From 5fcbf6e25faf398e1e4222b646f04a5fca2440c6 Mon Sep 17 00:00:00 2001
From: VincentCauchois <vincent.cauchois@mnhn.fr>
Date: Fri, 19 Jan 2024 15:39:51 +0100
Subject: [PATCH] fix(auth): fix authentication via CAS INPN login

Fix front `isAuthenticated`, redirection CAS, local storage 'expires_at' setup, backend login_user.

Signed-off-by: VincentCauchois <vincent.cauchois@mnhn.fr>
---
 backend/geonature/core/auth/routes.py                   | 9 +++++++++
 frontend/src/app/components/auth/auth.service.ts        | 2 +-
 frontend/src/app/modules/login/login/login.component.ts | 7 ++++++-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/backend/geonature/core/auth/routes.py b/backend/geonature/core/auth/routes.py
index 590cb5fc71..9abb1643ba 100644
--- a/backend/geonature/core/auth/routes.py
+++ b/backend/geonature/core/auth/routes.py
@@ -112,6 +112,15 @@ def loginCas():
                 "id_organisme": organism_id,
             }
             response.set_cookie("current_user", str(current_user), expires=cookie_exp)
+
+            # Log the user in
+            user = db.session.execute(
+                sa.select(models.User)
+                .where(models.User.identifiant == current_user["user_login"])
+                .where(models.User.filter_by_app())
+            ).scalar_one()
+            login_user(user)
+            
             return response
         else:
             log.info("Erreur d'authentification lié au CAS, voir log du CAS")
diff --git a/frontend/src/app/components/auth/auth.service.ts b/frontend/src/app/components/auth/auth.service.ts
index 59a8f08ef5..3871518055 100644
--- a/frontend/src/app/components/auth/auth.service.ts
+++ b/frontend/src/app/components/auth/auth.service.ts
@@ -155,7 +155,7 @@ export class AuthService {
   }
 
   isAuthenticated(): boolean {
-    return this._cookie.get('token') !== null;
+    return this._cookie.check('token') && this._cookie.get('token') !== null;
   }
 
   handleLoginError() {
diff --git a/frontend/src/app/modules/login/login/login.component.ts b/frontend/src/app/modules/login/login/login.component.ts
index 79d3932418..c94b1a2ed4 100644
--- a/frontend/src/app/modules/login/login/login.component.ts
+++ b/frontend/src/app/modules/login/login/login.component.ts
@@ -8,6 +8,7 @@ import { ConfigService } from '@geonature/services/config.service';
 import { ModuleService } from '@geonature/services/module.service';
 import { ActivatedRoute, Router } from '@angular/router';
 import { RoutingService } from '@geonature/routing/routing.service';
+import * as moment from 'moment';
 
 @Component({
   selector: 'pnx-login',
@@ -47,7 +48,11 @@ export class LoginComponent implements OnInit {
     if (this.config.CAS_PUBLIC.CAS_AUTHENTIFICATION) {
       // if token not here here, redirection to CAS login page
       const url_redirection_cas = `${this.config.CAS_PUBLIC.CAS_URL_LOGIN}?service=${this.config.API_ENDPOINT}/gn_auth/login_cas`;
-      document.location.href = url_redirection_cas;
+      if (!this._authService.isAuthenticated()) {
+        // TODO: set the local storage item 'expires_at' in the API route "gn_auth/login_cas"
+        localStorage.setItem('expires_at', moment().add(1, 'days').toISOString());
+        document.location.href = url_redirection_cas;
+      }
     }
   }