playwright-ms-auth 0.0.10

package/lib/authenticate.js

@@ -0,0 +1,213 @@
+import { expect, chromium } from "@playwright/test";
+import { CredentialProviderFactory } from "./providers";
+import { addCertAuthRoute, waitForCertAuthResponse } from "./certAuth";
+import { log, getStorageStatePath, getAuthScreenshotPath, ensureDirExists, isStorageStateValid, } from "./utils";
+import { createHash } from "node:crypto";
+const DEFAULT_LOGIN_ENDPOINT = "login.microsoftonline.com";
+/**
+ * Perform Microsoft Entra authentication and save storage state
+ */
+export async function authenticate(config, targetUrl) {
+    const storagePath = getStorageStatePath(config.email);
+    // Check if existing storage state is still valid
+    const isValid = await isStorageStateValid(storagePath, config.storageStateExpiration);
+    if (isValid) {
+        log(`[MsAuth] Storage state for '${config.email}' is still valid, skipping authentication`);
+        return;
+    }
+    log(`[MsAuth] Starting authentication for '${config.email}'`);
+    log(`[MsAuth] Credential provider: ${config.credentialProvider}`);
+    log(`[MsAuth] Credential type: ${config.credentialType}`);
+    // Create credential provider and retrieve credential
+    const provider = CredentialProviderFactory.createProvider(config.credentialProvider, config.providerConfig);
+    const credential = await provider.getCredential();
+    // Validate credential type matches configuration
+    if (credential.type !== config.credentialType) {
+        log(`[MsAuth] ##[warning]Credential type mismatch: expected '${config.credentialType}' but got '${credential.type}'`);
+    }
+    // Launch browser and perform authentication
+    const browser = await chromium.launch({
+        headless: process.env.HEADLESS !== "false",
+        args: ["--no-sandbox", "--disable-setuid-sandbox"],
+    });
+    try {
+        await performAuthenticationFlow(browser, config, targetUrl, credential, storagePath);
+        log(`[MsAuth] ##[section]Authentication completed successfully for '${config.email}'`);
+    }
+    finally {
+        await browser.close();
+    }
+}
+/**
+ * Perform the actual authentication flow in the browser
+ */
+async function performAuthenticationFlow(browser, config, targetUrl, credential, storagePath) {
+    const context = await browser.newContext({
+        storageState: undefined, // Start with fresh state
+    });
+    const page = await context.newPage();
+    try {
+        // Navigate to target URL which will redirect to login
+        log(`[MsAuth] Navigating to ${targetUrl}`);
+        await page.goto(targetUrl, { waitUntil: "domcontentloaded" });
+        // Verify we're on the Entra login page
+        const loginEndpoint = config.loginEndpoint || DEFAULT_LOGIN_ENDPOINT;
+        const loginUrlPattern = new RegExp(`https:\\/\\/${loginEndpoint.replace(/\./g, "\\.")}\\\/`);
+        await expect(page, "Expected Entra sign-in page").toHaveURL(loginUrlPattern, { timeout: 30000 });
+        const actualEndpoint = new URL(page.url()).hostname;
+        log(`[MsAuth] On Entra login page: ${actualEndpoint}`);
+        // Enter email address
+        log(`[MsAuth] Entering email: ${config.email}`);
+        await page.getByRole("textbox", { name: "email" }).fill(config.email);
+        await page.getByRole("button", { name: "next" }).click();
+        // Handle authentication based on credential type
+        if (credential.type === "certificate") {
+            await handleCertificateAuth(page, credential.value, actualEndpoint, config.email);
+        }
+        else {
+            await handlePasswordAuth(page, credential.value, config.email);
+        }
+        // Handle "Stay signed in?" prompt
+        await handleStaySignedIn(page);
+        // Wait for redirect to target URL
+        log(`[MsAuth] Waiting for redirect to target URL`);
+        await page.waitForURL(targetUrl, { timeout: 30000 });
+        // Give it a bit more time for cookies to settle
+        await page.waitForTimeout(2000);
+        // Save storage state
+        await ensureDirExists(getStorageStatePath(config.email).replace(/[^/\\\\]+$/, ""));
+        await context.storageState({ path: storagePath });
+        log(`[MsAuth] Saved storage state to ${storagePath}`);
+        // Take success screenshot
+        const screenshotPath = getAuthScreenshotPath(config.email, "success");
+        await ensureDirExists(screenshotPath.replace(/[^/\\\\]+$/, ""));
+        await page
+            .screenshot({ path: screenshotPath, fullPage: true })
+            .catch(() => { });
+        log(`[MsAuth] Screenshot saved to ${screenshotPath}`);
+    }
+    catch (error) {
+        // Take failure screenshot
+        const screenshotPath = getAuthScreenshotPath(config.email, "failed");
+        await ensureDirExists(screenshotPath.replace(/[^/\\\\]+$/, ""));
+        await page
+            .screenshot({ path: screenshotPath, fullPage: true })
+            .catch(() => { });
+        log(`[MsAuth] ##[error]Authentication failed. Screenshot: ${screenshotPath}`);
+        throw error;
+    }
+    finally {
+        await context.close();
+    }
+}
+/**
+ * Handle certificate-based authentication
+ */
+async function handleCertificateAuth(page, certificate, endpoint, email) {
+    log(`[MsAuth] Using certificate authentication`);
+    // Log certificate fingerprint for debugging
+    const fingerprint = createHash("sha256")
+        .update(new Uint8Array(certificate))
+        .digest("hex");
+    log(`[MsAuth] Certificate fingerprint: ${fingerprint}`);
+    log(`[MsAuth] Certificate size: ${certificate.byteLength} bytes`);
+    // Add certificate authentication route
+    await addCertAuthRoute(page, { pfx: certificate, authEndpoint: endpoint });
+    // Handle account type selection if needed
+    const workOrSchoolButton = page.getByRole("button", {
+        name: "Work or school account",
+    });
+    if (await workOrSchoolButton.isVisible({ timeout: 5000 }).catch(() => false)) {
+        log(`[MsAuth] Selecting 'Work or school account'`);
+        await workOrSchoolButton.click();
+    }
+    // Handle certificate selection if needed
+    const certButton = page
+        .getByRole("link", { name: "certificate" })
+        .or(page.getByRole("button", { name: "certificate" }));
+    if (await certButton.isVisible({ timeout: 5000 }).catch(() => false)) {
+        log(`[MsAuth] Selecting certificate authentication`);
+        await certButton.click();
+    }
+    // Wait for certificate authentication to complete
+    log(`[MsAuth] Waiting for certificate authentication response`);
+    await waitForCertAuthResponse(page, endpoint);
+    // Check for certificate validation errors
+    const certFailure = page.getByRole("heading", {
+        name: /Certificate validation failed|We couldn't sign you in with a certificate/i,
+    });
+    if (await certFailure.isVisible({ timeout: 2000 }).catch(() => false)) {
+        const failureText = await certFailure.textContent();
+        log(`[MsAuth] ##[error]Certificate authentication failed: ${failureText}`);
+        // Try to get error details
+        const moreDetails = page.getByRole("button", { name: "More details" });
+        if (await moreDetails.isVisible({ timeout: 1000 }).catch(() => false)) {
+            await moreDetails.click();
+            await page
+                .context()
+                .grantPermissions(["clipboard-read"])
+                .catch(() => { });
+            const copyButton = page.getByRole("button", { name: "Copy" });
+            if (await copyButton.isVisible({ timeout: 1000 }).catch(() => false)) {
+                await copyButton.click();
+                const errorDetails = await page
+                    .evaluate("navigator.clipboard.readText()")
+                    .catch(() => "");
+                if (errorDetails) {
+                    log(`[MsAuth] ##[error]Error details: ${errorDetails}`);
+                }
+            }
+        }
+        throw new Error(`Certificate authentication failed for ${email}. Check Entra sign-in logs.`);
+    }
+    log(`[MsAuth] Certificate authentication successful`);
+}
+/**
+ * Handle password-based authentication
+ */
+async function handlePasswordAuth(page, password, email) {
+    log(`[MsAuth] Using password authentication`);
+    // Wait for password field
+    await page
+        .getByRole("textbox", { name: "password" })
+        .waitFor({ timeout: 10000 });
+    // Enter password
+    log(`[MsAuth] Entering password`);
+    await page.getByRole("textbox", { name: "password" }).fill(password);
+    await page
+        .getByRole("button", { name: "submit" })
+        .or(page.locator('input[type="submit"]'))
+        .click();
+    // Check for password errors
+    await page.waitForTimeout(1000);
+    const passwordError = page.locator("#passwordError, .has-error");
+    if (await passwordError.isVisible().catch(() => false)) {
+        const errorText = await passwordError.textContent().catch(() => "");
+        log(`[MsAuth] ##[error]Password authentication failed: ${errorText}`);
+        throw new Error(`Password authentication failed for ${email}. Please verify the password is correct.`);
+    }
+    log(`[MsAuth] Password authentication successful`);
+}
+/**
+ * Handle "Stay signed in?" prompt
+ */
+async function handleStaySignedIn(page) {
+    const staySignedIn = page.getByRole("heading", { name: "Stay signed in?" });
+    if (await staySignedIn.isVisible({ timeout: 5000 }).catch(() => false)) {
+        log(`[MsAuth] Handling 'Stay signed in?' prompt`);
+        await page.getByRole("button", { name: "Yes" }).click();
+    }
+}
+/**
+ * Load existing storage state into a browser context
+ */
+export async function loadStorageState(config) {
+    const storagePath = getStorageStatePath(config.email);
+    const isValid = await isStorageStateValid(storagePath, config.storageStateExpiration);
+    if (!isValid) {
+        throw new Error(`Storage state for '${config.email}' does not exist or has expired. ` +
+            `Please run authentication first.`);
+    }
+    return storagePath;
+}
+//# sourceMappingURL=authenticate.js.map

package/lib/authenticate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authenticate.js","sourceRoot":"","sources":["../src/authenticate.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AACvE,OAAO,EACL,GAAG,EACH,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,mBAAmB,GACpB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,sBAAsB,GAAG,2BAA2B,CAAC;AAE3D;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAoB,EACpB,SAAiB;IAEjB,MAAM,WAAW,GAAG,mBAAmB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEtD,iDAAiD;IACjD,MAAM,OAAO,GAAG,MAAM,mBAAmB,CACvC,WAAW,EACX,MAAM,CAAC,sBAAsB,CAC9B,CAAC;IACF,IAAI,OAAO,EAAE,CAAC;QACZ,GAAG,CACD,+BAA+B,MAAM,CAAC,KAAK,2CAA2C,CACvF,CAAC;QACF,OAAO;IACT,CAAC;IAED,GAAG,CAAC,yCAAyC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC;IAC9D,GAAG,CAAC,iCAAiC,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAClE,GAAG,CAAC,6BAA6B,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IAE1D,qDAAqD;IACrD,MAAM,QAAQ,GAAG,yBAAyB,CAAC,cAAc,CACvD,MAAM,CAAC,kBAAkB,EACzB,MAAM,CAAC,cAAc,CACtB,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,aAAa,EAAE,CAAC;IAElD,iDAAiD;IACjD,IAAI,UAAU,CAAC,IAAI,KAAK,MAAM,CAAC,cAAc,EAAE,CAAC;QAC9C,GAAG,CACD,2DAA2D,MAAM,CAAC,cAAc,cAAc,UAAU,CAAC,IAAI,GAAG,CACjH,CAAC;IACJ,CAAC;IAED,4CAA4C;IAC5C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;QACpC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,OAAO;QAC1C,IAAI,EAAE,CAAC,cAAc,EAAE,0BAA0B,CAAC;KACnD,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,yBAAyB,CAC7B,OAAO,EACP,MAAM,EACN,SAAS,EACT,UAAU,EACV,WAAW,CACZ,CAAC;QACF,GAAG,CACD,kEAAkE,MAAM,CAAC,KAAK,GAAG,CAClF,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,yBAAyB,CACtC,OAAgB,EAChB,MAAoB,EACpB,SAAiB,EACjB,UAA4B,EAC5B,WAAmB;IAEnB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC;QACvC,YAAY,EAAE,SAAS,EAAE,yBAAyB;KACnD,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;IAErC,IAAI,CAAC;QACH,sDAAsD;QACtD,GAAG,CAAC,0BAA0B,SAAS,EAAE,CAAC,CAAC;QAC3C,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAE9D,uCAAuC;QACvC,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,sBAAsB,CAAC;QACrE,MAAM,eAAe,GAAG,IAAI,MAAM,CAChC,eAAe,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,CACzD,CAAC;QAEF,MAAM,MAAM,CAAC,IAAI,EAAE,6BAA6B,CAAC,CAAC,SAAS,CACzD,eAAe,EACf,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QAEF,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,CAAC;QACpD,GAAG,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAC;QAEvD,sBAAsB;QACtB,GAAG,CAAC,4BAA4B,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtE,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;QAEzD,iDAAiD;QACjD,IAAI,UAAU,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACtC,MAAM,qBAAqB,CACzB,IAAI,EACJ,UAAU,CAAC,KAAe,EAC1B,cAAc,EACd,MAAM,CAAC,KAAK,CACb,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,KAAe,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC3E,CAAC;QAED,kCAAkC;QAClC,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAE/B,kCAAkC;QAClC,GAAG,CAAC,6CAA6C,CAAC,CAAC;QACnD,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QAErD,gDAAgD;QAChD,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAEhC,qBAAqB;QACrB,MAAM,eAAe,CACnB,mBAAmB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAC5D,CAAC;QACF,MAAM,OAAO,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;QAClD,GAAG,CAAC,mCAAmC,WAAW,EAAE,CAAC,CAAC;QAEtD,0BAA0B;QAC1B,MAAM,cAAc,GAAG,qBAAqB,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACtE,MAAM,eAAe,CAAC,cAAc,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,CAAC;QAChE,MAAM,IAAI;aACP,UAAU,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;aACpD,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACnB,GAAG,CAAC,gCAAgC,cAAc,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,0BAA0B;QAC1B,MAAM,cAAc,GAAG,qBAAqB,CAAC,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QACrE,MAAM,eAAe,CAAC,cAAc,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,CAAC;QAChE,MAAM,IAAI;aACP,UAAU,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;aACpD,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACnB,GAAG,CACD,wDAAwD,cAAc,EAAE,CACzE,CAAC;QAEF,MAAM,KAAK,CAAC;IACd,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,IAAU,EACV,WAAmB,EACnB,QAAgB,EAChB,KAAa;IAEb,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAEjD,4CAA4C;IAC5C,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC;SACrC,MAAM,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC;SACnC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjB,GAAG,CAAC,qCAAqC,WAAW,EAAE,CAAC,CAAC;IACxD,GAAG,CAAC,8BAA8B,WAAW,CAAC,UAAU,QAAQ,CAAC,CAAC;IAElE,uCAAuC;IACvC,MAAM,gBAAgB,CAAC,IAAI,EAAE,EAAE,GAAG,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE3E,0CAA0C;IAC1C,MAAM,kBAAkB,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE;QAClD,IAAI,EAAE,wBAAwB;KAC/B,CAAC,CAAC;IACH,IACE,MAAM,kBAAkB,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EACxE,CAAC;QACD,GAAG,CAAC,6CAA6C,CAAC,CAAC;QACnD,MAAM,kBAAkB,CAAC,KAAK,EAAE,CAAC;IACnC,CAAC;IAED,yCAAyC;IACzC,MAAM,UAAU,GAAG,IAAI;SACpB,SAAS,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;SAC1C,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;IAEzD,IAAI,MAAM,UAAU,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACrE,GAAG,CAAC,+CAA+C,CAAC,CAAC;QACrD,MAAM,UAAU,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED,kDAAkD;IAClD,GAAG,CAAC,0DAA0D,CAAC,CAAC;IAChE,MAAM,uBAAuB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAE9C,0CAA0C;IAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE;QAC5C,IAAI,EAAE,2EAA2E;KAClF,CAAC,CAAC;IAEH,IAAI,MAAM,WAAW,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACtE,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,WAAW,EAAE,CAAC;QACpD,GAAG,CAAC,wDAAwD,WAAW,EAAE,CAAC,CAAC;QAE3E,2BAA2B;QAC3B,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC;QACvE,IAAI,MAAM,WAAW,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YACtE,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;YAC1B,MAAM,IAAI;iBACP,OAAO,EAAE;iBACT,gBAAgB,CAAC,CAAC,gBAAgB,CAAC,CAAC;iBACpC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACnB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAC9D,IAAI,MAAM,UAAU,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrE,MAAM,UAAU,CAAC,KAAK,EAAE,CAAC;gBACzB,MAAM,YAAY,GAAG,MAAM,IAAI;qBAC5B,QAAQ,CAAC,gCAAgC,CAAC;qBAC1C,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBACnB,IAAI,YAAY,EAAE,CAAC;oBACjB,GAAG,CAAC,oCAAoC,YAAY,EAAE,CAAC,CAAC;gBAC1D,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CACb,yCAAyC,KAAK,6BAA6B,CAC5E,CAAC;IACJ,CAAC;IAED,GAAG,CAAC,gDAAgD,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,IAAU,EACV,QAAgB,EAChB,KAAa;IAEb,GAAG,CAAC,wCAAwC,CAAC,CAAC;IAE9C,0BAA0B;IAC1B,MAAM,IAAI;SACP,SAAS,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;SAC1C,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IAE/B,iBAAiB;IACjB,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAClC,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrE,MAAM,IAAI;SACP,SAAS,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;SACvC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;SACxC,KAAK,EAAE,CAAC;IAEX,4BAA4B;IAC5B,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACjE,IAAI,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACpE,GAAG,CAAC,qDAAqD,SAAS,EAAE,CAAC,CAAC;QACtE,MAAM,IAAI,KAAK,CACb,sCAAsC,KAAK,0CAA0C,CACtF,CAAC;IACJ,CAAC;IAED,GAAG,CAAC,6CAA6C,CAAC,CAAC;AACrD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,IAAU;IAC1C,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAE5E,IAAI,MAAM,YAAY,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACvE,GAAG,CAAC,4CAA4C,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;IAC1D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAoB;IACzD,MAAM,WAAW,GAAG,mBAAmB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEtD,MAAM,OAAO,GAAG,MAAM,mBAAmB,CACvC,WAAW,EACX,MAAM,CAAC,sBAAsB,CAC9B,CAAC;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,sBAAsB,MAAM,CAAC,KAAK,mCAAmC;YACnE,kCAAkC,CACrC,CAAC;IACJ,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC"}

package/lib/certAuth.d.ts

@@ -0,0 +1,21 @@
+import type { Page } from "@playwright/test";
+export interface CertAuthOptions {
+    /** The certificate for the user as a pfx buffer or base64 string */
+    pfx: Buffer | string;
+    /** Optional passphrase for the certificate */
+    passphrase?: string;
+    /**
+     * The authentication endpoint e.g. login.microsoftonline.com or login.microsoftonline.us
+     * @default 'login.microsoftonline.com'
+     */
+    authEndpoint?: string;
+}
+/**
+ * Add certificate authentication route handler to the page
+ */
+export declare function addCertAuthRoute(page: Page, options: CertAuthOptions): Promise<void>;
+/**
+ * Wait for certificate authentication response
+ */
+export declare function waitForCertAuthResponse(page: Page, endpoint?: string): Promise<void>;
+//# sourceMappingURL=certAuth.d.ts.map

package/lib/certAuth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"certAuth.d.ts","sourceRoot":"","sources":["../src/certAuth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAkB,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAM7D,MAAM,WAAW,eAAe;IAC9B,oEAAoE;IACpE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;IAErB,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,IAAI,CAAC,CASf;AA0ED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,IAAI,EACV,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC,CAIf"}

package/lib/certAuth.js

@@ -0,0 +1,82 @@
+import { Agent, request as https } from "node:https";
+import { log } from "./utils";
+const DEFAULT_AUTH_ENDPOINT = "login.microsoftonline.com";
+/**
+ * Add certificate authentication route handler to the page
+ */
+export async function addCertAuthRoute(page, options) {
+    const endpoint = options.authEndpoint || DEFAULT_AUTH_ENDPOINT;
+    const uri = getCertAuthGlob(endpoint);
+    const { pfx, passphrase } = options;
+    log(`[CertAuth] Adding certificate authentication route for endpoint: ${endpoint}`);
+    await page.route(uri, certAuthHandler({ pfx, passphrase }));
+}
+/**
+ * Create handler for certificate authentication requests
+ * See https://learn.microsoft.com/en-us/entra/identity/authentication/concept-certificate-based-authentication-technical-deep-dive
+ */
+function certAuthHandler(options) {
+    return async (route, request) => {
+        try {
+            log(`[CertAuth] Handling certificate authentication request to ${request.url()}`);
+            const resp = await doCertAuthPost(request, options);
+            await route.fulfill(resp);
+            log(`[CertAuth] Certificate authentication request completed with status ${resp.status}`);
+        }
+        catch (e) {
+            const message = e instanceof Error ? e.message : String(e);
+            log(`[CertAuth] ##[error]Failed to send cert auth request: ${message}`);
+            await route.abort("failed");
+        }
+    };
+}
+/**
+ * Perform certificate authentication POST request
+ */
+function doCertAuthPost(request, options) {
+    return new Promise((resolve, reject) => {
+        const agent = new Agent(options);
+        const req = https(request.url(), {
+            method: "POST",
+            headers: request.headers(),
+            agent,
+        });
+        req.on("error", (err) => {
+            reject(err);
+        });
+        req.on("response", (res) => {
+            if (res.statusCode >= 400) {
+                reject(new Error(`Cert auth request failed: ${res.statusCode} ${res.statusMessage}`));
+                return;
+            }
+            let data = "";
+            res.on("data", (chunk) => {
+                data += Buffer.from(chunk).toString("utf-8");
+            });
+            res.on("end", () => {
+                resolve({
+                    status: res.statusCode,
+                    headers: res.headers,
+                    body: data,
+                });
+            });
+        });
+        req.write(request.postData());
+        req.end();
+    });
+}
+/**
+ * Wait for certificate authentication response
+ */
+export function waitForCertAuthResponse(page, endpoint) {
+    const authEndpoint = endpoint || DEFAULT_AUTH_ENDPOINT;
+    const glob = getCertAuthGlob(authEndpoint);
+    return page.waitForResponse(glob).then(() => { });
+}
+/**
+ * Get glob pattern for certificate authentication endpoint
+ */
+function getCertAuthGlob(endpoint) {
+    return `https://*certauth.${endpoint}/**`;
+}
+//# sourceMappingURL=certAuth.js.map

package/lib/certAuth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"certAuth.js","sourceRoot":"","sources":["../src/certAuth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAgB,OAAO,IAAI,KAAK,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,EAAE,GAAG,EAAE,MAAM,SAAS,CAAC;AAE9B,MAAM,qBAAqB,GAAG,2BAA2B,CAAC;AAgB1D;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAU,EACV,OAAwB;IAExB,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,IAAI,qBAAqB,CAAC;IAC/D,MAAM,GAAG,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAEpC,GAAG,CACD,oEAAoE,QAAQ,EAAE,CAC/E,CAAC;IACF,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,eAAe,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,OAAqB;IAC5C,OAAO,KAAK,EAAE,KAAY,EAAE,OAAgB,EAAE,EAAE;QAC9C,IAAI,CAAC;YACH,GAAG,CACD,6DAA6D,OAAO,CAAC,GAAG,EAAE,EAAE,CAC7E,CAAC;YACF,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC1B,GAAG,CACD,uEAAuE,IAAI,CAAC,MAAM,EAAE,CACrF,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC3D,GAAG,CAAC,yDAAyD,OAAO,EAAE,CAAC,CAAC;YACxE,MAAM,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAgB,EAAE,OAAqB;IAC7D,OAAO,IAAI,OAAO,CAIf,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrB,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE;YAC/B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE;YAC1B,KAAK;SACN,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACtB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,IAAI,GAAG,CAAC,UAAW,IAAI,GAAG,EAAE,CAAC;gBAC3B,MAAM,CACJ,IAAI,KAAK,CACP,6BAA6B,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,aAAa,EAAE,CACnE,CACF,CAAC;gBACF,OAAO;YACT,CAAC;YAED,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;gBACvB,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC/C,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,OAAO,CAAC;oBACN,MAAM,EAAE,GAAG,CAAC,UAAW;oBACvB,OAAO,EAAE,GAAG,CAAC,OAAc;oBAC3B,IAAI,EAAE,IAAI;iBACX,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9B,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CACrC,IAAU,EACV,QAAiB;IAEjB,MAAM,YAAY,GAAG,QAAQ,IAAI,qBAAqB,CAAC;IACvD,MAAM,IAAI,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAC3C,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,QAAgB;IACvC,OAAO,qBAAqB,QAAQ,KAAK,CAAC;AAC5C,CAAC"}

package/lib/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/lib/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/lib/cli.js

@@ -0,0 +1,109 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { authenticate } from "./authenticate";
+import { loadConfigFromEnv, validateConfig } from "./config";
+import { EnvVars } from "./types";
+import { log } from "./utils";
+const program = new Command();
+program
+    .name("ms-auth")
+    .description("Microsoft Entra authentication CLI for Playwright")
+    .version("1.0.0");
+program
+    .command("login")
+    .description("Perform Microsoft Entra authentication and save storage state")
+    .requiredOption("-u, --url <url>", "Target URL to authenticate against")
+    .option("-e, --email <email>", `User email (or set ${EnvVars.EMAIL})`)
+    .option("-t, --credential-type <type>", `Credential type: password|certificate (or set ${EnvVars.CREDENTIAL_TYPE})`, "password")
+    .option("-p, --credential-provider <provider>", `Credential provider: azure-keyvault|local-file|environment|github-secrets (or set ${EnvVars.CREDENTIAL_PROVIDER})`, "azure-keyvault")
+    .option("--keyvault-endpoint <endpoint>", `Azure KeyVault endpoint (or set ${EnvVars.KEYVAULT_ENDPOINT})`)
+    .option("--keyvault-secret <secret>", `Azure KeyVault secret name (or set ${EnvVars.KEYVAULT_SECRET_NAME})`)
+    .option("--local-file <path>", `Local file path for credential (or set ${EnvVars.LOCAL_FILE_PATH})`)
+    .option("--env-variable <name>", `Environment variable name (or set ${EnvVars.ENV_VARIABLE_NAME})`)
+    .option("--github-repo <repo>", `GitHub repository owner/repo (or set ${EnvVars.GITHUB_REPOSITORY})`)
+    .option("--github-secret <secret>", `GitHub secret name (or set ${EnvVars.GITHUB_SECRET_NAME})`)
+    .option("--output-dir <dir>", `Output directory for storage state (or set ${EnvVars.OUTPUT_DIR})`)
+    .option("--debug", "Enable debug logging")
+    .action(async (options) => {
+    try {
+        // Enable debug logging if requested
+        if (options.debug) {
+            process.env[EnvVars.SYSTEM_DEBUG] = "true";
+        }
+        log("[CLI] Starting authentication");
+        log(`[CLI] Target URL: ${options.url}`);
+        // Set environment variables from CLI options
+        if (options.email)
+            process.env[EnvVars.EMAIL] = options.email;
+        if (options.credentialType)
+            process.env[EnvVars.CREDENTIAL_TYPE] = options.credentialType;
+        if (options.credentialProvider)
+            process.env[EnvVars.CREDENTIAL_PROVIDER] = options.credentialProvider;
+        if (options.keyvaultEndpoint)
+            process.env[EnvVars.KEYVAULT_ENDPOINT] = options.keyvaultEndpoint;
+        if (options.keyvaultSecret)
+            process.env[EnvVars.KEYVAULT_SECRET_NAME] = options.keyvaultSecret;
+        if (options.localFile)
+            process.env[EnvVars.LOCAL_FILE_PATH] = options.localFile;
+        if (options.envVariable)
+            process.env[EnvVars.ENV_VARIABLE_NAME] = options.envVariable;
+        if (options.githubRepo)
+            process.env[EnvVars.GITHUB_REPOSITORY] = options.githubRepo;
+        if (options.githubSecret)
+            process.env[EnvVars.GITHUB_SECRET_NAME] = options.githubSecret;
+        if (options.outputDir)
+            process.env[EnvVars.OUTPUT_DIR] = options.outputDir;
+        // Load configuration from environment
+        const config = loadConfigFromEnv();
+        validateConfig(config);
+        log(`[CLI] Email: ${config.email}`);
+        log(`[CLI] Credential type: ${config.credentialType}`);
+        log(`[CLI] Credential provider: ${config.credentialProvider}`);
+        // Perform authentication
+        await authenticate(config, options.url);
+        console.log("✅ Authentication successful!");
+        process.exit(0);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        console.error("❌ Authentication failed:", message);
+        if (options.debug && error instanceof Error && error.stack) {
+            console.error(error.stack);
+        }
+        process.exit(1);
+    }
+});
+program
+    .command("env-help")
+    .description("Show all supported environment variables")
+    .action(() => {
+    console.log("Supported Environment Variables:\n");
+    console.log("Core Configuration:");
+    console.log(`  ${EnvVars.EMAIL}               - User email address`);
+    console.log(`  ${EnvVars.CREDENTIAL_TYPE}     - Credential type (password|certificate)`);
+    console.log(`  ${EnvVars.CREDENTIAL_PROVIDER} - Provider type (azure-keyvault|local-file|environment|github-secrets)`);
+    console.log(`  ${EnvVars.OUTPUT_DIR}          - Output directory for storage state`);
+    console.log(`  ${EnvVars.LOGIN_ENDPOINT}      - Entra login endpoint (default: login.microsoftonline.com)`);
+    console.log(`  ${EnvVars.STORAGE_STATE_EXPIRATION} - Hours until storage state expires (default: 24)`);
+    console.log();
+    console.log("Azure KeyVault Provider:");
+    console.log(`  ${EnvVars.KEYVAULT_ENDPOINT}   - KeyVault endpoint URL`);
+    console.log(`  ${EnvVars.KEYVAULT_SECRET_NAME}- Secret name in KeyVault`);
+    console.log();
+    console.log("Local File Provider:");
+    console.log(`  ${EnvVars.LOCAL_FILE_PATH}     - Path to credential file`);
+    console.log(`  ${EnvVars.CERTIFICATE_PASSWORD}- Password for encrypted certificate`);
+    console.log();
+    console.log("Environment Variable Provider:");
+    console.log(`  ${EnvVars.ENV_VARIABLE_NAME}   - Name of environment variable containing credential`);
+    console.log();
+    console.log("GitHub Secrets Provider:");
+    console.log(`  ${EnvVars.GITHUB_REPOSITORY}   - GitHub repository (owner/repo)`);
+    console.log(`  ${EnvVars.GITHUB_SECRET_NAME}  - GitHub secret name`);
+    console.log(`  ${EnvVars.GITHUB_TOKEN}        - GitHub token (optional)`);
+    console.log();
+    console.log("Debug:");
+    console.log(`  ${EnvVars.SYSTEM_DEBUG}        - Enable debug logging (true|false)`);
+});
+program.parse();
+//# sourceMappingURL=cli.js.map

package/lib/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,GAAG,EAAE,MAAM,SAAS,CAAC;AAE9B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,SAAS,CAAC;KACf,WAAW,CAAC,mDAAmD,CAAC;KAChE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,cAAc,CAAC,iBAAiB,EAAE,oCAAoC,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,sBAAsB,OAAO,CAAC,KAAK,GAAG,CAAC;KACrE,MAAM,CACL,8BAA8B,EAC9B,iDAAiD,OAAO,CAAC,eAAe,GAAG,EAC3E,UAAU,CACX;KACA,MAAM,CACL,sCAAsC,EACtC,qFAAqF,OAAO,CAAC,mBAAmB,GAAG,EACnH,gBAAgB,CACjB;KACA,MAAM,CACL,gCAAgC,EAChC,mCAAmC,OAAO,CAAC,iBAAiB,GAAG,CAChE;KACA,MAAM,CACL,4BAA4B,EAC5B,sCAAsC,OAAO,CAAC,oBAAoB,GAAG,CACtE;KACA,MAAM,CACL,qBAAqB,EACrB,0CAA0C,OAAO,CAAC,eAAe,GAAG,CACrE;KACA,MAAM,CACL,uBAAuB,EACvB,qCAAqC,OAAO,CAAC,iBAAiB,GAAG,CAClE;KACA,MAAM,CACL,sBAAsB,EACtB,wCAAwC,OAAO,CAAC,iBAAiB,GAAG,CACrE;KACA,MAAM,CACL,0BAA0B,EAC1B,8BAA8B,OAAO,CAAC,kBAAkB,GAAG,CAC5D;KACA,MAAM,CACL,oBAAoB,EACpB,8CAA8C,OAAO,CAAC,UAAU,GAAG,CACpE;KACA,MAAM,CAAC,SAAS,EAAE,sBAAsB,CAAC;KACzC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC;QACH,oCAAoC;QACpC,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAC7C,CAAC;QAED,GAAG,CAAC,+BAA+B,CAAC,CAAC;QACrC,GAAG,CAAC,qBAAqB,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAExC,6CAA6C;QAC7C,IAAI,OAAO,CAAC,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC;QAC9D,IAAI,OAAO,CAAC,cAAc;YACxB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,OAAO,CAAC,cAAc,CAAC;QAChE,IAAI,OAAO,CAAC,kBAAkB;YAC5B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,OAAO,CAAC,kBAAkB,CAAC;QACxE,IAAI,OAAO,CAAC,gBAAgB;YAC1B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACpE,IAAI,OAAO,CAAC,cAAc;YACxB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,cAAc,CAAC;QACrE,IAAI,OAAO,CAAC,SAAS;YACnB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC;QAC3D,IAAI,OAAO,CAAC,WAAW;YACrB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;QAC/D,IAAI,OAAO,CAAC,UAAU;YACpB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;QAC9D,IAAI,OAAO,CAAC,YAAY;YACtB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC;QACjE,IAAI,OAAO,CAAC,SAAS;YACnB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC;QAEtD,sCAAsC;QACtC,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;QACnC,cAAc,CAAC,MAAM,CAAC,CAAC;QAEvB,GAAG,CAAC,gBAAgB,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACpC,GAAG,CAAC,0BAA0B,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;QACvD,GAAG,CAAC,8BAA8B,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC;QAE/D,yBAAyB;QACzB,MAAM,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAExC,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO,CAAC,KAAK,CAAC,0BAA0B,EAAE,OAAO,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,KAAK,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAC3D,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,0CAA0C,CAAC;KACvD,MAAM,CAAC,GAAG,EAAE;IACX,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,KAAK,qCAAqC,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CACT,KAAK,OAAO,CAAC,eAAe,+CAA+C,CAC5E,CAAC;IACF,OAAO,CAAC,GAAG,CACT,KAAK,OAAO,CAAC,mBAAmB,yEAAyE,CAC1G,CAAC;IACF,OAAO,CAAC,GAAG,CACT,KAAK,OAAO,CAAC,UAAU,gDAAgD,CACxE,CAAC;IACF,OAAO,CAAC,GAAG,CACT,KAAK,OAAO,CAAC,cAAc,mEAAmE,CAC/F,CAAC;IACF,OAAO,CAAC,GAAG,CACT,KAAK,OAAO,CAAC,wBAAwB,oDAAoD,CAC1F,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,iBAAiB,4BAA4B,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,oBAAoB,2BAA2B,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,eAAe,gCAAgC,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CACT,KAAK,OAAO,CAAC,oBAAoB,sCAAsC,CACxE,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CACT,KAAK,OAAO,CAAC,iBAAiB,yDAAyD,CACxF,CAAC;IACF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CACT,KAAK,OAAO,CAAC,iBAAiB,qCAAqC,CACpE,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,kBAAkB,wBAAwB,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,YAAY,mCAAmC,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtB,OAAO,CAAC,GAAG,CACT,KAAK,OAAO,CAAC,YAAY,6CAA6C,CACvE,CAAC;AACJ,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/lib/config.d.ts

@@ -0,0 +1,10 @@
+import type { MsAuthConfig } from "./types";
+/**
+ * Load configuration from environment variables
+ */
+export declare function loadConfigFromEnv(): MsAuthConfig;
+/**
+ * Validate configuration
+ */
+export declare function validateConfig(config: MsAuthConfig): void;
+//# sourceMappingURL=config.d.ts.map

package/lib/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EAQb,MAAM,SAAS,CAAC;AAGjB;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,YAAY,CAwBhD;AA+FD;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAsBzD"}

package/lib/config.js

@@ -0,0 +1,115 @@
+import { EnvVars } from "./types";
+/**
+ * Load configuration from environment variables
+ */
+export function loadConfigFromEnv() {
+    const email = process.env[EnvVars.EMAIL];
+    if (!email) {
+        throw new Error(`${EnvVars.EMAIL} environment variable is required`);
+    }
+    const credentialType = (process.env[EnvVars.CREDENTIAL_TYPE] ||
+        "password");
+    const credentialProvider = (process.env[EnvVars.CREDENTIAL_PROVIDER] ||
+        "azure-keyvault");
+    const providerConfig = loadProviderConfigFromEnv(credentialProvider);
+    return {
+        email,
+        credentialType,
+        credentialProvider,
+        providerConfig,
+        outputDir: process.env[EnvVars.OUTPUT_DIR],
+        storageStateExpiration: process.env[EnvVars.STORAGE_STATE_EXPIRATION]
+            ? parseInt(process.env[EnvVars.STORAGE_STATE_EXPIRATION])
+            : 24,
+        loginEndpoint: process.env[EnvVars.LOGIN_ENDPOINT],
+    };
+}
+/**
+ * Load provider-specific configuration from environment variables
+ */
+function loadProviderConfigFromEnv(providerType) {
+    switch (providerType) {
+        case "azure-keyvault":
+            return loadAzureKeyVaultConfigFromEnv();
+        case "local-file":
+            return loadLocalFileConfigFromEnv();
+        case "environment":
+            return loadEnvironmentConfigFromEnv();
+        case "github-secrets":
+            return loadGitHubSecretsConfigFromEnv();
+        default:
+            throw new Error(`Unsupported credential provider: ${providerType}`);
+    }
+}
+function loadAzureKeyVaultConfigFromEnv() {
+    const keyVaultEndpoint = process.env[EnvVars.KEYVAULT_ENDPOINT];
+    const secretName = process.env[EnvVars.KEYVAULT_SECRET_NAME];
+    if (!keyVaultEndpoint) {
+        throw new Error(`${EnvVars.KEYVAULT_ENDPOINT} environment variable is required for Azure KeyVault provider`);
+    }
+    if (!secretName) {
+        throw new Error(`${EnvVars.KEYVAULT_SECRET_NAME} environment variable is required for Azure KeyVault provider`);
+    }
+    return {
+        keyVaultEndpoint,
+        secretName,
+    };
+}
+function loadLocalFileConfigFromEnv() {
+    const filePath = process.env[EnvVars.LOCAL_FILE_PATH];
+    if (!filePath) {
+        throw new Error(`${EnvVars.LOCAL_FILE_PATH} environment variable is required for local file provider`);
+    }
+    return {
+        filePath,
+        certificatePassword: process.env[EnvVars.CERTIFICATE_PASSWORD],
+    };
+}
+function loadEnvironmentConfigFromEnv() {
+    const variableName = process.env[EnvVars.ENV_VARIABLE_NAME];
+    if (!variableName) {
+        throw new Error(`${EnvVars.ENV_VARIABLE_NAME} environment variable is required for environment provider`);
+    }
+    return {
+        variableName,
+        passwordVariableName: process.env[EnvVars.CERTIFICATE_PASSWORD],
+    };
+}
+function loadGitHubSecretsConfigFromEnv() {
+    const repository = process.env[EnvVars.GITHUB_REPOSITORY];
+    const secretName = process.env[EnvVars.GITHUB_SECRET_NAME];
+    if (!repository) {
+        throw new Error(`${EnvVars.GITHUB_REPOSITORY} environment variable is required for GitHub Secrets provider`);
+    }
+    if (!secretName) {
+        throw new Error(`${EnvVars.GITHUB_SECRET_NAME} environment variable is required for GitHub Secrets provider`);
+    }
+    return {
+        repository,
+        secretName,
+        token: process.env[EnvVars.GITHUB_TOKEN],
+    };
+}
+/**
+ * Validate configuration
+ */
+export function validateConfig(config) {
+    if (!config.email) {
+        throw new Error("Email is required");
+    }
+    if (!config.credentialType) {
+        throw new Error("Credential type is required");
+    }
+    if (!config.credentialProvider) {
+        throw new Error("Credential provider is required");
+    }
+    if (!config.providerConfig) {
+        throw new Error("Provider configuration is required");
+    }
+    // Validate email format
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    if (!emailRegex.test(config.email)) {
+        throw new Error(`Invalid email format: ${config.email}`);
+    }
+}
+//# sourceMappingURL=config.js.map

package/lib/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,GAAG,OAAO,CAAC,KAAK,mCAAmC,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;QAC1D,UAAU,CAAmB,CAAC;IAChC,MAAM,kBAAkB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC;QAClE,gBAAgB,CAA2B,CAAC;IAE9C,MAAM,cAAc,GAAG,yBAAyB,CAAC,kBAAkB,CAAC,CAAC;IAErE,OAAO;QACL,KAAK;QACL,cAAc;QACd,kBAAkB;QAClB,cAAc;QACd,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC;QAC1C,sBAAsB,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,wBAAwB,CAAC;YACnE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,wBAAwB,CAAE,CAAC;YAC1D,CAAC,CAAC,EAAE;QACN,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;KACnD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAChC,YAAoC;IAEpC,QAAQ,YAAY,EAAE,CAAC;QACrB,KAAK,gBAAgB;YACnB,OAAO,8BAA8B,EAAE,CAAC;QAC1C,KAAK,YAAY;YACf,OAAO,0BAA0B,EAAE,CAAC;QACtC,KAAK,aAAa;YAChB,OAAO,4BAA4B,EAAE,CAAC;QACxC,KAAK,gBAAgB;YACnB,OAAO,8BAA8B,EAAE,CAAC;QAC1C;YACE,MAAM,IAAI,KAAK,CAAC,oCAAoC,YAAY,EAAE,CAAC,CAAC;IACxE,CAAC;AACH,CAAC;AAED,SAAS,8BAA8B;IACrC,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAE7D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,GAAG,OAAO,CAAC,iBAAiB,+DAA+D,CAC5F,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,GAAG,OAAO,CAAC,oBAAoB,+DAA+D,CAC/F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,gBAAgB;QAChB,UAAU;KACX,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAEtD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CACb,GAAG,OAAO,CAAC,eAAe,2DAA2D,CACtF,CAAC;IACJ,CAAC;IAED,OAAO;QACL,QAAQ;QACR,mBAAmB,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC;KAC/D,CAAC;AACJ,CAAC;AAED,SAAS,4BAA4B;IACnC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAE5D,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CACb,GAAG,OAAO,CAAC,iBAAiB,4DAA4D,CACzF,CAAC;IACJ,CAAC;IAED,OAAO;QACL,YAAY;QACZ,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC;KAChE,CAAC;AACJ,CAAC;AAED,SAAS,8BAA8B;IACrC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAE3D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,GAAG,OAAO,CAAC,iBAAiB,+DAA+D,CAC5F,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,GAAG,OAAO,CAAC,kBAAkB,+DAA+D,CAC7F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,UAAU;QACV,UAAU;QACV,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC;KACzC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAoB;IACjD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,wBAAwB;IACxB,MAAM,UAAU,GAAG,4BAA4B,CAAC;IAChD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,yBAAyB,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC"}

package/lib/index.d.ts

@@ -0,0 +1,16 @@
+/**
+ * @paeng/playwright-ms-auth
+ *
+ * Flexible authentication framework for Playwright tests supporting
+ * password and certificate authentication with multiple credential providers.
+ */
+export * from "./types";
+export * from "./config";
+export * from "./authenticate";
+export * from "./certAuth";
+export * from "./utils";
+export * from "./providers";
+export { authenticate, loadStorageState } from "./authenticate";
+export { loadConfigFromEnv, validateConfig } from "./config";
+export { CredentialProviderFactory } from "./providers";
+//# sourceMappingURL=index.d.ts.map

package/lib/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,SAAS,CAAC;AACxB,cAAc,UAAU,CAAC;AACzB,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,SAAS,CAAC;AACxB,cAAc,aAAa,CAAC;AAG5B,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC"}