New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@esri/arcgis-rest-auth
Advanced tools
@esri/arcgis-rest-auth - npm Package Compare versions
Comparing version 2.19.2 to 2.20.0
@@ -172,2 +172,18 @@ /// <reference types="node" /> | ||
| /** | ||
| * The current ArcGIS Online or ArcGIS Enterprise `token`. | ||
| */ | ||
| get token(): string; | ||
| /** | ||
| * The expiration time of the current `token`. | ||
| */ | ||
| get tokenExpires(): Date; | ||
| /** | ||
| * The current token to ArcGIS Online or ArcGIS Enterprise. | ||
| */ | ||
| get refreshToken(): string; | ||
| /** | ||
| * The expiration time of the current `refreshToken`. | ||
| */ | ||
| get refreshTokenExpires(): Date; | ||
| /** | ||
| * Begins a new browser-based OAuth 2.0 sign in. If `options.popup` is `true` the | ||
@@ -190,2 +206,12 @@ * authentication window will open in a new tab/window otherwise the user will | ||
| /** | ||
| * Request session information from the parent application | ||
| * | ||
| * When an application is embedded into another application via an IFrame, the embedded app can | ||
| * use `window.postMessage` to request credentials from the host application. | ||
| * | ||
| * @param parentOrigin origin of the parent frame. Passed into the embedded application as `parentOrigin` query param | ||
| * @browserOnly | ||
| */ | ||
| static fromParent(parentOrigin: string, win?: any): Promise<any>; | ||
| /** | ||
| * Begins a new server-based OAuth 2.0 sign in. This will redirect the user to | ||
@@ -219,2 +245,7 @@ * the ArcGIS Online or ArcGIS Enterprise authorization page. | ||
| /** | ||
| * Handle the response from the parent | ||
| * @param event DOM Event | ||
| */ | ||
| private static parentMessageHandler; | ||
| /** | ||
| * Client ID being used for authentication if provided in the `constructor`. | ||
@@ -285,18 +316,3 @@ */ | ||
| private trustedServers; | ||
| /** | ||
| * The current ArcGIS Online or ArcGIS Enterprise `token`. | ||
| */ | ||
| get token(): string; | ||
| /** | ||
| * The expiration time of the current `token`. | ||
| */ | ||
| get tokenExpires(): Date; | ||
| /** | ||
| * The current token to ArcGIS Online or ArcGIS Enterprise. | ||
| */ | ||
| get refreshToken(): string; | ||
| /** | ||
| * The expiration time of the current `refreshToken`. | ||
| */ | ||
| get refreshTokenExpires(): Date; | ||
| private _hostHandler; | ||
| constructor(options: IUserSessionOptions); | ||
@@ -349,2 +365,18 @@ /** | ||
| /** | ||
| * For a "Host" app that embeds other platform apps via iframes, after authenticating the user | ||
| * and creating a UserSession, the app can then enable "post message" style authentication by calling | ||
| * this method. | ||
| * | ||
| * Internally this adds an event listener on window for the `message` event | ||
| * | ||
| * @param validChildOrigins Array of origins that are allowed to request authentication from the host app | ||
| */ | ||
| enablePostMessageAuth(validChildOrigins: string[], win?: any): any; | ||
| /** | ||
| * For a "Host" app that has embedded other platform apps via iframes, when the host needs | ||
| * to transition routes, it should call `UserSession.disablePostMessageAuth()` to remove | ||
| * the event listener and prevent memory leaks | ||
| */ | ||
| disablePostMessageAuth(win?: any): void; | ||
| /** | ||
| * Manually refreshes the current `token` and `tokenExpires`. | ||
@@ -360,2 +392,9 @@ */ | ||
| /** | ||
| * Return a function that closes over the validOrigins array and | ||
| * can be used as an event handler for the `message` event | ||
| * | ||
| * @param validOrigins Array of valid origins | ||
| */ | ||
| private createPostMessageHandler; | ||
| /** | ||
| * Validates that a given URL is properly federated with our current `portal`. | ||
@@ -362,0 +401,0 @@ * Attempts to use the internal `trustedServers` cache first. |
@@ -80,2 +80,42 @@ /* Copyright (c) 2017-2019 Environmental Systems Research Institute, Inc. | ||
| } | ||
| Object.defineProperty(UserSession.prototype, "token", { | ||
| /** | ||
| * The current ArcGIS Online or ArcGIS Enterprise `token`. | ||
| */ | ||
| get: function () { | ||
| return this._token; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "tokenExpires", { | ||
| /** | ||
| * The expiration time of the current `token`. | ||
| */ | ||
| get: function () { | ||
| return this._tokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshToken", { | ||
| /** | ||
| * The current token to ArcGIS Online or ArcGIS Enterprise. | ||
| */ | ||
| get: function () { | ||
| return this._refreshToken; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshTokenExpires", { | ||
| /** | ||
| * The expiration time of the current `refreshToken`. | ||
| */ | ||
| get: function () { | ||
| return this._refreshTokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| /** | ||
@@ -214,2 +254,43 @@ * Begins a new browser-based OAuth 2.0 sign in. If `options.popup` is `true` the | ||
| /** | ||
| * Request session information from the parent application | ||
| * | ||
| * When an application is embedded into another application via an IFrame, the embedded app can | ||
| * use `window.postMessage` to request credentials from the host application. | ||
| * | ||
| * @param parentOrigin origin of the parent frame. Passed into the embedded application as `parentOrigin` query param | ||
| * @browserOnly | ||
| */ | ||
| UserSession.fromParent = function (parentOrigin, win) { | ||
| /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */ | ||
| if (!win && window) { | ||
| win = window; | ||
| } | ||
| // Declar handler outside of promise scope so we can detach it | ||
| var handler; | ||
| // return a promise that will resolve when the handler recieves | ||
| // session information from the correct origin | ||
| return new Promise(function (resolve, reject) { | ||
| // create an event handler that just wraps the parentMessageHandler | ||
| handler = function (event) { | ||
| // ensure we only listen to events from the specified parent | ||
| // if the origin is not the parent origin, we don't send any response | ||
| if (event.origin === parentOrigin) { | ||
| try { | ||
| return resolve(UserSession.parentMessageHandler(event)); | ||
| } | ||
| catch (err) { | ||
| return reject(err); | ||
| } | ||
| } | ||
| }; | ||
| // add listener | ||
| win.addEventListener('message', handler, false); | ||
| win.parent.postMessage({ type: 'arcgis:auth:requestCredential' }, parentOrigin); | ||
| }) | ||
| .then(function (session) { | ||
| win.removeEventListener('message', handler, false); | ||
| return session; | ||
| }); | ||
| }; | ||
| /** | ||
| * Begins a new server-based OAuth 2.0 sign in. This will redirect the user to | ||
@@ -300,43 +381,18 @@ * the ArcGIS Online or ArcGIS Enterprise authorization page. | ||
| }; | ||
| Object.defineProperty(UserSession.prototype, "token", { | ||
| /** | ||
| * The current ArcGIS Online or ArcGIS Enterprise `token`. | ||
| */ | ||
| get: function () { | ||
| return this._token; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "tokenExpires", { | ||
| /** | ||
| * The expiration time of the current `token`. | ||
| */ | ||
| get: function () { | ||
| return this._tokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshToken", { | ||
| /** | ||
| * The current token to ArcGIS Online or ArcGIS Enterprise. | ||
| */ | ||
| get: function () { | ||
| return this._refreshToken; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshTokenExpires", { | ||
| /** | ||
| * The expiration time of the current `refreshToken`. | ||
| */ | ||
| get: function () { | ||
| return this._refreshTokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| /** | ||
| * Handle the response from the parent | ||
| * @param event DOM Event | ||
| */ | ||
| UserSession.parentMessageHandler = function (event) { | ||
| if (event.data.type === 'arcgis:auth:credential') { | ||
| return UserSession.fromCredential(event.data.credential); | ||
| } | ||
| if (event.data.type === 'arcgis:auth:rejected') { | ||
| throw new Error(event.data.message); | ||
| } | ||
| else { | ||
| throw new Error('Unknown message type.'); | ||
| } | ||
| }; | ||
| /** | ||
| * Returns authentication in a format useable in the [ArcGIS API for JavaScript](https://developers.arcgis.com/javascript/). | ||
@@ -452,2 +508,31 @@ * | ||
| /** | ||
| * For a "Host" app that embeds other platform apps via iframes, after authenticating the user | ||
| * and creating a UserSession, the app can then enable "post message" style authentication by calling | ||
| * this method. | ||
| * | ||
| * Internally this adds an event listener on window for the `message` event | ||
| * | ||
| * @param validChildOrigins Array of origins that are allowed to request authentication from the host app | ||
| */ | ||
| UserSession.prototype.enablePostMessageAuth = function (validChildOrigins, win) { | ||
| /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */ | ||
| if (!win && window) { | ||
| win = window; | ||
| } | ||
| this._hostHandler = this.createPostMessageHandler(validChildOrigins); | ||
| win.addEventListener('message', this._hostHandler, false); | ||
| }; | ||
| /** | ||
| * For a "Host" app that has embedded other platform apps via iframes, when the host needs | ||
| * to transition routes, it should call `UserSession.disablePostMessageAuth()` to remove | ||
| * the event listener and prevent memory leaks | ||
| */ | ||
| UserSession.prototype.disablePostMessageAuth = function (win) { | ||
| /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */ | ||
| if (!win && window) { | ||
| win = window; | ||
| } | ||
| win.removeEventListener('message', this._hostHandler, false); | ||
| }; | ||
| /** | ||
| * Manually refreshes the current `token` and `tokenExpires`. | ||
@@ -480,2 +565,25 @@ */ | ||
| /** | ||
| * Return a function that closes over the validOrigins array and | ||
| * can be used as an event handler for the `message` event | ||
| * | ||
| * @param validOrigins Array of valid origins | ||
| */ | ||
| UserSession.prototype.createPostMessageHandler = function (validOrigins) { | ||
| var _this = this; | ||
| // return a function that closes over the validOrigins and | ||
| // has access to the credential | ||
| return function (event) { | ||
| // Note: do not use regex's here. validOrigins is an array so we're checking that the event's origin | ||
| // is in the array via exact match. More info about avoiding postMessave xss issues here | ||
| // https://jlajara.gitlab.io/web/2020/07/17/Dom_XSS_PostMessage_2.html#tipsbypasses-in-postmessage-vulnerabilities | ||
| if (validOrigins.indexOf(event.origin) > -1) { | ||
| var credential = _this.toCredential(); | ||
| event.source.postMessage({ type: 'arcgis:auth:credential', credential: credential }, event.origin); | ||
| } | ||
| else { | ||
| event.source.postMessage({ type: 'arcgis:auth:rejected', message: "Rejected authentication request." }, event.origin); | ||
| } | ||
| }; | ||
| }; | ||
| /** | ||
| * Validates that a given URL is properly federated with our current `portal`. | ||
@@ -482,0 +590,0 @@ * Attempts to use the internal `trustedServers` cache first. |
@@ -83,2 +83,42 @@ "use strict"; | ||
| } | ||
| Object.defineProperty(UserSession.prototype, "token", { | ||
| /** | ||
| * The current ArcGIS Online or ArcGIS Enterprise `token`. | ||
| */ | ||
| get: function () { | ||
| return this._token; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "tokenExpires", { | ||
| /** | ||
| * The expiration time of the current `token`. | ||
| */ | ||
| get: function () { | ||
| return this._tokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshToken", { | ||
| /** | ||
| * The current token to ArcGIS Online or ArcGIS Enterprise. | ||
| */ | ||
| get: function () { | ||
| return this._refreshToken; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshTokenExpires", { | ||
| /** | ||
| * The expiration time of the current `refreshToken`. | ||
| */ | ||
| get: function () { | ||
| return this._refreshTokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| /** | ||
@@ -217,2 +257,43 @@ * Begins a new browser-based OAuth 2.0 sign in. If `options.popup` is `true` the | ||
| /** | ||
| * Request session information from the parent application | ||
| * | ||
| * When an application is embedded into another application via an IFrame, the embedded app can | ||
| * use `window.postMessage` to request credentials from the host application. | ||
| * | ||
| * @param parentOrigin origin of the parent frame. Passed into the embedded application as `parentOrigin` query param | ||
| * @browserOnly | ||
| */ | ||
| UserSession.fromParent = function (parentOrigin, win) { | ||
| /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */ | ||
| if (!win && window) { | ||
| win = window; | ||
| } | ||
| // Declar handler outside of promise scope so we can detach it | ||
| var handler; | ||
| // return a promise that will resolve when the handler recieves | ||
| // session information from the correct origin | ||
| return new Promise(function (resolve, reject) { | ||
| // create an event handler that just wraps the parentMessageHandler | ||
| handler = function (event) { | ||
| // ensure we only listen to events from the specified parent | ||
| // if the origin is not the parent origin, we don't send any response | ||
| if (event.origin === parentOrigin) { | ||
| try { | ||
| return resolve(UserSession.parentMessageHandler(event)); | ||
| } | ||
| catch (err) { | ||
| return reject(err); | ||
| } | ||
| } | ||
| }; | ||
| // add listener | ||
| win.addEventListener('message', handler, false); | ||
| win.parent.postMessage({ type: 'arcgis:auth:requestCredential' }, parentOrigin); | ||
| }) | ||
| .then(function (session) { | ||
| win.removeEventListener('message', handler, false); | ||
| return session; | ||
| }); | ||
| }; | ||
| /** | ||
| * Begins a new server-based OAuth 2.0 sign in. This will redirect the user to | ||
@@ -303,43 +384,18 @@ * the ArcGIS Online or ArcGIS Enterprise authorization page. | ||
| }; | ||
| Object.defineProperty(UserSession.prototype, "token", { | ||
| /** | ||
| * The current ArcGIS Online or ArcGIS Enterprise `token`. | ||
| */ | ||
| get: function () { | ||
| return this._token; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "tokenExpires", { | ||
| /** | ||
| * The expiration time of the current `token`. | ||
| */ | ||
| get: function () { | ||
| return this._tokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshToken", { | ||
| /** | ||
| * The current token to ArcGIS Online or ArcGIS Enterprise. | ||
| */ | ||
| get: function () { | ||
| return this._refreshToken; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshTokenExpires", { | ||
| /** | ||
| * The expiration time of the current `refreshToken`. | ||
| */ | ||
| get: function () { | ||
| return this._refreshTokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| /** | ||
| * Handle the response from the parent | ||
| * @param event DOM Event | ||
| */ | ||
| UserSession.parentMessageHandler = function (event) { | ||
| if (event.data.type === 'arcgis:auth:credential') { | ||
| return UserSession.fromCredential(event.data.credential); | ||
| } | ||
| if (event.data.type === 'arcgis:auth:rejected') { | ||
| throw new Error(event.data.message); | ||
| } | ||
| else { | ||
| throw new Error('Unknown message type.'); | ||
| } | ||
| }; | ||
| /** | ||
| * Returns authentication in a format useable in the [ArcGIS API for JavaScript](https://developers.arcgis.com/javascript/). | ||
@@ -455,2 +511,31 @@ * | ||
| /** | ||
| * For a "Host" app that embeds other platform apps via iframes, after authenticating the user | ||
| * and creating a UserSession, the app can then enable "post message" style authentication by calling | ||
| * this method. | ||
| * | ||
| * Internally this adds an event listener on window for the `message` event | ||
| * | ||
| * @param validChildOrigins Array of origins that are allowed to request authentication from the host app | ||
| */ | ||
| UserSession.prototype.enablePostMessageAuth = function (validChildOrigins, win) { | ||
| /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */ | ||
| if (!win && window) { | ||
| win = window; | ||
| } | ||
| this._hostHandler = this.createPostMessageHandler(validChildOrigins); | ||
| win.addEventListener('message', this._hostHandler, false); | ||
| }; | ||
| /** | ||
| * For a "Host" app that has embedded other platform apps via iframes, when the host needs | ||
| * to transition routes, it should call `UserSession.disablePostMessageAuth()` to remove | ||
| * the event listener and prevent memory leaks | ||
| */ | ||
| UserSession.prototype.disablePostMessageAuth = function (win) { | ||
| /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */ | ||
| if (!win && window) { | ||
| win = window; | ||
| } | ||
| win.removeEventListener('message', this._hostHandler, false); | ||
| }; | ||
| /** | ||
| * Manually refreshes the current `token` and `tokenExpires`. | ||
@@ -483,2 +568,25 @@ */ | ||
| /** | ||
| * Return a function that closes over the validOrigins array and | ||
| * can be used as an event handler for the `message` event | ||
| * | ||
| * @param validOrigins Array of valid origins | ||
| */ | ||
| UserSession.prototype.createPostMessageHandler = function (validOrigins) { | ||
| var _this = this; | ||
| // return a function that closes over the validOrigins and | ||
| // has access to the credential | ||
| return function (event) { | ||
| // Note: do not use regex's here. validOrigins is an array so we're checking that the event's origin | ||
| // is in the array via exact match. More info about avoiding postMessave xss issues here | ||
| // https://jlajara.gitlab.io/web/2020/07/17/Dom_XSS_PostMessage_2.html#tipsbypasses-in-postmessage-vulnerabilities | ||
| if (validOrigins.indexOf(event.origin) > -1) { | ||
| var credential = _this.toCredential(); | ||
| event.source.postMessage({ type: 'arcgis:auth:credential', credential: credential }, event.origin); | ||
| } | ||
| else { | ||
| event.source.postMessage({ type: 'arcgis:auth:rejected', message: "Rejected authentication request." }, event.origin); | ||
| } | ||
| }; | ||
| }; | ||
| /** | ||
| * Validates that a given URL is properly federated with our current `portal`. | ||
@@ -485,0 +593,0 @@ * Attempts to use the internal `trustedServers` cache first. |
| /* @preserve | ||
| * @esri/arcgis-rest-auth - v2.19.2 - Apache-2.0 | ||
| * @esri/arcgis-rest-auth - v2.20.0 - Apache-2.0 | ||
| * Copyright (c) 2017-2020 Esri, Inc. | ||
| * Tue Oct 13 2020 09:43:00 GMT-0600 (Mountain Daylight Time) | ||
| * Tue Oct 20 2020 10:34:01 GMT-0600 (Mountain Daylight Time) | ||
| */ | ||
@@ -244,2 +244,42 @@ (function (global, factory) { | ||
| } | ||
| Object.defineProperty(UserSession.prototype, "token", { | ||
| /** | ||
| * The current ArcGIS Online or ArcGIS Enterprise `token`. | ||
| */ | ||
| get: function () { | ||
| return this._token; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "tokenExpires", { | ||
| /** | ||
| * The expiration time of the current `token`. | ||
| */ | ||
| get: function () { | ||
| return this._tokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshToken", { | ||
| /** | ||
| * The current token to ArcGIS Online or ArcGIS Enterprise. | ||
| */ | ||
| get: function () { | ||
| return this._refreshToken; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshTokenExpires", { | ||
| /** | ||
| * The expiration time of the current `refreshToken`. | ||
| */ | ||
| get: function () { | ||
| return this._refreshTokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| /** | ||
@@ -378,2 +418,43 @@ * Begins a new browser-based OAuth 2.0 sign in. If `options.popup` is `true` the | ||
| /** | ||
| * Request session information from the parent application | ||
| * | ||
| * When an application is embedded into another application via an IFrame, the embedded app can | ||
| * use `window.postMessage` to request credentials from the host application. | ||
| * | ||
| * @param parentOrigin origin of the parent frame. Passed into the embedded application as `parentOrigin` query param | ||
| * @browserOnly | ||
| */ | ||
| UserSession.fromParent = function (parentOrigin, win) { | ||
| /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */ | ||
| if (!win && window) { | ||
| win = window; | ||
| } | ||
| // Declar handler outside of promise scope so we can detach it | ||
| var handler; | ||
| // return a promise that will resolve when the handler recieves | ||
| // session information from the correct origin | ||
| return new Promise(function (resolve, reject) { | ||
| // create an event handler that just wraps the parentMessageHandler | ||
| handler = function (event) { | ||
| // ensure we only listen to events from the specified parent | ||
| // if the origin is not the parent origin, we don't send any response | ||
| if (event.origin === parentOrigin) { | ||
| try { | ||
| return resolve(UserSession.parentMessageHandler(event)); | ||
| } | ||
| catch (err) { | ||
| return reject(err); | ||
| } | ||
| } | ||
| }; | ||
| // add listener | ||
| win.addEventListener('message', handler, false); | ||
| win.parent.postMessage({ type: 'arcgis:auth:requestCredential' }, parentOrigin); | ||
| }) | ||
| .then(function (session) { | ||
| win.removeEventListener('message', handler, false); | ||
| return session; | ||
| }); | ||
| }; | ||
| /** | ||
| * Begins a new server-based OAuth 2.0 sign in. This will redirect the user to | ||
@@ -464,43 +545,18 @@ * the ArcGIS Online or ArcGIS Enterprise authorization page. | ||
| }; | ||
| Object.defineProperty(UserSession.prototype, "token", { | ||
| /** | ||
| * The current ArcGIS Online or ArcGIS Enterprise `token`. | ||
| */ | ||
| get: function () { | ||
| return this._token; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "tokenExpires", { | ||
| /** | ||
| * The expiration time of the current `token`. | ||
| */ | ||
| get: function () { | ||
| return this._tokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshToken", { | ||
| /** | ||
| * The current token to ArcGIS Online or ArcGIS Enterprise. | ||
| */ | ||
| get: function () { | ||
| return this._refreshToken; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| Object.defineProperty(UserSession.prototype, "refreshTokenExpires", { | ||
| /** | ||
| * The expiration time of the current `refreshToken`. | ||
| */ | ||
| get: function () { | ||
| return this._refreshTokenExpires; | ||
| }, | ||
| enumerable: false, | ||
| configurable: true | ||
| }); | ||
| /** | ||
| * Handle the response from the parent | ||
| * @param event DOM Event | ||
| */ | ||
| UserSession.parentMessageHandler = function (event) { | ||
| if (event.data.type === 'arcgis:auth:credential') { | ||
| return UserSession.fromCredential(event.data.credential); | ||
| } | ||
| if (event.data.type === 'arcgis:auth:rejected') { | ||
| throw new Error(event.data.message); | ||
| } | ||
| else { | ||
| throw new Error('Unknown message type.'); | ||
| } | ||
| }; | ||
| /** | ||
| * Returns authentication in a format useable in the [ArcGIS API for JavaScript](https://developers.arcgis.com/javascript/). | ||
@@ -616,2 +672,31 @@ * | ||
| /** | ||
| * For a "Host" app that embeds other platform apps via iframes, after authenticating the user | ||
| * and creating a UserSession, the app can then enable "post message" style authentication by calling | ||
| * this method. | ||
| * | ||
| * Internally this adds an event listener on window for the `message` event | ||
| * | ||
| * @param validChildOrigins Array of origins that are allowed to request authentication from the host app | ||
| */ | ||
| UserSession.prototype.enablePostMessageAuth = function (validChildOrigins, win) { | ||
| /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */ | ||
| if (!win && window) { | ||
| win = window; | ||
| } | ||
| this._hostHandler = this.createPostMessageHandler(validChildOrigins); | ||
| win.addEventListener('message', this._hostHandler, false); | ||
| }; | ||
| /** | ||
| * For a "Host" app that has embedded other platform apps via iframes, when the host needs | ||
| * to transition routes, it should call `UserSession.disablePostMessageAuth()` to remove | ||
| * the event listener and prevent memory leaks | ||
| */ | ||
| UserSession.prototype.disablePostMessageAuth = function (win) { | ||
| /* istanbul ignore next: must pass in a mockwindow for tests so we can't cover the other branch */ | ||
| if (!win && window) { | ||
| win = window; | ||
| } | ||
| win.removeEventListener('message', this._hostHandler, false); | ||
| }; | ||
| /** | ||
| * Manually refreshes the current `token` and `tokenExpires`. | ||
@@ -644,2 +729,25 @@ */ | ||
| /** | ||
| * Return a function that closes over the validOrigins array and | ||
| * can be used as an event handler for the `message` event | ||
| * | ||
| * @param validOrigins Array of valid origins | ||
| */ | ||
| UserSession.prototype.createPostMessageHandler = function (validOrigins) { | ||
| var _this = this; | ||
| // return a function that closes over the validOrigins and | ||
| // has access to the credential | ||
| return function (event) { | ||
| // Note: do not use regex's here. validOrigins is an array so we're checking that the event's origin | ||
| // is in the array via exact match. More info about avoiding postMessave xss issues here | ||
| // https://jlajara.gitlab.io/web/2020/07/17/Dom_XSS_PostMessage_2.html#tipsbypasses-in-postmessage-vulnerabilities | ||
| if (validOrigins.indexOf(event.origin) > -1) { | ||
| var credential = _this.toCredential(); | ||
| event.source.postMessage({ type: 'arcgis:auth:credential', credential: credential }, event.origin); | ||
| } | ||
| else { | ||
| event.source.postMessage({ type: 'arcgis:auth:rejected', message: "Rejected authentication request." }, event.origin); | ||
| } | ||
| }; | ||
| }; | ||
| /** | ||
| * Validates that a given URL is properly federated with our current `portal`. | ||
@@ -646,0 +754,0 @@ * Attempts to use the internal `trustedServers` cache first. |
| /* @preserve | ||
| * @esri/arcgis-rest-auth - v2.19.2 - Apache-2.0 | ||
| * @esri/arcgis-rest-auth - v2.20.0 - Apache-2.0 | ||
| * Copyright (c) 2017-2020 Esri, Inc. | ||
| * Tue Oct 13 2020 09:43:19 GMT-0600 (Mountain Daylight Time) | ||
| * Tue Oct 20 2020 10:34:05 GMT-0600 (Mountain Daylight Time) | ||
| */ | ||
| !function(e,r){"object"==typeof exports&&"undefined"!=typeof module?r(exports,require("@esri/arcgis-rest-request")):"function"==typeof define&&define.amd?define(["exports","@esri/arcgis-rest-request"],r):r((e="undefined"!=typeof globalThis?globalThis:e||self).arcgisRest=e.arcgisRest||{},e.arcgisRest)}(this,function(e,k){"use strict";var T=function(){return(T=Object.assign||function(e){for(var r,t=1,n=arguments.length;t<n;t++)for(var s in r=arguments[t])Object.prototype.hasOwnProperty.call(r,s)&&(e[s]=r[s]);return e}).apply(this,arguments)};function a(e,r){var t=r;return t.rawResponse=!1,k.request(e,t).then(function(e){var r={token:e.access_token,username:e.username,expires:new Date(Date.now()+(1e3*e.expires_in-1e3)),ssl:!0===e.ssl};return e.refresh_token&&(r.refreshToken=e.refresh_token),r})}var r=(t.prototype.getToken=function(e,r){return this.token&&this.expires&&this.expires.getTime()>Date.now()?Promise.resolve(this.token):(this._pendingTokenRequest||(this._pendingTokenRequest=this.refreshToken(r)),this._pendingTokenRequest)},t.prototype.refreshToken=function(e){var r=this,t=T({params:{client_id:this.clientId,client_secret:this.clientSecret,grant_type:"client_credentials",expiration:this.duration}},e);return a(this.portal+"/oauth2/token/",t).then(function(e){return r._pendingTokenRequest=null,r.token=e.token,r.expires=e.expires,e.token})},t.prototype.refreshSession=function(){var e=this;return this.refreshToken().then(function(){return e})},t);function t(e){this.clientId=e.clientId,this.clientSecret=e.clientSecret,this.token=e.token,this.expires=e.expires,this.portal=e.portal||"https://www.arcgis.com/sharing/rest",this.duration=e.duration||7200}function o(e,r){var t=r;return"undefined"!=typeof window&&window.location&&window.location.host?t.params.referer=window.location.host:t.params.referer=k.NODEJS_DEFAULT_REFERER_HEADER,k.request(e,t)}var s=/^https?:\/\/(\S+)\.arcgis\.com.+/;function h(e){return s.test(e)}function p(e){if(!s.test(e))return null;var r=e.match(s)[1].split(".").pop();return r.includes("dev")?"dev":r.includes("qa")?"qa":"production"}function i(e,r){var t=k.cleanUrl(function(e){if(!s.test(e))return e;switch(p(e)){case"dev":return"https://devext.arcgis.com/sharing/rest";case"qa":return"https://qaext.arcgis.com/sharing/rest";default:return"https://www.arcgis.com/sharing/rest"}}(r)).replace(/https?:\/\//,""),n=k.cleanUrl(e).replace(/https?:\/\//,"");return new RegExp(n,"i").test(t)}var n=(g.beginOAuth2=function(e,r){void 0===r&&(r=window);var t=T({portal:"https://www.arcgis.com/sharing/rest",provider:"arcgis",duration:20160,popup:!0,state:e.clientId,locale:""},e),s=t.portal,n=t.provider,o=t.clientId,i=t.duration,a=t.redirectUri,h=t.popup,p=t.state,u=t.locale,c=t.params,l="arcgis"===n?s+"/oauth2/authorize?client_id="+o+"&response_type=token&expiration="+i+"&redirect_uri="+encodeURIComponent(a)+"&state="+p+"&locale="+u:s+"/oauth2/social/authorize?client_id="+o+"&socialLoginProviderName="+n+"&autoAccountCreateForSocial=true&response_type=token&expiration="+i+"&redirect_uri="+encodeURIComponent(a)+"&state="+p+"&locale="+u;if(c&&(l=l+"&"+k.encodeQueryString(c)),h){var f,d=((f={promise:null,resolve:null,reject:null}).promise=new Promise(function(e,r){f.resolve=e,f.reject=r}),f);return r["__ESRI_REST_AUTH_HANDLER_"+o]=function(e,r){var t,n;e?(t=JSON.parse(e),d.reject(new k.ArcGISAuthError(t.errorMessage,t.error))):r&&(n=JSON.parse(r),d.resolve(new g({clientId:o,portal:s,ssl:n.ssl,token:n.token,tokenExpires:new Date(n.expires),username:n.username})))},r.open(l,"oauth-window","height=400,width=600,menubar=no,location=yes,resizable=yes,scrollbars=yes,status=yes"),d.promise}r.location.href=l},g.completeOAuth2=function(e,s){void 0===s&&(s=window);var r=T({portal:"https://www.arcgis.com/sharing/rest",popup:!0},e),o=r.portal,i=r.clientId,a=r.popup;function t(e,r){try{var t=void 0,n="__ESRI_REST_AUTH_HANDLER_"+i;if(a&&(s.opener?s.opener.parent&&s.opener.parent[n]?t=s.opener.parent[n]:s.opener&&s.opener[n]&&(t=s.opener[n]):s!==s.parent&&s.parent&&s.parent[n]&&(t=s.parent[n]),t))return t(e?JSON.stringify(e):void 0,JSON.stringify(r)),void s.close()}catch(e){throw new k.ArcGISAuthError('Unable to complete authentication. It\'s possible you specified popup based oAuth2 but no handler from "beginOAuth2()" present. This generally happens because the "popup" option differs between "beginOAuth2()" and "completeOAuth2()".')}if(e)throw new k.ArcGISAuthError(e.errorMessage,e.error);return new g({clientId:i,portal:o,ssl:r.ssl,token:r.token,tokenExpires:r.expires,username:r.username})}var n=k.decodeQueryString(s.location.hash);if(!n.access_token){var h=void 0,p="Unknown error";return n.error&&(h=n.error,p=n.error_description),t({error:h,errorMessage:p})}var u=n.access_token,c=new Date(Date.now()+1e3*parseInt(n.expires_in,10)-6e4),l=n.username;return t(void 0,{token:u,expires:c,ssl:"true"===n.ssl,username:l})},g.authorize=function(e,r){var t=T({portal:"https://arcgis.com/sharing/rest",duration:20160},e),n=t.portal,s=t.clientId,o=t.duration,i=t.redirectUri;r.writeHead(301,{Location:n+"/oauth2/authorize?client_id="+s+"&duration="+o+"&response_type=code&redirect_uri="+encodeURIComponent(i)}),r.end()},g.exchangeAuthorizationCode=function(e,r){var t=T({portal:"https://www.arcgis.com/sharing/rest",refreshTokenTTL:1440},e),n=t.portal,s=t.clientId,o=t.redirectUri,i=t.refreshTokenTTL;return a(n+"/oauth2/token",{params:{grant_type:"authorization_code",client_id:s,redirect_uri:o,code:r}}).then(function(e){return new g({clientId:s,portal:n,ssl:e.ssl,redirectUri:o,refreshToken:e.refreshToken,refreshTokenTTL:i,refreshTokenExpires:new Date(Date.now()+1e3*(i-1)),token:e.token,tokenExpires:e.expires,username:e.username})})},g.deserialize=function(e){var r=JSON.parse(e);return new g({clientId:r.clientId,refreshToken:r.refreshToken,refreshTokenExpires:new Date(r.refreshTokenExpires),username:r.username,password:r.password,token:r.token,tokenExpires:new Date(r.tokenExpires),portal:r.portal,ssl:r.ssl,tokenDuration:r.tokenDuration,redirectUri:r.redirectUri,refreshTokenTTL:r.refreshTokenTTL})},g.fromCredential=function(e){return new g({portal:e.server.includes("sharing/rest")?e.server:e.server+"/sharing/rest",ssl:e.ssl,token:e.token,username:e.userId,tokenExpires:new Date(e.expires)})},Object.defineProperty(g.prototype,"token",{get:function(){return this._token},enumerable:!1,configurable:!0}),Object.defineProperty(g.prototype,"tokenExpires",{get:function(){return this._tokenExpires},enumerable:!1,configurable:!0}),Object.defineProperty(g.prototype,"refreshToken",{get:function(){return this._refreshToken},enumerable:!1,configurable:!0}),Object.defineProperty(g.prototype,"refreshTokenExpires",{get:function(){return this._refreshTokenExpires},enumerable:!1,configurable:!0}),g.prototype.toCredential=function(){return{expires:this.tokenExpires.getTime(),server:this.portal,ssl:this.ssl,token:this.token,userId:this.username}},g.prototype.getUser=function(e){var r=this;if(this._pendingUserRequest)return this._pendingUserRequest;if(this._user)return Promise.resolve(this._user);var t=this.portal+"/community/self",n=T(T({httpMethod:"GET",authentication:this},e),{rawResponse:!1});return this._pendingUserRequest=k.request(t,n).then(function(e){return r._user=e,r._pendingUserRequest=null,e}),this._pendingUserRequest},g.prototype.getUsername=function(){return this.username?Promise.resolve(this.username):this._user?Promise.resolve(this._user.username):this.getUser().then(function(e){return e.username})},g.prototype.getToken=function(e,r){return t=this.portal,n=e,s=h(t),o=h(n),i=p(t),a=p(n),s&&o&&i===a||new RegExp(this.portal,"i").test(e)?this.getFreshToken(r):this.getTokenForServer(e,r);var t,n,s,o,i,a},g.prototype.toJSON=function(){return{clientId:this.clientId,refreshToken:this.refreshToken,refreshTokenExpires:this.refreshTokenExpires,username:this.username,password:this.password,token:this.token,tokenExpires:this.tokenExpires,portal:this.portal,ssl:this.ssl,tokenDuration:this.tokenDuration,redirectUri:this.redirectUri,refreshTokenTTL:this.refreshTokenTTL}},g.prototype.serialize=function(){return JSON.stringify(this)},g.prototype.refreshSession=function(e){return this._user=null,this.username&&this.password?this.refreshWithUsernameAndPassword(e):this.clientId&&this.refreshToken?this.refreshWithRefreshToken():Promise.reject(new k.ArcGISAuthError("Unable to refresh token."))},g.prototype.getServerRootUrl=function(e){var r=k.cleanUrl(e).split(/\/rest(\/admin)?\/services(?:\/|#|\?|$)/)[0].match(/(https?:\/\/)(.+)/),t=(r[0],r[1]),n=r[2].split("/"),s=n[0],o=n.slice(1);return""+t+s.toLowerCase()+"/"+o.join("/")},g.prototype.getTokenForServer=function(r,t){var n=this,s=this.getServerRootUrl(r),e=this.trustedServers[s];return e&&e.expires&&e.expires.getTime()>Date.now()?Promise.resolve(e.token):(this._pendingTokenRequests[s]||(this._pendingTokenRequests[s]=k.request(s+"/rest/info").then(function(e){if(e.owningSystemUrl){if(i(e.owningSystemUrl,n.portal))return k.request(e.owningSystemUrl+"/sharing/rest/info",t);throw new k.ArcGISAuthError(r+" is not federated with "+n.portal+".","NOT_FEDERATED")}if(e.authInfo&&void 0!==n.trustedServers[s])return Promise.resolve({authInfo:e.authInfo});throw new k.ArcGISAuthError(r+" is not federated with any portal and is not explicitly trusted.","NOT_FEDERATED")}).then(function(e){return e.authInfo.tokenServicesUrl}).then(function(e){return n.token&&n.tokenExpires.getTime()>Date.now()?o(e,{params:{token:n.token,serverUrl:r,expiration:n.tokenDuration,client:"referer"}}):o(e,{params:{username:n.username,password:n.password,expiration:n.tokenDuration,client:"referer"}}).then(function(e){return n._token=e.token,n._tokenExpires=new Date(e.expires),e})}).then(function(e){return n.trustedServers[s]={expires:new Date(e.expires),token:e.token},delete n._pendingTokenRequests[s],e.token})),this._pendingTokenRequests[s])},g.prototype.getFreshToken=function(e){var r=this;return this.token&&!this.tokenExpires||this.token&&this.tokenExpires&&this.tokenExpires.getTime()>Date.now()?Promise.resolve(this.token):(this._pendingTokenRequests[this.portal]||(this._pendingTokenRequests[this.portal]=this.refreshSession(e).then(function(e){return r._pendingTokenRequests[r.portal]=null,e.token})),this._pendingTokenRequests[this.portal])},g.prototype.refreshWithUsernameAndPassword=function(e){var r=this,t=T({params:{username:this.username,password:this.password,expiration:this.tokenDuration}},e);return o(this.portal+"/generateToken",t).then(function(e){return r._token=e.token,r._tokenExpires=new Date(e.expires),r})},g.prototype.refreshWithRefreshToken=function(e){var r=this;if(this.refreshToken&&this.refreshTokenExpires&&this.refreshTokenExpires.getTime()<Date.now())return this.refreshRefreshToken(e);var t=T({params:{client_id:this.clientId,refresh_token:this.refreshToken,grant_type:"refresh_token"}},e);return a(this.portal+"/oauth2/token",t).then(function(e){return r._token=e.token,r._tokenExpires=e.expires,r})},g.prototype.refreshRefreshToken=function(e){var r=this,t=T({params:{client_id:this.clientId,refresh_token:this.refreshToken,redirect_uri:this.redirectUri,grant_type:"exchange_refresh_token"}},e);return a(this.portal+"/oauth2/token",t).then(function(e){return r._token=e.token,r._tokenExpires=e.expires,r._refreshToken=e.refreshToken,r._refreshTokenExpires=new Date(Date.now()+60*(r.refreshTokenTTL-1)*1e3),r})},g);function g(e){var r;this.clientId=e.clientId,this._refreshToken=e.refreshToken,this._refreshTokenExpires=e.refreshTokenExpires,this.username=e.username,this.password=e.password,this._token=e.token,this._tokenExpires=e.tokenExpires,this.portal=e.portal?k.cleanUrl(e.portal):"https://www.arcgis.com/sharing/rest",this.ssl=e.ssl,this.provider=e.provider||"arcgis",this.tokenDuration=e.tokenDuration||20160,this.redirectUri=e.redirectUri,this.refreshTokenTTL=e.refreshTokenTTL||1440,this.trustedServers={},e.server&&(r=this.getServerRootUrl(e.server),this.trustedServers[r]={token:e.token,expires:e.tokenExpires}),this._pendingTokenRequests={}}e.ApplicationSession=r,e.UserSession=n,e.fetchToken=a,e.generateToken=o,Object.defineProperty(e,"__esModule",{value:!0})}); | ||
| !function(e,r){"object"==typeof exports&&"undefined"!=typeof module?r(exports,require("@esri/arcgis-rest-request")):"function"==typeof define&&define.amd?define(["exports","@esri/arcgis-rest-request"],r):r((e="undefined"!=typeof globalThis?globalThis:e||self).arcgisRest=e.arcgisRest||{},e.arcgisRest)}(this,function(e,k){"use strict";var g=function(){return(g=Object.assign||function(e){for(var r,t=1,n=arguments.length;t<n;t++)for(var s in r=arguments[t])Object.prototype.hasOwnProperty.call(r,s)&&(e[s]=r[s]);return e}).apply(this,arguments)};function a(e,r){var t=r;return t.rawResponse=!1,k.request(e,t).then(function(e){var r={token:e.access_token,username:e.username,expires:new Date(Date.now()+(1e3*e.expires_in-1e3)),ssl:!0===e.ssl};return e.refresh_token&&(r.refreshToken=e.refresh_token),r})}var r=(t.prototype.getToken=function(e,r){return this.token&&this.expires&&this.expires.getTime()>Date.now()?Promise.resolve(this.token):(this._pendingTokenRequest||(this._pendingTokenRequest=this.refreshToken(r)),this._pendingTokenRequest)},t.prototype.refreshToken=function(e){var r=this,t=g({params:{client_id:this.clientId,client_secret:this.clientSecret,grant_type:"client_credentials",expiration:this.duration}},e);return a(this.portal+"/oauth2/token/",t).then(function(e){return r._pendingTokenRequest=null,r.token=e.token,r.expires=e.expires,e.token})},t.prototype.refreshSession=function(){var e=this;return this.refreshToken().then(function(){return e})},t);function t(e){this.clientId=e.clientId,this.clientSecret=e.clientSecret,this.token=e.token,this.expires=e.expires,this.portal=e.portal||"https://www.arcgis.com/sharing/rest",this.duration=e.duration||7200}function o(e,r){var t=r;return"undefined"!=typeof window&&window.location&&window.location.host?t.params.referer=window.location.host:t.params.referer=k.NODEJS_DEFAULT_REFERER_HEADER,k.request(e,t)}var s=/^https?:\/\/(\S+)\.arcgis\.com.+/;function h(e){return s.test(e)}function p(e){if(!s.test(e))return null;var r=e.match(s)[1].split(".").pop();return r.includes("dev")?"dev":r.includes("qa")?"qa":"production"}function i(e,r){var t=k.cleanUrl(function(e){if(!s.test(e))return e;switch(p(e)){case"dev":return"https://devext.arcgis.com/sharing/rest";case"qa":return"https://qaext.arcgis.com/sharing/rest";default:return"https://www.arcgis.com/sharing/rest"}}(r)).replace(/https?:\/\//,""),n=k.cleanUrl(e).replace(/https?:\/\//,"");return new RegExp(n,"i").test(t)}var n=(Object.defineProperty(w.prototype,"token",{get:function(){return this._token},enumerable:!1,configurable:!0}),Object.defineProperty(w.prototype,"tokenExpires",{get:function(){return this._tokenExpires},enumerable:!1,configurable:!0}),Object.defineProperty(w.prototype,"refreshToken",{get:function(){return this._refreshToken},enumerable:!1,configurable:!0}),Object.defineProperty(w.prototype,"refreshTokenExpires",{get:function(){return this._refreshTokenExpires},enumerable:!1,configurable:!0}),w.beginOAuth2=function(e,r){void 0===r&&(r=window);var t=g({portal:"https://www.arcgis.com/sharing/rest",provider:"arcgis",duration:20160,popup:!0,state:e.clientId,locale:""},e),s=t.portal,n=t.provider,o=t.clientId,i=t.duration,a=t.redirectUri,h=t.popup,p=t.state,u=t.locale,c=t.params,l="arcgis"===n?s+"/oauth2/authorize?client_id="+o+"&response_type=token&expiration="+i+"&redirect_uri="+encodeURIComponent(a)+"&state="+p+"&locale="+u:s+"/oauth2/social/authorize?client_id="+o+"&socialLoginProviderName="+n+"&autoAccountCreateForSocial=true&response_type=token&expiration="+i+"&redirect_uri="+encodeURIComponent(a)+"&state="+p+"&locale="+u;if(c&&(l=l+"&"+k.encodeQueryString(c)),h){var d,f=((d={promise:null,resolve:null,reject:null}).promise=new Promise(function(e,r){d.resolve=e,d.reject=r}),d);return r["__ESRI_REST_AUTH_HANDLER_"+o]=function(e,r){var t,n;e?(t=JSON.parse(e),f.reject(new k.ArcGISAuthError(t.errorMessage,t.error))):r&&(n=JSON.parse(r),f.resolve(new w({clientId:o,portal:s,ssl:n.ssl,token:n.token,tokenExpires:new Date(n.expires),username:n.username})))},r.open(l,"oauth-window","height=400,width=600,menubar=no,location=yes,resizable=yes,scrollbars=yes,status=yes"),f.promise}r.location.href=l},w.completeOAuth2=function(e,s){void 0===s&&(s=window);var r=g({portal:"https://www.arcgis.com/sharing/rest",popup:!0},e),o=r.portal,i=r.clientId,a=r.popup;function t(e,r){try{var t=void 0,n="__ESRI_REST_AUTH_HANDLER_"+i;if(a&&(s.opener?s.opener.parent&&s.opener.parent[n]?t=s.opener.parent[n]:s.opener&&s.opener[n]&&(t=s.opener[n]):s!==s.parent&&s.parent&&s.parent[n]&&(t=s.parent[n]),t))return t(e?JSON.stringify(e):void 0,JSON.stringify(r)),void s.close()}catch(e){throw new k.ArcGISAuthError('Unable to complete authentication. It\'s possible you specified popup based oAuth2 but no handler from "beginOAuth2()" present. This generally happens because the "popup" option differs between "beginOAuth2()" and "completeOAuth2()".')}if(e)throw new k.ArcGISAuthError(e.errorMessage,e.error);return new w({clientId:i,portal:o,ssl:r.ssl,token:r.token,tokenExpires:r.expires,username:r.username})}var n=k.decodeQueryString(s.location.hash);if(!n.access_token){var h=void 0,p="Unknown error";return n.error&&(h=n.error,p=n.error_description),t({error:h,errorMessage:p})}var u=n.access_token,c=new Date(Date.now()+1e3*parseInt(n.expires_in,10)-6e4),l=n.username;return t(void 0,{token:u,expires:c,ssl:"true"===n.ssl,username:l})},w.fromParent=function(n,s){var o;return!s&&window&&(s=window),new Promise(function(r,t){o=function(e){if(e.origin===n)try{return r(w.parentMessageHandler(e))}catch(e){return t(e)}},s.addEventListener("message",o,!1),s.parent.postMessage({type:"arcgis:auth:requestCredential"},n)}).then(function(e){return s.removeEventListener("message",o,!1),e})},w.authorize=function(e,r){var t=g({portal:"https://arcgis.com/sharing/rest",duration:20160},e),n=t.portal,s=t.clientId,o=t.duration,i=t.redirectUri;r.writeHead(301,{Location:n+"/oauth2/authorize?client_id="+s+"&duration="+o+"&response_type=code&redirect_uri="+encodeURIComponent(i)}),r.end()},w.exchangeAuthorizationCode=function(e,r){var t=g({portal:"https://www.arcgis.com/sharing/rest",refreshTokenTTL:1440},e),n=t.portal,s=t.clientId,o=t.redirectUri,i=t.refreshTokenTTL;return a(n+"/oauth2/token",{params:{grant_type:"authorization_code",client_id:s,redirect_uri:o,code:r}}).then(function(e){return new w({clientId:s,portal:n,ssl:e.ssl,redirectUri:o,refreshToken:e.refreshToken,refreshTokenTTL:i,refreshTokenExpires:new Date(Date.now()+1e3*(i-1)),token:e.token,tokenExpires:e.expires,username:e.username})})},w.deserialize=function(e){var r=JSON.parse(e);return new w({clientId:r.clientId,refreshToken:r.refreshToken,refreshTokenExpires:new Date(r.refreshTokenExpires),username:r.username,password:r.password,token:r.token,tokenExpires:new Date(r.tokenExpires),portal:r.portal,ssl:r.ssl,tokenDuration:r.tokenDuration,redirectUri:r.redirectUri,refreshTokenTTL:r.refreshTokenTTL})},w.fromCredential=function(e){return new w({portal:e.server.includes("sharing/rest")?e.server:e.server+"/sharing/rest",ssl:e.ssl,token:e.token,username:e.userId,tokenExpires:new Date(e.expires)})},w.parentMessageHandler=function(e){if("arcgis:auth:credential"===e.data.type)return w.fromCredential(e.data.credential);throw"arcgis:auth:rejected"===e.data.type?new Error(e.data.message):new Error("Unknown message type.")},w.prototype.toCredential=function(){return{expires:this.tokenExpires.getTime(),server:this.portal,ssl:this.ssl,token:this.token,userId:this.username}},w.prototype.getUser=function(e){var r=this;if(this._pendingUserRequest)return this._pendingUserRequest;if(this._user)return Promise.resolve(this._user);var t=this.portal+"/community/self",n=g(g({httpMethod:"GET",authentication:this},e),{rawResponse:!1});return this._pendingUserRequest=k.request(t,n).then(function(e){return r._user=e,r._pendingUserRequest=null,e}),this._pendingUserRequest},w.prototype.getUsername=function(){return this.username?Promise.resolve(this.username):this._user?Promise.resolve(this._user.username):this.getUser().then(function(e){return e.username})},w.prototype.getToken=function(e,r){return t=this.portal,n=e,s=h(t),o=h(n),i=p(t),a=p(n),s&&o&&i===a||new RegExp(this.portal,"i").test(e)?this.getFreshToken(r):this.getTokenForServer(e,r);var t,n,s,o,i,a},w.prototype.toJSON=function(){return{clientId:this.clientId,refreshToken:this.refreshToken,refreshTokenExpires:this.refreshTokenExpires,username:this.username,password:this.password,token:this.token,tokenExpires:this.tokenExpires,portal:this.portal,ssl:this.ssl,tokenDuration:this.tokenDuration,redirectUri:this.redirectUri,refreshTokenTTL:this.refreshTokenTTL}},w.prototype.serialize=function(){return JSON.stringify(this)},w.prototype.enablePostMessageAuth=function(e,r){!r&&window&&(r=window),this._hostHandler=this.createPostMessageHandler(e),r.addEventListener("message",this._hostHandler,!1)},w.prototype.disablePostMessageAuth=function(e){!e&&window&&(e=window),e.removeEventListener("message",this._hostHandler,!1)},w.prototype.refreshSession=function(e){return this._user=null,this.username&&this.password?this.refreshWithUsernameAndPassword(e):this.clientId&&this.refreshToken?this.refreshWithRefreshToken():Promise.reject(new k.ArcGISAuthError("Unable to refresh token."))},w.prototype.getServerRootUrl=function(e){var r=k.cleanUrl(e).split(/\/rest(\/admin)?\/services(?:\/|#|\?|$)/)[0].match(/(https?:\/\/)(.+)/),t=(r[0],r[1]),n=r[2].split("/"),s=n[0],o=n.slice(1);return""+t+s.toLowerCase()+"/"+o.join("/")},w.prototype.createPostMessageHandler=function(t){var n=this;return function(e){var r;-1<t.indexOf(e.origin)?(r=n.toCredential(),e.source.postMessage({type:"arcgis:auth:credential",credential:r},e.origin)):e.source.postMessage({type:"arcgis:auth:rejected",message:"Rejected authentication request."},e.origin)}},w.prototype.getTokenForServer=function(r,t){var n=this,s=this.getServerRootUrl(r),e=this.trustedServers[s];return e&&e.expires&&e.expires.getTime()>Date.now()?Promise.resolve(e.token):(this._pendingTokenRequests[s]||(this._pendingTokenRequests[s]=k.request(s+"/rest/info").then(function(e){if(e.owningSystemUrl){if(i(e.owningSystemUrl,n.portal))return k.request(e.owningSystemUrl+"/sharing/rest/info",t);throw new k.ArcGISAuthError(r+" is not federated with "+n.portal+".","NOT_FEDERATED")}if(e.authInfo&&void 0!==n.trustedServers[s])return Promise.resolve({authInfo:e.authInfo});throw new k.ArcGISAuthError(r+" is not federated with any portal and is not explicitly trusted.","NOT_FEDERATED")}).then(function(e){return e.authInfo.tokenServicesUrl}).then(function(e){return n.token&&n.tokenExpires.getTime()>Date.now()?o(e,{params:{token:n.token,serverUrl:r,expiration:n.tokenDuration,client:"referer"}}):o(e,{params:{username:n.username,password:n.password,expiration:n.tokenDuration,client:"referer"}}).then(function(e){return n._token=e.token,n._tokenExpires=new Date(e.expires),e})}).then(function(e){return n.trustedServers[s]={expires:new Date(e.expires),token:e.token},delete n._pendingTokenRequests[s],e.token})),this._pendingTokenRequests[s])},w.prototype.getFreshToken=function(e){var r=this;return this.token&&!this.tokenExpires||this.token&&this.tokenExpires&&this.tokenExpires.getTime()>Date.now()?Promise.resolve(this.token):(this._pendingTokenRequests[this.portal]||(this._pendingTokenRequests[this.portal]=this.refreshSession(e).then(function(e){return r._pendingTokenRequests[r.portal]=null,e.token})),this._pendingTokenRequests[this.portal])},w.prototype.refreshWithUsernameAndPassword=function(e){var r=this,t=g({params:{username:this.username,password:this.password,expiration:this.tokenDuration}},e);return o(this.portal+"/generateToken",t).then(function(e){return r._token=e.token,r._tokenExpires=new Date(e.expires),r})},w.prototype.refreshWithRefreshToken=function(e){var r=this;if(this.refreshToken&&this.refreshTokenExpires&&this.refreshTokenExpires.getTime()<Date.now())return this.refreshRefreshToken(e);var t=g({params:{client_id:this.clientId,refresh_token:this.refreshToken,grant_type:"refresh_token"}},e);return a(this.portal+"/oauth2/token",t).then(function(e){return r._token=e.token,r._tokenExpires=e.expires,r})},w.prototype.refreshRefreshToken=function(e){var r=this,t=g({params:{client_id:this.clientId,refresh_token:this.refreshToken,redirect_uri:this.redirectUri,grant_type:"exchange_refresh_token"}},e);return a(this.portal+"/oauth2/token",t).then(function(e){return r._token=e.token,r._tokenExpires=e.expires,r._refreshToken=e.refreshToken,r._refreshTokenExpires=new Date(Date.now()+60*(r.refreshTokenTTL-1)*1e3),r})},w);function w(e){var r;this.clientId=e.clientId,this._refreshToken=e.refreshToken,this._refreshTokenExpires=e.refreshTokenExpires,this.username=e.username,this.password=e.password,this._token=e.token,this._tokenExpires=e.tokenExpires,this.portal=e.portal?k.cleanUrl(e.portal):"https://www.arcgis.com/sharing/rest",this.ssl=e.ssl,this.provider=e.provider||"arcgis",this.tokenDuration=e.tokenDuration||20160,this.redirectUri=e.redirectUri,this.refreshTokenTTL=e.refreshTokenTTL||1440,this.trustedServers={},e.server&&(r=this.getServerRootUrl(e.server),this.trustedServers[r]={token:e.token,expires:e.tokenExpires}),this._pendingTokenRequests={}}e.ApplicationSession=r,e.UserSession=n,e.fetchToken=a,e.generateToken=o,Object.defineProperty(e,"__esModule",{value:!0})}); | ||
| //# sourceMappingURL=auth.umd.min.js.map |
| { | ||
| "name": "@esri/arcgis-rest-auth", | ||
| "version": "2.19.2", | ||
| "version": "2.20.0", | ||
| "description": "Authentication helpers for @esri/arcgis-rest-js.", | ||
@@ -16,7 +16,7 @@ "main": "dist/node/index.js", | ||
| "dependencies": { | ||
| "@esri/arcgis-rest-types": "^2.19.2", | ||
| "@esri/arcgis-rest-types": "^2.20.0", | ||
| "tslib": "^1.13.0" | ||
| }, | ||
| "devDependencies": { | ||
| "@esri/arcgis-rest-request": "^2.19.2" | ||
| "@esri/arcgis-rest-request": "^2.20.0" | ||
| }, | ||
@@ -23,0 +23,0 @@ "peerDependencies": { |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by11.98%
330830
- Lines of code
- increased by12.31%
3358