2022-02-01 00:51:32 +01:00
|
|
|
import { ApiService } from "../../abstractions/api.service";
|
|
|
|
|
import { AppIdService } from "../../abstractions/appId.service";
|
|
|
|
|
import { CryptoService } from "../../abstractions/crypto.service";
|
|
|
|
|
import { LogService } from "../../abstractions/log.service";
|
|
|
|
|
import { MessagingService } from "../../abstractions/messaging.service";
|
|
|
|
|
import { PlatformUtilsService } from "../../abstractions/platformUtils.service";
|
|
|
|
|
import { StateService } from "../../abstractions/state.service";
|
2023-02-06 22:53:37 +01:00
|
|
|
import { KeyConnectorService } from "../abstractions/key-connector.service";
|
|
|
|
|
import { TokenService } from "../abstractions/token.service";
|
|
|
|
|
import { TwoFactorService } from "../abstractions/two-factor.service";
|
|
|
|
|
import { SsoLogInCredentials } from "../models/domain/log-in-credentials";
|
|
|
|
|
import { SsoTokenRequest } from "../models/request/identity-token/sso-token.request";
|
|
|
|
|
import { IdentityTokenResponse } from "../models/response/identity-token.response";
|
2022-02-01 00:51:32 +01:00
|
|
|
|
2023-02-06 22:53:37 +01:00
|
|
|
import { LogInStrategy } from "./login.strategy";
|
2022-02-22 15:39:11 +01:00
|
|
|
|
2022-02-01 00:51:32 +01:00
|
|
|
export class SsoLogInStrategy extends LogInStrategy {
|
|
|
|
|
tokenRequest: SsoTokenRequest;
|
|
|
|
|
orgId: string;
|
|
|
|
|
|
2023-05-04 20:57:11 +02:00
|
|
|
// A session token server side to serve as an authentication factor for the user
|
|
|
|
|
// in order to send email OTPs to the user's configured 2FA email address
|
|
|
|
|
// as we don't have a master password hash or other verifiable secret when using SSO.
|
|
|
|
|
ssoEmail2FaSessionToken?: string;
|
|
|
|
|
email?: string; // email not preserved through SSO process so get from server
|
|
|
|
|
|
2022-02-01 00:51:32 +01:00
|
|
|
constructor(
|
|
|
|
|
cryptoService: CryptoService,
|
|
|
|
|
apiService: ApiService,
|
|
|
|
|
tokenService: TokenService,
|
|
|
|
|
appIdService: AppIdService,
|
|
|
|
|
platformUtilsService: PlatformUtilsService,
|
|
|
|
|
messagingService: MessagingService,
|
|
|
|
|
logService: LogService,
|
|
|
|
|
stateService: StateService,
|
|
|
|
|
twoFactorService: TwoFactorService,
|
|
|
|
|
private keyConnectorService: KeyConnectorService
|
|
|
|
|
) {
|
|
|
|
|
super(
|
|
|
|
|
cryptoService,
|
|
|
|
|
apiService,
|
|
|
|
|
tokenService,
|
|
|
|
|
appIdService,
|
|
|
|
|
platformUtilsService,
|
|
|
|
|
messagingService,
|
|
|
|
|
logService,
|
|
|
|
|
stateService,
|
|
|
|
|
twoFactorService
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-28 15:12:11 +01:00
|
|
|
async setUserKey(tokenResponse: IdentityTokenResponse) {
|
2022-02-01 00:51:32 +01:00
|
|
|
const newSsoUser = tokenResponse.key == null;
|
|
|
|
|
|
|
|
|
|
if (tokenResponse.keyConnectorUrl != null) {
|
|
|
|
|
if (!newSsoUser) {
|
|
|
|
|
await this.keyConnectorService.getAndSetKey(tokenResponse.keyConnectorUrl);
|
|
|
|
|
} else {
|
|
|
|
|
await this.keyConnectorService.convertNewSsoUserToKeyConnector(tokenResponse, this.orgId);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async logIn(credentials: SsoLogInCredentials) {
|
|
|
|
|
this.orgId = credentials.orgId;
|
|
|
|
|
this.tokenRequest = new SsoTokenRequest(
|
|
|
|
|
credentials.code,
|
|
|
|
|
credentials.codeVerifier,
|
|
|
|
|
credentials.redirectUrl,
|
|
|
|
|
await this.buildTwoFactor(credentials.twoFactor),
|
|
|
|
|
await this.buildDeviceRequest()
|
|
|
|
|
);
|
|
|
|
|
|
2023-05-04 20:57:11 +02:00
|
|
|
const [ssoAuthResult] = await this.startLogIn();
|
|
|
|
|
|
|
|
|
|
this.email = ssoAuthResult.email;
|
|
|
|
|
this.ssoEmail2FaSessionToken = ssoAuthResult.ssoEmail2FaSessionToken;
|
|
|
|
|
|
|
|
|
|
return ssoAuthResult;
|
2022-02-01 00:51:32 +01:00
|
|
|
}
|
|
|
|
|
}
|
