match[1] : void 0;
23
+ const match = /window\.Vaadin = \{TypeScript: \{"csrfToken":"([0-9a-zA-Z\\-]{36})"\}\};/iu.exec(body);
24
+ return match ? match[1] : undefined;
27
25
  };
28
26
  async function updateCsrfTokensBasedOnResponse(response) {
29
- const responseText = await response.text();
30
- const token = getVaadinCsrfTokenFromResponseBody(responseText);
31
- const springCsrfTokenInfo = getSpringCsrfTokenFromResponseBody(responseText);
32
- updateSpringCsrfMetaTags(springCsrfTokenInfo);
33
- return token;
27
+ const responseText = await response.text();
28
+ const token = getVaadinCsrfTokenFromResponseBody(responseText);
29
+ const springCsrfTokenInfo = getSpringCsrfTokenFromResponseBody(responseText);
30
+ updateSpringCsrfMetaTags(springCsrfTokenInfo);
31
+ return token;
34
32
  }
35
33
  async function doLogout(logoutUrl, headers) {
36
- const response = await fetch(logoutUrl, { headers, method: "POST" });
37
- if (!response.ok) {
38
- throw new Error(`failed to logout with response ${response.status}`);
39
- }
40
- await updateCsrfTokensBasedOnResponse(response);
41
- return response;
34
+ const response = await fetch(logoutUrl, {
35
+ headers,
36
+ method: "POST"
37
+ });
38
+ if (!response.ok) {
39
+ throw new Error(`failed to logout with response ${response.status}`);
40
+ }
41
+ await updateCsrfTokensBasedOnResponse(response);
42
+ return response;
42
43
  }
43
44
  function normalizePath(url) {
44
- const effectiveBaseURL = new URL(".", document.baseURI);
45
- const effectiveBaseURI = effectiveBaseURL.toString();
46
- let normalized = url;
47
- if (normalized.startsWith(effectiveBaseURL.pathname)) {
48
- return `/${normalized.slice(effectiveBaseURL.pathname.length)}`;
49
- }
50
- normalized = normalized.startsWith(effectiveBaseURI) ? `/${normalized.slice(effectiveBaseURI.length)}` : normalized;
51
- return normalized;
45
+ const effectiveBaseURL = new URL(".", document.baseURI);
46
+ const effectiveBaseURI = effectiveBaseURL.toString();
47
+ let normalized = url;
48
+ if (normalized.startsWith(effectiveBaseURL.pathname)) {
49
+ return `/${normalized.slice(effectiveBaseURL.pathname.length)}`;
50
+ }
51
+ normalized = normalized.startsWith(effectiveBaseURI) ? `/${normalized.slice(effectiveBaseURI.length)}` : normalized;
52
+ return normalized;
52
53
  }
54
+ /**
55
+ * Navigates to the provided path using page reload.
56
+ *
57
+ * @param to - navigation target path
58
+ */
53
59
  function navigateWithPageReload(to) {
54
- const url = to.startsWith("/") ? new URL(`.${to}`, document.baseURI) : to;
55
- window.location.replace(url);
60
+ const url = to.startsWith("/") ? new URL(`.${to}`, document.baseURI) : to;
61
+ window.location.replace(url);
56
62
  }
57
- async function login(username, password, options) {
58
- try {
59
- const data = new FormData();
60
- data.append("username", username);
61
- data.append("password", password);
62
- const loginProcessingUrl = options?.loginProcessingUrl ?? "login";
63
- const headers = getSpringCsrfTokenHeadersForAuthRequest(document);
64
- headers.source = "typescript";
65
- const response = await fetch(loginProcessingUrl, {
66
- body: data,
67
- headers,
68
- method: "POST"
69
- });
70
- const result = response.headers.get("Result");
71
- const savedUrl = response.headers.get("Saved-url") ?? void 0;
72
- const defaultUrl = response.headers.get("Default-url") ?? void 0;
73
- const loginSuccessful = response.ok && result === "success";
74
- if (loginSuccessful) {
75
- const vaadinCsrfToken = response.headers.get("Vaadin-CSRF") ?? void 0;
76
- const springCsrfHeader = response.headers.get("Spring-CSRF-header") ?? void 0;
77
- const springCsrfToken = response.headers.get("Spring-CSRF-token") ?? void 0;
78
- if (springCsrfHeader && springCsrfToken) {
79
- const springCsrfTokenInfo = {};
80
- springCsrfTokenInfo._csrf = springCsrfToken;
81
- springCsrfTokenInfo._csrf_header = springCsrfHeader;
82
- updateSpringCsrfMetaTags(springCsrfTokenInfo);
83
- }
84
- if (options?.onSuccess) {
85
- await options.onSuccess();
86
- }
87
- const url = savedUrl ?? defaultUrl ?? document.baseURI;
88
- const toPath = normalizePath(url);
89
- const navigate = options?.navigate ?? navigateWithPageReload;
90
- navigate(toPath);
91
- return {
92
- defaultUrl,
93
- error: false,
94
- redirectUrl: savedUrl,
95
- token: vaadinCsrfToken
96
- };
97
- }
98
- return {
99
- error: true,
100
- errorMessage: "Check that you have entered the correct username and password and try again.",
101
- errorTitle: "Incorrect username or password."
102
- };
103
- } catch (e) {
104
- if (e instanceof Error) {
105
- return {
106
- error: true,
107
- errorMessage: e.message,
108
- errorTitle: e.name
109
- };
110
- }
111
- throw e;
112
- }
63
+ /**
64
+ * A helper method for Spring Security based form login.
65
+ * @param username - username
66
+ * @param password - password
67
+ * @param options - defines additional options, e.g, the loginProcessingUrl etc.
68
+ */
69
+ export async function login(username, password, options) {
70
+ try {
71
+ const data = new FormData();
72
+ data.append("username", username);
73
+ data.append("password", password);
74
+ const loginProcessingUrl = options?.loginProcessingUrl ?? "login";
75
+ const headers = getSpringCsrfTokenHeadersForAuthRequest(document);
76
+ headers.source = "typescript";
77
+ const response = await fetch(loginProcessingUrl, {
78
+ body: data,
79
+ headers,
80
+ method: "POST"
81
+ });
82
+ const result = response.headers.get("Result");
83
+ const savedUrl = response.headers.get("Saved-url") ?? undefined;
84
+ const defaultUrl = response.headers.get("Default-url") ?? undefined;
85
+ const loginSuccessful = response.ok && result === "success";
86
+ if (loginSuccessful) {
87
+ const vaadinCsrfToken = response.headers.get("Vaadin-CSRF") ?? undefined;
88
+ const springCsrfHeader = response.headers.get("Spring-CSRF-header") ?? undefined;
89
+ const springCsrfToken = response.headers.get("Spring-CSRF-token") ?? undefined;
90
+ if (springCsrfHeader && springCsrfToken) {
91
+ const springCsrfTokenInfo = {};
92
+ springCsrfTokenInfo._csrf = springCsrfToken;
93
+ springCsrfTokenInfo._csrf_header = springCsrfHeader;
94
+ updateSpringCsrfMetaTags(springCsrfTokenInfo);
95
+ }
96
+ if (options?.onSuccess) {
97
+ await options.onSuccess();
98
+ }
99
+ const url = savedUrl ?? defaultUrl ?? document.baseURI;
100
+ const toPath = normalizePath(url);
101
+ const navigate = options?.navigate ?? navigateWithPageReload;
102
+ navigate(toPath);
103
+ return {
104
+ defaultUrl,
105
+ error: false,
106
+ redirectUrl: savedUrl,
107
+ token: vaadinCsrfToken
108
+ };
109
+ }
110
+ return {
111
+ error: true,
112
+ errorMessage: "Check that you have entered the correct username and password and try again.",
113
+ errorTitle: "Incorrect username or password."
114
+ };
115
+ } catch (e) {
116
+ if (e instanceof Error) {
117
+ return {
118
+ error: true,
119
+ errorMessage: e.message,
120
+ errorTitle: e.name
121
+ };
122
+ }
123
+ throw e;
124
+ }
113
125
  }
114
- async function logout(options) {
115
- const logoutUrl = options?.logoutUrl ?? "logout";
116
- let response;
117
- try {
118
- const headers = getSpringCsrfTokenHeadersForAuthRequest(document);
119
- response = await doLogout(logoutUrl, headers);
120
- } catch {
121
- try {
122
- const noCacheResponse = await fetch("?nocache");
123
- const responseText = await noCacheResponse.text();
124
- const doc = new DOMParser().parseFromString(responseText, "text/html");
125
- const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);
126
- response = await doLogout(logoutUrl, headers);
127
- } catch (error) {
128
- clearSpringCsrfMetaTags();
129
- throw error;
130
- }
131
- } finally {
132
- CookieManager.remove(JWT_COOKIE_NAME);
133
- if (response && response.ok && response.redirected) {
134
- if (options?.onSuccess) {
135
- await options.onSuccess();
136
- }
137
- const toPath = normalizePath(response.url);
138
- const navigate = options?.navigate ?? navigateWithPageReload;
139
- navigate(toPath);
140
- }
141
- }
126
+ /**
127
+ * A helper method for Spring Security based form logout
128
+ * @param options - defines additional options, e.g, the logoutUrl.
129
+ */
130
+ export async function logout(options) {
131
+ const logoutUrl = options?.logoutUrl ?? "logout";
132
+ let response;
133
+ try {
134
+ const headers = getSpringCsrfTokenHeadersForAuthRequest(document);
135
+ response = await doLogout(logoutUrl, headers);
136
+ } catch {
137
+ try {
138
+ const noCacheResponse = await fetch("?nocache");
139
+ const responseText = await noCacheResponse.text();
140
+ const doc = new DOMParser().parseFromString(responseText, "text/html");
141
+ const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);
142
+ response = await doLogout(logoutUrl, headers);
143
+ } catch (error) {
144
+ clearSpringCsrfMetaTags();
145
+ throw error;
146
+ }
147
+ } finally {
148
+ CookieManager.remove(JWT_COOKIE_NAME);
149
+ if (response && response.ok && response.redirected) {
150
+ if (options?.onSuccess) {
151
+ await options.onSuccess();
152
+ }
153
+ const toPath = normalizePath(response.url);
154
+ const navigate = options?.navigate ?? navigateWithPageReload;
155
+ navigate(toPath);
156
+ }
157
+ }
142
158
  }
143
- class InvalidSessionMiddleware {
144
- onInvalidSessionCallback;
145
- constructor(onInvalidSessionCallback) {
146
- this.onInvalidSessionCallback = onInvalidSessionCallback;
147
- }
148
- async invoke(context, next) {
149
- const clonedContext = { ...context };
150
- clonedContext.request = context.request.clone();
151
- const response = await next(context);
152
- if (response.status === 401) {
153
- const loginResult = await this.onInvalidSessionCallback();
154
- if (loginResult.token) {
155
- clonedContext.request.headers.set(VAADIN_CSRF_HEADER, loginResult.token);
156
- return next(clonedContext);
157
- }
158
- }
159
- return response;
160
- }
159
+ /**
160
+ * A helper class for handling invalid sessions during an endpoint call.
161
+ * E.g., you can use this to show user a login page when the session has
162
+ * expired.
163
+ */
164
+ export class InvalidSessionMiddleware {
165
+ onInvalidSessionCallback;
166
+ constructor(onInvalidSessionCallback) {
167
+ this.onInvalidSessionCallback = onInvalidSessionCallback;
168
+ }
169
+ async invoke(context, next) {
170
+ const clonedContext = { ...context };
171
+ clonedContext.request = context.request.clone();
172
+ const response = await next(context);
173
+ if (response.status === 401) {
174
+ const loginResult = await this.onInvalidSessionCallback();
175
+ if (loginResult.token) {
176
+ clonedContext.request.headers.set(VAADIN_CSRF_HEADER, loginResult.token);
177
+ return next(clonedContext);
178
+ }
179
+ }
180
+ return response;
181
+ }
161
182
  }
162
- export {
163
- InvalidSessionMiddleware,
164
- login,
165
- logout
166
- };
167
- //# sourceMappingURL=Authentication.js.map
183
+ //# sourceMappingURL=./Authentication.js.map
package/Authentication.js.map CHANGED
@@ -1,7 +1 @@
1
- {
2
- "version": 3,
3
- "sources": ["src/Authentication.ts"],
4
- "sourcesContent": ["import type { MiddlewareClass, MiddlewareContext, MiddlewareNext } from './Connect.js';\nimport CookieManager from './CookieManager.js';\nimport { getSpringCsrfInfo, getSpringCsrfTokenHeadersForAuthRequest, VAADIN_CSRF_HEADER } from './CsrfUtils.js';\n\nconst JWT_COOKIE_NAME = 'jwt.headerAndPayload';\n\nfunction getSpringCsrfTokenFromResponseBody(body: string): Record<string, string> {\n const doc = new DOMParser().parseFromString(body, 'text/html');\n return getSpringCsrfInfo(doc);\n}\n\nfunction clearSpringCsrfMetaTags() {\n Array.from(document.head.querySelectorAll('meta[name=\"_csrf\"], meta[name=\"_csrf_header\"]')).forEach((el) =>\n el.remove(),\n );\n}\n\nfunction updateSpringCsrfMetaTags(springCsrfInfo: Record<string, string>) {\n clearSpringCsrfMetaTags();\n const headerNameMeta: HTMLMetaElement = document.createElement('meta');\n headerNameMeta.name = '_csrf_header';\n headerNameMeta.content = springCsrfInfo._csrf_header;\n document.head.appendChild(headerNameMeta);\n const tokenMeta: HTMLMetaElement = document.createElement('meta');\n tokenMeta.name = '_csrf';\n tokenMeta.content = springCsrfInfo._csrf;\n document.head.appendChild(tokenMeta);\n}\n\nconst getVaadinCsrfTokenFromResponseBody = (body: string): string | undefined => {\n const match = /window\\.Vaadin = \\{TypeScript: \\{\"csrfToken\":\"([0-9a-zA-Z\\\\-]{36})\"\\}\\};/iu.exec(body);\n return match ? match[1] : undefined;\n};\n\nasync function updateCsrfTokensBasedOnResponse(response: Response): Promise<string | undefined> {\n const responseText = await response.text();\n const token = getVaadinCsrfTokenFromResponseBody(responseText);\n const springCsrfTokenInfo = getSpringCsrfTokenFromResponseBody(responseText);\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n\n return token;\n}\n\nasync function doLogout(logoutUrl: URL | string, headers: Record<string, string>) {\n const response = await fetch(logoutUrl, { headers, method: 'POST' });\n if (!response.ok) {\n throw new Error(`failed to logout with response ${response.status}`);\n }\n\n await updateCsrfTokensBasedOnResponse(response);\n\n return response;\n}\n\nexport interface LoginResult {\n error: boolean;\n token?: string;\n errorTitle?: string;\n errorMessage?: string;\n redirectUrl?: string;\n defaultUrl?: string;\n}\n\nexport type SuccessCallback = () => Promise<void> | void;\n\nexport type NavigateFunction = (path: string) => void;\n\nexport interface LoginOptions {\n /**\n * The URL for login request, defaults to `/login`.\n */\n loginProcessingUrl?: URL | string;\n\n /**\n * The success callback.\n */\n onSuccess?: SuccessCallback;\n\n /**\n * The navigation callback, called after successful login. The default\n * reloads the page.\n */\n navigate?: NavigateFunction;\n}\n\nexport interface LogoutOptions {\n /**\n * The URL for logout request, defaults to `/logout`.\n */\n logoutUrl?: URL | string;\n\n /**\n * The success callback.\n */\n onSuccess?: SuccessCallback;\n\n /**\n * The navigation callback, called after successful logout. The default\n * reloads the page.\n */\n navigate?: NavigateFunction;\n}\n\nfunction normalizePath(url: string): string {\n // URL with context path\n const effectiveBaseURL = new URL('.', document.baseURI);\n const effectiveBaseURI = effectiveBaseURL.toString();\n\n let normalized = url;\n\n // Strip context path prefix\n if (normalized.startsWith(effectiveBaseURL.pathname)) {\n return `/${normalized.slice(effectiveBaseURL.pathname.length)}`;\n }\n\n // Strip base URI\n normalized = normalized.startsWith(effectiveBaseURI) ? `/${normalized.slice(effectiveBaseURI.length)}` : normalized;\n\n return normalized;\n}\n\n/**\n * Navigates to the provided path using page reload.\n *\n * @param to - navigation target path\n */\nfunction navigateWithPageReload(to: string) {\n // Consider absolute path to be within application context\n const url = to.startsWith('/') ? new URL(`.${to}`, document.baseURI) : to;\n window.location.replace(url);\n}\n\n/**\n * A helper method for Spring Security based form login.\n * @param username - username\n * @param password - password\n * @param options - defines additional options, e.g, the loginProcessingUrl etc.\n */\nexport async function login(username: string, password: string, options?: LoginOptions): Promise<LoginResult> {\n try {\n const data = new FormData();\n data.append('username', username);\n data.append('password', password);\n\n const loginProcessingUrl = options?.loginProcessingUrl ?? 'login';\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n headers.source = 'typescript';\n const response = await fetch(loginProcessingUrl, {\n body: data,\n headers,\n method: 'POST',\n });\n\n // This code assumes that a VaadinSavedRequestAwareAuthenticationSuccessHandler is used on the server side,\n // setting these header values based on the \"source=typescript\" header set above\n\n const result = response.headers.get('Result');\n const savedUrl = response.headers.get('Saved-url') ?? undefined;\n const defaultUrl = response.headers.get('Default-url') ?? undefined;\n const loginSuccessful = response.ok && result === 'success';\n\n if (loginSuccessful) {\n const vaadinCsrfToken = response.headers.get('Vaadin-CSRF') ?? undefined;\n\n const springCsrfHeader = response.headers.get('Spring-CSRF-header') ?? undefined;\n const springCsrfToken = response.headers.get('Spring-CSRF-token') ?? undefined;\n if (springCsrfHeader && springCsrfToken) {\n const springCsrfTokenInfo: Record<string, string> = {};\n springCsrfTokenInfo._csrf = springCsrfToken;\n // eslint-disable-next-line camelcase\n springCsrfTokenInfo._csrf_header = springCsrfHeader;\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n }\n\n if (options?.onSuccess) {\n await options.onSuccess();\n }\n\n const url = savedUrl ?? defaultUrl ?? document.baseURI;\n const toPath = normalizePath(url);\n const navigate = options?.navigate ?? navigateWithPageReload;\n navigate(toPath);\n\n return {\n defaultUrl,\n error: false,\n redirectUrl: savedUrl,\n token: vaadinCsrfToken,\n };\n }\n return {\n error: true,\n errorMessage: 'Check that you have entered the correct username and password and try again.',\n errorTitle: 'Incorrect username or password.',\n };\n } catch (e: unknown) {\n if (e instanceof Error) {\n return {\n error: true,\n errorMessage: e.message,\n errorTitle: e.name,\n };\n }\n\n throw e;\n }\n}\n\n/**\n * A helper method for Spring Security based form logout\n * @param options - defines additional options, e.g, the logoutUrl.\n */\nexport async function logout(options?: LogoutOptions): Promise<void> {\n // this assumes the default Spring Security logout configuration (handler URL)\n const logoutUrl = options?.logoutUrl ?? 'logout';\n let response: Response | undefined;\n try {\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n response = await doLogout(logoutUrl, headers);\n } catch {\n try {\n const noCacheResponse = await fetch('?nocache');\n const responseText = await noCacheResponse.text();\n const doc = new DOMParser().parseFromString(responseText, 'text/html');\n const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);\n response = await doLogout(logoutUrl, headers);\n } catch (error) {\n // clear the token if the call fails\n clearSpringCsrfMetaTags();\n throw error;\n }\n } finally {\n CookieManager.remove(JWT_COOKIE_NAME);\n if (response && response.ok && response.redirected) {\n if (options?.onSuccess) {\n await options.onSuccess();\n }\n const toPath = normalizePath(response.url);\n const navigate = options?.navigate ?? navigateWithPageReload;\n navigate(toPath);\n }\n }\n}\n\n/**\n * It defines what to do when it detects a session is invalid. E.g.,\n * show a login view.\n * It takes an <code>EndpointCallContinue</code> parameter, which can be\n * used to continue the endpoint call.\n */\nexport type OnInvalidSessionCallback = () => Promise<LoginResult>;\n\n/**\n * A helper class for handling invalid sessions during an endpoint call.\n * E.g., you can use this to show user a login page when the session has\n * expired.\n */\nexport class InvalidSessionMiddleware implements MiddlewareClass {\n private readonly onInvalidSessionCallback: OnInvalidSessionCallback;\n\n constructor(onInvalidSessionCallback: OnInvalidSessionCallback) {\n this.onInvalidSessionCallback = onInvalidSessionCallback;\n }\n\n async invoke(context: MiddlewareContext, next: MiddlewareNext): Promise<Response> {\n const clonedContext = { ...context };\n clonedContext.request = context.request.clone();\n const response = await next(context);\n if (response.status === 401) {\n const loginResult = await this.onInvalidSessionCallback();\n if (loginResult.token) {\n clonedContext.request.headers.set(VAADIN_CSRF_HEADER, loginResult.token);\n return next(clonedContext) as Promise<Response>;\n }\n }\n return response;\n }\n}\n"],
5
- "mappings": "AACA,OAAO,mBAAmB;AAC1B,SAAS,mBAAmB,yCAAyC,0BAA0B;AAE/F,MAAM,kBAAkB;AAExB,SAAS,mCAAmC,MAAsC;AAChF,QAAM,MAAM,IAAI,UAAU,EAAE,gBAAgB,MAAM,WAAW;AAC7D,SAAO,kBAAkB,GAAG;AAC9B;AAEA,SAAS,0BAA0B;AACjC,QAAM,KAAK,SAAS,KAAK,iBAAiB,+CAA+C,CAAC,EAAE;AAAA,IAAQ,CAAC,OACnG,GAAG,OAAO;AAAA,EACZ;AACF;AAEA,SAAS,yBAAyB,gBAAwC;AACxE,0BAAwB;AACxB,QAAM,iBAAkC,SAAS,cAAc,MAAM;AACrE,iBAAe,OAAO;AACtB,iBAAe,UAAU,eAAe;AACxC,WAAS,KAAK,YAAY,cAAc;AACxC,QAAM,YAA6B,SAAS,cAAc,MAAM;AAChE,YAAU,OAAO;AACjB,YAAU,UAAU,eAAe;AACnC,WAAS,KAAK,YAAY,SAAS;AACrC;AAEA,MAAM,qCAAqC,CAAC,SAAqC;AAC/E,QAAM,QAAQ,6EAA6E,KAAK,IAAI;AACpG,SAAO,QAAQ,MAAM,CAAC,IAAI;AAC5B;AAEA,eAAe,gCAAgC,UAAiD;AAC9F,QAAM,eAAe,MAAM,SAAS,KAAK;AACzC,QAAM,QAAQ,mCAAmC,YAAY;AAC7D,QAAM,sBAAsB,mCAAmC,YAAY;AAC3E,2BAAyB,mBAAmB;AAE5C,SAAO;AACT;AAEA,eAAe,SAAS,WAAyB,SAAiC;AAChF,QAAM,WAAW,MAAM,MAAM,WAAW,EAAE,SAAS,QAAQ,OAAO,CAAC;AACnE,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,IAAI,MAAM,kCAAkC,SAAS,MAAM,EAAE;AAAA,EACrE;AAEA,QAAM,gCAAgC,QAAQ;AAE9C,SAAO;AACT;AAmDA,SAAS,cAAc,KAAqB;AAE1C,QAAM,mBAAmB,IAAI,IAAI,KAAK,SAAS,OAAO;AACtD,QAAM,mBAAmB,iBAAiB,SAAS;AAEnD,MAAI,aAAa;AAGjB,MAAI,WAAW,WAAW,iBAAiB,QAAQ,GAAG;AACpD,WAAO,IAAI,WAAW,MAAM,iBAAiB,SAAS,MAAM,CAAC;AAAA,EAC/D;AAGA,eAAa,WAAW,WAAW,gBAAgB,IAAI,IAAI,WAAW,MAAM,iBAAiB,MAAM,CAAC,KAAK;AAEzG,SAAO;AACT;AAOA,SAAS,uBAAuB,IAAY;AAE1C,QAAM,MAAM,GAAG,WAAW,GAAG,IAAI,IAAI,IAAI,IAAI,EAAE,IAAI,SAAS,OAAO,IAAI;AACvE,SAAO,SAAS,QAAQ,GAAG;AAC7B;AAQA,eAAsB,MAAM,UAAkB,UAAkB,SAA8C;AAC5G,MAAI;AACF,UAAM,OAAO,IAAI,SAAS;AAC1B,SAAK,OAAO,YAAY,QAAQ;AAChC,SAAK,OAAO,YAAY,QAAQ;AAEhC,UAAM,qBAAqB,SAAS,sBAAsB;AAC1D,UAAM,UAAU,wCAAwC,QAAQ;AAChE,YAAQ,SAAS;AACjB,UAAM,WAAW,MAAM,MAAM,oBAAoB;AAAA,MAC/C,MAAM;AAAA,MACN;AAAA,MACA,QAAQ;AAAA,IACV,CAAC;AAKD,UAAM,SAAS,SAAS,QAAQ,IAAI,QAAQ;AAC5C,UAAM,WAAW,SAAS,QAAQ,IAAI,WAAW,KAAK;AACtD,UAAM,aAAa,SAAS,QAAQ,IAAI,aAAa,KAAK;AAC1D,UAAM,kBAAkB,SAAS,MAAM,WAAW;AAElD,QAAI,iBAAiB;AACnB,YAAM,kBAAkB,SAAS,QAAQ,IAAI,aAAa,KAAK;AAE/D,YAAM,mBAAmB,SAAS,QAAQ,IAAI,oBAAoB,KAAK;AACvE,YAAM,kBAAkB,SAAS,QAAQ,IAAI,mBAAmB,KAAK;AACrE,UAAI,oBAAoB,iBAAiB;AACvC,cAAM,sBAA8C,CAAC;AACrD,4BAAoB,QAAQ;AAE5B,4BAAoB,eAAe;AACnC,iCAAyB,mBAAmB;AAAA,MAC9C;AAEA,UAAI,SAAS,WAAW;AACtB,cAAM,QAAQ,UAAU;AAAA,MAC1B;AAEA,YAAM,MAAM,YAAY,cAAc,SAAS;AAC/C,YAAM,SAAS,cAAc,GAAG;AAChC,YAAM,WAAW,SAAS,YAAY;AACtC,eAAS,MAAM;AAEf,aAAO;AAAA,QACL;AAAA,QACA,OAAO;AAAA,QACP,aAAa;AAAA,QACb,OAAO;AAAA,MACT;AAAA,IACF;AACA,WAAO;AAAA,MACL,OAAO;AAAA,MACP,cAAc;AAAA,MACd,YAAY;AAAA,IACd;AAAA,EACF,SAAS,GAAY;AACnB,QAAI,aAAa,OAAO;AACtB,aAAO;AAAA,QACL,OAAO;AAAA,QACP,cAAc,EAAE;AAAA,QAChB,YAAY,EAAE;AAAA,MAChB;AAAA,IACF;AAEA,UAAM;AAAA,EACR;AACF;AAMA,eAAsB,OAAO,SAAwC;AAEnE,QAAM,YAAY,SAAS,aAAa;AACxC,MAAI;AACJ,MAAI;AACF,UAAM,UAAU,wCAAwC,QAAQ;AAChE,eAAW,MAAM,SAAS,WAAW,OAAO;AAAA,EAC9C,QAAQ;AACN,QAAI;AACF,YAAM,kBAAkB,MAAM,MAAM,UAAU;AAC9C,YAAM,eAAe,MAAM,gBAAgB,KAAK;AAChD,YAAM,MAAM,IAAI,UAAU,EAAE,gBAAgB,cAAc,WAAW;AACrE,YAAM,UAAU,wCAAwC,GAAG;AAC3D,iBAAW,MAAM,SAAS,WAAW,OAAO;AAAA,IAC9C,SAAS,OAAO;AAEd,8BAAwB;AACxB,YAAM;AAAA,IACR;AAAA,EACF,UAAE;AACA,kBAAc,OAAO,eAAe;AACpC,QAAI,YAAY,SAAS,MAAM,SAAS,YAAY;AAClD,UAAI,SAAS,WAAW;AACtB,cAAM,QAAQ,UAAU;AAAA,MAC1B;AACA,YAAM,SAAS,cAAc,SAAS,GAAG;AACzC,YAAM,WAAW,SAAS,YAAY;AACtC,eAAS,MAAM;AAAA,IACjB;AAAA,EACF;AACF;AAeO,MAAM,yBAAoD;AAAA,EAC9C;AAAA,EAEjB,YAAY,0BAAoD;AAC9D,SAAK,2BAA2B;AAAA,EAClC;AAAA,EAEA,MAAM,OAAO,SAA4B,MAAyC;AAChF,UAAM,gBAAgB,EAAE,GAAG,QAAQ;AACnC,kBAAc,UAAU,QAAQ,QAAQ,MAAM;AAC9C,UAAM,WAAW,MAAM,KAAK,OAAO;AACnC,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAM,cAAc,MAAM,KAAK,yBAAyB;AACxD,UAAI,YAAY,OAAO;AACrB,sBAAc,QAAQ,QAAQ,IAAI,oBAAoB,YAAY,KAAK;AACvE,eAAO,KAAK,aAAa;AAAA,MAC3B;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACF;",
6
- "names": []
7
- }
1
+ {"mappings":"AACA,OAAO,uCAAwC;AAC/C,SAAS,mBAAmB,yCAAyC,0CAA2C;AAEhH,MAAM,kBAAkB;AAExB,SAAS,mCAAmCA,MAAsC;CAChF,MAAM,MAAM,IAAI,YAAY,gBAAgB,MAAM,YAAY;AAC9D,QAAO,kBAAkB,IAAI;AAC9B;AAED,SAAS,0BAA0B;AACjC,OAAM,KAAK,SAAS,KAAK,iBAAiB,oDAAgD,CAAC,CAAC,QAAQ,CAAC,OACnG,GAAG,QAAQ,CACZ;AACF;AAED,SAAS,yBAAyBC,gBAAwC;AACxE,0BAAyB;CACzB,MAAMC,iBAAkC,SAAS,cAAc,OAAO;AACtE,gBAAe,OAAO;AACtB,gBAAe,UAAU,eAAe;AACxC,UAAS,KAAK,YAAY,eAAe;CACzC,MAAMC,YAA6B,SAAS,cAAc,OAAO;AACjE,WAAU,OAAO;AACjB,WAAU,UAAU,eAAe;AACnC,UAAS,KAAK,YAAY,UAAU;AACrC;AAED,MAAM,qCAAqC,CAACH,SAAqC;CAC/E,MAAM,QAAQ,6EAA6E,KAAK,KAAK;AACrG,QAAO,QAAQ,MAAM,KAAK;AAC3B;AAED,eAAe,gCAAgCI,UAAiD;CAC9F,MAAM,eAAe,MAAM,SAAS,MAAM;CAC1C,MAAM,QAAQ,mCAAmC,aAAa;CAC9D,MAAM,sBAAsB,mCAAmC,aAAa;AAC5E,0BAAyB,oBAAoB;AAE7C,QAAO;AACR;AAED,eAAe,SAASC,WAAyBC,SAAiC;CAChF,MAAM,WAAW,MAAM,MAAM,WAAW;EAAE;EAAS,QAAQ;CAAQ,EAAC;AACpE,MAAK,SAAS,IAAI;AAChB,QAAM,IAAI,OAAO,iCAAiC,SAAS,OAAO;CACnE;AAED,OAAM,gCAAgC,SAAS;AAE/C,QAAO;AACR;AAmDD,SAAS,cAAcC,KAAqB;CAE1C,MAAM,mBAAmB,IAAI,IAAI,KAAK,SAAS;CAC/C,MAAM,mBAAmB,iBAAiB,UAAU;CAEpD,IAAI,aAAa;AAGjB,KAAI,WAAW,WAAW,iBAAiB,SAAS,EAAE;AACpD,UAAQ,GAAG,WAAW,MAAM,iBAAiB,SAAS,OAAO,CAAC;CAC/D;AAGD,cAAa,WAAW,WAAW,iBAAiB,IAAI,GAAG,WAAW,MAAM,iBAAiB,OAAO,CAAC,IAAI;AAEzG,QAAO;AACR;;;;;;AAOD,SAAS,uBAAuBC,IAAY;CAE1C,MAAM,MAAM,GAAG,WAAW,IAAI,GAAG,IAAI,KAAK,GAAG,GAAG,GAAG,SAAS,WAAW;AACvE,QAAO,SAAS,QAAQ,IAAI;AAC7B;;;;;;;AAQD,OAAO,eAAe,MAAMC,UAAkBC,UAAkBC,SAA8C;AAC5G,KAAI;EACF,MAAM,OAAO,IAAI;AACjB,OAAK,OAAO,YAAY,SAAS;AACjC,OAAK,OAAO,YAAY,SAAS;EAEjC,MAAM,qBAAqB,SAAS,sBAAsB;EAC1D,MAAM,UAAU,wCAAwC,SAAS;AACjE,UAAQ,SAAS;EACjB,MAAM,WAAW,MAAM,MAAM,oBAAoB;GAC/C,MAAM;GACN;GACA,QAAQ;EACT,EAAC;EAKF,MAAM,SAAS,SAAS,QAAQ,IAAI,SAAS;EAC7C,MAAM,WAAW,SAAS,QAAQ,IAAI,YAAY,IAAI;EACtD,MAAM,aAAa,SAAS,QAAQ,IAAI,cAAc,IAAI;EAC1D,MAAM,kBAAkB,SAAS,MAAM,WAAW;AAElD,MAAI,iBAAiB;GACnB,MAAM,kBAAkB,SAAS,QAAQ,IAAI,cAAc,IAAI;GAE/D,MAAM,mBAAmB,SAAS,QAAQ,IAAI,qBAAqB,IAAI;GACvE,MAAM,kBAAkB,SAAS,QAAQ,IAAI,oBAAoB,IAAI;AACrE,OAAI,oBAAoB,iBAAiB;IACvC,MAAMC,sBAA8C,CAAE;AACtD,wBAAoB,QAAQ;AAE5B,wBAAoB,eAAe;AACnC,6BAAyB,oBAAoB;GAC9C;AAED,OAAI,SAAS,WAAW;AACtB,UAAM,QAAQ,WAAW;GAC1B;GAED,MAAM,MAAM,YAAY,cAAc,SAAS;GAC/C,MAAM,SAAS,cAAc,IAAI;GACjC,MAAM,WAAW,SAAS,YAAY;AACtC,YAAS,OAAO;AAEhB,UAAO;IACL;IACA,OAAO;IACP,aAAa;IACb,OAAO;GACR;EACF;AACD,SAAO;GACL,OAAO;GACP,cAAc;GACd,YAAY;EACb;CACF,SAAQC,GAAY;AACnB,MAAI,aAAa,OAAO;AACtB,UAAO;IACL,OAAO;IACP,cAAc,EAAE;IAChB,YAAY,EAAE;GACf;EACF;AAED,QAAM;CACP;AACF;;;;;AAMD,OAAO,eAAe,OAAOC,SAAwC;CAEnE,MAAM,YAAY,SAAS,aAAa;CACxC,IAAIC;AACJ,KAAI;EACF,MAAM,UAAU,wCAAwC,SAAS;AACjE,aAAW,MAAM,SAAS,WAAW,QAAQ;CAC9C,QAAO;AACN,MAAI;GACF,MAAM,kBAAkB,MAAM,MAAM,WAAW;GAC/C,MAAM,eAAe,MAAM,gBAAgB,MAAM;GACjD,MAAM,MAAM,IAAI,YAAY,gBAAgB,cAAc,YAAY;GACtE,MAAM,UAAU,wCAAwC,IAAI;AAC5D,cAAW,MAAM,SAAS,WAAW,QAAQ;EAC9C,SAAQ,OAAO;AAEd,4BAAyB;AACzB,SAAM;EACP;CACF,UAAS;AACR,gBAAc,OAAO,gBAAgB;AACrC,MAAI,YAAY,SAAS,MAAM,SAAS,YAAY;AAClD,OAAI,SAAS,WAAW;AACtB,UAAM,QAAQ,WAAW;GAC1B;GACD,MAAM,SAAS,cAAc,SAAS,IAAI;GAC1C,MAAM,WAAW,SAAS,YAAY;AACtC,YAAS,OAAO;EACjB;CACF;AACF;;;;;;AAeD,OAAO,MAAM,yBAAoD;CAC/D,AAAiB;CAEjB,YAAYC,0BAAoD;AAC9D,OAAK,2BAA2B;CACjC;CAED,MAAM,OAAOC,SAA4BC,MAAyC;EAChF,MAAM,gBAAgB,EAAE,GAAG,QAAS;AACpC,gBAAc,UAAU,QAAQ,QAAQ,OAAO;EAC/C,MAAM,WAAW,MAAM,KAAK,QAAQ;AACpC,MAAI,SAAS,WAAW,KAAK;GAC3B,MAAM,cAAc,MAAM,KAAK,0BAA0B;AACzD,OAAI,YAAY,OAAO;AACrB,kBAAc,QAAQ,QAAQ,IAAI,oBAAoB,YAAY,MAAM;AACxE,WAAO,KAAK,cAAc;GAC3B;EACF;AACD,SAAO;CACR;AACF","names":["body: string","springCsrfInfo: Record<string, string>","headerNameMeta: HTMLMetaElement","tokenMeta: HTMLMetaElement","response: Response","logoutUrl: URL | string","headers: Record<string, string>","url: string","to: string","username: string","password: string","options?: LoginOptions","springCsrfTokenInfo: Record<string, string>","e: unknown","options?: LogoutOptions","response: Response | undefined","onInvalidSessionCallback: OnInvalidSessionCallback","context: MiddlewareContext","next: MiddlewareNext"],"sources":["/opt/agent/work/1af72d8adc613024/hilla/packages/ts/frontend/src/Authentication.ts"],"sourcesContent":["import type { MiddlewareClass, MiddlewareContext, MiddlewareNext } from './Connect.js';\nimport CookieManager from './CookieManager.js';\nimport { getSpringCsrfInfo, getSpringCsrfTokenHeadersForAuthRequest, VAADIN_CSRF_HEADER } from './CsrfUtils.js';\n\nconst JWT_COOKIE_NAME = 'jwt.headerAndPayload';\n\nfunction getSpringCsrfTokenFromResponseBody(body: string): Record<string, string> {\n const doc = new DOMParser().parseFromString(body, 'text/html');\n return getSpringCsrfInfo(doc);\n}\n\nfunction clearSpringCsrfMetaTags() {\n Array.from(document.head.querySelectorAll('meta[name=\"_csrf\"], meta[name=\"_csrf_header\"]')).forEach((el) =>\n el.remove(),\n );\n}\n\nfunction updateSpringCsrfMetaTags(springCsrfInfo: Record<string, string>) {\n clearSpringCsrfMetaTags();\n const headerNameMeta: HTMLMetaElement = document.createElement('meta');\n headerNameMeta.name = '_csrf_header';\n headerNameMeta.content = springCsrfInfo._csrf_header;\n document.head.appendChild(headerNameMeta);\n const tokenMeta: HTMLMetaElement = document.createElement('meta');\n tokenMeta.name = '_csrf';\n tokenMeta.content = springCsrfInfo._csrf;\n document.head.appendChild(tokenMeta);\n}\n\nconst getVaadinCsrfTokenFromResponseBody = (body: string): string | undefined => {\n const match = /window\\.Vaadin = \\{TypeScript: \\{\"csrfToken\":\"([0-9a-zA-Z\\\\-]{36})\"\\}\\};/iu.exec(body);\n return match ? match[1] : undefined;\n};\n\nasync function updateCsrfTokensBasedOnResponse(response: Response): Promise<string | undefined> {\n const responseText = await response.text();\n const token = getVaadinCsrfTokenFromResponseBody(responseText);\n const springCsrfTokenInfo = getSpringCsrfTokenFromResponseBody(responseText);\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n\n return token;\n}\n\nasync function doLogout(logoutUrl: URL | string, headers: Record<string, string>) {\n const response = await fetch(logoutUrl, { headers, method: 'POST' });\n if (!response.ok) {\n throw new Error(`failed to logout with response ${response.status}`);\n }\n\n await updateCsrfTokensBasedOnResponse(response);\n\n return response;\n}\n\nexport interface LoginResult {\n error: boolean;\n token?: string;\n errorTitle?: string;\n errorMessage?: string;\n redirectUrl?: string;\n defaultUrl?: string;\n}\n\nexport type SuccessCallback = () => Promise<void> | void;\n\nexport type NavigateFunction = (path: string) => void;\n\nexport interface LoginOptions {\n /**\n * The URL for login request, defaults to `/login`.\n */\n loginProcessingUrl?: URL | string;\n\n /**\n * The success callback.\n */\n onSuccess?: SuccessCallback;\n\n /**\n * The navigation callback, called after successful login. The default\n * reloads the page.\n */\n navigate?: NavigateFunction;\n}\n\nexport interface LogoutOptions {\n /**\n * The URL for logout request, defaults to `/logout`.\n */\n logoutUrl?: URL | string;\n\n /**\n * The success callback.\n */\n onSuccess?: SuccessCallback;\n\n /**\n * The navigation callback, called after successful logout. The default\n * reloads the page.\n */\n navigate?: NavigateFunction;\n}\n\nfunction normalizePath(url: string): string {\n // URL with context path\n const effectiveBaseURL = new URL('.', document.baseURI);\n const effectiveBaseURI = effectiveBaseURL.toString();\n\n let normalized = url;\n\n // Strip context path prefix\n if (normalized.startsWith(effectiveBaseURL.pathname)) {\n return `/${normalized.slice(effectiveBaseURL.pathname.length)}`;\n }\n\n // Strip base URI\n normalized = normalized.startsWith(effectiveBaseURI) ? `/${normalized.slice(effectiveBaseURI.length)}` : normalized;\n\n return normalized;\n}\n\n/**\n * Navigates to the provided path using page reload.\n *\n * @param to - navigation target path\n */\nfunction navigateWithPageReload(to: string) {\n // Consider absolute path to be within application context\n const url = to.startsWith('/') ? new URL(`.${to}`, document.baseURI) : to;\n window.location.replace(url);\n}\n\n/**\n * A helper method for Spring Security based form login.\n * @param username - username\n * @param password - password\n * @param options - defines additional options, e.g, the loginProcessingUrl etc.\n */\nexport async function login(username: string, password: string, options?: LoginOptions): Promise<LoginResult> {\n try {\n const data = new FormData();\n data.append('username', username);\n data.append('password', password);\n\n const loginProcessingUrl = options?.loginProcessingUrl ?? 'login';\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n headers.source = 'typescript';\n const response = await fetch(loginProcessingUrl, {\n body: data,\n headers,\n method: 'POST',\n });\n\n // This code assumes that a VaadinSavedRequestAwareAuthenticationSuccessHandler is used on the server side,\n // setting these header values based on the \"source=typescript\" header set above\n\n const result = response.headers.get('Result');\n const savedUrl = response.headers.get('Saved-url') ?? undefined;\n const defaultUrl = response.headers.get('Default-url') ?? undefined;\n const loginSuccessful = response.ok && result === 'success';\n\n if (loginSuccessful) {\n const vaadinCsrfToken = response.headers.get('Vaadin-CSRF') ?? undefined;\n\n const springCsrfHeader = response.headers.get('Spring-CSRF-header') ?? undefined;\n const springCsrfToken = response.headers.get('Spring-CSRF-token') ?? undefined;\n if (springCsrfHeader && springCsrfToken) {\n const springCsrfTokenInfo: Record<string, string> = {};\n springCsrfTokenInfo._csrf = springCsrfToken;\n // eslint-disable-next-line camelcase\n springCsrfTokenInfo._csrf_header = springCsrfHeader;\n updateSpringCsrfMetaTags(springCsrfTokenInfo);\n }\n\n if (options?.onSuccess) {\n await options.onSuccess();\n }\n\n const url = savedUrl ?? defaultUrl ?? document.baseURI;\n const toPath = normalizePath(url);\n const navigate = options?.navigate ?? navigateWithPageReload;\n navigate(toPath);\n\n return {\n defaultUrl,\n error: false,\n redirectUrl: savedUrl,\n token: vaadinCsrfToken,\n };\n }\n return {\n error: true,\n errorMessage: 'Check that you have entered the correct username and password and try again.',\n errorTitle: 'Incorrect username or password.',\n };\n } catch (e: unknown) {\n if (e instanceof Error) {\n return {\n error: true,\n errorMessage: e.message,\n errorTitle: e.name,\n };\n }\n\n throw e;\n }\n}\n\n/**\n * A helper method for Spring Security based form logout\n * @param options - defines additional options, e.g, the logoutUrl.\n */\nexport async function logout(options?: LogoutOptions): Promise<void> {\n // this assumes the default Spring Security logout configuration (handler URL)\n const logoutUrl = options?.logoutUrl ?? 'logout';\n let response: Response | undefined;\n try {\n const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n response = await doLogout(logoutUrl, headers);\n } catch {\n try {\n const noCacheResponse = await fetch('?nocache');\n const responseText = await noCacheResponse.text();\n const doc = new DOMParser().parseFromString(responseText, 'text/html');\n const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);\n response = await doLogout(logoutUrl, headers);\n } catch (error) {\n // clear the token if the call fails\n clearSpringCsrfMetaTags();\n throw error;\n }\n } finally {\n CookieManager.remove(JWT_COOKIE_NAME);\n if (response && response.ok && response.redirected) {\n if (options?.onSuccess) {\n await options.onSuccess();\n }\n const toPath = normalizePath(response.url);\n const navigate = options?.navigate ?? navigateWithPageReload;\n navigate(toPath);\n }\n }\n}\n\n/**\n * It defines what to do when it detects a session is invalid. E.g.,\n * show a login view.\n * It takes an <code>EndpointCallContinue</code> parameter, which can be\n * used to continue the endpoint call.\n */\nexport type OnInvalidSessionCallback = () => Promise<LoginResult>;\n\n/**\n * A helper class for handling invalid sessions during an endpoint call.\n * E.g., you can use this to show user a login page when the session has\n * expired.\n */\nexport class InvalidSessionMiddleware implements MiddlewareClass {\n private readonly onInvalidSessionCallback: OnInvalidSessionCallback;\n\n constructor(onInvalidSessionCallback: OnInvalidSessionCallback) {\n this.onInvalidSessionCallback = onInvalidSessionCallback;\n }\n\n async invoke(context: MiddlewareContext, next: MiddlewareNext): Promise<Response> {\n const clonedContext = { ...context };\n clonedContext.request = context.request.clone();\n const response = await next(context);\n if (response.status === 401) {\n const loginResult = await this.onInvalidSessionCallback();\n if (loginResult.token) {\n clonedContext.request.headers.set(VAADIN_CSRF_HEADER, loginResult.token);\n return next(clonedContext) as Promise<Response>;\n }\n }\n return response;\n }\n}\n"],"version":3}