UNPKG

auth0-lock/lib/connection/enterprise.js

Version:

7.29 kBJavaScriptView Raw

1'use strict';
2
3exports.__esModule = true;
4exports.STRATEGIES = undefined;
5exports.initEnterprise = initEnterprise;
6exports.defaultEnterpriseConnection = defaultEnterpriseConnection;
7exports.defaultEnterpriseConnectionName = defaultEnterpriseConnectionName;
8exports.enterpriseActiveFlowConnection = enterpriseActiveFlowConnection;
9exports.matchConnection = matchConnection;
10exports.isEnterpriseDomain = isEnterpriseDomain;
11exports.enterpriseDomain = enterpriseDomain;
12exports.quickAuthConnection = quickAuthConnection;
13exports.isADEnabled = isADEnabled;
14exports.findADConnectionWithoutDomain = findADConnectionWithoutDomain;
15exports.isInCorpNetwork = isInCorpNetwork;
16exports.corpNetworkConnection = corpNetworkConnection;
17exports.isSingleHRDConnection = isSingleHRDConnection;
18exports.isHRDDomain = isHRDDomain;
19exports.toggleHRD = toggleHRD;
20exports.isHRDActive = isHRDActive;
21exports.isHRDEmailValid = isHRDEmailValid;
22
23var _immutable = require('immutable');
24
25var _immutable2 = _interopRequireDefault(_immutable);
26
27var _index = require('../core/index');
28
29var l = _interopRequireWildcard(_index);
30
31var _index2 = require('../field/index');
32
33var c = _interopRequireWildcard(_index2);
34
35var _data_utils = require('../utils/data_utils');
36
37var _email = require('../field/email');
38
39var _username = require('../field/username');
40
41var _classic = require('../engine/classic');
42
43var _index3 = require('./database/index');
44
45var _index4 = require('../store/index');
46
47function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }
48
49function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
50
51var _dataFns = (0, _data_utils.dataFns)(['enterprise']),
52    get = _dataFns.get,
53    initNS = _dataFns.initNS,
54    tget = _dataFns.tget,
55    tremove = _dataFns.tremove,
56    tset = _dataFns.tset;
57
58var _dataFns2 = (0, _data_utils.dataFns)(['core']),
59    tremoveCore = _dataFns2.tremove,
60    tsetCore = _dataFns2.tset,
61    tgetCore = _dataFns2.tget;
62
63// TODO: Android version also has "google-opendid" in the list, but we
64// consider it to be a social connection. See
65// https://github.com/auth0/Lock.Android/blob/98262cb7110e5d1c8a97e1129faf2621c1d8d111/lock/src/main/java/com/auth0/android/lock/utils/Strategies.java
66
67
68var STRATEGIES = exports.STRATEGIES = {
69  ad: 'AD / LDAP',
70  adfs: 'ADFS',
71  'auth0-adldap': 'AD/LDAP',
72  'auth0-oidc': 'Auth0 OpenID Connect',
73  custom: 'Custom Auth',
74  'google-apps': 'Google Apps',
75  ip: 'IP Address',
76  mscrm: 'Dynamics CRM',
77  office365: 'Office365',
78  pingfederate: 'Ping Federate',
79  samlp: 'SAML',
80  sharepoint: 'SharePoint Apps',
81  waad: 'Windows Azure AD',
82  oidc: 'OpenID Connect'
83};
84
85function initEnterprise(m, opts) {
86  return initNS(m, _immutable2.default.fromJS(processOptions(opts)));
87}
88
89function processOptions(opts) {
90  var defaultEnterpriseConnection = opts.defaultEnterpriseConnection;
91
92
93  if (defaultEnterpriseConnection != undefined && typeof defaultEnterpriseConnection !== 'string') {
94    l.warn(opts, 'The `defaultEnterpriseConnection` option will be ignored, because it is not a string.');
95    defaultEnterpriseConnection = undefined;
96  }
97
98  return defaultEnterpriseConnection === undefined ? {} : { defaultConnectionName: defaultEnterpriseConnection };
99}
100
101function defaultEnterpriseConnection(m) {
102  var name = defaultEnterpriseConnectionName(m);
103  return name && findADConnectionWithoutDomain(m, name);
104}
105
106function defaultEnterpriseConnectionName(m) {
107  return get(m, 'defaultConnectionName');
108}
109
110function enterpriseActiveFlowConnection(m) {
111  if (isHRDActive(m)) {
112    // HRD is active when an email matched or there is only one
113    // connection and it is enterprise
114    var email = tget(m, 'hrdEmail', '');
115    return matchConnection(m, email) || findActiveFlowConnection(m);
116  } else {
117    return defaultEnterpriseConnection(m) || findADConnectionWithoutDomain(m);
118  }
119}
120
121function matchConnection(m, email) {
122  var strategies = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
123
124  var target = (0, _email.emailDomain)(email);
125  if (!target) return false;
126  return l.connections.apply(l, [m, 'enterprise'].concat(strategies)).find(function (x) {
127    return x.get('domains').contains(target);
128  });
129}
130
131function isEnterpriseDomain(m, email) {
132  var strategies = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
133
134  return !!matchConnection(m, email, strategies);
135}
136
137function enterpriseDomain(m) {
138  return isSingleHRDConnection(m) ? l.connections(m, 'enterprise').getIn([0, 'domains', 0]) : (0, _email.emailDomain)(tget(m, 'hrdEmail'));
139}
140
141function quickAuthConnection(m) {
142  return !isADEnabled(m) && l.hasOneConnection(m, 'enterprise') ? l.connections(m, 'enterprise').get(0) : null;
143}
144
145// ad / adldap
146// https://github.com/auth0/Lock.Android/blob/0145b6853a8de0df5e63ef22e4e2bc40be97ad9e/lock/src/main/java/com/auth0/android/lock/utils/Strategy.java#L67
147
148function isADEnabled(m) {
149  return l.hasSomeConnections(m, 'enterprise', 'ad', 'auth0-adldap');
150}
151
152function findADConnectionWithoutDomain(m) {
153  var name = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : undefined;
154
155  return l.connections(m, 'enterprise', 'ad', 'auth0-adldap').find(function (x) {
156    return x.get('domains').isEmpty() && (!name || x.get('name') === name);
157  });
158}
159
160function findActiveFlowConnection(m) {
161  var name = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : undefined;
162
163  return l.connections(m, 'enterprise', 'ad', 'auth0-adldap').find(function (x) {
164    return !name || x.get('name') === name;
165  });
166}
167
168// kerberos
169
170function isInCorpNetwork(m) {
171  return corpNetworkConnection(m) !== undefined;
172}
173
174function corpNetworkConnection(m) {
175  // Information about connection is stored in to flat properties connection and strategy.
176  // If connection is present, strategy will always be present as defined by the server.
177  var name = m.getIn(['sso', 'connection']);
178  var strategy = m.getIn(['sso', 'strategy']);
179
180  return name && strategy && _immutable2.default.Map({ name: name, strategy: strategy });
181}
182
183// hrd
184
185function isSingleHRDConnection(m) {
186  return isADEnabled(m) && l.connections(m).count() === 1;
187}
188
189function isHRDDomain(m, email) {
190  return isEnterpriseDomain(m, email, ['ad', 'auth0-adldap']);
191}
192
193function toggleHRD(m, email) {
194  if (email) {
195    var username = l.defaultADUsernameFromEmailPrefix(m) ? (0, _email.emailLocalPart)(email) : email;
196
197    m = (0, _username.setUsername)(m, username, 'username', false);
198    m = tset(m, 'hrdEmail', email);
199  } else {
200    var hrdEmail = tget(m, 'hrdEmail');
201    if (hrdEmail) {
202      m = (0, _username.setUsername)(m, hrdEmail, 'email', false);
203    }
204    m = tremove(m, 'hrdEmail');
205  }
206
207  return tset(m, 'hrd', !!email);
208}
209
210function isHRDActive(m) {
211  return tget(m, 'hrd', isSingleHRDConnection(m));
212}
213
214function isHRDEmailValid(m, str) {
215  if ((0, _email.isEmail)(str) && !l.hasSomeConnections(m, 'database') && !l.hasSomeConnections(m, 'passwordless') && !findADConnectionWithoutDomain(m) && !(0, _classic.matchesEnterpriseConnection)(m, str)) {
216    return false;
217  }
218
219  return true;
220}

1	`'use strict';`
2
3	`exports.__esModule = true;`
4	`exports.STRATEGIES = undefined;`
5	`exports.initEnterprise = initEnterprise;`
6	`exports.defaultEnterpriseConnection = defaultEnterpriseConnection;`
7	`exports.defaultEnterpriseConnectionName = defaultEnterpriseConnectionName;`
8	`exports.enterpriseActiveFlowConnection = enterpriseActiveFlowConnection;`
9	`exports.matchConnection = matchConnection;`
10	`exports.isEnterpriseDomain = isEnterpriseDomain;`
11	`exports.enterpriseDomain = enterpriseDomain;`
12	`exports.quickAuthConnection = quickAuthConnection;`
13	`exports.isADEnabled = isADEnabled;`
14	`exports.findADConnectionWithoutDomain = findADConnectionWithoutDomain;`
15	`exports.isInCorpNetwork = isInCorpNetwork;`
16	`exports.corpNetworkConnection = corpNetworkConnection;`
17	`exports.isSingleHRDConnection = isSingleHRDConnection;`
18	`exports.isHRDDomain = isHRDDomain;`
19	`exports.toggleHRD = toggleHRD;`
20	`exports.isHRDActive = isHRDActive;`
21	`exports.isHRDEmailValid = isHRDEmailValid;`
22
23	`var _immutable = require('immutable');`
24
25	`var _immutable2 = _interopRequireDefault(_immutable);`
26
27	`var _index = require('../core/index');`
28
29	`var l = _interopRequireWildcard(_index);`
30
31	`var _index2 = require('../field/index');`
32
33	`var c = _interopRequireWildcard(_index2);`
34
35	`var _data_utils = require('../utils/data_utils');`
36
37	`var _email = require('../field/email');`
38
39	`var _username = require('../field/username');`
40
41	`var _classic = require('../engine/classic');`
42
43	`var _index3 = require('./database/index');`
44
45	`var _index4 = require('../store/index');`
46
47	`function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }`
48
49	`function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }`
50
51	`var _dataFns = (0, _data_utils.dataFns)(['enterprise']),`
52	`get = _dataFns.get,`
53	`initNS = _dataFns.initNS,`
54	`tget = _dataFns.tget,`
55	`tremove = _dataFns.tremove,`
56	`tset = _dataFns.tset;`
57
58	`var _dataFns2 = (0, _data_utils.dataFns)(['core']),`
59	`tremoveCore = _dataFns2.tremove,`
60	`tsetCore = _dataFns2.tset,`
61	`tgetCore = _dataFns2.tget;`
62
63	`// TODO: Android version also has "google-opendid" in the list, but we`
64	`// consider it to be a social connection. See`
65	`// https://github.com/auth0/Lock.Android/blob/98262cb7110e5d1c8a97e1129faf2621c1d8d111/lock/src/main/java/com/auth0/android/lock/utils/Strategies.java`
66
67
68	`var STRATEGIES = exports.STRATEGIES = {`
69	`ad: 'AD / LDAP',`
70	`adfs: 'ADFS',`
71	`'auth0-adldap': 'AD/LDAP',`
72	`'auth0-oidc': 'Auth0 OpenID Connect',`
73	`custom: 'Custom Auth',`
74	`'google-apps': 'Google Apps',`
75	`ip: 'IP Address',`
76	`mscrm: 'Dynamics CRM',`
77	`office365: 'Office365',`
78	`pingfederate: 'Ping Federate',`
79	`samlp: 'SAML',`
80	`sharepoint: 'SharePoint Apps',`
81	`waad: 'Windows Azure AD',`
82	`oidc: 'OpenID Connect'`
83	`};`
84
85	`function initEnterprise(m, opts) {`
86	`return initNS(m, _immutable2.default.fromJS(processOptions(opts)));`
87	`}`
88
89	`function processOptions(opts) {`
90	`var defaultEnterpriseConnection = opts.defaultEnterpriseConnection;`
91
92
93	`if (defaultEnterpriseConnection != undefined && typeof defaultEnterpriseConnection !== 'string') {`
94	l.warn(opts, 'The `defaultEnterpriseConnection` option will be ignored, because it is not a string.');
95	`defaultEnterpriseConnection = undefined;`
96	`}`
97
98	`return defaultEnterpriseConnection === undefined ? {} : { defaultConnectionName: defaultEnterpriseConnection };`
99	`}`
100
101	`function defaultEnterpriseConnection(m) {`
102	`var name = defaultEnterpriseConnectionName(m);`
103	`return name && findADConnectionWithoutDomain(m, name);`
104	`}`
105
106	`function defaultEnterpriseConnectionName(m) {`
107	`return get(m, 'defaultConnectionName');`
108	`}`
109
110	`function enterpriseActiveFlowConnection(m) {`
111	`if (isHRDActive(m)) {`
112	`// HRD is active when an email matched or there is only one`
113	`// connection and it is enterprise`
114	`var email = tget(m, 'hrdEmail', '');`
115	`return matchConnection(m, email) \|\| findActiveFlowConnection(m);`
116	`} else {`
117	`return defaultEnterpriseConnection(m) \|\| findADConnectionWithoutDomain(m);`
118	`}`
119	`}`
120
121	`function matchConnection(m, email) {`
122	`var strategies = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];`
123
124	`var target = (0, _email.emailDomain)(email);`
125	`if (!target) return false;`
126	`return l.connections.apply(l, [m, 'enterprise'].concat(strategies)).find(function (x) {`
127	`return x.get('domains').contains(target);`
128	`});`
129	`}`
130
131	`function isEnterpriseDomain(m, email) {`
132	`var strategies = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];`
133
134	`return !!matchConnection(m, email, strategies);`
135	`}`
136
137	`function enterpriseDomain(m) {`
138	`return isSingleHRDConnection(m) ? l.connections(m, 'enterprise').getIn([0, 'domains', 0]) : (0, _email.emailDomain)(tget(m, 'hrdEmail'));`
139	`}`
140
141	`function quickAuthConnection(m) {`
142	`return !isADEnabled(m) && l.hasOneConnection(m, 'enterprise') ? l.connections(m, 'enterprise').get(0) : null;`
143	`}`
144
145	`// ad / adldap`
146	`// https://github.com/auth0/Lock.Android/blob/0145b6853a8de0df5e63ef22e4e2bc40be97ad9e/lock/src/main/java/com/auth0/android/lock/utils/Strategy.java#L67`
147
148	`function isADEnabled(m) {`
149	`return l.hasSomeConnections(m, 'enterprise', 'ad', 'auth0-adldap');`
150	`}`
151
152	`function findADConnectionWithoutDomain(m) {`
153	`var name = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : undefined;`
154
155	`return l.connections(m, 'enterprise', 'ad', 'auth0-adldap').find(function (x) {`
156	`return x.get('domains').isEmpty() && (!name \|\| x.get('name') === name);`
157	`});`
158	`}`
159
160	`function findActiveFlowConnection(m) {`
161	`var name = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : undefined;`
162
163	`return l.connections(m, 'enterprise', 'ad', 'auth0-adldap').find(function (x) {`
164	`return !name \|\| x.get('name') === name;`
165	`});`
166	`}`
167
168	`// kerberos`
169
170	`function isInCorpNetwork(m) {`
171	`return corpNetworkConnection(m) !== undefined;`
172	`}`
173
174	`function corpNetworkConnection(m) {`
175	`// Information about connection is stored in to flat properties connection and strategy.`
176	`// If connection is present, strategy will always be present as defined by the server.`
177	`var name = m.getIn(['sso', 'connection']);`
178	`var strategy = m.getIn(['sso', 'strategy']);`
179
180	`return name && strategy && _immutable2.default.Map({ name: name, strategy: strategy });`
181	`}`
182
183	`// hrd`
184
185	`function isSingleHRDConnection(m) {`
186	`return isADEnabled(m) && l.connections(m).count() === 1;`
187	`}`
188
189	`function isHRDDomain(m, email) {`
190	`return isEnterpriseDomain(m, email, ['ad', 'auth0-adldap']);`
191	`}`
192
193	`function toggleHRD(m, email) {`
194	`if (email) {`
195	`var username = l.defaultADUsernameFromEmailPrefix(m) ? (0, _email.emailLocalPart)(email) : email;`
196
197	`m = (0, _username.setUsername)(m, username, 'username', false);`
198	`m = tset(m, 'hrdEmail', email);`
199	`} else {`
200	`var hrdEmail = tget(m, 'hrdEmail');`
201	`if (hrdEmail) {`
202	`m = (0, _username.setUsername)(m, hrdEmail, 'email', false);`
203	`}`
204	`m = tremove(m, 'hrdEmail');`
205	`}`
206
207	`return tset(m, 'hrd', !!email);`
208	`}`
209
210	`function isHRDActive(m) {`
211	`return tget(m, 'hrd', isSingleHRDConnection(m));`
212	`}`
213
214	`function isHRDEmailValid(m, str) {`
215	`if ((0, _email.isEmail)(str) && !l.hasSomeConnections(m, 'database') && !l.hasSomeConnections(m, 'passwordless') && !findADConnectionWithoutDomain(m) && !(0, _classic.matchesEnterpriseConnection)(m, str)) {`
216	`return false;`
217	`}`
218
219	`return true;`
220	`}`