ag-awsauth 0.0.247 → 0.0.249

package/dist/helpers/awsconfig.js

@@ -14,14 +14,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.updateAwsCredentials = exports.getAwsCredentials = void 0;
 const shared_ini_file_loader_1 = require("@aws-sdk/shared-ini-file-loader");
-//@ts-ignore
-const getCredentialsFilepath_1 = require("@aws-sdk/shared-ini-file-loader/dist-cjs/getCredentialsFilepath");
 const log_1 = require("ag-common/dist/common/helpers/log");
 const fs_1 = __importDefault(require("fs"));
 const ini_1 = require("ini");
+const getCredentialsFilepath_1 = require("./getCredentialsFilepath");
 const getAwsCredentials = () => __awaiter(void 0, void 0, void 0, function* () {
     const config = yield (0, shared_ini_file_loader_1.loadSharedConfigFiles)();
     const creds = config.credentialsFile;
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
     if (!creds.default) {
         creds.default = {};
     }

package/dist/helpers/browser.js

@@ -33,7 +33,7 @@ exports.closeBrowser = closeBrowser;
 const launchBrowser = () => __awaiter(void 0, void 0, void 0, function* () {
     const opt = {
         defaultViewport: { height: 1000, width: 500 },
-        headless: (__1.globalargs === null || __1.globalargs === void 0 ? void 0 : __1.globalargs.verbose) ? false : 'new',
+        headless: (__1.globalargs === null || __1.globalargs === void 0 ? void 0 : __1.globalargs.verbose) ? false : true,
         ignoreHTTPSErrors: true,
         devtools: false,
     };
@@ -75,8 +75,8 @@ const goToPage = (url) => __awaiter(void 0, void 0, void 0, function* () {
 });
 exports.goToPage = goToPage;
 function getMFA(p) {
-    var _a;
     return __awaiter(this, void 0, void 0, function* () {
+        var _a;
         //go to browser site for auth
         (0, log_1.info)('start mfa');
         const page = yield (0, exports.goToPage)(p.verificationUriComplete);
@@ -157,31 +157,38 @@ function getMFA(p) {
                     retry = false;
                 }
             }
+            try {
+                (0, log_1.info)('wait for access prompt');
+                const messageDiv = yield page.waitForSelector('[data-testid="allow-access-button"]', {
+                    timeout: config_1.timeoutShortMs,
+                });
+                if (messageDiv) {
+                    (0, log_1.info)('click access prompt');
+                    yield messageDiv.click();
+                }
+                else {
+                    throw new Error('access prompt not found');
+                }
+            }
+            catch (e) {
+                const em = e.toString();
+                if (!em.includes('exceeded')) {
+                    const em2 = `mfa error:` + em + ' retry';
+                    (0, log_1.error)(em2);
+                }
+                else {
+                    retry = false;
+                }
+            }
         } while (retry);
         //
-        yield (0, sleep_1.sleep)(config_1.timeoutShortMs);
-        yield page.waitForNetworkIdle({ idleTime: 250 });
-        (0, log_1.info)('waiting for sign in button');
-        yield page.waitForSelector('#cli_login_button', {
-            timeout: config_1.timeoutShortMs,
-        });
-        (0, log_1.info)('pressing sign in');
-        yield page.$eval('#cli_login_button', (el) => el.click());
-        (0, log_1.info)('waiting for completion');
-        yield (0, sleep_1.sleep)(250);
-        try {
-            yield page.waitForNetworkIdle({ idleTime: 250, timeout: config_1.timeoutShortMs });
-        }
-        catch (e) {
-            //
-        }
         (0, log_1.info)('waiting for success');
         yield page.waitForSelector('[data-analytics-alert="success"]', {
             timeout: config_1.timeoutMs,
         });
         (0, log_1.warn)('mfa success');
-        const cookies = yield (page === null || page === void 0 ? void 0 : page.cookies());
-        const ssoAuthn = (_a = cookies === null || cookies === void 0 ? void 0 : cookies.find((c) => c.name === 'x-amz-sso_authn')) === null || _a === void 0 ? void 0 : _a.value;
+        const cookies = yield page.cookies();
+        const ssoAuthn = (_a = cookies.find((c) => c.name === 'x-amz-sso_authn')) === null || _a === void 0 ? void 0 : _a.value;
         if (!ssoAuthn) {
             throw new Error('no aws authn');
         }

package/dist/helpers/getCredentialsFilepath.d.ts

@@ -0,0 +1,3 @@
+export declare const getHomeDir: () => string;
+export declare const ENV_CREDENTIALS_PATH = "AWS_SHARED_CREDENTIALS_FILE";
+export declare const getCredentialsFilepath: () => string;

package/dist/helpers/getCredentialsFilepath.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCredentialsFilepath = exports.ENV_CREDENTIALS_PATH = exports.getHomeDir = void 0;
+const os_1 = require("os");
+const path_1 = require("path");
+const homeDirCache = {};
+const getHomeDirCacheKey = () => {
+    // geteuid is only available on POSIX platforms (i.e. not Windows or Android).
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
+    if (process && process.geteuid) {
+        return `${process.geteuid()}`;
+    }
+    return 'DEFAULT';
+};
+const getHomeDir = () => {
+    const { HOME, USERPROFILE, HOMEPATH, HOMEDRIVE = `C:${path_1.sep}` } = process.env;
+    if (HOME)
+        return HOME;
+    if (USERPROFILE)
+        return USERPROFILE;
+    if (HOMEPATH)
+        return `${HOMEDRIVE}${HOMEPATH}`;
+    const homeDirCacheKey = getHomeDirCacheKey();
+    if (!homeDirCache[homeDirCacheKey])
+        homeDirCache[homeDirCacheKey] = (0, os_1.homedir)();
+    return homeDirCache[homeDirCacheKey];
+};
+exports.getHomeDir = getHomeDir;
+exports.ENV_CREDENTIALS_PATH = 'AWS_SHARED_CREDENTIALS_FILE';
+const getCredentialsFilepath = () => process.env[exports.ENV_CREDENTIALS_PATH] ||
+    (0, path_1.join)((0, exports.getHomeDir)(), '.aws', 'credentials');
+exports.getCredentialsFilepath = getCredentialsFilepath;

package/dist/helpers/sso.js

@@ -21,7 +21,7 @@ const config_1 = require("../config");
 const awsconfig_1 = require("./awsconfig");
 const sts_1 = require("./sts");
 const getAssumedRole = (p) => __awaiter(void 0, void 0, void 0, function* () {
-    var _a, _b, _c, _d, _e;
+    var _a, _b, _c, _d;
     const sso = new client_sso_1.SSOClient({ region: config_1.identityCenterRegion });
     let accountId = p.accountId;
     if (!accountId) {
@@ -35,10 +35,10 @@ const getAssumedRole = (p) => __awaiter(void 0, void 0, void 0, function* () {
         accessToken: p.accessToken,
         accountId,
     }));
-    const roles = (_e = (_d = (_c = rolesResult.roleList) === null || _c === void 0 ? void 0 : _c.map((r) => ({
+    const roles = (_d = (_c = rolesResult.roleList) === null || _c === void 0 ? void 0 : _c.map((r) => ({
         accountId: r.accountId || '',
         roleName: r.roleName || '',
-    }))) === null || _d === void 0 ? void 0 : _d.filter((r) => r.accountId && r.roleName)) !== null && _e !== void 0 ? _e : [];
+    })).filter((r) => r.accountId && r.roleName)) !== null && _d !== void 0 ? _d : [];
     if (roles.length === 0) {
         throw new Error('no roles can be assumed');
     }
@@ -55,9 +55,9 @@ const getOIDCCredentialsFromAccessToken = (p) => __awaiter(void 0, void 0, void
     const ssoResp = yield sso.send(new client_sso_1.GetRoleCredentialsCommand(Object.assign(Object.assign({}, role), { accessToken: p.accessToken })));
     const rc = ssoResp.roleCredentials;
     if (!(rc === null || rc === void 0 ? void 0 : rc.accessKeyId) ||
-        !(rc === null || rc === void 0 ? void 0 : rc.expiration) ||
-        !(rc === null || rc === void 0 ? void 0 : rc.secretAccessKey) ||
-        !(rc === null || rc === void 0 ? void 0 : rc.sessionToken)) {
+        !rc.expiration ||
+        !rc.secretAccessKey ||
+        !rc.sessionToken) {
         throw new Error('role creds undefined:' + JSON.stringify(rc, null, 2));
     }
     return Object.assign(Object.assign({}, p), { accessKeyId: rc.accessKeyId, secretAccessKey: rc.secretAccessKey, sessionToken: rc.sessionToken, region: config_1.identityCenterRegion });
@@ -66,7 +66,8 @@ exports.getOIDCCredentialsFromAccessToken = getOIDCCredentialsFromAccessToken;
 function appInstances(p) {
     return __awaiter(this, void 0, void 0, function* () {
         const ai = (yield (yield (0, node_fetch_1.default)(`https://portal.sso.${config_1.identityCenterRegion}.amazonaws.com/instance/appinstances`, { headers: { 'x-amz-sso_bearer_token': p.ssoAuthn } })).json());
-        if (!(ai === null || ai === void 0 ? void 0 : ai.result)) {
+        // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
+        if (!ai.result) {
             throw new Error('appinstance error' + JSON.stringify(ai, null, 2));
         }
         return ai.result.sort((a, b) => (a.name < b.name ? -1 : 1));
@@ -74,10 +75,10 @@ function appInstances(p) {
 }
 exports.appInstances = appInstances;
 function getSamlAssertion(p, instance) {
-    var _a, _b;
     return __awaiter(this, void 0, void 0, function* () {
+        var _a;
         const det = (yield (yield (0, node_fetch_1.default)(`https://portal.sso.${config_1.identityCenterRegion}.amazonaws.com/instance/appinstance/${instance.id}/profiles`, { headers: { 'x-amz-sso_bearer_token': p.ssoAuthn } })).json());
-        const asserturl = (_b = (_a = det === null || det === void 0 ? void 0 : det.result) === null || _a === void 0 ? void 0 : _a[0]) === null || _b === void 0 ? void 0 : _b.url;
+        const asserturl = (_a = det.result[0]) === null || _a === void 0 ? void 0 : _a.url;
         if (!asserturl) {
             throw new Error('assertion url cant be found');
         }
@@ -95,7 +96,7 @@ function getSamlAssertion(p, instance) {
 }
 exports.getSamlAssertion = getSamlAssertion;
 const tryExistingCredentials = () => __awaiter(void 0, void 0, void 0, function* () {
-    var _f;
+    var _e;
     const credraw = yield (0, awsconfig_1.getAwsCredentials)();
     if (!credraw.default.aws_access_token) {
         return undefined;
@@ -124,7 +125,8 @@ const tryExistingCredentials = () => __awaiter(void 0, void 0, void 0, function*
         catch (e) {
             //
             const em = e.toString();
-            if ((_f = em.includes('is expired')) !== null && _f !== void 0 ? _f : em.includes('or invalid')) {
+            // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
+            if ((_e = em.includes('is expired')) !== null && _e !== void 0 ? _e : em.includes('or invalid')) {
                 (0, log_1.info)('access token or sso expired, need to wipe');
             }
             else {

package/dist/helpers/sts.js

@@ -15,8 +15,8 @@ const log_1 = require("ag-common/dist/common/helpers/log");
 const config_1 = require("../config");
 const sso_1 = require("./sso");
 function validateCredentials(credentials) {
-    var _a, _b;
     return __awaiter(this, void 0, void 0, function* () {
+        var _a;
         const sts = new client_sts_1.STS({
             credentials,
             region: credentials.region,
@@ -24,7 +24,7 @@ function validateCredentials(credentials) {
         try {
             const stub = yield sts.getCallerIdentity({});
             yield (0, sso_1.appInstances)(credentials);
-            if (((_b = (_a = stub === null || stub === void 0 ? void 0 : stub.$metadata) === null || _a === void 0 ? void 0 : _a.httpStatusCode) !== null && _b !== void 0 ? _b : 500) < 400 &&
+            if (((_a = stub.$metadata.httpStatusCode) !== null && _a !== void 0 ? _a : 500) < 400 &&
                 stub.Account &&
                 stub.Arn) {
                 (0, log_1.info)(`test cached credentials OK`);
@@ -43,8 +43,8 @@ function validateCredentials(credentials) {
 }
 exports.validateCredentials = validateCredentials;
 function getApplicationCreds(p) {
-    var _a, _b, _c, _d;
     return __awaiter(this, void 0, void 0, function* () {
+        var _a, _b;
         const sts = new client_sts_1.STS({
             credentials: p.originCreds,
             region: p.targetRegion,
@@ -59,9 +59,9 @@ function getApplicationCreds(p) {
             (0, log_1.error)('bad assume saml role', ret);
             throw new Error('bad assume saml role');
         }
-        if (!((_b = ret === null || ret === void 0 ? void 0 : ret.Credentials) === null || _b === void 0 ? void 0 : _b.AccessKeyId) ||
-            !((_c = ret === null || ret === void 0 ? void 0 : ret.Credentials) === null || _c === void 0 ? void 0 : _c.SecretAccessKey) ||
-            !((_d = ret === null || ret === void 0 ? void 0 : ret.Credentials) === null || _d === void 0 ? void 0 : _d.SessionToken)) {
+        if (!((_b = ret.Credentials) === null || _b === void 0 ? void 0 : _b.AccessKeyId) ||
+            !ret.Credentials.SecretAccessKey ||
+            !ret.Credentials.SessionToken) {
             throw new Error('no creds');
         }
         return Object.assign(Object.assign({}, p.originCreds), { region: p.targetRegion, accessKeyId: ret.Credentials.AccessKeyId, secretAccessKey: ret.Credentials.SecretAccessKey, sessionToken: ret.Credentials.SessionToken });
@@ -69,8 +69,8 @@ function getApplicationCreds(p) {
 }
 exports.getApplicationCreds = getApplicationCreds;
 function directStsAssume(p) {
-    var _a, _b, _c, _d;
     return __awaiter(this, void 0, void 0, function* () {
+        var _a, _b;
         const role = yield (0, sso_1.getAssumedRole)({
             accessToken: p.credentials.accessToken,
             accountId: p.metadata.AccountId,
@@ -87,9 +87,9 @@ function directStsAssume(p) {
         if (((_a = ar.$metadata.httpStatusCode) !== null && _a !== void 0 ? _a : 500) >= 400) {
             throw new Error('assume role error' + JSON.stringify(ar, null, 2));
         }
-        if (!((_b = ar === null || ar === void 0 ? void 0 : ar.Credentials) === null || _b === void 0 ? void 0 : _b.AccessKeyId) ||
-            !((_c = ar === null || ar === void 0 ? void 0 : ar.Credentials) === null || _c === void 0 ? void 0 : _c.SecretAccessKey) ||
-            !((_d = ar === null || ar === void 0 ? void 0 : ar.Credentials) === null || _d === void 0 ? void 0 : _d.SessionToken)) {
+        if (!((_b = ar.Credentials) === null || _b === void 0 ? void 0 : _b.AccessKeyId) ||
+            !ar.Credentials.SecretAccessKey ||
+            !ar.Credentials.SessionToken) {
             throw new Error('no creds');
         }
         return Object.assign(Object.assign({}, p.credentials), { region: p.targetRegion, accessKeyId: ar.Credentials.AccessKeyId, secretAccessKey: ar.Credentials.SecretAccessKey, sessionToken: ar.Credentials.SessionToken });

package/dist/helpers/version.js

@@ -38,7 +38,7 @@ const getUpstreamVersion = () => __awaiter(void 0, void 0, void 0, function* ()
     try {
         const r = yield (0, node_fetch_1.default)('https://api.github.com/repos/andreigec/ag-awsauth/tags', { headers: { Accept: 'application/json' } });
         const tags = (yield r.json());
-        return (_a = tags === null || tags === void 0 ? void 0 : tags[0]) === null || _a === void 0 ? void 0 : _a.name;
+        return (_a = tags[0]) === null || _a === void 0 ? void 0 : _a.name;
     }
     catch (e) {
         (0, log_1.warn)(`error getting upstream version:` + e.message);

package/dist/index.js

@@ -67,7 +67,7 @@ function main(args) {
             return;
         }
         let credentials = yield (0, sso_1.tryExistingCredentials)();
-        if (!(credentials === null || credentials === void 0 ? void 0 : credentials.accessToken) || !(credentials === null || credentials === void 0 ? void 0 : credentials.ssoAuthn)) {
+        if (!(credentials === null || credentials === void 0 ? void 0 : credentials.accessToken) || !credentials.ssoAuthn) {
             (0, log_1.info)('no creds, get access token through manual sign in');
             credentials = yield (0, oidc_1.requestMFA)({
                 identityCenterRegion: config_1.identityCenterRegion,

package/package.json

@@ -5,7 +5,7 @@
   "author": "andrei gec (andreigec@hotmail.com)",
   "license": "ISC",
   "private": false,
-  "version": "0.0.247",
+  "version": "0.0.249",
   "preferGlobal": true,
   "scripts": {
     "format": "eslint --ext .ts,.tsx src --fix",
@@ -25,25 +25,25 @@
     "LICENSE.md"
   ],
   "dependencies": {
-    "@aws-sdk/client-sso": "3.507.0",
-    "@aws-sdk/client-sso-oidc": "3.507.0",
-    "@aws-sdk/client-sts": "3.507.0",
-    "@aws-sdk/shared-ini-file-loader": "3.370.0",
-    "ag-common": "0.0.619",
+    "@aws-sdk/client-sso": "3.590.0",
+    "@aws-sdk/client-sso-oidc": "3.590.0",
+    "@aws-sdk/client-sts": "3.590.0",
+    "@aws-sdk/shared-ini-file-loader": "^3.374.0",
+    "ag-common": "0.0.711",
     "cli-select": "1.1.2",
-    "dotenv": "16.4.1",
+    "dotenv": "16.4.5",
     "envfile": "7.1.0",
-    "eslint-config-e7npm": "0.0.81",
-    "ini": "4.1.1",
+    "eslint-config-e7npm": "0.0.105",
+    "ini": "4.1.3",
     "node-fetch": "2.7.0",
-    "puppeteer": "21.11.0",
+    "puppeteer": "22.10.0",
     "readline-sync": "1.4.10",
-    "typescript": "5.3.3",
+    "typescript": "5.4.5",
     "yargs": "17.7.2"
   },
   "devDependencies": {
     "@types/ini": "4.1.0",
-    "@types/node": "20.11.16",
+    "@types/node": "20.14.1",
     "@types/node-fetch": "2.6.11",
     "@types/readline-sync": "1.4.8",
     "@types/yargs": "17.0.32"