[ACA-2755] [SSO] Unable to access a private url after a public url was loaded in the same browser tab (#5363)

* If silentlogin do implicitLogin * If silentlogin do implicitLogin * Unit tests * Unit tests Trigger new run * Authguard should return true for canActive * adjust unit test and allow AuthGuard CanActive for the SSO case * adjust unit test and allow AuthGuard CanActive for the SSO case * adjust unit test and allow AuthGuard CanActive for the SSO case * adjust unit test and allow AuthGuard CanActive for the SSO case * Add isPublicUrl logic to authguard * adjust unit test and allow AuthGuard CanActive for the SSO case * Allow canActive true for public urls like /settings * fix redirect login for SSO * Try not using isPublicUrl from js-api as that triggers an implicit login already * Try not using isPublicUrl from js-api as that triggers an implicit login already * Try not using isPublicUrl from js-api as that triggers an implicit login already * Try not using isPublicUrl from js-api as that triggers an implicit login already * move sso silentlogin fix to ecm authguard * Try only todo the implicitLogin if not logged in * Try only todo the implicitLogin if not logged in * Try only todo the implicitLogin if not logged in * Try only todo the implicitLogin if not logged in * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * remove implicit flow parameter and pray that those process cloud tests are passing * remove implicit flow parameter and pray that those process cloud tests are passing * remove implicit flow parameter and pray that those process cloud tests are passing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * move authService stuff in the login component from ngOnInit to constructor * move authService stuff in the login component from ngOnInit to constructor * move authService stuff in the login component from ngOnInit to constructor * move authService stuff in the login component from ngOnInit to constructor * not use login component for silent login anymore! * try figuring out why process cloud is failing * try figuring out why process cloud is failing * reuse is PublicUrl from js-api * reuse is PublicUrl from js-api * revert travis changes * revert travis changes * Check if oauth is enabled * Check if oauth is enabled * Check if oauth is enabled * Check if oauth is enabled
2025-05-26 17:24:56 +00:00 · 2020-01-25 10:15:24 +01:00 · 2020-01-25 10:15:24 +01:00 · f0189efd5a
commit f0189efd5a
parent 469a806894
4 changed files with 33 additions and 2 deletions
--- a/lib/core/login/components/login.component.spec.ts
+++ b/lib/core/login/components/login.component.spec.ts
@ -650,7 +650,7 @@ describe('LoginComponent', () => {
                });
            }));

-            it('should  show the login SSO button', async(() => {
+            it('should show the login SSO button', async(() => {
                spyOn(authService, 'isOauth').and.returnValue(true);

                component.ngOnInit();
--- a/lib/core/services/auth-guard-ecm.service.spec.ts
+++ b/lib/core/services/auth-guard-ecm.service.spec.ts
@ -93,7 +93,30 @@ describe('AuthGuardService ECM', () => {
        expect(router.navigateByUrl).toHaveBeenCalled();
    }));

-    it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => {
+    it('should not redirect url if the alfresco js api is NOT logged in and isOAuth with silentLogin', async(() => {
+        spyOn(router, 'navigateByUrl').and.stub();
+        spyOn(authService, 'isEcmLoggedIn').and.returnValue(false);
+        spyOn(authService, 'isOauth').and.returnValue(true);
+        spyOn(authService, 'isPublicUrl').and.returnValue(false);
+        spyOn(authService, 'ssoImplicitLogin').and.stub();
+
+        appConfigService.config.oauth2 = {
+            silentLogin: true,
+            host: 'http://localhost:6543',
+            redirectUri: '/',
+            clientId: 'activiti',
+            publicUrl: 'settings',
+            scope: 'openid'
+        };
+
+        const route: RouterStateSnapshot = <RouterStateSnapshot>  {url : 'abc'};
+
+        expect(authGuard.canActivate(null, route)).toBeTruthy();
+        expect(router.navigateByUrl).toHaveBeenCalledTimes(0);
+        expect(authService.ssoImplicitLogin).toHaveBeenCalledTimes(1);
+    }));
+
+    it('should not redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => {
        spyOn(router, 'navigateByUrl').and.stub();
        spyOn(authService, 'isEcmLoggedIn').and.returnValue(false);
        spyOn(authService, 'isOauth').and.returnValue(true);
--- a/lib/core/services/auth-guard-ecm.service.ts
+++ b/lib/core/services/auth-guard-ecm.service.ts
@ -42,6 +42,10 @@ export class AuthGuardEcm extends AuthGuardBase {
            return true;
        }
        this.redirectToUrl('ECM', redirectUrl);
+        if (!this.authenticationService.isEcmLoggedIn() && this.isSilentLogin() && !this.authenticationService.isPublicUrl()) {
+            this.authenticationService.ssoImplicitLogin();
+            return true;
+        }
        return false;
    }
 }
--- a/lib/core/services/authentication.service.ts
+++ b/lib/core/services/authentication.service.ts
@ -69,6 +69,10 @@ export class AuthenticationService {
        return this.alfrescoApi.getInstance().isOauthConfiguration();
    }

+    isPublicUrl(): boolean {
+        return this.alfrescoApi.getInstance().isPublicUrl();
+    }
+
    /**
     * Does the provider support ECM?
     * @returns True if supported, false otherwise