[MNT-24682] Kerberos: do not add authorization header (#10320)

* [MNT-24682] Prevent Authorization header from being added with basic auth when Kerberos is enabled

* [MNT-24682] Add unit test

lib/core/src/lib/auth/basic-auth/basic-alfresco-auth.service.ts

@@ -347,6 +347,10 @@ export class BasicAlfrescoAuthService extends BaseAuthenticationService {
     }
 
     private addBasicAuth(requestUrl: string, header: HttpHeaders): HttpHeaders {
+        if (this.isKerberosEnabled()) {
+            return header;
+        }
+
         const ticket = this.getTicketEcmBase64(requestUrl);
 
         if (!ticket) {
@@ -366,7 +370,7 @@ export class BasicAlfrescoAuthService extends BaseAuthenticationService {
      * @param requestUrl the request url
      * @returns The ticket or `null` if none was found
      */
-    private getTicketEcmBase64(requestUrl: string): string | null {
+    getTicketEcmBase64(requestUrl: string): string | null {
         let ticket = null;
 
         const contextRootBpm = this.appConfig.get<string>(AppConfigValues.CONTEXTROOTBPM) || 'activiti-app';

lib/core/src/lib/auth/services/authentication.service.spec.ts

@@ -21,7 +21,7 @@ import { CookieService } from '../../common/services/cookie.service';
 import { AppConfigService } from '../../app-config/app-config.service';
 import { BasicAlfrescoAuthService } from '../basic-auth/basic-alfresco-auth.service';
 import { AuthModule } from '../oidc/auth.module';
-import { HttpClientModule } from '@angular/common/http';
+import { HttpClientModule, HttpHeaders } from '@angular/common/http';
 import { CookieServiceMock } from '../../mock';
 import { AppConfigServiceMock } from '../../common';
 import { OidcAuthenticationService } from '../oidc/oidc-authentication.service';
@@ -39,6 +39,7 @@ xdescribe('AuthenticationService', () => {
     let appConfigService: AppConfigService;
     let cookie: CookieService;
     let oidcAuthenticationService: OidcAuthenticationService;
+    let headers: HttpHeaders;
 
     beforeEach(() => {
         TestBed.configureTestingModule({
@@ -80,6 +81,7 @@ xdescribe('AuthenticationService', () => {
         beforeEach(() => {
             appConfigService.config.providers = 'ALL';
             appConfigService.config.auth = { withCredentials: true };
+            headers = new HttpHeaders();
         });
 
         it('should emit login event for kerberos', (done) => {
@@ -107,6 +109,15 @@ xdescribe('AuthenticationService', () => {
             spyOn(basicAlfrescoAuthService, 'isKerberosEnabled').and.returnValue(true);
             expect(authService.isKerberosEnabled()).toEqual(true);
         });
+
+        it('should not add Authorization header if kerberos is enabled', () => {
+            const url = 'some-url';
+            spyOn(basicAlfrescoAuthService, 'isKerberosEnabled').and.returnValue(true);
+            spyOn(basicAlfrescoAuthService, 'getTicketEcmBase64').and.returnValue('some-ticket');
+            headers = basicAlfrescoAuthService.getAuthHeaders(url, headers);
+            expect(headers.get('Authorization')).toBeNull();
+            expect(basicAlfrescoAuthService.getTicketEcmBase64).not.toHaveBeenCalled();
+        });
     });
 
     describe('when the setting is ECM', () => {