Merge pull request #157 from EBISPOT/develop

Develop

Author: ala-ebi

package-lock.json

@@ -8,7 +8,7 @@
     "test": "ng test",
     "lint": "ng lint",
     "e2e": "ng e2e",
-    "start-json-server" : "json-server --watch json-server/db.json --delay 800 --routes json-server/routes.json",
+    "start-json-server": "json-server --watch json-server/db.json --delay 800 --routes json-server/routes.json",
     "start-fake": "(start npm run start-json-server && ng serve) || (npm run start-json-server & ng serve)"
   },
   "private": true,
@@ -23,6 +23,7 @@
     "@angular/platform-browser": "~11.2.6",
     "@angular/platform-browser-dynamic": "~11.2.6",
     "@angular/router": "~11.2.6",
+    "angular-oauth2-oidc": "^10.0.3",
     "json-server": "^0.16.3",
     "jwt-decode": "^2.2.0",
     "ng2-file-upload": "^1.4.0",

package.json

@@ -1,26 +1,32 @@
 import { NgModule } from '@angular/core';
 import { RouterModule, Routes } from '@angular/router';
+import { AuthGuard } from './core/guards/auth.guard';
 
 const routes: Routes = [
   {
     path: 'submissions',
-    loadChildren: () => import('./feature/submission/submission.module').then(m => m.SubmissionModule)
+    loadChildren: () => import('./feature/submission/submission.module').then(m => m.SubmissionModule),
+    canActivate: [AuthGuard]
   },
   {
     path: 'reported-traits',
-    loadChildren: () => import('./feature/reported-trait/reported-trait.module').then(m => m.ReportedTraitModule)
+    loadChildren: () => import('./feature/reported-trait/reported-trait.module').then(m => m.ReportedTraitModule),
+    canActivate: [AuthGuard]
   },
   {
     path: 'efo-traits',
-    loadChildren: () => import('./feature/efo-trait/efo-trait.module').then(m => m.EfoTraitModule)
+    loadChildren: () => import('./feature/efo-trait/efo-trait.module').then(m => m.EfoTraitModule),
+    canActivate: [AuthGuard]
   },
   {
     path: 'studies',
-    loadChildren: () => import('./feature/study/study.module').then(m => m.StudyModule)
+    loadChildren: () => import('./feature/study/study.module').then(m => m.StudyModule),
+    canActivate: [AuthGuard]
   },
   {
     path: 'publications',
-    loadChildren: () => import('./feature/publication/publication.module').then(m => m.PublicationModule)
+    loadChildren: () => import('./feature/publication/publication.module').then(m => m.PublicationModule),
+    canActivate: [AuthGuard]
   },
   {
     path: 'login',

src/app/app-routing.module.ts

@@ -1,19 +1,21 @@
-import { Component } from '@angular/core';
+import { Component, OnInit } from '@angular/core';
 import {ActivationEnd, Router} from '@angular/router';
 
 @Component({
   selector: 'app-root',
   templateUrl: 'app.component.html',
   styleUrls: ['app.component.css']
 })
-export class AppComponent {
-
-  routePath: string;
+export class AppComponent implements OnInit {
   constructor(private router: Router) {
-    router.events.subscribe((val) => {
+    this.router.events.subscribe((val) => {
       if (val instanceof ActivationEnd) {
         this.routePath = val.snapshot.routeConfig.path;
       }
     });
   }
+
+  routePath: string;
+
+  ngOnInit() {}
 }

src/app/app.component.ts

@@ -1,9 +1,30 @@
 import { BrowserModule } from '@angular/platform-browser';
-import { NgModule } from '@angular/core';
+import { APP_INITIALIZER, NgModule } from '@angular/core';
 import { AppRoutingModule } from './app-routing.module';
 import { AppComponent } from './app.component';
 import { CoreModule } from './core/core.module';
 import { SharedModule } from './shared/shared.module';
+import { AuthConfig, OAuthModule, OAuthService, OAuthStorage } from 'angular-oauth2-oidc';
+
+export function storageFactory(): OAuthStorage {
+  return localStorage;
+}
+
+export function initializeApp(oauthService: OAuthService) {
+  return (): Promise<any> => {
+    const authConfig: AuthConfig = {
+      issuer: 'https://www.ebi.ac.uk/mi/keycloak/realms/gwas',
+      redirectUri: `${window.location.origin}/gwas/depo-curation`,
+      clientId: 'deposition',
+      responseType: 'code',
+      scope: 'profile email',
+      // showDebugInformation: true,
+      disablePKCE: false
+    };
+    oauthService.configure(authConfig);
+    return oauthService.loadDiscoveryDocumentAndTryLogin();
+  };
+}
 
 @NgModule({
   declarations: [
@@ -13,9 +34,18 @@ import { SharedModule } from './shared/shared.module';
     BrowserModule,
     AppRoutingModule,
     CoreModule,
-    SharedModule
+    SharedModule,
+    OAuthModule.forRoot()
+  ],
+  providers: [
+    {
+      provide: APP_INITIALIZER,
+      useFactory: initializeApp,
+      deps: [OAuthService],
+      multi: true
+    },
+    { provide: OAuthStorage, useFactory: storageFactory }
   ],
-  providers: [],
   bootstrap: [AppComponent]
 })
 export class AppModule {

src/app/app.module.ts

@@ -1,21 +1,18 @@
 import { Injectable } from '@angular/core';
-import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot, Router } from '@angular/router';
+import { ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot } from '@angular/router';
 import { AuthService } from '../services/auth.service';
-import { TokenStorageService } from '../services/token-storage.service';
 
 @Injectable({
   providedIn: 'root'
 })
 export class AuthGuard implements CanActivate {
-
-  constructor(private authService: AuthService, private tss: TokenStorageService) {
-  }
+  constructor(private authService: AuthService, private router: Router) {}
 
   canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean {
-    if (this.authService.loggedIn() && this.authService.isCurator()) {
+    if (this.authService.isLoggedIn()) {
       return true;
     } else {
-      this.tss.signOut(state.url);
+      this.router.navigate(['/login'], { queryParams: { returnUrl: state.url } });
       return false;
     }
   }

src/app/core/guards/auth.guard.ts

@@ -1,87 +1,40 @@
 import { Injectable } from '@angular/core';
-import { HttpClient } from '@angular/common/http';
-import { TokenStorageService } from './token-storage.service';
-import jwt_decode from 'jwt-decode';
 import { environment } from '../../../environments/environment';
+import { AuthConfig, OAuthService } from 'angular-oauth2-oidc';
 import { Router } from '@angular/router';
 
 @Injectable({
   providedIn: 'root'
 })
 export class AuthService {
 
-  constructor(private http: HttpClient, private tokenStorageService: TokenStorageService, private router: Router) {
-
-  }
-
-  loggedIn() {
-    return !!this.tokenStorageService.getToken();
+  constructor(public oauthService: OAuthService, private router: Router) {
   }
 
   isCurator() {
-    if (environment.WHITELISTED_CURATORS.indexOf(this.getDecodedToken()?.email) > -1) {
+    if (environment.WHITELISTED_CURATORS.indexOf(this.getEmail()) > -1) {
       return true;
     }
-    return this.getDecodedToken()?.domains?.indexOf('self.GWAS_Curator') > -1;
-  }
-
-  getDecodedToken() {
-    const jwtToken = this.tokenStorageService.getToken();
-    const decoded = jwt_decode(jwtToken);
-    if (Date.now() > decoded.exp * 1000) {
-      this.tokenStorageService.signOut();
-    }
-    return decoded;
+    return this.getDomains().indexOf('self.GWAS_Curator') > -1;
   }
 
   login() {
-    const width = 650;
-    const height = 1000;
-    let left = -1;
-    let top = -1;
-
-    if (left < 0) {
-      const screenWidth = window.screen.width;
-      if (screenWidth > width) {
-        left = Math.round((screenWidth - width) / 2);
-      }
-    }
-    if (top < 0) {
-      const screenHeight = window.screen.height;
-      if (screenHeight > height) {
-        top = Math.round((screenHeight - height) / 2);
-      }
-    }
+    this.oauthService.initLoginFlow();
+  }
 
-    const windowOptions = [
-      `width=${width}`,
-      `height=${height}`,
-      `left=${left}`,
-      `top=${top}`,
-      'personalbar=no',
-      'toolbar=no',
-      'scrollbars=yes',
-      'resizable=yes',
-      'directories=no',
-      'location=no',
-      'menubar=no',
-      'titlebar=no',
-      'toolbar=no'
-    ];
-    const loginWindow = window.open(environment.AAPURL + '/sso?from=' + location.origin + '&ttl=180',
-      'Sign in to Elixir', windowOptions.join(','));
+  isLoggedIn(): boolean {
+    return this.oauthService.hasValidAccessToken();
+  }
 
-    if (loginWindow) {
-      loginWindow.focus();
-    }
-    return loginWindow;
+  logout() {
+    this.oauthService.logOut();
   }
 
-  saveToken(token: string) {
-    this.tokenStorageService.saveToken(token);
+  getEmail() {
+    return this.oauthService.getIdentityClaims['email'];
   }
 
-  logout() {
-    window.localStorage.removeItem('id_token');
+  getDomains() {
+    return this.oauthService.getIdentityClaims['domains'];
   }
 }

src/app/core/services/auth.service.ts

@@ -2,7 +2,7 @@ import { Injectable } from '@angular/core';
 import { Router, RouterStateSnapshot } from '@angular/router';
 import { MatDialog } from '@angular/material/dialog';
 
-const TOKEN_KEY = 'id_token';
+const TOKEN_KEY = 'access_token';
 
 @Injectable({
   providedIn: 'root'
@@ -13,15 +13,10 @@ export class TokenStorageService {
   }
 
   signOut(guardReturnUri?: string) {
-    setTimeout('alert("SESSION EXPIRED")', 1);
-    this.dialog.closeAll();
+    // setTimeout('alert("SESSION EXPIRED")', 1);
+    // this.dialog.closeAll();
     this.router.navigate(['/login'], {queryParams: {returnUrl: guardReturnUri ? guardReturnUri : 'home'}}).then();
-    window.localStorage.removeItem(TOKEN_KEY);
-  }
-
-  public saveToken(token: string) {
-    window.localStorage.removeItem(TOKEN_KEY);
-    window.localStorage.setItem(TOKEN_KEY, token);
+    // window.localStorage.removeItem(TOKEN_KEY);
   }
 
   public getToken(): string {

src/app/core/services/token-storage.service.ts

@@ -1,5 +1,5 @@
 .login-divider-container{
-  margin-left: 65px; margin-bottom: 40px; margin-top: 40px;
+  margin: 40px;
 }
 .login-divider-container .mat-divider{
   width: 37%; display: inline-block;

src/app/feature/authentication/pages/login/login.component.css

@@ -8,17 +8,12 @@
 
     <div class="text-center text-2xl mt-4 mb-8"> GWAS Curation App </div>
 
-    <div class="mb-4">
-      <button class="gwas-button-wide card-3b " (click)="login()" mat-raised-button color="primary">
-        <img class="inline h-8 w-8" src="assets/images/elixir-white-orange-logo.png" alt="">-
-        Sign in with Elixir identity!
-      </button>
+    <div class="mb-4 flex justify-center items-center">
+      <img class="card-3b cursor-pointer" (click)="login()" alt="CILogon" src="https://cilogon.org/images/cilogon-ci-32-g.png"/>
     </div>
 
     <div class="login-divider-container">
-      <mat-divider></mat-divider>
-      <span> or </span>
-      <mat-divider></mat-divider>
+      <mat-divider class="w-full"></mat-divider>
     </div>
 
     <div class="mb-4">