Added customUrlValidation #331
Conversation
|
I have also changed access level of storeAccessTokenResponse to public because there are situations where you have to do silent login that means that you receiving tokens from other sources and it would be really not good to add it manually to session storage because it should use same storage. |
|
I have synced masters so it is good to merge now. Is there a chance to get it merged sometime soon? |
| const found = !this.moduleConfig.resourceServer.customUrlValidation | ||
| ? this.moduleConfig.resourceServer.allowedUrls.find(u => url.startsWith(u)) | ||
| : this.moduleConfig.resourceServer.customUrlValidation(url); | ||
|
|
There was a problem hiding this comment.
I think you could simplify this a bit to avoid having to check the customUrlValidation multiple times:
if (this.moduleConfig.resourceServer.customUrlValidation) {
return this.moduleConfig.resourceServer.customUrlValidation(url);
}
if (this.moduleConfig.resourceServer.allowedUrls) {
return !!this.moduleConfig.resourceServer.allowedUrls.find(u => url.startsWith(u));
}
return true;
| @@ -39,7 +47,7 @@ export class DefaultOAuthInterceptor implements HttpInterceptor { | |||
| if (!this.moduleConfig.resourceServer) { | |||
| return next.handle(req); | |||
| } | |||
There was a problem hiding this comment.
Maybe move the moduleConfig.resourceServer check into the checkUrl function as well then?
There was a problem hiding this comment.
do not think this is good idea because there can be other configuration in resourceServer that are used not only for checking urls in the future. Dont you think so/ So i propose to leave it where it is
There was a problem hiding this comment.
Yeah, you’re right. I missed that there were some other things used from resourceServer right after that line.
projects/lib/src/oauth-service.ts
Outdated
| @@ -1216,7 +1216,7 @@ export class OAuthService extends AuthConfig { | |||
| } | |||
| } | |||
|
|
|||
| private storeAccessTokenResponse( | |||
| public storeAccessTokenResponse( | |||
There was a problem hiding this comment.
In ideal world it might be. But i have really lack of time in playing with git now tring to split it into 2 merge requests + it is not breaking change it is just open one essential method to public. Maybe we can merge it like it is this time? :)
…iodc after tryLogin()
|
Fixed comments |
|
I’m not in any way affiliated with this project, but the amount of commits in this pull request is really intimidating, especially considering the few actual changes this is introducing. To clean that up, you could do And before you actually commit that, you might want to remove the changes to the |
|
I have tried soft reset but there is nothing happening. Maybe t his is because i have rebased it i am not sure (not big git guru). Anyway - ammount of commits is big but changes are obivous. Decission is yours but i think functionality that is added is more important than commits history :) |
|
Oh, my bad, And sure, the changes are obvious but if I was a maintainer of this (again: I am not involved with this project, I am just trying to contribute just like you), I would reject this because it is quite a mess. So I just want to give you the chance and offer help to fix it first before that happens :) |
vytautas-pranskunas-
force-pushed
the
master
branch
from
1f59de7 to
38feedf
Compare
…r authentication flows like Silent Login within same software
|
@poke thanks. Thats ofcourse is better. I did it. |
|
Cool, that looks much better, good job! 👍 |
|
Any chance to merge it? :) |
|
Disclaimer: I'm no maintainer or expert, but followed this PR with interest. Some additional feedback I found while looking through the code.
|
|
That makes sense and I will do it when maintainer will tell that he is going to merge it. |
- Fixed some spelling errors - Fixed some newlines (add/remove) based on other code around it - Made capitalization and interpunction usage more consistent - Fixed some jsdoc comment alignment issues - Made small textual clarifications in some places
After further discussion and research in manfredsteyer#368 I noticed that even though RFC 7617 seems to state that: > Note that both scheme and parameter names are matched > case-insensitively. All the examples use "Basic" instead of "BASIC". There is one very notable framework that checks case *sensitively* for "Basic". Given that the header was incorrect anyways, we can be sure that changing this casing won't further break anything, and work around issues for server side frameworks like Spring. See: https://tools.ietf.org/html/rfc7617 See: https://github.com/spring-projects/spring-security/blob/5.0.6.RELEASE/web/src/main/java/org/springframework/security/web/authentication/www/BasicAuthenticationFilter.java#L157 Fixes manfredsteyer#368
…th-header Change 'Authentication' to 'Authorization'
…or-comment-issues Docs/fix minor comment issues
…ed-callback-for-no-iodc Issue manfredsteyer#343 onTokenReceived callback is not called if no iodc after tr…
manfredsteyer
added
the
investigation-needed
Make all of the login functions return Promise<boolean>
WIP: feat: remove jsrsasign dependancy
…resh is not triggered with every interval.
Session check changed to run outside of Angular zone
Set accessibility for properties and methods to protected
Update oauth-service.ts
Update to Angular 7
In manfredsteyer#30 the maintainer @manfredsteyer mentions adding an MIT license, but in 5b8cbbe it was accidentally removed. In manfredsteyer#385 it was mentioned that the license should be added back. So that's what we do here! Fixes manfredsteyer#370 See also manfredsteyer#385 See also manfredsteyer#30
…nse-back Add LICENSE back to repository
Added option to set up silent refresh only for certain type of token.
|
Is there a chance to merge this someday because because of this we need to keep fix in our local npm and cannot migrate to version 5 :( |
…r authentication flows like Silent Login within same software
…lar-oauth2-oidc # Conflicts: # projects/lib/src/oauth-service.ts
|
Hello again. I made this pull requests without conflicts again. Maybe you can accept it? p.s. |
| @@ -39,7 +47,7 @@ export class DefaultOAuthInterceptor implements HttpInterceptor { | |||
| if (!this.moduleConfig.resourceServer) { | |||
| return next.handle(req); | |||
| } | |||
| if (this.moduleConfig.resourceServer.allowedUrls && !this.checkUrl(url)) { | |||
| if (!this.checkUrl(url)) { | |||
There was a problem hiding this comment.
I don't see this change after the merge of the PR, the final code still has
if (this.moduleConfig.resourceServer.allowedUrls && !this.checkUrl(url)) {
I need to set both allowedUrls and customUrlValidation to make it work
Added custom url validation because we have an issue where we are calling optile requests for payment providers and there were only allowedUrls which we also have different like on local we have full url and on other environemtns calls are local and starts from 'api'. So with current allowedUrls there were not possibility to put allowed urls because it looks for startsWith. So i thought it is better to introduce custom url validation rather then add notAllowedUrls.