ral-facilities · louise-davies · Feb 18, 2021
diff --git a/package.json b/package.json
@@ -14,6 +14,7 @@
     "js-cookie": "^2.2.0",
     "jsonwebtoken": "^8.5.1",
     "loglevel": "^1.7.0",
+    "oidc-client": "^1.11.5",
     "query-string": "^6.13.1",
     "react": "^16.13.1",
     "react-app-polyfill": "^1.0.6",

diff --git a/src/authentication/githubAuthProvider.tsx b/src/authentication/githubAuthProvider.tsx
@@ -16,6 +16,9 @@ export default class GithubAuthProvider extends BaseAuthProvider {
     // remove existing credentials so they can be refreshed
     if (!params || !params.code) {
       this.logOut();
+      if (this.redirectUrl) {
+        window.location.href = this.redirectUrl;
+      }
       return Promise.resolve();
     }
 

diff --git a/src/authentication/icatAuthProvider.tsx b/src/authentication/icatAuthProvider.tsx
@@ -3,6 +3,8 @@ import BaseAuthProvider from './baseAuthProvider';
 import ReactGA from 'react-ga';
 import parseJwt from './parseJwt';
 import { ScheduledMaintenanceState } from '../state/scigateway.types';
+import { UserManager } from 'oidc-client';
+import qs from 'query-string';
 
 export default class ICATAuthProvider extends BaseAuthProvider {
   public mnemonic: string;
@@ -14,6 +16,7 @@ export default class ICATAuthProvider extends BaseAuthProvider {
   ) {
     super(authUrl);
     this.mnemonic = mnemonic || '';
+    this.redirectUrl = 'https://demo.identityserver.io/';
     if (this.mnemonic === '') {
       this.mnemonic = 'anon';
       this.autoLogin = () =>
@@ -35,6 +38,63 @@ export default class ICATAuthProvider extends BaseAuthProvider {
     if (this.isLoggedIn() && localStorage.getItem('autoLogin') !== 'true') {
       return Promise.resolve();
     }
+    const params = qs.parse(password);
+    /* eslint-disable  @typescript-eslint/camelcase */
+    const userManager = new UserManager({
+      authority: this.redirectUrl ? this.redirectUrl : undefined,
+      // client_id:
+      //   '47327328702-kjucdaikjpdfveuintbhnunt8qcosvhr.apps.googleusercontent.com',
+      client_id: 'interactive.public',
+      // redirect_uri: `${window.location.protocol}//${window.location.hostname}${
+      //   window.location.port ? `:${window.location.port}` : ''
+      // }/callback`,
+      response_type: 'code',
+      redirect_uri: 'http://localhost:3000/login',
+    });
+    /* eslint-enable  @typescript-eslint/camelcase */
+
+    if (params && params.code) {
+      console.log(params);
+      return userManager
+        .signinRedirectCallback()
+        .then((user) => {
+          console.log('signed in', user);
+          return Axios.post(`${this.authUrl}/login`, {
+            mnemonic: 'oidc',
+            credentials: {
+              token: user.id_token,
+            },
+          })
+            .then((res) => {
+              ReactGA.event({
+                category: 'Login',
+                action: 'Successfully logged in via JWT',
+              });
+              this.storeToken(res.data);
+              localStorage.setItem('autoLogin', 'false');
+              const payload: {
+                sessionId: string;
+                username: string;
+              } = JSON.parse(parseJwt(res.data));
+              this.storeUser(payload.username);
+              return;
+            })
+            .catch((err) => {
+              ReactGA.event({
+                category: 'Login',
+                action: 'Failed to log in via JWT',
+              });
+              this.handleAuthError(err);
+            });
+        })
+        .catch((err) => {
+          console.log(err);
+        });
+    }
+
+    if (this.mnemonic === 'oidc') {
+      return userManager.signinRedirect();
+    }
 
     return Axios.post(`${this.authUrl}/login`, {
       mnemonic: this.mnemonic,

diff --git a/src/loginPage/loginPage.component.tsx b/src/loginPage/loginPage.component.tsx
@@ -98,7 +98,7 @@ export type CombinedLoginProps = LoginPageProps &
   WithStyles<typeof styles>;
 
 export const RedirectLoginScreen = (
-  props: CombinedLoginProps
+  props: CombinedLoginProps & { serviceName: string }
 ): React.ReactElement => (
   <div className={props.classes.root}>
     {props.auth.failedToLogin ? (
@@ -112,13 +112,14 @@ export const RedirectLoginScreen = (
       className={props.classes.button}
       disabled={props.auth.loading}
       onClick={() => {
-        if (props.auth.provider.redirectUrl) {
-          window.location.href = props.auth.provider.redirectUrl;
-        }
+        props.auth.provider.logIn('', '');
+        // if (props.auth.provider.redirectUrl) {
+        //   window.location.href = props.auth.provider.redirectUrl;
+        // }
       }}
     >
       <Typography color="inherit" noWrap style={{ marginTop: 3 }}>
-        Login with Github
+        Login with {props.serviceName}
       </Typography>
     </Button>
   </div>
@@ -264,6 +265,7 @@ function fetchMnemonics(
   return axios
     .get(`${authUrl}/authenticators`)
     .then((res) => {
+      res.data.push({ mnemonic: 'oidc', keys: [{ name: 'token' }] });
       return res.data;
     })
     .catch((err) => {
@@ -307,13 +309,16 @@ const LoginPageComponent = (props: CombinedLoginProps): React.ReactElement => {
   React.useEffect(() => {
     if (
       props.auth.provider.redirectUrl &&
-      props.location.search &&
+      (props.location.search || props.location.hash) &&
       !props.auth.loading &&
       !props.auth.failedToLogin
     ) {
-      if (props.location.search) {
-        props.verifyUsernameAndPassword('', props.location.search);
-      }
+      const searchOrHash = props.location.search
+        ? props.location.search
+        : props.location.hash
+        ? props.location.hash
+        : '';
+      props.auth.provider.logIn('', searchOrHash);
     }
   });
 
@@ -322,38 +327,31 @@ const LoginPageComponent = (props: CombinedLoginProps): React.ReactElement => {
   if (typeof mnemonic === 'undefined') {
     LoginScreen = <CredentialsLoginScreen {...props} />;
     if (props.auth.provider.redirectUrl) {
-      LoginScreen = <RedirectLoginScreen {...props} />;
+      LoginScreen = <RedirectLoginScreen {...props} serviceName="Github" />;
     }
   } else {
-    if (
-      mnemonics.find(
-        (authenticator) =>
-          authenticator.mnemonic === mnemonic && authenticator.keys.length === 0
-      )
-    ) {
-      // anon
-      LoginScreen = <AnonLoginScreen {...props} />;
-    } else if (
-      mnemonics.find(
-        (authenticator) =>
-          authenticator.mnemonic === mnemonic &&
-          authenticator.keys.find((x) => x.name === 'username') &&
-          authenticator.keys.find((x) => x.name === 'password')
-      )
-    ) {
-      // user/pass
-      LoginScreen = <CredentialsLoginScreen {...props} />;
-    } else if (
-      mnemonics.find(
-        (authenticator) =>
-          authenticator.mnemonic === mnemonic &&
-          authenticator.keys.find((x) => x.name === 'token')
-      )
-    ) {
-      // redirect
-      LoginScreen = <RedirectLoginScreen {...props} />;
-    } else {
-      // unrecognised authenticator type
+    const authenticator = mnemonics.find(
+      (authenticator) => authenticator.mnemonic === mnemonic
+    );
+    if (authenticator) {
+      if (authenticator.keys.length === 0) {
+        // anon
+        LoginScreen = <AnonLoginScreen {...props} />;
+      } else if (
+        authenticator.keys.find((x) => x.name === 'username') &&
+        authenticator.keys.find((x) => x.name === 'password')
+      ) {
+        // user/pass
+        LoginScreen = <CredentialsLoginScreen {...props} />;
+      } else if (authenticator.keys.find((x) => x.name === 'token')) {
+        const name = authenticator.friendly
+          ? authenticator.friendly
+          : authenticator.mnemonic;
+        // redirect
+        LoginScreen = <RedirectLoginScreen {...props} serviceName={name} />;
+      } else {
+        // unrecognised authenticator type
+      }
     }
   }
 

diff --git a/yarn.lock b/yarn.lock
@@ -4276,7 +4276,7 @@ acorn@^6.4.1:
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.4.2.tgz#35866fd710528e92de10cf06016498e47e39e1e6"
   integrity sha512-XtGIhXwF8YM8bJhGxG5kXgjkEuNGLTkoYqVE+KMR+aspr4KGYmKYg7yUe3KghyQ9yheNwLnjmzh/7+gfDBmHCQ==
 
-acorn@^7.1.0, acorn@^7.4.0:
+acorn@^7.1.0, acorn@^7.4.0, acorn@^7.4.1:
   version "7.4.1"
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.1.tgz#feaed255973d2e77555b83dbc08851a6c63520fa"
   integrity sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==
@@ -5290,6 +5290,11 @@ base64-js@^1.0.2:
   resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.3.1.tgz#58ece8cb75dd07e71ed08c736abc5fac4dbf8df1"
   integrity sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==
 
+base64-js@^1.5.1:
+  version "1.5.1"
+  resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a"
+  integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
+
 base@^0.11.1:
   version "0.11.2"
   resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f"
@@ -6525,7 +6530,7 @@ core-js@^3.0.1, core-js@^3.0.4, core-js@^3.5.0:
   resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.6.4.tgz#440a83536b458114b9cb2ac1580ba377dc470647"
   integrity sha512-4paDGScNgZP2IXXilaffL9X7968RuvwlkK3xWtZRVqgd8SYNiVKRJvkFd1aqqEuPfN7E68ZHEp9hDj6lHj4Hyw==
 
-core-js@^3.6.5:
+core-js@^3.6.5, core-js@^3.8.3:
   version "3.8.3"
   resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.8.3.tgz#c21906e1f14f3689f93abcc6e26883550dd92dd0"
   integrity sha512-KPYXeVZYemC2TkNEkX/01I+7yd+nX3KddKwZ1Ww7SKWdI2wQprSgLmrTddT8nw92AjEklTsPBoSdQBhbI1bQ6Q==
@@ -6684,6 +6689,11 @@ crypto-browserify@^3.11.0:
     randombytes "^2.0.0"
     randomfill "^1.0.3"
 
+crypto-js@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.0.0.tgz#2904ab2677a9d042856a2ea2ef80de92e4a36dcc"
+  integrity sha512-bzHZN8Pn+gS7DQA6n+iUmBfl0hO5DJq++QP3U6uTucDtk/0iGpXd/Gg7CGR0p8tJhofJyaKoWBuJI4eAO00BBg==
+
 crypto-random-string@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e"
@@ -12788,6 +12798,17 @@ obuf@^1.0.0, obuf@^1.1.2:
   resolved "https://registry.yarnpkg.com/obuf/-/obuf-1.1.2.tgz#09bea3343d41859ebd446292d11c9d4db619084e"
   integrity sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg==
 
+oidc-client@^1.11.5:
+  version "1.11.5"
+  resolved "https://registry.yarnpkg.com/oidc-client/-/oidc-client-1.11.5.tgz#020aa193d68a3e1f87a24fcbf50073b738de92bb"
+  integrity sha512-LcKrKC8Av0m/KD/4EFmo9Sg8fSQ+WFJWBrmtWd+tZkNn3WT/sQG3REmPANE9tzzhbjW6VkTNy4xhAXCfPApAOg==
+  dependencies:
+    acorn "^7.4.1"
+    base64-js "^1.5.1"
+    core-js "^3.8.3"
+    crypto-js "^4.0.0"
+    serialize-javascript "^4.0.0"
+
 on-finished@~2.3.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.3.0.tgz#20f1336481b083cd75337992a16971aa2d906947"