diff --git a/src/app/core/auth/auth.actions.ts b/src/app/core/auth/auth.actions.ts index 60440d371e7..6bc4565682a 100644 --- a/src/app/core/auth/auth.actions.ts +++ b/src/app/core/auth/auth.actions.ts @@ -17,6 +17,7 @@ export const AuthActionTypes = { AUTHENTICATED_SUCCESS: type('dspace/auth/AUTHENTICATED_SUCCESS'), CHECK_AUTHENTICATION_TOKEN: type('dspace/auth/CHECK_AUTHENTICATION_TOKEN'), CHECK_AUTHENTICATION_TOKEN_COOKIE: type('dspace/auth/CHECK_AUTHENTICATION_TOKEN_COOKIE'), + SET_AUTH_COOKIE_STATUS: type('dspace/auth/SET_AUTH_COOKIE_STATUS'), RETRIEVE_AUTH_METHODS: type('dspace/auth/RETRIEVE_AUTH_METHODS'), RETRIEVE_AUTH_METHODS_SUCCESS: type('dspace/auth/RETRIEVE_AUTH_METHODS_SUCCESS'), RETRIEVE_AUTH_METHODS_ERROR: type('dspace/auth/RETRIEVE_AUTH_METHODS_ERROR'), @@ -150,6 +151,19 @@ export class CheckAuthenticationTokenCookieAction implements Action { public type: string = AuthActionTypes.CHECK_AUTHENTICATION_TOKEN_COOKIE; } +/** + * Sets the authentication cookie status to flag an external authentication response. + */ +export class SetAuthCookieStatus implements Action { + public type: string = AuthActionTypes.SET_AUTH_COOKIE_STATUS; + + payload = false; + + constructor(exists: boolean) { + this.payload = exists; + } +} + /** * Sign out. * @class LogOutAction @@ -425,6 +439,7 @@ export type AuthActions | AuthenticationSuccessAction | CheckAuthenticationTokenAction | CheckAuthenticationTokenCookieAction + | SetAuthCookieStatus | RedirectWhenAuthenticationIsRequiredAction | RedirectWhenTokenExpiredAction | AddAuthenticationMessageAction diff --git a/src/app/core/auth/auth.effects.spec.ts b/src/app/core/auth/auth.effects.spec.ts index f09db04d99e..2e6ba917aae 100644 --- a/src/app/core/auth/auth.effects.spec.ts +++ b/src/app/core/auth/auth.effects.spec.ts @@ -214,12 +214,15 @@ describe('AuthEffects', () => { authenticated: true }) ); + spyOn((authEffects as any).authService, 'setExternalAuthStatus'); actions = hot('--a-', { a: { type: AuthActionTypes.CHECK_AUTHENTICATION_TOKEN_COOKIE } }); const expected = cold('--b-', { b: new RetrieveTokenAction() }); expect(authEffects.checkTokenCookie$).toBeObservable(expected); authEffects.checkTokenCookie$.subscribe(() => { + expect(authServiceStub.setExternalAuthStatus).toHaveBeenCalled(); + expect(authServiceStub.isExternalAuthentication).toBeTrue(); expect((authEffects as any).authorizationsService.invalidateAuthorizationsRequestCache).toHaveBeenCalled(); }); }); diff --git a/src/app/core/auth/auth.effects.ts b/src/app/core/auth/auth.effects.ts index 22d1bf35e7c..281355b769e 100644 --- a/src/app/core/auth/auth.effects.ts +++ b/src/app/core/auth/auth.effects.ts @@ -153,6 +153,7 @@ export class AuthEffects { return this.authService.checkAuthenticationCookie().pipe( map((response: AuthStatus) => { if (response.authenticated) { + this.authService.setExternalAuthStatus(true); this.authorizationsService.invalidateAuthorizationsRequestCache(); return new RetrieveTokenAction(); } else { diff --git a/src/app/core/auth/auth.reducer.spec.ts b/src/app/core/auth/auth.reducer.spec.ts index 8ebc9f6cb03..c0619adf793 100644 --- a/src/app/core/auth/auth.reducer.spec.ts +++ b/src/app/core/auth/auth.reducer.spec.ts @@ -8,6 +8,7 @@ import { AuthenticationErrorAction, AuthenticationSuccessAction, CheckAuthenticationTokenAction, + SetAuthCookieStatus, CheckAuthenticationTokenCookieAction, LogOutAction, LogOutErrorAction, @@ -219,6 +220,28 @@ describe('authReducer', () => { expect(newState).toEqual(state); }); + it('should set the authentication cookie status in response to a SET_AUTH_COOKIE_STATUS action', () => { + initialState = { + authenticated: true, + loaded: false, + blocking: false, + loading: true, + externalAuth: false, + idle: false + }; + const action = new SetAuthCookieStatus(true); + const newState = authReducer(initialState, action); + state = { + authenticated: true, + loaded: false, + blocking: false, + loading: true, + externalAuth: true, + idle: false + }; + expect(newState).toEqual(state); + }); + it('should properly set the state, in response to a LOG_OUT action', () => { initialState = { authenticated: true, diff --git a/src/app/core/auth/auth.reducer.ts b/src/app/core/auth/auth.reducer.ts index acdb8ef812f..ba9c41326a6 100644 --- a/src/app/core/auth/auth.reducer.ts +++ b/src/app/core/auth/auth.reducer.ts @@ -10,7 +10,7 @@ import { RedirectWhenTokenExpiredAction, RefreshTokenSuccessAction, RetrieveAuthenticatedEpersonSuccessAction, - RetrieveAuthMethodsSuccessAction, + RetrieveAuthMethodsSuccessAction, SetAuthCookieStatus, SetRedirectUrlAction } from './auth.actions'; // import models @@ -59,6 +59,8 @@ export interface AuthState { // all authentication Methods enabled at the backend authMethods?: AuthMethod[]; + externalAuth?: boolean, + // true when the current user is idle idle: boolean; @@ -73,6 +75,7 @@ const initialState: AuthState = { blocking: true, loading: false, authMethods: [], + externalAuth: false, idle: false }; @@ -104,6 +107,11 @@ export function authReducer(state: any = initialState, action: AuthActions): Aut loading: true, }); + case AuthActionTypes.SET_AUTH_COOKIE_STATUS: + return Object.assign({}, state, { + externalAuth: (action as SetAuthCookieStatus).payload + }); + case AuthActionTypes.AUTHENTICATED_ERROR: case AuthActionTypes.RETRIEVE_AUTHENTICATED_EPERSON_ERROR: return Object.assign({}, state, { diff --git a/src/app/core/auth/auth.service.ts b/src/app/core/auth/auth.service.ts index 3034c00197e..6604936cde1 100644 --- a/src/app/core/auth/auth.service.ts +++ b/src/app/core/auth/auth.service.ts @@ -25,7 +25,7 @@ import { import { CookieService } from '../services/cookie.service'; import { getAuthenticatedUserId, - getAuthenticationToken, + getAuthenticationToken, getExternalAuthCookieStatus, getRedirectUrl, isAuthenticated, isAuthenticatedLoaded, @@ -36,7 +36,7 @@ import { AppState } from '../../app.reducer'; import { CheckAuthenticationTokenAction, RefreshTokenAction, - ResetAuthenticationMessagesAction, + ResetAuthenticationMessagesAction, SetAuthCookieStatus, SetRedirectUrlAction, SetUserAsIdleAction, UnsetUserAsIdleAction @@ -156,6 +156,24 @@ export class AuthService { return this.store.pipe(select(isAuthenticatedLoaded)); } + /** + * Used to set the external authentication status when authenticating via an + * external authentication system (e.g. Shibboleth). + * @param external + */ + public setExternalAuthStatus(external: boolean) { + this.store.dispatch(new SetAuthCookieStatus(external)); + } + + /** + * Returns true if an external authentication system (e.g. Shibboleth) is being used + * for authentication. Returns false otherwise. + */ + public isExternalAuthentication(): Observable { + return this.store.pipe( + select(getExternalAuthCookieStatus)); + } + /** * Returns the href link to authenticated user * @returns {string} diff --git a/src/app/core/auth/selectors.ts b/src/app/core/auth/selectors.ts index ce8d38d6ba5..aba739edf67 100644 --- a/src/app/core/auth/selectors.ts +++ b/src/app/core/auth/selectors.ts @@ -116,6 +116,8 @@ const _getRedirectUrl = (state: AuthState) => state.redirectUrl; const _getAuthenticationMethods = (state: AuthState) => state.authMethods; +const _getExternalAuthCookieStatus = (state: AuthState) => state.externalAuth; + /** * Returns true if the user is idle. * @function _isIdle @@ -178,6 +180,16 @@ export const isAuthenticated = createSelector(getAuthState, _isAuthenticated); */ export const isAuthenticatedLoaded = createSelector(getAuthState, _isAuthenticatedLoaded); +/** + * Returns the authentication cookie status. Expect to be true when external authentication + * is used. + * @function getExternalAuthCookieStatus + * @param {AuthState} state + * @param {any} props + * @return {boolean} + */ +export const getExternalAuthCookieStatus = createSelector(getAuthState, _getExternalAuthCookieStatus); + /** * Returns true if the authentication request is loading. * @function isAuthenticationLoading diff --git a/src/app/shared/testing/auth-service.stub.ts b/src/app/shared/testing/auth-service.stub.ts index b8d822252d7..7f3d040042f 100644 --- a/src/app/shared/testing/auth-service.stub.ts +++ b/src/app/shared/testing/auth-service.stub.ts @@ -17,6 +17,7 @@ export class AuthServiceStub { token: AuthTokenInfo = new AuthTokenInfo('token_test'); impersonating: string; private _tokenExpired = false; + private _isExternalAuth = false; private redirectUrl; constructor() { @@ -122,6 +123,13 @@ export class AuthServiceStub { checkAuthenticationCookie() { return; } + setExternalAuthStatus(externalCookie: boolean) { + this._isExternalAuth = externalCookie; + } + + isExternalAuthentication(): Observable { + return observableOf(this._isExternalAuth); + } retrieveAuthMethodsFromAuthStatus(status: AuthStatus) { return observableOf(authMethodsMock); diff --git a/src/modules/app/browser-init.service.ts b/src/modules/app/browser-init.service.ts index 687ecf05472..61d57f10f98 100644 --- a/src/modules/app/browser-init.service.ts +++ b/src/modules/app/browser-init.service.ts @@ -26,16 +26,21 @@ import { AuthService } from '../../app/core/auth/auth.service'; import { ThemeService } from '../../app/shared/theme-support/theme.service'; import { StoreAction, StoreActionTypes } from '../../app/store.actions'; import { coreSelector } from '../../app/core/core.selectors'; -import { find, map } from 'rxjs/operators'; +import { filter, find, map } from 'rxjs/operators'; import { isNotEmpty } from '../../app/shared/empty.util'; import { logStartupMessage } from '../../../startup-message'; import { MenuService } from '../../app/shared/menu/menu.service'; +import { RootDataService } from '../../app/core/data/root-data.service'; +import { firstValueFrom, Subscription } from 'rxjs'; /** * Performs client-side initialization. */ @Injectable() export class BrowserInitService extends InitService { + + sub: Subscription; + constructor( protected store: Store, protected correlationIdService: CorrelationIdService, @@ -51,6 +56,7 @@ export class BrowserInitService extends InitService { protected authService: AuthService, protected themeService: ThemeService, protected menuService: MenuService, + private rootDataService: RootDataService ) { super( store, @@ -80,6 +86,7 @@ export class BrowserInitService extends InitService { return async () => { await this.loadAppState(); this.checkAuthenticationToken(); + this.externalAuthCheck(); this.initCorrelationId(); this.checkEnvironment(); @@ -134,4 +141,35 @@ export class BrowserInitService extends InitService { protected initGoogleAnalytics() { this.googleAnalyticsService.addTrackingIdToPage(); } + + /** + * During an external authentication flow invalidate the SSR transferState + * data in the cache. This allows the app to fetch fresh content. + * @private + */ + private externalAuthCheck() { + + this.sub = this.authService.isExternalAuthentication().pipe( + filter((externalAuth: boolean) => externalAuth) + ).subscribe(() => { + // Clear the transferState data. + this.rootDataService.invalidateRootCache(); + this.authService.setExternalAuthStatus(false); + } + ); + + this.closeAuthCheckSubscription(); + } + + /** + * Unsubscribe the external authentication subscription + * when authentication is no longer blocking. + * @private + */ + private closeAuthCheckSubscription() { + firstValueFrom(this.authenticationReady$()).then(() => { + this.sub.unsubscribe(); + }); + } + }