Merged in task/main-cris/DSC-2329_new (pull request DSpace#3174)

atarix83 · vins01-4science · commit ca7f4a13b498 · 2025-05-09T14:54:45.000Z
Task/main cris/DSC-2329 new

Approved-by: Vincenzo Mecca
diff --git a/src/app/bitstream-page/bitstream-download-redirect.guard.ts b/src/app/bitstream-page/bitstream-download-redirect.guard.ts
@@ -47,6 +47,7 @@ export const bitstreamDownloadRedirectGuard: CanActivateFn = (
 ): Observable<UrlTree | boolean> => {
 
   const bitstreamId = route.params.id;
+  const accessToken: string = route.queryParams.accessToken;
 
   return bitstreamDataService.findById(bitstreamId, true, false, ...BITSTREAM_PAGE_LINKS_TO_FOLLOW).pipe(
     getFirstCompletedRemoteData(),
@@ -79,14 +80,21 @@ export const bitstreamDownloadRedirectGuard: CanActivateFn = (
       if (isAuthorized && isLoggedIn && isNotEmpty(fileLink)) {
         hardRedirectService.redirect(fileLink);
         return false;
-      } else if (isAuthorized && !isLoggedIn) {
+      } else if (isAuthorized && !isLoggedIn && !hasValue(accessToken)) {
         hardRedirectService.redirect(bitstream._links.content.href);
         return false;
-      } else if (!isAuthorized && isLoggedIn) {
-        return router.createUrlTree([getForbiddenRoute()]);
-      } else if (!isAuthorized && !isLoggedIn) {
-        auth.setRedirectUrl(router.url);
-        return router.createUrlTree(['login']);
+      } else if (!isAuthorized) {
+        // Either we have an access token, or we are logged in, or we are not logged in.
+        // For now, the access token does not care if we are logged in or not.
+        if (hasValue(accessToken)) {
+          hardRedirectService.redirect(bitstream._links.content.href + '?accessToken=' + accessToken);
+          return false;
+        } else if (isLoggedIn) {
+          return router.createUrlTree([getForbiddenRoute()]);
+        } else if (!isLoggedIn) {
+          auth.setRedirectUrl(router.url);
+          return router.createUrlTree(['login']);
+        }
       }
     }),
   );
diff --git a/src/app/core/auth/server-auth-request.service.ts b/src/app/core/auth/server-auth-request.service.ts
@@ -6,6 +6,7 @@ import {
 import { Injectable } from '@angular/core';
 import { Observable } from 'rxjs';
 import { map } from 'rxjs/operators';
+import { RESTURLCombiner } from 'src/app/core/url-combiner/rest-url-combiner';
 
 import { RemoteDataBuildService } from '../cache/builders/remote-data-build.service';
 import { PostRequest } from '../data/request.models';
@@ -42,8 +43,8 @@ export class ServerAuthRequestService extends AuthRequestService {
    * @protected
    */
   protected createShortLivedTokenRequest(href: string): Observable<PostRequest> {
-    // First do a call to the root endpoint in order to get an XSRF token
-    return this.httpClient.get(this.halService.getRootHref(), { observe: 'response' }).pipe(
+    // First do a call to the csrf endpoint in order to get an XSRF token
+    return this.httpClient.get(new RESTURLCombiner('/security/csrf').toString(), { observe: 'response' }).pipe(
       // retrieve the XSRF token from the response header
       map((response: HttpResponse<any>) => response.headers.get(XSRF_RESPONSE_HEADER)),
       map((xsrfToken: string) => {
