From f0189efd5aeff1434a2f861dbefe69a69f2e4aa6 Mon Sep 17 00:00:00 2001 From: Martin Muller Date: Sat, 25 Jan 2020 10:15:24 +0100 Subject: [PATCH] [ACA-2755] [SSO] Unable to access a private url after a public url was loaded in the same browser tab (#5363) * If silentlogin do implicitLogin * If silentlogin do implicitLogin * Unit tests * Unit tests Trigger new run * Authguard should return true for canActive * adjust unit test and allow AuthGuard CanActive for the SSO case * adjust unit test and allow AuthGuard CanActive for the SSO case * adjust unit test and allow AuthGuard CanActive for the SSO case * adjust unit test and allow AuthGuard CanActive for the SSO case * Add isPublicUrl logic to authguard * adjust unit test and allow AuthGuard CanActive for the SSO case * Allow canActive true for public urls like /settings * fix redirect login for SSO * Try not using isPublicUrl from js-api as that triggers an implicit login already * Try not using isPublicUrl from js-api as that triggers an implicit login already * Try not using isPublicUrl from js-api as that triggers an implicit login already * Try not using isPublicUrl from js-api as that triggers an implicit login already * move sso silentlogin fix to ecm authguard * Try only todo the implicitLogin if not logged in * Try only todo the implicitLogin if not logged in * Try only todo the implicitLogin if not logged in * Try only todo the implicitLogin if not logged in * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * remove implicit flow parameter and pray that those process cloud tests are passing * remove implicit flow parameter and pray that those process cloud tests are passing * remove implicit flow parameter and pray that those process cloud tests are passing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * try figuring out why process cloud is failing * move authService stuff in the login component from ngOnInit to constructor * move authService stuff in the login component from ngOnInit to constructor * move authService stuff in the login component from ngOnInit to constructor * move authService stuff in the login component from ngOnInit to constructor * not use login component for silent login anymore! * try figuring out why process cloud is failing * try figuring out why process cloud is failing * reuse is PublicUrl from js-api * reuse is PublicUrl from js-api * revert travis changes * revert travis changes * Check if oauth is enabled * Check if oauth is enabled * Check if oauth is enabled * Check if oauth is enabled --- .../login/components/login.component.spec.ts | 2 +- .../services/auth-guard-ecm.service.spec.ts | 25 ++++++++++++++++++- lib/core/services/auth-guard-ecm.service.ts | 4 +++ lib/core/services/authentication.service.ts | 4 +++ 4 files changed, 33 insertions(+), 2 deletions(-) diff --git a/lib/core/login/components/login.component.spec.ts b/lib/core/login/components/login.component.spec.ts index 93d2f731d1..3019afc7c2 100644 --- a/lib/core/login/components/login.component.spec.ts +++ b/lib/core/login/components/login.component.spec.ts @@ -650,7 +650,7 @@ describe('LoginComponent', () => { }); })); - it('should show the login SSO button', async(() => { + it('should show the login SSO button', async(() => { spyOn(authService, 'isOauth').and.returnValue(true); component.ngOnInit(); diff --git a/lib/core/services/auth-guard-ecm.service.spec.ts b/lib/core/services/auth-guard-ecm.service.spec.ts index 20549d9730..6521229188 100644 --- a/lib/core/services/auth-guard-ecm.service.spec.ts +++ b/lib/core/services/auth-guard-ecm.service.spec.ts @@ -93,7 +93,30 @@ describe('AuthGuardService ECM', () => { expect(router.navigateByUrl).toHaveBeenCalled(); })); - it('should redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => { + it('should not redirect url if the alfresco js api is NOT logged in and isOAuth with silentLogin', async(() => { + spyOn(router, 'navigateByUrl').and.stub(); + spyOn(authService, 'isEcmLoggedIn').and.returnValue(false); + spyOn(authService, 'isOauth').and.returnValue(true); + spyOn(authService, 'isPublicUrl').and.returnValue(false); + spyOn(authService, 'ssoImplicitLogin').and.stub(); + + appConfigService.config.oauth2 = { + silentLogin: true, + host: 'http://localhost:6543', + redirectUri: '/', + clientId: 'activiti', + publicUrl: 'settings', + scope: 'openid' + }; + + const route: RouterStateSnapshot = {url : 'abc'}; + + expect(authGuard.canActivate(null, route)).toBeTruthy(); + expect(router.navigateByUrl).toHaveBeenCalledTimes(0); + expect(authService.ssoImplicitLogin).toHaveBeenCalledTimes(1); + })); + + it('should not redirect url if NOT logged in and isOAuth but no silentLogin configured', async(() => { spyOn(router, 'navigateByUrl').and.stub(); spyOn(authService, 'isEcmLoggedIn').and.returnValue(false); spyOn(authService, 'isOauth').and.returnValue(true); diff --git a/lib/core/services/auth-guard-ecm.service.ts b/lib/core/services/auth-guard-ecm.service.ts index 2a459e7cd2..5d15daad12 100644 --- a/lib/core/services/auth-guard-ecm.service.ts +++ b/lib/core/services/auth-guard-ecm.service.ts @@ -42,6 +42,10 @@ export class AuthGuardEcm extends AuthGuardBase { return true; } this.redirectToUrl('ECM', redirectUrl); + if (!this.authenticationService.isEcmLoggedIn() && this.isSilentLogin() && !this.authenticationService.isPublicUrl()) { + this.authenticationService.ssoImplicitLogin(); + return true; + } return false; } } diff --git a/lib/core/services/authentication.service.ts b/lib/core/services/authentication.service.ts index 7c5cdf4dae..8def6339c3 100644 --- a/lib/core/services/authentication.service.ts +++ b/lib/core/services/authentication.service.ts @@ -69,6 +69,10 @@ export class AuthenticationService { return this.alfrescoApi.getInstance().isOauthConfiguration(); } + isPublicUrl(): boolean { + return this.alfrescoApi.getInstance().isPublicUrl(); + } + /** * Does the provider support ECM? * @returns True if supported, false otherwise