Merge pull request #1228 from Esri/b/fix-postMessage-auth-for-real

fix(arcgis-rest-request): postMessage auth works w/ credential

Author: tomwayson

packages/arcgis-rest-request/src/ArcGISIdentityManager.ts

@@ -24,6 +24,16 @@ import {
 import { NODEJS_DEFAULT_REFERER_HEADER } from "./index.js";
 import { AuthenticationManagerBase } from "./AuthenticationManagerBase.js";
 
+/**
+ * distinguish between an ICredential and IArcGISIdentityManagerOptions
+ */
+function isCredential(credential: any): credential is ICredential {
+  return (
+    typeof credential.userId === "string" ||
+    typeof credential.expires === "number"
+  );
+}
+
 /**
  * Options for {@linkcode ArcGISIdentityManager.fromToken}.
  */
@@ -904,7 +914,17 @@ export class ArcGISIdentityManager
    */
   private static parentMessageHandler(event: any): ArcGISIdentityManager {
     if (event.data.type === "arcgis:auth:credential") {
-      return new ArcGISIdentityManager(event.data.credential);
+      const credential = event.data.credential as ICredential;
+      // at 4.x - 4.5 we were passing .toJSON() instead of .toCredential()
+      // so we attempt to handle either payload for backwards compatibility
+      // but at the next breaking change we should only support an ICredential
+      return isCredential(credential)
+        ? ArcGISIdentityManager.fromCredential(credential, {
+            hasPortal: true,
+            hasServer: false,
+            server: credential.server
+          } as IServerInfo)
+        : new ArcGISIdentityManager(credential);
     }
     if (event.data.type === "arcgis:auth:error") {
       const err = new Error(event.data.error.message);
@@ -1318,10 +1338,10 @@ export class ArcGISIdentityManager
         let msg = {};
         if (isTokenValid) {
           const credential = this.toCredential();
-          msg = {
-            type: "arcgis:auth:credential",
-            credential
-          };
+          // the following line allows us to conform to our spec without changing other depended-on functionality
+          // https://github.com/Esri/arcgis-rest-js/blob/master/packages/arcgis-rest-auth/post-message-auth-spec.md#arcgisauthcredential
+          credential.server = credential.server.replace("/sharing/rest", "");
+          msg = { type: "arcgis:auth:credential", credential };
         } else {
           msg = {
             type: "arcgis:auth:error",

packages/arcgis-rest-request/test/ArcGISIdentityManager.test.ts

@@ -1811,6 +1811,14 @@ describe("ArcGISIdentityManager", () => {
       username: "jsmith"
     };
 
+    const credential: ICredential = {
+      expires: TOMORROW.getTime(),
+      server: token.portal,
+      ssl: false,
+      token: token.token,
+      userId: token.username
+    };
+
     it(".disablePostMessageAuth removes event listener", () => {
       const removeSpy = spyOn(MockWindow, "removeEventListener");
       const session = new ArcGISIdentityManager(token);
@@ -1958,7 +1966,7 @@ describe("ArcGISIdentityManager", () => {
           postMessage(msg: any, origin: string) {
             Win._fn({
               origin: "https://origin.com",
-              data: { type: "arcgis:auth:credential", credential: token },
+              data: { type: "arcgis:auth:credential", credential },
               source: Win.parent
             });
           }
@@ -1994,7 +2002,7 @@ describe("ArcGISIdentityManager", () => {
             // fire a second we want to intercept
             Win._fn({
               origin: "https://origin.com",
-              data: { type: "arcgis:auth:credential", credential: token },
+              data: { type: "arcgis:auth:credential", credential },
               source: Win.parent
             });
           }