inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-06-30 18:15:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACS-6328] fix oauth config loading (#9098)

Browse Source 
* fix oauth config loading

* remove coma

* fix json schema path

* use auth config constructor

* update json schema

* update json schema

* fix tests
This commit is contained in:
Denys Vuika 2023-11-17 14:02:19 +00:00 committed by GitHub
parent 001d6ee83d
commit eb8aaecef6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 54 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
demo-shell/src/app.config.json
View File

@ -1,5 +1,5 @@
{ {
"$schema": "../../lib/core/src/lib/app-config/schema.json", "$schema": "../../lib/core/src/lib/app-config/app.config.schema.json",
"ecmHost": "{protocol}//{hostname}{:port}", "ecmHost": "{protocol}//{hostname}{:port}",
"bpmHost": "{protocol}//{hostname}{:port}", "bpmHost": "{protocol}//{hostname}{:port}",
"identityHost": "{protocol}//{hostname}{:port}/auth/admin/realms/alfresco", "identityHost": "{protocol}//{hostname}{:port}/auth/admin/realms/alfresco",

50
lib/core/src/lib/app-config/app.config.schema.json
View File

@ -1513,7 +1513,16 @@
], ],
"properties": { "properties": {
"host": { "host": {
"type": "string" "type": "string",
"description": "Host URL address"
},
"oidc": {
"type": "boolean",
"description": "Defines whether to use OpenId Connect during implicit flow."
},
"issuer": {
"type": "string",
"description": "The issuer's uri."
}, },
"silentLogin": { "silentLogin": {
"type": ["boolean", "string"] "type": ["boolean", "string"]
@ -1522,13 +1531,19 @@
"type": "string" "type": "string"
}, },
"clientId": { "clientId": {
"type": "string" "type": "string",
"description": "The client's id as registered with the auth server"
}, },
"secret": { "secret": {
"type": "string" "type": "string"
}, },
"redirectUri": { "redirectUri": {
"type": "string" "type": "string",
"description": "The client's redirectUri as registered with the auth server"
},
"postLogoutRedirectUri": {
"type": "string",
"description": "An optional second redirectUri where the auth server redirects the user to after logging out."
}, },
"redirectUriLogout": { "redirectUriLogout": {
"type": "string" "type": "string"
@ -1536,6 +1551,14 @@
"refreshTokenTimeout": { "refreshTokenTimeout": {
"type": "number" "type": "number"
}, },
"silentRefreshRedirectUri": {
"type": "string",
"description": "The redirect uri used when doing silent refresh."
},
"silentRefreshTimeout": {
"type": "number",
"description": "Timeout for silent refresh."
},
"publicUrls": { "publicUrls": {
"type": "array", "type": "array",
"items": { "items": {
@ -1543,7 +1566,26 @@
} }
}, },
"scope": { "scope": {
"type": "string" "type": "string",
"description": "The requested scopes"
},
"dummyClientSecret": {
"type": "string",
"description": "Some auth servers don't allow using password flow w/o a client secret while the standards do not demand for it. In this case, you can set a password here. As this password is exposed to the public it does not bring additional security and is therefore as good as using no password."
},
"skipIssuerCheck": {
"type": "boolean",
"description": "Defined whether to skip the validation of the issuer in the discovery document. Normally, the discovey document's url starts with the url of the issuer."
},
"strictDiscoveryDocumentValidation": {
"type": "boolean",
"description": " Defines whether every url provided by the discovery document has to start with the issuer's url."
},
"implicitFlow": {
"type": ["boolean", "string"]
},
"codeFlow": {
"type": ["boolean", "string"]
} }
} }
}, },

9
lib/core/src/lib/auth/oidc/auth-config.service.spec.ts
View File

@ -21,7 +21,6 @@ import { EMPTY } from 'rxjs';
import { AppConfigService } from '../../app-config/app-config.service'; import { AppConfigService } from '../../app-config/app-config.service';
import { AUTH_MODULE_CONFIG } from './auth-config'; import { AUTH_MODULE_CONFIG } from './auth-config';
import { AuthConfigService } from './auth-config.service'; import { AuthConfigService } from './auth-config.service';
import { AuthConfig } from 'angular-oauth2-oidc';
import { OauthConfigModel } from '../models/oauth-config.model'; import { OauthConfigModel } from '../models/oauth-config.model';
describe('AuthConfigService', () => { describe('AuthConfigService', () => {
@ -96,7 +95,7 @@ describe('AuthConfigService', () => {
] ]
}; };
const mockAuthConfigCodeFlow: OauthConfigModel = { const mockAuthConfigCodeFlow = {
host: 'http://localhost:3000/auth/realms/alfresco', host: 'http://localhost:3000/auth/realms/alfresco',
clientId: 'fakeClientId', clientId: 'fakeClientId',
scope: 'openid profile email', scope: 'openid profile email',
@ -131,7 +130,7 @@ describe('AuthConfigService', () => {
describe('load auth config using hash', () => { describe('load auth config using hash', () => {
it('should load configuration if implicit flow is true ', async () => { it('should load configuration if implicit flow is true ', async () => {
spyOnProperty(appConfigService, 'oauth2').and.returnValue(mockAuthConfigImplicitFlow); spyOnProperty(appConfigService, 'oauth2').and.returnValue(mockAuthConfigImplicitFlow);
const expectedConfig: AuthConfig = { const expectedConfig = {
oidc: true, oidc: true,
issuer: 'http://localhost:3000/auth/realms/alfresco', issuer: 'http://localhost:3000/auth/realms/alfresco',
redirectUri: 'http://localhost:3000/#/view/authentication-confirmation/?', redirectUri: 'http://localhost:3000/#/view/authentication-confirmation/?',
@ -142,7 +141,7 @@ describe('AuthConfigService', () => {
dummyClientSecret: '' dummyClientSecret: ''
}; };
expect(await service.loadConfig()).toEqual(expectedConfig); expect(await service.loadConfig()).toEqual(jasmine.objectContaining(expectedConfig));
}); });
it('should load configuration if code flow is true ', async () => { it('should load configuration if code flow is true ', async () => {
@ -159,7 +158,7 @@ describe('AuthConfigService', () => {
dummyClientSecret: '' dummyClientSecret: ''
}; };
expect(await service.loadConfig()).toEqual(expectedConfig); expect(await service.loadConfig()).toEqual(jasmine.objectContaining(expectedConfig));
}); });
}); });

7
lib/core/src/lib/auth/oidc/auth-config.service.ts
View File

@ -54,7 +54,8 @@ export class AuthConfigService {
const origin = this.getLocationOrigin(); const origin = this.getLocationOrigin();
const redirectUri = this.getRedirectUri(); const redirectUri = this.getRedirectUri();
const authConfig: AuthConfig = { return new AuthConfig({
...oauth2,
oidc: oauth2.implicitFlow || oauth2.codeFlow || false, oidc: oauth2.implicitFlow || oauth2.codeFlow || false,
issuer: oauth2.host, issuer: oauth2.host,
redirectUri, redirectUri,
@ -64,9 +65,7 @@ export class AuthConfigService {
scope: oauth2.scope, scope: oauth2.scope,
dummyClientSecret: oauth2.secret || '', dummyClientSecret: oauth2.secret || '',
...(oauth2.codeFlow && { responseType: 'code' }) ...(oauth2.codeFlow && { responseType: 'code' })
}; });
return authConfig;
} }
getRedirectUri(): string { getRedirectUri(): string {