oidc-spa 8.1.7 → 8.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/createOidc.js +1 -1
- package/core/earlyInit.js +5 -0
- package/core/earlyInit.js.map +1 -1
- package/core/iframeMessageProtection.d.ts +2 -0
- package/core/iframeMessageProtection.js +24 -9
- package/core/iframeMessageProtection.js.map +1 -1
- package/core/loginSilent.js +2 -1
- package/core/loginSilent.js.map +1 -1
- package/esm/core/createOidc.js +1 -1
- package/esm/core/earlyInit.js +6 -1
- package/esm/core/earlyInit.js.map +1 -1
- package/esm/core/iframeMessageProtection.d.ts +2 -0
- package/esm/core/iframeMessageProtection.js +23 -9
- package/esm/core/iframeMessageProtection.js.map +1 -1
- package/esm/core/loginSilent.js +2 -1
- package/esm/core/loginSilent.js.map +1 -1
- package/esm/tools/isBrowser.d.ts +1 -0
- package/esm/tools/isBrowser.js +4 -0
- package/esm/tools/isBrowser.js.map +1 -0
- package/package.json +1 -1
- package/src/core/earlyInit.ts +8 -0
- package/src/core/iframeMessageProtection.ts +38 -10
- package/src/core/loginSilent.ts +3 -0
- package/src/tools/isBrowser.ts +4 -0
- package/tools/isBrowser.d.ts +1 -0
- package/tools/isBrowser.js +7 -0
- package/tools/isBrowser.js.map +1 -0
package/core/createOidc.js
CHANGED
|
@@ -65,7 +65,7 @@ const isKeycloak_1 = require("../keycloak/isKeycloak");
|
|
|
65
65
|
const INFINITY_TIME_1 = require("../tools/INFINITY_TIME");
|
|
66
66
|
const getIsValidRemoteJson_1 = require("../tools/getIsValidRemoteJson");
|
|
67
67
|
// NOTE: Replaced at build time
|
|
68
|
-
const VERSION = "8.1.
|
|
68
|
+
const VERSION = "8.1.8";
|
|
69
69
|
const globalContext = {
|
|
70
70
|
prOidcByConfigId: new Map(),
|
|
71
71
|
hasLogoutBeenCalled: (0, id_1.id)(false),
|
package/core/earlyInit.js
CHANGED
|
@@ -6,12 +6,17 @@ exports.getRootRelativeOriginalLocationHref = getRootRelativeOriginalLocationHre
|
|
|
6
6
|
const StateData_1 = require("./StateData");
|
|
7
7
|
const assert_1 = require("../tools/tsafe/assert");
|
|
8
8
|
const iframeMessageProtection_1 = require("./iframeMessageProtection");
|
|
9
|
+
const isBrowser_1 = require("../tools/isBrowser");
|
|
9
10
|
let hasEarlyInitBeenCalled = false;
|
|
10
11
|
function oidcEarlyInit(params) {
|
|
11
12
|
if (hasEarlyInitBeenCalled) {
|
|
12
13
|
throw new Error("oidc-spa: oidcEarlyInit() Should be called only once");
|
|
13
14
|
}
|
|
14
15
|
hasEarlyInitBeenCalled = true;
|
|
16
|
+
if (!isBrowser_1.isBrowser) {
|
|
17
|
+
return { shouldLoadApp: true };
|
|
18
|
+
}
|
|
19
|
+
(0, iframeMessageProtection_1.captureApisForIframeProtection)();
|
|
15
20
|
const { freezeFetch, freezeXMLHttpRequest, freezeWebSocket = false } = params ?? {};
|
|
16
21
|
const { shouldLoadApp } = handleOidcCallback();
|
|
17
22
|
if (shouldLoadApp) {
|
package/core/earlyInit.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"earlyInit.js","sourceRoot":"","sources":["../src/core/earlyInit.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"earlyInit.js","sourceRoot":"","sources":["../src/core/earlyInit.ts"],"names":[],"mappings":";;AAYA,sCAqEC;AAID,0DAoBC;AAID,kFAGC;AAhHD,2CAAqE;AACrE,kDAA4D;AAE5D,uEAImC;AACnC,kDAA+C;AAE/C,IAAI,sBAAsB,GAAG,KAAK,CAAC;AAEnC,SAAgB,aAAa,CAAC,MAM7B;IACG,IAAI,sBAAsB,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC5E,CAAC;IAED,sBAAsB,GAAG,IAAI,CAAC;IAE9B,IAAI,CAAC,qBAAS,EAAE,CAAC;QACb,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,IAAA,wDAA8B,GAAE,CAAC;IAEjC,MAAM,EAAE,WAAW,EAAE,oBAAoB,EAAE,eAAe,GAAG,KAAK,EAAE,GAAG,MAAM,IAAI,EAAE,CAAC;IAEpF,MAAM,EAAE,aAAa,EAAE,GAAG,kBAAkB,EAAE,CAAC;IAE/C,IAAI,aAAa,EAAE,CAAC;QAChB,IAAI,oBAAoB,EAAE,CAAC;YACvB,MAAM,sBAAsB,GAAG,UAAU,CAAC,cAAc,CAAC;YAEzD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAEtC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,gBAAgB,EAAE;gBAChD,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,sBAAsB;aAChC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC;YAEvC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAE7B,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,OAAO,EAAE;gBACvC,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,aAAa;aACvB,CAAC,CAAC;QACP,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,iBAAiB,GAAG,UAAU,CAAC,SAAS,CAAC;YAE/C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAEjC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,WAAW,EAAE;gBAC3C,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,iBAAiB;aAC3B,CAAC,CAAC;QACP,CAAC;QAED,IAAA,6EAAmD,GAAE,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,CAAC;AAC7B,CAAC;AAED,IAAI,oBAAoB,GAA6B,SAAS,CAAC;AAE/D,SAAgB,uBAAuB;IAGnC,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACX;YACI,uBAAuB;YACvB,gCAAgC;YAChC,oEAAoE;SACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IACN,CAAC;IACD,OAAO,oBAAoB,KAAK,SAAS;QACrC,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE;QAC7B,CAAC,CAAC;YACI,YAAY,EAAE,oBAAoB;YAClC,iBAAiB,EAAE,GAAG,EAAE;gBACpB,oBAAoB,GAAG,SAAS,CAAC;YACrC,CAAC;SACJ,CAAC;AACZ,CAAC;AAED,IAAI,gCAAgC,GAAuB,SAAS,CAAC;AAErE,SAAgB,mCAAmC;IAC/C,IAAA,eAAM,EAAC,gCAAgC,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;IACjE,OAAO,gCAAgC,CAAC;AAC5C,CAAC;AAED,SAAS,kBAAkB;IACvB,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAEtD,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,CAAC;YACP,MAAM,kBAAkB,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CACtF,OAAO,CACV,CAAC;YAEF,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,IAAI,CAAC,IAAA,oCAAwB,EAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAW,CAAC;QAC7E,CAAC;QAED,KAAK,EAAE,CAAC;YACJ,MAAM,kBAAkB,GAAG,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAErE,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IAAI,CAAC,IAAA,oCAAwB,EAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IACI,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,IAAI;gBACtD,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,IAAI;gBAC1D,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,IAAI,EAC3D,CAAC;gBACC,mFAAmF;gBACnF,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAW,CAAC;QAC1E,CAAC;QAED,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAW,CAAC;IACpD,CAAC,CAAC,EAAE,CAAC;IAEL,IAAI,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,CAAC;QAC/C,gCAAgC,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC7F,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,gCAAgC,GAAG,eAAe,CAAC,QAAQ,CAAC;IAE5D,MAAM,EAAE,YAAY,EAAE,GAAG,CAAC,GAAG,EAAE;QAC3B,MAAM,YAAY,GAAiB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAEjD,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;YACvB,QAAQ,sBAAsB,CAAC,YAAY,EAAE,CAAC;gBAC1C,KAAK,UAAU;oBACX,OAAO,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;gBACvE,KAAK,OAAO;oBACR,OAAO,eAAe,CAAC,YAAY,CAAC;gBACxC;oBACI,IAAA,eAAM,EAA+C,KAAK,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC9B,CAAC;QAED,IAAA,eAAM,EAAC,YAAY,CAAC,KAAK,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;QAE5C,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;IAE3E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAC/D,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,QAAQ,SAAS,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,QAAQ;YACT,IAAA,2DAAiC,EAAC,EAAE,YAAY,EAAE,CAAC,CAAC;YACpD,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;QACpC,KAAK,UAAU,CAAC,CAAC,CAAC;YACd,oBAAoB,GAAG,YAAY,CAAC;YAEpC,MAAM,uBAAuB,GAAG,CAAC,GAAG,EAAE;gBAClC,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;oBAC5E,OAAO,SAAS,CAAC,2CAA2C,CAAC;gBACjE,CAAC;gBACD,OAAO,SAAS,CAAC,uBAAuB,CAAC;YAC7C,CAAC,CAAC,EAAE,CAAC;YAEL,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,uBAAuB,CAAC,CAAC;YAEtD,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QACnC,CAAC;QACD;YACI,IAAA,eAAM,EAAkC,KAAK,CAAC,CAAC;IACvD,CAAC;AACL,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { type AuthResponse } from "./AuthResponse";
|
|
2
|
+
export declare function captureApisForIframeProtection(): void;
|
|
2
3
|
export declare function preventSessionStorageSetItemOfPublicKeyByThirdParty(): void;
|
|
3
4
|
declare function getIsEncryptedAuthResponse(params: {
|
|
4
5
|
message: unknown;
|
|
@@ -12,6 +13,7 @@ export declare function initIframeMessageProtection(params: {
|
|
|
12
13
|
stateUrlParamValue: string;
|
|
13
14
|
}): Promise<{
|
|
14
15
|
getIsReadyToReadPublicKeyMessage: typeof getIsReadyToReadPublicKeyMessage;
|
|
16
|
+
startSessionStoragePublicKeyMaliciousWriteDetection: () => void;
|
|
15
17
|
setSessionStoragePublicKey: () => void;
|
|
16
18
|
getIsEncryptedAuthResponse: typeof getIsEncryptedAuthResponse;
|
|
17
19
|
decodeEncryptedAuth: (params: {
|
|
@@ -1,21 +1,28 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.captureApisForIframeProtection = captureApisForIframeProtection;
|
|
3
4
|
exports.preventSessionStorageSetItemOfPublicKeyByThirdParty = preventSessionStorageSetItemOfPublicKeyByThirdParty;
|
|
4
5
|
exports.initIframeMessageProtection = initIframeMessageProtection;
|
|
5
6
|
exports.postEncryptedAuthResponseToParent = postEncryptedAuthResponseToParent;
|
|
6
7
|
const assert_1 = require("../tools/tsafe/assert");
|
|
7
8
|
const asymmetricEncryption_1 = require("../tools/asymmetricEncryption");
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
let capturedApis = undefined;
|
|
10
|
+
function captureApisForIframeProtection() {
|
|
11
|
+
capturedApis = {
|
|
12
|
+
setItem: Storage.prototype.setItem,
|
|
13
|
+
sessionStorage: window.sessionStorage,
|
|
14
|
+
setTimeout: window.setTimeout,
|
|
15
|
+
alert: window.alert
|
|
16
|
+
};
|
|
17
|
+
}
|
|
12
18
|
const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
13
19
|
function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
14
20
|
const setItem_protected = function setItem(key, value) {
|
|
15
21
|
if (key.startsWith(SESSION_STORAGE_PREFIX)) {
|
|
16
22
|
throw new Error("Attack prevented by oidc-spa. You have malicious code running in your system");
|
|
17
23
|
}
|
|
18
|
-
|
|
24
|
+
(0, assert_1.assert)(capturedApis !== undefined);
|
|
25
|
+
return capturedApis.setItem.call(this, key, value);
|
|
19
26
|
};
|
|
20
27
|
{
|
|
21
28
|
const pd = Object.getOwnPropertyDescriptor(Storage.prototype, "setItem");
|
|
@@ -51,12 +58,19 @@ async function initIframeMessageProtection(params) {
|
|
|
51
58
|
const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
|
|
52
59
|
let timer = undefined;
|
|
53
60
|
function setSessionStoragePublicKey() {
|
|
54
|
-
|
|
61
|
+
(0, assert_1.assert)(capturedApis !== undefined);
|
|
62
|
+
const { setItem } = capturedApis;
|
|
63
|
+
setItem.call(capturedApis.sessionStorage, sessionStorageKey, publicKey);
|
|
64
|
+
}
|
|
65
|
+
function startSessionStoragePublicKeyMaliciousWriteDetection() {
|
|
66
|
+
setSessionStoragePublicKey();
|
|
67
|
+
(0, assert_1.assert)(capturedApis !== undefined);
|
|
68
|
+
const { alert, setTimeout } = capturedApis;
|
|
55
69
|
const checkTimeoutCallback = () => {
|
|
56
70
|
if (sessionStorage.getItem(sessionStorageKey) !== publicKey) {
|
|
57
71
|
while (true) {
|
|
58
|
-
|
|
59
|
-
"⚠️
|
|
72
|
+
alert([
|
|
73
|
+
"⚠️ Security Alert:",
|
|
60
74
|
"oidc-spa detected an attack attempt.",
|
|
61
75
|
"For your safety, please close this tab immediately",
|
|
62
76
|
"and notify the site administrator."
|
|
@@ -66,7 +80,7 @@ async function initIframeMessageProtection(params) {
|
|
|
66
80
|
check();
|
|
67
81
|
};
|
|
68
82
|
function check() {
|
|
69
|
-
timer =
|
|
83
|
+
timer = setTimeout(checkTimeoutCallback, 5);
|
|
70
84
|
}
|
|
71
85
|
check();
|
|
72
86
|
}
|
|
@@ -85,6 +99,7 @@ async function initIframeMessageProtection(params) {
|
|
|
85
99
|
}
|
|
86
100
|
return {
|
|
87
101
|
getIsReadyToReadPublicKeyMessage,
|
|
102
|
+
startSessionStoragePublicKeyMaliciousWriteDetection,
|
|
88
103
|
setSessionStoragePublicKey,
|
|
89
104
|
getIsEncryptedAuthResponse,
|
|
90
105
|
decodeEncryptedAuth,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;AAaA,wEAOC;AAID,kHAwBC;AA6BD,kEA6EC;AAED,8EA4BC;AAxLD,kDAA+C;AAC/C,wEAAmG;AAGnG,IAAI,YAAY,GAOE,SAAS,CAAC;AAE5B,SAAgB,8BAA8B;IAC1C,YAAY,GAAG;QACX,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,OAAO;QAClC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;KACtB,CAAC;AACN,CAAC;AAED,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,SAAgB,mDAAmD;IAC/D,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACvD,CAAC,CAAC;IAEF,CAAC;QACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,IAAA,eAAM,EAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,0BAA0B,CAAC,MAAwD;IACxF,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAE/C,OAAO,CACH,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,kBAAkB,EAAE,CAAC,CAChF,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,MAAsC;IAC3D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IACtC,OAAO,oCAAoC,kBAAkB,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,gCAAgC,CAAC,MAAwD;IAC9F,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAC/C,OAAO,OAAO,KAAK,eAAe,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAC/D,CAAC;AAEM,KAAK,UAAU,2BAA2B,CAAC,MAAsC;IACpF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,mCAAY,GAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,IAAI,KAAK,GAAuB,SAAS,CAAC;IAE1C,SAAS,0BAA0B;QAC/B,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;QAEjC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAC5E,CAAC;IAED,SAAS,mDAAmD;QACxD,0BAA0B,EAAE,CAAC;QAE7B,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,YAAY,CAAC;QAE3C,MAAM,oBAAoB,GAAG,GAAG,EAAE;YAC9B,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC1D,OAAO,IAAI,EAAE,CAAC;oBACV,KAAK,CACD;wBACI,oBAAoB;wBACpB,sCAAsC;wBACtC,oDAAoD;wBACpD,oCAAoC;qBACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACN,CAAC;YACL,CAAC;YACD,KAAK,EAAE,CAAC;QACZ,CAAC,CAAC;QAEF,SAAS,KAAK;YACV,KAAK,GAAG,UAAU,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC;QAED,KAAK,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAElC;QACG,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAAC;QAEzC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAA,wCAAiB,EAAC;YAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CACzC,+BAA+B,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CACrE;YACD,UAAU;SACb,CAAC,CAAC;QAEH,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEhE,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,4BAA4B;QACjC,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC7C,YAAY,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC;IAED,OAAO;QACH,gCAAgC;QAChC,mDAAmD;QACnD,0BAA0B;QAC1B,0BAA0B;QAC1B,mBAAmB;QACnB,4BAA4B;KAC/B,CAAC;AACN,CAAC;AAEM,KAAK,UAAU,iCAAiC,CAAC,MAAsC;IAC1F,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEhC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEjG,MAAM,aAAa,GAAG,GAAG,EAAE,CACvB,cAAc,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE7F,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,OAAO,aAAa,EAAE,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAElC,IAAA,eAAM,EAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;IAEtC,MAAM,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,GAAG,MAAM,IAAA,wCAAiB,EAAC;QACjF,SAAS;QACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,GAAG,+BAA+B,GAAG,YAAY,CAAC,KAAK,GAAG,8BAA8B,EAAE,CAAC;IAEpH,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC"}
|
package/core/loginSilent.js
CHANGED
|
@@ -36,7 +36,7 @@ async function loginSilent(params) {
|
|
|
36
36
|
const dynamicDelay = rtt * 2.5 + BASE_DELAY_MS / (downlink + 1);
|
|
37
37
|
return Math.max(BASE_DELAY_MS, dynamicDelay);
|
|
38
38
|
})();
|
|
39
|
-
const { getIsReadyToReadPublicKeyMessage, setSessionStoragePublicKey, decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } = await (0, iframeMessageProtection_1.initIframeMessageProtection)({
|
|
39
|
+
const { getIsReadyToReadPublicKeyMessage, startSessionStoragePublicKeyMaliciousWriteDetection, setSessionStoragePublicKey, decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } = await (0, iframeMessageProtection_1.initIframeMessageProtection)({
|
|
40
40
|
stateUrlParamValue: stateUrlParamValue_instance
|
|
41
41
|
});
|
|
42
42
|
let clearTimeouts;
|
|
@@ -132,6 +132,7 @@ async function loginSilent(params) {
|
|
|
132
132
|
}
|
|
133
133
|
return url;
|
|
134
134
|
};
|
|
135
|
+
startSessionStoragePublicKeyMaliciousWriteDetection();
|
|
135
136
|
oidcClientTsUserManager
|
|
136
137
|
.signinSilent({
|
|
137
138
|
state: (0, id_1.id)({
|
package/core/loginSilent.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/core/loginSilent.ts"],"names":[],"mappings":";;AA8BA,
|
|
1
|
+
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/core/loginSilent.ts"],"names":[],"mappings":";;AA8BA,kCAsQC;AAhSD,gDAA6C;AAC7C,kDAA+C;AAC/C,0CAAuC;AACvC,4DAAyD;AACzD,2CAA4E;AAC5E,kEAA+D;AAC/D,0CAA0C;AAE1C,8DAAkE;AAClE,uEAAwE;AACxE,sDAAmD;AAgB5C,KAAK,UAAU,WAAW,CAAC,MAgBjC;IACG,MAAM,EACF,uBAAuB,EACvB,2BAA2B,EAC3B,QAAQ,EACR,0BAA0B,EAC1B,mBAAmB,EACnB,mBAAmB,EACnB,SAAS,EACT,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,kBAAkB,EAAE,CAAC;QACjB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,IAAA,yBAAW,GAAE,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,kBAAkB,CAAC;QAC7B,CAAC;QACD,GAAG,EAAE,CAAC,wFAAwF,CAAC,CAAC;QAChG,MAAM,QAAQ,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,mBAAQ,EAAuB,CAAC;IAEpD,MAAM,cAAc,GAAW,CAAC,GAAG,EAAE;QACjC,MAAM,KAAK,GAAG,IAAA,gBAAQ,GAAE,CAAC;QAEzB,MAAM,cAAc,GAAG,IAAA,qCAAiB,GAAE,CAAC;QAE3C,6DAA6D;QAC7D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,IAAK,CAAC;QAEjE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC;QACzB,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,cAAc,CAAC;QAEzC,oDAAoD;QACpD,8CAA8C;QAC9C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,EACF,gCAAgC,EAChC,mDAAmD,EACnD,0BAA0B,EAC1B,mBAAmB,EACnB,0BAA0B,EAC1B,4BAA4B,EAC/B,GAAG,MAAM,IAAA,qDAA2B,EAAC;QAClC,kBAAkB,EAAE,2BAA2B;KAClD,CAAC,CAAC;IAEH,IAAI,aAAwD,CAAC;IAC7D,CAAC;QACG,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,QAAQ,GAAG;YACb,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACnB,CAAC,CAAC;YACP,CAAC,EAAE,cAAc,CAAC;YAClB,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,IAAI,CACR;oBACI,+DAA+D;oBAC/D,2CAA2C;oBAC3C,WAAW,IAAI,CAAC,KAAK,CACjB,cAAc,GAAG,IAAK,CACzB,sCAAsC;oBACvC,yFAAyF;iBAC5F,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACF,uBAAuB,GAAG,IAAI,CAAC;YACnC,CAAC,EAAE,IAAK,CAAC;SACZ,CAAC;QAEF,aAAa,GAAG,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE;YAC/B,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC/B,IAAI,UAAU,IAAI,uBAAuB,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CACP;oBACI,iEAAiE;oBACjE,6CAA6C;iBAChD,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;YACN,CAAC;QACL,CAAC,CAAC;IACN,CAAC;IAED,IAAI,QAAuC,CAAC;IAE5C,QAAQ,GAAG,KAAK,EAAE,KAAmB,EAAE,EAAE;QACrC,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO;QACX,CAAC;QAED,IACI,CAAC,gCAAgC,CAAC;YAC9B,kBAAkB,EAAE,2BAA2B;YAC/C,OAAO,EAAE,KAAK,CAAC,IAAI;SACtB,CAAC,EACJ,CAAC;YACC,OAAO;QACX,CAAC;QAED,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEvD,0BAA0B,EAAE,CAAC;QAE7B,MAAM,sBAAsB,GAAG,IAAI,mBAAQ,EAAU,CAAC;QAEtD,QAAQ,GAAG,KAAK,CAAC,EAAE;YACf,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC1C,OAAO;YACX,CAAC;YAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC;YAE3B,IACI,CAAC,0BAA0B,CAAC;gBACxB,kBAAkB,EAAE,2BAA2B;gBAC/C,OAAO;aACV,CAAC,EACJ,CAAC;gBACC,OAAO;YACX,CAAC;YAED,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhD,sBAAsB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEpD,MAAM,qBAAqB,GAAG,MAAM,sBAAsB,CAAC,EAAE,CAAC;QAE9D,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,mBAAmB,CAAC,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAE9E,MAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;QAE3E,IAAA,eAAM,EAAC,SAAS,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC1C,IAAA,eAAM,EAAC,SAAS,CAAC,OAAO,KAAK,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAA,eAAM,EAAC,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,SAAS,CAAC,CAAC;QAEnD,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,+BAA+B;YACxC,YAAY;SACf,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEpD,MAAM,yBAAyB,GAAG,CAAC,GAAW,EAAE,EAAE;QAC9C,sBAAsB,EAAE,CAAC;YACrB,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACpC,MAAM,sBAAsB,CAAC;YACjC,CAAC;YAED,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YAEtE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACtB,SAAS;gBACb,CAAC;gBACD,GAAG,GAAG,IAAA,wCAAsB,EAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;YACjF,CAAC;QACL,CAAC;QAED,mBAAmB,EAAE,CAAC;YAClB,IAAI,0BAA0B,KAAK,SAAS,EAAE,CAAC;gBAC3C,MAAM,mBAAmB,CAAC;YAC9B,CAAC;YACD,GAAG,GAAG,0BAA0B,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC,CAAC;IAEF,mDAAmD,EAAE,CAAC;IAEtD,uBAAuB;SAClB,YAAY,CAAC;QACV,KAAK,EAAE,IAAA,OAAE,EAAmB;YACxB,OAAO,EAAE,QAAQ;YACjB,QAAQ;SACX,CAAC;QACF,6BAA6B,EAAE,cAAc,GAAG,IAAI;QACpD,gBAAgB,EACZ,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAA,yBAAW,EAAC,mBAAmB,EAAE,CAAC;QACtF,YAAY,EAAE,yBAAyB;KAC1C,CAAC;SACD,IAAI,CACD,gBAAgB,CAAC,EAAE;QACf,IAAA,eAAM,EAAC,gBAAgB,KAAK,IAAI,EAAE,kDAAkD,CAAC,CAAC;QAEtF,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEhD,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,qCAAqC;YAC9C,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC,EACD,CAAC,KAAY,EAAE,EAAE;QACb,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;YACtC,+DAA+D;YAC/D,mCAAmC;YACnC,mEAAmE;YACnE,0CAA0C;YAC1C,yEAAyE;YAEzE,0DAA0D;YAC1D,kEAAkE;YAClE,mEAAmE;YACnE,qBAAqB;YACrB,aAAa,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAErC,OAAO,CAAC,OAAO,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,sCAAsC;aAChD,CAAC,CAAC;YAEH,OAAO;QACX,CAAC;QAED,yEAAyE;QACzE,qEAAqE;IACzE,CAAC,CACJ,CAAC;IAEN,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QACrB,4BAA4B,EAAE,CAAC;QAE/B,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAA,2BAAe,EAAC,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,CAAC,CAAC;QACzE,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC,EAAE,CAAC;AACtB,CAAC"}
|
package/esm/core/createOidc.js
CHANGED
|
@@ -28,7 +28,7 @@ import { isKeycloak } from "../keycloak/isKeycloak";
|
|
|
28
28
|
import { INFINITY_TIME } from "../tools/INFINITY_TIME";
|
|
29
29
|
import { getIsValidRemoteJson } from "../tools/getIsValidRemoteJson";
|
|
30
30
|
// NOTE: Replaced at build time
|
|
31
|
-
const VERSION = "8.1.
|
|
31
|
+
const VERSION = "8.1.8";
|
|
32
32
|
const globalContext = {
|
|
33
33
|
prOidcByConfigId: new Map(),
|
|
34
34
|
hasLogoutBeenCalled: id(false),
|
package/esm/core/earlyInit.js
CHANGED
|
@@ -1,12 +1,17 @@
|
|
|
1
1
|
import { getStateData, getIsStatQueryParamValue } from "./StateData";
|
|
2
2
|
import { assert } from "../tools/tsafe/assert";
|
|
3
|
-
import { postEncryptedAuthResponseToParent, preventSessionStorageSetItemOfPublicKeyByThirdParty } from "./iframeMessageProtection";
|
|
3
|
+
import { captureApisForIframeProtection, postEncryptedAuthResponseToParent, preventSessionStorageSetItemOfPublicKeyByThirdParty } from "./iframeMessageProtection";
|
|
4
|
+
import { isBrowser } from "../tools/isBrowser";
|
|
4
5
|
let hasEarlyInitBeenCalled = false;
|
|
5
6
|
export function oidcEarlyInit(params) {
|
|
6
7
|
if (hasEarlyInitBeenCalled) {
|
|
7
8
|
throw new Error("oidc-spa: oidcEarlyInit() Should be called only once");
|
|
8
9
|
}
|
|
9
10
|
hasEarlyInitBeenCalled = true;
|
|
11
|
+
if (!isBrowser) {
|
|
12
|
+
return { shouldLoadApp: true };
|
|
13
|
+
}
|
|
14
|
+
captureApisForIframeProtection();
|
|
10
15
|
const { freezeFetch, freezeXMLHttpRequest, freezeWebSocket = false } = params ?? {};
|
|
11
16
|
const { shouldLoadApp } = handleOidcCallback();
|
|
12
17
|
if (shouldLoadApp) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"earlyInit.js","sourceRoot":"","sources":["../../src/core/earlyInit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,EAAE,MAAM,EAAe,MAAM,uBAAuB,CAAC;AAE5D,OAAO,EACH,iCAAiC,EACjC,mDAAmD,EACtD,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"earlyInit.js","sourceRoot":"","sources":["../../src/core/earlyInit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,EAAE,MAAM,EAAe,MAAM,uBAAuB,CAAC;AAE5D,OAAO,EACH,8BAA8B,EAC9B,iCAAiC,EACjC,mDAAmD,EACtD,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,IAAI,sBAAsB,GAAG,KAAK,CAAC;AAEnC,MAAM,UAAU,aAAa,CAAC,MAM7B;IACG,IAAI,sBAAsB,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC5E,CAAC;IAED,sBAAsB,GAAG,IAAI,CAAC;IAE9B,IAAI,CAAC,SAAS,EAAE,CAAC;QACb,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,8BAA8B,EAAE,CAAC;IAEjC,MAAM,EAAE,WAAW,EAAE,oBAAoB,EAAE,eAAe,GAAG,KAAK,EAAE,GAAG,MAAM,IAAI,EAAE,CAAC;IAEpF,MAAM,EAAE,aAAa,EAAE,GAAG,kBAAkB,EAAE,CAAC;IAE/C,IAAI,aAAa,EAAE,CAAC;QAChB,IAAI,oBAAoB,EAAE,CAAC;YACvB,MAAM,sBAAsB,GAAG,UAAU,CAAC,cAAc,CAAC;YAEzD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAEtC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,gBAAgB,EAAE;gBAChD,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,sBAAsB;aAChC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC;YAEvC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAE7B,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,OAAO,EAAE;gBACvC,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,aAAa;aACvB,CAAC,CAAC;QACP,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,iBAAiB,GAAG,UAAU,CAAC,SAAS,CAAC;YAE/C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAEjC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,WAAW,EAAE;gBAC3C,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,iBAAiB;aAC3B,CAAC,CAAC;QACP,CAAC;QAED,mDAAmD,EAAE,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,CAAC;AAC7B,CAAC;AAED,IAAI,oBAAoB,GAA6B,SAAS,CAAC;AAE/D,MAAM,UAAU,uBAAuB;IAGnC,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACX;YACI,uBAAuB;YACvB,gCAAgC;YAChC,oEAAoE;SACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IACN,CAAC;IACD,OAAO,oBAAoB,KAAK,SAAS;QACrC,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE;QAC7B,CAAC,CAAC;YACI,YAAY,EAAE,oBAAoB;YAClC,iBAAiB,EAAE,GAAG,EAAE;gBACpB,oBAAoB,GAAG,SAAS,CAAC;YACrC,CAAC;SACJ,CAAC;AACZ,CAAC;AAED,IAAI,gCAAgC,GAAuB,SAAS,CAAC;AAErE,MAAM,UAAU,mCAAmC;IAC/C,MAAM,CAAC,gCAAgC,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;IACjE,OAAO,gCAAgC,CAAC;AAC5C,CAAC;AAED,SAAS,kBAAkB;IACvB,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAEtD,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,CAAC;YACP,MAAM,kBAAkB,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CACtF,OAAO,CACV,CAAC;YAEF,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,IAAI,CAAC,wBAAwB,CAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAW,CAAC;QAC7E,CAAC;QAED,KAAK,EAAE,CAAC;YACJ,MAAM,kBAAkB,GAAG,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAErE,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IAAI,CAAC,wBAAwB,CAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IACI,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,IAAI;gBACtD,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,IAAI;gBAC1D,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,IAAI,EAC3D,CAAC;gBACC,mFAAmF;gBACnF,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAW,CAAC;QAC1E,CAAC;QAED,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAW,CAAC;IACpD,CAAC,CAAC,EAAE,CAAC;IAEL,IAAI,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,CAAC;QAC/C,gCAAgC,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC7F,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,gCAAgC,GAAG,eAAe,CAAC,QAAQ,CAAC;IAE5D,MAAM,EAAE,YAAY,EAAE,GAAG,CAAC,GAAG,EAAE;QAC3B,MAAM,YAAY,GAAiB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAEjD,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;YACvB,QAAQ,sBAAsB,CAAC,YAAY,EAAE,CAAC;gBAC1C,KAAK,UAAU;oBACX,OAAO,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;gBACvE,KAAK,OAAO;oBACR,OAAO,eAAe,CAAC,YAAY,CAAC;gBACxC;oBACI,MAAM,CAA+C,KAAK,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC9B,CAAC;QAED,MAAM,CAAC,YAAY,CAAC,KAAK,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;QAE5C,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;IAE3E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAC/D,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,QAAQ,SAAS,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,QAAQ;YACT,iCAAiC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC;YACpD,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;QACpC,KAAK,UAAU,CAAC,CAAC,CAAC;YACd,oBAAoB,GAAG,YAAY,CAAC;YAEpC,MAAM,uBAAuB,GAAG,CAAC,GAAG,EAAE;gBAClC,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;oBAC5E,OAAO,SAAS,CAAC,2CAA2C,CAAC;gBACjE,CAAC;gBACD,OAAO,SAAS,CAAC,uBAAuB,CAAC;YAC7C,CAAC,CAAC,EAAE,CAAC;YAEL,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,uBAAuB,CAAC,CAAC;YAEtD,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QACnC,CAAC;QACD;YACI,MAAM,CAAkC,KAAK,CAAC,CAAC;IACvD,CAAC;AACL,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { type AuthResponse } from "./AuthResponse";
|
|
2
|
+
export declare function captureApisForIframeProtection(): void;
|
|
2
3
|
export declare function preventSessionStorageSetItemOfPublicKeyByThirdParty(): void;
|
|
3
4
|
declare function getIsEncryptedAuthResponse(params: {
|
|
4
5
|
message: unknown;
|
|
@@ -12,6 +13,7 @@ export declare function initIframeMessageProtection(params: {
|
|
|
12
13
|
stateUrlParamValue: string;
|
|
13
14
|
}): Promise<{
|
|
14
15
|
getIsReadyToReadPublicKeyMessage: typeof getIsReadyToReadPublicKeyMessage;
|
|
16
|
+
startSessionStoragePublicKeyMaliciousWriteDetection: () => void;
|
|
15
17
|
setSessionStoragePublicKey: () => void;
|
|
16
18
|
getIsEncryptedAuthResponse: typeof getIsEncryptedAuthResponse;
|
|
17
19
|
decodeEncryptedAuth: (params: {
|
|
@@ -1,16 +1,22 @@
|
|
|
1
1
|
import { assert } from "../tools/tsafe/assert";
|
|
2
2
|
import { asymmetricEncrypt, asymmetricDecrypt, generateKeys } from "../tools/asymmetricEncryption";
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
3
|
+
let capturedApis = undefined;
|
|
4
|
+
export function captureApisForIframeProtection() {
|
|
5
|
+
capturedApis = {
|
|
6
|
+
setItem: Storage.prototype.setItem,
|
|
7
|
+
sessionStorage: window.sessionStorage,
|
|
8
|
+
setTimeout: window.setTimeout,
|
|
9
|
+
alert: window.alert
|
|
10
|
+
};
|
|
11
|
+
}
|
|
7
12
|
const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
8
13
|
export function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
9
14
|
const setItem_protected = function setItem(key, value) {
|
|
10
15
|
if (key.startsWith(SESSION_STORAGE_PREFIX)) {
|
|
11
16
|
throw new Error("Attack prevented by oidc-spa. You have malicious code running in your system");
|
|
12
17
|
}
|
|
13
|
-
|
|
18
|
+
assert(capturedApis !== undefined);
|
|
19
|
+
return capturedApis.setItem.call(this, key, value);
|
|
14
20
|
};
|
|
15
21
|
{
|
|
16
22
|
const pd = Object.getOwnPropertyDescriptor(Storage.prototype, "setItem");
|
|
@@ -46,12 +52,19 @@ export async function initIframeMessageProtection(params) {
|
|
|
46
52
|
const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
|
|
47
53
|
let timer = undefined;
|
|
48
54
|
function setSessionStoragePublicKey() {
|
|
49
|
-
|
|
55
|
+
assert(capturedApis !== undefined);
|
|
56
|
+
const { setItem } = capturedApis;
|
|
57
|
+
setItem.call(capturedApis.sessionStorage, sessionStorageKey, publicKey);
|
|
58
|
+
}
|
|
59
|
+
function startSessionStoragePublicKeyMaliciousWriteDetection() {
|
|
60
|
+
setSessionStoragePublicKey();
|
|
61
|
+
assert(capturedApis !== undefined);
|
|
62
|
+
const { alert, setTimeout } = capturedApis;
|
|
50
63
|
const checkTimeoutCallback = () => {
|
|
51
64
|
if (sessionStorage.getItem(sessionStorageKey) !== publicKey) {
|
|
52
65
|
while (true) {
|
|
53
|
-
|
|
54
|
-
"⚠️
|
|
66
|
+
alert([
|
|
67
|
+
"⚠️ Security Alert:",
|
|
55
68
|
"oidc-spa detected an attack attempt.",
|
|
56
69
|
"For your safety, please close this tab immediately",
|
|
57
70
|
"and notify the site administrator."
|
|
@@ -61,7 +74,7 @@ export async function initIframeMessageProtection(params) {
|
|
|
61
74
|
check();
|
|
62
75
|
};
|
|
63
76
|
function check() {
|
|
64
|
-
timer =
|
|
77
|
+
timer = setTimeout(checkTimeoutCallback, 5);
|
|
65
78
|
}
|
|
66
79
|
check();
|
|
67
80
|
}
|
|
@@ -80,6 +93,7 @@ export async function initIframeMessageProtection(params) {
|
|
|
80
93
|
}
|
|
81
94
|
return {
|
|
82
95
|
getIsReadyToReadPublicKeyMessage,
|
|
96
|
+
startSessionStoragePublicKeyMaliciousWriteDetection,
|
|
83
97
|
setSessionStoragePublicKey,
|
|
84
98
|
getIsEncryptedAuthResponse,
|
|
85
99
|
decodeEncryptedAuth,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../../src/core/iframeMessageProtection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAGnG,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO
|
|
1
|
+
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../../src/core/iframeMessageProtection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAGnG,IAAI,YAAY,GAOE,SAAS,CAAC;AAE5B,MAAM,UAAU,8BAA8B;IAC1C,YAAY,GAAG;QACX,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,OAAO;QAClC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;KACtB,CAAC;AACN,CAAC;AAED,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,MAAM,UAAU,mDAAmD;IAC/D,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACvD,CAAC,CAAC;IAEF,CAAC;QACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,MAAM,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,0BAA0B,CAAC,MAAwD;IACxF,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAE/C,OAAO,CACH,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,kBAAkB,EAAE,CAAC,CAChF,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,MAAsC;IAC3D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IACtC,OAAO,oCAAoC,kBAAkB,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,gCAAgC,CAAC,MAAwD;IAC9F,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAC/C,OAAO,OAAO,KAAK,eAAe,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,MAAsC;IACpF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,IAAI,KAAK,GAAuB,SAAS,CAAC;IAE1C,SAAS,0BAA0B;QAC/B,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;QAEjC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAC5E,CAAC;IAED,SAAS,mDAAmD;QACxD,0BAA0B,EAAE,CAAC;QAE7B,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,YAAY,CAAC;QAE3C,MAAM,oBAAoB,GAAG,GAAG,EAAE;YAC9B,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC1D,OAAO,IAAI,EAAE,CAAC;oBACV,KAAK,CACD;wBACI,oBAAoB;wBACpB,sCAAsC;wBACtC,oDAAoD;wBACpD,oCAAoC;qBACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACN,CAAC;YACL,CAAC;YACD,KAAK,EAAE,CAAC;QACZ,CAAC,CAAC;QAEF,SAAS,KAAK;YACV,KAAK,GAAG,UAAU,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC;QAED,KAAK,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAElC;QACG,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAAC;QAEzC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,iBAAiB,CAAC;YAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CACzC,+BAA+B,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CACrE;YACD,UAAU;SACb,CAAC,CAAC;QAEH,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEhE,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,4BAA4B;QACjC,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC7C,YAAY,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC;IAED,OAAO;QACH,gCAAgC;QAChC,mDAAmD;QACnD,0BAA0B;QAC1B,0BAA0B;QAC1B,mBAAmB;QACnB,4BAA4B;KAC/B,CAAC;AACN,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iCAAiC,CAAC,MAAsC;IAC1F,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEhC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEjG,MAAM,aAAa,GAAG,GAAG,EAAE,CACvB,cAAc,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE7F,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,OAAO,aAAa,EAAE,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAElC,MAAM,CAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;IAEtC,MAAM,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,GAAG,MAAM,iBAAiB,CAAC;QACjF,SAAS;QACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,GAAG,+BAA+B,GAAG,YAAY,CAAC,KAAK,GAAG,8BAA8B,EAAE,CAAC;IAEpH,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC"}
|
package/esm/core/loginSilent.js
CHANGED
|
@@ -33,7 +33,7 @@ export async function loginSilent(params) {
|
|
|
33
33
|
const dynamicDelay = rtt * 2.5 + BASE_DELAY_MS / (downlink + 1);
|
|
34
34
|
return Math.max(BASE_DELAY_MS, dynamicDelay);
|
|
35
35
|
})();
|
|
36
|
-
const { getIsReadyToReadPublicKeyMessage, setSessionStoragePublicKey, decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } = await initIframeMessageProtection({
|
|
36
|
+
const { getIsReadyToReadPublicKeyMessage, startSessionStoragePublicKeyMaliciousWriteDetection, setSessionStoragePublicKey, decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } = await initIframeMessageProtection({
|
|
37
37
|
stateUrlParamValue: stateUrlParamValue_instance
|
|
38
38
|
});
|
|
39
39
|
let clearTimeouts;
|
|
@@ -129,6 +129,7 @@ export async function loginSilent(params) {
|
|
|
129
129
|
}
|
|
130
130
|
return url;
|
|
131
131
|
};
|
|
132
|
+
startSessionStoragePublicKeyMaliciousWriteDetection();
|
|
132
133
|
oidcClientTsUserManager
|
|
133
134
|
.signinSilent({
|
|
134
135
|
state: id({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../../src/core/loginSilent.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,EAAE,EAAE,MAAM,mBAAmB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,eAAe,EAAkB,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAgBnD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAgBjC;IACG,MAAM,EACF,uBAAuB,EACvB,2BAA2B,EAC3B,QAAQ,EACR,0BAA0B,EAC1B,mBAAmB,EACnB,mBAAmB,EACnB,SAAS,EACT,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,kBAAkB,EAAE,CAAC;QACjB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,WAAW,EAAE,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,kBAAkB,CAAC;QAC7B,CAAC;QACD,GAAG,EAAE,CAAC,wFAAwF,CAAC,CAAC;QAChG,MAAM,QAAQ,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,QAAQ,EAAuB,CAAC;IAEpD,MAAM,cAAc,GAAW,CAAC,GAAG,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QAEzB,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;QAE3C,6DAA6D;QAC7D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,IAAK,CAAC;QAEjE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC;QACzB,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,cAAc,CAAC;QAEzC,oDAAoD;QACpD,8CAA8C;QAC9C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,EACF,gCAAgC,EAChC,0BAA0B,EAC1B,mBAAmB,EACnB,0BAA0B,EAC1B,4BAA4B,EAC/B,GAAG,MAAM,2BAA2B,CAAC;QAClC,kBAAkB,EAAE,2BAA2B;KAClD,CAAC,CAAC;IAEH,IAAI,aAAwD,CAAC;IAC7D,CAAC;QACG,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,QAAQ,GAAG;YACb,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACnB,CAAC,CAAC;YACP,CAAC,EAAE,cAAc,CAAC;YAClB,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,IAAI,CACR;oBACI,+DAA+D;oBAC/D,2CAA2C;oBAC3C,WAAW,IAAI,CAAC,KAAK,CACjB,cAAc,GAAG,IAAK,CACzB,sCAAsC;oBACvC,yFAAyF;iBAC5F,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACF,uBAAuB,GAAG,IAAI,CAAC;YACnC,CAAC,EAAE,IAAK,CAAC;SACZ,CAAC;QAEF,aAAa,GAAG,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE;YAC/B,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC/B,IAAI,UAAU,IAAI,uBAAuB,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CACP;oBACI,iEAAiE;oBACjE,6CAA6C;iBAChD,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;YACN,CAAC;QACL,CAAC,CAAC;IACN,CAAC;IAED,IAAI,QAAuC,CAAC;IAE5C,QAAQ,GAAG,KAAK,EAAE,KAAmB,EAAE,EAAE;QACrC,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO;QACX,CAAC;QAED,IACI,CAAC,gCAAgC,CAAC;YAC9B,kBAAkB,EAAE,2BAA2B;YAC/C,OAAO,EAAE,KAAK,CAAC,IAAI;SACtB,CAAC,EACJ,CAAC;YACC,OAAO;QACX,CAAC;QAED,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEvD,0BAA0B,EAAE,CAAC;QAE7B,MAAM,sBAAsB,GAAG,IAAI,QAAQ,EAAU,CAAC;QAEtD,QAAQ,GAAG,KAAK,CAAC,EAAE;YACf,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC1C,OAAO;YACX,CAAC;YAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC;YAE3B,IACI,CAAC,0BAA0B,CAAC;gBACxB,kBAAkB,EAAE,2BAA2B;gBAC/C,OAAO;aACV,CAAC,EACJ,CAAC;gBACC,OAAO;YACX,CAAC;YAED,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhD,sBAAsB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEpD,MAAM,qBAAqB,GAAG,MAAM,sBAAsB,CAAC,EAAE,CAAC;QAE9D,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,mBAAmB,CAAC,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAE9E,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;QAE3E,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC1C,MAAM,CAAC,SAAS,CAAC,OAAO,KAAK,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACjD,MAAM,CAAC,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,SAAS,CAAC,CAAC;QAEnD,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,+BAA+B;YACxC,YAAY;SACf,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEpD,MAAM,yBAAyB,GAAG,CAAC,GAAW,EAAE,EAAE;QAC9C,sBAAsB,EAAE,CAAC;YACrB,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACpC,MAAM,sBAAsB,CAAC;YACjC,CAAC;YAED,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YAEtE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACtB,SAAS;gBACb,CAAC;gBACD,GAAG,GAAG,sBAAsB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;YACjF,CAAC;QACL,CAAC;QAED,mBAAmB,EAAE,CAAC;YAClB,IAAI,0BAA0B,KAAK,SAAS,EAAE,CAAC;gBAC3C,MAAM,mBAAmB,CAAC;YAC9B,CAAC;YACD,GAAG,GAAG,0BAA0B,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC,CAAC;IAEF,uBAAuB;SAClB,YAAY,CAAC;QACV,KAAK,EAAE,EAAE,CAAmB;YACxB,OAAO,EAAE,QAAQ;YACjB,QAAQ;SACX,CAAC;QACF,6BAA6B,EAAE,cAAc,GAAG,IAAI;QACpD,gBAAgB,EACZ,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACtF,YAAY,EAAE,yBAAyB;KAC1C,CAAC;SACD,IAAI,CACD,gBAAgB,CAAC,EAAE;QACf,MAAM,CAAC,gBAAgB,KAAK,IAAI,EAAE,kDAAkD,CAAC,CAAC;QAEtF,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEhD,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,qCAAqC;YAC9C,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC,EACD,CAAC,KAAY,EAAE,EAAE;QACb,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;YACtC,+DAA+D;YAC/D,mCAAmC;YACnC,mEAAmE;YACnE,0CAA0C;YAC1C,yEAAyE;YAEzE,0DAA0D;YAC1D,kEAAkE;YAClE,mEAAmE;YACnE,qBAAqB;YACrB,aAAa,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAErC,OAAO,CAAC,OAAO,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,sCAAsC;aAChD,CAAC,CAAC;YAEH,OAAO;QACX,CAAC;QAED,yEAAyE;QACzE,qEAAqE;IACzE,CAAC,CACJ,CAAC;IAEN,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QACrB,4BAA4B,EAAE,CAAC;QAE/B,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,CAAC,CAAC;QACzE,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC,EAAE,CAAC;AACtB,CAAC"}
|
|
1
|
+
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../../src/core/loginSilent.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,EAAE,EAAE,MAAM,mBAAmB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,eAAe,EAAkB,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAgBnD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAgBjC;IACG,MAAM,EACF,uBAAuB,EACvB,2BAA2B,EAC3B,QAAQ,EACR,0BAA0B,EAC1B,mBAAmB,EACnB,mBAAmB,EACnB,SAAS,EACT,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,kBAAkB,EAAE,CAAC;QACjB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,WAAW,EAAE,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,kBAAkB,CAAC;QAC7B,CAAC;QACD,GAAG,EAAE,CAAC,wFAAwF,CAAC,CAAC;QAChG,MAAM,QAAQ,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,QAAQ,EAAuB,CAAC;IAEpD,MAAM,cAAc,GAAW,CAAC,GAAG,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QAEzB,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;QAE3C,6DAA6D;QAC7D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,IAAK,CAAC;QAEjE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC;QACzB,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,cAAc,CAAC;QAEzC,oDAAoD;QACpD,8CAA8C;QAC9C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,EACF,gCAAgC,EAChC,mDAAmD,EACnD,0BAA0B,EAC1B,mBAAmB,EACnB,0BAA0B,EAC1B,4BAA4B,EAC/B,GAAG,MAAM,2BAA2B,CAAC;QAClC,kBAAkB,EAAE,2BAA2B;KAClD,CAAC,CAAC;IAEH,IAAI,aAAwD,CAAC;IAC7D,CAAC;QACG,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,QAAQ,GAAG;YACb,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACnB,CAAC,CAAC;YACP,CAAC,EAAE,cAAc,CAAC;YAClB,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,IAAI,CACR;oBACI,+DAA+D;oBAC/D,2CAA2C;oBAC3C,WAAW,IAAI,CAAC,KAAK,CACjB,cAAc,GAAG,IAAK,CACzB,sCAAsC;oBACvC,yFAAyF;iBAC5F,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACF,uBAAuB,GAAG,IAAI,CAAC;YACnC,CAAC,EAAE,IAAK,CAAC;SACZ,CAAC;QAEF,aAAa,GAAG,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE;YAC/B,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC/B,IAAI,UAAU,IAAI,uBAAuB,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CACP;oBACI,iEAAiE;oBACjE,6CAA6C;iBAChD,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;YACN,CAAC;QACL,CAAC,CAAC;IACN,CAAC;IAED,IAAI,QAAuC,CAAC;IAE5C,QAAQ,GAAG,KAAK,EAAE,KAAmB,EAAE,EAAE;QACrC,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO;QACX,CAAC;QAED,IACI,CAAC,gCAAgC,CAAC;YAC9B,kBAAkB,EAAE,2BAA2B;YAC/C,OAAO,EAAE,KAAK,CAAC,IAAI;SACtB,CAAC,EACJ,CAAC;YACC,OAAO;QACX,CAAC;QAED,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEvD,0BAA0B,EAAE,CAAC;QAE7B,MAAM,sBAAsB,GAAG,IAAI,QAAQ,EAAU,CAAC;QAEtD,QAAQ,GAAG,KAAK,CAAC,EAAE;YACf,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC1C,OAAO;YACX,CAAC;YAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC;YAE3B,IACI,CAAC,0BAA0B,CAAC;gBACxB,kBAAkB,EAAE,2BAA2B;gBAC/C,OAAO;aACV,CAAC,EACJ,CAAC;gBACC,OAAO;YACX,CAAC;YAED,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhD,sBAAsB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEpD,MAAM,qBAAqB,GAAG,MAAM,sBAAsB,CAAC,EAAE,CAAC;QAE9D,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,mBAAmB,CAAC,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAE9E,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;QAE3E,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC1C,MAAM,CAAC,SAAS,CAAC,OAAO,KAAK,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACjD,MAAM,CAAC,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,SAAS,CAAC,CAAC;QAEnD,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,+BAA+B;YACxC,YAAY;SACf,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEpD,MAAM,yBAAyB,GAAG,CAAC,GAAW,EAAE,EAAE;QAC9C,sBAAsB,EAAE,CAAC;YACrB,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACpC,MAAM,sBAAsB,CAAC;YACjC,CAAC;YAED,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YAEtE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACtB,SAAS;gBACb,CAAC;gBACD,GAAG,GAAG,sBAAsB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;YACjF,CAAC;QACL,CAAC;QAED,mBAAmB,EAAE,CAAC;YAClB,IAAI,0BAA0B,KAAK,SAAS,EAAE,CAAC;gBAC3C,MAAM,mBAAmB,CAAC;YAC9B,CAAC;YACD,GAAG,GAAG,0BAA0B,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC,CAAC;IAEF,mDAAmD,EAAE,CAAC;IAEtD,uBAAuB;SAClB,YAAY,CAAC;QACV,KAAK,EAAE,EAAE,CAAmB;YACxB,OAAO,EAAE,QAAQ;YACjB,QAAQ;SACX,CAAC;QACF,6BAA6B,EAAE,cAAc,GAAG,IAAI;QACpD,gBAAgB,EACZ,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACtF,YAAY,EAAE,yBAAyB;KAC1C,CAAC;SACD,IAAI,CACD,gBAAgB,CAAC,EAAE;QACf,MAAM,CAAC,gBAAgB,KAAK,IAAI,EAAE,kDAAkD,CAAC,CAAC;QAEtF,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEhD,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,qCAAqC;YAC9C,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC,EACD,CAAC,KAAY,EAAE,EAAE;QACb,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;YACtC,+DAA+D;YAC/D,mCAAmC;YACnC,mEAAmE;YACnE,0CAA0C;YAC1C,yEAAyE;YAEzE,0DAA0D;YAC1D,kEAAkE;YAClE,mEAAmE;YACnE,qBAAqB;YACrB,aAAa,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAErC,OAAO,CAAC,OAAO,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,sCAAsC;aAChD,CAAC,CAAC;YAEH,OAAO;QACX,CAAC;QAED,yEAAyE;QACzE,qEAAqE;IACzE,CAAC,CACJ,CAAC;IAEN,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QACrB,4BAA4B,EAAE,CAAC;QAE/B,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,CAAC,CAAC;QACzE,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC,EAAE,CAAC;AACtB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const isBrowser: boolean;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"isBrowser.js","sourceRoot":"","sources":["../../src/tools/isBrowser.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,SAAS,GAClB,OAAO,MAAM,KAAK,WAAW;IAC7B,OAAO,MAAM,CAAC,QAAQ,KAAK,WAAW;IACtC,OAAO,SAAS,KAAK,WAAW,CAAC"}
|
package/package.json
CHANGED
package/src/core/earlyInit.ts
CHANGED
|
@@ -2,9 +2,11 @@ import { getStateData, getIsStatQueryParamValue } from "./StateData";
|
|
|
2
2
|
import { assert, type Equals } from "../tools/tsafe/assert";
|
|
3
3
|
import type { AuthResponse } from "./AuthResponse";
|
|
4
4
|
import {
|
|
5
|
+
captureApisForIframeProtection,
|
|
5
6
|
postEncryptedAuthResponseToParent,
|
|
6
7
|
preventSessionStorageSetItemOfPublicKeyByThirdParty
|
|
7
8
|
} from "./iframeMessageProtection";
|
|
9
|
+
import { isBrowser } from "../tools/isBrowser";
|
|
8
10
|
|
|
9
11
|
let hasEarlyInitBeenCalled = false;
|
|
10
12
|
|
|
@@ -21,6 +23,12 @@ export function oidcEarlyInit(params: {
|
|
|
21
23
|
|
|
22
24
|
hasEarlyInitBeenCalled = true;
|
|
23
25
|
|
|
26
|
+
if (!isBrowser) {
|
|
27
|
+
return { shouldLoadApp: true };
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
captureApisForIframeProtection();
|
|
31
|
+
|
|
24
32
|
const { freezeFetch, freezeXMLHttpRequest, freezeWebSocket = false } = params ?? {};
|
|
25
33
|
|
|
26
34
|
const { shouldLoadApp } = handleOidcCallback();
|
|
@@ -2,10 +2,23 @@ import { assert } from "../tools/tsafe/assert";
|
|
|
2
2
|
import { asymmetricEncrypt, asymmetricDecrypt, generateKeys } from "../tools/asymmetricEncryption";
|
|
3
3
|
import { type AuthResponse } from "./AuthResponse";
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
let capturedApis:
|
|
6
|
+
| {
|
|
7
|
+
setItem: typeof localStorage.setItem;
|
|
8
|
+
sessionStorage: typeof window.sessionStorage;
|
|
9
|
+
setTimeout: typeof window.setTimeout;
|
|
10
|
+
alert: typeof window.alert;
|
|
11
|
+
}
|
|
12
|
+
| undefined = undefined;
|
|
13
|
+
|
|
14
|
+
export function captureApisForIframeProtection() {
|
|
15
|
+
capturedApis = {
|
|
16
|
+
setItem: Storage.prototype.setItem,
|
|
17
|
+
sessionStorage: window.sessionStorage,
|
|
18
|
+
setTimeout: window.setTimeout,
|
|
19
|
+
alert: window.alert
|
|
20
|
+
};
|
|
21
|
+
}
|
|
9
22
|
|
|
10
23
|
const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
11
24
|
|
|
@@ -17,7 +30,9 @@ export function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
|
17
30
|
);
|
|
18
31
|
}
|
|
19
32
|
|
|
20
|
-
|
|
33
|
+
assert(capturedApis !== undefined);
|
|
34
|
+
|
|
35
|
+
return capturedApis.setItem.call(this, key, value);
|
|
21
36
|
};
|
|
22
37
|
|
|
23
38
|
{
|
|
@@ -67,17 +82,29 @@ export async function initIframeMessageProtection(params: { stateUrlParamValue:
|
|
|
67
82
|
|
|
68
83
|
const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
|
|
69
84
|
|
|
70
|
-
let timer:
|
|
85
|
+
let timer: number | undefined = undefined;
|
|
71
86
|
|
|
72
87
|
function setSessionStoragePublicKey() {
|
|
73
|
-
|
|
88
|
+
assert(capturedApis !== undefined);
|
|
89
|
+
|
|
90
|
+
const { setItem } = capturedApis;
|
|
91
|
+
|
|
92
|
+
setItem.call(capturedApis.sessionStorage, sessionStorageKey, publicKey);
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
function startSessionStoragePublicKeyMaliciousWriteDetection() {
|
|
96
|
+
setSessionStoragePublicKey();
|
|
97
|
+
|
|
98
|
+
assert(capturedApis !== undefined);
|
|
99
|
+
|
|
100
|
+
const { alert, setTimeout } = capturedApis;
|
|
74
101
|
|
|
75
102
|
const checkTimeoutCallback = () => {
|
|
76
103
|
if (sessionStorage.getItem(sessionStorageKey) !== publicKey) {
|
|
77
104
|
while (true) {
|
|
78
|
-
|
|
105
|
+
alert(
|
|
79
106
|
[
|
|
80
|
-
"⚠️
|
|
107
|
+
"⚠️ Security Alert:",
|
|
81
108
|
"oidc-spa detected an attack attempt.",
|
|
82
109
|
"For your safety, please close this tab immediately",
|
|
83
110
|
"and notify the site administrator."
|
|
@@ -89,7 +116,7 @@ export async function initIframeMessageProtection(params: { stateUrlParamValue:
|
|
|
89
116
|
};
|
|
90
117
|
|
|
91
118
|
function check() {
|
|
92
|
-
timer =
|
|
119
|
+
timer = setTimeout(checkTimeoutCallback, 5);
|
|
93
120
|
}
|
|
94
121
|
|
|
95
122
|
check();
|
|
@@ -119,6 +146,7 @@ export async function initIframeMessageProtection(params: { stateUrlParamValue:
|
|
|
119
146
|
|
|
120
147
|
return {
|
|
121
148
|
getIsReadyToReadPublicKeyMessage,
|
|
149
|
+
startSessionStoragePublicKeyMaliciousWriteDetection,
|
|
122
150
|
setSessionStoragePublicKey,
|
|
123
151
|
getIsEncryptedAuthResponse,
|
|
124
152
|
decodeEncryptedAuth,
|
package/src/core/loginSilent.ts
CHANGED
|
@@ -90,6 +90,7 @@ export async function loginSilent(params: {
|
|
|
90
90
|
|
|
91
91
|
const {
|
|
92
92
|
getIsReadyToReadPublicKeyMessage,
|
|
93
|
+
startSessionStoragePublicKeyMaliciousWriteDetection,
|
|
93
94
|
setSessionStoragePublicKey,
|
|
94
95
|
decodeEncryptedAuth,
|
|
95
96
|
getIsEncryptedAuthResponse,
|
|
@@ -228,6 +229,8 @@ export async function loginSilent(params: {
|
|
|
228
229
|
return url;
|
|
229
230
|
};
|
|
230
231
|
|
|
232
|
+
startSessionStoragePublicKeyMaliciousWriteDetection();
|
|
233
|
+
|
|
231
234
|
oidcClientTsUserManager
|
|
232
235
|
.signinSilent({
|
|
233
236
|
state: id<StateData.IFrame>({
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const isBrowser: boolean;
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.isBrowser = void 0;
|
|
4
|
+
exports.isBrowser = typeof window !== "undefined" &&
|
|
5
|
+
typeof window.document !== "undefined" &&
|
|
6
|
+
typeof navigator !== "undefined";
|
|
7
|
+
//# sourceMappingURL=isBrowser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"isBrowser.js","sourceRoot":"","sources":["../src/tools/isBrowser.ts"],"names":[],"mappings":";;;AAAa,QAAA,SAAS,GAClB,OAAO,MAAM,KAAK,WAAW;IAC7B,OAAO,MAAM,CAAC,QAAQ,KAAK,WAAW;IACtC,OAAO,SAAS,KAAK,WAAW,CAAC"}
|