oidc-spa 8.2.12 → 8.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -5
- package/core/createOidc.js +9 -2
- package/core/createOidc.js.map +1 -1
- package/core/earlyInit.d.ts +6 -2
- package/core/earlyInit.js +168 -31
- package/core/earlyInit.js.map +1 -1
- package/core/loginSilent.js +7 -42
- package/core/loginSilent.js.map +1 -1
- package/esm/core/createOidc.js +9 -2
- package/esm/core/createOidc.js.map +1 -1
- package/esm/core/earlyInit.d.ts +6 -2
- package/esm/core/earlyInit.js +167 -31
- package/esm/core/earlyInit.js.map +1 -1
- package/esm/core/loginSilent.js +7 -42
- package/esm/core/loginSilent.js.map +1 -1
- package/esm/tools/Evt.js +18 -10
- package/esm/tools/Evt.js.map +1 -1
- package/package.json +2 -2
- package/src/core/createOidc.ts +8 -1
- package/src/core/earlyInit.ts +220 -40
- package/src/core/loginSilent.ts +18 -79
- package/src/tools/Evt.ts +17 -16
- package/src/vite-plugin/handleClientEntrypoint.ts +4 -6
- package/tools/Evt.js +18 -10
- package/tools/Evt.js.map +1 -1
- package/vite-plugin/handleClientEntrypoint.js +3 -1
- package/vite-plugin/handleClientEntrypoint.js.map +1 -1
- package/core/iframeMessageProtection.d.ts +0 -32
- package/core/iframeMessageProtection.js +0 -154
- package/core/iframeMessageProtection.js.map +0 -1
- package/esm/core/iframeMessageProtection.d.ts +0 -32
- package/esm/core/iframeMessageProtection.js +0 -149
- package/esm/core/iframeMessageProtection.js.map +0 -1
- package/esm/tools/asymmetricEncryption.d.ts +0 -18
- package/esm/tools/asymmetricEncryption.js +0 -85
- package/esm/tools/asymmetricEncryption.js.map +0 -1
- package/src/core/iframeMessageProtection.ts +0 -219
- package/src/tools/asymmetricEncryption.ts +0 -184
- package/tools/asymmetricEncryption.d.ts +0 -18
- package/tools/asymmetricEncryption.js +0 -90
- package/tools/asymmetricEncryption.js.map +0 -1
package/src/core/loginSilent.ts
CHANGED
|
@@ -11,8 +11,8 @@ import { getDownlinkAndRtt } from "../tools/getDownlinkAndRtt";
|
|
|
11
11
|
import { getIsDev } from "../tools/isDev";
|
|
12
12
|
import { type AuthResponse } from "./AuthResponse";
|
|
13
13
|
import { addOrUpdateSearchParam } from "../tools/urlSearchParams";
|
|
14
|
-
import { initIframeMessageProtection } from "./iframeMessageProtection";
|
|
15
14
|
import { getIsOnline } from "../tools/getIsOnline";
|
|
15
|
+
import { getEvtIframeAuthResponse } from "./earlyInit";
|
|
16
16
|
|
|
17
17
|
type ResultOfLoginSilent =
|
|
18
18
|
| {
|
|
@@ -87,17 +87,6 @@ export async function loginSilent(params: {
|
|
|
87
87
|
return Math.max(BASE_DELAY_MS, dynamicDelay);
|
|
88
88
|
})();
|
|
89
89
|
|
|
90
|
-
const {
|
|
91
|
-
getIsReadyToReadPublicKeyMessage,
|
|
92
|
-
startSessionStoragePublicKeyMaliciousWriteDetection,
|
|
93
|
-
setSessionStoragePublicKey,
|
|
94
|
-
decodeEncryptedAuth,
|
|
95
|
-
getIsEncryptedAuthResponse,
|
|
96
|
-
clearSessionStoragePublicKey
|
|
97
|
-
} = await initIframeMessageProtection({
|
|
98
|
-
stateUrlParamValue: stateUrlParamValue_instance
|
|
99
|
-
});
|
|
100
|
-
|
|
101
90
|
let clearTimeouts: (params: { wasSuccess: boolean }) => void;
|
|
102
91
|
{
|
|
103
92
|
let hasLoggedWarningMessage = false;
|
|
@@ -136,75 +125,28 @@ export async function loginSilent(params: {
|
|
|
136
125
|
};
|
|
137
126
|
}
|
|
138
127
|
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
if (event.origin !== window.location.origin) {
|
|
143
|
-
return;
|
|
144
|
-
}
|
|
145
|
-
|
|
146
|
-
if (
|
|
147
|
-
!getIsReadyToReadPublicKeyMessage({
|
|
148
|
-
stateUrlParamValue: stateUrlParamValue_instance,
|
|
149
|
-
message: event.data
|
|
150
|
-
})
|
|
151
|
-
) {
|
|
152
|
-
return;
|
|
153
|
-
}
|
|
154
|
-
|
|
155
|
-
window.removeEventListener("message", listener, false);
|
|
156
|
-
|
|
157
|
-
setSessionStoragePublicKey();
|
|
158
|
-
|
|
159
|
-
const dEncryptedAuthResponse = new Deferred<string>();
|
|
160
|
-
|
|
161
|
-
listener = event => {
|
|
162
|
-
if (event.origin !== window.location.origin) {
|
|
163
|
-
return;
|
|
164
|
-
}
|
|
165
|
-
|
|
166
|
-
const message = event.data;
|
|
167
|
-
|
|
168
|
-
if (
|
|
169
|
-
!getIsEncryptedAuthResponse({
|
|
170
|
-
stateUrlParamValue: stateUrlParamValue_instance,
|
|
171
|
-
message
|
|
172
|
-
})
|
|
173
|
-
) {
|
|
128
|
+
const { unsubscribe: unsubscribe_evtIframeAuthResponse } = getEvtIframeAuthResponse().subscribe(
|
|
129
|
+
authResponse => {
|
|
130
|
+
if (authResponse.state !== stateUrlParamValue_instance) {
|
|
174
131
|
return;
|
|
175
132
|
}
|
|
176
133
|
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
// NOTE: Acknowledge that we're also doing it later but
|
|
180
|
-
// since there's a aggressive write protection in place
|
|
181
|
-
// it's good to clear the key ASAP.
|
|
182
|
-
clearSessionStoragePublicKey();
|
|
183
|
-
|
|
184
|
-
dEncryptedAuthResponse.resolve(message);
|
|
185
|
-
};
|
|
186
|
-
|
|
187
|
-
window.addEventListener("message", listener, false);
|
|
188
|
-
|
|
189
|
-
const encryptedAuthResponse = await dEncryptedAuthResponse.pr;
|
|
134
|
+
unsubscribe_evtIframeAuthResponse();
|
|
190
135
|
|
|
191
|
-
|
|
136
|
+
const stateData = getStateData({ stateUrlParamValue: authResponse.state });
|
|
192
137
|
|
|
193
|
-
|
|
138
|
+
assert(stateData !== undefined, "765645");
|
|
139
|
+
assert(stateData.context === "iframe", "250711");
|
|
140
|
+
assert(stateData.configId === configId, "4922732");
|
|
194
141
|
|
|
195
|
-
|
|
196
|
-
assert(stateData.context === "iframe", "250711");
|
|
197
|
-
assert(stateData.configId === configId, "4922732");
|
|
142
|
+
clearTimeouts({ wasSuccess: true });
|
|
198
143
|
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
};
|
|
206
|
-
|
|
207
|
-
window.addEventListener("message", listener, false);
|
|
144
|
+
dResult.resolve({
|
|
145
|
+
outcome: "got auth response from iframe",
|
|
146
|
+
authResponse
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
);
|
|
208
150
|
|
|
209
151
|
const transformUrl_oidcClientTs = (url: string) => {
|
|
210
152
|
add_extra_query_params: {
|
|
@@ -232,8 +174,6 @@ export async function loginSilent(params: {
|
|
|
232
174
|
return url;
|
|
233
175
|
};
|
|
234
176
|
|
|
235
|
-
startSessionStoragePublicKeyMaliciousWriteDetection();
|
|
236
|
-
|
|
237
177
|
oidcClientTsUserManager
|
|
238
178
|
.signinSilent({
|
|
239
179
|
state: id<StateData.IFrame>({
|
|
@@ -250,7 +190,7 @@ export async function loginSilent(params: {
|
|
|
250
190
|
assert(oidcClientTsUser !== null, "oidcClientTsUser is not supposed to be null here");
|
|
251
191
|
|
|
252
192
|
clearTimeouts({ wasSuccess: true });
|
|
253
|
-
|
|
193
|
+
unsubscribe_evtIframeAuthResponse();
|
|
254
194
|
|
|
255
195
|
dResult.resolve({
|
|
256
196
|
outcome: "token refreshed using refresh token",
|
|
@@ -264,10 +204,9 @@ export async function loginSilent(params: {
|
|
|
264
204
|
);
|
|
265
205
|
|
|
266
206
|
dResult.pr.then(result => {
|
|
267
|
-
clearSessionStoragePublicKey();
|
|
268
|
-
|
|
269
207
|
if (result.outcome === "timeout") {
|
|
270
208
|
clearStateStore({ stateUrlParamValue: stateUrlParamValue_instance });
|
|
209
|
+
unsubscribe_evtIframeAuthResponse();
|
|
271
210
|
}
|
|
272
211
|
});
|
|
273
212
|
|
package/src/tools/Evt.ts
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { Deferred } from "./Deferred";
|
|
2
|
-
import { assert, is } from "../tools/tsafe/assert";
|
|
3
2
|
|
|
4
3
|
export type NonPostableEvt<T> = {
|
|
5
4
|
waitFor: () => Promise<T>;
|
|
@@ -12,40 +11,42 @@ export type Evt<T> = NonPostableEvt<T> & {
|
|
|
12
11
|
};
|
|
13
12
|
|
|
14
13
|
export function createEvt<T>(): Evt<T> {
|
|
15
|
-
const
|
|
16
|
-
const KEY = "event";
|
|
17
|
-
|
|
14
|
+
const listeners: Array<(data: T) => void> = [];
|
|
18
15
|
let postCount = 0;
|
|
19
16
|
|
|
20
17
|
const evt: Evt<T> = {
|
|
21
18
|
subscribe: next => {
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
next(e.detail);
|
|
26
|
-
};
|
|
27
|
-
|
|
28
|
-
eventTarget.addEventListener(KEY, listener);
|
|
29
|
-
|
|
19
|
+
listeners.push(next);
|
|
20
|
+
let isActive = true;
|
|
30
21
|
return {
|
|
31
22
|
unsubscribe: () => {
|
|
32
|
-
|
|
23
|
+
if (!isActive) {
|
|
24
|
+
return;
|
|
25
|
+
}
|
|
26
|
+
isActive = false;
|
|
27
|
+
const i = listeners.indexOf(next);
|
|
28
|
+
if (i >= 0) {
|
|
29
|
+
listeners.splice(i, 1);
|
|
30
|
+
}
|
|
33
31
|
}
|
|
34
32
|
};
|
|
35
33
|
},
|
|
36
34
|
waitFor: () => {
|
|
37
35
|
const d = new Deferred<T>();
|
|
38
|
-
|
|
39
36
|
const { unsubscribe } = evt.subscribe(data => {
|
|
40
37
|
unsubscribe();
|
|
41
38
|
d.resolve(data);
|
|
42
39
|
});
|
|
43
|
-
|
|
44
40
|
return d.pr;
|
|
45
41
|
},
|
|
46
42
|
post: (data: T) => {
|
|
47
43
|
postCount++;
|
|
48
|
-
|
|
44
|
+
const snapshot = listeners.slice();
|
|
45
|
+
for (const l of snapshot) {
|
|
46
|
+
try {
|
|
47
|
+
l(data);
|
|
48
|
+
} catch {}
|
|
49
|
+
}
|
|
49
50
|
},
|
|
50
51
|
get postCount() {
|
|
51
52
|
return postCount;
|
|
@@ -64,12 +64,8 @@ export function createLoadHandleEntrypoint(params: {
|
|
|
64
64
|
|
|
65
65
|
entryResolution.watchFiles.forEach(file => pluginContext.addWatchFile(file));
|
|
66
66
|
|
|
67
|
-
const {
|
|
68
|
-
|
|
69
|
-
freezeXMLHttpRequest = true,
|
|
70
|
-
freezeWebSocket = true,
|
|
71
|
-
...rest
|
|
72
|
-
} = oidcSpaVitePluginParams ?? {};
|
|
67
|
+
const { freezeFetch, freezeXMLHttpRequest, freezeWebSocket, freezePromise, safeMode, ...rest } =
|
|
68
|
+
oidcSpaVitePluginParams ?? {};
|
|
73
69
|
|
|
74
70
|
assert<Equals<typeof rest, {}>>;
|
|
75
71
|
|
|
@@ -81,6 +77,8 @@ export function createLoadHandleEntrypoint(params: {
|
|
|
81
77
|
` freezeFetch: ${freezeFetch},`,
|
|
82
78
|
` freezeXMLHttpRequest: ${freezeXMLHttpRequest},`,
|
|
83
79
|
` freezeWebSocket: ${freezeWebSocket},`,
|
|
80
|
+
` freezePromise: ${freezePromise},`,
|
|
81
|
+
` safeMode: ${safeMode},`,
|
|
84
82
|
` isPostLoginRedirectManual: ${projectType === "tanstack-start"},`,
|
|
85
83
|
` BASE_URL: "${resolvedConfig.base}"`,
|
|
86
84
|
`});`,
|
package/tools/Evt.js
CHANGED
|
@@ -2,21 +2,23 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.createEvt = createEvt;
|
|
4
4
|
const Deferred_1 = require("./Deferred");
|
|
5
|
-
const assert_1 = require("../tools/tsafe/assert");
|
|
6
5
|
function createEvt() {
|
|
7
|
-
const
|
|
8
|
-
const KEY = "event";
|
|
6
|
+
const listeners = [];
|
|
9
7
|
let postCount = 0;
|
|
10
8
|
const evt = {
|
|
11
9
|
subscribe: next => {
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
next(e.detail);
|
|
15
|
-
};
|
|
16
|
-
eventTarget.addEventListener(KEY, listener);
|
|
10
|
+
listeners.push(next);
|
|
11
|
+
let isActive = true;
|
|
17
12
|
return {
|
|
18
13
|
unsubscribe: () => {
|
|
19
|
-
|
|
14
|
+
if (!isActive) {
|
|
15
|
+
return;
|
|
16
|
+
}
|
|
17
|
+
isActive = false;
|
|
18
|
+
const i = listeners.indexOf(next);
|
|
19
|
+
if (i >= 0) {
|
|
20
|
+
listeners.splice(i, 1);
|
|
21
|
+
}
|
|
20
22
|
}
|
|
21
23
|
};
|
|
22
24
|
},
|
|
@@ -30,7 +32,13 @@ function createEvt() {
|
|
|
30
32
|
},
|
|
31
33
|
post: (data) => {
|
|
32
34
|
postCount++;
|
|
33
|
-
|
|
35
|
+
const snapshot = listeners.slice();
|
|
36
|
+
for (const l of snapshot) {
|
|
37
|
+
try {
|
|
38
|
+
l(data);
|
|
39
|
+
}
|
|
40
|
+
catch { }
|
|
41
|
+
}
|
|
34
42
|
},
|
|
35
43
|
get postCount() {
|
|
36
44
|
return postCount;
|
package/tools/Evt.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Evt.js","sourceRoot":"","sources":["../src/tools/Evt.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"Evt.js","sourceRoot":"","sources":["../src/tools/Evt.ts"],"names":[],"mappings":";;AAYA,8BA4CC;AAxDD,yCAAsC;AAYtC,SAAgB,SAAS;IACrB,MAAM,SAAS,GAA6B,EAAE,CAAC;IAC/C,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,MAAM,GAAG,GAAW;QAChB,SAAS,EAAE,IAAI,CAAC,EAAE;YACd,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrB,IAAI,QAAQ,GAAG,IAAI,CAAC;YACpB,OAAO;gBACH,WAAW,EAAE,GAAG,EAAE;oBACd,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACZ,OAAO;oBACX,CAAC;oBACD,QAAQ,GAAG,KAAK,CAAC;oBACjB,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAClC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACT,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;oBAC3B,CAAC;gBACL,CAAC;aACJ,CAAC;QACN,CAAC;QACD,OAAO,EAAE,GAAG,EAAE;YACV,MAAM,CAAC,GAAG,IAAI,mBAAQ,EAAK,CAAC;YAC5B,MAAM,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBACzC,WAAW,EAAE,CAAC;gBACd,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACpB,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,EAAE,CAAC;QAChB,CAAC;QACD,IAAI,EAAE,CAAC,IAAO,EAAE,EAAE;YACd,SAAS,EAAE,CAAC;YACZ,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,EAAE,CAAC;YACnC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACvB,IAAI,CAAC;oBACD,CAAC,CAAC,IAAI,CAAC,CAAC;gBACZ,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACd,CAAC;QACL,CAAC;QACD,IAAI,SAAS;YACT,OAAO,SAAS,CAAC;QACrB,CAAC;KACJ,CAAC;IAEF,OAAO,GAAG,CAAC;AACf,CAAC"}
|
|
@@ -70,7 +70,7 @@ function createLoadHandleEntrypoint(params) {
|
|
|
70
70
|
return loadOriginalModule(entryResolution, pluginContext);
|
|
71
71
|
}
|
|
72
72
|
entryResolution.watchFiles.forEach(file => pluginContext.addWatchFile(file));
|
|
73
|
-
const { freezeFetch
|
|
73
|
+
const { freezeFetch, freezeXMLHttpRequest, freezeWebSocket, freezePromise, safeMode, ...rest } = oidcSpaVitePluginParams ?? {};
|
|
74
74
|
assert_1.assert;
|
|
75
75
|
const stubSourceCache = [
|
|
76
76
|
`import { oidcEarlyInit } from "oidc-spa/entrypoint";`,
|
|
@@ -80,6 +80,8 @@ function createLoadHandleEntrypoint(params) {
|
|
|
80
80
|
` freezeFetch: ${freezeFetch},`,
|
|
81
81
|
` freezeXMLHttpRequest: ${freezeXMLHttpRequest},`,
|
|
82
82
|
` freezeWebSocket: ${freezeWebSocket},`,
|
|
83
|
+
` freezePromise: ${freezePromise},`,
|
|
84
|
+
` safeMode: ${safeMode},`,
|
|
83
85
|
` isPostLoginRedirectManual: ${projectType === "tanstack-start"},`,
|
|
84
86
|
` BASE_URL: "${resolvedConfig.base}"`,
|
|
85
87
|
`});`,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handleClientEntrypoint.js","sourceRoot":"","sources":["../src/vite-plugin/handleClientEntrypoint.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BA,
|
|
1
|
+
{"version":3,"file":"handleClientEntrypoint.js","sourceRoot":"","sources":["../src/vite-plugin/handleClientEntrypoint.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BA,gEAqEC;AAjGD,qCAAqC;AACrC,qCAAyC;AACzC,gDAAkC;AAClC,uCAAyC;AACzC,+BAAqC;AACrC,kDAA+C;AAU/C,MAAM,oBAAoB,GAAG,mBAAmB,CAAC;AAEjD,MAAM,wBAAwB,GAAG,CAAC,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,CAAC,CAAC;AAEhG,MAAM,6BAA6B,GAAG;IAClC,kBAAkB;IAClB,iBAAiB;IACjB,kBAAkB;IAClB,iBAAiB;CACpB,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAAC,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;AAEzF,SAAgB,0BAA0B,CAAC,MAI1C;IACG,MAAM,EAAE,uBAAuB,EAAE,cAAc,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC;IAExE,MAAM,eAAe,GAAG,sBAAsB,CAAC;QAC3C,MAAM,EAAE,cAAc;QACtB,WAAW;KACd,CAAC,CAAC;IAEH,KAAK,UAAU,oBAAoB,CAAC,MAGnC;QACG,MAAM,EAAE,EAAE,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;QACrC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC;QACnD,MAAM,qBAAqB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAC5D,IAAI,CAAC,qBAAqB,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,IAAI,qBAAqB,KAAK,eAAe,CAAC,cAAc,EAAE,CAAC;YAC3D,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,iBAAiB,GAAG,WAAW,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAEpF,IAAI,iBAAiB,EAAE,CAAC;YACpB,OAAO,kBAAkB,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;QAC9D,CAAC;QAED,eAAe,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QAE7E,MAAM,EAAE,WAAW,EAAE,oBAAoB,EAAE,eAAe,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,GAC1F,uBAAuB,IAAI,EAAE,CAAC;QAElC,eAA+B,CAAC;QAEhC,MAAM,eAAe,GAAG;YACpB,sDAAsD;YACtD,WAAW,KAAK,gBAAgB;gBAC5B,4JAA4J;YAChK,2CAA2C;YAC3C,oBAAoB,WAAW,GAAG;YAClC,6BAA6B,oBAAoB,GAAG;YACpD,wBAAwB,eAAe,GAAG;YAC1C,sBAAsB,aAAa,GAAG;YACtC,iBAAiB,QAAQ,GAAG;YAC5B,kCAAkC,WAAW,KAAK,gBAAgB,GAAG;YACrE,kBAAkB,cAAc,CAAC,IAAI,GAAG;YACxC,KAAK;YACL,EAAE;YACF,oBAAoB;YACpB,WAAW,KAAK,gBAAgB;gBAC5B,oEAAoE;YACxE,iBAAiB,IAAI,CAAC,QAAQ,CAC1B,eAAe,CAAC,YAAY,CAC/B,IAAI,oBAAoB,UAAU;YACnC,GAAG;SACN;aACI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC;aACxC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEhB,OAAO,eAAe,CAAC;IAC3B,CAAC;IAED,OAAO,oBAAoB,CAAC;AAChC,CAAC;AAED,SAAS,sBAAsB,CAAC,EAC5B,MAAM,EACN,WAAW,EAId;IACG,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IAEzB,QAAQ,WAAW,EAAE,CAAC;QAClB,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACpB,MAAM,SAAS,GAAG,gBAAgB,CAAC;gBAC/B,IAAI;gBACJ,cAAc,EAAE,CAAC,KAAK,CAAC;gBACvB,SAAS,EAAE,yBAAyB;aACvC,CAAC,CAAC;YAEH,MAAM,SAAS,GACX,SAAS;gBACT,kBAAkB,CAAC,uBAAuB,EAAE;oBACxC,MAAM;oBACN,QAAQ;oBACR,eAAe;oBACf,YAAY;iBACf,CAAC,CAAC;YAEP,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAEhD,MAAM,UAAU,GAAoB;gBAChC,YAAY,EAAE,SAAS;gBACvB,cAAc,EAAE,UAAU;gBAC1B,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE;aAC3C,CAAC;YAEF,OAAO,UAAU,CAAC;QACtB,CAAC;QAED,KAAK,wBAAwB,CAAC,CAAC,CAAC;YAC5B,MAAM,SAAS,GAAG,gBAAgB,CAAC;gBAC/B,IAAI;gBACJ,cAAc,EAAE,CAAC,KAAK,CAAC;gBACvB,SAAS,EAAE,6BAA6B;aAC3C,CAAC,CAAC;YAEH,MAAM,SAAS,GACX,SAAS;gBACT,kBAAkB,CAAC,mBAAmB,EAAE;oBACpC,MAAM;oBACN,QAAQ;oBACR,UAAU;oBACV,kBAAkB;iBACrB,CAAC,CAAC;YAEP,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAEhD,MAAM,UAAU,GAAoB;gBAChC,YAAY,EAAE,SAAS;gBACvB,cAAc,EAAE,UAAU;gBAC1B,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE;aAC3C,CAAC;YAEF,OAAO,UAAU,CAAC;QACtB,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACX,MAAM,SAAS,GAAG,gBAAgB,CAAC;gBAC/B,IAAI;gBACJ,cAAc,EAAE,CAAC,GAAG,CAAC;gBACrB,SAAS,EAAE,wBAAwB;aACtC,CAAC,CAAC;YAEH,IAAA,eAAM,EAAC,SAAS,KAAK,SAAS,CAAC,CAAC;YAEhC,MAAM,UAAU,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAEhD,MAAM,UAAU,GAAoB;gBAChC,YAAY,EAAE,SAAS;gBACvB,cAAc,EAAE,UAAU;gBAC1B,UAAU,EAAE,CAAC,SAAS,CAAC;aAC1B,CAAC;YAEF,OAAO,UAAU,CAAC;QACtB,CAAC;QAED;YACI,IAAA,eAAM,EAAoC,KAAK,CAAC,CAAC;IACzD,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CACvB,KAAsB,EACtB,OAA2C;IAE3C,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,OAAO,kBAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,gBAAgB,CAAC,EACtB,IAAI,EACJ,cAAc,EACd,SAAS,EAKZ;IACG,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QACxC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;YAC7D,IAAI,IAAA,oBAAU,EAAC,SAAS,CAAC,EAAE,CAAC;gBACxB,OAAO,SAAS,CAAC;YACrB,CAAC;QACL,CAAC;IACL,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,SAAS,kBAAkB,CAAC,WAAmB,EAAE,QAAkB;IAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,WAAW,eAAe,CAAC,CAAC;IAC/D,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,GAAG,QAAQ,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACvC,OAAO,IAAA,oBAAa,EAAC,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,OAAO,CAAC,EAAU;IACvB,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;QACpB,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,eAAe,EAAE,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACzC,MAAM,WAAW,GAAG,EAAE,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IAC7C,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;AAC7E,CAAC;AAED,SAAS,oBAAoB,CAAC,EAAU;IACpC,IAAI,WAAW,GAAG,EAAE,CAAC;IAErB,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;SAAM,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3C,WAAW,GAAG,IAAA,wBAAa,EAAC,WAAW,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9D,OAAO,IAAA,oBAAa,EAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,IAAA,oBAAa,EAAC,WAAW,CAAC,CAAC;AACtC,CAAC"}
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
import { type AuthResponse } from "./AuthResponse";
|
|
2
|
-
/**
|
|
3
|
-
* To call while still in the safe window where no other code
|
|
4
|
-
* has been evaluated and only before we're about to actually start the App.
|
|
5
|
-
*/
|
|
6
|
-
export declare function iframeMessageProtection_captureAndLockBuiltins(): void;
|
|
7
|
-
declare function getIsEncryptedAuthResponse(params: {
|
|
8
|
-
message: unknown;
|
|
9
|
-
stateUrlParamValue: string;
|
|
10
|
-
}): boolean;
|
|
11
|
-
declare function getIsReadyToReadPublicKeyMessage(params: {
|
|
12
|
-
message: unknown;
|
|
13
|
-
stateUrlParamValue: string;
|
|
14
|
-
}): boolean;
|
|
15
|
-
export declare function initIframeMessageProtection(params: {
|
|
16
|
-
stateUrlParamValue: string;
|
|
17
|
-
}): Promise<{
|
|
18
|
-
getIsReadyToReadPublicKeyMessage: typeof getIsReadyToReadPublicKeyMessage;
|
|
19
|
-
startSessionStoragePublicKeyMaliciousWriteDetection: () => void;
|
|
20
|
-
setSessionStoragePublicKey: () => void;
|
|
21
|
-
getIsEncryptedAuthResponse: typeof getIsEncryptedAuthResponse;
|
|
22
|
-
decodeEncryptedAuth: (params: {
|
|
23
|
-
encryptedAuthResponse: string;
|
|
24
|
-
}) => Promise<{
|
|
25
|
-
authResponse: AuthResponse;
|
|
26
|
-
}>;
|
|
27
|
-
clearSessionStoragePublicKey: () => void;
|
|
28
|
-
}>;
|
|
29
|
-
export declare function postEncryptedAuthResponseToParent(params: {
|
|
30
|
-
authResponse: AuthResponse;
|
|
31
|
-
}): Promise<void>;
|
|
32
|
-
export {};
|
|
@@ -1,154 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.iframeMessageProtection_captureAndLockBuiltins = iframeMessageProtection_captureAndLockBuiltins;
|
|
4
|
-
exports.initIframeMessageProtection = initIframeMessageProtection;
|
|
5
|
-
exports.postEncryptedAuthResponseToParent = postEncryptedAuthResponseToParent;
|
|
6
|
-
const assert_1 = require("../tools/tsafe/assert");
|
|
7
|
-
const asymmetricEncryption_1 = require("../tools/asymmetricEncryption");
|
|
8
|
-
let capturedApis = undefined;
|
|
9
|
-
const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
10
|
-
const getProtectedTimer_set = new Set();
|
|
11
|
-
/**
|
|
12
|
-
* To call while still in the safe window where no other code
|
|
13
|
-
* has been evaluated and only before we're about to actually start the App.
|
|
14
|
-
*/
|
|
15
|
-
function iframeMessageProtection_captureAndLockBuiltins() {
|
|
16
|
-
capturedApis = {
|
|
17
|
-
setItem: Storage.prototype.setItem,
|
|
18
|
-
sessionStorage: window.sessionStorage,
|
|
19
|
-
setTimeout: window.setTimeout,
|
|
20
|
-
clearTimeout: window.clearTimeout,
|
|
21
|
-
alert: window.alert
|
|
22
|
-
};
|
|
23
|
-
// Ensure, at least from main window we cannot simply write on the public key.
|
|
24
|
-
{
|
|
25
|
-
const setItem_protected = function setItem(key, value) {
|
|
26
|
-
if (key.startsWith(SESSION_STORAGE_PREFIX)) {
|
|
27
|
-
throw new Error("Attack prevented by oidc-spa. You have malicious code running in your system");
|
|
28
|
-
}
|
|
29
|
-
(0, assert_1.assert)(capturedApis !== undefined);
|
|
30
|
-
return capturedApis.setItem.call(this, key, value);
|
|
31
|
-
};
|
|
32
|
-
{
|
|
33
|
-
const pd = Object.getOwnPropertyDescriptor(Storage.prototype, "setItem");
|
|
34
|
-
(0, assert_1.assert)(pd !== undefined);
|
|
35
|
-
Object.defineProperty(Storage.prototype, "setItem", {
|
|
36
|
-
enumerable: pd.enumerable,
|
|
37
|
-
writable: pd.writable,
|
|
38
|
-
value: setItem_protected
|
|
39
|
-
});
|
|
40
|
-
}
|
|
41
|
-
}
|
|
42
|
-
window.clearTimeout = function clearTimeout(timer) {
|
|
43
|
-
for (const getProtectedTimer of getProtectedTimer_set) {
|
|
44
|
-
const timer_protected = getProtectedTimer();
|
|
45
|
-
if (timer_protected === undefined) {
|
|
46
|
-
continue;
|
|
47
|
-
}
|
|
48
|
-
if (timer_protected === timer) {
|
|
49
|
-
// Probably an attack but potentially not so avoiding hard crash
|
|
50
|
-
return;
|
|
51
|
-
}
|
|
52
|
-
}
|
|
53
|
-
(0, assert_1.assert)(capturedApis !== undefined);
|
|
54
|
-
capturedApis.clearTimeout.call(window, timer);
|
|
55
|
-
};
|
|
56
|
-
}
|
|
57
|
-
function getSessionStorageKey(params) {
|
|
58
|
-
const { stateUrlParamValue } = params;
|
|
59
|
-
return `${SESSION_STORAGE_PREFIX}${stateUrlParamValue}`;
|
|
60
|
-
}
|
|
61
|
-
const ENCRYPTED_AUTH_RESPONSES_PREFIX = "oidc-spa_encrypted_authResponse_";
|
|
62
|
-
function getIsEncryptedAuthResponse(params) {
|
|
63
|
-
const { message, stateUrlParamValue } = params;
|
|
64
|
-
return (typeof message === "string" &&
|
|
65
|
-
message.startsWith(`${ENCRYPTED_AUTH_RESPONSES_PREFIX}${stateUrlParamValue}`));
|
|
66
|
-
}
|
|
67
|
-
function getReadyMessage(params) {
|
|
68
|
-
const { stateUrlParamValue } = params;
|
|
69
|
-
return `oidc-spa_ready_to_read_publicKey_${stateUrlParamValue}`;
|
|
70
|
-
}
|
|
71
|
-
function getIsReadyToReadPublicKeyMessage(params) {
|
|
72
|
-
const { message, stateUrlParamValue } = params;
|
|
73
|
-
return message === getReadyMessage({ stateUrlParamValue });
|
|
74
|
-
}
|
|
75
|
-
async function initIframeMessageProtection(params) {
|
|
76
|
-
const { stateUrlParamValue } = params;
|
|
77
|
-
const { publicKey, privateKey } = await (0, asymmetricEncryption_1.generateKeys)();
|
|
78
|
-
const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
|
|
79
|
-
let timer = undefined;
|
|
80
|
-
const getProtectedTimer = () => timer;
|
|
81
|
-
getProtectedTimer_set.add(getProtectedTimer);
|
|
82
|
-
function setSessionStoragePublicKey() {
|
|
83
|
-
(0, assert_1.assert)(capturedApis !== undefined);
|
|
84
|
-
const { setItem } = capturedApis;
|
|
85
|
-
setItem.call(capturedApis.sessionStorage, sessionStorageKey, publicKey);
|
|
86
|
-
}
|
|
87
|
-
function startSessionStoragePublicKeyMaliciousWriteDetection() {
|
|
88
|
-
(0, assert_1.assert)(capturedApis !== undefined);
|
|
89
|
-
const { alert, setTimeout } = capturedApis;
|
|
90
|
-
sessionStorage.removeItem(sessionStorageKey);
|
|
91
|
-
const checkTimeoutCallback = () => {
|
|
92
|
-
const publicKey_inStorage = sessionStorage.getItem(sessionStorageKey);
|
|
93
|
-
if (publicKey_inStorage !== null && publicKey_inStorage !== publicKey) {
|
|
94
|
-
while (true) {
|
|
95
|
-
alert([
|
|
96
|
-
"⚠️ Security Alert:",
|
|
97
|
-
"oidc-spa detected an attack attempt.",
|
|
98
|
-
"For your safety, please close this tab immediately",
|
|
99
|
-
"and notify the site administrator."
|
|
100
|
-
].join(" "));
|
|
101
|
-
}
|
|
102
|
-
}
|
|
103
|
-
check();
|
|
104
|
-
};
|
|
105
|
-
function check() {
|
|
106
|
-
timer = setTimeout(checkTimeoutCallback, 5);
|
|
107
|
-
}
|
|
108
|
-
check();
|
|
109
|
-
}
|
|
110
|
-
async function decodeEncryptedAuth(params) {
|
|
111
|
-
const { encryptedAuthResponse } = params;
|
|
112
|
-
const { message: authResponse_str } = await (0, asymmetricEncryption_1.asymmetricDecrypt)({
|
|
113
|
-
encryptedMessage: encryptedAuthResponse.slice(ENCRYPTED_AUTH_RESPONSES_PREFIX.length + stateUrlParamValue.length),
|
|
114
|
-
privateKey
|
|
115
|
-
});
|
|
116
|
-
const authResponse = JSON.parse(authResponse_str);
|
|
117
|
-
return { authResponse };
|
|
118
|
-
}
|
|
119
|
-
function clearSessionStoragePublicKey() {
|
|
120
|
-
(0, assert_1.assert)(capturedApis !== undefined);
|
|
121
|
-
const { clearTimeout } = capturedApis;
|
|
122
|
-
sessionStorage.removeItem(sessionStorageKey);
|
|
123
|
-
clearTimeout(timer);
|
|
124
|
-
getProtectedTimer_set.delete(getProtectedTimer);
|
|
125
|
-
}
|
|
126
|
-
return {
|
|
127
|
-
getIsReadyToReadPublicKeyMessage,
|
|
128
|
-
startSessionStoragePublicKeyMaliciousWriteDetection,
|
|
129
|
-
setSessionStoragePublicKey,
|
|
130
|
-
getIsEncryptedAuthResponse,
|
|
131
|
-
decodeEncryptedAuth,
|
|
132
|
-
clearSessionStoragePublicKey
|
|
133
|
-
};
|
|
134
|
-
}
|
|
135
|
-
async function postEncryptedAuthResponseToParent(params) {
|
|
136
|
-
const { authResponse } = params;
|
|
137
|
-
parent.postMessage(getReadyMessage({ stateUrlParamValue: authResponse.state }), location.origin);
|
|
138
|
-
await new Promise(resolve => setTimeout(resolve, 2));
|
|
139
|
-
let publicKey;
|
|
140
|
-
{
|
|
141
|
-
let sessionStorageKey = getSessionStorageKey({ stateUrlParamValue: authResponse.state });
|
|
142
|
-
while ((publicKey = sessionStorage.getItem(sessionStorageKey)) === null) {
|
|
143
|
-
await new Promise(resolve => setTimeout(resolve, 2));
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
await new Promise(resolve => setTimeout(resolve, 7));
|
|
147
|
-
const { encryptedMessage: encryptedMessage_withoutPrefix } = await (0, asymmetricEncryption_1.asymmetricEncrypt)({
|
|
148
|
-
publicKey,
|
|
149
|
-
message: JSON.stringify(authResponse)
|
|
150
|
-
});
|
|
151
|
-
const encryptedMessage = `${ENCRYPTED_AUTH_RESPONSES_PREFIX}${authResponse.state}${encryptedMessage_withoutPrefix}`;
|
|
152
|
-
parent.postMessage(encryptedMessage, location.origin);
|
|
153
|
-
}
|
|
154
|
-
//# sourceMappingURL=iframeMessageProtection.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;AAsBA,wGAoDC;AA6BD,kEAsFC;AAED,8EA2BC;AA1ND,kDAA+C;AAC/C,wEAAmG;AAGnG,IAAI,YAAY,GAQE,SAAS,CAAC;AAE5B,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,MAAM,qBAAqB,GAAG,IAAI,GAAG,EAA4B,CAAC;AAElE;;;GAGG;AACH,SAAgB,8CAA8C;IAC1D,YAAY,GAAG;QACX,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,OAAO;QAClC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,KAAK,EAAE,MAAM,CAAC,KAAK;KACtB,CAAC;IAEF,8EAA8E;IAC9E,CAAC;QACG,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;YAC5E,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;YACN,CAAC;YAED,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;YAEnC,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QACvD,CAAC,CAAC;QAEF,CAAC;YACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YAEzE,IAAA,eAAM,EAAC,EAAE,KAAK,SAAS,CAAC,CAAC;YAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;gBAChD,UAAU,EAAE,EAAE,CAAC,UAAU;gBACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,KAAK,EAAE,iBAAiB;aAC3B,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAED,MAAM,CAAC,YAAY,GAAG,SAAS,YAAY,CAAC,KAAK;QAC7C,KAAK,MAAM,iBAAiB,IAAI,qBAAqB,EAAE,CAAC;YACpD,MAAM,eAAe,GAAG,iBAAiB,EAAE,CAAC;YAC5C,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBAChC,SAAS;YACb,CAAC;YACD,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;gBAC5B,gEAAgE;gBAChE,OAAO;YACX,CAAC;QACL,CAAC;QAED,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,YAAY,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC,CAAC;AACN,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,0BAA0B,CAAC,MAAwD;IACxF,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAE/C,OAAO,CACH,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,kBAAkB,EAAE,CAAC,CAChF,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,MAAsC;IAC3D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IACtC,OAAO,oCAAoC,kBAAkB,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,gCAAgC,CAAC,MAAwD;IAC9F,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAC/C,OAAO,OAAO,KAAK,eAAe,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAC/D,CAAC;AAEM,KAAK,UAAU,2BAA2B,CAAC,MAAsC;IACpF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,mCAAY,GAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,IAAI,KAAK,GAAuB,SAAS,CAAC;IAE1C,MAAM,iBAAiB,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC;IAEtC,qBAAqB,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAE7C,SAAS,0BAA0B;QAC/B,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;QAEjC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAC5E,CAAC;IAED,SAAS,mDAAmD;QACxD,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QAEnC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,YAAY,CAAC;QAE3C,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAE7C,MAAM,oBAAoB,GAAG,GAAG,EAAE;YAC9B,MAAM,mBAAmB,GAAG,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;YAEtE,IAAI,mBAAmB,KAAK,IAAI,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACpE,OAAO,IAAI,EAAE,CAAC;oBACV,KAAK,CACD;wBACI,oBAAoB;wBACpB,sCAAsC;wBACtC,oDAAoD;wBACpD,oCAAoC;qBACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACN,CAAC;YACL,CAAC;YACD,KAAK,EAAE,CAAC;QACZ,CAAC,CAAC;QAEF,SAAS,KAAK;YACV,KAAK,GAAG,UAAU,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC;QAED,KAAK,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAElC;QACG,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAAC;QAEzC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAA,wCAAiB,EAAC;YAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CACzC,+BAA+B,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CACrE;YACD,UAAU;SACb,CAAC,CAAC;QAEH,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEhE,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,4BAA4B;QACjC,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,CAAC,CAAC;QACnC,MAAM,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC;QACtC,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC7C,YAAY,CAAC,KAAK,CAAC,CAAC;QACpB,qBAAqB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IACpD,CAAC;IAED,OAAO;QACH,gCAAgC;QAChC,mDAAmD;QACnD,0BAA0B;QAC1B,0BAA0B;QAC1B,mBAAmB;QACnB,4BAA4B;KAC/B,CAAC;AACN,CAAC;AAEM,KAAK,UAAU,iCAAiC,CAAC,MAAsC;IAC1F,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEhC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEjG,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,IAAI,SAAwB,CAAC;IAE7B,CAAC;QACG,IAAI,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;QAEzF,OAAO,CAAC,SAAS,GAAG,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtE,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC;IACL,CAAC;IAED,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,MAAM,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,GAAG,MAAM,IAAA,wCAAiB,EAAC;QACjF,SAAS;QACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,GAAG,+BAA+B,GAAG,YAAY,CAAC,KAAK,GAAG,8BAA8B,EAAE,CAAC;IAEpH,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC"}
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
import { type AuthResponse } from "./AuthResponse";
|
|
2
|
-
/**
|
|
3
|
-
* To call while still in the safe window where no other code
|
|
4
|
-
* has been evaluated and only before we're about to actually start the App.
|
|
5
|
-
*/
|
|
6
|
-
export declare function iframeMessageProtection_captureAndLockBuiltins(): void;
|
|
7
|
-
declare function getIsEncryptedAuthResponse(params: {
|
|
8
|
-
message: unknown;
|
|
9
|
-
stateUrlParamValue: string;
|
|
10
|
-
}): boolean;
|
|
11
|
-
declare function getIsReadyToReadPublicKeyMessage(params: {
|
|
12
|
-
message: unknown;
|
|
13
|
-
stateUrlParamValue: string;
|
|
14
|
-
}): boolean;
|
|
15
|
-
export declare function initIframeMessageProtection(params: {
|
|
16
|
-
stateUrlParamValue: string;
|
|
17
|
-
}): Promise<{
|
|
18
|
-
getIsReadyToReadPublicKeyMessage: typeof getIsReadyToReadPublicKeyMessage;
|
|
19
|
-
startSessionStoragePublicKeyMaliciousWriteDetection: () => void;
|
|
20
|
-
setSessionStoragePublicKey: () => void;
|
|
21
|
-
getIsEncryptedAuthResponse: typeof getIsEncryptedAuthResponse;
|
|
22
|
-
decodeEncryptedAuth: (params: {
|
|
23
|
-
encryptedAuthResponse: string;
|
|
24
|
-
}) => Promise<{
|
|
25
|
-
authResponse: AuthResponse;
|
|
26
|
-
}>;
|
|
27
|
-
clearSessionStoragePublicKey: () => void;
|
|
28
|
-
}>;
|
|
29
|
-
export declare function postEncryptedAuthResponseToParent(params: {
|
|
30
|
-
authResponse: AuthResponse;
|
|
31
|
-
}): Promise<void>;
|
|
32
|
-
export {};
|