New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
solid-auth-client
Advanced tools
solid-auth-client - npm Package Compare versions
Comparing version 0.5.1 to 1.0.0-0
@@ -105,3 +105,3 @@ 'use strict'; | ||
| var resp = getResponse(data); | ||
| if (origin !== serverOrigin || !resp) { | ||
| if (serverOrigin !== '*' && origin !== serverOrigin || !resp) { | ||
| return; | ||
@@ -127,3 +127,3 @@ } | ||
| var server = exports.server = function server(childWindow, childOrigin) { | ||
| var server = exports.server = function server(clientWindow, clientOrigin) { | ||
| return function (handle) { | ||
@@ -148,3 +148,3 @@ var messageListener = function () { | ||
| case 4: | ||
| if (!(origin !== childOrigin)) { | ||
| if (!(origin !== clientOrigin)) { | ||
| _context.next = 7; | ||
@@ -154,3 +154,3 @@ break; | ||
| console.warn('SECURITY WARNING: solid-auth-client is listening for messages from ' + childOrigin + ',' + (' but received a message from ' + origin + '.')); | ||
| console.warn('SECURITY WARNING: solid-auth-client is listening for messages from ' + clientOrigin + ', ' + ('but received a message from ' + origin + '. Ignoring the message.')); | ||
| return _context.abrupt('return'); | ||
@@ -166,3 +166,3 @@ | ||
| if (resp) { | ||
| childWindow.postMessage(namespace(resp), childOrigin); | ||
| clientWindow.postMessage(namespace(resp), clientOrigin); | ||
| } | ||
@@ -182,13 +182,14 @@ | ||
| }(); | ||
| var s = { | ||
| var _server = { | ||
| start: function start() { | ||
| window.addEventListener('message', messageListener); | ||
| return s; | ||
| return _server; | ||
| }, | ||
| stop: function stop() { | ||
| window.removeEventListener('message', messageListener); | ||
| return s; | ||
| return _server; | ||
| } | ||
| }; | ||
| return s; | ||
| return _server; | ||
| }; | ||
@@ -195,0 +196,0 @@ }; |
@@ -6,3 +6,3 @@ 'use strict'; | ||
| }); | ||
| exports.openIdpSelector = exports.startPopupServer = exports.loginHandler = exports.storageHandler = undefined; | ||
| exports.openIdpSelector = exports.startPopupServer = exports.appOriginHandler = exports.loginHandler = exports.storageHandler = undefined; | ||
@@ -24,3 +24,3 @@ var _promise = require('babel-runtime/core-js/promise'); | ||
| var popupAppRequestHandler = function popupAppRequestHandler(store, options, foundSessionCb) { | ||
| return (0, _ipc.combineHandlers)(storageHandler(store), loginHandler(options, foundSessionCb)); | ||
| return (0, _ipc.combineHandlers)(storageHandler(store), loginHandler(options, foundSessionCb), appOriginHandler); | ||
| }; | ||
@@ -77,2 +77,9 @@ | ||
| var appOriginHandler = exports.appOriginHandler = function appOriginHandler(req) { | ||
| var id = req.id, | ||
| method = req.method; | ||
| return method === 'getAppOrigin' ? _promise2.default.resolve({ id: id, ret: window.location.origin }) : null; | ||
| }; | ||
| var startPopupServer = exports.startPopupServer = function startPopupServer(store, childWindow, options) { | ||
@@ -79,0 +86,0 @@ return new _promise2.default(function (resolve, reject) { |
@@ -89,7 +89,9 @@ 'use strict'; | ||
| newData = update(currentData); | ||
| _context2.next = 6; | ||
| return store.setItem(NAMESPACE, (0, _stringify2.default)(newData)); | ||
| store.setItem(NAMESPACE, (0, _stringify2.default)(newData)); | ||
| case 6: | ||
| return _context2.abrupt('return', newData); | ||
| case 6: | ||
| case 7: | ||
| case 'end': | ||
@@ -96,0 +98,0 @@ return _context2.stop(); |
| { | ||
| "name": "solid-auth-client", | ||
| "version": "0.5.1", | ||
| "version": "1.0.0-0", | ||
| "description": "Opaquely authenticates solid clients", | ||
| "main": "lib/index.js", | ||
| "bin": "./bin/solid-auth-client.js", | ||
| "files": [ | ||
| "lib", | ||
| "dist-lib" | ||
| "bin", | ||
| "dist-lib", | ||
| "dist-popup", | ||
| "lib" | ||
| ], | ||
@@ -17,5 +20,5 @@ "repository": "git@github.com:solid/solid-auth-client.git", | ||
| "jest": "jest src", | ||
| "format": "prettier --parser flow --no-semi --single-quote --write '{src,demo,popup-app}/**/*.js'", | ||
| "format": "prettier --parser flow --no-semi --single-quote --write '{src,bin,demo,popup-app}/**/*.js'", | ||
| "prelint": "yarn format", | ||
| "lint": "eslint '{src,demo,popup-app}/**/*.js'", | ||
| "lint": "eslint '{src,bin,demo,popup-app}/**/*.js'", | ||
| "pretest": "flow && yarn lint", | ||
@@ -26,3 +29,3 @@ "test": "yarn jest", | ||
| "coverage:report": "cat ./coverage/lcov.info | coveralls", | ||
| "build": "yarn build:lib && yarn build:lib:umd", | ||
| "build": "yarn build:lib && yarn build:lib:umd && yarn build:popup:template", | ||
| "build:lib": "rm -rf lib && babel --ignore '**.spec.js' src -d lib", | ||
@@ -32,2 +35,3 @@ "build:lib:umd": "webpack --config=./webpack/webpack.lib.config.js -p", | ||
| "build:popup": "webpack --config=./webpack/webpack.popup.config.js -p && rm ./dist-popup/popup.bundle.js", | ||
| "build:popup:template": "cross-env APP_NAME='{{APP_NAME}}' yarn build:popup", | ||
| "preversion": "yarn test", | ||
@@ -40,2 +44,3 @@ "postversion": "git push --follow-tags", | ||
| "auth-header": "^0.3.1", | ||
| "commander": "^2.11.0", | ||
| "isomorphic-fetch": "^2.2.1", | ||
@@ -59,4 +64,4 @@ "uuid": "^3.1.0" | ||
| "coveralls": "^2.13.1", | ||
| "cross-env": "^5.0.5", | ||
| "css-loader": "^0.28.4", | ||
| "dotenv-webpack": "^1.5.4", | ||
| "eslint": "^4.5.0", | ||
@@ -93,2 +98,3 @@ "eslint-config-prettier": "^2.3.0", | ||
| "coveragePathIgnorePatterns": [ | ||
| "bin", | ||
| "demo", | ||
@@ -95,0 +101,0 @@ "popup-app" |
@@ -28,3 +28,6 @@ # solid-auth-client | ||
| The simplest way to use this library is to install it via `npm` or `yarn`. You can then use the ES6 module (`import { login, currentUser, logout } from 'solid-auth-client'`), or you can grab the transpiled UMD bundle from `node_modules/solid-auth-client/dist-lib/solid-auth-client.bundle.js`. | ||
| The simplest way to use this library is to install it via `npm` or `yarn`. | ||
| You can then use the ES6 module (`import { login, currentUser, logout } from | ||
| 'solid-auth-client'`), or you can grab the transpiled UMD bundle from | ||
| `node_modules/solid-auth-client/dist-lib/solid-auth-client.bundle.js`. | ||
@@ -138,35 +141,21 @@ ## API | ||
| To use the popup login flow, you'll need a popup application running on a | ||
| trusted domain which authenticates the user, handles redirects, and messages the | ||
| authenticated session back to your application. | ||
| trusted domain which authenticates the user, handles redirects, and messages | ||
| the authenticated session back to your application. | ||
| Due to the possible redirects and the security model of `window.postMessage`, | ||
| you'll need to build a static popup app bound to your application's origin. | ||
| In order to tell the user they're logging into *your* app, you'll need to | ||
| build a static popup bound to your application's name. | ||
| Keeping this in mind, here's how to get things working. | ||
| Keeping this in mind, it's pretty simple to build a popup for your app! | ||
| 0. Clone this repo and set up your development environment according to the | ||
| [Developing](#developing) section. | ||
| 1. Create your `.env.popup` file. This file declares your application name and | ||
| origin. | ||
| 0. Make sure you've got the `solid-auth-client` package installed locally. | ||
| ```sh | ||
| $ cp .env.popup.example .env.popup | ||
| $ npm i solid-auth-client # [--save | --save-dev] | ||
| ``` | ||
| 2. Edit the `TRUSTED_APP_NAME` and `TRUSTED_APP_ORIGIN` fields of the new | ||
| `.env.popup` file to match your app's name and origin. | ||
| 1. Run the build script! | ||
| ```sh | ||
| $ $EDITOR .env.popup # Change TRUSTED_APP_NAME and TRUSTED_APP_ORIGIN | ||
| $ solid-auth-client generate-popup "My App's Name" # [my-app-popup.html] | ||
| ``` | ||
| 3. Run the build script to generate the app as a static HTML bundle. | ||
| section. | ||
| ```sh | ||
| $ yarn build:popup | ||
| ``` | ||
| 4. The app now lives in `dist-popup/popup.html`. You can now set up a route in | ||
| your application to the popup app. | ||
| 5. If your popup now lives at e.g. 'https://localhost:8080/popup.html', | ||
| 2. If your popup is deployed to e.g. 'https://localhost:8080/popup.html', | ||
| call `popupLogin('https://localhost:8080/popup.html')`. | ||
@@ -196,29 +185,9 @@ | ||
| ```sh | ||
| $ cp .env.demo.example .env.demo && $EDITOR .env.demo # configure the demo app | ||
| $ yarn start:demo | ||
| $ POPUP_URI='http://localhost:8081/popup.html' yarn start:demo | ||
| ``` | ||
| #### Configuration | ||
| The demo app is configurable via the `.env.demo` file. The important fields are: | ||
| - IDP_SELECT_URI: URI for the popup-based IDP select app. When testing | ||
| locally, this will be something like 'http://localhost:XXXX/popup.html' | ||
| - CALLBACK_URI: URI for the popup-based callback app. When testing locally, | ||
| this will be something like 'http://localhost:XXXX/popup.html' | ||
| ### Building the popup app | ||
| ```sh | ||
| $ cp .env.popup.example .env.popup && $EDITOR .env.popup # configure the popup app | ||
| $ yarn start:popup | ||
| $ APP_NAME='solid-auth-client demo' yarn start:popup | ||
| ``` | ||
| #### Configuration | ||
| The popup app is configurable via the `.env.popup` file. The important fields are: | ||
| - TRUSTED_APP_NAME: Name of the trusted application the popup is working on | ||
| behalf of. | ||
| - TRUSTED_APP_ORIGIN: Origin of the trusted application the popup is working | ||
| on behalf of. |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
New alerts
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by14.36%
1688936
- Number of package files
- increased by11.11%
20
- Lines of code
- increased by3.44%
2162
Worsened metrics
- Dependency count
- increased by25%
5
- Number of lines in readme file
- decreased by-13.96%
191
- Number of low supply chain risk alerts
- increased by100%
2
Dependency changes
+ Addedcommander@^2.11.0
+ Addedcommander@2.20.3(transitive)