Skip to content

Commit

Permalink
[ADF-5465] Not being redirected to login page when Kerberos is enabled (
Browse files Browse the repository at this point in the history 
#7272)

* Revert "[MNT-22334] ADW - User information not displayed when Kerberos is in use (#7172)"

This reverts commit 4befb77

* [ADF-5465] Not being redirected to login page when Kerberos is enabled

* * fix user info

* * add providers

* * fix test
  • Loading branch information
@dhrn
dhrn committed Oct 5, 2021
1 parent 6f968f7 commit 8a3c49e
Show file tree
Hide file tree
Showing 6 changed files with 147 additions and 170 deletions.
10 changes: 10 additions & 0 deletions docker/docker-entrypoint.d/30-sed-on-appconfig.sh
View file
Expand Up @@ -73,6 +73,16 @@ if [[ -n "${APP_CONFIG_ECM_HOST}" ]]; then
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
fi

if [[ -n "${APP_CONFIG_KERBEROS_ENABLED}" ]]; then
sed -e "s/\"withCredentials\": [^,]*/\"withCredentials\": ${APP_CONFIG_KERBEROS_ENABLED}/g" \
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
fi

if [[ -n "${APP_CONFIG_PROVIDERS}" ]]; then
sed -e "s/\"providers\": [^,]*/\"providers\": \"${APP_CONFIG_PROVIDERS}\"/g" \
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
fi

if [ -n "${APP_CONFIG_APPS_DEPLOYED}" ]; then
sed -e "s/\"alfresco-deployed-apps\": \[.*\]/\"alfresco-deployed-apps\": ${APP_CONFIG_APPS_DEPLOYED}/g" \
-i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
Expand Down
2 changes: 2 additions & 0 deletions docker/run.sh
View file
Expand Up @@ -20,4 +20,6 @@ docker run --rm -it \
--env APP_CONFIG_OAUTH2_REDIRECT_LOGOUT=$APP_CONFIG_OAUTH2_REDIRECT_LOGOUT \
--env APP_CONFIG_BPM_HOST=$APP_CONFIG_BPM_HOST \
--env APP_CONFIG_ECM_HOST=$APP_CONFIG_ECM_HOST \
--env APP_CONFIG_PROVIDERS=$APP_CONFIG_PROVIDERS \
--env APP_CONFIG_KERBEROS_ENABLED=$APP_CONFIG_KERBEROS_ENABLED \
--user 1000:1000 --publish $HOST_PORT:$CONTAINER_PORT $DOCKER_IMAGE_REPO
43 changes: 23 additions & 20 deletions lib/core/services/authentication.service.spec.ts
View file
Expand Up @@ -60,11 +60,29 @@ describe('AuthenticationService', () => {
jasmine.Ajax.uninstall();
});

describe('kerberos', () => {
beforeEach(() => {
appConfigService.config.providers = 'ALL';
appConfigService.config.auth = { withCredentials: true };
});

it('should emit login event for kerberos', (done) => {
spyOn(authService.peopleApi, 'getPerson').and.returnValue(Promise.resolve({}));
spyOn(authService.profileApi, 'getProfile').and.returnValue(Promise.resolve({}));
const disposableLogin = authService.onLogin.subscribe(() => {
expect(authService.profileApi.getProfile).toHaveBeenCalledTimes(1);
expect(authService.peopleApi.getPerson).toHaveBeenCalledTimes(1);
disposableLogin.unsubscribe();
done();
});
appConfigService.load();
});
});

describe('when the setting is ECM', () => {

beforeEach(() => {
appConfigService.config.providers = 'ECM';
appConfigService.config.auth = { withCredentials: false };
appConfigService.load();
apiService.reset();
});
Expand Down Expand Up @@ -186,20 +204,12 @@ describe('AuthenticationService', () => {
it('[ECM] should return isBpmLoggedIn false', () => {
expect(authService.isBpmLoggedIn()).toBe(false);
});

it('[ECM] should return true if kerberos configured', () => {
appConfigService.config.auth.withCredentials = true;

expect(authService.isLoggedInWith('ECM')).toBe(true);
expect(authService.isLoggedIn()).toBe(true);
});
});

describe('when the setting is BPM', () => {

beforeEach(() => {
appConfigService.config.providers = 'BPM';
appConfigService.config.auth = { withCredentials: false };
appConfigService.load();
apiService.reset();
});
Expand Down Expand Up @@ -311,14 +321,12 @@ describe('AuthenticationService', () => {
it('[BPM] should return isALLProvider false', () => {
expect(authService.isALLProvider()).toBe(false);
});

});

describe('remember me', () => {

beforeEach(() => {
appConfigService.config.providers = 'ECM';
appConfigService.config.auth = { withCredentials: false };
appConfigService.load();
apiService.reset();
});
Expand Down Expand Up @@ -356,8 +364,7 @@ describe('AuthenticationService', () => {

it('[ECM] should not save the remember me cookie after failed login', (done) => {
const disposableLogin = authService.login('fake-username', 'fake-password').subscribe(
() => {
},
() => {},
() => {
expect(cookie['ALFRESCO_REMEMBER_ME']).toBeUndefined();
disposableLogin.unsubscribe();
Expand All @@ -384,7 +391,6 @@ describe('AuthenticationService', () => {

beforeEach(() => {
appConfigService.config.providers = 'ALL';
appConfigService.config.auth = { withCredentials: false };
appConfigService.load();
apiService.reset();
});
Expand Down Expand Up @@ -414,8 +420,7 @@ describe('AuthenticationService', () => {

it('[ALL] should return login fail if only ECM call fail', (done) => {
const disposableLogin = authService.login('fake-username', 'fake-password').subscribe(
() => {
},
() => {},
() => {
expect(authService.isLoggedIn()).toBe(false, 'isLoggedIn');
expect(authService.getTicketEcm()).toBe(null, 'getTicketEcm');
Expand All @@ -437,8 +442,7 @@ describe('AuthenticationService', () => {

it('[ALL] should return login fail if only BPM call fail', (done) => {
const disposableLogin = authService.login('fake-username', 'fake-password').subscribe(
() => {
},
() => {},
() => {
expect(authService.isLoggedIn()).toBe(false);
expect(authService.getTicketEcm()).toBe(null);
Expand All @@ -461,8 +465,7 @@ describe('AuthenticationService', () => {

it('[ALL] should return ticket undefined when the credentials are wrong', (done) => {
const disposableLogin = authService.login('fake-username', 'fake-password').subscribe(
() => {
},
() => {},
() => {
expect(authService.isLoggedIn()).toBe(false);
expect(authService.getTicketEcm()).toBe(null);
Expand Down
49 changes: 34 additions & 15 deletions lib/core/services/authentication.service.ts
View file
Expand Up @@ -16,13 +16,13 @@
*/

import { Injectable } from '@angular/core';
import { Observable, from, throwError, Observer, ReplaySubject } from 'rxjs';
import { Observable, from, throwError, Observer, ReplaySubject, forkJoin } from 'rxjs';
import { AlfrescoApiService } from './alfresco-api.service';
import { CookieService } from './cookie.service';
import { LogService } from './log.service';
import { RedirectionModel } from '../models/redirection.model';
import { AppConfigService, AppConfigValues } from '../app-config/app-config.service';
import { UserProfileApi, UserRepresentation } from '@alfresco/js-api';
import { PeopleApi, UserProfileApi, UserRepresentation } from '@alfresco/js-api';
import { map, catchError, tap } from 'rxjs/operators';
import { HttpHeaders } from '@angular/common/http';
import { JwtHelperService } from './jwt-helper.service';
Expand All @@ -39,7 +39,7 @@ export class AuthenticationService {

private bearerExcludedUrls: string[] = ['auth/realms', 'resources/', 'assets/'];
/**
* Emits Basic auth login event
* Emits login event
*/
onLogin: ReplaySubject<any> = new ReplaySubject<any>(1);

Expand All @@ -48,6 +48,12 @@ export class AuthenticationService {
*/
onLogout: ReplaySubject<any> = new ReplaySubject<any>(1);

_peopleApi: PeopleApi;
get peopleApi(): PeopleApi {
this._peopleApi = this._peopleApi ?? new PeopleApi(this.alfrescoApi.getInstance());
return this._peopleApi;
}

_profileApi: UserProfileApi;
get profileApi(): UserProfileApi {
this._profileApi = this._profileApi ?? new UserProfileApi(this.alfrescoApi.getInstance());
Expand All @@ -64,18 +70,31 @@ export class AuthenticationService {
this.alfrescoApi.getInstance().reply('logged-in', () => {
this.onLogin.next();
});

if (this.isKerberosEnabled()) {
this.loadUserDetails();
}
});
}

private loadUserDetails() {
const ecmUser$ = from(this.peopleApi.getPerson('-me-'));
const bpmUser$ = this.getBpmLoggedUser();

if (this.isALLProvider()) {
forkJoin([ecmUser$, bpmUser$]).subscribe(() => this.onLogin.next());
} else if (this.isECMProvider()) {
ecmUser$.subscribe(() => this.onLogin.next());
} else {
bpmUser$.subscribe(() => this.onLogin.next());
}
}

/**
* Checks if the user logged in.
* @returns True if logged in, false otherwise
*/
isLoggedIn(): boolean {
if (this.isKerberosConfigured()) {
return true;
}

if (!this.isOauth() && this.cookie.isEnabled() && !this.isRememberMeSet()) {
return false;
}
Expand All @@ -92,6 +111,14 @@ export class AuthenticationService {
}
}

/**
* Does kerberos enabled?
* @returns True if enabled, false otherwise
*/
isKerberosEnabled(): boolean {
return this.appConfig.get<boolean>(AppConfigValues.AUTH_WITH_CREDENTIALS, false);
}

/**
* Does the provider support OAuth?
* @returns True if supported, false otherwise
Expand Down Expand Up @@ -236,10 +263,6 @@ export class AuthenticationService {
* @returns True if logged in, false otherwise
*/
isEcmLoggedIn(): boolean {
if (this.isKerberosConfigured()) {
return true;
}

if (this.isECMProvider() || this.isALLProvider()) {
if (!this.isOauth() && this.cookie.isEnabled() && !this.isRememberMeSet()) {
return false;
Expand All @@ -263,10 +286,6 @@ export class AuthenticationService {
return false;
}

isKerberosConfigured(): boolean {
return this.appConfig.get<boolean>(AppConfigValues.AUTH_WITH_CREDENTIALS, false);
}

/**
* Gets the ECM username.
* @returns The ECM username
Expand Down

0 comments on commit 8a3c49e

Please sign in to comment.