Fix loop scenario when the login page is not present in silent login (#6512)

* fix loop scenario when the login page is not present in silent login * fix build * fix * remove isECM * fix unit * fix
2025-07-24 17:32:15 +00:00 · 2021-01-11 09:31:11 +00:00
parent 62cec5c5b4
commit 8e12e51fb3
7 changed files with 88 additions and 36 deletions
--- a/lib/cli/package-lock.json
+++ b/lib/cli/package-lock.json
@@ -5,9 +5,9 @@
  "requires": true,
  "dependencies": {
    "@alfresco/js-api": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/@alfresco/js-api/-/js-api-4.1.0.tgz",
-      "integrity": "sha512-9eWihZ3lNtI08cffrnTqB9G8j9syDbLegyTescj8J1vqcxaXF7pvFCfP1zcNRIzfEErx8ncqjFf+IMbh8lvb7A==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/@alfresco/js-api/-/js-api-4.2.0.tgz",
+      "integrity": "sha512-gaKTfiTPbcFdtcBQJ2qWFXVegOSt3FgQpUtzS64uQK9BrFS74wYqIVgYc+00RmGGmpEumKlPxxoSF/xWhrzIEA==",
      "requires": {
        "event-emitter": "^0.3.5",
        "minimatch": "3.0.4",
@@ -640,21 +640,21 @@
      "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4="
    },
    "mime": {
-      "version": "2.4.6",
-      "resolved": "https://registry.npmjs.org/mime/-/mime-2.4.6.tgz",
-      "integrity": "sha512-RZKhC3EmpBchfTGBVb8fb+RL2cWyw/32lshnsETttkBAyAUXSGHxbEJWWRXc751DrIxG1q04b8QwMbAwkRPpUA=="
+      "version": "2.4.7",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-2.4.7.tgz",
+      "integrity": "sha512-dhNd1uA2u397uQk3Nv5LM4lm93WYDUXFn3Fu291FJerns4jyTudqhIWe4W04YLy7Uk1tm1Ore04NpjRvQp/NPA=="
    },
    "mime-db": {
-      "version": "1.44.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz",
-      "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg=="
+      "version": "1.45.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.45.0.tgz",
+      "integrity": "sha512-CkqLUxUk15hofLoLyljJSrukZi8mAtgd+yE5uO4tqRZsdsAJKv0O+rFMhVDRJgozy+yG6md5KwuXhD4ocIoP+w=="
    },
    "mime-types": {
-      "version": "2.1.27",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz",
-      "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==",
+      "version": "2.1.28",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.28.tgz",
+      "integrity": "sha512-0TO2yJ5YHYr7M2zzT7gDU1tbwHxEUWBCLt0lscSNpcdAfFyJOVEpRYNS7EXVcTLNj/25QO8gulHC5JtTzSE2UQ==",
      "requires": {
-        "mime-db": "1.44.0"
+        "mime-db": "1.45.0"
      }
    },
    "minimatch": {
@@ -1166,6 +1166,14 @@
            "ms": "2.1.2"
          }
        },
+        "lru-cache": {
+          "version": "6.0.0",
+          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+          "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+          "requires": {
+            "yallist": "^4.0.0"
+          }
+        },
        "readable-stream": {
          "version": "3.6.0",
          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz",
@@ -1177,9 +1185,17 @@
          }
        },
        "semver": {
-          "version": "7.3.2",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.2.tgz",
-          "integrity": "sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ=="
+          "version": "7.3.4",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz",
+          "integrity": "sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==",
+          "requires": {
+            "lru-cache": "^6.0.0"
+          }
+        },
+        "yallist": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+          "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
        }
      }
    },
--- a/lib/core/services/auth-guard-base.ts
+++ b/lib/core/services/auth-guard-base.ts
@@ -35,11 +35,6 @@ import { Observable } from 'rxjs';

 export abstract class AuthGuardBase implements CanActivate, CanActivateChild {

-    abstract checkLogin(
-        activeRoute: ActivatedRouteSnapshot,
-        redirectUrl: string
-    ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree;
-
    protected get withCredentials(): boolean {
        return this.appConfigService.get<boolean>(
            'auth.withCredentials',
@@ -55,6 +50,12 @@ export abstract class AuthGuardBase implements CanActivate, CanActivateChild {
        private storageService: StorageService
    ) {
    }
+ls;
+
+    abstract checkLogin(
+        activeRoute: ActivatedRouteSnapshot,
+        redirectUrl: string
+    ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree;

    canActivate(
        route: ActivatedRouteSnapshot,
@@ -62,7 +63,7 @@ export abstract class AuthGuardBase implements CanActivate, CanActivateChild {
    ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree {

        const redirectFragment = this.storageService.getItem('loginFragment');
-        if (this.authenticationService.isEcmLoggedIn() || this.withCredentials) {
+        if (this.authenticationService.isLoggedIn() || this.withCredentials) {
            if (redirectFragment) {
                this.storageService.removeItem('loginFragment');
                return this.router.createUrlTree([redirectFragment]);
@@ -85,20 +86,34 @@ export abstract class AuthGuardBase implements CanActivate, CanActivateChild {
    ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree {
        return this.canActivate(route, state);
    }
-
    protected redirectToUrl(provider: string, url: string) {
        const pathToLogin = `/${this.getLoginRoute()}`;
        let urlToRedirect;
+
+        this.dialog.closeAll();
+
        if (!this.authenticationService.isOauth()) {
            this.authenticationService.setRedirect({ provider, url });

            urlToRedirect = `${pathToLogin}?redirectUrl=${url}`;
+            this.router.navigateByUrl(urlToRedirect);
+        } else if (this.getOauthConfig().silentLogin && !this.authenticationService.isPublicUrl()) {
+            this.authenticationService.ssoImplicitLogin();
        } else {
            urlToRedirect = pathToLogin;
+            this.router.navigateByUrl(urlToRedirect);
        }

-        this.dialog.closeAll();
-        this.router.navigateByUrl(urlToRedirect);
+    }
+
+    protected getOauthConfig(): OauthConfigModel {
+        return (
+            this.appConfigService &&
+            this.appConfigService.get<OauthConfigModel>(
+                AppConfigValues.OAUTHCONFIG,
+                null
+            )
+        );
    }

    protected getLoginRoute(): string {
--- a/lib/core/services/auth-guard-bpm.service.spec.ts
+++ b/lib/core/services/auth-guard-bpm.service.spec.ts
@@ -51,6 +51,28 @@ describe('AuthGuardService BPM', () => {
        appConfigService.config.oauth2 = {};
    });

+    it('should redirect url if the alfresco js api is NOT logged in and isOAuth with silentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isBpmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        spyOn(authService, 'isPublicUrl').and.returnValue(false);
+        spyOn(authService, 'ssoImplicitLogin').and.stub();
+
+        appConfigService.config.oauth2 = {
+            silentLogin: true,
+            host: 'http://localhost:6543',
+            redirectUri: '/',
+            clientId: 'activiti',
+            publicUrl: 'settings',
+            scope: 'openid'
+        };
+
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'abc'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(authService.ssoImplicitLogin).toHaveBeenCalledTimes(1);
+    }));
+
    it('if the alfresco js api is logged in should canActivate be true', async(() => {
        spyOn(authService, 'isBpmLoggedIn').and.returnValue(true);
        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
--- a/lib/core/services/auth-guard-ecm.service.spec.ts
+++ b/lib/core/services/auth-guard-ecm.service.spec.ts
@@ -98,7 +98,6 @@ describe('AuthGuardService ECM', () => {
    }));

    it('should redirect url if the alfresco js api is NOT logged in and isOAuth with silentLogin', async(() => {
-        spyOn(router, 'navigateByUrl').and.stub();
        spyOn(authService, 'isEcmLoggedIn').and.returnValue(false);
        spyOn(authService, 'isOauth').and.returnValue(true);
        spyOn(authService, 'isPublicUrl').and.returnValue(false);
@@ -115,8 +114,7 @@ describe('AuthGuardService ECM', () => {

        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'abc'};

-        expect(authGuard.canActivate(null, route)).toBeTruthy();
-        expect(router.navigateByUrl).toHaveBeenCalledTimes(1);
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
        expect(authService.ssoImplicitLogin).toHaveBeenCalledTimes(1);
    }));

--- a/lib/core/services/auth-guard-ecm.service.ts
+++ b/lib/core/services/auth-guard-ecm.service.ts
@@ -39,11 +39,12 @@ export class AuthGuardEcm extends AuthGuardBase {
    }

    checkLogin(_: ActivatedRouteSnapshot, redirectUrl: string): boolean {
-        this.redirectToUrl('ECM', redirectUrl);
-        if (!this.authenticationService.isEcmLoggedIn() && this.isSilentLogin() && !this.authenticationService.isPublicUrl()) {
-            this.authenticationService.ssoImplicitLogin();
+        if (this.authenticationService.isEcmLoggedIn() || this.withCredentials) {
            return true;
        }
+
+        this.redirectToUrl('ECM', redirectUrl);
+
        return false;
    }
 }
--- a/lib/core/services/auth-guard.service.spec.ts
+++ b/lib/core/services/auth-guard.service.spec.ts
@@ -97,13 +97,13 @@ describe('AuthGuardService', () => {
    }));

    it('should NOT redirect url if the User is NOT logged in and isOAuth but with silentLogin configured', async(async () => {
-        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'ssoImplicitLogin').and.stub();
        spyOn(authService, 'isLoggedIn').and.returnValue(false);
        spyOn(authService, 'isOauth').and.returnValue(true);
        appConfigService.config.oauth2.silentLogin = true;

        expect(await authGuard.canActivate(null, state)).toBeFalsy();
-        expect(router.navigateByUrl).toHaveBeenCalled();
+        expect(authService.ssoImplicitLogin).toHaveBeenCalledTimes(1);
    }));

    it('should set redirect url', async(async () => {
--- a/package.json
+++ b/package.json
@@ -71,7 +71,7 @@
    "process services-cloud"
  ],
  "dependencies": {
-    "@alfresco/js-api": "4.2.0-126c761a797fba998241ab7c464fb8b55f1cca8b",
+    "@alfresco/js-api": "4.3.0-fc33b5aba2cdfe131d2f061049691b5e5b6fe59b",
    "@angular/animations": "^10.0.4",
    "@angular/cdk": "10.1.3",
    "@angular/common": "^10.0.4",
@@ -105,8 +105,8 @@
    "zone.js": "~0.10.2"
  },
  "devDependencies": {
-    "@alfresco/adf-cli": "4.1.0",
-    "@alfresco/adf-testing": "4.1.0",
+    "@alfresco/adf-cli": "4.2.0",
+    "@alfresco/adf-testing": "4.2.0",
    "@angular-devkit/build-angular": "^0.1001.7",
    "@angular-devkit/build-ng-packagr": "~0.1002.0",
    "@angular/cli": "^10.2.0",