fix(auth): fix authentication via CAS INPN login

Fix front `isAuthenticated`, redirection CAS, local storage 'expires_at' setup, backend login_user. Signed-off-by: VincentCauchois <[email protected]>
PnX-SI · Jan 19, 2024 · 5fcbf6e · 5fcbf6e
1 parent 0cabf07
commit 5fcbf6e
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 2 deletions.
diff --git a/backend/geonature/core/auth/routes.py b/backend/geonature/core/auth/routes.py
@@ -112,6 +112,15 @@ def loginCas():
                 "id_organisme": organism_id,
             }
             response.set_cookie("current_user", str(current_user), expires=cookie_exp)
+
+            # Log the user in
+            user = db.session.execute(
+                sa.select(models.User)
+                .where(models.User.identifiant == current_user["user_login"])
+                .where(models.User.filter_by_app())
+            ).scalar_one()
+            login_user(user)
+
             return response
         else:
             log.info("Erreur d'authentification lié au CAS, voir log du CAS")

diff --git a/frontend/src/app/components/auth/auth.service.ts b/frontend/src/app/components/auth/auth.service.ts
@@ -155,7 +155,7 @@ export class AuthService {
   }
 
   isAuthenticated(): boolean {
-    return this._cookie.get('token') !== null;
+    return this._cookie.check('token') && this._cookie.get('token') !== null;
   }
 
   handleLoginError() {

diff --git a/frontend/src/app/modules/login/login/login.component.ts b/frontend/src/app/modules/login/login/login.component.ts
@@ -8,6 +8,7 @@ import { ConfigService } from '@geonature/services/config.service';
 import { ModuleService } from '@geonature/services/module.service';
 import { ActivatedRoute, Router } from '@angular/router';
 import { RoutingService } from '@geonature/routing/routing.service';
+import * as moment from 'moment';
 
 @Component({
   selector: 'pnx-login',
@@ -47,7 +48,11 @@ export class LoginComponent implements OnInit {
     if (this.config.CAS_PUBLIC.CAS_AUTHENTIFICATION) {
       // if token not here here, redirection to CAS login page
       const url_redirection_cas = `${this.config.CAS_PUBLIC.CAS_URL_LOGIN}?service=${this.config.API_ENDPOINT}/gn_auth/login_cas`;
-      document.location.href = url_redirection_cas;
+      if (!this._authService.isAuthenticated()) {
+        // TODO: set the local storage item 'expires_at' in the API route "gn_auth/login_cas"
+        localStorage.setItem('expires_at', moment().add(1, 'days').toISOString());
+        document.location.href = url_redirection_cas;
+      }
     }
   }