@microsoft/windows-admin-center-sdk
Version:
Microsoft - Windows Admin Center Shell
308 lines (307 loc) • 11.8 kB
TypeScript
import { Observable } from 'rxjs';
import { AjaxError, AjaxRequest } from 'rxjs/ajax';
import { CimStreamOptions, CimStreamResponse } from '../data/cim-stream';
import { HttpStatusCode } from '../data/http-constants';
import { PowerShellStreamResponse } from '../data/powershell-stream';
import { RpcForwardResponse } from '../rpc/forward/rpc-forward-model';
import { Rpc } from '../rpc/rpc';
import { RpcRelationshipType } from '../rpc/rpc-base';
import { RpcServiceForwarder } from '../rpc/rpc-forwarder';
import { SignedHttpRequestToken, SignOnManager, SignOnTokenResponse } from './sign-on-manager';
/**
* Defines the response from an Authorization Handler
*/
export interface AuthorizationCredentials {
username: string;
password: string;
applyToAllNodes?: boolean;
useLaps?: boolean;
lapsLocalAdminName?: string;
}
/**
* Defines the response the AuthorizationManager returns from getToken
*/
export interface AuthorizationTokenResponse {
token: AuthorizationToken;
appliesTo?: string | string[];
}
/**
* Defines an authorizationToken
*/
export interface AuthorizationToken {
value: string;
username: string;
useLaps: boolean;
lapsLocalAdminName: string;
}
/**
* The create authorization token options
*/
export interface CreateAuthorizationTokenOptions {
password?: string;
username?: string;
useLaps?: boolean;
lapsLocalAdminName?: string;
}
/**
* The extra error data of original cause.
*/
export interface NodeAuthorizationErrorData {
statusCode: HttpStatusCode;
errorCode: string;
errorMessage: string;
}
/**
* Defines a handler that takes a nodeName and returns authorization credentials
*/
export declare type NodeAuthorizationHandler = (nodeName?: string | string[], errorData?: NodeAuthorizationErrorData) => Observable<AuthorizationCredentials>;
/**
* Defines properties that will be provided to child instances on a forward init request
*/
export interface AuthorizationManagerInitProperties {
manageAsToken: AuthorizationToken;
nodeTokens: MsftSme.StringMap<AuthorizationToken>;
nodePowershellEndpoints: MsftSme.StringMap<string>;
signOnToken: SignedHttpRequestToken;
}
/**
* Authorization Manager class. Handles SME authentication for service requests.
*/
export declare class AuthorizationManager extends RpcServiceForwarder {
private authorize;
/**
* Cache key for session storage of authorization cache
*/
private static cacheKey;
/**
* If no laps local admin name is defined, it will default to 'administrator'
*/
static defaultLapsLocalAdminName: string;
private static rpcCommands;
/**
* Create a map of nodeNames to token objects to hold node specific tokens.
*/
nodeTokens: MsftSme.StringMap<AuthorizationToken>;
/**
* The sign on operation manager.
*/
signOnManager: SignOnManager;
/**
* The backing store fro the manageAsToken
*/
private token;
/**
* The JSON Web Key. Single string with JSON.stringify format.
*/
private jwk;
/**
* Credentials expiration time, used to determine the lifetime of new tokens. Value in milliseconds.
*/
private credentialsExpirationTimeInMs;
/**
* Underlying implementation subject for credentialExpiration observable
*/
private credentialExpirationChangedSubject;
/**
* Observable that emits whenever the credentials expiration has changed
*/
credentialExpirationChanged: Observable<number>;
/**
* Set the admin configured expiration time in milliseconds
* If this is not set it will be defaulted to 365 days.
*/
set authExpirationInMs(expirationTimeInMs: number);
/**
* The logon user returned by gateway's api/user
*/
private logOnUser;
/**
* Sets logon user and caches the value
*/
set shellLogOnUser(username: string);
/**
* The mapping of connections to PowershellEndpoints
*/
private nodePowershellEndpoints;
/**
* The token awaiter subject.
*/
private tokenAwaiter;
/**
* The subject observable of sign on token awaiter.
*/
private signOnTokenAwaiter;
/**
* Sets the current manage as token
* If running with an Rpc child, notify of the change
*/
set manageAsToken(token: AuthorizationToken);
/**
* Gets the current manage as token
*/
get manageAsToken(): AuthorizationToken;
/**
* Sets the gateway encryption certificate JWK.
* If this is not set by Shell/Add-Connection, it will send clear text password.
*/
set gatewayJwk(jwk: string);
/**
* Observable that emits whenever the gateways Jwk has changed
*/
readonly gatewayJwkChanged: Observable<string>;
/**
* Underlying implementation subject for gatewayJwkChanged observable
*/
private gatewayJwkChangedSubject;
/**
* Gets the gateway encryption certificate JWK.
*/
get gatewayJwk(): string;
/**
* Gets an observable the emits when the authorization token is ready
*/
get authAwaiter(): Observable<AuthorizationTokenResponse>;
/**
* Initializes a new instance of the Authorization Manager class
* @param authorize An AuthorizationHandler with which to retrieve user credentials
* @param rpc The rpc to forward auth requests to a parent window
*/
constructor(authorize: NodeAuthorizationHandler, rpc: Rpc);
/**
* defines the conditions under which the AuthorizationManager can handle an ajax error
*/
canHandleAjaxFailure(code: HttpStatusCode, error: AjaxError): boolean;
/**
* When canHandle returns true for an ajax error, this method can be called to handle that error.
*/
handleAjaxFailure(code: HttpStatusCode, request: AjaxRequest, error: AjaxError, nodeName?: string): Observable<AjaxRequest>;
/**
* Check if it can handle the error.
*
* @param response the response of CIM stream query.
*/
canHandleStreamFailure(response: CimStreamResponse): boolean;
/**
* When canHandle returns true for an ajax error, this method can be called to handle that error.
*/
handleStreamFailure(nodeName: string, options: CimStreamOptions, response: CimStreamResponse | PowerShellStreamResponse): Observable<CimStreamOptions>;
saveJeaContext(nodeName: string, endpoint: string): void;
getJeaEndpoint(nodeName: string): string;
/**
* Associates a node to use a specified JEA endpoint
*/
setJeaEndpoint(nodeName: string, endpoint: string): void;
/**
* Calls the authorize method and gets a new token.
* If running as a child, the token comes from the parent windows service
*/
getNewToken(nodeName: string): Observable<AuthorizationTokenResponse>;
getNewToken(nodeNames: string[]): Observable<AuthorizationTokenResponse>;
getNewToken(nodeName: string, errorData: NodeAuthorizationErrorData): Observable<AuthorizationTokenResponse>;
getNewToken(nodeNames: string[], errorData: NodeAuthorizationErrorData): Observable<AuthorizationTokenResponse>;
refreshSignOnToken(): Observable<SignOnTokenResponse>;
/**
* Forward Sign On Token to child frame.
*/
forwardSignOnToken(): void;
/**
* @deprecated use createSecureToken() after configured gatewayJwk property.
*
* Creates a token from the given options that may be used for node authentication
* @param options The token creation options
*/
createToken(options: CreateAuthorizationTokenOptions, passwordEncryptedWith?: string): AuthorizationToken;
/**
* Creates a secure token from the given options that may be used for node authentication
*
* @param options The token creation options
*/
createSecureToken(options: CreateAuthorizationTokenOptions): Observable<AuthorizationToken>;
/**
* Get the saved Auth token for a node.
*
* @param nodeName The nodeName to get token for.
*/
getSavedNodeToken(nodeName: string): AuthorizationToken;
/**
* Sets a token on the given nodes
* @param token The token to use for the given nodes
* @param nodeName The names of the nodes to set the token for. If empty or null, the token will be used as the global manageAs token
* @returns an Observable indicating that the token has been set.
*/
setNodeTokens(token: AuthorizationToken, nodeNames?: string[]): Observable<void>;
/**
* Adds a authorization header to a request given a node with a manageAsToken
* @param request The request to add headers to
* @param nodeName optional. The node to add headers for if not provided, the global token will be used
* @param token optional. The token to use for the headers. if provided, the nodeName is not used.
*/
addAuthorizationRequestHeader(request: AjaxRequest, nodeName?: string, token?: AuthorizationToken): void;
/**
* Create token headers.
*
* @param nodeName the node name.
* @param token the token to override current setting (optional).
*/
createTokenHeaders(nodeName: string, token?: AuthorizationToken): MsftSme.StringMap<string>;
/**
* Adds a authorization header to a request given a node with a manageAsToken
*/
addAuthorizationTokensToMultiPartBody(body: string[], nodeName?: string, token?: AuthorizationToken): void;
resetAllTokens(): void;
/**
* Encrypts a string value using the jwk from the gateway
*/
encrypt(value: string): Observable<string>;
/**
* Called on a child service instance when onForwardInit returns from the parent
* @param data The response from the forwardInit call
*/
protected onForwardInitResponse(data: RpcForwardResponse<AuthorizationManagerInitProperties>): void;
/**
* Called when a new instance of the service in another window is initialized and needs to synchronize with its parent
* @param from The RpcRelationshipType that this request is from
* @returns an observable for the all the values needed to initialize the service
*/
protected onForwardInit(): Observable<AuthorizationManagerInitProperties>;
/**
* Called when the forwarded services counterpart wants to get data from the parent
* @param from The RpcRelationshipType that this request is from
* @param name The name of the method to forward to
* @param args The arguments of the method
* @returns an observable for the result of the method call
*/
protected onForwardExecute(from: RpcRelationshipType, name: string, args: any[]): Observable<any>;
/**
* Called when the forwarded services counterpart sends a notify message
* @param from The RpcRelationshipType that this request is from
* @param name The name of the property to change
* @param value The new value of the property
* @returns an observable that completes when the property has been changed.
*/
protected onForwardNotify(from: RpcRelationshipType, name: string, value: any): Observable<void>;
/**
* Creates a secure token from the given options that may be used for node authentication
*
* @param options The token creation options
*/
private secureToken;
/**
* Completes the token awaiter
*/
private completeTokenAwaiter;
/**
* Completes the sign on token awaiter
*/
private completeSignOnTokenAwaiter;
/**
* Gets the error data.
* @param code the http status code.
* @param error the AJAX error object.
*/
private getErrorData;
/**
* Updates the authorization cache. Does nothing if we are not running in shell
*/
private updateCache;
}