inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-05-26 17:24:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ADF-4994] Move realmRole functions inside JwtHelperService. (#5254)

Browse Source 
* Moved Realm and client role function inside jwtHelperService.
* Updated unit tests.
This commit is contained in:
siva kumar 2019-11-15 20:04:22 +05:30 committed by Eugenio Romano
parent 81dcfa4341
commit ac4679fc10
4 changed files with 179 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
lib/core/services/auth-guard-sso-role.service.spec.ts
View File

@ -115,8 +115,8 @@ describe('Auth Guard SSO role service', () => {
it('Should canActivate be false hasRealm is true and hasClientRole is false', () => {
const route: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
spyOn(authGuard, 'hasRealmRoles').and.returnValue(true);
spyOn(authGuard, 'hasRealmRolesForClientRole').and.returnValue(false);
spyOn(jwtHelperService, 'hasRealmRoles').and.returnValue(true);
spyOn(jwtHelperService, 'hasRealmRolesForClientRole').and.returnValue(false);
route.params = { appName: 'fakeapp' };
route.data = { 'clientRoles': ['appName'], 'roles': ['role1', 'role2'] };
@ -126,8 +126,8 @@ describe('Auth Guard SSO role service', () => {
it('Should canActivate be false if hasRealm is false and hasClientRole is true', () => {
const route: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
spyOn(authGuard, 'hasRealmRoles').and.returnValue(false);
spyOn(authGuard, 'hasRealmRolesForClientRole').and.returnValue(true);
spyOn(jwtHelperService, 'hasRealmRoles').and.returnValue(false);
spyOn(jwtHelperService, 'hasRealmRolesForClientRole').and.returnValue(true);
route.params = { appName: 'fakeapp' };
route.data = { 'clientRoles': ['fakeapp'], 'roles': ['role1', 'role2'] };
@ -164,53 +164,4 @@ describe('Auth Guard SSO role service', () => {
expect(authGuard.canActivate(route)).toBeFalsy();
});
describe('ClientRole ', () => {
it('Should be true if the resource_access contains the single role', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'resource_access': { fakeapp: { roles: ['role1'] } }
});
const result = authGuard.hasRealmRolesForClientRole('fakeapp', ['role1']);
expect(result).toBeTruthy();
});
it('Should be true if the resource_access contains at least one of the roles', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'resource_access': { fakeapp: { roles: ['role1'] } }
});
const result = authGuard.hasRealmRolesForClientRole('fakeapp', ['role1', 'role2']);
expect(result).toBeTruthy();
});
it('Should be false if the resource_access does not contain the role', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'resource_access': { fakeapp: { roles: ['role3'] } }
});
const result = authGuard.hasRealmRolesForClientRole('fakeapp', ['role1', 'role2']);
expect(result).toBeFalsy();
});
it('Should be false if the resource_access does not contain the client role related to the app', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'resource_access': { anotherfakeapp: { roles: ['role1'] } }
});
const result = authGuard.hasRealmRolesForClientRole('fakeapp', ['role1', 'role2']);
expect(result).toBeFalsy();
});
});
});

48
lib/core/services/auth-guard-sso-role.service.ts
View File

@ -32,13 +32,13 @@ export class AuthGuardSsoRoleService implements CanActivate {
if (route.data) {
if (route.data['roles']) {
const rolesToCheck = route.data['roles'];
hasRealmRole = this.hasRealmRoles(rolesToCheck);
hasRealmRole = this.jwtHelperService.hasRealmRoles(rolesToCheck);
}
if (route.data['clientRoles']) {
const clientRoleName = route.params[route.data['clientRoles']];
const rolesToCheck = route.data['roles'];
hasClientRole = this.hasRealmRolesForClientRole(clientRoleName, rolesToCheck);
hasClientRole = this.jwtHelperService.hasRealmRolesForClientRole(clientRoleName, rolesToCheck);
}
}
@ -53,48 +53,4 @@ export class AuthGuardSsoRoleService implements CanActivate {
constructor(private jwtHelperService: JwtHelperService, private router: Router) {
}
getRealmRoles(): string[] {
const access = this.jwtHelperService.getValueFromLocalAccessToken<any>('realm_access');
return access ? access['roles'] : [];
}
getClientRoles(client: string): string[] {
const clientRole = this.jwtHelperService.getValueFromLocalAccessToken<any>('resource_access')[client];
return clientRole ? clientRole['roles'] : [];
}
hasRealmRole(role: string): boolean {
let hasRole = false;
if (this.jwtHelperService.getAccessToken()) {
const realmRoles = this.getRealmRoles();
hasRole = realmRoles.some((currentRole) => {
return currentRole === role;
});
}
return hasRole;
}
hasRealmRoles(rolesToCheck: string []): boolean {
return rolesToCheck.some((currentRole) => {
return this.hasRealmRole(currentRole);
});
}
hasRealmRolesForClientRole(clientRole: string, rolesToCheck: string []): boolean {
return rolesToCheck.some((currentRole) => {
return this.hasClientRole(clientRole, currentRole);
});
}
hasClientRole(clientRole, role: string): boolean {
let hasRole = false;
if (this.jwtHelperService.getAccessToken()) {
const clientRoles = this.getClientRoles(clientRole);
hasRole = clientRoles.some((currentRole) => {
return currentRole === role;
});
}
return hasRole;
}
}

97
lib/core/services/jwt-helper.service.spec.ts
View File

@ -44,4 +44,101 @@ describe('JwtHelperService', () => {
expect(result['name']).toBe('John Doe');
expect(result['email']).toBe('johnDoe@gmail.com');
});
describe('RealmRole ', () => {
it('Should be true if the realm_access contains the single role', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'realm_access': { roles: ['role1'] }
});
const result = jwtHelperService.hasRealmRole('role1');
expect(result).toBeTruthy();
});
it('Should be true if the realm_access contains at least one of the roles', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'realm_access': { roles: ['role1'] }
});
const result = jwtHelperService.hasRealmRoles(['role1', 'role2']);
expect(result).toBeTruthy();
});
it('Should be false if the realm_access does not contain the role', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'realm_access': { roles: ['role3'] }
});
const result = jwtHelperService.hasRealmRole('role1');
expect(result).toBeFalsy();
});
it('Should be false if the realm_access does not contain at least one of the roles', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'realm_access': { roles: ['role1'] }
});
const result = jwtHelperService.hasRealmRoles(['role3', 'role2']);
expect(result).toBeFalsy();
});
});
describe('ClientRole ', () => {
it('Should be true if the resource_access contains the single role', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'resource_access': { fakeapp: { roles: ['role1'] } }
});
const result = jwtHelperService.hasRealmRolesForClientRole('fakeapp', ['role1']);
expect(result).toBeTruthy();
});
it('Should be true if the resource_access contains at least one of the roles', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'resource_access': { fakeapp: { roles: ['role1'] } }
});
const result = jwtHelperService.hasRealmRolesForClientRole('fakeapp', ['role1', 'role2']);
expect(result).toBeTruthy();
});
it('Should be false if the resource_access does not contain the role', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'resource_access': { fakeapp: { roles: ['role3'] } }
});
const result = jwtHelperService.hasRealmRolesForClientRole('fakeapp', ['role1', 'role2']);
expect(result).toBeFalsy();
});
it('Should be false if the resource_access does not contain the client role related to the app', () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue(
{
'resource_access': { anotherfakeapp: { roles: ['role1'] } }
});
const result = jwtHelperService.hasRealmRolesForClientRole('fakeapp', ['role1', 'role2']);
expect(result).toBeFalsy();
});
});
});

76
lib/core/services/jwt-helper.service.ts
View File

@ -27,6 +27,8 @@ export class JwtHelperService {
static GIVEN_NAME = 'given_name';
static USER_EMAIL = 'email';
static USER_ACCESS_TOKEN = 'access_token';
static REALM_ACCESS = 'realm_access';
static RESOURCE_ACCESS = 'resource_access';
static USER_PREFERRED_USERNAME = 'preferred_username';
constructor() {
@ -104,4 +106,78 @@ export class JwtHelperService {
}
return <T> value;
}
/**
* Gets realm roles.
* @returns Array of realm roles
*/
getRealmRoles(): string[] {
const access = this.getValueFromLocalAccessToken<any>(JwtHelperService.REALM_ACCESS);
return access ? access['roles'] : [];
}
/**
* Gets Client roles.
* @returns Array of client roles
*/
getClientRoles(clientName: string): string[] {
const clientRole = this.getValueFromLocalAccessToken<any>(JwtHelperService.RESOURCE_ACCESS)[clientName];
return clientRole ? clientRole['roles'] : [];
}
/**
* Checks for single realm role.
* @param role Role name to check
* @returns True if it contains given role, false otherwise
*/
hasRealmRole(role: string): boolean {
let hasRole = false;
if (this.getAccessToken()) {
const realmRoles = this.getRealmRoles();
hasRole = realmRoles.some((currentRole) => {
return currentRole === role;
});
}
return hasRole;
}
/**
* Checks for realm roles.
* @param rolesToCheck List of role names to check
* @returns True if it contains at least one of the given roles, false otherwise
*/
hasRealmRoles(rolesToCheck: string []): boolean {
return rolesToCheck.some((currentRole) => {
return this.hasRealmRole(currentRole);
});
}
/**
* Checks for client roles.
* @param clientName Targeted client name
* @param rolesToCheck List of role names to check
* @returns True if it contains at least one of the given roles, false otherwise
*/
hasRealmRolesForClientRole(clientName: string, rolesToCheck: string []): boolean {
return rolesToCheck.some((currentRole) => {
return this.hasClientRole(clientName, currentRole);
});
}
/**
* Checks for client role.
* @param clientName Targeted client name
* @param role Role name to check
* @returns True if it contains given role, false otherwise
*/
hasClientRole(clientName: string, role: string): boolean {
let hasRole = false;
if (this.getAccessToken()) {
const clientRoles = this.getClientRoles(clientName);
hasRole = clientRoles.some((currentRole) => {
return currentRole === role;
});
}
return hasRole;
}
}