Skip to content

Commit

Permalink
Improved login flow and restructured config settings
Browse files Browse the repository at this point in the history
  • Loading branch information
@david-04
david-04 committed Feb 24, 2022
1 parent c33cf73 commit f2759f8
Show file tree
Hide file tree
Showing 12 changed files with 136 additions and 80 deletions.
22 changes: 12 additions & 10 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,19 @@
# Change Log

## [0.2](https://github.com/david-04/aws-link-accountifier/tree/v0.1) (2022-02-23)
## [0.3](https://github.com/david-04/aws-link-accountifier/tree/v0.3) (2022-02-25)

### Features
- Added [documentation](https://github.com/david-04/aws-link-accountifier/blob/main/README.md)
- Improved the login page flow for currently unauthenticated SSO users
- Made it easier to customis forks by moving config presets to a [separate file](https://github.com/david-04/aws-link-accountifier/blob/main/src/modules/presets.ts)
- Fixed an issue with the role-switch that could initiate a second account-switch

- Added redirect service (for better interoperability when not using the aws-link-accountifier)
- Added switch-role feature (re-login to the same account but with a different role)
## [0.2](https://github.com/david-04/aws-link-accountifier/tree/v0.2) (2022-02-23)

## [0.1](https://github.com/david-04/aws-link-accountifier/tree/v0.1) (2022-01-26)
- Improved link operability by adding a redirect service
- Added the option to re-open the current page with a different role

### Features
## [0.1](https://github.com/david-04/aws-link-accountifier/tree/v0.1) (2022-01-26)

- Create accountified links
- Configure the URL to switch accounts/roles
- Orchestrated account switch flow when opening links
- Display account hints on the sign-in page
- Added the ability to create "accountified" links
- Added orchestrated redirect flows when opening accountified links
- Added account hints to AWS sign-in and role-selection pages
92 changes: 59 additions & 33 deletions dist/aws-link-accountifier.js
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
// ==UserScript==
// @name AWS Link Accountifier
// @namespace https://github.com/david-04/aws-link-accountifier
// @version 0.2
// @version 0.3
// @author David Hofmann
// @description Bind AWS console links to an account and - when opening such links - trigger an account change if required
// @homepage https://github.com/david-04/aws-link-accountifier
Expand Down Expand Up @@ -108,18 +108,7 @@ var AwsLinkAccountifier;
// Verify if this session's account matches the redirect requirements
//--------------------------------------------------------------------------------------------------------------
matchesAccount(redirectState) {
const requiredAccount = redirectState.requiredAccount;
if (requiredAccount.id !== this.accountId) {
return false;
}
else if (requiredAccount.excludeExampleRole
&& requiredAccount.exampleRole
&& this.role === requiredAccount.exampleRole) {
return false;
}
else {
return true;
}
return redirectState.requiredAccount.id === this.accountId;
}
}
AwsLinkAccountifier.AwsSession = AwsSession;
Expand Down Expand Up @@ -152,22 +141,34 @@ var AwsLinkAccountifier;
var AwsLinkAccountifier;
(function (AwsLinkAccountifier) {
let getAwsSessionCount = 0;
const isAwsConsole = window.location.host.toLowerCase().endsWith("aws.amazon.com");
const isAwsSignin = window.location.host.toLowerCase().endsWith("signin.aws.amazon.com");
const isRedirectPage = 0 <= window.location.pathname.indexOf("aws-accountified-redirect.htm");
//------------------------------------------------------------------------------------------------------------------
// Extract the URL hint and start or schedule the redirect processing
//------------------------------------------------------------------------------------------------------------------
function main() {
const isAwsConsole = window.location.host.toLowerCase().endsWith("aws.amazon.com");
const isRedirectPage = 0 <= window.location.pathname.indexOf("aws-accountified-redirect.htm");
if (isRedirectPage) {
processRedirectPage();
}
if (isAwsSignin) {
const state = AwsLinkAccountifier.getRedirectState();
if (state && state.shouldAutoLogout) {
AwsLinkAccountifier.setRedirectState(Object.assign(Object.assign({}, state), { shouldAutoLogout: false }));
if (AwsLinkAccountifier.getSettings().accountSwitchUrl.toLowerCase().indexOf("signin.aws.amazon.com") < 0) {
// login is done via external SSO - redirect away from AWS' default login page
AwsLinkAccountifier.initiateAccountSwitch();
return;
}
}
}
if (isAwsConsole) {
AwsLinkAccountifier.extractUrlHint();
AwsLinkAccountifier.onDOMContentLoaded(() => processNotificationsAndRedirects(isAwsConsole));
}
if (isRedirectPage) {
processRedirectUrl();
AwsLinkAccountifier.onDOMContentLoaded(processNotificationsAndRedirects);
}
AwsLinkAccountifier.initialiseMenu({
copyLink: isAwsConsole,
switchRole: isAwsConsole,
copyLink: isAwsConsole && !isAwsSignin,
switchRole: isAwsConsole && !isAwsSignin,
setAccountSwitchUrl: isAwsConsole || isRedirectPage,
useThisPageForRedirects: isRedirectPage
});
Expand All @@ -176,11 +177,11 @@ var AwsLinkAccountifier;
//------------------------------------------------------------------------------------------------------------------
// Redirect or inject messages to log out and in again
//------------------------------------------------------------------------------------------------------------------
function processNotificationsAndRedirects(isAwsConsole) {
document.removeEventListener("DOMContentLoaded", () => processNotificationsAndRedirects(isAwsConsole));
function processNotificationsAndRedirects() {
document.removeEventListener("DOMContentLoaded", processNotificationsAndRedirects);
const redirectState = AwsLinkAccountifier.getRedirectState();
if (redirectState) {
if ("signin.aws.amazon.com" === window.location.host) {
if (isAwsSignin) {
AwsLinkAccountifier.injectAccountSelectionHint(redirectState);
}
else if (isAwsConsole) {
Expand Down Expand Up @@ -216,7 +217,7 @@ var AwsLinkAccountifier;
//------------------------------------------------------------------------------------------------------------------
// Intercept redirect service page loads
//------------------------------------------------------------------------------------------------------------------
function processRedirectUrl() {
function processRedirectPage() {
var _a;
try {
const hash = decodeURIComponent(((_a = window.location.hash) !== null && _a !== void 0 ? _a : "").replace(/^#/, "").trim());
Expand Down Expand Up @@ -292,10 +293,9 @@ var AwsLinkAccountifier;
requiredAccount: {
id: account.accountId,
alias: account.accountAlias,
exampleRole: account.role,
excludeExampleRole: true
exampleRole: account.role
},
shouldAutoLogout: true,
shouldAutoLogout: false,
expiresAt: new Date().getTime() + 10 * 60 * 1000
});
AwsLinkAccountifier.initiateAccountSwitch();
Expand Down Expand Up @@ -326,12 +326,23 @@ var AwsLinkAccountifier;
function setRedirectUrl() {
const redirectVersion = document.body.dataset.awsAccountifiedRedirectVersion;
if (redirectVersion && "string" === typeof redirectVersion) {
const callback = () => AwsLinkAccountifier.updateSettings({ redirectService: window.location.href.replace(/#.*/, "") });
const callback = () => AwsLinkAccountifier.updateSettings({ redirectUrl: window.location.href.replace(/#.*/, "") });
GM_registerMenuCommand("Use this page for redirects", callback, "s");
}
}
})(AwsLinkAccountifier || (AwsLinkAccountifier = {}));
var AwsLinkAccountifier;
(function (AwsLinkAccountifier) {
function getPresetAccountSwitchUrl() {
return "https://signin.aws.amazon.com/switchrole?account=${ACCOUNT_ID}&roleName=${ROLE_NAME}";
}
AwsLinkAccountifier.getPresetAccountSwitchUrl = getPresetAccountSwitchUrl;
function getPresetRedirectUrl() {
return "https://david-04.github.io/aws-link-accountifier/aws-accountified-redirect.html";
}
AwsLinkAccountifier.getPresetRedirectUrl = getPresetRedirectUrl;
})(AwsLinkAccountifier || (AwsLinkAccountifier = {}));
var AwsLinkAccountifier;
(function (AwsLinkAccountifier) {
const REDIRECT_STATE_KEY = "redirectState";
//------------------------------------------------------------------------------------------------------------------
Expand Down Expand Up @@ -370,14 +381,14 @@ var AwsLinkAccountifier;
// Default settings
//------------------------------------------------------------------------------------------------------------------
const DEFAULT_SETTINGS = {
accountSwitchUrl: "https://signin.aws.amazon.com/switchrole?account=${ACCOUNT_ID}&roleName=${ROLE_NAME}",
redirectService: "https://david-04.github.io/aws-link-accountifier/aws-accountified-redirect.html"
accountSwitchUrl: AwsLinkAccountifier.getPresetAccountSwitchUrl(),
redirectUrl: AwsLinkAccountifier.getPresetRedirectUrl()
};
//------------------------------------------------------------------------------------------------------------------
// Retrieve settings
//------------------------------------------------------------------------------------------------------------------
function getSettings() {
return Object.assign(Object.assign({}, DEFAULT_SETTINGS), GM_getValue("settings", DEFAULT_SETTINGS));
return migrateSettings(Object.assign(Object.assign({}, DEFAULT_SETTINGS), GM_getValue("settings", DEFAULT_SETTINGS)));
}
AwsLinkAccountifier.getSettings = getSettings;
//------------------------------------------------------------------------------------------------------------------
Expand All @@ -387,6 +398,21 @@ var AwsLinkAccountifier;
GM_setValue(SETTINGS_KEY, Object.assign(Object.assign({}, getSettings()), settings));
}
AwsLinkAccountifier.updateSettings = updateSettings;
//------------------------------------------------------------------------------------------------------------------
// Migrate old settings
//------------------------------------------------------------------------------------------------------------------
function migrateSettings(settings) {
const data = settings;
if (data && "object" === typeof data) {
if (data.redirectService) {
if (!data.redirectUrl) {
data.redirectUrl = data.redirectService;
}
delete data.redirectService;
}
}
return settings;
}
})(AwsLinkAccountifier || (AwsLinkAccountifier = {}));
var AwsLinkAccountifier;
(function (AwsLinkAccountifier) {
Expand Down Expand Up @@ -473,7 +499,7 @@ var AwsLinkAccountifier;
// Generate a redirecting link
//------------------------------------------------------------------------------------------------------------------
function createRedirectLink(url, hint) {
return `${AwsLinkAccountifier.getSettings().redirectService}#${encodeURIComponent(JSON.stringify(Object.assign(Object.assign({}, hint), { url })))}`;
return `${AwsLinkAccountifier.getSettings().redirectUrl}#${encodeURIComponent(JSON.stringify(Object.assign(Object.assign({}, hint), { url })))}`;
}
AwsLinkAccountifier.createRedirectLink = createRedirectLink;
//------------------------------------------------------------------------------------------------------------------
Expand Down
3 changes: 1 addition & 2 deletions docs/aws-accountified-redirect.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ <h1 style="font-size:1.25em;">AWS Accountified Redirect</h1>
<p>
To use the current URL as the redirect service,
right-click on the page, select "Tampermonkey" (or open Tampermonkey from the extension toolbar)
and select "AWS Link Accountififer" &rarr; "Use this page for redirects".
and select "AWS Link Accountifier" &rarr; "Use this page for redirects".
</p>
</div>
</div>
Expand All @@ -39,7 +39,6 @@ <h1 style="font-size:1.25em;">AWS Accountified Redirect</h1>
const hash = (window.location.hash || "").replace(/^#?/, "").trim();
if (hash) {
try {
console.log(decodeURIComponent(hash));
const url = JSON.parse(decodeURIComponent(hash)).url;
if ("string" !== typeof url || !url.match(/^http/)) {
throw "Invalid hash - property 'url' is missing or not a valid URL";
Expand Down
4 changes: 2 additions & 2 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>AWS Link Accountififer</title>
<title>AWS Link Accountifier</title>
</head>
<body data-aws-accountified-redirect-version="1" style="line-height:1.5em">
<div style="width:80%;max-width:35em;margin:auto;padding-top:6em;">
Expand All @@ -15,7 +15,7 @@ <h1 style="font-size:1.25em;">AWS Link Accountifier</h1>
<a href="aws-accountified-redirect.html">aws-accountified-redirect.html</a>
</p>
<p>
For documentation, please refer to the <a href="https://github.com/david-04/aws-link-accountifier">GitHub project page</a>.
For documentation, please refer to the <a href="https://github.com/david-04/aws-link-accountifier/blob/main/README.md">GitHub project page</a>.
</p>
</div>
</body>
Expand Down
11 changes: 1 addition & 10 deletions src/modules/aws-session-info.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,16 +38,7 @@ namespace AwsLinkAccountifier {
//--------------------------------------------------------------------------------------------------------------

public matchesAccount(redirectState: RedirectState) {
const requiredAccount = redirectState.requiredAccount;
if (requiredAccount.id !== this.accountId) {
return false;
} else if (requiredAccount.excludeExampleRole
&& requiredAccount.exampleRole
&& this.role === requiredAccount.exampleRole) {
return false;
} else {
return true;
}
return redirectState.requiredAccount.id === this.accountId;
}
}

Expand Down
37 changes: 25 additions & 12 deletions src/modules/main.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,36 @@ namespace AwsLinkAccountifier {

let getAwsSessionCount = 0;

const isAwsConsole = window.location.host.toLowerCase().endsWith("aws.amazon.com");
const isAwsSignin = window.location.host.toLowerCase().endsWith("signin.aws.amazon.com");
const isRedirectPage = 0 <= window.location.pathname.indexOf("aws-accountified-redirect.htm");

//------------------------------------------------------------------------------------------------------------------
// Extract the URL hint and start or schedule the redirect processing
//------------------------------------------------------------------------------------------------------------------

export function main() {
const isAwsConsole = window.location.host.toLowerCase().endsWith("aws.amazon.com");
const isRedirectPage = 0 <= window.location.pathname.indexOf("aws-accountified-redirect.htm");
if (isRedirectPage) {
processRedirectPage();
}
if (isAwsSignin) {
const state = getRedirectState();
if (state && state.shouldAutoLogout) {
setRedirectState({ ...state, shouldAutoLogout: false });
if (getSettings().accountSwitchUrl.toLowerCase().indexOf("signin.aws.amazon.com") < 0) {
// login is done via external SSO - redirect away from AWS' default login page
initiateAccountSwitch();
return;
}
}
}
if (isAwsConsole) {
extractUrlHint();
onDOMContentLoaded(() => processNotificationsAndRedirects(isAwsConsole));
}
if (isRedirectPage) {
processRedirectUrl();
onDOMContentLoaded(processNotificationsAndRedirects);
}
initialiseMenu({
copyLink: isAwsConsole,
switchRole: isAwsConsole,
copyLink: isAwsConsole && !isAwsSignin,
switchRole: isAwsConsole && !isAwsSignin,
setAccountSwitchUrl: isAwsConsole || isRedirectPage,
useThisPageForRedirects: isRedirectPage
});
Expand All @@ -28,11 +41,11 @@ namespace AwsLinkAccountifier {
// Redirect or inject messages to log out and in again
//------------------------------------------------------------------------------------------------------------------

function processNotificationsAndRedirects(isAwsConsole: boolean) {
document.removeEventListener("DOMContentLoaded", () => processNotificationsAndRedirects(isAwsConsole));
function processNotificationsAndRedirects() {
document.removeEventListener("DOMContentLoaded", processNotificationsAndRedirects);
const redirectState = getRedirectState();
if (redirectState) {
if ("signin.aws.amazon.com" === window.location.host) {
if (isAwsSignin) {
injectAccountSelectionHint(redirectState);
} else if (isAwsConsole) {
const awsSession = getCurrentAwsSession();
Expand Down Expand Up @@ -70,7 +83,7 @@ namespace AwsLinkAccountifier {
// Intercept redirect service page loads
//------------------------------------------------------------------------------------------------------------------

function processRedirectUrl() {
function processRedirectPage() {
try {
const hash = decodeURIComponent((window.location.hash ?? "").replace(/^#/, "").trim());
if (hash) {
Expand Down
7 changes: 3 additions & 4 deletions src/modules/menu.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,9 @@ namespace AwsLinkAccountifier {
requiredAccount: {
id: account.accountId,
alias: account.accountAlias,
exampleRole: account.role,
excludeExampleRole: true
exampleRole: account.role
},
shouldAutoLogout: true,
shouldAutoLogout: false,
expiresAt: new Date().getTime() + 10 * 60 * 1000
});
initiateAccountSwitch();
Expand Down Expand Up @@ -92,7 +91,7 @@ namespace AwsLinkAccountifier {
function setRedirectUrl() {
const redirectVersion = document.body.dataset.awsAccountifiedRedirectVersion;
if (redirectVersion && "string" === typeof redirectVersion) {
const callback = () => updateSettings({ redirectService: window.location.href.replace(/#.*/, "") });
const callback = () => updateSettings({ redirectUrl: window.location.href.replace(/#.*/, "") });
GM_registerMenuCommand("Use this page for redirects", callback, "s");
}
}
Expand Down
10 changes: 10 additions & 0 deletions src/modules/presets.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
namespace AwsLinkAccountifier {

export function getPresetAccountSwitchUrl() {
return "https://signin.aws.amazon.com/switchrole?account=${ACCOUNT_ID}&roleName=${ROLE_NAME}";
}

export function getPresetRedirectUrl() {
return "https://david-04.github.io/aws-link-accountifier/aws-accountified-redirect.html";
}
}
1 change: 0 additions & 1 deletion src/modules/redirect-state.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ namespace AwsLinkAccountifier {
id: string;
alias?: string;
exampleRole?: string;
excludeExampleRole?: boolean;
}
shouldAutoLogout: boolean;
expiresAt: number
Expand Down
Loading

0 comments on commit f2759f8

Please sign in to comment.