Merge pull request #286 from netgrif/NAE-2118

[NAE-2118] Implement OpenID Connector Auth for Admin node

Author: machacjozef

nae.json

@@ -4,7 +4,7 @@
     "providers": {
         "auth": {
             "address": "http://localhost:8080/api/",
-            "authentication": "Basic",
+            "authentication": "BasicWithRealm",
             "endpoints": {
                 "login": "auth/login",
                 "logout": "auth/logout",
@@ -14,12 +14,19 @@
                 "verify": "auth/token/verify",
                 "invite": "auth/invite",
                 "reset": "auth/reset",
-                "recover": "/auth/recover"
+                "recover": "auth/recover"
             },
             "sessionBearer": "X-Auth-Token",
             "sessionTimeoutEnabled": false,
             "sessionTimeout": 900,
-            "jwtBearer": "X-Jwt-Token"
+            "jwtBearer": "X-Jwt-Token",
+            "sso": {
+                "enable": false,
+                "clientId": "dev-cluster-worker",
+                "redirectUrl": "http://localhost:8081/realms/netgrif-cloud-testing/protocol/openid-connect/auth",
+                "refreshUrl": "http://localhost:8800/api/auth/login",
+                "scopes": ["openid","email","profile","roles"]
+            }
         },
         "resources": [
             {

projects/netgrif-components-core/src/assets/i18n/de.json

@@ -313,6 +313,7 @@
             "login": "Benutzername",
             "wrongCredentials": "Falsche Anmeldeinformationen!",
             "loginButton": "Anmelden",
+            "ssoButton": "SSO-Anmeldung",
             "reset": "Kennwort wiederherstellen",
             "sign": "Registrieren",
             "enterPass": "Ihre Kennwort eingeben"

projects/netgrif-components-core/src/assets/i18n/en.json

@@ -313,6 +313,7 @@
             "login": "Username",
             "wrongCredentials": "Wrong credentials!",
             "loginButton": "Log in",
+            "ssoButton": "Log with SSO",
             "reset": "Reset password",
             "sign": "Sign Up",
             "enterPass": "Enter your password"

projects/netgrif-components-core/src/assets/i18n/sk.json

@@ -313,6 +313,7 @@
             "login": "Prihlasovacie meno",
             "wrongCredentials": "Nesprávne prihlasovacie údaje!",
             "loginButton": "Prihlásiť",
+            "ssoButton": "Prihlásiť sa pomocou SSO",
             "reset": "Obnova hesla",
             "sign": "Registrovať",
             "enterPass": "Zadajte svoje heslo"

projects/netgrif-components-core/src/commons/schema.ts

@@ -46,10 +46,19 @@ export interface Auth {
     authentication: string;
     sessionBearer?: string;
     endpoints?: string | { [k: string]: string };
+    sso?: Sso;
 
     [k: string]: any;
 }
 
+export interface Sso {
+    enable: boolean;
+    redirectUrl: string;
+    refreshUrl: string;
+    clientId: string;
+    scopes: Array<string>;
+}
+
 export interface Resource {
     name: string;
     address: string;

projects/netgrif-components-core/src/lib/forms/login/abstract-login-form.component.spec.ts

@@ -70,7 +70,7 @@ describe('AbstractLoginFormComponent', () => {
     template: ''
 })
 class TestLoginFormComponent extends AbstractLoginFormComponent {
-    constructor(formBuilder: FormBuilder, protected _userService: UserService) {
-        super(formBuilder, _userService);
+    constructor(formBuilder: FormBuilder, protected _userService: UserService, protected _configService: ConfigurationService) {
+        super(formBuilder, _userService, _configService);
     }
 }

projects/netgrif-components-core/src/lib/forms/login/abstract-login-form.component.ts

@@ -5,6 +5,8 @@ import {UserService} from '../../user/services/user.service';
 import {User} from '../../user/models/user';
 import {LoadingEmitter} from '../../utility/loading-emitter';
 import {take} from 'rxjs/operators';
+import {ConfigurationService} from "../../configuration/configuration.service";
+import {Sso} from "../../../commons/schema";
 
 @Component({
     selector: 'ncc-abstract-login-field',
@@ -15,6 +17,7 @@ export abstract class AbstractLoginFormComponent implements HasForm, OnDestroy {
     public rootFormGroup: FormGroup;
     public hidePassword = true;
     public loading: LoadingEmitter;
+    protected showSsoButton: boolean;
 
     @Input() public showSignUpButton: boolean;
     @Input() public showForgottenPasswordButton: boolean;
@@ -23,7 +26,7 @@ export abstract class AbstractLoginFormComponent implements HasForm, OnDestroy {
     @Output() public signUp: EventEmitter<void>;
     @Output() public formSubmit: EventEmitter<FormSubmitEvent>;
 
-    protected constructor(formBuilder: FormBuilder, protected _userService: UserService) {
+    protected constructor(formBuilder: FormBuilder, protected _userService: UserService, protected _config: ConfigurationService) {
         this.rootFormGroup = formBuilder.group({
             login: [''],
             password: ['']
@@ -33,6 +36,8 @@ export abstract class AbstractLoginFormComponent implements HasForm, OnDestroy {
         this.signUp = new EventEmitter<void>();
         this.formSubmit = new EventEmitter<FormSubmitEvent>();
         this.loading = new LoadingEmitter();
+        let ssoConfig: Sso = this._config.getConfigurationSubtree(['providers', 'auth', 'sso'])
+        this.showSsoButton = ssoConfig?.enable
     }
 
     ngOnDestroy(): void {

projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.spec.ts

@@ -0,0 +1 @@
+// todo 2118

projects/netgrif-components-core/src/lib/forms/login/login-sso/abstract-login-sso.component.ts

@@ -0,0 +1,108 @@
+import {Component, OnDestroy} from "@angular/core";
+import {ActivatedRoute, Params, Router} from "@angular/router";
+import {Observable, throwError} from "rxjs";
+import {catchError} from "rxjs/operators";
+import {HttpClient} from "@angular/common/http";
+import {ConfigurationService} from "../../../configuration/configuration.service";
+import {LoggerService} from '../../../logger/services/logger.service';
+import {LoadingEmitter} from '../../../utility/loading-emitter';
+import {SnackBarService} from "../../../snack-bar/services/snack-bar.service";
+import {Sso} from "../../../../commons/schema";
+import {TranslateService} from "@ngx-translate/core";
+
+
+@Component({
+    selector: 'ncc-abstract-login-field',
+    template: ''
+})
+export abstract class AbstractLoginSsoComponent implements OnDestroy {
+
+    protected _ssoConfig: Sso;
+    protected loading: LoadingEmitter;
+
+    protected constructor(
+        protected _config: ConfigurationService,
+        protected _http: HttpClient,
+        protected _snackbar: SnackBarService,
+        protected _log: LoggerService,
+        protected _router: Router,
+        protected _activeRouter: ActivatedRoute,
+        protected _translate: TranslateService
+    ) {
+        this._ssoConfig = this._config.getConfigurationSubtree(['providers', 'auth', 'sso']);
+        this.loading = new LoadingEmitter();
+        this._activeRouter.queryParams.subscribe((params) => {
+            if (!!params.code) {
+                this.loginFromCode(params);
+            }
+        });
+    }
+
+    ngOnDestroy(): void {
+        this.loading.complete();
+    }
+
+    public redirectToSso(): void {
+        let redirectUrl: string = this.getRedirectUrl();
+        this._log.info("Redirecting to " + redirectUrl)
+        window.location.href = redirectUrl;
+    }
+
+    public loginFromCode(params: Params) {
+        if (!params.code) {
+            return;
+        }
+
+        this.loading.on();
+        this._log.debug('Handling access token: ' + params.code)
+        const token$ = this.getToken({
+            grantType: 'authorization_code',
+            code: params.code,
+            realmId: '', // todo send realm id
+            redirectUri: location.origin + '/' + this._config.getConfigurationSubtree(['services', 'auth', 'toLoginRedirect']),
+        });
+        token$.subscribe(
+            token => {
+                this.loading.off();
+                if (!!token) {
+                    this.redirectToHome();
+                }
+            },
+        );
+    }
+
+    protected getRedirectUrl(): string {
+        const myQuery = this._ssoConfig.redirectUrl + '?';
+        const options: { [index: string]: string } = {
+            client_id: this._ssoConfig.clientId,
+            redirect_uri: location.origin + '/' + this._config.getConfigurationSubtree(['services', 'auth', 'toLoginRedirect']),
+            response_type: 'code',
+            scope: this._ssoConfig.scopes.join(' '),
+        };
+        return myQuery + Object.keys(options).map(
+            key => {
+                return encodeURIComponent(key) + '=' + encodeURIComponent(options[key]);
+            },
+        ).join('&');
+    }
+
+    protected getToken(body: any): Observable<any> {
+        const url = this._ssoConfig.refreshUrl;
+        if (!url) {
+            return throwError(() => new Error('Refresh URL is not defined in the config [nae.providers.auth.sso.refreshUrl]'));
+        }
+        return this._http.post(url, body,
+            {headers: {'Content-Type': 'application/json'}}).pipe(
+            catchError(error => {
+                this.loading.off();
+                this._snackbar.openErrorSnackBar(this._translate.instant('forms.login.wrongCredentials'));
+                return throwError(() => error);
+            }),
+        );
+    }
+
+    protected redirectToHome() {
+        this._router.navigate(['/' + this._config.getConfigurationSubtree(['services', 'auth', 'onLoginRedirect'])])
+            .then((value) => { this._log.debug('Routed to ' + value); });
+    }
+}

projects/netgrif-components-core/src/lib/forms/public-api.ts

@@ -1,5 +1,6 @@
 export * from './email-submission/abstract-email-submission-form.component';
 export * from './login/abstract-login-form.component';
+export * from './login/login-sso/abstract-login-sso.component';
 export * from './registration/abstract-registration-form.component';
 export * from './forgotten-password/abstract-forgotten-password.component';
 export * from './models/abstract-registration.component';