Merge branch 'master' into master

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "aurelia-authentication",
-  "version": "3.0.0-rc10",
+  "version": "3.0.0-rc11",
   "description": "Plugin for social media authentication and local authentication together with other authentication utilities.",
   "keywords": [
     "aurelia",

dist/amd/aurelia-authentication.js

@@ -736,6 +736,33 @@ define(["exports", "./authFilterValueConverter", "./authenticatedValueConverter"
       return query;
     };
 
+    OAuth2.prototype.close = function close(options) {
+      var provider = (0, _extend2.default)(true, {}, this.defaults, options);
+      var url = provider.logoutEndpoint + '?' + (0, _aureliaPath.buildQueryString)(this.buildLogoutQuery(provider));
+      var popup = this.popup.open(url, provider.name, provider.popupOptions);
+      var openPopup = this.config.platform === 'mobile' ? popup.eventListener(provider.postLogoutRedirectUri) : popup.pollPopup();
+
+      return openPopup.then(function (response) {
+        return response;
+      });
+    };
+
+    OAuth2.prototype.buildLogoutQuery = function buildLogoutQuery(provider) {
+      var query = {};
+      var authResponse = this.storage.get(this.config.storageKey);
+
+      if (provider.postLogoutRedirectUri) {
+        query.post_logout_redirect_uri = provider.postLogoutRedirectUri;
+      }
+      if (this.storage.get(provider.name + '_state')) {
+        query.state = this.storage.get(provider.name + '_state');
+      }
+      if (JSON.parse(authResponse).id_token) {
+        query.id_token_hint = JSON.parse(authResponse).id_token;
+      }
+      return query;
+    };
+
     return OAuth2;
   }()) || _class5);
 
@@ -957,6 +984,14 @@ define(["exports", "./authFilterValueConverter", "./authenticatedValueConverter"
       return providerLogin.open(this.config.providers[name], userData);
     };
 
+    Authentication.prototype.logout = function logout(name) {
+      var rtnValue = Promise.resolve('Not Applicable');
+      if (this.config.providers[name].oauthType !== '2.0' || !this.config.providers[name].logoutEndpoint) {
+        return rtnValue;
+      }
+      return this.oAuth2.close(this.config.providers[name]);
+    };
+
     Authentication.prototype.redirect = function redirect(redirectUrl, defaultRedirectUrl, query) {
       if (redirectUrl === true) {
         LogManager.getLogger('authentication').warn('DEPRECATED: Setting redirectUrl === true to actually *not redirect* is deprecated. Set redirectUrl === 0 instead.');
@@ -1013,6 +1048,12 @@ define(["exports", "./authFilterValueConverter", "./authenticatedValueConverter"
 
         LogManager.getLogger('authentication').info('Stored token changed event');
 
+        if (event.newValue) {
+          _this8.authentication.storage.set(_this8.config.storageKey, event.newValue);
+        } else {
+          _this8.authentication.storage.remove(_this8.config.storageKey);
+        }
+
         var wasAuthenticated = _this8.authenticated;
         _this8.authentication.responseAnalyzed = false;
         _this8.updateAuthenticated();
@@ -1238,7 +1279,7 @@ define(["exports", "./authFilterValueConverter", "./authenticatedValueConverter"
       });
     };
 
-    AuthService.prototype.logout = function logout(redirectUri, query) {
+    AuthService.prototype.logout = function logout(redirectUri, query, name) {
       var _this13 = this;
 
       var localLogout = function localLogout(response) {
@@ -1250,12 +1291,23 @@ define(["exports", "./authFilterValueConverter", "./authenticatedValueConverter"
           if (typeof _this13.onLogout === 'function') {
             _this13.onLogout(response);
           }
-
           resolve(response);
         });
       };
 
-      return this.config.logoutUrl ? this.client.request(this.config.logoutMethod, this.config.joinBase(this.config.logoutUrl)).then(localLogout) : localLogout();
+      if (name) {
+        if (this.config.providers[name].logoutEndpoint) {
+          return this.authentication.logout(name).then(function (logoutResponse) {
+            var stateValue = _this13.authentication.storage.get(name + '_state');
+            if (logoutResponse.state !== stateValue) {
+              return Promise.reject('OAuth2 response state value differs');
+            }
+            return localLogout(logoutResponse);
+          });
+        }
+      } else {
+        return this.config.logoutUrl ? this.client.request(this.config.logoutMethod, this.config.joinBase(this.config.logoutUrl)).then(localLogout) : localLogout();
+      }
     };
 
     AuthService.prototype.authenticate = function authenticate(name, redirectUri) {
@@ -1330,7 +1382,7 @@ define(["exports", "./authFilterValueConverter", "./authenticatedValueConverter"
     function AuthorizeStep(authService) {
 
 
-      LogManager.getLogger('authentication').warn('AuthorizeStep is deprecated. Use AuthenticationStep instead.');
+      LogManager.getLogger('authentication').warn('AuthorizeStep is deprecated. Use AuthenticateStep instead.');
 
       this.authService = authService;
     }

dist/aurelia-authentication.d.ts

@@ -216,7 +216,11 @@ export declare class OAuth2 {
   open(options?: any, userData?: any): any;
   exchangeForToken(oauthData?: any, userData?: any, provider?: any): any;
   buildQuery(provider?: any): any;
+  close(options?: any): any;
+  buildLogoutQuery(provider?: any): any;
 }
+
+/// <reference path="../test/oAuth2.spec.js" />
 export declare class Authentication {
   constructor(storage?: any, config?: any, oAuth1?: any, oAuth2?: any, auth0Lock?: any);
 
@@ -261,6 +265,7 @@ export declare class Authentication {
      * @return {Promise<response>}
      */
   authenticate(name?: any, userData?: any): any;
+  logout(name?: any): any;
   redirect(redirectUrl?: any, defaultRedirectUrl?: any, query?: any): any;
 }
 export declare class AuthService {
@@ -461,10 +466,12 @@ export declare class AuthService {
      * logout locally and redirect to redirectUri (if set) or redirectUri of config. Sends logout request first, if set in config
      *
      * @param {[String]}    [redirectUri]                     [optional redirectUri overwrite]
+     * @param {[String]}    [query]                           [optional query]
+     * @param {[String]}    [name]                            [optional name Name of the provider]
      *
      * @return {Promise<>|Promise<Object>|Promise<Error>}     Server response as Object
      */
-  logout(redirectUri?: any, query?: any): any;
+  logout(redirectUri?: any, query?: any, name?: any): any;
 
   /**
      * Authenticate with third-party and redirect to redirectUri (if set) or redirectUri of config

dist/aurelia-authentication.js

@@ -774,6 +774,37 @@ export class OAuth2 {
     });
     return query;
   }
+
+  close(options) {
+    const provider  = extend(true, {}, this.defaults, options);
+    const url       = provider.logoutEndpoint + '?'
+                    + buildQueryString(this.buildLogoutQuery(provider));
+    const popup     = this.popup.open(url, provider.name, provider.popupOptions);
+    const openPopup = (this.config.platform === 'mobile')
+                    ? popup.eventListener(provider.postLogoutRedirectUri)
+                    : popup.pollPopup();
+
+    return openPopup
+      .then(response => {
+        return response;
+      });
+  }
+
+  buildLogoutQuery(provider) {
+    let query = {};
+    let authResponse = this.storage.get(this.config.storageKey);
+
+    if (provider.postLogoutRedirectUri) {
+      query.post_logout_redirect_uri = provider.postLogoutRedirectUri;
+    }
+    if (this.storage.get(provider.name + '_state')) {
+      query.state = this.storage.get(provider.name + '_state');
+    }
+    if (JSON.parse(authResponse).id_token) {
+      query.id_token_hint = JSON.parse(authResponse).id_token;
+    }
+    return query;
+  }
 }
 
 const camelCase = function(name) {
@@ -782,6 +813,7 @@ const camelCase = function(name) {
   });
 };
 
+/// <reference path="../test/oAuth2.spec.js" />
 @inject(Storage, BaseConfig, OAuth1, OAuth2, AuthLock)
 export class Authentication {
   constructor(storage, config, oAuth1, oAuth2, auth0Lock) {
@@ -1033,6 +1065,14 @@ export class Authentication {
     return providerLogin.open(this.config.providers[name], userData);
   }
 
+  logout(name) {
+    let rtnValue = Promise.resolve('Not Applicable');
+    if (this.config.providers[name].oauthType !== '2.0' || !this.config.providers[name].logoutEndpoint) {
+      return rtnValue;
+    }
+    return this.oAuth2.close(this.config.providers[name]);
+  }
+
   redirect(redirectUrl, defaultRedirectUrl, query) {
     // stupid rule to keep it BC
     if (redirectUrl === true) {
@@ -1132,6 +1172,14 @@ export class AuthService {
 
     LogManager.getLogger('authentication').info('Stored token changed event');
 
+    // IE runs the event handler before updating the storage value. Update it now.
+    // An unset storage key in IE is an empty string, where-as chrome is null
+    if (event.newValue) {
+      this.authentication.storage.set(this.config.storageKey, event.newValue);
+    } else {
+      this.authentication.storage.remove(this.config.storageKey);
+    }
+
     let wasAuthenticated = this.authenticated;
     this.authentication.responseAnalyzed = false;
     this.updateAuthenticated();
@@ -1463,10 +1511,12 @@ export class AuthService {
    * logout locally and redirect to redirectUri (if set) or redirectUri of config. Sends logout request first, if set in config
    *
    * @param {[String]}    [redirectUri]                     [optional redirectUri overwrite]
+   * @param {[String]}    [query]                           [optional query]
+   * @param {[String]}    [name]                            [optional name Name of the provider]
    *
    * @return {Promise<>|Promise<Object>|Promise<Error>}     Server response as Object
    */
-  logout(redirectUri, query) {
+  logout(redirectUri, query, name) {
     let localLogout = response => new Promise(resolve => {
       this.setResponseObject(null);
 
@@ -1475,13 +1525,25 @@ export class AuthService {
       if (typeof this.onLogout === 'function') {
         this.onLogout(response);
       }
-
       resolve(response);
     });
 
-    return (this.config.logoutUrl
-      ? this.client.request(this.config.logoutMethod, this.config.joinBase(this.config.logoutUrl)).then(localLogout)
-      : localLogout());
+    if (name) {
+      if (this.config.providers[name].logoutEndpoint) {
+        return this.authentication.logout(name)
+          .then(logoutResponse => {
+            let stateValue = this.authentication.storage.get(name + '_state');
+            if (logoutResponse.state !== stateValue) {
+              return Promise.reject('OAuth2 response state value differs');
+            }
+            return localLogout(logoutResponse);
+          });
+      }
+    } else {
+      return (this.config.logoutUrl
+        ? this.client.request(this.config.logoutMethod, this.config.joinBase(this.config.logoutUrl)).then(localLogout)
+        : localLogout());
+    }
   }
 
   /**
@@ -1547,7 +1609,7 @@ export class AuthenticateStep {
 @inject(AuthService)
 export class AuthorizeStep {
   constructor(authService) {
-    LogManager.getLogger('authentication').warn('AuthorizeStep is deprecated. Use AuthenticationStep instead.');
+    LogManager.getLogger('authentication').warn('AuthorizeStep is deprecated. Use AuthenticateStep instead.');
 
     this.authService = authService;
   }

dist/commonjs/aurelia-authentication.js

@@ -727,6 +727,33 @@ var OAuth2 = exports.OAuth2 = (_dec4 = (0, _aureliaDependencyInjection.inject)(S
     return query;
   };
 
+  OAuth2.prototype.close = function close(options) {
+    var provider = (0, _extend2.default)(true, {}, this.defaults, options);
+    var url = provider.logoutEndpoint + '?' + (0, _aureliaPath.buildQueryString)(this.buildLogoutQuery(provider));
+    var popup = this.popup.open(url, provider.name, provider.popupOptions);
+    var openPopup = this.config.platform === 'mobile' ? popup.eventListener(provider.postLogoutRedirectUri) : popup.pollPopup();
+
+    return openPopup.then(function (response) {
+      return response;
+    });
+  };
+
+  OAuth2.prototype.buildLogoutQuery = function buildLogoutQuery(provider) {
+    var query = {};
+    var authResponse = this.storage.get(this.config.storageKey);
+
+    if (provider.postLogoutRedirectUri) {
+      query.post_logout_redirect_uri = provider.postLogoutRedirectUri;
+    }
+    if (this.storage.get(provider.name + '_state')) {
+      query.state = this.storage.get(provider.name + '_state');
+    }
+    if (JSON.parse(authResponse).id_token) {
+      query.id_token_hint = JSON.parse(authResponse).id_token;
+    }
+    return query;
+  };
+
   return OAuth2;
 }()) || _class5);
 
@@ -948,6 +975,14 @@ var Authentication = exports.Authentication = (_dec5 = (0, _aureliaDependencyInj
     return providerLogin.open(this.config.providers[name], userData);
   };
 
+  Authentication.prototype.logout = function logout(name) {
+    var rtnValue = Promise.resolve('Not Applicable');
+    if (this.config.providers[name].oauthType !== '2.0' || !this.config.providers[name].logoutEndpoint) {
+      return rtnValue;
+    }
+    return this.oAuth2.close(this.config.providers[name]);
+  };
+
   Authentication.prototype.redirect = function redirect(redirectUrl, defaultRedirectUrl, query) {
     if (redirectUrl === true) {
       LogManager.getLogger('authentication').warn('DEPRECATED: Setting redirectUrl === true to actually *not redirect* is deprecated. Set redirectUrl === 0 instead.');
@@ -1004,6 +1039,12 @@ var AuthService = exports.AuthService = (_dec12 = (0, _aureliaDependencyInjectio
 
       LogManager.getLogger('authentication').info('Stored token changed event');
 
+      if (event.newValue) {
+        _this8.authentication.storage.set(_this8.config.storageKey, event.newValue);
+      } else {
+        _this8.authentication.storage.remove(_this8.config.storageKey);
+      }
+
       var wasAuthenticated = _this8.authenticated;
       _this8.authentication.responseAnalyzed = false;
       _this8.updateAuthenticated();
@@ -1229,7 +1270,7 @@ var AuthService = exports.AuthService = (_dec12 = (0, _aureliaDependencyInjectio
     });
   };
 
-  AuthService.prototype.logout = function logout(redirectUri, query) {
+  AuthService.prototype.logout = function logout(redirectUri, query, name) {
     var _this13 = this;
 
     var localLogout = function localLogout(response) {
@@ -1241,12 +1282,23 @@ var AuthService = exports.AuthService = (_dec12 = (0, _aureliaDependencyInjectio
         if (typeof _this13.onLogout === 'function') {
           _this13.onLogout(response);
         }
-
         resolve(response);
       });
     };
 
-    return this.config.logoutUrl ? this.client.request(this.config.logoutMethod, this.config.joinBase(this.config.logoutUrl)).then(localLogout) : localLogout();
+    if (name) {
+      if (this.config.providers[name].logoutEndpoint) {
+        return this.authentication.logout(name).then(function (logoutResponse) {
+          var stateValue = _this13.authentication.storage.get(name + '_state');
+          if (logoutResponse.state !== stateValue) {
+            return Promise.reject('OAuth2 response state value differs');
+          }
+          return localLogout(logoutResponse);
+        });
+      }
+    } else {
+      return this.config.logoutUrl ? this.client.request(this.config.logoutMethod, this.config.joinBase(this.config.logoutUrl)).then(localLogout) : localLogout();
+    }
   };
 
   AuthService.prototype.authenticate = function authenticate(name, redirectUri) {
@@ -1321,7 +1373,7 @@ var AuthorizeStep = exports.AuthorizeStep = (_dec15 = (0, _aureliaDependencyInje
   function AuthorizeStep(authService) {
 
 
-    LogManager.getLogger('authentication').warn('AuthorizeStep is deprecated. Use AuthenticationStep instead.');
+    LogManager.getLogger('authentication').warn('AuthorizeStep is deprecated. Use AuthenticateStep instead.');
 
     this.authService = authService;
   }