Merged in task/dspace-cris-2023_02_x/DSC-2401 (pull request DSpace#3347)

[DSC-2401] add options to disable the standard login

Approved-by: Giuseppe Digilio

Author: Andrea Barbasso

config/config.example.yml

@@ -132,6 +132,8 @@ auth:
     # If the rest token expires in less than this amount of time, it will be refreshed automatically.
     # This is independent from the idle warning.
     timeLeftBeforeTokenRefresh: 120000 # 2 minutes
+  # Standard login enabled
+  disableStandardLogin: false
 
 # Form settings
 form:

src/app/app-routing.module.ts

@@ -45,6 +45,7 @@ import { ThemedPageErrorComponent } from './page-error/themed-page-error.compone
 import { ForgotPasswordCheckGuard } from './core/rest-property/forgot-password-check-guard.guard';
 import { SUGGESTION_MODULE_PATH } from './suggestions-page/suggestions-page-routing-paths';
 import { RedirectService } from './redirect/redirect.service';
+import { environment } from '../environments/environment';
 import {
   GenericAdministratorGuard
 } from './core/data/feature-authorization/feature-authorization-guard/generic-administrator-guard';
@@ -177,10 +178,20 @@ import {
               .then((m) => m.AdminModule),
             canActivate: [GenericAdministratorGuard, EndUserAgreementCurrentUserGuard]
           },
+          {
+            path: 'standard-login',
+            loadChildren: () => import('./login-page/login-page.module').then((m) => m.LoginPageModule),
+            data: {
+              isBackDoor: true,
+            },
+          },
           {
             path: 'login',
-            loadChildren: () => import('./login-page/login-page.module')
-              .then((m) => m.LoginPageModule)
+            loadChildren: () => import('./login-page/login-page.module').then((m) => m.LoginPageModule),
+            data: {
+              isBackDoor: false,
+            },
+            canMatch: [() => !environment.auth.disableStandardLogin],
           },
           {
             path: 'external-login/:token',

src/app/shared/log-in/log-in.component.spec.ts

@@ -23,6 +23,7 @@ import { AuthorizationDataService } from '../../core/data/feature-authorization/
 import { of } from 'rxjs';
 import { ThemeService } from '../theme-support/theme.service';
 import { getMockThemeService } from '../mocks/theme-service.mock';
+import { AuthMethodType } from 'src/app/core/auth/models/auth.method-type';
 
 describe('LogInComponent', () => {
 
@@ -129,6 +130,59 @@ describe('LogInComponent', () => {
       expect(loginContainers.length).toBe(2);
 
     });
+
+    it('returns only password method when backdoor is enabled', () => {
+      const authMethods = [
+        { authMethodType: AuthMethodType.Password, position: 1 },
+        { authMethodType: AuthMethodType.Ip, position: 2 },
+        { authMethodType: AuthMethodType.Shibboleth, position: 3 },
+      ];
+      const isBackdoor = true;
+      component.excludedAuthMethod = undefined;
+      const result = component.filterAndSortAuthMethods(authMethods, isBackdoor);
+      expect(result).toEqual([{ authMethodType: AuthMethodType.Password, position: 1 }]);
+    });
+
+    it('excludes password method when standard login is disabled', () => {
+      const authMethods = [
+        { authMethodType: AuthMethodType.Password, position: 1 },
+        { authMethodType: AuthMethodType.Shibboleth, position: 2 },
+      ];
+      component.excludedAuthMethod = undefined;
+      const result = component.filterAndSortAuthMethods(authMethods, false, true);
+      expect(result).toEqual([
+        { authMethodType: AuthMethodType.Shibboleth, position: 2 },
+      ]);
+    });
+
+    it('excludes methods based on excludedAuthMethod input', () => {
+      const authMethods = [
+        { authMethodType: AuthMethodType.Password, position: 1 },
+        { authMethodType: AuthMethodType.Ip, position: 2 },
+        { authMethodType: AuthMethodType.Shibboleth, position: 3 },
+      ];
+      const isBackdoor = false;
+      component.excludedAuthMethod = AuthMethodType.Ip;
+      const result = component.filterAndSortAuthMethods(authMethods, isBackdoor);
+      expect(result).toEqual([
+        { authMethodType: AuthMethodType.Password, position: 1 },
+        { authMethodType: AuthMethodType.Shibboleth, position: 3 },
+      ]);
+    });
+
+    it('sorts methods by position', () => {
+      const authMethods = [
+        { authMethodType: AuthMethodType.Password, position: 2 },
+        { authMethodType: AuthMethodType.Shibboleth, position: 1 },
+      ];
+      const isBackdoor = false;
+      component.excludedAuthMethod = undefined;
+      const result = component.filterAndSortAuthMethods(authMethods, isBackdoor);
+      expect(result).toEqual([
+        { authMethodType: AuthMethodType.Shibboleth, position: 1 },
+        { authMethodType: AuthMethodType.Password, position: 2 },
+      ]);
+    });
   });
 
 });

src/app/shared/log-in/log-in.component.ts

@@ -1,9 +1,6 @@
 import { ChangeDetectionStrategy, Component, Input, OnDestroy, OnInit } from '@angular/core';
-import { Observable, Subscription, combineLatest } from 'rxjs';
 import { filter, map, shareReplay } from 'rxjs/operators';
 import { select, Store } from '@ngrx/store';
-import uniqBy from 'lodash/uniqBy';
-
 import { AuthMethod } from '../../core/auth/models/auth.method';
 import {
   getAuthenticationError,
@@ -19,6 +16,10 @@ import { rendersAuthMethodType } from './methods/log-in.methods-decorator';
 import { AuthMethodType } from '../../core/auth/models/auth.method-type';
 import { FeatureID } from '../../core/data/feature-authorization/feature-id';
 import { AuthorizationDataService } from '../../core/data/feature-authorization/authorization-data.service';
+import { ActivatedRoute } from '@angular/router';
+import uniqBy from 'lodash/uniqBy';
+import { environment } from '../../../environments/environment';
+import { combineLatestWith, Observable, Subscription } from 'rxjs';
 
 @Component({
   selector: 'ds-log-in',
@@ -84,19 +85,20 @@ export class LogInComponent implements OnInit, OnDestroy {
 
   constructor(private store: Store<CoreState>,
               private authService: AuthService,
+              private route: ActivatedRoute,
               protected authorizationService: AuthorizationDataService
   ) {
   }
 
   ngOnInit(): void {
     this.authMethods = this.store.pipe(
       select(getAuthenticationMethods),
-      map((methods: AuthMethod[]) => methods
-        // ignore the given auth method if it should be excluded
-        .filter((authMethod: AuthMethod) => authMethod.authMethodType !== this.excludedAuthMethod)
-        .filter((authMethod: AuthMethod) => rendersAuthMethodType(authMethod.authMethodType) !== undefined)
-        .sort((method1: AuthMethod, method2: AuthMethod) => method1.position - method2.position),
-      ),
+      combineLatestWith(
+        this.route.data.pipe(
+          filter(routeData => !!routeData),
+          map(data => data.isBackDoor),
+        )),
+      map(([methods, isBackdoor]) => this.filterAndSortAuthMethods(methods, isBackdoor, environment.auth.disableStandardLogin)),
       // ignore the ip authentication method when it's returned by the backend
       map((authMethods: AuthMethod[]) => uniqBy(authMethods.filter(a => a.authMethodType !== AuthMethodType.Ip), 'authMethodType'))
     );
@@ -117,12 +119,30 @@ export class LogInComponent implements OnInit, OnDestroy {
     this.canRegister$ = this.authorizationService.isAuthorized(FeatureID.EPersonRegistration);
 
     this.canForgot$ = this.authorizationService.isAuthorized(FeatureID.EPersonForgotPassword).pipe(shareReplay(1));
-    this.canShowDivider$ =
-        combineLatest([this.canRegister$, this.canForgot$])
-            .pipe(
-                map(([canRegister, canForgot]) => canRegister || canForgot),
-                filter(Boolean)
-            );
+    this.canShowDivider$ = this.canRegister$.pipe(
+      combineLatestWith(this.canForgot$),
+      map(([canRegister, canForgot]) => canRegister || canForgot),
+      filter(Boolean)
+    );
+  }
+
+  filterAndSortAuthMethods(authMethods: AuthMethod[], isBackdoor: boolean, isStandardLoginDisabled = false): AuthMethod[] {
+    return authMethods.filter((authMethod: AuthMethod) => {
+        const methodComparison = (authM) => {
+          if (isBackdoor) {
+            return authM.authMethodType === AuthMethodType.Password;
+          }
+          if (isStandardLoginDisabled) {
+            return authM.authMethodType !== AuthMethodType.Password;
+          }
+          return true;
+
+        };
+        return methodComparison(authMethod) &&
+          authMethod.authMethodType !== this.excludedAuthMethod &&
+          rendersAuthMethodType(authMethod.authMethodType) !== undefined;
+      },
+    ).sort((method1: AuthMethod, method2: AuthMethod) => method1.position - method2.position);
   }
 
   getRegisterRoute() {

src/config/auth-config.interfaces.ts

@@ -20,4 +20,7 @@ export interface AuthConfig extends Config {
     // This is independent from the idle warning.
     timeLeftBeforeTokenRefresh: number;
   };
+
+  // Whether the standard login form should be enabled.
+  disableStandardLogin?: boolean;
 }

src/config/default-app-config.ts

@@ -135,7 +135,8 @@ export class DefaultAppConfig implements AppConfig {
       // If the rest token expires in less than this amount of time, it will be refreshed automatically.
       // This is independent from the idle warning.
       timeLeftBeforeTokenRefresh: 2 * 60 * 1000 // 2 minutes
-    }
+    },
+    disableStandardLogin: false, // Enable the standard login form
   };
 
   // Form settings

src/environments/environment.test.ts

@@ -97,6 +97,7 @@ export const environment: BuildConfig = {
       // This is independent from the idle warning.
       timeLeftBeforeTokenRefresh: 20000, // 20 sec
     },
+    disableStandardLogin: false,
   },
 
   // Form settings