ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: rewrite AuthService to use ROLAC auth API with in-memory token storage

Browse Source 
- Replace GET /api/Token/Create (Basic Auth) with POST /api/Auth/login
- Add refresh() method using HttpOnly cookie (POST /api/Auth/refresh)
- Add initializeFromRefreshToken() for APP_INITIALIZER support
- logout() now fires POST /api/Auth/logout (fire-and-forget)
- Rename User interface to UserInfo (matches C# DTO: id, email, roles, languagePreference)
- All auth state is in-memory only (no localStorage)
- Fix downstream consumers: app.ts, header components, mfa-dialog, token-verification
- Fix tsconfig.spec.json: exclude legacy src/components and src/directives
- Add stub enums.model.ts and fix models/index.ts for pre-existing build errors

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Chris Chen
2026-05-26 20:47:43 -07:00
parent 4874f2a0a3
commit 62428cd2d4
12 changed files with 199 additions and 365 deletions
Download Patch File Download Diff File Expand all files Collapse all files
APP/src/app/app.ts
+2 -2
View File
@@ -22,7 +22,7 @@ export class App implements OnInit {
constructor(private authService: AuthService) { } constructor(private authService: AuthService) { }
ngOnInit(): void { ngOnInit(): void {
// Initialize authentication state from localStorage // Initialize authentication state from refresh token cookie
this.authService.initializeAuth(); this.authService.initializeFromRefreshToken();
} }
} }
APP/src/app/layout/header/header.component.ts
+3 -7
View File
@@ -9,7 +9,7 @@ import { DropDownsModule } from '@progress/kendo-angular-dropdowns';
import { IconsModule } from '@progress/kendo-angular-icons'; import { IconsModule } from '@progress/kendo-angular-icons';
import { SVGIcon, bellIcon, menuIcon, searchIcon, userIcon, logoutIcon } from '@progress/kendo-svg-icons'; import { SVGIcon, bellIcon, menuIcon, searchIcon, userIcon, logoutIcon } from '@progress/kendo-svg-icons';
import { LayoutService } from '../services/layout.service'; import { LayoutService } from '../services/layout.service';
import { AuthService, User } from '../../shared/services/auth.service'; import { AuthService, UserInfo } from '../../shared/services/auth.service';
import { Subject, takeUntil } from 'rxjs'; import { Subject, takeUntil } from 'rxjs';
@Component({ @Component({
@@ -35,7 +35,7 @@ export class HeaderComponent implements OnInit, OnDestroy {
public logoutIcon: SVGIcon = logoutIcon; public logoutIcon: SVGIcon = logoutIcon;
public userMenuItems: any[] = []; public userMenuItems: any[] = [];
public currentUser: User | null = null; public currentUser: UserInfo | null = null;
public isAuthenticated = false; public isAuthenticated = false;
public badgeAlign = { public badgeAlign = {
@@ -83,11 +83,7 @@ export class HeaderComponent implements OnInit, OnDestroy {
} }
public getDisplayName(): string { public getDisplayName(): string {
if (this.currentUser) { return this.currentUser?.email || '';
const fullName = `${this.currentUser.firstName} ${this.currentUser.lastName}`.trim();
return fullName || this.currentUser.email;
}
return '';
} }
private updateUserMenu(): void { private updateUserMenu(): void {
APP/src/app/portals/user-portal/components/user-header/user-header.component.ts
+3 -7
View File
@@ -8,7 +8,7 @@ import { InputsModule } from '@progress/kendo-angular-inputs';
import { DropDownsModule } from '@progress/kendo-angular-dropdowns'; import { DropDownsModule } from '@progress/kendo-angular-dropdowns';
import { IconsModule } from '@progress/kendo-angular-icons'; import { IconsModule } from '@progress/kendo-angular-icons';
import { SVGIcon, bellIcon, menuIcon, searchIcon, userIcon, logoutIcon } from '@progress/kendo-svg-icons'; import { SVGIcon, bellIcon, menuIcon, searchIcon, userIcon, logoutIcon } from '@progress/kendo-svg-icons';
import { AuthService, User } from '../../../../shared/services/auth.service'; import { AuthService, UserInfo } from '../../../../shared/services/auth.service';
import { LayoutService } from '../../../../layout/services/layout.service'; import { LayoutService } from '../../../../layout/services/layout.service';
import { Subject, takeUntil } from 'rxjs'; import { Subject, takeUntil } from 'rxjs';
@@ -35,7 +35,7 @@ export class UserHeaderComponent implements OnInit, OnDestroy {
public logoutIcon: SVGIcon = logoutIcon; public logoutIcon: SVGIcon = logoutIcon;
public userMenuItems: any[] = []; public userMenuItems: any[] = [];
public currentUser: User | null = null; public currentUser: UserInfo | null = null;
public badgeAlign = { public badgeAlign = {
vertical: 'top' as const, vertical: 'top' as const,
@@ -81,11 +81,7 @@ export class UserHeaderComponent implements OnInit, OnDestroy {
} }
public getDisplayName(): string { public getDisplayName(): string {
if (this.currentUser) { return this.currentUser?.email || '';
const fullName = `${this.currentUser.firstName} ${this.currentUser.lastName}`.trim();
return fullName || this.currentUser.email;
}
return '';
} }
private updateUserMenu(): void { private updateUserMenu(): void {
APP/src/app/portals/user-portal/pages/dashboard/dashboard.component.ts
+3 -7
View File
@@ -1,6 +1,6 @@
import { Component, OnInit } from '@angular/core'; import { Component, OnInit } from '@angular/core';
import { CommonModule } from '@angular/common'; import { CommonModule } from '@angular/common';
import { AuthService, User } from '../../../../shared/services/auth.service'; import { AuthService, UserInfo } from '../../../../shared/services/auth.service';
interface Transaction { interface Transaction {
id: string; id: string;
@@ -20,7 +20,7 @@ interface Transaction {
styleUrls: ['./dashboard.component.scss'] styleUrls: ['./dashboard.component.scss']
}) })
export class DashboardComponent implements OnInit { export class DashboardComponent implements OnInit {
currentUser: User | null = null; currentUser: UserInfo | null = null;
activeTransactions = 5; activeTransactions = 5;
pendingTasks = 12; pendingTasks = 12;
@@ -66,10 +66,6 @@ export class DashboardComponent implements OnInit {
} }
getDisplayName(): string { getDisplayName(): string {
if (this.currentUser) { return this.currentUser?.email || '';
const fullName = `${this.currentUser.firstName} ${this.currentUser.lastName}`.trim();
return fullName || this.currentUser.email;
}
return '';
} }
} }
APP/src/app/portals/user-portal/user-portal.component.ts
+3 -7
View File
@@ -2,7 +2,7 @@ import { Component, OnInit, OnDestroy, HostListener } from '@angular/core';
import { CommonModule } from '@angular/common'; import { CommonModule } from '@angular/common';
import { Router, NavigationEnd, RouterModule, RouterLink, RouterLinkActive } from '@angular/router'; import { Router, NavigationEnd, RouterModule, RouterLink, RouterLinkActive } from '@angular/router';
import { RouterOutlet } from '@angular/router'; import { RouterOutlet } from '@angular/router';
import { AuthService, User } from '../../shared/services/auth.service'; import { AuthService, UserInfo } from '../../shared/services/auth.service';
import { Subject, takeUntil, filter } from 'rxjs'; import { Subject, takeUntil, filter } from 'rxjs';
@Component({ @Component({
@@ -21,7 +21,7 @@ import { Subject, takeUntil, filter } from 'rxjs';
export class UserPortalComponent implements OnInit, OnDestroy { export class UserPortalComponent implements OnInit, OnDestroy {
sidebarCollapsed = false; sidebarCollapsed = false;
isMobile = false; isMobile = false;
currentUser: User | null = null; currentUser: UserInfo | null = null;
currentPageTitle = 'Dashboard'; currentPageTitle = 'Dashboard';
unreadMessages = 3; unreadMessages = 3;
unreadNotifications = 2; unreadNotifications = 2;
@@ -130,10 +130,6 @@ export class UserPortalComponent implements OnInit, OnDestroy {
} }
getDisplayName(): string { getDisplayName(): string {
if (this.currentUser) { return this.currentUser?.email || '';
const fullName = `${this.currentUser.firstName} ${this.currentUser.lastName}`.trim();
return fullName || this.currentUser.email;
}
return '';
} }
} }
APP/src/app/shared/mfa-dialog/mfa-dialog.component.ts
+2 -33
View File
@@ -4,7 +4,6 @@ import { FormsModule } from '@angular/forms';
import { ButtonsModule } from '@progress/kendo-angular-buttons'; import { ButtonsModule } from '@progress/kendo-angular-buttons';
import { IndicatorsModule } from '@progress/kendo-angular-indicators'; import { IndicatorsModule } from '@progress/kendo-angular-indicators';
import { AuthService, LoginCredentials, LoginResultType } from '../services/auth.service'; import { AuthService, LoginCredentials, LoginResultType } from '../services/auth.service';
import { take } from 'rxjs/operators';
const CODE_LENGTH = 6; const CODE_LENGTH = 6;
@@ -173,28 +172,8 @@ export class MfaDialogComponent {
this.processing = true; this.processing = true;
this.loginData.mfaCode = this.token; this.loginData.mfaCode = this.token;
// Check if this is token-based authentication // Handle login MFA verification
if ((this.loginData as any).tokenUser) { {
// Handle token-based MFA verification
this.authService.verifyMfaForToken(this.token, (this.loginData as any).tokenUser).subscribe({
next: (result) => {
this.processing = false;
if (result.result === LoginResultType.Success) {
this.mfaSuccess.emit(result.responseData);
this.visible = false;
} else {
this.isInvalidCode = true;
}
},
error: (error) => {
this.processing = false;
this.isInvalidCode = true;
console.error('MFA verification error:', error);
}
});
} else {
// Handle regular login MFA verification
this.authService.login(this.loginData).subscribe({ this.authService.login(this.loginData).subscribe({
next: (result) => { next: (result) => {
this.processing = false; this.processing = false;
@@ -230,17 +209,7 @@ export class MfaDialogComponent {
// Simulate resend MFA code - replace with actual service call // Simulate resend MFA code - replace with actual service call
console.log('Resending MFA code to:', this.loginData.email); console.log('Resending MFA code to:', this.loginData.email);
// Check if this is token-based authentication
if ((this.loginData as any).tokenUser) {
// Handle token-based MFA verification
this.authService.verifyMfaForToken(this.token, (this.loginData as any).tokenUser).pipe(
take(1)
).subscribe(result => {
this.setReSendCountDown();
});
} else {
//TODO: Implement resend MFA code for regular login //TODO: Implement resend MFA code for regular login
}
this.setReSendCountDown(); this.setReSendCountDown();
} }
APP/src/app/shared/models/enums.model.ts
+20
View File
@@ -0,0 +1,20 @@
// Placeholder enums — expand as the escrow module is built out
export enum EscrowStatus {
Open = 'Open',
Closed = 'Closed',
Cancelled = 'Cancelled'
}
export enum CbAssigneeRole {
None = 'None',
Buyer = 'Buyer',
Seller = 'Seller',
BuyerRealEstateAgent = 'BuyerRealEstateAgent',
SellerRealEstateAgent = 'SellerRealEstateAgent',
EscrowOfficer = 'EscrowOfficer',
EscrowAssignee = 'EscrowAssignee',
LoanBroker = 'LoanBroker',
Lender = 'Lender',
SellerTransactionCoordinator = 'SellerTransactionCoordinator',
BuyerTransactionCoordinator = 'BuyerTransactionCoordinator'
}
APP/src/app/shared/models/index.ts
+9
View File
@@ -1,2 +1,11 @@
// Export user models // Export user models
export * from './user.model'; export * from './user.model';
export * from './enums.model';
/** Address info used by string utilities */
export interface AddressInfo {
address: string;
city: string;
state: string;
zip: string;
}
APP/src/app/shared/models/user.model.ts
+2
View File
@@ -0,0 +1,2 @@
// User model placeholder — types live in auth.service.ts
export {};
APP/src/app/shared/services/auth.service.ts
+137 -286
View File
@@ -1,82 +1,36 @@
import { Injectable } from '@angular/core'; import { Injectable } from '@angular/core';
import { HttpClient, HttpHeaders } from '@angular/common/http'; import { HttpClient } from '@angular/common/http';
import { BehaviorSubject, Observable, of } from 'rxjs'; import { BehaviorSubject, Observable, of } from 'rxjs';
import { map, catchError } from 'rxjs/operators'; import { catchError, map, tap } from 'rxjs/operators';
import { ApiConfigService } from '../../core/services/api-config.service'; import { ApiConfigService } from '../../core/services/api-config.service';
export interface User { // ── Public interfaces ─────────────────────────────────────────────────────────
/** Matches the C# UserInfo DTO exactly. */
export interface UserInfo {
id: string; id: string;
username: string;
email: string; email: string;
firstName: string; roles: string[];
lastName: string; languagePreference: string;
createdAt: string; }
branchIds: string[];
token: string; /** Matches the C# LoginResponse DTO exactly. */
mfaVerified?: boolean; export interface ApiLoginResponse {
accessToken: string;
expiresIn: number;
user: UserInfo;
} }
export interface LoginCredentials { export interface LoginCredentials {
email: string; email: string;
password: string; password: string;
/** Reserved for future MFA support — ignored by the current API. */
mfaCode?: string; mfaCode?: string;
} }
export interface LoginResponse {
isAuthenticated: boolean;
requiresMfa: boolean;
token?: string;
expires?: string;
user?: UserDto;
message?: string;
}
export interface TokenCreateResponse {
token?: string;
mfaToken?: string;
access?: AccessDto[];
isAuthenticated?: boolean;
isAuthorized?: boolean;
isChangePassword?: boolean;
message?: string;
username?: string;
email?: string;
concurrentTabs?: number;
mfaType?: number;
mfaHint?: string;
Token?: string;
MfaToken?: string;
Access?: AccessDto[];
IsAuthenticated?: boolean;
IsAuthorized?: boolean;
IsChangePassword?: boolean;
Message?: string;
Username?: string;
Email?: string;
ConcurrentTabs?: number;
MfaType?: number;
MfaHint?: string;
}
export interface AccessDto {
branchName?: string;
redxBranch?: string;
BranchName?: string;
RedxBranch?: string;
}
export interface UserDto {
id: string;
username: string;
email: string;
firstName: string;
lastName: string;
createdAt: string;
branchIds: string[];
}
export enum LoginResultType { export enum LoginResultType {
Success = 'Success', Success = 'Success',
/** Kept dormant — the current API has no MFA endpoint. */
MfaRequired = 'MfaRequired', MfaRequired = 'MfaRequired',
InvalidCredentials = 'InvalidCredentials', InvalidCredentials = 'InvalidCredentials',
Error = 'Error' Error = 'Error'
@@ -84,145 +38,141 @@ export enum LoginResultType {
export interface LoginResult { export interface LoginResult {
result: LoginResultType; result: LoginResultType;
responseData?: User; responseData?: UserInfo;
message?: string; message?: string;
} }
export interface TokenVerificationResult { export interface TokenVerificationResult {
isValid: boolean; isValid: boolean;
user?: User; /** Constructed from JWT claims when using secret-link login. */
user?: UserInfo;
message?: string; message?: string;
expiresAt?: Date; expiresAt?: Date;
requiresMfa?: boolean; requiresMfa?: boolean;
} }
@Injectable({ // ── Service ───────────────────────────────────────────────────────────────────
providedIn: 'root'
}) @Injectable({ providedIn: 'root' })
export class AuthService { export class AuthService {
private currentUserSubject = new BehaviorSubject<User | null>(null);
public currentUser$ = this.currentUserSubject.asObservable(); /** In-memory only — never written to localStorage. */
private redirectUrl: string = '/dashboard'; accessToken$ = new BehaviorSubject<string | null>(null);
currentUser$ = new BehaviorSubject<UserInfo | null>(null);
/** Observable stream of the current user (null = not authenticated). */
public currentUser = this.currentUser$.asObservable();
private redirectUrl = '/dashboard';
constructor( constructor(
private http: HttpClient, private http: HttpClient,
private apiConfig: ApiConfigService private apiConfig: ApiConfigService
) {} ) {}
login(credentials: LoginCredentials): Observable<LoginResult> { // ── Auth API calls ──────────────────────────────────────────────────────
return this.authenticateUser(credentials);
}
private authenticateUser(credentials: LoginCredentials): Observable<LoginResult> { /**
const loginUrl = `${this.apiConfig.tokenUrl}/Create`; * Authenticate with email + password.
return this.http.get<TokenCreateResponse>(loginUrl, { * On success, stores the access token and user in memory and returns
headers: this.buildTokenCreateHeaders(credentials) * LoginResultType.Success. Never throws — errors are mapped to LoginResult.
}).pipe( */
map((response: TokenCreateResponse) => this.mapTokenCreateResponse(response, credentials)), login(credentials: LoginCredentials): Observable<LoginResult> {
catchError((error) => { return this.http.post<ApiLoginResponse>(
console.error('Login error:', error); `${this.apiConfig.authUrl}/login`,
{ email: credentials.email, password: credentials.password },
{ withCredentials: true }
).pipe(
tap(response => {
this.accessToken$.next(response.accessToken);
this.currentUser$.next(response.user);
}),
map(response => ({
result: LoginResultType.Success,
responseData: response.user
} as LoginResult)),
catchError(error => {
if (error.status === 401) {
return of({
result: LoginResultType.InvalidCredentials,
message: error.error?.message || 'Invalid email or password'
} as LoginResult);
}
return of({ return of({
result: LoginResultType.Error, result: LoginResultType.Error,
message: error.error?.message || 'An error occurred during login' message: error.error?.message || 'An error occurred during login'
}); } as LoginResult);
}) })
); );
} }
private buildTokenCreateHeaders(credentials: LoginCredentials): HttpHeaders { /**
let headers = new HttpHeaders({ * Silently exchange the HttpOnly `rolac_rt` cookie for a new access token.
Authorization: `Basic ${btoa(`${credentials.email}:${credentials.password}`)}` * Returns true on success, false if the cookie is absent or expired.
}); * Never throws.
*/
if (credentials.mfaCode) { refresh(): Observable<boolean> {
headers = headers.set('mfaCode', credentials.mfaCode); return this.http.post<ApiLoginResponse>(
} `${this.apiConfig.authUrl}/refresh`,
{},
return headers; { withCredentials: true }
} ).pipe(
tap(response => {
private mapTokenCreateResponse(response: TokenCreateResponse, credentials: LoginCredentials): LoginResult { this.accessToken$.next(response.accessToken);
const token = response.token || response.Token || ''; this.currentUser$.next(response.user);
const message = response.message || response.Message || ''; }),
const isAuthenticated = response.isAuthenticated ?? response.IsAuthenticated ?? false; map(() => true),
const isAuthorized = response.isAuthorized ?? response.IsAuthorized ?? false; catchError(() => of(false))
);
if (isAuthenticated && isAuthorized && token) {
return {
result: LoginResultType.Success,
responseData: this.mapUserFromTokenCreateResponse(response, credentials, token)
};
}
if (isAuthenticated && !token && this.isMfaRequired(message)) {
return {
result: LoginResultType.MfaRequired,
responseData: this.mapUserFromTokenCreateResponse(
response,
credentials,
response.mfaToken || response.MfaToken || ''
),
message
};
}
return {
result: isAuthenticated ? LoginResultType.Error : LoginResultType.InvalidCredentials,
message: message || 'Invalid email or password'
};
}
private mapUserFromTokenCreateResponse(
response: TokenCreateResponse,
credentials: LoginCredentials,
token: string
): User {
const username = response.username || response.Username || credentials.email;
const email = response.email || response.Email || credentials.email;
const access = response.access || response.Access || [];
return {
id: username || email,
username,
email,
firstName: '',
lastName: '',
createdAt: new Date().toISOString(),
branchIds: access
.map(item => item.redxBranch || item.RedxBranch || item.branchName || item.BranchName || '')
.filter(branchId => !!branchId),
token,
mfaVerified: !!credentials.mfaCode
};
}
private isMfaRequired(message: string): boolean {
return message.toLowerCase().includes('mfa verification required');
} }
/**
* Clears in-memory auth state immediately, then fires a fire-and-forget
* POST to revoke the server-side refresh token cookie.
*/
logout(): void { logout(): void {
this.currentUserSubject.next(null); this.accessToken$.next(null);
this.redirectUrl = '/dashboard'; this.currentUser$.next(null);
// Clear any stored tokens, etc. this.http.post(
localStorage.removeItem('currentUser'); `${this.apiConfig.authUrl}/logout`,
{},
{ withCredentials: true }
).pipe(
catchError(() => of(null))
).subscribe();
} }
getCurrentUser(): User | null { /**
return this.currentUserSubject.value; * Called by APP_INITIALIZER on every page load.
* Attempts to restore the session via the refresh token cookie.
* Always resolves — never rejects — so it cannot block app bootstrap.
*/
initializeFromRefreshToken(): Promise<void> {
return new Promise(resolve => {
this.refresh().subscribe(() => resolve());
});
} }
// ── State accessors ─────────────────────────────────────────────────────
getToken(): string | null { getToken(): string | null {
const user = this.currentUserSubject.value; return this.accessToken$.value;
return user?.token || null;
} }
isAuthenticated(): boolean { isAuthenticated(): boolean {
return this.currentUserSubject.value !== null; return this.currentUser$.value !== null;
} }
setCurrentUser(user: User): void { getCurrentUser(): UserInfo | null {
this.currentUserSubject.next(user); return this.currentUser$.value;
// Store user in localStorage for persistence }
localStorage.setItem('currentUser', JSON.stringify(user));
/**
* Manually set the current user — used by the MFA success callback
* and the secret-link token flow.
*/
setCurrentUser(user: UserInfo): void {
this.currentUser$.next(user);
} }
setRedirectUrl(url: string): void { setRedirectUrl(url: string): void {
@@ -233,167 +183,68 @@ export class AuthService {
return this.redirectUrl; return this.redirectUrl;
} }
// Initialize user from localStorage on app start // ── Secret-link token helpers (unchanged logic, updated types) ───────────
initializeAuth(): void {
const storedUser = localStorage.getItem('currentUser');
if (storedUser) {
try {
const user = JSON.parse(storedUser);
this.currentUserSubject.next(user);
} catch (error) {
console.error('Error parsing stored user:', error);
localStorage.removeItem('currentUser');
}
}
}
/** /**
* Verify JWT token from email link (local verification) * Verifies a JWT token received as a URL parameter (secret-link login).
* @param token The JWT token to verify * Performs local verification only — no API call.
* @returns Observable with verification result * Constructs a UserInfo from the JWT claims (id, email, roles,
* languagePreference).
*/ */
verifySecretLinkToken(token: string): Observable<TokenVerificationResult> { verifySecretLinkToken(token: string): Observable<TokenVerificationResult> {
try { try {
// Parse JWT token locally
const tokenData = this.parseJwtToken(token); const tokenData = this.parseJwtToken(token);
if (!tokenData) { if (!tokenData) {
return of({ return of({ isValid: false, message: 'Invalid token format' });
isValid: false,
message: 'Invalid token format'
});
} }
// Check if token is expired
if (this.isTokenExpired(token)) { if (this.isTokenExpired(token)) {
return of({ return of({
isValid: false, isValid: false,
message: 'This link has expired. Please request a new one.' message: 'This link has expired. Please request a new one.'
}); });
} }
console.log('tokenData', tokenData);
// Extract user data from token const user: UserInfo = {
const user: User = { id: tokenData.userId || tokenData.sub || tokenData.id || '',
id: tokenData.userId || tokenData.sub || tokenData.id,
username: tokenData.username || tokenData.preferred_username || '',
email: tokenData.email || tokenData.email_address || '', email: tokenData.email || tokenData.email_address || '',
firstName: tokenData.firstName || tokenData.given_name || tokenData.first_name || '', roles: Array.isArray(tokenData.roles)
lastName: tokenData.lastName || tokenData.family_name || tokenData.last_name || '', ? tokenData.roles
createdAt: tokenData.createdAt || tokenData.created_at || new Date().toISOString(), : tokenData.role ? [tokenData.role] : [],
branchIds: tokenData.branchIds || tokenData.branch_ids || [], languagePreference: tokenData.languagePreference || 'en'
token: token,
mfaVerified: false // Token users still need MFA verification
}; };
return of({ return of({
isValid: true, isValid: true,
user: user, user,
message: 'Token verified successfully. MFA required.', message: 'Token verified successfully. MFA required.',
expiresAt: tokenData.exp ? new Date(tokenData.exp * 1000) : undefined, expiresAt: tokenData.exp ? new Date(tokenData.exp * 1000) : undefined,
requiresMfa: true requiresMfa: true
}); });
} catch (error) { } catch (error) {
console.error('Token verification error:', error); return of({ isValid: false, message: 'Invalid or corrupted token' });
return of({
isValid: false,
message: 'Invalid or corrupted token'
});
} }
} }
/** /** Returns true if the JWT's `exp` claim is in the past. */
* Check if a token is expired locally (basic check)
* @param token JWT token to check
* @returns boolean indicating if token is expired
*/
isTokenExpired(token: string): boolean { isTokenExpired(token: string): boolean {
try { try {
const payload = JSON.parse(atob(token.split('.')[1])); const payload = JSON.parse(atob(token.split('.')[1]));
const currentTime = Math.floor(Date.now() / 1000); return payload.exp < Math.floor(Date.now() / 1000);
return payload.exp < currentTime; } catch {
} catch (error) { return true;
console.error('Error parsing token:', error);
return true; // Consider invalid tokens as expired
} }
} }
/**
* Parse JWT token and extract payload
* @param token JWT token to parse
* @returns parsed token data or null if invalid
*/
private parseJwtToken(token: string): any | null { private parseJwtToken(token: string): any | null {
try { try {
// Split token into parts
const parts = token.split('.'); const parts = token.split('.');
if (parts.length !== 3) { if (parts.length !== 3) return null;
return null; const decoded = atob(parts[1].replace(/-/g, '+').replace(/_/g, '/'));
} return JSON.parse(decoded);
} catch {
// Decode the payload (middle part)
const payload = parts[1];
const decodedPayload = atob(payload.replace(/-/g, '+').replace(/_/g, '/'));
return JSON.parse(decodedPayload);
} catch (error) {
console.error('Error parsing JWT token:', error);
return null;
}
}
/**
* Verify MFA code for token-based authentication
* @param mfaCode MFA code entered by user
* @param user User data from token verification
* @returns Observable with MFA verification result
*/
verifyMfaForToken(mfaCode: string, user: User): Observable<LoginResult> {
// For token-based users, we can either:
// 1. Verify MFA locally (if MFA code is embedded in token)
// 2. Make a server call to verify MFA
// For now, we'll simulate MFA verification
// In a real implementation, you might want to verify against a server
//TODO: Implement MFA verification
const loginUrl = `${this.apiConfig.authUrl}/mfa/token-login`;
return this.http.post<LoginResponse>(loginUrl, {
mfaToken: user.token,
mfaCode: mfaCode
}).pipe(
map((response: LoginResponse) => {
return {
result: LoginResultType.Success,
responseData: {
...user,
mfaVerified: true
},
message: 'MFA verification successful'
};
}),
catchError((error) => {
console.error('MFA verification error:', error);
return of({
result: LoginResultType.Error,
message: error.error?.message || 'An error occurred during MFA verification'
});
})
);
}
/**
* Extract token from URL parameters
* @param url URL containing token parameter
* @returns token string or null if not found
*/
extractTokenFromUrl(url: string): string | null {
try {
const urlObj = new URL(url);
return urlObj.searchParams.get('token');
} catch (error) {
console.error('Error parsing URL:', error);
return null; return null;
} }
} }
APP/src/app/shared/token-verification/token-verification.component.ts
+2 -8
View File
@@ -4,9 +4,8 @@ import { ActivatedRoute, Router } from '@angular/router';
import { IndicatorsModule } from '@progress/kendo-angular-indicators'; import { IndicatorsModule } from '@progress/kendo-angular-indicators';
import { ButtonsModule } from '@progress/kendo-angular-buttons'; import { ButtonsModule } from '@progress/kendo-angular-buttons';
import { DialogModule } from '@progress/kendo-angular-dialog'; import { DialogModule } from '@progress/kendo-angular-dialog';
import { AuthService, TokenVerificationResult, User } from '../services/auth.service'; import { AuthService, TokenVerificationResult, UserInfo } from '../services/auth.service';
import { MfaDialogComponent } from '../mfa-dialog/mfa-dialog.component'; import { MfaDialogComponent } from '../mfa-dialog/mfa-dialog.component';
import { take } from 'rxjs/operators';
@Component({ @Component({
selector: 'app-token-verification', selector: 'app-token-verification',
@@ -27,7 +26,7 @@ export class TokenVerificationComponent implements OnInit, AfterViewInit {
isVerifying = true; isVerifying = true;
verificationResult: TokenVerificationResult | null = null; verificationResult: TokenVerificationResult | null = null;
errorMessage = ''; errorMessage = '';
tokenUser: User | null = null; tokenUser: UserInfo | null = null;
constructor( constructor(
private route: ActivatedRoute, private route: ActivatedRoute,
@@ -76,12 +75,7 @@ export class TokenVerificationComponent implements OnInit, AfterViewInit {
if (result.requiresMfa) { if (result.requiresMfa) {
// Show MFA dialog for token-based authentication // Show MFA dialog for token-based authentication
console.log('Showing MFA dialog...'); console.log('Showing MFA dialog...');
this.authService.verifyMfaForToken('', result.user).pipe(
take(1)
).subscribe(result => {
this.showMfaDialog(); this.showMfaDialog();
});
} else { } else {
// If MFA is not required, proceed directly // If MFA is not required, proceed directly
console.log('MFA not required, proceeding directly...'); console.log('MFA not required, proceeding directly...');
APP/tsconfig.spec.json
+5
View File
@@ -10,5 +10,10 @@
}, },
"include": [ "include": [
"src/**/*.ts" "src/**/*.ts"
],
"exclude": [
"src/components/**",
"src/directives/**",
"src/utilities/**"
] ]
} }