mirror of
https://github.com/Alfresco/alfresco-ng2-components.git
synced 2025-05-12 17:04:57 +00:00
cd2b489100
* remove useless module * upgrade to angular 8 * upgrade material to v8 * upgrade adf libs * migrate demo shell to v8 * upgrade to angular 9 * upgrade material to v9 * remove hammer * upgrade nx * upgrade datetime picker * upgrade flex layout * update core api * remove entry components * code fixes * upgrade testbed usage * code fixes * remove unnecessary core-js from tests * upgrade CLI * ts config fixes * fix builds * fix testing config * compile fixes * fix demo shell dev setup * fix core tests * fix card view import * upgrade nx * disable smart builds for now * remove fdescribe * restore smart builds * fix issues * unify tsconfigs and fix newly found issues * fix configuration and cleanup package scripts * improved production build from the same config * use ADF libs directly instead of node_modules * disable smart build * single app configuration (angular) * fix core build * fix build scripts * lint fixes * fix linting setup * fix linting rules * various fixes * disable affected libs for unit tests * cleanup insights package.json * simplify smart-build * fix content tests * fix tests * test fixes * fix tests * fix test * fix tests * disable AppExtensionsModule (monaco example) * remove monaco extension module * upgrade bundle check rules * fix insights tests and karma config * fix protractor config * e2e workaround * upgrade puppeteer and split linting and build * reusable resources config * update protractor config * fix after rebase * fix protractor config * fix e2e tsconfig * update e2e setup * Save demoshell artifact on S3 and remove travis cache * Push the libs on S3 and fetch before releasing it * Add deps * Add dependencies among libs and run only affected unit test and build * fix the travis stage name * fix after renaming dev to demoshell * force the order of the projects * remove unused dependencies * fix content e2e script * exit codes fix * add extra exit codes to core e2e * postinstall hook and package cleanup * cleanup packages * remove deprecated code and dependency on router * improve bundle analyzer script * minor code fixes * update spec * fix code after rebase * upgrade protractor after rebase * fix e2e mapping lib * Update tsconfig.e2e.json * update e2e tsconfig * fix angular config * fix protractor runs * cache dist folder for libs * update material selectors for dropdowns * selector fixes * remove duplicated e2e that have unit tests already * fix login selector * fix e2e * fix test * fix import issues * fix selector * cleanup old monaco extension files * cleanup demo shell login * add protractor max retries * disable customisations of protractor * fix login validation * fix after rebase * fix after rebase, disable latest versions of libs * Hide the report tab and rollback the localstorage * rename protractor config back to js * restore lint as part of build * cleanup code * do not copy anything to node_modules on dist test * fix unit tests * config fixes * fix code * fix code after rebase * fix tests * remove existing words from spellcheck * remove useless directive decorators * update package.json after rebase * add js-api back * code fixes * add missing export * update configs * fix code * try fix the sso login test * fix * remove puppeteer unit * fix e2e script * fix * make provider easy * fix routes module before upgrade * fix unit tests * upgrade angular cli * upgrade to angular 10 Co-authored-by: maurizio vitale <maurizio.vitale@alfresco.com> Co-authored-by: Eugenio Romano <eugenio.romano@alfresco.com> Co-authored-by: Eugenio Romano <eromano@users.noreply.github.com>
189 lines
8.1 KiB
TypeScript
189 lines
8.1 KiB
TypeScript
/*!
|
|
* @license
|
|
* Copyright 2019 Alfresco Software, Ltd.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
import { async, TestBed } from '@angular/core/testing';
|
|
import { ActivatedRouteSnapshot, Router } from '@angular/router';
|
|
import { setupTestBed } from '../testing/setup-test-bed';
|
|
import { CoreTestingModule } from '../testing/core.testing.module';
|
|
import { AuthGuardSsoRoleService } from './auth-guard-sso-role.service';
|
|
import { JwtHelperService } from './jwt-helper.service';
|
|
import { MatDialog } from '@angular/material/dialog';
|
|
import { TranslateModule } from '@ngx-translate/core';
|
|
|
|
describe('Auth Guard SSO role service', () => {
|
|
|
|
let authGuard: AuthGuardSsoRoleService;
|
|
let jwtHelperService: JwtHelperService;
|
|
let routerService: Router;
|
|
|
|
setupTestBed({
|
|
imports: [
|
|
TranslateModule.forRoot(),
|
|
CoreTestingModule
|
|
]
|
|
});
|
|
|
|
beforeEach(() => {
|
|
localStorage.clear();
|
|
authGuard = TestBed.inject(AuthGuardSsoRoleService);
|
|
jwtHelperService = TestBed.inject(JwtHelperService);
|
|
routerService = TestBed.inject(Router);
|
|
});
|
|
|
|
it('Should canActivate be true if the Role is present int the JWT token', async(() => {
|
|
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
|
|
spyOn(jwtHelperService, 'decodeToken').and.returnValue({ 'realm_access': { roles: ['role1'] } });
|
|
|
|
const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
router.data = { 'roles': ['role1', 'role2'] };
|
|
|
|
expect(authGuard.canActivate(router)).toBeTruthy();
|
|
}));
|
|
|
|
it('Should canActivate be false if the Role is not present int the JWT token', async(() => {
|
|
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
|
|
spyOn(jwtHelperService, 'decodeToken').and.returnValue({ 'realm_access': { roles: ['role3'] } });
|
|
|
|
const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
router.data = { 'roles': ['role1', 'role2'] };
|
|
|
|
expect(authGuard.canActivate(router)).toBeFalsy();
|
|
}));
|
|
|
|
it('Should not redirect if canActivate is', async(() => {
|
|
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
|
|
spyOn(jwtHelperService, 'decodeToken').and.returnValue({ 'realm_access': { roles: ['role1'] } });
|
|
spyOn(routerService, 'navigate').and.stub();
|
|
|
|
const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
router.data = { 'roles': ['role1', 'role2'] };
|
|
|
|
expect(authGuard.canActivate(router)).toBeTruthy();
|
|
expect(routerService.navigate).not.toHaveBeenCalled();
|
|
}));
|
|
|
|
it('Should canActivate return false if the data Role to check is empty', async(() => {
|
|
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
|
|
spyOn(jwtHelperService, 'decodeToken').and.returnValue({ 'realm_access': { roles: ['role1', 'role3'] } });
|
|
|
|
const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
|
|
expect(authGuard.canActivate(router)).toBeFalsy();
|
|
}));
|
|
|
|
it('Should canActivate return false if the realm_access is not present', async(() => {
|
|
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
|
|
spyOn(jwtHelperService, 'decodeToken').and.returnValue({});
|
|
|
|
const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
|
|
expect(authGuard.canActivate(router)).toBeFalsy();
|
|
}));
|
|
|
|
it('Should redirect to the redirectURL if canActivate is false and redirectUrl is in data', async(() => {
|
|
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
|
|
spyOn(jwtHelperService, 'decodeToken').and.returnValue({});
|
|
spyOn(routerService, 'navigate').and.stub();
|
|
|
|
const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
router.data = { 'roles': ['role1', 'role2'], 'redirectUrl': 'no-role-url' };
|
|
|
|
expect(authGuard.canActivate(router)).toBeFalsy();
|
|
expect(routerService.navigate).toHaveBeenCalledWith(['/no-role-url']);
|
|
}));
|
|
|
|
it('Should not redirect if canActivate is false and redirectUrl is not in data', async(() => {
|
|
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
|
|
spyOn(jwtHelperService, 'decodeToken').and.returnValue({});
|
|
spyOn(routerService, 'navigate').and.stub();
|
|
|
|
const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
router.data = { 'roles': ['role1', 'role2'] };
|
|
|
|
expect(authGuard.canActivate(router)).toBeFalsy();
|
|
expect(routerService.navigate).not.toHaveBeenCalled();
|
|
}));
|
|
|
|
it('Should canActivate be false hasRealm is true and hasClientRole is false', () => {
|
|
const route: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
spyOn(jwtHelperService, 'hasRealmRoles').and.returnValue(true);
|
|
spyOn(jwtHelperService, 'hasRealmRolesForClientRole').and.returnValue(false);
|
|
|
|
route.params = { appName: 'fakeapp' };
|
|
route.data = { 'clientRoles': ['appName'], 'roles': ['role1', 'role2'] };
|
|
|
|
expect(authGuard.canActivate(route)).toBeFalsy();
|
|
});
|
|
|
|
it('Should canActivate be false if hasRealm is false and hasClientRole is true', () => {
|
|
const route: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
spyOn(jwtHelperService, 'hasRealmRoles').and.returnValue(false);
|
|
spyOn(jwtHelperService, 'hasRealmRolesForClientRole').and.returnValue(true);
|
|
|
|
route.params = { appName: 'fakeapp' };
|
|
route.data = { 'clientRoles': ['fakeapp'], 'roles': ['role1', 'role2'] };
|
|
|
|
expect(authGuard.canActivate(route)).toBeFalsy();
|
|
});
|
|
|
|
it('Should canActivate be true if both Real Role and Client Role are present int the JWT token', () => {
|
|
const route: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
|
|
|
|
spyOn(jwtHelperService, 'decodeToken').and.returnValue({
|
|
'realm_access': { roles: ['role1'] },
|
|
'resource_access': { fakeapp: { roles: ['role2'] } }
|
|
});
|
|
|
|
route.params = { appName: 'fakeapp' };
|
|
route.data = { 'clientRoles': ['appName'], 'roles': ['role1', 'role2'] };
|
|
|
|
expect(authGuard.canActivate(route)).toBeTruthy();
|
|
});
|
|
|
|
it('Should canActivate be false if the Client Role is not present int the JWT token with the correct role', () => {
|
|
const route: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
spyOn(jwtHelperService, 'getAccessToken').and.returnValue('my-access_token');
|
|
|
|
spyOn(jwtHelperService, 'decodeToken').and.returnValue({
|
|
'realm_access': { roles: ['role1'] },
|
|
'resource_access': { fakeapp: { roles: ['role3'] } }
|
|
});
|
|
|
|
route.params = { appName: 'fakeapp' };
|
|
route.data = { 'clientRoles': ['appName'], 'roles': ['role1', 'role2'] };
|
|
|
|
expect(authGuard.canActivate(route)).toBeFalsy();
|
|
});
|
|
|
|
it('Should canActivate be false hasRealm is true and hasClientRole is false', () => {
|
|
const materialDialog = TestBed.inject(MatDialog);
|
|
|
|
spyOn(materialDialog, 'closeAll');
|
|
|
|
const route: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
|
|
spyOn(jwtHelperService, 'hasRealmRoles').and.returnValue(true);
|
|
spyOn(jwtHelperService, 'hasRealmRolesForClientRole').and.returnValue(false);
|
|
|
|
route.params = { appName: 'fakeapp' };
|
|
route.data = { 'clientRoles': ['appName'], 'roles': ['role1', 'role2'] };
|
|
|
|
expect(authGuard.canActivate(route)).toBeFalsy();
|
|
expect(materialDialog.closeAll).toHaveBeenCalled();
|
|
});
|
|
});
|