UNPKG

ember-simple-auth-loopback-3

Version:

Loopback 3 support for ember-simple-auth

github.com/shokmaster/ember-simple-auth-loopback-3

shokmaster/ember-simple-auth-loopback-3

165 lines (149 loc) 4.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
import $ from 'jquery'; import BaseAuthenticator from 'ember-simple-auth/authenticators/base'; import RSVP from 'rsvp'; import { A } from '@ember/array'; import { isEmpty } from '@ember/utils'; import { run } from '@ember/runloop'; /** * Authenticator that works with Loopback's default authentication * * @class LoopbackAuthenticator * @module ember-simple-auth-loopback-3/authenticators/loopback * @extends BaseAuthenticator * @public */ export default BaseAuthenticator.extend({ /** * The endpoint on the server that authentication and token refresh requests * are sent to. * * @property loginEndpoint * @type String * @default '/token' * @public */ loginEndpoint: '/User/login', /** * The endpoint on the server that token revocation requests are sent to. Only * set this if the server actually supports token revokation. If this is * `null`, the authenticator will not revoke tokens on session invalidation. * * __If token revocation is enabled but fails, session invalidation will be * intercepted and the session will remain authenticated (see * {{#crossLink "OAuth2PasswordGrantAuthenticator/invalidate:method"}}{{/crossLink}}).__ * * @property logoutEndpoint * @type String * @default null * @public */ logoutEndpoint: null, /** * Restores the session from a session data object; __will return a resolving * promise when there is a non-empty `id` in the session data__ and * a rejecting promise otherwise. * * @method restore * @param {Object} data The data to restore the session from * @return {RSVP.Promise} A promise that when it resolves results in the session becoming or remaining authenticated * @public */ restore(data) { return new RSVP.Promise((resolve, reject) => { if (isEmpty(data.id)) { reject(); } else { resolve(data); } }); }, /** * Authenticates the session with the specified `username`, and `password`; * issues a `POST` request to the loginEndpoint. * * __If the credentials are valid and thus authentication succeeds, * a promise that resolves with the server's response is returned__, * otherwise a promise that rejects with the * error as returned by the server is returned. * * @method authenticate * @param {String} username The resource owner username * @param {String} password The resource owner password * @return {RSVP.Promise} A promise that when it resolves results in the session becoming authenticated * @public */ authenticate(email, password, scope = []) { // eslint-disable-line no-unused-vars return new RSVP.Promise((resolve, reject) => { const data = { email, password }; const loginEndpoint = this.get('loginEndpoint'); this.makeRequest(loginEndpoint, data).then((response) => { run(() => { resolve(response); }); }, (xhr) => { run(null, reject, xhr.responseJSON || xhr.responseText); }); }); }, /** * If token revocation is enabled, this will revoke the access token (and the * refresh token if present). If token revocation succeeds, this method * returns a resolving promise, otherwise it will return a rejecting promise, * thus intercepting session invalidation. * * If token revocation is not enabled this method simply returns a resolving * promise. * * @method invalidate * @param {Object} data The current authenticated session data * @return {RSVP.Promise} A promise that when it resolves results in the session being invalidated * @public */ invalidate(data = {}) { const logoutEndpoint = this.get('logoutEndpoint'); function success(resolve) { run.cancel(this._refreshTokenTimeout); delete this._refreshTokenTimeout; resolve(); } return new RSVP.Promise((resolve) => { if (isEmpty(logoutEndpoint)) { success.apply(this, [resolve]); } else { const requests = []; A(['id']).forEach((tokenType) => { const token = data[tokenType]; if (!isEmpty(token)) { requests.push(this.makeRequest(logoutEndpoint, { token_type_hint: tokenType, token })); } }); const succeed = () => { success.apply(this, [resolve]); }; RSVP.all(requests).then(succeed, succeed); } }); }, /** * Makes a request to the OAuth 2.0 server. * * @method makeRequest * @param {String} url The request URL * @param {Object} data The request data * @return {jQuery.Deferred} A promise like jQuery.Deferred as returned by `$.ajax` * @protected */ makeRequest(url, data) { const options = { url, data: JSON.stringify(data), type: 'POST', dataType: 'json', contentType: 'application/json' }; return $.ajax(options); } });