diff --git a/README.md b/README.md index ea1d842d..a2fc0a4b 100644 --- a/README.md +++ b/README.md @@ -10,12 +10,10 @@ If you want to chip in by porting features or even creating new ones, here is a ```powershell git clone https://github.com/pnp/sp-editor.git # clone the project cd sp-editor # go to the folder -npm i # install dependencies -cd iframe-sandbox-app # go to the iframe app folder -npm i # install dependencies -cd .. # got back to root -npm run watch # build and start watch mode code . # open vscode +npm i # install dependencies +npm run build # to build everything before starting to developing +npm start # build and start watch mode ``` When Watch is running, open Microsoft Edge and select Extensions from the menu @@ -33,7 +31,7 @@ If all good, the local build extension will show up ![](repo-images/edgeextensionloaded.png) -Now you can open a SharePoint site, open devtools and select SharePoint tab. Press the reload button to reload extension after making code changes. +Now you can open a SharePoint site, open devtools and select SharePoint tab. The extension updates it self on file changes. If it does not, press the reload button to reload extension after making code changes. ![](repo-images/edgewatchrefresh.png) diff --git a/package-lock.json b/package-lock.json index f1a6ea2d..a169a7ab 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,18 +17,18 @@ "@microsoft/mgt-react": "^4.2.5", "@microsoft/microsoft-graph-client": "^3.0.7", "@minoru/react-dnd-treeview": "^3.4.4", - "@pnp/graph": "^4.4.0", - "@pnp/logging": "^4.4.0", - "@pnp/msaljsclient": "^4.4.0", - "@pnp/sp": "^4.4.0", - "@pnp/sp-admin": "^4.4.0", + "@pnp/graph": "^4.5.0", + "@pnp/logging": "^4.5.0", + "@pnp/msaljsclient": "^4.5.0", + "@pnp/sp": "^4.5.0", + "@pnp/sp-admin": "^4.5.0", "@reduxjs/toolkit": "^2.2.7", "@testing-library/jest-dom": "^6.5.0", "@testing-library/react": "^16.0.1", "@testing-library/user-event": "^14.5.2", "@types/jest": "^29.5.13", - "@types/node": "^22.5.4", - "@types/react": "^18.3.5", + "@types/node": "^22.5.5", + "@types/react": "^18.3.6", "@types/react-dom": "^18.3.0", "@uifabric/theme-samples": "^7.5.33", "gsap": "^3.12.5", @@ -48,11 +48,11 @@ }, "devDependencies": { "@babel/plugin-proposal-private-property-in-object": "^7.21.11", - "@types/chrome": "^0.0.270", + "@types/chrome": "^0.0.271", "del": "^6.0.0", "gulp": "^4.0.2", "gulp-rename": "^2.0.0", - "gulp-replace": "^1.1.3", + "gulp-replace": "^1.1.4", "react-scripts": "^5.0.1", "ts-loader": "^9.5.1", "webpack-cli": "^5.1.4" @@ -2408,9 +2408,9 @@ } }, "node_modules/@eslint-community/regexpp": { - "version": "4.11.0", - "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.11.0.tgz", - "integrity": "sha512-G/M/tIiMrTAxEWRfLfQJMmGNX28IxBg4PBz8XqQhqUHLFI6TL2htpIB1iQCj144V5ee/JaKyT9/WZ0MGZWfA7A==", + "version": "4.11.1", + "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.11.1.tgz", + "integrity": "sha512-m4DVN9ZqskZoLU5GlWZadwDnYo3vAEydiUayB9widCl9ffWx2IvPnp6n3on5rJmziJSw9Bv+Z3ChDVdMwXCY8Q==", "engines": { "node": "^12.0.0 || ^14.0.0 || >=16.0.0" } @@ -2479,9 +2479,9 @@ } }, "node_modules/@eslint/js": { - "version": "8.57.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", - "integrity": "sha512-Ys+3g2TaW7gADOJzPt83SJtCDhMjndcDMFVQ/Tj9iA1BfJzFKD9mAUXT3OenpuPHbI6P/myECxRJrofUsDx/5g==", + "version": "8.57.1", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.1.tgz", + "integrity": "sha512-d9zaMRSTIKDLhctzH12MtXvJKSSUhaHcjV+2Z+GK+EEY7XKpP5yR4x+N3TAcHTcu963nIr+TMcCb4DBCYX1z6Q==", "engines": { "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } @@ -2697,12 +2697,12 @@ } }, "node_modules/@humanwhocodes/config-array": { - "version": "0.11.14", - "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", - "integrity": "sha512-3T8LkOmg45BV5FICb15QQMsyUSWrQ8AygVfC7ZG32zOalnqrilm018ZVCw0eapXux8FtA33q8PSRSstjee3jSg==", + "version": "0.13.0", + "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.13.0.tgz", + "integrity": "sha512-DZLEEqFWQFiyK6h5YIeynKx7JlvCYWL0cImfSRXZ9l4Sg2efkFGTuFf6vzXjK1cq6IYkU+Eg/JizXw+TD2vRNw==", "deprecated": "Use @eslint/config-array instead", "dependencies": { - "@humanwhocodes/object-schema": "^2.0.2", + "@humanwhocodes/object-schema": "^2.0.3", "debug": "^4.3.1", "minimatch": "^3.0.5" }, @@ -4703,11 +4703,11 @@ } }, "node_modules/@pnp/core": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@pnp/core/-/core-4.4.0.tgz", - "integrity": "sha512-AvHESw6lwVGj0O/3tNChdjYDaE3YRb6vHRIGp75pUD7vl8JVK8OQf7C9IFL8RWr8mEYeUJHBg7qi9mPeKd7USQ==", + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/@pnp/core/-/core-4.5.0.tgz", + "integrity": "sha512-8BaF0clEoL31tHNV4dZYJ4343/kmdbYl0EUGixc4pZm+xLeMiId42R9mNpNfWKxhE3htlm7mU+vgseOFib8pxA==", "dependencies": { - "tslib": "2.6.3" + "tslib": "2.7.0" }, "engines": { "node": ">=18.12.0" @@ -4717,20 +4717,15 @@ "url": "https://github.com/sponsors/patrick-rodgers/" } }, - "node_modules/@pnp/core/node_modules/tslib": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", - "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" - }, "node_modules/@pnp/graph": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@pnp/graph/-/graph-4.4.0.tgz", - "integrity": "sha512-xgMs4AEsLmYSCEFa+cg8J4AU8N6tc3e1CsyM/YqG/QygbABdFhOPmXkDHL0o3DF0nySEDMh2PDh7NOeBuanvmw==", + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/@pnp/graph/-/graph-4.5.0.tgz", + "integrity": "sha512-VRamIST8X4hAAYHTPOCB/eofiXXvebc2mjhRPM/M7Qb1Voft0EfsFzV0IPXRvhhDHrPHOVBp85YJWJZastwNDA==", "dependencies": { "@microsoft/microsoft-graph-types": "2.40.0", - "@pnp/core": "4.4.0", - "@pnp/queryable": "4.4.0", - "tslib": "2.6.3" + "@pnp/core": "4.5.0", + "@pnp/queryable": "4.5.0", + "tslib": "2.7.0" }, "engines": { "node": ">=18.12.0" @@ -4740,17 +4735,12 @@ "url": "https://github.com/sponsors/patrick-rodgers/" } }, - "node_modules/@pnp/graph/node_modules/tslib": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", - "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" - }, "node_modules/@pnp/logging": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@pnp/logging/-/logging-4.4.0.tgz", - "integrity": "sha512-VF0GklS7WDQQZG/fojgY3s6oN8mlb808CufU767YrJVBmlkd/LzrrR611Jceq04S5RkIMbcQh1rlDLeYxHYCmQ==", + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/@pnp/logging/-/logging-4.5.0.tgz", + "integrity": "sha512-Pyuco2KhMBoUOO5aoc6qxk6zmdGO+eM+h6F2OCGRGrVDL1p6ccOkVCMk5SPG3chXoJxYE/zoHGqxMx3AMAreig==", "dependencies": { - "tslib": "2.6.3" + "tslib": "2.7.0" }, "engines": { "node": ">=18.12.0" @@ -4760,19 +4750,14 @@ "url": "https://github.com/sponsors/patrick-rodgers/" } }, - "node_modules/@pnp/logging/node_modules/tslib": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", - "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" - }, "node_modules/@pnp/msaljsclient": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@pnp/msaljsclient/-/msaljsclient-4.4.0.tgz", - "integrity": "sha512-m5GETlSsfUd1uwezlW7mQuvQoxAlqMyqjSxg0Wpaz6hHOG17mbxVUzoXJXGCwDXOShSTRp2wPcuOC+rcDBns8w==", + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/@pnp/msaljsclient/-/msaljsclient-4.5.0.tgz", + "integrity": "sha512-UEsKy1xT4bjj5TvYZDLNx45ReMKvEV/ri/a2rBkB/F4Uf/4XPrFO0qQhmjIS3s5Pcs1Xiho1WO3zJovLyxZWxA==", "dependencies": { - "@azure/msal-browser": "3.20.0", - "@pnp/queryable": "4.4.0", - "tslib": "2.6.3" + "@azure/msal-browser": "3.23.0", + "@pnp/queryable": "4.5.0", + "tslib": "2.7.0" }, "engines": { "node": ">=18.12.0" @@ -4782,37 +4767,13 @@ "url": "https://github.com/sponsors/patrick-rodgers/" } }, - "node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser": { - "version": "3.20.0", - "resolved": "https://registry.npmjs.org/@azure/msal-browser/-/msal-browser-3.20.0.tgz", - "integrity": "sha512-ErsxbfCGIwdqD8jipqdxpfAGiUEQS7MWUe39Rjhl0ZVPsb1JEe9bZCe2+0g23HDH6DGyCAtnTNN9scPtievrMQ==", - "dependencies": { - "@azure/msal-common": "14.14.0" - }, - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common": { - "version": "14.14.0", - "resolved": "https://registry.npmjs.org/@azure/msal-common/-/msal-common-14.14.0.tgz", - "integrity": "sha512-OxcOk9H1/1fktHh6//VCORgSNJc2dCQObTm6JNmL824Z6iZSO6eFo/Bttxe0hETn9B+cr7gDouTQtsRq3YPuSQ==", - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/@pnp/msaljsclient/node_modules/tslib": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", - "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" - }, "node_modules/@pnp/queryable": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@pnp/queryable/-/queryable-4.4.0.tgz", - "integrity": "sha512-6qczJ73x6Ok6JQBxwnZMpgM0cJkq298uLVIrrBhC0wfwLurekkBSLHgqBa7SG9nFQjEOe8AkdTag+ZEVPFvrZA==", + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/@pnp/queryable/-/queryable-4.5.0.tgz", + "integrity": "sha512-uvhfV0bCL2cLulcx/AQ5AEPQesRphuQ5pTqPLcxfbqHFXZY6T3cjkKBYfNqRpYjPzMQlNW5qo9vEA3JUGCrbVw==", "dependencies": { - "@pnp/core": "4.4.0", - "tslib": "2.6.3" + "@pnp/core": "4.5.0", + "tslib": "2.7.0" }, "engines": { "node": ">=18.12.0" @@ -4822,19 +4783,14 @@ "url": "https://github.com/sponsors/patrick-rodgers/" } }, - "node_modules/@pnp/queryable/node_modules/tslib": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", - "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" - }, "node_modules/@pnp/sp": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@pnp/sp/-/sp-4.4.0.tgz", - "integrity": "sha512-FAOkhPeTVBLLUoqQo1XL5q3l3tIHs0BrkIAHJoD6S3b6BehQZIkr0VkPBSTxjD8ojy9KVnMkOjhbmJS/toC4pQ==", + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/@pnp/sp/-/sp-4.5.0.tgz", + "integrity": "sha512-hKTR4kc6hsZ/nrxjB8T9GCYg5tNY6/hut9P1gkK08Df8gzh42rlYKk7gb7K0U00hqlwoRfw9iS/18Ah8ErZVzg==", "dependencies": { - "@pnp/core": "4.4.0", - "@pnp/queryable": "4.4.0", - "tslib": "2.6.3" + "@pnp/core": "4.5.0", + "@pnp/queryable": "4.5.0", + "tslib": "2.7.0" }, "engines": { "node": ">=18.12.0" @@ -4845,14 +4801,14 @@ } }, "node_modules/@pnp/sp-admin": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@pnp/sp-admin/-/sp-admin-4.4.0.tgz", - "integrity": "sha512-c/kfI8wjBkUYqC10yEPR0Td4ycEVI3di3cA++jEYUfjP4gVqxL3NjT6veJclmXQ5jOTK+KRiLLEhK9LttP5jrw==", + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/@pnp/sp-admin/-/sp-admin-4.5.0.tgz", + "integrity": "sha512-AdEKRdJu6uNZPDr/95s4xaWrHugU5ANVmBw42IxwcQHyDQ4COLyxJHhaI8v6g2tpJ4bU+kMdyzX6IPTYC5acsw==", "dependencies": { - "@pnp/core": "4.4.0", - "@pnp/queryable": "4.4.0", - "@pnp/sp": "4.4.0", - "tslib": "2.6.3" + "@pnp/core": "4.5.0", + "@pnp/queryable": "4.5.0", + "@pnp/sp": "4.5.0", + "tslib": "2.7.0" }, "engines": { "node": ">=18.12.0" @@ -4862,16 +4818,6 @@ "url": "https://github.com/sponsors/patrick-rodgers/" } }, - "node_modules/@pnp/sp-admin/node_modules/tslib": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", - "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" - }, - "node_modules/@pnp/sp/node_modules/tslib": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", - "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==" - }, "node_modules/@react-dnd/asap": { "version": "5.0.2", "resolved": "https://registry.npmjs.org/@react-dnd/asap/-/asap-5.0.2.tgz", @@ -5630,9 +5576,9 @@ } }, "node_modules/@types/chrome": { - "version": "0.0.270", - "resolved": "https://registry.npmjs.org/@types/chrome/-/chrome-0.0.270.tgz", - "integrity": "sha512-ADvkowV7YnJfycZZxL2brluZ6STGW+9oKG37B422UePf2PCXuFA/XdERI0T18wtuWPx0tmFeZqq6MOXVk1IC+Q==", + "version": "0.0.271", + "resolved": "https://registry.npmjs.org/@types/chrome/-/chrome-0.0.271.tgz", + "integrity": "sha512-K0qgXvkwA5ic+/eygF1xiypHEvCoBgH5lwrhg3yva2mqJuCWyYm0vpZQ22GksAxgGfo0PWev9Zx3plp2clMlwg==", "dev": true, "dependencies": { "@types/filesystem": "*", @@ -5829,9 +5775,9 @@ "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==" }, "node_modules/@types/node": { - "version": "22.5.4", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.4.tgz", - "integrity": "sha512-FDuKUJQm/ju9fT/SeX/6+gBzoPzlVCzfzmGkwKvRHQVxi4BntVbyIwf6a4Xn62mrvndLiml6z/UBXIdEVjQLXg==", + "version": "22.5.5", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.5.tgz", + "integrity": "sha512-Xjs4y5UPO/CLdzpgR6GirZJx36yScjh73+2NlLlkFRSoQN8B0DpfXPdZGnvVmLRLOsqDpOfTNv7D9trgGhmOIA==", "dependencies": { "undici-types": "~6.19.2" } @@ -5860,9 +5806,9 @@ "integrity": "sha512-rlAnzkW2sZOjbqZ743IHUhFcvzaGbqijwOu8QZnZCjfQzBqFE3s4lOTJEsxikImav9uzz/42I+O7YUs1mWgMlg==" }, "node_modules/@types/prop-types": { - "version": "15.7.12", - "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.12.tgz", - "integrity": "sha512-5zvhXYtRNRluoE/jAp4GVsSduVUzNWKkOZrCDBWYtE7biZywwdC2AcEzg+cSMLFRfVgeAFqpfNabiPjxFddV1Q==" + "version": "15.7.13", + "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.13.tgz", + "integrity": "sha512-hCZTSvwbzWGvhqxp/RqVqwU999pBf2vp7hzIjiYOsl8wqOmUxkQ6ddw1cV3l8811+kdUFus/q4d1Y3E3SyEifA==" }, "node_modules/@types/q": { "version": "1.5.8", @@ -5870,9 +5816,9 @@ "integrity": "sha512-hroOstUScF6zhIi+5+x0dzqrHA1EJi+Irri6b1fxolMTqqHIV/Cg77EtnQcZqZCu8hR3mX2BzIxN4/GzI68Kfw==" }, "node_modules/@types/qs": { - "version": "6.9.15", - "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", - "integrity": "sha512-uXHQKES6DQKKCLh441Xv/dwxOq1TVS3JPUMlEqoEglvlhR6Mxnlew/Xq/LRVHpLyk7iK3zODe1qYHIMltO7XGg==" + "version": "6.9.16", + "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.16.tgz", + "integrity": "sha512-7i+zxXdPD0T4cKDuxCUXJ4wHcsJLwENa6Z3dCu8cfCK743OGy5Nu1RmAGqDPsoTDINVEcdXKRvR/zre+P2Ku1A==" }, "node_modules/@types/range-parser": { "version": "1.2.7", @@ -5880,9 +5826,9 @@ "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==" }, "node_modules/@types/react": { - "version": "18.3.5", - "resolved": "https://registry.npmjs.org/@types/react/-/react-18.3.5.tgz", - "integrity": "sha512-WeqMfGJLGuLCqHGYRGHxnKrXcTitc6L/nBUWfWPcTarG3t9PsquqUMuVeXZeca+mglY4Vo5GZjCi0A3Or2lnxA==", + "version": "18.3.7", + "resolved": "https://registry.npmjs.org/@types/react/-/react-18.3.7.tgz", + "integrity": "sha512-KUnDCJF5+AiZd8owLIeVHqmW9yM4sqmDVf2JRJiBMFkGvkoZ4/WyV2lL4zVsoinmRS/W3FeEdZLEWFRofnT2FQ==", "dependencies": { "@types/prop-types": "*", "csstype": "^3.0.2" @@ -6273,9 +6219,9 @@ } }, "node_modules/@uifabric/icons/node_modules/@types/react": { - "version": "17.0.80", - "resolved": "https://registry.npmjs.org/@types/react/-/react-17.0.80.tgz", - "integrity": "sha512-LrgHIu2lEtIo8M7d1FcI3BdwXWoRQwMoXOZ7+dPTW0lYREjmlHl3P0U1VD0i/9tppOuv8/sam7sOjx34TxSFbA==", + "version": "17.0.82", + "resolved": "https://registry.npmjs.org/@types/react/-/react-17.0.82.tgz", + "integrity": "sha512-wTW8Lu/PARGPFE8tOZqCvprOKg5sen/2uS03yKn2xbCDFP9oLncm7vMDQ2+dEQXHVIXrOpW6u72xUXEXO0ypSw==", "peer": true, "dependencies": { "@types/prop-types": "*", @@ -6419,9 +6365,9 @@ } }, "node_modules/@uifabric/styling/node_modules/@types/react": { - "version": "17.0.80", - "resolved": "https://registry.npmjs.org/@types/react/-/react-17.0.80.tgz", - "integrity": "sha512-LrgHIu2lEtIo8M7d1FcI3BdwXWoRQwMoXOZ7+dPTW0lYREjmlHl3P0U1VD0i/9tppOuv8/sam7sOjx34TxSFbA==", + "version": "17.0.82", + "resolved": "https://registry.npmjs.org/@types/react/-/react-17.0.82.tgz", + "integrity": "sha512-wTW8Lu/PARGPFE8tOZqCvprOKg5sen/2uS03yKn2xbCDFP9oLncm7vMDQ2+dEQXHVIXrOpW6u72xUXEXO0ypSw==", "peer": true, "dependencies": { "@types/prop-types": "*", @@ -6638,9 +6584,9 @@ } }, "node_modules/@uifabric/theme-samples/node_modules/@types/react": { - "version": "17.0.80", - "resolved": "https://registry.npmjs.org/@types/react/-/react-17.0.80.tgz", - "integrity": "sha512-LrgHIu2lEtIo8M7d1FcI3BdwXWoRQwMoXOZ7+dPTW0lYREjmlHl3P0U1VD0i/9tppOuv8/sam7sOjx34TxSFbA==", + "version": "17.0.82", + "resolved": "https://registry.npmjs.org/@types/react/-/react-17.0.82.tgz", + "integrity": "sha512-wTW8Lu/PARGPFE8tOZqCvprOKg5sen/2uS03yKn2xbCDFP9oLncm7vMDQ2+dEQXHVIXrOpW6u72xUXEXO0ypSw==", "peer": true, "dependencies": { "@types/prop-types": "*", @@ -6817,9 +6763,9 @@ } }, "node_modules/@uifabric/variants/node_modules/@types/react": { - "version": "17.0.80", - "resolved": "https://registry.npmjs.org/@types/react/-/react-17.0.80.tgz", - "integrity": "sha512-LrgHIu2lEtIo8M7d1FcI3BdwXWoRQwMoXOZ7+dPTW0lYREjmlHl3P0U1VD0i/9tppOuv8/sam7sOjx34TxSFbA==", + "version": "17.0.82", + "resolved": "https://registry.npmjs.org/@types/react/-/react-17.0.82.tgz", + "integrity": "sha512-wTW8Lu/PARGPFE8tOZqCvprOKg5sen/2uS03yKn2xbCDFP9oLncm7vMDQ2+dEQXHVIXrOpW6u72xUXEXO0ypSw==", "peer": true, "dependencies": { "@types/prop-types": "*", @@ -7356,15 +7302,121 @@ "integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==" }, "node_modules/anymatch": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", - "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-2.0.0.tgz", + "integrity": "sha512-5teOsQWABXHHBFP9y3skS5P3d/WfWXpv3FUpy+LorMrNYaT9pI4oLMQX7jzQ2KklNpGpWHzdCXTDT2Y3XGlZBw==", + "dev": true, "dependencies": { - "normalize-path": "^3.0.0", - "picomatch": "^2.0.4" + "micromatch": "^3.1.4", + "normalize-path": "^2.1.1" + } + }, + "node_modules/anymatch/node_modules/define-property": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", + "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==", + "dev": true, + "dependencies": { + "is-descriptor": "^1.0.2", + "isobject": "^3.0.1" }, "engines": { - "node": ">= 8" + "node": ">=0.10.0" + } + }, + "node_modules/anymatch/node_modules/extend-shallow": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", + "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", + "dev": true, + "dependencies": { + "assign-symbols": "^1.0.0", + "is-extendable": "^1.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/anymatch/node_modules/is-descriptor": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.3.tgz", + "integrity": "sha512-JCNNGbwWZEVaSPtS45mdtrneRWJFp07LLmykxeFV5F6oBvNF8vHSfJuJgoT472pSfk+Mf8VnlrspaFBHWM8JAw==", + "dev": true, + "dependencies": { + "is-accessor-descriptor": "^1.0.1", + "is-data-descriptor": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/anymatch/node_modules/is-extendable": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", + "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", + "dev": true, + "dependencies": { + "is-plain-object": "^2.0.4" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/anymatch/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dev": true, + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/anymatch/node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/anymatch/node_modules/micromatch": { + "version": "3.1.10", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz", + "integrity": "sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==", + "dev": true, + "dependencies": { + "arr-diff": "^4.0.0", + "array-unique": "^0.3.2", + "braces": "^2.3.1", + "define-property": "^2.0.2", + "extend-shallow": "^3.0.2", + "extglob": "^2.0.4", + "fragment-cache": "^0.2.1", + "kind-of": "^6.0.2", + "nanomatch": "^1.2.9", + "object.pick": "^1.3.0", + "regex-not": "^1.0.0", + "snapdragon": "^0.8.1", + "to-regex": "^3.0.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/anymatch/node_modules/normalize-path": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz", + "integrity": "sha512-3pKJwH184Xo/lnH6oyP1q2pMd7HcypqqmRs91/6/i2CGtWwIKGCkOOMTm/zXbgTEWHw1uNpNi/igc3ePOYHb6w==", + "dev": true, + "dependencies": { + "remove-trailing-separator": "^1.0.1" + }, + "engines": { + "node": ">=0.10.0" } }, "node_modules/append-buffer": { @@ -7571,15 +7623,6 @@ "node": ">=0.10.0" } }, - "node_modules/array-sort/node_modules/kind-of": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", - "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/array-union": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", @@ -7988,12 +8031,12 @@ } }, "node_modules/babel-loader": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-8.3.0.tgz", - "integrity": "sha512-H8SvsMF+m9t15HNLMipppzkC+Y2Yq+v3SonZyU70RBL/h1gxPkH08Ot8pEE9Z4Kd+czyWJClmFS8qzIP9OZ04Q==", + "version": "8.4.1", + "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-8.4.1.tgz", + "integrity": "sha512-nXzRChX+Z1GoE6yWavBQg6jDslyFF3SDjl2paADuoQtQW10JqShJt62R6eJQ5m/pjJFDT8xgKIWSP85OY8eXeA==", "dependencies": { "find-cache-dir": "^3.3.1", - "loader-utils": "^2.0.0", + "loader-utils": "^2.0.4", "make-dir": "^3.1.0", "schema-utils": "^2.6.5" }, @@ -8232,6 +8275,19 @@ "node": ">=0.10.0" } }, + "node_modules/base/node_modules/is-descriptor": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.3.tgz", + "integrity": "sha512-JCNNGbwWZEVaSPtS45mdtrneRWJFp07LLmykxeFV5F6oBvNF8vHSfJuJgoT472pSfk+Mf8VnlrspaFBHWM8JAw==", + "dev": true, + "dependencies": { + "is-accessor-descriptor": "^1.0.1", + "is-data-descriptor": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/batch": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/batch/-/batch-0.6.1.tgz", @@ -8261,14 +8317,12 @@ } }, "node_modules/binary-extensions": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", - "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", + "version": "1.13.1", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.13.1.tgz", + "integrity": "sha512-Un7MIEDdUC5gNpcGDV97op1Ywk748MpHcFTHoYs6qnj1Z3j7I53VG3nwZhKzoBZmbdRNnb6WRdFlwl7tSDuZGw==", + "dev": true, "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" + "node": ">=0.10.0" } }, "node_modules/binaryextensions": { @@ -8377,14 +8431,24 @@ } }, "node_modules/braces": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", - "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz", + "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==", + "dev": true, "dependencies": { - "fill-range": "^7.1.1" + "arr-flatten": "^1.1.0", + "array-unique": "^0.3.2", + "extend-shallow": "^2.0.1", + "fill-range": "^4.0.0", + "isobject": "^3.0.1", + "repeat-element": "^1.1.2", + "snapdragon": "^0.8.1", + "snapdragon-node": "^2.0.1", + "split-string": "^3.0.2", + "to-regex": "^3.0.1" }, "engines": { - "node": ">=8" + "node": ">=0.10.0" } }, "node_modules/browser-process-hrtime": { @@ -8606,37 +8670,47 @@ "integrity": "sha512-+67P1GkJRaxQD6PKK0Et9DhwQB+vGg3PM5+aavopCpZT1lj9jeqfvpgTLAWErNj8qApkkmXlu/Ug74kmhagkXg==" }, "node_modules/chokidar": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", - "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "version": "2.1.8", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-2.1.8.tgz", + "integrity": "sha512-ZmZUazfOzf0Nve7duiCKD23PFSCs4JPoYyccjUFF3aQkQadqBhfzhjkwBH2mNOG9cTBwhamM37EIsIkZw3nRgg==", + "dev": true, "dependencies": { - "anymatch": "~3.1.2", - "braces": "~3.0.2", - "glob-parent": "~5.1.2", - "is-binary-path": "~2.1.0", - "is-glob": "~4.0.1", - "normalize-path": "~3.0.0", - "readdirp": "~3.6.0" - }, - "engines": { - "node": ">= 8.10.0" - }, - "funding": { - "url": "https://paulmillr.com/funding/" + "anymatch": "^2.0.0", + "async-each": "^1.0.1", + "braces": "^2.3.2", + "glob-parent": "^3.1.0", + "inherits": "^2.0.3", + "is-binary-path": "^1.0.0", + "is-glob": "^4.0.0", + "normalize-path": "^3.0.0", + "path-is-absolute": "^1.0.0", + "readdirp": "^2.2.1", + "upath": "^1.1.1" }, "optionalDependencies": { - "fsevents": "~2.3.2" + "fsevents": "^1.2.7" } }, "node_modules/chokidar/node_modules/glob-parent": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz", + "integrity": "sha512-E8Ak/2+dZY6fnzlR7+ueWvhsH1SjHr4jjss4YS/h4py44jY9MhK/VFdaZJAWDz6BbL21KeteKxFSFpq8OS5gVA==", + "dev": true, "dependencies": { - "is-glob": "^4.0.1" + "is-glob": "^3.1.0", + "path-dirname": "^1.0.0" + } + }, + "node_modules/chokidar/node_modules/glob-parent/node_modules/is-glob": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz", + "integrity": "sha512-UFpDDrPgM6qpnFNI+rh/p3bUaq9hKLZN8bMUWzxmcnZVS3omf4IPK+BrewlnWjO1WmUsMYuSjKh4UJuV4+Lqmw==", + "dev": true, + "dependencies": { + "is-extglob": "^2.1.0" }, "engines": { - "node": ">= 6" + "node": ">=0.10.0" } }, "node_modules/chrome-trace-event": { @@ -8681,31 +8755,6 @@ "node": ">=0.10.0" } }, - "node_modules/class-utils/node_modules/define-property": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", - "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", - "dev": true, - "dependencies": { - "is-descriptor": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/class-utils/node_modules/is-descriptor": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.7.tgz", - "integrity": "sha512-C3grZTvObeN1xud4cRWl366OMXZTj0+HGyk4hvfpx4ZHt1Pb60ANSXqCK7pdOTeUQpRzECBSTphqvD7U+l22Eg==", - "dev": true, - "dependencies": { - "is-accessor-descriptor": "^1.0.1", - "is-data-descriptor": "^1.0.1" - }, - "engines": { - "node": ">= 0.4" - } - }, "node_modules/classnames": { "version": "2.5.1", "resolved": "https://registry.npmjs.org/classnames/-/classnames-2.5.1.tgz", @@ -8740,13 +8789,35 @@ } }, "node_modules/cliui": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", - "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-3.2.0.tgz", + "integrity": "sha512-0yayqDxWQbqk3ojkYqUKqaAQ6AfNKeKWRNA8kR0WXzAsdHpP4BIaOmMAG87JGuO6qcobyW4GjxHd9PmhEd+T9w==", + "dev": true, "dependencies": { - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "wrap-ansi": "^7.0.0" + "string-width": "^1.0.1", + "strip-ansi": "^3.0.1", + "wrap-ansi": "^2.0.0" + } + }, + "node_modules/cliui/node_modules/ansi-regex": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "integrity": "sha512-TIGnTpdo+E3+pCyAluZvtED5p5wCqLdezCyhPZzKPcxvFplEt4i+W7OONCKgeZFT3+y5NZZfOOS/Bdcanm1MYA==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/cliui/node_modules/strip-ansi": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "integrity": "sha512-VhumSSbBqDTP8p2ZLKj40UjBCV4+v8bUSEpUb4KjRgWk9pbqGF4REFj6KEagidb2f/M6AzC0EmFyDNGaw9OCzg==", + "dev": true, + "dependencies": { + "ansi-regex": "^2.0.0" + }, + "engines": { + "node": ">=0.10.0" } }, "node_modules/clone": { @@ -8780,6 +8851,25 @@ "node": ">=6" } }, + "node_modules/clone-deep/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/clone-deep/node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/clone-stats": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/clone-stats/-/clone-stats-1.0.0.tgz", @@ -8797,42 +8887,6 @@ "readable-stream": "^2.3.5" } }, - "node_modules/cloneable-readable/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/cloneable-readable/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/cloneable-readable/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/cloneable-readable/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/clsx": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz", @@ -9023,11 +9077,6 @@ "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" }, - "node_modules/compression/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" - }, "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", @@ -9048,42 +9097,6 @@ "typedarray": "^0.0.6" } }, - "node_modules/concat-stream/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/concat-stream/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/concat-stream/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/concat-stream/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/confusing-browser-globals": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.11.tgz", @@ -9108,6 +9121,25 @@ "node": ">= 0.6" } }, + "node_modules/content-disposition/node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, "node_modules/content-type": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", @@ -9153,15 +9185,6 @@ "is-plain-object": "^5.0.0" } }, - "node_modules/copy-props/node_modules/is-plain-object": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", - "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/core-js": { "version": "3.38.1", "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.38.1.tgz", @@ -9783,6 +9806,11 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/deep-equal/node_modules/isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + }, "node_modules/deep-is": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", @@ -9808,15 +9836,6 @@ "node": ">=0.10.0" } }, - "node_modules/default-compare/node_modules/kind-of": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", - "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/default-gateway": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/default-gateway/-/default-gateway-6.0.3.tgz", @@ -9878,13 +9897,12 @@ } }, "node_modules/define-property": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", - "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==", + "version": "0.2.5", + "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", + "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", "dev": true, "dependencies": { - "is-descriptor": "^1.0.2", - "isobject": "^3.0.1" + "is-descriptor": "^0.1.0" }, "engines": { "node": ">=0.10.0" @@ -10202,42 +10220,6 @@ "stream-shift": "^1.0.0" } }, - "node_modules/duplexify/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/duplexify/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/duplexify/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/duplexify/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/each-props": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/each-props/-/each-props-1.3.2.tgz", @@ -10248,6 +10230,18 @@ "object.defaults": "^1.1.0" } }, + "node_modules/each-props/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dev": true, + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/eastasianwidth": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", @@ -10273,9 +10267,9 @@ } }, "node_modules/electron-to-chromium": { - "version": "1.5.22", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.22.tgz", - "integrity": "sha512-tKYm5YHPU1djz0O+CGJ+oJIvimtsCcwR2Z9w7Skh08lUdyzXY5djods3q+z2JkWdb7tCcmM//eVavSRAiaPRNg==" + "version": "1.5.24", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.24.tgz", + "integrity": "sha512-0x0wLCmpdKFCi9ulhvYZebgcPmHTkFVUfU2wzDykadkslKwT4oAmDTHEKLnlrDsMGZe4B+ksn8quZfZjYsBetA==" }, "node_modules/emittery": { "version": "0.8.1", @@ -10468,6 +10462,11 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/es-get-iterator/node_modules/isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + }, "node_modules/es-iterator-helpers": { "version": "1.0.19", "resolved": "https://registry.npmjs.org/es-iterator-helpers/-/es-iterator-helpers-1.0.19.tgz", @@ -10648,15 +10647,15 @@ } }, "node_modules/eslint": { - "version": "8.57.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", - "integrity": "sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==", + "version": "8.57.1", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz", + "integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==", "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", "@eslint/eslintrc": "^2.1.4", - "@eslint/js": "8.57.0", - "@humanwhocodes/config-array": "^0.11.14", + "@eslint/js": "8.57.1", + "@humanwhocodes/config-array": "^0.13.0", "@humanwhocodes/module-importer": "^1.0.1", "@nodelib/fs.walk": "^1.2.8", "@ungap/structured-clone": "^1.2.0", @@ -11141,6 +11140,17 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/eslint/node_modules/glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" + } + }, "node_modules/eslint/node_modules/globals": { "version": "13.24.0", "resolved": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", @@ -11417,65 +11427,19 @@ "ms": "2.0.0" } }, - "node_modules/expand-brackets/node_modules/define-property": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", - "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", - "dev": true, - "dependencies": { - "is-descriptor": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } + "node_modules/expand-brackets/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "dev": true }, - "node_modules/expand-brackets/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", + "node_modules/expand-tilde": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", + "integrity": "sha512-A5EmesHW6rfnZ9ysHQjPdJRni0SRar0tjtG5MNtm9n5TUvsYU8oozprtRD4AqHxcZWWlVuAmQo2nWKfN9oyjTw==", "dev": true, "dependencies": { - "is-extendable": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/expand-brackets/node_modules/is-descriptor": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.7.tgz", - "integrity": "sha512-C3grZTvObeN1xud4cRWl366OMXZTj0+HGyk4hvfpx4ZHt1Pb60ANSXqCK7pdOTeUQpRzECBSTphqvD7U+l22Eg==", - "dev": true, - "dependencies": { - "is-accessor-descriptor": "^1.0.1", - "is-data-descriptor": "^1.0.1" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/expand-brackets/node_modules/is-extendable": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", - "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/expand-brackets/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true - }, - "node_modules/expand-tilde": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", - "integrity": "sha512-A5EmesHW6rfnZ9ysHQjPdJRni0SRar0tjtG5MNtm9n5TUvsYU8oozprtRD4AqHxcZWWlVuAmQo2nWKfN9oyjTw==", - "dev": true, - "dependencies": { - "homedir-polyfill": "^1.0.1" + "homedir-polyfill": "^1.0.1" }, "engines": { "node": ">=0.10.0" @@ -11550,6 +11514,25 @@ "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" }, + "node_modules/express/node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, "node_modules/ext": { "version": "1.7.0", "resolved": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", @@ -11566,13 +11549,12 @@ "dev": true }, "node_modules/extend-shallow": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", - "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", "dev": true, "dependencies": { - "assign-symbols": "^1.0.0", - "is-extendable": "^1.0.1" + "is-extendable": "^0.1.0" }, "engines": { "node": ">=0.10.0" @@ -11609,25 +11591,17 @@ "node": ">=0.10.0" } }, - "node_modules/extglob/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", + "node_modules/extglob/node_modules/is-descriptor": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.3.tgz", + "integrity": "sha512-JCNNGbwWZEVaSPtS45mdtrneRWJFp07LLmykxeFV5F6oBvNF8vHSfJuJgoT472pSfk+Mf8VnlrspaFBHWM8JAw==", "dev": true, "dependencies": { - "is-extendable": "^0.1.0" + "is-accessor-descriptor": "^1.0.1", + "is-data-descriptor": "^1.0.1" }, "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/extglob/node_modules/is-extendable": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", - "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", - "dev": true, - "engines": { - "node": ">=0.10.0" + "node": ">= 0.4" } }, "node_modules/fancy-log": { @@ -11665,17 +11639,6 @@ "node": ">=8.6.0" } }, - "node_modules/fast-glob/node_modules/glob-parent": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", - "dependencies": { - "is-glob": "^4.0.1" - }, - "engines": { - "node": ">= 6" - } - }, "node_modules/fast-json-stable-stringify": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", @@ -11817,14 +11780,18 @@ } }, "node_modules/fill-range": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", - "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz", + "integrity": "sha512-VcpLTWqWDiTerugjj8e3+esbg+skS3M9e54UuR3iCeIDMXCLTsAH8hTSzDQU/X6/6t3eYkOKoZSef2PlU6U1XQ==", + "dev": true, "dependencies": { - "to-regex-range": "^5.0.1" + "extend-shallow": "^2.0.1", + "is-number": "^3.0.0", + "repeat-string": "^1.6.1", + "to-regex-range": "^2.1.0" }, "engines": { - "node": ">=8" + "node": ">=0.10.0" } }, "node_modules/finalhandler": { @@ -11900,95 +11867,74 @@ "node": ">= 0.10" } }, - "node_modules/findup-sync/node_modules/braces": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz", - "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==", + "node_modules/findup-sync/node_modules/define-property": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", + "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==", "dev": true, "dependencies": { - "arr-flatten": "^1.1.0", - "array-unique": "^0.3.2", - "extend-shallow": "^2.0.1", - "fill-range": "^4.0.0", - "isobject": "^3.0.1", - "repeat-element": "^1.1.2", - "snapdragon": "^0.8.1", - "snapdragon-node": "^2.0.1", - "split-string": "^3.0.2", - "to-regex": "^3.0.1" + "is-descriptor": "^1.0.2", + "isobject": "^3.0.1" }, "engines": { "node": ">=0.10.0" } }, - "node_modules/findup-sync/node_modules/braces/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", + "node_modules/findup-sync/node_modules/extend-shallow": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", + "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", "dev": true, "dependencies": { - "is-extendable": "^0.1.0" + "assign-symbols": "^1.0.0", + "is-extendable": "^1.0.1" }, "engines": { "node": ">=0.10.0" } }, - "node_modules/findup-sync/node_modules/fill-range": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz", - "integrity": "sha512-VcpLTWqWDiTerugjj8e3+esbg+skS3M9e54UuR3iCeIDMXCLTsAH8hTSzDQU/X6/6t3eYkOKoZSef2PlU6U1XQ==", + "node_modules/findup-sync/node_modules/is-descriptor": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.3.tgz", + "integrity": "sha512-JCNNGbwWZEVaSPtS45mdtrneRWJFp07LLmykxeFV5F6oBvNF8vHSfJuJgoT472pSfk+Mf8VnlrspaFBHWM8JAw==", "dev": true, "dependencies": { - "extend-shallow": "^2.0.1", - "is-number": "^3.0.0", - "repeat-string": "^1.6.1", - "to-regex-range": "^2.1.0" + "is-accessor-descriptor": "^1.0.1", + "is-data-descriptor": "^1.0.1" }, "engines": { - "node": ">=0.10.0" + "node": ">= 0.4" } }, - "node_modules/findup-sync/node_modules/fill-range/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", + "node_modules/findup-sync/node_modules/is-extendable": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", + "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", "dev": true, "dependencies": { - "is-extendable": "^0.1.0" + "is-plain-object": "^2.0.4" }, "engines": { "node": ">=0.10.0" } }, - "node_modules/findup-sync/node_modules/is-extendable": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", - "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/findup-sync/node_modules/is-number": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", - "integrity": "sha512-4cboCqIpliH+mAvFNegjZQ4kgKc3ZUhQVr3HvWbSh5q3WH2v82ct+T2Y1hdU5Gdtorx/cLifQjqCbL7bpznLTg==", + "node_modules/findup-sync/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", "dev": true, "dependencies": { - "kind-of": "^3.0.2" + "isobject": "^3.0.1" }, "engines": { "node": ">=0.10.0" } }, - "node_modules/findup-sync/node_modules/is-number/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", + "node_modules/findup-sync/node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, "engines": { "node": ">=0.10.0" } @@ -12017,19 +11963,6 @@ "node": ">=0.10.0" } }, - "node_modules/findup-sync/node_modules/to-regex-range": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-2.1.1.tgz", - "integrity": "sha512-ZZWNfCjUokXXDGXFpZehJIkZqq91BcULFq/Pi7M5i4JnxXdhMKAK682z8bCW3o8Hj1wuuzoKcW3DfVzaP6VuNg==", - "dev": true, - "dependencies": { - "is-number": "^3.0.0", - "repeat-string": "^1.6.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/fined": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/fined/-/fined-1.2.0.tgz", @@ -12046,6 +11979,18 @@ "node": ">= 0.10" } }, + "node_modules/fined/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dev": true, + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/flagged-respawn": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/flagged-respawn/-/flagged-respawn-1.0.1.tgz", @@ -12091,42 +12036,6 @@ "readable-stream": "^2.3.6" } }, - "node_modules/flush-write-stream/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/flush-write-stream/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/flush-write-stream/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/flush-write-stream/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/follow-redirects": { "version": "1.15.9", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", @@ -12253,25 +12162,82 @@ "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, - "node_modules/fork-ts-checker-webpack-plugin/node_modules/chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "node_modules/fork-ts-checker-webpack-plugin/node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", "dependencies": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" }, "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/chalk?sponsor=1" + "node": ">= 8" } }, - "node_modules/fork-ts-checker-webpack-plugin/node_modules/color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "node_modules/fork-ts-checker-webpack-plugin/node_modules/binary-extensions": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/chokidar": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", "dependencies": { "color-name": "~1.1.4" }, @@ -12299,6 +12265,17 @@ "node": ">=8" } }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/fork-ts-checker-webpack-plugin/node_modules/fs-extra": { "version": "9.1.0", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", @@ -12313,6 +12290,19 @@ "node": ">=10" } }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, "node_modules/fork-ts-checker-webpack-plugin/node_modules/has-flag": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", @@ -12321,6 +12311,36 @@ "node": ">=8" } }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, "node_modules/fork-ts-checker-webpack-plugin/node_modules/schema-utils": { "version": "2.7.0", "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz", @@ -12368,6 +12388,17 @@ "node": ">=6" } }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, "node_modules/form-data": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.1.tgz", @@ -12486,16 +12517,22 @@ "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==" }, "node_modules/fsevents": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", - "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "version": "1.2.13", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.13.tgz", + "integrity": "sha512-oWb1Z6mkHIskLzEJ/XWX0srkpkTQ7vaopMQkyaEIoq0fmtFVxOthb8cCxeT+p3ynTdkk/RZwbgG4brR5BeWECw==", + "deprecated": "The v1 package contains DANGEROUS / INSECURE binaries. Upgrade to safe fsevents v2", + "dev": true, "hasInstallScript": true, "optional": true, "os": [ "darwin" ], + "dependencies": { + "bindings": "^1.5.0", + "nan": "^2.12.1" + }, "engines": { - "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + "node": ">= 4.0" } }, "node_modules/function-bind": { @@ -12540,12 +12577,10 @@ } }, "node_modules/get-caller-file": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", - "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", - "engines": { - "node": "6.* || 8.* || >= 10.*" - } + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-1.0.3.tgz", + "integrity": "sha512-3t6rVToeoZfYSGd8YoLFR2DJkiQrIiUrGcjvFX2mDw3bn6k2OtwHN0TNCLbBO+w8qTvimhDkv+LSscbJY1vE6w==", + "dev": true }, "node_modules/get-intrinsic": { "version": "1.2.4", @@ -12635,14 +12670,14 @@ } }, "node_modules/glob-parent": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", - "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", "dependencies": { - "is-glob": "^4.0.3" + "is-glob": "^4.0.1" }, "engines": { - "node": ">=10.13.0" + "node": ">= 6" } }, "node_modules/glob-stream": { @@ -12688,42 +12723,6 @@ "node": ">=0.10.0" } }, - "node_modules/glob-stream/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/glob-stream/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/glob-stream/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/glob-stream/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/glob-to-regexp": { "version": "0.4.1", "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz", @@ -12747,334 +12746,55 @@ "node": ">= 0.10" } }, - "node_modules/glob-watcher/node_modules/anymatch": { + "node_modules/global-modules": { "version": "2.0.0", - "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-2.0.0.tgz", - "integrity": "sha512-5teOsQWABXHHBFP9y3skS5P3d/WfWXpv3FUpy+LorMrNYaT9pI4oLMQX7jzQ2KklNpGpWHzdCXTDT2Y3XGlZBw==", - "dev": true, + "resolved": "https://registry.npmjs.org/global-modules/-/global-modules-2.0.0.tgz", + "integrity": "sha512-NGbfmJBp9x8IxyJSd1P+otYK8vonoJactOogrVfFRIAEY1ukil8RSKDz2Yo7wh1oihl51l/r6W4epkeKJHqL8A==", "dependencies": { - "micromatch": "^3.1.4", - "normalize-path": "^2.1.1" + "global-prefix": "^3.0.0" + }, + "engines": { + "node": ">=6" } }, - "node_modules/glob-watcher/node_modules/anymatch/node_modules/normalize-path": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz", - "integrity": "sha512-3pKJwH184Xo/lnH6oyP1q2pMd7HcypqqmRs91/6/i2CGtWwIKGCkOOMTm/zXbgTEWHw1uNpNi/igc3ePOYHb6w==", - "dev": true, + "node_modules/global-prefix": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/global-prefix/-/global-prefix-3.0.0.tgz", + "integrity": "sha512-awConJSVCHVGND6x3tmMaKcQvwXLhjdkmomy2W+Goaui8YPgYgXJZewhg3fWC+DlfqqQuWg8AwqjGTD2nAPVWg==", "dependencies": { - "remove-trailing-separator": "^1.0.1" + "ini": "^1.3.5", + "kind-of": "^6.0.2", + "which": "^1.3.1" }, "engines": { - "node": ">=0.10.0" + "node": ">=6" } }, - "node_modules/glob-watcher/node_modules/binary-extensions": { - "version": "1.13.1", - "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.13.1.tgz", - "integrity": "sha512-Un7MIEDdUC5gNpcGDV97op1Ywk748MpHcFTHoYs6qnj1Z3j7I53VG3nwZhKzoBZmbdRNnb6WRdFlwl7tSDuZGw==", - "dev": true, + "node_modules/global-prefix/node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", "engines": { "node": ">=0.10.0" } }, - "node_modules/glob-watcher/node_modules/braces": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz", - "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==", - "dev": true, + "node_modules/global-prefix/node_modules/which": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", "dependencies": { - "arr-flatten": "^1.1.0", - "array-unique": "^0.3.2", - "extend-shallow": "^2.0.1", - "fill-range": "^4.0.0", - "isobject": "^3.0.1", - "repeat-element": "^1.1.2", - "snapdragon": "^0.8.1", - "snapdragon-node": "^2.0.1", - "split-string": "^3.0.2", - "to-regex": "^3.0.1" + "isexe": "^2.0.0" }, - "engines": { - "node": ">=0.10.0" + "bin": { + "which": "bin/which" } }, - "node_modules/glob-watcher/node_modules/braces/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", - "dev": true, - "dependencies": { - "is-extendable": "^0.1.0" - }, + "node_modules/globals": { + "version": "11.12.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==", "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/glob-watcher/node_modules/chokidar": { - "version": "2.1.8", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-2.1.8.tgz", - "integrity": "sha512-ZmZUazfOzf0Nve7duiCKD23PFSCs4JPoYyccjUFF3aQkQadqBhfzhjkwBH2mNOG9cTBwhamM37EIsIkZw3nRgg==", - "deprecated": "Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies", - "dev": true, - "dependencies": { - "anymatch": "^2.0.0", - "async-each": "^1.0.1", - "braces": "^2.3.2", - "glob-parent": "^3.1.0", - "inherits": "^2.0.3", - "is-binary-path": "^1.0.0", - "is-glob": "^4.0.0", - "normalize-path": "^3.0.0", - "path-is-absolute": "^1.0.0", - "readdirp": "^2.2.1", - "upath": "^1.1.1" - }, - "optionalDependencies": { - "fsevents": "^1.2.7" - } - }, - "node_modules/glob-watcher/node_modules/fill-range": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz", - "integrity": "sha512-VcpLTWqWDiTerugjj8e3+esbg+skS3M9e54UuR3iCeIDMXCLTsAH8hTSzDQU/X6/6t3eYkOKoZSef2PlU6U1XQ==", - "dev": true, - "dependencies": { - "extend-shallow": "^2.0.1", - "is-number": "^3.0.0", - "repeat-string": "^1.6.1", - "to-regex-range": "^2.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/glob-watcher/node_modules/fill-range/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", - "dev": true, - "dependencies": { - "is-extendable": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/glob-watcher/node_modules/fsevents": { - "version": "1.2.13", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.13.tgz", - "integrity": "sha512-oWb1Z6mkHIskLzEJ/XWX0srkpkTQ7vaopMQkyaEIoq0fmtFVxOthb8cCxeT+p3ynTdkk/RZwbgG4brR5BeWECw==", - "deprecated": "The v1 package contains DANGEROUS / INSECURE binaries. Upgrade to safe fsevents v2", - "dev": true, - "hasInstallScript": true, - "optional": true, - "os": [ - "darwin" - ], - "dependencies": { - "bindings": "^1.5.0", - "nan": "^2.12.1" - }, - "engines": { - "node": ">= 4.0" - } - }, - "node_modules/glob-watcher/node_modules/glob-parent": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz", - "integrity": "sha512-E8Ak/2+dZY6fnzlR7+ueWvhsH1SjHr4jjss4YS/h4py44jY9MhK/VFdaZJAWDz6BbL21KeteKxFSFpq8OS5gVA==", - "dev": true, - "dependencies": { - "is-glob": "^3.1.0", - "path-dirname": "^1.0.0" - } - }, - "node_modules/glob-watcher/node_modules/glob-parent/node_modules/is-glob": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz", - "integrity": "sha512-UFpDDrPgM6qpnFNI+rh/p3bUaq9hKLZN8bMUWzxmcnZVS3omf4IPK+BrewlnWjO1WmUsMYuSjKh4UJuV4+Lqmw==", - "dev": true, - "dependencies": { - "is-extglob": "^2.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/glob-watcher/node_modules/is-binary-path": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-1.0.1.tgz", - "integrity": "sha512-9fRVlXc0uCxEDj1nQzaWONSpbTfx0FmJfzHF7pwlI8DkWGoHBBea4Pg5Ky0ojwwxQmnSifgbKkI06Qv0Ljgj+Q==", - "dev": true, - "dependencies": { - "binary-extensions": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/glob-watcher/node_modules/is-extendable": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", - "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/glob-watcher/node_modules/is-number": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", - "integrity": "sha512-4cboCqIpliH+mAvFNegjZQ4kgKc3ZUhQVr3HvWbSh5q3WH2v82ct+T2Y1hdU5Gdtorx/cLifQjqCbL7bpznLTg==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/glob-watcher/node_modules/is-number/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/glob-watcher/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/glob-watcher/node_modules/micromatch": { - "version": "3.1.10", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz", - "integrity": "sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==", - "dev": true, - "dependencies": { - "arr-diff": "^4.0.0", - "array-unique": "^0.3.2", - "braces": "^2.3.1", - "define-property": "^2.0.2", - "extend-shallow": "^3.0.2", - "extglob": "^2.0.4", - "fragment-cache": "^0.2.1", - "kind-of": "^6.0.2", - "nanomatch": "^1.2.9", - "object.pick": "^1.3.0", - "regex-not": "^1.0.0", - "snapdragon": "^0.8.1", - "to-regex": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/glob-watcher/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/glob-watcher/node_modules/readdirp": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-2.2.1.tgz", - "integrity": "sha512-1JU/8q+VgFZyxwrJ+SVIOsh+KywWGpds3NTqikiKpDMZWScmAYyKIgqkO+ARvNWJfXeXR1zxz7aHF4u4CyH6vQ==", - "dev": true, - "dependencies": { - "graceful-fs": "^4.1.11", - "micromatch": "^3.1.10", - "readable-stream": "^2.0.2" - }, - "engines": { - "node": ">=0.10" - } - }, - "node_modules/glob-watcher/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/glob-watcher/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, - "node_modules/glob-watcher/node_modules/to-regex-range": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-2.1.1.tgz", - "integrity": "sha512-ZZWNfCjUokXXDGXFpZehJIkZqq91BcULFq/Pi7M5i4JnxXdhMKAK682z8bCW3o8Hj1wuuzoKcW3DfVzaP6VuNg==", - "dev": true, - "dependencies": { - "is-number": "^3.0.0", - "repeat-string": "^1.6.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/global-modules": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/global-modules/-/global-modules-2.0.0.tgz", - "integrity": "sha512-NGbfmJBp9x8IxyJSd1P+otYK8vonoJactOogrVfFRIAEY1ukil8RSKDz2Yo7wh1oihl51l/r6W4epkeKJHqL8A==", - "dependencies": { - "global-prefix": "^3.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/global-prefix": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/global-prefix/-/global-prefix-3.0.0.tgz", - "integrity": "sha512-awConJSVCHVGND6x3tmMaKcQvwXLhjdkmomy2W+Goaui8YPgYgXJZewhg3fWC+DlfqqQuWg8AwqjGTD2nAPVWg==", - "dependencies": { - "ini": "^1.3.5", - "kind-of": "^6.0.2", - "which": "^1.3.1" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/global-prefix/node_modules/which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dependencies": { - "isexe": "^2.0.0" - }, - "bin": { - "which": "bin/which" - } - }, - "node_modules/globals": { - "version": "11.12.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", - "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==", - "engines": { - "node": ">=4" + "node": ">=4" } }, "node_modules/globalthis": { @@ -13199,138 +12919,6 @@ "node": ">= 0.10" } }, - "node_modules/gulp-cli/node_modules/ansi-regex": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", - "integrity": "sha512-TIGnTpdo+E3+pCyAluZvtED5p5wCqLdezCyhPZzKPcxvFplEt4i+W7OONCKgeZFT3+y5NZZfOOS/Bdcanm1MYA==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/gulp-cli/node_modules/camelcase": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-3.0.0.tgz", - "integrity": "sha512-4nhGqUkc4BqbBBB4Q6zLuD7lzzrHYrjKGeYaEji/3tFR5VdJu9v+LilhGIVe8wxEJPPOeWo7eg8dwY13TZ1BNg==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/gulp-cli/node_modules/cliui": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-3.2.0.tgz", - "integrity": "sha512-0yayqDxWQbqk3ojkYqUKqaAQ6AfNKeKWRNA8kR0WXzAsdHpP4BIaOmMAG87JGuO6qcobyW4GjxHd9PmhEd+T9w==", - "dev": true, - "dependencies": { - "string-width": "^1.0.1", - "strip-ansi": "^3.0.1", - "wrap-ansi": "^2.0.0" - } - }, - "node_modules/gulp-cli/node_modules/get-caller-file": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-1.0.3.tgz", - "integrity": "sha512-3t6rVToeoZfYSGd8YoLFR2DJkiQrIiUrGcjvFX2mDw3bn6k2OtwHN0TNCLbBO+w8qTvimhDkv+LSscbJY1vE6w==", - "dev": true - }, - "node_modules/gulp-cli/node_modules/interpret": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.4.0.tgz", - "integrity": "sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA==", - "dev": true, - "engines": { - "node": ">= 0.10" - } - }, - "node_modules/gulp-cli/node_modules/is-fullwidth-code-point": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz", - "integrity": "sha512-1pqUqRjkhPJ9miNq9SwMfdvi6lBJcd6eFxvfaivQhaH3SgisfiuudvFntdKOmxuee/77l+FPjKrQjWvmPjWrRw==", - "dev": true, - "dependencies": { - "number-is-nan": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/gulp-cli/node_modules/string-width": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz", - "integrity": "sha512-0XsVpQLnVCXHJfyEs8tC0zpTVIr5PKKsQtkT29IwupnPTjtPmQ3xT/4yCREF9hYkV/3M3kzcUTSAZT6a6h81tw==", - "dev": true, - "dependencies": { - "code-point-at": "^1.0.0", - "is-fullwidth-code-point": "^1.0.0", - "strip-ansi": "^3.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/gulp-cli/node_modules/strip-ansi": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", - "integrity": "sha512-VhumSSbBqDTP8p2ZLKj40UjBCV4+v8bUSEpUb4KjRgWk9pbqGF4REFj6KEagidb2f/M6AzC0EmFyDNGaw9OCzg==", - "dev": true, - "dependencies": { - "ansi-regex": "^2.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/gulp-cli/node_modules/wrap-ansi": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz", - "integrity": "sha512-vAaEaDM946gbNpH5pLVNR+vX2ht6n0Bt3GXwVB1AuAqZosOvHNF3P7wDnh8KLkSqgUh0uh77le7Owgoz+Z9XBw==", - "dev": true, - "dependencies": { - "string-width": "^1.0.1", - "strip-ansi": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/gulp-cli/node_modules/y18n": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-3.2.2.tgz", - "integrity": "sha512-uGZHXkHnhF0XeeAPgnKfPv1bgKAYyVvmNL1xlKsPYZPaIHxGti2hHqvOCQv71XMsLxu1QjergkqogUnms5D3YQ==", - "dev": true - }, - "node_modules/gulp-cli/node_modules/yargs": { - "version": "7.1.2", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-7.1.2.tgz", - "integrity": "sha512-ZEjj/dQYQy0Zx0lgLMLR8QuaqTihnxirir7EwUHp1Axq4e3+k8jXU5K0VLbNvedv1f4EWtBonDIZm0NUr+jCcA==", - "dev": true, - "dependencies": { - "camelcase": "^3.0.0", - "cliui": "^3.2.0", - "decamelize": "^1.1.1", - "get-caller-file": "^1.0.1", - "os-locale": "^1.4.0", - "read-pkg-up": "^1.0.1", - "require-directory": "^2.1.1", - "require-main-filename": "^1.0.1", - "set-blocking": "^2.0.0", - "string-width": "^1.0.2", - "which-module": "^1.0.0", - "y18n": "^3.2.1", - "yargs-parser": "^5.0.1" - } - }, - "node_modules/gulp-cli/node_modules/yargs-parser": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.1.tgz", - "integrity": "sha512-wpav5XYiddjXxirPoCTUPbqM0PXvJ9hiBMvuJgInvo4/lAOTZzUprArw17q2O1P2+GHhbBr18/iQwjL5Z9BqfA==", - "dev": true, - "dependencies": { - "camelcase": "^3.0.0", - "object.assign": "^4.1.0" - } - }, "node_modules/gulp-rename": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/gulp-rename/-/gulp-rename-2.0.0.tgz", @@ -13482,30 +13070,6 @@ "node": ">=0.10.0" } }, - "node_modules/has-values/node_modules/is-number": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", - "integrity": "sha512-4cboCqIpliH+mAvFNegjZQ4kgKc3ZUhQVr3HvWbSh5q3WH2v82ct+T2Y1hdU5Gdtorx/cLifQjqCbL7bpznLTg==", - "dev": true, - "dependencies": { - "kind-of": "^3.0.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/has-values/node_modules/is-number/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", - "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/has-values/node_modules/kind-of": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz", @@ -13594,38 +13158,6 @@ "wbuf": "^1.1.0" } }, - "node_modules/hpack.js/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" - }, - "node_modules/hpack.js/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/hpack.js/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" - }, - "node_modules/hpack.js/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/html-encoding-sniffer": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz", @@ -13958,12 +13490,12 @@ } }, "node_modules/interpret": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/interpret/-/interpret-3.1.1.tgz", - "integrity": "sha512-6xwYfHbajpoF0xLW+iwLkhwgvLoZDfjYfoFNu8ftMoXINzwuymNLd9u/KmwtdT2GbR+/Cz66otEGEVVUHX9QLQ==", + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.4.0.tgz", + "integrity": "sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA==", "dev": true, "engines": { - "node": ">=10.13.0" + "node": ">= 0.10" } }, "node_modules/invert-kv": { @@ -14077,14 +13609,15 @@ } }, "node_modules/is-binary-path": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", - "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-1.0.1.tgz", + "integrity": "sha512-9fRVlXc0uCxEDj1nQzaWONSpbTfx0FmJfzHF7pwlI8DkWGoHBBea4Pg5Ky0ojwwxQmnSifgbKkI06Qv0Ljgj+Q==", + "dev": true, "dependencies": { - "binary-extensions": "^2.0.0" + "binary-extensions": "^1.0.0" }, "engines": { - "node": ">=8" + "node": ">=0.10.0" } }, "node_modules/is-boolean-object": { @@ -14174,9 +13707,9 @@ } }, "node_modules/is-descriptor": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.3.tgz", - "integrity": "sha512-JCNNGbwWZEVaSPtS45mdtrneRWJFp07LLmykxeFV5F6oBvNF8vHSfJuJgoT472pSfk+Mf8VnlrspaFBHWM8JAw==", + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.7.tgz", + "integrity": "sha512-C3grZTvObeN1xud4cRWl366OMXZTj0+HGyk4hvfpx4ZHt1Pb60ANSXqCK7pdOTeUQpRzECBSTphqvD7U+l22Eg==", "dev": true, "dependencies": { "is-accessor-descriptor": "^1.0.1", @@ -14201,13 +13734,10 @@ } }, "node_modules/is-extendable": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", - "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", "dev": true, - "dependencies": { - "is-plain-object": "^2.0.4" - }, "engines": { "node": ">=0.10.0" } @@ -14232,11 +13762,15 @@ } }, "node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz", + "integrity": "sha512-1pqUqRjkhPJ9miNq9SwMfdvi6lBJcd6eFxvfaivQhaH3SgisfiuudvFntdKOmxuee/77l+FPjKrQjWvmPjWrRw==", + "dev": true, + "dependencies": { + "number-is-nan": "^1.0.0" + }, "engines": { - "node": ">=8" + "node": ">=0.10.0" } }, "node_modules/is-generator-fn": { @@ -14309,11 +13843,15 @@ } }, "node_modules/is-number": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", - "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", + "integrity": "sha512-4cboCqIpliH+mAvFNegjZQ4kgKc3ZUhQVr3HvWbSh5q3WH2v82ct+T2Y1hdU5Gdtorx/cLifQjqCbL7bpznLTg==", + "dev": true, + "dependencies": { + "kind-of": "^3.0.2" + }, "engines": { - "node": ">=0.12.0" + "node": ">=0.10.0" } }, "node_modules/is-number-object": { @@ -14330,6 +13868,18 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/is-number/node_modules/kind-of": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", + "dev": true, + "dependencies": { + "is-buffer": "^1.1.5" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/is-obj": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz", @@ -14367,12 +13917,10 @@ } }, "node_modules/is-plain-object": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", - "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "dependencies": { - "isobject": "^3.0.1" - }, + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", + "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==", + "dev": true, "engines": { "node": ">=0.10.0" } @@ -14593,9 +14141,9 @@ } }, "node_modules/isarray": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", - "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" }, "node_modules/isexe": { "version": "2.0.0", @@ -15264,6 +14812,16 @@ "url": "https://github.com/chalk/chalk?sponsor=1" } }, + "node_modules/jest-cli/node_modules/cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, "node_modules/jest-cli/node_modules/color-convert": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", @@ -15280,6 +14838,19 @@ "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" }, + "node_modules/jest-cli/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" + }, + "node_modules/jest-cli/node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, "node_modules/jest-cli/node_modules/has-flag": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", @@ -15288,6 +14859,14 @@ "node": ">=8" } }, + "node_modules/jest-cli/node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "engines": { + "node": ">=8" + } + }, "node_modules/jest-cli/node_modules/jest-util": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-27.5.1.tgz", @@ -15304,6 +14883,19 @@ "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" } }, + "node_modules/jest-cli/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/jest-cli/node_modules/supports-color": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", @@ -15315,6 +14907,55 @@ "node": ">=8" } }, + "node_modules/jest-cli/node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/jest-cli/node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "engines": { + "node": ">=10" + } + }, + "node_modules/jest-cli/node_modules/yargs": { + "version": "16.2.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "dependencies": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/jest-cli/node_modules/yargs-parser": { + "version": "20.2.9", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz", + "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==", + "engines": { + "node": ">=10" + } + }, "node_modules/jest-config": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-config/-/jest-config-27.5.1.tgz", @@ -16021,6 +15662,18 @@ "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, + "node_modules/jest-haste-map/node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, "node_modules/jest-haste-map/node_modules/chalk": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", @@ -16052,6 +15705,19 @@ "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" }, + "node_modules/jest-haste-map/node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, "node_modules/jest-haste-map/node_modules/has-flag": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", @@ -18300,9 +17966,10 @@ } }, "node_modules/kind-of": { - "version": "6.0.3", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", - "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz", + "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==", + "dev": true, "engines": { "node": ">=0.10.0" } @@ -18373,42 +18040,6 @@ "node": ">= 0.6.3" } }, - "node_modules/lazystream/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/lazystream/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/lazystream/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/lazystream/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/lcid": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/lcid/-/lcid-1.0.0.tgz", @@ -18472,16 +18103,16 @@ "node": ">= 0.8" } }, - "node_modules/liftoff/node_modules/rechoir": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/rechoir/-/rechoir-0.6.2.tgz", - "integrity": "sha512-HFM8rkZ+i3zrV+4LQjwQ0W+ez98pApMGM3HUrN04j3CqzPOzl9nmP15Y8YXNm8QHGv/eacOVEjqhmWpkRV0NAw==", + "node_modules/liftoff/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", "dev": true, "dependencies": { - "resolve": "^1.1.6" + "isobject": "^3.0.1" }, "engines": { - "node": ">= 0.10" + "node": ">=0.10.0" } }, "node_modules/lilconfig": { @@ -18702,6 +18333,15 @@ "node": ">=0.10.0" } }, + "node_modules/make-iterator/node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/makeerror": { "version": "1.0.12", "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", @@ -18725,82 +18365,48 @@ "integrity": "sha512-4y7uGv8bd2WdM9vpQsiQNo41Ln1NvhvDRuVt0k2JZQ+ezN2uaQes7lZeZ+QQUHOLQAtDaBJ+7wCbi+ab/KFs+w==", "dev": true, "dependencies": { - "object-visit": "^1.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/matchdep": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/matchdep/-/matchdep-2.0.0.tgz", - "integrity": "sha512-LFgVbaHIHMqCRuCZyfCtUOq9/Lnzhi7Z0KFUE2fhD54+JN2jLh3hC02RLkqauJ3U4soU6H1J3tfj/Byk7GoEjA==", - "dev": true, - "dependencies": { - "findup-sync": "^2.0.0", - "micromatch": "^3.0.4", - "resolve": "^1.4.0", - "stack-trace": "0.0.10" - }, - "engines": { - "node": ">= 0.10.0" - } - }, - "node_modules/matchdep/node_modules/braces": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz", - "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==", - "dev": true, - "dependencies": { - "arr-flatten": "^1.1.0", - "array-unique": "^0.3.2", - "extend-shallow": "^2.0.1", - "fill-range": "^4.0.0", - "isobject": "^3.0.1", - "repeat-element": "^1.1.2", - "snapdragon": "^0.8.1", - "snapdragon-node": "^2.0.1", - "split-string": "^3.0.2", - "to-regex": "^3.0.1" + "object-visit": "^1.0.0" }, "engines": { "node": ">=0.10.0" } }, - "node_modules/matchdep/node_modules/braces/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", + "node_modules/matchdep": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/matchdep/-/matchdep-2.0.0.tgz", + "integrity": "sha512-LFgVbaHIHMqCRuCZyfCtUOq9/Lnzhi7Z0KFUE2fhD54+JN2jLh3hC02RLkqauJ3U4soU6H1J3tfj/Byk7GoEjA==", "dev": true, "dependencies": { - "is-extendable": "^0.1.0" + "findup-sync": "^2.0.0", + "micromatch": "^3.0.4", + "resolve": "^1.4.0", + "stack-trace": "0.0.10" }, "engines": { - "node": ">=0.10.0" + "node": ">= 0.10.0" } }, - "node_modules/matchdep/node_modules/fill-range": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz", - "integrity": "sha512-VcpLTWqWDiTerugjj8e3+esbg+skS3M9e54UuR3iCeIDMXCLTsAH8hTSzDQU/X6/6t3eYkOKoZSef2PlU6U1XQ==", + "node_modules/matchdep/node_modules/define-property": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", + "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==", "dev": true, "dependencies": { - "extend-shallow": "^2.0.1", - "is-number": "^3.0.0", - "repeat-string": "^1.6.1", - "to-regex-range": "^2.1.0" + "is-descriptor": "^1.0.2", + "isobject": "^3.0.1" }, "engines": { "node": ">=0.10.0" } }, - "node_modules/matchdep/node_modules/fill-range/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", + "node_modules/matchdep/node_modules/extend-shallow": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", + "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", "dev": true, "dependencies": { - "is-extendable": "^0.1.0" + "assign-symbols": "^1.0.0", + "is-extendable": "^1.0.1" }, "engines": { "node": ">=0.10.0" @@ -18821,11 +18427,27 @@ "node": ">= 0.10" } }, + "node_modules/matchdep/node_modules/is-descriptor": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.3.tgz", + "integrity": "sha512-JCNNGbwWZEVaSPtS45mdtrneRWJFp07LLmykxeFV5F6oBvNF8vHSfJuJgoT472pSfk+Mf8VnlrspaFBHWM8JAw==", + "dev": true, + "dependencies": { + "is-accessor-descriptor": "^1.0.1", + "is-data-descriptor": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/matchdep/node_modules/is-extendable": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", - "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", + "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", "dev": true, + "dependencies": { + "is-plain-object": "^2.0.4" + }, "engines": { "node": ">=0.10.0" } @@ -18842,26 +18464,23 @@ "node": ">=0.10.0" } }, - "node_modules/matchdep/node_modules/is-number": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", - "integrity": "sha512-4cboCqIpliH+mAvFNegjZQ4kgKc3ZUhQVr3HvWbSh5q3WH2v82ct+T2Y1hdU5Gdtorx/cLifQjqCbL7bpznLTg==", + "node_modules/matchdep/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", "dev": true, "dependencies": { - "kind-of": "^3.0.2" + "isobject": "^3.0.1" }, "engines": { "node": ">=0.10.0" } }, - "node_modules/matchdep/node_modules/is-number/node_modules/kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==", + "node_modules/matchdep/node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", "dev": true, - "dependencies": { - "is-buffer": "^1.1.5" - }, "engines": { "node": ">=0.10.0" } @@ -18890,19 +18509,6 @@ "node": ">=0.10.0" } }, - "node_modules/matchdep/node_modules/to-regex-range": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-2.1.1.tgz", - "integrity": "sha512-ZZWNfCjUokXXDGXFpZehJIkZqq91BcULFq/Pi7M5i4JnxXdhMKAK682z8bCW3o8Hj1wuuzoKcW3DfVzaP6VuNg==", - "dev": true, - "dependencies": { - "is-number": "^3.0.0", - "repeat-string": "^1.6.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/mdn-data": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.4.tgz", @@ -18968,6 +18574,47 @@ "node": ">=8.6" } }, + "node_modules/micromatch/node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/micromatch/node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/micromatch/node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/micromatch/node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, "node_modules/mime": { "version": "1.6.0", "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", @@ -19078,6 +18725,30 @@ "node": ">=0.10.0" } }, + "node_modules/mixin-deep/node_modules/is-extendable": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", + "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", + "dev": true, + "dependencies": { + "is-plain-object": "^2.0.4" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/mixin-deep/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dev": true, + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/mkdirp": { "version": "0.5.6", "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", @@ -19111,67 +18782,139 @@ "multicast-dns": "cli.js" } }, - "node_modules/mute-stdout": { + "node_modules/mute-stdout": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/mute-stdout/-/mute-stdout-1.0.1.tgz", + "integrity": "sha512-kDcwXR4PS7caBpuRYYBUz9iVixUk3anO3f5OYFiIPwK/20vCzKCHyKoulbiDY1S53zD2bxUpxN/IJ+TnXjfvxg==", + "dev": true, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/mz": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==", + "dependencies": { + "any-promise": "^1.0.0", + "object-assign": "^4.0.1", + "thenify-all": "^1.0.0" + } + }, + "node_modules/nan": { + "version": "2.20.0", + "resolved": "https://registry.npmjs.org/nan/-/nan-2.20.0.tgz", + "integrity": "sha512-bk3gXBZDGILuuo/6sKtr0DQmSThYHLtNCdSdXk9YkxD/jK6X2vmCyyXBBxyqZ4XcnzTyYEAThfX3DCEnLf6igw==", + "dev": true, + "optional": true + }, + "node_modules/nanoid": { + "version": "3.3.7", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/nanomatch": { + "version": "1.2.13", + "resolved": "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz", + "integrity": "sha512-fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA==", + "dev": true, + "dependencies": { + "arr-diff": "^4.0.0", + "array-unique": "^0.3.2", + "define-property": "^2.0.2", + "extend-shallow": "^3.0.2", + "fragment-cache": "^0.2.1", + "is-windows": "^1.0.2", + "kind-of": "^6.0.2", + "object.pick": "^1.3.0", + "regex-not": "^1.0.0", + "snapdragon": "^0.8.1", + "to-regex": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/nanomatch/node_modules/define-property": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", + "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==", + "dev": true, + "dependencies": { + "is-descriptor": "^1.0.2", + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/nanomatch/node_modules/extend-shallow": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", + "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", + "dev": true, + "dependencies": { + "assign-symbols": "^1.0.0", + "is-extendable": "^1.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/nanomatch/node_modules/is-descriptor": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.3.tgz", + "integrity": "sha512-JCNNGbwWZEVaSPtS45mdtrneRWJFp07LLmykxeFV5F6oBvNF8vHSfJuJgoT472pSfk+Mf8VnlrspaFBHWM8JAw==", + "dev": true, + "dependencies": { + "is-accessor-descriptor": "^1.0.1", + "is-data-descriptor": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/nanomatch/node_modules/is-extendable": { "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mute-stdout/-/mute-stdout-1.0.1.tgz", - "integrity": "sha512-kDcwXR4PS7caBpuRYYBUz9iVixUk3anO3f5OYFiIPwK/20vCzKCHyKoulbiDY1S53zD2bxUpxN/IJ+TnXjfvxg==", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", + "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", "dev": true, - "engines": { - "node": ">= 0.10" - } - }, - "node_modules/mz": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", - "integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==", "dependencies": { - "any-promise": "^1.0.0", - "object-assign": "^4.0.1", - "thenify-all": "^1.0.0" + "is-plain-object": "^2.0.4" + }, + "engines": { + "node": ">=0.10.0" } }, - "node_modules/nan": { - "version": "2.20.0", - "resolved": "https://registry.npmjs.org/nan/-/nan-2.20.0.tgz", - "integrity": "sha512-bk3gXBZDGILuuo/6sKtr0DQmSThYHLtNCdSdXk9YkxD/jK6X2vmCyyXBBxyqZ4XcnzTyYEAThfX3DCEnLf6igw==", + "node_modules/nanomatch/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", "dev": true, - "optional": true - }, - "node_modules/nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "bin": { - "nanoid": "bin/nanoid.cjs" + "dependencies": { + "isobject": "^3.0.1" }, "engines": { - "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + "node": ">=0.10.0" } }, - "node_modules/nanomatch": { - "version": "1.2.13", - "resolved": "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz", - "integrity": "sha512-fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA==", + "node_modules/nanomatch/node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", "dev": true, - "dependencies": { - "arr-diff": "^4.0.0", - "array-unique": "^0.3.2", - "define-property": "^2.0.2", - "extend-shallow": "^3.0.2", - "fragment-cache": "^0.2.1", - "is-windows": "^1.0.2", - "kind-of": "^6.0.2", - "object.pick": "^1.3.0", - "regex-not": "^1.0.0", - "snapdragon": "^0.8.1", - "to-regex": "^3.0.1" - }, "engines": { "node": ">=0.10.0" } @@ -19350,31 +19093,6 @@ "node": ">=0.10.0" } }, - "node_modules/object-copy/node_modules/define-property": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", - "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", - "dev": true, - "dependencies": { - "is-descriptor": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/object-copy/node_modules/is-descriptor": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.7.tgz", - "integrity": "sha512-C3grZTvObeN1xud4cRWl366OMXZTj0+HGyk4hvfpx4ZHt1Pb60ANSXqCK7pdOTeUQpRzECBSTphqvD7U+l22Eg==", - "dev": true, - "dependencies": { - "is-accessor-descriptor": "^1.0.1", - "is-data-descriptor": "^1.0.1" - }, - "engines": { - "node": ">= 0.4" - } - }, "node_modules/object-copy/node_modules/kind-of": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", @@ -19682,42 +19400,6 @@ "readable-stream": "^2.0.1" } }, - "node_modules/ordered-read-streams/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/ordered-read-streams/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/ordered-read-streams/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/ordered-read-streams/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/os-locale": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/os-locale/-/os-locale-1.4.0.tgz", @@ -20140,9 +19822,9 @@ } }, "node_modules/postcss": { - "version": "8.4.45", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.45.tgz", - "integrity": "sha512-7KTLTdzdZZYscUc65XmjFiB73vBhBfbPztCYdUNvlaso9PrzjzcmjqBPR0lNGkcVlcO4BjiO5rK/qNz+XAen1Q==", + "version": "8.4.47", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.47.tgz", + "integrity": "sha512-56rxCq7G/XfB4EkXq9Egn5GCqugWvDFjafDOThIdMBsI15iqPqR5r15TfSr1YPYeEI19YeaXMCbY6u88Y76GLQ==", "funding": [ { "type": "opencollective", @@ -20159,8 +19841,8 @@ ], "dependencies": { "nanoid": "^3.3.7", - "picocolors": "^1.0.1", - "source-map-js": "^1.2.0" + "picocolors": "^1.1.0", + "source-map-js": "^1.2.1" }, "engines": { "node": "^10 || ^12 || >=14" @@ -22061,6 +21743,19 @@ } } }, + "node_modules/react-scripts/node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, "node_modules/react-scripts/node_modules/semver": { "version": "7.6.3", "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", @@ -22159,39 +21854,139 @@ } }, "node_modules/readable-stream": { - "version": "3.6.2", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", - "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", "dependencies": { - "inherits": "^2.0.3", - "string_decoder": "^1.1.1", - "util-deprecate": "^1.0.1" + "core-util-is": "~1.0.0", + "inherits": "~2.0.3", + "isarray": "~1.0.0", + "process-nextick-args": "~2.0.0", + "safe-buffer": "~5.1.1", + "string_decoder": "~1.1.1", + "util-deprecate": "~1.0.1" + } + }, + "node_modules/readdirp": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-2.2.1.tgz", + "integrity": "sha512-1JU/8q+VgFZyxwrJ+SVIOsh+KywWGpds3NTqikiKpDMZWScmAYyKIgqkO+ARvNWJfXeXR1zxz7aHF4u4CyH6vQ==", + "dev": true, + "dependencies": { + "graceful-fs": "^4.1.11", + "micromatch": "^3.1.10", + "readable-stream": "^2.0.2" }, "engines": { - "node": ">= 6" + "node": ">=0.10" } }, - "node_modules/readdirp": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", - "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "node_modules/readdirp/node_modules/define-property": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", + "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==", + "dev": true, "dependencies": { - "picomatch": "^2.2.1" + "is-descriptor": "^1.0.2", + "isobject": "^3.0.1" }, "engines": { - "node": ">=8.10.0" + "node": ">=0.10.0" + } + }, + "node_modules/readdirp/node_modules/extend-shallow": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", + "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", + "dev": true, + "dependencies": { + "assign-symbols": "^1.0.0", + "is-extendable": "^1.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/readdirp/node_modules/is-descriptor": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.3.tgz", + "integrity": "sha512-JCNNGbwWZEVaSPtS45mdtrneRWJFp07LLmykxeFV5F6oBvNF8vHSfJuJgoT472pSfk+Mf8VnlrspaFBHWM8JAw==", + "dev": true, + "dependencies": { + "is-accessor-descriptor": "^1.0.1", + "is-data-descriptor": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/readdirp/node_modules/is-extendable": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", + "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", + "dev": true, + "dependencies": { + "is-plain-object": "^2.0.4" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/readdirp/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dev": true, + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/readdirp/node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/readdirp/node_modules/micromatch": { + "version": "3.1.10", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz", + "integrity": "sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==", + "dev": true, + "dependencies": { + "arr-diff": "^4.0.0", + "array-unique": "^0.3.2", + "braces": "^2.3.1", + "define-property": "^2.0.2", + "extend-shallow": "^3.0.2", + "extglob": "^2.0.4", + "fragment-cache": "^0.2.1", + "kind-of": "^6.0.2", + "nanomatch": "^1.2.9", + "object.pick": "^1.3.0", + "regex-not": "^1.0.0", + "snapdragon": "^0.8.1", + "to-regex": "^3.0.2" + }, + "engines": { + "node": ">=0.10.0" } }, "node_modules/rechoir": { - "version": "0.8.0", - "resolved": "https://registry.npmjs.org/rechoir/-/rechoir-0.8.0.tgz", - "integrity": "sha512-/vxpCXddiX8NGfGO/mTafwjq4aFa/71pvamip0++IQk3zG8cbCj0fifNPrjjF1XMXUne91jL9OoxmdykoEtifQ==", + "version": "0.6.2", + "resolved": "https://registry.npmjs.org/rechoir/-/rechoir-0.6.2.tgz", + "integrity": "sha512-HFM8rkZ+i3zrV+4LQjwQ0W+ez98pApMGM3HUrN04j3CqzPOzl9nmP15Y8YXNm8QHGv/eacOVEjqhmWpkRV0NAw==", "dev": true, "dependencies": { - "resolve": "^1.20.0" + "resolve": "^1.1.6" }, "engines": { - "node": ">= 10.13.0" + "node": ">= 0.10" } }, "node_modules/recursive-readdir": { @@ -22292,6 +22087,43 @@ "node": ">=0.10.0" } }, + "node_modules/regex-not/node_modules/extend-shallow": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", + "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", + "dev": true, + "dependencies": { + "assign-symbols": "^1.0.0", + "is-extendable": "^1.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/regex-not/node_modules/is-extendable": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", + "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", + "dev": true, + "dependencies": { + "is-plain-object": "^2.0.4" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/regex-not/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dev": true, + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/regex-parser": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/regex-parser/-/regex-parser-2.3.0.tgz", @@ -22454,42 +22286,6 @@ "readable-stream": "^2.0.2" } }, - "node_modules/replacestream/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/replacestream/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/replacestream/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/replacestream/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/require-directory": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", @@ -22797,6 +22593,19 @@ "node": ">=8" } }, + "node_modules/rollup/node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, "node_modules/run-parallel": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", @@ -22836,24 +22645,15 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/safe-array-concat/node_modules/isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + }, "node_modules/safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" }, "node_modules/safe-regex": { "version": "1.1.0", @@ -23224,27 +23024,18 @@ "node": ">=0.10.0" } }, - "node_modules/set-value/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", + "node_modules/set-value/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", "dev": true, "dependencies": { - "is-extendable": "^0.1.0" + "isobject": "^3.0.1" }, "engines": { "node": ">=0.10.0" } }, - "node_modules/set-value/node_modules/is-extendable": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", - "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/setprototypeof": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", @@ -23261,6 +23052,14 @@ "node": ">=8" } }, + "node_modules/shallow-clone/node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/shebang-command": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", @@ -23368,6 +23167,19 @@ "node": ">=0.10.0" } }, + "node_modules/snapdragon-node/node_modules/is-descriptor": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.3.tgz", + "integrity": "sha512-JCNNGbwWZEVaSPtS45mdtrneRWJFp07LLmykxeFV5F6oBvNF8vHSfJuJgoT472pSfk+Mf8VnlrspaFBHWM8JAw==", + "dev": true, + "dependencies": { + "is-accessor-descriptor": "^1.0.1", + "is-data-descriptor": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/snapdragon-util": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/snapdragon-util/-/snapdragon-util-3.0.1.tgz", @@ -23401,52 +23213,6 @@ "ms": "2.0.0" } }, - "node_modules/snapdragon/node_modules/define-property": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", - "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", - "dev": true, - "dependencies": { - "is-descriptor": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon/node_modules/extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", - "dev": true, - "dependencies": { - "is-extendable": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/snapdragon/node_modules/is-descriptor": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.7.tgz", - "integrity": "sha512-C3grZTvObeN1xud4cRWl366OMXZTj0+HGyk4hvfpx4ZHt1Pb60ANSXqCK7pdOTeUQpRzECBSTphqvD7U+l22Eg==", - "dev": true, - "dependencies": { - "is-accessor-descriptor": "^1.0.1", - "is-data-descriptor": "^1.0.1" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/snapdragon/node_modules/is-extendable": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", - "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/snapdragon/node_modules/ms": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", @@ -23626,6 +23392,19 @@ "wbuf": "^1.7.3" } }, + "node_modules/spdy-transport/node_modules/readable-stream": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", + "dependencies": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/split-string": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/split-string/-/split-string-3.1.0.tgz", @@ -23638,6 +23417,43 @@ "node": ">=0.10.0" } }, + "node_modules/split-string/node_modules/extend-shallow": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", + "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", + "dev": true, + "dependencies": { + "assign-symbols": "^1.0.0", + "is-extendable": "^1.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/split-string/node_modules/is-extendable": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", + "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", + "dev": true, + "dependencies": { + "is-plain-object": "^2.0.4" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/split-string/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dev": true, + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/sprintf-js": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", @@ -23763,54 +23579,29 @@ "engines": { "node": ">=0.10.0" } - }, - "node_modules/static-eval/node_modules/type-check": { - "version": "0.3.2", - "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", - "integrity": "sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg==", - "dependencies": { - "prelude-ls": "~1.1.2" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/static-extend": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/static-extend/-/static-extend-0.1.2.tgz", - "integrity": "sha512-72E9+uLc27Mt718pMHt9VMNiAL4LMsmDbBva8mxWUCkT07fSzEGMYUCk0XWY6lp0j6RBAG4cJ3mWuZv2OE3s0g==", - "dev": true, - "dependencies": { - "define-property": "^0.2.5", - "object-copy": "^0.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/static-extend/node_modules/define-property": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz", - "integrity": "sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==", - "dev": true, + }, + "node_modules/static-eval/node_modules/type-check": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", + "integrity": "sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg==", "dependencies": { - "is-descriptor": "^0.1.0" + "prelude-ls": "~1.1.2" }, "engines": { - "node": ">=0.10.0" + "node": ">= 0.8.0" } }, - "node_modules/static-extend/node_modules/is-descriptor": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.7.tgz", - "integrity": "sha512-C3grZTvObeN1xud4cRWl366OMXZTj0+HGyk4hvfpx4ZHt1Pb60ANSXqCK7pdOTeUQpRzECBSTphqvD7U+l22Eg==", + "node_modules/static-extend": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/static-extend/-/static-extend-0.1.2.tgz", + "integrity": "sha512-72E9+uLc27Mt718pMHt9VMNiAL4LMsmDbBva8mxWUCkT07fSzEGMYUCk0XWY6lp0j6RBAG4cJ3mWuZv2OE3s0g==", "dev": true, "dependencies": { - "is-accessor-descriptor": "^1.0.1", - "is-data-descriptor": "^1.0.1" + "define-property": "^0.2.5", + "object-copy": "^0.1.0" }, "engines": { - "node": ">= 0.4" + "node": ">=0.10.0" } }, "node_modules/statuses": { @@ -23845,11 +23636,11 @@ "dev": true }, "node_modules/string_decoder": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", - "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dependencies": { - "safe-buffer": "~5.2.0" + "safe-buffer": "~5.1.0" } }, "node_modules/string-length": { @@ -23870,16 +23661,17 @@ "integrity": "sha512-n3sPwynL1nwKi3WJ6AIsClwBMa0zTi54fn2oLU6ndfTSIO05xaznjSf15PcBZU6FNWbmN5Q6cxT4V5hGvB4taw==" }, "node_modules/string-width": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz", + "integrity": "sha512-0XsVpQLnVCXHJfyEs8tC0zpTVIr5PKKsQtkT29IwupnPTjtPmQ3xT/4yCREF9hYkV/3M3kzcUTSAZT6a6h81tw==", + "dev": true, "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" + "code-point-at": "^1.0.0", + "is-fullwidth-code-point": "^1.0.0", + "strip-ansi": "^3.0.0" }, "engines": { - "node": ">=8" + "node": ">=0.10.0" } }, "node_modules/string-width-cjs": { @@ -23901,10 +23693,34 @@ "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" }, - "node_modules/string-width/node_modules/emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" + "node_modules/string-width-cjs/node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "engines": { + "node": ">=8" + } + }, + "node_modules/string-width/node_modules/ansi-regex": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "integrity": "sha512-TIGnTpdo+E3+pCyAluZvtED5p5wCqLdezCyhPZzKPcxvFplEt4i+W7OONCKgeZFT3+y5NZZfOOS/Bdcanm1MYA==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/string-width/node_modules/strip-ansi": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "integrity": "sha512-VhumSSbBqDTP8p2ZLKj40UjBCV4+v8bUSEpUb4KjRgWk9pbqGF4REFj6KEagidb2f/M6AzC0EmFyDNGaw9OCzg==", + "dev": true, + "dependencies": { + "ansi-regex": "^2.0.0" + }, + "engines": { + "node": ">=0.10.0" + } }, "node_modules/string.prototype.includes": { "version": "2.0.0", @@ -24278,98 +24094,242 @@ "svgo": "bin/svgo" }, "engines": { - "node": ">=4.0.0" + "node": ">=4.0.0" + } + }, + "node_modules/svgo/node_modules/css-select": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/css-select/-/css-select-2.1.0.tgz", + "integrity": "sha512-Dqk7LQKpwLoH3VovzZnkzegqNSuAziQyNZUcrdDM401iY+R5NkGBXGmtO05/yaXQziALuPogeG0b7UAgjnTJTQ==", + "dependencies": { + "boolbase": "^1.0.0", + "css-what": "^3.2.1", + "domutils": "^1.7.0", + "nth-check": "^1.0.2" + } + }, + "node_modules/svgo/node_modules/css-what": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz", + "integrity": "sha512-ACUm3L0/jiZTqfzRM3Hi9Q8eZqd6IK37mMWPLz9PJxkLWllYeRf+EHUSHYEtFop2Eqytaq1FizFVh7XfBnXCDQ==", + "engines": { + "node": ">= 6" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/svgo/node_modules/dom-serializer": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-0.2.2.tgz", + "integrity": "sha512-2/xPb3ORsQ42nHYiSunXkDjPLBaEj/xTwUO4B7XCZQTRk7EBtTOPaygh10YAAh2OI1Qrp6NWfpAhzswj0ydt9g==", + "dependencies": { + "domelementtype": "^2.0.1", + "entities": "^2.0.0" + } + }, + "node_modules/svgo/node_modules/domutils": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/domutils/-/domutils-1.7.0.tgz", + "integrity": "sha512-Lgd2XcJ/NjEw+7tFvfKxOzCYKZsdct5lczQ2ZaQY8Djz7pfAD3Gbp8ySJWtreII/vDlMVmxwa6pHmdxIYgttDg==", + "dependencies": { + "dom-serializer": "0", + "domelementtype": "1" + } + }, + "node_modules/svgo/node_modules/domutils/node_modules/domelementtype": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-1.3.1.tgz", + "integrity": "sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w==" + }, + "node_modules/symbol-tree": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz", + "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==" + }, + "node_modules/tabbable": { + "version": "5.3.3", + "resolved": "https://registry.npmjs.org/tabbable/-/tabbable-5.3.3.tgz", + "integrity": "sha512-QD9qKY3StfbZqWOPLp0++pOrAVb/HbUi5xCc8cUo4XjP19808oaMiDzn0leBY5mCespIBM0CIZePzZjgzR83kA==" + }, + "node_modules/tailwindcss": { + "version": "3.4.11", + "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.11.tgz", + "integrity": "sha512-qhEuBcLemjSJk5ajccN9xJFtM/h0AVCPaA6C92jNP+M2J8kX+eMJHI7R2HFKUvvAsMpcfLILMCFYSeDwpMmlUg==", + "dependencies": { + "@alloc/quick-lru": "^5.2.0", + "arg": "^5.0.2", + "chokidar": "^3.5.3", + "didyoumean": "^1.2.2", + "dlv": "^1.1.3", + "fast-glob": "^3.3.0", + "glob-parent": "^6.0.2", + "is-glob": "^4.0.3", + "jiti": "^1.21.0", + "lilconfig": "^2.1.0", + "micromatch": "^4.0.5", + "normalize-path": "^3.0.0", + "object-hash": "^3.0.0", + "picocolors": "^1.0.0", + "postcss": "^8.4.23", + "postcss-import": "^15.1.0", + "postcss-js": "^4.0.1", + "postcss-load-config": "^4.0.1", + "postcss-nested": "^6.0.1", + "postcss-selector-parser": "^6.0.11", + "resolve": "^1.22.2", + "sucrase": "^3.32.0" + }, + "bin": { + "tailwind": "lib/cli.js", + "tailwindcss": "lib/cli.js" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/tailwindcss/node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/tailwindcss/node_modules/binary-extensions": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/tailwindcss/node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/tailwindcss/node_modules/chokidar": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/tailwindcss/node_modules/chokidar/node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/tailwindcss/node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/tailwindcss/node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/tailwindcss/node_modules/glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" } }, - "node_modules/svgo/node_modules/css-select": { + "node_modules/tailwindcss/node_modules/is-binary-path": { "version": "2.1.0", - "resolved": "https://registry.npmjs.org/css-select/-/css-select-2.1.0.tgz", - "integrity": "sha512-Dqk7LQKpwLoH3VovzZnkzegqNSuAziQyNZUcrdDM401iY+R5NkGBXGmtO05/yaXQziALuPogeG0b7UAgjnTJTQ==", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", "dependencies": { - "boolbase": "^1.0.0", - "css-what": "^3.2.1", - "domutils": "^1.7.0", - "nth-check": "^1.0.2" - } - }, - "node_modules/svgo/node_modules/css-what": { - "version": "3.4.2", - "resolved": "https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz", - "integrity": "sha512-ACUm3L0/jiZTqfzRM3Hi9Q8eZqd6IK37mMWPLz9PJxkLWllYeRf+EHUSHYEtFop2Eqytaq1FizFVh7XfBnXCDQ==", - "engines": { - "node": ">= 6" + "binary-extensions": "^2.0.0" }, - "funding": { - "url": "https://github.com/sponsors/fb55" + "engines": { + "node": ">=8" } }, - "node_modules/svgo/node_modules/dom-serializer": { - "version": "0.2.2", - "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-0.2.2.tgz", - "integrity": "sha512-2/xPb3ORsQ42nHYiSunXkDjPLBaEj/xTwUO4B7XCZQTRk7EBtTOPaygh10YAAh2OI1Qrp6NWfpAhzswj0ydt9g==", - "dependencies": { - "domelementtype": "^2.0.1", - "entities": "^2.0.0" + "node_modules/tailwindcss/node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "engines": { + "node": ">=0.12.0" } }, - "node_modules/svgo/node_modules/domutils": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/domutils/-/domutils-1.7.0.tgz", - "integrity": "sha512-Lgd2XcJ/NjEw+7tFvfKxOzCYKZsdct5lczQ2ZaQY8Djz7pfAD3Gbp8ySJWtreII/vDlMVmxwa6pHmdxIYgttDg==", + "node_modules/tailwindcss/node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", "dependencies": { - "dom-serializer": "0", - "domelementtype": "1" + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" } }, - "node_modules/svgo/node_modules/domutils/node_modules/domelementtype": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-1.3.1.tgz", - "integrity": "sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w==" - }, - "node_modules/symbol-tree": { - "version": "3.2.4", - "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz", - "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==" - }, - "node_modules/tabbable": { - "version": "5.3.3", - "resolved": "https://registry.npmjs.org/tabbable/-/tabbable-5.3.3.tgz", - "integrity": "sha512-QD9qKY3StfbZqWOPLp0++pOrAVb/HbUi5xCc8cUo4XjP19808oaMiDzn0leBY5mCespIBM0CIZePzZjgzR83kA==" - }, - "node_modules/tailwindcss": { - "version": "3.4.11", - "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.11.tgz", - "integrity": "sha512-qhEuBcLemjSJk5ajccN9xJFtM/h0AVCPaA6C92jNP+M2J8kX+eMJHI7R2HFKUvvAsMpcfLILMCFYSeDwpMmlUg==", + "node_modules/tailwindcss/node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", "dependencies": { - "@alloc/quick-lru": "^5.2.0", - "arg": "^5.0.2", - "chokidar": "^3.5.3", - "didyoumean": "^1.2.2", - "dlv": "^1.1.3", - "fast-glob": "^3.3.0", - "glob-parent": "^6.0.2", - "is-glob": "^4.0.3", - "jiti": "^1.21.0", - "lilconfig": "^2.1.0", - "micromatch": "^4.0.5", - "normalize-path": "^3.0.0", - "object-hash": "^3.0.0", - "picocolors": "^1.0.0", - "postcss": "^8.4.23", - "postcss-import": "^15.1.0", - "postcss-js": "^4.0.1", - "postcss-load-config": "^4.0.1", - "postcss-nested": "^6.0.1", - "postcss-selector-parser": "^6.0.11", - "resolve": "^1.22.2", - "sucrase": "^3.32.0" - }, - "bin": { - "tailwind": "lib/cli.js", - "tailwindcss": "lib/cli.js" + "is-number": "^7.0.0" }, "engines": { - "node": ">=14.0.0" + "node": ">=8.0" } }, "node_modules/tapable": { @@ -24582,42 +24542,6 @@ "xtend": "~4.0.0" } }, - "node_modules/through2/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/through2/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/through2/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/through2/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/thunky": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/thunky/-/thunky-1.1.0.tgz", @@ -24698,14 +24622,79 @@ } }, "node_modules/to-regex-range": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", - "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-2.1.1.tgz", + "integrity": "sha512-ZZWNfCjUokXXDGXFpZehJIkZqq91BcULFq/Pi7M5i4JnxXdhMKAK682z8bCW3o8Hj1wuuzoKcW3DfVzaP6VuNg==", + "dev": true, "dependencies": { - "is-number": "^7.0.0" + "is-number": "^3.0.0", + "repeat-string": "^1.6.1" }, "engines": { - "node": ">=8.0" + "node": ">=0.10.0" + } + }, + "node_modules/to-regex/node_modules/define-property": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", + "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==", + "dev": true, + "dependencies": { + "is-descriptor": "^1.0.2", + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/to-regex/node_modules/extend-shallow": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-3.0.2.tgz", + "integrity": "sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==", + "dev": true, + "dependencies": { + "assign-symbols": "^1.0.0", + "is-extendable": "^1.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/to-regex/node_modules/is-descriptor": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.3.tgz", + "integrity": "sha512-JCNNGbwWZEVaSPtS45mdtrneRWJFp07LLmykxeFV5F6oBvNF8vHSfJuJgoT472pSfk+Mf8VnlrspaFBHWM8JAw==", + "dev": true, + "dependencies": { + "is-accessor-descriptor": "^1.0.1", + "is-data-descriptor": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/to-regex/node_modules/is-extendable": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-1.0.1.tgz", + "integrity": "sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==", + "dev": true, + "dependencies": { + "is-plain-object": "^2.0.4" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/to-regex/node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "dev": true, + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" } }, "node_modules/to-through": { @@ -25265,15 +25254,6 @@ "node": ">=0.10.0" } }, - "node_modules/union-value/node_modules/is-extendable": { - "version": "0.1.1", - "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", - "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/unique-stream": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/unique-stream/-/unique-stream-2.3.1.tgz", @@ -25364,12 +25344,6 @@ "node": ">=0.10.0" } }, - "node_modules/unset-value/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, "node_modules/upath": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/upath/-/upath-1.2.0.tgz", @@ -25604,42 +25578,6 @@ "node": ">= 0.10" } }, - "node_modules/vinyl-fs/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/vinyl-fs/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/vinyl-fs/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/vinyl-fs/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, "node_modules/vinyl-sourcemap": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/vinyl-sourcemap/-/vinyl-sourcemap-1.1.0.tgz", @@ -25832,13 +25770,34 @@ } } }, - "node_modules/webpack-cli/node_modules/commander": { - "version": "10.0.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", - "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", + "node_modules/webpack-cli/node_modules/commander": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", + "dev": true, + "engines": { + "node": ">=14" + } + }, + "node_modules/webpack-cli/node_modules/interpret": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/interpret/-/interpret-3.1.1.tgz", + "integrity": "sha512-6xwYfHbajpoF0xLW+iwLkhwgvLoZDfjYfoFNu8ftMoXINzwuymNLd9u/KmwtdT2GbR+/Cz66otEGEVVUHX9QLQ==", + "dev": true, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/webpack-cli/node_modules/rechoir": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/rechoir/-/rechoir-0.8.0.tgz", + "integrity": "sha512-/vxpCXddiX8NGfGO/mTafwjq4aFa/71pvamip0++IQk3zG8cbCj0fifNPrjjF1XMXUne91jL9OoxmdykoEtifQ==", "dev": true, + "dependencies": { + "resolve": "^1.20.0" + }, "engines": { - "node": ">=14" + "node": ">= 10.13.0" } }, "node_modules/webpack-dev-middleware": { @@ -25921,6 +25880,128 @@ } } }, + "node_modules/webpack-dev-server/node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/webpack-dev-server/node_modules/binary-extensions": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/webpack-dev-server/node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/webpack-dev-server/node_modules/chokidar": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/webpack-dev-server/node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/webpack-dev-server/node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/webpack-dev-server/node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/webpack-dev-server/node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/webpack-dev-server/node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, + "node_modules/webpack-dev-server/node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, "node_modules/webpack-dev-server/node_modules/ws": { "version": "8.18.0", "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.0.tgz", @@ -26151,6 +26232,11 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/which-builtin-type/node_modules/isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + }, "node_modules/which-collection": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/which-collection/-/which-collection-1.0.2.tgz", @@ -26512,19 +26598,16 @@ } }, "node_modules/wrap-ansi": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz", + "integrity": "sha512-vAaEaDM946gbNpH5pLVNR+vX2ht6n0Bt3GXwVB1AuAqZosOvHNF3P7wDnh8KLkSqgUh0uh77le7Owgoz+Z9XBw==", + "dev": true, "dependencies": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" + "string-width": "^1.0.1", + "strip-ansi": "^3.0.1" }, "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + "node": ">=0.10.0" } }, "node_modules/wrap-ansi-cjs": { @@ -26574,36 +26657,53 @@ "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" }, - "node_modules/wrap-ansi/node_modules/ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" + }, + "node_modules/wrap-ansi-cjs/node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "engines": { + "node": ">=8" + } + }, + "node_modules/wrap-ansi-cjs/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", "dependencies": { - "color-convert": "^2.0.1" + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" }, "engines": { "node": ">=8" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, - "node_modules/wrap-ansi/node_modules/color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "node_modules/wrap-ansi/node_modules/ansi-regex": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "integrity": "sha512-TIGnTpdo+E3+pCyAluZvtED5p5wCqLdezCyhPZzKPcxvFplEt4i+W7OONCKgeZFT3+y5NZZfOOS/Bdcanm1MYA==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/wrap-ansi/node_modules/strip-ansi": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "integrity": "sha512-VhumSSbBqDTP8p2ZLKj40UjBCV4+v8bUSEpUb4KjRgWk9pbqGF4REFj6KEagidb2f/M6AzC0EmFyDNGaw9OCzg==", + "dev": true, "dependencies": { - "color-name": "~1.1.4" + "ansi-regex": "^2.0.0" }, "engines": { - "node": ">=7.0.0" + "node": ">=0.10.0" } }, - "node_modules/wrap-ansi/node_modules/color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" - }, "node_modules/wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", @@ -26660,12 +26760,10 @@ } }, "node_modules/y18n": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", - "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", - "engines": { - "node": ">=10" - } + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-3.2.2.tgz", + "integrity": "sha512-uGZHXkHnhF0XeeAPgnKfPv1bgKAYyVvmNL1xlKsPYZPaIHxGti2hHqvOCQv71XMsLxu1QjergkqogUnms5D3YQ==", + "dev": true }, "node_modules/yallist": { "version": "3.1.1", @@ -26681,28 +26779,52 @@ } }, "node_modules/yargs": { - "version": "16.2.0", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", - "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-7.1.2.tgz", + "integrity": "sha512-ZEjj/dQYQy0Zx0lgLMLR8QuaqTihnxirir7EwUHp1Axq4e3+k8jXU5K0VLbNvedv1f4EWtBonDIZm0NUr+jCcA==", + "dev": true, "dependencies": { - "cliui": "^7.0.2", - "escalade": "^3.1.1", - "get-caller-file": "^2.0.5", + "camelcase": "^3.0.0", + "cliui": "^3.2.0", + "decamelize": "^1.1.1", + "get-caller-file": "^1.0.1", + "os-locale": "^1.4.0", + "read-pkg-up": "^1.0.1", "require-directory": "^2.1.1", - "string-width": "^4.2.0", - "y18n": "^5.0.5", - "yargs-parser": "^20.2.2" - }, - "engines": { - "node": ">=10" + "require-main-filename": "^1.0.1", + "set-blocking": "^2.0.0", + "string-width": "^1.0.2", + "which-module": "^1.0.0", + "y18n": "^3.2.1", + "yargs-parser": "^5.0.1" } }, "node_modules/yargs-parser": { - "version": "20.2.9", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz", - "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==", + "version": "21.1.1", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", + "dev": true, "engines": { - "node": ">=10" + "node": ">=12" + } + }, + "node_modules/yargs/node_modules/camelcase": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-3.0.0.tgz", + "integrity": "sha512-4nhGqUkc4BqbBBB4Q6zLuD7lzzrHYrjKGeYaEji/3tFR5VdJu9v+LilhGIVe8wxEJPPOeWo7eg8dwY13TZ1BNg==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/yargs/node_modules/yargs-parser": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.1.tgz", + "integrity": "sha512-wpav5XYiddjXxirPoCTUPbqM0PXvJ9hiBMvuJgInvo4/lAOTZzUprArw17q2O1P2+GHhbBr18/iQwjL5Z9BqfA==", + "dev": true, + "dependencies": { + "camelcase": "^3.0.0", + "object.assign": "^4.1.0" } }, "node_modules/yn": { diff --git a/package.json b/package.json index 864c84eb..dd63499e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "sp-editor", - "version": "7.0.0", + "version": "7.0.1", "private": true, "homepage": ".", "dependencies": { @@ -13,18 +13,18 @@ "@microsoft/mgt-react": "^4.2.5", "@microsoft/microsoft-graph-client": "^3.0.7", "@minoru/react-dnd-treeview": "^3.4.4", - "@pnp/graph": "^4.4.0", - "@pnp/logging": "^4.4.0", - "@pnp/msaljsclient": "^4.4.0", - "@pnp/sp": "^4.4.0", - "@pnp/sp-admin": "^4.4.0", + "@pnp/graph": "^4.5.0", + "@pnp/logging": "^4.5.0", + "@pnp/msaljsclient": "^4.5.0", + "@pnp/sp": "^4.5.0", + "@pnp/sp-admin": "^4.5.0", "@reduxjs/toolkit": "^2.2.7", "@testing-library/jest-dom": "^6.5.0", "@testing-library/react": "^16.0.1", "@testing-library/user-event": "^14.5.2", "@types/jest": "^29.5.13", - "@types/node": "^22.5.4", - "@types/react": "^18.3.5", + "@types/node": "^22.5.5", + "@types/react": "^18.3.6", "@types/react-dom": "^18.3.0", "@uifabric/theme-samples": "^7.5.33", "gsap": "^3.12.5", @@ -48,21 +48,18 @@ }, "devDependencies": { "@babel/plugin-proposal-private-property-in-object": "^7.21.11", - "@types/chrome": "^0.0.270", + "@types/chrome": "^0.0.271", "react-scripts": "^5.0.1", "ts-loader": "^9.5.1", "webpack-cli": "^5.1.4", "del": "^6.0.0", "gulp": "^4.0.2", "gulp-rename": "^2.0.0", - "gulp-replace": "^1.1.3" + "gulp-replace": "^1.1.4" }, "scripts": { - "start": "react-scripts start", + "start": "GENERATE_SOURCEMAP=false craco start", "build": "react-scripts build && cd iframe-sandbox-app && BUILD_PATH='../build/build' react-scripts build && cd ..", - "test": "react-scripts test", - "eject": "react-scripts eject", - "cracostart": "GENERATE_SOURCEMAP=false craco start", "updatedeps": "node_modules/.bin/webpack && gulp" }, "eslintConfig": { diff --git a/public/bundles/graph.es5.umd.bundle.js b/public/bundles/graph.es5.umd.bundle.js index 912fafaf..40a85bb5 100644 --- a/public/bundles/graph.es5.umd.bundle.js +++ b/public/bundles/graph.es5.umd.bundle.js @@ -955,7 +955,7 @@ function copyObservers(source, behavior, filter) { -;// CONCATENATED MODULE: ./node_modules/@pnp/queryable/node_modules/tslib/tslib.es6.mjs +;// CONCATENATED MODULE: ./node_modules/tslib/tslib.es6.mjs /****************************************************************************** Copyright (c) Microsoft Corporation. @@ -970,7 +970,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ***************************************************************************** */ -/* global Reflect, Promise, SuppressedError, Symbol */ +/* global Reflect, Promise, SuppressedError, Symbol, Iterator */ var extendStatics = function(d, b) { extendStatics = Object.setPrototypeOf || @@ -1081,8 +1081,8 @@ function __awaiter(thisArg, _arguments, P, generator) { } function __generator(thisArg, body) { - var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; - return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; + var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype); + return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); @@ -1186,7 +1186,7 @@ function __await(v) { function __asyncGenerator(thisArg, _arguments, generator) { if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); var g = generator.apply(thisArg, _arguments || []), i, q = []; - return i = {}, verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; + return i = Object.create((typeof AsyncIterator === "function" ? AsyncIterator : Object).prototype), verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; function awaitReturn(f) { return function (v) { return Promise.resolve(v).then(f, reject); }; } function verb(n, f) { if (g[n]) { i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; if (f) i[n] = f(i[n]); } } function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } } @@ -1284,17 +1284,22 @@ function __disposeResources(env) { env.error = env.hasError ? new _SuppressedError(e, env.error, "An error was suppressed during disposal.") : e; env.hasError = true; } + var r, s = 0; function next() { - while (env.stack.length) { - var rec = env.stack.pop(); + while (r = env.stack.pop()) { try { - var result = rec.dispose && rec.dispose.call(rec.value); - if (rec.async) return Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); + if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next); + if (r.dispose) { + var result = r.dispose.call(r.value); + if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); + } + else s |= 1; } catch (e) { - fail(e); + fail(e); } } + if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve(); if (env.hasError) throw env.error; } return next(); @@ -2585,381 +2590,6 @@ function graphfi(root = "") { return new GraphFI(root); } -;// CONCATENATED MODULE: ./node_modules/@pnp/graph/node_modules/tslib/tslib.es6.mjs -/****************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */ -/* global Reflect, Promise, SuppressedError, Symbol */ - -var tslib_es6_extendStatics = function(d, b) { - tslib_es6_extendStatics = Object.setPrototypeOf || - ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || - function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; - return tslib_es6_extendStatics(d, b); -}; - -function tslib_es6_extends(d, b) { - if (typeof b !== "function" && b !== null) - throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); - tslib_es6_extendStatics(d, b); - function __() { this.constructor = d; } - d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); -} - -var tslib_es6_assign = function() { - tslib_es6_assign = Object.assign || function __assign(t) { - for (var s, i = 1, n = arguments.length; i < n; i++) { - s = arguments[i]; - for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p]; - } - return t; - } - return tslib_es6_assign.apply(this, arguments); -} - -function tslib_es6_rest(s, e) { - var t = {}; - for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0) - t[p] = s[p]; - if (s != null && typeof Object.getOwnPropertySymbols === "function") - for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) { - if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i])) - t[p[i]] = s[p[i]]; - } - return t; -} - -function tslib_es6_decorate(decorators, target, key, desc) { - var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; - if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); - else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; - return c > 3 && r && Object.defineProperty(target, key, r), r; -} - -function tslib_es6_param(paramIndex, decorator) { - return function (target, key) { decorator(target, key, paramIndex); } -} - -function tslib_es6_esDecorate(ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) { - function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; } - var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value"; - var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null; - var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {}); - var _, done = false; - for (var i = decorators.length - 1; i >= 0; i--) { - var context = {}; - for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p]; - for (var p in contextIn.access) context.access[p] = contextIn.access[p]; - context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); }; - var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context); - if (kind === "accessor") { - if (result === void 0) continue; - if (result === null || typeof result !== "object") throw new TypeError("Object expected"); - if (_ = accept(result.get)) descriptor.get = _; - if (_ = accept(result.set)) descriptor.set = _; - if (_ = accept(result.init)) initializers.unshift(_); - } - else if (_ = accept(result)) { - if (kind === "field") initializers.unshift(_); - else descriptor[key] = _; - } - } - if (target) Object.defineProperty(target, contextIn.name, descriptor); - done = true; -}; - -function tslib_es6_runInitializers(thisArg, initializers, value) { - var useValue = arguments.length > 2; - for (var i = 0; i < initializers.length; i++) { - value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg); - } - return useValue ? value : void 0; -}; - -function tslib_es6_propKey(x) { - return typeof x === "symbol" ? x : "".concat(x); -}; - -function tslib_es6_setFunctionName(f, name, prefix) { - if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : ""; - return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name }); -}; - -function tslib_es6_metadata(metadataKey, metadataValue) { - if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(metadataKey, metadataValue); -} - -function tslib_es6_awaiter(thisArg, _arguments, P, generator) { - function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } - return new (P || (P = Promise))(function (resolve, reject) { - function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } - function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } - function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } - step((generator = generator.apply(thisArg, _arguments || [])).next()); - }); -} - -function tslib_es6_generator(thisArg, body) { - var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; - return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; - function verb(n) { return function (v) { return step([n, v]); }; } - function step(op) { - if (f) throw new TypeError("Generator is already executing."); - while (g && (g = 0, op[0] && (_ = 0)), _) try { - if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; - if (y = 0, t) op = [op[0] & 2, t.value]; - switch (op[0]) { - case 0: case 1: t = op; break; - case 4: _.label++; return { value: op[1], done: false }; - case 5: _.label++; y = op[1]; op = [0]; continue; - case 7: op = _.ops.pop(); _.trys.pop(); continue; - default: - if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } - if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } - if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } - if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } - if (t[2]) _.ops.pop(); - _.trys.pop(); continue; - } - op = body.call(thisArg, _); - } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } - if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; - } -} - -var tslib_es6_createBinding = Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; - } - Object.defineProperty(o, k2, desc); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -}); - -function tslib_es6_exportStar(m, o) { - for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(o, p)) tslib_es6_createBinding(o, m, p); -} - -function tslib_es6_values(o) { - var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0; - if (m) return m.call(o); - if (o && typeof o.length === "number") return { - next: function () { - if (o && i >= o.length) o = void 0; - return { value: o && o[i++], done: !o }; - } - }; - throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined."); -} - -function tslib_es6_read(o, n) { - var m = typeof Symbol === "function" && o[Symbol.iterator]; - if (!m) return o; - var i = m.call(o), r, ar = [], e; - try { - while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value); - } - catch (error) { e = { error: error }; } - finally { - try { - if (r && !r.done && (m = i["return"])) m.call(i); - } - finally { if (e) throw e.error; } - } - return ar; -} - -/** @deprecated */ -function tslib_es6_spread() { - for (var ar = [], i = 0; i < arguments.length; i++) - ar = ar.concat(tslib_es6_read(arguments[i])); - return ar; -} - -/** @deprecated */ -function tslib_es6_spreadArrays() { - for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length; - for (var r = Array(s), k = 0, i = 0; i < il; i++) - for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++) - r[k] = a[j]; - return r; -} - -function tslib_es6_spreadArray(to, from, pack) { - if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) { - if (ar || !(i in from)) { - if (!ar) ar = Array.prototype.slice.call(from, 0, i); - ar[i] = from[i]; - } - } - return to.concat(ar || Array.prototype.slice.call(from)); -} - -function tslib_es6_await(v) { - return this instanceof tslib_es6_await ? (this.v = v, this) : new tslib_es6_await(v); -} - -function tslib_es6_asyncGenerator(thisArg, _arguments, generator) { - if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); - var g = generator.apply(thisArg, _arguments || []), i, q = []; - return i = {}, verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; - function awaitReturn(f) { return function (v) { return Promise.resolve(v).then(f, reject); }; } - function verb(n, f) { if (g[n]) { i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; if (f) i[n] = f(i[n]); } } - function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } } - function step(r) { r.value instanceof tslib_es6_await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); } - function fulfill(value) { resume("next", value); } - function reject(value) { resume("throw", value); } - function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); } -} - -function tslib_es6_asyncDelegator(o) { - var i, p; - return i = {}, verb("next"), verb("throw", function (e) { throw e; }), verb("return"), i[Symbol.iterator] = function () { return this; }, i; - function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: tslib_es6_await(o[n](v)), done: false } : f ? f(v) : v; } : f; } -} - -function tslib_es6_asyncValues(o) { - if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); - var m = o[Symbol.asyncIterator], i; - return m ? m.call(o) : (o = typeof tslib_es6_values === "function" ? tslib_es6_values(o) : o[Symbol.iterator](), i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i); - function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; } - function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); } -} - -function tslib_es6_makeTemplateObject(cooked, raw) { - if (Object.defineProperty) { Object.defineProperty(cooked, "raw", { value: raw }); } else { cooked.raw = raw; } - return cooked; -}; - -var tslib_es6_setModuleDefault = Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}; - -function tslib_es6_importStar(mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) tslib_es6_createBinding(result, mod, k); - tslib_es6_setModuleDefault(result, mod); - return result; -} - -function tslib_es6_importDefault(mod) { - return (mod && mod.__esModule) ? mod : { default: mod }; -} - -function tslib_es6_classPrivateFieldGet(receiver, state, kind, f) { - if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter"); - if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it"); - return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver); -} - -function tslib_es6_classPrivateFieldSet(receiver, state, value, kind, f) { - if (kind === "m") throw new TypeError("Private method is not writable"); - if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter"); - if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it"); - return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value; -} - -function tslib_es6_classPrivateFieldIn(state, receiver) { - if (receiver === null || (typeof receiver !== "object" && typeof receiver !== "function")) throw new TypeError("Cannot use 'in' operator on non-object"); - return typeof state === "function" ? receiver === state : state.has(receiver); -} - -function tslib_es6_addDisposableResource(env, value, async) { - if (value !== null && value !== void 0) { - if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected."); - var dispose, inner; - if (async) { - if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined."); - dispose = value[Symbol.asyncDispose]; - } - if (dispose === void 0) { - if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined."); - dispose = value[Symbol.dispose]; - if (async) inner = dispose; - } - if (typeof dispose !== "function") throw new TypeError("Object not disposable."); - if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } }; - env.stack.push({ value: value, dispose: dispose, async: async }); - } - else if (async) { - env.stack.push({ async: true }); - } - return value; -} - -var tslib_es6_SuppressedError = typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) { - var e = new Error(message); - return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e; -}; - -function tslib_es6_disposeResources(env) { - function fail(e) { - env.error = env.hasError ? new tslib_es6_SuppressedError(e, env.error, "An error was suppressed during disposal.") : e; - env.hasError = true; - } - function next() { - while (env.stack.length) { - var rec = env.stack.pop(); - try { - var result = rec.dispose && rec.dispose.call(rec.value); - if (rec.async) return Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); - } - catch (e) { - fail(e); - } - } - if (env.hasError) throw env.error; - } - return next(); -} - -/* harmony default export */ const tslib_tslib_es6 = ({ - __extends: tslib_es6_extends, - __assign: tslib_es6_assign, - __rest: tslib_es6_rest, - __decorate: tslib_es6_decorate, - __param: tslib_es6_param, - __metadata: tslib_es6_metadata, - __awaiter: tslib_es6_awaiter, - __generator: tslib_es6_generator, - __createBinding: tslib_es6_createBinding, - __exportStar: tslib_es6_exportStar, - __values: tslib_es6_values, - __read: tslib_es6_read, - __spread: tslib_es6_spread, - __spreadArrays: tslib_es6_spreadArrays, - __spreadArray: tslib_es6_spreadArray, - __await: tslib_es6_await, - __asyncGenerator: tslib_es6_asyncGenerator, - __asyncDelegator: tslib_es6_asyncDelegator, - __asyncValues: tslib_es6_asyncValues, - __makeTemplateObject: tslib_es6_makeTemplateObject, - __importStar: tslib_es6_importStar, - __importDefault: tslib_es6_importDefault, - __classPrivateFieldGet: tslib_es6_classPrivateFieldGet, - __classPrivateFieldSet: tslib_es6_classPrivateFieldSet, - __classPrivateFieldIn: tslib_es6_classPrivateFieldIn, - __addDisposableResource: tslib_es6_addDisposableResource, - __disposeResources: tslib_es6_disposeResources, -}); - ;// CONCATENATED MODULE: ./node_modules/@pnp/graph/admin/people.js @@ -2972,7 +2602,7 @@ let _PeopleAdmin = class _PeopleAdmin extends _GraphInstance { return PronounSettings(this); } }; -_PeopleAdmin = tslib_es6_decorate([ +_PeopleAdmin = __decorate([ defaultPath("people") ], _PeopleAdmin); @@ -2982,7 +2612,7 @@ const PeopleAdmin = graphInvokableFactory(_PeopleAdmin); */ let _PronounSettings = class _PronounSettings extends _GraphInstance { }; -_PronounSettings = tslib_es6_decorate([ +_PronounSettings = __decorate([ defaultPath("pronouns"), updateable() ], _PronounSettings); @@ -2993,7 +2623,7 @@ const PronounSettings = graphInvokableFactory(_PronounSettings); */ let _ProfileCardProperty = class _ProfileCardProperty extends _GraphInstance { }; -_ProfileCardProperty = tslib_es6_decorate([ +_ProfileCardProperty = __decorate([ defaultPath("profileCardProperty"), deleteable(), updateable() @@ -3005,7 +2635,7 @@ const ProfileCardProperty = graphInvokableFactory(_ProfileCardProperty); */ let _ProfileCardProperties = class _ProfileCardProperties extends _GraphCollection { }; -_ProfileCardProperties = tslib_es6_decorate([ +_ProfileCardProperties = __decorate([ defaultPath("profileCardProperties"), getById(ProfileCardProperty), addable() @@ -3032,7 +2662,7 @@ let _ServiceAnnouncements = class _ServiceAnnouncements extends _GraphInstance { return ServiceMessages(this); } }; -_ServiceAnnouncements = tslib_es6_decorate([ +_ServiceAnnouncements = __decorate([ defaultPath("serviceAnnouncement") ], _ServiceAnnouncements); @@ -3048,7 +2678,7 @@ const ServiceHealth = graphInvokableFactory(_ServiceHealth); */ let _HealthOverviews = class _HealthOverviews extends _GraphCollection { }; -_HealthOverviews = tslib_es6_decorate([ +_HealthOverviews = __decorate([ defaultPath("healthOverviews"), getByName(ServiceHealth) ], _HealthOverviews); @@ -3071,7 +2701,7 @@ let _HealthIssues = class _HealthIssues extends _GraphCollection { return graphGet(GraphQueryable(this, "issueReport")); } }; -_HealthIssues = tslib_es6_decorate([ +_HealthIssues = __decorate([ defaultPath("issues"), getById(HealthIssue) ], _HealthIssues); @@ -3154,7 +2784,7 @@ let _ServiceMessages = class _ServiceMessages extends _GraphCollection { })); } }; -_ServiceMessages = tslib_es6_decorate([ +_ServiceMessages = __decorate([ defaultPath("messages"), getById(ServiceMessage) ], _ServiceMessages); @@ -3171,7 +2801,7 @@ const ServiceMessageAttachment = graphInvokableFactory(_ServiceMessageAttachment */ let _ServiceMessageAttachments = class _ServiceMessageAttachments extends _GraphCollection { }; -_ServiceMessageAttachments = tslib_es6_decorate([ +_ServiceMessageAttachments = __decorate([ defaultPath("attachments"), getById(ServiceMessageAttachment) ], _ServiceMessageAttachments); @@ -3187,7 +2817,7 @@ let _SharePointAdmin = class _SharePointAdmin extends _GraphInstance { return SharePointSettings(this); } }; -_SharePointAdmin = tslib_es6_decorate([ +_SharePointAdmin = __decorate([ defaultPath("sharepoint") ], _SharePointAdmin); @@ -3197,7 +2827,7 @@ const SharePointAdmin = graphInvokableFactory(_SharePointAdmin); */ let _SharePointSettings = class _SharePointSettings extends _GraphInstance { }; -_SharePointSettings = tslib_es6_decorate([ +_SharePointSettings = __decorate([ defaultPath("settings"), updateable() ], _SharePointSettings); @@ -3393,7 +3023,7 @@ let _Drive = class _Drive extends _GraphInstance { return DriveItem(this, combine("root:/", `${path}:`)); } }; -_Drive = tslib_es6_decorate([ +_Drive = __decorate([ defaultPath("drive") ], _Drive); @@ -3404,7 +3034,7 @@ const Drive = graphInvokableFactory(_Drive); */ let _Drives = class _Drives extends _GraphCollection { }; -_Drives = tslib_es6_decorate([ +_Drives = __decorate([ defaultPath("drives"), getById(Drive) ], _Drives); @@ -3446,7 +3076,7 @@ let _Root = class _Root extends _GraphInstance { return Reflect.apply(driveItemUpload, this, [fileOptions]); } }; -_Root = tslib_es6_decorate([ +_Root = __decorate([ defaultPath("root"), hasDelta() ], _Root); @@ -3639,7 +3269,7 @@ let _DriveItem = class _DriveItem extends _GraphInstance { return graphPatch(DriveItem(this, "retentionLabel"), body(postBody)); } }; -_DriveItem = tslib_es6_decorate([ +_DriveItem = __decorate([ deleteable(), updateable() ], _DriveItem); @@ -3684,7 +3314,7 @@ let _DriveItems = class _DriveItems extends _GraphCollection { return await graphPost(this, body(postBody)); } }; -_DriveItems = tslib_es6_decorate([ +_DriveItems = __decorate([ getById(DriveItem) ], _DriveItems); @@ -3718,7 +3348,7 @@ let _ListItem = class _ListItem extends _GraphInstance { return graphqueryable_GraphCollection(this, "versions"); } }; -_ListItem = tslib_es6_decorate([ +_ListItem = __decorate([ deleteable(), updateable() ], _ListItem); @@ -3730,7 +3360,7 @@ const ListItem = graphInvokableFactory(_ListItem); */ let _ListItems = class _ListItems extends _GraphCollection { }; -_ListItems = tslib_es6_decorate([ +_ListItems = __decorate([ defaultPath("items"), getById(ListItem), addable() @@ -3749,7 +3379,7 @@ let _DocumentSetVersion = class _DocumentSetVersion extends _GraphInstance { return graphPost(DocumentSetVersion(this, "restore")); } }; -_DocumentSetVersion = tslib_es6_decorate([ +_DocumentSetVersion = __decorate([ deleteable() ], _DocumentSetVersion); @@ -3760,7 +3390,7 @@ const DocumentSetVersion = graphInvokableFactory(_DocumentSetVersion); */ let _DocumentSetVersions = class _DocumentSetVersions extends _GraphCollection { }; -_DocumentSetVersions = tslib_es6_decorate([ +_DocumentSetVersions = __decorate([ defaultPath("documentSetVersions"), getById(DocumentSetVersion), addable() @@ -3810,7 +3440,7 @@ let _Sites = class _Sites extends _GraphCollection { return Sites(this, "getAllSites"); } }; -_Sites = tslib_es6_decorate([ +_Sites = __decorate([ defaultPath("sites") ], _Sites); @@ -3855,7 +3485,7 @@ let _FollowedSites = class _FollowedSites extends _GraphCollection { return graphPost(FollowedSites(this, "remove"), body({ value: siteIds.map(id => ({ id })) })); } }; -_FollowedSites = tslib_es6_decorate([ +_FollowedSites = __decorate([ defaultPath("followedsites") ], _FollowedSites); @@ -3888,7 +3518,7 @@ let _AppCatalog = class _AppCatalog extends _GraphInstance { return TeamsApps(this); } }; -_AppCatalog = tslib_es6_decorate([ +_AppCatalog = __decorate([ defaultPath("appCatalogs") ], _AppCatalog); @@ -3911,7 +3541,7 @@ const AppDefinition = graphInvokableFactory(_AppDefinition); */ let _AppDefinitions = class _AppDefinitions extends _GraphCollection { }; -_AppDefinitions = tslib_es6_decorate([ +_AppDefinitions = __decorate([ defaultPath("appDefinitions"), getById(AppDefinition) ], _AppDefinitions); @@ -3973,7 +3603,7 @@ let _TeamsApps = class _TeamsApps extends _GraphCollection { return graphPost(q, { body: zip }); } }; -_TeamsApps = tslib_es6_decorate([ +_TeamsApps = __decorate([ defaultPath("teamsApps"), getById(TeamsApp) ], _TeamsApps); @@ -4008,7 +3638,7 @@ let _Conversation = class _Conversation extends _GraphInstance { return Threads(this); } }; -_Conversation = tslib_es6_decorate([ +_Conversation = __decorate([ updateable(), deleteable() ], _Conversation); @@ -4019,7 +3649,7 @@ const Conversation = graphInvokableFactory(_Conversation); */ let _Conversations = class _Conversations extends _GraphCollection { }; -_Conversations = tslib_es6_decorate([ +_Conversations = __decorate([ defaultPath("conversations"), addable(), getById(Conversation) @@ -4045,7 +3675,7 @@ let _Thread = class _Thread extends _GraphInstance { return graphPost(Thread(this, "reply"), body(post)); } }; -_Thread = tslib_es6_decorate([ +_Thread = __decorate([ deleteable() ], _Thread); @@ -4055,7 +3685,7 @@ const Thread = graphInvokableFactory(_Thread); */ let _Threads = class _Threads extends _GraphCollection { }; -_Threads = tslib_es6_decorate([ +_Threads = __decorate([ defaultPath("threads"), addable(), getById(Thread) @@ -4086,7 +3716,7 @@ let _Post = class _Post extends _GraphInstance { return graphPost(Post(this, "reply"), body(params)); } }; -_Post = tslib_es6_decorate([ +_Post = __decorate([ deleteable() ], _Post); @@ -4096,7 +3726,7 @@ const Post = graphInvokableFactory(_Post); */ let _Posts = class _Posts extends _GraphCollection { }; -_Posts = tslib_es6_decorate([ +_Posts = __decorate([ defaultPath("posts"), addable(), getById(Post) @@ -4143,7 +3773,7 @@ function type(n, a) { */ let _Attachment = class _Attachment extends _GraphInstance { }; -_Attachment = tslib_es6_decorate([ +_Attachment = __decorate([ deleteable() ], _Attachment); @@ -4166,7 +3796,7 @@ let _Attachments = class _Attachments extends _GraphCollection { }))); } }; -_Attachments = tslib_es6_decorate([ +_Attachments = __decorate([ defaultPath("attachments"), getById(Attachment) ], _Attachments); @@ -4311,7 +3941,7 @@ let _Message = class _Message extends _GraphInstance { return (await mailResponse(this, "forward", forward, timeZone)); } }; -_Message = tslib_es6_decorate([ +_Message = __decorate([ updateable(), deleteable() ], _Message); @@ -4322,7 +3952,7 @@ const Message = graphInvokableFactory(_Message); */ let _Messages = class _Messages extends _GraphCollection { }; -_Messages = tslib_es6_decorate([ +_Messages = __decorate([ defaultPath("messages"), getById(Message), addable(), @@ -4335,7 +3965,7 @@ const Messages = graphInvokableFactory(_Messages); */ let _MessageRule = class _MessageRule extends _GraphInstance { }; -_MessageRule = tslib_es6_decorate([ +_MessageRule = __decorate([ updateable(), deleteable() ], _MessageRule); @@ -4346,7 +3976,7 @@ const MessageRule = graphInvokableFactory(_MessageRule); */ let _MessageRules = class _MessageRules extends _GraphCollection { }; -_MessageRules = tslib_es6_decorate([ +_MessageRules = __decorate([ defaultPath("messageRules"), getById(MessageRule), addable() @@ -4453,7 +4083,7 @@ let _Calendar = class _Calendar extends _GraphInstance { return graphPost(Calendar(this, "getSchedule"), body(properties)); } }; -_Calendar = tslib_es6_decorate([ +_Calendar = __decorate([ deleteable(), updateable() ], _Calendar); @@ -4464,7 +4094,7 @@ const Calendar = graphInvokableFactory(_Calendar); */ let _Calendars = class _Calendars extends _GraphCollection { }; -_Calendars = tslib_es6_decorate([ +_Calendars = __decorate([ defaultPath("calendars"), getById(Calendar), addable() @@ -4521,7 +4151,7 @@ let _Event = class _Event extends _GraphInstance { return graphPost(Event(this, "tentativelyAccept"), body({ comment, sendResponse, proposedNewTime })); } }; -_Event = tslib_es6_decorate([ +_Event = __decorate([ deleteable(), updateable() ], _Event); @@ -4532,7 +4162,7 @@ const Event = graphInvokableFactory(_Event); */ let _Events = class _Events extends _GraphCollection { }; -_Events = tslib_es6_decorate([ +_Events = __decorate([ defaultPath("events"), getById(Event), addable() @@ -4547,7 +4177,7 @@ let _CalendarGroup = class _CalendarGroup extends _GraphInstance { return Calendars(this); } }; -_CalendarGroup = tslib_es6_decorate([ +_CalendarGroup = __decorate([ deleteable(), updateable() ], _CalendarGroup); @@ -4558,7 +4188,7 @@ const CalendarGroup = graphInvokableFactory(_CalendarGroup); */ let _CalendarGroups = class _CalendarGroups extends _GraphCollection { }; -_CalendarGroups = tslib_es6_decorate([ +_CalendarGroups = __decorate([ defaultPath("calendarGroups"), getById(CalendarGroup), addable() @@ -4570,7 +4200,7 @@ const CalendarGroups = graphInvokableFactory(_CalendarGroups); */ let _CalendarPermission = class _CalendarPermission extends _GraphInstance { }; -_CalendarPermission = tslib_es6_decorate([ +_CalendarPermission = __decorate([ updateable(), deleteable() ], _CalendarPermission); @@ -4581,7 +4211,7 @@ const CalendarPermission = graphInvokableFactory(_CalendarPermission); */ let _CalendarPermissions = class _CalendarPermissions extends _GraphCollection { }; -_CalendarPermissions = tslib_es6_decorate([ +_CalendarPermissions = __decorate([ defaultPath("calendarPermissions"), getById(CalendarPermission), addable() @@ -4636,7 +4266,7 @@ let _DirectoryObject = class _DirectoryObject extends _GraphInstance { return graphPost(DirectoryObject(this, "checkMemberGroups"), body({ groupIds })); } }; -_DirectoryObject = tslib_es6_decorate([ +_DirectoryObject = __decorate([ deleteable() ], _DirectoryObject); @@ -4664,7 +4294,7 @@ let _DirectoryObjects = class _DirectoryObjects extends _GraphCollection { return Count(this); } }; -_DirectoryObjects = tslib_es6_decorate([ +_DirectoryObjects = __decorate([ defaultPath("directoryObjects"), getById(DirectoryObject) ], _DirectoryObjects); @@ -4763,7 +4393,7 @@ let _Group = class _Group extends _DirectoryObject { return view(); } }; -_Group = tslib_es6_decorate([ +_Group = __decorate([ deleteable(), updateable() ], _Group); @@ -4800,7 +4430,7 @@ let _Groups = class _Groups extends _DirectoryObjects { return graphPost(this, body(postBody)); } }; -_Groups = tslib_es6_decorate([ +_Groups = __decorate([ defaultPath("groups"), getById(Group) ], _Groups); @@ -4853,7 +4483,7 @@ let _User = class _User extends _DirectoryObject { return User(this, "manager"); } }; -_User = tslib_es6_decorate([ +_User = __decorate([ updateable(), deleteable() ], _User); @@ -4861,7 +4491,7 @@ _User = tslib_es6_decorate([ const User = graphInvokableFactory(_User); let _Users = class _Users extends _DirectoryObjects { }; -_Users = tslib_es6_decorate([ +_Users = __decorate([ defaultPath("users"), getById(User) ], _Users); @@ -4869,7 +4499,7 @@ _Users = tslib_es6_decorate([ const Users = graphInvokableFactory(_Users); let _People = class _People extends _DirectoryObjects { }; -_People = tslib_es6_decorate([ +_People = __decorate([ defaultPath("people") ], _People); @@ -4945,7 +4575,7 @@ let _Presence = class _Presence extends _GraphInstance { return graphPost(Presence(this, "setStatusMessage"), body(postBody)); } }; -_Presence = tslib_es6_decorate([ +_Presence = __decorate([ defaultPath("presence") ], _Presence); @@ -4961,7 +4591,7 @@ let _Communications = class _Communications extends _GraphCollection { return graphPost(Communications(this, "getPresencesByUserId"), body(postBody)); } }; -_Communications = tslib_es6_decorate([ +_Communications = __decorate([ defaultPath("communications") ], _Communications); @@ -4995,7 +4625,7 @@ Reflect.defineProperty(GraphFI.prototype, "communications", { */ let _List = class _List extends _GraphInstance { }; -_List = tslib_es6_decorate([ +_List = __decorate([ deleteable(), updateable() ], _List); @@ -5007,7 +4637,7 @@ const List = graphInvokableFactory(_List); */ let _Lists = class _Lists extends _GraphCollection { }; -_Lists = tslib_es6_decorate([ +_Lists = __decorate([ defaultPath("lists"), getById(List), addable() @@ -5036,7 +4666,7 @@ const addColumn = async function (column) { */ let _Column = class _Column extends _GraphInstance { }; -_Column = tslib_es6_decorate([ +_Column = __decorate([ deleteable(), updateable() ], _Column); @@ -5047,7 +4677,7 @@ const Column = graphInvokableFactory(_Column); */ let _Columns = class _Columns extends _GraphCollection { }; -_Columns = tslib_es6_decorate([ +_Columns = __decorate([ defaultPath("columns"), getById(Column) ], _Columns); @@ -5126,7 +4756,7 @@ let _ContentType = class _ContentType extends _GraphInstance { return graphPost(ContentType(this, "copyToDefaultContentLocation"), body(postBody)); } }; -_ContentType = tslib_es6_decorate([ +_ContentType = __decorate([ deleteable(), updateable() ], _ContentType); @@ -5161,7 +4791,7 @@ let _ContentTypes = class _ContentTypes extends _GraphCollection { return graphGet(ContentTypes(this, "getCompatibleHubContentTypes")); } }; -_ContentTypes = tslib_es6_decorate([ +_ContentTypes = __decorate([ defaultPath("contenttypes"), getById(ContentType) ], _ContentTypes); @@ -5208,7 +4838,7 @@ let _Compliance = class _Compliance extends _GraphQueryable { return SubjectRightsRequests(this); } }; -_Compliance = tslib_es6_decorate([ +_Compliance = __decorate([ defaultPath("security") ], _Compliance); @@ -5236,7 +4866,7 @@ let _SubjectRightsRequest = class _SubjectRightsRequest extends _GraphInstance { return Notes(this); } }; -_SubjectRightsRequest = tslib_es6_decorate([ +_SubjectRightsRequest = __decorate([ defaultPath("/"), updateable() ], _SubjectRightsRequest); @@ -5247,7 +4877,7 @@ const SubjectRightsRequest = graphInvokableFactory(_SubjectRightsRequest); */ let _SubjectRightsRequests = class _SubjectRightsRequests extends _GraphCollection { }; -_SubjectRightsRequests = tslib_es6_decorate([ +_SubjectRightsRequests = __decorate([ defaultPath("subjectRightsRequests"), getById(SubjectRightsRequest), addable() @@ -5259,7 +4889,7 @@ const SubjectRightsRequests = graphInvokableFactory(_SubjectRightsRequests); */ let _Notes = class _Notes extends _GraphCollection { }; -_Notes = tslib_es6_decorate([ +_Notes = __decorate([ defaultPath("notes"), addable() ], _Notes); @@ -5288,7 +4918,7 @@ Reflect.defineProperty(GraphFI.prototype, "compliance", { */ let _Contact = class _Contact extends _GraphInstance { }; -_Contact = tslib_es6_decorate([ +_Contact = __decorate([ updateable(), deleteable() ], _Contact); @@ -5318,7 +4948,7 @@ let _Contacts = class _Contacts extends _GraphCollection { return graphPost(this, body(postBody)); } }; -_Contacts = tslib_es6_decorate([ +_Contacts = __decorate([ defaultPath("contacts"), getById(Contact) ], _Contacts); @@ -5341,7 +4971,7 @@ let _ContactFolder = class _ContactFolder extends _GraphInstance { return ContactFolders(this, "childFolders"); } }; -_ContactFolder = tslib_es6_decorate([ +_ContactFolder = __decorate([ deleteable(), updateable() ], _ContactFolder); @@ -5365,7 +4995,7 @@ let _ContactFolders = class _ContactFolders extends _GraphCollection { return graphPost(this, body(postBody)); } }; -_ContactFolders = tslib_es6_decorate([ +_ContactFolders = __decorate([ defaultPath("contactFolders"), getById(ContactFolder) ], _ContactFolders); @@ -5548,7 +5178,7 @@ let _Bundle = class _Bundle extends _GraphInstance { return graphDelete(GraphQueryable(this, `/children/${id}`)); } }; -_Bundle = tslib_es6_decorate([ +_Bundle = __decorate([ deleteable(), updateable() ], _Bundle); @@ -5568,7 +5198,7 @@ let _Bundles = class _Bundles extends _GraphCollection { return graphPost(this, body(bundleDef)); } }; -_Bundles = tslib_es6_decorate([ +_Bundles = __decorate([ defaultPath("bundles"), getById(Bundle) ], _Bundles); @@ -5624,7 +5254,7 @@ let _Insights = class _Insights extends _GraphInstance { return SharedInsights(this); } }; -_Insights = tslib_es6_decorate([ +_Insights = __decorate([ defaultPath("insights") ], _Insights); @@ -5644,7 +5274,7 @@ const TrendingInsight = graphInvokableFactory(_TrendingInsight); */ let _TrendingInsights = class _TrendingInsights extends _GraphCollection { }; -_TrendingInsights = tslib_es6_decorate([ +_TrendingInsights = __decorate([ defaultPath("trending"), getById(TrendingInsight) ], _TrendingInsights); @@ -5665,7 +5295,7 @@ const UsedInsight = graphInvokableFactory(_UsedInsight); */ let _UsedInsights = class _UsedInsights extends _GraphCollection { }; -_UsedInsights = tslib_es6_decorate([ +_UsedInsights = __decorate([ defaultPath("used"), getById(UsedInsight) ], _UsedInsights); @@ -5686,7 +5316,7 @@ const SharedInsight = graphInvokableFactory(_SharedInsight); */ let _SharedInsights = class _SharedInsights extends _GraphCollection { }; -_SharedInsights = tslib_es6_decorate([ +_SharedInsights = __decorate([ defaultPath("shared"), getById(SharedInsight) ], _SharedInsights); @@ -5697,7 +5327,7 @@ const SharedInsights = graphInvokableFactory(_SharedInsights); */ let _Resource = class _Resource extends _GraphInstance { }; -_Resource = tslib_es6_decorate([ +_Resource = __decorate([ defaultPath("resource") ], _Resource); @@ -5739,7 +5369,7 @@ let _Invitations = class _Invitations extends _GraphCollection { return { data }; } }; -_Invitations = tslib_es6_decorate([ +_Invitations = __decorate([ defaultPath("invitations") ], _Invitations); @@ -5841,7 +5471,7 @@ let _MailFolder = class _MailFolder extends _GraphInstance { return await graphPost(MailFolder(this, "move"), body({ destinationId: destinationFolderId })); } }; -_MailFolder = tslib_es6_decorate([ +_MailFolder = __decorate([ updateable(), deleteable() ], _MailFolder); @@ -5857,7 +5487,7 @@ let _MailFolders = class _MailFolders extends _GraphCollection { return q; } }; -_MailFolders = tslib_es6_decorate([ +_MailFolders = __decorate([ defaultPath("mailFolders"), getById(MailFolder), addable(), @@ -5886,7 +5516,7 @@ const Outlook = graphInvokableFactory(_Outlook); */ let _OutlookCategory = class _OutlookCategory extends _GraphInstance { }; -_OutlookCategory = tslib_es6_decorate([ +_OutlookCategory = __decorate([ deleteable(), updateable() ], _OutlookCategory); @@ -5897,7 +5527,7 @@ const OutlookCategory = graphInvokableFactory(_OutlookCategory); */ let _MasterCategories = class _MasterCategories extends _GraphCollection { }; -_MasterCategories = tslib_es6_decorate([ +_MasterCategories = __decorate([ defaultPath("masterCategories"), getById(OutlookCategory), addable() @@ -5971,7 +5601,7 @@ let _MailboxSettings = class _MailboxSettings extends _GraphInstance { return graphGet(GraphQueryable(this, "userPurpose")); } }; -_MailboxSettings = tslib_es6_decorate([ +_MailboxSettings = __decorate([ defaultPath("mailboxSettings"), updateable() ], _MailboxSettings); @@ -5982,7 +5612,7 @@ const MailboxSettings = graphInvokableFactory(_MailboxSettings); */ let _FocusedInboxOverride = class _FocusedInboxOverride extends _GraphInstance { }; -_FocusedInboxOverride = tslib_es6_decorate([ +_FocusedInboxOverride = __decorate([ defaultPath("inferenceClassification/overrides"), updateable(), deleteable() @@ -5994,7 +5624,7 @@ const FocusedInboxOverride = graphInvokableFactory(_FocusedInboxOverride); */ let _FocusedInboxOverrides = class _FocusedInboxOverrides extends _GraphCollection { }; -_FocusedInboxOverrides = tslib_es6_decorate([ +_FocusedInboxOverrides = __decorate([ defaultPath("inferenceClassification/overrides"), getById(FocusedInboxOverride), addable() @@ -6065,7 +5695,7 @@ let _Members = class _Members extends _GraphCollection { return graphPost(Members(this, "$ref"), body({ "@odata.id": id })); } }; -_Members = tslib_es6_decorate([ +_Members = __decorate([ defaultPath("members"), getById(Member) ], _Members); @@ -6108,7 +5738,7 @@ let _OneNote = class _OneNote extends _GraphInstance { return SectionGroups(this); } }; -_OneNote = tslib_es6_decorate([ +_OneNote = __decorate([ defaultPath("onenote") ], _OneNote); @@ -6154,7 +5784,7 @@ let _Notebooks = class _Notebooks extends _GraphCollection { return graphGet(GraphQueryable(this, `getRecentNotebooks(includePersonalNotebooks=${includePersonalNotebooks})`)); } }; -_Notebooks = tslib_es6_decorate([ +_Notebooks = __decorate([ defaultPath("notebooks"), getById(Notebook) ], _Notebooks); @@ -6197,7 +5827,7 @@ let _Sections = class _Sections extends _GraphCollection { return graphPost(this, body({ displayName })); } }; -_Sections = tslib_es6_decorate([ +_Sections = __decorate([ defaultPath("sections"), getById(Section) ], _Sections); @@ -6228,7 +5858,7 @@ let _SectionGroups = class _SectionGroups extends _GraphCollection { return Sections(this); } }; -_SectionGroups = tslib_es6_decorate([ +_SectionGroups = __decorate([ defaultPath("sectiongroups"), getById(SectionGroup) ], _SectionGroups); @@ -6262,7 +5892,7 @@ let _Page = class _Page extends _GraphInstance { return graphPatch(GraphQueryable(this, "content"), body(props)); } }; -_Page = tslib_es6_decorate([ +_Page = __decorate([ deleteable() ], _Page); @@ -6285,7 +5915,7 @@ let _Pages = class _Pages extends _GraphCollection { return graphPost(q, { body: html }); } }; -_Pages = tslib_es6_decorate([ +_Pages = __decorate([ defaultPath("pages"), getById(Page) ], _Pages); @@ -6305,7 +5935,7 @@ let _Resources = class _Resources extends _GraphInstance { return GraphQueryable(this, `${id}/content`).using(BlobParse()); } }; -_Resources = tslib_es6_decorate([ +_Resources = __decorate([ defaultPath("resources") ], _Resources); @@ -6344,7 +5974,7 @@ addProp(_Site, "onenote", OneNote); */ let _Operations = class _Operations extends _GraphCollection { }; -_Operations = tslib_es6_decorate([ +_Operations = __decorate([ defaultPath("operations") ], _Operations); @@ -6376,7 +6006,7 @@ addProp(_List, "operations", Operations); */ let _Permission = class _Permission extends _GraphInstance { }; -_Permission = tslib_es6_decorate([ +_Permission = __decorate([ deleteable(), updateable() ], _Permission); @@ -6387,7 +6017,7 @@ const Permission = graphInvokableFactory(_Permission); */ let _Permissions = class _Permissions extends _GraphCollection { }; -_Permissions = tslib_es6_decorate([ +_Permissions = __decorate([ defaultPath("permissions"), getById(Permission) ], _Permissions); @@ -6451,7 +6081,7 @@ let _Photo = class _Photo extends _GraphInstance { return graphPatch(Photo(this, "$value"), { body: content }); } }; -_Photo = tslib_es6_decorate([ +_Photo = __decorate([ defaultPath("photo") ], _Photo); @@ -6464,7 +6094,7 @@ let _Photos = class _Photos extends _GraphCollection { return Photo(this, `/${size}`); } }; -_Photos = tslib_es6_decorate([ +_Photos = __decorate([ defaultPath("photos") ], _Photos); @@ -6556,7 +6186,7 @@ let _Team = class _Team extends _GraphInstance { return GraphInstance(this, `operations/${id}`)(); } }; -_Team = tslib_es6_decorate([ +_Team = __decorate([ defaultPath("team"), updateable() ], _Team); @@ -6581,7 +6211,7 @@ let _Teams = class _Teams extends _GraphCollection { return result; } }; -_Teams = tslib_es6_decorate([ +_Teams = __decorate([ defaultPath("teams"), getById(Team) ], _Teams); @@ -6621,7 +6251,7 @@ let _Channels = class _Channels extends _GraphCollection { }; } }; -_Channels = tslib_es6_decorate([ +_Channels = __decorate([ defaultPath("channels"), getById(Channel) ], _Channels); @@ -6650,7 +6280,7 @@ let types_Messages = class _Messages extends _GraphCollection { }; } }; -types_Messages = tslib_es6_decorate([ +types_Messages = __decorate([ defaultPath("messages"), getById(teams_types_Message) ], types_Messages); @@ -6661,7 +6291,7 @@ const teams_types_Messages = graphInvokableFactory(types_Messages); */ let _Tab = class _Tab extends _GraphInstance { }; -_Tab = tslib_es6_decorate([ +_Tab = __decorate([ defaultPath("tab"), updateable(), deleteable() @@ -6691,7 +6321,7 @@ let _Tabs = class _Tabs extends _GraphCollection { }; } }; -_Tabs = tslib_es6_decorate([ +_Tabs = __decorate([ defaultPath("tabs"), getById(Tab) ], _Tabs); @@ -6705,7 +6335,7 @@ let _InstalledApp = class _InstalledApp extends _GraphInstance { return graphPost(InstalledApp(this, "upgrade")); } }; -_InstalledApp = tslib_es6_decorate([ +_InstalledApp = __decorate([ deleteable() ], _InstalledApp); @@ -6728,7 +6358,7 @@ let _InstalledApps = class _InstalledApps extends _GraphCollection { }; } }; -_InstalledApps = tslib_es6_decorate([ +_InstalledApps = __decorate([ defaultPath("installedApps"), getById(InstalledApp) ], _InstalledApps); @@ -6756,7 +6386,7 @@ addProp(_Team, "photo", Photo); */ let _Place = class _Place extends _GraphInstance { }; -_Place = tslib_es6_decorate([ +_Place = __decorate([ updateable() ], _Place); @@ -6778,7 +6408,7 @@ let _Places = class _Places extends _GraphInstance { return RoomLists(this); } }; -_Places = tslib_es6_decorate([ +_Places = __decorate([ defaultPath("places"), getById(Place) ], _Places); @@ -6801,7 +6431,7 @@ const RoomList = graphInvokableFactory(_RoomList); */ let _RoomLists = class _RoomLists extends _GraphCollection { }; -_RoomLists = tslib_es6_decorate([ +_RoomLists = __decorate([ defaultPath("microsoft.graph.roomList"), getById(RoomList) ], _RoomLists); @@ -6818,7 +6448,7 @@ const Room = graphInvokableFactory(_Room); */ let _Rooms = class _Rooms extends _GraphCollection { }; -_Rooms = tslib_es6_decorate([ +_Rooms = __decorate([ defaultPath("microsoft.graph.room"), getById(Room) ], _Rooms); @@ -6859,7 +6489,7 @@ let _Planner = class _Planner extends _GraphInstance { return Buckets(this); } }; -_Planner = tslib_es6_decorate([ +_Planner = __decorate([ defaultPath("planner") ], _Planner); @@ -6869,7 +6499,7 @@ const Planner = graphInvokableFactory(_Planner); */ let _PlanDetails = class _PlanDetails extends _GraphInstance { }; -_PlanDetails = tslib_es6_decorate([ +_PlanDetails = __decorate([ defaultPath("details"), updateableWithETag() ], _PlanDetails); @@ -6889,7 +6519,7 @@ let _Plan = class _Plan extends _GraphInstance { return PlanDetails(this); } }; -_Plan = tslib_es6_decorate([ +_Plan = __decorate([ updateableWithETag(), deleteableWithETag() ], _Plan); @@ -6897,7 +6527,7 @@ _Plan = tslib_es6_decorate([ const Plan = graphInvokableFactory(_Plan); let _Plans = class _Plans extends _GraphCollection { }; -_Plans = tslib_es6_decorate([ +_Plans = __decorate([ defaultPath("plans"), getById(Plan), addable() @@ -6909,7 +6539,7 @@ const Plans = graphInvokableFactory(_Plans); */ let _TaskDetails = class _TaskDetails extends _GraphInstance { }; -_TaskDetails = tslib_es6_decorate([ +_TaskDetails = __decorate([ defaultPath("details"), updateableWithETag() ], _TaskDetails); @@ -6920,7 +6550,7 @@ const TaskDetails = graphInvokableFactory(_TaskDetails); */ let _AssignedToTaskBoardFormat = class _AssignedToTaskBoardFormat extends _GraphInstance { }; -_AssignedToTaskBoardFormat = tslib_es6_decorate([ +_AssignedToTaskBoardFormat = __decorate([ defaultPath("assignedToTaskBoardFormat"), updateableWithETag() ], _AssignedToTaskBoardFormat); @@ -6931,7 +6561,7 @@ const AssignedToTaskBoardFormat = graphInvokableFactory(_AssignedToTaskBoardForm */ let _BucketTaskBoardFormat = class _BucketTaskBoardFormat extends _GraphInstance { }; -_BucketTaskBoardFormat = tslib_es6_decorate([ +_BucketTaskBoardFormat = __decorate([ defaultPath("bucketTaskBoardFormat"), updateableWithETag() ], _BucketTaskBoardFormat); @@ -6942,7 +6572,7 @@ const BucketTaskBoardFormat = graphInvokableFactory(_BucketTaskBoardFormat); */ let _ProgressTaskBoardFormat = class _ProgressTaskBoardFormat extends _GraphInstance { }; -_ProgressTaskBoardFormat = tslib_es6_decorate([ +_ProgressTaskBoardFormat = __decorate([ defaultPath("progressTaskBoardFormat"), updateableWithETag() ], _ProgressTaskBoardFormat); @@ -6965,7 +6595,7 @@ let _Task = class _Task extends _GraphInstance { return ProgressTaskBoardFormat(this); } }; -_Task = tslib_es6_decorate([ +_Task = __decorate([ updateableWithETag(), deleteableWithETag() ], _Task); @@ -6976,7 +6606,7 @@ const Task = graphInvokableFactory(_Task); */ let _Tasks = class _Tasks extends _GraphCollection { }; -_Tasks = tslib_es6_decorate([ +_Tasks = __decorate([ defaultPath("tasks"), getById(Task), addable() @@ -6991,7 +6621,7 @@ let _Bucket = class _Bucket extends _GraphInstance { return Tasks(this); } }; -_Bucket = tslib_es6_decorate([ +_Bucket = __decorate([ updateableWithETag(), deleteableWithETag() ], _Bucket); @@ -7002,7 +6632,7 @@ const Bucket = graphInvokableFactory(_Bucket); */ let _Buckets = class _Buckets extends _GraphCollection { }; -_Buckets = tslib_es6_decorate([ +_Buckets = __decorate([ defaultPath("buckets"), getById(Bucket), addable() @@ -7049,7 +6679,7 @@ let _Search = class _Search extends _GraphInstance { return graphPost(Search(this, "query"), body(request)); } }; -_Search = tslib_es6_decorate([ +_Search = __decorate([ defaultPath("search") ], _Search); @@ -7114,7 +6744,7 @@ let _Shares = class _Shares extends _GraphCollection { return graphPost(q, body(shareLinkAccess)); } }; -_Shares = tslib_es6_decorate([ +_Shares = __decorate([ defaultPath("shares"), getById(Share) ], _Shares); @@ -7183,7 +6813,7 @@ Reflect.defineProperty(GraphFI.prototype, "sites", { */ let _Subscription = class _Subscription extends _GraphInstance { }; -_Subscription = tslib_es6_decorate([ +_Subscription = __decorate([ deleteable(), updateable() ], _Subscription); @@ -7218,7 +6848,7 @@ let _Subscriptions = class _Subscriptions extends _GraphCollection { }; } }; -_Subscriptions = tslib_es6_decorate([ +_Subscriptions = __decorate([ defaultPath("subscriptions"), getById(Subscription) ], _Subscriptions); @@ -7259,7 +6889,7 @@ let _TermStore = class _TermStore extends _GraphInstance { return TermSets(this); } }; -_TermStore = tslib_es6_decorate([ +_TermStore = __decorate([ defaultPath("termstore"), updateable() ], _TermStore); @@ -7273,14 +6903,14 @@ let _TermGroup = class _TermGroup extends _GraphInstance { return TermSets(this, "sets"); } }; -_TermGroup = tslib_es6_decorate([ +_TermGroup = __decorate([ deleteable() ], _TermGroup); const TermGroup = graphInvokableFactory(_TermGroup); let _TermGroups = class _TermGroups extends _GraphCollection { }; -_TermGroups = tslib_es6_decorate([ +_TermGroups = __decorate([ defaultPath("groups"), getById(TermGroup), addable() @@ -7332,7 +6962,7 @@ let _TermSet = class _TermSet extends _GraphInstance { return tree; } }; -_TermSet = tslib_es6_decorate([ +_TermSet = __decorate([ deleteable(), updateable() ], _TermSet); @@ -7340,7 +6970,7 @@ _TermSet = tslib_es6_decorate([ const TermSet = graphInvokableFactory(_TermSet); let _TermSets = class _TermSets extends _GraphCollection { }; -_TermSets = tslib_es6_decorate([ +_TermSets = __decorate([ defaultPath("sets"), getById(TermSet), addable() @@ -7349,7 +6979,7 @@ _TermSets = tslib_es6_decorate([ const TermSets = graphInvokableFactory(_TermSets); let _Children = class _Children extends _GraphCollection { }; -_Children = tslib_es6_decorate([ +_Children = __decorate([ defaultPath("children"), addable() ], _Children); @@ -7366,7 +6996,7 @@ let _Term = class _Term extends _GraphInstance { return TermSet(this, "set"); } }; -_Term = tslib_es6_decorate([ +_Term = __decorate([ updateable(), deleteable() ], _Term); @@ -7374,7 +7004,7 @@ _Term = tslib_es6_decorate([ const Term = graphInvokableFactory(_Term); let _Terms = class _Terms extends _GraphCollection { }; -_Terms = tslib_es6_decorate([ +_Terms = __decorate([ defaultPath("terms"), getById(Term) ], _Terms); @@ -7382,7 +7012,7 @@ _Terms = tslib_es6_decorate([ const Terms = graphInvokableFactory(_Terms); let _Relations = class _Relations extends _GraphCollection { }; -_Relations = tslib_es6_decorate([ +_Relations = __decorate([ defaultPath("relations"), addable() ], _Relations); @@ -7437,7 +7067,7 @@ let _Todo = class _Todo extends _GraphInstance { return TaskLists(this); } }; -_Todo = tslib_es6_decorate([ +_Todo = __decorate([ defaultPath("todo") ], _Todo); @@ -7450,7 +7080,7 @@ let _TaskList = class _TaskList extends _GraphInstance { return TodoTasks(this); } }; -_TaskList = tslib_es6_decorate([ +_TaskList = __decorate([ deleteable(), updateable() ], _TaskList); @@ -7461,7 +7091,7 @@ const TaskList = graphInvokableFactory(_TaskList); */ let _TaskLists = class _TaskLists extends _GraphCollection { }; -_TaskLists = tslib_es6_decorate([ +_TaskLists = __decorate([ defaultPath("lists"), getById(TaskList), addable(), @@ -7483,7 +7113,7 @@ let _TodoTask = class _TodoTask extends _GraphInstance { return LinkedResources(this); } }; -_TodoTask = tslib_es6_decorate([ +_TodoTask = __decorate([ deleteable(), updateable() ], _TodoTask); @@ -7494,7 +7124,7 @@ const TodoTask = graphInvokableFactory(_TodoTask); */ let _TodoTasks = class _TodoTasks extends _GraphCollection { }; -_TodoTasks = tslib_es6_decorate([ +_TodoTasks = __decorate([ defaultPath("tasks"), getById(TodoTask), addable(), @@ -7510,7 +7140,7 @@ let _TodoAttachment = class _TodoAttachment extends _GraphInstance { return TodoAttachments(this); } }; -_TodoAttachment = tslib_es6_decorate([ +_TodoAttachment = __decorate([ deleteable() ], _TodoAttachment); @@ -7527,7 +7157,7 @@ let _TodoAttachments = class _TodoAttachments extends _GraphCollection { return graphPost(this, body(postBody)); } }; -_TodoAttachments = tslib_es6_decorate([ +_TodoAttachments = __decorate([ defaultPath("attachments"), getById(TodoAttachment) ], _TodoAttachments); @@ -7538,7 +7168,7 @@ const TodoAttachments = graphInvokableFactory(_TodoAttachments); */ let _ChecklistItem = class _ChecklistItem extends _GraphInstance { }; -_ChecklistItem = tslib_es6_decorate([ +_ChecklistItem = __decorate([ deleteable(), updateable() ], _ChecklistItem); @@ -7549,7 +7179,7 @@ const ChecklistItem = graphInvokableFactory(_ChecklistItem); */ let _ChecklistItems = class _ChecklistItems extends _GraphCollection { }; -_ChecklistItems = tslib_es6_decorate([ +_ChecklistItems = __decorate([ defaultPath("checklistItems"), getById(ChecklistItem), addable() @@ -7561,7 +7191,7 @@ const ChecklistItems = graphInvokableFactory(_ChecklistItems); */ let _LinkedResource = class _LinkedResource extends _GraphInstance { }; -_LinkedResource = tslib_es6_decorate([ +_LinkedResource = __decorate([ deleteable(), updateable() ], _LinkedResource); @@ -7572,7 +7202,7 @@ const LinkedResource = graphInvokableFactory(_LinkedResource); */ let _LinkedResources = class _LinkedResources extends _GraphCollection { }; -_LinkedResources = tslib_es6_decorate([ +_LinkedResources = __decorate([ defaultPath("linkedResources"), getById(LinkedResource), addable() diff --git a/public/bundles/msaljsclient.es5.umd.bundle.js b/public/bundles/msaljsclient.es5.umd.bundle.js index 6645cf17..d02f5d18 100644 --- a/public/bundles/msaljsclient.es5.umd.bundle.js +++ b/public/bundles/msaljsclient.es5.umd.bundle.js @@ -53,17548 +53,17577 @@ __webpack_require__.d(__webpack_exports__, { getMSAL: () => (/* reexport */ getMSAL) }); -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/utils/Constants.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const Constants = { - LIBRARY_NAME: "MSAL.JS", - SKU: "msal.js.common", - // Prefix for all library cache entries - CACHE_PREFIX: "msal", - // default authority - DEFAULT_AUTHORITY: "https://login.microsoftonline.com/common/", - DEFAULT_AUTHORITY_HOST: "login.microsoftonline.com", - DEFAULT_COMMON_TENANT: "common", - // ADFS String - ADFS: "adfs", - DSTS: "dstsv2", - // Default AAD Instance Discovery Endpoint - AAD_INSTANCE_DISCOVERY_ENDPT: "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=", - // CIAM URL - CIAM_AUTH_URL: ".ciamlogin.com", - AAD_TENANT_DOMAIN_SUFFIX: ".onmicrosoft.com", - // Resource delimiter - used for certain cache entries - RESOURCE_DELIM: "|", - // Placeholder for non-existent account ids/objects - NO_ACCOUNT: "NO_ACCOUNT", - // Claims - CLAIMS: "claims", - // Consumer UTID - CONSUMER_UTID: "9188040d-6c67-4c5b-b112-36a304b66dad", - // Default scopes - OPENID_SCOPE: "openid", - PROFILE_SCOPE: "profile", - OFFLINE_ACCESS_SCOPE: "offline_access", - EMAIL_SCOPE: "email", - // Default response type for authorization code flow - CODE_RESPONSE_TYPE: "code", - CODE_GRANT_TYPE: "authorization_code", - RT_GRANT_TYPE: "refresh_token", - FRAGMENT_RESPONSE_MODE: "fragment", - S256_CODE_CHALLENGE_METHOD: "S256", - URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8", - AUTHORIZATION_PENDING: "authorization_pending", - NOT_DEFINED: "not_defined", - EMPTY_STRING: "", - NOT_APPLICABLE: "N/A", - NOT_AVAILABLE: "Not Available", - FORWARD_SLASH: "/", - IMDS_ENDPOINT: "http://169.254.169.254/metadata/instance/compute/location", - IMDS_VERSION: "2020-06-01", - IMDS_TIMEOUT: 2000, - AZURE_REGION_AUTO_DISCOVER_FLAG: "TryAutoDetect", - REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: "login.microsoft.com", - KNOWN_PUBLIC_CLOUDS: [ - "login.microsoftonline.com", - "login.windows.net", - "login.microsoft.com", - "sts.windows.net", - ], - TOKEN_RESPONSE_TYPE: "token", - ID_TOKEN_RESPONSE_TYPE: "id_token", - SHR_NONCE_VALIDITY: 240, - INVALID_INSTANCE: "invalid_instance", -}; -const HttpStatus = { - SUCCESS: 200, - SUCCESS_RANGE_START: 200, - SUCCESS_RANGE_END: 299, - REDIRECT: 302, - CLIENT_ERROR: 400, - CLIENT_ERROR_RANGE_START: 400, - BAD_REQUEST: 400, - UNAUTHORIZED: 401, - NOT_FOUND: 404, - REQUEST_TIMEOUT: 408, - TOO_MANY_REQUESTS: 429, - CLIENT_ERROR_RANGE_END: 499, - SERVER_ERROR: 500, - SERVER_ERROR_RANGE_START: 500, - SERVICE_UNAVAILABLE: 503, - GATEWAY_TIMEOUT: 504, - SERVER_ERROR_RANGE_END: 599, - MULTI_SIDED_ERROR: 600, -}; -const OIDC_DEFAULT_SCOPES = [ - Constants.OPENID_SCOPE, - Constants.PROFILE_SCOPE, - Constants.OFFLINE_ACCESS_SCOPE, -]; -const OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, Constants.EMAIL_SCOPE]; -/** - * Request header names - */ -const HeaderNames = { - CONTENT_TYPE: "Content-Type", - RETRY_AFTER: "Retry-After", - CCS_HEADER: "X-AnchorMailbox", - WWWAuthenticate: "WWW-Authenticate", - AuthenticationInfo: "Authentication-Info", - X_MS_REQUEST_ID: "x-ms-request-id", - X_MS_HTTP_VERSION: "x-ms-httpver", -}; -/** - * Persistent cache keys MSAL which stay while user is logged in. - */ -const PersistentCacheKeys = { - ID_TOKEN: "idtoken", - CLIENT_INFO: "client.info", - ADAL_ID_TOKEN: "adal.idtoken", - ERROR: "error", - ERROR_DESC: "error.description", - ACTIVE_ACCOUNT: "active-account", - ACTIVE_ACCOUNT_FILTERS: "active-account-filters", // new cache entry for active_account for a more robust version for browser -}; -/** - * String constants related to AAD Authority - */ -const AADAuthorityConstants = { - COMMON: "common", - ORGANIZATIONS: "organizations", - CONSUMERS: "consumers", -}; -/** - * Claims request keys - */ -const ClaimsRequestKeys = { - ACCESS_TOKEN: "access_token", - XMS_CC: "xms_cc", -}; -/** - * we considered making this "enum" in the request instead of string, however it looks like the allowed list of - * prompt values kept changing over past couple of years. There are some undocumented prompt values for some - * internal partners too, hence the choice of generic "string" type instead of the "enum" - */ -const PromptValue = { - LOGIN: "login", - SELECT_ACCOUNT: "select_account", - CONSENT: "consent", - NONE: "none", - CREATE: "create", - NO_SESSION: "no_session", -}; -/** - * allowed values for codeVerifier - */ -const CodeChallengeMethodValues = { - PLAIN: "plain", - S256: "S256", -}; -/** - * allowed values for server response type - */ -const ServerResponseType = { - QUERY: "query", - FRAGMENT: "fragment", -}; -/** - * allowed values for response_mode - */ -const ResponseMode = { - ...ServerResponseType, - FORM_POST: "form_post", -}; -/** - * allowed grant_type - */ -const GrantType = { - IMPLICIT_GRANT: "implicit", - AUTHORIZATION_CODE_GRANT: "authorization_code", - CLIENT_CREDENTIALS_GRANT: "client_credentials", - RESOURCE_OWNER_PASSWORD_GRANT: "password", - REFRESH_TOKEN_GRANT: "refresh_token", - DEVICE_CODE_GRANT: "device_code", - JWT_BEARER: "urn:ietf:params:oauth:grant-type:jwt-bearer", -}; -/** - * Account types in Cache - */ -const CacheAccountType = { - MSSTS_ACCOUNT_TYPE: "MSSTS", - ADFS_ACCOUNT_TYPE: "ADFS", - MSAV1_ACCOUNT_TYPE: "MSA", - GENERIC_ACCOUNT_TYPE: "Generic", // NTLM, Kerberos, FBA, Basic etc -}; -/** - * Separators used in cache - */ -const Separators = { - CACHE_KEY_SEPARATOR: "-", - CLIENT_INFO_SEPARATOR: ".", -}; -/** - * Credential Type stored in the cache - */ -const CredentialType = { - ID_TOKEN: "IdToken", - ACCESS_TOKEN: "AccessToken", - ACCESS_TOKEN_WITH_AUTH_SCHEME: "AccessToken_With_AuthScheme", - REFRESH_TOKEN: "RefreshToken", -}; -/** - * Combine all cache types - */ -const CacheType = { - ADFS: 1001, - MSA: 1002, - MSSTS: 1003, - GENERIC: 1004, - ACCESS_TOKEN: 2001, - REFRESH_TOKEN: 2002, - ID_TOKEN: 2003, - APP_METADATA: 3001, - UNDEFINED: 9999, -}; -/** - * More Cache related constants - */ -const APP_METADATA = "appmetadata"; -const CLIENT_INFO = "client_info"; -const THE_FAMILY_ID = "1"; -const AUTHORITY_METADATA_CONSTANTS = { - CACHE_KEY: "authority-metadata", - REFRESH_TIME_SECONDS: 3600 * 24, // 24 Hours -}; -const AuthorityMetadataSource = { - CONFIG: "config", - CACHE: "cache", - NETWORK: "network", - HARDCODED_VALUES: "hardcoded_values", -}; -const SERVER_TELEM_CONSTANTS = { - SCHEMA_VERSION: 5, - MAX_CUR_HEADER_BYTES: 80, - MAX_LAST_HEADER_BYTES: 330, - MAX_CACHED_ERRORS: 50, - CACHE_KEY: "server-telemetry", - CATEGORY_SEPARATOR: "|", - VALUE_SEPARATOR: ",", - OVERFLOW_TRUE: "1", - OVERFLOW_FALSE: "0", - UNKNOWN_ERROR: "unknown_error", -}; -/** - * Type of the authentication request - */ -const AuthenticationScheme = { - BEARER: "Bearer", - POP: "pop", - SSH: "ssh-cert", -}; -/** - * Constants related to throttling - */ -const ThrottlingConstants = { - // Default time to throttle RequestThumbprint in seconds - DEFAULT_THROTTLE_TIME_SECONDS: 60, - // Default maximum time to throttle in seconds, overrides what the server sends back - DEFAULT_MAX_THROTTLE_TIME_SECONDS: 3600, - // Prefix for storing throttling entries - THROTTLING_PREFIX: "throttling", - // Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling - X_MS_LIB_CAPABILITY_VALUE: "retry-after, h429", -}; -const Errors = { - INVALID_GRANT_ERROR: "invalid_grant", - CLIENT_MISMATCH_ERROR: "client_mismatch", -}; -/** - * Password grant parameters - */ -const PasswordGrantConstants = { - username: "username", - password: "password", -}; -/** - * Response codes - */ -const ResponseCodes = { - httpSuccess: 200, - httpBadRequest: 400, -}; -/** - * Region Discovery Sources - */ -const RegionDiscoverySources = { - FAILED_AUTO_DETECTION: "1", - INTERNAL_CACHE: "2", - ENVIRONMENT_VARIABLE: "3", - IMDS: "4", -}; -/** - * Region Discovery Outcomes - */ -const RegionDiscoveryOutcomes = { - CONFIGURED_MATCHES_DETECTED: "1", - CONFIGURED_NO_AUTO_DETECTION: "2", - CONFIGURED_NOT_DETECTED: "3", - AUTO_DETECTION_REQUESTED_SUCCESSFUL: "4", - AUTO_DETECTION_REQUESTED_FAILED: "5", -}; -/** - * Specifies the reason for fetching the access token from the identity provider - */ -const CacheOutcome = { - // When a token is found in the cache or the cache is not supposed to be hit when making the request - NOT_APPLICABLE: "0", - // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested - FORCE_REFRESH_OR_CLAIMS: "1", - // When the token request goes to the identity provider because no cached access token exists - NO_CACHED_ACCESS_TOKEN: "2", - // When the token request goes to the identity provider because cached access token expired - CACHED_ACCESS_TOKEN_EXPIRED: "3", - // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed - PROACTIVELY_REFRESHED: "4", -}; -const JsonWebTokenTypes = { - Jwt: "JWT", - Jwk: "JWK", - Pop: "pop", -}; -const ONE_DAY_IN_MS = 86400000; -// Token renewal offset default in seconds +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/utils/Constants.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const Constants = { + LIBRARY_NAME: "MSAL.JS", + SKU: "msal.js.common", + // Prefix for all library cache entries + CACHE_PREFIX: "msal", + // default authority + DEFAULT_AUTHORITY: "https://login.microsoftonline.com/common/", + DEFAULT_AUTHORITY_HOST: "login.microsoftonline.com", + DEFAULT_COMMON_TENANT: "common", + // ADFS String + ADFS: "adfs", + DSTS: "dstsv2", + // Default AAD Instance Discovery Endpoint + AAD_INSTANCE_DISCOVERY_ENDPT: "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=", + // CIAM URL + CIAM_AUTH_URL: ".ciamlogin.com", + AAD_TENANT_DOMAIN_SUFFIX: ".onmicrosoft.com", + // Resource delimiter - used for certain cache entries + RESOURCE_DELIM: "|", + // Placeholder for non-existent account ids/objects + NO_ACCOUNT: "NO_ACCOUNT", + // Claims + CLAIMS: "claims", + // Consumer UTID + CONSUMER_UTID: "9188040d-6c67-4c5b-b112-36a304b66dad", + // Default scopes + OPENID_SCOPE: "openid", + PROFILE_SCOPE: "profile", + OFFLINE_ACCESS_SCOPE: "offline_access", + EMAIL_SCOPE: "email", + // Default response type for authorization code flow + CODE_RESPONSE_TYPE: "code", + CODE_GRANT_TYPE: "authorization_code", + RT_GRANT_TYPE: "refresh_token", + FRAGMENT_RESPONSE_MODE: "fragment", + S256_CODE_CHALLENGE_METHOD: "S256", + URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8", + AUTHORIZATION_PENDING: "authorization_pending", + NOT_DEFINED: "not_defined", + EMPTY_STRING: "", + NOT_APPLICABLE: "N/A", + NOT_AVAILABLE: "Not Available", + FORWARD_SLASH: "/", + IMDS_ENDPOINT: "http://169.254.169.254/metadata/instance/compute/location", + IMDS_VERSION: "2020-06-01", + IMDS_TIMEOUT: 2000, + AZURE_REGION_AUTO_DISCOVER_FLAG: "TryAutoDetect", + REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: "login.microsoft.com", + KNOWN_PUBLIC_CLOUDS: [ + "login.microsoftonline.com", + "login.windows.net", + "login.microsoft.com", + "sts.windows.net", + ], + TOKEN_RESPONSE_TYPE: "token", + ID_TOKEN_RESPONSE_TYPE: "id_token", + SHR_NONCE_VALIDITY: 240, + INVALID_INSTANCE: "invalid_instance", +}; +const HttpStatus = { + SUCCESS: 200, + SUCCESS_RANGE_START: 200, + SUCCESS_RANGE_END: 299, + REDIRECT: 302, + CLIENT_ERROR: 400, + CLIENT_ERROR_RANGE_START: 400, + BAD_REQUEST: 400, + UNAUTHORIZED: 401, + NOT_FOUND: 404, + REQUEST_TIMEOUT: 408, + TOO_MANY_REQUESTS: 429, + CLIENT_ERROR_RANGE_END: 499, + SERVER_ERROR: 500, + SERVER_ERROR_RANGE_START: 500, + SERVICE_UNAVAILABLE: 503, + GATEWAY_TIMEOUT: 504, + SERVER_ERROR_RANGE_END: 599, + MULTI_SIDED_ERROR: 600, +}; +const OIDC_DEFAULT_SCOPES = [ + Constants.OPENID_SCOPE, + Constants.PROFILE_SCOPE, + Constants.OFFLINE_ACCESS_SCOPE, +]; +const OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, Constants.EMAIL_SCOPE]; +/** + * Request header names + */ +const HeaderNames = { + CONTENT_TYPE: "Content-Type", + RETRY_AFTER: "Retry-After", + CCS_HEADER: "X-AnchorMailbox", + WWWAuthenticate: "WWW-Authenticate", + AuthenticationInfo: "Authentication-Info", + X_MS_REQUEST_ID: "x-ms-request-id", + X_MS_HTTP_VERSION: "x-ms-httpver", +}; +/** + * Persistent cache keys MSAL which stay while user is logged in. + */ +const PersistentCacheKeys = { + ID_TOKEN: "idtoken", + CLIENT_INFO: "client.info", + ADAL_ID_TOKEN: "adal.idtoken", + ERROR: "error", + ERROR_DESC: "error.description", + ACTIVE_ACCOUNT: "active-account", + ACTIVE_ACCOUNT_FILTERS: "active-account-filters", // new cache entry for active_account for a more robust version for browser +}; +/** + * String constants related to AAD Authority + */ +const AADAuthorityConstants = { + COMMON: "common", + ORGANIZATIONS: "organizations", + CONSUMERS: "consumers", +}; +/** + * Claims request keys + */ +const ClaimsRequestKeys = { + ACCESS_TOKEN: "access_token", + XMS_CC: "xms_cc", +}; +/** + * we considered making this "enum" in the request instead of string, however it looks like the allowed list of + * prompt values kept changing over past couple of years. There are some undocumented prompt values for some + * internal partners too, hence the choice of generic "string" type instead of the "enum" + */ +const PromptValue = { + LOGIN: "login", + SELECT_ACCOUNT: "select_account", + CONSENT: "consent", + NONE: "none", + CREATE: "create", + NO_SESSION: "no_session", +}; +/** + * allowed values for codeVerifier + */ +const CodeChallengeMethodValues = { + PLAIN: "plain", + S256: "S256", +}; +/** + * allowed values for server response type + */ +const ServerResponseType = { + QUERY: "query", + FRAGMENT: "fragment", +}; +/** + * allowed values for response_mode + */ +const ResponseMode = { + ...ServerResponseType, + FORM_POST: "form_post", +}; +/** + * allowed grant_type + */ +const GrantType = { + IMPLICIT_GRANT: "implicit", + AUTHORIZATION_CODE_GRANT: "authorization_code", + CLIENT_CREDENTIALS_GRANT: "client_credentials", + RESOURCE_OWNER_PASSWORD_GRANT: "password", + REFRESH_TOKEN_GRANT: "refresh_token", + DEVICE_CODE_GRANT: "device_code", + JWT_BEARER: "urn:ietf:params:oauth:grant-type:jwt-bearer", +}; +/** + * Account types in Cache + */ +const CacheAccountType = { + MSSTS_ACCOUNT_TYPE: "MSSTS", + ADFS_ACCOUNT_TYPE: "ADFS", + MSAV1_ACCOUNT_TYPE: "MSA", + GENERIC_ACCOUNT_TYPE: "Generic", // NTLM, Kerberos, FBA, Basic etc +}; +/** + * Separators used in cache + */ +const Separators = { + CACHE_KEY_SEPARATOR: "-", + CLIENT_INFO_SEPARATOR: ".", +}; +/** + * Credential Type stored in the cache + */ +const CredentialType = { + ID_TOKEN: "IdToken", + ACCESS_TOKEN: "AccessToken", + ACCESS_TOKEN_WITH_AUTH_SCHEME: "AccessToken_With_AuthScheme", + REFRESH_TOKEN: "RefreshToken", +}; +/** + * Combine all cache types + */ +const CacheType = { + ADFS: 1001, + MSA: 1002, + MSSTS: 1003, + GENERIC: 1004, + ACCESS_TOKEN: 2001, + REFRESH_TOKEN: 2002, + ID_TOKEN: 2003, + APP_METADATA: 3001, + UNDEFINED: 9999, +}; +/** + * More Cache related constants + */ +const APP_METADATA = "appmetadata"; +const CLIENT_INFO = "client_info"; +const THE_FAMILY_ID = "1"; +const AUTHORITY_METADATA_CONSTANTS = { + CACHE_KEY: "authority-metadata", + REFRESH_TIME_SECONDS: 3600 * 24, // 24 Hours +}; +const AuthorityMetadataSource = { + CONFIG: "config", + CACHE: "cache", + NETWORK: "network", + HARDCODED_VALUES: "hardcoded_values", +}; +const SERVER_TELEM_CONSTANTS = { + SCHEMA_VERSION: 5, + MAX_CUR_HEADER_BYTES: 80, + MAX_LAST_HEADER_BYTES: 330, + MAX_CACHED_ERRORS: 50, + CACHE_KEY: "server-telemetry", + CATEGORY_SEPARATOR: "|", + VALUE_SEPARATOR: ",", + OVERFLOW_TRUE: "1", + OVERFLOW_FALSE: "0", + UNKNOWN_ERROR: "unknown_error", +}; +/** + * Type of the authentication request + */ +const AuthenticationScheme = { + BEARER: "Bearer", + POP: "pop", + SSH: "ssh-cert", +}; +/** + * Constants related to throttling + */ +const ThrottlingConstants = { + // Default time to throttle RequestThumbprint in seconds + DEFAULT_THROTTLE_TIME_SECONDS: 60, + // Default maximum time to throttle in seconds, overrides what the server sends back + DEFAULT_MAX_THROTTLE_TIME_SECONDS: 3600, + // Prefix for storing throttling entries + THROTTLING_PREFIX: "throttling", + // Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling + X_MS_LIB_CAPABILITY_VALUE: "retry-after, h429", +}; +const Errors = { + INVALID_GRANT_ERROR: "invalid_grant", + CLIENT_MISMATCH_ERROR: "client_mismatch", +}; +/** + * Password grant parameters + */ +const PasswordGrantConstants = { + username: "username", + password: "password", +}; +/** + * Response codes + */ +const ResponseCodes = { + httpSuccess: 200, + httpBadRequest: 400, +}; +/** + * Region Discovery Sources + */ +const RegionDiscoverySources = { + FAILED_AUTO_DETECTION: "1", + INTERNAL_CACHE: "2", + ENVIRONMENT_VARIABLE: "3", + IMDS: "4", +}; +/** + * Region Discovery Outcomes + */ +const RegionDiscoveryOutcomes = { + CONFIGURED_MATCHES_DETECTED: "1", + CONFIGURED_NO_AUTO_DETECTION: "2", + CONFIGURED_NOT_DETECTED: "3", + AUTO_DETECTION_REQUESTED_SUCCESSFUL: "4", + AUTO_DETECTION_REQUESTED_FAILED: "5", +}; +/** + * Specifies the reason for fetching the access token from the identity provider + */ +const CacheOutcome = { + // When a token is found in the cache or the cache is not supposed to be hit when making the request + NOT_APPLICABLE: "0", + // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested + FORCE_REFRESH_OR_CLAIMS: "1", + // When the token request goes to the identity provider because no cached access token exists + NO_CACHED_ACCESS_TOKEN: "2", + // When the token request goes to the identity provider because cached access token expired + CACHED_ACCESS_TOKEN_EXPIRED: "3", + // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed + PROACTIVELY_REFRESHED: "4", +}; +const JsonWebTokenTypes = { + Jwt: "JWT", + Jwk: "JWK", + Pop: "pop", +}; +const ONE_DAY_IN_MS = 86400000; +// Token renewal offset default in seconds const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300; //# sourceMappingURL=Constants.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/logger/Logger.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Log message level. - */ -var LogLevel; -(function (LogLevel) { - LogLevel[LogLevel["Error"] = 0] = "Error"; - LogLevel[LogLevel["Warning"] = 1] = "Warning"; - LogLevel[LogLevel["Info"] = 2] = "Info"; - LogLevel[LogLevel["Verbose"] = 3] = "Verbose"; - LogLevel[LogLevel["Trace"] = 4] = "Trace"; -})(LogLevel || (LogLevel = {})); -/** - * Class which facilitates logging of messages to a specific place. - */ -class Logger { - constructor(loggerOptions, packageName, packageVersion) { - // Current log level, defaults to info. - this.level = LogLevel.Info; - const defaultLoggerCallback = () => { - return; - }; - const setLoggerOptions = loggerOptions || Logger.createDefaultLoggerOptions(); - this.localCallback = - setLoggerOptions.loggerCallback || defaultLoggerCallback; - this.piiLoggingEnabled = setLoggerOptions.piiLoggingEnabled || false; - this.level = - typeof setLoggerOptions.logLevel === "number" - ? setLoggerOptions.logLevel - : LogLevel.Info; - this.correlationId = - setLoggerOptions.correlationId || Constants.EMPTY_STRING; - this.packageName = packageName || Constants.EMPTY_STRING; - this.packageVersion = packageVersion || Constants.EMPTY_STRING; - } - static createDefaultLoggerOptions() { - return { - loggerCallback: () => { - // allow users to not set loggerCallback - }, - piiLoggingEnabled: false, - logLevel: LogLevel.Info, - }; - } - /** - * Create new Logger with existing configurations. - */ - clone(packageName, packageVersion, correlationId) { - return new Logger({ - loggerCallback: this.localCallback, - piiLoggingEnabled: this.piiLoggingEnabled, - logLevel: this.level, - correlationId: correlationId || this.correlationId, - }, packageName, packageVersion); - } - /** - * Log message with required options. - */ - logMessage(logMessage, options) { - if (options.logLevel > this.level || - (!this.piiLoggingEnabled && options.containsPii)) { - return; - } - const timestamp = new Date().toUTCString(); - // Add correlationId to logs if set, correlationId provided on log messages take precedence - const logHeader = `[${timestamp}] : [${options.correlationId || this.correlationId || ""}]`; - const log = `${logHeader} : ${this.packageName}@${this.packageVersion} : ${LogLevel[options.logLevel]} - ${logMessage}`; - // debug(`msal:${LogLevel[options.logLevel]}${options.containsPii ? "-Pii": Constants.EMPTY_STRING}${options.context ? `:${options.context}` : Constants.EMPTY_STRING}`)(logMessage); - this.executeCallback(options.logLevel, log, options.containsPii || false); - } - /** - * Execute callback with message. - */ - executeCallback(level, message, containsPii) { - if (this.localCallback) { - this.localCallback(level, message, containsPii); - } - } - /** - * Logs error messages. - */ - error(message, correlationId) { - this.logMessage(message, { - logLevel: LogLevel.Error, - containsPii: false, - correlationId: correlationId || Constants.EMPTY_STRING, - }); - } - /** - * Logs error messages with PII. - */ - errorPii(message, correlationId) { - this.logMessage(message, { - logLevel: LogLevel.Error, - containsPii: true, - correlationId: correlationId || Constants.EMPTY_STRING, - }); - } - /** - * Logs warning messages. - */ - warning(message, correlationId) { - this.logMessage(message, { - logLevel: LogLevel.Warning, - containsPii: false, - correlationId: correlationId || Constants.EMPTY_STRING, - }); - } - /** - * Logs warning messages with PII. - */ - warningPii(message, correlationId) { - this.logMessage(message, { - logLevel: LogLevel.Warning, - containsPii: true, - correlationId: correlationId || Constants.EMPTY_STRING, - }); - } - /** - * Logs info messages. - */ - info(message, correlationId) { - this.logMessage(message, { - logLevel: LogLevel.Info, - containsPii: false, - correlationId: correlationId || Constants.EMPTY_STRING, - }); - } - /** - * Logs info messages with PII. - */ - infoPii(message, correlationId) { - this.logMessage(message, { - logLevel: LogLevel.Info, - containsPii: true, - correlationId: correlationId || Constants.EMPTY_STRING, - }); - } - /** - * Logs verbose messages. - */ - verbose(message, correlationId) { - this.logMessage(message, { - logLevel: LogLevel.Verbose, - containsPii: false, - correlationId: correlationId || Constants.EMPTY_STRING, - }); - } - /** - * Logs verbose messages with PII. - */ - verbosePii(message, correlationId) { - this.logMessage(message, { - logLevel: LogLevel.Verbose, - containsPii: true, - correlationId: correlationId || Constants.EMPTY_STRING, - }); - } - /** - * Logs trace messages. - */ - trace(message, correlationId) { - this.logMessage(message, { - logLevel: LogLevel.Trace, - containsPii: false, - correlationId: correlationId || Constants.EMPTY_STRING, - }); - } - /** - * Logs trace messages with PII. - */ - tracePii(message, correlationId) { - this.logMessage(message, { - logLevel: LogLevel.Trace, - containsPii: true, - correlationId: correlationId || Constants.EMPTY_STRING, - }); - } - /** - * Returns whether PII Logging is enabled or not. - */ - isPiiLoggingEnabled() { - return this.piiLoggingEnabled || false; - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/logger/Logger.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Log message level. + */ +var LogLevel; +(function (LogLevel) { + LogLevel[LogLevel["Error"] = 0] = "Error"; + LogLevel[LogLevel["Warning"] = 1] = "Warning"; + LogLevel[LogLevel["Info"] = 2] = "Info"; + LogLevel[LogLevel["Verbose"] = 3] = "Verbose"; + LogLevel[LogLevel["Trace"] = 4] = "Trace"; +})(LogLevel || (LogLevel = {})); +/** + * Class which facilitates logging of messages to a specific place. + */ +class Logger { + constructor(loggerOptions, packageName, packageVersion) { + // Current log level, defaults to info. + this.level = LogLevel.Info; + const defaultLoggerCallback = () => { + return; + }; + const setLoggerOptions = loggerOptions || Logger.createDefaultLoggerOptions(); + this.localCallback = + setLoggerOptions.loggerCallback || defaultLoggerCallback; + this.piiLoggingEnabled = setLoggerOptions.piiLoggingEnabled || false; + this.level = + typeof setLoggerOptions.logLevel === "number" + ? setLoggerOptions.logLevel + : LogLevel.Info; + this.correlationId = + setLoggerOptions.correlationId || Constants.EMPTY_STRING; + this.packageName = packageName || Constants.EMPTY_STRING; + this.packageVersion = packageVersion || Constants.EMPTY_STRING; + } + static createDefaultLoggerOptions() { + return { + loggerCallback: () => { + // allow users to not set loggerCallback + }, + piiLoggingEnabled: false, + logLevel: LogLevel.Info, + }; + } + /** + * Create new Logger with existing configurations. + */ + clone(packageName, packageVersion, correlationId) { + return new Logger({ + loggerCallback: this.localCallback, + piiLoggingEnabled: this.piiLoggingEnabled, + logLevel: this.level, + correlationId: correlationId || this.correlationId, + }, packageName, packageVersion); + } + /** + * Log message with required options. + */ + logMessage(logMessage, options) { + if (options.logLevel > this.level || + (!this.piiLoggingEnabled && options.containsPii)) { + return; + } + const timestamp = new Date().toUTCString(); + // Add correlationId to logs if set, correlationId provided on log messages take precedence + const logHeader = `[${timestamp}] : [${options.correlationId || this.correlationId || ""}]`; + const log = `${logHeader} : ${this.packageName}@${this.packageVersion} : ${LogLevel[options.logLevel]} - ${logMessage}`; + // debug(`msal:${LogLevel[options.logLevel]}${options.containsPii ? "-Pii": Constants.EMPTY_STRING}${options.context ? `:${options.context}` : Constants.EMPTY_STRING}`)(logMessage); + this.executeCallback(options.logLevel, log, options.containsPii || false); + } + /** + * Execute callback with message. + */ + executeCallback(level, message, containsPii) { + if (this.localCallback) { + this.localCallback(level, message, containsPii); + } + } + /** + * Logs error messages. + */ + error(message, correlationId) { + this.logMessage(message, { + logLevel: LogLevel.Error, + containsPii: false, + correlationId: correlationId || Constants.EMPTY_STRING, + }); + } + /** + * Logs error messages with PII. + */ + errorPii(message, correlationId) { + this.logMessage(message, { + logLevel: LogLevel.Error, + containsPii: true, + correlationId: correlationId || Constants.EMPTY_STRING, + }); + } + /** + * Logs warning messages. + */ + warning(message, correlationId) { + this.logMessage(message, { + logLevel: LogLevel.Warning, + containsPii: false, + correlationId: correlationId || Constants.EMPTY_STRING, + }); + } + /** + * Logs warning messages with PII. + */ + warningPii(message, correlationId) { + this.logMessage(message, { + logLevel: LogLevel.Warning, + containsPii: true, + correlationId: correlationId || Constants.EMPTY_STRING, + }); + } + /** + * Logs info messages. + */ + info(message, correlationId) { + this.logMessage(message, { + logLevel: LogLevel.Info, + containsPii: false, + correlationId: correlationId || Constants.EMPTY_STRING, + }); + } + /** + * Logs info messages with PII. + */ + infoPii(message, correlationId) { + this.logMessage(message, { + logLevel: LogLevel.Info, + containsPii: true, + correlationId: correlationId || Constants.EMPTY_STRING, + }); + } + /** + * Logs verbose messages. + */ + verbose(message, correlationId) { + this.logMessage(message, { + logLevel: LogLevel.Verbose, + containsPii: false, + correlationId: correlationId || Constants.EMPTY_STRING, + }); + } + /** + * Logs verbose messages with PII. + */ + verbosePii(message, correlationId) { + this.logMessage(message, { + logLevel: LogLevel.Verbose, + containsPii: true, + correlationId: correlationId || Constants.EMPTY_STRING, + }); + } + /** + * Logs trace messages. + */ + trace(message, correlationId) { + this.logMessage(message, { + logLevel: LogLevel.Trace, + containsPii: false, + correlationId: correlationId || Constants.EMPTY_STRING, + }); + } + /** + * Logs trace messages with PII. + */ + tracePii(message, correlationId) { + this.logMessage(message, { + logLevel: LogLevel.Trace, + containsPii: true, + correlationId: correlationId || Constants.EMPTY_STRING, + }); + } + /** + * Returns whether PII Logging is enabled or not. + */ + isPiiLoggingEnabled() { + return this.piiLoggingEnabled || false; + } } //# sourceMappingURL=Logger.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/authority/ProtocolMode.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Protocol modes supported by MSAL. - */ -const ProtocolMode = { - AAD: "AAD", - OIDC: "OIDC", +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/authority/ProtocolMode.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Protocol modes supported by MSAL. + */ +const ProtocolMode = { + AAD: "AAD", + OIDC: "OIDC", }; //# sourceMappingURL=ProtocolMode.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/authority/AuthorityOptions.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const AzureCloudInstance = { - // AzureCloudInstance is not specified. - None: "none", - // Microsoft Azure public cloud - AzurePublic: "https://login.microsoftonline.com", - // Microsoft PPE - AzurePpe: "https://login.windows-ppe.net", - // Microsoft Chinese national/regional cloud - AzureChina: "https://login.chinacloudapi.cn", - // Microsoft German national/regional cloud ("Black Forest") - AzureGermany: "https://login.microsoftonline.de", - // US Government cloud - AzureUsGovernment: "https://login.microsoftonline.us", +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/authority/AuthorityOptions.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const AzureCloudInstance = { + // AzureCloudInstance is not specified. + None: "none", + // Microsoft Azure public cloud + AzurePublic: "https://login.microsoftonline.com", + // Microsoft PPE + AzurePpe: "https://login.windows-ppe.net", + // Microsoft Chinese national/regional cloud + AzureChina: "https://login.chinacloudapi.cn", + // Microsoft German national/regional cloud ("Black Forest") + AzureGermany: "https://login.microsoftonline.de", + // US Government cloud + AzureUsGovernment: "https://login.microsoftonline.us", }; //# sourceMappingURL=AuthorityOptions.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/AuthErrorCodes.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * AuthErrorMessage class containing string constants used by error codes and messages. - */ -const unexpectedError = "unexpected_error"; +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/AuthErrorCodes.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * AuthErrorMessage class containing string constants used by error codes and messages. + */ +const unexpectedError = "unexpected_error"; const postRequestFailed = "post_request_failed"; //# sourceMappingURL=AuthErrorCodes.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/AuthError.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/AuthError.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const AuthErrorMessages = { + [unexpectedError]: "Unexpected error in authentication.", + [postRequestFailed]: "Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details.", +}; +/** + * AuthErrorMessage class containing string constants used by error codes and messages. + * @deprecated Use AuthErrorCodes instead + */ +const AuthErrorMessage = { + unexpectedError: { + code: unexpectedError, + desc: AuthErrorMessages[unexpectedError], + }, + postRequestFailed: { + code: postRequestFailed, + desc: AuthErrorMessages[postRequestFailed], + }, +}; +/** + * General error class thrown by the MSAL.js library. + */ +class AuthError extends Error { + constructor(errorCode, errorMessage, suberror) { + const errorString = errorMessage + ? `${errorCode}: ${errorMessage}` + : errorCode; + super(errorString); + Object.setPrototypeOf(this, AuthError.prototype); + this.errorCode = errorCode || Constants.EMPTY_STRING; + this.errorMessage = errorMessage || Constants.EMPTY_STRING; + this.subError = suberror || Constants.EMPTY_STRING; + this.name = "AuthError"; + } + setCorrelationId(correlationId) { + this.correlationId = correlationId; + } +} +function createAuthError(code, additionalMessage) { + return new AuthError(code, additionalMessage + ? `${AuthErrorMessages[code]} ${additionalMessage}` + : AuthErrorMessages[code]); +} +//# sourceMappingURL=AuthError.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/ClientAuthErrorCodes.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const clientInfoDecodingError = "client_info_decoding_error"; +const clientInfoEmptyError = "client_info_empty_error"; +const tokenParsingError = "token_parsing_error"; +const nullOrEmptyToken = "null_or_empty_token"; +const endpointResolutionError = "endpoints_resolution_error"; +const networkError = "network_error"; +const openIdConfigError = "openid_config_error"; +const hashNotDeserialized = "hash_not_deserialized"; +const invalidState = "invalid_state"; +const stateMismatch = "state_mismatch"; +const stateNotFound = "state_not_found"; +const nonceMismatch = "nonce_mismatch"; +const authTimeNotFound = "auth_time_not_found"; +const maxAgeTranspired = "max_age_transpired"; +const multipleMatchingTokens = "multiple_matching_tokens"; +const multipleMatchingAccounts = "multiple_matching_accounts"; +const multipleMatchingAppMetadata = "multiple_matching_appMetadata"; +const requestCannotBeMade = "request_cannot_be_made"; +const cannotRemoveEmptyScope = "cannot_remove_empty_scope"; +const cannotAppendScopeSet = "cannot_append_scopeset"; +const emptyInputScopeSet = "empty_input_scopeset"; +const deviceCodePollingCancelled = "device_code_polling_cancelled"; +const deviceCodeExpired = "device_code_expired"; +const deviceCodeUnknownError = "device_code_unknown_error"; +const noAccountInSilentRequest = "no_account_in_silent_request"; +const invalidCacheRecord = "invalid_cache_record"; +const invalidCacheEnvironment = "invalid_cache_environment"; +const noAccountFound = "no_account_found"; +const noCryptoObject = "no_crypto_object"; +const unexpectedCredentialType = "unexpected_credential_type"; +const invalidAssertion = "invalid_assertion"; +const invalidClientCredential = "invalid_client_credential"; +const tokenRefreshRequired = "token_refresh_required"; +const userTimeoutReached = "user_timeout_reached"; +const tokenClaimsCnfRequiredForSignedJwt = "token_claims_cnf_required_for_signedjwt"; +const authorizationCodeMissingFromServerResponse = "authorization_code_missing_from_server_response"; +const bindingKeyNotRemoved = "binding_key_not_removed"; +const endSessionEndpointNotSupported = "end_session_endpoint_not_supported"; +const keyIdMissing = "key_id_missing"; +const noNetworkConnectivity = "no_network_connectivity"; +const userCanceled = "user_canceled"; +const missingTenantIdError = "missing_tenant_id_error"; +const methodNotImplemented = "method_not_implemented"; +const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled"; +//# sourceMappingURL=ClientAuthErrorCodes.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const AuthErrorMessages = { - [unexpectedError]: "Unexpected error in authentication.", - [postRequestFailed]: "Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details.", -}; -/** - * AuthErrorMessage class containing string constants used by error codes and messages. - * @deprecated Use AuthErrorCodes instead - */ -const AuthErrorMessage = { - unexpectedError: { - code: unexpectedError, - desc: AuthErrorMessages[unexpectedError], - }, - postRequestFailed: { - code: postRequestFailed, - desc: AuthErrorMessages[postRequestFailed], - }, -}; -/** - * General error class thrown by the MSAL.js library. - */ -class AuthError extends Error { - constructor(errorCode, errorMessage, suberror) { - const errorString = errorMessage - ? `${errorCode}: ${errorMessage}` - : errorCode; - super(errorString); - Object.setPrototypeOf(this, AuthError.prototype); - this.errorCode = errorCode || Constants.EMPTY_STRING; - this.errorMessage = errorMessage || Constants.EMPTY_STRING; - this.subError = suberror || Constants.EMPTY_STRING; - this.name = "AuthError"; - } - setCorrelationId(correlationId) { - this.correlationId = correlationId; - } -} -function createAuthError(code, additionalMessage) { - return new AuthError(code, additionalMessage - ? `${AuthErrorMessages[code]} ${additionalMessage}` - : AuthErrorMessages[code]); +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/ClientAuthError.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * ClientAuthErrorMessage class containing string constants used by error codes and messages. + */ +const ClientAuthErrorMessages = { + [clientInfoDecodingError]: "The client info could not be parsed/decoded correctly", + [clientInfoEmptyError]: "The client info was empty", + [tokenParsingError]: "Token cannot be parsed", + [nullOrEmptyToken]: "The token is null or empty", + [endpointResolutionError]: "Endpoints cannot be resolved", + [networkError]: "Network request failed", + [openIdConfigError]: "Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.", + [hashNotDeserialized]: "The hash parameters could not be deserialized", + [invalidState]: "State was not the expected format", + [stateMismatch]: "State mismatch error", + [stateNotFound]: "State not found", + [nonceMismatch]: "Nonce mismatch error", + [authTimeNotFound]: "Max Age was requested and the ID token is missing the auth_time variable." + + " auth_time is an optional claim and is not enabled by default - it must be enabled." + + " See https://aka.ms/msaljs/optional-claims for more information.", + [maxAgeTranspired]: "Max Age is set to 0, or too much time has elapsed since the last end-user authentication.", + [multipleMatchingTokens]: "The cache contains multiple tokens satisfying the requirements. " + + "Call AcquireToken again providing more requirements such as authority or account.", + [multipleMatchingAccounts]: "The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account", + [multipleMatchingAppMetadata]: "The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata", + [requestCannotBeMade]: "Token request cannot be made without authorization code or refresh token.", + [cannotRemoveEmptyScope]: "Cannot remove null or empty scope from ScopeSet", + [cannotAppendScopeSet]: "Cannot append ScopeSet", + [emptyInputScopeSet]: "Empty input ScopeSet cannot be processed", + [deviceCodePollingCancelled]: "Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.", + [deviceCodeExpired]: "Device code is expired.", + [deviceCodeUnknownError]: "Device code stopped polling for unknown reasons.", + [noAccountInSilentRequest]: "Please pass an account object, silent flow is not supported without account information", + [invalidCacheRecord]: "Cache record object was null or undefined.", + [invalidCacheEnvironment]: "Invalid environment when attempting to create cache entry", + [noAccountFound]: "No account found in cache for given key.", + [noCryptoObject]: "No crypto object detected.", + [unexpectedCredentialType]: "Unexpected credential type.", + [invalidAssertion]: "Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515", + [invalidClientCredential]: "Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential", + [tokenRefreshRequired]: "Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.", + [userTimeoutReached]: "User defined timeout for device code polling reached", + [tokenClaimsCnfRequiredForSignedJwt]: "Cannot generate a POP jwt if the token_claims are not populated", + [authorizationCodeMissingFromServerResponse]: "Server response does not contain an authorization code to proceed", + [bindingKeyNotRemoved]: "Could not remove the credential's binding key from storage.", + [endSessionEndpointNotSupported]: "The provided authority does not support logout", + [keyIdMissing]: "A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.", + [noNetworkConnectivity]: "No network connectivity. Check your internet connection.", + [userCanceled]: "User cancelled the flow.", + [missingTenantIdError]: "A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.", + [methodNotImplemented]: "This method has not been implemented", + [nestedAppAuthBridgeDisabled]: "The nested app auth bridge is disabled", +}; +/** + * String constants used by error codes and messages. + * @deprecated Use ClientAuthErrorCodes instead + */ +const ClientAuthErrorMessage = { + clientInfoDecodingError: { + code: clientInfoDecodingError, + desc: ClientAuthErrorMessages[clientInfoDecodingError], + }, + clientInfoEmptyError: { + code: clientInfoEmptyError, + desc: ClientAuthErrorMessages[clientInfoEmptyError], + }, + tokenParsingError: { + code: tokenParsingError, + desc: ClientAuthErrorMessages[tokenParsingError], + }, + nullOrEmptyToken: { + code: nullOrEmptyToken, + desc: ClientAuthErrorMessages[nullOrEmptyToken], + }, + endpointResolutionError: { + code: endpointResolutionError, + desc: ClientAuthErrorMessages[endpointResolutionError], + }, + networkError: { + code: networkError, + desc: ClientAuthErrorMessages[networkError], + }, + unableToGetOpenidConfigError: { + code: openIdConfigError, + desc: ClientAuthErrorMessages[openIdConfigError], + }, + hashNotDeserialized: { + code: hashNotDeserialized, + desc: ClientAuthErrorMessages[hashNotDeserialized], + }, + invalidStateError: { + code: invalidState, + desc: ClientAuthErrorMessages[invalidState], + }, + stateMismatchError: { + code: stateMismatch, + desc: ClientAuthErrorMessages[stateMismatch], + }, + stateNotFoundError: { + code: stateNotFound, + desc: ClientAuthErrorMessages[stateNotFound], + }, + nonceMismatchError: { + code: nonceMismatch, + desc: ClientAuthErrorMessages[nonceMismatch], + }, + authTimeNotFoundError: { + code: authTimeNotFound, + desc: ClientAuthErrorMessages[authTimeNotFound], + }, + maxAgeTranspired: { + code: maxAgeTranspired, + desc: ClientAuthErrorMessages[maxAgeTranspired], + }, + multipleMatchingTokens: { + code: multipleMatchingTokens, + desc: ClientAuthErrorMessages[multipleMatchingTokens], + }, + multipleMatchingAccounts: { + code: multipleMatchingAccounts, + desc: ClientAuthErrorMessages[multipleMatchingAccounts], + }, + multipleMatchingAppMetadata: { + code: multipleMatchingAppMetadata, + desc: ClientAuthErrorMessages[multipleMatchingAppMetadata], + }, + tokenRequestCannotBeMade: { + code: requestCannotBeMade, + desc: ClientAuthErrorMessages[requestCannotBeMade], + }, + removeEmptyScopeError: { + code: cannotRemoveEmptyScope, + desc: ClientAuthErrorMessages[cannotRemoveEmptyScope], + }, + appendScopeSetError: { + code: cannotAppendScopeSet, + desc: ClientAuthErrorMessages[cannotAppendScopeSet], + }, + emptyInputScopeSetError: { + code: emptyInputScopeSet, + desc: ClientAuthErrorMessages[emptyInputScopeSet], + }, + DeviceCodePollingCancelled: { + code: deviceCodePollingCancelled, + desc: ClientAuthErrorMessages[deviceCodePollingCancelled], + }, + DeviceCodeExpired: { + code: deviceCodeExpired, + desc: ClientAuthErrorMessages[deviceCodeExpired], + }, + DeviceCodeUnknownError: { + code: deviceCodeUnknownError, + desc: ClientAuthErrorMessages[deviceCodeUnknownError], + }, + NoAccountInSilentRequest: { + code: noAccountInSilentRequest, + desc: ClientAuthErrorMessages[noAccountInSilentRequest], + }, + invalidCacheRecord: { + code: invalidCacheRecord, + desc: ClientAuthErrorMessages[invalidCacheRecord], + }, + invalidCacheEnvironment: { + code: invalidCacheEnvironment, + desc: ClientAuthErrorMessages[invalidCacheEnvironment], + }, + noAccountFound: { + code: noAccountFound, + desc: ClientAuthErrorMessages[noAccountFound], + }, + noCryptoObj: { + code: noCryptoObject, + desc: ClientAuthErrorMessages[noCryptoObject], + }, + unexpectedCredentialType: { + code: unexpectedCredentialType, + desc: ClientAuthErrorMessages[unexpectedCredentialType], + }, + invalidAssertion: { + code: invalidAssertion, + desc: ClientAuthErrorMessages[invalidAssertion], + }, + invalidClientCredential: { + code: invalidClientCredential, + desc: ClientAuthErrorMessages[invalidClientCredential], + }, + tokenRefreshRequired: { + code: tokenRefreshRequired, + desc: ClientAuthErrorMessages[tokenRefreshRequired], + }, + userTimeoutReached: { + code: userTimeoutReached, + desc: ClientAuthErrorMessages[userTimeoutReached], + }, + tokenClaimsRequired: { + code: tokenClaimsCnfRequiredForSignedJwt, + desc: ClientAuthErrorMessages[tokenClaimsCnfRequiredForSignedJwt], + }, + noAuthorizationCodeFromServer: { + code: authorizationCodeMissingFromServerResponse, + desc: ClientAuthErrorMessages[authorizationCodeMissingFromServerResponse], + }, + bindingKeyNotRemovedError: { + code: bindingKeyNotRemoved, + desc: ClientAuthErrorMessages[bindingKeyNotRemoved], + }, + logoutNotSupported: { + code: endSessionEndpointNotSupported, + desc: ClientAuthErrorMessages[endSessionEndpointNotSupported], + }, + keyIdMissing: { + code: keyIdMissing, + desc: ClientAuthErrorMessages[keyIdMissing], + }, + noNetworkConnectivity: { + code: noNetworkConnectivity, + desc: ClientAuthErrorMessages[noNetworkConnectivity], + }, + userCanceledError: { + code: userCanceled, + desc: ClientAuthErrorMessages[userCanceled], + }, + missingTenantIdError: { + code: missingTenantIdError, + desc: ClientAuthErrorMessages[missingTenantIdError], + }, + nestedAppAuthBridgeDisabled: { + code: nestedAppAuthBridgeDisabled, + desc: ClientAuthErrorMessages[nestedAppAuthBridgeDisabled], + }, +}; +/** + * Error thrown when there is an error in the client code running on the browser. + */ +class ClientAuthError extends AuthError { + constructor(errorCode, additionalMessage) { + super(errorCode, additionalMessage + ? `${ClientAuthErrorMessages[errorCode]}: ${additionalMessage}` + : ClientAuthErrorMessages[errorCode]); + this.name = "ClientAuthError"; + Object.setPrototypeOf(this, ClientAuthError.prototype); + } +} +function createClientAuthError(errorCode, additionalMessage) { + return new ClientAuthError(errorCode, additionalMessage); } -//# sourceMappingURL=AuthError.mjs.map +//# sourceMappingURL=ClientAuthError.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/ClientAuthErrorCodes.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/crypto/ICrypto.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const DEFAULT_CRYPTO_IMPLEMENTATION = { + createNewGuid: () => { + throw createClientAuthError(methodNotImplemented); + }, + base64Decode: () => { + throw createClientAuthError(methodNotImplemented); + }, + base64Encode: () => { + throw createClientAuthError(methodNotImplemented); + }, + base64UrlEncode: () => { + throw createClientAuthError(methodNotImplemented); + }, + encodeKid: () => { + throw createClientAuthError(methodNotImplemented); + }, + async getPublicKeyThumbprint() { + throw createClientAuthError(methodNotImplemented); + }, + async removeTokenBindingKey() { + throw createClientAuthError(methodNotImplemented); + }, + async clearKeystore() { + throw createClientAuthError(methodNotImplemented); + }, + async signJwt() { + throw createClientAuthError(methodNotImplemented); + }, + async hashString() { + throw createClientAuthError(methodNotImplemented); + }, +}; -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const clientInfoDecodingError = "client_info_decoding_error"; -const clientInfoEmptyError = "client_info_empty_error"; -const tokenParsingError = "token_parsing_error"; -const nullOrEmptyToken = "null_or_empty_token"; -const endpointResolutionError = "endpoints_resolution_error"; -const networkError = "network_error"; -const openIdConfigError = "openid_config_error"; -const hashNotDeserialized = "hash_not_deserialized"; -const invalidState = "invalid_state"; -const stateMismatch = "state_mismatch"; -const stateNotFound = "state_not_found"; -const nonceMismatch = "nonce_mismatch"; -const authTimeNotFound = "auth_time_not_found"; -const maxAgeTranspired = "max_age_transpired"; -const multipleMatchingTokens = "multiple_matching_tokens"; -const multipleMatchingAccounts = "multiple_matching_accounts"; -const multipleMatchingAppMetadata = "multiple_matching_appMetadata"; -const requestCannotBeMade = "request_cannot_be_made"; -const cannotRemoveEmptyScope = "cannot_remove_empty_scope"; -const cannotAppendScopeSet = "cannot_append_scopeset"; -const emptyInputScopeSet = "empty_input_scopeset"; -const deviceCodePollingCancelled = "device_code_polling_cancelled"; -const deviceCodeExpired = "device_code_expired"; -const deviceCodeUnknownError = "device_code_unknown_error"; -const noAccountInSilentRequest = "no_account_in_silent_request"; -const invalidCacheRecord = "invalid_cache_record"; -const invalidCacheEnvironment = "invalid_cache_environment"; -const noAccountFound = "no_account_found"; -const noCryptoObject = "no_crypto_object"; -const unexpectedCredentialType = "unexpected_credential_type"; -const invalidAssertion = "invalid_assertion"; -const invalidClientCredential = "invalid_client_credential"; -const tokenRefreshRequired = "token_refresh_required"; -const userTimeoutReached = "user_timeout_reached"; -const tokenClaimsCnfRequiredForSignedJwt = "token_claims_cnf_required_for_signedjwt"; -const authorizationCodeMissingFromServerResponse = "authorization_code_missing_from_server_response"; -const bindingKeyNotRemoved = "binding_key_not_removed"; -const endSessionEndpointNotSupported = "end_session_endpoint_not_supported"; -const keyIdMissing = "key_id_missing"; -const noNetworkConnectivity = "no_network_connectivity"; -const userCanceled = "user_canceled"; -const missingTenantIdError = "missing_tenant_id_error"; -const methodNotImplemented = "method_not_implemented"; -const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled"; +//# sourceMappingURL=ICrypto.mjs.map -//# sourceMappingURL=ClientAuthErrorCodes.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/packageMetadata.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/ClientAuthError.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +/* eslint-disable header/header */ +const packageMetadata_name = "@azure/msal-common"; +const version = "14.14.2"; +//# sourceMappingURL=packageMetadata.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/account/AuthToken.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Extract token by decoding the rawToken + * + * @param encodedToken + */ +function extractTokenClaims(encodedToken, base64Decode) { + const jswPayload = getJWSPayload(encodedToken); + // token will be decoded to get the username + try { + // base64Decode() should throw an error if there is an issue + const base64Decoded = base64Decode(jswPayload); + return JSON.parse(base64Decoded); + } + catch (err) { + throw createClientAuthError(tokenParsingError); + } +} +/** + * decode a JWT + * + * @param authToken + */ +function getJWSPayload(authToken) { + if (!authToken) { + throw createClientAuthError(nullOrEmptyToken); + } + const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/; + const matches = tokenPartsRegex.exec(authToken); + if (!matches || matches.length < 4) { + throw createClientAuthError(tokenParsingError); + } + /** + * const crackedToken = { + * header: matches[1], + * JWSPayload: matches[2], + * JWSSig: matches[3], + * }; + */ + return matches[2]; +} +/** + * Determine if the token's max_age has transpired + */ +function checkMaxAge(authTime, maxAge) { + /* + * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest + * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access, + * provide a value of 0 for the max_age parameter and the AS will force a fresh login. + */ + const fiveMinuteSkew = 300000; // five minutes in milliseconds + if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) { + throw createClientAuthError(maxAgeTranspired); + } +} +//# sourceMappingURL=AuthToken.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * ClientAuthErrorMessage class containing string constants used by error codes and messages. - */ -const ClientAuthErrorMessages = { - [clientInfoDecodingError]: "The client info could not be parsed/decoded correctly", - [clientInfoEmptyError]: "The client info was empty", - [tokenParsingError]: "Token cannot be parsed", - [nullOrEmptyToken]: "The token is null or empty", - [endpointResolutionError]: "Endpoints cannot be resolved", - [networkError]: "Network request failed", - [openIdConfigError]: "Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.", - [hashNotDeserialized]: "The hash parameters could not be deserialized", - [invalidState]: "State was not the expected format", - [stateMismatch]: "State mismatch error", - [stateNotFound]: "State not found", - [nonceMismatch]: "Nonce mismatch error", - [authTimeNotFound]: "Max Age was requested and the ID token is missing the auth_time variable." + - " auth_time is an optional claim and is not enabled by default - it must be enabled." + - " See https://aka.ms/msaljs/optional-claims for more information.", - [maxAgeTranspired]: "Max Age is set to 0, or too much time has elapsed since the last end-user authentication.", - [multipleMatchingTokens]: "The cache contains multiple tokens satisfying the requirements. " + - "Call AcquireToken again providing more requirements such as authority or account.", - [multipleMatchingAccounts]: "The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account", - [multipleMatchingAppMetadata]: "The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata", - [requestCannotBeMade]: "Token request cannot be made without authorization code or refresh token.", - [cannotRemoveEmptyScope]: "Cannot remove null or empty scope from ScopeSet", - [cannotAppendScopeSet]: "Cannot append ScopeSet", - [emptyInputScopeSet]: "Empty input ScopeSet cannot be processed", - [deviceCodePollingCancelled]: "Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.", - [deviceCodeExpired]: "Device code is expired.", - [deviceCodeUnknownError]: "Device code stopped polling for unknown reasons.", - [noAccountInSilentRequest]: "Please pass an account object, silent flow is not supported without account information", - [invalidCacheRecord]: "Cache record object was null or undefined.", - [invalidCacheEnvironment]: "Invalid environment when attempting to create cache entry", - [noAccountFound]: "No account found in cache for given key.", - [noCryptoObject]: "No crypto object detected.", - [unexpectedCredentialType]: "Unexpected credential type.", - [invalidAssertion]: "Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515", - [invalidClientCredential]: "Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential", - [tokenRefreshRequired]: "Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.", - [userTimeoutReached]: "User defined timeout for device code polling reached", - [tokenClaimsCnfRequiredForSignedJwt]: "Cannot generate a POP jwt if the token_claims are not populated", - [authorizationCodeMissingFromServerResponse]: "Server response does not contain an authorization code to proceed", - [bindingKeyNotRemoved]: "Could not remove the credential's binding key from storage.", - [endSessionEndpointNotSupported]: "The provided authority does not support logout", - [keyIdMissing]: "A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.", - [noNetworkConnectivity]: "No network connectivity. Check your internet connection.", - [userCanceled]: "User cancelled the flow.", - [missingTenantIdError]: "A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.", - [methodNotImplemented]: "This method has not been implemented", - [nestedAppAuthBridgeDisabled]: "The nested app auth bridge is disabled", -}; -/** - * String constants used by error codes and messages. - * @deprecated Use ClientAuthErrorCodes instead - */ -const ClientAuthErrorMessage = { - clientInfoDecodingError: { - code: clientInfoDecodingError, - desc: ClientAuthErrorMessages[clientInfoDecodingError], - }, - clientInfoEmptyError: { - code: clientInfoEmptyError, - desc: ClientAuthErrorMessages[clientInfoEmptyError], - }, - tokenParsingError: { - code: tokenParsingError, - desc: ClientAuthErrorMessages[tokenParsingError], - }, - nullOrEmptyToken: { - code: nullOrEmptyToken, - desc: ClientAuthErrorMessages[nullOrEmptyToken], - }, - endpointResolutionError: { - code: endpointResolutionError, - desc: ClientAuthErrorMessages[endpointResolutionError], - }, - networkError: { - code: networkError, - desc: ClientAuthErrorMessages[networkError], - }, - unableToGetOpenidConfigError: { - code: openIdConfigError, - desc: ClientAuthErrorMessages[openIdConfigError], - }, - hashNotDeserialized: { - code: hashNotDeserialized, - desc: ClientAuthErrorMessages[hashNotDeserialized], - }, - invalidStateError: { - code: invalidState, - desc: ClientAuthErrorMessages[invalidState], - }, - stateMismatchError: { - code: stateMismatch, - desc: ClientAuthErrorMessages[stateMismatch], - }, - stateNotFoundError: { - code: stateNotFound, - desc: ClientAuthErrorMessages[stateNotFound], - }, - nonceMismatchError: { - code: nonceMismatch, - desc: ClientAuthErrorMessages[nonceMismatch], - }, - authTimeNotFoundError: { - code: authTimeNotFound, - desc: ClientAuthErrorMessages[authTimeNotFound], - }, - maxAgeTranspired: { - code: maxAgeTranspired, - desc: ClientAuthErrorMessages[maxAgeTranspired], - }, - multipleMatchingTokens: { - code: multipleMatchingTokens, - desc: ClientAuthErrorMessages[multipleMatchingTokens], - }, - multipleMatchingAccounts: { - code: multipleMatchingAccounts, - desc: ClientAuthErrorMessages[multipleMatchingAccounts], - }, - multipleMatchingAppMetadata: { - code: multipleMatchingAppMetadata, - desc: ClientAuthErrorMessages[multipleMatchingAppMetadata], - }, - tokenRequestCannotBeMade: { - code: requestCannotBeMade, - desc: ClientAuthErrorMessages[requestCannotBeMade], - }, - removeEmptyScopeError: { - code: cannotRemoveEmptyScope, - desc: ClientAuthErrorMessages[cannotRemoveEmptyScope], - }, - appendScopeSetError: { - code: cannotAppendScopeSet, - desc: ClientAuthErrorMessages[cannotAppendScopeSet], - }, - emptyInputScopeSetError: { - code: emptyInputScopeSet, - desc: ClientAuthErrorMessages[emptyInputScopeSet], - }, - DeviceCodePollingCancelled: { - code: deviceCodePollingCancelled, - desc: ClientAuthErrorMessages[deviceCodePollingCancelled], - }, - DeviceCodeExpired: { - code: deviceCodeExpired, - desc: ClientAuthErrorMessages[deviceCodeExpired], - }, - DeviceCodeUnknownError: { - code: deviceCodeUnknownError, - desc: ClientAuthErrorMessages[deviceCodeUnknownError], - }, - NoAccountInSilentRequest: { - code: noAccountInSilentRequest, - desc: ClientAuthErrorMessages[noAccountInSilentRequest], - }, - invalidCacheRecord: { - code: invalidCacheRecord, - desc: ClientAuthErrorMessages[invalidCacheRecord], - }, - invalidCacheEnvironment: { - code: invalidCacheEnvironment, - desc: ClientAuthErrorMessages[invalidCacheEnvironment], - }, - noAccountFound: { - code: noAccountFound, - desc: ClientAuthErrorMessages[noAccountFound], - }, - noCryptoObj: { - code: noCryptoObject, - desc: ClientAuthErrorMessages[noCryptoObject], - }, - unexpectedCredentialType: { - code: unexpectedCredentialType, - desc: ClientAuthErrorMessages[unexpectedCredentialType], - }, - invalidAssertion: { - code: invalidAssertion, - desc: ClientAuthErrorMessages[invalidAssertion], - }, - invalidClientCredential: { - code: invalidClientCredential, - desc: ClientAuthErrorMessages[invalidClientCredential], - }, - tokenRefreshRequired: { - code: tokenRefreshRequired, - desc: ClientAuthErrorMessages[tokenRefreshRequired], - }, - userTimeoutReached: { - code: userTimeoutReached, - desc: ClientAuthErrorMessages[userTimeoutReached], - }, - tokenClaimsRequired: { - code: tokenClaimsCnfRequiredForSignedJwt, - desc: ClientAuthErrorMessages[tokenClaimsCnfRequiredForSignedJwt], - }, - noAuthorizationCodeFromServer: { - code: authorizationCodeMissingFromServerResponse, - desc: ClientAuthErrorMessages[authorizationCodeMissingFromServerResponse], - }, - bindingKeyNotRemovedError: { - code: bindingKeyNotRemoved, - desc: ClientAuthErrorMessages[bindingKeyNotRemoved], - }, - logoutNotSupported: { - code: endSessionEndpointNotSupported, - desc: ClientAuthErrorMessages[endSessionEndpointNotSupported], - }, - keyIdMissing: { - code: keyIdMissing, - desc: ClientAuthErrorMessages[keyIdMissing], - }, - noNetworkConnectivity: { - code: noNetworkConnectivity, - desc: ClientAuthErrorMessages[noNetworkConnectivity], - }, - userCanceledError: { - code: userCanceled, - desc: ClientAuthErrorMessages[userCanceled], - }, - missingTenantIdError: { - code: missingTenantIdError, - desc: ClientAuthErrorMessages[missingTenantIdError], - }, - nestedAppAuthBridgeDisabled: { - code: nestedAppAuthBridgeDisabled, - desc: ClientAuthErrorMessages[nestedAppAuthBridgeDisabled], - }, -}; -/** - * Error thrown when there is an error in the client code running on the browser. - */ -class ClientAuthError extends AuthError { - constructor(errorCode, additionalMessage) { - super(errorCode, additionalMessage - ? `${ClientAuthErrorMessages[errorCode]}: ${additionalMessage}` - : ClientAuthErrorMessages[errorCode]); - this.name = "ClientAuthError"; - Object.setPrototypeOf(this, ClientAuthError.prototype); - } -} -function createClientAuthError(errorCode, additionalMessage) { - return new ClientAuthError(errorCode, additionalMessage); +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/utils/TimeUtils.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Utility functions for managing date and time operations. + */ +/** + * return the current time in Unix time (seconds). + */ +function nowSeconds() { + // Date.getTime() returns in milliseconds. + return Math.round(new Date().getTime() / 1000.0); +} +/** + * check if a token is expired based on given UTC time in seconds. + * @param expiresOn + */ +function isTokenExpired(expiresOn, offset) { + // check for access token expiry + const expirationSec = Number(expiresOn) || 0; + const offsetCurrentTimeSec = nowSeconds() + offset; + // If current time + offset is greater than token expiration time, then token is expired. + return offsetCurrentTimeSec > expirationSec; +} +/** + * If the current time is earlier than the time that a token was cached at, we must discard the token + * i.e. The system clock was turned back after acquiring the cached token + * @param cachedAt + * @param offset + */ +function wasClockTurnedBack(cachedAt) { + const cachedAtSec = Number(cachedAt); + return cachedAtSec > nowSeconds(); +} +/** + * Waits for t number of milliseconds + * @param t number + * @param value T + */ +function delay(t, value) { + return new Promise((resolve) => setTimeout(() => resolve(value), t)); } -//# sourceMappingURL=ClientAuthError.mjs.map +//# sourceMappingURL=TimeUtils.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/crypto/ICrypto.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/cache/utils/CacheHelpers.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Cache Key: ------- + * IdToken Example: uid.utid-login.microsoftonline.com-idtoken-app_client_id-contoso.com + * AccessToken Example: uid.utid-login.microsoftonline.com-accesstoken-app_client_id-contoso.com-scope1 scope2--pop + * RefreshToken Example: uid.utid-login.microsoftonline.com-refreshtoken-1-contoso.com + * @param credentialEntity + * @returns + */ +function generateCredentialKey(credentialEntity) { + const credentialKey = [ + generateAccountId(credentialEntity), + generateCredentialId(credentialEntity), + generateTarget(credentialEntity), + generateClaimsHash(credentialEntity), + generateScheme(credentialEntity), + ]; + return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); +} +/** + * Create IdTokenEntity + * @param homeAccountId + * @param authenticationResult + * @param clientId + * @param authority + */ +function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) { + const idTokenEntity = { + credentialType: CredentialType.ID_TOKEN, + homeAccountId: homeAccountId, + environment: environment, + clientId: clientId, + secret: idToken, + realm: tenantId, + }; + return idTokenEntity; +} +/** + * Create AccessTokenEntity + * @param homeAccountId + * @param environment + * @param accessToken + * @param clientId + * @param tenantId + * @param scopes + * @param expiresOn + * @param extExpiresOn + */ +function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId, requestedClaims, requestedClaimsHash) { + const atEntity = { + homeAccountId: homeAccountId, + credentialType: CredentialType.ACCESS_TOKEN, + secret: accessToken, + cachedAt: nowSeconds().toString(), + expiresOn: expiresOn.toString(), + extendedExpiresOn: extExpiresOn.toString(), + environment: environment, + clientId: clientId, + realm: tenantId, + target: scopes, + tokenType: tokenType || AuthenticationScheme.BEARER, + }; + if (userAssertionHash) { + atEntity.userAssertionHash = userAssertionHash; + } + if (refreshOn) { + atEntity.refreshOn = refreshOn.toString(); + } + if (requestedClaims) { + atEntity.requestedClaims = requestedClaims; + atEntity.requestedClaimsHash = requestedClaimsHash; + } + /* + * Create Access Token With Auth Scheme instead of regular access token + * Cast to lower to handle "bearer" from ADFS + */ + if (atEntity.tokenType?.toLowerCase() !== + AuthenticationScheme.BEARER.toLowerCase()) { + atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME; + switch (atEntity.tokenType) { + case AuthenticationScheme.POP: + // Make sure keyId is present and add it to credential + const tokenClaims = extractTokenClaims(accessToken, base64Decode); + if (!tokenClaims?.cnf?.kid) { + throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt); + } + atEntity.keyId = tokenClaims.cnf.kid; + break; + case AuthenticationScheme.SSH: + atEntity.keyId = keyId; + } + } + return atEntity; +} +/** + * Create RefreshTokenEntity + * @param homeAccountId + * @param authenticationResult + * @param clientId + * @param authority + */ +function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) { + const rtEntity = { + credentialType: CredentialType.REFRESH_TOKEN, + homeAccountId: homeAccountId, + environment: environment, + clientId: clientId, + secret: refreshToken, + }; + if (userAssertionHash) { + rtEntity.userAssertionHash = userAssertionHash; + } + if (familyId) { + rtEntity.familyId = familyId; + } + if (expiresOn) { + rtEntity.expiresOn = expiresOn.toString(); + } + return rtEntity; +} +function isCredentialEntity(entity) { + return (entity.hasOwnProperty("homeAccountId") && + entity.hasOwnProperty("environment") && + entity.hasOwnProperty("credentialType") && + entity.hasOwnProperty("clientId") && + entity.hasOwnProperty("secret")); +} +/** + * Validates an entity: checks for all expected params + * @param entity + */ +function isAccessTokenEntity(entity) { + if (!entity) { + return false; + } + return (isCredentialEntity(entity) && + entity.hasOwnProperty("realm") && + entity.hasOwnProperty("target") && + (entity["credentialType"] === CredentialType.ACCESS_TOKEN || + entity["credentialType"] === + CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME)); +} +/** + * Validates an entity: checks for all expected params + * @param entity + */ +function isIdTokenEntity(entity) { + if (!entity) { + return false; + } + return (isCredentialEntity(entity) && + entity.hasOwnProperty("realm") && + entity["credentialType"] === CredentialType.ID_TOKEN); +} +/** + * Validates an entity: checks for all expected params + * @param entity + */ +function isRefreshTokenEntity(entity) { + if (!entity) { + return false; + } + return (isCredentialEntity(entity) && + entity["credentialType"] === CredentialType.REFRESH_TOKEN); +} +/** + * Generate Account Id key component as per the schema: - + */ +function generateAccountId(credentialEntity) { + const accountId = [ + credentialEntity.homeAccountId, + credentialEntity.environment, + ]; + return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); +} +/** + * Generate Credential Id key component as per the schema: -- + */ +function generateCredentialId(credentialEntity) { + const clientOrFamilyId = credentialEntity.credentialType === CredentialType.REFRESH_TOKEN + ? credentialEntity.familyId || credentialEntity.clientId + : credentialEntity.clientId; + const credentialId = [ + credentialEntity.credentialType, + clientOrFamilyId, + credentialEntity.realm || "", + ]; + return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); +} +/** + * Generate target key component as per schema: + */ +function generateTarget(credentialEntity) { + return (credentialEntity.target || "").toLowerCase(); +} +/** + * Generate requested claims key component as per schema: + */ +function generateClaimsHash(credentialEntity) { + return (credentialEntity.requestedClaimsHash || "").toLowerCase(); +} +/** + * Generate scheme key componenet as per schema: + */ +function generateScheme(credentialEntity) { + /* + * PoP Tokens and SSH certs include scheme in cache key + * Cast to lowercase to handle "bearer" from ADFS + */ + return credentialEntity.tokenType && + credentialEntity.tokenType.toLowerCase() !== + AuthenticationScheme.BEARER.toLowerCase() + ? credentialEntity.tokenType.toLowerCase() + : ""; +} +/** + * validates if a given cache entry is "Telemetry", parses + * @param key + * @param entity + */ +function isServerTelemetryEntity(key, entity) { + const validateKey = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0; + let validateEntity = true; + if (entity) { + validateEntity = + entity.hasOwnProperty("failedRequests") && + entity.hasOwnProperty("errors") && + entity.hasOwnProperty("cacheHits"); + } + return validateKey && validateEntity; +} +/** + * validates if a given cache entry is "Throttling", parses + * @param key + * @param entity + */ +function isThrottlingEntity(key, entity) { + let validateKey = false; + if (key) { + validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0; + } + let validateEntity = true; + if (entity) { + validateEntity = entity.hasOwnProperty("throttleTime"); + } + return validateKey && validateEntity; +} +/** + * Generate AppMetadata Cache Key as per the schema: appmetadata-- + */ +function generateAppMetadataKey({ environment, clientId, }) { + const appMetaDataKeyArray = [ + APP_METADATA, + environment, + clientId, + ]; + return appMetaDataKeyArray + .join(Separators.CACHE_KEY_SEPARATOR) + .toLowerCase(); +} +/* + * Validates an entity: checks for all expected params + * @param entity + */ +function isAppMetadataEntity(key, entity) { + if (!entity) { + return false; + } + return (key.indexOf(APP_METADATA) === 0 && + entity.hasOwnProperty("clientId") && + entity.hasOwnProperty("environment")); +} +/** + * Validates an entity: checks for all expected params + * @param entity + */ +function isAuthorityMetadataEntity(key, entity) { + if (!entity) { + return false; + } + return (key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 && + entity.hasOwnProperty("aliases") && + entity.hasOwnProperty("preferred_cache") && + entity.hasOwnProperty("preferred_network") && + entity.hasOwnProperty("canonical_authority") && + entity.hasOwnProperty("authorization_endpoint") && + entity.hasOwnProperty("token_endpoint") && + entity.hasOwnProperty("issuer") && + entity.hasOwnProperty("aliasesFromNetwork") && + entity.hasOwnProperty("endpointsFromNetwork") && + entity.hasOwnProperty("expiresAt") && + entity.hasOwnProperty("jwks_uri")); +} +/** + * Reset the exiresAt value + */ +function generateAuthorityMetadataExpiresAt() { + return (nowSeconds() + + AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS); +} +function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) { + authorityMetadata.authorization_endpoint = + updatedValues.authorization_endpoint; + authorityMetadata.token_endpoint = updatedValues.token_endpoint; + authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint; + authorityMetadata.issuer = updatedValues.issuer; + authorityMetadata.endpointsFromNetwork = fromNetwork; + authorityMetadata.jwks_uri = updatedValues.jwks_uri; +} +function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) { + authorityMetadata.aliases = updatedValues.aliases; + authorityMetadata.preferred_cache = updatedValues.preferred_cache; + authorityMetadata.preferred_network = updatedValues.preferred_network; + authorityMetadata.aliasesFromNetwork = fromNetwork; +} +/** + * Returns whether or not the data needs to be refreshed + */ +function isAuthorityMetadataExpired(metadata) { + return metadata.expiresAt <= nowSeconds(); +} +//# sourceMappingURL=CacheHelpers.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/ClientConfigurationErrorCodes.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const redirectUriEmpty = "redirect_uri_empty"; +const claimsRequestParsingError = "claims_request_parsing_error"; +const authorityUriInsecure = "authority_uri_insecure"; +const urlParseError = "url_parse_error"; +const urlEmptyError = "empty_url_error"; +const emptyInputScopesError = "empty_input_scopes_error"; +const invalidPromptValue = "invalid_prompt_value"; +const invalidClaims = "invalid_claims"; +const tokenRequestEmpty = "token_request_empty"; +const logoutRequestEmpty = "logout_request_empty"; +const invalidCodeChallengeMethod = "invalid_code_challenge_method"; +const pkceParamsMissing = "pkce_params_missing"; +const invalidCloudDiscoveryMetadata = "invalid_cloud_discovery_metadata"; +const invalidAuthorityMetadata = "invalid_authority_metadata"; +const untrustedAuthority = "untrusted_authority"; +const missingSshJwk = "missing_ssh_jwk"; +const missingSshKid = "missing_ssh_kid"; +const missingNonceAuthenticationHeader = "missing_nonce_authentication_header"; +const invalidAuthenticationHeader = "invalid_authentication_header"; +const cannotSetOIDCOptions = "cannot_set_OIDCOptions"; +const cannotAllowNativeBroker = "cannot_allow_native_broker"; +const authorityMismatch = "authority_mismatch"; -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const DEFAULT_CRYPTO_IMPLEMENTATION = { - createNewGuid: () => { - throw createClientAuthError(methodNotImplemented); - }, - base64Decode: () => { - throw createClientAuthError(methodNotImplemented); - }, - base64Encode: () => { - throw createClientAuthError(methodNotImplemented); - }, - base64UrlEncode: () => { - throw createClientAuthError(methodNotImplemented); - }, - encodeKid: () => { - throw createClientAuthError(methodNotImplemented); - }, - async getPublicKeyThumbprint() { - throw createClientAuthError(methodNotImplemented); - }, - async removeTokenBindingKey() { - throw createClientAuthError(methodNotImplemented); - }, - async clearKeystore() { - throw createClientAuthError(methodNotImplemented); - }, - async signJwt() { - throw createClientAuthError(methodNotImplemented); - }, - async hashString() { - throw createClientAuthError(methodNotImplemented); - }, -}; +//# sourceMappingURL=ClientConfigurationErrorCodes.mjs.map -//# sourceMappingURL=ICrypto.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/ClientConfigurationError.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const ClientConfigurationErrorMessages = { + [redirectUriEmpty]: "A redirect URI is required for all calls, and none has been set.", + [claimsRequestParsingError]: "Could not parse the given claims request object.", + [authorityUriInsecure]: "Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options", + [urlParseError]: "URL could not be parsed into appropriate segments.", + [urlEmptyError]: "URL was empty or null.", + [emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.", + [invalidPromptValue]: "Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest", + [invalidClaims]: "Given claims parameter must be a stringified JSON object.", + [tokenRequestEmpty]: "Token request was empty and not found in cache.", + [logoutRequestEmpty]: "The logout request was null or undefined.", + [invalidCodeChallengeMethod]: 'code_challenge_method passed is invalid. Valid values are "plain" and "S256".', + [pkceParamsMissing]: "Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request", + [invalidCloudDiscoveryMetadata]: "Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields", + [invalidAuthorityMetadata]: "Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.", + [untrustedAuthority]: "The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.", + [missingSshJwk]: "Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.", + [missingSshKid]: "Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.", + [missingNonceAuthenticationHeader]: "Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.", + [invalidAuthenticationHeader]: "Invalid authentication header provided", + [cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.", + [cannotAllowNativeBroker]: "Cannot set allowNativeBroker parameter to true when not in AAD protocol mode.", + [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.", +}; +/** + * ClientConfigurationErrorMessage class containing string constants used by error codes and messages. + * @deprecated Use ClientConfigurationErrorCodes instead + */ +const ClientConfigurationErrorMessage = { + redirectUriNotSet: { + code: redirectUriEmpty, + desc: ClientConfigurationErrorMessages[redirectUriEmpty], + }, + claimsRequestParsingError: { + code: claimsRequestParsingError, + desc: ClientConfigurationErrorMessages[claimsRequestParsingError], + }, + authorityUriInsecure: { + code: authorityUriInsecure, + desc: ClientConfigurationErrorMessages[authorityUriInsecure], + }, + urlParseError: { + code: urlParseError, + desc: ClientConfigurationErrorMessages[urlParseError], + }, + urlEmptyError: { + code: urlEmptyError, + desc: ClientConfigurationErrorMessages[urlEmptyError], + }, + emptyScopesError: { + code: emptyInputScopesError, + desc: ClientConfigurationErrorMessages[emptyInputScopesError], + }, + invalidPrompt: { + code: invalidPromptValue, + desc: ClientConfigurationErrorMessages[invalidPromptValue], + }, + invalidClaimsRequest: { + code: invalidClaims, + desc: ClientConfigurationErrorMessages[invalidClaims], + }, + tokenRequestEmptyError: { + code: tokenRequestEmpty, + desc: ClientConfigurationErrorMessages[tokenRequestEmpty], + }, + logoutRequestEmptyError: { + code: logoutRequestEmpty, + desc: ClientConfigurationErrorMessages[logoutRequestEmpty], + }, + invalidCodeChallengeMethod: { + code: invalidCodeChallengeMethod, + desc: ClientConfigurationErrorMessages[invalidCodeChallengeMethod], + }, + invalidCodeChallengeParams: { + code: pkceParamsMissing, + desc: ClientConfigurationErrorMessages[pkceParamsMissing], + }, + invalidCloudDiscoveryMetadata: { + code: invalidCloudDiscoveryMetadata, + desc: ClientConfigurationErrorMessages[invalidCloudDiscoveryMetadata], + }, + invalidAuthorityMetadata: { + code: invalidAuthorityMetadata, + desc: ClientConfigurationErrorMessages[invalidAuthorityMetadata], + }, + untrustedAuthority: { + code: untrustedAuthority, + desc: ClientConfigurationErrorMessages[untrustedAuthority], + }, + missingSshJwk: { + code: missingSshJwk, + desc: ClientConfigurationErrorMessages[missingSshJwk], + }, + missingSshKid: { + code: missingSshKid, + desc: ClientConfigurationErrorMessages[missingSshKid], + }, + missingNonceAuthenticationHeader: { + code: missingNonceAuthenticationHeader, + desc: ClientConfigurationErrorMessages[missingNonceAuthenticationHeader], + }, + invalidAuthenticationHeader: { + code: invalidAuthenticationHeader, + desc: ClientConfigurationErrorMessages[invalidAuthenticationHeader], + }, + cannotSetOIDCOptions: { + code: cannotSetOIDCOptions, + desc: ClientConfigurationErrorMessages[cannotSetOIDCOptions], + }, + cannotAllowNativeBroker: { + code: cannotAllowNativeBroker, + desc: ClientConfigurationErrorMessages[cannotAllowNativeBroker], + }, + authorityMismatch: { + code: authorityMismatch, + desc: ClientConfigurationErrorMessages[authorityMismatch], + }, +}; +/** + * Error thrown when there is an error in configuration of the MSAL.js library. + */ +class ClientConfigurationError extends AuthError { + constructor(errorCode) { + super(errorCode, ClientConfigurationErrorMessages[errorCode]); + this.name = "ClientConfigurationError"; + Object.setPrototypeOf(this, ClientConfigurationError.prototype); + } +} +function createClientConfigurationError(errorCode) { + return new ClientConfigurationError(errorCode); +} -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/packageMetadata.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ -/* eslint-disable header/header */ -const packageMetadata_name = "@azure/msal-common"; -const version = "14.14.0"; +//# sourceMappingURL=ClientConfigurationError.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/utils/StringUtils.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * @hidden + */ +class StringUtils { + /** + * Check if stringified object is empty + * @param strObj + */ + static isEmptyObj(strObj) { + if (strObj) { + try { + const obj = JSON.parse(strObj); + return Object.keys(obj).length === 0; + } + catch (e) { } + } + return true; + } + static startsWith(str, search) { + return str.indexOf(search) === 0; + } + static endsWith(str, search) { + return (str.length >= search.length && + str.lastIndexOf(search) === str.length - search.length); + } + /** + * Parses string into an object. + * + * @param query + */ + static queryStringToObject(query) { + const obj = {}; + const params = query.split("&"); + const decode = (s) => decodeURIComponent(s.replace(/\+/g, " ")); + params.forEach((pair) => { + if (pair.trim()) { + const [key, value] = pair.split(/=(.+)/g, 2); // Split on the first occurence of the '=' character + if (key && value) { + obj[decode(key)] = decode(value); + } + } + }); + return obj; + } + /** + * Trims entries in an array. + * + * @param arr + */ + static trimArrayEntries(arr) { + return arr.map((entry) => entry.trim()); + } + /** + * Removes empty strings from array + * @param arr + */ + static removeEmptyStringsFromArray(arr) { + return arr.filter((entry) => { + return !!entry; + }); + } + /** + * Attempts to parse a string into JSON + * @param str + */ + static jsonParseHelper(str) { + try { + return JSON.parse(str); + } + catch (e) { + return null; + } + } + /** + * Tests if a given string matches a given pattern, with support for wildcards and queries. + * @param pattern Wildcard pattern to string match. Supports "*" for wildcards and "?" for queries + * @param input String to match against + */ + static matchPattern(pattern, input) { + /** + * Wildcard support: https://stackoverflow.com/a/3117248/4888559 + * Queries: replaces "?" in string with escaped "\?" for regex test + */ + // eslint-disable-next-line security/detect-non-literal-regexp + const regex = new RegExp(pattern + .replace(/\\/g, "\\\\") + .replace(/\*/g, "[^ ]*") + .replace(/\?/g, "\\?")); + return regex.test(input); + } +} -//# sourceMappingURL=packageMetadata.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/account/AuthToken.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +//# sourceMappingURL=StringUtils.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/request/ScopeSet.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * The ScopeSet class creates a set of scopes. Scopes are case-insensitive, unique values, so the Set object in JS makes + * the most sense to implement for this class. All scopes are trimmed and converted to lower case strings in intersection and union functions + * to ensure uniqueness of strings. + */ +class ScopeSet { + constructor(inputScopes) { + // Filter empty string and null/undefined array items + const scopeArr = inputScopes + ? StringUtils.trimArrayEntries([...inputScopes]) + : []; + const filteredInput = scopeArr + ? StringUtils.removeEmptyStringsFromArray(scopeArr) + : []; + // Validate and filter scopes (validate function throws if validation fails) + this.validateInputScopes(filteredInput); + this.scopes = new Set(); // Iterator in constructor not supported by IE11 + filteredInput.forEach((scope) => this.scopes.add(scope)); + } + /** + * Factory method to create ScopeSet from space-delimited string + * @param inputScopeString + * @param appClientId + * @param scopesRequired + */ + static fromString(inputScopeString) { + const scopeString = inputScopeString || Constants.EMPTY_STRING; + const inputScopes = scopeString.split(" "); + return new ScopeSet(inputScopes); + } + /** + * Creates the set of scopes to search for in cache lookups + * @param inputScopeString + * @returns + */ + static createSearchScopes(inputScopeString) { + const scopeSet = new ScopeSet(inputScopeString); + if (!scopeSet.containsOnlyOIDCScopes()) { + scopeSet.removeOIDCScopes(); + } + else { + scopeSet.removeScope(Constants.OFFLINE_ACCESS_SCOPE); + } + return scopeSet; + } + /** + * Used to validate the scopes input parameter requested by the developer. + * @param {Array} inputScopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned. + * @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not + */ + validateInputScopes(inputScopes) { + // Check if scopes are required but not given or is an empty array + if (!inputScopes || inputScopes.length < 1) { + throw createClientConfigurationError(emptyInputScopesError); + } + } + /** + * Check if a given scope is present in this set of scopes. + * @param scope + */ + containsScope(scope) { + const lowerCaseScopes = this.printScopesLowerCase().split(" "); + const lowerCaseScopesSet = new ScopeSet(lowerCaseScopes); + // compare lowercase scopes + return scope + ? lowerCaseScopesSet.scopes.has(scope.toLowerCase()) + : false; + } + /** + * Check if a set of scopes is present in this set of scopes. + * @param scopeSet + */ + containsScopeSet(scopeSet) { + if (!scopeSet || scopeSet.scopes.size <= 0) { + return false; + } + return (this.scopes.size >= scopeSet.scopes.size && + scopeSet.asArray().every((scope) => this.containsScope(scope))); + } + /** + * Check if set of scopes contains only the defaults + */ + containsOnlyOIDCScopes() { + let defaultScopeCount = 0; + OIDC_SCOPES.forEach((defaultScope) => { + if (this.containsScope(defaultScope)) { + defaultScopeCount += 1; + } + }); + return this.scopes.size === defaultScopeCount; + } + /** + * Appends single scope if passed + * @param newScope + */ + appendScope(newScope) { + if (newScope) { + this.scopes.add(newScope.trim()); + } + } + /** + * Appends multiple scopes if passed + * @param newScopes + */ + appendScopes(newScopes) { + try { + newScopes.forEach((newScope) => this.appendScope(newScope)); + } + catch (e) { + throw createClientAuthError(cannotAppendScopeSet); + } + } + /** + * Removes element from set of scopes. + * @param scope + */ + removeScope(scope) { + if (!scope) { + throw createClientAuthError(cannotRemoveEmptyScope); + } + this.scopes.delete(scope.trim()); + } + /** + * Removes default scopes from set of scopes + * Primarily used to prevent cache misses if the default scopes are not returned from the server + */ + removeOIDCScopes() { + OIDC_SCOPES.forEach((defaultScope) => { + this.scopes.delete(defaultScope); + }); + } + /** + * Combines an array of scopes with the current set of scopes. + * @param otherScopes + */ + unionScopeSets(otherScopes) { + if (!otherScopes) { + throw createClientAuthError(emptyInputScopeSet); + } + const unionScopes = new Set(); // Iterator in constructor not supported in IE11 + otherScopes.scopes.forEach((scope) => unionScopes.add(scope.toLowerCase())); + this.scopes.forEach((scope) => unionScopes.add(scope.toLowerCase())); + return unionScopes; + } + /** + * Check if scopes intersect between this set and another. + * @param otherScopes + */ + intersectingScopeSets(otherScopes) { + if (!otherScopes) { + throw createClientAuthError(emptyInputScopeSet); + } + // Do not allow OIDC scopes to be the only intersecting scopes + if (!otherScopes.containsOnlyOIDCScopes()) { + otherScopes.removeOIDCScopes(); + } + const unionScopes = this.unionScopeSets(otherScopes); + const sizeOtherScopes = otherScopes.getScopeCount(); + const sizeThisScopes = this.getScopeCount(); + const sizeUnionScopes = unionScopes.size; + return sizeUnionScopes < sizeThisScopes + sizeOtherScopes; + } + /** + * Returns size of set of scopes. + */ + getScopeCount() { + return this.scopes.size; + } + /** + * Returns the scopes as an array of string values + */ + asArray() { + const array = []; + this.scopes.forEach((val) => array.push(val)); + return array; + } + /** + * Prints scopes into a space-delimited string + */ + printScopes() { + if (this.scopes) { + const scopeArr = this.asArray(); + return scopeArr.join(" "); + } + return Constants.EMPTY_STRING; + } + /** + * Prints scopes into a space-delimited lower-case string (used for caching) + */ + printScopesLowerCase() { + return this.printScopes().toLowerCase(); + } +} +//# sourceMappingURL=ScopeSet.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Extract token by decoding the rawToken - * - * @param encodedToken - */ -function extractTokenClaims(encodedToken, base64Decode) { - const jswPayload = getJWSPayload(encodedToken); - // token will be decoded to get the username - try { - // base64Decode() should throw an error if there is an issue - const base64Decoded = base64Decode(jswPayload); - return JSON.parse(base64Decoded); - } - catch (err) { - throw createClientAuthError(tokenParsingError); - } -} -/** - * decode a JWT - * - * @param authToken - */ -function getJWSPayload(authToken) { - if (!authToken) { - throw createClientAuthError(nullOrEmptyToken); - } - const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/; - const matches = tokenPartsRegex.exec(authToken); - if (!matches || matches.length < 4) { - throw createClientAuthError(tokenParsingError); - } - /** - * const crackedToken = { - * header: matches[1], - * JWSPayload: matches[2], - * JWSSig: matches[3], - * }; - */ - return matches[2]; +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/account/ClientInfo.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Function to build a client info object from server clientInfo string + * @param rawClientInfo + * @param crypto + */ +function buildClientInfo(rawClientInfo, base64Decode) { + if (!rawClientInfo) { + throw createClientAuthError(clientInfoEmptyError); + } + try { + const decodedClientInfo = base64Decode(rawClientInfo); + return JSON.parse(decodedClientInfo); + } + catch (e) { + throw createClientAuthError(clientInfoDecodingError); + } +} +/** + * Function to build a client info object from cached homeAccountId string + * @param homeAccountId + */ +function buildClientInfoFromHomeAccountId(homeAccountId) { + if (!homeAccountId) { + throw createClientAuthError(clientInfoDecodingError); + } + const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2); + return { + uid: clientInfoParts[0], + utid: clientInfoParts.length < 2 + ? Constants.EMPTY_STRING + : clientInfoParts[1], + }; } -/** - * Determine if the token's max_age has transpired - */ -function checkMaxAge(authTime, maxAge) { - /* - * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest - * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access, - * provide a value of 0 for the max_age parameter and the AS will force a fresh login. - */ - const fiveMinuteSkew = 300000; // five minutes in milliseconds - if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) { - throw createClientAuthError(maxAgeTranspired); - } + + +//# sourceMappingURL=ClientInfo.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/account/AccountInfo.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Returns true if tenantId matches the utid portion of homeAccountId + * @param tenantId + * @param homeAccountId + * @returns + */ +function tenantIdMatchesHomeTenant(tenantId, homeAccountId) { + return (!!tenantId && + !!homeAccountId && + tenantId === homeAccountId.split(".")[1]); +} +/** + * Build tenant profile + * @param homeAccountId - Home account identifier for this account object + * @param localAccountId - Local account identifer for this account object + * @param tenantId - Full tenant or organizational id that this account belongs to + * @param idTokenClaims - Claims from the ID token + * @returns + */ +function buildTenantProfile(homeAccountId, localAccountId, tenantId, idTokenClaims) { + if (idTokenClaims) { + const { oid, sub, tid, name, tfp, acr } = idTokenClaims; + /** + * Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence: + * tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens. + * tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios. + * acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway. + */ + const tenantId = tid || tfp || acr || ""; + return { + tenantId: tenantId, + localAccountId: oid || sub || "", + name: name, + isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId), + }; + } + else { + return { + tenantId, + localAccountId, + isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId), + }; + } +} +/** + * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info + * @param baseAccountInfo + * @param idTokenClaims + * @returns + */ +function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenClaims, idTokenSecret) { + let updatedAccountInfo = baseAccountInfo; + // Tenant Profile overrides passed in account info + if (tenantProfile) { + // eslint-disable-next-line @typescript-eslint/no-unused-vars + const { isHomeTenant, ...tenantProfileOverride } = tenantProfile; + updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride }; + } + // ID token claims override passed in account info and tenant profile + if (idTokenClaims) { + // Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info + // eslint-disable-next-line @typescript-eslint/no-unused-vars + const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfile(baseAccountInfo.homeAccountId, baseAccountInfo.localAccountId, baseAccountInfo.tenantId, idTokenClaims); + updatedAccountInfo = { + ...updatedAccountInfo, + ...claimsSourcedTenantProfile, + idTokenClaims: idTokenClaims, + idToken: idTokenSecret, + }; + return updatedAccountInfo; + } + return updatedAccountInfo; } -//# sourceMappingURL=AuthToken.mjs.map +//# sourceMappingURL=AccountInfo.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/utils/TimeUtils.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/authority/AuthorityType.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Authority types supported by MSAL. + */ +const AuthorityType = { + Default: 0, + Adfs: 1, + Dsts: 2, + Ciam: 3, +}; -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Utility functions for managing date and time operations. - */ -/** - * return the current time in Unix time (seconds). - */ -function nowSeconds() { - // Date.getTime() returns in milliseconds. - return Math.round(new Date().getTime() / 1000.0); + +//# sourceMappingURL=AuthorityType.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/account/TokenClaims.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Gets tenantId from available ID token claims to set as credential realm with the following precedence: + * 1. tid - if the token is acquired from an Azure AD tenant tid will be present + * 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present + * 3. acr - if the token is acquired from a legacy B2C tenant acr should be present + * Downcased to match the realm case-insensitive comparison requirements + * @param idTokenClaims + * @returns + */ +function getTenantIdFromIdTokenClaims(idTokenClaims) { + if (idTokenClaims) { + const tenantId = idTokenClaims.tid || idTokenClaims.tfp || idTokenClaims.acr; + return tenantId || null; + } + return null; } -/** - * check if a token is expired based on given UTC time in seconds. - * @param expiresOn - */ -function isTokenExpired(expiresOn, offset) { - // check for access token expiry - const expirationSec = Number(expiresOn) || 0; - const offsetCurrentTimeSec = nowSeconds() + offset; - // If current time + offset is greater than token expiration time, then token is expired. - return offsetCurrentTimeSec > expirationSec; + + +//# sourceMappingURL=TokenClaims.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/cache/entities/AccountEntity.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs). + * + * Key : Value Schema + * + * Key: -- + * + * Value Schema: + * { + * homeAccountId: home account identifier for the auth scheme, + * environment: entity that issued the token, represented as a full host + * realm: Full tenant or organizational identifier that the account belongs to + * localAccountId: Original tenant-specific accountID, usually used for legacy cases + * username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt + * authorityType: Accounts authority type as a string + * name: Full name for the account, including given name and family name, + * lastModificationTime: last time this entity was modified in the cache + * lastModificationApp: + * nativeAccountId: Account identifier on the native device + * tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser + * } + * @internal + */ +class AccountEntity { + /** + * Generate Account Id key component as per the schema: - + */ + generateAccountId() { + const accountId = [this.homeAccountId, this.environment]; + return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); + } + /** + * Generate Account Cache Key as per the schema: -- + */ + generateAccountKey() { + return AccountEntity.generateAccountCacheKey({ + homeAccountId: this.homeAccountId, + environment: this.environment, + tenantId: this.realm, + username: this.username, + localAccountId: this.localAccountId, + }); + } + /** + * Returns the AccountInfo interface for this account. + */ + getAccountInfo() { + return { + homeAccountId: this.homeAccountId, + environment: this.environment, + tenantId: this.realm, + username: this.username, + localAccountId: this.localAccountId, + name: this.name, + nativeAccountId: this.nativeAccountId, + authorityType: this.authorityType, + // Deserialize tenant profiles array into a Map + tenantProfiles: new Map((this.tenantProfiles || []).map((tenantProfile) => { + return [tenantProfile.tenantId, tenantProfile]; + })), + }; + } + /** + * Returns true if the account entity is in single tenant format (outdated), false otherwise + */ + isSingleTenant() { + return !this.tenantProfiles; + } + /** + * Generates account key from interface + * @param accountInterface + */ + static generateAccountCacheKey(accountInterface) { + const homeTenantId = accountInterface.homeAccountId.split(".")[1]; + const accountKey = [ + accountInterface.homeAccountId, + accountInterface.environment || "", + homeTenantId || accountInterface.tenantId || "", + ]; + return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); + } + /** + * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD. + * @param accountDetails + */ + static createAccount(accountDetails, authority, base64Decode) { + const account = new AccountEntity(); + if (authority.authorityType === AuthorityType.Adfs) { + account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE; + } + else if (authority.protocolMode === ProtocolMode.AAD) { + account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE; + } + else { + account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE; + } + let clientInfo; + if (accountDetails.clientInfo && base64Decode) { + clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode); + } + account.clientInfo = accountDetails.clientInfo; + account.homeAccountId = accountDetails.homeAccountId; + account.nativeAccountId = accountDetails.nativeAccountId; + const env = accountDetails.environment || + (authority && authority.getPreferredCache()); + if (!env) { + throw createClientAuthError(invalidCacheEnvironment); + } + account.environment = env; + // non AAD scenarios can have empty realm + account.realm = + clientInfo?.utid || + getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) || + ""; + // How do you account for MSA CID here? + account.localAccountId = + clientInfo?.uid || + accountDetails.idTokenClaims?.oid || + accountDetails.idTokenClaims?.sub || + ""; + /* + * In B2C scenarios the emails claim is used instead of preferred_username and it is an array. + * In most cases it will contain a single email. This field should not be relied upon if a custom + * policy is configured to return more than 1 email. + */ + const preferredUsername = accountDetails.idTokenClaims?.preferred_username || + accountDetails.idTokenClaims?.upn; + const email = accountDetails.idTokenClaims?.emails + ? accountDetails.idTokenClaims.emails[0] + : null; + account.username = preferredUsername || email || ""; + account.name = accountDetails.idTokenClaims?.name || ""; + account.cloudGraphHostName = accountDetails.cloudGraphHostName; + account.msGraphHost = accountDetails.msGraphHost; + if (accountDetails.tenantProfiles) { + account.tenantProfiles = accountDetails.tenantProfiles; + } + else { + const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims); + account.tenantProfiles = [tenantProfile]; + } + return account; + } + /** + * Creates an AccountEntity object from AccountInfo + * @param accountInfo + * @param cloudGraphHostName + * @param msGraphHost + * @returns + */ + static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) { + const account = new AccountEntity(); + account.authorityType = + accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE; + account.homeAccountId = accountInfo.homeAccountId; + account.localAccountId = accountInfo.localAccountId; + account.nativeAccountId = accountInfo.nativeAccountId; + account.realm = accountInfo.tenantId; + account.environment = accountInfo.environment; + account.username = accountInfo.username; + account.name = accountInfo.name; + account.cloudGraphHostName = cloudGraphHostName; + account.msGraphHost = msGraphHost; + // Serialize tenant profiles map into an array + account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []); + return account; + } + /** + * Generate HomeAccountId from server response + * @param serverClientInfo + * @param authType + */ + static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) { + // since ADFS/DSTS do not have tid and does not set client_info + if (!(authType === AuthorityType.Adfs || + authType === AuthorityType.Dsts)) { + // for cases where there is clientInfo + if (serverClientInfo) { + try { + const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode); + if (clientInfo.uid && clientInfo.utid) { + return `${clientInfo.uid}.${clientInfo.utid}`; + } + } + catch (e) { } + } + logger.warning("No client info in response"); + } + // default to "sub" claim + return idTokenClaims?.sub || ""; + } + /** + * Validates an entity: checks for all expected params + * @param entity + */ + static isAccountEntity(entity) { + if (!entity) { + return false; + } + return (entity.hasOwnProperty("homeAccountId") && + entity.hasOwnProperty("environment") && + entity.hasOwnProperty("realm") && + entity.hasOwnProperty("localAccountId") && + entity.hasOwnProperty("username") && + entity.hasOwnProperty("authorityType")); + } + /** + * Helper function to determine whether 2 accountInfo objects represent the same account + * @param accountA + * @param accountB + * @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality + */ + static accountInfoIsEqual(accountA, accountB, compareClaims) { + if (!accountA || !accountB) { + return false; + } + let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false + if (compareClaims) { + const accountAClaims = (accountA.idTokenClaims || + {}); + const accountBClaims = (accountB.idTokenClaims || + {}); + // issued at timestamp and nonce are expected to change each time a new id token is acquired + claimsMatch = + accountAClaims.iat === accountBClaims.iat && + accountAClaims.nonce === accountBClaims.nonce; + } + return (accountA.homeAccountId === accountB.homeAccountId && + accountA.localAccountId === accountB.localAccountId && + accountA.username === accountB.username && + accountA.tenantId === accountB.tenantId && + accountA.environment === accountB.environment && + accountA.nativeAccountId === accountB.nativeAccountId && + claimsMatch); + } } -/** - * If the current time is earlier than the time that a token was cached at, we must discard the token - * i.e. The system clock was turned back after acquiring the cached token - * @param cachedAt - * @param offset - */ -function wasClockTurnedBack(cachedAt) { - const cachedAtSec = Number(cachedAt); - return cachedAtSec > nowSeconds(); + + +//# sourceMappingURL=AccountEntity.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/utils/UrlUtils.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Parses hash string from given string. Returns empty string if no hash symbol is found. + * @param hashString + */ +function stripLeadingHashOrQuery(responseString) { + if (responseString.startsWith("#/")) { + return responseString.substring(2); + } + else if (responseString.startsWith("#") || + responseString.startsWith("?")) { + return responseString.substring(1); + } + return responseString; +} +/** + * Returns URL hash as server auth code response object. + */ +function getDeserializedResponse(responseString) { + // Check if given hash is empty + if (!responseString || responseString.indexOf("=") < 0) { + return null; + } + try { + // Strip the # or ? symbol if present + const normalizedResponse = stripLeadingHashOrQuery(responseString); + // If # symbol was not present, above will return empty string, so give original hash value + const deserializedHash = Object.fromEntries(new URLSearchParams(normalizedResponse)); + // Check for known response properties + if (deserializedHash.code || + deserializedHash.error || + deserializedHash.error_description || + deserializedHash.state) { + return deserializedHash; + } + } + catch (e) { + throw createClientAuthError(hashNotDeserialized); + } + return null; } -/** - * Waits for t number of milliseconds - * @param t number - * @param value T - */ -function delay(t, value) { - return new Promise((resolve) => setTimeout(() => resolve(value), t)); + + +//# sourceMappingURL=UrlUtils.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/url/UrlString.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Url object class which can perform various transformations on url strings. + */ +class UrlString { + get urlString() { + return this._urlString; + } + constructor(url) { + this._urlString = url; + if (!this._urlString) { + // Throws error if url is empty + throw createClientConfigurationError(urlEmptyError); + } + if (!url.includes("#")) { + this._urlString = UrlString.canonicalizeUri(url); + } + } + /** + * Ensure urls are lower case and end with a / character. + * @param url + */ + static canonicalizeUri(url) { + if (url) { + let lowerCaseUrl = url.toLowerCase(); + if (StringUtils.endsWith(lowerCaseUrl, "?")) { + lowerCaseUrl = lowerCaseUrl.slice(0, -1); + } + else if (StringUtils.endsWith(lowerCaseUrl, "?/")) { + lowerCaseUrl = lowerCaseUrl.slice(0, -2); + } + if (!StringUtils.endsWith(lowerCaseUrl, "/")) { + lowerCaseUrl += "/"; + } + return lowerCaseUrl; + } + return url; + } + /** + * Throws if urlString passed is not a valid authority URI string. + */ + validateAsUri() { + // Attempts to parse url for uri components + let components; + try { + components = this.getUrlComponents(); + } + catch (e) { + throw createClientConfigurationError(urlParseError); + } + // Throw error if URI or path segments are not parseable. + if (!components.HostNameAndPort || !components.PathSegments) { + throw createClientConfigurationError(urlParseError); + } + // Throw error if uri is insecure. + if (!components.Protocol || + components.Protocol.toLowerCase() !== "https:") { + throw createClientConfigurationError(authorityUriInsecure); + } + } + /** + * Given a url and a query string return the url with provided query string appended + * @param url + * @param queryString + */ + static appendQueryString(url, queryString) { + if (!queryString) { + return url; + } + return url.indexOf("?") < 0 + ? `${url}?${queryString}` + : `${url}&${queryString}`; + } + /** + * Returns a url with the hash removed + * @param url + */ + static removeHashFromUrl(url) { + return UrlString.canonicalizeUri(url.split("#")[0]); + } + /** + * Given a url like https://a:b/common/d?e=f#g, and a tenantId, returns https://a:b/tenantId/d + * @param href The url + * @param tenantId The tenant id to replace + */ + replaceTenantPath(tenantId) { + const urlObject = this.getUrlComponents(); + const pathArray = urlObject.PathSegments; + if (tenantId && + pathArray.length !== 0 && + (pathArray[0] === AADAuthorityConstants.COMMON || + pathArray[0] === AADAuthorityConstants.ORGANIZATIONS)) { + pathArray[0] = tenantId; + } + return UrlString.constructAuthorityUriFromObject(urlObject); + } + /** + * Parses out the components from a url string. + * @returns An object with the various components. Please cache this value insted of calling this multiple times on the same url. + */ + getUrlComponents() { + // https://gist.github.com/curtisz/11139b2cfcaef4a261e0 + const regEx = RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"); + // If url string does not match regEx, we throw an error + const match = this.urlString.match(regEx); + if (!match) { + throw createClientConfigurationError(urlParseError); + } + // Url component object + const urlComponents = { + Protocol: match[1], + HostNameAndPort: match[4], + AbsolutePath: match[5], + QueryString: match[7], + }; + let pathSegments = urlComponents.AbsolutePath.split("/"); + pathSegments = pathSegments.filter((val) => val && val.length > 0); // remove empty elements + urlComponents.PathSegments = pathSegments; + if (urlComponents.QueryString && + urlComponents.QueryString.endsWith("/")) { + urlComponents.QueryString = urlComponents.QueryString.substring(0, urlComponents.QueryString.length - 1); + } + return urlComponents; + } + static getDomainFromUrl(url) { + const regEx = RegExp("^([^:/?#]+://)?([^/?#]*)"); + const match = url.match(regEx); + if (!match) { + throw createClientConfigurationError(urlParseError); + } + return match[2]; + } + static getAbsoluteUrl(relativeUrl, baseUrl) { + if (relativeUrl[0] === Constants.FORWARD_SLASH) { + const url = new UrlString(baseUrl); + const baseComponents = url.getUrlComponents(); + return (baseComponents.Protocol + + "//" + + baseComponents.HostNameAndPort + + relativeUrl); + } + return relativeUrl; + } + static constructAuthorityUriFromObject(urlObject) { + return new UrlString(urlObject.Protocol + + "//" + + urlObject.HostNameAndPort + + "/" + + urlObject.PathSegments.join("/")); + } + /** + * Check if the hash of the URL string contains known properties + * @deprecated This API will be removed in a future version + */ + static hashContainsKnownProperties(response) { + return !!getDeserializedResponse(response); + } } -//# sourceMappingURL=TimeUtils.mjs.map +//# sourceMappingURL=UrlString.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/cache/utils/CacheHelpers.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/authority/AuthorityMetadata.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const rawMetdataJSON = { + endpointMetadata: { + "login.microsoftonline.com": { + token_endpoint: "https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token", + jwks_uri: "https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys", + issuer: "https://login.microsoftonline.com/{tenantid}/v2.0", + authorization_endpoint: "https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize", + end_session_endpoint: "https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout", + }, + "login.chinacloudapi.cn": { + token_endpoint: "https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token", + jwks_uri: "https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys", + issuer: "https://login.partner.microsoftonline.cn/{tenantid}/v2.0", + authorization_endpoint: "https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize", + end_session_endpoint: "https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout", + }, + "login.microsoftonline.us": { + token_endpoint: "https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token", + jwks_uri: "https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys", + issuer: "https://login.microsoftonline.us/{tenantid}/v2.0", + authorization_endpoint: "https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize", + end_session_endpoint: "https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout", + }, + }, + instanceDiscoveryMetadata: { + tenant_discovery_endpoint: "https://{canonicalAuthority}/v2.0/.well-known/openid-configuration", + metadata: [ + { + preferred_network: "login.microsoftonline.com", + preferred_cache: "login.windows.net", + aliases: [ + "login.microsoftonline.com", + "login.windows.net", + "login.microsoft.com", + "sts.windows.net", + ], + }, + { + preferred_network: "login.partner.microsoftonline.cn", + preferred_cache: "login.partner.microsoftonline.cn", + aliases: [ + "login.partner.microsoftonline.cn", + "login.chinacloudapi.cn", + ], + }, + { + preferred_network: "login.microsoftonline.de", + preferred_cache: "login.microsoftonline.de", + aliases: ["login.microsoftonline.de"], + }, + { + preferred_network: "login.microsoftonline.us", + preferred_cache: "login.microsoftonline.us", + aliases: [ + "login.microsoftonline.us", + "login.usgovcloudapi.net", + ], + }, + { + preferred_network: "login-us.microsoftonline.com", + preferred_cache: "login-us.microsoftonline.com", + aliases: ["login-us.microsoftonline.com"], + }, + ], + }, +}; +const EndpointMetadata = rawMetdataJSON.endpointMetadata; +const InstanceDiscoveryMetadata = rawMetdataJSON.instanceDiscoveryMetadata; +const InstanceDiscoveryMetadataAliases = new Set(); +InstanceDiscoveryMetadata.metadata.forEach((metadataEntry) => { + metadataEntry.aliases.forEach((alias) => { + InstanceDiscoveryMetadataAliases.add(alias); + }); +}); +/** + * Attempts to get an aliases array from the static authority metadata sources based on the canonical authority host + * @param staticAuthorityOptions + * @param logger + * @returns + */ +function getAliasesFromStaticSources(staticAuthorityOptions, logger) { + let staticAliases; + const canonicalAuthority = staticAuthorityOptions.canonicalAuthority; + if (canonicalAuthority) { + const authorityHost = new UrlString(canonicalAuthority).getUrlComponents().HostNameAndPort; + staticAliases = + getAliasesFromMetadata(authorityHost, staticAuthorityOptions.cloudDiscoveryMetadata?.metadata, AuthorityMetadataSource.CONFIG, logger) || + getAliasesFromMetadata(authorityHost, InstanceDiscoveryMetadata.metadata, AuthorityMetadataSource.HARDCODED_VALUES, logger) || + staticAuthorityOptions.knownAuthorities; + } + return staticAliases || []; +} +/** + * Returns aliases for from the raw cloud discovery metadata passed in + * @param authorityHost + * @param rawCloudDiscoveryMetadata + * @returns + */ +function getAliasesFromMetadata(authorityHost, cloudDiscoveryMetadata, source, logger) { + logger?.trace(`getAliasesFromMetadata called with source: ${source}`); + if (authorityHost && cloudDiscoveryMetadata) { + const metadata = getCloudDiscoveryMetadataFromNetworkResponse(cloudDiscoveryMetadata, authorityHost); + if (metadata) { + logger?.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${source}, returning aliases`); + return metadata.aliases; + } + else { + logger?.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${source}`); + } + } + return null; +} +/** + * Get cloud discovery metadata for common authorities + */ +function getCloudDiscoveryMetadataFromHardcodedValues(authorityHost) { + const metadata = getCloudDiscoveryMetadataFromNetworkResponse(InstanceDiscoveryMetadata.metadata, authorityHost); + return metadata; +} +/** + * Searches instance discovery network response for the entry that contains the host in the aliases list + * @param response + * @param authority + */ +function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) { + for (let i = 0; i < response.length; i++) { + const metadata = response[i]; + if (metadata.aliases.includes(authorityHost)) { + return metadata; + } + } + return null; +} +//# sourceMappingURL=AuthorityMetadata.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/CacheErrorCodes.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const cacheQuotaExceededErrorCode = "cache_quota_exceeded"; +const cacheUnknownErrorCode = "cache_error_unknown"; +//# sourceMappingURL=CacheErrorCodes.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Cache Key: ------- - * IdToken Example: uid.utid-login.microsoftonline.com-idtoken-app_client_id-contoso.com - * AccessToken Example: uid.utid-login.microsoftonline.com-accesstoken-app_client_id-contoso.com-scope1 scope2--pop - * RefreshToken Example: uid.utid-login.microsoftonline.com-refreshtoken-1-contoso.com - * @param credentialEntity - * @returns - */ -function generateCredentialKey(credentialEntity) { - const credentialKey = [ - generateAccountId(credentialEntity), - generateCredentialId(credentialEntity), - generateTarget(credentialEntity), - generateClaimsHash(credentialEntity), - generateScheme(credentialEntity), - ]; - return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); -} -/** - * Create IdTokenEntity - * @param homeAccountId - * @param authenticationResult - * @param clientId - * @param authority - */ -function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) { - const idTokenEntity = { - credentialType: CredentialType.ID_TOKEN, - homeAccountId: homeAccountId, - environment: environment, - clientId: clientId, - secret: idToken, - realm: tenantId, - }; - return idTokenEntity; -} -/** - * Create AccessTokenEntity - * @param homeAccountId - * @param environment - * @param accessToken - * @param clientId - * @param tenantId - * @param scopes - * @param expiresOn - * @param extExpiresOn - */ -function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId, requestedClaims, requestedClaimsHash) { - const atEntity = { - homeAccountId: homeAccountId, - credentialType: CredentialType.ACCESS_TOKEN, - secret: accessToken, - cachedAt: nowSeconds().toString(), - expiresOn: expiresOn.toString(), - extendedExpiresOn: extExpiresOn.toString(), - environment: environment, - clientId: clientId, - realm: tenantId, - target: scopes, - tokenType: tokenType || AuthenticationScheme.BEARER, - }; - if (userAssertionHash) { - atEntity.userAssertionHash = userAssertionHash; - } - if (refreshOn) { - atEntity.refreshOn = refreshOn.toString(); - } - if (requestedClaims) { - atEntity.requestedClaims = requestedClaims; - atEntity.requestedClaimsHash = requestedClaimsHash; - } - /* - * Create Access Token With Auth Scheme instead of regular access token - * Cast to lower to handle "bearer" from ADFS - */ - if (atEntity.tokenType?.toLowerCase() !== - AuthenticationScheme.BEARER.toLowerCase()) { - atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME; - switch (atEntity.tokenType) { - case AuthenticationScheme.POP: - // Make sure keyId is present and add it to credential - const tokenClaims = extractTokenClaims(accessToken, base64Decode); - if (!tokenClaims?.cnf?.kid) { - throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt); - } - atEntity.keyId = tokenClaims.cnf.kid; - break; - case AuthenticationScheme.SSH: - atEntity.keyId = keyId; - } - } - return atEntity; -} -/** - * Create RefreshTokenEntity - * @param homeAccountId - * @param authenticationResult - * @param clientId - * @param authority - */ -function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) { - const rtEntity = { - credentialType: CredentialType.REFRESH_TOKEN, - homeAccountId: homeAccountId, - environment: environment, - clientId: clientId, - secret: refreshToken, - }; - if (userAssertionHash) { - rtEntity.userAssertionHash = userAssertionHash; - } - if (familyId) { - rtEntity.familyId = familyId; - } - if (expiresOn) { - rtEntity.expiresOn = expiresOn.toString(); - } - return rtEntity; +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/CacheError.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const CacheErrorMessages = { + [cacheQuotaExceededErrorCode]: "Exceeded cache storage capacity.", + [cacheUnknownErrorCode]: "Unexpected error occurred when using cache storage.", +}; +/** + * Error thrown when there is an error with the cache + */ +class CacheError extends Error { + constructor(errorCode, errorMessage) { + const message = errorMessage || + (CacheErrorMessages[errorCode] + ? CacheErrorMessages[errorCode] + : CacheErrorMessages[cacheUnknownErrorCode]); + super(`${errorCode}: ${message}`); + Object.setPrototypeOf(this, CacheError.prototype); + this.name = "CacheError"; + this.errorCode = errorCode; + this.errorMessage = message; + } } -function isCredentialEntity(entity) { - return (entity.hasOwnProperty("homeAccountId") && - entity.hasOwnProperty("environment") && - entity.hasOwnProperty("credentialType") && - entity.hasOwnProperty("clientId") && - entity.hasOwnProperty("secret")); + + +//# sourceMappingURL=CacheError.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/cache/CacheManager.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens. + * @internal + */ +class CacheManager { + constructor(clientId, cryptoImpl, logger, staticAuthorityOptions) { + this.clientId = clientId; + this.cryptoImpl = cryptoImpl; + this.commonLogger = logger.clone(packageMetadata_name, version); + this.staticAuthorityOptions = staticAuthorityOptions; + } + /** + * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned. + * @param accountFilter - (Optional) filter to narrow down the accounts returned + * @returns Array of AccountInfo objects in cache + */ + getAllAccounts(accountFilter) { + return this.buildTenantProfiles(this.getAccountsFilteredBy(accountFilter || {}), accountFilter); + } + /** + * Gets first tenanted AccountInfo object found based on provided filters + */ + getAccountInfoFilteredBy(accountFilter) { + const allAccounts = this.getAllAccounts(accountFilter); + if (allAccounts.length > 1) { + // If one or more accounts are found, prioritize accounts that have an ID token + const sortedAccounts = allAccounts.sort((account) => { + return account.idTokenClaims ? -1 : 1; + }); + return sortedAccounts[0]; + } + else if (allAccounts.length === 1) { + // If only one account is found, return it regardless of whether a matching ID token was found + return allAccounts[0]; + } + else { + return null; + } + } + /** + * Returns a single matching + * @param accountFilter + * @returns + */ + getBaseAccountInfo(accountFilter) { + const accountEntities = this.getAccountsFilteredBy(accountFilter); + if (accountEntities.length > 0) { + return accountEntities[0].getAccountInfo(); + } + else { + return null; + } + } + /** + * Matches filtered account entities with cached ID tokens that match the tenant profile-specific account filters + * and builds the account info objects from the matching ID token's claims + * @param cachedAccounts + * @param accountFilter + * @returns Array of AccountInfo objects that match account and tenant profile filters + */ + buildTenantProfiles(cachedAccounts, accountFilter) { + return cachedAccounts.flatMap((accountEntity) => { + return this.getTenantProfilesFromAccountEntity(accountEntity, accountFilter?.tenantId, accountFilter); + }); + } + getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter) { + let tenantedAccountInfo = null; + let idTokenClaims; + if (tenantProfileFilter) { + if (!this.tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter)) { + return null; + } + } + const idToken = this.getIdToken(accountInfo, tokenKeys, tenantProfile.tenantId); + if (idToken) { + idTokenClaims = extractTokenClaims(idToken.secret, this.cryptoImpl.base64Decode); + if (!this.idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter)) { + // ID token sourced claims don't match so this tenant profile is not a match + return null; + } + } + // Expand tenant profile into account info based on matching tenant profile and if available matching ID token claims + tenantedAccountInfo = updateAccountTenantProfileData(accountInfo, tenantProfile, idTokenClaims, idToken?.secret); + return tenantedAccountInfo; + } + getTenantProfilesFromAccountEntity(accountEntity, targetTenantId, tenantProfileFilter) { + const accountInfo = accountEntity.getAccountInfo(); + let searchTenantProfiles = accountInfo.tenantProfiles || new Map(); + const tokenKeys = this.getTokenKeys(); + // If a tenant ID was provided, only return the tenant profile for that tenant ID if it exists + if (targetTenantId) { + const tenantProfile = searchTenantProfiles.get(targetTenantId); + if (tenantProfile) { + // Reduce search field to just this tenant profile + searchTenantProfiles = new Map([ + [targetTenantId, tenantProfile], + ]); + } + else { + // No tenant profile for search tenant ID, return empty array + return []; + } + } + const matchingTenantProfiles = []; + searchTenantProfiles.forEach((tenantProfile) => { + const tenantedAccountInfo = this.getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter); + if (tenantedAccountInfo) { + matchingTenantProfiles.push(tenantedAccountInfo); + } + }); + return matchingTenantProfiles; + } + tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter) { + if (!!tenantProfileFilter.localAccountId && + !this.matchLocalAccountIdFromTenantProfile(tenantProfile, tenantProfileFilter.localAccountId)) { + return false; + } + if (!!tenantProfileFilter.name && + !(tenantProfile.name === tenantProfileFilter.name)) { + return false; + } + if (tenantProfileFilter.isHomeTenant !== undefined && + !(tenantProfile.isHomeTenant === tenantProfileFilter.isHomeTenant)) { + return false; + } + return true; + } + idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter) { + // Tenant Profile filtering + if (tenantProfileFilter) { + if (!!tenantProfileFilter.localAccountId && + !this.matchLocalAccountIdFromTokenClaims(idTokenClaims, tenantProfileFilter.localAccountId)) { + return false; + } + if (!!tenantProfileFilter.loginHint && + !this.matchLoginHintFromTokenClaims(idTokenClaims, tenantProfileFilter.loginHint)) { + return false; + } + if (!!tenantProfileFilter.username && + !this.matchUsername(idTokenClaims.preferred_username, tenantProfileFilter.username)) { + return false; + } + if (!!tenantProfileFilter.name && + !this.matchName(idTokenClaims, tenantProfileFilter.name)) { + return false; + } + if (!!tenantProfileFilter.sid && + !this.matchSid(idTokenClaims, tenantProfileFilter.sid)) { + return false; + } + } + return true; + } + /** + * saves a cache record + * @param cacheRecord {CacheRecord} + * @param storeInCache {?StoreInCache} + * @param correlationId {?string} correlation id + */ + async saveCacheRecord(cacheRecord, storeInCache, correlationId) { + if (!cacheRecord) { + throw createClientAuthError(invalidCacheRecord); + } + try { + if (!!cacheRecord.account) { + this.setAccount(cacheRecord.account); + } + if (!!cacheRecord.idToken && storeInCache?.idToken !== false) { + this.setIdTokenCredential(cacheRecord.idToken); + } + if (!!cacheRecord.accessToken && + storeInCache?.accessToken !== false) { + await this.saveAccessToken(cacheRecord.accessToken); + } + if (!!cacheRecord.refreshToken && + storeInCache?.refreshToken !== false) { + this.setRefreshTokenCredential(cacheRecord.refreshToken); + } + if (!!cacheRecord.appMetadata) { + this.setAppMetadata(cacheRecord.appMetadata); + } + } + catch (e) { + this.commonLogger?.error(`CacheManager.saveCacheRecord: failed`); + if (e instanceof Error) { + this.commonLogger?.errorPii(`CacheManager.saveCacheRecord: ${e.message}`, correlationId); + if (e.name === "QuotaExceededError" || + e.name === "NS_ERROR_DOM_QUOTA_REACHED" || + e.message.includes("exceeded the quota")) { + this.commonLogger?.error(`CacheManager.saveCacheRecord: exceeded storage quota`, correlationId); + throw new CacheError(cacheQuotaExceededErrorCode); + } + else { + throw new CacheError(e.name, e.message); + } + } + else { + this.commonLogger?.errorPii(`CacheManager.saveCacheRecord: ${e}`, correlationId); + throw new CacheError(cacheUnknownErrorCode); + } + } + } + /** + * saves access token credential + * @param credential + */ + async saveAccessToken(credential) { + const accessTokenFilter = { + clientId: credential.clientId, + credentialType: credential.credentialType, + environment: credential.environment, + homeAccountId: credential.homeAccountId, + realm: credential.realm, + tokenType: credential.tokenType, + requestedClaimsHash: credential.requestedClaimsHash, + }; + const tokenKeys = this.getTokenKeys(); + const currentScopes = ScopeSet.fromString(credential.target); + const removedAccessTokens = []; + tokenKeys.accessToken.forEach((key) => { + if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) { + return; + } + const tokenEntity = this.getAccessTokenCredential(key); + if (tokenEntity && + this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) { + const tokenScopeSet = ScopeSet.fromString(tokenEntity.target); + if (tokenScopeSet.intersectingScopeSets(currentScopes)) { + removedAccessTokens.push(this.removeAccessToken(key)); + } + } + }); + await Promise.all(removedAccessTokens); + this.setAccessTokenCredential(credential); + } + /** + * Retrieve account entities matching all provided tenant-agnostic filters; if no filter is set, get all account entities in the cache + * Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared + * @param accountFilter - An object containing Account properties to filter by + */ + getAccountsFilteredBy(accountFilter) { + const allAccountKeys = this.getAccountKeys(); + const matchingAccounts = []; + allAccountKeys.forEach((cacheKey) => { + if (!this.isAccountKey(cacheKey, accountFilter.homeAccountId)) { + // Don't parse value if the key doesn't match the account filters + return; + } + const entity = this.getAccount(cacheKey, this.commonLogger); + // Match base account fields + if (!entity) { + return; + } + if (!!accountFilter.homeAccountId && + !this.matchHomeAccountId(entity, accountFilter.homeAccountId)) { + return; + } + if (!!accountFilter.username && + !this.matchUsername(entity.username, accountFilter.username)) { + return; + } + if (!!accountFilter.environment && + !this.matchEnvironment(entity, accountFilter.environment)) { + return; + } + if (!!accountFilter.realm && + !this.matchRealm(entity, accountFilter.realm)) { + return; + } + if (!!accountFilter.nativeAccountId && + !this.matchNativeAccountId(entity, accountFilter.nativeAccountId)) { + return; + } + if (!!accountFilter.authorityType && + !this.matchAuthorityType(entity, accountFilter.authorityType)) { + return; + } + // If at least one tenant profile matches the tenant profile filter, add the account to the list of matching accounts + const tenantProfileFilter = { + localAccountId: accountFilter?.localAccountId, + name: accountFilter?.name, + }; + const matchingTenantProfiles = entity.tenantProfiles?.filter((tenantProfile) => { + return this.tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter); + }); + if (matchingTenantProfiles && matchingTenantProfiles.length === 0) { + // No tenant profile for this account matches filter, don't add to list of matching accounts + return; + } + matchingAccounts.push(entity); + }); + return matchingAccounts; + } + /** + * Returns true if the given key matches our account key schema. Also matches homeAccountId and/or tenantId if provided + * @param key + * @param homeAccountId + * @param tenantId + * @returns + */ + isAccountKey(key, homeAccountId, tenantId) { + if (key.split(Separators.CACHE_KEY_SEPARATOR).length < 3) { + // Account cache keys contain 3 items separated by '-' (each item may also contain '-') + return false; + } + if (homeAccountId && + !key.toLowerCase().includes(homeAccountId.toLowerCase())) { + return false; + } + if (tenantId && !key.toLowerCase().includes(tenantId.toLowerCase())) { + return false; + } + // Do not check environment as aliasing can cause false negatives + return true; + } + /** + * Returns true if the given key matches our credential key schema. + * @param key + */ + isCredentialKey(key) { + if (key.split(Separators.CACHE_KEY_SEPARATOR).length < 6) { + // Credential cache keys contain 6 items separated by '-' (each item may also contain '-') + return false; + } + const lowerCaseKey = key.toLowerCase(); + // Credential keys must indicate what credential type they represent + if (lowerCaseKey.indexOf(CredentialType.ID_TOKEN.toLowerCase()) === + -1 && + lowerCaseKey.indexOf(CredentialType.ACCESS_TOKEN.toLowerCase()) === + -1 && + lowerCaseKey.indexOf(CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) === -1 && + lowerCaseKey.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) === + -1) { + return false; + } + if (lowerCaseKey.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) > + -1) { + // Refresh tokens must contain the client id or family id + const clientIdValidation = `${CredentialType.REFRESH_TOKEN}${Separators.CACHE_KEY_SEPARATOR}${this.clientId}${Separators.CACHE_KEY_SEPARATOR}`; + const familyIdValidation = `${CredentialType.REFRESH_TOKEN}${Separators.CACHE_KEY_SEPARATOR}${THE_FAMILY_ID}${Separators.CACHE_KEY_SEPARATOR}`; + if (lowerCaseKey.indexOf(clientIdValidation.toLowerCase()) === -1 && + lowerCaseKey.indexOf(familyIdValidation.toLowerCase()) === -1) { + return false; + } + } + else if (lowerCaseKey.indexOf(this.clientId.toLowerCase()) === -1) { + // Tokens must contain the clientId + return false; + } + return true; + } + /** + * Returns whether or not the given credential entity matches the filter + * @param entity + * @param filter + * @returns + */ + credentialMatchesFilter(entity, filter) { + if (!!filter.clientId && !this.matchClientId(entity, filter.clientId)) { + return false; + } + if (!!filter.userAssertionHash && + !this.matchUserAssertionHash(entity, filter.userAssertionHash)) { + return false; + } + /* + * homeAccountId can be undefined, and we want to filter out cached items that have a homeAccountId of "" + * because we don't want a client_credential request to return a cached token that has a homeAccountId + */ + if (typeof filter.homeAccountId === "string" && + !this.matchHomeAccountId(entity, filter.homeAccountId)) { + return false; + } + if (!!filter.environment && + !this.matchEnvironment(entity, filter.environment)) { + return false; + } + if (!!filter.realm && !this.matchRealm(entity, filter.realm)) { + return false; + } + if (!!filter.credentialType && + !this.matchCredentialType(entity, filter.credentialType)) { + return false; + } + if (!!filter.familyId && !this.matchFamilyId(entity, filter.familyId)) { + return false; + } + /* + * idTokens do not have "target", target specific refreshTokens do exist for some types of authentication + * Resource specific refresh tokens case will be added when the support is deemed necessary + */ + if (!!filter.target && !this.matchTarget(entity, filter.target)) { + return false; + } + // If request OR cached entity has requested Claims Hash, check if they match + if (filter.requestedClaimsHash || entity.requestedClaimsHash) { + // Don't match if either is undefined or they are different + if (entity.requestedClaimsHash !== filter.requestedClaimsHash) { + return false; + } + } + // Access Token with Auth Scheme specific matching + if (entity.credentialType === + CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME) { + if (!!filter.tokenType && + !this.matchTokenType(entity, filter.tokenType)) { + return false; + } + // KeyId (sshKid) in request must match cached SSH certificate keyId because SSH cert is bound to a specific key + if (filter.tokenType === AuthenticationScheme.SSH) { + if (filter.keyId && !this.matchKeyId(entity, filter.keyId)) { + return false; + } + } + } + return true; + } + /** + * retrieve appMetadata matching all provided filters; if no filter is set, get all appMetadata + * @param filter + */ + getAppMetadataFilteredBy(filter) { + const allCacheKeys = this.getKeys(); + const matchingAppMetadata = {}; + allCacheKeys.forEach((cacheKey) => { + // don't parse any non-appMetadata type cache entities + if (!this.isAppMetadata(cacheKey)) { + return; + } + // Attempt retrieval + const entity = this.getAppMetadata(cacheKey); + if (!entity) { + return; + } + if (!!filter.environment && + !this.matchEnvironment(entity, filter.environment)) { + return; + } + if (!!filter.clientId && + !this.matchClientId(entity, filter.clientId)) { + return; + } + matchingAppMetadata[cacheKey] = entity; + }); + return matchingAppMetadata; + } + /** + * retrieve authorityMetadata that contains a matching alias + * @param filter + */ + getAuthorityMetadataByAlias(host) { + const allCacheKeys = this.getAuthorityMetadataKeys(); + let matchedEntity = null; + allCacheKeys.forEach((cacheKey) => { + // don't parse any non-authorityMetadata type cache entities + if (!this.isAuthorityMetadata(cacheKey) || + cacheKey.indexOf(this.clientId) === -1) { + return; + } + // Attempt retrieval + const entity = this.getAuthorityMetadata(cacheKey); + if (!entity) { + return; + } + if (entity.aliases.indexOf(host) === -1) { + return; + } + matchedEntity = entity; + }); + return matchedEntity; + } + /** + * Removes all accounts and related tokens from cache. + */ + async removeAllAccounts() { + const allAccountKeys = this.getAccountKeys(); + const removedAccounts = []; + allAccountKeys.forEach((cacheKey) => { + removedAccounts.push(this.removeAccount(cacheKey)); + }); + await Promise.all(removedAccounts); + } + /** + * Removes the account and related tokens for a given account key + * @param account + */ + async removeAccount(accountKey) { + const account = this.getAccount(accountKey, this.commonLogger); + if (!account) { + return; + } + await this.removeAccountContext(account); + this.removeItem(accountKey); + } + /** + * Removes credentials associated with the provided account + * @param account + */ + async removeAccountContext(account) { + const allTokenKeys = this.getTokenKeys(); + const accountId = account.generateAccountId(); + const removedCredentials = []; + allTokenKeys.idToken.forEach((key) => { + if (key.indexOf(accountId) === 0) { + this.removeIdToken(key); + } + }); + allTokenKeys.accessToken.forEach((key) => { + if (key.indexOf(accountId) === 0) { + removedCredentials.push(this.removeAccessToken(key)); + } + }); + allTokenKeys.refreshToken.forEach((key) => { + if (key.indexOf(accountId) === 0) { + this.removeRefreshToken(key); + } + }); + await Promise.all(removedCredentials); + } + /** + * Migrates a single-tenant account and all it's associated alternate cross-tenant account objects in the + * cache into a condensed multi-tenant account object with tenant profiles. + * @param accountKey + * @param accountEntity + * @param logger + * @returns + */ + updateOutdatedCachedAccount(accountKey, accountEntity, logger) { + // Only update if account entity is defined and has no tenantProfiles object (is outdated) + if (accountEntity && accountEntity.isSingleTenant()) { + this.commonLogger?.verbose("updateOutdatedCachedAccount: Found a single-tenant (outdated) account entity in the cache, migrating to multi-tenant account entity"); + // Get keys of all accounts belonging to user + const matchingAccountKeys = this.getAccountKeys().filter((key) => { + return key.startsWith(accountEntity.homeAccountId); + }); + // Get all account entities belonging to user + const accountsToMerge = []; + matchingAccountKeys.forEach((key) => { + const account = this.getCachedAccountEntity(key); + if (account) { + accountsToMerge.push(account); + } + }); + // Set base account to home account if available, any account if not + const baseAccount = accountsToMerge.find((account) => { + return tenantIdMatchesHomeTenant(account.realm, account.homeAccountId); + }) || accountsToMerge[0]; + // Populate tenant profiles built from each account entity belonging to the user + baseAccount.tenantProfiles = accountsToMerge.map((account) => { + return { + tenantId: account.realm, + localAccountId: account.localAccountId, + name: account.name, + isHomeTenant: tenantIdMatchesHomeTenant(account.realm, account.homeAccountId), + }; + }); + const updatedAccount = CacheManager.toObject(new AccountEntity(), { + ...baseAccount, + }); + const newAccountKey = updatedAccount.generateAccountKey(); + // Clear cache of legacy account objects that have been collpsed into tenant profiles + matchingAccountKeys.forEach((key) => { + if (key !== newAccountKey) { + this.removeOutdatedAccount(accountKey); + } + }); + // Cache updated account object + this.setAccount(updatedAccount); + logger?.verbose("Updated an outdated account entity in the cache"); + return updatedAccount; + } + // No update is necessary + return accountEntity; + } + /** + * returns a boolean if the given credential is removed + * @param credential + */ + async removeAccessToken(key) { + const credential = this.getAccessTokenCredential(key); + if (!credential) { + return; + } + // Remove Token Binding Key from key store for PoP Tokens Credentials + if (credential.credentialType.toLowerCase() === + CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) { + if (credential.tokenType === AuthenticationScheme.POP) { + const accessTokenWithAuthSchemeEntity = credential; + const kid = accessTokenWithAuthSchemeEntity.keyId; + if (kid) { + try { + await this.cryptoImpl.removeTokenBindingKey(kid); + } + catch (error) { + throw createClientAuthError(bindingKeyNotRemoved); + } + } + } + } + return this.removeItem(key); + } + /** + * Removes all app metadata objects from cache. + */ + removeAppMetadata() { + const allCacheKeys = this.getKeys(); + allCacheKeys.forEach((cacheKey) => { + if (this.isAppMetadata(cacheKey)) { + this.removeItem(cacheKey); + } + }); + return true; + } + /** + * Retrieve AccountEntity from cache + * @param account + */ + readAccountFromCache(account) { + const accountKey = AccountEntity.generateAccountCacheKey(account); + return this.getAccount(accountKey, this.commonLogger); + } + /** + * Retrieve IdTokenEntity from cache + * @param account {AccountInfo} + * @param tokenKeys {?TokenKeys} + * @param targetRealm {?string} + * @param performanceClient {?IPerformanceClient} + * @param correlationId {?string} + */ + getIdToken(account, tokenKeys, targetRealm, performanceClient, correlationId) { + this.commonLogger.trace("CacheManager - getIdToken called"); + const idTokenFilter = { + homeAccountId: account.homeAccountId, + environment: account.environment, + credentialType: CredentialType.ID_TOKEN, + clientId: this.clientId, + realm: targetRealm, + }; + const idTokenMap = this.getIdTokensByFilter(idTokenFilter, tokenKeys); + const numIdTokens = idTokenMap.size; + if (numIdTokens < 1) { + this.commonLogger.info("CacheManager:getIdToken - No token found"); + return null; + } + else if (numIdTokens > 1) { + let tokensToBeRemoved = idTokenMap; + // Multiple tenant profiles and no tenant specified, pick home account + if (!targetRealm) { + const homeIdTokenMap = new Map(); + idTokenMap.forEach((idToken, key) => { + if (idToken.realm === account.tenantId) { + homeIdTokenMap.set(key, idToken); + } + }); + const numHomeIdTokens = homeIdTokenMap.size; + if (numHomeIdTokens < 1) { + this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result"); + return idTokenMap.values().next().value; + } + else if (numHomeIdTokens === 1) { + this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile"); + return homeIdTokenMap.values().next().value; + } + else { + // Multiple ID tokens for home tenant profile, remove all and return null + tokensToBeRemoved = homeIdTokenMap; + } + } + // Multiple tokens for a single tenant profile, remove all and return null + this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"); + tokensToBeRemoved.forEach((idToken, key) => { + this.removeIdToken(key); + }); + if (performanceClient && correlationId) { + performanceClient.addFields({ multiMatchedID: idTokenMap.size }, correlationId); + } + return null; + } + this.commonLogger.info("CacheManager:getIdToken - Returning ID token"); + return idTokenMap.values().next().value; + } + /** + * Gets all idTokens matching the given filter + * @param filter + * @returns + */ + getIdTokensByFilter(filter, tokenKeys) { + const idTokenKeys = (tokenKeys && tokenKeys.idToken) || this.getTokenKeys().idToken; + const idTokens = new Map(); + idTokenKeys.forEach((key) => { + if (!this.idTokenKeyMatchesFilter(key, { + clientId: this.clientId, + ...filter, + })) { + return; + } + const idToken = this.getIdTokenCredential(key); + if (idToken && this.credentialMatchesFilter(idToken, filter)) { + idTokens.set(key, idToken); + } + }); + return idTokens; + } + /** + * Validate the cache key against filter before retrieving and parsing cache value + * @param key + * @param filter + * @returns + */ + idTokenKeyMatchesFilter(inputKey, filter) { + const key = inputKey.toLowerCase(); + if (filter.clientId && + key.indexOf(filter.clientId.toLowerCase()) === -1) { + return false; + } + if (filter.homeAccountId && + key.indexOf(filter.homeAccountId.toLowerCase()) === -1) { + return false; + } + return true; + } + /** + * Removes idToken from the cache + * @param key + */ + removeIdToken(key) { + this.removeItem(key); + } + /** + * Removes refresh token from the cache + * @param key + */ + removeRefreshToken(key) { + this.removeItem(key); + } + /** + * Retrieve AccessTokenEntity from cache + * @param account {AccountInfo} + * @param request {BaseAuthRequest} + * @param tokenKeys {?TokenKeys} + * @param performanceClient {?IPerformanceClient} + * @param correlationId {?string} + */ + getAccessToken(account, request, tokenKeys, targetRealm, performanceClient, correlationId) { + this.commonLogger.trace("CacheManager - getAccessToken called"); + const scopes = ScopeSet.createSearchScopes(request.scopes); + const authScheme = request.authenticationScheme || AuthenticationScheme.BEARER; + /* + * Distinguish between Bearer and PoP/SSH token cache types + * Cast to lowercase to handle "bearer" from ADFS + */ + const credentialType = authScheme && + authScheme.toLowerCase() !== + AuthenticationScheme.BEARER.toLowerCase() + ? CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME + : CredentialType.ACCESS_TOKEN; + const accessTokenFilter = { + homeAccountId: account.homeAccountId, + environment: account.environment, + credentialType: credentialType, + clientId: this.clientId, + realm: targetRealm || account.tenantId, + target: scopes, + tokenType: authScheme, + keyId: request.sshKid, + requestedClaimsHash: request.requestedClaimsHash, + }; + const accessTokenKeys = (tokenKeys && tokenKeys.accessToken) || + this.getTokenKeys().accessToken; + const accessTokens = []; + accessTokenKeys.forEach((key) => { + // Validate key + if (this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)) { + const accessToken = this.getAccessTokenCredential(key); + // Validate value + if (accessToken && + this.credentialMatchesFilter(accessToken, accessTokenFilter)) { + accessTokens.push(accessToken); + } + } + }); + const numAccessTokens = accessTokens.length; + if (numAccessTokens < 1) { + this.commonLogger.info("CacheManager:getAccessToken - No token found"); + return null; + } + else if (numAccessTokens > 1) { + this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them"); + accessTokens.forEach((accessToken) => { + void this.removeAccessToken(generateCredentialKey(accessToken)); + }); + if (performanceClient && correlationId) { + performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId); + } + return null; + } + this.commonLogger.info("CacheManager:getAccessToken - Returning access token"); + return accessTokens[0]; + } + /** + * Validate the cache key against filter before retrieving and parsing cache value + * @param key + * @param filter + * @param keyMustContainAllScopes + * @returns + */ + accessTokenKeyMatchesFilter(inputKey, filter, keyMustContainAllScopes) { + const key = inputKey.toLowerCase(); + if (filter.clientId && + key.indexOf(filter.clientId.toLowerCase()) === -1) { + return false; + } + if (filter.homeAccountId && + key.indexOf(filter.homeAccountId.toLowerCase()) === -1) { + return false; + } + if (filter.realm && key.indexOf(filter.realm.toLowerCase()) === -1) { + return false; + } + if (filter.requestedClaimsHash && + key.indexOf(filter.requestedClaimsHash.toLowerCase()) === -1) { + return false; + } + if (filter.target) { + const scopes = filter.target.asArray(); + for (let i = 0; i < scopes.length; i++) { + if (keyMustContainAllScopes && + !key.includes(scopes[i].toLowerCase())) { + // When performing a cache lookup a missing scope would be a cache miss + return false; + } + else if (!keyMustContainAllScopes && + key.includes(scopes[i].toLowerCase())) { + // When performing a cache write, any token with a subset of requested scopes should be replaced + return true; + } + } + } + return true; + } + /** + * Gets all access tokens matching the filter + * @param filter + * @returns + */ + getAccessTokensByFilter(filter) { + const tokenKeys = this.getTokenKeys(); + const accessTokens = []; + tokenKeys.accessToken.forEach((key) => { + if (!this.accessTokenKeyMatchesFilter(key, filter, true)) { + return; + } + const accessToken = this.getAccessTokenCredential(key); + if (accessToken && + this.credentialMatchesFilter(accessToken, filter)) { + accessTokens.push(accessToken); + } + }); + return accessTokens; + } + /** + * Helper to retrieve the appropriate refresh token from cache + * @param account {AccountInfo} + * @param familyRT {boolean} + * @param tokenKeys {?TokenKeys} + * @param performanceClient {?IPerformanceClient} + * @param correlationId {?string} + */ + getRefreshToken(account, familyRT, tokenKeys, performanceClient, correlationId) { + this.commonLogger.trace("CacheManager - getRefreshToken called"); + const id = familyRT ? THE_FAMILY_ID : undefined; + const refreshTokenFilter = { + homeAccountId: account.homeAccountId, + environment: account.environment, + credentialType: CredentialType.REFRESH_TOKEN, + clientId: this.clientId, + familyId: id, + }; + const refreshTokenKeys = (tokenKeys && tokenKeys.refreshToken) || + this.getTokenKeys().refreshToken; + const refreshTokens = []; + refreshTokenKeys.forEach((key) => { + // Validate key + if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) { + const refreshToken = this.getRefreshTokenCredential(key); + // Validate value + if (refreshToken && + this.credentialMatchesFilter(refreshToken, refreshTokenFilter)) { + refreshTokens.push(refreshToken); + } + } + }); + const numRefreshTokens = refreshTokens.length; + if (numRefreshTokens < 1) { + this.commonLogger.info("CacheManager:getRefreshToken - No refresh token found."); + return null; + } + // address the else case after remove functions address environment aliases + if (numRefreshTokens > 1 && performanceClient && correlationId) { + performanceClient.addFields({ multiMatchedRT: numRefreshTokens }, correlationId); + } + this.commonLogger.info("CacheManager:getRefreshToken - returning refresh token"); + return refreshTokens[0]; + } + /** + * Validate the cache key against filter before retrieving and parsing cache value + * @param key + * @param filter + */ + refreshTokenKeyMatchesFilter(inputKey, filter) { + const key = inputKey.toLowerCase(); + if (filter.familyId && + key.indexOf(filter.familyId.toLowerCase()) === -1) { + return false; + } + // If familyId is used, clientId is not in the key + if (!filter.familyId && + filter.clientId && + key.indexOf(filter.clientId.toLowerCase()) === -1) { + return false; + } + if (filter.homeAccountId && + key.indexOf(filter.homeAccountId.toLowerCase()) === -1) { + return false; + } + return true; + } + /** + * Retrieve AppMetadataEntity from cache + */ + readAppMetadataFromCache(environment) { + const appMetadataFilter = { + environment, + clientId: this.clientId, + }; + const appMetadata = this.getAppMetadataFilteredBy(appMetadataFilter); + const appMetadataEntries = Object.keys(appMetadata).map((key) => appMetadata[key]); + const numAppMetadata = appMetadataEntries.length; + if (numAppMetadata < 1) { + return null; + } + else if (numAppMetadata > 1) { + throw createClientAuthError(multipleMatchingAppMetadata); + } + return appMetadataEntries[0]; + } + /** + * Return the family_id value associated with FOCI + * @param environment + * @param clientId + */ + isAppMetadataFOCI(environment) { + const appMetadata = this.readAppMetadataFromCache(environment); + return !!(appMetadata && appMetadata.familyId === THE_FAMILY_ID); + } + /** + * helper to match account ids + * @param value + * @param homeAccountId + */ + matchHomeAccountId(entity, homeAccountId) { + return !!(typeof entity.homeAccountId === "string" && + homeAccountId === entity.homeAccountId); + } + /** + * helper to match account ids + * @param entity + * @param localAccountId + * @returns + */ + matchLocalAccountIdFromTokenClaims(tokenClaims, localAccountId) { + const idTokenLocalAccountId = tokenClaims.oid || tokenClaims.sub; + return localAccountId === idTokenLocalAccountId; + } + matchLocalAccountIdFromTenantProfile(tenantProfile, localAccountId) { + return tenantProfile.localAccountId === localAccountId; + } + /** + * helper to match names + * @param entity + * @param name + * @returns true if the downcased name properties are present and match in the filter and the entity + */ + matchName(claims, name) { + return !!(name.toLowerCase() === claims.name?.toLowerCase()); + } + /** + * helper to match usernames + * @param entity + * @param username + * @returns + */ + matchUsername(cachedUsername, filterUsername) { + return !!(cachedUsername && + typeof cachedUsername === "string" && + filterUsername?.toLowerCase() === cachedUsername.toLowerCase()); + } + /** + * helper to match assertion + * @param value + * @param oboAssertion + */ + matchUserAssertionHash(entity, userAssertionHash) { + return !!(entity.userAssertionHash && + userAssertionHash === entity.userAssertionHash); + } + /** + * helper to match environment + * @param value + * @param environment + */ + matchEnvironment(entity, environment) { + // Check static authority options first for cases where authority metadata has not been resolved and cached yet + if (this.staticAuthorityOptions) { + const staticAliases = getAliasesFromStaticSources(this.staticAuthorityOptions, this.commonLogger); + if (staticAliases.includes(environment) && + staticAliases.includes(entity.environment)) { + return true; + } + } + // Query metadata cache if no static authority configuration has aliases that match enviroment + const cloudMetadata = this.getAuthorityMetadataByAlias(environment); + if (cloudMetadata && + cloudMetadata.aliases.indexOf(entity.environment) > -1) { + return true; + } + return false; + } + /** + * helper to match credential type + * @param entity + * @param credentialType + */ + matchCredentialType(entity, credentialType) { + return (entity.credentialType && + credentialType.toLowerCase() === entity.credentialType.toLowerCase()); + } + /** + * helper to match client ids + * @param entity + * @param clientId + */ + matchClientId(entity, clientId) { + return !!(entity.clientId && clientId === entity.clientId); + } + /** + * helper to match family ids + * @param entity + * @param familyId + */ + matchFamilyId(entity, familyId) { + return !!(entity.familyId && familyId === entity.familyId); + } + /** + * helper to match realm + * @param entity + * @param realm + */ + matchRealm(entity, realm) { + return !!(entity.realm?.toLowerCase() === realm.toLowerCase()); + } + /** + * helper to match nativeAccountId + * @param entity + * @param nativeAccountId + * @returns boolean indicating the match result + */ + matchNativeAccountId(entity, nativeAccountId) { + return !!(entity.nativeAccountId && nativeAccountId === entity.nativeAccountId); + } + /** + * helper to match loginHint which can be either: + * 1. login_hint ID token claim + * 2. username in cached account object + * 3. upn in ID token claims + * @param entity + * @param loginHint + * @returns + */ + matchLoginHintFromTokenClaims(tokenClaims, loginHint) { + if (tokenClaims.login_hint === loginHint) { + return true; + } + if (tokenClaims.preferred_username === loginHint) { + return true; + } + if (tokenClaims.upn === loginHint) { + return true; + } + return false; + } + /** + * Helper to match sid + * @param entity + * @param sid + * @returns true if the sid claim is present and matches the filter + */ + matchSid(idTokenClaims, sid) { + return idTokenClaims.sid === sid; + } + matchAuthorityType(entity, authorityType) { + return !!(entity.authorityType && + authorityType.toLowerCase() === entity.authorityType.toLowerCase()); + } + /** + * Returns true if the target scopes are a subset of the current entity's scopes, false otherwise. + * @param entity + * @param target + */ + matchTarget(entity, target) { + const isNotAccessTokenCredential = entity.credentialType !== CredentialType.ACCESS_TOKEN && + entity.credentialType !== + CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME; + if (isNotAccessTokenCredential || !entity.target) { + return false; + } + const entityScopeSet = ScopeSet.fromString(entity.target); + return entityScopeSet.containsScopeSet(target); + } + /** + * Returns true if the credential's tokenType or Authentication Scheme matches the one in the request, false otherwise + * @param entity + * @param tokenType + */ + matchTokenType(entity, tokenType) { + return !!(entity.tokenType && entity.tokenType === tokenType); + } + /** + * Returns true if the credential's keyId matches the one in the request, false otherwise + * @param entity + * @param keyId + */ + matchKeyId(entity, keyId) { + return !!(entity.keyId && entity.keyId === keyId); + } + /** + * returns if a given cache entity is of the type appmetadata + * @param key + */ + isAppMetadata(key) { + return key.indexOf(APP_METADATA) !== -1; + } + /** + * returns if a given cache entity is of the type authoritymetadata + * @param key + */ + isAuthorityMetadata(key) { + return key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) !== -1; + } + /** + * returns cache key used for cloud instance metadata + */ + generateAuthorityMetadataCacheKey(authority) { + return `${AUTHORITY_METADATA_CONSTANTS.CACHE_KEY}-${this.clientId}-${authority}`; + } + /** + * Helper to convert serialized data to object + * @param obj + * @param json + */ + static toObject(obj, json) { + for (const propertyName in json) { + obj[propertyName] = json[propertyName]; + } + return obj; + } +} +/** @internal */ +class DefaultStorageClass extends CacheManager { + setAccount() { + throw createClientAuthError(methodNotImplemented); + } + getAccount() { + throw createClientAuthError(methodNotImplemented); + } + getCachedAccountEntity() { + throw createClientAuthError(methodNotImplemented); + } + setIdTokenCredential() { + throw createClientAuthError(methodNotImplemented); + } + getIdTokenCredential() { + throw createClientAuthError(methodNotImplemented); + } + setAccessTokenCredential() { + throw createClientAuthError(methodNotImplemented); + } + getAccessTokenCredential() { + throw createClientAuthError(methodNotImplemented); + } + setRefreshTokenCredential() { + throw createClientAuthError(methodNotImplemented); + } + getRefreshTokenCredential() { + throw createClientAuthError(methodNotImplemented); + } + setAppMetadata() { + throw createClientAuthError(methodNotImplemented); + } + getAppMetadata() { + throw createClientAuthError(methodNotImplemented); + } + setServerTelemetry() { + throw createClientAuthError(methodNotImplemented); + } + getServerTelemetry() { + throw createClientAuthError(methodNotImplemented); + } + setAuthorityMetadata() { + throw createClientAuthError(methodNotImplemented); + } + getAuthorityMetadata() { + throw createClientAuthError(methodNotImplemented); + } + getAuthorityMetadataKeys() { + throw createClientAuthError(methodNotImplemented); + } + setThrottlingCache() { + throw createClientAuthError(methodNotImplemented); + } + getThrottlingCache() { + throw createClientAuthError(methodNotImplemented); + } + removeItem() { + throw createClientAuthError(methodNotImplemented); + } + getKeys() { + throw createClientAuthError(methodNotImplemented); + } + getAccountKeys() { + throw createClientAuthError(methodNotImplemented); + } + getTokenKeys() { + throw createClientAuthError(methodNotImplemented); + } + async clear() { + throw createClientAuthError(methodNotImplemented); + } + updateCredentialCacheKey() { + throw createClientAuthError(methodNotImplemented); + } + removeOutdatedAccount() { + throw createClientAuthError(methodNotImplemented); + } } -/** - * Validates an entity: checks for all expected params - * @param entity - */ -function isAccessTokenEntity(entity) { - if (!entity) { - return false; - } - return (isCredentialEntity(entity) && - entity.hasOwnProperty("realm") && - entity.hasOwnProperty("target") && - (entity["credentialType"] === CredentialType.ACCESS_TOKEN || - entity["credentialType"] === - CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME)); -} -/** - * Validates an entity: checks for all expected params - * @param entity - */ -function isIdTokenEntity(entity) { - if (!entity) { - return false; - } - return (isCredentialEntity(entity) && - entity.hasOwnProperty("realm") && - entity["credentialType"] === CredentialType.ID_TOKEN); -} -/** - * Validates an entity: checks for all expected params - * @param entity - */ -function isRefreshTokenEntity(entity) { - if (!entity) { - return false; - } - return (isCredentialEntity(entity) && - entity["credentialType"] === CredentialType.REFRESH_TOKEN); -} -/** - * Generate Account Id key component as per the schema: - - */ -function generateAccountId(credentialEntity) { - const accountId = [ - credentialEntity.homeAccountId, - credentialEntity.environment, - ]; - return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); -} -/** - * Generate Credential Id key component as per the schema: -- - */ -function generateCredentialId(credentialEntity) { - const clientOrFamilyId = credentialEntity.credentialType === CredentialType.REFRESH_TOKEN - ? credentialEntity.familyId || credentialEntity.clientId - : credentialEntity.clientId; - const credentialId = [ - credentialEntity.credentialType, - clientOrFamilyId, - credentialEntity.realm || "", - ]; - return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); -} -/** - * Generate target key component as per schema: - */ -function generateTarget(credentialEntity) { - return (credentialEntity.target || "").toLowerCase(); -} -/** - * Generate requested claims key component as per schema: - */ -function generateClaimsHash(credentialEntity) { - return (credentialEntity.requestedClaimsHash || "").toLowerCase(); -} -/** - * Generate scheme key componenet as per schema: - */ -function generateScheme(credentialEntity) { - /* - * PoP Tokens and SSH certs include scheme in cache key - * Cast to lowercase to handle "bearer" from ADFS - */ - return credentialEntity.tokenType && - credentialEntity.tokenType.toLowerCase() !== - AuthenticationScheme.BEARER.toLowerCase() - ? credentialEntity.tokenType.toLowerCase() - : ""; -} -/** - * validates if a given cache entry is "Telemetry", parses - * @param key - * @param entity - */ -function isServerTelemetryEntity(key, entity) { - const validateKey = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0; - let validateEntity = true; - if (entity) { - validateEntity = - entity.hasOwnProperty("failedRequests") && - entity.hasOwnProperty("errors") && - entity.hasOwnProperty("cacheHits"); - } - return validateKey && validateEntity; -} -/** - * validates if a given cache entry is "Throttling", parses - * @param key - * @param entity - */ -function isThrottlingEntity(key, entity) { - let validateKey = false; - if (key) { - validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0; - } - let validateEntity = true; - if (entity) { - validateEntity = entity.hasOwnProperty("throttleTime"); - } - return validateKey && validateEntity; -} -/** - * Generate AppMetadata Cache Key as per the schema: appmetadata-- - */ -function generateAppMetadataKey({ environment, clientId, }) { - const appMetaDataKeyArray = [ - APP_METADATA, - environment, - clientId, - ]; - return appMetaDataKeyArray - .join(Separators.CACHE_KEY_SEPARATOR) - .toLowerCase(); -} -/* - * Validates an entity: checks for all expected params - * @param entity - */ -function isAppMetadataEntity(key, entity) { - if (!entity) { - return false; - } - return (key.indexOf(APP_METADATA) === 0 && - entity.hasOwnProperty("clientId") && - entity.hasOwnProperty("environment")); -} -/** - * Validates an entity: checks for all expected params - * @param entity - */ -function isAuthorityMetadataEntity(key, entity) { - if (!entity) { - return false; - } - return (key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 && - entity.hasOwnProperty("aliases") && - entity.hasOwnProperty("preferred_cache") && - entity.hasOwnProperty("preferred_network") && - entity.hasOwnProperty("canonical_authority") && - entity.hasOwnProperty("authorization_endpoint") && - entity.hasOwnProperty("token_endpoint") && - entity.hasOwnProperty("issuer") && - entity.hasOwnProperty("aliasesFromNetwork") && - entity.hasOwnProperty("endpointsFromNetwork") && - entity.hasOwnProperty("expiresAt") && - entity.hasOwnProperty("jwks_uri")); -} -/** - * Reset the exiresAt value - */ -function generateAuthorityMetadataExpiresAt() { - return (nowSeconds() + - AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS); -} -function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) { - authorityMetadata.authorization_endpoint = - updatedValues.authorization_endpoint; - authorityMetadata.token_endpoint = updatedValues.token_endpoint; - authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint; - authorityMetadata.issuer = updatedValues.issuer; - authorityMetadata.endpointsFromNetwork = fromNetwork; - authorityMetadata.jwks_uri = updatedValues.jwks_uri; -} -function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) { - authorityMetadata.aliases = updatedValues.aliases; - authorityMetadata.preferred_cache = updatedValues.preferred_cache; - authorityMetadata.preferred_network = updatedValues.preferred_network; - authorityMetadata.aliasesFromNetwork = fromNetwork; -} -/** - * Returns whether or not the data needs to be refreshed - */ -function isAuthorityMetadataExpired(metadata) { - return metadata.expiresAt <= nowSeconds(); + + +//# sourceMappingURL=CacheManager.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/config/ClientConfiguration.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const DEFAULT_SYSTEM_OPTIONS = { + tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC, + preventCorsPreflight: false, +}; +const DEFAULT_LOGGER_IMPLEMENTATION = { + loggerCallback: () => { + // allow users to not set loggerCallback + }, + piiLoggingEnabled: false, + logLevel: LogLevel.Info, + correlationId: Constants.EMPTY_STRING, +}; +const DEFAULT_CACHE_OPTIONS = { + claimsBasedCachingEnabled: false, +}; +const DEFAULT_NETWORK_IMPLEMENTATION = { + async sendGetRequestAsync() { + throw createClientAuthError(methodNotImplemented); + }, + async sendPostRequestAsync() { + throw createClientAuthError(methodNotImplemented); + }, +}; +const DEFAULT_LIBRARY_INFO = { + sku: Constants.SKU, + version: version, + cpu: Constants.EMPTY_STRING, + os: Constants.EMPTY_STRING, +}; +const DEFAULT_CLIENT_CREDENTIALS = { + clientSecret: Constants.EMPTY_STRING, + clientAssertion: undefined, +}; +const DEFAULT_AZURE_CLOUD_OPTIONS = { + azureCloudInstance: AzureCloudInstance.None, + tenant: `${Constants.DEFAULT_COMMON_TENANT}`, +}; +const DEFAULT_TELEMETRY_OPTIONS = { + application: { + appName: "", + appVersion: "", + }, +}; +/** + * Function that sets the default options when not explicitly configured from app developer + * + * @param Configuration + * + * @returns Configuration + */ +function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) { + const loggerOptions = { + ...DEFAULT_LOGGER_IMPLEMENTATION, + ...userLoggerOption, + }; + return { + authOptions: buildAuthOptions(userAuthOptions), + systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions }, + loggerOptions: loggerOptions, + cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions }, + storageInterface: storageImplementation || + new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions)), + networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION, + cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION, + clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS, + libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo }, + telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry }, + serverTelemetryManager: serverTelemetryManager || null, + persistencePlugin: persistencePlugin || null, + serializableCache: serializableCache || null, + }; +} +/** + * Construct authoptions from the client and platform passed values + * @param authOptions + */ +function buildAuthOptions(authOptions) { + return { + clientCapabilities: [], + azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS, + skipAuthorityMetadataCache: false, + ...authOptions, + }; +} +/** + * Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise + * @param ClientConfiguration + */ +function isOidcProtocolMode(config) { + return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC); } -//# sourceMappingURL=CacheHelpers.mjs.map +//# sourceMappingURL=ClientConfiguration.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/ClientConfigurationErrorCodes.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/network/INetworkModule.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const redirectUriEmpty = "redirect_uri_empty"; -const claimsRequestParsingError = "claims_request_parsing_error"; -const authorityUriInsecure = "authority_uri_insecure"; -const urlParseError = "url_parse_error"; -const urlEmptyError = "empty_url_error"; -const emptyInputScopesError = "empty_input_scopes_error"; -const invalidPromptValue = "invalid_prompt_value"; -const invalidClaims = "invalid_claims"; -const tokenRequestEmpty = "token_request_empty"; -const logoutRequestEmpty = "logout_request_empty"; -const invalidCodeChallengeMethod = "invalid_code_challenge_method"; -const pkceParamsMissing = "pkce_params_missing"; -const invalidCloudDiscoveryMetadata = "invalid_cloud_discovery_metadata"; -const invalidAuthorityMetadata = "invalid_authority_metadata"; -const untrustedAuthority = "untrusted_authority"; -const missingSshJwk = "missing_ssh_jwk"; -const missingSshKid = "missing_ssh_kid"; -const missingNonceAuthenticationHeader = "missing_nonce_authentication_header"; -const invalidAuthenticationHeader = "invalid_authentication_header"; -const cannotSetOIDCOptions = "cannot_set_OIDCOptions"; -const cannotAllowNativeBroker = "cannot_allow_native_broker"; -const authorityMismatch = "authority_mismatch"; -//# sourceMappingURL=ClientConfigurationErrorCodes.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/ClientConfigurationError.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const StubbedNetworkModule = { + sendGetRequestAsync: () => { + return Promise.reject(createClientAuthError(methodNotImplemented)); + }, + sendPostRequestAsync: () => { + return Promise.reject(createClientAuthError(methodNotImplemented)); + }, +}; +//# sourceMappingURL=INetworkModule.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/telemetry/performance/PerformanceEvent.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient. + * + * @export + * @enum {number} + */ +const PerformanceEvents = { + /** + * acquireTokenByCode API (msal-browser and msal-node). + * Used to acquire tokens by trading an authorization code against the token endpoint. + */ + AcquireTokenByCode: "acquireTokenByCode", + /** + * acquireTokenByRefreshToken API (msal-browser and msal-node). + * Used to renew an access token using a refresh token against the token endpoint. + */ + AcquireTokenByRefreshToken: "acquireTokenByRefreshToken", + /** + * acquireTokenSilent API (msal-browser and msal-node). + * Used to silently acquire a new access token (from the cache or the network). + */ + AcquireTokenSilent: "acquireTokenSilent", + /** + * acquireTokenSilentAsync (msal-browser). + * Internal API for acquireTokenSilent. + */ + AcquireTokenSilentAsync: "acquireTokenSilentAsync", + /** + * acquireTokenPopup (msal-browser). + * Used to acquire a new access token interactively through pop ups + */ + AcquireTokenPopup: "acquireTokenPopup", + /** + * acquireTokenPreRedirect (msal-browser). + * First part of the redirect flow. + * Used to acquire a new access token interactively through redirects. + */ + AcquireTokenPreRedirect: "acquireTokenPreRedirect", + /** + * acquireTokenRedirect (msal-browser). + * Second part of the redirect flow. + * Used to acquire a new access token interactively through redirects. + */ + AcquireTokenRedirect: "acquireTokenRedirect", + /** + * getPublicKeyThumbprint API in CryptoOpts class (msal-browser). + * Used to generate a public/private keypair and generate a public key thumbprint for pop requests. + */ + CryptoOptsGetPublicKeyThumbprint: "cryptoOptsGetPublicKeyThumbprint", + /** + * signJwt API in CryptoOpts class (msal-browser). + * Used to signed a pop token. + */ + CryptoOptsSignJwt: "cryptoOptsSignJwt", + /** + * acquireToken API in the SilentCacheClient class (msal-browser). + * Used to read access tokens from the cache. + */ + SilentCacheClientAcquireToken: "silentCacheClientAcquireToken", + /** + * acquireToken API in the SilentIframeClient class (msal-browser). + * Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe. + */ + SilentIframeClientAcquireToken: "silentIframeClientAcquireToken", + AwaitConcurrentIframe: "awaitConcurrentIframe", + /** + * acquireToken API in SilentRereshClient (msal-browser). + * Used to acquire a new set of tokens from the token endpoint using a refresh token. + */ + SilentRefreshClientAcquireToken: "silentRefreshClientAcquireToken", + /** + * ssoSilent API (msal-browser). + * Used to silently acquire an authorization code and set of tokens using a hidden iframe. + */ + SsoSilent: "ssoSilent", + /** + * getDiscoveredAuthority API in StandardInteractionClient class (msal-browser). + * Used to load authority metadata for a request. + */ + StandardInteractionClientGetDiscoveredAuthority: "standardInteractionClientGetDiscoveredAuthority", + /** + * acquireToken APIs in msal-browser. + * Used to make an /authorize endpoint call with native brokering enabled. + */ + FetchAccountIdWithNativeBroker: "fetchAccountIdWithNativeBroker", + /** + * acquireToken API in NativeInteractionClient class (msal-browser). + * Used to acquire a token from Native component when native brokering is enabled. + */ + NativeInteractionClientAcquireToken: "nativeInteractionClientAcquireToken", + /** + * Time spent creating default headers for requests to token endpoint + */ + BaseClientCreateTokenRequestHeaders: "baseClientCreateTokenRequestHeaders", + /** + * Time spent sending/waiting for the response of a request to the token endpoint + */ + RefreshTokenClientExecutePostToTokenEndpoint: "refreshTokenClientExecutePostToTokenEndpoint", + AuthorizationCodeClientExecutePostToTokenEndpoint: "authorizationCodeClientExecutePostToTokenEndpoint", + /** + * Used to measure the time taken for completing embedded-broker handshake (PW-Broker). + */ + BrokerHandhshake: "brokerHandshake", + /** + * acquireTokenByRefreshToken API in BrokerClientApplication (PW-Broker) . + */ + AcquireTokenByRefreshTokenInBroker: "acquireTokenByRefreshTokenInBroker", + /** + * Time taken for token acquisition by broker + */ + AcquireTokenByBroker: "acquireTokenByBroker", + /** + * Time spent on the network for refresh token acquisition + */ + RefreshTokenClientExecuteTokenRequest: "refreshTokenClientExecuteTokenRequest", + /** + * Time taken for acquiring refresh token , records RT size + */ + RefreshTokenClientAcquireToken: "refreshTokenClientAcquireToken", + /** + * Time taken for acquiring cached refresh token + */ + RefreshTokenClientAcquireTokenWithCachedRefreshToken: "refreshTokenClientAcquireTokenWithCachedRefreshToken", + /** + * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common). + */ + RefreshTokenClientAcquireTokenByRefreshToken: "refreshTokenClientAcquireTokenByRefreshToken", + /** + * Helper function to create token request body in RefreshTokenClient (msal-common). + */ + RefreshTokenClientCreateTokenRequestBody: "refreshTokenClientCreateTokenRequestBody", + /** + * acquireTokenFromCache (msal-browser). + * Internal API for acquiring token from cache + */ + AcquireTokenFromCache: "acquireTokenFromCache", + SilentFlowClientAcquireCachedToken: "silentFlowClientAcquireCachedToken", + SilentFlowClientGenerateResultFromCacheRecord: "silentFlowClientGenerateResultFromCacheRecord", + /** + * acquireTokenBySilentIframe (msal-browser). + * Internal API for acquiring token by silent Iframe + */ + AcquireTokenBySilentIframe: "acquireTokenBySilentIframe", + /** + * Internal API for initializing base request in BaseInteractionClient (msal-browser) + */ + InitializeBaseRequest: "initializeBaseRequest", + /** + * Internal API for initializing silent request in SilentCacheClient (msal-browser) + */ + InitializeSilentRequest: "initializeSilentRequest", + InitializeClientApplication: "initializeClientApplication", + /** + * Helper function in SilentIframeClient class (msal-browser). + */ + SilentIframeClientTokenHelper: "silentIframeClientTokenHelper", + /** + * SilentHandler + */ + SilentHandlerInitiateAuthRequest: "silentHandlerInitiateAuthRequest", + SilentHandlerMonitorIframeForHash: "silentHandlerMonitorIframeForHash", + SilentHandlerLoadFrame: "silentHandlerLoadFrame", + SilentHandlerLoadFrameSync: "silentHandlerLoadFrameSync", + /** + * Helper functions in StandardInteractionClient class (msal-browser) + */ + StandardInteractionClientCreateAuthCodeClient: "standardInteractionClientCreateAuthCodeClient", + StandardInteractionClientGetClientConfiguration: "standardInteractionClientGetClientConfiguration", + StandardInteractionClientInitializeAuthorizationRequest: "standardInteractionClientInitializeAuthorizationRequest", + StandardInteractionClientInitializeAuthorizationCodeRequest: "standardInteractionClientInitializeAuthorizationCodeRequest", + /** + * getAuthCodeUrl API (msal-browser and msal-node). + */ + GetAuthCodeUrl: "getAuthCodeUrl", + /** + * Functions from InteractionHandler (msal-browser) + */ + HandleCodeResponseFromServer: "handleCodeResponseFromServer", + HandleCodeResponse: "handleCodeResponse", + UpdateTokenEndpointAuthority: "updateTokenEndpointAuthority", + /** + * APIs in Authorization Code Client (msal-common) + */ + AuthClientAcquireToken: "authClientAcquireToken", + AuthClientExecuteTokenRequest: "authClientExecuteTokenRequest", + AuthClientCreateTokenRequestBody: "authClientCreateTokenRequestBody", + AuthClientCreateQueryString: "authClientCreateQueryString", + /** + * Generate functions in PopTokenGenerator (msal-common) + */ + PopTokenGenerateCnf: "popTokenGenerateCnf", + PopTokenGenerateKid: "popTokenGenerateKid", + /** + * handleServerTokenResponse API in ResponseHandler (msal-common) + */ + HandleServerTokenResponse: "handleServerTokenResponse", + DeserializeResponse: "deserializeResponse", + /** + * Authority functions + */ + AuthorityFactoryCreateDiscoveredInstance: "authorityFactoryCreateDiscoveredInstance", + AuthorityResolveEndpointsAsync: "authorityResolveEndpointsAsync", + AuthorityResolveEndpointsFromLocalSources: "authorityResolveEndpointsFromLocalSources", + AuthorityGetCloudDiscoveryMetadataFromNetwork: "authorityGetCloudDiscoveryMetadataFromNetwork", + AuthorityUpdateCloudDiscoveryMetadata: "authorityUpdateCloudDiscoveryMetadata", + AuthorityGetEndpointMetadataFromNetwork: "authorityGetEndpointMetadataFromNetwork", + AuthorityUpdateEndpointMetadata: "authorityUpdateEndpointMetadata", + AuthorityUpdateMetadataWithRegionalInformation: "authorityUpdateMetadataWithRegionalInformation", + /** + * Region Discovery functions + */ + RegionDiscoveryDetectRegion: "regionDiscoveryDetectRegion", + RegionDiscoveryGetRegionFromIMDS: "regionDiscoveryGetRegionFromIMDS", + RegionDiscoveryGetCurrentVersion: "regionDiscoveryGetCurrentVersion", + AcquireTokenByCodeAsync: "acquireTokenByCodeAsync", + GetEndpointMetadataFromNetwork: "getEndpointMetadataFromNetwork", + GetCloudDiscoveryMetadataFromNetworkMeasurement: "getCloudDiscoveryMetadataFromNetworkMeasurement", + HandleRedirectPromiseMeasurement: "handleRedirectPromise", + HandleNativeRedirectPromiseMeasurement: "handleNativeRedirectPromise", + UpdateCloudDiscoveryMetadataMeasurement: "updateCloudDiscoveryMetadataMeasurement", + UsernamePasswordClientAcquireToken: "usernamePasswordClientAcquireToken", + NativeMessageHandlerHandshake: "nativeMessageHandlerHandshake", + NativeGenerateAuthResult: "nativeGenerateAuthResult", + RemoveHiddenIframe: "removeHiddenIframe", + /** + * Cache operations + */ + ClearTokensAndKeysWithClaims: "clearTokensAndKeysWithClaims", + CacheManagerGetRefreshToken: "cacheManagerGetRefreshToken", + /** + * Crypto Operations + */ + GeneratePkceCodes: "generatePkceCodes", + GenerateCodeVerifier: "generateCodeVerifier", + GenerateCodeChallengeFromVerifier: "generateCodeChallengeFromVerifier", + Sha256Digest: "sha256Digest", + GetRandomValues: "getRandomValues", +}; +const PerformanceEventAbbreviations = new Map([ + [PerformanceEvents.AcquireTokenByCode, "ATByCode"], + [PerformanceEvents.AcquireTokenByRefreshToken, "ATByRT"], + [PerformanceEvents.AcquireTokenSilent, "ATS"], + [PerformanceEvents.AcquireTokenSilentAsync, "ATSAsync"], + [PerformanceEvents.AcquireTokenPopup, "ATPopup"], + [PerformanceEvents.AcquireTokenRedirect, "ATRedirect"], + [ + PerformanceEvents.CryptoOptsGetPublicKeyThumbprint, + "CryptoGetPKThumb", + ], + [PerformanceEvents.CryptoOptsSignJwt, "CryptoSignJwt"], + [PerformanceEvents.SilentCacheClientAcquireToken, "SltCacheClientAT"], + [PerformanceEvents.SilentIframeClientAcquireToken, "SltIframeClientAT"], + [PerformanceEvents.SilentRefreshClientAcquireToken, "SltRClientAT"], + [PerformanceEvents.SsoSilent, "SsoSlt"], + [ + PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, + "StdIntClientGetDiscAuth", + ], + [ + PerformanceEvents.FetchAccountIdWithNativeBroker, + "FetchAccIdWithNtvBroker", + ], + [ + PerformanceEvents.NativeInteractionClientAcquireToken, + "NtvIntClientAT", + ], + [ + PerformanceEvents.BaseClientCreateTokenRequestHeaders, + "BaseClientCreateTReqHead", + ], + [ + PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint, + "RTClientExecPost", + ], + [ + PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint, + "AuthCodeClientExecPost", + ], + [PerformanceEvents.BrokerHandhshake, "BrokerHandshake"], + [ + PerformanceEvents.AcquireTokenByRefreshTokenInBroker, + "ATByRTInBroker", + ], + [PerformanceEvents.AcquireTokenByBroker, "ATByBroker"], + [ + PerformanceEvents.RefreshTokenClientExecuteTokenRequest, + "RTClientExecTReq", + ], + [PerformanceEvents.RefreshTokenClientAcquireToken, "RTClientAT"], + [ + PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, + "RTClientATWithCachedRT", + ], + [ + PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, + "RTClientATByRT", + ], + [ + PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, + "RTClientCreateTReqBody", + ], + [PerformanceEvents.AcquireTokenFromCache, "ATFromCache"], + [ + PerformanceEvents.SilentFlowClientAcquireCachedToken, + "SltFlowClientATCached", + ], + [ + PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, + "SltFlowClientGenResFromCache", + ], + [PerformanceEvents.AcquireTokenBySilentIframe, "ATBySltIframe"], + [PerformanceEvents.InitializeBaseRequest, "InitBaseReq"], + [PerformanceEvents.InitializeSilentRequest, "InitSltReq"], + [ + PerformanceEvents.InitializeClientApplication, + "InitClientApplication", + ], + [PerformanceEvents.SilentIframeClientTokenHelper, "SIClientTHelper"], + [ + PerformanceEvents.SilentHandlerInitiateAuthRequest, + "SHandlerInitAuthReq", + ], + [ + PerformanceEvents.SilentHandlerMonitorIframeForHash, + "SltHandlerMonitorIframeForHash", + ], + [PerformanceEvents.SilentHandlerLoadFrame, "SHandlerLoadFrame"], + [PerformanceEvents.SilentHandlerLoadFrameSync, "SHandlerLoadFrameSync"], + [ + PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, + "StdIntClientCreateAuthCodeClient", + ], + [ + PerformanceEvents.StandardInteractionClientGetClientConfiguration, + "StdIntClientGetClientConf", + ], + [ + PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, + "StdIntClientInitAuthReq", + ], + [ + PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, + "StdIntClientInitAuthCodeReq", + ], + [PerformanceEvents.GetAuthCodeUrl, "GetAuthCodeUrl"], + [ + PerformanceEvents.HandleCodeResponseFromServer, + "HandleCodeResFromServer", + ], + [PerformanceEvents.HandleCodeResponse, "HandleCodeResp"], + [PerformanceEvents.UpdateTokenEndpointAuthority, "UpdTEndpointAuth"], + [PerformanceEvents.AuthClientAcquireToken, "AuthClientAT"], + [PerformanceEvents.AuthClientExecuteTokenRequest, "AuthClientExecTReq"], + [ + PerformanceEvents.AuthClientCreateTokenRequestBody, + "AuthClientCreateTReqBody", + ], + [ + PerformanceEvents.AuthClientCreateQueryString, + "AuthClientCreateQueryStr", + ], + [PerformanceEvents.PopTokenGenerateCnf, "PopTGenCnf"], + [PerformanceEvents.PopTokenGenerateKid, "PopTGenKid"], + [PerformanceEvents.HandleServerTokenResponse, "HandleServerTRes"], + [PerformanceEvents.DeserializeResponse, "DeserializeRes"], + [ + PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance, + "AuthFactCreateDiscInst", + ], + [ + PerformanceEvents.AuthorityResolveEndpointsAsync, + "AuthResolveEndpointsAsync", + ], + [ + PerformanceEvents.AuthorityResolveEndpointsFromLocalSources, + "AuthResolveEndpointsFromLocal", + ], + [ + PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, + "AuthGetCDMetaFromNet", + ], + [ + PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, + "AuthUpdCDMeta", + ], + [ + PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, + "AuthUpdCDMetaFromNet", + ], + [ + PerformanceEvents.AuthorityUpdateEndpointMetadata, + "AuthUpdEndpointMeta", + ], + [ + PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, + "AuthUpdMetaWithRegInfo", + ], + [PerformanceEvents.RegionDiscoveryDetectRegion, "RegDiscDetectReg"], + [ + PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, + "RegDiscGetRegFromIMDS", + ], + [ + PerformanceEvents.RegionDiscoveryGetCurrentVersion, + "RegDiscGetCurrentVer", + ], + [PerformanceEvents.AcquireTokenByCodeAsync, "ATByCodeAsync"], + [ + PerformanceEvents.GetEndpointMetadataFromNetwork, + "GetEndpointMetaFromNet", + ], + [ + PerformanceEvents.GetCloudDiscoveryMetadataFromNetworkMeasurement, + "GetCDMetaFromNet", + ], + [ + PerformanceEvents.HandleRedirectPromiseMeasurement, + "HandleRedirectPromise", + ], + [ + PerformanceEvents.HandleNativeRedirectPromiseMeasurement, + "HandleNtvRedirectPromise", + ], + [ + PerformanceEvents.UpdateCloudDiscoveryMetadataMeasurement, + "UpdateCDMeta", + ], + [ + PerformanceEvents.UsernamePasswordClientAcquireToken, + "UserPassClientAT", + ], + [ + PerformanceEvents.NativeMessageHandlerHandshake, + "NtvMsgHandlerHandshake", + ], + [PerformanceEvents.NativeGenerateAuthResult, "NtvGenAuthRes"], + [PerformanceEvents.RemoveHiddenIframe, "RemoveHiddenIframe"], + [ + PerformanceEvents.ClearTokensAndKeysWithClaims, + "ClearTAndKeysWithClaims", + ], + [PerformanceEvents.CacheManagerGetRefreshToken, "CacheManagerGetRT"], + [PerformanceEvents.GeneratePkceCodes, "GenPkceCodes"], + [PerformanceEvents.GenerateCodeVerifier, "GenCodeVerifier"], + [ + PerformanceEvents.GenerateCodeChallengeFromVerifier, + "GenCodeChallengeFromVerifier", + ], + [PerformanceEvents.Sha256Digest, "Sha256Digest"], + [PerformanceEvents.GetRandomValues, "GetRandomValues"], +]); +/** + * State of the performance event. + * + * @export + * @enum {number} + */ +const PerformanceEventStatus = { + NotStarted: 0, + InProgress: 1, + Completed: 2, +}; +const IntFields = new Set([ + "accessTokenSize", + "durationMs", + "idTokenSize", + "matsSilentStatus", + "matsHttpStatus", + "refreshTokenSize", + "queuedTimeMs", + "startTimeMs", + "status", + "multiMatchedAT", + "multiMatchedID", + "multiMatchedRT", +]); +//# sourceMappingURL=PerformanceEvent.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const ClientConfigurationErrorMessages = { - [redirectUriEmpty]: "A redirect URI is required for all calls, and none has been set.", - [claimsRequestParsingError]: "Could not parse the given claims request object.", - [authorityUriInsecure]: "Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options", - [urlParseError]: "URL could not be parsed into appropriate segments.", - [urlEmptyError]: "URL was empty or null.", - [emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.", - [invalidPromptValue]: "Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest", - [invalidClaims]: "Given claims parameter must be a stringified JSON object.", - [tokenRequestEmpty]: "Token request was empty and not found in cache.", - [logoutRequestEmpty]: "The logout request was null or undefined.", - [invalidCodeChallengeMethod]: 'code_challenge_method passed is invalid. Valid values are "plain" and "S256".', - [pkceParamsMissing]: "Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request", - [invalidCloudDiscoveryMetadata]: "Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields", - [invalidAuthorityMetadata]: "Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.", - [untrustedAuthority]: "The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.", - [missingSshJwk]: "Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.", - [missingSshKid]: "Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.", - [missingNonceAuthenticationHeader]: "Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.", - [invalidAuthenticationHeader]: "Invalid authentication header provided", - [cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.", - [cannotAllowNativeBroker]: "Cannot set allowNativeBroker parameter to true when not in AAD protocol mode.", - [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.", -}; -/** - * ClientConfigurationErrorMessage class containing string constants used by error codes and messages. - * @deprecated Use ClientConfigurationErrorCodes instead - */ -const ClientConfigurationErrorMessage = { - redirectUriNotSet: { - code: redirectUriEmpty, - desc: ClientConfigurationErrorMessages[redirectUriEmpty], - }, - claimsRequestParsingError: { - code: claimsRequestParsingError, - desc: ClientConfigurationErrorMessages[claimsRequestParsingError], - }, - authorityUriInsecure: { - code: authorityUriInsecure, - desc: ClientConfigurationErrorMessages[authorityUriInsecure], - }, - urlParseError: { - code: urlParseError, - desc: ClientConfigurationErrorMessages[urlParseError], - }, - urlEmptyError: { - code: urlEmptyError, - desc: ClientConfigurationErrorMessages[urlEmptyError], - }, - emptyScopesError: { - code: emptyInputScopesError, - desc: ClientConfigurationErrorMessages[emptyInputScopesError], - }, - invalidPrompt: { - code: invalidPromptValue, - desc: ClientConfigurationErrorMessages[invalidPromptValue], - }, - invalidClaimsRequest: { - code: invalidClaims, - desc: ClientConfigurationErrorMessages[invalidClaims], - }, - tokenRequestEmptyError: { - code: tokenRequestEmpty, - desc: ClientConfigurationErrorMessages[tokenRequestEmpty], - }, - logoutRequestEmptyError: { - code: logoutRequestEmpty, - desc: ClientConfigurationErrorMessages[logoutRequestEmpty], - }, - invalidCodeChallengeMethod: { - code: invalidCodeChallengeMethod, - desc: ClientConfigurationErrorMessages[invalidCodeChallengeMethod], - }, - invalidCodeChallengeParams: { - code: pkceParamsMissing, - desc: ClientConfigurationErrorMessages[pkceParamsMissing], - }, - invalidCloudDiscoveryMetadata: { - code: invalidCloudDiscoveryMetadata, - desc: ClientConfigurationErrorMessages[invalidCloudDiscoveryMetadata], - }, - invalidAuthorityMetadata: { - code: invalidAuthorityMetadata, - desc: ClientConfigurationErrorMessages[invalidAuthorityMetadata], - }, - untrustedAuthority: { - code: untrustedAuthority, - desc: ClientConfigurationErrorMessages[untrustedAuthority], - }, - missingSshJwk: { - code: missingSshJwk, - desc: ClientConfigurationErrorMessages[missingSshJwk], - }, - missingSshKid: { - code: missingSshKid, - desc: ClientConfigurationErrorMessages[missingSshKid], - }, - missingNonceAuthenticationHeader: { - code: missingNonceAuthenticationHeader, - desc: ClientConfigurationErrorMessages[missingNonceAuthenticationHeader], - }, - invalidAuthenticationHeader: { - code: invalidAuthenticationHeader, - desc: ClientConfigurationErrorMessages[invalidAuthenticationHeader], - }, - cannotSetOIDCOptions: { - code: cannotSetOIDCOptions, - desc: ClientConfigurationErrorMessages[cannotSetOIDCOptions], - }, - cannotAllowNativeBroker: { - code: cannotAllowNativeBroker, - desc: ClientConfigurationErrorMessages[cannotAllowNativeBroker], - }, - authorityMismatch: { - code: authorityMismatch, - desc: ClientConfigurationErrorMessages[authorityMismatch], - }, -}; -/** - * Error thrown when there is an error in configuration of the MSAL.js library. - */ -class ClientConfigurationError extends AuthError { - constructor(errorCode) { - super(errorCode, ClientConfigurationErrorMessages[errorCode]); - this.name = "ClientConfigurationError"; - Object.setPrototypeOf(this, ClientConfigurationError.prototype); - } -} -function createClientConfigurationError(errorCode) { - return new ClientConfigurationError(errorCode); +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/telemetry/performance/StubPerformanceClient.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class StubPerformanceMeasurement { + startMeasurement() { + return; + } + endMeasurement() { + return; + } + flushMeasurement() { + return null; + } +} +class StubPerformanceClient { + generateId() { + return "callback-id"; + } + startMeasurement(measureName, correlationId) { + return { + end: () => null, + discard: () => { }, + add: () => { }, + increment: () => { }, + event: { + eventId: this.generateId(), + status: PerformanceEventStatus.InProgress, + authority: "", + libraryName: "", + libraryVersion: "", + clientId: "", + name: measureName, + startTimeMs: Date.now(), + correlationId: correlationId || "", + }, + measurement: new StubPerformanceMeasurement(), + }; + } + startPerformanceMeasurement() { + return new StubPerformanceMeasurement(); + } + calculateQueuedTime() { + return 0; + } + addQueueMeasurement() { + return; + } + setPreQueueTime() { + return; + } + endMeasurement() { + return null; + } + discardMeasurements() { + return; + } + removePerformanceCallback() { + return true; + } + addPerformanceCallback() { + return ""; + } + emitEvents() { + return; + } + addFields() { + return; + } + incrementFields() { + return; + } + cacheEventByCorrelationId() { + return; + } } -//# sourceMappingURL=ClientConfigurationError.mjs.map +//# sourceMappingURL=StubPerformanceClient.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/utils/StringUtils.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/utils/BrowserConstants.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Constants + */ +const BrowserConstants = { + /** + * Interaction in progress cache value + */ + INTERACTION_IN_PROGRESS_VALUE: "interaction_in_progress", + /** + * Invalid grant error code + */ + INVALID_GRANT_ERROR: "invalid_grant", + /** + * Default popup window width + */ + POPUP_WIDTH: 483, + /** + * Default popup window height + */ + POPUP_HEIGHT: 600, + /** + * Name of the popup window starts with + */ + POPUP_NAME_PREFIX: "msal", + /** + * Default popup monitor poll interval in milliseconds + */ + DEFAULT_POLL_INTERVAL_MS: 30, + /** + * Msal-browser SKU + */ + MSAL_SKU: "msal.js.browser", +}; +const NativeConstants = { + CHANNEL_ID: "53ee284d-920a-4b59-9d30-a60315b26836", + PREFERRED_EXTENSION_ID: "ppnbnpeolgkicgegkbkbjmhlideopiji", + MATS_TELEMETRY: "MATS", +}; +const NativeExtensionMethod = { + HandshakeRequest: "Handshake", + HandshakeResponse: "HandshakeResponse", + GetToken: "GetToken", + Response: "Response", +}; +const BrowserCacheLocation = { + LocalStorage: "localStorage", + SessionStorage: "sessionStorage", + MemoryStorage: "memoryStorage", +}; +/** + * HTTP Request types supported by MSAL. + */ +const HTTP_REQUEST_TYPE = { + GET: "GET", + POST: "POST", +}; +/** + * Temporary cache keys for MSAL, deleted after any request. + */ +const TemporaryCacheKeys = { + AUTHORITY: "authority", + ACQUIRE_TOKEN_ACCOUNT: "acquireToken.account", + SESSION_STATE: "session.state", + REQUEST_STATE: "request.state", + NONCE_IDTOKEN: "nonce.id_token", + ORIGIN_URI: "request.origin", + RENEW_STATUS: "token.renew.status", + URL_HASH: "urlHash", + REQUEST_PARAMS: "request.params", + SCOPES: "scopes", + INTERACTION_STATUS_KEY: "interaction.status", + CCS_CREDENTIAL: "ccs.credential", + CORRELATION_ID: "request.correlationId", + NATIVE_REQUEST: "request.native", + REDIRECT_CONTEXT: "request.redirect.context", +}; +const StaticCacheKeys = { + ACCOUNT_KEYS: "msal.account.keys", + TOKEN_KEYS: "msal.token.keys", +}; +/** + * Cache keys stored in-memory + */ +const InMemoryCacheKeys = { + WRAPPER_SKU: "wrapper.sku", + WRAPPER_VER: "wrapper.version", +}; +/** + * API Codes for Telemetry purposes. + * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs + * 0-99 Silent Flow + * 800-899 Auth Code Flow + */ +const ApiId = { + acquireTokenRedirect: 861, + acquireTokenPopup: 862, + ssoSilent: 863, + acquireTokenSilent_authCode: 864, + handleRedirectPromise: 865, + acquireTokenByCode: 866, + acquireTokenSilent_silentFlow: 61, + logout: 961, + logoutPopup: 962, +}; +/* + * Interaction type of the API - used for state and telemetry + */ +var InteractionType; +(function (InteractionType) { + InteractionType["Redirect"] = "redirect"; + InteractionType["Popup"] = "popup"; + InteractionType["Silent"] = "silent"; + InteractionType["None"] = "none"; +})(InteractionType || (InteractionType = {})); +/** + * Types of interaction currently in progress. + * Used in events in wrapper libraries to invoke functions when certain interaction is in progress or all interactions are complete. + */ +const InteractionStatus = { + /** + * Initial status before interaction occurs + */ + Startup: "startup", + /** + * Status set when all login calls occuring + */ + Login: "login", + /** + * Status set when logout call occuring + */ + Logout: "logout", + /** + * Status set for acquireToken calls + */ + AcquireToken: "acquireToken", + /** + * Status set for ssoSilent calls + */ + SsoSilent: "ssoSilent", + /** + * Status set when handleRedirect in progress + */ + HandleRedirect: "handleRedirect", + /** + * Status set when interaction is complete + */ + None: "none", +}; +const DEFAULT_REQUEST = { + scopes: OIDC_DEFAULT_SCOPES, +}; +/** + * JWK Key Format string (Type MUST be defined for window crypto APIs) + */ +const KEY_FORMAT_JWK = "jwk"; +// Supported wrapper SKUs +const WrapperSKU = { + React: "@azure/msal-react", + Angular: "@azure/msal-angular", +}; +// DatabaseStorage Constants +const DB_NAME = "msal.db"; +const DB_VERSION = 1; +const DB_TABLE_NAME = `${DB_NAME}.keys`; +const CacheLookupPolicy = { + /* + * acquireTokenSilent will attempt to retrieve an access token from the cache. If the access token is expired + * or cannot be found the refresh token will be used to acquire a new one. Finally, if the refresh token + * is expired acquireTokenSilent will attempt to acquire new access and refresh tokens. + */ + Default: 0, + /* + * acquireTokenSilent will only look for access tokens in the cache. It will not attempt to renew access or + * refresh tokens. + */ + AccessToken: 1, + /* + * acquireTokenSilent will attempt to retrieve an access token from the cache. If the access token is expired or + * cannot be found, the refresh token will be used to acquire a new one. If the refresh token is expired, it + * will not be renewed and acquireTokenSilent will fail. + */ + AccessTokenAndRefreshToken: 2, + /* + * acquireTokenSilent will not attempt to retrieve access tokens from the cache and will instead attempt to + * exchange the cached refresh token for a new access token. If the refresh token is expired, it will not be + * renewed and acquireTokenSilent will fail. + */ + RefreshToken: 3, + /* + * acquireTokenSilent will not look in the cache for the access token. It will go directly to network with the + * cached refresh token. If the refresh token is expired an attempt will be made to renew it. This is equivalent to + * setting "forceRefresh: true". + */ + RefreshTokenAndNetwork: 4, + /* + * acquireTokenSilent will attempt to renew both access and refresh tokens. It will not look in the cache. This will + * always fail if 3rd party cookies are blocked by the browser. + */ + Skip: 5, +}; +const iFrameRenewalPolicies = [ + CacheLookupPolicy.Default, + CacheLookupPolicy.Skip, + CacheLookupPolicy.RefreshTokenAndNetwork, +]; +const LOG_LEVEL_CACHE_KEY = "msal.browser.log.level"; +const LOG_PII_CACHE_KEY = "msal.browser.log.pii"; +const BROWSER_PERF_ENABLED_KEY = "msal.browser.performance.enabled"; -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * @hidden - */ -class StringUtils { - /** - * Check if stringified object is empty - * @param strObj - */ - static isEmptyObj(strObj) { - if (strObj) { - try { - const obj = JSON.parse(strObj); - return Object.keys(obj).length === 0; - } - catch (e) { } - } - return true; - } - static startsWith(str, search) { - return str.indexOf(search) === 0; - } - static endsWith(str, search) { - return (str.length >= search.length && - str.lastIndexOf(search) === str.length - search.length); - } - /** - * Parses string into an object. - * - * @param query - */ - static queryStringToObject(query) { - const obj = {}; - const params = query.split("&"); - const decode = (s) => decodeURIComponent(s.replace(/\+/g, " ")); - params.forEach((pair) => { - if (pair.trim()) { - const [key, value] = pair.split(/=(.+)/g, 2); // Split on the first occurence of the '=' character - if (key && value) { - obj[decode(key)] = decode(value); - } - } - }); - return obj; - } - /** - * Trims entries in an array. - * - * @param arr - */ - static trimArrayEntries(arr) { - return arr.map((entry) => entry.trim()); - } - /** - * Removes empty strings from array - * @param arr - */ - static removeEmptyStringsFromArray(arr) { - return arr.filter((entry) => { - return !!entry; - }); - } - /** - * Attempts to parse a string into JSON - * @param str - */ - static jsonParseHelper(str) { - try { - return JSON.parse(str); - } - catch (e) { - return null; - } - } - /** - * Tests if a given string matches a given pattern, with support for wildcards and queries. - * @param pattern Wildcard pattern to string match. Supports "*" for wildcards and "?" for queries - * @param input String to match against - */ - static matchPattern(pattern, input) { - /** - * Wildcard support: https://stackoverflow.com/a/3117248/4888559 - * Queries: replaces "?" in string with escaped "\?" for regex test - */ - // eslint-disable-next-line security/detect-non-literal-regexp - const regex = new RegExp(pattern - .replace(/\\/g, "\\\\") - .replace(/\*/g, "[^ ]*") - .replace(/\?/g, "\\?")); - return regex.test(input); - } -} +//# sourceMappingURL=BrowserConstants.mjs.map -//# sourceMappingURL=StringUtils.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/navigation/NavigationClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class NavigationClient { + /** + * Navigates to other pages within the same web application + * @param url + * @param options + */ + navigateInternal(url, options) { + return NavigationClient.defaultNavigateWindow(url, options); + } + /** + * Navigates to other pages outside the web application i.e. the Identity Provider + * @param url + * @param options + */ + navigateExternal(url, options) { + return NavigationClient.defaultNavigateWindow(url, options); + } + /** + * Default navigation implementation invoked by the internal and external functions + * @param url + * @param options + */ + static defaultNavigateWindow(url, options) { + if (options.noHistory) { + window.location.replace(url); + } + else { + window.location.assign(url); + } + return new Promise((resolve) => { + setTimeout(() => { + resolve(true); + }, options.timeout); + }); + } +} -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/request/ScopeSet.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +//# sourceMappingURL=NavigationClient.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/error/BrowserAuthErrorCodes.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const pkceNotCreated = "pkce_not_created"; +const cryptoNonExistent = "crypto_nonexistent"; +const emptyNavigateUri = "empty_navigate_uri"; +const hashEmptyError = "hash_empty_error"; +const noStateInHash = "no_state_in_hash"; +const hashDoesNotContainKnownProperties = "hash_does_not_contain_known_properties"; +const unableToParseState = "unable_to_parse_state"; +const stateInteractionTypeMismatch = "state_interaction_type_mismatch"; +const interactionInProgress = "interaction_in_progress"; +const popupWindowError = "popup_window_error"; +const emptyWindowError = "empty_window_error"; +const userCancelled = "user_cancelled"; +const monitorPopupTimeout = "monitor_popup_timeout"; +const monitorWindowTimeout = "monitor_window_timeout"; +const redirectInIframe = "redirect_in_iframe"; +const blockIframeReload = "block_iframe_reload"; +const blockNestedPopups = "block_nested_popups"; +const iframeClosedPrematurely = "iframe_closed_prematurely"; +const silentLogoutUnsupported = "silent_logout_unsupported"; +const noAccountError = "no_account_error"; +const silentPromptValueError = "silent_prompt_value_error"; +const noTokenRequestCacheError = "no_token_request_cache_error"; +const unableToParseTokenRequestCacheError = "unable_to_parse_token_request_cache_error"; +const noCachedAuthorityError = "no_cached_authority_error"; +const authRequestNotSetError = "auth_request_not_set_error"; +const invalidCacheType = "invalid_cache_type"; +const nonBrowserEnvironment = "non_browser_environment"; +const databaseNotOpen = "database_not_open"; +const BrowserAuthErrorCodes_noNetworkConnectivity = "no_network_connectivity"; +const BrowserAuthErrorCodes_postRequestFailed = "post_request_failed"; +const getRequestFailed = "get_request_failed"; +const failedToParseResponse = "failed_to_parse_response"; +const unableToLoadToken = "unable_to_load_token"; +const cryptoKeyNotFound = "crypto_key_not_found"; +const authCodeRequired = "auth_code_required"; +const authCodeOrNativeAccountIdRequired = "auth_code_or_nativeAccountId_required"; +const spaCodeAndNativeAccountIdPresent = "spa_code_and_nativeAccountId_present"; +const databaseUnavailable = "database_unavailable"; +const unableToAcquireTokenFromNativePlatform = "unable_to_acquire_token_from_native_platform"; +const nativeHandshakeTimeout = "native_handshake_timeout"; +const nativeExtensionNotInstalled = "native_extension_not_installed"; +const nativeConnectionNotEstablished = "native_connection_not_established"; +const uninitializedPublicClientApplication = "uninitialized_public_client_application"; +const nativePromptNotSupported = "native_prompt_not_supported"; +const invalidBase64String = "invalid_base64_string"; +const invalidPopTokenRequest = "invalid_pop_token_request"; +//# sourceMappingURL=BrowserAuthErrorCodes.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/error/BrowserAuthError.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const ErrorLink = "For more visit: aka.ms/msaljs/browser-errors"; +/** + * BrowserAuthErrorMessage class containing string constants used by error codes and messages. + */ +const BrowserAuthErrorMessages = { + [pkceNotCreated]: "The PKCE code challenge and verifier could not be generated.", + [cryptoNonExistent]: "The crypto object or function is not available.", + [emptyNavigateUri]: "Navigation URI is empty. Please check stack trace for more info.", + [hashEmptyError]: `Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${ErrorLink}`, + [noStateInHash]: "Hash does not contain state. Please verify that the request originated from msal.", + [hashDoesNotContainKnownProperties]: `Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. ${ErrorLink}`, + [unableToParseState]: "Unable to parse state. Please verify that the request originated from msal.", + [stateInteractionTypeMismatch]: "Hash contains state but the interaction type does not match the caller.", + [interactionInProgress]: `Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. ${ErrorLink}`, + [popupWindowError]: "Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.", + [emptyWindowError]: "window.open returned null or undefined window object.", + [userCancelled]: "User cancelled the flow.", + [monitorPopupTimeout]: `Token acquisition in popup failed due to timeout. ${ErrorLink}`, + [monitorWindowTimeout]: `Token acquisition in iframe failed due to timeout. ${ErrorLink}`, + [redirectInIframe]: "Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.", + [blockIframeReload]: `Request was blocked inside an iframe because MSAL detected an authentication response. ${ErrorLink}`, + [blockNestedPopups]: "Request was blocked inside a popup because MSAL detected it was running in a popup.", + [iframeClosedPrematurely]: "The iframe being monitored was closed prematurely.", + [silentLogoutUnsupported]: "Silent logout not supported. Please call logoutRedirect or logoutPopup instead.", + [noAccountError]: "No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.", + [silentPromptValueError]: "The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.", + [noTokenRequestCacheError]: "No token request found in cache.", + [unableToParseTokenRequestCacheError]: "The cached token request could not be parsed.", + [noCachedAuthorityError]: "No cached authority found.", + [authRequestNotSetError]: "Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler", + [invalidCacheType]: "Invalid cache type", + [nonBrowserEnvironment]: "Login and token requests are not supported in non-browser environments.", + [databaseNotOpen]: "Database is not open!", + [BrowserAuthErrorCodes_noNetworkConnectivity]: "No network connectivity. Check your internet connection.", + [BrowserAuthErrorCodes_postRequestFailed]: "Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'", + [getRequestFailed]: "Network request failed. Please check the network trace to determine root cause.", + [failedToParseResponse]: "Failed to parse network response. Check network trace.", + [unableToLoadToken]: "Error loading token to cache.", + [cryptoKeyNotFound]: "Cryptographic Key or Keypair not found in browser storage.", + [authCodeRequired]: "An authorization code must be provided (as the `code` property on the request) to this flow.", + [authCodeOrNativeAccountIdRequired]: "An authorization code or nativeAccountId must be provided to this flow.", + [spaCodeAndNativeAccountIdPresent]: "Request cannot contain both spa code and native account id.", + [databaseUnavailable]: "IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.", + [unableToAcquireTokenFromNativePlatform]: `Unable to acquire token from native platform. ${ErrorLink}`, + [nativeHandshakeTimeout]: "Timed out while attempting to establish connection to browser extension", + [nativeExtensionNotInstalled]: "Native extension is not installed. If you think this is a mistake call the initialize function.", + [nativeConnectionNotEstablished]: `Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). ${ErrorLink}`, + [uninitializedPublicClientApplication]: `You must call and await the initialize function before attempting to call any other MSAL API. ${ErrorLink}`, + [nativePromptNotSupported]: "The provided prompt is not supported by the native platform. This request should be routed to the web based flow.", + [invalidBase64String]: "Invalid base64 encoded string.", + [invalidPopTokenRequest]: "Invalid PoP token request. The request should not have both a popKid value and signPopToken set to true.", +}; +/** + * BrowserAuthErrorMessage class containing string constants used by error codes and messages. + * @deprecated Use exported BrowserAuthErrorCodes instead. + * In your app you can do : + * ``` + * import { BrowserAuthErrorCodes } from "@azure/msal-browser"; + * ``` + */ +const BrowserAuthErrorMessage = { + pkceNotGenerated: { + code: pkceNotCreated, + desc: BrowserAuthErrorMessages[pkceNotCreated], + }, + cryptoDoesNotExist: { + code: cryptoNonExistent, + desc: BrowserAuthErrorMessages[cryptoNonExistent], + }, + emptyNavigateUriError: { + code: emptyNavigateUri, + desc: BrowserAuthErrorMessages[emptyNavigateUri], + }, + hashEmptyError: { + code: hashEmptyError, + desc: BrowserAuthErrorMessages[hashEmptyError], + }, + hashDoesNotContainStateError: { + code: noStateInHash, + desc: BrowserAuthErrorMessages[noStateInHash], + }, + hashDoesNotContainKnownPropertiesError: { + code: hashDoesNotContainKnownProperties, + desc: BrowserAuthErrorMessages[hashDoesNotContainKnownProperties], + }, + unableToParseStateError: { + code: unableToParseState, + desc: BrowserAuthErrorMessages[unableToParseState], + }, + stateInteractionTypeMismatchError: { + code: stateInteractionTypeMismatch, + desc: BrowserAuthErrorMessages[stateInteractionTypeMismatch], + }, + interactionInProgress: { + code: interactionInProgress, + desc: BrowserAuthErrorMessages[interactionInProgress], + }, + popupWindowError: { + code: popupWindowError, + desc: BrowserAuthErrorMessages[popupWindowError], + }, + emptyWindowError: { + code: emptyWindowError, + desc: BrowserAuthErrorMessages[emptyWindowError], + }, + userCancelledError: { + code: userCancelled, + desc: BrowserAuthErrorMessages[userCancelled], + }, + monitorPopupTimeoutError: { + code: monitorPopupTimeout, + desc: BrowserAuthErrorMessages[monitorPopupTimeout], + }, + monitorIframeTimeoutError: { + code: monitorWindowTimeout, + desc: BrowserAuthErrorMessages[monitorWindowTimeout], + }, + redirectInIframeError: { + code: redirectInIframe, + desc: BrowserAuthErrorMessages[redirectInIframe], + }, + blockTokenRequestsInHiddenIframeError: { + code: blockIframeReload, + desc: BrowserAuthErrorMessages[blockIframeReload], + }, + blockAcquireTokenInPopupsError: { + code: blockNestedPopups, + desc: BrowserAuthErrorMessages[blockNestedPopups], + }, + iframeClosedPrematurelyError: { + code: iframeClosedPrematurely, + desc: BrowserAuthErrorMessages[iframeClosedPrematurely], + }, + silentLogoutUnsupportedError: { + code: silentLogoutUnsupported, + desc: BrowserAuthErrorMessages[silentLogoutUnsupported], + }, + noAccountError: { + code: noAccountError, + desc: BrowserAuthErrorMessages[noAccountError], + }, + silentPromptValueError: { + code: silentPromptValueError, + desc: BrowserAuthErrorMessages[silentPromptValueError], + }, + noTokenRequestCacheError: { + code: noTokenRequestCacheError, + desc: BrowserAuthErrorMessages[noTokenRequestCacheError], + }, + unableToParseTokenRequestCacheError: { + code: unableToParseTokenRequestCacheError, + desc: BrowserAuthErrorMessages[unableToParseTokenRequestCacheError], + }, + noCachedAuthorityError: { + code: noCachedAuthorityError, + desc: BrowserAuthErrorMessages[noCachedAuthorityError], + }, + authRequestNotSet: { + code: authRequestNotSetError, + desc: BrowserAuthErrorMessages[authRequestNotSetError], + }, + invalidCacheType: { + code: invalidCacheType, + desc: BrowserAuthErrorMessages[invalidCacheType], + }, + notInBrowserEnvironment: { + code: nonBrowserEnvironment, + desc: BrowserAuthErrorMessages[nonBrowserEnvironment], + }, + databaseNotOpen: { + code: databaseNotOpen, + desc: BrowserAuthErrorMessages[databaseNotOpen], + }, + noNetworkConnectivity: { + code: BrowserAuthErrorCodes_noNetworkConnectivity, + desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes_noNetworkConnectivity], + }, + postRequestFailed: { + code: BrowserAuthErrorCodes_postRequestFailed, + desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes_postRequestFailed], + }, + getRequestFailed: { + code: getRequestFailed, + desc: BrowserAuthErrorMessages[getRequestFailed], + }, + failedToParseNetworkResponse: { + code: failedToParseResponse, + desc: BrowserAuthErrorMessages[failedToParseResponse], + }, + unableToLoadTokenError: { + code: unableToLoadToken, + desc: BrowserAuthErrorMessages[unableToLoadToken], + }, + signingKeyNotFoundInStorage: { + code: cryptoKeyNotFound, + desc: BrowserAuthErrorMessages[cryptoKeyNotFound], + }, + authCodeRequired: { + code: authCodeRequired, + desc: BrowserAuthErrorMessages[authCodeRequired], + }, + authCodeOrNativeAccountRequired: { + code: authCodeOrNativeAccountIdRequired, + desc: BrowserAuthErrorMessages[authCodeOrNativeAccountIdRequired], + }, + spaCodeAndNativeAccountPresent: { + code: spaCodeAndNativeAccountIdPresent, + desc: BrowserAuthErrorMessages[spaCodeAndNativeAccountIdPresent], + }, + databaseUnavailable: { + code: databaseUnavailable, + desc: BrowserAuthErrorMessages[databaseUnavailable], + }, + unableToAcquireTokenFromNativePlatform: { + code: unableToAcquireTokenFromNativePlatform, + desc: BrowserAuthErrorMessages[unableToAcquireTokenFromNativePlatform], + }, + nativeHandshakeTimeout: { + code: nativeHandshakeTimeout, + desc: BrowserAuthErrorMessages[nativeHandshakeTimeout], + }, + nativeExtensionNotInstalled: { + code: nativeExtensionNotInstalled, + desc: BrowserAuthErrorMessages[nativeExtensionNotInstalled], + }, + nativeConnectionNotEstablished: { + code: nativeConnectionNotEstablished, + desc: BrowserAuthErrorMessages[nativeConnectionNotEstablished], + }, + uninitializedPublicClientApplication: { + code: uninitializedPublicClientApplication, + desc: BrowserAuthErrorMessages[uninitializedPublicClientApplication], + }, + nativePromptNotSupported: { + code: nativePromptNotSupported, + desc: BrowserAuthErrorMessages[nativePromptNotSupported], + }, + invalidBase64StringError: { + code: invalidBase64String, + desc: BrowserAuthErrorMessages[invalidBase64String], + }, + invalidPopTokenRequest: { + code: invalidPopTokenRequest, + desc: BrowserAuthErrorMessages[invalidPopTokenRequest], + }, +}; +/** + * Browser library error class thrown by the MSAL.js library for SPAs + */ +class BrowserAuthError extends AuthError { + constructor(errorCode) { + super(errorCode, BrowserAuthErrorMessages[errorCode]); + Object.setPrototypeOf(this, BrowserAuthError.prototype); + this.name = "BrowserAuthError"; + } +} +function createBrowserAuthError(errorCode) { + return new BrowserAuthError(errorCode); +} +//# sourceMappingURL=BrowserAuthError.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * The ScopeSet class creates a set of scopes. Scopes are case-insensitive, unique values, so the Set object in JS makes - * the most sense to implement for this class. All scopes are trimmed and converted to lower case strings in intersection and union functions - * to ensure uniqueness of strings. - */ -class ScopeSet { - constructor(inputScopes) { - // Filter empty string and null/undefined array items - const scopeArr = inputScopes - ? StringUtils.trimArrayEntries([...inputScopes]) - : []; - const filteredInput = scopeArr - ? StringUtils.removeEmptyStringsFromArray(scopeArr) - : []; - // Validate and filter scopes (validate function throws if validation fails) - this.validateInputScopes(filteredInput); - this.scopes = new Set(); // Iterator in constructor not supported by IE11 - filteredInput.forEach((scope) => this.scopes.add(scope)); - } - /** - * Factory method to create ScopeSet from space-delimited string - * @param inputScopeString - * @param appClientId - * @param scopesRequired - */ - static fromString(inputScopeString) { - const scopeString = inputScopeString || Constants.EMPTY_STRING; - const inputScopes = scopeString.split(" "); - return new ScopeSet(inputScopes); - } - /** - * Creates the set of scopes to search for in cache lookups - * @param inputScopeString - * @returns - */ - static createSearchScopes(inputScopeString) { - const scopeSet = new ScopeSet(inputScopeString); - if (!scopeSet.containsOnlyOIDCScopes()) { - scopeSet.removeOIDCScopes(); - } - else { - scopeSet.removeScope(Constants.OFFLINE_ACCESS_SCOPE); - } - return scopeSet; - } - /** - * Used to validate the scopes input parameter requested by the developer. - * @param {Array} inputScopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned. - * @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not - */ - validateInputScopes(inputScopes) { - // Check if scopes are required but not given or is an empty array - if (!inputScopes || inputScopes.length < 1) { - throw createClientConfigurationError(emptyInputScopesError); - } - } - /** - * Check if a given scope is present in this set of scopes. - * @param scope - */ - containsScope(scope) { - const lowerCaseScopes = this.printScopesLowerCase().split(" "); - const lowerCaseScopesSet = new ScopeSet(lowerCaseScopes); - // compare lowercase scopes - return scope - ? lowerCaseScopesSet.scopes.has(scope.toLowerCase()) - : false; - } - /** - * Check if a set of scopes is present in this set of scopes. - * @param scopeSet - */ - containsScopeSet(scopeSet) { - if (!scopeSet || scopeSet.scopes.size <= 0) { - return false; - } - return (this.scopes.size >= scopeSet.scopes.size && - scopeSet.asArray().every((scope) => this.containsScope(scope))); - } - /** - * Check if set of scopes contains only the defaults - */ - containsOnlyOIDCScopes() { - let defaultScopeCount = 0; - OIDC_SCOPES.forEach((defaultScope) => { - if (this.containsScope(defaultScope)) { - defaultScopeCount += 1; - } - }); - return this.scopes.size === defaultScopeCount; - } - /** - * Appends single scope if passed - * @param newScope - */ - appendScope(newScope) { - if (newScope) { - this.scopes.add(newScope.trim()); - } - } - /** - * Appends multiple scopes if passed - * @param newScopes - */ - appendScopes(newScopes) { - try { - newScopes.forEach((newScope) => this.appendScope(newScope)); - } - catch (e) { - throw createClientAuthError(cannotAppendScopeSet); - } - } - /** - * Removes element from set of scopes. - * @param scope - */ - removeScope(scope) { - if (!scope) { - throw createClientAuthError(cannotRemoveEmptyScope); - } - this.scopes.delete(scope.trim()); - } - /** - * Removes default scopes from set of scopes - * Primarily used to prevent cache misses if the default scopes are not returned from the server - */ - removeOIDCScopes() { - OIDC_SCOPES.forEach((defaultScope) => { - this.scopes.delete(defaultScope); - }); - } - /** - * Combines an array of scopes with the current set of scopes. - * @param otherScopes - */ - unionScopeSets(otherScopes) { - if (!otherScopes) { - throw createClientAuthError(emptyInputScopeSet); - } - const unionScopes = new Set(); // Iterator in constructor not supported in IE11 - otherScopes.scopes.forEach((scope) => unionScopes.add(scope.toLowerCase())); - this.scopes.forEach((scope) => unionScopes.add(scope.toLowerCase())); - return unionScopes; - } - /** - * Check if scopes intersect between this set and another. - * @param otherScopes - */ - intersectingScopeSets(otherScopes) { - if (!otherScopes) { - throw createClientAuthError(emptyInputScopeSet); - } - // Do not allow OIDC scopes to be the only intersecting scopes - if (!otherScopes.containsOnlyOIDCScopes()) { - otherScopes.removeOIDCScopes(); - } - const unionScopes = this.unionScopeSets(otherScopes); - const sizeOtherScopes = otherScopes.getScopeCount(); - const sizeThisScopes = this.getScopeCount(); - const sizeUnionScopes = unionScopes.size; - return sizeUnionScopes < sizeThisScopes + sizeOtherScopes; - } - /** - * Returns size of set of scopes. - */ - getScopeCount() { - return this.scopes.size; - } - /** - * Returns the scopes as an array of string values - */ - asArray() { - const array = []; - this.scopes.forEach((val) => array.push(val)); - return array; - } - /** - * Prints scopes into a space-delimited string - */ - printScopes() { - if (this.scopes) { - const scopeArr = this.asArray(); - return scopeArr.join(" "); - } - return Constants.EMPTY_STRING; - } - /** - * Prints scopes into a space-delimited lower-case string (used for caching) - */ - printScopesLowerCase() { - return this.printScopes().toLowerCase(); - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/network/FetchClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * This class implements the Fetch API for GET and POST requests. See more here: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API + */ +class FetchClient { + /** + * Fetch Client for REST endpoints - Get request + * @param url + * @param headers + * @param body + */ + async sendGetRequestAsync(url, options) { + let response; + try { + response = await fetch(url, { + method: HTTP_REQUEST_TYPE.GET, + headers: this.getFetchHeaders(options), + }); + } + catch (e) { + if (window.navigator.onLine) { + throw createBrowserAuthError(getRequestFailed); + } + else { + throw createBrowserAuthError(BrowserAuthErrorCodes_noNetworkConnectivity); + } + } + try { + return { + headers: this.getHeaderDict(response.headers), + body: (await response.json()), + status: response.status, + }; + } + catch (e) { + throw createBrowserAuthError(failedToParseResponse); + } + } + /** + * Fetch Client for REST endpoints - Post request + * @param url + * @param headers + * @param body + */ + async sendPostRequestAsync(url, options) { + const reqBody = (options && options.body) || Constants.EMPTY_STRING; + let response; + try { + response = await fetch(url, { + method: HTTP_REQUEST_TYPE.POST, + headers: this.getFetchHeaders(options), + body: reqBody, + }); + } + catch (e) { + if (window.navigator.onLine) { + throw createBrowserAuthError(BrowserAuthErrorCodes_postRequestFailed); + } + else { + throw createBrowserAuthError(BrowserAuthErrorCodes_noNetworkConnectivity); + } + } + try { + return { + headers: this.getHeaderDict(response.headers), + body: (await response.json()), + status: response.status, + }; + } + catch (e) { + throw createBrowserAuthError(failedToParseResponse); + } + } + /** + * Get Fetch API Headers object from string map + * @param inputHeaders + */ + getFetchHeaders(options) { + const headers = new Headers(); + if (!(options && options.headers)) { + return headers; + } + const optionsHeaders = options.headers; + Object.keys(optionsHeaders).forEach((key) => { + headers.append(key, optionsHeaders[key]); + }); + return headers; + } + getHeaderDict(headers) { + const headerDict = {}; + headers.forEach((value, key) => { + headerDict[key] = value; + }); + return headerDict; + } } -//# sourceMappingURL=ScopeSet.mjs.map +//# sourceMappingURL=FetchClient.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/account/ClientInfo.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/config/Configuration.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +// Default timeout for popup windows and iframes in milliseconds +const DEFAULT_POPUP_TIMEOUT_MS = 60000; +const DEFAULT_IFRAME_TIMEOUT_MS = 10000; +const DEFAULT_REDIRECT_TIMEOUT_MS = 30000; +const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000; +/** + * MSAL function that sets the default options when not explicitly configured from app developer + * + * @param auth + * @param cache + * @param system + * + * @returns Configuration object + */ +function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, telemetry: userInputTelemetry, }, isBrowserEnvironment) { + // Default auth options for browser + const DEFAULT_AUTH_OPTIONS = { + clientId: Constants.EMPTY_STRING, + authority: `${Constants.DEFAULT_AUTHORITY}`, + knownAuthorities: [], + cloudDiscoveryMetadata: Constants.EMPTY_STRING, + authorityMetadata: Constants.EMPTY_STRING, + redirectUri: Constants.EMPTY_STRING, + postLogoutRedirectUri: Constants.EMPTY_STRING, + navigateToLoginRequestUrl: true, + clientCapabilities: [], + protocolMode: ProtocolMode.AAD, + OIDCOptions: { + serverResponseType: ServerResponseType.FRAGMENT, + defaultScopes: [ + Constants.OPENID_SCOPE, + Constants.PROFILE_SCOPE, + Constants.OFFLINE_ACCESS_SCOPE, + ], + }, + azureCloudOptions: { + azureCloudInstance: AzureCloudInstance.None, + tenant: Constants.EMPTY_STRING, + }, + skipAuthorityMetadataCache: false, + supportsNestedAppAuth: false, + }; + // Default cache options for browser + const DEFAULT_CACHE_OPTIONS = { + cacheLocation: BrowserCacheLocation.SessionStorage, + temporaryCacheLocation: BrowserCacheLocation.SessionStorage, + storeAuthStateInCookie: false, + secureCookies: false, + // Default cache migration to true if cache location is localStorage since entries are preserved across tabs/windows. Migration has little to no benefit in sessionStorage and memoryStorage + cacheMigrationEnabled: userInputCache && + userInputCache.cacheLocation === BrowserCacheLocation.LocalStorage + ? true + : false, + claimsBasedCachingEnabled: false, + }; + // Default logger options for browser + const DEFAULT_LOGGER_OPTIONS = { + // eslint-disable-next-line @typescript-eslint/no-empty-function + loggerCallback: () => { + // allow users to not set logger call back + }, + logLevel: LogLevel.Info, + piiLoggingEnabled: false, + }; + // Default system options for browser + const DEFAULT_BROWSER_SYSTEM_OPTIONS = { + ...DEFAULT_SYSTEM_OPTIONS, + loggerOptions: DEFAULT_LOGGER_OPTIONS, + networkClient: isBrowserEnvironment + ? new FetchClient() + : StubbedNetworkModule, + navigationClient: new NavigationClient(), + loadFrameTimeout: 0, + // If loadFrameTimeout is provided, use that as default. + windowHashTimeout: userInputSystem?.loadFrameTimeout || DEFAULT_POPUP_TIMEOUT_MS, + iframeHashTimeout: userInputSystem?.loadFrameTimeout || DEFAULT_IFRAME_TIMEOUT_MS, + navigateFrameWait: 0, + redirectNavigationTimeout: DEFAULT_REDIRECT_TIMEOUT_MS, + asyncPopups: false, + allowRedirectInIframe: false, + allowNativeBroker: false, + nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout || + DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS, + pollIntervalMilliseconds: BrowserConstants.DEFAULT_POLL_INTERVAL_MS, + }; + const providedSystemOptions = { + ...DEFAULT_BROWSER_SYSTEM_OPTIONS, + ...userInputSystem, + loggerOptions: userInputSystem?.loggerOptions || DEFAULT_LOGGER_OPTIONS, + }; + const DEFAULT_TELEMETRY_OPTIONS = { + application: { + appName: Constants.EMPTY_STRING, + appVersion: Constants.EMPTY_STRING, + }, + client: new StubPerformanceClient(), + }; + // Throw an error if user has set OIDCOptions without being in OIDC protocol mode + if (userInputAuth?.protocolMode !== ProtocolMode.OIDC && + userInputAuth?.OIDCOptions) { + const logger = new Logger(providedSystemOptions.loggerOptions); + logger.warning(JSON.stringify(createClientConfigurationError(cannotSetOIDCOptions))); + } + // Throw an error if user has set allowNativeBroker to true without being in AAD protocol mode + if (userInputAuth?.protocolMode && + userInputAuth.protocolMode !== ProtocolMode.AAD && + providedSystemOptions?.allowNativeBroker) { + throw createClientConfigurationError(cannotAllowNativeBroker); + } + const overlayedConfig = { + auth: { + ...DEFAULT_AUTH_OPTIONS, + ...userInputAuth, + OIDCOptions: { + ...DEFAULT_AUTH_OPTIONS.OIDCOptions, + ...userInputAuth?.OIDCOptions, + }, + }, + cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache }, + system: providedSystemOptions, + telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry }, + }; + return overlayedConfig; +} +//# sourceMappingURL=Configuration.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/packageMetadata.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ +/* eslint-disable header/header */ +const dist_packageMetadata_name = "@azure/msal-browser"; +const packageMetadata_version = "3.23.0"; -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Function to build a client info object from server clientInfo string - * @param rawClientInfo - * @param crypto - */ -function buildClientInfo(rawClientInfo, base64Decode) { - if (!rawClientInfo) { - throw createClientAuthError(clientInfoEmptyError); - } - try { - const decodedClientInfo = base64Decode(rawClientInfo); - return JSON.parse(decodedClientInfo); - } - catch (e) { - throw createClientAuthError(clientInfoDecodingError); - } -} -/** - * Function to build a client info object from cached homeAccountId string - * @param homeAccountId - */ -function buildClientInfoFromHomeAccountId(homeAccountId) { - if (!homeAccountId) { - throw createClientAuthError(clientInfoDecodingError); - } - const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2); - return { - uid: clientInfoParts[0], - utid: clientInfoParts.length < 2 - ? Constants.EMPTY_STRING - : clientInfoParts[1], - }; + +//# sourceMappingURL=packageMetadata.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/operatingcontext/BaseOperatingContext.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Base class for operating context + * Operating contexts are contexts in which MSAL.js is being run + * More than one operating context may be available at a time + * It's important from a logging and telemetry point of view for us to be able to identify the operating context. + * For example: Some operating contexts will pre-cache tokens impacting performance telemetry + */ +class BaseOperatingContext { + static loggerCallback(level, message) { + switch (level) { + case LogLevel.Error: + // eslint-disable-next-line no-console + console.error(message); + return; + case LogLevel.Info: + // eslint-disable-next-line no-console + console.info(message); + return; + case LogLevel.Verbose: + // eslint-disable-next-line no-console + console.debug(message); + return; + case LogLevel.Warning: + // eslint-disable-next-line no-console + console.warn(message); + return; + default: + // eslint-disable-next-line no-console + console.log(message); + return; + } + } + constructor(config) { + /* + * If loaded in an environment where window is not available, + * set internal flag to false so that further requests fail. + * This is to support server-side rendering environments. + */ + this.browserEnvironment = typeof window !== "undefined"; + this.config = buildConfiguration(config, this.browserEnvironment); + let sessionStorage; + try { + sessionStorage = window[BrowserCacheLocation.SessionStorage]; + // Mute errors if it's a non-browser environment or cookies are blocked. + } + catch (e) { } + const logLevelKey = sessionStorage?.getItem(LOG_LEVEL_CACHE_KEY); + const piiLoggingKey = sessionStorage + ?.getItem(LOG_PII_CACHE_KEY) + ?.toLowerCase(); + const piiLoggingEnabled = piiLoggingKey === "true" + ? true + : piiLoggingKey === "false" + ? false + : undefined; + const loggerOptions = { ...this.config.system.loggerOptions }; + const logLevel = logLevelKey && Object.keys(LogLevel).includes(logLevelKey) + ? LogLevel[logLevelKey] + : undefined; + if (logLevel) { + loggerOptions.loggerCallback = BaseOperatingContext.loggerCallback; + loggerOptions.logLevel = logLevel; + } + if (piiLoggingEnabled !== undefined) { + loggerOptions.piiLoggingEnabled = piiLoggingEnabled; + } + this.logger = new Logger(loggerOptions, dist_packageMetadata_name, packageMetadata_version); + this.available = false; + } + /** + * Return the MSAL config + * @returns BrowserConfiguration + */ + getConfig() { + return this.config; + } + /** + * Returns the MSAL Logger + * @returns Logger + */ + getLogger() { + return this.logger; + } + isAvailable() { + return this.available; + } + isBrowserEnvironment() { + return this.browserEnvironment; + } } -//# sourceMappingURL=ClientInfo.mjs.map +//# sourceMappingURL=BaseOperatingContext.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/account/AccountInfo.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/operatingcontext/StandardOperatingContext.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class StandardOperatingContext_StandardOperatingContext extends BaseOperatingContext { + /** + * Return the module name. Intended for use with import() to enable dynamic import + * of the implementation associated with this operating context + * @returns + */ + getModuleName() { + return StandardOperatingContext_StandardOperatingContext.MODULE_NAME; + } + /** + * Returns the unique identifier for this operating context + * @returns string + */ + getId() { + return StandardOperatingContext_StandardOperatingContext.ID; + } + /** + * Checks whether the operating context is available. + * Confirms that the code is running a browser rather. This is required. + * @returns Promise indicating whether this operating context is currently available. + */ + async initialize() { + this.available = typeof window !== "undefined"; + return this.available; + /* + * NOTE: The standard context is available as long as there is a window. If/when we split out WAM from Browser + * We can move the current contents of the initialize method to here and verify that the WAM extension is available + */ + } +} +/* + * TODO: Once we have determine the bundling code return here to specify the name of the bundle + * containing the implementation for this operating context + */ +StandardOperatingContext_StandardOperatingContext.MODULE_NAME = ""; +/** + * Unique identifier for the operating context + */ +StandardOperatingContext_StandardOperatingContext.ID = "StandardOperatingContext"; -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Returns true if tenantId matches the utid portion of homeAccountId - * @param tenantId - * @param homeAccountId - * @returns - */ -function tenantIdMatchesHomeTenant(tenantId, homeAccountId) { - return (!!tenantId && - !!homeAccountId && - tenantId === homeAccountId.split(".")[1]); -} -/** - * Build tenant profile - * @param homeAccountId - Home account identifier for this account object - * @param localAccountId - Local account identifer for this account object - * @param tenantId - Full tenant or organizational id that this account belongs to - * @param idTokenClaims - Claims from the ID token - * @returns - */ -function buildTenantProfile(homeAccountId, localAccountId, tenantId, idTokenClaims) { - if (idTokenClaims) { - const { oid, sub, tid, name, tfp, acr } = idTokenClaims; - /** - * Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence: - * tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens. - * tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios. - * acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway. - */ - const tenantId = tid || tfp || acr || ""; - return { - tenantId: tenantId, - localAccountId: oid || sub || "", - name: name, - isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId), - }; - } - else { - return { - tenantId, - localAccountId, - isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId), - }; - } -} -/** - * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info - * @param baseAccountInfo - * @param idTokenClaims - * @returns - */ -function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenClaims, idTokenSecret) { - let updatedAccountInfo = baseAccountInfo; - // Tenant Profile overrides passed in account info - if (tenantProfile) { - // eslint-disable-next-line @typescript-eslint/no-unused-vars - const { isHomeTenant, ...tenantProfileOverride } = tenantProfile; - updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride }; - } - // ID token claims override passed in account info and tenant profile - if (idTokenClaims) { - // Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info - // eslint-disable-next-line @typescript-eslint/no-unused-vars - const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfile(baseAccountInfo.homeAccountId, baseAccountInfo.localAccountId, baseAccountInfo.tenantId, idTokenClaims); - updatedAccountInfo = { - ...updatedAccountInfo, - ...claimsSourcedTenantProfile, - idTokenClaims: idTokenClaims, - idToken: idTokenSecret, - }; - return updatedAccountInfo; - } - return updatedAccountInfo; -} +//# sourceMappingURL=StandardOperatingContext.mjs.map -//# sourceMappingURL=AccountInfo.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/JoseHeaderErrorCodes.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/authority/AuthorityType.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const missingKidError = "missing_kid_error"; +const missingAlgError = "missing_alg_error"; -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Authority types supported by MSAL. - */ -const AuthorityType = { - Default: 0, - Adfs: 1, - Dsts: 2, - Ciam: 3, -}; +//# sourceMappingURL=JoseHeaderErrorCodes.mjs.map -//# sourceMappingURL=AuthorityType.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/JoseHeaderError.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const JoseHeaderErrorMessages = { + [missingKidError]: "The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.", + [missingAlgError]: "The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided.", +}; +/** + * Error thrown when there is an error in the client code running on the browser. + */ +class JoseHeaderError extends AuthError { + constructor(errorCode, errorMessage) { + super(errorCode, errorMessage); + this.name = "JoseHeaderError"; + Object.setPrototypeOf(this, JoseHeaderError.prototype); + } +} +/** Returns JoseHeaderError object */ +function createJoseHeaderError(code) { + return new JoseHeaderError(code, JoseHeaderErrorMessages[code]); +} -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/account/TokenClaims.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Gets tenantId from available ID token claims to set as credential realm with the following precedence: - * 1. tid - if the token is acquired from an Azure AD tenant tid will be present - * 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present - * 3. acr - if the token is acquired from a legacy B2C tenant acr should be present - * Downcased to match the realm case-insensitive comparison requirements - * @param idTokenClaims - * @returns - */ -function getTenantIdFromIdTokenClaims(idTokenClaims) { - if (idTokenClaims) { - const tenantId = idTokenClaims.tid || idTokenClaims.tfp || idTokenClaims.acr; - return tenantId || null; - } - return null; +//# sourceMappingURL=JoseHeaderError.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/crypto/JoseHeader.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** @internal */ +class JoseHeader { + constructor(options) { + this.typ = options.typ; + this.alg = options.alg; + this.kid = options.kid; + } + /** + * Builds SignedHttpRequest formatted JOSE Header from the + * JOSE Header options provided or previously set on the object and returns + * the stringified header object. + * Throws if keyId or algorithm aren't provided since they are required for Access Token Binding. + * @param shrHeaderOptions + * @returns + */ + static getShrHeaderString(shrHeaderOptions) { + // KeyID is required on the SHR header + if (!shrHeaderOptions.kid) { + throw createJoseHeaderError(missingKidError); + } + // Alg is required on the SHR header + if (!shrHeaderOptions.alg) { + throw createJoseHeaderError(missingAlgError); + } + const shrHeader = new JoseHeader({ + // Access Token PoP headers must have type pop, but the type header can be overriden for special cases + typ: shrHeaderOptions.typ || JsonWebTokenTypes.Pop, + kid: shrHeaderOptions.kid, + alg: shrHeaderOptions.alg, + }); + return JSON.stringify(shrHeader); + } } -//# sourceMappingURL=TokenClaims.mjs.map +//# sourceMappingURL=JoseHeader.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/cache/entities/AccountEntity.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/encode/Base64Encode.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Class which exposes APIs to encode plaintext to base64 encoded string. See here for implementation details: + * https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_JavaScript's_UTF-16_%3E_UTF-8_%3E_base64 + */ +/** + * Returns URL Safe b64 encoded string from a plaintext string. + * @param input + */ +function urlEncode(input) { + return encodeURIComponent(base64Encode(input) + .replace(/=/g, "") + .replace(/\+/g, "-") + .replace(/\//g, "_")); +} +/** + * Returns URL Safe b64 encoded string from an int8Array. + * @param inputArr + */ +function urlEncodeArr(inputArr) { + return base64EncArr(inputArr) + .replace(/=/g, "") + .replace(/\+/g, "-") + .replace(/\//g, "_"); +} +/** + * Returns b64 encoded string from plaintext string. + * @param input + */ +function base64Encode(input) { + return base64EncArr(new TextEncoder().encode(input)); +} +/** + * Base64 encode byte array + * @param aBytes + */ +function base64EncArr(aBytes) { + const binString = Array.from(aBytes, (x) => String.fromCodePoint(x)).join(""); + return btoa(binString); +} +//# sourceMappingURL=Base64Encode.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/encode/Base64Decode.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details: + * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem + */ +/** + * Returns a URL-safe plaintext decoded string from b64 encoded input. + * @param input + */ +function base64Decode(input) { + return new TextDecoder().decode(base64DecToArr(input)); +} +/** + * Decodes base64 into Uint8Array + * @param base64String + */ +function base64DecToArr(base64String) { + let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/"); + switch (encodedString.length % 4) { + case 0: + break; + case 2: + encodedString += "=="; + break; + case 3: + encodedString += "="; + break; + default: + throw createBrowserAuthError(invalidBase64String); + } + const binString = atob(encodedString); + return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0); +} +//# sourceMappingURL=Base64Decode.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/crypto/BrowserCrypto.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * This file defines functions used by the browser library to perform cryptography operations such as + * hashing and encoding. It also has helper functions to validate the availability of specific APIs. + */ +/** + * See here for more info on RsaHashedKeyGenParams: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams + */ +// RSA KeyGen Algorithm +const PKCS1_V15_KEYGEN_ALG = "RSASSA-PKCS1-v1_5"; +// SHA-256 hashing algorithm +const S256_HASH_ALG = "SHA-256"; +// MOD length for PoP tokens +const MODULUS_LENGTH = 2048; +// Public Exponent +const PUBLIC_EXPONENT = new Uint8Array([0x01, 0x00, 0x01]); +// UUID hex digits +const UUID_CHARS = "0123456789abcdef"; +// Array to store UINT32 random value +const UINT32_ARR = new Uint32Array(1); +const keygenAlgorithmOptions = { + name: PKCS1_V15_KEYGEN_ALG, + hash: S256_HASH_ALG, + modulusLength: MODULUS_LENGTH, + publicExponent: PUBLIC_EXPONENT, +}; +/** + * Check whether browser crypto is available. + */ +function validateCryptoAvailable(logger) { + if ("crypto" in window) { + logger.verbose("BrowserCrypto: modern crypto interface available"); + } + else { + logger.error("BrowserCrypto: crypto interface is unavailable"); + throw createBrowserAuthError(cryptoNonExistent); + } +} +/** + * Returns a sha-256 hash of the given dataString as an ArrayBuffer. + * @param dataString {string} data string + * @param performanceClient {?IPerformanceClient} + * @param correlationId {?string} correlation id + */ +async function sha256Digest(dataString, performanceClient, correlationId) { + performanceClient?.addQueueMeasurement(PerformanceEvents.Sha256Digest, correlationId); + const encoder = new TextEncoder(); + const data = encoder.encode(dataString); + return window.crypto.subtle.digest(S256_HASH_ALG, data); +} +/** + * Populates buffer with cryptographically random values. + * @param dataBuffer + */ +function getRandomValues(dataBuffer) { + return window.crypto.getRandomValues(dataBuffer); +} +/** + * Returns random Uint32 value. + * @returns {number} + */ +function getRandomUint32() { + window.crypto.getRandomValues(UINT32_ARR); + return UINT32_ARR[0]; +} +/** + * Creates a UUID v7 from the current timestamp. + * Implementation relies on the system clock to guarantee increasing order of generated identifiers. + * @returns {number} + */ +function BrowserCrypto_createNewGuid() { + const currentTimestamp = Date.now(); + const baseRand = getRandomUint32() * 0x400 + (getRandomUint32() & 0x3ff); + // Result byte array + const bytes = new Uint8Array(16); + // A 12-bit `rand_a` field value + const randA = Math.trunc(baseRand / 2 ** 30); + // The higher 30 bits of 62-bit `rand_b` field value + const randBHi = baseRand & (2 ** 30 - 1); + // The lower 32 bits of 62-bit `rand_b` field value + const randBLo = getRandomUint32(); + bytes[0] = currentTimestamp / 2 ** 40; + bytes[1] = currentTimestamp / 2 ** 32; + bytes[2] = currentTimestamp / 2 ** 24; + bytes[3] = currentTimestamp / 2 ** 16; + bytes[4] = currentTimestamp / 2 ** 8; + bytes[5] = currentTimestamp; + bytes[6] = 0x70 | (randA >>> 8); + bytes[7] = randA; + bytes[8] = 0x80 | (randBHi >>> 24); + bytes[9] = randBHi >>> 16; + bytes[10] = randBHi >>> 8; + bytes[11] = randBHi; + bytes[12] = randBLo >>> 24; + bytes[13] = randBLo >>> 16; + bytes[14] = randBLo >>> 8; + bytes[15] = randBLo; + let text = ""; + for (let i = 0; i < bytes.length; i++) { + text += UUID_CHARS.charAt(bytes[i] >>> 4); + text += UUID_CHARS.charAt(bytes[i] & 0xf); + if (i === 3 || i === 5 || i === 7 || i === 9) { + text += "-"; + } + } + return text; +} +/** + * Generates a keypair based on current keygen algorithm config. + * @param extractable + * @param usages + */ +async function generateKeyPair(extractable, usages) { + return window.crypto.subtle.generateKey(keygenAlgorithmOptions, extractable, usages); +} +/** + * Export key as Json Web Key (JWK) + * @param key + */ +async function exportJwk(key) { + return window.crypto.subtle.exportKey(KEY_FORMAT_JWK, key); +} +/** + * Imports key as Json Web Key (JWK), can set extractable and usages. + * @param key + * @param extractable + * @param usages + */ +async function importJwk(key, extractable, usages) { + return window.crypto.subtle.importKey(KEY_FORMAT_JWK, key, keygenAlgorithmOptions, extractable, usages); +} +/** + * Signs given data with given key + * @param key + * @param data + */ +async function sign(key, data) { + return window.crypto.subtle.sign(keygenAlgorithmOptions, key, data); +} +/** + * Returns the SHA-256 hash of an input string + * @param plainText + */ +async function hashString(plainText) { + const hashBuffer = await sha256Digest(plainText); + const hashBytes = new Uint8Array(hashBuffer); + return urlEncodeArr(hashBytes); +} +//# sourceMappingURL=BrowserCrypto.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/cache/DatabaseStorage.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Storage wrapper for IndexedDB storage in browsers: https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API + */ +class DatabaseStorage { + constructor() { + this.dbName = DB_NAME; + this.version = DB_VERSION; + this.tableName = DB_TABLE_NAME; + this.dbOpen = false; + } + /** + * Opens IndexedDB instance. + */ + async open() { + return new Promise((resolve, reject) => { + const openDB = window.indexedDB.open(this.dbName, this.version); + openDB.addEventListener("upgradeneeded", (e) => { + const event = e; + event.target.result.createObjectStore(this.tableName); + }); + openDB.addEventListener("success", (e) => { + const event = e; + this.db = event.target.result; + this.dbOpen = true; + resolve(); + }); + openDB.addEventListener("error", () => reject(createBrowserAuthError(databaseUnavailable))); + }); + } + /** + * Closes the connection to IndexedDB database when all pending transactions + * complete. + */ + closeConnection() { + const db = this.db; + if (db && this.dbOpen) { + db.close(); + this.dbOpen = false; + } + } + /** + * Opens database if it's not already open + */ + async validateDbIsOpen() { + if (!this.dbOpen) { + return this.open(); + } + } + /** + * Retrieves item from IndexedDB instance. + * @param key + */ + async getItem(key) { + await this.validateDbIsOpen(); + return new Promise((resolve, reject) => { + // TODO: Add timeouts? + if (!this.db) { + return reject(createBrowserAuthError(databaseNotOpen)); + } + const transaction = this.db.transaction([this.tableName], "readonly"); + const objectStore = transaction.objectStore(this.tableName); + const dbGet = objectStore.get(key); + dbGet.addEventListener("success", (e) => { + const event = e; + this.closeConnection(); + resolve(event.target.result); + }); + dbGet.addEventListener("error", (e) => { + this.closeConnection(); + reject(e); + }); + }); + } + /** + * Adds item to IndexedDB under given key + * @param key + * @param payload + */ + async setItem(key, payload) { + await this.validateDbIsOpen(); + return new Promise((resolve, reject) => { + // TODO: Add timeouts? + if (!this.db) { + return reject(createBrowserAuthError(databaseNotOpen)); + } + const transaction = this.db.transaction([this.tableName], "readwrite"); + const objectStore = transaction.objectStore(this.tableName); + const dbPut = objectStore.put(payload, key); + dbPut.addEventListener("success", () => { + this.closeConnection(); + resolve(); + }); + dbPut.addEventListener("error", (e) => { + this.closeConnection(); + reject(e); + }); + }); + } + /** + * Removes item from IndexedDB under given key + * @param key + */ + async removeItem(key) { + await this.validateDbIsOpen(); + return new Promise((resolve, reject) => { + if (!this.db) { + return reject(createBrowserAuthError(databaseNotOpen)); + } + const transaction = this.db.transaction([this.tableName], "readwrite"); + const objectStore = transaction.objectStore(this.tableName); + const dbDelete = objectStore.delete(key); + dbDelete.addEventListener("success", () => { + this.closeConnection(); + resolve(); + }); + dbDelete.addEventListener("error", (e) => { + this.closeConnection(); + reject(e); + }); + }); + } + /** + * Get all the keys from the storage object as an iterable array of strings. + */ + async getKeys() { + await this.validateDbIsOpen(); + return new Promise((resolve, reject) => { + if (!this.db) { + return reject(createBrowserAuthError(databaseNotOpen)); + } + const transaction = this.db.transaction([this.tableName], "readonly"); + const objectStore = transaction.objectStore(this.tableName); + const dbGetKeys = objectStore.getAllKeys(); + dbGetKeys.addEventListener("success", (e) => { + const event = e; + this.closeConnection(); + resolve(event.target.result); + }); + dbGetKeys.addEventListener("error", (e) => { + this.closeConnection(); + reject(e); + }); + }); + } + /** + * + * Checks whether there is an object under the search key in the object store + */ + async containsKey(key) { + await this.validateDbIsOpen(); + return new Promise((resolve, reject) => { + if (!this.db) { + return reject(createBrowserAuthError(databaseNotOpen)); + } + const transaction = this.db.transaction([this.tableName], "readonly"); + const objectStore = transaction.objectStore(this.tableName); + const dbContainsKey = objectStore.count(key); + dbContainsKey.addEventListener("success", (e) => { + const event = e; + this.closeConnection(); + resolve(event.target.result === 1); + }); + dbContainsKey.addEventListener("error", (e) => { + this.closeConnection(); + reject(e); + }); + }); + } + /** + * Deletes the MSAL database. The database is deleted rather than cleared to make it possible + * for client applications to downgrade to a previous MSAL version without worrying about forward compatibility issues + * with IndexedDB database versions. + */ + async deleteDatabase() { + // Check if database being deleted exists + if (this.db && this.dbOpen) { + this.closeConnection(); + } + return new Promise((resolve, reject) => { + const deleteDbRequest = window.indexedDB.deleteDatabase(DB_NAME); + const id = setTimeout(() => reject(false), 200); // Reject if events aren't raised within 200ms + deleteDbRequest.addEventListener("success", () => { + clearTimeout(id); + return resolve(true); + }); + deleteDbRequest.addEventListener("blocked", () => { + clearTimeout(id); + return resolve(true); + }); + deleteDbRequest.addEventListener("error", () => { + clearTimeout(id); + return reject(false); + }); + }); + } +} -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs). - * - * Key : Value Schema - * - * Key: -- - * - * Value Schema: - * { - * homeAccountId: home account identifier for the auth scheme, - * environment: entity that issued the token, represented as a full host - * realm: Full tenant or organizational identifier that the account belongs to - * localAccountId: Original tenant-specific accountID, usually used for legacy cases - * username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt - * authorityType: Accounts authority type as a string - * name: Full name for the account, including given name and family name, - * lastModificationTime: last time this entity was modified in the cache - * lastModificationApp: - * nativeAccountId: Account identifier on the native device - * tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser - * } - * @internal - */ -class AccountEntity { - /** - * Generate Account Id key component as per the schema: - - */ - generateAccountId() { - const accountId = [this.homeAccountId, this.environment]; - return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); - } - /** - * Generate Account Cache Key as per the schema: -- - */ - generateAccountKey() { - return AccountEntity.generateAccountCacheKey({ - homeAccountId: this.homeAccountId, - environment: this.environment, - tenantId: this.realm, - username: this.username, - localAccountId: this.localAccountId, - }); - } - /** - * Returns the AccountInfo interface for this account. - */ - getAccountInfo() { - return { - homeAccountId: this.homeAccountId, - environment: this.environment, - tenantId: this.realm, - username: this.username, - localAccountId: this.localAccountId, - name: this.name, - nativeAccountId: this.nativeAccountId, - authorityType: this.authorityType, - // Deserialize tenant profiles array into a Map - tenantProfiles: new Map((this.tenantProfiles || []).map((tenantProfile) => { - return [tenantProfile.tenantId, tenantProfile]; - })), - }; - } - /** - * Returns true if the account entity is in single tenant format (outdated), false otherwise - */ - isSingleTenant() { - return !this.tenantProfiles; - } - /** - * Generates account key from interface - * @param accountInterface - */ - static generateAccountCacheKey(accountInterface) { - const homeTenantId = accountInterface.homeAccountId.split(".")[1]; - const accountKey = [ - accountInterface.homeAccountId, - accountInterface.environment || "", - homeTenantId || accountInterface.tenantId || "", - ]; - return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); - } - /** - * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD. - * @param accountDetails - */ - static createAccount(accountDetails, authority, base64Decode) { - const account = new AccountEntity(); - if (authority.authorityType === AuthorityType.Adfs) { - account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE; - } - else if (authority.protocolMode === ProtocolMode.AAD) { - account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE; - } - else { - account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE; - } - let clientInfo; - if (accountDetails.clientInfo && base64Decode) { - clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode); - } - account.clientInfo = accountDetails.clientInfo; - account.homeAccountId = accountDetails.homeAccountId; - account.nativeAccountId = accountDetails.nativeAccountId; - const env = accountDetails.environment || - (authority && authority.getPreferredCache()); - if (!env) { - throw createClientAuthError(invalidCacheEnvironment); - } - account.environment = env; - // non AAD scenarios can have empty realm - account.realm = - clientInfo?.utid || - getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) || - ""; - // How do you account for MSA CID here? - account.localAccountId = - clientInfo?.uid || - accountDetails.idTokenClaims?.oid || - accountDetails.idTokenClaims?.sub || - ""; - /* - * In B2C scenarios the emails claim is used instead of preferred_username and it is an array. - * In most cases it will contain a single email. This field should not be relied upon if a custom - * policy is configured to return more than 1 email. - */ - const preferredUsername = accountDetails.idTokenClaims?.preferred_username || - accountDetails.idTokenClaims?.upn; - const email = accountDetails.idTokenClaims?.emails - ? accountDetails.idTokenClaims.emails[0] - : null; - account.username = preferredUsername || email || ""; - account.name = accountDetails.idTokenClaims?.name || ""; - account.cloudGraphHostName = accountDetails.cloudGraphHostName; - account.msGraphHost = accountDetails.msGraphHost; - if (accountDetails.tenantProfiles) { - account.tenantProfiles = accountDetails.tenantProfiles; - } - else { - const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims); - account.tenantProfiles = [tenantProfile]; - } - return account; - } - /** - * Creates an AccountEntity object from AccountInfo - * @param accountInfo - * @param cloudGraphHostName - * @param msGraphHost - * @returns - */ - static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) { - const account = new AccountEntity(); - account.authorityType = - accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE; - account.homeAccountId = accountInfo.homeAccountId; - account.localAccountId = accountInfo.localAccountId; - account.nativeAccountId = accountInfo.nativeAccountId; - account.realm = accountInfo.tenantId; - account.environment = accountInfo.environment; - account.username = accountInfo.username; - account.name = accountInfo.name; - account.cloudGraphHostName = cloudGraphHostName; - account.msGraphHost = msGraphHost; - // Serialize tenant profiles map into an array - account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []); - return account; - } - /** - * Generate HomeAccountId from server response - * @param serverClientInfo - * @param authType - */ - static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) { - // since ADFS/DSTS do not have tid and does not set client_info - if (!(authType === AuthorityType.Adfs || - authType === AuthorityType.Dsts)) { - // for cases where there is clientInfo - if (serverClientInfo) { - try { - const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode); - if (clientInfo.uid && clientInfo.utid) { - return `${clientInfo.uid}.${clientInfo.utid}`; - } - } - catch (e) { } - } - logger.warning("No client info in response"); - } - // default to "sub" claim - return idTokenClaims?.sub || ""; - } - /** - * Validates an entity: checks for all expected params - * @param entity - */ - static isAccountEntity(entity) { - if (!entity) { - return false; - } - return (entity.hasOwnProperty("homeAccountId") && - entity.hasOwnProperty("environment") && - entity.hasOwnProperty("realm") && - entity.hasOwnProperty("localAccountId") && - entity.hasOwnProperty("username") && - entity.hasOwnProperty("authorityType")); - } - /** - * Helper function to determine whether 2 accountInfo objects represent the same account - * @param accountA - * @param accountB - * @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality - */ - static accountInfoIsEqual(accountA, accountB, compareClaims) { - if (!accountA || !accountB) { - return false; - } - let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false - if (compareClaims) { - const accountAClaims = (accountA.idTokenClaims || - {}); - const accountBClaims = (accountB.idTokenClaims || - {}); - // issued at timestamp and nonce are expected to change each time a new id token is acquired - claimsMatch = - accountAClaims.iat === accountBClaims.iat && - accountAClaims.nonce === accountBClaims.nonce; - } - return (accountA.homeAccountId === accountB.homeAccountId && - accountA.localAccountId === accountB.localAccountId && - accountA.username === accountB.username && - accountA.tenantId === accountB.tenantId && - accountA.environment === accountB.environment && - accountA.nativeAccountId === accountB.nativeAccountId && - claimsMatch); - } + +//# sourceMappingURL=DatabaseStorage.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/cache/MemoryStorage.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class MemoryStorage { + constructor() { + this.cache = new Map(); + } + getItem(key) { + return this.cache.get(key) || null; + } + setItem(key, value) { + this.cache.set(key, value); + } + removeItem(key) { + this.cache.delete(key); + } + getKeys() { + const cacheKeys = []; + this.cache.forEach((value, key) => { + cacheKeys.push(key); + }); + return cacheKeys; + } + containsKey(key) { + return this.cache.has(key); + } + clear() { + this.cache.clear(); + } } -//# sourceMappingURL=AccountEntity.mjs.map +//# sourceMappingURL=MemoryStorage.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/utils/UrlUtils.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/cache/AsyncMemoryStorage.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * This class allows MSAL to store artifacts asynchronously using the DatabaseStorage IndexedDB wrapper, + * backed up with the more volatile MemoryStorage object for cases in which IndexedDB may be unavailable. + */ +class AsyncMemoryStorage { + constructor(logger) { + this.inMemoryCache = new MemoryStorage(); + this.indexedDBCache = new DatabaseStorage(); + this.logger = logger; + } + handleDatabaseAccessError(error) { + if (error instanceof BrowserAuthError && + error.errorCode === databaseUnavailable) { + this.logger.error("Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts."); + } + else { + throw error; + } + } + /** + * Get the item matching the given key. Tries in-memory cache first, then in the asynchronous + * storage object if item isn't found in-memory. + * @param key + */ + async getItem(key) { + const item = this.inMemoryCache.getItem(key); + if (!item) { + try { + this.logger.verbose("Queried item not found in in-memory cache, now querying persistent storage."); + return await this.indexedDBCache.getItem(key); + } + catch (e) { + this.handleDatabaseAccessError(e); + } + } + return item; + } + /** + * Sets the item in the in-memory cache and then tries to set it in the asynchronous + * storage object with the given key. + * @param key + * @param value + */ + async setItem(key, value) { + this.inMemoryCache.setItem(key, value); + try { + await this.indexedDBCache.setItem(key, value); + } + catch (e) { + this.handleDatabaseAccessError(e); + } + } + /** + * Removes the item matching the key from the in-memory cache, then tries to remove it from the asynchronous storage object. + * @param key + */ + async removeItem(key) { + this.inMemoryCache.removeItem(key); + try { + await this.indexedDBCache.removeItem(key); + } + catch (e) { + this.handleDatabaseAccessError(e); + } + } + /** + * Get all the keys from the in-memory cache as an iterable array of strings. If no keys are found, query the keys in the + * asynchronous storage object. + */ + async getKeys() { + const cacheKeys = this.inMemoryCache.getKeys(); + if (cacheKeys.length === 0) { + try { + this.logger.verbose("In-memory cache is empty, now querying persistent storage."); + return await this.indexedDBCache.getKeys(); + } + catch (e) { + this.handleDatabaseAccessError(e); + } + } + return cacheKeys; + } + /** + * Returns true or false if the given key is present in the cache. + * @param key + */ + async containsKey(key) { + const containsKey = this.inMemoryCache.containsKey(key); + if (!containsKey) { + try { + this.logger.verbose("Key not found in in-memory cache, now querying persistent storage."); + return await this.indexedDBCache.containsKey(key); + } + catch (e) { + this.handleDatabaseAccessError(e); + } + } + return containsKey; + } + /** + * Clears in-memory Map + */ + clearInMemory() { + // InMemory cache is a Map instance, clear is straightforward + this.logger.verbose(`Deleting in-memory keystore`); + this.inMemoryCache.clear(); + this.logger.verbose(`In-memory keystore deleted`); + } + /** + * Tries to delete the IndexedDB database + * @returns + */ + async clearPersistent() { + try { + this.logger.verbose("Deleting persistent keystore"); + const dbDeleted = await this.indexedDBCache.deleteDatabase(); + if (dbDeleted) { + this.logger.verbose("Persistent keystore deleted"); + } + return dbDeleted; + } + catch (e) { + this.handleDatabaseAccessError(e); + return false; + } + } +} +//# sourceMappingURL=AsyncMemoryStorage.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/crypto/CryptoOps.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * This class implements MSAL's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and + * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636). + */ +class CryptoOps { + constructor(logger, performanceClient) { + this.logger = logger; + // Browser crypto needs to be validated first before any other classes can be set. + validateCryptoAvailable(logger); + this.cache = new AsyncMemoryStorage(this.logger); + this.performanceClient = performanceClient; + } + /** + * Creates a new random GUID - used to populate state and nonce. + * @returns string (GUID) + */ + createNewGuid() { + return BrowserCrypto_createNewGuid(); + } + /** + * Encodes input string to base64. + * @param input + */ + base64Encode(input) { + return base64Encode(input); + } + /** + * Decodes input string from base64. + * @param input + */ + base64Decode(input) { + return base64Decode(input); + } + /** + * Encodes input string to base64 URL safe string. + * @param input + */ + base64UrlEncode(input) { + return urlEncode(input); + } + /** + * Stringifies and base64Url encodes input public key + * @param inputKid + * @returns Base64Url encoded public key + */ + encodeKid(inputKid) { + return this.base64UrlEncode(JSON.stringify({ kid: inputKid })); + } + /** + * Generates a keypair, stores it and returns a thumbprint + * @param request + */ + async getPublicKeyThumbprint(request) { + const publicKeyThumbMeasurement = this.performanceClient?.startMeasurement(PerformanceEvents.CryptoOptsGetPublicKeyThumbprint, request.correlationId); + // Generate Keypair + const keyPair = await generateKeyPair(CryptoOps.EXTRACTABLE, CryptoOps.POP_KEY_USAGES); + // Generate Thumbprint for Public Key + const publicKeyJwk = await exportJwk(keyPair.publicKey); + const pubKeyThumprintObj = { + e: publicKeyJwk.e, + kty: publicKeyJwk.kty, + n: publicKeyJwk.n, + }; + const publicJwkString = getSortedObjectString(pubKeyThumprintObj); + const publicJwkHash = await this.hashString(publicJwkString); + // Generate Thumbprint for Private Key + const privateKeyJwk = await exportJwk(keyPair.privateKey); + // Re-import private key to make it unextractable + const unextractablePrivateKey = await importJwk(privateKeyJwk, false, ["sign"]); + // Store Keypair data in keystore + await this.cache.setItem(publicJwkHash, { + privateKey: unextractablePrivateKey, + publicKey: keyPair.publicKey, + requestMethod: request.resourceRequestMethod, + requestUri: request.resourceRequestUri, + }); + if (publicKeyThumbMeasurement) { + publicKeyThumbMeasurement.end({ + success: true, + }); + } + return publicJwkHash; + } + /** + * Removes cryptographic keypair from key store matching the keyId passed in + * @param kid + */ + async removeTokenBindingKey(kid) { + await this.cache.removeItem(kid); + const keyFound = await this.cache.containsKey(kid); + return !keyFound; + } + /** + * Removes all cryptographic keys from IndexedDB storage + */ + async clearKeystore() { + // Delete in-memory keystores + this.cache.clearInMemory(); + /** + * There is only one database, so calling clearPersistent on asymmetric keystore takes care of + * every persistent keystore + */ + try { + await this.cache.clearPersistent(); + return true; + } + catch (e) { + if (e instanceof Error) { + this.logger.error(`Clearing keystore failed with error: ${e.message}`); + } + else { + this.logger.error("Clearing keystore failed with unknown error"); + } + return false; + } + } + /** + * Signs the given object as a jwt payload with private key retrieved by given kid. + * @param payload + * @param kid + */ + async signJwt(payload, kid, shrOptions, correlationId) { + const signJwtMeasurement = this.performanceClient?.startMeasurement(PerformanceEvents.CryptoOptsSignJwt, correlationId); + const cachedKeyPair = await this.cache.getItem(kid); + if (!cachedKeyPair) { + throw createBrowserAuthError(cryptoKeyNotFound); + } + // Get public key as JWK + const publicKeyJwk = await exportJwk(cachedKeyPair.publicKey); + const publicKeyJwkString = getSortedObjectString(publicKeyJwk); + // Base64URL encode public key thumbprint with keyId only: BASE64URL({ kid: "FULL_PUBLIC_KEY_HASH" }) + const encodedKeyIdThumbprint = urlEncode(JSON.stringify({ kid: kid })); + // Generate header + const shrHeader = JoseHeader.getShrHeaderString({ + ...shrOptions?.header, + alg: publicKeyJwk.alg, + kid: encodedKeyIdThumbprint, + }); + const encodedShrHeader = urlEncode(shrHeader); + // Generate payload + payload.cnf = { + jwk: JSON.parse(publicKeyJwkString), + }; + const encodedPayload = urlEncode(JSON.stringify(payload)); + // Form token string + const tokenString = `${encodedShrHeader}.${encodedPayload}`; + // Sign token + const encoder = new TextEncoder(); + const tokenBuffer = encoder.encode(tokenString); + const signatureBuffer = await sign(cachedKeyPair.privateKey, tokenBuffer); + const encodedSignature = urlEncodeArr(new Uint8Array(signatureBuffer)); + const signedJwt = `${tokenString}.${encodedSignature}`; + if (signJwtMeasurement) { + signJwtMeasurement.end({ + success: true, + }); + } + return signedJwt; + } + /** + * Returns the SHA-256 hash of an input string + * @param plainText + */ + async hashString(plainText) { + return hashString(plainText); + } +} +CryptoOps.POP_KEY_USAGES = ["sign", "verify"]; +CryptoOps.EXTRACTABLE = true; +function getSortedObjectString(obj) { + return JSON.stringify(obj, Object.keys(obj).sort()); +} -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Parses hash string from given string. Returns empty string if no hash symbol is found. - * @param hashString - */ -function stripLeadingHashOrQuery(responseString) { - if (responseString.startsWith("#/")) { - return responseString.substring(2); - } - else if (responseString.startsWith("#") || - responseString.startsWith("?")) { - return responseString.substring(1); - } - return responseString; + +//# sourceMappingURL=CryptoOps.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/authority/OpenIdConfigResponse.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +function isOpenIdConfigResponse(response) { + return (response.hasOwnProperty("authorization_endpoint") && + response.hasOwnProperty("token_endpoint") && + response.hasOwnProperty("issuer") && + response.hasOwnProperty("jwks_uri")); } -/** - * Returns URL hash as server auth code response object. - */ -function getDeserializedResponse(responseString) { - // Check if given hash is empty - if (!responseString || responseString.indexOf("=") < 0) { - return null; - } - try { - // Strip the # or ? symbol if present - const normalizedResponse = stripLeadingHashOrQuery(responseString); - // If # symbol was not present, above will return empty string, so give original hash value - const deserializedHash = Object.fromEntries(new URLSearchParams(normalizedResponse)); - // Check for known response properties - if (deserializedHash.code || - deserializedHash.error || - deserializedHash.error_description || - deserializedHash.state) { - return deserializedHash; - } - } - catch (e) { - throw createClientAuthError(hashNotDeserialized); - } - return null; + + +//# sourceMappingURL=OpenIdConfigResponse.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/authority/CloudInstanceDiscoveryResponse.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +function isCloudInstanceDiscoveryResponse(response) { + return (response.hasOwnProperty("tenant_discovery_endpoint") && + response.hasOwnProperty("metadata")); } -//# sourceMappingURL=UrlUtils.mjs.map +//# sourceMappingURL=CloudInstanceDiscoveryResponse.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/url/UrlString.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +function isCloudInstanceDiscoveryErrorResponse(response) { + return (response.hasOwnProperty("error") && + response.hasOwnProperty("error_description")); +} +//# sourceMappingURL=CloudInstanceDiscoveryErrorResponse.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/utils/FunctionWrappers.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Wraps a function with a performance measurement. + * Usage: invoke(functionToCall, performanceClient, "EventName", "correlationId")(...argsToPassToFunction) + * @param callback + * @param eventName + * @param logger + * @param telemetryClient + * @param correlationId + * @returns + * @internal + */ +// eslint-disable-next-line @typescript-eslint/no-explicit-any +const invoke = (callback, eventName, logger, telemetryClient, correlationId) => { + return (...args) => { + logger.trace(`Executing function ${eventName}`); + const inProgressEvent = telemetryClient?.startMeasurement(eventName, correlationId); + if (correlationId) { + // Track number of times this API is called in a single request + const eventCount = eventName + "CallCount"; + telemetryClient?.incrementFields({ [eventCount]: 1 }, correlationId); + } + try { + const result = callback(...args); + inProgressEvent?.end({ + success: true, + }); + logger.trace(`Returning result from ${eventName}`); + return result; + } + catch (e) { + logger.trace(`Error occurred in ${eventName}`); + try { + logger.trace(JSON.stringify(e)); + } + catch (e) { + logger.trace("Unable to print error message."); + } + inProgressEvent?.end({ + success: false, + }, e); + throw e; + } + }; +}; +/** + * Wraps an async function with a performance measurement. + * Usage: invokeAsync(functionToCall, performanceClient, "EventName", "correlationId")(...argsToPassToFunction) + * @param callback + * @param eventName + * @param logger + * @param telemetryClient + * @param correlationId + * @returns + * @internal + * + */ +// eslint-disable-next-line @typescript-eslint/no-explicit-any +const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId) => { + return (...args) => { + logger.trace(`Executing function ${eventName}`); + const inProgressEvent = telemetryClient?.startMeasurement(eventName, correlationId); + if (correlationId) { + // Track number of times this API is called in a single request + const eventCount = eventName + "CallCount"; + telemetryClient?.incrementFields({ [eventCount]: 1 }, correlationId); + } + telemetryClient?.setPreQueueTime(eventName, correlationId); + return callback(...args) + .then((response) => { + logger.trace(`Returning result from ${eventName}`); + inProgressEvent?.end({ + success: true, + }); + return response; + }) + .catch((e) => { + logger.trace(`Error occurred in ${eventName}`); + try { + logger.trace(JSON.stringify(e)); + } + catch (e) { + logger.trace("Unable to print error message."); + } + inProgressEvent?.end({ + success: false, + }, e); + throw e; + }); + }; +}; +//# sourceMappingURL=FunctionWrappers.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Url object class which can perform various transformations on url strings. - */ -class UrlString { - get urlString() { - return this._urlString; - } - constructor(url) { - this._urlString = url; - if (!this._urlString) { - // Throws error if url is empty - throw createClientConfigurationError(urlEmptyError); - } - if (!url.includes("#")) { - this._urlString = UrlString.canonicalizeUri(url); - } - } - /** - * Ensure urls are lower case and end with a / character. - * @param url - */ - static canonicalizeUri(url) { - if (url) { - let lowerCaseUrl = url.toLowerCase(); - if (StringUtils.endsWith(lowerCaseUrl, "?")) { - lowerCaseUrl = lowerCaseUrl.slice(0, -1); - } - else if (StringUtils.endsWith(lowerCaseUrl, "?/")) { - lowerCaseUrl = lowerCaseUrl.slice(0, -2); - } - if (!StringUtils.endsWith(lowerCaseUrl, "/")) { - lowerCaseUrl += "/"; - } - return lowerCaseUrl; - } - return url; - } - /** - * Throws if urlString passed is not a valid authority URI string. - */ - validateAsUri() { - // Attempts to parse url for uri components - let components; - try { - components = this.getUrlComponents(); - } - catch (e) { - throw createClientConfigurationError(urlParseError); - } - // Throw error if URI or path segments are not parseable. - if (!components.HostNameAndPort || !components.PathSegments) { - throw createClientConfigurationError(urlParseError); - } - // Throw error if uri is insecure. - if (!components.Protocol || - components.Protocol.toLowerCase() !== "https:") { - throw createClientConfigurationError(authorityUriInsecure); - } - } - /** - * Given a url and a query string return the url with provided query string appended - * @param url - * @param queryString - */ - static appendQueryString(url, queryString) { - if (!queryString) { - return url; - } - return url.indexOf("?") < 0 - ? `${url}?${queryString}` - : `${url}&${queryString}`; - } - /** - * Returns a url with the hash removed - * @param url - */ - static removeHashFromUrl(url) { - return UrlString.canonicalizeUri(url.split("#")[0]); - } - /** - * Given a url like https://a:b/common/d?e=f#g, and a tenantId, returns https://a:b/tenantId/d - * @param href The url - * @param tenantId The tenant id to replace - */ - replaceTenantPath(tenantId) { - const urlObject = this.getUrlComponents(); - const pathArray = urlObject.PathSegments; - if (tenantId && - pathArray.length !== 0 && - (pathArray[0] === AADAuthorityConstants.COMMON || - pathArray[0] === AADAuthorityConstants.ORGANIZATIONS)) { - pathArray[0] = tenantId; - } - return UrlString.constructAuthorityUriFromObject(urlObject); - } - /** - * Parses out the components from a url string. - * @returns An object with the various components. Please cache this value insted of calling this multiple times on the same url. - */ - getUrlComponents() { - // https://gist.github.com/curtisz/11139b2cfcaef4a261e0 - const regEx = RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"); - // If url string does not match regEx, we throw an error - const match = this.urlString.match(regEx); - if (!match) { - throw createClientConfigurationError(urlParseError); - } - // Url component object - const urlComponents = { - Protocol: match[1], - HostNameAndPort: match[4], - AbsolutePath: match[5], - QueryString: match[7], - }; - let pathSegments = urlComponents.AbsolutePath.split("/"); - pathSegments = pathSegments.filter((val) => val && val.length > 0); // remove empty elements - urlComponents.PathSegments = pathSegments; - if (urlComponents.QueryString && - urlComponents.QueryString.endsWith("/")) { - urlComponents.QueryString = urlComponents.QueryString.substring(0, urlComponents.QueryString.length - 1); - } - return urlComponents; - } - static getDomainFromUrl(url) { - const regEx = RegExp("^([^:/?#]+://)?([^/?#]*)"); - const match = url.match(regEx); - if (!match) { - throw createClientConfigurationError(urlParseError); - } - return match[2]; - } - static getAbsoluteUrl(relativeUrl, baseUrl) { - if (relativeUrl[0] === Constants.FORWARD_SLASH) { - const url = new UrlString(baseUrl); - const baseComponents = url.getUrlComponents(); - return (baseComponents.Protocol + - "//" + - baseComponents.HostNameAndPort + - relativeUrl); - } - return relativeUrl; - } - static constructAuthorityUriFromObject(urlObject) { - return new UrlString(urlObject.Protocol + - "//" + - urlObject.HostNameAndPort + - "/" + - urlObject.PathSegments.join("/")); - } - /** - * Check if the hash of the URL string contains known properties - * @deprecated This API will be removed in a future version - */ - static hashContainsKnownProperties(response) { - return !!getDeserializedResponse(response); - } -} +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/authority/RegionDiscovery.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class RegionDiscovery { + constructor(networkInterface, logger, performanceClient, correlationId) { + this.networkInterface = networkInterface; + this.logger = logger; + this.performanceClient = performanceClient; + this.correlationId = correlationId; + } + /** + * Detect the region from the application's environment. + * + * @returns Promise + */ + async detectRegion(environmentRegion, regionDiscoveryMetadata) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryDetectRegion, this.correlationId); + // Initialize auto detected region with the region from the envrionment + let autodetectedRegionName = environmentRegion; + // Check if a region was detected from the environment, if not, attempt to get the region from IMDS + if (!autodetectedRegionName) { + const options = RegionDiscovery.IMDS_OPTIONS; + try { + const localIMDSVersionResponse = await invokeAsync(this.getRegionFromIMDS.bind(this), PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.logger, this.performanceClient, this.correlationId)(Constants.IMDS_VERSION, options); + if (localIMDSVersionResponse.status === + ResponseCodes.httpSuccess) { + autodetectedRegionName = localIMDSVersionResponse.body; + regionDiscoveryMetadata.region_source = + RegionDiscoverySources.IMDS; + } + // If the response using the local IMDS version failed, try to fetch the current version of IMDS and retry. + if (localIMDSVersionResponse.status === + ResponseCodes.httpBadRequest) { + const currentIMDSVersion = await invokeAsync(this.getCurrentVersion.bind(this), PerformanceEvents.RegionDiscoveryGetCurrentVersion, this.logger, this.performanceClient, this.correlationId)(options); + if (!currentIMDSVersion) { + regionDiscoveryMetadata.region_source = + RegionDiscoverySources.FAILED_AUTO_DETECTION; + return null; + } + const currentIMDSVersionResponse = await invokeAsync(this.getRegionFromIMDS.bind(this), PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.logger, this.performanceClient, this.correlationId)(currentIMDSVersion, options); + if (currentIMDSVersionResponse.status === + ResponseCodes.httpSuccess) { + autodetectedRegionName = + currentIMDSVersionResponse.body; + regionDiscoveryMetadata.region_source = + RegionDiscoverySources.IMDS; + } + } + } + catch (e) { + regionDiscoveryMetadata.region_source = + RegionDiscoverySources.FAILED_AUTO_DETECTION; + return null; + } + } + else { + regionDiscoveryMetadata.region_source = + RegionDiscoverySources.ENVIRONMENT_VARIABLE; + } + // If no region was auto detected from the environment or from the IMDS endpoint, mark the attempt as a FAILED_AUTO_DETECTION + if (!autodetectedRegionName) { + regionDiscoveryMetadata.region_source = + RegionDiscoverySources.FAILED_AUTO_DETECTION; + } + return autodetectedRegionName || null; + } + /** + * Make the call to the IMDS endpoint + * + * @param imdsEndpointUrl + * @returns Promise> + */ + async getRegionFromIMDS(version, options) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.correlationId); + return this.networkInterface.sendGetRequestAsync(`${Constants.IMDS_ENDPOINT}?api-version=${version}&format=text`, options, Constants.IMDS_TIMEOUT); + } + /** + * Get the most recent version of the IMDS endpoint available + * + * @returns Promise + */ + async getCurrentVersion(options) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryGetCurrentVersion, this.correlationId); + try { + const response = await this.networkInterface.sendGetRequestAsync(`${Constants.IMDS_ENDPOINT}?format=json`, options); + // When IMDS endpoint is called without the api version query param, bad request response comes back with latest version. + if (response.status === ResponseCodes.httpBadRequest && + response.body && + response.body["newest-versions"] && + response.body["newest-versions"].length > 0) { + return response.body["newest-versions"][0]; + } + return null; + } + catch (e) { + return null; + } + } +} +// Options for the IMDS endpoint request +RegionDiscovery.IMDS_OPTIONS = { + headers: { + Metadata: "true", + }, +}; -//# sourceMappingURL=UrlString.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/authority/AuthorityMetadata.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const rawMetdataJSON = { - endpointMetadata: { - "login.microsoftonline.com": { - token_endpoint: "https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token", - jwks_uri: "https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys", - issuer: "https://login.microsoftonline.com/{tenantid}/v2.0", - authorization_endpoint: "https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize", - end_session_endpoint: "https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout", - }, - "login.chinacloudapi.cn": { - token_endpoint: "https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token", - jwks_uri: "https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys", - issuer: "https://login.partner.microsoftonline.cn/{tenantid}/v2.0", - authorization_endpoint: "https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize", - end_session_endpoint: "https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout", - }, - "login.microsoftonline.us": { - token_endpoint: "https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token", - jwks_uri: "https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys", - issuer: "https://login.microsoftonline.us/{tenantid}/v2.0", - authorization_endpoint: "https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize", - end_session_endpoint: "https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout", - }, - }, - instanceDiscoveryMetadata: { - tenant_discovery_endpoint: "https://{canonicalAuthority}/v2.0/.well-known/openid-configuration", - metadata: [ - { - preferred_network: "login.microsoftonline.com", - preferred_cache: "login.windows.net", - aliases: [ - "login.microsoftonline.com", - "login.windows.net", - "login.microsoft.com", - "sts.windows.net", - ], - }, - { - preferred_network: "login.partner.microsoftonline.cn", - preferred_cache: "login.partner.microsoftonline.cn", - aliases: [ - "login.partner.microsoftonline.cn", - "login.chinacloudapi.cn", - ], - }, - { - preferred_network: "login.microsoftonline.de", - preferred_cache: "login.microsoftonline.de", - aliases: ["login.microsoftonline.de"], - }, - { - preferred_network: "login.microsoftonline.us", - preferred_cache: "login.microsoftonline.us", - aliases: [ - "login.microsoftonline.us", - "login.usgovcloudapi.net", - ], - }, - { - preferred_network: "login-us.microsoftonline.com", - preferred_cache: "login-us.microsoftonline.com", - aliases: ["login-us.microsoftonline.com"], - }, - ], - }, -}; -const EndpointMetadata = rawMetdataJSON.endpointMetadata; -const InstanceDiscoveryMetadata = rawMetdataJSON.instanceDiscoveryMetadata; -const InstanceDiscoveryMetadataAliases = new Set(); -InstanceDiscoveryMetadata.metadata.forEach((metadataEntry) => { - metadataEntry.aliases.forEach((alias) => { - InstanceDiscoveryMetadataAliases.add(alias); - }); -}); -/** - * Attempts to get an aliases array from the static authority metadata sources based on the canonical authority host - * @param staticAuthorityOptions - * @param logger - * @returns - */ -function getAliasesFromStaticSources(staticAuthorityOptions, logger) { - let staticAliases; - const canonicalAuthority = staticAuthorityOptions.canonicalAuthority; - if (canonicalAuthority) { - const authorityHost = new UrlString(canonicalAuthority).getUrlComponents().HostNameAndPort; - staticAliases = - getAliasesFromMetadata(authorityHost, staticAuthorityOptions.cloudDiscoveryMetadata?.metadata, AuthorityMetadataSource.CONFIG, logger) || - getAliasesFromMetadata(authorityHost, InstanceDiscoveryMetadata.metadata, AuthorityMetadataSource.HARDCODED_VALUES, logger) || - staticAuthorityOptions.knownAuthorities; - } - return staticAliases || []; -} -/** - * Returns aliases for from the raw cloud discovery metadata passed in - * @param authorityHost - * @param rawCloudDiscoveryMetadata - * @returns - */ -function getAliasesFromMetadata(authorityHost, cloudDiscoveryMetadata, source, logger) { - logger?.trace(`getAliasesFromMetadata called with source: ${source}`); - if (authorityHost && cloudDiscoveryMetadata) { - const metadata = getCloudDiscoveryMetadataFromNetworkResponse(cloudDiscoveryMetadata, authorityHost); - if (metadata) { - logger?.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${source}, returning aliases`); - return metadata.aliases; - } - else { - logger?.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${source}`); - } - } - return null; -} -/** - * Get cloud discovery metadata for common authorities - */ -function getCloudDiscoveryMetadataFromHardcodedValues(authorityHost) { - const metadata = getCloudDiscoveryMetadataFromNetworkResponse(InstanceDiscoveryMetadata.metadata, authorityHost); - return metadata; -} -/** - * Searches instance discovery network response for the entry that contains the host in the aliases list - * @param response - * @param authority - */ -function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) { - for (let i = 0; i < response.length; i++) { - const metadata = response[i]; - if (metadata.aliases.includes(authorityHost)) { - return metadata; - } - } - return null; -} - - -//# sourceMappingURL=AuthorityMetadata.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/CacheErrorCodes.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const cacheQuotaExceededErrorCode = "cache_quota_exceeded"; -const cacheUnknownErrorCode = "cache_error_unknown"; - - -//# sourceMappingURL=CacheErrorCodes.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/CacheError.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const CacheErrorMessages = { - [cacheQuotaExceededErrorCode]: "Exceeded cache storage capacity.", - [cacheUnknownErrorCode]: "Unexpected error occurred when using cache storage.", -}; -/** - * Error thrown when there is an error with the cache - */ -class CacheError extends Error { - constructor(errorCode, errorMessage) { - const message = errorMessage || - (CacheErrorMessages[errorCode] - ? CacheErrorMessages[errorCode] - : CacheErrorMessages[cacheUnknownErrorCode]); - super(`${errorCode}: ${message}`); - Object.setPrototypeOf(this, CacheError.prototype); - this.name = "CacheError"; - this.errorCode = errorCode; - this.errorMessage = message; - } -} - - -//# sourceMappingURL=CacheError.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/cache/CacheManager.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens. - * @internal - */ -class CacheManager { - constructor(clientId, cryptoImpl, logger, staticAuthorityOptions) { - this.clientId = clientId; - this.cryptoImpl = cryptoImpl; - this.commonLogger = logger.clone(packageMetadata_name, version); - this.staticAuthorityOptions = staticAuthorityOptions; - } - /** - * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned. - * @param accountFilter - (Optional) filter to narrow down the accounts returned - * @returns Array of AccountInfo objects in cache - */ - getAllAccounts(accountFilter) { - return this.buildTenantProfiles(this.getAccountsFilteredBy(accountFilter || {}), accountFilter); - } - /** - * Gets first tenanted AccountInfo object found based on provided filters - */ - getAccountInfoFilteredBy(accountFilter) { - const allAccounts = this.getAllAccounts(accountFilter); - if (allAccounts.length > 1) { - // If one or more accounts are found, prioritize accounts that have an ID token - const sortedAccounts = allAccounts.sort((account) => { - return account.idTokenClaims ? -1 : 1; - }); - return sortedAccounts[0]; - } - else if (allAccounts.length === 1) { - // If only one account is found, return it regardless of whether a matching ID token was found - return allAccounts[0]; - } - else { - return null; - } - } - /** - * Returns a single matching - * @param accountFilter - * @returns - */ - getBaseAccountInfo(accountFilter) { - const accountEntities = this.getAccountsFilteredBy(accountFilter); - if (accountEntities.length > 0) { - return accountEntities[0].getAccountInfo(); - } - else { - return null; - } - } - /** - * Matches filtered account entities with cached ID tokens that match the tenant profile-specific account filters - * and builds the account info objects from the matching ID token's claims - * @param cachedAccounts - * @param accountFilter - * @returns Array of AccountInfo objects that match account and tenant profile filters - */ - buildTenantProfiles(cachedAccounts, accountFilter) { - return cachedAccounts.flatMap((accountEntity) => { - return this.getTenantProfilesFromAccountEntity(accountEntity, accountFilter?.tenantId, accountFilter); - }); - } - getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter) { - let tenantedAccountInfo = null; - let idTokenClaims; - if (tenantProfileFilter) { - if (!this.tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter)) { - return null; - } - } - const idToken = this.getIdToken(accountInfo, tokenKeys, tenantProfile.tenantId); - if (idToken) { - idTokenClaims = extractTokenClaims(idToken.secret, this.cryptoImpl.base64Decode); - if (!this.idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter)) { - // ID token sourced claims don't match so this tenant profile is not a match - return null; - } - } - // Expand tenant profile into account info based on matching tenant profile and if available matching ID token claims - tenantedAccountInfo = updateAccountTenantProfileData(accountInfo, tenantProfile, idTokenClaims, idToken?.secret); - return tenantedAccountInfo; - } - getTenantProfilesFromAccountEntity(accountEntity, targetTenantId, tenantProfileFilter) { - const accountInfo = accountEntity.getAccountInfo(); - let searchTenantProfiles = accountInfo.tenantProfiles || new Map(); - const tokenKeys = this.getTokenKeys(); - // If a tenant ID was provided, only return the tenant profile for that tenant ID if it exists - if (targetTenantId) { - const tenantProfile = searchTenantProfiles.get(targetTenantId); - if (tenantProfile) { - // Reduce search field to just this tenant profile - searchTenantProfiles = new Map([ - [targetTenantId, tenantProfile], - ]); - } - else { - // No tenant profile for search tenant ID, return empty array - return []; - } - } - const matchingTenantProfiles = []; - searchTenantProfiles.forEach((tenantProfile) => { - const tenantedAccountInfo = this.getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter); - if (tenantedAccountInfo) { - matchingTenantProfiles.push(tenantedAccountInfo); - } - }); - return matchingTenantProfiles; - } - tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter) { - if (!!tenantProfileFilter.localAccountId && - !this.matchLocalAccountIdFromTenantProfile(tenantProfile, tenantProfileFilter.localAccountId)) { - return false; - } - if (!!tenantProfileFilter.name && - !(tenantProfile.name === tenantProfileFilter.name)) { - return false; - } - if (tenantProfileFilter.isHomeTenant !== undefined && - !(tenantProfile.isHomeTenant === tenantProfileFilter.isHomeTenant)) { - return false; - } - return true; - } - idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter) { - // Tenant Profile filtering - if (tenantProfileFilter) { - if (!!tenantProfileFilter.localAccountId && - !this.matchLocalAccountIdFromTokenClaims(idTokenClaims, tenantProfileFilter.localAccountId)) { - return false; - } - if (!!tenantProfileFilter.loginHint && - !this.matchLoginHintFromTokenClaims(idTokenClaims, tenantProfileFilter.loginHint)) { - return false; - } - if (!!tenantProfileFilter.username && - !this.matchUsername(idTokenClaims.preferred_username, tenantProfileFilter.username)) { - return false; - } - if (!!tenantProfileFilter.name && - !this.matchName(idTokenClaims, tenantProfileFilter.name)) { - return false; - } - if (!!tenantProfileFilter.sid && - !this.matchSid(idTokenClaims, tenantProfileFilter.sid)) { - return false; - } - } - return true; - } - /** - * saves a cache record - * @param cacheRecord {CacheRecord} - * @param storeInCache {?StoreInCache} - * @param correlationId {?string} correlation id - */ - async saveCacheRecord(cacheRecord, storeInCache, correlationId) { - if (!cacheRecord) { - throw createClientAuthError(invalidCacheRecord); - } - try { - if (!!cacheRecord.account) { - this.setAccount(cacheRecord.account); - } - if (!!cacheRecord.idToken && storeInCache?.idToken !== false) { - this.setIdTokenCredential(cacheRecord.idToken); - } - if (!!cacheRecord.accessToken && - storeInCache?.accessToken !== false) { - await this.saveAccessToken(cacheRecord.accessToken); - } - if (!!cacheRecord.refreshToken && - storeInCache?.refreshToken !== false) { - this.setRefreshTokenCredential(cacheRecord.refreshToken); - } - if (!!cacheRecord.appMetadata) { - this.setAppMetadata(cacheRecord.appMetadata); - } - } - catch (e) { - this.commonLogger?.error(`CacheManager.saveCacheRecord: failed`); - if (e instanceof Error) { - this.commonLogger?.errorPii(`CacheManager.saveCacheRecord: ${e.message}`, correlationId); - if (e.name === "QuotaExceededError" || - e.name === "NS_ERROR_DOM_QUOTA_REACHED" || - e.message.includes("exceeded the quota")) { - this.commonLogger?.error(`CacheManager.saveCacheRecord: exceeded storage quota`, correlationId); - throw new CacheError(cacheQuotaExceededErrorCode); - } - else { - throw new CacheError(e.name, e.message); - } - } - else { - this.commonLogger?.errorPii(`CacheManager.saveCacheRecord: ${e}`, correlationId); - throw new CacheError(cacheUnknownErrorCode); - } - } - } - /** - * saves access token credential - * @param credential - */ - async saveAccessToken(credential) { - const accessTokenFilter = { - clientId: credential.clientId, - credentialType: credential.credentialType, - environment: credential.environment, - homeAccountId: credential.homeAccountId, - realm: credential.realm, - tokenType: credential.tokenType, - requestedClaimsHash: credential.requestedClaimsHash, - }; - const tokenKeys = this.getTokenKeys(); - const currentScopes = ScopeSet.fromString(credential.target); - const removedAccessTokens = []; - tokenKeys.accessToken.forEach((key) => { - if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) { - return; - } - const tokenEntity = this.getAccessTokenCredential(key); - if (tokenEntity && - this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) { - const tokenScopeSet = ScopeSet.fromString(tokenEntity.target); - if (tokenScopeSet.intersectingScopeSets(currentScopes)) { - removedAccessTokens.push(this.removeAccessToken(key)); - } - } - }); - await Promise.all(removedAccessTokens); - this.setAccessTokenCredential(credential); - } - /** - * Retrieve account entities matching all provided tenant-agnostic filters; if no filter is set, get all account entities in the cache - * Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared - * @param accountFilter - An object containing Account properties to filter by - */ - getAccountsFilteredBy(accountFilter) { - const allAccountKeys = this.getAccountKeys(); - const matchingAccounts = []; - allAccountKeys.forEach((cacheKey) => { - if (!this.isAccountKey(cacheKey, accountFilter.homeAccountId)) { - // Don't parse value if the key doesn't match the account filters - return; - } - const entity = this.getAccount(cacheKey, this.commonLogger); - // Match base account fields - if (!entity) { - return; - } - if (!!accountFilter.homeAccountId && - !this.matchHomeAccountId(entity, accountFilter.homeAccountId)) { - return; - } - if (!!accountFilter.username && - !this.matchUsername(entity.username, accountFilter.username)) { - return; - } - if (!!accountFilter.environment && - !this.matchEnvironment(entity, accountFilter.environment)) { - return; - } - if (!!accountFilter.realm && - !this.matchRealm(entity, accountFilter.realm)) { - return; - } - if (!!accountFilter.nativeAccountId && - !this.matchNativeAccountId(entity, accountFilter.nativeAccountId)) { - return; - } - if (!!accountFilter.authorityType && - !this.matchAuthorityType(entity, accountFilter.authorityType)) { - return; - } - // If at least one tenant profile matches the tenant profile filter, add the account to the list of matching accounts - const tenantProfileFilter = { - localAccountId: accountFilter?.localAccountId, - name: accountFilter?.name, - }; - const matchingTenantProfiles = entity.tenantProfiles?.filter((tenantProfile) => { - return this.tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter); - }); - if (matchingTenantProfiles && matchingTenantProfiles.length === 0) { - // No tenant profile for this account matches filter, don't add to list of matching accounts - return; - } - matchingAccounts.push(entity); - }); - return matchingAccounts; - } - /** - * Returns true if the given key matches our account key schema. Also matches homeAccountId and/or tenantId if provided - * @param key - * @param homeAccountId - * @param tenantId - * @returns - */ - isAccountKey(key, homeAccountId, tenantId) { - if (key.split(Separators.CACHE_KEY_SEPARATOR).length < 3) { - // Account cache keys contain 3 items separated by '-' (each item may also contain '-') - return false; - } - if (homeAccountId && - !key.toLowerCase().includes(homeAccountId.toLowerCase())) { - return false; - } - if (tenantId && !key.toLowerCase().includes(tenantId.toLowerCase())) { - return false; - } - // Do not check environment as aliasing can cause false negatives - return true; - } - /** - * Returns true if the given key matches our credential key schema. - * @param key - */ - isCredentialKey(key) { - if (key.split(Separators.CACHE_KEY_SEPARATOR).length < 6) { - // Credential cache keys contain 6 items separated by '-' (each item may also contain '-') - return false; - } - const lowerCaseKey = key.toLowerCase(); - // Credential keys must indicate what credential type they represent - if (lowerCaseKey.indexOf(CredentialType.ID_TOKEN.toLowerCase()) === - -1 && - lowerCaseKey.indexOf(CredentialType.ACCESS_TOKEN.toLowerCase()) === - -1 && - lowerCaseKey.indexOf(CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) === -1 && - lowerCaseKey.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) === - -1) { - return false; - } - if (lowerCaseKey.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) > - -1) { - // Refresh tokens must contain the client id or family id - const clientIdValidation = `${CredentialType.REFRESH_TOKEN}${Separators.CACHE_KEY_SEPARATOR}${this.clientId}${Separators.CACHE_KEY_SEPARATOR}`; - const familyIdValidation = `${CredentialType.REFRESH_TOKEN}${Separators.CACHE_KEY_SEPARATOR}${THE_FAMILY_ID}${Separators.CACHE_KEY_SEPARATOR}`; - if (lowerCaseKey.indexOf(clientIdValidation.toLowerCase()) === -1 && - lowerCaseKey.indexOf(familyIdValidation.toLowerCase()) === -1) { - return false; - } - } - else if (lowerCaseKey.indexOf(this.clientId.toLowerCase()) === -1) { - // Tokens must contain the clientId - return false; - } - return true; - } - /** - * Returns whether or not the given credential entity matches the filter - * @param entity - * @param filter - * @returns - */ - credentialMatchesFilter(entity, filter) { - if (!!filter.clientId && !this.matchClientId(entity, filter.clientId)) { - return false; - } - if (!!filter.userAssertionHash && - !this.matchUserAssertionHash(entity, filter.userAssertionHash)) { - return false; - } - /* - * homeAccountId can be undefined, and we want to filter out cached items that have a homeAccountId of "" - * because we don't want a client_credential request to return a cached token that has a homeAccountId - */ - if (typeof filter.homeAccountId === "string" && - !this.matchHomeAccountId(entity, filter.homeAccountId)) { - return false; - } - if (!!filter.environment && - !this.matchEnvironment(entity, filter.environment)) { - return false; - } - if (!!filter.realm && !this.matchRealm(entity, filter.realm)) { - return false; - } - if (!!filter.credentialType && - !this.matchCredentialType(entity, filter.credentialType)) { - return false; - } - if (!!filter.familyId && !this.matchFamilyId(entity, filter.familyId)) { - return false; - } - /* - * idTokens do not have "target", target specific refreshTokens do exist for some types of authentication - * Resource specific refresh tokens case will be added when the support is deemed necessary - */ - if (!!filter.target && !this.matchTarget(entity, filter.target)) { - return false; - } - // If request OR cached entity has requested Claims Hash, check if they match - if (filter.requestedClaimsHash || entity.requestedClaimsHash) { - // Don't match if either is undefined or they are different - if (entity.requestedClaimsHash !== filter.requestedClaimsHash) { - return false; - } - } - // Access Token with Auth Scheme specific matching - if (entity.credentialType === - CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME) { - if (!!filter.tokenType && - !this.matchTokenType(entity, filter.tokenType)) { - return false; - } - // KeyId (sshKid) in request must match cached SSH certificate keyId because SSH cert is bound to a specific key - if (filter.tokenType === AuthenticationScheme.SSH) { - if (filter.keyId && !this.matchKeyId(entity, filter.keyId)) { - return false; - } - } - } - return true; - } - /** - * retrieve appMetadata matching all provided filters; if no filter is set, get all appMetadata - * @param filter - */ - getAppMetadataFilteredBy(filter) { - const allCacheKeys = this.getKeys(); - const matchingAppMetadata = {}; - allCacheKeys.forEach((cacheKey) => { - // don't parse any non-appMetadata type cache entities - if (!this.isAppMetadata(cacheKey)) { - return; - } - // Attempt retrieval - const entity = this.getAppMetadata(cacheKey); - if (!entity) { - return; - } - if (!!filter.environment && - !this.matchEnvironment(entity, filter.environment)) { - return; - } - if (!!filter.clientId && - !this.matchClientId(entity, filter.clientId)) { - return; - } - matchingAppMetadata[cacheKey] = entity; - }); - return matchingAppMetadata; - } - /** - * retrieve authorityMetadata that contains a matching alias - * @param filter - */ - getAuthorityMetadataByAlias(host) { - const allCacheKeys = this.getAuthorityMetadataKeys(); - let matchedEntity = null; - allCacheKeys.forEach((cacheKey) => { - // don't parse any non-authorityMetadata type cache entities - if (!this.isAuthorityMetadata(cacheKey) || - cacheKey.indexOf(this.clientId) === -1) { - return; - } - // Attempt retrieval - const entity = this.getAuthorityMetadata(cacheKey); - if (!entity) { - return; - } - if (entity.aliases.indexOf(host) === -1) { - return; - } - matchedEntity = entity; - }); - return matchedEntity; - } - /** - * Removes all accounts and related tokens from cache. - */ - async removeAllAccounts() { - const allAccountKeys = this.getAccountKeys(); - const removedAccounts = []; - allAccountKeys.forEach((cacheKey) => { - removedAccounts.push(this.removeAccount(cacheKey)); - }); - await Promise.all(removedAccounts); - } - /** - * Removes the account and related tokens for a given account key - * @param account - */ - async removeAccount(accountKey) { - const account = this.getAccount(accountKey, this.commonLogger); - if (!account) { - return; - } - await this.removeAccountContext(account); - this.removeItem(accountKey); - } - /** - * Removes credentials associated with the provided account - * @param account - */ - async removeAccountContext(account) { - const allTokenKeys = this.getTokenKeys(); - const accountId = account.generateAccountId(); - const removedCredentials = []; - allTokenKeys.idToken.forEach((key) => { - if (key.indexOf(accountId) === 0) { - this.removeIdToken(key); - } - }); - allTokenKeys.accessToken.forEach((key) => { - if (key.indexOf(accountId) === 0) { - removedCredentials.push(this.removeAccessToken(key)); - } - }); - allTokenKeys.refreshToken.forEach((key) => { - if (key.indexOf(accountId) === 0) { - this.removeRefreshToken(key); - } - }); - await Promise.all(removedCredentials); - } - /** - * Migrates a single-tenant account and all it's associated alternate cross-tenant account objects in the - * cache into a condensed multi-tenant account object with tenant profiles. - * @param accountKey - * @param accountEntity - * @param logger - * @returns - */ - updateOutdatedCachedAccount(accountKey, accountEntity, logger) { - // Only update if account entity is defined and has no tenantProfiles object (is outdated) - if (accountEntity && accountEntity.isSingleTenant()) { - this.commonLogger?.verbose("updateOutdatedCachedAccount: Found a single-tenant (outdated) account entity in the cache, migrating to multi-tenant account entity"); - // Get keys of all accounts belonging to user - const matchingAccountKeys = this.getAccountKeys().filter((key) => { - return key.startsWith(accountEntity.homeAccountId); - }); - // Get all account entities belonging to user - const accountsToMerge = []; - matchingAccountKeys.forEach((key) => { - const account = this.getCachedAccountEntity(key); - if (account) { - accountsToMerge.push(account); - } - }); - // Set base account to home account if available, any account if not - const baseAccount = accountsToMerge.find((account) => { - return tenantIdMatchesHomeTenant(account.realm, account.homeAccountId); - }) || accountsToMerge[0]; - // Populate tenant profiles built from each account entity belonging to the user - baseAccount.tenantProfiles = accountsToMerge.map((account) => { - return { - tenantId: account.realm, - localAccountId: account.localAccountId, - name: account.name, - isHomeTenant: tenantIdMatchesHomeTenant(account.realm, account.homeAccountId), - }; - }); - const updatedAccount = CacheManager.toObject(new AccountEntity(), { - ...baseAccount, - }); - const newAccountKey = updatedAccount.generateAccountKey(); - // Clear cache of legacy account objects that have been collpsed into tenant profiles - matchingAccountKeys.forEach((key) => { - if (key !== newAccountKey) { - this.removeOutdatedAccount(accountKey); - } - }); - // Cache updated account object - this.setAccount(updatedAccount); - logger?.verbose("Updated an outdated account entity in the cache"); - return updatedAccount; - } - // No update is necessary - return accountEntity; - } - /** - * returns a boolean if the given credential is removed - * @param credential - */ - async removeAccessToken(key) { - const credential = this.getAccessTokenCredential(key); - if (!credential) { - return; - } - // Remove Token Binding Key from key store for PoP Tokens Credentials - if (credential.credentialType.toLowerCase() === - CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) { - if (credential.tokenType === AuthenticationScheme.POP) { - const accessTokenWithAuthSchemeEntity = credential; - const kid = accessTokenWithAuthSchemeEntity.keyId; - if (kid) { - try { - await this.cryptoImpl.removeTokenBindingKey(kid); - } - catch (error) { - throw createClientAuthError(bindingKeyNotRemoved); - } - } - } - } - return this.removeItem(key); - } - /** - * Removes all app metadata objects from cache. - */ - removeAppMetadata() { - const allCacheKeys = this.getKeys(); - allCacheKeys.forEach((cacheKey) => { - if (this.isAppMetadata(cacheKey)) { - this.removeItem(cacheKey); - } - }); - return true; - } - /** - * Retrieve AccountEntity from cache - * @param account - */ - readAccountFromCache(account) { - const accountKey = AccountEntity.generateAccountCacheKey(account); - return this.getAccount(accountKey, this.commonLogger); - } - /** - * Retrieve IdTokenEntity from cache - * @param account {AccountInfo} - * @param tokenKeys {?TokenKeys} - * @param targetRealm {?string} - * @param performanceClient {?IPerformanceClient} - * @param correlationId {?string} - */ - getIdToken(account, tokenKeys, targetRealm, performanceClient, correlationId) { - this.commonLogger.trace("CacheManager - getIdToken called"); - const idTokenFilter = { - homeAccountId: account.homeAccountId, - environment: account.environment, - credentialType: CredentialType.ID_TOKEN, - clientId: this.clientId, - realm: targetRealm, - }; - const idTokenMap = this.getIdTokensByFilter(idTokenFilter, tokenKeys); - const numIdTokens = idTokenMap.size; - if (numIdTokens < 1) { - this.commonLogger.info("CacheManager:getIdToken - No token found"); - return null; - } - else if (numIdTokens > 1) { - let tokensToBeRemoved = idTokenMap; - // Multiple tenant profiles and no tenant specified, pick home account - if (!targetRealm) { - const homeIdTokenMap = new Map(); - idTokenMap.forEach((idToken, key) => { - if (idToken.realm === account.tenantId) { - homeIdTokenMap.set(key, idToken); - } - }); - const numHomeIdTokens = homeIdTokenMap.size; - if (numHomeIdTokens < 1) { - this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result"); - return idTokenMap.values().next().value; - } - else if (numHomeIdTokens === 1) { - this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile"); - return homeIdTokenMap.values().next().value; - } - else { - // Multiple ID tokens for home tenant profile, remove all and return null - tokensToBeRemoved = homeIdTokenMap; - } - } - // Multiple tokens for a single tenant profile, remove all and return null - this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"); - tokensToBeRemoved.forEach((idToken, key) => { - this.removeIdToken(key); - }); - if (performanceClient && correlationId) { - performanceClient.addFields({ multiMatchedID: idTokenMap.size }, correlationId); - } - return null; - } - this.commonLogger.info("CacheManager:getIdToken - Returning ID token"); - return idTokenMap.values().next().value; - } - /** - * Gets all idTokens matching the given filter - * @param filter - * @returns - */ - getIdTokensByFilter(filter, tokenKeys) { - const idTokenKeys = (tokenKeys && tokenKeys.idToken) || this.getTokenKeys().idToken; - const idTokens = new Map(); - idTokenKeys.forEach((key) => { - if (!this.idTokenKeyMatchesFilter(key, { - clientId: this.clientId, - ...filter, - })) { - return; - } - const idToken = this.getIdTokenCredential(key); - if (idToken && this.credentialMatchesFilter(idToken, filter)) { - idTokens.set(key, idToken); - } - }); - return idTokens; - } - /** - * Validate the cache key against filter before retrieving and parsing cache value - * @param key - * @param filter - * @returns - */ - idTokenKeyMatchesFilter(inputKey, filter) { - const key = inputKey.toLowerCase(); - if (filter.clientId && - key.indexOf(filter.clientId.toLowerCase()) === -1) { - return false; - } - if (filter.homeAccountId && - key.indexOf(filter.homeAccountId.toLowerCase()) === -1) { - return false; - } - return true; - } - /** - * Removes idToken from the cache - * @param key - */ - removeIdToken(key) { - this.removeItem(key); - } - /** - * Removes refresh token from the cache - * @param key - */ - removeRefreshToken(key) { - this.removeItem(key); - } - /** - * Retrieve AccessTokenEntity from cache - * @param account {AccountInfo} - * @param request {BaseAuthRequest} - * @param tokenKeys {?TokenKeys} - * @param performanceClient {?IPerformanceClient} - * @param correlationId {?string} - */ - getAccessToken(account, request, tokenKeys, targetRealm, performanceClient, correlationId) { - this.commonLogger.trace("CacheManager - getAccessToken called"); - const scopes = ScopeSet.createSearchScopes(request.scopes); - const authScheme = request.authenticationScheme || AuthenticationScheme.BEARER; - /* - * Distinguish between Bearer and PoP/SSH token cache types - * Cast to lowercase to handle "bearer" from ADFS - */ - const credentialType = authScheme && - authScheme.toLowerCase() !== - AuthenticationScheme.BEARER.toLowerCase() - ? CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME - : CredentialType.ACCESS_TOKEN; - const accessTokenFilter = { - homeAccountId: account.homeAccountId, - environment: account.environment, - credentialType: credentialType, - clientId: this.clientId, - realm: targetRealm || account.tenantId, - target: scopes, - tokenType: authScheme, - keyId: request.sshKid, - requestedClaimsHash: request.requestedClaimsHash, - }; - const accessTokenKeys = (tokenKeys && tokenKeys.accessToken) || - this.getTokenKeys().accessToken; - const accessTokens = []; - accessTokenKeys.forEach((key) => { - // Validate key - if (this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)) { - const accessToken = this.getAccessTokenCredential(key); - // Validate value - if (accessToken && - this.credentialMatchesFilter(accessToken, accessTokenFilter)) { - accessTokens.push(accessToken); - } - } - }); - const numAccessTokens = accessTokens.length; - if (numAccessTokens < 1) { - this.commonLogger.info("CacheManager:getAccessToken - No token found"); - return null; - } - else if (numAccessTokens > 1) { - this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them"); - accessTokens.forEach((accessToken) => { - void this.removeAccessToken(generateCredentialKey(accessToken)); - }); - if (performanceClient && correlationId) { - performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId); - } - return null; - } - this.commonLogger.info("CacheManager:getAccessToken - Returning access token"); - return accessTokens[0]; - } - /** - * Validate the cache key against filter before retrieving and parsing cache value - * @param key - * @param filter - * @param keyMustContainAllScopes - * @returns - */ - accessTokenKeyMatchesFilter(inputKey, filter, keyMustContainAllScopes) { - const key = inputKey.toLowerCase(); - if (filter.clientId && - key.indexOf(filter.clientId.toLowerCase()) === -1) { - return false; - } - if (filter.homeAccountId && - key.indexOf(filter.homeAccountId.toLowerCase()) === -1) { - return false; - } - if (filter.realm && key.indexOf(filter.realm.toLowerCase()) === -1) { - return false; - } - if (filter.requestedClaimsHash && - key.indexOf(filter.requestedClaimsHash.toLowerCase()) === -1) { - return false; - } - if (filter.target) { - const scopes = filter.target.asArray(); - for (let i = 0; i < scopes.length; i++) { - if (keyMustContainAllScopes && - !key.includes(scopes[i].toLowerCase())) { - // When performing a cache lookup a missing scope would be a cache miss - return false; - } - else if (!keyMustContainAllScopes && - key.includes(scopes[i].toLowerCase())) { - // When performing a cache write, any token with a subset of requested scopes should be replaced - return true; - } - } - } - return true; - } - /** - * Gets all access tokens matching the filter - * @param filter - * @returns - */ - getAccessTokensByFilter(filter) { - const tokenKeys = this.getTokenKeys(); - const accessTokens = []; - tokenKeys.accessToken.forEach((key) => { - if (!this.accessTokenKeyMatchesFilter(key, filter, true)) { - return; - } - const accessToken = this.getAccessTokenCredential(key); - if (accessToken && - this.credentialMatchesFilter(accessToken, filter)) { - accessTokens.push(accessToken); - } - }); - return accessTokens; - } - /** - * Helper to retrieve the appropriate refresh token from cache - * @param account {AccountInfo} - * @param familyRT {boolean} - * @param tokenKeys {?TokenKeys} - * @param performanceClient {?IPerformanceClient} - * @param correlationId {?string} - */ - getRefreshToken(account, familyRT, tokenKeys, performanceClient, correlationId) { - this.commonLogger.trace("CacheManager - getRefreshToken called"); - const id = familyRT ? THE_FAMILY_ID : undefined; - const refreshTokenFilter = { - homeAccountId: account.homeAccountId, - environment: account.environment, - credentialType: CredentialType.REFRESH_TOKEN, - clientId: this.clientId, - familyId: id, - }; - const refreshTokenKeys = (tokenKeys && tokenKeys.refreshToken) || - this.getTokenKeys().refreshToken; - const refreshTokens = []; - refreshTokenKeys.forEach((key) => { - // Validate key - if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) { - const refreshToken = this.getRefreshTokenCredential(key); - // Validate value - if (refreshToken && - this.credentialMatchesFilter(refreshToken, refreshTokenFilter)) { - refreshTokens.push(refreshToken); - } - } - }); - const numRefreshTokens = refreshTokens.length; - if (numRefreshTokens < 1) { - this.commonLogger.info("CacheManager:getRefreshToken - No refresh token found."); - return null; - } - // address the else case after remove functions address environment aliases - if (numRefreshTokens > 1 && performanceClient && correlationId) { - performanceClient.addFields({ multiMatchedRT: numRefreshTokens }, correlationId); - } - this.commonLogger.info("CacheManager:getRefreshToken - returning refresh token"); - return refreshTokens[0]; - } - /** - * Validate the cache key against filter before retrieving and parsing cache value - * @param key - * @param filter - */ - refreshTokenKeyMatchesFilter(inputKey, filter) { - const key = inputKey.toLowerCase(); - if (filter.familyId && - key.indexOf(filter.familyId.toLowerCase()) === -1) { - return false; - } - // If familyId is used, clientId is not in the key - if (!filter.familyId && - filter.clientId && - key.indexOf(filter.clientId.toLowerCase()) === -1) { - return false; - } - if (filter.homeAccountId && - key.indexOf(filter.homeAccountId.toLowerCase()) === -1) { - return false; - } - return true; - } - /** - * Retrieve AppMetadataEntity from cache - */ - readAppMetadataFromCache(environment) { - const appMetadataFilter = { - environment, - clientId: this.clientId, - }; - const appMetadata = this.getAppMetadataFilteredBy(appMetadataFilter); - const appMetadataEntries = Object.keys(appMetadata).map((key) => appMetadata[key]); - const numAppMetadata = appMetadataEntries.length; - if (numAppMetadata < 1) { - return null; - } - else if (numAppMetadata > 1) { - throw createClientAuthError(multipleMatchingAppMetadata); - } - return appMetadataEntries[0]; - } - /** - * Return the family_id value associated with FOCI - * @param environment - * @param clientId - */ - isAppMetadataFOCI(environment) { - const appMetadata = this.readAppMetadataFromCache(environment); - return !!(appMetadata && appMetadata.familyId === THE_FAMILY_ID); - } - /** - * helper to match account ids - * @param value - * @param homeAccountId - */ - matchHomeAccountId(entity, homeAccountId) { - return !!(typeof entity.homeAccountId === "string" && - homeAccountId === entity.homeAccountId); - } - /** - * helper to match account ids - * @param entity - * @param localAccountId - * @returns - */ - matchLocalAccountIdFromTokenClaims(tokenClaims, localAccountId) { - const idTokenLocalAccountId = tokenClaims.oid || tokenClaims.sub; - return localAccountId === idTokenLocalAccountId; - } - matchLocalAccountIdFromTenantProfile(tenantProfile, localAccountId) { - return tenantProfile.localAccountId === localAccountId; - } - /** - * helper to match names - * @param entity - * @param name - * @returns true if the downcased name properties are present and match in the filter and the entity - */ - matchName(claims, name) { - return !!(name.toLowerCase() === claims.name?.toLowerCase()); - } - /** - * helper to match usernames - * @param entity - * @param username - * @returns - */ - matchUsername(cachedUsername, filterUsername) { - return !!(cachedUsername && - typeof cachedUsername === "string" && - filterUsername?.toLowerCase() === cachedUsername.toLowerCase()); - } - /** - * helper to match assertion - * @param value - * @param oboAssertion - */ - matchUserAssertionHash(entity, userAssertionHash) { - return !!(entity.userAssertionHash && - userAssertionHash === entity.userAssertionHash); - } - /** - * helper to match environment - * @param value - * @param environment - */ - matchEnvironment(entity, environment) { - // Check static authority options first for cases where authority metadata has not been resolved and cached yet - if (this.staticAuthorityOptions) { - const staticAliases = getAliasesFromStaticSources(this.staticAuthorityOptions, this.commonLogger); - if (staticAliases.includes(environment) && - staticAliases.includes(entity.environment)) { - return true; - } - } - // Query metadata cache if no static authority configuration has aliases that match enviroment - const cloudMetadata = this.getAuthorityMetadataByAlias(environment); - if (cloudMetadata && - cloudMetadata.aliases.indexOf(entity.environment) > -1) { - return true; - } - return false; - } - /** - * helper to match credential type - * @param entity - * @param credentialType - */ - matchCredentialType(entity, credentialType) { - return (entity.credentialType && - credentialType.toLowerCase() === entity.credentialType.toLowerCase()); - } - /** - * helper to match client ids - * @param entity - * @param clientId - */ - matchClientId(entity, clientId) { - return !!(entity.clientId && clientId === entity.clientId); - } - /** - * helper to match family ids - * @param entity - * @param familyId - */ - matchFamilyId(entity, familyId) { - return !!(entity.familyId && familyId === entity.familyId); - } - /** - * helper to match realm - * @param entity - * @param realm - */ - matchRealm(entity, realm) { - return !!(entity.realm?.toLowerCase() === realm.toLowerCase()); - } - /** - * helper to match nativeAccountId - * @param entity - * @param nativeAccountId - * @returns boolean indicating the match result - */ - matchNativeAccountId(entity, nativeAccountId) { - return !!(entity.nativeAccountId && nativeAccountId === entity.nativeAccountId); - } - /** - * helper to match loginHint which can be either: - * 1. login_hint ID token claim - * 2. username in cached account object - * 3. upn in ID token claims - * @param entity - * @param loginHint - * @returns - */ - matchLoginHintFromTokenClaims(tokenClaims, loginHint) { - if (tokenClaims.login_hint === loginHint) { - return true; - } - if (tokenClaims.preferred_username === loginHint) { - return true; - } - if (tokenClaims.upn === loginHint) { - return true; - } - return false; - } - /** - * Helper to match sid - * @param entity - * @param sid - * @returns true if the sid claim is present and matches the filter - */ - matchSid(idTokenClaims, sid) { - return idTokenClaims.sid === sid; - } - matchAuthorityType(entity, authorityType) { - return !!(entity.authorityType && - authorityType.toLowerCase() === entity.authorityType.toLowerCase()); - } - /** - * Returns true if the target scopes are a subset of the current entity's scopes, false otherwise. - * @param entity - * @param target - */ - matchTarget(entity, target) { - const isNotAccessTokenCredential = entity.credentialType !== CredentialType.ACCESS_TOKEN && - entity.credentialType !== - CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME; - if (isNotAccessTokenCredential || !entity.target) { - return false; - } - const entityScopeSet = ScopeSet.fromString(entity.target); - return entityScopeSet.containsScopeSet(target); - } - /** - * Returns true if the credential's tokenType or Authentication Scheme matches the one in the request, false otherwise - * @param entity - * @param tokenType - */ - matchTokenType(entity, tokenType) { - return !!(entity.tokenType && entity.tokenType === tokenType); - } - /** - * Returns true if the credential's keyId matches the one in the request, false otherwise - * @param entity - * @param keyId - */ - matchKeyId(entity, keyId) { - return !!(entity.keyId && entity.keyId === keyId); - } - /** - * returns if a given cache entity is of the type appmetadata - * @param key - */ - isAppMetadata(key) { - return key.indexOf(APP_METADATA) !== -1; - } - /** - * returns if a given cache entity is of the type authoritymetadata - * @param key - */ - isAuthorityMetadata(key) { - return key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) !== -1; - } - /** - * returns cache key used for cloud instance metadata - */ - generateAuthorityMetadataCacheKey(authority) { - return `${AUTHORITY_METADATA_CONSTANTS.CACHE_KEY}-${this.clientId}-${authority}`; - } - /** - * Helper to convert serialized data to object - * @param obj - * @param json - */ - static toObject(obj, json) { - for (const propertyName in json) { - obj[propertyName] = json[propertyName]; - } - return obj; - } -} -/** @internal */ -class DefaultStorageClass extends CacheManager { - setAccount() { - throw createClientAuthError(methodNotImplemented); - } - getAccount() { - throw createClientAuthError(methodNotImplemented); - } - getCachedAccountEntity() { - throw createClientAuthError(methodNotImplemented); - } - setIdTokenCredential() { - throw createClientAuthError(methodNotImplemented); - } - getIdTokenCredential() { - throw createClientAuthError(methodNotImplemented); - } - setAccessTokenCredential() { - throw createClientAuthError(methodNotImplemented); - } - getAccessTokenCredential() { - throw createClientAuthError(methodNotImplemented); - } - setRefreshTokenCredential() { - throw createClientAuthError(methodNotImplemented); - } - getRefreshTokenCredential() { - throw createClientAuthError(methodNotImplemented); - } - setAppMetadata() { - throw createClientAuthError(methodNotImplemented); - } - getAppMetadata() { - throw createClientAuthError(methodNotImplemented); - } - setServerTelemetry() { - throw createClientAuthError(methodNotImplemented); - } - getServerTelemetry() { - throw createClientAuthError(methodNotImplemented); - } - setAuthorityMetadata() { - throw createClientAuthError(methodNotImplemented); - } - getAuthorityMetadata() { - throw createClientAuthError(methodNotImplemented); - } - getAuthorityMetadataKeys() { - throw createClientAuthError(methodNotImplemented); - } - setThrottlingCache() { - throw createClientAuthError(methodNotImplemented); - } - getThrottlingCache() { - throw createClientAuthError(methodNotImplemented); - } - removeItem() { - throw createClientAuthError(methodNotImplemented); - } - getKeys() { - throw createClientAuthError(methodNotImplemented); - } - getAccountKeys() { - throw createClientAuthError(methodNotImplemented); - } - getTokenKeys() { - throw createClientAuthError(methodNotImplemented); - } - async clear() { - throw createClientAuthError(methodNotImplemented); - } - updateCredentialCacheKey() { - throw createClientAuthError(methodNotImplemented); - } - removeOutdatedAccount() { - throw createClientAuthError(methodNotImplemented); - } -} - - -//# sourceMappingURL=CacheManager.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/config/ClientConfiguration.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const DEFAULT_SYSTEM_OPTIONS = { - tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC, - preventCorsPreflight: false, -}; -const DEFAULT_LOGGER_IMPLEMENTATION = { - loggerCallback: () => { - // allow users to not set loggerCallback - }, - piiLoggingEnabled: false, - logLevel: LogLevel.Info, - correlationId: Constants.EMPTY_STRING, -}; -const DEFAULT_CACHE_OPTIONS = { - claimsBasedCachingEnabled: false, -}; -const DEFAULT_NETWORK_IMPLEMENTATION = { - async sendGetRequestAsync() { - throw createClientAuthError(methodNotImplemented); - }, - async sendPostRequestAsync() { - throw createClientAuthError(methodNotImplemented); - }, -}; -const DEFAULT_LIBRARY_INFO = { - sku: Constants.SKU, - version: version, - cpu: Constants.EMPTY_STRING, - os: Constants.EMPTY_STRING, -}; -const DEFAULT_CLIENT_CREDENTIALS = { - clientSecret: Constants.EMPTY_STRING, - clientAssertion: undefined, -}; -const DEFAULT_AZURE_CLOUD_OPTIONS = { - azureCloudInstance: AzureCloudInstance.None, - tenant: `${Constants.DEFAULT_COMMON_TENANT}`, -}; -const DEFAULT_TELEMETRY_OPTIONS = { - application: { - appName: "", - appVersion: "", - }, -}; -/** - * Function that sets the default options when not explicitly configured from app developer - * - * @param Configuration - * - * @returns Configuration - */ -function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) { - const loggerOptions = { - ...DEFAULT_LOGGER_IMPLEMENTATION, - ...userLoggerOption, - }; - return { - authOptions: buildAuthOptions(userAuthOptions), - systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions }, - loggerOptions: loggerOptions, - cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions }, - storageInterface: storageImplementation || - new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions)), - networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION, - cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION, - clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS, - libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo }, - telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry }, - serverTelemetryManager: serverTelemetryManager || null, - persistencePlugin: persistencePlugin || null, - serializableCache: serializableCache || null, - }; -} -/** - * Construct authoptions from the client and platform passed values - * @param authOptions - */ -function buildAuthOptions(authOptions) { - return { - clientCapabilities: [], - azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS, - skipAuthorityMetadataCache: false, - ...authOptions, - }; -} -/** - * Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise - * @param ClientConfiguration - */ -function isOidcProtocolMode(config) { - return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC); -} - - -//# sourceMappingURL=ClientConfiguration.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/network/INetworkModule.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const StubbedNetworkModule = { - sendGetRequestAsync: () => { - return Promise.reject(createClientAuthError(methodNotImplemented)); - }, - sendPostRequestAsync: () => { - return Promise.reject(createClientAuthError(methodNotImplemented)); - }, -}; - - -//# sourceMappingURL=INetworkModule.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/telemetry/performance/PerformanceEvent.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient. - * - * @export - * @enum {number} - */ -const PerformanceEvents = { - /** - * acquireTokenByCode API (msal-browser and msal-node). - * Used to acquire tokens by trading an authorization code against the token endpoint. - */ - AcquireTokenByCode: "acquireTokenByCode", - /** - * acquireTokenByRefreshToken API (msal-browser and msal-node). - * Used to renew an access token using a refresh token against the token endpoint. - */ - AcquireTokenByRefreshToken: "acquireTokenByRefreshToken", - /** - * acquireTokenSilent API (msal-browser and msal-node). - * Used to silently acquire a new access token (from the cache or the network). - */ - AcquireTokenSilent: "acquireTokenSilent", - /** - * acquireTokenSilentAsync (msal-browser). - * Internal API for acquireTokenSilent. - */ - AcquireTokenSilentAsync: "acquireTokenSilentAsync", - /** - * acquireTokenPopup (msal-browser). - * Used to acquire a new access token interactively through pop ups - */ - AcquireTokenPopup: "acquireTokenPopup", - /** - * acquireTokenPreRedirect (msal-browser). - * First part of the redirect flow. - * Used to acquire a new access token interactively through redirects. - */ - AcquireTokenPreRedirect: "acquireTokenPreRedirect", - /** - * acquireTokenRedirect (msal-browser). - * Second part of the redirect flow. - * Used to acquire a new access token interactively through redirects. - */ - AcquireTokenRedirect: "acquireTokenRedirect", - /** - * getPublicKeyThumbprint API in CryptoOpts class (msal-browser). - * Used to generate a public/private keypair and generate a public key thumbprint for pop requests. - */ - CryptoOptsGetPublicKeyThumbprint: "cryptoOptsGetPublicKeyThumbprint", - /** - * signJwt API in CryptoOpts class (msal-browser). - * Used to signed a pop token. - */ - CryptoOptsSignJwt: "cryptoOptsSignJwt", - /** - * acquireToken API in the SilentCacheClient class (msal-browser). - * Used to read access tokens from the cache. - */ - SilentCacheClientAcquireToken: "silentCacheClientAcquireToken", - /** - * acquireToken API in the SilentIframeClient class (msal-browser). - * Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe. - */ - SilentIframeClientAcquireToken: "silentIframeClientAcquireToken", - AwaitConcurrentIframe: "awaitConcurrentIframe", - /** - * acquireToken API in SilentRereshClient (msal-browser). - * Used to acquire a new set of tokens from the token endpoint using a refresh token. - */ - SilentRefreshClientAcquireToken: "silentRefreshClientAcquireToken", - /** - * ssoSilent API (msal-browser). - * Used to silently acquire an authorization code and set of tokens using a hidden iframe. - */ - SsoSilent: "ssoSilent", - /** - * getDiscoveredAuthority API in StandardInteractionClient class (msal-browser). - * Used to load authority metadata for a request. - */ - StandardInteractionClientGetDiscoveredAuthority: "standardInteractionClientGetDiscoveredAuthority", - /** - * acquireToken APIs in msal-browser. - * Used to make an /authorize endpoint call with native brokering enabled. - */ - FetchAccountIdWithNativeBroker: "fetchAccountIdWithNativeBroker", - /** - * acquireToken API in NativeInteractionClient class (msal-browser). - * Used to acquire a token from Native component when native brokering is enabled. - */ - NativeInteractionClientAcquireToken: "nativeInteractionClientAcquireToken", - /** - * Time spent creating default headers for requests to token endpoint - */ - BaseClientCreateTokenRequestHeaders: "baseClientCreateTokenRequestHeaders", - /** - * Time spent sending/waiting for the response of a request to the token endpoint - */ - RefreshTokenClientExecutePostToTokenEndpoint: "refreshTokenClientExecutePostToTokenEndpoint", - AuthorizationCodeClientExecutePostToTokenEndpoint: "authorizationCodeClientExecutePostToTokenEndpoint", - /** - * Used to measure the time taken for completing embedded-broker handshake (PW-Broker). - */ - BrokerHandhshake: "brokerHandshake", - /** - * acquireTokenByRefreshToken API in BrokerClientApplication (PW-Broker) . - */ - AcquireTokenByRefreshTokenInBroker: "acquireTokenByRefreshTokenInBroker", - /** - * Time taken for token acquisition by broker - */ - AcquireTokenByBroker: "acquireTokenByBroker", - /** - * Time spent on the network for refresh token acquisition - */ - RefreshTokenClientExecuteTokenRequest: "refreshTokenClientExecuteTokenRequest", - /** - * Time taken for acquiring refresh token , records RT size - */ - RefreshTokenClientAcquireToken: "refreshTokenClientAcquireToken", - /** - * Time taken for acquiring cached refresh token - */ - RefreshTokenClientAcquireTokenWithCachedRefreshToken: "refreshTokenClientAcquireTokenWithCachedRefreshToken", - /** - * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common). - */ - RefreshTokenClientAcquireTokenByRefreshToken: "refreshTokenClientAcquireTokenByRefreshToken", - /** - * Helper function to create token request body in RefreshTokenClient (msal-common). - */ - RefreshTokenClientCreateTokenRequestBody: "refreshTokenClientCreateTokenRequestBody", - /** - * acquireTokenFromCache (msal-browser). - * Internal API for acquiring token from cache - */ - AcquireTokenFromCache: "acquireTokenFromCache", - SilentFlowClientAcquireCachedToken: "silentFlowClientAcquireCachedToken", - SilentFlowClientGenerateResultFromCacheRecord: "silentFlowClientGenerateResultFromCacheRecord", - /** - * acquireTokenBySilentIframe (msal-browser). - * Internal API for acquiring token by silent Iframe - */ - AcquireTokenBySilentIframe: "acquireTokenBySilentIframe", - /** - * Internal API for initializing base request in BaseInteractionClient (msal-browser) - */ - InitializeBaseRequest: "initializeBaseRequest", - /** - * Internal API for initializing silent request in SilentCacheClient (msal-browser) - */ - InitializeSilentRequest: "initializeSilentRequest", - InitializeClientApplication: "initializeClientApplication", - /** - * Helper function in SilentIframeClient class (msal-browser). - */ - SilentIframeClientTokenHelper: "silentIframeClientTokenHelper", - /** - * SilentHandler - */ - SilentHandlerInitiateAuthRequest: "silentHandlerInitiateAuthRequest", - SilentHandlerMonitorIframeForHash: "silentHandlerMonitorIframeForHash", - SilentHandlerLoadFrame: "silentHandlerLoadFrame", - SilentHandlerLoadFrameSync: "silentHandlerLoadFrameSync", - /** - * Helper functions in StandardInteractionClient class (msal-browser) - */ - StandardInteractionClientCreateAuthCodeClient: "standardInteractionClientCreateAuthCodeClient", - StandardInteractionClientGetClientConfiguration: "standardInteractionClientGetClientConfiguration", - StandardInteractionClientInitializeAuthorizationRequest: "standardInteractionClientInitializeAuthorizationRequest", - StandardInteractionClientInitializeAuthorizationCodeRequest: "standardInteractionClientInitializeAuthorizationCodeRequest", - /** - * getAuthCodeUrl API (msal-browser and msal-node). - */ - GetAuthCodeUrl: "getAuthCodeUrl", - /** - * Functions from InteractionHandler (msal-browser) - */ - HandleCodeResponseFromServer: "handleCodeResponseFromServer", - HandleCodeResponse: "handleCodeResponse", - UpdateTokenEndpointAuthority: "updateTokenEndpointAuthority", - /** - * APIs in Authorization Code Client (msal-common) - */ - AuthClientAcquireToken: "authClientAcquireToken", - AuthClientExecuteTokenRequest: "authClientExecuteTokenRequest", - AuthClientCreateTokenRequestBody: "authClientCreateTokenRequestBody", - AuthClientCreateQueryString: "authClientCreateQueryString", - /** - * Generate functions in PopTokenGenerator (msal-common) - */ - PopTokenGenerateCnf: "popTokenGenerateCnf", - PopTokenGenerateKid: "popTokenGenerateKid", - /** - * handleServerTokenResponse API in ResponseHandler (msal-common) - */ - HandleServerTokenResponse: "handleServerTokenResponse", - DeserializeResponse: "deserializeResponse", - /** - * Authority functions - */ - AuthorityFactoryCreateDiscoveredInstance: "authorityFactoryCreateDiscoveredInstance", - AuthorityResolveEndpointsAsync: "authorityResolveEndpointsAsync", - AuthorityResolveEndpointsFromLocalSources: "authorityResolveEndpointsFromLocalSources", - AuthorityGetCloudDiscoveryMetadataFromNetwork: "authorityGetCloudDiscoveryMetadataFromNetwork", - AuthorityUpdateCloudDiscoveryMetadata: "authorityUpdateCloudDiscoveryMetadata", - AuthorityGetEndpointMetadataFromNetwork: "authorityGetEndpointMetadataFromNetwork", - AuthorityUpdateEndpointMetadata: "authorityUpdateEndpointMetadata", - AuthorityUpdateMetadataWithRegionalInformation: "authorityUpdateMetadataWithRegionalInformation", - /** - * Region Discovery functions - */ - RegionDiscoveryDetectRegion: "regionDiscoveryDetectRegion", - RegionDiscoveryGetRegionFromIMDS: "regionDiscoveryGetRegionFromIMDS", - RegionDiscoveryGetCurrentVersion: "regionDiscoveryGetCurrentVersion", - AcquireTokenByCodeAsync: "acquireTokenByCodeAsync", - GetEndpointMetadataFromNetwork: "getEndpointMetadataFromNetwork", - GetCloudDiscoveryMetadataFromNetworkMeasurement: "getCloudDiscoveryMetadataFromNetworkMeasurement", - HandleRedirectPromiseMeasurement: "handleRedirectPromise", - HandleNativeRedirectPromiseMeasurement: "handleNativeRedirectPromise", - UpdateCloudDiscoveryMetadataMeasurement: "updateCloudDiscoveryMetadataMeasurement", - UsernamePasswordClientAcquireToken: "usernamePasswordClientAcquireToken", - NativeMessageHandlerHandshake: "nativeMessageHandlerHandshake", - NativeGenerateAuthResult: "nativeGenerateAuthResult", - RemoveHiddenIframe: "removeHiddenIframe", - /** - * Cache operations - */ - ClearTokensAndKeysWithClaims: "clearTokensAndKeysWithClaims", - CacheManagerGetRefreshToken: "cacheManagerGetRefreshToken", - /** - * Crypto Operations - */ - GeneratePkceCodes: "generatePkceCodes", - GenerateCodeVerifier: "generateCodeVerifier", - GenerateCodeChallengeFromVerifier: "generateCodeChallengeFromVerifier", - Sha256Digest: "sha256Digest", - GetRandomValues: "getRandomValues", -}; -const PerformanceEventAbbreviations = new Map([ - [PerformanceEvents.AcquireTokenByCode, "ATByCode"], - [PerformanceEvents.AcquireTokenByRefreshToken, "ATByRT"], - [PerformanceEvents.AcquireTokenSilent, "ATS"], - [PerformanceEvents.AcquireTokenSilentAsync, "ATSAsync"], - [PerformanceEvents.AcquireTokenPopup, "ATPopup"], - [PerformanceEvents.AcquireTokenRedirect, "ATRedirect"], - [ - PerformanceEvents.CryptoOptsGetPublicKeyThumbprint, - "CryptoGetPKThumb", - ], - [PerformanceEvents.CryptoOptsSignJwt, "CryptoSignJwt"], - [PerformanceEvents.SilentCacheClientAcquireToken, "SltCacheClientAT"], - [PerformanceEvents.SilentIframeClientAcquireToken, "SltIframeClientAT"], - [PerformanceEvents.SilentRefreshClientAcquireToken, "SltRClientAT"], - [PerformanceEvents.SsoSilent, "SsoSlt"], - [ - PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, - "StdIntClientGetDiscAuth", - ], - [ - PerformanceEvents.FetchAccountIdWithNativeBroker, - "FetchAccIdWithNtvBroker", - ], - [ - PerformanceEvents.NativeInteractionClientAcquireToken, - "NtvIntClientAT", - ], - [ - PerformanceEvents.BaseClientCreateTokenRequestHeaders, - "BaseClientCreateTReqHead", - ], - [ - PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint, - "RTClientExecPost", - ], - [ - PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint, - "AuthCodeClientExecPost", - ], - [PerformanceEvents.BrokerHandhshake, "BrokerHandshake"], - [ - PerformanceEvents.AcquireTokenByRefreshTokenInBroker, - "ATByRTInBroker", - ], - [PerformanceEvents.AcquireTokenByBroker, "ATByBroker"], - [ - PerformanceEvents.RefreshTokenClientExecuteTokenRequest, - "RTClientExecTReq", - ], - [PerformanceEvents.RefreshTokenClientAcquireToken, "RTClientAT"], - [ - PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, - "RTClientATWithCachedRT", - ], - [ - PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, - "RTClientATByRT", - ], - [ - PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, - "RTClientCreateTReqBody", - ], - [PerformanceEvents.AcquireTokenFromCache, "ATFromCache"], - [ - PerformanceEvents.SilentFlowClientAcquireCachedToken, - "SltFlowClientATCached", - ], - [ - PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, - "SltFlowClientGenResFromCache", - ], - [PerformanceEvents.AcquireTokenBySilentIframe, "ATBySltIframe"], - [PerformanceEvents.InitializeBaseRequest, "InitBaseReq"], - [PerformanceEvents.InitializeSilentRequest, "InitSltReq"], - [ - PerformanceEvents.InitializeClientApplication, - "InitClientApplication", - ], - [PerformanceEvents.SilentIframeClientTokenHelper, "SIClientTHelper"], - [ - PerformanceEvents.SilentHandlerInitiateAuthRequest, - "SHandlerInitAuthReq", - ], - [ - PerformanceEvents.SilentHandlerMonitorIframeForHash, - "SltHandlerMonitorIframeForHash", - ], - [PerformanceEvents.SilentHandlerLoadFrame, "SHandlerLoadFrame"], - [PerformanceEvents.SilentHandlerLoadFrameSync, "SHandlerLoadFrameSync"], - [ - PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, - "StdIntClientCreateAuthCodeClient", - ], - [ - PerformanceEvents.StandardInteractionClientGetClientConfiguration, - "StdIntClientGetClientConf", - ], - [ - PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, - "StdIntClientInitAuthReq", - ], - [ - PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, - "StdIntClientInitAuthCodeReq", - ], - [PerformanceEvents.GetAuthCodeUrl, "GetAuthCodeUrl"], - [ - PerformanceEvents.HandleCodeResponseFromServer, - "HandleCodeResFromServer", - ], - [PerformanceEvents.HandleCodeResponse, "HandleCodeResp"], - [PerformanceEvents.UpdateTokenEndpointAuthority, "UpdTEndpointAuth"], - [PerformanceEvents.AuthClientAcquireToken, "AuthClientAT"], - [PerformanceEvents.AuthClientExecuteTokenRequest, "AuthClientExecTReq"], - [ - PerformanceEvents.AuthClientCreateTokenRequestBody, - "AuthClientCreateTReqBody", - ], - [ - PerformanceEvents.AuthClientCreateQueryString, - "AuthClientCreateQueryStr", - ], - [PerformanceEvents.PopTokenGenerateCnf, "PopTGenCnf"], - [PerformanceEvents.PopTokenGenerateKid, "PopTGenKid"], - [PerformanceEvents.HandleServerTokenResponse, "HandleServerTRes"], - [PerformanceEvents.DeserializeResponse, "DeserializeRes"], - [ - PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance, - "AuthFactCreateDiscInst", - ], - [ - PerformanceEvents.AuthorityResolveEndpointsAsync, - "AuthResolveEndpointsAsync", - ], - [ - PerformanceEvents.AuthorityResolveEndpointsFromLocalSources, - "AuthResolveEndpointsFromLocal", - ], - [ - PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, - "AuthGetCDMetaFromNet", - ], - [ - PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, - "AuthUpdCDMeta", - ], - [ - PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, - "AuthUpdCDMetaFromNet", - ], - [ - PerformanceEvents.AuthorityUpdateEndpointMetadata, - "AuthUpdEndpointMeta", - ], - [ - PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, - "AuthUpdMetaWithRegInfo", - ], - [PerformanceEvents.RegionDiscoveryDetectRegion, "RegDiscDetectReg"], - [ - PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, - "RegDiscGetRegFromIMDS", - ], - [ - PerformanceEvents.RegionDiscoveryGetCurrentVersion, - "RegDiscGetCurrentVer", - ], - [PerformanceEvents.AcquireTokenByCodeAsync, "ATByCodeAsync"], - [ - PerformanceEvents.GetEndpointMetadataFromNetwork, - "GetEndpointMetaFromNet", - ], - [ - PerformanceEvents.GetCloudDiscoveryMetadataFromNetworkMeasurement, - "GetCDMetaFromNet", - ], - [ - PerformanceEvents.HandleRedirectPromiseMeasurement, - "HandleRedirectPromise", - ], - [ - PerformanceEvents.HandleNativeRedirectPromiseMeasurement, - "HandleNtvRedirectPromise", - ], - [ - PerformanceEvents.UpdateCloudDiscoveryMetadataMeasurement, - "UpdateCDMeta", - ], - [ - PerformanceEvents.UsernamePasswordClientAcquireToken, - "UserPassClientAT", - ], - [ - PerformanceEvents.NativeMessageHandlerHandshake, - "NtvMsgHandlerHandshake", - ], - [PerformanceEvents.NativeGenerateAuthResult, "NtvGenAuthRes"], - [PerformanceEvents.RemoveHiddenIframe, "RemoveHiddenIframe"], - [ - PerformanceEvents.ClearTokensAndKeysWithClaims, - "ClearTAndKeysWithClaims", - ], - [PerformanceEvents.CacheManagerGetRefreshToken, "CacheManagerGetRT"], - [PerformanceEvents.GeneratePkceCodes, "GenPkceCodes"], - [PerformanceEvents.GenerateCodeVerifier, "GenCodeVerifier"], - [ - PerformanceEvents.GenerateCodeChallengeFromVerifier, - "GenCodeChallengeFromVerifier", - ], - [PerformanceEvents.Sha256Digest, "Sha256Digest"], - [PerformanceEvents.GetRandomValues, "GetRandomValues"], -]); -/** - * State of the performance event. - * - * @export - * @enum {number} - */ -const PerformanceEventStatus = { - NotStarted: 0, - InProgress: 1, - Completed: 2, -}; -const IntFields = new Set([ - "accessTokenSize", - "durationMs", - "idTokenSize", - "matsSilentStatus", - "matsHttpStatus", - "refreshTokenSize", - "queuedTimeMs", - "startTimeMs", - "status", - "multiMatchedAT", - "multiMatchedID", - "multiMatchedRT", -]); - - -//# sourceMappingURL=PerformanceEvent.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/telemetry/performance/StubPerformanceClient.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class StubPerformanceMeasurement { - startMeasurement() { - return; - } - endMeasurement() { - return; - } - flushMeasurement() { - return null; - } -} -class StubPerformanceClient { - generateId() { - return "callback-id"; - } - startMeasurement(measureName, correlationId) { - return { - end: () => null, - discard: () => { }, - add: () => { }, - increment: () => { }, - event: { - eventId: this.generateId(), - status: PerformanceEventStatus.InProgress, - authority: "", - libraryName: "", - libraryVersion: "", - clientId: "", - name: measureName, - startTimeMs: Date.now(), - correlationId: correlationId || "", - }, - measurement: new StubPerformanceMeasurement(), - }; - } - startPerformanceMeasurement() { - return new StubPerformanceMeasurement(); - } - calculateQueuedTime() { - return 0; - } - addQueueMeasurement() { - return; - } - setPreQueueTime() { - return; - } - endMeasurement() { - return null; - } - discardMeasurements() { - return; - } - removePerformanceCallback() { - return true; - } - addPerformanceCallback() { - return ""; - } - emitEvents() { - return; - } - addFields() { - return; - } - incrementFields() { - return; - } - cacheEventByCorrelationId() { - return; - } -} - - -//# sourceMappingURL=StubPerformanceClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/utils/BrowserConstants.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Constants - */ -const BrowserConstants = { - /** - * Interaction in progress cache value - */ - INTERACTION_IN_PROGRESS_VALUE: "interaction_in_progress", - /** - * Invalid grant error code - */ - INVALID_GRANT_ERROR: "invalid_grant", - /** - * Default popup window width - */ - POPUP_WIDTH: 483, - /** - * Default popup window height - */ - POPUP_HEIGHT: 600, - /** - * Name of the popup window starts with - */ - POPUP_NAME_PREFIX: "msal", - /** - * Default popup monitor poll interval in milliseconds - */ - DEFAULT_POLL_INTERVAL_MS: 30, - /** - * Msal-browser SKU - */ - MSAL_SKU: "msal.js.browser", -}; -const NativeConstants = { - CHANNEL_ID: "53ee284d-920a-4b59-9d30-a60315b26836", - PREFERRED_EXTENSION_ID: "ppnbnpeolgkicgegkbkbjmhlideopiji", - MATS_TELEMETRY: "MATS", -}; -const NativeExtensionMethod = { - HandshakeRequest: "Handshake", - HandshakeResponse: "HandshakeResponse", - GetToken: "GetToken", - Response: "Response", -}; -const BrowserCacheLocation = { - LocalStorage: "localStorage", - SessionStorage: "sessionStorage", - MemoryStorage: "memoryStorage", -}; -/** - * HTTP Request types supported by MSAL. - */ -const HTTP_REQUEST_TYPE = { - GET: "GET", - POST: "POST", -}; -/** - * Temporary cache keys for MSAL, deleted after any request. - */ -const TemporaryCacheKeys = { - AUTHORITY: "authority", - ACQUIRE_TOKEN_ACCOUNT: "acquireToken.account", - SESSION_STATE: "session.state", - REQUEST_STATE: "request.state", - NONCE_IDTOKEN: "nonce.id_token", - ORIGIN_URI: "request.origin", - RENEW_STATUS: "token.renew.status", - URL_HASH: "urlHash", - REQUEST_PARAMS: "request.params", - SCOPES: "scopes", - INTERACTION_STATUS_KEY: "interaction.status", - CCS_CREDENTIAL: "ccs.credential", - CORRELATION_ID: "request.correlationId", - NATIVE_REQUEST: "request.native", - REDIRECT_CONTEXT: "request.redirect.context", -}; -const StaticCacheKeys = { - ACCOUNT_KEYS: "msal.account.keys", - TOKEN_KEYS: "msal.token.keys", -}; -/** - * Cache keys stored in-memory - */ -const InMemoryCacheKeys = { - WRAPPER_SKU: "wrapper.sku", - WRAPPER_VER: "wrapper.version", -}; -/** - * API Codes for Telemetry purposes. - * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs - * 0-99 Silent Flow - * 800-899 Auth Code Flow - */ -const ApiId = { - acquireTokenRedirect: 861, - acquireTokenPopup: 862, - ssoSilent: 863, - acquireTokenSilent_authCode: 864, - handleRedirectPromise: 865, - acquireTokenByCode: 866, - acquireTokenSilent_silentFlow: 61, - logout: 961, - logoutPopup: 962, -}; -/* - * Interaction type of the API - used for state and telemetry - */ -var InteractionType; -(function (InteractionType) { - InteractionType["Redirect"] = "redirect"; - InteractionType["Popup"] = "popup"; - InteractionType["Silent"] = "silent"; - InteractionType["None"] = "none"; -})(InteractionType || (InteractionType = {})); -/** - * Types of interaction currently in progress. - * Used in events in wrapper libraries to invoke functions when certain interaction is in progress or all interactions are complete. - */ -const InteractionStatus = { - /** - * Initial status before interaction occurs - */ - Startup: "startup", - /** - * Status set when all login calls occuring - */ - Login: "login", - /** - * Status set when logout call occuring - */ - Logout: "logout", - /** - * Status set for acquireToken calls - */ - AcquireToken: "acquireToken", - /** - * Status set for ssoSilent calls - */ - SsoSilent: "ssoSilent", - /** - * Status set when handleRedirect in progress - */ - HandleRedirect: "handleRedirect", - /** - * Status set when interaction is complete - */ - None: "none", -}; -const DEFAULT_REQUEST = { - scopes: OIDC_DEFAULT_SCOPES, -}; -/** - * JWK Key Format string (Type MUST be defined for window crypto APIs) - */ -const KEY_FORMAT_JWK = "jwk"; -// Supported wrapper SKUs -const WrapperSKU = { - React: "@azure/msal-react", - Angular: "@azure/msal-angular", -}; -// DatabaseStorage Constants -const DB_NAME = "msal.db"; -const DB_VERSION = 1; -const DB_TABLE_NAME = `${DB_NAME}.keys`; -const CacheLookupPolicy = { - /* - * acquireTokenSilent will attempt to retrieve an access token from the cache. If the access token is expired - * or cannot be found the refresh token will be used to acquire a new one. Finally, if the refresh token - * is expired acquireTokenSilent will attempt to acquire new access and refresh tokens. - */ - Default: 0, - /* - * acquireTokenSilent will only look for access tokens in the cache. It will not attempt to renew access or - * refresh tokens. - */ - AccessToken: 1, - /* - * acquireTokenSilent will attempt to retrieve an access token from the cache. If the access token is expired or - * cannot be found, the refresh token will be used to acquire a new one. If the refresh token is expired, it - * will not be renewed and acquireTokenSilent will fail. - */ - AccessTokenAndRefreshToken: 2, - /* - * acquireTokenSilent will not attempt to retrieve access tokens from the cache and will instead attempt to - * exchange the cached refresh token for a new access token. If the refresh token is expired, it will not be - * renewed and acquireTokenSilent will fail. - */ - RefreshToken: 3, - /* - * acquireTokenSilent will not look in the cache for the access token. It will go directly to network with the - * cached refresh token. If the refresh token is expired an attempt will be made to renew it. This is equivalent to - * setting "forceRefresh: true". - */ - RefreshTokenAndNetwork: 4, - /* - * acquireTokenSilent will attempt to renew both access and refresh tokens. It will not look in the cache. This will - * always fail if 3rd party cookies are blocked by the browser. - */ - Skip: 5, -}; -const iFrameRenewalPolicies = [ - CacheLookupPolicy.Default, - CacheLookupPolicy.Skip, - CacheLookupPolicy.RefreshTokenAndNetwork, -]; -const LOG_LEVEL_CACHE_KEY = "msal.browser.log.level"; -const LOG_PII_CACHE_KEY = "msal.browser.log.pii"; -const BROWSER_PERF_ENABLED_KEY = "msal.browser.performance.enabled"; - - -//# sourceMappingURL=BrowserConstants.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/navigation/NavigationClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class NavigationClient { - /** - * Navigates to other pages within the same web application - * @param url - * @param options - */ - navigateInternal(url, options) { - return NavigationClient.defaultNavigateWindow(url, options); - } - /** - * Navigates to other pages outside the web application i.e. the Identity Provider - * @param url - * @param options - */ - navigateExternal(url, options) { - return NavigationClient.defaultNavigateWindow(url, options); - } - /** - * Default navigation implementation invoked by the internal and external functions - * @param url - * @param options - */ - static defaultNavigateWindow(url, options) { - if (options.noHistory) { - window.location.replace(url); - } - else { - window.location.assign(url); - } - return new Promise((resolve) => { - setTimeout(() => { - resolve(true); - }, options.timeout); - }); - } -} - - -//# sourceMappingURL=NavigationClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/error/BrowserAuthErrorCodes.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const pkceNotCreated = "pkce_not_created"; -const cryptoNonExistent = "crypto_nonexistent"; -const emptyNavigateUri = "empty_navigate_uri"; -const hashEmptyError = "hash_empty_error"; -const noStateInHash = "no_state_in_hash"; -const hashDoesNotContainKnownProperties = "hash_does_not_contain_known_properties"; -const unableToParseState = "unable_to_parse_state"; -const stateInteractionTypeMismatch = "state_interaction_type_mismatch"; -const interactionInProgress = "interaction_in_progress"; -const popupWindowError = "popup_window_error"; -const emptyWindowError = "empty_window_error"; -const userCancelled = "user_cancelled"; -const monitorPopupTimeout = "monitor_popup_timeout"; -const monitorWindowTimeout = "monitor_window_timeout"; -const redirectInIframe = "redirect_in_iframe"; -const blockIframeReload = "block_iframe_reload"; -const blockNestedPopups = "block_nested_popups"; -const iframeClosedPrematurely = "iframe_closed_prematurely"; -const silentLogoutUnsupported = "silent_logout_unsupported"; -const noAccountError = "no_account_error"; -const silentPromptValueError = "silent_prompt_value_error"; -const noTokenRequestCacheError = "no_token_request_cache_error"; -const unableToParseTokenRequestCacheError = "unable_to_parse_token_request_cache_error"; -const noCachedAuthorityError = "no_cached_authority_error"; -const authRequestNotSetError = "auth_request_not_set_error"; -const invalidCacheType = "invalid_cache_type"; -const nonBrowserEnvironment = "non_browser_environment"; -const databaseNotOpen = "database_not_open"; -const BrowserAuthErrorCodes_noNetworkConnectivity = "no_network_connectivity"; -const BrowserAuthErrorCodes_postRequestFailed = "post_request_failed"; -const getRequestFailed = "get_request_failed"; -const failedToParseResponse = "failed_to_parse_response"; -const unableToLoadToken = "unable_to_load_token"; -const cryptoKeyNotFound = "crypto_key_not_found"; -const authCodeRequired = "auth_code_required"; -const authCodeOrNativeAccountIdRequired = "auth_code_or_nativeAccountId_required"; -const spaCodeAndNativeAccountIdPresent = "spa_code_and_nativeAccountId_present"; -const databaseUnavailable = "database_unavailable"; -const unableToAcquireTokenFromNativePlatform = "unable_to_acquire_token_from_native_platform"; -const nativeHandshakeTimeout = "native_handshake_timeout"; -const nativeExtensionNotInstalled = "native_extension_not_installed"; -const nativeConnectionNotEstablished = "native_connection_not_established"; -const uninitializedPublicClientApplication = "uninitialized_public_client_application"; -const nativePromptNotSupported = "native_prompt_not_supported"; -const invalidBase64String = "invalid_base64_string"; -const invalidPopTokenRequest = "invalid_pop_token_request"; - - -//# sourceMappingURL=BrowserAuthErrorCodes.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/error/BrowserAuthError.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const ErrorLink = "For more visit: aka.ms/msaljs/browser-errors"; -/** - * BrowserAuthErrorMessage class containing string constants used by error codes and messages. - */ -const BrowserAuthErrorMessages = { - [pkceNotCreated]: "The PKCE code challenge and verifier could not be generated.", - [cryptoNonExistent]: "The crypto object or function is not available.", - [emptyNavigateUri]: "Navigation URI is empty. Please check stack trace for more info.", - [hashEmptyError]: `Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${ErrorLink}`, - [noStateInHash]: "Hash does not contain state. Please verify that the request originated from msal.", - [hashDoesNotContainKnownProperties]: `Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. ${ErrorLink}`, - [unableToParseState]: "Unable to parse state. Please verify that the request originated from msal.", - [stateInteractionTypeMismatch]: "Hash contains state but the interaction type does not match the caller.", - [interactionInProgress]: `Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. ${ErrorLink}`, - [popupWindowError]: "Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.", - [emptyWindowError]: "window.open returned null or undefined window object.", - [userCancelled]: "User cancelled the flow.", - [monitorPopupTimeout]: `Token acquisition in popup failed due to timeout. ${ErrorLink}`, - [monitorWindowTimeout]: `Token acquisition in iframe failed due to timeout. ${ErrorLink}`, - [redirectInIframe]: "Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.", - [blockIframeReload]: `Request was blocked inside an iframe because MSAL detected an authentication response. ${ErrorLink}`, - [blockNestedPopups]: "Request was blocked inside a popup because MSAL detected it was running in a popup.", - [iframeClosedPrematurely]: "The iframe being monitored was closed prematurely.", - [silentLogoutUnsupported]: "Silent logout not supported. Please call logoutRedirect or logoutPopup instead.", - [noAccountError]: "No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.", - [silentPromptValueError]: "The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.", - [noTokenRequestCacheError]: "No token request found in cache.", - [unableToParseTokenRequestCacheError]: "The cached token request could not be parsed.", - [noCachedAuthorityError]: "No cached authority found.", - [authRequestNotSetError]: "Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler", - [invalidCacheType]: "Invalid cache type", - [nonBrowserEnvironment]: "Login and token requests are not supported in non-browser environments.", - [databaseNotOpen]: "Database is not open!", - [BrowserAuthErrorCodes_noNetworkConnectivity]: "No network connectivity. Check your internet connection.", - [BrowserAuthErrorCodes_postRequestFailed]: "Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'", - [getRequestFailed]: "Network request failed. Please check the network trace to determine root cause.", - [failedToParseResponse]: "Failed to parse network response. Check network trace.", - [unableToLoadToken]: "Error loading token to cache.", - [cryptoKeyNotFound]: "Cryptographic Key or Keypair not found in browser storage.", - [authCodeRequired]: "An authorization code must be provided (as the `code` property on the request) to this flow.", - [authCodeOrNativeAccountIdRequired]: "An authorization code or nativeAccountId must be provided to this flow.", - [spaCodeAndNativeAccountIdPresent]: "Request cannot contain both spa code and native account id.", - [databaseUnavailable]: "IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.", - [unableToAcquireTokenFromNativePlatform]: `Unable to acquire token from native platform. ${ErrorLink}`, - [nativeHandshakeTimeout]: "Timed out while attempting to establish connection to browser extension", - [nativeExtensionNotInstalled]: "Native extension is not installed. If you think this is a mistake call the initialize function.", - [nativeConnectionNotEstablished]: `Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). ${ErrorLink}`, - [uninitializedPublicClientApplication]: `You must call and await the initialize function before attempting to call any other MSAL API. ${ErrorLink}`, - [nativePromptNotSupported]: "The provided prompt is not supported by the native platform. This request should be routed to the web based flow.", - [invalidBase64String]: "Invalid base64 encoded string.", - [invalidPopTokenRequest]: "Invalid PoP token request. The request should not have both a popKid value and signPopToken set to true.", -}; -/** - * BrowserAuthErrorMessage class containing string constants used by error codes and messages. - * @deprecated Use exported BrowserAuthErrorCodes instead. - * In your app you can do : - * ``` - * import { BrowserAuthErrorCodes } from "@azure/msal-browser"; - * ``` - */ -const BrowserAuthErrorMessage = { - pkceNotGenerated: { - code: pkceNotCreated, - desc: BrowserAuthErrorMessages[pkceNotCreated], - }, - cryptoDoesNotExist: { - code: cryptoNonExistent, - desc: BrowserAuthErrorMessages[cryptoNonExistent], - }, - emptyNavigateUriError: { - code: emptyNavigateUri, - desc: BrowserAuthErrorMessages[emptyNavigateUri], - }, - hashEmptyError: { - code: hashEmptyError, - desc: BrowserAuthErrorMessages[hashEmptyError], - }, - hashDoesNotContainStateError: { - code: noStateInHash, - desc: BrowserAuthErrorMessages[noStateInHash], - }, - hashDoesNotContainKnownPropertiesError: { - code: hashDoesNotContainKnownProperties, - desc: BrowserAuthErrorMessages[hashDoesNotContainKnownProperties], - }, - unableToParseStateError: { - code: unableToParseState, - desc: BrowserAuthErrorMessages[unableToParseState], - }, - stateInteractionTypeMismatchError: { - code: stateInteractionTypeMismatch, - desc: BrowserAuthErrorMessages[stateInteractionTypeMismatch], - }, - interactionInProgress: { - code: interactionInProgress, - desc: BrowserAuthErrorMessages[interactionInProgress], - }, - popupWindowError: { - code: popupWindowError, - desc: BrowserAuthErrorMessages[popupWindowError], - }, - emptyWindowError: { - code: emptyWindowError, - desc: BrowserAuthErrorMessages[emptyWindowError], - }, - userCancelledError: { - code: userCancelled, - desc: BrowserAuthErrorMessages[userCancelled], - }, - monitorPopupTimeoutError: { - code: monitorPopupTimeout, - desc: BrowserAuthErrorMessages[monitorPopupTimeout], - }, - monitorIframeTimeoutError: { - code: monitorWindowTimeout, - desc: BrowserAuthErrorMessages[monitorWindowTimeout], - }, - redirectInIframeError: { - code: redirectInIframe, - desc: BrowserAuthErrorMessages[redirectInIframe], - }, - blockTokenRequestsInHiddenIframeError: { - code: blockIframeReload, - desc: BrowserAuthErrorMessages[blockIframeReload], - }, - blockAcquireTokenInPopupsError: { - code: blockNestedPopups, - desc: BrowserAuthErrorMessages[blockNestedPopups], - }, - iframeClosedPrematurelyError: { - code: iframeClosedPrematurely, - desc: BrowserAuthErrorMessages[iframeClosedPrematurely], - }, - silentLogoutUnsupportedError: { - code: silentLogoutUnsupported, - desc: BrowserAuthErrorMessages[silentLogoutUnsupported], - }, - noAccountError: { - code: noAccountError, - desc: BrowserAuthErrorMessages[noAccountError], - }, - silentPromptValueError: { - code: silentPromptValueError, - desc: BrowserAuthErrorMessages[silentPromptValueError], - }, - noTokenRequestCacheError: { - code: noTokenRequestCacheError, - desc: BrowserAuthErrorMessages[noTokenRequestCacheError], - }, - unableToParseTokenRequestCacheError: { - code: unableToParseTokenRequestCacheError, - desc: BrowserAuthErrorMessages[unableToParseTokenRequestCacheError], - }, - noCachedAuthorityError: { - code: noCachedAuthorityError, - desc: BrowserAuthErrorMessages[noCachedAuthorityError], - }, - authRequestNotSet: { - code: authRequestNotSetError, - desc: BrowserAuthErrorMessages[authRequestNotSetError], - }, - invalidCacheType: { - code: invalidCacheType, - desc: BrowserAuthErrorMessages[invalidCacheType], - }, - notInBrowserEnvironment: { - code: nonBrowserEnvironment, - desc: BrowserAuthErrorMessages[nonBrowserEnvironment], - }, - databaseNotOpen: { - code: databaseNotOpen, - desc: BrowserAuthErrorMessages[databaseNotOpen], - }, - noNetworkConnectivity: { - code: BrowserAuthErrorCodes_noNetworkConnectivity, - desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes_noNetworkConnectivity], - }, - postRequestFailed: { - code: BrowserAuthErrorCodes_postRequestFailed, - desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes_postRequestFailed], - }, - getRequestFailed: { - code: getRequestFailed, - desc: BrowserAuthErrorMessages[getRequestFailed], - }, - failedToParseNetworkResponse: { - code: failedToParseResponse, - desc: BrowserAuthErrorMessages[failedToParseResponse], - }, - unableToLoadTokenError: { - code: unableToLoadToken, - desc: BrowserAuthErrorMessages[unableToLoadToken], - }, - signingKeyNotFoundInStorage: { - code: cryptoKeyNotFound, - desc: BrowserAuthErrorMessages[cryptoKeyNotFound], - }, - authCodeRequired: { - code: authCodeRequired, - desc: BrowserAuthErrorMessages[authCodeRequired], - }, - authCodeOrNativeAccountRequired: { - code: authCodeOrNativeAccountIdRequired, - desc: BrowserAuthErrorMessages[authCodeOrNativeAccountIdRequired], - }, - spaCodeAndNativeAccountPresent: { - code: spaCodeAndNativeAccountIdPresent, - desc: BrowserAuthErrorMessages[spaCodeAndNativeAccountIdPresent], - }, - databaseUnavailable: { - code: databaseUnavailable, - desc: BrowserAuthErrorMessages[databaseUnavailable], - }, - unableToAcquireTokenFromNativePlatform: { - code: unableToAcquireTokenFromNativePlatform, - desc: BrowserAuthErrorMessages[unableToAcquireTokenFromNativePlatform], - }, - nativeHandshakeTimeout: { - code: nativeHandshakeTimeout, - desc: BrowserAuthErrorMessages[nativeHandshakeTimeout], - }, - nativeExtensionNotInstalled: { - code: nativeExtensionNotInstalled, - desc: BrowserAuthErrorMessages[nativeExtensionNotInstalled], - }, - nativeConnectionNotEstablished: { - code: nativeConnectionNotEstablished, - desc: BrowserAuthErrorMessages[nativeConnectionNotEstablished], - }, - uninitializedPublicClientApplication: { - code: uninitializedPublicClientApplication, - desc: BrowserAuthErrorMessages[uninitializedPublicClientApplication], - }, - nativePromptNotSupported: { - code: nativePromptNotSupported, - desc: BrowserAuthErrorMessages[nativePromptNotSupported], - }, - invalidBase64StringError: { - code: invalidBase64String, - desc: BrowserAuthErrorMessages[invalidBase64String], - }, - invalidPopTokenRequest: { - code: invalidPopTokenRequest, - desc: BrowserAuthErrorMessages[invalidPopTokenRequest], - }, -}; -/** - * Browser library error class thrown by the MSAL.js library for SPAs - */ -class BrowserAuthError extends AuthError { - constructor(errorCode) { - super(errorCode, BrowserAuthErrorMessages[errorCode]); - Object.setPrototypeOf(this, BrowserAuthError.prototype); - this.name = "BrowserAuthError"; - } -} -function createBrowserAuthError(errorCode) { - return new BrowserAuthError(errorCode); -} - - -//# sourceMappingURL=BrowserAuthError.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/network/FetchClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * This class implements the Fetch API for GET and POST requests. See more here: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API - */ -class FetchClient { - /** - * Fetch Client for REST endpoints - Get request - * @param url - * @param headers - * @param body - */ - async sendGetRequestAsync(url, options) { - let response; - try { - response = await fetch(url, { - method: HTTP_REQUEST_TYPE.GET, - headers: this.getFetchHeaders(options), - }); - } - catch (e) { - if (window.navigator.onLine) { - throw createBrowserAuthError(getRequestFailed); - } - else { - throw createBrowserAuthError(BrowserAuthErrorCodes_noNetworkConnectivity); - } - } - try { - return { - headers: this.getHeaderDict(response.headers), - body: (await response.json()), - status: response.status, - }; - } - catch (e) { - throw createBrowserAuthError(failedToParseResponse); - } - } - /** - * Fetch Client for REST endpoints - Post request - * @param url - * @param headers - * @param body - */ - async sendPostRequestAsync(url, options) { - const reqBody = (options && options.body) || Constants.EMPTY_STRING; - let response; - try { - response = await fetch(url, { - method: HTTP_REQUEST_TYPE.POST, - headers: this.getFetchHeaders(options), - body: reqBody, - }); - } - catch (e) { - if (window.navigator.onLine) { - throw createBrowserAuthError(BrowserAuthErrorCodes_postRequestFailed); - } - else { - throw createBrowserAuthError(BrowserAuthErrorCodes_noNetworkConnectivity); - } - } - try { - return { - headers: this.getHeaderDict(response.headers), - body: (await response.json()), - status: response.status, - }; - } - catch (e) { - throw createBrowserAuthError(failedToParseResponse); - } - } - /** - * Get Fetch API Headers object from string map - * @param inputHeaders - */ - getFetchHeaders(options) { - const headers = new Headers(); - if (!(options && options.headers)) { - return headers; - } - const optionsHeaders = options.headers; - Object.keys(optionsHeaders).forEach((key) => { - headers.append(key, optionsHeaders[key]); - }); - return headers; - } - getHeaderDict(headers) { - const headerDict = {}; - headers.forEach((value, key) => { - headerDict[key] = value; - }); - return headerDict; - } -} - - -//# sourceMappingURL=FetchClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/config/Configuration.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -// Default timeout for popup windows and iframes in milliseconds -const DEFAULT_POPUP_TIMEOUT_MS = 60000; -const DEFAULT_IFRAME_TIMEOUT_MS = 10000; -const DEFAULT_REDIRECT_TIMEOUT_MS = 30000; -const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000; -/** - * MSAL function that sets the default options when not explicitly configured from app developer - * - * @param auth - * @param cache - * @param system - * - * @returns Configuration object - */ -function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, telemetry: userInputTelemetry, }, isBrowserEnvironment) { - // Default auth options for browser - const DEFAULT_AUTH_OPTIONS = { - clientId: Constants.EMPTY_STRING, - authority: `${Constants.DEFAULT_AUTHORITY}`, - knownAuthorities: [], - cloudDiscoveryMetadata: Constants.EMPTY_STRING, - authorityMetadata: Constants.EMPTY_STRING, - redirectUri: Constants.EMPTY_STRING, - postLogoutRedirectUri: Constants.EMPTY_STRING, - navigateToLoginRequestUrl: true, - clientCapabilities: [], - protocolMode: ProtocolMode.AAD, - OIDCOptions: { - serverResponseType: ServerResponseType.FRAGMENT, - defaultScopes: [ - Constants.OPENID_SCOPE, - Constants.PROFILE_SCOPE, - Constants.OFFLINE_ACCESS_SCOPE, - ], - }, - azureCloudOptions: { - azureCloudInstance: AzureCloudInstance.None, - tenant: Constants.EMPTY_STRING, - }, - skipAuthorityMetadataCache: false, - supportsNestedAppAuth: false, - }; - // Default cache options for browser - const DEFAULT_CACHE_OPTIONS = { - cacheLocation: BrowserCacheLocation.SessionStorage, - temporaryCacheLocation: BrowserCacheLocation.SessionStorage, - storeAuthStateInCookie: false, - secureCookies: false, - // Default cache migration to true if cache location is localStorage since entries are preserved across tabs/windows. Migration has little to no benefit in sessionStorage and memoryStorage - cacheMigrationEnabled: userInputCache && - userInputCache.cacheLocation === BrowserCacheLocation.LocalStorage - ? true - : false, - claimsBasedCachingEnabled: false, - }; - // Default logger options for browser - const DEFAULT_LOGGER_OPTIONS = { - // eslint-disable-next-line @typescript-eslint/no-empty-function - loggerCallback: () => { - // allow users to not set logger call back - }, - logLevel: LogLevel.Info, - piiLoggingEnabled: false, - }; - // Default system options for browser - const DEFAULT_BROWSER_SYSTEM_OPTIONS = { - ...DEFAULT_SYSTEM_OPTIONS, - loggerOptions: DEFAULT_LOGGER_OPTIONS, - networkClient: isBrowserEnvironment - ? new FetchClient() - : StubbedNetworkModule, - navigationClient: new NavigationClient(), - loadFrameTimeout: 0, - // If loadFrameTimeout is provided, use that as default. - windowHashTimeout: userInputSystem?.loadFrameTimeout || DEFAULT_POPUP_TIMEOUT_MS, - iframeHashTimeout: userInputSystem?.loadFrameTimeout || DEFAULT_IFRAME_TIMEOUT_MS, - navigateFrameWait: 0, - redirectNavigationTimeout: DEFAULT_REDIRECT_TIMEOUT_MS, - asyncPopups: false, - allowRedirectInIframe: false, - allowNativeBroker: false, - nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout || - DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS, - pollIntervalMilliseconds: BrowserConstants.DEFAULT_POLL_INTERVAL_MS, - }; - const providedSystemOptions = { - ...DEFAULT_BROWSER_SYSTEM_OPTIONS, - ...userInputSystem, - loggerOptions: userInputSystem?.loggerOptions || DEFAULT_LOGGER_OPTIONS, - }; - const DEFAULT_TELEMETRY_OPTIONS = { - application: { - appName: Constants.EMPTY_STRING, - appVersion: Constants.EMPTY_STRING, - }, - client: new StubPerformanceClient(), - }; - // Throw an error if user has set OIDCOptions without being in OIDC protocol mode - if (userInputAuth?.protocolMode !== ProtocolMode.OIDC && - userInputAuth?.OIDCOptions) { - const logger = new Logger(providedSystemOptions.loggerOptions); - logger.warning(JSON.stringify(createClientConfigurationError(cannotSetOIDCOptions))); - } - // Throw an error if user has set allowNativeBroker to true without being in AAD protocol mode - if (userInputAuth?.protocolMode && - userInputAuth.protocolMode !== ProtocolMode.AAD && - providedSystemOptions?.allowNativeBroker) { - throw createClientConfigurationError(cannotAllowNativeBroker); - } - const overlayedConfig = { - auth: { - ...DEFAULT_AUTH_OPTIONS, - ...userInputAuth, - OIDCOptions: { - ...DEFAULT_AUTH_OPTIONS.OIDCOptions, - ...userInputAuth?.OIDCOptions, - }, - }, - cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache }, - system: providedSystemOptions, - telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry }, - }; - return overlayedConfig; -} - - -//# sourceMappingURL=Configuration.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/packageMetadata.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - -/* eslint-disable header/header */ -const dist_packageMetadata_name = "@azure/msal-browser"; -const packageMetadata_version = "3.20.0"; - - -//# sourceMappingURL=packageMetadata.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/operatingcontext/BaseOperatingContext.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Base class for operating context - * Operating contexts are contexts in which MSAL.js is being run - * More than one operating context may be available at a time - * It's important from a logging and telemetry point of view for us to be able to identify the operating context. - * For example: Some operating contexts will pre-cache tokens impacting performance telemetry - */ -class BaseOperatingContext { - static loggerCallback(level, message) { - switch (level) { - case LogLevel.Error: - // eslint-disable-next-line no-console - console.error(message); - return; - case LogLevel.Info: - // eslint-disable-next-line no-console - console.info(message); - return; - case LogLevel.Verbose: - // eslint-disable-next-line no-console - console.debug(message); - return; - case LogLevel.Warning: - // eslint-disable-next-line no-console - console.warn(message); - return; - default: - // eslint-disable-next-line no-console - console.log(message); - return; - } - } - constructor(config) { - /* - * If loaded in an environment where window is not available, - * set internal flag to false so that further requests fail. - * This is to support server-side rendering environments. - */ - this.browserEnvironment = typeof window !== "undefined"; - this.config = buildConfiguration(config, this.browserEnvironment); - let sessionStorage; - try { - sessionStorage = window[BrowserCacheLocation.SessionStorage]; - // Mute errors if it's a non-browser environment or cookies are blocked. - } - catch (e) { } - const logLevelKey = sessionStorage?.getItem(LOG_LEVEL_CACHE_KEY); - const piiLoggingKey = sessionStorage - ?.getItem(LOG_PII_CACHE_KEY) - ?.toLowerCase(); - const piiLoggingEnabled = piiLoggingKey === "true" - ? true - : piiLoggingKey === "false" - ? false - : undefined; - const loggerOptions = { ...this.config.system.loggerOptions }; - const logLevel = logLevelKey && Object.keys(LogLevel).includes(logLevelKey) - ? LogLevel[logLevelKey] - : undefined; - if (logLevel) { - loggerOptions.loggerCallback = BaseOperatingContext.loggerCallback; - loggerOptions.logLevel = logLevel; - } - if (piiLoggingEnabled !== undefined) { - loggerOptions.piiLoggingEnabled = piiLoggingEnabled; - } - this.logger = new Logger(loggerOptions, dist_packageMetadata_name, packageMetadata_version); - this.available = false; - } - /** - * Return the MSAL config - * @returns BrowserConfiguration - */ - getConfig() { - return this.config; - } - /** - * Returns the MSAL Logger - * @returns Logger - */ - getLogger() { - return this.logger; - } - isAvailable() { - return this.available; - } - isBrowserEnvironment() { - return this.browserEnvironment; - } -} - - -//# sourceMappingURL=BaseOperatingContext.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/operatingcontext/StandardOperatingContext.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class StandardOperatingContext_StandardOperatingContext extends BaseOperatingContext { - /** - * Return the module name. Intended for use with import() to enable dynamic import - * of the implementation associated with this operating context - * @returns - */ - getModuleName() { - return StandardOperatingContext_StandardOperatingContext.MODULE_NAME; - } - /** - * Returns the unique identifier for this operating context - * @returns string - */ - getId() { - return StandardOperatingContext_StandardOperatingContext.ID; - } - /** - * Checks whether the operating context is available. - * Confirms that the code is running a browser rather. This is required. - * @returns Promise indicating whether this operating context is currently available. - */ - async initialize() { - this.available = typeof window !== "undefined"; - return this.available; - /* - * NOTE: The standard context is available as long as there is a window. If/when we split out WAM from Browser - * We can move the current contents of the initialize method to here and verify that the WAM extension is available - */ - } -} -/* - * TODO: Once we have determine the bundling code return here to specify the name of the bundle - * containing the implementation for this operating context - */ -StandardOperatingContext_StandardOperatingContext.MODULE_NAME = ""; -/** - * Unique identifier for the operating context - */ -StandardOperatingContext_StandardOperatingContext.ID = "StandardOperatingContext"; - - -//# sourceMappingURL=StandardOperatingContext.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/JoseHeaderErrorCodes.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const missingKidError = "missing_kid_error"; -const missingAlgError = "missing_alg_error"; - - -//# sourceMappingURL=JoseHeaderErrorCodes.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/JoseHeaderError.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const JoseHeaderErrorMessages = { - [missingKidError]: "The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.", - [missingAlgError]: "The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided.", -}; -/** - * Error thrown when there is an error in the client code running on the browser. - */ -class JoseHeaderError extends AuthError { - constructor(errorCode, errorMessage) { - super(errorCode, errorMessage); - this.name = "JoseHeaderError"; - Object.setPrototypeOf(this, JoseHeaderError.prototype); - } -} -/** Returns JoseHeaderError object */ -function createJoseHeaderError(code) { - return new JoseHeaderError(code, JoseHeaderErrorMessages[code]); -} - - -//# sourceMappingURL=JoseHeaderError.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/crypto/JoseHeader.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** @internal */ -class JoseHeader { - constructor(options) { - this.typ = options.typ; - this.alg = options.alg; - this.kid = options.kid; - } - /** - * Builds SignedHttpRequest formatted JOSE Header from the - * JOSE Header options provided or previously set on the object and returns - * the stringified header object. - * Throws if keyId or algorithm aren't provided since they are required for Access Token Binding. - * @param shrHeaderOptions - * @returns - */ - static getShrHeaderString(shrHeaderOptions) { - // KeyID is required on the SHR header - if (!shrHeaderOptions.kid) { - throw createJoseHeaderError(missingKidError); - } - // Alg is required on the SHR header - if (!shrHeaderOptions.alg) { - throw createJoseHeaderError(missingAlgError); - } - const shrHeader = new JoseHeader({ - // Access Token PoP headers must have type pop, but the type header can be overriden for special cases - typ: shrHeaderOptions.typ || JsonWebTokenTypes.Pop, - kid: shrHeaderOptions.kid, - alg: shrHeaderOptions.alg, - }); - return JSON.stringify(shrHeader); - } -} - - -//# sourceMappingURL=JoseHeader.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/encode/Base64Encode.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Class which exposes APIs to encode plaintext to base64 encoded string. See here for implementation details: - * https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_JavaScript's_UTF-16_%3E_UTF-8_%3E_base64 - */ -/** - * Returns URL Safe b64 encoded string from a plaintext string. - * @param input - */ -function urlEncode(input) { - return encodeURIComponent(base64Encode(input) - .replace(/=/g, "") - .replace(/\+/g, "-") - .replace(/\//g, "_")); -} -/** - * Returns URL Safe b64 encoded string from an int8Array. - * @param inputArr - */ -function urlEncodeArr(inputArr) { - return base64EncArr(inputArr) - .replace(/=/g, "") - .replace(/\+/g, "-") - .replace(/\//g, "_"); -} -/** - * Returns b64 encoded string from plaintext string. - * @param input - */ -function base64Encode(input) { - return base64EncArr(new TextEncoder().encode(input)); -} -/** - * Base64 encode byte array - * @param aBytes - */ -function base64EncArr(aBytes) { - const binString = Array.from(aBytes, (x) => String.fromCodePoint(x)).join(""); - return btoa(binString); -} - - -//# sourceMappingURL=Base64Encode.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/encode/Base64Decode.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details: - * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem - */ -/** - * Returns a URL-safe plaintext decoded string from b64 encoded input. - * @param input - */ -function base64Decode(input) { - return new TextDecoder().decode(base64DecToArr(input)); -} -/** - * Decodes base64 into Uint8Array - * @param base64String - */ -function base64DecToArr(base64String) { - let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/"); - switch (encodedString.length % 4) { - case 0: - break; - case 2: - encodedString += "=="; - break; - case 3: - encodedString += "="; - break; - default: - throw createBrowserAuthError(invalidBase64String); - } - const binString = atob(encodedString); - return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0); -} - - -//# sourceMappingURL=Base64Decode.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/crypto/BrowserCrypto.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * This file defines functions used by the browser library to perform cryptography operations such as - * hashing and encoding. It also has helper functions to validate the availability of specific APIs. - */ -/** - * See here for more info on RsaHashedKeyGenParams: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams - */ -// RSA KeyGen Algorithm -const PKCS1_V15_KEYGEN_ALG = "RSASSA-PKCS1-v1_5"; -// SHA-256 hashing algorithm -const S256_HASH_ALG = "SHA-256"; -// MOD length for PoP tokens -const MODULUS_LENGTH = 2048; -// Public Exponent -const PUBLIC_EXPONENT = new Uint8Array([0x01, 0x00, 0x01]); -// UUID hex digits -const UUID_CHARS = "0123456789abcdef"; -// Array to store UINT32 random value -const UINT32_ARR = new Uint32Array(1); -const keygenAlgorithmOptions = { - name: PKCS1_V15_KEYGEN_ALG, - hash: S256_HASH_ALG, - modulusLength: MODULUS_LENGTH, - publicExponent: PUBLIC_EXPONENT, -}; -/** - * Check whether browser crypto is available. - */ -function validateCryptoAvailable(logger) { - if ("crypto" in window) { - logger.verbose("BrowserCrypto: modern crypto interface available"); - } - else { - logger.error("BrowserCrypto: crypto interface is unavailable"); - throw createBrowserAuthError(cryptoNonExistent); - } -} -/** - * Returns a sha-256 hash of the given dataString as an ArrayBuffer. - * @param dataString {string} data string - * @param performanceClient {?IPerformanceClient} - * @param correlationId {?string} correlation id - */ -async function sha256Digest(dataString, performanceClient, correlationId) { - performanceClient?.addQueueMeasurement(PerformanceEvents.Sha256Digest, correlationId); - const encoder = new TextEncoder(); - const data = encoder.encode(dataString); - return window.crypto.subtle.digest(S256_HASH_ALG, data); -} -/** - * Populates buffer with cryptographically random values. - * @param dataBuffer - */ -function getRandomValues(dataBuffer) { - return window.crypto.getRandomValues(dataBuffer); -} -/** - * Returns random Uint32 value. - * @returns {number} - */ -function getRandomUint32() { - window.crypto.getRandomValues(UINT32_ARR); - return UINT32_ARR[0]; -} -/** - * Creates a UUID v7 from the current timestamp. - * Implementation relies on the system clock to guarantee increasing order of generated identifiers. - * @returns {number} - */ -function BrowserCrypto_createNewGuid() { - const currentTimestamp = Date.now(); - const baseRand = getRandomUint32() * 0x400 + (getRandomUint32() & 0x3ff); - // Result byte array - const bytes = new Uint8Array(16); - // A 12-bit `rand_a` field value - const randA = Math.trunc(baseRand / 2 ** 30); - // The higher 30 bits of 62-bit `rand_b` field value - const randBHi = baseRand & (2 ** 30 - 1); - // The lower 32 bits of 62-bit `rand_b` field value - const randBLo = getRandomUint32(); - bytes[0] = currentTimestamp / 2 ** 40; - bytes[1] = currentTimestamp / 2 ** 32; - bytes[2] = currentTimestamp / 2 ** 24; - bytes[3] = currentTimestamp / 2 ** 16; - bytes[4] = currentTimestamp / 2 ** 8; - bytes[5] = currentTimestamp; - bytes[6] = 0x70 | (randA >>> 8); - bytes[7] = randA; - bytes[8] = 0x80 | (randBHi >>> 24); - bytes[9] = randBHi >>> 16; - bytes[10] = randBHi >>> 8; - bytes[11] = randBHi; - bytes[12] = randBLo >>> 24; - bytes[13] = randBLo >>> 16; - bytes[14] = randBLo >>> 8; - bytes[15] = randBLo; - let text = ""; - for (let i = 0; i < bytes.length; i++) { - text += UUID_CHARS.charAt(bytes[i] >>> 4); - text += UUID_CHARS.charAt(bytes[i] & 0xf); - if (i === 3 || i === 5 || i === 7 || i === 9) { - text += "-"; - } - } - return text; -} -/** - * Generates a keypair based on current keygen algorithm config. - * @param extractable - * @param usages - */ -async function generateKeyPair(extractable, usages) { - return window.crypto.subtle.generateKey(keygenAlgorithmOptions, extractable, usages); -} -/** - * Export key as Json Web Key (JWK) - * @param key - */ -async function exportJwk(key) { - return window.crypto.subtle.exportKey(KEY_FORMAT_JWK, key); -} -/** - * Imports key as Json Web Key (JWK), can set extractable and usages. - * @param key - * @param extractable - * @param usages - */ -async function importJwk(key, extractable, usages) { - return window.crypto.subtle.importKey(KEY_FORMAT_JWK, key, keygenAlgorithmOptions, extractable, usages); -} -/** - * Signs given data with given key - * @param key - * @param data - */ -async function sign(key, data) { - return window.crypto.subtle.sign(keygenAlgorithmOptions, key, data); -} -/** - * Returns the SHA-256 hash of an input string - * @param plainText - */ -async function hashString(plainText) { - const hashBuffer = await sha256Digest(plainText); - const hashBytes = new Uint8Array(hashBuffer); - return urlEncodeArr(hashBytes); -} - - -//# sourceMappingURL=BrowserCrypto.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/cache/DatabaseStorage.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Storage wrapper for IndexedDB storage in browsers: https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API - */ -class DatabaseStorage { - constructor() { - this.dbName = DB_NAME; - this.version = DB_VERSION; - this.tableName = DB_TABLE_NAME; - this.dbOpen = false; - } - /** - * Opens IndexedDB instance. - */ - async open() { - return new Promise((resolve, reject) => { - const openDB = window.indexedDB.open(this.dbName, this.version); - openDB.addEventListener("upgradeneeded", (e) => { - const event = e; - event.target.result.createObjectStore(this.tableName); - }); - openDB.addEventListener("success", (e) => { - const event = e; - this.db = event.target.result; - this.dbOpen = true; - resolve(); - }); - openDB.addEventListener("error", () => reject(createBrowserAuthError(databaseUnavailable))); - }); - } - /** - * Closes the connection to IndexedDB database when all pending transactions - * complete. - */ - closeConnection() { - const db = this.db; - if (db && this.dbOpen) { - db.close(); - this.dbOpen = false; - } - } - /** - * Opens database if it's not already open - */ - async validateDbIsOpen() { - if (!this.dbOpen) { - return this.open(); - } - } - /** - * Retrieves item from IndexedDB instance. - * @param key - */ - async getItem(key) { - await this.validateDbIsOpen(); - return new Promise((resolve, reject) => { - // TODO: Add timeouts? - if (!this.db) { - return reject(createBrowserAuthError(databaseNotOpen)); - } - const transaction = this.db.transaction([this.tableName], "readonly"); - const objectStore = transaction.objectStore(this.tableName); - const dbGet = objectStore.get(key); - dbGet.addEventListener("success", (e) => { - const event = e; - this.closeConnection(); - resolve(event.target.result); - }); - dbGet.addEventListener("error", (e) => { - this.closeConnection(); - reject(e); - }); - }); - } - /** - * Adds item to IndexedDB under given key - * @param key - * @param payload - */ - async setItem(key, payload) { - await this.validateDbIsOpen(); - return new Promise((resolve, reject) => { - // TODO: Add timeouts? - if (!this.db) { - return reject(createBrowserAuthError(databaseNotOpen)); - } - const transaction = this.db.transaction([this.tableName], "readwrite"); - const objectStore = transaction.objectStore(this.tableName); - const dbPut = objectStore.put(payload, key); - dbPut.addEventListener("success", () => { - this.closeConnection(); - resolve(); - }); - dbPut.addEventListener("error", (e) => { - this.closeConnection(); - reject(e); - }); - }); - } - /** - * Removes item from IndexedDB under given key - * @param key - */ - async removeItem(key) { - await this.validateDbIsOpen(); - return new Promise((resolve, reject) => { - if (!this.db) { - return reject(createBrowserAuthError(databaseNotOpen)); - } - const transaction = this.db.transaction([this.tableName], "readwrite"); - const objectStore = transaction.objectStore(this.tableName); - const dbDelete = objectStore.delete(key); - dbDelete.addEventListener("success", () => { - this.closeConnection(); - resolve(); - }); - dbDelete.addEventListener("error", (e) => { - this.closeConnection(); - reject(e); - }); - }); - } - /** - * Get all the keys from the storage object as an iterable array of strings. - */ - async getKeys() { - await this.validateDbIsOpen(); - return new Promise((resolve, reject) => { - if (!this.db) { - return reject(createBrowserAuthError(databaseNotOpen)); - } - const transaction = this.db.transaction([this.tableName], "readonly"); - const objectStore = transaction.objectStore(this.tableName); - const dbGetKeys = objectStore.getAllKeys(); - dbGetKeys.addEventListener("success", (e) => { - const event = e; - this.closeConnection(); - resolve(event.target.result); - }); - dbGetKeys.addEventListener("error", (e) => { - this.closeConnection(); - reject(e); - }); - }); - } - /** - * - * Checks whether there is an object under the search key in the object store - */ - async containsKey(key) { - await this.validateDbIsOpen(); - return new Promise((resolve, reject) => { - if (!this.db) { - return reject(createBrowserAuthError(databaseNotOpen)); - } - const transaction = this.db.transaction([this.tableName], "readonly"); - const objectStore = transaction.objectStore(this.tableName); - const dbContainsKey = objectStore.count(key); - dbContainsKey.addEventListener("success", (e) => { - const event = e; - this.closeConnection(); - resolve(event.target.result === 1); - }); - dbContainsKey.addEventListener("error", (e) => { - this.closeConnection(); - reject(e); - }); - }); - } - /** - * Deletes the MSAL database. The database is deleted rather than cleared to make it possible - * for client applications to downgrade to a previous MSAL version without worrying about forward compatibility issues - * with IndexedDB database versions. - */ - async deleteDatabase() { - // Check if database being deleted exists - if (this.db && this.dbOpen) { - this.closeConnection(); - } - return new Promise((resolve, reject) => { - const deleteDbRequest = window.indexedDB.deleteDatabase(DB_NAME); - const id = setTimeout(() => reject(false), 200); // Reject if events aren't raised within 200ms - deleteDbRequest.addEventListener("success", () => { - clearTimeout(id); - return resolve(true); - }); - deleteDbRequest.addEventListener("blocked", () => { - clearTimeout(id); - return resolve(true); - }); - deleteDbRequest.addEventListener("error", () => { - clearTimeout(id); - return reject(false); - }); - }); - } -} - - -//# sourceMappingURL=DatabaseStorage.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/cache/MemoryStorage.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class MemoryStorage { - constructor() { - this.cache = new Map(); - } - getItem(key) { - return this.cache.get(key) || null; - } - setItem(key, value) { - this.cache.set(key, value); - } - removeItem(key) { - this.cache.delete(key); - } - getKeys() { - const cacheKeys = []; - this.cache.forEach((value, key) => { - cacheKeys.push(key); - }); - return cacheKeys; - } - containsKey(key) { - return this.cache.has(key); - } - clear() { - this.cache.clear(); - } -} - - -//# sourceMappingURL=MemoryStorage.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/cache/AsyncMemoryStorage.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * This class allows MSAL to store artifacts asynchronously using the DatabaseStorage IndexedDB wrapper, - * backed up with the more volatile MemoryStorage object for cases in which IndexedDB may be unavailable. - */ -class AsyncMemoryStorage { - constructor(logger) { - this.inMemoryCache = new MemoryStorage(); - this.indexedDBCache = new DatabaseStorage(); - this.logger = logger; - } - handleDatabaseAccessError(error) { - if (error instanceof BrowserAuthError && - error.errorCode === databaseUnavailable) { - this.logger.error("Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts."); - } - else { - throw error; - } - } - /** - * Get the item matching the given key. Tries in-memory cache first, then in the asynchronous - * storage object if item isn't found in-memory. - * @param key - */ - async getItem(key) { - const item = this.inMemoryCache.getItem(key); - if (!item) { - try { - this.logger.verbose("Queried item not found in in-memory cache, now querying persistent storage."); - return await this.indexedDBCache.getItem(key); - } - catch (e) { - this.handleDatabaseAccessError(e); - } - } - return item; - } - /** - * Sets the item in the in-memory cache and then tries to set it in the asynchronous - * storage object with the given key. - * @param key - * @param value - */ - async setItem(key, value) { - this.inMemoryCache.setItem(key, value); - try { - await this.indexedDBCache.setItem(key, value); - } - catch (e) { - this.handleDatabaseAccessError(e); - } - } - /** - * Removes the item matching the key from the in-memory cache, then tries to remove it from the asynchronous storage object. - * @param key - */ - async removeItem(key) { - this.inMemoryCache.removeItem(key); - try { - await this.indexedDBCache.removeItem(key); - } - catch (e) { - this.handleDatabaseAccessError(e); - } - } - /** - * Get all the keys from the in-memory cache as an iterable array of strings. If no keys are found, query the keys in the - * asynchronous storage object. - */ - async getKeys() { - const cacheKeys = this.inMemoryCache.getKeys(); - if (cacheKeys.length === 0) { - try { - this.logger.verbose("In-memory cache is empty, now querying persistent storage."); - return await this.indexedDBCache.getKeys(); - } - catch (e) { - this.handleDatabaseAccessError(e); - } - } - return cacheKeys; - } - /** - * Returns true or false if the given key is present in the cache. - * @param key - */ - async containsKey(key) { - const containsKey = this.inMemoryCache.containsKey(key); - if (!containsKey) { - try { - this.logger.verbose("Key not found in in-memory cache, now querying persistent storage."); - return await this.indexedDBCache.containsKey(key); - } - catch (e) { - this.handleDatabaseAccessError(e); - } - } - return containsKey; - } - /** - * Clears in-memory Map - */ - clearInMemory() { - // InMemory cache is a Map instance, clear is straightforward - this.logger.verbose(`Deleting in-memory keystore`); - this.inMemoryCache.clear(); - this.logger.verbose(`In-memory keystore deleted`); - } - /** - * Tries to delete the IndexedDB database - * @returns - */ - async clearPersistent() { - try { - this.logger.verbose("Deleting persistent keystore"); - const dbDeleted = await this.indexedDBCache.deleteDatabase(); - if (dbDeleted) { - this.logger.verbose("Persistent keystore deleted"); - } - return dbDeleted; - } - catch (e) { - this.handleDatabaseAccessError(e); - return false; - } - } -} - - -//# sourceMappingURL=AsyncMemoryStorage.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/crypto/CryptoOps.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * This class implements MSAL's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and - * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636). - */ -class CryptoOps { - constructor(logger, performanceClient) { - this.logger = logger; - // Browser crypto needs to be validated first before any other classes can be set. - validateCryptoAvailable(logger); - this.cache = new AsyncMemoryStorage(this.logger); - this.performanceClient = performanceClient; - } - /** - * Creates a new random GUID - used to populate state and nonce. - * @returns string (GUID) - */ - createNewGuid() { - return BrowserCrypto_createNewGuid(); - } - /** - * Encodes input string to base64. - * @param input - */ - base64Encode(input) { - return base64Encode(input); - } - /** - * Decodes input string from base64. - * @param input - */ - base64Decode(input) { - return base64Decode(input); - } - /** - * Encodes input string to base64 URL safe string. - * @param input - */ - base64UrlEncode(input) { - return urlEncode(input); - } - /** - * Stringifies and base64Url encodes input public key - * @param inputKid - * @returns Base64Url encoded public key - */ - encodeKid(inputKid) { - return this.base64UrlEncode(JSON.stringify({ kid: inputKid })); - } - /** - * Generates a keypair, stores it and returns a thumbprint - * @param request - */ - async getPublicKeyThumbprint(request) { - const publicKeyThumbMeasurement = this.performanceClient?.startMeasurement(PerformanceEvents.CryptoOptsGetPublicKeyThumbprint, request.correlationId); - // Generate Keypair - const keyPair = await generateKeyPair(CryptoOps.EXTRACTABLE, CryptoOps.POP_KEY_USAGES); - // Generate Thumbprint for Public Key - const publicKeyJwk = await exportJwk(keyPair.publicKey); - const pubKeyThumprintObj = { - e: publicKeyJwk.e, - kty: publicKeyJwk.kty, - n: publicKeyJwk.n, - }; - const publicJwkString = getSortedObjectString(pubKeyThumprintObj); - const publicJwkHash = await this.hashString(publicJwkString); - // Generate Thumbprint for Private Key - const privateKeyJwk = await exportJwk(keyPair.privateKey); - // Re-import private key to make it unextractable - const unextractablePrivateKey = await importJwk(privateKeyJwk, false, ["sign"]); - // Store Keypair data in keystore - await this.cache.setItem(publicJwkHash, { - privateKey: unextractablePrivateKey, - publicKey: keyPair.publicKey, - requestMethod: request.resourceRequestMethod, - requestUri: request.resourceRequestUri, - }); - if (publicKeyThumbMeasurement) { - publicKeyThumbMeasurement.end({ - success: true, - }); - } - return publicJwkHash; - } - /** - * Removes cryptographic keypair from key store matching the keyId passed in - * @param kid - */ - async removeTokenBindingKey(kid) { - await this.cache.removeItem(kid); - const keyFound = await this.cache.containsKey(kid); - return !keyFound; - } - /** - * Removes all cryptographic keys from IndexedDB storage - */ - async clearKeystore() { - // Delete in-memory keystores - this.cache.clearInMemory(); - /** - * There is only one database, so calling clearPersistent on asymmetric keystore takes care of - * every persistent keystore - */ - try { - await this.cache.clearPersistent(); - return true; - } - catch (e) { - if (e instanceof Error) { - this.logger.error(`Clearing keystore failed with error: ${e.message}`); - } - else { - this.logger.error("Clearing keystore failed with unknown error"); - } - return false; - } - } - /** - * Signs the given object as a jwt payload with private key retrieved by given kid. - * @param payload - * @param kid - */ - async signJwt(payload, kid, shrOptions, correlationId) { - const signJwtMeasurement = this.performanceClient?.startMeasurement(PerformanceEvents.CryptoOptsSignJwt, correlationId); - const cachedKeyPair = await this.cache.getItem(kid); - if (!cachedKeyPair) { - throw createBrowserAuthError(cryptoKeyNotFound); - } - // Get public key as JWK - const publicKeyJwk = await exportJwk(cachedKeyPair.publicKey); - const publicKeyJwkString = getSortedObjectString(publicKeyJwk); - // Base64URL encode public key thumbprint with keyId only: BASE64URL({ kid: "FULL_PUBLIC_KEY_HASH" }) - const encodedKeyIdThumbprint = urlEncode(JSON.stringify({ kid: kid })); - // Generate header - const shrHeader = JoseHeader.getShrHeaderString({ - ...shrOptions?.header, - alg: publicKeyJwk.alg, - kid: encodedKeyIdThumbprint, - }); - const encodedShrHeader = urlEncode(shrHeader); - // Generate payload - payload.cnf = { - jwk: JSON.parse(publicKeyJwkString), - }; - const encodedPayload = urlEncode(JSON.stringify(payload)); - // Form token string - const tokenString = `${encodedShrHeader}.${encodedPayload}`; - // Sign token - const encoder = new TextEncoder(); - const tokenBuffer = encoder.encode(tokenString); - const signatureBuffer = await sign(cachedKeyPair.privateKey, tokenBuffer); - const encodedSignature = urlEncodeArr(new Uint8Array(signatureBuffer)); - const signedJwt = `${tokenString}.${encodedSignature}`; - if (signJwtMeasurement) { - signJwtMeasurement.end({ - success: true, - }); - } - return signedJwt; - } - /** - * Returns the SHA-256 hash of an input string - * @param plainText - */ - async hashString(plainText) { - return hashString(plainText); - } -} -CryptoOps.POP_KEY_USAGES = ["sign", "verify"]; -CryptoOps.EXTRACTABLE = true; -function getSortedObjectString(obj) { - return JSON.stringify(obj, Object.keys(obj).sort()); -} - - -//# sourceMappingURL=CryptoOps.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/authority/OpenIdConfigResponse.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -function isOpenIdConfigResponse(response) { - return (response.hasOwnProperty("authorization_endpoint") && - response.hasOwnProperty("token_endpoint") && - response.hasOwnProperty("issuer") && - response.hasOwnProperty("jwks_uri")); -} - - -//# sourceMappingURL=OpenIdConfigResponse.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/authority/CloudInstanceDiscoveryResponse.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -function isCloudInstanceDiscoveryResponse(response) { - return (response.hasOwnProperty("tenant_discovery_endpoint") && - response.hasOwnProperty("metadata")); -} - - -//# sourceMappingURL=CloudInstanceDiscoveryResponse.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -function isCloudInstanceDiscoveryErrorResponse(response) { - return (response.hasOwnProperty("error") && - response.hasOwnProperty("error_description")); -} - - -//# sourceMappingURL=CloudInstanceDiscoveryErrorResponse.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/utils/FunctionWrappers.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Wraps a function with a performance measurement. - * Usage: invoke(functionToCall, performanceClient, "EventName", "correlationId")(...argsToPassToFunction) - * @param callback - * @param eventName - * @param logger - * @param telemetryClient - * @param correlationId - * @returns - * @internal - */ -// eslint-disable-next-line @typescript-eslint/no-explicit-any -const invoke = (callback, eventName, logger, telemetryClient, correlationId) => { - return (...args) => { - logger.trace(`Executing function ${eventName}`); - const inProgressEvent = telemetryClient?.startMeasurement(eventName, correlationId); - if (correlationId) { - // Track number of times this API is called in a single request - const eventCount = eventName + "CallCount"; - telemetryClient?.incrementFields({ [eventCount]: 1 }, correlationId); - } - try { - const result = callback(...args); - inProgressEvent?.end({ - success: true, - }); - logger.trace(`Returning result from ${eventName}`); - return result; - } - catch (e) { - logger.trace(`Error occurred in ${eventName}`); - try { - logger.trace(JSON.stringify(e)); - } - catch (e) { - logger.trace("Unable to print error message."); - } - inProgressEvent?.end({ - success: false, - }, e); - throw e; - } - }; -}; -/** - * Wraps an async function with a performance measurement. - * Usage: invokeAsync(functionToCall, performanceClient, "EventName", "correlationId")(...argsToPassToFunction) - * @param callback - * @param eventName - * @param logger - * @param telemetryClient - * @param correlationId - * @returns - * @internal - * - */ -// eslint-disable-next-line @typescript-eslint/no-explicit-any -const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId) => { - return (...args) => { - logger.trace(`Executing function ${eventName}`); - const inProgressEvent = telemetryClient?.startMeasurement(eventName, correlationId); - if (correlationId) { - // Track number of times this API is called in a single request - const eventCount = eventName + "CallCount"; - telemetryClient?.incrementFields({ [eventCount]: 1 }, correlationId); - } - telemetryClient?.setPreQueueTime(eventName, correlationId); - return callback(...args) - .then((response) => { - logger.trace(`Returning result from ${eventName}`); - inProgressEvent?.end({ - success: true, - }); - return response; - }) - .catch((e) => { - logger.trace(`Error occurred in ${eventName}`); - try { - logger.trace(JSON.stringify(e)); - } - catch (e) { - logger.trace("Unable to print error message."); - } - inProgressEvent?.end({ - success: false, - }, e); - throw e; - }); - }; -}; - - -//# sourceMappingURL=FunctionWrappers.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/authority/RegionDiscovery.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class RegionDiscovery { - constructor(networkInterface, logger, performanceClient, correlationId) { - this.networkInterface = networkInterface; - this.logger = logger; - this.performanceClient = performanceClient; - this.correlationId = correlationId; - } - /** - * Detect the region from the application's environment. - * - * @returns Promise - */ - async detectRegion(environmentRegion, regionDiscoveryMetadata) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryDetectRegion, this.correlationId); - // Initialize auto detected region with the region from the envrionment - let autodetectedRegionName = environmentRegion; - // Check if a region was detected from the environment, if not, attempt to get the region from IMDS - if (!autodetectedRegionName) { - const options = RegionDiscovery.IMDS_OPTIONS; - try { - const localIMDSVersionResponse = await invokeAsync(this.getRegionFromIMDS.bind(this), PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.logger, this.performanceClient, this.correlationId)(Constants.IMDS_VERSION, options); - if (localIMDSVersionResponse.status === - ResponseCodes.httpSuccess) { - autodetectedRegionName = localIMDSVersionResponse.body; - regionDiscoveryMetadata.region_source = - RegionDiscoverySources.IMDS; - } - // If the response using the local IMDS version failed, try to fetch the current version of IMDS and retry. - if (localIMDSVersionResponse.status === - ResponseCodes.httpBadRequest) { - const currentIMDSVersion = await invokeAsync(this.getCurrentVersion.bind(this), PerformanceEvents.RegionDiscoveryGetCurrentVersion, this.logger, this.performanceClient, this.correlationId)(options); - if (!currentIMDSVersion) { - regionDiscoveryMetadata.region_source = - RegionDiscoverySources.FAILED_AUTO_DETECTION; - return null; - } - const currentIMDSVersionResponse = await invokeAsync(this.getRegionFromIMDS.bind(this), PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.logger, this.performanceClient, this.correlationId)(currentIMDSVersion, options); - if (currentIMDSVersionResponse.status === - ResponseCodes.httpSuccess) { - autodetectedRegionName = - currentIMDSVersionResponse.body; - regionDiscoveryMetadata.region_source = - RegionDiscoverySources.IMDS; - } - } - } - catch (e) { - regionDiscoveryMetadata.region_source = - RegionDiscoverySources.FAILED_AUTO_DETECTION; - return null; - } - } - else { - regionDiscoveryMetadata.region_source = - RegionDiscoverySources.ENVIRONMENT_VARIABLE; - } - // If no region was auto detected from the environment or from the IMDS endpoint, mark the attempt as a FAILED_AUTO_DETECTION - if (!autodetectedRegionName) { - regionDiscoveryMetadata.region_source = - RegionDiscoverySources.FAILED_AUTO_DETECTION; - } - return autodetectedRegionName || null; - } - /** - * Make the call to the IMDS endpoint - * - * @param imdsEndpointUrl - * @returns Promise> - */ - async getRegionFromIMDS(version, options) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.correlationId); - return this.networkInterface.sendGetRequestAsync(`${Constants.IMDS_ENDPOINT}?api-version=${version}&format=text`, options, Constants.IMDS_TIMEOUT); - } - /** - * Get the most recent version of the IMDS endpoint available - * - * @returns Promise - */ - async getCurrentVersion(options) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryGetCurrentVersion, this.correlationId); - try { - const response = await this.networkInterface.sendGetRequestAsync(`${Constants.IMDS_ENDPOINT}?format=json`, options); - // When IMDS endpoint is called without the api version query param, bad request response comes back with latest version. - if (response.status === ResponseCodes.httpBadRequest && - response.body && - response.body["newest-versions"] && - response.body["newest-versions"].length > 0) { - return response.body["newest-versions"][0]; - } - return null; - } - catch (e) { - return null; - } - } -} -// Options for the IMDS endpoint request -RegionDiscovery.IMDS_OPTIONS = { - headers: { - Metadata: "true", - }, -}; - - -//# sourceMappingURL=RegionDiscovery.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/authority/Authority.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - - - - - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * The authority class validates the authority URIs used by the user, and retrieves the OpenID Configuration Data from the - * endpoint. It will store the pertinent config data in this object for use during token calls. - * @internal - */ -class Authority { - constructor(authority, networkInterface, cacheManager, authorityOptions, logger, correlationId, performanceClient, managedIdentity) { - this.canonicalAuthority = authority; - this._canonicalAuthority.validateAsUri(); - this.networkInterface = networkInterface; - this.cacheManager = cacheManager; - this.authorityOptions = authorityOptions; - this.regionDiscoveryMetadata = { - region_used: undefined, - region_source: undefined, - region_outcome: undefined, - }; - this.logger = logger; - this.performanceClient = performanceClient; - this.correlationId = correlationId; - this.managedIdentity = managedIdentity || false; - this.regionDiscovery = new RegionDiscovery(networkInterface, this.logger, this.performanceClient, this.correlationId); - } - /** - * Get {@link AuthorityType} - * @param authorityUri {@link IUri} - * @private - */ - getAuthorityType(authorityUri) { - // CIAM auth url pattern is being standardized as: .ciamlogin.com - if (authorityUri.HostNameAndPort.endsWith(Constants.CIAM_AUTH_URL)) { - return AuthorityType.Ciam; - } - const pathSegments = authorityUri.PathSegments; - if (pathSegments.length) { - switch (pathSegments[0].toLowerCase()) { - case Constants.ADFS: - return AuthorityType.Adfs; - case Constants.DSTS: - return AuthorityType.Dsts; - } - } - return AuthorityType.Default; - } - // See above for AuthorityType - get authorityType() { - return this.getAuthorityType(this.canonicalAuthorityUrlComponents); - } - /** - * ProtocolMode enum representing the way endpoints are constructed. - */ - get protocolMode() { - return this.authorityOptions.protocolMode; - } - /** - * Returns authorityOptions which can be used to reinstantiate a new authority instance - */ - get options() { - return this.authorityOptions; - } - /** - * A URL that is the authority set by the developer - */ - get canonicalAuthority() { - return this._canonicalAuthority.urlString; - } - /** - * Sets canonical authority. - */ - set canonicalAuthority(url) { - this._canonicalAuthority = new UrlString(url); - this._canonicalAuthority.validateAsUri(); - this._canonicalAuthorityUrlComponents = null; - } - /** - * Get authority components. - */ - get canonicalAuthorityUrlComponents() { - if (!this._canonicalAuthorityUrlComponents) { - this._canonicalAuthorityUrlComponents = - this._canonicalAuthority.getUrlComponents(); - } - return this._canonicalAuthorityUrlComponents; - } - /** - * Get hostname and port i.e. login.microsoftonline.com - */ - get hostnameAndPort() { - return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase(); - } - /** - * Get tenant for authority. - */ - get tenant() { - return this.canonicalAuthorityUrlComponents.PathSegments[0]; - } - /** - * OAuth /authorize endpoint for requests - */ - get authorizationEndpoint() { - if (this.discoveryComplete()) { - return this.replacePath(this.metadata.authorization_endpoint); - } - else { - throw createClientAuthError(endpointResolutionError); - } - } - /** - * OAuth /token endpoint for requests - */ - get tokenEndpoint() { - if (this.discoveryComplete()) { - return this.replacePath(this.metadata.token_endpoint); - } - else { - throw createClientAuthError(endpointResolutionError); - } - } - get deviceCodeEndpoint() { - if (this.discoveryComplete()) { - return this.replacePath(this.metadata.token_endpoint.replace("/token", "/devicecode")); - } - else { - throw createClientAuthError(endpointResolutionError); - } - } - /** - * OAuth logout endpoint for requests - */ - get endSessionEndpoint() { - if (this.discoveryComplete()) { - // ROPC policies may not have end_session_endpoint set - if (!this.metadata.end_session_endpoint) { - throw createClientAuthError(endSessionEndpointNotSupported); - } - return this.replacePath(this.metadata.end_session_endpoint); - } - else { - throw createClientAuthError(endpointResolutionError); - } - } - /** - * OAuth issuer for requests - */ - get selfSignedJwtAudience() { - if (this.discoveryComplete()) { - return this.replacePath(this.metadata.issuer); - } - else { - throw createClientAuthError(endpointResolutionError); - } - } - /** - * Jwks_uri for token signing keys - */ - get jwksUri() { - if (this.discoveryComplete()) { - return this.replacePath(this.metadata.jwks_uri); - } - else { - throw createClientAuthError(endpointResolutionError); - } - } - /** - * Returns a flag indicating that tenant name can be replaced in authority {@link IUri} - * @param authorityUri {@link IUri} - * @private - */ - canReplaceTenant(authorityUri) { - return (authorityUri.PathSegments.length === 1 && - !Authority.reservedTenantDomains.has(authorityUri.PathSegments[0]) && - this.getAuthorityType(authorityUri) === AuthorityType.Default && - this.protocolMode === ProtocolMode.AAD); - } - /** - * Replaces tenant in url path with current tenant. Defaults to common. - * @param urlString - */ - replaceTenant(urlString) { - return urlString.replace(/{tenant}|{tenantid}/g, this.tenant); - } - /** - * Replaces path such as tenant or policy with the current tenant or policy. - * @param urlString - */ - replacePath(urlString) { - let endpoint = urlString; - const cachedAuthorityUrl = new UrlString(this.metadata.canonical_authority); - const cachedAuthorityUrlComponents = cachedAuthorityUrl.getUrlComponents(); - const cachedAuthorityParts = cachedAuthorityUrlComponents.PathSegments; - const currentAuthorityParts = this.canonicalAuthorityUrlComponents.PathSegments; - currentAuthorityParts.forEach((currentPart, index) => { - let cachedPart = cachedAuthorityParts[index]; - if (index === 0 && - this.canReplaceTenant(cachedAuthorityUrlComponents)) { - const tenantId = new UrlString(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0]; - /** - * Check if AAD canonical authority contains tenant domain name, for example "testdomain.onmicrosoft.com", - * by comparing its first path segment to the corresponding authorization endpoint path segment, which is - * always resolved with tenant id by OIDC. - */ - if (cachedPart !== tenantId) { - this.logger.verbose(`Replacing tenant domain name ${cachedPart} with id ${tenantId}`); - cachedPart = tenantId; - } - } - if (currentPart !== cachedPart) { - endpoint = endpoint.replace(`/${cachedPart}/`, `/${currentPart}/`); - } - }); - return this.replaceTenant(endpoint); - } - /** - * The default open id configuration endpoint for any canonical authority. - */ - get defaultOpenIdConfigurationEndpoint() { - const canonicalAuthorityHost = this.hostnameAndPort; - if (this.canonicalAuthority.endsWith("v2.0/") || - this.authorityType === AuthorityType.Adfs || - (this.protocolMode !== ProtocolMode.AAD && - !this.isAliasOfKnownMicrosoftAuthority(canonicalAuthorityHost))) { - return `${this.canonicalAuthority}.well-known/openid-configuration`; - } - return `${this.canonicalAuthority}v2.0/.well-known/openid-configuration`; - } - /** - * Boolean that returns whether or not tenant discovery has been completed. - */ - discoveryComplete() { - return !!this.metadata; - } - /** - * Perform endpoint discovery to discover aliases, preferred_cache, preferred_network - * and the /authorize, /token and logout endpoints. - */ - async resolveEndpointsAsync() { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityResolveEndpointsAsync, this.correlationId); - const metadataEntity = this.getCurrentMetadataEntity(); - const cloudDiscoverySource = await invokeAsync(this.updateCloudDiscoveryMetadata.bind(this), PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity); - this.canonicalAuthority = this.canonicalAuthority.replace(this.hostnameAndPort, metadataEntity.preferred_network); - const endpointSource = await invokeAsync(this.updateEndpointMetadata.bind(this), PerformanceEvents.AuthorityUpdateEndpointMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity); - this.updateCachedMetadata(metadataEntity, cloudDiscoverySource, { - source: endpointSource, - }); - this.performanceClient?.addFields({ - cloudDiscoverySource: cloudDiscoverySource, - authorityEndpointSource: endpointSource, - }, this.correlationId); - } - /** - * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built - * from the configured canonical authority - * @returns - */ - getCurrentMetadataEntity() { - let metadataEntity = this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort); - if (!metadataEntity) { - metadataEntity = { - aliases: [], - preferred_cache: this.hostnameAndPort, - preferred_network: this.hostnameAndPort, - canonical_authority: this.canonicalAuthority, - authorization_endpoint: "", - token_endpoint: "", - end_session_endpoint: "", - issuer: "", - aliasesFromNetwork: false, - endpointsFromNetwork: false, - expiresAt: generateAuthorityMetadataExpiresAt(), - jwks_uri: "", - }; - } - return metadataEntity; - } - /** - * Updates cached metadata based on metadata source and sets the instance's metadata - * property to the same value - * @param metadataEntity - * @param cloudDiscoverySource - * @param endpointMetadataResult - */ - updateCachedMetadata(metadataEntity, cloudDiscoverySource, endpointMetadataResult) { - if (cloudDiscoverySource !== AuthorityMetadataSource.CACHE && - endpointMetadataResult?.source !== AuthorityMetadataSource.CACHE) { - // Reset the expiration time unless both values came from a successful cache lookup - metadataEntity.expiresAt = - generateAuthorityMetadataExpiresAt(); - metadataEntity.canonical_authority = this.canonicalAuthority; - } - const cacheKey = this.cacheManager.generateAuthorityMetadataCacheKey(metadataEntity.preferred_cache); - this.cacheManager.setAuthorityMetadata(cacheKey, metadataEntity); - this.metadata = metadataEntity; - } - /** - * Update AuthorityMetadataEntity with new endpoints and return where the information came from - * @param metadataEntity - */ - async updateEndpointMetadata(metadataEntity) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateEndpointMetadata, this.correlationId); - const localMetadata = this.updateEndpointMetadataFromLocalSources(metadataEntity); - // Further update may be required for hardcoded metadata if regional metadata is preferred - if (localMetadata) { - if (localMetadata.source === - AuthorityMetadataSource.HARDCODED_VALUES) { - // If the user prefers to use an azure region replace the global endpoints with regional information. - if (this.authorityOptions.azureRegionConfiguration?.azureRegion) { - if (localMetadata.metadata) { - const hardcodedMetadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(localMetadata.metadata); - updateAuthorityEndpointMetadata(metadataEntity, hardcodedMetadata, false); - metadataEntity.canonical_authority = - this.canonicalAuthority; - } - } - } - return localMetadata.source; - } - // Get metadata from network if local sources aren't available - let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)(); - if (metadata) { - // If the user prefers to use an azure region replace the global endpoints with regional information. - if (this.authorityOptions.azureRegionConfiguration?.azureRegion) { - metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata); - } - updateAuthorityEndpointMetadata(metadataEntity, metadata, true); - return AuthorityMetadataSource.NETWORK; - } - else { - // Metadata could not be obtained from the config, cache, network or hardcoded values - throw createClientAuthError(openIdConfigError, this.defaultOpenIdConfigurationEndpoint); - } - } - /** - * Updates endpoint metadata from local sources and returns where the information was retrieved from and the metadata config - * response if the source is hardcoded metadata - * @param metadataEntity - * @returns - */ - updateEndpointMetadataFromLocalSources(metadataEntity) { - this.logger.verbose("Attempting to get endpoint metadata from authority configuration"); - const configMetadata = this.getEndpointMetadataFromConfig(); - if (configMetadata) { - this.logger.verbose("Found endpoint metadata in authority configuration"); - updateAuthorityEndpointMetadata(metadataEntity, configMetadata, false); - return { - source: AuthorityMetadataSource.CONFIG, - }; - } - this.logger.verbose("Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values."); - // skipAuthorityMetadataCache is used to bypass hardcoded authority metadata and force a network metadata cache lookup and network metadata request if no cached response is available. - if (this.authorityOptions.skipAuthorityMetadataCache) { - this.logger.verbose("Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache."); - } - else { - const hardcodedMetadata = this.getEndpointMetadataFromHardcodedValues(); - if (hardcodedMetadata) { - updateAuthorityEndpointMetadata(metadataEntity, hardcodedMetadata, false); - return { - source: AuthorityMetadataSource.HARDCODED_VALUES, - metadata: hardcodedMetadata, - }; - } - else { - this.logger.verbose("Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache."); - } - } - // Check cached metadata entity expiration status - const metadataEntityExpired = isAuthorityMetadataExpired(metadataEntity); - if (this.isAuthoritySameType(metadataEntity) && - metadataEntity.endpointsFromNetwork && - !metadataEntityExpired) { - // No need to update - this.logger.verbose("Found endpoint metadata in the cache."); - return { source: AuthorityMetadataSource.CACHE }; - } - else if (metadataEntityExpired) { - this.logger.verbose("The metadata entity is expired."); - } - return null; - } - /** - * Compares the number of url components after the domain to determine if the cached - * authority metadata can be used for the requested authority. Protects against same domain different - * authority such as login.microsoftonline.com/tenant and login.microsoftonline.com/tfp/tenant/policy - * @param metadataEntity - */ - isAuthoritySameType(metadataEntity) { - const cachedAuthorityUrl = new UrlString(metadataEntity.canonical_authority); - const cachedParts = cachedAuthorityUrl.getUrlComponents().PathSegments; - return (cachedParts.length === - this.canonicalAuthorityUrlComponents.PathSegments.length); - } - /** - * Parse authorityMetadata config option - */ - getEndpointMetadataFromConfig() { - if (this.authorityOptions.authorityMetadata) { - try { - return JSON.parse(this.authorityOptions.authorityMetadata); - } - catch (e) { - throw createClientConfigurationError(invalidAuthorityMetadata); - } - } - return null; - } - /** - * Gets OAuth endpoints from the given OpenID configuration endpoint. - * - * @param hasHardcodedMetadata boolean - */ - async getEndpointMetadataFromNetwork() { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, this.correlationId); - const options = {}; - /* - * TODO: Add a timeout if the authority exists in our library's - * hardcoded list of metadata - */ - const openIdConfigurationEndpoint = this.defaultOpenIdConfigurationEndpoint; - this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${openIdConfigurationEndpoint}`); - try { - const response = await this.networkInterface.sendGetRequestAsync(openIdConfigurationEndpoint, options); - const isValidResponse = isOpenIdConfigResponse(response.body); - if (isValidResponse) { - return response.body; - } - else { - this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration`); - return null; - } - } - catch (e) { - this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${e}`); - return null; - } - } - /** - * Get OAuth endpoints for common authorities. - */ - getEndpointMetadataFromHardcodedValues() { - if (this.hostnameAndPort in EndpointMetadata) { - return EndpointMetadata[this.hostnameAndPort]; - } - return null; - } - /** - * Update the retrieved metadata with regional information. - * User selected Azure region will be used if configured. - */ - async updateMetadataWithRegionalInformation(metadata) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.correlationId); - const userConfiguredAzureRegion = this.authorityOptions.azureRegionConfiguration?.azureRegion; - if (userConfiguredAzureRegion) { - if (userConfiguredAzureRegion !== - Constants.AZURE_REGION_AUTO_DISCOVER_FLAG) { - this.regionDiscoveryMetadata.region_outcome = - RegionDiscoveryOutcomes.CONFIGURED_NO_AUTO_DETECTION; - this.regionDiscoveryMetadata.region_used = - userConfiguredAzureRegion; - return Authority.replaceWithRegionalInformation(metadata, userConfiguredAzureRegion); - } - const autodetectedRegionName = await invokeAsync(this.regionDiscovery.detectRegion.bind(this.regionDiscovery), PerformanceEvents.RegionDiscoveryDetectRegion, this.logger, this.performanceClient, this.correlationId)(this.authorityOptions.azureRegionConfiguration - ?.environmentRegion, this.regionDiscoveryMetadata); - if (autodetectedRegionName) { - this.regionDiscoveryMetadata.region_outcome = - RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_SUCCESSFUL; - this.regionDiscoveryMetadata.region_used = - autodetectedRegionName; - return Authority.replaceWithRegionalInformation(metadata, autodetectedRegionName); - } - this.regionDiscoveryMetadata.region_outcome = - RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_FAILED; - } - return metadata; - } - /** - * Updates the AuthorityMetadataEntity with new aliases, preferred_network and preferred_cache - * and returns where the information was retrieved from - * @param metadataEntity - * @returns AuthorityMetadataSource - */ - async updateCloudDiscoveryMetadata(metadataEntity) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, this.correlationId); - const localMetadataSource = this.updateCloudDiscoveryMetadataFromLocalSources(metadataEntity); - if (localMetadataSource) { - return localMetadataSource; - } - // Fallback to network as metadata source - const metadata = await invokeAsync(this.getCloudDiscoveryMetadataFromNetwork.bind(this), PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)(); - if (metadata) { - updateCloudDiscoveryMetadata(metadataEntity, metadata, true); - return AuthorityMetadataSource.NETWORK; - } - // Metadata could not be obtained from the config, cache, network or hardcoded values - throw createClientConfigurationError(untrustedAuthority); - } - updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) { - this.logger.verbose("Attempting to get cloud discovery metadata from authority configuration"); - this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities || - Constants.NOT_APPLICABLE}`); - this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata || - Constants.NOT_APPLICABLE}`); - this.logger.verbosePii(`Canonical Authority: ${metadataEntity.canonical_authority || Constants.NOT_APPLICABLE}`); - const metadata = this.getCloudDiscoveryMetadataFromConfig(); - if (metadata) { - this.logger.verbose("Found cloud discovery metadata in authority configuration"); - updateCloudDiscoveryMetadata(metadataEntity, metadata, false); - return AuthorityMetadataSource.CONFIG; - } - // If the cached metadata came from config but that config was not passed to this instance, we must go to hardcoded values - this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values."); - if (this.options.skipAuthorityMetadataCache) { - this.logger.verbose("Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache."); - } - else { - const hardcodedMetadata = getCloudDiscoveryMetadataFromHardcodedValues(this.hostnameAndPort); - if (hardcodedMetadata) { - this.logger.verbose("Found cloud discovery metadata from hardcoded values."); - updateCloudDiscoveryMetadata(metadataEntity, hardcodedMetadata, false); - return AuthorityMetadataSource.HARDCODED_VALUES; - } - this.logger.verbose("Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache."); - } - const metadataEntityExpired = isAuthorityMetadataExpired(metadataEntity); - if (this.isAuthoritySameType(metadataEntity) && - metadataEntity.aliasesFromNetwork && - !metadataEntityExpired) { - this.logger.verbose("Found cloud discovery metadata in the cache."); - // No need to update - return AuthorityMetadataSource.CACHE; - } - else if (metadataEntityExpired) { - this.logger.verbose("The metadata entity is expired."); - } - return null; - } - /** - * Parse cloudDiscoveryMetadata config or check knownAuthorities - */ - getCloudDiscoveryMetadataFromConfig() { - // CIAM does not support cloud discovery metadata - if (this.authorityType === AuthorityType.Ciam) { - this.logger.verbose("CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host."); - return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort); - } - // Check if network response was provided in config - if (this.authorityOptions.cloudDiscoveryMetadata) { - this.logger.verbose("The cloud discovery metadata has been provided as a network response, in the config."); - try { - this.logger.verbose("Attempting to parse the cloud discovery metadata."); - const parsedResponse = JSON.parse(this.authorityOptions.cloudDiscoveryMetadata); - const metadata = getCloudDiscoveryMetadataFromNetworkResponse(parsedResponse.metadata, this.hostnameAndPort); - this.logger.verbose("Parsed the cloud discovery metadata."); - if (metadata) { - this.logger.verbose("There is returnable metadata attached to the parsed cloud discovery metadata."); - return metadata; - } - else { - this.logger.verbose("There is no metadata attached to the parsed cloud discovery metadata."); - } - } - catch (e) { - this.logger.verbose("Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error."); - throw createClientConfigurationError(invalidCloudDiscoveryMetadata); - } - } - // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities - if (this.isInKnownAuthorities()) { - this.logger.verbose("The host is included in knownAuthorities. Creating new cloud discovery metadata from the host."); - return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort); - } - return null; - } - /** - * Called to get metadata from network if CloudDiscoveryMetadata was not populated by config - * - * @param hasHardcodedMetadata boolean - */ - async getCloudDiscoveryMetadataFromNetwork() { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, this.correlationId); - const instanceDiscoveryEndpoint = `${Constants.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`; - const options = {}; - /* - * TODO: Add a timeout if the authority exists in our library's - * hardcoded list of metadata - */ - let match = null; - try { - const response = await this.networkInterface.sendGetRequestAsync(instanceDiscoveryEndpoint, options); - let typedResponseBody; - let metadata; - if (isCloudInstanceDiscoveryResponse(response.body)) { - typedResponseBody = - response.body; - metadata = typedResponseBody.metadata; - this.logger.verbosePii(`tenant_discovery_endpoint is: ${typedResponseBody.tenant_discovery_endpoint}`); - } - else if (isCloudInstanceDiscoveryErrorResponse(response.body)) { - this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${response.status}`); - typedResponseBody = - response.body; - if (typedResponseBody.error === Constants.INVALID_INSTANCE) { - this.logger.error("The CloudInstanceDiscoveryErrorResponse error is invalid_instance."); - return null; - } - this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is ${typedResponseBody.error}`); - this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is ${typedResponseBody.error_description}`); - this.logger.warning("Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []"); - metadata = []; - } - else { - this.logger.error("AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse"); - return null; - } - this.logger.verbose("Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request."); - match = getCloudDiscoveryMetadataFromNetworkResponse(metadata, this.hostnameAndPort); - } - catch (error) { - if (error instanceof AuthError) { - this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.\nError: ${error.errorCode}\nError Description: ${error.errorMessage}`); - } - else { - const typedError = error; - this.logger.error(`A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.\nError: ${typedError.name}\nError Description: ${typedError.message}`); - } - return null; - } - // Custom Domain scenario, host is trusted because Instance Discovery call succeeded - if (!match) { - this.logger.warning("The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request."); - this.logger.verbose("Creating custom Authority for custom domain scenario."); - match = Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort); - } - return match; - } - /** - * Helper function to determine if this host is included in the knownAuthorities config option - */ - isInKnownAuthorities() { - const matches = this.authorityOptions.knownAuthorities.filter((authority) => { - return (authority && - UrlString.getDomainFromUrl(authority).toLowerCase() === - this.hostnameAndPort); - }); - return matches.length > 0; - } - /** - * helper function to populate the authority based on azureCloudOptions - * @param authorityString - * @param azureCloudOptions - */ - static generateAuthority(authorityString, azureCloudOptions) { - let authorityAzureCloudInstance; - if (azureCloudOptions && - azureCloudOptions.azureCloudInstance !== AzureCloudInstance.None) { - const tenant = azureCloudOptions.tenant - ? azureCloudOptions.tenant - : Constants.DEFAULT_COMMON_TENANT; - authorityAzureCloudInstance = `${azureCloudOptions.azureCloudInstance}/${tenant}/`; - } - return authorityAzureCloudInstance - ? authorityAzureCloudInstance - : authorityString; - } - /** - * Creates cloud discovery metadata object from a given host - * @param host - */ - static createCloudDiscoveryMetadataFromHost(host) { - return { - preferred_network: host, - preferred_cache: host, - aliases: [host], - }; - } - /** - * helper function to generate environment from authority object - */ - getPreferredCache() { - if (this.managedIdentity) { - return Constants.DEFAULT_AUTHORITY_HOST; - } - else if (this.discoveryComplete()) { - return this.metadata.preferred_cache; - } - else { - throw createClientAuthError(endpointResolutionError); - } - } - /** - * Returns whether or not the provided host is an alias of this authority instance - * @param host - */ - isAlias(host) { - return this.metadata.aliases.indexOf(host) > -1; - } - /** - * Returns whether or not the provided host is an alias of a known Microsoft authority for purposes of endpoint discovery - * @param host - */ - isAliasOfKnownMicrosoftAuthority(host) { - return InstanceDiscoveryMetadataAliases.has(host); - } - /** - * Checks whether the provided host is that of a public cloud authority - * - * @param authority string - * @returns bool - */ - static isPublicCloudAuthority(host) { - return Constants.KNOWN_PUBLIC_CLOUDS.indexOf(host) >= 0; - } - /** - * Rebuild the authority string with the region - * - * @param host string - * @param region string - */ - static buildRegionalAuthorityString(host, region, queryString) { - // Create and validate a Url string object with the initial authority string - const authorityUrlInstance = new UrlString(host); - authorityUrlInstance.validateAsUri(); - const authorityUrlParts = authorityUrlInstance.getUrlComponents(); - let hostNameAndPort = `${region}.${authorityUrlParts.HostNameAndPort}`; - if (this.isPublicCloudAuthority(authorityUrlParts.HostNameAndPort)) { - hostNameAndPort = `${region}.${Constants.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`; - } - // Include the query string portion of the url - const url = UrlString.constructAuthorityUriFromObject({ - ...authorityUrlInstance.getUrlComponents(), - HostNameAndPort: hostNameAndPort, - }).urlString; - // Add the query string if a query string was provided - if (queryString) - return `${url}?${queryString}`; - return url; - } - /** - * Replace the endpoints in the metadata object with their regional equivalents. - * - * @param metadata OpenIdConfigResponse - * @param azureRegion string - */ - static replaceWithRegionalInformation(metadata, azureRegion) { - const regionalMetadata = { ...metadata }; - regionalMetadata.authorization_endpoint = - Authority.buildRegionalAuthorityString(regionalMetadata.authorization_endpoint, azureRegion); - regionalMetadata.token_endpoint = - Authority.buildRegionalAuthorityString(regionalMetadata.token_endpoint, azureRegion); - if (regionalMetadata.end_session_endpoint) { - regionalMetadata.end_session_endpoint = - Authority.buildRegionalAuthorityString(regionalMetadata.end_session_endpoint, azureRegion); - } - return regionalMetadata; - } - /** - * Transform CIAM_AUTHORIY as per the below rules: - * If no path segments found and it is a CIAM authority (hostname ends with .ciamlogin.com), then transform it - * - * NOTE: The transformation path should go away once STS supports CIAM with the format: `tenantIdorDomain.ciamlogin.com` - * `ciamlogin.com` can also change in the future and we should accommodate the same - * - * @param authority - */ - static transformCIAMAuthority(authority) { - let ciamAuthority = authority; - const authorityUrl = new UrlString(authority); - const authorityUrlComponents = authorityUrl.getUrlComponents(); - // check if transformation is needed - if (authorityUrlComponents.PathSegments.length === 0 && - authorityUrlComponents.HostNameAndPort.endsWith(Constants.CIAM_AUTH_URL)) { - const tenantIdOrDomain = authorityUrlComponents.HostNameAndPort.split(".")[0]; - ciamAuthority = `${ciamAuthority}${tenantIdOrDomain}${Constants.AAD_TENANT_DOMAIN_SUFFIX}`; - } - return ciamAuthority; - } -} -// Reserved tenant domain names that will not be replaced with tenant id -Authority.reservedTenantDomains = new Set([ - "{tenant}", - "{tenantid}", - AADAuthorityConstants.COMMON, - AADAuthorityConstants.CONSUMERS, - AADAuthorityConstants.ORGANIZATIONS, -]); -/** - * Extract tenantId from authority - */ -function getTenantFromAuthorityString(authority) { - const authorityUrl = new UrlString(authority); - const authorityUrlComponents = authorityUrl.getUrlComponents(); - /** - * For credential matching purposes, tenantId is the last path segment of the authority URL: - * AAD Authority - domain/tenantId -> Credentials are cached with realm = tenantId - * B2C Authority - domain/{tenantId}?/.../policy -> Credentials are cached with realm = policy - * tenantId is downcased because B2C policies can have mixed case but tfp claim is downcased - * - * Note that we may not have any path segments in certain OIDC scenarios. - */ - const tenantId = authorityUrlComponents.PathSegments.slice(-1)[0]?.toLowerCase(); - switch (tenantId) { - case AADAuthorityConstants.COMMON: - case AADAuthorityConstants.ORGANIZATIONS: - case AADAuthorityConstants.CONSUMERS: - return undefined; - default: - return tenantId; - } -} -function formatAuthorityUri(authorityUri) { - return authorityUri.endsWith(Constants.FORWARD_SLASH) - ? authorityUri - : `${authorityUri}${Constants.FORWARD_SLASH}`; -} -function buildStaticAuthorityOptions(authOptions) { - const rawCloudDiscoveryMetadata = authOptions.cloudDiscoveryMetadata; - let cloudDiscoveryMetadata = undefined; - if (rawCloudDiscoveryMetadata) { - try { - cloudDiscoveryMetadata = JSON.parse(rawCloudDiscoveryMetadata); - } - catch (e) { - throw createClientConfigurationError(invalidCloudDiscoveryMetadata); - } - } - return { - canonicalAuthority: authOptions.authority - ? formatAuthorityUri(authOptions.authority) - : undefined, - knownAuthorities: authOptions.knownAuthorities, - cloudDiscoveryMetadata: cloudDiscoveryMetadata, - }; -} - - -//# sourceMappingURL=Authority.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/InteractionRequiredAuthErrorCodes.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -// Codes defined by MSAL -const noTokensFound = "no_tokens_found"; -const nativeAccountUnavailable = "native_account_unavailable"; -const refreshTokenExpired = "refresh_token_expired"; -// Codes potentially returned by server -const interactionRequired = "interaction_required"; -const consentRequired = "consent_required"; -const loginRequired = "login_required"; -const badToken = "bad_token"; - - -//# sourceMappingURL=InteractionRequiredAuthErrorCodes.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/InteractionRequiredAuthError.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required - */ -const InteractionRequiredServerErrorMessage = [ - interactionRequired, - consentRequired, - loginRequired, - badToken, -]; -const InteractionRequiredAuthSubErrorMessage = [ - "message_only", - "additional_action", - "basic_action", - "user_password_expired", - "consent_required", - "bad_token", -]; -const InteractionRequiredAuthErrorMessages = { - [noTokensFound]: "No refresh token found in the cache. Please sign-in.", - [nativeAccountUnavailable]: "The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.", - [refreshTokenExpired]: "Refresh token has expired.", - [badToken]: "Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.", -}; -/** - * Interaction required errors defined by the SDK - * @deprecated Use InteractionRequiredAuthErrorCodes instead - */ -const InteractionRequiredAuthErrorMessage = { - noTokensFoundError: { - code: noTokensFound, - desc: InteractionRequiredAuthErrorMessages[noTokensFound], - }, - native_account_unavailable: { - code: nativeAccountUnavailable, - desc: InteractionRequiredAuthErrorMessages[nativeAccountUnavailable], - }, - bad_token: { - code: badToken, - desc: InteractionRequiredAuthErrorMessages[badToken], - }, -}; -/** - * Error thrown when user interaction is required. - */ -class InteractionRequiredAuthError extends AuthError { - constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) { - super(errorCode, errorMessage, subError); - Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype); - this.timestamp = timestamp || Constants.EMPTY_STRING; - this.traceId = traceId || Constants.EMPTY_STRING; - this.correlationId = correlationId || Constants.EMPTY_STRING; - this.claims = claims || Constants.EMPTY_STRING; - this.name = "InteractionRequiredAuthError"; - this.errorNo = errorNo; - } -} -/** - * Helper function used to determine if an error thrown by the server requires interaction to resolve - * @param errorCode - * @param errorString - * @param subError - */ -function isInteractionRequiredError(errorCode, errorString, subError) { - const isInteractionRequiredErrorCode = !!errorCode && - InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1; - const isInteractionRequiredSubError = !!subError && - InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1; - const isInteractionRequiredErrorDesc = !!errorString && - InteractionRequiredServerErrorMessage.some((irErrorCode) => { - return errorString.indexOf(irErrorCode) > -1; - }); - return (isInteractionRequiredErrorCode || - isInteractionRequiredErrorDesc || - isInteractionRequiredSubError); -} -/** - * Creates an InteractionRequiredAuthError - */ -function createInteractionRequiredAuthError(errorCode) { - return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]); -} - - -//# sourceMappingURL=InteractionRequiredAuthError.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/utils/ProtocolUtils.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Class which provides helpers for OAuth 2.0 protocol specific values - */ -class ProtocolUtils { - /** - * Appends user state with random guid, or returns random guid. - * @param userState - * @param randomGuid - */ - static setRequestState(cryptoObj, userState, meta) { - const libraryState = ProtocolUtils.generateLibraryState(cryptoObj, meta); - return userState - ? `${libraryState}${Constants.RESOURCE_DELIM}${userState}` - : libraryState; - } - /** - * Generates the state value used by the common library. - * @param randomGuid - * @param cryptoObj - */ - static generateLibraryState(cryptoObj, meta) { - if (!cryptoObj) { - throw createClientAuthError(noCryptoObject); - } - // Create a state object containing a unique id and the timestamp of the request creation - const stateObj = { - id: cryptoObj.createNewGuid(), - }; - if (meta) { - stateObj.meta = meta; - } - const stateString = JSON.stringify(stateObj); - return cryptoObj.base64Encode(stateString); - } - /** - * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user. - * @param state - * @param cryptoObj - */ - static parseRequestState(cryptoObj, state) { - if (!cryptoObj) { - throw createClientAuthError(noCryptoObject); - } - if (!state) { - throw createClientAuthError(invalidState); - } - try { - // Split the state between library state and user passed state and decode them separately - const splitState = state.split(Constants.RESOURCE_DELIM); - const libraryState = splitState[0]; - const userState = splitState.length > 1 - ? splitState.slice(1).join(Constants.RESOURCE_DELIM) - : Constants.EMPTY_STRING; - const libraryStateString = cryptoObj.base64Decode(libraryState); - const libraryStateObj = JSON.parse(libraryStateString); - return { - userRequestState: userState || Constants.EMPTY_STRING, - libraryState: libraryStateObj, - }; - } - catch (e) { - throw createClientAuthError(invalidState); - } - } -} - - -//# sourceMappingURL=ProtocolUtils.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/account/CcsCredential.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const CcsCredentialType = { - HOME_ACCOUNT_ID: "home_account_id", - UPN: "UPN", -}; - - -//# sourceMappingURL=CcsCredential.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/error/BrowserConfigurationAuthErrorCodes.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const storageNotSupported = "storage_not_supported"; -const stubbedPublicClientApplicationCalled = "stubbed_public_client_application_called"; -const inMemRedirectUnavailable = "in_mem_redirect_unavailable"; - - -//# sourceMappingURL=BrowserConfigurationAuthErrorCodes.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/error/BrowserConfigurationAuthError.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const BrowserConfigurationAuthErrorMessages = { - [storageNotSupported]: "Given storage configuration option was not supported.", - [stubbedPublicClientApplicationCalled]: "Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors", - [inMemRedirectUnavailable]: "Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true.", -}; -/** - * BrowserAuthErrorMessage class containing string constants used by error codes and messages. - * @deprecated Use BrowserAuthErrorCodes instead - */ -const BrowserConfigurationAuthErrorMessage = { - storageNotSupportedError: { - code: storageNotSupported, - desc: BrowserConfigurationAuthErrorMessages[storageNotSupported], - }, - stubPcaInstanceCalled: { - code: stubbedPublicClientApplicationCalled, - desc: BrowserConfigurationAuthErrorMessages[stubbedPublicClientApplicationCalled], - }, - inMemRedirectUnavailable: { - code: inMemRedirectUnavailable, - desc: BrowserConfigurationAuthErrorMessages[inMemRedirectUnavailable], - }, -}; -/** - * Browser library error class thrown by the MSAL.js library for SPAs - */ -class BrowserConfigurationAuthError extends AuthError { - constructor(errorCode, errorMessage) { - super(errorCode, errorMessage); - this.name = "BrowserConfigurationAuthError"; - Object.setPrototypeOf(this, BrowserConfigurationAuthError.prototype); - } -} -function createBrowserConfigurationAuthError(errorCode) { - return new BrowserConfigurationAuthError(errorCode, BrowserConfigurationAuthErrorMessages[errorCode]); -} - - -//# sourceMappingURL=BrowserConfigurationAuthError.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/cache/BrowserStorage.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class BrowserStorage { - constructor(cacheLocation) { - this.validateWindowStorage(cacheLocation); - this.windowStorage = window[cacheLocation]; - } - validateWindowStorage(cacheLocation) { - if ((cacheLocation !== BrowserCacheLocation.LocalStorage && - cacheLocation !== BrowserCacheLocation.SessionStorage) || - !window[cacheLocation]) { - throw createBrowserConfigurationAuthError(storageNotSupported); - } - } - getItem(key) { - return this.windowStorage.getItem(key); - } - setItem(key, value) { - this.windowStorage.setItem(key, value); - } - removeItem(key) { - this.windowStorage.removeItem(key); - } - getKeys() { - return Object.keys(this.windowStorage); - } - containsKey(key) { - return this.windowStorage.hasOwnProperty(key); - } -} - - -//# sourceMappingURL=BrowserStorage.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/utils/BrowserProtocolUtils.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Extracts the BrowserStateObject from the state string. - * @param browserCrypto - * @param state - */ -function extractBrowserRequestState(browserCrypto, state) { - if (!state) { - return null; - } - try { - const requestStateObj = ProtocolUtils.parseRequestState(browserCrypto, state); - return requestStateObj.libraryState.meta; - } - catch (e) { - throw createClientAuthError(invalidState); - } -} - - -//# sourceMappingURL=BrowserProtocolUtils.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/cache/BrowserCacheManager.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * This class implements the cache storage interface for MSAL through browser local or session storage. - * Cookies are only used if storeAuthStateInCookie is true, and are only used for - * parameters such as state and nonce, generally. - */ -class BrowserCacheManager extends CacheManager { - constructor(clientId, cacheConfig, cryptoImpl, logger, staticAuthorityOptions, performanceClient) { - super(clientId, cryptoImpl, logger, staticAuthorityOptions); - // Cookie life calculation (hours * minutes * seconds * ms) - this.COOKIE_LIFE_MULTIPLIER = 24 * 60 * 60 * 1000; - this.cacheConfig = cacheConfig; - this.logger = logger; - this.internalStorage = new MemoryStorage(); - this.browserStorage = this.setupBrowserStorage(this.cacheConfig.cacheLocation); - this.temporaryCacheStorage = this.setupTemporaryCacheStorage(this.cacheConfig.temporaryCacheLocation, this.cacheConfig.cacheLocation); - // Migrate cache entries from older versions of MSAL. - if (cacheConfig.cacheMigrationEnabled) { - this.migrateCacheEntries(); - this.createKeyMaps(); - } - this.performanceClient = performanceClient; - } - /** - * Returns a window storage class implementing the IWindowStorage interface that corresponds to the configured cacheLocation. - * @param cacheLocation - */ - setupBrowserStorage(cacheLocation) { - switch (cacheLocation) { - case BrowserCacheLocation.LocalStorage: - case BrowserCacheLocation.SessionStorage: - try { - return new BrowserStorage(cacheLocation); - } - catch (e) { - this.logger.verbose(e); - break; - } - } - this.cacheConfig.cacheLocation = BrowserCacheLocation.MemoryStorage; - return new MemoryStorage(); - } - /** - * Returns a window storage class implementing the IWindowStorage interface that corresponds to the configured temporaryCacheLocation. - * @param temporaryCacheLocation - * @param cacheLocation - */ - setupTemporaryCacheStorage(temporaryCacheLocation, cacheLocation) { - switch (cacheLocation) { - case BrowserCacheLocation.LocalStorage: - case BrowserCacheLocation.SessionStorage: - try { - // Temporary cache items will always be stored in session storage to mitigate problems caused by multiple tabs - return new BrowserStorage(temporaryCacheLocation || - BrowserCacheLocation.SessionStorage); - } - catch (e) { - this.logger.verbose(e); - return this.internalStorage; - } - case BrowserCacheLocation.MemoryStorage: - default: - return this.internalStorage; - } - } - /** - * Migrate all old cache entries to new schema. No rollback supported. - * @param storeAuthStateInCookie - */ - migrateCacheEntries() { - const idTokenKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ID_TOKEN}`; - const clientInfoKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.CLIENT_INFO}`; - const errorKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ERROR}`; - const errorDescKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ERROR_DESC}`; - const idTokenValue = this.browserStorage.getItem(idTokenKey); - const clientInfoValue = this.browserStorage.getItem(clientInfoKey); - const errorValue = this.browserStorage.getItem(errorKey); - const errorDescValue = this.browserStorage.getItem(errorDescKey); - const values = [ - idTokenValue, - clientInfoValue, - errorValue, - errorDescValue, - ]; - const keysToMigrate = [ - PersistentCacheKeys.ID_TOKEN, - PersistentCacheKeys.CLIENT_INFO, - PersistentCacheKeys.ERROR, - PersistentCacheKeys.ERROR_DESC, - ]; - keysToMigrate.forEach((cacheKey, index) => { - const value = values[index]; - if (value) { - this.setTemporaryCache(cacheKey, value, true); - } - }); - } - /** - * Searches all cache entries for MSAL accounts and creates the account key map - * This is used to migrate users from older versions of MSAL which did not create the map. - * @returns - */ - createKeyMaps() { - this.logger.trace("BrowserCacheManager - createKeyMaps called."); - const accountKeys = this.getItem(StaticCacheKeys.ACCOUNT_KEYS); - const tokenKeys = this.getItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`); - if (accountKeys && tokenKeys) { - this.logger.verbose("BrowserCacheManager:createKeyMaps - account and token key maps already exist, skipping migration."); - // Key maps already exist, no need to iterate through cache - return; - } - const allKeys = this.browserStorage.getKeys(); - allKeys.forEach((key) => { - if (this.isCredentialKey(key)) { - // Get item, parse, validate and write key to map - const value = this.getItem(key); - if (value) { - const credObj = this.validateAndParseJson(value); - if (credObj && credObj.hasOwnProperty("credentialType")) { - switch (credObj["credentialType"]) { - case CredentialType.ID_TOKEN: - if (isIdTokenEntity(credObj)) { - this.logger.trace("BrowserCacheManager:createKeyMaps - idToken found, saving key to token key map"); - this.logger.tracePii(`BrowserCacheManager:createKeyMaps - idToken with key: ${key} found, saving key to token key map`); - const idTokenEntity = credObj; - const newKey = this.updateCredentialCacheKey(key, idTokenEntity); - this.addTokenKey(newKey, CredentialType.ID_TOKEN); - return; - } - else { - this.logger.trace("BrowserCacheManager:createKeyMaps - key found matching idToken schema with value containing idToken credentialType field but value failed IdTokenEntity validation, skipping."); - this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed idToken validation on key: ${key}`); - } - break; - case CredentialType.ACCESS_TOKEN: - case CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME: - if (isAccessTokenEntity(credObj)) { - this.logger.trace("BrowserCacheManager:createKeyMaps - accessToken found, saving key to token key map"); - this.logger.tracePii(`BrowserCacheManager:createKeyMaps - accessToken with key: ${key} found, saving key to token key map`); - const accessTokenEntity = credObj; - const newKey = this.updateCredentialCacheKey(key, accessTokenEntity); - this.addTokenKey(newKey, CredentialType.ACCESS_TOKEN); - return; - } - else { - this.logger.trace("BrowserCacheManager:createKeyMaps - key found matching accessToken schema with value containing accessToken credentialType field but value failed AccessTokenEntity validation, skipping."); - this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed accessToken validation on key: ${key}`); - } - break; - case CredentialType.REFRESH_TOKEN: - if (isRefreshTokenEntity(credObj)) { - this.logger.trace("BrowserCacheManager:createKeyMaps - refreshToken found, saving key to token key map"); - this.logger.tracePii(`BrowserCacheManager:createKeyMaps - refreshToken with key: ${key} found, saving key to token key map`); - const refreshTokenEntity = credObj; - const newKey = this.updateCredentialCacheKey(key, refreshTokenEntity); - this.addTokenKey(newKey, CredentialType.REFRESH_TOKEN); - return; - } - else { - this.logger.trace("BrowserCacheManager:createKeyMaps - key found matching refreshToken schema with value containing refreshToken credentialType field but value failed RefreshTokenEntity validation, skipping."); - this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed refreshToken validation on key: ${key}`); - } - break; - // If credentialType isn't one of our predefined ones, it may not be an MSAL cache value. Ignore. - } - } - } - } - if (this.isAccountKey(key)) { - const value = this.getItem(key); - if (value) { - const accountObj = this.validateAndParseJson(value); - if (accountObj && - AccountEntity.isAccountEntity(accountObj)) { - this.logger.trace("BrowserCacheManager:createKeyMaps - account found, saving key to account key map"); - this.logger.tracePii(`BrowserCacheManager:createKeyMaps - account with key: ${key} found, saving key to account key map`); - this.addAccountKeyToMap(key); - } - } - } - }); - } - /** - * Parses passed value as JSON object, JSON.parse() will throw an error. - * @param input - */ - validateAndParseJson(jsonValue) { - try { - const parsedJson = JSON.parse(jsonValue); - /** - * There are edge cases in which JSON.parse will successfully parse a non-valid JSON object - * (e.g. JSON.parse will parse an escaped string into an unescaped string), so adding a type check - * of the parsed value is necessary in order to be certain that the string represents a valid JSON object. - * - */ - return parsedJson && typeof parsedJson === "object" - ? parsedJson - : null; - } - catch (error) { - return null; - } - } - /** - * fetches the entry from the browser storage based off the key - * @param key - */ - getItem(key) { - return this.browserStorage.getItem(key); - } - /** - * sets the entry in the browser storage - * @param key - * @param value - */ - setItem(key, value) { - this.browserStorage.setItem(key, value); - } - /** - * fetch the account entity from the platform cache - * @param accountKey - */ - getAccount(accountKey, logger) { - this.logger.trace("BrowserCacheManager.getAccount called"); - const accountEntity = this.getCachedAccountEntity(accountKey); - return this.updateOutdatedCachedAccount(accountKey, accountEntity, logger); - } - /** - * Reads account from cache, deserializes it into an account entity and returns it. - * If account is not found from the key, returns null and removes key from map. - * @param accountKey - * @returns - */ - getCachedAccountEntity(accountKey) { - const serializedAccount = this.getItem(accountKey); - if (!serializedAccount) { - this.removeAccountKeyFromMap(accountKey); - return null; - } - const parsedAccount = this.validateAndParseJson(serializedAccount); - if (!parsedAccount || !AccountEntity.isAccountEntity(parsedAccount)) { - this.removeAccountKeyFromMap(accountKey); - return null; - } - return CacheManager.toObject(new AccountEntity(), parsedAccount); - } - /** - * set account entity in the platform cache - * @param account - */ - setAccount(account) { - this.logger.trace("BrowserCacheManager.setAccount called"); - const key = account.generateAccountKey(); - this.setItem(key, JSON.stringify(account)); - this.addAccountKeyToMap(key); - } - /** - * Returns the array of account keys currently cached - * @returns - */ - getAccountKeys() { - this.logger.trace("BrowserCacheManager.getAccountKeys called"); - const accountKeys = this.getItem(StaticCacheKeys.ACCOUNT_KEYS); - if (accountKeys) { - return JSON.parse(accountKeys); - } - this.logger.verbose("BrowserCacheManager.getAccountKeys - No account keys found"); - return []; - } - /** - * Add a new account to the key map - * @param key - */ - addAccountKeyToMap(key) { - this.logger.trace("BrowserCacheManager.addAccountKeyToMap called"); - this.logger.tracePii(`BrowserCacheManager.addAccountKeyToMap called with key: ${key}`); - const accountKeys = this.getAccountKeys(); - if (accountKeys.indexOf(key) === -1) { - // Only add key if it does not already exist in the map - accountKeys.push(key); - this.setItem(StaticCacheKeys.ACCOUNT_KEYS, JSON.stringify(accountKeys)); - this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key added"); - } - else { - this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key already exists in map"); - } - } - /** - * Remove an account from the key map - * @param key - */ - removeAccountKeyFromMap(key) { - this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap called"); - this.logger.tracePii(`BrowserCacheManager.removeAccountKeyFromMap called with key: ${key}`); - const accountKeys = this.getAccountKeys(); - const removalIndex = accountKeys.indexOf(key); - if (removalIndex > -1) { - accountKeys.splice(removalIndex, 1); - this.setItem(StaticCacheKeys.ACCOUNT_KEYS, JSON.stringify(accountKeys)); - this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap account key removed"); - } - else { - this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap key not found in existing map"); - } - } - /** - * Extends inherited removeAccount function to include removal of the account key from the map - * @param key - */ - async removeAccount(key) { - void super.removeAccount(key); - this.removeAccountKeyFromMap(key); - } - /** - * Remove account entity from the platform cache if it's outdated - * @param accountKey - */ - removeOutdatedAccount(accountKey) { - this.removeItem(accountKey); - this.removeAccountKeyFromMap(accountKey); - } - /** - * Removes given idToken from the cache and from the key map - * @param key - */ - removeIdToken(key) { - super.removeIdToken(key); - this.removeTokenKey(key, CredentialType.ID_TOKEN); - } - /** - * Removes given accessToken from the cache and from the key map - * @param key - */ - async removeAccessToken(key) { - void super.removeAccessToken(key); - this.removeTokenKey(key, CredentialType.ACCESS_TOKEN); - } - /** - * Removes given refreshToken from the cache and from the key map - * @param key - */ - removeRefreshToken(key) { - super.removeRefreshToken(key); - this.removeTokenKey(key, CredentialType.REFRESH_TOKEN); - } - /** - * Gets the keys for the cached tokens associated with this clientId - * @returns - */ - getTokenKeys() { - this.logger.trace("BrowserCacheManager.getTokenKeys called"); - const item = this.getItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`); - if (item) { - const tokenKeys = this.validateAndParseJson(item); - if (tokenKeys && - tokenKeys.hasOwnProperty("idToken") && - tokenKeys.hasOwnProperty("accessToken") && - tokenKeys.hasOwnProperty("refreshToken")) { - return tokenKeys; - } - else { - this.logger.error("BrowserCacheManager.getTokenKeys - Token keys found but in an unknown format. Returning empty key map."); - } - } - else { - this.logger.verbose("BrowserCacheManager.getTokenKeys - No token keys found"); - } - return { - idToken: [], - accessToken: [], - refreshToken: [], - }; - } - /** - * Adds the given key to the token key map - * @param key - * @param type - */ - addTokenKey(key, type) { - this.logger.trace("BrowserCacheManager addTokenKey called"); - const tokenKeys = this.getTokenKeys(); - switch (type) { - case CredentialType.ID_TOKEN: - if (tokenKeys.idToken.indexOf(key) === -1) { - this.logger.info("BrowserCacheManager: addTokenKey - idToken added to map"); - tokenKeys.idToken.push(key); - } - break; - case CredentialType.ACCESS_TOKEN: - if (tokenKeys.accessToken.indexOf(key) === -1) { - this.logger.info("BrowserCacheManager: addTokenKey - accessToken added to map"); - tokenKeys.accessToken.push(key); - } - break; - case CredentialType.REFRESH_TOKEN: - if (tokenKeys.refreshToken.indexOf(key) === -1) { - this.logger.info("BrowserCacheManager: addTokenKey - refreshToken added to map"); - tokenKeys.refreshToken.push(key); - } - break; - default: - this.logger.error(`BrowserCacheManager:addTokenKey - CredentialType provided invalid. CredentialType: ${type}`); - throw createClientAuthError(unexpectedCredentialType); - } - this.setItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`, JSON.stringify(tokenKeys)); - } - /** - * Removes the given key from the token key map - * @param key - * @param type - */ - removeTokenKey(key, type) { - this.logger.trace("BrowserCacheManager removeTokenKey called"); - const tokenKeys = this.getTokenKeys(); - switch (type) { - case CredentialType.ID_TOKEN: - this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove idToken with key: ${key} from map`); - const idRemoval = tokenKeys.idToken.indexOf(key); - if (idRemoval > -1) { - this.logger.info("BrowserCacheManager: removeTokenKey - idToken removed from map"); - tokenKeys.idToken.splice(idRemoval, 1); - } - else { - this.logger.info("BrowserCacheManager: removeTokenKey - idToken does not exist in map. Either it was previously removed or it was never added."); - } - break; - case CredentialType.ACCESS_TOKEN: - this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove accessToken with key: ${key} from map`); - const accessRemoval = tokenKeys.accessToken.indexOf(key); - if (accessRemoval > -1) { - this.logger.info("BrowserCacheManager: removeTokenKey - accessToken removed from map"); - tokenKeys.accessToken.splice(accessRemoval, 1); - } - else { - this.logger.info("BrowserCacheManager: removeTokenKey - accessToken does not exist in map. Either it was previously removed or it was never added."); - } - break; - case CredentialType.REFRESH_TOKEN: - this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove refreshToken with key: ${key} from map`); - const refreshRemoval = tokenKeys.refreshToken.indexOf(key); - if (refreshRemoval > -1) { - this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken removed from map"); - tokenKeys.refreshToken.splice(refreshRemoval, 1); - } - else { - this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken does not exist in map. Either it was previously removed or it was never added."); - } - break; - default: - this.logger.error(`BrowserCacheManager:removeTokenKey - CredentialType provided invalid. CredentialType: ${type}`); - throw createClientAuthError(unexpectedCredentialType); - } - this.setItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`, JSON.stringify(tokenKeys)); - } - /** - * generates idToken entity from a string - * @param idTokenKey - */ - getIdTokenCredential(idTokenKey) { - const value = this.getItem(idTokenKey); - if (!value) { - this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"); - this.removeTokenKey(idTokenKey, CredentialType.ID_TOKEN); - return null; - } - const parsedIdToken = this.validateAndParseJson(value); - if (!parsedIdToken || !isIdTokenEntity(parsedIdToken)) { - this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"); - this.removeTokenKey(idTokenKey, CredentialType.ID_TOKEN); - return null; - } - this.logger.trace("BrowserCacheManager.getIdTokenCredential: cache hit"); - return parsedIdToken; - } - /** - * set IdToken credential to the platform cache - * @param idToken - */ - setIdTokenCredential(idToken) { - this.logger.trace("BrowserCacheManager.setIdTokenCredential called"); - const idTokenKey = generateCredentialKey(idToken); - this.setItem(idTokenKey, JSON.stringify(idToken)); - this.addTokenKey(idTokenKey, CredentialType.ID_TOKEN); - } - /** - * generates accessToken entity from a string - * @param key - */ - getAccessTokenCredential(accessTokenKey) { - const value = this.getItem(accessTokenKey); - if (!value) { - this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"); - this.removeTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN); - return null; - } - const parsedAccessToken = this.validateAndParseJson(value); - if (!parsedAccessToken || - !isAccessTokenEntity(parsedAccessToken)) { - this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"); - this.removeTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN); - return null; - } - this.logger.trace("BrowserCacheManager.getAccessTokenCredential: cache hit"); - return parsedAccessToken; - } - /** - * set accessToken credential to the platform cache - * @param accessToken - */ - setAccessTokenCredential(accessToken) { - this.logger.trace("BrowserCacheManager.setAccessTokenCredential called"); - const accessTokenKey = generateCredentialKey(accessToken); - this.setItem(accessTokenKey, JSON.stringify(accessToken)); - this.addTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN); - } - /** - * generates refreshToken entity from a string - * @param refreshTokenKey - */ - getRefreshTokenCredential(refreshTokenKey) { - const value = this.getItem(refreshTokenKey); - if (!value) { - this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"); - this.removeTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN); - return null; - } - const parsedRefreshToken = this.validateAndParseJson(value); - if (!parsedRefreshToken || - !isRefreshTokenEntity(parsedRefreshToken)) { - this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"); - this.removeTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN); - return null; - } - this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: cache hit"); - return parsedRefreshToken; - } - /** - * set refreshToken credential to the platform cache - * @param refreshToken - */ - setRefreshTokenCredential(refreshToken) { - this.logger.trace("BrowserCacheManager.setRefreshTokenCredential called"); - const refreshTokenKey = generateCredentialKey(refreshToken); - this.setItem(refreshTokenKey, JSON.stringify(refreshToken)); - this.addTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN); - } - /** - * fetch appMetadata entity from the platform cache - * @param appMetadataKey - */ - getAppMetadata(appMetadataKey) { - const value = this.getItem(appMetadataKey); - if (!value) { - this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"); - return null; - } - const parsedMetadata = this.validateAndParseJson(value); - if (!parsedMetadata || - !isAppMetadataEntity(appMetadataKey, parsedMetadata)) { - this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"); - return null; - } - this.logger.trace("BrowserCacheManager.getAppMetadata: cache hit"); - return parsedMetadata; - } - /** - * set appMetadata entity to the platform cache - * @param appMetadata - */ - setAppMetadata(appMetadata) { - this.logger.trace("BrowserCacheManager.setAppMetadata called"); - const appMetadataKey = generateAppMetadataKey(appMetadata); - this.setItem(appMetadataKey, JSON.stringify(appMetadata)); - } - /** - * fetch server telemetry entity from the platform cache - * @param serverTelemetryKey - */ - getServerTelemetry(serverTelemetryKey) { - const value = this.getItem(serverTelemetryKey); - if (!value) { - this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"); - return null; - } - const parsedEntity = this.validateAndParseJson(value); - if (!parsedEntity || - !isServerTelemetryEntity(serverTelemetryKey, parsedEntity)) { - this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"); - return null; - } - this.logger.trace("BrowserCacheManager.getServerTelemetry: cache hit"); - return parsedEntity; - } - /** - * set server telemetry entity to the platform cache - * @param serverTelemetryKey - * @param serverTelemetry - */ - setServerTelemetry(serverTelemetryKey, serverTelemetry) { - this.logger.trace("BrowserCacheManager.setServerTelemetry called"); - this.setItem(serverTelemetryKey, JSON.stringify(serverTelemetry)); - } - /** - * - */ - getAuthorityMetadata(key) { - const value = this.internalStorage.getItem(key); - if (!value) { - this.logger.trace("BrowserCacheManager.getAuthorityMetadata: called, no cache hit"); - return null; - } - const parsedMetadata = this.validateAndParseJson(value); - if (parsedMetadata && - isAuthorityMetadataEntity(key, parsedMetadata)) { - this.logger.trace("BrowserCacheManager.getAuthorityMetadata: cache hit"); - return parsedMetadata; - } - return null; - } - /** - * - */ - getAuthorityMetadataKeys() { - const allKeys = this.internalStorage.getKeys(); - return allKeys.filter((key) => { - return this.isAuthorityMetadata(key); - }); - } - /** - * Sets wrapper metadata in memory - * @param wrapperSKU - * @param wrapperVersion - */ - setWrapperMetadata(wrapperSKU, wrapperVersion) { - this.internalStorage.setItem(InMemoryCacheKeys.WRAPPER_SKU, wrapperSKU); - this.internalStorage.setItem(InMemoryCacheKeys.WRAPPER_VER, wrapperVersion); - } - /** - * Returns wrapper metadata from in-memory storage - */ - getWrapperMetadata() { - const sku = this.internalStorage.getItem(InMemoryCacheKeys.WRAPPER_SKU) || - Constants.EMPTY_STRING; - const version = this.internalStorage.getItem(InMemoryCacheKeys.WRAPPER_VER) || - Constants.EMPTY_STRING; - return [sku, version]; - } - /** - * - * @param entity - */ - setAuthorityMetadata(key, entity) { - this.logger.trace("BrowserCacheManager.setAuthorityMetadata called"); - this.internalStorage.setItem(key, JSON.stringify(entity)); - } - /** - * Gets the active account - */ - getActiveAccount() { - const activeAccountKeyFilters = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS); - const activeAccountValueFilters = this.getItem(activeAccountKeyFilters); - if (!activeAccountValueFilters) { - // if new active account cache type isn't found, it's an old version, so look for that instead - this.logger.trace("BrowserCacheManager.getActiveAccount: No active account filters cache schema found, looking for legacy schema"); - const activeAccountKeyLocal = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT); - const activeAccountValueLocal = this.getItem(activeAccountKeyLocal); - if (!activeAccountValueLocal) { - this.logger.trace("BrowserCacheManager.getActiveAccount: No active account found"); - return null; - } - const activeAccount = this.getAccountInfoFilteredBy({ - localAccountId: activeAccountValueLocal, - }); - if (activeAccount) { - this.logger.trace("BrowserCacheManager.getActiveAccount: Legacy active account cache schema found"); - this.logger.trace("BrowserCacheManager.getActiveAccount: Adding active account filters cache schema"); - this.setActiveAccount(activeAccount); - return activeAccount; - } - return null; - } - const activeAccountValueObj = this.validateAndParseJson(activeAccountValueFilters); - if (activeAccountValueObj) { - this.logger.trace("BrowserCacheManager.getActiveAccount: Active account filters schema found"); - return this.getAccountInfoFilteredBy({ - homeAccountId: activeAccountValueObj.homeAccountId, - localAccountId: activeAccountValueObj.localAccountId, - tenantId: activeAccountValueObj.tenantId, - }); - } - this.logger.trace("BrowserCacheManager.getActiveAccount: No active account found"); - return null; - } - /** - * Sets the active account's localAccountId in cache - * @param account - */ - setActiveAccount(account) { - const activeAccountKey = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS); - const activeAccountKeyLocal = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT); - if (account) { - this.logger.verbose("setActiveAccount: Active account set"); - const activeAccountValue = { - homeAccountId: account.homeAccountId, - localAccountId: account.localAccountId, - tenantId: account.tenantId, - }; - this.browserStorage.setItem(activeAccountKey, JSON.stringify(activeAccountValue)); - this.browserStorage.setItem(activeAccountKeyLocal, account.localAccountId); - } - else { - this.logger.verbose("setActiveAccount: No account passed, active account not set"); - this.browserStorage.removeItem(activeAccountKey); - this.browserStorage.removeItem(activeAccountKeyLocal); - } - } - /** - * fetch throttling entity from the platform cache - * @param throttlingCacheKey - */ - getThrottlingCache(throttlingCacheKey) { - const value = this.getItem(throttlingCacheKey); - if (!value) { - this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"); - return null; - } - const parsedThrottlingCache = this.validateAndParseJson(value); - if (!parsedThrottlingCache || - !isThrottlingEntity(throttlingCacheKey, parsedThrottlingCache)) { - this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"); - return null; - } - this.logger.trace("BrowserCacheManager.getThrottlingCache: cache hit"); - return parsedThrottlingCache; - } - /** - * set throttling entity to the platform cache - * @param throttlingCacheKey - * @param throttlingCache - */ - setThrottlingCache(throttlingCacheKey, throttlingCache) { - this.logger.trace("BrowserCacheManager.setThrottlingCache called"); - this.setItem(throttlingCacheKey, JSON.stringify(throttlingCache)); - } - /** - * Gets cache item with given key. - * Will retrieve from cookies if storeAuthStateInCookie is set to true. - * @param key - */ - getTemporaryCache(cacheKey, generateKey) { - const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey; - if (this.cacheConfig.storeAuthStateInCookie) { - const itemCookie = this.getItemCookie(key); - if (itemCookie) { - this.logger.trace("BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies"); - return itemCookie; - } - } - const value = this.temporaryCacheStorage.getItem(key); - if (!value) { - // If temp cache item not found in session/memory, check local storage for items set by old versions - if (this.cacheConfig.cacheLocation === - BrowserCacheLocation.LocalStorage) { - const item = this.browserStorage.getItem(key); - if (item) { - this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage"); - return item; - } - } - this.logger.trace("BrowserCacheManager.getTemporaryCache: No cache item found in local storage"); - return null; - } - this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item returned"); - return value; - } - /** - * Sets the cache item with the key and value given. - * Stores in cookie if storeAuthStateInCookie is set to true. - * This can cause cookie overflow if used incorrectly. - * @param key - * @param value - */ - setTemporaryCache(cacheKey, value, generateKey) { - const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey; - this.temporaryCacheStorage.setItem(key, value); - if (this.cacheConfig.storeAuthStateInCookie) { - this.logger.trace("BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie"); - this.setItemCookie(key, value); - } - } - /** - * Removes the cache item with the given key. - * @param key - */ - removeItem(key) { - this.browserStorage.removeItem(key); - } - /** - * Removes the temporary cache item with the given key. - * Will also clear the cookie item if storeAuthStateInCookie is set to true. - * @param key - */ - removeTemporaryItem(key) { - this.temporaryCacheStorage.removeItem(key); - if (this.cacheConfig.storeAuthStateInCookie) { - this.logger.trace("BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie"); - this.clearItemCookie(key); - } - } - /** - * Gets all keys in window. - */ - getKeys() { - return this.browserStorage.getKeys(); - } - /** - * Clears all cache entries created by MSAL. - */ - async clear() { - // Removes all accounts and their credentials - await this.removeAllAccounts(); - this.removeAppMetadata(); - // Remove temp storage first to make sure any cookies are cleared - this.temporaryCacheStorage.getKeys().forEach((cacheKey) => { - if (cacheKey.indexOf(Constants.CACHE_PREFIX) !== -1 || - cacheKey.indexOf(this.clientId) !== -1) { - this.removeTemporaryItem(cacheKey); - } - }); - // Removes all remaining MSAL cache items - this.browserStorage.getKeys().forEach((cacheKey) => { - if (cacheKey.indexOf(Constants.CACHE_PREFIX) !== -1 || - cacheKey.indexOf(this.clientId) !== -1) { - this.browserStorage.removeItem(cacheKey); - } - }); - this.internalStorage.clear(); - } - /** - * Clears all access tokes that have claims prior to saving the current one - * @param performanceClient {IPerformanceClient} - * @param correlationId {string} correlation id - * @returns - */ - async clearTokensAndKeysWithClaims(performanceClient, correlationId) { - performanceClient.addQueueMeasurement(PerformanceEvents.ClearTokensAndKeysWithClaims, correlationId); - const tokenKeys = this.getTokenKeys(); - const removedAccessTokens = []; - tokenKeys.accessToken.forEach((key) => { - // if the access token has claims in its key, remove the token key and the token - const credential = this.getAccessTokenCredential(key); - if (credential?.requestedClaimsHash && - key.includes(credential.requestedClaimsHash.toLowerCase())) { - removedAccessTokens.push(this.removeAccessToken(key)); - } - }); - await Promise.all(removedAccessTokens); - // warn if any access tokens are removed - if (removedAccessTokens.length > 0) { - this.logger.warning(`${removedAccessTokens.length} access tokens with claims in the cache keys have been removed from the cache.`); - } - } - /** - * Add value to cookies - * @param cookieName - * @param cookieValue - * @param expires - * @deprecated - */ - setItemCookie(cookieName, cookieValue, expires) { - let cookieStr = `${encodeURIComponent(cookieName)}=${encodeURIComponent(cookieValue)};path=/;SameSite=Lax;`; - if (expires) { - const expireTime = this.getCookieExpirationTime(expires); - cookieStr += `expires=${expireTime};`; - } - if (this.cacheConfig.secureCookies) { - cookieStr += "Secure;"; - } - document.cookie = cookieStr; - } - /** - * Get one item by key from cookies - * @param cookieName - * @deprecated - */ - getItemCookie(cookieName) { - const name = `${encodeURIComponent(cookieName)}=`; - const cookieList = document.cookie.split(";"); - for (let i = 0; i < cookieList.length; i++) { - let cookie = cookieList[i]; - while (cookie.charAt(0) === " ") { - cookie = cookie.substring(1); - } - if (cookie.indexOf(name) === 0) { - return decodeURIComponent(cookie.substring(name.length, cookie.length)); - } - } - return Constants.EMPTY_STRING; - } - /** - * Clear all msal-related cookies currently set in the browser. Should only be used to clear temporary cache items. - * @deprecated - */ - clearMsalCookies() { - const cookiePrefix = `${Constants.CACHE_PREFIX}.${this.clientId}`; - const cookieList = document.cookie.split(";"); - cookieList.forEach((cookie) => { - while (cookie.charAt(0) === " ") { - // eslint-disable-next-line no-param-reassign - cookie = cookie.substring(1); - } - if (cookie.indexOf(cookiePrefix) === 0) { - const cookieKey = cookie.split("=")[0]; - this.clearItemCookie(cookieKey); - } - }); - } - /** - * Clear an item in the cookies by key - * @param cookieName - * @deprecated - */ - clearItemCookie(cookieName) { - this.setItemCookie(cookieName, Constants.EMPTY_STRING, -1); - } - /** - * Get cookie expiration time - * @param cookieLifeDays - * @deprecated - */ - getCookieExpirationTime(cookieLifeDays) { - const today = new Date(); - const expr = new Date(today.getTime() + cookieLifeDays * this.COOKIE_LIFE_MULTIPLIER); - return expr.toUTCString(); - } - /** - * Prepend msal. to each key; Skip for any JSON object as Key (defined schemas do not need the key appended: AccessToken Keys or the upcoming schema) - * @param key - * @param addInstanceId - */ - generateCacheKey(key) { - const generatedKey = this.validateAndParseJson(key); - if (!generatedKey) { - if (StringUtils.startsWith(key, Constants.CACHE_PREFIX) || - StringUtils.startsWith(key, PersistentCacheKeys.ADAL_ID_TOKEN)) { - return key; - } - return `${Constants.CACHE_PREFIX}.${this.clientId}.${key}`; - } - return JSON.stringify(key); - } - /** - * Create authorityKey to cache authority - * @param state - */ - generateAuthorityKey(stateString) { - const { libraryState: { id: stateId }, } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString); - return this.generateCacheKey(`${TemporaryCacheKeys.AUTHORITY}.${stateId}`); - } - /** - * Create Nonce key to cache nonce - * @param state - */ - generateNonceKey(stateString) { - const { libraryState: { id: stateId }, } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString); - return this.generateCacheKey(`${TemporaryCacheKeys.NONCE_IDTOKEN}.${stateId}`); - } - /** - * Creates full cache key for the request state - * @param stateString State string for the request - */ - generateStateKey(stateString) { - // Use the library state id to key temp storage for uniqueness for multiple concurrent requests - const { libraryState: { id: stateId }, } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString); - return this.generateCacheKey(`${TemporaryCacheKeys.REQUEST_STATE}.${stateId}`); - } - /** - * Gets the cached authority based on the cached state. Returns empty if no cached state found. - */ - getCachedAuthority(cachedState) { - const stateCacheKey = this.generateStateKey(cachedState); - const state = this.getTemporaryCache(stateCacheKey); - if (!state) { - return null; - } - const authorityCacheKey = this.generateAuthorityKey(state); - return this.getTemporaryCache(authorityCacheKey); - } - /** - * Updates account, authority, and state in cache - * @param serverAuthenticationRequest - * @param account - */ - updateCacheEntries(state, nonce, authorityInstance, loginHint, account) { - this.logger.trace("BrowserCacheManager.updateCacheEntries called"); - // Cache the request state - const stateCacheKey = this.generateStateKey(state); - this.setTemporaryCache(stateCacheKey, state, false); - // Cache the nonce - const nonceCacheKey = this.generateNonceKey(state); - this.setTemporaryCache(nonceCacheKey, nonce, false); - // Cache authorityKey - const authorityCacheKey = this.generateAuthorityKey(state); - this.setTemporaryCache(authorityCacheKey, authorityInstance, false); - if (account) { - const ccsCredential = { - credential: account.homeAccountId, - type: CcsCredentialType.HOME_ACCOUNT_ID, - }; - this.setTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, JSON.stringify(ccsCredential), true); - } - else if (loginHint) { - const ccsCredential = { - credential: loginHint, - type: CcsCredentialType.UPN, - }; - this.setTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, JSON.stringify(ccsCredential), true); - } - } - /** - * Reset all temporary cache items - * @param state - */ - resetRequestCache(state) { - this.logger.trace("BrowserCacheManager.resetRequestCache called"); - // check state and remove associated cache items - if (state) { - this.temporaryCacheStorage.getKeys().forEach((key) => { - if (key.indexOf(state) !== -1) { - this.removeTemporaryItem(key); - } - }); - // delete generic interactive request parameters - this.removeTemporaryItem(this.generateStateKey(state)); - this.removeTemporaryItem(this.generateNonceKey(state)); - this.removeTemporaryItem(this.generateAuthorityKey(state)); - } - this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.REQUEST_PARAMS)); - this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.ORIGIN_URI)); - this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.URL_HASH)); - this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.CORRELATION_ID)); - this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.CCS_CREDENTIAL)); - this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.NATIVE_REQUEST)); - this.setInteractionInProgress(false); - } - /** - * Removes temporary cache for the provided state - * @param stateString - */ - cleanRequestByState(stateString) { - this.logger.trace("BrowserCacheManager.cleanRequestByState called"); - // Interaction is completed - remove interaction status. - if (stateString) { - const stateKey = this.generateStateKey(stateString); - const cachedState = this.temporaryCacheStorage.getItem(stateKey); - this.logger.infoPii(`BrowserCacheManager.cleanRequestByState: Removing temporary cache items for state: ${cachedState}`); - this.resetRequestCache(cachedState || Constants.EMPTY_STRING); - } - this.clearMsalCookies(); - } - /** - * Looks in temporary cache for any state values with the provided interactionType and removes all temporary cache items for that state - * Used in scenarios where temp cache needs to be cleaned but state is not known, such as clicking browser back button. - * @param interactionType - */ - cleanRequestByInteractionType(interactionType) { - this.logger.trace("BrowserCacheManager.cleanRequestByInteractionType called"); - // Loop through all keys to find state key - this.temporaryCacheStorage.getKeys().forEach((key) => { - // If this key is not the state key, move on - if (key.indexOf(TemporaryCacheKeys.REQUEST_STATE) === -1) { - return; - } - // Retrieve state value, return if not a valid value - const stateValue = this.temporaryCacheStorage.getItem(key); - if (!stateValue) { - return; - } - // Extract state and ensure it matches given InteractionType, then clean request cache - const parsedState = extractBrowserRequestState(this.cryptoImpl, stateValue); - if (parsedState && - parsedState.interactionType === interactionType) { - this.logger.infoPii(`BrowserCacheManager.cleanRequestByInteractionType: Removing temporary cache items for state: ${stateValue}`); - this.resetRequestCache(stateValue); - } - }); - this.clearMsalCookies(); - this.setInteractionInProgress(false); - } - cacheCodeRequest(authCodeRequest) { - this.logger.trace("BrowserCacheManager.cacheCodeRequest called"); - const encodedValue = base64Encode(JSON.stringify(authCodeRequest)); - this.setTemporaryCache(TemporaryCacheKeys.REQUEST_PARAMS, encodedValue, true); - } - /** - * Gets the token exchange parameters from the cache. Throws an error if nothing is found. - */ - getCachedRequest(state) { - this.logger.trace("BrowserCacheManager.getCachedRequest called"); - // Get token request from cache and parse as TokenExchangeParameters. - const encodedTokenRequest = this.getTemporaryCache(TemporaryCacheKeys.REQUEST_PARAMS, true); - if (!encodedTokenRequest) { - throw createBrowserAuthError(noTokenRequestCacheError); - } - let parsedRequest; - try { - parsedRequest = JSON.parse(base64Decode(encodedTokenRequest)); - } - catch (e) { - this.logger.errorPii(`Attempted to parse: ${encodedTokenRequest}`); - this.logger.error(`Parsing cached token request threw with error: ${e}`); - throw createBrowserAuthError(unableToParseTokenRequestCacheError); - } - this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.REQUEST_PARAMS)); - // Get cached authority and use if no authority is cached with request. - if (!parsedRequest.authority) { - const authorityCacheKey = this.generateAuthorityKey(state); - const cachedAuthority = this.getTemporaryCache(authorityCacheKey); - if (!cachedAuthority) { - throw createBrowserAuthError(noCachedAuthorityError); - } - parsedRequest.authority = cachedAuthority; - } - return parsedRequest; - } - /** - * Gets cached native request for redirect flows - */ - getCachedNativeRequest() { - this.logger.trace("BrowserCacheManager.getCachedNativeRequest called"); - const cachedRequest = this.getTemporaryCache(TemporaryCacheKeys.NATIVE_REQUEST, true); - if (!cachedRequest) { - this.logger.trace("BrowserCacheManager.getCachedNativeRequest: No cached native request found"); - return null; - } - const parsedRequest = this.validateAndParseJson(cachedRequest); - if (!parsedRequest) { - this.logger.error("BrowserCacheManager.getCachedNativeRequest: Unable to parse native request"); - return null; - } - return parsedRequest; - } - isInteractionInProgress(matchClientId) { - const clientId = this.getInteractionInProgress(); - if (matchClientId) { - return clientId === this.clientId; - } - else { - return !!clientId; - } - } - getInteractionInProgress() { - const key = `${Constants.CACHE_PREFIX}.${TemporaryCacheKeys.INTERACTION_STATUS_KEY}`; - return this.getTemporaryCache(key, false); - } - setInteractionInProgress(inProgress) { - // Ensure we don't overwrite interaction in progress for a different clientId - const key = `${Constants.CACHE_PREFIX}.${TemporaryCacheKeys.INTERACTION_STATUS_KEY}`; - if (inProgress) { - if (this.getInteractionInProgress()) { - throw createBrowserAuthError(interactionInProgress); - } - else { - // No interaction is in progress - this.setTemporaryCache(key, this.clientId, false); - } - } - else if (!inProgress && - this.getInteractionInProgress() === this.clientId) { - this.removeTemporaryItem(key); - } - } - /** - * Returns username retrieved from ADAL or MSAL v1 idToken - * @deprecated - */ - getLegacyLoginHint() { - // Only check for adal/msal token if no SSO params are being used - const adalIdTokenString = this.getTemporaryCache(PersistentCacheKeys.ADAL_ID_TOKEN); - if (adalIdTokenString) { - this.browserStorage.removeItem(PersistentCacheKeys.ADAL_ID_TOKEN); - this.logger.verbose("Cached ADAL id token retrieved."); - } - // Check for cached MSAL v1 id token - const msalIdTokenString = this.getTemporaryCache(PersistentCacheKeys.ID_TOKEN, true); - if (msalIdTokenString) { - this.browserStorage.removeItem(this.generateCacheKey(PersistentCacheKeys.ID_TOKEN)); - this.logger.verbose("Cached MSAL.js v1 id token retrieved"); - } - const cachedIdTokenString = msalIdTokenString || adalIdTokenString; - if (cachedIdTokenString) { - const idTokenClaims = extractTokenClaims(cachedIdTokenString, base64Decode); - if (idTokenClaims.preferred_username) { - this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 preferred_username as loginHint"); - return idTokenClaims.preferred_username; - } - else if (idTokenClaims.upn) { - this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 upn as loginHint"); - return idTokenClaims.upn; - } - else { - this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, however, no account hint claim found. Enable preferred_username or upn id token claim to get SSO."); - } - } - return null; - } - /** - * Updates a credential's cache key if the current cache key is outdated - */ - updateCredentialCacheKey(currentCacheKey, credential) { - const updatedCacheKey = generateCredentialKey(credential); - if (currentCacheKey !== updatedCacheKey) { - const cacheItem = this.getItem(currentCacheKey); - if (cacheItem) { - this.browserStorage.removeItem(currentCacheKey); - this.setItem(updatedCacheKey, cacheItem); - this.logger.verbose(`Updated an outdated ${credential.credentialType} cache key`); - return updatedCacheKey; - } - else { - this.logger.error(`Attempted to update an outdated ${credential.credentialType} cache key but no item matching the outdated key was found in storage`); - } - } - return currentCacheKey; - } - /** - * Builds credential entities from AuthenticationResult object and saves the resulting credentials to the cache - * @param result - * @param request - */ - async hydrateCache(result, request) { - const idTokenEntity = createIdTokenEntity(result.account?.homeAccountId, result.account?.environment, result.idToken, this.clientId, result.tenantId); - let claimsHash; - if (request.claims) { - claimsHash = await this.cryptoImpl.hashString(request.claims); - } - /** - * meta data for cache stores time in seconds from epoch - * AuthenticationResult returns expiresOn and extExpiresOn in milliseconds (as a Date object which is in ms) - * We need to map these for the cache when building tokens from AuthenticationResult - * - * The next MSAL VFuture should map these both to same value if possible - */ - const accessTokenEntity = createAccessTokenEntity(result.account?.homeAccountId, result.account.environment, result.accessToken, this.clientId, result.tenantId, result.scopes.join(" "), result.expiresOn ? result.expiresOn.getTime() / 1000 : 0, result.extExpiresOn ? result.extExpiresOn.getTime() / 1000 : 0, base64Decode, undefined, // refreshOn - result.tokenType, undefined, // userAssertionHash - request.sshKid, request.claims, claimsHash); - const cacheRecord = { - idToken: idTokenEntity, - accessToken: accessTokenEntity, - }; - return this.saveCacheRecord(cacheRecord); - } - /** - * saves a cache record - * @param cacheRecord {CacheRecord} - * @param storeInCache {?StoreInCache} - * @param correlationId {?string} correlation id - */ - async saveCacheRecord(cacheRecord, storeInCache, correlationId) { - try { - await super.saveCacheRecord(cacheRecord, storeInCache, correlationId); - } - catch (e) { - if (e instanceof CacheError && - this.performanceClient && - correlationId) { - try { - const tokenKeys = this.getTokenKeys(); - this.performanceClient.addFields({ - cacheRtCount: tokenKeys.refreshToken.length, - cacheIdCount: tokenKeys.idToken.length, - cacheAtCount: tokenKeys.accessToken.length, - }, correlationId); - } - catch (e) { } - } - throw e; - } - } -} -const DEFAULT_BROWSER_CACHE_MANAGER = (clientId, logger) => { - const cacheOptions = { - cacheLocation: BrowserCacheLocation.MemoryStorage, - temporaryCacheLocation: BrowserCacheLocation.MemoryStorage, - storeAuthStateInCookie: false, - secureCookies: false, - cacheMigrationEnabled: false, - claimsBasedCachingEnabled: false, - }; - return new BrowserCacheManager(clientId, cacheOptions, DEFAULT_CRYPTO_IMPLEMENTATION, logger); -}; - - -//# sourceMappingURL=BrowserCacheManager.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/cache/AccountManager.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned. - * @param accountFilter - (Optional) filter to narrow down the accounts returned - * @returns Array of AccountInfo objects in cache - */ -function getAllAccounts(logger, browserStorage, isInBrowser, accountFilter) { - logger.verbose("getAllAccounts called"); - return isInBrowser ? browserStorage.getAllAccounts(accountFilter) : []; -} -/** - * Returns the first account found in the cache that matches the account filter passed in. - * @param accountFilter - * @returns The first account found in the cache matching the provided filter or null if no account could be found. - */ -function getAccount(accountFilter, logger, browserStorage) { - logger.trace("getAccount called"); - if (Object.keys(accountFilter).length === 0) { - logger.warning("getAccount: No accountFilter provided"); - return null; - } - const account = browserStorage.getAccountInfoFilteredBy(accountFilter); - if (account) { - logger.verbose("getAccount: Account matching provided filter found, returning"); - return account; - } - else { - logger.verbose("getAccount: No matching account found, returning null"); - return null; - } -} -/** - * Returns the signed in account matching username. - * (the account object is created at the time of successful login) - * or null when no matching account is found. - * This API is provided for convenience but getAccountById should be used for best reliability - * @param username - * @returns The account object stored in MSAL - */ -function getAccountByUsername(username, logger, browserStorage) { - logger.trace("getAccountByUsername called"); - if (!username) { - logger.warning("getAccountByUsername: No username provided"); - return null; - } - const account = browserStorage.getAccountInfoFilteredBy({ - username, - }); - if (account) { - logger.verbose("getAccountByUsername: Account matching username found, returning"); - logger.verbosePii(`getAccountByUsername: Returning signed-in accounts matching username: ${username}`); - return account; - } - else { - logger.verbose("getAccountByUsername: No matching account found, returning null"); - return null; - } -} -/** - * Returns the signed in account matching homeAccountId. - * (the account object is created at the time of successful login) - * or null when no matching account is found - * @param homeAccountId - * @returns The account object stored in MSAL - */ -function getAccountByHomeId(homeAccountId, logger, browserStorage) { - logger.trace("getAccountByHomeId called"); - if (!homeAccountId) { - logger.warning("getAccountByHomeId: No homeAccountId provided"); - return null; - } - const account = browserStorage.getAccountInfoFilteredBy({ - homeAccountId, - }); - if (account) { - logger.verbose("getAccountByHomeId: Account matching homeAccountId found, returning"); - logger.verbosePii(`getAccountByHomeId: Returning signed-in accounts matching homeAccountId: ${homeAccountId}`); - return account; - } - else { - logger.verbose("getAccountByHomeId: No matching account found, returning null"); - return null; - } -} -/** - * Returns the signed in account matching localAccountId. - * (the account object is created at the time of successful login) - * or null when no matching account is found - * @param localAccountId - * @returns The account object stored in MSAL - */ -function getAccountByLocalId(localAccountId, logger, browserStorage) { - logger.trace("getAccountByLocalId called"); - if (!localAccountId) { - logger.warning("getAccountByLocalId: No localAccountId provided"); - return null; - } - const account = browserStorage.getAccountInfoFilteredBy({ - localAccountId, - }); - if (account) { - logger.verbose("getAccountByLocalId: Account matching localAccountId found, returning"); - logger.verbosePii(`getAccountByLocalId: Returning signed-in accounts matching localAccountId: ${localAccountId}`); - return account; - } - else { - logger.verbose("getAccountByLocalId: No matching account found, returning null"); - return null; - } -} -/** - * Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account. - * @param account - */ -function setActiveAccount(account, browserStorage) { - browserStorage.setActiveAccount(account); -} -/** - * Gets the currently active account - */ -function getActiveAccount(browserStorage) { - return browserStorage.getActiveAccount(); -} - - -//# sourceMappingURL=AccountManager.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/utils/BrowserUtils.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Clears hash from window url. - */ -function clearHash(contentWindow) { - // Office.js sets history.replaceState to null - contentWindow.location.hash = ""; - if (typeof contentWindow.history.replaceState === "function") { - // Full removes "#" from url - contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}${contentWindow.location.search}`); - } -} -/** - * Replaces current hash with hash from provided url - */ -function replaceHash(url) { - const urlParts = url.split("#"); - urlParts.shift(); // Remove part before the hash - window.location.hash = urlParts.length > 0 ? urlParts.join("#") : ""; -} -/** - * Returns boolean of whether the current window is in an iframe or not. - */ -function isInIframe() { - return window.parent !== window; -} -/** - * Returns boolean of whether or not the current window is a popup opened by msal - */ -function isInPopup() { - return (typeof window !== "undefined" && - !!window.opener && - window.opener !== window && - typeof window.name === "string" && - window.name.indexOf(`${BrowserConstants.POPUP_NAME_PREFIX}.`) === 0); -} -// #endregion -/** - * Returns current window URL as redirect uri - */ -function getCurrentUri() { - return window.location.href.split("?")[0].split("#")[0]; -} -/** - * Gets the homepage url for the current window location. - */ -function getHomepage() { - const currentUrl = new UrlString(window.location.href); - const urlComponents = currentUrl.getUrlComponents(); - return `${urlComponents.Protocol}//${urlComponents.HostNameAndPort}/`; -} -/** - * Throws error if we have completed an auth and are - * attempting another auth request inside an iframe. - */ -function blockReloadInHiddenIframes() { - const isResponseHash = UrlString.hashContainsKnownProperties(window.location.hash); - // return an error if called from the hidden iframe created by the msal js silent calls - if (isResponseHash && isInIframe()) { - throw createBrowserAuthError(blockIframeReload); - } -} -/** - * Block redirect operations in iframes unless explicitly allowed - * @param interactionType Interaction type for the request - * @param allowRedirectInIframe Config value to allow redirects when app is inside an iframe - */ -function blockRedirectInIframe(allowRedirectInIframe) { - if (isInIframe() && !allowRedirectInIframe) { - // If we are not in top frame, we shouldn't redirect. This is also handled by the service. - throw createBrowserAuthError(redirectInIframe); - } -} -/** - * Block redirectUri loaded in popup from calling AcquireToken APIs - */ -function blockAcquireTokenInPopups() { - // Popups opened by msal popup APIs are given a name that starts with "msal." - if (isInPopup()) { - throw createBrowserAuthError(blockNestedPopups); - } -} -/** - * Throws error if token requests are made in non-browser environment - * @param isBrowserEnvironment Flag indicating if environment is a browser. - */ -function blockNonBrowserEnvironment() { - if (typeof window === "undefined") { - throw createBrowserAuthError(nonBrowserEnvironment); - } -} -/** - * Throws error if initialize hasn't been called - * @param initialized - */ -function blockAPICallsBeforeInitialize(initialized) { - if (!initialized) { - throw createBrowserAuthError(uninitializedPublicClientApplication); - } -} -/** - * Helper to validate app environment before making an auth request - * @param initialized - */ -function preflightCheck(initialized) { - // Block request if not in browser environment - blockNonBrowserEnvironment(); - // Block auth requests inside a hidden iframe - blockReloadInHiddenIframes(); - // Block redirectUri opened in a popup from calling MSAL APIs - blockAcquireTokenInPopups(); - // Block token acquisition before initialize has been called - blockAPICallsBeforeInitialize(initialized); -} -/** - * Helper to validate app enviornment before making redirect request - * @param initialized - * @param config - */ -function redirectPreflightCheck(initialized, config) { - preflightCheck(initialized); - blockRedirectInIframe(config.system.allowRedirectInIframe); - // Block redirects if memory storage is enabled but storeAuthStateInCookie is not - if (config.cache.cacheLocation === BrowserCacheLocation.MemoryStorage && - !config.cache.storeAuthStateInCookie) { - throw createBrowserConfigurationAuthError(inMemRedirectUnavailable); - } -} -/** - * Adds a preconnect link element to the header which begins DNS resolution and SSL connection in anticipation of the /token request - * @param loginDomain Authority domain, including https protocol e.g. https://login.microsoftonline.com - * @returns - */ -function preconnect(authority) { - const link = document.createElement("link"); - link.rel = "preconnect"; - link.href = new URL(authority).origin; - link.crossOrigin = "anonymous"; - document.head.appendChild(link); - // The browser will close connection if not used within a few seconds, remove element from the header after 10s - window.setTimeout(() => { - try { - document.head.removeChild(link); - } - catch { } - }, 10000); // 10s Timeout -} -/** - * Wrapper function that creates a UUID v7 from the current timestamp. - * @returns {string} - */ -function createGuid() { - return createNewGuid(); -} - - -//# sourceMappingURL=BrowserUtils.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/event/EventType.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const EventType = { - INITIALIZE_START: "msal:initializeStart", - INITIALIZE_END: "msal:initializeEnd", - ACCOUNT_ADDED: "msal:accountAdded", - ACCOUNT_REMOVED: "msal:accountRemoved", - ACTIVE_ACCOUNT_CHANGED: "msal:activeAccountChanged", - LOGIN_START: "msal:loginStart", - LOGIN_SUCCESS: "msal:loginSuccess", - LOGIN_FAILURE: "msal:loginFailure", - ACQUIRE_TOKEN_START: "msal:acquireTokenStart", - ACQUIRE_TOKEN_SUCCESS: "msal:acquireTokenSuccess", - ACQUIRE_TOKEN_FAILURE: "msal:acquireTokenFailure", - ACQUIRE_TOKEN_NETWORK_START: "msal:acquireTokenFromNetworkStart", - SSO_SILENT_START: "msal:ssoSilentStart", - SSO_SILENT_SUCCESS: "msal:ssoSilentSuccess", - SSO_SILENT_FAILURE: "msal:ssoSilentFailure", - ACQUIRE_TOKEN_BY_CODE_START: "msal:acquireTokenByCodeStart", - ACQUIRE_TOKEN_BY_CODE_SUCCESS: "msal:acquireTokenByCodeSuccess", - ACQUIRE_TOKEN_BY_CODE_FAILURE: "msal:acquireTokenByCodeFailure", - HANDLE_REDIRECT_START: "msal:handleRedirectStart", - HANDLE_REDIRECT_END: "msal:handleRedirectEnd", - POPUP_OPENED: "msal:popupOpened", - LOGOUT_START: "msal:logoutStart", - LOGOUT_SUCCESS: "msal:logoutSuccess", - LOGOUT_FAILURE: "msal:logoutFailure", - LOGOUT_END: "msal:logoutEnd", - RESTORE_FROM_BFCACHE: "msal:restoreFromBFCache", -}; - - -//# sourceMappingURL=EventType.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/event/EventHandler.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class EventHandler { - constructor(logger, browserCrypto) { - this.eventCallbacks = new Map(); - this.logger = logger; - this.browserCrypto = browserCrypto; - this.listeningToStorageEvents = false; - this.handleAccountCacheChange = - this.handleAccountCacheChange.bind(this); - } - /** - * Adds event callbacks to array - * @param callback - */ - addEventCallback(callback) { - if (typeof window !== "undefined") { - const callbackId = BrowserCrypto_createNewGuid(); - this.eventCallbacks.set(callbackId, callback); - this.logger.verbose(`Event callback registered with id: ${callbackId}`); - return callbackId; - } - return null; - } - /** - * Removes callback with provided id from callback array - * @param callbackId - */ - removeEventCallback(callbackId) { - this.eventCallbacks.delete(callbackId); - this.logger.verbose(`Event callback ${callbackId} removed.`); - } - /** - * Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window - */ - enableAccountStorageEvents() { - if (typeof window === "undefined") { - return; - } - if (!this.listeningToStorageEvents) { - this.logger.verbose("Adding account storage listener."); - this.listeningToStorageEvents = true; - window.addEventListener("storage", this.handleAccountCacheChange); - } - else { - this.logger.verbose("Account storage listener already registered."); - } - } - /** - * Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window - */ - disableAccountStorageEvents() { - if (typeof window === "undefined") { - return; - } - if (this.listeningToStorageEvents) { - this.logger.verbose("Removing account storage listener."); - window.removeEventListener("storage", this.handleAccountCacheChange); - this.listeningToStorageEvents = false; - } - else { - this.logger.verbose("No account storage listener registered."); - } - } - /** - * Emits events by calling callback with event message - * @param eventType - * @param interactionType - * @param payload - * @param error - */ - emitEvent(eventType, interactionType, payload, error) { - if (typeof window !== "undefined") { - const message = { - eventType: eventType, - interactionType: interactionType || null, - payload: payload || null, - error: error || null, - timestamp: Date.now(), - }; - this.logger.info(`Emitting event: ${eventType}`); - this.eventCallbacks.forEach((callback, callbackId) => { - this.logger.verbose(`Emitting event to callback ${callbackId}: ${eventType}`); - callback.apply(null, [message]); - }); - } - } - /** - * Emit account added/removed events when cached accounts are changed in a different tab or frame - */ - handleAccountCacheChange(e) { - try { - // Handle active account filter change - if (e.key?.includes(PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS)) { - // This event has no payload, it only signals cross-tab app instances that the results of calling getActiveAccount() will have changed - this.emitEvent(EventType.ACTIVE_ACCOUNT_CHANGED); - } - // Handle account object change - const cacheValue = e.newValue || e.oldValue; - if (!cacheValue) { - return; - } - const parsedValue = JSON.parse(cacheValue); - if (typeof parsedValue !== "object" || - !AccountEntity.isAccountEntity(parsedValue)) { - return; - } - const accountEntity = CacheManager.toObject(new AccountEntity(), parsedValue); - const accountInfo = accountEntity.getAccountInfo(); - if (!e.oldValue && e.newValue) { - this.logger.info("Account was added to cache in a different window"); - this.emitEvent(EventType.ACCOUNT_ADDED, undefined, accountInfo); - } - else if (!e.newValue && e.oldValue) { - this.logger.info("Account was removed from cache in a different window"); - this.emitEvent(EventType.ACCOUNT_REMOVED, undefined, accountInfo); - } - } - catch (e) { - return; - } - } -} - - -//# sourceMappingURL=EventHandler.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/error/ServerError.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Error thrown when there is an error with the server code, for example, unavailability. - */ -class ServerError extends AuthError { - constructor(errorCode, errorMessage, subError, errorNo, status) { - super(errorCode, errorMessage, subError); - this.name = "ServerError"; - this.errorNo = errorNo; - this.status = status; - Object.setPrototypeOf(this, ServerError.prototype); - } -} - - -//# sourceMappingURL=ServerError.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/network/ThrottlingUtils.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** @internal */ -class ThrottlingUtils { - /** - * Prepares a RequestThumbprint to be stored as a key. - * @param thumbprint - */ - static generateThrottlingStorageKey(thumbprint) { - return `${ThrottlingConstants.THROTTLING_PREFIX}.${JSON.stringify(thumbprint)}`; - } - /** - * Performs necessary throttling checks before a network request. - * @param cacheManager - * @param thumbprint - */ - static preProcess(cacheManager, thumbprint) { - const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint); - const value = cacheManager.getThrottlingCache(key); - if (value) { - if (value.throttleTime < Date.now()) { - cacheManager.removeItem(key); - return; - } - throw new ServerError(value.errorCodes?.join(" ") || Constants.EMPTY_STRING, value.errorMessage, value.subError); - } - } - /** - * Performs necessary throttling checks after a network request. - * @param cacheManager - * @param thumbprint - * @param response - */ - static postProcess(cacheManager, thumbprint, response) { - if (ThrottlingUtils.checkResponseStatus(response) || - ThrottlingUtils.checkResponseForRetryAfter(response)) { - const thumbprintValue = { - throttleTime: ThrottlingUtils.calculateThrottleTime(parseInt(response.headers[HeaderNames.RETRY_AFTER])), - error: response.body.error, - errorCodes: response.body.error_codes, - errorMessage: response.body.error_description, - subError: response.body.suberror, - }; - cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue); - } - } - /** - * Checks a NetworkResponse object's status codes against 429 or 5xx - * @param response - */ - static checkResponseStatus(response) { - return (response.status === 429 || - (response.status >= 500 && response.status < 600)); - } - /** - * Checks a NetworkResponse object's RetryAfter header - * @param response - */ - static checkResponseForRetryAfter(response) { - if (response.headers) { - return (response.headers.hasOwnProperty(HeaderNames.RETRY_AFTER) && - (response.status < 200 || response.status >= 300)); - } - return false; - } - /** - * Calculates the Unix-time value for a throttle to expire given throttleTime in seconds. - * @param throttleTime - */ - static calculateThrottleTime(throttleTime) { - const time = throttleTime <= 0 ? 0 : throttleTime; - const currentSeconds = Date.now() / 1000; - return Math.floor(Math.min(currentSeconds + - (time || ThrottlingConstants.DEFAULT_THROTTLE_TIME_SECONDS), currentSeconds + - ThrottlingConstants.DEFAULT_MAX_THROTTLE_TIME_SECONDS) * 1000); - } - static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) { - const thumbprint = { - clientId: clientId, - authority: request.authority, - scopes: request.scopes, - homeAccountIdentifier: homeAccountIdentifier, - claims: request.claims, - authenticationScheme: request.authenticationScheme, - resourceRequestMethod: request.resourceRequestMethod, - resourceRequestUri: request.resourceRequestUri, - shrClaims: request.shrClaims, - sshKid: request.sshKid, - }; - const key = this.generateThrottlingStorageKey(thumbprint); - cacheManager.removeItem(key); - } -} - - -//# sourceMappingURL=ThrottlingUtils.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/network/NetworkManager.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** @internal */ -class NetworkManager { - constructor(networkClient, cacheManager) { - this.networkClient = networkClient; - this.cacheManager = cacheManager; - } - /** - * Wraps sendPostRequestAsync with necessary preflight and postflight logic - * @param thumbprint - * @param tokenEndpoint - * @param options - */ - async sendPostRequest(thumbprint, tokenEndpoint, options) { - ThrottlingUtils.preProcess(this.cacheManager, thumbprint); - let response; - try { - response = await this.networkClient.sendPostRequestAsync(tokenEndpoint, options); - } - catch (e) { - if (e instanceof AuthError) { - throw e; - } - else { - throw createClientAuthError(networkError); - } - } - ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response); - return response; - } -} - - -//# sourceMappingURL=NetworkManager.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/constants/AADServerParamKeys.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const CLIENT_ID = "client_id"; -const REDIRECT_URI = "redirect_uri"; -const RESPONSE_TYPE = "response_type"; -const RESPONSE_MODE = "response_mode"; -const GRANT_TYPE = "grant_type"; -const CLAIMS = "claims"; -const SCOPE = "scope"; -const ERROR = "error"; -const ERROR_DESCRIPTION = "error_description"; -const ACCESS_TOKEN = "access_token"; -const ID_TOKEN = "id_token"; -const REFRESH_TOKEN = "refresh_token"; -const EXPIRES_IN = "expires_in"; -const REFRESH_TOKEN_EXPIRES_IN = "refresh_token_expires_in"; -const STATE = "state"; -const NONCE = "nonce"; -const PROMPT = "prompt"; -const SESSION_STATE = "session_state"; -const AADServerParamKeys_CLIENT_INFO = "client_info"; -const CODE = "code"; -const CODE_CHALLENGE = "code_challenge"; -const CODE_CHALLENGE_METHOD = "code_challenge_method"; -const CODE_VERIFIER = "code_verifier"; -const CLIENT_REQUEST_ID = "client-request-id"; -const X_CLIENT_SKU = "x-client-SKU"; -const X_CLIENT_VER = "x-client-VER"; -const X_CLIENT_OS = "x-client-OS"; -const X_CLIENT_CPU = "x-client-CPU"; -const X_CLIENT_CURR_TELEM = "x-client-current-telemetry"; -const X_CLIENT_LAST_TELEM = "x-client-last-telemetry"; -const X_MS_LIB_CAPABILITY = "x-ms-lib-capability"; -const X_APP_NAME = "x-app-name"; -const X_APP_VER = "x-app-ver"; -const POST_LOGOUT_URI = "post_logout_redirect_uri"; -const ID_TOKEN_HINT = "id_token_hint"; -const DEVICE_CODE = "device_code"; -const CLIENT_SECRET = "client_secret"; -const CLIENT_ASSERTION = "client_assertion"; -const CLIENT_ASSERTION_TYPE = "client_assertion_type"; -const TOKEN_TYPE = "token_type"; -const REQ_CNF = "req_cnf"; -const OBO_ASSERTION = "assertion"; -const REQUESTED_TOKEN_USE = "requested_token_use"; -const ON_BEHALF_OF = "on_behalf_of"; -const FOCI = "foci"; -const CCS_HEADER = "X-AnchorMailbox"; -const RETURN_SPA_CODE = "return_spa_code"; -const NATIVE_BROKER = "nativebroker"; -const LOGOUT_HINT = "logout_hint"; -const SID = "sid"; -const LOGIN_HINT = "login_hint"; -const DOMAIN_HINT = "domain_hint"; -const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku"; - - -//# sourceMappingURL=AADServerParamKeys.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/request/RequestValidator.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Validates server consumable params from the "request" objects - */ -class RequestValidator { - /** - * Utility to check if the `redirectUri` in the request is a non-null value - * @param redirectUri - */ - static validateRedirectUri(redirectUri) { - if (!redirectUri) { - throw createClientConfigurationError(redirectUriEmpty); - } - } - /** - * Utility to validate prompt sent by the user in the request - * @param prompt - */ - static validatePrompt(prompt) { - const promptValues = []; - for (const value in PromptValue) { - promptValues.push(PromptValue[value]); - } - if (promptValues.indexOf(prompt) < 0) { - throw createClientConfigurationError(invalidPromptValue); - } - } - static validateClaims(claims) { - try { - JSON.parse(claims); - } - catch (e) { - throw createClientConfigurationError(invalidClaims); - } - } - /** - * Utility to validate code_challenge and code_challenge_method - * @param codeChallenge - * @param codeChallengeMethod - */ - static validateCodeChallengeParams(codeChallenge, codeChallengeMethod) { - if (!codeChallenge || !codeChallengeMethod) { - throw createClientConfigurationError(pkceParamsMissing); - } - else { - this.validateCodeChallengeMethod(codeChallengeMethod); - } - } - /** - * Utility to validate code_challenge_method - * @param codeChallengeMethod - */ - static validateCodeChallengeMethod(codeChallengeMethod) { - if ([ - CodeChallengeMethodValues.PLAIN, - CodeChallengeMethodValues.S256, - ].indexOf(codeChallengeMethod) < 0) { - throw createClientConfigurationError(invalidCodeChallengeMethod); - } - } -} - - -//# sourceMappingURL=RequestValidator.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/request/RequestParameterBuilder.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** @internal */ -class RequestParameterBuilder { - constructor() { - this.parameters = new Map(); - } - /** - * add response_type = code - */ - addResponseTypeCode() { - this.parameters.set(RESPONSE_TYPE, encodeURIComponent(Constants.CODE_RESPONSE_TYPE)); - } - /** - * add response_type = token id_token - */ - addResponseTypeForTokenAndIdToken() { - this.parameters.set(RESPONSE_TYPE, encodeURIComponent(`${Constants.TOKEN_RESPONSE_TYPE} ${Constants.ID_TOKEN_RESPONSE_TYPE}`)); - } - /** - * add response_mode. defaults to query. - * @param responseMode - */ - addResponseMode(responseMode) { - this.parameters.set(RESPONSE_MODE, encodeURIComponent(responseMode ? responseMode : ResponseMode.QUERY)); - } - /** - * Add flag to indicate STS should attempt to use WAM if available - */ - addNativeBroker() { - this.parameters.set(NATIVE_BROKER, encodeURIComponent("1")); - } - /** - * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios - * @param scopeSet - * @param addOidcScopes - */ - addScopes(scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) { - // Always add openid to the scopes when adding OIDC scopes - if (addOidcScopes && - !defaultScopes.includes("openid") && - !scopes.includes("openid")) { - defaultScopes.push("openid"); - } - const requestScopes = addOidcScopes - ? [...(scopes || []), ...defaultScopes] - : scopes || []; - const scopeSet = new ScopeSet(requestScopes); - this.parameters.set(SCOPE, encodeURIComponent(scopeSet.printScopes())); - } - /** - * add clientId - * @param clientId - */ - addClientId(clientId) { - this.parameters.set(CLIENT_ID, encodeURIComponent(clientId)); - } - /** - * add redirect_uri - * @param redirectUri - */ - addRedirectUri(redirectUri) { - RequestValidator.validateRedirectUri(redirectUri); - this.parameters.set(REDIRECT_URI, encodeURIComponent(redirectUri)); - } - /** - * add post logout redirectUri - * @param redirectUri - */ - addPostLogoutRedirectUri(redirectUri) { - RequestValidator.validateRedirectUri(redirectUri); - this.parameters.set(POST_LOGOUT_URI, encodeURIComponent(redirectUri)); - } - /** - * add id_token_hint to logout request - * @param idTokenHint - */ - addIdTokenHint(idTokenHint) { - this.parameters.set(ID_TOKEN_HINT, encodeURIComponent(idTokenHint)); - } - /** - * add domain_hint - * @param domainHint - */ - addDomainHint(domainHint) { - this.parameters.set(DOMAIN_HINT, encodeURIComponent(domainHint)); - } - /** - * add login_hint - * @param loginHint - */ - addLoginHint(loginHint) { - this.parameters.set(LOGIN_HINT, encodeURIComponent(loginHint)); - } - /** - * Adds the CCS (Cache Credential Service) query parameter for login_hint - * @param loginHint - */ - addCcsUpn(loginHint) { - this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`UPN:${loginHint}`)); - } - /** - * Adds the CCS (Cache Credential Service) query parameter for account object - * @param loginHint - */ - addCcsOid(clientInfo) { - this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`Oid:${clientInfo.uid}@${clientInfo.utid}`)); - } - /** - * add sid - * @param sid - */ - addSid(sid) { - this.parameters.set(SID, encodeURIComponent(sid)); - } - /** - * add claims - * @param claims - */ - addClaims(claims, clientCapabilities) { - const mergedClaims = this.addClientCapabilitiesToClaims(claims, clientCapabilities); - RequestValidator.validateClaims(mergedClaims); - this.parameters.set(CLAIMS, encodeURIComponent(mergedClaims)); - } - /** - * add correlationId - * @param correlationId - */ - addCorrelationId(correlationId) { - this.parameters.set(CLIENT_REQUEST_ID, encodeURIComponent(correlationId)); - } - /** - * add library info query params - * @param libraryInfo - */ - addLibraryInfo(libraryInfo) { - // Telemetry Info - this.parameters.set(X_CLIENT_SKU, libraryInfo.sku); - this.parameters.set(X_CLIENT_VER, libraryInfo.version); - if (libraryInfo.os) { - this.parameters.set(X_CLIENT_OS, libraryInfo.os); - } - if (libraryInfo.cpu) { - this.parameters.set(X_CLIENT_CPU, libraryInfo.cpu); - } - } - /** - * Add client telemetry parameters - * @param appTelemetry - */ - addApplicationTelemetry(appTelemetry) { - if (appTelemetry?.appName) { - this.parameters.set(X_APP_NAME, appTelemetry.appName); - } - if (appTelemetry?.appVersion) { - this.parameters.set(X_APP_VER, appTelemetry.appVersion); - } - } - /** - * add prompt - * @param prompt - */ - addPrompt(prompt) { - RequestValidator.validatePrompt(prompt); - this.parameters.set(`${PROMPT}`, encodeURIComponent(prompt)); - } - /** - * add state - * @param state - */ - addState(state) { - if (state) { - this.parameters.set(STATE, encodeURIComponent(state)); - } - } - /** - * add nonce - * @param nonce - */ - addNonce(nonce) { - this.parameters.set(NONCE, encodeURIComponent(nonce)); - } - /** - * add code_challenge and code_challenge_method - * - throw if either of them are not passed - * @param codeChallenge - * @param codeChallengeMethod - */ - addCodeChallengeParams(codeChallenge, codeChallengeMethod) { - RequestValidator.validateCodeChallengeParams(codeChallenge, codeChallengeMethod); - if (codeChallenge && codeChallengeMethod) { - this.parameters.set(CODE_CHALLENGE, encodeURIComponent(codeChallenge)); - this.parameters.set(CODE_CHALLENGE_METHOD, encodeURIComponent(codeChallengeMethod)); - } - else { - throw createClientConfigurationError(pkceParamsMissing); - } - } - /** - * add the `authorization_code` passed by the user to exchange for a token - * @param code - */ - addAuthorizationCode(code) { - this.parameters.set(CODE, encodeURIComponent(code)); - } - /** - * add the `authorization_code` passed by the user to exchange for a token - * @param code - */ - addDeviceCode(code) { - this.parameters.set(DEVICE_CODE, encodeURIComponent(code)); - } - /** - * add the `refreshToken` passed by the user - * @param refreshToken - */ - addRefreshToken(refreshToken) { - this.parameters.set(REFRESH_TOKEN, encodeURIComponent(refreshToken)); - } - /** - * add the `code_verifier` passed by the user to exchange for a token - * @param codeVerifier - */ - addCodeVerifier(codeVerifier) { - this.parameters.set(CODE_VERIFIER, encodeURIComponent(codeVerifier)); - } - /** - * add client_secret - * @param clientSecret - */ - addClientSecret(clientSecret) { - this.parameters.set(CLIENT_SECRET, encodeURIComponent(clientSecret)); - } - /** - * add clientAssertion for confidential client flows - * @param clientAssertion - */ - addClientAssertion(clientAssertion) { - if (clientAssertion) { - this.parameters.set(CLIENT_ASSERTION, encodeURIComponent(clientAssertion)); - } - } - /** - * add clientAssertionType for confidential client flows - * @param clientAssertionType - */ - addClientAssertionType(clientAssertionType) { - if (clientAssertionType) { - this.parameters.set(CLIENT_ASSERTION_TYPE, encodeURIComponent(clientAssertionType)); - } - } - /** - * add OBO assertion for confidential client flows - * @param clientAssertion - */ - addOboAssertion(oboAssertion) { - this.parameters.set(OBO_ASSERTION, encodeURIComponent(oboAssertion)); - } - /** - * add grant type - * @param grantType - */ - addRequestTokenUse(tokenUse) { - this.parameters.set(REQUESTED_TOKEN_USE, encodeURIComponent(tokenUse)); - } - /** - * add grant type - * @param grantType - */ - addGrantType(grantType) { - this.parameters.set(GRANT_TYPE, encodeURIComponent(grantType)); - } - /** - * add client info - * - */ - addClientInfo() { - this.parameters.set(CLIENT_INFO, "1"); - } - /** - * add extraQueryParams - * @param eQParams - */ - addExtraQueryParameters(eQParams) { - Object.entries(eQParams).forEach(([key, value]) => { - if (!this.parameters.has(key) && value) { - this.parameters.set(key, value); - } - }); - } - addClientCapabilitiesToClaims(claims, clientCapabilities) { - let mergedClaims; - // Parse provided claims into JSON object or initialize empty object - if (!claims) { - mergedClaims = {}; - } - else { - try { - mergedClaims = JSON.parse(claims); - } - catch (e) { - throw createClientConfigurationError(invalidClaims); - } - } - if (clientCapabilities && clientCapabilities.length > 0) { - if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) { - // Add access_token key to claims object - mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {}; - } - // Add xms_cc claim with provided clientCapabilities to access_token key - mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] = { - values: clientCapabilities, - }; - } - return JSON.stringify(mergedClaims); - } - /** - * adds `username` for Password Grant flow - * @param username - */ - addUsername(username) { - this.parameters.set(PasswordGrantConstants.username, encodeURIComponent(username)); - } - /** - * adds `password` for Password Grant flow - * @param password - */ - addPassword(password) { - this.parameters.set(PasswordGrantConstants.password, encodeURIComponent(password)); - } - /** - * add pop_jwk to query params - * @param cnfString - */ - addPopToken(cnfString) { - if (cnfString) { - this.parameters.set(TOKEN_TYPE, AuthenticationScheme.POP); - this.parameters.set(REQ_CNF, encodeURIComponent(cnfString)); - } - } - /** - * add SSH JWK and key ID to query params - */ - addSshJwk(sshJwkString) { - if (sshJwkString) { - this.parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH); - this.parameters.set(REQ_CNF, encodeURIComponent(sshJwkString)); - } - } - /** - * add server telemetry fields - * @param serverTelemetryManager - */ - addServerTelemetry(serverTelemetryManager) { - this.parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue()); - this.parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue()); - } - /** - * Adds parameter that indicates to the server that throttling is supported - */ - addThrottling() { - this.parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE); - } - /** - * Adds logout_hint parameter for "silent" logout which prevent server account picker - */ - addLogoutHint(logoutHint) { - this.parameters.set(LOGOUT_HINT, encodeURIComponent(logoutHint)); - } - /** - * Utility to create a URL from the params map - */ - createQueryString() { - const queryParameterArray = new Array(); - this.parameters.forEach((value, key) => { - queryParameterArray.push(`${key}=${value}`); - }); - return queryParameterArray.join("&"); - } -} - - -//# sourceMappingURL=RequestParameterBuilder.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/authority/AuthorityFactory.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Create an authority object of the correct type based on the url - * Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs) - * - * Also performs endpoint discovery. - * - * @param authorityUri - * @param networkClient - * @param protocolMode - * @internal - */ -async function createDiscoveredInstance(authorityUri, networkClient, cacheManager, authorityOptions, logger, correlationId, performanceClient) { - performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance, correlationId); - const authorityUriFinal = Authority.transformCIAMAuthority(formatAuthorityUri(authorityUri)); - // Initialize authority and perform discovery endpoint check. - const acquireTokenAuthority = new Authority(authorityUriFinal, networkClient, cacheManager, authorityOptions, logger, correlationId, performanceClient); - try { - await invokeAsync(acquireTokenAuthority.resolveEndpointsAsync.bind(acquireTokenAuthority), PerformanceEvents.AuthorityResolveEndpointsAsync, logger, performanceClient, correlationId)(); - return acquireTokenAuthority; - } - catch (e) { - throw createClientAuthError(endpointResolutionError); - } -} - - -//# sourceMappingURL=AuthorityFactory.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/client/BaseClient.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Base application class which will construct requests to send to and handle responses from the Microsoft STS using the authorization code flow. - * @internal - */ -class BaseClient { - constructor(configuration, performanceClient) { - // Set the configuration - this.config = buildClientConfiguration(configuration); - // Initialize the logger - this.logger = new Logger(this.config.loggerOptions, packageMetadata_name, version); - // Initialize crypto - this.cryptoUtils = this.config.cryptoInterface; - // Initialize storage interface - this.cacheManager = this.config.storageInterface; - // Set the network interface - this.networkClient = this.config.networkInterface; - // Set the NetworkManager - this.networkManager = new NetworkManager(this.networkClient, this.cacheManager); - // Set TelemetryManager - this.serverTelemetryManager = this.config.serverTelemetryManager; - // set Authority - this.authority = this.config.authOptions.authority; - // set performance telemetry client - this.performanceClient = performanceClient; - } - /** - * Creates default headers for requests to token endpoint - */ - createTokenRequestHeaders(ccsCred) { - const headers = {}; - headers[HeaderNames.CONTENT_TYPE] = Constants.URL_FORM_CONTENT_TYPE; - if (!this.config.systemOptions.preventCorsPreflight && ccsCred) { - switch (ccsCred.type) { - case CcsCredentialType.HOME_ACCOUNT_ID: - try { - const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential); - headers[HeaderNames.CCS_HEADER] = `Oid:${clientInfo.uid}@${clientInfo.utid}`; - } - catch (e) { - this.logger.verbose("Could not parse home account ID for CCS Header: " + - e); - } - break; - case CcsCredentialType.UPN: - headers[HeaderNames.CCS_HEADER] = `UPN: ${ccsCred.credential}`; - break; - } - } - return headers; - } - /** - * Http post to token endpoint - * @param tokenEndpoint - * @param queryString - * @param headers - * @param thumbprint - */ - async executePostToTokenEndpoint(tokenEndpoint, queryString, headers, thumbprint, correlationId, queuedEvent) { - if (queuedEvent) { - this.performanceClient?.addQueueMeasurement(queuedEvent, correlationId); - } - const response = await this.networkManager.sendPostRequest(thumbprint, tokenEndpoint, { body: queryString, headers: headers }); - this.performanceClient?.addFields({ - refreshTokenSize: response.body.refresh_token?.length || 0, - httpVerToken: response.headers?.[HeaderNames.X_MS_HTTP_VERSION] || "", - }, correlationId); - if (this.config.serverTelemetryManager && - response.status < 500 && - response.status !== 429) { - // Telemetry data successfully logged by server, clear Telemetry cache - this.config.serverTelemetryManager.clearTelemetryCache(); - } - return response; - } - /** - * Updates the authority object of the client. Endpoint discovery must be completed. - * @param updatedAuthority - */ - async updateAuthority(cloudInstanceHostname, correlationId) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.UpdateTokenEndpointAuthority, correlationId); - const cloudInstanceAuthorityUri = `https://${cloudInstanceHostname}/${this.authority.tenant}/`; - const cloudInstanceAuthority = await createDiscoveredInstance(cloudInstanceAuthorityUri, this.networkClient, this.cacheManager, this.authority.options, this.logger, correlationId, this.performanceClient); - this.authority = cloudInstanceAuthority; - } - /** - * Creates query string for the /token request - * @param request - */ - createTokenQueryParameters(request) { - const parameterBuilder = new RequestParameterBuilder(); - if (request.tokenQueryParameters) { - parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters); - } - return parameterBuilder.createQueryString(); - } -} - - -//# sourceMappingURL=BaseClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/crypto/PopTokenGenerator.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const KeyLocation = { - SW: "sw", - UHW: "uhw", -}; -/** @internal */ -class PopTokenGenerator { - constructor(cryptoUtils, performanceClient) { - this.cryptoUtils = cryptoUtils; - this.performanceClient = performanceClient; - } - /** - * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters - * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash - * @param request - * @returns - */ - async generateCnf(request, logger) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.PopTokenGenerateCnf, request.correlationId); - const reqCnf = await invokeAsync(this.generateKid.bind(this), PerformanceEvents.PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request); - const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf)); - return { - kid: reqCnf.kid, - reqCnfString, - }; - } - /** - * Generates key_id for a SHR token request - * @param request - * @returns - */ - async generateKid(request) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.PopTokenGenerateKid, request.correlationId); - const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request); - return { - kid: kidThumbprint, - xms_ksl: KeyLocation.SW, - }; - } - /** - * Signs the POP access_token with the local generated key-pair - * @param accessToken - * @param request - * @returns - */ - async signPopToken(accessToken, keyId, request) { - return this.signPayload(accessToken, keyId, request); - } - /** - * Utility function to generate the signed JWT for an access_token - * @param payload - * @param kid - * @param request - * @param claims - * @returns - */ - async signPayload(payload, keyId, request, claims) { - // Deconstruct request to extract SHR parameters - const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request; - const resourceUrlString = resourceRequestUri - ? new UrlString(resourceRequestUri) - : undefined; - const resourceUrlComponents = resourceUrlString?.getUrlComponents(); - return this.cryptoUtils.signJwt({ - at: payload, - ts: nowSeconds(), - m: resourceRequestMethod?.toUpperCase(), - u: resourceUrlComponents?.HostNameAndPort, - nonce: shrNonce || this.cryptoUtils.createNewGuid(), - p: resourceUrlComponents?.AbsolutePath, - q: resourceUrlComponents?.QueryString - ? [[], resourceUrlComponents.QueryString] - : undefined, - client_claims: shrClaims || undefined, - ...claims, - }, keyId, shrOptions, request.correlationId); - } -} - - -//# sourceMappingURL=PopTokenGenerator.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/cache/persistence/TokenCacheContext.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * This class instance helps track the memory changes facilitating - * decisions to read from and write to the persistent cache - */ class TokenCacheContext { - constructor(tokenCache, hasChanged) { - this.cache = tokenCache; - this.hasChanged = hasChanged; - } - /** - * boolean which indicates the changes in cache - */ - get cacheHasChanged() { - return this.hasChanged; - } - /** - * function to retrieve the token cache - */ - get tokenCache() { - return this.cache; - } -} - - -//# sourceMappingURL=TokenCacheContext.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/response/ResponseHandler.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -function parseServerErrorNo(serverResponse) { - const errorCodePrefix = "code="; - const errorCodePrefixIndex = serverResponse.error_uri?.lastIndexOf(errorCodePrefix); - return errorCodePrefixIndex && errorCodePrefixIndex >= 0 - ? serverResponse.error_uri?.substring(errorCodePrefixIndex + errorCodePrefix.length) - : undefined; -} -/** - * Class that handles response parsing. - * @internal - */ -class ResponseHandler { - constructor(clientId, cacheStorage, cryptoObj, logger, serializableCache, persistencePlugin, performanceClient) { - this.clientId = clientId; - this.cacheStorage = cacheStorage; - this.cryptoObj = cryptoObj; - this.logger = logger; - this.serializableCache = serializableCache; - this.persistencePlugin = persistencePlugin; - this.performanceClient = performanceClient; - } - /** - * Function which validates server authorization code response. - * @param serverResponseHash - * @param requestState - * @param cryptoObj - */ - validateServerAuthorizationCodeResponse(serverResponse, requestState) { - if (!serverResponse.state || !requestState) { - throw serverResponse.state - ? createClientAuthError(stateNotFound, "Cached State") - : createClientAuthError(stateNotFound, "Server State"); - } - let decodedServerResponseState; - let decodedRequestState; - try { - decodedServerResponseState = decodeURIComponent(serverResponse.state); - } - catch (e) { - throw createClientAuthError(invalidState, serverResponse.state); - } - try { - decodedRequestState = decodeURIComponent(requestState); - } - catch (e) { - throw createClientAuthError(invalidState, serverResponse.state); - } - if (decodedServerResponseState !== decodedRequestState) { - throw createClientAuthError(stateMismatch); - } - // Check for error - if (serverResponse.error || - serverResponse.error_description || - serverResponse.suberror) { - const serverErrorNo = parseServerErrorNo(serverResponse); - if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) { - throw new InteractionRequiredAuthError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || "", serverResponse.trace_id || "", serverResponse.correlation_id || "", serverResponse.claims || "", serverErrorNo); - } - throw new ServerError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverErrorNo); - } - } - /** - * Function which validates server authorization token response. - * @param serverResponse - * @param refreshAccessToken - */ - validateTokenResponse(serverResponse, refreshAccessToken) { - // Check for error - if (serverResponse.error || - serverResponse.error_description || - serverResponse.suberror) { - const errString = `Error(s): ${serverResponse.error_codes || Constants.NOT_AVAILABLE} - Timestamp: ${serverResponse.timestamp || Constants.NOT_AVAILABLE} - Description: ${serverResponse.error_description || Constants.NOT_AVAILABLE} - Correlation ID: ${serverResponse.correlation_id || Constants.NOT_AVAILABLE} - Trace ID: ${serverResponse.trace_id || Constants.NOT_AVAILABLE}`; - const serverErrorNo = serverResponse.error_codes?.length - ? serverResponse.error_codes[0] - : undefined; - const serverError = new ServerError(serverResponse.error, errString, serverResponse.suberror, serverErrorNo, serverResponse.status); - // check if 500 error - if (refreshAccessToken && - serverResponse.status && - serverResponse.status >= HttpStatus.SERVER_ERROR_RANGE_START && - serverResponse.status <= HttpStatus.SERVER_ERROR_RANGE_END) { - this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.\n${serverError}`); - // don't throw an exception, but alert the user via a log that the token was unable to be refreshed - return; - // check if 400 error - } - else if (refreshAccessToken && - serverResponse.status && - serverResponse.status >= HttpStatus.CLIENT_ERROR_RANGE_START && - serverResponse.status <= HttpStatus.CLIENT_ERROR_RANGE_END) { - this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently available but is unable to refresh the access token.\n${serverError}`); - // don't throw an exception, but alert the user via a log that the token was unable to be refreshed - return; - } - if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) { - throw new InteractionRequiredAuthError(serverResponse.error, serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || Constants.EMPTY_STRING, serverResponse.trace_id || Constants.EMPTY_STRING, serverResponse.correlation_id || Constants.EMPTY_STRING, serverResponse.claims || Constants.EMPTY_STRING, serverErrorNo); - } - throw serverError; - } - } - /** - * Returns a constructed token response based on given string. Also manages the cache updates and cleanups. - * @param serverTokenResponse - * @param authority - */ - async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.HandleServerTokenResponse, serverTokenResponse.correlation_id); - // create an idToken object (not entity) - let idTokenClaims; - if (serverTokenResponse.id_token) { - idTokenClaims = extractTokenClaims(serverTokenResponse.id_token || Constants.EMPTY_STRING, this.cryptoObj.base64Decode); - // token nonce check (TODO: Add a warning if no nonce is given?) - if (authCodePayload && authCodePayload.nonce) { - if (idTokenClaims.nonce !== authCodePayload.nonce) { - throw createClientAuthError(nonceMismatch); - } - } - // token max_age check - if (request.maxAge || request.maxAge === 0) { - const authTime = idTokenClaims.auth_time; - if (!authTime) { - throw createClientAuthError(authTimeNotFound); - } - checkMaxAge(authTime, request.maxAge); - } - } - // generate homeAccountId - this.homeAccountIdentifier = AccountEntity.generateHomeAccountId(serverTokenResponse.client_info || Constants.EMPTY_STRING, authority.authorityType, this.logger, this.cryptoObj, idTokenClaims); - // save the response tokens - let requestStateObj; - if (!!authCodePayload && !!authCodePayload.state) { - requestStateObj = ProtocolUtils.parseRequestState(this.cryptoObj, authCodePayload.state); - } - // Add keyId from request to serverTokenResponse if defined - serverTokenResponse.key_id = - serverTokenResponse.key_id || request.sshKid || undefined; - const cacheRecord = this.generateCacheRecord(serverTokenResponse, authority, reqTimestamp, request, idTokenClaims, userAssertionHash, authCodePayload); - let cacheContext; - try { - if (this.persistencePlugin && this.serializableCache) { - this.logger.verbose("Persistence enabled, calling beforeCacheAccess"); - cacheContext = new TokenCacheContext(this.serializableCache, true); - await this.persistencePlugin.beforeCacheAccess(cacheContext); - } - /* - * When saving a refreshed tokens to the cache, it is expected that the account that was used is present in the cache. - * If not present, we should return null, as it's the case that another application called removeAccount in between - * the calls to getAllAccounts and acquireTokenSilent. We should not overwrite that removal, unless explicitly flagged by - * the developer, as in the case of refresh token flow used in ADAL Node to MSAL Node migration. - */ - if (handlingRefreshTokenResponse && - !forceCacheRefreshTokenResponse && - cacheRecord.account) { - const key = cacheRecord.account.generateAccountKey(); - const account = this.cacheStorage.getAccount(key, this.logger); - if (!account) { - this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache"); - return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId); - } - } - await this.cacheStorage.saveCacheRecord(cacheRecord, request.storeInCache, request.correlationId); - } - finally { - if (this.persistencePlugin && - this.serializableCache && - cacheContext) { - this.logger.verbose("Persistence enabled, calling afterCacheAccess"); - await this.persistencePlugin.afterCacheAccess(cacheContext); - } - } - return ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, serverTokenResponse, serverRequestId); - } - /** - * Generates CacheRecord - * @param serverTokenResponse - * @param idTokenObj - * @param authority - */ - generateCacheRecord(serverTokenResponse, authority, reqTimestamp, request, idTokenClaims, userAssertionHash, authCodePayload) { - const env = authority.getPreferredCache(); - if (!env) { - throw createClientAuthError(invalidCacheEnvironment); - } - const claimsTenantId = getTenantIdFromIdTokenClaims(idTokenClaims); - // IdToken: non AAD scenarios can have empty realm - let cachedIdToken; - let cachedAccount; - if (serverTokenResponse.id_token && !!idTokenClaims) { - cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || ""); - cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId - this.logger); - } - // AccessToken - let cachedAccessToken = null; - if (serverTokenResponse.access_token) { - // If scopes not returned in server response, use request scopes - const responseScopes = serverTokenResponse.scope - ? ScopeSet.fromString(serverTokenResponse.scope) - : new ScopeSet(request.scopes || []); - /* - * Use timestamp calculated before request - * Server may return timestamps as strings, parse to numbers if so. - */ - const expiresIn = (typeof serverTokenResponse.expires_in === "string" - ? parseInt(serverTokenResponse.expires_in, 10) - : serverTokenResponse.expires_in) || 0; - const extExpiresIn = (typeof serverTokenResponse.ext_expires_in === "string" - ? parseInt(serverTokenResponse.ext_expires_in, 10) - : serverTokenResponse.ext_expires_in) || 0; - const refreshIn = (typeof serverTokenResponse.refresh_in === "string" - ? parseInt(serverTokenResponse.refresh_in, 10) - : serverTokenResponse.refresh_in) || undefined; - const tokenExpirationSeconds = reqTimestamp + expiresIn; - const extendedTokenExpirationSeconds = tokenExpirationSeconds + extExpiresIn; - const refreshOnSeconds = refreshIn && refreshIn > 0 - ? reqTimestamp + refreshIn - : undefined; - // non AAD scenarios can have empty realm - cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id, request.claims, request.requestedClaimsHash); - } - // refreshToken - let cachedRefreshToken = null; - if (serverTokenResponse.refresh_token) { - let rtExpiresOn; - if (serverTokenResponse.refresh_token_expires_in) { - const rtExpiresIn = typeof serverTokenResponse.refresh_token_expires_in === - "string" - ? parseInt(serverTokenResponse.refresh_token_expires_in, 10) - : serverTokenResponse.refresh_token_expires_in; - rtExpiresOn = reqTimestamp + rtExpiresIn; - } - cachedRefreshToken = createRefreshTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.refresh_token, this.clientId, serverTokenResponse.foci, userAssertionHash, rtExpiresOn); - } - // appMetadata - let cachedAppMetadata = null; - if (serverTokenResponse.foci) { - cachedAppMetadata = { - clientId: this.clientId, - environment: env, - familyId: serverTokenResponse.foci, - }; - } - return { - account: cachedAccount, - idToken: cachedIdToken, - accessToken: cachedAccessToken, - refreshToken: cachedRefreshToken, - appMetadata: cachedAppMetadata, - }; - } - /** - * Creates an @AuthenticationResult from @CacheRecord , @IdToken , and a boolean that states whether or not the result is from cache. - * - * Optionally takes a state string that is set as-is in the response. - * - * @param cacheRecord - * @param idTokenObj - * @param fromTokenCache - * @param stateString - */ - static async generateAuthenticationResult(cryptoObj, authority, cacheRecord, fromTokenCache, request, idTokenClaims, requestState, serverTokenResponse, requestId) { - let accessToken = Constants.EMPTY_STRING; - let responseScopes = []; - let expiresOn = null; - let extExpiresOn; - let refreshOn; - let familyId = Constants.EMPTY_STRING; - if (cacheRecord.accessToken) { - /* - * if the request object has `popKid` property, `signPopToken` will be set to false and - * the token will be returned unsigned - */ - if (cacheRecord.accessToken.tokenType === - AuthenticationScheme.POP && - !request.popKid) { - const popTokenGenerator = new PopTokenGenerator(cryptoObj); - const { secret, keyId } = cacheRecord.accessToken; - if (!keyId) { - throw createClientAuthError(keyIdMissing); - } - accessToken = await popTokenGenerator.signPopToken(secret, keyId, request); - } - else { - accessToken = cacheRecord.accessToken.secret; - } - responseScopes = ScopeSet.fromString(cacheRecord.accessToken.target).asArray(); - expiresOn = new Date(Number(cacheRecord.accessToken.expiresOn) * 1000); - extExpiresOn = new Date(Number(cacheRecord.accessToken.extendedExpiresOn) * 1000); - if (cacheRecord.accessToken.refreshOn) { - refreshOn = new Date(Number(cacheRecord.accessToken.refreshOn) * 1000); - } - } - if (cacheRecord.appMetadata) { - familyId = - cacheRecord.appMetadata.familyId === THE_FAMILY_ID - ? THE_FAMILY_ID - : ""; - } - const uid = idTokenClaims?.oid || idTokenClaims?.sub || ""; - const tid = idTokenClaims?.tid || ""; - // for hybrid + native bridge enablement, send back the native account Id - if (serverTokenResponse?.spa_accountid && !!cacheRecord.account) { - cacheRecord.account.nativeAccountId = - serverTokenResponse?.spa_accountid; - } - const accountInfo = cacheRecord.account - ? updateAccountTenantProfileData(cacheRecord.account.getAccountInfo(), undefined, // tenantProfile optional - idTokenClaims, cacheRecord.idToken?.secret) - : null; - return { - authority: authority.canonicalAuthority, - uniqueId: uid, - tenantId: tid, - scopes: responseScopes, - account: accountInfo, - idToken: cacheRecord?.idToken?.secret || "", - idTokenClaims: idTokenClaims || {}, - accessToken: accessToken, - fromCache: fromTokenCache, - expiresOn: expiresOn, - extExpiresOn: extExpiresOn, - refreshOn: refreshOn, - correlationId: request.correlationId, - requestId: requestId || Constants.EMPTY_STRING, - familyId: familyId, - tokenType: cacheRecord.accessToken?.tokenType || Constants.EMPTY_STRING, - state: requestState - ? requestState.userRequestState - : Constants.EMPTY_STRING, - cloudGraphHostName: cacheRecord.account?.cloudGraphHostName || - Constants.EMPTY_STRING, - msGraphHost: cacheRecord.account?.msGraphHost || Constants.EMPTY_STRING, - code: serverTokenResponse?.spa_code, - fromNativeBroker: false, - }; - } -} -function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) { - logger?.verbose("setCachedAccount called"); - // Check if base account is already cached - const accountKeys = cacheStorage.getAccountKeys(); - const baseAccountKey = accountKeys.find((accountKey) => { - return accountKey.startsWith(homeAccountId); - }); - let cachedAccount = null; - if (baseAccountKey) { - cachedAccount = cacheStorage.getAccount(baseAccountKey, logger); - } - const baseAccount = cachedAccount || - AccountEntity.createAccount({ - homeAccountId, - idTokenClaims, - clientInfo, - environment, - cloudGraphHostName: authCodePayload?.cloud_graph_host_name, - msGraphHost: authCodePayload?.msgraph_host, - nativeAccountId: nativeAccountId, - }, authority, base64Decode); - const tenantProfiles = baseAccount.tenantProfiles || []; - const tenantId = claimsTenantId || baseAccount.realm; - if (tenantId && - !tenantProfiles.find((tenantProfile) => { - return tenantProfile.tenantId === tenantId; - })) { - const newTenantProfile = buildTenantProfile(homeAccountId, baseAccount.localAccountId, tenantId, idTokenClaims); - tenantProfiles.push(newTenantProfile); - } - baseAccount.tenantProfiles = tenantProfiles; - return baseAccount; -} - - -//# sourceMappingURL=ResponseHandler.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/utils/ClientAssertionUtils.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) { - if (typeof clientAssertion === "string") { - return clientAssertion; - } - else { - const config = { - clientId: clientId, - tokenEndpoint: tokenEndpoint, - }; - return clientAssertion(config); - } -} - - -//# sourceMappingURL=ClientAssertionUtils.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/client/AuthorizationCodeClient.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - - - - - - - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Oauth2.0 Authorization Code client - * @internal - */ -class AuthorizationCodeClient extends BaseClient { - constructor(configuration, performanceClient) { - super(configuration, performanceClient); - // Flag to indicate if client is for hybrid spa auth code redemption - this.includeRedirectUri = true; - this.oidcDefaultScopes = - this.config.authOptions.authority.options.OIDCOptions?.defaultScopes; - } - /** - * Creates the URL of the authorization request letting the user input credentials and consent to the - * application. The URL target the /authorize endpoint of the authority configured in the - * application object. - * - * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI - * sent in the request and should contain an authorization code, which can then be used to acquire tokens via - * acquireToken(AuthorizationCodeRequest) - * @param request - */ - async getAuthCodeUrl(request) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.GetAuthCodeUrl, request.correlationId); - const queryString = await invokeAsync(this.createAuthCodeUrlQueryString.bind(this), PerformanceEvents.AuthClientCreateQueryString, this.logger, this.performanceClient, request.correlationId)(request); - return UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString); - } - /** - * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the - * authorization_code_grant - * @param request - */ - async acquireToken(request, authCodePayload) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientAcquireToken, request.correlationId); - if (!request.code) { - throw createClientAuthError(requestCannotBeMade); - } - const reqTimestamp = nowSeconds(); - const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.AuthClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(this.authority, request); - // Retrieve requestId from response headers - const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID]; - const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin, this.performanceClient); - // Validate response. This function throws a server error if an error is returned by the server. - responseHandler.validateTokenResponse(response.body); - return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId); - } - /** - * Handles the hash fragment response from public client code request. Returns a code response used by - * the client to exchange for a token in acquireToken. - * @param hashFragment - */ - handleFragmentResponse(serverParams, cachedState) { - // Handle responses. - const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, null, null); - // Get code response - responseHandler.validateServerAuthorizationCodeResponse(serverParams, cachedState); - // throw when there is no auth code in the response - if (!serverParams.code) { - throw createClientAuthError(authorizationCodeMissingFromServerResponse); - } - return serverParams; - } - /** - * Used to log out the current user, and redirect the user to the postLogoutRedirectUri. - * Default behaviour is to redirect the user to `window.location.href`. - * @param authorityUri - */ - getLogoutUri(logoutRequest) { - // Throw error if logoutRequest is null/undefined - if (!logoutRequest) { - throw createClientConfigurationError(logoutRequestEmpty); - } - const queryString = this.createLogoutUrlQueryString(logoutRequest); - // Construct logout URI - return UrlString.appendQueryString(this.authority.endSessionEndpoint, queryString); - } - /** - * Executes POST request to token endpoint - * @param authority - * @param request - */ - async executeTokenRequest(authority, request) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientExecuteTokenRequest, request.correlationId); - const queryParametersString = this.createTokenQueryParameters(request); - const endpoint = UrlString.appendQueryString(authority.tokenEndpoint, queryParametersString); - const requestBody = await invokeAsync(this.createTokenRequestBody.bind(this), PerformanceEvents.AuthClientCreateTokenRequestBody, this.logger, this.performanceClient, request.correlationId)(request); - let ccsCredential = undefined; - if (request.clientInfo) { - try { - const clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils.base64Decode); - ccsCredential = { - credential: `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`, - type: CcsCredentialType.HOME_ACCOUNT_ID, - }; - } - catch (e) { - this.logger.verbose("Could not parse client info for CCS Header: " + e); - } - } - const headers = this.createTokenRequestHeaders(ccsCredential || request.ccsCredential); - const thumbprint = { - clientId: request.tokenBodyParameters?.clientId || - this.config.authOptions.clientId, - authority: authority.canonicalAuthority, - scopes: request.scopes, - claims: request.claims, - authenticationScheme: request.authenticationScheme, - resourceRequestMethod: request.resourceRequestMethod, - resourceRequestUri: request.resourceRequestUri, - shrClaims: request.shrClaims, - sshKid: request.sshKid, - }; - return invokeAsync(this.executePostToTokenEndpoint.bind(this), PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint, this.logger, this.performanceClient, request.correlationId)(endpoint, requestBody, headers, thumbprint, request.correlationId, PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint); - } - /** - * Generates a map for all the params to be sent to the service - * @param request - */ - async createTokenRequestBody(request) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateTokenRequestBody, request.correlationId); - const parameterBuilder = new RequestParameterBuilder(); - parameterBuilder.addClientId(request.tokenBodyParameters?.[CLIENT_ID] || - this.config.authOptions.clientId); - /* - * For hybrid spa flow, there will be a code but no verifier - * In this scenario, don't include redirect uri as auth code will not be bound to redirect URI - */ - if (!this.includeRedirectUri) { - // Just validate - RequestValidator.validateRedirectUri(request.redirectUri); - } - else { - // Validate and include redirect uri - parameterBuilder.addRedirectUri(request.redirectUri); - } - // Add scope array, parameter builder will add default scopes and dedupe - parameterBuilder.addScopes(request.scopes, true, this.oidcDefaultScopes); - // add code: user set, not validated - parameterBuilder.addAuthorizationCode(request.code); - // Add library metadata - parameterBuilder.addLibraryInfo(this.config.libraryInfo); - parameterBuilder.addApplicationTelemetry(this.config.telemetry.application); - parameterBuilder.addThrottling(); - if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) { - parameterBuilder.addServerTelemetry(this.serverTelemetryManager); - } - // add code_verifier if passed - if (request.codeVerifier) { - parameterBuilder.addCodeVerifier(request.codeVerifier); - } - if (this.config.clientCredentials.clientSecret) { - parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret); - } - if (this.config.clientCredentials.clientAssertion) { - const clientAssertion = this.config.clientCredentials.clientAssertion; - parameterBuilder.addClientAssertion(await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri)); - parameterBuilder.addClientAssertionType(clientAssertion.assertionType); - } - parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT); - parameterBuilder.addClientInfo(); - if (request.authenticationScheme === AuthenticationScheme.POP) { - const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient); - let reqCnfData; - if (!request.popKid) { - const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger); - reqCnfData = generatedReqCnfData.reqCnfString; - } - else { - reqCnfData = this.cryptoUtils.encodeKid(request.popKid); - } - // SPA PoP requires full Base64Url encoded req_cnf string (unhashed) - parameterBuilder.addPopToken(reqCnfData); - } - else if (request.authenticationScheme === AuthenticationScheme.SSH) { - if (request.sshJwk) { - parameterBuilder.addSshJwk(request.sshJwk); - } - else { - throw createClientConfigurationError(missingSshJwk); - } - } - const correlationId = request.correlationId || - this.config.cryptoInterface.createNewGuid(); - parameterBuilder.addCorrelationId(correlationId); - if (!StringUtils.isEmptyObj(request.claims) || - (this.config.authOptions.clientCapabilities && - this.config.authOptions.clientCapabilities.length > 0)) { - parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities); - } - let ccsCred = undefined; - if (request.clientInfo) { - try { - const clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils.base64Decode); - ccsCred = { - credential: `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`, - type: CcsCredentialType.HOME_ACCOUNT_ID, - }; - } - catch (e) { - this.logger.verbose("Could not parse client info for CCS Header: " + e); - } - } - else { - ccsCred = request.ccsCredential; - } - // Adds these as parameters in the request instead of headers to prevent CORS preflight request - if (this.config.systemOptions.preventCorsPreflight && ccsCred) { - switch (ccsCred.type) { - case CcsCredentialType.HOME_ACCOUNT_ID: - try { - const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential); - parameterBuilder.addCcsOid(clientInfo); - } - catch (e) { - this.logger.verbose("Could not parse home account ID for CCS Header: " + - e); - } - break; - case CcsCredentialType.UPN: - parameterBuilder.addCcsUpn(ccsCred.credential); - break; - } - } - if (request.tokenBodyParameters) { - parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters); - } - // Add hybrid spa parameters if not already provided - if (request.enableSpaAuthorizationCode && - (!request.tokenBodyParameters || - !request.tokenBodyParameters[RETURN_SPA_CODE])) { - parameterBuilder.addExtraQueryParameters({ - [RETURN_SPA_CODE]: "1", - }); - } - return parameterBuilder.createQueryString(); - } - /** - * This API validates the `AuthorizationCodeUrlRequest` and creates a URL - * @param request - */ - async createAuthCodeUrlQueryString(request) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, request.correlationId); - const parameterBuilder = new RequestParameterBuilder(); - parameterBuilder.addClientId(request.extraQueryParameters?.[CLIENT_ID] || - this.config.authOptions.clientId); - const requestScopes = [ - ...(request.scopes || []), - ...(request.extraScopesToConsent || []), - ]; - parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes); - // validate the redirectUri (to be a non null value) - parameterBuilder.addRedirectUri(request.redirectUri); - // generate the correlationId if not set by the user and add - const correlationId = request.correlationId || - this.config.cryptoInterface.createNewGuid(); - parameterBuilder.addCorrelationId(correlationId); - // add response_mode. If not passed in it defaults to query. - parameterBuilder.addResponseMode(request.responseMode); - // add response_type = code - parameterBuilder.addResponseTypeCode(); - // add library info parameters - parameterBuilder.addLibraryInfo(this.config.libraryInfo); - if (!isOidcProtocolMode(this.config)) { - parameterBuilder.addApplicationTelemetry(this.config.telemetry.application); - } - // add client_info=1 - parameterBuilder.addClientInfo(); - if (request.codeChallenge && request.codeChallengeMethod) { - parameterBuilder.addCodeChallengeParams(request.codeChallenge, request.codeChallengeMethod); - } - if (request.prompt) { - parameterBuilder.addPrompt(request.prompt); - } - if (request.domainHint) { - parameterBuilder.addDomainHint(request.domainHint); - } - // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object - if (request.prompt !== PromptValue.SELECT_ACCOUNT) { - // AAD will throw if prompt=select_account is passed with an account hint - if (request.sid && request.prompt === PromptValue.NONE) { - // SessionID is only used in silent calls - this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request"); - parameterBuilder.addSid(request.sid); - } - else if (request.account) { - const accountSid = this.extractAccountSid(request.account); - let accountLoginHintClaim = this.extractLoginHint(request.account); - if (accountLoginHintClaim && request.domainHint) { - this.logger.warning(`AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`); - accountLoginHintClaim = null; - } - // If login_hint claim is present, use it over sid/username - if (accountLoginHintClaim) { - this.logger.verbose("createAuthCodeUrlQueryString: login_hint claim present on account"); - parameterBuilder.addLoginHint(accountLoginHintClaim); - try { - const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId); - parameterBuilder.addCcsOid(clientInfo); - } - catch (e) { - this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"); - } - } - else if (accountSid && request.prompt === PromptValue.NONE) { - /* - * If account and loginHint are provided, we will check account first for sid before adding loginHint - * SessionId is only used in silent calls - */ - this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account"); - parameterBuilder.addSid(accountSid); - try { - const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId); - parameterBuilder.addCcsOid(clientInfo); - } - catch (e) { - this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"); - } - } - else if (request.loginHint) { - this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request"); - parameterBuilder.addLoginHint(request.loginHint); - parameterBuilder.addCcsUpn(request.loginHint); - } - else if (request.account.username) { - // Fallback to account username if provided - this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account"); - parameterBuilder.addLoginHint(request.account.username); - try { - const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId); - parameterBuilder.addCcsOid(clientInfo); - } - catch (e) { - this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"); - } - } - } - else if (request.loginHint) { - this.logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request"); - parameterBuilder.addLoginHint(request.loginHint); - parameterBuilder.addCcsUpn(request.loginHint); - } - } - else { - this.logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints"); - } - if (request.nonce) { - parameterBuilder.addNonce(request.nonce); - } - if (request.state) { - parameterBuilder.addState(request.state); - } - if (request.claims || - (this.config.authOptions.clientCapabilities && - this.config.authOptions.clientCapabilities.length > 0)) { - parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities); - } - if (request.extraQueryParameters) { - parameterBuilder.addExtraQueryParameters(request.extraQueryParameters); - } - if (request.nativeBroker) { - // signal ests that this is a WAM call - parameterBuilder.addNativeBroker(); - // pass the req_cnf for POP - if (request.authenticationScheme === AuthenticationScheme.POP) { - const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils); - // req_cnf is always sent as a string for SPAs - let reqCnfData; - if (!request.popKid) { - const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger); - reqCnfData = generatedReqCnfData.reqCnfString; - } - else { - reqCnfData = this.cryptoUtils.encodeKid(request.popKid); - } - parameterBuilder.addPopToken(reqCnfData); - } - } - return parameterBuilder.createQueryString(); - } - /** - * This API validates the `EndSessionRequest` and creates a URL - * @param request - */ - createLogoutUrlQueryString(request) { - const parameterBuilder = new RequestParameterBuilder(); - if (request.postLogoutRedirectUri) { - parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri); - } - if (request.correlationId) { - parameterBuilder.addCorrelationId(request.correlationId); - } - if (request.idTokenHint) { - parameterBuilder.addIdTokenHint(request.idTokenHint); - } - if (request.state) { - parameterBuilder.addState(request.state); - } - if (request.logoutHint) { - parameterBuilder.addLogoutHint(request.logoutHint); - } - if (request.extraQueryParameters) { - parameterBuilder.addExtraQueryParameters(request.extraQueryParameters); - } - return parameterBuilder.createQueryString(); - } - /** - * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present. - * @param account - */ - extractAccountSid(account) { - return account.idTokenClaims?.sid || null; - } - extractLoginHint(account) { - return account.idTokenClaims?.login_hint || null; - } -} - - -//# sourceMappingURL=AuthorizationCodeClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const skuGroupSeparator = ","; -const skuValueSeparator = "|"; -function makeExtraSkuString(params) { - const { skus, libraryName, libraryVersion, extensionName, extensionVersion, } = params; - const skuMap = new Map([ - [0, [libraryName, libraryVersion]], - [2, [extensionName, extensionVersion]], - ]); - let skuArr = []; - if (skus?.length) { - skuArr = skus.split(skuGroupSeparator); - // Ignore invalid input sku param - if (skuArr.length < 4) { - return skus; - } - } - else { - skuArr = Array.from({ length: 4 }, () => skuValueSeparator); - } - skuMap.forEach((value, key) => { - if (value.length === 2 && value[0]?.length && value[1]?.length) { - setSku({ - skuArr, - index: key, - skuName: value[0], - skuVersion: value[1], - }); - } - }); - return skuArr.join(skuGroupSeparator); -} -function setSku(params) { - const { skuArr, index, skuName, skuVersion } = params; - if (index >= skuArr.length) { - return; - } - skuArr[index] = [skuName, skuVersion].join(skuValueSeparator); -} -/** @internal */ -class ServerTelemetryManager { - constructor(telemetryRequest, cacheManager) { - this.cacheOutcome = CacheOutcome.NOT_APPLICABLE; - this.cacheManager = cacheManager; - this.apiId = telemetryRequest.apiId; - this.correlationId = telemetryRequest.correlationId; - this.wrapperSKU = telemetryRequest.wrapperSKU || Constants.EMPTY_STRING; - this.wrapperVer = telemetryRequest.wrapperVer || Constants.EMPTY_STRING; - this.telemetryCacheKey = - SERVER_TELEM_CONSTANTS.CACHE_KEY + - Separators.CACHE_KEY_SEPARATOR + - telemetryRequest.clientId; - } - /** - * API to add MSER Telemetry to request - */ - generateCurrentRequestHeaderValue() { - const request = `${this.apiId}${SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR}${this.cacheOutcome}`; - const platformFieldsArr = [this.wrapperSKU, this.wrapperVer]; - const nativeBrokerErrorCode = this.getNativeBrokerErrorCode(); - if (nativeBrokerErrorCode?.length) { - platformFieldsArr.push(`broker_error=${nativeBrokerErrorCode}`); - } - const platformFields = platformFieldsArr.join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); - const regionDiscoveryFields = this.getRegionDiscoveryFields(); - const requestWithRegionDiscoveryFields = [ - request, - regionDiscoveryFields, - ].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); - return [ - SERVER_TELEM_CONSTANTS.SCHEMA_VERSION, - requestWithRegionDiscoveryFields, - platformFields, - ].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR); - } - /** - * API to add MSER Telemetry for the last failed request - */ - generateLastRequestHeaderValue() { - const lastRequests = this.getLastRequests(); - const maxErrors = ServerTelemetryManager.maxErrorsToSend(lastRequests); - const failedRequests = lastRequests.failedRequests - .slice(0, 2 * maxErrors) - .join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); - const errors = lastRequests.errors - .slice(0, maxErrors) - .join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); - const errorCount = lastRequests.errors.length; - // Indicate whether this header contains all data or partial data - const overflow = maxErrors < errorCount - ? SERVER_TELEM_CONSTANTS.OVERFLOW_TRUE - : SERVER_TELEM_CONSTANTS.OVERFLOW_FALSE; - const platformFields = [errorCount, overflow].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); - return [ - SERVER_TELEM_CONSTANTS.SCHEMA_VERSION, - lastRequests.cacheHits, - failedRequests, - errors, - platformFields, - ].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR); - } - /** - * API to cache token failures for MSER data capture - * @param error - */ - cacheFailedRequest(error) { - const lastRequests = this.getLastRequests(); - if (lastRequests.errors.length >= - SERVER_TELEM_CONSTANTS.MAX_CACHED_ERRORS) { - // Remove a cached error to make room, first in first out - lastRequests.failedRequests.shift(); // apiId - lastRequests.failedRequests.shift(); // correlationId - lastRequests.errors.shift(); - } - lastRequests.failedRequests.push(this.apiId, this.correlationId); - if (error instanceof Error && !!error && error.toString()) { - if (error instanceof AuthError) { - if (error.subError) { - lastRequests.errors.push(error.subError); - } - else if (error.errorCode) { - lastRequests.errors.push(error.errorCode); - } - else { - lastRequests.errors.push(error.toString()); - } - } - else { - lastRequests.errors.push(error.toString()); - } - } - else { - lastRequests.errors.push(SERVER_TELEM_CONSTANTS.UNKNOWN_ERROR); - } - this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests); - return; - } - /** - * Update server telemetry cache entry by incrementing cache hit counter - */ - incrementCacheHits() { - const lastRequests = this.getLastRequests(); - lastRequests.cacheHits += 1; - this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests); - return lastRequests.cacheHits; - } - /** - * Get the server telemetry entity from cache or initialize a new one - */ - getLastRequests() { - const initialValue = { - failedRequests: [], - errors: [], - cacheHits: 0, - }; - const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey); - return lastRequests || initialValue; - } - /** - * Remove server telemetry cache entry - */ - clearTelemetryCache() { - const lastRequests = this.getLastRequests(); - const numErrorsFlushed = ServerTelemetryManager.maxErrorsToSend(lastRequests); - const errorCount = lastRequests.errors.length; - if (numErrorsFlushed === errorCount) { - // All errors were sent on last request, clear Telemetry cache - this.cacheManager.removeItem(this.telemetryCacheKey); - } - else { - // Partial data was flushed to server, construct a new telemetry cache item with errors that were not flushed - const serverTelemEntity = { - failedRequests: lastRequests.failedRequests.slice(numErrorsFlushed * 2), - errors: lastRequests.errors.slice(numErrorsFlushed), - cacheHits: 0, - }; - this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity); - } - } - /** - * Returns the maximum number of errors that can be flushed to the server in the next network request - * @param serverTelemetryEntity - */ - static maxErrorsToSend(serverTelemetryEntity) { - let i; - let maxErrors = 0; - let dataSize = 0; - const errorCount = serverTelemetryEntity.errors.length; - for (i = 0; i < errorCount; i++) { - // failedRequests parameter contains pairs of apiId and correlationId, multiply index by 2 to preserve pairs - const apiId = serverTelemetryEntity.failedRequests[2 * i] || - Constants.EMPTY_STRING; - const correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] || - Constants.EMPTY_STRING; - const errorCode = serverTelemetryEntity.errors[i] || Constants.EMPTY_STRING; - // Count number of characters that would be added to header, each character is 1 byte. Add 3 at the end to account for separators - dataSize += - apiId.toString().length + - correlationId.toString().length + - errorCode.length + - 3; - if (dataSize < SERVER_TELEM_CONSTANTS.MAX_LAST_HEADER_BYTES) { - // Adding this entry to the header would still keep header size below the limit - maxErrors += 1; - } - else { - break; - } - } - return maxErrors; - } - /** - * Get the region discovery fields - * - * @returns string - */ - getRegionDiscoveryFields() { - const regionDiscoveryFields = []; - regionDiscoveryFields.push(this.regionUsed || Constants.EMPTY_STRING); - regionDiscoveryFields.push(this.regionSource || Constants.EMPTY_STRING); - regionDiscoveryFields.push(this.regionOutcome || Constants.EMPTY_STRING); - return regionDiscoveryFields.join(","); - } - /** - * Update the region discovery metadata - * - * @param regionDiscoveryMetadata - * @returns void - */ - updateRegionDiscoveryMetadata(regionDiscoveryMetadata) { - this.regionUsed = regionDiscoveryMetadata.region_used; - this.regionSource = regionDiscoveryMetadata.region_source; - this.regionOutcome = regionDiscoveryMetadata.region_outcome; - } - /** - * Set cache outcome - */ - setCacheOutcome(cacheOutcome) { - this.cacheOutcome = cacheOutcome; - } - setNativeBrokerErrorCode(errorCode) { - const lastRequests = this.getLastRequests(); - lastRequests.nativeBrokerErrorCode = errorCode; - this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests); - } - getNativeBrokerErrorCode() { - return this.getLastRequests().nativeBrokerErrorCode; - } - clearNativeBrokerErrorCode() { - const lastRequests = this.getLastRequests(); - delete lastRequests.nativeBrokerErrorCode; - this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests); - } - static makeExtraSkuString(params) { - return makeExtraSkuString(params); - } -} - - -//# sourceMappingURL=ServerTelemetryManager.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_client/BaseInteractionClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class BaseInteractionClient { - constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId) { - this.config = config; - this.browserStorage = storageImpl; - this.browserCrypto = browserCrypto; - this.networkClient = this.config.system.networkClient; - this.eventHandler = eventHandler; - this.navigationClient = navigationClient; - this.nativeMessageHandler = nativeMessageHandler; - this.correlationId = correlationId || BrowserCrypto_createNewGuid(); - this.logger = logger.clone(BrowserConstants.MSAL_SKU, packageMetadata_version, this.correlationId); - this.performanceClient = performanceClient; - } - async clearCacheOnLogout(account) { - if (account) { - if (AccountEntity.accountInfoIsEqual(account, this.browserStorage.getActiveAccount(), false)) { - this.logger.verbose("Setting active account to null"); - this.browserStorage.setActiveAccount(null); - } - // Clear given account. - try { - await this.browserStorage.removeAccount(AccountEntity.generateAccountCacheKey(account)); - this.logger.verbose("Cleared cache items belonging to the account provided in the logout request."); - } - catch (error) { - this.logger.error("Account provided in logout request was not found. Local cache unchanged."); - } - } - else { - try { - this.logger.verbose("No account provided in logout request, clearing all cache items.", this.correlationId); - // Clear all accounts and tokens - await this.browserStorage.clear(); - // Clear any stray keys from IndexedDB - await this.browserCrypto.clearKeystore(); - } - catch (e) { - this.logger.error("Attempted to clear all MSAL cache items and failed. Local cache unchanged."); - } - } - } - /** - * - * Use to get the redirect uri configured in MSAL or null. - * @param requestRedirectUri - * @returns Redirect URL - * - */ - getRedirectUri(requestRedirectUri) { - this.logger.verbose("getRedirectUri called"); - const redirectUri = requestRedirectUri || - this.config.auth.redirectUri || - getCurrentUri(); - return UrlString.getAbsoluteUrl(redirectUri, getCurrentUri()); - } - /** - * - * @param apiId - * @param correlationId - * @param forceRefresh - */ - initializeServerTelemetryManager(apiId, forceRefresh) { - this.logger.verbose("initializeServerTelemetryManager called"); - const telemetryPayload = { - clientId: this.config.auth.clientId, - correlationId: this.correlationId, - apiId: apiId, - forceRefresh: forceRefresh || false, - wrapperSKU: this.browserStorage.getWrapperMetadata()[0], - wrapperVer: this.browserStorage.getWrapperMetadata()[1], - }; - return new ServerTelemetryManager(telemetryPayload, this.browserStorage); - } - /** - * Used to get a discovered version of the default authority. - * @param requestAuthority - * @param requestAzureCloudOptions - * @param account - */ - async getDiscoveredAuthority(requestAuthority, requestAzureCloudOptions, account) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.correlationId); - const authorityOptions = { - protocolMode: this.config.auth.protocolMode, - OIDCOptions: this.config.auth.OIDCOptions, - knownAuthorities: this.config.auth.knownAuthorities, - cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata, - authorityMetadata: this.config.auth.authorityMetadata, - skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache, - }; - // build authority string based on auth params, precedence - azureCloudInstance + tenant >> authority - const userAuthority = requestAuthority - ? requestAuthority - : this.config.auth.authority; - // fall back to the authority from config - const builtAuthority = Authority.generateAuthority(userAuthority, requestAzureCloudOptions || this.config.auth.azureCloudOptions); - const discoveredAuthority = await invokeAsync(createDiscoveredInstance, PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance, this.logger, this.performanceClient, this.correlationId)(builtAuthority, this.config.system.networkClient, this.browserStorage, authorityOptions, this.logger, this.correlationId, this.performanceClient); - if (account && !discoveredAuthority.isAlias(account.environment)) { - throw createClientConfigurationError(authorityMismatch); - } - return discoveredAuthority; - } -} - - -//# sourceMappingURL=BaseInteractionClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/crypto/PkceGenerator.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -// Constant byte array length -const RANDOM_BYTE_ARR_LENGTH = 32; -/** - * This file defines APIs to generate PKCE codes and code verifiers. - */ -/** - * Generates PKCE Codes. See the RFC for more information: https://tools.ietf.org/html/rfc7636 - */ -async function generatePkceCodes(performanceClient, logger, correlationId) { - performanceClient.addQueueMeasurement(PerformanceEvents.GeneratePkceCodes, correlationId); - const codeVerifier = invoke(generateCodeVerifier, PerformanceEvents.GenerateCodeVerifier, logger, performanceClient, correlationId)(performanceClient, logger, correlationId); - const codeChallenge = await invokeAsync(generateCodeChallengeFromVerifier, PerformanceEvents.GenerateCodeChallengeFromVerifier, logger, performanceClient, correlationId)(codeVerifier, performanceClient, logger, correlationId); - return { - verifier: codeVerifier, - challenge: codeChallenge, - }; -} -/** - * Generates a random 32 byte buffer and returns the base64 - * encoded string to be used as a PKCE Code Verifier - */ -function generateCodeVerifier(performanceClient, logger, correlationId) { - try { - // Generate random values as utf-8 - const buffer = new Uint8Array(RANDOM_BYTE_ARR_LENGTH); - invoke(getRandomValues, PerformanceEvents.GetRandomValues, logger, performanceClient, correlationId)(buffer); - // encode verifier as base64 - const pkceCodeVerifierB64 = urlEncodeArr(buffer); - return pkceCodeVerifierB64; - } - catch (e) { - throw createBrowserAuthError(pkceNotCreated); - } -} -/** - * Creates a base64 encoded PKCE Code Challenge string from the - * hash created from the PKCE Code Verifier supplied - */ -async function generateCodeChallengeFromVerifier(pkceCodeVerifier, performanceClient, logger, correlationId) { - performanceClient.addQueueMeasurement(PerformanceEvents.GenerateCodeChallengeFromVerifier, correlationId); - try { - // hashed verifier - const pkceHashedCodeVerifier = await invokeAsync(sha256Digest, PerformanceEvents.Sha256Digest, logger, performanceClient, correlationId)(pkceCodeVerifier, performanceClient, correlationId); - // encode hash as base64 - return urlEncodeArr(new Uint8Array(pkceHashedCodeVerifier)); - } - catch (e) { - throw createBrowserAuthError(pkceNotCreated); - } -} - - -//# sourceMappingURL=PkceGenerator.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/request/RequestHelpers.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Initializer function for all request APIs - * @param request - */ -async function initializeBaseRequest(request, config, performanceClient, logger) { - performanceClient.addQueueMeasurement(PerformanceEvents.InitializeBaseRequest, request.correlationId); - const authority = request.authority || config.auth.authority; - const scopes = [...((request && request.scopes) || [])]; - const validatedRequest = { - ...request, - correlationId: request.correlationId, - authority, - scopes, - }; - // Set authenticationScheme to BEARER if not explicitly set in the request - if (!validatedRequest.authenticationScheme) { - validatedRequest.authenticationScheme = AuthenticationScheme.BEARER; - logger.verbose('Authentication Scheme wasn\'t explicitly set in request, defaulting to "Bearer" request'); - } - else { - if (validatedRequest.authenticationScheme === AuthenticationScheme.SSH) { - if (!request.sshJwk) { - throw createClientConfigurationError(missingSshJwk); - } - if (!request.sshKid) { - throw createClientConfigurationError(missingSshKid); - } - } - logger.verbose(`Authentication Scheme set to "${validatedRequest.authenticationScheme}" as configured in Auth request`); - } - // Set requested claims hash if claims-based caching is enabled and claims were requested - if (config.cache.claimsBasedCachingEnabled && - request.claims && - // Checks for empty stringified object "{}" which doesn't qualify as requested claims - !StringUtils.isEmptyObj(request.claims)) { - validatedRequest.requestedClaimsHash = await hashString(request.claims); - } - return validatedRequest; -} -async function initializeSilentRequest(request, account, config, performanceClient, logger) { - performanceClient.addQueueMeasurement(PerformanceEvents.InitializeSilentRequest, request.correlationId); - const baseRequest = await invokeAsync(initializeBaseRequest, PerformanceEvents.InitializeBaseRequest, logger, performanceClient, request.correlationId)(request, config, performanceClient, logger); - return { - ...request, - ...baseRequest, - account: account, - forceRefresh: request.forceRefresh || false, - }; -} - - -//# sourceMappingURL=RequestHelpers.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_client/StandardInteractionClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Defines the class structure and helper functions used by the "standard", non-brokered auth flows (popup, redirect, silent (RT), silent (iframe)) - */ -class StandardInteractionClient extends BaseInteractionClient { - /** - * Generates an auth code request tied to the url request. - * @param request - */ - async initializeAuthorizationCodeRequest(request) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.correlationId); - const generatedPkceParams = await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, this.correlationId)(this.performanceClient, this.logger, this.correlationId); - const authCodeRequest = { - ...request, - redirectUri: request.redirectUri, - code: Constants.EMPTY_STRING, - codeVerifier: generatedPkceParams.verifier, - }; - request.codeChallenge = generatedPkceParams.challenge; - request.codeChallengeMethod = Constants.S256_CODE_CHALLENGE_METHOD; - return authCodeRequest; - } - /** - * Initializer for the logout request. - * @param logoutRequest - */ - initializeLogoutRequest(logoutRequest) { - this.logger.verbose("initializeLogoutRequest called", logoutRequest?.correlationId); - const validLogoutRequest = { - correlationId: this.correlationId || BrowserCrypto_createNewGuid(), - ...logoutRequest, - }; - /** - * Set logout_hint to be login_hint from ID Token Claims if present - * and logoutHint attribute wasn't manually set in logout request - */ - if (logoutRequest) { - // If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims - if (!logoutRequest.logoutHint) { - if (logoutRequest.account) { - const logoutHint = this.getLogoutHintFromIdTokenClaims(logoutRequest.account); - if (logoutHint) { - this.logger.verbose("Setting logoutHint to login_hint ID Token Claim value for the account provided"); - validLogoutRequest.logoutHint = logoutHint; - } - } - else { - this.logger.verbose("logoutHint was not set and account was not passed into logout request, logoutHint will not be set"); - } - } - else { - this.logger.verbose("logoutHint has already been set in logoutRequest"); - } - } - else { - this.logger.verbose("logoutHint will not be set since no logout request was configured"); - } - /* - * Only set redirect uri if logout request isn't provided or the set uri isn't null. - * Otherwise, use passed uri, config, or current page. - */ - if (!logoutRequest || logoutRequest.postLogoutRedirectUri !== null) { - if (logoutRequest && logoutRequest.postLogoutRedirectUri) { - this.logger.verbose("Setting postLogoutRedirectUri to uri set on logout request", validLogoutRequest.correlationId); - validLogoutRequest.postLogoutRedirectUri = - UrlString.getAbsoluteUrl(logoutRequest.postLogoutRedirectUri, getCurrentUri()); - } - else if (this.config.auth.postLogoutRedirectUri === null) { - this.logger.verbose("postLogoutRedirectUri configured as null and no uri set on request, not passing post logout redirect", validLogoutRequest.correlationId); - } - else if (this.config.auth.postLogoutRedirectUri) { - this.logger.verbose("Setting postLogoutRedirectUri to configured uri", validLogoutRequest.correlationId); - validLogoutRequest.postLogoutRedirectUri = - UrlString.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri, getCurrentUri()); - } - else { - this.logger.verbose("Setting postLogoutRedirectUri to current page", validLogoutRequest.correlationId); - validLogoutRequest.postLogoutRedirectUri = - UrlString.getAbsoluteUrl(getCurrentUri(), getCurrentUri()); - } - } - else { - this.logger.verbose("postLogoutRedirectUri passed as null, not setting post logout redirect uri", validLogoutRequest.correlationId); - } - return validLogoutRequest; - } - /** - * Parses login_hint ID Token Claim out of AccountInfo object to be used as - * logout_hint in end session request. - * @param account - */ - getLogoutHintFromIdTokenClaims(account) { - const idTokenClaims = account.idTokenClaims; - if (idTokenClaims) { - if (idTokenClaims.login_hint) { - return idTokenClaims.login_hint; - } - else { - this.logger.verbose("The ID Token Claims tied to the provided account do not contain a login_hint claim, logoutHint will not be added to logout request"); - } - } - else { - this.logger.verbose("The provided account does not contain ID Token Claims, logoutHint will not be added to logout request"); - } - return null; - } - /** - * Creates an Authorization Code Client with the given authority, or the default authority. - * @param serverTelemetryManager - * @param authorityUrl - */ - async createAuthCodeClient(serverTelemetryManager, authorityUrl, requestAzureCloudOptions, account) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.correlationId); - // Create auth module. - const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, authorityUrl, requestAzureCloudOptions, account); - return new AuthorizationCodeClient(clientConfig, this.performanceClient); - } - /** - * Creates a Client Configuration object with the given request authority, or the default authority. - * @param serverTelemetryManager - * @param requestAuthority - * @param requestCorrelationId - */ - async getClientConfiguration(serverTelemetryManager, requestAuthority, requestAzureCloudOptions, account) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.correlationId); - const discoveredAuthority = await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, this.correlationId)(requestAuthority, requestAzureCloudOptions, account); - const logger = this.config.system.loggerOptions; - return { - authOptions: { - clientId: this.config.auth.clientId, - authority: discoveredAuthority, - clientCapabilities: this.config.auth.clientCapabilities, - }, - systemOptions: { - tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds, - preventCorsPreflight: true, - }, - loggerOptions: { - loggerCallback: logger.loggerCallback, - piiLoggingEnabled: logger.piiLoggingEnabled, - logLevel: logger.logLevel, - correlationId: this.correlationId, - }, - cacheOptions: { - claimsBasedCachingEnabled: this.config.cache.claimsBasedCachingEnabled, - }, - cryptoInterface: this.browserCrypto, - networkInterface: this.networkClient, - storageInterface: this.browserStorage, - serverTelemetryManager: serverTelemetryManager, - libraryInfo: { - sku: BrowserConstants.MSAL_SKU, - version: packageMetadata_version, - cpu: Constants.EMPTY_STRING, - os: Constants.EMPTY_STRING, - }, - telemetry: this.config.telemetry, - }; - } - /** - * Helper to initialize required request parameters for interactive APIs and ssoSilent() - * @param request - * @param interactionType - */ - async initializeAuthorizationRequest(request, interactionType) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.correlationId); - const redirectUri = this.getRedirectUri(request.redirectUri); - const browserState = { - interactionType: interactionType, - }; - const state = ProtocolUtils.setRequestState(this.browserCrypto, (request && request.state) || Constants.EMPTY_STRING, browserState); - const baseRequest = await invokeAsync(initializeBaseRequest, PerformanceEvents.InitializeBaseRequest, this.logger, this.performanceClient, this.correlationId)({ ...request, correlationId: this.correlationId }, this.config, this.performanceClient, this.logger); - const validatedRequest = { - ...baseRequest, - redirectUri: redirectUri, - state: state, - nonce: request.nonce || BrowserCrypto_createNewGuid(), - responseMode: this.config.auth.OIDCOptions - .serverResponseType, - }; - const account = request.account || this.browserStorage.getActiveAccount(); - if (account) { - this.logger.verbose("Setting validated request account", this.correlationId); - this.logger.verbosePii(`Setting validated request account: ${account.homeAccountId}`, this.correlationId); - validatedRequest.account = account; - } - // Check for ADAL/MSAL v1 SSO - if (!validatedRequest.loginHint && !account) { - const legacyLoginHint = this.browserStorage.getLegacyLoginHint(); - if (legacyLoginHint) { - validatedRequest.loginHint = legacyLoginHint; - } - } - return validatedRequest; - } -} - - -//# sourceMappingURL=StandardInteractionClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/error/NativeAuthErrorCodes.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const contentError = "ContentError"; -const userSwitch = "user_switch"; - - -//# sourceMappingURL=NativeAuthErrorCodes.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/broker/nativeBroker/NativeStatusCodes.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -// Status Codes that can be thrown by WAM -const USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED"; -const USER_CANCEL = "USER_CANCEL"; -const NO_NETWORK = "NO_NETWORK"; -const PERSISTENT_ERROR = "PERSISTENT_ERROR"; -const DISABLED = "DISABLED"; -const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE"; - - -//# sourceMappingURL=NativeStatusCodes.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/error/NativeAuthError.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const INVALID_METHOD_ERROR = -2147186943; -const NativeAuthErrorMessages = { - [userSwitch]: "User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again.", -}; -class NativeAuthError extends AuthError { - constructor(errorCode, description, ext) { - super(errorCode, description); - Object.setPrototypeOf(this, NativeAuthError.prototype); - this.name = "NativeAuthError"; - this.ext = ext; - } -} -/** - * These errors should result in a fallback to the 'standard' browser based auth flow. - */ -function isFatalNativeAuthError(error) { - if (error.ext && - error.ext.status && - (error.ext.status === PERSISTENT_ERROR || - error.ext.status === DISABLED)) { - return true; - } - if (error.ext && - error.ext.error && - error.ext.error === INVALID_METHOD_ERROR) { - return true; - } - switch (error.errorCode) { - case contentError: - return true; - default: - return false; - } -} -/** - * Create the appropriate error object based on the WAM status code. - * @param code - * @param description - * @param ext - * @returns - */ -function createNativeAuthError(code, description, ext) { - if (ext && ext.status) { - switch (ext.status) { - case ACCOUNT_UNAVAILABLE: - return createInteractionRequiredAuthError(nativeAccountUnavailable); - case USER_INTERACTION_REQUIRED: - return new InteractionRequiredAuthError(code, description); - case USER_CANCEL: - return createBrowserAuthError(userCancelled); - case NO_NETWORK: - return createBrowserAuthError(BrowserAuthErrorCodes_noNetworkConnectivity); - } - } - return new NativeAuthError(code, NativeAuthErrorMessages[code] || description, ext); -} - - -//# sourceMappingURL=NativeAuthError.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/client/RefreshTokenClient.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - - - - - - - - - - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS = 300; // 5 Minutes -/** - * OAuth2.0 refresh token client - * @internal - */ -class RefreshTokenClient extends BaseClient { - constructor(configuration, performanceClient) { - super(configuration, performanceClient); - } - async acquireToken(request) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireToken, request.correlationId); - const reqTimestamp = nowSeconds(); - const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.RefreshTokenClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(request, this.authority); - // Retrieve requestId from response headers - const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID]; - const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin); - responseHandler.validateTokenResponse(response.body); - return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, undefined, undefined, true, request.forceCache, requestId); - } - /** - * Gets cached refresh token and attaches to request, then calls acquireToken API - * @param request - */ - async acquireTokenByRefreshToken(request) { - // Cannot renew token if no request object is given. - if (!request) { - throw createClientConfigurationError(tokenRequestEmpty); - } - this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, request.correlationId); - // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases - if (!request.account) { - throw createClientAuthError(noAccountInSilentRequest); - } - // try checking if FOCI is enabled for the given application - const isFOCI = this.cacheManager.isAppMetadataFOCI(request.account.environment); - // if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest - if (isFOCI) { - try { - return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true); - } - catch (e) { - const noFamilyRTInCache = e instanceof InteractionRequiredAuthError && - e.errorCode === - noTokensFound; - const clientMismatchErrorWithFamilyRT = e instanceof ServerError && - e.errorCode === Errors.INVALID_GRANT_ERROR && - e.subError === Errors.CLIENT_MISMATCH_ERROR; - // if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART) - if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) { - return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false); - // throw in all other cases - } - else { - throw e; - } - } - } - // fall back to application refresh token acquisition - return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false); - } - /** - * makes a network call to acquire tokens by exchanging RefreshToken available in userCache; throws if refresh token is not cached - * @param request - */ - async acquireTokenWithCachedRefreshToken(request, foci) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId); - // fetches family RT or application RT based on FOCI value - const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, undefined, this.performanceClient, request.correlationId); - if (!refreshToken) { - throw createInteractionRequiredAuthError(noTokensFound); - } - if (refreshToken.expiresOn && - isTokenExpired(refreshToken.expiresOn, request.refreshTokenExpirationOffsetSeconds || - DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS)) { - throw createInteractionRequiredAuthError(refreshTokenExpired); - } - // attach cached RT size to the current measurement - const refreshTokenRequest = { - ...request, - refreshToken: refreshToken.secret, - authenticationScheme: request.authenticationScheme || AuthenticationScheme.BEARER, - ccsCredential: { - credential: request.account.homeAccountId, - type: CcsCredentialType.HOME_ACCOUNT_ID, - }, - }; - try { - return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest); - } - catch (e) { - if (e instanceof InteractionRequiredAuthError && - e.subError === badToken) { - // Remove bad refresh token from cache - this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache"); - const badRefreshTokenKey = generateCredentialKey(refreshToken); - this.cacheManager.removeRefreshToken(badRefreshTokenKey); - } - throw e; - } - } - /** - * Constructs the network message and makes a NW call to the underlying secure token service - * @param request - * @param authority - */ - async executeTokenRequest(request, authority) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientExecuteTokenRequest, request.correlationId); - const queryParametersString = this.createTokenQueryParameters(request); - const endpoint = UrlString.appendQueryString(authority.tokenEndpoint, queryParametersString); - const requestBody = await invokeAsync(this.createTokenRequestBody.bind(this), PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, this.logger, this.performanceClient, request.correlationId)(request); - const headers = this.createTokenRequestHeaders(request.ccsCredential); - const thumbprint = { - clientId: request.tokenBodyParameters?.clientId || - this.config.authOptions.clientId, - authority: authority.canonicalAuthority, - scopes: request.scopes, - claims: request.claims, - authenticationScheme: request.authenticationScheme, - resourceRequestMethod: request.resourceRequestMethod, - resourceRequestUri: request.resourceRequestUri, - shrClaims: request.shrClaims, - sshKid: request.sshKid, - }; - return invokeAsync(this.executePostToTokenEndpoint.bind(this), PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint, this.logger, this.performanceClient, request.correlationId)(endpoint, requestBody, headers, thumbprint, request.correlationId, PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint); - } - /** - * Helper function to create the token request body - * @param request - */ - async createTokenRequestBody(request) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, request.correlationId); - const correlationId = request.correlationId; - const parameterBuilder = new RequestParameterBuilder(); - parameterBuilder.addClientId(request.tokenBodyParameters?.[CLIENT_ID] || - this.config.authOptions.clientId); - if (request.redirectUri) { - parameterBuilder.addRedirectUri(request.redirectUri); - } - parameterBuilder.addScopes(request.scopes, true, this.config.authOptions.authority.options.OIDCOptions?.defaultScopes); - parameterBuilder.addGrantType(GrantType.REFRESH_TOKEN_GRANT); - parameterBuilder.addClientInfo(); - parameterBuilder.addLibraryInfo(this.config.libraryInfo); - parameterBuilder.addApplicationTelemetry(this.config.telemetry.application); - parameterBuilder.addThrottling(); - if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) { - parameterBuilder.addServerTelemetry(this.serverTelemetryManager); - } - parameterBuilder.addCorrelationId(correlationId); - parameterBuilder.addRefreshToken(request.refreshToken); - if (this.config.clientCredentials.clientSecret) { - parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret); - } - if (this.config.clientCredentials.clientAssertion) { - const clientAssertion = this.config.clientCredentials.clientAssertion; - parameterBuilder.addClientAssertion(await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri)); - parameterBuilder.addClientAssertionType(clientAssertion.assertionType); - } - if (request.authenticationScheme === AuthenticationScheme.POP) { - const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient); - let reqCnfData; - if (!request.popKid) { - const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger); - reqCnfData = generatedReqCnfData.reqCnfString; - } - else { - reqCnfData = this.cryptoUtils.encodeKid(request.popKid); - } - // SPA PoP requires full Base64Url encoded req_cnf string (unhashed) - parameterBuilder.addPopToken(reqCnfData); - } - else if (request.authenticationScheme === AuthenticationScheme.SSH) { - if (request.sshJwk) { - parameterBuilder.addSshJwk(request.sshJwk); - } - else { - throw createClientConfigurationError(missingSshJwk); - } - } - if (!StringUtils.isEmptyObj(request.claims) || - (this.config.authOptions.clientCapabilities && - this.config.authOptions.clientCapabilities.length > 0)) { - parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities); - } - if (this.config.systemOptions.preventCorsPreflight && - request.ccsCredential) { - switch (request.ccsCredential.type) { - case CcsCredentialType.HOME_ACCOUNT_ID: - try { - const clientInfo = buildClientInfoFromHomeAccountId(request.ccsCredential.credential); - parameterBuilder.addCcsOid(clientInfo); - } - catch (e) { - this.logger.verbose("Could not parse home account ID for CCS Header: " + - e); - } - break; - case CcsCredentialType.UPN: - parameterBuilder.addCcsUpn(request.ccsCredential.credential); - break; - } - } - if (request.tokenBodyParameters) { - parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters); - } - return parameterBuilder.createQueryString(); - } -} - - -//# sourceMappingURL=RefreshTokenClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-common/dist/client/SilentFlowClient.mjs -/*! @azure/msal-common v14.14.0 2024-07-23 */ - - - - - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** @internal */ -class SilentFlowClient extends BaseClient { - constructor(configuration, performanceClient) { - super(configuration, performanceClient); - } - /** - * Retrieves a token from cache if it is still valid, or uses the cached refresh token to renew - * the given token and returns the renewed token - * @param request - */ - async acquireToken(request) { - try { - const [authResponse, cacheOutcome] = await this.acquireCachedToken({ - ...request, - scopes: request.scopes?.length - ? request.scopes - : [...OIDC_DEFAULT_SCOPES], - }); - // if the token is not expired but must be refreshed; get a new one in the background - if (cacheOutcome === CacheOutcome.PROACTIVELY_REFRESHED) { - this.logger.info("SilentFlowClient:acquireCachedToken - Cached access token's refreshOn property has been exceeded'. It's not expired, but must be refreshed."); - // refresh the access token in the background - const refreshTokenClient = new RefreshTokenClient(this.config, this.performanceClient); - refreshTokenClient - .acquireTokenByRefreshToken(request) - .catch(() => { - // do nothing, this is running in the background and no action is to be taken upon success or failure - }); - } - // return the cached token - return authResponse; - } - catch (e) { - if (e instanceof ClientAuthError && - e.errorCode === tokenRefreshRequired) { - const refreshTokenClient = new RefreshTokenClient(this.config, this.performanceClient); - return refreshTokenClient.acquireTokenByRefreshToken(request); - } - else { - throw e; - } - } - } - /** - * Retrieves token from cache or throws an error if it must be refreshed. - * @param request - */ - async acquireCachedToken(request) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientAcquireCachedToken, request.correlationId); - let lastCacheOutcome = CacheOutcome.NOT_APPLICABLE; - if (request.forceRefresh || - (!this.config.cacheOptions.claimsBasedCachingEnabled && - !StringUtils.isEmptyObj(request.claims))) { - // Must refresh due to present force_refresh flag. - this.setCacheOutcome(CacheOutcome.FORCE_REFRESH_OR_CLAIMS, request.correlationId); - throw createClientAuthError(tokenRefreshRequired); - } - // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases - if (!request.account) { - throw createClientAuthError(noAccountInSilentRequest); - } - const requestTenantId = request.account.tenantId || - getTenantFromAuthorityString(request.authority); - const tokenKeys = this.cacheManager.getTokenKeys(); - const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId, this.performanceClient, request.correlationId); - if (!cachedAccessToken) { - // must refresh due to non-existent access_token - this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId); - throw createClientAuthError(tokenRefreshRequired); - } - else if (wasClockTurnedBack(cachedAccessToken.cachedAt) || - isTokenExpired(cachedAccessToken.expiresOn, this.config.systemOptions.tokenRenewalOffsetSeconds)) { - // must refresh due to the expires_in value - this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId); - throw createClientAuthError(tokenRefreshRequired); - } - else if (cachedAccessToken.refreshOn && - isTokenExpired(cachedAccessToken.refreshOn, 0)) { - // must refresh (in the background) due to the refresh_in value - lastCacheOutcome = CacheOutcome.PROACTIVELY_REFRESHED; - // don't throw ClientAuthError.createRefreshRequiredError(), return cached token instead - } - const environment = request.authority || this.authority.getPreferredCache(); - const cacheRecord = { - account: this.cacheManager.readAccountFromCache(request.account), - accessToken: cachedAccessToken, - idToken: this.cacheManager.getIdToken(request.account, tokenKeys, requestTenantId, this.performanceClient, request.correlationId), - refreshToken: null, - appMetadata: this.cacheManager.readAppMetadataFromCache(environment), - }; - this.setCacheOutcome(lastCacheOutcome, request.correlationId); - if (this.config.serverTelemetryManager) { - this.config.serverTelemetryManager.incrementCacheHits(); - } - return [ - await invokeAsync(this.generateResultFromCacheRecord.bind(this), PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, this.logger, this.performanceClient, request.correlationId)(cacheRecord, request), - lastCacheOutcome, - ]; - } - setCacheOutcome(cacheOutcome, correlationId) { - this.serverTelemetryManager?.setCacheOutcome(cacheOutcome); - this.performanceClient?.addFields({ - cacheOutcome: cacheOutcome, - }, correlationId); - if (cacheOutcome !== CacheOutcome.NOT_APPLICABLE) { - this.logger.info(`Token refresh is required due to cache outcome: ${cacheOutcome}`); - } - } - /** - * Helper function to build response object from the CacheRecord - * @param cacheRecord - */ - async generateResultFromCacheRecord(cacheRecord, request) { - this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, request.correlationId); - let idTokenClaims; - if (cacheRecord.idToken) { - idTokenClaims = extractTokenClaims(cacheRecord.idToken.secret, this.config.cryptoInterface.base64Decode); - } - // token max_age check - if (request.maxAge || request.maxAge === 0) { - const authTime = idTokenClaims?.auth_time; - if (!authTime) { - throw createClientAuthError(authTimeNotFound); - } - checkMaxAge(authTime, request.maxAge); - } - return ResponseHandler.generateAuthenticationResult(this.cryptoUtils, this.authority, cacheRecord, true, request, idTokenClaims); - } -} - - -//# sourceMappingURL=SilentFlowClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_client/SilentCacheClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class SilentCacheClient extends StandardInteractionClient { - /** - * Returns unexpired tokens from the cache, if available - * @param silentRequest - */ - async acquireToken(silentRequest) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentCacheClientAcquireToken, silentRequest.correlationId); - // Telemetry manager only used to increment cacheHits here - const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow); - const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, silentRequest.authority, silentRequest.azureCloudOptions, silentRequest.account); - const silentAuthClient = new SilentFlowClient(clientConfig, this.performanceClient); - this.logger.verbose("Silent auth client created"); - try { - const response = await invokeAsync(silentAuthClient.acquireCachedToken.bind(silentAuthClient), PerformanceEvents.SilentFlowClientAcquireCachedToken, this.logger, this.performanceClient, silentRequest.correlationId)(silentRequest); - const authResponse = response[0]; - this.performanceClient.addFields({ - fromCache: true, - }, silentRequest.correlationId); - return authResponse; - } - catch (error) { - if (error instanceof BrowserAuthError && - error.errorCode === cryptoKeyNotFound) { - this.logger.verbose("Signing keypair for bound access token not found. Refreshing bound access token and generating a new crypto keypair."); - } - throw error; - } - } - /** - * API to silenty clear the browser cache. - * @param logoutRequest - */ - logout(logoutRequest) { - this.logger.verbose("logoutRedirect called"); - const validLogoutRequest = this.initializeLogoutRequest(logoutRequest); - return this.clearCacheOnLogout(validLogoutRequest?.account); - } -} - - -//# sourceMappingURL=SilentCacheClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_client/NativeInteractionClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - - - - - - - - - - - -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -const BrokerServerParamKeys = { - BROKER_CLIENT_ID: "brk_client_id", - BROKER_REDIRECT_URI: "brk_redirect_uri", -}; -class NativeInteractionClient extends BaseInteractionClient { - constructor(config, browserStorage, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, provider, accountId, nativeStorageImpl, correlationId) { - super(config, browserStorage, browserCrypto, logger, eventHandler, navigationClient, performanceClient, provider, correlationId); - this.apiId = apiId; - this.accountId = accountId; - this.nativeMessageHandler = provider; - this.nativeStorageManager = nativeStorageImpl; - this.silentCacheClient = new SilentCacheClient(config, this.nativeStorageManager, browserCrypto, logger, eventHandler, navigationClient, performanceClient, provider, correlationId); - this.serverTelemetryManager = this.initializeServerTelemetryManager(this.apiId); - const extensionName = this.nativeMessageHandler.getExtensionId() === - NativeConstants.PREFERRED_EXTENSION_ID - ? "chrome" - : this.nativeMessageHandler.getExtensionId()?.length - ? "unknown" - : undefined; - this.skus = ServerTelemetryManager.makeExtraSkuString({ - libraryName: BrowserConstants.MSAL_SKU, - libraryVersion: packageMetadata_version, - extensionName: extensionName, - extensionVersion: this.nativeMessageHandler.getExtensionVersion(), - }); - } - /** - * Adds SKUs to request extra query parameters - * @param request {NativeTokenRequest} - * @private - */ - addRequestSKUs(request) { - request.extraParameters = { - ...request.extraParameters, - [X_CLIENT_EXTRA_SKU]: this.skus, - }; - } - /** - * Acquire token from native platform via browser extension - * @param request - */ - async acquireToken(request) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.NativeInteractionClientAcquireToken, request.correlationId); - this.logger.trace("NativeInteractionClient - acquireToken called."); - // start the perf measurement - const nativeATMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.NativeInteractionClientAcquireToken, request.correlationId); - const reqTimestamp = nowSeconds(); - try { - // initialize native request - const nativeRequest = await this.initializeNativeRequest(request); - // check if the tokens can be retrieved from internal cache - try { - const result = await this.acquireTokensFromCache(this.accountId, nativeRequest); - nativeATMeasurement.end({ - success: true, - isNativeBroker: false, - fromCache: true, - }); - return result; - } - catch (e) { - // continue with a native call for any and all errors - this.logger.info("MSAL internal Cache does not contain tokens, proceed to make a native call"); - } - const { ...nativeTokenRequest } = nativeRequest; - // fall back to native calls - const messageBody = { - method: NativeExtensionMethod.GetToken, - request: nativeTokenRequest, - }; - const response = await this.nativeMessageHandler.sendMessage(messageBody); - const validatedResponse = this.validateNativeResponse(response); - return await this.handleNativeResponse(validatedResponse, nativeRequest, reqTimestamp) - .then((result) => { - nativeATMeasurement.end({ - success: true, - isNativeBroker: true, - requestId: result.requestId, - }); - this.serverTelemetryManager.clearNativeBrokerErrorCode(); - return result; - }) - .catch((error) => { - nativeATMeasurement.end({ - success: false, - errorCode: error.errorCode, - subErrorCode: error.subError, - isNativeBroker: true, - }); - throw error; - }); - } - catch (e) { - if (e instanceof NativeAuthError) { - this.serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode); - } - throw e; - } - } - /** - * Creates silent flow request - * @param request - * @param cachedAccount - * @returns CommonSilentFlowRequest - */ - createSilentCacheRequest(request, cachedAccount) { - return { - authority: request.authority, - correlationId: this.correlationId, - scopes: ScopeSet.fromString(request.scope).asArray(), - account: cachedAccount, - forceRefresh: false, - }; - } - /** - * Fetches the tokens from the cache if un-expired - * @param nativeAccountId - * @param request - * @returns authenticationResult - */ - async acquireTokensFromCache(nativeAccountId, request) { - if (!nativeAccountId) { - this.logger.warning("NativeInteractionClient:acquireTokensFromCache - No nativeAccountId provided"); - throw createClientAuthError(noAccountFound); - } - // fetch the account from browser cache - const account = this.browserStorage.getBaseAccountInfo({ - nativeAccountId, - }); - if (!account) { - throw createClientAuthError(noAccountFound); - } - // leverage silent flow for cached tokens retrieval - try { - const silentRequest = this.createSilentCacheRequest(request, account); - const result = await this.silentCacheClient.acquireToken(silentRequest); - const fullAccount = { - ...account, - idTokenClaims: result?.idTokenClaims, - idToken: result?.idToken, - }; - return { - ...result, - account: fullAccount, - }; - } - catch (e) { - throw e; - } - } - /** - * Acquires a token from native platform then redirects to the redirectUri instead of returning the response - * @param {RedirectRequest} request - * @param {InProgressPerformanceEvent} rootMeasurement - */ - async acquireTokenRedirect(request, rootMeasurement) { - this.logger.trace("NativeInteractionClient - acquireTokenRedirect called."); - const { ...remainingParameters } = request; - delete remainingParameters.onRedirectNavigate; - const nativeRequest = await this.initializeNativeRequest(remainingParameters); - const messageBody = { - method: NativeExtensionMethod.GetToken, - request: nativeRequest, - }; - try { - const response = await this.nativeMessageHandler.sendMessage(messageBody); - this.validateNativeResponse(response); - } - catch (e) { - // Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise - if (e instanceof NativeAuthError) { - this.serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode); - if (isFatalNativeAuthError(e)) { - throw e; - } - } - } - this.browserStorage.setTemporaryCache(TemporaryCacheKeys.NATIVE_REQUEST, JSON.stringify(nativeRequest), true); - const navigationOptions = { - apiId: ApiId.acquireTokenRedirect, - timeout: this.config.system.redirectNavigationTimeout, - noHistory: false, - }; - const redirectUri = this.config.auth.navigateToLoginRequestUrl - ? window.location.href - : this.getRedirectUri(request.redirectUri); - rootMeasurement.end({ success: true }); - await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again - } - /** - * If the previous page called native platform for a token using redirect APIs, send the same request again and return the response - * @param performanceClient {IPerformanceClient?} - * @param correlationId {string?} correlation identifier - */ - async handleRedirectPromise(performanceClient, correlationId) { - this.logger.trace("NativeInteractionClient - handleRedirectPromise called."); - if (!this.browserStorage.isInteractionInProgress(true)) { - this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."); - return null; - } - // remove prompt from the request to prevent WAM from prompting twice - const cachedRequest = this.browserStorage.getCachedNativeRequest(); - if (!cachedRequest) { - this.logger.verbose("NativeInteractionClient - handleRedirectPromise called but there is no cached request, returning null."); - if (performanceClient && correlationId) { - performanceClient?.addFields({ errorCode: "no_cached_request" }, correlationId); - } - return null; - } - const { prompt, ...request } = cachedRequest; - if (prompt) { - this.logger.verbose("NativeInteractionClient - handleRedirectPromise called and prompt was included in the original request, removing prompt from cached request to prevent second interaction with native broker window."); - } - this.browserStorage.removeItem(this.browserStorage.generateCacheKey(TemporaryCacheKeys.NATIVE_REQUEST)); - const messageBody = { - method: NativeExtensionMethod.GetToken, - request: request, - }; - const reqTimestamp = nowSeconds(); - try { - this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker."); - const response = await this.nativeMessageHandler.sendMessage(messageBody); - this.validateNativeResponse(response); - const result = this.handleNativeResponse(response, request, reqTimestamp); - this.browserStorage.setInteractionInProgress(false); - const res = await result; - this.serverTelemetryManager.clearNativeBrokerErrorCode(); - return res; - } - catch (e) { - this.browserStorage.setInteractionInProgress(false); - throw e; - } - } - /** - * Logout from native platform via browser extension - * @param request - */ - logout() { - this.logger.trace("NativeInteractionClient - logout called."); - return Promise.reject("Logout not implemented yet"); - } - /** - * Transform response from native platform into AuthenticationResult object which will be returned to the end user - * @param response - * @param request - * @param reqTimestamp - */ - async handleNativeResponse(response, request, reqTimestamp) { - this.logger.trace("NativeInteractionClient - handleNativeResponse called."); - // generate identifiers - const idTokenClaims = extractTokenClaims(response.id_token, base64Decode); - const homeAccountIdentifier = this.createHomeAccountIdentifier(response, idTokenClaims); - const cachedhomeAccountId = this.browserStorage.getAccountInfoFilteredBy({ - nativeAccountId: request.accountId, - })?.homeAccountId; - if (homeAccountIdentifier !== cachedhomeAccountId && - response.account.id !== request.accountId) { - // User switch in native broker prompt is not supported. All users must first sign in through web flow to ensure server state is in sync - throw createNativeAuthError(userSwitch); - } - // Get the preferred_cache domain for the given authority - const authority = await this.getDiscoveredAuthority(request.authority); - const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, idTokenClaims, response.client_info, undefined, // environment - idTokenClaims.tid, undefined, // auth code payload - response.account.id, this.logger); - // generate authenticationResult - const result = await this.generateAuthenticationResult(response, request, idTokenClaims, baseAccount, authority.canonicalAuthority, reqTimestamp); - // cache accounts and tokens in the appropriate storage - this.cacheAccount(baseAccount); - this.cacheNativeTokens(response, request, homeAccountIdentifier, idTokenClaims, response.access_token, result.tenantId, reqTimestamp); - return result; - } - /** - * creates an homeAccountIdentifier for the account - * @param response - * @param idTokenObj - * @returns - */ - createHomeAccountIdentifier(response, idTokenClaims) { - // Save account in browser storage - const homeAccountIdentifier = AccountEntity.generateHomeAccountId(response.client_info || Constants.EMPTY_STRING, AuthorityType.Default, this.logger, this.browserCrypto, idTokenClaims); - return homeAccountIdentifier; - } - /** - * Helper to generate scopes - * @param response - * @param request - * @returns - */ - generateScopes(response, request) { - return response.scope - ? ScopeSet.fromString(response.scope) - : ScopeSet.fromString(request.scope); - } - /** - * If PoP token is requesred, records the PoP token if returned from the WAM, else generates one in the browser - * @param request - * @param response - */ - async generatePopAccessToken(response, request) { - if (request.tokenType === AuthenticationScheme.POP && - request.signPopToken) { - /** - * This code prioritizes SHR returned from the native layer. In case of error/SHR not calculated from WAM and the AT - * is still received, SHR is calculated locally - */ - // Check if native layer returned an SHR token - if (response.shr) { - this.logger.trace("handleNativeServerResponse: SHR is enabled in native layer"); - return response.shr; - } - // Generate SHR in msal js if WAM does not compute it when POP is enabled - const popTokenGenerator = new PopTokenGenerator(this.browserCrypto); - const shrParameters = { - resourceRequestMethod: request.resourceRequestMethod, - resourceRequestUri: request.resourceRequestUri, - shrClaims: request.shrClaims, - shrNonce: request.shrNonce, - }; - /** - * KeyID must be present in the native request from when the PoP key was generated in order for - * PopTokenGenerator to query the full key for signing - */ - if (!request.keyId) { - throw createClientAuthError(keyIdMissing); - } - return popTokenGenerator.signPopToken(response.access_token, request.keyId, shrParameters); - } - else { - return response.access_token; - } - } - /** - * Generates authentication result - * @param response - * @param request - * @param idTokenObj - * @param accountEntity - * @param authority - * @param reqTimestamp - * @returns - */ - async generateAuthenticationResult(response, request, idTokenClaims, accountEntity, authority, reqTimestamp) { - // Add Native Broker fields to Telemetry - const mats = this.addTelemetryFromNativeResponse(response); - // If scopes not returned in server response, use request scopes - const responseScopes = response.scope - ? ScopeSet.fromString(response.scope) - : ScopeSet.fromString(request.scope); - const accountProperties = response.account.properties || {}; - const uid = accountProperties["UID"] || - idTokenClaims.oid || - idTokenClaims.sub || - Constants.EMPTY_STRING; - const tid = accountProperties["TenantId"] || - idTokenClaims.tid || - Constants.EMPTY_STRING; - const accountInfo = updateAccountTenantProfileData(accountEntity.getAccountInfo(), undefined, // tenantProfile optional - idTokenClaims, response.id_token); - /** - * In pairwise broker flows, this check prevents the broker's native account id - * from being returned over the embedded app's account id. - */ - if (accountInfo.nativeAccountId !== response.account.id) { - accountInfo.nativeAccountId = response.account.id; - } - // generate PoP token as needed - const responseAccessToken = await this.generatePopAccessToken(response, request); - const tokenType = request.tokenType === AuthenticationScheme.POP - ? AuthenticationScheme.POP - : AuthenticationScheme.BEARER; - const result = { - authority: authority, - uniqueId: uid, - tenantId: tid, - scopes: responseScopes.asArray(), - account: accountInfo, - idToken: response.id_token, - idTokenClaims: idTokenClaims, - accessToken: responseAccessToken, - fromCache: mats ? this.isResponseFromCache(mats) : false, - expiresOn: new Date(Number(reqTimestamp + response.expires_in) * 1000), - tokenType: tokenType, - correlationId: this.correlationId, - state: response.state, - fromNativeBroker: true, - }; - return result; - } - /** - * cache the account entity in browser storage - * @param accountEntity - */ - cacheAccount(accountEntity) { - // Store the account info and hence `nativeAccountId` in browser cache - this.browserStorage.setAccount(accountEntity); - // Remove any existing cached tokens for this account in browser storage - this.browserStorage.removeAccountContext(accountEntity).catch((e) => { - this.logger.error(`Error occurred while removing account context from browser storage. ${e}`); - }); - } - /** - * Stores the access_token and id_token in inmemory storage - * @param response - * @param request - * @param homeAccountIdentifier - * @param idTokenObj - * @param responseAccessToken - * @param tenantId - * @param reqTimestamp - */ - cacheNativeTokens(response, request, homeAccountIdentifier, idTokenClaims, responseAccessToken, tenantId, reqTimestamp) { - const cachedIdToken = createIdTokenEntity(homeAccountIdentifier, request.authority, response.id_token || "", request.clientId, idTokenClaims.tid || ""); - // cache accessToken in inmemory storage - const expiresIn = request.tokenType === AuthenticationScheme.POP - ? Constants.SHR_NONCE_VALIDITY - : (typeof response.expires_in === "string" - ? parseInt(response.expires_in, 10) - : response.expires_in) || 0; - const tokenExpirationSeconds = reqTimestamp + expiresIn; - const responseScopes = this.generateScopes(response, request); - const cachedAccessToken = createAccessTokenEntity(homeAccountIdentifier, request.authority, responseAccessToken, request.clientId, idTokenClaims.tid || tenantId, responseScopes.printScopes(), tokenExpirationSeconds, 0, base64Decode, undefined, request.tokenType, undefined, request.keyId); - const nativeCacheRecord = { - idToken: cachedIdToken, - accessToken: cachedAccessToken, - }; - void this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, request.storeInCache); - } - addTelemetryFromNativeResponse(response) { - const mats = this.getMATSFromResponse(response); - if (!mats) { - return null; - } - this.performanceClient.addFields({ - extensionId: this.nativeMessageHandler.getExtensionId(), - extensionVersion: this.nativeMessageHandler.getExtensionVersion(), - matsBrokerVersion: mats.broker_version, - matsAccountJoinOnStart: mats.account_join_on_start, - matsAccountJoinOnEnd: mats.account_join_on_end, - matsDeviceJoin: mats.device_join, - matsPromptBehavior: mats.prompt_behavior, - matsApiErrorCode: mats.api_error_code, - matsUiVisible: mats.ui_visible, - matsSilentCode: mats.silent_code, - matsSilentBiSubCode: mats.silent_bi_sub_code, - matsSilentMessage: mats.silent_message, - matsSilentStatus: mats.silent_status, - matsHttpStatus: mats.http_status, - matsHttpEventCount: mats.http_event_count, - }, this.correlationId); - return mats; - } - /** - * Validates native platform response before processing - * @param response - */ - validateNativeResponse(response) { - if (response.hasOwnProperty("access_token") && - response.hasOwnProperty("id_token") && - response.hasOwnProperty("client_info") && - response.hasOwnProperty("account") && - response.hasOwnProperty("scope") && - response.hasOwnProperty("expires_in")) { - return response; - } - else { - throw createAuthError(unexpectedError, "Response missing expected properties."); - } - } - /** - * Gets MATS telemetry from native response - * @param response - * @returns - */ - getMATSFromResponse(response) { - if (response.properties.MATS) { - try { - return JSON.parse(response.properties.MATS); - } - catch (e) { - this.logger.error("NativeInteractionClient - Error parsing MATS telemetry, returning null instead"); - } - } - return null; - } - /** - * Returns whether or not response came from native cache - * @param response - * @returns - */ - isResponseFromCache(mats) { - if (typeof mats.is_cached === "undefined") { - this.logger.verbose("NativeInteractionClient - MATS telemetry does not contain field indicating if response was served from cache. Returning false."); - return false; - } - return !!mats.is_cached; - } - /** - * Translates developer provided request object into NativeRequest object - * @param request - */ - async initializeNativeRequest(request) { - this.logger.trace("NativeInteractionClient - initializeNativeRequest called"); - const authority = request.authority || this.config.auth.authority; - if (request.account) { - // validate authority - await this.getDiscoveredAuthority(authority, request.azureCloudOptions, request.account); - } - const canonicalAuthority = new UrlString(authority); - canonicalAuthority.validateAsUri(); - // scopes are expected to be received by the native broker as "scope" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here. - const { scopes, ...remainingProperties } = request; - const scopeSet = new ScopeSet(scopes || []); - scopeSet.appendScopes(OIDC_DEFAULT_SCOPES); - const getPrompt = () => { - // If request is silent, prompt is always none - switch (this.apiId) { - case ApiId.ssoSilent: - case ApiId.acquireTokenSilent_silentFlow: - this.logger.trace("initializeNativeRequest: silent request sets prompt to none"); - return PromptValue.NONE; - } - // Prompt not provided, request may proceed and native broker decides if it needs to prompt - if (!request.prompt) { - this.logger.trace("initializeNativeRequest: prompt was not provided"); - return undefined; - } - // If request is interactive, check if prompt provided is allowed to go directly to native broker - switch (request.prompt) { - case PromptValue.NONE: - case PromptValue.CONSENT: - case PromptValue.LOGIN: - this.logger.trace("initializeNativeRequest: prompt is compatible with native flow"); - return request.prompt; - default: - this.logger.trace(`initializeNativeRequest: prompt = ${request.prompt} is not compatible with native flow`); - throw createBrowserAuthError(nativePromptNotSupported); - } - }; - const validatedRequest = { - ...remainingProperties, - accountId: this.accountId, - clientId: this.config.auth.clientId, - authority: canonicalAuthority.urlString, - scope: scopeSet.printScopes(), - redirectUri: this.getRedirectUri(request.redirectUri), - prompt: getPrompt(), - correlationId: this.correlationId, - tokenType: request.authenticationScheme, - windowTitleSubstring: document.title, - extraParameters: { - ...request.extraQueryParameters, - ...request.tokenQueryParameters, - }, - extendedExpiryToken: false, - keyId: request.popKid, - }; - // Check for PoP token requests: signPopToken should only be set to true if popKid is not set - if (validatedRequest.signPopToken && !!request.popKid) { - throw createBrowserAuthError(invalidPopTokenRequest); - } - this.handleExtraBrokerParams(validatedRequest); - validatedRequest.extraParameters = - validatedRequest.extraParameters || {}; - validatedRequest.extraParameters.telemetry = - NativeConstants.MATS_TELEMETRY; - if (request.authenticationScheme === AuthenticationScheme.POP) { - // add POP request type - const shrParameters = { - resourceRequestUri: request.resourceRequestUri, - resourceRequestMethod: request.resourceRequestMethod, - shrClaims: request.shrClaims, - shrNonce: request.shrNonce, - }; - const popTokenGenerator = new PopTokenGenerator(this.browserCrypto); - // generate reqCnf if not provided in the request - let reqCnfData; - if (!validatedRequest.keyId) { - const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(shrParameters, this.logger); - reqCnfData = generatedReqCnfData.reqCnfString; - validatedRequest.keyId = generatedReqCnfData.kid; - validatedRequest.signPopToken = true; - } - else { - reqCnfData = this.browserCrypto.base64UrlEncode(JSON.stringify({ kid: validatedRequest.keyId })); - validatedRequest.signPopToken = false; - } - // SPAs require whole string to be passed to broker - validatedRequest.reqCnf = reqCnfData; - } - this.addRequestSKUs(validatedRequest); - return validatedRequest; - } - /** - * Handles extra broker request parameters - * @param request {NativeTokenRequest} - * @private - */ - handleExtraBrokerParams(request) { - if (!request.extraParameters) { - return; - } - if (request.extraParameters.hasOwnProperty(BrokerServerParamKeys.BROKER_CLIENT_ID) && - request.extraParameters.hasOwnProperty(BrokerServerParamKeys.BROKER_REDIRECT_URI) && - request.extraParameters.hasOwnProperty(CLIENT_ID)) { - const child_client_id = request.extraParameters[CLIENT_ID]; - const child_redirect_uri = request.redirectUri; - const brk_redirect_uri = request.extraParameters[BrokerServerParamKeys.BROKER_REDIRECT_URI]; - request.extraParameters = { - child_client_id, - child_redirect_uri, - }; - request.redirectUri = brk_redirect_uri; - } - } -} - - -//# sourceMappingURL=NativeInteractionClient.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/broker/nativeBroker/NativeMessageHandler.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - +//# sourceMappingURL=RegionDiscovery.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/authority/Authority.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + + + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * The authority class validates the authority URIs used by the user, and retrieves the OpenID Configuration Data from the + * endpoint. It will store the pertinent config data in this object for use during token calls. + * @internal + */ +class Authority { + constructor(authority, networkInterface, cacheManager, authorityOptions, logger, correlationId, performanceClient, managedIdentity) { + this.canonicalAuthority = authority; + this._canonicalAuthority.validateAsUri(); + this.networkInterface = networkInterface; + this.cacheManager = cacheManager; + this.authorityOptions = authorityOptions; + this.regionDiscoveryMetadata = { + region_used: undefined, + region_source: undefined, + region_outcome: undefined, + }; + this.logger = logger; + this.performanceClient = performanceClient; + this.correlationId = correlationId; + this.managedIdentity = managedIdentity || false; + this.regionDiscovery = new RegionDiscovery(networkInterface, this.logger, this.performanceClient, this.correlationId); + } + /** + * Get {@link AuthorityType} + * @param authorityUri {@link IUri} + * @private + */ + getAuthorityType(authorityUri) { + // CIAM auth url pattern is being standardized as: .ciamlogin.com + if (authorityUri.HostNameAndPort.endsWith(Constants.CIAM_AUTH_URL)) { + return AuthorityType.Ciam; + } + const pathSegments = authorityUri.PathSegments; + if (pathSegments.length) { + switch (pathSegments[0].toLowerCase()) { + case Constants.ADFS: + return AuthorityType.Adfs; + case Constants.DSTS: + return AuthorityType.Dsts; + } + } + return AuthorityType.Default; + } + // See above for AuthorityType + get authorityType() { + return this.getAuthorityType(this.canonicalAuthorityUrlComponents); + } + /** + * ProtocolMode enum representing the way endpoints are constructed. + */ + get protocolMode() { + return this.authorityOptions.protocolMode; + } + /** + * Returns authorityOptions which can be used to reinstantiate a new authority instance + */ + get options() { + return this.authorityOptions; + } + /** + * A URL that is the authority set by the developer + */ + get canonicalAuthority() { + return this._canonicalAuthority.urlString; + } + /** + * Sets canonical authority. + */ + set canonicalAuthority(url) { + this._canonicalAuthority = new UrlString(url); + this._canonicalAuthority.validateAsUri(); + this._canonicalAuthorityUrlComponents = null; + } + /** + * Get authority components. + */ + get canonicalAuthorityUrlComponents() { + if (!this._canonicalAuthorityUrlComponents) { + this._canonicalAuthorityUrlComponents = + this._canonicalAuthority.getUrlComponents(); + } + return this._canonicalAuthorityUrlComponents; + } + /** + * Get hostname and port i.e. login.microsoftonline.com + */ + get hostnameAndPort() { + return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase(); + } + /** + * Get tenant for authority. + */ + get tenant() { + return this.canonicalAuthorityUrlComponents.PathSegments[0]; + } + /** + * OAuth /authorize endpoint for requests + */ + get authorizationEndpoint() { + if (this.discoveryComplete()) { + return this.replacePath(this.metadata.authorization_endpoint); + } + else { + throw createClientAuthError(endpointResolutionError); + } + } + /** + * OAuth /token endpoint for requests + */ + get tokenEndpoint() { + if (this.discoveryComplete()) { + return this.replacePath(this.metadata.token_endpoint); + } + else { + throw createClientAuthError(endpointResolutionError); + } + } + get deviceCodeEndpoint() { + if (this.discoveryComplete()) { + return this.replacePath(this.metadata.token_endpoint.replace("/token", "/devicecode")); + } + else { + throw createClientAuthError(endpointResolutionError); + } + } + /** + * OAuth logout endpoint for requests + */ + get endSessionEndpoint() { + if (this.discoveryComplete()) { + // ROPC policies may not have end_session_endpoint set + if (!this.metadata.end_session_endpoint) { + throw createClientAuthError(endSessionEndpointNotSupported); + } + return this.replacePath(this.metadata.end_session_endpoint); + } + else { + throw createClientAuthError(endpointResolutionError); + } + } + /** + * OAuth issuer for requests + */ + get selfSignedJwtAudience() { + if (this.discoveryComplete()) { + return this.replacePath(this.metadata.issuer); + } + else { + throw createClientAuthError(endpointResolutionError); + } + } + /** + * Jwks_uri for token signing keys + */ + get jwksUri() { + if (this.discoveryComplete()) { + return this.replacePath(this.metadata.jwks_uri); + } + else { + throw createClientAuthError(endpointResolutionError); + } + } + /** + * Returns a flag indicating that tenant name can be replaced in authority {@link IUri} + * @param authorityUri {@link IUri} + * @private + */ + canReplaceTenant(authorityUri) { + return (authorityUri.PathSegments.length === 1 && + !Authority.reservedTenantDomains.has(authorityUri.PathSegments[0]) && + this.getAuthorityType(authorityUri) === AuthorityType.Default && + this.protocolMode === ProtocolMode.AAD); + } + /** + * Replaces tenant in url path with current tenant. Defaults to common. + * @param urlString + */ + replaceTenant(urlString) { + return urlString.replace(/{tenant}|{tenantid}/g, this.tenant); + } + /** + * Replaces path such as tenant or policy with the current tenant or policy. + * @param urlString + */ + replacePath(urlString) { + let endpoint = urlString; + const cachedAuthorityUrl = new UrlString(this.metadata.canonical_authority); + const cachedAuthorityUrlComponents = cachedAuthorityUrl.getUrlComponents(); + const cachedAuthorityParts = cachedAuthorityUrlComponents.PathSegments; + const currentAuthorityParts = this.canonicalAuthorityUrlComponents.PathSegments; + currentAuthorityParts.forEach((currentPart, index) => { + let cachedPart = cachedAuthorityParts[index]; + if (index === 0 && + this.canReplaceTenant(cachedAuthorityUrlComponents)) { + const tenantId = new UrlString(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0]; + /** + * Check if AAD canonical authority contains tenant domain name, for example "testdomain.onmicrosoft.com", + * by comparing its first path segment to the corresponding authorization endpoint path segment, which is + * always resolved with tenant id by OIDC. + */ + if (cachedPart !== tenantId) { + this.logger.verbose(`Replacing tenant domain name ${cachedPart} with id ${tenantId}`); + cachedPart = tenantId; + } + } + if (currentPart !== cachedPart) { + endpoint = endpoint.replace(`/${cachedPart}/`, `/${currentPart}/`); + } + }); + return this.replaceTenant(endpoint); + } + /** + * The default open id configuration endpoint for any canonical authority. + */ + get defaultOpenIdConfigurationEndpoint() { + const canonicalAuthorityHost = this.hostnameAndPort; + if (this.canonicalAuthority.endsWith("v2.0/") || + this.authorityType === AuthorityType.Adfs || + (this.protocolMode !== ProtocolMode.AAD && + !this.isAliasOfKnownMicrosoftAuthority(canonicalAuthorityHost))) { + return `${this.canonicalAuthority}.well-known/openid-configuration`; + } + return `${this.canonicalAuthority}v2.0/.well-known/openid-configuration`; + } + /** + * Boolean that returns whether or not tenant discovery has been completed. + */ + discoveryComplete() { + return !!this.metadata; + } + /** + * Perform endpoint discovery to discover aliases, preferred_cache, preferred_network + * and the /authorize, /token and logout endpoints. + */ + async resolveEndpointsAsync() { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityResolveEndpointsAsync, this.correlationId); + const metadataEntity = this.getCurrentMetadataEntity(); + const cloudDiscoverySource = await invokeAsync(this.updateCloudDiscoveryMetadata.bind(this), PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity); + this.canonicalAuthority = this.canonicalAuthority.replace(this.hostnameAndPort, metadataEntity.preferred_network); + const endpointSource = await invokeAsync(this.updateEndpointMetadata.bind(this), PerformanceEvents.AuthorityUpdateEndpointMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity); + this.updateCachedMetadata(metadataEntity, cloudDiscoverySource, { + source: endpointSource, + }); + this.performanceClient?.addFields({ + cloudDiscoverySource: cloudDiscoverySource, + authorityEndpointSource: endpointSource, + }, this.correlationId); + } + /** + * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built + * from the configured canonical authority + * @returns + */ + getCurrentMetadataEntity() { + let metadataEntity = this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort); + if (!metadataEntity) { + metadataEntity = { + aliases: [], + preferred_cache: this.hostnameAndPort, + preferred_network: this.hostnameAndPort, + canonical_authority: this.canonicalAuthority, + authorization_endpoint: "", + token_endpoint: "", + end_session_endpoint: "", + issuer: "", + aliasesFromNetwork: false, + endpointsFromNetwork: false, + expiresAt: generateAuthorityMetadataExpiresAt(), + jwks_uri: "", + }; + } + return metadataEntity; + } + /** + * Updates cached metadata based on metadata source and sets the instance's metadata + * property to the same value + * @param metadataEntity + * @param cloudDiscoverySource + * @param endpointMetadataResult + */ + updateCachedMetadata(metadataEntity, cloudDiscoverySource, endpointMetadataResult) { + if (cloudDiscoverySource !== AuthorityMetadataSource.CACHE && + endpointMetadataResult?.source !== AuthorityMetadataSource.CACHE) { + // Reset the expiration time unless both values came from a successful cache lookup + metadataEntity.expiresAt = + generateAuthorityMetadataExpiresAt(); + metadataEntity.canonical_authority = this.canonicalAuthority; + } + const cacheKey = this.cacheManager.generateAuthorityMetadataCacheKey(metadataEntity.preferred_cache); + this.cacheManager.setAuthorityMetadata(cacheKey, metadataEntity); + this.metadata = metadataEntity; + } + /** + * Update AuthorityMetadataEntity with new endpoints and return where the information came from + * @param metadataEntity + */ + async updateEndpointMetadata(metadataEntity) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateEndpointMetadata, this.correlationId); + const localMetadata = this.updateEndpointMetadataFromLocalSources(metadataEntity); + // Further update may be required for hardcoded metadata if regional metadata is preferred + if (localMetadata) { + if (localMetadata.source === + AuthorityMetadataSource.HARDCODED_VALUES) { + // If the user prefers to use an azure region replace the global endpoints with regional information. + if (this.authorityOptions.azureRegionConfiguration?.azureRegion) { + if (localMetadata.metadata) { + const hardcodedMetadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(localMetadata.metadata); + updateAuthorityEndpointMetadata(metadataEntity, hardcodedMetadata, false); + metadataEntity.canonical_authority = + this.canonicalAuthority; + } + } + } + return localMetadata.source; + } + // Get metadata from network if local sources aren't available + let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)(); + if (metadata) { + // If the user prefers to use an azure region replace the global endpoints with regional information. + if (this.authorityOptions.azureRegionConfiguration?.azureRegion) { + metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata); + } + updateAuthorityEndpointMetadata(metadataEntity, metadata, true); + return AuthorityMetadataSource.NETWORK; + } + else { + // Metadata could not be obtained from the config, cache, network or hardcoded values + throw createClientAuthError(openIdConfigError, this.defaultOpenIdConfigurationEndpoint); + } + } + /** + * Updates endpoint metadata from local sources and returns where the information was retrieved from and the metadata config + * response if the source is hardcoded metadata + * @param metadataEntity + * @returns + */ + updateEndpointMetadataFromLocalSources(metadataEntity) { + this.logger.verbose("Attempting to get endpoint metadata from authority configuration"); + const configMetadata = this.getEndpointMetadataFromConfig(); + if (configMetadata) { + this.logger.verbose("Found endpoint metadata in authority configuration"); + updateAuthorityEndpointMetadata(metadataEntity, configMetadata, false); + return { + source: AuthorityMetadataSource.CONFIG, + }; + } + this.logger.verbose("Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values."); + // skipAuthorityMetadataCache is used to bypass hardcoded authority metadata and force a network metadata cache lookup and network metadata request if no cached response is available. + if (this.authorityOptions.skipAuthorityMetadataCache) { + this.logger.verbose("Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache."); + } + else { + const hardcodedMetadata = this.getEndpointMetadataFromHardcodedValues(); + if (hardcodedMetadata) { + updateAuthorityEndpointMetadata(metadataEntity, hardcodedMetadata, false); + return { + source: AuthorityMetadataSource.HARDCODED_VALUES, + metadata: hardcodedMetadata, + }; + } + else { + this.logger.verbose("Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache."); + } + } + // Check cached metadata entity expiration status + const metadataEntityExpired = isAuthorityMetadataExpired(metadataEntity); + if (this.isAuthoritySameType(metadataEntity) && + metadataEntity.endpointsFromNetwork && + !metadataEntityExpired) { + // No need to update + this.logger.verbose("Found endpoint metadata in the cache."); + return { source: AuthorityMetadataSource.CACHE }; + } + else if (metadataEntityExpired) { + this.logger.verbose("The metadata entity is expired."); + } + return null; + } + /** + * Compares the number of url components after the domain to determine if the cached + * authority metadata can be used for the requested authority. Protects against same domain different + * authority such as login.microsoftonline.com/tenant and login.microsoftonline.com/tfp/tenant/policy + * @param metadataEntity + */ + isAuthoritySameType(metadataEntity) { + const cachedAuthorityUrl = new UrlString(metadataEntity.canonical_authority); + const cachedParts = cachedAuthorityUrl.getUrlComponents().PathSegments; + return (cachedParts.length === + this.canonicalAuthorityUrlComponents.PathSegments.length); + } + /** + * Parse authorityMetadata config option + */ + getEndpointMetadataFromConfig() { + if (this.authorityOptions.authorityMetadata) { + try { + return JSON.parse(this.authorityOptions.authorityMetadata); + } + catch (e) { + throw createClientConfigurationError(invalidAuthorityMetadata); + } + } + return null; + } + /** + * Gets OAuth endpoints from the given OpenID configuration endpoint. + * + * @param hasHardcodedMetadata boolean + */ + async getEndpointMetadataFromNetwork() { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, this.correlationId); + const options = {}; + /* + * TODO: Add a timeout if the authority exists in our library's + * hardcoded list of metadata + */ + const openIdConfigurationEndpoint = this.defaultOpenIdConfigurationEndpoint; + this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${openIdConfigurationEndpoint}`); + try { + const response = await this.networkInterface.sendGetRequestAsync(openIdConfigurationEndpoint, options); + const isValidResponse = isOpenIdConfigResponse(response.body); + if (isValidResponse) { + return response.body; + } + else { + this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration`); + return null; + } + } + catch (e) { + this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${e}`); + return null; + } + } + /** + * Get OAuth endpoints for common authorities. + */ + getEndpointMetadataFromHardcodedValues() { + if (this.hostnameAndPort in EndpointMetadata) { + return EndpointMetadata[this.hostnameAndPort]; + } + return null; + } + /** + * Update the retrieved metadata with regional information. + * User selected Azure region will be used if configured. + */ + async updateMetadataWithRegionalInformation(metadata) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.correlationId); + const userConfiguredAzureRegion = this.authorityOptions.azureRegionConfiguration?.azureRegion; + if (userConfiguredAzureRegion) { + if (userConfiguredAzureRegion !== + Constants.AZURE_REGION_AUTO_DISCOVER_FLAG) { + this.regionDiscoveryMetadata.region_outcome = + RegionDiscoveryOutcomes.CONFIGURED_NO_AUTO_DETECTION; + this.regionDiscoveryMetadata.region_used = + userConfiguredAzureRegion; + return Authority.replaceWithRegionalInformation(metadata, userConfiguredAzureRegion); + } + const autodetectedRegionName = await invokeAsync(this.regionDiscovery.detectRegion.bind(this.regionDiscovery), PerformanceEvents.RegionDiscoveryDetectRegion, this.logger, this.performanceClient, this.correlationId)(this.authorityOptions.azureRegionConfiguration + ?.environmentRegion, this.regionDiscoveryMetadata); + if (autodetectedRegionName) { + this.regionDiscoveryMetadata.region_outcome = + RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_SUCCESSFUL; + this.regionDiscoveryMetadata.region_used = + autodetectedRegionName; + return Authority.replaceWithRegionalInformation(metadata, autodetectedRegionName); + } + this.regionDiscoveryMetadata.region_outcome = + RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_FAILED; + } + return metadata; + } + /** + * Updates the AuthorityMetadataEntity with new aliases, preferred_network and preferred_cache + * and returns where the information was retrieved from + * @param metadataEntity + * @returns AuthorityMetadataSource + */ + async updateCloudDiscoveryMetadata(metadataEntity) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, this.correlationId); + const localMetadataSource = this.updateCloudDiscoveryMetadataFromLocalSources(metadataEntity); + if (localMetadataSource) { + return localMetadataSource; + } + // Fallback to network as metadata source + const metadata = await invokeAsync(this.getCloudDiscoveryMetadataFromNetwork.bind(this), PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)(); + if (metadata) { + updateCloudDiscoveryMetadata(metadataEntity, metadata, true); + return AuthorityMetadataSource.NETWORK; + } + // Metadata could not be obtained from the config, cache, network or hardcoded values + throw createClientConfigurationError(untrustedAuthority); + } + updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) { + this.logger.verbose("Attempting to get cloud discovery metadata from authority configuration"); + this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities || + Constants.NOT_APPLICABLE}`); + this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata || + Constants.NOT_APPLICABLE}`); + this.logger.verbosePii(`Canonical Authority: ${metadataEntity.canonical_authority || Constants.NOT_APPLICABLE}`); + const metadata = this.getCloudDiscoveryMetadataFromConfig(); + if (metadata) { + this.logger.verbose("Found cloud discovery metadata in authority configuration"); + updateCloudDiscoveryMetadata(metadataEntity, metadata, false); + return AuthorityMetadataSource.CONFIG; + } + // If the cached metadata came from config but that config was not passed to this instance, we must go to hardcoded values + this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values."); + if (this.options.skipAuthorityMetadataCache) { + this.logger.verbose("Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache."); + } + else { + const hardcodedMetadata = getCloudDiscoveryMetadataFromHardcodedValues(this.hostnameAndPort); + if (hardcodedMetadata) { + this.logger.verbose("Found cloud discovery metadata from hardcoded values."); + updateCloudDiscoveryMetadata(metadataEntity, hardcodedMetadata, false); + return AuthorityMetadataSource.HARDCODED_VALUES; + } + this.logger.verbose("Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache."); + } + const metadataEntityExpired = isAuthorityMetadataExpired(metadataEntity); + if (this.isAuthoritySameType(metadataEntity) && + metadataEntity.aliasesFromNetwork && + !metadataEntityExpired) { + this.logger.verbose("Found cloud discovery metadata in the cache."); + // No need to update + return AuthorityMetadataSource.CACHE; + } + else if (metadataEntityExpired) { + this.logger.verbose("The metadata entity is expired."); + } + return null; + } + /** + * Parse cloudDiscoveryMetadata config or check knownAuthorities + */ + getCloudDiscoveryMetadataFromConfig() { + // CIAM does not support cloud discovery metadata + if (this.authorityType === AuthorityType.Ciam) { + this.logger.verbose("CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host."); + return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort); + } + // Check if network response was provided in config + if (this.authorityOptions.cloudDiscoveryMetadata) { + this.logger.verbose("The cloud discovery metadata has been provided as a network response, in the config."); + try { + this.logger.verbose("Attempting to parse the cloud discovery metadata."); + const parsedResponse = JSON.parse(this.authorityOptions.cloudDiscoveryMetadata); + const metadata = getCloudDiscoveryMetadataFromNetworkResponse(parsedResponse.metadata, this.hostnameAndPort); + this.logger.verbose("Parsed the cloud discovery metadata."); + if (metadata) { + this.logger.verbose("There is returnable metadata attached to the parsed cloud discovery metadata."); + return metadata; + } + else { + this.logger.verbose("There is no metadata attached to the parsed cloud discovery metadata."); + } + } + catch (e) { + this.logger.verbose("Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error."); + throw createClientConfigurationError(invalidCloudDiscoveryMetadata); + } + } + // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities + if (this.isInKnownAuthorities()) { + this.logger.verbose("The host is included in knownAuthorities. Creating new cloud discovery metadata from the host."); + return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort); + } + return null; + } + /** + * Called to get metadata from network if CloudDiscoveryMetadata was not populated by config + * + * @param hasHardcodedMetadata boolean + */ + async getCloudDiscoveryMetadataFromNetwork() { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, this.correlationId); + const instanceDiscoveryEndpoint = `${Constants.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`; + const options = {}; + /* + * TODO: Add a timeout if the authority exists in our library's + * hardcoded list of metadata + */ + let match = null; + try { + const response = await this.networkInterface.sendGetRequestAsync(instanceDiscoveryEndpoint, options); + let typedResponseBody; + let metadata; + if (isCloudInstanceDiscoveryResponse(response.body)) { + typedResponseBody = + response.body; + metadata = typedResponseBody.metadata; + this.logger.verbosePii(`tenant_discovery_endpoint is: ${typedResponseBody.tenant_discovery_endpoint}`); + } + else if (isCloudInstanceDiscoveryErrorResponse(response.body)) { + this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${response.status}`); + typedResponseBody = + response.body; + if (typedResponseBody.error === Constants.INVALID_INSTANCE) { + this.logger.error("The CloudInstanceDiscoveryErrorResponse error is invalid_instance."); + return null; + } + this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is ${typedResponseBody.error}`); + this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is ${typedResponseBody.error_description}`); + this.logger.warning("Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []"); + metadata = []; + } + else { + this.logger.error("AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse"); + return null; + } + this.logger.verbose("Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request."); + match = getCloudDiscoveryMetadataFromNetworkResponse(metadata, this.hostnameAndPort); + } + catch (error) { + if (error instanceof AuthError) { + this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.\nError: ${error.errorCode}\nError Description: ${error.errorMessage}`); + } + else { + const typedError = error; + this.logger.error(`A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.\nError: ${typedError.name}\nError Description: ${typedError.message}`); + } + return null; + } + // Custom Domain scenario, host is trusted because Instance Discovery call succeeded + if (!match) { + this.logger.warning("The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request."); + this.logger.verbose("Creating custom Authority for custom domain scenario."); + match = Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort); + } + return match; + } + /** + * Helper function to determine if this host is included in the knownAuthorities config option + */ + isInKnownAuthorities() { + const matches = this.authorityOptions.knownAuthorities.filter((authority) => { + return (authority && + UrlString.getDomainFromUrl(authority).toLowerCase() === + this.hostnameAndPort); + }); + return matches.length > 0; + } + /** + * helper function to populate the authority based on azureCloudOptions + * @param authorityString + * @param azureCloudOptions + */ + static generateAuthority(authorityString, azureCloudOptions) { + let authorityAzureCloudInstance; + if (azureCloudOptions && + azureCloudOptions.azureCloudInstance !== AzureCloudInstance.None) { + const tenant = azureCloudOptions.tenant + ? azureCloudOptions.tenant + : Constants.DEFAULT_COMMON_TENANT; + authorityAzureCloudInstance = `${azureCloudOptions.azureCloudInstance}/${tenant}/`; + } + return authorityAzureCloudInstance + ? authorityAzureCloudInstance + : authorityString; + } + /** + * Creates cloud discovery metadata object from a given host + * @param host + */ + static createCloudDiscoveryMetadataFromHost(host) { + return { + preferred_network: host, + preferred_cache: host, + aliases: [host], + }; + } + /** + * helper function to generate environment from authority object + */ + getPreferredCache() { + if (this.managedIdentity) { + return Constants.DEFAULT_AUTHORITY_HOST; + } + else if (this.discoveryComplete()) { + return this.metadata.preferred_cache; + } + else { + throw createClientAuthError(endpointResolutionError); + } + } + /** + * Returns whether or not the provided host is an alias of this authority instance + * @param host + */ + isAlias(host) { + return this.metadata.aliases.indexOf(host) > -1; + } + /** + * Returns whether or not the provided host is an alias of a known Microsoft authority for purposes of endpoint discovery + * @param host + */ + isAliasOfKnownMicrosoftAuthority(host) { + return InstanceDiscoveryMetadataAliases.has(host); + } + /** + * Checks whether the provided host is that of a public cloud authority + * + * @param authority string + * @returns bool + */ + static isPublicCloudAuthority(host) { + return Constants.KNOWN_PUBLIC_CLOUDS.indexOf(host) >= 0; + } + /** + * Rebuild the authority string with the region + * + * @param host string + * @param region string + */ + static buildRegionalAuthorityString(host, region, queryString) { + // Create and validate a Url string object with the initial authority string + const authorityUrlInstance = new UrlString(host); + authorityUrlInstance.validateAsUri(); + const authorityUrlParts = authorityUrlInstance.getUrlComponents(); + let hostNameAndPort = `${region}.${authorityUrlParts.HostNameAndPort}`; + if (this.isPublicCloudAuthority(authorityUrlParts.HostNameAndPort)) { + hostNameAndPort = `${region}.${Constants.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`; + } + // Include the query string portion of the url + const url = UrlString.constructAuthorityUriFromObject({ + ...authorityUrlInstance.getUrlComponents(), + HostNameAndPort: hostNameAndPort, + }).urlString; + // Add the query string if a query string was provided + if (queryString) + return `${url}?${queryString}`; + return url; + } + /** + * Replace the endpoints in the metadata object with their regional equivalents. + * + * @param metadata OpenIdConfigResponse + * @param azureRegion string + */ + static replaceWithRegionalInformation(metadata, azureRegion) { + const regionalMetadata = { ...metadata }; + regionalMetadata.authorization_endpoint = + Authority.buildRegionalAuthorityString(regionalMetadata.authorization_endpoint, azureRegion); + regionalMetadata.token_endpoint = + Authority.buildRegionalAuthorityString(regionalMetadata.token_endpoint, azureRegion); + if (regionalMetadata.end_session_endpoint) { + regionalMetadata.end_session_endpoint = + Authority.buildRegionalAuthorityString(regionalMetadata.end_session_endpoint, azureRegion); + } + return regionalMetadata; + } + /** + * Transform CIAM_AUTHORIY as per the below rules: + * If no path segments found and it is a CIAM authority (hostname ends with .ciamlogin.com), then transform it + * + * NOTE: The transformation path should go away once STS supports CIAM with the format: `tenantIdorDomain.ciamlogin.com` + * `ciamlogin.com` can also change in the future and we should accommodate the same + * + * @param authority + */ + static transformCIAMAuthority(authority) { + let ciamAuthority = authority; + const authorityUrl = new UrlString(authority); + const authorityUrlComponents = authorityUrl.getUrlComponents(); + // check if transformation is needed + if (authorityUrlComponents.PathSegments.length === 0 && + authorityUrlComponents.HostNameAndPort.endsWith(Constants.CIAM_AUTH_URL)) { + const tenantIdOrDomain = authorityUrlComponents.HostNameAndPort.split(".")[0]; + ciamAuthority = `${ciamAuthority}${tenantIdOrDomain}${Constants.AAD_TENANT_DOMAIN_SUFFIX}`; + } + return ciamAuthority; + } +} +// Reserved tenant domain names that will not be replaced with tenant id +Authority.reservedTenantDomains = new Set([ + "{tenant}", + "{tenantid}", + AADAuthorityConstants.COMMON, + AADAuthorityConstants.CONSUMERS, + AADAuthorityConstants.ORGANIZATIONS, +]); +/** + * Extract tenantId from authority + */ +function getTenantFromAuthorityString(authority) { + const authorityUrl = new UrlString(authority); + const authorityUrlComponents = authorityUrl.getUrlComponents(); + /** + * For credential matching purposes, tenantId is the last path segment of the authority URL: + * AAD Authority - domain/tenantId -> Credentials are cached with realm = tenantId + * B2C Authority - domain/{tenantId}?/.../policy -> Credentials are cached with realm = policy + * tenantId is downcased because B2C policies can have mixed case but tfp claim is downcased + * + * Note that we may not have any path segments in certain OIDC scenarios. + */ + const tenantId = authorityUrlComponents.PathSegments.slice(-1)[0]?.toLowerCase(); + switch (tenantId) { + case AADAuthorityConstants.COMMON: + case AADAuthorityConstants.ORGANIZATIONS: + case AADAuthorityConstants.CONSUMERS: + return undefined; + default: + return tenantId; + } +} +function formatAuthorityUri(authorityUri) { + return authorityUri.endsWith(Constants.FORWARD_SLASH) + ? authorityUri + : `${authorityUri}${Constants.FORWARD_SLASH}`; +} +function buildStaticAuthorityOptions(authOptions) { + const rawCloudDiscoveryMetadata = authOptions.cloudDiscoveryMetadata; + let cloudDiscoveryMetadata = undefined; + if (rawCloudDiscoveryMetadata) { + try { + cloudDiscoveryMetadata = JSON.parse(rawCloudDiscoveryMetadata); + } + catch (e) { + throw createClientConfigurationError(invalidCloudDiscoveryMetadata); + } + } + return { + canonicalAuthority: authOptions.authority + ? formatAuthorityUri(authOptions.authority) + : undefined, + knownAuthorities: authOptions.knownAuthorities, + cloudDiscoveryMetadata: cloudDiscoveryMetadata, + }; +} +//# sourceMappingURL=Authority.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/InteractionRequiredAuthErrorCodes.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +// Codes defined by MSAL +const noTokensFound = "no_tokens_found"; +const nativeAccountUnavailable = "native_account_unavailable"; +const refreshTokenExpired = "refresh_token_expired"; +// Codes potentially returned by server +const interactionRequired = "interaction_required"; +const consentRequired = "consent_required"; +const loginRequired = "login_required"; +const badToken = "bad_token"; +//# sourceMappingURL=InteractionRequiredAuthErrorCodes.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class NativeMessageHandler { - constructor(logger, handshakeTimeoutMs, performanceClient, extensionId) { - this.logger = logger; - this.handshakeTimeoutMs = handshakeTimeoutMs; - this.extensionId = extensionId; - this.resolvers = new Map(); // Used for non-handshake messages - this.handshakeResolvers = new Map(); // Used for handshake messages - this.messageChannel = new MessageChannel(); - this.windowListener = this.onWindowMessage.bind(this); // Window event callback doesn't have access to 'this' unless it's bound - this.performanceClient = performanceClient; - this.handshakeEvent = performanceClient.startMeasurement(PerformanceEvents.NativeMessageHandlerHandshake); - } - /** - * Sends a given message to the extension and resolves with the extension response - * @param body - */ - async sendMessage(body) { - this.logger.trace("NativeMessageHandler - sendMessage called."); - const req = { - channel: NativeConstants.CHANNEL_ID, - extensionId: this.extensionId, - responseId: BrowserCrypto_createNewGuid(), - body: body, - }; - this.logger.trace("NativeMessageHandler - Sending request to browser extension"); - this.logger.tracePii(`NativeMessageHandler - Sending request to browser extension: ${JSON.stringify(req)}`); - this.messageChannel.port1.postMessage(req); - return new Promise((resolve, reject) => { - this.resolvers.set(req.responseId, { resolve, reject }); - }); - } - /** - * Returns an instance of the MessageHandler that has successfully established a connection with an extension - * @param {Logger} logger - * @param {number} handshakeTimeoutMs - * @param {IPerformanceClient} performanceClient - * @param {ICrypto} crypto - */ - static async createProvider(logger, handshakeTimeoutMs, performanceClient) { - logger.trace("NativeMessageHandler - createProvider called."); - try { - const preferredProvider = new NativeMessageHandler(logger, handshakeTimeoutMs, performanceClient, NativeConstants.PREFERRED_EXTENSION_ID); - await preferredProvider.sendHandshakeRequest(); - return preferredProvider; - } - catch (e) { - // If preferred extension fails for whatever reason, fallback to using any installed extension - const backupProvider = new NativeMessageHandler(logger, handshakeTimeoutMs, performanceClient); - await backupProvider.sendHandshakeRequest(); - return backupProvider; - } - } - /** - * Send handshake request helper. - */ - async sendHandshakeRequest() { - this.logger.trace("NativeMessageHandler - sendHandshakeRequest called."); - // Register this event listener before sending handshake - window.addEventListener("message", this.windowListener, false); // false is important, because content script message processing should work first - const req = { - channel: NativeConstants.CHANNEL_ID, - extensionId: this.extensionId, - responseId: BrowserCrypto_createNewGuid(), - body: { - method: NativeExtensionMethod.HandshakeRequest, - }, - }; - this.handshakeEvent.add({ - extensionId: this.extensionId, - extensionHandshakeTimeoutMs: this.handshakeTimeoutMs, - }); - this.messageChannel.port1.onmessage = (event) => { - this.onChannelMessage(event); - }; - window.postMessage(req, window.origin, [this.messageChannel.port2]); - return new Promise((resolve, reject) => { - this.handshakeResolvers.set(req.responseId, { resolve, reject }); - this.timeoutId = window.setTimeout(() => { - /* - * Throw an error if neither HandshakeResponse nor original Handshake request are received in a reasonable timeframe. - * This typically suggests an event handler stopped propagation of the Handshake request but did not respond to it on the MessageChannel port - */ - window.removeEventListener("message", this.windowListener, false); - this.messageChannel.port1.close(); - this.messageChannel.port2.close(); - this.handshakeEvent.end({ - extensionHandshakeTimedOut: true, - success: false, - }); - reject(createBrowserAuthError(nativeHandshakeTimeout)); - this.handshakeResolvers.delete(req.responseId); - }, this.handshakeTimeoutMs); // Use a reasonable timeout in milliseconds here - }); - } - /** - * Invoked when a message is posted to the window. If a handshake request is received it means the extension is not installed. - * @param event - */ - onWindowMessage(event) { - this.logger.trace("NativeMessageHandler - onWindowMessage called"); - // We only accept messages from ourselves - if (event.source !== window) { - return; - } - const request = event.data; - if (!request.channel || - request.channel !== NativeConstants.CHANNEL_ID) { - return; - } - if (request.extensionId && request.extensionId !== this.extensionId) { - return; - } - if (request.body.method === NativeExtensionMethod.HandshakeRequest) { - const handshakeResolver = this.handshakeResolvers.get(request.responseId); - /* - * Filter out responses with no matched resolvers sooner to keep channel ports open while waiting for - * the proper response. - */ - if (!handshakeResolver) { - this.logger.trace(`NativeMessageHandler.onWindowMessage - resolver can't be found for request ${request.responseId}`); - return; - } - // If we receive this message back it means no extension intercepted the request, meaning no extension supporting handshake protocol is installed - this.logger.verbose(request.extensionId - ? `Extension with id: ${request.extensionId} not installed` - : "No extension installed"); - clearTimeout(this.timeoutId); - this.messageChannel.port1.close(); - this.messageChannel.port2.close(); - window.removeEventListener("message", this.windowListener, false); - this.handshakeEvent.end({ - success: false, - extensionInstalled: false, - }); - handshakeResolver.reject(createBrowserAuthError(nativeExtensionNotInstalled)); - } - } - /** - * Invoked when a message is received from the extension on the MessageChannel port - * @param event - */ - onChannelMessage(event) { - this.logger.trace("NativeMessageHandler - onChannelMessage called."); - const request = event.data; - const resolver = this.resolvers.get(request.responseId); - const handshakeResolver = this.handshakeResolvers.get(request.responseId); - try { - const method = request.body.method; - if (method === NativeExtensionMethod.Response) { - if (!resolver) { - return; - } - const response = request.body.response; - this.logger.trace("NativeMessageHandler - Received response from browser extension"); - this.logger.tracePii(`NativeMessageHandler - Received response from browser extension: ${JSON.stringify(response)}`); - if (response.status !== "Success") { - resolver.reject(createNativeAuthError(response.code, response.description, response.ext)); - } - else if (response.result) { - if (response.result["code"] && - response.result["description"]) { - resolver.reject(createNativeAuthError(response.result["code"], response.result["description"], response.result["ext"])); - } - else { - resolver.resolve(response.result); - } - } - else { - throw createAuthError(unexpectedError, "Event does not contain result."); - } - this.resolvers.delete(request.responseId); - } - else if (method === NativeExtensionMethod.HandshakeResponse) { - if (!handshakeResolver) { - this.logger.trace(`NativeMessageHandler.onChannelMessage - resolver can't be found for request ${request.responseId}`); - return; - } - clearTimeout(this.timeoutId); // Clear setTimeout - window.removeEventListener("message", this.windowListener, false); // Remove 'No extension' listener - this.extensionId = request.extensionId; - this.extensionVersion = request.body.version; - this.logger.verbose(`NativeMessageHandler - Received HandshakeResponse from extension: ${this.extensionId}`); - this.handshakeEvent.end({ - extensionInstalled: true, - success: true, - }); - handshakeResolver.resolve(); - this.handshakeResolvers.delete(request.responseId); - } - // Do nothing if method is not Response or HandshakeResponse - } - catch (err) { - this.logger.error("Error parsing response from WAM Extension"); - this.logger.errorPii(`Error parsing response from WAM Extension: ${err}`); - this.logger.errorPii(`Unable to parse ${event}`); - if (resolver) { - resolver.reject(err); - } - else if (handshakeResolver) { - handshakeResolver.reject(err); - } - } - } - /** - * Returns the Id for the browser extension this handler is communicating with - * @returns - */ - getExtensionId() { - return this.extensionId; - } - /** - * Returns the version for the browser extension this handler is communicating with - * @returns - */ - getExtensionVersion() { - return this.extensionVersion; - } - /** - * Returns boolean indicating whether or not the request should attempt to use native broker - * @param logger - * @param config - * @param nativeExtensionProvider - * @param authenticationScheme - */ - static isNativeAvailable(config, logger, nativeExtensionProvider, authenticationScheme) { - logger.trace("isNativeAvailable called"); - if (!config.system.allowNativeBroker) { - logger.trace("isNativeAvailable: allowNativeBroker is not enabled, returning false"); - // Developer disabled WAM - return false; - } - if (!nativeExtensionProvider) { - logger.trace("isNativeAvailable: WAM extension provider is not initialized, returning false"); - // Extension is not available - return false; - } - if (authenticationScheme) { - switch (authenticationScheme) { - case AuthenticationScheme.BEARER: - case AuthenticationScheme.POP: - logger.trace("isNativeAvailable: authenticationScheme is supported, returning true"); - return true; - default: - logger.trace("isNativeAvailable: authenticationScheme is not supported, returning false"); - return false; - } - } - return true; - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/InteractionRequiredAuthError.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required + */ +const InteractionRequiredServerErrorMessage = [ + interactionRequired, + consentRequired, + loginRequired, + badToken, +]; +const InteractionRequiredAuthSubErrorMessage = [ + "message_only", + "additional_action", + "basic_action", + "user_password_expired", + "consent_required", + "bad_token", +]; +const InteractionRequiredAuthErrorMessages = { + [noTokensFound]: "No refresh token found in the cache. Please sign-in.", + [nativeAccountUnavailable]: "The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.", + [refreshTokenExpired]: "Refresh token has expired.", + [badToken]: "Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.", +}; +/** + * Interaction required errors defined by the SDK + * @deprecated Use InteractionRequiredAuthErrorCodes instead + */ +const InteractionRequiredAuthErrorMessage = { + noTokensFoundError: { + code: noTokensFound, + desc: InteractionRequiredAuthErrorMessages[noTokensFound], + }, + native_account_unavailable: { + code: nativeAccountUnavailable, + desc: InteractionRequiredAuthErrorMessages[nativeAccountUnavailable], + }, + bad_token: { + code: badToken, + desc: InteractionRequiredAuthErrorMessages[badToken], + }, +}; +/** + * Error thrown when user interaction is required. + */ +class InteractionRequiredAuthError extends AuthError { + constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) { + super(errorCode, errorMessage, subError); + Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype); + this.timestamp = timestamp || Constants.EMPTY_STRING; + this.traceId = traceId || Constants.EMPTY_STRING; + this.correlationId = correlationId || Constants.EMPTY_STRING; + this.claims = claims || Constants.EMPTY_STRING; + this.name = "InteractionRequiredAuthError"; + this.errorNo = errorNo; + } +} +/** + * Helper function used to determine if an error thrown by the server requires interaction to resolve + * @param errorCode + * @param errorString + * @param subError + */ +function isInteractionRequiredError(errorCode, errorString, subError) { + const isInteractionRequiredErrorCode = !!errorCode && + InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1; + const isInteractionRequiredSubError = !!subError && + InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1; + const isInteractionRequiredErrorDesc = !!errorString && + InteractionRequiredServerErrorMessage.some((irErrorCode) => { + return errorString.indexOf(irErrorCode) > -1; + }); + return (isInteractionRequiredErrorCode || + isInteractionRequiredErrorDesc || + isInteractionRequiredSubError); +} +/** + * Creates an InteractionRequiredAuthError + */ +function createInteractionRequiredAuthError(errorCode) { + return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]); } -//# sourceMappingURL=NativeMessageHandler.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_handler/InteractionHandler.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ - - +//# sourceMappingURL=InteractionRequiredAuthError.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/utils/ProtocolUtils.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Class which provides helpers for OAuth 2.0 protocol specific values + */ +class ProtocolUtils { + /** + * Appends user state with random guid, or returns random guid. + * @param userState + * @param randomGuid + */ + static setRequestState(cryptoObj, userState, meta) { + const libraryState = ProtocolUtils.generateLibraryState(cryptoObj, meta); + return userState + ? `${libraryState}${Constants.RESOURCE_DELIM}${userState}` + : libraryState; + } + /** + * Generates the state value used by the common library. + * @param randomGuid + * @param cryptoObj + */ + static generateLibraryState(cryptoObj, meta) { + if (!cryptoObj) { + throw createClientAuthError(noCryptoObject); + } + // Create a state object containing a unique id and the timestamp of the request creation + const stateObj = { + id: cryptoObj.createNewGuid(), + }; + if (meta) { + stateObj.meta = meta; + } + const stateString = JSON.stringify(stateObj); + return cryptoObj.base64Encode(stateString); + } + /** + * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user. + * @param state + * @param cryptoObj + */ + static parseRequestState(cryptoObj, state) { + if (!cryptoObj) { + throw createClientAuthError(noCryptoObject); + } + if (!state) { + throw createClientAuthError(invalidState); + } + try { + // Split the state between library state and user passed state and decode them separately + const splitState = state.split(Constants.RESOURCE_DELIM); + const libraryState = splitState[0]; + const userState = splitState.length > 1 + ? splitState.slice(1).join(Constants.RESOURCE_DELIM) + : Constants.EMPTY_STRING; + const libraryStateString = cryptoObj.base64Decode(libraryState); + const libraryStateObj = JSON.parse(libraryStateString); + return { + userRequestState: userState || Constants.EMPTY_STRING, + libraryState: libraryStateObj, + }; + } + catch (e) { + throw createClientAuthError(invalidState); + } + } +} -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Abstract class which defines operations for a browser interaction handling class. - */ -class InteractionHandler { - constructor(authCodeModule, storageImpl, authCodeRequest, logger, performanceClient) { - this.authModule = authCodeModule; - this.browserStorage = storageImpl; - this.authCodeRequest = authCodeRequest; - this.logger = logger; - this.performanceClient = performanceClient; - } - /** - * Function to handle response parameters from hash. - * @param locationHash - */ - async handleCodeResponse(response, request) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponse, request.correlationId); - let authCodeResponse; - try { - authCodeResponse = this.authModule.handleFragmentResponse(response, request.state); - } - catch (e) { - if (e instanceof ServerError && - e.subError === userCancelled) { - // Translate server error caused by user closing native prompt to corresponding first class MSAL error - throw createBrowserAuthError(userCancelled); - } - else { - throw e; - } - } - return invokeAsync(this.handleCodeResponseFromServer.bind(this), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)(authCodeResponse, request); - } - /** - * Process auth code response from AAD - * @param authCodeResponse - * @param state - * @param authority - * @param networkModule - * @returns - */ - async handleCodeResponseFromServer(authCodeResponse, request, validateNonce = true) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponseFromServer, request.correlationId); - this.logger.trace("InteractionHandler.handleCodeResponseFromServer called"); - // Assign code to request - this.authCodeRequest.code = authCodeResponse.code; - // Check for new cloud instance - if (authCodeResponse.cloud_instance_host_name) { - await invokeAsync(this.authModule.updateAuthority.bind(this.authModule), PerformanceEvents.UpdateTokenEndpointAuthority, this.logger, this.performanceClient, request.correlationId)(authCodeResponse.cloud_instance_host_name, request.correlationId); - } - // Nonce validation not needed when redirect not involved (e.g. hybrid spa, renewing token via rt) - if (validateNonce) { - // TODO: Assigning "response nonce" to "request nonce" is confusing. Refactor the function doing validation to accept request nonce directly - authCodeResponse.nonce = request.nonce || undefined; - } - authCodeResponse.state = request.state; - // Add CCS parameters if available - if (authCodeResponse.client_info) { - this.authCodeRequest.clientInfo = authCodeResponse.client_info; - } - else { - const ccsCred = this.createCcsCredentials(request); - if (ccsCred) { - this.authCodeRequest.ccsCredential = ccsCred; - } - } - // Acquire token with retrieved code. - const tokenResponse = (await invokeAsync(this.authModule.acquireToken.bind(this.authModule), PerformanceEvents.AuthClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(this.authCodeRequest, authCodeResponse)); - return tokenResponse; - } - /** - * Build ccs creds if available - */ - createCcsCredentials(request) { - if (request.account) { - return { - credential: request.account.homeAccountId, - type: CcsCredentialType.HOME_ACCOUNT_ID, - }; - } - else if (request.loginHint) { - return { - credential: request.loginHint, - type: CcsCredentialType.UPN, - }; - } - return null; - } -} +//# sourceMappingURL=ProtocolUtils.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/account/CcsCredential.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ -//# sourceMappingURL=InteractionHandler.mjs.map +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const CcsCredentialType = { + HOME_ACCOUNT_ID: "home_account_id", + UPN: "UPN", +}; -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/response/ResponseHandler.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +//# sourceMappingURL=CcsCredential.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/error/BrowserConfigurationAuthErrorCodes.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const storageNotSupported = "storage_not_supported"; +const stubbedPublicClientApplicationCalled = "stubbed_public_client_application_called"; +const inMemRedirectUnavailable = "in_mem_redirect_unavailable"; +//# sourceMappingURL=BrowserConfigurationAuthErrorCodes.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -function deserializeResponse(responseString, responseLocation, logger) { - // Deserialize hash fragment response parameters. - const serverParams = getDeserializedResponse(responseString); - if (!serverParams) { - if (!stripLeadingHashOrQuery(responseString)) { - // Hash or Query string is empty - logger.error(`The request has returned to the redirectUri but a ${responseLocation} is not present. It's likely that the ${responseLocation} has been removed or the page has been redirected by code running on the redirectUri page.`); - throw createBrowserAuthError(hashEmptyError); - } - else { - logger.error(`A ${responseLocation} is present in the iframe but it does not contain known properties. It's likely that the ${responseLocation} has been replaced by code running on the redirectUri page.`); - logger.errorPii(`The ${responseLocation} detected is: ${responseString}`); - throw createBrowserAuthError(hashDoesNotContainKnownProperties); - } - } - return serverParams; -} -/** - * Returns the interaction type that the response object belongs to - */ -function validateInteractionType(response, browserCrypto, interactionType) { - if (!response.state) { - throw createBrowserAuthError(noStateInHash); - } - const platformStateObj = extractBrowserRequestState(browserCrypto, response.state); - if (!platformStateObj) { - throw createBrowserAuthError(unableToParseState); - } - if (platformStateObj.interactionType !== interactionType) { - throw createBrowserAuthError(stateInteractionTypeMismatch); - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/error/BrowserConfigurationAuthError.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const BrowserConfigurationAuthErrorMessages = { + [storageNotSupported]: "Given storage configuration option was not supported.", + [stubbedPublicClientApplicationCalled]: "Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors", + [inMemRedirectUnavailable]: "Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true.", +}; +/** + * BrowserAuthErrorMessage class containing string constants used by error codes and messages. + * @deprecated Use BrowserAuthErrorCodes instead + */ +const BrowserConfigurationAuthErrorMessage = { + storageNotSupportedError: { + code: storageNotSupported, + desc: BrowserConfigurationAuthErrorMessages[storageNotSupported], + }, + stubPcaInstanceCalled: { + code: stubbedPublicClientApplicationCalled, + desc: BrowserConfigurationAuthErrorMessages[stubbedPublicClientApplicationCalled], + }, + inMemRedirectUnavailable: { + code: inMemRedirectUnavailable, + desc: BrowserConfigurationAuthErrorMessages[inMemRedirectUnavailable], + }, +}; +/** + * Browser library error class thrown by the MSAL.js library for SPAs + */ +class BrowserConfigurationAuthError extends AuthError { + constructor(errorCode, errorMessage) { + super(errorCode, errorMessage); + this.name = "BrowserConfigurationAuthError"; + Object.setPrototypeOf(this, BrowserConfigurationAuthError.prototype); + } +} +function createBrowserConfigurationAuthError(errorCode) { + return new BrowserConfigurationAuthError(errorCode, BrowserConfigurationAuthErrorMessages[errorCode]); } -//# sourceMappingURL=ResponseHandler.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_client/PopupClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +//# sourceMappingURL=BrowserConfigurationAuthError.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/cache/BrowserStorage.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class BrowserStorage { + constructor(cacheLocation) { + this.validateWindowStorage(cacheLocation); + this.windowStorage = window[cacheLocation]; + } + validateWindowStorage(cacheLocation) { + if ((cacheLocation !== BrowserCacheLocation.LocalStorage && + cacheLocation !== BrowserCacheLocation.SessionStorage) || + !window[cacheLocation]) { + throw createBrowserConfigurationAuthError(storageNotSupported); + } + } + getItem(key) { + return this.windowStorage.getItem(key); + } + setItem(key, value) { + this.windowStorage.setItem(key, value); + } + removeItem(key) { + this.windowStorage.removeItem(key); + } + getKeys() { + return Object.keys(this.windowStorage); + } + containsKey(key) { + return this.windowStorage.hasOwnProperty(key); + } +} +//# sourceMappingURL=BrowserStorage.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/utils/BrowserProtocolUtils.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Extracts the BrowserStateObject from the state string. + * @param browserCrypto + * @param state + */ +function extractBrowserRequestState(browserCrypto, state) { + if (!state) { + return null; + } + try { + const requestStateObj = ProtocolUtils.parseRequestState(browserCrypto, state); + return requestStateObj.libraryState.meta; + } + catch (e) { + throw createClientAuthError(invalidState); + } +} +//# sourceMappingURL=BrowserProtocolUtils.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/cache/BrowserCacheManager.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * This class implements the cache storage interface for MSAL through browser local or session storage. + * Cookies are only used if storeAuthStateInCookie is true, and are only used for + * parameters such as state and nonce, generally. + */ +class BrowserCacheManager extends CacheManager { + constructor(clientId, cacheConfig, cryptoImpl, logger, staticAuthorityOptions, performanceClient) { + super(clientId, cryptoImpl, logger, staticAuthorityOptions); + // Cookie life calculation (hours * minutes * seconds * ms) + this.COOKIE_LIFE_MULTIPLIER = 24 * 60 * 60 * 1000; + this.cacheConfig = cacheConfig; + this.logger = logger; + this.internalStorage = new MemoryStorage(); + this.browserStorage = this.setupBrowserStorage(this.cacheConfig.cacheLocation); + this.temporaryCacheStorage = this.setupTemporaryCacheStorage(this.cacheConfig.temporaryCacheLocation, this.cacheConfig.cacheLocation); + // Migrate cache entries from older versions of MSAL. + if (cacheConfig.cacheMigrationEnabled) { + this.migrateCacheEntries(); + this.createKeyMaps(); + } + this.performanceClient = performanceClient; + } + /** + * Returns a window storage class implementing the IWindowStorage interface that corresponds to the configured cacheLocation. + * @param cacheLocation + */ + setupBrowserStorage(cacheLocation) { + switch (cacheLocation) { + case BrowserCacheLocation.LocalStorage: + case BrowserCacheLocation.SessionStorage: + try { + return new BrowserStorage(cacheLocation); + } + catch (e) { + this.logger.verbose(e); + break; + } + } + this.cacheConfig.cacheLocation = BrowserCacheLocation.MemoryStorage; + return new MemoryStorage(); + } + /** + * Returns a window storage class implementing the IWindowStorage interface that corresponds to the configured temporaryCacheLocation. + * @param temporaryCacheLocation + * @param cacheLocation + */ + setupTemporaryCacheStorage(temporaryCacheLocation, cacheLocation) { + switch (cacheLocation) { + case BrowserCacheLocation.LocalStorage: + case BrowserCacheLocation.SessionStorage: + try { + // Temporary cache items will always be stored in session storage to mitigate problems caused by multiple tabs + return new BrowserStorage(temporaryCacheLocation || + BrowserCacheLocation.SessionStorage); + } + catch (e) { + this.logger.verbose(e); + return this.internalStorage; + } + case BrowserCacheLocation.MemoryStorage: + default: + return this.internalStorage; + } + } + /** + * Migrate all old cache entries to new schema. No rollback supported. + * @param storeAuthStateInCookie + */ + migrateCacheEntries() { + const idTokenKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ID_TOKEN}`; + const clientInfoKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.CLIENT_INFO}`; + const errorKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ERROR}`; + const errorDescKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ERROR_DESC}`; + const idTokenValue = this.browserStorage.getItem(idTokenKey); + const clientInfoValue = this.browserStorage.getItem(clientInfoKey); + const errorValue = this.browserStorage.getItem(errorKey); + const errorDescValue = this.browserStorage.getItem(errorDescKey); + const values = [ + idTokenValue, + clientInfoValue, + errorValue, + errorDescValue, + ]; + const keysToMigrate = [ + PersistentCacheKeys.ID_TOKEN, + PersistentCacheKeys.CLIENT_INFO, + PersistentCacheKeys.ERROR, + PersistentCacheKeys.ERROR_DESC, + ]; + keysToMigrate.forEach((cacheKey, index) => { + const value = values[index]; + if (value) { + this.setTemporaryCache(cacheKey, value, true); + } + }); + } + /** + * Searches all cache entries for MSAL accounts and creates the account key map + * This is used to migrate users from older versions of MSAL which did not create the map. + * @returns + */ + createKeyMaps() { + this.logger.trace("BrowserCacheManager - createKeyMaps called."); + const accountKeys = this.getItem(StaticCacheKeys.ACCOUNT_KEYS); + const tokenKeys = this.getItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`); + if (accountKeys && tokenKeys) { + this.logger.verbose("BrowserCacheManager:createKeyMaps - account and token key maps already exist, skipping migration."); + // Key maps already exist, no need to iterate through cache + return; + } + const allKeys = this.browserStorage.getKeys(); + allKeys.forEach((key) => { + if (this.isCredentialKey(key)) { + // Get item, parse, validate and write key to map + const value = this.getItem(key); + if (value) { + const credObj = this.validateAndParseJson(value); + if (credObj && credObj.hasOwnProperty("credentialType")) { + switch (credObj["credentialType"]) { + case CredentialType.ID_TOKEN: + if (isIdTokenEntity(credObj)) { + this.logger.trace("BrowserCacheManager:createKeyMaps - idToken found, saving key to token key map"); + this.logger.tracePii(`BrowserCacheManager:createKeyMaps - idToken with key: ${key} found, saving key to token key map`); + const idTokenEntity = credObj; + const newKey = this.updateCredentialCacheKey(key, idTokenEntity); + this.addTokenKey(newKey, CredentialType.ID_TOKEN); + return; + } + else { + this.logger.trace("BrowserCacheManager:createKeyMaps - key found matching idToken schema with value containing idToken credentialType field but value failed IdTokenEntity validation, skipping."); + this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed idToken validation on key: ${key}`); + } + break; + case CredentialType.ACCESS_TOKEN: + case CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME: + if (isAccessTokenEntity(credObj)) { + this.logger.trace("BrowserCacheManager:createKeyMaps - accessToken found, saving key to token key map"); + this.logger.tracePii(`BrowserCacheManager:createKeyMaps - accessToken with key: ${key} found, saving key to token key map`); + const accessTokenEntity = credObj; + const newKey = this.updateCredentialCacheKey(key, accessTokenEntity); + this.addTokenKey(newKey, CredentialType.ACCESS_TOKEN); + return; + } + else { + this.logger.trace("BrowserCacheManager:createKeyMaps - key found matching accessToken schema with value containing accessToken credentialType field but value failed AccessTokenEntity validation, skipping."); + this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed accessToken validation on key: ${key}`); + } + break; + case CredentialType.REFRESH_TOKEN: + if (isRefreshTokenEntity(credObj)) { + this.logger.trace("BrowserCacheManager:createKeyMaps - refreshToken found, saving key to token key map"); + this.logger.tracePii(`BrowserCacheManager:createKeyMaps - refreshToken with key: ${key} found, saving key to token key map`); + const refreshTokenEntity = credObj; + const newKey = this.updateCredentialCacheKey(key, refreshTokenEntity); + this.addTokenKey(newKey, CredentialType.REFRESH_TOKEN); + return; + } + else { + this.logger.trace("BrowserCacheManager:createKeyMaps - key found matching refreshToken schema with value containing refreshToken credentialType field but value failed RefreshTokenEntity validation, skipping."); + this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed refreshToken validation on key: ${key}`); + } + break; + // If credentialType isn't one of our predefined ones, it may not be an MSAL cache value. Ignore. + } + } + } + } + if (this.isAccountKey(key)) { + const value = this.getItem(key); + if (value) { + const accountObj = this.validateAndParseJson(value); + if (accountObj && + AccountEntity.isAccountEntity(accountObj)) { + this.logger.trace("BrowserCacheManager:createKeyMaps - account found, saving key to account key map"); + this.logger.tracePii(`BrowserCacheManager:createKeyMaps - account with key: ${key} found, saving key to account key map`); + this.addAccountKeyToMap(key); + } + } + } + }); + } + /** + * Parses passed value as JSON object, JSON.parse() will throw an error. + * @param input + */ + validateAndParseJson(jsonValue) { + try { + const parsedJson = JSON.parse(jsonValue); + /** + * There are edge cases in which JSON.parse will successfully parse a non-valid JSON object + * (e.g. JSON.parse will parse an escaped string into an unescaped string), so adding a type check + * of the parsed value is necessary in order to be certain that the string represents a valid JSON object. + * + */ + return parsedJson && typeof parsedJson === "object" + ? parsedJson + : null; + } + catch (error) { + return null; + } + } + /** + * fetches the entry from the browser storage based off the key + * @param key + */ + getItem(key) { + return this.browserStorage.getItem(key); + } + /** + * sets the entry in the browser storage + * @param key + * @param value + */ + setItem(key, value) { + this.browserStorage.setItem(key, value); + } + /** + * fetch the account entity from the platform cache + * @param accountKey + */ + getAccount(accountKey, logger) { + this.logger.trace("BrowserCacheManager.getAccount called"); + const accountEntity = this.getCachedAccountEntity(accountKey); + return this.updateOutdatedCachedAccount(accountKey, accountEntity, logger); + } + /** + * Reads account from cache, deserializes it into an account entity and returns it. + * If account is not found from the key, returns null and removes key from map. + * @param accountKey + * @returns + */ + getCachedAccountEntity(accountKey) { + const serializedAccount = this.getItem(accountKey); + if (!serializedAccount) { + this.removeAccountKeyFromMap(accountKey); + return null; + } + const parsedAccount = this.validateAndParseJson(serializedAccount); + if (!parsedAccount || !AccountEntity.isAccountEntity(parsedAccount)) { + this.removeAccountKeyFromMap(accountKey); + return null; + } + return CacheManager.toObject(new AccountEntity(), parsedAccount); + } + /** + * set account entity in the platform cache + * @param account + */ + setAccount(account) { + this.logger.trace("BrowserCacheManager.setAccount called"); + const key = account.generateAccountKey(); + this.setItem(key, JSON.stringify(account)); + this.addAccountKeyToMap(key); + } + /** + * Returns the array of account keys currently cached + * @returns + */ + getAccountKeys() { + this.logger.trace("BrowserCacheManager.getAccountKeys called"); + const accountKeys = this.getItem(StaticCacheKeys.ACCOUNT_KEYS); + if (accountKeys) { + return JSON.parse(accountKeys); + } + this.logger.verbose("BrowserCacheManager.getAccountKeys - No account keys found"); + return []; + } + /** + * Add a new account to the key map + * @param key + */ + addAccountKeyToMap(key) { + this.logger.trace("BrowserCacheManager.addAccountKeyToMap called"); + this.logger.tracePii(`BrowserCacheManager.addAccountKeyToMap called with key: ${key}`); + const accountKeys = this.getAccountKeys(); + if (accountKeys.indexOf(key) === -1) { + // Only add key if it does not already exist in the map + accountKeys.push(key); + this.setItem(StaticCacheKeys.ACCOUNT_KEYS, JSON.stringify(accountKeys)); + this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key added"); + } + else { + this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key already exists in map"); + } + } + /** + * Remove an account from the key map + * @param key + */ + removeAccountKeyFromMap(key) { + this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap called"); + this.logger.tracePii(`BrowserCacheManager.removeAccountKeyFromMap called with key: ${key}`); + const accountKeys = this.getAccountKeys(); + const removalIndex = accountKeys.indexOf(key); + if (removalIndex > -1) { + accountKeys.splice(removalIndex, 1); + this.setItem(StaticCacheKeys.ACCOUNT_KEYS, JSON.stringify(accountKeys)); + this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap account key removed"); + } + else { + this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap key not found in existing map"); + } + } + /** + * Extends inherited removeAccount function to include removal of the account key from the map + * @param key + */ + async removeAccount(key) { + void super.removeAccount(key); + this.removeAccountKeyFromMap(key); + } + /** + * Remove account entity from the platform cache if it's outdated + * @param accountKey + */ + removeOutdatedAccount(accountKey) { + this.removeItem(accountKey); + this.removeAccountKeyFromMap(accountKey); + } + /** + * Removes given idToken from the cache and from the key map + * @param key + */ + removeIdToken(key) { + super.removeIdToken(key); + this.removeTokenKey(key, CredentialType.ID_TOKEN); + } + /** + * Removes given accessToken from the cache and from the key map + * @param key + */ + async removeAccessToken(key) { + void super.removeAccessToken(key); + this.removeTokenKey(key, CredentialType.ACCESS_TOKEN); + } + /** + * Removes given refreshToken from the cache and from the key map + * @param key + */ + removeRefreshToken(key) { + super.removeRefreshToken(key); + this.removeTokenKey(key, CredentialType.REFRESH_TOKEN); + } + /** + * Gets the keys for the cached tokens associated with this clientId + * @returns + */ + getTokenKeys() { + this.logger.trace("BrowserCacheManager.getTokenKeys called"); + const item = this.getItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`); + if (item) { + const tokenKeys = this.validateAndParseJson(item); + if (tokenKeys && + tokenKeys.hasOwnProperty("idToken") && + tokenKeys.hasOwnProperty("accessToken") && + tokenKeys.hasOwnProperty("refreshToken")) { + return tokenKeys; + } + else { + this.logger.error("BrowserCacheManager.getTokenKeys - Token keys found but in an unknown format. Returning empty key map."); + } + } + else { + this.logger.verbose("BrowserCacheManager.getTokenKeys - No token keys found"); + } + return { + idToken: [], + accessToken: [], + refreshToken: [], + }; + } + /** + * Adds the given key to the token key map + * @param key + * @param type + */ + addTokenKey(key, type) { + this.logger.trace("BrowserCacheManager addTokenKey called"); + const tokenKeys = this.getTokenKeys(); + switch (type) { + case CredentialType.ID_TOKEN: + if (tokenKeys.idToken.indexOf(key) === -1) { + this.logger.info("BrowserCacheManager: addTokenKey - idToken added to map"); + tokenKeys.idToken.push(key); + } + break; + case CredentialType.ACCESS_TOKEN: + if (tokenKeys.accessToken.indexOf(key) === -1) { + this.logger.info("BrowserCacheManager: addTokenKey - accessToken added to map"); + tokenKeys.accessToken.push(key); + } + break; + case CredentialType.REFRESH_TOKEN: + if (tokenKeys.refreshToken.indexOf(key) === -1) { + this.logger.info("BrowserCacheManager: addTokenKey - refreshToken added to map"); + tokenKeys.refreshToken.push(key); + } + break; + default: + this.logger.error(`BrowserCacheManager:addTokenKey - CredentialType provided invalid. CredentialType: ${type}`); + throw createClientAuthError(unexpectedCredentialType); + } + this.setItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`, JSON.stringify(tokenKeys)); + } + /** + * Removes the given key from the token key map + * @param key + * @param type + */ + removeTokenKey(key, type) { + this.logger.trace("BrowserCacheManager removeTokenKey called"); + const tokenKeys = this.getTokenKeys(); + switch (type) { + case CredentialType.ID_TOKEN: + this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove idToken with key: ${key} from map`); + const idRemoval = tokenKeys.idToken.indexOf(key); + if (idRemoval > -1) { + this.logger.info("BrowserCacheManager: removeTokenKey - idToken removed from map"); + tokenKeys.idToken.splice(idRemoval, 1); + } + else { + this.logger.info("BrowserCacheManager: removeTokenKey - idToken does not exist in map. Either it was previously removed or it was never added."); + } + break; + case CredentialType.ACCESS_TOKEN: + this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove accessToken with key: ${key} from map`); + const accessRemoval = tokenKeys.accessToken.indexOf(key); + if (accessRemoval > -1) { + this.logger.info("BrowserCacheManager: removeTokenKey - accessToken removed from map"); + tokenKeys.accessToken.splice(accessRemoval, 1); + } + else { + this.logger.info("BrowserCacheManager: removeTokenKey - accessToken does not exist in map. Either it was previously removed or it was never added."); + } + break; + case CredentialType.REFRESH_TOKEN: + this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove refreshToken with key: ${key} from map`); + const refreshRemoval = tokenKeys.refreshToken.indexOf(key); + if (refreshRemoval > -1) { + this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken removed from map"); + tokenKeys.refreshToken.splice(refreshRemoval, 1); + } + else { + this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken does not exist in map. Either it was previously removed or it was never added."); + } + break; + default: + this.logger.error(`BrowserCacheManager:removeTokenKey - CredentialType provided invalid. CredentialType: ${type}`); + throw createClientAuthError(unexpectedCredentialType); + } + this.setItem(`${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`, JSON.stringify(tokenKeys)); + } + /** + * generates idToken entity from a string + * @param idTokenKey + */ + getIdTokenCredential(idTokenKey) { + const value = this.getItem(idTokenKey); + if (!value) { + this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"); + this.removeTokenKey(idTokenKey, CredentialType.ID_TOKEN); + return null; + } + const parsedIdToken = this.validateAndParseJson(value); + if (!parsedIdToken || !isIdTokenEntity(parsedIdToken)) { + this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"); + this.removeTokenKey(idTokenKey, CredentialType.ID_TOKEN); + return null; + } + this.logger.trace("BrowserCacheManager.getIdTokenCredential: cache hit"); + return parsedIdToken; + } + /** + * set IdToken credential to the platform cache + * @param idToken + */ + setIdTokenCredential(idToken) { + this.logger.trace("BrowserCacheManager.setIdTokenCredential called"); + const idTokenKey = generateCredentialKey(idToken); + this.setItem(idTokenKey, JSON.stringify(idToken)); + this.addTokenKey(idTokenKey, CredentialType.ID_TOKEN); + } + /** + * generates accessToken entity from a string + * @param key + */ + getAccessTokenCredential(accessTokenKey) { + const value = this.getItem(accessTokenKey); + if (!value) { + this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"); + this.removeTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN); + return null; + } + const parsedAccessToken = this.validateAndParseJson(value); + if (!parsedAccessToken || + !isAccessTokenEntity(parsedAccessToken)) { + this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"); + this.removeTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN); + return null; + } + this.logger.trace("BrowserCacheManager.getAccessTokenCredential: cache hit"); + return parsedAccessToken; + } + /** + * set accessToken credential to the platform cache + * @param accessToken + */ + setAccessTokenCredential(accessToken) { + this.logger.trace("BrowserCacheManager.setAccessTokenCredential called"); + const accessTokenKey = generateCredentialKey(accessToken); + this.setItem(accessTokenKey, JSON.stringify(accessToken)); + this.addTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN); + } + /** + * generates refreshToken entity from a string + * @param refreshTokenKey + */ + getRefreshTokenCredential(refreshTokenKey) { + const value = this.getItem(refreshTokenKey); + if (!value) { + this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"); + this.removeTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN); + return null; + } + const parsedRefreshToken = this.validateAndParseJson(value); + if (!parsedRefreshToken || + !isRefreshTokenEntity(parsedRefreshToken)) { + this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"); + this.removeTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN); + return null; + } + this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: cache hit"); + return parsedRefreshToken; + } + /** + * set refreshToken credential to the platform cache + * @param refreshToken + */ + setRefreshTokenCredential(refreshToken) { + this.logger.trace("BrowserCacheManager.setRefreshTokenCredential called"); + const refreshTokenKey = generateCredentialKey(refreshToken); + this.setItem(refreshTokenKey, JSON.stringify(refreshToken)); + this.addTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN); + } + /** + * fetch appMetadata entity from the platform cache + * @param appMetadataKey + */ + getAppMetadata(appMetadataKey) { + const value = this.getItem(appMetadataKey); + if (!value) { + this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"); + return null; + } + const parsedMetadata = this.validateAndParseJson(value); + if (!parsedMetadata || + !isAppMetadataEntity(appMetadataKey, parsedMetadata)) { + this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"); + return null; + } + this.logger.trace("BrowserCacheManager.getAppMetadata: cache hit"); + return parsedMetadata; + } + /** + * set appMetadata entity to the platform cache + * @param appMetadata + */ + setAppMetadata(appMetadata) { + this.logger.trace("BrowserCacheManager.setAppMetadata called"); + const appMetadataKey = generateAppMetadataKey(appMetadata); + this.setItem(appMetadataKey, JSON.stringify(appMetadata)); + } + /** + * fetch server telemetry entity from the platform cache + * @param serverTelemetryKey + */ + getServerTelemetry(serverTelemetryKey) { + const value = this.getItem(serverTelemetryKey); + if (!value) { + this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"); + return null; + } + const parsedEntity = this.validateAndParseJson(value); + if (!parsedEntity || + !isServerTelemetryEntity(serverTelemetryKey, parsedEntity)) { + this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"); + return null; + } + this.logger.trace("BrowserCacheManager.getServerTelemetry: cache hit"); + return parsedEntity; + } + /** + * set server telemetry entity to the platform cache + * @param serverTelemetryKey + * @param serverTelemetry + */ + setServerTelemetry(serverTelemetryKey, serverTelemetry) { + this.logger.trace("BrowserCacheManager.setServerTelemetry called"); + this.setItem(serverTelemetryKey, JSON.stringify(serverTelemetry)); + } + /** + * + */ + getAuthorityMetadata(key) { + const value = this.internalStorage.getItem(key); + if (!value) { + this.logger.trace("BrowserCacheManager.getAuthorityMetadata: called, no cache hit"); + return null; + } + const parsedMetadata = this.validateAndParseJson(value); + if (parsedMetadata && + isAuthorityMetadataEntity(key, parsedMetadata)) { + this.logger.trace("BrowserCacheManager.getAuthorityMetadata: cache hit"); + return parsedMetadata; + } + return null; + } + /** + * + */ + getAuthorityMetadataKeys() { + const allKeys = this.internalStorage.getKeys(); + return allKeys.filter((key) => { + return this.isAuthorityMetadata(key); + }); + } + /** + * Sets wrapper metadata in memory + * @param wrapperSKU + * @param wrapperVersion + */ + setWrapperMetadata(wrapperSKU, wrapperVersion) { + this.internalStorage.setItem(InMemoryCacheKeys.WRAPPER_SKU, wrapperSKU); + this.internalStorage.setItem(InMemoryCacheKeys.WRAPPER_VER, wrapperVersion); + } + /** + * Returns wrapper metadata from in-memory storage + */ + getWrapperMetadata() { + const sku = this.internalStorage.getItem(InMemoryCacheKeys.WRAPPER_SKU) || + Constants.EMPTY_STRING; + const version = this.internalStorage.getItem(InMemoryCacheKeys.WRAPPER_VER) || + Constants.EMPTY_STRING; + return [sku, version]; + } + /** + * + * @param entity + */ + setAuthorityMetadata(key, entity) { + this.logger.trace("BrowserCacheManager.setAuthorityMetadata called"); + this.internalStorage.setItem(key, JSON.stringify(entity)); + } + /** + * Gets the active account + */ + getActiveAccount() { + const activeAccountKeyFilters = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS); + const activeAccountValueFilters = this.getItem(activeAccountKeyFilters); + if (!activeAccountValueFilters) { + // if new active account cache type isn't found, it's an old version, so look for that instead + this.logger.trace("BrowserCacheManager.getActiveAccount: No active account filters cache schema found, looking for legacy schema"); + const activeAccountKeyLocal = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT); + const activeAccountValueLocal = this.getItem(activeAccountKeyLocal); + if (!activeAccountValueLocal) { + this.logger.trace("BrowserCacheManager.getActiveAccount: No active account found"); + return null; + } + const activeAccount = this.getAccountInfoFilteredBy({ + localAccountId: activeAccountValueLocal, + }); + if (activeAccount) { + this.logger.trace("BrowserCacheManager.getActiveAccount: Legacy active account cache schema found"); + this.logger.trace("BrowserCacheManager.getActiveAccount: Adding active account filters cache schema"); + this.setActiveAccount(activeAccount); + return activeAccount; + } + return null; + } + const activeAccountValueObj = this.validateAndParseJson(activeAccountValueFilters); + if (activeAccountValueObj) { + this.logger.trace("BrowserCacheManager.getActiveAccount: Active account filters schema found"); + return this.getAccountInfoFilteredBy({ + homeAccountId: activeAccountValueObj.homeAccountId, + localAccountId: activeAccountValueObj.localAccountId, + tenantId: activeAccountValueObj.tenantId, + }); + } + this.logger.trace("BrowserCacheManager.getActiveAccount: No active account found"); + return null; + } + /** + * Sets the active account's localAccountId in cache + * @param account + */ + setActiveAccount(account) { + const activeAccountKey = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS); + const activeAccountKeyLocal = this.generateCacheKey(PersistentCacheKeys.ACTIVE_ACCOUNT); + if (account) { + this.logger.verbose("setActiveAccount: Active account set"); + const activeAccountValue = { + homeAccountId: account.homeAccountId, + localAccountId: account.localAccountId, + tenantId: account.tenantId, + }; + this.browserStorage.setItem(activeAccountKey, JSON.stringify(activeAccountValue)); + this.browserStorage.setItem(activeAccountKeyLocal, account.localAccountId); + } + else { + this.logger.verbose("setActiveAccount: No account passed, active account not set"); + this.browserStorage.removeItem(activeAccountKey); + this.browserStorage.removeItem(activeAccountKeyLocal); + } + } + /** + * fetch throttling entity from the platform cache + * @param throttlingCacheKey + */ + getThrottlingCache(throttlingCacheKey) { + const value = this.getItem(throttlingCacheKey); + if (!value) { + this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"); + return null; + } + const parsedThrottlingCache = this.validateAndParseJson(value); + if (!parsedThrottlingCache || + !isThrottlingEntity(throttlingCacheKey, parsedThrottlingCache)) { + this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"); + return null; + } + this.logger.trace("BrowserCacheManager.getThrottlingCache: cache hit"); + return parsedThrottlingCache; + } + /** + * set throttling entity to the platform cache + * @param throttlingCacheKey + * @param throttlingCache + */ + setThrottlingCache(throttlingCacheKey, throttlingCache) { + this.logger.trace("BrowserCacheManager.setThrottlingCache called"); + this.setItem(throttlingCacheKey, JSON.stringify(throttlingCache)); + } + /** + * Gets cache item with given key. + * Will retrieve from cookies if storeAuthStateInCookie is set to true. + * @param key + */ + getTemporaryCache(cacheKey, generateKey) { + const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey; + if (this.cacheConfig.storeAuthStateInCookie) { + const itemCookie = this.getItemCookie(key); + if (itemCookie) { + this.logger.trace("BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies"); + return itemCookie; + } + } + const value = this.temporaryCacheStorage.getItem(key); + if (!value) { + // If temp cache item not found in session/memory, check local storage for items set by old versions + if (this.cacheConfig.cacheLocation === + BrowserCacheLocation.LocalStorage) { + const item = this.browserStorage.getItem(key); + if (item) { + this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage"); + return item; + } + } + this.logger.trace("BrowserCacheManager.getTemporaryCache: No cache item found in local storage"); + return null; + } + this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item returned"); + return value; + } + /** + * Sets the cache item with the key and value given. + * Stores in cookie if storeAuthStateInCookie is set to true. + * This can cause cookie overflow if used incorrectly. + * @param key + * @param value + */ + setTemporaryCache(cacheKey, value, generateKey) { + const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey; + this.temporaryCacheStorage.setItem(key, value); + if (this.cacheConfig.storeAuthStateInCookie) { + this.logger.trace("BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie"); + this.setItemCookie(key, value); + } + } + /** + * Removes the cache item with the given key. + * @param key + */ + removeItem(key) { + this.browserStorage.removeItem(key); + } + /** + * Removes the temporary cache item with the given key. + * Will also clear the cookie item if storeAuthStateInCookie is set to true. + * @param key + */ + removeTemporaryItem(key) { + this.temporaryCacheStorage.removeItem(key); + if (this.cacheConfig.storeAuthStateInCookie) { + this.logger.trace("BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie"); + this.clearItemCookie(key); + } + } + /** + * Gets all keys in window. + */ + getKeys() { + return this.browserStorage.getKeys(); + } + /** + * Clears all cache entries created by MSAL. + */ + async clear() { + // Removes all accounts and their credentials + await this.removeAllAccounts(); + this.removeAppMetadata(); + // Remove temp storage first to make sure any cookies are cleared + this.temporaryCacheStorage.getKeys().forEach((cacheKey) => { + if (cacheKey.indexOf(Constants.CACHE_PREFIX) !== -1 || + cacheKey.indexOf(this.clientId) !== -1) { + this.removeTemporaryItem(cacheKey); + } + }); + // Removes all remaining MSAL cache items + this.browserStorage.getKeys().forEach((cacheKey) => { + if (cacheKey.indexOf(Constants.CACHE_PREFIX) !== -1 || + cacheKey.indexOf(this.clientId) !== -1) { + this.browserStorage.removeItem(cacheKey); + } + }); + this.internalStorage.clear(); + } + /** + * Clears all access tokes that have claims prior to saving the current one + * @param performanceClient {IPerformanceClient} + * @param correlationId {string} correlation id + * @returns + */ + async clearTokensAndKeysWithClaims(performanceClient, correlationId) { + performanceClient.addQueueMeasurement(PerformanceEvents.ClearTokensAndKeysWithClaims, correlationId); + const tokenKeys = this.getTokenKeys(); + const removedAccessTokens = []; + tokenKeys.accessToken.forEach((key) => { + // if the access token has claims in its key, remove the token key and the token + const credential = this.getAccessTokenCredential(key); + if (credential?.requestedClaimsHash && + key.includes(credential.requestedClaimsHash.toLowerCase())) { + removedAccessTokens.push(this.removeAccessToken(key)); + } + }); + await Promise.all(removedAccessTokens); + // warn if any access tokens are removed + if (removedAccessTokens.length > 0) { + this.logger.warning(`${removedAccessTokens.length} access tokens with claims in the cache keys have been removed from the cache.`); + } + } + /** + * Add value to cookies + * @param cookieName + * @param cookieValue + * @param expires + * @deprecated + */ + setItemCookie(cookieName, cookieValue, expires) { + let cookieStr = `${encodeURIComponent(cookieName)}=${encodeURIComponent(cookieValue)};path=/;SameSite=Lax;`; + if (expires) { + const expireTime = this.getCookieExpirationTime(expires); + cookieStr += `expires=${expireTime};`; + } + if (this.cacheConfig.secureCookies) { + cookieStr += "Secure;"; + } + document.cookie = cookieStr; + } + /** + * Get one item by key from cookies + * @param cookieName + * @deprecated + */ + getItemCookie(cookieName) { + const name = `${encodeURIComponent(cookieName)}=`; + const cookieList = document.cookie.split(";"); + for (let i = 0; i < cookieList.length; i++) { + let cookie = cookieList[i]; + while (cookie.charAt(0) === " ") { + cookie = cookie.substring(1); + } + if (cookie.indexOf(name) === 0) { + return decodeURIComponent(cookie.substring(name.length, cookie.length)); + } + } + return Constants.EMPTY_STRING; + } + /** + * Clear all msal-related cookies currently set in the browser. Should only be used to clear temporary cache items. + * @deprecated + */ + clearMsalCookies() { + const cookiePrefix = `${Constants.CACHE_PREFIX}.${this.clientId}`; + const cookieList = document.cookie.split(";"); + cookieList.forEach((cookie) => { + while (cookie.charAt(0) === " ") { + // eslint-disable-next-line no-param-reassign + cookie = cookie.substring(1); + } + if (cookie.indexOf(cookiePrefix) === 0) { + const cookieKey = cookie.split("=")[0]; + this.clearItemCookie(cookieKey); + } + }); + } + /** + * Clear an item in the cookies by key + * @param cookieName + * @deprecated + */ + clearItemCookie(cookieName) { + this.setItemCookie(cookieName, Constants.EMPTY_STRING, -1); + } + /** + * Get cookie expiration time + * @param cookieLifeDays + * @deprecated + */ + getCookieExpirationTime(cookieLifeDays) { + const today = new Date(); + const expr = new Date(today.getTime() + cookieLifeDays * this.COOKIE_LIFE_MULTIPLIER); + return expr.toUTCString(); + } + /** + * Prepend msal. to each key; Skip for any JSON object as Key (defined schemas do not need the key appended: AccessToken Keys or the upcoming schema) + * @param key + * @param addInstanceId + */ + generateCacheKey(key) { + const generatedKey = this.validateAndParseJson(key); + if (!generatedKey) { + if (StringUtils.startsWith(key, Constants.CACHE_PREFIX) || + StringUtils.startsWith(key, PersistentCacheKeys.ADAL_ID_TOKEN)) { + return key; + } + return `${Constants.CACHE_PREFIX}.${this.clientId}.${key}`; + } + return JSON.stringify(key); + } + /** + * Create authorityKey to cache authority + * @param state + */ + generateAuthorityKey(stateString) { + const { libraryState: { id: stateId }, } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString); + return this.generateCacheKey(`${TemporaryCacheKeys.AUTHORITY}.${stateId}`); + } + /** + * Create Nonce key to cache nonce + * @param state + */ + generateNonceKey(stateString) { + const { libraryState: { id: stateId }, } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString); + return this.generateCacheKey(`${TemporaryCacheKeys.NONCE_IDTOKEN}.${stateId}`); + } + /** + * Creates full cache key for the request state + * @param stateString State string for the request + */ + generateStateKey(stateString) { + // Use the library state id to key temp storage for uniqueness for multiple concurrent requests + const { libraryState: { id: stateId }, } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString); + return this.generateCacheKey(`${TemporaryCacheKeys.REQUEST_STATE}.${stateId}`); + } + /** + * Gets the cached authority based on the cached state. Returns empty if no cached state found. + */ + getCachedAuthority(cachedState) { + const stateCacheKey = this.generateStateKey(cachedState); + const state = this.getTemporaryCache(stateCacheKey); + if (!state) { + return null; + } + const authorityCacheKey = this.generateAuthorityKey(state); + return this.getTemporaryCache(authorityCacheKey); + } + /** + * Updates account, authority, and state in cache + * @param serverAuthenticationRequest + * @param account + */ + updateCacheEntries(state, nonce, authorityInstance, loginHint, account) { + this.logger.trace("BrowserCacheManager.updateCacheEntries called"); + // Cache the request state + const stateCacheKey = this.generateStateKey(state); + this.setTemporaryCache(stateCacheKey, state, false); + // Cache the nonce + const nonceCacheKey = this.generateNonceKey(state); + this.setTemporaryCache(nonceCacheKey, nonce, false); + // Cache authorityKey + const authorityCacheKey = this.generateAuthorityKey(state); + this.setTemporaryCache(authorityCacheKey, authorityInstance, false); + if (account) { + const ccsCredential = { + credential: account.homeAccountId, + type: CcsCredentialType.HOME_ACCOUNT_ID, + }; + this.setTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, JSON.stringify(ccsCredential), true); + } + else if (loginHint) { + const ccsCredential = { + credential: loginHint, + type: CcsCredentialType.UPN, + }; + this.setTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, JSON.stringify(ccsCredential), true); + } + } + /** + * Reset all temporary cache items + * @param state + */ + resetRequestCache(state) { + this.logger.trace("BrowserCacheManager.resetRequestCache called"); + // check state and remove associated cache items + if (state) { + this.temporaryCacheStorage.getKeys().forEach((key) => { + if (key.indexOf(state) !== -1) { + this.removeTemporaryItem(key); + } + }); + // delete generic interactive request parameters + this.removeTemporaryItem(this.generateStateKey(state)); + this.removeTemporaryItem(this.generateNonceKey(state)); + this.removeTemporaryItem(this.generateAuthorityKey(state)); + } + this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.REQUEST_PARAMS)); + this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.ORIGIN_URI)); + this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.URL_HASH)); + this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.CORRELATION_ID)); + this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.CCS_CREDENTIAL)); + this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.NATIVE_REQUEST)); + this.setInteractionInProgress(false); + } + /** + * Removes temporary cache for the provided state + * @param stateString + */ + cleanRequestByState(stateString) { + this.logger.trace("BrowserCacheManager.cleanRequestByState called"); + // Interaction is completed - remove interaction status. + if (stateString) { + const stateKey = this.generateStateKey(stateString); + const cachedState = this.temporaryCacheStorage.getItem(stateKey); + this.logger.infoPii(`BrowserCacheManager.cleanRequestByState: Removing temporary cache items for state: ${cachedState}`); + this.resetRequestCache(cachedState || Constants.EMPTY_STRING); + } + this.clearMsalCookies(); + } + /** + * Looks in temporary cache for any state values with the provided interactionType and removes all temporary cache items for that state + * Used in scenarios where temp cache needs to be cleaned but state is not known, such as clicking browser back button. + * @param interactionType + */ + cleanRequestByInteractionType(interactionType) { + this.logger.trace("BrowserCacheManager.cleanRequestByInteractionType called"); + // Loop through all keys to find state key + this.temporaryCacheStorage.getKeys().forEach((key) => { + // If this key is not the state key, move on + if (key.indexOf(TemporaryCacheKeys.REQUEST_STATE) === -1) { + return; + } + // Retrieve state value, return if not a valid value + const stateValue = this.temporaryCacheStorage.getItem(key); + if (!stateValue) { + return; + } + // Extract state and ensure it matches given InteractionType, then clean request cache + const parsedState = extractBrowserRequestState(this.cryptoImpl, stateValue); + if (parsedState && + parsedState.interactionType === interactionType) { + this.logger.infoPii(`BrowserCacheManager.cleanRequestByInteractionType: Removing temporary cache items for state: ${stateValue}`); + this.resetRequestCache(stateValue); + } + }); + this.clearMsalCookies(); + this.setInteractionInProgress(false); + } + cacheCodeRequest(authCodeRequest) { + this.logger.trace("BrowserCacheManager.cacheCodeRequest called"); + const encodedValue = base64Encode(JSON.stringify(authCodeRequest)); + this.setTemporaryCache(TemporaryCacheKeys.REQUEST_PARAMS, encodedValue, true); + } + /** + * Gets the token exchange parameters from the cache. Throws an error if nothing is found. + */ + getCachedRequest(state) { + this.logger.trace("BrowserCacheManager.getCachedRequest called"); + // Get token request from cache and parse as TokenExchangeParameters. + const encodedTokenRequest = this.getTemporaryCache(TemporaryCacheKeys.REQUEST_PARAMS, true); + if (!encodedTokenRequest) { + throw createBrowserAuthError(noTokenRequestCacheError); + } + let parsedRequest; + try { + parsedRequest = JSON.parse(base64Decode(encodedTokenRequest)); + } + catch (e) { + this.logger.errorPii(`Attempted to parse: ${encodedTokenRequest}`); + this.logger.error(`Parsing cached token request threw with error: ${e}`); + throw createBrowserAuthError(unableToParseTokenRequestCacheError); + } + this.removeTemporaryItem(this.generateCacheKey(TemporaryCacheKeys.REQUEST_PARAMS)); + // Get cached authority and use if no authority is cached with request. + if (!parsedRequest.authority) { + const authorityCacheKey = this.generateAuthorityKey(state); + const cachedAuthority = this.getTemporaryCache(authorityCacheKey); + if (!cachedAuthority) { + throw createBrowserAuthError(noCachedAuthorityError); + } + parsedRequest.authority = cachedAuthority; + } + return parsedRequest; + } + /** + * Gets cached native request for redirect flows + */ + getCachedNativeRequest() { + this.logger.trace("BrowserCacheManager.getCachedNativeRequest called"); + const cachedRequest = this.getTemporaryCache(TemporaryCacheKeys.NATIVE_REQUEST, true); + if (!cachedRequest) { + this.logger.trace("BrowserCacheManager.getCachedNativeRequest: No cached native request found"); + return null; + } + const parsedRequest = this.validateAndParseJson(cachedRequest); + if (!parsedRequest) { + this.logger.error("BrowserCacheManager.getCachedNativeRequest: Unable to parse native request"); + return null; + } + return parsedRequest; + } + isInteractionInProgress(matchClientId) { + const clientId = this.getInteractionInProgress(); + if (matchClientId) { + return clientId === this.clientId; + } + else { + return !!clientId; + } + } + getInteractionInProgress() { + const key = `${Constants.CACHE_PREFIX}.${TemporaryCacheKeys.INTERACTION_STATUS_KEY}`; + return this.getTemporaryCache(key, false); + } + setInteractionInProgress(inProgress) { + // Ensure we don't overwrite interaction in progress for a different clientId + const key = `${Constants.CACHE_PREFIX}.${TemporaryCacheKeys.INTERACTION_STATUS_KEY}`; + if (inProgress) { + if (this.getInteractionInProgress()) { + throw createBrowserAuthError(interactionInProgress); + } + else { + // No interaction is in progress + this.setTemporaryCache(key, this.clientId, false); + } + } + else if (!inProgress && + this.getInteractionInProgress() === this.clientId) { + this.removeTemporaryItem(key); + } + } + /** + * Returns username retrieved from ADAL or MSAL v1 idToken + * @deprecated + */ + getLegacyLoginHint() { + // Only check for adal/msal token if no SSO params are being used + const adalIdTokenString = this.getTemporaryCache(PersistentCacheKeys.ADAL_ID_TOKEN); + if (adalIdTokenString) { + this.browserStorage.removeItem(PersistentCacheKeys.ADAL_ID_TOKEN); + this.logger.verbose("Cached ADAL id token retrieved."); + } + // Check for cached MSAL v1 id token + const msalIdTokenString = this.getTemporaryCache(PersistentCacheKeys.ID_TOKEN, true); + if (msalIdTokenString) { + this.browserStorage.removeItem(this.generateCacheKey(PersistentCacheKeys.ID_TOKEN)); + this.logger.verbose("Cached MSAL.js v1 id token retrieved"); + } + const cachedIdTokenString = msalIdTokenString || adalIdTokenString; + if (cachedIdTokenString) { + const idTokenClaims = extractTokenClaims(cachedIdTokenString, base64Decode); + if (idTokenClaims.preferred_username) { + this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 preferred_username as loginHint"); + return idTokenClaims.preferred_username; + } + else if (idTokenClaims.upn) { + this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 upn as loginHint"); + return idTokenClaims.upn; + } + else { + this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, however, no account hint claim found. Enable preferred_username or upn id token claim to get SSO."); + } + } + return null; + } + /** + * Updates a credential's cache key if the current cache key is outdated + */ + updateCredentialCacheKey(currentCacheKey, credential) { + const updatedCacheKey = generateCredentialKey(credential); + if (currentCacheKey !== updatedCacheKey) { + const cacheItem = this.getItem(currentCacheKey); + if (cacheItem) { + this.browserStorage.removeItem(currentCacheKey); + this.setItem(updatedCacheKey, cacheItem); + this.logger.verbose(`Updated an outdated ${credential.credentialType} cache key`); + return updatedCacheKey; + } + else { + this.logger.error(`Attempted to update an outdated ${credential.credentialType} cache key but no item matching the outdated key was found in storage`); + } + } + return currentCacheKey; + } + /** + * Builds credential entities from AuthenticationResult object and saves the resulting credentials to the cache + * @param result + * @param request + */ + async hydrateCache(result, request) { + const idTokenEntity = createIdTokenEntity(result.account?.homeAccountId, result.account?.environment, result.idToken, this.clientId, result.tenantId); + let claimsHash; + if (request.claims) { + claimsHash = await this.cryptoImpl.hashString(request.claims); + } + /** + * meta data for cache stores time in seconds from epoch + * AuthenticationResult returns expiresOn and extExpiresOn in milliseconds (as a Date object which is in ms) + * We need to map these for the cache when building tokens from AuthenticationResult + * + * The next MSAL VFuture should map these both to same value if possible + */ + const accessTokenEntity = createAccessTokenEntity(result.account?.homeAccountId, result.account.environment, result.accessToken, this.clientId, result.tenantId, result.scopes.join(" "), result.expiresOn ? result.expiresOn.getTime() / 1000 : 0, result.extExpiresOn ? result.extExpiresOn.getTime() / 1000 : 0, base64Decode, undefined, // refreshOn + result.tokenType, undefined, // userAssertionHash + request.sshKid, request.claims, claimsHash); + const cacheRecord = { + idToken: idTokenEntity, + accessToken: accessTokenEntity, + }; + return this.saveCacheRecord(cacheRecord); + } + /** + * saves a cache record + * @param cacheRecord {CacheRecord} + * @param storeInCache {?StoreInCache} + * @param correlationId {?string} correlation id + */ + async saveCacheRecord(cacheRecord, storeInCache, correlationId) { + try { + await super.saveCacheRecord(cacheRecord, storeInCache, correlationId); + } + catch (e) { + if (e instanceof CacheError && + this.performanceClient && + correlationId) { + try { + const tokenKeys = this.getTokenKeys(); + this.performanceClient.addFields({ + cacheRtCount: tokenKeys.refreshToken.length, + cacheIdCount: tokenKeys.idToken.length, + cacheAtCount: tokenKeys.accessToken.length, + }, correlationId); + } + catch (e) { } + } + throw e; + } + } +} +const DEFAULT_BROWSER_CACHE_MANAGER = (clientId, logger) => { + const cacheOptions = { + cacheLocation: BrowserCacheLocation.MemoryStorage, + temporaryCacheLocation: BrowserCacheLocation.MemoryStorage, + storeAuthStateInCookie: false, + secureCookies: false, + cacheMigrationEnabled: false, + claimsBasedCachingEnabled: false, + }; + return new BrowserCacheManager(clientId, cacheOptions, DEFAULT_CRYPTO_IMPLEMENTATION, logger); +}; +//# sourceMappingURL=BrowserCacheManager.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/cache/AccountManager.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned. + * @param accountFilter - (Optional) filter to narrow down the accounts returned + * @returns Array of AccountInfo objects in cache + */ +function getAllAccounts(logger, browserStorage, isInBrowser, accountFilter) { + logger.verbose("getAllAccounts called"); + return isInBrowser ? browserStorage.getAllAccounts(accountFilter) : []; +} +/** + * Returns the first account found in the cache that matches the account filter passed in. + * @param accountFilter + * @returns The first account found in the cache matching the provided filter or null if no account could be found. + */ +function getAccount(accountFilter, logger, browserStorage) { + logger.trace("getAccount called"); + if (Object.keys(accountFilter).length === 0) { + logger.warning("getAccount: No accountFilter provided"); + return null; + } + const account = browserStorage.getAccountInfoFilteredBy(accountFilter); + if (account) { + logger.verbose("getAccount: Account matching provided filter found, returning"); + return account; + } + else { + logger.verbose("getAccount: No matching account found, returning null"); + return null; + } +} +/** + * Returns the signed in account matching username. + * (the account object is created at the time of successful login) + * or null when no matching account is found. + * This API is provided for convenience but getAccountById should be used for best reliability + * @param username + * @returns The account object stored in MSAL + */ +function getAccountByUsername(username, logger, browserStorage) { + logger.trace("getAccountByUsername called"); + if (!username) { + logger.warning("getAccountByUsername: No username provided"); + return null; + } + const account = browserStorage.getAccountInfoFilteredBy({ + username, + }); + if (account) { + logger.verbose("getAccountByUsername: Account matching username found, returning"); + logger.verbosePii(`getAccountByUsername: Returning signed-in accounts matching username: ${username}`); + return account; + } + else { + logger.verbose("getAccountByUsername: No matching account found, returning null"); + return null; + } +} +/** + * Returns the signed in account matching homeAccountId. + * (the account object is created at the time of successful login) + * or null when no matching account is found + * @param homeAccountId + * @returns The account object stored in MSAL + */ +function getAccountByHomeId(homeAccountId, logger, browserStorage) { + logger.trace("getAccountByHomeId called"); + if (!homeAccountId) { + logger.warning("getAccountByHomeId: No homeAccountId provided"); + return null; + } + const account = browserStorage.getAccountInfoFilteredBy({ + homeAccountId, + }); + if (account) { + logger.verbose("getAccountByHomeId: Account matching homeAccountId found, returning"); + logger.verbosePii(`getAccountByHomeId: Returning signed-in accounts matching homeAccountId: ${homeAccountId}`); + return account; + } + else { + logger.verbose("getAccountByHomeId: No matching account found, returning null"); + return null; + } +} +/** + * Returns the signed in account matching localAccountId. + * (the account object is created at the time of successful login) + * or null when no matching account is found + * @param localAccountId + * @returns The account object stored in MSAL + */ +function getAccountByLocalId(localAccountId, logger, browserStorage) { + logger.trace("getAccountByLocalId called"); + if (!localAccountId) { + logger.warning("getAccountByLocalId: No localAccountId provided"); + return null; + } + const account = browserStorage.getAccountInfoFilteredBy({ + localAccountId, + }); + if (account) { + logger.verbose("getAccountByLocalId: Account matching localAccountId found, returning"); + logger.verbosePii(`getAccountByLocalId: Returning signed-in accounts matching localAccountId: ${localAccountId}`); + return account; + } + else { + logger.verbose("getAccountByLocalId: No matching account found, returning null"); + return null; + } +} +/** + * Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account. + * @param account + */ +function setActiveAccount(account, browserStorage) { + browserStorage.setActiveAccount(account); +} +/** + * Gets the currently active account + */ +function getActiveAccount(browserStorage) { + return browserStorage.getActiveAccount(); +} +//# sourceMappingURL=AccountManager.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class PopupClient extends StandardInteractionClient { - constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, nativeMessageHandler, correlationId) { - super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId); - // Properly sets this reference for the unload event. - this.unloadWindow = this.unloadWindow.bind(this); - this.nativeStorage = nativeStorageImpl; - } - /** - * Acquires tokens by opening a popup window to the /authorize endpoint of the authority - * @param request - */ - acquireToken(request) { - try { - const popupName = this.generatePopupName(request.scopes || OIDC_DEFAULT_SCOPES, request.authority || this.config.auth.authority); - const popupWindowAttributes = request.popupWindowAttributes || {}; - // asyncPopups flag is true. Acquires token without first opening popup. Popup will be opened later asynchronously. - if (this.config.system.asyncPopups) { - this.logger.verbose("asyncPopups set to true, acquiring token"); - // Passes on popup position and dimensions if in request - return this.acquireTokenPopupAsync(request, popupName, popupWindowAttributes); - } - else { - // asyncPopups flag is set to false. Opens popup before acquiring token. - this.logger.verbose("asyncPopup set to false, opening popup before acquiring token"); - const popup = this.openSizedPopup("about:blank", popupName, popupWindowAttributes); - return this.acquireTokenPopupAsync(request, popupName, popupWindowAttributes, popup); - } - } - catch (e) { - return Promise.reject(e); - } - } - /** - * Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server - * @param logoutRequest - */ - logout(logoutRequest) { - try { - this.logger.verbose("logoutPopup called"); - const validLogoutRequest = this.initializeLogoutRequest(logoutRequest); - const popupName = this.generateLogoutPopupName(validLogoutRequest); - const authority = logoutRequest && logoutRequest.authority; - const mainWindowRedirectUri = logoutRequest && logoutRequest.mainWindowRedirectUri; - const popupWindowAttributes = logoutRequest?.popupWindowAttributes || {}; - // asyncPopups flag is true. Acquires token without first opening popup. Popup will be opened later asynchronously. - if (this.config.system.asyncPopups) { - this.logger.verbose("asyncPopups set to true"); - // Passes on popup position and dimensions if in request - return this.logoutPopupAsync(validLogoutRequest, popupName, popupWindowAttributes, authority, undefined, mainWindowRedirectUri); - } - else { - // asyncPopups flag is set to false. Opens popup before logging out. - this.logger.verbose("asyncPopup set to false, opening popup"); - const popup = this.openSizedPopup("about:blank", popupName, popupWindowAttributes); - return this.logoutPopupAsync(validLogoutRequest, popupName, popupWindowAttributes, authority, popup, mainWindowRedirectUri); - } - } - catch (e) { - // Since this function is synchronous we need to reject - return Promise.reject(e); - } - } - /** - * Helper which obtains an access_token for your API via opening a popup window in the user's browser - * @param validRequest - * @param popupName - * @param popup - * @param popupWindowAttributes - * - * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. - */ - async acquireTokenPopupAsync(request, popupName, popupWindowAttributes, popup) { - this.logger.verbose("acquireTokenPopupAsync called"); - const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenPopup); - const validRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(request, InteractionType.Popup); - preconnect(validRequest.authority); - try { - // Create auth code request and generate PKCE params - const authCodeRequest = await invokeAsync(this.initializeAuthorizationCodeRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.logger, this.performanceClient, this.correlationId)(validRequest); - // Initialize the client - const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, validRequest.authority, validRequest.azureCloudOptions, validRequest.account); - const isNativeBroker = NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, request.authenticationScheme); - // Start measurement for server calls with native brokering enabled - let fetchNativeAccountIdMeasurement; - if (isNativeBroker) { - fetchNativeAccountIdMeasurement = - this.performanceClient.startMeasurement(PerformanceEvents.FetchAccountIdWithNativeBroker, request.correlationId); - } - // Create acquire token url. - const navigateUrl = await authClient.getAuthCodeUrl({ - ...validRequest, - nativeBroker: isNativeBroker, - }); - // Create popup interaction handler. - const interactionHandler = new InteractionHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient); - // Show the UI once the url has been created. Get the window handle for the popup. - const popupParameters = { - popup, - popupName, - popupWindowAttributes, - }; - const popupWindow = this.initiateAuthRequest(navigateUrl, popupParameters); - this.eventHandler.emitEvent(EventType.POPUP_OPENED, InteractionType.Popup, { popupWindow }, null); - // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds. - const responseString = await this.monitorPopupForHash(popupWindow); - const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger); - // Remove throttle if it exists - ThrottlingUtils.removeThrottle(this.browserStorage, this.config.auth.clientId, authCodeRequest); - if (serverParams.accountId) { - this.logger.verbose("Account id found in hash, calling WAM for token"); - // end measurement for server call with native brokering enabled - if (fetchNativeAccountIdMeasurement) { - fetchNativeAccountIdMeasurement.end({ - success: true, - isNativeBroker: true, - }); - } - if (!this.nativeMessageHandler) { - throw createBrowserAuthError(nativeConnectionNotEstablished); - } - const nativeInteractionClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenPopup, this.performanceClient, this.nativeMessageHandler, serverParams.accountId, this.nativeStorage, validRequest.correlationId); - const { userRequestState } = ProtocolUtils.parseRequestState(this.browserCrypto, validRequest.state); - return await nativeInteractionClient.acquireToken({ - ...validRequest, - state: userRequestState, - prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently - }); - } - // Handle response from hash string. - const result = await interactionHandler.handleCodeResponse(serverParams, validRequest); - return result; - } - catch (e) { - if (popup) { - // Close the synchronous popup if an error is thrown before the window unload event is registered - popup.close(); - } - if (e instanceof AuthError) { - e.setCorrelationId(this.correlationId); - serverTelemetryManager.cacheFailedRequest(e); - } - throw e; - } - } - /** - * - * @param validRequest - * @param popupName - * @param requestAuthority - * @param popup - * @param mainWindowRedirectUri - * @param popupWindowAttributes - */ - async logoutPopupAsync(validRequest, popupName, popupWindowAttributes, requestAuthority, popup, mainWindowRedirectUri) { - this.logger.verbose("logoutPopupAsync called"); - this.eventHandler.emitEvent(EventType.LOGOUT_START, InteractionType.Popup, validRequest); - const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.logoutPopup); - try { - // Clear cache on logout - await this.clearCacheOnLogout(validRequest.account); - // Initialize the client - const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, requestAuthority, undefined, // AzureCloudOptions - validRequest.account || undefined); - try { - authClient.authority.endSessionEndpoint; - } - catch { - if (validRequest.account?.homeAccountId && - validRequest.postLogoutRedirectUri && - authClient.authority.protocolMode === ProtocolMode.OIDC) { - void this.browserStorage.removeAccount(validRequest.account?.homeAccountId); - this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, InteractionType.Popup, validRequest); - if (mainWindowRedirectUri) { - const navigationOptions = { - apiId: ApiId.logoutPopup, - timeout: this.config.system.redirectNavigationTimeout, - noHistory: false, - }; - const absoluteUrl = UrlString.getAbsoluteUrl(mainWindowRedirectUri, getCurrentUri()); - await this.navigationClient.navigateInternal(absoluteUrl, navigationOptions); - } - if (popup) { - popup.close(); - } - return; - } - } - // Create logout string and navigate user window to logout. - const logoutUri = authClient.getLogoutUri(validRequest); - this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, InteractionType.Popup, validRequest); - // Open the popup window to requestUrl. - const popupWindow = this.openPopup(logoutUri, { - popupName, - popupWindowAttributes, - popup, - }); - this.eventHandler.emitEvent(EventType.POPUP_OPENED, InteractionType.Popup, { popupWindow }, null); - await this.monitorPopupForHash(popupWindow).catch(() => { - // Swallow any errors related to monitoring the window. Server logout is best effort - }); - if (mainWindowRedirectUri) { - const navigationOptions = { - apiId: ApiId.logoutPopup, - timeout: this.config.system.redirectNavigationTimeout, - noHistory: false, - }; - const absoluteUrl = UrlString.getAbsoluteUrl(mainWindowRedirectUri, getCurrentUri()); - this.logger.verbose("Redirecting main window to url specified in the request"); - this.logger.verbosePii(`Redirecting main window to: ${absoluteUrl}`); - await this.navigationClient.navigateInternal(absoluteUrl, navigationOptions); - } - else { - this.logger.verbose("No main window navigation requested"); - } - } - catch (e) { - if (popup) { - // Close the synchronous popup if an error is thrown before the window unload event is registered - popup.close(); - } - if (e instanceof AuthError) { - e.setCorrelationId(this.correlationId); - serverTelemetryManager.cacheFailedRequest(e); - } - this.browserStorage.setInteractionInProgress(false); - this.eventHandler.emitEvent(EventType.LOGOUT_FAILURE, InteractionType.Popup, null, e); - this.eventHandler.emitEvent(EventType.LOGOUT_END, InteractionType.Popup); - throw e; - } - this.eventHandler.emitEvent(EventType.LOGOUT_END, InteractionType.Popup); - } - /** - * Opens a popup window with given request Url. - * @param requestUrl - */ - initiateAuthRequest(requestUrl, params) { - // Check that request url is not empty. - if (requestUrl) { - this.logger.infoPii(`Navigate to: ${requestUrl}`); - // Open the popup window to requestUrl. - return this.openPopup(requestUrl, params); - } - else { - // Throw error if request URL is empty. - this.logger.error("Navigate url is empty"); - throw createBrowserAuthError(emptyNavigateUri); - } - } - /** - * Monitors a window until it loads a url with the same origin. - * @param popupWindow - window that is being monitored - * @param timeout - timeout for processing hash once popup is redirected back to application - */ - monitorPopupForHash(popupWindow) { - return new Promise((resolve, reject) => { - this.logger.verbose("PopupHandler.monitorPopupForHash - polling started"); - const intervalId = setInterval(() => { - // Window is closed - if (popupWindow.closed) { - this.logger.error("PopupHandler.monitorPopupForHash - window closed"); - clearInterval(intervalId); - reject(createBrowserAuthError(userCancelled)); - return; - } - let href = ""; - try { - /* - * Will throw if cross origin, - * which should be caught and ignored - * since we need the interval to keep running while on STS UI. - */ - href = popupWindow.location.href; - } - catch (e) { } - // Don't process blank pages or cross domain - if (!href || href === "about:blank") { - return; - } - clearInterval(intervalId); - let responseString = ""; - const responseType = this.config.auth.OIDCOptions.serverResponseType; - if (popupWindow) { - if (responseType === ServerResponseType.QUERY) { - responseString = popupWindow.location.search; - } - else { - responseString = popupWindow.location.hash; - } - } - this.logger.verbose("PopupHandler.monitorPopupForHash - popup window is on same origin as caller"); - resolve(responseString); - }, this.config.system.pollIntervalMilliseconds); - }).finally(() => { - this.cleanPopup(popupWindow); - }); - } - /** - * @hidden - * - * Configures popup window for login. - * - * @param urlNavigate - * @param title - * @param popUpWidth - * @param popUpHeight - * @param popupWindowAttributes - * @ignore - * @hidden - */ - openPopup(urlNavigate, popupParams) { - try { - let popupWindow; - // Popup window passed in, setting url to navigate to - if (popupParams.popup) { - popupWindow = popupParams.popup; - this.logger.verbosePii(`Navigating popup window to: ${urlNavigate}`); - popupWindow.location.assign(urlNavigate); - } - else if (typeof popupParams.popup === "undefined") { - // Popup will be undefined if it was not passed in - this.logger.verbosePii(`Opening popup window to: ${urlNavigate}`); - popupWindow = this.openSizedPopup(urlNavigate, popupParams.popupName, popupParams.popupWindowAttributes); - } - // Popup will be null if popups are blocked - if (!popupWindow) { - throw createBrowserAuthError(emptyWindowError); - } - if (popupWindow.focus) { - popupWindow.focus(); - } - this.currentWindow = popupWindow; - window.addEventListener("beforeunload", this.unloadWindow); - return popupWindow; - } - catch (e) { - this.logger.error("error opening popup " + e.message); - this.browserStorage.setInteractionInProgress(false); - throw createBrowserAuthError(popupWindowError); - } - } - /** - * Helper function to set popup window dimensions and position - * @param urlNavigate - * @param popupName - * @param popupWindowAttributes - * @returns - */ - openSizedPopup(urlNavigate, popupName, popupWindowAttributes) { - /** - * adding winLeft and winTop to account for dual monitor - * using screenLeft and screenTop for IE8 and earlier - */ - const winLeft = window.screenLeft ? window.screenLeft : window.screenX; - const winTop = window.screenTop ? window.screenTop : window.screenY; - /** - * window.innerWidth displays browser window"s height and width excluding toolbars - * using document.documentElement.clientWidth for IE8 and earlier - */ - const winWidth = window.innerWidth || - document.documentElement.clientWidth || - document.body.clientWidth; - const winHeight = window.innerHeight || - document.documentElement.clientHeight || - document.body.clientHeight; - let width = popupWindowAttributes.popupSize?.width; - let height = popupWindowAttributes.popupSize?.height; - let top = popupWindowAttributes.popupPosition?.top; - let left = popupWindowAttributes.popupPosition?.left; - if (!width || width < 0 || width > winWidth) { - this.logger.verbose("Default popup window width used. Window width not configured or invalid."); - width = BrowserConstants.POPUP_WIDTH; - } - if (!height || height < 0 || height > winHeight) { - this.logger.verbose("Default popup window height used. Window height not configured or invalid."); - height = BrowserConstants.POPUP_HEIGHT; - } - if (!top || top < 0 || top > winHeight) { - this.logger.verbose("Default popup window top position used. Window top not configured or invalid."); - top = Math.max(0, winHeight / 2 - BrowserConstants.POPUP_HEIGHT / 2 + winTop); - } - if (!left || left < 0 || left > winWidth) { - this.logger.verbose("Default popup window left position used. Window left not configured or invalid."); - left = Math.max(0, winWidth / 2 - BrowserConstants.POPUP_WIDTH / 2 + winLeft); - } - return window.open(urlNavigate, popupName, `width=${width}, height=${height}, top=${top}, left=${left}, scrollbars=yes`); - } - /** - * Event callback to unload main window. - */ - unloadWindow(e) { - this.browserStorage.cleanRequestByInteractionType(InteractionType.Popup); - if (this.currentWindow) { - this.currentWindow.close(); - } - // Guarantees browser unload will happen, so no other errors will be thrown. - e.preventDefault(); - } - /** - * Closes popup, removes any state vars created during popup calls. - * @param popupWindow - */ - cleanPopup(popupWindow) { - if (popupWindow) { - // Close window. - popupWindow.close(); - } - // Remove window unload function - window.removeEventListener("beforeunload", this.unloadWindow); - // Interaction is completed - remove interaction status. - this.browserStorage.setInteractionInProgress(false); - } - /** - * Generates the name for the popup based on the client id and request - * @param clientId - * @param request - */ - generatePopupName(scopes, authority) { - return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${scopes.join("-")}.${authority}.${this.correlationId}`; - } - /** - * Generates the name for the popup based on the client id and request for logouts - * @param clientId - * @param request - */ - generateLogoutPopupName(request) { - const homeAccountId = request.account && request.account.homeAccountId; - return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`; - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/utils/BrowserUtils.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Clears hash from window url. + */ +function clearHash(contentWindow) { + // Office.js sets history.replaceState to null + contentWindow.location.hash = ""; + if (typeof contentWindow.history.replaceState === "function") { + // Full removes "#" from url + contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}${contentWindow.location.search}`); + } +} +/** + * Replaces current hash with hash from provided url + */ +function replaceHash(url) { + const urlParts = url.split("#"); + urlParts.shift(); // Remove part before the hash + window.location.hash = urlParts.length > 0 ? urlParts.join("#") : ""; +} +/** + * Returns boolean of whether the current window is in an iframe or not. + */ +function isInIframe() { + return window.parent !== window; +} +/** + * Returns boolean of whether or not the current window is a popup opened by msal + */ +function isInPopup() { + return (typeof window !== "undefined" && + !!window.opener && + window.opener !== window && + typeof window.name === "string" && + window.name.indexOf(`${BrowserConstants.POPUP_NAME_PREFIX}.`) === 0); +} +// #endregion +/** + * Returns current window URL as redirect uri + */ +function getCurrentUri() { + return window.location.href.split("?")[0].split("#")[0]; +} +/** + * Gets the homepage url for the current window location. + */ +function getHomepage() { + const currentUrl = new UrlString(window.location.href); + const urlComponents = currentUrl.getUrlComponents(); + return `${urlComponents.Protocol}//${urlComponents.HostNameAndPort}/`; +} +/** + * Throws error if we have completed an auth and are + * attempting another auth request inside an iframe. + */ +function blockReloadInHiddenIframes() { + const isResponseHash = UrlString.hashContainsKnownProperties(window.location.hash); + // return an error if called from the hidden iframe created by the msal js silent calls + if (isResponseHash && isInIframe()) { + throw createBrowserAuthError(blockIframeReload); + } +} +/** + * Block redirect operations in iframes unless explicitly allowed + * @param interactionType Interaction type for the request + * @param allowRedirectInIframe Config value to allow redirects when app is inside an iframe + */ +function blockRedirectInIframe(allowRedirectInIframe) { + if (isInIframe() && !allowRedirectInIframe) { + // If we are not in top frame, we shouldn't redirect. This is also handled by the service. + throw createBrowserAuthError(redirectInIframe); + } +} +/** + * Block redirectUri loaded in popup from calling AcquireToken APIs + */ +function blockAcquireTokenInPopups() { + // Popups opened by msal popup APIs are given a name that starts with "msal." + if (isInPopup()) { + throw createBrowserAuthError(blockNestedPopups); + } +} +/** + * Throws error if token requests are made in non-browser environment + * @param isBrowserEnvironment Flag indicating if environment is a browser. + */ +function blockNonBrowserEnvironment() { + if (typeof window === "undefined") { + throw createBrowserAuthError(nonBrowserEnvironment); + } +} +/** + * Throws error if initialize hasn't been called + * @param initialized + */ +function blockAPICallsBeforeInitialize(initialized) { + if (!initialized) { + throw createBrowserAuthError(uninitializedPublicClientApplication); + } +} +/** + * Helper to validate app environment before making an auth request + * @param initialized + */ +function preflightCheck(initialized) { + // Block request if not in browser environment + blockNonBrowserEnvironment(); + // Block auth requests inside a hidden iframe + blockReloadInHiddenIframes(); + // Block redirectUri opened in a popup from calling MSAL APIs + blockAcquireTokenInPopups(); + // Block token acquisition before initialize has been called + blockAPICallsBeforeInitialize(initialized); +} +/** + * Helper to validate app enviornment before making redirect request + * @param initialized + * @param config + */ +function redirectPreflightCheck(initialized, config) { + preflightCheck(initialized); + blockRedirectInIframe(config.system.allowRedirectInIframe); + // Block redirects if memory storage is enabled but storeAuthStateInCookie is not + if (config.cache.cacheLocation === BrowserCacheLocation.MemoryStorage && + !config.cache.storeAuthStateInCookie) { + throw createBrowserConfigurationAuthError(inMemRedirectUnavailable); + } +} +/** + * Adds a preconnect link element to the header which begins DNS resolution and SSL connection in anticipation of the /token request + * @param loginDomain Authority domain, including https protocol e.g. https://login.microsoftonline.com + * @returns + */ +function preconnect(authority) { + const link = document.createElement("link"); + link.rel = "preconnect"; + link.href = new URL(authority).origin; + link.crossOrigin = "anonymous"; + document.head.appendChild(link); + // The browser will close connection if not used within a few seconds, remove element from the header after 10s + window.setTimeout(() => { + try { + document.head.removeChild(link); + } + catch { } + }, 10000); // 10s Timeout +} +/** + * Wrapper function that creates a UUID v7 from the current timestamp. + * @returns {string} + */ +function createGuid() { + return createNewGuid(); } -//# sourceMappingURL=PopupClient.mjs.map +//# sourceMappingURL=BrowserUtils.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_handler/RedirectHandler.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/event/EventType.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const EventType = { + INITIALIZE_START: "msal:initializeStart", + INITIALIZE_END: "msal:initializeEnd", + ACCOUNT_ADDED: "msal:accountAdded", + ACCOUNT_REMOVED: "msal:accountRemoved", + ACTIVE_ACCOUNT_CHANGED: "msal:activeAccountChanged", + LOGIN_START: "msal:loginStart", + LOGIN_SUCCESS: "msal:loginSuccess", + LOGIN_FAILURE: "msal:loginFailure", + ACQUIRE_TOKEN_START: "msal:acquireTokenStart", + ACQUIRE_TOKEN_SUCCESS: "msal:acquireTokenSuccess", + ACQUIRE_TOKEN_FAILURE: "msal:acquireTokenFailure", + ACQUIRE_TOKEN_NETWORK_START: "msal:acquireTokenFromNetworkStart", + SSO_SILENT_START: "msal:ssoSilentStart", + SSO_SILENT_SUCCESS: "msal:ssoSilentSuccess", + SSO_SILENT_FAILURE: "msal:ssoSilentFailure", + ACQUIRE_TOKEN_BY_CODE_START: "msal:acquireTokenByCodeStart", + ACQUIRE_TOKEN_BY_CODE_SUCCESS: "msal:acquireTokenByCodeSuccess", + ACQUIRE_TOKEN_BY_CODE_FAILURE: "msal:acquireTokenByCodeFailure", + HANDLE_REDIRECT_START: "msal:handleRedirectStart", + HANDLE_REDIRECT_END: "msal:handleRedirectEnd", + POPUP_OPENED: "msal:popupOpened", + LOGOUT_START: "msal:logoutStart", + LOGOUT_SUCCESS: "msal:logoutSuccess", + LOGOUT_FAILURE: "msal:logoutFailure", + LOGOUT_END: "msal:logoutEnd", + RESTORE_FROM_BFCACHE: "msal:restoreFromBFCache", +}; +//# sourceMappingURL=EventType.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/event/EventHandler.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class EventHandler { + constructor(logger, browserCrypto) { + this.eventCallbacks = new Map(); + this.logger = logger; + this.browserCrypto = browserCrypto; + this.listeningToStorageEvents = false; + this.handleAccountCacheChange = + this.handleAccountCacheChange.bind(this); + } + /** + * Adds event callbacks to array + * @param callback + */ + addEventCallback(callback) { + if (typeof window !== "undefined") { + const callbackId = BrowserCrypto_createNewGuid(); + this.eventCallbacks.set(callbackId, callback); + this.logger.verbose(`Event callback registered with id: ${callbackId}`); + return callbackId; + } + return null; + } + /** + * Removes callback with provided id from callback array + * @param callbackId + */ + removeEventCallback(callbackId) { + this.eventCallbacks.delete(callbackId); + this.logger.verbose(`Event callback ${callbackId} removed.`); + } + /** + * Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window + */ + enableAccountStorageEvents() { + if (typeof window === "undefined") { + return; + } + if (!this.listeningToStorageEvents) { + this.logger.verbose("Adding account storage listener."); + this.listeningToStorageEvents = true; + window.addEventListener("storage", this.handleAccountCacheChange); + } + else { + this.logger.verbose("Account storage listener already registered."); + } + } + /** + * Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window + */ + disableAccountStorageEvents() { + if (typeof window === "undefined") { + return; + } + if (this.listeningToStorageEvents) { + this.logger.verbose("Removing account storage listener."); + window.removeEventListener("storage", this.handleAccountCacheChange); + this.listeningToStorageEvents = false; + } + else { + this.logger.verbose("No account storage listener registered."); + } + } + /** + * Emits events by calling callback with event message + * @param eventType + * @param interactionType + * @param payload + * @param error + */ + emitEvent(eventType, interactionType, payload, error) { + if (typeof window !== "undefined") { + const message = { + eventType: eventType, + interactionType: interactionType || null, + payload: payload || null, + error: error || null, + timestamp: Date.now(), + }; + this.logger.info(`Emitting event: ${eventType}`); + this.eventCallbacks.forEach((callback, callbackId) => { + this.logger.verbose(`Emitting event to callback ${callbackId}: ${eventType}`); + callback.apply(null, [message]); + }); + } + } + /** + * Emit account added/removed events when cached accounts are changed in a different tab or frame + */ + handleAccountCacheChange(e) { + try { + // Handle active account filter change + if (e.key?.includes(PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS)) { + // This event has no payload, it only signals cross-tab app instances that the results of calling getActiveAccount() will have changed + this.emitEvent(EventType.ACTIVE_ACCOUNT_CHANGED); + } + // Handle account object change + const cacheValue = e.newValue || e.oldValue; + if (!cacheValue) { + return; + } + const parsedValue = JSON.parse(cacheValue); + if (typeof parsedValue !== "object" || + !AccountEntity.isAccountEntity(parsedValue)) { + return; + } + const accountEntity = CacheManager.toObject(new AccountEntity(), parsedValue); + const accountInfo = accountEntity.getAccountInfo(); + if (!e.oldValue && e.newValue) { + this.logger.info("Account was added to cache in a different window"); + this.emitEvent(EventType.ACCOUNT_ADDED, undefined, accountInfo); + } + else if (!e.newValue && e.oldValue) { + this.logger.info("Account was removed from cache in a different window"); + this.emitEvent(EventType.ACCOUNT_REMOVED, undefined, accountInfo); + } + } + catch (e) { + return; + } + } +} +//# sourceMappingURL=EventHandler.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class RedirectHandler { - constructor(authCodeModule, storageImpl, authCodeRequest, logger, performanceClient) { - this.authModule = authCodeModule; - this.browserStorage = storageImpl; - this.authCodeRequest = authCodeRequest; - this.logger = logger; - this.performanceClient = performanceClient; - } - /** - * Redirects window to given URL. - * @param urlNavigate - */ - async initiateAuthRequest(requestUrl, params) { - this.logger.verbose("RedirectHandler.initiateAuthRequest called"); - // Navigate if valid URL - if (requestUrl) { - // Cache start page, returns to this page after redirectUri if navigateToLoginRequestUrl is true - if (params.redirectStartPage) { - this.logger.verbose("RedirectHandler.initiateAuthRequest: redirectStartPage set, caching start page"); - this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, params.redirectStartPage, true); - } - // Set interaction status in the library. - this.browserStorage.setTemporaryCache(TemporaryCacheKeys.CORRELATION_ID, this.authCodeRequest.correlationId, true); - this.browserStorage.cacheCodeRequest(this.authCodeRequest); - this.logger.infoPii(`RedirectHandler.initiateAuthRequest: Navigate to: ${requestUrl}`); - const navigationOptions = { - apiId: ApiId.acquireTokenRedirect, - timeout: params.redirectTimeout, - noHistory: false, - }; - // If onRedirectNavigate is implemented, invoke it and provide requestUrl - if (typeof params.onRedirectNavigate === "function") { - this.logger.verbose("RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback"); - const navigate = params.onRedirectNavigate(requestUrl); - // Returning false from onRedirectNavigate will stop navigation - if (navigate !== false) { - this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"); - await params.navigationClient.navigateExternal(requestUrl, navigationOptions); - return; - } - else { - this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation"); - return; - } - } - else { - // Navigate window to request URL - this.logger.verbose("RedirectHandler.initiateAuthRequest: Navigating window to navigate url"); - await params.navigationClient.navigateExternal(requestUrl, navigationOptions); - return; - } - } - else { - // Throw error if request URL is empty. - this.logger.info("RedirectHandler.initiateAuthRequest: Navigate url is empty"); - throw createBrowserAuthError(emptyNavigateUri); - } - } - /** - * Handle authorization code response in the window. - * @param hash - */ - async handleCodeResponse(response, state) { - this.logger.verbose("RedirectHandler.handleCodeResponse called"); - // Interaction is completed - remove interaction status. - this.browserStorage.setInteractionInProgress(false); - // Handle code response. - const stateKey = this.browserStorage.generateStateKey(state); - const requestState = this.browserStorage.getTemporaryCache(stateKey); - if (!requestState) { - throw createClientAuthError(stateNotFound, "Cached State"); - } - let authCodeResponse; - try { - authCodeResponse = this.authModule.handleFragmentResponse(response, requestState); - } - catch (e) { - if (e instanceof ServerError && - e.subError === userCancelled) { - // Translate server error caused by user closing native prompt to corresponding first class MSAL error - throw createBrowserAuthError(userCancelled); - } - else { - throw e; - } - } - // Get cached items - const nonceKey = this.browserStorage.generateNonceKey(requestState); - const cachedNonce = this.browserStorage.getTemporaryCache(nonceKey); - // Assign code to request - this.authCodeRequest.code = authCodeResponse.code; - // Check for new cloud instance - if (authCodeResponse.cloud_instance_host_name) { - await invokeAsync(this.authModule.updateAuthority.bind(this.authModule), PerformanceEvents.UpdateTokenEndpointAuthority, this.logger, this.performanceClient, this.authCodeRequest.correlationId)(authCodeResponse.cloud_instance_host_name, this.authCodeRequest.correlationId); - } - authCodeResponse.nonce = cachedNonce || undefined; - authCodeResponse.state = requestState; - // Add CCS parameters if available - if (authCodeResponse.client_info) { - this.authCodeRequest.clientInfo = authCodeResponse.client_info; - } - else { - const cachedCcsCred = this.checkCcsCredentials(); - if (cachedCcsCred) { - this.authCodeRequest.ccsCredential = cachedCcsCred; - } - } - // Acquire token with retrieved code. - const tokenResponse = (await this.authModule.acquireToken(this.authCodeRequest, authCodeResponse)); - this.browserStorage.cleanRequestByState(state); - return tokenResponse; - } - /** - * Looks up ccs creds in the cache - */ - checkCcsCredentials() { - // Look up ccs credential in temp cache - const cachedCcsCred = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, true); - if (cachedCcsCred) { - try { - return JSON.parse(cachedCcsCred); - } - catch (e) { - this.authModule.logger.error("Cache credential could not be parsed"); - this.authModule.logger.errorPii(`Cache credential could not be parsed: ${cachedCcsCred}`); - } - } - return null; - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/error/ServerError.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Error thrown when there is an error with the server code, for example, unavailability. + */ +class ServerError extends AuthError { + constructor(errorCode, errorMessage, subError, errorNo, status) { + super(errorCode, errorMessage, subError); + this.name = "ServerError"; + this.errorNo = errorNo; + this.status = status; + Object.setPrototypeOf(this, ServerError.prototype); + } } -//# sourceMappingURL=RedirectHandler.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_client/RedirectClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +//# sourceMappingURL=ServerError.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/network/ThrottlingUtils.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** @internal */ +class ThrottlingUtils { + /** + * Prepares a RequestThumbprint to be stored as a key. + * @param thumbprint + */ + static generateThrottlingStorageKey(thumbprint) { + return `${ThrottlingConstants.THROTTLING_PREFIX}.${JSON.stringify(thumbprint)}`; + } + /** + * Performs necessary throttling checks before a network request. + * @param cacheManager + * @param thumbprint + */ + static preProcess(cacheManager, thumbprint) { + const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint); + const value = cacheManager.getThrottlingCache(key); + if (value) { + if (value.throttleTime < Date.now()) { + cacheManager.removeItem(key); + return; + } + throw new ServerError(value.errorCodes?.join(" ") || Constants.EMPTY_STRING, value.errorMessage, value.subError); + } + } + /** + * Performs necessary throttling checks after a network request. + * @param cacheManager + * @param thumbprint + * @param response + */ + static postProcess(cacheManager, thumbprint, response) { + if (ThrottlingUtils.checkResponseStatus(response) || + ThrottlingUtils.checkResponseForRetryAfter(response)) { + const thumbprintValue = { + throttleTime: ThrottlingUtils.calculateThrottleTime(parseInt(response.headers[HeaderNames.RETRY_AFTER])), + error: response.body.error, + errorCodes: response.body.error_codes, + errorMessage: response.body.error_description, + subError: response.body.suberror, + }; + cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue); + } + } + /** + * Checks a NetworkResponse object's status codes against 429 or 5xx + * @param response + */ + static checkResponseStatus(response) { + return (response.status === 429 || + (response.status >= 500 && response.status < 600)); + } + /** + * Checks a NetworkResponse object's RetryAfter header + * @param response + */ + static checkResponseForRetryAfter(response) { + if (response.headers) { + return (response.headers.hasOwnProperty(HeaderNames.RETRY_AFTER) && + (response.status < 200 || response.status >= 300)); + } + return false; + } + /** + * Calculates the Unix-time value for a throttle to expire given throttleTime in seconds. + * @param throttleTime + */ + static calculateThrottleTime(throttleTime) { + const time = throttleTime <= 0 ? 0 : throttleTime; + const currentSeconds = Date.now() / 1000; + return Math.floor(Math.min(currentSeconds + + (time || ThrottlingConstants.DEFAULT_THROTTLE_TIME_SECONDS), currentSeconds + + ThrottlingConstants.DEFAULT_MAX_THROTTLE_TIME_SECONDS) * 1000); + } + static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) { + const thumbprint = { + clientId: clientId, + authority: request.authority, + scopes: request.scopes, + homeAccountIdentifier: homeAccountIdentifier, + claims: request.claims, + authenticationScheme: request.authenticationScheme, + resourceRequestMethod: request.resourceRequestMethod, + resourceRequestUri: request.resourceRequestUri, + shrClaims: request.shrClaims, + sshKid: request.sshKid, + }; + const key = this.generateThrottlingStorageKey(thumbprint); + cacheManager.removeItem(key); + } +} +//# sourceMappingURL=ThrottlingUtils.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/network/NetworkManager.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** @internal */ +class NetworkManager { + constructor(networkClient, cacheManager) { + this.networkClient = networkClient; + this.cacheManager = cacheManager; + } + /** + * Wraps sendPostRequestAsync with necessary preflight and postflight logic + * @param thumbprint + * @param tokenEndpoint + * @param options + */ + async sendPostRequest(thumbprint, tokenEndpoint, options) { + ThrottlingUtils.preProcess(this.cacheManager, thumbprint); + let response; + try { + response = await this.networkClient.sendPostRequestAsync(tokenEndpoint, options); + } + catch (e) { + if (e instanceof AuthError) { + throw e; + } + else { + throw createClientAuthError(networkError); + } + } + ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response); + return response; + } +} +//# sourceMappingURL=NetworkManager.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/constants/AADServerParamKeys.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const CLIENT_ID = "client_id"; +const REDIRECT_URI = "redirect_uri"; +const RESPONSE_TYPE = "response_type"; +const RESPONSE_MODE = "response_mode"; +const GRANT_TYPE = "grant_type"; +const CLAIMS = "claims"; +const SCOPE = "scope"; +const ERROR = "error"; +const ERROR_DESCRIPTION = "error_description"; +const ACCESS_TOKEN = "access_token"; +const ID_TOKEN = "id_token"; +const REFRESH_TOKEN = "refresh_token"; +const EXPIRES_IN = "expires_in"; +const REFRESH_TOKEN_EXPIRES_IN = "refresh_token_expires_in"; +const STATE = "state"; +const NONCE = "nonce"; +const PROMPT = "prompt"; +const SESSION_STATE = "session_state"; +const AADServerParamKeys_CLIENT_INFO = "client_info"; +const CODE = "code"; +const CODE_CHALLENGE = "code_challenge"; +const CODE_CHALLENGE_METHOD = "code_challenge_method"; +const CODE_VERIFIER = "code_verifier"; +const CLIENT_REQUEST_ID = "client-request-id"; +const X_CLIENT_SKU = "x-client-SKU"; +const X_CLIENT_VER = "x-client-VER"; +const X_CLIENT_OS = "x-client-OS"; +const X_CLIENT_CPU = "x-client-CPU"; +const X_CLIENT_CURR_TELEM = "x-client-current-telemetry"; +const X_CLIENT_LAST_TELEM = "x-client-last-telemetry"; +const X_MS_LIB_CAPABILITY = "x-ms-lib-capability"; +const X_APP_NAME = "x-app-name"; +const X_APP_VER = "x-app-ver"; +const POST_LOGOUT_URI = "post_logout_redirect_uri"; +const ID_TOKEN_HINT = "id_token_hint"; +const DEVICE_CODE = "device_code"; +const CLIENT_SECRET = "client_secret"; +const CLIENT_ASSERTION = "client_assertion"; +const CLIENT_ASSERTION_TYPE = "client_assertion_type"; +const TOKEN_TYPE = "token_type"; +const REQ_CNF = "req_cnf"; +const OBO_ASSERTION = "assertion"; +const REQUESTED_TOKEN_USE = "requested_token_use"; +const ON_BEHALF_OF = "on_behalf_of"; +const FOCI = "foci"; +const CCS_HEADER = "X-AnchorMailbox"; +const RETURN_SPA_CODE = "return_spa_code"; +const NATIVE_BROKER = "nativebroker"; +const LOGOUT_HINT = "logout_hint"; +const SID = "sid"; +const LOGIN_HINT = "login_hint"; +const DOMAIN_HINT = "domain_hint"; +const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku"; +//# sourceMappingURL=AADServerParamKeys.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/request/RequestValidator.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Validates server consumable params from the "request" objects + */ +class RequestValidator { + /** + * Utility to check if the `redirectUri` in the request is a non-null value + * @param redirectUri + */ + static validateRedirectUri(redirectUri) { + if (!redirectUri) { + throw createClientConfigurationError(redirectUriEmpty); + } + } + /** + * Utility to validate prompt sent by the user in the request + * @param prompt + */ + static validatePrompt(prompt) { + const promptValues = []; + for (const value in PromptValue) { + promptValues.push(PromptValue[value]); + } + if (promptValues.indexOf(prompt) < 0) { + throw createClientConfigurationError(invalidPromptValue); + } + } + static validateClaims(claims) { + try { + JSON.parse(claims); + } + catch (e) { + throw createClientConfigurationError(invalidClaims); + } + } + /** + * Utility to validate code_challenge and code_challenge_method + * @param codeChallenge + * @param codeChallengeMethod + */ + static validateCodeChallengeParams(codeChallenge, codeChallengeMethod) { + if (!codeChallenge || !codeChallengeMethod) { + throw createClientConfigurationError(pkceParamsMissing); + } + else { + this.validateCodeChallengeMethod(codeChallengeMethod); + } + } + /** + * Utility to validate code_challenge_method + * @param codeChallengeMethod + */ + static validateCodeChallengeMethod(codeChallengeMethod) { + if ([ + CodeChallengeMethodValues.PLAIN, + CodeChallengeMethodValues.S256, + ].indexOf(codeChallengeMethod) < 0) { + throw createClientConfigurationError(invalidCodeChallengeMethod); + } + } +} +//# sourceMappingURL=RequestValidator.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class RedirectClient extends StandardInteractionClient { - constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, nativeMessageHandler, correlationId) { - super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId); - this.nativeStorage = nativeStorageImpl; - } - /** - * Redirects the page to the /authorize endpoint of the IDP - * @param request - */ - async acquireToken(request) { - const validRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(request, InteractionType.Redirect); - this.browserStorage.updateCacheEntries(validRequest.state, validRequest.nonce, validRequest.authority, validRequest.loginHint || "", validRequest.account || null); - const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenRedirect); - const handleBackButton = (event) => { - // Clear temporary cache if the back button is clicked during the redirect flow. - if (event.persisted) { - this.logger.verbose("Page was restored from back/forward cache. Clearing temporary cache."); - this.browserStorage.cleanRequestByState(validRequest.state); - this.eventHandler.emitEvent(EventType.RESTORE_FROM_BFCACHE, InteractionType.Redirect); - } - }; - try { - // Create auth code request and generate PKCE params - const authCodeRequest = await invokeAsync(this.initializeAuthorizationCodeRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.logger, this.performanceClient, this.correlationId)(validRequest); - // Initialize the client - const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, validRequest.authority, validRequest.azureCloudOptions, validRequest.account); - // Create redirect interaction handler. - const interactionHandler = new RedirectHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient); - // Create acquire token url. - const navigateUrl = await authClient.getAuthCodeUrl({ - ...validRequest, - nativeBroker: NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, request.authenticationScheme), - }); - const redirectStartPage = this.getRedirectStartPage(request.redirectStartPage); - this.logger.verbosePii(`Redirect start page: ${redirectStartPage}`); - // Clear temporary cache if the back button is clicked during the redirect flow. - window.addEventListener("pageshow", handleBackButton); - // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function. - return await interactionHandler.initiateAuthRequest(navigateUrl, { - navigationClient: this.navigationClient, - redirectTimeout: this.config.system.redirectNavigationTimeout, - redirectStartPage: redirectStartPage, - onRedirectNavigate: request.onRedirectNavigate, - }); - } - catch (e) { - if (e instanceof AuthError) { - e.setCorrelationId(this.correlationId); - serverTelemetryManager.cacheFailedRequest(e); - } - window.removeEventListener("pageshow", handleBackButton); - this.browserStorage.cleanRequestByState(validRequest.state); - throw e; - } - } - /** - * Checks if navigateToLoginRequestUrl is set, and: - * - if true, performs logic to cache and navigate - * - if false, handles hash string and parses response - * @param hash {string} url hash - * @param parentMeasurement {InProgressPerformanceEvent} parent measurement - */ - async handleRedirectPromise(hash = "", parentMeasurement) { - const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.handleRedirectPromise); - try { - if (!this.browserStorage.isInteractionInProgress(true)) { - this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."); - return null; - } - const [serverParams, responseString] = this.getRedirectResponse(hash || ""); - if (!serverParams) { - // Not a recognized server response hash or hash not associated with a redirect request - this.logger.info("handleRedirectPromise did not detect a response as a result of a redirect. Cleaning temporary cache."); - this.browserStorage.cleanRequestByInteractionType(InteractionType.Redirect); - parentMeasurement.event.errorCode = "no_server_response"; - return null; - } - // If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated - const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, true) || Constants.EMPTY_STRING; - const loginRequestUrlNormalized = UrlString.removeHashFromUrl(loginRequestUrl); - const currentUrlNormalized = UrlString.removeHashFromUrl(window.location.href); - if (loginRequestUrlNormalized === currentUrlNormalized && - this.config.auth.navigateToLoginRequestUrl) { - // We are on the page we need to navigate to - handle hash - this.logger.verbose("Current page is loginRequestUrl, handling response"); - if (loginRequestUrl.indexOf("#") > -1) { - // Replace current hash with non-msal hash, if present - replaceHash(loginRequestUrl); - } - const handleHashResult = await this.handleResponse(serverParams, serverTelemetryManager); - return handleHashResult; - } - else if (!this.config.auth.navigateToLoginRequestUrl) { - this.logger.verbose("NavigateToLoginRequestUrl set to false, handling response"); - return await this.handleResponse(serverParams, serverTelemetryManager); - } - else if (!isInIframe() || - this.config.system.allowRedirectInIframe) { - /* - * Returned from authority using redirect - need to perform navigation before processing response - * Cache the hash to be retrieved after the next redirect - */ - this.browserStorage.setTemporaryCache(TemporaryCacheKeys.URL_HASH, responseString, true); - const navigationOptions = { - apiId: ApiId.handleRedirectPromise, - timeout: this.config.system.redirectNavigationTimeout, - noHistory: true, - }; - /** - * Default behavior is to redirect to the start page and not process the hash now. - * The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above. - */ - let processHashOnRedirect = true; - if (!loginRequestUrl || loginRequestUrl === "null") { - // Redirect to home page if login request url is null (real null or the string null) - const homepage = getHomepage(); - // Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage - this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true); - this.logger.warning("Unable to get valid login request url from cache, redirecting to home page"); - processHashOnRedirect = - await this.navigationClient.navigateInternal(homepage, navigationOptions); - } - else { - // Navigate to page that initiated the redirect request - this.logger.verbose(`Navigating to loginRequestUrl: ${loginRequestUrl}`); - processHashOnRedirect = - await this.navigationClient.navigateInternal(loginRequestUrl, navigationOptions); - } - // If navigateInternal implementation returns false, handle the hash now - if (!processHashOnRedirect) { - return await this.handleResponse(serverParams, serverTelemetryManager); - } - } - return null; - } - catch (e) { - if (e instanceof AuthError) { - e.setCorrelationId(this.correlationId); - serverTelemetryManager.cacheFailedRequest(e); - } - this.browserStorage.cleanRequestByInteractionType(InteractionType.Redirect); - throw e; - } - } - /** - * Gets the response hash for a redirect request - * Returns null if interactionType in the state value is not "redirect" or the hash does not contain known properties - * @param hash - */ - getRedirectResponse(userProvidedResponse) { - this.logger.verbose("getRedirectResponseHash called"); - // Get current location hash from window or cache. - let responseString = userProvidedResponse; - if (!responseString) { - if (this.config.auth.OIDCOptions.serverResponseType === - ServerResponseType.QUERY) { - responseString = window.location.search; - } - else { - responseString = window.location.hash; - } - } - let response = getDeserializedResponse(responseString); - if (response) { - try { - validateInteractionType(response, this.browserCrypto, InteractionType.Redirect); - } - catch (e) { - if (e instanceof AuthError) { - this.logger.error(`Interaction type validation failed due to ${e.errorCode}: ${e.errorMessage}`); - } - return [null, ""]; - } - clearHash(window); - this.logger.verbose("Hash contains known properties, returning response hash"); - return [response, responseString]; - } - const cachedHash = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.URL_HASH, true); - this.browserStorage.removeItem(this.browserStorage.generateCacheKey(TemporaryCacheKeys.URL_HASH)); - if (cachedHash) { - response = getDeserializedResponse(cachedHash); - if (response) { - this.logger.verbose("Hash does not contain known properties, returning cached hash"); - return [response, cachedHash]; - } - } - return [null, ""]; - } - /** - * Checks if hash exists and handles in window. - * @param hash - * @param state - */ - async handleResponse(serverParams, serverTelemetryManager) { - const state = serverParams.state; - if (!state) { - throw createBrowserAuthError(noStateInHash); - } - const cachedRequest = this.browserStorage.getCachedRequest(state); - this.logger.verbose("handleResponse called, retrieved cached request"); - if (serverParams.accountId) { - this.logger.verbose("Account id found in hash, calling WAM for token"); - if (!this.nativeMessageHandler) { - throw createBrowserAuthError(nativeConnectionNotEstablished); - } - const nativeInteractionClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenPopup, this.performanceClient, this.nativeMessageHandler, serverParams.accountId, this.nativeStorage, cachedRequest.correlationId); - const { userRequestState } = ProtocolUtils.parseRequestState(this.browserCrypto, state); - return nativeInteractionClient - .acquireToken({ - ...cachedRequest, - state: userRequestState, - prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently - }) - .finally(() => { - this.browserStorage.cleanRequestByState(state); - }); - } - // Hash contains known properties - handle and return in callback - const currentAuthority = this.browserStorage.getCachedAuthority(state); - if (!currentAuthority) { - throw createBrowserAuthError(noCachedAuthorityError); - } - const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, currentAuthority); - ThrottlingUtils.removeThrottle(this.browserStorage, this.config.auth.clientId, cachedRequest); - const interactionHandler = new RedirectHandler(authClient, this.browserStorage, cachedRequest, this.logger, this.performanceClient); - return interactionHandler.handleCodeResponse(serverParams, state); - } - /** - * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. - * Default behaviour is to redirect the user to `window.location.href`. - * @param logoutRequest - */ - async logout(logoutRequest) { - this.logger.verbose("logoutRedirect called"); - const validLogoutRequest = this.initializeLogoutRequest(logoutRequest); - const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.logout); - try { - this.eventHandler.emitEvent(EventType.LOGOUT_START, InteractionType.Redirect, logoutRequest); - // Clear cache on logout - await this.clearCacheOnLogout(validLogoutRequest.account); - const navigationOptions = { - apiId: ApiId.logout, - timeout: this.config.system.redirectNavigationTimeout, - noHistory: false, - }; - const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, logoutRequest && logoutRequest.authority, undefined, // AzureCloudOptions - (logoutRequest && logoutRequest.account) || undefined); - if (authClient.authority.protocolMode === ProtocolMode.OIDC) { - try { - authClient.authority.endSessionEndpoint; - } - catch { - if (validLogoutRequest.account?.homeAccountId) { - void this.browserStorage.removeAccount(validLogoutRequest.account?.homeAccountId); - this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, InteractionType.Redirect, validLogoutRequest); - return; - } - } - } - // Create logout string and navigate user window to logout. - const logoutUri = authClient.getLogoutUri(validLogoutRequest); - this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, InteractionType.Redirect, validLogoutRequest); - // Check if onRedirectNavigate is implemented, and invoke it if so - if (logoutRequest && - typeof logoutRequest.onRedirectNavigate === "function") { - const navigate = logoutRequest.onRedirectNavigate(logoutUri); - if (navigate !== false) { - this.logger.verbose("Logout onRedirectNavigate did not return false, navigating"); - // Ensure interaction is in progress - if (!this.browserStorage.getInteractionInProgress()) { - this.browserStorage.setInteractionInProgress(true); - } - await this.navigationClient.navigateExternal(logoutUri, navigationOptions); - return; - } - else { - // Ensure interaction is not in progress - this.browserStorage.setInteractionInProgress(false); - this.logger.verbose("Logout onRedirectNavigate returned false, stopping navigation"); - } - } - else { - // Ensure interaction is in progress - if (!this.browserStorage.getInteractionInProgress()) { - this.browserStorage.setInteractionInProgress(true); - } - await this.navigationClient.navigateExternal(logoutUri, navigationOptions); - return; - } - } - catch (e) { - if (e instanceof AuthError) { - e.setCorrelationId(this.correlationId); - serverTelemetryManager.cacheFailedRequest(e); - } - this.eventHandler.emitEvent(EventType.LOGOUT_FAILURE, InteractionType.Redirect, null, e); - this.eventHandler.emitEvent(EventType.LOGOUT_END, InteractionType.Redirect); - throw e; - } - this.eventHandler.emitEvent(EventType.LOGOUT_END, InteractionType.Redirect); - } - /** - * Use to get the redirectStartPage either from request or use current window - * @param requestStartPage - */ - getRedirectStartPage(requestStartPage) { - const redirectStartPage = requestStartPage || window.location.href; - return UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri()); - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/request/RequestParameterBuilder.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** @internal */ +class RequestParameterBuilder { + constructor() { + this.parameters = new Map(); + } + /** + * add response_type = code + */ + addResponseTypeCode() { + this.parameters.set(RESPONSE_TYPE, encodeURIComponent(Constants.CODE_RESPONSE_TYPE)); + } + /** + * add response_type = token id_token + */ + addResponseTypeForTokenAndIdToken() { + this.parameters.set(RESPONSE_TYPE, encodeURIComponent(`${Constants.TOKEN_RESPONSE_TYPE} ${Constants.ID_TOKEN_RESPONSE_TYPE}`)); + } + /** + * add response_mode. defaults to query. + * @param responseMode + */ + addResponseMode(responseMode) { + this.parameters.set(RESPONSE_MODE, encodeURIComponent(responseMode ? responseMode : ResponseMode.QUERY)); + } + /** + * Add flag to indicate STS should attempt to use WAM if available + */ + addNativeBroker() { + this.parameters.set(NATIVE_BROKER, encodeURIComponent("1")); + } + /** + * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios + * @param scopeSet + * @param addOidcScopes + */ + addScopes(scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) { + // Always add openid to the scopes when adding OIDC scopes + if (addOidcScopes && + !defaultScopes.includes("openid") && + !scopes.includes("openid")) { + defaultScopes.push("openid"); + } + const requestScopes = addOidcScopes + ? [...(scopes || []), ...defaultScopes] + : scopes || []; + const scopeSet = new ScopeSet(requestScopes); + this.parameters.set(SCOPE, encodeURIComponent(scopeSet.printScopes())); + } + /** + * add clientId + * @param clientId + */ + addClientId(clientId) { + this.parameters.set(CLIENT_ID, encodeURIComponent(clientId)); + } + /** + * add redirect_uri + * @param redirectUri + */ + addRedirectUri(redirectUri) { + RequestValidator.validateRedirectUri(redirectUri); + this.parameters.set(REDIRECT_URI, encodeURIComponent(redirectUri)); + } + /** + * add post logout redirectUri + * @param redirectUri + */ + addPostLogoutRedirectUri(redirectUri) { + RequestValidator.validateRedirectUri(redirectUri); + this.parameters.set(POST_LOGOUT_URI, encodeURIComponent(redirectUri)); + } + /** + * add id_token_hint to logout request + * @param idTokenHint + */ + addIdTokenHint(idTokenHint) { + this.parameters.set(ID_TOKEN_HINT, encodeURIComponent(idTokenHint)); + } + /** + * add domain_hint + * @param domainHint + */ + addDomainHint(domainHint) { + this.parameters.set(DOMAIN_HINT, encodeURIComponent(domainHint)); + } + /** + * add login_hint + * @param loginHint + */ + addLoginHint(loginHint) { + this.parameters.set(LOGIN_HINT, encodeURIComponent(loginHint)); + } + /** + * Adds the CCS (Cache Credential Service) query parameter for login_hint + * @param loginHint + */ + addCcsUpn(loginHint) { + this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`UPN:${loginHint}`)); + } + /** + * Adds the CCS (Cache Credential Service) query parameter for account object + * @param loginHint + */ + addCcsOid(clientInfo) { + this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`Oid:${clientInfo.uid}@${clientInfo.utid}`)); + } + /** + * add sid + * @param sid + */ + addSid(sid) { + this.parameters.set(SID, encodeURIComponent(sid)); + } + /** + * add claims + * @param claims + */ + addClaims(claims, clientCapabilities) { + const mergedClaims = this.addClientCapabilitiesToClaims(claims, clientCapabilities); + RequestValidator.validateClaims(mergedClaims); + this.parameters.set(CLAIMS, encodeURIComponent(mergedClaims)); + } + /** + * add correlationId + * @param correlationId + */ + addCorrelationId(correlationId) { + this.parameters.set(CLIENT_REQUEST_ID, encodeURIComponent(correlationId)); + } + /** + * add library info query params + * @param libraryInfo + */ + addLibraryInfo(libraryInfo) { + // Telemetry Info + this.parameters.set(X_CLIENT_SKU, libraryInfo.sku); + this.parameters.set(X_CLIENT_VER, libraryInfo.version); + if (libraryInfo.os) { + this.parameters.set(X_CLIENT_OS, libraryInfo.os); + } + if (libraryInfo.cpu) { + this.parameters.set(X_CLIENT_CPU, libraryInfo.cpu); + } + } + /** + * Add client telemetry parameters + * @param appTelemetry + */ + addApplicationTelemetry(appTelemetry) { + if (appTelemetry?.appName) { + this.parameters.set(X_APP_NAME, appTelemetry.appName); + } + if (appTelemetry?.appVersion) { + this.parameters.set(X_APP_VER, appTelemetry.appVersion); + } + } + /** + * add prompt + * @param prompt + */ + addPrompt(prompt) { + RequestValidator.validatePrompt(prompt); + this.parameters.set(`${PROMPT}`, encodeURIComponent(prompt)); + } + /** + * add state + * @param state + */ + addState(state) { + if (state) { + this.parameters.set(STATE, encodeURIComponent(state)); + } + } + /** + * add nonce + * @param nonce + */ + addNonce(nonce) { + this.parameters.set(NONCE, encodeURIComponent(nonce)); + } + /** + * add code_challenge and code_challenge_method + * - throw if either of them are not passed + * @param codeChallenge + * @param codeChallengeMethod + */ + addCodeChallengeParams(codeChallenge, codeChallengeMethod) { + RequestValidator.validateCodeChallengeParams(codeChallenge, codeChallengeMethod); + if (codeChallenge && codeChallengeMethod) { + this.parameters.set(CODE_CHALLENGE, encodeURIComponent(codeChallenge)); + this.parameters.set(CODE_CHALLENGE_METHOD, encodeURIComponent(codeChallengeMethod)); + } + else { + throw createClientConfigurationError(pkceParamsMissing); + } + } + /** + * add the `authorization_code` passed by the user to exchange for a token + * @param code + */ + addAuthorizationCode(code) { + this.parameters.set(CODE, encodeURIComponent(code)); + } + /** + * add the `authorization_code` passed by the user to exchange for a token + * @param code + */ + addDeviceCode(code) { + this.parameters.set(DEVICE_CODE, encodeURIComponent(code)); + } + /** + * add the `refreshToken` passed by the user + * @param refreshToken + */ + addRefreshToken(refreshToken) { + this.parameters.set(REFRESH_TOKEN, encodeURIComponent(refreshToken)); + } + /** + * add the `code_verifier` passed by the user to exchange for a token + * @param codeVerifier + */ + addCodeVerifier(codeVerifier) { + this.parameters.set(CODE_VERIFIER, encodeURIComponent(codeVerifier)); + } + /** + * add client_secret + * @param clientSecret + */ + addClientSecret(clientSecret) { + this.parameters.set(CLIENT_SECRET, encodeURIComponent(clientSecret)); + } + /** + * add clientAssertion for confidential client flows + * @param clientAssertion + */ + addClientAssertion(clientAssertion) { + if (clientAssertion) { + this.parameters.set(CLIENT_ASSERTION, encodeURIComponent(clientAssertion)); + } + } + /** + * add clientAssertionType for confidential client flows + * @param clientAssertionType + */ + addClientAssertionType(clientAssertionType) { + if (clientAssertionType) { + this.parameters.set(CLIENT_ASSERTION_TYPE, encodeURIComponent(clientAssertionType)); + } + } + /** + * add OBO assertion for confidential client flows + * @param clientAssertion + */ + addOboAssertion(oboAssertion) { + this.parameters.set(OBO_ASSERTION, encodeURIComponent(oboAssertion)); + } + /** + * add grant type + * @param grantType + */ + addRequestTokenUse(tokenUse) { + this.parameters.set(REQUESTED_TOKEN_USE, encodeURIComponent(tokenUse)); + } + /** + * add grant type + * @param grantType + */ + addGrantType(grantType) { + this.parameters.set(GRANT_TYPE, encodeURIComponent(grantType)); + } + /** + * add client info + * + */ + addClientInfo() { + this.parameters.set(CLIENT_INFO, "1"); + } + /** + * add extraQueryParams + * @param eQParams + */ + addExtraQueryParameters(eQParams) { + Object.entries(eQParams).forEach(([key, value]) => { + if (!this.parameters.has(key) && value) { + this.parameters.set(key, value); + } + }); + } + addClientCapabilitiesToClaims(claims, clientCapabilities) { + let mergedClaims; + // Parse provided claims into JSON object or initialize empty object + if (!claims) { + mergedClaims = {}; + } + else { + try { + mergedClaims = JSON.parse(claims); + } + catch (e) { + throw createClientConfigurationError(invalidClaims); + } + } + if (clientCapabilities && clientCapabilities.length > 0) { + if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) { + // Add access_token key to claims object + mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {}; + } + // Add xms_cc claim with provided clientCapabilities to access_token key + mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] = { + values: clientCapabilities, + }; + } + return JSON.stringify(mergedClaims); + } + /** + * adds `username` for Password Grant flow + * @param username + */ + addUsername(username) { + this.parameters.set(PasswordGrantConstants.username, encodeURIComponent(username)); + } + /** + * adds `password` for Password Grant flow + * @param password + */ + addPassword(password) { + this.parameters.set(PasswordGrantConstants.password, encodeURIComponent(password)); + } + /** + * add pop_jwk to query params + * @param cnfString + */ + addPopToken(cnfString) { + if (cnfString) { + this.parameters.set(TOKEN_TYPE, AuthenticationScheme.POP); + this.parameters.set(REQ_CNF, encodeURIComponent(cnfString)); + } + } + /** + * add SSH JWK and key ID to query params + */ + addSshJwk(sshJwkString) { + if (sshJwkString) { + this.parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH); + this.parameters.set(REQ_CNF, encodeURIComponent(sshJwkString)); + } + } + /** + * add server telemetry fields + * @param serverTelemetryManager + */ + addServerTelemetry(serverTelemetryManager) { + this.parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue()); + this.parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue()); + } + /** + * Adds parameter that indicates to the server that throttling is supported + */ + addThrottling() { + this.parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE); + } + /** + * Adds logout_hint parameter for "silent" logout which prevent server account picker + */ + addLogoutHint(logoutHint) { + this.parameters.set(LOGOUT_HINT, encodeURIComponent(logoutHint)); + } + /** + * Utility to create a URL from the params map + */ + createQueryString() { + const queryParameterArray = new Array(); + this.parameters.forEach((value, key) => { + queryParameterArray.push(`${key}=${value}`); + }); + return queryParameterArray.join("&"); + } } -//# sourceMappingURL=RedirectClient.mjs.map +//# sourceMappingURL=RequestParameterBuilder.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_handler/SilentHandler.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/authority/AuthorityFactory.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Create an authority object of the correct type based on the url + * Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs) + * + * Also performs endpoint discovery. + * + * @param authorityUri + * @param networkClient + * @param protocolMode + * @internal + */ +async function createDiscoveredInstance(authorityUri, networkClient, cacheManager, authorityOptions, logger, correlationId, performanceClient) { + performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance, correlationId); + const authorityUriFinal = Authority.transformCIAMAuthority(formatAuthorityUri(authorityUri)); + // Initialize authority and perform discovery endpoint check. + const acquireTokenAuthority = new Authority(authorityUriFinal, networkClient, cacheManager, authorityOptions, logger, correlationId, performanceClient); + try { + await invokeAsync(acquireTokenAuthority.resolveEndpointsAsync.bind(acquireTokenAuthority), PerformanceEvents.AuthorityResolveEndpointsAsync, logger, performanceClient, correlationId)(); + return acquireTokenAuthority; + } + catch (e) { + throw createClientAuthError(endpointResolutionError); + } +} +//# sourceMappingURL=AuthorityFactory.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/client/BaseClient.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Base application class which will construct requests to send to and handle responses from the Microsoft STS using the authorization code flow. + * @internal + */ +class BaseClient { + constructor(configuration, performanceClient) { + // Set the configuration + this.config = buildClientConfiguration(configuration); + // Initialize the logger + this.logger = new Logger(this.config.loggerOptions, packageMetadata_name, version); + // Initialize crypto + this.cryptoUtils = this.config.cryptoInterface; + // Initialize storage interface + this.cacheManager = this.config.storageInterface; + // Set the network interface + this.networkClient = this.config.networkInterface; + // Set the NetworkManager + this.networkManager = new NetworkManager(this.networkClient, this.cacheManager); + // Set TelemetryManager + this.serverTelemetryManager = this.config.serverTelemetryManager; + // set Authority + this.authority = this.config.authOptions.authority; + // set performance telemetry client + this.performanceClient = performanceClient; + } + /** + * Creates default headers for requests to token endpoint + */ + createTokenRequestHeaders(ccsCred) { + const headers = {}; + headers[HeaderNames.CONTENT_TYPE] = Constants.URL_FORM_CONTENT_TYPE; + if (!this.config.systemOptions.preventCorsPreflight && ccsCred) { + switch (ccsCred.type) { + case CcsCredentialType.HOME_ACCOUNT_ID: + try { + const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential); + headers[HeaderNames.CCS_HEADER] = `Oid:${clientInfo.uid}@${clientInfo.utid}`; + } + catch (e) { + this.logger.verbose("Could not parse home account ID for CCS Header: " + + e); + } + break; + case CcsCredentialType.UPN: + headers[HeaderNames.CCS_HEADER] = `UPN: ${ccsCred.credential}`; + break; + } + } + return headers; + } + /** + * Http post to token endpoint + * @param tokenEndpoint + * @param queryString + * @param headers + * @param thumbprint + */ + async executePostToTokenEndpoint(tokenEndpoint, queryString, headers, thumbprint, correlationId, queuedEvent) { + if (queuedEvent) { + this.performanceClient?.addQueueMeasurement(queuedEvent, correlationId); + } + const response = await this.networkManager.sendPostRequest(thumbprint, tokenEndpoint, { body: queryString, headers: headers }); + this.performanceClient?.addFields({ + refreshTokenSize: response.body.refresh_token?.length || 0, + httpVerToken: response.headers?.[HeaderNames.X_MS_HTTP_VERSION] || "", + }, correlationId); + if (this.config.serverTelemetryManager && + response.status < 500 && + response.status !== 429) { + // Telemetry data successfully logged by server, clear Telemetry cache + this.config.serverTelemetryManager.clearTelemetryCache(); + } + return response; + } + /** + * Updates the authority object of the client. Endpoint discovery must be completed. + * @param updatedAuthority + */ + async updateAuthority(cloudInstanceHostname, correlationId) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.UpdateTokenEndpointAuthority, correlationId); + const cloudInstanceAuthorityUri = `https://${cloudInstanceHostname}/${this.authority.tenant}/`; + const cloudInstanceAuthority = await createDiscoveredInstance(cloudInstanceAuthorityUri, this.networkClient, this.cacheManager, this.authority.options, this.logger, correlationId, this.performanceClient); + this.authority = cloudInstanceAuthority; + } + /** + * Creates query string for the /token request + * @param request + */ + createTokenQueryParameters(request) { + const parameterBuilder = new RequestParameterBuilder(); + if (request.tokenQueryParameters) { + parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters); + } + return parameterBuilder.createQueryString(); + } +} +//# sourceMappingURL=BaseClient.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Creates a hidden iframe to given URL using user-requested scopes as an id. - * @param urlNavigate - * @param userRequestScopes - */ -async function initiateAuthRequest(requestUrl, performanceClient, logger, correlationId, navigateFrameWait) { - performanceClient.addQueueMeasurement(PerformanceEvents.SilentHandlerInitiateAuthRequest, correlationId); - if (!requestUrl) { - // Throw error if request URL is empty. - logger.info("Navigate url is empty"); - throw createBrowserAuthError(emptyNavigateUri); - } - if (navigateFrameWait) { - return invokeAsync(loadFrame, PerformanceEvents.SilentHandlerLoadFrame, logger, performanceClient, correlationId)(requestUrl, navigateFrameWait, performanceClient, correlationId); - } - return invoke(loadFrameSync, PerformanceEvents.SilentHandlerLoadFrameSync, logger, performanceClient, correlationId)(requestUrl); -} -/** - * Monitors an iframe content window until it loads a url with a known hash, or hits a specified timeout. - * @param iframe - * @param timeout - */ -async function monitorIframeForHash(iframe, timeout, pollIntervalMilliseconds, performanceClient, logger, correlationId, responseType) { - performanceClient.addQueueMeasurement(PerformanceEvents.SilentHandlerMonitorIframeForHash, correlationId); - return new Promise((resolve, reject) => { - if (timeout < DEFAULT_IFRAME_TIMEOUT_MS) { - logger.warning(`system.loadFrameTimeout or system.iframeHashTimeout set to lower (${timeout}ms) than the default (${DEFAULT_IFRAME_TIMEOUT_MS}ms). This may result in timeouts.`); - } - /* - * Polling for iframes can be purely timing based, - * since we don't need to account for interaction. - */ - const timeoutId = window.setTimeout(() => { - window.clearInterval(intervalId); - reject(createBrowserAuthError(monitorWindowTimeout)); - }, timeout); - const intervalId = window.setInterval(() => { - let href = ""; - const contentWindow = iframe.contentWindow; - try { - /* - * Will throw if cross origin, - * which should be caught and ignored - * since we need the interval to keep running while on STS UI. - */ - href = contentWindow ? contentWindow.location.href : ""; - } - catch (e) { } - if (!href || href === "about:blank") { - return; - } - let responseString = ""; - if (contentWindow) { - if (responseType === ServerResponseType.QUERY) { - responseString = contentWindow.location.search; - } - else { - responseString = contentWindow.location.hash; - } - } - window.clearTimeout(timeoutId); - window.clearInterval(intervalId); - resolve(responseString); - }, pollIntervalMilliseconds); - }).finally(() => { - invoke(removeHiddenIframe, PerformanceEvents.RemoveHiddenIframe, logger, performanceClient, correlationId)(iframe); - }); -} -/** - * @hidden - * Loads iframe with authorization endpoint URL - * @ignore - * @deprecated - */ -function loadFrame(urlNavigate, navigateFrameWait, performanceClient, correlationId) { - performanceClient.addQueueMeasurement(PerformanceEvents.SilentHandlerLoadFrame, correlationId); - /* - * This trick overcomes iframe navigation in IE - * IE does not load the page consistently in iframe - */ - return new Promise((resolve, reject) => { - const frameHandle = createHiddenIframe(); - window.setTimeout(() => { - if (!frameHandle) { - reject("Unable to load iframe"); - return; - } - frameHandle.src = urlNavigate; - resolve(frameHandle); - }, navigateFrameWait); - }); -} -/** - * @hidden - * Loads the iframe synchronously when the navigateTimeFrame is set to `0` - * @param urlNavigate - * @param frameName - * @param logger - */ -function loadFrameSync(urlNavigate) { - const frameHandle = createHiddenIframe(); - frameHandle.src = urlNavigate; - return frameHandle; +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/crypto/PopTokenGenerator.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const KeyLocation = { + SW: "sw", + UHW: "uhw", +}; +/** @internal */ +class PopTokenGenerator { + constructor(cryptoUtils, performanceClient) { + this.cryptoUtils = cryptoUtils; + this.performanceClient = performanceClient; + } + /** + * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters + * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash + * @param request + * @returns + */ + async generateCnf(request, logger) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.PopTokenGenerateCnf, request.correlationId); + const reqCnf = await invokeAsync(this.generateKid.bind(this), PerformanceEvents.PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request); + const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf)); + return { + kid: reqCnf.kid, + reqCnfString, + }; + } + /** + * Generates key_id for a SHR token request + * @param request + * @returns + */ + async generateKid(request) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.PopTokenGenerateKid, request.correlationId); + const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request); + return { + kid: kidThumbprint, + xms_ksl: KeyLocation.SW, + }; + } + /** + * Signs the POP access_token with the local generated key-pair + * @param accessToken + * @param request + * @returns + */ + async signPopToken(accessToken, keyId, request) { + return this.signPayload(accessToken, keyId, request); + } + /** + * Utility function to generate the signed JWT for an access_token + * @param payload + * @param kid + * @param request + * @param claims + * @returns + */ + async signPayload(payload, keyId, request, claims) { + // Deconstruct request to extract SHR parameters + const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request; + const resourceUrlString = resourceRequestUri + ? new UrlString(resourceRequestUri) + : undefined; + const resourceUrlComponents = resourceUrlString?.getUrlComponents(); + return this.cryptoUtils.signJwt({ + at: payload, + ts: nowSeconds(), + m: resourceRequestMethod?.toUpperCase(), + u: resourceUrlComponents?.HostNameAndPort, + nonce: shrNonce || this.cryptoUtils.createNewGuid(), + p: resourceUrlComponents?.AbsolutePath, + q: resourceUrlComponents?.QueryString + ? [[], resourceUrlComponents.QueryString] + : undefined, + client_claims: shrClaims || undefined, + ...claims, + }, keyId, shrOptions, request.correlationId); + } } -/** - * @hidden - * Creates a new hidden iframe or gets an existing one for silent token renewal. - * @ignore - */ -function createHiddenIframe() { - const authFrame = document.createElement("iframe"); - authFrame.className = "msalSilentIframe"; - authFrame.style.visibility = "hidden"; - authFrame.style.position = "absolute"; - authFrame.style.width = authFrame.style.height = "0"; - authFrame.style.border = "0"; - authFrame.setAttribute("sandbox", "allow-scripts allow-same-origin allow-forms"); - document.body.appendChild(authFrame); - return authFrame; -} -/** - * @hidden - * Removes a hidden iframe from the page. - * @ignore - */ -function removeHiddenIframe(iframe) { - if (document.body === iframe.parentNode) { - document.body.removeChild(iframe); - } -} - -//# sourceMappingURL=SilentHandler.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_client/SilentIframeClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +//# sourceMappingURL=PopTokenGenerator.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/cache/persistence/TokenCacheContext.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * This class instance helps track the memory changes facilitating + * decisions to read from and write to the persistent cache + */ class TokenCacheContext { + constructor(tokenCache, hasChanged) { + this.cache = tokenCache; + this.hasChanged = hasChanged; + } + /** + * boolean which indicates the changes in cache + */ + get cacheHasChanged() { + return this.hasChanged; + } + /** + * function to retrieve the token cache + */ + get tokenCache() { + return this.cache; + } +} +//# sourceMappingURL=TokenCacheContext.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/response/ResponseHandler.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +function parseServerErrorNo(serverResponse) { + const errorCodePrefix = "code="; + const errorCodePrefixIndex = serverResponse.error_uri?.lastIndexOf(errorCodePrefix); + return errorCodePrefixIndex && errorCodePrefixIndex >= 0 + ? serverResponse.error_uri?.substring(errorCodePrefixIndex + errorCodePrefix.length) + : undefined; +} +/** + * Class that handles response parsing. + * @internal + */ +class ResponseHandler { + constructor(clientId, cacheStorage, cryptoObj, logger, serializableCache, persistencePlugin, performanceClient) { + this.clientId = clientId; + this.cacheStorage = cacheStorage; + this.cryptoObj = cryptoObj; + this.logger = logger; + this.serializableCache = serializableCache; + this.persistencePlugin = persistencePlugin; + this.performanceClient = performanceClient; + } + /** + * Function which validates server authorization code response. + * @param serverResponseHash + * @param requestState + * @param cryptoObj + */ + validateServerAuthorizationCodeResponse(serverResponse, requestState) { + if (!serverResponse.state || !requestState) { + throw serverResponse.state + ? createClientAuthError(stateNotFound, "Cached State") + : createClientAuthError(stateNotFound, "Server State"); + } + let decodedServerResponseState; + let decodedRequestState; + try { + decodedServerResponseState = decodeURIComponent(serverResponse.state); + } + catch (e) { + throw createClientAuthError(invalidState, serverResponse.state); + } + try { + decodedRequestState = decodeURIComponent(requestState); + } + catch (e) { + throw createClientAuthError(invalidState, serverResponse.state); + } + if (decodedServerResponseState !== decodedRequestState) { + throw createClientAuthError(stateMismatch); + } + // Check for error + if (serverResponse.error || + serverResponse.error_description || + serverResponse.suberror) { + const serverErrorNo = parseServerErrorNo(serverResponse); + if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) { + throw new InteractionRequiredAuthError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || "", serverResponse.trace_id || "", serverResponse.correlation_id || "", serverResponse.claims || "", serverErrorNo); + } + throw new ServerError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverErrorNo); + } + } + /** + * Function which validates server authorization token response. + * @param serverResponse + * @param refreshAccessToken + */ + validateTokenResponse(serverResponse, refreshAccessToken) { + // Check for error + if (serverResponse.error || + serverResponse.error_description || + serverResponse.suberror) { + const errString = `Error(s): ${serverResponse.error_codes || Constants.NOT_AVAILABLE} - Timestamp: ${serverResponse.timestamp || Constants.NOT_AVAILABLE} - Description: ${serverResponse.error_description || Constants.NOT_AVAILABLE} - Correlation ID: ${serverResponse.correlation_id || Constants.NOT_AVAILABLE} - Trace ID: ${serverResponse.trace_id || Constants.NOT_AVAILABLE}`; + const serverErrorNo = serverResponse.error_codes?.length + ? serverResponse.error_codes[0] + : undefined; + const serverError = new ServerError(serverResponse.error, errString, serverResponse.suberror, serverErrorNo, serverResponse.status); + // check if 500 error + if (refreshAccessToken && + serverResponse.status && + serverResponse.status >= HttpStatus.SERVER_ERROR_RANGE_START && + serverResponse.status <= HttpStatus.SERVER_ERROR_RANGE_END) { + this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.\n${serverError}`); + // don't throw an exception, but alert the user via a log that the token was unable to be refreshed + return; + // check if 400 error + } + else if (refreshAccessToken && + serverResponse.status && + serverResponse.status >= HttpStatus.CLIENT_ERROR_RANGE_START && + serverResponse.status <= HttpStatus.CLIENT_ERROR_RANGE_END) { + this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently available but is unable to refresh the access token.\n${serverError}`); + // don't throw an exception, but alert the user via a log that the token was unable to be refreshed + return; + } + if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) { + throw new InteractionRequiredAuthError(serverResponse.error, serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || Constants.EMPTY_STRING, serverResponse.trace_id || Constants.EMPTY_STRING, serverResponse.correlation_id || Constants.EMPTY_STRING, serverResponse.claims || Constants.EMPTY_STRING, serverErrorNo); + } + throw serverError; + } + } + /** + * Returns a constructed token response based on given string. Also manages the cache updates and cleanups. + * @param serverTokenResponse + * @param authority + */ + async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.HandleServerTokenResponse, serverTokenResponse.correlation_id); + // create an idToken object (not entity) + let idTokenClaims; + if (serverTokenResponse.id_token) { + idTokenClaims = extractTokenClaims(serverTokenResponse.id_token || Constants.EMPTY_STRING, this.cryptoObj.base64Decode); + // token nonce check (TODO: Add a warning if no nonce is given?) + if (authCodePayload && authCodePayload.nonce) { + if (idTokenClaims.nonce !== authCodePayload.nonce) { + throw createClientAuthError(nonceMismatch); + } + } + // token max_age check + if (request.maxAge || request.maxAge === 0) { + const authTime = idTokenClaims.auth_time; + if (!authTime) { + throw createClientAuthError(authTimeNotFound); + } + checkMaxAge(authTime, request.maxAge); + } + } + // generate homeAccountId + this.homeAccountIdentifier = AccountEntity.generateHomeAccountId(serverTokenResponse.client_info || Constants.EMPTY_STRING, authority.authorityType, this.logger, this.cryptoObj, idTokenClaims); + // save the response tokens + let requestStateObj; + if (!!authCodePayload && !!authCodePayload.state) { + requestStateObj = ProtocolUtils.parseRequestState(this.cryptoObj, authCodePayload.state); + } + // Add keyId from request to serverTokenResponse if defined + serverTokenResponse.key_id = + serverTokenResponse.key_id || request.sshKid || undefined; + const cacheRecord = this.generateCacheRecord(serverTokenResponse, authority, reqTimestamp, request, idTokenClaims, userAssertionHash, authCodePayload); + let cacheContext; + try { + if (this.persistencePlugin && this.serializableCache) { + this.logger.verbose("Persistence enabled, calling beforeCacheAccess"); + cacheContext = new TokenCacheContext(this.serializableCache, true); + await this.persistencePlugin.beforeCacheAccess(cacheContext); + } + /* + * When saving a refreshed tokens to the cache, it is expected that the account that was used is present in the cache. + * If not present, we should return null, as it's the case that another application called removeAccount in between + * the calls to getAllAccounts and acquireTokenSilent. We should not overwrite that removal, unless explicitly flagged by + * the developer, as in the case of refresh token flow used in ADAL Node to MSAL Node migration. + */ + if (handlingRefreshTokenResponse && + !forceCacheRefreshTokenResponse && + cacheRecord.account) { + const key = cacheRecord.account.generateAccountKey(); + const account = this.cacheStorage.getAccount(key, this.logger); + if (!account) { + this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache"); + return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId); + } + } + await this.cacheStorage.saveCacheRecord(cacheRecord, request.storeInCache, request.correlationId); + } + finally { + if (this.persistencePlugin && + this.serializableCache && + cacheContext) { + this.logger.verbose("Persistence enabled, calling afterCacheAccess"); + await this.persistencePlugin.afterCacheAccess(cacheContext); + } + } + return ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, serverTokenResponse, serverRequestId); + } + /** + * Generates CacheRecord + * @param serverTokenResponse + * @param idTokenObj + * @param authority + */ + generateCacheRecord(serverTokenResponse, authority, reqTimestamp, request, idTokenClaims, userAssertionHash, authCodePayload) { + const env = authority.getPreferredCache(); + if (!env) { + throw createClientAuthError(invalidCacheEnvironment); + } + const claimsTenantId = getTenantIdFromIdTokenClaims(idTokenClaims); + // IdToken: non AAD scenarios can have empty realm + let cachedIdToken; + let cachedAccount; + if (serverTokenResponse.id_token && !!idTokenClaims) { + cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || ""); + cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId + this.logger); + } + // AccessToken + let cachedAccessToken = null; + if (serverTokenResponse.access_token) { + // If scopes not returned in server response, use request scopes + const responseScopes = serverTokenResponse.scope + ? ScopeSet.fromString(serverTokenResponse.scope) + : new ScopeSet(request.scopes || []); + /* + * Use timestamp calculated before request + * Server may return timestamps as strings, parse to numbers if so. + */ + const expiresIn = (typeof serverTokenResponse.expires_in === "string" + ? parseInt(serverTokenResponse.expires_in, 10) + : serverTokenResponse.expires_in) || 0; + const extExpiresIn = (typeof serverTokenResponse.ext_expires_in === "string" + ? parseInt(serverTokenResponse.ext_expires_in, 10) + : serverTokenResponse.ext_expires_in) || 0; + const refreshIn = (typeof serverTokenResponse.refresh_in === "string" + ? parseInt(serverTokenResponse.refresh_in, 10) + : serverTokenResponse.refresh_in) || undefined; + const tokenExpirationSeconds = reqTimestamp + expiresIn; + const extendedTokenExpirationSeconds = tokenExpirationSeconds + extExpiresIn; + const refreshOnSeconds = refreshIn && refreshIn > 0 + ? reqTimestamp + refreshIn + : undefined; + // non AAD scenarios can have empty realm + cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id, request.claims, request.requestedClaimsHash); + } + // refreshToken + let cachedRefreshToken = null; + if (serverTokenResponse.refresh_token) { + let rtExpiresOn; + if (serverTokenResponse.refresh_token_expires_in) { + const rtExpiresIn = typeof serverTokenResponse.refresh_token_expires_in === + "string" + ? parseInt(serverTokenResponse.refresh_token_expires_in, 10) + : serverTokenResponse.refresh_token_expires_in; + rtExpiresOn = reqTimestamp + rtExpiresIn; + } + cachedRefreshToken = createRefreshTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.refresh_token, this.clientId, serverTokenResponse.foci, userAssertionHash, rtExpiresOn); + } + // appMetadata + let cachedAppMetadata = null; + if (serverTokenResponse.foci) { + cachedAppMetadata = { + clientId: this.clientId, + environment: env, + familyId: serverTokenResponse.foci, + }; + } + return { + account: cachedAccount, + idToken: cachedIdToken, + accessToken: cachedAccessToken, + refreshToken: cachedRefreshToken, + appMetadata: cachedAppMetadata, + }; + } + /** + * Creates an @AuthenticationResult from @CacheRecord , @IdToken , and a boolean that states whether or not the result is from cache. + * + * Optionally takes a state string that is set as-is in the response. + * + * @param cacheRecord + * @param idTokenObj + * @param fromTokenCache + * @param stateString + */ + static async generateAuthenticationResult(cryptoObj, authority, cacheRecord, fromTokenCache, request, idTokenClaims, requestState, serverTokenResponse, requestId) { + let accessToken = Constants.EMPTY_STRING; + let responseScopes = []; + let expiresOn = null; + let extExpiresOn; + let refreshOn; + let familyId = Constants.EMPTY_STRING; + if (cacheRecord.accessToken) { + /* + * if the request object has `popKid` property, `signPopToken` will be set to false and + * the token will be returned unsigned + */ + if (cacheRecord.accessToken.tokenType === + AuthenticationScheme.POP && + !request.popKid) { + const popTokenGenerator = new PopTokenGenerator(cryptoObj); + const { secret, keyId } = cacheRecord.accessToken; + if (!keyId) { + throw createClientAuthError(keyIdMissing); + } + accessToken = await popTokenGenerator.signPopToken(secret, keyId, request); + } + else { + accessToken = cacheRecord.accessToken.secret; + } + responseScopes = ScopeSet.fromString(cacheRecord.accessToken.target).asArray(); + expiresOn = new Date(Number(cacheRecord.accessToken.expiresOn) * 1000); + extExpiresOn = new Date(Number(cacheRecord.accessToken.extendedExpiresOn) * 1000); + if (cacheRecord.accessToken.refreshOn) { + refreshOn = new Date(Number(cacheRecord.accessToken.refreshOn) * 1000); + } + } + if (cacheRecord.appMetadata) { + familyId = + cacheRecord.appMetadata.familyId === THE_FAMILY_ID + ? THE_FAMILY_ID + : ""; + } + const uid = idTokenClaims?.oid || idTokenClaims?.sub || ""; + const tid = idTokenClaims?.tid || ""; + // for hybrid + native bridge enablement, send back the native account Id + if (serverTokenResponse?.spa_accountid && !!cacheRecord.account) { + cacheRecord.account.nativeAccountId = + serverTokenResponse?.spa_accountid; + } + const accountInfo = cacheRecord.account + ? updateAccountTenantProfileData(cacheRecord.account.getAccountInfo(), undefined, // tenantProfile optional + idTokenClaims, cacheRecord.idToken?.secret) + : null; + return { + authority: authority.canonicalAuthority, + uniqueId: uid, + tenantId: tid, + scopes: responseScopes, + account: accountInfo, + idToken: cacheRecord?.idToken?.secret || "", + idTokenClaims: idTokenClaims || {}, + accessToken: accessToken, + fromCache: fromTokenCache, + expiresOn: expiresOn, + extExpiresOn: extExpiresOn, + refreshOn: refreshOn, + correlationId: request.correlationId, + requestId: requestId || Constants.EMPTY_STRING, + familyId: familyId, + tokenType: cacheRecord.accessToken?.tokenType || Constants.EMPTY_STRING, + state: requestState + ? requestState.userRequestState + : Constants.EMPTY_STRING, + cloudGraphHostName: cacheRecord.account?.cloudGraphHostName || + Constants.EMPTY_STRING, + msGraphHost: cacheRecord.account?.msGraphHost || Constants.EMPTY_STRING, + code: serverTokenResponse?.spa_code, + fromNativeBroker: false, + }; + } +} +function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) { + logger?.verbose("setCachedAccount called"); + // Check if base account is already cached + const accountKeys = cacheStorage.getAccountKeys(); + const baseAccountKey = accountKeys.find((accountKey) => { + return accountKey.startsWith(homeAccountId); + }); + let cachedAccount = null; + if (baseAccountKey) { + cachedAccount = cacheStorage.getAccount(baseAccountKey, logger); + } + const baseAccount = cachedAccount || + AccountEntity.createAccount({ + homeAccountId, + idTokenClaims, + clientInfo, + environment, + cloudGraphHostName: authCodePayload?.cloud_graph_host_name, + msGraphHost: authCodePayload?.msgraph_host, + nativeAccountId: nativeAccountId, + }, authority, base64Decode); + const tenantProfiles = baseAccount.tenantProfiles || []; + const tenantId = claimsTenantId || baseAccount.realm; + if (tenantId && + !tenantProfiles.find((tenantProfile) => { + return tenantProfile.tenantId === tenantId; + })) { + const newTenantProfile = buildTenantProfile(homeAccountId, baseAccount.localAccountId, tenantId, idTokenClaims); + tenantProfiles.push(newTenantProfile); + } + baseAccount.tenantProfiles = tenantProfiles; + return baseAccount; +} +//# sourceMappingURL=ResponseHandler.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/utils/ClientAssertionUtils.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) { + if (typeof clientAssertion === "string") { + return clientAssertion; + } + else { + const config = { + clientId: clientId, + tokenEndpoint: tokenEndpoint, + }; + return clientAssertion(config); + } +} +//# sourceMappingURL=ClientAssertionUtils.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/client/AuthorizationCodeClient.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + + + + + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Oauth2.0 Authorization Code client + * @internal + */ +class AuthorizationCodeClient extends BaseClient { + constructor(configuration, performanceClient) { + super(configuration, performanceClient); + // Flag to indicate if client is for hybrid spa auth code redemption + this.includeRedirectUri = true; + this.oidcDefaultScopes = + this.config.authOptions.authority.options.OIDCOptions?.defaultScopes; + } + /** + * Creates the URL of the authorization request letting the user input credentials and consent to the + * application. The URL target the /authorize endpoint of the authority configured in the + * application object. + * + * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI + * sent in the request and should contain an authorization code, which can then be used to acquire tokens via + * acquireToken(AuthorizationCodeRequest) + * @param request + */ + async getAuthCodeUrl(request) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.GetAuthCodeUrl, request.correlationId); + const queryString = await invokeAsync(this.createAuthCodeUrlQueryString.bind(this), PerformanceEvents.AuthClientCreateQueryString, this.logger, this.performanceClient, request.correlationId)(request); + return UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString); + } + /** + * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the + * authorization_code_grant + * @param request + */ + async acquireToken(request, authCodePayload) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientAcquireToken, request.correlationId); + if (!request.code) { + throw createClientAuthError(requestCannotBeMade); + } + const reqTimestamp = nowSeconds(); + const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.AuthClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(this.authority, request); + // Retrieve requestId from response headers + const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID]; + const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin, this.performanceClient); + // Validate response. This function throws a server error if an error is returned by the server. + responseHandler.validateTokenResponse(response.body); + return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId); + } + /** + * Handles the hash fragment response from public client code request. Returns a code response used by + * the client to exchange for a token in acquireToken. + * @param hashFragment + */ + handleFragmentResponse(serverParams, cachedState) { + // Handle responses. + const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, null, null); + // Get code response + responseHandler.validateServerAuthorizationCodeResponse(serverParams, cachedState); + // throw when there is no auth code in the response + if (!serverParams.code) { + throw createClientAuthError(authorizationCodeMissingFromServerResponse); + } + return serverParams; + } + /** + * Used to log out the current user, and redirect the user to the postLogoutRedirectUri. + * Default behaviour is to redirect the user to `window.location.href`. + * @param authorityUri + */ + getLogoutUri(logoutRequest) { + // Throw error if logoutRequest is null/undefined + if (!logoutRequest) { + throw createClientConfigurationError(logoutRequestEmpty); + } + const queryString = this.createLogoutUrlQueryString(logoutRequest); + // Construct logout URI + return UrlString.appendQueryString(this.authority.endSessionEndpoint, queryString); + } + /** + * Executes POST request to token endpoint + * @param authority + * @param request + */ + async executeTokenRequest(authority, request) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientExecuteTokenRequest, request.correlationId); + const queryParametersString = this.createTokenQueryParameters(request); + const endpoint = UrlString.appendQueryString(authority.tokenEndpoint, queryParametersString); + const requestBody = await invokeAsync(this.createTokenRequestBody.bind(this), PerformanceEvents.AuthClientCreateTokenRequestBody, this.logger, this.performanceClient, request.correlationId)(request); + let ccsCredential = undefined; + if (request.clientInfo) { + try { + const clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils.base64Decode); + ccsCredential = { + credential: `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`, + type: CcsCredentialType.HOME_ACCOUNT_ID, + }; + } + catch (e) { + this.logger.verbose("Could not parse client info for CCS Header: " + e); + } + } + const headers = this.createTokenRequestHeaders(ccsCredential || request.ccsCredential); + const thumbprint = { + clientId: request.tokenBodyParameters?.clientId || + this.config.authOptions.clientId, + authority: authority.canonicalAuthority, + scopes: request.scopes, + claims: request.claims, + authenticationScheme: request.authenticationScheme, + resourceRequestMethod: request.resourceRequestMethod, + resourceRequestUri: request.resourceRequestUri, + shrClaims: request.shrClaims, + sshKid: request.sshKid, + }; + return invokeAsync(this.executePostToTokenEndpoint.bind(this), PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint, this.logger, this.performanceClient, request.correlationId)(endpoint, requestBody, headers, thumbprint, request.correlationId, PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint); + } + /** + * Generates a map for all the params to be sent to the service + * @param request + */ + async createTokenRequestBody(request) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateTokenRequestBody, request.correlationId); + const parameterBuilder = new RequestParameterBuilder(); + parameterBuilder.addClientId(request.tokenBodyParameters?.[CLIENT_ID] || + this.config.authOptions.clientId); + /* + * For hybrid spa flow, there will be a code but no verifier + * In this scenario, don't include redirect uri as auth code will not be bound to redirect URI + */ + if (!this.includeRedirectUri) { + // Just validate + RequestValidator.validateRedirectUri(request.redirectUri); + } + else { + // Validate and include redirect uri + parameterBuilder.addRedirectUri(request.redirectUri); + } + // Add scope array, parameter builder will add default scopes and dedupe + parameterBuilder.addScopes(request.scopes, true, this.oidcDefaultScopes); + // add code: user set, not validated + parameterBuilder.addAuthorizationCode(request.code); + // Add library metadata + parameterBuilder.addLibraryInfo(this.config.libraryInfo); + parameterBuilder.addApplicationTelemetry(this.config.telemetry.application); + parameterBuilder.addThrottling(); + if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) { + parameterBuilder.addServerTelemetry(this.serverTelemetryManager); + } + // add code_verifier if passed + if (request.codeVerifier) { + parameterBuilder.addCodeVerifier(request.codeVerifier); + } + if (this.config.clientCredentials.clientSecret) { + parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret); + } + if (this.config.clientCredentials.clientAssertion) { + const clientAssertion = this.config.clientCredentials.clientAssertion; + parameterBuilder.addClientAssertion(await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri)); + parameterBuilder.addClientAssertionType(clientAssertion.assertionType); + } + parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT); + parameterBuilder.addClientInfo(); + if (request.authenticationScheme === AuthenticationScheme.POP) { + const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient); + let reqCnfData; + if (!request.popKid) { + const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger); + reqCnfData = generatedReqCnfData.reqCnfString; + } + else { + reqCnfData = this.cryptoUtils.encodeKid(request.popKid); + } + // SPA PoP requires full Base64Url encoded req_cnf string (unhashed) + parameterBuilder.addPopToken(reqCnfData); + } + else if (request.authenticationScheme === AuthenticationScheme.SSH) { + if (request.sshJwk) { + parameterBuilder.addSshJwk(request.sshJwk); + } + else { + throw createClientConfigurationError(missingSshJwk); + } + } + const correlationId = request.correlationId || + this.config.cryptoInterface.createNewGuid(); + parameterBuilder.addCorrelationId(correlationId); + if (!StringUtils.isEmptyObj(request.claims) || + (this.config.authOptions.clientCapabilities && + this.config.authOptions.clientCapabilities.length > 0)) { + parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities); + } + let ccsCred = undefined; + if (request.clientInfo) { + try { + const clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils.base64Decode); + ccsCred = { + credential: `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`, + type: CcsCredentialType.HOME_ACCOUNT_ID, + }; + } + catch (e) { + this.logger.verbose("Could not parse client info for CCS Header: " + e); + } + } + else { + ccsCred = request.ccsCredential; + } + // Adds these as parameters in the request instead of headers to prevent CORS preflight request + if (this.config.systemOptions.preventCorsPreflight && ccsCred) { + switch (ccsCred.type) { + case CcsCredentialType.HOME_ACCOUNT_ID: + try { + const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential); + parameterBuilder.addCcsOid(clientInfo); + } + catch (e) { + this.logger.verbose("Could not parse home account ID for CCS Header: " + + e); + } + break; + case CcsCredentialType.UPN: + parameterBuilder.addCcsUpn(ccsCred.credential); + break; + } + } + if (request.tokenBodyParameters) { + parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters); + } + // Add hybrid spa parameters if not already provided + if (request.enableSpaAuthorizationCode && + (!request.tokenBodyParameters || + !request.tokenBodyParameters[RETURN_SPA_CODE])) { + parameterBuilder.addExtraQueryParameters({ + [RETURN_SPA_CODE]: "1", + }); + } + return parameterBuilder.createQueryString(); + } + /** + * This API validates the `AuthorizationCodeUrlRequest` and creates a URL + * @param request + */ + async createAuthCodeUrlQueryString(request) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, request.correlationId); + const parameterBuilder = new RequestParameterBuilder(); + parameterBuilder.addClientId(request.extraQueryParameters?.[CLIENT_ID] || + this.config.authOptions.clientId); + const requestScopes = [ + ...(request.scopes || []), + ...(request.extraScopesToConsent || []), + ]; + parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes); + // validate the redirectUri (to be a non null value) + parameterBuilder.addRedirectUri(request.redirectUri); + // generate the correlationId if not set by the user and add + const correlationId = request.correlationId || + this.config.cryptoInterface.createNewGuid(); + parameterBuilder.addCorrelationId(correlationId); + // add response_mode. If not passed in it defaults to query. + parameterBuilder.addResponseMode(request.responseMode); + // add response_type = code + parameterBuilder.addResponseTypeCode(); + // add library info parameters + parameterBuilder.addLibraryInfo(this.config.libraryInfo); + if (!isOidcProtocolMode(this.config)) { + parameterBuilder.addApplicationTelemetry(this.config.telemetry.application); + } + // add client_info=1 + parameterBuilder.addClientInfo(); + if (request.codeChallenge && request.codeChallengeMethod) { + parameterBuilder.addCodeChallengeParams(request.codeChallenge, request.codeChallengeMethod); + } + if (request.prompt) { + parameterBuilder.addPrompt(request.prompt); + } + if (request.domainHint) { + parameterBuilder.addDomainHint(request.domainHint); + } + // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object + if (request.prompt !== PromptValue.SELECT_ACCOUNT) { + // AAD will throw if prompt=select_account is passed with an account hint + if (request.sid && request.prompt === PromptValue.NONE) { + // SessionID is only used in silent calls + this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request"); + parameterBuilder.addSid(request.sid); + } + else if (request.account) { + const accountSid = this.extractAccountSid(request.account); + let accountLoginHintClaim = this.extractLoginHint(request.account); + if (accountLoginHintClaim && request.domainHint) { + this.logger.warning(`AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`); + accountLoginHintClaim = null; + } + // If login_hint claim is present, use it over sid/username + if (accountLoginHintClaim) { + this.logger.verbose("createAuthCodeUrlQueryString: login_hint claim present on account"); + parameterBuilder.addLoginHint(accountLoginHintClaim); + try { + const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId); + parameterBuilder.addCcsOid(clientInfo); + } + catch (e) { + this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"); + } + } + else if (accountSid && request.prompt === PromptValue.NONE) { + /* + * If account and loginHint are provided, we will check account first for sid before adding loginHint + * SessionId is only used in silent calls + */ + this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account"); + parameterBuilder.addSid(accountSid); + try { + const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId); + parameterBuilder.addCcsOid(clientInfo); + } + catch (e) { + this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"); + } + } + else if (request.loginHint) { + this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request"); + parameterBuilder.addLoginHint(request.loginHint); + parameterBuilder.addCcsUpn(request.loginHint); + } + else if (request.account.username) { + // Fallback to account username if provided + this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account"); + parameterBuilder.addLoginHint(request.account.username); + try { + const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId); + parameterBuilder.addCcsOid(clientInfo); + } + catch (e) { + this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"); + } + } + } + else if (request.loginHint) { + this.logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request"); + parameterBuilder.addLoginHint(request.loginHint); + parameterBuilder.addCcsUpn(request.loginHint); + } + } + else { + this.logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints"); + } + if (request.nonce) { + parameterBuilder.addNonce(request.nonce); + } + if (request.state) { + parameterBuilder.addState(request.state); + } + if (request.claims || + (this.config.authOptions.clientCapabilities && + this.config.authOptions.clientCapabilities.length > 0)) { + parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities); + } + if (request.extraQueryParameters) { + parameterBuilder.addExtraQueryParameters(request.extraQueryParameters); + } + if (request.nativeBroker) { + // signal ests that this is a WAM call + parameterBuilder.addNativeBroker(); + // pass the req_cnf for POP + if (request.authenticationScheme === AuthenticationScheme.POP) { + const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils); + // req_cnf is always sent as a string for SPAs + let reqCnfData; + if (!request.popKid) { + const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger); + reqCnfData = generatedReqCnfData.reqCnfString; + } + else { + reqCnfData = this.cryptoUtils.encodeKid(request.popKid); + } + parameterBuilder.addPopToken(reqCnfData); + } + } + return parameterBuilder.createQueryString(); + } + /** + * This API validates the `EndSessionRequest` and creates a URL + * @param request + */ + createLogoutUrlQueryString(request) { + const parameterBuilder = new RequestParameterBuilder(); + if (request.postLogoutRedirectUri) { + parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri); + } + if (request.correlationId) { + parameterBuilder.addCorrelationId(request.correlationId); + } + if (request.idTokenHint) { + parameterBuilder.addIdTokenHint(request.idTokenHint); + } + if (request.state) { + parameterBuilder.addState(request.state); + } + if (request.logoutHint) { + parameterBuilder.addLogoutHint(request.logoutHint); + } + if (request.extraQueryParameters) { + parameterBuilder.addExtraQueryParameters(request.extraQueryParameters); + } + return parameterBuilder.createQueryString(); + } + /** + * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present. + * @param account + */ + extractAccountSid(account) { + return account.idTokenClaims?.sid || null; + } + extractLoginHint(account) { + return account.idTokenClaims?.login_hint || null; + } +} +//# sourceMappingURL=AuthorizationCodeClient.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class SilentIframeClient extends StandardInteractionClient { - constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, nativeMessageHandler, correlationId) { - super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId); - this.apiId = apiId; - this.nativeStorage = nativeStorageImpl; - } - /** - * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session - * @param request - */ - async acquireToken(request) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentIframeClientAcquireToken, request.correlationId); - // Check that we have some SSO data - if (!request.loginHint && - !request.sid && - (!request.account || !request.account.username)) { - this.logger.warning("No user hint provided. The authorization server may need more information to complete this request."); - } - // Check the prompt value - const inputRequest = { ...request }; - if (inputRequest.prompt) { - if (inputRequest.prompt !== PromptValue.NONE && - inputRequest.prompt !== PromptValue.NO_SESSION) { - this.logger.warning(`SilentIframeClient. Replacing invalid prompt ${inputRequest.prompt} with ${PromptValue.NONE}`); - inputRequest.prompt = PromptValue.NONE; - } - } - else { - inputRequest.prompt = PromptValue.NONE; - } - // Create silent request - const silentRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, request.correlationId)(inputRequest, InteractionType.Silent); - preconnect(silentRequest.authority); - const serverTelemetryManager = this.initializeServerTelemetryManager(this.apiId); - try { - // Initialize the client - const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)(serverTelemetryManager, silentRequest.authority, silentRequest.azureCloudOptions, silentRequest.account); - return await invokeAsync(this.silentTokenHelper.bind(this), PerformanceEvents.SilentIframeClientTokenHelper, this.logger, this.performanceClient, request.correlationId)(authClient, silentRequest); - } - catch (e) { - if (e instanceof AuthError) { - e.setCorrelationId(this.correlationId); - serverTelemetryManager.cacheFailedRequest(e); - } - throw e; - } - } - /** - * Currently Unsupported - */ - logout() { - // Synchronous so we must reject - return Promise.reject(createBrowserAuthError(silentLogoutUnsupported)); - } - /** - * Helper which acquires an authorization code silently using a hidden iframe from given url - * using the scopes requested as part of the id, and exchanges the code for a set of OAuth tokens. - * @param navigateUrl - * @param userRequestScopes - */ - async silentTokenHelper(authClient, silentRequest) { - const correlationId = silentRequest.correlationId; - this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentIframeClientTokenHelper, correlationId); - // Create auth code request and generate PKCE params - const authCodeRequest = await invokeAsync(this.initializeAuthorizationCodeRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.logger, this.performanceClient, correlationId)(silentRequest); - // Create authorize request url - const navigateUrl = await invokeAsync(authClient.getAuthCodeUrl.bind(authClient), PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)({ - ...silentRequest, - nativeBroker: NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, silentRequest.authenticationScheme), - }); - // Create silent handler - const interactionHandler = new InteractionHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient); - // Get the frame handle for the silent request - const msalFrame = await invokeAsync(initiateAuthRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait); - const responseType = this.config.auth.OIDCOptions.serverResponseType; - // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds. - const responseString = await invokeAsync(monitorIframeForHash, PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(msalFrame, this.config.system.iframeHashTimeout, this.config.system.pollIntervalMilliseconds, this.performanceClient, this.logger, correlationId, responseType); - const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, responseType, this.logger); - if (serverParams.accountId) { - this.logger.verbose("Account id found in hash, calling WAM for token"); - if (!this.nativeMessageHandler) { - throw createBrowserAuthError(nativeConnectionNotEstablished); - } - const nativeInteractionClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.apiId, this.performanceClient, this.nativeMessageHandler, serverParams.accountId, this.browserStorage, correlationId); - const { userRequestState } = ProtocolUtils.parseRequestState(this.browserCrypto, silentRequest.state); - return invokeAsync(nativeInteractionClient.acquireToken.bind(nativeInteractionClient), PerformanceEvents.NativeInteractionClientAcquireToken, this.logger, this.performanceClient, correlationId)({ - ...silentRequest, - state: userRequestState, - prompt: silentRequest.prompt || PromptValue.NONE, - }); - } - // Handle response from hash string - return invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, this.logger, this.performanceClient, correlationId)(serverParams, silentRequest); - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const skuGroupSeparator = ","; +const skuValueSeparator = "|"; +function makeExtraSkuString(params) { + const { skus, libraryName, libraryVersion, extensionName, extensionVersion, } = params; + const skuMap = new Map([ + [0, [libraryName, libraryVersion]], + [2, [extensionName, extensionVersion]], + ]); + let skuArr = []; + if (skus?.length) { + skuArr = skus.split(skuGroupSeparator); + // Ignore invalid input sku param + if (skuArr.length < 4) { + return skus; + } + } + else { + skuArr = Array.from({ length: 4 }, () => skuValueSeparator); + } + skuMap.forEach((value, key) => { + if (value.length === 2 && value[0]?.length && value[1]?.length) { + setSku({ + skuArr, + index: key, + skuName: value[0], + skuVersion: value[1], + }); + } + }); + return skuArr.join(skuGroupSeparator); +} +function setSku(params) { + const { skuArr, index, skuName, skuVersion } = params; + if (index >= skuArr.length) { + return; + } + skuArr[index] = [skuName, skuVersion].join(skuValueSeparator); +} +/** @internal */ +class ServerTelemetryManager { + constructor(telemetryRequest, cacheManager) { + this.cacheOutcome = CacheOutcome.NOT_APPLICABLE; + this.cacheManager = cacheManager; + this.apiId = telemetryRequest.apiId; + this.correlationId = telemetryRequest.correlationId; + this.wrapperSKU = telemetryRequest.wrapperSKU || Constants.EMPTY_STRING; + this.wrapperVer = telemetryRequest.wrapperVer || Constants.EMPTY_STRING; + this.telemetryCacheKey = + SERVER_TELEM_CONSTANTS.CACHE_KEY + + Separators.CACHE_KEY_SEPARATOR + + telemetryRequest.clientId; + } + /** + * API to add MSER Telemetry to request + */ + generateCurrentRequestHeaderValue() { + const request = `${this.apiId}${SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR}${this.cacheOutcome}`; + const platformFieldsArr = [this.wrapperSKU, this.wrapperVer]; + const nativeBrokerErrorCode = this.getNativeBrokerErrorCode(); + if (nativeBrokerErrorCode?.length) { + platformFieldsArr.push(`broker_error=${nativeBrokerErrorCode}`); + } + const platformFields = platformFieldsArr.join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); + const regionDiscoveryFields = this.getRegionDiscoveryFields(); + const requestWithRegionDiscoveryFields = [ + request, + regionDiscoveryFields, + ].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); + return [ + SERVER_TELEM_CONSTANTS.SCHEMA_VERSION, + requestWithRegionDiscoveryFields, + platformFields, + ].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR); + } + /** + * API to add MSER Telemetry for the last failed request + */ + generateLastRequestHeaderValue() { + const lastRequests = this.getLastRequests(); + const maxErrors = ServerTelemetryManager.maxErrorsToSend(lastRequests); + const failedRequests = lastRequests.failedRequests + .slice(0, 2 * maxErrors) + .join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); + const errors = lastRequests.errors + .slice(0, maxErrors) + .join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); + const errorCount = lastRequests.errors.length; + // Indicate whether this header contains all data or partial data + const overflow = maxErrors < errorCount + ? SERVER_TELEM_CONSTANTS.OVERFLOW_TRUE + : SERVER_TELEM_CONSTANTS.OVERFLOW_FALSE; + const platformFields = [errorCount, overflow].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); + return [ + SERVER_TELEM_CONSTANTS.SCHEMA_VERSION, + lastRequests.cacheHits, + failedRequests, + errors, + platformFields, + ].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR); + } + /** + * API to cache token failures for MSER data capture + * @param error + */ + cacheFailedRequest(error) { + const lastRequests = this.getLastRequests(); + if (lastRequests.errors.length >= + SERVER_TELEM_CONSTANTS.MAX_CACHED_ERRORS) { + // Remove a cached error to make room, first in first out + lastRequests.failedRequests.shift(); // apiId + lastRequests.failedRequests.shift(); // correlationId + lastRequests.errors.shift(); + } + lastRequests.failedRequests.push(this.apiId, this.correlationId); + if (error instanceof Error && !!error && error.toString()) { + if (error instanceof AuthError) { + if (error.subError) { + lastRequests.errors.push(error.subError); + } + else if (error.errorCode) { + lastRequests.errors.push(error.errorCode); + } + else { + lastRequests.errors.push(error.toString()); + } + } + else { + lastRequests.errors.push(error.toString()); + } + } + else { + lastRequests.errors.push(SERVER_TELEM_CONSTANTS.UNKNOWN_ERROR); + } + this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests); + return; + } + /** + * Update server telemetry cache entry by incrementing cache hit counter + */ + incrementCacheHits() { + const lastRequests = this.getLastRequests(); + lastRequests.cacheHits += 1; + this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests); + return lastRequests.cacheHits; + } + /** + * Get the server telemetry entity from cache or initialize a new one + */ + getLastRequests() { + const initialValue = { + failedRequests: [], + errors: [], + cacheHits: 0, + }; + const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey); + return lastRequests || initialValue; + } + /** + * Remove server telemetry cache entry + */ + clearTelemetryCache() { + const lastRequests = this.getLastRequests(); + const numErrorsFlushed = ServerTelemetryManager.maxErrorsToSend(lastRequests); + const errorCount = lastRequests.errors.length; + if (numErrorsFlushed === errorCount) { + // All errors were sent on last request, clear Telemetry cache + this.cacheManager.removeItem(this.telemetryCacheKey); + } + else { + // Partial data was flushed to server, construct a new telemetry cache item with errors that were not flushed + const serverTelemEntity = { + failedRequests: lastRequests.failedRequests.slice(numErrorsFlushed * 2), + errors: lastRequests.errors.slice(numErrorsFlushed), + cacheHits: 0, + }; + this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity); + } + } + /** + * Returns the maximum number of errors that can be flushed to the server in the next network request + * @param serverTelemetryEntity + */ + static maxErrorsToSend(serverTelemetryEntity) { + let i; + let maxErrors = 0; + let dataSize = 0; + const errorCount = serverTelemetryEntity.errors.length; + for (i = 0; i < errorCount; i++) { + // failedRequests parameter contains pairs of apiId and correlationId, multiply index by 2 to preserve pairs + const apiId = serverTelemetryEntity.failedRequests[2 * i] || + Constants.EMPTY_STRING; + const correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] || + Constants.EMPTY_STRING; + const errorCode = serverTelemetryEntity.errors[i] || Constants.EMPTY_STRING; + // Count number of characters that would be added to header, each character is 1 byte. Add 3 at the end to account for separators + dataSize += + apiId.toString().length + + correlationId.toString().length + + errorCode.length + + 3; + if (dataSize < SERVER_TELEM_CONSTANTS.MAX_LAST_HEADER_BYTES) { + // Adding this entry to the header would still keep header size below the limit + maxErrors += 1; + } + else { + break; + } + } + return maxErrors; + } + /** + * Get the region discovery fields + * + * @returns string + */ + getRegionDiscoveryFields() { + const regionDiscoveryFields = []; + regionDiscoveryFields.push(this.regionUsed || Constants.EMPTY_STRING); + regionDiscoveryFields.push(this.regionSource || Constants.EMPTY_STRING); + regionDiscoveryFields.push(this.regionOutcome || Constants.EMPTY_STRING); + return regionDiscoveryFields.join(","); + } + /** + * Update the region discovery metadata + * + * @param regionDiscoveryMetadata + * @returns void + */ + updateRegionDiscoveryMetadata(regionDiscoveryMetadata) { + this.regionUsed = regionDiscoveryMetadata.region_used; + this.regionSource = regionDiscoveryMetadata.region_source; + this.regionOutcome = regionDiscoveryMetadata.region_outcome; + } + /** + * Set cache outcome + */ + setCacheOutcome(cacheOutcome) { + this.cacheOutcome = cacheOutcome; + } + setNativeBrokerErrorCode(errorCode) { + const lastRequests = this.getLastRequests(); + lastRequests.nativeBrokerErrorCode = errorCode; + this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests); + } + getNativeBrokerErrorCode() { + return this.getLastRequests().nativeBrokerErrorCode; + } + clearNativeBrokerErrorCode() { + const lastRequests = this.getLastRequests(); + delete lastRequests.nativeBrokerErrorCode; + this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests); + } + static makeExtraSkuString(params) { + return makeExtraSkuString(params); + } } -//# sourceMappingURL=SilentIframeClient.mjs.map +//# sourceMappingURL=ServerTelemetryManager.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_client/SilentRefreshClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_client/BaseInteractionClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class BaseInteractionClient { + constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId) { + this.config = config; + this.browserStorage = storageImpl; + this.browserCrypto = browserCrypto; + this.networkClient = this.config.system.networkClient; + this.eventHandler = eventHandler; + this.navigationClient = navigationClient; + this.nativeMessageHandler = nativeMessageHandler; + this.correlationId = correlationId || BrowserCrypto_createNewGuid(); + this.logger = logger.clone(BrowserConstants.MSAL_SKU, packageMetadata_version, this.correlationId); + this.performanceClient = performanceClient; + } + async clearCacheOnLogout(account) { + if (account) { + if (AccountEntity.accountInfoIsEqual(account, this.browserStorage.getActiveAccount(), false)) { + this.logger.verbose("Setting active account to null"); + this.browserStorage.setActiveAccount(null); + } + // Clear given account. + try { + await this.browserStorage.removeAccount(AccountEntity.generateAccountCacheKey(account)); + this.logger.verbose("Cleared cache items belonging to the account provided in the logout request."); + } + catch (error) { + this.logger.error("Account provided in logout request was not found. Local cache unchanged."); + } + } + else { + try { + this.logger.verbose("No account provided in logout request, clearing all cache items.", this.correlationId); + // Clear all accounts and tokens + await this.browserStorage.clear(); + // Clear any stray keys from IndexedDB + await this.browserCrypto.clearKeystore(); + } + catch (e) { + this.logger.error("Attempted to clear all MSAL cache items and failed. Local cache unchanged."); + } + } + } + /** + * + * Use to get the redirect uri configured in MSAL or null. + * @param requestRedirectUri + * @returns Redirect URL + * + */ + getRedirectUri(requestRedirectUri) { + this.logger.verbose("getRedirectUri called"); + const redirectUri = requestRedirectUri || + this.config.auth.redirectUri || + getCurrentUri(); + return UrlString.getAbsoluteUrl(redirectUri, getCurrentUri()); + } + /** + * + * @param apiId + * @param correlationId + * @param forceRefresh + */ + initializeServerTelemetryManager(apiId, forceRefresh) { + this.logger.verbose("initializeServerTelemetryManager called"); + const telemetryPayload = { + clientId: this.config.auth.clientId, + correlationId: this.correlationId, + apiId: apiId, + forceRefresh: forceRefresh || false, + wrapperSKU: this.browserStorage.getWrapperMetadata()[0], + wrapperVer: this.browserStorage.getWrapperMetadata()[1], + }; + return new ServerTelemetryManager(telemetryPayload, this.browserStorage); + } + /** + * Used to get a discovered version of the default authority. + * @param requestAuthority + * @param requestAzureCloudOptions + * @param account + */ + async getDiscoveredAuthority(requestAuthority, requestAzureCloudOptions, account) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.correlationId); + const authorityOptions = { + protocolMode: this.config.auth.protocolMode, + OIDCOptions: this.config.auth.OIDCOptions, + knownAuthorities: this.config.auth.knownAuthorities, + cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata, + authorityMetadata: this.config.auth.authorityMetadata, + skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache, + }; + // build authority string based on auth params, precedence - azureCloudInstance + tenant >> authority + const userAuthority = requestAuthority + ? requestAuthority + : this.config.auth.authority; + // fall back to the authority from config + const builtAuthority = Authority.generateAuthority(userAuthority, requestAzureCloudOptions || this.config.auth.azureCloudOptions); + const discoveredAuthority = await invokeAsync(createDiscoveredInstance, PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance, this.logger, this.performanceClient, this.correlationId)(builtAuthority, this.config.system.networkClient, this.browserStorage, authorityOptions, this.logger, this.correlationId, this.performanceClient); + if (account && !discoveredAuthority.isAlias(account.environment)) { + throw createClientConfigurationError(authorityMismatch); + } + return discoveredAuthority; + } +} +//# sourceMappingURL=BaseInteractionClient.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/crypto/PkceGenerator.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +// Constant byte array length +const RANDOM_BYTE_ARR_LENGTH = 32; +/** + * This file defines APIs to generate PKCE codes and code verifiers. + */ +/** + * Generates PKCE Codes. See the RFC for more information: https://tools.ietf.org/html/rfc7636 + */ +async function generatePkceCodes(performanceClient, logger, correlationId) { + performanceClient.addQueueMeasurement(PerformanceEvents.GeneratePkceCodes, correlationId); + const codeVerifier = invoke(generateCodeVerifier, PerformanceEvents.GenerateCodeVerifier, logger, performanceClient, correlationId)(performanceClient, logger, correlationId); + const codeChallenge = await invokeAsync(generateCodeChallengeFromVerifier, PerformanceEvents.GenerateCodeChallengeFromVerifier, logger, performanceClient, correlationId)(codeVerifier, performanceClient, logger, correlationId); + return { + verifier: codeVerifier, + challenge: codeChallenge, + }; +} +/** + * Generates a random 32 byte buffer and returns the base64 + * encoded string to be used as a PKCE Code Verifier + */ +function generateCodeVerifier(performanceClient, logger, correlationId) { + try { + // Generate random values as utf-8 + const buffer = new Uint8Array(RANDOM_BYTE_ARR_LENGTH); + invoke(getRandomValues, PerformanceEvents.GetRandomValues, logger, performanceClient, correlationId)(buffer); + // encode verifier as base64 + const pkceCodeVerifierB64 = urlEncodeArr(buffer); + return pkceCodeVerifierB64; + } + catch (e) { + throw createBrowserAuthError(pkceNotCreated); + } +} +/** + * Creates a base64 encoded PKCE Code Challenge string from the + * hash created from the PKCE Code Verifier supplied + */ +async function generateCodeChallengeFromVerifier(pkceCodeVerifier, performanceClient, logger, correlationId) { + performanceClient.addQueueMeasurement(PerformanceEvents.GenerateCodeChallengeFromVerifier, correlationId); + try { + // hashed verifier + const pkceHashedCodeVerifier = await invokeAsync(sha256Digest, PerformanceEvents.Sha256Digest, logger, performanceClient, correlationId)(pkceCodeVerifier, performanceClient, correlationId); + // encode hash as base64 + return urlEncodeArr(new Uint8Array(pkceHashedCodeVerifier)); + } + catch (e) { + throw createBrowserAuthError(pkceNotCreated); + } +} +//# sourceMappingURL=PkceGenerator.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/request/RequestHelpers.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Initializer function for all request APIs + * @param request + */ +async function initializeBaseRequest(request, config, performanceClient, logger) { + performanceClient.addQueueMeasurement(PerformanceEvents.InitializeBaseRequest, request.correlationId); + const authority = request.authority || config.auth.authority; + const scopes = [...((request && request.scopes) || [])]; + const validatedRequest = { + ...request, + correlationId: request.correlationId, + authority, + scopes, + }; + // Set authenticationScheme to BEARER if not explicitly set in the request + if (!validatedRequest.authenticationScheme) { + validatedRequest.authenticationScheme = AuthenticationScheme.BEARER; + logger.verbose('Authentication Scheme wasn\'t explicitly set in request, defaulting to "Bearer" request'); + } + else { + if (validatedRequest.authenticationScheme === AuthenticationScheme.SSH) { + if (!request.sshJwk) { + throw createClientConfigurationError(missingSshJwk); + } + if (!request.sshKid) { + throw createClientConfigurationError(missingSshKid); + } + } + logger.verbose(`Authentication Scheme set to "${validatedRequest.authenticationScheme}" as configured in Auth request`); + } + // Set requested claims hash if claims-based caching is enabled and claims were requested + if (config.cache.claimsBasedCachingEnabled && + request.claims && + // Checks for empty stringified object "{}" which doesn't qualify as requested claims + !StringUtils.isEmptyObj(request.claims)) { + validatedRequest.requestedClaimsHash = await hashString(request.claims); + } + return validatedRequest; +} +async function initializeSilentRequest(request, account, config, performanceClient, logger) { + performanceClient.addQueueMeasurement(PerformanceEvents.InitializeSilentRequest, request.correlationId); + const baseRequest = await invokeAsync(initializeBaseRequest, PerformanceEvents.InitializeBaseRequest, logger, performanceClient, request.correlationId)(request, config, performanceClient, logger); + return { + ...request, + ...baseRequest, + account: account, + forceRefresh: request.forceRefresh || false, + }; +} -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class SilentRefreshClient extends StandardInteractionClient { - /** - * Exchanges the refresh token for new tokens - * @param request - */ - async acquireToken(request) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentRefreshClientAcquireToken, request.correlationId); - const baseRequest = await invokeAsync(initializeBaseRequest, PerformanceEvents.InitializeBaseRequest, this.logger, this.performanceClient, request.correlationId)(request, this.config, this.performanceClient, this.logger); - const silentRequest = { - ...request, - ...baseRequest, - }; - if (request.redirectUri) { - // Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided - silentRequest.redirectUri = this.getRedirectUri(request.redirectUri); - } - const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow); - const refreshTokenClient = await this.createRefreshTokenClient(serverTelemetryManager, silentRequest.authority, silentRequest.azureCloudOptions, silentRequest.account); - // Send request to renew token. Auth module will throw errors if token cannot be renewed. - return invokeAsync(refreshTokenClient.acquireTokenByRefreshToken.bind(refreshTokenClient), PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, this.logger, this.performanceClient, request.correlationId)(silentRequest).catch((e) => { - e.setCorrelationId(this.correlationId); - serverTelemetryManager.cacheFailedRequest(e); - throw e; - }); - } - /** - * Currently Unsupported - */ - logout() { - // Synchronous so we must reject - return Promise.reject(createBrowserAuthError(silentLogoutUnsupported)); - } - /** - * Creates a Refresh Client with the given authority, or the default authority. - * @param serverTelemetryManager - * @param authorityUrl - */ - async createRefreshTokenClient(serverTelemetryManager, authorityUrl, azureCloudOptions, account) { - // Create auth module. - const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, authorityUrl, azureCloudOptions, account); - return new RefreshTokenClient(clientConfig, this.performanceClient); - } +//# sourceMappingURL=RequestHelpers.mjs.map + +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_client/StandardInteractionClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Defines the class structure and helper functions used by the "standard", non-brokered auth flows (popup, redirect, silent (RT), silent (iframe)) + */ +class StandardInteractionClient extends BaseInteractionClient { + /** + * Generates an auth code request tied to the url request. + * @param request + */ + async initializeAuthorizationCodeRequest(request) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.correlationId); + const generatedPkceParams = await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, this.correlationId)(this.performanceClient, this.logger, this.correlationId); + const authCodeRequest = { + ...request, + redirectUri: request.redirectUri, + code: Constants.EMPTY_STRING, + codeVerifier: generatedPkceParams.verifier, + }; + request.codeChallenge = generatedPkceParams.challenge; + request.codeChallengeMethod = Constants.S256_CODE_CHALLENGE_METHOD; + return authCodeRequest; + } + /** + * Initializer for the logout request. + * @param logoutRequest + */ + initializeLogoutRequest(logoutRequest) { + this.logger.verbose("initializeLogoutRequest called", logoutRequest?.correlationId); + const validLogoutRequest = { + correlationId: this.correlationId || BrowserCrypto_createNewGuid(), + ...logoutRequest, + }; + /** + * Set logout_hint to be login_hint from ID Token Claims if present + * and logoutHint attribute wasn't manually set in logout request + */ + if (logoutRequest) { + // If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims + if (!logoutRequest.logoutHint) { + if (logoutRequest.account) { + const logoutHint = this.getLogoutHintFromIdTokenClaims(logoutRequest.account); + if (logoutHint) { + this.logger.verbose("Setting logoutHint to login_hint ID Token Claim value for the account provided"); + validLogoutRequest.logoutHint = logoutHint; + } + } + else { + this.logger.verbose("logoutHint was not set and account was not passed into logout request, logoutHint will not be set"); + } + } + else { + this.logger.verbose("logoutHint has already been set in logoutRequest"); + } + } + else { + this.logger.verbose("logoutHint will not be set since no logout request was configured"); + } + /* + * Only set redirect uri if logout request isn't provided or the set uri isn't null. + * Otherwise, use passed uri, config, or current page. + */ + if (!logoutRequest || logoutRequest.postLogoutRedirectUri !== null) { + if (logoutRequest && logoutRequest.postLogoutRedirectUri) { + this.logger.verbose("Setting postLogoutRedirectUri to uri set on logout request", validLogoutRequest.correlationId); + validLogoutRequest.postLogoutRedirectUri = + UrlString.getAbsoluteUrl(logoutRequest.postLogoutRedirectUri, getCurrentUri()); + } + else if (this.config.auth.postLogoutRedirectUri === null) { + this.logger.verbose("postLogoutRedirectUri configured as null and no uri set on request, not passing post logout redirect", validLogoutRequest.correlationId); + } + else if (this.config.auth.postLogoutRedirectUri) { + this.logger.verbose("Setting postLogoutRedirectUri to configured uri", validLogoutRequest.correlationId); + validLogoutRequest.postLogoutRedirectUri = + UrlString.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri, getCurrentUri()); + } + else { + this.logger.verbose("Setting postLogoutRedirectUri to current page", validLogoutRequest.correlationId); + validLogoutRequest.postLogoutRedirectUri = + UrlString.getAbsoluteUrl(getCurrentUri(), getCurrentUri()); + } + } + else { + this.logger.verbose("postLogoutRedirectUri passed as null, not setting post logout redirect uri", validLogoutRequest.correlationId); + } + return validLogoutRequest; + } + /** + * Parses login_hint ID Token Claim out of AccountInfo object to be used as + * logout_hint in end session request. + * @param account + */ + getLogoutHintFromIdTokenClaims(account) { + const idTokenClaims = account.idTokenClaims; + if (idTokenClaims) { + if (idTokenClaims.login_hint) { + return idTokenClaims.login_hint; + } + else { + this.logger.verbose("The ID Token Claims tied to the provided account do not contain a login_hint claim, logoutHint will not be added to logout request"); + } + } + else { + this.logger.verbose("The provided account does not contain ID Token Claims, logoutHint will not be added to logout request"); + } + return null; + } + /** + * Creates an Authorization Code Client with the given authority, or the default authority. + * @param serverTelemetryManager + * @param authorityUrl + */ + async createAuthCodeClient(serverTelemetryManager, authorityUrl, requestAzureCloudOptions, account) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.correlationId); + // Create auth module. + const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, authorityUrl, requestAzureCloudOptions, account); + return new AuthorizationCodeClient(clientConfig, this.performanceClient); + } + /** + * Creates a Client Configuration object with the given request authority, or the default authority. + * @param serverTelemetryManager + * @param requestAuthority + * @param requestCorrelationId + */ + async getClientConfiguration(serverTelemetryManager, requestAuthority, requestAzureCloudOptions, account) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.correlationId); + const discoveredAuthority = await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, this.correlationId)(requestAuthority, requestAzureCloudOptions, account); + const logger = this.config.system.loggerOptions; + return { + authOptions: { + clientId: this.config.auth.clientId, + authority: discoveredAuthority, + clientCapabilities: this.config.auth.clientCapabilities, + }, + systemOptions: { + tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds, + preventCorsPreflight: true, + }, + loggerOptions: { + loggerCallback: logger.loggerCallback, + piiLoggingEnabled: logger.piiLoggingEnabled, + logLevel: logger.logLevel, + correlationId: this.correlationId, + }, + cacheOptions: { + claimsBasedCachingEnabled: this.config.cache.claimsBasedCachingEnabled, + }, + cryptoInterface: this.browserCrypto, + networkInterface: this.networkClient, + storageInterface: this.browserStorage, + serverTelemetryManager: serverTelemetryManager, + libraryInfo: { + sku: BrowserConstants.MSAL_SKU, + version: packageMetadata_version, + cpu: Constants.EMPTY_STRING, + os: Constants.EMPTY_STRING, + }, + telemetry: this.config.telemetry, + }; + } + /** + * Helper to initialize required request parameters for interactive APIs and ssoSilent() + * @param request + * @param interactionType + */ + async initializeAuthorizationRequest(request, interactionType) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.correlationId); + const redirectUri = this.getRedirectUri(request.redirectUri); + const browserState = { + interactionType: interactionType, + }; + const state = ProtocolUtils.setRequestState(this.browserCrypto, (request && request.state) || Constants.EMPTY_STRING, browserState); + const baseRequest = await invokeAsync(initializeBaseRequest, PerformanceEvents.InitializeBaseRequest, this.logger, this.performanceClient, this.correlationId)({ ...request, correlationId: this.correlationId }, this.config, this.performanceClient, this.logger); + const validatedRequest = { + ...baseRequest, + redirectUri: redirectUri, + state: state, + nonce: request.nonce || BrowserCrypto_createNewGuid(), + responseMode: this.config.auth.OIDCOptions + .serverResponseType, + }; + const account = request.account || this.browserStorage.getActiveAccount(); + if (account) { + this.logger.verbose("Setting validated request account", this.correlationId); + this.logger.verbosePii(`Setting validated request account: ${account.homeAccountId}`, this.correlationId); + validatedRequest.account = account; + } + // Check for ADAL/MSAL v1 SSO + if (!validatedRequest.loginHint && !account) { + const legacyLoginHint = this.browserStorage.getLegacyLoginHint(); + if (legacyLoginHint) { + validatedRequest.loginHint = legacyLoginHint; + } + } + return validatedRequest; + } } -//# sourceMappingURL=SilentRefreshClient.mjs.map +//# sourceMappingURL=StandardInteractionClient.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/cache/TokenCache.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/error/NativeAuthErrorCodes.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const contentError = "ContentError"; +const userSwitch = "user_switch"; +//# sourceMappingURL=NativeAuthErrorCodes.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/broker/nativeBroker/NativeStatusCodes.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +// Status Codes that can be thrown by WAM +const USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED"; +const USER_CANCEL = "USER_CANCEL"; +const NO_NETWORK = "NO_NETWORK"; +const PERSISTENT_ERROR = "PERSISTENT_ERROR"; +const DISABLED = "DISABLED"; +const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE"; +//# sourceMappingURL=NativeStatusCodes.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * Token cache manager - */ -class TokenCache { - constructor(configuration, storage, logger, cryptoObj) { - this.isBrowserEnvironment = typeof window !== "undefined"; - this.config = configuration; - this.storage = storage; - this.logger = logger; - this.cryptoObj = cryptoObj; - } - // Move getAllAccounts here and cache utility APIs - /** - * API to load tokens to msal-browser cache. - * @param request - * @param response - * @param options - * @returns `AuthenticationResult` for the response that was loaded. - */ - loadExternalTokens(request, response, options) { - if (!this.isBrowserEnvironment) { - throw createBrowserAuthError(nonBrowserEnvironment); - } - const idTokenClaims = response.id_token - ? extractTokenClaims(response.id_token, base64Decode) - : undefined; - const authorityOptions = { - protocolMode: this.config.auth.protocolMode, - knownAuthorities: this.config.auth.knownAuthorities, - cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata, - authorityMetadata: this.config.auth.authorityMetadata, - skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache, - }; - const authority = request.authority - ? new Authority(Authority.generateAuthority(request.authority, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, request.correlationId || BrowserCrypto_createNewGuid()) - : undefined; - const cacheRecordAccount = this.loadAccount(request, options.clientInfo || response.client_info || "", idTokenClaims, authority); - const idToken = this.loadIdToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm); - const accessToken = this.loadAccessToken(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options); - const refreshToken = this.loadRefreshToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment); - return this.generateAuthenticationResult(request, { - account: cacheRecordAccount, - idToken, - accessToken, - refreshToken, - }, idTokenClaims, authority); - } - /** - * Helper function to load account to msal-browser cache - * @param idToken - * @param environment - * @param clientInfo - * @param authorityType - * @param requestHomeAccountId - * @returns `AccountEntity` - */ - loadAccount(request, clientInfo, idTokenClaims, authority) { - this.logger.verbose("TokenCache - loading account"); - if (request.account) { - const accountEntity = AccountEntity.createFromAccountInfo(request.account); - this.storage.setAccount(accountEntity); - return accountEntity; - } - else if (!authority || (!clientInfo && !idTokenClaims)) { - this.logger.error("TokenCache - if an account is not provided on the request, authority and either clientInfo or idToken must be provided instead."); - throw createBrowserAuthError(unableToLoadToken); - } - const homeAccountId = AccountEntity.generateHomeAccountId(clientInfo, authority.authorityType, this.logger, this.cryptoObj, idTokenClaims); - const claimsTenantId = idTokenClaims?.tid; - const cachedAccount = buildAccountToCache(this.storage, authority, homeAccountId, base64Decode, idTokenClaims, clientInfo, authority.hostnameAndPort, claimsTenantId, undefined, // authCodePayload - undefined, // nativeAccountId - this.logger); - this.storage.setAccount(cachedAccount); - return cachedAccount; - } - /** - * Helper function to load id tokens to msal-browser cache - * @param idToken - * @param homeAccountId - * @param environment - * @param tenantId - * @returns `IdTokenEntity` - */ - loadIdToken(response, homeAccountId, environment, tenantId) { - if (!response.id_token) { - this.logger.verbose("TokenCache - no id token found in response"); - return null; - } - this.logger.verbose("TokenCache - loading id token"); - const idTokenEntity = createIdTokenEntity(homeAccountId, environment, response.id_token, this.config.auth.clientId, tenantId); - this.storage.setIdTokenCredential(idTokenEntity); - return idTokenEntity; - } - /** - * Helper function to load access tokens to msal-browser cache - * @param request - * @param response - * @param homeAccountId - * @param environment - * @param tenantId - * @returns `AccessTokenEntity` - */ - loadAccessToken(request, response, homeAccountId, environment, tenantId, options) { - if (!response.access_token) { - this.logger.verbose("TokenCache - no access token found in response"); - return null; - } - else if (!response.expires_in) { - this.logger.error("TokenCache - no expiration set on the access token. Cannot add it to the cache."); - return null; - } - else if (!response.scope && - (!request.scopes || !request.scopes.length)) { - this.logger.error("TokenCache - scopes not specified in the request or response. Cannot add token to the cache."); - return null; - } - this.logger.verbose("TokenCache - loading access token"); - const scopes = response.scope - ? ScopeSet.fromString(response.scope) - : new ScopeSet(request.scopes); - const expiresOn = options.expiresOn || - response.expires_in + new Date().getTime() / 1000; - const extendedExpiresOn = options.extendedExpiresOn || - (response.ext_expires_in || response.expires_in) + - new Date().getTime() / 1000; - const accessTokenEntity = createAccessTokenEntity(homeAccountId, environment, response.access_token, this.config.auth.clientId, tenantId, scopes.printScopes(), expiresOn, extendedExpiresOn, base64Decode); - this.storage.setAccessTokenCredential(accessTokenEntity); - return accessTokenEntity; - } - /** - * Helper function to load refresh tokens to msal-browser cache - * @param request - * @param response - * @param homeAccountId - * @param environment - * @returns `RefreshTokenEntity` - */ - loadRefreshToken(response, homeAccountId, environment) { - if (!response.refresh_token) { - this.logger.verbose("TokenCache - no refresh token found in response"); - return null; - } - this.logger.verbose("TokenCache - loading refresh token"); - const refreshTokenEntity = createRefreshTokenEntity(homeAccountId, environment, response.refresh_token, this.config.auth.clientId, response.foci, undefined, // userAssertionHash - response.refresh_token_expires_in); - this.storage.setRefreshTokenCredential(refreshTokenEntity); - return refreshTokenEntity; - } - /** - * Helper function to generate an `AuthenticationResult` for the result. - * @param request - * @param idTokenObj - * @param cacheRecord - * @param authority - * @returns `AuthenticationResult` - */ - generateAuthenticationResult(request, cacheRecord, idTokenClaims, authority) { - let accessToken = ""; - let responseScopes = []; - let expiresOn = null; - let extExpiresOn; - if (cacheRecord?.accessToken) { - accessToken = cacheRecord.accessToken.secret; - responseScopes = ScopeSet.fromString(cacheRecord.accessToken.target).asArray(); - expiresOn = new Date(Number(cacheRecord.accessToken.expiresOn) * 1000); - extExpiresOn = new Date(Number(cacheRecord.accessToken.extendedExpiresOn) * 1000); - } - const accountEntity = cacheRecord.account; - return { - authority: authority ? authority.canonicalAuthority : "", - uniqueId: cacheRecord.account.localAccountId, - tenantId: cacheRecord.account.realm, - scopes: responseScopes, - account: accountEntity.getAccountInfo(), - idToken: cacheRecord.idToken?.secret || "", - idTokenClaims: idTokenClaims || {}, - accessToken: accessToken, - fromCache: true, - expiresOn: expiresOn, - correlationId: request.correlationId || "", - requestId: "", - extExpiresOn: extExpiresOn, - familyId: cacheRecord.refreshToken?.familyId || "", - tokenType: cacheRecord?.accessToken?.tokenType || "", - state: request.state || "", - cloudGraphHostName: accountEntity.cloudGraphHostName || "", - msGraphHost: accountEntity.msGraphHost || "", - fromNativeBroker: false, - }; - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/error/NativeAuthError.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const INVALID_METHOD_ERROR = -2147186943; +const NativeAuthErrorMessages = { + [userSwitch]: "User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again.", +}; +class NativeAuthError extends AuthError { + constructor(errorCode, description, ext) { + super(errorCode, description); + Object.setPrototypeOf(this, NativeAuthError.prototype); + this.name = "NativeAuthError"; + this.ext = ext; + } +} +/** + * These errors should result in a fallback to the 'standard' browser based auth flow. + */ +function isFatalNativeAuthError(error) { + if (error.ext && + error.ext.status && + (error.ext.status === PERSISTENT_ERROR || + error.ext.status === DISABLED)) { + return true; + } + if (error.ext && + error.ext.error && + error.ext.error === INVALID_METHOD_ERROR) { + return true; + } + switch (error.errorCode) { + case contentError: + return true; + default: + return false; + } +} +/** + * Create the appropriate error object based on the WAM status code. + * @param code + * @param description + * @param ext + * @returns + */ +function createNativeAuthError(code, description, ext) { + if (ext && ext.status) { + switch (ext.status) { + case ACCOUNT_UNAVAILABLE: + return createInteractionRequiredAuthError(nativeAccountUnavailable); + case USER_INTERACTION_REQUIRED: + return new InteractionRequiredAuthError(code, description); + case USER_CANCEL: + return createBrowserAuthError(userCancelled); + case NO_NETWORK: + return createBrowserAuthError(BrowserAuthErrorCodes_noNetworkConnectivity); + } + } + return new NativeAuthError(code, NativeAuthErrorMessages[code] || description, ext); } -//# sourceMappingURL=TokenCache.mjs.map +//# sourceMappingURL=NativeAuthError.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/client/RefreshTokenClient.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class HybridSpaAuthorizationCodeClient extends AuthorizationCodeClient { - constructor(config) { - super(config); - this.includeRedirectUri = false; - } + + + + + + + + + + + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS = 300; // 5 Minutes +/** + * OAuth2.0 refresh token client + * @internal + */ +class RefreshTokenClient extends BaseClient { + constructor(configuration, performanceClient) { + super(configuration, performanceClient); + } + async acquireToken(request) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireToken, request.correlationId); + const reqTimestamp = nowSeconds(); + const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.RefreshTokenClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(request, this.authority); + // Retrieve requestId from response headers + const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID]; + const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin); + responseHandler.validateTokenResponse(response.body); + return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, undefined, undefined, true, request.forceCache, requestId); + } + /** + * Gets cached refresh token and attaches to request, then calls acquireToken API + * @param request + */ + async acquireTokenByRefreshToken(request) { + // Cannot renew token if no request object is given. + if (!request) { + throw createClientConfigurationError(tokenRequestEmpty); + } + this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, request.correlationId); + // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases + if (!request.account) { + throw createClientAuthError(noAccountInSilentRequest); + } + // try checking if FOCI is enabled for the given application + const isFOCI = this.cacheManager.isAppMetadataFOCI(request.account.environment); + // if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest + if (isFOCI) { + try { + return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true); + } + catch (e) { + const noFamilyRTInCache = e instanceof InteractionRequiredAuthError && + e.errorCode === + noTokensFound; + const clientMismatchErrorWithFamilyRT = e instanceof ServerError && + e.errorCode === Errors.INVALID_GRANT_ERROR && + e.subError === Errors.CLIENT_MISMATCH_ERROR; + // if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART) + if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) { + return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false); + // throw in all other cases + } + else { + throw e; + } + } + } + // fall back to application refresh token acquisition + return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false); + } + /** + * makes a network call to acquire tokens by exchanging RefreshToken available in userCache; throws if refresh token is not cached + * @param request + */ + async acquireTokenWithCachedRefreshToken(request, foci) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId); + // fetches family RT or application RT based on FOCI value + const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, undefined, this.performanceClient, request.correlationId); + if (!refreshToken) { + throw createInteractionRequiredAuthError(noTokensFound); + } + if (refreshToken.expiresOn && + isTokenExpired(refreshToken.expiresOn, request.refreshTokenExpirationOffsetSeconds || + DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS)) { + throw createInteractionRequiredAuthError(refreshTokenExpired); + } + // attach cached RT size to the current measurement + const refreshTokenRequest = { + ...request, + refreshToken: refreshToken.secret, + authenticationScheme: request.authenticationScheme || AuthenticationScheme.BEARER, + ccsCredential: { + credential: request.account.homeAccountId, + type: CcsCredentialType.HOME_ACCOUNT_ID, + }, + }; + try { + return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest); + } + catch (e) { + if (e instanceof InteractionRequiredAuthError && + e.subError === badToken) { + // Remove bad refresh token from cache + this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache"); + const badRefreshTokenKey = generateCredentialKey(refreshToken); + this.cacheManager.removeRefreshToken(badRefreshTokenKey); + } + throw e; + } + } + /** + * Constructs the network message and makes a NW call to the underlying secure token service + * @param request + * @param authority + */ + async executeTokenRequest(request, authority) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientExecuteTokenRequest, request.correlationId); + const queryParametersString = this.createTokenQueryParameters(request); + const endpoint = UrlString.appendQueryString(authority.tokenEndpoint, queryParametersString); + const requestBody = await invokeAsync(this.createTokenRequestBody.bind(this), PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, this.logger, this.performanceClient, request.correlationId)(request); + const headers = this.createTokenRequestHeaders(request.ccsCredential); + const thumbprint = { + clientId: request.tokenBodyParameters?.clientId || + this.config.authOptions.clientId, + authority: authority.canonicalAuthority, + scopes: request.scopes, + claims: request.claims, + authenticationScheme: request.authenticationScheme, + resourceRequestMethod: request.resourceRequestMethod, + resourceRequestUri: request.resourceRequestUri, + shrClaims: request.shrClaims, + sshKid: request.sshKid, + }; + return invokeAsync(this.executePostToTokenEndpoint.bind(this), PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint, this.logger, this.performanceClient, request.correlationId)(endpoint, requestBody, headers, thumbprint, request.correlationId, PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint); + } + /** + * Helper function to create the token request body + * @param request + */ + async createTokenRequestBody(request) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, request.correlationId); + const correlationId = request.correlationId; + const parameterBuilder = new RequestParameterBuilder(); + parameterBuilder.addClientId(request.tokenBodyParameters?.[CLIENT_ID] || + this.config.authOptions.clientId); + if (request.redirectUri) { + parameterBuilder.addRedirectUri(request.redirectUri); + } + parameterBuilder.addScopes(request.scopes, true, this.config.authOptions.authority.options.OIDCOptions?.defaultScopes); + parameterBuilder.addGrantType(GrantType.REFRESH_TOKEN_GRANT); + parameterBuilder.addClientInfo(); + parameterBuilder.addLibraryInfo(this.config.libraryInfo); + parameterBuilder.addApplicationTelemetry(this.config.telemetry.application); + parameterBuilder.addThrottling(); + if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) { + parameterBuilder.addServerTelemetry(this.serverTelemetryManager); + } + parameterBuilder.addCorrelationId(correlationId); + parameterBuilder.addRefreshToken(request.refreshToken); + if (this.config.clientCredentials.clientSecret) { + parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret); + } + if (this.config.clientCredentials.clientAssertion) { + const clientAssertion = this.config.clientCredentials.clientAssertion; + parameterBuilder.addClientAssertion(await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri)); + parameterBuilder.addClientAssertionType(clientAssertion.assertionType); + } + if (request.authenticationScheme === AuthenticationScheme.POP) { + const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient); + let reqCnfData; + if (!request.popKid) { + const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger); + reqCnfData = generatedReqCnfData.reqCnfString; + } + else { + reqCnfData = this.cryptoUtils.encodeKid(request.popKid); + } + // SPA PoP requires full Base64Url encoded req_cnf string (unhashed) + parameterBuilder.addPopToken(reqCnfData); + } + else if (request.authenticationScheme === AuthenticationScheme.SSH) { + if (request.sshJwk) { + parameterBuilder.addSshJwk(request.sshJwk); + } + else { + throw createClientConfigurationError(missingSshJwk); + } + } + if (!StringUtils.isEmptyObj(request.claims) || + (this.config.authOptions.clientCapabilities && + this.config.authOptions.clientCapabilities.length > 0)) { + parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities); + } + if (this.config.systemOptions.preventCorsPreflight && + request.ccsCredential) { + switch (request.ccsCredential.type) { + case CcsCredentialType.HOME_ACCOUNT_ID: + try { + const clientInfo = buildClientInfoFromHomeAccountId(request.ccsCredential.credential); + parameterBuilder.addCcsOid(clientInfo); + } + catch (e) { + this.logger.verbose("Could not parse home account ID for CCS Header: " + + e); + } + break; + case CcsCredentialType.UPN: + parameterBuilder.addCcsUpn(request.ccsCredential.credential); + break; + } + } + if (request.tokenBodyParameters) { + parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters); + } + return parameterBuilder.createQueryString(); + } } -//# sourceMappingURL=HybridSpaAuthorizationCodeClient.mjs.map +//# sourceMappingURL=RefreshTokenClient.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/interaction_client/SilentAuthCodeClient.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-common/dist/client/SilentFlowClient.mjs +/*! @azure/msal-common v14.14.2 2024-08-28 */ + + + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** @internal */ +class SilentFlowClient extends BaseClient { + constructor(configuration, performanceClient) { + super(configuration, performanceClient); + } + /** + * Retrieves a token from cache if it is still valid, or uses the cached refresh token to renew + * the given token and returns the renewed token + * @param request + */ + async acquireToken(request) { + try { + const [authResponse, cacheOutcome] = await this.acquireCachedToken({ + ...request, + scopes: request.scopes?.length + ? request.scopes + : [...OIDC_DEFAULT_SCOPES], + }); + // if the token is not expired but must be refreshed; get a new one in the background + if (cacheOutcome === CacheOutcome.PROACTIVELY_REFRESHED) { + this.logger.info("SilentFlowClient:acquireCachedToken - Cached access token's refreshOn property has been exceeded'. It's not expired, but must be refreshed."); + // refresh the access token in the background + const refreshTokenClient = new RefreshTokenClient(this.config, this.performanceClient); + refreshTokenClient + .acquireTokenByRefreshToken(request) + .catch(() => { + // do nothing, this is running in the background and no action is to be taken upon success or failure + }); + } + // return the cached token + return authResponse; + } + catch (e) { + if (e instanceof ClientAuthError && + e.errorCode === tokenRefreshRequired) { + const refreshTokenClient = new RefreshTokenClient(this.config, this.performanceClient); + return refreshTokenClient.acquireTokenByRefreshToken(request); + } + else { + throw e; + } + } + } + /** + * Retrieves token from cache or throws an error if it must be refreshed. + * @param request + */ + async acquireCachedToken(request) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientAcquireCachedToken, request.correlationId); + let lastCacheOutcome = CacheOutcome.NOT_APPLICABLE; + if (request.forceRefresh || + (!this.config.cacheOptions.claimsBasedCachingEnabled && + !StringUtils.isEmptyObj(request.claims))) { + // Must refresh due to present force_refresh flag. + this.setCacheOutcome(CacheOutcome.FORCE_REFRESH_OR_CLAIMS, request.correlationId); + throw createClientAuthError(tokenRefreshRequired); + } + // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases + if (!request.account) { + throw createClientAuthError(noAccountInSilentRequest); + } + const requestTenantId = request.account.tenantId || + getTenantFromAuthorityString(request.authority); + const tokenKeys = this.cacheManager.getTokenKeys(); + const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId, this.performanceClient, request.correlationId); + if (!cachedAccessToken) { + // must refresh due to non-existent access_token + this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId); + throw createClientAuthError(tokenRefreshRequired); + } + else if (wasClockTurnedBack(cachedAccessToken.cachedAt) || + isTokenExpired(cachedAccessToken.expiresOn, this.config.systemOptions.tokenRenewalOffsetSeconds)) { + // must refresh due to the expires_in value + this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId); + throw createClientAuthError(tokenRefreshRequired); + } + else if (cachedAccessToken.refreshOn && + isTokenExpired(cachedAccessToken.refreshOn, 0)) { + // must refresh (in the background) due to the refresh_in value + lastCacheOutcome = CacheOutcome.PROACTIVELY_REFRESHED; + // don't throw ClientAuthError.createRefreshRequiredError(), return cached token instead + } + const environment = request.authority || this.authority.getPreferredCache(); + const cacheRecord = { + account: this.cacheManager.readAccountFromCache(request.account), + accessToken: cachedAccessToken, + idToken: this.cacheManager.getIdToken(request.account, tokenKeys, requestTenantId, this.performanceClient, request.correlationId), + refreshToken: null, + appMetadata: this.cacheManager.readAppMetadataFromCache(environment), + }; + this.setCacheOutcome(lastCacheOutcome, request.correlationId); + if (this.config.serverTelemetryManager) { + this.config.serverTelemetryManager.incrementCacheHits(); + } + return [ + await invokeAsync(this.generateResultFromCacheRecord.bind(this), PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, this.logger, this.performanceClient, request.correlationId)(cacheRecord, request), + lastCacheOutcome, + ]; + } + setCacheOutcome(cacheOutcome, correlationId) { + this.serverTelemetryManager?.setCacheOutcome(cacheOutcome); + this.performanceClient?.addFields({ + cacheOutcome: cacheOutcome, + }, correlationId); + if (cacheOutcome !== CacheOutcome.NOT_APPLICABLE) { + this.logger.info(`Token refresh is required due to cache outcome: ${cacheOutcome}`); + } + } + /** + * Helper function to build response object from the CacheRecord + * @param cacheRecord + */ + async generateResultFromCacheRecord(cacheRecord, request) { + this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, request.correlationId); + let idTokenClaims; + if (cacheRecord.idToken) { + idTokenClaims = extractTokenClaims(cacheRecord.idToken.secret, this.config.cryptoInterface.base64Decode); + } + // token max_age check + if (request.maxAge || request.maxAge === 0) { + const authTime = idTokenClaims?.auth_time; + if (!authTime) { + throw createClientAuthError(authTimeNotFound); + } + checkMaxAge(authTime, request.maxAge); + } + return ResponseHandler.generateAuthenticationResult(this.cryptoUtils, this.authority, cacheRecord, true, request, idTokenClaims); + } +} +//# sourceMappingURL=SilentFlowClient.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_client/SilentCacheClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class SilentCacheClient extends StandardInteractionClient { + /** + * Returns unexpired tokens from the cache, if available + * @param silentRequest + */ + async acquireToken(silentRequest) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentCacheClientAcquireToken, silentRequest.correlationId); + // Telemetry manager only used to increment cacheHits here + const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow); + const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, silentRequest.authority, silentRequest.azureCloudOptions, silentRequest.account); + const silentAuthClient = new SilentFlowClient(clientConfig, this.performanceClient); + this.logger.verbose("Silent auth client created"); + try { + const response = await invokeAsync(silentAuthClient.acquireCachedToken.bind(silentAuthClient), PerformanceEvents.SilentFlowClientAcquireCachedToken, this.logger, this.performanceClient, silentRequest.correlationId)(silentRequest); + const authResponse = response[0]; + this.performanceClient.addFields({ + fromCache: true, + }, silentRequest.correlationId); + return authResponse; + } + catch (error) { + if (error instanceof BrowserAuthError && + error.errorCode === cryptoKeyNotFound) { + this.logger.verbose("Signing keypair for bound access token not found. Refreshing bound access token and generating a new crypto keypair."); + } + throw error; + } + } + /** + * API to silenty clear the browser cache. + * @param logoutRequest + */ + logout(logoutRequest) { + this.logger.verbose("logoutRedirect called"); + const validLogoutRequest = this.initializeLogoutRequest(logoutRequest); + return this.clearCacheOnLogout(validLogoutRequest?.account); + } +} +//# sourceMappingURL=SilentCacheClient.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_client/NativeInteractionClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +const BrokerServerParamKeys = { + BROKER_CLIENT_ID: "brk_client_id", + BROKER_REDIRECT_URI: "brk_redirect_uri", +}; +class NativeInteractionClient extends BaseInteractionClient { + constructor(config, browserStorage, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, provider, accountId, nativeStorageImpl, correlationId) { + super(config, browserStorage, browserCrypto, logger, eventHandler, navigationClient, performanceClient, provider, correlationId); + this.apiId = apiId; + this.accountId = accountId; + this.nativeMessageHandler = provider; + this.nativeStorageManager = nativeStorageImpl; + this.silentCacheClient = new SilentCacheClient(config, this.nativeStorageManager, browserCrypto, logger, eventHandler, navigationClient, performanceClient, provider, correlationId); + this.serverTelemetryManager = this.initializeServerTelemetryManager(this.apiId); + const extensionName = this.nativeMessageHandler.getExtensionId() === + NativeConstants.PREFERRED_EXTENSION_ID + ? "chrome" + : this.nativeMessageHandler.getExtensionId()?.length + ? "unknown" + : undefined; + this.skus = ServerTelemetryManager.makeExtraSkuString({ + libraryName: BrowserConstants.MSAL_SKU, + libraryVersion: packageMetadata_version, + extensionName: extensionName, + extensionVersion: this.nativeMessageHandler.getExtensionVersion(), + }); + } + /** + * Adds SKUs to request extra query parameters + * @param request {NativeTokenRequest} + * @private + */ + addRequestSKUs(request) { + request.extraParameters = { + ...request.extraParameters, + [X_CLIENT_EXTRA_SKU]: this.skus, + }; + } + /** + * Acquire token from native platform via browser extension + * @param request + */ + async acquireToken(request) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.NativeInteractionClientAcquireToken, request.correlationId); + this.logger.trace("NativeInteractionClient - acquireToken called."); + // start the perf measurement + const nativeATMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.NativeInteractionClientAcquireToken, request.correlationId); + const reqTimestamp = nowSeconds(); + try { + // initialize native request + const nativeRequest = await this.initializeNativeRequest(request); + // check if the tokens can be retrieved from internal cache + try { + const result = await this.acquireTokensFromCache(this.accountId, nativeRequest); + nativeATMeasurement.end({ + success: true, + isNativeBroker: false, + fromCache: true, + }); + return result; + } + catch (e) { + // continue with a native call for any and all errors + this.logger.info("MSAL internal Cache does not contain tokens, proceed to make a native call"); + } + const { ...nativeTokenRequest } = nativeRequest; + // fall back to native calls + const messageBody = { + method: NativeExtensionMethod.GetToken, + request: nativeTokenRequest, + }; + const response = await this.nativeMessageHandler.sendMessage(messageBody); + const validatedResponse = this.validateNativeResponse(response); + return await this.handleNativeResponse(validatedResponse, nativeRequest, reqTimestamp) + .then((result) => { + nativeATMeasurement.end({ + success: true, + isNativeBroker: true, + requestId: result.requestId, + }); + this.serverTelemetryManager.clearNativeBrokerErrorCode(); + return result; + }) + .catch((error) => { + nativeATMeasurement.end({ + success: false, + errorCode: error.errorCode, + subErrorCode: error.subError, + isNativeBroker: true, + }); + throw error; + }); + } + catch (e) { + if (e instanceof NativeAuthError) { + this.serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode); + } + throw e; + } + } + /** + * Creates silent flow request + * @param request + * @param cachedAccount + * @returns CommonSilentFlowRequest + */ + createSilentCacheRequest(request, cachedAccount) { + return { + authority: request.authority, + correlationId: this.correlationId, + scopes: ScopeSet.fromString(request.scope).asArray(), + account: cachedAccount, + forceRefresh: false, + }; + } + /** + * Fetches the tokens from the cache if un-expired + * @param nativeAccountId + * @param request + * @returns authenticationResult + */ + async acquireTokensFromCache(nativeAccountId, request) { + if (!nativeAccountId) { + this.logger.warning("NativeInteractionClient:acquireTokensFromCache - No nativeAccountId provided"); + throw createClientAuthError(noAccountFound); + } + // fetch the account from browser cache + const account = this.browserStorage.getBaseAccountInfo({ + nativeAccountId, + }); + if (!account) { + throw createClientAuthError(noAccountFound); + } + // leverage silent flow for cached tokens retrieval + try { + const silentRequest = this.createSilentCacheRequest(request, account); + const result = await this.silentCacheClient.acquireToken(silentRequest); + const fullAccount = { + ...account, + idTokenClaims: result?.idTokenClaims, + idToken: result?.idToken, + }; + return { + ...result, + account: fullAccount, + }; + } + catch (e) { + throw e; + } + } + /** + * Acquires a token from native platform then redirects to the redirectUri instead of returning the response + * @param {RedirectRequest} request + * @param {InProgressPerformanceEvent} rootMeasurement + */ + async acquireTokenRedirect(request, rootMeasurement) { + this.logger.trace("NativeInteractionClient - acquireTokenRedirect called."); + const { ...remainingParameters } = request; + delete remainingParameters.onRedirectNavigate; + const nativeRequest = await this.initializeNativeRequest(remainingParameters); + const messageBody = { + method: NativeExtensionMethod.GetToken, + request: nativeRequest, + }; + try { + const response = await this.nativeMessageHandler.sendMessage(messageBody); + this.validateNativeResponse(response); + } + catch (e) { + // Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise + if (e instanceof NativeAuthError) { + this.serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode); + if (isFatalNativeAuthError(e)) { + throw e; + } + } + } + this.browserStorage.setTemporaryCache(TemporaryCacheKeys.NATIVE_REQUEST, JSON.stringify(nativeRequest), true); + const navigationOptions = { + apiId: ApiId.acquireTokenRedirect, + timeout: this.config.system.redirectNavigationTimeout, + noHistory: false, + }; + const redirectUri = this.config.auth.navigateToLoginRequestUrl + ? window.location.href + : this.getRedirectUri(request.redirectUri); + rootMeasurement.end({ success: true }); + await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again + } + /** + * If the previous page called native platform for a token using redirect APIs, send the same request again and return the response + * @param performanceClient {IPerformanceClient?} + * @param correlationId {string?} correlation identifier + */ + async handleRedirectPromise(performanceClient, correlationId) { + this.logger.trace("NativeInteractionClient - handleRedirectPromise called."); + if (!this.browserStorage.isInteractionInProgress(true)) { + this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."); + return null; + } + // remove prompt from the request to prevent WAM from prompting twice + const cachedRequest = this.browserStorage.getCachedNativeRequest(); + if (!cachedRequest) { + this.logger.verbose("NativeInteractionClient - handleRedirectPromise called but there is no cached request, returning null."); + if (performanceClient && correlationId) { + performanceClient?.addFields({ errorCode: "no_cached_request" }, correlationId); + } + return null; + } + const { prompt, ...request } = cachedRequest; + if (prompt) { + this.logger.verbose("NativeInteractionClient - handleRedirectPromise called and prompt was included in the original request, removing prompt from cached request to prevent second interaction with native broker window."); + } + this.browserStorage.removeItem(this.browserStorage.generateCacheKey(TemporaryCacheKeys.NATIVE_REQUEST)); + const messageBody = { + method: NativeExtensionMethod.GetToken, + request: request, + }; + const reqTimestamp = nowSeconds(); + try { + this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker."); + const response = await this.nativeMessageHandler.sendMessage(messageBody); + this.validateNativeResponse(response); + const result = this.handleNativeResponse(response, request, reqTimestamp); + this.browserStorage.setInteractionInProgress(false); + const res = await result; + this.serverTelemetryManager.clearNativeBrokerErrorCode(); + return res; + } + catch (e) { + this.browserStorage.setInteractionInProgress(false); + throw e; + } + } + /** + * Logout from native platform via browser extension + * @param request + */ + logout() { + this.logger.trace("NativeInteractionClient - logout called."); + return Promise.reject("Logout not implemented yet"); + } + /** + * Transform response from native platform into AuthenticationResult object which will be returned to the end user + * @param response + * @param request + * @param reqTimestamp + */ + async handleNativeResponse(response, request, reqTimestamp) { + this.logger.trace("NativeInteractionClient - handleNativeResponse called."); + // generate identifiers + const idTokenClaims = extractTokenClaims(response.id_token, base64Decode); + const homeAccountIdentifier = this.createHomeAccountIdentifier(response, idTokenClaims); + const cachedhomeAccountId = this.browserStorage.getAccountInfoFilteredBy({ + nativeAccountId: request.accountId, + })?.homeAccountId; + if (homeAccountIdentifier !== cachedhomeAccountId && + response.account.id !== request.accountId) { + // User switch in native broker prompt is not supported. All users must first sign in through web flow to ensure server state is in sync + throw createNativeAuthError(userSwitch); + } + // Get the preferred_cache domain for the given authority + const authority = await this.getDiscoveredAuthority(request.authority); + const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, idTokenClaims, response.client_info, undefined, // environment + idTokenClaims.tid, undefined, // auth code payload + response.account.id, this.logger); + // generate authenticationResult + const result = await this.generateAuthenticationResult(response, request, idTokenClaims, baseAccount, authority.canonicalAuthority, reqTimestamp); + // cache accounts and tokens in the appropriate storage + this.cacheAccount(baseAccount); + this.cacheNativeTokens(response, request, homeAccountIdentifier, idTokenClaims, response.access_token, result.tenantId, reqTimestamp); + return result; + } + /** + * creates an homeAccountIdentifier for the account + * @param response + * @param idTokenObj + * @returns + */ + createHomeAccountIdentifier(response, idTokenClaims) { + // Save account in browser storage + const homeAccountIdentifier = AccountEntity.generateHomeAccountId(response.client_info || Constants.EMPTY_STRING, AuthorityType.Default, this.logger, this.browserCrypto, idTokenClaims); + return homeAccountIdentifier; + } + /** + * Helper to generate scopes + * @param response + * @param request + * @returns + */ + generateScopes(response, request) { + return response.scope + ? ScopeSet.fromString(response.scope) + : ScopeSet.fromString(request.scope); + } + /** + * If PoP token is requesred, records the PoP token if returned from the WAM, else generates one in the browser + * @param request + * @param response + */ + async generatePopAccessToken(response, request) { + if (request.tokenType === AuthenticationScheme.POP && + request.signPopToken) { + /** + * This code prioritizes SHR returned from the native layer. In case of error/SHR not calculated from WAM and the AT + * is still received, SHR is calculated locally + */ + // Check if native layer returned an SHR token + if (response.shr) { + this.logger.trace("handleNativeServerResponse: SHR is enabled in native layer"); + return response.shr; + } + // Generate SHR in msal js if WAM does not compute it when POP is enabled + const popTokenGenerator = new PopTokenGenerator(this.browserCrypto); + const shrParameters = { + resourceRequestMethod: request.resourceRequestMethod, + resourceRequestUri: request.resourceRequestUri, + shrClaims: request.shrClaims, + shrNonce: request.shrNonce, + }; + /** + * KeyID must be present in the native request from when the PoP key was generated in order for + * PopTokenGenerator to query the full key for signing + */ + if (!request.keyId) { + throw createClientAuthError(keyIdMissing); + } + return popTokenGenerator.signPopToken(response.access_token, request.keyId, shrParameters); + } + else { + return response.access_token; + } + } + /** + * Generates authentication result + * @param response + * @param request + * @param idTokenObj + * @param accountEntity + * @param authority + * @param reqTimestamp + * @returns + */ + async generateAuthenticationResult(response, request, idTokenClaims, accountEntity, authority, reqTimestamp) { + // Add Native Broker fields to Telemetry + const mats = this.addTelemetryFromNativeResponse(response); + // If scopes not returned in server response, use request scopes + const responseScopes = response.scope + ? ScopeSet.fromString(response.scope) + : ScopeSet.fromString(request.scope); + const accountProperties = response.account.properties || {}; + const uid = accountProperties["UID"] || + idTokenClaims.oid || + idTokenClaims.sub || + Constants.EMPTY_STRING; + const tid = accountProperties["TenantId"] || + idTokenClaims.tid || + Constants.EMPTY_STRING; + const accountInfo = updateAccountTenantProfileData(accountEntity.getAccountInfo(), undefined, // tenantProfile optional + idTokenClaims, response.id_token); + /** + * In pairwise broker flows, this check prevents the broker's native account id + * from being returned over the embedded app's account id. + */ + if (accountInfo.nativeAccountId !== response.account.id) { + accountInfo.nativeAccountId = response.account.id; + } + // generate PoP token as needed + const responseAccessToken = await this.generatePopAccessToken(response, request); + const tokenType = request.tokenType === AuthenticationScheme.POP + ? AuthenticationScheme.POP + : AuthenticationScheme.BEARER; + const result = { + authority: authority, + uniqueId: uid, + tenantId: tid, + scopes: responseScopes.asArray(), + account: accountInfo, + idToken: response.id_token, + idTokenClaims: idTokenClaims, + accessToken: responseAccessToken, + fromCache: mats ? this.isResponseFromCache(mats) : false, + expiresOn: new Date(Number(reqTimestamp + response.expires_in) * 1000), + tokenType: tokenType, + correlationId: this.correlationId, + state: response.state, + fromNativeBroker: true, + }; + return result; + } + /** + * cache the account entity in browser storage + * @param accountEntity + */ + cacheAccount(accountEntity) { + // Store the account info and hence `nativeAccountId` in browser cache + this.browserStorage.setAccount(accountEntity); + // Remove any existing cached tokens for this account in browser storage + this.browserStorage.removeAccountContext(accountEntity).catch((e) => { + this.logger.error(`Error occurred while removing account context from browser storage. ${e}`); + }); + } + /** + * Stores the access_token and id_token in inmemory storage + * @param response + * @param request + * @param homeAccountIdentifier + * @param idTokenObj + * @param responseAccessToken + * @param tenantId + * @param reqTimestamp + */ + cacheNativeTokens(response, request, homeAccountIdentifier, idTokenClaims, responseAccessToken, tenantId, reqTimestamp) { + const cachedIdToken = createIdTokenEntity(homeAccountIdentifier, request.authority, response.id_token || "", request.clientId, idTokenClaims.tid || ""); + // cache accessToken in inmemory storage + const expiresIn = request.tokenType === AuthenticationScheme.POP + ? Constants.SHR_NONCE_VALIDITY + : (typeof response.expires_in === "string" + ? parseInt(response.expires_in, 10) + : response.expires_in) || 0; + const tokenExpirationSeconds = reqTimestamp + expiresIn; + const responseScopes = this.generateScopes(response, request); + const cachedAccessToken = createAccessTokenEntity(homeAccountIdentifier, request.authority, responseAccessToken, request.clientId, idTokenClaims.tid || tenantId, responseScopes.printScopes(), tokenExpirationSeconds, 0, base64Decode, undefined, request.tokenType, undefined, request.keyId); + const nativeCacheRecord = { + idToken: cachedIdToken, + accessToken: cachedAccessToken, + }; + void this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, request.storeInCache); + } + addTelemetryFromNativeResponse(response) { + const mats = this.getMATSFromResponse(response); + if (!mats) { + return null; + } + this.performanceClient.addFields({ + extensionId: this.nativeMessageHandler.getExtensionId(), + extensionVersion: this.nativeMessageHandler.getExtensionVersion(), + matsBrokerVersion: mats.broker_version, + matsAccountJoinOnStart: mats.account_join_on_start, + matsAccountJoinOnEnd: mats.account_join_on_end, + matsDeviceJoin: mats.device_join, + matsPromptBehavior: mats.prompt_behavior, + matsApiErrorCode: mats.api_error_code, + matsUiVisible: mats.ui_visible, + matsSilentCode: mats.silent_code, + matsSilentBiSubCode: mats.silent_bi_sub_code, + matsSilentMessage: mats.silent_message, + matsSilentStatus: mats.silent_status, + matsHttpStatus: mats.http_status, + matsHttpEventCount: mats.http_event_count, + }, this.correlationId); + return mats; + } + /** + * Validates native platform response before processing + * @param response + */ + validateNativeResponse(response) { + if (response.hasOwnProperty("access_token") && + response.hasOwnProperty("id_token") && + response.hasOwnProperty("client_info") && + response.hasOwnProperty("account") && + response.hasOwnProperty("scope") && + response.hasOwnProperty("expires_in")) { + return response; + } + else { + throw createAuthError(unexpectedError, "Response missing expected properties."); + } + } + /** + * Gets MATS telemetry from native response + * @param response + * @returns + */ + getMATSFromResponse(response) { + if (response.properties.MATS) { + try { + return JSON.parse(response.properties.MATS); + } + catch (e) { + this.logger.error("NativeInteractionClient - Error parsing MATS telemetry, returning null instead"); + } + } + return null; + } + /** + * Returns whether or not response came from native cache + * @param response + * @returns + */ + isResponseFromCache(mats) { + if (typeof mats.is_cached === "undefined") { + this.logger.verbose("NativeInteractionClient - MATS telemetry does not contain field indicating if response was served from cache. Returning false."); + return false; + } + return !!mats.is_cached; + } + /** + * Translates developer provided request object into NativeRequest object + * @param request + */ + async initializeNativeRequest(request) { + this.logger.trace("NativeInteractionClient - initializeNativeRequest called"); + const authority = request.authority || this.config.auth.authority; + if (request.account) { + // validate authority + await this.getDiscoveredAuthority(authority, request.azureCloudOptions, request.account); + } + const canonicalAuthority = new UrlString(authority); + canonicalAuthority.validateAsUri(); + // scopes are expected to be received by the native broker as "scope" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here. + const { scopes, ...remainingProperties } = request; + const scopeSet = new ScopeSet(scopes || []); + scopeSet.appendScopes(OIDC_DEFAULT_SCOPES); + const getPrompt = () => { + // If request is silent, prompt is always none + switch (this.apiId) { + case ApiId.ssoSilent: + case ApiId.acquireTokenSilent_silentFlow: + this.logger.trace("initializeNativeRequest: silent request sets prompt to none"); + return PromptValue.NONE; + } + // Prompt not provided, request may proceed and native broker decides if it needs to prompt + if (!request.prompt) { + this.logger.trace("initializeNativeRequest: prompt was not provided"); + return undefined; + } + // If request is interactive, check if prompt provided is allowed to go directly to native broker + switch (request.prompt) { + case PromptValue.NONE: + case PromptValue.CONSENT: + case PromptValue.LOGIN: + this.logger.trace("initializeNativeRequest: prompt is compatible with native flow"); + return request.prompt; + default: + this.logger.trace(`initializeNativeRequest: prompt = ${request.prompt} is not compatible with native flow`); + throw createBrowserAuthError(nativePromptNotSupported); + } + }; + const validatedRequest = { + ...remainingProperties, + accountId: this.accountId, + clientId: this.config.auth.clientId, + authority: canonicalAuthority.urlString, + scope: scopeSet.printScopes(), + redirectUri: this.getRedirectUri(request.redirectUri), + prompt: getPrompt(), + correlationId: this.correlationId, + tokenType: request.authenticationScheme, + windowTitleSubstring: document.title, + extraParameters: { + ...request.extraQueryParameters, + ...request.tokenQueryParameters, + }, + extendedExpiryToken: false, + keyId: request.popKid, + }; + // Check for PoP token requests: signPopToken should only be set to true if popKid is not set + if (validatedRequest.signPopToken && !!request.popKid) { + throw createBrowserAuthError(invalidPopTokenRequest); + } + this.handleExtraBrokerParams(validatedRequest); + validatedRequest.extraParameters = + validatedRequest.extraParameters || {}; + validatedRequest.extraParameters.telemetry = + NativeConstants.MATS_TELEMETRY; + if (request.authenticationScheme === AuthenticationScheme.POP) { + // add POP request type + const shrParameters = { + resourceRequestUri: request.resourceRequestUri, + resourceRequestMethod: request.resourceRequestMethod, + shrClaims: request.shrClaims, + shrNonce: request.shrNonce, + }; + const popTokenGenerator = new PopTokenGenerator(this.browserCrypto); + // generate reqCnf if not provided in the request + let reqCnfData; + if (!validatedRequest.keyId) { + const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(shrParameters, this.logger); + reqCnfData = generatedReqCnfData.reqCnfString; + validatedRequest.keyId = generatedReqCnfData.kid; + validatedRequest.signPopToken = true; + } + else { + reqCnfData = this.browserCrypto.base64UrlEncode(JSON.stringify({ kid: validatedRequest.keyId })); + validatedRequest.signPopToken = false; + } + // SPAs require whole string to be passed to broker + validatedRequest.reqCnf = reqCnfData; + } + this.addRequestSKUs(validatedRequest); + return validatedRequest; + } + /** + * Handles extra broker request parameters + * @param request {NativeTokenRequest} + * @private + */ + handleExtraBrokerParams(request) { + if (!request.extraParameters) { + return; + } + if (request.extraParameters.hasOwnProperty(BrokerServerParamKeys.BROKER_CLIENT_ID) && + request.extraParameters.hasOwnProperty(BrokerServerParamKeys.BROKER_REDIRECT_URI) && + request.extraParameters.hasOwnProperty(CLIENT_ID)) { + const child_client_id = request.extraParameters[CLIENT_ID]; + const child_redirect_uri = request.redirectUri; + const brk_redirect_uri = request.extraParameters[BrokerServerParamKeys.BROKER_REDIRECT_URI]; + request.extraParameters = { + child_client_id, + child_redirect_uri, + }; + request.redirectUri = brk_redirect_uri; + } + } +} +//# sourceMappingURL=NativeInteractionClient.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -class SilentAuthCodeClient extends StandardInteractionClient { - constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeMessageHandler, correlationId) { - super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId); - this.apiId = apiId; - } - /** - * Acquires a token silently by redeeming an authorization code against the /token endpoint - * @param request - */ - async acquireToken(request) { - // Auth code payload is required - if (!request.code) { - throw createBrowserAuthError(authCodeRequired); - } - // Create silent request - const silentRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, request.correlationId)(request, InteractionType.Silent); - const serverTelemetryManager = this.initializeServerTelemetryManager(this.apiId); - try { - // Create auth code request (PKCE not needed) - const authCodeRequest = { - ...silentRequest, - code: request.code, - }; - // Initialize the client - const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, request.correlationId)(serverTelemetryManager, silentRequest.authority, silentRequest.azureCloudOptions, silentRequest.account); - const authClient = new HybridSpaAuthorizationCodeClient(clientConfig); - this.logger.verbose("Auth code client created"); - // Create silent handler - const interactionHandler = new InteractionHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient); - // Handle auth code parameters from request - return await invokeAsync(interactionHandler.handleCodeResponseFromServer.bind(interactionHandler), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)({ - code: request.code, - msgraph_host: request.msGraphHost, - cloud_graph_host_name: request.cloudGraphHostName, - cloud_instance_host_name: request.cloudInstanceHostName, - }, silentRequest, false); - } - catch (e) { - if (e instanceof AuthError) { - e.setCorrelationId(this.correlationId); - serverTelemetryManager.cacheFailedRequest(e); - } - throw e; - } - } - /** - * Currently Unsupported - */ - logout() { - // Synchronous so we must reject - return Promise.reject(createBrowserAuthError(silentLogoutUnsupported)); - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/broker/nativeBroker/NativeMessageHandler.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class NativeMessageHandler { + constructor(logger, handshakeTimeoutMs, performanceClient, extensionId) { + this.logger = logger; + this.handshakeTimeoutMs = handshakeTimeoutMs; + this.extensionId = extensionId; + this.resolvers = new Map(); // Used for non-handshake messages + this.handshakeResolvers = new Map(); // Used for handshake messages + this.messageChannel = new MessageChannel(); + this.windowListener = this.onWindowMessage.bind(this); // Window event callback doesn't have access to 'this' unless it's bound + this.performanceClient = performanceClient; + this.handshakeEvent = performanceClient.startMeasurement(PerformanceEvents.NativeMessageHandlerHandshake); + } + /** + * Sends a given message to the extension and resolves with the extension response + * @param body + */ + async sendMessage(body) { + this.logger.trace("NativeMessageHandler - sendMessage called."); + const req = { + channel: NativeConstants.CHANNEL_ID, + extensionId: this.extensionId, + responseId: BrowserCrypto_createNewGuid(), + body: body, + }; + this.logger.trace("NativeMessageHandler - Sending request to browser extension"); + this.logger.tracePii(`NativeMessageHandler - Sending request to browser extension: ${JSON.stringify(req)}`); + this.messageChannel.port1.postMessage(req); + return new Promise((resolve, reject) => { + this.resolvers.set(req.responseId, { resolve, reject }); + }); + } + /** + * Returns an instance of the MessageHandler that has successfully established a connection with an extension + * @param {Logger} logger + * @param {number} handshakeTimeoutMs + * @param {IPerformanceClient} performanceClient + * @param {ICrypto} crypto + */ + static async createProvider(logger, handshakeTimeoutMs, performanceClient) { + logger.trace("NativeMessageHandler - createProvider called."); + try { + const preferredProvider = new NativeMessageHandler(logger, handshakeTimeoutMs, performanceClient, NativeConstants.PREFERRED_EXTENSION_ID); + await preferredProvider.sendHandshakeRequest(); + return preferredProvider; + } + catch (e) { + // If preferred extension fails for whatever reason, fallback to using any installed extension + const backupProvider = new NativeMessageHandler(logger, handshakeTimeoutMs, performanceClient); + await backupProvider.sendHandshakeRequest(); + return backupProvider; + } + } + /** + * Send handshake request helper. + */ + async sendHandshakeRequest() { + this.logger.trace("NativeMessageHandler - sendHandshakeRequest called."); + // Register this event listener before sending handshake + window.addEventListener("message", this.windowListener, false); // false is important, because content script message processing should work first + const req = { + channel: NativeConstants.CHANNEL_ID, + extensionId: this.extensionId, + responseId: BrowserCrypto_createNewGuid(), + body: { + method: NativeExtensionMethod.HandshakeRequest, + }, + }; + this.handshakeEvent.add({ + extensionId: this.extensionId, + extensionHandshakeTimeoutMs: this.handshakeTimeoutMs, + }); + this.messageChannel.port1.onmessage = (event) => { + this.onChannelMessage(event); + }; + window.postMessage(req, window.origin, [this.messageChannel.port2]); + return new Promise((resolve, reject) => { + this.handshakeResolvers.set(req.responseId, { resolve, reject }); + this.timeoutId = window.setTimeout(() => { + /* + * Throw an error if neither HandshakeResponse nor original Handshake request are received in a reasonable timeframe. + * This typically suggests an event handler stopped propagation of the Handshake request but did not respond to it on the MessageChannel port + */ + window.removeEventListener("message", this.windowListener, false); + this.messageChannel.port1.close(); + this.messageChannel.port2.close(); + this.handshakeEvent.end({ + extensionHandshakeTimedOut: true, + success: false, + }); + reject(createBrowserAuthError(nativeHandshakeTimeout)); + this.handshakeResolvers.delete(req.responseId); + }, this.handshakeTimeoutMs); // Use a reasonable timeout in milliseconds here + }); + } + /** + * Invoked when a message is posted to the window. If a handshake request is received it means the extension is not installed. + * @param event + */ + onWindowMessage(event) { + this.logger.trace("NativeMessageHandler - onWindowMessage called"); + // We only accept messages from ourselves + if (event.source !== window) { + return; + } + const request = event.data; + if (!request.channel || + request.channel !== NativeConstants.CHANNEL_ID) { + return; + } + if (request.extensionId && request.extensionId !== this.extensionId) { + return; + } + if (request.body.method === NativeExtensionMethod.HandshakeRequest) { + const handshakeResolver = this.handshakeResolvers.get(request.responseId); + /* + * Filter out responses with no matched resolvers sooner to keep channel ports open while waiting for + * the proper response. + */ + if (!handshakeResolver) { + this.logger.trace(`NativeMessageHandler.onWindowMessage - resolver can't be found for request ${request.responseId}`); + return; + } + // If we receive this message back it means no extension intercepted the request, meaning no extension supporting handshake protocol is installed + this.logger.verbose(request.extensionId + ? `Extension with id: ${request.extensionId} not installed` + : "No extension installed"); + clearTimeout(this.timeoutId); + this.messageChannel.port1.close(); + this.messageChannel.port2.close(); + window.removeEventListener("message", this.windowListener, false); + this.handshakeEvent.end({ + success: false, + extensionInstalled: false, + }); + handshakeResolver.reject(createBrowserAuthError(nativeExtensionNotInstalled)); + } + } + /** + * Invoked when a message is received from the extension on the MessageChannel port + * @param event + */ + onChannelMessage(event) { + this.logger.trace("NativeMessageHandler - onChannelMessage called."); + const request = event.data; + const resolver = this.resolvers.get(request.responseId); + const handshakeResolver = this.handshakeResolvers.get(request.responseId); + try { + const method = request.body.method; + if (method === NativeExtensionMethod.Response) { + if (!resolver) { + return; + } + const response = request.body.response; + this.logger.trace("NativeMessageHandler - Received response from browser extension"); + this.logger.tracePii(`NativeMessageHandler - Received response from browser extension: ${JSON.stringify(response)}`); + if (response.status !== "Success") { + resolver.reject(createNativeAuthError(response.code, response.description, response.ext)); + } + else if (response.result) { + if (response.result["code"] && + response.result["description"]) { + resolver.reject(createNativeAuthError(response.result["code"], response.result["description"], response.result["ext"])); + } + else { + resolver.resolve(response.result); + } + } + else { + throw createAuthError(unexpectedError, "Event does not contain result."); + } + this.resolvers.delete(request.responseId); + } + else if (method === NativeExtensionMethod.HandshakeResponse) { + if (!handshakeResolver) { + this.logger.trace(`NativeMessageHandler.onChannelMessage - resolver can't be found for request ${request.responseId}`); + return; + } + clearTimeout(this.timeoutId); // Clear setTimeout + window.removeEventListener("message", this.windowListener, false); // Remove 'No extension' listener + this.extensionId = request.extensionId; + this.extensionVersion = request.body.version; + this.logger.verbose(`NativeMessageHandler - Received HandshakeResponse from extension: ${this.extensionId}`); + this.handshakeEvent.end({ + extensionInstalled: true, + success: true, + }); + handshakeResolver.resolve(); + this.handshakeResolvers.delete(request.responseId); + } + // Do nothing if method is not Response or HandshakeResponse + } + catch (err) { + this.logger.error("Error parsing response from WAM Extension"); + this.logger.errorPii(`Error parsing response from WAM Extension: ${err}`); + this.logger.errorPii(`Unable to parse ${event}`); + if (resolver) { + resolver.reject(err); + } + else if (handshakeResolver) { + handshakeResolver.reject(err); + } + } + } + /** + * Returns the Id for the browser extension this handler is communicating with + * @returns + */ + getExtensionId() { + return this.extensionId; + } + /** + * Returns the version for the browser extension this handler is communicating with + * @returns + */ + getExtensionVersion() { + return this.extensionVersion; + } + /** + * Returns boolean indicating whether or not the request should attempt to use native broker + * @param logger + * @param config + * @param nativeExtensionProvider + * @param authenticationScheme + */ + static isNativeAvailable(config, logger, nativeExtensionProvider, authenticationScheme) { + logger.trace("isNativeAvailable called"); + if (!config.system.allowNativeBroker) { + logger.trace("isNativeAvailable: allowNativeBroker is not enabled, returning false"); + // Developer disabled WAM + return false; + } + if (!nativeExtensionProvider) { + logger.trace("isNativeAvailable: WAM extension provider is not initialized, returning false"); + // Extension is not available + return false; + } + if (authenticationScheme) { + switch (authenticationScheme) { + case AuthenticationScheme.BEARER: + case AuthenticationScheme.POP: + logger.trace("isNativeAvailable: authenticationScheme is supported, returning true"); + return true; + default: + logger.trace("isNativeAvailable: authenticationScheme is not supported, returning false"); + return false; + } + } + return true; + } } -//# sourceMappingURL=SilentAuthCodeClient.mjs.map +//# sourceMappingURL=NativeMessageHandler.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/controllers/StandardController.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_handler/InteractionHandler.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Abstract class which defines operations for a browser interaction handling class. + */ +class InteractionHandler { + constructor(authCodeModule, storageImpl, authCodeRequest, logger, performanceClient) { + this.authModule = authCodeModule; + this.browserStorage = storageImpl; + this.authCodeRequest = authCodeRequest; + this.logger = logger; + this.performanceClient = performanceClient; + } + /** + * Function to handle response parameters from hash. + * @param locationHash + */ + async handleCodeResponse(response, request) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponse, request.correlationId); + let authCodeResponse; + try { + authCodeResponse = this.authModule.handleFragmentResponse(response, request.state); + } + catch (e) { + if (e instanceof ServerError && + e.subError === userCancelled) { + // Translate server error caused by user closing native prompt to corresponding first class MSAL error + throw createBrowserAuthError(userCancelled); + } + else { + throw e; + } + } + return invokeAsync(this.handleCodeResponseFromServer.bind(this), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)(authCodeResponse, request); + } + /** + * Process auth code response from AAD + * @param authCodeResponse + * @param state + * @param authority + * @param networkModule + * @returns + */ + async handleCodeResponseFromServer(authCodeResponse, request, validateNonce = true) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponseFromServer, request.correlationId); + this.logger.trace("InteractionHandler.handleCodeResponseFromServer called"); + // Assign code to request + this.authCodeRequest.code = authCodeResponse.code; + // Check for new cloud instance + if (authCodeResponse.cloud_instance_host_name) { + await invokeAsync(this.authModule.updateAuthority.bind(this.authModule), PerformanceEvents.UpdateTokenEndpointAuthority, this.logger, this.performanceClient, request.correlationId)(authCodeResponse.cloud_instance_host_name, request.correlationId); + } + // Nonce validation not needed when redirect not involved (e.g. hybrid spa, renewing token via rt) + if (validateNonce) { + // TODO: Assigning "response nonce" to "request nonce" is confusing. Refactor the function doing validation to accept request nonce directly + authCodeResponse.nonce = request.nonce || undefined; + } + authCodeResponse.state = request.state; + // Add CCS parameters if available + if (authCodeResponse.client_info) { + this.authCodeRequest.clientInfo = authCodeResponse.client_info; + } + else { + const ccsCred = this.createCcsCredentials(request); + if (ccsCred) { + this.authCodeRequest.ccsCredential = ccsCred; + } + } + // Acquire token with retrieved code. + const tokenResponse = (await invokeAsync(this.authModule.acquireToken.bind(this.authModule), PerformanceEvents.AuthClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(this.authCodeRequest, authCodeResponse)); + return tokenResponse; + } + /** + * Build ccs creds if available + */ + createCcsCredentials(request) { + if (request.account) { + return { + credential: request.account.homeAccountId, + type: CcsCredentialType.HOME_ACCOUNT_ID, + }; + } + else if (request.loginHint) { + return { + credential: request.loginHint, + type: CcsCredentialType.UPN, + }; + } + return null; + } +} +//# sourceMappingURL=InteractionHandler.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/response/ResponseHandler.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +function deserializeResponse(responseString, responseLocation, logger) { + // Deserialize hash fragment response parameters. + const serverParams = getDeserializedResponse(responseString); + if (!serverParams) { + if (!stripLeadingHashOrQuery(responseString)) { + // Hash or Query string is empty + logger.error(`The request has returned to the redirectUri but a ${responseLocation} is not present. It's likely that the ${responseLocation} has been removed or the page has been redirected by code running on the redirectUri page.`); + throw createBrowserAuthError(hashEmptyError); + } + else { + logger.error(`A ${responseLocation} is present in the iframe but it does not contain known properties. It's likely that the ${responseLocation} has been replaced by code running on the redirectUri page.`); + logger.errorPii(`The ${responseLocation} detected is: ${responseString}`); + throw createBrowserAuthError(hashDoesNotContainKnownProperties); + } + } + return serverParams; +} +/** + * Returns the interaction type that the response object belongs to + */ +function validateInteractionType(response, browserCrypto, interactionType) { + if (!response.state) { + throw createBrowserAuthError(noStateInHash); + } + const platformStateObj = extractBrowserRequestState(browserCrypto, response.state); + if (!platformStateObj) { + throw createBrowserAuthError(unableToParseState); + } + if (platformStateObj.interactionType !== interactionType) { + throw createBrowserAuthError(stateInteractionTypeMismatch); + } +} +//# sourceMappingURL=ResponseHandler.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_client/PopupClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class PopupClient extends StandardInteractionClient { + constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, nativeMessageHandler, correlationId) { + super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId); + // Properly sets this reference for the unload event. + this.unloadWindow = this.unloadWindow.bind(this); + this.nativeStorage = nativeStorageImpl; + } + /** + * Acquires tokens by opening a popup window to the /authorize endpoint of the authority + * @param request + */ + acquireToken(request) { + try { + const popupName = this.generatePopupName(request.scopes || OIDC_DEFAULT_SCOPES, request.authority || this.config.auth.authority); + const popupWindowAttributes = request.popupWindowAttributes || {}; + // asyncPopups flag is true. Acquires token without first opening popup. Popup will be opened later asynchronously. + if (this.config.system.asyncPopups) { + this.logger.verbose("asyncPopups set to true, acquiring token"); + // Passes on popup position and dimensions if in request + return this.acquireTokenPopupAsync(request, popupName, popupWindowAttributes); + } + else { + // asyncPopups flag is set to false. Opens popup before acquiring token. + this.logger.verbose("asyncPopup set to false, opening popup before acquiring token"); + const popup = this.openSizedPopup("about:blank", popupName, popupWindowAttributes); + return this.acquireTokenPopupAsync(request, popupName, popupWindowAttributes, popup); + } + } + catch (e) { + return Promise.reject(e); + } + } + /** + * Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server + * @param logoutRequest + */ + logout(logoutRequest) { + try { + this.logger.verbose("logoutPopup called"); + const validLogoutRequest = this.initializeLogoutRequest(logoutRequest); + const popupName = this.generateLogoutPopupName(validLogoutRequest); + const authority = logoutRequest && logoutRequest.authority; + const mainWindowRedirectUri = logoutRequest && logoutRequest.mainWindowRedirectUri; + const popupWindowAttributes = logoutRequest?.popupWindowAttributes || {}; + // asyncPopups flag is true. Acquires token without first opening popup. Popup will be opened later asynchronously. + if (this.config.system.asyncPopups) { + this.logger.verbose("asyncPopups set to true"); + // Passes on popup position and dimensions if in request + return this.logoutPopupAsync(validLogoutRequest, popupName, popupWindowAttributes, authority, undefined, mainWindowRedirectUri); + } + else { + // asyncPopups flag is set to false. Opens popup before logging out. + this.logger.verbose("asyncPopup set to false, opening popup"); + const popup = this.openSizedPopup("about:blank", popupName, popupWindowAttributes); + return this.logoutPopupAsync(validLogoutRequest, popupName, popupWindowAttributes, authority, popup, mainWindowRedirectUri); + } + } + catch (e) { + // Since this function is synchronous we need to reject + return Promise.reject(e); + } + } + /** + * Helper which obtains an access_token for your API via opening a popup window in the user's browser + * @param validRequest + * @param popupName + * @param popup + * @param popupWindowAttributes + * + * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. + */ + async acquireTokenPopupAsync(request, popupName, popupWindowAttributes, popup) { + this.logger.verbose("acquireTokenPopupAsync called"); + const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenPopup); + const validRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(request, InteractionType.Popup); + preconnect(validRequest.authority); + try { + // Create auth code request and generate PKCE params + const authCodeRequest = await invokeAsync(this.initializeAuthorizationCodeRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.logger, this.performanceClient, this.correlationId)(validRequest); + // Initialize the client + const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, validRequest.authority, validRequest.azureCloudOptions, validRequest.account); + const isNativeBroker = NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, request.authenticationScheme); + // Start measurement for server calls with native brokering enabled + let fetchNativeAccountIdMeasurement; + if (isNativeBroker) { + fetchNativeAccountIdMeasurement = + this.performanceClient.startMeasurement(PerformanceEvents.FetchAccountIdWithNativeBroker, request.correlationId); + } + // Create acquire token url. + const navigateUrl = await authClient.getAuthCodeUrl({ + ...validRequest, + nativeBroker: isNativeBroker, + }); + // Create popup interaction handler. + const interactionHandler = new InteractionHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient); + // Show the UI once the url has been created. Get the window handle for the popup. + const popupParameters = { + popup, + popupName, + popupWindowAttributes, + }; + const popupWindow = this.initiateAuthRequest(navigateUrl, popupParameters); + this.eventHandler.emitEvent(EventType.POPUP_OPENED, InteractionType.Popup, { popupWindow }, null); + // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds. + const responseString = await this.monitorPopupForHash(popupWindow); + const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger); + // Remove throttle if it exists + ThrottlingUtils.removeThrottle(this.browserStorage, this.config.auth.clientId, authCodeRequest); + if (serverParams.accountId) { + this.logger.verbose("Account id found in hash, calling WAM for token"); + // end measurement for server call with native brokering enabled + if (fetchNativeAccountIdMeasurement) { + fetchNativeAccountIdMeasurement.end({ + success: true, + isNativeBroker: true, + }); + } + if (!this.nativeMessageHandler) { + throw createBrowserAuthError(nativeConnectionNotEstablished); + } + const nativeInteractionClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenPopup, this.performanceClient, this.nativeMessageHandler, serverParams.accountId, this.nativeStorage, validRequest.correlationId); + const { userRequestState } = ProtocolUtils.parseRequestState(this.browserCrypto, validRequest.state); + return await nativeInteractionClient.acquireToken({ + ...validRequest, + state: userRequestState, + prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently + }); + } + // Handle response from hash string. + const result = await interactionHandler.handleCodeResponse(serverParams, validRequest); + return result; + } + catch (e) { + if (popup) { + // Close the synchronous popup if an error is thrown before the window unload event is registered + popup.close(); + } + if (e instanceof AuthError) { + e.setCorrelationId(this.correlationId); + serverTelemetryManager.cacheFailedRequest(e); + } + throw e; + } + } + /** + * + * @param validRequest + * @param popupName + * @param requestAuthority + * @param popup + * @param mainWindowRedirectUri + * @param popupWindowAttributes + */ + async logoutPopupAsync(validRequest, popupName, popupWindowAttributes, requestAuthority, popup, mainWindowRedirectUri) { + this.logger.verbose("logoutPopupAsync called"); + this.eventHandler.emitEvent(EventType.LOGOUT_START, InteractionType.Popup, validRequest); + const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.logoutPopup); + try { + // Clear cache on logout + await this.clearCacheOnLogout(validRequest.account); + // Initialize the client + const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, requestAuthority, undefined, // AzureCloudOptions + validRequest.account || undefined); + try { + authClient.authority.endSessionEndpoint; + } + catch { + if (validRequest.account?.homeAccountId && + validRequest.postLogoutRedirectUri && + authClient.authority.protocolMode === ProtocolMode.OIDC) { + void this.browserStorage.removeAccount(validRequest.account?.homeAccountId); + this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, InteractionType.Popup, validRequest); + if (mainWindowRedirectUri) { + const navigationOptions = { + apiId: ApiId.logoutPopup, + timeout: this.config.system.redirectNavigationTimeout, + noHistory: false, + }; + const absoluteUrl = UrlString.getAbsoluteUrl(mainWindowRedirectUri, getCurrentUri()); + await this.navigationClient.navigateInternal(absoluteUrl, navigationOptions); + } + if (popup) { + popup.close(); + } + return; + } + } + // Create logout string and navigate user window to logout. + const logoutUri = authClient.getLogoutUri(validRequest); + this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, InteractionType.Popup, validRequest); + // Open the popup window to requestUrl. + const popupWindow = this.openPopup(logoutUri, { + popupName, + popupWindowAttributes, + popup, + }); + this.eventHandler.emitEvent(EventType.POPUP_OPENED, InteractionType.Popup, { popupWindow }, null); + await this.monitorPopupForHash(popupWindow).catch(() => { + // Swallow any errors related to monitoring the window. Server logout is best effort + }); + if (mainWindowRedirectUri) { + const navigationOptions = { + apiId: ApiId.logoutPopup, + timeout: this.config.system.redirectNavigationTimeout, + noHistory: false, + }; + const absoluteUrl = UrlString.getAbsoluteUrl(mainWindowRedirectUri, getCurrentUri()); + this.logger.verbose("Redirecting main window to url specified in the request"); + this.logger.verbosePii(`Redirecting main window to: ${absoluteUrl}`); + await this.navigationClient.navigateInternal(absoluteUrl, navigationOptions); + } + else { + this.logger.verbose("No main window navigation requested"); + } + } + catch (e) { + if (popup) { + // Close the synchronous popup if an error is thrown before the window unload event is registered + popup.close(); + } + if (e instanceof AuthError) { + e.setCorrelationId(this.correlationId); + serverTelemetryManager.cacheFailedRequest(e); + } + this.browserStorage.setInteractionInProgress(false); + this.eventHandler.emitEvent(EventType.LOGOUT_FAILURE, InteractionType.Popup, null, e); + this.eventHandler.emitEvent(EventType.LOGOUT_END, InteractionType.Popup); + throw e; + } + this.eventHandler.emitEvent(EventType.LOGOUT_END, InteractionType.Popup); + } + /** + * Opens a popup window with given request Url. + * @param requestUrl + */ + initiateAuthRequest(requestUrl, params) { + // Check that request url is not empty. + if (requestUrl) { + this.logger.infoPii(`Navigate to: ${requestUrl}`); + // Open the popup window to requestUrl. + return this.openPopup(requestUrl, params); + } + else { + // Throw error if request URL is empty. + this.logger.error("Navigate url is empty"); + throw createBrowserAuthError(emptyNavigateUri); + } + } + /** + * Monitors a window until it loads a url with the same origin. + * @param popupWindow - window that is being monitored + * @param timeout - timeout for processing hash once popup is redirected back to application + */ + monitorPopupForHash(popupWindow) { + return new Promise((resolve, reject) => { + this.logger.verbose("PopupHandler.monitorPopupForHash - polling started"); + const intervalId = setInterval(() => { + // Window is closed + if (popupWindow.closed) { + this.logger.error("PopupHandler.monitorPopupForHash - window closed"); + clearInterval(intervalId); + reject(createBrowserAuthError(userCancelled)); + return; + } + let href = ""; + try { + /* + * Will throw if cross origin, + * which should be caught and ignored + * since we need the interval to keep running while on STS UI. + */ + href = popupWindow.location.href; + } + catch (e) { } + // Don't process blank pages or cross domain + if (!href || href === "about:blank") { + return; + } + clearInterval(intervalId); + let responseString = ""; + const responseType = this.config.auth.OIDCOptions.serverResponseType; + if (popupWindow) { + if (responseType === ServerResponseType.QUERY) { + responseString = popupWindow.location.search; + } + else { + responseString = popupWindow.location.hash; + } + } + this.logger.verbose("PopupHandler.monitorPopupForHash - popup window is on same origin as caller"); + resolve(responseString); + }, this.config.system.pollIntervalMilliseconds); + }).finally(() => { + this.cleanPopup(popupWindow); + }); + } + /** + * @hidden + * + * Configures popup window for login. + * + * @param urlNavigate + * @param title + * @param popUpWidth + * @param popUpHeight + * @param popupWindowAttributes + * @ignore + * @hidden + */ + openPopup(urlNavigate, popupParams) { + try { + let popupWindow; + // Popup window passed in, setting url to navigate to + if (popupParams.popup) { + popupWindow = popupParams.popup; + this.logger.verbosePii(`Navigating popup window to: ${urlNavigate}`); + popupWindow.location.assign(urlNavigate); + } + else if (typeof popupParams.popup === "undefined") { + // Popup will be undefined if it was not passed in + this.logger.verbosePii(`Opening popup window to: ${urlNavigate}`); + popupWindow = this.openSizedPopup(urlNavigate, popupParams.popupName, popupParams.popupWindowAttributes); + } + // Popup will be null if popups are blocked + if (!popupWindow) { + throw createBrowserAuthError(emptyWindowError); + } + if (popupWindow.focus) { + popupWindow.focus(); + } + this.currentWindow = popupWindow; + window.addEventListener("beforeunload", this.unloadWindow); + return popupWindow; + } + catch (e) { + this.logger.error("error opening popup " + e.message); + this.browserStorage.setInteractionInProgress(false); + throw createBrowserAuthError(popupWindowError); + } + } + /** + * Helper function to set popup window dimensions and position + * @param urlNavigate + * @param popupName + * @param popupWindowAttributes + * @returns + */ + openSizedPopup(urlNavigate, popupName, popupWindowAttributes) { + /** + * adding winLeft and winTop to account for dual monitor + * using screenLeft and screenTop for IE8 and earlier + */ + const winLeft = window.screenLeft ? window.screenLeft : window.screenX; + const winTop = window.screenTop ? window.screenTop : window.screenY; + /** + * window.innerWidth displays browser window"s height and width excluding toolbars + * using document.documentElement.clientWidth for IE8 and earlier + */ + const winWidth = window.innerWidth || + document.documentElement.clientWidth || + document.body.clientWidth; + const winHeight = window.innerHeight || + document.documentElement.clientHeight || + document.body.clientHeight; + let width = popupWindowAttributes.popupSize?.width; + let height = popupWindowAttributes.popupSize?.height; + let top = popupWindowAttributes.popupPosition?.top; + let left = popupWindowAttributes.popupPosition?.left; + if (!width || width < 0 || width > winWidth) { + this.logger.verbose("Default popup window width used. Window width not configured or invalid."); + width = BrowserConstants.POPUP_WIDTH; + } + if (!height || height < 0 || height > winHeight) { + this.logger.verbose("Default popup window height used. Window height not configured or invalid."); + height = BrowserConstants.POPUP_HEIGHT; + } + if (!top || top < 0 || top > winHeight) { + this.logger.verbose("Default popup window top position used. Window top not configured or invalid."); + top = Math.max(0, winHeight / 2 - BrowserConstants.POPUP_HEIGHT / 2 + winTop); + } + if (!left || left < 0 || left > winWidth) { + this.logger.verbose("Default popup window left position used. Window left not configured or invalid."); + left = Math.max(0, winWidth / 2 - BrowserConstants.POPUP_WIDTH / 2 + winLeft); + } + return window.open(urlNavigate, popupName, `width=${width}, height=${height}, top=${top}, left=${left}, scrollbars=yes`); + } + /** + * Event callback to unload main window. + */ + unloadWindow(e) { + this.browserStorage.cleanRequestByInteractionType(InteractionType.Popup); + if (this.currentWindow) { + this.currentWindow.close(); + } + // Guarantees browser unload will happen, so no other errors will be thrown. + e.preventDefault(); + } + /** + * Closes popup, removes any state vars created during popup calls. + * @param popupWindow + */ + cleanPopup(popupWindow) { + if (popupWindow) { + // Close window. + popupWindow.close(); + } + // Remove window unload function + window.removeEventListener("beforeunload", this.unloadWindow); + // Interaction is completed - remove interaction status. + this.browserStorage.setInteractionInProgress(false); + } + /** + * Generates the name for the popup based on the client id and request + * @param clientId + * @param request + */ + generatePopupName(scopes, authority) { + return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${scopes.join("-")}.${authority}.${this.correlationId}`; + } + /** + * Generates the name for the popup based on the client id and request for logouts + * @param clientId + * @param request + */ + generateLogoutPopupName(request) { + const homeAccountId = request.account && request.account.homeAccountId; + return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`; + } +} +//# sourceMappingURL=PopupClient.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_handler/RedirectHandler.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class RedirectHandler { + constructor(authCodeModule, storageImpl, authCodeRequest, logger, performanceClient) { + this.authModule = authCodeModule; + this.browserStorage = storageImpl; + this.authCodeRequest = authCodeRequest; + this.logger = logger; + this.performanceClient = performanceClient; + } + /** + * Redirects window to given URL. + * @param urlNavigate + */ + async initiateAuthRequest(requestUrl, params) { + this.logger.verbose("RedirectHandler.initiateAuthRequest called"); + // Navigate if valid URL + if (requestUrl) { + // Cache start page, returns to this page after redirectUri if navigateToLoginRequestUrl is true + if (params.redirectStartPage) { + this.logger.verbose("RedirectHandler.initiateAuthRequest: redirectStartPage set, caching start page"); + this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, params.redirectStartPage, true); + } + // Set interaction status in the library. + this.browserStorage.setTemporaryCache(TemporaryCacheKeys.CORRELATION_ID, this.authCodeRequest.correlationId, true); + this.browserStorage.cacheCodeRequest(this.authCodeRequest); + this.logger.infoPii(`RedirectHandler.initiateAuthRequest: Navigate to: ${requestUrl}`); + const navigationOptions = { + apiId: ApiId.acquireTokenRedirect, + timeout: params.redirectTimeout, + noHistory: false, + }; + // If onRedirectNavigate is implemented, invoke it and provide requestUrl + if (typeof params.onRedirectNavigate === "function") { + this.logger.verbose("RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback"); + const navigate = params.onRedirectNavigate(requestUrl); + // Returning false from onRedirectNavigate will stop navigation + if (navigate !== false) { + this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"); + await params.navigationClient.navigateExternal(requestUrl, navigationOptions); + return; + } + else { + this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation"); + return; + } + } + else { + // Navigate window to request URL + this.logger.verbose("RedirectHandler.initiateAuthRequest: Navigating window to navigate url"); + await params.navigationClient.navigateExternal(requestUrl, navigationOptions); + return; + } + } + else { + // Throw error if request URL is empty. + this.logger.info("RedirectHandler.initiateAuthRequest: Navigate url is empty"); + throw createBrowserAuthError(emptyNavigateUri); + } + } + /** + * Handle authorization code response in the window. + * @param hash + */ + async handleCodeResponse(response, state) { + this.logger.verbose("RedirectHandler.handleCodeResponse called"); + // Interaction is completed - remove interaction status. + this.browserStorage.setInteractionInProgress(false); + // Handle code response. + const stateKey = this.browserStorage.generateStateKey(state); + const requestState = this.browserStorage.getTemporaryCache(stateKey); + if (!requestState) { + throw createClientAuthError(stateNotFound, "Cached State"); + } + let authCodeResponse; + try { + authCodeResponse = this.authModule.handleFragmentResponse(response, requestState); + } + catch (e) { + if (e instanceof ServerError && + e.subError === userCancelled) { + // Translate server error caused by user closing native prompt to corresponding first class MSAL error + throw createBrowserAuthError(userCancelled); + } + else { + throw e; + } + } + // Get cached items + const nonceKey = this.browserStorage.generateNonceKey(requestState); + const cachedNonce = this.browserStorage.getTemporaryCache(nonceKey); + // Assign code to request + this.authCodeRequest.code = authCodeResponse.code; + // Check for new cloud instance + if (authCodeResponse.cloud_instance_host_name) { + await invokeAsync(this.authModule.updateAuthority.bind(this.authModule), PerformanceEvents.UpdateTokenEndpointAuthority, this.logger, this.performanceClient, this.authCodeRequest.correlationId)(authCodeResponse.cloud_instance_host_name, this.authCodeRequest.correlationId); + } + authCodeResponse.nonce = cachedNonce || undefined; + authCodeResponse.state = requestState; + // Add CCS parameters if available + if (authCodeResponse.client_info) { + this.authCodeRequest.clientInfo = authCodeResponse.client_info; + } + else { + const cachedCcsCred = this.checkCcsCredentials(); + if (cachedCcsCred) { + this.authCodeRequest.ccsCredential = cachedCcsCred; + } + } + // Acquire token with retrieved code. + const tokenResponse = (await this.authModule.acquireToken(this.authCodeRequest, authCodeResponse)); + this.browserStorage.cleanRequestByState(state); + return tokenResponse; + } + /** + * Looks up ccs creds in the cache + */ + checkCcsCredentials() { + // Look up ccs credential in temp cache + const cachedCcsCred = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, true); + if (cachedCcsCred) { + try { + return JSON.parse(cachedCcsCred); + } + catch (e) { + this.authModule.logger.error("Cache credential could not be parsed"); + this.authModule.logger.errorPii(`Cache credential could not be parsed: ${cachedCcsCred}`); + } + } + return null; + } +} +//# sourceMappingURL=RedirectHandler.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_client/RedirectClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class RedirectClient extends StandardInteractionClient { + constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, nativeMessageHandler, correlationId) { + super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId); + this.nativeStorage = nativeStorageImpl; + } + /** + * Redirects the page to the /authorize endpoint of the IDP + * @param request + */ + async acquireToken(request) { + const validRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(request, InteractionType.Redirect); + this.browserStorage.updateCacheEntries(validRequest.state, validRequest.nonce, validRequest.authority, validRequest.loginHint || "", validRequest.account || null); + const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenRedirect); + const handleBackButton = (event) => { + // Clear temporary cache if the back button is clicked during the redirect flow. + if (event.persisted) { + this.logger.verbose("Page was restored from back/forward cache. Clearing temporary cache."); + this.browserStorage.cleanRequestByState(validRequest.state); + this.eventHandler.emitEvent(EventType.RESTORE_FROM_BFCACHE, InteractionType.Redirect); + } + }; + try { + // Create auth code request and generate PKCE params + const authCodeRequest = await invokeAsync(this.initializeAuthorizationCodeRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.logger, this.performanceClient, this.correlationId)(validRequest); + // Initialize the client + const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, validRequest.authority, validRequest.azureCloudOptions, validRequest.account); + // Create redirect interaction handler. + const interactionHandler = new RedirectHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient); + // Create acquire token url. + const navigateUrl = await authClient.getAuthCodeUrl({ + ...validRequest, + nativeBroker: NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, request.authenticationScheme), + }); + const redirectStartPage = this.getRedirectStartPage(request.redirectStartPage); + this.logger.verbosePii(`Redirect start page: ${redirectStartPage}`); + // Clear temporary cache if the back button is clicked during the redirect flow. + window.addEventListener("pageshow", handleBackButton); + // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function. + return await interactionHandler.initiateAuthRequest(navigateUrl, { + navigationClient: this.navigationClient, + redirectTimeout: this.config.system.redirectNavigationTimeout, + redirectStartPage: redirectStartPage, + onRedirectNavigate: request.onRedirectNavigate || + this.config.auth.onRedirectNavigate, + }); + } + catch (e) { + if (e instanceof AuthError) { + e.setCorrelationId(this.correlationId); + serverTelemetryManager.cacheFailedRequest(e); + } + window.removeEventListener("pageshow", handleBackButton); + this.browserStorage.cleanRequestByState(validRequest.state); + throw e; + } + } + /** + * Checks if navigateToLoginRequestUrl is set, and: + * - if true, performs logic to cache and navigate + * - if false, handles hash string and parses response + * @param hash {string} url hash + * @param parentMeasurement {InProgressPerformanceEvent} parent measurement + */ + async handleRedirectPromise(hash = "", parentMeasurement) { + const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.handleRedirectPromise); + try { + if (!this.browserStorage.isInteractionInProgress(true)) { + this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."); + return null; + } + const [serverParams, responseString] = this.getRedirectResponse(hash || ""); + if (!serverParams) { + // Not a recognized server response hash or hash not associated with a redirect request + this.logger.info("handleRedirectPromise did not detect a response as a result of a redirect. Cleaning temporary cache."); + this.browserStorage.cleanRequestByInteractionType(InteractionType.Redirect); + parentMeasurement.event.errorCode = "no_server_response"; + return null; + } + // If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated + const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, true) || Constants.EMPTY_STRING; + const loginRequestUrlNormalized = UrlString.removeHashFromUrl(loginRequestUrl); + const currentUrlNormalized = UrlString.removeHashFromUrl(window.location.href); + if (loginRequestUrlNormalized === currentUrlNormalized && + this.config.auth.navigateToLoginRequestUrl) { + // We are on the page we need to navigate to - handle hash + this.logger.verbose("Current page is loginRequestUrl, handling response"); + if (loginRequestUrl.indexOf("#") > -1) { + // Replace current hash with non-msal hash, if present + replaceHash(loginRequestUrl); + } + const handleHashResult = await this.handleResponse(serverParams, serverTelemetryManager); + return handleHashResult; + } + else if (!this.config.auth.navigateToLoginRequestUrl) { + this.logger.verbose("NavigateToLoginRequestUrl set to false, handling response"); + return await this.handleResponse(serverParams, serverTelemetryManager); + } + else if (!isInIframe() || + this.config.system.allowRedirectInIframe) { + /* + * Returned from authority using redirect - need to perform navigation before processing response + * Cache the hash to be retrieved after the next redirect + */ + this.browserStorage.setTemporaryCache(TemporaryCacheKeys.URL_HASH, responseString, true); + const navigationOptions = { + apiId: ApiId.handleRedirectPromise, + timeout: this.config.system.redirectNavigationTimeout, + noHistory: true, + }; + /** + * Default behavior is to redirect to the start page and not process the hash now. + * The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above. + */ + let processHashOnRedirect = true; + if (!loginRequestUrl || loginRequestUrl === "null") { + // Redirect to home page if login request url is null (real null or the string null) + const homepage = getHomepage(); + // Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage + this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true); + this.logger.warning("Unable to get valid login request url from cache, redirecting to home page"); + processHashOnRedirect = + await this.navigationClient.navigateInternal(homepage, navigationOptions); + } + else { + // Navigate to page that initiated the redirect request + this.logger.verbose(`Navigating to loginRequestUrl: ${loginRequestUrl}`); + processHashOnRedirect = + await this.navigationClient.navigateInternal(loginRequestUrl, navigationOptions); + } + // If navigateInternal implementation returns false, handle the hash now + if (!processHashOnRedirect) { + return await this.handleResponse(serverParams, serverTelemetryManager); + } + } + return null; + } + catch (e) { + if (e instanceof AuthError) { + e.setCorrelationId(this.correlationId); + serverTelemetryManager.cacheFailedRequest(e); + } + this.browserStorage.cleanRequestByInteractionType(InteractionType.Redirect); + throw e; + } + } + /** + * Gets the response hash for a redirect request + * Returns null if interactionType in the state value is not "redirect" or the hash does not contain known properties + * @param hash + */ + getRedirectResponse(userProvidedResponse) { + this.logger.verbose("getRedirectResponseHash called"); + // Get current location hash from window or cache. + let responseString = userProvidedResponse; + if (!responseString) { + if (this.config.auth.OIDCOptions.serverResponseType === + ServerResponseType.QUERY) { + responseString = window.location.search; + } + else { + responseString = window.location.hash; + } + } + let response = getDeserializedResponse(responseString); + if (response) { + try { + validateInteractionType(response, this.browserCrypto, InteractionType.Redirect); + } + catch (e) { + if (e instanceof AuthError) { + this.logger.error(`Interaction type validation failed due to ${e.errorCode}: ${e.errorMessage}`); + } + return [null, ""]; + } + clearHash(window); + this.logger.verbose("Hash contains known properties, returning response hash"); + return [response, responseString]; + } + const cachedHash = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.URL_HASH, true); + this.browserStorage.removeItem(this.browserStorage.generateCacheKey(TemporaryCacheKeys.URL_HASH)); + if (cachedHash) { + response = getDeserializedResponse(cachedHash); + if (response) { + this.logger.verbose("Hash does not contain known properties, returning cached hash"); + return [response, cachedHash]; + } + } + return [null, ""]; + } + /** + * Checks if hash exists and handles in window. + * @param hash + * @param state + */ + async handleResponse(serverParams, serverTelemetryManager) { + const state = serverParams.state; + if (!state) { + throw createBrowserAuthError(noStateInHash); + } + const cachedRequest = this.browserStorage.getCachedRequest(state); + this.logger.verbose("handleResponse called, retrieved cached request"); + if (serverParams.accountId) { + this.logger.verbose("Account id found in hash, calling WAM for token"); + if (!this.nativeMessageHandler) { + throw createBrowserAuthError(nativeConnectionNotEstablished); + } + const nativeInteractionClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenPopup, this.performanceClient, this.nativeMessageHandler, serverParams.accountId, this.nativeStorage, cachedRequest.correlationId); + const { userRequestState } = ProtocolUtils.parseRequestState(this.browserCrypto, state); + return nativeInteractionClient + .acquireToken({ + ...cachedRequest, + state: userRequestState, + prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently + }) + .finally(() => { + this.browserStorage.cleanRequestByState(state); + }); + } + // Hash contains known properties - handle and return in callback + const currentAuthority = this.browserStorage.getCachedAuthority(state); + if (!currentAuthority) { + throw createBrowserAuthError(noCachedAuthorityError); + } + const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, currentAuthority); + ThrottlingUtils.removeThrottle(this.browserStorage, this.config.auth.clientId, cachedRequest); + const interactionHandler = new RedirectHandler(authClient, this.browserStorage, cachedRequest, this.logger, this.performanceClient); + return interactionHandler.handleCodeResponse(serverParams, state); + } + /** + * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. + * Default behaviour is to redirect the user to `window.location.href`. + * @param logoutRequest + */ + async logout(logoutRequest) { + this.logger.verbose("logoutRedirect called"); + const validLogoutRequest = this.initializeLogoutRequest(logoutRequest); + const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.logout); + try { + this.eventHandler.emitEvent(EventType.LOGOUT_START, InteractionType.Redirect, logoutRequest); + // Clear cache on logout + await this.clearCacheOnLogout(validLogoutRequest.account); + const navigationOptions = { + apiId: ApiId.logout, + timeout: this.config.system.redirectNavigationTimeout, + noHistory: false, + }; + const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, logoutRequest && logoutRequest.authority, undefined, // AzureCloudOptions + (logoutRequest && logoutRequest.account) || undefined); + if (authClient.authority.protocolMode === ProtocolMode.OIDC) { + try { + authClient.authority.endSessionEndpoint; + } + catch { + if (validLogoutRequest.account?.homeAccountId) { + void this.browserStorage.removeAccount(validLogoutRequest.account?.homeAccountId); + this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, InteractionType.Redirect, validLogoutRequest); + return; + } + } + } + // Create logout string and navigate user window to logout. + const logoutUri = authClient.getLogoutUri(validLogoutRequest); + this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, InteractionType.Redirect, validLogoutRequest); + // Check if onRedirectNavigate is implemented, and invoke it if so + if (logoutRequest && + typeof logoutRequest.onRedirectNavigate === "function") { + const navigate = logoutRequest.onRedirectNavigate(logoutUri); + if (navigate !== false) { + this.logger.verbose("Logout onRedirectNavigate did not return false, navigating"); + // Ensure interaction is in progress + if (!this.browserStorage.getInteractionInProgress()) { + this.browserStorage.setInteractionInProgress(true); + } + await this.navigationClient.navigateExternal(logoutUri, navigationOptions); + return; + } + else { + // Ensure interaction is not in progress + this.browserStorage.setInteractionInProgress(false); + this.logger.verbose("Logout onRedirectNavigate returned false, stopping navigation"); + } + } + else { + // Ensure interaction is in progress + if (!this.browserStorage.getInteractionInProgress()) { + this.browserStorage.setInteractionInProgress(true); + } + await this.navigationClient.navigateExternal(logoutUri, navigationOptions); + return; + } + } + catch (e) { + if (e instanceof AuthError) { + e.setCorrelationId(this.correlationId); + serverTelemetryManager.cacheFailedRequest(e); + } + this.eventHandler.emitEvent(EventType.LOGOUT_FAILURE, InteractionType.Redirect, null, e); + this.eventHandler.emitEvent(EventType.LOGOUT_END, InteractionType.Redirect); + throw e; + } + this.eventHandler.emitEvent(EventType.LOGOUT_END, InteractionType.Redirect); + } + /** + * Use to get the redirectStartPage either from request or use current window + * @param requestStartPage + */ + getRedirectStartPage(requestStartPage) { + const redirectStartPage = requestStartPage || window.location.href; + return UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri()); + } +} +//# sourceMappingURL=RedirectClient.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_handler/SilentHandler.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Creates a hidden iframe to given URL using user-requested scopes as an id. + * @param urlNavigate + * @param userRequestScopes + */ +async function initiateAuthRequest(requestUrl, performanceClient, logger, correlationId, navigateFrameWait) { + performanceClient.addQueueMeasurement(PerformanceEvents.SilentHandlerInitiateAuthRequest, correlationId); + if (!requestUrl) { + // Throw error if request URL is empty. + logger.info("Navigate url is empty"); + throw createBrowserAuthError(emptyNavigateUri); + } + if (navigateFrameWait) { + return invokeAsync(loadFrame, PerformanceEvents.SilentHandlerLoadFrame, logger, performanceClient, correlationId)(requestUrl, navigateFrameWait, performanceClient, correlationId); + } + return invoke(loadFrameSync, PerformanceEvents.SilentHandlerLoadFrameSync, logger, performanceClient, correlationId)(requestUrl); +} +/** + * Monitors an iframe content window until it loads a url with a known hash, or hits a specified timeout. + * @param iframe + * @param timeout + */ +async function monitorIframeForHash(iframe, timeout, pollIntervalMilliseconds, performanceClient, logger, correlationId, responseType) { + performanceClient.addQueueMeasurement(PerformanceEvents.SilentHandlerMonitorIframeForHash, correlationId); + return new Promise((resolve, reject) => { + if (timeout < DEFAULT_IFRAME_TIMEOUT_MS) { + logger.warning(`system.loadFrameTimeout or system.iframeHashTimeout set to lower (${timeout}ms) than the default (${DEFAULT_IFRAME_TIMEOUT_MS}ms). This may result in timeouts.`); + } + /* + * Polling for iframes can be purely timing based, + * since we don't need to account for interaction. + */ + const timeoutId = window.setTimeout(() => { + window.clearInterval(intervalId); + reject(createBrowserAuthError(monitorWindowTimeout)); + }, timeout); + const intervalId = window.setInterval(() => { + let href = ""; + const contentWindow = iframe.contentWindow; + try { + /* + * Will throw if cross origin, + * which should be caught and ignored + * since we need the interval to keep running while on STS UI. + */ + href = contentWindow ? contentWindow.location.href : ""; + } + catch (e) { } + if (!href || href === "about:blank") { + return; + } + let responseString = ""; + if (contentWindow) { + if (responseType === ServerResponseType.QUERY) { + responseString = contentWindow.location.search; + } + else { + responseString = contentWindow.location.hash; + } + } + window.clearTimeout(timeoutId); + window.clearInterval(intervalId); + resolve(responseString); + }, pollIntervalMilliseconds); + }).finally(() => { + invoke(removeHiddenIframe, PerformanceEvents.RemoveHiddenIframe, logger, performanceClient, correlationId)(iframe); + }); +} +/** + * @hidden + * Loads iframe with authorization endpoint URL + * @ignore + * @deprecated + */ +function loadFrame(urlNavigate, navigateFrameWait, performanceClient, correlationId) { + performanceClient.addQueueMeasurement(PerformanceEvents.SilentHandlerLoadFrame, correlationId); + /* + * This trick overcomes iframe navigation in IE + * IE does not load the page consistently in iframe + */ + return new Promise((resolve, reject) => { + const frameHandle = createHiddenIframe(); + window.setTimeout(() => { + if (!frameHandle) { + reject("Unable to load iframe"); + return; + } + frameHandle.src = urlNavigate; + resolve(frameHandle); + }, navigateFrameWait); + }); +} +/** + * @hidden + * Loads the iframe synchronously when the navigateTimeFrame is set to `0` + * @param urlNavigate + * @param frameName + * @param logger + */ +function loadFrameSync(urlNavigate) { + const frameHandle = createHiddenIframe(); + frameHandle.src = urlNavigate; + return frameHandle; +} +/** + * @hidden + * Creates a new hidden iframe or gets an existing one for silent token renewal. + * @ignore + */ +function createHiddenIframe() { + const authFrame = document.createElement("iframe"); + authFrame.className = "msalSilentIframe"; + authFrame.style.visibility = "hidden"; + authFrame.style.position = "absolute"; + authFrame.style.width = authFrame.style.height = "0"; + authFrame.style.border = "0"; + authFrame.setAttribute("sandbox", "allow-scripts allow-same-origin allow-forms"); + document.body.appendChild(authFrame); + return authFrame; +} +/** + * @hidden + * Removes a hidden iframe from the page. + * @ignore + */ +function removeHiddenIframe(iframe) { + if (document.body === iframe.parentNode) { + document.body.removeChild(iframe); + } +} +//# sourceMappingURL=SilentHandler.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_client/SilentIframeClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class SilentIframeClient extends StandardInteractionClient { + constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, nativeMessageHandler, correlationId) { + super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId); + this.apiId = apiId; + this.nativeStorage = nativeStorageImpl; + } + /** + * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session + * @param request + */ + async acquireToken(request) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentIframeClientAcquireToken, request.correlationId); + // Check that we have some SSO data + if (!request.loginHint && + !request.sid && + (!request.account || !request.account.username)) { + this.logger.warning("No user hint provided. The authorization server may need more information to complete this request."); + } + // Check the prompt value + const inputRequest = { ...request }; + if (inputRequest.prompt) { + if (inputRequest.prompt !== PromptValue.NONE && + inputRequest.prompt !== PromptValue.NO_SESSION) { + this.logger.warning(`SilentIframeClient. Replacing invalid prompt ${inputRequest.prompt} with ${PromptValue.NONE}`); + inputRequest.prompt = PromptValue.NONE; + } + } + else { + inputRequest.prompt = PromptValue.NONE; + } + // Create silent request + const silentRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, request.correlationId)(inputRequest, InteractionType.Silent); + preconnect(silentRequest.authority); + const serverTelemetryManager = this.initializeServerTelemetryManager(this.apiId); + let authClient; + try { + // Initialize the client + authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)(serverTelemetryManager, silentRequest.authority, silentRequest.azureCloudOptions, silentRequest.account); + return await invokeAsync(this.silentTokenHelper.bind(this), PerformanceEvents.SilentIframeClientTokenHelper, this.logger, this.performanceClient, request.correlationId)(authClient, silentRequest); + } + catch (e) { + if (e instanceof AuthError) { + e.setCorrelationId(this.correlationId); + serverTelemetryManager.cacheFailedRequest(e); + } + if (!authClient || + !(e instanceof AuthError) || + e.errorCode !== BrowserConstants.INVALID_GRANT_ERROR) { + throw e; + } + this.performanceClient.addFields({ + retryError: e.errorCode, + }, this.correlationId); + const retrySilentRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, request.correlationId)(inputRequest, InteractionType.Silent); + return await invokeAsync(this.silentTokenHelper.bind(this), PerformanceEvents.SilentIframeClientTokenHelper, this.logger, this.performanceClient, this.correlationId)(authClient, retrySilentRequest); + } + } + /** + * Currently Unsupported + */ + logout() { + // Synchronous so we must reject + return Promise.reject(createBrowserAuthError(silentLogoutUnsupported)); + } + /** + * Helper which acquires an authorization code silently using a hidden iframe from given url + * using the scopes requested as part of the id, and exchanges the code for a set of OAuth tokens. + * @param navigateUrl + * @param userRequestScopes + */ + async silentTokenHelper(authClient, silentRequest) { + const correlationId = silentRequest.correlationId; + this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentIframeClientTokenHelper, correlationId); + // Create auth code request and generate PKCE params + const authCodeRequest = await invokeAsync(this.initializeAuthorizationCodeRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.logger, this.performanceClient, correlationId)(silentRequest); + // Create authorize request url + const navigateUrl = await invokeAsync(authClient.getAuthCodeUrl.bind(authClient), PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)({ + ...silentRequest, + nativeBroker: NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, silentRequest.authenticationScheme), + }); + // Create silent handler + const interactionHandler = new InteractionHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient); + // Get the frame handle for the silent request + const msalFrame = await invokeAsync(initiateAuthRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait); + const responseType = this.config.auth.OIDCOptions.serverResponseType; + // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds. + const responseString = await invokeAsync(monitorIframeForHash, PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(msalFrame, this.config.system.iframeHashTimeout, this.config.system.pollIntervalMilliseconds, this.performanceClient, this.logger, correlationId, responseType); + const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, responseType, this.logger); + if (serverParams.accountId) { + this.logger.verbose("Account id found in hash, calling WAM for token"); + if (!this.nativeMessageHandler) { + throw createBrowserAuthError(nativeConnectionNotEstablished); + } + const nativeInteractionClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.apiId, this.performanceClient, this.nativeMessageHandler, serverParams.accountId, this.browserStorage, correlationId); + const { userRequestState } = ProtocolUtils.parseRequestState(this.browserCrypto, silentRequest.state); + return invokeAsync(nativeInteractionClient.acquireToken.bind(nativeInteractionClient), PerformanceEvents.NativeInteractionClientAcquireToken, this.logger, this.performanceClient, correlationId)({ + ...silentRequest, + state: userRequestState, + prompt: silentRequest.prompt || PromptValue.NONE, + }); + } + // Handle response from hash string + return invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, this.logger, this.performanceClient, correlationId)(serverParams, silentRequest); + } +} +//# sourceMappingURL=SilentIframeClient.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_client/SilentRefreshClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class SilentRefreshClient extends StandardInteractionClient { + /** + * Exchanges the refresh token for new tokens + * @param request + */ + async acquireToken(request) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentRefreshClientAcquireToken, request.correlationId); + const baseRequest = await invokeAsync(initializeBaseRequest, PerformanceEvents.InitializeBaseRequest, this.logger, this.performanceClient, request.correlationId)(request, this.config, this.performanceClient, this.logger); + const silentRequest = { + ...request, + ...baseRequest, + }; + if (request.redirectUri) { + // Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided + silentRequest.redirectUri = this.getRedirectUri(request.redirectUri); + } + const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow); + const refreshTokenClient = await this.createRefreshTokenClient(serverTelemetryManager, silentRequest.authority, silentRequest.azureCloudOptions, silentRequest.account); + // Send request to renew token. Auth module will throw errors if token cannot be renewed. + return invokeAsync(refreshTokenClient.acquireTokenByRefreshToken.bind(refreshTokenClient), PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, this.logger, this.performanceClient, request.correlationId)(silentRequest).catch((e) => { + e.setCorrelationId(this.correlationId); + serverTelemetryManager.cacheFailedRequest(e); + throw e; + }); + } + /** + * Currently Unsupported + */ + logout() { + // Synchronous so we must reject + return Promise.reject(createBrowserAuthError(silentLogoutUnsupported)); + } + /** + * Creates a Refresh Client with the given authority, or the default authority. + * @param serverTelemetryManager + * @param authorityUrl + */ + async createRefreshTokenClient(serverTelemetryManager, authorityUrl, azureCloudOptions, account) { + // Create auth module. + const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)(serverTelemetryManager, authorityUrl, azureCloudOptions, account); + return new RefreshTokenClient(clientConfig, this.performanceClient); + } +} +//# sourceMappingURL=SilentRefreshClient.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -function getAccountType(account) { - const idTokenClaims = account?.idTokenClaims; - if (idTokenClaims?.tfp || idTokenClaims?.acr) { - return "B2C"; - } - if (!idTokenClaims?.tid) { - return undefined; - } - else if (idTokenClaims?.tid === "9188040d-6c67-4c5b-b112-36a304b66dad") { - return "MSA"; - } - return "AAD"; -} -function StandardController_preflightCheck(initialized, performanceEvent) { - try { - preflightCheck(initialized); - } - catch (e) { - performanceEvent.end({ success: false }, e); - throw e; - } -} -class StandardController_StandardController { - /** - * @constructor - * Constructor for the PublicClientApplication used to instantiate the PublicClientApplication object - * - * Important attributes in the Configuration object for auth are: - * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview - * - authority: the authority URL for your application. - * - redirect_uri: the uri of your application registered in the portal. - * - * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens. - * It is of the form https://login.microsoftonline.com/{Enter_the_Tenant_Info_Here} - * If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com). - * If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations. - * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common. - * To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers. - * - * In Azure B2C, authority is of the form https://{instance}/tfp/{tenant}/{policyName}/ - * Full B2C functionality will be available in this library in future versions. - * - * @param configuration Object for the MSAL PublicClientApplication instance - */ - constructor(operatingContext) { - this.operatingContext = operatingContext; - this.isBrowserEnvironment = - this.operatingContext.isBrowserEnvironment(); - // Set the configuration. - this.config = operatingContext.getConfig(); - this.initialized = false; - // Initialize logger - this.logger = this.operatingContext.getLogger(); - // Initialize the network module class. - this.networkClient = this.config.system.networkClient; - // Initialize the navigation client class. - this.navigationClient = this.config.system.navigationClient; - // Initialize redirectResponse Map - this.redirectResponse = new Map(); - // Initial hybrid spa map - this.hybridAuthCodeResponses = new Map(); - // Initialize performance client - this.performanceClient = this.config.telemetry.client; - // Initialize the crypto class. - this.browserCrypto = this.isBrowserEnvironment - ? new CryptoOps(this.logger, this.performanceClient) - : DEFAULT_CRYPTO_IMPLEMENTATION; - this.eventHandler = new EventHandler(this.logger, this.browserCrypto); - // Initialize the browser storage class. - this.browserStorage = this.isBrowserEnvironment - ? new BrowserCacheManager(this.config.auth.clientId, this.config.cache, this.browserCrypto, this.logger, buildStaticAuthorityOptions(this.config.auth), this.performanceClient) - : DEFAULT_BROWSER_CACHE_MANAGER(this.config.auth.clientId, this.logger); - // initialize in memory storage for native flows - const nativeCacheOptions = { - cacheLocation: BrowserCacheLocation.MemoryStorage, - temporaryCacheLocation: BrowserCacheLocation.MemoryStorage, - storeAuthStateInCookie: false, - secureCookies: false, - cacheMigrationEnabled: false, - claimsBasedCachingEnabled: false, - }; - this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, undefined, this.performanceClient); - // Initialize the token cache - this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto); - this.activeSilentTokenRequests = new Map(); - // Register listener functions - this.trackPageVisibility = this.trackPageVisibility.bind(this); - // Register listener functions - this.trackPageVisibilityWithMeasurement = - this.trackPageVisibilityWithMeasurement.bind(this); - } - static async createController(operatingContext, request) { - const controller = new StandardController_StandardController(operatingContext); - await controller.initialize(request); - return controller; - } - trackPageVisibility(correlationId) { - if (!correlationId) { - return; - } - this.logger.info("Perf: Visibility change detected"); - this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId); - } - /** - * Initializer function to perform async startup tasks such as connecting to WAM extension - * @param request {?InitializeApplicationRequest} correlation id - */ - async initialize(request) { - this.logger.trace("initialize called"); - if (this.initialized) { - this.logger.info("initialize has already been called, exiting early."); - return; - } - const initCorrelationId = request?.correlationId || this.getRequestCorrelationId(); - const allowNativeBroker = this.config.system.allowNativeBroker; - const initMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.InitializeClientApplication, initCorrelationId); - this.eventHandler.emitEvent(EventType.INITIALIZE_START); - if (allowNativeBroker) { - try { - this.nativeExtensionProvider = - await NativeMessageHandler.createProvider(this.logger, this.config.system.nativeBrokerHandshakeTimeout, this.performanceClient); - } - catch (e) { - this.logger.verbose(e); - } - } - if (!this.config.cache.claimsBasedCachingEnabled) { - this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims"); - await invokeAsync(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage), PerformanceEvents.ClearTokensAndKeysWithClaims, this.logger, this.performanceClient, initCorrelationId)(this.performanceClient, initCorrelationId); - } - this.initialized = true; - this.eventHandler.emitEvent(EventType.INITIALIZE_END); - initMeasurement.end({ allowNativeBroker, success: true }); - } - // #region Redirect Flow - /** - * Event handler function which allows users to fire events after the PublicClientApplication object - * has loaded during redirect flows. This should be invoked on all page loads involved in redirect - * auth flows. - * @param hash Hash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value. - * @returns Token response or null. If the return value is null, then no auth redirect was detected. - */ - async handleRedirectPromise(hash) { - this.logger.verbose("handleRedirectPromise called"); - // Block token acquisition before initialize has been called - blockAPICallsBeforeInitialize(this.initialized); - if (this.isBrowserEnvironment) { - /** - * Store the promise on the PublicClientApplication instance if this is the first invocation of handleRedirectPromise, - * otherwise return the promise from the first invocation. Prevents race conditions when handleRedirectPromise is called - * several times concurrently. - */ - const redirectResponseKey = hash || ""; - let response = this.redirectResponse.get(redirectResponseKey); - if (typeof response === "undefined") { - response = this.handleRedirectPromiseInternal(hash); - this.redirectResponse.set(redirectResponseKey, response); - this.logger.verbose("handleRedirectPromise has been called for the first time, storing the promise"); - } - else { - this.logger.verbose("handleRedirectPromise has been called previously, returning the result from the first call"); - } - return response; - } - this.logger.verbose("handleRedirectPromise returns null, not browser environment"); - return null; - } - /** - * The internal details of handleRedirectPromise. This is separated out to a helper to allow handleRedirectPromise to memoize requests - * @param hash - * @returns - */ - async handleRedirectPromiseInternal(hash) { - const loggedInAccounts = this.getAllAccounts(); - const request = this.browserStorage.getCachedNativeRequest(); - const useNative = request && - NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider) && - this.nativeExtensionProvider && - !hash; - const correlationId = useNative - ? request?.correlationId - : this.browserStorage.getTemporaryCache(TemporaryCacheKeys.CORRELATION_ID, true) || ""; - const rootMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenRedirect, correlationId); - this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, InteractionType.Redirect); - let redirectResponse; - if (useNative && this.nativeExtensionProvider) { - this.logger.trace("handleRedirectPromise - acquiring token from native platform"); - const nativeClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.nativeExtensionProvider, request.accountId, this.nativeInternalStorage, request.correlationId); - redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), PerformanceEvents.HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(this.performanceClient, rootMeasurement.event.correlationId); - } - else { - this.logger.trace("handleRedirectPromise - acquiring token from web flow"); - const redirectClient = this.createRedirectClient(correlationId); - redirectResponse = invokeAsync(redirectClient.handleRedirectPromise.bind(redirectClient), PerformanceEvents.HandleRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(hash, rootMeasurement); - } - return redirectResponse - .then((result) => { - if (result) { - // Emit login event if number of accounts change - const isLoggingIn = loggedInAccounts.length < this.getAllAccounts().length; - if (isLoggingIn) { - this.eventHandler.emitEvent(EventType.LOGIN_SUCCESS, InteractionType.Redirect, result); - this.logger.verbose("handleRedirectResponse returned result, login success"); - } - else { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_SUCCESS, InteractionType.Redirect, result); - this.logger.verbose("handleRedirectResponse returned result, acquire token success"); - } - rootMeasurement.end({ - success: true, - accountType: getAccountType(result.account), - }); - } - else { - /* - * Instrument an event only if an error code is set. Otherwise, discard it when the redirect response - * is empty and the error code is missing. - */ - if (rootMeasurement.event.errorCode) { - rootMeasurement.end({ success: false }); - } - else { - rootMeasurement.discard(); - } - } - this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_END, InteractionType.Redirect); - return result; - }) - .catch((e) => { - const eventError = e; - // Emit login event if there is an account - if (loggedInAccounts.length > 0) { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_FAILURE, InteractionType.Redirect, null, eventError); - } - else { - this.eventHandler.emitEvent(EventType.LOGIN_FAILURE, InteractionType.Redirect, null, eventError); - } - this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_END, InteractionType.Redirect); - rootMeasurement.end({ - success: false, - }, eventError); - throw e; - }); - } - /** - * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects - * the page, so any code that follows this function will not execute. - * - * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current - * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. - * - * @param request - */ - async acquireTokenRedirect(request) { - // Preflight request - const correlationId = this.getRequestCorrelationId(request); - this.logger.verbose("acquireTokenRedirect called", correlationId); - const atrMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenPreRedirect, correlationId); - atrMeasurement.add({ - accountType: getAccountType(request.account), - scenarioId: request.scenarioId, - }); - const onRedirectNavigateCb = request.onRedirectNavigate; - request.onRedirectNavigate = (url) => { - const navigate = typeof onRedirectNavigateCb === "function" - ? onRedirectNavigateCb(url) - : undefined; - if (navigate !== false) { - atrMeasurement.end({ success: true }); - } - else { - atrMeasurement.discard(); - } - return navigate; - }; - // If logged in, emit acquire token events - const isLoggedIn = this.getAllAccounts().length > 0; - try { - redirectPreflightCheck(this.initialized, this.config); - this.browserStorage.setInteractionInProgress(true); - if (isLoggedIn) { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, InteractionType.Redirect, request); - } - else { - this.eventHandler.emitEvent(EventType.LOGIN_START, InteractionType.Redirect, request); - } - let result; - if (this.nativeExtensionProvider && this.canUseNative(request)) { - const nativeClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.nativeExtensionProvider, this.getNativeAccountId(request), this.nativeInternalStorage, correlationId); - result = nativeClient - .acquireTokenRedirect(request, atrMeasurement) - .catch((e) => { - if (e instanceof NativeAuthError && - isFatalNativeAuthError(e)) { - this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt - const redirectClient = this.createRedirectClient(correlationId); - return redirectClient.acquireToken(request); - } - else if (e instanceof InteractionRequiredAuthError) { - this.logger.verbose("acquireTokenRedirect - Resolving interaction required error thrown by native broker by falling back to web flow"); - const redirectClient = this.createRedirectClient(correlationId); - return redirectClient.acquireToken(request); - } - this.browserStorage.setInteractionInProgress(false); - throw e; - }); - } - else { - const redirectClient = this.createRedirectClient(correlationId); - result = redirectClient.acquireToken(request); - } - return await result; - } - catch (e) { - atrMeasurement.end({ success: false }, e); - if (isLoggedIn) { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_FAILURE, InteractionType.Redirect, null, e); - } - else { - this.eventHandler.emitEvent(EventType.LOGIN_FAILURE, InteractionType.Redirect, null, e); - } - throw e; - } - } - // #endregion - // #region Popup Flow - /** - * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser - * - * @param request - * - * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. - */ - acquireTokenPopup(request) { - const correlationId = this.getRequestCorrelationId(request); - const atPopupMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenPopup, correlationId); - atPopupMeasurement.add({ - scenarioId: request.scenarioId, - accountType: getAccountType(request.account), - }); - try { - this.logger.verbose("acquireTokenPopup called", correlationId); - StandardController_preflightCheck(this.initialized, atPopupMeasurement); - this.browserStorage.setInteractionInProgress(true); - } - catch (e) { - // Since this function is syncronous we need to reject - return Promise.reject(e); - } - // If logged in, emit acquire token events - const loggedInAccounts = this.getAllAccounts(); - if (loggedInAccounts.length > 0) { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, InteractionType.Popup, request); - } - else { - this.eventHandler.emitEvent(EventType.LOGIN_START, InteractionType.Popup, request); - } - let result; - if (this.canUseNative(request)) { - result = this.acquireTokenNative({ - ...request, - correlationId, - }, ApiId.acquireTokenPopup) - .then((response) => { - this.browserStorage.setInteractionInProgress(false); - atPopupMeasurement.end({ - success: true, - isNativeBroker: true, - requestId: response.requestId, - accountType: getAccountType(response.account), - }); - return response; - }) - .catch((e) => { - if (e instanceof NativeAuthError && - isFatalNativeAuthError(e)) { - this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt - const popupClient = this.createPopupClient(correlationId); - return popupClient.acquireToken(request); - } - else if (e instanceof InteractionRequiredAuthError) { - this.logger.verbose("acquireTokenPopup - Resolving interaction required error thrown by native broker by falling back to web flow"); - const popupClient = this.createPopupClient(correlationId); - return popupClient.acquireToken(request); - } - this.browserStorage.setInteractionInProgress(false); - throw e; - }); - } - else { - const popupClient = this.createPopupClient(correlationId); - result = popupClient.acquireToken(request); - } - return result - .then((result) => { - /* - * If logged in, emit acquire token events - */ - const isLoggingIn = loggedInAccounts.length < this.getAllAccounts().length; - if (isLoggingIn) { - this.eventHandler.emitEvent(EventType.LOGIN_SUCCESS, InteractionType.Popup, result); - } - else { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_SUCCESS, InteractionType.Popup, result); - } - atPopupMeasurement.end({ - success: true, - requestId: result.requestId, - accessTokenSize: result.accessToken.length, - idTokenSize: result.idToken.length, - accountType: getAccountType(result.account), - }); - return result; - }) - .catch((e) => { - if (loggedInAccounts.length > 0) { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_FAILURE, InteractionType.Popup, null, e); - } - else { - this.eventHandler.emitEvent(EventType.LOGIN_FAILURE, InteractionType.Popup, null, e); - } - atPopupMeasurement.end({ - success: false, - }, e); - // Since this function is syncronous we need to reject - return Promise.reject(e); - }); - } - trackPageVisibilityWithMeasurement() { - const measurement = this.ssoSilentMeasurement || - this.acquireTokenByCodeAsyncMeasurement; - if (!measurement) { - return; - } - this.logger.info("Perf: Visibility change detected in ", measurement.event.name); - measurement.increment({ - visibilityChangeCount: 1, - }); - } - // #endregion - // #region Silent Flow - /** - * This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work: - * - Any browser using a form of Intelligent Tracking Prevention - * - If there is not an established session with the service - * - * In these cases, the request must be done inside a popup or full frame redirect. - * - * For the cases where interaction is required, you cannot send a request with prompt=none. - * - * If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as - * you session on the server still exists. - * @param request {@link SsoSilentRequest} - * - * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. - */ - async ssoSilent(request) { - const correlationId = this.getRequestCorrelationId(request); - const validRequest = { - ...request, - // will be PromptValue.NONE or PromptValue.NO_SESSION - prompt: request.prompt, - correlationId: correlationId, - }; - this.ssoSilentMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.SsoSilent, correlationId); - this.ssoSilentMeasurement?.add({ - scenarioId: request.scenarioId, - accountType: getAccountType(request.account), - }); - StandardController_preflightCheck(this.initialized, this.ssoSilentMeasurement); - this.ssoSilentMeasurement?.increment({ - visibilityChangeCount: 0, - }); - document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement); - this.logger.verbose("ssoSilent called", correlationId); - this.eventHandler.emitEvent(EventType.SSO_SILENT_START, InteractionType.Silent, validRequest); - let result; - if (this.canUseNative(validRequest)) { - result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch((e) => { - // If native token acquisition fails for availability reasons fallback to standard flow - if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) { - this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt - const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId); - return silentIframeClient.acquireToken(validRequest); - } - throw e; - }); - } - else { - const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId); - result = silentIframeClient.acquireToken(validRequest); - } - return result - .then((response) => { - this.eventHandler.emitEvent(EventType.SSO_SILENT_SUCCESS, InteractionType.Silent, response); - this.ssoSilentMeasurement?.end({ - success: true, - isNativeBroker: response.fromNativeBroker, - requestId: response.requestId, - accessTokenSize: response.accessToken.length, - idTokenSize: response.idToken.length, - accountType: getAccountType(response.account), - }); - return response; - }) - .catch((e) => { - this.eventHandler.emitEvent(EventType.SSO_SILENT_FAILURE, InteractionType.Silent, null, e); - this.ssoSilentMeasurement?.end({ - success: false, - }, e); - throw e; - }) - .finally(() => { - document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement); - }); - } - /** - * This function redeems an authorization code (passed as code) from the eSTS token endpoint. - * This authorization code should be acquired server-side using a confidential client to acquire a spa_code. - * This API is not indended for normal authorization code acquisition and redemption. - * - * Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client. - * - * @param request {@link AuthorizationCodeRequest} - * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. - */ - async acquireTokenByCode(request) { - const correlationId = this.getRequestCorrelationId(request); - this.logger.trace("acquireTokenByCode called", correlationId); - const atbcMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenByCode, correlationId); - StandardController_preflightCheck(this.initialized, atbcMeasurement); - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_START, InteractionType.Silent, request); - atbcMeasurement.add({ scenarioId: request.scenarioId }); - try { - if (request.code && request.nativeAccountId) { - // Throw error in case server returns both spa_code and spa_accountid in exchange for auth code. - throw createBrowserAuthError(spaCodeAndNativeAccountIdPresent); - } - else if (request.code) { - const hybridAuthCode = request.code; - let response = this.hybridAuthCodeResponses.get(hybridAuthCode); - if (!response) { - this.logger.verbose("Initiating new acquireTokenByCode request", correlationId); - response = this.acquireTokenByCodeAsync({ - ...request, - correlationId, - }) - .then((result) => { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_SUCCESS, InteractionType.Silent, result); - this.hybridAuthCodeResponses.delete(hybridAuthCode); - atbcMeasurement.end({ - success: true, - isNativeBroker: result.fromNativeBroker, - requestId: result.requestId, - accessTokenSize: result.accessToken.length, - idTokenSize: result.idToken.length, - accountType: getAccountType(result.account), - }); - return result; - }) - .catch((error) => { - this.hybridAuthCodeResponses.delete(hybridAuthCode); - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_FAILURE, InteractionType.Silent, null, error); - atbcMeasurement.end({ - success: false, - }, error); - throw error; - }); - this.hybridAuthCodeResponses.set(hybridAuthCode, response); - } - else { - this.logger.verbose("Existing acquireTokenByCode request found", correlationId); - atbcMeasurement.discard(); - } - return await response; - } - else if (request.nativeAccountId) { - if (this.canUseNative(request, request.nativeAccountId)) { - const result = await this.acquireTokenNative({ - ...request, - correlationId, - }, ApiId.acquireTokenByCode, request.nativeAccountId).catch((e) => { - // If native token acquisition fails for availability reasons fallback to standard flow - if (e instanceof NativeAuthError && - isFatalNativeAuthError(e)) { - this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt - } - throw e; - }); - atbcMeasurement.end({ - accountType: getAccountType(result.account), - success: true, - }); - return result; - } - else { - throw createBrowserAuthError(unableToAcquireTokenFromNativePlatform); - } - } - else { - throw createBrowserAuthError(authCodeOrNativeAccountIdRequired); - } - } - catch (e) { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_FAILURE, InteractionType.Silent, null, e); - atbcMeasurement.end({ - success: false, - }, e); - throw e; - } - } - /** - * Creates a SilentAuthCodeClient to redeem an authorization code. - * @param request - * @returns Result of the operation to redeem the authorization code - */ - async acquireTokenByCodeAsync(request) { - this.logger.trace("acquireTokenByCodeAsync called", request.correlationId); - this.acquireTokenByCodeAsyncMeasurement = - this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenByCodeAsync, request.correlationId); - this.acquireTokenByCodeAsyncMeasurement?.increment({ - visibilityChangeCount: 0, - }); - document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement); - const silentAuthCodeClient = this.createSilentAuthCodeClient(request.correlationId); - const silentTokenResult = await silentAuthCodeClient - .acquireToken(request) - .then((response) => { - this.acquireTokenByCodeAsyncMeasurement?.end({ - success: true, - fromCache: response.fromCache, - isNativeBroker: response.fromNativeBroker, - requestId: response.requestId, - }); - return response; - }) - .catch((tokenRenewalError) => { - this.acquireTokenByCodeAsyncMeasurement?.end({ - success: false, - }, tokenRenewalError); - throw tokenRenewalError; - }) - .finally(() => { - document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement); - }); - return silentTokenResult; - } - /** - * Attempt to acquire an access token from the cache - * @param silentCacheClient SilentCacheClient - * @param commonRequest CommonSilentFlowRequest - * @param silentRequest SilentRequest - * @returns A promise that, when resolved, returns the access token - */ - async acquireTokenFromCache(commonRequest, cacheLookupPolicy) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenFromCache, commonRequest.correlationId); - switch (cacheLookupPolicy) { - case CacheLookupPolicy.Default: - case CacheLookupPolicy.AccessToken: - case CacheLookupPolicy.AccessTokenAndRefreshToken: - const silentCacheClient = this.createSilentCacheClient(commonRequest.correlationId); - return invokeAsync(silentCacheClient.acquireToken.bind(silentCacheClient), PerformanceEvents.SilentCacheClientAcquireToken, this.logger, this.performanceClient, commonRequest.correlationId)(commonRequest); - default: - throw createClientAuthError(tokenRefreshRequired); - } - } - /** - * Attempt to acquire an access token via a refresh token - * @param commonRequest CommonSilentFlowRequest - * @param cacheLookupPolicy CacheLookupPolicy - * @returns A promise that, when resolved, returns the access token - */ - async acquireTokenByRefreshToken(commonRequest, cacheLookupPolicy) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenByRefreshToken, commonRequest.correlationId); - switch (cacheLookupPolicy) { - case CacheLookupPolicy.Default: - case CacheLookupPolicy.AccessTokenAndRefreshToken: - case CacheLookupPolicy.RefreshToken: - case CacheLookupPolicy.RefreshTokenAndNetwork: - const silentRefreshClient = this.createSilentRefreshClient(commonRequest.correlationId); - return invokeAsync(silentRefreshClient.acquireToken.bind(silentRefreshClient), PerformanceEvents.SilentRefreshClientAcquireToken, this.logger, this.performanceClient, commonRequest.correlationId)(commonRequest); - default: - throw createClientAuthError(tokenRefreshRequired); - } - } - /** - * Attempt to acquire an access token via an iframe - * @param request CommonSilentFlowRequest - * @returns A promise that, when resolved, returns the access token - */ - async acquireTokenBySilentIframe(request) { - this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenBySilentIframe, request.correlationId); - const silentIframeClient = this.createSilentIframeClient(request.correlationId); - return invokeAsync(silentIframeClient.acquireToken.bind(silentIframeClient), PerformanceEvents.SilentIframeClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(request); - } - // #endregion - // #region Logout - /** - * Deprecated logout function. Use logoutRedirect or logoutPopup instead - * @param logoutRequest - * @deprecated - */ - async logout(logoutRequest) { - const correlationId = this.getRequestCorrelationId(logoutRequest); - this.logger.warning("logout API is deprecated and will be removed in msal-browser v3.0.0. Use logoutRedirect instead.", correlationId); - return this.logoutRedirect({ - correlationId, - ...logoutRequest, - }); - } - /** - * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. - * Default behaviour is to redirect the user to `window.location.href`. - * @param logoutRequest - */ - async logoutRedirect(logoutRequest) { - const correlationId = this.getRequestCorrelationId(logoutRequest); - redirectPreflightCheck(this.initialized, this.config); - this.browserStorage.setInteractionInProgress(true); - const redirectClient = this.createRedirectClient(correlationId); - return redirectClient.logout(logoutRequest); - } - /** - * Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server - * @param logoutRequest - */ - logoutPopup(logoutRequest) { - try { - const correlationId = this.getRequestCorrelationId(logoutRequest); - preflightCheck(this.initialized); - this.browserStorage.setInteractionInProgress(true); - const popupClient = this.createPopupClient(correlationId); - return popupClient.logout(logoutRequest); - } - catch (e) { - // Since this function is syncronous we need to reject - return Promise.reject(e); - } - } - /** - * Creates a cache interaction client to clear broswer cache. - * @param logoutRequest - */ - async clearCache(logoutRequest) { - const correlationId = this.getRequestCorrelationId(logoutRequest); - const cacheClient = this.createSilentCacheClient(correlationId); - return cacheClient.logout(logoutRequest); - } - // #endregion - // #region Account APIs - /** - * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned. - * @param accountFilter - (Optional) filter to narrow down the accounts returned - * @returns Array of AccountInfo objects in cache - */ - getAllAccounts(accountFilter) { - return getAllAccounts(this.logger, this.browserStorage, this.isBrowserEnvironment, accountFilter); - } - /** - * Returns the first account found in the cache that matches the account filter passed in. - * @param accountFilter - * @returns The first account found in the cache matching the provided filter or null if no account could be found. - */ - getAccount(accountFilter) { - return getAccount(accountFilter, this.logger, this.browserStorage); - } - /** - * Returns the signed in account matching username. - * (the account object is created at the time of successful login) - * or null when no matching account is found. - * This API is provided for convenience but getAccountById should be used for best reliability - * @param username - * @returns The account object stored in MSAL - */ - getAccountByUsername(username) { - return getAccountByUsername(username, this.logger, this.browserStorage); - } - /** - * Returns the signed in account matching homeAccountId. - * (the account object is created at the time of successful login) - * or null when no matching account is found - * @param homeAccountId - * @returns The account object stored in MSAL - */ - getAccountByHomeId(homeAccountId) { - return getAccountByHomeId(homeAccountId, this.logger, this.browserStorage); - } - /** - * Returns the signed in account matching localAccountId. - * (the account object is created at the time of successful login) - * or null when no matching account is found - * @param localAccountId - * @returns The account object stored in MSAL - */ - getAccountByLocalId(localAccountId) { - return getAccountByLocalId(localAccountId, this.logger, this.browserStorage); - } - /** - * Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account. - * @param account - */ - setActiveAccount(account) { - setActiveAccount(account, this.browserStorage); - } - /** - * Gets the currently active account - */ - getActiveAccount() { - return getActiveAccount(this.browserStorage); - } - // #endregion - /** - * Hydrates the cache with the tokens from an AuthenticationResult - * @param result - * @param request - * @returns - */ - async hydrateCache(result, request) { - this.logger.verbose("hydrateCache called"); - // Account gets saved to browser storage regardless of native or not - const accountEntity = AccountEntity.createFromAccountInfo(result.account, result.cloudGraphHostName, result.msGraphHost); - this.browserStorage.setAccount(accountEntity); - if (result.fromNativeBroker) { - this.logger.verbose("Response was from native broker, storing in-memory"); - // Tokens from native broker are stored in-memory - return this.nativeInternalStorage.hydrateCache(result, request); - } - else { - return this.browserStorage.hydrateCache(result, request); - } - } - // #region Helpers - /** - * Acquire a token from native device (e.g. WAM) - * @param request - */ - async acquireTokenNative(request, apiId, accountId) { - this.logger.trace("acquireTokenNative called"); - if (!this.nativeExtensionProvider) { - throw createBrowserAuthError(nativeConnectionNotEstablished); - } - const nativeClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.nativeExtensionProvider, accountId || this.getNativeAccountId(request), this.nativeInternalStorage, request.correlationId); - return nativeClient.acquireToken(request); - } - /** - * Returns boolean indicating if this request can use the native broker - * @param request - */ - canUseNative(request, accountId) { - this.logger.trace("canUseNative called"); - if (!NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider, request.authenticationScheme)) { - this.logger.trace("canUseNative: isNativeAvailable returned false, returning false"); - return false; - } - if (request.prompt) { - switch (request.prompt) { - case PromptValue.NONE: - case PromptValue.CONSENT: - case PromptValue.LOGIN: - this.logger.trace("canUseNative: prompt is compatible with native flow"); - break; - default: - this.logger.trace(`canUseNative: prompt = ${request.prompt} is not compatible with native flow, returning false`); - return false; - } - } - if (!accountId && !this.getNativeAccountId(request)) { - this.logger.trace("canUseNative: nativeAccountId is not available, returning false"); - return false; - } - return true; - } - /** - * Get the native accountId from the account - * @param request - * @returns - */ - getNativeAccountId(request) { - const account = request.account || - this.getAccount({ - loginHint: request.loginHint, - sid: request.sid, - }) || - this.getActiveAccount(); - return (account && account.nativeAccountId) || ""; - } - /** - * Returns new instance of the Popup Interaction Client - * @param correlationId - */ - createPopupClient(correlationId) { - return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, this.nativeExtensionProvider, correlationId); - } - /** - * Returns new instance of the Redirect Interaction Client - * @param correlationId - */ - createRedirectClient(correlationId) { - return new RedirectClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, this.nativeExtensionProvider, correlationId); - } - /** - * Returns new instance of the Silent Iframe Interaction Client - * @param correlationId - */ - createSilentIframeClient(correlationId) { - return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, this.nativeExtensionProvider, correlationId); - } - /** - * Returns new instance of the Silent Cache Interaction Client - */ - createSilentCacheClient(correlationId) { - return new SilentCacheClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeExtensionProvider, correlationId); - } - /** - * Returns new instance of the Silent Refresh Interaction Client - */ - createSilentRefreshClient(correlationId) { - return new SilentRefreshClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeExtensionProvider, correlationId); - } - /** - * Returns new instance of the Silent AuthCode Interaction Client - */ - createSilentAuthCodeClient(correlationId) { - return new SilentAuthCodeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenByCode, this.performanceClient, this.nativeExtensionProvider, correlationId); - } - /** - * Adds event callbacks to array - * @param callback - */ - addEventCallback(callback) { - return this.eventHandler.addEventCallback(callback); - } - /** - * Removes callback with provided id from callback array - * @param callbackId - */ - removeEventCallback(callbackId) { - this.eventHandler.removeEventCallback(callbackId); - } - /** - * Registers a callback to receive performance events. - * - * @param {PerformanceCallbackFunction} callback - * @returns {string} - */ - addPerformanceCallback(callback) { - return this.performanceClient.addPerformanceCallback(callback); - } - /** - * Removes a callback registered with addPerformanceCallback. - * - * @param {string} callbackId - * @returns {boolean} - */ - removePerformanceCallback(callbackId) { - return this.performanceClient.removePerformanceCallback(callbackId); - } - /** - * Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window - */ - enableAccountStorageEvents() { - this.eventHandler.enableAccountStorageEvents(); - } - /** - * Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window - */ - disableAccountStorageEvents() { - this.eventHandler.disableAccountStorageEvents(); - } - /** - * Gets the token cache for the application. - */ - getTokenCache() { - return this.tokenCache; - } - /** - * Returns the logger instance - */ - getLogger() { - return this.logger; - } - /** - * Replaces the default logger set in configurations with new Logger with new configurations - * @param logger Logger instance - */ - setLogger(logger) { - this.logger = logger; - } - /** - * Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc. - * @param sku - * @param version - */ - initializeWrapperLibrary(sku, version) { - // Validate the SKU passed in is one we expect - this.browserStorage.setWrapperMetadata(sku, version); - } - /** - * Sets navigation client - * @param navigationClient - */ - setNavigationClient(navigationClient) { - this.navigationClient = navigationClient; - } - /** - * Returns the configuration object - */ - getConfiguration() { - return this.config; - } - /** - * Returns the performance client - */ - getPerformanceClient() { - return this.performanceClient; - } - /** - * Returns the browser env indicator - */ - isBrowserEnv() { - return this.isBrowserEnvironment; - } - /** - * Returns the event handler - */ - getEventHandler() { - return this.eventHandler; - } - /** - * Generates a correlation id for a request if none is provided. - * - * @protected - * @param {?Partial} [request] - * @returns {string} - */ - getRequestCorrelationId(request) { - if (request?.correlationId) { - return request.correlationId; - } - if (this.isBrowserEnvironment) { - return BrowserCrypto_createNewGuid(); - } - /* - * Included for fallback for non-browser environments, - * and to ensure this method always returns a string. - */ - return Constants.EMPTY_STRING; - } - // #endregion - /** - * Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so - * any code that follows this function will not execute. - * - * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current - * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. - * - * @param request - */ - async loginRedirect(request) { - const correlationId = this.getRequestCorrelationId(request); - this.logger.verbose("loginRedirect called", correlationId); - return this.acquireTokenRedirect({ - correlationId, - ...(request || DEFAULT_REQUEST), - }); - } - /** - * Use when initiating the login process via opening a popup window in the user's browser - * - * @param request - * - * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. - */ - loginPopup(request) { - const correlationId = this.getRequestCorrelationId(request); - this.logger.verbose("loginPopup called", correlationId); - return this.acquireTokenPopup({ - correlationId, - ...(request || DEFAULT_REQUEST), - }); - } - /** - * Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made. - * - * @param {@link (SilentRequest:type)} - * @returns {Promise.} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object - */ - async acquireTokenSilent(request) { - const correlationId = this.getRequestCorrelationId(request); - const atsMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenSilent, correlationId); - atsMeasurement.add({ - cacheLookupPolicy: request.cacheLookupPolicy, - scenarioId: request.scenarioId, - }); - StandardController_preflightCheck(this.initialized, atsMeasurement); - this.logger.verbose("acquireTokenSilent called", correlationId); - const account = request.account || this.getActiveAccount(); - if (!account) { - throw createBrowserAuthError(noAccountError); - } - atsMeasurement.add({ accountType: getAccountType(account) }); - const thumbprint = { - clientId: this.config.auth.clientId, - authority: request.authority || Constants.EMPTY_STRING, - scopes: request.scopes, - homeAccountIdentifier: account.homeAccountId, - claims: request.claims, - authenticationScheme: request.authenticationScheme, - resourceRequestMethod: request.resourceRequestMethod, - resourceRequestUri: request.resourceRequestUri, - shrClaims: request.shrClaims, - sshKid: request.sshKid, - shrOptions: request.shrOptions, - }; - const silentRequestKey = JSON.stringify(thumbprint); - const cachedResponse = this.activeSilentTokenRequests.get(silentRequestKey); - if (typeof cachedResponse === "undefined") { - this.logger.verbose("acquireTokenSilent called for the first time, storing active request", correlationId); - const response = invokeAsync(this.acquireTokenSilentAsync.bind(this), PerformanceEvents.AcquireTokenSilentAsync, this.logger, this.performanceClient, correlationId)({ - ...request, - correlationId, - }, account) - .then((result) => { - this.activeSilentTokenRequests.delete(silentRequestKey); - atsMeasurement.end({ - success: true, - fromCache: result.fromCache, - isNativeBroker: result.fromNativeBroker, - cacheLookupPolicy: request.cacheLookupPolicy, - requestId: result.requestId, - accessTokenSize: result.accessToken.length, - idTokenSize: result.idToken.length, - }); - return result; - }) - .catch((error) => { - this.activeSilentTokenRequests.delete(silentRequestKey); - atsMeasurement.end({ - success: false, - }, error); - throw error; - }); - this.activeSilentTokenRequests.set(silentRequestKey, response); - return { - ...(await response), - state: request.state, - }; - } - else { - this.logger.verbose("acquireTokenSilent has been called previously, returning the result from the first call", correlationId); - // Discard measurements for memoized calls, as they are usually only a couple of ms and will artificially deflate metrics - atsMeasurement.discard(); - return { - ...(await cachedResponse), - state: request.state, - }; - } - } - /** - * Silently acquire an access token for a given set of scopes. Will use cached token if available, otherwise will attempt to acquire a new token from the network via refresh token. - * @param {@link (SilentRequest:type)} - * @param {@link (AccountInfo:type)} - * @returns {Promise.} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} - */ - async acquireTokenSilentAsync(request, account) { - const trackPageVisibility = () => this.trackPageVisibility(request.correlationId); - this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenSilentAsync, request.correlationId); - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, InteractionType.Silent, request); - if (request.correlationId) { - this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId); - } - document.addEventListener("visibilitychange", trackPageVisibility); - const silentRequest = await invokeAsync(initializeSilentRequest, PerformanceEvents.InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger); - const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default; - const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => { - const shouldTryToResolveSilently = checkIfRefreshTokenErrorCanBeResolvedSilently(refreshTokenError, cacheLookupPolicy); - if (shouldTryToResolveSilently) { - if (!this.activeIframeRequest) { - let _resolve; - // Always set the active request tracker immediately after checking it to prevent races - this.activeIframeRequest = [ - new Promise((resolve) => { - _resolve = resolve; - }), - silentRequest.correlationId, - ]; - this.logger.verbose("Refresh token expired/invalid or CacheLookupPolicy is set to Skip, attempting acquire token by iframe.", silentRequest.correlationId); - return invokeAsync(this.acquireTokenBySilentIframe.bind(this), PerformanceEvents.AcquireTokenBySilentIframe, this.logger, this.performanceClient, silentRequest.correlationId)(silentRequest) - .then((iframeResult) => { - _resolve(true); - return iframeResult; - }) - .catch((e) => { - _resolve(false); - throw e; - }) - .finally(() => { - this.activeIframeRequest = undefined; - }); - } - else if (cacheLookupPolicy !== CacheLookupPolicy.Skip) { - const [activePromise, activeCorrelationId] = this.activeIframeRequest; - this.logger.verbose(`Iframe request is already in progress, awaiting resolution for request with correlationId: ${activeCorrelationId}`, silentRequest.correlationId); - const awaitConcurrentIframeMeasure = this.performanceClient.startMeasurement(PerformanceEvents.AwaitConcurrentIframe, silentRequest.correlationId); - awaitConcurrentIframeMeasure.add({ - awaitIframeCorrelationId: activeCorrelationId, - }); - const activePromiseResult = await activePromise; - awaitConcurrentIframeMeasure.end({ - success: activePromiseResult, - }); - if (activePromiseResult) { - this.logger.verbose(`Parallel iframe request with correlationId: ${activeCorrelationId} succeeded. Retrying cache and/or RT redemption`, silentRequest.correlationId); - // Retry cache lookup and/or RT exchange after iframe completes - return this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy); - } - else { - this.logger.info(`Iframe request with correlationId: ${activeCorrelationId} failed. Interaction is required.`); - // If previous iframe request failed, it's unlikely to succeed this time. Throw original error. - throw refreshTokenError; - } - } - else { - // Cache policy set to skip and another iframe request is already in progress - this.logger.warning("Another iframe request is currently in progress and CacheLookupPolicy is set to Skip. This may result in degraded performance and/or reliability for both calls. Please consider changing the CacheLookupPolicy to take advantage of request queuing and token cache.", silentRequest.correlationId); - return invokeAsync(this.acquireTokenBySilentIframe.bind(this), PerformanceEvents.AcquireTokenBySilentIframe, this.logger, this.performanceClient, silentRequest.correlationId)(silentRequest); - } - } - else { - // Error cannot be silently resolved or iframe renewal is not allowed, interaction required - throw refreshTokenError; - } - }); - return result - .then((response) => { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_SUCCESS, InteractionType.Silent, response); - if (request.correlationId) { - this.performanceClient.addFields({ - fromCache: response.fromCache, - isNativeBroker: response.fromNativeBroker, - requestId: response.requestId, - }, request.correlationId); - } - return response; - }) - .catch((tokenRenewalError) => { - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_FAILURE, InteractionType.Silent, null, tokenRenewalError); - throw tokenRenewalError; - }) - .finally(() => { - document.removeEventListener("visibilitychange", trackPageVisibility); - }); - } - /** - * AcquireTokenSilent without the iframe fallback. This is used to enable the correct fallbacks in cases where there's a potential for multiple silent requests to be made in parallel and prevent those requests from making concurrent iframe requests. - * @param silentRequest - * @param cacheLookupPolicy - * @returns - */ - async acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy) { - if (NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider, silentRequest.authenticationScheme) && - silentRequest.account.nativeAccountId) { - this.logger.verbose("acquireTokenSilent - attempting to acquire token from native platform"); - return this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow).catch(async (e) => { - // If native token acquisition fails for availability reasons fallback to web flow - if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) { - this.logger.verbose("acquireTokenSilent - native platform unavailable, falling back to web flow"); - this.nativeExtensionProvider = undefined; // Prevent future requests from continuing to attempt - // Cache will not contain tokens, given that previous WAM requests succeeded. Skip cache and RT renewal and go straight to iframe renewal - throw createClientAuthError(tokenRefreshRequired); - } - throw e; - }); - } - else { - this.logger.verbose("acquireTokenSilent - attempting to acquire token from web flow"); - return invokeAsync(this.acquireTokenFromCache.bind(this), PerformanceEvents.AcquireTokenFromCache, this.logger, this.performanceClient, silentRequest.correlationId)(silentRequest, cacheLookupPolicy).catch((cacheError) => { - if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) { - throw cacheError; - } - this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_NETWORK_START, InteractionType.Silent, silentRequest); - return invokeAsync(this.acquireTokenByRefreshToken.bind(this), PerformanceEvents.AcquireTokenByRefreshToken, this.logger, this.performanceClient, silentRequest.correlationId)(silentRequest, cacheLookupPolicy); - }); - } - } -} -/** - * Determines whether an error thrown by the refresh token endpoint can be resolved without interaction - * @param refreshTokenError - * @param silentRequest - * @param cacheLookupPolicy - * @returns - */ -function checkIfRefreshTokenErrorCanBeResolvedSilently(refreshTokenError, cacheLookupPolicy) { - const noInteractionRequired = !(refreshTokenError instanceof InteractionRequiredAuthError && - // For refresh token errors, bad_token does not always require interaction (silently resolvable) - refreshTokenError.subError !== - badToken); - // Errors that result when the refresh token needs to be replaced - const refreshTokenRefreshRequired = refreshTokenError.errorCode === BrowserConstants.INVALID_GRANT_ERROR || - refreshTokenError.errorCode === - tokenRefreshRequired; - // Errors that may be resolved before falling back to interaction (through iframe renewal) - const isSilentlyResolvable = (noInteractionRequired && refreshTokenRefreshRequired) || - refreshTokenError.errorCode === - noTokensFound || - refreshTokenError.errorCode === - refreshTokenExpired; - // Only these policies allow for an iframe renewal attempt - const tryIframeRenewal = iFrameRenewalPolicies.includes(cacheLookupPolicy); - return isSilentlyResolvable && tryIframeRenewal; +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/cache/TokenCache.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * Token cache manager + */ +class TokenCache { + constructor(configuration, storage, logger, cryptoObj) { + this.isBrowserEnvironment = typeof window !== "undefined"; + this.config = configuration; + this.storage = storage; + this.logger = logger; + this.cryptoObj = cryptoObj; + } + // Move getAllAccounts here and cache utility APIs + /** + * API to load tokens to msal-browser cache. + * @param request + * @param response + * @param options + * @returns `AuthenticationResult` for the response that was loaded. + */ + loadExternalTokens(request, response, options) { + if (!this.isBrowserEnvironment) { + throw createBrowserAuthError(nonBrowserEnvironment); + } + const idTokenClaims = response.id_token + ? extractTokenClaims(response.id_token, base64Decode) + : undefined; + const authorityOptions = { + protocolMode: this.config.auth.protocolMode, + knownAuthorities: this.config.auth.knownAuthorities, + cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata, + authorityMetadata: this.config.auth.authorityMetadata, + skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache, + }; + const authority = request.authority + ? new Authority(Authority.generateAuthority(request.authority, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, request.correlationId || BrowserCrypto_createNewGuid()) + : undefined; + const cacheRecordAccount = this.loadAccount(request, options.clientInfo || response.client_info || "", idTokenClaims, authority); + const idToken = this.loadIdToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm); + const accessToken = this.loadAccessToken(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options); + const refreshToken = this.loadRefreshToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment); + return this.generateAuthenticationResult(request, { + account: cacheRecordAccount, + idToken, + accessToken, + refreshToken, + }, idTokenClaims, authority); + } + /** + * Helper function to load account to msal-browser cache + * @param idToken + * @param environment + * @param clientInfo + * @param authorityType + * @param requestHomeAccountId + * @returns `AccountEntity` + */ + loadAccount(request, clientInfo, idTokenClaims, authority) { + this.logger.verbose("TokenCache - loading account"); + if (request.account) { + const accountEntity = AccountEntity.createFromAccountInfo(request.account); + this.storage.setAccount(accountEntity); + return accountEntity; + } + else if (!authority || (!clientInfo && !idTokenClaims)) { + this.logger.error("TokenCache - if an account is not provided on the request, authority and either clientInfo or idToken must be provided instead."); + throw createBrowserAuthError(unableToLoadToken); + } + const homeAccountId = AccountEntity.generateHomeAccountId(clientInfo, authority.authorityType, this.logger, this.cryptoObj, idTokenClaims); + const claimsTenantId = idTokenClaims?.tid; + const cachedAccount = buildAccountToCache(this.storage, authority, homeAccountId, base64Decode, idTokenClaims, clientInfo, authority.hostnameAndPort, claimsTenantId, undefined, // authCodePayload + undefined, // nativeAccountId + this.logger); + this.storage.setAccount(cachedAccount); + return cachedAccount; + } + /** + * Helper function to load id tokens to msal-browser cache + * @param idToken + * @param homeAccountId + * @param environment + * @param tenantId + * @returns `IdTokenEntity` + */ + loadIdToken(response, homeAccountId, environment, tenantId) { + if (!response.id_token) { + this.logger.verbose("TokenCache - no id token found in response"); + return null; + } + this.logger.verbose("TokenCache - loading id token"); + const idTokenEntity = createIdTokenEntity(homeAccountId, environment, response.id_token, this.config.auth.clientId, tenantId); + this.storage.setIdTokenCredential(idTokenEntity); + return idTokenEntity; + } + /** + * Helper function to load access tokens to msal-browser cache + * @param request + * @param response + * @param homeAccountId + * @param environment + * @param tenantId + * @returns `AccessTokenEntity` + */ + loadAccessToken(request, response, homeAccountId, environment, tenantId, options) { + if (!response.access_token) { + this.logger.verbose("TokenCache - no access token found in response"); + return null; + } + else if (!response.expires_in) { + this.logger.error("TokenCache - no expiration set on the access token. Cannot add it to the cache."); + return null; + } + else if (!response.scope && + (!request.scopes || !request.scopes.length)) { + this.logger.error("TokenCache - scopes not specified in the request or response. Cannot add token to the cache."); + return null; + } + this.logger.verbose("TokenCache - loading access token"); + const scopes = response.scope + ? ScopeSet.fromString(response.scope) + : new ScopeSet(request.scopes); + const expiresOn = options.expiresOn || + response.expires_in + new Date().getTime() / 1000; + const extendedExpiresOn = options.extendedExpiresOn || + (response.ext_expires_in || response.expires_in) + + new Date().getTime() / 1000; + const accessTokenEntity = createAccessTokenEntity(homeAccountId, environment, response.access_token, this.config.auth.clientId, tenantId, scopes.printScopes(), expiresOn, extendedExpiresOn, base64Decode); + this.storage.setAccessTokenCredential(accessTokenEntity); + return accessTokenEntity; + } + /** + * Helper function to load refresh tokens to msal-browser cache + * @param request + * @param response + * @param homeAccountId + * @param environment + * @returns `RefreshTokenEntity` + */ + loadRefreshToken(response, homeAccountId, environment) { + if (!response.refresh_token) { + this.logger.verbose("TokenCache - no refresh token found in response"); + return null; + } + this.logger.verbose("TokenCache - loading refresh token"); + const refreshTokenEntity = createRefreshTokenEntity(homeAccountId, environment, response.refresh_token, this.config.auth.clientId, response.foci, undefined, // userAssertionHash + response.refresh_token_expires_in); + this.storage.setRefreshTokenCredential(refreshTokenEntity); + return refreshTokenEntity; + } + /** + * Helper function to generate an `AuthenticationResult` for the result. + * @param request + * @param idTokenObj + * @param cacheRecord + * @param authority + * @returns `AuthenticationResult` + */ + generateAuthenticationResult(request, cacheRecord, idTokenClaims, authority) { + let accessToken = ""; + let responseScopes = []; + let expiresOn = null; + let extExpiresOn; + if (cacheRecord?.accessToken) { + accessToken = cacheRecord.accessToken.secret; + responseScopes = ScopeSet.fromString(cacheRecord.accessToken.target).asArray(); + expiresOn = new Date(Number(cacheRecord.accessToken.expiresOn) * 1000); + extExpiresOn = new Date(Number(cacheRecord.accessToken.extendedExpiresOn) * 1000); + } + const accountEntity = cacheRecord.account; + return { + authority: authority ? authority.canonicalAuthority : "", + uniqueId: cacheRecord.account.localAccountId, + tenantId: cacheRecord.account.realm, + scopes: responseScopes, + account: accountEntity.getAccountInfo(), + idToken: cacheRecord.idToken?.secret || "", + idTokenClaims: idTokenClaims || {}, + accessToken: accessToken, + fromCache: true, + expiresOn: expiresOn, + correlationId: request.correlationId || "", + requestId: "", + extExpiresOn: extExpiresOn, + familyId: cacheRecord.refreshToken?.familyId || "", + tokenType: cacheRecord?.accessToken?.tokenType || "", + state: request.state || "", + cloudGraphHostName: accountEntity.cloudGraphHostName || "", + msGraphHost: accountEntity.msGraphHost || "", + fromNativeBroker: false, + }; + } } -//# sourceMappingURL=StandardController.mjs.map +//# sourceMappingURL=TokenCache.mjs.map -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/controllers/ControllerFactory.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class HybridSpaAuthorizationCodeClient extends AuthorizationCodeClient { + constructor(config) { + super(config); + this.includeRedirectUri = false; + } +} +//# sourceMappingURL=HybridSpaAuthorizationCodeClient.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -async function createV3Controller(config, request) { - const standard = new StandardOperatingContext_StandardOperatingContext(config); - await standard.initialize(); - return StandardController_StandardController.createController(standard, request); -} -async function createController(config) { - const standard = new StandardOperatingContext(config); - const nestedApp = new NestedAppOperatingContext(config); - const operatingContexts = [standard.initialize(), nestedApp.initialize()]; - await Promise.all(operatingContexts); - if (nestedApp.isAvailable() && config.auth.supportsNestedAppAuth) { - return NestedAppAuthController.createController(nestedApp); - } - else if (standard.isAvailable()) { - return StandardController.createController(standard); - } - else { - // Since neither of the actual operating contexts are available keep the UnknownOperatingContextController - return null; - } +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/interaction_client/SilentAuthCodeClient.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +class SilentAuthCodeClient extends StandardInteractionClient { + constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeMessageHandler, correlationId) { + super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId); + this.apiId = apiId; + } + /** + * Acquires a token silently by redeeming an authorization code against the /token endpoint + * @param request + */ + async acquireToken(request) { + // Auth code payload is required + if (!request.code) { + throw createBrowserAuthError(authCodeRequired); + } + // Create silent request + const silentRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, request.correlationId)(request, InteractionType.Silent); + const serverTelemetryManager = this.initializeServerTelemetryManager(this.apiId); + try { + // Create auth code request (PKCE not needed) + const authCodeRequest = { + ...silentRequest, + code: request.code, + }; + // Initialize the client + const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, request.correlationId)(serverTelemetryManager, silentRequest.authority, silentRequest.azureCloudOptions, silentRequest.account); + const authClient = new HybridSpaAuthorizationCodeClient(clientConfig); + this.logger.verbose("Auth code client created"); + // Create silent handler + const interactionHandler = new InteractionHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient); + // Handle auth code parameters from request + return await invokeAsync(interactionHandler.handleCodeResponseFromServer.bind(interactionHandler), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)({ + code: request.code, + msgraph_host: request.msGraphHost, + cloud_graph_host_name: request.cloudGraphHostName, + cloud_instance_host_name: request.cloudInstanceHostName, + }, silentRequest, false); + } + catch (e) { + if (e instanceof AuthError) { + e.setCorrelationId(this.correlationId); + serverTelemetryManager.cacheFailedRequest(e); + } + throw e; + } + } + /** + * Currently Unsupported + */ + logout() { + // Synchronous so we must reject + return Promise.reject(createBrowserAuthError(silentLogoutUnsupported)); + } } -//# sourceMappingURL=ControllerFactory.mjs.map - -;// CONCATENATED MODULE: ./node_modules/@pnp/msaljsclient/node_modules/@azure/msal-browser/dist/app/PublicClientApplication.mjs -/*! @azure/msal-browser v3.20.0 2024-07-23 */ +//# sourceMappingURL=SilentAuthCodeClient.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/controllers/StandardController.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + + + + + + + + + + + + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +function getAccountType(account) { + const idTokenClaims = account?.idTokenClaims; + if (idTokenClaims?.tfp || idTokenClaims?.acr) { + return "B2C"; + } + if (!idTokenClaims?.tid) { + return undefined; + } + else if (idTokenClaims?.tid === "9188040d-6c67-4c5b-b112-36a304b66dad") { + return "MSA"; + } + return "AAD"; +} +function StandardController_preflightCheck(initialized, performanceEvent) { + try { + preflightCheck(initialized); + } + catch (e) { + performanceEvent.end({ success: false }, e); + throw e; + } +} +class StandardController_StandardController { + /** + * @constructor + * Constructor for the PublicClientApplication used to instantiate the PublicClientApplication object + * + * Important attributes in the Configuration object for auth are: + * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview + * - authority: the authority URL for your application. + * - redirect_uri: the uri of your application registered in the portal. + * + * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens. + * It is of the form https://login.microsoftonline.com/{Enter_the_Tenant_Info_Here} + * If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com). + * If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations. + * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common. + * To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers. + * + * In Azure B2C, authority is of the form https://{instance}/tfp/{tenant}/{policyName}/ + * Full B2C functionality will be available in this library in future versions. + * + * @param configuration Object for the MSAL PublicClientApplication instance + */ + constructor(operatingContext) { + this.operatingContext = operatingContext; + this.isBrowserEnvironment = + this.operatingContext.isBrowserEnvironment(); + // Set the configuration. + this.config = operatingContext.getConfig(); + this.initialized = false; + // Initialize logger + this.logger = this.operatingContext.getLogger(); + // Initialize the network module class. + this.networkClient = this.config.system.networkClient; + // Initialize the navigation client class. + this.navigationClient = this.config.system.navigationClient; + // Initialize redirectResponse Map + this.redirectResponse = new Map(); + // Initial hybrid spa map + this.hybridAuthCodeResponses = new Map(); + // Initialize performance client + this.performanceClient = this.config.telemetry.client; + // Initialize the crypto class. + this.browserCrypto = this.isBrowserEnvironment + ? new CryptoOps(this.logger, this.performanceClient) + : DEFAULT_CRYPTO_IMPLEMENTATION; + this.eventHandler = new EventHandler(this.logger, this.browserCrypto); + // Initialize the browser storage class. + this.browserStorage = this.isBrowserEnvironment + ? new BrowserCacheManager(this.config.auth.clientId, this.config.cache, this.browserCrypto, this.logger, buildStaticAuthorityOptions(this.config.auth), this.performanceClient) + : DEFAULT_BROWSER_CACHE_MANAGER(this.config.auth.clientId, this.logger); + // initialize in memory storage for native flows + const nativeCacheOptions = { + cacheLocation: BrowserCacheLocation.MemoryStorage, + temporaryCacheLocation: BrowserCacheLocation.MemoryStorage, + storeAuthStateInCookie: false, + secureCookies: false, + cacheMigrationEnabled: false, + claimsBasedCachingEnabled: false, + }; + this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, undefined, this.performanceClient); + // Initialize the token cache + this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto); + this.activeSilentTokenRequests = new Map(); + // Register listener functions + this.trackPageVisibility = this.trackPageVisibility.bind(this); + // Register listener functions + this.trackPageVisibilityWithMeasurement = + this.trackPageVisibilityWithMeasurement.bind(this); + } + static async createController(operatingContext, request) { + const controller = new StandardController_StandardController(operatingContext); + await controller.initialize(request); + return controller; + } + trackPageVisibility(correlationId) { + if (!correlationId) { + return; + } + this.logger.info("Perf: Visibility change detected"); + this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId); + } + /** + * Initializer function to perform async startup tasks such as connecting to WAM extension + * @param request {?InitializeApplicationRequest} correlation id + */ + async initialize(request) { + this.logger.trace("initialize called"); + if (this.initialized) { + this.logger.info("initialize has already been called, exiting early."); + return; + } + const initCorrelationId = request?.correlationId || this.getRequestCorrelationId(); + const allowNativeBroker = this.config.system.allowNativeBroker; + const initMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.InitializeClientApplication, initCorrelationId); + this.eventHandler.emitEvent(EventType.INITIALIZE_START); + if (allowNativeBroker) { + try { + this.nativeExtensionProvider = + await NativeMessageHandler.createProvider(this.logger, this.config.system.nativeBrokerHandshakeTimeout, this.performanceClient); + } + catch (e) { + this.logger.verbose(e); + } + } + if (!this.config.cache.claimsBasedCachingEnabled) { + this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims"); + await invokeAsync(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage), PerformanceEvents.ClearTokensAndKeysWithClaims, this.logger, this.performanceClient, initCorrelationId)(this.performanceClient, initCorrelationId); + } + this.initialized = true; + this.eventHandler.emitEvent(EventType.INITIALIZE_END); + initMeasurement.end({ allowNativeBroker, success: true }); + } + // #region Redirect Flow + /** + * Event handler function which allows users to fire events after the PublicClientApplication object + * has loaded during redirect flows. This should be invoked on all page loads involved in redirect + * auth flows. + * @param hash Hash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value. + * @returns Token response or null. If the return value is null, then no auth redirect was detected. + */ + async handleRedirectPromise(hash) { + this.logger.verbose("handleRedirectPromise called"); + // Block token acquisition before initialize has been called + blockAPICallsBeforeInitialize(this.initialized); + if (this.isBrowserEnvironment) { + /** + * Store the promise on the PublicClientApplication instance if this is the first invocation of handleRedirectPromise, + * otherwise return the promise from the first invocation. Prevents race conditions when handleRedirectPromise is called + * several times concurrently. + */ + const redirectResponseKey = hash || ""; + let response = this.redirectResponse.get(redirectResponseKey); + if (typeof response === "undefined") { + response = this.handleRedirectPromiseInternal(hash); + this.redirectResponse.set(redirectResponseKey, response); + this.logger.verbose("handleRedirectPromise has been called for the first time, storing the promise"); + } + else { + this.logger.verbose("handleRedirectPromise has been called previously, returning the result from the first call"); + } + return response; + } + this.logger.verbose("handleRedirectPromise returns null, not browser environment"); + return null; + } + /** + * The internal details of handleRedirectPromise. This is separated out to a helper to allow handleRedirectPromise to memoize requests + * @param hash + * @returns + */ + async handleRedirectPromiseInternal(hash) { + const loggedInAccounts = this.getAllAccounts(); + const request = this.browserStorage.getCachedNativeRequest(); + const useNative = request && + NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider) && + this.nativeExtensionProvider && + !hash; + const correlationId = useNative + ? request?.correlationId + : this.browserStorage.getTemporaryCache(TemporaryCacheKeys.CORRELATION_ID, true) || ""; + const rootMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenRedirect, correlationId); + this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, InteractionType.Redirect); + let redirectResponse; + if (useNative && this.nativeExtensionProvider) { + this.logger.trace("handleRedirectPromise - acquiring token from native platform"); + const nativeClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.nativeExtensionProvider, request.accountId, this.nativeInternalStorage, request.correlationId); + redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), PerformanceEvents.HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(this.performanceClient, rootMeasurement.event.correlationId); + } + else { + this.logger.trace("handleRedirectPromise - acquiring token from web flow"); + const redirectClient = this.createRedirectClient(correlationId); + redirectResponse = invokeAsync(redirectClient.handleRedirectPromise.bind(redirectClient), PerformanceEvents.HandleRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(hash, rootMeasurement); + } + return redirectResponse + .then((result) => { + if (result) { + // Emit login event if number of accounts change + const isLoggingIn = loggedInAccounts.length < this.getAllAccounts().length; + if (isLoggingIn) { + this.eventHandler.emitEvent(EventType.LOGIN_SUCCESS, InteractionType.Redirect, result); + this.logger.verbose("handleRedirectResponse returned result, login success"); + } + else { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_SUCCESS, InteractionType.Redirect, result); + this.logger.verbose("handleRedirectResponse returned result, acquire token success"); + } + rootMeasurement.end({ + success: true, + accountType: getAccountType(result.account), + }); + } + else { + /* + * Instrument an event only if an error code is set. Otherwise, discard it when the redirect response + * is empty and the error code is missing. + */ + if (rootMeasurement.event.errorCode) { + rootMeasurement.end({ success: false }); + } + else { + rootMeasurement.discard(); + } + } + this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_END, InteractionType.Redirect); + return result; + }) + .catch((e) => { + const eventError = e; + // Emit login event if there is an account + if (loggedInAccounts.length > 0) { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_FAILURE, InteractionType.Redirect, null, eventError); + } + else { + this.eventHandler.emitEvent(EventType.LOGIN_FAILURE, InteractionType.Redirect, null, eventError); + } + this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_END, InteractionType.Redirect); + rootMeasurement.end({ + success: false, + }, eventError); + throw e; + }); + } + /** + * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects + * the page, so any code that follows this function will not execute. + * + * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current + * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. + * + * @param request + */ + async acquireTokenRedirect(request) { + // Preflight request + const correlationId = this.getRequestCorrelationId(request); + this.logger.verbose("acquireTokenRedirect called", correlationId); + const atrMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenPreRedirect, correlationId); + atrMeasurement.add({ + accountType: getAccountType(request.account), + scenarioId: request.scenarioId, + }); + // Override on request only if set, as onRedirectNavigate field is deprecated + const onRedirectNavigateCb = request.onRedirectNavigate; + if (onRedirectNavigateCb) { + request.onRedirectNavigate = (url) => { + const navigate = typeof onRedirectNavigateCb === "function" + ? onRedirectNavigateCb(url) + : undefined; + if (navigate !== false) { + atrMeasurement.end({ success: true }); + } + else { + atrMeasurement.discard(); + } + return navigate; + }; + } + else { + const configOnRedirectNavigateCb = this.config.auth.onRedirectNavigate; + this.config.auth.onRedirectNavigate = (url) => { + const navigate = typeof configOnRedirectNavigateCb === "function" + ? configOnRedirectNavigateCb(url) + : undefined; + if (navigate !== false) { + atrMeasurement.end({ success: true }); + } + else { + atrMeasurement.discard(); + } + return navigate; + }; + } + // If logged in, emit acquire token events + const isLoggedIn = this.getAllAccounts().length > 0; + try { + redirectPreflightCheck(this.initialized, this.config); + this.browserStorage.setInteractionInProgress(true); + if (isLoggedIn) { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, InteractionType.Redirect, request); + } + else { + this.eventHandler.emitEvent(EventType.LOGIN_START, InteractionType.Redirect, request); + } + let result; + if (this.nativeExtensionProvider && this.canUseNative(request)) { + const nativeClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.nativeExtensionProvider, this.getNativeAccountId(request), this.nativeInternalStorage, correlationId); + result = nativeClient + .acquireTokenRedirect(request, atrMeasurement) + .catch((e) => { + if (e instanceof NativeAuthError && + isFatalNativeAuthError(e)) { + this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt + const redirectClient = this.createRedirectClient(correlationId); + return redirectClient.acquireToken(request); + } + else if (e instanceof InteractionRequiredAuthError) { + this.logger.verbose("acquireTokenRedirect - Resolving interaction required error thrown by native broker by falling back to web flow"); + const redirectClient = this.createRedirectClient(correlationId); + return redirectClient.acquireToken(request); + } + this.browserStorage.setInteractionInProgress(false); + throw e; + }); + } + else { + const redirectClient = this.createRedirectClient(correlationId); + result = redirectClient.acquireToken(request); + } + return await result; + } + catch (e) { + atrMeasurement.end({ success: false }, e); + if (isLoggedIn) { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_FAILURE, InteractionType.Redirect, null, e); + } + else { + this.eventHandler.emitEvent(EventType.LOGIN_FAILURE, InteractionType.Redirect, null, e); + } + throw e; + } + } + // #endregion + // #region Popup Flow + /** + * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser + * + * @param request + * + * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. + */ + acquireTokenPopup(request) { + const correlationId = this.getRequestCorrelationId(request); + const atPopupMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenPopup, correlationId); + atPopupMeasurement.add({ + scenarioId: request.scenarioId, + accountType: getAccountType(request.account), + }); + try { + this.logger.verbose("acquireTokenPopup called", correlationId); + StandardController_preflightCheck(this.initialized, atPopupMeasurement); + this.browserStorage.setInteractionInProgress(true); + } + catch (e) { + // Since this function is syncronous we need to reject + return Promise.reject(e); + } + // If logged in, emit acquire token events + const loggedInAccounts = this.getAllAccounts(); + if (loggedInAccounts.length > 0) { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, InteractionType.Popup, request); + } + else { + this.eventHandler.emitEvent(EventType.LOGIN_START, InteractionType.Popup, request); + } + let result; + if (this.canUseNative(request)) { + result = this.acquireTokenNative({ + ...request, + correlationId, + }, ApiId.acquireTokenPopup) + .then((response) => { + this.browserStorage.setInteractionInProgress(false); + atPopupMeasurement.end({ + success: true, + isNativeBroker: true, + requestId: response.requestId, + accountType: getAccountType(response.account), + }); + return response; + }) + .catch((e) => { + if (e instanceof NativeAuthError && + isFatalNativeAuthError(e)) { + this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt + const popupClient = this.createPopupClient(correlationId); + return popupClient.acquireToken(request); + } + else if (e instanceof InteractionRequiredAuthError) { + this.logger.verbose("acquireTokenPopup - Resolving interaction required error thrown by native broker by falling back to web flow"); + const popupClient = this.createPopupClient(correlationId); + return popupClient.acquireToken(request); + } + this.browserStorage.setInteractionInProgress(false); + throw e; + }); + } + else { + const popupClient = this.createPopupClient(correlationId); + result = popupClient.acquireToken(request); + } + return result + .then((result) => { + /* + * If logged in, emit acquire token events + */ + const isLoggingIn = loggedInAccounts.length < this.getAllAccounts().length; + if (isLoggingIn) { + this.eventHandler.emitEvent(EventType.LOGIN_SUCCESS, InteractionType.Popup, result); + } + else { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_SUCCESS, InteractionType.Popup, result); + } + atPopupMeasurement.end({ + success: true, + requestId: result.requestId, + accessTokenSize: result.accessToken.length, + idTokenSize: result.idToken.length, + accountType: getAccountType(result.account), + }); + return result; + }) + .catch((e) => { + if (loggedInAccounts.length > 0) { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_FAILURE, InteractionType.Popup, null, e); + } + else { + this.eventHandler.emitEvent(EventType.LOGIN_FAILURE, InteractionType.Popup, null, e); + } + atPopupMeasurement.end({ + success: false, + }, e); + // Since this function is syncronous we need to reject + return Promise.reject(e); + }); + } + trackPageVisibilityWithMeasurement() { + const measurement = this.ssoSilentMeasurement || + this.acquireTokenByCodeAsyncMeasurement; + if (!measurement) { + return; + } + this.logger.info("Perf: Visibility change detected in ", measurement.event.name); + measurement.increment({ + visibilityChangeCount: 1, + }); + } + // #endregion + // #region Silent Flow + /** + * This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work: + * - Any browser using a form of Intelligent Tracking Prevention + * - If there is not an established session with the service + * + * In these cases, the request must be done inside a popup or full frame redirect. + * + * For the cases where interaction is required, you cannot send a request with prompt=none. + * + * If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as + * you session on the server still exists. + * @param request {@link SsoSilentRequest} + * + * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. + */ + async ssoSilent(request) { + const correlationId = this.getRequestCorrelationId(request); + const validRequest = { + ...request, + // will be PromptValue.NONE or PromptValue.NO_SESSION + prompt: request.prompt, + correlationId: correlationId, + }; + this.ssoSilentMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.SsoSilent, correlationId); + this.ssoSilentMeasurement?.add({ + scenarioId: request.scenarioId, + accountType: getAccountType(request.account), + }); + StandardController_preflightCheck(this.initialized, this.ssoSilentMeasurement); + this.ssoSilentMeasurement?.increment({ + visibilityChangeCount: 0, + }); + document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement); + this.logger.verbose("ssoSilent called", correlationId); + this.eventHandler.emitEvent(EventType.SSO_SILENT_START, InteractionType.Silent, validRequest); + let result; + if (this.canUseNative(validRequest)) { + result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch((e) => { + // If native token acquisition fails for availability reasons fallback to standard flow + if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) { + this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt + const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId); + return silentIframeClient.acquireToken(validRequest); + } + throw e; + }); + } + else { + const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId); + result = silentIframeClient.acquireToken(validRequest); + } + return result + .then((response) => { + this.eventHandler.emitEvent(EventType.SSO_SILENT_SUCCESS, InteractionType.Silent, response); + this.ssoSilentMeasurement?.end({ + success: true, + isNativeBroker: response.fromNativeBroker, + requestId: response.requestId, + accessTokenSize: response.accessToken.length, + idTokenSize: response.idToken.length, + accountType: getAccountType(response.account), + }); + return response; + }) + .catch((e) => { + this.eventHandler.emitEvent(EventType.SSO_SILENT_FAILURE, InteractionType.Silent, null, e); + this.ssoSilentMeasurement?.end({ + success: false, + }, e); + throw e; + }) + .finally(() => { + document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement); + }); + } + /** + * This function redeems an authorization code (passed as code) from the eSTS token endpoint. + * This authorization code should be acquired server-side using a confidential client to acquire a spa_code. + * This API is not indended for normal authorization code acquisition and redemption. + * + * Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client. + * + * @param request {@link AuthorizationCodeRequest} + * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. + */ + async acquireTokenByCode(request) { + const correlationId = this.getRequestCorrelationId(request); + this.logger.trace("acquireTokenByCode called", correlationId); + const atbcMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenByCode, correlationId); + StandardController_preflightCheck(this.initialized, atbcMeasurement); + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_START, InteractionType.Silent, request); + atbcMeasurement.add({ scenarioId: request.scenarioId }); + try { + if (request.code && request.nativeAccountId) { + // Throw error in case server returns both spa_code and spa_accountid in exchange for auth code. + throw createBrowserAuthError(spaCodeAndNativeAccountIdPresent); + } + else if (request.code) { + const hybridAuthCode = request.code; + let response = this.hybridAuthCodeResponses.get(hybridAuthCode); + if (!response) { + this.logger.verbose("Initiating new acquireTokenByCode request", correlationId); + response = this.acquireTokenByCodeAsync({ + ...request, + correlationId, + }) + .then((result) => { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_SUCCESS, InteractionType.Silent, result); + this.hybridAuthCodeResponses.delete(hybridAuthCode); + atbcMeasurement.end({ + success: true, + isNativeBroker: result.fromNativeBroker, + requestId: result.requestId, + accessTokenSize: result.accessToken.length, + idTokenSize: result.idToken.length, + accountType: getAccountType(result.account), + }); + return result; + }) + .catch((error) => { + this.hybridAuthCodeResponses.delete(hybridAuthCode); + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_FAILURE, InteractionType.Silent, null, error); + atbcMeasurement.end({ + success: false, + }, error); + throw error; + }); + this.hybridAuthCodeResponses.set(hybridAuthCode, response); + } + else { + this.logger.verbose("Existing acquireTokenByCode request found", correlationId); + atbcMeasurement.discard(); + } + return await response; + } + else if (request.nativeAccountId) { + if (this.canUseNative(request, request.nativeAccountId)) { + const result = await this.acquireTokenNative({ + ...request, + correlationId, + }, ApiId.acquireTokenByCode, request.nativeAccountId).catch((e) => { + // If native token acquisition fails for availability reasons fallback to standard flow + if (e instanceof NativeAuthError && + isFatalNativeAuthError(e)) { + this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt + } + throw e; + }); + atbcMeasurement.end({ + accountType: getAccountType(result.account), + success: true, + }); + return result; + } + else { + throw createBrowserAuthError(unableToAcquireTokenFromNativePlatform); + } + } + else { + throw createBrowserAuthError(authCodeOrNativeAccountIdRequired); + } + } + catch (e) { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_FAILURE, InteractionType.Silent, null, e); + atbcMeasurement.end({ + success: false, + }, e); + throw e; + } + } + /** + * Creates a SilentAuthCodeClient to redeem an authorization code. + * @param request + * @returns Result of the operation to redeem the authorization code + */ + async acquireTokenByCodeAsync(request) { + this.logger.trace("acquireTokenByCodeAsync called", request.correlationId); + this.acquireTokenByCodeAsyncMeasurement = + this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenByCodeAsync, request.correlationId); + this.acquireTokenByCodeAsyncMeasurement?.increment({ + visibilityChangeCount: 0, + }); + document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement); + const silentAuthCodeClient = this.createSilentAuthCodeClient(request.correlationId); + const silentTokenResult = await silentAuthCodeClient + .acquireToken(request) + .then((response) => { + this.acquireTokenByCodeAsyncMeasurement?.end({ + success: true, + fromCache: response.fromCache, + isNativeBroker: response.fromNativeBroker, + requestId: response.requestId, + }); + return response; + }) + .catch((tokenRenewalError) => { + this.acquireTokenByCodeAsyncMeasurement?.end({ + success: false, + }, tokenRenewalError); + throw tokenRenewalError; + }) + .finally(() => { + document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement); + }); + return silentTokenResult; + } + /** + * Attempt to acquire an access token from the cache + * @param silentCacheClient SilentCacheClient + * @param commonRequest CommonSilentFlowRequest + * @param silentRequest SilentRequest + * @returns A promise that, when resolved, returns the access token + */ + async acquireTokenFromCache(commonRequest, cacheLookupPolicy) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenFromCache, commonRequest.correlationId); + switch (cacheLookupPolicy) { + case CacheLookupPolicy.Default: + case CacheLookupPolicy.AccessToken: + case CacheLookupPolicy.AccessTokenAndRefreshToken: + const silentCacheClient = this.createSilentCacheClient(commonRequest.correlationId); + return invokeAsync(silentCacheClient.acquireToken.bind(silentCacheClient), PerformanceEvents.SilentCacheClientAcquireToken, this.logger, this.performanceClient, commonRequest.correlationId)(commonRequest); + default: + throw createClientAuthError(tokenRefreshRequired); + } + } + /** + * Attempt to acquire an access token via a refresh token + * @param commonRequest CommonSilentFlowRequest + * @param cacheLookupPolicy CacheLookupPolicy + * @returns A promise that, when resolved, returns the access token + */ + async acquireTokenByRefreshToken(commonRequest, cacheLookupPolicy) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenByRefreshToken, commonRequest.correlationId); + switch (cacheLookupPolicy) { + case CacheLookupPolicy.Default: + case CacheLookupPolicy.AccessTokenAndRefreshToken: + case CacheLookupPolicy.RefreshToken: + case CacheLookupPolicy.RefreshTokenAndNetwork: + const silentRefreshClient = this.createSilentRefreshClient(commonRequest.correlationId); + return invokeAsync(silentRefreshClient.acquireToken.bind(silentRefreshClient), PerformanceEvents.SilentRefreshClientAcquireToken, this.logger, this.performanceClient, commonRequest.correlationId)(commonRequest); + default: + throw createClientAuthError(tokenRefreshRequired); + } + } + /** + * Attempt to acquire an access token via an iframe + * @param request CommonSilentFlowRequest + * @returns A promise that, when resolved, returns the access token + */ + async acquireTokenBySilentIframe(request) { + this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenBySilentIframe, request.correlationId); + const silentIframeClient = this.createSilentIframeClient(request.correlationId); + return invokeAsync(silentIframeClient.acquireToken.bind(silentIframeClient), PerformanceEvents.SilentIframeClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(request); + } + // #endregion + // #region Logout + /** + * Deprecated logout function. Use logoutRedirect or logoutPopup instead + * @param logoutRequest + * @deprecated + */ + async logout(logoutRequest) { + const correlationId = this.getRequestCorrelationId(logoutRequest); + this.logger.warning("logout API is deprecated and will be removed in msal-browser v3.0.0. Use logoutRedirect instead.", correlationId); + return this.logoutRedirect({ + correlationId, + ...logoutRequest, + }); + } + /** + * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. + * Default behaviour is to redirect the user to `window.location.href`. + * @param logoutRequest + */ + async logoutRedirect(logoutRequest) { + const correlationId = this.getRequestCorrelationId(logoutRequest); + redirectPreflightCheck(this.initialized, this.config); + this.browserStorage.setInteractionInProgress(true); + const redirectClient = this.createRedirectClient(correlationId); + return redirectClient.logout(logoutRequest); + } + /** + * Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server + * @param logoutRequest + */ + logoutPopup(logoutRequest) { + try { + const correlationId = this.getRequestCorrelationId(logoutRequest); + preflightCheck(this.initialized); + this.browserStorage.setInteractionInProgress(true); + const popupClient = this.createPopupClient(correlationId); + return popupClient.logout(logoutRequest); + } + catch (e) { + // Since this function is syncronous we need to reject + return Promise.reject(e); + } + } + /** + * Creates a cache interaction client to clear broswer cache. + * @param logoutRequest + */ + async clearCache(logoutRequest) { + const correlationId = this.getRequestCorrelationId(logoutRequest); + const cacheClient = this.createSilentCacheClient(correlationId); + return cacheClient.logout(logoutRequest); + } + // #endregion + // #region Account APIs + /** + * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned. + * @param accountFilter - (Optional) filter to narrow down the accounts returned + * @returns Array of AccountInfo objects in cache + */ + getAllAccounts(accountFilter) { + return getAllAccounts(this.logger, this.browserStorage, this.isBrowserEnvironment, accountFilter); + } + /** + * Returns the first account found in the cache that matches the account filter passed in. + * @param accountFilter + * @returns The first account found in the cache matching the provided filter or null if no account could be found. + */ + getAccount(accountFilter) { + return getAccount(accountFilter, this.logger, this.browserStorage); + } + /** + * Returns the signed in account matching username. + * (the account object is created at the time of successful login) + * or null when no matching account is found. + * This API is provided for convenience but getAccountById should be used for best reliability + * @param username + * @returns The account object stored in MSAL + */ + getAccountByUsername(username) { + return getAccountByUsername(username, this.logger, this.browserStorage); + } + /** + * Returns the signed in account matching homeAccountId. + * (the account object is created at the time of successful login) + * or null when no matching account is found + * @param homeAccountId + * @returns The account object stored in MSAL + */ + getAccountByHomeId(homeAccountId) { + return getAccountByHomeId(homeAccountId, this.logger, this.browserStorage); + } + /** + * Returns the signed in account matching localAccountId. + * (the account object is created at the time of successful login) + * or null when no matching account is found + * @param localAccountId + * @returns The account object stored in MSAL + */ + getAccountByLocalId(localAccountId) { + return getAccountByLocalId(localAccountId, this.logger, this.browserStorage); + } + /** + * Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account. + * @param account + */ + setActiveAccount(account) { + setActiveAccount(account, this.browserStorage); + } + /** + * Gets the currently active account + */ + getActiveAccount() { + return getActiveAccount(this.browserStorage); + } + // #endregion + /** + * Hydrates the cache with the tokens from an AuthenticationResult + * @param result + * @param request + * @returns + */ + async hydrateCache(result, request) { + this.logger.verbose("hydrateCache called"); + // Account gets saved to browser storage regardless of native or not + const accountEntity = AccountEntity.createFromAccountInfo(result.account, result.cloudGraphHostName, result.msGraphHost); + this.browserStorage.setAccount(accountEntity); + if (result.fromNativeBroker) { + this.logger.verbose("Response was from native broker, storing in-memory"); + // Tokens from native broker are stored in-memory + return this.nativeInternalStorage.hydrateCache(result, request); + } + else { + return this.browserStorage.hydrateCache(result, request); + } + } + // #region Helpers + /** + * Acquire a token from native device (e.g. WAM) + * @param request + */ + async acquireTokenNative(request, apiId, accountId) { + this.logger.trace("acquireTokenNative called"); + if (!this.nativeExtensionProvider) { + throw createBrowserAuthError(nativeConnectionNotEstablished); + } + const nativeClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.nativeExtensionProvider, accountId || this.getNativeAccountId(request), this.nativeInternalStorage, request.correlationId); + return nativeClient.acquireToken(request); + } + /** + * Returns boolean indicating if this request can use the native broker + * @param request + */ + canUseNative(request, accountId) { + this.logger.trace("canUseNative called"); + if (!NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider, request.authenticationScheme)) { + this.logger.trace("canUseNative: isNativeAvailable returned false, returning false"); + return false; + } + if (request.prompt) { + switch (request.prompt) { + case PromptValue.NONE: + case PromptValue.CONSENT: + case PromptValue.LOGIN: + this.logger.trace("canUseNative: prompt is compatible with native flow"); + break; + default: + this.logger.trace(`canUseNative: prompt = ${request.prompt} is not compatible with native flow, returning false`); + return false; + } + } + if (!accountId && !this.getNativeAccountId(request)) { + this.logger.trace("canUseNative: nativeAccountId is not available, returning false"); + return false; + } + return true; + } + /** + * Get the native accountId from the account + * @param request + * @returns + */ + getNativeAccountId(request) { + const account = request.account || + this.getAccount({ + loginHint: request.loginHint, + sid: request.sid, + }) || + this.getActiveAccount(); + return (account && account.nativeAccountId) || ""; + } + /** + * Returns new instance of the Popup Interaction Client + * @param correlationId + */ + createPopupClient(correlationId) { + return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, this.nativeExtensionProvider, correlationId); + } + /** + * Returns new instance of the Redirect Interaction Client + * @param correlationId + */ + createRedirectClient(correlationId) { + return new RedirectClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, this.nativeExtensionProvider, correlationId); + } + /** + * Returns new instance of the Silent Iframe Interaction Client + * @param correlationId + */ + createSilentIframeClient(correlationId) { + return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, this.nativeExtensionProvider, correlationId); + } + /** + * Returns new instance of the Silent Cache Interaction Client + */ + createSilentCacheClient(correlationId) { + return new SilentCacheClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeExtensionProvider, correlationId); + } + /** + * Returns new instance of the Silent Refresh Interaction Client + */ + createSilentRefreshClient(correlationId) { + return new SilentRefreshClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeExtensionProvider, correlationId); + } + /** + * Returns new instance of the Silent AuthCode Interaction Client + */ + createSilentAuthCodeClient(correlationId) { + return new SilentAuthCodeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenByCode, this.performanceClient, this.nativeExtensionProvider, correlationId); + } + /** + * Adds event callbacks to array + * @param callback + */ + addEventCallback(callback) { + return this.eventHandler.addEventCallback(callback); + } + /** + * Removes callback with provided id from callback array + * @param callbackId + */ + removeEventCallback(callbackId) { + this.eventHandler.removeEventCallback(callbackId); + } + /** + * Registers a callback to receive performance events. + * + * @param {PerformanceCallbackFunction} callback + * @returns {string} + */ + addPerformanceCallback(callback) { + return this.performanceClient.addPerformanceCallback(callback); + } + /** + * Removes a callback registered with addPerformanceCallback. + * + * @param {string} callbackId + * @returns {boolean} + */ + removePerformanceCallback(callbackId) { + return this.performanceClient.removePerformanceCallback(callbackId); + } + /** + * Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window + */ + enableAccountStorageEvents() { + this.eventHandler.enableAccountStorageEvents(); + } + /** + * Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window + */ + disableAccountStorageEvents() { + this.eventHandler.disableAccountStorageEvents(); + } + /** + * Gets the token cache for the application. + */ + getTokenCache() { + return this.tokenCache; + } + /** + * Returns the logger instance + */ + getLogger() { + return this.logger; + } + /** + * Replaces the default logger set in configurations with new Logger with new configurations + * @param logger Logger instance + */ + setLogger(logger) { + this.logger = logger; + } + /** + * Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc. + * @param sku + * @param version + */ + initializeWrapperLibrary(sku, version) { + // Validate the SKU passed in is one we expect + this.browserStorage.setWrapperMetadata(sku, version); + } + /** + * Sets navigation client + * @param navigationClient + */ + setNavigationClient(navigationClient) { + this.navigationClient = navigationClient; + } + /** + * Returns the configuration object + */ + getConfiguration() { + return this.config; + } + /** + * Returns the performance client + */ + getPerformanceClient() { + return this.performanceClient; + } + /** + * Returns the browser env indicator + */ + isBrowserEnv() { + return this.isBrowserEnvironment; + } + /** + * Returns the event handler + */ + getEventHandler() { + return this.eventHandler; + } + /** + * Generates a correlation id for a request if none is provided. + * + * @protected + * @param {?Partial} [request] + * @returns {string} + */ + getRequestCorrelationId(request) { + if (request?.correlationId) { + return request.correlationId; + } + if (this.isBrowserEnvironment) { + return BrowserCrypto_createNewGuid(); + } + /* + * Included for fallback for non-browser environments, + * and to ensure this method always returns a string. + */ + return Constants.EMPTY_STRING; + } + // #endregion + /** + * Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so + * any code that follows this function will not execute. + * + * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current + * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. + * + * @param request + */ + async loginRedirect(request) { + const correlationId = this.getRequestCorrelationId(request); + this.logger.verbose("loginRedirect called", correlationId); + return this.acquireTokenRedirect({ + correlationId, + ...(request || DEFAULT_REQUEST), + }); + } + /** + * Use when initiating the login process via opening a popup window in the user's browser + * + * @param request + * + * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. + */ + loginPopup(request) { + const correlationId = this.getRequestCorrelationId(request); + this.logger.verbose("loginPopup called", correlationId); + return this.acquireTokenPopup({ + correlationId, + ...(request || DEFAULT_REQUEST), + }); + } + /** + * Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made. + * + * @param {@link (SilentRequest:type)} + * @returns {Promise.} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object + */ + async acquireTokenSilent(request) { + const correlationId = this.getRequestCorrelationId(request); + const atsMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenSilent, correlationId); + atsMeasurement.add({ + cacheLookupPolicy: request.cacheLookupPolicy, + scenarioId: request.scenarioId, + }); + StandardController_preflightCheck(this.initialized, atsMeasurement); + this.logger.verbose("acquireTokenSilent called", correlationId); + const account = request.account || this.getActiveAccount(); + if (!account) { + throw createBrowserAuthError(noAccountError); + } + atsMeasurement.add({ accountType: getAccountType(account) }); + const thumbprint = { + clientId: this.config.auth.clientId, + authority: request.authority || Constants.EMPTY_STRING, + scopes: request.scopes, + homeAccountIdentifier: account.homeAccountId, + claims: request.claims, + authenticationScheme: request.authenticationScheme, + resourceRequestMethod: request.resourceRequestMethod, + resourceRequestUri: request.resourceRequestUri, + shrClaims: request.shrClaims, + sshKid: request.sshKid, + shrOptions: request.shrOptions, + }; + const silentRequestKey = JSON.stringify(thumbprint); + const cachedResponse = this.activeSilentTokenRequests.get(silentRequestKey); + if (typeof cachedResponse === "undefined") { + this.logger.verbose("acquireTokenSilent called for the first time, storing active request", correlationId); + const response = invokeAsync(this.acquireTokenSilentAsync.bind(this), PerformanceEvents.AcquireTokenSilentAsync, this.logger, this.performanceClient, correlationId)({ + ...request, + correlationId, + }, account) + .then((result) => { + this.activeSilentTokenRequests.delete(silentRequestKey); + atsMeasurement.end({ + success: true, + fromCache: result.fromCache, + isNativeBroker: result.fromNativeBroker, + cacheLookupPolicy: request.cacheLookupPolicy, + requestId: result.requestId, + accessTokenSize: result.accessToken.length, + idTokenSize: result.idToken.length, + }); + return result; + }) + .catch((error) => { + this.activeSilentTokenRequests.delete(silentRequestKey); + atsMeasurement.end({ + success: false, + }, error); + throw error; + }); + this.activeSilentTokenRequests.set(silentRequestKey, response); + return { + ...(await response), + state: request.state, + }; + } + else { + this.logger.verbose("acquireTokenSilent has been called previously, returning the result from the first call", correlationId); + // Discard measurements for memoized calls, as they are usually only a couple of ms and will artificially deflate metrics + atsMeasurement.discard(); + return { + ...(await cachedResponse), + state: request.state, + }; + } + } + /** + * Silently acquire an access token for a given set of scopes. Will use cached token if available, otherwise will attempt to acquire a new token from the network via refresh token. + * @param {@link (SilentRequest:type)} + * @param {@link (AccountInfo:type)} + * @returns {Promise.} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} + */ + async acquireTokenSilentAsync(request, account) { + const trackPageVisibility = () => this.trackPageVisibility(request.correlationId); + this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenSilentAsync, request.correlationId); + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, InteractionType.Silent, request); + if (request.correlationId) { + this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId); + } + document.addEventListener("visibilitychange", trackPageVisibility); + const silentRequest = await invokeAsync(initializeSilentRequest, PerformanceEvents.InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger); + const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default; + const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => { + const shouldTryToResolveSilently = checkIfRefreshTokenErrorCanBeResolvedSilently(refreshTokenError, cacheLookupPolicy); + if (shouldTryToResolveSilently) { + if (!this.activeIframeRequest) { + let _resolve; + // Always set the active request tracker immediately after checking it to prevent races + this.activeIframeRequest = [ + new Promise((resolve) => { + _resolve = resolve; + }), + silentRequest.correlationId, + ]; + this.logger.verbose("Refresh token expired/invalid or CacheLookupPolicy is set to Skip, attempting acquire token by iframe.", silentRequest.correlationId); + return invokeAsync(this.acquireTokenBySilentIframe.bind(this), PerformanceEvents.AcquireTokenBySilentIframe, this.logger, this.performanceClient, silentRequest.correlationId)(silentRequest) + .then((iframeResult) => { + _resolve(true); + return iframeResult; + }) + .catch((e) => { + _resolve(false); + throw e; + }) + .finally(() => { + this.activeIframeRequest = undefined; + }); + } + else if (cacheLookupPolicy !== CacheLookupPolicy.Skip) { + const [activePromise, activeCorrelationId] = this.activeIframeRequest; + this.logger.verbose(`Iframe request is already in progress, awaiting resolution for request with correlationId: ${activeCorrelationId}`, silentRequest.correlationId); + const awaitConcurrentIframeMeasure = this.performanceClient.startMeasurement(PerformanceEvents.AwaitConcurrentIframe, silentRequest.correlationId); + awaitConcurrentIframeMeasure.add({ + awaitIframeCorrelationId: activeCorrelationId, + }); + const activePromiseResult = await activePromise; + awaitConcurrentIframeMeasure.end({ + success: activePromiseResult, + }); + if (activePromiseResult) { + this.logger.verbose(`Parallel iframe request with correlationId: ${activeCorrelationId} succeeded. Retrying cache and/or RT redemption`, silentRequest.correlationId); + // Retry cache lookup and/or RT exchange after iframe completes + return this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy); + } + else { + this.logger.info(`Iframe request with correlationId: ${activeCorrelationId} failed. Interaction is required.`); + // If previous iframe request failed, it's unlikely to succeed this time. Throw original error. + throw refreshTokenError; + } + } + else { + // Cache policy set to skip and another iframe request is already in progress + this.logger.warning("Another iframe request is currently in progress and CacheLookupPolicy is set to Skip. This may result in degraded performance and/or reliability for both calls. Please consider changing the CacheLookupPolicy to take advantage of request queuing and token cache.", silentRequest.correlationId); + return invokeAsync(this.acquireTokenBySilentIframe.bind(this), PerformanceEvents.AcquireTokenBySilentIframe, this.logger, this.performanceClient, silentRequest.correlationId)(silentRequest); + } + } + else { + // Error cannot be silently resolved or iframe renewal is not allowed, interaction required + throw refreshTokenError; + } + }); + return result + .then((response) => { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_SUCCESS, InteractionType.Silent, response); + if (request.correlationId) { + this.performanceClient.addFields({ + fromCache: response.fromCache, + isNativeBroker: response.fromNativeBroker, + requestId: response.requestId, + }, request.correlationId); + } + return response; + }) + .catch((tokenRenewalError) => { + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_FAILURE, InteractionType.Silent, null, tokenRenewalError); + throw tokenRenewalError; + }) + .finally(() => { + document.removeEventListener("visibilitychange", trackPageVisibility); + }); + } + /** + * AcquireTokenSilent without the iframe fallback. This is used to enable the correct fallbacks in cases where there's a potential for multiple silent requests to be made in parallel and prevent those requests from making concurrent iframe requests. + * @param silentRequest + * @param cacheLookupPolicy + * @returns + */ + async acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy) { + if (NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider, silentRequest.authenticationScheme) && + silentRequest.account.nativeAccountId) { + this.logger.verbose("acquireTokenSilent - attempting to acquire token from native platform"); + return this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow).catch(async (e) => { + // If native token acquisition fails for availability reasons fallback to web flow + if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) { + this.logger.verbose("acquireTokenSilent - native platform unavailable, falling back to web flow"); + this.nativeExtensionProvider = undefined; // Prevent future requests from continuing to attempt + // Cache will not contain tokens, given that previous WAM requests succeeded. Skip cache and RT renewal and go straight to iframe renewal + throw createClientAuthError(tokenRefreshRequired); + } + throw e; + }); + } + else { + this.logger.verbose("acquireTokenSilent - attempting to acquire token from web flow"); + return invokeAsync(this.acquireTokenFromCache.bind(this), PerformanceEvents.AcquireTokenFromCache, this.logger, this.performanceClient, silentRequest.correlationId)(silentRequest, cacheLookupPolicy).catch((cacheError) => { + if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) { + throw cacheError; + } + this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_NETWORK_START, InteractionType.Silent, silentRequest); + return invokeAsync(this.acquireTokenByRefreshToken.bind(this), PerformanceEvents.AcquireTokenByRefreshToken, this.logger, this.performanceClient, silentRequest.correlationId)(silentRequest, cacheLookupPolicy); + }); + } + } +} +/** + * Determines whether an error thrown by the refresh token endpoint can be resolved without interaction + * @param refreshTokenError + * @param silentRequest + * @param cacheLookupPolicy + * @returns + */ +function checkIfRefreshTokenErrorCanBeResolvedSilently(refreshTokenError, cacheLookupPolicy) { + const noInteractionRequired = !(refreshTokenError instanceof InteractionRequiredAuthError && + // For refresh token errors, bad_token does not always require interaction (silently resolvable) + refreshTokenError.subError !== + badToken); + // Errors that result when the refresh token needs to be replaced + const refreshTokenRefreshRequired = refreshTokenError.errorCode === BrowserConstants.INVALID_GRANT_ERROR || + refreshTokenError.errorCode === + tokenRefreshRequired; + // Errors that may be resolved before falling back to interaction (through iframe renewal) + const isSilentlyResolvable = (noInteractionRequired && refreshTokenRefreshRequired) || + refreshTokenError.errorCode === + noTokensFound || + refreshTokenError.errorCode === + refreshTokenExpired; + // Only these policies allow for an iframe renewal attempt + const tryIframeRenewal = iFrameRenewalPolicies.includes(cacheLookupPolicy); + return isSilentlyResolvable && tryIframeRenewal; +} +//# sourceMappingURL=StandardController.mjs.map +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/controllers/ControllerFactory.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +async function createV3Controller(config, request) { + const standard = new StandardOperatingContext_StandardOperatingContext(config); + await standard.initialize(); + return StandardController_StandardController.createController(standard, request); +} +async function createController(config) { + const standard = new StandardOperatingContext(config); + const nestedApp = new NestedAppOperatingContext(config); + const operatingContexts = [standard.initialize(), nestedApp.initialize()]; + await Promise.all(operatingContexts); + if (nestedApp.isAvailable() && config.auth.supportsNestedAppAuth) { + return NestedAppAuthController.createController(nestedApp); + } + else if (standard.isAvailable()) { + return StandardController.createController(standard); + } + else { + // Since neither of the actual operating contexts are available keep the UnknownOperatingContextController + return null; + } +} +//# sourceMappingURL=ControllerFactory.mjs.map -/* - * Copyright (c) Microsoft Corporation. All rights reserved. - * Licensed under the MIT License. - */ -/** - * The PublicClientApplication class is the object exposed by the library to perform authentication and authorization functions in Single Page Applications - * to obtain JWT tokens as described in the OAuth 2.0 Authorization Code Flow with PKCE specification. - */ -class PublicClientApplication { - /** - * Creates StandardController and passes it to the PublicClientApplication - * - * @param configuration {Configuration} - */ - static async createPublicClientApplication(configuration) { - const controller = await createV3Controller(configuration); - const pca = new PublicClientApplication(configuration, controller); - return pca; - } - /** - * @constructor - * Constructor for the PublicClientApplication used to instantiate the PublicClientApplication object - * - * Important attributes in the Configuration object for auth are: - * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview - * - authority: the authority URL for your application. - * - redirect_uri: the uri of your application registered in the portal. - * - * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens. - * It is of the form https://login.microsoftonline.com/{Enter_the_Tenant_Info_Here} - * If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com). - * If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations. - * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common. - * To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers. - * - * In Azure B2C, authority is of the form https://{instance}/tfp/{tenant}/{policyName}/ - * Full B2C functionality will be available in this library in future versions. - * - * @param configuration Object for the MSAL PublicClientApplication instance - * @param IController Optional parameter to explictly set the controller. (Will be removed when we remove public constructor) - */ - constructor(configuration, controller) { - this.controller = - controller || - new StandardController_StandardController(new StandardOperatingContext_StandardOperatingContext(configuration)); - } - /** - * Initializer function to perform async startup tasks such as connecting to WAM extension - * @param request {?InitializeApplicationRequest} - */ - async initialize(request) { - return this.controller.initialize(request); - } - /** - * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser - * - * @param request - * - * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. - */ - async acquireTokenPopup(request) { - return this.controller.acquireTokenPopup(request); - } - /** - * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects - * the page, so any code that follows this function will not execute. - * - * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current - * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. - * - * @param request - */ - acquireTokenRedirect(request) { - return this.controller.acquireTokenRedirect(request); - } - /** - * Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made. - * - * @param {@link (SilentRequest:type)} - * @returns {Promise.} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthenticationResult} object - */ - acquireTokenSilent(silentRequest) { - return this.controller.acquireTokenSilent(silentRequest); - } - /** - * This function redeems an authorization code (passed as code) from the eSTS token endpoint. - * This authorization code should be acquired server-side using a confidential client to acquire a spa_code. - * This API is not indended for normal authorization code acquisition and redemption. - * - * Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client. - * - * @param request {@link AuthorizationCodeRequest} - * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. - */ - acquireTokenByCode(request) { - return this.controller.acquireTokenByCode(request); - } - /** - * Adds event callbacks to array - * @param callback - */ - addEventCallback(callback) { - return this.controller.addEventCallback(callback); - } - /** - * Removes callback with provided id from callback array - * @param callbackId - */ - removeEventCallback(callbackId) { - return this.controller.removeEventCallback(callbackId); - } - /** - * Registers a callback to receive performance events. - * - * @param {PerformanceCallbackFunction} callback - * @returns {string} - */ - addPerformanceCallback(callback) { - return this.controller.addPerformanceCallback(callback); - } - /** - * Removes a callback registered with addPerformanceCallback. - * - * @param {string} callbackId - * @returns {boolean} - */ - removePerformanceCallback(callbackId) { - return this.controller.removePerformanceCallback(callbackId); - } - /** - * Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window - */ - enableAccountStorageEvents() { - this.controller.enableAccountStorageEvents(); - } - /** - * Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window - */ - disableAccountStorageEvents() { - this.controller.disableAccountStorageEvents(); - } - /** - * Returns the first account found in the cache that matches the account filter passed in. - * @param accountFilter - * @returns The first account found in the cache matching the provided filter or null if no account could be found. - */ - getAccount(accountFilter) { - return this.controller.getAccount(accountFilter); - } - /** - * Returns the signed in account matching homeAccountId. - * (the account object is created at the time of successful login) - * or null when no matching account is found - * @param homeAccountId - * @returns The account object stored in MSAL - * @deprecated - Use getAccount instead - */ - getAccountByHomeId(homeAccountId) { - return this.controller.getAccountByHomeId(homeAccountId); - } - /** - * Returns the signed in account matching localAccountId. - * (the account object is created at the time of successful login) - * or null when no matching account is found - * @param localAccountId - * @returns The account object stored in MSAL - * @deprecated - Use getAccount instead - */ - getAccountByLocalId(localId) { - return this.controller.getAccountByLocalId(localId); - } - /** - * Returns the signed in account matching username. - * (the account object is created at the time of successful login) - * or null when no matching account is found. - * This API is provided for convenience but getAccountById should be used for best reliability - * @param userName - * @returns The account object stored in MSAL - * @deprecated - Use getAccount instead - */ - getAccountByUsername(userName) { - return this.controller.getAccountByUsername(userName); - } - /** - * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned. - * @param accountFilter - (Optional) filter to narrow down the accounts returned - * @returns Array of AccountInfo objects in cache - */ - getAllAccounts(accountFilter) { - return this.controller.getAllAccounts(accountFilter); - } - /** - * Event handler function which allows users to fire events after the PublicClientApplication object - * has loaded during redirect flows. This should be invoked on all page loads involved in redirect - * auth flows. - * @param hash Hash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value. - * @returns Token response or null. If the return value is null, then no auth redirect was detected. - */ - handleRedirectPromise(hash) { - return this.controller.handleRedirectPromise(hash); - } - /** - * Use when initiating the login process via opening a popup window in the user's browser - * - * @param request - * - * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. - */ - loginPopup(request) { - return this.controller.loginPopup(request); - } - /** - * Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so - * any code that follows this function will not execute. - * - * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current - * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. - * - * @param request - */ - loginRedirect(request) { - return this.controller.loginRedirect(request); - } - /** - * Deprecated logout function. Use logoutRedirect or logoutPopup instead - * @param logoutRequest - * @deprecated - */ - logout(logoutRequest) { - return this.controller.logout(logoutRequest); - } - /** - * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. - * Default behaviour is to redirect the user to `window.location.href`. - * @param logoutRequest - */ - logoutRedirect(logoutRequest) { - return this.controller.logoutRedirect(logoutRequest); - } - /** - * Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server - * @param logoutRequest - */ - logoutPopup(logoutRequest) { - return this.controller.logoutPopup(logoutRequest); - } - /** - * This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work: - * - Any browser using a form of Intelligent Tracking Prevention - * - If there is not an established session with the service - * - * In these cases, the request must be done inside a popup or full frame redirect. - * - * For the cases where interaction is required, you cannot send a request with prompt=none. - * - * If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as - * you session on the server still exists. - * @param request {@link SsoSilentRequest} - * - * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. - */ - ssoSilent(request) { - return this.controller.ssoSilent(request); - } - /** - * Gets the token cache for the application. - */ - getTokenCache() { - return this.controller.getTokenCache(); - } - /** - * Returns the logger instance - */ - getLogger() { - return this.controller.getLogger(); - } - /** - * Replaces the default logger set in configurations with new Logger with new configurations - * @param logger Logger instance - */ - setLogger(logger) { - this.controller.setLogger(logger); - } - /** - * Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account. - * @param account - */ - setActiveAccount(account) { - this.controller.setActiveAccount(account); - } - /** - * Gets the currently active account - */ - getActiveAccount() { - return this.controller.getActiveAccount(); - } - /** - * Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc. - * @param sku - * @param version - */ - initializeWrapperLibrary(sku, version) { - return this.controller.initializeWrapperLibrary(sku, version); - } - /** - * Sets navigation client - * @param navigationClient - */ - setNavigationClient(navigationClient) { - this.controller.setNavigationClient(navigationClient); - } - /** - * Returns the configuration object - * @internal - */ - getConfiguration() { - return this.controller.getConfiguration(); - } - /** - * Hydrates cache with the tokens and account in the AuthenticationResult object - * @param result - * @param request - The request object that was used to obtain the AuthenticationResult - * @returns - */ - async hydrateCache(result, request) { - return this.controller.hydrateCache(result, request); - } - /** - * Clears tokens and account from the browser cache. - * @param logoutRequest - */ - clearCache(logoutRequest) { - return this.controller.clearCache(logoutRequest); - } -} -/** - * creates NestedAppAuthController and passes it to the PublicClientApplication, - * falls back to StandardController if NestedAppAuthController is not available - * - * @param configuration - * @returns IPublicClientApplication - * - */ -async function createNestablePublicClientApplication(configuration) { - const nestedAppAuth = new NestedAppOperatingContext(configuration); - await nestedAppAuth.initialize(); - if (nestedAppAuth.isAvailable()) { - const controller = new NestedAppAuthController(nestedAppAuth); - return new PublicClientApplication(configuration, controller); - } - return createStandardPublicClientApplication(configuration); -} -/** - * creates PublicClientApplication using StandardController - * - * @param configuration - * @returns IPublicClientApplication - * - */ -async function createStandardPublicClientApplication(configuration) { - const pca = new PublicClientApplication(configuration); - await pca.initialize(); - return pca; +;// CONCATENATED MODULE: ./node_modules/@azure/msal-browser/dist/app/PublicClientApplication.mjs +/*! @azure/msal-browser v3.23.0 2024-09-03 */ + + + + + + + +/* + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. + */ +/** + * The PublicClientApplication class is the object exposed by the library to perform authentication and authorization functions in Single Page Applications + * to obtain JWT tokens as described in the OAuth 2.0 Authorization Code Flow with PKCE specification. + */ +class PublicClientApplication { + /** + * Creates StandardController and passes it to the PublicClientApplication + * + * @param configuration {Configuration} + */ + static async createPublicClientApplication(configuration) { + const controller = await createV3Controller(configuration); + const pca = new PublicClientApplication(configuration, controller); + return pca; + } + /** + * @constructor + * Constructor for the PublicClientApplication used to instantiate the PublicClientApplication object + * + * Important attributes in the Configuration object for auth are: + * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview + * - authority: the authority URL for your application. + * - redirect_uri: the uri of your application registered in the portal. + * + * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens. + * It is of the form https://login.microsoftonline.com/{Enter_the_Tenant_Info_Here} + * If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com). + * If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations. + * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common. + * To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers. + * + * In Azure B2C, authority is of the form https://{instance}/tfp/{tenant}/{policyName}/ + * Full B2C functionality will be available in this library in future versions. + * + * @param configuration Object for the MSAL PublicClientApplication instance + * @param IController Optional parameter to explictly set the controller. (Will be removed when we remove public constructor) + */ + constructor(configuration, controller) { + this.controller = + controller || + new StandardController_StandardController(new StandardOperatingContext_StandardOperatingContext(configuration)); + } + /** + * Initializer function to perform async startup tasks such as connecting to WAM extension + * @param request {?InitializeApplicationRequest} + */ + async initialize(request) { + return this.controller.initialize(request); + } + /** + * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser + * + * @param request + * + * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. + */ + async acquireTokenPopup(request) { + return this.controller.acquireTokenPopup(request); + } + /** + * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects + * the page, so any code that follows this function will not execute. + * + * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current + * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. + * + * @param request + */ + acquireTokenRedirect(request) { + return this.controller.acquireTokenRedirect(request); + } + /** + * Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made. + * + * @param {@link (SilentRequest:type)} + * @returns {Promise.} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthenticationResult} object + */ + acquireTokenSilent(silentRequest) { + return this.controller.acquireTokenSilent(silentRequest); + } + /** + * This function redeems an authorization code (passed as code) from the eSTS token endpoint. + * This authorization code should be acquired server-side using a confidential client to acquire a spa_code. + * This API is not indended for normal authorization code acquisition and redemption. + * + * Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client. + * + * @param request {@link AuthorizationCodeRequest} + * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. + */ + acquireTokenByCode(request) { + return this.controller.acquireTokenByCode(request); + } + /** + * Adds event callbacks to array + * @param callback + */ + addEventCallback(callback) { + return this.controller.addEventCallback(callback); + } + /** + * Removes callback with provided id from callback array + * @param callbackId + */ + removeEventCallback(callbackId) { + return this.controller.removeEventCallback(callbackId); + } + /** + * Registers a callback to receive performance events. + * + * @param {PerformanceCallbackFunction} callback + * @returns {string} + */ + addPerformanceCallback(callback) { + return this.controller.addPerformanceCallback(callback); + } + /** + * Removes a callback registered with addPerformanceCallback. + * + * @param {string} callbackId + * @returns {boolean} + */ + removePerformanceCallback(callbackId) { + return this.controller.removePerformanceCallback(callbackId); + } + /** + * Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window + */ + enableAccountStorageEvents() { + this.controller.enableAccountStorageEvents(); + } + /** + * Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window + */ + disableAccountStorageEvents() { + this.controller.disableAccountStorageEvents(); + } + /** + * Returns the first account found in the cache that matches the account filter passed in. + * @param accountFilter + * @returns The first account found in the cache matching the provided filter or null if no account could be found. + */ + getAccount(accountFilter) { + return this.controller.getAccount(accountFilter); + } + /** + * Returns the signed in account matching homeAccountId. + * (the account object is created at the time of successful login) + * or null when no matching account is found + * @param homeAccountId + * @returns The account object stored in MSAL + * @deprecated - Use getAccount instead + */ + getAccountByHomeId(homeAccountId) { + return this.controller.getAccountByHomeId(homeAccountId); + } + /** + * Returns the signed in account matching localAccountId. + * (the account object is created at the time of successful login) + * or null when no matching account is found + * @param localAccountId + * @returns The account object stored in MSAL + * @deprecated - Use getAccount instead + */ + getAccountByLocalId(localId) { + return this.controller.getAccountByLocalId(localId); + } + /** + * Returns the signed in account matching username. + * (the account object is created at the time of successful login) + * or null when no matching account is found. + * This API is provided for convenience but getAccountById should be used for best reliability + * @param userName + * @returns The account object stored in MSAL + * @deprecated - Use getAccount instead + */ + getAccountByUsername(userName) { + return this.controller.getAccountByUsername(userName); + } + /** + * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned. + * @param accountFilter - (Optional) filter to narrow down the accounts returned + * @returns Array of AccountInfo objects in cache + */ + getAllAccounts(accountFilter) { + return this.controller.getAllAccounts(accountFilter); + } + /** + * Event handler function which allows users to fire events after the PublicClientApplication object + * has loaded during redirect flows. This should be invoked on all page loads involved in redirect + * auth flows. + * @param hash Hash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value. + * @returns Token response or null. If the return value is null, then no auth redirect was detected. + */ + handleRedirectPromise(hash) { + return this.controller.handleRedirectPromise(hash); + } + /** + * Use when initiating the login process via opening a popup window in the user's browser + * + * @param request + * + * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. + */ + loginPopup(request) { + return this.controller.loginPopup(request); + } + /** + * Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so + * any code that follows this function will not execute. + * + * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current + * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. + * + * @param request + */ + loginRedirect(request) { + return this.controller.loginRedirect(request); + } + /** + * Deprecated logout function. Use logoutRedirect or logoutPopup instead + * @param logoutRequest + * @deprecated + */ + logout(logoutRequest) { + return this.controller.logout(logoutRequest); + } + /** + * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. + * Default behaviour is to redirect the user to `window.location.href`. + * @param logoutRequest + */ + logoutRedirect(logoutRequest) { + return this.controller.logoutRedirect(logoutRequest); + } + /** + * Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server + * @param logoutRequest + */ + logoutPopup(logoutRequest) { + return this.controller.logoutPopup(logoutRequest); + } + /** + * This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work: + * - Any browser using a form of Intelligent Tracking Prevention + * - If there is not an established session with the service + * + * In these cases, the request must be done inside a popup or full frame redirect. + * + * For the cases where interaction is required, you cannot send a request with prompt=none. + * + * If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as + * you session on the server still exists. + * @param request {@link SsoSilentRequest} + * + * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. + */ + ssoSilent(request) { + return this.controller.ssoSilent(request); + } + /** + * Gets the token cache for the application. + */ + getTokenCache() { + return this.controller.getTokenCache(); + } + /** + * Returns the logger instance + */ + getLogger() { + return this.controller.getLogger(); + } + /** + * Replaces the default logger set in configurations with new Logger with new configurations + * @param logger Logger instance + */ + setLogger(logger) { + this.controller.setLogger(logger); + } + /** + * Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account. + * @param account + */ + setActiveAccount(account) { + this.controller.setActiveAccount(account); + } + /** + * Gets the currently active account + */ + getActiveAccount() { + return this.controller.getActiveAccount(); + } + /** + * Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc. + * @param sku + * @param version + */ + initializeWrapperLibrary(sku, version) { + return this.controller.initializeWrapperLibrary(sku, version); + } + /** + * Sets navigation client + * @param navigationClient + */ + setNavigationClient(navigationClient) { + this.controller.setNavigationClient(navigationClient); + } + /** + * Returns the configuration object + * @internal + */ + getConfiguration() { + return this.controller.getConfiguration(); + } + /** + * Hydrates cache with the tokens and account in the AuthenticationResult object + * @param result + * @param request - The request object that was used to obtain the AuthenticationResult + * @returns + */ + async hydrateCache(result, request) { + return this.controller.hydrateCache(result, request); + } + /** + * Clears tokens and account from the browser cache. + * @param logoutRequest + */ + clearCache(logoutRequest) { + return this.controller.clearCache(logoutRequest); + } +} +/** + * creates NestedAppAuthController and passes it to the PublicClientApplication, + * falls back to StandardController if NestedAppAuthController is not available + * + * @param configuration + * @returns IPublicClientApplication + * + */ +async function createNestablePublicClientApplication(configuration) { + const nestedAppAuth = new NestedAppOperatingContext(configuration); + await nestedAppAuth.initialize(); + if (nestedAppAuth.isAvailable()) { + const controller = new NestedAppAuthController(nestedAppAuth); + return new PublicClientApplication(configuration, controller); + } + return createStandardPublicClientApplication(configuration); +} +/** + * creates PublicClientApplication using StandardController + * + * @param configuration + * @returns IPublicClientApplication + * + */ +async function createStandardPublicClientApplication(configuration) { + const pca = new PublicClientApplication(configuration); + await pca.initialize(); + return pca; } diff --git a/public/bundles/queryable.es5.umd.bundle.js b/public/bundles/queryable.es5.umd.bundle.js index b7c3e647..21742d08 100644 --- a/public/bundles/queryable.es5.umd.bundle.js +++ b/public/bundles/queryable.es5.umd.bundle.js @@ -852,7 +852,7 @@ function copyObservers(source, behavior, filter) { -;// CONCATENATED MODULE: ./node_modules/@pnp/queryable/node_modules/tslib/tslib.es6.mjs +;// CONCATENATED MODULE: ./node_modules/tslib/tslib.es6.mjs /****************************************************************************** Copyright (c) Microsoft Corporation. @@ -867,7 +867,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ***************************************************************************** */ -/* global Reflect, Promise, SuppressedError, Symbol */ +/* global Reflect, Promise, SuppressedError, Symbol, Iterator */ var extendStatics = function(d, b) { extendStatics = Object.setPrototypeOf || @@ -978,8 +978,8 @@ function __awaiter(thisArg, _arguments, P, generator) { } function __generator(thisArg, body) { - var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; - return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; + var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype); + return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); @@ -1083,7 +1083,7 @@ function __await(v) { function __asyncGenerator(thisArg, _arguments, generator) { if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); var g = generator.apply(thisArg, _arguments || []), i, q = []; - return i = {}, verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; + return i = Object.create((typeof AsyncIterator === "function" ? AsyncIterator : Object).prototype), verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; function awaitReturn(f) { return function (v) { return Promise.resolve(v).then(f, reject); }; } function verb(n, f) { if (g[n]) { i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; if (f) i[n] = f(i[n]); } } function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } } @@ -1181,17 +1181,22 @@ function __disposeResources(env) { env.error = env.hasError ? new _SuppressedError(e, env.error, "An error was suppressed during disposal.") : e; env.hasError = true; } + var r, s = 0; function next() { - while (env.stack.length) { - var rec = env.stack.pop(); + while (r = env.stack.pop()) { try { - var result = rec.dispose && rec.dispose.call(rec.value); - if (rec.async) return Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); + if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next); + if (r.dispose) { + var result = r.dispose.call(r.value); + if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); + } + else s |= 1; } catch (e) { - fail(e); + fail(e); } } + if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve(); if (env.hasError) throw env.error; } return next(); diff --git a/public/bundles/sp-admin.es5.umd.bundle.js b/public/bundles/sp-admin.es5.umd.bundle.js index 487b2070..09c5e053 100644 --- a/public/bundles/sp-admin.es5.umd.bundle.js +++ b/public/bundles/sp-admin.es5.umd.bundle.js @@ -851,7 +851,7 @@ function copyObservers(source, behavior, filter) { -;// CONCATENATED MODULE: ./node_modules/@pnp/queryable/node_modules/tslib/tslib.es6.mjs +;// CONCATENATED MODULE: ./node_modules/tslib/tslib.es6.mjs /****************************************************************************** Copyright (c) Microsoft Corporation. @@ -866,7 +866,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ***************************************************************************** */ -/* global Reflect, Promise, SuppressedError, Symbol */ +/* global Reflect, Promise, SuppressedError, Symbol, Iterator */ var extendStatics = function(d, b) { extendStatics = Object.setPrototypeOf || @@ -977,8 +977,8 @@ function __awaiter(thisArg, _arguments, P, generator) { } function __generator(thisArg, body) { - var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; - return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; + var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype); + return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); @@ -1082,7 +1082,7 @@ function __await(v) { function __asyncGenerator(thisArg, _arguments, generator) { if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); var g = generator.apply(thisArg, _arguments || []), i, q = []; - return i = {}, verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; + return i = Object.create((typeof AsyncIterator === "function" ? AsyncIterator : Object).prototype), verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; function awaitReturn(f) { return function (v) { return Promise.resolve(v).then(f, reject); }; } function verb(n, f) { if (g[n]) { i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; if (f) i[n] = f(i[n]); } } function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } } @@ -1180,17 +1180,22 @@ function __disposeResources(env) { env.error = env.hasError ? new _SuppressedError(e, env.error, "An error was suppressed during disposal.") : e; env.hasError = true; } + var r, s = 0; function next() { - while (env.stack.length) { - var rec = env.stack.pop(); + while (r = env.stack.pop()) { try { - var result = rec.dispose && rec.dispose.call(rec.value); - if (rec.async) return Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); + if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next); + if (r.dispose) { + var result = r.dispose.call(r.value); + if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); + } + else s |= 1; } catch (e) { - fail(e); + fail(e); } } + if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve(); if (env.hasError) throw env.error; } return next(); @@ -2433,7 +2438,7 @@ function encodePath(value) { function telemetry_Telemetry() { return (instance) => { instance.on.pre(async function (url, init, result) { - let clientTag = "PnPCoreJS:4.4.0:"; + let clientTag = "PnPCoreJS:4.5.0:"; // make our best guess based on url to the method called const { pathname } = new URL(url); // remove anything before the _api as that is potentially PII and we don't care, just want to get the called path to the REST API @@ -2478,602 +2483,227 @@ function defaults_DefaultHeaders() { }; } -;// CONCATENATED MODULE: ./node_modules/@pnp/sp/node_modules/tslib/tslib.es6.mjs -/****************************************************************************** -Copyright (c) Microsoft Corporation. +;// CONCATENATED MODULE: ./node_modules/@pnp/sp/webs/types.js -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */ -/* global Reflect, Promise, SuppressedError, Symbol */ -var tslib_es6_extendStatics = function(d, b) { - tslib_es6_extendStatics = Object.setPrototypeOf || - ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || - function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; - return tslib_es6_extendStatics(d, b); + + + + +let _Webs = class _Webs extends _SPCollection { + /** + * Adds a new web to the collection + * + * @param title The new web's title + * @param url The new web's relative url + * @param description The new web's description + * @param template The new web's template internal name (default = STS) + * @param language The locale id that specifies the new web's language (default = 1033 [English, US]) + * @param inheritPermissions When true, permissions will be inherited from the new web's parent (default = true) + */ + async add(Title, Url, Description = "", WebTemplate = "STS", Language = 1033, UseSamePermissionsAsParentSite = true) { + const postBody = body({ + "parameters": { + Description, + Language, + Title, + Url, + UseSamePermissionsAsParentSite, + WebTemplate, + }, + }); + return spqueryable_spPost(Webs(this, "add"), postBody); + } }; +_Webs = __decorate([ + defaultPath("webs") +], _Webs); -function tslib_es6_extends(d, b) { - if (typeof b !== "function" && b !== null) - throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); - tslib_es6_extendStatics(d, b); - function __() { this.constructor = d; } - d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); +const Webs = spInvokableFactory(_Webs); +/** + * Ensures the url passed to the constructor is correctly rebased to a web url + * + * @param candidate The candidate web url + * @param path The caller supplied path, which may contain _api, meaning we don't append _api/web + */ +function rebaseWebUrl(candidate, path) { + let replace = "_api/web"; + // this allows us to both: + // - test if `candidate` already has an api path + // - ensure that we append the correct one as sometimes a web is not defined + // by _api/web, in the case of _api/site/rootweb for example + const matches = /(_api[/|\\](site\/rootweb|site|web))/i.exec(candidate); + if ((matches === null || matches === void 0 ? void 0 : matches.length) > 0) { + // we want just the base url part (before the _api) + candidate = extract_web_url_extractWebUrl(candidate); + // we want to ensure we put back the correct string + replace = matches[1]; + } + // we only need to append the _api part IF `path` doesn't already include it. + if ((path === null || path === void 0 ? void 0 : path.indexOf("_api")) < 0) { + candidate = util_combine(candidate, replace); + } + return candidate; } +/** + * Describes a web + * + */ +let _Web = class _Web extends _SPInstance { + constructor(base, path) { + if (typeof base === "string") { + base = rebaseWebUrl(base, path); + } + else if (util_isArray(base)) { + base = [base[0], rebaseWebUrl(base[1], path)]; + } + else { + base = [base, rebaseWebUrl(base.toUrl(), path)]; + } + super(base, path); + this.delete = deleteable(); + } + /** + * Gets this web's subwebs + * + */ + get webs() { + return Webs(this); + } + /** + * Allows access to the web's all properties collection + */ + get allProperties() { + return SPInstance(this, "allproperties"); + } + /** + * Gets a collection of WebInfos for this web's subwebs + * + */ + get webinfos() { + return SPCollection(this, "webinfos"); + } + /** + * Gets this web's parent web and data + * + */ + async getParentWeb() { + const { Url, ParentWeb } = await this.select("Url", "ParentWeb/ServerRelativeUrl").expand("ParentWeb")(); + if (ParentWeb === null || ParentWeb === void 0 ? void 0 : ParentWeb.ServerRelativeUrl) { + return Web([this, util_combine((new URL(Url)).origin, ParentWeb.ServerRelativeUrl)]); + } + return null; + } + /** + * Updates this web instance with the supplied properties + * + * @param properties A plain object hash of values to update for the web + */ + async update(properties) { + return spPostMerge(this, body(properties)); + } + /** + * Applies the theme specified by the contents of each of the files specified in the arguments to the site + * + * @param colorPaletteUrl The server-relative URL of the color palette file + * @param fontSchemeUrl The server-relative URL of the font scheme + * @param backgroundImageUrl The server-relative URL of the background image + * @param shareGenerated When true, the generated theme files are stored in the root site. When false, they are stored in this web + */ + applyTheme(colorPaletteUrl, fontSchemeUrl, backgroundImageUrl, shareGenerated) { + const postBody = body({ + backgroundImageUrl, + colorPaletteUrl, + fontSchemeUrl, + shareGenerated, + }); + return spqueryable_spPost(Web(this, "applytheme"), postBody); + } + /** + * Applies the specified site definition or site template to the Web site that has no template applied to it + * + * @param template Name of the site definition or the name of the site template + */ + applyWebTemplate(template) { + return spqueryable_spPost(Web(this, `applywebtemplate(webTemplate='${encodePath(template)}')`)); + } + /** + * Returns the collection of changes from the change log that have occurred within the list, based on the specified query + * + * @param query The change query + */ + getChanges(query) { + return spqueryable_spPost(Web(this, "getchanges"), body({ query })); + } + /** + * Returns the name of the image file for the icon that is used to represent the specified file + * + * @param filename The file name. If this parameter is empty, the server returns an empty string + * @param size The size of the icon: 16x16 pixels = 0, 32x32 pixels = 1 (default = 0) + * @param progId The ProgID of the application that was used to create the file, in the form OLEServerName.ObjectName + */ + mapToIcon(filename, size = 0, progId = "") { + return Web(this, `maptoicon(filename='${encodePath(filename)}',progid='${encodePath(progId)}',size=${size})`)(); + } + /** + * Returns the tenant property corresponding to the specified key in the app catalog site + * + * @param key Id of storage entity to be set + */ + getStorageEntity(key) { + return Web(this, `getStorageEntity('${encodePath(key)}')`)(); + } + /** + * This will set the storage entity identified by the given key (MUST be called in the context of the app catalog) + * + * @param key Id of storage entity to be set + * @param value Value of storage entity to be set + * @param description Description of storage entity to be set + * @param comments Comments of storage entity to be set + */ + setStorageEntity(key, value, description = "", comments = "") { + return spqueryable_spPost(Web(this, "setStorageEntity"), body({ + comments, + description, + key, + value, + })); + } + /** + * This will remove the storage entity identified by the given key + * + * @param key Id of storage entity to be removed + */ + removeStorageEntity(key) { + return spqueryable_spPost(Web(this, `removeStorageEntity('${encodePath(key)}')`)); + } + /** + * Returns a collection of objects that contain metadata about subsites of the current site in which the current user is a member. + * + * @param nWebTemplateFilter Specifies the site definition (default = -1) + * @param nConfigurationFilter A 16-bit integer that specifies the identifier of a configuration (default = -1) + */ + getSubwebsFilteredForCurrentUser(nWebTemplateFilter = -1, nConfigurationFilter = -1) { + return SPCollection(this, `getSubwebsFilteredForCurrentUser(nWebTemplateFilter=${nWebTemplateFilter},nConfigurationFilter=${nConfigurationFilter})`); + } + /** + * Returns a collection of site templates available for the site + * + * @param language The locale id of the site templates to retrieve (default = 1033 [English, US]) + * @param includeCrossLanguage When true, includes language-neutral site templates; otherwise false (default = true) + */ + availableWebTemplates(language = 1033, includeCrossLanugage = true) { + return SPCollection(this, `getavailablewebtemplates(lcid=${language},doincludecrosslanguage=${includeCrossLanugage})`); + } +}; +_Web = __decorate([ + defaultPath("_api/web") +], _Web); -var tslib_es6_assign = function() { - tslib_es6_assign = Object.assign || function __assign(t) { - for (var s, i = 1, n = arguments.length; i < n; i++) { - s = arguments[i]; - for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p]; - } - return t; - } - return tslib_es6_assign.apply(this, arguments); -} +const Web = spInvokableFactory(_Web); -function tslib_es6_rest(s, e) { - var t = {}; - for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0) - t[p] = s[p]; - if (s != null && typeof Object.getOwnPropertySymbols === "function") - for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) { - if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i])) - t[p[i]] = s[p[i]]; - } - return t; -} - -function tslib_es6_decorate(decorators, target, key, desc) { - var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; - if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); - else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; - return c > 3 && r && Object.defineProperty(target, key, r), r; -} - -function tslib_es6_param(paramIndex, decorator) { - return function (target, key) { decorator(target, key, paramIndex); } -} - -function tslib_es6_esDecorate(ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) { - function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; } - var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value"; - var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null; - var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {}); - var _, done = false; - for (var i = decorators.length - 1; i >= 0; i--) { - var context = {}; - for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p]; - for (var p in contextIn.access) context.access[p] = contextIn.access[p]; - context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); }; - var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context); - if (kind === "accessor") { - if (result === void 0) continue; - if (result === null || typeof result !== "object") throw new TypeError("Object expected"); - if (_ = accept(result.get)) descriptor.get = _; - if (_ = accept(result.set)) descriptor.set = _; - if (_ = accept(result.init)) initializers.unshift(_); - } - else if (_ = accept(result)) { - if (kind === "field") initializers.unshift(_); - else descriptor[key] = _; - } - } - if (target) Object.defineProperty(target, contextIn.name, descriptor); - done = true; -}; - -function tslib_es6_runInitializers(thisArg, initializers, value) { - var useValue = arguments.length > 2; - for (var i = 0; i < initializers.length; i++) { - value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg); - } - return useValue ? value : void 0; -}; - -function tslib_es6_propKey(x) { - return typeof x === "symbol" ? x : "".concat(x); -}; - -function tslib_es6_setFunctionName(f, name, prefix) { - if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : ""; - return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name }); -}; - -function tslib_es6_metadata(metadataKey, metadataValue) { - if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(metadataKey, metadataValue); -} - -function tslib_es6_awaiter(thisArg, _arguments, P, generator) { - function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } - return new (P || (P = Promise))(function (resolve, reject) { - function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } - function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } - function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } - step((generator = generator.apply(thisArg, _arguments || [])).next()); - }); -} - -function tslib_es6_generator(thisArg, body) { - var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; - return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; - function verb(n) { return function (v) { return step([n, v]); }; } - function step(op) { - if (f) throw new TypeError("Generator is already executing."); - while (g && (g = 0, op[0] && (_ = 0)), _) try { - if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; - if (y = 0, t) op = [op[0] & 2, t.value]; - switch (op[0]) { - case 0: case 1: t = op; break; - case 4: _.label++; return { value: op[1], done: false }; - case 5: _.label++; y = op[1]; op = [0]; continue; - case 7: op = _.ops.pop(); _.trys.pop(); continue; - default: - if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } - if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } - if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } - if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } - if (t[2]) _.ops.pop(); - _.trys.pop(); continue; - } - op = body.call(thisArg, _); - } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } - if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; - } -} - -var tslib_es6_createBinding = Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; - } - Object.defineProperty(o, k2, desc); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -}); - -function tslib_es6_exportStar(m, o) { - for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(o, p)) tslib_es6_createBinding(o, m, p); -} - -function tslib_es6_values(o) { - var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0; - if (m) return m.call(o); - if (o && typeof o.length === "number") return { - next: function () { - if (o && i >= o.length) o = void 0; - return { value: o && o[i++], done: !o }; - } - }; - throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined."); -} - -function tslib_es6_read(o, n) { - var m = typeof Symbol === "function" && o[Symbol.iterator]; - if (!m) return o; - var i = m.call(o), r, ar = [], e; - try { - while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value); - } - catch (error) { e = { error: error }; } - finally { - try { - if (r && !r.done && (m = i["return"])) m.call(i); - } - finally { if (e) throw e.error; } - } - return ar; -} - -/** @deprecated */ -function tslib_es6_spread() { - for (var ar = [], i = 0; i < arguments.length; i++) - ar = ar.concat(tslib_es6_read(arguments[i])); - return ar; -} - -/** @deprecated */ -function tslib_es6_spreadArrays() { - for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length; - for (var r = Array(s), k = 0, i = 0; i < il; i++) - for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++) - r[k] = a[j]; - return r; -} - -function tslib_es6_spreadArray(to, from, pack) { - if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) { - if (ar || !(i in from)) { - if (!ar) ar = Array.prototype.slice.call(from, 0, i); - ar[i] = from[i]; - } - } - return to.concat(ar || Array.prototype.slice.call(from)); -} - -function tslib_es6_await(v) { - return this instanceof tslib_es6_await ? (this.v = v, this) : new tslib_es6_await(v); -} - -function tslib_es6_asyncGenerator(thisArg, _arguments, generator) { - if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); - var g = generator.apply(thisArg, _arguments || []), i, q = []; - return i = {}, verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; - function awaitReturn(f) { return function (v) { return Promise.resolve(v).then(f, reject); }; } - function verb(n, f) { if (g[n]) { i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; if (f) i[n] = f(i[n]); } } - function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } } - function step(r) { r.value instanceof tslib_es6_await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); } - function fulfill(value) { resume("next", value); } - function reject(value) { resume("throw", value); } - function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); } -} - -function tslib_es6_asyncDelegator(o) { - var i, p; - return i = {}, verb("next"), verb("throw", function (e) { throw e; }), verb("return"), i[Symbol.iterator] = function () { return this; }, i; - function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: tslib_es6_await(o[n](v)), done: false } : f ? f(v) : v; } : f; } -} - -function tslib_es6_asyncValues(o) { - if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); - var m = o[Symbol.asyncIterator], i; - return m ? m.call(o) : (o = typeof tslib_es6_values === "function" ? tslib_es6_values(o) : o[Symbol.iterator](), i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i); - function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; } - function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); } -} - -function tslib_es6_makeTemplateObject(cooked, raw) { - if (Object.defineProperty) { Object.defineProperty(cooked, "raw", { value: raw }); } else { cooked.raw = raw; } - return cooked; -}; - -var tslib_es6_setModuleDefault = Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}; - -function tslib_es6_importStar(mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) tslib_es6_createBinding(result, mod, k); - tslib_es6_setModuleDefault(result, mod); - return result; -} - -function tslib_es6_importDefault(mod) { - return (mod && mod.__esModule) ? mod : { default: mod }; -} - -function tslib_es6_classPrivateFieldGet(receiver, state, kind, f) { - if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter"); - if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it"); - return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver); -} - -function tslib_es6_classPrivateFieldSet(receiver, state, value, kind, f) { - if (kind === "m") throw new TypeError("Private method is not writable"); - if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter"); - if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it"); - return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value; -} - -function tslib_es6_classPrivateFieldIn(state, receiver) { - if (receiver === null || (typeof receiver !== "object" && typeof receiver !== "function")) throw new TypeError("Cannot use 'in' operator on non-object"); - return typeof state === "function" ? receiver === state : state.has(receiver); -} - -function tslib_es6_addDisposableResource(env, value, async) { - if (value !== null && value !== void 0) { - if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected."); - var dispose, inner; - if (async) { - if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined."); - dispose = value[Symbol.asyncDispose]; - } - if (dispose === void 0) { - if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined."); - dispose = value[Symbol.dispose]; - if (async) inner = dispose; - } - if (typeof dispose !== "function") throw new TypeError("Object not disposable."); - if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } }; - env.stack.push({ value: value, dispose: dispose, async: async }); - } - else if (async) { - env.stack.push({ async: true }); - } - return value; -} - -var tslib_es6_SuppressedError = typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) { - var e = new Error(message); - return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e; -}; - -function tslib_es6_disposeResources(env) { - function fail(e) { - env.error = env.hasError ? new tslib_es6_SuppressedError(e, env.error, "An error was suppressed during disposal.") : e; - env.hasError = true; - } - function next() { - while (env.stack.length) { - var rec = env.stack.pop(); - try { - var result = rec.dispose && rec.dispose.call(rec.value); - if (rec.async) return Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); - } - catch (e) { - fail(e); - } - } - if (env.hasError) throw env.error; - } - return next(); -} - -/* harmony default export */ const tslib_tslib_es6 = ({ - __extends: tslib_es6_extends, - __assign: tslib_es6_assign, - __rest: tslib_es6_rest, - __decorate: tslib_es6_decorate, - __param: tslib_es6_param, - __metadata: tslib_es6_metadata, - __awaiter: tslib_es6_awaiter, - __generator: tslib_es6_generator, - __createBinding: tslib_es6_createBinding, - __exportStar: tslib_es6_exportStar, - __values: tslib_es6_values, - __read: tslib_es6_read, - __spread: tslib_es6_spread, - __spreadArrays: tslib_es6_spreadArrays, - __spreadArray: tslib_es6_spreadArray, - __await: tslib_es6_await, - __asyncGenerator: tslib_es6_asyncGenerator, - __asyncDelegator: tslib_es6_asyncDelegator, - __asyncValues: tslib_es6_asyncValues, - __makeTemplateObject: tslib_es6_makeTemplateObject, - __importStar: tslib_es6_importStar, - __importDefault: tslib_es6_importDefault, - __classPrivateFieldGet: tslib_es6_classPrivateFieldGet, - __classPrivateFieldSet: tslib_es6_classPrivateFieldSet, - __classPrivateFieldIn: tslib_es6_classPrivateFieldIn, - __addDisposableResource: tslib_es6_addDisposableResource, - __disposeResources: tslib_es6_disposeResources, -}); - -;// CONCATENATED MODULE: ./node_modules/@pnp/sp/webs/types.js - - - - - - - -let _Webs = class _Webs extends _SPCollection { - /** - * Adds a new web to the collection - * - * @param title The new web's title - * @param url The new web's relative url - * @param description The new web's description - * @param template The new web's template internal name (default = STS) - * @param language The locale id that specifies the new web's language (default = 1033 [English, US]) - * @param inheritPermissions When true, permissions will be inherited from the new web's parent (default = true) - */ - async add(Title, Url, Description = "", WebTemplate = "STS", Language = 1033, UseSamePermissionsAsParentSite = true) { - const postBody = body({ - "parameters": { - Description, - Language, - Title, - Url, - UseSamePermissionsAsParentSite, - WebTemplate, - }, - }); - return spqueryable_spPost(Webs(this, "add"), postBody); - } -}; -_Webs = tslib_es6_decorate([ - defaultPath("webs") -], _Webs); - -const Webs = spInvokableFactory(_Webs); -/** - * Ensures the url passed to the constructor is correctly rebased to a web url - * - * @param candidate The candidate web url - * @param path The caller supplied path, which may contain _api, meaning we don't append _api/web - */ -function rebaseWebUrl(candidate, path) { - let replace = "_api/web"; - // this allows us to both: - // - test if `candidate` already has an api path - // - ensure that we append the correct one as sometimes a web is not defined - // by _api/web, in the case of _api/site/rootweb for example - const matches = /(_api[/|\\](site\/rootweb|site|web))/i.exec(candidate); - if ((matches === null || matches === void 0 ? void 0 : matches.length) > 0) { - // we want just the base url part (before the _api) - candidate = extract_web_url_extractWebUrl(candidate); - // we want to ensure we put back the correct string - replace = matches[1]; - } - // we only need to append the _api part IF `path` doesn't already include it. - if ((path === null || path === void 0 ? void 0 : path.indexOf("_api")) < 0) { - candidate = util_combine(candidate, replace); - } - return candidate; -} -/** - * Describes a web - * - */ -let _Web = class _Web extends _SPInstance { - constructor(base, path) { - if (typeof base === "string") { - base = rebaseWebUrl(base, path); - } - else if (util_isArray(base)) { - base = [base[0], rebaseWebUrl(base[1], path)]; - } - else { - base = [base, rebaseWebUrl(base.toUrl(), path)]; - } - super(base, path); - this.delete = deleteable(); - } - /** - * Gets this web's subwebs - * - */ - get webs() { - return Webs(this); - } - /** - * Allows access to the web's all properties collection - */ - get allProperties() { - return SPInstance(this, "allproperties"); - } - /** - * Gets a collection of WebInfos for this web's subwebs - * - */ - get webinfos() { - return SPCollection(this, "webinfos"); - } - /** - * Gets this web's parent web and data - * - */ - async getParentWeb() { - const { Url, ParentWeb } = await this.select("Url", "ParentWeb/ServerRelativeUrl").expand("ParentWeb")(); - if (ParentWeb === null || ParentWeb === void 0 ? void 0 : ParentWeb.ServerRelativeUrl) { - return Web([this, util_combine((new URL(Url)).origin, ParentWeb.ServerRelativeUrl)]); - } - return null; - } - /** - * Updates this web instance with the supplied properties - * - * @param properties A plain object hash of values to update for the web - */ - async update(properties) { - return spPostMerge(this, body(properties)); - } - /** - * Applies the theme specified by the contents of each of the files specified in the arguments to the site - * - * @param colorPaletteUrl The server-relative URL of the color palette file - * @param fontSchemeUrl The server-relative URL of the font scheme - * @param backgroundImageUrl The server-relative URL of the background image - * @param shareGenerated When true, the generated theme files are stored in the root site. When false, they are stored in this web - */ - applyTheme(colorPaletteUrl, fontSchemeUrl, backgroundImageUrl, shareGenerated) { - const postBody = body({ - backgroundImageUrl, - colorPaletteUrl, - fontSchemeUrl, - shareGenerated, - }); - return spqueryable_spPost(Web(this, "applytheme"), postBody); - } - /** - * Applies the specified site definition or site template to the Web site that has no template applied to it - * - * @param template Name of the site definition or the name of the site template - */ - applyWebTemplate(template) { - return spqueryable_spPost(Web(this, `applywebtemplate(webTemplate='${encodePath(template)}')`)); - } - /** - * Returns the collection of changes from the change log that have occurred within the list, based on the specified query - * - * @param query The change query - */ - getChanges(query) { - return spqueryable_spPost(Web(this, "getchanges"), body({ query })); - } - /** - * Returns the name of the image file for the icon that is used to represent the specified file - * - * @param filename The file name. If this parameter is empty, the server returns an empty string - * @param size The size of the icon: 16x16 pixels = 0, 32x32 pixels = 1 (default = 0) - * @param progId The ProgID of the application that was used to create the file, in the form OLEServerName.ObjectName - */ - mapToIcon(filename, size = 0, progId = "") { - return Web(this, `maptoicon(filename='${encodePath(filename)}',progid='${encodePath(progId)}',size=${size})`)(); - } - /** - * Returns the tenant property corresponding to the specified key in the app catalog site - * - * @param key Id of storage entity to be set - */ - getStorageEntity(key) { - return Web(this, `getStorageEntity('${encodePath(key)}')`)(); - } - /** - * This will set the storage entity identified by the given key (MUST be called in the context of the app catalog) - * - * @param key Id of storage entity to be set - * @param value Value of storage entity to be set - * @param description Description of storage entity to be set - * @param comments Comments of storage entity to be set - */ - setStorageEntity(key, value, description = "", comments = "") { - return spqueryable_spPost(Web(this, "setStorageEntity"), body({ - comments, - description, - key, - value, - })); - } - /** - * This will remove the storage entity identified by the given key - * - * @param key Id of storage entity to be removed - */ - removeStorageEntity(key) { - return spqueryable_spPost(Web(this, `removeStorageEntity('${encodePath(key)}')`)); - } - /** - * Returns a collection of objects that contain metadata about subsites of the current site in which the current user is a member. - * - * @param nWebTemplateFilter Specifies the site definition (default = -1) - * @param nConfigurationFilter A 16-bit integer that specifies the identifier of a configuration (default = -1) - */ - getSubwebsFilteredForCurrentUser(nWebTemplateFilter = -1, nConfigurationFilter = -1) { - return SPCollection(this, `getSubwebsFilteredForCurrentUser(nWebTemplateFilter=${nWebTemplateFilter},nConfigurationFilter=${nConfigurationFilter})`); - } - /** - * Returns a collection of site templates available for the site - * - * @param language The locale id of the site templates to retrieve (default = 1033 [English, US]) - * @param includeCrossLanguage When true, includes language-neutral site templates; otherwise false (default = true) - */ - availableWebTemplates(language = 1033, includeCrossLanugage = true) { - return SPCollection(this, `getavailablewebtemplates(lcid=${language},doincludecrosslanguage=${includeCrossLanugage})`); - } -}; -_Web = tslib_es6_decorate([ - defaultPath("_api/web") -], _Web); - -const Web = spInvokableFactory(_Web); - -;// CONCATENATED MODULE: ./node_modules/@pnp/sp/batching.js +;// CONCATENATED MODULE: ./node_modules/@pnp/sp/batching.js @@ -3466,493 +3096,118 @@ function request_digest_RequestDigest(hook) { } if (objectDefinedNotNull(digest)) { // if we got a digest, set it in the headers - init.headers = { - "X-RequestDigest": digest.value, - ...init.headers, - }; - // and cache it for future requests - digests.set(webUrl, digest); - } - return [url, init]; - }); - return [url, init, result]; - }); - return instance; - }; -} - -;// CONCATENATED MODULE: ./node_modules/@pnp/sp/behaviors/spbrowser.js - - - - -function SPBrowser(props) { - if ((props === null || props === void 0 ? void 0 : props.baseUrl) && !isUrlAbsolute(props.baseUrl)) { - throw Error("SPBrowser props.baseUrl must be absolute when supplied."); - } - return (instance) => { - instance.using(DefaultHeaders(), DefaultInit(), BrowserFetchWithRetry(), DefaultParse(), RequestDigest()); - if (isUrlAbsolute(props === null || props === void 0 ? void 0 : props.baseUrl)) { - // we want to fix up the url first - instance.on.pre.prepend(async (url, init, result) => { - if (!isUrlAbsolute(url)) { - url = combine(props.baseUrl, url); - } - return [url, init, result]; - }); - } - return instance; - }; -} - -;// CONCATENATED MODULE: ./node_modules/@pnp/sp/behaviors/spfx.js - - - - -class SPFxTokenNullOrUndefinedError extends Error { - constructor(behaviorName) { - super(`SPFx Context supplied to ${behaviorName} Behavior is null or undefined.`); - } - static check(behaviorName, context) { - if (typeof context === "undefined" || context === null) { - throw new SPFxTokenNullOrUndefinedError(behaviorName); - } - } -} -function SPFxToken(context) { - SPFxTokenNullOrUndefinedError.check("SPFxToken", context); - return (instance) => { - instance.on.auth.replace(async function (url, init) { - const provider = await context.aadTokenProviderFactory.getTokenProvider(); - const token = await provider.getToken(`${url.protocol}//${url.hostname}`); - // eslint-disable-next-line @typescript-eslint/dot-notation - init.headers["Authorization"] = `Bearer ${token}`; - return [url, init]; - }); - return instance; - }; -} -function SPFx(context) { - SPFxTokenNullOrUndefinedError.check("SPFx", context); - return (instance) => { - instance.using(DefaultHeaders(), DefaultInit(), BrowserFetchWithRetry(), DefaultParse(), - // remove SPFx Token in default due to issues #2570, #2571 - // SPFxToken(context), - RequestDigest((url) => { - var _a, _b, _c; - const sameWeb = (new RegExp(`^${combine(context.pageContext.web.absoluteUrl, "/_api")}`, "i")).test(url); - if (sameWeb && ((_b = (_a = context === null || context === void 0 ? void 0 : context.pageContext) === null || _a === void 0 ? void 0 : _a.legacyPageContext) === null || _b === void 0 ? void 0 : _b.formDigestValue)) { - const creationDateFromDigest = new Date(context.pageContext.legacyPageContext.formDigestValue.split(",")[1]); - // account for page lifetime in timeout #2304 & others - // account for tab sleep #2550 - return { - value: context.pageContext.legacyPageContext.formDigestValue, - expiration: dateAdd(creationDateFromDigest, "second", ((_c = context.pageContext.legacyPageContext) === null || _c === void 0 ? void 0 : _c.formDigestTimeoutSeconds) - 15 || 1585), - }; - } - })); - // we want to fix up the url first - instance.on.pre.prepend(async (url, init, result) => { - if (!isUrlAbsolute(url)) { - url = combine(context.pageContext.web.absoluteUrl, url); - } - return [url, init, result]; - }); - return instance; - }; -} - -;// CONCATENATED MODULE: ./node_modules/@pnp/sp/index.js - - - - - - - - - - - - - - - -;// CONCATENATED MODULE: ./node_modules/@pnp/sp-admin/node_modules/tslib/tslib.es6.mjs -/****************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */ -/* global Reflect, Promise, SuppressedError, Symbol */ - -var tslib_tslib_es6_extendStatics = function(d, b) { - tslib_tslib_es6_extendStatics = Object.setPrototypeOf || - ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || - function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; - return tslib_tslib_es6_extendStatics(d, b); -}; - -function tslib_tslib_es6_extends(d, b) { - if (typeof b !== "function" && b !== null) - throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); - tslib_tslib_es6_extendStatics(d, b); - function __() { this.constructor = d; } - d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); -} - -var tslib_tslib_es6_assign = function() { - tslib_tslib_es6_assign = Object.assign || function __assign(t) { - for (var s, i = 1, n = arguments.length; i < n; i++) { - s = arguments[i]; - for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p]; - } - return t; - } - return tslib_tslib_es6_assign.apply(this, arguments); -} - -function tslib_tslib_es6_rest(s, e) { - var t = {}; - for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0) - t[p] = s[p]; - if (s != null && typeof Object.getOwnPropertySymbols === "function") - for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) { - if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i])) - t[p[i]] = s[p[i]]; - } - return t; -} - -function tslib_tslib_es6_decorate(decorators, target, key, desc) { - var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; - if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); - else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; - return c > 3 && r && Object.defineProperty(target, key, r), r; -} - -function tslib_tslib_es6_param(paramIndex, decorator) { - return function (target, key) { decorator(target, key, paramIndex); } -} - -function tslib_tslib_es6_esDecorate(ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) { - function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; } - var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value"; - var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null; - var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {}); - var _, done = false; - for (var i = decorators.length - 1; i >= 0; i--) { - var context = {}; - for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p]; - for (var p in contextIn.access) context.access[p] = contextIn.access[p]; - context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); }; - var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context); - if (kind === "accessor") { - if (result === void 0) continue; - if (result === null || typeof result !== "object") throw new TypeError("Object expected"); - if (_ = accept(result.get)) descriptor.get = _; - if (_ = accept(result.set)) descriptor.set = _; - if (_ = accept(result.init)) initializers.unshift(_); - } - else if (_ = accept(result)) { - if (kind === "field") initializers.unshift(_); - else descriptor[key] = _; - } - } - if (target) Object.defineProperty(target, contextIn.name, descriptor); - done = true; -}; - -function tslib_tslib_es6_runInitializers(thisArg, initializers, value) { - var useValue = arguments.length > 2; - for (var i = 0; i < initializers.length; i++) { - value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg); - } - return useValue ? value : void 0; -}; + init.headers = { + "X-RequestDigest": digest.value, + ...init.headers, + }; + // and cache it for future requests + digests.set(webUrl, digest); + } + return [url, init]; + }); + return [url, init, result]; + }); + return instance; + }; +} -function tslib_tslib_es6_propKey(x) { - return typeof x === "symbol" ? x : "".concat(x); -}; +;// CONCATENATED MODULE: ./node_modules/@pnp/sp/behaviors/spbrowser.js -function tslib_tslib_es6_setFunctionName(f, name, prefix) { - if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : ""; - return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name }); -}; -function tslib_tslib_es6_metadata(metadataKey, metadataValue) { - if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(metadataKey, metadataValue); -} -function tslib_tslib_es6_awaiter(thisArg, _arguments, P, generator) { - function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } - return new (P || (P = Promise))(function (resolve, reject) { - function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } - function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } - function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } - step((generator = generator.apply(thisArg, _arguments || [])).next()); - }); -} -function tslib_tslib_es6_generator(thisArg, body) { - var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; - return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; - function verb(n) { return function (v) { return step([n, v]); }; } - function step(op) { - if (f) throw new TypeError("Generator is already executing."); - while (g && (g = 0, op[0] && (_ = 0)), _) try { - if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; - if (y = 0, t) op = [op[0] & 2, t.value]; - switch (op[0]) { - case 0: case 1: t = op; break; - case 4: _.label++; return { value: op[1], done: false }; - case 5: _.label++; y = op[1]; op = [0]; continue; - case 7: op = _.ops.pop(); _.trys.pop(); continue; - default: - if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } - if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } - if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } - if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } - if (t[2]) _.ops.pop(); - _.trys.pop(); continue; - } - op = body.call(thisArg, _); - } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } - if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; - } +function SPBrowser(props) { + if ((props === null || props === void 0 ? void 0 : props.baseUrl) && !isUrlAbsolute(props.baseUrl)) { + throw Error("SPBrowser props.baseUrl must be absolute when supplied."); + } + return (instance) => { + instance.using(DefaultHeaders(), DefaultInit(), BrowserFetchWithRetry(), DefaultParse(), RequestDigest()); + if (isUrlAbsolute(props === null || props === void 0 ? void 0 : props.baseUrl)) { + // we want to fix up the url first + instance.on.pre.prepend(async (url, init, result) => { + if (!isUrlAbsolute(url)) { + url = combine(props.baseUrl, url); + } + return [url, init, result]; + }); + } + return instance; + }; } -var tslib_tslib_es6_createBinding = Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; - } - Object.defineProperty(o, k2, desc); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -}); +;// CONCATENATED MODULE: ./node_modules/@pnp/sp/behaviors/spfx.js -function tslib_tslib_es6_exportStar(m, o) { - for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(o, p)) tslib_tslib_es6_createBinding(o, m, p); -} -function tslib_tslib_es6_values(o) { - var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0; - if (m) return m.call(o); - if (o && typeof o.length === "number") return { - next: function () { - if (o && i >= o.length) o = void 0; - return { value: o && o[i++], done: !o }; - } - }; - throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined."); -} -function tslib_tslib_es6_read(o, n) { - var m = typeof Symbol === "function" && o[Symbol.iterator]; - if (!m) return o; - var i = m.call(o), r, ar = [], e; - try { - while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value); - } - catch (error) { e = { error: error }; } - finally { - try { - if (r && !r.done && (m = i["return"])) m.call(i); - } - finally { if (e) throw e.error; } - } - return ar; -} -/** @deprecated */ -function tslib_tslib_es6_spread() { - for (var ar = [], i = 0; i < arguments.length; i++) - ar = ar.concat(tslib_tslib_es6_read(arguments[i])); - return ar; +class SPFxTokenNullOrUndefinedError extends Error { + constructor(behaviorName) { + super(`SPFx Context supplied to ${behaviorName} Behavior is null or undefined.`); + } + static check(behaviorName, context) { + if (typeof context === "undefined" || context === null) { + throw new SPFxTokenNullOrUndefinedError(behaviorName); + } + } } - -/** @deprecated */ -function tslib_tslib_es6_spreadArrays() { - for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length; - for (var r = Array(s), k = 0, i = 0; i < il; i++) - for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++) - r[k] = a[j]; - return r; +function SPFxToken(context) { + SPFxTokenNullOrUndefinedError.check("SPFxToken", context); + return (instance) => { + instance.on.auth.replace(async function (url, init) { + const provider = await context.aadTokenProviderFactory.getTokenProvider(); + const token = await provider.getToken(`${url.protocol}//${url.hostname}`); + // eslint-disable-next-line @typescript-eslint/dot-notation + init.headers["Authorization"] = `Bearer ${token}`; + return [url, init]; + }); + return instance; + }; } - -function tslib_tslib_es6_spreadArray(to, from, pack) { - if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) { - if (ar || !(i in from)) { - if (!ar) ar = Array.prototype.slice.call(from, 0, i); - ar[i] = from[i]; - } - } - return to.concat(ar || Array.prototype.slice.call(from)); +function SPFx(context) { + SPFxTokenNullOrUndefinedError.check("SPFx", context); + return (instance) => { + instance.using(DefaultHeaders(), DefaultInit(), BrowserFetchWithRetry(), DefaultParse(), + // remove SPFx Token in default due to issues #2570, #2571 + // SPFxToken(context), + RequestDigest((url) => { + var _a, _b, _c; + const sameWeb = (new RegExp(`^${combine(context.pageContext.web.absoluteUrl, "/_api")}`, "i")).test(url); + if (sameWeb && ((_b = (_a = context === null || context === void 0 ? void 0 : context.pageContext) === null || _a === void 0 ? void 0 : _a.legacyPageContext) === null || _b === void 0 ? void 0 : _b.formDigestValue)) { + const creationDateFromDigest = new Date(context.pageContext.legacyPageContext.formDigestValue.split(",")[1]); + // account for page lifetime in timeout #2304 & others + // account for tab sleep #2550 + return { + value: context.pageContext.legacyPageContext.formDigestValue, + expiration: dateAdd(creationDateFromDigest, "second", ((_c = context.pageContext.legacyPageContext) === null || _c === void 0 ? void 0 : _c.formDigestTimeoutSeconds) - 15 || 1585), + }; + } + })); + // we want to fix up the url first + instance.on.pre.prepend(async (url, init, result) => { + if (!isUrlAbsolute(url)) { + url = combine(context.pageContext.web.absoluteUrl, url); + } + return [url, init, result]; + }); + return instance; + }; } -function tslib_tslib_es6_await(v) { - return this instanceof tslib_tslib_es6_await ? (this.v = v, this) : new tslib_tslib_es6_await(v); -} +;// CONCATENATED MODULE: ./node_modules/@pnp/sp/index.js -function tslib_tslib_es6_asyncGenerator(thisArg, _arguments, generator) { - if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); - var g = generator.apply(thisArg, _arguments || []), i, q = []; - return i = {}, verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; - function awaitReturn(f) { return function (v) { return Promise.resolve(v).then(f, reject); }; } - function verb(n, f) { if (g[n]) { i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; if (f) i[n] = f(i[n]); } } - function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } } - function step(r) { r.value instanceof tslib_tslib_es6_await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); } - function fulfill(value) { resume("next", value); } - function reject(value) { resume("throw", value); } - function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); } -} -function tslib_tslib_es6_asyncDelegator(o) { - var i, p; - return i = {}, verb("next"), verb("throw", function (e) { throw e; }), verb("return"), i[Symbol.iterator] = function () { return this; }, i; - function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: tslib_tslib_es6_await(o[n](v)), done: false } : f ? f(v) : v; } : f; } -} -function tslib_tslib_es6_asyncValues(o) { - if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); - var m = o[Symbol.asyncIterator], i; - return m ? m.call(o) : (o = typeof tslib_tslib_es6_values === "function" ? tslib_tslib_es6_values(o) : o[Symbol.iterator](), i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i); - function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; } - function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); } -} -function tslib_tslib_es6_makeTemplateObject(cooked, raw) { - if (Object.defineProperty) { Object.defineProperty(cooked, "raw", { value: raw }); } else { cooked.raw = raw; } - return cooked; -}; -var tslib_tslib_es6_setModuleDefault = Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}; -function tslib_tslib_es6_importStar(mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) tslib_tslib_es6_createBinding(result, mod, k); - tslib_tslib_es6_setModuleDefault(result, mod); - return result; -} -function tslib_tslib_es6_importDefault(mod) { - return (mod && mod.__esModule) ? mod : { default: mod }; -} -function tslib_tslib_es6_classPrivateFieldGet(receiver, state, kind, f) { - if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter"); - if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it"); - return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver); -} -function tslib_tslib_es6_classPrivateFieldSet(receiver, state, value, kind, f) { - if (kind === "m") throw new TypeError("Private method is not writable"); - if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter"); - if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it"); - return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value; -} -function tslib_tslib_es6_classPrivateFieldIn(state, receiver) { - if (receiver === null || (typeof receiver !== "object" && typeof receiver !== "function")) throw new TypeError("Cannot use 'in' operator on non-object"); - return typeof state === "function" ? receiver === state : state.has(receiver); -} -function tslib_tslib_es6_addDisposableResource(env, value, async) { - if (value !== null && value !== void 0) { - if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected."); - var dispose, inner; - if (async) { - if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined."); - dispose = value[Symbol.asyncDispose]; - } - if (dispose === void 0) { - if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined."); - dispose = value[Symbol.dispose]; - if (async) inner = dispose; - } - if (typeof dispose !== "function") throw new TypeError("Object not disposable."); - if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } }; - env.stack.push({ value: value, dispose: dispose, async: async }); - } - else if (async) { - env.stack.push({ async: true }); - } - return value; -} -var tslib_tslib_es6_SuppressedError = typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) { - var e = new Error(message); - return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e; -}; -function tslib_tslib_es6_disposeResources(env) { - function fail(e) { - env.error = env.hasError ? new tslib_tslib_es6_SuppressedError(e, env.error, "An error was suppressed during disposal.") : e; - env.hasError = true; - } - function next() { - while (env.stack.length) { - var rec = env.stack.pop(); - try { - var result = rec.dispose && rec.dispose.call(rec.value); - if (rec.async) return Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); - } - catch (e) { - fail(e); - } - } - if (env.hasError) throw env.error; - } - return next(); -} -/* harmony default export */ const node_modules_tslib_tslib_es6 = ({ - __extends: tslib_tslib_es6_extends, - __assign: tslib_tslib_es6_assign, - __rest: tslib_tslib_es6_rest, - __decorate: tslib_tslib_es6_decorate, - __param: tslib_tslib_es6_param, - __metadata: tslib_tslib_es6_metadata, - __awaiter: tslib_tslib_es6_awaiter, - __generator: tslib_tslib_es6_generator, - __createBinding: tslib_tslib_es6_createBinding, - __exportStar: tslib_tslib_es6_exportStar, - __values: tslib_tslib_es6_values, - __read: tslib_tslib_es6_read, - __spread: tslib_tslib_es6_spread, - __spreadArrays: tslib_tslib_es6_spreadArrays, - __spreadArray: tslib_tslib_es6_spreadArray, - __await: tslib_tslib_es6_await, - __asyncGenerator: tslib_tslib_es6_asyncGenerator, - __asyncDelegator: tslib_tslib_es6_asyncDelegator, - __asyncValues: tslib_tslib_es6_asyncValues, - __makeTemplateObject: tslib_tslib_es6_makeTemplateObject, - __importStar: tslib_tslib_es6_importStar, - __importDefault: tslib_tslib_es6_importDefault, - __classPrivateFieldGet: tslib_tslib_es6_classPrivateFieldGet, - __classPrivateFieldSet: tslib_tslib_es6_classPrivateFieldSet, - __classPrivateFieldIn: tslib_tslib_es6_classPrivateFieldIn, - __addDisposableResource: tslib_tslib_es6_addDisposableResource, - __disposeResources: tslib_tslib_es6_disposeResources, -}); ;// CONCATENATED MODULE: ./node_modules/@pnp/sp-admin/types.js var SharingCapabilities; @@ -4729,7 +3984,7 @@ let _Office365Tenant = class _Office365Tenant extends _SPInstance { } } }; -_Office365Tenant = tslib_tslib_es6_decorate([ +_Office365Tenant = __decorate([ defaultPath("_api/Microsoft.Online.SharePoint.TenantManagement.Office365Tenant") ], _Office365Tenant); const Office365Tenant = spInvokableFactory(_Office365Tenant); @@ -4774,7 +4029,7 @@ let _TenantSiteProperties = class _TenantSiteProperties extends _SPInstance { } } }; -_TenantSiteProperties = tslib_tslib_es6_decorate([ +_TenantSiteProperties = __decorate([ defaultPath("_api/Microsoft.Online.SharePoint.TenantAdministration.SiteProperties") ], _TenantSiteProperties); const TenantSiteProperties = spInvokableFactory(_TenantSiteProperties); @@ -5302,7 +4557,7 @@ let _Tenant = class _Tenant extends _SPInstance { } } }; -_Tenant = tslib_tslib_es6_decorate([ +_Tenant = __decorate([ defaultPath("_api/SPO.Tenant") ], _Tenant); const Tenant = spInvokableFactory(_Tenant); diff --git a/public/bundles/sp.es5.umd.bundle.js b/public/bundles/sp.es5.umd.bundle.js index 7d593621..648c8f30 100644 --- a/public/bundles/sp.es5.umd.bundle.js +++ b/public/bundles/sp.es5.umd.bundle.js @@ -982,7 +982,7 @@ function copyObservers(source, behavior, filter) { -;// CONCATENATED MODULE: ./node_modules/@pnp/queryable/node_modules/tslib/tslib.es6.mjs +;// CONCATENATED MODULE: ./node_modules/tslib/tslib.es6.mjs /****************************************************************************** Copyright (c) Microsoft Corporation. @@ -997,7 +997,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ***************************************************************************** */ -/* global Reflect, Promise, SuppressedError, Symbol */ +/* global Reflect, Promise, SuppressedError, Symbol, Iterator */ var extendStatics = function(d, b) { extendStatics = Object.setPrototypeOf || @@ -1108,8 +1108,8 @@ function __awaiter(thisArg, _arguments, P, generator) { } function __generator(thisArg, body) { - var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; - return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; + var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype); + return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); @@ -1213,7 +1213,7 @@ function __await(v) { function __asyncGenerator(thisArg, _arguments, generator) { if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); var g = generator.apply(thisArg, _arguments || []), i, q = []; - return i = {}, verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; + return i = Object.create((typeof AsyncIterator === "function" ? AsyncIterator : Object).prototype), verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; function awaitReturn(f) { return function (v) { return Promise.resolve(v).then(f, reject); }; } function verb(n, f) { if (g[n]) { i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; if (f) i[n] = f(i[n]); } } function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } } @@ -1311,17 +1311,22 @@ function __disposeResources(env) { env.error = env.hasError ? new _SuppressedError(e, env.error, "An error was suppressed during disposal.") : e; env.hasError = true; } + var r, s = 0; function next() { - while (env.stack.length) { - var rec = env.stack.pop(); + while (r = env.stack.pop()) { try { - var result = rec.dispose && rec.dispose.call(rec.value); - if (rec.async) return Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); + if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next); + if (r.dispose) { + var result = r.dispose.call(r.value); + if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); + } + else s |= 1; } catch (e) { - fail(e); + fail(e); } } + if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve(); if (env.hasError) throw env.error; } return next(); @@ -2414,381 +2419,6 @@ function spfi(root = "") { return new SPFI(root); } -;// CONCATENATED MODULE: ./node_modules/@pnp/sp/node_modules/tslib/tslib.es6.mjs -/****************************************************************************** -Copyright (c) Microsoft Corporation. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -***************************************************************************** */ -/* global Reflect, Promise, SuppressedError, Symbol */ - -var tslib_es6_extendStatics = function(d, b) { - tslib_es6_extendStatics = Object.setPrototypeOf || - ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || - function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; - return tslib_es6_extendStatics(d, b); -}; - -function tslib_es6_extends(d, b) { - if (typeof b !== "function" && b !== null) - throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); - tslib_es6_extendStatics(d, b); - function __() { this.constructor = d; } - d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); -} - -var tslib_es6_assign = function() { - tslib_es6_assign = Object.assign || function __assign(t) { - for (var s, i = 1, n = arguments.length; i < n; i++) { - s = arguments[i]; - for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p]; - } - return t; - } - return tslib_es6_assign.apply(this, arguments); -} - -function tslib_es6_rest(s, e) { - var t = {}; - for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0) - t[p] = s[p]; - if (s != null && typeof Object.getOwnPropertySymbols === "function") - for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) { - if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i])) - t[p[i]] = s[p[i]]; - } - return t; -} - -function tslib_es6_decorate(decorators, target, key, desc) { - var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; - if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); - else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; - return c > 3 && r && Object.defineProperty(target, key, r), r; -} - -function tslib_es6_param(paramIndex, decorator) { - return function (target, key) { decorator(target, key, paramIndex); } -} - -function tslib_es6_esDecorate(ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) { - function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; } - var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value"; - var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null; - var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {}); - var _, done = false; - for (var i = decorators.length - 1; i >= 0; i--) { - var context = {}; - for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p]; - for (var p in contextIn.access) context.access[p] = contextIn.access[p]; - context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); }; - var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context); - if (kind === "accessor") { - if (result === void 0) continue; - if (result === null || typeof result !== "object") throw new TypeError("Object expected"); - if (_ = accept(result.get)) descriptor.get = _; - if (_ = accept(result.set)) descriptor.set = _; - if (_ = accept(result.init)) initializers.unshift(_); - } - else if (_ = accept(result)) { - if (kind === "field") initializers.unshift(_); - else descriptor[key] = _; - } - } - if (target) Object.defineProperty(target, contextIn.name, descriptor); - done = true; -}; - -function tslib_es6_runInitializers(thisArg, initializers, value) { - var useValue = arguments.length > 2; - for (var i = 0; i < initializers.length; i++) { - value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg); - } - return useValue ? value : void 0; -}; - -function tslib_es6_propKey(x) { - return typeof x === "symbol" ? x : "".concat(x); -}; - -function tslib_es6_setFunctionName(f, name, prefix) { - if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : ""; - return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name }); -}; - -function tslib_es6_metadata(metadataKey, metadataValue) { - if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(metadataKey, metadataValue); -} - -function tslib_es6_awaiter(thisArg, _arguments, P, generator) { - function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } - return new (P || (P = Promise))(function (resolve, reject) { - function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } - function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } - function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } - step((generator = generator.apply(thisArg, _arguments || [])).next()); - }); -} - -function tslib_es6_generator(thisArg, body) { - var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; - return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; - function verb(n) { return function (v) { return step([n, v]); }; } - function step(op) { - if (f) throw new TypeError("Generator is already executing."); - while (g && (g = 0, op[0] && (_ = 0)), _) try { - if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; - if (y = 0, t) op = [op[0] & 2, t.value]; - switch (op[0]) { - case 0: case 1: t = op; break; - case 4: _.label++; return { value: op[1], done: false }; - case 5: _.label++; y = op[1]; op = [0]; continue; - case 7: op = _.ops.pop(); _.trys.pop(); continue; - default: - if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } - if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } - if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } - if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } - if (t[2]) _.ops.pop(); - _.trys.pop(); continue; - } - op = body.call(thisArg, _); - } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } - if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; - } -} - -var tslib_es6_createBinding = Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; - } - Object.defineProperty(o, k2, desc); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -}); - -function tslib_es6_exportStar(m, o) { - for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(o, p)) tslib_es6_createBinding(o, m, p); -} - -function tslib_es6_values(o) { - var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0; - if (m) return m.call(o); - if (o && typeof o.length === "number") return { - next: function () { - if (o && i >= o.length) o = void 0; - return { value: o && o[i++], done: !o }; - } - }; - throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined."); -} - -function tslib_es6_read(o, n) { - var m = typeof Symbol === "function" && o[Symbol.iterator]; - if (!m) return o; - var i = m.call(o), r, ar = [], e; - try { - while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value); - } - catch (error) { e = { error: error }; } - finally { - try { - if (r && !r.done && (m = i["return"])) m.call(i); - } - finally { if (e) throw e.error; } - } - return ar; -} - -/** @deprecated */ -function tslib_es6_spread() { - for (var ar = [], i = 0; i < arguments.length; i++) - ar = ar.concat(tslib_es6_read(arguments[i])); - return ar; -} - -/** @deprecated */ -function tslib_es6_spreadArrays() { - for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length; - for (var r = Array(s), k = 0, i = 0; i < il; i++) - for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++) - r[k] = a[j]; - return r; -} - -function tslib_es6_spreadArray(to, from, pack) { - if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) { - if (ar || !(i in from)) { - if (!ar) ar = Array.prototype.slice.call(from, 0, i); - ar[i] = from[i]; - } - } - return to.concat(ar || Array.prototype.slice.call(from)); -} - -function tslib_es6_await(v) { - return this instanceof tslib_es6_await ? (this.v = v, this) : new tslib_es6_await(v); -} - -function tslib_es6_asyncGenerator(thisArg, _arguments, generator) { - if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); - var g = generator.apply(thisArg, _arguments || []), i, q = []; - return i = {}, verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i; - function awaitReturn(f) { return function (v) { return Promise.resolve(v).then(f, reject); }; } - function verb(n, f) { if (g[n]) { i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; if (f) i[n] = f(i[n]); } } - function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } } - function step(r) { r.value instanceof tslib_es6_await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); } - function fulfill(value) { resume("next", value); } - function reject(value) { resume("throw", value); } - function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); } -} - -function tslib_es6_asyncDelegator(o) { - var i, p; - return i = {}, verb("next"), verb("throw", function (e) { throw e; }), verb("return"), i[Symbol.iterator] = function () { return this; }, i; - function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: tslib_es6_await(o[n](v)), done: false } : f ? f(v) : v; } : f; } -} - -function tslib_es6_asyncValues(o) { - if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); - var m = o[Symbol.asyncIterator], i; - return m ? m.call(o) : (o = typeof tslib_es6_values === "function" ? tslib_es6_values(o) : o[Symbol.iterator](), i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i); - function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; } - function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); } -} - -function tslib_es6_makeTemplateObject(cooked, raw) { - if (Object.defineProperty) { Object.defineProperty(cooked, "raw", { value: raw }); } else { cooked.raw = raw; } - return cooked; -}; - -var tslib_es6_setModuleDefault = Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}; - -function tslib_es6_importStar(mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) tslib_es6_createBinding(result, mod, k); - tslib_es6_setModuleDefault(result, mod); - return result; -} - -function tslib_es6_importDefault(mod) { - return (mod && mod.__esModule) ? mod : { default: mod }; -} - -function tslib_es6_classPrivateFieldGet(receiver, state, kind, f) { - if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter"); - if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it"); - return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver); -} - -function tslib_es6_classPrivateFieldSet(receiver, state, value, kind, f) { - if (kind === "m") throw new TypeError("Private method is not writable"); - if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter"); - if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it"); - return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value; -} - -function tslib_es6_classPrivateFieldIn(state, receiver) { - if (receiver === null || (typeof receiver !== "object" && typeof receiver !== "function")) throw new TypeError("Cannot use 'in' operator on non-object"); - return typeof state === "function" ? receiver === state : state.has(receiver); -} - -function tslib_es6_addDisposableResource(env, value, async) { - if (value !== null && value !== void 0) { - if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected."); - var dispose, inner; - if (async) { - if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined."); - dispose = value[Symbol.asyncDispose]; - } - if (dispose === void 0) { - if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined."); - dispose = value[Symbol.dispose]; - if (async) inner = dispose; - } - if (typeof dispose !== "function") throw new TypeError("Object not disposable."); - if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } }; - env.stack.push({ value: value, dispose: dispose, async: async }); - } - else if (async) { - env.stack.push({ async: true }); - } - return value; -} - -var tslib_es6_SuppressedError = typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) { - var e = new Error(message); - return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e; -}; - -function tslib_es6_disposeResources(env) { - function fail(e) { - env.error = env.hasError ? new tslib_es6_SuppressedError(e, env.error, "An error was suppressed during disposal.") : e; - env.hasError = true; - } - function next() { - while (env.stack.length) { - var rec = env.stack.pop(); - try { - var result = rec.dispose && rec.dispose.call(rec.value); - if (rec.async) return Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); - } - catch (e) { - fail(e); - } - } - if (env.hasError) throw env.error; - } - return next(); -} - -/* harmony default export */ const tslib_tslib_es6 = ({ - __extends: tslib_es6_extends, - __assign: tslib_es6_assign, - __rest: tslib_es6_rest, - __decorate: tslib_es6_decorate, - __param: tslib_es6_param, - __metadata: tslib_es6_metadata, - __awaiter: tslib_es6_awaiter, - __generator: tslib_es6_generator, - __createBinding: tslib_es6_createBinding, - __exportStar: tslib_es6_exportStar, - __values: tslib_es6_values, - __read: tslib_es6_read, - __spread: tslib_es6_spread, - __spreadArrays: tslib_es6_spreadArrays, - __spreadArray: tslib_es6_spreadArray, - __await: tslib_es6_await, - __asyncGenerator: tslib_es6_asyncGenerator, - __asyncDelegator: tslib_es6_asyncDelegator, - __asyncValues: tslib_es6_asyncValues, - __makeTemplateObject: tslib_es6_makeTemplateObject, - __importStar: tslib_es6_importStar, - __importDefault: tslib_es6_importDefault, - __classPrivateFieldGet: tslib_es6_classPrivateFieldGet, - __classPrivateFieldSet: tslib_es6_classPrivateFieldSet, - __classPrivateFieldIn: tslib_es6_classPrivateFieldIn, - __addDisposableResource: tslib_es6_addDisposableResource, - __disposeResources: tslib_es6_disposeResources, -}); - ;// CONCATENATED MODULE: ./node_modules/@pnp/sp/decorators.js /** * Decorator used to specify the default path for SPQueryable objects @@ -2882,7 +2512,7 @@ let _Webs = class _Webs extends _SPCollection { return spPost(Webs(this, "add"), postBody); } }; -_Webs = tslib_es6_decorate([ +_Webs = __decorate([ defaultPath("webs") ], _Webs); @@ -3063,7 +2693,7 @@ let _Web = class _Web extends _SPInstance { return SPCollection(this, `getavailablewebtemplates(lcid=${language},doincludecrosslanguage=${includeCrossLanugage})`); } }; -_Web = tslib_es6_decorate([ +_Web = __decorate([ defaultPath("_api/web") ], _Web); @@ -3140,7 +2770,7 @@ let _AppCatalog = class _AppCatalog extends _SPCollection { }); } }; -_AppCatalog = tslib_es6_decorate([ +_AppCatalog = __decorate([ defaultPath("_api/web/tenantappcatalog/AvailableApps") ], _AppCatalog); @@ -3389,7 +3019,7 @@ function toResourcePath(url) { function Telemetry() { return (instance) => { instance.on.pre(async function (url, init, result) { - let clientTag = "PnPCoreJS:4.4.0:"; + let clientTag = "PnPCoreJS:4.5.0:"; // make our best guess based on url to the method called const { pathname } = new URL(url); // remove anything before the _api as that is potentially PII and we don't care, just want to get the called path to the REST API @@ -4023,7 +3653,7 @@ let _Lists = class _Lists extends _SPCollection { return List([this, odataUrlFrom(json)]); } }; -_Lists = tslib_es6_decorate([ +_Lists = __decorate([ defaultPath("lists") ], _Lists); @@ -4379,7 +4009,7 @@ let _Items = class _Items extends _SPCollection { return spPost(this, body(properties)); } }; -_Items = tslib_es6_decorate([ +_Items = __decorate([ defaultPath("items") ], _Items); @@ -4551,7 +4181,7 @@ let _ItemVersions = class _ItemVersions extends _SPCollection { return ItemVersion(this).concat(`(${versionId})`); } }; -_ItemVersions = tslib_es6_decorate([ +_ItemVersions = __decorate([ defaultPath("versions") ], _ItemVersions); @@ -4650,7 +4280,7 @@ let _Attachments = class _Attachments extends _SPCollection { }; } }; -_Attachments = tslib_es6_decorate([ +_Attachments = __decorate([ defaultPath("AttachmentFiles") ], _Attachments); @@ -4922,7 +4552,7 @@ let _Site = class _Site extends _SPInstance { return spPost(SPQueryable([this, extractWebUrl(this.toUrl())], "_api/siteiconmanager/setsitelogo"), body(logoProperties)); } }; -_Site = tslib_es6_decorate([ +_Site = __decorate([ defaultPath("_api/site") ], _Site); @@ -5089,16 +4719,16 @@ let _Files = class _Files extends _SPCollection { return spPost(Files(this, `addTemplateFile(urloffile='${encodePath(fileUrl)}',templatefiletype=${templateFileType})`)); } }; -tslib_es6_decorate([ +__decorate([ cancelableScope ], _Files.prototype, "addUsingPath", null); -tslib_es6_decorate([ +__decorate([ cancelableScope ], _Files.prototype, "addChunked", null); -tslib_es6_decorate([ +__decorate([ cancelableScope ], _Files.prototype, "addTemplateFile", null); -_Files = tslib_es6_decorate([ +_Files = __decorate([ defaultPath("files") ], _Files); @@ -5366,13 +4996,13 @@ class _File extends ReadableFile { return spPost(poster).then(() => fileFromPath(this, destUrl)); } } -tslib_es6_decorate([ +__decorate([ cancelableScope ], _File.prototype, "copyByPath", null); -tslib_es6_decorate([ +__decorate([ cancelableScope ], _File.prototype, "moveByPath", null); -tslib_es6_decorate([ +__decorate([ cancelableScope ], _File.prototype, "setContentChunked", null); const File = spInvokableFactory(_File); @@ -5469,7 +5099,7 @@ let _Versions = class _Versions extends _SPCollection { return spPost(Versions(this, `restoreByLabel(versionlabel='${encodePath(label)}')`)); } }; -_Versions = tslib_es6_decorate([ +_Versions = __decorate([ defaultPath("versions") ], _Versions); @@ -5638,7 +5268,7 @@ let _Comments = class _Comments extends _SPCollection { return spPost(Comments(this, "DeleteAll")); } }; -_Comments = tslib_es6_decorate([ +_Comments = __decorate([ defaultPath("comments") ], _Comments); @@ -5684,7 +5314,7 @@ let _Replies = class _Replies extends _SPCollection { return Object.assign(Comment([this, odataUrlFrom(d)]), d); } }; -_Replies = tslib_es6_decorate([ +_Replies = __decorate([ defaultPath("replies") ], _Replies); @@ -6939,7 +6569,7 @@ let _Folders = class _Folders extends _SPCollection { return spPost(Folders(this, `addUsingPath(DecodedUrl='${encodePath(serverRelativeUrl)}',overwrite=${overwrite})`)); } }; -_Folders = tslib_es6_decorate([ +_Folders = __decorate([ defaultPath("folders") ], _Folders); @@ -7106,10 +6736,10 @@ class _Folder extends _SPInstance { return spPost(poster).then(() => folderFromPath(this, destUrl)); } } -tslib_es6_decorate([ +__decorate([ cancelableScope ], _Folder.prototype, "moveByPath", null); -tslib_es6_decorate([ +__decorate([ cancelableScope ], _Folder.prototype, "copyByPath", null); const Folder = spInvokableFactory(_Folder); @@ -7440,7 +7070,7 @@ let _ContentTypes = class _ContentTypes extends _SPCollection { return { contentType: this.getById(data.id), data }; } }; -_ContentTypes = tslib_es6_decorate([ +_ContentTypes = __decorate([ defaultPath("contenttypes") ], _ContentTypes); @@ -7494,7 +7124,7 @@ let _FieldLinks = class _FieldLinks extends _SPCollection { return FieldLink(this).concat(`(guid'${id}')`); } }; -_FieldLinks = tslib_es6_decorate([ +_FieldLinks = __decorate([ defaultPath("fieldlinks") ], _FieldLinks); @@ -7571,7 +7201,7 @@ let _Features = class _Features extends _SPCollection { })); } }; -_Features = tslib_es6_decorate([ +_Features = __decorate([ defaultPath("features") ], _Features); @@ -7853,7 +7483,7 @@ let _Fields = class _Fields extends _SPCollection { return this.add(title, 34, properties); } }; -_Fields = tslib_es6_decorate([ +_Fields = __decorate([ defaultPath("fields") ], _Fields); @@ -8125,7 +7755,7 @@ let _Forms = class _Forms extends _SPCollection { return Form(this).concat(`('${id}')`); } }; -_Forms = tslib_es6_decorate([ +_Forms = __decorate([ defaultPath("forms") ], _Forms); @@ -8163,7 +7793,7 @@ let _HubSites = class _HubSites extends _SPCollection { return HubSite(this, `GetById?hubSiteId='${id}'`); } }; -_HubSites = tslib_es6_decorate([ +_HubSites = __decorate([ defaultPath("_api/hubsites") ], _HubSites); @@ -8323,7 +7953,7 @@ let _Navigation = class _Navigation extends _SPQueryable { return NavigationNodes(this, "topnavigationbar"); } }; -_Navigation = tslib_es6_decorate([ +_Navigation = __decorate([ defaultPath("navigation") ], _Navigation); @@ -8674,7 +8304,7 @@ let ProfileLoader = class ProfileLoader extends _SPQueryable { return spPost(ProfileLoaderFactory(this, `getuserprofile/shareallsocialdata(${share})`)); } }; -ProfileLoader = tslib_es6_decorate([ +ProfileLoader = __decorate([ defaultPath("_api/sp.userprofiles.profileloader.getprofileloader") ], ProfileLoader); const ProfileLoaderFactory = (baseUrl, path) => { @@ -8712,7 +8342,7 @@ let ClientPeoplePickerQuery = class ClientPeoplePickerQuery extends _SPQueryable return body({ queryParams }); } }; -ClientPeoplePickerQuery = tslib_es6_decorate([ +ClientPeoplePickerQuery = __decorate([ defaultPath("_api/sp.ui.applicationpages.clientpeoplepickerwebserviceinterface") ], ClientPeoplePickerQuery); const ClientPeoplePickerFactory = (baseUrl, path) => { @@ -8810,7 +8440,7 @@ let _RegionalSettings = class _RegionalSettings extends _SPInstance { return results.Items; } }; -_RegionalSettings = tslib_es6_decorate([ +_RegionalSettings = __decorate([ defaultPath("regionalsettings") ], _RegionalSettings); @@ -8849,7 +8479,7 @@ let _TimeZone = class _TimeZone extends _SPInstance { return hOP(res, "LocalTimeToUTC") ? res.LocalTimeToUTC : res; } }; -_TimeZone = tslib_es6_decorate([ +_TimeZone = __decorate([ defaultPath("timezone") ], _TimeZone); @@ -8864,7 +8494,7 @@ let _TimeZones = class _TimeZones extends _SPCollection { return spPost(TimeZones(this, `GetById(${id})`)); } }; -_TimeZones = tslib_es6_decorate([ +_TimeZones = __decorate([ defaultPath("timezones") ], _TimeZones); @@ -8921,7 +8551,7 @@ let _UserCustomActions = class _UserCustomActions extends _SPCollection { return spPost(UserCustomActions(this, "clear")); } }; -_UserCustomActions = tslib_es6_decorate([ +_UserCustomActions = __decorate([ defaultPath("usercustomactions") ], _UserCustomActions); @@ -9063,7 +8693,7 @@ let _RelatedItemManager = class _RelatedItemManager extends _SPQueryable { })); } }; -_RelatedItemManager = tslib_es6_decorate([ +_RelatedItemManager = __decorate([ defaultPath("_api/SP.RelatedItemManager") ], _RelatedItemManager); @@ -9216,7 +8846,7 @@ let _Search = _Search_1 = class _Search extends _SPInstance { return finalQuery; } }; -_Search = _Search_1 = tslib_es6_decorate([ +_Search = _Search_1 = __decorate([ defaultPath("_api/search/postquery"), invokable(function (init) { return this.run(init); @@ -9341,7 +8971,7 @@ let _Suggest = class _Suggest extends _SPInstance { querySetter("prefixMatch")("fprefixmatchallterms"); } }; -_Suggest = tslib_es6_decorate([ +_Suggest = __decorate([ defaultPath("_api/search/suggest") ], _Suggest); @@ -9477,7 +9107,7 @@ let _SiteUsers = class _SiteUsers extends _SPCollection { return this.getByLoginName(loginName); } }; -_SiteUsers = tslib_es6_decorate([ +_SiteUsers = __decorate([ defaultPath("siteusers") ], _SiteUsers); @@ -9557,7 +9187,7 @@ let _SiteGroups = class _SiteGroups extends _SPCollection { return spPost(SiteGroups(this, `removeByLoginName('${loginName}')`)); } }; -_SiteGroups = tslib_es6_decorate([ +_SiteGroups = __decorate([ defaultPath("sitegroups") ], _SiteGroups); @@ -9627,7 +9257,7 @@ let _RoleAssignments = class _RoleAssignments extends _SPCollection { await spPost(RoleAssignments(this, `removeroleassignment(principalid=${principalId}, roledefid=${roleDefId})`)); } }; -_RoleAssignments = tslib_es6_decorate([ +_RoleAssignments = __decorate([ defaultPath("roleassignments") ], _RoleAssignments); @@ -9713,7 +9343,7 @@ let _RoleDefinitions = class _RoleDefinitions extends _SPCollection { }; } }; -_RoleDefinitions = tslib_es6_decorate([ +_RoleDefinitions = __decorate([ defaultPath("roledefinitions") ], _RoleDefinitions); @@ -10961,7 +10591,7 @@ let _Social = class _Social extends _SPInstance { }); } }; -_Social = tslib_es6_decorate([ +_Social = __decorate([ defaultPath("_api/social.following") ], _Social); @@ -10991,7 +10621,7 @@ let _MySocial = class _MySocial extends _SPInstance { return hOP(r, "Suggestions") ? r.Suggestions.results : r; } }; -_MySocial = tslib_es6_decorate([ +_MySocial = __decorate([ defaultPath("my") ], _MySocial); @@ -11254,7 +10884,7 @@ let _Subscriptions = class _Subscriptions extends _SPCollection { return spPost(this, body(postBody)); } }; -_Subscriptions = tslib_es6_decorate([ +_Subscriptions = __decorate([ defaultPath("subscriptions") ], _Subscriptions); @@ -11362,7 +10992,7 @@ let _Views = class _Views extends _SPCollection { return View(this, `getByTitle('${encodePath(title)}')`); } }; -_Views = tslib_es6_decorate([ +_Views = __decorate([ defaultPath("views") ], _Views); @@ -11440,7 +11070,7 @@ let _ViewFields = class _ViewFields extends _SPCollection { return spPost(ViewFields(this, `removeviewfield('${encodePath(fieldInternalName)}')`)); } }; -_ViewFields = tslib_es6_decorate([ +_ViewFields = __decorate([ defaultPath("viewfields") ], _ViewFields); diff --git a/public/manifest.json b/public/manifest.json index c05c348c..5da06e9d 100644 --- a/public/manifest.json +++ b/public/manifest.json @@ -1,7 +1,7 @@ { "name": "SP Editor", "homepage_url": "https://microsoftedge.microsoft.com/addons/detail/affnnhcbfmcbbdlcadgkdbfafigmjdkk", - "version": "7.0.0", + "version": "7.0.1", "description": "Create and update SharePoint Online/SP2013/SP2016/SP2019 css/js files, inject files to web, manage web/list properties, list Webhook", "manifest_version": 3, "devtools_page": "devtools.html", diff --git a/public/react/index.d.ts b/public/react/index.d.ts index 466ae411..38400a57 100644 --- a/public/react/index.d.ts +++ b/public/react/index.d.ts @@ -848,6 +848,12 @@ declare namespace React { /** A fallback react tree to show when a Suspense child (like React.lazy) suspends */ fallback?: ReactNode; + + /** + * A name for this Suspense boundary for instrumentation purposes. + * The name will help identify this boundary in React DevTools. + */ + name?: string | undefined; } /** @@ -2899,6 +2905,7 @@ declare namespace React { contextMenu?: string | undefined; dir?: string | undefined; draggable?: Booleanish | undefined; + enterKeyHint?: "enter" | "done" | "go" | "next" | "previous" | "search" | "send" | undefined; hidden?: boolean | undefined; id?: string | undefined; lang?: string | undefined; @@ -3354,7 +3361,6 @@ declare namespace React { capture?: boolean | "user" | "environment" | undefined; // https://www.w3.org/TR/html-media-capture/#the-capture-attribute checked?: boolean | undefined; disabled?: boolean | undefined; - enterKeyHint?: "enter" | "done" | "go" | "next" | "previous" | "search" | "send" | undefined; form?: string | undefined; formAction?: | string diff --git a/public/react/ts5.0/index.d.ts b/public/react/ts5.0/index.d.ts index 4d5785e9..c61f2a4f 100644 --- a/public/react/ts5.0/index.d.ts +++ b/public/react/ts5.0/index.d.ts @@ -849,6 +849,12 @@ declare namespace React { /** A fallback react tree to show when a Suspense child (like React.lazy) suspends */ fallback?: ReactNode; + + /** + * A name for this Suspense boundary for instrumentation purposes. + * The name will help identify this boundary in React DevTools. + */ + name?: string | undefined; } /** @@ -2900,6 +2906,7 @@ declare namespace React { contextMenu?: string | undefined; dir?: string | undefined; draggable?: Booleanish | undefined; + enterKeyHint?: "enter" | "done" | "go" | "next" | "previous" | "search" | "send" | undefined; hidden?: boolean | undefined; id?: string | undefined; lang?: string | undefined; @@ -3355,7 +3362,6 @@ declare namespace React { capture?: boolean | "user" | "environment" | undefined; // https://www.w3.org/TR/html-media-capture/#the-capture-attribute checked?: boolean | undefined; disabled?: boolean | undefined; - enterKeyHint?: "enter" | "done" | "go" | "next" | "previous" | "search" | "send" | undefined; form?: string | undefined; formAction?: | string diff --git a/src/pages/graphsdkconsole/utils/util.ts b/src/pages/graphsdkconsole/utils/util.ts index c0b77917..661cb6ef 100644 --- a/src/pages/graphsdkconsole/utils/util.ts +++ b/src/pages/graphsdkconsole/utils/util.ts @@ -7,7 +7,7 @@ import { loadDefinitions } from '../components/utils' export async function fetchDefinitions(dispatch: Dispatch) { const directoryEntry = await getExtensionDirectory() - const definitions: IDefinitions[] = await loadDefinitions(directoryEntry, ['@microsoft', 'msal', '@azure', '@speditor']) + const definitions: IDefinitions[] = await loadDefinitions(directoryEntry, ['@microsoft', '@azure', '@speditor']) dispatch(setDefinitions(definitions)) return } diff --git a/src/pages/mgtconsole/components/componentSnippets.tsx b/src/pages/mgtconsole/components/componentSnippets.tsx index 811dd925..f63ff55d 100644 --- a/src/pages/mgtconsole/components/componentSnippets.tsx +++ b/src/pages/mgtconsole/components/componentSnippets.tsx @@ -335,7 +335,7 @@ import { Login, PersonCard, ThemeToggle } from '@microsoft/mgt-react' /* Hit 'ctrl + d' or 'cmd + d' to run the code */ import React from 'react' -import { PeoplePicker, People, Login, ThemeToggle } from '@microsoft/mgt-react'; +import { PeoplePicker, Login, ThemeToggle } from '@microsoft/mgt-react'; () => { @@ -457,22 +457,22 @@ import { Login, Agenda, ThemeToggle } from '@microsoft/mgt-react' { option: { - key: 'header-tasks', - text: 'MGT Tasks component samples', + key: 'header-planner', + text: 'MGT Planner component samples', itemType: SelectableOptionMenuItemType.Header, }, }, { option: { - key: 'tasks-basic', - text: 'Tasks component', + key: 'planner-basic', + text: 'Planner component', itemType: SelectableOptionMenuItemType.Normal, }, snippet: ` /* Hit 'ctrl + d' or 'cmd + d' to run the code */ import React from 'react' -import { Login, Tasks, ThemeToggle } from '@microsoft/mgt-react' +import { Login, Planner, ThemeToggle } from '@microsoft/mgt-react' () => { @@ -480,7 +480,7 @@ import { Login, Tasks, ThemeToggle } from '@microsoft/mgt-react' <> - + ) }`.trim(), diff --git a/src/pages/mgtconsole/utils/util.ts b/src/pages/mgtconsole/utils/util.ts index b3a4ad03..1d5b5e70 100644 --- a/src/pages/mgtconsole/utils/util.ts +++ b/src/pages/mgtconsole/utils/util.ts @@ -7,7 +7,7 @@ import { loadDefinitions } from '../components/utils' export async function fetchDefinitions(dispatch: Dispatch) { const directoryEntry = await getExtensionDirectory() - const definitions: IDefinitions[] = await loadDefinitions(directoryEntry, ['@microsoft', 'react', 'msal']) + const definitions: IDefinitions[] = await loadDefinitions(directoryEntry, ['@microsoft', 'react']) dispatch(setDefinitions(definitions)) return } diff --git a/src/pages/pnpjsconsole/components/utils.ts b/src/pages/pnpjsconsole/components/utils.ts index 21a2435a..234a12ab 100644 --- a/src/pages/pnpjsconsole/components/utils.ts +++ b/src/pages/pnpjsconsole/components/utils.ts @@ -63,8 +63,7 @@ export const initCode = () => { /* Hit 'ctrl + d' or 'cmd + d' to run the code */ /* Check output from browser console */ -import { spfi, SPBrowser } from "@pnp/sp"; -import "@pnp/sp/webs"; +import { spfi, SPBrowser } from "@pnp/sp/presets/all"; const sp = spfi().using(SPBrowser({ baseUrl: (window as any)._spPageContextInfo.webAbsoluteUrl })); diff --git a/src/pages/pnpjsconsole/utils/util.ts b/src/pages/pnpjsconsole/utils/util.ts index 01740d24..3b3154b1 100644 --- a/src/pages/pnpjsconsole/utils/util.ts +++ b/src/pages/pnpjsconsole/utils/util.ts @@ -7,7 +7,7 @@ import { loadDefinitions } from '../components/utils' export async function fetchDefinitions(dispatch: Dispatch) { const directoryEntry = await getExtensionDirectory() - const definitions: IDefinitions[] = await loadDefinitions(directoryEntry, ['@pnp', '@microsoft', 'msal']) + const definitions: IDefinitions[] = await loadDefinitions(directoryEntry, ['@pnp', '@microsoft']) dispatch(setDefinitions(definitions)) return } diff --git a/src/utilities/utilities.ts b/src/utilities/utilities.ts index 40ef4247..f4fc9a91 100644 --- a/src/utilities/utilities.ts +++ b/src/utilities/utilities.ts @@ -50,25 +50,40 @@ export const resolveFiles = (files: string[], definitions: IDefinitions[]) => { } export const getDirectory = (dirEntry: DirectoryEntry, path: string): Promise => { - return new Promise(resolve => dirEntry.getDirectory(path, {}, (entry: DirectoryEntry) => resolve(entry))) -} + return new Promise((resolve, reject) => { + try { + dirEntry.getDirectory(path, {}, (entry: DirectoryEntry) => resolve(entry), (error) => { + console.error(`Error getting directory: ${path}`, error); + reject(error); + }); + } catch (error) { + console.error(`Error in getDirectory: ${path}`, error); + reject(error); + } + }); +}; export const readDirRecursive = async ( entry: DirectoryEntry, files: DirectoryEntry[] = [], -) => { - const entries = await readEntries(entry) +): Promise => { + try { + const entries = await readEntries(entry); - for (const key in entries) { - if (entries[key].isDirectory) { - await readDirRecursive(entries[key] as DirectoryEntry, files) - } else { - files.push(entries[key]) + for (const key in entries) { + if (entries[key].isDirectory) { + await readDirRecursive(entries[key] as DirectoryEntry, files); + } else { + files.push(entries[key]); + } } - } - return files -} + return files; + } catch (error) { + console.error(`Error in readDirRecursive at path: ${entry.fullPath}`, error); + throw error; + } +}; export const readEntries = (dir: DirectoryEntry): Promise => { return new Promise(resolve => {