@webex/webex-core 3.0.0-beta.15 → 3.0.0-beta.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (103) hide show
  1. package/dist/config.js +1 -11
  2. package/dist/config.js.map +1 -1
  3. package/dist/credentials-config.js +0 -20
  4. package/dist/credentials-config.js.map +1 -1
  5. package/dist/index.js +0 -76
  6. package/dist/index.js.map +1 -1
  7. package/dist/interceptors/auth.js +22 -55
  8. package/dist/interceptors/auth.js.map +1 -1
  9. package/dist/interceptors/default-options.js +0 -20
  10. package/dist/interceptors/default-options.js.map +1 -1
  11. package/dist/interceptors/embargo.js +0 -21
  12. package/dist/interceptors/embargo.js.map +1 -1
  13. package/dist/interceptors/network-timing.js +2 -21
  14. package/dist/interceptors/network-timing.js.map +1 -1
  15. package/dist/interceptors/payload-transformer.js +2 -22
  16. package/dist/interceptors/payload-transformer.js.map +1 -1
  17. package/dist/interceptors/rate-limit.js +21 -53
  18. package/dist/interceptors/rate-limit.js.map +1 -1
  19. package/dist/interceptors/redirect.js +4 -33
  20. package/dist/interceptors/redirect.js.map +1 -1
  21. package/dist/interceptors/request-event.js +3 -30
  22. package/dist/interceptors/request-event.js.map +1 -1
  23. package/dist/interceptors/request-logger.js +1 -30
  24. package/dist/interceptors/request-logger.js.map +1 -1
  25. package/dist/interceptors/request-timing.js +3 -22
  26. package/dist/interceptors/request-timing.js.map +1 -1
  27. package/dist/interceptors/response-logger.js +2 -31
  28. package/dist/interceptors/response-logger.js.map +1 -1
  29. package/dist/interceptors/user-agent.js +2 -29
  30. package/dist/interceptors/user-agent.js.map +1 -1
  31. package/dist/interceptors/webex-tracking-id.js +5 -28
  32. package/dist/interceptors/webex-tracking-id.js.map +1 -1
  33. package/dist/interceptors/webex-user-agent.js +5 -38
  34. package/dist/interceptors/webex-user-agent.js.map +1 -1
  35. package/dist/lib/batcher.js +3 -51
  36. package/dist/lib/batcher.js.map +1 -1
  37. package/dist/lib/credentials/credentials.js +28 -123
  38. package/dist/lib/credentials/credentials.js.map +1 -1
  39. package/dist/lib/credentials/grant-errors.js +0 -49
  40. package/dist/lib/credentials/grant-errors.js.map +1 -1
  41. package/dist/lib/credentials/index.js +1 -13
  42. package/dist/lib/credentials/index.js.map +1 -1
  43. package/dist/lib/credentials/scope.js +1 -7
  44. package/dist/lib/credentials/scope.js.map +1 -1
  45. package/dist/lib/credentials/token-collection.js +1 -7
  46. package/dist/lib/credentials/token-collection.js.map +1 -1
  47. package/dist/lib/credentials/token.js +29 -122
  48. package/dist/lib/credentials/token.js.map +1 -1
  49. package/dist/lib/page.js +12 -27
  50. package/dist/lib/page.js.map +1 -1
  51. package/dist/lib/services/constants.js +0 -2
  52. package/dist/lib/services/constants.js.map +1 -1
  53. package/dist/lib/services/index.js +1 -28
  54. package/dist/lib/services/index.js.map +1 -1
  55. package/dist/lib/services/interceptors/server-error.js +0 -21
  56. package/dist/lib/services/interceptors/server-error.js.map +1 -1
  57. package/dist/lib/services/interceptors/service.js +11 -33
  58. package/dist/lib/services/interceptors/service.js.map +1 -1
  59. package/dist/lib/services/metrics.js +0 -2
  60. package/dist/lib/services/metrics.js.map +1 -1
  61. package/dist/lib/services/service-catalog.js +10 -90
  62. package/dist/lib/services/service-catalog.js.map +1 -1
  63. package/dist/lib/services/service-fed-ramp.js +0 -2
  64. package/dist/lib/services/service-fed-ramp.js.map +1 -1
  65. package/dist/lib/services/service-host.js +41 -56
  66. package/dist/lib/services/service-host.js.map +1 -1
  67. package/dist/lib/services/service-registry.js +78 -90
  68. package/dist/lib/services/service-registry.js.map +1 -1
  69. package/dist/lib/services/service-state.js +3 -15
  70. package/dist/lib/services/service-state.js.map +1 -1
  71. package/dist/lib/services/service-url.js +4 -25
  72. package/dist/lib/services/service-url.js.map +1 -1
  73. package/dist/lib/services/services.js +116 -234
  74. package/dist/lib/services/services.js.map +1 -1
  75. package/dist/lib/stateless-webex-plugin.js +5 -28
  76. package/dist/lib/stateless-webex-plugin.js.map +1 -1
  77. package/dist/lib/storage/decorators.js +19 -62
  78. package/dist/lib/storage/decorators.js.map +1 -1
  79. package/dist/lib/storage/errors.js +0 -23
  80. package/dist/lib/storage/errors.js.map +1 -1
  81. package/dist/lib/storage/index.js +0 -14
  82. package/dist/lib/storage/index.js.map +1 -1
  83. package/dist/lib/storage/make-webex-plugin-store.js +11 -41
  84. package/dist/lib/storage/make-webex-plugin-store.js.map +1 -1
  85. package/dist/lib/storage/make-webex-store.js +8 -30
  86. package/dist/lib/storage/make-webex-store.js.map +1 -1
  87. package/dist/lib/storage/memory-store-adapter.js +1 -19
  88. package/dist/lib/storage/memory-store-adapter.js.map +1 -1
  89. package/dist/lib/webex-core-plugin-mixin.js +9 -29
  90. package/dist/lib/webex-core-plugin-mixin.js.map +1 -1
  91. package/dist/lib/webex-http-error.js +1 -31
  92. package/dist/lib/webex-http-error.js.map +1 -1
  93. package/dist/lib/webex-internal-core-plugin-mixin.js +9 -29
  94. package/dist/lib/webex-internal-core-plugin-mixin.js.map +1 -1
  95. package/dist/lib/webex-plugin.js +6 -40
  96. package/dist/lib/webex-plugin.js.map +1 -1
  97. package/dist/plugins/logger.js +3 -17
  98. package/dist/plugins/logger.js.map +1 -1
  99. package/dist/webex-core.js +79 -203
  100. package/dist/webex-core.js.map +1 -1
  101. package/dist/webex-internal-core.js +0 -10
  102. package/dist/webex-internal-core.js.map +1 -1
  103. package/package.json +14 -14
package/dist/lib/credentials/token.js CHANGED
@@ -1,69 +1,38 @@
1
1
  "use strict";
2
2
 
3
3
  var _typeof = require("@babel/runtime-corejs2/helpers/typeof");
4
-
5
4
  var _Object$keys = require("@babel/runtime-corejs2/core-js/object/keys");
6
-
7
5
  var _Object$getOwnPropertySymbols = require("@babel/runtime-corejs2/core-js/object/get-own-property-symbols");
8
-
9
6
  var _Object$getOwnPropertyDescriptor2 = require("@babel/runtime-corejs2/core-js/object/get-own-property-descriptor");
10
-
11
7
  var _Object$getOwnPropertyDescriptors = require("@babel/runtime-corejs2/core-js/object/get-own-property-descriptors");
12
-
13
8
  var _Object$defineProperties = require("@babel/runtime-corejs2/core-js/object/define-properties");
14
-
15
9
  var _Object$defineProperty = require("@babel/runtime-corejs2/core-js/object/define-property");
16
-
17
10
  var _WeakMap = require("@babel/runtime-corejs2/core-js/weak-map");
18
-
19
11
  var _interopRequireDefault = require("@babel/runtime-corejs2/helpers/interopRequireDefault");
20
-
21
12
  _Object$defineProperty(exports, "__esModule", {
22
13
  value: true
23
14
  });
24
-
25
15
  exports.default = void 0;
26
-
27
16
  var _defineProperty2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/defineProperty"));
28
-
29
17
  var _slicedToArray2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/slicedToArray"));
30
-
31
18
  var _applyDecoratedDescriptor2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/applyDecoratedDescriptor"));
32
-
33
19
  var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/promise"));
34
-
35
20
  var _assign = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/object/assign"));
36
-
37
21
  var _apply = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/reflect/apply"));
38
-
39
22
  var _now = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/date/now"));
40
-
41
23
  var _getOwnPropertyDescriptor = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/object/get-own-property-descriptor"));
42
-
43
24
  var _pick2 = _interopRequireDefault(require("lodash/pick"));
44
-
45
25
  var _common = require("@webex/common");
46
-
47
26
  var _commonTimers = require("@webex/common-timers");
48
-
49
27
  var _webexHttpError = _interopRequireDefault(require("../webex-http-error"));
50
-
51
28
  var _webexPlugin = _interopRequireDefault(require("../webex-plugin"));
52
-
53
29
  var _scope = require("./scope");
54
-
55
30
  var _grantErrors = _interopRequireWildcard(require("./grant-errors"));
56
-
57
31
  var _dec, _obj;
58
-
59
32
  function _getRequireWildcardCache(nodeInterop) { if (typeof _WeakMap !== "function") return null; var cacheBabelInterop = new _WeakMap(); var cacheNodeInterop = new _WeakMap(); return (_getRequireWildcardCache = function _getRequireWildcardCache(nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
60
-
61
33
  function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || _typeof(obj) !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = _Object$defineProperty && _Object$getOwnPropertyDescriptor2; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? _Object$getOwnPropertyDescriptor2(obj, key) : null; if (desc && (desc.get || desc.set)) { _Object$defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
62
-
63
34
  function ownKeys(object, enumerableOnly) { var keys = _Object$keys(object); if (_Object$getOwnPropertySymbols) { var symbols = _Object$getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return _Object$getOwnPropertyDescriptor2(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
64
-
65
35
  function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? ownKeys(Object(source), !0).forEach(function (key) { (0, _defineProperty2.default)(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(target, _Object$getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) { _Object$defineProperty(target, key, _Object$getOwnPropertyDescriptor2(source, key)); }); } return target; }
66
-
67
36
  /* eslint-disable camelcase */
68
37
 
69
38
  /**
@@ -76,24 +45,19 @@ function processGrantError(res) {
76
45
  if (res.statusCode !== 400) {
77
46
  return _promise.default.reject(res);
78
47
  }
79
-
80
48
  var ErrorConstructor = _grantErrors.default.select(res.body.error);
81
-
82
49
  if (ErrorConstructor === _grantErrors.OAuthError && res instanceof _webexHttpError.default) {
83
50
  return _promise.default.reject(res);
84
51
  }
85
-
86
52
  if (!ErrorConstructor) {
87
53
  return _promise.default.reject(res);
88
54
  }
89
-
90
55
  return _promise.default.reject(new ErrorConstructor(res._res || res));
91
56
  }
57
+
92
58
  /**
93
59
  * @class
94
60
  */
95
-
96
-
97
61
  var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
98
62
  keyFactory: function keyFactory(scope) {
99
63
  return scope;
@@ -115,7 +79,6 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
115
79
  return !!this.access_token && !this.isExpired;
116
80
  }
117
81
  },
118
-
119
82
  /**
120
83
  * Indicates that this token can be downscoped. `true` iff
121
84
  * {@link config.credentials.client_id} is defined and if
@@ -136,7 +99,6 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
136
99
  return this.canAuthorize && !!this.config.client_id;
137
100
  }
138
101
  },
139
-
140
102
  /**
141
103
  * Indicates if this token can be refreshed. `true` iff
142
104
  * {@link Token@refresh_token} is defined and
@@ -157,11 +119,9 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
157
119
  if (_common.inBrowser) {
158
120
  return !!this.refresh_token && !!this.config.refreshCallback;
159
121
  }
160
-
161
122
  return !!this.refresh_token && !!this.config.client_secret;
162
123
  }
163
124
  },
164
-
165
125
  /**
166
126
  * Indicates if this `Token` is expired. `true` iff {@link Token#expires} is
167
127
  * defined and is less than {@link Date.now()}.
@@ -178,7 +138,6 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
178
138
  return !!this.expires && this._isExpired;
179
139
  }
180
140
  },
181
-
182
141
  /**
183
142
  * Cache for toString()
184
143
  * @instance
@@ -193,7 +152,6 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
193
152
  if (!this.access_token || !this.token_type) {
194
153
  return '';
195
154
  }
196
-
197
155
  return "".concat(this.token_type, " ").concat(this.access_token);
198
156
  }
199
157
  }
@@ -208,49 +166,42 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
208
166
  * @type {string}
209
167
  */
210
168
  scope: 'string',
211
-
212
169
  /**
213
170
  * @instance
214
171
  * @memberof Token
215
172
  * @type {string}
216
173
  */
217
174
  access_token: 'string',
218
-
219
175
  /**
220
176
  * @instance
221
177
  * @memberof Token
222
178
  * @type {number}
223
179
  */
224
180
  expires: 'number',
225
-
226
181
  /**
227
182
  * @instance
228
183
  * @memberof Token
229
184
  * @type {number}
230
185
  */
231
186
  expires_in: 'number',
232
-
233
187
  /**
234
188
  * @instance
235
189
  * @memberof Token
236
190
  * @type {string}
237
191
  */
238
192
  refresh_token: 'string',
239
-
240
193
  /**
241
194
  * @instance
242
195
  * @memberof Token
243
196
  * @type {number}
244
197
  */
245
198
  refresh_token_expires: 'number',
246
-
247
199
  /**
248
200
  * @instance
249
201
  * @memberof Token
250
202
  * @type {number}
251
203
  */
252
204
  refresh_token_expires_in: 'number',
253
-
254
205
  /**
255
206
  * @default "Bearer"
256
207
  * @instance
@@ -274,7 +225,6 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
274
225
  default: false,
275
226
  type: 'boolean'
276
227
  },
277
-
278
228
  /**
279
229
  * Handle to the previous token that we'll revoke when we refresh this
280
230
  * token. The idea is to keep allow two valid tokens when a refresh occurs;
@@ -290,7 +240,6 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
290
240
  type: 'state'
291
241
  }
292
242
  },
293
-
294
243
  /**
295
244
  * Uses this token to request a new Token with a subset of this Token's scopes
296
245
  * @instance
@@ -300,37 +249,32 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
300
249
  */
301
250
  downscope: function downscope(scope) {
302
251
  var _this = this;
303
-
304
252
  this.logger.info("token: downscoping token to ".concat(scope));
305
-
306
253
  if (this.isExpired) {
307
254
  this.logger.info('token: request received to downscope expired access_token');
308
255
  return _promise.default.reject(new Error('cannot downscope expired access token'));
309
256
  }
310
-
311
257
  if (!this.canDownscope) {
312
258
  if (this.config.client_id) {
313
259
  this.logger.info('token: request received to downscope invalid access_token');
314
260
  } else {
315
261
  this.logger.trace('token: cannot downscope without client_id');
316
262
  }
317
-
318
263
  return _promise.default.reject(new Error('cannot downscope access token'));
319
- } // Since we're going to use scope as the index in our token collection, it's
320
- // important scopes are always deterministically specified.
321
-
264
+ }
322
265
 
266
+ // Since we're going to use scope as the index in our token collection, it's
267
+ // important scopes are always deterministically specified.
323
268
  if (scope) {
324
269
  scope = (0, _scope.sortScope)(scope);
325
- } // Ideally, we could depend on the service to communicate this error, but
270
+ }
271
+
272
+ // Ideally, we could depend on the service to communicate this error, but
326
273
  // all we get is "invalid scope", which, to the lay person, implies
327
274
  // something wrong with *one* of the scopes, not the whole thing.
328
-
329
-
330
275
  if (scope === (0, _scope.sortScope)(this.config.scope)) {
331
276
  return _promise.default.reject(new Error('token: scope reduction requires a reduced scope'));
332
277
  }
333
-
334
278
  return this.webex.request({
335
279
  method: 'POST',
336
280
  uri: this.config.tokenUrl,
@@ -344,7 +288,6 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
344
288
  }
345
289
  }).then(function (res) {
346
290
  _this.logger.info("token: downscoped token to ".concat(scope));
347
-
348
291
  return new Token((0, _assign.default)(res.body, {
349
292
  scope: scope
350
293
  }), {
@@ -352,7 +295,6 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
352
295
  });
353
296
  });
354
297
  },
355
-
356
298
  /**
357
299
  * Initializer
358
300
  * @instance
@@ -364,21 +306,18 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
364
306
  */
365
307
  initialize: function initialize() {
366
308
  var _this2 = this;
367
-
368
309
  var attrs = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
369
310
  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
370
311
  (0, _apply.default)(_webexPlugin.default.prototype.initialize, this, [attrs, options]);
371
-
372
312
  if (typeof attrs === 'string') {
373
313
  this.access_token = attrs;
374
314
  }
375
-
376
315
  if (!this.access_token) {
377
316
  throw new Error('`access_token` is required');
378
- } // We don't want the derived property `isExpired` to need {cache:false}, so
379
- // we'll set up a timer the runs when this token should expire.
380
-
317
+ }
381
318
 
319
+ // We don't want the derived property `isExpired` to need {cache:false}, so
320
+ // we'll set up a timer the runs when this token should expire.
382
321
  if (this.expires) {
383
322
  if (this.expires < (0, _now.default)()) {
384
323
  this._isExpired = true;
@@ -389,7 +328,6 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
389
328
  }
390
329
  }
391
330
  },
392
-
393
331
  /**
394
332
  * Refreshes this Token. Relies on
395
333
  * {@link config.credentials.refreshCallback()}
@@ -399,21 +337,16 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
399
337
  */
400
338
  refresh: function refresh() {
401
339
  var _this3 = this;
402
-
403
340
  if (!this.canRefresh) {
404
341
  throw new Error('Not enough information available to refresh this access token');
405
342
  }
406
-
407
343
  var promise;
408
-
409
344
  if (_common.inBrowser) {
410
345
  if (!this.config.refreshCallback) {
411
346
  throw new Error('Cannot refresh access token without refreshCallback');
412
347
  }
413
-
414
348
  promise = _promise.default.resolve(this.config.refreshCallback(this.webex, this));
415
349
  }
416
-
417
350
  return (promise || this.webex.request({
418
351
  method: 'POST',
419
352
  uri: this.config.tokenUrl,
@@ -433,36 +366,29 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
433
366
  })).then(function (obj) {
434
367
  if (!obj) {
435
368
  throw new Error('token: refreshCallback() did not produce an object');
436
- } // If the authentication server did not send back a refresh token, copy
369
+ }
370
+ // If the authentication server did not send back a refresh token, copy
437
371
  // the current refresh token and related values to the response (note:
438
372
  // at time of implementation, CI never sends a new refresh token)
439
-
440
-
441
373
  if (!obj.refresh_token) {
442
374
  (0, _assign.default)(obj, (0, _pick2.default)(_this3, 'refresh_token', 'refresh_token_expires', 'refresh_token_expires_in'));
443
- } // If the new token is the same as the previous token, then we may have
444
- // found a bug in CI; log the details and reject the Promise
445
-
375
+ }
446
376
 
377
+ // If the new token is the same as the previous token, then we may have
378
+ // found a bug in CI; log the details and reject the Promise
447
379
  if (_this3.access_token === obj.access_token) {
448
- _this3.logger.error('token: new token matches current token'); // log the tokens if it is not production
449
-
450
-
380
+ _this3.logger.error('token: new token matches current token');
381
+ // log the tokens if it is not production
451
382
  if (process.env.NODE_ENV !== 'production') {
452
383
  _this3.logger.error('token: current token:', _this3.access_token);
453
-
454
384
  _this3.logger.error('token: new token:', obj.access_token);
455
385
  }
456
-
457
386
  return _promise.default.reject(new Error('new token matches current token'));
458
387
  }
459
-
460
388
  if (_this3.previousToken) {
461
389
  _this3.previousToken.revoke();
462
-
463
390
  _this3.unset('previousToken');
464
391
  }
465
-
466
392
  obj.previousToken = _this3;
467
393
  obj.scope = _this3.scope;
468
394
  return new Token(obj, {
@@ -470,7 +396,6 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
470
396
  });
471
397
  }).catch(processGrantError);
472
398
  },
473
-
474
399
  /**
475
400
  * Revokes this token and unsets its local properties
476
401
  * @instance
@@ -479,28 +404,25 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
479
404
  */
480
405
  revoke: function revoke() {
481
406
  var _this4 = this;
482
-
483
407
  if (this.isExpired) {
484
408
  this.logger.info('token: already expired, not making making revocation request');
485
409
  return _promise.default.resolve();
486
410
  }
487
-
488
411
  if (!this.canAuthorize) {
489
412
  this.logger.info('token: no longer valid, not making revocation request');
490
413
  return _promise.default.resolve();
491
- } // FIXME we need to use the user token revocation endpoint to revoke a token
414
+ }
415
+
416
+ // FIXME we need to use the user token revocation endpoint to revoke a token
492
417
  // without a client_secret, but it doesn't current support using a token to
493
418
  // revoke itself
494
419
  // Note: I'm not making a canRevoke property because there should be changes
495
420
  // coming to the user token revocation endpoint that allow us to do this
496
421
  // correctly.
497
-
498
-
499
422
  if (!this.config.client_secret) {
500
423
  this.logger.info('token: no client secret available, not making revocation request');
501
424
  return _promise.default.resolve();
502
425
  }
503
-
504
426
  this.logger.info('token: revoking access token');
505
427
  return this.webex.request({
506
428
  method: 'POST',
@@ -517,46 +439,37 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
517
439
  shouldRefreshAccessToken: false
518
440
  }).then(function () {
519
441
  _this4.unset(['access_token', 'expires', 'expires_in', 'token_type']);
520
-
521
442
  _this4.logger.info('token: access token revoked');
522
443
  }).catch(processGrantError);
523
444
  },
524
445
  set: function set() {
525
446
  // eslint-disable-next-line prefer-const
526
447
  var _this$_filterSetParam = this._filterSetParameters.apply(this, arguments),
527
- _this$_filterSetParam2 = (0, _slicedToArray2.default)(_this$_filterSetParam, 2),
528
- attrs = _this$_filterSetParam2[0],
529
- options = _this$_filterSetParam2[1];
530
-
448
+ _this$_filterSetParam2 = (0, _slicedToArray2.default)(_this$_filterSetParam, 2),
449
+ attrs = _this$_filterSetParam2[0],
450
+ options = _this$_filterSetParam2[1];
531
451
  if (!attrs.token_type && attrs.access_token && attrs.access_token.includes(' ')) {
532
452
  var _attrs$access_token$s = attrs.access_token.split(' '),
533
- _attrs$access_token$s2 = (0, _slicedToArray2.default)(_attrs$access_token$s, 2),
534
- token_type = _attrs$access_token$s2[0],
535
- access_token = _attrs$access_token$s2[1];
536
-
453
+ _attrs$access_token$s2 = (0, _slicedToArray2.default)(_attrs$access_token$s, 2),
454
+ token_type = _attrs$access_token$s2[0],
455
+ access_token = _attrs$access_token$s2[1];
537
456
  attrs = _objectSpread(_objectSpread({}, attrs), {}, {
538
457
  access_token: access_token,
539
458
  token_type: token_type
540
459
  });
541
460
  }
542
-
543
461
  var now = (0, _now.default)();
544
-
545
462
  if (!attrs.expires && attrs.expires_in) {
546
463
  attrs.expires = now + attrs.expires_in * 1000;
547
464
  }
548
-
549
465
  if (!attrs.refresh_token_expires && attrs.refresh_token_expires_in) {
550
466
  attrs.refresh_token_expires = now + attrs.refresh_token_expires_in * 1000;
551
467
  }
552
-
553
468
  if (attrs.scope) {
554
469
  attrs.scope = (0, _scope.sortScope)(attrs.scope);
555
470
  }
556
-
557
471
  return (0, _apply.default)(_webexPlugin.default.prototype.set, this, [attrs, options]);
558
472
  },
559
-
560
473
  /**
561
474
  * Renders the token object as an HTTP Header Value
562
475
  * @instance
@@ -568,10 +481,8 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
568
481
  if (!this._string) {
569
482
  throw new Error('cannot stringify Token');
570
483
  }
571
-
572
484
  return this._string;
573
485
  },
574
-
575
486
  /**
576
487
  * Uses a non-producation api to return information about this token. This
577
488
  * method is primarily for tests and will throw if NODE_ENV === production
@@ -582,11 +493,9 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
582
493
  */
583
494
  validate: function validate() {
584
495
  var _this5 = this;
585
-
586
496
  if (process.env.NODE_ENV === 'production') {
587
497
  throw new Error('Token#validate() must not be used in production');
588
498
  }
589
-
590
499
  return this.webex.request({
591
500
  method: 'POST',
592
501
  service: 'conversation',
@@ -598,12 +507,11 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
598
507
  if ('statusCode' in reason) {
599
508
  return _promise.default.reject(reason);
600
509
  }
510
+ _this5.logger.info("REMINDER: If you're investigating a network error here, it's normal");
601
511
 
602
- _this5.logger.info("REMINDER: If you're investigating a network error here, it's normal"); // If we got an error that isn't a WebexHttpError, assume the problem is
512
+ // If we got an error that isn't a WebexHttpError, assume the problem is
603
513
  // that we don't have the wdm plugin loaded and service/resource isn't
604
514
  // a valid means of identifying a request.
605
-
606
-
607
515
  var convApi = process.env.CONVERSATION_SERVICE || process.env.CONVERSATION_SERVICE_URL || 'https://conv-a.wbx2.com/conversation/api/v1';
608
516
  return _this5.webex.request({
609
517
  method: 'POST',
@@ -619,9 +527,8 @@ var Token = _webexPlugin.default.extend((_dec = (0, _common.oneFlight)({
619
527
  return res.body;
620
528
  });
621
529
  },
622
- version: "3.0.0-beta.15"
530
+ version: "3.0.0-beta.16"
623
531
  }, ((0, _applyDecoratedDescriptor2.default)(_obj, "downscope", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "downscope"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "refresh", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "refresh"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "revoke", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "revoke"), _obj)), _obj)));
624
-
625
532
  var _default = Token;
626
533
  exports.default = _default;
627
534
  //# sourceMappingURL=token.js.map
package/dist/lib/credentials/token.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["processGrantError","res","statusCode","reject","ErrorConstructor","grantErrors","select","body","error","OAuthError","WebexHttpError","_res","Token","WebexPlugin","extend","oneFlight","keyFactory","scope","derived","canAuthorize","deps","fn","access_token","isExpired","canDownscope","config","client_id","canRefresh","inBrowser","refresh_token","refreshCallback","client_secret","expires","_isExpired","_string","token_type","namespace","props","expires_in","refresh_token_expires","refresh_token_expires_in","default","type","session","previousToken","downscope","logger","info","Error","trace","sortScope","webex","request","method","uri","tokenUrl","addAuthHeader","form","grant_type","token","self_contained_token","then","parent","initialize","attrs","options","prototype","safeSetTimeout","refresh","promise","resolve","redirect_uri","auth","user","pass","sendImmediately","shouldRefreshAccessToken","obj","process","env","NODE_ENV","revoke","unset","catch","revokeUrl","token_type_hint","set","_filterSetParameters","includes","split","now","toString","validate","service","resource","reason","convApi","CONVERSATION_SERVICE","CONVERSATION_SERVICE_URL","headers","authorization"],"sources":["token.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {pick} from 'lodash';\nimport {inBrowser, oneFlight} from '@webex/common';\nimport {safeSetTimeout} from '@webex/common-timers';\n\nimport WebexHttpError from '../webex-http-error';\nimport WebexPlugin from '../webex-plugin';\n\nimport {sortScope} from './scope';\nimport grantErrors, {OAuthError} from './grant-errors';\n\n/* eslint-disable camelcase */\n\n/**\n * Parse response from CI and converts to structured error when appropriate\n * @param {WebexHttpError} res\n * @private\n * @returns {GrantError}\n */\nfunction processGrantError(res) {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n if (ErrorConstructor === OAuthError && res instanceof WebexHttpError) {\n return Promise.reject(res);\n }\n if (!ErrorConstructor) {\n return Promise.reject(res);\n }\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n}\n\n/**\n * @class\n */\nconst Token = WebexPlugin.extend({\n derived: {\n /**\n * Indicates if this token can be used in an auth header. `true` iff\n * {@link Token#access_token} is defined and {@link Token#isExpired} is\n * false.\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canAuthorize: {\n deps: ['access_token', 'isExpired'],\n fn() {\n return !!this.access_token && !this.isExpired;\n },\n },\n\n /**\n * Indicates that this token can be downscoped. `true` iff\n * {@link config.credentials.client_id} is defined and if\n * {@link Token#canAuthorize} is true\n *\n * Note: since {@link config} is not evented, we can't listen for changes to\n * {@link config.credentials.client_id}. As such,\n * {@link config.credentials.client_id} must always be set before\n * instantiating a {@link Token}\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canDownscope: {\n deps: ['canAuthorize'],\n fn() {\n return this.canAuthorize && !!this.config.client_id;\n },\n },\n\n /**\n * Indicates if this token can be refreshed. `true` iff\n * {@link Token@refresh_token} is defined and\n * {@link config.credentials.refreshCallback()} is defined\n *\n * Note: since {@link config} is not evented, we can't listen for changes to\n * {@link config.credentials.refreshCallback()}. As such,\n * {@link config.credentials.refreshCallback()} must always be set before\n * instantiating a {@link Token}\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canRefresh: {\n deps: ['refresh_token'],\n fn() {\n if (inBrowser) {\n return !!this.refresh_token && !!this.config.refreshCallback;\n }\n\n return !!this.refresh_token && !!this.config.client_secret;\n },\n },\n\n /**\n * Indicates if this `Token` is expired. `true` iff {@link Token#expires} is\n * defined and is less than {@link Date.now()}.\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n isExpired: {\n deps: ['expires', '_isExpired'],\n fn() {\n // in order to avoid setting `cache:false`, we'll use a private property\n // and a timer rather than comparing to `Date.now()`;\n return !!this.expires && this._isExpired;\n },\n },\n\n /**\n * Cache for toString()\n * @instance\n * @memberof Token\n * @private\n * @readonly\n * @type {string}\n */\n _string: {\n deps: ['access_token', 'token_type'],\n fn() {\n if (!this.access_token || !this.token_type) {\n return '';\n }\n\n return `${this.token_type} ${this.access_token}`;\n },\n },\n },\n\n namespace: 'Credentials',\n\n props: {\n /**\n * Used for indexing in the credentials userTokens collection\n * @instance\n * @memberof Token\n * @private\n * @type {string}\n */\n scope: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {string}\n */\n access_token: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n expires: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n expires_in: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {string}\n */\n refresh_token: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n refresh_token_expires: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n refresh_token_expires_in: 'number',\n /**\n * @default \"Bearer\"\n * @instance\n * @memberof Token\n * @type {string}\n */\n token_type: {\n default: 'Bearer',\n type: 'string',\n },\n },\n\n session: {\n /**\n * Used by {@link Token#isExpired} to avoid doing a Date comparison.\n * @instance\n * @memberof Token\n * @private\n * @type {boolean}\n */\n _isExpired: {\n default: false,\n type: 'boolean',\n },\n /**\n * Handle to the previous token that we'll revoke when we refresh this\n * token. The idea is to keep allow two valid tokens when a refresh occurs;\n * we don't want revoke a token that's in the middle of being used, so when\n * we do a token refresh, we won't revoke the token being refreshed, but\n * we'll revoke the previous one.\n * @instance\n * @memberof Token\n * @private\n * @type {Object}\n */\n previousToken: {\n type: 'state',\n },\n },\n\n @oneFlight({\n keyFactory(scope) {\n return scope;\n },\n })\n /**\n * Uses this token to request a new Token with a subset of this Token's scopes\n * @instance\n * @memberof Token\n * @param {string} scope\n * @returns {Promise<Token>}\n */\n downscope(scope) {\n this.logger.info(`token: downscoping token to ${scope}`);\n\n if (this.isExpired) {\n this.logger.info('token: request received to downscope expired access_token');\n\n return Promise.reject(new Error('cannot downscope expired access token'));\n }\n\n if (!this.canDownscope) {\n if (this.config.client_id) {\n this.logger.info('token: request received to downscope invalid access_token');\n } else {\n this.logger.trace('token: cannot downscope without client_id');\n }\n\n return Promise.reject(new Error('cannot downscope access token'));\n }\n\n // Since we're going to use scope as the index in our token collection, it's\n // important scopes are always deterministically specified.\n if (scope) {\n scope = sortScope(scope);\n }\n\n // Ideally, we could depend on the service to communicate this error, but\n // all we get is \"invalid scope\", which, to the lay person, implies\n // something wrong with *one* of the scopes, not the whole thing.\n if (scope === sortScope(this.config.scope)) {\n return Promise.reject(new Error('token: scope reduction requires a reduced scope'));\n }\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n addAuthHeader: false,\n form: {\n grant_type: 'urn:cisco:oauth:grant-type:scope-reduction',\n token: this.access_token,\n scope,\n client_id: this.config.client_id,\n self_contained_token: true,\n },\n })\n .then((res) => {\n this.logger.info(`token: downscoped token to ${scope}`);\n\n return new Token(Object.assign(res.body, {scope}), {parent: this.parent});\n });\n },\n\n /**\n * Initializer\n * @instance\n * @memberof Token\n * @param {Object} [attrs={}]\n * @param {Object} [options={}]\n * @see {@link WebexPlugin#initialize()}\n * @returns {Token}\n */\n initialize(attrs = {}, options = {}) {\n Reflect.apply(WebexPlugin.prototype.initialize, this, [attrs, options]);\n\n if (typeof attrs === 'string') {\n this.access_token = attrs;\n }\n\n if (!this.access_token) {\n throw new Error('`access_token` is required');\n }\n\n // We don't want the derived property `isExpired` to need {cache:false}, so\n // we'll set up a timer the runs when this token should expire.\n if (this.expires) {\n if (this.expires < Date.now()) {\n this._isExpired = true;\n } else {\n safeSetTimeout(() => {\n this._isExpired = true;\n }, this.expires - Date.now());\n }\n }\n },\n\n @oneFlight\n /**\n * Refreshes this Token. Relies on\n * {@link config.credentials.refreshCallback()}\n * @instance\n * @memberof Token\n * @returns {Promise<Token>}\n */\n refresh() {\n if (!this.canRefresh) {\n throw new Error('Not enough information available to refresh this access token');\n }\n\n let promise;\n\n if (inBrowser) {\n if (!this.config.refreshCallback) {\n throw new Error('Cannot refresh access token without refreshCallback');\n }\n\n promise = Promise.resolve(this.config.refreshCallback(this.webex, this));\n }\n\n return (\n promise ||\n this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n form: {\n grant_type: 'refresh_token',\n redirect_uri: this.config.redirect_uri,\n refresh_token: this.refresh_token,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n })\n .then((res) => res.body)\n )\n .then((obj) => {\n if (!obj) {\n throw new Error('token: refreshCallback() did not produce an object');\n }\n // If the authentication server did not send back a refresh token, copy\n // the current refresh token and related values to the response (note:\n // at time of implementation, CI never sends a new refresh token)\n if (!obj.refresh_token) {\n Object.assign(\n obj,\n pick(this, 'refresh_token', 'refresh_token_expires', 'refresh_token_expires_in')\n );\n }\n\n // If the new token is the same as the previous token, then we may have\n // found a bug in CI; log the details and reject the Promise\n if (this.access_token === obj.access_token) {\n this.logger.error('token: new token matches current token');\n // log the tokens if it is not production\n if (process.env.NODE_ENV !== 'production') {\n this.logger.error('token: current token:', this.access_token);\n this.logger.error('token: new token:', obj.access_token);\n }\n\n return Promise.reject(new Error('new token matches current token'));\n }\n\n if (this.previousToken) {\n this.previousToken.revoke();\n this.unset('previousToken');\n }\n\n obj.previousToken = this;\n obj.scope = this.scope;\n\n return new Token(obj, {parent: this.parent});\n })\n .catch(processGrantError);\n },\n\n @oneFlight\n /**\n * Revokes this token and unsets its local properties\n * @instance\n * @memberof Token\n * @returns {Promise}\n */\n revoke() {\n if (this.isExpired) {\n this.logger.info('token: already expired, not making making revocation request');\n\n return Promise.resolve();\n }\n\n if (!this.canAuthorize) {\n this.logger.info('token: no longer valid, not making revocation request');\n\n return Promise.resolve();\n }\n\n // FIXME we need to use the user token revocation endpoint to revoke a token\n // without a client_secret, but it doesn't current support using a token to\n // revoke itself\n // Note: I'm not making a canRevoke property because there should be changes\n // coming to the user token revocation endpoint that allow us to do this\n // correctly.\n if (!this.config.client_secret) {\n this.logger.info('token: no client secret available, not making revocation request');\n\n return Promise.resolve();\n }\n\n this.logger.info('token: revoking access token');\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.revokeUrl,\n form: {\n token: this.access_token,\n token_type_hint: 'access_token',\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n })\n .then(() => {\n this.unset(['access_token', 'expires', 'expires_in', 'token_type']);\n this.logger.info('token: access token revoked');\n })\n .catch(processGrantError);\n },\n\n set(...args) {\n // eslint-disable-next-line prefer-const\n let [attrs, options] = this._filterSetParameters(...args);\n\n if (!attrs.token_type && attrs.access_token && attrs.access_token.includes(' ')) {\n const [token_type, access_token] = attrs.access_token.split(' ');\n\n attrs = {...attrs, access_token, token_type};\n }\n const now = Date.now();\n\n if (!attrs.expires && attrs.expires_in) {\n attrs.expires = now + attrs.expires_in * 1000;\n }\n\n if (!attrs.refresh_token_expires && attrs.refresh_token_expires_in) {\n attrs.refresh_token_expires = now + attrs.refresh_token_expires_in * 1000;\n }\n\n if (attrs.scope) {\n attrs.scope = sortScope(attrs.scope);\n }\n\n return Reflect.apply(WebexPlugin.prototype.set, this, [attrs, options]);\n },\n\n /**\n * Renders the token object as an HTTP Header Value\n * @instance\n * @memberof Token\n * @returns {string}\n * @see {@link Object#toString()}\n */\n toString() {\n if (!this._string) {\n throw new Error('cannot stringify Token');\n }\n\n return this._string;\n },\n\n /**\n * Uses a non-producation api to return information about this token. This\n * method is primarily for tests and will throw if NODE_ENV === production\n * @instance\n * @memberof Token\n * @private\n * @returns {Promise}\n */\n validate() {\n if (process.env.NODE_ENV === 'production') {\n throw new Error('Token#validate() must not be used in production');\n }\n\n return this.webex\n .request({\n method: 'POST',\n service: 'conversation',\n resource: 'users/validateAuthToken',\n body: {\n token: this.access_token,\n },\n })\n .catch((reason) => {\n if ('statusCode' in reason) {\n return Promise.reject(reason);\n }\n this.logger.info(\"REMINDER: If you're investigating a network error here, it's normal\");\n\n // If we got an error that isn't a WebexHttpError, assume the problem is\n // that we don't have the wdm plugin loaded and service/resource isn't\n // a valid means of identifying a request.\n const convApi =\n process.env.CONVERSATION_SERVICE ||\n process.env.CONVERSATION_SERVICE_URL ||\n 'https://conv-a.wbx2.com/conversation/api/v1';\n\n return this.webex.request({\n method: 'POST',\n uri: `${convApi}/users/validateAuthToken`,\n body: {\n token: this.access_token,\n },\n headers: {\n authorization: `Bearer ${this.access_token}`,\n },\n });\n })\n .then((res) => res.body);\n },\n});\n\nexport default Token;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA;;AACA;;AAEA;;AACA;;AAEA;;AACA;;;;;;;;;;;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,iBAAT,CAA2BC,GAA3B,EAAgC;EAC9B,IAAIA,GAAG,CAACC,UAAJ,KAAmB,GAAvB,EAA4B;IAC1B,OAAO,iBAAQC,MAAR,CAAeF,GAAf,CAAP;EACD;;EAED,IAAMG,gBAAgB,GAAGC,oBAAA,CAAYC,MAAZ,CAAmBL,GAAG,CAACM,IAAJ,CAASC,KAA5B,CAAzB;;EAEA,IAAIJ,gBAAgB,KAAKK,uBAArB,IAAmCR,GAAG,YAAYS,uBAAtD,EAAsE;IACpE,OAAO,iBAAQP,MAAR,CAAeF,GAAf,CAAP;EACD;;EACD,IAAI,CAACG,gBAAL,EAAuB;IACrB,OAAO,iBAAQD,MAAR,CAAeF,GAAf,CAAP;EACD;;EAED,OAAO,iBAAQE,MAAR,CAAe,IAAIC,gBAAJ,CAAqBH,GAAG,CAACU,IAAJ,IAAYV,GAAjC,CAAf,CAAP;AACD;AAED;AACA;AACA;;;AACA,IAAMW,KAAK,GAAGC,oBAAA,CAAYC,MAAZ,SA4LX,IAAAC,iBAAA,EAAU;EACTC,UADS,sBACEC,KADF,EACS;IAChB,OAAOA,KAAP;EACD;AAHQ,CAAV,CA5LW,UAAmB;EAC/BC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,YAAY,EAAE;MACZC,IAAI,EAAE,CAAC,cAAD,EAAiB,WAAjB,CADM;MAEZC,EAFY,gBAEP;QACH,OAAO,CAAC,CAAC,KAAKC,YAAP,IAAuB,CAAC,KAAKC,SAApC;MACD;IAJW,CAVP;;IAiBP;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,YAAY,EAAE;MACZJ,IAAI,EAAE,CAAC,cAAD,CADM;MAEZC,EAFY,gBAEP;QACH,OAAO,KAAKF,YAAL,IAAqB,CAAC,CAAC,KAAKM,MAAL,CAAYC,SAA1C;MACD;IAJW,CA/BP;;IAsCP;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,UAAU,EAAE;MACVP,IAAI,EAAE,CAAC,eAAD,CADI;MAEVC,EAFU,gBAEL;QACH,IAAIO,iBAAJ,EAAe;UACb,OAAO,CAAC,CAAC,KAAKC,aAAP,IAAwB,CAAC,CAAC,KAAKJ,MAAL,CAAYK,eAA7C;QACD;;QAED,OAAO,CAAC,CAAC,KAAKD,aAAP,IAAwB,CAAC,CAAC,KAAKJ,MAAL,CAAYM,aAA7C;MACD;IARS,CApDL;;IA+DP;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;IACIR,SAAS,EAAE;MACTH,IAAI,EAAE,CAAC,SAAD,EAAY,YAAZ,CADG;MAETC,EAFS,gBAEJ;QACH;QACA;QACA,OAAO,CAAC,CAAC,KAAKW,OAAP,IAAkB,KAAKC,UAA9B;MACD;IANQ,CAvEJ;;IAgFP;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,OAAO,EAAE;MACPd,IAAI,EAAE,CAAC,cAAD,EAAiB,YAAjB,CADC;MAEPC,EAFO,gBAEF;QACH,IAAI,CAAC,KAAKC,YAAN,IAAsB,CAAC,KAAKa,UAAhC,EAA4C;UAC1C,OAAO,EAAP;QACD;;QAED,iBAAU,KAAKA,UAAf,cAA6B,KAAKb,YAAlC;MACD;IARM;EAxFF,CADsB;EAqG/Bc,SAAS,EAAE,aArGoB;EAuG/BC,KAAK,EAAE;IACL;AACJ;AACA;AACA;AACA;AACA;AACA;IACIpB,KAAK,EAAE,QARF;;IASL;AACJ;AACA;AACA;AACA;IACIK,YAAY,EAAE,QAdT;;IAeL;AACJ;AACA;AACA;AACA;IACIU,OAAO,EAAE,QApBJ;;IAqBL;AACJ;AACA;AACA;AACA;IACIM,UAAU,EAAE,QA1BP;;IA2BL;AACJ;AACA;AACA;AACA;IACIT,aAAa,EAAE,QAhCV;;IAiCL;AACJ;AACA;AACA;AACA;IACIU,qBAAqB,EAAE,QAtClB;;IAuCL;AACJ;AACA;AACA;AACA;IACIC,wBAAwB,EAAE,QA5CrB;;IA6CL;AACJ;AACA;AACA;AACA;AACA;IACIL,UAAU,EAAE;MACVM,OAAO,EAAE,QADC;MAEVC,IAAI,EAAE;IAFI;EAnDP,CAvGwB;EAgK/BC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;AACA;IACIV,UAAU,EAAE;MACVQ,OAAO,EAAE,KADC;MAEVC,IAAI,EAAE;IAFI,CARL;;IAYP;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIE,aAAa,EAAE;MACbF,IAAI,EAAE;IADO;EAvBR,CAhKsB;;EAiM/B;AACF;AACA;AACA;AACA;AACA;AACA;EACEG,SAxM+B,qBAwMrB5B,KAxMqB,EAwMd;IAAA;;IACf,KAAK6B,MAAL,CAAYC,IAAZ,uCAAgD9B,KAAhD;;IAEA,IAAI,KAAKM,SAAT,EAAoB;MAClB,KAAKuB,MAAL,CAAYC,IAAZ,CAAiB,2DAAjB;MAEA,OAAO,iBAAQ5C,MAAR,CAAe,IAAI6C,KAAJ,CAAU,uCAAV,CAAf,CAAP;IACD;;IAED,IAAI,CAAC,KAAKxB,YAAV,EAAwB;MACtB,IAAI,KAAKC,MAAL,CAAYC,SAAhB,EAA2B;QACzB,KAAKoB,MAAL,CAAYC,IAAZ,CAAiB,2DAAjB;MACD,CAFD,MAEO;QACL,KAAKD,MAAL,CAAYG,KAAZ,CAAkB,2CAAlB;MACD;;MAED,OAAO,iBAAQ9C,MAAR,CAAe,IAAI6C,KAAJ,CAAU,+BAAV,CAAf,CAAP;IACD,CAjBc,CAmBf;IACA;;;IACA,IAAI/B,KAAJ,EAAW;MACTA,KAAK,GAAG,IAAAiC,gBAAA,EAAUjC,KAAV,CAAR;IACD,CAvBc,CAyBf;IACA;IACA;;;IACA,IAAIA,KAAK,KAAK,IAAAiC,gBAAA,EAAU,KAAKzB,MAAL,CAAYR,KAAtB,CAAd,EAA4C;MAC1C,OAAO,iBAAQd,MAAR,CAAe,IAAI6C,KAAJ,CAAU,iDAAV,CAAf,CAAP;IACD;;IAED,OAAO,KAAKG,KAAL,CACJC,OADI,CACI;MACPC,MAAM,EAAE,MADD;MAEPC,GAAG,EAAE,KAAK7B,MAAL,CAAY8B,QAFV;MAGPC,aAAa,EAAE,KAHR;MAIPC,IAAI,EAAE;QACJC,UAAU,EAAE,4CADR;QAEJC,KAAK,EAAE,KAAKrC,YAFR;QAGJL,KAAK,EAALA,KAHI;QAIJS,SAAS,EAAE,KAAKD,MAAL,CAAYC,SAJnB;QAKJkC,oBAAoB,EAAE;MALlB;IAJC,CADJ,EAaJC,IAbI,CAaC,UAAC5D,GAAD,EAAS;MACb,KAAI,CAAC6C,MAAL,CAAYC,IAAZ,sCAA+C9B,KAA/C;;MAEA,OAAO,IAAIL,KAAJ,CAAU,qBAAcX,GAAG,CAACM,IAAlB,EAAwB;QAACU,KAAK,EAALA;MAAD,CAAxB,CAAV,EAA4C;QAAC6C,MAAM,EAAE,KAAI,CAACA;MAAd,CAA5C,CAAP;IACD,CAjBI,CAAP;EAkBD,CA1P8B;;EA4P/B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UArQ+B,wBAqQM;IAAA;;IAAA,IAA1BC,KAA0B,uEAAlB,EAAkB;IAAA,IAAdC,OAAc,uEAAJ,EAAI;IACnC,oBAAcpD,oBAAA,CAAYqD,SAAZ,CAAsBH,UAApC,EAAgD,IAAhD,EAAsD,CAACC,KAAD,EAAQC,OAAR,CAAtD;;IAEA,IAAI,OAAOD,KAAP,KAAiB,QAArB,EAA+B;MAC7B,KAAK1C,YAAL,GAAoB0C,KAApB;IACD;;IAED,IAAI,CAAC,KAAK1C,YAAV,EAAwB;MACtB,MAAM,IAAI0B,KAAJ,CAAU,4BAAV,CAAN;IACD,CATkC,CAWnC;IACA;;;IACA,IAAI,KAAKhB,OAAT,EAAkB;MAChB,IAAI,KAAKA,OAAL,GAAe,mBAAnB,EAA+B;QAC7B,KAAKC,UAAL,GAAkB,IAAlB;MACD,CAFD,MAEO;QACL,IAAAkC,4BAAA,EAAe,YAAM;UACnB,MAAI,CAAClC,UAAL,GAAkB,IAAlB;QACD,CAFD,EAEG,KAAKD,OAAL,GAAe,mBAFlB;MAGD;IACF;EACF,CA3R8B;;EA8R/B;AACF;AACA;AACA;AACA;AACA;AACA;EACEoC,OArS+B,qBAqSrB;IAAA;;IACR,IAAI,CAAC,KAAKzC,UAAV,EAAsB;MACpB,MAAM,IAAIqB,KAAJ,CAAU,+DAAV,CAAN;IACD;;IAED,IAAIqB,OAAJ;;IAEA,IAAIzC,iBAAJ,EAAe;MACb,IAAI,CAAC,KAAKH,MAAL,CAAYK,eAAjB,EAAkC;QAChC,MAAM,IAAIkB,KAAJ,CAAU,qDAAV,CAAN;MACD;;MAEDqB,OAAO,GAAG,iBAAQC,OAAR,CAAgB,KAAK7C,MAAL,CAAYK,eAAZ,CAA4B,KAAKqB,KAAjC,EAAwC,IAAxC,CAAhB,CAAV;IACD;;IAED,OAAO,CACLkB,OAAO,IACP,KAAKlB,KAAL,CACGC,OADH,CACW;MACPC,MAAM,EAAE,MADD;MAEPC,GAAG,EAAE,KAAK7B,MAAL,CAAY8B,QAFV;MAGPE,IAAI,EAAE;QACJC,UAAU,EAAE,eADR;QAEJa,YAAY,EAAE,KAAK9C,MAAL,CAAY8C,YAFtB;QAGJ1C,aAAa,EAAE,KAAKA;MAHhB,CAHC;MAQP2C,IAAI,EAAE;QACJC,IAAI,EAAE,KAAKhD,MAAL,CAAYC,SADd;QAEJgD,IAAI,EAAE,KAAKjD,MAAL,CAAYM,aAFd;QAGJ4C,eAAe,EAAE;MAHb,CARC;MAaPC,wBAAwB,EAAE;IAbnB,CADX,EAgBGf,IAhBH,CAgBQ,UAAC5D,GAAD;MAAA,OAASA,GAAG,CAACM,IAAb;IAAA,CAhBR,CAFK,EAoBJsD,IApBI,CAoBC,UAACgB,GAAD,EAAS;MACb,IAAI,CAACA,GAAL,EAAU;QACR,MAAM,IAAI7B,KAAJ,CAAU,oDAAV,CAAN;MACD,CAHY,CAIb;MACA;MACA;;;MACA,IAAI,CAAC6B,GAAG,CAAChD,aAAT,EAAwB;QACtB,qBACEgD,GADF,EAEE,oBAAK,MAAL,EAAW,eAAX,EAA4B,uBAA5B,EAAqD,0BAArD,CAFF;MAID,CAZY,CAcb;MACA;;;MACA,IAAI,MAAI,CAACvD,YAAL,KAAsBuD,GAAG,CAACvD,YAA9B,EAA4C;QAC1C,MAAI,CAACwB,MAAL,CAAYtC,KAAZ,CAAkB,wCAAlB,EAD0C,CAE1C;;;QACA,IAAIsE,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;UACzC,MAAI,CAAClC,MAAL,CAAYtC,KAAZ,CAAkB,uBAAlB,EAA2C,MAAI,CAACc,YAAhD;;UACA,MAAI,CAACwB,MAAL,CAAYtC,KAAZ,CAAkB,mBAAlB,EAAuCqE,GAAG,CAACvD,YAA3C;QACD;;QAED,OAAO,iBAAQnB,MAAR,CAAe,IAAI6C,KAAJ,CAAU,iCAAV,CAAf,CAAP;MACD;;MAED,IAAI,MAAI,CAACJ,aAAT,EAAwB;QACtB,MAAI,CAACA,aAAL,CAAmBqC,MAAnB;;QACA,MAAI,CAACC,KAAL,CAAW,eAAX;MACD;;MAEDL,GAAG,CAACjC,aAAJ,GAAoB,MAApB;MACAiC,GAAG,CAAC5D,KAAJ,GAAY,MAAI,CAACA,KAAjB;MAEA,OAAO,IAAIL,KAAJ,CAAUiE,GAAV,EAAe;QAACf,MAAM,EAAE,MAAI,CAACA;MAAd,CAAf,CAAP;IACD,CAxDI,EAyDJqB,KAzDI,CAyDEnF,iBAzDF,CAAP;EA0DD,CA9W8B;;EAiX/B;AACF;AACA;AACA;AACA;AACA;EACEiF,MAvX+B,oBAuXtB;IAAA;;IACP,IAAI,KAAK1D,SAAT,EAAoB;MAClB,KAAKuB,MAAL,CAAYC,IAAZ,CAAiB,8DAAjB;MAEA,OAAO,iBAAQuB,OAAR,EAAP;IACD;;IAED,IAAI,CAAC,KAAKnD,YAAV,EAAwB;MACtB,KAAK2B,MAAL,CAAYC,IAAZ,CAAiB,uDAAjB;MAEA,OAAO,iBAAQuB,OAAR,EAAP;IACD,CAXM,CAaP;IACA;IACA;IACA;IACA;IACA;;;IACA,IAAI,CAAC,KAAK7C,MAAL,CAAYM,aAAjB,EAAgC;MAC9B,KAAKe,MAAL,CAAYC,IAAZ,CAAiB,kEAAjB;MAEA,OAAO,iBAAQuB,OAAR,EAAP;IACD;;IAED,KAAKxB,MAAL,CAAYC,IAAZ,CAAiB,8BAAjB;IAEA,OAAO,KAAKI,KAAL,CACJC,OADI,CACI;MACPC,MAAM,EAAE,MADD;MAEPC,GAAG,EAAE,KAAK7B,MAAL,CAAY2D,SAFV;MAGP3B,IAAI,EAAE;QACJE,KAAK,EAAE,KAAKrC,YADR;QAEJ+D,eAAe,EAAE;MAFb,CAHC;MAOPb,IAAI,EAAE;QACJC,IAAI,EAAE,KAAKhD,MAAL,CAAYC,SADd;QAEJgD,IAAI,EAAE,KAAKjD,MAAL,CAAYM,aAFd;QAGJ4C,eAAe,EAAE;MAHb,CAPC;MAYPC,wBAAwB,EAAE;IAZnB,CADJ,EAeJf,IAfI,CAeC,YAAM;MACV,MAAI,CAACqB,KAAL,CAAW,CAAC,cAAD,EAAiB,SAAjB,EAA4B,YAA5B,EAA0C,YAA1C,CAAX;;MACA,MAAI,CAACpC,MAAL,CAAYC,IAAZ,CAAiB,6BAAjB;IACD,CAlBI,EAmBJoC,KAnBI,CAmBEnF,iBAnBF,CAAP;EAoBD,CAta8B;EAwa/BsF,GAxa+B,iBAwalB;IACX;IACA,4BAAuB,KAAKC,oBAAL,uBAAvB;IAAA;IAAA,IAAKvB,KAAL;IAAA,IAAYC,OAAZ;;IAEA,IAAI,CAACD,KAAK,CAAC7B,UAAP,IAAqB6B,KAAK,CAAC1C,YAA3B,IAA2C0C,KAAK,CAAC1C,YAAN,CAAmBkE,QAAnB,CAA4B,GAA5B,CAA/C,EAAiF;MAC/E,4BAAmCxB,KAAK,CAAC1C,YAAN,CAAmBmE,KAAnB,CAAyB,GAAzB,CAAnC;MAAA;MAAA,IAAOtD,UAAP;MAAA,IAAmBb,YAAnB;;MAEA0C,KAAK,mCAAOA,KAAP;QAAc1C,YAAY,EAAZA,YAAd;QAA4Ba,UAAU,EAAVA;MAA5B,EAAL;IACD;;IACD,IAAMuD,GAAG,GAAG,mBAAZ;;IAEA,IAAI,CAAC1B,KAAK,CAAChC,OAAP,IAAkBgC,KAAK,CAAC1B,UAA5B,EAAwC;MACtC0B,KAAK,CAAChC,OAAN,GAAgB0D,GAAG,GAAG1B,KAAK,CAAC1B,UAAN,GAAmB,IAAzC;IACD;;IAED,IAAI,CAAC0B,KAAK,CAACzB,qBAAP,IAAgCyB,KAAK,CAACxB,wBAA1C,EAAoE;MAClEwB,KAAK,CAACzB,qBAAN,GAA8BmD,GAAG,GAAG1B,KAAK,CAACxB,wBAAN,GAAiC,IAArE;IACD;;IAED,IAAIwB,KAAK,CAAC/C,KAAV,EAAiB;MACf+C,KAAK,CAAC/C,KAAN,GAAc,IAAAiC,gBAAA,EAAUc,KAAK,CAAC/C,KAAhB,CAAd;IACD;;IAED,OAAO,oBAAcJ,oBAAA,CAAYqD,SAAZ,CAAsBoB,GAApC,EAAyC,IAAzC,EAA+C,CAACtB,KAAD,EAAQC,OAAR,CAA/C,CAAP;EACD,CAhc8B;;EAkc/B;AACF;AACA;AACA;AACA;AACA;AACA;EACE0B,QAzc+B,sBAycpB;IACT,IAAI,CAAC,KAAKzD,OAAV,EAAmB;MACjB,MAAM,IAAIc,KAAJ,CAAU,wBAAV,CAAN;IACD;;IAED,OAAO,KAAKd,OAAZ;EACD,CA/c8B;;EAid/B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE0D,QAzd+B,sBAydpB;IAAA;;IACT,IAAId,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;MACzC,MAAM,IAAIhC,KAAJ,CAAU,iDAAV,CAAN;IACD;;IAED,OAAO,KAAKG,KAAL,CACJC,OADI,CACI;MACPC,MAAM,EAAE,MADD;MAEPwC,OAAO,EAAE,cAFF;MAGPC,QAAQ,EAAE,yBAHH;MAIPvF,IAAI,EAAE;QACJoD,KAAK,EAAE,KAAKrC;MADR;IAJC,CADJ,EASJ6D,KATI,CASE,UAACY,MAAD,EAAY;MACjB,IAAI,gBAAgBA,MAApB,EAA4B;QAC1B,OAAO,iBAAQ5F,MAAR,CAAe4F,MAAf,CAAP;MACD;;MACD,MAAI,CAACjD,MAAL,CAAYC,IAAZ,CAAiB,qEAAjB,EAJiB,CAMjB;MACA;MACA;;;MACA,IAAMiD,OAAO,GACXlB,OAAO,CAACC,GAAR,CAAYkB,oBAAZ,IACAnB,OAAO,CAACC,GAAR,CAAYmB,wBADZ,IAEA,6CAHF;MAKA,OAAO,MAAI,CAAC/C,KAAL,CAAWC,OAAX,CAAmB;QACxBC,MAAM,EAAE,MADgB;QAExBC,GAAG,YAAK0C,OAAL,6BAFqB;QAGxBzF,IAAI,EAAE;UACJoD,KAAK,EAAE,MAAI,CAACrC;QADR,CAHkB;QAMxB6E,OAAO,EAAE;UACPC,aAAa,mBAAY,MAAI,CAAC9E,YAAjB;QADN;MANe,CAAnB,CAAP;IAUD,CAjCI,EAkCJuC,IAlCI,CAkCC,UAAC5D,GAAD;MAAA,OAASA,GAAG,CAACM,IAAb;IAAA,CAlCD,CAAP;EAmCD,CAjgB8B;EAAA;AAAA,CAAnB,kMA6RXQ,iBA7RW,4HAgXXA,iBAhXW,0EAAd;;eAogBeH,K"}
1
+ {"version":3,"names":["processGrantError","res","statusCode","reject","ErrorConstructor","grantErrors","select","body","error","OAuthError","WebexHttpError","_res","Token","WebexPlugin","extend","oneFlight","keyFactory","scope","derived","canAuthorize","deps","fn","access_token","isExpired","canDownscope","config","client_id","canRefresh","inBrowser","refresh_token","refreshCallback","client_secret","expires","_isExpired","_string","token_type","namespace","props","expires_in","refresh_token_expires","refresh_token_expires_in","default","type","session","previousToken","downscope","logger","info","Error","trace","sortScope","webex","request","method","uri","tokenUrl","addAuthHeader","form","grant_type","token","self_contained_token","then","parent","initialize","attrs","options","prototype","safeSetTimeout","refresh","promise","resolve","redirect_uri","auth","user","pass","sendImmediately","shouldRefreshAccessToken","obj","process","env","NODE_ENV","revoke","unset","catch","revokeUrl","token_type_hint","set","_filterSetParameters","includes","split","now","toString","validate","service","resource","reason","convApi","CONVERSATION_SERVICE","CONVERSATION_SERVICE_URL","headers","authorization"],"sources":["token.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {pick} from 'lodash';\nimport {inBrowser, oneFlight} from '@webex/common';\nimport {safeSetTimeout} from '@webex/common-timers';\n\nimport WebexHttpError from '../webex-http-error';\nimport WebexPlugin from '../webex-plugin';\n\nimport {sortScope} from './scope';\nimport grantErrors, {OAuthError} from './grant-errors';\n\n/* eslint-disable camelcase */\n\n/**\n * Parse response from CI and converts to structured error when appropriate\n * @param {WebexHttpError} res\n * @private\n * @returns {GrantError}\n */\nfunction processGrantError(res) {\n if (res.statusCode !== 400) {\n return Promise.reject(res);\n }\n\n const ErrorConstructor = grantErrors.select(res.body.error);\n\n if (ErrorConstructor === OAuthError && res instanceof WebexHttpError) {\n return Promise.reject(res);\n }\n if (!ErrorConstructor) {\n return Promise.reject(res);\n }\n\n return Promise.reject(new ErrorConstructor(res._res || res));\n}\n\n/**\n * @class\n */\nconst Token = WebexPlugin.extend({\n derived: {\n /**\n * Indicates if this token can be used in an auth header. `true` iff\n * {@link Token#access_token} is defined and {@link Token#isExpired} is\n * false.\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canAuthorize: {\n deps: ['access_token', 'isExpired'],\n fn() {\n return !!this.access_token && !this.isExpired;\n },\n },\n\n /**\n * Indicates that this token can be downscoped. `true` iff\n * {@link config.credentials.client_id} is defined and if\n * {@link Token#canAuthorize} is true\n *\n * Note: since {@link config} is not evented, we can't listen for changes to\n * {@link config.credentials.client_id}. As such,\n * {@link config.credentials.client_id} must always be set before\n * instantiating a {@link Token}\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canDownscope: {\n deps: ['canAuthorize'],\n fn() {\n return this.canAuthorize && !!this.config.client_id;\n },\n },\n\n /**\n * Indicates if this token can be refreshed. `true` iff\n * {@link Token@refresh_token} is defined and\n * {@link config.credentials.refreshCallback()} is defined\n *\n * Note: since {@link config} is not evented, we can't listen for changes to\n * {@link config.credentials.refreshCallback()}. As such,\n * {@link config.credentials.refreshCallback()} must always be set before\n * instantiating a {@link Token}\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n canRefresh: {\n deps: ['refresh_token'],\n fn() {\n if (inBrowser) {\n return !!this.refresh_token && !!this.config.refreshCallback;\n }\n\n return !!this.refresh_token && !!this.config.client_secret;\n },\n },\n\n /**\n * Indicates if this `Token` is expired. `true` iff {@link Token#expires} is\n * defined and is less than {@link Date.now()}.\n * @instance\n * @memberof Token\n * @readonly\n * @type {boolean}\n */\n isExpired: {\n deps: ['expires', '_isExpired'],\n fn() {\n // in order to avoid setting `cache:false`, we'll use a private property\n // and a timer rather than comparing to `Date.now()`;\n return !!this.expires && this._isExpired;\n },\n },\n\n /**\n * Cache for toString()\n * @instance\n * @memberof Token\n * @private\n * @readonly\n * @type {string}\n */\n _string: {\n deps: ['access_token', 'token_type'],\n fn() {\n if (!this.access_token || !this.token_type) {\n return '';\n }\n\n return `${this.token_type} ${this.access_token}`;\n },\n },\n },\n\n namespace: 'Credentials',\n\n props: {\n /**\n * Used for indexing in the credentials userTokens collection\n * @instance\n * @memberof Token\n * @private\n * @type {string}\n */\n scope: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {string}\n */\n access_token: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n expires: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n expires_in: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {string}\n */\n refresh_token: 'string',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n refresh_token_expires: 'number',\n /**\n * @instance\n * @memberof Token\n * @type {number}\n */\n refresh_token_expires_in: 'number',\n /**\n * @default \"Bearer\"\n * @instance\n * @memberof Token\n * @type {string}\n */\n token_type: {\n default: 'Bearer',\n type: 'string',\n },\n },\n\n session: {\n /**\n * Used by {@link Token#isExpired} to avoid doing a Date comparison.\n * @instance\n * @memberof Token\n * @private\n * @type {boolean}\n */\n _isExpired: {\n default: false,\n type: 'boolean',\n },\n /**\n * Handle to the previous token that we'll revoke when we refresh this\n * token. The idea is to keep allow two valid tokens when a refresh occurs;\n * we don't want revoke a token that's in the middle of being used, so when\n * we do a token refresh, we won't revoke the token being refreshed, but\n * we'll revoke the previous one.\n * @instance\n * @memberof Token\n * @private\n * @type {Object}\n */\n previousToken: {\n type: 'state',\n },\n },\n\n @oneFlight({\n keyFactory(scope) {\n return scope;\n },\n })\n /**\n * Uses this token to request a new Token with a subset of this Token's scopes\n * @instance\n * @memberof Token\n * @param {string} scope\n * @returns {Promise<Token>}\n */\n downscope(scope) {\n this.logger.info(`token: downscoping token to ${scope}`);\n\n if (this.isExpired) {\n this.logger.info('token: request received to downscope expired access_token');\n\n return Promise.reject(new Error('cannot downscope expired access token'));\n }\n\n if (!this.canDownscope) {\n if (this.config.client_id) {\n this.logger.info('token: request received to downscope invalid access_token');\n } else {\n this.logger.trace('token: cannot downscope without client_id');\n }\n\n return Promise.reject(new Error('cannot downscope access token'));\n }\n\n // Since we're going to use scope as the index in our token collection, it's\n // important scopes are always deterministically specified.\n if (scope) {\n scope = sortScope(scope);\n }\n\n // Ideally, we could depend on the service to communicate this error, but\n // all we get is \"invalid scope\", which, to the lay person, implies\n // something wrong with *one* of the scopes, not the whole thing.\n if (scope === sortScope(this.config.scope)) {\n return Promise.reject(new Error('token: scope reduction requires a reduced scope'));\n }\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n addAuthHeader: false,\n form: {\n grant_type: 'urn:cisco:oauth:grant-type:scope-reduction',\n token: this.access_token,\n scope,\n client_id: this.config.client_id,\n self_contained_token: true,\n },\n })\n .then((res) => {\n this.logger.info(`token: downscoped token to ${scope}`);\n\n return new Token(Object.assign(res.body, {scope}), {parent: this.parent});\n });\n },\n\n /**\n * Initializer\n * @instance\n * @memberof Token\n * @param {Object} [attrs={}]\n * @param {Object} [options={}]\n * @see {@link WebexPlugin#initialize()}\n * @returns {Token}\n */\n initialize(attrs = {}, options = {}) {\n Reflect.apply(WebexPlugin.prototype.initialize, this, [attrs, options]);\n\n if (typeof attrs === 'string') {\n this.access_token = attrs;\n }\n\n if (!this.access_token) {\n throw new Error('`access_token` is required');\n }\n\n // We don't want the derived property `isExpired` to need {cache:false}, so\n // we'll set up a timer the runs when this token should expire.\n if (this.expires) {\n if (this.expires < Date.now()) {\n this._isExpired = true;\n } else {\n safeSetTimeout(() => {\n this._isExpired = true;\n }, this.expires - Date.now());\n }\n }\n },\n\n @oneFlight\n /**\n * Refreshes this Token. Relies on\n * {@link config.credentials.refreshCallback()}\n * @instance\n * @memberof Token\n * @returns {Promise<Token>}\n */\n refresh() {\n if (!this.canRefresh) {\n throw new Error('Not enough information available to refresh this access token');\n }\n\n let promise;\n\n if (inBrowser) {\n if (!this.config.refreshCallback) {\n throw new Error('Cannot refresh access token without refreshCallback');\n }\n\n promise = Promise.resolve(this.config.refreshCallback(this.webex, this));\n }\n\n return (\n promise ||\n this.webex\n .request({\n method: 'POST',\n uri: this.config.tokenUrl,\n form: {\n grant_type: 'refresh_token',\n redirect_uri: this.config.redirect_uri,\n refresh_token: this.refresh_token,\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n })\n .then((res) => res.body)\n )\n .then((obj) => {\n if (!obj) {\n throw new Error('token: refreshCallback() did not produce an object');\n }\n // If the authentication server did not send back a refresh token, copy\n // the current refresh token and related values to the response (note:\n // at time of implementation, CI never sends a new refresh token)\n if (!obj.refresh_token) {\n Object.assign(\n obj,\n pick(this, 'refresh_token', 'refresh_token_expires', 'refresh_token_expires_in')\n );\n }\n\n // If the new token is the same as the previous token, then we may have\n // found a bug in CI; log the details and reject the Promise\n if (this.access_token === obj.access_token) {\n this.logger.error('token: new token matches current token');\n // log the tokens if it is not production\n if (process.env.NODE_ENV !== 'production') {\n this.logger.error('token: current token:', this.access_token);\n this.logger.error('token: new token:', obj.access_token);\n }\n\n return Promise.reject(new Error('new token matches current token'));\n }\n\n if (this.previousToken) {\n this.previousToken.revoke();\n this.unset('previousToken');\n }\n\n obj.previousToken = this;\n obj.scope = this.scope;\n\n return new Token(obj, {parent: this.parent});\n })\n .catch(processGrantError);\n },\n\n @oneFlight\n /**\n * Revokes this token and unsets its local properties\n * @instance\n * @memberof Token\n * @returns {Promise}\n */\n revoke() {\n if (this.isExpired) {\n this.logger.info('token: already expired, not making making revocation request');\n\n return Promise.resolve();\n }\n\n if (!this.canAuthorize) {\n this.logger.info('token: no longer valid, not making revocation request');\n\n return Promise.resolve();\n }\n\n // FIXME we need to use the user token revocation endpoint to revoke a token\n // without a client_secret, but it doesn't current support using a token to\n // revoke itself\n // Note: I'm not making a canRevoke property because there should be changes\n // coming to the user token revocation endpoint that allow us to do this\n // correctly.\n if (!this.config.client_secret) {\n this.logger.info('token: no client secret available, not making revocation request');\n\n return Promise.resolve();\n }\n\n this.logger.info('token: revoking access token');\n\n return this.webex\n .request({\n method: 'POST',\n uri: this.config.revokeUrl,\n form: {\n token: this.access_token,\n token_type_hint: 'access_token',\n },\n auth: {\n user: this.config.client_id,\n pass: this.config.client_secret,\n sendImmediately: true,\n },\n shouldRefreshAccessToken: false,\n })\n .then(() => {\n this.unset(['access_token', 'expires', 'expires_in', 'token_type']);\n this.logger.info('token: access token revoked');\n })\n .catch(processGrantError);\n },\n\n set(...args) {\n // eslint-disable-next-line prefer-const\n let [attrs, options] = this._filterSetParameters(...args);\n\n if (!attrs.token_type && attrs.access_token && attrs.access_token.includes(' ')) {\n const [token_type, access_token] = attrs.access_token.split(' ');\n\n attrs = {...attrs, access_token, token_type};\n }\n const now = Date.now();\n\n if (!attrs.expires && attrs.expires_in) {\n attrs.expires = now + attrs.expires_in * 1000;\n }\n\n if (!attrs.refresh_token_expires && attrs.refresh_token_expires_in) {\n attrs.refresh_token_expires = now + attrs.refresh_token_expires_in * 1000;\n }\n\n if (attrs.scope) {\n attrs.scope = sortScope(attrs.scope);\n }\n\n return Reflect.apply(WebexPlugin.prototype.set, this, [attrs, options]);\n },\n\n /**\n * Renders the token object as an HTTP Header Value\n * @instance\n * @memberof Token\n * @returns {string}\n * @see {@link Object#toString()}\n */\n toString() {\n if (!this._string) {\n throw new Error('cannot stringify Token');\n }\n\n return this._string;\n },\n\n /**\n * Uses a non-producation api to return information about this token. This\n * method is primarily for tests and will throw if NODE_ENV === production\n * @instance\n * @memberof Token\n * @private\n * @returns {Promise}\n */\n validate() {\n if (process.env.NODE_ENV === 'production') {\n throw new Error('Token#validate() must not be used in production');\n }\n\n return this.webex\n .request({\n method: 'POST',\n service: 'conversation',\n resource: 'users/validateAuthToken',\n body: {\n token: this.access_token,\n },\n })\n .catch((reason) => {\n if ('statusCode' in reason) {\n return Promise.reject(reason);\n }\n this.logger.info(\"REMINDER: If you're investigating a network error here, it's normal\");\n\n // If we got an error that isn't a WebexHttpError, assume the problem is\n // that we don't have the wdm plugin loaded and service/resource isn't\n // a valid means of identifying a request.\n const convApi =\n process.env.CONVERSATION_SERVICE ||\n process.env.CONVERSATION_SERVICE_URL ||\n 'https://conv-a.wbx2.com/conversation/api/v1';\n\n return this.webex.request({\n method: 'POST',\n uri: `${convApi}/users/validateAuthToken`,\n body: {\n token: this.access_token,\n },\n headers: {\n authorization: `Bearer ${this.access_token}`,\n },\n });\n })\n .then((res) => res.body);\n },\n});\n\nexport default Token;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAKA;AACA;AAEA;AACA;AAEA;AACA;AAAuD;AAAA;AAAA;AAAA;AAAA;AAEvD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,iBAAiB,CAACC,GAAG,EAAE;EAC9B,IAAIA,GAAG,CAACC,UAAU,KAAK,GAAG,EAAE;IAC1B,OAAO,iBAAQC,MAAM,CAACF,GAAG,CAAC;EAC5B;EAEA,IAAMG,gBAAgB,GAAGC,oBAAW,CAACC,MAAM,CAACL,GAAG,CAACM,IAAI,CAACC,KAAK,CAAC;EAE3D,IAAIJ,gBAAgB,KAAKK,uBAAU,IAAIR,GAAG,YAAYS,uBAAc,EAAE;IACpE,OAAO,iBAAQP,MAAM,CAACF,GAAG,CAAC;EAC5B;EACA,IAAI,CAACG,gBAAgB,EAAE;IACrB,OAAO,iBAAQD,MAAM,CAACF,GAAG,CAAC;EAC5B;EAEA,OAAO,iBAAQE,MAAM,CAAC,IAAIC,gBAAgB,CAACH,GAAG,CAACU,IAAI,IAAIV,GAAG,CAAC,CAAC;AAC9D;;AAEA;AACA;AACA;AACA,IAAMW,KAAK,GAAGC,oBAAW,CAACC,MAAM,SA4L7B,IAAAC,iBAAS,EAAC;EACTC,UAAU,sBAACC,KAAK,EAAE;IAChB,OAAOA,KAAK;EACd;AACF,CAAC,CAAC,UAhM6B;EAC/BC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,YAAY,EAAE;MACZC,IAAI,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC;MACnCC,EAAE,gBAAG;QACH,OAAO,CAAC,CAAC,IAAI,CAACC,YAAY,IAAI,CAAC,IAAI,CAACC,SAAS;MAC/C;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,YAAY,EAAE;MACZJ,IAAI,EAAE,CAAC,cAAc,CAAC;MACtBC,EAAE,gBAAG;QACH,OAAO,IAAI,CAACF,YAAY,IAAI,CAAC,CAAC,IAAI,CAACM,MAAM,CAACC,SAAS;MACrD;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,UAAU,EAAE;MACVP,IAAI,EAAE,CAAC,eAAe,CAAC;MACvBC,EAAE,gBAAG;QACH,IAAIO,iBAAS,EAAE;UACb,OAAO,CAAC,CAAC,IAAI,CAACC,aAAa,IAAI,CAAC,CAAC,IAAI,CAACJ,MAAM,CAACK,eAAe;QAC9D;QAEA,OAAO,CAAC,CAAC,IAAI,CAACD,aAAa,IAAI,CAAC,CAAC,IAAI,CAACJ,MAAM,CAACM,aAAa;MAC5D;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;IACIR,SAAS,EAAE;MACTH,IAAI,EAAE,CAAC,SAAS,EAAE,YAAY,CAAC;MAC/BC,EAAE,gBAAG;QACH;QACA;QACA,OAAO,CAAC,CAAC,IAAI,CAACW,OAAO,IAAI,IAAI,CAACC,UAAU;MAC1C;IACF,CAAC;IAED;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;IACIC,OAAO,EAAE;MACPd,IAAI,EAAE,CAAC,cAAc,EAAE,YAAY,CAAC;MACpCC,EAAE,gBAAG;QACH,IAAI,CAAC,IAAI,CAACC,YAAY,IAAI,CAAC,IAAI,CAACa,UAAU,EAAE;UAC1C,OAAO,EAAE;QACX;QAEA,iBAAU,IAAI,CAACA,UAAU,cAAI,IAAI,CAACb,YAAY;MAChD;IACF;EACF,CAAC;EAEDc,SAAS,EAAE,aAAa;EAExBC,KAAK,EAAE;IACL;AACJ;AACA;AACA;AACA;AACA;AACA;IACIpB,KAAK,EAAE,QAAQ;IACf;AACJ;AACA;AACA;AACA;IACIK,YAAY,EAAE,QAAQ;IACtB;AACJ;AACA;AACA;AACA;IACIU,OAAO,EAAE,QAAQ;IACjB;AACJ;AACA;AACA;AACA;IACIM,UAAU,EAAE,QAAQ;IACpB;AACJ;AACA;AACA;AACA;IACIT,aAAa,EAAE,QAAQ;IACvB;AACJ;AACA;AACA;AACA;IACIU,qBAAqB,EAAE,QAAQ;IAC/B;AACJ;AACA;AACA;AACA;IACIC,wBAAwB,EAAE,QAAQ;IAClC;AACJ;AACA;AACA;AACA;AACA;IACIL,UAAU,EAAE;MACVM,OAAO,EAAE,QAAQ;MACjBC,IAAI,EAAE;IACR;EACF,CAAC;EAEDC,OAAO,EAAE;IACP;AACJ;AACA;AACA;AACA;AACA;AACA;IACIV,UAAU,EAAE;MACVQ,OAAO,EAAE,KAAK;MACdC,IAAI,EAAE;IACR,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IACIE,aAAa,EAAE;MACbF,IAAI,EAAE;IACR;EACF,CAAC;EAOD;AACF;AACA;AACA;AACA;AACA;AACA;EACEG,SAAS,qBAAC5B,KAAK,EAAE;IAAA;IACf,IAAI,CAAC6B,MAAM,CAACC,IAAI,uCAAgC9B,KAAK,EAAG;IAExD,IAAI,IAAI,CAACM,SAAS,EAAE;MAClB,IAAI,CAACuB,MAAM,CAACC,IAAI,CAAC,2DAA2D,CAAC;MAE7E,OAAO,iBAAQ5C,MAAM,CAAC,IAAI6C,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3E;IAEA,IAAI,CAAC,IAAI,CAACxB,YAAY,EAAE;MACtB,IAAI,IAAI,CAACC,MAAM,CAACC,SAAS,EAAE;QACzB,IAAI,CAACoB,MAAM,CAACC,IAAI,CAAC,2DAA2D,CAAC;MAC/E,CAAC,MAAM;QACL,IAAI,CAACD,MAAM,CAACG,KAAK,CAAC,2CAA2C,CAAC;MAChE;MAEA,OAAO,iBAAQ9C,MAAM,CAAC,IAAI6C,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnE;;IAEA;IACA;IACA,IAAI/B,KAAK,EAAE;MACTA,KAAK,GAAG,IAAAiC,gBAAS,EAACjC,KAAK,CAAC;IAC1B;;IAEA;IACA;IACA;IACA,IAAIA,KAAK,KAAK,IAAAiC,gBAAS,EAAC,IAAI,CAACzB,MAAM,CAACR,KAAK,CAAC,EAAE;MAC1C,OAAO,iBAAQd,MAAM,CAAC,IAAI6C,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrF;IAEA,OAAO,IAAI,CAACG,KAAK,CACdC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAAC7B,MAAM,CAAC8B,QAAQ;MACzBC,aAAa,EAAE,KAAK;MACpBC,IAAI,EAAE;QACJC,UAAU,EAAE,4CAA4C;QACxDC,KAAK,EAAE,IAAI,CAACrC,YAAY;QACxBL,KAAK,EAALA,KAAK;QACLS,SAAS,EAAE,IAAI,CAACD,MAAM,CAACC,SAAS;QAChCkC,oBAAoB,EAAE;MACxB;IACF,CAAC,CAAC,CACDC,IAAI,CAAC,UAAC5D,GAAG,EAAK;MACb,KAAI,CAAC6C,MAAM,CAACC,IAAI,sCAA+B9B,KAAK,EAAG;MAEvD,OAAO,IAAIL,KAAK,CAAC,qBAAcX,GAAG,CAACM,IAAI,EAAE;QAACU,KAAK,EAALA;MAAK,CAAC,CAAC,EAAE;QAAC6C,MAAM,EAAE,KAAI,CAACA;MAAM,CAAC,CAAC;IAC3E,CAAC,CAAC;EACN,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,wBAA2B;IAAA;IAAA,IAA1BC,KAAK,uEAAG,CAAC,CAAC;IAAA,IAAEC,OAAO,uEAAG,CAAC,CAAC;IACjC,oBAAcpD,oBAAW,CAACqD,SAAS,CAACH,UAAU,EAAE,IAAI,EAAE,CAACC,KAAK,EAAEC,OAAO,CAAC,CAAC;IAEvE,IAAI,OAAOD,KAAK,KAAK,QAAQ,EAAE;MAC7B,IAAI,CAAC1C,YAAY,GAAG0C,KAAK;IAC3B;IAEA,IAAI,CAAC,IAAI,CAAC1C,YAAY,EAAE;MACtB,MAAM,IAAI0B,KAAK,CAAC,4BAA4B,CAAC;IAC/C;;IAEA;IACA;IACA,IAAI,IAAI,CAAChB,OAAO,EAAE;MAChB,IAAI,IAAI,CAACA,OAAO,GAAG,mBAAU,EAAE;QAC7B,IAAI,CAACC,UAAU,GAAG,IAAI;MACxB,CAAC,MAAM;QACL,IAAAkC,4BAAc,EAAC,YAAM;UACnB,MAAI,CAAClC,UAAU,GAAG,IAAI;QACxB,CAAC,EAAE,IAAI,CAACD,OAAO,GAAG,mBAAU,CAAC;MAC/B;IACF;EACF,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;AACA;EACEoC,OAAO,qBAAG;IAAA;IACR,IAAI,CAAC,IAAI,CAACzC,UAAU,EAAE;MACpB,MAAM,IAAIqB,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,IAAIqB,OAAO;IAEX,IAAIzC,iBAAS,EAAE;MACb,IAAI,CAAC,IAAI,CAACH,MAAM,CAACK,eAAe,EAAE;QAChC,MAAM,IAAIkB,KAAK,CAAC,qDAAqD,CAAC;MACxE;MAEAqB,OAAO,GAAG,iBAAQC,OAAO,CAAC,IAAI,CAAC7C,MAAM,CAACK,eAAe,CAAC,IAAI,CAACqB,KAAK,EAAE,IAAI,CAAC,CAAC;IAC1E;IAEA,OAAO,CACLkB,OAAO,IACP,IAAI,CAAClB,KAAK,CACPC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAAC7B,MAAM,CAAC8B,QAAQ;MACzBE,IAAI,EAAE;QACJC,UAAU,EAAE,eAAe;QAC3Ba,YAAY,EAAE,IAAI,CAAC9C,MAAM,CAAC8C,YAAY;QACtC1C,aAAa,EAAE,IAAI,CAACA;MACtB,CAAC;MACD2C,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAAChD,MAAM,CAACC,SAAS;QAC3BgD,IAAI,EAAE,IAAI,CAACjD,MAAM,CAACM,aAAa;QAC/B4C,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;IAC5B,CAAC,CAAC,CACDf,IAAI,CAAC,UAAC5D,GAAG;MAAA,OAAKA,GAAG,CAACM,IAAI;IAAA,EAAC,EAEzBsD,IAAI,CAAC,UAACgB,GAAG,EAAK;MACb,IAAI,CAACA,GAAG,EAAE;QACR,MAAM,IAAI7B,KAAK,CAAC,oDAAoD,CAAC;MACvE;MACA;MACA;MACA;MACA,IAAI,CAAC6B,GAAG,CAAChD,aAAa,EAAE;QACtB,qBACEgD,GAAG,EACH,oBAAK,MAAI,EAAE,eAAe,EAAE,uBAAuB,EAAE,0BAA0B,CAAC,CACjF;MACH;;MAEA;MACA;MACA,IAAI,MAAI,CAACvD,YAAY,KAAKuD,GAAG,CAACvD,YAAY,EAAE;QAC1C,MAAI,CAACwB,MAAM,CAACtC,KAAK,CAAC,wCAAwC,CAAC;QAC3D;QACA,IAAIsE,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;UACzC,MAAI,CAAClC,MAAM,CAACtC,KAAK,CAAC,uBAAuB,EAAE,MAAI,CAACc,YAAY,CAAC;UAC7D,MAAI,CAACwB,MAAM,CAACtC,KAAK,CAAC,mBAAmB,EAAEqE,GAAG,CAACvD,YAAY,CAAC;QAC1D;QAEA,OAAO,iBAAQnB,MAAM,CAAC,IAAI6C,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,IAAI,MAAI,CAACJ,aAAa,EAAE;QACtB,MAAI,CAACA,aAAa,CAACqC,MAAM,EAAE;QAC3B,MAAI,CAACC,KAAK,CAAC,eAAe,CAAC;MAC7B;MAEAL,GAAG,CAACjC,aAAa,GAAG,MAAI;MACxBiC,GAAG,CAAC5D,KAAK,GAAG,MAAI,CAACA,KAAK;MAEtB,OAAO,IAAIL,KAAK,CAACiE,GAAG,EAAE;QAACf,MAAM,EAAE,MAAI,CAACA;MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CACDqB,KAAK,CAACnF,iBAAiB,CAAC;EAC7B,CAAC;EAGD;AACF;AACA;AACA;AACA;AACA;EACEiF,MAAM,oBAAG;IAAA;IACP,IAAI,IAAI,CAAC1D,SAAS,EAAE;MAClB,IAAI,CAACuB,MAAM,CAACC,IAAI,CAAC,8DAA8D,CAAC;MAEhF,OAAO,iBAAQuB,OAAO,EAAE;IAC1B;IAEA,IAAI,CAAC,IAAI,CAACnD,YAAY,EAAE;MACtB,IAAI,CAAC2B,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAO,iBAAQuB,OAAO,EAAE;IAC1B;;IAEA;IACA;IACA;IACA;IACA;IACA;IACA,IAAI,CAAC,IAAI,CAAC7C,MAAM,CAACM,aAAa,EAAE;MAC9B,IAAI,CAACe,MAAM,CAACC,IAAI,CAAC,kEAAkE,CAAC;MAEpF,OAAO,iBAAQuB,OAAO,EAAE;IAC1B;IAEA,IAAI,CAACxB,MAAM,CAACC,IAAI,CAAC,8BAA8B,CAAC;IAEhD,OAAO,IAAI,CAACI,KAAK,CACdC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdC,GAAG,EAAE,IAAI,CAAC7B,MAAM,CAAC2D,SAAS;MAC1B3B,IAAI,EAAE;QACJE,KAAK,EAAE,IAAI,CAACrC,YAAY;QACxB+D,eAAe,EAAE;MACnB,CAAC;MACDb,IAAI,EAAE;QACJC,IAAI,EAAE,IAAI,CAAChD,MAAM,CAACC,SAAS;QAC3BgD,IAAI,EAAE,IAAI,CAACjD,MAAM,CAACM,aAAa;QAC/B4C,eAAe,EAAE;MACnB,CAAC;MACDC,wBAAwB,EAAE;IAC5B,CAAC,CAAC,CACDf,IAAI,CAAC,YAAM;MACV,MAAI,CAACqB,KAAK,CAAC,CAAC,cAAc,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;MACnE,MAAI,CAACpC,MAAM,CAACC,IAAI,CAAC,6BAA6B,CAAC;IACjD,CAAC,CAAC,CACDoC,KAAK,CAACnF,iBAAiB,CAAC;EAC7B,CAAC;EAEDsF,GAAG,iBAAU;IACX;IACA,4BAAuB,IAAI,CAACC,oBAAoB,OAAzB,IAAI,YAA8B;MAAA;MAApDvB,KAAK;MAAEC,OAAO;IAEnB,IAAI,CAACD,KAAK,CAAC7B,UAAU,IAAI6B,KAAK,CAAC1C,YAAY,IAAI0C,KAAK,CAAC1C,YAAY,CAACkE,QAAQ,CAAC,GAAG,CAAC,EAAE;MAC/E,4BAAmCxB,KAAK,CAAC1C,YAAY,CAACmE,KAAK,CAAC,GAAG,CAAC;QAAA;QAAzDtD,UAAU;QAAEb,YAAY;MAE/B0C,KAAK,mCAAOA,KAAK;QAAE1C,YAAY,EAAZA,YAAY;QAAEa,UAAU,EAAVA;MAAU,EAAC;IAC9C;IACA,IAAMuD,GAAG,GAAG,mBAAU;IAEtB,IAAI,CAAC1B,KAAK,CAAChC,OAAO,IAAIgC,KAAK,CAAC1B,UAAU,EAAE;MACtC0B,KAAK,CAAChC,OAAO,GAAG0D,GAAG,GAAG1B,KAAK,CAAC1B,UAAU,GAAG,IAAI;IAC/C;IAEA,IAAI,CAAC0B,KAAK,CAACzB,qBAAqB,IAAIyB,KAAK,CAACxB,wBAAwB,EAAE;MAClEwB,KAAK,CAACzB,qBAAqB,GAAGmD,GAAG,GAAG1B,KAAK,CAACxB,wBAAwB,GAAG,IAAI;IAC3E;IAEA,IAAIwB,KAAK,CAAC/C,KAAK,EAAE;MACf+C,KAAK,CAAC/C,KAAK,GAAG,IAAAiC,gBAAS,EAACc,KAAK,CAAC/C,KAAK,CAAC;IACtC;IAEA,OAAO,oBAAcJ,oBAAW,CAACqD,SAAS,CAACoB,GAAG,EAAE,IAAI,EAAE,CAACtB,KAAK,EAAEC,OAAO,CAAC,CAAC;EACzE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACE0B,QAAQ,sBAAG;IACT,IAAI,CAAC,IAAI,CAACzD,OAAO,EAAE;MACjB,MAAM,IAAIc,KAAK,CAAC,wBAAwB,CAAC;IAC3C;IAEA,OAAO,IAAI,CAACd,OAAO;EACrB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE0D,QAAQ,sBAAG;IAAA;IACT,IAAId,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;MACzC,MAAM,IAAIhC,KAAK,CAAC,iDAAiD,CAAC;IACpE;IAEA,OAAO,IAAI,CAACG,KAAK,CACdC,OAAO,CAAC;MACPC,MAAM,EAAE,MAAM;MACdwC,OAAO,EAAE,cAAc;MACvBC,QAAQ,EAAE,yBAAyB;MACnCvF,IAAI,EAAE;QACJoD,KAAK,EAAE,IAAI,CAACrC;MACd;IACF,CAAC,CAAC,CACD6D,KAAK,CAAC,UAACY,MAAM,EAAK;MACjB,IAAI,YAAY,IAAIA,MAAM,EAAE;QAC1B,OAAO,iBAAQ5F,MAAM,CAAC4F,MAAM,CAAC;MAC/B;MACA,MAAI,CAACjD,MAAM,CAACC,IAAI,CAAC,qEAAqE,CAAC;;MAEvF;MACA;MACA;MACA,IAAMiD,OAAO,GACXlB,OAAO,CAACC,GAAG,CAACkB,oBAAoB,IAChCnB,OAAO,CAACC,GAAG,CAACmB,wBAAwB,IACpC,6CAA6C;MAE/C,OAAO,MAAI,CAAC/C,KAAK,CAACC,OAAO,CAAC;QACxBC,MAAM,EAAE,MAAM;QACdC,GAAG,YAAK0C,OAAO,6BAA0B;QACzCzF,IAAI,EAAE;UACJoD,KAAK,EAAE,MAAI,CAACrC;QACd,CAAC;QACD6E,OAAO,EAAE;UACPC,aAAa,mBAAY,MAAI,CAAC9E,YAAY;QAC5C;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,CACDuC,IAAI,CAAC,UAAC5D,GAAG;MAAA,OAAKA,GAAG,CAACM,IAAI;IAAA,EAAC;EAC5B,CAAC;EAAA;AACH,CAAC,kMArOEQ,iBAAS,4HAmFTA,iBAAS,0EAkJV;AAAC,eAEYH,KAAK;AAAA"}