Added backend lookup if shibboleth is enabled

2025-10-07 10:04:11 +00:00 · 2019-06-25 13:10:19 +02:00
parent 14419ca567
commit 26f01d6f8f
10 changed files with 46 additions and 37 deletions
--- a/config/environment.default.js
+++ b/config/environment.default.js
@@ -29,13 +29,13 @@ module.exports = {
      timePerMethod: {'PATCH': 3} //time in seconds
    }
  },
-  // Authentications
+/*  // Authentications
  auth: {
    target: {
      host: 'https://fis.tiss.tuwien.ac.at',
      page: ''
    }
-  },
+  },*/
  // Form settings
  form: {
    // NOTE: Map server-side validators to comparative Angular form validators
--- a/src/app/+login-page/shibboleth/shibboleth.component.ts
+++ b/src/app/+login-page/shibboleth/shibboleth.component.ts
@@ -1,5 +1,5 @@
 import { Component, OnInit } from '@angular/core';
-import {ShibbLoginAction} from '../../core/auth/auth.actions';
+import {GetJWTafterShibbLoginAction} from '../../core/auth/auth.actions';
 import {Store} from '@ngrx/store';
 import {CoreState} from '../../core/core.reducers';
@@ -13,7 +13,7 @@ export class ShibbolethComponent implements OnInit {
  constructor( private store: Store<CoreState>,) { }
  ngOnInit() {
-    this.store.dispatch(new ShibbLoginAction());
+    this.store.dispatch(new GetJWTafterShibbLoginAction());
  }
 }
--- a/src/app/core/auth/auth.actions.ts
+++ b/src/app/core/auth/auth.actions.ts
@@ -57,11 +57,11 @@ export class AuthenticateAction implements Action {
 }
 /**
- * ShibbLoginAction.
+ * GetJWTafterShibbLoginAction.
- * @class ShibbLoginAction
+ * @class GetJWTafterShibbLoginAction
 * @implements {Action}
 */
-export class ShibbLoginAction implements Action {
+export class GetJWTafterShibbLoginAction implements Action {
  public type: string = AuthActionTypes.SHIBB_LOGIN;
 }
@@ -380,7 +380,7 @@ export class SetRedirectUrlAction implements Action {
 */
 export type AuthActions
  = AuthenticateAction
-  | ShibbLoginAction
+  | GetJWTafterShibbLoginAction
  | AuthenticatedAction
  | AuthenticatedErrorAction
  | AuthenticatedSuccessAction
--- a/src/app/core/auth/auth.effects.ts
+++ b/src/app/core/auth/auth.effects.ts
@@ -30,7 +30,7 @@ import {
  RetrieveAuthMethodsAction,
  RetrieveAuthMethodsErrorAction,
  RetrieveAuthMethodsSuccessAction,
-  ShibbLoginAction
+  GetJWTafterShibbLoginAction
 } from './auth.actions';
 import { EPerson } from '../eperson/models/eperson.model';
 import { AuthStatus } from './models/auth-status.model';
@@ -65,7 +65,7 @@ export class AuthEffects {
  @Effect()
  public shibbLogin$: Observable<Action> = this.actions$.pipe(
    ofType(AuthActionTypes.SHIBB_LOGIN),
-    switchMap((action: ShibbLoginAction) => {
+    switchMap((action: GetJWTafterShibbLoginAction) => {
      return this.authService.startShibbAuth().pipe(
        take(1),
        map((response: AuthStatus) => new AuthenticationSuccessAction(response.token)),
--- a/src/app/core/auth/auth.interceptor.ts
+++ b/src/app/core/auth/auth.interceptor.ts
@@ -34,9 +34,6 @@ export class AuthInterceptor implements HttpInterceptor {
  constructor(private inj: Injector, private router: Router, private store: Store<AppState>) {
  }
  private is405AuthResponse(response: HttpResponseBase): boolean {
    return response.status === 405;
  }
  private is302Response(response: HttpResponseBase): boolean {
    return response.status === 302;
@@ -59,7 +56,8 @@ export class AuthInterceptor implements HttpInterceptor {
  }
  private isLoginResponse(http: HttpRequest<any> | HttpResponseBase): boolean {
-    return http.url && http.url.endsWith('/authn/login');
+    return http.url && http.url.endsWith('/authn/login')
    /*|| http.url.endsWith('/shibboleth');*/
  }
  private isLogoutResponse(http: HttpRequest<any> | HttpResponseBase): boolean {
@@ -81,17 +79,27 @@ export class AuthInterceptor implements HttpInterceptor {
    return authStatus;
  }
-  private getSSOLocationfromHeader(header: HttpHeaders): string {
+  private getShibbUrlFromHeader(header: HttpHeaders): string {
-    console.log('HEADER www-authenticate: ', header.get('www-authenticate'));
+    // console.log('HEADER www-authenticate: ', header.get('www-authenticate'));
-    let location = '';
+    let shibbolethUrl = '';
    if (header.get('www-authenticate').startsWith('shibboleth realm')) {
-      const strings = header.get('www-authenticate').split(',');
+      let urlParts: string[] = header.get('www-authenticate').split(',');
-      location = strings[1];
+      let location = urlParts[1];
      let re = /"/g;
      location = location.replace(re, '').trim();
      location = location.replace('location=', '');
-      console.log('This should be the location: ', location);
+      // console.log('location: ', location);
-      return location = location.replace('"', '').trim();
+      urlParts = location.split('?');
      const host = urlParts[1].replace('target=', '');
      console.log('host: ', host);
      shibbolethUrl = host + location + '/shibboleth';
      re = /%3A%2F%2F/g;
      shibbolethUrl = shibbolethUrl.replace(re, '://');
      // console.log('shibbolethUrl: ', shibbolethUrl);
      return shibbolethUrl;
    }
-    return location;
+    return shibbolethUrl;
  }
  intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
@@ -159,11 +167,6 @@ export class AuthInterceptor implements HttpInterceptor {
        // Intercept an error response
        if (error instanceof HttpErrorResponse) {
          // Check for 405
          /*     if (this.is405AuthResponse(error)) {
                 console.log('the caught error is a 405');
               }*/
          // Checks if is a response from a request to an authentication endpoint
          if (this.isAuthRequest(error)) {
            console.log('catchError isAuthRequest=true');
@@ -171,8 +174,8 @@ export class AuthInterceptor implements HttpInterceptor {
            this.refreshTokenRequestUrls = [];
            // console.log('error: ', error);
            let location = '';
-            if (error.headers.get('www-authenticate') != null) {
+            if (error.headers.get('www-authenticate') != null && error.headers.get('www-authenticate').includes('shibboleth realm')) {
-              location = this.getSSOLocationfromHeader(error.headers);
+              location = this.getShibbUrlFromHeader(error.headers);
            }
            // Create a new HttpResponse and return it, so it can be handle properly by AuthService.
            const authResponse = new HttpResponse({
--- a/src/app/core/auth/auth.service.ts
+++ b/src/app/core/auth/auth.service.ts
@@ -231,15 +231,15 @@ export class AuthService {
        if (isNotEmpty(status.ssoLoginUrl)) {
          // url = this.parseSSOLocation(status.ssoLoginUrl);
          // console.log('Parsed SSOLoginUrl: ', url);
-           url = 'https://fis.tiss.tuwien.ac.at/Shibboleth.sso/Login?target=https://fis.tiss.tuwien.ac.at';
+           // url = 'https://fis.tiss.tuwien.ac.at/Shibboleth.sso/Login?target=https://fis.tiss.tuwien.ac.at';
-          // url = status.ssoLoginUrl;
+          url = status.ssoLoginUrl;
        }
        return url;
      })
    )
  }
-  private parseSSOLocation(url: string): string {
+ /* private parseSSOLocation(url: string): string {
    console.log('auth.service parseSSOLocation was called');
    const parseUrl = decodeURIComponent(url);
    // const urlTree: UrlTree = this.router.parseUrl(url);
@@ -252,7 +252,7 @@ export class AuthService {
    // console.log(url);
    const target = `?target=${this.config.auth.target.host}${this.config.auth.target.page}`;
    return parseUrl.replace(/\?target=http.+/g, target);
-  }
+  }*/
  /**
   * Create a new user
--- a/src/app/core/auth/authenticated.guard.ts
+++ b/src/app/core/auth/authenticated.guard.ts
@@ -53,6 +53,7 @@ export class AuthenticatedGuard implements CanActivate, CanLoad {
  }
  private handleAuth(url: string): Observable<boolean> {
    console.log('authenticated.guard.handleAuth() was called with url: ', url);
    // get observable
    const observable = this.store.pipe(select(isAuthenticated));
--- a/src/app/core/auth/models/auth-shibb.model.ts
+++ b/src/app/core/auth/models/auth-shibb.model.ts
@@ -0,0 +1,5 @@
 export class AuthShibbModel {
  host: string;
  target: string;
  startShibSessionUrl: string; // as configured in backend
 }
--- a/src/app/shared/log-in/log-in.component.html
+++ b/src/app/shared/log-in/log-in.component.html
@@ -33,13 +33,13 @@
  </div>
-  <div>
+<!--  <div>
    <br>
    <a class="btn btn-lg btn-primary btn-block mt-2"
       href="https://fis.tiss.tuwien.ac.at/Shibboleth.sso/Login?target=https://fis.tiss.tuwien.ac.at/shibboleth"
       role="button"
    >HardCoded Shibb</a>
-  </div>
+  </div>-->
 <!--    <div >
--- a/src/app/shared/log-in/log-in.component.ts
+++ b/src/app/shared/log-in/log-in.component.ts
@@ -6,7 +6,7 @@ import {select, Store} from '@ngrx/store';
 import {Observable} from 'rxjs';
 import {
  AuthenticateAction,
-  ResetAuthenticationMessagesAction, ShibbLoginAction
+  ResetAuthenticationMessagesAction, GetJWTafterShibbLoginAction
 } from '../../core/auth/auth.actions';
 import {
@@ -234,7 +234,7 @@ export class LogInComponent implements OnDestroy, OnInit {
  dispatchShibbLoginAction() {
    console.log('dispatchShibbLoginAction() was called');
    // const ssoLoginUrl = 'https://fis.tiss.tuwien.ac.at/Shibboleth.sso/Login'
-    this.store.dispatch(new ShibbLoginAction());
+    this.store.dispatch(new GetJWTafterShibbLoginAction());
    // this.store.dispatch(new AuthenticateAction(email, password));
  }