From 5a9bb06e91440f7ae3f1bd105199e492e2a5d5b8 Mon Sep 17 00:00:00 2001 From: Simon Date: Thu, 1 Sep 2022 16:46:42 +0200 Subject: [PATCH 1/3] updated default keycloak config --- src/assets/keycloak.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/assets/keycloak.json b/src/assets/keycloak.json index 9a463971c8..b0bf418a82 100644 --- a/src/assets/keycloak.json +++ b/src/assets/keycloak.json @@ -1,10 +1,8 @@ { - "realm": "ndb-dev", + "realm": "dev", "auth-server-url": "https://keycloak.aam-digital.com/", "ssl-required": "external", "resource": "app", "public-client": true, - "verify-token-audience": true, - "use-resource-role-mappings": true, "confidential-port": 0 } From 14dac8fdc9da1360e2d5c2e6e2749bdad118041a Mon Sep 17 00:00:00 2001 From: Simon Date: Thu, 1 Sep 2022 17:21:52 +0200 Subject: [PATCH 2/3] local session works case-insensitive and trims whitespace in username --- .../session-service/local-session.spec.ts | 16 ++++++++++++++++ .../session/session-service/local-session.ts | 9 +++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/src/app/core/session/session-service/local-session.spec.ts b/src/app/core/session/session-service/local-session.spec.ts index dd3d60bed4..1d74c418c9 100644 --- a/src/app/core/session/session-service/local-session.spec.ts +++ b/src/app/core/session/session-service/local-session.spec.ts @@ -83,6 +83,22 @@ describe("LocalSessionService", () => { expect(localSession.loginState.value).toBe(LoginState.LOGGED_IN); }); + it("should be case-insensitive and ignore spaces in username", async () => { + expect(localSession.loginState.value).toBe(LoginState.LOGGED_OUT); + const user: DatabaseUser = { + name: "UserName", + roles: [], + }; + localSession.saveUser(user, TEST_PASSWORD); + + await localSession.login(" Username ", TEST_PASSWORD); + + expect(localSession.loginState.value).toBe(LoginState.LOGGED_IN); + expect(localSession.getCurrentUser().name).toBe("UserName"); + + localSession.removeUser("username"); + }); + it("should fail login with correct username but wrong password", async () => { await localSession.login(TEST_USER, "wrong password"); diff --git a/src/app/core/session/session-service/local-session.ts b/src/app/core/session/session-service/local-session.ts index cbfb0145cc..70aa850be7 100644 --- a/src/app/core/session/session-service/local-session.ts +++ b/src/app/core/session/session-service/local-session.ts @@ -50,7 +50,9 @@ export class LocalSession extends SessionService { * @param password Password */ public async login(username: string, password: string): Promise { - const user: LocalUser = JSON.parse(window.localStorage.getItem(username)); + const user: LocalUser = JSON.parse( + window.localStorage.getItem(username.trim().toLowerCase()) + ); if (user) { if (passwordEqualsEncrypted(password, user.encryptedPassword)) { await this.handleSuccessfulLogin(user); @@ -118,7 +120,10 @@ export class LocalSession extends SessionService { roles: user.roles, encryptedPassword: encryptPassword(password), }; - window.localStorage.setItem(localUser.name, JSON.stringify(localUser)); + window.localStorage.setItem( + localUser.name.trim().toLowerCase(), + JSON.stringify(localUser) + ); // Update when already logged in if (this.getCurrentUser()?.name === localUser.name) { this.currentDBUser = localUser; From a51742817350889610f4d9498c9de133d560ae9a Mon Sep 17 00:00:00 2001 From: Simon Date: Thu, 1 Sep 2022 17:22:22 +0200 Subject: [PATCH 3/3] username is trimmed before sent to oidc endpoint --- .../session/auth/keycloak/keycloak-auth.service.spec.ts | 9 +++++++++ .../core/session/auth/keycloak/keycloak-auth.service.ts | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/app/core/session/auth/keycloak/keycloak-auth.service.spec.ts b/src/app/core/session/auth/keycloak/keycloak-auth.service.spec.ts index 54cba568cb..1fc526edc5 100644 --- a/src/app/core/session/auth/keycloak/keycloak-auth.service.spec.ts +++ b/src/app/core/session/auth/keycloak/keycloak-auth.service.spec.ts @@ -91,6 +91,15 @@ describe("KeycloakAuthService", () => { expect(user).toEqual(dbUser); }); + it("should trim whitespace from username", async () => { + await service.authenticate(" " + TEST_USER + " ", TEST_PASSWORD); + expect(mockHttpClient.post).toHaveBeenCalledWith( + jasmine.anything(), + jasmine.stringContaining(`username=${TEST_USER}&`), + jasmine.anything() + ); + }); + it("should store access token in memory and refresh token in local storage", async () => { await service.authenticate(TEST_USER, TEST_PASSWORD); diff --git a/src/app/core/session/auth/keycloak/keycloak-auth.service.ts b/src/app/core/session/auth/keycloak/keycloak-auth.service.ts index 20eb176bbd..5183d3e10d 100644 --- a/src/app/core/session/auth/keycloak/keycloak-auth.service.ts +++ b/src/app/core/session/auth/keycloak/keycloak-auth.service.ts @@ -22,7 +22,7 @@ export class KeycloakAuthService extends AuthService { authenticate(username: string, password: string): Promise { return this.keycloakReady - .then(() => this.credentialAuth(username, password)) + .then(() => this.credentialAuth(username.trim(), password)) .then((token) => this.processToken(token)); }