callback(auth0Config, isLegacySso)} />;\n}\n","import React, { PropsWithChildren, ReactNode } from 'react';\nimport { CaptiveWindow } from '@sm/webassets';\nimport { createUseStyles } from 'react-jss';\nimport { Box } from '@wds/box';\nimport { Theme } from '@wds/styles';\n\nconst useStyles = createUseStyles(({ palette }: Theme) => {\n return {\n unlinkedWindow: {\n maxWidth: '636px',\n },\n window: {\n backgroundColor: palette.background.main,\n },\n };\n});\n\nconst UnlinkedWindow = ({ addOnTop, children }: PropsWithChildren<{ addOnTop: ReactNode }>): JSX.Element => {\n const { unlinkedWindow, window } = useStyles();\n return (\n \n {addOnTop}}>\n {children}\n \n \n );\n};\n\nexport default UnlinkedWindow;\n","import React from 'react';\nimport { Button } from '@wds/button';\nimport { Theme } from '@wds/styles';\nimport { createUseStyles } from 'react-jss';\nimport { ProgressCircle } from '@wds/progress-circle';\n\nexport const BUTTON_TEST_ID = 'UnlinkedButtonOptionButton';\n\nconst useStyles = createUseStyles((theme: Theme) => ({\n buttonOverride: {\n '& a, & button': {\n // reduce padding since we have some long titles and want to avoid breaking onto another\n // line if possible\n padding: [0, theme.spacing[3]],\n },\n },\n}));\n\nexport default function UnlinkedButtonOption({\n isDisabled,\n showSpinner,\n titleText,\n onClick,\n id,\n href,\n}: {\n isDisabled: boolean;\n showSpinner: boolean;\n titleText: string;\n id?: string;\n href?: string;\n onClick(): void;\n}): JSX.Element {\n let buttonTestId: string = BUTTON_TEST_ID;\n if (typeof id !== 'undefined') {\n const suffix = `__${id}`;\n buttonTestId = `${buttonTestId}${suffix}`;\n }\n\n const { buttonOverride } = useStyles();\n\n return (\n \n
\n {/* Using ProgressCircle here to workaround https://momentiveai.atlassian.net/browse/WEBEXP-994,\n update when that ticket is fixed */}\n {showSpinner ? : titleText}\n \n We found your account with {email}.
To log in, enter this email and select Next to enter your password.
You can’t use the Log in with {socialName} option until you’ve linked your SurveyMonkey and {socialName} accounts.
`,\n description: `[Type: Paragraph][Vis: med] - Body text informing the user of what steps they must take in order to login. \"Next\" is the button label defined in LoginEmailPage:submitButtonLabel`,\n },\n unlinkedPageLoginButton: {\n id: 'login.UnlinkedPageContent.LogIn',\n defaultMessage: 'Log in',\n description: `[Type: Button][Vis: high] - Label for the \"Log in\" button`,\n },\n unlinkedPageOptionsHeaderNoEmail: {\n id: 'login.UnlinkedPageContent.OptionsHeaderNoEmail',\n defaultMessage: `What would you like to do?`,\n description: '[Type: Paragraph][Vis: med] - Header asking user what they would like to do to link their account',\n },\n});\n\nconst useStyles = createUseStyles((theme: Theme) => {\n return {\n emailInUseButtonContainer: {\n width: '240px',\n },\n };\n});\n\nexport default function UnlinkedPageContent(): JSX.Element {\n const { idToken, socialName } = getAndValidateIdToken();\n const { emailInUseButtonContainer } = useStyles();\n\n const appState: AppState = {\n app: getQueryParam(QueryParams.SM_APP),\n ep: getQueryParam(QueryParams.EP),\n forceAccountPicker: hasQueryParam(SmParams.SM_FORCE_ACCOUNT_PICKER) ? true : undefined,\n sm: getQueryParam(QueryParams.SM),\n sm_allow_create_user: getQueryParam(QueryParams.SM_ALLOW_CREATE_USER),\n ut_source: getQueryParam(QueryParams.UT_SOURCE),\n ut_source2: getQueryParam(QueryParams.UT_SOURCE2),\n };\n\n const emailInUse = !!getQueryParam(QueryParams.EMAIL_IN_USE);\n const userEmail = idToken.email as string;\n // For the \"Create a new account\" button\n const [signupState, setSignupState] = useState('pageload');\n const [signupJWTError, setSignupJWTError] = useState(false);\n\n const attemptSignUp = async (): Promise => {\n if (signupState === 'pending' || signupState === 'success') {\n return;\n }\n setSignupState('pending');\n\n try {\n const result = await SessionClient().createBySignup({ claims: idToken, appState });\n if (result === SessionResult.CREATED) {\n setSignupState('success');\n removeIdToken();\n navigateTo('/login/next', cleanObject({ ep: appState.ep, joined: 'true' }));\n } else {\n setSignupState('error');\n setSignupJWTError(result === SessionResult.INVALID_JWT);\n }\n } catch (error: unknown) {\n setSignupJWTError(false);\n setSignupState('error');\n }\n };\n\n // For the \"Log in to an existing acct\" button\n const [loginState, setLoginState] = useState('pageload');\n\n const attemptLogin = (): void => {\n // navigation to /login handled by href attr; just set state here\n if (loginState !== 'pending' && loginState !== 'success') {\n setLoginState('pending');\n }\n };\n\n const generateLoginURL = (): string => {\n return createURL(\n '/login',\n cleanObject({\n [SmParams.SM_APP]: appState.app,\n [SmParams.SM_FORCE_ACCOUNT_PICKER]: appState.forceAccountPicker ? '' : undefined,\n [SmParams.SM_EMAIL]: userEmail,\n ep: appState.ep,\n sm: appState.sm,\n sm_allow_create_user: appState.sm_allow_create_user,\n ut_source: appState.ut_source,\n ut_source2: appState.ut_source2,\n })\n );\n };\n\n const allowAccountCreation = (): boolean => {\n const baseUrl = window.location.href;\n return !baseUrl.includes('eu.');\n };\n\n // For logic affecting either/both buttons\n const areButtonsDisabled: boolean =\n loginState === 'pending' || loginState === 'success' || signupState === 'pending' || signupState === 'success';\n\n const loginButton = (label: string): JSX.Element => (\n \n );\n\n const EmailInUse = (): JSX.Element => {\n return (\n \n \n {t(\n COPY.unlinkedPageEmailInUseMessage,\n {\n email: userEmail,\n socialName,\n },\n { html: true }\n )}\n \n \n {loginButton(t(COPY.unlinkedPageLoginButton))}\n \n \n );\n };\n\n const CreateOrLogin = (): JSX.Element => {\n const signupCTA = {\n id: 'cta.signup',\n cta: (\n {\n void attemptSignUp();\n }}\n id=\"SIGNUP\"\n />\n ),\n caption: {t(COPY.unlinkedPageSignupButtonContent, { socialName })},\n };\n\n const loginCTA = {\n id: 'cta.login',\n cta: loginButton(t(COPY.unlinkedPageLoginButtonTitle)),\n caption: {t(COPY.unlinkedPageLoginButtonContent, { socialName })},\n };\n\n return (\n \n );\n };\n\n return (\n \n }\n >\n \n {/* OPTIONAL ERROR BANNER */}\n {signupState === 'error' ? : null}\n\n {emailInUse ? : }\n \n \n );\n}\n","import React, { useContext } from 'react';\nimport { StaticContext, BasePage, Helmet } from '@sm/webassets';\nimport UnlinkedPageContent from './UnlinkedPageContent';\n\nexport default function UnlinkedPage(): JSX.Element {\n const {\n locale: { isEUDC },\n } = useContext(StaticContext);\n return (\n \n \n Create or Link Your Account\n \n \n \n );\n}\n","import { Desc, defineMessages } from '@sm/intl';\nimport { getHelpCenterLink } from '@sm/webassets';\nimport { SamlErrorCode } from '~common/errors/userFacing';\n\ntype ErrorMessage = {\n values: Record;\n desc: Desc;\n};\n\nconst errorDescription = '[Type: Paragraph][Vis: high] - The description of a login failure.';\n\nconst COPY = defineMessages({\n ERROR_CODE: {\n id: 'login.copy.ErrorCode',\n defaultMessage: 'Error code',\n description: '[Type: Label][Vis: high] - The label of the error code to be shown',\n },\n ERROR_TITLE: {\n id: 'login.copy.Title',\n defaultMessage: 'Sorry, not able to log in',\n description: '[Type: Paragraph][Vis: high] - The reason a login failed',\n },\n DEFAULT: {\n id: 'login.copy.Default',\n defaultMessage: 'Ask your admin or contact your Customer Success Manager for help.',\n description: errorDescription,\n },\n GROUP_DOWNGRADED: {\n id: 'login.copy.GroupDowngraded',\n defaultMessage: 'Your group no longer has an Enterprise plan. Contact us for more info.',\n description: errorDescription,\n },\n GROUP_NOT_FOUND: {\n id: 'login.copy.GroupNotFound',\n defaultMessage: 'We’re not able to identify your group information. Ask your admin or contact us for help.',\n description: errorDescription,\n },\n NOT_AFTER_FAILURE: {\n id: 'login.copy.NotAfterFailure',\n defaultMessage: 'We’re unable to authenticate your info at this time. Ask your admin or contact us for help.',\n description: errorDescription,\n },\n NO_NAME_ID_FOUND: {\n id: 'login.copy.NoNameIDFound',\n defaultMessage: 'We’re not able to find your account ID in our system. Ask your admin or contact us for help.',\n description: errorDescription,\n },\n RESPONDENT: {\n id: 'login.copy.Respondent',\n defaultMessage: 'Your account doesn’t have permissions enabled. Contact your admin or IT team for help.',\n description: errorDescription,\n },\n SSO_NOT_ENABLED: {\n id: 'login.copy.SSONotEnabled',\n defaultMessage: 'Single sign-on isn’t enabled for your group. Contact your admin for more info.',\n description: errorDescription,\n },\n USER_PENDING_DELETION: {\n id: 'login.copy.UserPendingDeletion',\n defaultMessage:\n 'The account you’re trying to log in to may be pending deletion. Contact us for more info.',\n description: errorDescription,\n },\n USER_PENDING_REASSIGNMENT: {\n id: 'login.copy.UserPendingReassignment',\n defaultMessage:\n 'The account you’re trying to log in to was reassigned by your admin. The invitation email needs to be accepted before logging in. Contact your admin for more info.',\n description: errorDescription,\n },\n X509_CANNOT_VERIFY: {\n id: 'login.copy.X509CannotVerify',\n defaultMessage:\n 'We’re not able to identify your group information due to an incorrect certificate. Ask your admin or contact us for help.',\n description: errorDescription,\n },\n});\n\nexport const getErrorMessage = (languageCode: string, reason?: SamlErrorCode): ErrorMessage => {\n const contactUsLink = getHelpCenterLink(languageCode, { path: 'contact' });\n let values: Record = {};\n let desc: Desc;\n\n switch (reason) {\n case SamlErrorCode.GROUP_DOWNGRADED:\n case SamlErrorCode.GROUP_HAS_NO_OWNER:\n case SamlErrorCode.GROUP_OWNER_IS_NOT_ENTERPRISE:\n values = { contactUs: contactUsLink };\n desc = COPY.GROUP_DOWNGRADED;\n break;\n case SamlErrorCode.GROUP_NOT_FOUND_BY_CANONICAL_NAME:\n case SamlErrorCode.GROUP_NOT_FOUND_BY_ISSUER:\n case SamlErrorCode.GROUP_NOT_FOUND:\n desc = COPY.GROUP_NOT_FOUND;\n break;\n case SamlErrorCode.NOT_AFTER_FAILURE:\n case SamlErrorCode.NOT_BEFORE_FAILURE:\n case SamlErrorCode.SAML_RESPONSE_ALREADY_SEEN:\n desc = COPY.NOT_AFTER_FAILURE;\n break;\n case SamlErrorCode.NO_NAME_ID_FOUND:\n desc = COPY.NO_NAME_ID_FOUND;\n break;\n case SamlErrorCode.RESPONDENT_ONLY:\n desc = COPY.RESPONDENT;\n break;\n case SamlErrorCode.SSO_NOT_ENABLED:\n case SamlErrorCode.GROUP_NOT_SSO_ENABLED:\n desc = COPY.SSO_NOT_ENABLED;\n break;\n case SamlErrorCode.USER_PENDING_DELETION:\n case SamlErrorCode.USER_IS_PENDING_DELETION:\n values = { contactUs: contactUsLink };\n desc = COPY.USER_PENDING_DELETION;\n break;\n case SamlErrorCode.USER_PENDING_REASSIGNMENT:\n case SamlErrorCode.USER_IS_PENDING_REASSIGNMENT:\n desc = COPY.USER_PENDING_REASSIGNMENT;\n break;\n case SamlErrorCode.X509_CANNOT_VERIFY:\n case SamlErrorCode.X509_MISMATCH:\n desc = COPY.X509_CANNOT_VERIFY;\n break;\n default:\n desc = COPY.DEFAULT;\n break;\n }\n\n return {\n desc,\n values,\n };\n};\n\nexport default COPY;\n","/**\n * This takes in a connection name and returns the canonical link of the connection\n *\n * @param connection The connection name\n * @returns The canonical link for the connection name\n */\nconst getCanonicalLink = (connection: string): string => `/login/sso/${connection}`;\n\nconst refreshSamlConnection = async (connection: string): Promise => {\n const endpointUrl = '/login/api/v1/saml_connections/refresh';\n\n try {\n const resp = await fetch(endpointUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n connection,\n }),\n });\n\n if (resp.status === 200) {\n return true;\n }\n } catch (e: unknown) {\n // nothing\n }\n\n return false;\n};\n\nexport default {\n getCanonicalLink,\n refreshSamlConnection,\n};\n","import React, { useContext, useEffect } from 'react';\nimport { ProgressCircle } from '@wds/progress-circle';\nimport { FiveHundredErrorPage, StaticContext } from '@sm/webassets';\nimport { t, T } from '@sm/intl';\n\nimport getQueryParam from '~app/helpers/queryParams';\nimport BaseLoadingPage from '~app/pages/login/BaseLoadingPage';\nimport { QueryParams } from '~common/entities/smParams';\nimport { SamlErrorCode } from '~common/errors/userFacing';\nimport COPY, { getErrorMessage } from './copy';\nimport { fetchSamlConnection, removeSamlConnection } from '~app/helpers/sessionStorage';\nimport samlConnectionApi from '~app/helpers/samlConnectionApi';\n\nexport const LOADING_TEST_ID = 'LoadingPage';\n\nexport function getSamlErrorCode(errorReason: string | undefined): SamlErrorCode | undefined {\n if (errorReason && Object.values(SamlErrorCode).includes(errorReason)) {\n return errorReason as SamlErrorCode;\n }\n\n return undefined;\n}\n\nexport default function ErrorPage(): JSX.Element {\n const [isLoading, setIsLoading] = React.useState(true);\n\n const {\n environment: { languageCode },\n pageRequestId,\n } = useContext(StaticContext);\n const errorReason = getQueryParam(QueryParams.ERROR);\n const samlErrorCode = getSamlErrorCode(errorReason);\n const connection = fetchSamlConnection();\n\n useEffect(() => {\n (async () => {\n const shouldRefreshSamlConnection =\n !!connection &&\n samlErrorCode &&\n (samlErrorCode === SamlErrorCode.X509_MISMATCH || samlErrorCode === SamlErrorCode.X509_CANNOT_VERIFY);\n\n try {\n if (shouldRefreshSamlConnection) {\n const refreshed = await samlConnectionApi.refreshSamlConnection(connection as string);\n\n // redirect user back to canonical link if connection was refreshed\n if (refreshed) {\n // Remove the connection from storage before redirecting\n removeSamlConnection();\n window.location.href = samlConnectionApi.getCanonicalLink(connection as string);\n return;\n }\n }\n } catch (e: unknown) {\n // ignore\n }\n\n // We want to stop showing the spinner if the page is not redirecting\n setIsLoading(false);\n })();\n });\n\n if (isLoading) {\n return (\n \n \n \n \n \n );\n }\n\n if (samlErrorCode) {\n const { desc, values } = getErrorMessage(languageCode, samlErrorCode);\n\n return (\n }\n />\n );\n }\n\n return ;\n}\n","import loadable from '@loadable/component';\nimport { FourOhFourError, GlobalThemeProvider } from '@sm/webassets';\nimport { WrenchTheme } from '@wds/styles';\nimport { Route, Switch, useLocation } from 'react-router-dom';\nimport React from 'react';\n\nimport StartAuthTransactionPage from '~app/pages/login/StartAuthTransactionPage';\nimport HandleAuthCallbackPage from '~app/pages/login/HandleAuthCallbackPage';\nimport LoadingPage from './pages/login/LoadingPage/LoadingPage';\nimport UnlinkedPage from './pages/login/UnlinkedPage';\nimport LoginErrorPage from './pages/login/ErrorPage';\nimport SHARED_ROUTES from './pages/sharedRoutes';\nimport TeamRoutes from './pages/team/routes';\n\n// Team join pages go in their own separate chunk\nconst TeamPage = loadable(\n async () => import(/* webpackChunkName: 'loginweb-team-join' */ './pages/team/TeamBasePage'),\n {\n fallback: {}} />,\n }\n);\n\n// Survey share interstitial page goes in a separate chunk, since it's off the main path\nconst SurveyShareInterstitialPage = loadable(\n async () =>\n import(/* webpackChunkName: 'loginweb-survey-share' */ './pages/survey-share/SurveyShareInterstitialPage'),\n {\n fallback: {}} />,\n }\n);\n\nconst App = (): JSX.Element => {\n const { search } = useLocation();\n\n return (\n \n \n \n \n \n\n \n {/*\n We have a single callback path registered with the auth server. It routes to distinct\n login flows based on the query param. Determine which flow we're in.\n - /login/callback?team-join => TeamPage\n - /login/callback => normal login/sign-up\n */}\n \n \n \n \n \n \n \n \n \n\n \n \n \n\n \n \n \n\n \n \n \n\n \n \n \n\n \n \n \n\n \n \n \n \n \n );\n};\n\nexport default App;\n","type Messages = { [K: string]: string };\n\nconst DEFAULT_LOCALE = 'en-US';\nconst FALLBACK = {};\n\nexport default async function getLocaleMessages(locale: string): Promise {\n if (locale === DEFAULT_LOCALE) {\n // Default locale will use the default fallback strings\n return FALLBACK;\n }\n try {\n const webassetsTranslationsModule: Messages = await import(\n /* webpackChunkName: \"i18n/webassets/[request]\" */ `@sm/webassets/dist/locales/translated/${locale}`\n );\n const appTranslationsModule: Messages = await import(\n /* webpackChunkName: \"i18n/[request]\" */ `../../locales/translated/${locale}`\n );\n return {\n ...webassetsTranslationsModule,\n ...appTranslationsModule,\n };\n } catch (err: unknown) {\n return FALLBACK;\n }\n}\n","import 'regenerator-runtime/runtime';\nimport 'core-js/stable';\n\nimport { ApolloClient, NormalizedCacheObject } from '@apollo/client';\nimport createBrowserApolloClient from '@sm/apollo-clients/dist/browser';\n\nimport { clientErrorHandler } from '@sm/webassets';\nimport possibleTypes from './helpers/possibleTypes';\nimport { bootstrapSMWeb, createApp, getLocaleMessages, mount } from './utils';\n\nconst { staticData, environ, locale } = bootstrapSMWeb(window);\nconst {\n pageRequestId,\n 'client-config': { appName, appVersion, graphQLUri },\n gql: { gqlCache = {} } = {},\n} = staticData;\n\nconst apolloClient: ApolloClient = createBrowserApolloClient({\n uri: graphQLUri,\n cacheHydration: gqlCache,\n pageRequestId,\n possibleTypes,\n linkOptions: {\n credentials: 'include',\n batchInterval: 30,\n },\n metadata: { appName, appVersion },\n availableLoggedOutPaths: ['/lo-graphql/teamJoin'],\n});\n\ngetLocaleMessages(locale)\n .then(createApp(environ, staticData, apolloClient))\n .then(mount(document))\n .catch(clientErrorHandler.logError);\n","import { initializeClientErrorHandler } from '@sm/webassets';\n\nexport default function bootstrapSMWeb(window: Window): SMConfig {\n const staticData = window.SM?.__LOAD_PAYLOAD_CACHE__;\n if (!staticData) {\n throw new Error('__LOAD_PAYLOAD_CACHE__ not found in window.SM');\n }\n\n initializeClientErrorHandler();\n\n const { environment: environ } = staticData;\n const locale = environ?.slLanguageLocale;\n\n if (!locale) {\n throw new Error('Misconfigured SMEnviron');\n }\n\n return {\n locale,\n environ,\n staticData,\n };\n}\n","import SMEnviron from '@sm/environ';\nimport { L10nProvider } from '@sm/intl';\nimport { LanguageCode } from '@sm/locale';\nimport { ApolloClient, NormalizedCacheObject, ApolloProvider } from '@apollo/client';\nimport { ErrorBoundary, FiveHundredErrorPage, HelmetProvider, StaticProvider } from '@sm/webassets';\nimport React, { ReactElement } from 'react';\nimport { Router } from 'react-router-dom';\nimport App from '../App';\nimport history from './history';\n\nexport default function createApp(\n environ: SMEnviron,\n staticData: { [K in string]: unknown },\n apolloClient: ApolloClient\n): (msgs: { [K: string]: string }) => ReactElement {\n return (localeMessages: { [K: string]: string }) => (\n \n \n \n \n \n \n \n \n \n \n \n \n \n );\n}\n","import { ReactElement } from 'react';\nimport { hydrate, render } from 'react-dom';\n\ntype DocumentLike = {\n getElementById(id: string): HTMLElement | null;\n};\n\nexport default function mount(document: DocumentLike): (app: ReactElement) => void {\n const target = document.getElementById('reactApp');\n if (!target) {\n throw new Error('App node not found in document');\n }\n\n return (app: ReactElement) => {\n if (target.innerHTML.trim().length) {\n return hydrate(app, target);\n }\n return render(app, target);\n };\n}\n","// Interfaces for the client side handler code.\n\nimport { UtSourceParams } from '~common/entities/user';\n\n/**\n * Any additional data stored by the client that is associated with\n * a particular login transaction.\n *\n * - `ep`: \"end page\"; where the user is redirected to after auth\n * - `show`: what auth experience the user should first get on LoginApp\n * - `forceAccountCreation`: true to create a SurveyMonkey account instead of showing the\n * \"unlinked 3rd party account\" page when possible.\n */\nexport type AppState = {\n ep?: string;\n show?: SmShow;\n app?: SmApp;\n forceAccountPicker?: boolean;\n forceAccountCreation?: boolean;\n sm?: string;\n sm_allow_create_user?: string;\n authUrl?: string; // The complete original login URL that the client came into the transaction with.\n} & UtSourceParams;\n\n/** Possible values for the `sm.show` query parameter */\nexport enum SmShow {\n SIGNUP = 'sign-up',\n LOGIN = 'log-in',\n FORGOT_PASSWORD = 'forgot-password',\n}\n\n/** Possible values for the `sm.app` query parameter */\nexport enum SmApp {\n CORE = 'core',\n CONTRIBUTE = 'contribute',\n REWARDS = 'rewards',\n MOBILE = 'mobile',\n}\n","import { createURL } from '@sm/utils';\n\n/**\n * Navigates to the given base URL and query.\n */\nexport default function navigateTo(url: string, params?: Record): void {\n window.location.replace(createURL(url, params));\n}\n","import { IdToken } from '@auth0/auth0-spa-js';\n\nconst ID_TOKEN_NAMESPACE = 'unlinkedState';\nconst EP_PARAM_NAMESPACE = 'ep';\nconst SM_PARAM_NAMESPACE = 'sm';\nconst SM_ALLOW_CREATE_PARAM_NAMESPACE = 'sm_allow_create_user';\nconst CONNECTION_NAME_NAMESPACE = 'auth.conn';\n\nfunction stash(namespace: string, value: string): void {\n window.sessionStorage.setItem(namespace, value);\n}\n\nfunction fetch(namespace: string): string | null {\n return window.sessionStorage.getItem(namespace);\n}\n\nfunction remove(namespace: string): void {\n window.sessionStorage.removeItem(namespace);\n}\n\nexport function stashSamlConnection(connection: string): void {\n stash(CONNECTION_NAME_NAMESPACE, connection);\n}\n\nexport function fetchSamlConnection(): string | null {\n return fetch(CONNECTION_NAME_NAMESPACE);\n}\n\nexport function removeSamlConnection(): void {\n remove(CONNECTION_NAME_NAMESPACE);\n}\n\nexport function stashIdToken(idToken: IdToken): void {\n stash(ID_TOKEN_NAMESPACE, JSON.stringify(idToken));\n}\n\nexport function fetchIdToken(): IdToken | null {\n const token = fetch(ID_TOKEN_NAMESPACE);\n if (!token) {\n return null;\n }\n return JSON.parse(token) as IdToken;\n}\n\nexport function removeIdToken(): void {\n remove(ID_TOKEN_NAMESPACE);\n}\n\nexport function stashEp(ep: string): void {\n stash(EP_PARAM_NAMESPACE, ep);\n}\n\nexport function fetchAndRemoveEp(): string | null {\n const ep = fetch(EP_PARAM_NAMESPACE);\n remove(EP_PARAM_NAMESPACE);\n return ep;\n}\n\nexport function stashSm(sm: string): void {\n stash(SM_PARAM_NAMESPACE, sm);\n}\n\nexport function fetchAndRemoveSm(): string | null {\n const sm = fetch(SM_PARAM_NAMESPACE);\n remove(SM_PARAM_NAMESPACE);\n return sm;\n}\n\nexport function stashSmAllow(sm_allow_create_user: string): void {\n stash(SM_ALLOW_CREATE_PARAM_NAMESPACE, sm_allow_create_user);\n}\n\nexport function fetchAndRemoveSmAllow(): string | null {\n const sm_allow_create_user = fetch(SM_ALLOW_CREATE_PARAM_NAMESPACE);\n remove(SM_ALLOW_CREATE_PARAM_NAMESPACE);\n return sm_allow_create_user;\n}\n","import { IdToken } from '@auth0/auth0-spa-js';\nimport { clientErrorHandler } from '@sm/webassets';\nimport { UtSourceParams } from 'src/common/entities/user';\nimport { Auth0Strategy, getStrategyBySub } from '~common/entities/auth0Strategy';\nimport { FormattedError, SamlErrorCode } from '~common/errors/userFacing';\nimport { AppState, SmApp } from '../handlers/handlers';\nimport { getAmplitudeIds, waitForAmplitude } from '~app/utils/amplitudeHelpers';\nimport { AmplitudeSessionInfo } from '~common/helpers/amplitudeSession';\n\n// The types of errors that the server can return from POST /api/v1/sessions\nexport class IdentityAlreadyLinkedError extends Error {}\n\nexport class SamlError extends Error {\n code: SamlErrorCode;\n\n constructor(detail: string, code: SamlErrorCode) {\n super(detail);\n this.code = code;\n }\n}\n\nexport class IdentityNotLinkedError extends Error {\n /**\n * Whether the email asserted by the social identity is in use by an existing account\n */\n emailInUse: boolean;\n\n constructor(emailInUse = false) {\n super();\n this.emailInUse = emailInUse;\n }\n}\nexport class InvalidJWTError extends Error {}\nexport class InvalidInviteError extends Error {}\n\nexport enum SessionResult {\n /** Could not create a session because no account was linked. User intervention is needed. */\n UNLINKED = 1,\n\n /** Could not create a session because of issue detected with the JWT (with no further detail, intentionally) */\n INVALID_JWT = 2,\n\n /** Existing user successfully logged in */\n LOGGED_IN = 3,\n\n /** New user created and then logged in */\n CREATED = 4,\n\n /** User login via SSO */\n SSO_LOGIN = 5,\n}\n\n/** Which type of account we'd prefer to log into */\nexport type AccountTypePreference = 'contribute' | 'rewards' | undefined;\n\n/** Return value from sucessful POST /sessions call */\ntype SessionResponseBody = {\n user: {\n id: string;\n };\n redirectUrl?: string;\n};\n\nfunction toPref(smApp?: SmApp): AccountTypePreference {\n switch (smApp) {\n case undefined:\n case SmApp.CORE:\n case SmApp.MOBILE:\n return undefined;\n case SmApp.CONTRIBUTE:\n return 'contribute';\n case SmApp.REWARDS:\n return 'rewards';\n }\n}\n\nexport class SessionClient {\n readonly endpointUrl = '/login/api/v1/sessions';\n\n private static getSignupParams(appState: AppState): Pick {\n const { ut_source, ut_source2 } = appState;\n return { ut_source, ut_source2 };\n }\n\n /**\n * @returns Whether we should create a SurveyMonkey account linked to the user's token subject\n * without prompting the user\n */\n private static shouldCreateAccount(\n appState: AppState,\n claims: IdToken,\n notLinkedError: IdentityNotLinkedError\n ): boolean {\n // Create an account when the user authenticated via Auth0 strategy (i.e. email+password).\n // This is the typical case when a user has just created an Auth0 email identity.\n if (getStrategyBySub(claims.sub) === Auth0Strategy.Auth0) {\n return true;\n }\n\n // Create an account if the 'force' param is set, and the email isn't already in use\n if (appState.forceAccountCreation && !notLinkedError.emailInUse) {\n return true;\n }\n\n return false;\n }\n\n private static handleError(body: { errors: FormattedError[] }): never {\n const {\n errors: [serverError],\n } = body;\n\n if (Object.values(SamlErrorCode).includes(serverError.code)) {\n throw new SamlError(serverError.detail, serverError.code as unknown as SamlErrorCode);\n }\n\n switch (serverError.code) {\n case 'identity_already_linked':\n throw new IdentityAlreadyLinkedError();\n case 'identity_not_linked':\n throw new IdentityNotLinkedError(serverError.extra === 'email_in_use_by_password_account');\n case 'invalid_invite':\n throw new InvalidInviteError();\n case 'unauthorized':\n // The remote UserService rejected the JWT\n throw new InvalidJWTError();\n case 'invalid_request':\n if (\n serverError.source &&\n serverError.source.location === 'body' &&\n serverError.source.pointer === '.id_token'\n ) {\n // Shallow validation failed (probably because the JWT expired)\n throw new InvalidJWTError();\n }\n break;\n default:\n break; // will throw generic error below\n }\n\n const error = new Error('Failed to create session');\n clientErrorHandler.logError(error);\n throw error;\n }\n\n /**\n * Authenticate using the identity token, by first attempting to login and creating a new SM user\n * if necessary.\n *\n * @throws `IdentityAlreadyLinkedError` if the identity is already linked to an SM user.\n * @throws Generic error on other failure.\n * @returns A SessionResult and optionally a detailed error field\n */\n async createByLogin({\n claims,\n appState,\n smAllowCreateUser,\n }: {\n claims: IdToken;\n appState: AppState;\n smAllowCreateUser?: string;\n }): Promise<{ result: SessionResult; error?: IdentityNotLinkedError; redirectUrl?: string }> {\n const idToken = claims.__raw;\n\n // Try to login\n let notLinkedError: IdentityNotLinkedError | undefined;\n try {\n const response = await this.postSessions({\n idToken,\n action: 'login',\n preference: toPref(appState.app),\n authUrl: appState.authUrl,\n });\n\n if (response.redirectUrl) {\n return { result: SessionResult.SSO_LOGIN, redirectUrl: response.redirectUrl };\n }\n\n return { result: SessionResult.LOGGED_IN };\n } catch (e: unknown) {\n if (!(e instanceof IdentityNotLinkedError)) {\n throw e;\n }\n notLinkedError = e;\n }\n\n // Identity is not linked to an SM account. Check if we should create one.\n if (SessionClient.shouldCreateAccount(appState, claims, notLinkedError)) {\n const result = await this.createBySignup({ claims, appState, smAllowCreateUser });\n return { result };\n }\n\n // Identity not linked and we couldn't create an account for them. Just return unlinked, and\n // let the user decide how to proceed.\n return { result: SessionResult.UNLINKED, error: notLinkedError };\n }\n\n /**\n * Authenticate using the identity token, by creating a new SM user on the fly.\n *\n * @param claims The ID token\n * @param appState\n * @param inviteToken Optional invite token if user is being created in the context of\n * a team invite workflow\n *\n * @throws `IdentityAlreadyLinkedError` if the identity is already linked to an SM user.\n * @throws Generic error on other failure.\n */\n async createBySignup({\n claims,\n appState,\n inviteToken = undefined,\n smAllowCreateUser = undefined,\n }: {\n claims: IdToken;\n appState: AppState;\n inviteToken?: string;\n smAllowCreateUser?: string;\n }): Promise {\n const idToken = claims.__raw;\n\n try {\n await this.postSessions({\n idToken,\n action: 'signup',\n signupParams: SessionClient.getSignupParams(appState),\n inviteToken,\n smAllowCreateUser,\n authUrl: appState.authUrl,\n });\n return SessionResult.CREATED;\n } catch (e: unknown) {\n if (e instanceof InvalidJWTError) {\n return SessionResult.INVALID_JWT;\n }\n throw e;\n }\n }\n\n /**\n * Authenticate an existing SM user using the identity token.\n *\n * @param idToken\n * @throws IdentityNotLinkedError\n * @throws InvalidJWTError\n */\n async login(idToken: IdToken): Promise {\n return this.postSessions({ action: 'login', idToken: idToken.__raw });\n }\n\n /**\n * Switch to a linked account by the active session.\n *\n * @param targetUserId Id of the linked user account being switched to\n */\n async switch(targetUserId: string): Promise {\n return this.postSessions({ action: 'switch', targetUserId });\n }\n\n private async postSessions(\n opts:\n | {\n action: 'login';\n idToken: string;\n preference?: AccountTypePreference;\n authUrl?: string;\n }\n | {\n action: 'signup';\n idToken: string;\n signupParams: UtSourceParams;\n inviteToken?: string;\n smAllowCreateUser?: string;\n authUrl?: string;\n }\n | { action: 'switch'; targetUserId: string }\n ): Promise {\n let ampIds: AmplitudeSessionInfo = {};\n if (opts.action === 'login' || opts.action === 'signup') {\n await waitForAmplitude();\n ampIds = getAmplitudeIds();\n }\n\n const resp = await fetch(this.endpointUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({\n action: opts.action,\n id_token: 'idToken' in opts ? opts.idToken : undefined,\n preference: opts.action === 'login' ? opts.preference : undefined,\n signup_params: opts.action === 'signup' ? opts.signupParams : undefined,\n invite_token: opts.action === 'signup' ? opts.inviteToken : undefined,\n sm_allow_create_user: opts.action === 'signup' ? opts.smAllowCreateUser : undefined,\n target_user_id: opts.action === 'switch' ? opts.targetUserId : undefined,\n auth_url: opts.action === 'login' || opts.action === 'signup' ? opts.authUrl : undefined,\n sm_amp_sid: ampIds.sessionId ?? undefined,\n sm_amp_did: ampIds.deviceId ?? undefined,\n }),\n });\n\n if (resp.status === 200) {\n return (await resp.json()) as SessionResponseBody;\n }\n\n return SessionClient.handleError(await resp.json());\n }\n}\n\nexport default (): SessionClient => new SessionClient();\n","import { IdToken } from '@auth0/auth0-spa-js';\nimport { fetchIdToken } from '../../../helpers/sessionStorage';\nimport { SocialName } from './types';\n\n/**\n * Given an id token from a social login, returns the display name of the social IDP.\n *\n * @param idToken\n * @returns The social IDP name. The returned values are brand/company names, so they don't\n * need to be translated.\n */\nexport function getSocialName(idToken: IdToken): SocialName {\n // loose type-check that idToken _is_ an IdToken\n if (typeof idToken.sub === 'undefined') {\n throw new Error('idToken not in expected IdToken shape');\n }\n\n const { sub } = idToken;\n\n // verify sub one of expected social providers\n let socialName: SocialName;\n switch (sub.split('|')[0]) {\n case 'google-oauth2':\n socialName = 'Google';\n break;\n case 'facebook':\n socialName = 'Facebook';\n break;\n case 'windowslive':\n socialName = 'Microsoft';\n break;\n case 'linkedin':\n socialName = 'LinkedIn';\n break;\n case 'apple':\n socialName = 'Apple';\n break;\n default:\n throw new Error('Unidentifiable third party social provider');\n }\n return socialName;\n}\n\nexport default function getAndValidateIdToken(): { idToken: IdToken; socialName: SocialName } {\n // verify token JSON-serializable and of expected shape\n let idToken: IdToken | null;\n try {\n idToken = fetchIdToken();\n } catch (error: unknown) {\n throw new Error('idToken not in expected JSON-serializable format');\n }\n if (idToken === null) {\n throw new Error('No id token present in app state');\n }\n\n const socialName = getSocialName(idToken);\n\n return { idToken, socialName };\n}\n","// Routes shared by the login and team pages\n\nconst SHARED_ROUTES = Object.freeze({\n /** Our callback URL that is allow-listed on the auth server */\n CALLBACK: '/login/callback',\n});\n\nexport default SHARED_ROUTES;\n","const ROUTES = Object.freeze({\n LANDING: '/login/team/join/:inviteToken',\n CREATE: '/login/team/join/:inviteToken/create',\n CONVERT: '/login/team/join/:inviteToken/convert',\n\n REASSIGN_LANDING: '/login/team/reassign/:inviteToken',\n REASSIGN_CONFIRM: '/login/team/reassign/:inviteToken/confirm',\n});\n\nexport default ROUTES;\n","/* Helper functions for parsing Amplitude session. These are consumed by BOTH client and server code */\n\nexport type AmplitudeSessionInfo = {\n deviceId?: string;\n sessionId?: number;\n};\n\nfunction atob(input: string): string {\n // This works in the browser or Node.js\n return typeof window !== 'undefined' ? window.atob(input) : Buffer.from(input, 'base64').toString('latin1');\n}\n\nexport function getAmplitudeStorageKey(amplitudeToken: string): string {\n // the amplitude SDK names its storage key `AMP_`\n return `AMP_${amplitudeToken.substring(0, 10)}`;\n}\n\n/**\n * Parse Amplitude session from a string\n * @param json A string containing JSON data\n */\nexport function parseAmplitudeSession(json: string | undefined | null): AmplitudeSessionInfo {\n if (typeof json !== 'string') {\n return {};\n }\n\n try {\n const parsed = JSON.parse(json);\n return {\n deviceId: parsed.deviceId,\n sessionId: parsed.sessionId,\n };\n } catch (e: unknown) {\n // give up\n return {};\n }\n}\n\n/**\n * Parse Amplitude session from cookie\n *\n * @param cookies Object containing cookies as name-value pairs\n */\nexport default function parseAmplitudeCookie(\n cookies: Record,\n amplitudeToken: string\n): AmplitudeSessionInfo {\n const storageKey = getAmplitudeStorageKey(amplitudeToken);\n\n let cookieData = cookies[storageKey];\n if (!cookieData) {\n return {};\n }\n\n // Normalize it before parsing\n cookieData = decodeURIComponent(atob(cookieData));\n\n return parseAmplitudeSession(cookieData);\n}\n","import { MetricsTracker, USER_EVENTS } from '@sm/metrics';\nimport { parse as parseCookie } from 'cookie';\nimport parseAmplitudeCookie, {\n AmplitudeSessionInfo,\n getAmplitudeStorageKey,\n parseAmplitudeSession,\n} from '~common/helpers/amplitudeSession';\n\n/* Client-side Amplitude helper functions */\n\n// How long we'll wait for Amplitude SDK to initialize before giving up\nconst amplitudeInitTimeoutMs = 150;\n\n// Time between checks\nconst pollIntervalMs = 50;\n\n/** Parse Amplitude session from local storage */\nfunction parseAmplitudeStorage(s: Storage, amplitudeToken: string): AmplitudeSessionInfo {\n const storageKey = getAmplitudeStorageKey(amplitudeToken);\n const data = s.getItem(storageKey);\n return parseAmplitudeSession(data);\n}\n\n/**\n * Extracts the device and session IDs from the Amplitude cookie\n *\n * @returns An object containing the extracted device/session IDs\n */\nexport function getAmplitudeIds(): AmplitudeSessionInfo {\n const amplitudeToken = MetricsTracker?.getConfig()?.amplitudeToken;\n\n if (!amplitudeToken) {\n return {};\n }\n\n // Check for cookie storage\n const cookieTokens = parseCookie(document.cookie);\n const fromCookie = parseAmplitudeCookie(cookieTokens, amplitudeToken);\n\n if (fromCookie.deviceId && fromCookie.sessionId) {\n // Use the cookie values\n return fromCookie;\n }\n\n // Cookie not found, try localStorage fallback\n return parseAmplitudeStorage(window.localStorage, amplitudeToken);\n}\n\n/**\n * Polls a predicate function until it returns true or timeout elapses.\n *\n * @resolves To `'ok'` if condition returned true, or `'timeout'` if timeout elapsed\n * @rejects On runtime error in `condition()`\n */\nasync function waitFor(predicate: () => boolean): Promise<'ok' | 'timeout'> {\n return new Promise((resolve, reject) => {\n const timeoutId = setTimeout(() => resolve('timeout'), amplitudeInitTimeoutMs);\n\n const check = (): void => {\n try {\n if (predicate()) {\n clearTimeout(timeoutId);\n resolve('ok');\n } else {\n setTimeout(check, pollIntervalMs);\n }\n } catch (e: unknown) {\n const err = e as Error;\n clearTimeout(timeoutId);\n reject(err);\n }\n };\n\n setTimeout(check, 0); // start on next tick\n });\n}\n\n/**\n * This function forces the Amplitude SDK to start up, and returns once it has written the\n * session ID and device ID to storage. If we can't find the SID/DID in a reasonable time,\n * give up and return so we don't block the user's transaction.\n *\n * ⚠️ NOTE: this won't work in all cases: in particular, users who haven't yet consented to functional\n * cookies will not get an Amp session. But given the current @sm/metrics design this is the best\n * we can do.\n */\nexport async function waitForAmplitude(): Promise {\n // Track a useless event, this triggers initialization of the Amplitude SDK as a side effect\n MetricsTracker.track({\n name: USER_EVENTS.VIRTUAL_PAGE_VIEW,\n data: {\n amplitudeEvent: 'login init',\n },\n });\n\n // Poll until we find a session or our timeout elapses\n await waitFor(() => !!getAmplitudeIds().sessionId);\n}\n","import { createBrowserHistory } from 'history';\n\nexport default createBrowserHistory();\n","import asEnum from '~common/helpers/asEnum';\n\n/**\n * An Auth0 login strategy. The strategy appears in Auth0-issued ID Tokens as the leftmost\n * segment of the `sub` claim.\n *\n * Example sub claims:\n * - `auth0|deadbeef`\n * - `facebook|111222333444`\n * - `samlp|bigcorp|user@email.com`\n */\nexport enum Auth0Strategy {\n Apple = 'apple',\n Auth0 = 'auth0',\n Facebook = 'facebook',\n Google = 'google-oauth2',\n LinkedIn = 'linkedin',\n Microsoft = 'windowslive',\n Saml = 'samlp',\n}\n\nexport function isSocial(s: Auth0Strategy): boolean {\n switch (s) {\n case Auth0Strategy.Apple:\n case Auth0Strategy.Facebook:\n case Auth0Strategy.Google:\n case Auth0Strategy.LinkedIn:\n case Auth0Strategy.Microsoft:\n return true;\n default:\n return false;\n }\n}\n\n/** Gets the Auth0 login strategy from a `sub` claim */\nexport function getStrategyBySub(sub: string): Auth0Strategy {\n const [strategyPart] = sub.split('|');\n return asEnum(Auth0Strategy, strategyPart);\n}\n","/** The names of known \"sm.\" query params that can be added to the auth URL */\nexport enum SmParams {\n SM_APP = 'sm.app',\n SM_COUNTRY = 'sm.country',\n SM_EMAIL = 'sm.email',\n SM_FORCE_ACCOUNT_PICKER = 'sm.force_account_picker',\n SM_INVITE_TOKEN = 'sm.invite_token',\n SM_LOCALE = 'sm.locale',\n SM_SUBDOMAIN = 'sm.subdomain',\n SM_ORIGIN = 'sm.origin',\n SM_SHOW = 'sm.show',\n // amplitude device ID\n SM_AMP_DID = 'sm.amp_did',\n // amplitude session ID\n SM_AMP_SID = 'sm.amp_sid',\n}\n\n/** Possible values for the sm.origin param */\nexport enum SmOrigin {\n SURVEYENDPAGE = 'surveyendpage',\n}\n\n/** Inbound query params that we understand */\nexport enum QueryParams {\n CONNECTION = 'connection',\n EMAIL_IN_USE = 'email_in_use',\n ERROR = 'error',\n ERROR_DESCRIPTION = 'error_description',\n EP = 'ep',\n SM = 'sm',\n SM_ALLOW_CREATE_USER = 'sm_allow_create_user',\n SM_APP = 'sm.app',\n SM_LOCALE = 'sm.locale',\n SM_SHOW = 'sm.show',\n UT_SOURCE = 'ut_source',\n UT_SOURCE2 = 'ut_source2',\n}\n\nexport default SmParams;\n","/* Error types that may be observed by the client */\n\nexport enum SamlErrorCode {\n // Usersvc codes\n DOMAIN_LOCKED = 'domain_locked',\n EMAIL_ROLE_BASED = 'email_role_based',\n GROUP_DOWNGRADED = 'group_downgraded',\n GROUP_HAS_NO_OWNER = 'group_has_no_owner',\n GROUP_NOT_FOUND = 'group_not_found',\n GROUP_NOT_FOUND_BY_CANONICAL_NAME = 'group_not_found_by_canonical_name',\n GROUP_NOT_FOUND_BY_ISSUER = 'group_not_found_by_issuer',\n GROUP_NOT_SSO_ENABLED = 'group_not_sso_enabled',\n GROUP_OWNER_IS_NOT_ENTERPRISE = 'group_owner_is_not_enterprise',\n INVALID_EMAIL = 'invalid_email',\n INVALID_EMAIL_IN_USER_ATTRIBUTES = 'invalid_email_in_user_attributes',\n NOT_AFTER_FAILURE = 'not_after_failure',\n NOT_BEFORE_FAILURE = 'not_before_failure',\n NO_NAME_ID_FOUND = 'no_nameID_found',\n RESPONDENT_ONLY = 'respondent_only',\n REQUEST_DENIED = 'request_denied',\n SAML_RESPONSE_ALREADY_SEEN = 'saml_response_already_seen',\n SSO_NOT_ENABLED = 'sso_not_enabled',\n USER_PENDING_DELETION = 'user_pending_deletion',\n USER_IS_PENDING_DELETION = 'user_is_pending_deletion',\n USER_PENDING_REASSIGNMENT = 'user_pending_reassignment',\n USER_IS_PENDING_REASSIGNMENT = 'user_is_pending_reassignment',\n X509_CANNOT_VERIFY = 'x509_cannot_verify',\n X509_MISMATCH = 'x509_mismatch',\n\n // Non Usersvc codes\n CONNECTION_DISABLED = 'connection_disabled',\n IDP_INITIATED_NOT_ENABLED = 'idp_init_not_enabled',\n}\n\nexport type ErrorCode =\n | 'accept_forbidden'\n | 'content_type_not_acceptable'\n | 'data_center_mismatch'\n | 'identity_already_linked'\n | 'identity_not_linked'\n | 'internal_error'\n | 'invalid_invite'\n | 'invalid_request'\n | 'method_not_allowed'\n | 'not_enough_seats'\n | 'profile'\n | 'profile_not_found'\n | 'multiple_profiles_found'\n | 'rate_limit_exceeded'\n | 'resource_not_found'\n | 'temporarily_unavailable'\n | 'unauthorized'\n | 'user_already_in_group'\n | 'user_is_hipaa';\n\ntype ErrorSource =\n | {\n location: 'body';\n pointer: string;\n }\n | {\n location: 'headers';\n header: string;\n }\n | {\n location: 'path';\n }\n | {\n location: 'query';\n parameter: string;\n };\n\nexport type FormattedError = {\n code: ErrorCode | SamlErrorCode;\n detail: string;\n source?: ErrorSource;\n retryAfter?: string;\n isEmailInUse?: boolean;\n extra?: string;\n};\n","/**\n * @returns a string value if it belongs to the enum.\n * @throws if the value is not a member of the enum.\n */\nexport default function asEnum(\n enumObject: { [K in T]: TEnumValue },\n value: unknown\n): TEnumValue {\n const isOk = (v: unknown): v is TEnumValue => Object.values(enumObject).includes(value);\n\n if (isOk(value)) {\n return value;\n }\n\n throw new Error(`Value \"${value}\" is not a member of enum [${Object.values(enumObject).join(',')}]`);\n}\n","module.exports = jsdom;"],"names":["map","webpackAsyncContext","req","__webpack_require__","o","Promise","resolve","then","e","Error","code","ids","id","t","keys","Object","module","exports","useStyles","createUseStyles","theme","mediaQueryMinScreenSm","breakpoints","sm","ctaContainer","marginBottom","spacing","width","spacer","borderRight","palette","border","main","CTASplitter","ctas","prompt","swapOrder","_useStyles","promptText","React","Box","mb","Typography","align","variant","justify","length","Responsive","minWidth","matches","assign","mt","mx","flexJustify","display","cta","caption","index","Fragment","key","className","flexDirection","SurveyQuestion","BaseQuestionHeader","PaginatedList","AnalysisStandardViewFilterRule","AnalysisStandardViewCompareRule","SurveyRespondentAnswer","SurveyQuestionOption","Project","ProjectVariableConfiguration","ProjectVariableAnswer","ConceptTestingStimulus","AttributeQuestion","QuestionResponseSummary","MultipleComparisonQuestion","CustomQuestion","ProjectEntity","AudienceTargetingCriteria","AudienceCriteriaSelection","CustomQuestionResponseSummary","ImageAsset","TeamAsset","Asset","LibraryAsset","WelcomeFlowQuestion","SurveyQuestionTemplate","QuestionVariableAnswerData","SurveyQuestionTemplateOption","getSubdomain","subdomain","host","window","location","hostname","parts","split","isUKDomain","endsWith","validHost","validEUHost","isEUSubdomain","_slicedToArray","getQueryParam","name","URLSearchParams","search","get","undefined","hasQueryParam","has","getRedirectUri","ep","includes","getSmShow","showParam","QueryParams","pathname","SmShow","getSmApp","value","asEnum","SmApp","getSmForceAccontPicker","SmParams","getForceAccountCreation","replace","connection","strategy","Auth0Strategy","isSocial","async","replaceUrl","url","login","auth0Config","language","country","smAllowCreateUserCookieVal","ssoCanonicalName","_client$loginWithRedi","_amplitudeIds$deviceI","_amplitudeIds$session","domain","clientId","now","client","Auth0Client","authorizationParams","redirect_uri","nowProvider","smAllowCreateUser","queryObj","getAllQueryParams","params","obj","create","forEach","getConnection","_ref","_getQueryParam","stashSamlConnection","stashEp","stashSm","stashSmAllow","waitForAmplitude","appState","buildAppState","show","app","forceAccountPicker","ut_source","ut_source2","authUrl","toString","forceAccountCreation","lang","amplitudeIds","getAmplitudeIds","loginWithRedirect","openUrl","_objectSpread","deviceId","sessionId","catch","console","error","BaseLoadingPage","children","pageId","isInitialRender","useInitialRender","useRef","useEffect","current","_useContext","useContext","StaticContext","user","environment","clientConfig","countryCode","gtmId","loggingAPIPath","dataAnalyticsAPIPath","amplitudeToken","MetricsTracker","legacyWeb","AbstractHandler","constructor","nextHandler","setNext","handler","this","handle","errorDescription","ConnectionDisabledHandler","SamlErrorCode","super","IDPInitiatedHandler","InvalidCertHandler","startsWith","InvalidThumprintHandler","LoadingPage","_useState","useState","setError","handleError","validState","message","auth0Error","errorReason","errorDesc","parse","idpInitiated","invalidCert","invalidThumbprint","connectionDisabled","decodeURIComponent","SamlError","_auth0Error$code","_auth0Error","navigateTo","result","isPromise","v","ProgressCircle","continuous","useAuth0Config","_useContext$clientCo","auth0","StartAuthTransactionPage","_useContext$environme","languageCode","useParams","handleRedirectCallback","claims","getIdTokenClaims","clientErrorHandler","cleanObject","target","copy","entries","displayName","RespondentSSOClient","createRespondentSSOTokenendpointUrl","idToken","resp","fetch","method","headers","body","JSON","stringify","id_token","__raw","status","json","auth0Callback","config","sm_allow_create_user","_await$handleRedirect","_await$SessionClient$","SessionClient","createByLogin","redirectUrl","SessionResult","handleSsoSessionResult","handleLoggedInOrCreatedSessionResult","joined","force_account_picker","handleUnlinkedSessionResult","utSource","utSource2","emailInUse","stashIdToken","email_in_use","callback","isLegacySso","_fetchAndRemoveEp","_fetchAndRemoveSm","fetchAndRemoveEp","fetchAndRemoveSm","_respondentSSOData$re","respondentSSOData","createRespondentSSOToken","_fetchAndRemoveSmAllo","fetchAndRemoveSmAllow","HandleAuthCallbackPage","unlinkedWindow","maxWidth","backgroundColor","background","UnlinkedWindow","addOnTop","CaptiveWindow","logoPosition","buttonOverride","padding","UnlinkedButtonOption","isDisabled","showSpinner","titleText","onClick","href","buttonTestId","Button","stretched","color","size","disabled","defaultProps","COPY","defineMessages","unlinkedPageErrorBanner","defaultMessage","description","unlinkedPageJwtErrorBanner","UnlinkedErrorBanner","JWTError","Banner","showIcon","T","desc","html","unlinkedPageHeader","unlinkedEmailInUseHeader","headerContainer","paddingTop","paddingBottom","header","fontSize","type","pageTitle","UnlinkedHeader","socialName","headerText","values","PageHeader","centered","title","unlinkedPageSignupButtonTitle","unlinkedPageSignupButtonContent","unlinkedPageLoginButtonTitle","unlinkedPageLoginButtonEmailInUseTitle","unlinkedPageLoginButtonContent","unlinkedPageEmailInUseMessage","unlinkedPageLoginButton","unlinkedPageOptionsHeaderNoEmail","emailInUseButtonContainer","UnlinkedPageContent","_getAndValidateIdToke","getAndValidateIdToken","userEmail","email","_useState2","signupState","setSignupState","_useState3","_useState4","signupJWTError","setSignupJWTError","_useState5","_useState6","loginState","setLoginState","attemptLogin","areButtonsDisabled","loginButton","label","createURL","EmailInUse","CreateOrLogin","signupCTA","createBySignup","removeIdToken","attemptSignUp","loginCTA","UnlinkedPage","isEUDC","locale","BasePage","includeHeader","showSignupButton","includeFooter","excludeMenuItems","Helmet","ERROR_CODE","ERROR_TITLE","DEFAULT","GROUP_DOWNGRADED","GROUP_NOT_FOUND","NOT_AFTER_FAILURE","NO_NAME_ID_FOUND","RESPONDENT","SSO_NOT_ENABLED","USER_PENDING_DELETION","USER_PENDING_REASSIGNMENT","X509_CANNOT_VERIFY","ErrorPage","_React$useState","_React$useState2","isLoading","setIsLoading","pageRequestId","samlErrorCode","getSamlErrorCode","fetchSamlConnection","shouldRefreshSamlConnection","samlConnectionApi","removeSamlConnection","_getErrorMessage","getErrorMessage","reason","contactUsLink","getHelpCenterLink","path","contactUs","FiveHundredErrorPage","requestId","openingMessage","errorTitle","errorMessage","TeamPage","loadable","fallback","SurveyShareInterstitialPage","App","useLocation","GlobalThemeProvider","WrenchTheme","Switch","Route","exact","SHARED_ROUTES","LoginErrorPage","TeamRoutes","FourOhFourError","FALLBACK","_bootstrapSMWeb","bootstrapSMWeb","_window$SM","staticData","SM","__LOAD_PAYLOAD_CACHE__","initializeClientErrorHandler","environ","slLanguageLocale","_staticData$clientCo","appName","appVersion","graphQLUri","_staticData$gql","gql","_staticData$gql2$gqlC","gqlCache","apolloClient","createBrowserApolloClient","uri","cacheHydration","possibleTypes","linkOptions","credentials","batchInterval","metadata","availableLoggedOutPaths","getLocaleMessages","webassetsTranslationsModule","appTranslationsModule","err","createApp","localeMessages","ErrorBoundary","FallbackComponent","HelmetProvider","ApolloProvider","Router","history","StaticProvider","L10nProvider","localeCode","mount","document","getElementById","innerHTML","trim","hydrate","render","ID_TOKEN_NAMESPACE","EP_PARAM_NAMESPACE","SM_PARAM_NAMESPACE","SM_ALLOW_CREATE_PARAM_NAMESPACE","CONNECTION_NAME_NAMESPACE","stash","namespace","sessionStorage","setItem","getItem","remove","removeItem","fetchIdToken","token","IdentityAlreadyLinkedError","detail","IdentityNotLinkedError","InvalidJWTError","InvalidInviteError","toPref","smApp","endpointUrl","notLinkedError","getStrategyBySub","sub","serverError","errors","extra","source","pointer","response","postSessions","action","preference","SSO_LOGIN","LOGGED_IN","shouldCreateAccount","UNLINKED","inviteToken","signupParams","getSignupParams","CREATED","INVALID_JWT","targetUserId","opts","_ampIds$sessionId","_ampIds$deviceId","ampIds","signup_params","invite_token","target_user_id","auth_url","sm_amp_sid","sm_amp_did","getSocialName","freeze","CALLBACK","LANDING","CREATE","CONVERT","REASSIGN_LANDING","REASSIGN_CONFIRM","getAmplitudeStorageKey","substring","parseAmplitudeSession","parsed","parseAmplitudeCookie","cookies","cookieData","atob","input","Buffer","from","_MetricsTracker$getCo","fromCookie","parseCookie","cookie","parseAmplitudeStorage","s","storageKey","localStorage","USER_EVENTS","data","amplitudeEvent","waitFor","predicate","reject","timeoutId","setTimeout","check","clearTimeout","createBrowserHistory","Apple","Facebook","Google","LinkedIn","Microsoft","_sub$split","strategyPart","SmOrigin","enumObject","join","jsdom"],"sourceRoot":""}