Merge pull request #1490 from ral-facilities/feature/icat-oidc-auth-#494

Add OIDC support #494

Author: louise-davies

.husky/common.sh

@@ -1,5 +1 @@
-#!/bin/sh
-. "$(dirname "$0")/_/husky.sh"
-. "$(dirname "$0")/common.sh"
-
 yarn lint-staged

.husky/pre-commit

@@ -8,6 +8,6 @@ export default defineConfig({
     openMode: 0,
   },
   e2e: {
-    baseUrl: 'http://127.0.0.1:3000',
+    baseUrl: 'http://localhost:3000',
   },
 });

cypress.config.ts

@@ -104,7 +104,7 @@ describe('Login', () => {
       .contains('button', 'Sign in')
       .click();
 
-    cy.url().should('eq', 'http://127.0.0.1:3000/');
+    cy.url().should('eq', 'http://localhost:3000/');
 
     cy.window().then(
       (window) =>
@@ -125,7 +125,7 @@ describe('Login', () => {
       .contains('button', 'Sign in')
       .click();
 
-    cy.url().should('eq', 'http://127.0.0.1:3000/');
+    cy.url().should('eq', 'http://localhost:3000/');
 
     cy.window().then(
       (window) =>
@@ -146,7 +146,7 @@ describe('Login', () => {
       .contains('button', 'Sign in')
       .click();
 
-    cy.url().should('eq', 'http://127.0.0.1:3000/');
+    cy.url().should('eq', 'http://localhost:3000/');
 
     let storedToken: string | null;
 
@@ -177,12 +177,12 @@ describe('Login', () => {
   it('should redirect to logout page if logged in and navigating to login page', () => {
     cy.login('username', 'password');
     cy.visit('/login');
-    cy.url().should('eq', 'http://127.0.0.1:3000/logout');
+    cy.url().should('eq', 'http://localhost:3000/logout');
   });
 
   it('should redirect to Home page if not logged in and navigating to logout page', () => {
     cy.visit('/logout');
-    cy.url().should('eq', 'http://127.0.0.1:3000/login');
+    cy.url().should('eq', 'http://localhost:3000/login');
   });
 
   it('should redirect to login page when navigating to a plugin then back to the plugin after login', () => {
@@ -199,7 +199,7 @@ describe('Login', () => {
       .contains('button', 'Sign in')
       .click();
 
-    cy.url().should('eq', 'http://127.0.0.1:3000/plugin1');
+    cy.url().should('eq', 'http://localhost:3000/plugin1');
     cy.get('#demo_plugin').contains('Demo Plugin').should('be.visible');
   });
 
@@ -439,6 +439,34 @@ describe('Login', () => {
       cy.get('[aria-label="Open user menu"]').should('be.visible');
     });
 
+    it('should be able to login via SSO after auto login and be displayed as logged in', () => {
+      cy.visit('/login');
+
+      cy.get('#select-mnemonic').click();
+      cy.contains('Keycloak').click();
+
+      cy.url().as('originUrl', { type: 'static' });
+
+      cy.contains('button', 'Login with Keycloak').click();
+
+      cy.url().should('include', 'http://localhost:8081');
+      // login to keycloak
+      cy.origin('http://localhost:8081', () => {
+        cy.get('#username').type('test');
+        cy.get('#password').type('password');
+        cy.get('#kc-login').click();
+      });
+
+      // redirect?
+      // cy.origin()
+      cy.get('@originUrl').then((url) => {
+        cy.url().should('include', url);
+      });
+
+      cy.contains('Sign out').should('exist');
+      cy.get('[aria-label="Open user menu"]').should('be.visible');
+    });
+
     it('should autoLogin after logout', () => {
       window.localStorage.setItem(
         'scigateway:token',
@@ -488,4 +516,76 @@ describe('Login', () => {
       cy.contains('Unable to create anonymous session').should('not.exist');
     });
   });
+
+  describe('OIDC', () => {
+    beforeEach(() => {
+      cy.intercept('/settings.json', {
+        plugins: [
+          {
+            name: 'demo_plugin',
+            src: '/plugins/e2e-plugin/main.js',
+            enable: true,
+            location: 'main',
+          },
+        ],
+        'ui-strings': 'res/default.json',
+        'auth-provider': 'oidc',
+        authUrl: 'http://localhost:8000',
+        autoLogin: true,
+        'help-tour-steps': [],
+      });
+    });
+
+    it('should be able to login via SSO PKCE and be displayed as logged in', () => {
+      cy.visit('/login');
+
+      cy.url().as('originUrl', { type: 'static' });
+
+      cy.get('#select-mnemonic').click();
+      cy.contains('Keycloak (PKCE)').click();
+
+      cy.contains('button', 'Login with Keycloak (PKCE)').click();
+
+      cy.url().should('include', 'http://localhost:8081');
+      // login to keycloak
+      cy.origin('http://localhost:8081', () => {
+        cy.get('#username').type('test');
+        cy.get('#password').type('password');
+        cy.get('#kc-login').click();
+      });
+
+      cy.get('@originUrl').then((url) => {
+        cy.url().should('include', url);
+      });
+
+      cy.contains('Sign in').should('not.exist');
+      cy.get('[aria-label="Open user menu"]').should('be.visible');
+    });
+
+    it('should be able to login via SSO non-PKCE and be displayed as logged in', () => {
+      // test that redirect from an authorised route will take you back
+      cy.visit('/plugin1');
+
+      cy.url().as('originUrl', { type: 'static' });
+
+      cy.get('#select-mnemonic').click();
+      cy.contains('Keycloak (Non-PKCE)').click();
+
+      cy.contains('button', 'Login with Keycloak (Non-PKCE)').click();
+
+      cy.url().should('include', 'http://localhost:8081');
+      // login to keycloak
+      cy.origin('http://localhost:8081', () => {
+        cy.get('#username').type('test');
+        cy.get('#password').type('password');
+        cy.get('#kc-login').click();
+      });
+
+      cy.get('@originUrl').then((url) => {
+        cy.url().should('include', url);
+      });
+
+      cy.get('#demo_plugin').contains('h2', '/plugin1').should('be.visible');
+    });
+  });
 });

cypress/e2e/login.cy.ts

@@ -59,7 +59,7 @@ describe('Scigateway', () => {
       .contains('button', 'Sign in')
       .click();
 
-    cy.url().should('eq', 'http://127.0.0.1:3000/');
+    cy.url().should('eq', 'http://localhost:3000/');
 
     cy.get('button[aria-label="Close navigation menu"]').should('exist');
     cy.get('button[aria-label="Help page"]').click();

cypress/e2e/scigateway_frontend.cy.ts

@@ -24,18 +24,14 @@
     "browserslist": "4.25.0",
     "browserslist-to-esbuild": "2.1.1",
     "connected-react-router": "6.9.3",
-    "cookie-parser": "1.4.5",
-    "express": "4.20.0",
     "husky": "9.1.7",
     "i18next": "25.4.2",
     "i18next-browser-languagedetector": "8.2.0",
     "i18next-http-backend": "3.0.2",
     "js-cookie": "3.0.1",
-    "jsonwebtoken": "9.0.0",
     "loglevel": "1.9.1",
     "prettier": "3.6.0",
     "prop-types": "15.8.1",
-    "query-string": "7.1.1",
     "react": "18.3.1",
     "react-dom": "18.3.1",
     "react-i18next": "14.1.3",
@@ -61,12 +57,12 @@
     "lint:cypress": "eslint --ext=tsx --ext=js --ext=jsx --fix ./cypress",
     "serve:plugins": "node micro-frontend-tools/serve-plugins.js",
     "build:e2e": "cross-env GENERATE_SOURCEMAP=false yarn build",
-    "e2e:serve": "yarn build:e2e && concurrently \"node server/auth-server.js e2e\" \"node ./server/e2e-test-server.js\"",
-    "e2e:interactive": "start-server-and-test e2e:serve http://localhost:3000 cy:open",
-    "e2e": "start-server-and-test e2e:serve http://localhost:3000 cy:run",
+    "e2e:serve": "yarn build:e2e && concurrently \"node server/auth-server.js e2e\" \"node ./server/e2e-test-server.js\" \"docker compose -f server/keycloak/docker-compose.yml up -d\"",
+    "e2e:interactive": "start-server-and-test e2e:serve \"http://localhost:3000|http://localhost:8081/realms/testrealm/.well-known/openid-configuration\" cy:open",
+    "e2e": "start-server-and-test e2e:serve \"http://localhost:3000|http://localhost:8081/realms/testrealm/.well-known/openid-configuration\" cy:run",
     "cy:open": "cypress open",
     "cy:run": "cypress run",
-    "postinstall": "husky install; yarn copy-cdn-fallbacks",
+    "postinstall": "husky; yarn copy-cdn-fallbacks",
     "copy-cdn-fallbacks": "node -e \"const fs = require('fs'); fs.copyFile('node_modules/react/umd/react.production.min.js', 'public/react.production.min.js', (err) => { if (err) throw err;}); fs.copyFile('node_modules/react-dom/umd/react-dom.production.min.js', 'public/react-dom.production.min.js', (err) => { if (err) throw err;});\""
   },
   "lint-staged": {
@@ -96,6 +92,7 @@
     "@vitest/coverage-v8": "2.1.9",
     "axios-mock-adapter": "1.22.0",
     "concurrently": "9.2.0",
+    "cookie-parser": "1.4.5",
     "cors": "2.8.5",
     "cross-env": "10.0.0",
     "cypress": "14.5.0",
@@ -108,8 +105,11 @@
     "eslint-plugin-react": "7.37.5",
     "eslint-plugin-react-hooks": "5.2.0",
     "eslint-plugin-testing-library": "7.6.3",
+    "express": "4.20.0",
     "globals": "^16.1.0",
     "jsdom": "24.1.3",
+    "jsonwebtoken": "9.0.0",
+    "jwks-rsa": "3.2.0",
     "lint-staged": "16.1.5",
     "redux-mock-store": "1.5.4",
     "serve": "14.2.0",