inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-05-12 17:04:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

[MNT-22836] - support PKCE code flow in SSO (#8884)

Browse Source 
* [MNT-22836] - support PKCE code flow in SSO
This commit is contained in:
DominikIwanek 2023-11-17 15:17:26 +01:00 committed by GitHub
parent eb8aaecef6
commit d14c116747
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 24 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
demo-shell/src/app.config.json
View File

@ -20,7 +20,8 @@
"clientId": "alfresco",
"scope": "openid profile email",
"secret": "",
"implicitFlow": true,
"implicitFlow": false,
"codeFlow": true,
"silentLogin": true,
"redirectSilentIframeUri": "{protocol}//{hostname}{:port}/assets/silent-refresh.html",
"redirectUri": "/",

5
docker/docker-entrypoint.d/30-sed-on-appconfig.sh
View File

@ -33,6 +33,11 @@ if [ -n "${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}" ]; then
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
fi
if [ -n "${APP_CONFIG_OAUTH2_CODE_FLOW}" ]; then
sed -e "s/\"codeFlow\": [^,]*/\"codeFlow\": ${APP_CONFIG_OAUTH2_CODE_FLOW}/g" \
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
fi
if [ -n "${APP_CONFIG_OAUTH2_SILENT_LOGIN}" ]; then
sed -e "s/\"silentLogin\": [^,]*/\"silentLogin\": ${APP_CONFIG_OAUTH2_SILENT_LOGIN}/g" \
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"

1
docker/run.sh
View File

@ -14,6 +14,7 @@ docker run --rm -it \
--env APP_CONFIG_OAUTH2_HOST=$APP_CONFIG_OAUTH2_HOST \
--env APP_CONFIG_OAUTH2_CLIENTID=$APP_CONFIG_OAUTH2_CLIENTID \
--env APP_CONFIG_OAUTH2_IMPLICIT_FLOW=$APP_CONFIG_OAUTH2_IMPLICIT_FLOW \
--env APP_CONFIG_OAUTH2_IMPLICIT_FLOW=$APP_CONFIG_OAUTH2_CODE_FLOW \
--env APP_CONFIG_OAUTH2_SILENT_LOGIN=$APP_CONFIG_OAUTH2_SILENT_LOGIN \
--env APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI=$APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI \
--env APP_CONFIG_BPM_HOST=$APP_CONFIG_BPM_HOST \

2
lib/core/src/lib/auth/oidc/auth-config.service.spec.ts
View File

@ -149,7 +149,7 @@ describe('AuthConfigService', () => {
const expectedConfig = {
oidc: true,
issuer: 'http://localhost:3000/auth/realms/alfresco',
redirectUri: 'http://localhost:3000/#/view/authentication-confirmation',
redirectUri: 'http://localhost:3000/#/view/authentication-confirmation/?',
silentRefreshRedirectUri: 'http://localhost:3000/assets/silent-refresh.html',
postLogoutRedirectUri: 'http://localhost:3000/#/logout',
clientId: 'fakeClientId',

4
lib/core/src/lib/auth/oidc/auth-config.service.ts
View File

@ -19,7 +19,7 @@ import { Inject, Injectable } from '@angular/core';
import { AuthConfig } from 'angular-oauth2-oidc';
import { take } from 'rxjs/operators';
import { AppConfigService } from '../../app-config/app-config.service';
import { AuthModuleConfig, AUTH_MODULE_CONFIG } from './auth-config';
import { AUTH_MODULE_CONFIG, AuthModuleConfig } from './auth-config';
/**
* Create auth configuration factory
@ -84,7 +84,7 @@ export class AuthConfigService {
// handle issue from the OIDC library with hashStrategy and implicitFlow, with would append &state to the url with would lead to error
// `cannot match any routes`, and displaying the wildcard ** error page
return oauth2.implicitFlow && useHash ? `${redirectUri}/?` : redirectUri;
return (oauth2.codeFlow || oauth2.implicitFlow) && useHash ? `${redirectUri}/?` : redirectUri;
}
private getLocationOrigin() {

16
lib/core/src/lib/login/components/login.component.html
View File

@ -3,7 +3,7 @@
<div class="adf-ie11FixerChild">
<mat-card class="adf-login-card-wide">
<form
<form
id="adf-login-form"
[formGroup]="form"
autocomplete="off"
@ -12,13 +12,13 @@
<mat-card-title>
<div class="adf-alfresco-logo">
<!--HEADER TEMPLATE-->
<ng-template
<ng-template
*ngIf="headerTemplate"
ngFor
[ngForOf]="[data]"
[ngForTemplate]="headerTemplate">
</ng-template>
<img
<img
*ngIf="!headerTemplate"
id="adf-login-img-logo"
class="adf-img-logo"
@ -44,10 +44,10 @@
</div>
</div>
<div *ngIf="!implicitFlow">
<div *ngIf="!ssoLogin">
<!--USERNAME FIELD-->
<div
<div
class="adf-login__field"
[ngClass]="{'adf-is-invalid': isErrorStyle(form.controls.username)}">
<mat-form-field
@ -137,14 +137,14 @@
class="adf-login-button-label">
{{'LOGIN.BUTTON.LOGIN' | translate }}
</span>
<div
<div
*ngIf="actualLoginStep === LoginSteps.Checking"
class="adf-interactive-login-label">
<span class="adf-login-button-label">
{{ 'LOGIN.BUTTON.CHECKING' | translate}}
</span>
<div class="adf-login-spinner-container">
<mat-spinner
<mat-spinner
id="checking-spinner"
class="adf-login-checking-spinner"
[diameter]="25">
@ -169,7 +169,7 @@
</mat-checkbox>
</div>
</div>
<div *ngIf="implicitFlow">
<div *ngIf="ssoLogin">
<button
type="button"
(click)="implicitLogin()"

4
lib/core/src/lib/login/components/login.component.spec.ts
View File

@ -721,7 +721,7 @@ describe('LoginComponent', () => {
fixture.detectChanges();
fixture.whenStable().then(() => {
expect(component.implicitFlow).toBe(false);
expect(component.ssoLogin).toBe(false);
expect(component.redirectToImplicitLogin).toHaveBeenCalled();
});
@ -734,7 +734,7 @@ describe('LoginComponent', () => {
fixture.detectChanges();
fixture.whenStable().then(() => {
expect(component.implicitFlow).toBe(true);
expect(component.ssoLogin).toBe(true);
});
}));

6
lib/core/src/lib/login/components/login.component.ts
View File

@ -111,7 +111,7 @@ export class LoginComponent implements OnInit, OnDestroy {
@Output()
executeSubmit = new EventEmitter<LoginSubmitEvent>();
implicitFlow: boolean = false;
ssoLogin: boolean = false;
form: UntypedFormGroup;
isError: boolean = false;
@ -155,8 +155,8 @@ export class LoginComponent implements OnInit, OnDestroy {
const oauth = this.appConfig.oauth2;
if (oauth?.silentLogin) {
this.redirectToImplicitLogin();
} else if (oauth?.implicitFlow) {
this.implicitFlow = true;
} else if (oauth?.implicitFlow || oauth?.codeFlow) {
this.ssoLogin = true;
}
}