diffusion
Version:
Diffusion JavaScript client
434 lines (433 loc) • 20.1 kB
JavaScript
;
/**
* @module Security
*/
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
var __values = (this && this.__values) || function(o) {
var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
if (m) return m.call(o);
if (o && typeof o.length === "number") return {
next: function () {
if (o && i >= o.length) o = void 0;
return { value: o && o[i++], done: !o };
}
};
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecurityImpl = void 0;
var CommandService = require("./../client/command-service");
var control_group_1 = require("./../control/control-group");
var registration_1 = require("./../control/registration");
var security_script_builder_1 = require("./../features/security/security-script-builder");
var system_authentication_script_builder_1 = require("./../features/security/system-authentication-script-builder");
var security_command_script_1 = require("./../services/authentication/security-command-script");
var Services = require("./../services/security-services");
var authenticator_response_1 = require("./../services/security/authenticator-response");
var logger = require("./../util/logger");
var require_non_null_1 = require("./../util/require-non-null");
var error_reason_1 = require("../../errors/error-reason");
var security_1 = require("../../features/security");
var log = logger.create('Session.Security');
/**
* Implementation of the {@link Security} feature
*/
var SecurityImpl = /** @class */ (function () {
function SecurityImpl(internal) {
/**
* The global permission enum
*/ // eslint-disable-next-line @typescript-eslint/naming-convention
this.GlobalPermission = security_1.GlobalPermission;
/**
* The path permission enum
*/ // eslint-disable-next-line @typescript-eslint/naming-convention
this.PathPermission = security_1.PathPermission;
this.internal = internal;
var serviceLocator = internal.getServiceLocator();
this.CHANGE_PRINCIPAL = serviceLocator.obtain(Services.CHANGE_PRINCIPAL);
this.GET_SECURITY_CONFIGURATION = serviceLocator.obtain(Services.GET_SECURITY_CONFIGURATION);
this.GET_SYSTEM_AUTHENTICATION = serviceLocator.obtain(Services.GET_SYSTEM_AUTHENTICATION);
this.UPDATE_SECURITY_CONFIGURATION = serviceLocator.obtain(Services.UPDATE_SECURITY_CONFIGURATION);
this.UPDATE_SYSTEM_AUTHENTICATION = serviceLocator.obtain(Services.UPDATE_SYSTEM_AUTHENTICATION);
this.AUTHENTICATOR_DEREGISTRATION = serviceLocator.obtain(Services.AUTHENTICATOR_DEREGISTRATION);
this.LIST_GLOBAL_PERMISSIONS = serviceLocator.obtain(Services.LIST_GLOBAL_PERMISSIONS);
this.LIST_PATH_PERMISSIONS = serviceLocator.obtain(Services.LIST_PATH_PERMISSIONS);
this.REVOKE_AUTHENTICATION = serviceLocator.obtain(Services.REVOKE_AUTHENTICATION);
this.RE_AUTHENTICATE = serviceLocator.obtain(Services.RE_AUTHENTICATE);
internal.getServiceRegistry().add(Services.AUTHENTICATOR, CommandService.create(function (internalSession, req, callback) {
internalSession.getConversationSet().respondIfPresent(req.cid, { req: req, callback: callback });
}));
}
/**
* @inheritdoc
*/
SecurityImpl.prototype.getPrincipal = function () {
return this.internal.getPrincipal();
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.reauthenticate = function (principal, credentials, proposedSessionProperties) {
var _this = this;
return new Promise(function (resolve, reject) {
require_non_null_1.requireNonNull(principal, 'principal');
require_non_null_1.requireNonNull(credentials, 'credentials');
require_non_null_1.requireNonNull(proposedSessionProperties, 'proposedSessionProperties');
if (_this.internal.checkConnected(reject)) {
log.debug('Reauthenticating principal', principal);
_this.internal.getServiceLocator().obtain(Services.RE_AUTHENTICATE).send({
principal: principal,
credentials: credentials,
proposedSessionProperties: proposedSessionProperties
}, function (err, response) {
if (err) {
reject(err);
}
else {
if (response) {
_this.internal.setPrincipal(principal);
}
resolve(response !== null && response !== void 0 ? response : false);
}
});
}
});
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.changePrincipal = function (principal, credentials) {
return __awaiter(this, void 0, void 0, function () {
var response;
return __generator(this, function (_a) {
switch (_a.label) {
case 0: return [4 /*yield*/, this.reauthenticate(principal, credentials, {})];
case 1:
response = _a.sent();
if (!response) {
throw new Error('Unable to change principal due to authentication failure');
}
return [2 /*return*/];
}
});
});
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.getSecurityConfiguration = function () {
var _this = this;
return new Promise(function (resolve, reject) {
if (_this.internal.checkConnected(reject)) {
log.debug('Getting security configuration');
_this.GET_SECURITY_CONFIGURATION.send(null, function (err, response) {
if (err) {
reject(err);
}
else {
resolve(response);
}
});
}
});
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.getSystemAuthenticationConfiguration = function () {
var _this = this;
return new Promise(function (resolve, reject) {
if (_this.internal.checkConnected(reject)) {
log.debug('Getting system authentication');
_this.GET_SYSTEM_AUTHENTICATION.send(null, function (err, response) {
if (err) {
reject(err);
}
else {
resolve(response);
}
});
}
});
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.setAuthenticator = function (handlerName, authenticator) {
var _this = this;
return new Promise(function (resolve, reject) {
var closingRegistration = false;
if (_this.internal.checkConnected(reject)) {
try {
require_non_null_1.requireNonNull(handlerName, 'handlerName');
require_non_null_1.requireNonNull(authenticator, 'authenticator');
}
catch (e) {
reject(e);
return;
}
// tslint:disable:strict-type-predicates
if (typeof authenticator.authenticate !== 'function'
|| typeof authenticator.onError !== 'function'
|| typeof authenticator.onClose !== 'function') {
// tslint:enable:strict-type-predicates
reject(new Error('authenticator does not implement the Authenticator interface'));
}
log.debug('Adding authenticator', handlerName);
var params_1 = {
name: handlerName,
definition: Services.AUTHENTICATOR,
group: control_group_1.DEFAULT
};
var adapter = {
active: function (close, cid) {
log.debug('Authenticator active', handlerName);
var registration = {
close: function () {
return new Promise(function (resolveRegistration) {
closingRegistration = true;
_this.AUTHENTICATOR_DEREGISTRATION.send(params_1, function (err, response) {
if (err) {
_this.internal.getConversationSet().discard(cid, err);
log.debug('Error with authenticator deregistration: ', err);
}
else {
_this.internal.getConversationSet().respondIfPresent(cid, response);
authenticator.onClose();
}
resolveRegistration();
});
});
}
};
resolve(registration);
},
respond: function (msg) {
if (closingRegistration) {
return true;
}
var req = msg.req;
var callback = msg.callback;
try {
authenticator.authenticate(req.principal, req.credentials, req.sessionProperties, req.proposedProperties, {
allow: function (properties) {
var e_1, _a;
if (properties) {
properties = Object.assign({}, properties);
try {
for (var _b = __values(Object.getOwnPropertyNames(req.sessionProperties)), _c = _b.next(); !_c.done; _c = _b.next()) {
var key = _c.value;
if (properties[key] === req.sessionProperties[key]) {
delete properties[key];
}
}
}
catch (e_1_1) { e_1 = { error: e_1_1 }; }
finally {
try {
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
}
finally { if (e_1) throw e_1.error; }
}
}
callback.respond(new authenticator_response_1.AuthenticatorResponse(authenticator_response_1.TypeCode.ALLOW, properties));
},
abstain: function () {
callback.respond(authenticator_response_1.ABSTAIN);
},
deny: function () {
callback.respond(authenticator_response_1.DENY);
}
});
}
catch (err) {
authenticator.onError(err);
callback.fail(error_reason_1.ErrorReason.CALLBACK_EXCEPTION, err && err.message);
// rethrow so that the conversation can be discarded
throw err;
}
return false;
},
close: function (err) {
if (err) {
log.debug("'Authenticator closed with error for \"" + handlerName + "\"'");
authenticator.onError(err);
}
else {
log.debug("'Authentication Handler closed for \"" + handlerName + "\"'");
authenticator.onClose();
}
}
};
registration_1.registerHandler(_this.internal, params_1, adapter, Services.AUTHENTICATOR_REGISTRATION, Services.AUTHENTICATOR_DEREGISTRATION).then(undefined, function (err) {
reject(err);
});
}
});
};
/**
* Callback for processing the server response from a command script request.
*
* @param err any errors from the server
* @param response the response from the server
* @param resolve a callback to resolve the request
* @param reject a callback to signal an error
*/
SecurityImpl.prototype.updateStoreCallback = function (err, response, resolve, reject) {
if (err) {
reject(err);
}
else if (response.errors.length > 0) {
reject(response.errors);
}
else {
resolve();
}
};
/**
* Send a command script to the server and process the result
*
* @param updater the command service to send the script to
* @param script the command script
* @return the {@link Promise} that resolves when the operation
* completes successfully
*/
SecurityImpl.prototype.updateStore = function (updater, script) {
var _this = this;
return new Promise(function (resolve, reject) {
if (script === '') {
resolve();
// tslint:disable-next-line:strict-type-predicates
}
else if (!script || typeof script !== 'string') {
reject(new Error("Invalid argument for script: " + script));
}
else if (_this.internal.checkConnected(reject)) {
updater.send(new security_command_script_1.SecurityCommandScript(script), function (err, response) {
_this.updateStoreCallback(err, response, resolve, reject);
});
}
});
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.updateSecurityStore = function (script) {
log.debug('Updating security store');
return this.updateStore(this.UPDATE_SECURITY_CONFIGURATION, script);
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.updateAuthenticationStore = function (script) {
log.debug('Updating authentication store');
return this.updateStore(this.UPDATE_SYSTEM_AUTHENTICATION, script);
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.securityScriptBuilder = function () {
return new security_script_builder_1.SecurityScriptBuilderImpl();
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.authenticationScriptBuilder = function () {
return new system_authentication_script_builder_1.SystemAuthenticationScriptBuilderImpl();
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.getGlobalPermissions = function () {
var _this = this;
return new Promise(function (resolve, reject) {
if (_this.internal.checkConnected(reject)) {
log.debug('Getting global permissions');
_this.LIST_GLOBAL_PERMISSIONS.send(null, function (err, response) {
if (err) {
reject(err);
}
else {
resolve(response.permissions);
}
});
}
});
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.getPathPermissions = function (path) {
var _this = this;
return new Promise(function (resolve, reject) {
if (_this.internal.checkConnected(reject)) {
log.debug('Getting path permissions');
_this.LIST_PATH_PERMISSIONS.send(path, function (err, response) {
if (err) {
reject(err);
}
else {
resolve(response.permissions);
}
});
}
});
};
/**
* @inheritdoc
*/
SecurityImpl.prototype.revokeAuthentication = function (sessionId) {
var _this = this;
return new Promise(function (resolve, reject) {
require_non_null_1.requireNonNull(sessionId, 'sessionId');
if (_this.internal.checkConnected(reject)) {
log.debug('Revoking authentication for session', sessionId);
_this.REVOKE_AUTHENTICATION.send(sessionId, function (err) {
if (err) {
reject(err);
}
else {
resolve();
}
});
}
});
};
return SecurityImpl;
}());
exports.SecurityImpl = SecurityImpl;