[155] fixes and improvements

hopps-app · Jan 17, 2025 · 5bd667c · 5bd667c
1 parent 08b7a83
commit 5bd667c
Show file tree

Hide file tree

Showing 8 changed files with 95 additions and 71 deletions.
diff --git a/backend/app.hopps.org/src/main/resources/application.properties b/backend/app.hopps.org/src/main/resources/application.properties
@@ -38,6 +38,7 @@ quarkus.keycloak.devservices.realm-name=quarkus
 quarkus.oidc.devui.web-client-timeout=20S
 %prod.quarkus.keycloak.devservices.enabled=false
 %dev.quarkus.keycloak.devservices.realm-path=quarkus-realm.json
+%dev.quarkus.security.auth.enabled-in-dev-mode=true
 #
 ########################################
 # OpenFGA

diff --git a/backend/app.hopps.org/src/main/resources/quarkus-realm.json b/backend/app.hopps.org/src/main/resources/quarkus-realm.json
@@ -55,6 +55,14 @@
         "containerId": "248d65ab-5cec-458a-b141-05b6d7469be9",
         "attributes": {}
       },
+      {
+        "id": "19167196-1a9a-44be-8000-89f84e89c946",
+        "name": "Owner",
+        "composite": false,
+        "clientRole": false,
+        "containerId": "248d65ab-5cec-458a-b141-05b6d7469be9",
+        "attributes": {}
+      },
       {
         "id": "f11fe8bd-040b-4265-95cb-9868c51f59bc",
         "name": "admin",
@@ -471,24 +479,6 @@
   "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
   "webAuthnPolicyPasswordlessAcceptableAaguids": [],
   "webAuthnPolicyPasswordlessExtraOrigins": [],
-  "users": [
-    {
-      "id": "1471b72c-c2f4-4673-8f2e-f401b5137ba5",
-      "username": "service-account-quarkus-app",
-      "emailVerified": false,
-      "createdTimestamp": 1736499409499,
-      "enabled": true,
-      "totp": false,
-      "serviceAccountClientId": "quarkus-app",
-      "disableableCredentialTypes": [],
-      "requiredActions": [],
-      "realmRoles": [
-        "default-roles-quarkus"
-      ],
-      "notBefore": 0,
-      "groups": []
-    }
-  ],
   "scopeMappings": [
     {
       "clientScope": "offline_access",
@@ -630,7 +620,9 @@
       "publicClient": true,
       "frontchannelLogout": false,
       "protocol": "openid-connect",
-      "attributes": {},
+      "attributes": {
+        "post.logout.redirect.uris": "+"
+      },
       "authenticationFlowBindingOverrides": {},
       "fullScopeAllowed": false,
       "nodeReRegistrationTimeout": 0,
@@ -669,7 +661,9 @@
       "publicClient": false,
       "frontchannelLogout": false,
       "protocol": "openid-connect",
-      "attributes": {},
+      "attributes": {
+        "post.logout.redirect.uris": "+"
+      },
       "authenticationFlowBindingOverrides": {},
       "fullScopeAllowed": false,
       "nodeReRegistrationTimeout": 0,
@@ -731,8 +725,9 @@
           "consentRequired": false,
           "config": {
             "user.session.note": "clientHost",
-            "id.token.claim": "true",
             "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "id.token.claim": "true",
             "access.token.claim": "true",
             "claim.name": "clientHost",
             "jsonType.label": "String"
@@ -746,8 +741,9 @@
           "consentRequired": false,
           "config": {
             "user.session.note": "clientAddress",
-            "id.token.claim": "true",
             "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "id.token.claim": "true",
             "access.token.claim": "true",
             "claim.name": "clientAddress",
             "jsonType.label": "String"
@@ -761,17 +757,18 @@
           "consentRequired": false,
           "config": {
             "user.session.note": "client_id",
-            "id.token.claim": "true",
             "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "id.token.claim": "true",
             "access.token.claim": "true",
             "claim.name": "client_id",
             "jsonType.label": "String"
           }
         }
       ],
       "defaultClientScopes": [
-        "microprofile-jwt",
-        "profile"
+        "profile",
+        "microprofile-jwt"
       ],
       "optionalClientScopes": []
     },
@@ -795,7 +792,9 @@
       "publicClient": false,
       "frontchannelLogout": false,
       "protocol": "openid-connect",
-      "attributes": {},
+      "attributes": {
+        "post.logout.redirect.uris": "+"
+      },
       "authenticationFlowBindingOverrides": {},
       "fullScopeAllowed": false,
       "nodeReRegistrationTimeout": 0,
@@ -1042,8 +1041,9 @@
           "consentRequired": false,
           "config": {
             "user.session.note": "AUTH_TIME",
-            "id.token.claim": "true",
             "introspection.token.claim": "true",
+            "userinfo.token.claim": "true",
+            "id.token.claim": "true",
             "access.token.claim": "true",
             "claim.name": "auth_time",
             "jsonType.label": "long"
@@ -1328,6 +1328,7 @@
           "config": {
             "introspection.token.claim": "true",
             "multivalued": "true",
+            "userinfo.token.claim": "true",
             "user.attribute": "foo",
             "id.token.claim": "true",
             "access.token.claim": "true",
@@ -1451,7 +1452,8 @@
           "config": {
             "id.token.claim": "true",
             "introspection.token.claim": "true",
-            "access.token.claim": "true"
+            "access.token.claim": "true",
+            "userinfo.token.claim": "true"
           }
         }
       ]
@@ -1464,13 +1466,13 @@
     "roles",
     "web-origins",
     "acr",
-    "basic"
+    "basic",
+    "microprofile-jwt"
   ],
   "defaultOptionalClientScopes": [
     "offline_access",
     "address",
-    "phone",
-    "microprofile-jwt"
+    "phone"
   ],
   "browserSecurityHeaders": {
     "contentSecurityPolicyReportOnly": "",
@@ -1502,14 +1504,14 @@
         "subComponents": {},
         "config": {
           "allowed-protocol-mapper-types": [
+            "saml-role-list-mapper",
+            "oidc-sha256-pairwise-sub-mapper",
             "oidc-usermodel-property-mapper",
+            "saml-user-attribute-mapper",
             "oidc-address-mapper",
             "oidc-full-name-mapper",
-            "oidc-usermodel-attribute-mapper",
             "saml-user-property-mapper",
-            "saml-user-attribute-mapper",
-            "oidc-sha256-pairwise-sub-mapper",
-            "saml-role-list-mapper"
+            "oidc-usermodel-attribute-mapper"
           ]
         }
       },
@@ -1521,14 +1523,14 @@
         "subComponents": {},
         "config": {
           "allowed-protocol-mapper-types": [
-            "oidc-usermodel-attribute-mapper",
+            "saml-user-attribute-mapper",
             "oidc-sha256-pairwise-sub-mapper",
             "oidc-full-name-mapper",
-            "oidc-address-mapper",
-            "saml-role-list-mapper",
             "oidc-usermodel-property-mapper",
-            "saml-user-attribute-mapper",
-            "saml-user-property-mapper"
+            "saml-user-property-mapper",
+            "oidc-usermodel-attribute-mapper",
+            "oidc-address-mapper",
+            "saml-role-list-mapper"
           ]
         }
       },
@@ -2302,13 +2304,18 @@
   "firstBrokerLoginFlow": "first broker login",
   "attributes": {
     "cibaBackchannelTokenDeliveryMode": "poll",
-    "cibaExpiresIn": "120",
     "cibaAuthRequestedUserHint": "login_hint",
-    "oauth2DeviceCodeLifespan": "600",
+    "clientOfflineSessionMaxLifespan": "0",
     "oauth2DevicePollingInterval": "5",
-    "parRequestUriLifespan": "60",
+    "clientSessionIdleTimeout": "0",
+    "clientOfflineSessionIdleTimeout": "0",
     "cibaInterval": "5",
-    "realmReusableOtpCode": "false"
+    "realmReusableOtpCode": "false",
+    "cibaExpiresIn": "120",
+    "oauth2DeviceCodeLifespan": "600",
+    "parRequestUriLifespan": "60",
+    "clientSessionMaxLifespan": "0",
+    "organizationsEnabled": "false"
   },
   "keycloakVersion": "25.0.6",
   "userManagedAccessAllowed": false,

diff --git a/frontend/spa/src/components/views/InvoicesView.tsx b/frontend/spa/src/components/views/InvoicesView.tsx
@@ -45,8 +45,9 @@ function InvoicesView() {
 
     const reload = useCallback(async () => {
         setIsLoading(true);
+        await loadBommels().catch((e) => console.error(e));
+
         try {
-            await loadBommels();
             await loadInvoices();
         } catch (e) {
             console.error(e);

diff --git a/frontend/spa/src/services/ApiService.ts b/frontend/spa/src/services/ApiService.ts
@@ -15,7 +15,6 @@ export class ApiService {
         this.finUrl = import.meta.env.VITE_API_FIN_URL || '';
 
         this.bommel = new BommelService(this.orgUrl);
-
         this.invoices = new InvoicesService(this.finUrl);
         this.organization = new OrganizationService(this.orgUrl);
     }

diff --git a/frontend/spa/src/services/AxiosService.ts b/frontend/spa/src/services/AxiosService.ts
@@ -0,0 +1,31 @@
+import axios, { AxiosInstance } from 'axios';
+
+import authService from '@/services/auth/AuthService.ts';
+
+export class AxiosService {
+    create(baseUrl: string) {
+        const axiosInstance: AxiosInstance = axios.create({
+            baseURL: baseUrl,
+            headers: { 'Content-Type': 'application/json' },
+        });
+
+        axiosInstance.interceptors.request.use(
+            (config) => {
+                const token = authService.getAuthToken();
+                if (token) {
+                    config.headers['Authorization'] = `Bearer ${token}`;
+                }
+                return config;
+            },
+            (error) => {
+                return Promise.reject(error);
+            }
+        );
+
+        return axiosInstance;
+    }
+}
+
+const axiosService = new AxiosService();
+
+export default axiosService;
diff --git a/frontend/spa/src/services/api/BommelService.ts b/frontend/spa/src/services/api/BommelService.ts
@@ -1,16 +1,13 @@
-import axios, { AxiosInstance } from 'axios';
+import type { AxiosInstance } from 'axios';
 
 import { Bommel } from '@/services/api/types/Bommel.ts';
-import authService from '@/services/auth/AuthService.ts';
+import axiosService from '@/services/AxiosService.ts';
 
 export class BommelService {
     private axiosInstance: AxiosInstance;
 
     constructor(private baseUrl: string) {
-        this.axiosInstance = axios.create({
-            baseURL: this.baseUrl,
-            headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${authService.getAuthToken()}` },
-        });
+        this.axiosInstance = axiosService.create(this.baseUrl);
     }
 
     async getBommel(id: number): Promise<Bommel> {
@@ -19,7 +16,7 @@ export class BommelService {
     }
 
     async deleteBommel(id: number): Promise<void> {
-        await this.axiosInstance.delete(`/bommel/${id}?recursive=true`, { headers: { 'Content-Type': 'application/json' } });
+        await this.axiosInstance.delete(`/bommel/${id}?recursive=true`);
     }
 
     async createBommel(data: Partial<Bommel>): Promise<Bommel> {

diff --git a/frontend/spa/src/services/api/OrganizationService.ts b/frontend/spa/src/services/api/OrganizationService.ts
@@ -1,6 +1,6 @@
 import axios, { AxiosInstance } from 'axios';
 
-import authService from '@/services/auth/AuthService.ts';
+import axiosService from '@/services/AxiosService.ts';
 
 type RegisterOrganizationPayload = {
     owner: {
@@ -29,15 +29,12 @@ export class OrganizationService {
     private axiosInstance: AxiosInstance;
 
     constructor(private baseUrl: string) {
-        this.axiosInstance = axios.create({
-            baseURL: this.baseUrl,
-            headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${authService.getAuthToken()}` },
-        });
+        this.axiosInstance = axiosService.create(this.baseUrl);
     }
 
     async registerOrganization(payload: RegisterOrganizationPayload): Promise<void> {
         const url = `${import.meta.env.VITE_ORGANIZATION_SERVICE_URL || this.baseUrl}/organization`;
-        await axios.post(url, payload, { headers: { 'Content-Type': 'application/json' } });
+        await axios.post(url, payload);
     }
 
     async getCurrentOrganization() {

diff --git a/frontend/spa/src/services/api/invoicesService.ts b/frontend/spa/src/services/api/invoicesService.ts
@@ -1,17 +1,14 @@
-import axios, { AxiosInstance } from 'axios';
+import { AxiosInstance } from 'axios';
 
 import { InvoicesTableData } from '@/components/InvoicesTable/types';
 import { TransactionRecord } from '@/services/api/types/TransactionRecord.ts';
-import authService from '@/services/auth/AuthService.ts';
+import axiosService from '@/services/AxiosService.ts';
 
 export class InvoicesService {
     private axiosInstance: AxiosInstance;
 
     constructor(private baseUrl: string) {
-        this.axiosInstance = axios.create({
-            baseURL: this.baseUrl,
-            headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${authService.getAuthToken()}` },
-        });
+        this.axiosInstance = axiosService.create(this.baseUrl);
     }
 
     async getInvoices(): Promise<InvoicesTableData[]> {
@@ -44,10 +41,4 @@ export class InvoicesService {
             date: transaction.transactionTime,
         }));
     }
-
-    // async getInvoicesByBommel(bommelId: number): Promise<InvoicesTableData[]> {
-    //     const url = `${import.meta.env.VITE_INVOICES_SERVICE_URL || this.baseUrl}/all`;
-    //     const response = await this.axiosInstance.get(url);
-    //     return response.data;
-    // }
 }