GN5 / Add sign in/out support

core/src/main/java/org/fao/geonet/kernel/security/jwtheaders/JwtHeadersSecurityConfig.java

@@ -22,7 +22,10 @@
  */
 package org.fao.geonet.kernel.security.jwtheaders;
 
+import org.fao.geonet.exceptions.BadParameterEx;
 import org.fao.geonet.kernel.security.SecurityProviderConfiguration;
+import static org.fao.geonet.kernel.security.SecurityProviderConfiguration.LoginType.AUTOLOGIN;
+import static org.fao.geonet.kernel.security.SecurityProviderConfiguration.LoginType.parse;
 
 /**
  * GeoNetwork only allows one SecurityProviderConfiguration bean.
@@ -32,8 +35,8 @@
  */
 public class JwtHeadersSecurityConfig implements SecurityProviderConfiguration {
 
+    private String loginType = AUTOLOGIN.toString();
 
-    public SecurityProviderConfiguration.LoginType loginType = SecurityProviderConfiguration.LoginType.AUTOLOGIN;
     /**
      * true -> update the DB with the information from OIDC (don't allow user to edit profile in the UI)
      * false -> don't update the DB (user must edit profile in UI).
@@ -50,7 +53,27 @@ public class JwtHeadersSecurityConfig implements SecurityProviderConfiguration {
 
 
     public JwtHeadersSecurityConfig() {
+    }
 
+    @Override
+    public String getLoginType() {
+        return loginType;
+    }
+
+    public void setLoginType(String loginType) {
+        LoginType parsedLoginType = parse(loginType);
+        switch(parsedLoginType) {
+            case FORM:
+            case AUTOLOGIN:
+                break;
+            case DEFAULT:
+                parsedLoginType= AUTOLOGIN;
+                break;
+            default:
+                // Currently don't support anything else
+                throw new BadParameterEx("loginType", parsedLoginType.toString());
+        }
+        this.loginType = parsedLoginType.toString();
     }
 
     public boolean isUpdateProfile() {
@@ -72,11 +95,6 @@ public void setUpdateGroup(boolean updateGroup) {
         this.updateGroup = updateGroup;
     }
 
-    //@Override
-    public String getLoginType() {
-        return loginType.toString();
-    }
-
     // @Override
     public String getSecurityProvider() {
         return "JWT-HEADERS";
@@ -88,12 +106,9 @@ public boolean isUserProfileUpdateEnabled() {
         return !updateProfile;
     }
 
-    //========================================================================
-
     // @Override
     public boolean isUserGroupUpdateEnabled() {
         // If updating group from the security provider then disable the group updates in the interface
         return !updateGroup;
     }
-
 }

web-ui/src/main/resources/catalog/components/toolbar/partials/menu-signin.html

@@ -70,7 +70,7 @@
     data-ng-if="!authenticated && service !== 'catalog.signin' && service !== 'new.account' && isShowLoginAsLink"
   >
     <a
-      href="{{signInFormAction}}?_csrf={{csrf}}&redirectUrl={{redirectUrlAfterSign}}"
+      href="{{gnCfg.mods.authentication.signinUrl}}?_csrf={{csrf}}&redirectUrl={{redirectUrlAfterSign}}"
       title="{{'signIn'|translate}}"
       class="gn-menuheader-xs"
       data-ng-keypress="$event"
@@ -86,7 +86,7 @@
     data-ng-if="!authenticated && service !== 'catalog.signin' && service !== 'new.account' && !isShowLoginAsLink && !isDisableLoginForm"
   >
     <a
-      href="{{gnCfg.mods.authentication.signinUrl | signInLink}}"
+      href="{{signInFormLinkWithHash}}"
       title="{{'signIn'|translate}}"
       class="dropdown-toggle gn-menuheader-xs"
       data-ng-keypress="$event"
@@ -102,7 +102,7 @@
       <form
         name="gnSigninForm"
         class="navbar-form"
-        action="{{signInFormAction}}"
+        action="{{signInFormActionWithHash}}"
         method="post"
         role="form"
       >

web-ui/src/main/resources/catalog/js/CatController.js

@@ -1265,7 +1265,11 @@
           authentication: {
             enabled: true,
             signinUrl: "../../{{node}}/{{lang}}/catalog.signin",
+            signinAPI: "../../signin",
             signoutUrl: "../../signout"
+            // GN5 configuration
+            // signinAPI: "../../api/user/signin",
+            // signoutUrl: "../../api/user/signout"
           },
           page: {
             enabled: true,
@@ -1838,8 +1842,11 @@
         }
       });
 
-      // login url for inline signin form in top toolbar
-      $scope.signInFormAction = "../../signin#" + $location.url();
+      // login url and form action with hash reference to the current page
+      $scope.signInFormLinkWithHash =
+        $scope.gnCfg.mods.authentication.signinUrl + "#" + $location.url();
+      $scope.signInFormActionWithHash =
+        $scope.gnCfg.mods.authentication.signinAPI + "#" + $location.url();
 
       // when the login input have focus, do not close the dropdown/popup
       $scope.focusLoginPopup = function () {

web-ui/src/main/resources/catalog/js/LoginController.js

@@ -67,7 +67,6 @@
       $q,
       gnLangs
     ) {
-      $scope.formAction = "../../signin#" + $location.url();
       $scope.registrationStatus = null;
       $scope.sendPassword = false;
       $scope.password = null;

web-ui/src/main/resources/catalog/templates/signin.html

@@ -40,7 +40,7 @@ <h1 data-translate="">loginTitle</h1>
           <form
             class="form-horizontal"
             name="gnSigninForm"
-            action="{{formAction}}"
+            action="{{signInFormActionWithHash}}"
             method="post"
             role="form"
             data-ng-if="::user"

web-ui/src/main/resources/catalog/views/default/templates/recordView/recordView.html

@@ -45,7 +45,7 @@
       <span
         data-ng-hide="user"
         data-translate=""
-        data-translate-values="{signInFormAction: '{{signInFormAction}}', csrf: '{{csrf}}', redirectUrlAfterSign: '{{redirectUrlAfterSign}}'}"
+        data-translate-values="{signInFormAction: '{{signInFormLinkWithHash | signInLink}}}', csrf: '{{csrf}}', redirectUrlAfterSign: '{{redirectUrlAfterSign}}'}"
       >
         trySignIn
       </span>

web/src/main/webapp/WEB-INF/config-security/config-security-gn5-overrides.properties

@@ -47,5 +47,6 @@ jwtheadersConfiguration.JwtConfiguration.validateTokenAudienceClaimValue=${JWTHE
 jwtheadersConfiguration.JwtConfiguration.validateTokenSignature=${JWTHEADERS_ValidateTokenSignature:true}
 jwtheadersConfiguration.JwtConfiguration.validateTokenSignatureURL=${JWTHEADERS_ValidateTokenSignatureURL:""}
 
+jwtHeadersSecurityConfig.loginType=form
 jwtHeadersSecurityConfig.UpdateProfile=${JWTHEADERS_UpdateProfile:false}
 jwtHeadersSecurityConfig.UpdateGroup=${JWTHEADERS_UpdateGroup:false}

web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers-base.xml

@@ -33,7 +33,10 @@
           http://www.springframework.org/schema/util
           http://www.springframework.org/schema/util/spring-util.xsd">
 
-  <bean id ="jwtHeadersSecurityConfig" class="org.fao.geonet.kernel.security.jwtheaders.JwtHeadersSecurityConfig"/>
+  <bean id="jwtHeadersSecurityConfig"
+        class="org.fao.geonet.kernel.security.jwtheaders.JwtHeadersSecurityConfig">
+    <property name="loginType" value="${jwtHeadersSecurityConfig.loginType}"/>
+  </bean>
 
   <bean id ="jwtheadersConfiguration" class="org.fao.geonet.kernel.security.jwtheaders.JwtHeadersConfiguration">
     <constructor-arg ref ="jwtHeadersSecurityConfig" />

web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers-overrides.properties

@@ -47,5 +47,6 @@ jwtheadersConfiguration.JwtConfiguration.validateTokenAudienceClaimValue=${JWTHE
 jwtheadersConfiguration.JwtConfiguration.validateTokenSignature=${JWTHEADERS_ValidateTokenSignature:true}
 jwtheadersConfiguration.JwtConfiguration.validateTokenSignatureURL=${JWTHEADERS_ValidateTokenSignatureURL:""}
 
+jwtHeadersSecurityConfig.loginType=autologin
 jwtHeadersSecurityConfig.UpdateProfile=${JWTHEADERS_UpdateProfile:true}
 jwtHeadersSecurityConfig.UpdateGroup=${JWTHEADERS_UpdateGroup:true}