openyida 2026.5.9-beta.2 → 2026.5.9-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/auth/qr-login.js +73 -1
- package/package.json +1 -1
package/lib/auth/qr-login.js
CHANGED
|
@@ -378,6 +378,66 @@ function resolveDingtalkLoginResultUrl(loginResult) {
|
|
|
378
378
|
null;
|
|
379
379
|
}
|
|
380
380
|
|
|
381
|
+
function isDingtalkOAuthPassResult(loginResult) {
|
|
382
|
+
return !!(
|
|
383
|
+
loginResult &&
|
|
384
|
+
typeof loginResult === 'object' &&
|
|
385
|
+
loginResult.pass === true
|
|
386
|
+
);
|
|
387
|
+
}
|
|
388
|
+
|
|
389
|
+
function getDingtalkOAuthRedirectUri(context = {}) {
|
|
390
|
+
try {
|
|
391
|
+
const parsedUrl = new URL(context.loginPageUrl);
|
|
392
|
+
return parsedUrl.searchParams.get('redirect_uri') || '';
|
|
393
|
+
} catch {
|
|
394
|
+
return '';
|
|
395
|
+
}
|
|
396
|
+
}
|
|
397
|
+
|
|
398
|
+
async function confirmDingtalkOAuthAuth(context, cookieHeader, loginResult = {}, options = {}) {
|
|
399
|
+
const postConfirmAuth = options.fetchPost || fetchPost;
|
|
400
|
+
const confirmUrl = `${context.origin}/oauth2/confirm_auth`;
|
|
401
|
+
const targetCorpId = options.corpId || loginResult.corpId || context.corpId || '';
|
|
402
|
+
const redirectUri = getDingtalkOAuthRedirectUri(context);
|
|
403
|
+
|
|
404
|
+
const confirmParams = {};
|
|
405
|
+
if (targetCorpId) {confirmParams.corpId = targetCorpId;}
|
|
406
|
+
if (loginResult.secondaryValidationResult) {
|
|
407
|
+
confirmParams.secondaryValidationResult = loginResult.secondaryValidationResult;
|
|
408
|
+
}
|
|
409
|
+
if (redirectUri) {confirmParams.redirect_uri = redirectUri;}
|
|
410
|
+
|
|
411
|
+
const response = await postConfirmAuth(confirmUrl, buildOAuthPostData(context.loginPageUrl, confirmParams), {
|
|
412
|
+
cookieHeader,
|
|
413
|
+
referer: context.loginPageUrl,
|
|
414
|
+
origin: context.origin,
|
|
415
|
+
});
|
|
416
|
+
|
|
417
|
+
const updatedCookieHeader = mergeCookies(cookieHeader, response.cookies);
|
|
418
|
+
let parsed;
|
|
419
|
+
try {
|
|
420
|
+
parsed = JSON.parse(response.body);
|
|
421
|
+
} catch {
|
|
422
|
+
throw new Error(t('qr_login.exchange_failed', response.body.substring(0, 200)));
|
|
423
|
+
}
|
|
424
|
+
|
|
425
|
+
if (!parsed.success) {
|
|
426
|
+
throw new Error(t('qr_login.exchange_api_failed', parsed.errorMsg || JSON.stringify(parsed)));
|
|
427
|
+
}
|
|
428
|
+
|
|
429
|
+
const result = parsed.result || parsed.content || parsed;
|
|
430
|
+
const redirectUrl = resolveDingtalkLoginResultUrl(result);
|
|
431
|
+
if (!redirectUrl) {
|
|
432
|
+
throw new Error(t('qr_login.exchange_api_failed', JSON.stringify(result)));
|
|
433
|
+
}
|
|
434
|
+
|
|
435
|
+
return {
|
|
436
|
+
redirectUrl,
|
|
437
|
+
cookieHeader: updatedCookieHeader,
|
|
438
|
+
};
|
|
439
|
+
}
|
|
440
|
+
|
|
381
441
|
function shouldChooseDingtalkOAuthOrganization(loginResult) {
|
|
382
442
|
return !!(
|
|
383
443
|
loginResult &&
|
|
@@ -740,7 +800,16 @@ async function exchangeDingtalkOAuthResult(baseUrl, loginResult, cookieHeader, c
|
|
|
740
800
|
resolvedLoginResult = parsed.result || parsed.content || parsed;
|
|
741
801
|
}
|
|
742
802
|
|
|
743
|
-
|
|
803
|
+
let redirectUrl = resolveDingtalkLoginResultUrl(resolvedLoginResult);
|
|
804
|
+
if (!redirectUrl && isDingtalkOAuthPassResult(resolvedLoginResult)) {
|
|
805
|
+
const confirmResult = await confirmDingtalkOAuthAuth(context, cookieHeader, resolvedLoginResult, {
|
|
806
|
+
...options,
|
|
807
|
+
corpId: options.corpId || selectedCorp?.corpId || resolvedLoginResult.corpId || context.corpId,
|
|
808
|
+
});
|
|
809
|
+
redirectUrl = confirmResult.redirectUrl;
|
|
810
|
+
cookieHeader = confirmResult.cookieHeader;
|
|
811
|
+
}
|
|
812
|
+
|
|
744
813
|
if (!redirectUrl) {
|
|
745
814
|
throw new Error(t('qr_login.exchange_api_failed', JSON.stringify(resolvedLoginResult)));
|
|
746
815
|
}
|
|
@@ -1373,6 +1442,9 @@ module.exports = {
|
|
|
1373
1442
|
resolveDingtalkOAuthCorpForFreshQr,
|
|
1374
1443
|
pollDingtalkQrCodeStatus,
|
|
1375
1444
|
buildOAuthPostData,
|
|
1445
|
+
confirmDingtalkOAuthAuth,
|
|
1446
|
+
getDingtalkOAuthRedirectUri,
|
|
1447
|
+
isDingtalkOAuthPassResult,
|
|
1376
1448
|
buildCodexCorpInteraction,
|
|
1377
1449
|
buildCodexPollCommand,
|
|
1378
1450
|
getTargetCorpId,
|