oidc-spa 7.1.7 → 7.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/AuthResponse.d.ts +0 -1
- package/core/AuthResponse.js +0 -7
- package/core/AuthResponse.js.map +1 -1
- package/core/createOidc.js +1 -1
- package/core/handleOidcCallback.d.ts +2 -0
- package/core/handleOidcCallback.js +35 -9
- package/core/handleOidcCallback.js.map +1 -1
- package/core/iframeMessageProtection.d.ts +20 -0
- package/core/iframeMessageProtection.js +135 -0
- package/core/iframeMessageProtection.js.map +1 -0
- package/core/loginSilent.js +141 -118
- package/core/loginSilent.js.map +1 -1
- package/entrypoint.d.ts +1 -0
- package/entrypoint.js +15 -1
- package/entrypoint.js.map +1 -1
- package/package.json +9 -1
- package/src/core/AuthResponse.ts +0 -9
- package/src/core/handleOidcCallback.ts +43 -9
- package/src/core/iframeMessageProtection.ts +99 -0
- package/src/core/loginSilent.ts +20 -4
- package/src/entrypoint.ts +31 -3
- package/src/tools/asymmetricEncryption.ts +184 -0
- package/tools/asymmetricEncryption.d.ts +18 -0
- package/tools/asymmetricEncryption.js +181 -0
- package/tools/asymmetricEncryption.js.map +1 -0
package/core/AuthResponse.d.ts
CHANGED
package/core/AuthResponse.js
CHANGED
|
@@ -27,15 +27,8 @@ var __read = (this && this.__read) || function (o, n) {
|
|
|
27
27
|
return ar;
|
|
28
28
|
};
|
|
29
29
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
30
|
-
exports.getIsAuthResponse = getIsAuthResponse;
|
|
31
30
|
exports.authResponseToUrl = authResponseToUrl;
|
|
32
31
|
var urlSearchParams_1 = require("../tools/urlSearchParams");
|
|
33
|
-
function getIsAuthResponse(data) {
|
|
34
|
-
return (data instanceof Object &&
|
|
35
|
-
"state" in data &&
|
|
36
|
-
typeof data.state === "string" &&
|
|
37
|
-
Object.values(data).every(function (value) { return value === undefined || typeof value === "string"; }));
|
|
38
|
-
}
|
|
39
32
|
function authResponseToUrl(authResponse) {
|
|
40
33
|
var e_1, _a;
|
|
41
34
|
var authResponseUrl = "https://dummy.com";
|
package/core/AuthResponse.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthResponse.js","sourceRoot":"","sources":["../src/core/AuthResponse.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA,
|
|
1
|
+
{"version":3,"file":"AuthResponse.js","sourceRoot":"","sources":["../src/core/AuthResponse.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA,8CAgBC;AAvBD,4DAAkE;AAOlE,SAAgB,iBAAiB,CAAC,YAA0B;;IACxD,IAAI,eAAe,GAAG,mBAAmB,CAAC;;QAE1C,KAA4B,IAAA,KAAA,SAAA,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA,gBAAA,4BAAE,CAAC;YAAhD,IAAA,KAAA,mBAAa,EAAZ,MAAI,QAAA,EAAE,KAAK,QAAA;YACnB,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACtB,SAAS;YACb,CAAC;YACD,eAAe,GAAG,IAAA,wCAAsB,EAAC;gBACrC,GAAG,EAAE,eAAe;gBACpB,IAAI,QAAA;gBACJ,KAAK,OAAA;gBACL,YAAY,EAAE,UAAU;aAC3B,CAAC,CAAC;QACP,CAAC;;;;;;;;;IAED,OAAO,eAAe,CAAC;AAC3B,CAAC"}
|
package/core/createOidc.js
CHANGED
|
@@ -125,7 +125,7 @@ var trustedFetch_1 = require("./trustedFetch");
|
|
|
125
125
|
var getIsOnline_1 = require("../tools/getIsOnline");
|
|
126
126
|
(0, handleOidcCallback_1.handleOidcCallback)();
|
|
127
127
|
// NOTE: Replaced at build time
|
|
128
|
-
var VERSION = "7.1.
|
|
128
|
+
var VERSION = "7.1.9";
|
|
129
129
|
var globalContext = {
|
|
130
130
|
prOidcByConfigId: new Map(),
|
|
131
131
|
hasLogoutBeenCalled: (0, tsafe_1.id)(false),
|
|
@@ -3,6 +3,8 @@ import type { AuthResponse } from "./AuthResponse";
|
|
|
3
3
|
export declare function handleOidcCallback(): {
|
|
4
4
|
isHandled: boolean;
|
|
5
5
|
};
|
|
6
|
+
declare const moveRedirectAuthResponseFromSessionStorageToMemory: () => void;
|
|
7
|
+
export { moveRedirectAuthResponseFromSessionStorageToMemory };
|
|
6
8
|
export declare function retrieveRedirectAuthResponseAndStateData(params: {
|
|
7
9
|
configId: string;
|
|
8
10
|
}): {
|
|
@@ -47,12 +47,14 @@ var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
|
|
|
47
47
|
return to.concat(ar || Array.prototype.slice.call(from));
|
|
48
48
|
};
|
|
49
49
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
50
|
+
exports.moveRedirectAuthResponseFromSessionStorageToMemory = void 0;
|
|
50
51
|
exports.handleOidcCallback = handleOidcCallback;
|
|
51
52
|
exports.retrieveRedirectAuthResponseAndStateData = retrieveRedirectAuthResponseAndStateData;
|
|
52
53
|
var StateData_1 = require("./StateData");
|
|
53
54
|
var tsafe_1 = require("../vendor/frontend/tsafe");
|
|
54
55
|
var initialLocationHref_1 = require("./initialLocationHref");
|
|
55
56
|
var trustedFetch_1 = require("./trustedFetch");
|
|
57
|
+
var iframeMessageProtection_1 = require("./iframeMessageProtection");
|
|
56
58
|
(0, trustedFetch_1.captureFetch)();
|
|
57
59
|
var globalContext = {
|
|
58
60
|
previousCall: (0, tsafe_1.id)(undefined)
|
|
@@ -126,7 +128,8 @@ function handleOidcCallback_nonMemoized() {
|
|
|
126
128
|
// NOTE: This is a "better than nothing" approach.
|
|
127
129
|
// Under some circumstances it's possible to get stuck on this url
|
|
128
130
|
// if there is no "next" page in the history for example, navigating
|
|
129
|
-
// forward is a NoOp. So in that case it's better to
|
|
131
|
+
// forward is a NoOp. So in that case it's better to reload the same route
|
|
132
|
+
// with just the authResponse removed from the url to avoid re-entering here.
|
|
130
133
|
setTimeout(function () {
|
|
131
134
|
var _a = window.location, protocol = _a.protocol, host = _a.host, pathname = _a.pathname, hash = _a.hash;
|
|
132
135
|
window.location.href = "".concat(protocol, "//").concat(host).concat(pathname).concat(hash);
|
|
@@ -151,9 +154,12 @@ function handleOidcCallback_nonMemoized() {
|
|
|
151
154
|
(0, tsafe_1.assert)(authResponse.state !== "", "063965");
|
|
152
155
|
switch (stateData.context) {
|
|
153
156
|
case "iframe":
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
}
|
|
157
|
+
(0, iframeMessageProtection_1.encryptAuthResponse)({
|
|
158
|
+
authResponse: authResponse
|
|
159
|
+
}).then(function (_a) {
|
|
160
|
+
var encryptedMessage = _a.encryptedMessage;
|
|
161
|
+
return parent.postMessage(encryptedMessage, location.origin);
|
|
162
|
+
});
|
|
157
163
|
break;
|
|
158
164
|
case "redirect":
|
|
159
165
|
(0, StateData_1.markStateDataAsProcessedByCallback)({ stateQueryParamValue: stateQueryParamValue });
|
|
@@ -177,8 +183,17 @@ function handleOidcCallback_nonMemoized() {
|
|
|
177
183
|
}
|
|
178
184
|
var _a = (function () {
|
|
179
185
|
var AUTH_RESPONSES_KEY = "oidc-spa:authResponses";
|
|
186
|
+
var authResponses_movedToMemoryFromSessionStorage = undefined;
|
|
187
|
+
// NOTE: Here we note that we can re-write on session storage some auth response
|
|
188
|
+
// after earlyInit in retrieveRedirectAuthResponseAndStateData
|
|
189
|
+
// In situation where there are more than one client in the same app and we can't use iframe,
|
|
190
|
+
// we can have one client that has to redirect before the response has been dealt with.
|
|
191
|
+
// In most case it won't happen if the init sequence is deterministic but the client
|
|
192
|
+
// can be instantiated at any time really.
|
|
193
|
+
// So the move to memory of the response is fully effective only when theres one client.
|
|
180
194
|
function writeRedirectAuthResponses(params) {
|
|
181
195
|
var authResponses = params.authResponses;
|
|
196
|
+
authResponses_movedToMemoryFromSessionStorage = undefined;
|
|
182
197
|
if (authResponses.length === 0) {
|
|
183
198
|
sessionStorage.removeItem(AUTH_RESPONSES_KEY);
|
|
184
199
|
return;
|
|
@@ -186,14 +201,27 @@ var _a = (function () {
|
|
|
186
201
|
sessionStorage.setItem(AUTH_RESPONSES_KEY, JSON.stringify(authResponses));
|
|
187
202
|
}
|
|
188
203
|
function readRedirectAuthResponses() {
|
|
204
|
+
if (authResponses_movedToMemoryFromSessionStorage !== undefined) {
|
|
205
|
+
return authResponses_movedToMemoryFromSessionStorage;
|
|
206
|
+
}
|
|
189
207
|
var raw = sessionStorage.getItem(AUTH_RESPONSES_KEY);
|
|
190
208
|
if (raw === null) {
|
|
191
209
|
return [];
|
|
192
210
|
}
|
|
193
211
|
return JSON.parse(raw);
|
|
194
212
|
}
|
|
195
|
-
|
|
196
|
-
|
|
213
|
+
function moveRedirectAuthResponseFromSessionStorageToMemory() {
|
|
214
|
+
var authResponses = readRedirectAuthResponses();
|
|
215
|
+
writeRedirectAuthResponses({ authResponses: [] });
|
|
216
|
+
authResponses_movedToMemoryFromSessionStorage = authResponses;
|
|
217
|
+
}
|
|
218
|
+
return {
|
|
219
|
+
writeRedirectAuthResponses: writeRedirectAuthResponses,
|
|
220
|
+
readRedirectAuthResponses: readRedirectAuthResponses,
|
|
221
|
+
moveRedirectAuthResponseFromSessionStorageToMemory: moveRedirectAuthResponseFromSessionStorageToMemory
|
|
222
|
+
};
|
|
223
|
+
})(), readRedirectAuthResponses = _a.readRedirectAuthResponses, writeRedirectAuthResponses = _a.writeRedirectAuthResponses, moveRedirectAuthResponseFromSessionStorageToMemory = _a.moveRedirectAuthResponseFromSessionStorageToMemory;
|
|
224
|
+
exports.moveRedirectAuthResponseFromSessionStorageToMemory = moveRedirectAuthResponseFromSessionStorageToMemory;
|
|
197
225
|
function retrieveRedirectAuthResponseAndStateData(params) {
|
|
198
226
|
var e_2, _a;
|
|
199
227
|
var configId = params.configId;
|
|
@@ -223,9 +251,7 @@ function retrieveRedirectAuthResponseAndStateData(params) {
|
|
|
223
251
|
}
|
|
224
252
|
finally { if (e_2) throw e_2.error; }
|
|
225
253
|
}
|
|
226
|
-
|
|
227
|
-
writeRedirectAuthResponses({ authResponses: authResponses });
|
|
228
|
-
}
|
|
254
|
+
writeRedirectAuthResponses({ authResponses: authResponses });
|
|
229
255
|
return authResponseAndStateData;
|
|
230
256
|
}
|
|
231
257
|
function reloadOnBfCacheNavigation() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handleOidcCallback.js","sourceRoot":"","sources":["../src/core/handleOidcCallback.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"handleOidcCallback.js","sourceRoot":"","sources":["../src/core/handleOidcCallback.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA,gDAMC;AAsMD,4FAkCC;AAhQD,yCAKqB;AACrB,kDAAsD;AAEtD,6DAA4D;AAC5D,+CAA8C;AAC9C,qEAAgE;AAEhE,IAAA,2BAAY,GAAE,CAAC;AAEf,IAAM,aAAa,GAAG;IAClB,YAAY,EAAE,IAAA,UAAE,EAAqC,SAAS,CAAC;CAClE,CAAC;AAEF,SAAgB,kBAAkB;IAC9B,IAAI,aAAa,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QAC3C,OAAO,aAAa,CAAC,YAAY,CAAC;IACtC,CAAC;IAED,OAAO,CAAC,aAAa,CAAC,YAAY,GAAG,8BAA8B,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,8BAA8B;;IACnC,IAAM,eAAe,GAAG,IAAI,GAAG,CAAC,yCAAmB,CAAC,CAAC;IAErD,IAAM,oBAAoB,GAAG,CAAC;QAC1B,IAAM,oBAAoB,GAAG,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEvE,IAAI,oBAAoB,KAAK,IAAI,EAAE,CAAC;YAChC,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,IAAI,CAAC,IAAA,oCAAwB,EAAC,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,CAAC,EAAE,CAAC;YACjF,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,IACI,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,IAAI;YACtD,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,IAAI;YAC1D,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,IAAI,EAC3D,CAAC;YACC,mFAAmF;YACnF,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,OAAO,oBAAoB,CAAC;IAChC,CAAC,CAAC,EAAE,CAAC;IAEL,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;QACrC,IAAM,kBAAkB,GAAG,sBAAsB,EAAE,CAAC;QAEpD,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;YACnC,uBAAuB,CAAC;gBACpB,kBAAkB,wBACX,kBAAkB,KACrB,iBAAiB,EAAE,IAAI,GAC1B;aACJ,CAAC,CAAC;QACP,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IAChC,CAAC;IAED,IAAM,SAAS,GAAG,IAAI,CAAC;IAEvB,OAAO,CAAC,GAAG,GAAG,cAAO,CAAC,CAAC;IACvB,OAAO,CAAC,IAAI,GAAG,cAAO,CAAC,CAAC;IACxB,OAAO,CAAC,KAAK,GAAG,cAAO,CAAC,CAAC;IACzB,OAAO,CAAC,KAAK,GAAG,cAAO,CAAC,CAAC;IAEzB,IAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,oBAAoB,sBAAA,EAAE,CAAC,CAAC;IAEzD,IACI,SAAS,KAAK,SAAS;QACvB,CAAC,SAAS,CAAC,OAAO,KAAK,UAAU,IAAI,SAAS,CAAC,0BAA0B,CAAC,EAC5E,CAAC;QACC,IAAM,eAAa,GAAuB,CAAC;YACvC,IAAM,kBAAkB,GAAG,sBAAsB,EAAE,CAAC;YAEpD,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;gBACnC,OAAO,MAAM,CAAC;YAClB,CAAC;YAED,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,EAAE,CAAC;gBACxC,OAAO,kBAAkB,CAAC,qBAAqB,CAAC;YACpD,CAAC;YAED,QAAQ,kBAAkB,CAAC,qBAAqB,EAAE,CAAC;gBAC/C,KAAK,MAAM;oBACP,OAAO,SAAS,CAAC;gBACrB,KAAK,SAAS;oBACV,OAAO,MAAM,CAAC;YACtB,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,uBAAuB,CAAC;YACpB,kBAAkB,EAAE;gBAChB,qBAAqB,EAAE,eAAa;gBACpC,iBAAiB,EAAE,KAAK;aAC3B;SACJ,CAAC,CAAC;QAEH,UAAU,CAAC;YACP,yBAAyB,EAAE,CAAC;YAE5B,MAAM,CAAC,OAAO,CAAC,eAAa,CAAC,EAAE,CAAC;YAEhC,kDAAkD;YAClD,kEAAkE;YAClE,oEAAoE;YACpE,0EAA0E;YAC1E,6EAA6E;YAC7E,UAAU,CAAC;gBACD,IAAA,KAAqC,MAAM,CAAC,QAAQ,EAAlD,QAAQ,cAAA,EAAE,IAAI,UAAA,EAAE,QAAQ,cAAA,EAAE,IAAI,UAAoB,CAAC;gBAC3D,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,UAAG,QAAQ,eAAK,IAAI,SAAG,QAAQ,SAAG,IAAI,CAAE,CAAC;YACpE,CAAC,EAAE,GAAG,CAAC,CAAC;QACZ,CAAC,EAAE,CAAC,CAAC,CAAC;QAEN,OAAO,EAAE,SAAS,WAAA,EAAE,CAAC;IACzB,CAAC;IAED,IAAM,YAAY,GAAiB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;;QAEjD,KAA2B,IAAA,KAAA,SAAA,eAAe,CAAC,YAAY,CAAA,gBAAA,4BAAE,CAAC;YAA/C,IAAA,KAAA,mBAAY,EAAX,GAAG,QAAA,EAAE,KAAK,QAAA;YAClB,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC9B,CAAC;;;;;;;;;IAED,IAAA,cAAM,EAAC,YAAY,CAAC,KAAK,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;IAE5C,QAAQ,SAAS,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,QAAQ;YACT,IAAA,6CAAmB,EAAC;gBAChB,YAAY,cAAA;aACf,CAAC,CAAC,IAAI,CAAC,UAAC,EAAoB;oBAAlB,gBAAgB,sBAAA;gBAAO,OAAA,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC;YAArD,CAAqD,CAAC,CAAC;YACzF,MAAM;QACV,KAAK,UAAU;YACX,IAAA,8CAAkC,EAAC,EAAE,oBAAoB,sBAAA,EAAE,CAAC,CAAC;YAC7D,uBAAuB,EAAE,CAAC;YAC1B,0BAA0B,CAAC;gBACvB,aAAa,yCAAM,yBAAyB,EAAE,YAAE,YAAY,SAAC;aAChE,CAAC,CAAC;YACH,yBAAyB,EAAE,CAAC;YAC5B,UAAU,CAAC;gBACP,IAAM,IAAI,GAAG,CAAC;oBACV,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;wBAC5E,OAAO,SAAS,CAAC,+BAA+B,CAAC;oBACrD,CAAC;oBAED,OAAO,SAAS,CAAC,WAAW,CAAC;gBACjC,CAAC,CAAC,EAAE,CAAC;gBAEL,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;YACzB,CAAC,EAAE,CAAC,CAAC,CAAC;YACN,MAAM;IACd,CAAC;IAED,OAAO,EAAE,SAAS,WAAA,EAAE,CAAC;AACzB,CAAC;AAEK,IAAA,KAIF,CAAC;IACD,IAAM,kBAAkB,GAAG,wBAAwB,CAAC;IAEpD,IAAI,6CAA6C,GAA+B,SAAS,CAAC;IAE1F,gFAAgF;IAChF,8DAA8D;IAC9D,6FAA6F;IAC7F,uFAAuF;IACvF,oFAAoF;IACpF,0CAA0C;IAC1C,wFAAwF;IACxF,SAAS,0BAA0B,CAAC,MAAyC;QACjE,IAAA,aAAa,GAAK,MAAM,cAAX,CAAY;QAEjC,6CAA6C,GAAG,SAAS,CAAC;QAE1D,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,cAAc,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;YAC9C,OAAO;QACX,CAAC;QACD,cAAc,CAAC,OAAO,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,SAAS,yBAAyB;QAC9B,IAAI,6CAA6C,KAAK,SAAS,EAAE,CAAC;YAC9D,OAAO,6CAA6C,CAAC;QACzD,CAAC;QAED,IAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAEvD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACf,OAAO,EAAE,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,SAAS,kDAAkD;QACvD,IAAM,aAAa,GAAG,yBAAyB,EAAE,CAAC;QAElD,0BAA0B,CAAC,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC,CAAC;QAElD,6CAA6C,GAAG,aAAa,CAAC;IAClE,CAAC;IAED,OAAO;QACH,0BAA0B,4BAAA;QAC1B,yBAAyB,2BAAA;QACzB,kDAAkD,oDAAA;KACrD,CAAC;AACN,CAAC,CAAC,EAAE,EAtDA,yBAAyB,+BAAA,EACzB,0BAA0B,gCAAA,EAC1B,kDAAkD,wDAoDlD,CAAC;AAEI,gHAAkD;AAE3D,SAAgB,wCAAwC,CAAC,MAExD;;IACW,IAAA,QAAQ,GAAK,MAAM,SAAX,CAAY;IAE5B,IAAM,aAAa,GAAG,yBAAyB,EAAE,CAAC;IAElD,IAAI,wBAAwB,GAEV,SAAS,CAAC;;QAE5B,KAA2B,IAAA,KAAA,kCAAI,aAAa,UAAC,gBAAA,4BAAE,CAAC;YAA3C,IAAM,YAAY,WAAA;YACnB,IAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,oBAAoB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;YAE7E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC1B,6DAA6D;gBAC7D,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC7D,SAAS;YACb,CAAC;YAED,IAAA,cAAM,EAAC,SAAS,CAAC,OAAO,KAAK,UAAU,EAAE,QAAQ,CAAC,CAAC;YAEnD,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAClC,SAAS;YACb,CAAC;YAED,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;YAE7D,wBAAwB,GAAG,EAAE,YAAY,cAAA,EAAE,SAAS,WAAA,EAAE,CAAC;QAC3D,CAAC;;;;;;;;;IAED,0BAA0B,CAAC,EAAE,aAAa,eAAA,EAAE,CAAC,CAAC;IAE9C,OAAO,wBAAwB,CAAC;AACpC,CAAC;AAED,SAAS,yBAAyB;IAC9B,IAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,CAAC,gBAAgB,CAAC,UAAU,EAAE;QAChC,IAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAEnC,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YAChB,OAAO;QACX,CAAC;QACD,QAAQ,CAAC,MAAM,EAAE,CAAC;IACtB,CAAC,CAAC,CAAC;AACP,CAAC;AAEK,IAAA,KAA+E,CAAC;IAClF,IAAM,2BAA2B,GAAG,wCAAwC,CAAC;IAO7E,SAAS,uBAAuB,CAAC,MAAkD;QACvE,IAAA,kBAAkB,GAAK,MAAM,mBAAX,CAAY;QAEtC,cAAc,CAAC,OAAO,CAAC,2BAA2B,EAAE,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5F,CAAC;IAED,SAAS,sBAAsB;QAC3B,IAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;QAEhE,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACf,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,SAAS,uBAAuB;QAC5B,cAAc,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,EAAE,uBAAuB,yBAAA,EAAE,sBAAsB,wBAAA,EAAE,uBAAuB,yBAAA,EAAE,CAAC;AACxF,CAAC,CAAC,EAAE,EA7BI,uBAAuB,6BAAA,EAAE,sBAAsB,4BAAA,EAAE,uBAAuB,6BA6B5E,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { type AuthResponse } from "./AuthResponse";
|
|
2
|
+
export declare function preventSessionStorageSetItemOfPublicKeyByThirdParty(): void;
|
|
3
|
+
export declare function initIframeMessageProtection(params: {
|
|
4
|
+
stateQueryParamValue: string;
|
|
5
|
+
}): Promise<{
|
|
6
|
+
getIsEncryptedAuthResponse: (params: {
|
|
7
|
+
message: unknown;
|
|
8
|
+
}) => boolean;
|
|
9
|
+
decodeEncryptedAuth: (params: {
|
|
10
|
+
encryptedAuthResponse: string;
|
|
11
|
+
}) => Promise<{
|
|
12
|
+
authResponse: AuthResponse;
|
|
13
|
+
}>;
|
|
14
|
+
clearSessionStoragePublicKey: () => void;
|
|
15
|
+
}>;
|
|
16
|
+
export declare function encryptAuthResponse(params: {
|
|
17
|
+
authResponse: AuthResponse;
|
|
18
|
+
}): Promise<{
|
|
19
|
+
encryptedMessage: string;
|
|
20
|
+
}>;
|
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
12
|
+
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
|
|
13
|
+
return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
14
|
+
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
15
|
+
function step(op) {
|
|
16
|
+
if (f) throw new TypeError("Generator is already executing.");
|
|
17
|
+
while (g && (g = 0, op[0] && (_ = 0)), _) try {
|
|
18
|
+
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
19
|
+
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
20
|
+
switch (op[0]) {
|
|
21
|
+
case 0: case 1: t = op; break;
|
|
22
|
+
case 4: _.label++; return { value: op[1], done: false };
|
|
23
|
+
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
24
|
+
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
25
|
+
default:
|
|
26
|
+
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
27
|
+
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
28
|
+
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
29
|
+
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
30
|
+
if (t[2]) _.ops.pop();
|
|
31
|
+
_.trys.pop(); continue;
|
|
32
|
+
}
|
|
33
|
+
op = body.call(thisArg, _);
|
|
34
|
+
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
35
|
+
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
36
|
+
}
|
|
37
|
+
};
|
|
38
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
+
exports.preventSessionStorageSetItemOfPublicKeyByThirdParty = preventSessionStorageSetItemOfPublicKeyByThirdParty;
|
|
40
|
+
exports.initIframeMessageProtection = initIframeMessageProtection;
|
|
41
|
+
exports.encryptAuthResponse = encryptAuthResponse;
|
|
42
|
+
var assert_1 = require("tsafe/assert");
|
|
43
|
+
var asymmetricEncryption_1 = require("../tools/asymmetricEncryption");
|
|
44
|
+
var setItem_real = Storage.prototype.setItem;
|
|
45
|
+
var SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
46
|
+
function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
47
|
+
var setItem_protected = function setItem(key, value) {
|
|
48
|
+
if (this !== sessionStorage) {
|
|
49
|
+
return setItem_real.call(this, key, value);
|
|
50
|
+
}
|
|
51
|
+
if (key.startsWith(SESSION_STORAGE_PREFIX)) {
|
|
52
|
+
throw new Error("Attack prevented by oidc-spa. You have malicious code running in your system");
|
|
53
|
+
}
|
|
54
|
+
return setItem_real.call(sessionStorage, key, value);
|
|
55
|
+
};
|
|
56
|
+
{
|
|
57
|
+
var pd = Object.getOwnPropertyDescriptor(Storage.prototype, "setItem");
|
|
58
|
+
(0, assert_1.assert)(pd !== undefined);
|
|
59
|
+
Object.defineProperty(Storage.prototype, "setItem", {
|
|
60
|
+
enumerable: pd.enumerable,
|
|
61
|
+
writable: pd.writable,
|
|
62
|
+
value: setItem_protected
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
var ENCRYPTED_AUTH_RESPONSES_PREFIX = "oidc-spa_encrypted_authResponse_";
|
|
67
|
+
function getSessionStorageKey(params) {
|
|
68
|
+
var stateQueryParamValue = params.stateQueryParamValue;
|
|
69
|
+
return "".concat(SESSION_STORAGE_PREFIX).concat(stateQueryParamValue);
|
|
70
|
+
}
|
|
71
|
+
function initIframeMessageProtection(params) {
|
|
72
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
73
|
+
function getIsEncryptedAuthResponse(params) {
|
|
74
|
+
var message = params.message;
|
|
75
|
+
return typeof message === "string" && message.startsWith(ENCRYPTED_AUTH_RESPONSES_PREFIX);
|
|
76
|
+
}
|
|
77
|
+
function decodeEncryptedAuth(params) {
|
|
78
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
79
|
+
var encryptedAuthResponse, authResponse_str, authResponse;
|
|
80
|
+
return __generator(this, function (_a) {
|
|
81
|
+
switch (_a.label) {
|
|
82
|
+
case 0:
|
|
83
|
+
encryptedAuthResponse = params.encryptedAuthResponse;
|
|
84
|
+
return [4 /*yield*/, (0, asymmetricEncryption_1.asymmetricDecrypt)({
|
|
85
|
+
encryptedMessage: encryptedAuthResponse.slice(ENCRYPTED_AUTH_RESPONSES_PREFIX.length),
|
|
86
|
+
privateKey: privateKey
|
|
87
|
+
})];
|
|
88
|
+
case 1:
|
|
89
|
+
authResponse_str = (_a.sent()).message;
|
|
90
|
+
authResponse = JSON.parse(authResponse_str);
|
|
91
|
+
return [2 /*return*/, { authResponse: authResponse }];
|
|
92
|
+
}
|
|
93
|
+
});
|
|
94
|
+
});
|
|
95
|
+
}
|
|
96
|
+
function clearSessionStoragePublicKey() {
|
|
97
|
+
sessionStorage.removeItem(sessionStorageKey);
|
|
98
|
+
}
|
|
99
|
+
var stateQueryParamValue, _a, publicKey, privateKey, sessionStorageKey;
|
|
100
|
+
return __generator(this, function (_b) {
|
|
101
|
+
switch (_b.label) {
|
|
102
|
+
case 0:
|
|
103
|
+
stateQueryParamValue = params.stateQueryParamValue;
|
|
104
|
+
return [4 /*yield*/, (0, asymmetricEncryption_1.generateKeys)()];
|
|
105
|
+
case 1:
|
|
106
|
+
_a = _b.sent(), publicKey = _a.publicKey, privateKey = _a.privateKey;
|
|
107
|
+
sessionStorageKey = getSessionStorageKey({ stateQueryParamValue: stateQueryParamValue });
|
|
108
|
+
setItem_real.call(sessionStorage, sessionStorageKey, publicKey);
|
|
109
|
+
return [2 /*return*/, { getIsEncryptedAuthResponse: getIsEncryptedAuthResponse, decodeEncryptedAuth: decodeEncryptedAuth, clearSessionStoragePublicKey: clearSessionStoragePublicKey }];
|
|
110
|
+
}
|
|
111
|
+
});
|
|
112
|
+
});
|
|
113
|
+
}
|
|
114
|
+
function encryptAuthResponse(params) {
|
|
115
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
116
|
+
var authResponse, publicKey, encryptedMessage_withoutPrefix, encryptedMessage;
|
|
117
|
+
return __generator(this, function (_a) {
|
|
118
|
+
switch (_a.label) {
|
|
119
|
+
case 0:
|
|
120
|
+
authResponse = params.authResponse;
|
|
121
|
+
publicKey = sessionStorage.getItem(getSessionStorageKey({ stateQueryParamValue: authResponse.state }));
|
|
122
|
+
(0, assert_1.assert)(publicKey !== null, "2293302");
|
|
123
|
+
return [4 /*yield*/, (0, asymmetricEncryption_1.asymmetricEncrypt)({
|
|
124
|
+
publicKey: publicKey,
|
|
125
|
+
message: JSON.stringify(authResponse)
|
|
126
|
+
})];
|
|
127
|
+
case 1:
|
|
128
|
+
encryptedMessage_withoutPrefix = (_a.sent()).encryptedMessage;
|
|
129
|
+
encryptedMessage = "".concat(ENCRYPTED_AUTH_RESPONSES_PREFIX).concat(encryptedMessage_withoutPrefix);
|
|
130
|
+
return [2 /*return*/, { encryptedMessage: encryptedMessage }];
|
|
131
|
+
}
|
|
132
|
+
});
|
|
133
|
+
});
|
|
134
|
+
}
|
|
135
|
+
//# sourceMappingURL=iframeMessageProtection.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAQA,kHA0BC;AAUD,kEAmCC;AAED,kDAiBC;AAlGD,uCAAsC;AACtC,sEAAmG;AAGnG,IAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;AAE/C,IAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,SAAgB,mDAAmD;IAC/D,IAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC1B,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACzD,CAAC,CAAC;IAEF,CAAC;QACG,IAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,IAAA,eAAM,EAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,IAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,oBAAoB,CAAC,MAAwC;IAC1D,IAAA,oBAAoB,GAAK,MAAM,qBAAX,CAAY;IAExC,OAAO,UAAG,sBAAsB,SAAG,oBAAoB,CAAE,CAAC;AAC9D,CAAC;AAED,SAAsB,2BAA2B,CAAC,MAAwC;;QAStF,SAAS,0BAA0B,CAAC,MAA4B;YACpD,IAAA,OAAO,GAAK,MAAM,QAAX,CAAY;YAE3B,OAAO,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,CAAC,+BAA+B,CAAC,CAAC;QAC9F,CAAC;QAED,SAAe,mBAAmB,CAAC,MAElC;;;;;;4BACW,qBAAqB,GAAK,MAAM,sBAAX,CAAY;4BAEH,qBAAM,IAAA,wCAAiB,EAAC;oCAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CAAC,+BAA+B,CAAC,MAAM,CAAC;oCACrF,UAAU,YAAA;iCACb,CAAC,EAAA;;4BAHe,gBAAgB,GAAK,CAAA,SAGpC,CAAA,QAH+B;4BAK3B,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;4BAEhE,sBAAO,EAAE,YAAY,cAAA,EAAE,EAAC;;;;SAC3B;QAED,SAAS,4BAA4B;YACjC,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QACjD,CAAC;;;;;oBA/BO,oBAAoB,GAAK,MAAM,qBAAX,CAAY;oBAEN,qBAAM,IAAA,mCAAY,GAAE,EAAA;;oBAAhD,KAA4B,SAAoB,EAA9C,SAAS,eAAA,EAAE,UAAU,gBAAA;oBAEvB,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,oBAAoB,sBAAA,EAAE,CAAC,CAAC;oBAEzE,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;oBA2BhE,sBAAO,EAAE,0BAA0B,4BAAA,EAAE,mBAAmB,qBAAA,EAAE,4BAA4B,8BAAA,EAAE,EAAC;;;;CAC5F;AAED,SAAsB,mBAAmB,CAAC,MAAsC;;;;;;oBACpE,YAAY,GAAK,MAAM,aAAX,CAAY;oBAE1B,SAAS,GAAG,cAAc,CAAC,OAAO,CACpC,oBAAoB,CAAC,EAAE,oBAAoB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CACrE,CAAC;oBAEF,IAAA,eAAM,EAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;oBAEuB,qBAAM,IAAA,wCAAiB,EAAC;4BACjF,SAAS,WAAA;4BACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;yBACxC,CAAC,EAAA;;oBAHwB,8BAA8B,GAAK,CAAA,SAG3D,CAAA,iBAHsD;oBAKlD,gBAAgB,GAAG,UAAG,+BAA+B,SAAG,8BAA8B,CAAE,CAAC;oBAE/F,sBAAO,EAAE,gBAAgB,kBAAA,EAAE,EAAC;;;;CAC/B"}
|
package/core/loginSilent.js
CHANGED
|
@@ -69,132 +69,155 @@ var tsafe_1 = require("../vendor/frontend/tsafe");
|
|
|
69
69
|
var StateData_1 = require("./StateData");
|
|
70
70
|
var getDownlinkAndRtt_1 = require("../tools/getDownlinkAndRtt");
|
|
71
71
|
var isDev_1 = require("../tools/isDev");
|
|
72
|
-
var AuthResponse_1 = require("./AuthResponse");
|
|
73
72
|
var urlSearchParams_1 = require("../tools/urlSearchParams");
|
|
73
|
+
var iframeMessageProtection_1 = require("./iframeMessageProtection");
|
|
74
74
|
function loginSilent(params) {
|
|
75
75
|
return __awaiter(this, void 0, void 0, function () {
|
|
76
|
-
var oidcClientTsUserManager, stateQueryParamValue_instance, configId, transformUrlBeforeRedirect, getExtraQueryParams, getExtraTokenParams, autoLogin, dResult, timeoutDelayMs, timeout, listener, transformUrl_oidcClientTs;
|
|
76
|
+
var oidcClientTsUserManager, stateQueryParamValue_instance, configId, transformUrlBeforeRedirect, getExtraQueryParams, getExtraTokenParams, autoLogin, dResult, timeoutDelayMs, _a, decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey, timeout, listener, transformUrl_oidcClientTs;
|
|
77
77
|
var _this = this;
|
|
78
|
-
return __generator(this, function (
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
78
|
+
return __generator(this, function (_b) {
|
|
79
|
+
switch (_b.label) {
|
|
80
|
+
case 0:
|
|
81
|
+
oidcClientTsUserManager = params.oidcClientTsUserManager, stateQueryParamValue_instance = params.stateQueryParamValue_instance, configId = params.configId, transformUrlBeforeRedirect = params.transformUrlBeforeRedirect, getExtraQueryParams = params.getExtraQueryParams, getExtraTokenParams = params.getExtraTokenParams, autoLogin = params.autoLogin;
|
|
82
|
+
dResult = new Deferred_1.Deferred();
|
|
83
|
+
timeoutDelayMs = (function () {
|
|
84
|
+
if (autoLogin) {
|
|
85
|
+
return 25000;
|
|
86
|
+
}
|
|
87
|
+
var downlinkAndRtt = (0, getDownlinkAndRtt_1.getDownlinkAndRtt)();
|
|
88
|
+
var isDev = (0, isDev_1.getIsDev)();
|
|
89
|
+
// Base delay is the minimum delay we should wait in any case
|
|
90
|
+
var BASE_DELAY_MS = isDev ? 9000 : 7000;
|
|
91
|
+
if (downlinkAndRtt === undefined) {
|
|
92
|
+
return BASE_DELAY_MS;
|
|
93
|
+
}
|
|
94
|
+
var downlink = downlinkAndRtt.downlink, rtt = downlinkAndRtt.rtt;
|
|
95
|
+
// Calculate dynamic delay based on RTT and downlink
|
|
96
|
+
// Add 1 to downlink to avoid division by zero
|
|
97
|
+
var dynamicDelay = rtt * 2.5 + BASE_DELAY_MS / (downlink + 1);
|
|
98
|
+
return Math.max(BASE_DELAY_MS, dynamicDelay);
|
|
99
|
+
})();
|
|
100
|
+
return [4 /*yield*/, (0, iframeMessageProtection_1.initIframeMessageProtection)({
|
|
101
|
+
stateQueryParamValue: stateQueryParamValue_instance
|
|
102
|
+
})];
|
|
103
|
+
case 1:
|
|
104
|
+
_a = _b.sent(), decodeEncryptedAuth = _a.decodeEncryptedAuth, getIsEncryptedAuthResponse = _a.getIsEncryptedAuthResponse, clearSessionStoragePublicKey = _a.clearSessionStoragePublicKey;
|
|
105
|
+
timeout = setTimeout(function () { return __awaiter(_this, void 0, void 0, function () {
|
|
106
|
+
return __generator(this, function (_a) {
|
|
107
|
+
dResult.resolve({
|
|
108
|
+
outcome: "failure",
|
|
109
|
+
cause: "timeout"
|
|
110
|
+
});
|
|
111
|
+
return [2 /*return*/];
|
|
112
|
+
});
|
|
113
|
+
}); }, timeoutDelayMs);
|
|
114
|
+
listener = function (event) { return __awaiter(_this, void 0, void 0, function () {
|
|
115
|
+
var authResponse, stateData;
|
|
116
|
+
return __generator(this, function (_a) {
|
|
117
|
+
switch (_a.label) {
|
|
118
|
+
case 0:
|
|
119
|
+
if (event.origin !== window.location.origin) {
|
|
120
|
+
return [2 /*return*/];
|
|
121
|
+
}
|
|
122
|
+
if (!getIsEncryptedAuthResponse({
|
|
123
|
+
message: event.data
|
|
124
|
+
})) {
|
|
125
|
+
return [2 /*return*/];
|
|
126
|
+
}
|
|
127
|
+
return [4 /*yield*/, decodeEncryptedAuth({ encryptedAuthResponse: event.data })];
|
|
128
|
+
case 1:
|
|
129
|
+
authResponse = (_a.sent()).authResponse;
|
|
130
|
+
stateData = (0, StateData_1.getStateData)({ stateQueryParamValue: authResponse.state });
|
|
131
|
+
(0, tsafe_1.assert)(stateData !== undefined, "765645");
|
|
132
|
+
(0, tsafe_1.assert)(stateData.context === "iframe", "250711");
|
|
133
|
+
if (stateData.configId !== configId) {
|
|
134
|
+
return [2 /*return*/];
|
|
135
|
+
}
|
|
136
|
+
clearTimeout(timeout);
|
|
137
|
+
window.removeEventListener("message", listener);
|
|
138
|
+
dResult.resolve({
|
|
139
|
+
outcome: "got auth response from iframe",
|
|
140
|
+
authResponse: authResponse
|
|
141
|
+
});
|
|
142
|
+
return [2 /*return*/];
|
|
143
|
+
}
|
|
144
|
+
});
|
|
145
|
+
}); };
|
|
146
|
+
window.addEventListener("message", listener, false);
|
|
147
|
+
transformUrl_oidcClientTs = function (url) {
|
|
148
|
+
var e_1, _a;
|
|
149
|
+
add_extra_query_params: {
|
|
150
|
+
if (getExtraQueryParams === undefined) {
|
|
151
|
+
break add_extra_query_params;
|
|
152
|
+
}
|
|
153
|
+
var extraQueryParams = getExtraQueryParams({ isSilent: true, url: url });
|
|
154
|
+
try {
|
|
155
|
+
for (var _b = __values(Object.entries(extraQueryParams)), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
156
|
+
var _d = __read(_c.value, 2), name_1 = _d[0], value = _d[1];
|
|
157
|
+
if (value === undefined) {
|
|
158
|
+
continue;
|
|
159
|
+
}
|
|
160
|
+
url = (0, urlSearchParams_1.addOrUpdateSearchParam)({ url: url, name: name_1, value: value, encodeMethod: "www-form" });
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
catch (e_1_1) { e_1 = { error: e_1_1 }; }
|
|
164
|
+
finally {
|
|
165
|
+
try {
|
|
166
|
+
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
|
|
167
|
+
}
|
|
168
|
+
finally { if (e_1) throw e_1.error; }
|
|
138
169
|
}
|
|
139
|
-
url = (0, urlSearchParams_1.addOrUpdateSearchParam)({ url: url, name: name_1, value: value, encodeMethod: "www-form" });
|
|
140
170
|
}
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
171
|
+
apply_transform_url: {
|
|
172
|
+
if (transformUrlBeforeRedirect === undefined) {
|
|
173
|
+
break apply_transform_url;
|
|
174
|
+
}
|
|
175
|
+
url = transformUrlBeforeRedirect({ authorizationUrl: url, isSilent: true });
|
|
176
|
+
}
|
|
177
|
+
return url;
|
|
178
|
+
};
|
|
179
|
+
oidcClientTsUserManager
|
|
180
|
+
.signinSilent({
|
|
181
|
+
state: (0, tsafe_1.id)({
|
|
182
|
+
context: "iframe",
|
|
183
|
+
configId: configId
|
|
184
|
+
}),
|
|
185
|
+
silentRequestTimeoutInSeconds: timeoutDelayMs / 1000,
|
|
186
|
+
extraTokenParams: getExtraTokenParams === undefined ? undefined : (0, tsafe_1.noUndefined)(getExtraTokenParams()),
|
|
187
|
+
transformUrl: transformUrl_oidcClientTs
|
|
188
|
+
})
|
|
189
|
+
.then(function (oidcClientTsUser) {
|
|
190
|
+
(0, tsafe_1.assert)(oidcClientTsUser !== null, "oidcClientTsUser is not supposed to be null here");
|
|
191
|
+
clearTimeout(timeout);
|
|
192
|
+
dResult.resolve({
|
|
193
|
+
outcome: "token refreshed using refresh token",
|
|
194
|
+
oidcClientTsUser: oidcClientTsUser
|
|
195
|
+
});
|
|
196
|
+
}, function (error) {
|
|
197
|
+
if (error.message === "Failed to fetch") {
|
|
198
|
+
// NOTE: If we got an error here it means that the fetch to the
|
|
199
|
+
// well-known oidc endpoint failed.
|
|
200
|
+
// This usually means that the server is down or that the issuerUri
|
|
201
|
+
// is not pointing to a valid oidc server.
|
|
202
|
+
// It could be a CORS error on the well-known endpoint but it's unlikely.
|
|
203
|
+
clearTimeout(timeout);
|
|
204
|
+
dResult.resolve({
|
|
205
|
+
outcome: "failure",
|
|
206
|
+
cause: "can't reach well-known oidc endpoint"
|
|
207
|
+
});
|
|
208
|
+
return;
|
|
146
209
|
}
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
}
|
|
150
|
-
apply_transform_url: {
|
|
151
|
-
if (transformUrlBeforeRedirect === undefined) {
|
|
152
|
-
break apply_transform_url;
|
|
153
|
-
}
|
|
154
|
-
url = transformUrlBeforeRedirect({ authorizationUrl: url, isSilent: true });
|
|
155
|
-
}
|
|
156
|
-
return url;
|
|
157
|
-
};
|
|
158
|
-
oidcClientTsUserManager
|
|
159
|
-
.signinSilent({
|
|
160
|
-
state: (0, tsafe_1.id)({
|
|
161
|
-
context: "iframe",
|
|
162
|
-
configId: configId
|
|
163
|
-
}),
|
|
164
|
-
silentRequestTimeoutInSeconds: timeoutDelayMs / 1000,
|
|
165
|
-
extraTokenParams: getExtraTokenParams === undefined ? undefined : (0, tsafe_1.noUndefined)(getExtraTokenParams()),
|
|
166
|
-
transformUrl: transformUrl_oidcClientTs
|
|
167
|
-
})
|
|
168
|
-
.then(function (oidcClientTsUser) {
|
|
169
|
-
(0, tsafe_1.assert)(oidcClientTsUser !== null, "oidcClientTsUser is not supposed to be null here");
|
|
170
|
-
clearTimeout(timeout);
|
|
171
|
-
dResult.resolve({
|
|
172
|
-
outcome: "token refreshed using refresh token",
|
|
173
|
-
oidcClientTsUser: oidcClientTsUser
|
|
174
|
-
});
|
|
175
|
-
}, function (error) {
|
|
176
|
-
if (error.message === "Failed to fetch") {
|
|
177
|
-
// NOTE: If we got an error here it means that the fetch to the
|
|
178
|
-
// well-known oidc endpoint failed.
|
|
179
|
-
// This usually means that the server is down or that the issuerUri
|
|
180
|
-
// is not pointing to a valid oidc server.
|
|
181
|
-
// It could be a CORS error on the well-known endpoint but it's unlikely.
|
|
182
|
-
clearTimeout(timeout);
|
|
183
|
-
dResult.resolve({
|
|
184
|
-
outcome: "failure",
|
|
185
|
-
cause: "can't reach well-known oidc endpoint"
|
|
210
|
+
// NOTE: Here, except error on our understanding there can't be any other
|
|
211
|
+
// error than timeout so we fail silently and let the timeout expire.
|
|
186
212
|
});
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
}
|
|
196
|
-
});
|
|
197
|
-
return [2 /*return*/, dResult.pr];
|
|
213
|
+
dResult.pr.then(function (result) {
|
|
214
|
+
clearSessionStoragePublicKey();
|
|
215
|
+
if (result.outcome === "failure") {
|
|
216
|
+
(0, StateData_1.clearStateStore)({ stateQueryParamValue: stateQueryParamValue_instance });
|
|
217
|
+
}
|
|
218
|
+
});
|
|
219
|
+
return [2 /*return*/, dResult.pr];
|
|
220
|
+
}
|
|
198
221
|
});
|
|
199
222
|
});
|
|
200
223
|
}
|