) => {\r\n setAnchorEl(event.currentTarget);\r\n };\r\n const handleClose = () => {\r\n setAnchorEl(null);\r\n };\r\n\r\n return (\r\n \r\n {!isIcon ? (\r\n \r\n {children}\r\n \r\n ) : (\r\n \r\n {children}\r\n \r\n )\r\n }\r\n
\r\n );\r\n}\r\n\r\nexport default BasicMenu;","import { useMsal } from '@azure/msal-react';\r\nimport { Button } from '@mui/material'\r\n\r\ninterface Props {\r\n width?: string | number,\r\n buttonVariant?: \"contained\" | \"text\" | \"outlined\"\r\n}\r\n\r\nconst LogoutButton = ({ width = \"50%\", buttonVariant = \"contained\" }: Props) => {\r\n const { instance } = useMsal();\r\n\r\n const handleLogout = async () => {\r\n localStorage.clear(); // TO CLEAR ORGANIZATION SETTED WITH REDUX-PERSIST\r\n await instance.logout({\r\n authority: process.env.REACT_APP_AZURE_BASE_URL,\r\n postLogoutRedirectUri: `/`,\r\n });\r\n };\r\n return (\r\n \r\n )\r\n}\r\n\r\nexport default LogoutButton","import { useState, useEffect, useCallback, ReactNode } from 'react'\r\nimport { Location, useLocation } from 'react-router-dom';\r\nimport { useDispatch, useSelector } from \"react-redux\";\r\nimport { CircularProgress, Stack, Typography } from '@mui/material';\r\nimport { useMsal } from '@azure/msal-react'\r\n\r\nimport { AppDispatch, RootState } from '../../store/store';\r\nimport { fetchOrganizationData, fetchOrganizations, setCurrentOrganization } from '../../store/organization/organization-slice';\r\nimport { fetchUserData } from '../../store/user/user-slice';\r\nimport { fetchUserCenters } from '../../store/center/center-slice';\r\nimport { api } from '../../utils/api';\r\nimport { CONFIG_CTO } from '../../data/config.CTO';\r\nimport { CONFIG_API } from '../../data/config.API';\r\nimport { AccountType } from '../../models/UserModel';\r\nimport { APIResponseModel } from '../../models/ApiResponseModel';\r\nimport { AxiosResponse } from 'axios';\r\nimport isSuperAdministrator from '../../utils/authorization/isSuperAdministrator';\r\nimport useAuthCheck from '../../hooks/authorization/useAuthCheck';\r\nimport ErrorUnauthorized from \"../../assets/images/icons/unauthorized.png\";\r\nimport CTonlineLogo from \"../../assets/images/ctonline-small-logo.png\";\r\n\r\nimport CustomModal from './CustomModal';\r\nimport OrganizationForm from './OrganizationForm';\r\nimport OrganizationSelector from './OrganizationSelector';\r\nimport ErrorDisplay from './ErrorDisplay';\r\nimport LogoutButton from '../common/LogoutButton';\r\nimport ConnectCheck from '../../pages/connect/ConnectCheck';\r\nimport ListSelector from './ListSelector';\r\n\r\ntype Props = {\r\n children: ReactNode\r\n}\r\n\r\nconst AuthenticationPage = ({ children }: Props) => {\r\n\r\n useAuthCheck()\r\n const { inProgress, accounts, instance } = useMsal();\r\n const dispatch: AppDispatch = useDispatch();\r\n const location: Location = useLocation();\r\n\r\n const [isUserAdministrator, setIsUserAdministrator] = useState(undefined)\r\n const [showOrganizationSelectorModal, setShowOrganizationSelectorModal] = useState(true)\r\n const [showAdminOrganizationModal, setShowAdminOrganizationModal] = useState(false)\r\n const organizationState = useSelector((store: RootState) => store.ORGANIZATION);\r\n const userState = useSelector((store: RootState) => store.USER);\r\n const centerState = useSelector((store: RootState) => store.CENTER)\r\n const isLoading = {\r\n organizationState: useSelector((store: RootState) => store.ORGANIZATION.loading),\r\n userState: useSelector((store: RootState) => store.USER.loading),\r\n centerState: useSelector((store: RootState) => store.CENTER.loading)\r\n }\r\n let isError: null | { organizationState: null | string, userState: null | string, centerState: null | string } =\r\n {\r\n organizationState: useSelector((store: RootState) => store.ORGANIZATION.error),\r\n userState: useSelector((store: RootState) => store.USER.error),\r\n centerState: useSelector((store: RootState) => store.CENTER.error)\r\n }\r\n\r\n const handleLogout = async () => {\r\n localStorage.clear(); // TO CLEAR ORGANIZATION SETTED WITH REDUX-PERSIST\r\n await instance.logout({\r\n authority: process.env.REACT_APP_AZURE_BASE_URL,\r\n postLogoutRedirectUri: `/`,\r\n });\r\n };\r\n\r\n // GET USER'S INFORMATION FROM ORGANIZATION PID & EXTERNAL USER ID\r\n const getUserData = useCallback(async () => {\r\n if (organizationState.currentOrganization?.pid) {\r\n dispatch(fetchUserData(organizationState.currentOrganization?.pid, accounts[0]?.idTokenClaims?.sub))\r\n }\r\n }, [dispatch, accounts, organizationState])\r\n\r\n // GET OPEN USER'S CENTERS\r\n const getUserCenters = useCallback(async (accountType: AccountType, externalUserId: string) => {\r\n if (organizationState.currentOrganization) {\r\n await dispatch(fetchUserCenters(organizationState.currentOrganization?.pid, accountType, externalUserId))\r\n }\r\n }, [dispatch, organizationState.currentOrganization])\r\n\r\n // GET USER'S ORGANIZATION FROM EXTERNAL USER ID (AZURE)\r\n const getData = useCallback(async () => {\r\n if (accounts[0] && isUserAdministrator === undefined) {\r\n setIsUserAdministrator(await isSuperAdministrator(accounts[0]?.idTokenClaims?.sub));\r\n }\r\n if (isUserAdministrator === false) {\r\n await dispatch(fetchOrganizations(accounts[0]?.idTokenClaims?.sub));\r\n } else if (isUserAdministrator === true && !organizationState.currentOrganization) {\r\n // Checks for organizationPid in URL parameters in case of redirection\r\n const params = new URLSearchParams(window.location.search);\r\n const URLOrganizationPid = params.get('organizationPid');\r\n if (URLOrganizationPid) {\r\n dispatch(fetchOrganizationData(URLOrganizationPid)) // If coming from a redirection, set the organization to avoid declaring it a second time (as the organization is reset before redirection)\r\n } else {\r\n setShowAdminOrganizationModal(true)\r\n }\r\n }\r\n }, [dispatch, isUserAdministrator])\r\n\r\n const handleEarlyAccess = async () => {\r\n const currentUrl = window.location.origin;\r\n if (currentUrl.includes(\"localhost\")) return;\r\n\r\n // Check if user has to be redirected to early acess URL (if an early access is currently accessible) or to standard URL\r\n try {\r\n const headResponse = await api.head(`${CONFIG_API.CTONLINE_ADMINISTRATION}/SoftwareVersion/IsEarlyAccessAvailable`);\r\n const isEarlyAccessAvailable = headResponse.status === 200; // or headResponse.status !== 404 depending on API behavior\r\n const { data: { item: hasOrganizationEarlyAccess } } = await api.get(`${CONFIG_API.CTONLINE_ADMINISTRATION}/${CONFIG_API.ORGANIZATION}/${organizationState.currentOrganization?.pid}/HasEarlyAccess`);\r\n\r\n const currentOrganizationPid = `&organizationPid=${organizationState.currentOrganization?.pid}`;\r\n const userIdToken = `?userPid=${accounts[0].idTokenClaims?.sub}${currentOrganizationPid}`;\r\n const targetUrl = isEarlyAccessAvailable && hasOrganizationEarlyAccess ? process.env.REACT_APP_WEB_EARLYACCESS_BASE_URL : process.env.REACT_APP_WEB_BASE_URL;\r\n\r\n if ((isEarlyAccessAvailable && hasOrganizationEarlyAccess && currentUrl !== process.env.REACT_APP_WEB_EARLYACCESS_BASE_URL) ||\r\n (!isEarlyAccessAvailable || !hasOrganizationEarlyAccess) && currentUrl === process.env.REACT_APP_WEB_EARLYACCESS_BASE_URL) {\r\n dispatch(setCurrentOrganization(null)); // Reset to avoid redirection loop\r\n window.location.href = targetUrl + userIdToken;\r\n }\r\n } catch (error) {\r\n if (currentUrl === process.env.REACT_APP_WEB_EARLYACCESS_BASE_URL) {\r\n dispatch(setCurrentOrganization(null)); // Reset to avoid redirection loop\r\n window.location.href = process.env.REACT_APP_WEB_BASE_URL + `?userPid=${accounts[0].idTokenClaims?.sub}&organizationPid=${organizationState.currentOrganization?.pid}`;\r\n }\r\n }\r\n }\r\n\r\n\r\n useEffect(() => {\r\n if (userState.currentUser?.accountType && userState.currentUser?.externalUserId) {\r\n getUserCenters(userState.currentUser.accountType, userState.currentUser.externalUserId)\r\n } else {\r\n getUserData()\r\n }\r\n }, [getUserData, getUserCenters, showAdminOrganizationModal, organizationState, userState.currentUser])\r\n\r\n useEffect(() => {\r\n // After redirection, check if still the same user : if not, logout.\r\n const params = new URLSearchParams(window.location.search);\r\n const redirectedUserPid = params.get('userPid')\r\n if (redirectedUserPid && accounts[0] && redirectedUserPid !== accounts[0].idTokenClaims?.sub) {\r\n handleLogout();\r\n }\r\n getData();\r\n }, [getData])\r\n\r\n useEffect(() => {\r\n const params = new URLSearchParams(window.location.search);\r\n const URLOrganizationPid = params.get('organizationPid');\r\n if (URLOrganizationPid) {\r\n dispatch(setCurrentOrganization(null))\r\n }\r\n if (organizationState && organizationState.currentOrganization === null) {\r\n if (URLOrganizationPid) {\r\n dispatch(fetchOrganizationData(URLOrganizationPid)) // If coming from a redirection, set the organization to avoid declaring it a second time (as the organization is reset before redirection)\r\n } else {\r\n if (organizationState.userOrganizations && organizationState.userOrganizations?.length > 1) {\r\n setShowOrganizationSelectorModal(true)\r\n } else {\r\n if (isUserAdministrator) {\r\n setShowAdminOrganizationModal(true)\r\n }\r\n }\r\n }\r\n } else {\r\n organizationState.currentOrganization && handleEarlyAccess()\r\n }\r\n }, [organizationState.currentOrganization])\r\n\r\n return (\r\n // If the path is \"connect-login\", render ConnectCheck Component\r\n location.pathname === `/${CONFIG_CTO.CONNECT_CHECK_PATH}` ? (\r\n \r\n ) : (\r\n accounts && accounts.length > 0 && inProgress === \"none\" ? (\r\n <>\r\n {/* IF USER IS SUPERADMIN : SHOW ORGANIZATION TEXT INPUT MODAL */}\r\n \r\n \r\n \r\n {/* IF USER HAS SEVERAL ORGANIZATIONS : SHOW SELECT ORGANIZATION MODAL */}\r\n {!organizationState.currentOrganization && organizationState.userOrganizations && organizationState.userOrganizations.length > 1 && (\r\n \r\n \r\n \r\n )}\r\n {/* IF USER HAS SEVERAL PROFILES : SHOW SELECT PROFILE MODAL */}\r\n {!userState.currentUser && userState.usersList && userState.usersList.length > 1 && (\r\n \r\n \r\n \r\n \r\n )}\r\n {/* ONCE AN ORGANIZATION IS SETTED, SHOW APP CONTENT IF USER ISN'T LIMITED*/}\r\n {organizationState.currentOrganization && userState.currentUser && centerState.organizationCenters ? (\r\n organizationState.currentOrganization.isCTonlineLimited && userState.currentUser.accountType !== CONFIG_API.ADMIN ? (\r\n \r\n \r\n 
\r\n \r\n Vous n'êtes pas autorisé à accéder à CTonline.
\r\n Veuillez vous connecter avec un compte administrateur.\r\n \r\n \r\n \r\n \r\n ) : (\r\n children\r\n )\r\n ) : (!isLoading.organizationState && isError.organizationState !== null && JSON.stringify(isError.organizationState) !== '{}') || (!isLoading.userState && isError.userState !== null && JSON.stringify(isError.userState) !== '{}') || (!isLoading.centerState && isError.centerState !== null && JSON.stringify(isError.centerState) !== '{}') ? (\r\n <>\r\n {console.error(isError)}\r\n \r\n \r\n 
\r\n \r\n \r\n \r\n \r\n ) : isLoading.organizationState || isLoading.userState || isLoading.centerState ? (\r\n \r\n \r\n \r\n Chargement des données...\r\n \r\n \r\n \r\n ) : (\r\n null\r\n )}\r\n \r\n ) : (null)\r\n )\r\n )\r\n}\r\n\r\nexport default AuthenticationPage","import { ReactNode } from \"react\"\r\nimport { Grow, Modal, Paper, Stack } from \"@mui/material\";\r\n\r\nimport CTonlineLogo from \"../../assets/images/ctonline-small-logo.png\";\r\n\r\ntype Props = {\r\n open: boolean,\r\n showLogo?: boolean,\r\n width?: { xs: string | number, sm: string | number }\r\n height?: string | number\r\n gap?: string | number\r\n padding?: string | number\r\n children: ReactNode,\r\n}\r\n\r\nconst CustomModal = ({ children, open, showLogo = true, gap = 3, padding = 0, width = { xs: \"20rem\", sm: \"30rem\" }, height = \"15rem\" }: Props) => {\r\n\r\n return (\r\n \r\n \r\n \r\n \r\n {showLogo && (\r\n \r\n )}\r\n {children}\r\n \r\n \r\n \r\n )\r\n}\r\n\r\nexport default CustomModal","import { Stack } from \"@mui/material\";\r\n\r\nimport ErrorDisplay from \"./ErrorDisplay\";\r\n\r\nconst Error404 = () => {\r\n\r\n return (\r\n \r\n \r\n \r\n )\r\n}\r\n\r\nexport default Error404","import { Stack, Typography } from '@mui/material'\r\n\r\nimport ErrorScreenIcon from \"../../assets/images/icons/error-screen.png\";\r\nimport ErrorCrossIcon from \"../../assets/images/icons/error-cross.png\";\r\nimport ErrorUnauthorized from \"../../assets/images/icons/unauthorized.png\";\r\nimport LogoutButton from '../common/LogoutButton';\r\n\r\n\r\ntype Props = {\r\n variant?: \"error\" | \"forbidden\" | \"unknown\" | \"iframeDisplay\",\r\n showLogoutButton?: boolean\r\n displayMessage?: string\r\n displayName?: string,\r\n}\r\n\r\nconst ErrorDisplay = ({ variant = \"error\", showLogoutButton = false, displayMessage = \"Une erreur est survenue.\", displayName = \"le contenu de la page\" }: Props) => {\r\n\r\n let icon: string = \"\";\r\n let message: string = displayMessage;\r\n let alt: string = \"\";\r\n\r\n switch (variant) {\r\n case \"forbidden\":\r\n icon = ErrorUnauthorized;\r\n message = \"Vous n'êtes pas autorisé à accéder à cette page.\";\r\n alt = \"Accès Interdit\";\r\n break;\r\n case \"unknown\":\r\n icon = ErrorScreenIcon;\r\n message = \"Oups, cette page n'existe pas.\";\r\n alt = \"Page Introuvable\";\r\n break;\r\n case \"iframeDisplay\":\r\n icon = ErrorScreenIcon;\r\n message = `Impossible d'afficher ${displayName}.`;\r\n alt = \"Erreur d'Affichage\";\r\n break;\r\n default:\r\n icon = ErrorCrossIcon;\r\n alt = \"Erreur\";\r\n break;\r\n }\r\n\r\n return (\r\n \r\n 
\r\n {message}\r\n {showLogoutButton && (\r\n \r\n )}\r\n \r\n )\r\n}\r\n\r\nexport default ErrorDisplay","import { Stack, Typography } from \"@mui/material\";\r\nimport { useSelector } from \"react-redux\";\r\nimport { Location, NavigateFunction, useLocation, useNavigate } from \"react-router-dom\";\r\n\r\nimport { RootState } from \"../../store/store\";\r\nimport { CONFIG_CTO } from \"../../data/config.CTO\"\r\nimport { UserModel } from \"../../models/UserModel\";\r\nimport CTonlineLogo from \"../../assets/images/ctonline-circle-logo.png\";\r\n\r\nimport ProfileMenu from \"../auth/ProfileMenu\";\r\nimport NavMenu from \"./NavMenu\";\r\nimport SettingsList from \"./SettingsList\";\r\n\r\nexport interface HeaderProps {\r\n showDrawer: boolean,\r\n setShowDrawer: React.Dispatch>,\r\n setShowModal?: React.Dispatch>,\r\n marginRight?: string | number,\r\n unreadNewsNumber: number\r\n}\r\n\r\nconst Header = ({ showDrawer, unreadNewsNumber, setShowDrawer, setShowModal, marginRight }: HeaderProps) => {\r\n\r\n const location: Location = useLocation();\r\n const navigate: NavigateFunction = useNavigate()\r\n let titlePage: string | undefined;\r\n\r\n const currentUserState: UserModel | undefined = useSelector((store: RootState) => store.USER.currentUser)\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization)\r\n\r\n switch (location.pathname) {\r\n case `/${CONFIG_CTO.CALENDAR_PATH}`:\r\n titlePage = CONFIG_CTO.CALENDAR\r\n break;\r\n case `/${CONFIG_CTO.DASHBOARDS_PATH}`:\r\n titlePage = CONFIG_CTO.DASHBOARDS\r\n break;\r\n case `/${CONFIG_CTO.DOCUMENTS_PATH}`:\r\n titlePage = CONFIG_CTO.DOCUMENTS\r\n break;\r\n case `/${CONFIG_CTO.TOOLS_PATH}`:\r\n titlePage = CONFIG_CTO.TOOLS\r\n break;\r\n case `/${CONFIG_CTO.FLEET_PATH}`:\r\n titlePage = CONFIG_CTO.FLEET\r\n break;\r\n case `/${CONFIG_CTO.CENTER_PATH}`:\r\n titlePage = `Paramètres du centre`\r\n break;\r\n case `/${CONFIG_CTO.ORGANIZATION_PATH}`:\r\n titlePage = `Paramètres`\r\n break;\r\n case `/${CONFIG_CTO.ACCOUNT_PATH}`:\r\n titlePage = `${currentUserState?.firstName} ${currentUserState?.lastName}`\r\n break;\r\n default:\r\n titlePage = \"\"\r\n break;\r\n }\r\n\r\n return (\r\n \r\n \r\n \r\n {!currentOrganizationState?.isCTonlineLimited && (\r\n \r\n )}\r\n navigate('/')} />\r\n \r\n {currentOrganizationState?.name}\r\n / {titlePage}\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n )\r\n}\r\n\r\nexport default Header","import { ReactNode, useState, useEffect } from \"react\"\r\nimport { CircularProgress, Stack, SwipeableDrawer, Typography } from \"@mui/material\";\r\nimport { PublicClientApplication } from '@azure/msal-browser';\r\nimport { MsalProvider } from \"@azure/msal-react\";\r\nimport { useSelector } from \"react-redux\";\r\nimport { FontAwesomeIcon } from \"@fortawesome/react-fontawesome\";\r\nimport { faXmark } from \"@fortawesome/pro-light-svg-icons\";\r\n\r\nimport { RootState } from \"../../store/store\";\r\nimport { CONFIG_API } from \"../../data/config.API\";\r\nimport useWindowWidth from \"../../hooks/layout/useWindowWidth\";\r\n\r\nimport Header from './Header'\r\nimport CustomModal from \"./CustomModal\";\r\nimport AuthenticationPage from \"./AuthenticationPage\";\r\nimport NewsContainer from \"../news/NewsContainer\";\r\n\r\ntype Props = {\r\n children: ReactNode,\r\n msalInstance: PublicClientApplication,\r\n}\r\n\r\nconst Layout = ({ children, msalInstance }: Props) => {\r\n\r\n const userState = useSelector((user: RootState) => user.USER.currentUser);\r\n let isDesktop = useWindowWidth();\r\n const [showDrawer, setShowDrawer] = useState(userState?.accountType === CONFIG_API.CLIENT ? false : isDesktop);\r\n const [showModal, setShowModal] = useState(false);\r\n const [unreadNewsNumber, setUnreadNewsNumber] = useState(0);\r\n\r\n const drawerWidth = \"300px\"\r\n\r\n // DISABLE DRAWER ON MOBILE\r\n useEffect(() => {\r\n if (userState !== undefined && userState?.accountType !== CONFIG_API.CLIENT) {\r\n setShowDrawer(isDesktop)\r\n }\r\n }, [isDesktop, userState])\r\n\r\n return (\r\n \r\n \r\n \r\n \r\n setShowDrawer(false)}\r\n onOpen={() => setShowDrawer(true)}\r\n elevation={16}\r\n hideBackdrop={true}\r\n variant=\"persistent\"\r\n sx={{ position: \"relative\" }}\r\n >\r\n \r\n setShowDrawer(false)} sx={{ position: \"absolute\", top: \"0\", left: 250, marginTop: \"1rem\", marginLeft: \"1rem\", zIndex: 999 }} >\r\n \r\n \r\n \r\n \r\n \r\n \r\n {children}\r\n \r\n \r\n \r\n \r\n \r\n Déconnexion en cours...\r\n \r\n \r\n )\r\n}\r\n\r\nexport default Layout","import { useDispatch } from \"react-redux\"\r\nimport { NavigateFunction, useNavigate } from \"react-router-dom\"\r\nimport { FormControl, InputLabel, MenuItem, Select, SelectChangeEvent } from \"@mui/material\"\r\n\r\nimport { AppDispatch } from \"../../store/store\"\r\nimport { CenterModel } from \"../../models/CenterModel\"\r\nimport { UserModel } from \"../../models/UserModel\"\r\nimport { CONFIG_CTO } from \"../../data/config.CTO\"\r\nimport { selectCurrentUser } from \"../../store/user/user-slice\"\r\n\r\ninterface Props- {\r\n variant: \"centerSelect\" | \"profileSelect\";\r\n label: string;\r\n arrayList: Item[];\r\n}\r\n\r\nconst renderMenuItem = (item: CenterModel | UserModel, variant: string) => {\r\n // Use a type assertion to inform TypeScript about the type of the item\r\n if (variant === \"centerSelect\") {\r\n return (\r\n \r\n );\r\n }\r\n if (variant === \"profileSelect\") {\r\n return (\r\n \r\n );\r\n }\r\n};\r\n\r\nconst ListSelector = ({ arrayList, variant, label }: Props) => {\r\n\r\n const navigate: NavigateFunction = useNavigate()\r\n const dispatch: AppDispatch = useDispatch()\r\n\r\n const handleChange = (event: SelectChangeEvent) => {\r\n if (variant === \"centerSelect\") {\r\n navigate(`/${CONFIG_CTO.CENTER_PATH}`, { state: event.target.value })\r\n } else if (variant === \"profileSelect\") {\r\n dispatch(selectCurrentUser(event.target.value, arrayList))\r\n }\r\n }\r\n\r\n return (\r\n \r\n {label}\r\n \r\n \r\n )\r\n}\r\n\r\nexport default ListSelector","import { useEffect, useMemo } from \"react\";\r\nimport { useSelector } from \"react-redux\";\r\nimport { Stack } from \"@mui/material\"\r\nimport { faBars, faCars, faCalendarDays, faFiles, faChartLine, faWrench, faAward, faQuestion, faBagShopping } from '@fortawesome/pro-light-svg-icons'\r\nimport { FontAwesomeIcon } from \"@fortawesome/react-fontawesome\";\r\n\r\nimport { RootState } from \"../../store/store\";\r\nimport { CONFIG_CTO } from \"../../data/config.CTO\";\r\nimport { CONFIG_API } from \"../../data/config.API\";\r\nimport { MenuItemModel } from \"../common/BasicMenuItem\"\r\nimport useWindowWidth from \"../../hooks/layout/useWindowWidth\";\r\n\r\nimport BasicMenu from \"../common/BasicMenu\"\r\n\r\nconst NavMenu = () => {\r\n\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser);\r\n\r\n const menuItems = useMemo(() => {\r\n let items: MenuItemModel[] = [\r\n {\r\n name: CONFIG_CTO.CALENDAR,\r\n text: CONFIG_CTO.CALENDAR,\r\n icon: faCalendarDays,\r\n navigateTo: \"/\"\r\n },\r\n {\r\n name: CONFIG_CTO.DASHBOARDS,\r\n text: CONFIG_CTO.DASHBOARDS,\r\n icon: faChartLine,\r\n navigateTo: `/${CONFIG_CTO.DASHBOARDS_PATH}`\r\n },\r\n {\r\n name: CONFIG_CTO.QUALITY,\r\n text: CONFIG_CTO.QUALITY,\r\n icon: faAward,\r\n externalLink: \"https://qualite.ctonline.fr/\"\r\n },\r\n {\r\n name: CONFIG_CTO.TOOLS,\r\n text: CONFIG_CTO.TOOLS,\r\n icon: faWrench,\r\n navigateTo: `/${CONFIG_CTO.TOOLS_PATH}`\r\n },\r\n\r\n ]\r\n\r\n // ADD DOCUMENTS NAV TO MENU IF USER HAS ACCESS\r\n if (currentUserState?.hasDocumentAccess) {\r\n items.splice(2, 0,\r\n {\r\n name: CONFIG_CTO.DOCUMENTS,\r\n text: CONFIG_CTO.DOCUMENTS,\r\n icon: faFiles,\r\n navigateTo: `/${CONFIG_CTO.DOCUMENTS_PATH}`\r\n }\r\n )\r\n }\r\n // ADD FLEET IF USER HAS ACCESS\r\n if (currentUserState?.hasVehicleFleetAccess) {\r\n items.splice(-3, 0,\r\n {\r\n name: CONFIG_CTO.FLEET,\r\n text: CONFIG_CTO.FLEET,\r\n icon: faCars,\r\n navigateTo: `/${CONFIG_CTO.FLEET_PATH}`\r\n }\r\n )\r\n }\r\n // REMOVE QUALITY & TOOLS IF USER TYPE = CLIENT\r\n if (currentUserState?.accountType === CONFIG_API.CLIENT) {\r\n for (let i = items.length - 1; i >= 0; i--) {\r\n if (items[i].name === CONFIG_CTO.QUALITY || items[i].name === CONFIG_CTO.TOOLS) {\r\n items.splice(i, 1);\r\n }\r\n }\r\n }\r\n return items;\r\n }, [currentUserState]);\r\n\r\n\r\n // ADD OR REMOVE ITEMS DEPENDING ON SCREEN SIZE\r\n let isDesktop = useWindowWidth();\r\n useEffect(() => {\r\n if (currentUserState?.accountType !== CONFIG_API.CLIENT) {\r\n if (!isDesktop) {\r\n menuItems.push(\r\n {\r\n name: CONFIG_CTO.HELP,\r\n text: CONFIG_CTO.HELP,\r\n icon: faQuestion,\r\n externalLink: \"https://protechnologies.zendesk.com/\"\r\n },\r\n {\r\n name: CONFIG_CTO.SHOP,\r\n text: CONFIG_CTO.SHOP,\r\n icon: faBagShopping,\r\n externalLink: \"https://protechnologies.shop/\"\r\n })\r\n } else {\r\n for (let i = menuItems.length - 1; i >= 0; i--) {\r\n if (menuItems[i].name === CONFIG_CTO.HELP || menuItems[i].name === CONFIG_CTO.SHOP) {\r\n menuItems.splice(i, 1);\r\n }\r\n }\r\n }\r\n }\r\n }, [currentUserState, isDesktop, menuItems])\r\n\r\n return (\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n )\r\n}\r\n\r\nexport default NavMenu","import { useState } from \"react\";\r\nimport { AxiosResponse } from 'axios';\r\nimport { Button, Stack, TextField, Typography } from '@mui/material';\r\nimport { useForm, SubmitHandler } from 'react-hook-form';\r\nimport { useDispatch } from \"react-redux\";\r\n\r\nimport { AppDispatch } from \"../../store/store\";\r\nimport { api } from '../../utils/api';\r\nimport { APIResponseModel } from '../../models/ApiResponseModel';\r\nimport { CONFIG_API } from '../../data/config.API';\r\nimport { fetchOrganizationData } from \"../../store/organization/organization-slice\";\r\n\r\nimport LogoutButton from \"../common/LogoutButton\";\r\n\r\ninterface IFormInput {\r\n organizationCode: string\r\n}\r\n\r\ntype Props = {\r\n setShowModal: React.Dispatch>\r\n}\r\n\r\nconst OrganizationForm = ({ setShowModal }: Props) => {\r\n\r\n const { register, handleSubmit } = useForm();\r\n const [errorValue, setErrorValue] = useState(false);\r\n const dispatch: AppDispatch = useDispatch();\r\n\r\n const onSubmit: SubmitHandler = async (data) => {\r\n\r\n await api.get(`/${CONFIG_API.CTONLINE_ADMINISTRATION}/${CONFIG_API.CENTER}/${CONFIG_API.ORGANIZATION}/${data.organizationCode}/${CONFIG_API.ORGANIZATION_PID}`).then((response: AxiosResponse>) => {\r\n if (response.data.item) {\r\n // To close the select organization modal\r\n dispatch(fetchOrganizationData(response.data.item))\r\n setShowModal(false)\r\n } else {\r\n // To show input error message\r\n setErrorValue(true)\r\n }\r\n })\r\n }\r\n\r\n return (\r\n \r\n \r\n \r\n )\r\n}\r\n\r\nexport default OrganizationForm","import { Grid, Stack, Typography } from '@mui/material'\r\nimport { useDispatch } from 'react-redux'\r\nimport { OrganizationListModel, fetchOrganizationData } from '../../store/organization/organization-slice'\r\nimport { AppDispatch } from '../../store/store'\r\nimport LogoutButton from '../common/LogoutButton'\r\n\r\ntype Props = {\r\n organizationsList: Array\r\n setShowModal: React.Dispatch>\r\n}\r\nconst OrganizationSelector = ({ organizationsList, setShowModal }: Props) => {\r\n\r\n const dispatch: AppDispatch = useDispatch();\r\n\r\n const onClick = (organization: OrganizationListModel) => {\r\n dispatch(fetchOrganizationData(organization.pid));\r\n setShowModal(false)\r\n }\r\n\r\n return (\r\n \r\n Veuillez choisir une organisation\r\n \r\n {organizationsList.map((organization: OrganizationListModel) => (\r\n onClick(organization)}>\r\n \r\n \r\n {organization.name}\r\n \r\n \r\n \r\n ))}\r\n \r\n \r\n \r\n )\r\n}\r\n\r\nexport default OrganizationSelector","import { useState } from 'react';\r\nimport { useSelector } from 'react-redux';\r\nimport { Badge, Divider, Stack, Typography } from '@mui/material';\r\nimport { FontAwesomeIcon } from '@fortawesome/react-fontawesome'\r\nimport { faGear, faQuestion, faBagShopping, faBell, faSitemap, faHouse, faMessageQuestion } from '@fortawesome/pro-light-svg-icons'\r\n\r\nimport { RootState } from '../../store/store';\r\nimport { MenuItemModel } from '../common/BasicMenuItem';\r\nimport { CenterModel } from '../../models/CenterModel';\r\nimport { HeaderProps } from './Header';\r\nimport { CONFIG_API } from '../../data/config.API';\r\nimport { CONFIG_CTO } from '../../data/config.CTO';\r\nimport packageJson from '../../../package.json'\r\n\r\nimport BasicMenu from '../common/BasicMenu';\r\n\r\nconst SettingsList = ({ showDrawer, setShowDrawer, unreadNewsNumber }: HeaderProps) => {\r\n\r\n const [iconsAnimation, setIconsAnimation] = useState<{ [key: string]: boolean }>({\r\n faGearIcon: false,\r\n faQuestionIcon: false,\r\n faBagShoppingIcon: false,\r\n faBellIcon: false,\r\n });\r\n\r\n const toggleIconAnimation = (iconName: string, isAnimated: boolean) => {\r\n setIconsAnimation({ ...iconsAnimation, [iconName]: isAnimated });\r\n }\r\n\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser);\r\n const centersList = useSelector((store: RootState) => store.CENTER.organizationCenters);\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization);\r\n\r\n const settingMenuItems: MenuItemModel[] = []\r\n\r\n // Add \"organization parameters\" to menu if they have access to price or customer settings\r\n if (currentUserState?.hasPriceSettingsAccess || currentUserState?.hasCustomerSettingsAccess) {\r\n settingMenuItems.push({\r\n name: \"organizationParameters\",\r\n text: currentOrganizationState?.name ?? \"\",\r\n icon: faSitemap,\r\n navigateTo: (`/${CONFIG_CTO.ORGANIZATION_PATH}`)\r\n })\r\n }\r\n // If the current user is not restricted and has access to center settings, add the specific 'center parameter' item to the menu for each center that is neither closed nor limited\r\n if (!currentUserState?.isCTonlineLimited && currentUserState?.hasCenterSettingsAccess) {\r\n centersList?.forEach((center: CenterModel) => {\r\n !center.isClosed && !center.isLimited && (\r\n settingMenuItems.push({\r\n name: center.centerCode,\r\n text: center.name,\r\n icon: faHouse,\r\n navigateTo: (`/${CONFIG_CTO.CENTER_PATH}`),\r\n locationState: center.centerId\r\n })\r\n )\r\n })\r\n }\r\n\r\n const helpMenuItems: MenuItemModel[] = [\r\n {\r\n name: \"Aide\",\r\n text: \"Centre d'aide\",\r\n icon: faMessageQuestion,\r\n externalLink: \"https://protechnologies.zendesk.com/\"\r\n }\r\n ]\r\n\r\n return (\r\n <>\r\n {currentUserState?.accountType !== CONFIG_API.CLIENT ? (\r\n \r\n {(currentUserState?.hasCenterSettingsAccess || currentUserState?.hasCustomerSettingsAccess || currentUserState?.hasPriceSettingsAccess) && (\r\n \r\n toggleIconAnimation(\"faGearIcon\", true)} onMouseLeave={() => toggleIconAnimation(\"faGearIcon\", false)} />\r\n \r\n )}\r\n \r\n \r\n \r\n Version {packageJson.version}\r\n }\r\n isIcon\r\n >\r\n toggleIconAnimation(\"faQuestionIcon\", true)} onMouseLeave={() => toggleIconAnimation(\"faQuestionIcon\", false)} />\r\n \r\n \r\n toggleIconAnimation(\"faBagShoppingIcon\", true)} onMouseLeave={() => toggleIconAnimation(\"faBagShoppingIcon\", false)} />\r\n \r\n \r\n toggleIconAnimation(\"faBellIcon\", true)} onMouseLeave={() => toggleIconAnimation(\"faBellIcon\", false)} onClick={() => setShowDrawer(!showDrawer)} />\r\n \r\n \r\n \r\n ) : null}\r\n \r\n )\r\n\r\n}\r\n\r\nexport default SettingsList","import { useState } from \"react\";\r\nimport { useSelector, useDispatch } from \"react-redux\";\r\nimport { faXmark } from '@fortawesome/pro-light-svg-icons'\r\nimport { FontAwesomeIcon } from '@fortawesome/react-fontawesome'\r\nimport { Button, Checkbox, FormControl, FormControlLabel, Paper, Stack, Typography } from '@mui/material'\r\n\r\nimport { AppDispatch, RootState } from \"../../store/store\";\r\nimport { AllNewsModel } from '../../models/NewsModel'\r\nimport { hideMessage, updateReadStatus } from \"../../store/news/news-slice\";\r\nimport useDateFormat from '../../hooks/common/useDateFormat'\r\nimport CTonlineLogo from \"../../assets/images/ctonline-small-logo.png\";\r\n\r\n\r\ninterface Props {\r\n message: AllNewsModel,\r\n icon: string,\r\n iconSize: string,\r\n iconTitle: string,\r\n setShowModal: React.Dispatch>,\r\n}\r\n\r\nconst MessageModal = ({ message, icon, iconTitle, iconSize, setShowModal }: Props) => {\r\n\r\n const [checked, setChecked] = useState();\r\n const dispatch: AppDispatch = useDispatch();\r\n\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser);\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization);\r\n\r\n const handleChange = (event: React.ChangeEvent) => {\r\n setChecked(event.target.checked);\r\n }\r\n\r\n const onValidate = () => {\r\n if (checked !== undefined && message.hideMessage !== checked) {\r\n if (currentOrganizationState && currentUserState) {\r\n dispatch(hideMessage(currentOrganizationState.pid, currentUserState.accountType, currentUserState.externalUserId, message.id, checked))\r\n }\r\n }\r\n closeModal();\r\n }\r\n\r\n const closeModal = () => {\r\n if (currentOrganizationState && currentUserState && !message.isMessageRead) {\r\n dispatch(updateReadStatus(currentOrganizationState.pid, currentUserState.accountType, currentUserState.externalUserId, message.id, \"message\"))\r\n }\r\n setShowModal(false)\r\n }\r\n\r\n return (\r\n \r\n \r\n closeModal()} />\r\n \r\n \r\n \r\n \r\n \r\n Envoyé le {useDateFormat(message.sendDate)}\r\n \r\n \r\n {message.text}\r\n \r\n \r\n \r\n \r\n }\r\n />\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n )\r\n}\r\n\r\nexport default MessageModal","import { useState } from \"react\";\r\nimport { useSelector, useDispatch } from \"react-redux\";\r\nimport { Typography, Card, CardMedia, CardContent, Stack, Modal, Badge } from \"@mui/material\";\r\n\r\nimport { AppDispatch, RootState } from \"../../store/store\";\r\nimport useDateFormat from \"../../hooks/common/useDateFormat\";\r\nimport { AllNewsModel } from '../../models/NewsModel'\r\nimport { updateReadStatus } from \"../../store/news/news-slice\";\r\nimport fileLinesIcon from \"../../assets/images/icons/file-lines-light.svg\"\r\nimport fileEuroIcon from \"../../assets/images/icons/file-invoice-euro-light.svg\"\r\nimport circuleUpIcon from \"../../assets/images/icons/circle-up-light.svg\"\r\nimport foxyIcon from \"../../assets/images/icons/foxy-logo.svg\"\r\n\r\nimport MessageModal from \"./MessageModal\";\r\n\r\ninterface Props {\r\n element: AllNewsModel;\r\n}\r\n\r\nconst NewsCard = ({ element }: Props) => {\r\n\r\n const dispatch: AppDispatch = useDispatch();\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser);\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization);\r\n const [showMessageModal, setShowMessageModal] = useState(false);\r\n const [isElementRead, setIsElementRead] = useState(element.readDate ? true : false);\r\n const convertedSendDate: string = useDateFormat(element.sendDate)\r\n let messageIcon = fileLinesIcon;\r\n let iconSize = \"16rem\"\r\n let iconTitle = \"Icone\"\r\n\r\n switch (element.type) {\r\n case 2:\r\n messageIcon = circuleUpIcon\r\n iconTitle = \"Mise à jour\"\r\n break;\r\n case 3:\r\n messageIcon = fileEuroIcon\r\n iconTitle = \"Facture\"\r\n break;\r\n case 5:\r\n messageIcon = foxyIcon\r\n iconSize = \"55rem\"\r\n iconTitle = \"Mon contrôle technique\"\r\n break;\r\n default:\r\n messageIcon = fileLinesIcon\r\n break;\r\n }\r\n\r\n const onClick = () => {\r\n setIsElementRead(true);\r\n if (currentOrganizationState && currentUserState) {\r\n // NEWS CASE\r\n if (element.urlLink) {\r\n if (!element.readDate) {\r\n dispatch(updateReadStatus(currentOrganizationState.pid, currentUserState.accountType, currentUserState.externalUserId, element.id, \"news\"))\r\n }\r\n window.open(\r\n element.urlLink,\r\n '_blank',\r\n 'noopener,noreferrer'\r\n );\r\n // MESSAGE CASE\r\n } else if (element.type) {\r\n setShowMessageModal(true);\r\n }\r\n }\r\n }\r\n\r\n return (\r\n <>\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n {element.imageLink &&\r\n \r\n
\r\n \r\n }\r\n \r\n \r\n \r\n {element.title}\r\n {element.type && (\r\n 
\r\n )}\r\n {element.type !== 5 ? (\r\n \r\n {convertedSendDate}\r\n \r\n ) : null}\r\n \r\n \r\n {element.text.length > 70 && element.type !== 5 ? (\r\n `${element.text.substring(0, element.text.lastIndexOf(' ', 70))}...`\r\n ) : (\r\n element.text\r\n )}\r\n \r\n \r\n \r\n \r\n \r\n \r\n )\r\n}\r\n\r\nexport default NewsCard","import { useState, useCallback, useEffect } from \"react\";\r\nimport { useDispatch, useSelector } from \"react-redux\";\r\nimport { Skeleton, Stack, Typography } from \"@mui/material\";\r\nimport { FontAwesomeIcon } from \"@fortawesome/react-fontawesome\";\r\nimport { faMessageLines } from \"@fortawesome/pro-light-svg-icons\"\r\n\r\nimport { AppDispatch, RootState } from \"../../store/store\";\r\nimport { fetchAllNews } from \"../../store/news/news-slice\";\r\nimport { AllNewsModel, MessageModel, NewsModel } from \"../../models/NewsModel\";\r\n\r\nimport NewsCard from \"./NewsCard\";\r\n\r\ninterface Props {\r\n showNews: boolean,\r\n setUnreadNewsNumber?: React.Dispatch>\r\n}\r\n\r\nconst NewsContainer = ({ showNews, setUnreadNewsNumber }: Props) => {\r\n\r\n const dispatch: AppDispatch = useDispatch()\r\n\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser);\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization);\r\n const skeletonList = Array.from(Array(6).keys())\r\n\r\n const loadNews = useCallback(() => {\r\n if (currentUserState && currentOrganizationState) {\r\n dispatch(fetchAllNews(currentOrganizationState.pid, currentUserState.accountType, currentUserState.externalUserId))\r\n }\r\n }, [currentUserState, currentOrganizationState, dispatch])\r\n\r\n const newsList = useSelector((store: RootState) => store.NEWS.newsList)\r\n const messagesList = useSelector((store: RootState) => store.NEWS.messagesList)\r\n const isLoading = useSelector((store: RootState) => store.NEWS.loading)\r\n const [allNews, setAllNews] = useState([]);\r\n\r\n useEffect(() => {\r\n if (newsList && messagesList) {\r\n // The first 3 news from newsList\r\n const lastThreeNews: NewsModel[] = newsList.slice(0, 3);\r\n\r\n // Date from a month ago\r\n const oneMonthAgo = new Date();\r\n oneMonthAgo.setMonth(oneMonthAgo.getMonth() - 1);\r\n\r\n // Filter all messages based on date and the hideMessage flag\r\n let messages: MessageModel[] = messagesList\r\n .filter((message: MessageModel) =>\r\n new Date(message.sendDate) > oneMonthAgo &&\r\n !message.hideMessage\r\n );\r\n\r\n // Find the latest message of type \"5\"\r\n const lastTypeFive: MessageModel[] = messages.filter((message: MessageModel) => message.type === 5)\r\n\r\n // Remove all messages of type \"5\" (\"Summary\") from the initial messages array\r\n messages = messages.filter((message: MessageModel) => message.type !== 5);\r\n\r\n // Add the latest message of type \"5\" (\"Summary\") to the messages\r\n if (lastTypeFive.length) messages.push(lastTypeFive[0]);\r\n\r\n // Merge all arrays\r\n const combinedNews: AllNewsModel[] = [...lastThreeNews, ...messages];\r\n\r\n // Sort the array in reverse chronological order\r\n combinedNews.sort((a, b) => new Date(b.sendDate).getTime() - new Date(a.sendDate).getTime());\r\n\r\n setAllNews(combinedNews);\r\n }\r\n }, [newsList, messagesList]); // This function will be executed every time newsList or messagesList changes.\r\n\r\n\r\n useEffect(() => {\r\n // SET NOTIFICATION BADGE IF THERE IS AT LEAST ONE UNREAD NEWS\r\n if (allNews && setUnreadNewsNumber) {\r\n let unreadNews = allNews.filter((element) => element.readDate === null);\r\n setUnreadNewsNumber(unreadNews.length)\r\n }\r\n }, [allNews, setUnreadNewsNumber])\r\n\r\n useEffect(() => {\r\n if (showNews) {\r\n loadNews()\r\n }\r\n }, [loadNews, showNews])\r\n\r\n return (\r\n \r\n \r\n \r\n \r\n Actualités\r\n \r\n \r\n {\r\n !isLoading ? (\r\n allNews && allNews?.length > 0 ? (\r\n allNews.map((element) => (\r\n \r\n ))\r\n ) : (\r\n \r\n Aucune actualité à afficher\r\n \r\n )\r\n ) : (\r\n \r\n Chargement des actualités...\r\n {skeletonList.map((number) => (\r\n \r\n \r\n )\r\n )}\r\n \r\n )\r\n }\r\n \r\n )\r\n}\r\n\r\nexport default NewsContainer","export const CONFIG_API = {\r\n CTONLINE: \"CTOnline\",\r\n CTONLINE_ADMINISTRATION: \"CTonlineAdministration\",\r\n CTONLINE_CONNECT: \"CTonlineConnect\",\r\n ORGANIZATION: \"Organization\",\r\n CENTER: \"Center\",\r\n ACCOUNT: \"Account\",\r\n ADMIN: \"Admin\",\r\n USER: \"User\",\r\n CLIENT: \"Client\",\r\n LOGIN: \"login\",\r\n ORGANIZATION_PID: \"organizationPid\",\r\n EXTERNAL_ACCOUNT: \"ExternalAccount\",\r\n EXTERNAL_USER_ID: \"ExternalUserId\",\r\n PROFILE: \"Profile\",\r\n PASSWORD: \"password\",\r\n MAIL: \"mail\",\r\n NEWS: \"News\",\r\n MESSAGE: \"Message\",\r\n VL: \"VL\",\r\n PL: \"PL\",\r\n VL_PL: \"VL|PL\"\r\n}","export const CONFIG_CTO = {\r\n CALENDAR: \"Agenda\",\r\n DASHBOARDS: \"Tableaux de bord\",\r\n DOCUMENTS: \"Documents\",\r\n QUALITY: \"Qualité\",\r\n TOOLS: \"Outils\",\r\n FLEET: \"Flotte\",\r\n MY_ACCOUNT: \"Mon compte\",\r\n CHANGE_ORGANIZATION: \"Changer d'organisation\",\r\n CHANGE_PROFILE: \"Changer de profil client\",\r\n SHOP: \"Boutique\",\r\n HELP: \"Aide\",\r\n LOGOUT: \"Déconnexion\",\r\n // PATHS\r\n CALENDAR_PATH: \"calendar\",\r\n DASHBOARDS_PATH: \"dashboards\",\r\n DOCUMENTS_PATH: \"documents\",\r\n TOOLS_PATH: \"tools\",\r\n FLEET_PATH: \"fleet\",\r\n ACCOUNT_PATH: \"account\",\r\n ORGANIZATION_PATH: \"organization\",\r\n CENTER_PATH: \"center\",\r\n CONNECT_CHECK_PATH: \"connect-login\"\r\n}","export const CONFIG_URL = {\r\n ORGANIZATION_CODE: \"organisationCode\",\r\n IS_SUPERADMINISTRATOR: \"isProtech\",\r\n IS_CTONLINE_LIMITED: \"isLimited\",\r\n USERNAME: \"userName\",\r\n LOGINTYPE: \"loginType\",\r\n TIMESTAMP: \"connexionTimeStamp\",\r\n SIGNATURE: \"signature\",\r\n}","import { useEffect, useCallback } from 'react';\r\nimport { useIsAuthenticated, useMsal } from \"@azure/msal-react\";\r\n\r\nimport { scopes } from '../../utils/msal/msal';\r\n\r\n// Check if user is already logged : if so, user is redirect to the current page, otherwise, he's redirected to Azure.\r\nconst useAuthCheck = (): void => {\r\n\r\n const isAuthenticated: boolean = useIsAuthenticated();\r\n const { instance, inProgress } = useMsal();\r\n\r\n // To fix Typescript undefined process.env error\r\n const filteredScopes: string[] = scopes.filter((scope: string | undefined): scope is string => scope !== undefined);\r\n\r\n const handleSign = useCallback(\r\n async () => {\r\n await instance.loginRedirect({\r\n authority: process.env.REACT_APP_AZURE_BASE_URL,\r\n scopes: filteredScopes\r\n });\r\n }, [instance, filteredScopes])\r\n\r\n useEffect(() => {\r\n const checkLogged = async (): Promise => {\r\n if (inProgress === \"none\" && !isAuthenticated) {\r\n await handleSign();\r\n }\r\n };\r\n checkLogged();\r\n }, [inProgress, isAuthenticated, handleSign]);\r\n\r\n};\r\n\r\nexport default useAuthCheck;","import md5 from \"md5\";\r\n\r\nconst generateSignature = (params: (string | number | boolean | undefined)[]): string => {\r\n // sharedAuthenticationSecretKey\r\n params.push(\r\n \"1DA5C10E792D44F0A970FA147CE8559C6D9AF4B12625C5839C001962E85D170C5F51D310F10007DABBCDF73ED22167363F39C041BB5171073FDBBCAD64BE5512\"\r\n );\r\n\r\n let stringedParams: string = \"\";\r\n params.forEach((param) => {\r\n stringedParams += param\r\n });\r\n\r\n return md5(stringedParams.toUpperCase()).slice(0, -1);\r\n};\r\n\r\nexport default generateSignature;","import { useSelector } from 'react-redux'\r\n\r\nimport { RootState } from '../../store/store';\r\nimport generateSignature from '../../utils/authorization/generateSignature';\r\n\r\nexport interface ParamsModel {\r\n organisationCode: string | undefined;\r\n isProtech: boolean | undefined;\r\n isLimited: boolean | undefined;\r\n userName: string | undefined;\r\n loginType: string;\r\n connexionTimeStamp: number;\r\n signature: string;\r\n}\r\n\r\nconst useIframeParams = () => {\r\n\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser);\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization);\r\n let numberAccountType: string = \"\"\r\n\r\n switch (currentUserState?.accountType) {\r\n case \"Admin\":\r\n numberAccountType = \"1\"\r\n break;\r\n case \"User\":\r\n numberAccountType = \"2\"\r\n break;\r\n default:\r\n numberAccountType = \"3\"\r\n break;\r\n }\r\n\r\n let currentTimeStamp: number = Date.now();\r\n\r\n const params: ParamsModel = {\r\n organisationCode: currentOrganizationState?.code,\r\n isProtech: currentUserState?.isSuperAdministrator,\r\n isLimited: currentOrganizationState?.isCTonlineLimited,\r\n userName: currentUserState?.login,\r\n loginType: numberAccountType,\r\n connexionTimeStamp: currentTimeStamp,\r\n signature: generateSignature([numberAccountType, currentOrganizationState?.code, currentOrganizationState?.isCTonlineLimited, currentUserState?.isSuperAdministrator, currentUserState?.login, currentTimeStamp])\r\n }\r\n\r\n return params;\r\n}\r\n\r\nexport default useIframeParams;","import { useState, useEffect } from 'react';\r\n\r\nconst useDateFormat = (stringedDate: string): string => {\r\n const [formattedDate, setFormattedDate] = useState('');\r\n\r\n useEffect(() => {\r\n // CREATE DATE OBJECT WITH THE DATE PARAMETER\r\n const date = new Date(stringedDate);\r\n\r\n const monthsList: string[] = [\r\n \"janvier\", \"février\", \"mars\", \"avril\", \"mai\", \"juin\", \"juillet\", \"août\", \"septembre\", \"octobre\", \"novembre\", \"décembre\"\r\n ];\r\n\r\n // EXTRACT DAY, MONTH AND YEAR\r\n const day: number = date.getDate();\r\n const month: number = date.getMonth();\r\n const year: number = date.getFullYear();\r\n\r\n // FORMAT DATE IN THE NEW FORMAT\r\n const formattedDate: string = `${day} ${monthsList[month]} ${year}`;\r\n\r\n setFormattedDate(formattedDate);\r\n }, [stringedDate]);\r\n\r\n return formattedDate;\r\n}\r\n\r\nexport default useDateFormat;","import { useState, useEffect } from 'react'\r\n\r\nconst useWindowWidth = () => {\r\n\r\n const [isDesktop, setDesktop] = useState(false);\r\n\r\n useEffect(() => {\r\n if (window.innerWidth > 900) {\r\n setDesktop(true);\r\n } else {\r\n setDesktop(false);\r\n }\r\n\r\n const updateMedia = () => {\r\n if (window.innerWidth > 900) {\r\n setDesktop(true);\r\n } else {\r\n setDesktop(false);\r\n }\r\n };\r\n window.addEventListener('resize', updateMedia);\r\n return () => window.removeEventListener('resize', updateMedia);\r\n }, []);\r\n\r\n return isDesktop;\r\n}\r\n\r\nexport default useWindowWidth","import './index.css';\r\nimport React from 'react';\r\nimport ReactDOM from 'react-dom/client';\r\nimport { BrowserRouter } from 'react-router-dom';\r\nimport customTheme from './utils/customTheme/customTheme';\r\nimport { ThemeProvider } from '@emotion/react';\r\nimport { Provider } from 'react-redux';\r\nimport { PersistGate } from 'redux-persist/integration/react';\r\n\r\nimport { PCA } from './utils/msal/msal';\r\nimport { persistor, store } from './store/store';\r\n\r\nimport App from './App';\r\nimport Layout from './components/layouts/Layout';\r\n\r\nconst root = ReactDOM.createRoot(\r\n document.getElementById('root') as HTMLElement\r\n);\r\nroot.render(\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n);\r\n","import { useSelector } from \"react-redux\";\r\n\r\nimport { CONFIG_CTO } from \"../data/config.CTO\"\r\nimport { RootState } from \"../store/store\";\r\nimport { Stack, Typography } from \"@mui/material\";\r\n\r\nconst Account = () => {\r\n\r\n document.title = CONFIG_CTO.MY_ACCOUNT\r\n\r\n const userState = useSelector((store: RootState) => store.USER);\r\n\r\n return (\r\n \r\n \r\n {userState.currentUser?.firstName} {userState.currentUser?.lastName}\r\n \r\n \r\n )\r\n}\r\n\r\nexport default Account","import { Stack } from \"@mui/material\"\r\nimport { useState, useEffect } from \"react\"\r\nimport { useSelector } from \"react-redux\"\r\n\r\nimport { RootState } from \"../store/store\"\r\nimport useIframeParams, { ParamsModel } from \"../hooks/authorization/useIframeParams\"\r\nimport { CONFIG_CTO } from \"../data/config.CTO\"\r\nimport { CONFIG_URL } from \"../data/config.URL\"\r\n\r\nimport ErrorDisplay from \"../components/layouts/ErrorDisplay\"\r\n\r\nconst Calendar = () => {\r\n document.title = CONFIG_CTO.CALENDAR\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization)\r\n const params: ParamsModel = useIframeParams();\r\n const [iframe, setIframe] = useState(null);\r\n\r\n useEffect(() => {\r\n if (!iframe) {\r\n setIframe(document.getElementById('ctframe') as HTMLIFrameElement)\r\n }\r\n const handleMessage = (event: MessageEvent) => {\r\n if (iframe && event.data) {\r\n if (event.data.type === 'BURGER_MENU_CLICKED') {\r\n iframe.contentWindow?.postMessage('executeOpenMenuMobile', `*`);\r\n }\r\n }\r\n };\r\n window.addEventListener('message', handleMessage);\r\n }, [iframe]);\r\n\r\n return (\r\n \r\n {!currentOrganizationState?.isCTonlineLimited ? (\r\n \r\n ) : (\r\n \r\n )\r\n }\r\n \r\n )\r\n}\r\n\r\nexport default Calendar","import { useSelector } from 'react-redux'\r\nimport { Stack } from '@mui/material'\r\nimport { Location, Navigate, useLocation } from 'react-router-dom'\r\n\r\nimport { RootState } from '../store/store'\r\nimport useIframeParams, { ParamsModel } from \"../hooks/authorization/useIframeParams\"\r\nimport { CONFIG_URL } from \"../data/config.URL\"\r\nimport { CONFIG_CTO } from '../data/config.CTO'\r\n\r\nimport ErrorDisplay from '../components/layouts/ErrorDisplay'\r\nimport CustomModal from '../components/layouts/CustomModal'\r\nimport ListSelector from '../components/layouts/ListSelector'\r\nimport { CenterModel } from '../models/CenterModel'\r\n\r\nconst Center = () => {\r\n\r\n document.title = 'Paramètres du centre'\r\n\r\n const location: Location = useLocation();\r\n\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser)\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization)\r\n const centersList = useSelector((store: RootState) => store.CENTER.organizationCenters)\r\n const params: ParamsModel = useIframeParams()\r\n return (\r\n \r\n {!currentUserState?.hasCenterSettingsAccess || currentOrganizationState?.isCTonlineLimited ? (\r\n \r\n ) : (\r\n location.state ? (\r\n \r\n ) : (\r\n // IF SEVERAL CENTERS: SHOW SELECTOR CENTER MODAL, ELSE PICK AUTOMATICALLY THE ONLY CENTER\r\n centersList && centersList?.length > 1 ? (\r\n \r\n !center.isClosed && !center.isLimited)} label=\"Choisissez un centre\" />\r\n \r\n ) : (\r\n centersList && (\r\n \r\n )\r\n )\r\n )\r\n )\r\n }\r\n \r\n )\r\n}\r\n\r\nexport default Center","import { useSelector } from \"react-redux\"\r\nimport { Stack } from \"@mui/material\"\r\n\r\nimport useIframeParams, { ParamsModel } from \"../hooks/authorization/useIframeParams\"\r\nimport { RootState } from \"../store/store\"\r\nimport { CONFIG_URL } from \"../data/config.URL\"\r\nimport { CONFIG_CTO } from \"../data/config.CTO\"\r\n\r\nimport ErrorDisplay from \"../components/layouts/ErrorDisplay\"\r\n\r\nconst Dashboards = () => {\r\n document.title = CONFIG_CTO.DASHBOARDS\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization)\r\n const params: ParamsModel = useIframeParams();\r\n\r\n return (\r\n \r\n {!currentOrganizationState?.isCTonlineLimited ? (\r\n \r\n ) : (\r\n \r\n )\r\n }\r\n )\r\n}\r\n\r\nexport default Dashboards","import { useSelector } from 'react-redux'\r\nimport { Stack } from '@mui/material'\r\n\r\nimport { RootState } from '../store/store'\r\nimport useIframeParams, { ParamsModel } from \"../hooks/authorization/useIframeParams\"\r\nimport { CONFIG_URL } from \"../data/config.URL\"\r\nimport { CONFIG_CTO } from \"../data/config.CTO\"\r\n\r\nimport ErrorDisplay from \"../components/layouts/ErrorDisplay\"\r\n\r\nconst Documents = () => {\r\n document.title = CONFIG_CTO.DOCUMENTS\r\n\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser)\r\n const params: ParamsModel = useIframeParams()\r\n\r\n return (\r\n \r\n {currentUserState?.hasDocumentAccess ? (\r\n \r\n ) : (\r\n \r\n )}\r\n \r\n )\r\n}\r\n\r\nexport default Documents","import { useSelector } from 'react-redux'\r\nimport { Stack } from '@mui/material'\r\n\r\nimport { RootState } from '../store/store'\r\nimport useIframeParams, { ParamsModel } from \"../hooks/authorization/useIframeParams\"\r\nimport { CONFIG_URL } from \"../data/config.URL\"\r\nimport { CONFIG_CTO } from \"../data/config.CTO\"\r\n\r\nimport ErrorDisplay from \"../components/layouts/ErrorDisplay\"\r\n\r\nconst Fleet = () => {\r\n document.title = CONFIG_CTO.FLEET\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser)\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization)\r\n const params: ParamsModel = useIframeParams()\r\n\r\n return (\r\n \r\n {!currentUserState?.hasVehicleFleetAccess || currentOrganizationState?.isCTonlineLimited ? (\r\n \r\n ) : (\r\n \r\n )\r\n }\r\n \r\n )\r\n}\r\n\r\nexport default Fleet","import { Navigate } from 'react-router-dom'\r\nimport { useSelector } from 'react-redux'\r\n\r\nimport { RootState } from '../store/store'\r\nimport { CONFIG_CTO } from '../data/config.CTO'\r\n\r\nconst Home = () => {\r\n\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization)\r\n\r\n // IF USER IS LIMITED REDIRECT TO DOCUMENTS, ELSE REDIRECT TO CALENDAR\r\n return !currentOrganizationState?.isCTonlineLimited ? (\r\n \r\n ) : (\r\n \r\n )\r\n}\r\n\r\nexport default Home","import { useSelector } from 'react-redux'\r\nimport { Stack } from '@mui/material'\r\n\r\nimport { RootState } from '../store/store'\r\nimport useIframeParams, { ParamsModel } from \"../hooks/authorization/useIframeParams\"\r\nimport { CONFIG_URL } from \"../data/config.URL\"\r\n\r\nimport ErrorDisplay from '../components/layouts/ErrorDisplay'\r\n\r\nconst Organization = () => {\r\n\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser)\r\n const currentOrganization = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization)\r\n const params: ParamsModel = useIframeParams()\r\n document.title = `Paramètres ${currentOrganization ? (currentOrganization.name) : \"généraux\"}`\r\n\r\n return (\r\n \r\n {currentUserState?.hasCustomerSettingsAccess || currentUserState?.hasPriceSettingsAccess ? (\r\n \r\n ) : (\r\n \r\n )}\r\n )\r\n}\r\n\r\nexport default Organization","import { useSelector } from \"react-redux\"\r\nimport { Stack } from \"@mui/material\"\r\n\r\nimport { RootState } from \"../store/store\"\r\nimport useIframeParams, { ParamsModel } from \"../hooks/authorization/useIframeParams\"\r\nimport { CONFIG_URL } from \"../data/config.URL\"\r\nimport { CONFIG_CTO } from \"../data/config.CTO\"\r\nimport { CONFIG_API } from \"../data/config.API\"\r\n\r\nimport ErrorDisplay from \"../components/layouts/ErrorDisplay\"\r\n\r\nconst Tools = () => {\r\n document.title = CONFIG_CTO.TOOLS;\r\n const currentOrganizationState = useSelector((store: RootState) => store.ORGANIZATION.currentOrganization)\r\n const currentUserState = useSelector((store: RootState) => store.USER.currentUser);\r\n const params: ParamsModel = useIframeParams();\r\n\r\n return (\r\n \r\n {currentOrganizationState?.isCTonlineLimited || currentUserState?.accountType === CONFIG_API.CLIENT ? (\r\n \r\n ) : (\r\n \r\n )\r\n }\r\n \r\n )\r\n}\r\n\r\nexport default Tools","/**\r\n * ConnectCheck - This page is accessed from the CTo Connect application. \r\n * If an user is already logged in the APP and signs in with another account in CTo Connect, the first account would be the current account\r\n * To avoid this case, this page compares the Azure ID Token from the current account with the one in URL params (sent from CTo Connect)\r\n * If tokens aren't the same, the user is logout. Otherwise, redirect to the homepage.\r\n */\r\n\r\nimport { useMsal } from \"@azure/msal-react\";\r\nimport { useCallback, useEffect } from \"react\";\r\nimport { NavigateFunction, useNavigate, useSearchParams } from \"react-router-dom\"\r\nimport { CircularProgress, Stack, Typography } from \"@mui/material\";\r\n\r\nimport CustomModal from \"../../components/layouts/CustomModal\";\r\n\r\nconst ConnectCheck = () => {\r\n const { instance, accounts, inProgress } = useMsal()\r\n const navigate: NavigateFunction = useNavigate()\r\n const [searchParams]: [URLSearchParams, Function] = useSearchParams();\r\n\r\n let tokenAzure: string = searchParams.get(\"azure_account\") ?? \"\";\r\n\r\n const handleLogout = useCallback(async () => {\r\n localStorage.clear(); // TO CLEAR ORGANIZATION SETTED WITH REDUX-PERSIST\r\n await instance.logout({\r\n authority: process.env.REACT_APP_AZURE_BASE_URL,\r\n postLogoutRedirectUri: `/`,\r\n });\r\n }, [instance])\r\n\r\n\r\n useEffect(() => {\r\n if (inProgress === \"none\" && accounts[0]) {\r\n if (accounts[0].idTokenClaims?.sub === tokenAzure) {\r\n navigate(\"/\");\r\n } else {\r\n handleLogout()\r\n }\r\n }\r\n }, [inProgress, accounts, handleLogout, navigate, tokenAzure])\r\n\r\n return (\r\n \r\n \r\n \r\n Vérification du compte...\r\n \r\n \r\n )\r\n}\r\n\r\nexport default ConnectCheck","import { AxiosResponse } from \"axios\";\r\nimport { createSlice } from \"@reduxjs/toolkit\";\r\n\r\nimport { api } from \"../../utils/api\";\r\nimport { CONFIG_API } from \"../../data/config.API\";\r\nimport { AppDispatch } from \"../store\";\r\nimport { CenterModel } from \"../../models/CenterModel\";\r\nimport { APIResponsesModel } from \"../../models/ApiResponseModel\";\r\nimport { AccountType } from \"../../models/UserModel\";\r\n\r\nexport interface InitialStateModel {\r\n organizationCenters: CenterModel[] | undefined\r\n loading: boolean;\r\n error: string | null;\r\n}\r\n\r\nconst initialState: InitialStateModel = {\r\n organizationCenters: undefined,\r\n loading: true,\r\n error: null\r\n}\r\n\r\n// SLICE\r\nexport const centerSlice = createSlice({\r\n name: \"centerSlice\",\r\n initialState,\r\n reducers: {\r\n setCenters: (currentSlice, action) => {\r\n currentSlice.organizationCenters = action.payload\r\n },\r\n setLoading: (currentSlice, action) => {\r\n currentSlice.loading = action.payload\r\n },\r\n setError: (currentSlice, action) => {\r\n currentSlice.error = action.payload\r\n }\r\n }\r\n})\r\n\r\nexport const { setCenters, setLoading, setError } = centerSlice.actions;\r\n\r\n// ACTIONS\r\nexport const fetchUserCenters = (organizationPid: string, accountType: AccountType, externalUserId: string) => async (dispatch: AppDispatch) => {\r\n dispatch(setLoading(true));\r\n try {\r\n await api.get(`/${CONFIG_API.CTONLINE}/${CONFIG_API.ORGANIZATION}/${organizationPid}/${CONFIG_API.CENTER}/${accountType}/${CONFIG_API.EXTERNAL_ACCOUNT}/${externalUserId}`).then((response: AxiosResponse>) => {\r\n dispatch(setLoading(false));\r\n if (response.data.items && response.data.items.length > 0) {\r\n dispatch(setCenters(response.data.items));\r\n } else {\r\n dispatch(setError(\"Aucun centre n'est attribué à l'utilisateur.\"))\r\n }\r\n })\r\n } catch (error) {\r\n dispatch(setLoading(false));\r\n dispatch(setError(error));\r\n }\r\n}","import { createSlice } from \"@reduxjs/toolkit\";\r\nimport { AppDispatch } from \"../store\";\r\nimport { AxiosResponse } from \"axios\";\r\n\r\nimport { api } from \"../../utils/api\";\r\nimport { CONFIG_API } from \"../../data/config.API\";\r\nimport { APIResponseModel, APIResponsesModel } from \"../../models/ApiResponseModel\";\r\nimport { MessageModel, NewsModel } from \"../../models/NewsModel\";\r\n\r\nexport interface InitialStateModel {\r\n newsList: NewsModel[] | undefined,\r\n messagesList: MessageModel[] | undefined,\r\n loading: boolean;\r\n error: string | null;\r\n}\r\n\r\nconst initialState: InitialStateModel = {\r\n newsList: undefined,\r\n messagesList: undefined,\r\n loading: true,\r\n error: null\r\n}\r\n\r\n// SLICE\r\nexport const newsSlice = createSlice({\r\n name: \"newsSlice\",\r\n initialState: initialState,\r\n reducers: {\r\n setMessages: (currentSlice, action) => {\r\n currentSlice.messagesList = action.payload\r\n },\r\n updateMessage: (currentSlice, action) => {\r\n let messageToUpdate = currentSlice.messagesList?.find((element) => element.id === action.payload.id)\r\n if (messageToUpdate) {\r\n messageToUpdate = action.payload\r\n }\r\n },\r\n setNews: (currentSlice, action) => {\r\n currentSlice.newsList = action.payload\r\n },\r\n setLoading: (currentSlice, action) => {\r\n currentSlice.loading = action.payload\r\n },\r\n setError: (currentSlice, action) => {\r\n currentSlice.error = action.payload\r\n }\r\n }\r\n});\r\n\r\nexport const { setMessages, updateMessage, setNews, setLoading, setError } = newsSlice.actions;\r\n\r\n// ACTIONS\r\nexport const fetchAllNews = (organizationPid: string, accountType: string, externalUserId: string) => async (dispatch: AppDispatch) => {\r\n dispatch(setLoading(true))\r\n try {\r\n await api.get(`${CONFIG_API.CTONLINE}/${CONFIG_API.ORGANIZATION}/${organizationPid}/${CONFIG_API.NEWS}/${CONFIG_API.ACCOUNT}/${accountType}/${CONFIG_API.EXTERNAL_USER_ID}/${externalUserId}?Ordering=Descending`).then((response: AxiosResponse>) => {\r\n dispatch(setNews(response.data.items));\r\n })\r\n await api.get(`${CONFIG_API.CTONLINE}/${CONFIG_API.ORGANIZATION}/${organizationPid}/${CONFIG_API.MESSAGE}/${CONFIG_API.ACCOUNT}/${accountType}/${CONFIG_API.EXTERNAL_USER_ID}/${externalUserId}?Ordering=Descending`).then((response: AxiosResponse>) => {\r\n dispatch(setLoading(false));\r\n dispatch(setMessages(response.data.items));\r\n })\r\n dispatch(setLoading(false))\r\n } catch (error) {\r\n dispatch(setLoading(false));\r\n dispatch(setError(error));\r\n }\r\n}\r\n\r\nexport const hideMessage = (organizationPid: string, accountType: string, externalUserId: string, messageID: number, isMessageHidden: boolean) => async (dispatch: AppDispatch) => {\r\n try {\r\n await api.put(`${CONFIG_API.CTONLINE}/${CONFIG_API.ORGANIZATION}/${organizationPid}/${CONFIG_API.MESSAGE}/${CONFIG_API.ACCOUNT}/${accountType}/${CONFIG_API.EXTERNAL_USER_ID}/${externalUserId}/${messageID}`, { hideMessage: isMessageHidden }).then((response: AxiosResponse>) => {\r\n dispatch(updateMessage(response.data.item));\r\n dispatch(fetchAllNews(organizationPid, accountType, externalUserId))\r\n })\r\n } catch (error) {\r\n dispatch(setError(error));\r\n }\r\n}\r\n\r\nexport const updateReadStatus = (organizationPid: string, accountType: string, externalUserId: string, elementID: number, type: \"news\" | \"message\") => async (dispatch: AppDispatch) => {\r\n try {\r\n if (type === \"news\") {\r\n await api.put(`${CONFIG_API.CTONLINE}/${CONFIG_API.ORGANIZATION}/${organizationPid}/${CONFIG_API.NEWS}/${CONFIG_API.ACCOUNT}/${accountType}/${CONFIG_API.EXTERNAL_USER_ID}/${externalUserId}/${elementID}`)\r\n } else if (type === \"message\") {\r\n await api.put(`${CONFIG_API.CTONLINE}/${CONFIG_API.ORGANIZATION}/${organizationPid}/${CONFIG_API.MESSAGE}/${CONFIG_API.ACCOUNT}/${accountType}/${CONFIG_API.EXTERNAL_USER_ID}/${externalUserId}/${elementID}`, { isMessageRead: true })\r\n }\r\n dispatch(fetchAllNews(organizationPid, accountType, externalUserId))\r\n } catch (error) {\r\n dispatch(setError(error));\r\n }\r\n}","import { AxiosResponse } from \"axios\";\r\nimport { createSlice } from \"@reduxjs/toolkit\";\r\n\r\nimport { api } from \"../../utils/api\";\r\nimport { CONFIG_API } from \"../../data/config.API\";\r\nimport { AppDispatch } from \"../store\";\r\nimport { OrganizationModel } from \"../../models/OrganizationModel\";\r\nimport { APIResponseModel, APIResponsesModel } from \"../../models/ApiResponseModel\";\r\n\r\nexport interface OrganizationListModel {\r\n code: string,\r\n pid: string,\r\n name: string\r\n}\r\n\r\nexport interface InitialStateModel {\r\n userOrganizations: Array | undefined\r\n currentOrganization: OrganizationModel | undefined | null\r\n loading: boolean;\r\n error: string | null;\r\n}\r\n\r\nconst initialState: InitialStateModel = {\r\n userOrganizations: undefined,\r\n currentOrganization: undefined,\r\n loading: true,\r\n error: null\r\n}\r\n\r\n// SLICE\r\nexport const organizationSlice = createSlice({\r\n name: \"organizationSlice\",\r\n initialState: initialState,\r\n reducers: {\r\n setUserOrganizations: (currentSlice, action) => {\r\n currentSlice.userOrganizations = action.payload\r\n },\r\n setCurrentOrganization: (currentSlice, action) => {\r\n currentSlice.currentOrganization = action.payload\r\n },\r\n setLoading: (currentSlice, action) => {\r\n currentSlice.loading = action.payload\r\n },\r\n setError: (currentSlice, action) => {\r\n currentSlice.error = action.payload\r\n }\r\n }\r\n});\r\n\r\nexport const { setUserOrganizations, setCurrentOrganization, setLoading, setError } = organizationSlice.actions;\r\n\r\n// ACTIONS\r\nexport const fetchOrganizations = (externalUserId?: string) => async (dispatch: AppDispatch) => {\r\n dispatch(setLoading(true));\r\n try {\r\n await api.get(`/${CONFIG_API.CTONLINE_ADMINISTRATION}/${CONFIG_API.USER}/${externalUserId}/${CONFIG_API.ORGANIZATION}`).then((response: AxiosResponse>) => {\r\n dispatch(setLoading(false));\r\n const organizationsNumber = response.data.items.length\r\n if (organizationsNumber === 0) {\r\n dispatch(setError(\"Aucune organisation associée à l'utilisateur\"))\r\n } else if (organizationsNumber === 1) {\r\n dispatch(fetchOrganizationData(response.data.items[0].pid));\r\n } else {\r\n dispatch(setUserOrganizations(response.data.items));\r\n }\r\n })\r\n } catch (error) {\r\n dispatch(setLoading(false));\r\n dispatch(setError(error))\r\n }\r\n}\r\n\r\nexport const fetchOrganizationData = (organizationPid: string) => async (dispatch: AppDispatch) => {\r\n dispatch(setLoading(true));\r\n try {\r\n await api.get(`/${CONFIG_API.CTONLINE}/${CONFIG_API.ORGANIZATION}/${organizationPid}`).then((response: AxiosResponse>) => {\r\n dispatch(setLoading(false));\r\n dispatch(setCurrentOrganization(response.data.item));\r\n })\r\n } catch (error) {\r\n dispatch(setLoading(false));\r\n dispatch(setError(error))\r\n }\r\n}","import { combineReducers, configureStore } from \"@reduxjs/toolkit\";\r\nimport storage from \"redux-persist/lib/storage\";\r\nimport { persistReducer, persistStore } from \"redux-persist\";\r\n\r\nimport { organizationSlice } from \"./organization/organization-slice\";\r\nimport { userSlice } from \"./user/user-slice\";\r\nimport { centerSlice } from \"./center/center-slice\";\r\nimport { newsSlice } from \"./news/news-slice\";\r\n\r\nexport type RootState = ReturnType\r\nexport type AppDispatch = typeof store.dispatch\r\n\r\nconst combinedReducers = combineReducers({\r\n ORGANIZATION: organizationSlice.reducer,\r\n USER: userSlice.reducer,\r\n CENTER: centerSlice.reducer,\r\n NEWS: newsSlice.reducer\r\n})\r\n\r\n// SET ORGANIZATION IN LOCALSTORAGE WITH REDUX-PERSIST\r\nconst persistConfig = {\r\n key: 'redux-persist-store',\r\n storage,\r\n whitelist: ['ORGANIZATION', 'USER']\r\n}\r\n\r\nconst persistedReducer = persistReducer(persistConfig, combinedReducers)\r\n\r\nexport const store = configureStore({\r\n reducer: persistedReducer,\r\n middleware: (getDefaultMiddleware) => getDefaultMiddleware({\r\n serializableCheck: false,\r\n }),\r\n})\r\n\r\nexport const persistor = persistStore(store);","import { createSlice } from \"@reduxjs/toolkit\";\r\nimport { AxiosResponse } from \"axios\";\r\n\r\nimport { api } from \"../../utils/api\";\r\nimport { AppDispatch } from \"../store\";\r\nimport { CONFIG_API } from \"../../data/config.API\";\r\nimport { UserModel } from \"../../models/UserModel\";\r\nimport { APIResponsesModel } from \"../../models/ApiResponseModel\";\r\n\r\nexport interface InitialStateModel {\r\n usersList: UserModel[] | undefined;\r\n currentUser: UserModel | undefined;\r\n loading: boolean;\r\n error: string | null;\r\n}\r\n\r\nconst initialState: InitialStateModel = {\r\n usersList: undefined,\r\n currentUser: undefined,\r\n loading: true,\r\n error: null\r\n}\r\n\r\n// SLICE\r\nexport const userSlice = createSlice({\r\n name: \"userSlice\",\r\n initialState: initialState,\r\n reducers: {\r\n setUsersList: (currentSlice, action) => {\r\n currentSlice.usersList = action.payload\r\n },\r\n setCurrentUser: (currentSlice, action) => {\r\n currentSlice.currentUser = action.payload\r\n },\r\n setLoading: (currentSlice, action) => {\r\n currentSlice.loading = action.payload\r\n },\r\n setError: (currentSlice, action) => {\r\n currentSlice.error = action.payload\r\n }\r\n }\r\n});\r\n\r\nexport const { setCurrentUser, setUsersList, setLoading, setError } = userSlice.actions;\r\n\r\n// ACTIONS\r\nexport const fetchUserData = (organizationPid: string, externalUserId: string | undefined) => async (dispatch: AppDispatch) => {\r\n dispatch(setLoading(true));\r\n try {\r\n await api.get(`/${CONFIG_API.CTONLINE}/${CONFIG_API.ORGANIZATION}/${organizationPid}/${CONFIG_API.ACCOUNT}/${CONFIG_API.EXTERNAL_USER_ID}/${externalUserId}/${CONFIG_API.PROFILE}`).then((response: AxiosResponse>) => {\r\n dispatch(setLoading(false));\r\n if (response.data.items) {\r\n const profilesNumber = response.data.items.length\r\n if (profilesNumber === 0) {\r\n dispatch(setError(\"Ce profil est introuvable.\"))\r\n } else if (profilesNumber === 1) {\r\n dispatch(setCurrentUser(response.data.items[0]))\r\n } else {\r\n dispatch(setUsersList(response.data.items))\r\n }\r\n } else {\r\n dispatch(setError(\"Ce profil est introuvable.\"))\r\n }\r\n })\r\n } catch (error) {\r\n dispatch(setLoading(false));\r\n dispatch(setError(error))\r\n }\r\n}\r\n\r\n// Set currentUser based on the profile (selectedProfilePid), in cases where multiple profiles are assigned to a user\r\nexport const selectCurrentUser = (selectedProfilePid: string, profilesList: any) => async (dispatch: AppDispatch) => {\r\n dispatch(setLoading(true));\r\n if (selectedProfilePid) {\r\n // Find the profile that matches by PID in the user's list of profiles\r\n dispatch(setCurrentUser(profilesList.find((profile: UserModel) => profile.pid === selectedProfilePid)))\r\n dispatch(setLoading(false));\r\n } else {\r\n dispatch(setLoading(false));\r\n dispatch(setError(\"Ce profil est introuvable.\"))\r\n }\r\n}","// @ts-nocheck\r\nimport axios, { AxiosInstance } from \"axios\";\r\n\r\nimport { PCA, scopes } from \"../msal/msal\";\r\n\r\nlet api: AxiosInstance;\r\nconst accounts = PCA.getAllAccounts();\r\n\r\nif (accounts[0]) {\r\n try {\r\n await PCA.acquireTokenSilent({\r\n scopes: scopes,\r\n account: accounts[0],\r\n }).then((accessTokenResponse) => {\r\n const accessToken = accessTokenResponse.accessToken;\r\n if (accessToken) {\r\n api = axios.create({\r\n baseURL: `${process.env.REACT_APP_API_BASE_URL}`,\r\n headers: {\r\n \"Content-Type\": \"application/json\",\r\n \"X-Version\": `${process.env.REACT_APP_API_VERSION}`,\r\n Authorization: `Bearer ${accessToken}`,\r\n },\r\n })\r\n }\r\n })\r\n } catch (error) {\r\n localStorage.clear(); // TO CLEAR ORGANIZATION SETTED WITH REDUX-PERSIST\r\n PCA.logoutRedirect({\r\n authority: process.env.REACT_APP_AZURE_BASE_URL,\r\n postLogoutRedirectUri: `/`,\r\n });\r\n }\r\n}\r\n\r\nexport { api };","import { AxiosResponse } from \"axios\";\r\n\r\nimport { APIResponseModel } from \"../../models/ApiResponseModel\";\r\nimport { api } from \"../api\"\r\nimport { CONFIG_API } from \"../../data/config.API\";\r\n\r\ntype AdminModel = {\r\n externalUserId: string;\r\n isAdministrator: boolean;\r\n displayName: string;\r\n mail: string;\r\n}\r\n\r\nconst isSuperAdministrator = async (externalUserId: string | undefined) => {\r\n try {\r\n let response: AxiosResponse> = await api.get(`/${CONFIG_API.CTONLINE_ADMINISTRATION}/${CONFIG_API.USER}/${externalUserId}`);\r\n if (response.data.success) {\r\n if (response.data.item) {\r\n return response.data.item.isAdministrator\r\n }\r\n }\r\n } catch (error) {\r\n console.error(error)\r\n }\r\n return false;\r\n\r\n}\r\n\r\nexport default isSuperAdministrator","import { createTheme } from \"@mui/material\";\r\n\r\nconst customTheme = createTheme({\r\n palette: {\r\n primary: { main: \"#ea6927\" },\r\n secondary: { main: \"rgba(70, 47, 87, 0.85)\" },\r\n },\r\n breakpoints: {\r\n values: {\r\n xs: 0,\r\n sm: 600,\r\n md: 900,\r\n lg: 1200,\r\n xl: 1536,\r\n },\r\n },\r\n});\r\n\r\nexport default customTheme;","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.\r\n *\r\n * @export\r\n * @enum {number}\r\n */\r\nexport enum PerformanceEvents {\r\n\r\n /**\r\n * acquireTokenByCode API (msal-browser and msal-node).\r\n * Used to acquire tokens by trading an authorization code against the token endpoint.\r\n */\r\n AcquireTokenByCode = \"acquireTokenByCode\",\r\n\r\n /**\r\n * acquireTokenByRefreshToken API (msal-browser and msal-node).\r\n * Used to renew an access token using a refresh token against the token endpoint.\r\n */\r\n AcquireTokenByRefreshToken = \"acquireTokenByRefreshToken\",\r\n\r\n /**\r\n * acquireTokenSilent API (msal-browser and msal-node).\r\n * Used to silently acquire a new access token (from the cache or the network).\r\n */\r\n AcquireTokenSilent = \"acquireTokenSilent\",\r\n\r\n /**\r\n * acquireTokenSilentAsync (msal-browser).\r\n * Internal API for acquireTokenSilent.\r\n */\r\n AcquireTokenSilentAsync = \"acquireTokenSilentAsync\",\r\n\r\n /**\r\n * acquireTokenPopup (msal-browser).\r\n * Used to acquire a new access token interactively through pop ups\r\n */\r\n AcquireTokenPopup = \"acquireTokenPopup\",\r\n\r\n /**\r\n * getPublicKeyThumbprint API in CryptoOpts class (msal-browser).\r\n * Used to generate a public/private keypair and generate a public key thumbprint for pop requests.\r\n */\r\n CryptoOptsGetPublicKeyThumbprint = \"cryptoOptsGetPublicKeyThumbprint\",\r\n\r\n /**\r\n * signJwt API in CryptoOpts class (msal-browser).\r\n * Used to signed a pop token.\r\n */\r\n CryptoOptsSignJwt = \"cryptoOptsSignJwt\",\r\n\r\n /**\r\n * acquireToken API in the SilentCacheClient class (msal-browser).\r\n * Used to read access tokens from the cache.\r\n */\r\n SilentCacheClientAcquireToken = \"silentCacheClientAcquireToken\",\r\n\r\n /**\r\n * acquireToken API in the SilentIframeClient class (msal-browser).\r\n * Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.\r\n */\r\n SilentIframeClientAcquireToken = \"silentIframeClientAcquireToken\",\r\n\r\n /**\r\n * acquireToken API in SilentRereshClient (msal-browser).\r\n * Used to acquire a new set of tokens from the token endpoint using a refresh token.\r\n */\r\n SilentRefreshClientAcquireToken = \"silentRefreshClientAcquireToken\",\r\n\r\n /**\r\n * ssoSilent API (msal-browser).\r\n * Used to silently acquire an authorization code and set of tokens using a hidden iframe.\r\n */\r\n SsoSilent = \"ssoSilent\",\r\n\r\n /**\r\n * getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).\r\n * Used to load authority metadata for a request.\r\n */\r\n StandardInteractionClientGetDiscoveredAuthority = \"standardInteractionClientGetDiscoveredAuthority\",\r\n\r\n /**\r\n * acquireToken APIs in msal-browser.\r\n * Used to make an /authorize endpoint call with native brokering enabled.\r\n */\r\n FetchAccountIdWithNativeBroker = \"fetchAccountIdWithNativeBroker\",\r\n\r\n /**\r\n * acquireToken API in NativeInteractionClient class (msal-browser).\r\n * Used to acquire a token from Native component when native brokering is enabled.\r\n */\r\n NativeInteractionClientAcquireToken = \"nativeInteractionClientAcquireToken\",\r\n /**\r\n * Time spent creating default headers for requests to token endpoint\r\n */\r\n BaseClientCreateTokenRequestHeaders = \"baseClientCreateTokenRequestHeaders\",\r\n /**\r\n * Used to measure the time taken for completing embedded-broker handshake (PW-Broker).\r\n */\r\n BrokerHandhshake = \"brokerHandshake\",\r\n /**\r\n * acquireTokenByRefreshToken API in BrokerClientApplication (PW-Broker) .\r\n */\r\n AcquireTokenByRefreshTokenInBroker = \"acquireTokenByRefreshTokenInBroker\",\r\n /**\r\n * Time taken for token acquisition by broker\r\n */\r\n AcquireTokenByBroker = \"acquireTokenByBroker\",\r\n\r\n /**\r\n * Time spent on the network for refresh token acquisition\r\n */\r\n RefreshTokenClientExecuteTokenRequest = \"refreshTokenClientExecuteTokenRequest\",\r\n\r\n /**\r\n * Time taken for acquiring refresh token , records RT size\r\n */\r\n RefreshTokenClientAcquireToken = \"refreshTokenClientAcquireToken\",\r\n\r\n /**\r\n * Time taken for acquiring cached refresh token\r\n */\r\n RefreshTokenClientAcquireTokenWithCachedRefreshToken = \"refreshTokenClientAcquireTokenWithCachedRefreshToken\",\r\n\r\n /**\r\n * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).\r\n */\r\n RefreshTokenClientAcquireTokenByRefreshToken = \"refreshTokenClientAcquireTokenByRefreshToken\",\r\n\r\n /**\r\n * Helper function to create token request body in RefreshTokenClient (msal-common).\r\n */\r\n RefreshTokenClientCreateTokenRequestBody = \"refreshTokenClientCreateTokenRequestBody\",\r\n\r\n /**\r\n * acquireTokenFromCache (msal-browser).\r\n * Internal API for acquiring token from cache\r\n */\r\n AcquireTokenFromCache = \"acquireTokenFromCache\",\r\n\r\n /**\r\n * acquireTokenBySilentIframe (msal-browser).\r\n * Internal API for acquiring token by silent Iframe\r\n */\r\n AcquireTokenBySilentIframe = \"acquireTokenBySilentIframe\",\r\n\r\n /**\r\n * Internal API for initializing base request in BaseInteractionClient (msal-browser)\r\n */\r\n InitializeBaseRequest = \"initializeBaseRequest\",\r\n\r\n /**\r\n * Internal API for initializing silent request in SilentCacheClient (msal-browser)\r\n */\r\n InitializeSilentRequest = \"initializeSilentRequest\",\r\n\r\n InitializeClientApplication = \"initializeClientApplication\",\r\n\r\n /**\r\n * Helper function in SilentIframeClient class (msal-browser).\r\n */\r\n SilentIframeClientTokenHelper = \"silentIframeClientTokenHelper\",\r\n\r\n /**\r\n * SilentHandler\r\n */\r\n SilentHandlerInitiateAuthRequest = \"silentHandlerInitiateAuthRequest\",\r\n SilentHandlerMonitorIframeForHash = \"silentHandlerMonitorIframeForHash\",\r\n SilentHandlerLoadFrame = \"silentHandlerLoadFrame\",\r\n\r\n /**\r\n * Helper functions in StandardInteractionClient class (msal-browser)\r\n */\r\n StandardInteractionClientCreateAuthCodeClient = \"standardInteractionClientCreateAuthCodeClient\",\r\n StandardInteractionClientGetClientConfiguration = \"standardInteractionClientGetClientConfiguration\",\r\n StandardInteractionClientInitializeAuthorizationRequest = \"standardInteractionClientInitializeAuthorizationRequest\",\r\n StandardInteractionClientInitializeAuthorizationCodeRequest = \"standardInteractionClientInitializeAuthorizationCodeRequest\",\r\n\r\n /**\r\n * getAuthCodeUrl API (msal-browser and msal-node).\r\n */\r\n GetAuthCodeUrl = \"getAuthCodeUrl\",\r\n\r\n /**\r\n * Functions from InteractionHandler (msal-browser)\r\n */\r\n HandleCodeResponseFromServer = \"handleCodeResponseFromServer\",\r\n HandleCodeResponseFromHash = \"handleCodeResponseFromHash\",\r\n UpdateTokenEndpointAuthority = \"updateTokenEndpointAuthority\",\r\n\r\n /**\r\n * APIs in Authorization Code Client (msal-common)\r\n */\r\n AuthClientAcquireToken = \"authClientAcquireToken\",\r\n AuthClientExecuteTokenRequest = \"authClientExecuteTokenRequest\",\r\n AuthClientCreateTokenRequestBody = \"authClientCreateTokenRequestBody\",\r\n AuthClientCreateQueryString = \"authClientCreateQueryString\",\r\n\r\n /**\r\n * Generate functions in PopTokenGenerator (msal-common)\r\n */\r\n PopTokenGenerateCnf = \"popTokenGenerateCnf\",\r\n PopTokenGenerateKid = \"popTokenGenerateKid\",\r\n\r\n /**\r\n * handleServerTokenResponse API in ResponseHandler (msal-common)\r\n */\r\n HandleServerTokenResponse = \"handleServerTokenResponse\",\r\n\r\n /**\r\n * Authority functions\r\n */\r\n AuthorityFactoryCreateDiscoveredInstance = \"authorityFactoryCreateDiscoveredInstance\",\r\n AuthorityResolveEndpointsAsync = \"authorityResolveEndpointsAsync\",\r\n AuthorityGetCloudDiscoveryMetadataFromNetwork = \"authorityGetCloudDiscoveryMetadataFromNetwork\",\r\n AuthorityUpdateCloudDiscoveryMetadata = \"authorityUpdateCloudDiscoveryMetadata\",\r\n AuthorityGetEndpointMetadataFromNetwork = \"authorityGetEndpointMetadataFromNetwork\",\r\n AuthorityUpdateEndpointMetadata = \"authorityUpdateEndpointMetadata\",\r\n AuthorityUpdateMetadataWithRegionalInformation = \"authorityUpdateMetadataWithRegionalInformation\",\r\n\r\n /**\r\n * Region Discovery functions\r\n */\r\n RegionDiscoveryDetectRegion = \"regionDiscoveryDetectRegion\",\r\n RegionDiscoveryGetRegionFromIMDS = \"regionDiscoveryGetRegionFromIMDS\",\r\n RegionDiscoveryGetCurrentVersion = \"regionDiscoveryGetCurrentVersion\",\r\n\r\n AcquireTokenByCodeAsync = \"acquireTokenByCodeAsync\",\r\n\r\n GetEndpointMetadataFromNetwork = \"getEndpointMetadataFromNetwork\",\r\n GetCloudDiscoveryMetadataFromNetworkMeasurement = \"getCloudDiscoveryMetadataFromNetworkMeasurement\",\r\n\r\n HandleRedirectPromiseMeasurement= \"handleRedirectPromiseMeasurement\",\r\n\r\n UpdateCloudDiscoveryMetadataMeasurement = \"updateCloudDiscoveryMetadataMeasurement\",\r\n\r\n UsernamePasswordClientAcquireToken = \"usernamePasswordClientAcquireToken\",\r\n\r\n NativeMessageHandlerHandshake = \"nativeMessageHandlerHandshake\",\r\n\r\n /**\r\n * Cache operations\r\n */\r\n ClearTokensAndKeysWithClaims = \"clearTokensAndKeysWithClaims\",\r\n}\r\n\r\n/**\r\n * State of the performance event.\r\n *\r\n * @export\r\n * @enum {number}\r\n */\r\nexport enum PerformanceEventStatus {\r\n NotStarted,\r\n InProgress,\r\n Completed\r\n}\r\n\r\n/**\r\n * Fields whose value will not change throughout a request\r\n */\r\nexport type StaticFields = {\r\n /**\r\n * The Silent Token Cache Lookup Policy\r\n *\r\n * @type {?(number | undefined)}\r\n */\r\n cacheLookupPolicy?: number | undefined,\r\n\r\n /**\r\n * Size of the id token\r\n *\r\n * @type {number}\r\n */\r\n idTokenSize?: number,\r\n\r\n /**\r\n *\r\n * Size of the access token\r\n *\r\n * @type {number}\r\n */\r\n\r\n accessTokenSize?: number,\r\n\r\n /**\r\n *\r\n * Size of the refresh token\r\n *\r\n * @type {number}\r\n */\r\n\r\n refreshTokenSize?: number | undefined,\r\n\r\n /**\r\n * Application name as specified by the app.\r\n *\r\n * @type {?string}\r\n */\r\n appName?: string,\r\n\r\n /**\r\n * Application version as specified by the app.\r\n *\r\n * @type {?string}\r\n */\r\n appVersion?: string,\r\n\r\n /**\r\n * The following are fields that may be emitted in native broker scenarios\r\n */\r\n extensionId?: string,\r\n extensionVersion?: string\r\n matsBrokerVersion?: string;\r\n matsAccountJoinOnStart?: string;\r\n matsAccountJoinOnEnd?: string;\r\n matsDeviceJoin?: string;\r\n matsPromptBehavior?: string;\r\n matsApiErrorCode?: number;\r\n matsUiVisible?: boolean;\r\n matsSilentCode?: number;\r\n matsSilentBiSubCode?: number;\r\n matsSilentMessage?: string;\r\n matsSilentStatus?: number;\r\n matsHttpStatus?: number\r\n matsHttpEventCount?: number;\r\n httpVerToken?: string;\r\n httpVerAuthority?: string;\r\n\r\n /**\r\n * Native broker fields\r\n */\r\n allowNativeBroker?: boolean;\r\n extensionInstalled?: boolean;\r\n extensionHandshakeTimeoutMs?: number;\r\n extensionHandshakeTimedOut?: boolean;\r\n};\r\n\r\n/**\r\n * Fields whose value may change throughout a request\r\n */\r\nexport type Counters = {\r\n visibilityChangeCount?: number;\r\n incompleteSubsCount?: number;\r\n /**\r\n * Amount of times queued in the JS event queue.\r\n *\r\n * @type {?number}\r\n */\r\n queuedCount?: number\r\n /**\r\n * Amount of manually completed queue events.\r\n *\r\n * @type {?number}\r\n */\r\n queuedManuallyCompletedCount?: number;\r\n};\r\n\r\nexport type SubMeasurement = {\r\n name: PerformanceEvents,\r\n startTimeMs: number\r\n};\r\n\r\n/**\r\n * Performance measurement taken by the library, including metadata about the request and application.\r\n *\r\n * @export\r\n * @typedef {PerformanceEvent}\r\n */\r\nexport type PerformanceEvent = StaticFields & Counters & {\r\n /**\r\n * Unique id for the event\r\n *\r\n * @type {string}\r\n */\r\n eventId: string,\r\n\r\n /**\r\n * State of the perforance measure.\r\n *\r\n * @type {PerformanceEventStatus}\r\n */\r\n status: PerformanceEventStatus,\r\n\r\n /**\r\n * Login authority used for the request\r\n *\r\n * @type {string}\r\n */\r\n authority: string,\r\n\r\n /**\r\n * Client id for the application\r\n *\r\n * @type {string}\r\n */\r\n clientId: string\r\n\r\n /**\r\n * Correlation ID used for the request\r\n *\r\n * @type {string}\r\n */\r\n correlationId: string,\r\n\r\n /**\r\n * End-to-end duration in milliseconds.\r\n * @date 3/22/2022 - 3:40:05 PM\r\n *\r\n * @type {number}\r\n */\r\n durationMs?: number,\r\n\r\n /**\r\n * Visibility of the page when the event completed.\r\n * Read from: https://developer.mozilla.org/docs/Web/API/Page_Visibility_API\r\n *\r\n * @type {?(string | null)}\r\n */\r\n endPageVisibility?: string | null,\r\n\r\n /**\r\n * Whether the result was retrieved from the cache.\r\n *\r\n * @type {(boolean | null)}\r\n */\r\n fromCache?: boolean | null,\r\n\r\n /**\r\n * Event name (usually in the form of classNameFunctionName)\r\n *\r\n * @type {PerformanceEvents}\r\n */\r\n name: PerformanceEvents,\r\n\r\n /**\r\n * Visibility of the page when the event completed.\r\n * Read from: https://developer.mozilla.org/docs/Web/API/Page_Visibility_API\r\n *\r\n * @type {?(string | null)}\r\n */\r\n startPageVisibility?: string | null,\r\n\r\n /**\r\n * Unix millisecond timestamp when the event was initiated.\r\n *\r\n * @type {number}\r\n */\r\n startTimeMs: number,\r\n\r\n /**\r\n * Whether or the operation completed successfully.\r\n *\r\n * @type {(boolean | null)}\r\n */\r\n success?: boolean | null,\r\n\r\n /**\r\n * Add specific error code in case of failure\r\n *\r\n * @type {string}\r\n */\r\n errorCode?: string,\r\n\r\n /**\r\n * Add specific sub error code in case of failure\r\n *\r\n * @type {string}\r\n */\r\n subErrorCode?: string,\r\n\r\n /**\r\n * Name of the library used for the operation.\r\n *\r\n * @type {string}\r\n */\r\n libraryName: string,\r\n\r\n /**\r\n * Version of the library used for the operation.\r\n *\r\n * @type {string}\r\n */\r\n libraryVersion: string,\r\n\r\n /**\r\n * Whether the response is from a native component (e.g., WAM)\r\n *\r\n * @type {?boolean}\r\n */\r\n isNativeBroker?: boolean,\r\n\r\n /**\r\n * Request ID returned from the response\r\n *\r\n * @type {?string}\r\n */\r\n requestId?: string\r\n\r\n /**\r\n * Cache lookup policy\r\n *\r\n * @type {?number}\r\n */\r\n cacheLookupPolicy?: number | undefined,\r\n\r\n /**\r\n * Amount of time spent in the JS queue in milliseconds.\r\n *\r\n * @type {?number}\r\n */\r\n queuedTimeMs?: number,\r\n\r\n /**\r\n * Sub-measurements for internal use. To be deleted before flushing.\r\n */\r\n incompleteSubMeasurements?: Map\r\n};\r\n\r\nexport const IntFields: ReadonlySet = new Set([\r\n \"accessTokenSize\",\r\n \"durationMs\",\r\n \"idTokenSize\",\r\n \"matsSilentStatus\",\r\n \"matsHttpStatus\",\r\n \"refreshTokenSize\",\r\n \"queuedTimeMs\",\r\n \"startTimeMs\",\r\n \"status\",\r\n]);\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Logger } from \"@azure/msal-common\";\r\nimport { CachedKeyPair } from \"../crypto/CryptoOps\";\r\nimport { AsyncMemoryStorage } from \"./AsyncMemoryStorage\";\r\n\r\nexport enum CryptoKeyStoreNames {\r\n asymmetricKeys = \"asymmetricKeys\",\r\n symmetricKeys = \"symmetricKeys\"\r\n}\r\n/**\r\n * MSAL CryptoKeyStore DB Version 2\r\n */\r\nexport class CryptoKeyStore {\r\n public asymmetricKeys: AsyncMemoryStorage;\r\n public symmetricKeys: AsyncMemoryStorage;\r\n public logger: Logger;\r\n\r\n constructor(logger: Logger){\r\n this.logger = logger;\r\n this.asymmetricKeys = new AsyncMemoryStorage(this.logger, CryptoKeyStoreNames.asymmetricKeys);\r\n this.symmetricKeys = new AsyncMemoryStorage(this.logger, CryptoKeyStoreNames.symmetricKeys);\r\n }\r\n\r\n async clear(): Promise {\r\n // Delete in-memory keystores\r\n this.asymmetricKeys.clearInMemory();\r\n\t this.symmetricKeys.clearInMemory();\r\n\t\t\r\n /**\r\n * There is only one database, so calling clearPersistent on asymmetric keystore takes care of\r\n * every persistent keystore\r\n */\r\n try {\r\n await this.asymmetricKeys.clearPersistent();\r\n return true;\r\n } catch (e) {\r\n if (e instanceof Error) {\r\n this.logger.error(`Clearing keystore failed with error: ${e.message}`);\r\n } else {\r\n this.logger.error(\"Clearing keystore failed with unknown error\");\r\n }\r\n \r\n return false;\r\n }\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AuthError } from \"./AuthError\";\r\n\r\n/**\r\n * Error thrown when there is an error with the server code, for example, unavailability.\r\n */\r\nexport class ServerError extends AuthError {\r\n\r\n constructor(errorCode?: string, errorMessage?: string, subError?: string) {\r\n super(errorCode, errorMessage, subError);\r\n this.name = \"ServerError\";\r\n\r\n Object.setPrototypeOf(this, ServerError.prototype);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Constants } from \"../utils/Constants\";\r\nimport { AuthError } from \"./AuthError\";\r\n\r\n/**\r\n * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required\r\n */\r\nexport const InteractionRequiredServerErrorMessage = [\r\n \"interaction_required\",\r\n \"consent_required\",\r\n \"login_required\"\r\n];\r\n\r\nexport const InteractionRequiredAuthSubErrorMessage = [\r\n \"message_only\",\r\n \"additional_action\",\r\n \"basic_action\",\r\n \"user_password_expired\",\r\n \"consent_required\"\r\n];\r\n\r\n/**\r\n * Interaction required errors defined by the SDK\r\n */\r\nexport const InteractionRequiredAuthErrorMessage = {\r\n noTokensFoundError: {\r\n code: \"no_tokens_found\",\r\n desc: \"No refresh token found in the cache. Please sign-in.\"\r\n },\r\n native_account_unavailable: {\r\n code: \"native_account_unavailable\",\r\n desc: \"The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.\"\r\n }\r\n};\r\n\r\n/**\r\n * Error thrown when user interaction is required.\r\n */\r\nexport class InteractionRequiredAuthError extends AuthError {\r\n /**\r\n * The time the error occured at\r\n */\r\n timestamp: string;\r\n\r\n /**\r\n * TraceId associated with the error\r\n */\r\n traceId: string;\r\n\r\n /**\r\n * https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-common/docs/claims-challenge.md\r\n * \r\n * A string with extra claims needed for the token request to succeed\r\n * web site: redirect the user to the authorization page and set the extra claims\r\n * web api: include the claims in the WWW-Authenticate header that are sent back to the client so that it knows to request a token with the extra claims\r\n * desktop application or browser context: include the claims when acquiring the token interactively\r\n * app to app context (client_credentials): include the claims in the AcquireTokenByClientCredential request\r\n */\r\n claims: string;\r\n\r\n constructor(errorCode?: string, errorMessage?: string, subError?: string, timestamp?: string, traceId?: string, correlationId?: string, claims?: string) {\r\n super(errorCode, errorMessage, subError);\r\n Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);\r\n \r\n this.timestamp = timestamp || Constants.EMPTY_STRING;\r\n this.traceId = traceId || Constants.EMPTY_STRING;\r\n this.correlationId = correlationId || Constants.EMPTY_STRING;\r\n this.claims = claims || Constants.EMPTY_STRING;\r\n this.name = \"InteractionRequiredAuthError\";\r\n }\r\n\r\n /**\r\n * Helper function used to determine if an error thrown by the server requires interaction to resolve\r\n * @param errorCode \r\n * @param errorString \r\n * @param subError \r\n */\r\n static isInteractionRequiredError(errorCode?: string, errorString?: string, subError?: string): boolean {\r\n const isInteractionRequiredErrorCode = !!errorCode && InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;\r\n const isInteractionRequiredSubError = !!subError && InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;\r\n const isInteractionRequiredErrorDesc = !!errorString && InteractionRequiredServerErrorMessage.some((irErrorCode) => {\r\n return errorString.indexOf(irErrorCode) > -1;\r\n });\r\n\r\n return isInteractionRequiredErrorCode || isInteractionRequiredErrorDesc || isInteractionRequiredSubError;\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the authorization code required for a token request is null or empty.\r\n */\r\n static createNoTokensFoundError(): InteractionRequiredAuthError {\r\n return new InteractionRequiredAuthError(InteractionRequiredAuthErrorMessage.noTokensFoundError.code, InteractionRequiredAuthErrorMessage.noTokensFoundError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the native broker returns ACCOUNT_UNAVAILABLE status, indicating that the account was removed and interactive sign-in is required\r\n * @returns \r\n */\r\n static createNativeAccountUnavailableError(): InteractionRequiredAuthError {\r\n return new InteractionRequiredAuthError(InteractionRequiredAuthErrorMessage.native_account_unavailable.code, InteractionRequiredAuthErrorMessage.native_account_unavailable.desc);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AuthError } from \"./AuthError\";\r\n\r\n/**\r\n * ClientAuthErrorMessage class containing string constants used by error codes and messages.\r\n */\r\nexport const JoseHeaderErrorMessage = {\r\n missingKidError: {\r\n code: \"missing_kid_error\",\r\n desc: \"The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.\"\r\n },\r\n missingAlgError: {\r\n code: \"missing_alg_error\",\r\n desc: \"The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided.\"\r\n },\r\n};\r\n\r\n/**\r\n * Error thrown when there is an error in the client code running on the browser.\r\n */\r\nexport class JoseHeaderError extends AuthError {\r\n constructor(errorCode: string, errorMessage?: string) {\r\n super(errorCode, errorMessage);\r\n this.name = \"JoseHeaderError\";\r\n\r\n Object.setPrototypeOf(this, JoseHeaderError.prototype);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when keyId isn't set on JOSE header.\r\n */\r\n static createMissingKidError(): JoseHeaderError {\r\n return new JoseHeaderError(JoseHeaderErrorMessage.missingKidError.code, JoseHeaderErrorMessage.missingKidError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when algorithm isn't set on JOSE header.\r\n */\r\n static createMissingAlgError(): JoseHeaderError {\r\n return new JoseHeaderError(JoseHeaderErrorMessage.missingAlgError.code, JoseHeaderErrorMessage.missingAlgError.desc);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { JoseHeaderError } from \"../error/JoseHeaderError\";\r\nimport { JsonTypes } from \"../utils/Constants\";\r\n\r\nexport type JoseHeaderOptions = {\r\n typ?: JsonTypes,\r\n alg?: string,\r\n kid?: string\r\n};\r\n\r\nexport class JoseHeader {\r\n public typ?: JsonTypes;\r\n public alg?: string;\r\n public kid?: string;\r\n\r\n constructor (options: JoseHeaderOptions) {\r\n this.typ = options.typ;\r\n this.alg = options.alg;\r\n this.kid = options.kid;\r\n }\r\n\r\n /**\r\n * Builds SignedHttpRequest formatted JOSE Header from the\r\n * JOSE Header options provided or previously set on the object and returns\r\n * the stringified header object.\r\n * Throws if keyId or algorithm aren't provided since they are required for Access Token Binding.\r\n * @param shrHeaderOptions \r\n * @returns \r\n */\r\n static getShrHeaderString(shrHeaderOptions: JoseHeaderOptions): string {\r\n // KeyID is required on the SHR header\r\n if (!shrHeaderOptions.kid) {\r\n throw JoseHeaderError.createMissingKidError();\r\n }\r\n\r\n // Alg is required on the SHR header\r\n if (!shrHeaderOptions.alg) {\r\n throw JoseHeaderError.createMissingAlgError();\r\n }\r\n\r\n const shrHeader = new JoseHeader({\r\n // Access Token PoP headers must have type pop, but the type header can be overriden for special cases\r\n typ: shrHeaderOptions.typ || JsonTypes.Pop,\r\n kid: shrHeaderOptions.kid,\r\n alg: shrHeaderOptions.alg\r\n });\r\n\r\n return JSON.stringify(shrHeader);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * Utility class for math specific functions in browser.\r\n */\r\nexport class MathUtils {\r\n\r\n /**\r\n * Decimal to Hex\r\n *\r\n * @param num\r\n */\r\n static decimalToHex(num: number): string {\r\n let hex: string = num.toString(16);\r\n while (hex.length < 2) {\r\n hex = \"0\" + hex;\r\n }\r\n return hex;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Constants , IGuidGenerator } from \"@azure/msal-common\";\r\nimport { MathUtils } from \"../utils/MathUtils\";\r\nimport { BrowserCrypto } from \"./BrowserCrypto\";\r\nexport class GuidGenerator implements IGuidGenerator {\r\n\r\n // browser crypto object used to generate random values\r\n private cryptoObj: BrowserCrypto;\r\n\r\n constructor(cryptoObj: BrowserCrypto) {\r\n this.cryptoObj = cryptoObj;\r\n }\r\n\r\n /*\r\n * RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or\r\n * pseudo-random numbers.\r\n * The algorithm is as follows:\r\n * Set the two most significant bits (bits 6 and 7) of the\r\n * clock_seq_hi_and_reserved to zero and one, respectively.\r\n * Set the four most significant bits (bits 12 through 15) of the\r\n * time_hi_and_version field to the 4-bit version number from\r\n * Section 4.1.3. Version4\r\n * Set all the other bits to randomly (or pseudo-randomly) chosen\r\n * values.\r\n * UUID = time-low \"-\" time-mid \"-\"time-high-and-version \"-\"clock-seq-reserved and low(2hexOctet)\"-\" node\r\n * time-low = 4hexOctet\r\n * time-mid = 2hexOctet\r\n * time-high-and-version = 2hexOctet\r\n * clock-seq-and-reserved = hexOctet:\r\n * clock-seq-low = hexOctet\r\n * node = 6hexOctet\r\n * Format: xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\r\n * y could be 1000, 1001, 1010, 1011 since most significant two bits needs to be 10\r\n * y values are 8, 9, A, B\r\n */\r\n generateGuid(): string {\r\n try {\r\n const buffer: Uint8Array = new Uint8Array(16);\r\n this.cryptoObj.getRandomValues(buffer);\r\n\r\n // buffer[6] and buffer[7] represents the time_hi_and_version field. We will set the four most significant bits (4 through 7) of buffer[6] to represent decimal number 4 (UUID version number).\r\n buffer[6] |= 0x40; // buffer[6] | 01000000 will set the 6 bit to 1.\r\n buffer[6] &= 0x4f; // buffer[6] & 01001111 will set the 4, 5, and 7 bit to 0 such that bits 4-7 == 0100 = \"4\".\r\n\r\n // buffer[8] represents the clock_seq_hi_and_reserved field. We will set the two most significant bits (6 and 7) of the clock_seq_hi_and_reserved to zero and one, respectively.\r\n buffer[8] |= 0x80; // buffer[8] | 10000000 will set the 7 bit to 1.\r\n buffer[8] &= 0xbf; // buffer[8] & 10111111 will set the 6 bit to 0.\r\n\r\n return MathUtils.decimalToHex(buffer[0]) + MathUtils.decimalToHex(buffer[1])\r\n + MathUtils.decimalToHex(buffer[2]) + MathUtils.decimalToHex(buffer[3])\r\n + \"-\" + MathUtils.decimalToHex(buffer[4]) + MathUtils.decimalToHex(buffer[5])\r\n + \"-\" + MathUtils.decimalToHex(buffer[6]) + MathUtils.decimalToHex(buffer[7])\r\n + \"-\" + MathUtils.decimalToHex(buffer[8]) + MathUtils.decimalToHex(buffer[9])\r\n + \"-\" + MathUtils.decimalToHex(buffer[10]) + MathUtils.decimalToHex(buffer[11])\r\n + MathUtils.decimalToHex(buffer[12]) + MathUtils.decimalToHex(buffer[13])\r\n + MathUtils.decimalToHex(buffer[14]) + MathUtils.decimalToHex(buffer[15]);\r\n }\r\n catch (err) {\r\n const guidHolder: string = \"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx\";\r\n const hex: string = \"0123456789abcdef\";\r\n let r: number = 0;\r\n let guidResponse: string = Constants.EMPTY_STRING;\r\n for (let i: number = 0; i < 36; i++) {\r\n if (guidHolder[i] !== \"-\" && guidHolder[i] !== \"4\") {\r\n // each x and y needs to be random\r\n r = Math.random() * 16 | 0;\r\n }\r\n if (guidHolder[i] === \"x\") {\r\n guidResponse += hex[r];\r\n } else if (guidHolder[i] === \"y\") {\r\n // clock-seq-and-reserved first hex is filtered and remaining hex values are random\r\n r &= 0x3; // bit and with 0011 to set pos 2 to zero ?0??\r\n r |= 0x8; // set pos 3 to 1 as 1???\r\n guidResponse += hex[r];\r\n } else {\r\n guidResponse += guidHolder[i];\r\n }\r\n }\r\n return guidResponse;\r\n }\r\n }\r\n\r\n /**\r\n * verifies if a string is GUID\r\n * @param guid\r\n */\r\n isGuid(guid: string): boolean {\r\n const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;\r\n return regexGuid.test(guid);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Constants } from \"@azure/msal-common\";\r\n\r\n/**\r\n * Utility functions for strings in a browser. See here for implementation details:\r\n * https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_JavaScript's_UTF-16_%3E_UTF-8_%3E_base64\r\n */\r\nexport class BrowserStringUtils {\r\n\r\n /**\r\n * Converts string to Uint8Array\r\n * @param sDOMStr \r\n */\r\n static stringToUtf8Arr (sDOMStr: string): Uint8Array {\r\n let nChr;\r\n let nArrLen = 0;\r\n const nStrLen = sDOMStr.length;\r\n /* mapping... */\r\n for (let nMapIdx = 0; nMapIdx < nStrLen; nMapIdx++) {\r\n nChr = sDOMStr.charCodeAt(nMapIdx);\r\n nArrLen += nChr < 0x80 ? 1 : nChr < 0x800 ? 2 : nChr < 0x10000 ? 3 : nChr < 0x200000 ? 4 : nChr < 0x4000000 ? 5 : 6;\r\n }\r\n\r\n const aBytes = new Uint8Array(nArrLen);\r\n\r\n /* transcription... */\r\n\r\n for (let nIdx = 0, nChrIdx = 0; nIdx < nArrLen; nChrIdx++) {\r\n nChr = sDOMStr.charCodeAt(nChrIdx);\r\n if (nChr < 128) {\r\n /* one byte */\r\n aBytes[nIdx++] = nChr;\r\n } else if (nChr < 0x800) {\r\n /* two bytes */\r\n aBytes[nIdx++] = 192 + (nChr >>> 6);\r\n aBytes[nIdx++] = 128 + (nChr & 63);\r\n } else if (nChr < 0x10000) {\r\n /* three bytes */\r\n aBytes[nIdx++] = 224 + (nChr >>> 12);\r\n aBytes[nIdx++] = 128 + (nChr >>> 6 & 63);\r\n aBytes[nIdx++] = 128 + (nChr & 63);\r\n } else if (nChr < 0x200000) {\r\n /* four bytes */\r\n aBytes[nIdx++] = 240 + (nChr >>> 18);\r\n aBytes[nIdx++] = 128 + (nChr >>> 12 & 63);\r\n aBytes[nIdx++] = 128 + (nChr >>> 6 & 63);\r\n aBytes[nIdx++] = 128 + (nChr & 63);\r\n } else if (nChr < 0x4000000) {\r\n /* five bytes */\r\n aBytes[nIdx++] = 248 + (nChr >>> 24);\r\n aBytes[nIdx++] = 128 + (nChr >>> 18 & 63);\r\n aBytes[nIdx++] = 128 + (nChr >>> 12 & 63);\r\n aBytes[nIdx++] = 128 + (nChr >>> 6 & 63);\r\n aBytes[nIdx++] = 128 + (nChr & 63);\r\n } else /* if (nChr <= 0x7fffffff) */ {\r\n /* six bytes */\r\n aBytes[nIdx++] = 252 + (nChr >>> 30);\r\n aBytes[nIdx++] = 128 + (nChr >>> 24 & 63);\r\n aBytes[nIdx++] = 128 + (nChr >>> 18 & 63);\r\n aBytes[nIdx++] = 128 + (nChr >>> 12 & 63);\r\n aBytes[nIdx++] = 128 + (nChr >>> 6 & 63);\r\n aBytes[nIdx++] = 128 + (nChr & 63);\r\n }\r\n }\r\n\r\n return aBytes; \r\n }\r\n\r\n /**\r\n * Converst string to ArrayBuffer\r\n * @param dataString \r\n */\r\n static stringToArrayBuffer(dataString: string): ArrayBuffer {\r\n const data = new ArrayBuffer(dataString.length);\r\n const dataView = new Uint8Array(data);\r\n for (let i: number = 0; i < dataString.length; i++) {\r\n dataView[i] = dataString.charCodeAt(i);\r\n }\r\n return data;\r\n }\r\n\r\n /**\r\n * Converts Uint8Array to a string\r\n * @param aBytes \r\n */\r\n static utf8ArrToString (aBytes: Uint8Array): string {\r\n let sView = Constants.EMPTY_STRING;\r\n for (let nPart, nLen = aBytes.length, nIdx = 0; nIdx < nLen; nIdx++) {\r\n nPart = aBytes[nIdx];\r\n sView += String.fromCharCode(\r\n nPart > 251 && nPart < 254 && nIdx + 5 < nLen ? /* six bytes */\r\n /* (nPart - 252 << 30) may be not so safe in ECMAScript! So...: */\r\n (nPart - 252) * 1073741824 + (aBytes[++nIdx] - 128 << 24) + (aBytes[++nIdx] - 128 << 18) + (aBytes[++nIdx] - 128 << 12) + (aBytes[++nIdx] - 128 << 6) + aBytes[++nIdx] - 128\r\n : nPart > 247 && nPart < 252 && nIdx + 4 < nLen ? /* five bytes */\r\n (nPart - 248 << 24) + (aBytes[++nIdx] - 128 << 18) + (aBytes[++nIdx] - 128 << 12) + (aBytes[++nIdx] - 128 << 6) + aBytes[++nIdx] - 128\r\n : nPart > 239 && nPart < 248 && nIdx + 3 < nLen ? /* four bytes */\r\n (nPart - 240 << 18) + (aBytes[++nIdx] - 128 << 12) + (aBytes[++nIdx] - 128 << 6) + aBytes[++nIdx] - 128\r\n : nPart > 223 && nPart < 240 && nIdx + 2 < nLen ? /* three bytes */\r\n (nPart - 224 << 12) + (aBytes[++nIdx] - 128 << 6) + aBytes[++nIdx] - 128\r\n : nPart > 191 && nPart < 224 && nIdx + 1 < nLen ? /* two bytes */\r\n (nPart - 192 << 6) + aBytes[++nIdx] - 128\r\n : /* nPart < 127 ? */ /* one byte */\r\n nPart\r\n );\r\n }\r\n return sView;\r\n }\r\n\r\n /**\r\n * Returns stringified jwk.\r\n * @param jwk \r\n */\r\n static getSortedObjectString(obj: object): string {\r\n return JSON.stringify(obj, Object.keys(obj).sort());\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Constants } from \"@azure/msal-common\";\r\nimport { BrowserStringUtils } from \"../utils/BrowserStringUtils\";\r\n\r\n/**\r\n * Class which exposes APIs to encode plaintext to base64 encoded string. See here for implementation details:\r\n * https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_JavaScript's_UTF-16_%3E_UTF-8_%3E_base64\r\n */\r\nexport class Base64Encode {\r\n \r\n /**\r\n * Returns URL Safe b64 encoded string from a plaintext string.\r\n * @param input \r\n */\r\n urlEncode(input: string): string {\r\n return encodeURIComponent(this.encode(input)\r\n .replace(/=/g, Constants.EMPTY_STRING)\r\n .replace(/\\+/g, \"-\")\r\n .replace(/\\//g, \"_\"));\r\n }\r\n\r\n /**\r\n * Returns URL Safe b64 encoded string from an int8Array.\r\n * @param inputArr \r\n */\r\n urlEncodeArr(inputArr: Uint8Array): string {\r\n return this.base64EncArr(inputArr)\r\n .replace(/=/g, Constants.EMPTY_STRING)\r\n .replace(/\\+/g, \"-\")\r\n .replace(/\\//g, \"_\");\r\n }\r\n\r\n /**\r\n * Returns b64 encoded string from plaintext string.\r\n * @param input \r\n */\r\n encode(input: string): string {\r\n const inputUtf8Arr = BrowserStringUtils.stringToUtf8Arr(input);\r\n return this.base64EncArr(inputUtf8Arr);\r\n }\r\n\r\n /**\r\n * Base64 encode byte array\r\n * @param aBytes \r\n */\r\n private base64EncArr(aBytes: Uint8Array): string { \r\n const eqLen = (3 - (aBytes.length % 3)) % 3;\r\n let sB64Enc = Constants.EMPTY_STRING;\r\n \r\n for (let nMod3, nLen = aBytes.length, nUint24 = 0, nIdx = 0; nIdx < nLen; nIdx++) {\r\n nMod3 = nIdx % 3;\r\n /* Uncomment the following line in order to split the output in lines 76-character long: */\r\n /*\r\n *if (nIdx > 0 && (nIdx * 4 / 3) % 76 === 0) { sB64Enc += \"\\r\\n\"; }\r\n */\r\n nUint24 |= aBytes[nIdx] << (16 >>> nMod3 & 24);\r\n if (nMod3 === 2 || aBytes.length - nIdx === 1) {\r\n sB64Enc += String.fromCharCode(\r\n this.uint6ToB64(nUint24 >>> 18 & 63), \r\n this.uint6ToB64(nUint24 >>> 12 & 63), \r\n this.uint6ToB64(nUint24 >>> 6 & 63), \r\n this.uint6ToB64(nUint24 & 63)\r\n );\r\n nUint24 = 0;\r\n }\r\n }\r\n\r\n return eqLen === 0 ? sB64Enc : sB64Enc.substring(0, sB64Enc.length - eqLen) + (eqLen === 1 ? \"=\" : \"==\");\r\n }\r\n\r\n /**\r\n * Base64 string to array encoding helper\r\n * @param nUint6 \r\n */\r\n private uint6ToB64 (nUint6: number): number {\r\n return nUint6 < 26 ?\r\n nUint6 + 65\r\n : nUint6 < 52 ?\r\n nUint6 + 71\r\n : nUint6 < 62 ?\r\n nUint6 - 4\r\n : nUint6 === 62 ?\r\n 43\r\n : nUint6 === 63 ?\r\n 47\r\n :\r\n 65;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Constants } from \"@azure/msal-common\";\r\nimport { BrowserStringUtils } from \"../utils/BrowserStringUtils\";\r\n\r\n/**\r\n * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:\r\n * https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_JavaScript's_UTF-16_%3E_UTF-8_%3E_base64\r\n */\r\nexport class Base64Decode {\r\n\r\n /**\r\n * Returns a URL-safe plaintext decoded string from b64 encoded input.\r\n * @param input \r\n */\r\n decode(input: string): string {\r\n let encodedString = input.replace(/-/g, \"+\").replace(/_/g, \"/\");\r\n switch (encodedString.length % 4) {\r\n case 0:\r\n break;\r\n case 2:\r\n encodedString += \"==\";\r\n break;\r\n case 3:\r\n encodedString += \"=\";\r\n break;\r\n default:\r\n throw new Error(\"Invalid base64 string\");\r\n }\r\n\r\n const inputUtf8Arr = this.base64DecToArr(encodedString);\r\n return BrowserStringUtils.utf8ArrToString(inputUtf8Arr);\r\n }\r\n\r\n /**\r\n * Decodes base64 into Uint8Array\r\n * @param base64String \r\n * @param nBlockSize \r\n */\r\n private base64DecToArr(base64String: string, nBlockSize?: number): Uint8Array {\r\n const sB64Enc = base64String.replace(/[^A-Za-z0-9\\+\\/]/g, Constants.EMPTY_STRING);\r\n const nInLen = sB64Enc.length;\r\n const nOutLen = nBlockSize ? Math.ceil((nInLen * 3 + 1 >>> 2) / nBlockSize) * nBlockSize : nInLen * 3 + 1 >>> 2;\r\n const aBytes = new Uint8Array(nOutLen);\r\n\r\n for (let nMod3, nMod4, nUint24 = 0, nOutIdx = 0, nInIdx = 0; nInIdx < nInLen; nInIdx++) {\r\n nMod4 = nInIdx & 3;\r\n nUint24 |= this.b64ToUint6(sB64Enc.charCodeAt(nInIdx)) << 18 - 6 * nMod4;\r\n if (nMod4 === 3 || nInLen - nInIdx === 1) {\r\n for (nMod3 = 0; nMod3 < 3 && nOutIdx < nOutLen; nMod3++, nOutIdx++) {\r\n aBytes[nOutIdx] = nUint24 >>> (16 >>> nMod3 & 24) & 255;\r\n }\r\n nUint24 = 0;\r\n }\r\n }\r\n\r\n return aBytes;\r\n }\r\n\r\n /**\r\n * Base64 string to array decoding helper\r\n * @param charNum \r\n */\r\n private b64ToUint6(charNum: number): number {\r\n return charNum > 64 && charNum < 91 ?\r\n charNum - 65\r\n : charNum > 96 && charNum < 123 ? \r\n charNum - 71\r\n : charNum > 47 && charNum < 58 ?\r\n charNum + 4\r\n : charNum === 43 ?\r\n 62\r\n : charNum === 47 ?\r\n 63\r\n :\r\n 0;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AuthError, StringUtils } from \"@azure/msal-common\";\r\n\r\n/**\r\n * BrowserAuthErrorMessage class containing string constants used by error codes and messages.\r\n */\r\nexport const BrowserAuthErrorMessage = {\r\n pkceNotGenerated: {\r\n code: \"pkce_not_created\",\r\n desc: \"The PKCE code challenge and verifier could not be generated.\"\r\n },\r\n cryptoDoesNotExist: {\r\n code: \"crypto_nonexistent\",\r\n desc: \"The crypto object or function is not available.\"\r\n },\r\n httpMethodNotImplementedError: {\r\n code: \"http_method_not_implemented\",\r\n desc: \"The HTTP method given has not been implemented in this library.\"\r\n },\r\n emptyNavigateUriError: {\r\n code: \"empty_navigate_uri\",\r\n desc: \"Navigation URI is empty. Please check stack trace for more info.\"\r\n },\r\n hashEmptyError: {\r\n code: \"hash_empty_error\",\r\n desc: \"Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. For more visit: aka.ms/msaljs/browser-errors.\"\r\n },\r\n hashDoesNotContainStateError: {\r\n code: \"no_state_in_hash\",\r\n desc: \"Hash does not contain state. Please verify that the request originated from msal.\"\r\n },\r\n hashDoesNotContainKnownPropertiesError: {\r\n code: \"hash_does_not_contain_known_properties\",\r\n desc: \"Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. For more visit: aka.ms/msaljs/browser-errors.\"\r\n },\r\n unableToParseStateError: {\r\n code: \"unable_to_parse_state\",\r\n desc: \"Unable to parse state. Please verify that the request originated from msal.\"\r\n },\r\n stateInteractionTypeMismatchError: {\r\n code: \"state_interaction_type_mismatch\",\r\n desc: \"Hash contains state but the interaction type does not match the caller.\"\r\n },\r\n interactionInProgress: {\r\n code: \"interaction_in_progress\",\r\n desc: \"Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. For more visit: aka.ms/msaljs/browser-errors.\"\r\n },\r\n popupWindowError: {\r\n code: \"popup_window_error\",\r\n desc: \"Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.\"\r\n },\r\n emptyWindowError: {\r\n code: \"empty_window_error\",\r\n desc: \"window.open returned null or undefined window object.\"\r\n },\r\n userCancelledError: {\r\n code: \"user_cancelled\",\r\n desc: \"User cancelled the flow.\"\r\n },\r\n monitorPopupTimeoutError: {\r\n code: \"monitor_window_timeout\",\r\n desc: \"Token acquisition in popup failed due to timeout. For more visit: aka.ms/msaljs/browser-errors.\"\r\n },\r\n monitorIframeTimeoutError: {\r\n code: \"monitor_window_timeout\",\r\n desc: \"Token acquisition in iframe failed due to timeout. For more visit: aka.ms/msaljs/browser-errors.\"\r\n },\r\n redirectInIframeError: {\r\n code: \"redirect_in_iframe\",\r\n desc: \"Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.\"\r\n },\r\n blockTokenRequestsInHiddenIframeError: {\r\n code: \"block_iframe_reload\",\r\n desc: \"Request was blocked inside an iframe because MSAL detected an authentication response. For more visit: aka.ms/msaljs/browser-errors\"\r\n },\r\n blockAcquireTokenInPopupsError: {\r\n code: \"block_nested_popups\",\r\n desc: \"Request was blocked inside a popup because MSAL detected it was running in a popup.\"\r\n },\r\n iframeClosedPrematurelyError: {\r\n code: \"iframe_closed_prematurely\",\r\n desc: \"The iframe being monitored was closed prematurely.\"\r\n },\r\n silentLogoutUnsupportedError: {\r\n code: \"silent_logout_unsupported\",\r\n desc: \"Silent logout not supported. Please call logoutRedirect or logoutPopup instead.\"\r\n },\r\n noAccountError: {\r\n code: \"no_account_error\",\r\n desc: \"No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.\"\r\n },\r\n silentPromptValueError: {\r\n code: \"silent_prompt_value_error\",\r\n desc: \"The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.\"\r\n },\r\n noTokenRequestCacheError: {\r\n code: \"no_token_request_cache_error\",\r\n desc: \"No token request found in cache.\"\r\n },\r\n unableToParseTokenRequestCacheError: {\r\n code: \"unable_to_parse_token_request_cache_error\",\r\n desc: \"The cached token request could not be parsed.\"\r\n },\r\n noCachedAuthorityError: {\r\n code: \"no_cached_authority_error\",\r\n desc: \"No cached authority found.\"\r\n },\r\n authRequestNotSet: {\r\n code: \"auth_request_not_set_error\",\r\n desc: \"Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler\"\r\n },\r\n invalidCacheType: {\r\n code: \"invalid_cache_type\",\r\n desc: \"Invalid cache type\"\r\n },\r\n notInBrowserEnvironment: {\r\n code: \"non_browser_environment\",\r\n desc: \"Login and token requests are not supported in non-browser environments.\"\r\n },\r\n databaseNotOpen: {\r\n code: \"database_not_open\",\r\n desc: \"Database is not open!\"\r\n },\r\n noNetworkConnectivity: {\r\n code: \"no_network_connectivity\",\r\n desc: \"No network connectivity. Check your internet connection.\"\r\n },\r\n postRequestFailed: {\r\n code: \"post_request_failed\",\r\n desc: \"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'\"\r\n },\r\n getRequestFailed: {\r\n code: \"get_request_failed\",\r\n desc: \"Network request failed. Please check the network trace to determine root cause.\"\r\n },\r\n failedToParseNetworkResponse: {\r\n code: \"failed_to_parse_response\",\r\n desc: \"Failed to parse network response. Check network trace.\"\r\n },\r\n unableToLoadTokenError: {\r\n code: \"unable_to_load_token\",\r\n desc: \"Error loading token to cache.\"\r\n },\r\n signingKeyNotFoundInStorage: {\r\n code: \"crypto_key_not_found\",\r\n desc: \"Cryptographic Key or Keypair not found in browser storage.\"\r\n },\r\n authCodeRequired: {\r\n code: \"auth_code_required\",\r\n desc: \"An authorization code must be provided (as the `code` property on the request) to this flow.\"\r\n },\r\n authCodeOrNativeAccountRequired: {\r\n code: \"auth_code_or_nativeAccountId_required\",\r\n desc: \"An authorization code or nativeAccountId must be provided to this flow.\"\r\n },\r\n spaCodeAndNativeAccountPresent: {\r\n code: \"spa_code_and_nativeAccountId_present\",\r\n desc: \"Request cannot contain both spa code and native account id.\"\r\n },\r\n databaseUnavailable: {\r\n code: \"database_unavailable\",\r\n desc: \"IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.\"\r\n },\r\n unableToAcquireTokenFromNativePlatform: {\r\n code: \"unable_to_acquire_token_from_native_platform\",\r\n desc: \"Unable to acquire token from native platform. For a list of possible reasons visit aka.ms/msaljs/browser-errors.\"\r\n },\r\n nativeHandshakeTimeout: {\r\n code: \"native_handshake_timeout\",\r\n desc: \"Timed out while attempting to establish connection to browser extension\"\r\n },\r\n nativeExtensionNotInstalled: {\r\n code: \"native_extension_not_installed\",\r\n desc: \"Native extension is not installed. If you think this is a mistake call the initialize function.\"\r\n },\r\n nativeConnectionNotEstablished: {\r\n code: \"native_connection_not_established\",\r\n desc: \"Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). For more please visit aka.ms/msaljs/browser-errors.\"\r\n },\r\n nativeBrokerCalledBeforeInitialize: {\r\n code: \"native_broker_called_before_initialize\",\r\n desc: \"You must call and await the initialize function before attempting to call any other MSAL API when native brokering is enabled. For more please visit aka.ms/msaljs/browser-errors.\"\r\n },\r\n nativePromptNotSupported: {\r\n code: \"native_prompt_not_supported\",\r\n desc: \"The provided prompt is not supported by the native platform. This request should be routed to the web based flow.\"\r\n }\r\n};\r\n\r\n/**\r\n * Browser library error class thrown by the MSAL.js library for SPAs\r\n */\r\nexport class BrowserAuthError extends AuthError {\r\n\r\n constructor(errorCode: string, errorMessage?: string) {\r\n super(errorCode, errorMessage);\r\n\r\n Object.setPrototypeOf(this, BrowserAuthError.prototype);\r\n this.name = \"BrowserAuthError\";\r\n }\r\n\r\n /**\r\n * Creates an error thrown when PKCE is not implemented.\r\n * @param errDetail\r\n */\r\n static createPkceNotGeneratedError(errDetail: string): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.pkceNotGenerated.code,\r\n `${BrowserAuthErrorMessage.pkceNotGenerated.desc} Detail:${errDetail}`);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the crypto object is unavailable.\r\n * @param errDetail\r\n */\r\n static createCryptoNotAvailableError(errDetail: string): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.cryptoDoesNotExist.code,\r\n `${BrowserAuthErrorMessage.cryptoDoesNotExist.desc} Detail:${errDetail}`);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when an HTTP method hasn't been implemented by the browser class.\r\n * @param method\r\n */\r\n static createHttpMethodNotImplementedError(method: string): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.httpMethodNotImplementedError.code,\r\n `${BrowserAuthErrorMessage.httpMethodNotImplementedError.desc} Given Method: ${method}`);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the navigation URI is empty.\r\n */\r\n static createEmptyNavigationUriError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.emptyNavigateUriError.code, BrowserAuthErrorMessage.emptyNavigateUriError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the hash string value is unexpectedly empty.\r\n * @param hashValue\r\n */\r\n static createEmptyHashError(hashValue: string): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.hashEmptyError.code, `${BrowserAuthErrorMessage.hashEmptyError.desc} Given Url: ${hashValue}`);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the hash string value is unexpectedly empty.\r\n */\r\n static createHashDoesNotContainStateError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.hashDoesNotContainStateError.code, BrowserAuthErrorMessage.hashDoesNotContainStateError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the hash string value does not contain known properties\r\n */\r\n static createHashDoesNotContainKnownPropertiesError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.hashDoesNotContainKnownPropertiesError.code, BrowserAuthErrorMessage.hashDoesNotContainKnownPropertiesError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the hash string value is unexpectedly empty.\r\n */\r\n static createUnableToParseStateError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.unableToParseStateError.code, BrowserAuthErrorMessage.unableToParseStateError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the state value in the hash does not match the interaction type of the API attempting to consume it.\r\n */\r\n static createStateInteractionTypeMismatchError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.stateInteractionTypeMismatchError.code, BrowserAuthErrorMessage.stateInteractionTypeMismatchError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when a browser interaction (redirect or popup) is in progress.\r\n */\r\n static createInteractionInProgressError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.interactionInProgress.code, BrowserAuthErrorMessage.interactionInProgress.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the popup window could not be opened.\r\n * @param errDetail\r\n */\r\n static createPopupWindowError(errDetail?: string): BrowserAuthError {\r\n let errorMessage = BrowserAuthErrorMessage.popupWindowError.desc;\r\n errorMessage = !StringUtils.isEmpty(errDetail) ? `${errorMessage} Details: ${errDetail}` : errorMessage;\r\n return new BrowserAuthError(BrowserAuthErrorMessage.popupWindowError.code, errorMessage);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when window.open returns an empty window object.\r\n * @param errDetail\r\n */\r\n static createEmptyWindowCreatedError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.emptyWindowError.code, BrowserAuthErrorMessage.emptyWindowError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the user closes a popup.\r\n */\r\n static createUserCancelledError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.userCancelledError.code,\r\n BrowserAuthErrorMessage.userCancelledError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when monitorPopupFromHash times out for a given popup.\r\n */\r\n static createMonitorPopupTimeoutError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.monitorPopupTimeoutError.code,\r\n BrowserAuthErrorMessage.monitorPopupTimeoutError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when monitorIframeFromHash times out for a given iframe.\r\n */\r\n static createMonitorIframeTimeoutError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.monitorIframeTimeoutError.code,\r\n BrowserAuthErrorMessage.monitorIframeTimeoutError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when navigateWindow is called inside an iframe or brokered applications.\r\n * @param windowParentCheck\r\n */\r\n static createRedirectInIframeError(windowParentCheck: boolean): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.redirectInIframeError.code,\r\n `${BrowserAuthErrorMessage.redirectInIframeError.desc} (window.parent !== window) => ${windowParentCheck}`);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when an auth reload is done inside an iframe.\r\n */\r\n static createBlockReloadInHiddenIframeError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.blockTokenRequestsInHiddenIframeError.code,\r\n BrowserAuthErrorMessage.blockTokenRequestsInHiddenIframeError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when a popup attempts to call an acquireToken API\r\n * @returns\r\n */\r\n static createBlockAcquireTokenInPopupsError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.blockAcquireTokenInPopupsError.code,\r\n BrowserAuthErrorMessage.blockAcquireTokenInPopupsError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when an iframe is found to be closed before the timeout is reached.\r\n */\r\n static createIframeClosedPrematurelyError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.iframeClosedPrematurelyError.code, BrowserAuthErrorMessage.iframeClosedPrematurelyError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the logout API is called on any of the silent interaction clients\r\n */\r\n static createSilentLogoutUnsupportedError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.silentLogoutUnsupportedError.code, BrowserAuthErrorMessage.silentLogoutUnsupportedError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the account object is not provided in the acquireTokenSilent API.\r\n */\r\n static createNoAccountError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.noAccountError.code, BrowserAuthErrorMessage.noAccountError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when a given prompt value is invalid for silent requests.\r\n */\r\n static createSilentPromptValueError(givenPrompt: string): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.silentPromptValueError.code, `${BrowserAuthErrorMessage.silentPromptValueError.desc} Given value: ${givenPrompt}`);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the cached token request could not be retrieved from the cache\r\n */\r\n static createUnableToParseTokenRequestCacheError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.unableToParseTokenRequestCacheError.code,\r\n BrowserAuthErrorMessage.unableToParseTokenRequestCacheError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the token request could not be retrieved from the cache\r\n */\r\n static createNoTokenRequestCacheError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.noTokenRequestCacheError.code,\r\n BrowserAuthErrorMessage.noTokenRequestCacheError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when handleCodeResponse is called before initiateAuthRequest (InteractionHandler)\r\n */\r\n static createAuthRequestNotSetError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.authRequestNotSet.code,\r\n BrowserAuthErrorMessage.authRequestNotSet.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the authority could not be retrieved from the cache\r\n */\r\n static createNoCachedAuthorityError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.noCachedAuthorityError.code,\r\n BrowserAuthErrorMessage.noCachedAuthorityError.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown if cache type is invalid.\r\n */\r\n static createInvalidCacheTypeError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.invalidCacheType.code, `${BrowserAuthErrorMessage.invalidCacheType.desc}`);\r\n }\r\n\r\n /**\r\n * Create an error thrown when login and token requests are made from a non-browser environment\r\n */\r\n static createNonBrowserEnvironmentError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.notInBrowserEnvironment.code, BrowserAuthErrorMessage.notInBrowserEnvironment.desc);\r\n }\r\n\r\n /**\r\n * Create an error thrown when indexDB database is not open\r\n */\r\n static createDatabaseNotOpenError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.databaseNotOpen.code, BrowserAuthErrorMessage.databaseNotOpen.desc);\r\n }\r\n\r\n /**\r\n * Create an error thrown when token fetch fails due to no internet\r\n */\r\n static createNoNetworkConnectivityError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.noNetworkConnectivity.code, BrowserAuthErrorMessage.noNetworkConnectivity.desc);\r\n }\r\n\r\n /**\r\n * Create an error thrown when token fetch fails due to reasons other than internet connectivity\r\n */\r\n static createPostRequestFailedError(errorDesc: string, endpoint: string): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.postRequestFailed.code, `${BrowserAuthErrorMessage.postRequestFailed.desc} | Network client threw: ${errorDesc} | Attempted to reach: ${endpoint.split(\"?\")[0]}`);\r\n }\r\n\r\n /**\r\n * Create an error thrown when get request fails due to reasons other than internet connectivity\r\n */\r\n static createGetRequestFailedError(errorDesc: string, endpoint: string): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.getRequestFailed.code, `${BrowserAuthErrorMessage.getRequestFailed.desc} | Network client threw: ${errorDesc} | Attempted to reach: ${endpoint.split(\"?\")[0]}`);\r\n }\r\n\r\n /**\r\n * Create an error thrown when network client fails to parse network response\r\n */\r\n static createFailedToParseNetworkResponseError(endpoint: string): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.failedToParseNetworkResponse.code, `${BrowserAuthErrorMessage.failedToParseNetworkResponse.desc} | Attempted to reach: ${endpoint.split(\"?\")[0]}`);\r\n }\r\n\r\n /**\r\n * Create an error thrown when the necessary information is not available to sideload tokens\r\n */\r\n static createUnableToLoadTokenError(errorDetail: string): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.unableToLoadTokenError.code, `${BrowserAuthErrorMessage.unableToLoadTokenError.desc} | ${errorDetail}`);\r\n }\r\n\r\n /**\r\n * Create an error thrown when the queried cryptographic key is not found in IndexedDB\r\n */\r\n static createSigningKeyNotFoundInStorageError(keyId: string): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.signingKeyNotFoundInStorage.code, `${BrowserAuthErrorMessage.signingKeyNotFoundInStorage.desc} | No match found for KeyId: ${keyId}`);\r\n }\r\n\r\n /**\r\n * Create an error when an authorization code is required but not provided\r\n */\r\n static createAuthCodeRequiredError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.authCodeRequired.code, BrowserAuthErrorMessage.authCodeRequired.desc);\r\n }\r\n\r\n /**\r\n * Create an error when an authorization code or native account ID is required but not provided\r\n */\r\n static createAuthCodeOrNativeAccountIdRequiredError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.authCodeOrNativeAccountRequired.code, BrowserAuthErrorMessage.authCodeOrNativeAccountRequired.desc);\r\n }\r\n\r\n /**\r\n * Create an error when both authorization code and native account ID are provided\r\n */\r\n static createSpaCodeAndNativeAccountIdPresentError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.spaCodeAndNativeAccountPresent.code, BrowserAuthErrorMessage.spaCodeAndNativeAccountPresent.desc);\r\n }\r\n\r\n /**\r\n * Create an error when IndexedDB is unavailable\r\n */\r\n static createDatabaseUnavailableError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.databaseUnavailable.code, BrowserAuthErrorMessage.databaseUnavailable.desc);\r\n }\r\n\r\n /**\r\n * Create an error when native token acquisition is not possible\r\n */\r\n static createUnableToAcquireTokenFromNativePlatformError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.unableToAcquireTokenFromNativePlatform.code, BrowserAuthErrorMessage.unableToAcquireTokenFromNativePlatform.desc);\r\n }\r\n\r\n /**\r\n * Create an error thrown when Handshake with browser extension times out\r\n */\r\n static createNativeHandshakeTimeoutError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.nativeHandshakeTimeout.code, BrowserAuthErrorMessage.nativeHandshakeTimeout.desc);\r\n }\r\n\r\n /**\r\n * Create an error thrown when browser extension is not installed\r\n */\r\n static createNativeExtensionNotInstalledError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.nativeExtensionNotInstalled.code, BrowserAuthErrorMessage.nativeExtensionNotInstalled.desc);\r\n }\r\n\r\n /**\r\n * Create an error when native connection has not been established\r\n * @returns\r\n */\r\n static createNativeConnectionNotEstablishedError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.nativeConnectionNotEstablished.code, BrowserAuthErrorMessage.nativeConnectionNotEstablished.desc);\r\n }\r\n\r\n /**\r\n * Create an error thrown when the initialize function hasn't been called\r\n */\r\n static createNativeBrokerCalledBeforeInitialize(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.nativeBrokerCalledBeforeInitialize.code, BrowserAuthErrorMessage.nativeBrokerCalledBeforeInitialize.desc);\r\n }\r\n\r\n /**\r\n * Create an error thrown when requesting a token directly from the native platform with an unsupported prompt parameter e.g. select_account, login or create\r\n * These requests must go through eSTS to ensure eSTS is aware of the new account\r\n */\r\n static createNativePromptParameterNotSupportedError(): BrowserAuthError {\r\n return new BrowserAuthError(BrowserAuthErrorMessage.nativePromptNotSupported.code, BrowserAuthErrorMessage.nativePromptNotSupported.desc);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { PkceCodes } from \"@azure/msal-common\";\r\nimport { BrowserAuthError } from \"../error/BrowserAuthError\";\r\nimport { Base64Encode } from \"../encode/Base64Encode\";\r\nimport { BrowserCrypto } from \"./BrowserCrypto\";\r\n\r\n// Constant byte array length\r\nconst RANDOM_BYTE_ARR_LENGTH = 32;\r\n\r\n/**\r\n * Class which exposes APIs to generate PKCE codes and code verifiers.\r\n */\r\nexport class PkceGenerator {\r\n\r\n private base64Encode: Base64Encode;\r\n private cryptoObj: BrowserCrypto;\r\n\r\n constructor(cryptoObj: BrowserCrypto) {\r\n this.base64Encode = new Base64Encode();\r\n this.cryptoObj = cryptoObj;\r\n }\r\n\r\n /**\r\n * Generates PKCE Codes. See the RFC for more information: https://tools.ietf.org/html/rfc7636\r\n */\r\n async generateCodes(): Promise {\r\n const codeVerifier = this.generateCodeVerifier();\r\n const codeChallenge = await this.generateCodeChallengeFromVerifier(codeVerifier);\r\n return {\r\n verifier: codeVerifier,\r\n challenge: codeChallenge\r\n };\r\n }\r\n\r\n /**\r\n * Generates a random 32 byte buffer and returns the base64\r\n * encoded string to be used as a PKCE Code Verifier\r\n */\r\n private generateCodeVerifier(): string {\r\n try {\r\n // Generate random values as utf-8\r\n const buffer: Uint8Array = new Uint8Array(RANDOM_BYTE_ARR_LENGTH);\r\n this.cryptoObj.getRandomValues(buffer);\r\n // encode verifier as base64\r\n const pkceCodeVerifierB64: string = this.base64Encode.urlEncodeArr(buffer);\r\n return pkceCodeVerifierB64;\r\n } catch (e) {\r\n throw BrowserAuthError.createPkceNotGeneratedError(e);\r\n }\r\n }\r\n\r\n /**\r\n * Creates a base64 encoded PKCE Code Challenge string from the\r\n * hash created from the PKCE Code Verifier supplied\r\n */\r\n private async generateCodeChallengeFromVerifier(pkceCodeVerifier: string): Promise {\r\n try {\r\n // hashed verifier\r\n const pkceHashedCodeVerifier = await this.cryptoObj.sha256Digest(pkceCodeVerifier);\r\n // encode hash as base64\r\n return this.base64Encode.urlEncodeArr(new Uint8Array(pkceHashedCodeVerifier));\r\n } catch (e) {\r\n throw BrowserAuthError.createPkceNotGeneratedError(e);\r\n }\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { KEY_FORMAT_JWK } from \"../utils/BrowserConstants\";\r\nimport { ISubtleCrypto } from \"./ISubtleCrypto\";\r\n\r\nexport class ModernBrowserCrypto implements ISubtleCrypto {\r\n getRandomValues(dataBuffer: Uint8Array): Uint8Array {\r\n return window.crypto.getRandomValues(dataBuffer);\r\n }\r\n\r\n async generateKey(algorithm: RsaHashedKeyGenParams, extractable: boolean, keyUsages: KeyUsage[]): Promise {\r\n return window.crypto.subtle.generateKey(algorithm, extractable, keyUsages) as Promise;\r\n }\r\n\r\n async exportKey(key: CryptoKey): Promise {\r\n return window.crypto.subtle.exportKey(KEY_FORMAT_JWK, key) as Promise;\r\n }\r\n\r\n async importKey(keyData: JsonWebKey, algorithm: RsaHashedImportParams, extractable: boolean, keyUsages: KeyUsage[]): Promise {\r\n return window.crypto.subtle.importKey(KEY_FORMAT_JWK, keyData, algorithm, extractable, keyUsages) as Promise;\r\n }\r\n\r\n async sign(algorithm: AlgorithmIdentifier, key: CryptoKey, data: ArrayBuffer): Promise {\r\n return window.crypto.subtle.sign(algorithm, key, data) as Promise;\r\n }\r\n\r\n async digest(algorithm: AlgorithmIdentifier, data: Uint8Array): Promise {\r\n return window.crypto.subtle.digest(algorithm, data) as Promise;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { KEY_FORMAT_JWK } from \"../utils/BrowserConstants\";\r\nimport { ISubtleCrypto } from \"./ISubtleCrypto\";\r\n\r\ndeclare global {\r\n interface Window {\r\n msrCrypto: Crypto & {\r\n initPrng: (entropy: Uint8Array | number[]) => void\r\n }\r\n }\r\n}\r\n\r\nexport class MsrBrowserCrypto implements ISubtleCrypto {\r\n initPrng(entropy : Uint8Array): void {\r\n // Turn into array, as initPrng seems to not always like Uint8Array (even though it should support both)\r\n return window.msrCrypto.initPrng([...entropy]);\r\n }\r\n\r\n getRandomValues(dataBuffer: Uint8Array): Uint8Array {\r\n return window.msrCrypto.getRandomValues(dataBuffer);\r\n }\r\n\r\n async generateKey(algorithm: RsaHashedKeyGenParams, extractable: boolean, keyUsages: KeyUsage[]): Promise {\r\n return window.msrCrypto.subtle.generateKey(algorithm, extractable, keyUsages) as Promise;\r\n }\r\n\r\n async exportKey(key: CryptoKey): Promise {\r\n return window.msrCrypto.subtle.exportKey(KEY_FORMAT_JWK, key) as Promise as Promise;\r\n }\r\n\r\n async importKey(keyData: JsonWebKey, algorithm: RsaHashedImportParams, extractable: boolean, keyUsages: KeyUsage[]): Promise {\r\n return window.msrCrypto.subtle.importKey(KEY_FORMAT_JWK, keyData, algorithm, extractable, keyUsages) as Promise;\r\n }\r\n\r\n async sign(algorithm: AlgorithmIdentifier, key: CryptoKey, data: ArrayBuffer): Promise {\r\n return window.msrCrypto.subtle.sign(algorithm, key, data) as Promise;\r\n }\r\n\r\n async digest(algorithm: AlgorithmIdentifier, data: Uint8Array): Promise {\r\n return window.msrCrypto.subtle.digest(algorithm, data) as Promise; \r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Constants } from \"@azure/msal-common\";\r\nimport { KEY_FORMAT_JWK } from \"../utils/BrowserConstants\";\r\nimport { BrowserStringUtils } from \"../utils/BrowserStringUtils\";\r\nimport { ISubtleCrypto } from \"./ISubtleCrypto\";\r\n\r\nexport class MsBrowserCrypto implements ISubtleCrypto {\r\n getRandomValues(dataBuffer: Uint8Array): Uint8Array {\r\n return window[\"msCrypto\"].getRandomValues(dataBuffer);\r\n }\r\n\r\n async generateKey(algorithm: RsaHashedKeyGenParams, extractable: boolean, keyUsages: KeyUsage[]): Promise {\r\n return new Promise((resolve: Function, reject: Function) => {\r\n const msGenerateKey = window[\"msCrypto\"].subtle.generateKey(algorithm, extractable, keyUsages);\r\n msGenerateKey.addEventListener(\"complete\", (e: { target: { result: CryptoKeyPair | PromiseLike; }; }) => {\r\n resolve(e.target.result);\r\n });\r\n\r\n msGenerateKey.addEventListener(\"error\", (error: string) => {\r\n reject(error);\r\n });\r\n });\r\n }\r\n\r\n async exportKey(key: CryptoKey): Promise {\r\n return new Promise((resolve: Function, reject: Function) => {\r\n const msExportKey = window[\"msCrypto\"].subtle.exportKey(KEY_FORMAT_JWK, key);\r\n msExportKey.addEventListener(\"complete\", (e: { target: { result: ArrayBuffer; }; }) => {\r\n const resultBuffer: ArrayBuffer = e.target.result;\r\n\r\n const resultString = BrowserStringUtils.utf8ArrToString(new Uint8Array(resultBuffer))\r\n .replace(/\\r/g, Constants.EMPTY_STRING)\r\n .replace(/\\n/g, Constants.EMPTY_STRING)\r\n .replace(/\\t/g, Constants.EMPTY_STRING)\r\n .split(\" \").join(Constants.EMPTY_STRING)\r\n .replace(\"\\u0000\", Constants.EMPTY_STRING);\r\n\r\n try {\r\n resolve(JSON.parse(resultString));\r\n } catch (e) {\r\n reject(e);\r\n }\r\n });\r\n\r\n msExportKey.addEventListener(\"error\", (error: string) => {\r\n reject(error);\r\n });\r\n });\r\n }\r\n\r\n async importKey(keyData: JsonWebKey, algorithm: RsaHashedImportParams, extractable: boolean, keyUsages: KeyUsage[]): Promise {\r\n const keyString = BrowserStringUtils.getSortedObjectString(keyData);\r\n const keyBuffer = BrowserStringUtils.stringToArrayBuffer(keyString);\r\n\r\n return new Promise((resolve: Function, reject: Function) => {\r\n const msImportKey = window[\"msCrypto\"].subtle.importKey(KEY_FORMAT_JWK, keyBuffer, algorithm, extractable, keyUsages);\r\n msImportKey.addEventListener(\"complete\", (e: { target: { result: CryptoKey | PromiseLike; }; }) => {\r\n resolve(e.target.result);\r\n });\r\n\r\n msImportKey.addEventListener(\"error\", (error: string) => {\r\n reject(error);\r\n });\r\n });\r\n }\r\n\r\n async sign(algorithm: AlgorithmIdentifier, key: CryptoKey, data: ArrayBuffer): Promise {\r\n return new Promise((resolve: Function, reject: Function) => {\r\n const msSign = window[\"msCrypto\"].subtle.sign(algorithm, key, data);\r\n msSign.addEventListener(\"complete\", (e: { target: { result: ArrayBuffer | PromiseLike; }; }) => {\r\n resolve(e.target.result);\r\n });\r\n\r\n msSign.addEventListener(\"error\", (error: string) => {\r\n reject(error);\r\n });\r\n });\r\n }\r\n \r\n async digest(algorithm: AlgorithmIdentifier, data: Uint8Array): Promise {\r\n return new Promise((resolve, reject) => {\r\n const digestOperation = window[\"msCrypto\"].subtle.digest(algorithm, data.buffer);\r\n digestOperation.addEventListener(\"complete\", (e: { target: { result: ArrayBuffer | PromiseLike; }; }) => {\r\n resolve(e.target.result);\r\n });\r\n digestOperation.addEventListener(\"error\", (error: string) => {\r\n reject(error);\r\n });\r\n });\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { BrowserStringUtils } from \"../utils/BrowserStringUtils\";\r\nimport { BrowserAuthError } from \"../error/BrowserAuthError\";\r\nimport { ISubtleCrypto } from \"./ISubtleCrypto\";\r\nimport { ModernBrowserCrypto } from \"./ModernBrowserCrypto\";\r\nimport { MsrBrowserCrypto } from \"./MsrBrowserCrypto\";\r\nimport { MsBrowserCrypto } from \"./MsBrowserCrypto\";\r\nimport { Logger } from \"@azure/msal-common\";\r\nimport { BrowserConfigurationAuthError } from \"../error/BrowserConfigurationAuthError\";\r\nimport { CryptoOptions } from \"../config/Configuration\";\r\n/**\r\n * See here for more info on RsaHashedKeyGenParams: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams\r\n */\r\n// RSA KeyGen Algorithm\r\nconst PKCS1_V15_KEYGEN_ALG = \"RSASSA-PKCS1-v1_5\";\r\n// SHA-256 hashing algorithm\r\nconst S256_HASH_ALG = \"SHA-256\";\r\n// MOD length for PoP tokens\r\nconst MODULUS_LENGTH = 2048;\r\n// Public Exponent\r\nconst PUBLIC_EXPONENT: Uint8Array = new Uint8Array([0x01, 0x00, 0x01]);\r\n\r\n/**\r\n * This class implements functions used by the browser library to perform cryptography operations such as\r\n * hashing and encoding. It also has helper functions to validate the availability of specific APIs.\r\n */\r\nexport class BrowserCrypto {\r\n\r\n private keygenAlgorithmOptions: RsaHashedKeyGenParams;\r\n private subtleCrypto: ISubtleCrypto;\r\n private logger: Logger;\r\n private cryptoOptions?: CryptoOptions;\r\n\r\n constructor(logger: Logger, cryptoOptions?: CryptoOptions) {\r\n this.logger = logger;\r\n this.cryptoOptions = cryptoOptions;\r\n\r\n if (this.hasBrowserCrypto()) {\r\n // Use standard modern web crypto if available\r\n this.logger.verbose(\"BrowserCrypto: modern crypto interface available\");\r\n this.subtleCrypto = new ModernBrowserCrypto();\r\n } else if (this.hasIECrypto()) {\r\n // For IE11, use msCrypto interface\r\n this.logger.verbose(\"BrowserCrypto: MS crypto interface available\");\r\n this.subtleCrypto = new MsBrowserCrypto();\r\n } else if (this.hasMsrCrypto() && this.cryptoOptions?.useMsrCrypto) {\r\n // For other browsers, use MSR Crypto if found\r\n this.logger.verbose(\"BrowserCrypto: MSR crypto interface available\");\r\n this.subtleCrypto = new MsrBrowserCrypto();\r\n } else {\r\n if (this.hasMsrCrypto()) {\r\n this.logger.info(\"BrowserCrypto: MSR Crypto interface available but system.cryptoOptions.useMsrCrypto not enabled\");\r\n }\r\n this.logger.error(\"BrowserCrypto: No crypto interfaces available.\");\r\n throw BrowserAuthError.createCryptoNotAvailableError(\"Browser crypto, msCrypto, or msrCrypto interfaces not available.\");\r\n }\r\n\r\n // Mainly needed for MSR Crypto: https://github.com/microsoft/MSR-JavaScript-Crypto#random-number-generator-prng\r\n if (this.subtleCrypto.initPrng) {\r\n this.logger.verbose(\"BrowserCrypto: Interface requires entropy\");\r\n\r\n if (!this.cryptoOptions?.entropy) {\r\n this.logger.error(\"BrowserCrypto: Interface requires entropy but none provided.\");\r\n throw BrowserConfigurationAuthError.createEntropyNotProvided();\r\n }\r\n\r\n this.logger.verbose(\"BrowserCrypto: Entropy provided\");\r\n this.subtleCrypto.initPrng(this.cryptoOptions.entropy);\r\n }\r\n\r\n this.keygenAlgorithmOptions = {\r\n name: PKCS1_V15_KEYGEN_ALG,\r\n hash: S256_HASH_ALG,\r\n modulusLength: MODULUS_LENGTH,\r\n publicExponent: PUBLIC_EXPONENT\r\n };\r\n }\r\n\r\n /**\r\n * Check whether IE crypto or other browser cryptography is available.\r\n */\r\n private hasIECrypto(): boolean {\r\n return \"msCrypto\" in window;\r\n }\r\n\r\n /**\r\n * Check whether browser crypto is available.\r\n */\r\n private hasBrowserCrypto(): boolean {\r\n return \"crypto\" in window;\r\n }\r\n\r\n /**\r\n * Check whether MSR crypto polyfill is available\r\n */\r\n private hasMsrCrypto(): boolean {\r\n return \"msrCrypto\" in window;\r\n }\r\n\r\n /**\r\n * Returns a sha-256 hash of the given dataString as an ArrayBuffer.\r\n * @param dataString \r\n */\r\n async sha256Digest(dataString: string): Promise {\r\n const data = BrowserStringUtils.stringToUtf8Arr(dataString);\r\n // MSR Crypto wants object with name property, instead of string\r\n return this.subtleCrypto.digest({ name: S256_HASH_ALG }, data);\r\n }\r\n\r\n /**\r\n * Populates buffer with cryptographically random values.\r\n * @param dataBuffer \r\n */\r\n getRandomValues(dataBuffer: Uint8Array): Uint8Array {\r\n return this.subtleCrypto.getRandomValues(dataBuffer);\r\n }\r\n\r\n /**\r\n * Generates a keypair based on current keygen algorithm config.\r\n * @param extractable \r\n * @param usages \r\n */\r\n async generateKeyPair(extractable: boolean, usages: Array): Promise {\r\n return this.subtleCrypto.generateKey(this.keygenAlgorithmOptions, extractable, usages);\r\n }\r\n\r\n /**\r\n * Export key as Json Web Key (JWK)\r\n * @param key \r\n * @param format \r\n */\r\n async exportJwk(key: CryptoKey): Promise {\r\n return this.subtleCrypto.exportKey(key);\r\n }\r\n\r\n /**\r\n * Imports key as Json Web Key (JWK), can set extractable and usages.\r\n * @param key \r\n * @param format \r\n * @param extractable \r\n * @param usages \r\n */\r\n async importJwk(key: JsonWebKey, extractable: boolean, usages: Array): Promise {\r\n return this.subtleCrypto.importKey(key, this.keygenAlgorithmOptions, extractable, usages);\r\n }\r\n\r\n /**\r\n * Signs given data with given key\r\n * @param key \r\n * @param data \r\n */\r\n async sign(key: CryptoKey, data: ArrayBuffer): Promise {\r\n return this.subtleCrypto.sign(this.keygenAlgorithmOptions, key, data);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { BrowserAuthError } from \"../error/BrowserAuthError\";\r\nimport { DB_NAME, DB_TABLE_NAME, DB_VERSION } from \"../utils/BrowserConstants\";\r\nimport { IAsyncStorage } from \"./IAsyncMemoryStorage\";\r\n\r\ninterface IDBOpenDBRequestEvent extends Event {\r\n target: IDBOpenDBRequest & EventTarget;\r\n}\r\n\r\ninterface IDBOpenOnUpgradeNeededEvent extends IDBVersionChangeEvent {\r\n target: IDBOpenDBRequest & EventTarget;\r\n}\r\n\r\ninterface IDBRequestEvent extends Event {\r\n target: IDBRequest & EventTarget;\r\n}\r\n\r\n/**\r\n * Storage wrapper for IndexedDB storage in browsers: https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API\r\n */\r\nexport class DatabaseStorage implements IAsyncStorage {\r\n private db: IDBDatabase|undefined;\r\n private dbName: string;\r\n private tableName: string;\r\n private version: number;\r\n private dbOpen: boolean;\r\n\r\n constructor() {\r\n this.dbName = DB_NAME;\r\n this.version = DB_VERSION;\r\n this.tableName = DB_TABLE_NAME;\r\n this.dbOpen = false;\r\n }\r\n\r\n /**\r\n * Opens IndexedDB instance.\r\n */\r\n async open(): Promise {\r\n return new Promise((resolve, reject) => {\r\n const openDB = window.indexedDB.open(this.dbName, this.version);\r\n openDB.addEventListener(\"upgradeneeded\", (e: IDBVersionChangeEvent) => {\r\n const event = e as IDBOpenOnUpgradeNeededEvent;\r\n event.target.result.createObjectStore(this.tableName);\r\n });\r\n openDB.addEventListener(\"success\", (e: Event) => {\r\n const event = e as IDBOpenDBRequestEvent;\r\n this.db = event.target.result;\r\n this.dbOpen = true;\r\n resolve();\r\n });\r\n openDB.addEventListener(\"error\", () => reject(BrowserAuthError.createDatabaseUnavailableError()));\r\n });\r\n }\r\n\r\n /**\r\n * Closes the connection to IndexedDB database when all pending transactions\r\n * complete.\r\n */\r\n closeConnection(): void {\r\n const db = this.db;\r\n if (db && this.dbOpen) {\r\n db.close();\r\n this.dbOpen = false;\r\n }\r\n }\r\n\r\n /**\r\n * Opens database if it's not already open\r\n */\r\n private async validateDbIsOpen(): Promise {\r\n if (!this.dbOpen) {\r\n return await this.open();\r\n }\r\n }\r\n\r\n /**\r\n * Retrieves item from IndexedDB instance.\r\n * @param key \r\n */\r\n async getItem(key: string): Promise {\r\n await this.validateDbIsOpen();\r\n return new Promise((resolve, reject) => {\r\n // TODO: Add timeouts?\r\n if (!this.db) {\r\n return reject(BrowserAuthError.createDatabaseNotOpenError());\r\n }\r\n const transaction = this.db.transaction([this.tableName], \"readonly\");\r\n const objectStore = transaction.objectStore(this.tableName);\r\n const dbGet = objectStore.get(key);\r\n \r\n dbGet.addEventListener(\"success\", (e: Event) => {\r\n const event = e as IDBRequestEvent;\r\n this.closeConnection();\r\n resolve(event.target.result);\r\n });\r\n\r\n dbGet.addEventListener(\"error\", (e: Event) => {\r\n this.closeConnection();\r\n reject(e);\r\n });\r\n });\r\n }\r\n\r\n /**\r\n * Adds item to IndexedDB under given key\r\n * @param key \r\n * @param payload \r\n */\r\n async setItem(key: string, payload: T): Promise {\r\n await this.validateDbIsOpen();\r\n return new Promise((resolve: Function, reject: Function) => {\r\n // TODO: Add timeouts?\r\n if (!this.db) {\r\n return reject(BrowserAuthError.createDatabaseNotOpenError());\r\n }\r\n const transaction = this.db.transaction([this.tableName], \"readwrite\");\r\n\r\n const objectStore = transaction.objectStore(this.tableName);\r\n\r\n const dbPut = objectStore.put(payload, key);\r\n\r\n dbPut.addEventListener(\"success\", () => {\r\n this.closeConnection();\r\n resolve();\r\n });\r\n\r\n dbPut.addEventListener(\"error\", (e) => {\r\n this.closeConnection();\r\n reject(e);\r\n });\r\n });\r\n }\r\n\r\n /**\r\n * Removes item from IndexedDB under given key\r\n * @param key\r\n */\r\n async removeItem(key: string): Promise {\r\n await this.validateDbIsOpen();\r\n return new Promise((resolve: Function, reject: Function) => {\r\n if (!this.db) {\r\n return reject(BrowserAuthError.createDatabaseNotOpenError());\r\n }\r\n\r\n const transaction = this.db.transaction([this.tableName], \"readwrite\");\r\n const objectStore = transaction.objectStore(this.tableName);\r\n const dbDelete = objectStore.delete(key);\r\n\r\n dbDelete.addEventListener(\"success\", () => {\r\n this.closeConnection();\r\n resolve();\r\n });\r\n\r\n dbDelete.addEventListener(\"error\", (e) => {\r\n this.closeConnection();\r\n reject(e);\r\n });\r\n });\r\n }\r\n\r\n /**\r\n * Get all the keys from the storage object as an iterable array of strings.\r\n */\r\n async getKeys(): Promise {\r\n await this.validateDbIsOpen();\r\n return new Promise((resolve: Function, reject: Function) => {\r\n if (!this.db) {\r\n return reject(BrowserAuthError.createDatabaseNotOpenError());\r\n }\r\n\r\n const transaction = this.db.transaction([this.tableName], \"readonly\");\r\n const objectStore = transaction.objectStore(this.tableName);\r\n const dbGetKeys = objectStore.getAllKeys();\r\n\r\n dbGetKeys.addEventListener(\"success\", (e: Event) => {\r\n const event = e as IDBRequestEvent;\r\n this.closeConnection();\r\n resolve(event.target.result);\r\n });\r\n\r\n dbGetKeys.addEventListener(\"error\", (e: Event) => {\r\n this.closeConnection();\r\n reject(e);\r\n });\r\n });\r\n }\r\n\r\n /**\r\n * \r\n * Checks whether there is an object under the search key in the object store\r\n */\r\n async containsKey(key: string): Promise {\r\n await this.validateDbIsOpen();\r\n\r\n return new Promise((resolve: Function, reject: Function) => {\r\n if (!this.db) {\r\n return reject(BrowserAuthError.createDatabaseNotOpenError());\r\n }\r\n\r\n const transaction = this.db.transaction([this.tableName], \"readonly\");\r\n const objectStore = transaction.objectStore(this.tableName);\r\n const dbContainsKey = objectStore.count(key);\r\n\r\n dbContainsKey.addEventListener(\"success\", (e: Event) => {\r\n const event = e as IDBRequestEvent;\r\n this.closeConnection();\r\n resolve(event.target.result === 1);\r\n });\r\n\r\n dbContainsKey.addEventListener(\"error\", (e: Event) => {\r\n this.closeConnection();\r\n reject(e);\r\n });\r\n });\r\n }\r\n\r\n /**\r\n * Deletes the MSAL database. The database is deleted rather than cleared to make it possible\r\n * for client applications to downgrade to a previous MSAL version without worrying about forward compatibility issues\r\n * with IndexedDB database versions.\r\n */\r\n async deleteDatabase(): Promise {\r\n // Check if database being deleted exists\r\n\r\n if (this.db && this.dbOpen) {\r\n this.closeConnection();\r\n }\r\n\r\n return new Promise((resolve: Function, reject: Function) => {\r\n const deleteDbRequest = window.indexedDB.deleteDatabase(DB_NAME);\r\n deleteDbRequest.addEventListener(\"success\", () => resolve(true));\r\n deleteDbRequest.addEventListener(\"blocked\", () => resolve(true));\r\n deleteDbRequest.addEventListener(\"error\", () => reject(false));\r\n });\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { IWindowStorage } from \"./IWindowStorage\";\r\n\r\nexport class MemoryStorage implements IWindowStorage {\r\n\r\n private cache: Map;\r\n\r\n constructor() {\r\n this.cache = new Map();\r\n }\r\n\r\n getItem(key: string): T | null {\r\n return this.cache.get(key) || null;\r\n }\r\n\r\n setItem(key: string, value: T): void {\r\n this.cache.set(key, value);\r\n }\r\n\r\n removeItem(key: string): void {\r\n this.cache.delete(key);\r\n }\r\n\r\n getKeys(): string[] {\r\n const cacheKeys: string[] = [];\r\n this.cache.forEach((value: T, key: string) => {\r\n cacheKeys.push(key);\r\n });\r\n return cacheKeys;\r\n }\r\n\r\n containsKey(key: string): boolean {\r\n return this.cache.has(key);\r\n }\r\n\r\n clear() :void {\r\n this.cache.clear();\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Logger } from \"@azure/msal-common\";\r\nimport { BrowserAuthError, BrowserAuthErrorMessage } from \"../error/BrowserAuthError\";\r\nimport { DatabaseStorage } from \"./DatabaseStorage\";\r\nimport { IAsyncStorage } from \"./IAsyncMemoryStorage\";\r\nimport { MemoryStorage } from \"./MemoryStorage\";\r\n\r\n/**\r\n * This class allows MSAL to store artifacts asynchronously using the DatabaseStorage IndexedDB wrapper,\r\n * backed up with the more volatile MemoryStorage object for cases in which IndexedDB may be unavailable.\r\n */\r\nexport class AsyncMemoryStorage implements IAsyncStorage {\r\n private inMemoryCache: MemoryStorage;\r\n private indexedDBCache: DatabaseStorage;\r\n private logger: Logger;\r\n private storeName: string;\r\n\r\n constructor(logger: Logger, storeName: string) {\r\n this.inMemoryCache = new MemoryStorage();\r\n this.indexedDBCache = new DatabaseStorage();\r\n this.logger = logger;\r\n this.storeName = storeName;\r\n }\r\n\r\n private handleDatabaseAccessError(error: unknown): void {\r\n if (error instanceof BrowserAuthError && error.errorCode === BrowserAuthErrorMessage.databaseUnavailable.code) {\r\n this.logger.error(\"Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts.\");\r\n } else {\r\n throw error;\r\n }\r\n }\r\n /**\r\n * Get the item matching the given key. Tries in-memory cache first, then in the asynchronous\r\n * storage object if item isn't found in-memory.\r\n * @param key \r\n */\r\n async getItem(key: string): Promise {\r\n const item = this.inMemoryCache.getItem(key);\r\n if(!item) {\r\n try {\r\n this.logger.verbose(\"Queried item not found in in-memory cache, now querying persistent storage.\");\r\n return await this.indexedDBCache.getItem(key);\r\n } catch (e) {\r\n this.handleDatabaseAccessError(e);\r\n }\r\n }\r\n return item;\r\n }\r\n\r\n /**\r\n * Sets the item in the in-memory cache and then tries to set it in the asynchronous\r\n * storage object with the given key.\r\n * @param key \r\n * @param value \r\n */\r\n async setItem(key: string, value: T): Promise {\r\n this.inMemoryCache.setItem(key, value);\r\n try {\r\n await this.indexedDBCache.setItem(key, value);\r\n } catch (e) {\r\n this.handleDatabaseAccessError(e);\r\n }\r\n }\r\n\r\n /**\r\n * Removes the item matching the key from the in-memory cache, then tries to remove it from the asynchronous storage object.\r\n * @param key \r\n */\r\n async removeItem(key: string): Promise {\r\n this.inMemoryCache.removeItem(key);\r\n try {\r\n await this.indexedDBCache.removeItem(key);\r\n } catch (e) {\r\n this.handleDatabaseAccessError(e);\r\n }\r\n }\r\n\r\n /**\r\n * Get all the keys from the in-memory cache as an iterable array of strings. If no keys are found, query the keys in the \r\n * asynchronous storage object.\r\n */\r\n async getKeys(): Promise {\r\n const cacheKeys = this.inMemoryCache.getKeys();\r\n if (cacheKeys.length === 0) {\r\n try {\r\n this.logger.verbose(\"In-memory cache is empty, now querying persistent storage.\");\r\n return await this.indexedDBCache.getKeys();\r\n } catch (e) {\r\n this.handleDatabaseAccessError(e);\r\n }\r\n }\r\n return cacheKeys;\r\n }\r\n\r\n /**\r\n * Returns true or false if the given key is present in the cache.\r\n * @param key \r\n */\r\n async containsKey(key: string): Promise {\r\n const containsKey = this.inMemoryCache.containsKey(key);\r\n if(!containsKey) {\r\n try {\r\n this.logger.verbose(\"Key not found in in-memory cache, now querying persistent storage.\");\r\n return await this.indexedDBCache.containsKey(key);\r\n } catch (e) {\r\n this.handleDatabaseAccessError(e);\r\n }\r\n }\r\n return containsKey;\r\n }\r\n\r\n /**\r\n * Clears in-memory Map\r\n */\r\n clearInMemory(): void {\r\n // InMemory cache is a Map instance, clear is straightforward\r\n this.logger.verbose(`Deleting in-memory keystore ${this.storeName}`);\r\n this.inMemoryCache.clear();\r\n this.logger.verbose(`In-memory keystore ${this.storeName} deleted`);\r\n }\r\n\r\n /**\r\n * Tries to delete the IndexedDB database\r\n * @returns\r\n */\r\n async clearPersistent(): Promise {\r\n try {\r\n this.logger.verbose(\"Deleting persistent keystore\");\r\n const dbDeleted = await this.indexedDBCache.deleteDatabase();\r\n if (dbDeleted) {\r\n this.logger.verbose(\"Persistent keystore deleted\");\r\n }\r\n \r\n return dbDeleted;\r\n } catch (e) {\r\n this.handleDatabaseAccessError(e);\r\n return false;\r\n }\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * Authority types supported by MSAL.\r\n */\r\nexport enum AuthorityType {\r\n Default,\r\n Adfs,\r\n Dsts,\r\n Ciam\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ICrypto, IPerformanceClient, JoseHeader, Logger, PerformanceEvents, PkceCodes, SignedHttpRequest, SignedHttpRequestParameters } from \"@azure/msal-common\";\r\nimport { GuidGenerator } from \"./GuidGenerator\";\r\nimport { Base64Encode } from \"../encode/Base64Encode\";\r\nimport { Base64Decode } from \"../encode/Base64Decode\";\r\nimport { PkceGenerator } from \"./PkceGenerator\";\r\nimport { BrowserCrypto } from \"./BrowserCrypto\";\r\nimport { BrowserStringUtils } from \"../utils/BrowserStringUtils\";\r\nimport { BrowserAuthError } from \"../error/BrowserAuthError\";\r\nimport { CryptoKeyStore } from \"../cache/CryptoKeyStore\";\r\nimport { CryptoOptions } from \"../config/Configuration\";\r\n\r\nexport type CachedKeyPair = {\r\n publicKey: CryptoKey,\r\n privateKey: CryptoKey,\r\n requestMethod?: string,\r\n requestUri?: string\r\n};\r\n\r\n/**\r\n * This class implements MSAL's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and \r\n * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).\r\n */\r\nexport class CryptoOps implements ICrypto {\r\n\r\n private browserCrypto: BrowserCrypto;\r\n private guidGenerator: GuidGenerator;\r\n private b64Encode: Base64Encode;\r\n private b64Decode: Base64Decode;\r\n private pkceGenerator: PkceGenerator;\r\n private logger: Logger;\r\n\r\n /**\r\n * CryptoOps can be used in contexts outside a PCA instance,\r\n * meaning there won't be a performance manager available.\r\n */\r\n private performanceClient: IPerformanceClient | undefined;\r\n\r\n private static POP_KEY_USAGES: Array = [\"sign\", \"verify\"];\r\n private static EXTRACTABLE: boolean = true;\r\n private cache: CryptoKeyStore;\r\n\r\n constructor(logger: Logger, performanceClient?: IPerformanceClient, cryptoConfig?: CryptoOptions) {\r\n this.logger = logger;\r\n // Browser crypto needs to be validated first before any other classes can be set.\r\n this.browserCrypto = new BrowserCrypto(this.logger, cryptoConfig);\r\n this.b64Encode = new Base64Encode();\r\n this.b64Decode = new Base64Decode();\r\n this.guidGenerator = new GuidGenerator(this.browserCrypto);\r\n this.pkceGenerator = new PkceGenerator(this.browserCrypto);\r\n this.cache = new CryptoKeyStore(this.logger);\r\n this.performanceClient = performanceClient;\r\n }\r\n\r\n /**\r\n * Creates a new random GUID - used to populate state and nonce.\r\n * @returns string (GUID)\r\n */\r\n createNewGuid(): string {\r\n return this.guidGenerator.generateGuid();\r\n }\r\n\r\n /**\r\n * Encodes input string to base64.\r\n * @param input \r\n */\r\n base64Encode(input: string): string {\r\n return this.b64Encode.encode(input);\r\n } \r\n \r\n /**\r\n * Decodes input string from base64.\r\n * @param input \r\n */\r\n base64Decode(input: string): string {\r\n return this.b64Decode.decode(input);\r\n }\r\n\r\n /**\r\n * Generates PKCE codes used in Authorization Code Flow.\r\n */\r\n async generatePkceCodes(): Promise {\r\n return this.pkceGenerator.generateCodes();\r\n }\r\n\r\n /**\r\n * Generates a keypair, stores it and returns a thumbprint\r\n * @param request\r\n */\r\n async getPublicKeyThumbprint(request: SignedHttpRequestParameters): Promise {\r\n const publicKeyThumbMeasurement = this.performanceClient?.startMeasurement(PerformanceEvents.CryptoOptsGetPublicKeyThumbprint, request.correlationId);\r\n\r\n // Generate Keypair\r\n const keyPair: CryptoKeyPair = await this.browserCrypto.generateKeyPair(CryptoOps.EXTRACTABLE, CryptoOps.POP_KEY_USAGES);\r\n\r\n // Generate Thumbprint for Public Key\r\n const publicKeyJwk: JsonWebKey = await this.browserCrypto.exportJwk(keyPair.publicKey);\r\n \r\n const pubKeyThumprintObj: JsonWebKey = {\r\n e: publicKeyJwk.e,\r\n kty: publicKeyJwk.kty,\r\n n: publicKeyJwk.n\r\n };\r\n \r\n const publicJwkString: string = BrowserStringUtils.getSortedObjectString(pubKeyThumprintObj);\r\n const publicJwkHash = await this.hashString(publicJwkString);\r\n\r\n // Generate Thumbprint for Private Key\r\n const privateKeyJwk: JsonWebKey = await this.browserCrypto.exportJwk(keyPair.privateKey);\r\n // Re-import private key to make it unextractable\r\n const unextractablePrivateKey: CryptoKey = await this.browserCrypto.importJwk(privateKeyJwk, false, [\"sign\"]);\r\n\r\n // Store Keypair data in keystore\r\n await this.cache.asymmetricKeys.setItem(\r\n publicJwkHash, \r\n {\r\n privateKey: unextractablePrivateKey,\r\n publicKey: keyPair.publicKey,\r\n requestMethod: request.resourceRequestMethod,\r\n requestUri: request.resourceRequestUri\r\n }\r\n );\r\n\r\n if (publicKeyThumbMeasurement) {\r\n publicKeyThumbMeasurement.endMeasurement({\r\n success: true\r\n });\r\n }\r\n\r\n return publicJwkHash;\r\n }\r\n\r\n /**\r\n * Removes cryptographic keypair from key store matching the keyId passed in\r\n * @param kid \r\n */\r\n async removeTokenBindingKey(kid: string): Promise {\r\n await this.cache.asymmetricKeys.removeItem(kid);\r\n const keyFound = await this.cache.asymmetricKeys.containsKey(kid);\r\n return !keyFound;\r\n }\r\n\r\n /**\r\n * Removes all cryptographic keys from IndexedDB storage\r\n */\r\n async clearKeystore(): Promise {\r\n return await this.cache.clear();\r\n }\r\n\r\n /**\r\n * Signs the given object as a jwt payload with private key retrieved by given kid.\r\n * @param payload \r\n * @param kid \r\n */\r\n async signJwt(payload: SignedHttpRequest, kid: string, correlationId?: string): Promise {\r\n const signJwtMeasurement = this.performanceClient?.startMeasurement(PerformanceEvents.CryptoOptsSignJwt, correlationId);\r\n const cachedKeyPair = await this.cache.asymmetricKeys.getItem(kid);\r\n \r\n if (!cachedKeyPair) {\r\n throw BrowserAuthError.createSigningKeyNotFoundInStorageError(kid);\r\n }\r\n\r\n // Get public key as JWK\r\n const publicKeyJwk = await this.browserCrypto.exportJwk(cachedKeyPair.publicKey);\r\n const publicKeyJwkString = BrowserStringUtils.getSortedObjectString(publicKeyJwk);\r\n\r\n // Base64URL encode public key thumbprint with keyId only: BASE64URL({ kid: \"FULL_PUBLIC_KEY_HASH\" })\r\n const encodedKeyIdThumbprint = this.b64Encode.urlEncode(JSON.stringify({ kid: kid }));\r\n \r\n // Generate header\r\n const shrHeader = JoseHeader.getShrHeaderString({ kid: encodedKeyIdThumbprint, alg: publicKeyJwk.alg });\r\n const encodedShrHeader = this.b64Encode.urlEncode(shrHeader);\r\n\r\n // Generate payload\r\n payload.cnf = {\r\n jwk: JSON.parse(publicKeyJwkString)\r\n };\r\n const encodedPayload = this.b64Encode.urlEncode(JSON.stringify(payload));\r\n\r\n // Form token string\r\n const tokenString = `${encodedShrHeader}.${encodedPayload}`;\r\n\r\n // Sign token\r\n const tokenBuffer = BrowserStringUtils.stringToArrayBuffer(tokenString);\r\n const signatureBuffer = await this.browserCrypto.sign(cachedKeyPair.privateKey, tokenBuffer);\r\n const encodedSignature = this.b64Encode.urlEncodeArr(new Uint8Array(signatureBuffer));\r\n\r\n const signedJwt = `${tokenString}.${encodedSignature}`;\r\n\r\n if (signJwtMeasurement) {\r\n signJwtMeasurement.endMeasurement({\r\n success: true\r\n });\r\n }\r\n\r\n return signedJwt;\r\n }\r\n\r\n /**\r\n * Returns the SHA-256 hash of an input string\r\n * @param plainText\r\n */\r\n async hashString(plainText: string): Promise {\r\n const hashBuffer: ArrayBuffer = await this.browserCrypto.sha256Digest(plainText);\r\n const hashBytes = new Uint8Array(hashBuffer);\r\n return this.b64Encode.urlEncodeArr(hashBytes);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ApplicationTelemetry } from \"../../config/ClientConfiguration\";\r\nimport { Logger } from \"../../logger/Logger\";\r\nimport {\r\n InProgressPerformanceEvent,\r\n IPerformanceClient,\r\n PerformanceCallbackFunction,\r\n QueueMeasurement\r\n} from \"./IPerformanceClient\";\r\nimport { IPerformanceMeasurement } from \"./IPerformanceMeasurement\";\r\nimport {\r\n Counters,\r\n IntFields,\r\n PerformanceEvent,\r\n PerformanceEvents,\r\n PerformanceEventStatus,\r\n StaticFields\r\n} from \"./PerformanceEvent\";\r\n\r\nexport interface PreQueueEvent {\r\n name: PerformanceEvents;\r\n time: number;\r\n}\r\n\r\nexport abstract class PerformanceClient implements IPerformanceClient {\r\n protected authority: string;\r\n protected libraryName: string;\r\n protected libraryVersion: string;\r\n protected applicationTelemetry: ApplicationTelemetry;\r\n protected clientId: string;\r\n protected logger: Logger;\r\n protected callbacks: Map;\r\n\r\n /**\r\n * Multiple events with the same correlation id.\r\n * @protected\r\n * @type {Map}\r\n */\r\n protected eventsByCorrelationId: Map;\r\n\r\n /**\r\n * Map of pre-queue times by correlation Id\r\n *\r\n * @protected\r\n * @type {Map}\r\n */\r\n protected preQueueTimeByCorrelationId: Map;\r\n\r\n /**\r\n * Map of queue measurements by correlation Id\r\n *\r\n * @protected\r\n * @type {Map>}\r\n */\r\n protected queueMeasurements: Map>;\r\n\r\n /**\r\n * Creates an instance of PerformanceClient,\r\n * an abstract class containing core performance telemetry logic.\r\n *\r\n * @constructor\r\n * @param {string} clientId Client ID of the application\r\n * @param {string} authority Authority used by the application\r\n * @param {Logger} logger Logger used by the application\r\n * @param {string} libraryName Name of the library\r\n * @param {string} libraryVersion Version of the library\r\n */\r\n constructor(clientId: string, authority: string, logger: Logger, libraryName: string, libraryVersion: string, applicationTelemetry: ApplicationTelemetry) {\r\n this.authority = authority;\r\n this.libraryName = libraryName;\r\n this.libraryVersion = libraryVersion;\r\n this.applicationTelemetry = applicationTelemetry;\r\n this.clientId = clientId;\r\n this.logger = logger;\r\n this.callbacks = new Map();\r\n this.eventsByCorrelationId = new Map();\r\n this.queueMeasurements = new Map();\r\n this.preQueueTimeByCorrelationId = new Map();\r\n }\r\n\r\n /**\r\n * Generates and returns a unique id, typically a guid.\r\n *\r\n * @abstract\r\n * @returns {string}\r\n */\r\n abstract generateId(): string;\r\n\r\n /**\r\n * Starts and returns an platform-specific implementation of IPerformanceMeasurement.\r\n * Note: this function can be changed to abstract at the next major version bump.\r\n *\r\n * @param {string} measureName\r\n * @param {string} correlationId\r\n * @returns {IPerformanceMeasurement}\r\n */\r\n /* eslint-disable-next-line @typescript-eslint/no-unused-vars */\r\n startPerformanceMeasurement(measureName: string, correlationId: string): IPerformanceMeasurement {\r\n return {} as IPerformanceMeasurement;\r\n }\r\n\r\n /**\r\n * Starts and returns an platform-specific implementation of IPerformanceMeasurement.\r\n * Note: this incorrectly-named function will be removed at the next major version bump.\r\n *\r\n * @param {string} measureName\r\n * @param {string} correlationId\r\n * @returns {IPerformanceMeasurement}\r\n */\r\n /* eslint-disable-next-line @typescript-eslint/no-unused-vars */\r\n startPerformanceMeasuremeant(measureName: string, correlationId: string): IPerformanceMeasurement {\r\n return {} as IPerformanceMeasurement;\r\n }\r\n\r\n /**\r\n * Sets pre-queue time by correlation Id\r\n *\r\n * @abstract\r\n * @param {PerformanceEvents} eventName\r\n * @param {string} correlationId\r\n * @returns\r\n */\r\n abstract setPreQueueTime(eventName: PerformanceEvents, correlationId?: string): void;\r\n\r\n /**\r\n * Get integral fields.\r\n * Override to change the set.\r\n */\r\n getIntFields(): ReadonlySet {\r\n return IntFields;\r\n }\r\n\r\n /**\r\n * Gets map of pre-queue times by correlation Id\r\n *\r\n * @param {PerformanceEvents} eventName\r\n * @param {string} correlationId\r\n * @returns {number}\r\n */\r\n getPreQueueTime(eventName: PerformanceEvents, correlationId: string): number | void {\r\n const preQueueEvent: PreQueueEvent | undefined = this.preQueueTimeByCorrelationId.get(correlationId);\r\n\r\n if (!preQueueEvent) {\r\n this.logger.trace(`PerformanceClient.getPreQueueTime: no pre-queue times found for correlationId: ${correlationId}, unable to add queue measurement`);\r\n return;\r\n } else if (preQueueEvent.name !== eventName) {\r\n this.logger.trace(`PerformanceClient.getPreQueueTime: no pre-queue time found for ${eventName}, unable to add queue measurement`);\r\n return;\r\n }\r\n\r\n return preQueueEvent.time;\r\n }\r\n\r\n /**\r\n * Calculates the difference between current time and time when function was queued.\r\n * Note: It is possible to have 0 as the queue time if the current time and the queued time was the same.\r\n *\r\n * @param {number} preQueueTime\r\n * @param {number} currentTime\r\n * @returns {number}\r\n */\r\n calculateQueuedTime(preQueueTime: number, currentTime: number): number {\r\n if (preQueueTime < 1) {\r\n this.logger.trace(`PerformanceClient: preQueueTime should be a positive integer and not ${preQueueTime}`);\r\n return 0;\r\n }\r\n\r\n if (currentTime < 1) {\r\n this.logger.trace(`PerformanceClient: currentTime should be a positive integer and not ${currentTime}`);\r\n return 0;\r\n }\r\n\r\n if (currentTime < preQueueTime) {\r\n this.logger.trace(\"PerformanceClient: currentTime is less than preQueueTime, check how time is being retrieved\");\r\n return 0;\r\n }\r\n\r\n return currentTime-preQueueTime;\r\n }\r\n\r\n /**\r\n * Adds queue measurement time to QueueMeasurements array for given correlation ID.\r\n *\r\n * @param {PerformanceEvents} eventName\r\n * @param {?string} correlationId\r\n * @param {?number} queueTime\r\n * @param {?boolean} manuallyCompleted - indicator for manually completed queue measurements\r\n * @returns\r\n */\r\n addQueueMeasurement(eventName: PerformanceEvents, correlationId?: string, queueTime?: number, manuallyCompleted?: boolean): void {\r\n if (!correlationId) {\r\n this.logger.trace(`PerformanceClient.addQueueMeasurement: correlationId not provided for ${eventName}, cannot add queue measurement`);\r\n return;\r\n }\r\n\r\n if (queueTime === 0) {\r\n // Possible for there to be no queue time after calculation\r\n this.logger.trace(`PerformanceClient.addQueueMeasurement: queue time provided for ${eventName} is ${queueTime}`);\r\n } else if (!queueTime) {\r\n this.logger.trace(`PerformanceClient.addQueueMeasurement: no queue time provided for ${eventName}`);\r\n return;\r\n }\r\n\r\n const queueMeasurement: QueueMeasurement = {eventName, queueTime, manuallyCompleted};\r\n\r\n // Adds to existing correlation Id if present in queueMeasurements\r\n const existingMeasurements = this.queueMeasurements.get(correlationId);\r\n if (existingMeasurements) {\r\n existingMeasurements.push(queueMeasurement);\r\n this.queueMeasurements.set(correlationId, existingMeasurements);\r\n } else {\r\n // Sets new correlation Id if not present in queueMeasurements\r\n this.logger.trace(`PerformanceClient.addQueueMeasurement: adding correlationId ${correlationId} to queue measurements`);\r\n const measurementArray = [queueMeasurement];\r\n this.queueMeasurements.set(correlationId, measurementArray);\r\n }\r\n // Delete processed pre-queue event.\r\n this.preQueueTimeByCorrelationId.delete(correlationId);\r\n }\r\n\r\n /**\r\n * Starts measuring performance for a given operation. Returns a function that should be used to end the measurement.\r\n *\r\n * @param {PerformanceEvents} measureName\r\n * @param {?string} [correlationId]\r\n * @returns {InProgressPerformanceEvent}\r\n */\r\n startMeasurement(measureName: PerformanceEvents, correlationId?: string): InProgressPerformanceEvent {\r\n // Generate a placeholder correlation if the request does not provide one\r\n const eventCorrelationId = correlationId || this.generateId();\r\n if (!correlationId) {\r\n this.logger.info(`PerformanceClient: No correlation id provided for ${measureName}, generating`, eventCorrelationId);\r\n }\r\n\r\n // Duplicate code to address spelling error will be removed at the next major version bump.\r\n this.logger.trace(`PerformanceClient: Performance measurement started for ${measureName}`, eventCorrelationId);\r\n const performanceMeasurement = this.startPerformanceMeasuremeant(measureName, eventCorrelationId);\r\n performanceMeasurement.startMeasurement();\r\n\r\n const inProgressEvent: PerformanceEvent = {\r\n eventId: this.generateId(),\r\n status: PerformanceEventStatus.InProgress,\r\n authority: this.authority,\r\n libraryName: this.libraryName,\r\n libraryVersion: this.libraryVersion,\r\n clientId: this.clientId,\r\n name: measureName,\r\n startTimeMs: Date.now(),\r\n correlationId: eventCorrelationId,\r\n appName: this.applicationTelemetry?.appName,\r\n appVersion: this.applicationTelemetry?.appVersion,\r\n };\r\n\r\n // Store in progress events so they can be discarded if not ended properly\r\n this.cacheEventByCorrelationId(inProgressEvent);\r\n\r\n // Return the event and functions the caller can use to properly end/flush the measurement\r\n return {\r\n endMeasurement: (event?: Partial): PerformanceEvent | null => {\r\n return this.endMeasurement({\r\n // Initial set of event properties\r\n ...inProgressEvent,\r\n // Properties set when event ends\r\n ...event\r\n },\r\n performanceMeasurement);\r\n },\r\n discardMeasurement: () => {\r\n return this.discardMeasurements(inProgressEvent.correlationId);\r\n },\r\n addStaticFields: (fields: StaticFields) => {\r\n return this.addStaticFields(fields, inProgressEvent.correlationId);\r\n },\r\n increment: (counters: Counters) => {\r\n return this.increment(counters, inProgressEvent.correlationId);\r\n },\r\n measurement: performanceMeasurement,\r\n event: inProgressEvent\r\n };\r\n\r\n }\r\n\r\n /**\r\n * Stops measuring the performance for an operation. Should only be called directly by PerformanceClient classes,\r\n * as consumers should instead use the function returned by startMeasurement.\r\n * Adds a new field named as \"[event name]DurationMs\" for sub-measurements, completes and emits an event\r\n * otherwise.\r\n *\r\n * @param {PerformanceEvent} event\r\n * @param {IPerformanceMeasurement} measurement\r\n * @returns {(PerformanceEvent | null)}\r\n */\r\n endMeasurement(event: PerformanceEvent, measurement?: IPerformanceMeasurement): PerformanceEvent | null {\r\n const rootEvent: PerformanceEvent | undefined = this.eventsByCorrelationId.get(event.correlationId);\r\n if (!rootEvent) {\r\n this.logger.trace(`PerformanceClient: Measurement not found for ${event.eventId}`, event.correlationId);\r\n return null;\r\n }\r\n\r\n const isRoot = event.eventId === rootEvent.eventId;\r\n let queueInfo = {\r\n totalQueueTime: 0,\r\n totalQueueCount: 0,\r\n manuallyCompletedCount: 0\r\n };\r\n if (isRoot) {\r\n queueInfo = this.getQueueInfo(event.correlationId);\r\n this.discardCache(rootEvent.correlationId);\r\n } else {\r\n rootEvent.incompleteSubMeasurements?.delete(event.eventId);\r\n }\r\n\r\n measurement?.endMeasurement();\r\n const durationMs = measurement?.flushMeasurement();\r\n // null indicates no measurement was taken (e.g. needed performance APIs not present)\r\n if (!durationMs) {\r\n this.logger.trace(\"PerformanceClient: Performance measurement not taken\", rootEvent.correlationId);\r\n return null;\r\n }\r\n\r\n this.logger.trace(`PerformanceClient: Performance measurement ended for ${event.name}: ${durationMs} ms`, event.correlationId);\r\n\r\n // Add sub-measurement attribute to root event.\r\n if (!isRoot) {\r\n rootEvent[event.name + \"DurationMs\"] = Math.floor(durationMs);\r\n return { ...rootEvent };\r\n }\r\n\r\n let finalEvent: PerformanceEvent = { ...rootEvent, ...event };\r\n let incompleteSubsCount: number = 0;\r\n // Incomplete sub-measurements are discarded. They are likely an instrumentation bug that should be fixed.\r\n finalEvent.incompleteSubMeasurements?.forEach(subMeasurement => {\r\n this.logger.trace(`PerformanceClient: Incomplete submeasurement ${subMeasurement.name} found for ${event.name}`, finalEvent.correlationId);\r\n incompleteSubsCount++;\r\n });\r\n finalEvent.incompleteSubMeasurements = undefined;\r\n\r\n finalEvent = {\r\n ...finalEvent,\r\n durationMs: Math.round(durationMs),\r\n queuedTimeMs: queueInfo.totalQueueTime,\r\n queuedCount: queueInfo.totalQueueCount,\r\n queuedManuallyCompletedCount: queueInfo.manuallyCompletedCount,\r\n status: PerformanceEventStatus.Completed,\r\n incompleteSubsCount\r\n };\r\n this.truncateIntegralFields(finalEvent, this.getIntFields());\r\n this.emitEvents([finalEvent], event.correlationId);\r\n\r\n return finalEvent;\r\n }\r\n\r\n /**\r\n * Saves extra information to be emitted when the measurements are flushed\r\n * @param fields\r\n * @param correlationId\r\n */\r\n addStaticFields(fields: StaticFields, correlationId: string) : void {\r\n this.logger.trace(\"PerformanceClient: Updating static fields\");\r\n const event = this.eventsByCorrelationId.get(correlationId);\r\n if (event) {\r\n this.eventsByCorrelationId.set(correlationId, {...event, ...fields});\r\n } else {\r\n this.logger.trace(\"PerformanceClient: Event not found for\", correlationId);\r\n }\r\n }\r\n\r\n /**\r\n * Increment counters to be emitted when the measurements are flushed\r\n * @param counters {Counters}\r\n * @param correlationId {string} correlation identifier\r\n */\r\n increment(counters: Counters, correlationId: string): void {\r\n this.logger.trace(\"PerformanceClient: Updating counters\");\r\n const event = this.eventsByCorrelationId.get(correlationId);\r\n if (event) {\r\n for (const counter in counters) {\r\n if (!event.hasOwnProperty(counter)) {\r\n event[counter] = 0;\r\n }\r\n event[counter] += counters[counter];\r\n }\r\n } else {\r\n this.logger.trace(\"PerformanceClient: Event not found for\", correlationId);\r\n }\r\n }\r\n\r\n /**\r\n * Upserts event into event cache.\r\n * First key is the correlation id, second key is the event id.\r\n * Allows for events to be grouped by correlation id,\r\n * and to easily allow for properties on them to be updated.\r\n *\r\n * @private\r\n * @param {PerformanceEvent} event\r\n */\r\n private cacheEventByCorrelationId(event: PerformanceEvent) {\r\n const rootEvent = this.eventsByCorrelationId.get(event.correlationId);\r\n if (rootEvent) {\r\n this.logger.trace(`PerformanceClient: Performance measurement for ${event.name} added/updated`, event.correlationId);\r\n rootEvent.incompleteSubMeasurements = rootEvent.incompleteSubMeasurements || new Map();\r\n rootEvent.incompleteSubMeasurements.set(event.eventId, {name: event.name, startTimeMs: event.startTimeMs });\r\n } else {\r\n this.logger.trace(`PerformanceClient: Performance measurement for ${event.name} started`, event.correlationId);\r\n this.eventsByCorrelationId.set(event.correlationId, { ...event });\r\n }\r\n }\r\n\r\n private getQueueInfo(correlationId: string): { totalQueueTime: number, totalQueueCount: number, manuallyCompletedCount: number } {\r\n const queueMeasurementForCorrelationId = this.queueMeasurements.get(correlationId);\r\n if (!queueMeasurementForCorrelationId) {\r\n this.logger.trace(`PerformanceClient: no queue measurements found for for correlationId: ${correlationId}`);\r\n }\r\n\r\n let totalQueueTime = 0;\r\n let totalQueueCount = 0;\r\n let manuallyCompletedCount = 0;\r\n queueMeasurementForCorrelationId?.forEach((measurement) => {\r\n totalQueueTime += measurement.queueTime;\r\n totalQueueCount++;\r\n manuallyCompletedCount += measurement.manuallyCompleted ? 1 : 0;\r\n });\r\n\r\n return {\r\n totalQueueTime,\r\n totalQueueCount,\r\n manuallyCompletedCount\r\n };\r\n }\r\n\r\n /**\r\n * Removes measurements for a given correlation id.\r\n *\r\n * @param {string} correlationId\r\n */\r\n discardMeasurements(correlationId: string): void {\r\n this.logger.trace(\"PerformanceClient: Performance measurements discarded\", correlationId);\r\n this.eventsByCorrelationId.delete(correlationId);\r\n }\r\n\r\n /**\r\n * Removes cache for a given correlation id.\r\n *\r\n * @param {string} correlationId correlation identifier\r\n */\r\n private discardCache(correlationId: string): void {\r\n this.discardMeasurements(correlationId);\r\n\r\n this.logger.trace(\"PerformanceClient: QueueMeasurements discarded\", correlationId);\r\n this.queueMeasurements.delete(correlationId);\r\n\r\n this.logger.trace(\"PerformanceClient: Pre-queue times discarded\", correlationId);\r\n this.preQueueTimeByCorrelationId.delete(correlationId);\r\n }\r\n\r\n /**\r\n * Registers a callback function to receive performance events.\r\n *\r\n * @param {PerformanceCallbackFunction} callback\r\n * @returns {string}\r\n */\r\n addPerformanceCallback(callback: PerformanceCallbackFunction): string {\r\n const callbackId = this.generateId();\r\n this.callbacks.set(callbackId, callback);\r\n this.logger.verbose(`PerformanceClient: Performance callback registered with id: ${callbackId}`);\r\n\r\n return callbackId;\r\n }\r\n\r\n /**\r\n * Removes a callback registered with addPerformanceCallback.\r\n *\r\n * @param {string} callbackId\r\n * @returns {boolean}\r\n */\r\n removePerformanceCallback(callbackId: string): boolean {\r\n const result = this.callbacks.delete(callbackId);\r\n\r\n if (result) {\r\n this.logger.verbose(`PerformanceClient: Performance callback ${callbackId} removed.`);\r\n } else {\r\n this.logger.verbose(`PerformanceClient: Performance callback ${callbackId} not removed.`);\r\n }\r\n\r\n return result;\r\n }\r\n\r\n /**\r\n * Emits events to all registered callbacks.\r\n *\r\n * @param {PerformanceEvent[]} events\r\n * @param {?string} [correlationId]\r\n */\r\n emitEvents(events: PerformanceEvent[], correlationId: string): void {\r\n this.logger.verbose(\"PerformanceClient: Emitting performance events\", correlationId);\r\n\r\n this.callbacks.forEach((callback: PerformanceCallbackFunction, callbackId: string) => {\r\n this.logger.trace(`PerformanceClient: Emitting event to callback ${callbackId}`, correlationId);\r\n callback.apply(null, [events]);\r\n });\r\n }\r\n\r\n /**\r\n * Enforce truncation of integral fields in performance event.\r\n * @param {PerformanceEvent} event performance event to update.\r\n * @param {Set} intFields integral fields.\r\n */\r\n private truncateIntegralFields(event: PerformanceEvent, intFields: ReadonlySet): void {\r\n intFields.forEach((key) => {\r\n if (key in event && typeof event[key] === \"number\") {\r\n event[key] = Math.floor(event[key]);\r\n }\r\n });\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { IPerformanceClient } from \"./IPerformanceClient\";\r\nimport { IPerformanceMeasurement } from \"./IPerformanceMeasurement\";\r\nimport { PerformanceClient } from \"./PerformanceClient\";\r\nimport { PerformanceEvents } from \"./PerformanceEvent\";\r\n\r\nexport class StubPerformanceMeasurement implements IPerformanceMeasurement {\r\n /* eslint-disable-next-line @typescript-eslint/no-empty-function */\r\n startMeasurement(): void { }\r\n /* eslint-disable-next-line @typescript-eslint/no-empty-function */\r\n endMeasurement(): void { }\r\n flushMeasurement(): number | null {\r\n return null;\r\n }\r\n \r\n}\r\n\r\nexport class StubPerformanceClient extends PerformanceClient implements IPerformanceClient {\r\n generateId(): string {\r\n return \"callback-id\";\r\n }\r\n \r\n startPerformanceMeasuremeant(): IPerformanceMeasurement {\r\n return new StubPerformanceMeasurement();\r\n }\r\n\r\n startPerformanceMeasurement(): IPerformanceMeasurement {\r\n return new StubPerformanceMeasurement();\r\n }\r\n\r\n /* eslint-disable-next-line @typescript-eslint/no-unused-vars */\r\n calculateQueuedTime(preQueueTime: number, currentTime: number): number {\r\n return 0;\r\n }\r\n\r\n /* eslint-disable-next-line @typescript-eslint/no-unused-vars */\r\n addQueueMeasurement(eventName: PerformanceEvents, correlationId: string, queueTime: number): void {\r\n return;\r\n }\r\n\r\n /* eslint-disable-next-line @typescript-eslint/no-unused-vars */\r\n setPreQueueTime(eventName: PerformanceEvents, correlationId?: string | undefined): void {\r\n return;\r\n }\r\n\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AuthError } from \"../error/AuthError\";\r\nimport { BaseAuthRequest } from \"../request/BaseAuthRequest\";\r\nimport { SignedHttpRequest } from \"./SignedHttpRequest\";\r\n\r\n/**\r\n * The PkceCodes type describes the structure\r\n * of objects that contain PKCE code\r\n * challenge and verifier pairs\r\n */\r\nexport type PkceCodes = {\r\n verifier: string,\r\n challenge: string\r\n};\r\n\r\nexport type SignedHttpRequestParameters = Pick & {\r\n correlationId?: string\r\n};\r\n\r\n/**\r\n * Interface for crypto functions used by library\r\n */\r\nexport interface ICrypto {\r\n /**\r\n * Creates a guid randomly.\r\n */\r\n createNewGuid(): string;\r\n /**\r\n * base64 Encode string\r\n * @param input \r\n */\r\n base64Encode(input: string): string;\r\n /**\r\n * base64 decode string\r\n * @param input \r\n */\r\n base64Decode(input: string): string;\r\n /**\r\n * Generate PKCE codes for OAuth. See RFC here: https://tools.ietf.org/html/rfc7636\r\n */\r\n generatePkceCodes(): Promise;\r\n /**\r\n * Generates an JWK RSA S256 Thumbprint\r\n * @param request\r\n */\r\n getPublicKeyThumbprint(request: SignedHttpRequestParameters): Promise;\r\n /**\r\n * Removes cryptographic keypair from key store matching the keyId passed in\r\n * @param kid \r\n */\r\n removeTokenBindingKey(kid: string): Promise;\r\n /**\r\n * Removes all cryptographic keys from IndexedDB storage\r\n */\r\n clearKeystore(): Promise;\r\n /** \r\n * Returns a signed proof-of-possession token with a given acces token that contains a cnf claim with the required kid.\r\n * @param accessToken \r\n */\r\n signJwt(payload: SignedHttpRequest, kid: string, correlationId?: string): Promise;\r\n /**\r\n * Returns the SHA-256 hash of an input string\r\n * @param plainText\r\n */\r\n hashString(plainText: string): Promise;\r\n}\r\n\r\nexport const DEFAULT_CRYPTO_IMPLEMENTATION: ICrypto = {\r\n createNewGuid: (): string => {\r\n const notImplErr = \"Crypto interface - createNewGuid() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n base64Decode: (): string => {\r\n const notImplErr = \"Crypto interface - base64Decode() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n base64Encode: (): string => {\r\n const notImplErr = \"Crypto interface - base64Encode() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n async generatePkceCodes(): Promise {\r\n const notImplErr = \"Crypto interface - generatePkceCodes() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n async getPublicKeyThumbprint(): Promise {\r\n const notImplErr = \"Crypto interface - getPublicKeyThumbprint() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n async removeTokenBindingKey(): Promise {\r\n const notImplErr = \"Crypto interface - removeTokenBindingKey() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n async clearKeystore(): Promise {\r\n const notImplErr = \"Crypto interface - clearKeystore() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n async signJwt(): Promise {\r\n const notImplErr = \"Crypto interface - signJwt() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n async hashString(): Promise {\r\n const notImplErr = \"Crypto interface - hashString() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n};\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Separators, CredentialType, CacheType, Constants, AuthenticationScheme } from \"../../utils/Constants\";\r\nimport { ClientAuthError } from \"../../error/ClientAuthError\";\r\n\r\n/**\r\n * Base type for credentials to be stored in the cache: eg: ACCESS_TOKEN, ID_TOKEN etc\r\n *\r\n * Key:Value Schema:\r\n *\r\n * Key: -------\r\n *\r\n * Value Schema:\r\n * {\r\n * homeAccountId: home account identifier for the auth scheme,\r\n * environment: entity that issued the token, represented as a full host\r\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\r\n * clientId: client ID of the application\r\n * secret: Actual credential as a string\r\n * familyId: Family ID identifier, usually only used for refresh tokens\r\n * realm: Full tenant or organizational identifier that the account belongs to\r\n * target: Permissions that are included in the token, or for refresh tokens, the resource identifier.\r\n * tokenType: Matches the authentication scheme for which the token was issued (i.e. Bearer or pop)\r\n * requestedClaimsHash: Matches the SHA 256 hash of the claims object included in the token request\r\n * userAssertionHash: Matches the SHA 256 hash of the obo_assertion for the OBO flow\r\n * }\r\n */\r\nexport class CredentialEntity {\r\n homeAccountId: string;\r\n environment: string;\r\n credentialType: CredentialType;\r\n clientId: string;\r\n secret: string;\r\n familyId?: string;\r\n realm?: string;\r\n target?: string;\r\n userAssertionHash?: string;\r\n tokenType?: AuthenticationScheme;\r\n keyId?: string;\r\n requestedClaimsHash?: string;\r\n\r\n /**\r\n * Generate Account Id key component as per the schema: -\r\n */\r\n generateAccountId(): string {\r\n return CredentialEntity.generateAccountIdForCacheKey(this.homeAccountId, this.environment);\r\n }\r\n\r\n /**\r\n * Generate Credential Id key component as per the schema: --\r\n */\r\n generateCredentialId(): string {\r\n return CredentialEntity.generateCredentialIdForCacheKey(\r\n this.credentialType,\r\n this.clientId,\r\n this.realm,\r\n this.familyId\r\n );\r\n }\r\n\r\n /**\r\n * Generate target key component as per schema: \r\n */\r\n generateTarget(): string {\r\n return CredentialEntity.generateTargetForCacheKey(this.target);\r\n }\r\n\r\n /**\r\n * generates credential key\r\n */\r\n generateCredentialKey(): string {\r\n return CredentialEntity.generateCredentialCacheKey(\r\n this.homeAccountId,\r\n this.environment,\r\n this.credentialType,\r\n this.clientId,\r\n this.realm,\r\n this.target,\r\n this.familyId,\r\n this.tokenType,\r\n this.requestedClaimsHash,\r\n );\r\n }\r\n\r\n /**\r\n * returns the type of the cache (in this case credential)\r\n */\r\n generateType(): number {\r\n switch (this.credentialType) {\r\n case CredentialType.ID_TOKEN:\r\n return CacheType.ID_TOKEN;\r\n case CredentialType.ACCESS_TOKEN:\r\n case CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME:\r\n return CacheType.ACCESS_TOKEN;\r\n case CredentialType.REFRESH_TOKEN:\r\n return CacheType.REFRESH_TOKEN;\r\n default: {\r\n throw ClientAuthError.createUnexpectedCredentialTypeError();\r\n }\r\n }\r\n }\r\n\r\n /**\r\n * generates credential key\r\n * -\\-----\r\n */\r\n static generateCredentialCacheKey(\r\n homeAccountId: string,\r\n environment: string,\r\n credentialType: CredentialType,\r\n clientId: string,\r\n realm?: string,\r\n target?: string,\r\n familyId?: string,\r\n tokenType?: AuthenticationScheme,\r\n requestedClaimsHash?: string\r\n ): string {\r\n const credentialKey = [\r\n this.generateAccountIdForCacheKey(homeAccountId, environment),\r\n this.generateCredentialIdForCacheKey(credentialType, clientId, realm, familyId),\r\n this.generateTargetForCacheKey(target),\r\n this.generateClaimsHashForCacheKey(requestedClaimsHash),\r\n this.generateSchemeForCacheKey(tokenType)\r\n ];\r\n\r\n return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n }\r\n\r\n /**\r\n * generates Account Id for keys\r\n * @param homeAccountId\r\n * @param environment\r\n */\r\n private static generateAccountIdForCacheKey(\r\n homeAccountId: string,\r\n environment: string\r\n ): string {\r\n const accountId: Array = [homeAccountId, environment];\r\n return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n }\r\n\r\n /**\r\n * Generates Credential Id for keys\r\n * @param credentialType\r\n * @param realm\r\n * @param clientId\r\n * @param familyId\r\n */\r\n private static generateCredentialIdForCacheKey(\r\n credentialType: CredentialType,\r\n clientId: string,\r\n realm?: string,\r\n familyId?: string\r\n ): string {\r\n const clientOrFamilyId =\r\n credentialType === CredentialType.REFRESH_TOKEN\r\n ? familyId || clientId\r\n : clientId;\r\n const credentialId: Array = [\r\n credentialType,\r\n clientOrFamilyId,\r\n realm || Constants.EMPTY_STRING,\r\n ];\r\n\r\n return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n }\r\n\r\n /**\r\n * Generate target key component as per schema: \r\n */\r\n private static generateTargetForCacheKey(scopes?: string): string {\r\n return (scopes || Constants.EMPTY_STRING).toLowerCase();\r\n }\r\n\r\n /**\r\n * Generate requested claims key component as per schema: \r\n */\r\n private static generateClaimsHashForCacheKey(requestedClaimsHash?: string): string {\r\n return(requestedClaimsHash || Constants.EMPTY_STRING).toLowerCase();\r\n }\r\n\r\n /**\r\n * Generate scheme key componenet as per schema: \r\n */\r\n private static generateSchemeForCacheKey(tokenType?: string): string {\r\n /*\r\n * PoP Tokens and SSH certs include scheme in cache key\r\n * Cast to lowercase to handle \"bearer\" from ADFS\r\n */\r\n return (tokenType && tokenType.toLowerCase() !== AuthenticationScheme.BEARER.toLowerCase()) ? tokenType.toLowerCase() : Constants.EMPTY_STRING;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { CredentialEntity } from \"./CredentialEntity\";\r\nimport { CredentialType } from \"../../utils/Constants\";\r\n\r\n/**\r\n * ID_TOKEN Cache\r\n *\r\n * Key:Value Schema:\r\n *\r\n * Key Example: uid.utid-login.microsoftonline.com-idtoken-clientId-contoso.com-\r\n *\r\n * Value Schema:\r\n * {\r\n * homeAccountId: home account identifier for the auth scheme,\r\n * environment: entity that issued the token, represented as a full host\r\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\r\n * clientId: client ID of the application\r\n * secret: Actual credential as a string\r\n * realm: Full tenant or organizational identifier that the account belongs to\r\n * }\r\n */\r\nexport class IdTokenEntity extends CredentialEntity {\r\n realm: string;\r\n\r\n /**\r\n * Create IdTokenEntity\r\n * @param homeAccountId\r\n * @param authenticationResult\r\n * @param clientId\r\n * @param authority\r\n */\r\n static createIdTokenEntity(\r\n homeAccountId: string,\r\n environment: string,\r\n idToken: string,\r\n clientId: string,\r\n tenantId: string,\r\n ): IdTokenEntity {\r\n const idTokenEntity = new IdTokenEntity();\r\n\r\n idTokenEntity.credentialType = CredentialType.ID_TOKEN;\r\n idTokenEntity.homeAccountId = homeAccountId;\r\n idTokenEntity.environment = environment;\r\n idTokenEntity.clientId = clientId;\r\n idTokenEntity.secret = idToken;\r\n idTokenEntity.realm = tenantId;\r\n\r\n return idTokenEntity;\r\n }\r\n\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n static isIdTokenEntity(entity: object): boolean {\r\n\r\n if (!entity) {\r\n return false;\r\n }\r\n\r\n return (\r\n entity.hasOwnProperty(\"homeAccountId\") &&\r\n entity.hasOwnProperty(\"environment\") &&\r\n entity.hasOwnProperty(\"credentialType\") &&\r\n entity.hasOwnProperty(\"realm\") &&\r\n entity.hasOwnProperty(\"clientId\") &&\r\n entity.hasOwnProperty(\"secret\") &&\r\n entity[\"credentialType\"] === CredentialType.ID_TOKEN\r\n );\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ClientAuthError } from \"./ClientAuthError\";\r\n\r\n/**\r\n * ClientConfigurationErrorMessage class containing string constants used by error codes and messages.\r\n */\r\nexport const ClientConfigurationErrorMessage = {\r\n redirectUriNotSet: {\r\n code: \"redirect_uri_empty\",\r\n desc: \"A redirect URI is required for all calls, and none has been set.\"\r\n },\r\n postLogoutUriNotSet: {\r\n code: \"post_logout_uri_empty\",\r\n desc: \"A post logout redirect has not been set.\"\r\n },\r\n claimsRequestParsingError: {\r\n code: \"claims_request_parsing_error\",\r\n desc: \"Could not parse the given claims request object.\"\r\n },\r\n authorityUriInsecure: {\r\n code: \"authority_uri_insecure\",\r\n desc: \"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options\"\r\n },\r\n urlParseError: {\r\n code: \"url_parse_error\",\r\n desc: \"URL could not be parsed into appropriate segments.\"\r\n },\r\n urlEmptyError: {\r\n code: \"empty_url_error\",\r\n desc: \"URL was empty or null.\"\r\n },\r\n emptyScopesError: {\r\n code: \"empty_input_scopes_error\",\r\n desc: \"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.\"\r\n },\r\n nonArrayScopesError: {\r\n code: \"nonarray_input_scopes_error\",\r\n desc: \"Scopes cannot be passed as non-array.\"\r\n },\r\n clientIdSingleScopeError: {\r\n code: \"clientid_input_scopes_error\",\r\n desc: \"Client ID can only be provided as a single scope.\"\r\n },\r\n invalidPrompt: {\r\n code: \"invalid_prompt_value\",\r\n desc: \"Supported prompt values are 'login', 'select_account', 'consent', 'create', 'none' and 'no_session'. Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest\",\r\n },\r\n invalidClaimsRequest: {\r\n code: \"invalid_claims\",\r\n desc: \"Given claims parameter must be a stringified JSON object.\"\r\n },\r\n tokenRequestEmptyError: {\r\n code: \"token_request_empty\",\r\n desc: \"Token request was empty and not found in cache.\"\r\n },\r\n logoutRequestEmptyError: {\r\n code: \"logout_request_empty\",\r\n desc: \"The logout request was null or undefined.\"\r\n },\r\n invalidCodeChallengeMethod: {\r\n code: \"invalid_code_challenge_method\",\r\n desc: \"code_challenge_method passed is invalid. Valid values are \\\"plain\\\" and \\\"S256\\\".\"\r\n },\r\n invalidCodeChallengeParams: {\r\n code: \"pkce_params_missing\",\r\n desc: \"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request\"\r\n },\r\n invalidCloudDiscoveryMetadata: {\r\n code: \"invalid_cloud_discovery_metadata\",\r\n desc: \"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields\"\r\n },\r\n invalidAuthorityMetadata: {\r\n code: \"invalid_authority_metadata\",\r\n desc: \"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.\"\r\n },\r\n untrustedAuthority: {\r\n code: \"untrusted_authority\",\r\n desc: \"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.\"\r\n },\r\n invalidAzureCloudInstance: {\r\n code: \"invalid_azure_cloud_instance\",\r\n desc: \"Invalid AzureCloudInstance provided. Please refer MSAL JS docs: aks.ms/msaljs/azure_cloud_instance for valid values\"\r\n },\r\n missingSshJwk: {\r\n code: \"missing_ssh_jwk\",\r\n desc: \"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.\"\r\n },\r\n missingSshKid: {\r\n code: \"missing_ssh_kid\",\r\n desc: \"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.\"\r\n },\r\n missingNonceAuthenticationHeader: {\r\n code: \"missing_nonce_authentication_header\",\r\n desc: \"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.\"\r\n },\r\n invalidAuthenticationHeader: {\r\n code: \"invalid_authentication_header\",\r\n desc: \"Invalid authentication header provided\"\r\n },\r\n authorityMismatch: {\r\n code: \"authority_mismatch\",\r\n desc: \"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.\"\r\n }\r\n};\r\n\r\n/**\r\n * Error thrown when there is an error in configuration of the MSAL.js library.\r\n */\r\nexport class ClientConfigurationError extends ClientAuthError {\r\n\r\n constructor(errorCode: string, errorMessage?: string) {\r\n super(errorCode, errorMessage);\r\n this.name = \"ClientConfigurationError\";\r\n Object.setPrototypeOf(this, ClientConfigurationError.prototype);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the redirect uri is empty (not set by caller)\r\n */\r\n static createRedirectUriEmptyError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.redirectUriNotSet.code,\r\n ClientConfigurationErrorMessage.redirectUriNotSet.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the post-logout redirect uri is empty (not set by caller)\r\n */\r\n static createPostLogoutRedirectUriEmptyError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.postLogoutUriNotSet.code,\r\n ClientConfigurationErrorMessage.postLogoutUriNotSet.desc);\r\n }\r\n\r\n /**\r\n * Creates an error thrown when the claims request could not be successfully parsed\r\n */\r\n static createClaimsRequestParsingError(claimsRequestParseError: string): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.claimsRequestParsingError.code,\r\n `${ClientConfigurationErrorMessage.claimsRequestParsingError.desc} Given value: ${claimsRequestParseError}`);\r\n }\r\n\r\n /**\r\n * Creates an error thrown if authority uri is given an insecure protocol.\r\n * @param urlString\r\n */\r\n static createInsecureAuthorityUriError(urlString: string): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.authorityUriInsecure.code,\r\n `${ClientConfigurationErrorMessage.authorityUriInsecure.desc} Given URI: ${urlString}`);\r\n }\r\n\r\n /**\r\n * Creates an error thrown if URL string does not parse into separate segments.\r\n * @param urlString\r\n */\r\n static createUrlParseError(urlParseError: string): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.urlParseError.code,\r\n `${ClientConfigurationErrorMessage.urlParseError.desc} Given Error: ${urlParseError}`);\r\n }\r\n\r\n /**\r\n * Creates an error thrown if URL string is empty or null.\r\n * @param urlString\r\n */\r\n static createUrlEmptyError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.urlEmptyError.code,\r\n ClientConfigurationErrorMessage.urlEmptyError.desc);\r\n }\r\n\r\n /**\r\n * Error thrown when scopes are empty.\r\n * @param scopesValue\r\n */\r\n static createEmptyScopesArrayError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.emptyScopesError.code,\r\n `${ClientConfigurationErrorMessage.emptyScopesError.desc}`);\r\n }\r\n\r\n /**\r\n * Error thrown when client id scope is not provided as single scope.\r\n * @param inputScopes\r\n */\r\n static createClientIdSingleScopeError(inputScopes: Array): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.clientIdSingleScopeError.code,\r\n `${ClientConfigurationErrorMessage.clientIdSingleScopeError.desc} Given Scopes: ${inputScopes}`);\r\n }\r\n\r\n /**\r\n * Error thrown when prompt is not an allowed type.\r\n * @param promptValue\r\n */\r\n static createInvalidPromptError(promptValue: string): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidPrompt.code,\r\n `${ClientConfigurationErrorMessage.invalidPrompt.desc} Given value: ${promptValue}`);\r\n }\r\n\r\n /**\r\n * Creates error thrown when claims parameter is not a stringified JSON object\r\n */\r\n static createInvalidClaimsRequestError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidClaimsRequest.code,\r\n ClientConfigurationErrorMessage.invalidClaimsRequest.desc);\r\n }\r\n\r\n /**\r\n * Throws error when token request is empty and nothing cached in storage.\r\n */\r\n static createEmptyLogoutRequestError(): ClientConfigurationError {\r\n return new ClientConfigurationError(\r\n ClientConfigurationErrorMessage.logoutRequestEmptyError.code,\r\n ClientConfigurationErrorMessage.logoutRequestEmptyError.desc\r\n );\r\n }\r\n\r\n /**\r\n * Throws error when token request is empty and nothing cached in storage.\r\n */\r\n static createEmptyTokenRequestError(): ClientConfigurationError {\r\n return new ClientConfigurationError(\r\n ClientConfigurationErrorMessage.tokenRequestEmptyError.code,\r\n ClientConfigurationErrorMessage.tokenRequestEmptyError.desc\r\n );\r\n }\r\n\r\n /**\r\n * Throws error when an invalid code_challenge_method is passed by the user\r\n */\r\n static createInvalidCodeChallengeMethodError(): ClientConfigurationError {\r\n return new ClientConfigurationError(\r\n ClientConfigurationErrorMessage.invalidCodeChallengeMethod.code,\r\n ClientConfigurationErrorMessage.invalidCodeChallengeMethod.desc\r\n );\r\n }\r\n\r\n /**\r\n * Throws error when both params: code_challenge and code_challenge_method are not passed together\r\n */\r\n static createInvalidCodeChallengeParamsError(): ClientConfigurationError {\r\n return new ClientConfigurationError(\r\n ClientConfigurationErrorMessage.invalidCodeChallengeParams.code,\r\n ClientConfigurationErrorMessage.invalidCodeChallengeParams.desc\r\n );\r\n }\r\n\r\n /**\r\n * Throws an error when the user passes invalid cloudDiscoveryMetadata\r\n */\r\n static createInvalidCloudDiscoveryMetadataError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidCloudDiscoveryMetadata.code,\r\n ClientConfigurationErrorMessage.invalidCloudDiscoveryMetadata.desc);\r\n }\r\n\r\n /**\r\n * Throws an error when the user passes invalid cloudDiscoveryMetadata\r\n */\r\n static createInvalidAuthorityMetadataError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidAuthorityMetadata.code,\r\n ClientConfigurationErrorMessage.invalidAuthorityMetadata.desc);\r\n }\r\n\r\n /**\r\n * Throws error when provided authority is not a member of the trusted host list\r\n */\r\n static createUntrustedAuthorityError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.untrustedAuthority.code,\r\n ClientConfigurationErrorMessage.untrustedAuthority.desc);\r\n }\r\n\r\n /**\r\n * Throws error when the AzureCloudInstance is set to an invalid value\r\n */\r\n static createInvalidAzureCloudInstanceError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidAzureCloudInstance.code,\r\n ClientConfigurationErrorMessage.invalidAzureCloudInstance.desc);\r\n }\r\n\r\n /**\r\n * Throws an error when the authentication scheme is set to SSH but the SSH public key is omitted from the request\r\n */\r\n static createMissingSshJwkError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.missingSshJwk.code,\r\n ClientConfigurationErrorMessage.missingSshJwk.desc);\r\n }\r\n\r\n /**\r\n * Throws an error when the authentication scheme is set to SSH but the SSH public key ID is omitted from the request\r\n */\r\n static createMissingSshKidError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.missingSshKid.code,\r\n ClientConfigurationErrorMessage.missingSshKid.desc);\r\n }\r\n\r\n /**\r\n * Throws error when provided headers don't contain a header that a server nonce can be extracted from\r\n */\r\n static createMissingNonceAuthenticationHeadersError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.missingNonceAuthenticationHeader.code,\r\n ClientConfigurationErrorMessage.missingNonceAuthenticationHeader.desc);\r\n }\r\n\r\n /**\r\n * Throws error when a provided header is invalid in any way\r\n */\r\n static createInvalidAuthenticationHeaderError(invalidHeaderName: string, details: string): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidAuthenticationHeader.code,\r\n `${ClientConfigurationErrorMessage.invalidAuthenticationHeader.desc}. Invalid header: ${invalidHeaderName}. Details: ${details}`);\r\n }\r\n \r\n /**\r\n * Create an error when the authority provided in request does not match authority provided in account or MSAL.js configuration.\r\n */\r\n static createAuthorityMismatchError(): ClientConfigurationError {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.authorityMismatch.code, ClientConfigurationErrorMessage.authorityMismatch.desc);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ClientConfigurationError } from \"../error/ClientConfigurationError\";\r\nimport { StringUtils } from \"../utils/StringUtils\";\r\nimport { ClientAuthError } from \"../error/ClientAuthError\";\r\nimport { Constants, OIDC_SCOPES } from \"../utils/Constants\";\r\n\r\n/**\r\n * The ScopeSet class creates a set of scopes. Scopes are case-insensitive, unique values, so the Set object in JS makes\r\n * the most sense to implement for this class. All scopes are trimmed and converted to lower case strings in intersection and union functions\r\n * to ensure uniqueness of strings.\r\n */\r\nexport class ScopeSet {\r\n // Scopes as a Set of strings\r\n private scopes: Set;\r\n\r\n constructor(inputScopes: Array) {\r\n // Filter empty string and null/undefined array items\r\n const scopeArr = inputScopes ? StringUtils.trimArrayEntries([...inputScopes]) : [];\r\n const filteredInput = scopeArr ? StringUtils.removeEmptyStringsFromArray(scopeArr) : [];\r\n\r\n // Validate and filter scopes (validate function throws if validation fails)\r\n this.validateInputScopes(filteredInput);\r\n\r\n this.scopes = new Set(); // Iterator in constructor not supported by IE11\r\n filteredInput.forEach(scope => this.scopes.add(scope));\r\n }\r\n\r\n /**\r\n * Factory method to create ScopeSet from space-delimited string\r\n * @param inputScopeString\r\n * @param appClientId\r\n * @param scopesRequired\r\n */\r\n static fromString(inputScopeString: string): ScopeSet {\r\n const scopeString = inputScopeString || Constants.EMPTY_STRING;\r\n const inputScopes: Array = scopeString.split(\" \");\r\n return new ScopeSet(inputScopes);\r\n }\r\n\r\n /**\r\n * Creates the set of scopes to search for in cache lookups\r\n * @param inputScopeString \r\n * @returns \r\n */\r\n static createSearchScopes(inputScopeString: Array): ScopeSet {\r\n const scopeSet = new ScopeSet(inputScopeString);\r\n if (!scopeSet.containsOnlyOIDCScopes()) {\r\n scopeSet.removeOIDCScopes();\r\n } else {\r\n scopeSet.removeScope(Constants.OFFLINE_ACCESS_SCOPE);\r\n }\r\n\r\n return scopeSet;\r\n }\r\n\r\n /**\r\n * Used to validate the scopes input parameter requested by the developer.\r\n * @param {Array} inputScopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned.\r\n * @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not\r\n */\r\n private validateInputScopes(inputScopes: Array): void {\r\n // Check if scopes are required but not given or is an empty array\r\n if (!inputScopes || inputScopes.length < 1) {\r\n throw ClientConfigurationError.createEmptyScopesArrayError();\r\n }\r\n }\r\n\r\n /**\r\n * Check if a given scope is present in this set of scopes.\r\n * @param scope\r\n */\r\n containsScope(scope: string): boolean {\r\n const lowerCaseScopes = this.printScopesLowerCase().split(\" \");\r\n const lowerCaseScopesSet = new ScopeSet(lowerCaseScopes);\r\n // compare lowercase scopes\r\n return !StringUtils.isEmpty(scope) ? lowerCaseScopesSet.scopes.has(scope.toLowerCase()) : false;\r\n }\r\n\r\n /**\r\n * Check if a set of scopes is present in this set of scopes.\r\n * @param scopeSet\r\n */\r\n containsScopeSet(scopeSet: ScopeSet): boolean {\r\n if (!scopeSet || scopeSet.scopes.size <= 0) {\r\n return false;\r\n }\r\n\r\n return (this.scopes.size >= scopeSet.scopes.size && scopeSet.asArray().every(scope => this.containsScope(scope)));\r\n }\r\n\r\n /**\r\n * Check if set of scopes contains only the defaults\r\n */\r\n containsOnlyOIDCScopes(): boolean {\r\n let defaultScopeCount = 0;\r\n OIDC_SCOPES.forEach((defaultScope: string) => {\r\n if (this.containsScope(defaultScope)) {\r\n defaultScopeCount += 1;\r\n }\r\n });\r\n\r\n return this.scopes.size === defaultScopeCount;\r\n }\r\n\r\n /**\r\n * Appends single scope if passed\r\n * @param newScope\r\n */\r\n appendScope(newScope: string): void {\r\n if (!StringUtils.isEmpty(newScope)) {\r\n this.scopes.add(newScope.trim());\r\n }\r\n }\r\n\r\n /**\r\n * Appends multiple scopes if passed\r\n * @param newScopes\r\n */\r\n appendScopes(newScopes: Array): void {\r\n try {\r\n newScopes.forEach(newScope => this.appendScope(newScope));\r\n } catch (e) {\r\n throw ClientAuthError.createAppendScopeSetError(e);\r\n }\r\n }\r\n\r\n /**\r\n * Removes element from set of scopes.\r\n * @param scope\r\n */\r\n removeScope(scope: string): void {\r\n if (StringUtils.isEmpty(scope)) {\r\n throw ClientAuthError.createRemoveEmptyScopeFromSetError(scope);\r\n }\r\n this.scopes.delete(scope.trim());\r\n }\r\n\r\n /**\r\n * Removes default scopes from set of scopes\r\n * Primarily used to prevent cache misses if the default scopes are not returned from the server\r\n */\r\n removeOIDCScopes(): void {\r\n OIDC_SCOPES.forEach((defaultScope: string) => {\r\n this.scopes.delete(defaultScope);\r\n });\r\n }\r\n\r\n /**\r\n * Combines an array of scopes with the current set of scopes.\r\n * @param otherScopes\r\n */\r\n unionScopeSets(otherScopes: ScopeSet): Set {\r\n if (!otherScopes) {\r\n throw ClientAuthError.createEmptyInputScopeSetError();\r\n }\r\n const unionScopes = new Set(); // Iterator in constructor not supported in IE11\r\n otherScopes.scopes.forEach(scope => unionScopes.add(scope.toLowerCase()));\r\n this.scopes.forEach(scope => unionScopes.add(scope.toLowerCase()));\r\n return unionScopes;\r\n }\r\n\r\n /**\r\n * Check if scopes intersect between this set and another.\r\n * @param otherScopes\r\n */\r\n intersectingScopeSets(otherScopes: ScopeSet): boolean {\r\n if (!otherScopes) {\r\n throw ClientAuthError.createEmptyInputScopeSetError();\r\n }\r\n \r\n // Do not allow OIDC scopes to be the only intersecting scopes\r\n if (!otherScopes.containsOnlyOIDCScopes()) {\r\n otherScopes.removeOIDCScopes();\r\n }\r\n const unionScopes = this.unionScopeSets(otherScopes);\r\n const sizeOtherScopes = otherScopes.getScopeCount();\r\n const sizeThisScopes = this.getScopeCount();\r\n const sizeUnionScopes = unionScopes.size;\r\n return sizeUnionScopes < (sizeThisScopes + sizeOtherScopes);\r\n }\r\n\r\n /**\r\n * Returns size of set of scopes.\r\n */\r\n getScopeCount(): number {\r\n return this.scopes.size;\r\n }\r\n\r\n /**\r\n * Returns the scopes as an array of string values\r\n */\r\n asArray(): Array {\r\n const array: Array = [];\r\n this.scopes.forEach(val => array.push(val));\r\n return array;\r\n }\r\n\r\n /**\r\n * Prints scopes into a space-delimited string\r\n */\r\n printScopes(): string {\r\n if (this.scopes) {\r\n const scopeArr = this.asArray();\r\n return scopeArr.join(\" \");\r\n }\r\n return Constants.EMPTY_STRING;\r\n }\r\n\r\n /**\r\n * Prints scopes into a space-delimited lower-case string (used for caching)\r\n */\r\n printScopesLowerCase(): string {\r\n return this.printScopes().toLowerCase();\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ClientAuthError } from \"../error/ClientAuthError\";\r\nimport { StringUtils } from \"../utils/StringUtils\";\r\nimport { ICrypto } from \"../crypto/ICrypto\";\r\nimport { Separators, Constants } from \"../utils/Constants\";\r\n\r\n/**\r\n * Client info object which consists of two IDs. Need to add more info here.\r\n */\r\nexport type ClientInfo = {\r\n uid: string,\r\n utid: string\r\n};\r\n\r\n/**\r\n * Function to build a client info object from server clientInfo string\r\n * @param rawClientInfo\r\n * @param crypto\r\n */\r\nexport function buildClientInfo(rawClientInfo: string, crypto: ICrypto): ClientInfo {\r\n if (StringUtils.isEmpty(rawClientInfo)) {\r\n throw ClientAuthError.createClientInfoEmptyError();\r\n }\r\n\r\n try {\r\n const decodedClientInfo: string = crypto.base64Decode(rawClientInfo);\r\n return JSON.parse(decodedClientInfo) as ClientInfo;\r\n } catch (e) {\r\n throw ClientAuthError.createClientInfoDecodingError((e as ClientAuthError).message);\r\n }\r\n}\r\n\r\n/**\r\n * Function to build a client info object from cached homeAccountId string\r\n * @param homeAccountId \r\n */\r\nexport function buildClientInfoFromHomeAccountId(homeAccountId: string): ClientInfo {\r\n if (StringUtils.isEmpty(homeAccountId)) {\r\n throw ClientAuthError.createClientInfoDecodingError(\"Home account ID was empty.\");\r\n }\r\n const clientInfoParts: string[] = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);\r\n return {\r\n uid: clientInfoParts[0],\r\n utid: clientInfoParts.length < 2 ? Constants.EMPTY_STRING : clientInfoParts[1]\r\n };\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport {\r\n Separators,\r\n CacheAccountType,\r\n CacheType,\r\n Constants,\r\n} from \"../../utils/Constants\";\r\nimport { Authority } from \"../../authority/Authority\";\r\nimport { AuthToken } from \"../../account/AuthToken\";\r\nimport { ICrypto } from \"../../crypto/ICrypto\";\r\nimport { buildClientInfo } from \"../../account/ClientInfo\";\r\nimport { StringUtils } from \"../../utils/StringUtils\";\r\nimport { AccountInfo } from \"../../account/AccountInfo\";\r\nimport { ClientAuthError } from \"../../error/ClientAuthError\";\r\nimport { AuthorityType } from \"../../authority/AuthorityType\";\r\nimport { Logger } from \"../../logger/Logger\";\r\nimport { TokenClaims } from \"../../account/TokenClaims\";\r\n\r\n/**\r\n * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).\r\n *\r\n * Key : Value Schema\r\n *\r\n * Key: --\r\n *\r\n * Value Schema:\r\n * {\r\n * homeAccountId: home account identifier for the auth scheme,\r\n * environment: entity that issued the token, represented as a full host\r\n * realm: Full tenant or organizational identifier that the account belongs to\r\n * localAccountId: Original tenant-specific accountID, usually used for legacy cases\r\n * username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt\r\n * authorityType: Accounts authority type as a string\r\n * name: Full name for the account, including given name and family name,\r\n * clientInfo: Full base64 encoded client info received from ESTS\r\n * lastModificationTime: last time this entity was modified in the cache\r\n * lastModificationApp:\r\n * idTokenClaims: Object containing claims parsed from ID token\r\n * nativeAccountId: Account identifier on the native device\r\n * }\r\n */\r\nexport class AccountEntity {\r\n homeAccountId: string;\r\n environment: string;\r\n realm: string;\r\n localAccountId: string;\r\n username: string;\r\n authorityType: string;\r\n name?: string;\r\n clientInfo?: string;\r\n lastModificationTime?: string;\r\n lastModificationApp?: string;\r\n cloudGraphHostName?: string;\r\n msGraphHost?: string;\r\n idTokenClaims?: TokenClaims;\r\n nativeAccountId?: string;\r\n\r\n /**\r\n * Generate Account Id key component as per the schema: -\r\n */\r\n generateAccountId(): string {\r\n const accountId: Array = [this.homeAccountId, this.environment];\r\n return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n }\r\n\r\n /**\r\n * Generate Account Cache Key as per the schema: --\r\n */\r\n generateAccountKey(): string {\r\n return AccountEntity.generateAccountCacheKey({\r\n homeAccountId: this.homeAccountId,\r\n environment: this.environment,\r\n tenantId: this.realm,\r\n username: this.username,\r\n localAccountId: this.localAccountId\r\n });\r\n }\r\n\r\n /**\r\n * returns the type of the cache (in this case account)\r\n */\r\n generateType(): number {\r\n switch (this.authorityType) {\r\n case CacheAccountType.ADFS_ACCOUNT_TYPE:\r\n return CacheType.ADFS;\r\n case CacheAccountType.MSAV1_ACCOUNT_TYPE:\r\n return CacheType.MSA;\r\n case CacheAccountType.MSSTS_ACCOUNT_TYPE:\r\n return CacheType.MSSTS;\r\n case CacheAccountType.GENERIC_ACCOUNT_TYPE:\r\n return CacheType.GENERIC;\r\n default: {\r\n throw ClientAuthError.createUnexpectedAccountTypeError();\r\n }\r\n }\r\n }\r\n\r\n /**\r\n * Returns the AccountInfo interface for this account.\r\n */\r\n getAccountInfo(): AccountInfo {\r\n return {\r\n homeAccountId: this.homeAccountId,\r\n environment: this.environment,\r\n tenantId: this.realm,\r\n username: this.username,\r\n localAccountId: this.localAccountId,\r\n name: this.name,\r\n idTokenClaims: this.idTokenClaims,\r\n nativeAccountId: this.nativeAccountId\r\n };\r\n }\r\n\r\n /**\r\n * Generates account key from interface\r\n * @param accountInterface\r\n */\r\n static generateAccountCacheKey(accountInterface: AccountInfo): string {\r\n const accountKey = [\r\n accountInterface.homeAccountId,\r\n accountInterface.environment || Constants.EMPTY_STRING,\r\n accountInterface.tenantId || Constants.EMPTY_STRING,\r\n ];\r\n\r\n return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n }\r\n\r\n /**\r\n * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.\r\n * @param clientInfo\r\n * @param authority\r\n * @param idToken\r\n * @param policy\r\n */\r\n static createAccount(\r\n clientInfo: string,\r\n homeAccountId: string,\r\n idToken: AuthToken,\r\n authority?: Authority,\r\n cloudGraphHostName?: string,\r\n msGraphHost?: string,\r\n environment?: string,\r\n nativeAccountId?: string\r\n ): AccountEntity {\r\n const account: AccountEntity = new AccountEntity();\r\n\r\n account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;\r\n account.clientInfo = clientInfo;\r\n account.homeAccountId = homeAccountId;\r\n account.nativeAccountId = nativeAccountId;\r\n\r\n const env = environment || (authority && authority.getPreferredCache());\r\n\r\n if (!env) {\r\n throw ClientAuthError.createInvalidCacheEnvironmentError();\r\n }\r\n\r\n account.environment = env;\r\n // non AAD scenarios can have empty realm\r\n account.realm = idToken?.claims?.tid || Constants.EMPTY_STRING;\r\n\r\n if (idToken) {\r\n account.idTokenClaims = idToken.claims;\r\n\r\n // How do you account for MSA CID here?\r\n account.localAccountId = idToken?.claims?.oid || idToken?.claims?.sub || Constants.EMPTY_STRING;\r\n\r\n /*\r\n * In B2C scenarios the emails claim is used instead of preferred_username and it is an array.\r\n * In most cases it will contain a single email. This field should not be relied upon if a custom \r\n * policy is configured to return more than 1 email.\r\n */\r\n const preferredUsername = idToken?.claims?.preferred_username;\r\n const email = (idToken?.claims?.emails) ? idToken.claims.emails[0] : null;\r\n \r\n account.username = preferredUsername || email || Constants.EMPTY_STRING;\r\n account.name = idToken?.claims?.name;\r\n }\r\n\r\n account.cloudGraphHostName = cloudGraphHostName;\r\n account.msGraphHost = msGraphHost;\r\n\r\n return account;\r\n }\r\n\r\n /**\r\n * Builds non-AAD/ADFS account.\r\n * @param authority\r\n * @param idToken\r\n */\r\n static createGenericAccount(\r\n homeAccountId: string,\r\n idToken: AuthToken,\r\n authority?: Authority,\r\n cloudGraphHostName?: string,\r\n msGraphHost?: string,\r\n environment?: string\r\n ): AccountEntity {\r\n const account: AccountEntity = new AccountEntity();\r\n\r\n account.authorityType = (\r\n authority &&\r\n authority.authorityType === AuthorityType.Adfs\r\n ) ? CacheAccountType.ADFS_ACCOUNT_TYPE : CacheAccountType.GENERIC_ACCOUNT_TYPE;\r\n \r\n account.homeAccountId = homeAccountId;\r\n // non AAD scenarios can have empty realm\r\n account.realm = Constants.EMPTY_STRING;\r\n\r\n const env = environment || authority && authority.getPreferredCache();\r\n\r\n if (!env) {\r\n throw ClientAuthError.createInvalidCacheEnvironmentError();\r\n }\r\n\r\n if (idToken) {\r\n // How do you account for MSA CID here?\r\n account.localAccountId = idToken?.claims?.oid || idToken?.claims?.sub || Constants.EMPTY_STRING;\r\n // upn claim for most ADFS scenarios\r\n account.username = idToken?.claims?.upn || Constants.EMPTY_STRING;\r\n account.name = idToken?.claims?.name || Constants.EMPTY_STRING;\r\n account.idTokenClaims = idToken?.claims;\r\n }\r\n\r\n account.environment = env;\r\n\r\n account.cloudGraphHostName = cloudGraphHostName;\r\n account.msGraphHost = msGraphHost;\r\n\r\n /*\r\n * add uniqueName to claims\r\n * account.name = idToken.claims.uniqueName;\r\n */\r\n\r\n return account;\r\n }\r\n\r\n /**\r\n * Generate HomeAccountId from server response\r\n * @param serverClientInfo\r\n * @param authType\r\n */\r\n static generateHomeAccountId(\r\n serverClientInfo: string,\r\n authType: AuthorityType,\r\n logger: Logger,\r\n cryptoObj: ICrypto,\r\n idToken?: AuthToken\r\n ): string {\r\n\r\n const accountId = idToken?.claims?.sub ? idToken.claims.sub : Constants.EMPTY_STRING;\r\n\r\n // since ADFS does not have tid and does not set client_info\r\n if (authType === AuthorityType.Adfs || authType === AuthorityType.Dsts) {\r\n return accountId;\r\n }\r\n\r\n // for cases where there is clientInfo\r\n if (serverClientInfo) {\r\n try {\r\n const clientInfo = buildClientInfo(serverClientInfo, cryptoObj);\r\n if (!StringUtils.isEmpty(clientInfo.uid) && !StringUtils.isEmpty(clientInfo.utid)) {\r\n return `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`;\r\n }\r\n } catch (e) {}\r\n }\r\n\r\n // default to \"sub\" claim\r\n logger.verbose(\"No client info in response\");\r\n return accountId;\r\n }\r\n\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n static isAccountEntity(entity: object): boolean {\r\n\r\n if (!entity) {\r\n return false;\r\n }\r\n\r\n return (\r\n entity.hasOwnProperty(\"homeAccountId\") &&\r\n entity.hasOwnProperty(\"environment\") &&\r\n entity.hasOwnProperty(\"realm\") &&\r\n entity.hasOwnProperty(\"localAccountId\") &&\r\n entity.hasOwnProperty(\"username\") &&\r\n entity.hasOwnProperty(\"authorityType\")\r\n );\r\n }\r\n\r\n /**\r\n * Helper function to determine whether 2 accountInfo objects represent the same account\r\n * @param accountA\r\n * @param accountB\r\n * @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality\r\n */\r\n static accountInfoIsEqual(accountA: AccountInfo | null, accountB: AccountInfo | null, compareClaims?: boolean): boolean {\r\n if (!accountA || !accountB) {\r\n return false;\r\n }\r\n\r\n let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false\r\n if (compareClaims) {\r\n const accountAClaims = (accountA.idTokenClaims || {}) as TokenClaims;\r\n const accountBClaims = (accountB.idTokenClaims || {}) as TokenClaims;\r\n\r\n // issued at timestamp and nonce are expected to change each time a new id token is acquired\r\n claimsMatch = (accountAClaims.iat === accountBClaims.iat) &&\r\n (accountAClaims.nonce === accountBClaims.nonce);\r\n }\r\n\r\n return (accountA.homeAccountId === accountB.homeAccountId) &&\r\n (accountA.localAccountId === accountB.localAccountId) &&\r\n (accountA.username === accountB.username) &&\r\n (accountA.tenantId === accountB.tenantId) &&\r\n (accountA.environment === accountB.environment) &&\r\n (accountA.nativeAccountId === accountB.nativeAccountId) &&\r\n claimsMatch;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nexport type CcsCredential = {\r\n credential: string,\r\n type: CcsCredentialType\r\n};\r\n\r\nexport enum CcsCredentialType {\r\n HOME_ACCOUNT_ID = \"home_account_id\",\r\n UPN = \"UPN\"\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { TokenClaims } from \"./TokenClaims\";\r\nimport { DecodedAuthToken } from \"./DecodedAuthToken\";\r\nimport { ClientAuthError } from \"../error/ClientAuthError\";\r\nimport { StringUtils } from \"../utils/StringUtils\";\r\nimport { ICrypto } from \"../crypto/ICrypto\";\r\n\r\n/**\r\n * JWT Token representation class. Parses token string and generates claims object.\r\n */\r\nexport class AuthToken {\r\n\r\n // Raw Token string\r\n rawToken: string;\r\n // Claims inside token\r\n claims: TokenClaims;\r\n constructor(rawToken: string, crypto: ICrypto) {\r\n if (StringUtils.isEmpty(rawToken)) {\r\n throw ClientAuthError.createTokenNullOrEmptyError(rawToken);\r\n }\r\n\r\n this.rawToken = rawToken;\r\n this.claims = AuthToken.extractTokenClaims(rawToken, crypto);\r\n }\r\n\r\n /**\r\n * Extract token by decoding the rawToken\r\n *\r\n * @param encodedToken\r\n */\r\n static extractTokenClaims(encodedToken: string, crypto: ICrypto): TokenClaims {\r\n\r\n const decodedToken: DecodedAuthToken = StringUtils.decodeAuthToken(encodedToken);\r\n\r\n // token will be decoded to get the username\r\n try {\r\n const base64TokenPayload = decodedToken.JWSPayload;\r\n\r\n // base64Decode() should throw an error if there is an issue\r\n const base64Decoded = crypto.base64Decode(base64TokenPayload);\r\n return JSON.parse(base64Decoded) as TokenClaims;\r\n } catch (err) {\r\n throw ClientAuthError.createTokenParsingError(err);\r\n }\r\n }\r\n\r\n /**\r\n * Determine if the token's max_age has transpired\r\n */\r\n static checkMaxAge(authTime: number, maxAge: number): void {\r\n /*\r\n * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest\r\n * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,\r\n * provide a value of 0 for the max_age parameter and the AS will force a fresh login.\r\n */\r\n const fiveMinuteSkew = 300000; // five minutes in milliseconds\r\n if ((maxAge === 0) || ((Date.now() - fiveMinuteSkew) > (authTime + maxAge))) {\r\n throw ClientAuthError.createMaxAgeTranspiredError();\r\n }\r\n }\r\n}\r\n","/* eslint-disable header/header */\r\nexport const name = \"@azure/msal-common\";\r\nexport const version = \"13.3.1\";\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AccountFilter, CredentialFilter, ValidCredentialType, AppMetadataFilter, AppMetadataCache, TokenKeys } from \"./utils/CacheTypes\";\r\nimport { CacheRecord } from \"./entities/CacheRecord\";\r\nimport { CredentialType, APP_METADATA, THE_FAMILY_ID, AUTHORITY_METADATA_CONSTANTS, AuthenticationScheme, Separators } from \"../utils/Constants\";\r\nimport { CredentialEntity } from \"./entities/CredentialEntity\";\r\nimport { ScopeSet } from \"../request/ScopeSet\";\r\nimport { AccountEntity } from \"./entities/AccountEntity\";\r\nimport { AccessTokenEntity } from \"./entities/AccessTokenEntity\";\r\nimport { IdTokenEntity } from \"./entities/IdTokenEntity\";\r\nimport { RefreshTokenEntity } from \"./entities/RefreshTokenEntity\";\r\nimport { AuthError } from \"../error/AuthError\";\r\nimport { ICacheManager } from \"./interface/ICacheManager\";\r\nimport { ClientAuthError } from \"../error/ClientAuthError\";\r\nimport { AccountInfo } from \"../account/AccountInfo\";\r\nimport { AppMetadataEntity } from \"./entities/AppMetadataEntity\";\r\nimport { ServerTelemetryEntity } from \"./entities/ServerTelemetryEntity\";\r\nimport { ThrottlingEntity } from \"./entities/ThrottlingEntity\";\r\nimport { AuthToken } from \"../account/AuthToken\";\r\nimport { ICrypto } from \"../crypto/ICrypto\";\r\nimport { AuthorityMetadataEntity } from \"./entities/AuthorityMetadataEntity\";\r\nimport { BaseAuthRequest } from \"../request/BaseAuthRequest\";\r\nimport { Logger } from \"../logger/Logger\";\r\nimport { name, version } from \"../packageMetadata\";\r\n\r\n/**\r\n * Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens.\r\n */\r\nexport abstract class CacheManager implements ICacheManager {\r\n protected clientId: string;\r\n protected cryptoImpl: ICrypto;\r\n // Instance of logger for functions defined in the msal-common layer\r\n private commonLogger: Logger;\r\n\r\n constructor(clientId: string, cryptoImpl: ICrypto, logger: Logger) {\r\n this.clientId = clientId;\r\n this.cryptoImpl = cryptoImpl;\r\n this.commonLogger = logger.clone(name, version);\r\n }\r\n\r\n /**\r\n * fetch the account entity from the platform cache\r\n * @param accountKey\r\n */\r\n abstract getAccount(accountKey: string): AccountEntity | null;\r\n\r\n /**\r\n * set account entity in the platform cache\r\n * @param account\r\n */\r\n abstract setAccount(account: AccountEntity): void;\r\n\r\n /**\r\n * fetch the idToken entity from the platform cache\r\n * @param idTokenKey\r\n */\r\n abstract getIdTokenCredential(idTokenKey: string): IdTokenEntity | null;\r\n\r\n /**\r\n * set idToken entity to the platform cache\r\n * @param idToken\r\n */\r\n abstract setIdTokenCredential(idToken: IdTokenEntity): void;\r\n\r\n /**\r\n * fetch the idToken entity from the platform cache\r\n * @param accessTokenKey\r\n */\r\n abstract getAccessTokenCredential(accessTokenKey: string): AccessTokenEntity | null;\r\n\r\n /**\r\n * set idToken entity to the platform cache\r\n * @param accessToken\r\n */\r\n abstract setAccessTokenCredential(accessToken: AccessTokenEntity): void;\r\n\r\n /**\r\n * fetch the idToken entity from the platform cache\r\n * @param refreshTokenKey\r\n */\r\n abstract getRefreshTokenCredential(refreshTokenKey: string): RefreshTokenEntity | null;\r\n\r\n /**\r\n * set idToken entity to the platform cache\r\n * @param refreshToken\r\n */\r\n abstract setRefreshTokenCredential(refreshToken: RefreshTokenEntity): void;\r\n\r\n /**\r\n * fetch appMetadata entity from the platform cache\r\n * @param appMetadataKey\r\n */\r\n abstract getAppMetadata(appMetadataKey: string): AppMetadataEntity | null;\r\n\r\n /**\r\n * set appMetadata entity to the platform cache\r\n * @param appMetadata\r\n */\r\n abstract setAppMetadata(appMetadata: AppMetadataEntity): void;\r\n\r\n /**\r\n * fetch server telemetry entity from the platform cache\r\n * @param serverTelemetryKey\r\n */\r\n abstract getServerTelemetry(serverTelemetryKey: string): ServerTelemetryEntity | null;\r\n\r\n /**\r\n * set server telemetry entity to the platform cache\r\n * @param serverTelemetryKey\r\n * @param serverTelemetry\r\n */\r\n abstract setServerTelemetry(serverTelemetryKey: string, serverTelemetry: ServerTelemetryEntity): void;\r\n\r\n /**\r\n * fetch cloud discovery metadata entity from the platform cache\r\n * @param key\r\n */\r\n abstract getAuthorityMetadata(key: string): AuthorityMetadataEntity | null;\r\n\r\n /**\r\n *\r\n */\r\n abstract getAuthorityMetadataKeys(): Array;\r\n\r\n /**\r\n * set cloud discovery metadata entity to the platform cache\r\n * @param key\r\n * @param value\r\n */\r\n abstract setAuthorityMetadata(key: string, value: AuthorityMetadataEntity): void;\r\n\r\n /**\r\n * fetch throttling entity from the platform cache\r\n * @param throttlingCacheKey\r\n */\r\n abstract getThrottlingCache(throttlingCacheKey: string): ThrottlingEntity | null;\r\n\r\n /**\r\n * set throttling entity to the platform cache\r\n * @param throttlingCacheKey\r\n * @param throttlingCache\r\n */\r\n abstract setThrottlingCache(throttlingCacheKey: string, throttlingCache: ThrottlingEntity): void;\r\n\r\n /**\r\n * Function to remove an item from cache given its key.\r\n * @param key\r\n */\r\n abstract removeItem(key: string): void;\r\n\r\n /**\r\n * Function which returns boolean whether cache contains a specific key.\r\n * @param key\r\n */\r\n abstract containsKey(key: string, type?: string): boolean;\r\n\r\n /**\r\n * Function which retrieves all current keys from the cache.\r\n */\r\n abstract getKeys(): string[];\r\n\r\n /**\r\n * Function which retrieves all account keys from the cache\r\n */\r\n abstract getAccountKeys(): string[];\r\n\r\n /**\r\n * Function which retrieves all token keys from the cache\r\n */\r\n abstract getTokenKeys(): TokenKeys;\r\n\r\n /**\r\n * Function which clears cache.\r\n */\r\n abstract clear(): Promise;\r\n\r\n /**\r\n * Function which updates an outdated credential cache key\r\n */\r\n abstract updateCredentialCacheKey(currentCacheKey: string, credential: ValidCredentialType): string;\r\n\r\n /**\r\n * Returns all accounts in cache\r\n */\r\n getAllAccounts(): AccountInfo[] {\r\n const allAccountKeys = this.getAccountKeys();\r\n if (allAccountKeys.length < 1) {\r\n return [];\r\n }\r\n\r\n const accountEntities: AccountEntity[] = allAccountKeys.reduce((accounts: AccountEntity[], key: string) => {\r\n const entity: AccountEntity | null = this.getAccount(key);\r\n\r\n if (!entity) {\r\n return accounts;\r\n }\r\n accounts.push(entity);\r\n return accounts;\r\n }, []);\r\n\r\n if (accountEntities.length < 1) {\r\n return [];\r\n } else {\r\n const allAccounts = accountEntities.map((accountEntity) => {\r\n return this.getAccountInfoFromEntity(accountEntity);\r\n });\r\n return allAccounts;\r\n }\r\n }\r\n\r\n /** \r\n * Gets accountInfo object based on provided filters\r\n */\r\n getAccountInfoFilteredBy(accountFilter: AccountFilter): AccountInfo | null{\r\n const allAccounts = this.getAccountsFilteredBy(accountFilter);\r\n if (allAccounts.length > 0) {\r\n return this.getAccountInfoFromEntity(allAccounts[0]);\r\n } else {\r\n return null;\r\n }\r\n }\r\n\r\n private getAccountInfoFromEntity(accountEntity: AccountEntity): AccountInfo {\r\n const accountInfo = accountEntity.getAccountInfo();\r\n const idToken = this.getIdToken(accountInfo);\r\n if (idToken) {\r\n accountInfo.idToken = idToken.secret;\r\n accountInfo.idTokenClaims = new AuthToken(idToken.secret, this.cryptoImpl).claims;\r\n }\r\n return accountInfo;\r\n }\r\n\r\n /**\r\n * saves a cache record\r\n * @param cacheRecord\r\n */\r\n async saveCacheRecord(cacheRecord: CacheRecord): Promise {\r\n if (!cacheRecord) {\r\n throw ClientAuthError.createNullOrUndefinedCacheRecord();\r\n }\r\n\r\n if (!!cacheRecord.account) {\r\n this.setAccount(cacheRecord.account);\r\n }\r\n\r\n if (!!cacheRecord.idToken) {\r\n this.setIdTokenCredential(cacheRecord.idToken);\r\n }\r\n\r\n if (!!cacheRecord.accessToken) {\r\n await this.saveAccessToken(cacheRecord.accessToken);\r\n }\r\n\r\n if (!!cacheRecord.refreshToken) {\r\n this.setRefreshTokenCredential(cacheRecord.refreshToken);\r\n }\r\n\r\n if (!!cacheRecord.appMetadata) {\r\n this.setAppMetadata(cacheRecord.appMetadata);\r\n }\r\n }\r\n\r\n /**\r\n * saves access token credential\r\n * @param credential\r\n */\r\n private async saveAccessToken(credential: AccessTokenEntity): Promise {\r\n const accessTokenFilter: CredentialFilter = {\r\n clientId: credential.clientId,\r\n credentialType: credential.credentialType,\r\n environment: credential.environment,\r\n homeAccountId: credential.homeAccountId,\r\n realm: credential.realm,\r\n tokenType: credential.tokenType,\r\n requestedClaimsHash: credential.requestedClaimsHash\r\n };\r\n\r\n const tokenKeys = this.getTokenKeys();\r\n const currentScopes = ScopeSet.fromString(credential.target);\r\n\r\n const removedAccessTokens: Array> = [];\r\n tokenKeys.accessToken.forEach((key) => {\r\n if(!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) {\r\n return;\r\n }\r\n \r\n const tokenEntity = this.getAccessTokenCredential(key);\r\n\r\n if (tokenEntity && this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) {\r\n const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);\r\n if (tokenScopeSet.intersectingScopeSets(currentScopes)) {\r\n removedAccessTokens.push(this.removeAccessToken(key));\r\n }\r\n }\r\n });\r\n await Promise.all(removedAccessTokens);\r\n this.setAccessTokenCredential(credential);\r\n }\r\n\r\n /**\r\n * retrieve accounts matching all provided filters; if no filter is set, get all accounts\r\n * not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared\r\n * @param homeAccountId\r\n * @param environment\r\n * @param realm\r\n */\r\n getAccountsFilteredBy(accountFilter: AccountFilter): AccountEntity[] {\r\n const allAccountKeys = this.getAccountKeys();\r\n const matchingAccounts: AccountEntity[] = [];\r\n\r\n allAccountKeys.forEach((cacheKey) => {\r\n if (!this.isAccountKey(cacheKey, accountFilter.homeAccountId, accountFilter.realm)) {\r\n // Don't parse value if the key doesn't match the account filters\r\n return;\r\n }\r\n\r\n const entity: AccountEntity | null = this.getAccount(cacheKey);\r\n\r\n if (!entity) {\r\n return;\r\n }\r\n\r\n if (!!accountFilter.homeAccountId && !this.matchHomeAccountId(entity, accountFilter.homeAccountId)) {\r\n return;\r\n }\r\n\r\n if (!!accountFilter.localAccountId && !this.matchLocalAccountId(entity, accountFilter.localAccountId)) {\r\n return;\r\n }\r\n\r\n if (!!accountFilter.username && !this.matchUsername(entity, accountFilter.username)) {\r\n return;\r\n }\r\n\r\n if (!!accountFilter.environment && !this.matchEnvironment(entity, accountFilter.environment)) {\r\n return;\r\n }\r\n\r\n if (!!accountFilter.realm && !this.matchRealm(entity, accountFilter.realm)) {\r\n return;\r\n }\r\n\r\n if (!!accountFilter.nativeAccountId && !this.matchNativeAccountId(entity, accountFilter.nativeAccountId)) {\r\n return;\r\n }\r\n\r\n matchingAccounts.push(entity);\r\n });\r\n\r\n return matchingAccounts;\r\n }\r\n\r\n /**\r\n * Returns true if the given key matches our account key schema. Also matches homeAccountId and/or tenantId if provided\r\n * @param key \r\n * @param homeAccountId \r\n * @param tenantId \r\n * @returns \r\n */\r\n isAccountKey(key: string, homeAccountId?: string, tenantId?: string): boolean {\r\n if (key.split(Separators.CACHE_KEY_SEPARATOR).length < 3) {\r\n // Account cache keys contain 3 items separated by '-' (each item may also contain '-')\r\n return false;\r\n }\r\n\r\n if (homeAccountId && !key.toLowerCase().includes(homeAccountId.toLowerCase())) {\r\n return false;\r\n }\r\n\r\n if (tenantId && !key.toLowerCase().includes(tenantId.toLowerCase())) {\r\n return false;\r\n }\r\n\r\n // Do not check environment as aliasing can cause false negatives\r\n\r\n return true;\r\n }\r\n\r\n /**\r\n * Returns true if the given key matches our credential key schema.\r\n * @param key \r\n */\r\n isCredentialKey(key: string): boolean {\r\n if (key.split(Separators.CACHE_KEY_SEPARATOR).length < 6) {\r\n // Credential cache keys contain 6 items separated by '-' (each item may also contain '-')\r\n return false;\r\n }\r\n\r\n const lowerCaseKey = key.toLowerCase();\r\n // Credential keys must indicate what credential type they represent\r\n if (lowerCaseKey.indexOf(CredentialType.ID_TOKEN.toLowerCase()) === -1 &&\r\n lowerCaseKey.indexOf(CredentialType.ACCESS_TOKEN.toLowerCase()) === -1 &&\r\n lowerCaseKey.indexOf(CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) === -1 &&\r\n lowerCaseKey.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) === -1\r\n ) {\r\n return false;\r\n }\r\n\r\n if (lowerCaseKey.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) > -1) {\r\n // Refresh tokens must contain the client id or family id\r\n const clientIdValidation = `${CredentialType.REFRESH_TOKEN}${Separators.CACHE_KEY_SEPARATOR}${this.clientId}${Separators.CACHE_KEY_SEPARATOR}`;\r\n const familyIdValidation = `${CredentialType.REFRESH_TOKEN}${Separators.CACHE_KEY_SEPARATOR}${THE_FAMILY_ID}${Separators.CACHE_KEY_SEPARATOR}`;\r\n if (lowerCaseKey.indexOf(clientIdValidation.toLowerCase()) === -1 && lowerCaseKey.indexOf(familyIdValidation.toLowerCase()) === -1) {\r\n return false;\r\n }\r\n } else if (lowerCaseKey.indexOf(this.clientId.toLowerCase()) === -1) {\r\n // Tokens must contain the clientId\r\n return false;\r\n }\r\n\r\n return true;\r\n }\r\n\r\n /**\r\n * Returns whether or not the given credential entity matches the filter\r\n * @param entity \r\n * @param filter \r\n * @returns \r\n */\r\n credentialMatchesFilter(entity: ValidCredentialType, filter: CredentialFilter): boolean {\r\n if (!!filter.clientId && !this.matchClientId(entity, filter.clientId)) {\r\n return false;\r\n }\r\n\r\n if (!!filter.userAssertionHash && !this.matchUserAssertionHash(entity, filter.userAssertionHash)) {\r\n return false;\r\n }\r\n\r\n /*\r\n * homeAccountId can be undefined, and we want to filter out cached items that have a homeAccountId of \"\"\r\n * because we don't want a client_credential request to return a cached token that has a homeAccountId\r\n */\r\n if ((typeof filter.homeAccountId === \"string\") && !this.matchHomeAccountId(entity, filter.homeAccountId)) {\r\n return false;\r\n }\r\n\r\n if (!!filter.environment && !this.matchEnvironment(entity, filter.environment)) {\r\n return false;\r\n }\r\n\r\n if (!!filter.realm && !this.matchRealm(entity, filter.realm)) {\r\n return false;\r\n }\r\n\r\n if (!!filter.credentialType && !this.matchCredentialType(entity, filter.credentialType)) {\r\n return false;\r\n }\r\n\r\n if (!!filter.familyId && !this.matchFamilyId(entity, filter.familyId)) {\r\n return false;\r\n }\r\n\r\n /*\r\n * idTokens do not have \"target\", target specific refreshTokens do exist for some types of authentication\r\n * Resource specific refresh tokens case will be added when the support is deemed necessary\r\n */\r\n if (!!filter.target && !this.matchTarget(entity, filter.target)) {\r\n return false;\r\n }\r\n\r\n // If request OR cached entity has requested Claims Hash, check if they match\r\n if (filter.requestedClaimsHash || entity.requestedClaimsHash) {\r\n // Don't match if either is undefined or they are different\r\n if (entity.requestedClaimsHash !== filter.requestedClaimsHash) {\r\n return false;\r\n }\r\n }\r\n\r\n // Access Token with Auth Scheme specific matching\r\n if (entity.credentialType === CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME) {\r\n if(!!filter.tokenType && !this.matchTokenType(entity, filter.tokenType)) {\r\n return false;\r\n }\r\n\r\n // KeyId (sshKid) in request must match cached SSH certificate keyId because SSH cert is bound to a specific key\r\n if (filter.tokenType === AuthenticationScheme.SSH) {\r\n if(filter.keyId && !this.matchKeyId(entity, filter.keyId)) {\r\n return false;\r\n }\r\n }\r\n }\r\n\r\n return true;\r\n }\r\n\r\n /**\r\n * retrieve appMetadata matching all provided filters; if no filter is set, get all appMetadata\r\n * @param filter\r\n */\r\n getAppMetadataFilteredBy(filter: AppMetadataFilter): AppMetadataCache {\r\n return this.getAppMetadataFilteredByInternal(\r\n filter.environment,\r\n filter.clientId,\r\n );\r\n }\r\n\r\n /**\r\n * Support function to help match appMetadata\r\n * @param environment\r\n * @param clientId\r\n */\r\n private getAppMetadataFilteredByInternal(\r\n environment?: string,\r\n clientId?: string\r\n ): AppMetadataCache {\r\n\r\n const allCacheKeys = this.getKeys();\r\n const matchingAppMetadata: AppMetadataCache = {};\r\n\r\n allCacheKeys.forEach((cacheKey) => {\r\n // don't parse any non-appMetadata type cache entities\r\n if (!this.isAppMetadata(cacheKey)) {\r\n return;\r\n }\r\n\r\n // Attempt retrieval\r\n const entity = this.getAppMetadata(cacheKey);\r\n\r\n if (!entity) {\r\n return;\r\n }\r\n\r\n if (!!environment && !this.matchEnvironment(entity, environment)) {\r\n return;\r\n }\r\n\r\n if (!!clientId && !this.matchClientId(entity, clientId)) {\r\n return;\r\n }\r\n\r\n matchingAppMetadata[cacheKey] = entity;\r\n\r\n });\r\n\r\n return matchingAppMetadata;\r\n }\r\n\r\n /**\r\n * retrieve authorityMetadata that contains a matching alias\r\n * @param filter\r\n */\r\n getAuthorityMetadataByAlias(host: string): AuthorityMetadataEntity | null {\r\n const allCacheKeys = this.getAuthorityMetadataKeys();\r\n let matchedEntity = null;\r\n\r\n allCacheKeys.forEach((cacheKey) => {\r\n // don't parse any non-authorityMetadata type cache entities\r\n if (!this.isAuthorityMetadata(cacheKey) || cacheKey.indexOf(this.clientId) === -1) {\r\n return;\r\n }\r\n\r\n // Attempt retrieval\r\n const entity = this.getAuthorityMetadata(cacheKey);\r\n\r\n if (!entity) {\r\n return;\r\n }\r\n\r\n if (entity.aliases.indexOf(host) === -1) {\r\n return;\r\n }\r\n\r\n matchedEntity = entity;\r\n\r\n });\r\n\r\n return matchedEntity;\r\n }\r\n\r\n /**\r\n * Removes all accounts and related tokens from cache.\r\n */\r\n async removeAllAccounts(): Promise {\r\n const allAccountKeys = this.getAccountKeys();\r\n const removedAccounts: Array> = [];\r\n\r\n allAccountKeys.forEach((cacheKey) => {\r\n removedAccounts.push(this.removeAccount(cacheKey));\r\n });\r\n\r\n await Promise.all(removedAccounts);\r\n }\r\n\r\n /**\r\n * Removes the account and related tokens for a given account key\r\n * @param account\r\n */\r\n async removeAccount(accountKey: string): Promise {\r\n const account = this.getAccount(accountKey);\r\n if (!account) {\r\n throw ClientAuthError.createNoAccountFoundError();\r\n }\r\n await this.removeAccountContext(account);\r\n this.removeItem(accountKey);\r\n }\r\n\r\n /**\r\n * Removes credentials associated with the provided account\r\n * @param account\r\n */\r\n async removeAccountContext(account: AccountEntity): Promise {\r\n const allTokenKeys = this.getTokenKeys();\r\n const accountId = account.generateAccountId();\r\n const removedCredentials: Array> = [];\r\n\r\n allTokenKeys.idToken.forEach((key) => {\r\n if (key.indexOf(accountId) === 0) {\r\n this.removeIdToken(key);\r\n }\r\n });\r\n\r\n allTokenKeys.accessToken.forEach((key) => {\r\n if (key.indexOf(accountId) === 0) {\r\n removedCredentials.push(this.removeAccessToken(key));\r\n }\r\n });\r\n\r\n allTokenKeys.refreshToken.forEach((key) => {\r\n if (key.indexOf(accountId) === 0) {\r\n this.removeRefreshToken(key);\r\n }\r\n });\r\n\r\n await Promise.all(removedCredentials);\r\n }\r\n\r\n /**\r\n * returns a boolean if the given credential is removed\r\n * @param credential\r\n */\r\n async removeAccessToken(key: string): Promise {\r\n const credential = this.getAccessTokenCredential(key);\r\n if (!credential) {\r\n return;\r\n }\r\n\r\n // Remove Token Binding Key from key store for PoP Tokens Credentials\r\n if (credential.credentialType.toLowerCase() === CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) {\r\n if(credential.tokenType === AuthenticationScheme.POP) {\r\n const accessTokenWithAuthSchemeEntity = credential as AccessTokenEntity;\r\n const kid = accessTokenWithAuthSchemeEntity.keyId;\r\n\r\n if (kid) {\r\n try {\r\n await this.cryptoImpl.removeTokenBindingKey(kid);\r\n } catch (error) {\r\n throw ClientAuthError.createBindingKeyNotRemovedError();\r\n }\r\n }\r\n }\r\n }\r\n\r\n return this.removeItem(key);\r\n }\r\n\r\n /**\r\n * Removes all app metadata objects from cache.\r\n */\r\n removeAppMetadata(): boolean {\r\n const allCacheKeys = this.getKeys();\r\n allCacheKeys.forEach((cacheKey) => {\r\n if (this.isAppMetadata(cacheKey)) {\r\n this.removeItem(cacheKey);\r\n }\r\n });\r\n\r\n return true;\r\n }\r\n\r\n /**\r\n * Retrieve the cached credentials into a cacherecord\r\n * @param account\r\n * @param clientId\r\n * @param scopes\r\n * @param environment\r\n * @param authScheme\r\n */\r\n readCacheRecord(account: AccountInfo, request: BaseAuthRequest, environment: string): CacheRecord {\r\n const tokenKeys = this.getTokenKeys();\r\n const cachedAccount = this.readAccountFromCache(account);\r\n const cachedIdToken = this.getIdToken(account, tokenKeys);\r\n const cachedAccessToken = this.getAccessToken(account, request, tokenKeys);\r\n const cachedRefreshToken = this.getRefreshToken(account, false, tokenKeys);\r\n const cachedAppMetadata = this.readAppMetadataFromCache(environment);\r\n\r\n if (cachedAccount && cachedIdToken) {\r\n cachedAccount.idTokenClaims = new AuthToken(cachedIdToken.secret, this.cryptoImpl).claims;\r\n }\r\n\r\n return {\r\n account: cachedAccount,\r\n idToken: cachedIdToken,\r\n accessToken: cachedAccessToken,\r\n refreshToken: cachedRefreshToken,\r\n appMetadata: cachedAppMetadata,\r\n };\r\n }\r\n\r\n /**\r\n * Retrieve AccountEntity from cache\r\n * @param account\r\n */\r\n readAccountFromCache(account: AccountInfo): AccountEntity | null {\r\n const accountKey: string = AccountEntity.generateAccountCacheKey(account);\r\n return this.getAccount(accountKey);\r\n }\r\n\r\n /**\r\n * Retrieve IdTokenEntity from cache\r\n * @param clientId\r\n * @param account\r\n * @param inputRealm\r\n */\r\n getIdToken(account: AccountInfo, tokenKeys?: TokenKeys): IdTokenEntity | null {\r\n this.commonLogger.trace(\"CacheManager - getIdToken called\");\r\n const idTokenFilter: CredentialFilter = {\r\n homeAccountId: account.homeAccountId,\r\n environment: account.environment,\r\n credentialType: CredentialType.ID_TOKEN,\r\n clientId: this.clientId,\r\n realm: account.tenantId,\r\n };\r\n\r\n const idTokens: IdTokenEntity[] = this.getIdTokensByFilter(idTokenFilter, tokenKeys);\r\n const numIdTokens = idTokens.length;\r\n\r\n if (numIdTokens < 1) {\r\n this.commonLogger.info(\"CacheManager:getIdToken - No token found\");\r\n return null;\r\n } else if (numIdTokens > 1) {\r\n this.commonLogger.info(\r\n \"CacheManager:getIdToken - Multiple id tokens found, clearing them\"\r\n );\r\n idTokens.forEach((idToken) => {\r\n this.removeIdToken(idToken.generateCredentialKey());\r\n });\r\n return null;\r\n }\r\n\r\n this.commonLogger.info(\"CacheManager:getIdToken - Returning id token\");\r\n return idTokens[0];\r\n }\r\n\r\n /**\r\n * Gets all idTokens matching the given filter\r\n * @param filter \r\n * @returns \r\n */\r\n getIdTokensByFilter(filter: CredentialFilter, tokenKeys?: TokenKeys): IdTokenEntity[] {\r\n const idTokenKeys = tokenKeys && tokenKeys.idToken || this.getTokenKeys().idToken;\r\n\r\n const idTokens: IdTokenEntity[] = [];\r\n idTokenKeys.forEach((key) => {\r\n if (!this.idTokenKeyMatchesFilter(key, {clientId: this.clientId, ...filter})) {\r\n return;\r\n }\r\n\r\n const idToken = this.getIdTokenCredential(key);\r\n if (idToken && this.credentialMatchesFilter(idToken, filter)) {\r\n idTokens.push(idToken);\r\n }\r\n });\r\n\r\n return idTokens;\r\n }\r\n\r\n /**\r\n * Validate the cache key against filter before retrieving and parsing cache value\r\n * @param key \r\n * @param filter\r\n * @returns \r\n */\r\n idTokenKeyMatchesFilter(inputKey: string, filter: CredentialFilter): boolean {\r\n const key = inputKey.toLowerCase();\r\n if (filter.clientId && key.indexOf(filter.clientId.toLowerCase()) === -1) {\r\n return false;\r\n }\r\n\r\n if (filter.homeAccountId && key.indexOf(filter.homeAccountId.toLowerCase()) === -1) {\r\n return false;\r\n }\r\n\r\n return true;\r\n }\r\n\r\n /**\r\n * Removes idToken from the cache\r\n * @param key \r\n */\r\n removeIdToken(key: string): void {\r\n this.removeItem(key);\r\n }\r\n\r\n /**\r\n * Removes refresh token from the cache\r\n * @param key \r\n */\r\n removeRefreshToken(key: string): void {\r\n this.removeItem(key);\r\n }\r\n\r\n /**\r\n * Retrieve AccessTokenEntity from cache\r\n * @param clientId\r\n * @param account\r\n * @param scopes\r\n * @param authScheme\r\n */\r\n getAccessToken(account: AccountInfo, request: BaseAuthRequest, tokenKeys?: TokenKeys): AccessTokenEntity | null {\r\n this.commonLogger.trace(\"CacheManager - getAccessToken called\");\r\n const scopes = ScopeSet.createSearchScopes(request.scopes);\r\n const authScheme = request.authenticationScheme || AuthenticationScheme.BEARER;\r\n /*\r\n * Distinguish between Bearer and PoP/SSH token cache types\r\n * Cast to lowercase to handle \"bearer\" from ADFS\r\n */\r\n const credentialType = (authScheme && authScheme.toLowerCase() !== AuthenticationScheme.BEARER.toLowerCase()) ? CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME : CredentialType.ACCESS_TOKEN;\r\n\r\n const accessTokenFilter: CredentialFilter = {\r\n homeAccountId: account.homeAccountId,\r\n environment: account.environment,\r\n credentialType: credentialType,\r\n clientId: this.clientId,\r\n realm: account.tenantId,\r\n target: scopes,\r\n tokenType: authScheme,\r\n keyId: request.sshKid,\r\n requestedClaimsHash: request.requestedClaimsHash,\r\n };\r\n\r\n const accessTokenKeys = tokenKeys && tokenKeys.accessToken || this.getTokenKeys().accessToken;\r\n const accessTokens: AccessTokenEntity[] = [];\r\n\r\n accessTokenKeys.forEach((key) => {\r\n // Validate key\r\n if (this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)) {\r\n const accessToken = this.getAccessTokenCredential(key);\r\n\r\n // Validate value\r\n if (accessToken && this.credentialMatchesFilter(accessToken, accessTokenFilter)) {\r\n accessTokens.push(accessToken);\r\n }\r\n }\r\n });\r\n\r\n const numAccessTokens = accessTokens.length;\r\n if (numAccessTokens < 1) {\r\n this.commonLogger.info(\"CacheManager:getAccessToken - No token found\");\r\n return null;\r\n } else if (numAccessTokens > 1) {\r\n this.commonLogger.info(\r\n \"CacheManager:getAccessToken - Multiple access tokens found, clearing them\"\r\n );\r\n accessTokens.forEach((accessToken) => {\r\n this.removeAccessToken(accessToken.generateCredentialKey());\r\n });\r\n return null;\r\n }\r\n\r\n this.commonLogger.info(\"CacheManager:getAccessToken - Returning access token\");\r\n return accessTokens[0];\r\n }\r\n\r\n /**\r\n * Validate the cache key against filter before retrieving and parsing cache value\r\n * @param key \r\n * @param filter \r\n * @param keyMustContainAllScopes \r\n * @returns \r\n */\r\n accessTokenKeyMatchesFilter(inputKey: string, filter: CredentialFilter, keyMustContainAllScopes: boolean): boolean {\r\n const key = inputKey.toLowerCase();\r\n if (filter.clientId && key.indexOf(filter.clientId.toLowerCase()) === -1) {\r\n return false;\r\n }\r\n\r\n if (filter.homeAccountId && key.indexOf(filter.homeAccountId.toLowerCase()) === -1) {\r\n return false;\r\n }\r\n\r\n if (filter.realm && key.indexOf(filter.realm.toLowerCase()) === -1) {\r\n return false;\r\n }\r\n\r\n if (filter.requestedClaimsHash && key.indexOf(filter.requestedClaimsHash.toLowerCase()) === -1) {\r\n return false;\r\n }\r\n\r\n if (filter.target) {\r\n const scopes = filter.target.asArray();\r\n for (let i = 0; i < scopes.length; i++) {\r\n if (keyMustContainAllScopes && !key.includes(scopes[i].toLowerCase())) {\r\n // When performing a cache lookup a missing scope would be a cache miss\r\n return false;\r\n } else if (!keyMustContainAllScopes && key.includes(scopes[i].toLowerCase())) {\r\n // When performing a cache write, any token with a subset of requested scopes should be replaced\r\n return true;\r\n }\r\n }\r\n }\r\n\r\n return true;\r\n }\r\n\r\n /**\r\n * Gets all access tokens matching the filter\r\n * @param filter \r\n * @returns \r\n */\r\n getAccessTokensByFilter(filter: CredentialFilter): AccessTokenEntity[] {\r\n const tokenKeys = this.getTokenKeys();\r\n\r\n const accessTokens: AccessTokenEntity[] = [];\r\n tokenKeys.accessToken.forEach((key) => {\r\n if (!this.accessTokenKeyMatchesFilter(key, filter, true)) {\r\n return;\r\n }\r\n\r\n const accessToken = this.getAccessTokenCredential(key);\r\n if (accessToken && this.credentialMatchesFilter(accessToken, filter)) {\r\n accessTokens.push(accessToken);\r\n }\r\n });\r\n\r\n return accessTokens;\r\n }\r\n\r\n /**\r\n * Helper to retrieve the appropriate refresh token from cache\r\n * @param clientId\r\n * @param account\r\n * @param familyRT\r\n */\r\n getRefreshToken(account: AccountInfo, familyRT: boolean, tokenKeys?: TokenKeys): RefreshTokenEntity | null {\r\n this.commonLogger.trace(\"CacheManager - getRefreshToken called\");\r\n const id = familyRT ? THE_FAMILY_ID : undefined;\r\n const refreshTokenFilter: CredentialFilter = {\r\n homeAccountId: account.homeAccountId,\r\n environment: account.environment,\r\n credentialType: CredentialType.REFRESH_TOKEN,\r\n clientId: this.clientId,\r\n familyId: id,\r\n };\r\n\r\n const refreshTokenKeys = tokenKeys && tokenKeys.refreshToken || this.getTokenKeys().refreshToken;\r\n const refreshTokens: RefreshTokenEntity[] = [];\r\n\r\n refreshTokenKeys.forEach((key) => {\r\n // Validate key\r\n if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) {\r\n const refreshToken = this.getRefreshTokenCredential(key);\r\n // Validate value\r\n if (refreshToken && this.credentialMatchesFilter(refreshToken, refreshTokenFilter)) {\r\n refreshTokens.push(refreshToken);\r\n }\r\n }\r\n });\r\n\r\n const numRefreshTokens = refreshTokens.length;\r\n if (numRefreshTokens < 1) {\r\n this.commonLogger.info(\"CacheManager:getRefreshToken - No refresh token found.\");\r\n return null;\r\n }\r\n // address the else case after remove functions address environment aliases\r\n\r\n this.commonLogger.info(\"CacheManager:getRefreshToken - returning refresh token\");\r\n return refreshTokens[0] as RefreshTokenEntity;\r\n }\r\n\r\n /**\r\n * Validate the cache key against filter before retrieving and parsing cache value\r\n * @param key\r\n * @param filter\r\n */\r\n refreshTokenKeyMatchesFilter(inputKey: string, filter: CredentialFilter): boolean {\r\n const key = inputKey.toLowerCase();\r\n if (filter.familyId && key.indexOf(filter.familyId.toLowerCase()) === -1) {\r\n return false;\r\n }\r\n\r\n // If familyId is used, clientId is not in the key\r\n if (!filter.familyId && filter.clientId && key.indexOf(filter.clientId.toLowerCase()) === -1) {\r\n return false;\r\n }\r\n\r\n if (filter.homeAccountId && key.indexOf(filter.homeAccountId.toLowerCase()) === -1) {\r\n return false;\r\n }\r\n\r\n return true;\r\n }\r\n\r\n /**\r\n * Retrieve AppMetadataEntity from cache\r\n */\r\n readAppMetadataFromCache(environment: string): AppMetadataEntity | null {\r\n const appMetadataFilter: AppMetadataFilter = {\r\n environment,\r\n clientId: this.clientId,\r\n };\r\n\r\n const appMetadata: AppMetadataCache = this.getAppMetadataFilteredBy(appMetadataFilter);\r\n const appMetadataEntries: AppMetadataEntity[] = Object.keys(appMetadata).map((key) => appMetadata[key]);\r\n\r\n const numAppMetadata = appMetadataEntries.length;\r\n if (numAppMetadata < 1) {\r\n return null;\r\n } else if (numAppMetadata > 1) {\r\n throw ClientAuthError.createMultipleMatchingAppMetadataInCacheError();\r\n }\r\n\r\n return appMetadataEntries[0] as AppMetadataEntity;\r\n }\r\n\r\n /**\r\n * Return the family_id value associated with FOCI\r\n * @param environment\r\n * @param clientId\r\n */\r\n isAppMetadataFOCI(environment: string): boolean {\r\n const appMetadata = this.readAppMetadataFromCache(environment);\r\n return !!(appMetadata && appMetadata.familyId === THE_FAMILY_ID);\r\n }\r\n\r\n /**\r\n * helper to match account ids\r\n * @param value\r\n * @param homeAccountId\r\n */\r\n private matchHomeAccountId(entity: AccountEntity | CredentialEntity, homeAccountId: string): boolean {\r\n return !!((typeof entity.homeAccountId === \"string\") && (homeAccountId === entity.homeAccountId));\r\n }\r\n\r\n /**\r\n * helper to match account ids\r\n * @param entity \r\n * @param localAccountId \r\n * @returns \r\n */\r\n private matchLocalAccountId(entity: AccountEntity, localAccountId: string): boolean {\r\n return !!((typeof entity.localAccountId === \"string\") && (localAccountId === entity.localAccountId));\r\n }\r\n\r\n /**\r\n * helper to match usernames\r\n * @param entity \r\n * @param username \r\n * @returns \r\n */\r\n private matchUsername(entity: AccountEntity, username: string): boolean {\r\n return !!((typeof entity.username === \"string\") && (username.toLowerCase() === entity.username.toLowerCase()));\r\n }\r\n\r\n /**\r\n * helper to match assertion\r\n * @param value\r\n * @param oboAssertion\r\n */\r\n private matchUserAssertionHash(entity: CredentialEntity, userAssertionHash: string): boolean {\r\n return !!(entity.userAssertionHash && userAssertionHash === entity.userAssertionHash);\r\n }\r\n\r\n /**\r\n * helper to match environment\r\n * @param value\r\n * @param environment\r\n */\r\n private matchEnvironment(entity: AccountEntity | CredentialEntity | AppMetadataEntity, environment: string): boolean {\r\n const cloudMetadata = this.getAuthorityMetadataByAlias(environment);\r\n if (cloudMetadata && cloudMetadata.aliases.indexOf(entity.environment) > -1) {\r\n return true;\r\n }\r\n\r\n return false;\r\n }\r\n\r\n /**\r\n * helper to match credential type\r\n * @param entity\r\n * @param credentialType\r\n */\r\n private matchCredentialType(entity: CredentialEntity, credentialType: string): boolean {\r\n return (entity.credentialType && credentialType.toLowerCase() === entity.credentialType.toLowerCase());\r\n }\r\n\r\n /**\r\n * helper to match client ids\r\n * @param entity\r\n * @param clientId\r\n */\r\n private matchClientId(entity: CredentialEntity | AppMetadataEntity, clientId: string): boolean {\r\n return !!(entity.clientId && clientId === entity.clientId);\r\n }\r\n\r\n /**\r\n * helper to match family ids\r\n * @param entity\r\n * @param familyId\r\n */\r\n private matchFamilyId(entity: CredentialEntity | AppMetadataEntity, familyId: string): boolean {\r\n return !!(entity.familyId && familyId === entity.familyId);\r\n }\r\n\r\n /**\r\n * helper to match realm\r\n * @param entity\r\n * @param realm\r\n */\r\n private matchRealm(entity: AccountEntity | CredentialEntity, realm: string): boolean {\r\n return !!(entity.realm && realm === entity.realm);\r\n }\r\n\r\n /**\r\n * helper to match nativeAccountId\r\n * @param entity\r\n * @param nativeAccountId\r\n * @returns boolean indicating the match result\r\n */\r\n private matchNativeAccountId(entity: AccountEntity, nativeAccountId: string): boolean {\r\n return !!(entity.nativeAccountId && nativeAccountId === entity.nativeAccountId);\r\n }\r\n\r\n /**\r\n * Returns true if the target scopes are a subset of the current entity's scopes, false otherwise.\r\n * @param entity\r\n * @param target\r\n */\r\n private matchTarget(entity: CredentialEntity, target: ScopeSet): boolean {\r\n const isNotAccessTokenCredential = (entity.credentialType !== CredentialType.ACCESS_TOKEN && entity.credentialType !== CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME);\r\n\r\n if ( isNotAccessTokenCredential || !entity.target) {\r\n return false;\r\n }\r\n\r\n const entityScopeSet: ScopeSet = ScopeSet.fromString(entity.target);\r\n\r\n return entityScopeSet.containsScopeSet(target);\r\n }\r\n\r\n /**\r\n * Returns true if the credential's tokenType or Authentication Scheme matches the one in the request, false otherwise\r\n * @param entity\r\n * @param tokenType\r\n */\r\n private matchTokenType(entity: CredentialEntity, tokenType: AuthenticationScheme): boolean {\r\n return !!(entity.tokenType && entity.tokenType === tokenType);\r\n }\r\n\r\n /**\r\n * Returns true if the credential's keyId matches the one in the request, false otherwise\r\n * @param entity\r\n * @param tokenType\r\n */\r\n private matchKeyId(entity: CredentialEntity, keyId: string): boolean {\r\n return !!(entity.keyId && entity.keyId === keyId);\r\n }\r\n\r\n /**\r\n * returns if a given cache entity is of the type appmetadata\r\n * @param key\r\n */\r\n private isAppMetadata(key: string): boolean {\r\n return key.indexOf(APP_METADATA) !== -1;\r\n }\r\n\r\n /**\r\n * returns if a given cache entity is of the type authoritymetadata\r\n * @param key\r\n */\r\n protected isAuthorityMetadata(key: string): boolean {\r\n return key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) !== -1;\r\n }\r\n\r\n /**\r\n * returns cache key used for cloud instance metadata\r\n */\r\n generateAuthorityMetadataCacheKey(authority: string): string {\r\n return `${AUTHORITY_METADATA_CONSTANTS.CACHE_KEY}-${this.clientId}-${authority}`;\r\n }\r\n\r\n /**\r\n * Helper to convert serialized data to object\r\n * @param obj\r\n * @param json\r\n */\r\n static toObject(obj: T, json: object): T {\r\n for (const propertyName in json) {\r\n obj[propertyName] = json[propertyName];\r\n }\r\n return obj;\r\n }\r\n}\r\n\r\nexport class DefaultStorageClass extends CacheManager {\r\n setAccount(): void {\r\n const notImplErr = \"Storage interface - setAccount() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getAccount(): AccountEntity {\r\n const notImplErr = \"Storage interface - getAccount() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n setIdTokenCredential(): void {\r\n const notImplErr = \"Storage interface - setIdTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getIdTokenCredential(): IdTokenEntity {\r\n const notImplErr = \"Storage interface - getIdTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n setAccessTokenCredential(): void {\r\n const notImplErr = \"Storage interface - setAccessTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getAccessTokenCredential(): AccessTokenEntity {\r\n const notImplErr = \"Storage interface - getAccessTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n setRefreshTokenCredential(): void {\r\n const notImplErr = \"Storage interface - setRefreshTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getRefreshTokenCredential(): RefreshTokenEntity {\r\n const notImplErr = \"Storage interface - getRefreshTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n setAppMetadata(): void {\r\n const notImplErr = \"Storage interface - setAppMetadata() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getAppMetadata(): AppMetadataEntity {\r\n const notImplErr = \"Storage interface - getAppMetadata() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n setServerTelemetry(): void {\r\n const notImplErr = \"Storage interface - setServerTelemetry() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getServerTelemetry(): ServerTelemetryEntity {\r\n const notImplErr = \"Storage interface - getServerTelemetry() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n setAuthorityMetadata(): void {\r\n const notImplErr = \"Storage interface - setAuthorityMetadata() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getAuthorityMetadata(): AuthorityMetadataEntity | null {\r\n const notImplErr = \"Storage interface - getAuthorityMetadata() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getAuthorityMetadataKeys(): Array {\r\n const notImplErr = \"Storage interface - getAuthorityMetadataKeys() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n setThrottlingCache(): void {\r\n const notImplErr = \"Storage interface - setThrottlingCache() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getThrottlingCache(): ThrottlingEntity {\r\n const notImplErr = \"Storage interface - getThrottlingCache() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n removeItem(): boolean {\r\n const notImplErr = \"Storage interface - removeItem() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n containsKey(): boolean {\r\n const notImplErr = \"Storage interface - containsKey() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getKeys(): string[] {\r\n const notImplErr = \"Storage interface - getKeys() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getAccountKeys(): string[] {\r\n const notImplErr = \"Storage interface - getAccountKeys() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n getTokenKeys(): TokenKeys {\r\n const notImplErr = \"Storage interface - getTokenKeys() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n async clear(): Promise {\r\n const notImplErr = \"Storage interface - clear() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n updateCredentialCacheKey(): string {\r\n const notImplErr = \"Storage interface - updateCredentialCacheKey() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * Utility class which exposes functions for managing date and time operations.\r\n */\r\nexport class TimeUtils {\r\n\r\n /**\r\n * return the current time in Unix time (seconds).\r\n */\r\n static nowSeconds(): number {\r\n // Date.getTime() returns in milliseconds.\r\n return Math.round(new Date().getTime() / 1000.0);\r\n }\r\n \r\n /**\r\n * check if a token is expired based on given UTC time in seconds.\r\n * @param expiresOn\r\n */\r\n static isTokenExpired(expiresOn: string, offset: number): boolean {\r\n // check for access token expiry\r\n const expirationSec = Number(expiresOn) || 0;\r\n const offsetCurrentTimeSec = TimeUtils.nowSeconds() + offset;\r\n\r\n // If current time + offset is greater than token expiration time, then token is expired.\r\n return (offsetCurrentTimeSec > expirationSec);\r\n }\r\n\r\n /**\r\n * If the current time is earlier than the time that a token was cached at, we must discard the token\r\n * i.e. The system clock was turned back after acquiring the cached token\r\n * @param cachedAt \r\n * @param offset \r\n */\r\n static wasClockTurnedBack(cachedAt: string): boolean {\r\n const cachedAtSec = Number(cachedAt);\r\n\r\n return cachedAtSec > TimeUtils.nowSeconds();\r\n }\r\n\r\n /**\r\n * Waits for t number of milliseconds\r\n * @param t number\r\n * @param value T\r\n */\r\n static delay(t: number, value?: T): Promise {\r\n return new Promise((resolve) => setTimeout(() => resolve(value), t));\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { CredentialEntity } from \"./CredentialEntity\";\r\nimport { CredentialType, AuthenticationScheme } from \"../../utils/Constants\";\r\nimport { TimeUtils } from \"../../utils/TimeUtils\";\r\nimport { StringUtils } from \"../../utils/StringUtils\";\r\nimport { ICrypto } from \"../../crypto/ICrypto\";\r\nimport { TokenClaims } from \"../../account/TokenClaims\";\r\nimport { AuthToken } from \"../../account/AuthToken\";\r\nimport { ClientAuthError } from \"../../error/ClientAuthError\";\r\n\r\n/**\r\n * ACCESS_TOKEN Credential Type\r\n *\r\n * Key:Value Schema:\r\n *\r\n * Key Example: uid.utid-login.microsoftonline.com-accesstoken-clientId-contoso.com-user.read\r\n *\r\n * Value Schema:\r\n * {\r\n * homeAccountId: home account identifier for the auth scheme,\r\n * environment: entity that issued the token, represented as a full host\r\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\r\n * clientId: client ID of the application\r\n * secret: Actual credential as a string\r\n * familyId: Family ID identifier, usually only used for refresh tokens\r\n * realm: Full tenant or organizational identifier that the account belongs to\r\n * target: Permissions that are included in the token, or for refresh tokens, the resource identifier.\r\n * cachedAt: Absolute device time when entry was created in the cache.\r\n * expiresOn: Token expiry time, calculated based on current UTC time in seconds. Represented as a string.\r\n * extendedExpiresOn: Additional extended expiry time until when token is valid in case of server-side outage. Represented as string in UTC seconds.\r\n * keyId: used for POP and SSH tokenTypes\r\n * tokenType: Type of the token issued. Usually \"Bearer\"\r\n * }\r\n */\r\nexport class AccessTokenEntity extends CredentialEntity {\r\n realm: string;\r\n target: string;\r\n cachedAt: string;\r\n expiresOn: string;\r\n extendedExpiresOn?: string;\r\n refreshOn?: string;\r\n keyId?: string; // for POP and SSH tokenTypes\r\n tokenType?: AuthenticationScheme;\r\n requestedClaims?: string;\r\n requestedClaimsHash?: string;\r\n\r\n /**\r\n * Create AccessTokenEntity\r\n * @param homeAccountId\r\n * @param environment\r\n * @param accessToken\r\n * @param clientId\r\n * @param tenantId\r\n * @param scopes\r\n * @param expiresOn\r\n * @param extExpiresOn\r\n */\r\n static createAccessTokenEntity(\r\n homeAccountId: string,\r\n environment: string,\r\n accessToken: string,\r\n clientId: string,\r\n tenantId: string,\r\n scopes: string,\r\n expiresOn: number,\r\n extExpiresOn: number,\r\n cryptoUtils: ICrypto,\r\n refreshOn?: number,\r\n tokenType?: AuthenticationScheme,\r\n userAssertionHash?:string,\r\n keyId?: string,\r\n requestedClaims?: string,\r\n requestedClaimsHash?: string\r\n ): AccessTokenEntity {\r\n const atEntity: AccessTokenEntity = new AccessTokenEntity();\r\n\r\n atEntity.homeAccountId = homeAccountId;\r\n atEntity.credentialType = CredentialType.ACCESS_TOKEN;\r\n atEntity.secret = accessToken;\r\n\r\n const currentTime = TimeUtils.nowSeconds();\r\n atEntity.cachedAt = currentTime.toString();\r\n\r\n /*\r\n * Token expiry time.\r\n * This value should be calculated based on the current UTC time measured locally and the value expires_in Represented as a string in JSON.\r\n */\r\n atEntity.expiresOn = expiresOn.toString();\r\n atEntity.extendedExpiresOn = extExpiresOn.toString();\r\n if (refreshOn) {\r\n atEntity.refreshOn = refreshOn.toString();\r\n }\r\n\r\n atEntity.environment = environment;\r\n atEntity.clientId = clientId;\r\n atEntity.realm = tenantId;\r\n atEntity.target = scopes;\r\n atEntity.userAssertionHash = userAssertionHash;\r\n\r\n atEntity.tokenType = StringUtils.isEmpty(tokenType) ? AuthenticationScheme.BEARER : tokenType;\r\n\r\n if (requestedClaims) {\r\n atEntity.requestedClaims = requestedClaims;\r\n atEntity.requestedClaimsHash = requestedClaimsHash;\r\n }\r\n\r\n /*\r\n * Create Access Token With Auth Scheme instead of regular access token\r\n * Cast to lower to handle \"bearer\" from ADFS\r\n */\r\n if (atEntity.tokenType?.toLowerCase() !== AuthenticationScheme.BEARER.toLowerCase()) {\r\n atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;\r\n switch (atEntity.tokenType) {\r\n case AuthenticationScheme.POP:\r\n // Make sure keyId is present and add it to credential\r\n const tokenClaims: TokenClaims | null = AuthToken.extractTokenClaims(accessToken, cryptoUtils);\r\n if (!tokenClaims?.cnf?.kid) {\r\n throw ClientAuthError.createTokenClaimsRequiredError();\r\n }\r\n atEntity.keyId = tokenClaims.cnf.kid;\r\n break;\r\n case AuthenticationScheme.SSH:\r\n atEntity.keyId = keyId;\r\n }\r\n }\r\n\r\n return atEntity;\r\n }\r\n\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n static isAccessTokenEntity(entity: object): boolean {\r\n\r\n if (!entity) {\r\n return false;\r\n }\r\n\r\n return (\r\n entity.hasOwnProperty(\"homeAccountId\") &&\r\n entity.hasOwnProperty(\"environment\") &&\r\n entity.hasOwnProperty(\"credentialType\") &&\r\n entity.hasOwnProperty(\"realm\") &&\r\n entity.hasOwnProperty(\"clientId\") &&\r\n entity.hasOwnProperty(\"secret\") &&\r\n entity.hasOwnProperty(\"target\") &&\r\n (entity[\"credentialType\"] === CredentialType.ACCESS_TOKEN || entity[\"credentialType\"] === CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME)\r\n );\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { CredentialEntity } from \"./CredentialEntity\";\r\nimport { CredentialType } from \"../../utils/Constants\";\r\n\r\n/**\r\n * REFRESH_TOKEN Cache\r\n *\r\n * Key:Value Schema:\r\n *\r\n * Key Example: uid.utid-login.microsoftonline.com-refreshtoken-clientId--\r\n *\r\n * Value:\r\n * {\r\n * homeAccountId: home account identifier for the auth scheme,\r\n * environment: entity that issued the token, represented as a full host\r\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\r\n * clientId: client ID of the application\r\n * secret: Actual credential as a string\r\n * familyId: Family ID identifier, '1' represents Microsoft Family\r\n * realm: Full tenant or organizational identifier that the account belongs to\r\n * target: Permissions that are included in the token, or for refresh tokens, the resource identifier.\r\n * }\r\n */\r\nexport class RefreshTokenEntity extends CredentialEntity {\r\n familyId?: string;\r\n\r\n /**\r\n * Create RefreshTokenEntity\r\n * @param homeAccountId\r\n * @param authenticationResult\r\n * @param clientId\r\n * @param authority\r\n */\r\n static createRefreshTokenEntity(\r\n homeAccountId: string,\r\n environment: string,\r\n refreshToken: string,\r\n clientId: string,\r\n familyId?: string,\r\n userAssertionHash?: string\r\n ): RefreshTokenEntity {\r\n const rtEntity = new RefreshTokenEntity();\r\n\r\n rtEntity.clientId = clientId;\r\n rtEntity.credentialType = CredentialType.REFRESH_TOKEN;\r\n rtEntity.environment = environment;\r\n rtEntity.homeAccountId = homeAccountId;\r\n rtEntity.secret = refreshToken;\r\n rtEntity.userAssertionHash = userAssertionHash;\r\n\r\n if (familyId)\r\n rtEntity.familyId = familyId;\r\n\r\n return rtEntity;\r\n }\r\n\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n static isRefreshTokenEntity(entity: object): boolean {\r\n\r\n if (!entity) {\r\n return false;\r\n }\r\n\r\n return (\r\n entity.hasOwnProperty(\"homeAccountId\") &&\r\n entity.hasOwnProperty(\"environment\") &&\r\n entity.hasOwnProperty(\"credentialType\") &&\r\n entity.hasOwnProperty(\"clientId\") &&\r\n entity.hasOwnProperty(\"secret\") &&\r\n entity[\"credentialType\"] === CredentialType.REFRESH_TOKEN\r\n );\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { APP_METADATA, Separators } from \"../../utils/Constants\";\r\n\r\n/**\r\n * APP_METADATA Cache\r\n *\r\n * Key:Value Schema:\r\n *\r\n * Key: appmetadata--\r\n *\r\n * Value:\r\n * {\r\n * clientId: client ID of the application\r\n * environment: entity that issued the token, represented as a full host\r\n * familyId: Family ID identifier, '1' represents Microsoft Family\r\n * }\r\n */\r\nexport class AppMetadataEntity {\r\n clientId: string;\r\n environment: string;\r\n familyId?: string;\r\n\r\n /**\r\n * Generate AppMetadata Cache Key as per the schema: appmetadata--\r\n */\r\n generateAppMetadataKey(): string {\r\n return AppMetadataEntity.generateAppMetadataCacheKey(this.environment, this.clientId);\r\n }\r\n\r\n /**\r\n * Generate AppMetadata Cache Key\r\n */\r\n static generateAppMetadataCacheKey(environment: string, clientId: string): string {\r\n const appMetaDataKeyArray: Array = [\r\n APP_METADATA,\r\n environment,\r\n clientId,\r\n ];\r\n return appMetaDataKeyArray.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n }\r\n\r\n /**\r\n * Creates AppMetadataEntity\r\n * @param clientId\r\n * @param environment\r\n * @param familyId\r\n */\r\n static createAppMetadataEntity(clientId: string, environment: string, familyId?: string): AppMetadataEntity {\r\n const appMetadata = new AppMetadataEntity();\r\n\r\n appMetadata.clientId = clientId;\r\n appMetadata.environment = environment;\r\n if (familyId) {\r\n appMetadata.familyId = familyId;\r\n }\r\n\r\n return appMetadata;\r\n }\r\n\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n static isAppMetadataEntity(key: string, entity: object): boolean {\r\n\r\n if (!entity) {\r\n return false;\r\n }\r\n\r\n return (\r\n key.indexOf(APP_METADATA) === 0 &&\r\n entity.hasOwnProperty(\"clientId\") &&\r\n entity.hasOwnProperty(\"environment\")\r\n );\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { SERVER_TELEM_CONSTANTS } from \"../../utils/Constants\";\r\n\r\nexport class ServerTelemetryEntity {\r\n failedRequests: Array;\r\n errors: string[];\r\n cacheHits: number;\r\n\r\n constructor() {\r\n this.failedRequests = [];\r\n this.errors = [];\r\n this.cacheHits = 0;\r\n }\r\n\r\n /**\r\n * validates if a given cache entry is \"Telemetry\", parses \r\n * @param key\r\n * @param entity\r\n */\r\n static isServerTelemetryEntity(key: string, entity?: object): boolean {\r\n\r\n const validateKey: boolean = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0;\r\n let validateEntity: boolean = true;\r\n\r\n if (entity) {\r\n validateEntity =\r\n entity.hasOwnProperty(\"failedRequests\") &&\r\n entity.hasOwnProperty(\"errors\") &&\r\n entity.hasOwnProperty(\"cacheHits\");\r\n }\r\n\r\n return validateKey && validateEntity;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { CloudDiscoveryMetadata } from \"../../authority/CloudDiscoveryMetadata\";\r\nimport { OpenIdConfigResponse } from \"../../authority/OpenIdConfigResponse\";\r\nimport { AUTHORITY_METADATA_CONSTANTS } from \"../../utils/Constants\";\r\nimport { TimeUtils } from \"../../utils/TimeUtils\";\r\n\r\nexport class AuthorityMetadataEntity {\r\n aliases: Array;\r\n preferred_cache: string;\r\n preferred_network: string;\r\n canonical_authority: string;\r\n authorization_endpoint: string;\r\n token_endpoint: string;\r\n end_session_endpoint?: string;\r\n issuer: string;\r\n aliasesFromNetwork: boolean;\r\n endpointsFromNetwork: boolean;\r\n expiresAt: number;\r\n jwks_uri: string;\r\n\r\n constructor() {\r\n this.expiresAt = TimeUtils.nowSeconds() + AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS;\r\n }\r\n\r\n /**\r\n * Update the entity with new aliases, preferred_cache and preferred_network values\r\n * @param metadata \r\n * @param fromNetwork \r\n */\r\n updateCloudDiscoveryMetadata(metadata: CloudDiscoveryMetadata, fromNetwork: boolean): void {\r\n this.aliases = metadata.aliases;\r\n this.preferred_cache = metadata.preferred_cache;\r\n this.preferred_network = metadata.preferred_network;\r\n this.aliasesFromNetwork = fromNetwork;\r\n }\r\n\r\n /**\r\n * Update the entity with new endpoints\r\n * @param metadata \r\n * @param fromNetwork \r\n */\r\n updateEndpointMetadata(metadata: OpenIdConfigResponse, fromNetwork: boolean): void {\r\n this.authorization_endpoint = metadata.authorization_endpoint;\r\n this.token_endpoint = metadata.token_endpoint;\r\n this.end_session_endpoint = metadata.end_session_endpoint;\r\n this.issuer = metadata.issuer;\r\n this.endpointsFromNetwork = fromNetwork;\r\n this.jwks_uri = metadata.jwks_uri;\r\n }\r\n\r\n /**\r\n * Save the authority that was used to create this cache entry\r\n * @param authority \r\n */\r\n updateCanonicalAuthority(authority: string): void {\r\n this.canonical_authority = authority;\r\n }\r\n\r\n /**\r\n * Reset the exiresAt value\r\n */\r\n resetExpiresAt(): void {\r\n this.expiresAt = TimeUtils.nowSeconds() + AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS;\r\n }\r\n\r\n /**\r\n * Returns whether or not the data needs to be refreshed\r\n */\r\n isExpired(): boolean {\r\n return this.expiresAt <= TimeUtils.nowSeconds();\r\n }\r\n\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n static isAuthorityMetadataEntity(key: string, entity: object): boolean {\r\n\r\n if (!entity) {\r\n return false;\r\n }\r\n\r\n return (\r\n key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 &&\r\n entity.hasOwnProperty(\"aliases\") &&\r\n entity.hasOwnProperty(\"preferred_cache\") &&\r\n entity.hasOwnProperty(\"preferred_network\") &&\r\n entity.hasOwnProperty(\"canonical_authority\") &&\r\n entity.hasOwnProperty(\"authorization_endpoint\") &&\r\n entity.hasOwnProperty(\"token_endpoint\") &&\r\n entity.hasOwnProperty(\"issuer\") &&\r\n entity.hasOwnProperty(\"aliasesFromNetwork\") &&\r\n entity.hasOwnProperty(\"endpointsFromNetwork\") &&\r\n entity.hasOwnProperty(\"expiresAt\") &&\r\n entity.hasOwnProperty(\"jwks_uri\")\r\n );\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ThrottlingConstants } from \"../../utils/Constants\";\r\n\r\nexport class ThrottlingEntity {\r\n // Unix-time value representing the expiration of the throttle\r\n throttleTime: number;\r\n // Information provided by the server\r\n error?: string;\r\n errorCodes?: Array;\r\n errorMessage?: string;\r\n subError?: string;\r\n\r\n /**\r\n * validates if a given cache entry is \"Throttling\", parses \r\n * @param key\r\n * @param entity\r\n */\r\n static isThrottlingEntity(key: string, entity?: object): boolean {\r\n \r\n let validateKey: boolean = false;\r\n if (key) {\r\n validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0;\r\n }\r\n \r\n let validateEntity: boolean = true;\r\n if (entity) {\r\n validateEntity = entity.hasOwnProperty(\"throttleTime\");\r\n }\r\n\r\n return validateKey && validateEntity;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { StringUtils } from \"./StringUtils\";\r\nimport { Constants } from \"./Constants\";\r\nimport { ICrypto } from \"../crypto/ICrypto\";\r\nimport { ClientAuthError } from \"../error/ClientAuthError\";\r\n\r\n/**\r\n * Type which defines the object that is stringified, encoded and sent in the state value.\r\n * Contains the following:\r\n * - id - unique identifier for this request\r\n * - ts - timestamp for the time the request was made. Used to ensure that token expiration is not calculated incorrectly.\r\n * - platformState - string value sent from the platform.\r\n */\r\nexport type LibraryStateObject = {\r\n id: string,\r\n meta?: Record\r\n};\r\n\r\n/**\r\n * Type which defines the stringified and encoded object sent to the service in the authorize request.\r\n */\r\nexport type RequestStateObject = {\r\n userRequestState: string,\r\n libraryState: LibraryStateObject\r\n};\r\n\r\n/**\r\n * Class which provides helpers for OAuth 2.0 protocol specific values\r\n */\r\nexport class ProtocolUtils {\r\n\r\n /**\r\n * Appends user state with random guid, or returns random guid.\r\n * @param userState \r\n * @param randomGuid \r\n */\r\n static setRequestState(cryptoObj: ICrypto, userState?: string, meta?: Record): string {\r\n const libraryState = ProtocolUtils.generateLibraryState(cryptoObj, meta);\r\n return !StringUtils.isEmpty(userState) ? `${libraryState}${Constants.RESOURCE_DELIM}${userState}` : libraryState;\r\n }\r\n\r\n /**\r\n * Generates the state value used by the common library.\r\n * @param randomGuid \r\n * @param cryptoObj \r\n */\r\n static generateLibraryState(cryptoObj: ICrypto, meta?: Record): string {\r\n if (!cryptoObj) {\r\n throw ClientAuthError.createNoCryptoObjectError(\"generateLibraryState\");\r\n }\r\n\r\n // Create a state object containing a unique id and the timestamp of the request creation\r\n const stateObj: LibraryStateObject = {\r\n id: cryptoObj.createNewGuid()\r\n };\r\n\r\n if (meta) {\r\n stateObj.meta = meta;\r\n }\r\n\r\n const stateString = JSON.stringify(stateObj);\r\n\r\n return cryptoObj.base64Encode(stateString);\r\n }\r\n\r\n /**\r\n * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.\r\n * @param state \r\n * @param cryptoObj \r\n */\r\n static parseRequestState(cryptoObj: ICrypto, state: string): RequestStateObject {\r\n if (!cryptoObj) {\r\n throw ClientAuthError.createNoCryptoObjectError(\"parseRequestState\");\r\n }\r\n\r\n if (StringUtils.isEmpty(state)) {\r\n throw ClientAuthError.createInvalidStateError(state, \"Null, undefined or empty state\");\r\n }\r\n\r\n try {\r\n // Split the state between library state and user passed state and decode them separately\r\n const splitState = state.split(Constants.RESOURCE_DELIM);\r\n const libraryState = splitState[0];\r\n const userState = splitState.length > 1 ? splitState.slice(1).join(Constants.RESOURCE_DELIM) : Constants.EMPTY_STRING;\r\n const libraryStateString = cryptoObj.base64Decode(libraryState);\r\n const libraryStateObj = JSON.parse(libraryStateString) as LibraryStateObject;\r\n return {\r\n userRequestState: !StringUtils.isEmpty(userState) ? userState : Constants.EMPTY_STRING,\r\n libraryState: libraryStateObj\r\n };\r\n } catch(e) {\r\n throw ClientAuthError.createInvalidStateError(state, e);\r\n }\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * Protocol modes supported by MSAL.\r\n */\r\nexport enum ProtocolMode {\r\n AAD = \"AAD\",\r\n OIDC = \"OIDC\"\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ProtocolMode } from \"./ProtocolMode\";\r\nimport { AzureRegionConfiguration } from \"./AzureRegionConfiguration\";\r\n\r\nexport type AuthorityOptions = {\r\n protocolMode: ProtocolMode;\r\n knownAuthorities: Array;\r\n cloudDiscoveryMetadata: string;\r\n authorityMetadata: string;\r\n skipAuthorityMetadataCache?: boolean;\r\n azureRegionConfiguration?: AzureRegionConfiguration;\r\n};\r\n\r\nexport enum AzureCloudInstance {\r\n // AzureCloudInstance is not specified.\r\n None,\r\n\r\n // Microsoft Azure public cloud\r\n AzurePublic = \"https://login.microsoftonline.com\",\r\n\r\n // Microsoft PPE\r\n AzurePpe = \"https://login.windows-ppe.net\",\r\n\r\n // Microsoft Chinese national cloud\r\n AzureChina = \"https://login.chinacloudapi.cn\",\r\n\r\n // Microsoft German national cloud (\"Black Forest\")\r\n AzureGermany = \"https://login.microsoftonline.de\",\r\n\r\n // US Government cloud\r\n AzureUsGovernment = \"https://login.microsoftonline.us\",\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { BrowserConfigurationAuthError } from \"../error/BrowserConfigurationAuthError\";\r\nimport { BrowserCacheLocation } from \"../utils/BrowserConstants\";\r\nimport { IWindowStorage } from \"./IWindowStorage\";\r\n\r\nexport class BrowserStorage implements IWindowStorage {\r\n\r\n private windowStorage: Storage;\r\n\r\n constructor(cacheLocation: string) {\r\n this.validateWindowStorage(cacheLocation);\r\n this.windowStorage = window[cacheLocation];\r\n }\r\n\r\n private validateWindowStorage(cacheLocation: string): void {\r\n if (cacheLocation !== BrowserCacheLocation.LocalStorage && cacheLocation !== BrowserCacheLocation.SessionStorage) {\r\n throw BrowserConfigurationAuthError.createStorageNotSupportedError(cacheLocation);\r\n }\r\n const storageSupported = !!window[cacheLocation];\r\n if (!storageSupported) {\r\n throw BrowserConfigurationAuthError.createStorageNotSupportedError(cacheLocation);\r\n }\r\n }\r\n\r\n getItem(key: string): string | null {\r\n return this.windowStorage.getItem(key);\r\n }\r\n\r\n setItem(key: string, value: string): void {\r\n this.windowStorage.setItem(key, value);\r\n }\r\n\r\n removeItem(key: string): void {\r\n this.windowStorage.removeItem(key);\r\n }\r\n\r\n getKeys(): string[] {\r\n return Object.keys(this.windowStorage);\r\n }\r\n\r\n containsKey(key: string): boolean {\r\n return this.windowStorage.hasOwnProperty(key);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ServerAuthorizationCodeResponse } from \"../response/ServerAuthorizationCodeResponse\";\r\nimport { ClientConfigurationError } from \"../error/ClientConfigurationError\";\r\nimport { ClientAuthError } from \"../error/ClientAuthError\";\r\nimport { StringUtils } from \"../utils/StringUtils\";\r\nimport { IUri } from \"./IUri\";\r\nimport { AADAuthorityConstants, Constants } from \"../utils/Constants\";\r\n\r\n/**\r\n * Url object class which can perform various transformations on url strings.\r\n */\r\nexport class UrlString {\r\n\r\n // internal url string field\r\n private _urlString: string;\r\n public get urlString(): string {\r\n return this._urlString;\r\n }\r\n\r\n constructor(url: string) {\r\n this._urlString = url;\r\n if (StringUtils.isEmpty(this._urlString)) {\r\n // Throws error if url is empty\r\n throw ClientConfigurationError.createUrlEmptyError();\r\n }\r\n\r\n if (StringUtils.isEmpty(this.getHash())) {\r\n this._urlString = UrlString.canonicalizeUri(url);\r\n }\r\n }\r\n\r\n /**\r\n * Ensure urls are lower case and end with a / character.\r\n * @param url\r\n */\r\n static canonicalizeUri(url: string): string {\r\n if (url) {\r\n let lowerCaseUrl = url.toLowerCase();\r\n\r\n if (StringUtils.endsWith(lowerCaseUrl, \"?\")) {\r\n lowerCaseUrl = lowerCaseUrl.slice(0, -1);\r\n } else if (StringUtils.endsWith(lowerCaseUrl, \"?/\")) {\r\n lowerCaseUrl = lowerCaseUrl.slice(0, -2);\r\n }\r\n\r\n if (!StringUtils.endsWith(lowerCaseUrl, \"/\")) {\r\n lowerCaseUrl += \"/\";\r\n }\r\n\r\n return lowerCaseUrl;\r\n }\r\n\r\n return url;\r\n }\r\n\r\n /**\r\n * Throws if urlString passed is not a valid authority URI string.\r\n */\r\n validateAsUri(): void {\r\n // Attempts to parse url for uri components\r\n let components;\r\n try {\r\n components = this.getUrlComponents();\r\n } catch (e) {\r\n throw ClientConfigurationError.createUrlParseError(e);\r\n }\r\n\r\n // Throw error if URI or path segments are not parseable.\r\n if (!components.HostNameAndPort || !components.PathSegments) {\r\n throw ClientConfigurationError.createUrlParseError(`Given url string: ${this.urlString}`);\r\n }\r\n\r\n // Throw error if uri is insecure.\r\n if(!components.Protocol || components.Protocol.toLowerCase() !== \"https:\") {\r\n throw ClientConfigurationError.createInsecureAuthorityUriError(this.urlString);\r\n }\r\n }\r\n\r\n /**\r\n * Given a url and a query string return the url with provided query string appended\r\n * @param url\r\n * @param queryString\r\n */\r\n static appendQueryString(url: string, queryString: string): string {\r\n if (StringUtils.isEmpty(queryString)) {\r\n return url;\r\n }\r\n\r\n return url.indexOf(\"?\") < 0 ? `${url}?${queryString}` : `${url}&${queryString}`;\r\n }\r\n\r\n /**\r\n * Returns a url with the hash removed\r\n * @param url\r\n */\r\n static removeHashFromUrl(url: string): string {\r\n return UrlString.canonicalizeUri(url.split(\"#\")[0]);\r\n }\r\n\r\n /**\r\n * Given a url like https://a:b/common/d?e=f#g, and a tenantId, returns https://a:b/tenantId/d\r\n * @param href The url\r\n * @param tenantId The tenant id to replace\r\n */\r\n replaceTenantPath(tenantId: string): UrlString {\r\n const urlObject = this.getUrlComponents();\r\n const pathArray = urlObject.PathSegments;\r\n if (tenantId && (pathArray.length !== 0 && (pathArray[0] === AADAuthorityConstants.COMMON || pathArray[0] === AADAuthorityConstants.ORGANIZATIONS))) {\r\n pathArray[0] = tenantId;\r\n }\r\n return UrlString.constructAuthorityUriFromObject(urlObject);\r\n }\r\n\r\n /**\r\n * Returns the anchor part(#) of the URL\r\n */\r\n getHash(): string {\r\n return UrlString.parseHash(this.urlString);\r\n }\r\n\r\n /**\r\n * Parses out the components from a url string.\r\n * @returns An object with the various components. Please cache this value insted of calling this multiple times on the same url.\r\n */\r\n getUrlComponents(): IUri {\r\n // https://gist.github.com/curtisz/11139b2cfcaef4a261e0\r\n const regEx = RegExp(\"^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\\\?([^#]*))?(#(.*))?\");\r\n\r\n // If url string does not match regEx, we throw an error\r\n const match = this.urlString.match(regEx);\r\n if (!match) {\r\n throw ClientConfigurationError.createUrlParseError(`Given url string: ${this.urlString}`);\r\n }\r\n\r\n // Url component object\r\n const urlComponents = {\r\n Protocol: match[1],\r\n HostNameAndPort: match[4],\r\n AbsolutePath: match[5],\r\n QueryString: match[7]\r\n } as IUri;\r\n\r\n let pathSegments = urlComponents.AbsolutePath.split(\"/\");\r\n pathSegments = pathSegments.filter((val) => val && val.length > 0); // remove empty elements\r\n urlComponents.PathSegments = pathSegments;\r\n\r\n if (!StringUtils.isEmpty(urlComponents.QueryString) && urlComponents.QueryString.endsWith(\"/\")) {\r\n urlComponents.QueryString = urlComponents.QueryString.substring(0, urlComponents.QueryString.length-1);\r\n }\r\n return urlComponents;\r\n }\r\n\r\n static getDomainFromUrl(url: string): string {\r\n const regEx = RegExp(\"^([^:/?#]+://)?([^/?#]*)\");\r\n\r\n const match = url.match(regEx);\r\n\r\n if (!match) {\r\n throw ClientConfigurationError.createUrlParseError(`Given url string: ${url}`);\r\n }\r\n\r\n return match[2];\r\n }\r\n\r\n static getAbsoluteUrl(relativeUrl: string, baseUrl: string): string {\r\n if (relativeUrl[0] === Constants.FORWARD_SLASH) {\r\n const url = new UrlString(baseUrl);\r\n const baseComponents = url.getUrlComponents();\r\n\r\n return baseComponents.Protocol + \"//\" + baseComponents.HostNameAndPort + relativeUrl;\r\n }\r\n\r\n return relativeUrl;\r\n }\r\n\r\n /**\r\n * Parses hash string from given string. Returns empty string if no hash symbol is found.\r\n * @param hashString\r\n */\r\n static parseHash(hashString: string): string {\r\n const hashIndex1 = hashString.indexOf(\"#\");\r\n const hashIndex2 = hashString.indexOf(\"#/\");\r\n if (hashIndex2 > -1) {\r\n return hashString.substring(hashIndex2 + 2);\r\n } else if (hashIndex1 > -1) {\r\n return hashString.substring(hashIndex1 + 1);\r\n }\r\n return Constants.EMPTY_STRING;\r\n }\r\n\r\n /**\r\n * Parses query string from given string. Returns empty string if no query symbol is found.\r\n * @param queryString\r\n */\r\n static parseQueryString(queryString: string): string {\r\n const queryIndex1 = queryString.indexOf(\"?\");\r\n const queryIndex2 = queryString.indexOf(\"/?\");\r\n if (queryIndex2 > -1) {\r\n return queryString.substring(queryIndex2 + 2);\r\n } else if (queryIndex1 > -1) {\r\n return queryString.substring(queryIndex1 + 1);\r\n }\r\n return Constants.EMPTY_STRING;\r\n }\r\n\r\n static constructAuthorityUriFromObject(urlObject: IUri): UrlString {\r\n return new UrlString(urlObject.Protocol + \"//\" + urlObject.HostNameAndPort + \"/\" + urlObject.PathSegments.join(\"/\"));\r\n }\r\n\r\n /**\r\n * Returns URL hash as server auth code response object.\r\n */\r\n static getDeserializedHash(hash: string): ServerAuthorizationCodeResponse {\r\n // Check if given hash is empty\r\n if (StringUtils.isEmpty(hash)) {\r\n return {};\r\n }\r\n // Strip the # symbol if present\r\n const parsedHash = UrlString.parseHash(hash);\r\n // If # symbol was not present, above will return empty string, so give original hash value\r\n const deserializedHash: ServerAuthorizationCodeResponse = StringUtils.queryStringToObject(StringUtils.isEmpty(parsedHash) ? hash : parsedHash);\r\n // Check if deserialization didn't work\r\n if (!deserializedHash) {\r\n throw ClientAuthError.createHashNotDeserializedError(JSON.stringify(deserializedHash));\r\n }\r\n return deserializedHash;\r\n }\r\n\r\n /**\r\n * Returns URL query string as server auth code response object.\r\n */\r\n static getDeserializedQueryString(query: string): ServerAuthorizationCodeResponse {\r\n // Check if given query is empty\r\n if (StringUtils.isEmpty(query)) {\r\n return {};\r\n }\r\n // Strip the ? symbol if present\r\n const parsedQueryString = UrlString.parseQueryString(query);\r\n // If ? symbol was not present, above will return empty string, so give original query value\r\n const deserializedQueryString: ServerAuthorizationCodeResponse = StringUtils.queryStringToObject(StringUtils.isEmpty(parsedQueryString) ? query : parsedQueryString);\r\n // Check if deserialization didn't work\r\n if (!deserializedQueryString) {\r\n throw ClientAuthError.createHashNotDeserializedError(JSON.stringify(deserializedQueryString));\r\n }\r\n return deserializedQueryString;\r\n }\r\n\r\n /**\r\n * Check if the hash of the URL string contains known properties\r\n */\r\n static hashContainsKnownProperties(hash: string): boolean {\r\n if (StringUtils.isEmpty(hash) || hash.indexOf(\"=\") < 0) {\r\n // Hash doesn't contain key/value pairs\r\n return false;\r\n }\r\n\r\n const parameters: ServerAuthorizationCodeResponse = UrlString.getDeserializedHash(hash);\r\n return !!(\r\n parameters.code ||\r\n parameters.error_description ||\r\n parameters.error ||\r\n parameters.state\r\n );\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { InteractionType } from \"./BrowserConstants\";\r\nimport { StringUtils, ClientAuthError, ICrypto, RequestStateObject, ProtocolUtils, ServerAuthorizationCodeResponse, UrlString } from \"@azure/msal-common\";\r\n\r\nexport type BrowserStateObject = {\r\n interactionType: InteractionType\r\n};\r\n\r\nexport class BrowserProtocolUtils {\r\n\r\n /**\r\n * Extracts the BrowserStateObject from the state string.\r\n * @param browserCrypto \r\n * @param state \r\n */\r\n static extractBrowserRequestState(browserCrypto: ICrypto, state: string): BrowserStateObject | null {\r\n if (StringUtils.isEmpty(state)) {\r\n return null;\r\n }\r\n\r\n try {\r\n const requestStateObj: RequestStateObject = ProtocolUtils.parseRequestState(browserCrypto, state);\r\n return requestStateObj.libraryState.meta as BrowserStateObject;\r\n } catch (e) {\r\n throw ClientAuthError.createInvalidStateError(state, e);\r\n }\r\n }\r\n\r\n /**\r\n * Parses properties of server response from url hash\r\n * @param locationHash Hash from url\r\n */\r\n static parseServerResponseFromHash(locationHash: string): ServerAuthorizationCodeResponse {\r\n if (!locationHash) {\r\n return {};\r\n }\r\n \r\n const hashUrlString = new UrlString(locationHash);\r\n return UrlString.getDeserializedHash(hashUrlString.getHash());\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { Constants, PersistentCacheKeys, StringUtils, CommonAuthorizationCodeRequest, ICrypto, AccountEntity, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, CacheManager, ServerTelemetryEntity, ThrottlingEntity, ProtocolUtils, Logger, AuthorityMetadataEntity, DEFAULT_CRYPTO_IMPLEMENTATION, AccountInfo, ActiveAccountFilters, CcsCredential, CcsCredentialType, IdToken, ValidCredentialType, ClientAuthError, TokenKeys, CredentialType } from \"@azure/msal-common\";\r\nimport { CacheOptions } from \"../config/Configuration\";\r\nimport { BrowserAuthError } from \"../error/BrowserAuthError\";\r\nimport { BrowserCacheLocation, InteractionType, TemporaryCacheKeys, InMemoryCacheKeys, StaticCacheKeys } from \"../utils/BrowserConstants\";\r\nimport { BrowserStorage } from \"./BrowserStorage\";\r\nimport { MemoryStorage } from \"./MemoryStorage\";\r\nimport { IWindowStorage } from \"./IWindowStorage\";\r\nimport { BrowserProtocolUtils } from \"../utils/BrowserProtocolUtils\";\r\nimport { NativeTokenRequest } from \"../broker/nativeBroker/NativeRequest\";\r\n\r\n/**\r\n * This class implements the cache storage interface for MSAL through browser local or session storage.\r\n * Cookies are only used if storeAuthStateInCookie is true, and are only used for\r\n * parameters such as state and nonce, generally.\r\n */\r\nexport class BrowserCacheManager extends CacheManager {\r\n\r\n // Cache configuration, either set by user or default values.\r\n protected cacheConfig: Required;\r\n // Window storage object (either local or sessionStorage)\r\n protected browserStorage: IWindowStorage;\r\n // Internal in-memory storage object used for data used by msal that does not need to persist across page loads\r\n protected internalStorage: MemoryStorage;\r\n // Temporary cache\r\n protected temporaryCacheStorage: IWindowStorage;\r\n // Logger instance\r\n protected logger: Logger;\r\n\r\n // Cookie life calculation (hours * minutes * seconds * ms)\r\n protected readonly COOKIE_LIFE_MULTIPLIER = 24 * 60 * 60 * 1000;\r\n\r\n constructor(clientId: string, cacheConfig: Required, cryptoImpl: ICrypto, logger: Logger) {\r\n super(clientId, cryptoImpl, logger);\r\n this.cacheConfig = cacheConfig;\r\n this.logger = logger;\r\n this.internalStorage = new MemoryStorage();\r\n this.browserStorage = this.setupBrowserStorage(this.cacheConfig.cacheLocation);\r\n this.temporaryCacheStorage = this.setupTemporaryCacheStorage(this.cacheConfig.temporaryCacheLocation, this.cacheConfig.cacheLocation);\r\n\r\n // Migrate cache entries from older versions of MSAL.\r\n if (cacheConfig.cacheMigrationEnabled) {\r\n this.migrateCacheEntries();\r\n this.createKeyMaps();\r\n }\r\n }\r\n\r\n /**\r\n * Returns a window storage class implementing the IWindowStorage interface that corresponds to the configured cacheLocation.\r\n * @param cacheLocation\r\n */\r\n protected setupBrowserStorage(cacheLocation: BrowserCacheLocation | string): IWindowStorage {\r\n switch (cacheLocation) {\r\n case BrowserCacheLocation.LocalStorage:\r\n case BrowserCacheLocation.SessionStorage:\r\n try {\r\n return new BrowserStorage(cacheLocation);\r\n } catch (e) {\r\n this.logger.verbose(e);\r\n break;\r\n }\r\n case BrowserCacheLocation.MemoryStorage:\r\n default:\r\n break;\r\n }\r\n this.cacheConfig.cacheLocation = BrowserCacheLocation.MemoryStorage;\r\n return new MemoryStorage();\r\n }\r\n\r\n /**\r\n * Returns a window storage class implementing the IWindowStorage interface that corresponds to the configured temporaryCacheLocation.\r\n * @param temporaryCacheLocation\r\n * @param cacheLocation\r\n */\r\n protected setupTemporaryCacheStorage(temporaryCacheLocation: BrowserCacheLocation | string, cacheLocation: BrowserCacheLocation | string): IWindowStorage {\r\n switch (cacheLocation) {\r\n case BrowserCacheLocation.LocalStorage:\r\n case BrowserCacheLocation.SessionStorage:\r\n try {\r\n /*\r\n * When users do not explicitly choose their own temporaryCacheLocation, \r\n * temporary cache items will always be stored in session storage to mitigate problems caused by multiple tabs\r\n */\r\n return new BrowserStorage(temporaryCacheLocation || BrowserCacheLocation.SessionStorage);\r\n } catch (e) {\r\n this.logger.verbose(e);\r\n return this.internalStorage;\r\n }\r\n case BrowserCacheLocation.MemoryStorage:\r\n default:\r\n return this.internalStorage;\r\n }\r\n }\r\n\r\n /**\r\n * Migrate all old cache entries to new schema. No rollback supported.\r\n * @param storeAuthStateInCookie\r\n */\r\n protected migrateCacheEntries(): void {\r\n const idTokenKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ID_TOKEN}`;\r\n const clientInfoKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.CLIENT_INFO}`;\r\n const errorKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ERROR}`;\r\n const errorDescKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ERROR_DESC}`;\r\n\r\n const idTokenValue = this.browserStorage.getItem(idTokenKey);\r\n const clientInfoValue = this.browserStorage.getItem(clientInfoKey);\r\n const errorValue = this.browserStorage.getItem(errorKey);\r\n const errorDescValue = this.browserStorage.getItem(errorDescKey);\r\n\r\n const values = [idTokenValue, clientInfoValue, errorValue, errorDescValue];\r\n const keysToMigrate = [PersistentCacheKeys.ID_TOKEN, PersistentCacheKeys.CLIENT_INFO, PersistentCacheKeys.ERROR, PersistentCacheKeys.ERROR_DESC];\r\n\r\n keysToMigrate.forEach((cacheKey: string, index: number) => this.migrateCacheEntry(cacheKey, values[index]));\r\n }\r\n\r\n /**\r\n * Utility function to help with migration.\r\n * @param newKey\r\n * @param value\r\n * @param storeAuthStateInCookie\r\n */\r\n protected migrateCacheEntry(newKey: string, value: string | null): void {\r\n if (value) {\r\n this.setTemporaryCache(newKey, value, true);\r\n }\r\n }\r\n\r\n /**\r\n * Searches all cache entries for MSAL accounts and creates the account key map\r\n * This is used to migrate users from older versions of MSAL which did not create the map.\r\n * @returns \r\n */\r\n private createKeyMaps(): void {\r\n this.logger.trace(\"BrowserCacheManager - createKeyMaps called.\");\r\n const accountKeys = this.getItem(StaticCacheKeys.ACCOUNT_KEYS);\r\n const tokenKeys = this.getItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`);\r\n if (accountKeys && tokenKeys) {\r\n this.logger.verbose(\"BrowserCacheManager:createKeyMaps - account and token key maps already exist, skipping migration.\");\r\n // Key maps already exist, no need to iterate through cache\r\n return;\r\n }\r\n\r\n const allKeys = this.browserStorage.getKeys();\r\n allKeys.forEach((key) => {\r\n if (this.isCredentialKey(key)) {\r\n // Get item, parse, validate and write key to map\r\n const value = this.getItem(key);\r\n if (value) {\r\n const credObj = this.validateAndParseJson(value);\r\n if (credObj && credObj.hasOwnProperty(\"credentialType\")) {\r\n switch (credObj[\"credentialType\"]) {\r\n case CredentialType.ID_TOKEN:\r\n if (IdTokenEntity.isIdTokenEntity(credObj)) {\r\n this.logger.trace(\"BrowserCacheManager:createKeyMaps - idToken found, saving key to token key map\");\r\n this.logger.tracePii(`BrowserCacheManager:createKeyMaps - idToken with key: ${key} found, saving key to token key map`);\r\n const idTokenEntity = CacheManager.toObject(new IdTokenEntity(), credObj);\r\n const newKey = this.updateCredentialCacheKey(key, idTokenEntity);\r\n this.addTokenKey(newKey, CredentialType.ID_TOKEN);\r\n return;\r\n } else {\r\n this.logger.trace(\"BrowserCacheManager:createKeyMaps - key found matching idToken schema with value containing idToken credentialType field but value failed IdTokenEntity validation, skipping.\");\r\n this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed idToken validation on key: ${key}`);\r\n }\r\n break;\r\n case CredentialType.ACCESS_TOKEN:\r\n case CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME:\r\n if (AccessTokenEntity.isAccessTokenEntity(credObj)) {\r\n this.logger.trace(\"BrowserCacheManager:createKeyMaps - accessToken found, saving key to token key map\");\r\n this.logger.tracePii(`BrowserCacheManager:createKeyMaps - accessToken with key: ${key} found, saving key to token key map`);\r\n const accessTokenEntity = CacheManager.toObject(new AccessTokenEntity(), credObj);\r\n const newKey = this.updateCredentialCacheKey(key, accessTokenEntity);\r\n this.addTokenKey(newKey, CredentialType.ACCESS_TOKEN);\r\n return;\r\n } else {\r\n this.logger.trace(\"BrowserCacheManager:createKeyMaps - key found matching accessToken schema with value containing accessToken credentialType field but value failed AccessTokenEntity validation, skipping.\");\r\n this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed accessToken validation on key: ${key}`);\r\n }\r\n break;\r\n case CredentialType.REFRESH_TOKEN:\r\n if (RefreshTokenEntity.isRefreshTokenEntity(credObj)) {\r\n this.logger.trace(\"BrowserCacheManager:createKeyMaps - refreshToken found, saving key to token key map\");\r\n this.logger.tracePii(`BrowserCacheManager:createKeyMaps - refreshToken with key: ${key} found, saving key to token key map`);\r\n const refreshTokenEntity = CacheManager.toObject(new RefreshTokenEntity(), credObj);\r\n const newKey = this.updateCredentialCacheKey(key, refreshTokenEntity);\r\n this.addTokenKey(newKey, CredentialType.REFRESH_TOKEN);\r\n return;\r\n } else {\r\n this.logger.trace(\"BrowserCacheManager:createKeyMaps - key found matching refreshToken schema with value containing refreshToken credentialType field but value failed RefreshTokenEntity validation, skipping.\");\r\n this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed refreshToken validation on key: ${key}`);\r\n }\r\n break;\r\n default:\r\n // If credentialType isn't one of our predefined ones, it may not be an MSAL cache value. Ignore.\r\n }\r\n }\r\n }\r\n } \r\n \r\n if (this.isAccountKey(key)) {\r\n const value = this.getItem(key);\r\n if (value) {\r\n const accountObj = this.validateAndParseJson(value);\r\n if (accountObj && AccountEntity.isAccountEntity(accountObj)) {\r\n this.logger.trace(\"BrowserCacheManager:createKeyMaps - account found, saving key to account key map\");\r\n this.logger.tracePii(`BrowserCacheManager:createKeyMaps - account with key: ${key} found, saving key to account key map`);\r\n this.addAccountKeyToMap(key);\r\n }\r\n }\r\n }\r\n });\r\n }\r\n\r\n /**\r\n * Parses passed value as JSON object, JSON.parse() will throw an error.\r\n * @param input\r\n */\r\n protected validateAndParseJson(jsonValue: string): object | null {\r\n try {\r\n const parsedJson = JSON.parse(jsonValue);\r\n /**\r\n * There are edge cases in which JSON.parse will successfully parse a non-valid JSON object\r\n * (e.g. JSON.parse will parse an escaped string into an unescaped string), so adding a type check\r\n * of the parsed value is necessary in order to be certain that the string represents a valid JSON object.\r\n *\r\n */\r\n return (parsedJson && typeof parsedJson === \"object\") ? parsedJson : null;\r\n } catch (error) {\r\n return null;\r\n }\r\n }\r\n\r\n /**\r\n * fetches the entry from the browser storage based off the key\r\n * @param key\r\n */\r\n getItem(key: string): string | null {\r\n return this.browserStorage.getItem(key);\r\n }\r\n\r\n /**\r\n * sets the entry in the browser storage\r\n * @param key\r\n * @param value\r\n */\r\n setItem(key: string, value: string): void {\r\n this.browserStorage.setItem(key, value);\r\n }\r\n\r\n /**\r\n * fetch the account entity from the platform cache\r\n * @param accountKey\r\n */\r\n getAccount(accountKey: string): AccountEntity | null {\r\n this.logger.trace(\"BrowserCacheManager.getAccount called\");\r\n const account = this.getItem(accountKey);\r\n if (!account) {\r\n this.removeAccountKeyFromMap(accountKey);\r\n return null;\r\n }\r\n\r\n const parsedAccount = this.validateAndParseJson(account);\r\n if (!parsedAccount || !AccountEntity.isAccountEntity(parsedAccount)) {\r\n this.removeAccountKeyFromMap(accountKey);\r\n return null;\r\n }\r\n\r\n return CacheManager.toObject(new AccountEntity(), parsedAccount);\r\n }\r\n\r\n /**\r\n * set account entity in the platform cache\r\n * @param key\r\n * @param value\r\n */\r\n setAccount(account: AccountEntity): void {\r\n this.logger.trace(\"BrowserCacheManager.setAccount called\");\r\n const key = account.generateAccountKey();\r\n this.setItem(key, JSON.stringify(account));\r\n this.addAccountKeyToMap(key);\r\n }\r\n\r\n /**\r\n * Returns the array of account keys currently cached\r\n * @returns \r\n */\r\n getAccountKeys(): Array {\r\n this.logger.trace(\"BrowserCacheManager.getAccountKeys called\");\r\n const accountKeys = this.getItem(StaticCacheKeys.ACCOUNT_KEYS);\r\n if (accountKeys) {\r\n return JSON.parse(accountKeys);\r\n }\r\n\r\n this.logger.verbose(\"BrowserCacheManager.getAccountKeys - No account keys found\");\r\n return [];\r\n }\r\n\r\n /**\r\n * Add a new account to the key map\r\n * @param key \r\n */\r\n addAccountKeyToMap(key: string): void {\r\n this.logger.trace(\"BrowserCacheManager.addAccountKeyToMap called\");\r\n this.logger.tracePii(`BrowserCacheManager.addAccountKeyToMap called with key: ${key}`);\r\n const accountKeys = this.getAccountKeys();\r\n if (accountKeys.indexOf(key) === -1) {\r\n // Only add key if it does not already exist in the map\r\n accountKeys.push(key);\r\n this.setItem(StaticCacheKeys.ACCOUNT_KEYS, JSON.stringify(accountKeys));\r\n this.logger.verbose(\"BrowserCacheManager.addAccountKeyToMap account key added\");\r\n } else {\r\n this.logger.verbose(\"BrowserCacheManager.addAccountKeyToMap account key already exists in map\");\r\n }\r\n }\r\n\r\n /**\r\n * Remove an account from the key map\r\n * @param key \r\n */\r\n removeAccountKeyFromMap(key: string): void {\r\n this.logger.trace(\"BrowserCacheManager.removeAccountKeyFromMap called\");\r\n this.logger.tracePii(`BrowserCacheManager.removeAccountKeyFromMap called with key: ${key}`);\r\n const accountKeys = this.getAccountKeys();\r\n const removalIndex = accountKeys.indexOf(key);\r\n if (removalIndex > -1) {\r\n accountKeys.splice(removalIndex, 1);\r\n this.setItem(StaticCacheKeys.ACCOUNT_KEYS, JSON.stringify(accountKeys));\r\n this.logger.trace(\"BrowserCacheManager.removeAccountKeyFromMap account key removed\");\r\n } else {\r\n this.logger.trace(\"BrowserCacheManager.removeAccountKeyFromMap key not found in existing map\");\r\n }\r\n }\r\n\r\n /**\r\n * Extends inherited removeAccount function to include removal of the account key from the map\r\n * @param key \r\n */\r\n async removeAccount(key: string): Promise {\r\n super.removeAccount(key);\r\n this.removeAccountKeyFromMap(key);\r\n }\r\n\r\n /**\r\n * Removes given idToken from the cache and from the key map\r\n * @param key \r\n */\r\n removeIdToken(key: string): void {\r\n super.removeIdToken(key);\r\n this.removeTokenKey(key, CredentialType.ID_TOKEN);\r\n }\r\n\r\n /**\r\n * Removes given accessToken from the cache and from the key map\r\n * @param key \r\n */\r\n async removeAccessToken(key: string): Promise {\r\n super.removeAccessToken(key);\r\n this.removeTokenKey(key, CredentialType.ACCESS_TOKEN);\r\n }\r\n\r\n /**\r\n * Removes given refreshToken from the cache and from the key map\r\n * @param key \r\n */\r\n removeRefreshToken(key: string): void {\r\n super.removeRefreshToken(key);\r\n this.removeTokenKey(key, CredentialType.REFRESH_TOKEN);\r\n }\r\n\r\n /**\r\n * Gets the keys for the cached tokens associated with this clientId\r\n * @returns \r\n */\r\n getTokenKeys(): TokenKeys {\r\n this.logger.trace(\"BrowserCacheManager.getTokenKeys called\");\r\n const item = this.getItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`);\r\n if (item) {\r\n const tokenKeys = this.validateAndParseJson(item);\r\n if (tokenKeys && \r\n tokenKeys.hasOwnProperty(\"idToken\") &&\r\n tokenKeys.hasOwnProperty(\"accessToken\") &&\r\n tokenKeys.hasOwnProperty(\"refreshToken\")\r\n ) {\r\n return tokenKeys as TokenKeys;\r\n } else {\r\n this.logger.error(\"BrowserCacheManager.getTokenKeys - Token keys found but in an unknown format. Returning empty key map.\");\r\n }\r\n } else {\r\n this.logger.verbose(\"BrowserCacheManager.getTokenKeys - No token keys found\");\r\n }\r\n\r\n return {\r\n idToken: [],\r\n accessToken: [],\r\n refreshToken: []\r\n };\r\n }\r\n\r\n /**\r\n * Adds the given key to the token key map\r\n * @param key \r\n * @param type \r\n */\r\n addTokenKey(key: string, type: CredentialType): void {\r\n this.logger.trace(\"BrowserCacheManager addTokenKey called\");\r\n const tokenKeys = this.getTokenKeys();\r\n\r\n switch (type) {\r\n case CredentialType.ID_TOKEN:\r\n if (tokenKeys.idToken.indexOf(key) === -1) {\r\n this.logger.info(\"BrowserCacheManager: addTokenKey - idToken added to map\");\r\n tokenKeys.idToken.push(key);\r\n }\r\n break;\r\n case CredentialType.ACCESS_TOKEN:\r\n if (tokenKeys.accessToken.indexOf(key) === -1) {\r\n this.logger.info(\"BrowserCacheManager: addTokenKey - accessToken added to map\");\r\n tokenKeys.accessToken.push(key);\r\n }\r\n break;\r\n case CredentialType.REFRESH_TOKEN:\r\n if (tokenKeys.refreshToken.indexOf(key) === -1) {\r\n this.logger.info(\"BrowserCacheManager: addTokenKey - refreshToken added to map\");\r\n tokenKeys.refreshToken.push(key);\r\n }\r\n break;\r\n default:\r\n this.logger.error(`BrowserCacheManager:addTokenKey - CredentialType provided invalid. CredentialType: ${type}`);\r\n ClientAuthError.createUnexpectedCredentialTypeError();\r\n }\r\n\r\n this.setItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`, JSON.stringify(tokenKeys));\r\n }\r\n\r\n /**\r\n * Removes the given key from the token key map\r\n * @param key \r\n * @param type \r\n */\r\n removeTokenKey(key: string, type: CredentialType): void {\r\n this.logger.trace(\"BrowserCacheManager removeTokenKey called\");\r\n const tokenKeys = this.getTokenKeys();\r\n\r\n switch (type) {\r\n case CredentialType.ID_TOKEN:\r\n this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove idToken with key: ${key} from map`);\r\n const idRemoval = tokenKeys.idToken.indexOf(key);\r\n if (idRemoval > -1) {\r\n this.logger.info(\"BrowserCacheManager: removeTokenKey - idToken removed from map\");\r\n tokenKeys.idToken.splice(idRemoval, 1);\r\n } else {\r\n this.logger.info(\"BrowserCacheManager: removeTokenKey - idToken does not exist in map. Either it was previously removed or it was never added.\");\r\n }\r\n break;\r\n case CredentialType.ACCESS_TOKEN:\r\n this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove accessToken with key: ${key} from map`);\r\n const accessRemoval = tokenKeys.accessToken.indexOf(key);\r\n if (accessRemoval > -1) {\r\n this.logger.info(\"BrowserCacheManager: removeTokenKey - accessToken removed from map\");\r\n tokenKeys.accessToken.splice(accessRemoval, 1);\r\n } else {\r\n this.logger.info(\"BrowserCacheManager: removeTokenKey - accessToken does not exist in map. Either it was previously removed or it was never added.\");\r\n }\r\n break;\r\n case CredentialType.REFRESH_TOKEN:\r\n this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove refreshToken with key: ${key} from map`);\r\n const refreshRemoval = tokenKeys.refreshToken.indexOf(key);\r\n if (refreshRemoval > -1) {\r\n this.logger.info(\"BrowserCacheManager: removeTokenKey - refreshToken removed from map\");\r\n tokenKeys.refreshToken.splice(refreshRemoval, 1);\r\n } else {\r\n this.logger.info(\"BrowserCacheManager: removeTokenKey - refreshToken does not exist in map. Either it was previously removed or it was never added.\");\r\n }\r\n break;\r\n default:\r\n this.logger.error(`BrowserCacheManager:removeTokenKey - CredentialType provided invalid. CredentialType: ${type}`);\r\n ClientAuthError.createUnexpectedCredentialTypeError();\r\n }\r\n\r\n this.setItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`, JSON.stringify(tokenKeys));\r\n }\r\n\r\n /**\r\n * generates idToken entity from a string\r\n * @param idTokenKey\r\n */\r\n getIdTokenCredential(idTokenKey: string): IdTokenEntity | null {\r\n const value = this.getItem(idTokenKey);\r\n if (!value) {\r\n this.logger.trace(\"BrowserCacheManager.getIdTokenCredential: called, no cache hit\");\r\n this.removeTokenKey(idTokenKey, CredentialType.ID_TOKEN);\r\n return null;\r\n }\r\n\r\n const parsedIdToken = this.validateAndParseJson(value);\r\n if (!parsedIdToken || !IdTokenEntity.isIdTokenEntity(parsedIdToken)) {\r\n this.logger.trace(\"BrowserCacheManager.getIdTokenCredential: called, no cache hit\");\r\n this.removeTokenKey(idTokenKey, CredentialType.ID_TOKEN);\r\n return null;\r\n }\r\n\r\n this.logger.trace(\"BrowserCacheManager.getIdTokenCredential: cache hit\");\r\n return CacheManager.toObject(new IdTokenEntity(), parsedIdToken);\r\n }\r\n\r\n /**\r\n * set IdToken credential to the platform cache\r\n * @param idToken\r\n */\r\n setIdTokenCredential(idToken: IdTokenEntity): void {\r\n this.logger.trace(\"BrowserCacheManager.setIdTokenCredential called\");\r\n const idTokenKey = idToken.generateCredentialKey();\r\n\r\n this.setItem(idTokenKey, JSON.stringify(idToken));\r\n\r\n this.addTokenKey(idTokenKey, CredentialType.ID_TOKEN);\r\n }\r\n\r\n /**\r\n * generates accessToken entity from a string\r\n * @param key\r\n */\r\n getAccessTokenCredential(accessTokenKey: string): AccessTokenEntity | null {\r\n const value = this.getItem(accessTokenKey);\r\n if (!value) {\r\n this.logger.trace(\"BrowserCacheManager.getAccessTokenCredential: called, no cache hit\");\r\n this.removeTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN);\r\n return null;\r\n }\r\n const parsedAccessToken = this.validateAndParseJson(value);\r\n if (!parsedAccessToken || !AccessTokenEntity.isAccessTokenEntity(parsedAccessToken)) {\r\n this.logger.trace(\"BrowserCacheManager.getAccessTokenCredential: called, no cache hit\");\r\n this.removeTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN);\r\n return null;\r\n }\r\n\r\n this.logger.trace(\"BrowserCacheManager.getAccessTokenCredential: cache hit\");\r\n return CacheManager.toObject(new AccessTokenEntity(), parsedAccessToken);\r\n }\r\n\r\n /**\r\n * set accessToken credential to the platform cache\r\n * @param accessToken\r\n */\r\n setAccessTokenCredential(accessToken: AccessTokenEntity): void {\r\n this.logger.trace(\"BrowserCacheManager.setAccessTokenCredential called\");\r\n const accessTokenKey = accessToken.generateCredentialKey();\r\n this.setItem(accessTokenKey, JSON.stringify(accessToken));\r\n\r\n this.addTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN);\r\n }\r\n\r\n /**\r\n * generates refreshToken entity from a string\r\n * @param refreshTokenKey\r\n */\r\n getRefreshTokenCredential(refreshTokenKey: string): RefreshTokenEntity | null {\r\n const value = this.getItem(refreshTokenKey);\r\n if (!value) {\r\n this.logger.trace(\"BrowserCacheManager.getRefreshTokenCredential: called, no cache hit\");\r\n this.removeTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN);\r\n return null;\r\n }\r\n const parsedRefreshToken = this.validateAndParseJson(value);\r\n if (!parsedRefreshToken || !RefreshTokenEntity.isRefreshTokenEntity(parsedRefreshToken)) {\r\n this.logger.trace(\"BrowserCacheManager.getRefreshTokenCredential: called, no cache hit\");\r\n this.removeTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN);\r\n return null;\r\n }\r\n\r\n this.logger.trace(\"BrowserCacheManager.getRefreshTokenCredential: cache hit\");\r\n return CacheManager.toObject(new RefreshTokenEntity(), parsedRefreshToken);\r\n }\r\n\r\n /**\r\n * set refreshToken credential to the platform cache\r\n * @param refreshToken\r\n */\r\n setRefreshTokenCredential(refreshToken: RefreshTokenEntity): void {\r\n this.logger.trace(\"BrowserCacheManager.setRefreshTokenCredential called\");\r\n const refreshTokenKey = refreshToken.generateCredentialKey();\r\n this.setItem(refreshTokenKey, JSON.stringify(refreshToken));\r\n\r\n this.addTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN);\r\n }\r\n\r\n /**\r\n * fetch appMetadata entity from the platform cache\r\n * @param appMetadataKey\r\n */\r\n getAppMetadata(appMetadataKey: string): AppMetadataEntity | null {\r\n const value = this.getItem(appMetadataKey);\r\n if (!value) {\r\n this.logger.trace(\"BrowserCacheManager.getAppMetadata: called, no cache hit\");\r\n return null;\r\n }\r\n\r\n const parsedMetadata = this.validateAndParseJson(value);\r\n if (!parsedMetadata || !AppMetadataEntity.isAppMetadataEntity(appMetadataKey, parsedMetadata)) {\r\n this.logger.trace(\"BrowserCacheManager.getAppMetadata: called, no cache hit\");\r\n return null;\r\n }\r\n\r\n this.logger.trace(\"BrowserCacheManager.getAppMetadata: cache hit\");\r\n return CacheManager.toObject(new AppMetadataEntity(), parsedMetadata);\r\n }\r\n\r\n /**\r\n * set appMetadata entity to the platform cache\r\n * @param appMetadata\r\n */\r\n setAppMetadata(appMetadata: AppMetadataEntity): void {\r\n this.logger.trace(\"BrowserCacheManager.setAppMetadata called\");\r\n const appMetadataKey = appMetadata.generateAppMetadataKey();\r\n this.setItem(appMetadataKey, JSON.stringify(appMetadata));\r\n }\r\n\r\n /**\r\n * fetch server telemetry entity from the platform cache\r\n * @param serverTelemetryKey\r\n */\r\n getServerTelemetry(serverTelemetryKey: string): ServerTelemetryEntity | null {\r\n const value = this.getItem(serverTelemetryKey);\r\n if (!value) {\r\n this.logger.trace(\"BrowserCacheManager.getServerTelemetry: called, no cache hit\");\r\n return null;\r\n }\r\n const parsedMetadata = this.validateAndParseJson(value);\r\n if (!parsedMetadata || !ServerTelemetryEntity.isServerTelemetryEntity(serverTelemetryKey, parsedMetadata)) {\r\n this.logger.trace(\"BrowserCacheManager.getServerTelemetry: called, no cache hit\");\r\n return null;\r\n }\r\n\r\n this.logger.trace(\"BrowserCacheManager.getServerTelemetry: cache hit\");\r\n return CacheManager.toObject(new ServerTelemetryEntity(), parsedMetadata);\r\n }\r\n\r\n /**\r\n * set server telemetry entity to the platform cache\r\n * @param serverTelemetryKey\r\n * @param serverTelemetry\r\n */\r\n setServerTelemetry(serverTelemetryKey: string, serverTelemetry: ServerTelemetryEntity): void {\r\n this.logger.trace(\"BrowserCacheManager.setServerTelemetry called\");\r\n this.setItem(serverTelemetryKey, JSON.stringify(serverTelemetry));\r\n }\r\n\r\n /**\r\n *\r\n */\r\n getAuthorityMetadata(key: string): AuthorityMetadataEntity | null {\r\n const value = this.internalStorage.getItem(key);\r\n if (!value) {\r\n this.logger.trace(\"BrowserCacheManager.getAuthorityMetadata: called, no cache hit\");\r\n return null;\r\n }\r\n const parsedMetadata = this.validateAndParseJson(value);\r\n if (parsedMetadata && AuthorityMetadataEntity.isAuthorityMetadataEntity(key, parsedMetadata)) {\r\n this.logger.trace(\"BrowserCacheManager.getAuthorityMetadata: cache hit\");\r\n return CacheManager.toObject(new AuthorityMetadataEntity(), parsedMetadata);\r\n }\r\n return null;\r\n }\r\n\r\n /**\r\n *\r\n */\r\n getAuthorityMetadataKeys(): Array {\r\n const allKeys = this.internalStorage.getKeys();\r\n return allKeys.filter((key) => {\r\n return this.isAuthorityMetadata(key);\r\n });\r\n }\r\n\r\n /**\r\n * Sets wrapper metadata in memory\r\n * @param wrapperSKU\r\n * @param wrapperVersion\r\n */\r\n setWrapperMetadata(wrapperSKU: string, wrapperVersion: string): void {\r\n this.internalStorage.setItem(InMemoryCacheKeys.WRAPPER_SKU, wrapperSKU);\r\n this.internalStorage.setItem(InMemoryCacheKeys.WRAPPER_VER, wrapperVersion);\r\n }\r\n\r\n /**\r\n * Returns wrapper metadata from in-memory storage\r\n */\r\n getWrapperMetadata(): [string, string] {\r\n const sku = this.internalStorage.getItem(InMemoryCacheKeys.WRAPPER_SKU) || Constants.EMPTY_STRING;\r\n const version = this.internalStorage.getItem(InMemoryCacheKeys.WRAPPER_VER) || Constants.EMPTY_STRING;\r\n return [sku, version];\r\n }\r\n\r\n /**\r\n *\r\n * @param entity\r\n */\r\n setAuthorityMetadata(key: string, entity: AuthorityMetadataEntity): void {\r\n this.logger.trace(\"BrowserCacheManager.setAuthorityMetadata called\");\r\n this.internalStorage.setItem(key, JSON.stringify(entity));\r\n }\r\n\r\n /**\r\n * Gets the active account\r\n */\r\n getActiveAccount(): AccountInfo | null {\r\n const activeAccountKeyFilters = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS);\r\n const activeAccountValueFilters = this.getItem(activeAccountKeyFilters);\r\n if (!activeAccountValueFilters) {\r\n // if new active account cache type isn't found, it's an old version, so look for that instead\r\n this.logger.trace(\"BrowserCacheManager.getActiveAccount: No active account filters cache schema found, looking for legacy schema\");\r\n const activeAccountKeyLocal = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT);\r\n const activeAccountValueLocal = this.getItem(activeAccountKeyLocal);\r\n if (!activeAccountValueLocal) {\r\n this.logger.trace(\"BrowserCacheManager.getActiveAccount: No active account found\");\r\n return null;\r\n }\r\n const activeAccount = this.getAccountInfoByFilter({ localAccountId: activeAccountValueLocal })[0] || null;\r\n if (activeAccount) {\r\n this.logger.trace(\"BrowserCacheManager.getActiveAccount: Legacy active account cache schema found\");\r\n this.logger.trace(\"BrowserCacheManager.getActiveAccount: Adding active account filters cache schema\");\r\n this.setActiveAccount(activeAccount);\r\n return activeAccount;\r\n }\r\n return null;\r\n }\r\n const activeAccountValueObj = this.validateAndParseJson(activeAccountValueFilters) as AccountInfo;\r\n if (activeAccountValueObj) {\r\n this.logger.trace(\"BrowserCacheManager.getActiveAccount: Active account filters schema found\");\r\n return this.getAccountInfoByFilter({\r\n homeAccountId: activeAccountValueObj.homeAccountId,\r\n localAccountId: activeAccountValueObj.localAccountId\r\n })[0] || null;\r\n }\r\n this.logger.trace(\"BrowserCacheManager.getActiveAccount: No active account found\");\r\n return null;\r\n }\r\n\r\n /**\r\n * Sets the active account's localAccountId in cache\r\n * @param account\r\n */\r\n setActiveAccount(account: AccountInfo | null): void {\r\n const activeAccountKey = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS);\r\n const activeAccountKeyLocal = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT);\r\n if (account) {\r\n this.logger.verbose(\"setActiveAccount: Active account set\");\r\n const activeAccountValue: ActiveAccountFilters = {\r\n homeAccountId: account.homeAccountId,\r\n localAccountId: account.localAccountId\r\n };\r\n this.browserStorage.setItem(activeAccountKey, JSON.stringify(activeAccountValue));\r\n this.browserStorage.setItem(activeAccountKeyLocal, account.localAccountId);\r\n } else {\r\n this.logger.verbose(\"setActiveAccount: No account passed, active account not set\");\r\n this.browserStorage.removeItem(activeAccountKey);\r\n this.browserStorage.removeItem(activeAccountKeyLocal);\r\n }\r\n }\r\n\r\n /**\r\n * Gets a list of accounts that match all of the filters provided\r\n * @param account\r\n */\r\n getAccountInfoByFilter(accountFilter: Partial>): AccountInfo[] {\r\n const allAccounts = this.getAllAccounts();\r\n this.logger.trace(`BrowserCacheManager.getAccountInfoByFilter: total ${allAccounts.length} accounts found`);\r\n\r\n return allAccounts.filter((accountObj) => {\r\n if (accountFilter.username && accountFilter.username.toLowerCase() !== accountObj.username.toLowerCase()) {\r\n return false;\r\n }\r\n\r\n if (accountFilter.homeAccountId && accountFilter.homeAccountId !== accountObj.homeAccountId) {\r\n return false;\r\n }\r\n\r\n if (accountFilter.localAccountId && accountFilter.localAccountId !== accountObj.localAccountId) {\r\n return false;\r\n }\r\n\r\n if (accountFilter.tenantId && accountFilter.tenantId !== accountObj.tenantId) {\r\n return false;\r\n }\r\n\r\n if (accountFilter.environment && accountFilter.environment !== accountObj.environment) {\r\n return false;\r\n }\r\n\r\n return true;\r\n });\r\n }\r\n\r\n /**\r\n * Checks the cache for accounts matching loginHint or SID\r\n * @param loginHint\r\n * @param sid\r\n */\r\n getAccountInfoByHints(loginHint?: string, sid?: string): AccountInfo | null {\r\n const matchingAccounts = this.getAllAccounts().filter((accountInfo) => {\r\n if (sid) {\r\n const accountSid = accountInfo.idTokenClaims && accountInfo.idTokenClaims[\"sid\"];\r\n return sid === accountSid;\r\n }\r\n\r\n if (loginHint) {\r\n return loginHint === accountInfo.username;\r\n }\r\n\r\n return false;\r\n });\r\n\r\n if (matchingAccounts.length === 1) {\r\n return matchingAccounts[0];\r\n } else if (matchingAccounts.length > 1) {\r\n throw ClientAuthError.createMultipleMatchingAccountsInCacheError();\r\n }\r\n\r\n return null;\r\n }\r\n\r\n /**\r\n * fetch throttling entity from the platform cache\r\n * @param throttlingCacheKey\r\n */\r\n getThrottlingCache(throttlingCacheKey: string): ThrottlingEntity | null {\r\n const value = this.getItem(throttlingCacheKey);\r\n if (!value) {\r\n this.logger.trace(\"BrowserCacheManager.getThrottlingCache: called, no cache hit\");\r\n return null;\r\n }\r\n\r\n const parsedThrottlingCache = this.validateAndParseJson(value);\r\n if (!parsedThrottlingCache || !ThrottlingEntity.isThrottlingEntity(throttlingCacheKey, parsedThrottlingCache)) {\r\n this.logger.trace(\"BrowserCacheManager.getThrottlingCache: called, no cache hit\");\r\n return null;\r\n }\r\n\r\n this.logger.trace(\"BrowserCacheManager.getThrottlingCache: cache hit\");\r\n return CacheManager.toObject(new ThrottlingEntity(), parsedThrottlingCache);\r\n }\r\n\r\n /**\r\n * set throttling entity to the platform cache\r\n * @param throttlingCacheKey\r\n * @param throttlingCache\r\n */\r\n setThrottlingCache(throttlingCacheKey: string, throttlingCache: ThrottlingEntity): void {\r\n this.logger.trace(\"BrowserCacheManager.setThrottlingCache called\");\r\n this.setItem(throttlingCacheKey, JSON.stringify(throttlingCache));\r\n }\r\n\r\n /**\r\n * Gets cache item with given key.\r\n * Will retrieve from cookies if storeAuthStateInCookie is set to true.\r\n * @param key\r\n */\r\n getTemporaryCache(cacheKey: string, generateKey?: boolean): string | null {\r\n const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey;\r\n if (this.cacheConfig.storeAuthStateInCookie) {\r\n const itemCookie = this.getItemCookie(key);\r\n if (itemCookie) {\r\n this.logger.trace(\"BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies\");\r\n return itemCookie;\r\n }\r\n }\r\n\r\n const value = this.temporaryCacheStorage.getItem(key);\r\n if (!value) {\r\n // If temp cache item not found in session/memory, check local storage for items set by old versions\r\n if (this.cacheConfig.cacheLocation === BrowserCacheLocation.LocalStorage) {\r\n const item = this.browserStorage.getItem(key);\r\n if (item) {\r\n this.logger.trace(\"BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage\");\r\n return item;\r\n }\r\n }\r\n this.logger.trace(\"BrowserCacheManager.getTemporaryCache: No cache item found in local storage\");\r\n return null;\r\n }\r\n this.logger.trace(\"BrowserCacheManager.getTemporaryCache: Temporary cache item returned\");\r\n return value;\r\n }\r\n\r\n /**\r\n * Sets the cache item with the key and value given.\r\n * Stores in cookie if storeAuthStateInCookie is set to true.\r\n * This can cause cookie overflow if used incorrectly.\r\n * @param key\r\n * @param value\r\n */\r\n setTemporaryCache(cacheKey: string, value: string, generateKey?: boolean): void {\r\n const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey;\r\n\r\n this.temporaryCacheStorage.setItem(key, value);\r\n if (this.cacheConfig.storeAuthStateInCookie) {\r\n this.logger.trace(\"BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie\");\r\n this.setItemCookie(key, value);\r\n }\r\n }\r\n\r\n /**\r\n * Removes the cache item with the given key.\r\n * Will also clear the cookie item if storeAuthStateInCookie is set to true.\r\n * @param key\r\n */\r\n removeItem(key: string): void {\r\n this.browserStorage.removeItem(key);\r\n this.temporaryCacheStorage.removeItem(key);\r\n if (this.cacheConfig.storeAuthStateInCookie) {\r\n this.logger.trace(\"BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie\");\r\n this.clearItemCookie(key);\r\n }\r\n }\r\n\r\n /**\r\n * Checks whether key is in cache.\r\n * @param key\r\n */\r\n containsKey(key: string): boolean {\r\n return this.browserStorage.containsKey(key) || this.temporaryCacheStorage.containsKey(key);\r\n }\r\n\r\n /**\r\n * Gets all keys in window.\r\n */\r\n getKeys(): string[] {\r\n return [\r\n ...this.browserStorage.getKeys(),\r\n ...this.temporaryCacheStorage.getKeys()\r\n ];\r\n }\r\n\r\n /**\r\n * Clears all cache entries created by MSAL.\r\n */\r\n async clear(): Promise {\r\n // Removes all accounts and their credentials\r\n await this.removeAllAccounts();\r\n this.removeAppMetadata();\r\n\r\n // Removes all remaining MSAL cache items\r\n this.getKeys().forEach((cacheKey: string) => {\r\n // Check if key contains msal prefix; For now, we are clearing all the cache items created by MSAL.js\r\n if ((this.browserStorage.containsKey(cacheKey) || this.temporaryCacheStorage.containsKey(cacheKey)) && ((cacheKey.indexOf(Constants.CACHE_PREFIX) !== -1) || (cacheKey.indexOf(this.clientId) !== -1))) {\r\n this.removeItem(cacheKey);\r\n }\r\n });\r\n\r\n this.internalStorage.clear();\r\n }\r\n\r\n /**\r\n * Clears all access tokes that have claims prior to saving the current one\r\n * @param credential \r\n * @returns \r\n */\r\n async clearTokensAndKeysWithClaims(): Promise {\r\n\r\n this.logger.trace(\"BrowserCacheManager.clearTokensAndKeysWithClaims called\");\r\n const tokenKeys = this.getTokenKeys();\r\n \r\n const removedAccessTokens: Array> = [];\r\n tokenKeys.accessToken.forEach((key: string) => {\r\n // if the access token has claims in its key, remove the token key and the token\r\n const credential = this.getAccessTokenCredential(key);\r\n if(credential?.requestedClaimsHash && key.includes(credential.requestedClaimsHash.toLowerCase())) {\r\n removedAccessTokens.push(this.removeAccessToken(key));\r\n }\r\n });\r\n await Promise.all(removedAccessTokens);\r\n\r\n // warn if any access tokens are removed\r\n if(removedAccessTokens.length > 0) {\r\n this.logger.warning(`${removedAccessTokens.length} access tokens with claims in the cache keys have been removed from the cache.`);\r\n }\r\n }\r\n\r\n /**\r\n * Add value to cookies\r\n * @param cookieName\r\n * @param cookieValue\r\n * @param expires\r\n */\r\n setItemCookie(cookieName: string, cookieValue: string, expires?: number): void {\r\n let cookieStr = `${encodeURIComponent(cookieName)}=${encodeURIComponent(cookieValue)};path=/;SameSite=Lax;`;\r\n if (expires) {\r\n const expireTime = this.getCookieExpirationTime(expires);\r\n cookieStr += `expires=${expireTime};`;\r\n }\r\n\r\n if (this.cacheConfig.secureCookies) {\r\n cookieStr += \"Secure;\";\r\n }\r\n\r\n document.cookie = cookieStr;\r\n }\r\n\r\n /**\r\n * Get one item by key from cookies\r\n * @param cookieName\r\n */\r\n getItemCookie(cookieName: string): string {\r\n const name = `${encodeURIComponent(cookieName)}=`;\r\n const cookieList = document.cookie.split(\";\");\r\n for (let i: number = 0; i < cookieList.length; i++) {\r\n let cookie = cookieList[i];\r\n while (cookie.charAt(0) === \" \") {\r\n cookie = cookie.substring(1);\r\n }\r\n if (cookie.indexOf(name) === 0) {\r\n return decodeURIComponent(cookie.substring(name.length, cookie.length));\r\n }\r\n }\r\n return Constants.EMPTY_STRING;\r\n }\r\n\r\n /**\r\n * Clear all msal-related cookies currently set in the browser. Should only be used to clear temporary cache items.\r\n */\r\n clearMsalCookies(): void {\r\n const cookiePrefix = `${Constants.CACHE_PREFIX}.${this.clientId}`;\r\n const cookieList = document.cookie.split(\";\");\r\n cookieList.forEach((cookie: string): void => {\r\n while (cookie.charAt(0) === \" \") {\r\n // eslint-disable-next-line no-param-reassign\r\n cookie = cookie.substring(1);\r\n }\r\n if (cookie.indexOf(cookiePrefix) === 0) {\r\n const cookieKey = cookie.split(\"=\")[0];\r\n this.clearItemCookie(cookieKey);\r\n }\r\n });\r\n }\r\n\r\n /**\r\n * Clear an item in the cookies by key\r\n * @param cookieName\r\n */\r\n clearItemCookie(cookieName: string): void {\r\n this.setItemCookie(cookieName, Constants.EMPTY_STRING, -1);\r\n }\r\n\r\n /**\r\n * Get cookie expiration time\r\n * @param cookieLifeDays\r\n */\r\n getCookieExpirationTime(cookieLifeDays: number): string {\r\n const today = new Date();\r\n const expr = new Date(today.getTime() + cookieLifeDays * this.COOKIE_LIFE_MULTIPLIER);\r\n return expr.toUTCString();\r\n }\r\n\r\n /**\r\n * Gets the cache object referenced by the browser\r\n */\r\n getCache(): object {\r\n return this.browserStorage;\r\n }\r\n\r\n /**\r\n * interface compat, we cannot overwrite browser cache; Functionality is supported by individual entities in browser\r\n */\r\n setCache(): void {\r\n // sets nothing\r\n }\r\n\r\n /**\r\n * Prepend msal. to each key; Skip for any JSON object as Key (defined schemas do not need the key appended: AccessToken Keys or the upcoming schema)\r\n * @param key\r\n * @param addInstanceId\r\n */\r\n generateCacheKey(key: string): string {\r\n const generatedKey = this.validateAndParseJson(key);\r\n if (!generatedKey) {\r\n if (StringUtils.startsWith(key, Constants.CACHE_PREFIX) || StringUtils.startsWith(key, PersistentCacheKeys.ADAL_ID_TOKEN)) {\r\n return key;\r\n }\r\n return `${Constants.CACHE_PREFIX}.${this.clientId}.${key}`;\r\n }\r\n\r\n return JSON.stringify(key);\r\n }\r\n\r\n /**\r\n * Create authorityKey to cache authority\r\n * @param state\r\n */\r\n generateAuthorityKey(stateString: string): string {\r\n const {\r\n libraryState: {\r\n id: stateId\r\n }\r\n } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString);\r\n\r\n return this.generateCacheKey(`${TemporaryCacheKeys.AUTHORITY}.${stateId}`);\r\n }\r\n\r\n /**\r\n * Create Nonce key to cache nonce\r\n * @param state\r\n */\r\n generateNonceKey(stateString: string): string {\r\n const {\r\n libraryState: {\r\n id: stateId\r\n }\r\n } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString);\r\n\r\n return this.generateCacheKey(`${TemporaryCacheKeys.NONCE_IDTOKEN}.${stateId}`);\r\n }\r\n\r\n /**\r\n * Creates full cache key for the request state\r\n * @param stateString State string for the request\r\n */\r\n generateStateKey(stateString: string): string {\r\n // Use the library state id to key temp storage for uniqueness for multiple concurrent requests\r\n const {\r\n libraryState: {\r\n id: stateId\r\n }\r\n } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString);\r\n return this.generateCacheKey(`${TemporaryCacheKeys.REQUEST_STATE}.${stateId}`);\r\n }\r\n\r\n /**\r\n * Gets the cached authority based on the cached state. Returns empty if no cached state found.\r\n */\r\n getCachedAuthority(cachedState: string): string | null {\r\n const stateCacheKey = this.generateStateKey(cachedState);\r\n const state = this.getTemporaryCache(stateCacheKey);\r\n if (!state) {\r\n return null;\r\n }\r\n\r\n const authorityCacheKey = this.generateAuthorityKey(state);\r\n return this.getTemporaryCache(authorityCacheKey);\r\n }\r\n\r\n /**\r\n * Updates account, authority, and state in cache\r\n * @param serverAuthenticationRequest\r\n * @param account\r\n */\r\n updateCacheEntries(state: string, nonce: string, authorityInstance: string, loginHint: string, account: AccountInfo | null): void {\r\n this.logger.trace(\"BrowserCacheManager.updateCacheEntries called\");\r\n // Cache the request state\r\n const stateCacheKey = this.generateStateKey(state);\r\n this.setTemporaryCache(stateCacheKey, state, false);\r\n\r\n // Cache the nonce\r\n const nonceCacheKey = this.generateNonceKey(state);\r\n this.setTemporaryCache(nonceCacheKey, nonce, false);\r\n\r\n // Cache authorityKey\r\n const authorityCacheKey = this.generateAuthorityKey(state);\r\n this.setTemporaryCache(authorityCacheKey, authorityInstance, false);\r\n\r\n if (account) {\r\n const ccsCredential: CcsCredential = {\r\n credential: account.homeAccountId,\r\n type: CcsCredentialType.HOME_ACCOUNT_ID\r\n };\r\n this.setTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, JSON.stringify(ccsCredential), true);\r\n } else if (!StringUtils.isEmpty(loginHint)) {\r\n const ccsCredential: CcsCredential = {\r\n credential: loginHint,\r\n type: CcsCredentialType.UPN\r\n };\r\n this.setTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, JSON.stringify(ccsCredential), true);\r\n }\r\n }\r\n\r\n /**\r\n * Reset all temporary cache items\r\n * @param state\r\n */\r\n resetRequestCache(state: string): void {\r\n this.logger.trace(\"BrowserCacheManager.resetRequestCache called\");\r\n // check state and remove associated cache items\r\n if (!StringUtils.isEmpty(state)) {\r\n this.getKeys().forEach(key => {\r\n if (key.indexOf(state) !== -1) {\r\n this.removeItem(key);\r\n }\r\n });\r\n }\r\n\r\n // delete generic interactive request parameters\r\n if (state) {\r\n this.removeItem(this.generateStateKey(state));\r\n this.removeItem(this.generateNonceKey(state));\r\n this.removeItem(this.generateAuthorityKey(state));\r\n }\r\n this.removeItem(this.generateCacheKey(TemporaryCacheKeys.REQUEST_PARAMS));\r\n this.removeItem(this.generateCacheKey(TemporaryCacheKeys.ORIGIN_URI));\r\n this.removeItem(this.generateCacheKey(TemporaryCacheKeys.URL_HASH));\r\n this.removeItem(this.generateCacheKey(TemporaryCacheKeys.CORRELATION_ID));\r\n this.removeItem(this.generateCacheKey(TemporaryCacheKeys.CCS_CREDENTIAL));\r\n this.removeItem(this.generateCacheKey(TemporaryCacheKeys.NATIVE_REQUEST));\r\n this.setInteractionInProgress(false);\r\n }\r\n\r\n /**\r\n * Removes temporary cache for the provided state\r\n * @param stateString\r\n */\r\n cleanRequestByState(stateString: string): void {\r\n this.logger.trace(\"BrowserCacheManager.cleanRequestByState called\");\r\n // Interaction is completed - remove interaction status.\r\n if (stateString) {\r\n const stateKey = this.generateStateKey(stateString);\r\n const cachedState = this.temporaryCacheStorage.getItem(stateKey);\r\n this.logger.infoPii(`BrowserCacheManager.cleanRequestByState: Removing temporary cache items for state: ${cachedState}`);\r\n this.resetRequestCache(cachedState || Constants.EMPTY_STRING);\r\n }\r\n this.clearMsalCookies();\r\n }\r\n\r\n /**\r\n * Looks in temporary cache for any state values with the provided interactionType and removes all temporary cache items for that state\r\n * Used in scenarios where temp cache needs to be cleaned but state is not known, such as clicking browser back button.\r\n * @param interactionType\r\n */\r\n cleanRequestByInteractionType(interactionType: InteractionType): void {\r\n this.logger.trace(\"BrowserCacheManager.cleanRequestByInteractionType called\");\r\n // Loop through all keys to find state key\r\n this.getKeys().forEach((key) => {\r\n // If this key is not the state key, move on\r\n if (key.indexOf(TemporaryCacheKeys.REQUEST_STATE) === -1) {\r\n return;\r\n }\r\n\r\n // Retrieve state value, return if not a valid value\r\n const stateValue = this.temporaryCacheStorage.getItem(key);\r\n if (!stateValue) {\r\n return;\r\n }\r\n // Extract state and ensure it matches given InteractionType, then clean request cache\r\n const parsedState = BrowserProtocolUtils.extractBrowserRequestState(this.cryptoImpl, stateValue);\r\n if (parsedState && parsedState.interactionType === interactionType) {\r\n this.logger.infoPii(`BrowserCacheManager.cleanRequestByInteractionType: Removing temporary cache items for state: ${stateValue}`);\r\n this.resetRequestCache(stateValue);\r\n }\r\n });\r\n this.clearMsalCookies();\r\n this.setInteractionInProgress(false);\r\n }\r\n\r\n cacheCodeRequest(authCodeRequest: CommonAuthorizationCodeRequest, browserCrypto: ICrypto): void {\r\n this.logger.trace(\"BrowserCacheManager.cacheCodeRequest called\");\r\n\r\n const encodedValue = browserCrypto.base64Encode(JSON.stringify(authCodeRequest));\r\n this.setTemporaryCache(TemporaryCacheKeys.REQUEST_PARAMS, encodedValue, true);\r\n }\r\n\r\n /**\r\n * Gets the token exchange parameters from the cache. Throws an error if nothing is found.\r\n */\r\n getCachedRequest(state: string, browserCrypto: ICrypto): CommonAuthorizationCodeRequest {\r\n this.logger.trace(\"BrowserCacheManager.getCachedRequest called\");\r\n // Get token request from cache and parse as TokenExchangeParameters.\r\n const encodedTokenRequest = this.getTemporaryCache(TemporaryCacheKeys.REQUEST_PARAMS, true);\r\n if (!encodedTokenRequest) {\r\n throw BrowserAuthError.createNoTokenRequestCacheError();\r\n }\r\n\r\n const parsedRequest = this.validateAndParseJson(browserCrypto.base64Decode(encodedTokenRequest)) as CommonAuthorizationCodeRequest;\r\n if (!parsedRequest) {\r\n throw BrowserAuthError.createUnableToParseTokenRequestCacheError();\r\n }\r\n this.removeItem(this.generateCacheKey(TemporaryCacheKeys.REQUEST_PARAMS));\r\n\r\n // Get cached authority and use if no authority is cached with request.\r\n if (StringUtils.isEmpty(parsedRequest.authority)) {\r\n const authorityCacheKey: string = this.generateAuthorityKey(state);\r\n const cachedAuthority = this.getTemporaryCache(authorityCacheKey);\r\n if (!cachedAuthority) {\r\n throw BrowserAuthError.createNoCachedAuthorityError();\r\n }\r\n parsedRequest.authority = cachedAuthority;\r\n }\r\n\r\n return parsedRequest;\r\n }\r\n\r\n /**\r\n * Gets cached native request for redirect flows\r\n */\r\n getCachedNativeRequest(): NativeTokenRequest | null {\r\n this.logger.trace(\"BrowserCacheManager.getCachedNativeRequest called\");\r\n const cachedRequest = this.getTemporaryCache(TemporaryCacheKeys.NATIVE_REQUEST, true);\r\n if (!cachedRequest) {\r\n this.logger.trace(\"BrowserCacheManager.getCachedNativeRequest: No cached native request found\");\r\n return null;\r\n }\r\n\r\n const parsedRequest = this.validateAndParseJson(cachedRequest) as NativeTokenRequest;\r\n if (!parsedRequest) {\r\n this.logger.error(\"BrowserCacheManager.getCachedNativeRequest: Unable to parse native request\");\r\n return null;\r\n }\r\n\r\n return parsedRequest;\r\n }\r\n\r\n isInteractionInProgress(matchClientId?: boolean): boolean {\r\n const clientId = this.getInteractionInProgress();\r\n\r\n if (matchClientId) {\r\n return clientId === this.clientId;\r\n } else {\r\n return !!clientId;\r\n }\r\n }\r\n\r\n getInteractionInProgress(): string | null {\r\n const key = `${Constants.CACHE_PREFIX}.${TemporaryCacheKeys.INTERACTION_STATUS_KEY}`;\r\n return this.getTemporaryCache(key, false);\r\n }\r\n\r\n setInteractionInProgress(inProgress: boolean): void {\r\n // Ensure we don't overwrite interaction in progress for a different clientId\r\n const key = `${Constants.CACHE_PREFIX}.${TemporaryCacheKeys.INTERACTION_STATUS_KEY}`;\r\n if (inProgress) {\r\n if (this.getInteractionInProgress()) {\r\n throw BrowserAuthError.createInteractionInProgressError();\r\n } else {\r\n // No interaction is in progress\r\n this.setTemporaryCache(key, this.clientId, false);\r\n }\r\n } else if (!inProgress && this.getInteractionInProgress() === this.clientId) {\r\n this.removeItem(key);\r\n }\r\n }\r\n\r\n /**\r\n * Returns username retrieved from ADAL or MSAL v1 idToken\r\n */\r\n getLegacyLoginHint(): string | null {\r\n // Only check for adal/msal token if no SSO params are being used\r\n const adalIdTokenString = this.getTemporaryCache(PersistentCacheKeys.ADAL_ID_TOKEN);\r\n if (adalIdTokenString) {\r\n this.browserStorage.removeItem(PersistentCacheKeys.ADAL_ID_TOKEN);\r\n this.logger.verbose(\"Cached ADAL id token retrieved.\");\r\n }\r\n\r\n // Check for cached MSAL v1 id token\r\n const msalIdTokenString = this.getTemporaryCache(PersistentCacheKeys.ID_TOKEN, true);\r\n if (msalIdTokenString) {\r\n this.removeItem(this.generateCacheKey(PersistentCacheKeys.ID_TOKEN));\r\n this.logger.verbose(\"Cached MSAL.js v1 id token retrieved\");\r\n }\r\n\r\n const cachedIdTokenString = msalIdTokenString || adalIdTokenString;\r\n if (cachedIdTokenString) {\r\n const cachedIdToken = new IdToken(cachedIdTokenString, this.cryptoImpl);\r\n if (cachedIdToken.claims && cachedIdToken.claims.preferred_username) {\r\n this.logger.verbose(\"No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 preferred_username as loginHint\");\r\n return cachedIdToken.claims.preferred_username;\r\n }\r\n else if (cachedIdToken.claims && cachedIdToken.claims.upn) {\r\n this.logger.verbose(\"No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 upn as loginHint\");\r\n return cachedIdToken.claims.upn;\r\n }\r\n else {\r\n this.logger.verbose(\"No SSO params used and ADAL/MSAL v1 token retrieved, however, no account hint claim found. Enable preferred_username or upn id token claim to get SSO.\");\r\n }\r\n }\r\n\r\n return null;\r\n }\r\n\r\n /**\r\n * Updates a credential's cache key if the current cache key is outdated\r\n */\r\n updateCredentialCacheKey(currentCacheKey: string, credential: ValidCredentialType): string {\r\n const updatedCacheKey = credential.generateCredentialKey();\r\n\r\n if (currentCacheKey !== updatedCacheKey) {\r\n const cacheItem = this.getItem(currentCacheKey);\r\n if (cacheItem) {\r\n this.removeItem(currentCacheKey);\r\n this.setItem(updatedCacheKey, cacheItem);\r\n this.logger.verbose(`Updated an outdated ${credential.credentialType} cache key`);\r\n return updatedCacheKey;\r\n } else {\r\n this.logger.error(`Attempted to update an outdated ${credential.credentialType} cache key but no item matching the outdated key was found in storage`);\r\n }\r\n }\r\n\r\n return currentCacheKey;\r\n }\r\n\r\n /**\r\n * Returns application id as redirect context during AcquireTokenRedirect flow.\r\n */\r\n getRedirectRequestContext(): string | null {\r\n return this.getTemporaryCache(TemporaryCacheKeys.REDIRECT_CONTEXT, true);\r\n }\r\n\r\n /**\r\n * Sets application id as the redirect context during AcquireTokenRedirect flow.\r\n * @param value\r\n */\r\n setRedirectRequestContext(value: string): void {\r\n this.setTemporaryCache(TemporaryCacheKeys.REDIRECT_CONTEXT, value, true);\r\n }\r\n}\r\n\r\nexport const DEFAULT_BROWSER_CACHE_MANAGER = (clientId: string, logger: Logger): BrowserCacheManager => {\r\n const cacheOptions: Required = {\r\n cacheLocation: BrowserCacheLocation.MemoryStorage,\r\n temporaryCacheLocation: BrowserCacheLocation.MemoryStorage,\r\n storeAuthStateInCookie: false,\r\n secureCookies: false,\r\n cacheMigrationEnabled: false,\r\n claimsBasedCachingEnabled: true\r\n };\r\n return new BrowserCacheManager(clientId, cacheOptions, DEFAULT_CRYPTO_IMPLEMENTATION, logger);\r\n};\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { INetworkModule } from \"../network/INetworkModule\";\r\nimport { DEFAULT_CRYPTO_IMPLEMENTATION, ICrypto } from \"../crypto/ICrypto\";\r\nimport { AuthError } from \"../error/AuthError\";\r\nimport { ILoggerCallback, Logger, LogLevel } from \"../logger/Logger\";\r\nimport { Constants } from \"../utils/Constants\";\r\nimport { version } from \"../packageMetadata\";\r\nimport { Authority } from \"../authority/Authority\";\r\nimport { AzureCloudInstance } from \"../authority/AuthorityOptions\";\r\nimport { CacheManager, DefaultStorageClass } from \"../cache/CacheManager\";\r\nimport { ServerTelemetryManager } from \"../telemetry/server/ServerTelemetryManager\";\r\nimport { ICachePlugin } from \"../cache/interface/ICachePlugin\";\r\nimport { ISerializableTokenCache } from \"../cache/interface/ISerializableTokenCache\";\r\nimport { ClientCredentials } from \"../account/ClientCredentials\";\r\n\r\n// Token renewal offset default in seconds\r\nconst DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;\r\n\r\n/**\r\n * Use the configuration object to configure MSAL Modules and initialize the base interfaces for MSAL.\r\n *\r\n * This object allows you to configure important elements of MSAL functionality:\r\n * - authOptions - Authentication for application\r\n * - cryptoInterface - Implementation of crypto functions\r\n * - libraryInfo - Library metadata\r\n * - telemetry - Telemetry options and data\r\n * - loggerOptions - Logging for application\r\n * - cacheOptions - Cache options for application\r\n * - networkInterface - Network implementation\r\n * - storageInterface - Storage implementation\r\n * - systemOptions - Additional library options\r\n * - clientCredentials - Credentials options for confidential clients\r\n */\r\nexport type ClientConfiguration = {\r\n authOptions: AuthOptions,\r\n systemOptions?: SystemOptions,\r\n loggerOptions?: LoggerOptions,\r\n cacheOptions?: CacheOptions,\r\n storageInterface?: CacheManager,\r\n networkInterface?: INetworkModule,\r\n cryptoInterface?: ICrypto,\r\n clientCredentials?: ClientCredentials,\r\n libraryInfo?: LibraryInfo\r\n telemetry?: TelemetryOptions,\r\n serverTelemetryManager?: ServerTelemetryManager | null,\r\n persistencePlugin?: ICachePlugin | null,\r\n serializableCache?: ISerializableTokenCache | null, \r\n};\r\n\r\nexport type CommonClientConfiguration = {\r\n authOptions: Required,\r\n systemOptions: Required,\r\n loggerOptions : Required