inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-07-24 17:32:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

ACS-8770 Update the Auth Service api docs and deprecations (#9947)

Browse Source 
* update api docs and clean dead code

* update api docs and clean dead code

rebasing onto develop branch

* [ACS-8770] fix unit test after auth refactor

* [ACS-8770] fix sonarcube issues

* [ACS-8770] update auth service doc file

* [ACS-8770] clean up demo-shell artifacts

---------

Co-authored-by: Anton Ramanovich <Anton.Ramanovich@hyland.com>
This commit is contained in:
Denys Vuika
2025-07-21 09:16:59 -04:00
committed by GitHub
parent 45834e20f9
commit 0b90affea4
15 changed files with 99 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
docs/core/services/authentication.service.md
View File

@@ -2,10 +2,10 @@
Title: Authentication Service
Added: v2.0.0
Status: Active
Last reviewed: 2019-03-19
Last reviewed: 2025-06-12
---
# [Authentication Service](../../../lib/core/src/lib/auth/services/authentication.service.ts "Defined in authentication.service.ts")
# Authentication Service
Provides authentication to ACS and APS.
@@ -13,103 +13,57 @@ Provides authentication to ACS and APS.
### Methods
- **addTokenToHeader**(headersArg?: `HttpHeaders`): [`Observable`](http://reactivex.io/documentation/observable.html)`<HttpHeaders>`<br/>
- **addTokenToHeader**(requestUrl: `string`, headersArg?: `HttpHeaders`): [`Observable`](http://reactivex.io/documentation/observable.html)`<HttpHeaders>`<br/>
Adds the auth token to an HTTP header using the 'bearer' scheme.
- _requestUrl:_ `string` - The URL of the request for which to set authentication headers.
- _headersArg:_ `HttpHeaders` - (Optional) Header that will receive the token
- **Returns** [`Observable`](http://reactivex.io/documentation/observable.html)`<HttpHeaders>` - The new header with the token added
- **getBearerExcludedUrls**()<br/>
Gets the set of URLs that the token bearer is excluded from.
- **getBpmLoggedUser**(): [`Observable`](http://reactivex.io/documentation/observable.html)`<`[`UserRepresentation`](https://github.com/Alfresco/alfresco-js-api/blob/develop/src/api/activiti-rest-api/docs/UserRepresentation.md)`>`<br/>
Gets information about the user currently logged into APS.
- **Returns** [`Observable`](http://reactivex.io/documentation/observable.html)`<`[`UserRepresentation`](https://github.com/Alfresco/alfresco-js-api/blob/develop/src/api/activiti-rest-api/docs/UserRepresentation.md)`>` - User information
- **getBpmUsername**(): `string`<br/>
Gets the BPM username
- **Returns** `string` - The BPM username
- **getEcmUsername**(): `string`<br/>
Gets the ECM username.
- **Returns** `string` - The ECM username
- **getRedirect**(): `string`<br/>
Gets the URL to redirect to after login.
- **Returns** `string` - The redirect URL
- **getTicketBpm**(): `string|null`<br/>
Gets the BPM ticket stored in the Storage.
- **Returns** `string|null` - The ticket or `null` if none was found
- **getTicketEcm**(): `string|null`<br/>
Gets the ECM ticket stored in the Storage.
- **Returns** `string|null` - The ticket or `null` if none was found
- **getTicketEcmBase64**(): `string|null`<br/>
Gets the BPM ticket from the Storage in Base 64 format.
- **Returns** `string|null` - The ticket or `null` if none was found
- **getToken**(): `string`<br/>
Gets the auth token.
- **Returns** `string` - Auth token string
- **handleError**(error: `any`): [`Observable`](http://reactivex.io/documentation/observable.html)`<any>`<br/>
Prints an error message in the console browser
- _error:_ `any` - Error message
- **Returns** [`Observable`](http://reactivex.io/documentation/observable.html)`<any>` - Object representing the error message
- **getUsername**(): `string`<br/>
Gets the username of the authenticated user.
- **Returns** `string` - Username of the authenticated user
- **getAuthHeaders**(requestUrl: `string`, headers: `HttpHeaders`): `HttpHeaders`<br/>
Gets and sets the necessary authentication headers for a given request URL.
- _requestUrl:_ `string` - The URL of the request for which to obtain authentication headers.
- _headers:_ `HttpHeaders` - The existing HTTP headers to which authentication details might be added.
- **Returns** `HttpHeaders` - The HTTP headers object, potentially updated with authentication tokens.
- **isALLProvider**(): `boolean`<br/>
Does the provider support both ECM and BPM?
- **Returns** `boolean` - True if both are supported, false otherwise
- **isAuthCodeFlow**(): `boolean`<br/>
- **Returns** `boolean` -
- **isBPMProvider**(): `boolean`<br/>
Does the provider support BPM?
- **Returns** `boolean` - True if supported, false otherwise
- **isBpmLoggedIn**(): `boolean`<br/>
Checks if the user is logged in on a BPM provider.
- **Returns** `boolean` - True if logged in, false otherwise
- **isECMProvider**(): `boolean`<br/>
Does the provider support ECM?
- **Returns** `boolean` - True if supported, false otherwise
- **isEcmLoggedIn**(): `boolean`<br/>
Checks if the user is logged in on an ECM provider.
- **Returns** `boolean` - True if logged in, false otherwise
- **isImplicitFlow**(): `boolean`<br/>
- **Returns** `boolean` -
- **isKerberosEnabled**(): `boolean`<br/>
Does kerberos enabled?
- **Returns** `boolean` - True if enabled, false otherwise
- **isLoggedIn**(): `boolean`<br/>
Checks if the user logged in.
- **Returns** `boolean` - True if logged in, false otherwise
- **isLoggedInWith**(provider: `string`): `boolean`<br/>
- _provider:_ `string` -
- **Returns** `boolean` -
- **isOauth**(): `boolean`<br/>
Does the provider support OAuth?
- **Returns** `boolean` - True if supported, false otherwise
- **isPublicUrl**(): `boolean`<br/>
- **Returns** `boolean` -
- **isRememberMeSet**(): `boolean`<br/>
Checks whether the "remember me" cookie was set or not.
- **Returns** `boolean` - True if set, false otherwise
- **login**(username: `string`, password: `string`, rememberMe: `boolean` = `false`): [`Observable`](http://reactivex.io/documentation/observable.html)`<Function>`<br/>
- **login**(username: `string`, password: `string`, rememberMe?: `boolean`): [`Observable`](http://reactivex.io/documentation/observable.html)`<{ type: string; ticket: any }>`<br/>
Logs the user in.
- _username:_ `string` - Username for the login
- _password:_ `string` - Password for the login
- _rememberMe:_ `boolean` - Stores the user's login details if true
- **Returns** [`Observable`](http://reactivex.io/documentation/observable.html)`<Function>` - Object with auth type ("ECM", "BPM" or "ALL") and auth ticket
- **logout**(): [`Observable`](http://reactivex.io/documentation/observable.html)`<any>`<br/>
Logs the user out.
- _rememberMe:_ `boolean` - (Optional) Stores the user's login details if true
- **Returns** [`Observable`](http://reactivex.io/documentation/observable.html)`<{ type: string; ticket: any }>` - An Observable that emits an object containing the authentication type (`type`) and the authentication ticket (`ticket`) upon successful login.
- **logout**(): [`Observable`](http://reactivex.io/documentation/observable.html)`<any>`<br/> Logs the user out.
- **Returns** [`Observable`](http://reactivex.io/documentation/observable.html)`<any>` - Response event called when logout is complete
- **reset**()<br/>
- **saveRememberMeCookie**(rememberMe: `boolean`)<br/>
Saves the "remember me" cookie as either a long-life cookie or a session cookie.
- _rememberMe:_ `boolean` - Enables a long-life cookie
- **setRedirect**(url?: [`RedirectionModel`](../../../lib/core/src/lib/auth/models/redirection.model.ts))<br/>
Sets the URL to redirect to after login.
- _url:_ [`RedirectionModel`](../../../lib/core/src/lib/auth/models/redirection.model.ts) - (Optional) URL to redirect to
- **ssoImplicitLogin**()<br/>
Logs the user in with SSO
- **reset**(): `void`<br/>Resets the authentication state of the service.
- **on**(event: `string`, listener: `Function`): `void`<br/> Adds an event listener for the specified event.
- **off**(event: `string`, listener?: `Function`): `void`<br/> Removes an event listener for the specified event.
- **once**(event: `string`, listener: `Function`): `void`<br/> Adds a one-time event listener for the specified event.
- **emit**(event: `string`, ...args: `any[]`): `void`<br/> Emits an event with optional arguments.
- **onLogin**: [`Subject`](https://reactivex.io/documentation/subject)`<any>`<br/> Emitted when the user logs in successfully.
- **onLogout**: [`Subject`](https://reactivex.io/documentation/subject)`<any>`<br/> Emitted when the user logs out.
- **onTokenReceived**: [`Subject`](https://reactivex.io/documentation/subject)`<any>`<br/> Emitted when an authentication token is received.
- **onError**: [`Observable`](http://reactivex.io/documentation/observable.html)`<any>`<br/> An Observable that emits an error object when an authentication-related error occurs.
## Details

2
lib/content-services/src/lib/common/services/content.service.spec.ts
View File

@@ -156,7 +156,7 @@ describe('ContentService', () => {
});
it('should take current logged user id if userId undefined ', () => {
spyOn(authService, 'getEcmUsername').and.returnValue('user1');
spyOn(authService, 'getUsername').and.returnValue('user1');
const permissionNode = new Node({
permissions: {
inherited: [

2
lib/content-services/src/lib/common/services/content.service.ts
View File

@@ -84,7 +84,7 @@ export class ContentService {
*/
hasPermissions(node: Node, permission: PermissionsEnum | string, userId?: string): boolean {
let hasPermissions = false;
userId = userId ?? this.authService.getEcmUsername();
userId = userId ?? this.authService.getUsername();
const permissions = [...(node.permissions?.locallySet || []), ...(node.permissions?.inherited || [])].filter(
(currentPermission) => currentPermission.authorityId === userId

4
lib/content-services/src/lib/content-node-selector/site-dropdown/sites-dropdown.component.spec.ts
View File

@@ -274,7 +274,7 @@ describe('DropdownSitesComponent', () => {
});
it('should show only sites which logged user is member of when member relation is set', async () => {
spyOn(authService, 'getEcmUsername').and.returnValue('test');
spyOn(authService, 'getUsername').and.returnValue('test');
fixture.detectChanges();
await fixture.whenStable();
@@ -295,7 +295,7 @@ describe('DropdownSitesComponent', () => {
});
it('should show all the sites if no relation is set', async () => {
spyOn(authService, 'getEcmUsername').and.returnValue('test');
spyOn(authService, 'getUsername').and.returnValue('test');
fixture.detectChanges();
await fixture.whenStable();

2
lib/content-services/src/lib/content-node-selector/site-dropdown/sites-dropdown.component.ts
View File

@@ -181,7 +181,7 @@ export class DropdownSitesComponent implements OnInit {
}
private filteredResultsByMember(sites: SitePaging): SitePaging {
const loggedUserName = this.authService.getEcmUsername();
const loggedUserName = this.authService.getUsername();
sites.list.entries = sites.list.entries.filter((site) => this.isCurrentUserMember(site, loggedUserName));
return sites;
}

4
lib/content-services/src/lib/document-list/components/document-list.component.spec.ts
View File

@@ -646,7 +646,7 @@ describe('DocumentList', () => {
title: 'FileAction'
});
spyOn(authenticationService, 'getEcmUsername').and.returnValue('lockOwner');
spyOn(authenticationService, 'getUsername').and.returnValue('lockOwner');
documentList.actions = [documentMenu];
@@ -677,7 +677,7 @@ describe('DocumentList', () => {
title: 'FileAction'
});
spyOn(authenticationService, 'getEcmUsername').and.returnValue('jerryTheKillerCow');
spyOn(authenticationService, 'getUsername').and.returnValue('jerryTheKillerCow');
documentList.actions = [documentMenu];

8
lib/content-services/src/lib/document-list/services/lock.service.spec.ts
View File

@@ -137,22 +137,22 @@ describe('LockService', () => {
} as Node;
it('should return false when the user is the lock owner', () => {
spyOn(authenticationService, 'getEcmUsername').and.returnValue('lock-owner-user');
spyOn(authenticationService, 'getUsername').and.returnValue('lock-owner-user');
expect(service.isLocked(nodeOwnerAllowedLock)).toBeFalsy();
});
it('should return true when the user is not the lock owner', () => {
spyOn(authenticationService, 'getEcmUsername').and.returnValue('banana-user');
spyOn(authenticationService, 'getUsername').and.returnValue('banana-user');
expect(service.isLocked(nodeOwnerAllowedLock)).toBeTruthy();
});
it('should return false when the user is not the lock owner but the lock is expired', () => {
spyOn(authenticationService, 'getEcmUsername').and.returnValue('banana-user');
spyOn(authenticationService, 'getUsername').and.returnValue('banana-user');
expect(service.isLocked(nodeOwnerAllowedLockWithExpiredDate)).toBeFalsy();
});
it('should return true when is not the lock owner and the expiration date is valid', () => {
spyOn(authenticationService, 'getEcmUsername').and.returnValue('banana-user');
spyOn(authenticationService, 'getUsername').and.returnValue('banana-user');
expect(service.isLocked(nodeOwnerAllowedLockWithActiveExpiration)).toBeTruthy();
});
});

2
lib/content-services/src/lib/document-list/services/lock.service.ts
View File

@@ -32,7 +32,7 @@ export class LockService {
if (this.isReadOnlyLock(node)) {
isLocked = !this.isLockExpired(node);
} else if (this.isLockOwnerAllowed(node)) {
isLocked = this.authService.getEcmUsername() !== node.properties['cm:lockOwner'].id;
isLocked = this.authService.getUsername() !== node.properties['cm:lockOwner'].id;
if (this.isLockExpired(node)) {
isLocked = false;
}

13
lib/core/src/lib/auth/basic-auth/basic-alfresco-auth.service.ts
View File

@@ -317,14 +317,27 @@ export class BasicAlfrescoAuthService extends BaseAuthenticationService {
return this.redirectUrl && (this.redirectUrl.provider === 'ALL' || provider === 'ALL');
}
/**
* @deprecated use `getUsername()` instead
* @returns the username of the authenticated user
*/
getBpmUsername(): string {
return this.processAuth.getUsername();
}
/**
* @deprecated use `getUsername()` instead
* @returns the username of the authenticated user
*/
getEcmUsername(): string {
return this.contentAuth.getUsername();
}
/**
* Gets the username of the authenticated user.
*
* @returns the username of the authenticated user
*/
getUsername(): string {
if (this.isBPMProvider()) {
return this.processAuth.getUsername();

2
lib/core/src/lib/auth/guard/auth-guard-bpm.service.spec.ts
View File

@@ -94,7 +94,7 @@ describe('AuthGuardService BPM', () => {
});
it('if the alfresco js api is logged in should canActivate be true', async () => {
spyOn(authService, 'isBpmLoggedIn').and.returnValue(true);
spyOn(authService, 'isLoggedIn').and.returnValue(true);
authGuard = TestBed.runInInjectionContext(() => AuthGuardBpm(route, state)) as Promise<boolean>;
expect(await authGuard).toBeTruthy();

2
lib/core/src/lib/auth/guard/auth-guard-bpm.service.ts
View File

@@ -28,7 +28,7 @@ export const AuthGuardBpm: CanActivateFn = async (_: ActivatedRouteSnapshot, sta
return authGuardBaseService.redirectSSOSuccessURL();
}
if (authenticationService.isBpmLoggedIn() || authGuardBaseService.withCredentials) {
if (authenticationService.isLoggedIn() || authGuardBaseService.withCredentials) {
return true;
}

27
lib/core/src/lib/auth/interfaces/authentication-service.interface.ts
View File

@@ -20,7 +20,6 @@ import ee from 'event-emitter';
import { Observable } from 'rxjs';
export interface AuthenticationServiceInterface {
onError: any;
onLogin: any;
onLogout: any;
@@ -31,30 +30,26 @@ export interface AuthenticationServiceInterface {
emit: (type: string, ...args: any[]) => void;
getToken(): string;
isLoggedIn(): boolean;
isOauth(): boolean;
logout(): any;
isEcmLoggedIn(): boolean;
isBpmLoggedIn(): boolean;
isECMProvider(): boolean;
isBPMProvider(): boolean;
isALLProvider(): boolean;
getEcmUsername(): string;
getBpmUsername(): string;
getUsername(): string;
getAuthHeaders(requestUrl: string, header: HttpHeaders): HttpHeaders;
addTokenToHeader(requestUrl: string, headersArg?: HttpHeaders): Observable<HttpHeaders>;
reset(): void;
/** @deprecated use `isLoggedIn` instead, use `isECMProvider` if you need to know the auth type */
isEcmLoggedIn(): boolean;
/** @deprecated use `isLoggedIn` instead, use `isBPMProvider` if you need to know the auth type */
isBpmLoggedIn(): boolean;
/** @deprecated use `getUsername` instead */
getEcmUsername(): string;
/** @deprecated use `getUsername` instead */
getBpmUsername(): string;
}

31
lib/core/src/lib/auth/oidc/oidc-authentication.service.ts
View File

@@ -56,6 +56,10 @@ export class OidcAuthenticationService extends BaseAuthenticationService {
map(([authenticated, isDiscoveryDocumentLoaded]) => !authenticated && isDiscoveryDocumentLoaded)
);
/**
* @deprecated use `isLoggedIn` instead
* @returns true if the ECM provider is logged in
*/
isEcmLoggedIn(): boolean {
if (this.isECMProvider() || this.isALLProvider()) {
return this.isLoggedIn();
@@ -63,6 +67,10 @@ export class OidcAuthenticationService extends BaseAuthenticationService {
return false;
}
/**
* @deprecated use `isLoggedIn` instead
* @returns true if the BPM provider is logged in
*/
isBpmLoggedIn(): boolean {
if (this.isBPMProvider() || this.isALLProvider()) {
return this.isLoggedIn();
@@ -82,16 +90,6 @@ export class OidcAuthenticationService extends BaseAuthenticationService {
return this.oauthService.hasValidIdToken();
}
isImplicitFlow() {
const oauth2: OauthConfigModel = Object.assign({}, this.appConfig.get<OauthConfigModel>(AppConfigValues.OAUTHCONFIG, null));
return !!oauth2?.implicitFlow;
}
isAuthCodeFlow() {
const oauth2: OauthConfigModel = Object.assign({}, this.appConfig.get<OauthConfigModel>(AppConfigValues.OAUTHCONFIG, null));
return !!oauth2?.codeFlow;
}
login(username: string, password: string): Observable<{ type: string; ticket: any }> {
return this.auth.baseAuthLogin(username, password).pipe(
map((response) => {
@@ -125,12 +123,17 @@ export class OidcAuthenticationService extends BaseAuthenticationService {
});
}
/**
* Gets the username of the authenticated user.
*
* @returns the logged username
*/
getUsername() {
return this.jwtHelperService.getValueFromLocalToken<string>(JwtHelperService.USER_PREFERRED_USERNAME);
}
/**
* @deprecated
* @deprecated use `getUsername` instead
* @returns the logged username
*/
getEcmUsername(): string {
@@ -138,7 +141,7 @@ export class OidcAuthenticationService extends BaseAuthenticationService {
}
/**
* @deprecated
* @deprecated use `getUsername` instead
* @returns the logged username
*/
getBpmUsername(): string {
@@ -149,10 +152,6 @@ export class OidcAuthenticationService extends BaseAuthenticationService {
this.auth.login(redirectUrl);
}
ssoCodeFlowLogin() {
this.oauthService.initCodeFlow();
}
isRememberMeSet(): boolean {
return true;
}

30
lib/core/src/lib/auth/services/authentication.service.ts
View File

@@ -116,17 +116,25 @@ export class AuthenticationService implements AuthenticationServiceInterface, ee
}
}
/**
* @deprecated use `isLoggedIn` instead
* @returns true if the ECM provider is logged in
*/
isEcmLoggedIn(): boolean {
if (this.isOauth()) {
return this.oidcAuthenticationService.isEcmLoggedIn();
return this.oidcAuthenticationService.isLoggedIn();
} else {
return this.basicAlfrescoAuthService.isEcmLoggedIn();
}
}
/**
* @deprecated use `isLoggedIn` instead
* @returns true if the BPM provider is logged in
*/
isBpmLoggedIn(): boolean {
if (this.isOauth()) {
return this.oidcAuthenticationService.isBpmLoggedIn();
return this.oidcAuthenticationService.isLoggedIn();
} else {
return this.basicAlfrescoAuthService.isBpmLoggedIn();
}
@@ -149,6 +157,8 @@ export class AuthenticationService implements AuthenticationServiceInterface, ee
}
/**
* Gets the username of the authenticated user.
*
* @returns the username of the authenticated user
*/
getUsername(): string {
@@ -160,27 +170,19 @@ export class AuthenticationService implements AuthenticationServiceInterface, ee
}
/**
* @deprecated
* @deprecated use `getUsername` instead
* @returns the logged username
*/
getEcmUsername(): string {
if (this.isOauth()) {
return this.oidcAuthenticationService.getUsername();
} else {
return this.basicAlfrescoAuthService.getEcmUsername();
}
return this.getUsername();
}
/**
* @deprecated
* @deprecated use `getUsername` instead
* @returns the logged username
*/
getBpmUsername(): string {
if (this.isOauth()) {
return this.oidcAuthenticationService.getUsername();
} else {
return this.basicAlfrescoAuthService.getBpmUsername();
}
return this.getUsername();
}
getAuthHeaders(requestUrl: string, headers: HttpHeaders): HttpHeaders {

13
lib/core/src/lib/auth/services/base-authentication.service.ts
View File

@@ -40,21 +40,23 @@ export abstract class BaseAuthenticationService implements AuthenticationService
}
abstract getAuthHeaders(requestUrl: string, header: HttpHeaders): HttpHeaders;
abstract getToken(): string;
abstract isLoggedIn(): boolean;
abstract logout(): any;
/** @deprecated use `isLoggedIn` instead */
abstract isEcmLoggedIn(): boolean;
/** @deprecated use `isLoggedIn` instead */
abstract isBpmLoggedIn(): boolean;
abstract reset(): void;
abstract getUsername(): string;
/** @deprecated use `getUsername` instead */
abstract getEcmUsername(): string;
/** @deprecated use `getUsername` instead */
abstract getBpmUsername(): string;
/**
@@ -110,11 +112,6 @@ export abstract class BaseAuthenticationService implements AuthenticationService
return provider && provider.toUpperCase() === 'ALL';
}
isOauthConfiguration(): boolean {
const authType = this.appConfig.get('authType') as string;
return authType === 'OAUTH';
}
/**
* Prints an error message in the console browser
*