diff --git a/demo-shell/src/app/app.routes.ts b/demo-shell/src/app/app.routes.ts index 14a23d5577..16ff8dc524 100644 --- a/demo-shell/src/app/app.routes.ts +++ b/demo-shell/src/app/app.routes.ts @@ -413,19 +413,30 @@ export const appRoutes: Routes = [ canActivate: [AuthGuardBpm], loadChildren: 'app/components/process-list-demo/process-list.module#AppProcessListModule' }, - { - path: 'error/:id', - component: DemoErrorComponent - }, { path: 'error/no-authorization', component: ErrorContentComponent - }, - { - path: '**', - redirectTo: 'error/404' } ] + }, + { + path: 'error', + component: AppLayoutComponent, + children: [ + { + path: '', + redirectTo: '/error/404', + pathMatch: 'full' + }, + { + path: ':id', + component: DemoErrorComponent + } + ] + }, + { + path: '**', + redirectTo: 'error/404' } ]; diff --git a/docs/core/services/auth-guard-ecm.service.md b/docs/core/services/auth-guard-ecm.service.md index 98740809c4..a5dcbc133b 100644 --- a/docs/core/services/auth-guard-ecm.service.md +++ b/docs/core/services/auth-guard-ecm.service.md @@ -11,9 +11,9 @@ Adds authentication with Content Services to a route within the app. ## Details -The Auth Guard Bpm service implements an Angular +The Auth Guard Ecm service implements an Angular [route guard](https://angular.io/guide/router#milestone-5-route-guards) -to check the user is logged into Process Services. This is typically used with the +to check the user is logged into Content Services. This is typically used with the `canActivate` guard check in the route definition: ```ts @@ -22,7 +22,7 @@ const appRoutes: Routes = [ { path: 'examplepath', component: ExampleComponent, - canActivate: [ AuthGuardBpm ] // <- Requires authentication for this route. + canActivate: [ AuthGuardEcm ] // <- Requires authentication for this route. }, ... ] diff --git a/lib/core/services/auth-guard-base.ts b/lib/core/services/auth-guard-base.ts index bf307eaf69..dfa2ce9589 100644 --- a/lib/core/services/auth-guard-base.ts +++ b/lib/core/services/auth-guard-base.ts @@ -82,13 +82,13 @@ export abstract class AuthGuardBase implements CanActivate, CanActivateChild { ); } - protected isOAuthWithoutSilentLogin() { + protected isOAuthWithoutSilentLogin(): boolean { const oauth = this.appConfigService.get( AppConfigValues.OAUTHCONFIG, null ); return ( - this.authenticationService.isOauth() && oauth.silentLogin === false + this.authenticationService.isOauth() && !!oauth && !oauth.silentLogin ); } } diff --git a/lib/core/services/auth-guard-bpm.service.spec.ts b/lib/core/services/auth-guard-bpm.service.spec.ts index dc84da5391..6951159b56 100644 --- a/lib/core/services/auth-guard-bpm.service.spec.ts +++ b/lib/core/services/auth-guard-bpm.service.spec.ts @@ -43,6 +43,7 @@ describe('AuthGuardService BPM', () => { appConfigService.config.providers = 'BPM'; appConfigService.config.auth = {}; + appConfigService.config.oauth2 = {}; }); it('if the alfresco js api is logged in should canActivate be true', async(() => { @@ -80,6 +81,39 @@ describe('AuthGuardService BPM', () => { expect(router.navigateByUrl).toHaveBeenCalledWith('/login?redirectUrl=some-url'); })); + it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithoutSilentLogin', async(() => { + spyOn(router, 'navigateByUrl').and.stub(); + spyOn(authService, 'isBpmLoggedIn').and.returnValue(false); + spyOn(authService, 'isOauth').and.returnValue(true); + appConfigService.config.oauth2.silentLogin = false; + const route: RouterStateSnapshot = {url : 'some-url'}; + + expect(authGuard.canActivate(null, route)).toBeFalsy(); + expect(router.navigateByUrl).toHaveBeenCalled(); + })); + + it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithSilentLogin', async(() => { + spyOn(router, 'navigateByUrl').and.stub(); + spyOn(authService, 'isBpmLoggedIn').and.returnValue(false); + spyOn(authService, 'isOauth').and.returnValue(true); + appConfigService.config.oauth2.silentLogin = true; + const route: RouterStateSnapshot = {url : 'some-url'}; + + expect(authGuard.canActivate(null, route)).toBeFalsy(); + expect(router.navigateByUrl).toHaveBeenCalled(); + })); + + it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => { + spyOn(router, 'navigateByUrl').and.stub(); + spyOn(authService, 'isBpmLoggedIn').and.returnValue(false); + spyOn(authService, 'isOauth').and.returnValue(true); + appConfigService.config.oauth2.silentLogin = undefined; + const route: RouterStateSnapshot = {url : 'some-url'}; + + expect(authGuard.canActivate(null, route)).toBeFalsy(); + expect(router.navigateByUrl).toHaveBeenCalled(); + })); + it('should set redirect url', async(() => { spyOn(authService, 'setRedirect').and.callThrough(); spyOn(router, 'navigateByUrl').and.stub(); diff --git a/lib/core/services/auth-guard-bpm.service.ts b/lib/core/services/auth-guard-bpm.service.ts index 51c9eb3549..eba0ab4a26 100644 --- a/lib/core/services/auth-guard-bpm.service.ts +++ b/lib/core/services/auth-guard-bpm.service.ts @@ -37,11 +37,7 @@ export class AuthGuardBpm extends AuthGuardBase { if (this.authenticationService.isBpmLoggedIn() || this.withCredentials) { return true; } - - if (!this.authenticationService.isOauth() || this.isOAuthWithoutSilentLogin()) { - this.redirectToUrl('BPM', redirectUrl); - } - + this.redirectToUrl('BPM', redirectUrl); return false; } } diff --git a/lib/core/services/auth-guard-ecm.service.spec.ts b/lib/core/services/auth-guard-ecm.service.spec.ts index 9a0534eec2..010255fcb1 100644 --- a/lib/core/services/auth-guard-ecm.service.spec.ts +++ b/lib/core/services/auth-guard-ecm.service.spec.ts @@ -43,6 +43,7 @@ describe('AuthGuardService ECM', () => { appConfigService.config.providers = 'ECM'; appConfigService.config.auth = {}; + appConfigService.config.oauth2 = {}; }); it('if the alfresco js api is logged in should canActivate be true', async(() => { @@ -80,6 +81,39 @@ describe('AuthGuardService ECM', () => { expect(router.navigateByUrl).toHaveBeenCalledWith('/login?redirectUrl=some-url'); })); + it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithoutSilentLogin', async(() => { + spyOn(router, 'navigateByUrl').and.stub(); + spyOn(authService, 'isEcmLoggedIn').and.returnValue(false); + spyOn(authService, 'isOauth').and.returnValue(true); + appConfigService.config.oauth2.silentLogin = false; + const route: RouterStateSnapshot = {url : 'some-url'}; + + expect(authGuard.canActivate(null, route)).toBeFalsy(); + expect(router.navigateByUrl).toHaveBeenCalled(); + })); + + it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithSilentLogin', async(() => { + spyOn(router, 'navigateByUrl').and.stub(); + spyOn(authService, 'isEcmLoggedIn').and.returnValue(false); + spyOn(authService, 'isOauth').and.returnValue(true); + appConfigService.config.oauth2.silentLogin = true; + const route: RouterStateSnapshot = {url : 'some-url'}; + + expect(authGuard.canActivate(null, route)).toBeFalsy(); + expect(router.navigateByUrl).toHaveBeenCalled(); + })); + + it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => { + spyOn(router, 'navigateByUrl').and.stub(); + spyOn(authService, 'isEcmLoggedIn').and.returnValue(false); + spyOn(authService, 'isOauth').and.returnValue(true); + appConfigService.config.oauth2.silentLogin = undefined; + const route: RouterStateSnapshot = {url : 'some-url'}; + + expect(authGuard.canActivate(null, route)).toBeFalsy(); + expect(router.navigateByUrl).toHaveBeenCalled(); + })); + it('should set redirect navigation commands', async(() => { spyOn(authService, 'setRedirect').and.callThrough(); spyOn(router, 'navigateByUrl').and.stub(); diff --git a/lib/core/services/auth-guard-ecm.service.ts b/lib/core/services/auth-guard-ecm.service.ts index b696ffddde..57292538fa 100644 --- a/lib/core/services/auth-guard-ecm.service.ts +++ b/lib/core/services/auth-guard-ecm.service.ts @@ -39,11 +39,7 @@ export class AuthGuardEcm extends AuthGuardBase { if (this.authenticationService.isEcmLoggedIn() || this.withCredentials) { return true; } - - if (!this.authenticationService.isOauth() || this.isOAuthWithoutSilentLogin()) { - this.redirectToUrl('ECM', redirectUrl); - } - + this.redirectToUrl('ECM', redirectUrl); return false; } } diff --git a/lib/core/services/auth-guard.service.spec.ts b/lib/core/services/auth-guard.service.spec.ts index 0982890a4f..414df6be8b 100644 --- a/lib/core/services/auth-guard.service.spec.ts +++ b/lib/core/services/auth-guard.service.spec.ts @@ -43,6 +43,7 @@ describe('AuthGuardService', () => { appConfigService = TestBed.get(AppConfigService); appConfigService.config.auth = {}; + appConfigService.config.oauth2 = {}; }); it('if the alfresco js api is logged in should canActivate be true', async(() => { @@ -71,6 +72,36 @@ describe('AuthGuardService', () => { expect(authGuard.canActivate(null, route)).toBeTruthy(); })); + it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithoutSilentLogin', async(() => { + spyOn(router, 'navigateByUrl').and.stub(); + spyOn(authService, 'isLoggedIn').and.returnValue(false); + spyOn(authService, 'isOauth').and.returnValue(true); + appConfigService.config.oauth2.silentLogin = false; + + expect(authGuard.canActivate(null, state)).toBeFalsy(); + expect(router.navigateByUrl).toHaveBeenCalled(); + })); + + it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithSilentLogin', async(() => { + spyOn(router, 'navigateByUrl').and.stub(); + spyOn(authService, 'isLoggedIn').and.returnValue(false); + spyOn(authService, 'isOauth').and.returnValue(true); + appConfigService.config.oauth2.silentLogin = true; + + expect(authGuard.canActivate(null, state)).toBeFalsy(); + expect(router.navigateByUrl).toHaveBeenCalled(); + })); + + it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => { + spyOn(router, 'navigateByUrl').and.stub(); + spyOn(authService, 'isLoggedIn').and.returnValue(false); + spyOn(authService, 'isOauth').and.returnValue(true); + appConfigService.config.oauth2.silentLogin = undefined; + + expect(authGuard.canActivate(null, state)).toBeFalsy(); + expect(router.navigateByUrl).toHaveBeenCalled(); + })); + it('should set redirect url', async(() => { state.url = 'some-url'; appConfigService.config.loginRoute = 'login'; diff --git a/lib/core/services/auth-guard.service.ts b/lib/core/services/auth-guard.service.ts index c62fbf6e79..5d9aa4d31e 100644 --- a/lib/core/services/auth-guard.service.ts +++ b/lib/core/services/auth-guard.service.ts @@ -70,10 +70,7 @@ export class AuthGuard extends AuthGuardBase { if (this.authenticationService.isLoggedIn() || this.withCredentials) { return true; } - if (!this.authenticationService.isOauth() || this.isOAuthWithoutSilentLogin()) { - this.redirectToUrl('ALL', redirectUrl); - } - + this.redirectToUrl('ALL', redirectUrl); return false; } }