@wral/studio.mods.auth 0.3.7 → 1.0.0

package/src/auth.test.mjs

@@ -0,0 +1,97 @@
+import {
+	makeAuth,
+	tokenRequestHandler,
+} from './auth.mjs';
+import { JSDOM } from 'jsdom';
+import { jest } from '@jest/globals';
+
+function mockToolkit() {
+	const dom = new JSDOM(`<!DOCTYPE html><body><studio-app>
+		<studio-mod id="mod-auth"></studio-mod>
+	</studio-app></body>`);
+	return {
+		element: dom.window.document.querySelector('studio-app'),
+		mod: {
+			element: dom.window.document.querySelector('#mod-auth'),
+		},
+		dispatchAction: jest.fn(),
+	};
+}
+
+describe('auth mod', () => {
+
+	describe('makeAuth', () => {
+
+		test('should return an object with method-like properties', () => {
+			const mod = makeAuth({
+				toolkit: mockToolkit(),
+			});
+			expect(mod).toHaveProperty('mount');
+			expect(mod).toHaveProperty('handleTokenRequest');
+			expect(mod).toHaveProperty('handleDestroyAuth');
+			expect(mod).toHaveProperty('presentLoginForm');
+			expect(mod).toHaveProperty('getToken');
+			expect(mod).toHaveProperty('saveToken');
+			expect(mod).toHaveProperty('getFreshToken');
+			expect(mod).toHaveProperty('requestRender');
+		});
+
+	});
+
+	describe('mount', () => {
+		test('registers action handlers and layout', () => {
+			const mod = makeAuth({
+				toolkit: mockToolkit(),
+			});
+			mod.mount();
+			expect(mod.config.toolkit.dispatchAction).toHaveBeenCalledWith({
+				type: 'action:register',
+				detail: {
+					actionType: 'auth:requestToken',
+					handler: expect.any(Function),
+					modName: 'auth',
+				},
+			});
+			expect(mod.config.toolkit.dispatchAction).toHaveBeenCalledWith({
+				type: 'action:register',
+				detail: {
+					actionType: 'auth:destroy',
+					handler: expect.any(Function),
+					modName: 'auth',
+				},
+			});
+			expect(mod.config.toolkit.dispatchAction).toHaveBeenCalledWith({
+				type: 'layout:register',
+				detail: {
+					name: 'auth:login',
+					slots: ['main'],
+					templateFn: expect.any(Function),
+				},
+			});
+		});
+	});
+
+	describe('tokenRequestHandler', () => {
+		test('returns a handler that resolves to a fresh token', async () => {
+			const handler = tokenRequestHandler({
+				getFreshToken: jest.fn(async () => 'token'),
+			});
+			const callback = jest.fn();
+			await handler({ callback });
+			expect(callback).toHaveBeenCalledWith('token');
+		});
+		test('presents login form if getFreshToken fails', async () => {
+			const presentLoginForm = jest.fn();
+			const handler = tokenRequestHandler({
+				log: jest.fn(),
+				getFreshToken: jest.fn().mockRejectedValue(new Error('fail')),
+				presentLoginForm,
+			});
+			const callback = jest.fn();
+			await handler({ callback });
+			expect(callback).not.toHaveBeenCalled();
+			expect(presentLoginForm).toHaveBeenCalled();
+		});
+	});
+
+});

package/src/components/auth-app.mjs

@@ -0,0 +1,26 @@
+import { LitElement } from 'lit';
+import { renderRoute } from '../routes/index.mjs';
+import appStyles from '../styles.mjs';
+
+class AuthApp extends LitElement {
+	static get styles() {
+		return [appStyles];
+	}
+	static get properties() {
+		return {
+			state: { type: Object },
+			auth: { type: Object },
+		};
+	}
+
+	render() {
+		const { state, auth } = this;
+		return renderRoute(state, auth);
+	}
+}
+
+export default AuthApp;
+
+if (!customElements.get('auth-app')) {
+	customElements.define('auth-app', AuthApp);
+}

package/src/components/forgot-password-form.mjs

@@ -0,0 +1,217 @@
+import { html, css, LitElement } from 'lit';
+import login from '../login.mjs';
+import { createClient } from '@wral/sdk-auth';
+
+const stages = Object.freeze({
+	REQUEST: 'request',
+	CONFIRM: 'confirm',
+	FINISHED: 'finished',
+});
+
+export class ForgotPasswordForm extends LitElement {
+
+	static get properties() {
+		return {
+			api: { type: String, attribute: 'api' },
+			confirmation: { type: 'String', attribute: 'confirmation' },
+		};
+	}
+
+	static get styles() {
+		return css`
+			:host {
+				display: block;
+				font-family: Arial, sans-serif;
+			}
+			form input[type="text"],
+			form input[type="password"] {
+				width: 100%;
+				margin: 5px 0 15px 0;
+				padding: var(--spacing-sm, 0.5rem) var(--spacing-md, 1rem);
+				box-sizing: border-box;
+				border: 1px solid var(--color-gray-300, #ccc);
+				border-radius: var(--radius-sm, 5px);
+				color: var(--color-gray-9, #333);
+				background-color: var(--color-gray-0, transparent);
+			}
+			form input[type="submit"] {
+				background-color:var(--color-primary, inherit);
+				color: var(--color-gray-0, #fff);
+				border: none;
+				padding: var(--spacing-sm, 0.5rem) var(--spacing-md, 1rem);
+				border-radius: var(--radius-dynamic, 5px);
+				width: 200px;
+				display: block;
+				margin: var(--spacing-md, 1rem) auto;
+				cursor: pointer;
+			}
+			form label {
+				font-size: 14px;
+				color: var(--color-gray-9, #333);
+				font-weight: bold;
+				margin-bottom: var(--spacing-sm, 0.5rem);
+			}
+			.error {
+				color: var(--color-danger, red);
+				font-size: 12px;
+			}
+		`;
+	}
+
+	constructor() {
+		super();
+		this.errors = {};
+		this.stage = stages.REQUEST;
+	}
+
+	connectedCallback() {
+		console.log('[auth]','[forgot-password]', { confirmation: this.confirmation });
+		super.connectedCallback();
+		// If there is a confirmation, update stage
+		if (this.confirmation && this.stage !== stages.FINISHED) {
+			this.stage = stages.CONFIRM;
+		}
+		this.requestUpdate();
+	}
+
+	handleSubmitRequest(e) {
+		e.preventDefault();
+		// Check for submission errors (none since username is required)
+		const username = e.target.username.value;
+		this.username = username;
+
+		// Send API Request
+		const authClient = createClient({
+			baseUrl: this.api,
+		});
+		authClient.triggerResetPassword({ username }).then(() => {
+			// Update stage
+			console.log('[auth]', 'triggered reset password for ', username);
+			this.stage = stages.CONFIRM;
+		}).catch((error) => {
+			console.error('[auth] error triggering reset password', error);
+			this.errors['general'] = error.message ||
+			'Unable to send password reset request. Please try again later.';
+		}).finally(() => {
+			this.requestUpdate();
+		});
+		
+	}
+
+	handleSubmitConfirm(e) {
+		e.preventDefault();
+
+		// Check for submission errors (passwords match)
+		const password = e.target.password.value;
+		const confirmPassword = e.target['confirm-password'].value;
+		if (password !== confirmPassword) {
+			this.errors['confirm-password'] = 'Passwords do not match.';
+			this.requestUpdate();
+			return;
+		}
+		const confirmationCode = this.confirmation || e.target['confirmation'].value;
+		if (!confirmationCode) {
+			this.errors['general'] = 'Confirmation code is required.';
+			this.requestUpdate();
+			return;
+		}
+
+		// Send API request
+		const authClient = createClient({
+			baseUrl: this.api,
+		});
+		authClient.confirmResetPassword({
+			username: this.username,
+			newPassword: password,
+			confirmationCode,
+		}).then(() => {
+			// Login and emit a login event
+			// TODO: DRY this login event
+			return login(this, { username: this.username, password }).then(({token}) => {
+				// emit a success event
+				this.dispatchEvent(new CustomEvent('login-success', {
+					detail: { token },
+					composed: true,
+					bubbles: true,
+				}));
+			});
+		}).catch((error) => {
+			console.error('[auth][forgot-password-form]',error);
+			this.errors['general'] = 'Unable to reset password. Please try again later.';
+		}).finally(() => {
+			this.requestUpdate();
+		});
+	}
+
+	render() {
+		switch (this.stage) {
+		case stages.CONFIRM:
+			return this.renderConfirmForm();
+		case stages.FINISHED:
+			return html`<p>Your password has been reset.</p>`;
+		case stages.REQUEST_SENT:
+			return html`<p>A email has been sent with instructions to finish
+				resetting your password.</p>`;
+		case stages.REQUEST:
+		default:
+			return this.renderRequestForm();
+		}
+	}
+
+	renderRequestForm() {
+		return html`<form @submit=${this.handleSubmitRequest}>
+			<label for="username">Username/Email</label>
+			<input
+				type="text"
+				name="username"
+				placeholder="Email or Username"
+				required
+			/>
+			<p class="error">${this.errors['general']}</p>
+			<input type="submit" value="Request password reset" />
+		</form>`;
+	}
+
+	renderConfirmForm() {
+		return html`<form @submit=${this.handleSubmitConfirm}>
+			<p>You should have received a confirmation code to reset your password</p>
+
+			${this.confirmation ? ''
+		: html`<label for="confirmation">Confirmation Code</label>
+			<input
+				type="text"
+				name="confirmation"
+				placeholder="Confirmation Code"
+				required
+			/>`}
+
+			<label for="password">New Password</label>
+			<input
+				type="password"
+				name="password"
+				placeholder="Password"
+				required
+			/>
+			${this.errors['password']
+		? html`<p class="error">${this.errors['password']}</p>`
+		: ''}
+			
+			<label for="confirm-password">Confirm Password</label>
+			<input
+				type="password"
+				name="confirm-password"
+				placeholder="Confirm Password"
+				required
+			/>
+			${this.errors['confirm-password']
+		? html`<p class="error">${this.errors['confirm-password']}</p>`
+		: ''}
+
+			${this.errors['general']
+		? html`<p class="error">${this.errors['general']}</p>`
+		: ''}
+			<input type="submit" value="Reset Password" />
+		</form>`;
+	}
+
+}

package/src/components/login-form.mjs

@@ -0,0 +1,288 @@
+/**
+ * This login form is not part of any application route, because it represents
+ * the public facing unauthenticated side of the application.
+ *
+ * Anything regarding login that is handled by an unauthenticated user should
+ * be handled through here.
+ *
+ * Other routes assume the user is authenticated.
+ */
+import { LitElement, html, css } from 'lit';
+import login from '../login.mjs';
+import { ForgotPasswordForm } from './forgot-password-form.mjs';
+import { createClient } from '@wral/sdk-auth';
+
+
+class LoginForm extends LitElement {
+
+	static get properties() {
+		return {
+			api: { type: String, attribute: 'api' },
+		};
+	}
+
+	static get styles() {
+		return css`
+			:host {
+				display: block;
+				font-family: Arial, sans-serif;
+			}
+			.login-form {
+				background-color: var(--color-gray-0, #fff);
+				padding: var(--spacing-xl, 3rem);
+				border-radius: var(--radius-md, 5px);
+				box-shadow: var(--drop-shadow-md, none);
+			}
+			form input[type="text"],
+			form input[type="password"] {
+				width: 100%;
+				margin: 5px 0 15px 0;
+				padding: var(--spacing-sm, 0.5rem) var(--spacing-md, 1rem);
+				box-sizing: border-box;
+				border: 1px solid var(--color-gray-300, #ccc);
+				border-radius: var(--radius-sm, 5px);
+				color: var(--color-gray-9, #333);
+				background-color: var(--color-gray-0, transparent);
+			}
+			form input[type="submit"] {
+				background-color: var(--color-primary, inherit);
+				color: var(--color-gray-0, #fff);
+				border: none;
+				padding: var(--spacing-sm, 0.5rem) var(--spacing-md, 1rem);
+				border-radius: var(--radius-dynamic, 5px);
+				width: 200px;
+				display: block;
+				margin: var(--spacing-md, 1rem) auto;
+				cursor: pointer;
+			}
+			form label {
+				font-size: 14px;
+				color: var(--color-gray-9, #333);
+				font-weight: bold;
+				margin-bottom: var(--spacing-sm, 0.5rem);
+			}
+			a.forgot {
+				color: var(--color-primary, inherit);
+				text-decoration: none;
+				font-size: 12px;
+				font-weight: bold;
+			}
+			.error {
+				color: var(--color-error, red);
+				font-size: 12px;
+				margin-top: var(--spacing-sm, 0.5rem);
+			}
+			.header {
+				display: flex;
+				flex-direction: column;
+				align-items: center;
+			}
+			.header .intro {
+				width: 200px;
+				margin-bottom: 0;
+				color: var(--color-gray-3);
+			}
+			.header .brand {
+				font-size: 32px;
+				min-width: 200px;
+				margin-bottom: var(--spacing-lg, 2rem);
+			}
+			.header .brand em {
+				text-transform: uppercase;
+				font-weight: bold;
+				font-style: normal;
+			}
+		`;
+	}
+
+	static get states() {
+		return {
+			DEFAULT: 'DEFAULT',
+			FORGOT: 'FORGOT',
+			CHALLENGE_CHANGE_PW: 'CHALLENGE_CHANGE_PW',
+		};
+	}
+
+	constructor() {
+		super();
+		this.formState = LoginForm.states.DEFAULT;
+		this.username = '';
+		this.password = '';
+		this.token = undefined;
+		this.errors = [];
+	}
+
+	onSubmit(e) {
+		e.preventDefault();
+		const formElem = e.explicitOriginalTarget.parentElement;
+		console.log(formElem);
+		const formData = new FormData(formElem).entries().reduce((acc, [key, value]) => {
+			acc[key] = value;
+			return acc;
+		}, {});
+
+		login(this, formData).then(({token, challenge}) => {
+			if (challenge && challenge.name === 'NEW_PASSWORD_REQUIRED') {
+
+				// store these to use in later forms
+				this.token = token;
+				this.username = formData['username'];
+				this.password = formData['password'];
+
+				this.setState(LoginForm.states.CHALLENGE_CHANGE_PW);
+				// don't dispatch a success event with the token
+				// The user should change their password first
+				return;
+			}
+				
+			// emit a success event
+			this.dispatchEvent(new CustomEvent('login-success', {
+				detail: { token },
+			}));
+		}).catch((error) => {
+			console.log(error);
+			this.errors = [error.message];
+			this.requestUpdate();
+		});
+	}
+
+	onSubmitChangePasswordChallenge(e) {
+		e.preventDefault();
+		const formElem = e.explicitOriginalTarget;
+		const formData = new FormData(formElem).entries().reduce((acc, [key, value]) => {
+			acc[key] = value;
+			return acc;
+		}, {});
+
+		// validate password
+		const password = formData['password'];
+		const confirmPassword = formData['confirm-password'];
+		if (password !== confirmPassword) {
+			this.errors = ['Passwords do not match.'];
+			this.requestUpdate();
+			return;
+		}
+
+		const authClient = createClient({
+			baseUrl: this.api,
+		});
+		authClient.updatePassword({
+			token: this.token,
+			currentPassword: this.password,
+			newPassword: password,
+		}).then(() => {
+			// emit a success event
+			this.dispatchEvent(new CustomEvent('login-success', {
+				detail: { token: this.token },
+			}));
+		}).catch((error) => {
+			console.log(error);
+			this.errors = [error.message];
+			this.requestUpdate();
+		});
+	}
+
+	setState(newState) {
+		if (newState !== this.formState) {
+			this.formState = newState;
+			this.errors = [];
+			this.requestUpdate();
+		}
+	}
+
+	render() {
+		return html`<div class="login-form">
+			${this.renderHeader()}
+		${this.formState === LoginForm.states.FORGOT
+		 ? this.renderForgotPasswordForm() : ''}
+		${this.formState === LoginForm.states.CHALLENGE_CHANGE_PW
+		 ? this.renderChangePasswordForm() : ''}
+		${this.formState === LoginForm.states.DEFAULT
+		 ? this.renderLoginForm() : ''}
+		</div>`;
+	}
+
+	/**
+	 * TODO: accept the header as a slot
+	 */
+	renderHeader() {
+		return html`<div class="header">
+			<div class="intro">
+				Welcome to
+			</div>
+			<div class="brand">
+				<em>WRAL</em>.studio
+			</div>
+		</div>`;
+	}
+
+	renderLoginForm() {
+		return html`
+		<form>
+					<label for="username">User</label>
+					<input
+						type="text"
+						name="username"
+						placeholder="Email or Username"
+						required
+					/>
+
+					<label for="password">Password</label>
+					<input
+						type="password"
+						name="password"
+						placeholder="Password"
+						required
+					/>
+					<div>
+						<a href="#" class="forgot"
+							@click=${() => {this.setState(LoginForm.states.FORGOT);}}
+						>Forgot password</a>
+					</div>
+
+					${this.errors
+		? this.errors.map(error => html`<p class="error">${error}</p>`)
+		: ''}
+					<input type="submit" value="Log in" @click=${this.onSubmit} />
+
+				</form>`;
+	}
+
+	renderForgotPasswordForm() {
+		return html`
+			<auth-forgot-password-form
+				api=${this.api}>
+			</auth-forgot-password-form>
+		`;
+	}
+
+	renderChangePasswordForm() {
+		return html`
+			<p>You have logged in successfully, but you must change your password.</p>
+			<form @submit=${this.onSubmitChangePasswordChallenge}>
+				<input type="hidden" name="username" value="${this.username}" />
+				<label for="password">New Password</label>
+				<input
+					type="password"
+					name="password"
+					placeholder="Password"
+					required
+				/>
+				<label for="confirm-password">Confirm Password</label>
+				<input
+					type="password"
+					name="confirm-password"
+					placeholder="Confirm Password"
+					required
+				/>
+				${this.errors
+		? this.errors.map(error => html`<p class="error">${error}</p>`) 
+		: ''}
+				<input type="submit" value="Change Password" />
+			</form>
+		`;
+	}
+}
+
+customElements.define('auth-login-form', LoginForm);
+customElements.define('auth-forgot-password-form', ForgotPasswordForm);

package/src/config.mjs

@@ -0,0 +1,27 @@
+/**
+ * Gets configuration for the Auth Mod from the attributes
+ * of the mod element (in DOM).
+ * @param {VellumToolkit} toolkit
+ * @returns {Object}
+ */
+export function getConfig(toolkit, mod) {
+	const modElement = mod.element;
+	const attrs = modElement.attributes;
+	console.log(attrs);
+	return {
+		api: attrs.api.value || requiredConfig('auth:api is required'),
+		forceLogin: attrs['force-login'] !== undefined, // TODO: handle false
+		storageKey: attrs['storage-key']?.value,
+		mount: attrs['path']?.value || '/auth',
+		toolkit,
+	};
+}
+
+/**
+ * Helper for required config elements
+ * This defines what to do when a required config is missing
+ * @param {string} message
+ */
+function requiredConfig(message) {
+	throw new Error(message);
+}

package/src/helper.mjs

@@ -0,0 +1,31 @@
+/**
+ * This is a helper for consumers of the Auth mod to get
+ * an API token.
+ * @example <code>
+ * async () => {
+ * 	 const myElem = document.querySelector('my-element');
+ *   const token = await getToken(myElem);
+ *	 someApiCall({ token, ... });
+ * }
+ * </code>
+ * @param {Element} eventTarget - a DOM element that will trigger the event
+ * @returns {Promise} - a promise that resolves with the token
+ */
+export function getToken(eventTarget) {
+	return new Promise((resolve, reject) => {
+		if (!eventTarget || !eventTarget.dispatchEvent) {
+			reject(new Error('getToken must be called with a DOM element'));
+		}
+		eventTarget.dispatchEvent(new CustomEvent('harness:action', {
+			detail: {
+				type: 'auth:requestToken',
+				detail: {
+					callback: resolve,
+				},
+			},
+			bubbles: true,
+			composed: true,
+			cancelable: true,
+		}));
+	});
+}