UNPKG

@microsoft/windows-admin-center-sdk

Version:

Microsoft - Windows Admin Center Shell

855 lines (853 loc) 35.7 kB
import { of, Subject, throwError } from 'rxjs'; import { map, mergeMap, take } from 'rxjs/operators'; import { Crypto } from '../data/crypto'; import { headerConstants } from '../data/http-constants'; import { Net } from '../data/net'; import { Logging } from '../diagnostics/logging'; import { RpcForwarder, RpcServiceForwarder } from '../rpc/rpc-forwarder'; import { SignOnManager } from './sign-on-manager'; /** * Authorization Manager class. Handles SME authentication for service requests. */ export class AuthorizationManager extends RpcServiceForwarder { authorize; /** * Cache key for session storage of authorization cache */ static cacheKey = 'AuthorizationManager.cache.v1'; /** * If no laps local admin name is defined, it will default to 'administrator' */ static defaultLapsLocalAdminName = 'administrator'; static rpcCommands = { setNodeToken: 'setNodeToken', setNodeTokens: 'setNodeTokens', manageAsToken: 'manageAsToken', setNodeTokenError: 'setNodeTokenError', setJeaContext: 'setJeaContext', clearNodeTokens: 'clearNodeTokens', getNewToken: 'getNewToken', secureToken: 'secureToken', encrypt: 'encrypt', getSignOnToken: 'getSignOnToken', setSignOnToken: 'setSignOnToken', setSignOnTokenError: 'setSignOnTokenError' }; /** * Create a map of nodeNames to token objects to hold node specific tokens. */ nodeTokens; /** * The sign on operation manager. */ signOnManager; /** * The backing store fro the manageAsToken */ token; /** * The JSON Web Key. Single string with JSON.stringify format. */ jwk; /** * Credentials expiration time, used to determine the lifetime of new tokens. Value in milliseconds. */ credentialsExpirationTimeInMs; /** * Underlying implementation subject for credentialExpiration observable */ credentialExpirationChangedSubject; /** * Observable that emits whenever the credentials expiration has changed */ credentialExpirationChanged; /** * Set the admin configured expiration time in milliseconds * If this is not set it will be defaulted to 365 days. */ set authExpirationInMs(expirationTimeInMs) { this.credentialsExpirationTimeInMs = expirationTimeInMs; this.credentialExpirationChangedSubject.next(expirationTimeInMs); } /** * The logon user returned by gateway's api/user */ logOnUser; /** * Sets logon user and caches the value */ set shellLogOnUser(username) { this.logOnUser = username; this.updateCache(); } /** * The mapping of connections to PowershellEndpoints */ nodePowershellEndpoints; /** * The token awaiter subject. */ tokenAwaiter; /** * The subject observable of sign on token awaiter. */ signOnTokenAwaiter; /** * Sets the current manage as token * If running with an Rpc child, notify of the change */ set manageAsToken(token) { this.token = token; this.nodePowershellEndpoints = {}; this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.manageAsToken, token); this.updateCache(); } /** * Gets the current manage as token */ get manageAsToken() { return this.token; } /** * Sets the gateway encryption certificate JWK. * If this is not set by Shell/Add-Connection, it will send clear text password. */ set gatewayJwk(jwk) { if (this.jwk !== jwk) { this.resetAllTokens(); } this.jwk = jwk; this.gatewayJwkChangedSubject.next(jwk); this.updateCache(); } /** * Observable that emits whenever the gateways Jwk has changed */ gatewayJwkChanged; /** * Underlying implementation subject for gatewayJwkChanged observable */ gatewayJwkChangedSubject; /** * Gets the gateway encryption certificate JWK. */ get gatewayJwk() { return this.jwk; } /** * Gets an observable the emits when the authorization token is ready */ get authAwaiter() { if (this.tokenAwaiter && !this.tokenAwaiter.closed) { // return the global token return this.tokenAwaiter; } // return the global token return of({ appliesTo: null, token: this.manageAsToken }); } /** * Initializes a new instance of the Authorization Manager class * @param authorize An AuthorizationHandler with which to retrieve user credentials * @param rpc The rpc to forward auth requests to a parent window */ constructor(authorize, rpc) { super('authorization-manager', rpc); this.authorize = authorize; this.gatewayJwkChangedSubject = new Subject(); this.gatewayJwkChanged = this.gatewayJwkChangedSubject.asObservable(); this.credentialExpirationChangedSubject = new Subject(); this.credentialExpirationChanged = this.credentialExpirationChangedSubject.asObservable(); this.nodeTokens = {}; this.nodePowershellEndpoints = {}; if (MsftSme.isShell()) { // attempt to restore from storage if this is a shell instance const cachedDataString = MsftSme.SessionStorageHandler.getItem(AuthorizationManager.cacheKey); if (!MsftSme.isNullOrWhiteSpace(cachedDataString)) { try { const cachedData = JSON.parse(cachedDataString); // verify data and set properties this.jwk = cachedData.jwk || null; this.manageAsToken = cachedData.manageAsToken || null; this.nodeTokens = cachedData.nodeTokens || {}; this.nodePowershellEndpoints = cachedData.nodePowershellEndpoints || {}; this.logOnUser = cachedData.logOnUser; } catch (error) { MsftSme.SessionStorageHandler.removeItem(AuthorizationManager.cacheKey); } } } this.signOnManager = new SignOnManager(() => this.refreshSignOnToken()); } /** * defines the conditions under which the AuthorizationManager can handle an ajax error */ canHandleAjaxFailure(code, error) { // we can handle ajax errors if we have a getter defined, and the code is Unauthorized (401) or we get a cim authorization failure return this.authorize && Net.isUnauthorized(error); } /** * When canHandle returns true for an ajax error, this method can be called to handle that error. */ handleAjaxFailure(code, request, error, nodeName) { const errorData = this.getErrorData(code, error); return this.getNewToken(nodeName, errorData) .pipe(mergeMap(response => { // There may be multiple nodes requesting authentication, but we can only ask the user for one. // check if the result if for our node, otherwise try again. // It looks for inside of array only for first name. const names = response.appliesTo; const isTokenForNode = !names || names === nodeName || (Array.isArray(names) && names[0] === nodeName); if (isTokenForNode) { // this token applies to our node, so continue this.addAuthorizationRequestHeader(request, nodeName); return of(request); } else { // this token did not apply to our node. Ask again. return this.handleAjaxFailure(code, request, error, nodeName); } })); } /** * Check if it can handle the error. * * @param response the response of CIM stream query. */ canHandleStreamFailure(response) { // access denied case. return response && response.response && response.response.statusCode === 401 /* HttpStatusCode.Unauthorized */; } /** * When canHandle returns true for an ajax error, this method can be called to handle that error. */ handleStreamFailure(nodeName, options, response) { let message = response.response.error && response.response.error.message; if (!message) { const errors = response.response.errors; if (errors && errors.length > 0) { message = errors[0].message; } } const errorData = { statusCode: response.response.statusCode, errorCode: 'Unauthorized', errorMessage: message }; return this.getNewToken(nodeName, errorData) .pipe(mergeMap(result => { const names = result.appliesTo; const isTokenForNode = !names || names === nodeName || (Array.isArray(names) && names[0] === nodeName); if (isTokenForNode) { const token = this.getSavedNodeToken(nodeName); if (token) { if (options) { options.authToken = token; } else { options = { authToken: token }; } } return of(options); } else { return this.handleStreamFailure(nodeName, options, response); } })); } saveJeaContext(nodeName, endpoint) { Logging.trace({ view: 'sme-ui-control', instance: 'saveJeaContext', action: 'command-click', data: { message: 'Establishing session using JEA endpoint' } }); this.setJeaEndpoint(nodeName, endpoint); this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setJeaContext, { nodeName: nodeName, endpoint: endpoint }); } getJeaEndpoint(nodeName) { return this.nodePowershellEndpoints[nodeName.toLocaleLowerCase()]; } /** * Associates a node to use a specified JEA endpoint */ setJeaEndpoint(nodeName, endpoint) { this.nodePowershellEndpoints[nodeName.toLocaleLowerCase()] = endpoint; this.updateCache(); } getNewToken(nodeNames, errorData) { // if we are already awaiting a token, then hook into the current request and try using that token if (this.tokenAwaiter && !this.tokenAwaiter.closed) { return this.tokenAwaiter; } // ensure input is an array only if not null. if (nodeNames && !Array.isArray(nodeNames)) { nodeNames = [nodeNames]; } // define a new subject for multiple requests to wait on this.tokenAwaiter = new Subject(); // try to forward execute getNewToken from our parent const parentExecuter = this.forwardExecute(0 /* RpcRelationshipType.Parent */, AuthorizationManager.rpcCommands.getNewToken, [nodeNames, errorData]); if (parentExecuter) { return this.tokenAwaiter; } // Need to clear the endpoints before we acquire a new token, // because we must try new credentials in an admin context before any fallback happens. if (nodeNames) { for (const node of nodeNames) { this.setJeaEndpoint(node, null); } } // since we could not forward the request We must ask for the auth token ourselves this.authorize(nodeNames, errorData) .pipe(mergeMap(credentials => { if (credentials.applyToAllNodes) { this.nodeTokens = {}; this.updateCache(); const forward = this.forwardExecute(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.clearNodeTokens, []); if (forward) { return forward.pipe(map(() => credentials)); } } return of(credentials); }), mergeMap(credentials => { const appliesTo = credentials.applyToAllNodes ? null : nodeNames || null; return this.createSecureToken({ username: credentials.username, password: credentials.password, useLaps: credentials.useLaps, lapsLocalAdminName: credentials.lapsLocalAdminName }).pipe(map(token => { return { token: token, appliesTo: appliesTo }; })); }), // take the next 1 result and use it for our token. // We can now notify anyone waiting for auth and save the token take(1)) .subscribe({ next: result => { this.completeTokenAwaiter(result); this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setNodeToken, result); }, error: error => { this.completeTokenAwaiter(null, error); this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setNodeTokenError, RpcForwarder.ensureSerializable(error)); } }); return this.tokenAwaiter; } refreshSignOnToken() { // if we are already awaiting a token, then hook into the current request and try using that token if (this.signOnTokenAwaiter) { return this.signOnTokenAwaiter; } // define a new subject for multiple requests to wait on this.signOnTokenAwaiter = new Subject(); // try to forward execute getSignOnToken from our parent. const now = Date.now(); const parentExecuter = this.forwardExecute(0 /* RpcRelationshipType.Parent */, AuthorizationManager.rpcCommands.getSignOnToken, [now]); if (parentExecuter) { return this.signOnTokenAwaiter; } // since we could not forward the request We must ask for the signon token ourselves this.signOnManager.requestSignOnRefresh() .subscribe({ next: response => { this.completeSignOnTokenAwaiter(response); this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setSignOnToken, RpcForwarder.ensureSerializable(response)); }, error: error => { this.completeSignOnTokenAwaiter(null, error); this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setSignOnTokenError, RpcForwarder.ensureSerializable(error)); } }); return this.signOnTokenAwaiter; } /** * Forward Sign On Token to child frame. */ forwardSignOnToken() { const data = { time: Date.now(), token: this.signOnManager.signedHttpRequestToken }; this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setSignOnToken, data); } /** * @deprecated use createSecureToken() after configured gatewayJwk property. * * Creates a token from the given options that may be used for node authentication * @param options The token creation options */ createToken(options, passwordEncryptedWith = null) { // ensure a valid value for laps local admin name if (MsftSme.isNullOrWhiteSpace(options.lapsLocalAdminName)) { options.lapsLocalAdminName = AuthorizationManager.defaultLapsLocalAdminName; } // ensure username has a valid value if (MsftSme.isNullOrWhiteSpace(options.username)) { options.username = null; } if (options.useLaps || !options.username) { return { value: null, username: null, useLaps: options.useLaps, lapsLocalAdminName: options.lapsLocalAdminName }; } // ensure password has a valid value if (MsftSme.isNullOrWhiteSpace(options.password)) { options.password = null; } let username; if (options.username.indexOf('@') >= 0) { // domain is empty if UPN is used. username = ["", options.username]; } else { username = options.username.split('\\'); } const token = Net.createEncodedAuthenticationHeader(username, options.password, passwordEncryptedWith); return { value: token, username: options.username, useLaps: false, lapsLocalAdminName: null }; } /** * Creates a secure token from the given options that may be used for node authentication * * @param options The token creation options */ createSecureToken(options) { const forward = this.forwardExecute(0 /* RpcRelationshipType.Parent */, AuthorizationManager.rpcCommands.secureToken, [options]); if (forward) { return forward; } else { return this.secureToken(options); } } /** * Get the saved Auth token for a node. * * @param nodeName The nodeName to get token for. */ getSavedNodeToken(nodeName) { if (nodeName && this.nodeTokens[nodeName.toLocaleLowerCase()]) { return this.nodeTokens[nodeName.toLocaleLowerCase()]; } return this.manageAsToken; } /** * Sets a token on the given nodes * @param token The token to use for the given nodes * @param nodeName The names of the nodes to set the token for. If empty or null, the token will be used as the global manageAs token * @returns an Observable indicating that the token has been set. */ setNodeTokens(token, nodeNames) { // if we have a parent instance, just forward it and return the result const forward = this.forwardExecute(0 /* RpcRelationshipType.Parent */, AuthorizationManager.rpcCommands.setNodeTokens, [token, nodeNames]); if (forward) { return forward; } // otherwise process the token const childSetTokenResponse = { token: token }; if (!nodeNames || !Array.isArray(nodeNames) || nodeNames.length === 0) { this.manageAsToken = token; } else { childSetTokenResponse.appliesTo = nodeNames; nodeNames.forEach(nodeName => this.nodeTokens[nodeName.toLocaleLowerCase()] = token); } this.updateCache(); // notify all child instances of the token change. this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setNodeToken, childSetTokenResponse, true); // return a null observable, indicating we are done. return of(null); } /** * Adds a authorization header to a request given a node with a manageAsToken * @param request The request to add headers to * @param nodeName optional. The node to add headers for if not provided, the global token will be used * @param token optional. The token to use for the headers. if provided, the nodeName is not used. */ addAuthorizationRequestHeader(request, nodeName, token) { if (!token) { token = this.getSavedNodeToken(nodeName); } if (token) { if (token.value) { // If username and password are explicitly provided, we only add the Authorization header. request.headers[headerConstants.SME_AUTHORIZATION] = token.value; } else { // If not, we add useLaps header. request.headers[headerConstants.USE_LAPS] = token.useLaps; request.headers[headerConstants.LAPS_LOCALADMINNAME] = token.lapsLocalAdminName; } } } /** * Create token headers. * * @param nodeName the node name. * @param token the token to override current setting (optional). */ createTokenHeaders(nodeName, token) { const headers = {}; token = token || this.getSavedNodeToken(nodeName); if (token) { if (token.value) { // If username and password are explicitly provided, we only add the Authorization header. headers[headerConstants.SME_AUTHORIZATION] = token.value; } else { // If not, we add useLaps header. headers[headerConstants.USE_LAPS] = token.useLaps ? 'true' : 'false'; headers[headerConstants.LAPS_LOCALADMINNAME] = token.lapsLocalAdminName; } } return headers; } /** * Adds a authorization header to a request given a node with a manageAsToken */ addAuthorizationTokensToMultiPartBody(body, nodeName, token) { if (!token) { token = this.getSavedNodeToken(nodeName); } if (token) { if (token.value) { // If username and password are explicitly provided, we only add the Authorization header. body.push(headerConstants.SME_AUTHORIZATION + ': ' + token.value); } else { // If not, we add useLaps header. body.push(headerConstants.USE_LAPS + ': ' + token.useLaps); body.push(headerConstants.LAPS_LOCALADMINNAME + ': ' + token.lapsLocalAdminName); } } } resetAllTokens() { this.manageAsToken = null; this.nodePowershellEndpoints = {}; this.nodeTokens = {}; this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.manageAsToken, null); this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.clearNodeTokens, []); this.updateCache(); } /** * Encrypts a string value using the jwk from the gateway */ encrypt(value) { const forward = this.forwardExecute(0 /* RpcRelationshipType.Parent */, AuthorizationManager.rpcCommands.encrypt, [value]); if (forward) { return forward; } return Crypto.encryptRsaSha1(this.jwk, value); } /** * Called on a child service instance when onForwardInit returns from the parent * @param data The response from the forwardInit call */ onForwardInitResponse(data) { if (data && data.error) { // if there is an error, we cannot continue, so throw it throw data.error; } this.manageAsToken = data.result.manageAsToken; this.nodeTokens = data.result.nodeTokens; this.nodePowershellEndpoints = data.result.nodePowershellEndpoints; this.signOnManager.signedHttpRequestToken = data.result.signOnToken; } /** * Called when a new instance of the service in another window is initialized and needs to synchronize with its parent * @param from The RpcRelationshipType that this request is from * @returns an observable for the all the values needed to initialize the service */ onForwardInit() { // authorization manager doesn't pass any properties to child services at this time. return of({ manageAsToken: this.manageAsToken, nodeTokens: this.nodeTokens, nodePowershellEndpoints: this.nodePowershellEndpoints, signOnToken: this.signOnManager.signedHttpRequestToken }); } /** * Called when the forwarded services counterpart wants to get data from the parent * @param from The RpcRelationshipType that this request is from * @param name The name of the method to forward to * @param args The arguments of the method * @returns an observable for the result of the method call */ onForwardExecute(from, name, args) { // command comes from child if (from === 1 /* RpcRelationshipType.Child */) { switch (name) { case AuthorizationManager.rpcCommands.getNewToken: { // start getting the new token, but return immediately to avoid timeout const subscription = this.getNewToken(args ? args[0] : null, args ? args[1] : null) .subscribe({ next: () => subscription.unsubscribe(), error: error => { subscription.unsubscribe(); this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setNodeTokenError, RpcForwarder.ensureSerializable(error)); } }); return of(null); } case AuthorizationManager.rpcCommands.secureToken: { const options = args && args[0]; if (!options) { return of(null); } return this.secureToken(options); } case AuthorizationManager.rpcCommands.encrypt: { const options = args && args[0]; if (!options) { return of(null); } return this.encrypt(options); } case AuthorizationManager.rpcCommands.setNodeTokens: { const token = args && args[0]; const nodes = args && args[1]; if (!token) { return of(null); } return this.setNodeTokens(token, nodes); } case AuthorizationManager.rpcCommands.getSignOnToken: { const subscription = this.refreshSignOnToken() .subscribe({ next: () => subscription.unsubscribe(), error: error => { subscription.unsubscribe(), this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setSignOnTokenError, RpcForwarder.ensureSerializable(error)); } }); return of(null); } } } // command comes from parent if (from === 0 /* RpcRelationshipType.Parent */) { if (name === AuthorizationManager.rpcCommands.clearNodeTokens) { this.nodeTokens = {}; this.nodePowershellEndpoints = {}; // if we also have children, forward the request on const forward = this.forwardExecute(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.clearNodeTokens, args); return forward || of(null); } } // command not implemented return this.nameNotFound(name); } /** * Called when the forwarded services counterpart sends a notify message * @param from The RpcRelationshipType that this request is from * @param name The name of the property to change * @param value The new value of the property * @returns an observable that completes when the property has been changed. */ onForwardNotify(from, name, value) { // allow our parent to give us a new token. if (from === 0 /* RpcRelationshipType.Parent */) { if (name === AuthorizationManager.rpcCommands.manageAsToken) { this.manageAsToken = value; // if we also have children, forward the notification on const forward = this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.manageAsToken, value); return forward || of(null); } if (name === AuthorizationManager.rpcCommands.setNodeToken) { if (!value) { const message = MsftSme.getStrings().MsftSmeShell.Core.Error.InvalidValue.message; return throwError(() => message.format(AuthorizationManager.rpcCommands.setNodeToken)); } this.completeTokenAwaiter(value); const forward = this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setNodeToken, value); return forward || of(null); } if (name === AuthorizationManager.rpcCommands.setNodeTokenError) { if (!value) { const message = MsftSme.getStrings().MsftSmeShell.Core.Error.InvalidValue.message; return throwError(() => message.format(AuthorizationManager.rpcCommands.setNodeTokenError)); } this.completeTokenAwaiter(null, value); const forward = this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setNodeTokenError, value); return forward || of(null); } if (name === AuthorizationManager.rpcCommands.setJeaContext) { if (!value) { const message = MsftSme.getStrings().MsftSmeShell.Core.Error.InvalidValue.message; return throwError(() => message.format(AuthorizationManager.rpcCommands.setJeaContext)); } this.saveJeaContext(value.nodeName, value.endpoint); const forward = this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setJeaContext, value); return forward || of(null); } if (name === AuthorizationManager.rpcCommands.setSignOnToken) { if (!value) { const message = MsftSme.getStrings().MsftSmeShell.Core.Error.InvalidValue.message; return throwError(() => message.format(AuthorizationManager.rpcCommands.setNodeToken)); } this.completeSignOnTokenAwaiter(value); const forward = this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setSignOnToken, value); return forward || of(null); } if (name === AuthorizationManager.rpcCommands.setSignOnTokenError) { if (!value) { const message = MsftSme.getStrings().MsftSmeShell.Core.Error.InvalidValue.message; return throwError(() => message.format(AuthorizationManager.rpcCommands.setNodeTokenError)); } this.completeSignOnTokenAwaiter(null, value); const forward = this.forwardNotify(1 /* RpcRelationshipType.Child */, AuthorizationManager.rpcCommands.setSignOnTokenError, value); return forward || of(null); } } return this.nameNotFound(name); } /** * Creates a secure token from the given options that may be used for node authentication * * @param options The token creation options */ secureToken(options) { // ensure a valid value for laps local admin name if (MsftSme.isNullOrWhiteSpace(options.lapsLocalAdminName)) { options.lapsLocalAdminName = AuthorizationManager.defaultLapsLocalAdminName; } // ensure username has a valid value if (MsftSme.isNullOrWhiteSpace(options.username)) { options.username = null; } if (options.useLaps || !options.username) { return of({ value: null, username: null, useLaps: options.useLaps, lapsLocalAdminName: options.lapsLocalAdminName }); } // ensure password has a valid value if (MsftSme.isNullOrWhiteSpace(options.password)) { options.password = null; } let username; if (options.username.indexOf('@') >= 0) { // domain is empty if UPN is used. username = ["", options.username]; } else { username = options.username.split('\\'); } const tokenData = { value: undefined, username: options.username, useLaps: false, lapsLocalAdminName: null }; if (this.jwk) { return Net.createEncryptedAuthenticationHeader(this.jwk, username, options.password, this.logOnUser, this.credentialsExpirationTimeInMs) .pipe(map(newToken => { tokenData.value = newToken; return tokenData; })); } tokenData.value = Net.createEncodedAuthenticationHeader(username, options.password); return of(tokenData); } /** * Completes the token awaiter */ completeTokenAwaiter(result, error) { if (error) { if (this.tokenAwaiter) { const awaiter = this.tokenAwaiter; this.tokenAwaiter = null; awaiter.error(error); } } else { if (!result.appliesTo) { this.manageAsToken = result.token; } else if (Array.isArray(result.appliesTo)) { result.appliesTo.forEach(nodeName => { this.nodeTokens[nodeName.toLocaleLowerCase()] = result.token; }); this.updateCache(); } else { this.nodeTokens[result.appliesTo.toLocaleLowerCase()] = result.token; this.updateCache(); } if (this.tokenAwaiter) { const awaiter = this.tokenAwaiter; this.tokenAwaiter = null; awaiter.next(result); awaiter.complete(); } } } /** * Completes the sign on token awaiter */ completeSignOnTokenAwaiter(result, error) { const awaiter = this.signOnTokenAwaiter; if (awaiter) { this.signOnTokenAwaiter = null; } if (error) { if (awaiter) { awaiter.error(error); } return; } if (result.token) { this.signOnManager.signedHttpRequestToken = result.token; } else { Logging.logError('Shell.AuthorizationManager', 'Null token was passed.'); } if (awaiter) { awaiter.next(result); awaiter.complete(); } } /** * Gets the error data. * @param code the http status code. * @param error the AJAX error object. */ getErrorData(code, error) { return { statusCode: code, errorCode: error && error.xhr && error.xhr.response && error.xhr.response.error && error.xhr.response.error.code, errorMessage: Net.getErrorMessage(error) }; } /** * Updates the authorization cache. Does nothing if we are not running in shell */ updateCache() { if (!MsftSme.isShell()) { // ignore if not shell return; } // update cached data const cacheData = { jwk: this.jwk, manageAsToken: this.manageAsToken, nodePowershellEndpoints: this.nodePowershellEndpoints, nodeTokens: this.nodeTokens }; MsftSme.SessionStorageHandler.setItem(AuthorizationManager.cacheKey, JSON.stringify(cacheData)); } } //# sourceMappingURL=authorization-manager.js.map