@vardario/cognito-client 0.1.3 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cognito-client.d.ts +1 -1
- package/lib/cognito-client.js +256 -470
- package/lib/cognito-client.test.d.ts +1 -1
- package/lib/cognito-client.test.js +90 -201
- package/lib/error.js +13 -36
- package/lib/index.d.ts +3 -3
- package/lib/index.js +3 -19
- package/lib/session-storage/cookie-session-storage/cookie-session-storage.d.ts +2 -2
- package/lib/session-storage/cookie-session-storage/cookie-session-storage.js +24 -48
- package/lib/session-storage/cookie-session-storage/index.d.ts +1 -1
- package/lib/session-storage/cookie-session-storage/index.js +1 -17
- package/lib/session-storage/index.d.ts +4 -4
- package/lib/session-storage/index.js +4 -20
- package/lib/session-storage/local-storage-session-storage.d.ts +2 -2
- package/lib/session-storage/local-storage-session-storage.js +17 -39
- package/lib/session-storage/memory-session-storage.d.ts +2 -2
- package/lib/session-storage/memory-session-storage.js +11 -35
- package/lib/session-storage/session-storage.d.ts +1 -1
- package/lib/session-storage/session-storage.js +2 -9
- package/lib/session-storage/session-storage.test.js +22 -23
- package/lib/test-utils.js +73 -130
- package/lib/utils.d.ts +2 -2
- package/lib/utils.js +47 -64
- package/package.json +16 -15
|
@@ -1,22 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
var __extends = (this && this.__extends) || (function () {
|
|
3
|
-
var extendStatics = function (d, b) {
|
|
4
|
-
extendStatics = Object.setPrototypeOf ||
|
|
5
|
-
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
|
|
6
|
-
function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
|
|
7
|
-
return extendStatics(d, b);
|
|
8
|
-
};
|
|
9
|
-
return function (d, b) {
|
|
10
|
-
if (typeof b !== "function" && b !== null)
|
|
11
|
-
throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
|
|
12
|
-
extendStatics(d, b);
|
|
13
|
-
function __() { this.constructor = d; }
|
|
14
|
-
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
|
|
15
|
-
};
|
|
16
|
-
})();
|
|
17
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
|
-
exports.LocalStorageSessionStorage = void 0;
|
|
19
|
-
var session_storage_1 = require("./session-storage");
|
|
1
|
+
import { SessionStorage } from './session-storage.js';
|
|
20
2
|
/**
|
|
21
3
|
* LocalStorage based session storage.
|
|
22
4
|
* This session storage works only one domain at a time.
|
|
@@ -24,37 +6,33 @@ var session_storage_1 = require("./session-storage");
|
|
|
24
6
|
* Use @see CookieSessionStorage for a session storage, which
|
|
25
7
|
* can span across sub domains as well.
|
|
26
8
|
*/
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
_this.props = props;
|
|
32
|
-
return _this;
|
|
9
|
+
export class LocalStorageSessionStorage extends SessionStorage {
|
|
10
|
+
constructor(props) {
|
|
11
|
+
super();
|
|
12
|
+
this.props = props;
|
|
33
13
|
}
|
|
34
|
-
|
|
35
|
-
|
|
14
|
+
getSession() {
|
|
15
|
+
const payload = window.localStorage.getItem(this.props.storageName);
|
|
36
16
|
if (payload === null) {
|
|
37
17
|
return undefined;
|
|
38
18
|
}
|
|
39
19
|
return JSON.parse(payload);
|
|
40
|
-
}
|
|
41
|
-
|
|
20
|
+
}
|
|
21
|
+
setSession(session) {
|
|
42
22
|
if (session === undefined) {
|
|
43
23
|
window.localStorage.removeItem(this.props.storageName);
|
|
44
24
|
return;
|
|
45
25
|
}
|
|
46
26
|
window.localStorage.setItem(this.props.storageName, JSON.stringify(session));
|
|
47
|
-
}
|
|
48
|
-
|
|
49
|
-
window.localStorage.setItem(
|
|
50
|
-
}
|
|
51
|
-
|
|
52
|
-
|
|
27
|
+
}
|
|
28
|
+
setOauthVerificationParams(oAuthParams) {
|
|
29
|
+
window.localStorage.setItem(`${this.props.storageName}_oauth`, JSON.stringify(oAuthParams));
|
|
30
|
+
}
|
|
31
|
+
getOauthVerificationParams() {
|
|
32
|
+
const payload = window.localStorage.getItem(`${this.props.storageName}_oauth`);
|
|
53
33
|
if (payload === null) {
|
|
54
34
|
return undefined;
|
|
55
35
|
}
|
|
56
36
|
return JSON.parse(payload);
|
|
57
|
-
}
|
|
58
|
-
|
|
59
|
-
}(session_storage_1.SessionStorage));
|
|
60
|
-
exports.LocalStorageSessionStorage = LocalStorageSessionStorage;
|
|
37
|
+
}
|
|
38
|
+
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { Session } from '../cognito-client';
|
|
2
|
-
import { OAuthVerificationParams, SessionStorage } from './session-storage';
|
|
1
|
+
import { Session } from '../cognito-client.js';
|
|
2
|
+
import { OAuthVerificationParams, SessionStorage } from './session-storage.js';
|
|
3
3
|
/**
|
|
4
4
|
* In-memory based session storage. Useful for testing.
|
|
5
5
|
*/
|
|
@@ -1,42 +1,18 @@
|
|
|
1
|
-
|
|
2
|
-
var __extends = (this && this.__extends) || (function () {
|
|
3
|
-
var extendStatics = function (d, b) {
|
|
4
|
-
extendStatics = Object.setPrototypeOf ||
|
|
5
|
-
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
|
|
6
|
-
function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
|
|
7
|
-
return extendStatics(d, b);
|
|
8
|
-
};
|
|
9
|
-
return function (d, b) {
|
|
10
|
-
if (typeof b !== "function" && b !== null)
|
|
11
|
-
throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
|
|
12
|
-
extendStatics(d, b);
|
|
13
|
-
function __() { this.constructor = d; }
|
|
14
|
-
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
|
|
15
|
-
};
|
|
16
|
-
})();
|
|
17
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
|
-
exports.MemorySessionStorage = void 0;
|
|
19
|
-
var session_storage_1 = require("./session-storage");
|
|
1
|
+
import { SessionStorage } from './session-storage.js';
|
|
20
2
|
/**
|
|
21
3
|
* In-memory based session storage. Useful for testing.
|
|
22
4
|
*/
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
function MemorySessionStorage() {
|
|
26
|
-
return _super !== null && _super.apply(this, arguments) || this;
|
|
27
|
-
}
|
|
28
|
-
MemorySessionStorage.prototype.getSession = function () {
|
|
5
|
+
export class MemorySessionStorage extends SessionStorage {
|
|
6
|
+
getSession() {
|
|
29
7
|
return this.session;
|
|
30
|
-
}
|
|
31
|
-
|
|
8
|
+
}
|
|
9
|
+
setSession(session) {
|
|
32
10
|
this.session = session;
|
|
33
|
-
}
|
|
34
|
-
|
|
11
|
+
}
|
|
12
|
+
getOauthVerificationParams() {
|
|
35
13
|
return this.oAuthVerificationParams;
|
|
36
|
-
}
|
|
37
|
-
|
|
14
|
+
}
|
|
15
|
+
setOauthVerificationParams(oAuthParams) {
|
|
38
16
|
this.oAuthVerificationParams = oAuthParams;
|
|
39
|
-
}
|
|
40
|
-
|
|
41
|
-
}(session_storage_1.SessionStorage));
|
|
42
|
-
exports.MemorySessionStorage = MemorySessionStorage;
|
|
17
|
+
}
|
|
18
|
+
}
|
|
@@ -1,12 +1,5 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SessionStorage = void 0;
|
|
4
1
|
/**
|
|
5
2
|
* Session storage interface class.
|
|
6
3
|
*/
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
}
|
|
10
|
-
return SessionStorage;
|
|
11
|
-
}());
|
|
12
|
-
exports.SessionStorage = SessionStorage;
|
|
4
|
+
export class SessionStorage {
|
|
5
|
+
}
|
|
@@ -1,31 +1,30 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
new
|
|
11
|
-
new
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
cookieName: 'session',
|
|
1
|
+
import { randomBytes } from "crypto";
|
|
2
|
+
import { setupJsDom } from "../test-utils.js";
|
|
3
|
+
import { CookieSessionStorage } from "./cookie-session-storage/index.js";
|
|
4
|
+
import { LocalStorageSessionStorage } from "./local-storage-session-storage.js";
|
|
5
|
+
import { MemorySessionStorage } from "./memory-session-storage.js";
|
|
6
|
+
import { expect, test } from "vitest";
|
|
7
|
+
setupJsDom();
|
|
8
|
+
const sessionStorages = [
|
|
9
|
+
new MemorySessionStorage(),
|
|
10
|
+
new LocalStorageSessionStorage({ storageName: "session" }),
|
|
11
|
+
new CookieSessionStorage({
|
|
12
|
+
domain: "localhost",
|
|
13
|
+
cookieName: "session",
|
|
15
14
|
}),
|
|
16
15
|
];
|
|
17
|
-
|
|
18
|
-
accessToken:
|
|
16
|
+
const session = {
|
|
17
|
+
accessToken: randomBytes(128).toString("base64"),
|
|
19
18
|
expiresIn: 600,
|
|
20
|
-
idToken:
|
|
21
|
-
refreshToken:
|
|
19
|
+
idToken: randomBytes(128).toString("base64"),
|
|
20
|
+
refreshToken: randomBytes(128).toString("base64"),
|
|
22
21
|
};
|
|
23
|
-
|
|
24
|
-
pkce:
|
|
25
|
-
state:
|
|
22
|
+
const oAuthVerificationParams = {
|
|
23
|
+
pkce: randomBytes(128).toString("base64"),
|
|
24
|
+
state: randomBytes(128).toString("base64"),
|
|
26
25
|
};
|
|
27
|
-
test(
|
|
28
|
-
sessionStorages.forEach(
|
|
26
|
+
test("SessionStorage", () => {
|
|
27
|
+
sessionStorages.forEach((sessionStorage) => {
|
|
29
28
|
sessionStorage.setSession(session);
|
|
30
29
|
expect(sessionStorage.getSession()).toStrictEqual(session);
|
|
31
30
|
sessionStorage.setOauthVerificationParams(oAuthVerificationParams);
|
package/lib/test-utils.js
CHANGED
|
@@ -1,138 +1,81 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
-
});
|
|
10
|
-
};
|
|
11
|
-
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
12
|
-
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
|
13
|
-
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
14
|
-
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
15
|
-
function step(op) {
|
|
16
|
-
if (f) throw new TypeError("Generator is already executing.");
|
|
17
|
-
while (g && (g = 0, op[0] && (_ = 0)), _) try {
|
|
18
|
-
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
19
|
-
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
20
|
-
switch (op[0]) {
|
|
21
|
-
case 0: case 1: t = op; break;
|
|
22
|
-
case 4: _.label++; return { value: op[1], done: false };
|
|
23
|
-
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
24
|
-
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
25
|
-
default:
|
|
26
|
-
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
27
|
-
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
28
|
-
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
29
|
-
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
30
|
-
if (t[2]) _.ops.pop();
|
|
31
|
-
_.trys.pop(); continue;
|
|
32
|
-
}
|
|
33
|
-
op = body.call(thisArg, _);
|
|
34
|
-
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
35
|
-
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
36
|
-
}
|
|
37
|
-
};
|
|
38
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
-
exports.setupJsDom = exports.setupCognito = exports.newUser = exports.user = void 0;
|
|
40
|
-
var client_cognito_identity_provider_1 = require("@aws-sdk/client-cognito-identity-provider");
|
|
41
|
-
var jsdom_1 = require("jsdom");
|
|
42
|
-
exports.user = {
|
|
43
|
-
email: 'sahin@test.com',
|
|
44
|
-
password: 'password',
|
|
45
|
-
givenName: 'Sahin',
|
|
46
|
-
familyName: 'Sahin',
|
|
1
|
+
const { AdminCreateUserCommand, AdminSetUserPasswordCommand, AttributeDataType, CognitoIdentityProviderClient, CreateUserPoolClientCommand, CreateUserPoolCommand, } = await import("@aws-sdk/client-cognito-identity-provider");
|
|
2
|
+
import { JSDOM } from "jsdom";
|
|
3
|
+
export const user = {
|
|
4
|
+
email: "sahin@test.com",
|
|
5
|
+
password: "password",
|
|
6
|
+
givenName: "Sahin",
|
|
7
|
+
familyName: "Sahin",
|
|
47
8
|
};
|
|
48
|
-
|
|
49
|
-
email:
|
|
50
|
-
password:
|
|
51
|
-
givenName:
|
|
52
|
-
familyName:
|
|
9
|
+
export const newUser = {
|
|
10
|
+
email: "john@test.com",
|
|
11
|
+
password: "password",
|
|
12
|
+
givenName: "John",
|
|
13
|
+
familyName: "John",
|
|
53
14
|
};
|
|
54
|
-
function setupCognito(endpoint) {
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
endpoint: endpoint,
|
|
63
|
-
credentials: {
|
|
64
|
-
accessKeyId: 'test',
|
|
65
|
-
secretAccessKey: 'test',
|
|
66
|
-
},
|
|
67
|
-
region: 'eu-central-1',
|
|
68
|
-
});
|
|
69
|
-
return [4 /*yield*/, awsCognitoClient.send(new client_cognito_identity_provider_1.CreateUserPoolCommand({
|
|
70
|
-
PoolName: 'TestPool',
|
|
71
|
-
Schema: [
|
|
72
|
-
{
|
|
73
|
-
Name: 'email',
|
|
74
|
-
AttributeDataType: client_cognito_identity_provider_1.AttributeDataType.STRING,
|
|
75
|
-
Required: true,
|
|
76
|
-
},
|
|
77
|
-
{
|
|
78
|
-
Name: 'givenName',
|
|
79
|
-
AttributeDataType: client_cognito_identity_provider_1.AttributeDataType.STRING,
|
|
80
|
-
Required: true,
|
|
81
|
-
},
|
|
82
|
-
{
|
|
83
|
-
Name: 'familyName',
|
|
84
|
-
AttributeDataType: client_cognito_identity_provider_1.AttributeDataType.STRING,
|
|
85
|
-
Required: true,
|
|
86
|
-
},
|
|
87
|
-
],
|
|
88
|
-
}))];
|
|
89
|
-
case 1:
|
|
90
|
-
createPoolResult = _f.sent();
|
|
91
|
-
return [4 /*yield*/, awsCognitoClient.send(new client_cognito_identity_provider_1.CreateUserPoolClientCommand({
|
|
92
|
-
ClientName: 'TestClient',
|
|
93
|
-
UserPoolId: (_a = createPoolResult.UserPool) === null || _a === void 0 ? void 0 : _a.Id,
|
|
94
|
-
}))];
|
|
95
|
-
case 2:
|
|
96
|
-
createUserPoolClientResult = _f.sent();
|
|
97
|
-
return [4 /*yield*/, awsCognitoClient.send(new client_cognito_identity_provider_1.AdminCreateUserCommand({
|
|
98
|
-
UserPoolId: (_b = createPoolResult.UserPool) === null || _b === void 0 ? void 0 : _b.Id,
|
|
99
|
-
Username: exports.user.email,
|
|
100
|
-
MessageAction: 'SUPPRESS',
|
|
101
|
-
UserAttributes: [
|
|
102
|
-
{
|
|
103
|
-
Name: 'givenName',
|
|
104
|
-
Value: exports.user.givenName,
|
|
105
|
-
},
|
|
106
|
-
{
|
|
107
|
-
Name: 'familyName',
|
|
108
|
-
Value: exports.user.familyName,
|
|
109
|
-
},
|
|
110
|
-
],
|
|
111
|
-
}))];
|
|
112
|
-
case 3:
|
|
113
|
-
createUserResult = _f.sent();
|
|
114
|
-
return [4 /*yield*/, awsCognitoClient.send(new client_cognito_identity_provider_1.AdminSetUserPasswordCommand({
|
|
115
|
-
UserPoolId: (_c = createPoolResult.UserPool) === null || _c === void 0 ? void 0 : _c.Id,
|
|
116
|
-
Username: exports.user.email,
|
|
117
|
-
Password: exports.user.password,
|
|
118
|
-
Permanent: true,
|
|
119
|
-
}))];
|
|
120
|
-
case 4:
|
|
121
|
-
setUserPasswordResult = _f.sent();
|
|
122
|
-
return [2 /*return*/, {
|
|
123
|
-
userPoolId: (_d = createPoolResult.UserPool) === null || _d === void 0 ? void 0 : _d.Id,
|
|
124
|
-
userPoolClientId: (_e = createUserPoolClientResult.UserPoolClient) === null || _e === void 0 ? void 0 : _e.ClientId,
|
|
125
|
-
}];
|
|
126
|
-
}
|
|
127
|
-
});
|
|
15
|
+
export async function setupCognito(endpoint) {
|
|
16
|
+
const awsCognitoClient = new CognitoIdentityProviderClient({
|
|
17
|
+
endpoint: endpoint,
|
|
18
|
+
credentials: {
|
|
19
|
+
accessKeyId: "test",
|
|
20
|
+
secretAccessKey: "test",
|
|
21
|
+
},
|
|
22
|
+
region: "eu-central-1",
|
|
128
23
|
});
|
|
24
|
+
const createPoolResult = await awsCognitoClient.send(new CreateUserPoolCommand({
|
|
25
|
+
PoolName: "TestPool",
|
|
26
|
+
Schema: [
|
|
27
|
+
{
|
|
28
|
+
Name: "email",
|
|
29
|
+
AttributeDataType: AttributeDataType.STRING,
|
|
30
|
+
Required: true,
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
Name: "givenName",
|
|
34
|
+
AttributeDataType: AttributeDataType.STRING,
|
|
35
|
+
Required: true,
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
Name: "familyName",
|
|
39
|
+
AttributeDataType: AttributeDataType.STRING,
|
|
40
|
+
Required: true,
|
|
41
|
+
},
|
|
42
|
+
],
|
|
43
|
+
}));
|
|
44
|
+
const createUserPoolClientResult = await awsCognitoClient.send(new CreateUserPoolClientCommand({
|
|
45
|
+
ClientName: "TestClient",
|
|
46
|
+
UserPoolId: createPoolResult.UserPool?.Id,
|
|
47
|
+
}));
|
|
48
|
+
const createUserResult = await awsCognitoClient.send(new AdminCreateUserCommand({
|
|
49
|
+
UserPoolId: createPoolResult.UserPool?.Id,
|
|
50
|
+
Username: user.email,
|
|
51
|
+
MessageAction: "SUPPRESS",
|
|
52
|
+
UserAttributes: [
|
|
53
|
+
{
|
|
54
|
+
Name: "givenName",
|
|
55
|
+
Value: user.givenName,
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
Name: "familyName",
|
|
59
|
+
Value: user.familyName,
|
|
60
|
+
},
|
|
61
|
+
],
|
|
62
|
+
}));
|
|
63
|
+
const setUserPasswordResult = await awsCognitoClient.send(new AdminSetUserPasswordCommand({
|
|
64
|
+
UserPoolId: createPoolResult.UserPool?.Id,
|
|
65
|
+
Username: user.email,
|
|
66
|
+
Password: user.password,
|
|
67
|
+
Permanent: true,
|
|
68
|
+
}));
|
|
69
|
+
return {
|
|
70
|
+
userPoolId: createPoolResult.UserPool?.Id,
|
|
71
|
+
userPoolClientId: createUserPoolClientResult.UserPoolClient
|
|
72
|
+
?.ClientId,
|
|
73
|
+
};
|
|
129
74
|
}
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
url: 'http://localhost',
|
|
75
|
+
export function setupJsDom() {
|
|
76
|
+
const dom = new JSDOM("", {
|
|
77
|
+
url: "http://localhost",
|
|
134
78
|
});
|
|
135
79
|
global.document = dom.window.document;
|
|
136
80
|
global.window = dom.window;
|
|
137
81
|
}
|
|
138
|
-
exports.setupJsDom = setupJsDom;
|
package/lib/utils.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/// <reference types="node" />
|
|
1
|
+
/// <reference types="node" resolution-mode="require"/>
|
|
2
2
|
import { BigInteger } from 'jsbn';
|
|
3
3
|
export declare function padHex(bigInt: BigInteger): string;
|
|
4
4
|
export declare function hashHexString(str: string): string;
|
|
@@ -11,7 +11,7 @@ export declare function calculateHKDF(ikm: Buffer, salt: Buffer): number[];
|
|
|
11
11
|
export declare function getPasswordAuthenticationKey(poolName: string, username: string, password: string, B: BigInteger, U: BigInteger, smallA: BigInteger, salt: BigInteger): number[];
|
|
12
12
|
export declare function calculateSignature(poolName: string, userId: string, secretBlock: string, hkdf: number[]): {
|
|
13
13
|
signature: string;
|
|
14
|
-
timeStamp:
|
|
14
|
+
timeStamp: any;
|
|
15
15
|
};
|
|
16
16
|
export declare function decodeJwt<T = unknown>(jwt: string): {
|
|
17
17
|
header: any;
|
package/lib/utils.js
CHANGED
|
@@ -1,14 +1,8 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
exports.decodeJwt = exports.calculateSignature = exports.getPasswordAuthenticationKey = exports.calculateHKDF = exports.calculateS = exports.calculateU = exports.generateA = exports.generateSmallA = exports.hashBuffer = exports.hashHexString = exports.padHex = void 0;
|
|
7
|
-
var formatInTimeZone_1 = __importDefault(require("date-fns-tz/formatInTimeZone"));
|
|
8
|
-
var hash_js_1 = require("hash.js");
|
|
9
|
-
var jsbn_1 = require("jsbn");
|
|
10
|
-
var randombytes_1 = __importDefault(require("randombytes"));
|
|
11
|
-
var initN = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1' +
|
|
1
|
+
import formatInTimeZone from 'date-fns-tz/formatInTimeZone';
|
|
2
|
+
import { hmac, sha256 } from 'hash.js';
|
|
3
|
+
import { BigInteger } from 'jsbn';
|
|
4
|
+
import randomBytes from 'randombytes';
|
|
5
|
+
const initN = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1' +
|
|
12
6
|
'29024E088A67CC74020BBEA63B139B22514A08798E3404DD' +
|
|
13
7
|
'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245' +
|
|
14
8
|
'E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' +
|
|
@@ -24,24 +18,24 @@ var initN = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1' +
|
|
|
24
18
|
'F12FFA06D98A0864D87602733EC86A64521F2B18177B200C' +
|
|
25
19
|
'BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31' +
|
|
26
20
|
'43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF';
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
function padHex(bigInt) {
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
hexStr = hexStr.length % 2 !== 0 ?
|
|
35
|
-
hexStr = HEX_MSB_REGEX.test(hexStr) ?
|
|
21
|
+
const N = new BigInteger(initN, 16);
|
|
22
|
+
const g = new BigInteger('2', 16);
|
|
23
|
+
const k = new BigInteger(hashHexString(`${padHex(N)}${padHex(g)}`), 16);
|
|
24
|
+
export function padHex(bigInt) {
|
|
25
|
+
const HEX_MSB_REGEX = /^[89a-f]/i;
|
|
26
|
+
const isNegative = bigInt.compareTo(BigInteger.ZERO) < 0;
|
|
27
|
+
let hexStr = bigInt.abs().toString(16);
|
|
28
|
+
hexStr = hexStr.length % 2 !== 0 ? `0${hexStr}` : hexStr;
|
|
29
|
+
hexStr = HEX_MSB_REGEX.test(hexStr) ? `00${hexStr}` : hexStr;
|
|
36
30
|
if (isNegative) {
|
|
37
|
-
|
|
31
|
+
const invertedNibbles = hexStr
|
|
38
32
|
.split('')
|
|
39
|
-
.map(
|
|
40
|
-
|
|
33
|
+
.map((x) => {
|
|
34
|
+
const invertedNibble = ~parseInt(x, 16) & 0xf;
|
|
41
35
|
return '0123456789ABCDEF'.charAt(invertedNibble);
|
|
42
36
|
})
|
|
43
37
|
.join('');
|
|
44
|
-
|
|
38
|
+
const flippedBitsBI = new BigInteger(invertedNibbles, 16).add(BigInteger.ONE);
|
|
45
39
|
hexStr = flippedBitsBI.toString(16);
|
|
46
40
|
if (hexStr.toUpperCase().startsWith('FF8')) {
|
|
47
41
|
hexStr = hexStr.substring(2);
|
|
@@ -49,80 +43,69 @@ function padHex(bigInt) {
|
|
|
49
43
|
}
|
|
50
44
|
return hexStr;
|
|
51
45
|
}
|
|
52
|
-
|
|
53
|
-
function hashHexString(str) {
|
|
46
|
+
export function hashHexString(str) {
|
|
54
47
|
return hashBuffer(Buffer.from(str, 'hex'));
|
|
55
48
|
}
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
var hash = (0, hash_js_1.sha256)().update(buffer).digest('hex');
|
|
49
|
+
export function hashBuffer(buffer) {
|
|
50
|
+
const hash = sha256().update(buffer).digest('hex');
|
|
59
51
|
return new Array(64 - hash.length).join('0') + hash;
|
|
60
52
|
}
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
return new jsbn_1.BigInteger((0, randombytes_1.default)(128).toString('hex'), 16);
|
|
53
|
+
export function generateSmallA() {
|
|
54
|
+
return new BigInteger(randomBytes(128).toString('hex'), 16);
|
|
64
55
|
}
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
var A = g.modPow(smallA, N);
|
|
56
|
+
export function generateA(smallA) {
|
|
57
|
+
const A = g.modPow(smallA, N);
|
|
68
58
|
return A;
|
|
69
59
|
}
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
return new jsbn_1.BigInteger(hashHexString(padHex(A) + padHex(B)), 16);
|
|
60
|
+
export function calculateU(A, B) {
|
|
61
|
+
return new BigInteger(hashHexString(padHex(A) + padHex(B)), 16);
|
|
73
62
|
}
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
var bMinusKMult = B.subtract(k.multiply(gModPowXN));
|
|
63
|
+
export function calculateS(X, B, U, smallA) {
|
|
64
|
+
const gModPowXN = g.modPow(X, N);
|
|
65
|
+
const bMinusKMult = B.subtract(k.multiply(gModPowXN));
|
|
78
66
|
return bMinusKMult.modPow(smallA.add(U.multiply(X)), N).mod(N);
|
|
79
67
|
}
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
var infoBitsBuffer = Buffer.concat([
|
|
68
|
+
export function calculateHKDF(ikm, salt) {
|
|
69
|
+
const infoBitsBuffer = Buffer.concat([
|
|
83
70
|
Buffer.from('Caldera Derived Key', 'utf8'),
|
|
84
71
|
Buffer.from(String.fromCharCode(1), 'utf8'),
|
|
85
72
|
]);
|
|
86
|
-
|
|
73
|
+
const prk = hmac(sha256, salt)
|
|
87
74
|
.update(ikm)
|
|
88
75
|
.digest();
|
|
89
|
-
|
|
76
|
+
const hmacResult = hmac(sha256, prk)
|
|
90
77
|
.update(infoBitsBuffer)
|
|
91
78
|
.digest();
|
|
92
79
|
return hmacResult.slice(0, 16);
|
|
93
80
|
}
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
var S = calculateS(X, B, U, smallA);
|
|
81
|
+
export function getPasswordAuthenticationKey(poolName, username, password, B, U, smallA, salt) {
|
|
82
|
+
const usernamePassword = `${poolName}${username}:${password}`;
|
|
83
|
+
const usernamePasswordHash = hashBuffer(Buffer.from(usernamePassword, 'utf-8'));
|
|
84
|
+
const X = new BigInteger(hashHexString(padHex(salt) + usernamePasswordHash), 16);
|
|
85
|
+
const S = calculateS(X, B, U, smallA);
|
|
100
86
|
return calculateHKDF(Buffer.from(padHex(S), 'hex'), Buffer.from(padHex(U), 'hex'));
|
|
101
87
|
}
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
var concatBuffer = Buffer.concat([
|
|
88
|
+
export function calculateSignature(poolName, userId, secretBlock, hkdf) {
|
|
89
|
+
const timeStamp = formatInTimeZone(new Date(), 'UTC', "EEE MMM d HH:mm:ss 'UTC' yyyy");
|
|
90
|
+
const concatBuffer = Buffer.concat([
|
|
106
91
|
Buffer.from(poolName, 'utf8'),
|
|
107
92
|
Buffer.from(userId, 'utf8'),
|
|
108
93
|
Buffer.from(secretBlock, 'base64'),
|
|
109
94
|
Buffer.from(timeStamp, 'utf8'),
|
|
110
95
|
]);
|
|
111
|
-
|
|
96
|
+
const signature = Buffer.from(hmac(sha256, hkdf)
|
|
112
97
|
.update(concatBuffer)
|
|
113
98
|
.digest()).toString('base64');
|
|
114
99
|
return {
|
|
115
|
-
signature
|
|
116
|
-
timeStamp
|
|
100
|
+
signature,
|
|
101
|
+
timeStamp,
|
|
117
102
|
};
|
|
118
103
|
}
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
var _a = jwt.split('.'), header = _a[0], payload = _a[1], signature = _a[2];
|
|
104
|
+
export function decodeJwt(jwt) {
|
|
105
|
+
const [header, payload, signature] = jwt.split('.');
|
|
122
106
|
return {
|
|
123
107
|
header: JSON.parse(Buffer.from(header, 'base64').toString('utf-8')),
|
|
124
108
|
payload: JSON.parse(Buffer.from(payload, 'base64').toString('utf-8')),
|
|
125
109
|
signature: signature,
|
|
126
110
|
};
|
|
127
111
|
}
|
|
128
|
-
exports.decodeJwt = decodeJwt;
|