teko-oauth2
Version:
Teko Identity OAuth 2 Javascript Library for Web App Client
1,033 lines (856 loc) • 40.4 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", {
value: true
});
exports["default"] = void 0;
require("core-js/stable");
require("regenerator-runtime/runtime");
var _CheckSessionIdService = _interopRequireDefault(require("./CheckSessionIdService"));
var _CheckSessionServiceBFF = _interopRequireDefault(require("./CheckSessionServiceBFF"));
var _utils = require("./utils");
var _constants = require("./constants");
var _CheckSessionServiceIframe = _interopRequireDefault(require("./CheckSessionServiceIframe"));
var _IframeWindow = _interopRequireDefault(require("./IframeWindow"));
var _OidcClient = _interopRequireDefault(require("./OidcClient"));
var _SilentRenewService = _interopRequireDefault(require("./SilentRenewService"));
var _Storage = _interopRequireDefault(require("./Storage"));
var _User = _interopRequireDefault(require("./User"));
var _UserEvents = _interopRequireDefault(require("./UserEvents"));
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { "default": obj }; }
function _toConsumableArray(arr) { return _arrayWithoutHoles(arr) || _iterableToArray(arr) || _unsupportedIterableToArray(arr) || _nonIterableSpread(); }
function _nonIterableSpread() { throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
function _iterableToArray(iter) { if (typeof Symbol !== "undefined" && Symbol.iterator in Object(iter)) return Array.from(iter); }
function _arrayWithoutHoles(arr) { if (Array.isArray(arr)) return _arrayLikeToArray(arr); }
function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); if (enumerableOnly) symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; }); keys.push.apply(keys, symbols); } return keys; }
function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; if (i % 2) { ownKeys(Object(source), true).forEach(function (key) { _defineProperty(target, key, source[key]); }); } else if (Object.getOwnPropertyDescriptors) { Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)); } else { ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } } return target; }
function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
function _slicedToArray(arr, i) { return _arrayWithHoles(arr) || _iterableToArrayLimit(arr, i) || _unsupportedIterableToArray(arr, i) || _nonIterableRest(); }
function _nonIterableRest() { throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
function _unsupportedIterableToArray(o, minLen) { if (!o) return; if (typeof o === "string") return _arrayLikeToArray(o, minLen); var n = Object.prototype.toString.call(o).slice(8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return Array.from(n); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray(o, minLen); }
function _arrayLikeToArray(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) { arr2[i] = arr[i]; } return arr2; }
function _iterableToArrayLimit(arr, i) { if (typeof Symbol === "undefined" || !(Symbol.iterator in Object(arr))) return; var _arr = []; var _n = true; var _d = false; var _e = undefined; try { for (var _i = arr[Symbol.iterator](), _s; !(_n = (_s = _i.next()).done); _n = true) { _arr.push(_s.value); if (i && _arr.length === i) break; } } catch (err) { _d = true; _e = err; } finally { try { if (!_n && _i["return"] != null) _i["return"](); } finally { if (_d) throw _e; } } return _arr; }
function _arrayWithHoles(arr) { if (Array.isArray(arr)) return arr; }
function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }
function _defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } }
function _createClass(Constructor, protoProps, staticProps) { if (protoProps) _defineProperties(Constructor.prototype, protoProps); if (staticProps) _defineProperties(Constructor, staticProps); return Constructor; }
var UserManager = /*#__PURE__*/function () {
function UserManager() {
var _ref = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {},
clientId = _ref.clientId,
_ref$oauthDomain = _ref.oauthDomain,
oauthDomain = _ref$oauthDomain === void 0 ? _constants.DEFAULT_OAUTH_DOMAIN : _ref$oauthDomain,
_ref$adminDomain = _ref.adminDomain,
adminDomain = _ref$adminDomain === void 0 ? _constants.DEFAULT_ID_ADMIN_DOMAIN : _ref$adminDomain,
_ref$authorizationEnd = _ref.authorizationEndpoint,
authorizationEndpoint = _ref$authorizationEnd === void 0 ? _constants.DEFAULT_AUTHORIZATION_ENDPOINT : _ref$authorizationEnd,
_ref$tokenEndpoint = _ref.tokenEndpoint,
tokenEndpoint = _ref$tokenEndpoint === void 0 ? _constants.DEFAULT_TOKEN_ENDPOINT : _ref$tokenEndpoint,
_ref$refreshTokenEndp = _ref.refreshTokenEndpoint,
refreshTokenEndpoint = _ref$refreshTokenEndp === void 0 ? _constants.DEFAULT_REFRESH_TOKEN_ENDPOINT : _ref$refreshTokenEndp,
_ref$userInfoEndpoint = _ref.userInfoEndpoint,
userInfoEndpoint = _ref$userInfoEndpoint === void 0 ? _constants.DEFAULT_USERINFO_ENDPOINT : _ref$userInfoEndpoint,
_ref$logoutEndpoint = _ref.logoutEndpoint,
logoutEndpoint = _ref$logoutEndpoint === void 0 ? _constants.DEFAULT_LOGOUT_ENDPOINT : _ref$logoutEndpoint,
_ref$checkSessionEndp = _ref.checkSessionEndpoint,
checkSessionEndpoint = _ref$checkSessionEndp === void 0 ? _constants.DEFAULT_CHECK_SESSION_ENDPOINT : _ref$checkSessionEndp,
_ref$checkSessionIdEn = _ref.checkSessionIdEndpoint,
checkSessionIdEndpoint = _ref$checkSessionIdEn === void 0 ? _constants.DEFAULT_CHECK_SESSION_ID_ENDPOINT : _ref$checkSessionIdEn,
_ref$checkRoleAndPerm = _ref.checkRoleAndPermEndpoint,
checkRoleAndPermEndpoint = _ref$checkRoleAndPerm === void 0 ? _constants.DEFAULT_CHECK_ROLE_AND_PERM_ENDPOINT : _ref$checkRoleAndPerm,
_ref$redirectUri = _ref.redirectUri,
redirectUri = _ref$redirectUri === void 0 ? (0, _utils.currentLocation)() : _ref$redirectUri,
_ref$postLogoutRedire = _ref.postLogoutRedirectUri,
postLogoutRedirectUri = _ref$postLogoutRedire === void 0 ? (0, _utils.currentLocation)() : _ref$postLogoutRedire,
_ref$loginFailedCallb = _ref.loginFailedCallback,
loginFailedCallback = _ref$loginFailedCallb === void 0 ? null : _ref$loginFailedCallb,
_ref$scopes = _ref.scopes,
scopes = _ref$scopes === void 0 ? [] : _ref$scopes,
_ref$monitorSession = _ref.monitorSession,
monitorSession = _ref$monitorSession === void 0 ? false : _ref$monitorSession,
_ref$monitorSessionMe = _ref.monitorSessionMethod,
monitorSessionMethod = _ref$monitorSessionMe === void 0 ? _constants.DEFAULT_CHECK_SESSION_METHOD : _ref$monitorSessionMe,
_ref$silent = _ref.silent,
silent = _ref$silent === void 0 ? true : _ref$silent,
_ref$checkTokenRevoke = _ref.checkTokenRevoked,
checkTokenRevoked = _ref$checkTokenRevoke === void 0 ? false : _ref$checkTokenRevoke,
_ref$bffDomain = _ref.bffDomain,
bffDomain = _ref$bffDomain === void 0 ? null : _ref$bffDomain,
_ref$isCacheFullUserI = _ref.isCacheFullUserInfo,
isCacheFullUserInfo = _ref$isCacheFullUserI === void 0 ? false : _ref$isCacheFullUserI;
_classCallCheck(this, UserManager);
if (!clientId) throw new Error('Missing required field `clientId`');
this._clientId = clientId;
this._oauthDomain = oauthDomain;
this._adminDomain = adminDomain;
this._redirectUri = redirectUri;
this._monitorSession = monitorSession;
this._monitorSessionMethod = monitorSessionMethod;
this._silent = !!silent;
this._checkTokenRevoked = !!checkTokenRevoked;
this._useBFF = !!bffDomain;
this._bffDomain = bffDomain;
this._checkRoleAndPermEndpoint = adminDomain + checkRoleAndPermEndpoint;
this._isCacheFullUserInfo = !!isCacheFullUserInfo;
var parsedScopes = typeof scopes === 'string' ? scopes.split(' ') : scopes;
this._scopes = parsedScopes;
this._oidc = new _OidcClient["default"]({
clientId: clientId,
authorizationUri: oauthDomain + authorizationEndpoint,
accessTokenUri: oauthDomain + tokenEndpoint,
refreshTokenUri: (bffDomain || oauthDomain) + refreshTokenEndpoint,
logoutUri: oauthDomain + logoutEndpoint,
userInfoUri: oauthDomain + userInfoEndpoint,
checkSessionUri: oauthDomain + checkSessionEndpoint,
redirectUri: redirectUri,
postLogoutRedirectUri: postLogoutRedirectUri,
scopes: parsedScopes
});
this._stateStore = new _Storage["default"]({
prefix: 'tekoid.state.',
store: sessionStorage
});
this._userStore = new _Storage["default"]({
store: localStorage
});
this._userStoreKey = "user.".concat(clientId);
this._fullUserStoreKey = "fullUser.".concat(clientId);
this._userData = this._userStore.get(this._userStoreKey);
this._fullUserData = this._userStore.get(this._fullUserStoreKey);
this._events = new _UserEvents["default"]();
if (loginFailedCallback) {
this.events.addLoginFailed(loginFailedCallback);
} else {
this.events.addLoginFailed(function (err) {
console.log("Login failed: ".concat(err));
});
}
this._silentRenewService = new _SilentRenewService["default"](this);
if (this._monitorSession) {
if (this._useBFF) {
this._monitorSessionMethod = 'bff';
}
if (this._monitorSessionMethod === 'bff') {
this._checkSessionService = new _CheckSessionServiceBFF["default"](this, this._bffDomain + _constants.DEFAULT_CHECK_SESSION_BFF_ENDPOINT);
} else if (this._monitorSessionMethod === 'sessionId') {
this._checkSessionService = new _CheckSessionIdService["default"](this, oauthDomain + checkSessionIdEndpoint);
} else {
this._checkSessionService = new _CheckSessionServiceIframe["default"](this);
}
}
if (this.isLoggedIn() && this._silent) {
var user = this.loadUser();
this._silentRenewService.load(user);
}
}
_createClass(UserManager, [{
key: "isLoggedIn",
value: function isLoggedIn() {
var user = this.loadUser();
if (user.expired) return false;
return true;
}
}, {
key: "login",
value: function login() {
var redirectUri = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : null;
var additionalParams = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
var _this$_oidc$getAuthor = this._oidc.getAuthorizeUri(redirectUri, additionalParams),
_this$_oidc$getAuthor2 = _slicedToArray(_this$_oidc$getAuthor, 2),
loginUri = _this$_oidc$getAuthor2[0],
stateInfo = _this$_oidc$getAuthor2[1];
this._stateStore.set(stateInfo.state, stateInfo);
window.location.assign(loginUri);
}
}, {
key: "renewTokenUsingRefreshToken",
value: function () {
var _renewTokenUsingRefreshToken = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee() {
var storeData, newAccessTokenUri, response, jsonData, userData, error, err;
return regeneratorRuntime.wrap(function _callee$(_context) {
while (1) {
switch (_context.prev = _context.next) {
case 0:
if (!(!this._userData || !this._userData.refreshToken)) {
_context.next = 2;
break;
}
throw new Error('Missing refresh token');
case 2:
storeData = this._userStore.get(this._userStoreKey);
if (!(this._userData.refreshToken !== storeData.refreshToken)) {
_context.next = 5;
break;
}
return _context.abrupt("return");
case 5:
newAccessTokenUri = (0, _utils.removeTrailingSlash)(this._oauthDomain + _constants.DEFAULT_TOKEN_ENDPOINT);
_context.next = 8;
return fetch(newAccessTokenUri, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams({
grant_type: 'refresh_token',
client_id: this._clientId,
refresh_token: this._userData.refreshToken
})
});
case 8:
response = _context.sent;
if (!(response.status === 200)) {
_context.next = 15;
break;
}
_context.next = 12;
return response.json();
case 12:
jsonData = _context.sent;
userData = this._oidc._handleTokenResponse(jsonData);
return _context.abrupt("return", this._postHandleUserData(userData));
case 15:
_context.next = 17;
return response.json();
case 17:
error = _context.sent;
err = new Error(error.error || response.status);
this.events._raiseLoginFailedErr(err);
throw err;
case 21:
case "end":
return _context.stop();
}
}
}, _callee, this);
}));
function renewTokenUsingRefreshToken() {
return _renewTokenUsingRefreshToken.apply(this, arguments);
}
return renewTokenUsingRefreshToken;
}()
}, {
key: "loginCallback",
value: function () {
var _loginCallback = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee2(inputAuthUri) {
var uri, authUri, state, code, stateInfo, codeVerifier, _stateInfo$redirectUr, redirectUri, newRedirectUri, newBFFDomain, userData, _userData;
return regeneratorRuntime.wrap(function _callee2$(_context2) {
while (1) {
switch (_context2.prev = _context2.next) {
case 0:
uri = inputAuthUri || window.location.href;
authUri = new URL(uri);
state = authUri.searchParams.get('state');
code = authUri.searchParams.get('code');
stateInfo = this._stateStore.get(state);
if (!this._useBFF) {
_context2.next = 22;
break;
}
// TODO: Move to OidcClient
codeVerifier = stateInfo.codeVerifier, _stateInfo$redirectUr = stateInfo.redirectUri, redirectUri = _stateInfo$redirectUr === void 0 ? this._redirectUri : _stateInfo$redirectUr;
newRedirectUri = (0, _utils.removeTrailingSlash)(redirectUri);
newBFFDomain = (0, _utils.removeTrailingSlash)(this._bffDomain + _constants.DEFAULT_TOKEN_ENDPOINT);
_context2.prev = 9;
_context2.next = 12;
return fetch(newBFFDomain, {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
code: code,
code_verifier: codeVerifier,
redirect_uri: newRedirectUri,
client_id: this._clientId
}),
credentials: 'include'
}).then(function (res) {
return res.json();
}).then(this._oidc._handleTokenResponse);
case 12:
userData = _context2.sent;
return _context2.abrupt("return", this._postHandleUserData(userData));
case 16:
_context2.prev = 16;
_context2.t0 = _context2["catch"](9);
this.events._raiseLoginFailedErr(_context2.t0);
return _context2.abrupt("return", null);
case 20:
_context2.next = 33;
break;
case 22:
_context2.prev = 22;
_context2.next = 25;
return this._oidc.getToken(authUri.href, stateInfo);
case 25:
_userData = _context2.sent;
return _context2.abrupt("return", this._postHandleUserData(_userData));
case 29:
_context2.prev = 29;
_context2.t1 = _context2["catch"](22);
this.events._raiseLoginFailedErr(_context2.t1.message);
return _context2.abrupt("return", null);
case 33:
case "end":
return _context2.stop();
}
}
}, _callee2, this, [[9, 16], [22, 29]]);
}));
function loginCallback(_x) {
return _loginCallback.apply(this, arguments);
}
return loginCallback;
}()
}, {
key: "loginSilent",
value: function () {
var _loginSilent = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee3() {
return regeneratorRuntime.wrap(function _callee3$(_context3) {
while (1) {
switch (_context3.prev = _context3.next) {
case 0:
if (!this._useBFF) {
_context3.next = 5;
break;
}
_context3.next = 3;
return this._refreshTokenByBFF();
case 3:
_context3.next = 7;
break;
case 5:
_context3.next = 7;
return this._refreshTokenByIframe();
case 7:
case "end":
return _context3.stop();
}
}
}, _callee3, this);
}));
function loginSilent() {
return _loginSilent.apply(this, arguments);
}
return loginSilent;
}()
}, {
key: "_refreshTokenByIframe",
value: function () {
var _refreshTokenByIframe2 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee4() {
var _this = this;
var redirectUri, _this$_oidc$getAuthor3, _this$_oidc$getAuthor4, silentLoginUri, stateInfo, messageCallback, iframeWindow, authResponse, code, state, sessionState, authUri, userData;
return regeneratorRuntime.wrap(function _callee4$(_context4) {
while (1) {
switch (_context4.prev = _context4.next) {
case 0:
redirectUri = this._redirectUri || (0, _utils.currentLocation)();
_this$_oidc$getAuthor3 = this._oidc.getAuthorizeUri(redirectUri, {
prompt: 'none',
response_mode: 'simple_web_message'
}), _this$_oidc$getAuthor4 = _slicedToArray(_this$_oidc$getAuthor3, 2), silentLoginUri = _this$_oidc$getAuthor4[0], stateInfo = _this$_oidc$getAuthor4[1];
messageCallback = function messageCallback(e) {
if (e.origin !== _this._oauthDomain || e.source !== iframeWindow.frame.contentWindow) {
return Promise.resolve();
}
var _e$data = e.data,
type = _e$data.type,
response = _e$data.response;
if (!response || type !== 'authorization_response') {
return Promise.resolve();
}
e.source.close();
if (response.hasOwnProperty('error')) {
var error = response.error;
var errorDescription = response.error_description || '';
return Promise.reject(new Error("Silent exchange error: ".concat(error, " ").concat(errorDescription)));
} else if (response.hasOwnProperty('code') && response.hasOwnProperty('state')) {
var _state = response.state;
if (stateInfo.state === _state) {
return Promise.resolve(response);
} else {
return Promise.reject(new Error("Invalid authorization request state"));
}
}
};
iframeWindow = new _IframeWindow["default"]({
src: silentLoginUri,
origin: this._oauthDomain,
callback: messageCallback
});
_context4.next = 6;
return iframeWindow.listen();
case 6:
authResponse = _context4.sent;
code = authResponse.code, state = authResponse.state, sessionState = authResponse.session_state;
authUri = new URL(redirectUri);
authUri.searchParams.set('code', code);
authUri.searchParams.set('state', state);
sessionState && authUri.searchParams.set('session_state', sessionState);
_context4.prev = 12;
_context4.next = 15;
return this._oidc.getToken(authUri.href, stateInfo);
case 15:
userData = _context4.sent;
return _context4.abrupt("return", this._postHandleUserData(userData));
case 19:
_context4.prev = 19;
_context4.t0 = _context4["catch"](12);
this.events._raiseLoginFailedErr(_context4.t0.message);
return _context4.abrupt("return", null);
case 23:
case "end":
return _context4.stop();
}
}
}, _callee4, this, [[12, 19]]);
}));
function _refreshTokenByIframe() {
return _refreshTokenByIframe2.apply(this, arguments);
}
return _refreshTokenByIframe;
}()
}, {
key: "_refreshTokenByBFF",
value: function () {
var _refreshTokenByBFF2 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee5() {
var userData, _window$location, href, search, url;
return regeneratorRuntime.wrap(function _callee5$(_context5) {
while (1) {
switch (_context5.prev = _context5.next) {
case 0:
_context5.next = 2;
return this._oidc.refreshToken();
case 2:
userData = _context5.sent;
if (!userData.accessToken) {
_window$location = window.location, href = _window$location.href, search = _window$location.search;
url = new URL(href);
if (search.includes('error') && url.searchParams.get('error') === 'login_required') {
url.searchParams["delete"]('error');
window.history.replaceState(null, document.title, url.href);
} else {
this.login(null, {
prompt: 'none'
});
}
}
return _context5.abrupt("return", this._postHandleUserData(userData));
case 5:
case "end":
return _context5.stop();
}
}
}, _callee5, this);
}));
function _refreshTokenByBFF() {
return _refreshTokenByBFF2.apply(this, arguments);
}
return _refreshTokenByBFF;
}()
}, {
key: "_postHandleUserData",
value: function _postHandleUserData(userData) {
if (userData.expiresIn) {
delete userData.expiresIn;
}
this._userStore.set(this._userStoreKey, userData);
this._userData = userData;
this._events._raiseUserLoaded();
this._silent && this._silentRenewService.load(userData);
return new _User["default"](userData);
}
}, {
key: "logout",
value: function logout() {
var redirectUri = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : null;
var additionalParams = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
var user = this.loadUser();
if (!user.idToken) {
throw new Error('User already logout');
}
var logoutUri = this._oidc.getLogoutUri(redirectUri, _objectSpread({
id_token_hint: user.idToken
}, additionalParams));
this.unloadUser();
if (!user.expired) window.location.assign(logoutUri);
}
}, {
key: "loadUser",
value: function loadUser() {
var userData = this._userStore.get(this._userStoreKey);
var userDataFromMem = this._userData;
if (userData) {
return new _User["default"](userData);
} else {
return new _User["default"](userDataFromMem);
}
}
}, {
key: "unloadUser",
value: function unloadUser() {
// Remove user data from memory and storage
this._userStore.remove(this._userStoreKey);
this._userData = null; // Remove full user data from memory and storage
this._userStore.remove(this._fullUserStoreKey);
this._fullUserData = null;
}
}, {
key: "getUserInfo",
value: function getUserInfo() {
var user = this.loadUser();
if (user.expired) return undefined;
return user.profile;
}
}, {
key: "getFullUserInfo",
value: function () {
var _getFullUserInfo = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee7() {
var _this2 = this;
var adminDomain,
getUserPermissionsUri,
accessToken,
userInfoUri,
userInfoReq,
userPermissionsUri,
userPermissionsReq,
_args7 = arguments;
return regeneratorRuntime.wrap(function _callee7$(_context7) {
while (1) {
switch (_context7.prev = _context7.next) {
case 0:
adminDomain = _args7.length > 0 && _args7[0] !== undefined ? _args7[0] : null;
getUserPermissionsUri = function getUserPermissionsUri(oauthDomain) {
if (adminDomain) {
return adminDomain;
}
console.warn("Calling getFullUserInfo() without specific `adminDomain` may lead to incorrect data. Please use with caution.");
var _adminDomain = 'https://id-admin.tekoapis.com';
if (oauthDomain.includes('.test-1')) {
_adminDomain = 'https://id-admin.test-1.tekoapis.net';
} else if (oauthDomain.includes('.dev')) {
_adminDomain = 'https://id-admin.develop.tekoapis.net';
} else if (oauthDomain.includes('.stag')) {
_adminDomain = 'https://id-admin.stage.tekoapis.net';
}
return "".concat(_adminDomain, "/api/v1.0/users/me/roles_permissions");
};
accessToken = this.getAccessToken();
if (accessToken) {
_context7.next = 5;
break;
}
return _context7.abrupt("return", undefined);
case 5:
userInfoUri = this._oidc.getUserInfoUri();
userInfoReq = fetch(userInfoUri, {
headers: {
Authorization: 'Bearer ' + accessToken
}
}).then(function (res) {
return res.json();
});
userPermissionsUri = getUserPermissionsUri(this._oauthDomain);
userPermissionsReq = /*#__PURE__*/function () {
var _ref2 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee6() {
var scopes;
return regeneratorRuntime.wrap(function _callee6$(_context6) {
while (1) {
switch (_context6.prev = _context6.next) {
case 0:
scopes = _this2.getUserScopes();
if (!(!scopes || !scopes.includes('read:permissions'))) {
_context6.next = 3;
break;
}
return _context6.abrupt("return", Promise.resolve({}));
case 3:
return _context6.abrupt("return", fetch(userPermissionsUri, {
headers: {
Authorization: 'Bearer ' + accessToken
}
}).then(function (res) {
if (res.status === 200) return res.json();
return {};
}));
case 4:
case "end":
return _context6.stop();
}
}
}, _callee6);
}));
return function userPermissionsReq() {
return _ref2.apply(this, arguments);
};
}();
return _context7.abrupt("return", Promise.all([userInfoReq, userPermissionsReq()]).then(function (values) {
var _values = _slicedToArray(values, 2),
userInfoRes = _values[0],
userPermissionsRes = _values[1];
return _objectSpread({}, userInfoRes, {}, userPermissionsRes);
}));
case 10:
case "end":
return _context7.stop();
}
}
}, _callee7, this);
}));
function getFullUserInfo() {
return _getFullUserInfo.apply(this, arguments);
}
return getFullUserInfo;
}()
}, {
key: "cacheFullUserInfo",
value: function cacheFullUserInfo(fullUserData) {
this._userStore.set(this._fullUserStoreKey, fullUserData);
this._fullUserData = fullUserData;
}
}, {
key: "_ejectRolesAndPermissionsInfo",
value: function _ejectRolesAndPermissionsInfo(userData) {
var scopes = this.getUserScopes(); // If scopes did not include read:permissions then remove roles and permissions values
if (!scopes || !scopes.includes('read:permissions')) {
delete userData['roles'];
delete userData['permissions'];
}
}
}, {
key: "_getFullUserInfoFromCache",
value: function _getFullUserInfoFromCache() {
var user = this.loadUser();
if (user.expired) return undefined; // Check if full user data is already cached
var fullUserData = this._userStore.get(this._fullUserStoreKey);
var fullUserDataFromMem = this._fullUserData;
var rawFullUserData;
if (fullUserData) {
rawFullUserData = fullUserData;
}
if (fullUserDataFromMem) {
rawFullUserData = fullUserDataFromMem;
}
this._ejectRolesAndPermissionsInfo(rawFullUserData);
return rawFullUserData;
}
}, {
key: "getFullUserInfoWithCache",
value: function () {
var _getFullUserInfoWithCache = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee8() {
var fullUserDataFromCache, accessToken, userInfoUri, userInfoReq, fullUserInfo;
return regeneratorRuntime.wrap(function _callee8$(_context8) {
while (1) {
switch (_context8.prev = _context8.next) {
case 0:
fullUserDataFromCache = this._getFullUserInfoFromCache();
if (!fullUserDataFromCache) {
_context8.next = 3;
break;
}
return _context8.abrupt("return", fullUserDataFromCache);
case 3:
// No full user data is cached => fetch from API and cache the response
accessToken = this.getAccessToken();
if (accessToken) {
_context8.next = 6;
break;
}
return _context8.abrupt("return", undefined);
case 6:
userInfoUri = this._oidc.getUserInfoUri();
userInfoReq = fetch(userInfoUri, {
headers: {
Authorization: 'Bearer ' + accessToken
}
}).then(function (res) {
return res.json();
});
_context8.next = 10;
return userInfoReq;
case 10:
fullUserInfo = _context8.sent;
this.cacheFullUserInfo(fullUserInfo);
this._ejectRolesAndPermissionsInfo(fullUserInfo);
return _context8.abrupt("return", fullUserInfo);
case 14:
case "end":
return _context8.stop();
}
}
}, _callee8, this);
}));
function getFullUserInfoWithCache() {
return _getFullUserInfoWithCache.apply(this, arguments);
}
return getFullUserInfoWithCache;
}()
}, {
key: "getUserScopes",
value: function getUserScopes() {
var user = this.loadUser();
if (user.expired) return undefined;
return user.scopes;
}
}, {
key: "getAccessToken",
value: function getAccessToken() {
var user = this.loadUser();
if (user.expired) return undefined;
return user.accessToken;
}
}, {
key: "getAccessTokenExpiredAt",
value: function getAccessTokenExpiredAt() {
var user = this.loadUser();
if (user.expired) return undefined;
return user.expiresAt;
}
}, {
key: "handleAuthorizationError",
value: function handleAuthorizationError(inputAuthUri) {
var uri = inputAuthUri || window.location.href;
var authUri = new URL(uri);
var err = authUri.searchParams.get('error');
var state = authUri.searchParams.get('state');
var stateInfo = this._stateStore.get(state);
if (stateInfo && stateInfo.state === state) {
this.events._raiseLoginFailedErr(err);
}
}
}, {
key: "hasRoles",
value: function () {
var _hasRoles = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee9() {
var roles,
condition,
accessToken,
body,
hasRoles,
_args9 = arguments;
return regeneratorRuntime.wrap(function _callee9$(_context9) {
while (1) {
switch (_context9.prev = _context9.next) {
case 0:
roles = _args9.length > 0 && _args9[0] !== undefined ? _args9[0] : [];
condition = _args9.length > 1 && _args9[1] !== undefined ? _args9[1] : 'OR';
accessToken = this.getAccessToken();
body = JSON.stringify({
has_roles: {
roles: _toConsumableArray(roles),
condition: condition
}
});
_context9.next = 6;
return fetch(this._checkRoleAndPermEndpoint, {
method: 'POST',
headers: {
'Authorization': 'Bearer ' + accessToken,
'Content-Type': 'application/json'
},
body: body
});
case 6:
hasRoles = _context9.sent;
return _context9.abrupt("return", hasRoles.json());
case 8:
case "end":
return _context9.stop();
}
}
}, _callee9, this);
}));
function hasRoles() {
return _hasRoles.apply(this, arguments);
}
return hasRoles;
}()
}, {
key: "hasRole",
value: function () {
var _hasRole = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee10(role) {
var accessToken, body, hasRoles;
return regeneratorRuntime.wrap(function _callee10$(_context10) {
while (1) {
switch (_context10.prev = _context10.next) {
case 0:
accessToken = this.getAccessToken();
body = JSON.stringify({
has_roles: {
roles: [role]
}
});
_context10.next = 4;
return fetch(this._checkRoleAndPermEndpoint, {
method: 'POST',
headers: {
'Authorization': 'Bearer ' + accessToken,
'Content-Type': 'application/json'
},
body: body
});
case 4:
hasRoles = _context10.sent;
return _context10.abrupt("return", hasRoles.json());
case 6:
case "end":
return _context10.stop();
}
}
}, _callee10, this);
}));
function hasRole(_x2) {
return _hasRole.apply(this, arguments);
}
return hasRole;
}()
}, {
key: "hasPermission",
value: function () {
var _hasPermission = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee11(permission) {
var accessToken, body, hasPermissions;
return regeneratorRuntime.wrap(function _callee11$(_context11) {
while (1) {
switch (_context11.prev = _context11.next) {
case 0:
accessToken = this.getAccessToken();
body = JSON.stringify({
has_permissions: {
permissions: [permission]
}
});
_context11.next = 4;
return fetch(this._checkRoleAndPermEndpoint, {
method: 'POST',
headers: {
'Authorization': 'Bearer ' + accessToken,
'Content-Type': 'application/json'
},
body: body
});
case 4:
hasPermissions = _context11.sent;
return _context11.abrupt("return", hasPermissions.json());
case 6:
case "end":
return _context11.stop();
}
}
}, _callee11, this);
}));
function hasPermission(_x3) {
return _hasPermission.apply(this, arguments);
}
return hasPermission;
}()
}, {
key: "events",
get: function get() {
return this._events;
}
}]);
return UserManager;
}();
exports["default"] = UserManager;