From 876ca7a0a7aa6037afe9448f7521ad9a874734c8 Mon Sep 17 00:00:00 2001
From: Tomasz Gnyp <49343696+tomgny@users.noreply.github.com>
Date: Wed, 6 Sep 2023 16:21:04 +0200
Subject: [PATCH] [AAE-15813] Fix - deployed application named 'idp' doesn't
 work (#8887)

---
 .../auth-bearer.interceptor.spec.ts           | 105 ++++++++++++++++++
 .../auth-bearer.interceptor.ts                |   2 +-
 2 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 lib/core/src/lib/auth/authentication-interceptor/auth-bearer.interceptor.spec.ts

diff --git a/lib/core/src/lib/auth/authentication-interceptor/auth-bearer.interceptor.spec.ts b/lib/core/src/lib/auth/authentication-interceptor/auth-bearer.interceptor.spec.ts
new file mode 100644
index 0000000000..29145608a7
--- /dev/null
+++ b/lib/core/src/lib/auth/authentication-interceptor/auth-bearer.interceptor.spec.ts
@@ -0,0 +1,105 @@
+/*!
+ * @license
+ * Copyright © 2005-2023 Hyland Software, Inc. and its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { HttpClient, HttpHandler, HttpRequest } from '@angular/common/http';
+import { TestBed } from '@angular/core/testing';
+import { Observable, of } from 'rxjs';
+import { AuthBearerInterceptor } from './auth-bearer.interceptor';
+import { AuthenticationService } from '../services/authentication.service';
+
+const mockNext: HttpHandler = {
+    handle: () => new Observable(subscriber => {
+        subscriber.complete();
+    })
+};
+
+const mockRequest = (url) => new HttpRequest('GET', url);
+
+describe('AuthBearerInterceptor', () => {
+    let interceptor: AuthBearerInterceptor;
+    let authService: AuthenticationService;
+    let addTokenToHeaderSpy: jasmine.Spy;
+
+    beforeEach(() => {
+        TestBed.configureTestingModule({
+            providers: [
+                HttpClient,
+                HttpHandler,
+                AuthBearerInterceptor,
+                AuthenticationService
+            ]
+        });
+
+        interceptor = TestBed.inject(AuthBearerInterceptor);
+        authService = TestBed.inject(AuthenticationService);
+
+        addTokenToHeaderSpy = spyOn(authService, 'addTokenToHeader').and.returnValue(of());
+    });
+
+    it('should interceptor add auth token to NOT excluded URLs', () => {
+        const mockUrls = [
+            'https://example.com/someotherpath',
+            'https://example.com/someotherpath/anotherpath',
+            'https://example.com/test/v1/applications/service/idp/rb',
+            'http://localhost:4200/deployment-service/v1/applications/idp/logs/rb',
+            'http://localhost:4200/path/idp/v1/applications/idp/logs/rb',
+            'http://example.com/api/auth/realms/v1/applications/idp/logs/rb'
+        ];
+
+        mockUrls.forEach((url) => {
+            interceptor.intercept(mockRequest(url), mockNext);
+        });
+
+        expect(addTokenToHeaderSpy).toHaveBeenCalledTimes(mockUrls.length);
+    });
+
+    it('should interceptor pass excluded URLs without add auth token', () => {
+        const mockExcludedUrls = [
+            'https://example.com/resources/somepath',
+            'https://example.com/assets/anotherpath',
+            'http://example.com/auth/realms/testpath',
+            'https://example.com/idp/',
+            'https://example.com/idp/v1/applications/service/test/',
+            'https://example.com/auth/realms/somepath'
+        ];
+
+        mockExcludedUrls.forEach((url) => {
+            interceptor.intercept(mockRequest(url), mockNext);
+        });
+
+        expect(addTokenToHeaderSpy).not.toHaveBeenCalled();
+    });
+
+    it('should interceptor add auth token to every URL if excluded URLs array is empty', () => {
+        spyOn(authService, 'getBearerExcludedUrls').and.returnValue([]);
+
+        const mockUrls = [
+            'http://example.com/auth/realms/testpath',
+            'https://example.com/idp/',
+            'https://example.com/idp/v1/applications/service/test/',
+            'http://example.com/someotherpath',
+            'https://example.com/someotherpath/anotherpath',
+            'https://example.com/test/v1/applications/service/idp/rb'
+        ];
+
+        mockUrls.forEach((url) => {
+            interceptor.intercept(mockRequest(url), mockNext);
+        });
+
+        expect(addTokenToHeaderSpy).toHaveBeenCalledTimes(mockUrls.length);
+    });
+});
diff --git a/lib/core/src/lib/auth/authentication-interceptor/auth-bearer.interceptor.ts b/lib/core/src/lib/auth/authentication-interceptor/auth-bearer.interceptor.ts
index e56e9dc297..9afaf77b50 100644
--- a/lib/core/src/lib/auth/authentication-interceptor/auth-bearer.interceptor.ts
+++ b/lib/core/src/lib/auth/authentication-interceptor/auth-bearer.interceptor.ts
@@ -32,7 +32,7 @@ export class AuthBearerInterceptor implements HttpInterceptor {
 
   private loadExcludedUrlsRegex() {
     const excludedUrls = this.authService.getBearerExcludedUrls();
-    this.excludedUrlsRegex = excludedUrls.map((urlPattern) => new RegExp(urlPattern, 'i')) || [];
+    this.excludedUrlsRegex = excludedUrls.map((urlPattern) => new RegExp(`^https?://[^/]+/${urlPattern}`, 'i')) || [];
   }
 
   intercept(req: HttpRequest<any>, next: HttpHandler):