From d2623b1117dd0f76c5bde64f939941f6cd9a134b Mon Sep 17 00:00:00 2001
From: DominikIwanek <dominik.iwanek@hyland.com>
Date: Tue, 5 Sep 2023 13:49:22 +0200
Subject: [PATCH] [MNT-22836] - support PKCE code flow in SSO

---
 demo-shell/src/app.config.json                   |  2 +-
 .../docker-entrypoint.d/30-sed-on-appconfig.sh   |  4 ++--
 docker/run.sh                                    |  2 +-
 .../src/lib/auth/oidc/auth-config.service.ts     |  6 +++---
 .../lib/login/components/login.component.html    | 16 ++++++++--------
 .../lib/login/components/login.component.spec.ts |  4 ++--
 6 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/demo-shell/src/app.config.json b/demo-shell/src/app.config.json
index 1a5062c3297..4ae12ff8568 100644
--- a/demo-shell/src/app.config.json
+++ b/demo-shell/src/app.config.json
@@ -20,7 +20,7 @@
     "clientId": "alfresco",
     "scope": "openid profile email",
     "secret": "",
-    "implicitFlow": true,
+    "codeFlow": true,
     "silentLogin": true,
     "redirectSilentIframeUri": "{protocol}//{hostname}{:port}/assets/silent-refresh.html",
     "redirectUri": "/",
diff --git a/docker/docker-entrypoint.d/30-sed-on-appconfig.sh b/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
index a4349c4b65a..be10f51a00d 100755
--- a/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
+++ b/docker/docker-entrypoint.d/30-sed-on-appconfig.sh
@@ -28,8 +28,8 @@ if [ -n "${APP_CONFIG_OAUTH2_CLIENTID}" ]; then
     -i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
 fi
 
-if [ -n "${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}" ]; then
-  sed -e "s/\"implicitFlow\": [^,]*/\"implicitFlow\": ${APP_CONFIG_OAUTH2_IMPLICIT_FLOW}/g" \
+if [ -n "${APP_CONFIG_OAUTH2_CODE_FLOW}" ]; then
+  sed -e "s/\"codeFlow\": [^,]*/\"codeFlow\": ${APP_CONFIG_OAUTH2_CODE_FLOW}/g" \
     -i "${NGINX_ENVSUBST_OUTPUT_DIR}/app.config.json"
 fi
 
diff --git a/docker/run.sh b/docker/run.sh
index acf4754a318..0c80245dc2a 100755
--- a/docker/run.sh
+++ b/docker/run.sh
@@ -13,7 +13,7 @@ docker run --rm -it \
   --env APP_CONFIG_IDENTITY_HOST=$APP_CONFIG_IDENTITY_HOST \
   --env APP_CONFIG_OAUTH2_HOST=$APP_CONFIG_OAUTH2_HOST \
   --env APP_CONFIG_OAUTH2_CLIENTID=$APP_CONFIG_OAUTH2_CLIENTID \
-  --env APP_CONFIG_OAUTH2_IMPLICIT_FLOW=$APP_CONFIG_OAUTH2_IMPLICIT_FLOW \
+  --env APP_CONFIG_OAUTH2_IMPLICIT_FLOW=$APP_CONFIG_OAUTH2_CODE_FLOW \
   --env APP_CONFIG_OAUTH2_SILENT_LOGIN=$APP_CONFIG_OAUTH2_SILENT_LOGIN \
   --env APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI=$APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI \
   --env APP_CONFIG_BPM_HOST=$APP_CONFIG_BPM_HOST \
diff --git a/lib/core/src/lib/auth/oidc/auth-config.service.ts b/lib/core/src/lib/auth/oidc/auth-config.service.ts
index 7c2cc8f2d1f..537c078db6c 100644
--- a/lib/core/src/lib/auth/oidc/auth-config.service.ts
+++ b/lib/core/src/lib/auth/oidc/auth-config.service.ts
@@ -19,7 +19,7 @@ import { Inject, Injectable } from '@angular/core';
 import { AuthConfig } from 'angular-oauth2-oidc';
 import { take } from 'rxjs/operators';
 import { AppConfigService } from '../../app-config/app-config.service';
-import { AuthModuleConfig, AUTH_MODULE_CONFIG } from './auth-config';
+import { AUTH_MODULE_CONFIG, AuthModuleConfig } from './auth-config';
 
 /**
  * Create auth configuration factory
@@ -55,7 +55,7 @@ export class AuthConfigService {
         const redirectUri = this.getRedirectUri();
 
         const authConfig: AuthConfig = {
-            oidc: oauth2.implicitFlow || oauth2.codeFlow || false,
+            oidc: oauth2.codeFlow || false,
             issuer: oauth2.host,
             redirectUri,
             silentRefreshRedirectUri: oauth2.redirectSilentIframeUri,
@@ -85,7 +85,7 @@ export class AuthConfigService {
 
         // handle issue from the OIDC library with hashStrategy and implicitFlow, with would append &state to the url with would lead to error
         // `cannot match any routes`, and displaying the wildcard ** error page
-        return oauth2.implicitFlow && useHash ? `${redirectUri}/?` : redirectUri;
+        return oauth2.codeFlow && useHash ? `${redirectUri}/?` : redirectUri;
     }
 
     private getLocationOrigin() {
diff --git a/lib/core/src/lib/login/components/login.component.html b/lib/core/src/lib/login/components/login.component.html
index 18144998b74..eebe6f9fa4e 100644
--- a/lib/core/src/lib/login/components/login.component.html
+++ b/lib/core/src/lib/login/components/login.component.html
@@ -3,7 +3,7 @@
         <div class="adf-ie11FixerChild">
 
             <mat-card class="adf-login-card-wide">
-                <form 
+                <form
                     id="adf-login-form"
                     [formGroup]="form"
                     autocomplete="off"
@@ -12,13 +12,13 @@
                         <mat-card-title>
                             <div class="adf-alfresco-logo">
                                 <!--HEADER TEMPLATE-->
-                                <ng-template 
+                                <ng-template
                                     *ngIf="headerTemplate"
                                     ngFor
                                     [ngForOf]="[data]"
                                     [ngForTemplate]="headerTemplate">
                                 </ng-template>
-                                <img 
+                                <img
                                     *ngIf="!headerTemplate"
                                     id="adf-login-img-logo"
                                     class="adf-img-logo"
@@ -44,10 +44,10 @@
                             </div>
                         </div>
 
-                        <div *ngIf="!implicitFlow">
+                        <div *ngIf="!ssoLogin">
 
                             <!--USERNAME FIELD-->
-                            <div 
+                            <div
                                 class="adf-login__field"
                                 [ngClass]="{'adf-is-invalid': isErrorStyle(form.controls.username)}">
                                 <mat-form-field
@@ -137,14 +137,14 @@
                                         class="adf-login-button-label">
                                             {{'LOGIN.BUTTON.LOGIN' | translate }}
                                     </span>
-                                    <div 
+                                    <div
                                         *ngIf="actualLoginStep === LoginSteps.Checking"
                                         class="adf-interactive-login-label">
                                             <span class="adf-login-button-label">
                                                 {{ 'LOGIN.BUTTON.CHECKING' | translate}}
                                             </span>
                                             <div class="adf-login-spinner-container">
-                                                <mat-spinner 
+                                                <mat-spinner
                                                     id="checking-spinner"
                                                     class="adf-login-checking-spinner"
                                                     [diameter]="25">
@@ -169,7 +169,7 @@
                                 </mat-checkbox>
                             </div>
                         </div>
-                        <div *ngIf="implicitFlow">
+                        <div *ngIf="ssoLogin">
                             <button
                                 type="button"
                                 (click)="implicitLogin()"
diff --git a/lib/core/src/lib/login/components/login.component.spec.ts b/lib/core/src/lib/login/components/login.component.spec.ts
index 40cdcd4bd14..b52059ede1d 100644
--- a/lib/core/src/lib/login/components/login.component.spec.ts
+++ b/lib/core/src/lib/login/components/login.component.spec.ts
@@ -721,7 +721,7 @@ describe('LoginComponent', () => {
                 fixture.detectChanges();
 
                 fixture.whenStable().then(() => {
-                    expect(component.implicitFlow).toBe(false);
+                    expect(component.ssoLogin).toBe(false);
                     expect(component.redirectToImplicitLogin).toHaveBeenCalled();
                 });
 
@@ -734,7 +734,7 @@ describe('LoginComponent', () => {
                 fixture.detectChanges();
 
                 fixture.whenStable().then(() => {
-                    expect(component.implicitFlow).toBe(true);
+                    expect(component.ssoLogin).toBe(true);
                 });
 
             }));