Merged in task/dspace-cris-2023_02_x/DSC-2329 (pull request DSpace#3175)

atarix83 · vins01-4science · commit 7b0205c6862e · 2025-05-09T14:54:53.000Z
Task/dspace cris 2023 02 x/DSC-2329

Approved-by: Vincenzo Mecca
diff --git a/src/app/bitstream-page/bitstream-download-redirect.guard.ts b/src/app/bitstream-page/bitstream-download-redirect.guard.ts
@@ -35,6 +35,7 @@ export const bitstreamDownloadRedirectGuard: CanActivateFn = (
 ): Observable<UrlTree | boolean> => {
 
   const bitstreamId = route.params.id;
+  const accessToken: string = route.queryParams.accessToken;
 
   return bitstreamDataService.findById(bitstreamId, true, false, ...BITSTREAM_PAGE_LINKS_TO_FOLLOW).pipe(
     getFirstCompletedRemoteData(),
@@ -67,14 +68,21 @@ export const bitstreamDownloadRedirectGuard: CanActivateFn = (
       if (isAuthorized && isLoggedIn && isNotEmpty(fileLink)) {
         hardRedirectService.redirect(fileLink);
         return false;
-      } else if (isAuthorized && !isLoggedIn) {
+      } else if (isAuthorized && !isLoggedIn && !hasValue(accessToken)) {
         hardRedirectService.redirect(bitstream._links.content.href);
         return false;
-      } else if (!isAuthorized && isLoggedIn) {
-        return router.createUrlTree([getForbiddenRoute()]);
-      } else if (!isAuthorized && !isLoggedIn) {
-        auth.setRedirectUrl(router.url);
-        return router.createUrlTree(['login']);
+      } else if (!isAuthorized) {
+        // Either we have an access token, or we are logged in, or we are not logged in.
+        // For now, the access token does not care if we are logged in or not.
+        if (hasValue(accessToken)) {
+          hardRedirectService.redirect(bitstream._links.content.href + '?accessToken=' + accessToken);
+          return false;
+        } else if (isLoggedIn) {
+          return router.createUrlTree([getForbiddenRoute()]);
+        } else if (!isLoggedIn) {
+          auth.setRedirectUrl(router.url);
+          return router.createUrlTree(['login']);
+        }
       }
     })
   );
diff --git a/src/app/core/auth/server-auth-request.service.ts b/src/app/core/auth/server-auth-request.service.ts
@@ -17,6 +17,7 @@ import {
 import { map } from 'rxjs/operators';
 import { Observable } from 'rxjs';
 import { XSRFService } from '../xsrf/xsrf.service';
+import { RESTURLCombiner } from '../url-combiner/rest-url-combiner';
 
 /**
  * Server side version of the service to send authentication requests
@@ -41,8 +42,8 @@ export class ServerAuthRequestService extends AuthRequestService {
    * @protected
    */
   protected createShortLivedTokenRequest(href: string): Observable<PostRequest> {
-    // First do a call to the root endpoint in order to get an XSRF token
-    return this.httpClient.get(this.halService.getRootHref(), { observe: 'response' }).pipe(
+    // First do a call to the csrf endpoint in order to get an XSRF token
+    return this.httpClient.get(new RESTURLCombiner('/security/csrf').toString(), { observe: 'response' }).pipe(
       // retrieve the XSRF token from the response header
       map((response: HttpResponse<any>) => response.headers.get(XSRF_RESPONSE_HEADER)),
       map((xsrfToken: string) => {
