Keycloak improvements

src/app/core/session/auth/keycloak/keycloak-auth.service.spec.ts

@@ -91,6 +91,15 @@ describe("KeycloakAuthService", () => {
     expect(user).toEqual(dbUser);
   });
 
+  it("should trim whitespace from username", async () => {
+    await service.authenticate(" " + TEST_USER + "  ", TEST_PASSWORD);
+    expect(mockHttpClient.post).toHaveBeenCalledWith(
+      jasmine.anything(),
+      jasmine.stringContaining(`username=${TEST_USER}&`),
+      jasmine.anything()
+    );
+  });
+
   it("should store access token in memory and refresh token in local storage", async () => {
     await service.authenticate(TEST_USER, TEST_PASSWORD);
 

src/app/core/session/auth/keycloak/keycloak-auth.service.ts

@@ -22,7 +22,7 @@ export class KeycloakAuthService extends AuthService {
 
   authenticate(username: string, password: string): Promise<DatabaseUser> {
     return this.keycloakReady
-      .then(() => this.credentialAuth(username, password))
+      .then(() => this.credentialAuth(username.trim(), password))
       .then((token) => this.processToken(token));
   }
 

src/app/core/session/session-service/local-session.spec.ts

@@ -83,6 +83,22 @@ describe("LocalSessionService", () => {
     expect(localSession.loginState.value).toBe(LoginState.LOGGED_IN);
   });
 
+  it("should be case-insensitive and ignore spaces in username", async () => {
+    expect(localSession.loginState.value).toBe(LoginState.LOGGED_OUT);
+    const user: DatabaseUser = {
+      name: "UserName",
+      roles: [],
+    };
+    localSession.saveUser(user, TEST_PASSWORD);
+
+    await localSession.login(" Username ", TEST_PASSWORD);
+
+    expect(localSession.loginState.value).toBe(LoginState.LOGGED_IN);
+    expect(localSession.getCurrentUser().name).toBe("UserName");
+
+    localSession.removeUser("username");
+  });
+
   it("should fail login with correct username but wrong password", async () => {
     await localSession.login(TEST_USER, "wrong password");
 

src/app/core/session/session-service/local-session.ts

@@ -50,7 +50,9 @@ export class LocalSession extends SessionService {
    * @param password Password
    */
   public async login(username: string, password: string): Promise<LoginState> {
-    const user: LocalUser = JSON.parse(window.localStorage.getItem(username));
+    const user: LocalUser = JSON.parse(
+      window.localStorage.getItem(username.trim().toLowerCase())
+    );
     if (user) {
       if (passwordEqualsEncrypted(password, user.encryptedPassword)) {
         await this.handleSuccessfulLogin(user);
@@ -118,7 +120,10 @@ export class LocalSession extends SessionService {
       roles: user.roles,
       encryptedPassword: encryptPassword(password),
     };
-    window.localStorage.setItem(localUser.name, JSON.stringify(localUser));
+    window.localStorage.setItem(
+      localUser.name.trim().toLowerCase(),
+      JSON.stringify(localUser)
+    );
     // Update when already logged in
     if (this.getCurrentUser()?.name === localUser.name) {
       this.currentDBUser = localUser;

src/assets/keycloak.json

@@ -1,10 +1,8 @@
 {
-  "realm": "ndb-dev",
+  "realm": "dev",
   "auth-server-url": "https://keycloak.aam-digital.com/",
   "ssl-required": "external",
   "resource": "app",
   "public-client": true,
-  "verify-token-audience": true,
-  "use-resource-role-mappings": true,
   "confidential-port": 0
 }