Merge pull request DSpace#3355 from 4Science/task/main/CST-15074

ORCID Login flow for private emails

Author: tdonohue

src/app/app-routes.ts

@@ -263,6 +263,20 @@ export const APP_ROUTES: Route[] = [
           .then((m) => m.ROUTES),
         canActivate: [authenticatedGuard],
       },
+      {
+        path: 'external-login/:token',
+        loadChildren: () => import('./external-login-page/external-login-routes').then((m) => m.ROUTES),
+      },
+      {
+        path: 'review-account/:token',
+        loadChildren: () => import('./external-login-review-account-info-page/external-login-review-account-info-page-routes')
+          .then((m) => m.ROUTES),
+      },
+      {
+        path: 'email-confirmation',
+        loadChildren: () => import('./external-login-email-confirmation-page/external-login-email-confirmation-page-routes')
+          .then((m) => m.ROUTES),
+      },
       { path: '**', pathMatch: 'full', component: ThemedPageNotFoundComponent },
     ],
   },

src/app/app.config.ts

@@ -65,6 +65,7 @@ import {
 import { ClientCookieService } from './core/services/client-cookie.service';
 import { ListableModule } from './core/shared/listable.module';
 import { XsrfInterceptor } from './core/xsrf/xsrf.interceptor';
+import { LOGIN_METHOD_FOR_DECORATOR_MAP } from './external-log-in/decorators/external-log-in.methods-decorator';
 import { RootModule } from './root.module';
 import { AUTH_METHOD_FOR_DECORATOR_MAP } from './shared/log-in/methods/log-in.methods-decorator';
 import { METADATA_REPRESENTATION_COMPONENT_DECORATOR_MAP } from './shared/metadata-representation/metadata-representation.decorator';
@@ -165,6 +166,7 @@ export const commonAppConfig: ApplicationConfig = {
 
 /* Use models object so all decorators are actually called */
 const modelList = models;
+const loginMethodForDecoratorMap = LOGIN_METHOD_FOR_DECORATOR_MAP;
 const workflowTasks = WORKFLOW_TASK_OPTION_DECORATOR_MAP;
 const advancedWorfklowTasks = ADVANCED_WORKFLOW_TASK_OPTION_DECORATOR_MAP;
 const metadataRepresentations = METADATA_REPRESENTATION_COMPONENT_DECORATOR_MAP;

src/app/core/auth/auth-methods.service.spec.ts

@@ -0,0 +1,133 @@
+import { TestBed } from '@angular/core/testing';
+import {
+  Store,
+  StoreModule,
+} from '@ngrx/store';
+import {
+  MockStore,
+  provideMockStore,
+} from '@ngrx/store/testing';
+
+import { storeModuleConfig } from '../../app.reducer';
+import { AuthMethodTypeComponent } from '../../shared/log-in/methods/auth-methods.type';
+import { authReducer } from './auth.reducer';
+import { AuthMethodsService } from './auth-methods.service';
+import { AuthMethod } from './models/auth.method';
+import { AuthMethodType } from './models/auth.method-type';
+
+describe('AuthMethodsService', () => {
+  let service: AuthMethodsService;
+  let store: MockStore;
+  let mockAuthMethods: Map<AuthMethodType, AuthMethodTypeComponent>;
+  let mockAuthMethodsArray: AuthMethod[] = [
+    { id: 'password', authMethodType: AuthMethodType.Password, position: 2 } as AuthMethod,
+    { id: 'shibboleth', authMethodType: AuthMethodType.Shibboleth, position: 1 } as AuthMethod,
+    { id: 'oidc', authMethodType: AuthMethodType.Oidc, position: 3 } as AuthMethod,
+    { id: 'ip', authMethodType: AuthMethodType.Ip, position: 4 } as AuthMethod,
+  ];
+
+  const initialState = {
+    core: {
+      auth: {
+        authMethods: mockAuthMethodsArray,
+      },
+    },
+  };
+
+  beforeEach(() => {
+    TestBed.configureTestingModule({
+      imports: [
+        StoreModule.forRoot(authReducer, storeModuleConfig),
+      ],
+      providers: [
+        AuthMethodsService,
+        provideMockStore({ initialState }),
+      ],
+    });
+
+    service = TestBed.inject(AuthMethodsService);
+    store = TestBed.inject(Store) as MockStore;
+
+    // Setup mock auth methods map
+    mockAuthMethods = new Map<AuthMethodType, AuthMethodTypeComponent>();
+    mockAuthMethods.set(AuthMethodType.Password, {} as AuthMethodTypeComponent);
+    mockAuthMethods.set(AuthMethodType.Shibboleth, {} as AuthMethodTypeComponent);
+    mockAuthMethods.set(AuthMethodType.Oidc, {} as AuthMethodTypeComponent);
+    mockAuthMethods.set(AuthMethodType.Ip, {} as AuthMethodTypeComponent);
+
+  });
+
+  it('should be created', () => {
+    expect(service).toBeTruthy();
+  });
+
+  describe('getAuthMethods', () => {
+    it('should return auth methods sorted by position', () => {
+
+      // Expected result after sorting and filtering IP auth
+      const expected = [
+        { id: 'shibboleth', authMethodType: AuthMethodType.Shibboleth, position: 1 },
+        { id: 'password', authMethodType: AuthMethodType.Password, position: 2 },
+        { id: 'oidc', authMethodType: AuthMethodType.Oidc, position: 3 },
+      ];
+
+      service.getAuthMethods(mockAuthMethods).subscribe(result => {
+        expect(result.length).toBe(3);
+        expect(result).toEqual(expected);
+      });
+    });
+
+    it('should exclude specified auth method type', () => {
+
+      // Expected result after excluding Password auth and filtering IP auth
+      const expected = [
+        { id: 'shibboleth', authMethodType: AuthMethodType.Shibboleth, position: 1 },
+        { id: 'oidc', authMethodType: AuthMethodType.Oidc, position: 3 },
+      ];
+
+
+      service.getAuthMethods(mockAuthMethods, AuthMethodType.Password).subscribe(result => {
+        expect(result.length).toBe(2);
+        expect(result).toEqual(expected);
+      });
+    });
+
+    it('should always filter out IP authentication method', () => {
+
+      // Add IP auth to the mock methods map
+      mockAuthMethods.set(AuthMethodType.Ip, {} as AuthMethodTypeComponent);
+
+
+      service.getAuthMethods(mockAuthMethods).subscribe(result => {
+        expect(result.length).toBe(3);
+        expect(result.find(method => method.authMethodType === AuthMethodType.Ip)).toBeUndefined();
+      });
+    });
+
+    it('should handle empty auth methods array', () => {
+      const authMethods = new Map<AuthMethodType, AuthMethodTypeComponent>();
+
+
+      service.getAuthMethods(authMethods).subscribe(result => {
+        expect(result.length).toBe(0);
+        expect(result).toEqual([]);
+      });
+    });
+
+    it('should handle duplicate auth method types and keep only unique ones', () => {
+      // Arrange
+      const duplicateMethodsArray = [
+        ...mockAuthMethodsArray,
+        { id: 'password2', authMethodType: AuthMethodType.Password, position: 5 } as AuthMethod,
+      ];
+
+
+      service.getAuthMethods(mockAuthMethods).subscribe(result => {
+        expect(result.length).toBe(3);
+        // Check that we only have one Password auth method
+        const passwordMethods = result.filter(method => method.authMethodType === AuthMethodType.Password);
+        expect(passwordMethods.length).toBe(1);
+      });
+    });
+  });
+});

src/app/core/auth/auth-methods.service.ts

@@ -0,0 +1,51 @@
+import { Injectable } from '@angular/core';
+import {
+  select,
+  Store,
+} from '@ngrx/store';
+import uniqBy from 'lodash/uniqBy';
+import { Observable } from 'rxjs';
+import { map } from 'rxjs/operators';
+
+import { AppState } from '../../app.reducer';
+import { AuthMethodTypeComponent } from '../../shared/log-in/methods/auth-methods.type';
+import { rendersAuthMethodType } from '../../shared/log-in/methods/log-in.methods-decorator.utils';
+import { AuthMethod } from './models/auth.method';
+import { AuthMethodType } from './models/auth.method-type';
+import { getAuthenticationMethods } from './selectors';
+
+@Injectable({
+  providedIn: 'root',
+})
+/**
+ * Service responsible for managing and filtering authentication methods.
+ * Provides methods to retrieve and process authentication methods from the application store.
+ */
+export class AuthMethodsService {
+  constructor(protected store: Store<AppState>) {
+  }
+
+  /**
+   * Retrieves and processes authentication methods from the store.
+   *
+   * @param authMethods A map of authentication method types to their corresponding components
+   * @param excludedAuthMethod Optional authentication method type to exclude from the results
+   * @returns An Observable of filtered and sorted authentication methods
+   */
+  public getAuthMethods(
+    authMethods: Map<AuthMethodType, AuthMethodTypeComponent>,
+    excludedAuthMethod?: AuthMethodType,
+  ): Observable<AuthMethod[]> {
+    return this.store.pipe(
+      select(getAuthenticationMethods),
+      map((methods: AuthMethod[]) => methods
+        // ignore the given auth method if it should be excluded
+        .filter((authMethod: AuthMethod) => excludedAuthMethod == null || authMethod.authMethodType !== excludedAuthMethod)
+        .filter((authMethod: AuthMethod) => rendersAuthMethodType(authMethods, authMethod.authMethodType) !== undefined)
+        .sort((method1: AuthMethod, method2: AuthMethod) => method1.position - method2.position),
+      ),
+      // ignore the ip authentication method when it's returned by the backend
+      map((methods: AuthMethod[]) => uniqBy(methods.filter(a => a.authMethodType !== AuthMethodType.Ip), 'authMethodType')),
+    );
+  }
+}

src/app/core/auth/auth-request.service.ts

@@ -139,4 +139,5 @@ export abstract class AuthRequestService {
       }),
     );
   }
+
 }

src/app/core/auth/auth.service.ts

@@ -62,6 +62,7 @@ import {
   getFirstCompletedRemoteData,
 } from '../shared/operators';
 import { PageInfo } from '../shared/page-info.model';
+import { URLCombiner } from '../url-combiner/url-combiner';
 import {
   CheckAuthenticationTokenAction,
   RefreshTokenAction,
@@ -278,7 +279,7 @@ export class AuthService {
         if (status.hasSucceeded) {
           return status.payload.specialGroups;
         } else {
-          return createSuccessfulRemoteDataObject$(buildPaginatedList(new PageInfo(),[]));
+          return createSuccessfulRemoteDataObject$(buildPaginatedList(new PageInfo(), []));
         }
       }),
     );
@@ -579,6 +580,31 @@ export class AuthService {
       });
   }
 
+  /**
+   * Returns the external server redirect URL.
+   * @param origin - The origin route.
+   * @param redirectRoute - The redirect route.
+   * @param location - The location.
+   * @returns The external server redirect URL.
+   */
+  getExternalServerRedirectUrl(origin: string, redirectRoute: string, location: string): string {
+    const correctRedirectUrl = new URLCombiner(origin, redirectRoute).toString();
+
+    let externalServerUrl = location;
+    const myRegexp = /\?redirectUrl=(.*)/g;
+    const match = myRegexp.exec(location);
+    const redirectUrlFromServer = (match && match[1]) ? match[1] : null;
+
+    // Check whether the current page is different from the redirect url received from rest
+    if (isNotNull(redirectUrlFromServer) && redirectUrlFromServer !== correctRedirectUrl) {
+      // change the redirect url with the current page url
+      const newRedirectUrl = `?redirectUrl=${correctRedirectUrl}`;
+      externalServerUrl = location.replace(/\?redirectUrl=(.*)/g, newRedirectUrl);
+    }
+
+    return externalServerUrl;
+  }
+
   /**
    * Clear redirect url
    */
@@ -663,5 +689,4 @@ export class AuthService {
       this.store.dispatch(new UnsetUserAsIdleAction());
     }
   }
-
 }

src/app/core/auth/models/auth.method-type.ts

@@ -6,5 +6,5 @@ export enum AuthMethodType {
   X509 = 'x509',
   Oidc = 'oidc',
   Orcid = 'orcid',
-  Saml = 'saml'
+  Saml = 'saml',
 }

src/app/core/auth/models/auth.registration-type.ts

@@ -0,0 +1,4 @@
+export enum AuthRegistrationType {
+  Orcid = 'ORCID',
+  Validation = 'VALIDATION_',
+}

src/app/core/data/eperson-registration.service.spec.ts

@@ -105,7 +105,7 @@ describe('EpersonRegistrationService', () => {
 
   describe('searchByToken', () => {
     it('should return a registration corresponding to the provided token', () => {
-      const expected = service.searchByToken('test-token');
+      const expected = service.searchByTokenAndUpdateData('test-token');
 
       expect(expected).toBeObservable(cold('(a|)', {
         a: jasmine.objectContaining({
@@ -123,7 +123,7 @@ describe('EpersonRegistrationService', () => {
       testScheduler.run(({ cold, expectObservable }) => {
         rdbService.buildSingle.and.returnValue(cold('a', { a: rd }));
 
-        service.searchByToken('test-token');
+        service.searchByTokenAndUpdateData('test-token');
 
         expect(requestService.send).toHaveBeenCalledWith(
           jasmine.objectContaining({