hazza/dspace-angular
1
0
Fork 1
mirror of https://github.com/DSpace/dspace-angular.git synced 2025-10-07 01:54:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
88ffc378941934e16642cb90276cb997ba5d8e8b
dspace-angular/src/app/core/auth/auth.service.ts
Yura Bondarenko 99c41b9e80 87968: Minor code changes to pass lint
2022-04-08 17:57:16 +02:00

596 lines
18 KiB
TypeScript
Raw Blame History

import { Inject, Injectable, Optional } from '@angular/core';
import { Router } from '@angular/router';
import { HttpHeaders } from '@angular/common/http';
import { REQUEST, RESPONSE } from '@nguniversal/express-engine/tokens';
import { Observable, of as observableOf } from 'rxjs';
import { map, startWith, switchMap, take } from 'rxjs/operators';
import { select, Store } from '@ngrx/store';
import { CookieAttributes } from 'js-cookie';
import { EPerson } from '../eperson/models/eperson.model';
import { AuthRequestService } from './auth-request.service';
import { HttpOptions } from '../dspace-rest/dspace-rest.service';
import { AuthStatus } from './models/auth-status.model';
import { AuthTokenInfo, TOKENITEM } from './models/auth-token-info.model';
import {
hasNoValue,
hasValue,
hasValueOperator,
isEmpty,
isNotEmpty,
isNotNull,
isNotUndefined
} from '../../shared/empty.util';
import { CookieService } from '../services/cookie.service';
import {
getAuthenticatedUserId,
getAuthenticationToken,
getRedirectUrl,
isAuthenticated,
isAuthenticatedLoaded,
isIdle,
isTokenRefreshing
} from './selectors';
import { AppState } from '../../app.reducer';
import {
CheckAuthenticationTokenAction,
RefreshTokenAction,
ResetAuthenticationMessagesAction,
SetRedirectUrlAction,
SetUserAsIdleAction,
UnsetUserAsIdleAction
} from './auth.actions';
import { NativeWindowRef, NativeWindowService } from '../services/window.service';
import { RouteService } from '../services/route.service';
import { EPersonDataService } from '../eperson/eperson-data.service';
import { getAllSucceededRemoteDataPayload } from '../shared/operators';
import { AuthMethod } from './models/auth.method';
import { HardRedirectService } from '../services/hard-redirect.service';
import { RemoteData } from '../data/remote-data';
import { environment } from '../../../environments/environment';
import { NotificationsService } from '../../shared/notifications/notifications.service';
import { TranslateService } from '@ngx-translate/core';
export const LOGIN_ROUTE = '/login';
export const LOGOUT_ROUTE = '/logout';
export const REDIRECT_COOKIE = 'dsRedirectUrl';
export const IMPERSONATING_COOKIE = 'dsImpersonatingEPerson';
/**
* The auth service.
*/
@Injectable()
export class AuthService {
/**
* True if authenticated
* @type boolean
*/
protected _authenticated: boolean;
/**
* Timer to track time until token refresh
*/
private tokenRefreshTimer;
constructor(@Inject(REQUEST) protected req: any,
@Inject(NativeWindowService) protected _window: NativeWindowRef,
@Optional() @Inject(RESPONSE) private response: any,
protected authRequestService: AuthRequestService,
protected epersonService: EPersonDataService,
protected router: Router,
protected routeService: RouteService,
protected storage: CookieService,
protected store: Store<AppState>,
protected hardRedirectService: HardRedirectService,
private notificationService: NotificationsService,
private translateService: TranslateService
) {
this.store.pipe(
select(isAuthenticated),
startWith(false)
).subscribe((authenticated: boolean) => this._authenticated = authenticated);
}
/**
* Authenticate the user
*
* @param {string} user The user name
* @param {string} password The user's password
* @returns {Observable<User>} The authenticated user observable.
*/
public authenticate(user: string, password: string): Observable<AuthStatus> {
// Attempt authenticating the user using the supplied credentials.
const body = (`password=${encodeURIComponent(password)}&user=${encodeURIComponent(user)}`);
const options: HttpOptions = Object.create({});
let headers = new HttpHeaders();
headers = headers.append('Content-Type', 'application/x-www-form-urlencoded');
options.headers = headers;
return this.authRequestService.postToEndpoint('login', body, options).pipe(
map((rd: RemoteData<AuthStatus>) => {
if (hasValue(rd.payload) && rd.payload.authenticated) {
return rd.payload;
} else {
throw (new Error('Invalid email or password'));
}
}));
}
/**
* Checks if token is present into the request cookie
*/
public checkAuthenticationCookie(): Observable<AuthStatus> {
// Determine if the user has an existing auth session on the server
const options: HttpOptions = Object.create({});
let headers = new HttpHeaders();
headers = headers.append('Accept', 'application/json');
options.headers = headers;
options.withCredentials = true;
return this.authRequestService.getRequest('status', options).pipe(
map((rd: RemoteData<AuthStatus>) => Object.assign(new AuthStatus(), rd.payload))
);
}
/**
* Determines if the user is authenticated
* @returns {Observable<boolean>}
*/
public isAuthenticated(): Observable<boolean> {
return this.store.pipe(select(isAuthenticated));
}
/**
* Determines if authentication is loaded
* @returns {Observable<boolean>}
*/
public isAuthenticationLoaded(): Observable<boolean> {
return this.store.pipe(select(isAuthenticatedLoaded));
}
/**
* Returns the href link to authenticated user
* @returns {string}
*/
public authenticatedUser(token: AuthTokenInfo): Observable<string> {
// Determine if the user has an existing auth session on the server
const options: HttpOptions = Object.create({});
let headers = new HttpHeaders();
headers = headers.append('Accept', 'application/json');
headers = headers.append('Authorization', `Bearer ${token.accessToken}`);
options.headers = headers;
return this.authRequestService.getRequest('status', options).pipe(
map((rd: RemoteData<AuthStatus>) => {
const status = rd.payload;
if (hasValue(status) && status.authenticated) {
return status._links.eperson.href;
} else {
throw (new Error('Not authenticated'));
}
}));
}
/**
* Returns the authenticated user by href
* @returns {User}
*/
public retrieveAuthenticatedUserByHref(userHref: string): Observable<EPerson> {
return this.epersonService.findByHref(userHref).pipe(
getAllSucceededRemoteDataPayload()
);
}
/**
* Returns the authenticated user by id
* @returns {User}
*/
public retrieveAuthenticatedUserById(userId: string): Observable<EPerson> {
return this.epersonService.findById(userId).pipe(
getAllSucceededRemoteDataPayload()
);
}
/**
* Returns the authenticated user from the store
* @returns {User}
*/
public getAuthenticatedUserFromStore(): Observable<EPerson> {
return this.store.pipe(
select(getAuthenticatedUserId),
hasValueOperator(),
switchMap((id: string) => this.epersonService.findById(id)),
getAllSucceededRemoteDataPayload()
);
}
/**
* Checks if token is present into browser storage and is valid.
*/
public checkAuthenticationToken() {
this.store.dispatch(new CheckAuthenticationTokenAction());
}
/**
* Checks if token is present into storage and is not expired
*/
public hasValidAuthenticationToken(): Observable<AuthTokenInfo> {
return this.store.pipe(
select(getAuthenticationToken),
take(1),
map((authTokenInfo: AuthTokenInfo) => {
let token: AuthTokenInfo;
// Retrieve authentication token info and check if is valid
token = isNotEmpty(authTokenInfo) ? authTokenInfo : this.storage.get(TOKENITEM);
if (isNotEmpty(token) && token.hasOwnProperty('accessToken') && isNotEmpty(token.accessToken) && !this.isTokenExpired(token)) {
return token;
} else {
throw false;
}
})
);
}
/**
* Checks if token is present into storage
*/
public refreshAuthenticationToken(token: AuthTokenInfo): Observable<AuthTokenInfo> {
const options: HttpOptions = Object.create({});
let headers = new HttpHeaders();
headers = headers.append('Accept', 'application/json');
if (token && token.accessToken) {
headers = headers.append('Authorization', `Bearer ${token.accessToken}`);
}
options.headers = headers;
options.withCredentials = true;
return this.authRequestService.postToEndpoint('login', {}, options).pipe(
map((rd: RemoteData<AuthStatus>) => {
const status = rd.payload;
if (hasValue(status) && status.authenticated) {
return status.token;
} else {
throw (new Error('Not authenticated'));
}
}));
}
/**
* Clear authentication errors
*/
public resetAuthenticationError(): void {
this.store.dispatch(new ResetAuthenticationMessagesAction());
}
/**
* Retrieve authentication methods available
* @returns {User}
*/
public retrieveAuthMethodsFromAuthStatus(status: AuthStatus): Observable<AuthMethod[]> {
let authMethods: AuthMethod[] = [];
if (isNotEmpty(status.authMethods)) {
authMethods = status.authMethods;
}
return observableOf(authMethods);
}
/**
* End session
* @returns {Observable<boolean>}
*/
public logout(): Observable<boolean> {
// Send a request that sign end the session
let headers = new HttpHeaders();
headers = headers.append('Content-Type', 'application/x-www-form-urlencoded');
const options: HttpOptions = Object.create({ headers, responseType: 'text' });
return this.authRequestService.postToEndpoint('logout', options).pipe(
map((rd: RemoteData<AuthStatus>) => {
const status = rd.payload;
if (hasValue(status) && !status.authenticated) {
return true;
} else {
throw (new Error('auth.errors.invalid-user'));
}
}));
}
/**
* Retrieve authentication token info and make authorization header
* @returns {string}
*/
public buildAuthHeader(token?: AuthTokenInfo): string {
if (isEmpty(token)) {
token = this.getToken();
}
return (this._authenticated && isNotNull(token)) ? `Bearer ${token.accessToken}` : '';
}
/**
* Get authentication token info
* @returns {AuthTokenInfo}
*/
public getToken(): AuthTokenInfo {
let token: AuthTokenInfo;
this.store.pipe(take(1), select(getAuthenticationToken))
.subscribe((authTokenInfo: AuthTokenInfo) => {
// Retrieve authentication token info and check if is valid
token = authTokenInfo || null;
});
return token;
}
/**
* Method that checks when the session token from store expires and refreshes it when needed
*/
public trackTokenExpiration(): void {
let token: AuthTokenInfo;
let currentlyRefreshingToken = false;
this.store.pipe(select(getAuthenticationToken)).subscribe((authTokenInfo: AuthTokenInfo) => {
// If new token is undefined an it wasn't previously => Refresh failed
if (currentlyRefreshingToken && token !== undefined && authTokenInfo === undefined) {
// Token refresh failed => Error notification => 10 second wait => Page reloads & user logged out
this.notificationService.error(this.translateService.get('auth.messages.token-refresh-failed'));
setTimeout(() => this.navigateToRedirectUrl(this.hardRedirectService.getCurrentRoute()), 10000);
currentlyRefreshingToken = false;
}
// If new token.expires is different => Refresh succeeded
if (currentlyRefreshingToken && authTokenInfo !== undefined && token.expires !== authTokenInfo.expires) {
currentlyRefreshingToken = false;
}
// Check if/when token needs to be refreshed
if (!currentlyRefreshingToken) {
token = authTokenInfo || null;
if (token !== undefined && token !== null) {
let timeLeftBeforeRefresh = token.expires - new Date().getTime() - environment.auth.rest.timeLeftBeforeTokenRefresh;
if (timeLeftBeforeRefresh < 0) {
timeLeftBeforeRefresh = 0;
}
if (hasValue(this.tokenRefreshTimer)) {
clearTimeout(this.tokenRefreshTimer);
}
this.tokenRefreshTimer = setTimeout(() => {
this.store.dispatch(new RefreshTokenAction(token));
currentlyRefreshingToken = true;
}, timeLeftBeforeRefresh);
}
}
});
}
/**
* Check if a token is next to be expired
* @returns {boolean}
*/
public isTokenExpiring(): Observable<boolean> {
return this.store.pipe(
select(isTokenRefreshing),
take(1),
map((isRefreshing: boolean) => {
if (this.isTokenExpired() || isRefreshing) {
return false;
} else {
const token = this.getToken();
return token.expires - (60 * 5 * 1000) < Date.now();
}
})
);
}
/**
* Check if a token is expired
* @returns {boolean}
*/
public isTokenExpired(token?: AuthTokenInfo): boolean {
token = token || this.getToken();
return token && token.expires < Date.now();
}
/**
* Save authentication token info
*
* @param {AuthTokenInfo} token The token to save
* @returns {AuthTokenInfo}
*/
public storeToken(token: AuthTokenInfo) {
// Add 1 day to the current date
const expireDate = Date.now() + (1000 * 60 * 60 * 24);
// Set the cookie expire date
const expires = new Date(expireDate);
const options: CookieAttributes = {expires: expires};
// Save cookie with the token
return this.storage.set(TOKENITEM, token, options);
}
/**
* Remove authentication token info
*/
public removeToken() {
return this.storage.remove(TOKENITEM);
}
/**
* Replace authentication token info with a new one
*/
public replaceToken(token: AuthTokenInfo) {
this.removeToken();
return this.storeToken(token);
}
/**
* Redirect to the login route
*/
public redirectToLogin() {
this.router.navigate([LOGIN_ROUTE]);
}
/**
* Redirect to the login route when token has expired
*/
public redirectToLoginWhenTokenExpired() {
const redirectUrl = LOGIN_ROUTE + '?expired=true';
if (this._window.nativeWindow.location) {
// Hard redirect to login page, so that all state is definitely lost
this._window.nativeWindow.location.href = redirectUrl;
} else if (this.response) {
if (!this.response._headerSent) {
this.response.redirect(302, redirectUrl);
}
} else {
this.router.navigateByUrl(redirectUrl);
}
}
/**
* Perform a hard redirect to the URL
* @param redirectUrl
*/
public navigateToRedirectUrl(redirectUrl: string) {
// Don't do redirect if already on reload url
if (!hasValue(redirectUrl) || !redirectUrl.includes('/reload/')) {
let url = `/reload/${new Date().getTime()}`;
if (isNotEmpty(redirectUrl) && !redirectUrl.startsWith(LOGIN_ROUTE)) {
url += `?redirect=${encodeURIComponent(redirectUrl)}`;
}
this.hardRedirectService.redirect(url);
}
}
/**
* Refresh route navigated
*/
public refreshAfterLogout() {
this.navigateToRedirectUrl(undefined);
}
/**
* Get redirect url
*/
getRedirectUrl(): Observable<string> {
return this.store.pipe(
select(getRedirectUrl),
map((urlFromStore: string) => {
if (hasValue(urlFromStore)) {
return urlFromStore;
} else {
return this.storage.get(REDIRECT_COOKIE);
}
})
);
}
/**
* Set redirect url
*/
setRedirectUrl(url: string) {
// Add 1 hour to the current date
const expireDate = Date.now() + (1000 * 60 * 60);
// Set the cookie expire date
const expires = new Date(expireDate);
const options: CookieAttributes = {expires: expires};
this.storage.set(REDIRECT_COOKIE, url, options);
this.store.dispatch(new SetRedirectUrlAction(isNotUndefined(url) ? url : ''));
}
/**
* Set the redirect url if the current one has not been set yet
* @param newRedirectUrl
*/
setRedirectUrlIfNotSet(newRedirectUrl: string) {
this.getRedirectUrl().pipe(
take(1))
.subscribe((currentRedirectUrl) => {
if (hasNoValue(currentRedirectUrl)) {
this.setRedirectUrl(newRedirectUrl);
}
});
}
/**
* Clear redirect url
*/
clearRedirectUrl() {
this.store.dispatch(new SetRedirectUrlAction(undefined));
this.storage.remove(REDIRECT_COOKIE);
}
/**
* Start impersonating EPerson
* @param epersonId ID of the EPerson to impersonate
*/
impersonate(epersonId: string) {
this.storage.set(IMPERSONATING_COOKIE, epersonId);
this.refreshAfterLogout();
}
/**
* Stop impersonating EPerson
*/
stopImpersonating() {
this.storage.remove(IMPERSONATING_COOKIE);
}
/**
* Stop impersonating EPerson and refresh the store/ui
*/
stopImpersonatingAndRefresh() {
this.stopImpersonating();
this.refreshAfterLogout();
}
/**
* Get the ID of the EPerson we're currently impersonating
* Returns undefined if we're not impersonating anyone
*/
getImpersonateID(): string {
return this.storage.get(IMPERSONATING_COOKIE);
}
/**
* Whether or not we are currently impersonating an EPerson
*/
isImpersonating(): boolean {
return hasValue(this.getImpersonateID());
}
/**
* Whether or not we are currently impersonating a specific EPerson
* @param epersonId ID of the EPerson to check
*/
isImpersonatingUser(epersonId: string): boolean {
return this.getImpersonateID() === epersonId;
}
/**
* Get a short-lived token for appending to download urls of restricted files
* Returns null if the user isn't authenticated
*/
getShortlivedToken(): Observable<string> {
return this.isAuthenticated().pipe(
switchMap((authenticated) => authenticated ? this.authRequestService.getShortlivedToken() : observableOf(null))
);
}
/**
* Determines if current user is idle
* @returns {Observable<boolean>}
*/
public isUserIdle(): Observable<boolean> {
return this.store.pipe(select(isIdle));
}
/**
* Set idle of auth state
* @returns {Observable<boolean>}
*/
public setIdle(idle: boolean): void {
if (idle) {
this.store.dispatch(new SetUserAsIdleAction());
} else {
this.store.dispatch(new UnsetUserAsIdleAction());
}
}
}
Reference in New Issue View Git Blame Copy Permalink