inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-10-08 14:51:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AAE-8639] Discovery OpenId - Load discovery and pass info to jsapi (#7632)

Browse Source 
* Load discovery and pass info to jsapi

* fix the roles empty scenario tests

* Make lint happier

* Rename the initApi method

* Add secret field

Co-authored-by: arditdomi <ardit.domi@hyland.com>
This commit is contained in:
Maurizio Vitale
2022-05-13 19:03:06 +01:00
committed by GitHub
parent 6fb1bda6a9
commit cec9297e14
10 changed files with 145 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/core/services/alfresco-api.interface.ts Normal file
View File

@@ -0,0 +1,20 @@
/*!
* @license
* Copyright 2019 Alfresco Software, Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
export interface AlfrescoApiInterface {
load(): Promise<void> ;
}

64
lib/core/services/alfresco-api.service.ts
View File

@@ -21,6 +21,7 @@ import { AppConfigService, AppConfigValues } from '../app-config/app-config.serv
import { Subject, ReplaySubject } from 'rxjs';
import { OauthConfigModel } from '../models/oauth-config.model';
import { StorageService } from './storage.service';
import { OpenidConfiguration } from './openid-configuration.interface';
@Injectable({
providedIn: 'root'
@@ -36,6 +37,9 @@ export class AlfrescoApiService {
protected alfrescoApi: AlfrescoApi;
lastConfig: AlfrescoApiConfig;
currentAppConfig: AlfrescoApiConfig;
idpConfig: OpenidConfiguration;
private excludedErrorUrl: string[] = ['api/enterprise/system/properties'];
@@ -49,25 +53,52 @@ export class AlfrescoApiService {
}
async load() {
await this.appConfig.load().then(() => {
try {
await this.appConfig.load();
this.storageService.prefix = this.appConfig.get<string>(AppConfigValues.STORAGE_PREFIX, '');
this.initAlfrescoApi();
this.alfrescoApiInitialized.next(true);
});
this.getCurrentAppConfig();
if (this.currentAppConfig.authType === 'OAUTH') {
this.idpConfig = await this.appConfig.loadWellKnown(this.currentAppConfig.oauth2.host);
this.mapAlfrescoApiOpenIdConfig();
}
} catch {
throw new Error('Something wrong happened when calling the app.config.json');
}
this.initAlfrescoApiWithConfig();
this.alfrescoApiInitialized.next(true);
}
reset() {
this.initAlfrescoApi();
async reset() {
this.getCurrentAppConfig();
if (this.currentAppConfig.authType === 'OAUTH') {
this.idpConfig = await this.appConfig.loadWellKnown(this.currentAppConfig.oauth2.host);
this.mapAlfrescoApiOpenIdConfig();
}
this.initAlfrescoApiWithConfig();
}
protected initAlfrescoApi() {
private getAuthWithFixedOriginLocation(): OauthConfigModel {
const oauth: OauthConfigModel = Object.assign({}, this.appConfig.get<OauthConfigModel>(AppConfigValues.OAUTHCONFIG, null));
if (oauth) {
oauth.redirectUri = window.location.origin + window.location.pathname;
oauth.redirectUriLogout = window.location.origin + window.location.pathname;
}
return oauth;
}
const config = new AlfrescoApiConfig({
private mapAlfrescoApiOpenIdConfig() {
this.currentAppConfig.oauth2.tokenUrl = this.idpConfig.token_endpoint;
this.currentAppConfig.oauth2.authorizationUrl = this.idpConfig.authorization_endpoint;
this.currentAppConfig.oauth2.logoutUrl = this.idpConfig.end_session_endpoint;
this.currentAppConfig.oauth2.userinfoEndpoint = this.idpConfig.userinfo_endpoint;
}
private getCurrentAppConfig() {
const oauth = this.getAuthWithFixedOriginLocation();
this.currentAppConfig = new AlfrescoApiConfig({
provider: this.appConfig.get<string>(AppConfigValues.PROVIDERS),
hostEcm: this.appConfig.get<string>(AppConfigValues.ECMHOST),
hostBpm: this.appConfig.get<string>(AppConfigValues.BPMHOST),
@@ -79,15 +110,20 @@ export class AlfrescoApiService {
domainPrefix : this.appConfig.get<string>(AppConfigValues.STORAGE_PREFIX),
oauth2: oauth
});
}
if (this.alfrescoApi && this.isDifferentConfig(this.lastConfig, config)) {
this.lastConfig = config;
this.alfrescoApi.setConfig(config);
protected initAlfrescoApi() {
this.getCurrentAppConfig();
this.initAlfrescoApiWithConfig();
}
private initAlfrescoApiWithConfig() {
if (this.alfrescoApi && this.isDifferentConfig(this.lastConfig, this.currentAppConfig)) {
this.alfrescoApi.setConfig(this.currentAppConfig);
} else {
this.lastConfig = config;
this.alfrescoApi = new AlfrescoApi(config);
this.alfrescoApi = new AlfrescoApi(this.currentAppConfig);
}
this.lastConfig = this.currentAppConfig;
}
isDifferentConfig(lastConfig: AlfrescoApiConfig, newConfig: AlfrescoApiConfig) {

7
lib/core/services/auth-guard-sso-role.service.spec.ts
View File

@@ -59,6 +59,13 @@ describe('Auth Guard SSO role service', () => {
expect(await authGuard.canActivate(router)).toBeTruthy();
});
it('Should canActivate be true if case of empty roles to check', async () => {
const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
router.data = { roles: [] };
expect(await authGuard.canActivate(router)).toBeTruthy();
});
it('Should canActivate be false if the Role is not present int the JWT token', async () => {
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
spyOn(jwtHelperService, 'decodeToken').and.returnValue({ realm_access: { roles: ['role3'] } });

10
lib/core/services/auth-guard-sso-role.service.ts
View File

@@ -38,9 +38,13 @@ export class AuthGuardSsoRoleService implements CanActivate {
if (route.data) {
if (route.data['roles']) {
const rolesToCheck: string[] = route.data['roles'];
const excludedRoles = route.data['excludedRoles'] || [];
const isContentAdmin = rolesToCheck.includes(ContentGroups.ALFRESCO_ADMINISTRATORS) || excludedRoles.includes(ContentGroups.ALFRESCO_ADMINISTRATORS) ? await this.peopleContentService.isContentAdmin() : false;
hasRealmRole = excludedRoles.length ? this.checkAccessWithExcludedRoles(rolesToCheck, excludedRoles, isContentAdmin) : this.hasRoles(rolesToCheck, isContentAdmin);
if (rolesToCheck.length === 0) {
hasRealmRole = true;
} else {
const excludedRoles = route.data['excludedRoles'] || [];
const isContentAdmin = rolesToCheck.includes(ContentGroups.ALFRESCO_ADMINISTRATORS) || excludedRoles.includes(ContentGroups.ALFRESCO_ADMINISTRATORS) ? await this.peopleContentService.isContentAdmin() : false;
hasRealmRole = excludedRoles.length ? this.checkAccessWithExcludedRoles(rolesToCheck, excludedRoles, isContentAdmin) : this.hasRoles(rolesToCheck, isContentAdmin);
}
}
if (route.data['clientRoles']) {

26
lib/core/services/openid-configuration.interface.ts Normal file
View File

@@ -0,0 +1,26 @@
/*!
* @license
* Copyright 2019 Alfresco Software, Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
export interface OpenidConfiguration {
authorization_endpoint: string;
token_endpoint: string;
userinfo_endpoint: string;
end_session_endpoint: string;
check_session_iframe: string;
revocation_endpoint: string;
introspection_endpoint: string;
}