[AAE-12511] implement OIDC authentication capabilities in ADF (#7856)

* feat: add custom AlfrescoApiHttpClient [ci:force]

* feat: update configs

* feat: move api to follow second entry point structure

* feat: add auth module [ci:force]

* Fix rebasing issues

* Isolate oidc package as subfolder

* Canary mode

* [AAE-12498] Fix unit test should load external settings: resolve reponse data instead returning default config

* [AAE-12498] Set @nrwl/eslint-plugin-nx@14.5.4 version to fix lint job that failed because of the 14.8.6 version (https://github.com/Alfresco/alfresco-ng2-components/actions/runs/4165060892/jobs/7207651856\#step:5:3379)

* [AAE-12498] Fix stories:build-storybook:ci issues

* [AAE-7991] cherry-pick e935f7b0b1 from repo https://github.com/Alfresco/alfresco-ng2-components/pull/7818: send onLogin to initialize acs version to fix [C362242] on canary configuration

* [AAE-12498] Fix security hotspot: fix unsafe pseudorandom number generator

* test: add missing tests for oidc-auth.guard

* test: fix lint issues

* chore: remove assignment in return

* [AAE-12498] Remove warning comment because we already know we're doing breaking changes

* [AAE-12498] Add auth-config.service unit tests

* [AAE-12498] Remove getUserProfile from auth service

---------

Co-authored-by: Andras Popovics <popovics@ndras.hu>
Co-authored-by: Amedeo Lepore <amedeo.lepore@hyland.com>

demo-shell/src/app/app.module.ts

@@ -20,7 +20,7 @@ import { APP_INITIALIZER, NgModule } from '@angular/core';
 import { FormsModule, ReactiveFormsModule } from '@angular/forms';
 import { FlexLayoutModule } from '@angular/flex-layout';
 import { ChartsModule } from 'ng2-charts';
-import { HttpClientModule, HTTP_INTERCEPTORS } from '@angular/common/http';
+import { HttpClientModule } from '@angular/common/http';
 import { BrowserAnimationsModule, NoopAnimationsModule } from '@angular/platform-browser/animations';
 import { TranslateModule } from '@ngx-translate/core';
 import {
@@ -29,7 +29,7 @@ import {
     DebugAppConfigService,
     CoreModule,
     CoreAutomationService,
-    AuthBearerInterceptor
+    AuthModule
 } from '@alfresco/adf-core';
 import { ExtensionsModule } from '@alfresco/adf-extensions';
 import { AppComponent } from './app.component';
@@ -140,6 +140,7 @@ registerLocaleData(localeSv);
         environment.e2e ? NoopAnimationsModule : BrowserAnimationsModule,
         ReactiveFormsModule,
         RouterModule.forRoot(appRoutes, { useHash: true, relativeLinkResolution: 'legacy' }),
+        ...(environment.oidc ? [AuthModule.forRoot({ useHash: true })] : []),
         FormsModule,
         HttpClientModule,
         MaterialModule,
@@ -211,10 +212,6 @@ registerLocaleData(localeSv);
         SearchFilterChipsComponent
     ],
     providers: [
-        {
-            provide: HTTP_INTERCEPTORS, useClass:
-            AuthBearerInterceptor, multi: true
-        },
         { provide: AppConfigService, useClass: DebugAppConfigService }, // not use this service in production
         {
             provide: TRANSLATION_PROVIDER,

demo-shell/src/app/components/settings/host-settings.component.html

@@ -119,6 +119,12 @@
                                       formControlName="implicitFlow">
                     </mat-slide-toggle>
 
+                    <ng-container *ngIf="supportsCodeFlow">
+                        <label for="codeFlow">{{ 'CORE.HOST_SETTINGS.CODE-FLOW'| translate }}</label>
+                        <mat-slide-toggle class="adf-full-width" name="codeFlow" [color]="'primary'"
+                                          formControlName="codeFlow">
+                        </mat-slide-toggle>
+                    </ng-container>
 
                     <mat-form-field class="adf-full-width">
                         <mat-label>{{ 'APP.HOST_SETTINGS.REDIRECT'| translate }}</mat-label>

demo-shell/src/app/components/settings/host-settings.component.ts

@@ -17,7 +17,7 @@
 
 import { Component, EventEmitter, Output, ViewEncapsulation, OnInit, Input } from '@angular/core';
 import { Validators, UntypedFormGroup, UntypedFormBuilder, UntypedFormControl } from '@angular/forms';
-import { AppConfigService, AppConfigValues, StorageService, AlfrescoApiService, OauthConfigModel } from '@alfresco/adf-core';
+import { AppConfigService, AppConfigValues, StorageService, AlfrescoApiService, OauthConfigModel, AuthenticationService } from '@alfresco/adf-core';
 import { ENTER } from '@angular/cdk/keycodes';
 
 export const HOST_REGEX = '^(http|https):\/\/.*[^/]$';
@@ -57,11 +57,13 @@ export class HostSettingsComponent implements OnInit {
     // eslint-disable-next-line @angular-eslint/no-output-native
     success = new EventEmitter<boolean>();
 
-    constructor(private formBuilder: UntypedFormBuilder,
-                private storageService: StorageService,
-                private alfrescoApiService: AlfrescoApiService,
-                private appConfig: AppConfigService) {
-    }
+    constructor(
+        private formBuilder: UntypedFormBuilder,
+        private storageService: StorageService,
+        private alfrescoApiService: AlfrescoApiService,
+        private appConfig: AppConfigService,
+        private auth: AuthenticationService
+    ) {}
 
     ngOnInit() {
         if (this.providers.length === 1) {
@@ -146,6 +148,7 @@ export class HostSettingsComponent implements OnInit {
             secret: oauth.secret,
             silentLogin: oauth.silentLogin,
             implicitFlow: oauth.implicitFlow,
+            codeFlow: oauth.codeFlow,
             publicUrls: [oauth.publicUrls]
         });
     }
@@ -185,6 +188,7 @@ export class HostSettingsComponent implements OnInit {
         this.storageService.setItem(AppConfigValues.AUTHTYPE, values.authType);
 
         this.alfrescoApiService.reset();
+        this.auth.reset();
         this.alfrescoApiService.getInstance().invalidateSession();
         this.success.emit(true);
     }
@@ -228,6 +232,10 @@ export class HostSettingsComponent implements OnInit {
         return this.form.get('authType').value === 'OAUTH';
     }
 
+    get supportsCodeFlow(): boolean {
+        return this.auth.supportCodeFlow;
+    }
+
     get providersControl(): UntypedFormControl {
         return this.form.get('providersControl') as UntypedFormControl;
     }
@@ -264,6 +272,10 @@ export class HostSettingsComponent implements OnInit {
         return this.oauthConfig.get('implicitFlow') as UntypedFormControl;
     }
 
+    get codeFlow(): UntypedFormControl {
+        return this.oauthConfig.get('codeFlow') as UntypedFormControl;
+    }
+
     get silentLogin(): UntypedFormControl {
         return this.oauthConfig.get('silentLogin') as UntypedFormControl;
     }

demo-shell/src/environments/environment.canary.ts

@@ -0,0 +1,22 @@
+/*!
+ * @license
+ * Copyright 2019 Alfresco Software, Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export const environment = {
+  production: true,
+  e2e: false,
+  oidc: true
+};

demo-shell/src/environments/environment.e2e.ts

@@ -17,5 +17,6 @@
 
 export const environment = {
   production: false,
-  e2e: true
+  e2e: true,
+  oidc: false
 };

demo-shell/src/environments/environment.prod.ts

@@ -17,5 +17,6 @@
 
 export const environment = {
   production: true,
-  e2e: false
+  e2e: false,
+  oidc: false
 };

demo-shell/src/environments/environment.ts

@@ -22,5 +22,6 @@
 
 export const environment = {
   production: false,
-  e2e: false
+  e2e: false,
+  oidc: false
 };