[ADF-4936] Auth guard redirect fix (#5092)

* [ADF-4936] fix for auth guard with silent Login true

* [ADF-4936] check only for isOAuth...

* [ADF-4936] fix all auth guards when silent Login true

* [ADF-4936] unit tests

* [ADF-4936] fix doc info

* [ADF-4936] types and null checks

* [ADF-4936] fallback option in case silentLogin is missing from settings

* [ADF-4936] refactoring

* try to fix e2e test [C299158] Login component - SSO Grant type password (implicit flow false)

* Fix e2e test [C299158] Login component - SSO Grant type password (implicit flow false)

* [ADF-4936] show the error page when route path is unknown

* [ADF-4936] remove ssoImplicitLogin and do the redirectToUrl instead

-the implicit login concern is already in the JS-API

* [ADF-4936] refactor to simplify code

- the removed 'if' conditions cover all possible 'else' cases

* [ADF-4936] remove unneeded method

demo-shell/src/app/app.routes.ts

@@ -413,20 +413,31 @@ export const appRoutes: Routes = [
                 canActivate: [AuthGuardBpm],
                 loadChildren: 'app/components/process-list-demo/process-list.module#AppProcessListModule'
             },
-            {
-                path: 'error/:id',
-                component: DemoErrorComponent
-            },
             {
                 path: 'error/no-authorization',
                 component: ErrorContentComponent
+            }
+        ]
+    },
+    {
+        path: 'error',
+        component: AppLayoutComponent,
+        children: [
+            {
+                path: '',
+                redirectTo: '/error/404',
+                pathMatch: 'full'
+            },
+            {
+                path: ':id',
+                component: DemoErrorComponent
+            }
+        ]
     },
     {
         path: '**',
         redirectTo: 'error/404'
     }
-        ]
-    }
 ];
 
 export const routing: ModuleWithProviders = RouterModule.forRoot(appRoutes, { initialNavigation: true });

docs/core/services/auth-guard-ecm.service.md

@@ -11,9 +11,9 @@ Adds authentication with Content Services to a route within the app.
 
 ## Details
 
-The Auth Guard Bpm service implements an Angular
+The Auth Guard Ecm service implements an Angular
 [route guard](https://angular.io/guide/router#milestone-5-route-guards)
-to check the user is logged into Process Services. This is typically used with the
+to check the user is logged into Content Services. This is typically used with the
 `canActivate` guard check in the route definition:
 
 ```ts
@@ -22,7 +22,7 @@ const appRoutes: Routes = [
     {
         path: 'examplepath',
         component: ExampleComponent,
-        canActivate: [ AuthGuardBpm ]      // <- Requires authentication for this route.
+        canActivate: [ AuthGuardEcm ]      // <- Requires authentication for this route.
     },
     ...
 ]

lib/core/services/auth-guard-base.ts

@@ -82,13 +82,13 @@ export abstract class AuthGuardBase implements CanActivate, CanActivateChild {
         );
     }
 
-    protected isOAuthWithoutSilentLogin() {
+    protected isOAuthWithoutSilentLogin(): boolean {
         const oauth = this.appConfigService.get<OauthConfigModel>(
             AppConfigValues.OAUTHCONFIG,
             null
         );
         return (
-            this.authenticationService.isOauth() && oauth.silentLogin === false
+            this.authenticationService.isOauth() && !!oauth && !oauth.silentLogin
         );
     }
 }

lib/core/services/auth-guard-bpm.service.spec.ts

@@ -43,6 +43,7 @@ describe('AuthGuardService BPM', () => {
 
         appConfigService.config.providers = 'BPM';
         appConfigService.config.auth = {};
+        appConfigService.config.oauth2 = {};
     });
 
     it('if the alfresco js api is logged in should canActivate be true', async(() => {
@@ -80,6 +81,39 @@ describe('AuthGuardService BPM', () => {
         expect(router.navigateByUrl).toHaveBeenCalledWith('/login?redirectUrl=some-url');
     }));
 
+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithoutSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isBpmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = false;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isBpmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = true;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isBpmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = undefined;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
     it('should set redirect url', async(() => {
         spyOn(authService, 'setRedirect').and.callThrough();
         spyOn(router, 'navigateByUrl').and.stub();

lib/core/services/auth-guard-bpm.service.ts

@@ -37,11 +37,7 @@ export class AuthGuardBpm extends AuthGuardBase {
         if (this.authenticationService.isBpmLoggedIn() || this.withCredentials) {
             return true;
         }
-
-        if (!this.authenticationService.isOauth() || this.isOAuthWithoutSilentLogin()) {
         this.redirectToUrl('BPM', redirectUrl);
-        }
-
         return false;
     }
 }

lib/core/services/auth-guard-ecm.service.spec.ts

@@ -43,6 +43,7 @@ describe('AuthGuardService ECM', () => {
 
         appConfigService.config.providers = 'ECM';
         appConfigService.config.auth = {};
+        appConfigService.config.oauth2 = {};
     });
 
     it('if the alfresco js api is logged in should canActivate be true', async(() => {
@@ -80,6 +81,39 @@ describe('AuthGuardService ECM', () => {
         expect(router.navigateByUrl).toHaveBeenCalledWith('/login?redirectUrl=some-url');
     }));
 
+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithoutSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isEcmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = false;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isEcmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = true;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isEcmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = undefined;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
     it('should set redirect navigation commands', async(() => {
         spyOn(authService, 'setRedirect').and.callThrough();
         spyOn(router, 'navigateByUrl').and.stub();

lib/core/services/auth-guard-ecm.service.ts

@@ -39,11 +39,7 @@ export class AuthGuardEcm extends AuthGuardBase {
         if (this.authenticationService.isEcmLoggedIn() || this.withCredentials) {
             return true;
         }
-
-        if (!this.authenticationService.isOauth() || this.isOAuthWithoutSilentLogin()) {
         this.redirectToUrl('ECM', redirectUrl);
-        }
-
         return false;
     }
 }

lib/core/services/auth-guard.service.spec.ts

@@ -43,6 +43,7 @@ describe('AuthGuardService', () => {
         appConfigService = TestBed.get(AppConfigService);
 
         appConfigService.config.auth = {};
+        appConfigService.config.oauth2 = {};
     });
 
     it('if the alfresco js api is logged in should canActivate be true', async(() => {
@@ -71,6 +72,36 @@ describe('AuthGuardService', () => {
         expect(authGuard.canActivate(null, route)).toBeTruthy();
     }));
 
+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithoutSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = false;
+
+        expect(authGuard.canActivate(null, state)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = true;
+
+        expect(authGuard.canActivate(null, state)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = undefined;
+
+        expect(authGuard.canActivate(null, state)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
     it('should set redirect url', async(() => {
         state.url = 'some-url';
         appConfigService.config.loginRoute = 'login';

lib/core/services/auth-guard.service.ts

@@ -70,10 +70,7 @@ export class AuthGuard extends AuthGuardBase {
         if (this.authenticationService.isLoggedIn() || this.withCredentials) {
             return true;
         }
-        if (!this.authenticationService.isOauth() || this.isOAuthWithoutSilentLogin()) {
         this.redirectToUrl('ALL', redirectUrl);
-        }
-
         return false;
     }
 }