[ADF-4936] Auth guard redirect fix (#5092)

* [ADF-4936] fix for auth guard with silent Login true * [ADF-4936] check only for isOAuth... * [ADF-4936] fix all auth guards when silent Login true * [ADF-4936] unit tests * [ADF-4936] fix doc info * [ADF-4936] types and null checks * [ADF-4936] fallback option in case silentLogin is missing from settings * [ADF-4936] refactoring * try to fix e2e test [C299158] Login component - SSO Grant type password (implicit flow false) * Fix e2e test [C299158] Login component - SSO Grant type password (implicit flow false) * [ADF-4936] show the error page when route path is unknown * [ADF-4936] remove ssoImplicitLogin and do the redirectToUrl instead -the implicit login concern is already in the JS-API * [ADF-4936] refactor to simplify code - the removed 'if' conditions cover all possible 'else' cases * [ADF-4936] remove unneeded method
2025-05-12 17:04:57 +00:00 · 2019-10-29 17:16:08 +02:00 · 2019-10-29 17:16:08 +02:00 · a150e74366
commit a150e74366
parent 9c2bcdee1a
9 changed files with 126 additions and 27 deletions
--- a/demo-shell/src/app/app.routes.ts
+++ b/demo-shell/src/app/app.routes.ts
@ -413,19 +413,30 @@ export const appRoutes: Routes = [
                canActivate: [AuthGuardBpm],
                loadChildren: 'app/components/process-list-demo/process-list.module#AppProcessListModule'
            },
-            {
-                path: 'error/:id',
-                component: DemoErrorComponent
-            },
            {
                path: 'error/no-authorization',
                component: ErrorContentComponent
-            },
-            {
-                path: '**',
-                redirectTo: 'error/404'
            }
        ]
+    },
+    {
+        path: 'error',
+        component: AppLayoutComponent,
+        children: [
+            {
+                path: '',
+                redirectTo: '/error/404',
+                pathMatch: 'full'
+            },
+            {
+                path: ':id',
+                component: DemoErrorComponent
+            }
+        ]
+    },
+    {
+        path: '**',
+        redirectTo: 'error/404'
    }
 ];

--- a/docs/core/services/auth-guard-ecm.service.md
+++ b/docs/core/services/auth-guard-ecm.service.md
@ -11,9 +11,9 @@ Adds authentication with Content Services to a route within the app.

 ## Details

-The Auth Guard Bpm service implements an Angular
+The Auth Guard Ecm service implements an Angular
 [route guard](https://angular.io/guide/router#milestone-5-route-guards)
-to check the user is logged into Process Services. This is typically used with the
+to check the user is logged into Content Services. This is typically used with the
 `canActivate` guard check in the route definition:

 ```ts
@ -22,7 +22,7 @@ const appRoutes: Routes = [
    {
        path: 'examplepath',
        component: ExampleComponent,
-        canActivate: [ AuthGuardBpm ]      // <- Requires authentication for this route.
+        canActivate: [ AuthGuardEcm ]      // <- Requires authentication for this route.
    },
    ...
 ]
--- a/lib/core/services/auth-guard-base.ts
+++ b/lib/core/services/auth-guard-base.ts
@ -82,13 +82,13 @@ export abstract class AuthGuardBase implements CanActivate, CanActivateChild {
        );
    }

-    protected isOAuthWithoutSilentLogin() {
+    protected isOAuthWithoutSilentLogin(): boolean {
        const oauth = this.appConfigService.get<OauthConfigModel>(
            AppConfigValues.OAUTHCONFIG,
            null
        );
        return (
-            this.authenticationService.isOauth() && oauth.silentLogin === false
+            this.authenticationService.isOauth() && !!oauth && !oauth.silentLogin
        );
    }
 }
--- a/lib/core/services/auth-guard-bpm.service.spec.ts
+++ b/lib/core/services/auth-guard-bpm.service.spec.ts
@ -43,6 +43,7 @@ describe('AuthGuardService BPM', () => {

        appConfigService.config.providers = 'BPM';
        appConfigService.config.auth = {};
+        appConfigService.config.oauth2 = {};
    });

    it('if the alfresco js api is logged in should canActivate be true', async(() => {
@ -80,6 +81,39 @@ describe('AuthGuardService BPM', () => {
        expect(router.navigateByUrl).toHaveBeenCalledWith('/login?redirectUrl=some-url');
    }));

+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithoutSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isBpmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = false;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isBpmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = true;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isBpmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = undefined;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
    it('should set redirect url', async(() => {
        spyOn(authService, 'setRedirect').and.callThrough();
        spyOn(router, 'navigateByUrl').and.stub();
--- a/lib/core/services/auth-guard-bpm.service.ts
+++ b/lib/core/services/auth-guard-bpm.service.ts
@ -37,11 +37,7 @@ export class AuthGuardBpm extends AuthGuardBase {
        if (this.authenticationService.isBpmLoggedIn() || this.withCredentials) {
            return true;
        }
-
-        if (!this.authenticationService.isOauth() || this.isOAuthWithoutSilentLogin()) {
-            this.redirectToUrl('BPM', redirectUrl);
-        }
-
+        this.redirectToUrl('BPM', redirectUrl);
        return false;
    }
 }
--- a/lib/core/services/auth-guard-ecm.service.spec.ts
+++ b/lib/core/services/auth-guard-ecm.service.spec.ts
@ -43,6 +43,7 @@ describe('AuthGuardService ECM', () => {

        appConfigService.config.providers = 'ECM';
        appConfigService.config.auth = {};
+        appConfigService.config.oauth2 = {};
    });

    it('if the alfresco js api is logged in should canActivate be true', async(() => {
@ -80,6 +81,39 @@ describe('AuthGuardService ECM', () => {
        expect(router.navigateByUrl).toHaveBeenCalledWith('/login?redirectUrl=some-url');
    }));

+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithoutSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isEcmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = false;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isEcmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = true;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isEcmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = undefined;
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'some-url'};
+
+        expect(authGuard.canActivate(null, route)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
    it('should set redirect navigation commands', async(() => {
        spyOn(authService, 'setRedirect').and.callThrough();
        spyOn(router, 'navigateByUrl').and.stub();
--- a/lib/core/services/auth-guard-ecm.service.ts
+++ b/lib/core/services/auth-guard-ecm.service.ts
@ -39,11 +39,7 @@ export class AuthGuardEcm extends AuthGuardBase {
        if (this.authenticationService.isEcmLoggedIn() || this.withCredentials) {
            return true;
        }
-
-        if (!this.authenticationService.isOauth() || this.isOAuthWithoutSilentLogin()) {
-            this.redirectToUrl('ECM', redirectUrl);
-        }
-
+        this.redirectToUrl('ECM', redirectUrl);
        return false;
    }
 }
--- a/lib/core/services/auth-guard.service.spec.ts
+++ b/lib/core/services/auth-guard.service.spec.ts
@ -43,6 +43,7 @@ describe('AuthGuardService', () => {
        appConfigService = TestBed.get(AppConfigService);

        appConfigService.config.auth = {};
+        appConfigService.config.oauth2 = {};
    });

    it('if the alfresco js api is logged in should canActivate be true', async(() => {
@ -71,6 +72,36 @@ describe('AuthGuardService', () => {
        expect(authGuard.canActivate(null, route)).toBeTruthy();
    }));

+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithoutSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = false;
+
+        expect(authGuard.canActivate(null, state)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if the alfresco js api is NOT logged in and isOAuthWithSilentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = true;
+
+        expect(authGuard.canActivate(null, state)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
+    it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        appConfigService.config.oauth2.silentLogin = undefined;
+
+        expect(authGuard.canActivate(null, state)).toBeFalsy();
+        expect(router.navigateByUrl).toHaveBeenCalled();
+    }));
+
    it('should set redirect url', async(() => {
        state.url = 'some-url';
        appConfigService.config.loginRoute = 'login';
--- a/lib/core/services/auth-guard.service.ts
+++ b/lib/core/services/auth-guard.service.ts
@ -70,10 +70,7 @@ export class AuthGuard extends AuthGuardBase {
        if (this.authenticationService.isLoggedIn() || this.withCredentials) {
            return true;
        }
-        if (!this.authenticationService.isOauth() || this.isOAuthWithoutSilentLogin()) {
-            this.redirectToUrl('ALL', redirectUrl);
-        }
-
+        this.redirectToUrl('ALL', redirectUrl);
        return false;
    }
 }