DTS -37507 Upgrade Central Auth - KH Integration

UI/nginx/files/nginx-dev.conf

@@ -19,7 +19,7 @@ server
         font/woff2                 max;
         font/otf                   max;
     }
-    
+
 server
 {
     listen 443 ssl default_server;
@@ -66,7 +66,7 @@ server
         index  index.html index.htm;
         add_header X-Frame-Options "SAMEORIGIN";
         add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
-        add_header Content-Security-Policy "default-src 'self' https://www.googletagmanager.com https://cdn.form.io 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data:;connect-src 'self' https://region1.google-analytics.com https://www.google-analytics.com;";
+        add_header Content-Security-Policy "default-src 'self' *.tools.publicis.sapient.com *.publicissapient.com https://www.googletagmanager.com https://cdn.form.io 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data:;connect-src 'self' *.tools.publicis.sapient.com *.publicissapient.com https://region1.google-analytics.com https://www.google-analytics.com;";
         add_header X-Content-Type-Options nosniff;
         add_header X-XSS-Protection "1; mode=block";
         add_header Referrer-Policy "strict-origin";

UI/nginx/files/nginx-prod.conf

@@ -53,11 +53,11 @@ server {
         index  index.html index.htm;
         add_header X-Frame-Options "SAMEORIGIN";
         add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
-        add_header Content-Security-Policy "default-src 'self' https://www.googletagmanager.com https://cdn.form.io 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data:;connect-src 'self' https://region1.google-analytics.com https://www.google-analytics.com;";
+        add_header Content-Security-Policy "default-src 'self' *.tools.publicis.sapient.com *.publicissapient.com https://www.googletagmanager.com https://cdn.form.io 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data:;connect-src 'self' *.tools.publicis.sapient.com *.publicissapient.com https://region1.google-analytics.com https://www.google-analytics.com;";
         add_header X-Content-Type-Options nosniff;
         add_header X-XSS-Protection "1; mode=block";
         add_header Referrer-Policy "strict-origin";
-        
+
     }
 
     location ~* \.(?:jpe?g|gif|png|ico)$ {

UI/src/app/config/profile/access-mgmt/access-mgmt.component.ts

@@ -377,7 +377,7 @@ export class AccessMgmtComponent implements OnInit {
 
 	deleteAccessReq(userName, isSuperAdmin) {
 		this.httpService.deleteAccess({
-			userName : userName,
+			username : userName,
 		  }).subscribe(response => {
 			this.accessDeletionStatus(response, isSuperAdmin);
 		}, error => {

UI/src/app/dashboard/filter/filter.component.ts

@@ -1572,7 +1572,26 @@ this.resetAddtionalFIlters();
   // logout is clicked  and removing auth token , username
   logout() {
       this.loader = true;
-      this.helperService.logoutHttp();
+      this.httpService.logout().subscribe((responseData) => {
+        // if (responseData?.success) {
+          if(!environment['AUTHENTICATION_SERVICE']){
+          this.helperService.isKanban = false;
+          // Set blank selectedProject after logged out state
+          this.service.setSelectedProject(null);
+          this.service.setCurrentUserDetails({});
+          this.service.setVisibleSideBar(false);
+          this.service.setAddtionalFilterBackup({});
+          this.service.setKpiSubFilterObj({});
+          localStorage.clear();
+          this.loader = false;
+          this.router.navigate(['./authentication/login']);
+        } else{
+          this.loader = false;
+          let redirect_uri = window.location.href;
+          window.location.href = environment.CENTRAL_LOGIN_URL + '?redirect_uri=' + redirect_uri;
+        }
+      // }
+    })
   }
 
   // when user would want to give access on project from notification list

UI/src/app/model/UserNameRequestDTO.ts

@@ -17,5 +17,5 @@
  ******************************************************************************/
 
  export interface UserNameRequestDTO {
-    userName: string;
+    username: string;
 }

UI/src/app/module/interceptor.module.ts

@@ -37,11 +37,20 @@ export class HttpsRequestInterceptor implements HttpInterceptor {
         const httpErrorHandler = req.headers.get('httpErrorHandler') || 'global';
         const requestArea = req.headers.get('requestArea') || 'internal';
 
+        if (environment.AUTHENTICATION_SERVICE) {
+            let cookie = document.cookie?.split(';');
+            let authCookie_EXPIRY = cookie?.find(x => x.includes('authCookie_EXPIRY'));
+            authCookie_EXPIRY = authCookie_EXPIRY?.split('=')[1];
+            if (!authCookie_EXPIRY) {
+                this.redirectToLogin();
+            }
+        }
+
         if (req.headers.get('httpErrorHandler')) {
             req = req.clone({ headers: req.headers.delete('httpErrorHandler') });
         }
 
-		req = req.clone({withCredentials: true});
+        req = req.clone({ withCredentials: true });
 
         if (req.headers.get('requestArea')) {
             req = req.clone({ headers: req.headers.delete('requestArea') });
@@ -80,7 +89,7 @@ export class HttpsRequestInterceptor implements HttpInterceptor {
         return next.handle(req)
             .pipe(
                 tap(event => {
-                    if (event instanceof HttpResponse){
+                    if (event instanceof HttpResponse) {
                         /**Todo: Not autochanging the user role on role change. User will have to manually logout when his/her role is changed.
                          * Currently commiting this code as per comment on ticket DTS-30823 */
                         // if(!event?.url?.includes('api/authdetails') &&
@@ -90,26 +99,22 @@ export class HttpsRequestInterceptor implements HttpInterceptor {
                     }
                 }),
                 catchError((err) => {
-                if (err instanceof HttpErrorResponse) {
-                    if (err.status === 401) {
-                        if (requestArea === 'internal') {
-                            if(environment?.['SSO_LOGIN']){
-                                this.service.setCurrentUserDetails({});
-                                console.log('SSO_LOGIN', true)
-                            }else{
-                                if(environment.AUTHENTICATION_SERVICE){
-                                    /** redirect to central login url*/
-                                    let redirect_uri = window.location.href;
-                                    localStorage.setItem('redirect_uri', JSON.stringify(redirect_uri))
-                                    if(environment.CENTRAL_LOGIN_URL){
-                                        window.location.href = environment.CENTRAL_LOGIN_URL + "?redirect_uri=" + redirect_uri;
-                                    }
-                                }else{
+                    if (err instanceof HttpErrorResponse) {
+                        if (err.status === 401) {
+                            if (requestArea === 'internal') {
+                                if (environment?.['SSO_LOGIN']) {
                                     this.service.setCurrentUserDetails({});
-                                    this.router.navigate(['./authentication/login'], { queryParams: { sessionExpire: true } });
+                                    console.log('SSO_LOGIN', true)
+                                } else {
+                                    if (environment.AUTHENTICATION_SERVICE) {
+                                        this.redirectToLogin();
+                                    } else {
+                                        this.service.setCurrentUserDetails({});
+                                        this.router.navigate(['./authentication/login'], { queryParams: { sessionExpire: true } });
+                                    }
                                 }
                             }
-                        }
+
 
                         if (environment?.['SSO_LOGIN']) {
                             this.router.navigate(['./dashboard/my-knowhow']).then(success => {
@@ -132,29 +137,35 @@ export class HttpsRequestInterceptor implements HttpInterceptor {
                                         if(!environment?.['SSO_LOGIN'] || (environment.SSO_LOGIN && !req.url.includes('api/sso/'))){
                                         this.router.navigate(['./dashboard/Error']);
                                         }
-                                        setTimeout(() => {
-                                            this.service.raiseError(err);
-                                        }, 0);
                                     }
                                 }
                             }
                         }
+                        }
                     }
-                }
-                // error thrown here needs to catch in  error block of subscribe
-                return throwError(err);
-            }));
+                    // error thrown here needs to catch in  error block of subscribe
+                    return throwError(err);
+                }));
     }
 
     checkForPartialRedirectExceptions(url, exceptionsArr) {
         let result = false;
         exceptionsArr.forEach(element => {
-            if(url.indexOf(element) !== -1) {
+            if (url.indexOf(element) !== -1) {
                 result = true;
             }
         });
         return result;
     }
+
+    redirectToLogin() {
+        /** redirect to central login url*/
+        let redirect_uri = window.location.href;
+        localStorage.setItem('redirect_uri', JSON.stringify(redirect_uri))
+        if (environment.CENTRAL_LOGIN_URL) {
+            window.location.href = environment.CENTRAL_LOGIN_URL + "?redirect_uri=" + redirect_uri;
+        }
+    }
 }
 
 @NgModule({

UI/src/app/services/app-initializer.service.ts

@@ -144,6 +144,7 @@ export class AppInitializerService {
                         environment['SSO_LOGIN'] = env['SSO_LOGIN'] === 'true' ? true : false;
                         environment['AUTHENTICATION_SERVICE'] = env['AUTHENTICATION_SERVICE'] === 'true' ? true : false;
                         environment['CENTRAL_LOGIN_URL'] = env['CENTRAL_LOGIN_URL'] || '';
+                        environment['CENTRAL_API_URL'] = env['CENTRAL_API_URL'] || '';
                         environment['MAP_URL'] = env['MAP_URL'] || '';
                         environment['RETROS_URL'] = env['RETROS_URL'] || '';
                         environment['SPEED_SUITE'] = env['SPEED_SUITE'] === 'true' ? true : false;
@@ -169,34 +170,31 @@ export class AppInitializerService {
         })
     }
 
-    validateToken(location) {
-        return new Promise<void>((resolve, reject) => {
-            if (!environment['AUTHENTICATION_SERVICE']) {
-                this.router.resetConfig([...this.routes]);
-                this.router.navigate([location]);
-            } else {
+  validateToken(location) {
+    return new Promise<void>((resolve, reject) => {
+        if (!environment['AUTHENTICATION_SERVICE']) {
+            this.router.resetConfig([...this.routes]);
+            this.router.navigate([location]);
+        } else {
+            // Make API call or initialization logic here...
+            this.httpService.getUserDetailsForCentral().subscribe((response) => {
+                  if (response?.['success']) {
+                      this.sharedService.setCurrentUserDetails(response?.['data']);
+                      this.router.resetConfig([...this.routesAuth]);
+                      localStorage.setItem("user_name", response?.['data']?.user_name);
+                      localStorage.setItem("user_email", response?.['data']?.user_email);
+                      this.ga.setLoginMethod(response?.['data'], response?.['data']?.authType);
+                  }
 
-                let obj = {
-                    'resource': environment.RESOURCE,
-                };
-                // Make API call or initialization logic here...
-                this.httpService.getUserValidation(obj).subscribe((response) => {
-                    if (response?.['success']) {
-                        this.sharedService.setCurrentUserDetails(response?.['data']);
-                        this.router.resetConfig([...this.routesAuth]);
-                        localStorage.setItem("user_name", response?.['data']?.user_name);
-                        localStorage.setItem("user_email", response?.['data']?.user_email);
-                        this.ga.setLoginMethod(response?.['data'], response?.['data']?.authType);
-                    }
-                    if (location) {
-                        let redirect_uri = JSON.parse(localStorage.getItem('redirect_uri'));
-                        if (redirect_uri) {
-                            localStorage.removeItem('redirect_uri');
-                        }
-                        this.router.navigateByUrl(location);
-                    } else {
-                        this.router.navigate(['/dashboard/iteration']);
-                    }
+                  if (location) {
+                      let redirect_uri = JSON.parse(localStorage.getItem('redirect_uri'));
+                      if (redirect_uri) {
+                          localStorage.removeItem('redirect_uri');
+                      }
+                      this.router.navigateByUrl(location);
+                  } else {
+                      this.router.navigate(['/dashboard/iteration']);
+                  }
                 }, error => {
                     console.log(error);
                 });

UI/src/app/services/helper.service.ts

@@ -757,10 +757,7 @@ export class HelperService {
           localStorage.clear();
           this.router.navigate(['./authentication/login']);
         } else{
-          let obj = {
-            'resource': environment.RESOURCE
-          };
-          this.httpService.getUserValidation(obj).toPromise()
+          this.httpService.getUserDetailsForCentral().toPromise()
           .then((response) => {
             if (response && !response['success']) {
               let redirect_uri = window.location.href;

UI/src/app/services/http.service.ts

@@ -172,8 +172,7 @@ export class HttpService {
   userEmail: string;
   private activeIterationUrl =  this.baseUrl + '/api/processor/fetchSprint';
   private activeIterationfetchStatusUrl = this.baseUrl + '/api/activeIteration/fetchStatus';
-  private validateTokenUrl = this.baseUrl + '/api/validateToken';
-  private validateResourceUrl = this.baseUrl + '/api/validateResource';
+  private fetchUserDetailsUrl = this.baseUrl + '/api/fetchUserDetails';
   private getShowHideKpiUrl = this.baseUrl + '/api/user-board-config';
   private getShowHideKpiNewUIUrl = this.baseUrl + '/api/user-board-config/getBoardConfig';
   private recommendationsUrl = this.baseUrl + '/api/kpiRecommendation';
@@ -279,7 +278,7 @@ export class HttpService {
   /**  logout from the server */
   logout(): Observable<any> {
     if(environment?.['AUTHENTICATION_SERVICE']){
-      this.logoutUrl = this.baseUrl + '/api/centralUserlogout';
+      this.logoutUrl = environment?.['CENTRAL_API_URL'] + '/api/sso-logout';
     }
     return this.http.get(this.logoutUrl);
   }
@@ -1143,13 +1142,10 @@ export class HttpService {
     return this.http.get<any>(`${this.getKPIFieldMappingRelationshipsUrl}/${KPIID}`);
   }
 
-  getUserValidation(data){
-    return this.http.post<object>(this.validateTokenUrl, data);
+  getUserDetailsForCentral(){
+    return this.http.get<object>(this.fetchUserDetailsUrl);
   }
 
-  handleValidateResource(data){
-    return this.http.post<object>(this.validateResourceUrl, data);
-  }
   getFeatureFlags() {
     return this.http.get<any>(`${this.baseUrl}/api/actuator/togglz`).toPromise();
   }

UI/src/assets/env.json

@@ -2,6 +2,7 @@
     "baseUrl":"${BASE_URL}",
     "SSO_LOGIN":"${SSO_LOGIN}",
     "CENTRAL_LOGIN_URL": "${CENTRAL_LOGIN_URL}",
+    "CENTRAL_API_URL" : "${CENTRAL_API_URL}",
     "RESOURCE": "PSKnowHOW",
     "AUTHENTICATION_SERVICE": "${AUTHENTICATION_SERVICE}",
     "MAP_URL":"${MAP_URL}",

UI/src/assets/env.template.json

@@ -2,6 +2,7 @@
     "baseUrl":"${BASE_URL}",
     "SSO_LOGIN":"${SSO_LOGIN}",
     "CENTRAL_LOGIN_URL": "${CENTRAL_LOGIN_URL}",
+    "CENTRAL_API_URL" : "${CENTRAL_API_URL}",
     "RESOURCE": "PSKnowHOW",
     "AUTHENTICATION_SERVICE": "${AUTHENTICATION_SERVICE}",
     "MAP_URL":"${MAP_URL}",

UI/src/environments/environment.docker.ts

@@ -21,8 +21,10 @@ export const environment = {
   baseUrl: '',
   SSO_LOGIN: false,
   CENTRAL_LOGIN_URL: '',
+  CENTRAL_API_URL: '',
   RESOURCE: 'PSKnowHOW',
   AUTHENTICATION_SERVICE: false,
+  SPEED_SUITE: false,
   MAP_URL:'',
   RETROS_URL: ''
 };

UI/src/environments/environment.ts

@@ -24,10 +24,13 @@ export const environment = {
    production: false,
    baseUrl: '//customapi:8080',
    SSO_LOGIN: false,
-   CENTRAL_LOGIN_URL: '',
+   CENTRAL_LOGIN_URL: 'http://localhost:3000',
+   CENTRAL_API_URL: 'http://localhost:8787',
    RESOURCE: 'PSKnowHOW',
    AUTHENTICATION_SERVICE: false,
-   SPEED_SUITE: false
+   SPEED_SUITE: false,
+   MAP_URL:'',
+   RETROS_URL: ''
 };
 
 /*

customapi/src/main/java/com/publicissapient/kpidashboard/apis/auth/service/DefaultAuthenticationServiceImpl.java

@@ -88,9 +88,6 @@ public DefaultAuthenticationServiceImpl(AuthenticationRepository authenticationR
 		this.cookieUtil = cookieUtil;
 	}
 
-	@Autowired
-	private RestTemplate restTemplate;
-
 	/**
 	 * {@inheritDoc}
 	 */
@@ -403,7 +400,7 @@ public ResponseEntity<ServiceResponse> changePasswordForCentralAuth(ChangePasswo
 		ResponseEntity<String> response = null;
 		try {
 			response = restTemplate.exchange(changePasswordUrl, HttpMethod.POST, entity, String.class);
-			if (response.getStatusCode().is2xxSuccessful()) {
+			if (response.getStatusCode().is2xxSuccessful() && Objects.nonNull(response.getBody())) {
 				JSONObject jsonObject = new JSONObject(response.getBody());
 				ServiceResponse serviceResponse = new ServiceResponse();
 				serviceResponse.setMessage(jsonObject.getString("message"));

customapi/src/main/java/com/publicissapient/kpidashboard/apis/auth/service/UserNameRequest.java

@@ -25,5 +25,5 @@
 @Data
 public class UserNameRequest {
 	@NotNull
-	private String userName;
+	private String username;
 }

customapi/src/main/java/com/publicissapient/kpidashboard/apis/auth/token/CookieUtil.java

@@ -26,7 +26,7 @@
 public class CookieUtil {
 	public static final String AUTH_COOKIE = "authCookie";
 	@Autowired
-	private CustomApiConfig customApiConfig; // TODO needed to delete
+	private CustomApiConfig customApiConfig;
 
 	@Autowired
 	private AuthProperties authProperties;
@@ -105,4 +105,12 @@ public HttpHeaders getHeadersForApiKey(String apiKey, boolean usingBasicAuth) {
 		}
 		return headers;
 	}
+
+	public HttpHeaders setCookieIntoHeader(String token) {
+		HttpHeaders headers = new HttpHeaders();
+		headers.set("Accept", MediaType.APPLICATION_JSON_VALUE);
+		headers.add(HttpHeaders.COOKIE, AUTH_COOKIE + "=" + token);
+		return headers;
+
+	}
 }