UNPKG

passbolt-styleguide

Version:

Passbolt styleguide contains common styling assets used by the different sites, plugin, etc.

www.passbolt.com

passbolt/passbolt_styleguide

159 lines (141 loc) 4.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
/** * Passbolt ~ Open source password manager for teams * Copyright (c) 2022 Passbolt SA (https://www.passbolt.com) * * Licensed under GNU Affero General Public License version 3 of the or any later version. * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * * @copyright Copyright (c) 2022 Passbolt SA (https://www.passbolt.com) * @license https://opensource.org/licenses/AGPL-3.0 AGPL License * @link https://www.passbolt.com Passbolt(tm) * @since 3.11.0 */ import { isValidEmail, isValidUuid } from "../../utils/assertions"; const SSO_POPUP_WINDOW_HEIGHT = 600; const SSO_POPUP_WINDOW_WIDTH = 380; export const AUTHENTICATION_SUCCESS_CASES = { DEFAULT: "default", REGISTRATION_REQUIRED: "registration_required", }; /** * Handles the SSO login popup for the identification process. */ class SsoPopupHandlerService { /** * SsoPopupHandlerService ctor * @param {URL} siteDomain * @param {string} providerId the third-party SSO provider identifier */ constructor(siteDomain, providerId) { this.popup = null; this.intervalCheck = null; this.expectedSuccessUrl = `${siteDomain}/sso/recover/${providerId}/success`; this.expectedErrorUrl = `${siteDomain}/sso/recover/error`; this.resolvePromise = null; this.rejectPromise = null; this.verifyPopup = this.verifyPopup.bind(this); this.handlePopupVerification = this.handlePopupVerification.bind(this); this.processSuccessUrl = this.processSuccessUrl.bind(this); this.processErrorUrl = this.processErrorUrl.bind(this); } /** * Opens a new popup with the given URL * @param {URL} url * @returns {Promise<string>} returns a promise that resolve with the code from the third party */ getSsoTokenFromThirdParty(url) { this.popup = window.open( undefined, "__blank", `popup,width=${SSO_POPUP_WINDOW_WIDTH},height=${SSO_POPUP_WINDOW_HEIGHT}`, ); this.popup.opener = null; this.popup.location.href = url.toString(); return new Promise(this.handlePopupVerification); } /** * Handles the set of the promise resolver and rejected plus start the reccurent check. * @param {func} resolvePromise * @param {func} rejectPromise */ handlePopupVerification(resolvePromise, rejectPromise) { this.resolvePromise = resolvePromise; this.rejectPromise = rejectPromise; this.intervalCheck = setInterval(this.verifyPopup, 200); } /** * Verify the URL in the currently opened popup. * If the popup is closed or inaccessible, we consider it to be closed by the user and the promise is rejected. * If the popup is on a URL that is not part of our domain an execption is raised and caught, but the process continues. * Once the expected URL is found, we resolve the promise with the found token. */ verifyPopup() { if (!this.popup || this.popup?.closed) { this.rejectPromise(new Error("The user navigated away from the tab where the SSO sign-in initiated")); this.close(); return; } let popupUrl = null; try { popupUrl = this.popup.location.href; } catch (e) { console.error(e); return; } if (popupUrl.startsWith(this.expectedSuccessUrl)) { this.processSuccessUrl(popupUrl); } else if (popupUrl.startsWith(this.expectedErrorUrl)) { this.processErrorUrl(popupUrl); } } /** * Process the given URL for a successful SSO authentication. * The URL is expected to contain a parameter `token` with a UUID. * * @param {string} url * @private */ processSuccessUrl(url) { const parsedUrl = new URL(url); const token = parsedUrl.searchParams.get("token"); if (!isValidUuid(token)) { return; } this.resolvePromise({ case: AUTHENTICATION_SUCCESS_CASES.DEFAULT, token: token, }); this.close(); } /** * Process the given URL for a SSO authentication that succeed but failed on Passbolt instace. * The URL might contain a parameter `email` if the user is allowed to self_register. * * @param {string} url * @private */ processErrorUrl(url) { const parsedUrl = new URL(url); const email = parsedUrl.searchParams.get("email"); if (!isValidEmail(email)) { return; } this.resolvePromise({ case: AUTHENTICATION_SUCCESS_CASES.REGISTRATION_REQUIRED, email: email, }); this.close(); } /** * Closes the popup it still opened and reset the handler. */ close() { this.rejectPromise = null; this.resolvePromise = null; this.popup?.close(); this.popup = null; clearInterval(this.intervalCheck); } } export default SsoPopupHandlerService;