fiftyone.pipeline.core 4.4.104 → 4.4.105

package/javascript-templates/JavaScriptResource.mustache

@@ -20,6 +20,9 @@ fiftyoneDegreesManager = function() {
     // Set to true when the JSON object is complete.
     var completed = false;
 
+    // Set to true when the `catchError` is called.
+    let failed = false;
+
     // changeFuncs is an array of functions. When onChange is called and passed
     // a function, the function is registered and is called when processing is
     // complete.
@@ -79,13 +82,13 @@ fiftyoneDegreesManager = function() {
     // and return the data as key value pairs. This method is needed to extract
     // stored values for inclusion in the GET or POST request for situations
     // where CORS will prevent them from being sent to third parties.
-    var getFodSavedValues = function(){
+    var getFodSavedValues = function() {
         let fodValues = {};
         {{#_enableCookies}}
         {
             let keyValuePairs = document.cookie.split(/; */);
             for(let nextPair of keyValuePairs) {
-                let firstEqualsLocation = nextPair.indexOf('=');
+                let firstEqualsLocation = nextPair.indexOf("=");
                 let name = nextPair.substring(0, firstEqualsLocation);
                 if(startsWith(name, "51D_")){
                     let value = nextPair.substring(firstEqualsLocation+1);
@@ -112,17 +115,17 @@ fiftyoneDegreesManager = function() {
 
     // Extract key value pairs from the '51D_' prefixed values and concatenates
     // them to form a query string for the subsequent json refresh.
-    var getParametersFromStorage = function(){
+    var getParametersFromStorage = function() {
         var fodValues = getFodSavedValues();
         var keyValuePairs = [];
         for (var key in fodValues) {
             if (fodValues.hasOwnProperty(key)) {
                 // Url encode the value.
-                // This is done to ensure that invalid characters (e.g. = chars at the end of 
+                // This is done to ensure that invalid characters (e.g. = chars at the end of
                 // base 64 encoded strings) reach the server intact.
-                // The server will automatically decode the value before passing it into the 
+                // The server will automatically decode the value before passing it into the
                 // Pipeline API.
-                keyValuePairs.push(key+"="+encodeURIComponent(fodValues[key]));
+                keyValuePairs.push(key + "=" + encodeURIComponent(fodValues[key]));
             }
         }
         return keyValuePairs;
@@ -133,21 +136,21 @@ fiftyoneDegreesManager = function() {
     // returned rather than letting an exception occur.
     var getFromJson = function(key, allowObjects, allowBooleans) {
         var result = undefined;
-        if(typeof allowObjects === 'undefined') { allowObjects = false; }
-        if(typeof allowBooleans === 'undefined') { allowBooleans = false; }
+        if (typeof allowObjects === "undefined") { allowObjects = false; }
+        if (typeof allowBooleans === "undefined") { allowBooleans = false; }
 
-        if (typeof(key) === 'string') {
+        if (typeof(key) === "string") {
             var functions = json;
             var segments = key.split('.');
             var i = 0;
             while (functions !== undefined && i < segments.length) {
                 functions = functions[segments[i++]];
             }
-            if (typeof(functions) === "string") {
+            if (typeof functions === "string") {
                 result = functions;
-            } else if (allowBooleans && typeof(functions) === "boolean") {
+            } else if (allowBooleans && typeof functions === "boolean") {
                 result = functions;
-            } else if (allowObjects && typeof functions === 'object' && functions !== null) {
+            } else if (allowObjects && typeof functions === "object" && functions !== null) {
                 result = functions;
             }
         }
@@ -183,7 +186,6 @@ fiftyoneDegreesManager = function() {
         var executeCallback = true;
         var started = 0;
         var cached = 0;
-        var cachedResponse = undefined;
         var toProcess = 0;
 
         // If there is no cached response and there are JavaScript code snippets
@@ -195,87 +197,113 @@ fiftyoneDegreesManager = function() {
             let session51DataPrefix = sessionKey + "_data_";
             let sessionSetPatch = 'window.sessionStorage["' + session51DataPrefix + '$3$6"]=$4$7';
             {{/_enableCookies}}
-                            
+
             // Execute each of the JavaScript property code snippets using the
             // index of the value to access the value to avoid problems with
             // JavaScript returning erroneous values.
             for (var index = 0; index < jsProperties.length; index++) {
                 var name = jsProperties[index];
-                if (jsPropertiesStarted.indexOf(name) === -1) {
-                    var body = getFromJson(name);
+                if (jsPropertiesStarted.indexOf(name) !== -1) {
+                    continue;
+                }
+                var body = getFromJson(name);
+
+                // If there is a body then this property should be processed.
+                if (body) {
+                    toProcess++;
+                }
+
+                var isCached = sessionStorage && sessionStorage.getItem(sessionKey + "_property_" + name);
 
-                    // If there is a body then this property should be processed.
-                    if (body) {
-                        toProcess++;
+                // If the property has already been processed then skip it.
+                if (isCached) {
+                    cached++;
+                    continue;
+                }
+
+                // Create new function bound to this instance and execute it.
+                // This is needed to ensure the scope of the function is
+                // associated with this instance if any members are altered or
+                // added. Avoids global scoped variables.
+
+                var delay = getFromJson(name + 'delayexecution', false, true);
+
+                if (
+                    (ignoreDelayFlag || delay === undefined || delay === false) &&
+                    typeof body === "string" &&
+                    body.length
+                ) {
+                    var func = undefined;
+                    var searchString = '// 51D replace this comment with callback function.';
+                    completed = false;
+                    jsPropertiesStarted.push(name);
+                    started++;
+
+                    {{^_enableCookies}}
+                    body = body.replaceAll(valueSetPrefix, sessionSetPatch);
+                    {{/_enableCookies}}
+
+                    if (body.indexOf(searchString) !== -1){
+                        callbackCounter++;
+                        body = body.replace(/\/\/ 51D replace this comment with callback function./g, 'callbackFunc(resolveFunc, rejectFunc);');
+                        func = new Function('callbackFunc', 'resolveFunc', 'rejectFunc',
+                            "try {\n" +
+                            body + "\n" +
+                            "} catch (err) {\n" +
+                            "console.log(err);" +
+                            "}"
+                        );
+                        func(completedCallback, resolve, reject);
+                        executeCallback = false;
+                    } else {
+                        func = new Function(
+                            "try {\n" +
+                            body + "\n" +
+                            "} catch (err) {\n" +
+                            "console.log(err);" +
+                            "}"
+                        );
+                        func();
                     }
-                    var isCached = sessionStorage && sessionStorage.getItem(sessionKey + "_property_" + name);
-
-                    if (!isCached) {
-                        // Create new function bound to this instance and execute it.
-                        // This is needed to ensure the scope of the function is
-                        // associated with this instance if any members are altered or
-                        // added. Avoids global scoped variables.
-
-                        var delay = getFromJson(name + 'delayexecution', false, true);
-
-                        if ((ignoreDelayFlag || (delay === undefined || delay === false)) &&
-                            body !== undefined) {
-                            var func = undefined;
-                            var searchString = '// 51D replace this comment with callback function.';
-                            completed = false;
-                            jsPropertiesStarted.push(name);
-                            started++;
-
-                            {{^_enableCookies}}
-                            body = body.replaceAll(valueSetPrefix, sessionSetPatch);
-                            {{/_enableCookies}}
-
-                            if (body.indexOf(searchString) !== -1){
-                                callbackCounter++;
-                                body = body.replace(/\/\/ 51D replace this comment with callback function./g, 'callbackFunc(resolveFunc, rejectFunc);');
-                                func = new Function('callbackFunc', 'resolveFunc', 'rejectFunc',
-                                    "try {\n" +
-                                    body + "\n" +
-                                    "} catch (err) {\n" +
-                                    "console.log(err);" +
-                                    "}"
-                                );
-                                func(completedCallback, resolve, reject);
-                                executeCallback = false;
-                            } else {
-                                func = new Function(
-                                    "try {\n" +
-                                    body + "\n" +
-                                    "} catch (err) {\n" +
-                                    "console.log(err);" +
-                                    "}"
-                                );
-                                func();
-                            }
-                            if (sessionStorage) {
-                                sessionStorage.setItem(sessionKey + "_property_" + name, true)
+
+                    if (sessionStorage) {
+                        sessionStorage.setItem(sessionKey + "_property_" + name, true)
+                    }
+
+                    // If the property is `javascripthardwareprofile` then check if the
+                    // profile has been set. If not then remove current property from
+                    // the list of properties that have started to prevent the
+                    // 2nd request from being made.
+                    if (name === "device.javascripthardwareprofile") {
+                        var hrw = getFodSavedValues();
+                        if (hrw && !hrw["51D_ProfileIds"]) {
+                            // find and remove name from jsPropertiesStarted
+                            var propIndex = jsPropertiesStarted.indexOf(name);
+                            if (propIndex > -1) {
+                                jsPropertiesStarted.splice(index, 1);
                             }
+                            started--;
+                            toProcess--;
                         }
-                    } else {
-                        cached++;
                     }
                 }
             }
         }
-        if(cached === toProcess || started === 0)  {
-            if (sessionStorage) {
-                var cachedResponse = sessionStorage.getItem(sessionKey);
-                if (cachedResponse) {
-                    loadJSON(resolve, reject, cachedResponse);
-                    executeCallback = false;
-                }
+
+        if ((cached === toProcess || started === 0) && sessionStorage)  {
+            var cachedResponse = sessionStorage.getItem(sessionKey);
+            if (cachedResponse) {
+                loadJSON(resolve, reject, cachedResponse);
+                executeCallback = false;
             }
         }
 
         if (started === 0) {
             executeCallback = false;
+            failed = false;
             completed = true;
         }
+
         if (executeCallback) {
             callbackCounter = 1;
             completedCallback(resolve, reject);
@@ -343,7 +371,13 @@ fiftyoneDegreesManager = function() {
 {{#_updateEnabled}}
     // Process the response as json and call the resolve method.
     var loadJSON = function(resolve, reject, responseText) {
-        json = JSON.parse(responseText);
+        try {
+            json = JSON.parse(responseText);
+        } catch(err) {
+            clearCache();
+            reject(new Error("Invalid JSON - the endpoint is likely setup incorrectly", { cause: err }));
+            return;
+        }
 
         if (hasJSFunctions()) {
             // json updated so fire 'on change' functions
@@ -352,6 +386,7 @@ fiftyoneDegreesManager = function() {
             fireChangeFuncs(json);
             process(resolve, reject);
         } else {
+            failed = false;
             completed = true;
             // json updated so fire 'on change' functions
             // This must happen after completed = true in order
@@ -476,7 +511,28 @@ fiftyoneDegreesManager = function() {
 
     // Function logs errors, used to 'reject' a promise or for error callbacks.
     var catchError = function(value) {
-        console.log(value.message || value);
+        failed = true;
+		function errorToDesc(subError) {
+			let msg = subError.message;
+			if (!msg) {
+				msg = String(subError);
+			}
+			let cause = subError.cause;
+			if (cause) {
+				msg += '\n--- caused by ---\n';
+				msg += errorToDesc(cause);
+			}
+			return msg;
+		}
+        let errorDesc = errorToDesc(value);
+        console.log(errorDesc);
+
+        if (json.errors === null || json.errors === undefined) {
+            json.errors = [errorDesc];
+        } else if (Array.isArray(json.errors)) {
+            json.errors.push(errorDesc);
+        }
+        fireChangeFuncs(json);
     }
 
     // Populate this instance of the FOD object with getters to access the
@@ -588,11 +644,11 @@ fiftyoneDegreesManager = function() {
         }
 
 {{/_hasDelayedProperties}}
-        if(completed){
+        if(completed || failed){
             resolve(json);
         }else{
             this.onChange(function(data) {
-                if(completed){
+                if(completed || failed){
                     resolve(data);
                 }
             })
@@ -606,6 +662,7 @@ fiftyoneDegreesManager = function() {
     this.promise.then(function(value) {
         // JSON has been updated so replace the current instance.
         update.call(parent, value);
+        failed = false;
         completed = true;
     }).catch(catchError);
 {{/_supportsPromises}}

package/javascript-templates/README.md

@@ -6,6 +6,53 @@ Store shared (mustache) templates to be used by the implementation of `JavaScrip
 
 The [language-independent specification](https://github.com/51Degrees/specifications) describes how JavaScriptBuilderElement is used [here](https://github.com/51Degrees/specifications/blob/36ff732360acb49221dc81237281264dac4eb897/pipeline-specification/pipeline-elements/javascript-builder.md). The mechanics is: javascript file is requested from the server (on-premise web integration) and is created from this mustache template by the JavaScriptBuilderElement. It then collects more evidence, sends it to the server and upon response calls a callback function providing the client with more precise device data.
 
+## Cookies -> Session storage Transformation 
+
+The processJsProperties function in javascript template has a section that uses regex to search the injected JavaScript for any commands that set cookie values to the browser's document object. It then transforms this command so that it sets session storage values instead. This format should be accounted for when writing JavaScript properties. 
+
+---
+
+### Cookie Transformation regular expression rules
+
+#### Valid Format for Cookie Statements:
+- **Cookie Assignment**: The expression should start with `document.cookie = `
+- **Spaces**: Spaces around the first `=` sign are optional
+- **Cookie Name**: The name of the cookie should only contain alphanumeric characters, underscores, and must not have spaces
+- **Assignment with Double Quotes**: The cookie value assignment can use double quotes, and the value should be set programmatically by concatenating a string with a variable or expression
+- **Assignment with Backticks**: The cookie value assignment can use backticks for template literals, and the value can be set programmatically using expressions inside `${}`
+- **No Direct Value Assignment**: Directly setting a value within the string is not allowed; values must be set programmatically
+
+#### Regular Expression:
+```javascript
+/document\.cookie\s*=\s*(("([A-Za-z0-9_"\s\+]+)\s*=\s*"\s*\+\s*([^\s};]+))|(`([A-Za-z0-9_]+)\s*=\s*\$\{([^}]+)\}`))/g
+```
+
+#### Valid Examples:
+```javascript
+document.cookie="51D_PropertyName="+"True"; // No spaces around the equals and/or plus sign
+document.cookie = "51D_PropertyName=" + "True"; // Spaces around the equals sign
+document.cookie = "51D_PropertyName=" + screen.height; // Assigning a value using a variable
+document.cookie="51D_PropertyName="+screen.height; // No spaces, variable assignment
+document.cookie=`51D_PropertyName=${btoa(JSON.stringify(value))}` // Using a template literal with an expression
+document.cookie="51D_PropertyName="+profileIds.join("|") // Assigning a value using a joined string of variables
+document.cookie = `51D_PropertyName=${"True"}`; // Using backticks for programmatic value assignment
+```
+
+#### Invalid Examples:
+```javascript
+document.cookie = "51D_PropertyName=True"; // Direct assignment within the string is not allowed
+document.cookie = "51D_PropertyName=" + profileIds.join(" ") // Spaces within the expression are not allowed
+document.cookie = "  51D_PropertyName  = " + "True"; // Spaces inside the cookie name are not allowed
+document.cookie = `  51D_PropertyName  =${"True"}`; // Spaces inside the template literal are not allowed
+document.cookie = `51D_PropertyName=START${window.middle}END`; // Concatenating strings directly within template literals is not allowed
+```
+---
+
+## CSP Considerations
+[Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is an added layer of security to mitigate cross-site and other types of attacks.  CSP limits which 3rd party resources are loaded and what these resources are allowed to do.  51Degrees JavaScript produced from the template is usually such a 3rd party resource when hosted on [51Degrees cloud](https://cloud.51degrees.com/api-docs/index.html).  If CSP header specifies [script-src](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src) it has to list 51Degrees cloud origin as a source and also add 'unsafe-eval' as a source.
+
+`'unsafe-eval'` source is needed because the template loads and executes dynamic javascript code snippets relying on JavaScript Function API which is in the eval() family. The snippets are part of the data file and are frequently updated to support latest changes in the browsers. Snippet execution may cause multiple server calls to load more dynamic code (in theory, in practice it usually comes down to a single server call) - thus this code can not be statically included in the template and has to be loaded dynamically as part of the JSON response of the server. 
+
 ## Shipping / Deployment
 
 This repo is not a stand-alone package, but is shipped as part of and used by each of the following repositories / packages:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fiftyone.pipeline.core",
-  "version": "4.4.104",
+  "version": "4.4.105",
   "description": "Core library for the 51Degrees Pipeline API",
   "keywords": [
     "51degrees",