oidc-spa 8.1.8 → 8.1.9-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/createOidc.js +1 -1
- package/core/iframeMessageProtection.js +16 -9
- package/core/iframeMessageProtection.js.map +1 -1
- package/esm/core/createOidc.js +1 -1
- package/esm/core/iframeMessageProtection.js +16 -9
- package/esm/core/iframeMessageProtection.js.map +1 -1
- package/package.json +1 -1
- package/src/core/iframeMessageProtection.ts +23 -11
package/core/createOidc.js
CHANGED
|
@@ -65,7 +65,7 @@ const isKeycloak_1 = require("../keycloak/isKeycloak");
|
|
|
65
65
|
const INFINITY_TIME_1 = require("../tools/INFINITY_TIME");
|
|
66
66
|
const getIsValidRemoteJson_1 = require("../tools/getIsValidRemoteJson");
|
|
67
67
|
// NOTE: Replaced at build time
|
|
68
|
-
const VERSION = "8.1.
|
|
68
|
+
const VERSION = "8.1.9-rc.1";
|
|
69
69
|
const globalContext = {
|
|
70
70
|
prOidcByConfigId: new Map(),
|
|
71
71
|
hasLogoutBeenCalled: (0, id_1.id)(false),
|
|
@@ -60,22 +60,28 @@ async function initIframeMessageProtection(params) {
|
|
|
60
60
|
function setSessionStoragePublicKey() {
|
|
61
61
|
(0, assert_1.assert)(capturedApis !== undefined);
|
|
62
62
|
const { setItem } = capturedApis;
|
|
63
|
+
console.log(`setSessionStoragePublicKey ${sessionStorageKey}`);
|
|
63
64
|
setItem.call(capturedApis.sessionStorage, sessionStorageKey, publicKey);
|
|
64
65
|
}
|
|
65
66
|
function startSessionStoragePublicKeyMaliciousWriteDetection() {
|
|
67
|
+
console.log(`startSessionStoragePublicKeyMaliciousWriteDetection: ${sessionStorageKey}`);
|
|
66
68
|
setSessionStoragePublicKey();
|
|
67
69
|
(0, assert_1.assert)(capturedApis !== undefined);
|
|
68
|
-
const { alert
|
|
70
|
+
const { /*alert,*/ setTimeout } = capturedApis;
|
|
69
71
|
const checkTimeoutCallback = () => {
|
|
72
|
+
console.log(`checkTimeoutCallback called ${sessionStorageKey}`);
|
|
70
73
|
if (sessionStorage.getItem(sessionStorageKey) !== publicKey) {
|
|
71
|
-
while (true) {
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
74
|
+
//while (true) {
|
|
75
|
+
console.warn([
|
|
76
|
+
"⚠️ Security Alert:",
|
|
77
|
+
"oidc-spa detected an attack attempt.",
|
|
78
|
+
"For your safety, please close this tab immediately",
|
|
79
|
+
"and notify the site administrator.",
|
|
80
|
+
`sessionStorageKey: ${sessionStorageKey}`,
|
|
81
|
+
`sessionStorage.getItem(sessionStorageKey): ${sessionStorage.getItem(sessionStorageKey)}`,
|
|
82
|
+
`publicKey: ${publicKey}`
|
|
83
|
+
].join("\n"));
|
|
84
|
+
//}
|
|
79
85
|
}
|
|
80
86
|
check();
|
|
81
87
|
};
|
|
@@ -94,6 +100,7 @@ async function initIframeMessageProtection(params) {
|
|
|
94
100
|
return { authResponse };
|
|
95
101
|
}
|
|
96
102
|
function clearSessionStoragePublicKey() {
|
|
103
|
+
console.log(`Clear session storage public key ${sessionStorageKey}`);
|
|
97
104
|
sessionStorage.removeItem(sessionStorageKey);
|
|
98
105
|
clearTimeout(timer);
|
|
99
106
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;AAaA,wEAOC;AAID,kHAwBC;AA6BD,
|
|
1
|
+
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;AAaA,wEAOC;AAID,kHAwBC;AA6BD,kEAyFC;AAED,8EA4BC;AApMD,kDAA+C;AAC/C,wEAAmG;AAGnG,IAAI,YAAY,GAOE,SAAS,CAAC;AAE5B,SAAgB,8BAA8B;IAC1C,YAAY,GAAG;QACX,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,OAAO;QAClC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;KACtB,CAAC;AACN,CAAC;AAED,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,SAAgB,mDAAmD;IAC/D,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACvD,CAAC,CAAC;IAEF,CAAC;QACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,IAAA,eAAM,EAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,0BAA0B,CAAC,MAAwD;IACxF,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAE/C,OAAO,CACH,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,kBAAkB,EAAE,CAAC,CAChF,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,MAAsC;IAC3D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IACtC,OAAO,oCAAoC,kBAAkB,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,gCAAgC,CAAC,MAAwD;IAC9F,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAC/C,OAAO,OAAO,KAAK,eAAe,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAC/D,CAAC;AAEM,KAAK,UAAU,2BAA2B,CAAC,MAAsC;IACpF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,mCAAY,GAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,IAAI,KAAK,GAAuB,SAAS,CAAC;IAE1C,SAAS,0BAA0B;QAC/B,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;QAEjC,OAAO,CAAC,GAAG,CAAC,8BAA8B,iBAAiB,EAAE,CAAC,CAAC;QAE/D,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAC5E,CAAC;IAED,SAAS,mDAAmD;QACxD,OAAO,CAAC,GAAG,CAAC,wDAAwD,iBAAiB,EAAE,CAAC,CAAC;QAEzF,0BAA0B,EAAE,CAAC;QAE7B,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,UAAU,CAAC,UAAU,EAAE,GAAG,YAAY,CAAC;QAE/C,MAAM,oBAAoB,GAAG,GAAG,EAAE;YAC9B,OAAO,CAAC,GAAG,CAAC,+BAA+B,iBAAiB,EAAE,CAAC,CAAC;YAEhE,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC1D,gBAAgB;gBAChB,OAAO,CAAC,IAAI,CACR;oBACI,oBAAoB;oBACpB,sCAAsC;oBACtC,oDAAoD;oBACpD,oCAAoC;oBACpC,sBAAsB,iBAAiB,EAAE;oBACzC,8CAA8C,cAAc,CAAC,OAAO,CAChE,iBAAiB,CACpB,EAAE;oBACH,cAAc,SAAS,EAAE;iBAC5B,CAAC,IAAI,CAAC,IAAI,CAAC,CACf,CAAC;gBACF,GAAG;YACP,CAAC;YACD,KAAK,EAAE,CAAC;QACZ,CAAC,CAAC;QAEF,SAAS,KAAK;YACV,KAAK,GAAG,UAAU,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC;QAED,KAAK,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAElC;QACG,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAAC;QAEzC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAA,wCAAiB,EAAC;YAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CACzC,+BAA+B,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CACrE;YACD,UAAU;SACb,CAAC,CAAC;QAEH,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEhE,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,4BAA4B;QACjC,OAAO,CAAC,GAAG,CAAC,oCAAoC,iBAAiB,EAAE,CAAC,CAAC;QACrE,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC7C,YAAY,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC;IAED,OAAO;QACH,gCAAgC;QAChC,mDAAmD;QACnD,0BAA0B;QAC1B,0BAA0B;QAC1B,mBAAmB;QACnB,4BAA4B;KAC/B,CAAC;AACN,CAAC;AAEM,KAAK,UAAU,iCAAiC,CAAC,MAAsC;IAC1F,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEhC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEjG,MAAM,aAAa,GAAG,GAAG,EAAE,CACvB,cAAc,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE7F,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,OAAO,aAAa,EAAE,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAElC,IAAA,eAAM,EAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;IAEtC,MAAM,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,GAAG,MAAM,IAAA,wCAAiB,EAAC;QACjF,SAAS;QACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,GAAG,+BAA+B,GAAG,YAAY,CAAC,KAAK,GAAG,8BAA8B,EAAE,CAAC;IAEpH,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC"}
|
package/esm/core/createOidc.js
CHANGED
|
@@ -28,7 +28,7 @@ import { isKeycloak } from "../keycloak/isKeycloak";
|
|
|
28
28
|
import { INFINITY_TIME } from "../tools/INFINITY_TIME";
|
|
29
29
|
import { getIsValidRemoteJson } from "../tools/getIsValidRemoteJson";
|
|
30
30
|
// NOTE: Replaced at build time
|
|
31
|
-
const VERSION = "8.1.
|
|
31
|
+
const VERSION = "8.1.9-rc.1";
|
|
32
32
|
const globalContext = {
|
|
33
33
|
prOidcByConfigId: new Map(),
|
|
34
34
|
hasLogoutBeenCalled: id(false),
|
|
@@ -54,22 +54,28 @@ export async function initIframeMessageProtection(params) {
|
|
|
54
54
|
function setSessionStoragePublicKey() {
|
|
55
55
|
assert(capturedApis !== undefined);
|
|
56
56
|
const { setItem } = capturedApis;
|
|
57
|
+
console.log(`setSessionStoragePublicKey ${sessionStorageKey}`);
|
|
57
58
|
setItem.call(capturedApis.sessionStorage, sessionStorageKey, publicKey);
|
|
58
59
|
}
|
|
59
60
|
function startSessionStoragePublicKeyMaliciousWriteDetection() {
|
|
61
|
+
console.log(`startSessionStoragePublicKeyMaliciousWriteDetection: ${sessionStorageKey}`);
|
|
60
62
|
setSessionStoragePublicKey();
|
|
61
63
|
assert(capturedApis !== undefined);
|
|
62
|
-
const { alert
|
|
64
|
+
const { /*alert,*/ setTimeout } = capturedApis;
|
|
63
65
|
const checkTimeoutCallback = () => {
|
|
66
|
+
console.log(`checkTimeoutCallback called ${sessionStorageKey}`);
|
|
64
67
|
if (sessionStorage.getItem(sessionStorageKey) !== publicKey) {
|
|
65
|
-
while (true) {
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
68
|
+
//while (true) {
|
|
69
|
+
console.warn([
|
|
70
|
+
"⚠️ Security Alert:",
|
|
71
|
+
"oidc-spa detected an attack attempt.",
|
|
72
|
+
"For your safety, please close this tab immediately",
|
|
73
|
+
"and notify the site administrator.",
|
|
74
|
+
`sessionStorageKey: ${sessionStorageKey}`,
|
|
75
|
+
`sessionStorage.getItem(sessionStorageKey): ${sessionStorage.getItem(sessionStorageKey)}`,
|
|
76
|
+
`publicKey: ${publicKey}`
|
|
77
|
+
].join("\n"));
|
|
78
|
+
//}
|
|
73
79
|
}
|
|
74
80
|
check();
|
|
75
81
|
};
|
|
@@ -88,6 +94,7 @@ export async function initIframeMessageProtection(params) {
|
|
|
88
94
|
return { authResponse };
|
|
89
95
|
}
|
|
90
96
|
function clearSessionStoragePublicKey() {
|
|
97
|
+
console.log(`Clear session storage public key ${sessionStorageKey}`);
|
|
91
98
|
sessionStorage.removeItem(sessionStorageKey);
|
|
92
99
|
clearTimeout(timer);
|
|
93
100
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../../src/core/iframeMessageProtection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAGnG,IAAI,YAAY,GAOE,SAAS,CAAC;AAE5B,MAAM,UAAU,8BAA8B;IAC1C,YAAY,GAAG;QACX,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,OAAO;QAClC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;KACtB,CAAC;AACN,CAAC;AAED,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,MAAM,UAAU,mDAAmD;IAC/D,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACvD,CAAC,CAAC;IAEF,CAAC;QACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,MAAM,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,0BAA0B,CAAC,MAAwD;IACxF,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAE/C,OAAO,CACH,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,kBAAkB,EAAE,CAAC,CAChF,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,MAAsC;IAC3D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IACtC,OAAO,oCAAoC,kBAAkB,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,gCAAgC,CAAC,MAAwD;IAC9F,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAC/C,OAAO,OAAO,KAAK,eAAe,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,MAAsC;IACpF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,IAAI,KAAK,GAAuB,SAAS,CAAC;IAE1C,SAAS,0BAA0B;QAC/B,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;QAEjC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAC5E,CAAC;IAED,SAAS,mDAAmD;QACxD,0BAA0B,EAAE,CAAC;QAE7B,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,
|
|
1
|
+
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../../src/core/iframeMessageProtection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAGnG,IAAI,YAAY,GAOE,SAAS,CAAC;AAE5B,MAAM,UAAU,8BAA8B;IAC1C,YAAY,GAAG;QACX,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,OAAO;QAClC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;KACtB,CAAC;AACN,CAAC;AAED,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,MAAM,UAAU,mDAAmD;IAC/D,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACvD,CAAC,CAAC;IAEF,CAAC;QACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,MAAM,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,0BAA0B,CAAC,MAAwD;IACxF,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAE/C,OAAO,CACH,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,kBAAkB,EAAE,CAAC,CAChF,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,MAAsC;IAC3D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IACtC,OAAO,oCAAoC,kBAAkB,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,gCAAgC,CAAC,MAAwD;IAC9F,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAC/C,OAAO,OAAO,KAAK,eAAe,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,MAAsC;IACpF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,IAAI,KAAK,GAAuB,SAAS,CAAC;IAE1C,SAAS,0BAA0B;QAC/B,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;QAEjC,OAAO,CAAC,GAAG,CAAC,8BAA8B,iBAAiB,EAAE,CAAC,CAAC;QAE/D,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAC5E,CAAC;IAED,SAAS,mDAAmD;QACxD,OAAO,CAAC,GAAG,CAAC,wDAAwD,iBAAiB,EAAE,CAAC,CAAC;QAEzF,0BAA0B,EAAE,CAAC;QAE7B,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,UAAU,CAAC,UAAU,EAAE,GAAG,YAAY,CAAC;QAE/C,MAAM,oBAAoB,GAAG,GAAG,EAAE;YAC9B,OAAO,CAAC,GAAG,CAAC,+BAA+B,iBAAiB,EAAE,CAAC,CAAC;YAEhE,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC1D,gBAAgB;gBAChB,OAAO,CAAC,IAAI,CACR;oBACI,oBAAoB;oBACpB,sCAAsC;oBACtC,oDAAoD;oBACpD,oCAAoC;oBACpC,sBAAsB,iBAAiB,EAAE;oBACzC,8CAA8C,cAAc,CAAC,OAAO,CAChE,iBAAiB,CACpB,EAAE;oBACH,cAAc,SAAS,EAAE;iBAC5B,CAAC,IAAI,CAAC,IAAI,CAAC,CACf,CAAC;gBACF,GAAG;YACP,CAAC;YACD,KAAK,EAAE,CAAC;QACZ,CAAC,CAAC;QAEF,SAAS,KAAK;YACV,KAAK,GAAG,UAAU,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC;QAED,KAAK,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAElC;QACG,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAAC;QAEzC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,iBAAiB,CAAC;YAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CACzC,+BAA+B,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CACrE;YACD,UAAU;SACb,CAAC,CAAC;QAEH,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEhE,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,4BAA4B;QACjC,OAAO,CAAC,GAAG,CAAC,oCAAoC,iBAAiB,EAAE,CAAC,CAAC;QACrE,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC7C,YAAY,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC;IAED,OAAO;QACH,gCAAgC;QAChC,mDAAmD;QACnD,0BAA0B;QAC1B,0BAA0B;QAC1B,mBAAmB;QACnB,4BAA4B;KAC/B,CAAC;AACN,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iCAAiC,CAAC,MAAsC;IAC1F,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEhC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEjG,MAAM,aAAa,GAAG,GAAG,EAAE,CACvB,cAAc,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE7F,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,OAAO,aAAa,EAAE,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAElC,MAAM,CAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;IAEtC,MAAM,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,GAAG,MAAM,iBAAiB,CAAC;QACjF,SAAS;QACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,GAAG,+BAA+B,GAAG,YAAY,CAAC,KAAK,GAAG,8BAA8B,EAAE,CAAC;IAEpH,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC"}
|
package/package.json
CHANGED
|
@@ -89,28 +89,39 @@ export async function initIframeMessageProtection(params: { stateUrlParamValue:
|
|
|
89
89
|
|
|
90
90
|
const { setItem } = capturedApis;
|
|
91
91
|
|
|
92
|
+
console.log(`setSessionStoragePublicKey ${sessionStorageKey}`);
|
|
93
|
+
|
|
92
94
|
setItem.call(capturedApis.sessionStorage, sessionStorageKey, publicKey);
|
|
93
95
|
}
|
|
94
96
|
|
|
95
97
|
function startSessionStoragePublicKeyMaliciousWriteDetection() {
|
|
98
|
+
console.log(`startSessionStoragePublicKeyMaliciousWriteDetection: ${sessionStorageKey}`);
|
|
99
|
+
|
|
96
100
|
setSessionStoragePublicKey();
|
|
97
101
|
|
|
98
102
|
assert(capturedApis !== undefined);
|
|
99
103
|
|
|
100
|
-
const { alert
|
|
104
|
+
const { /*alert,*/ setTimeout } = capturedApis;
|
|
101
105
|
|
|
102
106
|
const checkTimeoutCallback = () => {
|
|
107
|
+
console.log(`checkTimeoutCallback called ${sessionStorageKey}`);
|
|
108
|
+
|
|
103
109
|
if (sessionStorage.getItem(sessionStorageKey) !== publicKey) {
|
|
104
|
-
while (true) {
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
110
|
+
//while (true) {
|
|
111
|
+
console.warn(
|
|
112
|
+
[
|
|
113
|
+
"⚠️ Security Alert:",
|
|
114
|
+
"oidc-spa detected an attack attempt.",
|
|
115
|
+
"For your safety, please close this tab immediately",
|
|
116
|
+
"and notify the site administrator.",
|
|
117
|
+
`sessionStorageKey: ${sessionStorageKey}`,
|
|
118
|
+
`sessionStorage.getItem(sessionStorageKey): ${sessionStorage.getItem(
|
|
119
|
+
sessionStorageKey
|
|
120
|
+
)}`,
|
|
121
|
+
`publicKey: ${publicKey}`
|
|
122
|
+
].join("\n")
|
|
123
|
+
);
|
|
124
|
+
//}
|
|
114
125
|
}
|
|
115
126
|
check();
|
|
116
127
|
};
|
|
@@ -140,6 +151,7 @@ export async function initIframeMessageProtection(params: { stateUrlParamValue:
|
|
|
140
151
|
}
|
|
141
152
|
|
|
142
153
|
function clearSessionStoragePublicKey() {
|
|
154
|
+
console.log(`Clear session storage public key ${sessionStorageKey}`);
|
|
143
155
|
sessionStorage.removeItem(sessionStorageKey);
|
|
144
156
|
clearTimeout(timer);
|
|
145
157
|
}
|