1 | "use strict";
|
2 | var __assign = (this && this.__assign) || function () {
|
3 | __assign = Object.assign || function(t) {
|
4 | for (var s, i = 1, n = arguments.length; i < n; i++) {
|
5 | s = arguments[i];
|
6 | for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
|
7 | t[p] = s[p];
|
8 | }
|
9 | return t;
|
10 | };
|
11 | return __assign.apply(this, arguments);
|
12 | };
|
13 | var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
14 | function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
15 | return new (P || (P = Promise))(function (resolve, reject) {
|
16 | function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
17 | function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
18 | function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
19 | step((generator = generator.apply(thisArg, _arguments || [])).next());
|
20 | });
|
21 | };
|
22 | var __generator = (this && this.__generator) || function (thisArg, body) {
|
23 | var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
24 | return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
25 | function verb(n) { return function (v) { return step([n, v]); }; }
|
26 | function step(op) {
|
27 | if (f) throw new TypeError("Generator is already executing.");
|
28 | while (_) try {
|
29 | if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
30 | if (y = 0, t) op = [op[0] & 2, t.value];
|
31 | switch (op[0]) {
|
32 | case 0: case 1: t = op; break;
|
33 | case 4: _.label++; return { value: op[1], done: false };
|
34 | case 5: _.label++; y = op[1]; op = [0]; continue;
|
35 | case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
36 | default:
|
37 | if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
38 | if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
39 | if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
40 | if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
41 | if (t[2]) _.ops.pop();
|
42 | _.trys.pop(); continue;
|
43 | }
|
44 | op = body.call(thisArg, _);
|
45 | } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
46 | if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
47 | }
|
48 | };
|
49 | var __spreadArray = (this && this.__spreadArray) || function (to, from) {
|
50 | for (var i = 0, il = from.length, j = to.length; i < il; i++, j++)
|
51 | to[j] = from[i];
|
52 | return to;
|
53 | };
|
54 | Object.defineProperty(exports, "__esModule", { value: true });
|
55 | exports.buildAuthorizationHeaders = exports.basicHeader = exports.buildAndAddAuthorizationHeader = exports.getAuthHeaders = exports.addAuthorizationHeader = void 0;
|
56 | var util_1 = require("@sap-cloud-sdk/util");
|
57 | var destination_1 = require("./destination");
|
58 | var logger = util_1.createLogger({
|
59 | package: 'core',
|
60 | messageContext: 'authorization-header'
|
61 | });
|
62 |
|
63 |
|
64 |
|
65 |
|
66 |
|
67 |
|
68 |
|
69 | function addAuthorizationHeader(request, headers) {
|
70 | return __awaiter(this, void 0, void 0, function () {
|
71 | var destination, authHeaders;
|
72 | return __generator(this, function (_a) {
|
73 | switch (_a.label) {
|
74 | case 0:
|
75 | destination = request.destination;
|
76 | if (!destination) {
|
77 | return [2 , headers];
|
78 | }
|
79 | return [4 , getAuthHeaders(destination, request.config.customHeaders)];
|
80 | case 1:
|
81 | authHeaders = _a.sent();
|
82 | return [2 , __assign(__assign({}, headers), authHeaders)];
|
83 | }
|
84 | });
|
85 | });
|
86 | }
|
87 | exports.addAuthorizationHeader = addAuthorizationHeader;
|
88 | function getAuthHeader(authenticationType, customHeaders) {
|
89 | if (authenticationType === 'PrincipalPropagation') {
|
90 | var principalPropagationHeader = util_1.pickValueIgnoreCase(customHeaders, 'SAP-Connectivity-Authentication');
|
91 | if (principalPropagationHeader) {
|
92 | return { 'SAP-Connectivity-Authentication': principalPropagationHeader };
|
93 | }
|
94 | }
|
95 | var authorizationHeader = util_1.pickValueIgnoreCase(customHeaders, 'authorization');
|
96 | if (authorizationHeader) {
|
97 | return { authorization: authorizationHeader };
|
98 | }
|
99 | }
|
100 | function getAuthHeaders(destination, customHeaders) {
|
101 | return __awaiter(this, void 0, void 0, function () {
|
102 | var customAuthHeader;
|
103 | return __generator(this, function (_a) {
|
104 | customAuthHeader = getAuthHeader(destination.authentication, customHeaders);
|
105 | return [2 , buildAuthorizationHeaders(destination, customAuthHeader)];
|
106 | });
|
107 | });
|
108 | }
|
109 | exports.getAuthHeaders = getAuthHeaders;
|
110 |
|
111 |
|
112 |
|
113 |
|
114 |
|
115 |
|
116 |
|
117 | function buildAndAddAuthorizationHeader(destination) {
|
118 | return function (headers) {
|
119 | return __awaiter(this, void 0, void 0, function () {
|
120 | var _a;
|
121 | return __generator(this, function (_b) {
|
122 | switch (_b.label) {
|
123 | case 0:
|
124 | _a = [__assign({}, headers)];
|
125 | return [4 , buildAuthorizationHeaders(destination)];
|
126 | case 1: return [2 , __assign.apply(void 0, _a.concat([(_b.sent())]))];
|
127 | }
|
128 | });
|
129 | });
|
130 | };
|
131 | }
|
132 | exports.buildAndAddAuthorizationHeader = buildAndAddAuthorizationHeader;
|
133 | function toAuthorizationHeader(authorization) {
|
134 | return { authorization: authorization };
|
135 | }
|
136 | function headerFromTokens(authenticationType, authTokens) {
|
137 | if (!authTokens || !authTokens.length) {
|
138 | throw Error("`AuthenticationType` is \"" + authenticationType + "\", but no auth tokens could be fetched from the destination service.");
|
139 | }
|
140 | var usableTokens = authTokens.filter(function (token) { return !token.error; });
|
141 | if (!usableTokens.length) {
|
142 | throw Error(__spreadArray([
|
143 | 'The destination tried to provide authorization tokens but failed in all cases. This is most likely due to misconfiguration.',
|
144 | 'Original error messages:'
|
145 | ], authTokens.map(function (token) { return token.error; })).join(util_1.unixEOL));
|
146 | }
|
147 | var authToken = usableTokens[0];
|
148 | return toAuthorizationHeader(authToken.http_header.value);
|
149 | }
|
150 | function headerFromBasicAuthDestination(destination) {
|
151 | if (util_1.isNullish(destination.username) || util_1.isNullish(destination.password)) {
|
152 | throw Error('AuthenticationType is "BasicAuthentication", but "username" and / or "password" are missing!');
|
153 | }
|
154 | return toAuthorizationHeader(basicHeader(destination.username, destination.password));
|
155 | }
|
156 | function basicHeader(username, password) {
|
157 | return 'Basic ' + util_1.encodeBase64(username + ":" + password);
|
158 | }
|
159 | exports.basicHeader = basicHeader;
|
160 | function headerForPrincipalPropagation(destination) {
|
161 | var _a, _b;
|
162 | var principalPropagationHeader = (_b = (_a = destination === null || destination === void 0 ? void 0 : destination.proxyConfiguration) === null || _a === void 0 ? void 0 : _a.headers) === null || _b === void 0 ? void 0 : _b['SAP-Connectivity-Authentication'];
|
163 | if (!principalPropagationHeader) {
|
164 | throw Error('Principal propagation was selected in destination, but no SAP-Connectivity-Authentication bearer header was added by connectivity service.');
|
165 | }
|
166 | return {
|
167 | 'SAP-Connectivity-Authentication': principalPropagationHeader
|
168 | };
|
169 | }
|
170 | function headerForProxy(destination) {
|
171 | var _a, _b;
|
172 | var authHeader = (_b = (_a = destination === null || destination === void 0 ? void 0 : destination.proxyConfiguration) === null || _a === void 0 ? void 0 : _a.headers) === null || _b === void 0 ? void 0 : _b['Proxy-Authorization'];
|
173 | if (authHeader) {
|
174 | return { 'Proxy-Authorization': authHeader };
|
175 | }
|
176 | }
|
177 |
|
178 |
|
179 |
|
180 | function legacyNoAuthOnPremiseProxy(destination) {
|
181 | logger.warn("You are using 'NoAuthentication' in destination: " + destination.name + " which is an OnPremise destination. This is a deprecated configuration, most likely you wanted to set-up 'PrincipalPropagation' so please change the destination property to the desired authentication scheme.");
|
182 | var principalPropagationHeader;
|
183 | try {
|
184 | principalPropagationHeader = headerForPrincipalPropagation(destination);
|
185 | }
|
186 | catch (e) {
|
187 | logger.warn('No principal propagation header found.');
|
188 | }
|
189 | return __assign(__assign({}, headerForProxy(destination)), principalPropagationHeader);
|
190 | }
|
191 | function getProxyRelatedAuthHeaders(destination) {
|
192 | if (destination.proxyType === 'OnPremise' &&
|
193 | destination.authentication === 'NoAuthentication') {
|
194 | return legacyNoAuthOnPremiseProxy(destination);
|
195 | }
|
196 |
|
197 | return headerForProxy(destination);
|
198 | }
|
199 | function getAuthenticationRelatedHeaders(destination) {
|
200 | return __awaiter(this, void 0, void 0, function () {
|
201 | var destinationAuthHeaders;
|
202 | return __generator(this, function (_a) {
|
203 | destinationAuthHeaders = getAuthHeader(destination.authentication, destination.headers);
|
204 | logger.debug("Getting authentication related headers for authentication type: " + destination.authentication);
|
205 | if (destinationAuthHeaders) {
|
206 | logger.debug("Authentication header from 'destination.headers' used.");
|
207 | return [2 , destinationAuthHeaders];
|
208 | }
|
209 | switch (destination.authentication) {
|
210 | case null:
|
211 | case undefined:
|
212 | logger.warn('No authentication type is specified on the destination! Assuming "NoAuthentication".');
|
213 | return [2 ];
|
214 | case 'NoAuthentication':
|
215 | case 'ClientCertificateAuthentication':
|
216 | return [2 ];
|
217 | case 'OAuth2SAMLBearerAssertion':
|
218 | case 'OAuth2UserTokenExchange':
|
219 | case 'OAuth2JWTBearer':
|
220 | case 'OAuth2ClientCredentials':
|
221 | case 'OAuth2Password':
|
222 | return [2 , headerFromTokens(destination.authentication, destination.authTokens)];
|
223 | case 'BasicAuthentication':
|
224 | return [2 , headerFromBasicAuthDestination(destination)];
|
225 | case 'PrincipalPropagation':
|
226 | return [2 , headerForPrincipalPropagation(destination)];
|
227 | default:
|
228 | throw Error("The destination used \"" + destination.authentication + "\" as authentication type which is not supported by the SAP Cloud SDK.");
|
229 | }
|
230 | return [2 ];
|
231 | });
|
232 | });
|
233 | }
|
234 | function buildAuthorizationHeaders(destination, customAuthHeader) {
|
235 | return __awaiter(this, void 0, void 0, function () {
|
236 | var sanitizedDestination, _a;
|
237 | return __generator(this, function (_b) {
|
238 | switch (_b.label) {
|
239 | case 0:
|
240 | sanitizedDestination = destination_1.sanitizeDestination(destination);
|
241 | if (customAuthHeader && Object.keys(customAuthHeader).length) {
|
242 | return [2 , __assign(__assign({}, customAuthHeader), getProxyRelatedAuthHeaders(sanitizedDestination))];
|
243 | }
|
244 | _a = [{}];
|
245 | return [4 , getAuthenticationRelatedHeaders(sanitizedDestination)];
|
246 | case 1: return [2 , __assign.apply(void 0, [__assign.apply(void 0, _a.concat([(_b.sent())])), getProxyRelatedAuthHeaders(sanitizedDestination)])];
|
247 | }
|
248 | });
|
249 | });
|
250 | }
|
251 | exports.buildAuthorizationHeaders = buildAuthorizationHeaders;
|
252 |
|
\ | No newline at end of file |