From 051b82684f40cffde97ec385f956edf57b3fcdd2 Mon Sep 17 00:00:00 2001 From: Amedeo Lepore Date: Thu, 15 May 2025 21:27:22 +0200 Subject: [PATCH] AAE-34959 Allow disabling withCredentials for the identity providers that disallow credentials (#10859) --- .../lib/app-config/app-config.loader.spec.ts | 123 ++++++++++++++++++ .../src/lib/app-config/app-config.loader.ts | 5 + 2 files changed, 128 insertions(+) create mode 100644 lib/core/src/lib/app-config/app-config.loader.spec.ts diff --git a/lib/core/src/lib/app-config/app-config.loader.spec.ts b/lib/core/src/lib/app-config/app-config.loader.spec.ts new file mode 100644 index 0000000000..94d4aeebc6 --- /dev/null +++ b/lib/core/src/lib/app-config/app-config.loader.spec.ts @@ -0,0 +1,123 @@ +/*! + * @license + * Copyright © 2005-2025 Hyland Software, Inc. and its affiliates. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import { AdfHttpClient } from '@alfresco/adf-core/api'; +import { StorageService } from '../common'; +import { StoragePrefixFactory } from './app-config-storage-prefix.factory'; +import { loadAppConfig } from './app-config.loader'; +import { AppConfigService, AppConfigValues } from './app-config.service'; +import { fakeAsync, TestBed, tick } from '@angular/core/testing'; +import { HttpClientModule } from '@angular/common/http'; +import { of } from 'rxjs'; + +describe('loadAppConfig', () => { + let appConfigServiceSpy: jasmine.SpyObj; + let storageServiceSpy: jasmine.SpyObj; + let adfHttpClientSpy: jasmine.SpyObj; + let storagePrefixFactorySpy: jasmine.SpyObj; + + let appConfigGetSpy: jasmine.Spy; + let appConfigLoadSpy: jasmine.Spy; + + let factoryFunction: () => void; + + beforeEach(() => { + adfHttpClientSpy = jasmine.createSpyObj('AdfHttpClient', ['setDefaultSecurityOption']); + storagePrefixFactorySpy = jasmine.createSpyObj('StoragePrefixFactory', ['getPrefix']); + + TestBed.configureTestingModule({ + imports: [HttpClientModule], + providers: [ + { provide: AppConfigService }, + { provide: StorageService }, + { + provide: AdfHttpClient, + useValue: adfHttpClientSpy + }, + { provide: StoragePrefixFactory, useValue: storagePrefixFactorySpy } + ] + }); + + appConfigServiceSpy = TestBed.inject(AppConfigService) as jasmine.SpyObj; + appConfigGetSpy = spyOn(appConfigServiceSpy, 'get'); + appConfigLoadSpy = spyOn(appConfigServiceSpy, 'load'); + appConfigLoadSpy.and.callFake((callback: () => void) => { + callback(); + }); + + storageServiceSpy = TestBed.inject(StorageService) as jasmine.SpyObj; + spyOnProperty(storageServiceSpy, 'prefix', 'get').and.callThrough(); + + storagePrefixFactorySpy.getPrefix.and.returnValue({ subscribe: () => {} } as any); + + factoryFunction = loadAppConfig(appConfigServiceSpy, storageServiceSpy, adfHttpClientSpy, storagePrefixFactorySpy); + }); + + it('should disable CSRF based on app config', () => { + appConfigGetSpy.and.callFake((key: string): any => { + if (key === AppConfigValues.DISABLECSRF) { + return true; + } + }); + + factoryFunction(); + + expect(appConfigServiceSpy.get).toHaveBeenCalledWith('disableCSRF', true); + expect(adfHttpClientSpy.disableCsrf).toBeTrue(); + }); + + it('should set default security option when auth.withCredentials is defined', () => { + appConfigServiceSpy.get.and.callFake((key: string): any => { + if (key === AppConfigValues.AUTH_WITH_CREDENTIALS) { + return true; + } + }); + + factoryFunction(); + + expect(adfHttpClientSpy.setDefaultSecurityOption).toHaveBeenCalledWith({ withCredentials: true }); + }); + + it('should set storage prefix from app config', () => { + appConfigServiceSpy.get.and.callFake((key: string, _default): any => { + if (key === AppConfigValues.STORAGE_PREFIX) { + return 'test-prefix'; + } + }); + + factoryFunction(); + + expect(appConfigServiceSpy.get).toHaveBeenCalledWith(AppConfigValues.STORAGE_PREFIX, ''); + expect(storageServiceSpy.prefix).toEqual('test-prefix_'); + }); + + it('should update storage prefix from storagePrefixFactory', fakeAsync(() => { + storagePrefixFactorySpy.getPrefix.and.returnValue(of('new-amazing-prefix')); + + factoryFunction(); + tick(); + + expect(storagePrefixFactorySpy.getPrefix).toHaveBeenCalled(); + expect(storageServiceSpy.prefix).toEqual('new-amazing-prefix_'); + })); + + it('should call appConfigService.load with the init function', () => { + factoryFunction(); + + expect(appConfigLoadSpy).toHaveBeenCalledWith(jasmine.any(Function)); + }); +}); diff --git a/lib/core/src/lib/app-config/app-config.loader.ts b/lib/core/src/lib/app-config/app-config.loader.ts index 1fecdd23ab..e6de30ba15 100644 --- a/lib/core/src/lib/app-config/app-config.loader.ts +++ b/lib/core/src/lib/app-config/app-config.loader.ts @@ -37,6 +37,11 @@ export function loadAppConfig( ) { const init = () => { adfHttpClient.disableCsrf = appConfigService.get(AppConfigValues.DISABLECSRF, true); + const withCredentials = appConfigService.get(AppConfigValues.AUTH_WITH_CREDENTIALS); + if (withCredentials !== undefined && withCredentials !== null) { + adfHttpClient.setDefaultSecurityOption({ withCredentials }); + } + storageService.prefix = appConfigService.get(AppConfigValues.STORAGE_PREFIX, ''); storagePrefixFactory.getPrefix().subscribe((property) => {