oidc-spa 7.1.9 → 7.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/core/createOidc.js +1 -1
  2. package/core/iframeMessageProtection.js +6 -5
  3. package/core/iframeMessageProtection.js.map +1 -1
  4. package/package.json +1 -1
  5. package/src/core/iframeMessageProtection.ts +4 -3
package/core/createOidc.js CHANGED
@@ -125,7 +125,7 @@ var trustedFetch_1 = require("./trustedFetch");
125
125
  var getIsOnline_1 = require("../tools/getIsOnline");
126
126
  (0, handleOidcCallback_1.handleOidcCallback)();
127
127
  // NOTE: Replaced at build time
128
- var VERSION = "7.1.9";
128
+ var VERSION = "7.1.10";
129
129
  var globalContext = {
130
130
  prOidcByConfigId: new Map(),
131
131
  hasLogoutBeenCalled: (0, tsafe_1.id)(false),
package/core/iframeMessageProtection.js CHANGED
@@ -39,23 +39,24 @@ Object.defineProperty(exports, "__esModule", { value: true });
39
39
  exports.preventSessionStorageSetItemOfPublicKeyByThirdParty = preventSessionStorageSetItemOfPublicKeyByThirdParty;
40
40
  exports.initIframeMessageProtection = initIframeMessageProtection;
41
41
  exports.encryptAuthResponse = encryptAuthResponse;
42
- var assert_1 = require("tsafe/assert");
42
+ var tsafe_1 = require("../vendor/frontend/tsafe");
43
43
  var asymmetricEncryption_1 = require("../tools/asymmetricEncryption");
44
+ var sessionStorage_original = window.sessionStorage;
44
45
  var setItem_real = Storage.prototype.setItem;
45
46
  var SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
46
47
  function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
47
48
  var setItem_protected = function setItem(key, value) {
48
- if (this !== sessionStorage) {
49
+ if (this !== sessionStorage_original) {
49
50
  return setItem_real.call(this, key, value);
50
51
  }
51
52
  if (key.startsWith(SESSION_STORAGE_PREFIX)) {
52
53
  throw new Error("Attack prevented by oidc-spa. You have malicious code running in your system");
53
54
  }
54
- return setItem_real.call(sessionStorage, key, value);
55
+ return setItem_real.call(sessionStorage_original, key, value);
55
56
  };
56
57
  {
57
58
  var pd = Object.getOwnPropertyDescriptor(Storage.prototype, "setItem");
58
- (0, assert_1.assert)(pd !== undefined);
59
+ (0, tsafe_1.assert)(pd !== undefined);
59
60
  Object.defineProperty(Storage.prototype, "setItem", {
60
61
  enumerable: pd.enumerable,
61
62
  writable: pd.writable,
@@ -119,7 +120,7 @@ function encryptAuthResponse(params) {
119
120
  case 0:
120
121
  authResponse = params.authResponse;
121
122
  publicKey = sessionStorage.getItem(getSessionStorageKey({ stateQueryParamValue: authResponse.state }));
122
- (0, assert_1.assert)(publicKey !== null, "2293302");
123
+ (0, tsafe_1.assert)(publicKey !== null, "2293302");
123
124
  return [4 /*yield*/, (0, asymmetricEncryption_1.asymmetricEncrypt)({
124
125
  publicKey: publicKey,
125
126
  message: JSON.stringify(authResponse)
package/core/iframeMessageProtection.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAQA,kHA0BC;AAUD,kEAmCC;AAED,kDAiBC;AAlGD,uCAAsC;AACtC,sEAAmG;AAGnG,IAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;AAE/C,IAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,SAAgB,mDAAmD;IAC/D,IAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC1B,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACzD,CAAC,CAAC;IAEF,CAAC;QACG,IAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,IAAA,eAAM,EAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,IAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,oBAAoB,CAAC,MAAwC;IAC1D,IAAA,oBAAoB,GAAK,MAAM,qBAAX,CAAY;IAExC,OAAO,UAAG,sBAAsB,SAAG,oBAAoB,CAAE,CAAC;AAC9D,CAAC;AAED,SAAsB,2BAA2B,CAAC,MAAwC;;QAStF,SAAS,0BAA0B,CAAC,MAA4B;YACpD,IAAA,OAAO,GAAK,MAAM,QAAX,CAAY;YAE3B,OAAO,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,CAAC,+BAA+B,CAAC,CAAC;QAC9F,CAAC;QAED,SAAe,mBAAmB,CAAC,MAElC;;;;;;4BACW,qBAAqB,GAAK,MAAM,sBAAX,CAAY;4BAEH,qBAAM,IAAA,wCAAiB,EAAC;oCAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CAAC,+BAA+B,CAAC,MAAM,CAAC;oCACrF,UAAU,YAAA;iCACb,CAAC,EAAA;;4BAHe,gBAAgB,GAAK,CAAA,SAGpC,CAAA,QAH+B;4BAK3B,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;4BAEhE,sBAAO,EAAE,YAAY,cAAA,EAAE,EAAC;;;;SAC3B;QAED,SAAS,4BAA4B;YACjC,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QACjD,CAAC;;;;;oBA/BO,oBAAoB,GAAK,MAAM,qBAAX,CAAY;oBAEN,qBAAM,IAAA,mCAAY,GAAE,EAAA;;oBAAhD,KAA4B,SAAoB,EAA9C,SAAS,eAAA,EAAE,UAAU,gBAAA;oBAEvB,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,oBAAoB,sBAAA,EAAE,CAAC,CAAC;oBAEzE,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;oBA2BhE,sBAAO,EAAE,0BAA0B,4BAAA,EAAE,mBAAmB,qBAAA,EAAE,4BAA4B,8BAAA,EAAE,EAAC;;;;CAC5F;AAED,SAAsB,mBAAmB,CAAC,MAAsC;;;;;;oBACpE,YAAY,GAAK,MAAM,aAAX,CAAY;oBAE1B,SAAS,GAAG,cAAc,CAAC,OAAO,CACpC,oBAAoB,CAAC,EAAE,oBAAoB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CACrE,CAAC;oBAEF,IAAA,eAAM,EAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;oBAEuB,qBAAM,IAAA,wCAAiB,EAAC;4BACjF,SAAS,WAAA;4BACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;yBACxC,CAAC,EAAA;;oBAHwB,8BAA8B,GAAK,CAAA,SAG3D,CAAA,iBAHsD;oBAKlD,gBAAgB,GAAG,UAAG,+BAA+B,SAAG,8BAA8B,CAAE,CAAC;oBAE/F,sBAAO,EAAE,gBAAgB,kBAAA,EAAE,EAAC;;;;CAC/B"}
1
+ {"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASA,kHA0BC;AAUD,kEAmCC;AAED,kDAiBC;AAnGD,kDAAkD;AAClD,sEAAmG;AAGnG,IAAM,uBAAuB,GAAG,MAAM,CAAC,cAAc,CAAC;AACtD,IAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;AAE/C,IAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,SAAgB,mDAAmD;IAC/D,IAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YACnC,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAClE,CAAC,CAAC;IAEF,CAAC;QACG,IAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,IAAA,cAAM,EAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,IAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,oBAAoB,CAAC,MAAwC;IAC1D,IAAA,oBAAoB,GAAK,MAAM,qBAAX,CAAY;IAExC,OAAO,UAAG,sBAAsB,SAAG,oBAAoB,CAAE,CAAC;AAC9D,CAAC;AAED,SAAsB,2BAA2B,CAAC,MAAwC;;QAStF,SAAS,0BAA0B,CAAC,MAA4B;YACpD,IAAA,OAAO,GAAK,MAAM,QAAX,CAAY;YAE3B,OAAO,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,CAAC,+BAA+B,CAAC,CAAC;QAC9F,CAAC;QAED,SAAe,mBAAmB,CAAC,MAElC;;;;;;4BACW,qBAAqB,GAAK,MAAM,sBAAX,CAAY;4BAEH,qBAAM,IAAA,wCAAiB,EAAC;oCAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CAAC,+BAA+B,CAAC,MAAM,CAAC;oCACrF,UAAU,YAAA;iCACb,CAAC,EAAA;;4BAHe,gBAAgB,GAAK,CAAA,SAGpC,CAAA,QAH+B;4BAK3B,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;4BAEhE,sBAAO,EAAE,YAAY,cAAA,EAAE,EAAC;;;;SAC3B;QAED,SAAS,4BAA4B;YACjC,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QACjD,CAAC;;;;;oBA/BO,oBAAoB,GAAK,MAAM,qBAAX,CAAY;oBAEN,qBAAM,IAAA,mCAAY,GAAE,EAAA;;oBAAhD,KAA4B,SAAoB,EAA9C,SAAS,eAAA,EAAE,UAAU,gBAAA;oBAEvB,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,oBAAoB,sBAAA,EAAE,CAAC,CAAC;oBAEzE,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;oBA2BhE,sBAAO,EAAE,0BAA0B,4BAAA,EAAE,mBAAmB,qBAAA,EAAE,4BAA4B,8BAAA,EAAE,EAAC;;;;CAC5F;AAED,SAAsB,mBAAmB,CAAC,MAAsC;;;;;;oBACpE,YAAY,GAAK,MAAM,aAAX,CAAY;oBAE1B,SAAS,GAAG,cAAc,CAAC,OAAO,CACpC,oBAAoB,CAAC,EAAE,oBAAoB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CACrE,CAAC;oBAEF,IAAA,cAAM,EAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;oBAEuB,qBAAM,IAAA,wCAAiB,EAAC;4BACjF,SAAS,WAAA;4BACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;yBACxC,CAAC,EAAA;;oBAHwB,8BAA8B,GAAK,CAAA,SAG3D,CAAA,iBAHsD;oBAKlD,gBAAgB,GAAG,UAAG,+BAA+B,SAAG,8BAA8B,CAAE,CAAC;oBAE/F,sBAAO,EAAE,gBAAgB,kBAAA,EAAE,EAAC;;;;CAC/B"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "oidc-spa",
3
- "version": "7.1.9",
3
+ "version": "7.1.10",
4
4
  "description": "Openidconnect client for Single Page Applications",
5
5
  "repository": {
6
6
  "type": "git",
package/src/core/iframeMessageProtection.ts CHANGED
@@ -1,14 +1,15 @@
1
- import { assert } from "tsafe/assert";
1
+ import { assert } from "../vendor/frontend/tsafe";
2
2
  import { asymmetricEncrypt, asymmetricDecrypt, generateKeys } from "../tools/asymmetricEncryption";
3
3
  import { type AuthResponse } from "./AuthResponse";
4
4
 
5
+ const sessionStorage_original = window.sessionStorage;
5
6
  const setItem_real = Storage.prototype.setItem;
6
7
 
7
8
  const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
8
9
 
9
10
  export function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
10
11
  const setItem_protected = function setItem(this: any, key: string, value: string): void {
11
- if (this !== sessionStorage) {
12
+ if (this !== sessionStorage_original) {
12
13
  return setItem_real.call(this, key, value);
13
14
  }
14
15
 
@@ -18,7 +19,7 @@ export function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
18
19
  );
19
20
  }
20
21
 
21
- return setItem_real.call(sessionStorage, key, value);
22
+ return setItem_real.call(sessionStorage_original, key, value);
22
23
  };
23
24
 
24
25
  {