From a01a1b9e9ac93cec4d2f4cf6bf4f22f367eefddb Mon Sep 17 00:00:00 2001 From: Amedeo Lepore Date: Tue, 7 Nov 2023 15:34:18 +0100 Subject: [PATCH] [AAE-17804] Fix login redirection, add redirectUri from the app.config (#9066) * [AAE-17804] Fix login redirection, add redirectUri from the app.config * [AAE-17804] Updated unit tests --- .../lib/auth/oidc/auth-config.service.spec.ts | 78 ++++++++++++++++++- .../src/lib/auth/oidc/auth-config.service.ts | 11 ++- 2 files changed, 81 insertions(+), 8 deletions(-) diff --git a/lib/core/src/lib/auth/oidc/auth-config.service.spec.ts b/lib/core/src/lib/auth/oidc/auth-config.service.spec.ts index e9f53fdc7a..9fca371515 100644 --- a/lib/core/src/lib/auth/oidc/auth-config.service.spec.ts +++ b/lib/core/src/lib/auth/oidc/auth-config.service.spec.ts @@ -30,7 +30,58 @@ describe('AuthConfigService', () => { const mockAuthConfigImplicitFlow: OauthConfigModel = { host: 'http://localhost:3000/auth/realms/alfresco', - clientId: 'alfresco', + clientId: 'fakeClientId', + scope: 'openid profile email', + secret: '', + implicitFlow: true, + silentLogin: true, + redirectSilentIframeUri: 'http://localhost:3000/assets/silent-refresh.html', + redirectUri: '/', + redirectUriLogout: '#/logout', + publicUrls: [ + '**/preview/s/*', + '**/settings', + '**/logout' + ] + }; + + const mockAuthConfigSubfolderRedirectUri: OauthConfigModel = { + host: 'http://localhost:3000/auth/realms/alfresco', + clientId: 'fakeClientId', + scope: 'openid profile email', + secret: '', + implicitFlow: true, + silentLogin: true, + redirectSilentIframeUri: 'http://localhost:3000/assets/silent-refresh.html', + redirectUri: '/subfolder', + redirectUriLogout: '#/logout', + publicUrls: [ + '**/preview/s/*', + '**/settings', + '**/logout' + ] + }; + + const mockAuthConfigSubfolder2RedirectUri: OauthConfigModel = { + host: 'http://localhost:3000/auth/realms/alfresco', + clientId: 'fakeClientId', + scope: 'openid profile email', + secret: '', + implicitFlow: true, + silentLogin: true, + redirectSilentIframeUri: 'http://localhost:3000/assets/silent-refresh.html', + redirectUri: '/subfolder2', + redirectUriLogout: '#/logout', + publicUrls: [ + '**/preview/s/*', + '**/settings', + '**/logout' + ] + }; + + const mockAuthConfigSlashRedirectUri: OauthConfigModel = { + host: 'http://localhost:3000/auth/realms/alfresco', + clientId: 'fakeClientId', scope: 'openid profile email', secret: '', implicitFlow: true, @@ -47,7 +98,7 @@ describe('AuthConfigService', () => { const mockAuthConfigCodeFlow: OauthConfigModel = { host: 'http://localhost:3000/auth/realms/alfresco', - clientId: 'alfresco', + clientId: 'fakeClientId', scope: 'openid profile email', secret: '', implicitFlow: false, @@ -86,7 +137,7 @@ describe('AuthConfigService', () => { redirectUri: 'http://localhost:3000/#/view/authentication-confirmation/?', silentRefreshRedirectUri: 'http://localhost:3000/silent-refresh.html', postLogoutRedirectUri: 'http://localhost:3000/#/logout', - clientId: 'alfresco', + clientId: 'fakeClientId', scope: 'openid profile email', dummyClientSecret: '' }; @@ -102,7 +153,7 @@ describe('AuthConfigService', () => { redirectUri: 'http://localhost:3000/#/view/authentication-confirmation', silentRefreshRedirectUri: 'http://localhost:3000/silent-refresh.html', postLogoutRedirectUri: 'http://localhost:3000/#/logout', - clientId: 'alfresco', + clientId: 'fakeClientId', scope: 'openid profile email', responseType: 'code', dummyClientSecret: '' @@ -112,4 +163,23 @@ describe('AuthConfigService', () => { }); }); + describe('getRedirectUri', () => { + it('should return redirect uri with subfolder path', () => { + const expectedUri = 'http://localhost:3000/subfolder/#/view/authentication-confirmation/?'; + spyOnProperty(appConfigService, 'oauth2').and.returnValue(mockAuthConfigSubfolderRedirectUri); + expect(service.getRedirectUri()).toBe(expectedUri); + }); + + it('should return redirect uri with subfolder2 path', () => { + const expectedUri = 'http://localhost:3000/subfolder2/#/view/authentication-confirmation/?'; + spyOnProperty(appConfigService, 'oauth2').and.returnValue(mockAuthConfigSubfolder2RedirectUri); + expect(service.getRedirectUri()).toBe(expectedUri); + }); + + it('should return redirect uri without modeling and admin if redirectUri from app.config is equal to slash', () => { + const expectedUri = 'http://localhost:3000/#/view/authentication-confirmation/?'; + spyOnProperty(appConfigService, 'oauth2').and.returnValue(mockAuthConfigSlashRedirectUri); + expect(service.getRedirectUri()).toBe(expectedUri); + }); + }); }); diff --git a/lib/core/src/lib/auth/oidc/auth-config.service.ts b/lib/core/src/lib/auth/oidc/auth-config.service.ts index 796f40f378..55e6c5cdbe 100644 --- a/lib/core/src/lib/auth/oidc/auth-config.service.ts +++ b/lib/core/src/lib/auth/oidc/auth-config.service.ts @@ -74,12 +74,15 @@ export class AuthConfigService { const viewUrl = `view/authentication-confirmation`; const useHash = this.authModuleConfig.useHash; - const redirectUri = useHash - ? `${this.getLocationOrigin()}/#/${viewUrl}` - : `${this.getLocationOrigin()}/${viewUrl}`; - const oauth2 = this.appConfigService.oauth2; + const locationOrigin = oauth2.redirectUri && oauth2.redirectUri !== '/' ? this.getLocationOrigin() + '' + oauth2.redirectUri : this.getLocationOrigin(); + + const redirectUri = useHash + ? `${locationOrigin}/#/${viewUrl}` + : `${locationOrigin}/${viewUrl}`; + + // handle issue from the OIDC library with hashStrategy and implicitFlow, with would append &state to the url with would lead to error // `cannot match any routes`, and displaying the wildcard ** error page return oauth2.implicitFlow && useHash ? `${redirectUri}/?` : redirectUri;