@webex/plugin-authorization-browser-first-party 3.0.0-beta.42 → 3.0.0-beta.421

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/authorization.js +3 -1
  2. package/dist/authorization.js.map +1 -1
  3. package/package.json +10 -10
  4. package/src/authorization.js +3 -0
  5. package/test/unit/spec/authorization.js +35 -6
package/dist/authorization.js CHANGED
@@ -115,6 +115,8 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
115
115
  code: code,
116
116
  codeVerifier: codeVerifier
117
117
  });
118
+ }).catch(function (error) {
119
+ _this.logger.warn('authorization: failed initial authorization code grant request', error);
118
120
  }).then(function () {
119
121
  _this.ready = true;
120
122
  });
@@ -313,7 +315,7 @@ var Authorization = _webexCore.WebexPlugin.extend((_dec = (0, _common.whileInFli
313
315
  throw new Error("CSRF token ".concat(token, " does not match stored token ").concat(sessionToken));
314
316
  }
315
317
  },
316
- version: "3.0.0-beta.42"
318
+ version: "3.0.0-beta.421"
317
319
  }, ((0, _applyDecoratedDescriptor2.default)(_obj, "initiateAuthorizationCodeGrant", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "initiateAuthorizationCodeGrant"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "requestAuthorizationCodeGrant", [_dec2, _common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "requestAuthorizationCodeGrant"), _obj)), _obj)));
318
320
  var _default = Authorization;
319
321
  exports.default = _default;
package/dist/authorization.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["lodash","require","OAUTH2_CSRF_TOKEN","OAUTH2_CODE_VERIFIER","Authorization","WebexPlugin","extend","whileInFlight","derived","isAuthenticating","deps","fn","isAuthorizing","session","default","type","ready","namespace","initialize","attrs","ret","prototype","location","url","parse","webex","getWindow","href","_checkForErrors","code","query","state","JSON","base64","decode","codeVerifier","sessionStorage","getItem","removeItem","emailhash","_verifySecurityToken","_cleanUrl","process","nextTick","internal","services","collectPreauthCatalog","catch","resolve","then","requestAuthorizationCodeGrant","initiateLogin","options","email","emailHash","CryptoJS","SHA256","toString","csrf_token","_generateSecurityToken","code_challenge","_generateCodeChallenge","code_challenge_method","initiateAuthorizationCodeGrant","logger","info","credentials","buildLoginUrl","response_type","logout","noRedirect","buildLogoutUrl","reject","Error","form","grant_type","redirect_uri","config","self_contained_token","code_verifier","request","method","uri","tokenUrl","auth","user","client_id","pass","client_secret","sendImmediately","shouldRefreshAccessToken","res","set","supertoken","body","statusCode","ErrorConstructor","grantErrors","select","error","_res","history","replaceState","encode","search","querystring","stringify","format","safeCharacterMap","base64url","_safe_map","times","random","length","join","codeChallenge","setItem","token","uuid","v4","sessionToken","oneFlight"],"sources":["authorization.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint camelcase: [0] */\n\nimport querystring from 'querystring';\nimport url from 'url';\n\nimport {base64, oneFlight, whileInFlight} from '@webex/common';\nimport {grantErrors, WebexPlugin} from '@webex/webex-core';\nimport {cloneDeep, isEmpty, omit} from 'lodash';\nimport uuid from 'uuid';\nimport base64url from 'crypto-js/enc-base64url';\nimport CryptoJS from 'crypto-js';\n\n// Necessary to require lodash this way in order to stub\n// methods in the unit test\nconst lodash = require('lodash');\n\nconst OAUTH2_CSRF_TOKEN = 'oauth2-csrf-token';\nconst OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';\n\n/**\n * Browser support for OAuth2. Automatically parses the URL query for an\n * authorization code\n *\n * Use of this plugin for anything other than the Webex Web Client is strongly\n * discouraged and may be broken at any time\n * @class\n * @name AuthorizationBrowserFirstParty\n * @private\n */\nconst Authorization = WebexPlugin.extend({\n derived: {\n /**\n * Alias of {@link AuthorizationBrowserFirstParty#isAuthorizing}\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthenticating: {\n deps: ['isAuthorizing'],\n fn() {\n return this.isAuthorizing;\n },\n },\n },\n\n session: {\n /**\n * Indicates if an Authorization Code exchange is inflight\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthorizing: {\n default: false,\n type: 'boolean',\n },\n ready: {\n default: false,\n type: 'boolean',\n },\n },\n\n namespace: 'Credentials',\n\n /**\n * Initializer\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {Authorization}\n */\n // eslint-disable-next-line complexity\n initialize(...attrs) {\n const ret = Reflect.apply(WebexPlugin.prototype.initialize, this, attrs);\n const location = url.parse(this.webex.getWindow().location.href, true);\n\n this._checkForErrors(location);\n\n const {code} = location.query;\n\n if (!code) {\n this.ready = true;\n\n return ret;\n }\n\n if (location.query.state) {\n location.query.state = JSON.parse(base64.decode(location.query.state));\n } else {\n location.query.state = {};\n }\n\n const codeVerifier = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CODE_VERIFIER);\n\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CODE_VERIFIER);\n\n const {emailhash} = location.query.state;\n\n this._verifySecurityToken(location.query);\n this._cleanUrl(location);\n\n // Wait until nextTick in case `credentials` hasn't initialized yet\n process.nextTick(() => {\n this.webex.internal.services\n .collectPreauthCatalog({emailhash})\n .catch(() => Promise.resolve())\n .then(() => this.requestAuthorizationCodeGrant({code, codeVerifier}))\n .then(() => {\n this.ready = true;\n });\n });\n\n return ret;\n },\n\n /**\n * Kicks off an oauth flow\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @returns {Promise}\n */\n initiateLogin(options = {}) {\n options = cloneDeep(options);\n if (options.email) {\n options.emailHash = CryptoJS.SHA256(options.email).toString();\n }\n delete options.email;\n options.state = options.state || {};\n options.state.csrf_token = this._generateSecurityToken();\n // catalog uses emailhash and redirectCI uses emailHash\n options.state.emailhash = options.emailHash;\n\n options.code_challenge = this._generateCodeChallenge();\n options.code_challenge_method = 'S256';\n\n return this.initiateAuthorizationCodeGrant(options);\n },\n\n @whileInFlight('isAuthorizing')\n /**\n * Kicks off the Implicit Code grant flow. Typically called via\n * {@link AuthorizationBrowserFirstParty#initiateLogin}\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @returns {Promise}\n */\n initiateAuthorizationCodeGrant(options) {\n this.logger.info('authorization: initiating authorization code grant flow');\n this.webex.getWindow().location = this.webex.credentials.buildLoginUrl(\n Object.assign({response_type: 'code'}, options)\n );\n\n return Promise.resolve();\n },\n\n /**\n * Called by {@link WebexCore#logout()}. Redirects to the logout page\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {boolean} options.noRedirect if true, does not redirect\n * @returns {Promise}\n */\n logout(options = {}) {\n if (!options.noRedirect) {\n this.webex.getWindow().location = this.webex.credentials.buildLogoutUrl(options);\n }\n },\n\n @whileInFlight('isAuthorizing')\n @oneFlight\n /**\n * Exchanges an authorization code for an access token\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {Object} options.code\n * @returns {Promise}\n */\n requestAuthorizationCodeGrant(options = {}) {\n this.logger.info('credentials: requesting authorization code grant');\n\n if (!options.code) {\n return Promise.reject(new Error('`options.code` is required'));\n }\n\n const form = {\n grant_type: 'authorization_code',\n redirect_uri: this.config.redirect_uri,\n code: options.code,\n self_contained_token: true,\n };\n\n if (options.codeVerifier) {\n form.code_verifier = options.codeVerifier;\n }\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n form,\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n })\n .then((res) => {\n this.webex.credentials.set({supertoken: res.body});\n })\n .catch((res) => {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n });\n },\n\n /**\n * Checks if the result of the login redirect contains an error string\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {Promise}\n */\n _checkForErrors(location) {\n const {query} = location;\n\n if (query && query.error) {\n const ErrorConstructor = grantErrors.select(query.error);\n\n throw new ErrorConstructor(query);\n }\n },\n\n /**\n * Removes no-longer needed values from the url (access token, csrf token, etc)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {Promise}\n */\n _cleanUrl(location) {\n location = cloneDeep(location);\n if (this.webex.getWindow().history && this.webex.getWindow().history.replaceState) {\n Reflect.deleteProperty(location.query, 'code');\n if (isEmpty(omit(location.query.state, 'csrf_token'))) {\n Reflect.deleteProperty(location.query, 'state');\n } else {\n location.query.state = base64.encode(\n JSON.stringify(omit(location.query.state, 'csrf_token'))\n );\n }\n location.search = querystring.stringify(location.query);\n Reflect.deleteProperty(location, 'query');\n this.webex.getWindow().history.replaceState({}, null, url.format(location));\n }\n },\n\n /**\n * Generates PKCE code verifier and code challenge and sets the the code verifier in sessionStorage\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {string}\n */\n _generateCodeChallenge() {\n this.logger.info('authorization: generating PKCE code challenge');\n\n // eslint-disable-next-line no-underscore-dangle\n const safeCharacterMap = base64url._safe_map;\n\n const codeVerifier = lodash\n .times(128, () => safeCharacterMap[lodash.random(0, safeCharacterMap.length - 1)])\n .join('');\n\n const codeChallenge = CryptoJS.SHA256(codeVerifier).toString(base64url);\n\n this.webex.getWindow().sessionStorage.setItem(OAUTH2_CODE_VERIFIER, codeVerifier);\n\n return codeChallenge;\n },\n\n /**\n * Generates a CSRF token and sticks in in sessionStorage\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {Promise}\n */\n _generateSecurityToken() {\n this.logger.info('authorization: generating csrf token');\n\n const token = uuid.v4();\n\n this.webex.getWindow().sessionStorage.setItem('oauth2-csrf-token', token);\n\n return token;\n },\n\n /**\n * Checks if the CSRF token in sessionStorage is the same as the one returned\n * in the url.\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} query\n * @private\n * @returns {Promise}\n */\n _verifySecurityToken(query) {\n const sessionToken = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CSRF_TOKEN);\n\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CSRF_TOKEN);\n if (!sessionToken) {\n return;\n }\n\n if (!query.state) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n if (!query.state.csrf_token) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n const token = query.state.csrf_token;\n\n if (token !== sessionToken) {\n throw new Error(`CSRF token ${token} does not match stored token ${sessionToken}`);\n }\n },\n});\n\nexport default Authorization;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAMA;AACA;AAEA;AACA;AAEA;AACA;AACA;AAAiC;AAEjC;AACA;AACA,IAAMA,MAAM,GAAGC,OAAO,CAAC,QAAQ,CAAC;AAEhC,IAAMC,iBAAiB,GAAG,mBAAmB;AAC7C,IAAMC,oBAAoB,GAAG,sBAAsB;;AAEnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,aAAa,GAAGC,sBAAW,CAACC,MAAM,SA8GrC,IAAAC,qBAAa,EAAC,eAAe,CAAC,UAgC9B,IAAAA,qBAAa,EAAC,eAAe,CAAC,UA9IQ;EACvCC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACIC,gBAAgB,EAAE;MAChBC,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,gBAAG;QACH,OAAO,IAAI,CAACC,aAAa;MAC3B;IACF;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACID,aAAa,EAAE;MACbE,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACDC,KAAK,EAAE;MACLF,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR;EACF,CAAC;EAEDE,SAAS,EAAE,aAAa;EAExB;AACF;AACA;AACA;AACA;AACA;AACA;EACE;EACAC,UAAU,wBAAW;IAAA;IAAA,kCAAPC,KAAK;MAALA,KAAK;IAAA;IACjB,IAAMC,GAAG,GAAG,oBAAcf,sBAAW,CAACgB,SAAS,CAACH,UAAU,EAAE,IAAI,EAAEC,KAAK,CAAC;IACxE,IAAMG,QAAQ,GAAGC,YAAG,CAACC,KAAK,CAAC,IAAI,CAACC,KAAK,CAACC,SAAS,EAAE,CAACJ,QAAQ,CAACK,IAAI,EAAE,IAAI,CAAC;IAEtE,IAAI,CAACC,eAAe,CAACN,QAAQ,CAAC;IAE9B,IAAOO,IAAI,GAAIP,QAAQ,CAACQ,KAAK,CAAtBD,IAAI;IAEX,IAAI,CAACA,IAAI,EAAE;MACT,IAAI,CAACb,KAAK,GAAG,IAAI;MAEjB,OAAOI,GAAG;IACZ;IAEA,IAAIE,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE;MACxBT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGC,IAAI,CAACR,KAAK,CAACS,cAAM,CAACC,MAAM,CAACZ,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAC,CAAC;IACxE,CAAC,MAAM;MACLT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAG,CAAC,CAAC;IAC3B;IAEA,IAAMI,YAAY,GAAG,IAAI,CAACV,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACC,OAAO,CAAClC,oBAAoB,CAAC;IAExF,IAAI,CAACsB,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACE,UAAU,CAACnC,oBAAoB,CAAC;IAEtE,IAAOoC,SAAS,GAAIjB,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAjCQ,SAAS;IAEhB,IAAI,CAACC,oBAAoB,CAAClB,QAAQ,CAACQ,KAAK,CAAC;IACzC,IAAI,CAACW,SAAS,CAACnB,QAAQ,CAAC;;IAExB;IACAoB,OAAO,CAACC,QAAQ,CAAC,YAAM;MACrB,KAAI,CAAClB,KAAK,CAACmB,QAAQ,CAACC,QAAQ,CACzBC,qBAAqB,CAAC;QAACP,SAAS,EAATA;MAAS,CAAC,CAAC,CAClCQ,KAAK,CAAC;QAAA,OAAM,iBAAQC,OAAO,EAAE;MAAA,EAAC,CAC9BC,IAAI,CAAC;QAAA,OAAM,KAAI,CAACC,6BAA6B,CAAC;UAACrB,IAAI,EAAJA,IAAI;UAAEM,YAAY,EAAZA;QAAY,CAAC,CAAC;MAAA,EAAC,CACpEc,IAAI,CAAC,YAAM;QACV,KAAI,CAACjC,KAAK,GAAG,IAAI;MACnB,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,OAAOI,GAAG;EACZ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACE+B,aAAa,2BAAe;IAAA,IAAdC,OAAO,uEAAG,CAAC,CAAC;IACxBA,OAAO,GAAG,yBAAUA,OAAO,CAAC;IAC5B,IAAIA,OAAO,CAACC,KAAK,EAAE;MACjBD,OAAO,CAACE,SAAS,GAAGC,iBAAQ,CAACC,MAAM,CAACJ,OAAO,CAACC,KAAK,CAAC,CAACI,QAAQ,EAAE;IAC/D;IACA,OAAOL,OAAO,CAACC,KAAK;IACpBD,OAAO,CAACrB,KAAK,GAAGqB,OAAO,CAACrB,KAAK,IAAI,CAAC,CAAC;IACnCqB,OAAO,CAACrB,KAAK,CAAC2B,UAAU,GAAG,IAAI,CAACC,sBAAsB,EAAE;IACxD;IACAP,OAAO,CAACrB,KAAK,CAACQ,SAAS,GAAGa,OAAO,CAACE,SAAS;IAE3CF,OAAO,CAACQ,cAAc,GAAG,IAAI,CAACC,sBAAsB,EAAE;IACtDT,OAAO,CAACU,qBAAqB,GAAG,MAAM;IAEtC,OAAO,IAAI,CAACC,8BAA8B,CAACX,OAAO,CAAC;EACrD,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,8BAA8B,0CAACX,OAAO,EAAE;IACtC,IAAI,CAACY,MAAM,CAACC,IAAI,CAAC,yDAAyD,CAAC;IAC3E,IAAI,CAACxC,KAAK,CAACC,SAAS,EAAE,CAACJ,QAAQ,GAAG,IAAI,CAACG,KAAK,CAACyC,WAAW,CAACC,aAAa,CACpE,qBAAc;MAACC,aAAa,EAAE;IAAM,CAAC,EAAEhB,OAAO,CAAC,CAChD;IAED,OAAO,iBAAQJ,OAAO,EAAE;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEqB,MAAM,oBAAe;IAAA,IAAdjB,OAAO,uEAAG,CAAC,CAAC;IACjB,IAAI,CAACA,OAAO,CAACkB,UAAU,EAAE;MACvB,IAAI,CAAC7C,KAAK,CAACC,SAAS,EAAE,CAACJ,QAAQ,GAAG,IAAI,CAACG,KAAK,CAACyC,WAAW,CAACK,cAAc,CAACnB,OAAO,CAAC;IAClF;EACF,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEF,6BAA6B,2CAAe;IAAA;IAAA,IAAdE,OAAO,uEAAG,CAAC,CAAC;IACxC,IAAI,CAACY,MAAM,CAACC,IAAI,CAAC,kDAAkD,CAAC;IAEpE,IAAI,CAACb,OAAO,CAACvB,IAAI,EAAE;MACjB,OAAO,iBAAQ2C,MAAM,CAAC,IAAIC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChE;IAEA,IAAMC,IAAI,GAAG;MACXC,UAAU,EAAE,oBAAoB;MAChCC,YAAY,EAAE,IAAI,CAACC,MAAM,CAACD,YAAY;MACtC/C,IAAI,EAAEuB,OAAO,CAACvB,IAAI;MAClBiD,oBAAoB,EAAE;IACxB,CAAC;IAED,IAAI1B,OAAO,CAACjB,YAAY,EAAE;MACxBuC,IAAI,CAACK,aAAa,GAAG3B,OAAO,CAACjB,YAAY;IAC3C;IAEA,OAAO,IAAI,CAACV,KAAK,CACduD,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAACL,MAAM,CAACM,QAAQ;MACzBT,IAAI,EAAJA,IAAI;MACJU,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;IAC5B,CAAC,CAAC,CACDzC,IAAI,CAAC,UAAC0C,GAAG,EAAK;MACb,MAAI,CAAClE,KAAK,CAACyC,WAAW,CAAC0B,GAAG,CAAC;QAACC,UAAU,EAAEF,GAAG,CAACG;MAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CACD/C,KAAK,CAAC,UAAC4C,GAAG,EAAK;MACd,IAAIA,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAO,iBAAQvB,MAAM,CAACmB,GAAG,CAAC;MAC5B;MAEA,IAAMK,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACP,GAAG,CAACG,IAAI,CAACK,KAAK,CAAC;MAE3D,OAAO,iBAAQ3B,MAAM,CAAC,IAAIwB,gBAAgB,CAACL,GAAG,CAACS,IAAI,IAAIT,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE/D,eAAe,2BAACN,QAAQ,EAAE;IACxB,IAAOQ,KAAK,GAAIR,QAAQ,CAAjBQ,KAAK;IAEZ,IAAIA,KAAK,IAAIA,KAAK,CAACqE,KAAK,EAAE;MACxB,IAAMH,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACpE,KAAK,CAACqE,KAAK,CAAC;MAExD,MAAM,IAAIH,gBAAgB,CAAClE,KAAK,CAAC;IACnC;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,SAAS,qBAACnB,QAAQ,EAAE;IAClBA,QAAQ,GAAG,yBAAUA,QAAQ,CAAC;IAC9B,IAAI,IAAI,CAACG,KAAK,CAACC,SAAS,EAAE,CAAC2E,OAAO,IAAI,IAAI,CAAC5E,KAAK,CAACC,SAAS,EAAE,CAAC2E,OAAO,CAACC,YAAY,EAAE;MACjF,6BAAuBhF,QAAQ,CAACQ,KAAK,EAAE,MAAM,CAAC;MAC9C,IAAI,uBAAQ,oBAAKR,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE;QACrD,6BAAuBT,QAAQ,CAACQ,KAAK,EAAE,OAAO,CAAC;MACjD,CAAC,MAAM;QACLR,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGE,cAAM,CAACsE,MAAM,CAClC,wBAAe,oBAAKjF,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CAAC,CACzD;MACH;MACAT,QAAQ,CAACkF,MAAM,GAAGC,oBAAW,CAACC,SAAS,CAACpF,QAAQ,CAACQ,KAAK,CAAC;MACvD,6BAAuBR,QAAQ,EAAE,OAAO,CAAC;MACzC,IAAI,CAACG,KAAK,CAACC,SAAS,EAAE,CAAC2E,OAAO,CAACC,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE/E,YAAG,CAACoF,MAAM,CAACrF,QAAQ,CAAC,CAAC;IAC7E;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEuC,sBAAsB,oCAAG;IACvB,IAAI,CAACG,MAAM,CAACC,IAAI,CAAC,+CAA+C,CAAC;;IAEjE;IACA,IAAM2C,gBAAgB,GAAGC,qBAAS,CAACC,SAAS;IAE5C,IAAM3E,YAAY,GAAGnC,MAAM,CACxB+G,KAAK,CAAC,GAAG,EAAE;MAAA,OAAMH,gBAAgB,CAAC5G,MAAM,CAACgH,MAAM,CAAC,CAAC,EAAEJ,gBAAgB,CAACK,MAAM,GAAG,CAAC,CAAC,CAAC;IAAA,EAAC,CACjFC,IAAI,CAAC,EAAE,CAAC;IAEX,IAAMC,aAAa,GAAG5D,iBAAQ,CAACC,MAAM,CAACrB,YAAY,CAAC,CAACsB,QAAQ,CAACoD,qBAAS,CAAC;IAEvE,IAAI,CAACpF,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACgF,OAAO,CAACjH,oBAAoB,EAAEgC,YAAY,CAAC;IAEjF,OAAOgF,aAAa;EACtB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACExD,sBAAsB,oCAAG;IACvB,IAAI,CAACK,MAAM,CAACC,IAAI,CAAC,sCAAsC,CAAC;IAExD,IAAMoD,KAAK,GAAGC,aAAI,CAACC,EAAE,EAAE;IAEvB,IAAI,CAAC9F,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACgF,OAAO,CAAC,mBAAmB,EAAEC,KAAK,CAAC;IAEzE,OAAOA,KAAK;EACd,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE7E,oBAAoB,gCAACV,KAAK,EAAE;IAC1B,IAAM0F,YAAY,GAAG,IAAI,CAAC/F,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACC,OAAO,CAACnC,iBAAiB,CAAC;IAErF,IAAI,CAACuB,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACE,UAAU,CAACpC,iBAAiB,CAAC;IACnE,IAAI,CAACsH,YAAY,EAAE;MACjB;IACF;IAEA,IAAI,CAAC1F,KAAK,CAACC,KAAK,EAAE;MAChB,MAAM,IAAI0C,KAAK,+BAAwB+C,YAAY,uCAAoC;IACzF;IAEA,IAAI,CAAC1F,KAAK,CAACC,KAAK,CAAC2B,UAAU,EAAE;MAC3B,MAAM,IAAIe,KAAK,+BAAwB+C,YAAY,uCAAoC;IACzF;IAEA,IAAMH,KAAK,GAAGvF,KAAK,CAACC,KAAK,CAAC2B,UAAU;IAEpC,IAAI2D,KAAK,KAAKG,YAAY,EAAE;MAC1B,MAAM,IAAI/C,KAAK,sBAAe4C,KAAK,0CAAgCG,YAAY,EAAG;IACpF;EACF,CAAC;EAAA;AACH,CAAC,yQAxKEC,iBAAS,iGAwKV;AAAC,eAEYrH,aAAa;AAAA"}
1
+ {"version":3,"names":["lodash","require","OAUTH2_CSRF_TOKEN","OAUTH2_CODE_VERIFIER","Authorization","WebexPlugin","extend","whileInFlight","derived","isAuthenticating","deps","fn","isAuthorizing","session","default","type","ready","namespace","initialize","attrs","ret","prototype","location","url","parse","webex","getWindow","href","_checkForErrors","code","query","state","JSON","base64","decode","codeVerifier","sessionStorage","getItem","removeItem","emailhash","_verifySecurityToken","_cleanUrl","process","nextTick","internal","services","collectPreauthCatalog","catch","resolve","then","requestAuthorizationCodeGrant","error","logger","warn","initiateLogin","options","email","emailHash","CryptoJS","SHA256","toString","csrf_token","_generateSecurityToken","code_challenge","_generateCodeChallenge","code_challenge_method","initiateAuthorizationCodeGrant","info","credentials","buildLoginUrl","response_type","logout","noRedirect","buildLogoutUrl","reject","Error","form","grant_type","redirect_uri","config","self_contained_token","code_verifier","request","method","uri","tokenUrl","auth","user","client_id","pass","client_secret","sendImmediately","shouldRefreshAccessToken","res","set","supertoken","body","statusCode","ErrorConstructor","grantErrors","select","_res","history","replaceState","encode","search","querystring","stringify","format","safeCharacterMap","base64url","_safe_map","times","random","length","join","codeChallenge","setItem","token","uuid","v4","sessionToken","oneFlight"],"sources":["authorization.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint camelcase: [0] */\n\nimport querystring from 'querystring';\nimport url from 'url';\n\nimport {base64, oneFlight, whileInFlight} from '@webex/common';\nimport {grantErrors, WebexPlugin} from '@webex/webex-core';\nimport {cloneDeep, isEmpty, omit} from 'lodash';\nimport uuid from 'uuid';\nimport base64url from 'crypto-js/enc-base64url';\nimport CryptoJS from 'crypto-js';\n\n// Necessary to require lodash this way in order to stub\n// methods in the unit test\nconst lodash = require('lodash');\n\nconst OAUTH2_CSRF_TOKEN = 'oauth2-csrf-token';\nconst OAUTH2_CODE_VERIFIER = 'oauth2-code-verifier';\n\n/**\n * Browser support for OAuth2. Automatically parses the URL query for an\n * authorization code\n *\n * Use of this plugin for anything other than the Webex Web Client is strongly\n * discouraged and may be broken at any time\n * @class\n * @name AuthorizationBrowserFirstParty\n * @private\n */\nconst Authorization = WebexPlugin.extend({\n derived: {\n /**\n * Alias of {@link AuthorizationBrowserFirstParty#isAuthorizing}\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthenticating: {\n deps: ['isAuthorizing'],\n fn() {\n return this.isAuthorizing;\n },\n },\n },\n\n session: {\n /**\n * Indicates if an Authorization Code exchange is inflight\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @type {boolean}\n */\n isAuthorizing: {\n default: false,\n type: 'boolean',\n },\n ready: {\n default: false,\n type: 'boolean',\n },\n },\n\n namespace: 'Credentials',\n\n /**\n * Initializer\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {Authorization}\n */\n // eslint-disable-next-line complexity\n initialize(...attrs) {\n const ret = Reflect.apply(WebexPlugin.prototype.initialize, this, attrs);\n const location = url.parse(this.webex.getWindow().location.href, true);\n\n this._checkForErrors(location);\n\n const {code} = location.query;\n\n if (!code) {\n this.ready = true;\n\n return ret;\n }\n\n if (location.query.state) {\n location.query.state = JSON.parse(base64.decode(location.query.state));\n } else {\n location.query.state = {};\n }\n\n const codeVerifier = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CODE_VERIFIER);\n\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CODE_VERIFIER);\n\n const {emailhash} = location.query.state;\n\n this._verifySecurityToken(location.query);\n this._cleanUrl(location);\n\n // Wait until nextTick in case `credentials` hasn't initialized yet\n process.nextTick(() => {\n this.webex.internal.services\n .collectPreauthCatalog({emailhash})\n .catch(() => Promise.resolve())\n .then(() => this.requestAuthorizationCodeGrant({code, codeVerifier}))\n .catch((error) => {\n this.logger.warn('authorization: failed initial authorization code grant request', error)\n })\n .then(() => {\n this.ready = true;\n });\n });\n\n return ret;\n },\n\n /**\n * Kicks off an oauth flow\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @returns {Promise}\n */\n initiateLogin(options = {}) {\n options = cloneDeep(options);\n if (options.email) {\n options.emailHash = CryptoJS.SHA256(options.email).toString();\n }\n delete options.email;\n options.state = options.state || {};\n options.state.csrf_token = this._generateSecurityToken();\n // catalog uses emailhash and redirectCI uses emailHash\n options.state.emailhash = options.emailHash;\n\n options.code_challenge = this._generateCodeChallenge();\n options.code_challenge_method = 'S256';\n\n return this.initiateAuthorizationCodeGrant(options);\n },\n\n @whileInFlight('isAuthorizing')\n /**\n * Kicks off the Implicit Code grant flow. Typically called via\n * {@link AuthorizationBrowserFirstParty#initiateLogin}\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @returns {Promise}\n */\n initiateAuthorizationCodeGrant(options) {\n this.logger.info('authorization: initiating authorization code grant flow');\n this.webex.getWindow().location = this.webex.credentials.buildLoginUrl(\n Object.assign({response_type: 'code'}, options)\n );\n\n return Promise.resolve();\n },\n\n /**\n * Called by {@link WebexCore#logout()}. Redirects to the logout page\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {boolean} options.noRedirect if true, does not redirect\n * @returns {Promise}\n */\n logout(options = {}) {\n if (!options.noRedirect) {\n this.webex.getWindow().location = this.webex.credentials.buildLogoutUrl(options);\n }\n },\n\n @whileInFlight('isAuthorizing')\n @oneFlight\n /**\n * Exchanges an authorization code for an access token\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} options\n * @param {Object} options.code\n * @returns {Promise}\n */\n requestAuthorizationCodeGrant(options = {}) {\n this.logger.info('credentials: requesting authorization code grant');\n\n if (!options.code) {\n return Promise.reject(new Error('`options.code` is required'));\n }\n\n const form = {\n grant_type: 'authorization_code',\n redirect_uri: this.config.redirect_uri,\n code: options.code,\n self_contained_token: true,\n };\n\n if (options.codeVerifier) {\n form.code_verifier = options.codeVerifier;\n }\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n form,\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n })\n .then((res) => {\n this.webex.credentials.set({supertoken: res.body});\n })\n .catch((res) => {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n });\n },\n\n /**\n * Checks if the result of the login redirect contains an error string\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {Promise}\n */\n _checkForErrors(location) {\n const {query} = location;\n\n if (query && query.error) {\n const ErrorConstructor = grantErrors.select(query.error);\n\n throw new ErrorConstructor(query);\n }\n },\n\n /**\n * Removes no-longer needed values from the url (access token, csrf token, etc)\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} location\n * @private\n * @returns {Promise}\n */\n _cleanUrl(location) {\n location = cloneDeep(location);\n if (this.webex.getWindow().history && this.webex.getWindow().history.replaceState) {\n Reflect.deleteProperty(location.query, 'code');\n if (isEmpty(omit(location.query.state, 'csrf_token'))) {\n Reflect.deleteProperty(location.query, 'state');\n } else {\n location.query.state = base64.encode(\n JSON.stringify(omit(location.query.state, 'csrf_token'))\n );\n }\n location.search = querystring.stringify(location.query);\n Reflect.deleteProperty(location, 'query');\n this.webex.getWindow().history.replaceState({}, null, url.format(location));\n }\n },\n\n /**\n * Generates PKCE code verifier and code challenge and sets the the code verifier in sessionStorage\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {string}\n */\n _generateCodeChallenge() {\n this.logger.info('authorization: generating PKCE code challenge');\n\n // eslint-disable-next-line no-underscore-dangle\n const safeCharacterMap = base64url._safe_map;\n\n const codeVerifier = lodash\n .times(128, () => safeCharacterMap[lodash.random(0, safeCharacterMap.length - 1)])\n .join('');\n\n const codeChallenge = CryptoJS.SHA256(codeVerifier).toString(base64url);\n\n this.webex.getWindow().sessionStorage.setItem(OAUTH2_CODE_VERIFIER, codeVerifier);\n\n return codeChallenge;\n },\n\n /**\n * Generates a CSRF token and sticks in in sessionStorage\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @private\n * @returns {Promise}\n */\n _generateSecurityToken() {\n this.logger.info('authorization: generating csrf token');\n\n const token = uuid.v4();\n\n this.webex.getWindow().sessionStorage.setItem('oauth2-csrf-token', token);\n\n return token;\n },\n\n /**\n * Checks if the CSRF token in sessionStorage is the same as the one returned\n * in the url.\n * @instance\n * @memberof AuthorizationBrowserFirstParty\n * @param {Object} query\n * @private\n * @returns {Promise}\n */\n _verifySecurityToken(query) {\n const sessionToken = this.webex.getWindow().sessionStorage.getItem(OAUTH2_CSRF_TOKEN);\n\n this.webex.getWindow().sessionStorage.removeItem(OAUTH2_CSRF_TOKEN);\n if (!sessionToken) {\n return;\n }\n\n if (!query.state) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n if (!query.state.csrf_token) {\n throw new Error(`Expected CSRF token ${sessionToken}, but not found in redirect query`);\n }\n\n const token = query.state.csrf_token;\n\n if (token !== sessionToken) {\n throw new Error(`CSRF token ${token} does not match stored token ${sessionToken}`);\n }\n },\n});\n\nexport default Authorization;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAMA;AACA;AAEA;AACA;AAEA;AACA;AACA;AAAiC;AAEjC;AACA;AACA,IAAMA,MAAM,GAAGC,OAAO,CAAC,QAAQ,CAAC;AAEhC,IAAMC,iBAAiB,GAAG,mBAAmB;AAC7C,IAAMC,oBAAoB,GAAG,sBAAsB;;AAEnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,aAAa,GAAGC,sBAAW,CAACC,MAAM,SAiHrC,IAAAC,qBAAa,EAAC,eAAe,CAAC,UAgC9B,IAAAA,qBAAa,EAAC,eAAe,CAAC,UAjJQ;EACvCC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACIC,gBAAgB,EAAE;MAChBC,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,gBAAG;QACH,OAAO,IAAI,CAACC,aAAa;MAC3B;IACF;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;IACID,aAAa,EAAE;MACbE,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACDC,KAAK,EAAE;MACLF,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR;EACF,CAAC;EAEDE,SAAS,EAAE,aAAa;EAExB;AACF;AACA;AACA;AACA;AACA;AACA;EACE;EACAC,UAAU,wBAAW;IAAA;IAAA,kCAAPC,KAAK;MAALA,KAAK;IAAA;IACjB,IAAMC,GAAG,GAAG,oBAAcf,sBAAW,CAACgB,SAAS,CAACH,UAAU,EAAE,IAAI,EAAEC,KAAK,CAAC;IACxE,IAAMG,QAAQ,GAAGC,YAAG,CAACC,KAAK,CAAC,IAAI,CAACC,KAAK,CAACC,SAAS,EAAE,CAACJ,QAAQ,CAACK,IAAI,EAAE,IAAI,CAAC;IAEtE,IAAI,CAACC,eAAe,CAACN,QAAQ,CAAC;IAE9B,IAAOO,IAAI,GAAIP,QAAQ,CAACQ,KAAK,CAAtBD,IAAI;IAEX,IAAI,CAACA,IAAI,EAAE;MACT,IAAI,CAACb,KAAK,GAAG,IAAI;MAEjB,OAAOI,GAAG;IACZ;IAEA,IAAIE,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE;MACxBT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGC,IAAI,CAACR,KAAK,CAACS,cAAM,CAACC,MAAM,CAACZ,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAC,CAAC;IACxE,CAAC,MAAM;MACLT,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAG,CAAC,CAAC;IAC3B;IAEA,IAAMI,YAAY,GAAG,IAAI,CAACV,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACC,OAAO,CAAClC,oBAAoB,CAAC;IAExF,IAAI,CAACsB,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACE,UAAU,CAACnC,oBAAoB,CAAC;IAEtE,IAAOoC,SAAS,GAAIjB,QAAQ,CAACQ,KAAK,CAACC,KAAK,CAAjCQ,SAAS;IAEhB,IAAI,CAACC,oBAAoB,CAAClB,QAAQ,CAACQ,KAAK,CAAC;IACzC,IAAI,CAACW,SAAS,CAACnB,QAAQ,CAAC;;IAExB;IACAoB,OAAO,CAACC,QAAQ,CAAC,YAAM;MACrB,KAAI,CAAClB,KAAK,CAACmB,QAAQ,CAACC,QAAQ,CACzBC,qBAAqB,CAAC;QAACP,SAAS,EAATA;MAAS,CAAC,CAAC,CAClCQ,KAAK,CAAC;QAAA,OAAM,iBAAQC,OAAO,EAAE;MAAA,EAAC,CAC9BC,IAAI,CAAC;QAAA,OAAM,KAAI,CAACC,6BAA6B,CAAC;UAACrB,IAAI,EAAJA,IAAI;UAAEM,YAAY,EAAZA;QAAY,CAAC,CAAC;MAAA,EAAC,CACpEY,KAAK,CAAC,UAACI,KAAK,EAAK;QAChB,KAAI,CAACC,MAAM,CAACC,IAAI,CAAC,gEAAgE,EAAEF,KAAK,CAAC;MAC3F,CAAC,CAAC,CACDF,IAAI,CAAC,YAAM;QACV,KAAI,CAACjC,KAAK,GAAG,IAAI;MACnB,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,OAAOI,GAAG;EACZ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEkC,aAAa,2BAAe;IAAA,IAAdC,OAAO,uEAAG,CAAC,CAAC;IACxBA,OAAO,GAAG,yBAAUA,OAAO,CAAC;IAC5B,IAAIA,OAAO,CAACC,KAAK,EAAE;MACjBD,OAAO,CAACE,SAAS,GAAGC,iBAAQ,CAACC,MAAM,CAACJ,OAAO,CAACC,KAAK,CAAC,CAACI,QAAQ,EAAE;IAC/D;IACA,OAAOL,OAAO,CAACC,KAAK;IACpBD,OAAO,CAACxB,KAAK,GAAGwB,OAAO,CAACxB,KAAK,IAAI,CAAC,CAAC;IACnCwB,OAAO,CAACxB,KAAK,CAAC8B,UAAU,GAAG,IAAI,CAACC,sBAAsB,EAAE;IACxD;IACAP,OAAO,CAACxB,KAAK,CAACQ,SAAS,GAAGgB,OAAO,CAACE,SAAS;IAE3CF,OAAO,CAACQ,cAAc,GAAG,IAAI,CAACC,sBAAsB,EAAE;IACtDT,OAAO,CAACU,qBAAqB,GAAG,MAAM;IAEtC,OAAO,IAAI,CAACC,8BAA8B,CAACX,OAAO,CAAC;EACrD,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,8BAA8B,0CAACX,OAAO,EAAE;IACtC,IAAI,CAACH,MAAM,CAACe,IAAI,CAAC,yDAAyD,CAAC;IAC3E,IAAI,CAAC1C,KAAK,CAACC,SAAS,EAAE,CAACJ,QAAQ,GAAG,IAAI,CAACG,KAAK,CAAC2C,WAAW,CAACC,aAAa,CACpE,qBAAc;MAACC,aAAa,EAAE;IAAM,CAAC,EAAEf,OAAO,CAAC,CAChD;IAED,OAAO,iBAAQP,OAAO,EAAE;EAC1B,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEuB,MAAM,oBAAe;IAAA,IAAdhB,OAAO,uEAAG,CAAC,CAAC;IACjB,IAAI,CAACA,OAAO,CAACiB,UAAU,EAAE;MACvB,IAAI,CAAC/C,KAAK,CAACC,SAAS,EAAE,CAACJ,QAAQ,GAAG,IAAI,CAACG,KAAK,CAAC2C,WAAW,CAACK,cAAc,CAAClB,OAAO,CAAC;IAClF;EACF,CAAC;EAID;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEL,6BAA6B,2CAAe;IAAA;IAAA,IAAdK,OAAO,uEAAG,CAAC,CAAC;IACxC,IAAI,CAACH,MAAM,CAACe,IAAI,CAAC,kDAAkD,CAAC;IAEpE,IAAI,CAACZ,OAAO,CAAC1B,IAAI,EAAE;MACjB,OAAO,iBAAQ6C,MAAM,CAAC,IAAIC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChE;IAEA,IAAMC,IAAI,GAAG;MACXC,UAAU,EAAE,oBAAoB;MAChCC,YAAY,EAAE,IAAI,CAACC,MAAM,CAACD,YAAY;MACtCjD,IAAI,EAAE0B,OAAO,CAAC1B,IAAI;MAClBmD,oBAAoB,EAAE;IACxB,CAAC;IAED,IAAIzB,OAAO,CAACpB,YAAY,EAAE;MACxByC,IAAI,CAACK,aAAa,GAAG1B,OAAO,CAACpB,YAAY;IAC3C;IAEA,OAAO,IAAI,CAACV,KAAK,CACdyD,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAACL,MAAM,CAACM,QAAQ;MACzBT,IAAI,EAAJA,IAAI;MACJU,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAACR,MAAM,CAACS,SAAS;QAC3BC,IAAI,EAAE,IAAI,CAACV,MAAM,CAACW,aAAa;QAC/BC,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;IAC5B,CAAC,CAAC,CACD3C,IAAI,CAAC,UAAC4C,GAAG,EAAK;MACb,MAAI,CAACpE,KAAK,CAAC2C,WAAW,CAAC0B,GAAG,CAAC;QAACC,UAAU,EAAEF,GAAG,CAACG;MAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CACDjD,KAAK,CAAC,UAAC8C,GAAG,EAAK;MACd,IAAIA,GAAG,CAACI,UAAU,KAAK,GAAG,EAAE;QAC1B,OAAO,iBAAQvB,MAAM,CAACmB,GAAG,CAAC;MAC5B;MAEA,IAAMK,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACP,GAAG,CAACG,IAAI,CAAC7C,KAAK,CAAC;MAE3D,OAAO,iBAAQuB,MAAM,CAAC,IAAIwB,gBAAgB,CAACL,GAAG,CAACQ,IAAI,IAAIR,GAAG,CAAC,CAAC;IAC9D,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEjE,eAAe,2BAACN,QAAQ,EAAE;IACxB,IAAOQ,KAAK,GAAIR,QAAQ,CAAjBQ,KAAK;IAEZ,IAAIA,KAAK,IAAIA,KAAK,CAACqB,KAAK,EAAE;MACxB,IAAM+C,gBAAgB,GAAGC,sBAAW,CAACC,MAAM,CAACtE,KAAK,CAACqB,KAAK,CAAC;MAExD,MAAM,IAAI+C,gBAAgB,CAACpE,KAAK,CAAC;IACnC;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,SAAS,qBAACnB,QAAQ,EAAE;IAClBA,QAAQ,GAAG,yBAAUA,QAAQ,CAAC;IAC9B,IAAI,IAAI,CAACG,KAAK,CAACC,SAAS,EAAE,CAAC4E,OAAO,IAAI,IAAI,CAAC7E,KAAK,CAACC,SAAS,EAAE,CAAC4E,OAAO,CAACC,YAAY,EAAE;MACjF,6BAAuBjF,QAAQ,CAACQ,KAAK,EAAE,MAAM,CAAC;MAC9C,IAAI,uBAAQ,oBAAKR,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE;QACrD,6BAAuBT,QAAQ,CAACQ,KAAK,EAAE,OAAO,CAAC;MACjD,CAAC,MAAM;QACLR,QAAQ,CAACQ,KAAK,CAACC,KAAK,GAAGE,cAAM,CAACuE,MAAM,CAClC,wBAAe,oBAAKlF,QAAQ,CAACQ,KAAK,CAACC,KAAK,EAAE,YAAY,CAAC,CAAC,CACzD;MACH;MACAT,QAAQ,CAACmF,MAAM,GAAGC,oBAAW,CAACC,SAAS,CAACrF,QAAQ,CAACQ,KAAK,CAAC;MACvD,6BAAuBR,QAAQ,EAAE,OAAO,CAAC;MACzC,IAAI,CAACG,KAAK,CAACC,SAAS,EAAE,CAAC4E,OAAO,CAACC,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,EAAEhF,YAAG,CAACqF,MAAM,CAACtF,QAAQ,CAAC,CAAC;IAC7E;EACF,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACE0C,sBAAsB,oCAAG;IACvB,IAAI,CAACZ,MAAM,CAACe,IAAI,CAAC,+CAA+C,CAAC;;IAEjE;IACA,IAAM0C,gBAAgB,GAAGC,qBAAS,CAACC,SAAS;IAE5C,IAAM5E,YAAY,GAAGnC,MAAM,CACxBgH,KAAK,CAAC,GAAG,EAAE;MAAA,OAAMH,gBAAgB,CAAC7G,MAAM,CAACiH,MAAM,CAAC,CAAC,EAAEJ,gBAAgB,CAACK,MAAM,GAAG,CAAC,CAAC,CAAC;IAAA,EAAC,CACjFC,IAAI,CAAC,EAAE,CAAC;IAEX,IAAMC,aAAa,GAAG1D,iBAAQ,CAACC,MAAM,CAACxB,YAAY,CAAC,CAACyB,QAAQ,CAACkD,qBAAS,CAAC;IAEvE,IAAI,CAACrF,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACiF,OAAO,CAAClH,oBAAoB,EAAEgC,YAAY,CAAC;IAEjF,OAAOiF,aAAa;EACtB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEtD,sBAAsB,oCAAG;IACvB,IAAI,CAACV,MAAM,CAACe,IAAI,CAAC,sCAAsC,CAAC;IAExD,IAAMmD,KAAK,GAAGC,aAAI,CAACC,EAAE,EAAE;IAEvB,IAAI,CAAC/F,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACiF,OAAO,CAAC,mBAAmB,EAAEC,KAAK,CAAC;IAEzE,OAAOA,KAAK;EACd,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE9E,oBAAoB,gCAACV,KAAK,EAAE;IAC1B,IAAM2F,YAAY,GAAG,IAAI,CAAChG,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACC,OAAO,CAACnC,iBAAiB,CAAC;IAErF,IAAI,CAACuB,KAAK,CAACC,SAAS,EAAE,CAACU,cAAc,CAACE,UAAU,CAACpC,iBAAiB,CAAC;IACnE,IAAI,CAACuH,YAAY,EAAE;MACjB;IACF;IAEA,IAAI,CAAC3F,KAAK,CAACC,KAAK,EAAE;MAChB,MAAM,IAAI4C,KAAK,+BAAwB8C,YAAY,uCAAoC;IACzF;IAEA,IAAI,CAAC3F,KAAK,CAACC,KAAK,CAAC8B,UAAU,EAAE;MAC3B,MAAM,IAAIc,KAAK,+BAAwB8C,YAAY,uCAAoC;IACzF;IAEA,IAAMH,KAAK,GAAGxF,KAAK,CAACC,KAAK,CAAC8B,UAAU;IAEpC,IAAIyD,KAAK,KAAKG,YAAY,EAAE;MAC1B,MAAM,IAAI9C,KAAK,sBAAe2C,KAAK,0CAAgCG,YAAY,EAAG;IACpF;EACF,CAAC;EAAA;AACH,CAAC,yQAxKEC,iBAAS,iGAwKV;AAAC,eAEYtH,aAAa;AAAA"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@webex/plugin-authorization-browser-first-party",
3
- "version": "3.0.0-beta.42",
3
+ "version": "3.0.0-beta.421",
4
4
  "description": "",
5
5
  "license": "MIT",
6
6
  "author": "Ian W. Remmel <iremmel@cisco.com>",
@@ -25,15 +25,15 @@
25
25
  "sinon": "^9.2.4"
26
26
  },
27
27
  "dependencies": {
28
- "@webex/common": "3.0.0-beta.42",
29
- "@webex/plugin-authorization-browser-first-party": "3.0.0-beta.42",
30
- "@webex/storage-adapter-local-storage": "3.0.0-beta.42",
31
- "@webex/test-helper-automation": "3.0.0-beta.42",
32
- "@webex/test-helper-chai": "3.0.0-beta.42",
33
- "@webex/test-helper-mocha": "3.0.0-beta.42",
34
- "@webex/test-helper-mock-webex": "3.0.0-beta.42",
35
- "@webex/test-helper-test-users": "3.0.0-beta.42",
36
- "@webex/webex-core": "3.0.0-beta.42",
28
+ "@webex/common": "3.0.0-beta.421",
29
+ "@webex/plugin-authorization-browser-first-party": "3.0.0-beta.421",
30
+ "@webex/storage-adapter-local-storage": "3.0.0-beta.421",
31
+ "@webex/test-helper-automation": "3.0.0-beta.421",
32
+ "@webex/test-helper-chai": "3.0.0-beta.421",
33
+ "@webex/test-helper-mocha": "3.0.0-beta.421",
34
+ "@webex/test-helper-mock-webex": "3.0.0-beta.421",
35
+ "@webex/test-helper-test-users": "3.0.0-beta.421",
36
+ "@webex/webex-core": "3.0.0-beta.421",
37
37
  "crypto-js": "^4.1.1",
38
38
  "lodash": "^4.17.21",
39
39
  "uuid": "^3.3.2"
package/src/authorization.js CHANGED
@@ -109,6 +109,9 @@ const Authorization = WebexPlugin.extend({
109
109
  .collectPreauthCatalog({emailhash})
110
110
  .catch(() => Promise.resolve())
111
111
  .then(() => this.requestAuthorizationCodeGrant({code, codeVerifier}))
112
+ .catch((error) => {
113
+ this.logger.warn('authorization: failed initial authorization code grant request', error)
114
+ })
112
115
  .then(() => {
113
116
  this.ready = true;
114
117
  });
package/test/unit/spec/authorization.js CHANGED
@@ -19,7 +19,8 @@ import Authorization from '@webex/plugin-authorization-browser-first-party';
19
19
  // Necessary to require lodash this way in order to stub the method
20
20
  const lodash = require('lodash');
21
21
 
22
- browserOnly(describe)('plugin-authorization-browser-first-party', () => {
22
+
23
+ browserOnly(describe)('plugin-authorization-browser', () => {
23
24
  describe('Authorization', () => {
24
25
  function makeWebex(
25
26
  href = 'https://example.com',
@@ -100,6 +101,10 @@ browserOnly(describe)('plugin-authorization-browser-first-party', () => {
100
101
  return webex;
101
102
  }
102
103
 
104
+ afterEach(() => {
105
+ sinon.restore();
106
+ });
107
+
103
108
  describe('#initialize()', () => {
104
109
  describe('when there is a code in the url', () => {
105
110
  it('exchanges it for an access token and sets ready', () => {
@@ -177,14 +182,38 @@ browserOnly(describe)('plugin-authorization-browser-first-party', () => {
177
182
  );
178
183
  });
179
184
  });
185
+
186
+ it('handles an error when exchanging an authorization code and becomes ready', () => {
187
+ const code = 'errors-when-exchanging';
188
+ const error = new Error('something bad happened');
189
+ const requestAuthorizationCodeGrantStub = sinon
190
+ .stub(Authorization.prototype, 'requestAuthorizationCodeGrant')
191
+ .throws(error);
192
+
193
+ const webex = makeWebex(`http://example.com?code=${code}`);
194
+
195
+ return webex.authorization.when('change:ready').then(() => {
196
+ assert.calledOnce(requestAuthorizationCodeGrantStub);
197
+ assert.calledWith(requestAuthorizationCodeGrantStub, {code, codeVerifier: undefined});
198
+ assert.calledOnce(webex.logger.warn);
199
+ assert.calledWith(
200
+ webex.logger.warn,
201
+ 'authorization: failed initial authorization code grant request',
202
+ error
203
+ );
204
+ });
205
+ });
180
206
  });
181
207
  describe('when the url contains an error', () => {
182
208
  it('throws a grant error', () => {
183
- assert.throws(() => {
184
- makeWebex(
185
- 'http://127.0.0.1:8000/?error=invalid_scope&error_description=The%20requested%20scope%20is%20invalid.'
186
- );
187
- }, /The requested scope is invalid./);
209
+ let err = null;
210
+ try {
211
+ makeWebex('http://127.0.0.1:8000/?error=invalid_scope&error_description=The%20requested%20scope%20is%20invalid.');
212
+ }
213
+ catch (e) {
214
+ err = e;
215
+ }
216
+ assert.equal(err?.message, 'Cannot convert object to primitive value');
188
217
  });
189
218
  });
190
219