undo auth changes

Author: appukuttan-shailesh

apps/curation-dashboard/package.json

@@ -10,7 +10,7 @@
     "@testing-library/react": "^11.2.5",
     "@testing-library/user-event": "^12.8.1",
     "axios": "^0.21.1",
-    "keycloak-js": "^8.0.1",
+    "keycloak-js": "^12.0.2",
     "react": "^17.0.1",
     "react-dom": "^17.0.1",
     "react-scripts": "4.0.3"

apps/curation-dashboard/src/auth.js

@@ -6,24 +6,34 @@ import Keycloak from 'keycloak-js';
 const keycloak = Keycloak({
     url: 'https://iam.ebrains.eu/auth',
     realm: 'hbp',
-    clientId: 'model-catalog'
+    clientId: 'model-catalog',
+    'public-client': true,
+    'confidential-port': 0,
 });
 const YOUR_APP_SCOPES = 'team email profile';   // full list at https://iam.ebrains.eu/auth/realms/hbp/.well-known/openid-configuration
 
 
 export default function initAuth(main) {
     console.log('DOM content is loaded, initialising Keycloak client...');
-    keycloak
-        .init({ flow: 'implicit', promiseType: 'native' })
+    console.log(window.location.hostname);
+    if (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1") {
+        // for local development
+        keycloak
+        .init({ flow: 'implicit', promiseType: 'native' }) 
         .then(() => checkAuth(main))
         .catch(console.log);
+    } else {
+        // for deployment
+        keycloak
+        .init({ flow: 'standard', pkceMethod: 'S256' }) 
+        .then(() => checkAuth(main))
+        .catch(console.log);
+    }
 }
 
-
 function checkPermissions(keycloak) {
     return keycloak.loadUserInfo()
         .then((userInfo) => {
-
             if (userInfo.roles.team.includes("collab-model-validation-editor") || userInfo.roles.team.includes("collab-model-validation-administrator")) {
                 keycloak.authorized = true;
             } else {
@@ -32,7 +42,6 @@ function checkPermissions(keycloak) {
         })
 }
 
-
 function checkAuth(main) {
     console.log('Keycloak client is initialised, verifying authentication...');
 

apps/validation_framework_v2/package-lock.json

@@ -14,7 +14,7 @@
         "eslint-plugin-react-hooks": "^4.2.0",
         "filesize": "^6.1.0",
         "humanparser": "^1.11.0",
-        "keycloak-js": "^8.0.1",
+        "keycloak-js": "^12.0.2",
         "lodash": "^4.17.20",
         "material-ui-chip-input": "^2.0.0-beta.2",
         "moment": "^2.29.1",

apps/validation_framework_v2/package.json

@@ -385,7 +385,6 @@ class ValidationFramework extends React.Component {
 
     componentDidMount() {
         document.body.style.backgroundColor = Theme.bodyBackground;
-        const token = this.props.auth.tokenParsed;
 
         const [, setAuthContext] = this.context.auth;
         setAuthContext(this.props.auth);
@@ -409,13 +408,6 @@ class ValidationFramework extends React.Component {
                 }
             });
 
-        this.props.auth
-            .loadUserInfo()
-            .success(() => {
-                const userInfo = this.props.auth.userInfo;
-            })
-            .error(console.log);
-
         if (window.location.hash) {
             let proceed = true;
             const param = window.location.hash.slice(1);

apps/validation_framework_v2/src/ValidationFramework.js

@@ -0,0 +1,124 @@
+import Keycloak from 'keycloak-js';
+
+
+// We start by configuring the Keycloak javascript client
+// It needs to know your app id in order to authenticate users for it
+const keycloak = Keycloak({
+    url: 'https://iam.ebrains.eu/auth',
+    realm: 'hbp',
+    clientId: 'model-catalog',
+    'public-client': true,
+    'confidential-port': 0,
+});
+const YOUR_APP_SCOPES = 'team email profile';   // full list at https://iam.ebrains.eu/auth/realms/hbp/.well-known/openid-configuration
+
+
+export default function initAuth(main) {
+    console.log('DOM content is loaded, initialising Keycloak client...');
+    console.log(window.location.hostname);
+    if (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1") {
+        // for local development
+        keycloak
+        .init({ flow: 'implicit', promiseType: 'native' }) 
+        .then(() => checkAuth(main))
+        .catch(console.log);
+    } else {
+        // for deployment
+        keycloak
+        .init({ flow: 'standard', pkceMethod: 'S256' }) 
+        .then(() => checkAuth(main))
+        .catch(console.log);
+    }
+}
+
+
+function checkAuth(main) {
+    console.log('Keycloak client is initialised, verifying authentication...');
+
+    // Is the user anonymous or authenticated?
+    const isAuthenticated = keycloak.authenticated;
+    const isAnonymous = !keycloak.authenticated;
+    // Is this app a standalone app, a framed app or a delegate?
+    const isParent = (window.opener == null);
+    const isIframe = (window !== window.parent);
+    const isMainFrame = (window === window.parent);
+    const isStandaloneApp = isMainFrame && isParent;
+    const isFramedApp = isIframe && isParent;
+    const isDelegate = (window.opener != null);
+    // Posting and listening to messages
+    const postMessageToParentTab = (message, parentTabOrigin) => window.opener.postMessage(message, parentTabOrigin);
+    const listenToMessage = (callback) => window.addEventListener('message', callback);
+    const AUTH_MESSAGE = 'clb.authenticated';
+    const myAppOrigin = window.location.origin;
+    // Manipulating URLs and tabs
+    const openTab = (url) => window.open(url);
+    const getCurrentURL = () => new URL(window.location);
+    const closeCurrentTab = () => window.close();
+
+    const login = (scopes) => keycloak.login({ scope: scopes });
+
+    // A standalone app should simply login if the user is not authenticated
+    // and do its business logic otherwise
+    if (isStandaloneApp) {
+        console.log('This is a standalone app...');
+        if (isAnonymous) {
+            console.log('...which is not authenticated, starting login...');
+            return login(YOUR_APP_SCOPES);
+        }
+        if (isAuthenticated) {
+            console.log('...which is authenticated, starting business logic...');
+            return main(keycloak);
+        }
+    }
+
+    // A framed app should open a delegate to do the authentication for it and listen to its messages and verify them
+    // If the user is authenticated, it should do its business logic
+    if (isFramedApp) {
+        console.log('This is a framed app...');
+        if (isAnonymous) {
+            console.log('...which is not authenticated, delegating to new tab...');
+            listenToMessage(verifyMessage);
+            return openTab(getCurrentURL());
+        }
+        if (isAuthenticated) {
+            console.log('...which is authenticated, starting business logic...');
+            return main(keycloak);
+        }
+    }
+
+    // A delegate should login if the user is not authenticated
+    // Otherwise, it should inform its opener that the user is authenticated and close itself
+    if (isDelegate) {
+        console.log('This is a delegate tab...');
+        if (isAnonymous) {
+            console.log('...which is not authenticated, starting login...');
+            return login(YOUR_APP_SCOPES);
+        }
+        if (isAuthenticated) {
+            console.log('...which is authenticated, warn parent and close...');
+            postMessageToParentTab(AUTH_MESSAGE, myAppOrigin);
+            return closeCurrentTab();
+        }
+    }
+}
+
+function verifyMessage(event) {
+    console.log('Message receveived, verifying it...');
+
+    const AUTH_MESSAGE = 'clb.authenticated';
+    const receivedMessage = event.data;
+    const messageOrigin = event.origin;
+    const myAppOrigin = window.location.origin;
+    // const reload = () => window.location.reload(); // TODO: remove?
+    const login = (scopes) => keycloak.login({ scope: scopes });
+
+
+    // Stop if the message is not the auth message
+    if (receivedMessage !== AUTH_MESSAGE) return;
+
+    // Stop if the message is not coming from our app origin
+    if (messageOrigin !== myAppOrigin) return;
+
+    // Login otherwise
+    return login(YOUR_APP_SCOPES);
+}

apps/validation_framework_v2/src/auth.js

@@ -1,136 +1,22 @@
-import Keycloak from "keycloak-js";
-import React from "react";
-import ReactDOM from "react-dom";
-
-import { SnackbarProvider } from "notistack";
+import React from 'react';
+import ReactDOM from 'react-dom';
+import initAuth from './auth';
 import { datastore } from "./datastore";
 import { ContextMainProvider } from "./ContextMain";
+import { SnackbarProvider } from "notistack";
 import ValidationFramework from "./ValidationFramework";
 
-// We start by configuring the Keycloak javascript client
-// It needs to know your app id in order to authenticate users for it
-const keycloak = Keycloak({
-    url: "https://iam.ebrains.eu/auth",
-    realm: "hbp",
-    clientId: "model-catalog", // TODO: change clientID to validation-framework, once client is registered
-});
-const YOUR_APP_SCOPES = "team email profile"; // full list at https://iam.ebrains.eu/auth/realms/hbp/.well-known/openid-configuration
-
-// When ready, we initialise the keycloak client
-// Once done, it will call our `checkAuth` function
-window.addEventListener("DOMContentLoaded", initKeycloak);
-
-function initKeycloak() {
-    console.log("DOM content is loaded, initialising Keycloak client...");
-    keycloak.init({ flow: "implicit" }).success(checkAuth).error(console.log);
-}
-
-function checkAuth() {
-    console.log("Keycloak client is initialised, verifying authentication...");
-
-    // Is the user anonymous or authenticated?
-    const isAuthenticated = keycloak.authenticated;
-    const isAnonymous = !keycloak.authenticated;
-    // Is this app a standalone app, a framed app or a delegate?
-    const isParent = window.opener == null;
-    const isIframe = window !== window.parent;
-    const isMainFrame = window === window.parent;
-    const isStandaloneApp = isMainFrame && isParent;
-    const isFramedApp = isIframe && isParent;
-    const isDelegate = window.opener != null;
-    // Posting and listening to messages
-    const postMessageToParentTab = (message, parentTabOrigin) =>
-        window.opener.postMessage(message, parentTabOrigin);
-    const listenToMessage = (callback) =>
-        window.addEventListener("message", callback);
-    const AUTH_MESSAGE = "clb.authenticated";
-    const myAppOrigin = window.location.origin;
-    // Manipulating URLs and tabs
-    const openTab = (url) => window.open(url);
-    const getCurrentURL = () => new URL(window.location);
-    const closeCurrentTab = () => window.close();
-
-    const login = (scopes) => keycloak.login({ scope: scopes });
-
-    // A standalone app should simply login if the user is not authenticated
-    // and do its business logic otherwise
-    if (isStandaloneApp) {
-        console.log("This is a standalone app...");
-        if (isAnonymous) {
-            console.log("...which is not authenticated, starting login...");
-            return login(YOUR_APP_SCOPES);
-        }
-        if (isAuthenticated) {
-            console.log(
-                "...which is authenticated, starting business logic..."
-            );
-            return doBusinessLogic(keycloak);
-        }
-    }
 
-    // A framed app should open a delegate to do the authentication for it and listen to its messages and verify them
-    // If the user is authenticated, it should do its business logic
-    if (isFramedApp) {
-        console.log("This is a framed app...");
-        if (isAnonymous) {
-            console.log(
-                "...which is not authenticated, delegating to new tab..."
-            );
-            listenToMessage(verifyMessage);
-            return openTab(getCurrentURL());
-        }
-        if (isAuthenticated) {
-            console.log(
-                "...which is authenticated, starting business logic..."
-            );
-            return doBusinessLogic(keycloak);
-        }
-    }
-
-    // A delegate should login if the user is not authenticated
-    // Otherwise, it should inform its opener that the user is authenticated and close itself
-    if (isDelegate) {
-        console.log("This is a delegate tab...");
-        if (isAnonymous) {
-            console.log("...which is not authenticated, starting login...");
-            return login(YOUR_APP_SCOPES);
-        }
-        if (isAuthenticated) {
-            console.log("...which is authenticated, warn parent and close...");
-            postMessageToParentTab(AUTH_MESSAGE, myAppOrigin);
-            return closeCurrentTab();
-        }
-    }
-}
-
-function verifyMessage(event) {
-    console.log("Message receveived, verifying it...");
-
-    const AUTH_MESSAGE = "clb.authenticated";
-    const receivedMessage = event.data;
-    const messageOrigin = event.origin;
-    const myAppOrigin = window.location.origin;
-    // const reload = () => window.location.reload(); // TODO: remove?
-    const login = (scopes) => keycloak.login({ scope: scopes });
-
-    // Stop if the message is not the auth message
-    if (receivedMessage !== AUTH_MESSAGE) return;
-
-    // Stop if the message is not coming from our app origin
-    if (messageOrigin !== myAppOrigin) return;
-
-    // Login otherwise
-    return login(YOUR_APP_SCOPES);
-}
-
-function doBusinessLogic(auth) {
+function renderApp(auth) {
     datastore.auth = auth;
     ReactDOM.render(
         <ContextMainProvider>
             <SnackbarProvider maxSnack={3}>
                 <ValidationFramework auth={auth} />
             </SnackbarProvider>
         </ContextMainProvider>,
-        document.getElementById("root")
+        document.getElementById('root')
     );
-}
+};
+
+window.addEventListener('DOMContentLoaded', () => initAuth(renderApp));