1 | 'use strict';
|
2 |
|
3 | exports.__esModule = true;
|
4 | exports.STRATEGIES = undefined;
|
5 | exports.initEnterprise = initEnterprise;
|
6 | exports.defaultEnterpriseConnection = defaultEnterpriseConnection;
|
7 | exports.defaultEnterpriseConnectionName = defaultEnterpriseConnectionName;
|
8 | exports.enterpriseActiveFlowConnection = enterpriseActiveFlowConnection;
|
9 | exports.matchConnection = matchConnection;
|
10 | exports.isEnterpriseDomain = isEnterpriseDomain;
|
11 | exports.enterpriseDomain = enterpriseDomain;
|
12 | exports.quickAuthConnection = quickAuthConnection;
|
13 | exports.isADEnabled = isADEnabled;
|
14 | exports.findADConnectionWithoutDomain = findADConnectionWithoutDomain;
|
15 | exports.isInCorpNetwork = isInCorpNetwork;
|
16 | exports.corpNetworkConnection = corpNetworkConnection;
|
17 | exports.isSingleHRDConnection = isSingleHRDConnection;
|
18 | exports.isHRDDomain = isHRDDomain;
|
19 | exports.toggleHRD = toggleHRD;
|
20 | exports.isHRDActive = isHRDActive;
|
21 | exports.isHRDEmailValid = isHRDEmailValid;
|
22 |
|
23 | var _immutable = require('immutable');
|
24 |
|
25 | var _immutable2 = _interopRequireDefault(_immutable);
|
26 |
|
27 | var _index = require('../core/index');
|
28 |
|
29 | var l = _interopRequireWildcard(_index);
|
30 |
|
31 | var _index2 = require('../field/index');
|
32 |
|
33 | var c = _interopRequireWildcard(_index2);
|
34 |
|
35 | var _data_utils = require('../utils/data_utils');
|
36 |
|
37 | var _email = require('../field/email');
|
38 |
|
39 | var _username = require('../field/username');
|
40 |
|
41 | var _classic = require('../engine/classic');
|
42 |
|
43 | var _index3 = require('./database/index');
|
44 |
|
45 | var _index4 = require('../store/index');
|
46 |
|
47 | function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }
|
48 |
|
49 | function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
50 |
|
51 | var _dataFns = (0, _data_utils.dataFns)(['enterprise']),
|
52 | get = _dataFns.get,
|
53 | initNS = _dataFns.initNS,
|
54 | tget = _dataFns.tget,
|
55 | tremove = _dataFns.tremove,
|
56 | tset = _dataFns.tset;
|
57 |
|
58 | var _dataFns2 = (0, _data_utils.dataFns)(['core']),
|
59 | tremoveCore = _dataFns2.tremove,
|
60 | tsetCore = _dataFns2.tset,
|
61 | tgetCore = _dataFns2.tget;
|
62 |
|
63 | // TODO: Android version also has "google-opendid" in the list, but we
|
64 | // consider it to be a social connection. See
|
65 | // https://github.com/auth0/Lock.Android/blob/98262cb7110e5d1c8a97e1129faf2621c1d8d111/lock/src/main/java/com/auth0/android/lock/utils/Strategies.java
|
66 |
|
67 |
|
68 | var STRATEGIES = exports.STRATEGIES = {
|
69 | ad: 'AD / LDAP',
|
70 | adfs: 'ADFS',
|
71 | 'auth0-adldap': 'AD/LDAP',
|
72 | 'auth0-oidc': 'Auth0 OpenID Connect',
|
73 | custom: 'Custom Auth',
|
74 | 'google-apps': 'Google Apps',
|
75 | ip: 'IP Address',
|
76 | mscrm: 'Dynamics CRM',
|
77 | office365: 'Office365',
|
78 | pingfederate: 'Ping Federate',
|
79 | samlp: 'SAML',
|
80 | sharepoint: 'SharePoint Apps',
|
81 | waad: 'Windows Azure AD',
|
82 | oidc: 'OpenID Connect'
|
83 | };
|
84 |
|
85 | function initEnterprise(m, opts) {
|
86 | return initNS(m, _immutable2.default.fromJS(processOptions(opts)));
|
87 | }
|
88 |
|
89 | function processOptions(opts) {
|
90 | var defaultEnterpriseConnection = opts.defaultEnterpriseConnection;
|
91 |
|
92 |
|
93 | if (defaultEnterpriseConnection != undefined && typeof defaultEnterpriseConnection !== 'string') {
|
94 | l.warn(opts, 'The `defaultEnterpriseConnection` option will be ignored, because it is not a string.');
|
95 | defaultEnterpriseConnection = undefined;
|
96 | }
|
97 |
|
98 | return defaultEnterpriseConnection === undefined ? {} : { defaultConnectionName: defaultEnterpriseConnection };
|
99 | }
|
100 |
|
101 | function defaultEnterpriseConnection(m) {
|
102 | var name = defaultEnterpriseConnectionName(m);
|
103 | return name && findADConnectionWithoutDomain(m, name);
|
104 | }
|
105 |
|
106 | function defaultEnterpriseConnectionName(m) {
|
107 | return get(m, 'defaultConnectionName');
|
108 | }
|
109 |
|
110 | function enterpriseActiveFlowConnection(m) {
|
111 | if (isHRDActive(m)) {
|
112 |
|
113 |
|
114 | var email = tget(m, 'hrdEmail', '');
|
115 | return matchConnection(m, email) || findActiveFlowConnection(m);
|
116 | } else {
|
117 | return defaultEnterpriseConnection(m) || findADConnectionWithoutDomain(m);
|
118 | }
|
119 | }
|
120 |
|
121 | function matchConnection(m, email) {
|
122 | var strategies = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
|
123 |
|
124 | var target = (0, _email.emailDomain)(email);
|
125 | if (!target) return false;
|
126 | return l.connections.apply(l, [m, 'enterprise'].concat(strategies)).find(function (x) {
|
127 | return x.get('domains').contains(target);
|
128 | });
|
129 | }
|
130 |
|
131 | function isEnterpriseDomain(m, email) {
|
132 | var strategies = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
|
133 |
|
134 | return !!matchConnection(m, email, strategies);
|
135 | }
|
136 |
|
137 | function enterpriseDomain(m) {
|
138 | return isSingleHRDConnection(m) ? l.connections(m, 'enterprise').getIn([0, 'domains', 0]) : (0, _email.emailDomain)(tget(m, 'hrdEmail'));
|
139 | }
|
140 |
|
141 | function quickAuthConnection(m) {
|
142 | return !isADEnabled(m) && l.hasOneConnection(m, 'enterprise') ? l.connections(m, 'enterprise').get(0) : null;
|
143 | }
|
144 |
|
145 |
|
146 |
|
147 |
|
148 | function isADEnabled(m) {
|
149 | return l.hasSomeConnections(m, 'enterprise', 'ad', 'auth0-adldap');
|
150 | }
|
151 |
|
152 | function findADConnectionWithoutDomain(m) {
|
153 | var name = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : undefined;
|
154 |
|
155 | return l.connections(m, 'enterprise', 'ad', 'auth0-adldap').find(function (x) {
|
156 | return x.get('domains').isEmpty() && (!name || x.get('name') === name);
|
157 | });
|
158 | }
|
159 |
|
160 | function findActiveFlowConnection(m) {
|
161 | var name = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : undefined;
|
162 |
|
163 | return l.connections(m, 'enterprise', 'ad', 'auth0-adldap').find(function (x) {
|
164 | return !name || x.get('name') === name;
|
165 | });
|
166 | }
|
167 |
|
168 |
|
169 |
|
170 | function isInCorpNetwork(m) {
|
171 | return corpNetworkConnection(m) !== undefined;
|
172 | }
|
173 |
|
174 | function corpNetworkConnection(m) {
|
175 |
|
176 |
|
177 | var name = m.getIn(['sso', 'connection']);
|
178 | var strategy = m.getIn(['sso', 'strategy']);
|
179 |
|
180 | return name && strategy && _immutable2.default.Map({ name: name, strategy: strategy });
|
181 | }
|
182 |
|
183 |
|
184 |
|
185 | function isSingleHRDConnection(m) {
|
186 | return isADEnabled(m) && l.connections(m).count() === 1;
|
187 | }
|
188 |
|
189 | function isHRDDomain(m, email) {
|
190 | return isEnterpriseDomain(m, email, ['ad', 'auth0-adldap']);
|
191 | }
|
192 |
|
193 | function toggleHRD(m, email) {
|
194 | if (email) {
|
195 | var username = l.defaultADUsernameFromEmailPrefix(m) ? (0, _email.emailLocalPart)(email) : email;
|
196 |
|
197 | m = (0, _username.setUsername)(m, username, 'username', false);
|
198 | m = tset(m, 'hrdEmail', email);
|
199 | } else {
|
200 | var hrdEmail = tget(m, 'hrdEmail');
|
201 | if (hrdEmail) {
|
202 | m = (0, _username.setUsername)(m, hrdEmail, 'email', false);
|
203 | }
|
204 | m = tremove(m, 'hrdEmail');
|
205 | }
|
206 |
|
207 | return tset(m, 'hrd', !!email);
|
208 | }
|
209 |
|
210 | function isHRDActive(m) {
|
211 | return tget(m, 'hrd', isSingleHRDConnection(m));
|
212 | }
|
213 |
|
214 | function isHRDEmailValid(m, str) {
|
215 | if ((0, _email.isEmail)(str) && !l.hasSomeConnections(m, 'database') && !l.hasSomeConnections(m, 'passwordless') && !findADConnectionWithoutDomain(m) && !(0, _classic.matchesEnterpriseConnection)(m, str)) {
|
216 | return false;
|
217 | }
|
218 |
|
219 | return true;
|
220 | }
|