@cimpress/simple-auth-wrapper - npm Package Compare versions

Comparing version 7.1.9 to 7.1.10

lib/PKCE.js

@@ -7,2 +7,4 @@ 'use strict';
 
+var _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; };
+
 var _sha = require('sha.js');
@@ -12,2 +14,6 @@
 
+var _qs = require('qs');
+
+var _qs2 = _interopRequireDefault(_qs);
+
 var _randombytes = require('randombytes');
@@ -291,3 +297,4 @@
         _ref3$nextUri = _ref3.nextUri,
-        nextUri = _ref3$nextUri === undefined ? window.location.href : _ref3$nextUri;
+        nextUri = _ref3$nextUri === undefined ? window.location.href : _ref3$nextUri,
+        authorizeParams = _ref3.authorizeParams;
 
@@ -299,13 +306,14 @@ var state = btoa(nextUri);
 
-    var url = 'https://' + _this.domain + '/authorize';
-    url += '?state=' + encodeURIComponent(state);
-    url += '&response_type=code';
-    url += '&client_id=' + _this.clientID;
-    url += '&audience=' + _this.audience;
-    url += '&code_challenge=' + challenge;
-    url += '&code_challenge_method=S256';
-    url += '&scope=' + encodeURIComponent(_this.scope);
-    url += '&redirect_uri=' + _this.redirectUri;
+    var queryStringParams = _extends({
+      state: state,
+      response_type: 'code',
+      client_id: _this.clientID,
+      audience: _this.audience,
+      code_challenge: challenge,
+      code_challenge_method: 'S256',
+      scope: _this.scope,
+      redirect_uri: _this.redirectUri
+    }, authorizeParams);
 
-    window.location = url;
+    window.location = 'https://' + _this.domain + '/authorize?' + _qs2.default.stringify(queryStringParams);
     return _Promise.resolve();
@@ -762,3 +770,3 @@ };
     var _ref13 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee10(sessionId) {
-      var profileExpiresAt, _profileData, profileResponse, profileData;
+      var profileExpiresAt, profileResponse, result, _result, _profileData, profileData;
 
@@ -770,18 +778,79 @@ return regeneratorRuntime.wrap(function _callee10$(_context10) {
               profileExpiresAt = localStorage.getItem('profileExpiresAt');
+              profileResponse = {};
 
               if (!(!profileExpiresAt || profileExpiresAt <= new Date().getTime())) {
-                _context10.next = 10;
+                _context10.next = 37;
                 break;
               }
 
-              _context10.next = 4;
-              return _this.fetchWithNoRetry(PROFILE_API_URL + '/me', {
+              _context10.prev = 3;
+              _context10.next = 6;
+              return fetch(PROFILE_API_URL + '/me', {
                 method: 'GET',
-                headers: new Headers({
-                  'x-session-id': sessionId
-                })
+                headers: new Headers({ 'x-session-id': sessionId })
               });
 
-            case 4:
+            case 6:
+              result = _context10.sent;
+
+              if (result.ok) {
+                _context10.next = 9;
+                break;
+              }
+
+              throw new Error();
+
+            case 9:
+              _context10.next = 11;
+              return result.json();
+
+            case 11:
               profileResponse = _context10.sent;
+              _context10.next = 27;
+              break;
+
+            case 14:
+              _context10.prev = 14;
+              _context10.t0 = _context10['catch'](3);
+
+              if (_this.sessionEnabled) {
+                _context10.next = 26;
+                break;
+              }
+
+              _context10.next = 19;
+              return fetch(PROFILE_API_URL + '/me', {
+                method: 'GET',
+                headers: new Headers({ Authorization: 'Bearer ' + localStorage.getItem('accessToken') })
+              });
+
+            case 19:
+              _result = _context10.sent;
+
+              if (!_result.ok) {
+                _context10.next = 24;
+                break;
+              }
+
+              _context10.next = 23;
+              return _result.json();
+
+            case 23:
+              profileResponse = _context10.sent;
+
+            case 24:
+              _context10.next = 27;
+              break;
+
+            case 26:
+              console.error('Error fetching profile - ', _context10.t0);
+
+            case 27:
+              _context10.prev = 27;
+
+              if (!profileResponse.canonicalId) {
+                _context10.next = 33;
+                break;
+              }
+
               profileData = (_profileData = {
@@ -794,13 +863,17 @@ canonicalId: profileResponse.canonicalId,
 
-
-              if (profileData.canonicalId) {
-                localStorage.setItem('profile', JSON.stringify(profileData));
-                localStorage.setItem('profileExpiresAt', new Date().getTime() + PROFILE_EXPIRY_TIME);
-              }
+              localStorage.setItem('profile', JSON.stringify(profileData));
+              localStorage.setItem('profileExpiresAt', new Date().getTime() + PROFILE_EXPIRY_TIME);
               return _context10.abrupt('return', profileData);
 
-            case 10:
+            case 33:
+              return _context10.abrupt('return', {});
+
+            case 35:
+              _context10.next = 38;
+              break;
+
+            case 37:
               return _context10.abrupt('return', JSON.parse(localStorage.getItem('profile')));
 
-            case 11:
+            case 38:
             case 'end':
@@ -810,3 +883,3 @@ return _context10.stop();
         }
-      }, _callee10, _this);
+      }, _callee10, _this, [[3, 14, 27, 35]]);
     }));
@@ -813,0 +886,0 @@

package.json

 {
   "name": "@cimpress/simple-auth-wrapper",
-  "version": "7.1.9",
+  "version": "7.1.10",
   "description": "A simple utility class to wrap basic Auth0 functionality",
@@ -22,2 +22,3 @@ "main": "lib/index.js",
     "lodash.merge": "^4.6.2",
+    "qs": "^6.10.1",
     "randombytes": "^2.1.0",
@@ -24,0 +25,0 @@ "regenerator-runtime": "^0.13.7",

src/PKCE.js

 import shaJs from 'sha.js'
+import qs from 'qs';
 import randomBytes from 'randombytes'
@@ -152,3 +153,3 @@ import merge from 'lodash.merge';
   // Generate the code verifier and code challenge and redirect the user to a centralized auth0 page
-  login = ({ nextUri = window.location.href } = {}) => {
+  login = ({ nextUri = window.location.href, authorizeParams } = {}) => {
     const state = btoa(nextUri);
@@ -159,13 +160,15 @@ const verifier = this.generateCodeVerifier()
 
-    var url = `https://${this.domain}/authorize`
-    url += `?state=${encodeURIComponent(state)}`
-    url += `&response_type=code`
-    url += `&client_id=${this.clientID}`
-    url += `&audience=${this.audience}`
-    url += `&code_challenge=${challenge}`
-    url += '&code_challenge_method=S256'
-    url += `&scope=${encodeURIComponent(this.scope)}`
-    url += `&redirect_uri=${this.redirectUri}`
+    let queryStringParams = {
+      state,
+      response_type: 'code',
+      client_id: this.clientID,
+      audience: this.audience,
+      code_challenge: challenge,
+      code_challenge_method: 'S256',
+      scope: this.scope,
+      redirect_uri: this.redirectUri,
+      ...authorizeParams
+    }
 
-    window.location = url;
+    window.location = `https://${this.domain}/authorize?${qs.stringify(queryStringParams)}`;
     return _Promise.resolve();
@@ -413,27 +416,42 @@ }
     const profileExpiresAt = localStorage.getItem('profileExpiresAt');
+    let profileResponse = {}
 
     if (!profileExpiresAt || profileExpiresAt <= new Date().getTime()) {
-      const profileResponse = await this.fetchWithNoRetry(`${PROFILE_API_URL}/me`, {
-        method: 'GET',
-        headers: new Headers({
-          'x-session-id': sessionId
+      try {
+        const result = await fetch(`${PROFILE_API_URL}/me`, {
+          method: 'GET',
+          headers: new Headers({ 'x-session-id': sessionId })
         })
-      });
-
-      const profileData = {
-        canonicalId: profileResponse.canonicalId,
-        email: profileResponse.email,
-        given_name: profileResponse.firstName,
-        family_name: profileResponse.lastName || "",
-        [ACCOUNT_ID_CLAIM]: profileResponse.accountId,
-        name: profileResponse.firstName + (profileResponse.lastName === undefined ? "" : " " + profileResponse.lastName),
-        picture: profileResponse.pictureURL,
-        [TEST_USER_CLAIM]: profileResponse.isTestUser
+        if (!result.ok) throw new Error()
+        profileResponse = await result.json()
       }
-
-      if (profileData.canonicalId) {
-        localStorage.setItem('profile', JSON.stringify(profileData));
-        localStorage.setItem('profileExpiresAt', new Date().getTime() + PROFILE_EXPIRY_TIME);
+      catch (err) {
+        if (!this.sessionEnabled) {
+          const result = await fetch(`${PROFILE_API_URL}/me`, {
+            method: 'GET',
+            headers: new Headers({ Authorization: 'Bearer ' + localStorage.getItem('accessToken') })
+          })
+          if (result.ok) { profileResponse = await result.json() }
+        } else {
+          console.error('Error fetching profile - ', err)
+        }
       }
-      return profileData;
+      finally {
+        if (profileResponse.canonicalId) {
+          const profileData = {
+            canonicalId: profileResponse.canonicalId,
+            email: profileResponse.email,
+            given_name: profileResponse.firstName,
+            family_name: profileResponse.lastName || "",
+            [ACCOUNT_ID_CLAIM]: profileResponse.accountId,
+            name: profileResponse.firstName + (profileResponse.lastName === undefined ? "" : " " + profileResponse.lastName),
+            picture: profileResponse.pictureURL,
+            [TEST_USER_CLAIM]: profileResponse.isTestUser
+          }
+          localStorage.setItem('profile', JSON.stringify(profileData));
+          localStorage.setItem('profileExpiresAt', new Date().getTime() + PROFILE_EXPIRY_TIME);
+          return profileData;
+        }
+        return {};
+      }
     } else {
@@ -478,3 +496,3 @@ return JSON.parse(localStorage.getItem('profile'));
 
-  refreshAccessTokenWrapper = async (isTokenRefreshedEventEmissionRequired=false) => {
+  refreshAccessTokenWrapper = async (isTokenRefreshedEventEmissionRequired = false) => {
     const tokenData = await this.refreshAccessToken();
@@ -494,3 +512,3 @@
       await this.patchSessionForAccessToken(tokenData.access_token);
-      if(isTokenRefreshedEventEmissionRequired) {
+      if (isTokenRefreshedEventEmissionRequired) {
         this.events.emit('tokenRefreshed');
@@ -511,3 +529,3 @@ }
     url += `&returnTo=${redirectUrl}`
-    if(logoutOfFederated){
+    if (logoutOfFederated) {
       url += '&federated'
@@ -514,0 +532,0 @@ }

test/pkce.test.js

@@ -255,3 +255,3 @@ import AuthorizationCodeGrantPKCE from '../src/PKCE.js';
   test("should check for profile_expires_at token's existence in local storage before calling an API with isTestUser:true", async () => {
-    fetchMock.mockResponseOnce(JSON.stringify({ name: 'test-user', isTestUser: true }));
+    fetchMock.mockResponseOnce(JSON.stringify({ canonicalId: 'test-user@gmail.com', name: 'test-user', isTestUser: true }));
 
@@ -308,2 +308,29 @@ return testModule
 
+  test("should return the profile information from the profile service when a sessionId is passed", async () => {
+
+    const testPKCE = new AuthorizationCodeGrantPKCE({ clientID: "fake-client-id", sessionEnabled: true })
+    fetchMock.mockResponseOnce(JSON.stringify({
+      email: 'test@cimpress.com',
+      canonicalId: 'test@cimpress.com',
+      firstName: 'test',
+      lastName: 'test',
+      accountId: 'test',
+      isTestUser: false,
+      name: 'test test',
+      pictureURL: 'test'
+    }))
+    // Expire the profile 2 hours earlier
+    window.localStorage.setItem('profileExpiresAt', new Date().getTime() - 7200000);
+    const profile = await testPKCE.getProfile('testSessionId')
+    expect(profile).toEqual({
+      email: 'test@cimpress.com',
+      canonicalId: 'test@cimpress.com',
+      family_name: 'test',
+      given_name: 'test',
+      'https://claims.cimpress.io/is_test_user': false,
+      'https://claims.cimpress.io/account': 'test',
+      name: 'test test',
+      picture: 'test'
+    })
+  });
 });
@@ -446,3 +473,3 @@
     const patchSessionForAccessTokenSpy = jest.spyOn(testModule, "patchSessionForAccessToken");
-    const eventSpy = jest.spyOn(testModule.events,"emit")
+    const eventSpy = jest.spyOn(testModule.events, "emit")
 
@@ -557,3 +584,3 @@ return testModule
       expect(refreshAccessTokenWrapperSpy).toHaveBeenCalledWith(true);
-    });  
+    });
   });
@@ -639,3 +666,49 @@
   });
-  
+  test("should return the profile information from the profile service when a sessionId is passed", async () => {
+    const testPKCE = new AuthorizationCodeGrantPKCE({ clientID: "fake-client-id", sessionEnabled: false })
+    fetchMock.mockResponseOnce(JSON.stringify({
+      email: 'test@cimpress.com',
+      canonicalId: 'test@cimpress.com',
+      firstName: 'test',
+      lastName: 'test',
+      accountId: 'test',
+      isTestUser: false,
+      name: 'test test',
+      pictureURL: 'test'
+    }))
+    // Expire the profile 2 hours earlier
+    window.localStorage.setItem('profileExpiresAt', new Date().getTime() - 7200000);
+    const profile = await testPKCE.getProfile('testSessionId')
+    expect(profile).toEqual({
+      email: 'test@cimpress.com',
+      canonicalId: 'test@cimpress.com',
+      family_name: 'test',
+      given_name: 'test',
+      'https://claims.cimpress.io/is_test_user': false,
+      'https://claims.cimpress.io/account': 'test',
+      name: 'test test',
+      picture: 'test'
+    })
+  });
+
+  test("should return the profile information from the profile service when a sessionId is passed", async () => {
+    const testPKCE = new AuthorizationCodeGrantPKCE({ clientID: "fake-client-id", sessionEnabled: true, requireIDToken: true })
+    fetch
+      .mockRejectOnce(new Error('fake error message'))
+      .once(JSON.stringify({
+        email: 'test@cimpress.com',
+        canonicalId: 'test@cimpress.com',
+        firstName: 'test',
+        lastName: 'test',
+        accountId: 'test',
+        isTestUser: false,
+        name: 'test test',
+        pictureURL: 'test'
+      }))
+
+    // Expire the profile 2 hours earlier
+    window.localStorage.setItem('profileExpiresAt', new Date().getTime() - 7200000);
+    const profile = await testPKCE.getProfile('testSessionId')
+    expect(profile).toEqual({})
+  });
 });
@@ -778,3 +851,3 @@
     const patchSessionForAccessTokenSpy = jest.spyOn(testModule, "patchSessionForAccessToken");
-    const eventSpy = jest.spyOn(testModule.events,"emit")
+    const eventSpy = jest.spyOn(testModule.events, "emit")
     return testModule
@@ -915,2 +988,58 @@ .ensureAuthentication()
 
+  test("should return the profile information from the profile service when a sessionId is passed", async () => {
+    const testPKCE = new AuthorizationCodeGrantPKCE({ clientID: "fake-client-id", sessionEnabled: false, requireIDToken: true })
+    fetchMock.mockResponseOnce(JSON.stringify({
+      email: 'test@cimpress.com',
+      canonicalId: 'test@cimpress.com',
+      firstName: 'test',
+      lastName: 'test',
+      accountId: 'test',
+      isTestUser: false,
+      name: 'test test',
+      pictureURL: 'test'
+    }))
+    // Expire the profile 2 hours earlier
+    window.localStorage.setItem('profileExpiresAt', new Date().getTime() - 7200000);
+    const profile = await testPKCE.getProfile('testSessionId')
+    expect(profile).toEqual({
+      email: 'test@cimpress.com',
+      canonicalId: 'test@cimpress.com',
+      family_name: 'test',
+      given_name: 'test',
+      'https://claims.cimpress.io/is_test_user': false,
+      'https://claims.cimpress.io/account': 'test',
+      name: 'test test',
+      picture: 'test'
+
+    })
+  });
+  test("should fallback to token method and return the profile information from the profile service", async () => {
+    const testPKCE = new AuthorizationCodeGrantPKCE({ clientID: "fake-client-id", sessionEnabled: false, requireIDToken: true })
+    fetch
+      .mockRejectOnce(new Error('fake error message'))
+      .once(JSON.stringify({
+        email: 'test@cimpress.com',
+        canonicalId: 'test@cimpress.com',
+        firstName: 'test',
+        lastName: 'test',
+        accountId: 'test',
+        isTestUser: false,
+        name: 'test test',
+        pictureURL: 'test'
+      }))
+
+    // Expire the profile 2 hours earlier
+    window.localStorage.setItem('profileExpiresAt', new Date().getTime() - 7200000);
+    const profile = await testPKCE.getProfile('testSessionId')
+    expect(profile).toEqual({
+      email: 'test@cimpress.com',
+      canonicalId: 'test@cimpress.com',
+      family_name: 'test',
+      given_name: 'test',
+      'https://claims.cimpress.io/is_test_user': false,
+      'https://claims.cimpress.io/account': 'test',
+      name: 'test test',
+      picture: 'test'
+    })
+  });
 });

No alert changes

Improved metrics

Total package byte prevSize

285407

increased by3.3%

Lines of code

4046

increased by5.15%

Worsened metrics

Dependency count

8

increased by14.29%

Number of medium supply chain risk alerts

15

increased by66.67%

Dependency changes

• + Addedqs@^6.10.1