lblod · abeforgit · May 31, 2023 · May 22, 2023 · May 22, 2023 · May 24, 2023
diff --git a/app/components/acmidm-login-compact.hbs b/app/components/acmidm-login-compact.hbs
diff --git a/app/components/application-header.hbs b/app/components/application-header.hbs
@@ -1,18 +1,19 @@
 <AuMainHeader @brandLink="https://www.vlaanderen.be/nl" @homeRoute="index" @appTitle="Gelinkt Notuleren" @contactRoute="contact">
   {{#if this.session.isAuthenticated}}
   <AuDropdown @title="{{this.currentSession.user.voornaam}} {{this.currentSession.user.achternaam}} - {{this.currentSession.group.classificatie.label}} {{this.currentSession.group.naam}}" @buttonLabel="Account settings" @alignment="right">
-    <Acmidm::Switch as |acmidm|>
-      <AuButton @loading={{acmidm.isSwitching}} class="au-c-button au-c-button--tertiary" role="menuitem" {{on "click" acmidm.switch}}>
-        <AuIcon @icon="switch" @alignment="left" />{{t "application-header.switch-administrative-unit"}}
-      </AuButton>
-    </Acmidm::Switch>
-    <button type="button" class="au-c-button au-c-button--tertiary" role="menuitem" {{on "click" this.logout}}>
-      <AuIcon @icon="logout" @alignment="left" />{{t "application-header.logout"}}
-    </button>
+    <AuLink @route="authorization.switch" @icon="switch" role="menuitem">
+      {{t "auth.switch-administrative-unit"}}
+    </AuLink>
+    <AuLink @route="authorization.logout" @icon="logout" role="menuitem">
+      {{t "auth.logout"}}
+    </AuLink>
   </AuDropdown>
   {{else}}
-  <AcmidmLoginCompact @styles="au-c-button au-c-button--tertiary">
-    <AuIcon @icon="login" @alignment="left" />{{t "application-header.logout"}}
-  </AcmidmLoginCompact>
+  <AuLink
+    @route='authorization.login'
+    @icon="login"
+  >
+    {{t "auth.login"}}
+  </AuLink>
   {{/if}}
 </AuMainHeader>
diff --git a/app/components/application-header.js b/app/components/application-header.js
@@ -1,7 +1,6 @@
 import Component from '@glimmer/component';
 import { inject as service } from '@ember/service';
 import { action } from '@ember/object';
-
 export default class ApplicationHeaderComponent extends Component {
   @service currentSession;
   @service session;

diff --git a/app/router.js b/app/router.js
@@ -7,7 +7,13 @@ export default class Router extends EmberRouter {
 }
 
 Router.map(function () {
-  this.route('switch-login');
+  // this.route('switch-login');
+  this.route('authorization', function () {
+    this.route('callback');
+    this.route('login');
+    this.route('logout');
+    this.route('switch');
+  });
   this.route('inbox', function () {
     this.route('trash');
     this.route('agendapoints', function () {

diff --git a/app/routes/authorization/callback.js b/app/routes/authorization/callback.js
@@ -0,0 +1,21 @@
+import Route from '@ember/routing/route';
+import { inject as service } from '@ember/service';
+
+export default class AuthorizationCallbackRoute extends Route {
+  @service session;
+
+  queryParams = {
+    code: {
+      refreshModel: true,
+    },
+  };
+
+  beforeModel() {
+    // redirect to index if already authenticated
+    this.session.prohibitAuthentication('index');
+  }
+
+  async model(params) {
+    this.session.authenticate('authenticator:acm-idm', params.code);
+  }
+}
diff --git a/app/routes/authorization/login.js b/app/routes/authorization/login.js
@@ -0,0 +1,19 @@
+import Route from '@ember/routing/route';
+import { inject as service } from '@ember/service';
+import ENV from 'frontend-gelinkt-notuleren/config/environment';
+import { buildLoginUrl, isValidAcmidmConfig } from '../../utils/acmidm';
+
+export default class AuthorizationLoginRoute extends Route {
+  @service router;
+  @service session;
+
+  beforeModel() {
+    if (this.session.prohibitAuthentication('index')) {
+      if (isValidAcmidmConfig(ENV.acmidm)) {
+        window.location.replace(buildLoginUrl(ENV.acmidm));
+      } else {
+        this.router.replaceWith('mock-login');
+      }
+    }
+  }
+}
diff --git a/app/routes/authorization/logout.js b/app/routes/authorization/logout.js
@@ -0,0 +1,29 @@
+import Route from '@ember/routing/route';
+import { inject as service } from '@ember/service';
+import ENV from 'frontend-gelinkt-notuleren/config/environment';
+
+export default class AuthorizationLogoutRoute extends Route {
+  @service router;
+  @service session;
+
+  async beforeModel(transition) {
+    if (this.session.requireAuthentication(transition, 'login')) {
+      try {
+        let wasMockLoginSession = this.session.isMockLoginSession;
+        await this.session.invalidate();
+        let logoutUrl = wasMockLoginSession
+          ? this.router.urlFor('mock-login')
+          : ENV.acmidm.logoutUrl;
+
+        window.location.replace(logoutUrl);
+      } catch (error) {
+        throw new Error(
+          'Something went wrong while trying to remove the session on the server',
+          {
+            cause: error,
+          }
+        );
+      }
+    }
+  }
+}
diff --git a/app/routes/authorization/switch.js b/app/routes/authorization/switch.js
@@ -0,0 +1,30 @@
+import Route from '@ember/routing/route';
+import { inject as service } from '@ember/service';
+import ENV from 'frontend-gelinkt-notuleren/config/environment';
+import { buildSwitchUrl } from '../../utils/acmidm';
+
+export default class AuthorizationSwitchRoute extends Route {
+  @service router;
+  @service session;
+
+  async beforeModel(transition) {
+    this.session.requireAuthentication(transition, 'login');
+
+    try {
+      let wasMockLoginSession = this.session.isMockLoginSession;
+      await this.session.invalidate();
+      let logoutUrl = wasMockLoginSession
+        ? this.router.urlFor('mock-login')
+        : buildSwitchUrl(ENV.acmidm);
+
+      window.location.replace(logoutUrl);
+    } catch (error) {
+      throw new Error(
+        'Something went wrong while trying to remove the session on the server',
+        {
+          cause: error,
+        }
+      );
+    }
+  }
+}
diff --git a/app/routes/switch-login.js b/app/routes/switch-login.js
@@ -1,21 +1,14 @@
 import Route from '@ember/routing/route';
 import { inject as service } from '@ember/service';
 
+//Switch login callback route
 export default class SwitchLoginRoute extends Route {
   @service session;
+  @service router;
 
   beforeModel() {
-    this.session.prohibitAuthentication('index');
-  }
-
-  async model() {
-    try {
-      return await this.session.authenticate(
-        'authenticator:torii',
-        'acmidm-oauth2'
-      );
-    } catch (e) {
-      return 'Fout bij het aanmelden. Gelieve opnieuw te proberen.';
+    if (this.session.prohibitAuthentication('index')) {
+      this.router.replaceWith('authorization.login');
     }
   }
 }
diff --git a/app/services/session.js b/app/services/session.js
@@ -1,17 +1,20 @@
 import { inject as service } from '@ember/service';
 import BaseSessionService from 'ember-simple-auth/services/session';
-import ENV from 'frontend-gelinkt-notuleren/config/environment';
-
 export default class SessionService extends BaseSessionService {
   @service currentSession;
 
-  handleAuthentication(routeAfterAuthentication) {
+  get isMockLoginSession() {
+    return this.isAuthenticated
+      ? this.data.authenticated.authenticator.includes('mock-login')
+      : false;
+  }
+
+  async handleAuthentication(routeAfterAuthentication) {
+    await this.currentSession.load();
     super.handleAuthentication(routeAfterAuthentication);
-    this.currentSession.load();
   }
 
   handleInvalidation() {
-    const logoutUrl = ENV['torii']['providers']['acmidm-oauth2']['logoutUrl'];
-    super.handleInvalidation(logoutUrl);
+    // We handle invalidation in the routes themselves dependent on whether its a normal, switch or mock-login logout
   }
 }
diff --git a/app/templates/login.hbs b/app/templates/login.hbs
@@ -11,7 +11,9 @@
             </AuContent>
           </div>
           <div class="au-o-grid__item au-u-1-4@small au-u-1-2@medium au-u-text-right@medium">
-            <AcmidmLogin />
+            <AuLink @route="authorization.login" @skin="button">
+              {{t "auth.login"}}
+            </AuLink>
           </div>
         </div>
       </div>

diff --git a/app/templates/meetings/publish.hbs b/app/templates/meetings/publish.hbs
@@ -8,14 +8,8 @@
     </Group>
     <Group>
       <AuDropdown @title="{{this.currentSession.user.voornaam}} {{this.currentSession.user.achternaam}} - {{this.currentSession.group.classificatie.label}} {{this.currentSession.group.naam}}" @buttonLabel="Account settings" @alignment="right">
-        <Acmidm::Switch as |acmidm|>
-          <AuButton @loading={{acmidm.isSwitching}} class="au-c-button au-c-button--tertiary" role="menuitem" {{on "click" acmidm.switch}}>
-            <AuIcon @icon="switch" @alignment="left" />{{t "application-header.switch-administrative-unit"}}
-          </AuButton>
-        </Acmidm::Switch>
-        <button type="button" class="au-c-button au-c-button--tertiary" role="menuitem" {{on "click" this.logout}}>
-          <AuIcon @icon="logout" @alignment="left" />{{t "application-header.logout"}}
-        </button>
+        <AuLink @route="authorization.switch" @icon='switch' role="menuitem">{{t "auth.switch-administrative-unit"}}</AuLink>
+        <AuLink @route="authorization.logout" @icon='logout' role="menuitem">{{t "auth.logout"}}</AuLink>
       </AuDropdown>
     </Group>
   </AuToolbar>

diff --git a/app/templates/switch-login.hbs b/app/templates/switch-login.hbs
diff --git a/app/utils/acmidm.js b/app/utils/acmidm.js
@@ -0,0 +1,27 @@
+export function buildLoginUrl({ apiKey, baseUrl, scope, redirectUrl }) {
+  return (
+    `${baseUrl}?response_type=code&` +
+    `client_id=${apiKey}&` +
+    `redirect_uri=${encodeURIComponent(redirectUrl)}&` +
+    `scope=${scope}`
+  );
+}
+
+export function buildLogoutUrl({ logoutUrl }) {
+  return logoutUrl;
+}
+
+export function buildSwitchUrl({ apiKey, logoutUrl, switchRedirectUrl }) {
+  return `${logoutUrl}?switch=true&client_id=${apiKey}&post_logout_redirect_uri=${encodeURIComponent(
+    switchRedirectUrl
+  )}`;
+}
+
+export function isValidAcmidmConfig(acmidmConfig) {
+  return Object.values(acmidmConfig).every(
+    (value) =>
+      typeof value === 'string' &&
+      value.trim() !== '' &&
+      !value.startsWith('{{')
+  );
+}
diff --git a/config/environment.js b/config/environment.js
@@ -64,18 +64,13 @@ module.exports = function (environment) {
       l: 'nl',
       shift_page_down: false,
     },
-    torii: {
-      disableRedirectInitializer: true,
-      providers: {
-        'acmidm-oauth2': {
-          apiKey: '{{OAUTH_API_KEY}}',
-          baseUrl: '{{OAUTH_BASE_URL}}',
-          scope: 'openid rrn vo profile abb_gelinktNotuleren',
-          redirectUri: '{{OAUTH_REDIRECT_URL}}',
-          logoutUrl: '{{OAUTH_LOGOUT_URL}}',
-          returnUrl: '{{OAUTH_SWITCH_URL}}',
-        },
-      },
+    acmidm: {
+      apiKey: '{{OAUTH_API_KEY}}',
+      baseUrl: '{{OAUTH_BASE_URL}}',
+      scope: 'openid rrn vo profile abb_gelinktNotuleren',
+      redirectUrl: '{{OAUTH_REDIRECT_URL}}',
+      logoutUrl: '{{OAUTH_LOGOUT_URL}}',
+      switchRedirectUrl: '{{OAUTH_SWITCH_URL}}',
     },
     environmentName: '{{ENVIRONMENT_NAME}}',
     publication: {