poista AWSALB ja cookiesession keksit frontendissä, jos väyläkirjautu…

…mista ei löydy
finnishtransportagency · Feb 17, 2023 · 7806000 · 7806000
1 parent 0ff7d59
commit 7806000
Show file tree

Hide file tree

Showing 7 changed files with 75 additions and 13 deletions.
diff --git a/backend/src/error/NoVaylaAuthenticationError.ts b/backend/src/error/NoVaylaAuthenticationError.ts
@@ -0,0 +1,10 @@
+import { ClientError } from "./ClientError";
+
+export class NoVaylaAuthenticationError extends ClientError {
+  constructor(m?: string) {
+    super("NoVaylaAuthenticationError", m);
+
+    // Set the prototype explicitly.
+    Object.setPrototypeOf(this, NoVaylaAuthenticationError.prototype);
+  }
+}
diff --git a/backend/src/user/userService.ts b/backend/src/user/userService.ts
@@ -9,6 +9,7 @@ import { createSignedCookies } from "./signedCookie";
 import { apiConfig } from "../../../common/abstractApi";
 import { isAorL } from "../util/userUtil";
 import { NoHassuAccessError } from "../error/NoHassuAccessError";
+import { NoVaylaAuthenticationError } from "../error/NoVaylaAuthenticationError";
 
 function parseRoles(roles: string): string[] | undefined {
   return roles
@@ -99,7 +100,7 @@ export function getVaylaUser(): NykyinenKayttaja | undefined {
 
 export function requireVaylaUser(): NykyinenKayttaja {
   if (!(globalThis as any).currentUser) {
-    throw new IllegalAccessError("Väylä-kirjautuminen puuttuu");
+    throw new NoVaylaAuthenticationError("Väylä-kirjautuminen puuttuu");
   }
   return (globalThis as any).currentUser;
 }

diff --git a/backend/test/apiHandler.test.ts b/backend/test/apiHandler.test.ts
@@ -3,7 +3,6 @@ import * as sinon from "sinon";
 import { projektiDatabase } from "../src/database/projektiDatabase";
 import { ProjektiFixture } from "./fixture/projektiFixture";
 import { UserFixture } from "./fixture/userFixture";
-import { IllegalAccessError } from "../src/error/IllegalAccessError";
 import { velho } from "../src/velho/velhoClient";
 import { api } from "../integrationtest/api/apiClient";
 import { personSearch } from "../src/personSearch/personSearchClient";
@@ -36,6 +35,7 @@ import { mockBankHolidays } from "./mocks";
 import assert from "assert";
 import fs from "fs";
 import { SchedulerMock } from "../integrationtest/api/testUtil/util";
+import { NoVaylaAuthenticationError } from "../src/error/NoVaylaAuthenticationError";
 
 const chai = require("chai");
 const { expect } = chai;
@@ -365,7 +365,7 @@ describe("apiHandler", () => {
 
     // Verify that projekti is not visible for anonymous users
     userFixture.logout();
-    await expect(api.lataaProjekti(fixture.PROJEKTI1_OID)).to.eventually.be.rejectedWith(IllegalAccessError);
+    await expect(api.lataaProjekti(fixture.PROJEKTI1_OID)).to.eventually.be.rejectedWith(NoVaylaAuthenticationError);
     userFixture.loginAs(UserFixture.pekkaProjari);
 
     // Send aloituskuulutus to be approved
@@ -439,7 +439,7 @@ describe("apiHandler", () => {
 
     createProjektiStub.resolves();
 
-    await chai.assert.isRejected(api.tallennaProjekti(fixture.tallennaProjektiInput), IllegalAccessError);
+    await chai.assert.isRejected(api.tallennaProjekti(fixture.tallennaProjektiInput), NoVaylaAuthenticationError);
   });
 });
 

diff --git a/migration-cli/package-lock.json b/migration-cli/package-lock.json
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -20,6 +20,7 @@
     "@mui/material": "5.10.6",
     "@mui/system": "5.10.6",
     "@mui/x-date-pickers": "5.0.2",
+    "@types/js-cookie": "^3.0.2",
     "@types/mime-types": "2.1.1",
     "@types/nodemailer": "6.4.4",
     "@types/pdfkit": "0.12.3",
@@ -42,6 +43,7 @@
     "graphql": "14.7.0",
     "graphql-tag": "2.12.5",
     "html-react-parser": "3.0.8",
+    "js-cookie": "^3.0.1",
     "jsonschema": "1.4.1",
     "jsonwebtoken": "9.0.0",
     "jwk-to-pem": "2.0.5",

diff --git a/src/components/ApiProvider.tsx b/src/components/ApiProvider.tsx
@@ -9,6 +9,8 @@ import useTranslation from "next-translate/useTranslation";
 import { Translate } from "next-translate";
 import { GraphQLError } from "graphql";
 import { NoHassuAccessError } from "backend/src/error/NoHassuAccessError";
+import { NoVaylaAuthenticationError } from "backend/src/error/NoVaylaAuthenticationError";
+import Cookies from "js-cookie";
 
 type ApiContextType = { api: API; unauthorized: boolean };
 
@@ -65,15 +67,31 @@ function ApiProvider({ children }: Props) {
       const errorArray: readonly GraphQLError[] = Array.isArray(errors) ? errors : [errors];
       const unauthorized = errorArray.some((error) => (error as any)?.errorInfo?.errorSubType === new NoHassuAccessError().className);
       setIsUnauthorized(unauthorized);
+      // Do not show snackbar errors on unauthorized 'page'
       if (!unauthorized) {
         commonErrorHandler(errorResponse);
       }
+      const noVaylaAuthentication = errorArray.some(
+        (error) => (error as any)?.errorInfo?.errorSubType === new NoVaylaAuthenticationError().className
+      );
+      if (noVaylaAuthentication) {
+        removeAWSALBAndCookieSessionCookies();
+        router.push("/yllapito/kirjaudu");
+      }
     };
     const api = createApiWithAdditionalErrorHandling(commonErrorHandler, authenticatedErrorHandler);
     return { api, unauthorized: isUnauthorized };
-  }, [isUnauthorized, isYllapito, showErrorMessage, t]);
+  }, [isUnauthorized, isYllapito, router, showErrorMessage, t]);
 
   return <ApiContext.Provider value={value}>{children}</ApiContext.Provider>;
 }
 
+function removeAWSALBAndCookieSessionCookies() {
+  Object.keys(Cookies.get() || {})
+    .filter((cookie) => cookie.startsWith("AWSALB") || cookie.startsWith("cookiesession"))
+    .forEach((cookie) => {
+      Cookies.remove(cookie);
+    });
+}
+
 export { ApiProvider };