@vaadin/hilla-frontend 24.8.0-alpha7 → 24.8.0-alpha8

package/Authentication.js

@@ -41,7 +41,7 @@ async function doFetchLogout(logoutUrl, headers) {
 	await updateCsrfTokensBasedOnResponse(response);
 	return response;
 }
-function doFormLogout(url, parameters) {
+async function doFormLogout(url, parameters) {
 	const logoutUrl = typeof url === "string" ? url : url.toString();
 	const form = document.createElement("form");
 	form.setAttribute("method", "POST");
@@ -55,17 +55,22 @@ function doFormLogout(url, parameters) {
 		form.appendChild(input);
 	}
 	document.body.appendChild(form);
-	form.submit();
+	return new Promise((_, reject) => {
+		setTimeout(() => {
+			reject(new Error("Form submission did not navigate away after 10 seconds."));
+		}, 1e4);
+		form.submit();
+	});
 }
 async function doLogout(doc, options) {
 	const shouldSubmitFormLogout = !options?.navigate && !options?.onSuccess;
 	const logoutUrl = options?.logoutUrl ?? "logout";
 	if (shouldSubmitFormLogout) {
 		const parameters = getSpringCsrfTokenParametersForAuthRequest(doc);
-		doFormLogout(logoutUrl, parameters);
-		return new Response(undefined, {
-			status: 200,
-			statusText: "OK"
+		await doFormLogout(logoutUrl, parameters);
+		return new Response(null, {
+			status: 500,
+			statusText: "Form submission did not navigate away."
 		});
 	}
 	const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);

package/Authentication.js.map

@@ -1 +1 @@
-{"mappings":"AACA,OAAO,uCAAwC;AAC/C,SACE,mBACA,yCACA,4CACA,0CACsB;AAExB,MAAM,kBAAkB;AAExB,SAAS,mCAAmCA,MAAsC;CAChF,MAAM,MAAM,IAAI,YAAY,gBAAgB,MAAM,YAAY;AAC9D,QAAO,kBAAkB,IAAI;AAC9B;AAED,SAAS,0BAA0B;AACjC,OAAM,KACJ,SAAS,KAAK,iBAAiB,oFAA8E,CAC9G,CAAC,QAAQ,CAAC,OAAO,GAAG,QAAQ,CAAC;AAC/B;AAED,SAAS,yBAAyBC,gBAAwC;AACxE,0BAAyB;CACzB,MAAMC,iBAAkC,SAAS,cAAc,OAAO;AACtE,gBAAe,OAAO;AACtB,gBAAe,UAAU,eAAe;AACxC,UAAS,KAAK,YAAY,eAAe;CACzC,MAAMC,YAA6B,SAAS,cAAc,OAAO;AACjE,WAAU,OAAO;AACjB,WAAU,UAAU,eAAe;AACnC,UAAS,KAAK,YAAY,UAAU;AACrC;AAED,MAAM,qCAAqC,CAACH,SAAqC;CAC/E,MAAM,QAAQ,6EAA6E,KAAK,KAAK;AACrG,QAAO,QAAQ,MAAM,KAAK;AAC3B;AAED,eAAe,gCAAgCI,UAAiD;CAC9F,MAAM,eAAe,MAAM,SAAS,MAAM;CAC1C,MAAM,QAAQ,mCAAmC,aAAa;CAC9D,MAAM,sBAAsB,mCAAmC,aAAa;AAC5E,0BAAyB,oBAAoB;AAE7C,QAAO;AACR;AAED,eAAe,cAAcC,WAAyBC,SAAiC;CACrF,MAAM,WAAW,MAAM,MAAM,WAAW;EAAE;EAAS,QAAQ;CAAQ,EAAC;AACpE,MAAK,SAAS,IAAI;AAChB,QAAM,IAAI,OAAO,iCAAiC,SAAS,OAAO;CACnE;AAED,OAAM,gCAAgC,SAAS;AAE/C,QAAO;AACR;AAED,SAAS,aAAaC,KAAmBC,YAAoC;CAC3E,MAAM,mBAAmB,QAAQ,WAAW,MAAM,IAAI,UAAU;CAGhE,MAAM,OAAO,SAAS,cAAc,OAAO;AAC3C,MAAK,aAAa,UAAU,OAAO;AACnC,MAAK,aAAa,UAAU,UAAU;AACtC,MAAK,MAAM,UAAU;AAGrB,MAAK,MAAM,CAAC,MAAM,MAAM,IAAI,OAAO,QAAQ,WAAW,EAAE;EACtD,MAAM,QAAQ,SAAS,cAAc,QAAQ;AAC7C,QAAM,aAAa,QAAQ,SAAS;AACpC,QAAM,aAAa,QAAQ,KAAK;AAChC,QAAM,aAAa,SAAS,MAAM;AAElC,OAAK,YAAY,MAAM;CACxB;AAGD,UAAS,KAAK,YAAY,KAAK;AAC/B,MAAK,QAAQ;AACd;AAED,eAAe,SAASC,KAAeC,SAA4C;CAGjF,MAAM,0BAA0B,SAAS,aAAa,SAAS;CAE/D,MAAM,YAAY,SAAS,aAAa;AACxC,KAAI,wBAAwB;EAC1B,MAAM,aAAa,2CAA2C,IAAI;AAClE,eAAa,WAAW,WAAW;AACnC,SAAO,IAAI,SAAS,WAAW;GAAE,QAAQ;GAAK,YAAY;EAAM;CACjE;CACD,MAAM,UAAU,wCAAwC,IAAI;AAC5D,QAAO,MAAM,cAAc,WAAW,QAAQ;AAC/C;AAmDD,SAAS,cAAcC,KAAqB;CAE1C,MAAM,mBAAmB,IAAI,IAAI,KAAK,SAAS;CAC/C,MAAM,mBAAmB,iBAAiB,UAAU;CAEpD,IAAI,aAAa;AAGjB,KAAI,WAAW,WAAW,iBAAiB,SAAS,EAAE;AACpD,UAAQ,GAAG,WAAW,MAAM,iBAAiB,SAAS,OAAO,CAAC;CAC/D;AAGD,cAAa,WAAW,WAAW,iBAAiB,IAAI,GAAG,WAAW,MAAM,iBAAiB,OAAO,CAAC,IAAI;AAEzG,QAAO;AACR;;;;;;AAOD,SAAS,uBAAuBC,IAAY;CAE1C,MAAM,MAAM,GAAG,WAAW,IAAI,GAAG,IAAI,KAAK,GAAG,GAAG,GAAG,SAAS,WAAW;AACvE,QAAO,SAAS,QAAQ,IAAI;AAC7B;;;;;;;AAQD,OAAO,eAAe,MAAMC,UAAkBC,UAAkBC,SAA8C;AAC5G,KAAI;EACF,MAAM,OAAO,IAAI;AACjB,OAAK,OAAO,YAAY,SAAS;AACjC,OAAK,OAAO,YAAY,SAAS;EAEjC,MAAM,qBAAqB,SAAS,sBAAsB;EAC1D,MAAM,UAAU,wCAAwC,SAAS;AACjE,UAAQ,SAAS;EACjB,MAAM,WAAW,MAAM,MAAM,oBAAoB;GAC/C,MAAM;GACN;GACA,QAAQ;EACT,EAAC;EAKF,MAAM,SAAS,SAAS,QAAQ,IAAI,SAAS;EAC7C,MAAM,WAAW,SAAS,QAAQ,IAAI,YAAY,IAAI;EACtD,MAAM,aAAa,SAAS,QAAQ,IAAI,cAAc,IAAI;EAC1D,MAAM,kBAAkB,SAAS,MAAM,WAAW;AAElD,MAAI,iBAAiB;GACnB,MAAM,kBAAkB,SAAS,QAAQ,IAAI,cAAc,IAAI;GAE/D,MAAM,mBAAmB,SAAS,QAAQ,IAAI,qBAAqB,IAAI;GACvE,MAAM,kBAAkB,SAAS,QAAQ,IAAI,oBAAoB,IAAI;AACrE,OAAI,oBAAoB,iBAAiB;IACvC,MAAMC,sBAA8C,CAAE;AACtD,wBAAoB,QAAQ;AAE5B,wBAAoB,eAAe;AACnC,6BAAyB,oBAAoB;GAC9C;AAED,OAAI,SAAS,WAAW;AACtB,UAAM,QAAQ,WAAW;GAC1B;GAED,MAAM,MAAM,YAAY,cAAc,SAAS;GAC/C,MAAM,SAAS,cAAc,IAAI;GACjC,MAAM,WAAW,SAAS,YAAY;AACtC,YAAS,OAAO;AAEhB,UAAO;IACL;IACA,OAAO;IACP,aAAa;IACb,OAAO;GACR;EACF;AACD,SAAO;GACL,OAAO;GACP,cAAc;GACd,YAAY;EACb;CACF,SAAQC,GAAY;AACnB,MAAI,aAAa,OAAO;AACtB,UAAO;IACL,OAAO;IACP,cAAc,EAAE;IAChB,YAAY,EAAE;GACf;EACF;AAED,QAAM;CACP;AACF;;;;;AAMD,OAAO,eAAe,OAAOP,SAAwC;CACnE,IAAIQ;AACJ,KAAI;AACF,aAAW,MAAM,SAAS,UAAU,QAAQ;CAC7C,QAAO;AACN,MAAI;GACF,MAAM,kBAAkB,MAAM,MAAM,WAAW;GAC/C,MAAM,eAAe,MAAM,gBAAgB,MAAM;GACjD,MAAM,MAAM,IAAI,YAAY,gBAAgB,cAAc,YAAY;AACtE,cAAW,MAAM,SAAS,KAAK,QAAQ;EACxC,SAAQ,OAAO;AAEd,4BAAyB;AACzB,SAAM;EACP;CACF,UAAS;AACR,gBAAc,OAAO,gBAAgB;AACrC,MAAI,YAAY,SAAS,MAAM,SAAS,YAAY;AAClD,OAAI,SAAS,WAAW;AACtB,UAAM,QAAQ,WAAW;GAC1B;GACD,MAAM,SAAS,cAAc,SAAS,IAAI;GAC1C,MAAM,WAAW,SAAS,YAAY;AACtC,YAAS,OAAO;EACjB;CACF;AACF;;;;;;AAeD,OAAO,MAAM,yBAAoD;CAC/D,AAAiB;CAEjB,YAAYC,0BAAoD;AAC9D,OAAK,2BAA2B;CACjC;CAED,MAAM,OAAOC,SAA4BC,MAAyC;EAChF,MAAM,gBAAgB,EAAE,GAAG,QAAS;AACpC,gBAAc,UAAU,QAAQ,QAAQ,OAAO;EAC/C,MAAM,WAAW,MAAM,KAAK,QAAQ;AACpC,MAAI,SAAS,WAAW,KAAK;GAC3B,MAAM,cAAc,MAAM,KAAK,0BAA0B;AACzD,OAAI,YAAY,OAAO;AACrB,kBAAc,QAAQ,QAAQ,IAAI,oBAAoB,YAAY,MAAM;AACxE,WAAO,KAAK,cAAc;GAC3B;EACF;AACD,SAAO;CACR;AACF","names":["body: string","springCsrfInfo: Record<string, string>","headerNameMeta: HTMLMetaElement","tokenMeta: HTMLMetaElement","response: Response","logoutUrl: URL | string","headers: Record<string, string>","url: URL | string","parameters: Record<string, string>","doc: Document","options?: LogoutOptions","url: string","to: string","username: string","password: string","options?: LoginOptions","springCsrfTokenInfo: Record<string, string>","e: unknown","response: Response | undefined","onInvalidSessionCallback: OnInvalidSessionCallback","context: MiddlewareContext","next: MiddlewareNext"],"sources":["/opt/agent/work/1af72d8adc613024/hilla/packages/ts/frontend/src/Authentication.ts"],"sourcesContent":["import type { MiddlewareClass, MiddlewareContext, MiddlewareNext } from './Connect.js';\nimport CookieManager from './CookieManager.js';\nimport {\n  getSpringCsrfInfo,\n  getSpringCsrfTokenHeadersForAuthRequest,\n  getSpringCsrfTokenParametersForAuthRequest,\n  VAADIN_CSRF_HEADER,\n} from './CsrfUtils.js';\n\nconst JWT_COOKIE_NAME = 'jwt.headerAndPayload';\n\nfunction getSpringCsrfTokenFromResponseBody(body: string): Record<string, string> {\n  const doc = new DOMParser().parseFromString(body, 'text/html');\n  return getSpringCsrfInfo(doc);\n}\n\nfunction clearSpringCsrfMetaTags() {\n  Array.from(\n    document.head.querySelectorAll('meta[name=\"_csrf\"], meta[name=\"_csrf_header\"], meta[name=\"_csrf_parameter\"]'),\n  ).forEach((el) => el.remove());\n}\n\nfunction updateSpringCsrfMetaTags(springCsrfInfo: Record<string, string>) {\n  clearSpringCsrfMetaTags();\n  const headerNameMeta: HTMLMetaElement = document.createElement('meta');\n  headerNameMeta.name = '_csrf_header';\n  headerNameMeta.content = springCsrfInfo._csrf_header;\n  document.head.appendChild(headerNameMeta);\n  const tokenMeta: HTMLMetaElement = document.createElement('meta');\n  tokenMeta.name = '_csrf';\n  tokenMeta.content = springCsrfInfo._csrf;\n  document.head.appendChild(tokenMeta);\n}\n\nconst getVaadinCsrfTokenFromResponseBody = (body: string): string | undefined => {\n  const match = /window\\.Vaadin = \\{TypeScript: \\{\"csrfToken\":\"([0-9a-zA-Z\\\\-]{36})\"\\}\\};/iu.exec(body);\n  return match ? match[1] : undefined;\n};\n\nasync function updateCsrfTokensBasedOnResponse(response: Response): Promise<string | undefined> {\n  const responseText = await response.text();\n  const token = getVaadinCsrfTokenFromResponseBody(responseText);\n  const springCsrfTokenInfo = getSpringCsrfTokenFromResponseBody(responseText);\n  updateSpringCsrfMetaTags(springCsrfTokenInfo);\n\n  return token;\n}\n\nasync function doFetchLogout(logoutUrl: URL | string, headers: Record<string, string>) {\n  const response = await fetch(logoutUrl, { headers, method: 'POST' });\n  if (!response.ok) {\n    throw new Error(`failed to logout with response ${response.status}`);\n  }\n\n  await updateCsrfTokensBasedOnResponse(response);\n\n  return response;\n}\n\nfunction doFormLogout(url: URL | string, parameters: Record<string, string>) {\n  const logoutUrl = typeof url === 'string' ? url : url.toString();\n\n  // Create form to send POST request\n  const form = document.createElement('form');\n  form.setAttribute('method', 'POST');\n  form.setAttribute('action', logoutUrl);\n  form.style.display = 'none';\n\n  // Add data to form as hidden input fields\n  for (const [name, value] of Object.entries(parameters)) {\n    const input = document.createElement('input');\n    input.setAttribute('type', 'hidden');\n    input.setAttribute('name', name);\n    input.setAttribute('value', value);\n\n    form.appendChild(input);\n  }\n\n  // Append form to page and submit it to perform logout and redirect\n  document.body.appendChild(form);\n  form.submit();\n}\n\nasync function doLogout(doc: Document, options?: LogoutOptions): Promise<Response> {\n  // performing fetch logout only makes sense if at least one of the 'navigate'\n  // or 'onSuccess' is defined, otherwise we can just do a form logout:\n  const shouldSubmitFormLogout = !options?.navigate && !options?.onSuccess;\n  // this assumes the default Spring Security logout configuration (handler URL)\n  const logoutUrl = options?.logoutUrl ?? 'logout';\n  if (shouldSubmitFormLogout) {\n    const parameters = getSpringCsrfTokenParametersForAuthRequest(doc);\n    doFormLogout(logoutUrl, parameters);\n    return new Response(undefined, { status: 200, statusText: 'OK' } as ResponseInit);\n  }\n  const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);\n  return await doFetchLogout(logoutUrl, headers);\n}\n\nexport interface LoginResult {\n  error: boolean;\n  token?: string;\n  errorTitle?: string;\n  errorMessage?: string;\n  redirectUrl?: string;\n  defaultUrl?: string;\n}\n\nexport type SuccessCallback = () => Promise<void> | void;\n\nexport type NavigateFunction = (path: string) => void;\n\nexport interface LoginOptions {\n  /**\n   * The URL for login request, defaults to `/login`.\n   */\n  loginProcessingUrl?: URL | string;\n\n  /**\n   * The success callback.\n   */\n  onSuccess?: SuccessCallback;\n\n  /**\n   * The navigation callback, called after successful login. The default\n   * reloads the page.\n   */\n  navigate?: NavigateFunction;\n}\n\nexport interface LogoutOptions {\n  /**\n   * The URL for logout request, defaults to `/logout`.\n   */\n  logoutUrl?: URL | string;\n\n  /**\n   * The success callback.\n   */\n  onSuccess?: SuccessCallback;\n\n  /**\n   * The navigation callback, called after successful logout. The default\n   * reloads the page.\n   */\n  navigate?: NavigateFunction;\n}\n\nfunction normalizePath(url: string): string {\n  // URL with context path\n  const effectiveBaseURL = new URL('.', document.baseURI);\n  const effectiveBaseURI = effectiveBaseURL.toString();\n\n  let normalized = url;\n\n  // Strip context path prefix\n  if (normalized.startsWith(effectiveBaseURL.pathname)) {\n    return `/${normalized.slice(effectiveBaseURL.pathname.length)}`;\n  }\n\n  // Strip base URI\n  normalized = normalized.startsWith(effectiveBaseURI) ? `/${normalized.slice(effectiveBaseURI.length)}` : normalized;\n\n  return normalized;\n}\n\n/**\n * Navigates to the provided path using page reload.\n *\n * @param to - navigation target path\n */\nfunction navigateWithPageReload(to: string) {\n  // Consider absolute path to be within application context\n  const url = to.startsWith('/') ? new URL(`.${to}`, document.baseURI) : to;\n  window.location.replace(url);\n}\n\n/**\n * A helper method for Spring Security based form login.\n * @param username - username\n * @param password - password\n * @param options - defines additional options, e.g, the loginProcessingUrl etc.\n */\nexport async function login(username: string, password: string, options?: LoginOptions): Promise<LoginResult> {\n  try {\n    const data = new FormData();\n    data.append('username', username);\n    data.append('password', password);\n\n    const loginProcessingUrl = options?.loginProcessingUrl ?? 'login';\n    const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n    headers.source = 'typescript';\n    const response = await fetch(loginProcessingUrl, {\n      body: data,\n      headers,\n      method: 'POST',\n    });\n\n    // This code assumes that a VaadinSavedRequestAwareAuthenticationSuccessHandler is used on the server side,\n    // setting these header values based on the \"source=typescript\" header set above\n\n    const result = response.headers.get('Result');\n    const savedUrl = response.headers.get('Saved-url') ?? undefined;\n    const defaultUrl = response.headers.get('Default-url') ?? undefined;\n    const loginSuccessful = response.ok && result === 'success';\n\n    if (loginSuccessful) {\n      const vaadinCsrfToken = response.headers.get('Vaadin-CSRF') ?? undefined;\n\n      const springCsrfHeader = response.headers.get('Spring-CSRF-header') ?? undefined;\n      const springCsrfToken = response.headers.get('Spring-CSRF-token') ?? undefined;\n      if (springCsrfHeader && springCsrfToken) {\n        const springCsrfTokenInfo: Record<string, string> = {};\n        springCsrfTokenInfo._csrf = springCsrfToken;\n        // eslint-disable-next-line camelcase\n        springCsrfTokenInfo._csrf_header = springCsrfHeader;\n        updateSpringCsrfMetaTags(springCsrfTokenInfo);\n      }\n\n      if (options?.onSuccess) {\n        await options.onSuccess();\n      }\n\n      const url = savedUrl ?? defaultUrl ?? document.baseURI;\n      const toPath = normalizePath(url);\n      const navigate = options?.navigate ?? navigateWithPageReload;\n      navigate(toPath);\n\n      return {\n        defaultUrl,\n        error: false,\n        redirectUrl: savedUrl,\n        token: vaadinCsrfToken,\n      };\n    }\n    return {\n      error: true,\n      errorMessage: 'Check that you have entered the correct username and password and try again.',\n      errorTitle: 'Incorrect username or password.',\n    };\n  } catch (e: unknown) {\n    if (e instanceof Error) {\n      return {\n        error: true,\n        errorMessage: e.message,\n        errorTitle: e.name,\n      };\n    }\n\n    throw e;\n  }\n}\n\n/**\n * A helper method for Spring Security based form logout\n * @param options - defines additional options, e.g, the logoutUrl.\n */\nexport async function logout(options?: LogoutOptions): Promise<void> {\n  let response: Response | undefined;\n  try {\n    response = await doLogout(document, options);\n  } catch {\n    try {\n      const noCacheResponse = await fetch('?nocache');\n      const responseText = await noCacheResponse.text();\n      const doc = new DOMParser().parseFromString(responseText, 'text/html');\n      response = await doLogout(doc, options);\n    } catch (error) {\n      // clear the token if the call fails\n      clearSpringCsrfMetaTags();\n      throw error;\n    }\n  } finally {\n    CookieManager.remove(JWT_COOKIE_NAME);\n    if (response && response.ok && response.redirected) {\n      if (options?.onSuccess) {\n        await options.onSuccess();\n      }\n      const toPath = normalizePath(response.url);\n      const navigate = options?.navigate ?? navigateWithPageReload;\n      navigate(toPath);\n    }\n  }\n}\n\n/**\n * It defines what to do when it detects a session is invalid. E.g.,\n * show a login view.\n * It takes an <code>EndpointCallContinue</code> parameter, which can be\n * used to continue the endpoint call.\n */\nexport type OnInvalidSessionCallback = () => Promise<LoginResult>;\n\n/**\n * A helper class for handling invalid sessions during an endpoint call.\n * E.g., you can use this to show user a login page when the session has\n * expired.\n */\nexport class InvalidSessionMiddleware implements MiddlewareClass {\n  private readonly onInvalidSessionCallback: OnInvalidSessionCallback;\n\n  constructor(onInvalidSessionCallback: OnInvalidSessionCallback) {\n    this.onInvalidSessionCallback = onInvalidSessionCallback;\n  }\n\n  async invoke(context: MiddlewareContext, next: MiddlewareNext): Promise<Response> {\n    const clonedContext = { ...context };\n    clonedContext.request = context.request.clone();\n    const response = await next(context);\n    if (response.status === 401) {\n      const loginResult = await this.onInvalidSessionCallback();\n      if (loginResult.token) {\n        clonedContext.request.headers.set(VAADIN_CSRF_HEADER, loginResult.token);\n        return next(clonedContext) as Promise<Response>;\n      }\n    }\n    return response;\n  }\n}\n"],"version":3}
+{"mappings":"AACA,OAAO,uCAAwC;AAC/C,SACE,mBACA,yCACA,4CACA,0CACsB;AAExB,MAAM,kBAAkB;AAExB,SAAS,mCAAmCA,MAAsC;CAChF,MAAM,MAAM,IAAI,YAAY,gBAAgB,MAAM,YAAY;AAC9D,QAAO,kBAAkB,IAAI;AAC9B;AAED,SAAS,0BAA0B;AACjC,OAAM,KACJ,SAAS,KAAK,iBAAiB,oFAA8E,CAC9G,CAAC,QAAQ,CAAC,OAAO,GAAG,QAAQ,CAAC;AAC/B;AAED,SAAS,yBAAyBC,gBAAwC;AACxE,0BAAyB;CACzB,MAAMC,iBAAkC,SAAS,cAAc,OAAO;AACtE,gBAAe,OAAO;AACtB,gBAAe,UAAU,eAAe;AACxC,UAAS,KAAK,YAAY,eAAe;CACzC,MAAMC,YAA6B,SAAS,cAAc,OAAO;AACjE,WAAU,OAAO;AACjB,WAAU,UAAU,eAAe;AACnC,UAAS,KAAK,YAAY,UAAU;AACrC;AAED,MAAM,qCAAqC,CAACH,SAAqC;CAC/E,MAAM,QAAQ,6EAA6E,KAAK,KAAK;AACrG,QAAO,QAAQ,MAAM,KAAK;AAC3B;AAED,eAAe,gCAAgCI,UAAiD;CAC9F,MAAM,eAAe,MAAM,SAAS,MAAM;CAC1C,MAAM,QAAQ,mCAAmC,aAAa;CAC9D,MAAM,sBAAsB,mCAAmC,aAAa;AAC5E,0BAAyB,oBAAoB;AAE7C,QAAO;AACR;AAED,eAAe,cAAcC,WAAyBC,SAAiC;CACrF,MAAM,WAAW,MAAM,MAAM,WAAW;EAAE;EAAS,QAAQ;CAAQ,EAAC;AACpE,MAAK,SAAS,IAAI;AAChB,QAAM,IAAI,OAAO,iCAAiC,SAAS,OAAO;CACnE;AAED,OAAM,gCAAgC,SAAS;AAE/C,QAAO;AACR;AAED,eAAe,aAAaC,KAAmBC,YAAmD;CAChG,MAAM,mBAAmB,QAAQ,WAAW,MAAM,IAAI,UAAU;CAGhE,MAAM,OAAO,SAAS,cAAc,OAAO;AAC3C,MAAK,aAAa,UAAU,OAAO;AACnC,MAAK,aAAa,UAAU,UAAU;AACtC,MAAK,MAAM,UAAU;AAGrB,MAAK,MAAM,CAAC,MAAM,MAAM,IAAI,OAAO,QAAQ,WAAW,EAAE;EACtD,MAAM,QAAQ,SAAS,cAAc,QAAQ;AAC7C,QAAM,aAAa,QAAQ,SAAS;AACpC,QAAM,aAAa,QAAQ,KAAK;AAChC,QAAM,aAAa,SAAS,MAAM;AAElC,OAAK,YAAY,MAAM;CACxB;AAGD,UAAS,KAAK,YAAY,KAAK;AAK/B,QAAO,IAAI,QAAQ,CAAC,GAAG,WAAW;AAChC,aAAW,MAAM;AACf,UAAO,IAAI,MAAM,2DAA2D;EAC7E,GAAE,IAAM;AACT,OAAK,QAAQ;CACd;AACF;AAED,eAAe,SAASC,KAAeC,SAA4C;CAGjF,MAAM,0BAA0B,SAAS,aAAa,SAAS;CAE/D,MAAM,YAAY,SAAS,aAAa;AACxC,KAAI,wBAAwB;EAC1B,MAAM,aAAa,2CAA2C,IAAI;AAClE,QAAM,aAAa,WAAW,WAAW;AAEzC,SAAO,IAAI,SAAS,MAAM;GACxB,QAAQ;GACR,YAAY;EACb;CACF;CACD,MAAM,UAAU,wCAAwC,IAAI;AAC5D,QAAO,MAAM,cAAc,WAAW,QAAQ;AAC/C;AAmDD,SAAS,cAAcC,KAAqB;CAE1C,MAAM,mBAAmB,IAAI,IAAI,KAAK,SAAS;CAC/C,MAAM,mBAAmB,iBAAiB,UAAU;CAEpD,IAAI,aAAa;AAGjB,KAAI,WAAW,WAAW,iBAAiB,SAAS,EAAE;AACpD,UAAQ,GAAG,WAAW,MAAM,iBAAiB,SAAS,OAAO,CAAC;CAC/D;AAGD,cAAa,WAAW,WAAW,iBAAiB,IAAI,GAAG,WAAW,MAAM,iBAAiB,OAAO,CAAC,IAAI;AAEzG,QAAO;AACR;;;;;;AAOD,SAAS,uBAAuBC,IAAY;CAE1C,MAAM,MAAM,GAAG,WAAW,IAAI,GAAG,IAAI,KAAK,GAAG,GAAG,GAAG,SAAS,WAAW;AACvE,QAAO,SAAS,QAAQ,IAAI;AAC7B;;;;;;;AAQD,OAAO,eAAe,MAAMC,UAAkBC,UAAkBC,SAA8C;AAC5G,KAAI;EACF,MAAM,OAAO,IAAI;AACjB,OAAK,OAAO,YAAY,SAAS;AACjC,OAAK,OAAO,YAAY,SAAS;EAEjC,MAAM,qBAAqB,SAAS,sBAAsB;EAC1D,MAAM,UAAU,wCAAwC,SAAS;AACjE,UAAQ,SAAS;EACjB,MAAM,WAAW,MAAM,MAAM,oBAAoB;GAC/C,MAAM;GACN;GACA,QAAQ;EACT,EAAC;EAKF,MAAM,SAAS,SAAS,QAAQ,IAAI,SAAS;EAC7C,MAAM,WAAW,SAAS,QAAQ,IAAI,YAAY,IAAI;EACtD,MAAM,aAAa,SAAS,QAAQ,IAAI,cAAc,IAAI;EAC1D,MAAM,kBAAkB,SAAS,MAAM,WAAW;AAElD,MAAI,iBAAiB;GACnB,MAAM,kBAAkB,SAAS,QAAQ,IAAI,cAAc,IAAI;GAE/D,MAAM,mBAAmB,SAAS,QAAQ,IAAI,qBAAqB,IAAI;GACvE,MAAM,kBAAkB,SAAS,QAAQ,IAAI,oBAAoB,IAAI;AACrE,OAAI,oBAAoB,iBAAiB;IACvC,MAAMC,sBAA8C,CAAE;AACtD,wBAAoB,QAAQ;AAE5B,wBAAoB,eAAe;AACnC,6BAAyB,oBAAoB;GAC9C;AAED,OAAI,SAAS,WAAW;AACtB,UAAM,QAAQ,WAAW;GAC1B;GAED,MAAM,MAAM,YAAY,cAAc,SAAS;GAC/C,MAAM,SAAS,cAAc,IAAI;GACjC,MAAM,WAAW,SAAS,YAAY;AACtC,YAAS,OAAO;AAEhB,UAAO;IACL;IACA,OAAO;IACP,aAAa;IACb,OAAO;GACR;EACF;AACD,SAAO;GACL,OAAO;GACP,cAAc;GACd,YAAY;EACb;CACF,SAAQC,GAAY;AACnB,MAAI,aAAa,OAAO;AACtB,UAAO;IACL,OAAO;IACP,cAAc,EAAE;IAChB,YAAY,EAAE;GACf;EACF;AAED,QAAM;CACP;AACF;;;;;AAMD,OAAO,eAAe,OAAOP,SAAwC;CACnE,IAAIQ;AACJ,KAAI;AACF,aAAW,MAAM,SAAS,UAAU,QAAQ;CAC7C,QAAO;AACN,MAAI;GACF,MAAM,kBAAkB,MAAM,MAAM,WAAW;GAC/C,MAAM,eAAe,MAAM,gBAAgB,MAAM;GACjD,MAAM,MAAM,IAAI,YAAY,gBAAgB,cAAc,YAAY;AACtE,cAAW,MAAM,SAAS,KAAK,QAAQ;EACxC,SAAQ,OAAO;AAEd,4BAAyB;AACzB,SAAM;EACP;CACF,UAAS;AACR,gBAAc,OAAO,gBAAgB;AACrC,MAAI,YAAY,SAAS,MAAM,SAAS,YAAY;AAClD,OAAI,SAAS,WAAW;AACtB,UAAM,QAAQ,WAAW;GAC1B;GACD,MAAM,SAAS,cAAc,SAAS,IAAI;GAC1C,MAAM,WAAW,SAAS,YAAY;AACtC,YAAS,OAAO;EACjB;CACF;AACF;;;;;;AAeD,OAAO,MAAM,yBAAoD;CAC/D,AAAiB;CAEjB,YAAYC,0BAAoD;AAC9D,OAAK,2BAA2B;CACjC;CAED,MAAM,OAAOC,SAA4BC,MAAyC;EAChF,MAAM,gBAAgB,EAAE,GAAG,QAAS;AACpC,gBAAc,UAAU,QAAQ,QAAQ,OAAO;EAC/C,MAAM,WAAW,MAAM,KAAK,QAAQ;AACpC,MAAI,SAAS,WAAW,KAAK;GAC3B,MAAM,cAAc,MAAM,KAAK,0BAA0B;AACzD,OAAI,YAAY,OAAO;AACrB,kBAAc,QAAQ,QAAQ,IAAI,oBAAoB,YAAY,MAAM;AACxE,WAAO,KAAK,cAAc;GAC3B;EACF;AACD,SAAO;CACR;AACF","names":["body: string","springCsrfInfo: Record<string, string>","headerNameMeta: HTMLMetaElement","tokenMeta: HTMLMetaElement","response: Response","logoutUrl: URL | string","headers: Record<string, string>","url: URL | string","parameters: Record<string, string>","doc: Document","options?: LogoutOptions","url: string","to: string","username: string","password: string","options?: LoginOptions","springCsrfTokenInfo: Record<string, string>","e: unknown","response: Response | undefined","onInvalidSessionCallback: OnInvalidSessionCallback","context: MiddlewareContext","next: MiddlewareNext"],"sources":["/opt/agent/work/1af72d8adc613024/hilla/packages/ts/frontend/src/Authentication.ts"],"sourcesContent":["import type { MiddlewareClass, MiddlewareContext, MiddlewareNext } from './Connect.js';\nimport CookieManager from './CookieManager.js';\nimport {\n  getSpringCsrfInfo,\n  getSpringCsrfTokenHeadersForAuthRequest,\n  getSpringCsrfTokenParametersForAuthRequest,\n  VAADIN_CSRF_HEADER,\n} from './CsrfUtils.js';\n\nconst JWT_COOKIE_NAME = 'jwt.headerAndPayload';\n\nfunction getSpringCsrfTokenFromResponseBody(body: string): Record<string, string> {\n  const doc = new DOMParser().parseFromString(body, 'text/html');\n  return getSpringCsrfInfo(doc);\n}\n\nfunction clearSpringCsrfMetaTags() {\n  Array.from(\n    document.head.querySelectorAll('meta[name=\"_csrf\"], meta[name=\"_csrf_header\"], meta[name=\"_csrf_parameter\"]'),\n  ).forEach((el) => el.remove());\n}\n\nfunction updateSpringCsrfMetaTags(springCsrfInfo: Record<string, string>) {\n  clearSpringCsrfMetaTags();\n  const headerNameMeta: HTMLMetaElement = document.createElement('meta');\n  headerNameMeta.name = '_csrf_header';\n  headerNameMeta.content = springCsrfInfo._csrf_header;\n  document.head.appendChild(headerNameMeta);\n  const tokenMeta: HTMLMetaElement = document.createElement('meta');\n  tokenMeta.name = '_csrf';\n  tokenMeta.content = springCsrfInfo._csrf;\n  document.head.appendChild(tokenMeta);\n}\n\nconst getVaadinCsrfTokenFromResponseBody = (body: string): string | undefined => {\n  const match = /window\\.Vaadin = \\{TypeScript: \\{\"csrfToken\":\"([0-9a-zA-Z\\\\-]{36})\"\\}\\};/iu.exec(body);\n  return match ? match[1] : undefined;\n};\n\nasync function updateCsrfTokensBasedOnResponse(response: Response): Promise<string | undefined> {\n  const responseText = await response.text();\n  const token = getVaadinCsrfTokenFromResponseBody(responseText);\n  const springCsrfTokenInfo = getSpringCsrfTokenFromResponseBody(responseText);\n  updateSpringCsrfMetaTags(springCsrfTokenInfo);\n\n  return token;\n}\n\nasync function doFetchLogout(logoutUrl: URL | string, headers: Record<string, string>) {\n  const response = await fetch(logoutUrl, { headers, method: 'POST' });\n  if (!response.ok) {\n    throw new Error(`failed to logout with response ${response.status}`);\n  }\n\n  await updateCsrfTokensBasedOnResponse(response);\n\n  return response;\n}\n\nasync function doFormLogout(url: URL | string, parameters: Record<string, string>): Promise<void> {\n  const logoutUrl = typeof url === 'string' ? url : url.toString();\n\n  // Create form to send POST request\n  const form = document.createElement('form');\n  form.setAttribute('method', 'POST');\n  form.setAttribute('action', logoutUrl);\n  form.style.display = 'none';\n\n  // Add data to form as hidden input fields\n  for (const [name, value] of Object.entries(parameters)) {\n    const input = document.createElement('input');\n    input.setAttribute('type', 'hidden');\n    input.setAttribute('name', name);\n    input.setAttribute('value', value);\n\n    form.appendChild(input);\n  }\n\n  // Append form to page and submit it to perform logout and redirect\n  document.body.appendChild(form);\n\n  // No code should run after a form submission, as it will navigate away.\n  // The promise will reject after a long timeout to avoid executing code after\n  // (old user code has a `reload` call that could happen before the form submission).\n  return new Promise((_, reject) => {\n    setTimeout(() => {\n      reject(new Error('Form submission did not navigate away after 10 seconds.'));\n    }, 10000);\n    form.submit();\n  });\n}\n\nasync function doLogout(doc: Document, options?: LogoutOptions): Promise<Response> {\n  // performing fetch logout only makes sense if at least one of the 'navigate'\n  // or 'onSuccess' is defined, otherwise we can just do a form logout:\n  const shouldSubmitFormLogout = !options?.navigate && !options?.onSuccess;\n  // this assumes the default Spring Security logout configuration (handler URL)\n  const logoutUrl = options?.logoutUrl ?? 'logout';\n  if (shouldSubmitFormLogout) {\n    const parameters = getSpringCsrfTokenParametersForAuthRequest(doc);\n    await doFormLogout(logoutUrl, parameters);\n    // This should never be reached, as form submission will navigate away\n    return new Response(null, {\n      status: 500,\n      statusText: 'Form submission did not navigate away.',\n    } as ResponseInit);\n  }\n  const headers = getSpringCsrfTokenHeadersForAuthRequest(doc);\n  return await doFetchLogout(logoutUrl, headers);\n}\n\nexport interface LoginResult {\n  error: boolean;\n  token?: string;\n  errorTitle?: string;\n  errorMessage?: string;\n  redirectUrl?: string;\n  defaultUrl?: string;\n}\n\nexport type SuccessCallback = () => Promise<void> | void;\n\nexport type NavigateFunction = (path: string) => void;\n\nexport interface LoginOptions {\n  /**\n   * The URL for login request, defaults to `/login`.\n   */\n  loginProcessingUrl?: URL | string;\n\n  /**\n   * The success callback.\n   */\n  onSuccess?: SuccessCallback;\n\n  /**\n   * The navigation callback, called after successful login. The default\n   * reloads the page.\n   */\n  navigate?: NavigateFunction;\n}\n\nexport interface LogoutOptions {\n  /**\n   * The URL for logout request, defaults to `/logout`.\n   */\n  logoutUrl?: URL | string;\n\n  /**\n   * The success callback.\n   */\n  onSuccess?: SuccessCallback;\n\n  /**\n   * The navigation callback, called after successful logout. The default\n   * reloads the page.\n   */\n  navigate?: NavigateFunction;\n}\n\nfunction normalizePath(url: string): string {\n  // URL with context path\n  const effectiveBaseURL = new URL('.', document.baseURI);\n  const effectiveBaseURI = effectiveBaseURL.toString();\n\n  let normalized = url;\n\n  // Strip context path prefix\n  if (normalized.startsWith(effectiveBaseURL.pathname)) {\n    return `/${normalized.slice(effectiveBaseURL.pathname.length)}`;\n  }\n\n  // Strip base URI\n  normalized = normalized.startsWith(effectiveBaseURI) ? `/${normalized.slice(effectiveBaseURI.length)}` : normalized;\n\n  return normalized;\n}\n\n/**\n * Navigates to the provided path using page reload.\n *\n * @param to - navigation target path\n */\nfunction navigateWithPageReload(to: string) {\n  // Consider absolute path to be within application context\n  const url = to.startsWith('/') ? new URL(`.${to}`, document.baseURI) : to;\n  window.location.replace(url);\n}\n\n/**\n * A helper method for Spring Security based form login.\n * @param username - username\n * @param password - password\n * @param options - defines additional options, e.g, the loginProcessingUrl etc.\n */\nexport async function login(username: string, password: string, options?: LoginOptions): Promise<LoginResult> {\n  try {\n    const data = new FormData();\n    data.append('username', username);\n    data.append('password', password);\n\n    const loginProcessingUrl = options?.loginProcessingUrl ?? 'login';\n    const headers = getSpringCsrfTokenHeadersForAuthRequest(document);\n    headers.source = 'typescript';\n    const response = await fetch(loginProcessingUrl, {\n      body: data,\n      headers,\n      method: 'POST',\n    });\n\n    // This code assumes that a VaadinSavedRequestAwareAuthenticationSuccessHandler is used on the server side,\n    // setting these header values based on the \"source=typescript\" header set above\n\n    const result = response.headers.get('Result');\n    const savedUrl = response.headers.get('Saved-url') ?? undefined;\n    const defaultUrl = response.headers.get('Default-url') ?? undefined;\n    const loginSuccessful = response.ok && result === 'success';\n\n    if (loginSuccessful) {\n      const vaadinCsrfToken = response.headers.get('Vaadin-CSRF') ?? undefined;\n\n      const springCsrfHeader = response.headers.get('Spring-CSRF-header') ?? undefined;\n      const springCsrfToken = response.headers.get('Spring-CSRF-token') ?? undefined;\n      if (springCsrfHeader && springCsrfToken) {\n        const springCsrfTokenInfo: Record<string, string> = {};\n        springCsrfTokenInfo._csrf = springCsrfToken;\n        // eslint-disable-next-line camelcase\n        springCsrfTokenInfo._csrf_header = springCsrfHeader;\n        updateSpringCsrfMetaTags(springCsrfTokenInfo);\n      }\n\n      if (options?.onSuccess) {\n        await options.onSuccess();\n      }\n\n      const url = savedUrl ?? defaultUrl ?? document.baseURI;\n      const toPath = normalizePath(url);\n      const navigate = options?.navigate ?? navigateWithPageReload;\n      navigate(toPath);\n\n      return {\n        defaultUrl,\n        error: false,\n        redirectUrl: savedUrl,\n        token: vaadinCsrfToken,\n      };\n    }\n    return {\n      error: true,\n      errorMessage: 'Check that you have entered the correct username and password and try again.',\n      errorTitle: 'Incorrect username or password.',\n    };\n  } catch (e: unknown) {\n    if (e instanceof Error) {\n      return {\n        error: true,\n        errorMessage: e.message,\n        errorTitle: e.name,\n      };\n    }\n\n    throw e;\n  }\n}\n\n/**\n * A helper method for Spring Security based form logout\n * @param options - defines additional options, e.g, the logoutUrl.\n */\nexport async function logout(options?: LogoutOptions): Promise<void> {\n  let response: Response | undefined;\n  try {\n    response = await doLogout(document, options);\n  } catch {\n    try {\n      const noCacheResponse = await fetch('?nocache');\n      const responseText = await noCacheResponse.text();\n      const doc = new DOMParser().parseFromString(responseText, 'text/html');\n      response = await doLogout(doc, options);\n    } catch (error) {\n      // clear the token if the call fails\n      clearSpringCsrfMetaTags();\n      throw error;\n    }\n  } finally {\n    CookieManager.remove(JWT_COOKIE_NAME);\n    if (response && response.ok && response.redirected) {\n      if (options?.onSuccess) {\n        await options.onSuccess();\n      }\n      const toPath = normalizePath(response.url);\n      const navigate = options?.navigate ?? navigateWithPageReload;\n      navigate(toPath);\n    }\n  }\n}\n\n/**\n * It defines what to do when it detects a session is invalid. E.g.,\n * show a login view.\n * It takes an <code>EndpointCallContinue</code> parameter, which can be\n * used to continue the endpoint call.\n */\nexport type OnInvalidSessionCallback = () => Promise<LoginResult>;\n\n/**\n * A helper class for handling invalid sessions during an endpoint call.\n * E.g., you can use this to show user a login page when the session has\n * expired.\n */\nexport class InvalidSessionMiddleware implements MiddlewareClass {\n  private readonly onInvalidSessionCallback: OnInvalidSessionCallback;\n\n  constructor(onInvalidSessionCallback: OnInvalidSessionCallback) {\n    this.onInvalidSessionCallback = onInvalidSessionCallback;\n  }\n\n  async invoke(context: MiddlewareContext, next: MiddlewareNext): Promise<Response> {\n    const clonedContext = { ...context };\n    clonedContext.request = context.request.clone();\n    const response = await next(context);\n    if (response.status === 401) {\n      const loginResult = await this.onInvalidSessionCallback();\n      if (loginResult.token) {\n        clonedContext.request.headers.set(VAADIN_CSRF_HEADER, loginResult.token);\n        return next(clonedContext) as Promise<Response>;\n      }\n    }\n    return response;\n  }\n}\n"],"version":3}

package/index.js

@@ -6,7 +6,7 @@ export { ActionOnLostSubscription, FluxConnection, State } from "./FluxConnectio
 	vaadinObj.registrations ??= [];
 	vaadinObj.registrations.push({
 		is: feature ? `@vaadin/hilla-frontend/${feature}` : "@vaadin/hilla-frontend",
-		version: "24.8.0-alpha7"
+		version: "24.8.0-alpha8"
 	});
 })();
 //# sourceMappingURL=./index.js.map

package/index.js.map

@@ -1 +1 @@
-{"mappings":"AAAA;AACA;AACA;AACA,SAAS,0BAA0B,gBAAgB;AAInD,CAAC,CAAC,SAAS,YAAa,OAAO,WAAW,CAAE,MAAM;AAChD,WAAU,kBAAkB,CAAE;AAC9B,WAAU,cAAc,KAAK;EAC3B,IAAI,WAAW,yBAAyB,QAAQ,IAAI;EACpD,SAAS;CACV,EAAC;AACH,IAAG","names":[],"sources":["/opt/agent/work/1af72d8adc613024/hilla/packages/ts/frontend/src/index.ts"],"sourcesContent":["export * from './Authentication.js';\nexport * from './Connect.js';\nexport * from './EndpointErrors.js';\nexport { ActionOnLostSubscription, FluxConnection, State } from './FluxConnection.js';\n\n// @ts-expect-error: esbuild injection\n// eslint-disable-next-line @typescript-eslint/no-unsafe-call\n((feature, vaadinObj = (window.Vaadin ??= {})) => {\n  vaadinObj.registrations ??= [];\n  vaadinObj.registrations.push({\n    is: feature ? `@vaadin/hilla-frontend/${feature}` : '@vaadin/hilla-frontend',\n    version: '24.8.0-alpha7',\n  });\n})();\n"],"version":3}
+{"mappings":"AAAA;AACA;AACA;AACA,SAAS,0BAA0B,gBAAgB;AAInD,CAAC,CAAC,SAAS,YAAa,OAAO,WAAW,CAAE,MAAM;AAChD,WAAU,kBAAkB,CAAE;AAC9B,WAAU,cAAc,KAAK;EAC3B,IAAI,WAAW,yBAAyB,QAAQ,IAAI;EACpD,SAAS;CACV,EAAC;AACH,IAAG","names":[],"sources":["/opt/agent/work/1af72d8adc613024/hilla/packages/ts/frontend/src/index.ts"],"sourcesContent":["export * from './Authentication.js';\nexport * from './Connect.js';\nexport * from './EndpointErrors.js';\nexport { ActionOnLostSubscription, FluxConnection, State } from './FluxConnection.js';\n\n// @ts-expect-error: esbuild injection\n// eslint-disable-next-line @typescript-eslint/no-unsafe-call\n((feature, vaadinObj = (window.Vaadin ??= {})) => {\n  vaadinObj.registrations ??= [];\n  vaadinObj.registrations.push({\n    is: feature ? `@vaadin/hilla-frontend/${feature}` : '@vaadin/hilla-frontend',\n    version: '24.8.0-alpha8',\n  });\n})();\n"],"version":3}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vaadin/hilla-frontend",
-  "version": "24.8.0-alpha7",
+  "version": "24.8.0-alpha8",
   "description": "Hilla core frontend utils",
   "main": "index.js",
   "module": "index.js",
@@ -20,7 +20,7 @@
     "lint:fix": "eslint src test --fix",
     "test": "vitest --run",
     "test:coverage": "vitest --run --coverage",
-    "test:watch": "vitest",
+    "test:watch": "vitest --inspect --no-file-parallelism",
     "typecheck": "tsc --noEmit"
   },
   "exports": {