Fix loop scenario when the login page is not present in silent login (#6512)

* fix loop scenario when the login page is not present in silent login * fix build * fix * remove isECM * fix unit * fix
2025-07-24 17:32:15 +00:00 · 2021-01-11 09:31:11 +00:00
parent 62cec5c5b4
commit 8e12e51fb3
7 changed files with 88 additions and 36 deletions
--- a/lib/core/services/auth-guard-base.ts
+++ b/lib/core/services/auth-guard-base.ts
@@ -35,11 +35,6 @@ import { Observable } from 'rxjs';

 export abstract class AuthGuardBase implements CanActivate, CanActivateChild {

-    abstract checkLogin(
-        activeRoute: ActivatedRouteSnapshot,
-        redirectUrl: string
-    ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree;
-
    protected get withCredentials(): boolean {
        return this.appConfigService.get<boolean>(
            'auth.withCredentials',
@@ -55,6 +50,12 @@ export abstract class AuthGuardBase implements CanActivate, CanActivateChild {
        private storageService: StorageService
    ) {
    }
+ls;
+
+    abstract checkLogin(
+        activeRoute: ActivatedRouteSnapshot,
+        redirectUrl: string
+    ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree;

    canActivate(
        route: ActivatedRouteSnapshot,
@@ -62,7 +63,7 @@ export abstract class AuthGuardBase implements CanActivate, CanActivateChild {
    ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree {

        const redirectFragment = this.storageService.getItem('loginFragment');
-        if (this.authenticationService.isEcmLoggedIn() || this.withCredentials) {
+        if (this.authenticationService.isLoggedIn() || this.withCredentials) {
            if (redirectFragment) {
                this.storageService.removeItem('loginFragment');
                return this.router.createUrlTree([redirectFragment]);
@@ -85,20 +86,34 @@ export abstract class AuthGuardBase implements CanActivate, CanActivateChild {
    ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree {
        return this.canActivate(route, state);
    }
-
    protected redirectToUrl(provider: string, url: string) {
        const pathToLogin = `/${this.getLoginRoute()}`;
        let urlToRedirect;
+
+        this.dialog.closeAll();
+
        if (!this.authenticationService.isOauth()) {
            this.authenticationService.setRedirect({ provider, url });

            urlToRedirect = `${pathToLogin}?redirectUrl=${url}`;
+            this.router.navigateByUrl(urlToRedirect);
+        } else if (this.getOauthConfig().silentLogin && !this.authenticationService.isPublicUrl()) {
+            this.authenticationService.ssoImplicitLogin();
        } else {
            urlToRedirect = pathToLogin;
+            this.router.navigateByUrl(urlToRedirect);
        }

-        this.dialog.closeAll();
-        this.router.navigateByUrl(urlToRedirect);
+    }
+
+    protected getOauthConfig(): OauthConfigModel {
+        return (
+            this.appConfigService &&
+            this.appConfigService.get<OauthConfigModel>(
+                AppConfigValues.OAUTHCONFIG,
+                null
+            )
+        );
    }

    protected getLoginRoute(): string {
--- a/lib/core/services/auth-guard-bpm.service.spec.ts
+++ b/lib/core/services/auth-guard-bpm.service.spec.ts
@@ -51,6 +51,28 @@ describe('AuthGuardService BPM', () => {
        appConfigService.config.oauth2 = {};
    });

+    it('should redirect url if the alfresco js api is NOT logged in and isOAuth with silentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isBpmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        spyOn(authService, 'isPublicUrl').and.returnValue(false);
+        spyOn(authService, 'ssoImplicitLogin').and.stub();
+
+        appConfigService.config.oauth2 = {
+            silentLogin: true,
+            host: 'http://localhost:6543',
+            redirectUri: '/',
+            clientId: 'activiti',
+            publicUrl: 'settings',
+            scope: 'openid'
+        };
+
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'abc'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(authService.ssoImplicitLogin).toHaveBeenCalledTimes(1);
+    }));
+
    it('if the alfresco js api is logged in should canActivate be true', async(() => {
        spyOn(authService, 'isBpmLoggedIn').and.returnValue(true);
        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
--- a/lib/core/services/auth-guard-ecm.service.spec.ts
+++ b/lib/core/services/auth-guard-ecm.service.spec.ts
@@ -98,7 +98,6 @@ describe('AuthGuardService ECM', () => {
    }));

    it('should redirect url if the alfresco js api is NOT logged in and isOAuth with silentLogin', async(() => {
-        spyOn(router, 'navigateByUrl').and.stub();
        spyOn(authService, 'isEcmLoggedIn').and.returnValue(false);
        spyOn(authService, 'isOauth').and.returnValue(true);
        spyOn(authService, 'isPublicUrl').and.returnValue(false);
@@ -115,8 +114,7 @@ describe('AuthGuardService ECM', () => {

        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'abc'};

-        expect(authGuard.canActivate(null, route)).toBeTruthy();
-        expect(router.navigateByUrl).toHaveBeenCalledTimes(1);
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
        expect(authService.ssoImplicitLogin).toHaveBeenCalledTimes(1);
    }));

--- a/lib/core/services/auth-guard-ecm.service.ts
+++ b/lib/core/services/auth-guard-ecm.service.ts
@@ -39,11 +39,12 @@ export class AuthGuardEcm extends AuthGuardBase {
    }

    checkLogin(_: ActivatedRouteSnapshot, redirectUrl: string): boolean {
-        this.redirectToUrl('ECM', redirectUrl);
-        if (!this.authenticationService.isEcmLoggedIn() && this.isSilentLogin() && !this.authenticationService.isPublicUrl()) {
-            this.authenticationService.ssoImplicitLogin();
+        if (this.authenticationService.isEcmLoggedIn() || this.withCredentials) {
            return true;
        }
+
+        this.redirectToUrl('ECM', redirectUrl);
+
        return false;
    }
 }
--- a/lib/core/services/auth-guard.service.spec.ts
+++ b/lib/core/services/auth-guard.service.spec.ts
@@ -97,13 +97,13 @@ describe('AuthGuardService', () => {
    }));

    it('should NOT redirect url if the User is NOT logged in and isOAuth but with silentLogin configured', async(async () => {
-        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'ssoImplicitLogin').and.stub();
        spyOn(authService, 'isLoggedIn').and.returnValue(false);
        spyOn(authService, 'isOauth').and.returnValue(true);
        appConfigService.config.oauth2.silentLogin = true;

        expect(await authGuard.canActivate(null, state)).toBeFalsy();
-        expect(router.navigateByUrl).toHaveBeenCalled();
+        expect(authService.ssoImplicitLogin).toHaveBeenCalledTimes(1);
    }));

    it('should set redirect url', async(async () => {