You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
93 lines
45 KiB
93 lines
45 KiB
// All material copyright Esri, All Rights Reserved, unless otherwise specified. |
|
// See https://js.arcgis.com/4.30/esri/copyright.txt for details. |
|
//>>built |
|
require({cache:{"esri/identity/IdentityManagerBase":function(){define("exports ../chunks/tslib.es6 ../config ../kernel ../request ../core/Error ../core/Evented ../core/events ../core/lang ../core/object ../core/promiseUtils ../core/urlUtils ../core/accessorSupport/decorators/property ../core/has ../core/Logger ../core/accessorSupport/decorators/subclass ./IdentityModal ./OAuthCredential ./OAuthInfo ./ServerInfo ../portal/support/urlUtils".split(" "),function(m,h,k,w,z,y,J,H,L,M,I,v,x,X,Y,D,F,U,R, |
|
N,K){const O={},S=a=>{const b=(new v.Url(a.owningSystemUrl)).host;a=(new v.Url(a.server)).host;const c=/.+\.arcgis\.com$/i;return c.test(b)&&c.test(a)},T=(a,b)=>!!(S(a)&&b&&b.some(c=>c.test(a.server)));let P=null,Q=null;try{P=window.localStorage,Q=window.sessionStorage}catch{}class V extends J{constructor(){super();this._portalConfig=globalThis.esriGeowConfig;this.serverInfos=[];this.oAuthInfos=[];this.credentials=[];this._soReqs=[];this._xoReqs=[];this._portals=[];this._defaultOAuthInfo=null;this._defaultTokenValidity= |
|
60;this.tokenValidity=this.dialog=null;this.normalizeWebTierAuth=!1;this._appOrigin="null"!==window.origin?window.origin:window.location.origin;this._appUrlObj=v.urlToObject(window.location.href);this._busy=null;this._rejectOnPersistedPageShow=!1;this._oAuthLocationParams=null;this._gwTokenUrl="/sharing/rest/generateToken";this._agsRest="/rest/services";this._agsPortal=/\/sharing(\/|$)/i;this._agsAdmin=/(https?:\/\/[^/]+\/[^/]+)\/admin\/?(\/.*)?$/i;this._adminSvcs=/\/rest\/admin\/services(\/|$)/i; |
|
this._gwDomains=[{regex:/^https?:\/\/www\.arcgis\.com/i,customBaseUrl:"maps.arcgis.com",tokenServiceUrl:"https://www.arcgis.com/sharing/rest/generateToken"},{regex:/^https?:\/\/(?:dev|[a-z\d-]+\.mapsdev)\.arcgis\.com/i,customBaseUrl:"mapsdev.arcgis.com",tokenServiceUrl:"https://dev.arcgis.com/sharing/rest/generateToken"},{regex:/^https?:\/\/(?:devext|[a-z\d-]+\.mapsdevext)\.arcgis\.com/i,customBaseUrl:"mapsdevext.arcgis.com",tokenServiceUrl:"https://devext.arcgis.com/sharing/rest/generateToken"}, |
|
{regex:/^https?:\/\/(?:qaext|[a-z\d-]+\.mapsqa)\.arcgis\.com/i,customBaseUrl:"mapsqa.arcgis.com",tokenServiceUrl:"https://qaext.arcgis.com/sharing/rest/generateToken"},{regex:/^https?:\/\/[a-z\d-]+\.maps\.arcgis\.com/i,customBaseUrl:"maps.arcgis.com",tokenServiceUrl:"https://www.arcgis.com/sharing/rest/generateToken"}];this._legacyFed=[];this._regexSDirUrl=/http.+\/rest\/services\/?/gi;this._regexServerType=/(\/(FeatureServer|GPServer|GeoDataServer|GeocodeServer|GeoenrichmentServer|GeometryServer|GlobeServer|ImageServer|KnowledgeGraphServer|MapServer|MissionServer|MobileServer|NAServer|NetworkDiagramServer|OGCFeatureServer|ParcelFabricServer|RelationalCatalogServer|SceneServer|StreamServer|UtilityNetworkServer|ValidationServer|VectorTileServer|VersionManagementServer|VideoServer)).*/gi; |
|
this._gwUser=/http.+\/users\/([^/]+).*/i;this._gwItem=/http.+\/items\/([^/]+).*/i;this._gwGroup=/http.+\/groups\/([^/]+).*/i;this._rePortalTokenSvc=/\/sharing(\/rest)?\/generatetoken/i;this._createDefaultOAuthInfo=!0;this._hasTestedIfAppIsOnPortal=!1;this._getPlatformSelfError=null;this._getOAuthLocationParams();window.addEventListener("pageshow",a=>{this._pageShowHandler(a)})}registerServers(a){const b=this.serverInfos;b?(a=a.filter(c=>!this.findServerInfo(c.server)),this.serverInfos=b.concat(a)): |
|
this.serverInfos=a;a.forEach(c=>{c.owningSystemUrl&&this._portals.push(c.owningSystemUrl);c.hasPortal&&this._portals.push(c.server)})}registerOAuthInfos(a){const b=this.oAuthInfos;if(b){for(const c of a){const d=this.findOAuthInfo(c.portalUrl);d&&b.splice(b.indexOf(d),1)}this.oAuthInfos=b.concat(a)}else this.oAuthInfos=a}registerToken(a){a={...a};const b=this._sanitizeUrl(a.server),c=this._isServerRsrc(b);let d=this.findServerInfo(b),e=!0,g;d||(d=new N,d.server=this._getServerInstanceRoot(b),c?d.hasServer= |
|
!0:(d.tokenServiceUrl=this._getTokenSvcUrl(b),d.hasPortal=!0),this.registerServers([d]));(g=this._findCredential(b))?(delete a.server,Object.assign(g,a),e=!1):(g=new m.Credential({userId:a.userId,server:d.server??void 0,token:a.token,expires:a.expires,ssl:a.ssl,scope:c?"server":"portal"}),g.resources=[b],this.credentials.push(g));g.emitTokenChange(!1);e||g.refreshServerTokens()}toJSON(){return L.fixJson({serverInfos:this.serverInfos.map(a=>a.toJSON()),oAuthInfos:this.oAuthInfos.map(a=>a.toJSON()), |
|
credentials:this.credentials.map(a=>a.toJSON())})}initialize(a){if(a){"string"===typeof a&&(a=JSON.parse(a));var b=a.serverInfos,c=a.oAuthInfos;a=a.credentials;if(b){const d=[];b.forEach(e=>{e.server&&e.tokenServiceUrl&&d.push(e.declaredClass?e:new N(e))});d.length&&this.registerServers(d)}if(c){const d=[];c.forEach(e=>{e.appId&&d.push(e.declaredClass?e:new R(e))});d.length&&this.registerOAuthInfos(d)}a&&a.forEach(d=>{d.server&&d.token&&d.expires&&d.expires>Date.now()&&(d=d.declaredClass?d:new m.Credential(d), |
|
d.emitTokenChange(),this.credentials.push(d))})}}findServerInfo(a){let b;a=this._sanitizeUrl(a);for(const c of this.serverInfos)if(this._hasSameServerInstance(c.server,a)){b=c;break}return b}findOAuthInfo(a){let b;a=this._sanitizeUrl(a);for(const c of this.oAuthInfos)if(this._hasSameServerInstance(c.portalUrl,a)){b=c;break}return b}findCredential(a,b){if(a){a=this._sanitizeUrl(a);var c=this._isServerRsrc(a)?"server":"portal";if(b)for(const e of this.credentials){if(this._hasSameServerInstance(e.server, |
|
a)&&b===e.userId&&e.scope===c){var d=e;break}}else for(const e of this.credentials)if(this._hasSameServerInstance(e.server,a)&&-1!==this._getIdenticalSvcIdx(a,e)&&e.scope===c){d=e;break}return d}}getCredential(a,b){let c=!0;if(b){var d=!!b.token;var e=b.error;c=!1!==b.prompt}b={...b};a=this._sanitizeUrl(a);const g=new AbortController,n=I.createResolver();if(b.signal)I.onAbort(b.signal,()=>{g.abort()});I.onAbort(g,()=>{n.reject(new y("identity-manager:user-aborted","ABORTED"))});if(I.isAborted(g))return n.promise; |
|
b.signal=g.signal;const t=this._isAdminResource(a);if((d=d?this.findCredential(a):null)&&e&&e.details&&498===e.details.httpStatus)d.destroy();else if(d)return a=new y("identity-manager:not-authorized","You are currently signed in as: '"+d.userId+"'. You do not have access to this resource: "+a,{error:e}),n.reject(a),n.promise;if(e=this._findCredential(a,b))return n.resolve(e),n.promise;let f=this.findServerInfo(a);if(f)!f.hasPortal&&f.server&&f.owningSystemUrl&&this._hasSameServerInstance(f.server, |
|
f.owningSystemUrl)&&(f.hasPortal=!0),!f.hasServer&&this._isServerRsrc(a)&&(f._restInfoPms=this._getTokenSvcUrl(a),f.hasServer=!0);else{e=this._getTokenSvcUrl(a);if(!e)return a=new y("identity-manager:unknown-resource","Unknown resource - could not find token service endpoint."),n.reject(a),n.promise;f=new N;f.server=this._getServerInstanceRoot(a);"string"===typeof e?(f.tokenServiceUrl=e,f.hasPortal=!0):(f._restInfoPms=e,f.hasServer=!0);this.registerServers([f])}f.hasPortal&&void 0===f._selfReq&&(c|| |
|
v.hasSameOrigin(f.tokenServiceUrl,this._appOrigin)||this._gwDomains.some(l=>l.tokenServiceUrl===f.tokenServiceUrl))&&(f._selfReq={owningTenant:b?.owningTenant,selfDfd:this._getPortalSelf(f.tokenServiceUrl.replace(this._rePortalTokenSvc,"/sharing/rest/portals/self"),a)});return this._enqueue(a,f,b,n,t)}getResourceName(a){return this._isRESTService(a)?a.replace(this._regexSDirUrl,"").replace(this._regexServerType,"")||"":this._gwUser.test(a)&&a.replace(this._gwUser,"$1")||this._gwItem.test(a)&&a.replace(this._gwItem, |
|
"$1")||this._gwGroup.test(a)&&a.replace(this._gwGroup,"$1")||""}generateToken(a,b,c){const d=this._rePortalTokenSvc.test(a.tokenServiceUrl),e=new v.Url(this._appOrigin);var g=a.shortLivedTokenValidity;let n,t,f,l,r,p,q;b&&(q=this.tokenValidity||g||this._defaultTokenValidity,q>g&&0<g&&(q=g));c&&(n=c.isAdmin,t=c.serverUrl,f=c.token,r=c.signal,p=c.ssl,a.customParameters=c.customParameters);n?g=a.adminTokenServiceUrl:(g=a.tokenServiceUrl,l=new v.Url(g.toLowerCase()),a.webTierAuth&&c?.serverUrl&&!p&&"http"=== |
|
e.scheme&&(v.hasSameOrigin(e.uri,g,!0)||"https"===l.scheme&&e.host===l.host&&"7080"===e.port&&"7443"===l.port)&&(g=g.replace(/^https:/i,"http:").replace(/:7443/i,":7080")));c={query:{request:"getToken",username:b?.username,password:b?.password,serverUrl:t,token:f,expiration:q,referer:n||d?this._appOrigin:null,client:n?"referer":null,f:"json",...a.customParameters},method:"post",authMode:"anonymous",useProxy:this._useProxy(a,c),signal:r,...c?.ioArgs};d||(c.withCredentials=!1);return z(g,c).then(C=> |
|
{C=C.data;if(!C?.token)return new y("identity-manager:authentication-failed","Unable to generate token");const u=a.server;O[u]||(O[u]={});b&&(O[u][b.username]=b.password);C.validity=q;return C})}isBusy(){return!!this._busy}async checkSignInStatus(a){return(await this.checkAppAccess(a,"")).credential}checkAppAccess(a,b,c){let d=!1;return this.getCredential(a,{prompt:!1}).then(e=>{let g;const n={f:"json"};if("portal"===e.scope)if(b&&(this._doPortalSignIn(a)||c?.force))g=e.server+"/sharing/rest/oauth2/validateAppAccess", |
|
n.client_id=b;else if(e.token)g=e.server+"/sharing/rest";else return{credential:e};else if(e.token)g=e.server+"/rest/services";else return{credential:e};e.token&&(n.token=e.token);return z(g,{query:n,authMode:"anonymous"}).then(t=>{if(!1===t.data.valid)throw new y("identity-manager:not-authorized",`You are currently signed in as: '${e.userId}'.`,t.data);d=!!t.data.viewOnlyUserTypeApp;return{credential:e}}).catch(t=>{if("identity-manager:not-authorized"===t.name)throw t;t=t.details?.httpStatus;if(498=== |
|
t)throw e.destroy(),new y("identity-manager:not-authenticated","User is not signed in.");if(400===t)throw new y("identity-manager:invalid-request");return{credential:e}})}).then(e=>({credential:e.credential,viewOnly:d}))}setOAuthResponseHash(a){a&&("#"===a.charAt(0)&&(a=a.substring(1)),this._processOAuthPopupParams(v.queryToObject(a)))}setOAuthRedirectionHandler(a){this._oAuthRedirectFunc=a}setProtocolErrorHandler(a){this._protocolFunc=a}signIn(a,b,c={}){const d=I.createResolver(),e=()=>{t?.remove(); |
|
f?.remove();this.dialog?.destroy();this.dialog=t=f=null},g=()=>{e();this._oAuthDfd=null;d.reject(new y("identity-manager:user-aborted","ABORTED"))};if(c.signal)I.onAbort(c.signal,()=>{g()});const n=new F({open:!0,resource:this.getResourceName(a),server:b.server});this.dialog=n;this.emit("dialog-create");let t=n.on("cancel",g),f=n.on("submit",l=>{this.generateToken(b,l,{isAdmin:c.isAdmin,signal:c.signal}).then(r=>{e();r=new m.Credential({userId:l.username,server:b.server??void 0,token:r.token,expires:null!= |
|
r.expires?Number(r.expires):null,ssl:!!r.ssl,isAdmin:c.isAdmin,validity:r.validity});d.resolve(r)}).catch(r=>{n.error=r;n.signingIn=!1})});return d.promise}oAuthSignIn(a,b,c,d){const e=this._oAuthDfd=I.createResolver();if(d?.signal)I.onAbort(d.signal,()=>{const p=this._oAuthDfd&&this._oAuthDfd.oAuthWin_;p&&!p.closed?p.close():this.dialog&&l()});e.resUrl_=a;e.sinfo_=b;e.oinfo_=c;let g;const n=c._oAuthCred;if(n.storage&&("authorization-code"===c.flowType||"auto"===c.flowType&&8.4<=b.currentVersion)){let p= |
|
crypto.getRandomValues(new Uint8Array(32));g=v.base64UrlEncode(p);n.codeVerifier=g;p=crypto.getRandomValues(new Uint8Array(32));n.stateUID=v.base64UrlEncode(p);n.save()||(n.codeVerifier=g=null)}else n.codeVerifier=null;this._getCodeChallenge(g).then(p=>{var q=!d||!1!==d.oAuthPopupConfirmation;c.popup&&q?(this.dialog=q=new F({oAuthPrompt:!0,server:b.server,open:!0}),this.emit("dialog-create"),t=q.on("cancel",l),f=q.on("submit",()=>{r();this._doOAuthSignIn(a,b,c,p)})):this._doOAuthSignIn(a,b,c,p)}); |
|
let t,f;const l=()=>{r();this._oAuthDfd=null;e.reject(new y("identity-manager:user-aborted","ABORTED"))},r=()=>{t?.remove();f?.remove();this.dialog?.destroy();this.dialog=null};return e.promise}destroyCredentials(){this.credentials&&this.credentials.slice().forEach(a=>{a.destroy()});this.emit("credentials-destroy")}enablePostMessageAuth(a="https://www.arcgis.com/sharing/rest"){this._postMessageAuthHandle&&this._postMessageAuthHandle.remove();this._postMessageAuthHandle=H.on(window,"message",b=>{if((b.origin=== |
|
this._appOrigin||b.origin.endsWith(".arcgis.com"))&&"arcgis:auth:requestCredential"===b.data?.type){const c=b.source;this.getCredential(a).then(d=>{c.postMessage({type:"arcgis:auth:credential",credential:{expires:d.expires,server:d.server,ssl:d.ssl,token:d.token,userId:d.userId}},b.origin)}).catch(d=>{c.postMessage({type:"arcgis:auth:error",error:{name:d.name,message:d.message}},b.origin)})}})}disablePostMessageAuth(){this._postMessageAuthHandle&&(this._postMessageAuthHandle.remove(),this._postMessageAuthHandle= |
|
null)}_getOAuthLocationParams(){var a=window.location.hash;if(a){"#"===a.charAt(0)&&(a=a.substring(1));a=v.queryToObject(a);var b=!1;if(a.access_token&&a.expires_in&&a.state&&a.hasOwnProperty("username"))try{a.state=JSON.parse(a.state),a.state.portalUrl&&(this._oAuthLocationParams=a,b=!0)}catch{}else if(a.error&&a.error_description&&(console.log("IdentityManager OAuth Error: ",a.error," - ",a.error_description),"access_denied"===a.error&&(b=!0,a.state)))try{a.state=JSON.parse(a.state)}catch{}b&&(window.location.hash= |
|
a.state?.hash||"")}if(a=window.location.search){"?"===a.charAt(0)&&(a=a.substring(1));a=v.queryToObject(a);b=!1;if(a.code&&a.state)try{a.state=JSON.parse(a.state),a.state.portalUrl&&a.state.uid&&(this._oAuthLocationParams=a,b=!0)}catch{}else if(a.error&&a.error_description&&(console.log("IdentityManager OAuth Error: ",a.error," - ",a.error_description),"access_denied"===a.error&&(b=!0,a.state)))try{a.state=JSON.parse(a.state)}catch{}if(b){const c={...a};"code error error_description message_code persist state".split(" ").forEach(d=> |
|
{delete c[d]});b=v.objectToQuery(c);window.history.replaceState(window.history.state,"",window.location.pathname+(b?`?${b}`:"")+(a.state?.hash||""))}}}_getOAuthToken(a,b,c,d,e){a=a.replace(/^http:/i,"https:");return z(`${a}/sharing/rest/oauth2/token`,{authMode:"anonymous",method:"post",query:d&&e?{grant_type:"authorization_code",code:b,redirect_uri:d,client_id:c,code_verifier:e}:{grant_type:"refresh_token",refresh_token:b,client_id:c}}).then(g=>g.data)}async _getCodeChallenge(a){return a&&globalThis.isSecureContext? |
|
(a=(new TextEncoder).encode(a),a=await crypto.subtle.digest("SHA-256",a),v.base64UrlEncode(new Uint8Array(a))):null}_pageShowHandler(a){a.persisted&&this.isBusy()&&this._rejectOnPersistedPageShow&&(a=new y("identity-manager:user-aborted","ABORTED"),this._errbackFunc(a))}_findCredential(a,b){let c=-1,d,e,g;const n=b?.token;b=b?.resource;const t=this._isServerRsrc(a)?"server":"portal",f=this.credentials.filter(l=>this._hasSameServerInstance(l.server,a)&&l.scope===t);a=b||a;if(f.length)if(1===f.length)if(b= |
|
f[0],e=this.findServerInfo(b.server),g=(d=e?.owningSystemUrl)?this.findCredential(d,b.userId):void 0,c=this._getIdenticalSvcIdx(a,b),n)-1!==c&&(b.resources.splice(c,1),this._removeResource(a,g));else return-1===c&&b.resources.push(a),this._addResource(a,g),b;else{let l,r;f.some(p=>{r=this._getIdenticalSvcIdx(a,p);return-1!==r?(l=p,e=this.findServerInfo(l.server),g=(d=e?.owningSystemUrl)?this.findCredential(d,l.userId):void 0,c=r,!0):!1});if(n)l&&(l.resources.splice(c,1),this._removeResource(a,g)); |
|
else if(l)return this._addResource(a,g),l}}_findOAuthInfo(a){let b=this.findOAuthInfo(a);if(!b)for(const c of this.oAuthInfos)if(this._isIdProvider(c.portalUrl,a)){b=c;break}return b}_addResource(a,b){b&&-1===this._getIdenticalSvcIdx(a,b)&&b.resources.push(a)}_removeResource(a,b){let c=-1;b&&(c=this._getIdenticalSvcIdx(a,b),-1<c&&b.resources.splice(c,1))}_useProxy(a,b){return b?.isAdmin&&!v.hasSameOrigin(a.adminTokenServiceUrl,this._appOrigin)||!this._isPortalDomain(a.tokenServiceUrl)&&"10.1"===String(a.currentVersion)&& |
|
!v.hasSameOrigin(a.tokenServiceUrl,this._appOrigin)}_getOrigin(a){a=new v.Url(a);return a.scheme+"://"+a.host+(null!=a.port?":"+a.port:"")}_getServerInstanceRoot(a){const b=a.toLowerCase();let c=b.indexOf(this._agsRest);-1===c&&this._isAdminResource(a)&&(c=this._agsAdmin.test(a)?a.replace(this._agsAdmin,"$1").length:a.search(this._adminSvcs));-1!==c||K.isSecureProxyService(b)||(c=b.indexOf("/sharing"));-1===c&&b.endsWith("/")&&(c=b.length-1);return-1<c?a.substring(0,c):a}_hasSameServerInstance(a, |
|
b){a.endsWith("/")&&(a=a.slice(0,-1));a=a.toLowerCase();b=this._getServerInstanceRoot(b).toLowerCase();a=K.normalizeArcGISOnlineOrgDomain(a);b=K.normalizeArcGISOnlineOrgDomain(b);a=a.substring(a.indexOf(":"));b=b.substring(b.indexOf(":"));return a===b}_sanitizeUrl(a){const b=(k.request.proxyUrl||"").toLowerCase(),c=b?a.toLowerCase().indexOf(b+"?"):-1;-1!==c&&(a=a.substring(c+b.length+1));a=v.normalize(a);return v.urlToObject(a).path}_isRESTService(a){return a.includes(this._agsRest)}_isAdminResource(a){return this._agsAdmin.test(a)|| |
|
this._adminSvcs.test(a)}_isServerRsrc(a){return this._isRESTService(a)||this._isAdminResource(a)}_isIdenticalService(a,b){var c=!1;this._isRESTService(a)&&this._isRESTService(b)?(a=this._getSuffix(a).toLowerCase(),b=this._getSuffix(b).toLowerCase(),c=a===b,c||(c=/(.*)\/(MapServer|FeatureServer|UtilityNetworkServer).*/gi,c=a.replaceAll(c,"$1")===b.replaceAll(c,"$1"))):this._isAdminResource(a)&&this._isAdminResource(b)?c=!0:this._isServerRsrc(a)||this._isServerRsrc(b)||!this._isPortalDomain(a)||(c= |
|
!0);return c}_isPortalDomain(a){const b=new v.Url(a.toLowerCase());a=this._portalConfig;let c=this._gwDomains.some(d=>d.regex.test(b.uri));!c&&a&&(c=this._hasSameServerInstance(this._getServerInstanceRoot(a.restBaseUrl),b.uri));c||k.portalUrl&&(c=v.hasSameOrigin(b,k.portalUrl,!0));c||=this._portals.some(d=>this._hasSameServerInstance(d,b.uri));return c=c||this._agsPortal.test(b.path)}_isIdProvider(a,b){let c=-1,d=-1;this._gwDomains.forEach((g,n)=>{-1===c&&g.regex.test(a)&&(c=n);-1===d&&g.regex.test(b)&& |
|
(d=n)});let e=!1;if(-1<c&&-1<d)if(0===c||4===c){if(0===d||4===d)e=!0}else if(1===c){if(1===d||2===d)e=!0}else 2===c?2===d&&(e=!0):3===c&&3===d&&(e=!0);if(!e){const g=this.findServerInfo(b),n=g?.owningSystemUrl;n&&S(g)&&this._isPortalDomain(n)&&this._isIdProvider(a,n)&&(e=!0)}return e}_getIdenticalSvcIdx(a,b){let c=-1;for(let d=0;d<b.resources.length;d++)if(this._isIdenticalService(a,b.resources[d])){c=d;break}return c}_getSuffix(a){return a.replace(this._regexSDirUrl,"").replace(this._regexServerType, |
|
"$1")}_getTokenSvcUrl(a){if(this._isRESTService(a)||this._isAdminResource(a)){var b=this._getServerInstanceRoot(a);var c=b+"/admin/generateToken";a=b+"/rest/info";b=z(a,{query:{f:"json"}}).then(d=>d.data);return{adminUrl:c,promise:b}}if(this._isPortalDomain(a)){let d="";this._gwDomains.some(e=>{e.regex.test(a)&&(d=e.tokenServiceUrl);return!!d});d||this._portals.some(e=>{this._hasSameServerInstance(e,a)&&(d=e+this._gwTokenUrl);return!!d});d||(c=a.toLowerCase().indexOf("/sharing"),-1!==c&&(d=a.substring(0, |
|
c)+this._gwTokenUrl));d||=this._getOrigin(a)+this._gwTokenUrl;d&&(c=(new v.Url(a)).port,/^http:\/\//i.test(a)&&"7080"===c&&(d=d.replace(/:7080/i,":7443")),d=d.replace(/http:/i,"https:"));return d}}_processOAuthResponseParams(a,b,c){const d=b._oAuthCred;if(a.code){var e=d.codeVerifier;d.codeVerifier=null;d.stateUID=null;d.save();return this._getOAuthToken(c.server,a.code,b.appId,this._getRedirectURI(b,!0),e).then(g=>{const n=new m.Credential({userId:g.username,server:c.server??void 0,token:g.access_token, |
|
expires:Date.now()+1E3*g.expires_in,ssl:g.ssl,oAuthState:a.state,_oAuthCred:d});b.userId=n.userId;d.storage=g.persist?P:Q;d.refreshToken=g.refresh_token;d.token=null;d.expires=g.refresh_token_expires_in?Date.now()+1E3*g.refresh_token_expires_in:null;d.userId=n.userId;d.ssl=n.ssl;d.save();return n})}e=new m.Credential({userId:a.username,server:c.server??void 0,token:a.access_token,expires:Date.now()+1E3*Number(a.expires_in),ssl:"true"===a.ssl,oAuthState:a.state,_oAuthCred:d});b.userId=e.userId;d.storage= |
|
a.persist?P:Q;d.refreshToken=null;d.token=e.token;d.expires=e.expires;d.userId=e.userId;d.ssl=e.ssl;d.save();return Promise.resolve(e)}_processOAuthPopupParams(a){const b=this._oAuthDfd;this._oAuthDfd=null;if(b)if(clearInterval(this._oAuthIntervalId),this._oAuthOnPopupHandle?.remove(),a.error){const c="access_denied"===a.error;a=new y(c?"identity-manager:user-aborted":"identity-manager:authentication-failed",c?"ABORTED":"OAuth: "+a.error+" - "+a.error_description);b.reject(a)}else this._processOAuthResponseParams(a, |
|
b.oinfo_,b.sinfo_).then(c=>{b.resolve(c)}).catch(c=>{b.reject(c)})}_setOAuthResponseQueryString(a){a&&("?"===a.charAt(0)&&(a=a.substring(1)),this._processOAuthPopupParams(v.queryToObject(a)))}async _exchangeToken(a,b,c){return(await z(`${a}/sharing/rest/oauth2/exchangeToken`,{authMode:"anonymous",method:"post",query:{f:"json",client_id:b,token:c}})).data.token}async _getPlatformSelf(a,b){if(this._getPlatformSelfError&&1E3>Date.now()-this._getPlatformSelfError[1])throw this._getPlatformSelfError[0]; |
|
a=a.replace(/^http:/i,"https:");try{const c=await z(`${a}/sharing/rest/oauth2/platformSelf`,{authMode:"anonymous",headers:{"X-Esri-Auth-Client-Id":b,"X-Esri-Auth-Redirect-Uri":window.location.href.replace(/#.*$/,"")},method:"post",query:{f:"json",expiration:30},withCredentials:!0});this._getPlatformSelfError=null;return c.data}catch(c){throw"OAUTH_0066"===c.details?.messageCode&&(this._getPlatformSelfError=[c,Date.now()]),c;}}_getPortalSelf(a,b){let c;this._gwDomains.some(d=>{d.regex.test(a)&&(c= |
|
d.customBaseUrl);return!!c});if(c)return Promise.resolve({allSSL:!0,currentVersion:"8.4",customBaseUrl:c,portalMode:"multitenant",supportsOAuth:!0});this._appOrigin.startsWith("https:")?a=a.replace(/^http:/i,"https:").replace(/:7080/i,":7443"):/^http:/i.test(b)&&(a=a.replace(/^https:/i,"http:").replace(/:7443/i,":7080"));return z(a,{query:{f:"json"},authMode:"anonymous",withCredentials:!0}).then(d=>d.data)}_doPortalSignIn(a){const b=this._portalConfig,c=window.location.href,d=this.findServerInfo(a); |
|
return(b||this._isPortalDomain(c))&&(d?d.hasPortal||d.owningSystemUrl&&this._isPortalDomain(d.owningSystemUrl):this._isPortalDomain(a))&&(this._isIdProvider(c,a)||b&&(this._hasSameServerInstance(this._getServerInstanceRoot(b.restBaseUrl),a)||this._isIdProvider(b.restBaseUrl,a))||v.hasSameOrigin(c,a,!0))?!0:!1}_checkProtocol(a,b,c,d){let e=!0;d=d?b.adminTokenServiceUrl:b.tokenServiceUrl;d.trim().toLowerCase().startsWith("https:")&&!this._appOrigin.startsWith("https:")&&v.getProxyRule(d)&&(e=this._protocolFunc? |
|
!!this._protocolFunc({resourceUrl:a,serverInfo:b}):!1,e||(a=new y("identity-manager:aborted","Aborted the Sign-In process to avoid sending password over insecure connection."),c(a)));return e}_enqueue(a,b,c,d,e,g){d||=I.createResolver();d.resUrl_=a;d.sinfo_=b;d.options_=c;d.admin_=e;d.refresh_=g;this._busy?this._hasSameServerInstance(this._getServerInstanceRoot(a),this._busy.resUrl_)?(this._oAuthDfd&&this._oAuthDfd.oAuthWin_&&this._oAuthDfd.oAuthWin_.focus(),this._soReqs.push(d)):this._xoReqs.push(d): |
|
this._doSignIn(d);return d.promise}_doSignIn(a){this._busy=a;this._rejectOnPersistedPageShow=!1;const b=f=>{var l=a.options_?.resource;const r=a.resUrl_,p=a.refresh_;let q=!1;this.credentials.includes(f)||(p&&this.credentials.includes(p)?(p.userId=f.userId,p.token=f.token,p.expires=f.expires,p.validity=f.validity,p.ssl=f.ssl,p.creationTime=f.creationTime,q=!0,f=p):this.credentials.push(f));f.resources||(f.resources=[]);f.resources.includes(l||r)||f.resources.push(l||r);f.scope=this._isServerRsrc(r)? |
|
"server":"portal";f.emitTokenChange();l=this._soReqs;const C={};this._soReqs=[];l.forEach(u=>{if(!this._isIdenticalService(r,u.resUrl_)){const B=this._getSuffix(u.resUrl_);C[B]||(C[B]=!0,f.resources.push(u.resUrl_))}});a.resolve(f);l.forEach(u=>{this._hasSameServerInstance(this._getServerInstanceRoot(r),u.resUrl_)?u.resolve(f):this._soReqs.push(u)});this._busy=a.resUrl_=a.sinfo_=a.refresh_=null;q||this.emit("credential-create",{credential:f});this._soReqs.length?this._doSignIn(this._soReqs.shift()): |
|
this._xoReqs.length&&this._doSignIn(this._xoReqs.shift())},c=f=>{a.reject(f);this._busy=a.resUrl_=a.sinfo_=a.refresh_=null;this._soReqs.length?this._doSignIn(this._soReqs.shift()):this._xoReqs.length&&this._doSignIn(this._xoReqs.shift())},d=(f,l,r,p)=>{const q=a.sinfo_,C=!a.options_||!1!==a.options_.prompt,u=q.hasPortal&&this._findOAuthInfo(a.resUrl_);let B,W;if(f)b(new m.Credential({userId:f,server:q.server??void 0,token:r??void 0,expires:null!=p?Number(p):null,ssl:!!l}));else if(window!==window.parent&& |
|
this._appUrlObj.query?.["arcgis-auth-origin"]&&this._appUrlObj.query?.["arcgis-auth-portal"]&&this._hasSameServerInstance(this._getServerInstanceRoot(this._appUrlObj.query["arcgis-auth-portal"]),a.resUrl_)){window.parent.postMessage({type:"arcgis:auth:requestCredential"},this._appUrlObj.query["arcgis-auth-origin"]);const A=H.on(window,"message",E=>{E.source===window.parent&&E.data&&("arcgis:auth:credential"===E.data.type?(A.remove(),E.data.credential.expires<Date.now()?c(new y("identity-manager:credential-request-failed", |
|
"Parent application's token has expired.")):b(new m.Credential(E.data.credential))):"arcgis:auth:error"===E.data.type&&(A.remove(),"tokenExpiredError"===E.data.error.name?c(new y("identity-manager:credential-request-failed","Parent application's token has expired.")):c(y.fromJSON(E.data.error))))});I.onAbort(a.options_?.signal,()=>{A.remove()})}else if(u){let A=u._oAuthCred;A||(f=new U(u,P),l=new U(u,Q),f.isValid()&&l.isValid()?f.expires>l.expires?(A=f,l.destroy()):(A=l,f.destroy()):A=f.isValid()? |
|
f:l,u._oAuthCred=A);if(A.isValid()){B=new m.Credential({userId:A.userId??void 0,server:q.server??void 0,token:A.token??void 0,expires:A.expires,ssl:A.ssl??void 0,_oAuthCred:A});const E=u.appId!==A.appId&&this._doPortalSignIn(a.resUrl_);E||A.refreshToken?(a._pendingDfd=A.refreshToken?this._getOAuthToken(q.server,A.refreshToken,A.appId).then(G=>{B.expires=Date.now()+1E3*G.expires_in;B.token=G.access_token;return B}):Promise.resolve(B),a._pendingDfd.then(G=>E?this._exchangeToken(G.server,u.appId,G.token).then(Z=> |
|
{G.token=Z;return G}).catch(()=>G):G).then(G=>{b(G)}).catch(()=>{A?.destroy();d()})):b(B)}else if(this._oAuthLocationParams&&this._hasSameServerInstance(u.portalUrl,this._oAuthLocationParams.state.portalUrl)&&(this._oAuthLocationParams.access_token||this._oAuthLocationParams.code&&this._oAuthLocationParams.state.uid===A.stateUID&&A.codeVerifier))f=this._oAuthLocationParams,this._oAuthLocationParams=null,a._pendingDfd=this._processOAuthResponseParams(f,u,q).then(E=>{b(E)}).catch(c);else{const E=()=> |
|
{C?a._pendingDfd=this.oAuthSignIn(a.resUrl_,q,u,a.options_).then(b,c):(W=new y("identity-manager:not-authenticated","User is not signed in."),c(W))};this._doPortalSignIn(a.resUrl_)?a._pendingDfd=this._getPlatformSelf(q.server,u.appId).then(G=>{v.hasSameOrigin(G.portalUrl,this._appOrigin,!0)?(B=new m.Credential({userId:G.username,server:q.server??void 0,expires:Date.now()+1E3*G.expires_in,token:G.token}),b(B)):E()}).catch(E):E()}}else C?this._checkProtocol(a.resUrl_,q,c,a.admin_)&&(f=a.options_,a.admin_&& |
|
(f=f||{},f.isAdmin=!0),a._pendingDfd=this.signIn(a.resUrl_,q,f).then(b,c)):(W=new y("identity-manager:not-authenticated","User is not signed in."),c(W))},e=()=>{const f=a.sinfo_;var l=f.owningSystemUrl;const r=a.options_;let p,q,C,u;r&&(p=r.token,q=r.error,C=r.prompt);u=this._findCredential(l,{token:p,resource:a.resUrl_});if(!u)for(const B of this.credentials)if(this._isIdProvider(l,B.server)){u=B;break}u?(l=this.findCredential(a.resUrl_,u.userId))?b(l):T(f,this._legacyFed)?(l=u.toJSON(),l.server= |
|
f.server,l.resources=null,b(new m.Credential(l))):(a._pendingDfd=this.generateToken(this.findServerInfo(u.server),null,{serverUrl:a.resUrl_,token:u.token,signal:a.options_.signal,ssl:u.ssl})).then(B=>{b(new m.Credential({userId:u?.userId,server:f.server??void 0,token:B.token,expires:null!=B.expires?Number(B.expires):null,ssl:!!B.ssl,isAdmin:a.admin_,validity:B.validity}))},c):(this._busy=null,p&&(a.options_.token=null),(a._pendingDfd=this.getCredential(l.replace(/\/?$/,"/sharing"),{resource:a.resUrl_, |
|
owningTenant:f.owningTenant,signal:a.options_.signal,token:p,error:q,prompt:C})).then(()=>{this._enqueue(a.resUrl_,a.sinfo_,a.options_,a,a.admin_)},B=>{a.resUrl_=a.sinfo_=a.refresh_=null;a.reject(B)}))};this._errbackFunc=c;const g=a.sinfo_.owningSystemUrl,n=this._isServerRsrc(a.resUrl_),t=a.sinfo_._restInfoPms;t?t.promise.then(f=>{const l=a.sinfo_;l._restInfoPms&&(l.adminTokenServiceUrl=l._restInfoPms.adminUrl,l._restInfoPms=null,l.tokenServiceUrl=(M.getDeepValue("authInfo.tokenServicesUrl",f)||M.getDeepValue("authInfo.tokenServiceUrl", |
|
f)||M.getDeepValue("tokenServiceUrl",f))??null,l.shortLivedTokenValidity=M.getDeepValue("authInfo.shortLivedTokenValidity",f)??null,l.currentVersion=f.currentVersion,l.owningTenant=f.owningTenant,(f=l.owningSystemUrl=f.owningSystemUrl)&&this._portals.push(f));n&&l.owningSystemUrl?e():d()},()=>{a.sinfo_._restInfoPms=null;const f=new y("identity-manager:server-identification-failed","Unknown resource - could not find token service endpoint.");c(f)}):n&&g?e():a.sinfo_._selfReq?a.sinfo_._selfReq.selfDfd.then(f=> |
|
{const l={};let r,p,q,C;f&&(r=f.user?.username,l.username=r,l.allSSL=f.allSSL,p=f.supportsOAuth,C=parseFloat(f.currentVersion),"multitenant"===f.portalMode&&(q=f.customBaseUrl),a.sinfo_.currentVersion=C);a.sinfo_.webTierAuth=!!r;return r&&this.normalizeWebTierAuth?this.generateToken(a.sinfo_,null,{ssl:l.allSSL}).catch(()=>null).then(u=>{l.portalToken=u?.token;l.tokenExpiration=u?.expires;return l}):!r&&p&&4.4<=C&&!this._findOAuthInfo(a.resUrl_)?this._generateOAuthInfo({portalUrl:a.sinfo_.server,customBaseUrl:q, |
|
owningTenant:a.sinfo_._selfReq.owningTenant}).catch(()=>null).then(()=>l):l}).catch(()=>null).then(f=>{a.sinfo_._selfReq=null;f?d(f.username,f.allSSL,f.portalToken,f.tokenExpiration):d()}):d()}_generateOAuthInfo(a){let b=null,c=a.portalUrl;const d=a.customBaseUrl,e=a.owningTenant;if(a=!this._defaultOAuthInfo&&this._createDefaultOAuthInfo&&!this._hasTestedIfAppIsOnPortal){b=window.location.href;let g=b.indexOf("?");-1<g&&(b=b.slice(0,g));g=b.search(/\/(apps|home)\//);b=-1<g?b.slice(0,g):null}a&&b? |
|
(this._hasTestedIfAppIsOnPortal=!0,a=z(b+"/sharing/rest",{query:{f:"json"}}).then(()=>{this._defaultOAuthInfo=new R({appId:"arcgisonline",popupCallbackUrl:b+"/home/oauth-callback.html"})})):a=Promise.resolve();return a.then(()=>{if(this._defaultOAuthInfo)return c=c.replace(/^http:/i,"https:"),z(c+"/sharing/rest/oauth2/validateRedirectUri",{query:{accountId:e,client_id:this._defaultOAuthInfo.appId,redirect_uri:v.makeAbsolute(this._defaultOAuthInfo.popupCallbackUrl),f:"json"}}).then(g=>{if(g.data.valid){const n= |
|
this._defaultOAuthInfo.clone();n.portalUrl=g.data.urlKey&&d?"https://"+g.data.urlKey.toLowerCase()+"."+d:c;n.popup=window!==window.top||!(v.hasSameOrigin(c,this._appOrigin)||this._gwDomains.some(t=>t.regex.test(c)&&t.regex.test(this._appOrigin)));this.oAuthInfos.push(n)}})})}_doOAuthSignIn(a,b,c,d){var e=c._oAuthCred,g={portalUrl:c.portalUrl};!c.popup&&c.preserveUrlHash&&window.location.hash&&(g.hash=window.location.hash);e.stateUID&&(g.uid=e.stateUID);g={client_id:c.appId,response_type:e.codeVerifier? |
|
"code":"token",state:JSON.stringify(g),expiration:c.expiration,locale:c.locale,redirect_uri:this._getRedirectURI(c,!!e.codeVerifier)};c.forceLogin&&(g.force_login=!0);c.forceUserId&&c.userId&&(g.prepopulatedusername=c.userId);!c.popup&&this._doPortalSignIn(a)&&(g.redirectToUserOrgUrl=!0);e.codeVerifier&&(g.code_challenge=d||e.codeVerifier,g.code_challenge_method=d?"S256":"plain");d=c.portalUrl.replace(/^http:/i,"https:")+"/sharing/oauth2/authorize";e=d+"?"+v.objectToQuery(g);if(c.popup){const n=window.open(e, |
|
"esriJSAPIOAuth",c.popupWindowFeatures);n?(n.focus(),this._oAuthDfd.oAuthWin_=n,this._oAuthIntervalId=setInterval(()=>{if(n.closed){clearInterval(this._oAuthIntervalId);this._oAuthOnPopupHandle.remove();const t=this._oAuthDfd;if(t){const f=new y("identity-manager:user-aborted","ABORTED");t.reject(f)}}},500),this._oAuthOnPopupHandle=H.on(window,["arcgis:auth:hash","arcgis:auth:location:search"],t=>{"arcgis:auth:hash"===t.type?this.setOAuthResponseHash(t.detail):this._setOAuthResponseQueryString(t.detail)})): |
|
(a=new y("identity-manager:popup-blocked","ABORTED"),this._oAuthDfd.reject(a))}else this._rejectOnPersistedPageShow=!0,this._oAuthRedirectFunc?this._oAuthRedirectFunc({authorizeParams:g,authorizeUrl:d,resourceUrl:a,serverInfo:b,oAuthInfo:c}):window.location.href=e}_getRedirectURI(a,b){const c=window.location.href.replace(/#.*$/,"");if(a.popup)return v.makeAbsolute(a.popupCallbackUrl);if(b){const d=v.urlToObject(c);d.query&&"code error error_description message_code persist state".split(" ").forEach(e=> |
|
{delete d.query[e]});return v.addQueryParameters(d.path,d.query)}return c}}V.prototype.declaredClass="esri.identity.IdentityManagerBase";m.Credential=class extends J.EventedAccessor{constructor(a){super(a);this._oAuthCred=null;this.tokenRefreshBuffer=2;a?._oAuthCred&&(this._oAuthCred=a._oAuthCred)}initialize(){this.resources=this.resources||[];null==this.creationTime&&(this.creationTime=Date.now())}refreshToken(){const a=w.id,b=a.findServerInfo(this.server),c=b?.owningSystemUrl,d=!!c&&"server"=== |
|
this.scope,e=d&&T(b,a._legacyFed);var g=b.webTierAuth;const n=g&&a.normalizeWebTierAuth,t=O[this.server]?.[this.userId];let f=this.resources&&this.resources[0],l=d?a.findServerInfo(c):null,r={username:this.userId,password:t},p;if(!g||n)if(d&&!l&&a.serverInfos.some(q=>{a._isIdProvider(c,q.server)&&(l=q);return!!l}),g=l?a.findCredential(l.server,this.userId):null,!d||g)if(e)g?.refreshToken();else{if(d)p={serverUrl:f,token:g?.token,ssl:g?.ssl};else if(n)r=null,p={ssl:this.ssl};else if(t)this.isAdmin&& |
|
(p={isAdmin:!0});else{let q;f&&(f=a._sanitizeUrl(f),this._enqueued=1,q=a._enqueue(f,b,null,null,this.isAdmin,this),q.then(()=>{this._enqueued=0;this.refreshServerTokens()}).catch(()=>{this._enqueued=0}));return q}return a.generateToken(d?l:b,d?null:r,p).then(q=>{this.token=q.token;this.expires=null!=q.expires?Number(q.expires):null;this.creationTime=Date.now();this.validity=q.validity;this.emitTokenChange();this.refreshServerTokens()}).catch(()=>{})}}refreshServerTokens(){if("portal"===this.scope){const a= |
|
w.id;a.credentials.forEach(b=>{const c=a.findServerInfo(b.server),d=c?.owningSystemUrl;b!==this&&b.userId===this.userId&&d&&"server"===b.scope&&(a._hasSameServerInstance(this.server,d)||a._isIdProvider(d,this.server))&&(T(c,a._legacyFed)?(b.token=this.token,b.expires=this.expires,b.creationTime=this.creationTime,b.validity=this.validity,b.emitTokenChange()):b.refreshToken())})}}emitTokenChange(a){clearTimeout(this._refreshTimer);const b=w.id,c=(this.server?b.findServerInfo(this.server):null)?.owningSystemUrl, |
|
d=c?b.findServerInfo(c):null;!1===a||c&&"portal"!==this.scope&&(!d?.webTierAuth||b.normalizeWebTierAuth)||null==this.expires&&null==this.validity||this._startRefreshTimer();this.emit("token-change")}destroy(){this.userId=this.server=this.token=this.expires=this.validity=this.resources=this.creationTime=null;this._oAuthCred&&(this._oAuthCred.destroy(),this._oAuthCred=null);const a=w.id,b=a.credentials.indexOf(this);-1<b&&a.credentials.splice(b,1);this.emitTokenChange();this.emit("destroy")}toJSON(){const a= |
|
L.fixJson({userId:this.userId,server:this.server,token:this.token,expires:this.expires,validity:this.validity,ssl:this.ssl,isAdmin:this.isAdmin,creationTime:this.creationTime,scope:this.scope}),b=this.resources;b&&0<b.length&&(a.resources=b.slice());return a}_startRefreshTimer(){clearTimeout(this._refreshTimer);const a=6E4*this.tokenRefreshBuffer,b=2**31-1;let c=(this.validity?this.creationTime+6E4*this.validity:this.expires)-Date.now();0>c?c=0:c>b&&(c=b);this._refreshTimer=setTimeout(this.refreshToken.bind(this), |
|
c>a?c-a:c)}};h.__decorate([x.property()],m.Credential.prototype,"creationTime",void 0);h.__decorate([x.property()],m.Credential.prototype,"expires",void 0);h.__decorate([x.property()],m.Credential.prototype,"isAdmin",void 0);h.__decorate([x.property()],m.Credential.prototype,"oAuthState",void 0);h.__decorate([x.property()],m.Credential.prototype,"resources",void 0);h.__decorate([x.property()],m.Credential.prototype,"scope",void 0);h.__decorate([x.property()],m.Credential.prototype,"server",void 0); |
|
h.__decorate([x.property()],m.Credential.prototype,"ssl",void 0);h.__decorate([x.property()],m.Credential.prototype,"token",void 0);h.__decorate([x.property()],m.Credential.prototype,"tokenRefreshBuffer",void 0);h.__decorate([x.property()],m.Credential.prototype,"userId",void 0);h.__decorate([x.property()],m.Credential.prototype,"validity",void 0);m.Credential=h.__decorate([D.subclass("esri.identity.Credential")],m.Credential);m.IdentityManagerBase=V;Object.defineProperty(m,Symbol.toStringTag,{value:"Module"})})}, |
|
"esri/identity/IdentityModal":function(){define("require ../chunks/tslib.es6 ../intl ../core/accessorSupport/decorators/property ../core/has ../core/Logger ../core/RandomLCG ../core/accessorSupport/decorators/subclass ../widgets/Widget ../chunks/componentsUtils ../widgets/support/widgetUtils ../widgets/support/decorators/messageBundle ../widgets/support/jsxFactory ../support/themeUtils ../intl/substitute".split(" "),function(m,h,k,w,z,y,J,H,L,M,I,v,x,X,Y){k=class extends L{constructor(D,F){super(D, |
|
F);this.container=document.createElement("div");this.error=null;this.signingIn=this.open=this.oAuthPrompt=!1;this._passwordInputNode=this._usernameInputNode=this.resource=this.server=null;document.body.appendChild(this.container)}loadDependencies(){return M.loadCalciteComponents({button:()=>new Promise((D,F)=>m(["../chunks/calcite-button"],D,F)),input:()=>new Promise((D,F)=>m(["../chunks/calcite-input"],D,F)),label:()=>new Promise((D,F)=>m(["../chunks/calcite-label"],D,F)),modal:()=>new Promise((D, |
|
F)=>m(["../chunks/calcite-modal"],D,F)),notice:()=>new Promise((D,F)=>m(["../chunks/calcite-notice"],D,F))})}get title(){return this.commonMessages?.auth.signIn}render(){const {open:D,title:F,messages:U,signingIn:R,oAuthPrompt:N,server:K,resource:O,error:S}=this,{info:T,oAuthInfo:P,lblItem:Q,invalidUser:V,noAuthService:a,lblUser:b,lblPwd:c,lblCancel:d,lblSigning:e,lblOk:g}=U;return x.tsx("div",{class:this.classes("esri-identity-modal",X.getCalciteThemeClass())},x.tsx("form",{bind:this,onsubmit:this._submit}, |
|
x.tsx("calcite-modal",{bind:this,open:D,outsideCloseDisabled:!0,scale:"s",widthScale:"s",onCalciteModalClose:this._cancel,onCalciteModalOpen:this._focusUsernameInput},x.tsx("div",{slot:"header"},F),x.tsx("div",{slot:"content"},x.tsx("div",{class:"esri-identity-modal__info"},Y.substitute(N?P:T,{server:K&&/\.arcgis\.com/i.test(K)?"ArcGIS Online":K,resource:`(${O||Q})`})),S?x.tsx("calcite-notice",{class:"esri-identity-modal__notice",icon:"exclamation-mark-triangle",kind:"danger",open:!0},x.tsx("div", |
|
{slot:"message"},S.details?.httpStatus?V:a)):null,N?null:[x.tsx("calcite-label",null,b,x.tsx("calcite-input",{afterCreate:n=>this._usernameInputNode=n,autocomplete:"off",bind:this,name:"username",required:!0,spellcheck:!1,type:"text",value:""})),x.tsx("calcite-label",null,c,x.tsx("calcite-input",{afterCreate:n=>this._passwordInputNode=n,bind:this,name:"password",required:!0,type:"password",value:""}))]),x.tsx("calcite-button",{appearance:"outline",bind:this,onclick:this._cancel,slot:"secondary",type:"button", |
|
width:"full"},d),x.tsx("calcite-button",{loading:!!R,slot:"primary",type:"submit",width:"full"},R?e:g))))}_focusUsernameInput(){requestAnimationFrame(()=>{this._usernameInputNode?.setFocus()})}_cancel(){this._set("signingIn",!1);this.open=!1;this._usernameInputNode&&(this._usernameInputNode.value="");this._passwordInputNode&&(this._passwordInputNode.value="");this.emit("cancel")}_submit(D){D.preventDefault();this._set("signingIn",!0);this.emit("submit",this.oAuthPrompt?{}:{username:this._usernameInputNode?.value, |
|
password:this._passwordInputNode?.value})}};h.__decorate([w.property({readOnly:!0})],k.prototype,"container",void 0);h.__decorate([w.property(),v.messageBundle("esri/t9n/common")],k.prototype,"commonMessages",void 0);h.__decorate([w.property()],k.prototype,"error",void 0);h.__decorate([w.property(),v.messageBundle("esri/identity/t9n/identity")],k.prototype,"messages",void 0);h.__decorate([w.property()],k.prototype,"oAuthPrompt",void 0);h.__decorate([w.property()],k.prototype,"open",void 0);h.__decorate([w.property()], |
|
k.prototype,"signingIn",void 0);h.__decorate([w.property()],k.prototype,"server",void 0);h.__decorate([w.property({readOnly:!0})],k.prototype,"title",null);h.__decorate([w.property()],k.prototype,"resource",void 0);return k=h.__decorate([H.subclass("esri.identity.IdentityModal")],k)})},"esri/identity/OAuthCredential":function(){define(function(){class m{constructor(h,k){this.userId=this.token=this.stateUID=this.ssl=this.refreshToken=this.expires=this.codeVerifier=this.appId=this.storage=this.oAuthInfo= |
|
null;this.oAuthInfo=h;this.storage=k;this._init()}isValid(){let h=!1;if(this.oAuthInfo&&this.userId&&(this.refreshToken||this.token))if(null==this.expires&&this.refreshToken)h=!0;else if(this.expires){const k=Date.now();this.expires>k&&(this.expires-k)/1E3>60*this.oAuthInfo.minTimeUntilExpiration&&(h=!0)}return h}save(){if(!this.storage)return!1;const h=this._load(),k=this.oAuthInfo;if(k?.authNamespace&&k.portalUrl){let w=h[k.authNamespace];w||=h[k.authNamespace]={};this.appId||(this.appId=k.appId); |
|
w[k.portalUrl]={appId:this.appId,codeVerifier:this.codeVerifier,expires:this.expires,refreshToken:this.refreshToken,ssl:this.ssl,stateUID:this.stateUID,token:this.token,userId:this.userId};try{this.storage.setItem("esriJSAPIOAuth",JSON.stringify(h))}catch(z){return console.warn(z),!1}return!0}return!1}destroy(){const h=this._load(),k=this.oAuthInfo;if(k?.appId&&k?.portalUrl&&(null==this.expires||this.expires>Date.now())&&(this.refreshToken||this.token)){var w=k.portalUrl.replace(/^http:/i,"https:")+ |
|
"/sharing/rest/oauth2/revokeToken";const z=new FormData;z.append("f","json");z.append("auth_token",this.refreshToken||this.token);z.append("client_id",k.appId);z.append("token_type_hint",this.refreshToken?"refresh_token":"access_token");if("function"===typeof navigator.sendBeacon)navigator.sendBeacon(w,z);else{const y=new XMLHttpRequest;y.open("POST",w);y.send(z)}}if(k?.authNamespace&&k.portalUrl&&this.storage&&(w=h[k.authNamespace])){delete w[k.portalUrl];try{this.storage.setItem("esriJSAPIOAuth", |
|
JSON.stringify(h))}catch(z){console.log(z)}}k&&(this.oAuthInfo=k._oAuthCred=null)}_init(){var h=this._load();const k=this.oAuthInfo;k?.authNamespace&&k.portalUrl&&(h=h[k.authNamespace])&&(h=h[k.portalUrl])&&(this.appId=h.appId,this.codeVerifier=h.codeVerifier,this.expires=h.expires,this.refreshToken=h.refreshToken,this.ssl=h.ssl,this.stateUID=h.stateUID,this.token=h.token,this.userId=h.userId)}_load(){let h={};if(this.storage){const k=this.storage.getItem("esriJSAPIOAuth");if(k)try{h=JSON.parse(k)}catch(w){console.warn(w)}}return h}} |
|
m.prototype.declaredClass="esri.identity.OAuthCredential";return m})},"esri/identity/OAuthInfo":function(){define("../chunks/tslib.es6 ../core/JSONSupport ../core/accessorSupport/decorators/property ../core/has ../core/Logger ../core/RandomLCG ../core/accessorSupport/decorators/subclass".split(" "),function(m,h,k,w,z,y,J){var H;h=H=class extends h.JSONSupport{constructor(L){super(L);this.appId=this._oAuthCred=null;this.authNamespace="/";this.expiration=20160;this.flowType="auto";this.forceUserId= |
|
this.forceLogin=!1;this.locale=null;this.minTimeUntilExpiration=30;this.popup=!1;this.popupCallbackUrl="oauth-callback.html";this.popupWindowFeatures="height\x3d490,width\x3d800,resizable,scrollbars,status";this.portalUrl="https://www.arcgis.com";this.preserveUrlHash=!1;this.userId=null}clone(){return H.fromJSON(this.toJSON())}};m.__decorate([k.property({json:{write:!0}})],h.prototype,"appId",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"authNamespace",void 0);m.__decorate([k.property({json:{write:!0}})], |
|
h.prototype,"expiration",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"flowType",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"forceLogin",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"forceUserId",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"locale",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"minTimeUntilExpiration",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"popup",void 0); |
|
m.__decorate([k.property({json:{write:!0}})],h.prototype,"popupCallbackUrl",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"popupWindowFeatures",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"portalUrl",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"preserveUrlHash",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"userId",void 0);return h=H=m.__decorate([J.subclass("esri.identity.OAuthInfo")],h)})},"esri/identity/ServerInfo":function(){define("../chunks/tslib.es6 ../core/JSONSupport ../core/accessorSupport/decorators/property ../core/has ../core/Logger ../core/RandomLCG ../core/accessorSupport/decorators/subclass".split(" "), |
|
function(m,h,k,w,z,y,J){h=class extends h.JSONSupport{constructor(H){super(H);this.webTierAuth=this.tokenServiceUrl=this.shortLivedTokenValidity=this.server=this.owningTenant=this.owningSystemUrl=this.hasServer=this.hasPortal=this.currentVersion=this.adminTokenServiceUrl=null}};m.__decorate([k.property({json:{write:!0}})],h.prototype,"adminTokenServiceUrl",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"currentVersion",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype, |
|
"hasPortal",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"hasServer",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"owningSystemUrl",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"owningTenant",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"server",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"shortLivedTokenValidity",void 0);m.__decorate([k.property({json:{write:!0}})],h.prototype,"tokenServiceUrl",void 0); |
|
m.__decorate([k.property({json:{write:!0}})],h.prototype,"webTierAuth",void 0);return h=m.__decorate([J.subclass("esri.identity.ServerInfo")],h)})},"*noref":1}});define(["../kernel","./IdentityManagerBase"],function(m,h){class k extends h.IdentityManagerBase{}k.prototype.declaredClass="esri.identity.IdentityManager";h=new k;m.setId(h);return h}); |