@ordergroove/auth - npm Package Compare versions

Comparing version 2.2.0 to 2.2.1-alpha-PR-576-3.39

dist/auth.js

@@ -1,2 +0,2 @@
-var r=/^og_auth=/,s=(e=r)=>(document.cookie.split(/;\s*/).find(n=>n.match(e))||"").replace(r,""),i=e=>{if(typeof e=="object")return e;let n=(e||"").split("|");return n.length===3?{sig_field:n[0],ts:parseInt(n[1],10),sig:n[2]}:null},p=e=>new Promise((n,o)=>{let t=document.createElement("iframe");t.style.setProperty("display","none","important"),document.body.appendChild(t),t.onload=n,t.onerror=o,t.src=e}),c=e=>(e.headers.get("content-type")||"").indexOf("application/json")!==-1,l=(e,n=s,o=p)=>Promise.resolve(n()||e&&typeof e=="string"&&fetch(e).then(t=>t.status>=200&&t.status<300?n()||(c(t)?t.json():Promise.resolve(o(e)).then(n)):null)).then(i).then(t=>t===null?Promise.reject(new Error("Unauthorized")):t),a=l;export{a as default,p as iframeLoad,c as isJsonResponse,r as ogAuthRegExp,i as parseAuth,s as readAuthCookie,l as resolveAuth};
+var i=/^og_auth=/,c=(t=i)=>(document.cookie.split(/;\s*/).find(n=>n.match(t))||"").replace(i,""),r=t=>{if(typeof t=="object")return t;let n=String(t||"").split("|");return n.length===3?{sig_field:n[0],ts:parseInt(n[1],10),sig:n[2]}:null},p=t=>new Promise((n,s)=>{let e=document.createElement("iframe");e.style.setProperty("display","none","important"),document.body.appendChild(e),e.onload=n,e.onerror=s,e.src=t}),d=t=>(t.headers.get("content-type")||"").indexOf("application/json")!==-1;function a(){return typeof window.og_auth!="undefined"?r(window.og_auth):null}async function f(t=100){return new Promise(n=>{setTimeout(()=>n(a()),t)})}async function u(t,n=c,s=p){let e;if(e=r(n())||r(a()),e)return e;if(t&&typeof t=="string"){let o=await fetch(t);o.status>=200&&o.status<300&&(e=n()||await(d(o)?o.json():Promise.resolve(s(t)).then(n)))}else e||(e=await f());if(e=r(e),e)return e;throw new Error("Unauthorized")}var l=u;export{l as default,p as iframeLoad,d as isJsonResponse,i as ogAuthRegExp,r as parseAuth,c as readAuthCookie,u as resolveAuth};
 //# sourceMappingURL=auth.js.map

package.json

 {
   "name": "@ordergroove/auth",
-  "version": "2.2.0",
+  "version": "2.2.1-alpha-PR-576-3.39+adf67759",
   "description": "",
@@ -28,3 +28,3 @@ "main": "dist/auth.js",
   "license": "ISC",
-  "gitHead": "5a104d20766e12bc957a4f052eb293facf8f26e5"
+  "gitHead": "adf67759424245c191b298426b53cd997ea6b0b6"
 }

src/index.js

@@ -16,3 +16,3 @@ export const ogAuthRegExp = /^og_auth=/;
   if (typeof authCookie === 'object') return authCookie;
-  const parts = (authCookie || '').split('|');
+  const parts = String(authCookie || '').split('|');
 
@@ -53,2 +53,23 @@ return parts.length === 3
 /**
+ * Reads auth from window.og_auth
+ * @returns
+ */
+function _readStaticAuth() {
+  if (typeof window.og_auth !== 'undefined') {
+    return parseAuth(window.og_auth);
+  }
+  return null;
+}
+/**
+ * Waits 100ms to read window.og_auth value
+ * @param {int} ms
+ * @returns
+ */
+async function _delayedReadStaticAuth(ms = 100) {
+  return new Promise(res => {
+    setTimeout(() => res(_readStaticAuth()), ms);
+  });
+}
+
+/**
  * Given a merchant auth endpoint this function tries to resolve the current auth.
@@ -61,24 +82,33 @@ * If og_auth is in cookie it returns it, otherwise it call the merchant auth endpoint detecting
  * @param {*} _iframeLoad method to load an iframe (for test purpose)
- */ export const resolveAuth = (auth_url, _readAuthCookie = readAuthCookie, _iframeLoad = iframeLoad) => {
-  return Promise.resolve(
-    _readAuthCookie() ||
-      (auth_url &&
-        typeof auth_url === 'string' &&
-        fetch(auth_url).then(response => {
-          // https://github.com/github/fetch/issues/386#issuecomment-243145797
-          // detect if cookie was written by latest request
-          if (response.status >= 200 && response.status < 300)
-            return (
-              _readAuthCookie() ||
-              (isJsonResponse(response)
-                ? response.json()
-                : Promise.resolve(_iframeLoad(auth_url)).then(_readAuthCookie))
-            );
-          return null;
-        }))
-  )
-    .then(parseAuth)
-    .then(rs => (rs === null ? Promise.reject(new Error('Unauthorized')) : rs));
-};
+ */
+export async function resolveAuth(auth_url, _readAuthCookie = readAuthCookie, _iframeLoad = iframeLoad) {
+  let auth;
+  auth = parseAuth(_readAuthCookie()) || parseAuth(_readStaticAuth());
 
+  if (auth) {
+    return auth;
+  }
+
+  if (auth_url && typeof auth_url === 'string') {
+    const response = await fetch(auth_url);
+    // https://github.com/github/fetch/issues/386#issuecomment-243145797
+    // detect if cookie was written by latest request
+    if (response.status >= 200 && response.status < 300) {
+      auth =
+        _readAuthCookie() ||
+        (await (isJsonResponse(response)
+          ? response.json()
+          : Promise.resolve(_iframeLoad(auth_url)).then(_readAuthCookie)));
+    }
+  } else if (!auth) {
+    // If there is no auth_url and no auth at this point
+    // lets wait for 100 ms to see if window.og_auth is set via js on DOM
+    auth = await _delayedReadStaticAuth();
+  }
+
+  auth = parseAuth(auth);
+  if (auth) return auth;
+  throw new Error('Unauthorized');
+}
+
 export default resolveAuth;

src/index.spec.js

@@ -111,4 +111,7 @@ import fetchMock from 'fetch-mock';
     await resolveAuth('/auth', readOgAuthCookie, iframeLoad).then(
-      () => Promise.reject(new Error('should not enter here')),
       err => {
+        console.log(err);
+        return Promise.reject(new Error('should not enter here'));
+      },
+      err => {
         expect(err).toEqual(new Error('Unauthorized'));
@@ -121,2 +124,27 @@ expect(fetchMock.calls().length).toEqual(1);
   });
+
+  it('should resolve static auth if present ', async () => {
+    window.og_auth = 'foo|123|baz';
+    const res = await resolveAuth();
+    expect(res).toEqual({ sig_field: 'foo', ts: 123, sig: 'baz' });
+    delete window.og_auth;
+  });
+
+  it('should allow set og_auth after 100 ms ', async () => {
+    delete window.og_auth;
+    const res = resolveAuth();
+    await new Promise(yes => setTimeout(yes, 99));
+    window.og_auth = 'foo|123|baz';
+    expect(await res).toEqual({ sig_field: 'foo', ts: 123, sig: 'baz' });
+    delete window.og_auth;
+  });
+
+  it('should ignore cookie if garbage ', async () => {
+    document.cookie += 'og_auth=garbage;';
+    const res = resolveAuth();
+    window.og_auth = 'foo|123|baz';
+    expect(await res).toEqual({ sig_field: 'foo', ts: 123, sig: 'baz' });
+    delete window.og_auth;
+    document.cookie += 'og_auth=;';
+  });
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

22253

increased by13.04%

Lines of code

278

increased by22.47%

Worsened metrics

Number of low quality alerts

2

increased by100%

Number of medium supply chain risk alerts

3

increased by50%

No dependency changes