Loading...
;
+ }
+
return (
- {wordings.shared.passwordChangedConfirmation.text}
-
-
-
- Loading...
;
+ }
+ const userEmail = user?.email;
+ const userName = user?.name;
return (
- <>
- {isPasswordConfirmationPopupShown && (
-
-
-
+
-
+
+ }
+ title={wordings.business.account}
+ />
+
-
- {userName}
-
- {userEmail}
-
-
+
+
- setDisplayMode('lightMode')}
- />
- setDisplayMode('darkMode')}
- />
-
- }
- title={wordings.shared.settingsDrawer.displayMode}
- />
-
-
-
+
+ {userName}
+
+ {userEmail}
- }
- title={wordings.business.account}
- />
-
-
-
- );
-
- function shouldShowErrorForPreviousPassword() {
- return passwordChangeValidity === 'wrongPassword';
- }
-
- function shouldShowErrorForNewPassword() {
- return passwordChangeValidity === 'notValidNewPassword' || passwordChangeValidity === 'newPasswordsDontMatch';
- }
-
- function computeErrorMessageForNewPassword() {
- if (passwordChangeValidity === 'newPasswordsDontMatch') {
- return wordings.business.newPasswordsDontMatch;
- }
-
- return wordings.business.newPasswordInstructions;
- }
-
- async function updatePassword() {
- if (newPassword !== confirmedNewPassword) {
- setPasswordChangeValidity('newPasswordsDontMatch');
- return;
- }
-
- const result = await apiCaller.post<'changePassword'>('changePassword', { previousPassword, newPassword });
-
- switch (result.data) {
- case 'notValidNewPassword':
- setPasswordChangeValidity('notValidNewPassword');
- break;
- case 'passwordUpdated':
- setPreviousPassword('');
- setNewPassword('');
- setConfirmedNewPassword('');
- setPasswordChangeValidity('valid');
- localStorage.userHandler.setPasswordTimeValidityStatus('valid');
- props.onUpdatePassword();
- break;
- case 'wrongPassword':
- setPasswordChangeValidity('wrongPassword');
- break;
- }
- }
-}
-
-function buildStyles(theme: customThemeType) {
- return {
- passwordTextInput: {
- margin: `${theme.spacing * 2}px 0`,
- width: '100%',
- },
- passwordUpdateButtonContainer: {
- display: 'flex',
- justifyContent: 'flex-end' as const,
- },
- } as const;
-}
diff --git a/packages/generic/client/src/components/business/ResetPasswordForm/index.ts b/packages/generic/client/src/components/business/ResetPasswordForm/index.ts
deleted file mode 100644
index aa5db8594..000000000
--- a/packages/generic/client/src/components/business/ResetPasswordForm/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { ResetPasswordForm } from './ResetPasswordForm';
diff --git a/packages/generic/client/src/components/business/index.ts b/packages/generic/client/src/components/business/index.ts
index bebcb53a3..1a2d836c0 100644
--- a/packages/generic/client/src/components/business/index.ts
+++ b/packages/generic/client/src/components/business/index.ts
@@ -13,7 +13,6 @@ import { MainHeader } from './MainHeader';
import { ProblemReportIcon } from './ProblemReportIcon';
import { PublicationCategoryBadge } from './PublicationCategoryBadge';
import { UnlinkAnnotationDropdown } from './UnlinkAnnotationDropdown';
-import { ResetPasswordForm } from './ResetPasswordForm';
export {
AdminMenu,
@@ -31,7 +30,6 @@ export {
MainHeader,
ProblemReportIcon,
PublicationCategoryBadge,
- ResetPasswordForm,
UnlinkAnnotationDropdown,
};
diff --git a/packages/generic/client/src/components/index.ts b/packages/generic/client/src/components/index.ts
index e6e235c2c..063ffab97 100644
--- a/packages/generic/client/src/components/index.ts
+++ b/packages/generic/client/src/components/index.ts
@@ -15,7 +15,6 @@ import {
MainHeader,
ProblemReportIcon,
PublicationCategoryBadge,
- ResetPasswordForm,
UnlinkAnnotationDropdown,
} from './business';
@@ -35,7 +34,6 @@ export {
MainHeader,
ProblemReportIcon,
PublicationCategoryBadge,
- ResetPasswordForm,
UnlinkAnnotationDropdown,
};
diff --git a/packages/generic/client/src/contexts/user.context.tsx b/packages/generic/client/src/contexts/user.context.tsx
new file mode 100644
index 000000000..80a8b4266
--- /dev/null
+++ b/packages/generic/client/src/contexts/user.context.tsx
@@ -0,0 +1,63 @@
+import React, { createContext, FC, ReactNode, useContext, useEffect, useState } from 'react';
+import { urlHandler } from '../utils';
+import { userType } from '@label/core';
+
+export interface CurrentUser {
+ _id?: string;
+ email?: string;
+ name?: string;
+ role?: userType['role'];
+ sessionIndex?: string;
+}
+interface UserContextType {
+ user: CurrentUser | null;
+ loading: boolean;
+ onLogout: () => void;
+}
+const UserContext = createContext
diff --git a/packages/generic/client/src/pages/Admin/ProblemReports/ProblemReportsTable/ProblemReportsTable.tsx b/packages/generic/client/src/pages/Admin/ProblemReports/ProblemReportsTable/ProblemReportsTable.tsx
index b51b43aec..10ac6961e 100644
--- a/packages/generic/client/src/pages/Admin/ProblemReports/ProblemReportsTable/ProblemReportsTable.tsx
+++ b/packages/generic/client/src/pages/Admin/ProblemReports/ProblemReportsTable/ProblemReportsTable.tsx
@@ -11,6 +11,7 @@ import { localStorage } from '../../../../services/localStorage';
import { sendMail } from '../../../../services/sendMail';
import { wordings } from '../../../../wordings';
import { routes } from '../../../routes';
+import { useCtxUser } from '../../../../contexts/user.context';
import { annotationDiffDocumentInfoType, AnnotationsDiffDrawer } from '../../TreatedDocuments/AnnotationsDiffDrawer';
export { ProblemReportsTable };
@@ -33,7 +34,12 @@ function ProblemReportsTable(props: {
const styles = buildStyles(theme);
const problemReportsFields = buildProblemReportsFields();
- const userRole = localStorage.userHandler.getRole();
+
+ const { user, loading } = useCtxUser();
+ if (loading) {
+ return
Loading...
;
+ }
+ const userRole = user?.role;
const adminView = localStorage.adminViewHandler.get();
return (
@@ -135,7 +141,7 @@ function ProblemReportsTable(props: {
}
function buildOptionItems(problemReportWithDetails: apiRouteOutType<'get', 'problemReportsWithDetails'>[number]) {
- const userRole = localStorage.userHandler.getRole();
+ const userRole = user?.role;
const validateDocumentOptionItem = {
kind: 'text' as const,
diff --git a/packages/generic/client/src/pages/Admin/TreatedDocuments/TreatedDocumentsTable.tsx b/packages/generic/client/src/pages/Admin/TreatedDocuments/TreatedDocumentsTable.tsx
index 8ef0495b4..704defe29 100644
--- a/packages/generic/client/src/pages/Admin/TreatedDocuments/TreatedDocumentsTable.tsx
+++ b/packages/generic/client/src/pages/Admin/TreatedDocuments/TreatedDocumentsTable.tsx
@@ -8,6 +8,7 @@ import { localStorage, treatedDocumentOrderByProperties } from '../../../service
import { AnnotationsDiffDrawer, annotationDiffDocumentInfoType } from './AnnotationsDiffDrawer';
import { useAlert } from '../../../services/alert';
import { routes } from '../../routes';
+import { useCtxUser } from '../../../contexts/user.context';
export { TreatedDocumentsTable };
@@ -32,6 +33,8 @@ function TreatedDocumentsTable(props: {
const orderDirection = localStorage.treatedDocumentsStateHandler.getOrderDirection();
const styles = buildStyles();
+ const { user } = useCtxUser();
+
return (
{!!documentIdToReset && (
@@ -91,7 +94,7 @@ function TreatedDocumentsTable(props: {
}
function buildOptionItems(treatmentWithDetails: apiRouteOutType<'get', 'treatedDocuments'>[number]) {
- const userRole = localStorage.userHandler.getRole();
+ const userRole = user?.role;
const adminView = localStorage.adminViewHandler.get();
const openDocumentOption = {
diff --git a/packages/generic/client/src/pages/Admin/UntreatedDocuments/UntreatedDocumentsTable.tsx b/packages/generic/client/src/pages/Admin/UntreatedDocuments/UntreatedDocumentsTable.tsx
index ec25a7a41..a64742d07 100644
--- a/packages/generic/client/src/pages/Admin/UntreatedDocuments/UntreatedDocumentsTable.tsx
+++ b/packages/generic/client/src/pages/Admin/UntreatedDocuments/UntreatedDocumentsTable.tsx
@@ -15,6 +15,7 @@ import { useAlert } from '../../../services/alert';
import { localStorage, untreatedDocumentOrderByProperties } from '../../../services/localStorage';
import { wordings } from '../../../wordings';
import { routes } from '../../routes';
+import { useCtxUser } from '../../../contexts/user.context';
export { UntreatedDocumentsTable };
@@ -35,6 +36,11 @@ function UntreatedDocumentsTable(props: {
const styles = buildStyles(theme);
const fields = buildUntreatedDocumentsFields();
+ const { user, loading } = useCtxUser();
+ if (loading) {
+ return
Loading...
;
+ }
+
return (
{!!documentIdToUpdateStatus && (
@@ -65,7 +71,7 @@ function UntreatedDocumentsTable(props: {
}
function buildOptionItems(untreatedDocument: apiRouteOutType<'get', 'untreatedDocuments'>[number]) {
- const userRole = localStorage.userHandler.getRole();
+ const userRole = user?.role;
const adminView = localStorage.adminViewHandler.get();
const openAnonymizedDocumentOptionItem = {
@@ -132,7 +138,7 @@ function UntreatedDocumentsTable(props: {
async function onConfirmUpdateDocumentStatus(documentIdToUpdateStatus: documentType['_id']) {
setDocumentIdToUpdateStatus(undefined);
- const userId = localStorage.userHandler.getId();
+ const userId = (user?._id as unknown) as userType['_id'];
if (!userId) {
displayAlert({ text: wordings.business.errors.noUserIdFound, variant: 'alert', autoHide: true });
return;
diff --git a/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/AddUserButton.tsx b/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/AddUserButton.tsx
deleted file mode 100644
index ad65fa8bc..000000000
--- a/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/AddUserButton.tsx
+++ /dev/null
@@ -1,22 +0,0 @@
-import React, { useState } from 'react';
-import { ButtonWithIcon } from 'pelta-design-system';
-import { wordings } from '../../../../wordings';
-import { AddWorkingUserDrawer } from './AddUserDrawer';
-
-export { AddWorkingUserButton };
-
-function AddWorkingUserButton(props: { refetch: () => void }) {
- const [isDrawerOpen, setIsDrawerOpen] = useState(false);
-
- return (
- <>
- setIsDrawerOpen(true)}
- text={wordings.workingUsersPage.createWorkingUserDrawer.title}
- iconName="addPerson"
- />
-
- setIsDrawerOpen(false)} refetch={props.refetch} />
-
- );
-}
diff --git a/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/AddUserDrawer.tsx b/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/AddUserDrawer.tsx
deleted file mode 100644
index c638c8aac..000000000
--- a/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/AddUserDrawer.tsx
+++ /dev/null
@@ -1,197 +0,0 @@
-import React, { useState } from 'react';
-import { userModule, userType } from '@label/core';
-import { apiCaller } from '../../../../api';
-import {
- customThemeType,
- useCustomTheme,
- ButtonWithIcon,
- Drawer,
- LabelledDropdown,
- RichTextInput,
-} from 'pelta-design-system';
-import { wordings } from '../../../../wordings';
-import { WorkingUserCreatedPopUp } from './UserCreatedPopUp';
-import { processNames } from '../../../../utils/';
-
-export { AddWorkingUserDrawer };
-
-const FIELD_WIDTH = 400;
-
-const DRAWER_WIDTH = 600;
-
-type formErrorType = {
- firstName?: boolean;
- lastName?: boolean;
- email?: boolean;
- role?: boolean;
-};
-
-type formValuesType = {
- firstName: string | undefined;
- lastName: string | undefined;
- email: string | undefined;
- role: userType['role'] | undefined;
-};
-
-const INITIAL_FORM_VALUES = {
- firstName: undefined,
- lastName: undefined,
- email: undefined,
- role: undefined,
-};
-
-function AddWorkingUserDrawer(props: { isOpen: boolean; onClose: () => void; refetch: () => void }) {
- const [formValues, setFormValues] = useState(INITIAL_FORM_VALUES);
- const [temporaryPassword, setTemporaryPassword] = useState();
- const [formErrors, setFormErrors] = useState({});
- const [isLoading, setIsLoading] = useState(false);
- const theme = useCustomTheme();
- const styles = buildStyles(theme);
-
- return (
- <>
- {!!temporaryPassword &&
-
-
- );
-
- function onClose() {
- setTemporaryPassword(undefined);
- setFormErrors({});
- setFormValues(INITIAL_FORM_VALUES);
- }
-
- function updateField(field: T, value: formValuesType[T]) {
- setFormValues({ ...formValues, [field]: value });
- if (formErrors[field]) {
- setFormErrors({ ...formErrors, [field]: undefined });
- }
- }
-
- async function addWorkingUser() {
- const { firstName, lastName, email, role } = formValues;
- if (!firstName || !lastName || !email || !role) {
- updateFormErrors();
- return;
- }
- setIsLoading(true);
- try {
- const { data: temporaryPassword } = await apiCaller.post<'createUser'>('createUser', {
- email,
- name: processNames(firstName, lastName),
- role,
- });
- props.refetch();
- props.onClose();
- setTemporaryPassword(temporaryPassword);
- } catch (error) {
- console.warn(error);
- } finally {
- setIsLoading(false);
- }
- }
-
- function updateFormErrors() {
- setFormErrors({
- firstName: !formValues.firstName,
- lastName: !formValues.lastName,
- email: !formValues.email,
- role: !formValues.role,
- });
- }
-}
-
-function buildStyles(theme: customThemeType) {
- return {
- drawer: {
- display: 'flex',
- flexDirection: 'column' as const,
- alignItems: 'center',
- justifyContent: 'space-between',
- width: DRAWER_WIDTH,
- padding: theme.spacing * 6,
- },
- header: {
- display: 'flex',
- justifyContent: 'space-between',
- paddingBottom: theme.spacing * 5,
- borderBottom: 'solid 1px',
- borderBottomColor: theme.colors.separator,
- width: '100%',
- },
- formContainer: {
- paddingTop: theme.spacing * 6,
- width: '100%',
- display: 'flex',
- flexDirection: 'column',
- },
- fieldContainer: {
- marginBottom: theme.spacing * 5,
- },
- field: {
- width: FIELD_WIDTH,
- },
- submitButtonContainer: {
- alignSelf: 'flex-end',
- },
- } as const;
-}
diff --git a/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/UserCreatedPopUp.tsx b/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/UserCreatedPopUp.tsx
deleted file mode 100644
index 3158b0715..000000000
--- a/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/UserCreatedPopUp.tsx
+++ /dev/null
@@ -1,49 +0,0 @@
-import React from 'react';
-import { customThemeType, useCustomTheme, ButtonWithIcon, PopUp, Text } from 'pelta-design-system';
-import { wordings } from '../../../../wordings';
-
-export { WorkingUserCreatedPopUp };
-
-function WorkingUserCreatedPopUp(props: { password: string; onClose: () => void }) {
- const theme = useCustomTheme();
- const styles = buildStyles(theme);
-
- return (
-
-
- );
-}
-
-function buildStyles(theme: customThemeType) {
- return {
- textContainer: { marginBottom: theme.spacing * 9 },
- passwordContainer: {
- display: 'flex',
- alignItems: 'center',
- justifyContent: 'center',
- marginBottom: theme.spacing * 8,
- },
- buttonContainer: {
- display: 'flex',
- justifyContent: 'flex-end',
- },
- };
-}
diff --git a/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/index.ts b/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/index.ts
deleted file mode 100644
index 16a70a5b8..000000000
--- a/packages/generic/client/src/pages/Admin/WorkingUsers/AddUserDrawer/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { AddWorkingUserDrawer } from './AddUserDrawer';
diff --git a/packages/generic/client/src/pages/Admin/WorkingUsers/PasswordResetSuccessPopup.tsx b/packages/generic/client/src/pages/Admin/WorkingUsers/PasswordResetSuccessPopup.tsx
deleted file mode 100644
index 005b5259f..000000000
--- a/packages/generic/client/src/pages/Admin/WorkingUsers/PasswordResetSuccessPopup.tsx
+++ /dev/null
@@ -1,47 +0,0 @@
-import React from 'react';
-import { customThemeType, useCustomTheme, ButtonWithIcon, PopUp, Text } from 'pelta-design-system';
-import { wordings } from '../../../wordings';
-
-export { PasswordResetSuccessPopup };
-
-function PasswordResetSuccessPopup(props: { password: string; onClose: () => void }) {
- const theme = useCustomTheme();
- const styles = buildStyles(theme);
-
- return (
-
-
- );
-}
-
-function buildStyles(theme: customThemeType) {
- return {
- textContainer: { marginBottom: theme.spacing * 9 },
- passwordContainer: {
- display: 'flex',
- alignItems: 'center',
- justifyContent: 'center',
- marginBottom: theme.spacing * 8,
- },
- buttonContainer: {
- display: 'flex',
- justifyContent: 'flex-end',
- },
- };
-}
diff --git a/packages/generic/client/src/pages/Admin/WorkingUsers/WorkingUsers.tsx b/packages/generic/client/src/pages/Admin/WorkingUsers/WorkingUsers.tsx
deleted file mode 100644
index 08e77025b..000000000
--- a/packages/generic/client/src/pages/Admin/WorkingUsers/WorkingUsers.tsx
+++ /dev/null
@@ -1,76 +0,0 @@
-import React from 'react';
-import { apiRouteOutType } from '@label/core';
-import { customThemeType, useCustomTheme, tableRowFieldType } from 'pelta-design-system';
-import { heights, widths } from '../../../styles';
-import { wordings } from '../../../wordings';
-import { AddWorkingUserButton } from './AddUserDrawer/AddUserButton';
-import { WorkingUsersTable } from './WorkingUsersTable';
-
-export { WorkingUsers };
-
-function WorkingUsers(props: { workingUsers: apiRouteOutType<'get', 'workingUsers'>; refetch: () => void }) {
- const theme = useCustomTheme();
- const styles = buildStyles(theme);
- const userFields = buildUserFields();
- return (
- [number]>> = [
- {
- id: 'name',
- title: wordings.workingUsersPage.table.columnTitles.name,
- canBeSorted: true,
- extractor: (workingUser) => workingUser.name,
- width: 10,
- },
- {
- id: 'email',
- title: wordings.workingUsersPage.table.columnTitles.email,
- canBeSorted: true,
- extractor: (workingUser) => workingUser.email,
- width: 10,
- },
- {
- id: 'role',
- title: wordings.workingUsersPage.table.columnTitles.role,
- canBeSorted: true,
- extractor: (workingUser) => wordings.business.userRoles[workingUser.role],
- width: 10,
- },
- ];
- return usersFields;
- }
-
- function buildStyles(theme: customThemeType) {
- return {
- tableHeaderContainer: {
- height: heights.adminTreatmentsTableHeader,
- },
- tableHeader: {
- paddingTop: theme.spacing * 4,
- display: 'flex',
- justifyContent: 'flex-end',
- },
- tableContentContainer: {
- height: heights.adminTreatmentsTable,
- overflowY: 'auto',
- },
- table: {
- width: widths.adminContent,
- paddingLeft: theme.spacing * 3,
- paddingRight: theme.spacing * 2,
- },
- } as const;
- }
-}
diff --git a/packages/generic/client/src/pages/Admin/WorkingUsers/WorkingUsersTable.tsx b/packages/generic/client/src/pages/Admin/WorkingUsers/WorkingUsersTable.tsx
deleted file mode 100644
index 8cd77d563..000000000
--- a/packages/generic/client/src/pages/Admin/WorkingUsers/WorkingUsersTable.tsx
+++ /dev/null
@@ -1,115 +0,0 @@
-import React, { useState } from 'react';
-import { apiRouteOutType, userType } from '@label/core';
-import { ConfirmationPopup, Table, tableRowFieldType } from 'pelta-design-system';
-import { wordings } from '../../../wordings';
-import { apiCaller } from '../../../api';
-import { PasswordResetSuccessPopup } from './PasswordResetSuccessPopup';
-
-export { WorkingUsersTable };
-
-function WorkingUsersTable(props: {
- fields: Array[number]>>;
- refetch: () => void;
- workingUsers: apiRouteOutType<'get', 'workingUsers'>;
-}) {
- const [newPassword, setNewPassword] = useState();
- const [resetPasswordUserId, setResetPasswordUserId] = useState();
- const [deleteUserId, setDeleteUserId] = useState();
- const styles = buildStyles();
-
- return (
- (props: {
case 'error':
switch (fetchedData.error) {
case 'authentication':
- localStorage.bearerTokenHandler.remove();
- localStorage.userHandler.remove();
return buildLoginRedirectionPage();
case 'unknown':
return buildErrorPage();
diff --git a/packages/generic/client/src/pages/ErrorPage/ErrorPage.tsx b/packages/generic/client/src/pages/ErrorPage/ErrorPage.tsx
index 8f9ab7e4e..a16ca04c7 100644
--- a/packages/generic/client/src/pages/ErrorPage/ErrorPage.tsx
+++ b/packages/generic/client/src/pages/ErrorPage/ErrorPage.tsx
@@ -1,10 +1,10 @@
import React from 'react';
import { useHistory } from 'react-router';
import { customThemeType, useCustomTheme, ButtonWithIcon, Icon, Text } from 'pelta-design-system';
-import { localStorage } from '../../services/localStorage';
import { wordings } from '../../wordings';
-import { routes } from '../routes';
import format from 'string-template';
+import { urlHandler } from '../../utils';
+import { localStorage } from '../../services/localStorage';
export { ErrorPage };
@@ -40,10 +40,8 @@ function ErrorPage(props: { route?: string; errorCode?: number }) {
);
function logout() {
- localStorage.bearerTokenHandler.remove();
- localStorage.userHandler.remove();
localStorage.adminViewHandler.remove();
- history.push(routes.LOGIN.getPath());
+ window.location.replace(urlHandler.getSsoLogoutUrl());
}
function reload() {
diff --git a/packages/generic/client/src/pages/Login/Login.tsx b/packages/generic/client/src/pages/Login/Login.tsx
index d205b60af..54be3db7d 100644
--- a/packages/generic/client/src/pages/Login/Login.tsx
+++ b/packages/generic/client/src/pages/Login/Login.tsx
@@ -1,11 +1,8 @@
-import { idModule } from '@label/core';
-import React, { FunctionComponent } from 'react';
+import React, { FunctionComponent, useEffect } from 'react';
import { useHistory } from 'react-router-dom';
-import { customThemeType, useCustomTheme, LoginForm } from 'pelta-design-system';
-import { apiCaller } from '../../api';
+import { customThemeType, useCustomTheme } from 'pelta-design-system';
import { Logo } from '../../components';
-import { localStorage } from '../../services/localStorage';
-import { routes } from '../routes';
+import { urlHandler } from '../../utils';
export { Login };
@@ -13,26 +10,20 @@ const Login: FunctionComponent = () => {
const history = useHistory();
const theme = useCustomTheme();
const styles = buildStyles(theme);
+ useEffect(() => {
+ // URL backend qui déclenche la redirection SAML (à mettre en variable d'env)
+ window.location.href = urlHandler.getSsoLoginUrl();
+ }, [history]);
return (
-
-
{({ settings }) =>
@@ -44,7 +41,7 @@ function Router() {
({ problemReport }) => !problemReport.hasBeenRead,
).length;
const toBeConfirmedDocumentsCount = adminInfos.toBeConfirmedDocuments.length;
- const userRole = localStorage.adminViewHandler.get() || localStorage.userHandler.getRole();
+ const userRole = localStorage.adminViewHandler.get() || user?.role;
if (userRole !== 'admin' && userRole !== 'scrutator') {
return <>;
}
@@ -77,18 +74,6 @@ function Router() {
/>
- {userRole === 'admin' && (
-
-
-
-
- )}
@@ -186,44 +172,54 @@ function Router() {
);
}
-const AuthenticatedRoute: FunctionComponent = ({ children, ...rest }: RouteProps) => (
-
- isAuthenticated() ? (
- children
- ) : (
+const AuthenticatedRoute: FunctionComponent = ({ children, ...rest }: RouteProps) => {
+ const { user, loading } = useCtxUser();
+ if (loading) {
+ return
+ user ? (
+ children
+ ) : (
+ = ({ ...props }: RouteProps) => {
+ const { user, loading } = useCtxUser();
+
+ if (loading) {
+ return (
= ({ ...props }: RouteProps) => (
- (
- = ({ children, ...rest }: RouteProps) => (
-
- !isAuthenticated() ? (
- children
- ) : (
- = ({ children, ...rest }: RouteProps) => {
+ const { user, loading } = useCtxUser();
+ if (loading) {
+ return
+ !user ? (
+ children
+ ) : (
+ ) {
- localStorageHandler.set({ key: USER_ID_STORAGE_KEY, value: _id, mapper: localStorageMappers.id });
- localStorageHandler.set({ key: USER_EMAIL_STORAGE_KEY, value: email, mapper: localStorageMappers.string });
- localStorageHandler.set({ key: USER_NAME_STORAGE_KEY, value: name, mapper: localStorageMappers.string });
- localStorageHandler.set({ key: USER_ROLE_STORAGE_KEY, value: role, mapper: localStorageMappers.string });
-}
-
-function setPasswordTimeValidityStatus(passwordTimeValidityStatus: passwordTimeValidityStatusType) {
- localStorageHandler.set({
- key: USER_PASSWORD_TIME_VALIDITY_STATUS_STORAGE_KEY,
- value: passwordTimeValidityStatus,
- mapper: localStorageMappers.string,
- });
-}
-
-function remove() {
- localStorageHandler.set({ key: USER_ID_STORAGE_KEY, value: undefined, mapper: localStorageMappers.id });
- localStorageHandler.set({ key: USER_EMAIL_STORAGE_KEY, value: undefined, mapper: localStorageMappers.string });
- localStorageHandler.set({ key: USER_NAME_STORAGE_KEY, value: undefined, mapper: localStorageMappers.string });
- localStorageHandler.set({ key: USER_ROLE_STORAGE_KEY, value: undefined, mapper: localStorageMappers.string });
- localStorageHandler.set({
- key: USER_PASSWORD_TIME_VALIDITY_STATUS_STORAGE_KEY,
- value: undefined,
- mapper: localStorageMappers.string,
- });
-}
-
-function getId() {
- return localStorageHandler.get({ key: USER_ID_STORAGE_KEY, mapper: localStorageMappers.id });
-}
-
-function getEmail() {
- return localStorageHandler.get({ key: USER_EMAIL_STORAGE_KEY, mapper: localStorageMappers.string });
-}
-
-function getName() {
- return localStorageHandler.get({ key: USER_NAME_STORAGE_KEY, mapper: localStorageMappers.string });
-}
-
-function getRole() {
- return localStorageHandler.get({ key: USER_ROLE_STORAGE_KEY, mapper: localStorageMappers.string }) as
- | userType['role']
- | undefined;
-}
-
-function getPasswordTimeValidityStatus() {
- return localStorageHandler.get({
- key: USER_PASSWORD_TIME_VALIDITY_STATUS_STORAGE_KEY,
- mapper: localStorageMappers.string,
- }) as passwordTimeValidityStatusType | undefined;
-}
diff --git a/packages/generic/client/src/utils/urlHandler.ts b/packages/generic/client/src/utils/urlHandler.ts
index 40857fb74..2321e298a 100644
--- a/packages/generic/client/src/utils/urlHandler.ts
+++ b/packages/generic/client/src/utils/urlHandler.ts
@@ -10,4 +10,12 @@ const urlHandler = {
return serverPort ? `${clientProtocol}//${clientHostname}:${serverPort}` : `${clientProtocol}//${clientHostname}`;
},
+
+ getSsoLoginUrl() {
+ return `${this.getApiUrl()}/label/api/sso/login`;
+ },
+
+ getSsoLogoutUrl() {
+ return `${this.getApiUrl()}/label/api/sso/logout`;
+ },
};
diff --git a/packages/generic/client/src/wordings/fr.ts b/packages/generic/client/src/wordings/fr.ts
index c6deb2bc1..aefe4fa04 100644
--- a/packages/generic/client/src/wordings/fr.ts
+++ b/packages/generic/client/src/wordings/fr.ts
@@ -1,55 +1,6 @@
export { fr };
const fr = {
- workingUsersPage: {
- header: {
- title: 'Administration',
- subtitle: 'Gestion des agents',
- },
- createWorkingUserDrawer: {
- title: 'Créer un agent',
- fields: {
- firstName: 'Prénom',
- lastName: 'Nom',
- email: 'Email',
- role: 'Sélectionnez un rôle',
- },
- submit: "Créer l'agent",
- createdWorkingUserPopup: {
- createdWorkingUserConfirmation: "L'agent a bien été créé.",
- passwordIndication:
- 'Veuillez noter et lui transmettre le mot de passe temporaire suivant. Ce mot de passe doit être changé dès la première connexion afin d’assurer la sécurité du système.',
- button: "C'est noté",
- },
- },
- table: {
- columnTitles: {
- name: 'Nom',
- email: 'E-mail',
- role: 'Habilitation',
- },
- optionItems: {
- activate: 'Activer',
- deactivate: 'Désactiver',
- delete: 'Supprimer...',
- resetPassword: 'Réinitialiser le mot de passe',
- },
- deleteUserConfirmationPopup: {
- text:
- 'Cette action supprimera cet utilisateur. Ses statistiques seront cependant toujours présentes en base de données. Cette action est irréversible, souhaitez-vous continuer ?',
- },
- passwordResetSuccessPopup: {
- passwordResetConfirmation: 'Le mot de passe a bien été réinitialisé',
- passwordIndication:
- 'Veuillez noter et lui transmettre son nouveau mot de passe ci-après. Ce mot de passe doit être changé dès la première connexion afin d’assurer la sécurité du système.',
- button: "C'est noté",
- },
- passwordResetConfirmationPopup: {
- text:
- "Cette action supprimera l'ancien mot de passe et vous affichera un nouveau mot de passe que vous devrez transmettre à l'agent.",
- },
- },
- },
business: {
account: 'Compte',
adminViews: {
@@ -61,8 +12,6 @@ const fr = {
scrutator: 'Vue scrutateur',
},
},
- changePassword: 'Modifier le mot de passe',
- confirmPassword: 'Confirmer le nouveau mot de passe',
decisionNumberPlaceholder: 'Rechercher...',
decisionNumberHint: 'Numéro de décision à rechercher',
documentReviewFilterStatus: {
@@ -175,11 +124,6 @@ const fr = {
},
},
problemReportType: { bug: 'Bug', annotationProblem: "Problème lié à l'annotation", suggestion: 'Suggestion' },
- newPassword: 'Nouveau mot de passe',
- newPasswordsDontMatch: 'Les nouveaux mots de passe ne correspondent pas',
- newPasswordInstructions:
- 'Le mot de passe doit contenir au moins 8 caractères dont 2 minuscules, 2 majuscules, 2 chiffres et 2 caractères spéciaux',
- previousPassword: 'Ancien mot de passe',
update: 'Mettre à jour',
userRoles: {
admin: 'Administrateur',
@@ -187,7 +131,6 @@ const fr = {
publicator: 'Publicateur',
scrutator: 'Scrutateur',
},
- wrongPassword: 'Le mot de passe est erroné',
},
homePage: {
anonymisedView: 'Vue anonymisée',
@@ -254,14 +197,6 @@ const fr = {
},
validate: 'Valider',
},
- loginPage: {
- login: 'Connexion',
- email: 'E-mail',
- forgottenPassword: "En cas d'oubli de votre mot de passe, veuillez contacter votre administrateur.",
- password: 'Mot de passe',
- pleaseTryAgain: 'Veuillez réessayer.',
- wrongEmailOrPassword: "L'email et/ou le mot de passe sont erronés.",
- },
errorPage: {
title: 'Une erreur est survenue...',
errorCode: 'Erreur {code}',
@@ -291,7 +226,6 @@ const fr = {
refresh: 'Rafraîchir',
moreOptions: "Plus d'options",
or: 'ou',
- passwordChangedConfirmation: { text: 'Votre mot de passe a été modifié.', button: 'OK' },
settingsDrawer: {
displayMode: "Type d'affichage",
darkMode: 'Mode sombre',
@@ -348,10 +282,6 @@ const fr = {
submit: 'Créer la pré-assignation',
},
},
- resetPasswordPage: {
- popup:
- "Votre mot de passe n'a pas été mis à jour depuis plus de 6 mois. Pour des raisons de sécurité, il vous est demandé d'en renseigner un nouveau respectant les règles du PSSI.",
- },
publishableDocumentsPage: {
title: 'Arrêts P',
confirmationDocumentAlert: "Pour information : Il y a {count} décision(s) en confirmation de lecture aujourd'hui.",
diff --git a/packages/generic/core/src/api/apiSchema.ts b/packages/generic/core/src/api/apiSchema.ts
index 7f9fd455e..6ffd75faa 100644
--- a/packages/generic/core/src/api/apiSchema.ts
+++ b/packages/generic/core/src/api/apiSchema.ts
@@ -576,7 +576,6 @@ const apiSchema = {
content: {
_id: userModule.models.user.content._id,
email: userModule.models.user.content.email,
- isActivated: userModule.models.user.content.isActivated,
name: userModule.models.user.content.name,
role: userModule.models.user.content.role,
},
@@ -611,16 +610,6 @@ const apiSchema = {
},
out: documentModule.fetchedModel,
},
- changePassword: {
- in: {
- previousPassword: buildModel({ kind: 'primitive', content: 'string' } as const),
- newPassword: buildModel({ kind: 'primitive', content: 'string' } as const),
- },
- out: buildModel({
- kind: 'constant',
- content: ['notValidNewPassword', 'passwordUpdated', 'wrongPassword'] as const,
- } as const),
- },
createUser: {
in: {
name: buildModel({
@@ -671,29 +660,6 @@ const apiSchema = {
content: 'void',
} as const),
},
- login: {
- in: {
- email: buildModel({
- kind: 'primitive',
- content: 'string',
- } as const),
- password: buildModel({
- kind: 'primitive',
- content: 'string',
- } as const),
- },
- out: buildModel({
- kind: 'object',
- content: {
- _id: userModule.models.user.content._id,
- email: userModule.models.user.content.email,
- name: userModule.models.user.content.name,
- role: userModule.models.user.content.role,
- token: { kind: 'primitive', content: 'string' },
- passwordTimeValidityStatus: userModule.models.passwordTimeValidityStatus,
- },
- } as const),
- },
problemReport: {
in: {
documentId: buildModel({
@@ -723,18 +689,6 @@ const apiSchema = {
content: 'void',
} as const),
},
- resetPassword: {
- in: {
- userId: buildModel({
- kind: 'custom',
- content: 'id',
- } as const),
- },
- out: buildModel({
- kind: 'primitive',
- content: 'string',
- } as const),
- },
resetTreatmentLastUpdateDate: {
in: {
assignationId: buildModel({
@@ -747,31 +701,6 @@ const apiSchema = {
content: 'void',
} as const),
},
- setDeletionDateForUser: {
- in: {
- userId: buildModel({
- kind: 'custom',
- content: 'id',
- } as const),
- },
- out: buildModel({
- kind: 'primitive',
- content: 'void',
- } as const),
- },
- setIsActivatedForUser: {
- in: {
- userId: buildModel({
- kind: 'custom',
- content: 'id',
- } as const),
- isActivated: userModule.models.user.content.isActivated,
- },
- out: buildModel({
- kind: 'primitive',
- content: 'void',
- } as const),
- },
updateAssignationDocumentStatus: {
in: {
assignationId: buildModel({
diff --git a/packages/generic/core/src/modules/index.ts b/packages/generic/core/src/modules/index.ts
index e77ee63a9..c18405dd2 100644
--- a/packages/generic/core/src/modules/index.ts
+++ b/packages/generic/core/src/modules/index.ts
@@ -20,7 +20,8 @@ import {
} from './settings';
import { statisticModule, statisticType } from './statistic';
import { treatmentType, treatmentModule, treatmentInfoType } from './treatment';
-import { userModule, userType, passwordTimeValidityStatusType } from './user';
+import { userModule, userType } from './user';
+
export {
annotationModule,
annotationReportModule,
@@ -62,7 +63,6 @@ export type {
categoryIconNameType,
userType,
replacementTermType,
- passwordTimeValidityStatusType,
treatmentType,
treatmentInfoType,
};
diff --git a/packages/generic/core/src/modules/user/generator/userGenerator.ts b/packages/generic/core/src/modules/user/generator/userGenerator.ts
index 44aa7612a..eeb227ab7 100644
--- a/packages/generic/core/src/modules/user/generator/userGenerator.ts
+++ b/packages/generic/core/src/modules/user/generator/userGenerator.ts
@@ -5,14 +5,10 @@ import { userType } from '../userType';
export { userGenerator };
const userGenerator: generatorType = {
- generate: ({ deletionDate, email, hashedPassword, _id, isActivated, name, passwordLastUpdateDate, role } = {}) => ({
- email: email ? email : 'EMAIL',
- deletionDate: deletionDate || undefined,
- hashedPassword: hashedPassword ? hashedPassword : 'HASHED_PASSWORD',
+ generate: ({ email, _id, name, role } = {}) => ({
+ email: email || 'EMAIL',
_id: _id ? idModule.lib.buildId(_id) : idModule.lib.buildId(),
- isActivated: isActivated !== undefined ? isActivated : true,
- name: name ? name : 'NAME',
- passwordLastUpdateDate: passwordLastUpdateDate ? passwordLastUpdateDate : new Date().getTime(),
- role: role ? role : 'annotator',
+ name: name || 'NAME',
+ role: role || 'annotator',
}),
};
diff --git a/packages/generic/core/src/modules/user/index.ts b/packages/generic/core/src/modules/user/index.ts
index e7a925985..e9227d179 100644
--- a/packages/generic/core/src/modules/user/index.ts
+++ b/packages/generic/core/src/modules/user/index.ts
@@ -1,13 +1,13 @@
import { userGenerator } from './generator';
import { userLib } from './lib';
-import { userModel, userType, passwordTimeValidityStatusType, passwordTimeValidityStatusModel } from './userType';
+import { userModel, userType } from './userType';
export { userModule };
-export type { userType, passwordTimeValidityStatusType };
+export type { userType };
const userModule = {
- models: { user: userModel, passwordTimeValidityStatus: passwordTimeValidityStatusModel },
+ models: { user: userModel },
generator: userGenerator,
lib: userLib,
};
diff --git a/packages/generic/core/src/modules/user/lib/buildUser.ts b/packages/generic/core/src/modules/user/lib/buildUser.ts
index 4b8063526..4a7517943 100644
--- a/packages/generic/core/src/modules/user/lib/buildUser.ts
+++ b/packages/generic/core/src/modules/user/lib/buildUser.ts
@@ -1,24 +1,21 @@
import { idModule } from '../../id';
import { userType } from '../userType';
-import { authenticator } from './authenticator';
export { buildUser };
async function buildUser({
email,
name,
- password,
role,
}: {
email: string;
name: string;
- password: string;
role: userType['role'];
}): Promise {
- const baseUser = await authenticator.buildBaseUser({ email, name, password });
return {
- ...baseUser,
_id: idModule.lib.buildId(),
+ email,
+ name,
role,
};
}
diff --git a/packages/generic/core/src/modules/user/lib/index.ts b/packages/generic/core/src/modules/user/lib/index.ts
index b3af134a9..72e0cb0dd 100644
--- a/packages/generic/core/src/modules/user/lib/index.ts
+++ b/packages/generic/core/src/modules/user/lib/index.ts
@@ -6,11 +6,8 @@ const userLib = {
assertAuthorization: authenticator.assertAuthorization,
assertPermissions,
buildUser,
- computeHashedPassword: authenticator.computeHashedPassword,
extractUserIdFromAuthorizationHeader: authenticator.extractUserIdFromAuthorizationHeader,
formatEmail: authenticator.formatEmail,
- getTokenForUser: authenticator.getTokenForUser,
- passwordHandler: authenticator.passwordHandler,
};
export { userLib };
diff --git a/packages/generic/core/src/modules/user/userType.ts b/packages/generic/core/src/modules/user/userType.ts
index 56988c567..7b3a8200c 100644
--- a/packages/generic/core/src/modules/user/userType.ts
+++ b/packages/generic/core/src/modules/user/userType.ts
@@ -1,27 +1,16 @@
-import { passwordTimeValidityStatus } from 'sder-core';
import { idType } from '../id';
import { buildModel, buildType } from '../modelType';
-export { userModel, passwordTimeValidityStatusModel };
+export { userModel };
-export type { userType, passwordTimeValidityStatusType };
+export type { userType };
const userModel = buildModel({
kind: 'object',
content: {
_id: { kind: 'custom', content: 'id' },
- deletionDate: {
- kind: 'or',
- content: [
- { kind: 'primitive', content: 'number' },
- { kind: 'primitive', content: 'undefined' },
- ],
- },
email: { kind: 'primitive', content: 'string' },
- hashedPassword: { kind: 'primitive', content: 'string' },
- isActivated: { kind: 'primitive', content: 'boolean' },
name: { kind: 'primitive', content: 'string' },
- passwordLastUpdateDate: { kind: 'primitive', content: 'number' },
role: {
kind: 'constant',
content: ['admin', 'annotator', 'publicator', 'scrutator'] as const,
@@ -29,7 +18,4 @@ const userModel = buildModel({
},
} as const);
-const passwordTimeValidityStatusModel = buildModel({ kind: 'constant', content: passwordTimeValidityStatus });
-
type userType = buildType;
-type passwordTimeValidityStatusType = buildType;
diff --git a/packages/generic/sso/.eslintrc.json b/packages/generic/sso/.eslintrc.json
new file mode 100644
index 000000000..fc8016b6b
--- /dev/null
+++ b/packages/generic/sso/.eslintrc.json
@@ -0,0 +1,35 @@
+{
+ "extends": [
+ "plugin:react/recommended", // Uses the recommended rules from @eslint-plugin-react
+ "plugin:@typescript-eslint/recommended", // Uses the recommended rules from @typescript-eslint/eslint-plugin
+ "prettier/@typescript-eslint", // Uses eslint-config-prettier to disable ESLint rules from @typescript-eslint/eslint-plugin that would conflict with prettier
+ "plugin:prettier/recommended" // Enables eslint-plugin-prettier and eslint-config-prettier. This will display prettier errors as ESLint errors. Make sure this is always the last configuration in the extends array.
+ ],
+ "parser": "@typescript-eslint/parser", // Specifies the ESLint parser
+ "parserOptions": {
+ "ecmaFeatures": {
+ "jsx": true // Allows for the parsing of JSX
+ },
+ "project": "tsconfig.json",
+ "ecmaVersion": 2020, // Allows for the parsing of modern ECMAScript features
+ "sourceType": "module" // Allows for the use of imports
+ },
+ "rules": {
+ // Place to specify ESLint rules. Can be used to overwrite rules specified from the extended configs
+ // e.g. "@typescript-eslint/explicit-function-return-type": "off",
+ "no-console": ["error", { "allow": ["warn", "error"] }],
+ "react/jsx-key": "off",
+ "react/display-name": "off",
+ "@typescript-eslint/no-empty-function": "off",
+ "@typescript-eslint/no-unused-vars": 2,
+ "@typescript-eslint/no-unsafe-assignment": 2,
+ "@typescript-eslint/no-unsafe-call": 2,
+ "@typescript-eslint/no-unsafe-member-access": 2,
+ "@typescript-eslint/no-unsafe-return": 2
+ },
+ "settings": {
+ "react": {
+ "version": "detect" // Tells eslint-plugin-react to automatically detect the version of React to use
+ }
+ }
+}
diff --git a/packages/generic/sso/.prettierrc.js b/packages/generic/sso/.prettierrc.js
new file mode 100644
index 000000000..73313fa59
--- /dev/null
+++ b/packages/generic/sso/.prettierrc.js
@@ -0,0 +1,7 @@
+module.exports = {
+ printWidth: 120,
+ semi: true,
+ singleQuote: true,
+ tabWidth: 2,
+ trailingComma: 'all',
+};
diff --git a/packages/generic/sso/README.fr.md b/packages/generic/sso/README.fr.md
new file mode 100644
index 000000000..e084573e3
--- /dev/null
+++ b/packages/generic/sso/README.fr.md
@@ -0,0 +1,291 @@
+# Module SSO
+Ce service implémente l'authentification unique (SSO) via **SAML 2** en de basant sur le framework **NestJS** et la bibliothèque `samlify`.
+Il gère l'authentification avec un fournisseur d'identité (IdP) tel que **Keycloak**, **Pages Blanches** ou tout autre fournisseur compatible SAML.
+Le service utilise la librairie **SAMLify** pour s'interfacer avec le SSO et faciliter la gestion des requêtes et des réponses SAML.
+
+
+## Workflow
+
+
+
+Le diagramme ci-dessous illustre l'interaction entre l'application Label et le SSO Pages Blanches pour l'authentification.
+
+
+
+1. Lorsqu'un utilisateur accède à LABEL, le frontend interroge le backend pour vérifier son authentification. Si l'utilisateur n'est pas authentifié, le backend redirige vers le fournisseur d'identité (IdP) avec les paramètres nécessaires.
+
+
+2. L'utilisateur se connecte sur la page SSO et, après authentification, le fournisseur d'identité génère et envoie une assertion SAML au backend de LABEL via l'URL de l'ACS.
+
+
+3. Le backend valide l'assertion SAML pour garantir l'intégrité des données et la conformité de la signature numérique.
+
+
+4. Après validation, l'accès aux ressources sécurisées est accordé, permettant à l'utilisateur de poursuivre sa session authentifiée.
+
+
+
+## Prérequis
+
+- **Node.js** (version 16 ou plus récente)
+- **NestJS**
+- **SAMLify** : Bibliothèque pour gérer les interactions avec SAML 2.
+- Un **Identity Provider (IdP)** compatible SAML 2.0 (par ex. Keycloak, Pages Blanches)
+- Le fichier `sso_idp_metadata.xml` contient la configuration de l'Identity Provider.
+- Le fichier `.env` contient les variables d'environnement nécessaires au fonctionnement du module.
+
+## Technologies
+
+- **NestJS** : Framework pour construire des applications Node.js performantes.
+- **TypeScript** : Langage de programmation pour un typage statique.
+- **Jest** : Framework de tests pour JavaScript.
+- **Prettier** : Outil de formatage de code.
+- **ESLint** : Outil de linting pour identifier et reporter les motifs dans le code JavaScript.
+
+## Dépendances
+### Le module SSO utilise les dépendances suivantes :
+- `@nestjs/common`
+- `@nestjs/core`
+- `@nestjs/config`
+- `@authenio/samlify-node-xmllint`
+- `@nestjs/platform-express`
+- `body-parser`
+- `dotenv`
+- `reflect-metadata`
+- `samlify`
+
+### Pré-requis
+
+- Installer [nvm](https://github.com/nvm-sh/nvm) afin d'avoir la version utilisée pour cette application et lancer la commande :
+
+```bash
+nvm install
+```
+
+### Installation
+
+Pour installer les packages nécessaires au bon fonctionnement de l'application, ouvrir un terminal et executer la commande suivante :
+
+```bash
+npm install
+```
+
+## Configuration
+### Configurer les variables d'environnement:
+
+ Les variables d'environnement nécessaires au fonctionnement du SSO doivent être configurées dans le fichier [docker.env.example](../../../docker.env.example) / [.env.example](../../../.env.example), situé à la racine du projet principal. Ce fichier doit ensuite être renommé en docker.env ou .env, selon le besoin, adapter les variables d'environnement si besoin
+
+# Configuration du Service Provider (SP)
+ Les instructions spécifiques à la configuration du fournisseur d'identité (IdP) et du fournisseur de services (SP) sont détaillées dans le document suivant : `MANU_SSO_Configuration_IDP_SAML_VM_Test_V1.1.odt`
+
+- SSO_SP_ENTITY_ID: Identifiant unique du SP (ie: SP-LABEL)
+- SSO_SP_ASSERTION_CONSUMER_SERVICE_LOCATION: URL où le SP reçoit les assertions SAML après authentification
+- SSO_SP_PRIVATE_KEY: Clé privée du Service Provider utilisée pour signer et déchiffrer les messages SAML échangés avec l'Identity Provider
+
+### Génération d'une Clé Privée et d'un Certificat Auto-Signé pour SAML
+
+Cette partie décrit les étapes nécessaires pour générer une clé privée et un certificat auto-signé à l'aide d'OpenSSL, qui peuvent être utilisés pour configurer un Service Provider (SP) dans un environnement SAML.
+
+**Veuillez noter que l'utilisation de certificats auto-signés est généralement destinée aux environnements de développement ou de test. En production, il est fortement recommandé d'utiliser un certificat émis par une autorité de certification (CA) de confiance pour garantir la sécurité et la validité des communications.**
+
+#### Prérequis
+
+- **OpenSSL**: Assurez-vous qu'OpenSSL est installé sur votre système. Vous pouvez le télécharger et l'installer à partir du site officiel ou utiliser un gestionnaire de paquets.
+
+#### Étapes de Génération
+
+1. **Installer OpenSSL**:
+
+```sh
+ sudo apt-get update
+ sudo apt-get install openssl
+```
+2. **Générer une Clé Privée**
+```sh
+ openssl genrsa -out privatekey.pem 2048
+```
+3. **Générer un Certificat Auto-Signé**
+
+Utilisez la clé privée pour créer un certificat auto-signé
+```sh
+ openssl req -new -x509 -key privatekey.pem -out certificate.pem
+```
+Intégrez la clé privée ainsi que le certificat auto-signé dans la configuration de votre application. Par exemple, cela peut être réalisé dans votre fichier de configuration SAML
+```typescript
+const spProps = {
+ entityID: process.env.SSO_SP_ENTITY_ID,
+ assertionConsumerService: [
+ {
+ Binding: samlify.Constants.namespace.binding.post,
+ Location: process.env.SSO_SP_ASSERTION_CONSUMER_SERVICE_LOCATION,
+ },
+ ],
+ privateKey: fs.readFileSync('path/to/privatekey.pem', 'utf8'),
+ signingCert: fs.readFileSync('path/to/certificate.pem', 'utf8'),
+ authnRequestsSigned: true,
+ wantAssertionsSigned: true,
+};
+```
+
+# Configuration de l'Identity Provider (IdP)
+- SSO_IDP_METADATA: Fichier XML contenant les métadonnées du IdP (Entity ID, certificats, endpoints).
+- SSO_IDP_SINGLE_SIGN_ON_SERVICE_LOCATION: URL du SSO où le Service Provider redirige les utilisateurs pour l'authentification.
+- SSO_IDP_SINGLE_LOGOUT_SERVICE_LOCATION: URL permettant la déconnexion des utilisateurs
+
+
+## Scripts
+- Voici une liste des scripts disponibles dans `package.json` :
+
+| Commande | Description |
+|--------------------|-----------------------------------------------------------------------------------------------|
+| `build` | Clean et compile l'application NestJS. |
+| `compile` | Compile l'application NestJS. |
+| `format` | Vérifie le formatage du code avec Prettier. |
+| `lint` | Vérifie le code TypeScript avec ESLint. |
+| `test` | Exécute les tests unitaires et d'intégration. |
+| `test:watch` | Exécute les tests en mode interactif avec surveillance des changements. |
+| `test:coverage` | Exécute les tests avec génération de rapports de couverture. |
+| `fix` | Corrige les erreurs de formatage avec ESLint et Prettier. |
+
+## Tests
+- Pour exécuter les tests, utilisez la commande suivante :
+
+```bash
+npm run test
+```
+
+- Pour exécuter les tests en mode interactif :
+
+```bash
+ npm run test:watch
+ ```
+
+- Pour exécuter les tests avec un rapport de couverture :
+
+```bash
+ npm run test:cov
+ ```
+
+## Fonctionnalités
+
+### Génération des métadonnées
+
+
+
+>La méthode ***generateMetadata()*** permet de générer et de récupérer les métadonnées du Service Provider (SP).
+
+
+### Création d'une URL de demande de connexion
+
+
+>La méthode ***createLoginRequestUrl()*** génère une URL pour initier la procédure de connexion via SAML 2.
+
+
+### Analyse et traitement de la réponse SAML 2
+
+
+>La méthode ***parseResponse()*** permet d'analyser et de traiter la réponse SAML reçue du IdP après une tentative de connexion.
+
+
+### Création d'une URL de demande de déconnexion
+
+
+>La méthode ***createLogoutRequestUrl(user)*** permet de créer une URL de déconnexion basée sur les informations d'utilisateur (nameID).
+
+
+## Utilisation
+L'exemple ci-dessous illustre l'utilisation du module SSO dans une application NestJs.
+
+
+### Gestion de la session
+Exemple d'implémentation de la gestion des sessions utilisateurs avec express-session.
+
+#### Installation
+```sh
+npm install express-session
+```
+
+#### Configuration de la session
+Dans votre application NestJS, procédez à la configuration d'express-session dans le fichier principal (par exemple, main.ts) comme suit :
+```typescript
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+import * as session from 'express-session';
+
+async function bootstrap() {
+ const app = await NestFactory.create(AppModule);
+
+ app.use(session({
+ secret: 'votre_secret', // Remplacez par un secret fort
+ resave: false,
+ saveUninitialized: false,
+ cookie: { secure: false }, // Mettez à true en production si vous utilisez HTTPS
+ }));
+
+ await app.listen(3000);
+}
+bootstrap();
+
+```
+
+#### Initialisation du service
+Intégrez SamlService en l'injectant dans votre contrôleur ou service NestJS afin de l'utiliser de manière optimale.
+```typescript
+import { SamlService } from './saml.service';
+
+@Controller('auth')
+export class AuthController {
+ constructor(private readonly samlService: SamlService) {}
+
+ @Get('login')
+ async login(@Res() res: Response) {
+ const loginUrl = await this.samlService.createLoginRequestUrl();
+ return res.redirect(loginUrl);
+ }
+
+ @Post('sso/acs')
+ async handleSSO(@Req() req: Request) {
+ const response = await this.samlService.parseResponse(req);
+ req.session.user = response; // Enregistrer l'utilisateur dans la session
+ return response; // Traiter la réponse selon votre logique
+ }
+
+ @Get('logout')
+ async logout(@Req() req: Request, @Res() res: Response) {
+ const logoutUrl = await this.samlService.createLogoutRequestUrl(req.session.user);
+ req.session.destroy(); // Détruire la session
+ return res.redirect(logoutUrl);
+ }
+}
+```
+
+1. **Méthode de Connexion**
+
+ Endpoint : ***GET /auth/login***
+
+ Cette méthode initie le processus de connexion en redirigeant l'utilisateur vers l'URL de demande de connexion SAML.
+
+>##### Fonctionnement
+>Lorsqu'un utilisateur accède à l'endpoint /auth/login, la méthode login est appelée.
+La méthode utilise le service SAML (SamlService) pour générer une URL de demande de connexion.
+L'utilisateur est ensuite redirigé vers cette URL pour procéder à l'authentification.
+
+2. **Méthode de Gestion des Réponses SSO**
+ Endpoint : ***POST /auth/sso/acs***
+
+ Cette méthode gère les réponses du SSO après que l'utilisateur se soit authentifié.
+
+>#### Fonctionnement
+>Lorsque l'utilisateur est authentifié, le SSO redirige vers l'endpoint /auth/sso/acs avec une réponse SAML.
+La méthode handleSSO est appelée, qui utilise le service SAML pour analyser la réponse.
+Les informations de l'utilisateur sont extraites de la réponse et stockées dans la session.
+
+3. **Méthode de Déconnexion**
+ Endpoint : ***GET /auth/logout***
+
+ Cette méthode permet de déconnecter l'utilisateur et de gérer le processus de déconnexion avec le SSO.
+
+>#### Fonctionnement
+>Lorsque l'utilisateur souhaite se déconnecter, il accède à l'endpoint /auth/logout.
+La méthode logout est appelée, qui génère une URL de demande de déconnexion SAML.
+La session de l'utilisateur est détruite, et l'utilisateur est redirigé vers l'URL de déconnexion pour finaliser le processus.
diff --git a/packages/generic/sso/README.md b/packages/generic/sso/README.md
new file mode 100644
index 000000000..717d33fc7
--- /dev/null
+++ b/packages/generic/sso/README.md
@@ -0,0 +1,294 @@
+
+**EN** | [FR](README.fr.md)
+
+# SSO Module
+
+This service implements Single Sign-On (SSO) using **SAML 2**, built on the **NestJS** framework and the `samlify` library.
+It facilitates authentication with Identity Providers (IdP) such as **Keycloak**, **Pages Blanches**, or any other SAML-compatible provider.
+The service utilizes the **SAMLify** library to interface with SSO, simplifying the management of SAML requests and responses.
+
+## Workflow
+
+The diagram below illustrates the interaction between the Label application and the Pages Blanches SSO for authentication.
+
+
+
+1. When a user initiates access to LABEL, the frontend communicates with the backend to check the user’s authentication status. If the user is not authenticated, the backend initiates a redirect to the identity provider (IdP), passing the necessary authentication parameters.
+
+
+2. The user is then prompted to log in via the SSO page. Upon successful authentication, the identity provider generates a SAML assertion and sends it to LABEL's backend via the Assertion Consumer Service (ACS) URL.
+
+
+3. The backend processes and validates the SAML assertion to ensure data integrity and verify the authenticity of the digital signature
+
+
+4. After validation, access to secured resources is granted, allowing the user to continue their authenticated session.
+
+
+
+## Prerequisites
+
+- **Node.js** (version 16 or higher)
+- **NestJS**
+- **SAMLify**: Library for managing interactions with SAML 2.
+- A **SAML 2.0 compatible Identity Provider (IdP)** (e.g., Keycloak, Pages Blanches).
+- The `sso_idp_metadata.xml` file containing the Identity Provider configuration.
+- The `.env` file that holds the necessary environment variables for the module.
+
+## Technologies
+
+- **NestJS**: A framework for building efficient Node.js applications.
+- **TypeScript**: A programming language that adds static typing.
+- **Jest**: A testing framework for JavaScript.
+- **Prettier**: A code formatting tool.
+- **ESLint**: A linting tool for identifying and reporting patterns in JavaScript code.
+
+## Dependencies
+
+The SSO module requires the following dependencies:
+- `@nestjs/common`
+- `@nestjs/core`
+- `@nestjs/config`
+- `@authenio/samlify-node-xmllint`
+- `@nestjs/platform-express`
+- `body-parser`
+- `dotenv`
+- `reflect-metadata`
+- `samlify`
+
+### Installation Prerequisites
+
+1. Install [nvm](https://github.com/nvm-sh/nvm) to manage Node.js versions.
+2. Run the following command to install the required Node.js version:
+
+ ```bash
+ nvm install
+
+### Installation
+
+To install the necessary packages for the application, open a terminal and execute the following command:
+
+```bash
+npm install
+```
+
+## Configuration
+### Environment Variables
+Configure the environment variables required for the SSO module in the [docker.env.example](../../../docker.env.example) / [.env.example](../../../.env.example) file located at the root of the main project. Rename this file to docker.env or .env as necessary, and adjust the environment variables as needed.
+
+
+# Service Provider (SP) Configuration
+Specific instructions for configuring the Identity Provider (IdP) and the Service Provider (SP) can be found in the following document: `MANU_SSO_Configuration_IDP_SAML_VM_Test_V1.1.odt`
+
+- SSO_SP_ENTITY_ID: Unique identifier for the SP (e.g., SP-LABEL).
+- SSO_SP_ASSERTION_CONSUMER_SERVICE_LOCATION: URL where the SP receives SAML assertions after authentication.
+- SSO_SP_PRIVATE_KEY: Private key of the Service Provider used for signing and decrypting SAML messages exchanged with the Identity Provider.
+
+### Generating a Private Key and Self-Signed Certificate for SAML
+
+This section details the steps needed to generate a private key and a self-signed certificate using OpenSSL, which can be used to set up a Service Provider (SP) in a SAML environment.
+
+**Self-signed certificates are typically suitable for development or testing environments. For production use, it is highly recommended to obtain a certificate from a trusted Certificate Authority (CA) to ensure secure and trusted communication.**
+
+#### Prérequis
+
+- **OpenSSL**: Verify that OpenSSL is installed on your system. It can be downloaded from the official website or installed via a package manager.
+
+#### Étapes de Génération
+
+1. **Installer OpenSSL**:
+
+```sh
+ sudo apt-get update
+ sudo apt-get install openssl
+```
+2. **Generate a Private Key**
+```sh
+ openssl genrsa -out privatekey.pem 2048
+```
+3. **Generate a Self-Signed Certificate**
+
+Use the private key to create a self-signed certificate
+```sh
+ openssl req -new -x509 -key privatekey.pem -out certificate.pem
+```
+Integrate the private key and the self-signed certificate into your application configuration. For example, in your SAML configuration file
+```typescript
+const spProps = {
+ entityID: process.env.SSO_SP_ENTITY_ID,
+ assertionConsumerService: [
+ {
+ Binding: samlify.Constants.namespace.binding.post,
+ Location: process.env.SSO_SP_ASSERTION_CONSUMER_SERVICE_LOCATION,
+ },
+ ],
+ privateKey: fs.readFileSync('path/to/privatekey.pem', 'utf8'),
+ signingCert: fs.readFileSync('path/to/certificate.pem', 'utf8'),
+ authnRequestsSigned: true,
+ wantAssertionsSigned: true,
+};
+```
+
+## Identity Provider (IdP) Configuration
+- SSO_IDP_METADATA: XML file containing the IdP metadata (Entity ID, certificates, endpoints).
+- SSO_IDP_SINGLE_SIGN_ON_SERVICE_LOCATION: URL where the Service Provider redirects users for authentication.
+- SSO_IDP_SINGLE_LOGOUT_SERVICE_LOCATION: URL for user logout.
+
+
+## Scripts
+- The following scripts are available in `package.json` :
+
+| Commande | Description |
+|--------------------|---------------------------------------------------------------------------------|
+| `build` | Cleans and compiles the NestJS application. |
+| `compile` | Compiles the NestJS application. |
+| `format` | Checks the code formatting with Prettier. |
+| `lint` | Checks TypeScript code with ESLint. |
+| `test` | Runs unit and integration tests. |
+| `test:watch` | Executes tests in interactive mode with change monitoring. |
+| `test:coverage` | Runs tests while generating a coverage report. |
+| `fix` | Corrects formatting errors with ESLint and Prettier. |
+
+## Testing
+- To run the tests, use the following command:
+
+```bash
+npm run test
+```
+
+- To run the tests in interactive mode, execute:
+
+```bash
+ npm run test:watch
+ ```
+
+- To run the tests with coverage reporting, execute:
+
+```bash
+ npm run test:cov
+ ```
+
+## Features
+
+### Metadata Generation
+
+
+
+>The ***generateMetadata()*** method allows for the generation and retrieval of the Service Provider (SP) metadata.
+
+
+### Creating a Login Request URL
+
+
+>The ***createLoginRequestUrl()*** method generates a URL to initiate the login process via SAML 2..
+
+
+### Parsing and Handling SAML 2 Responses
+
+
+>The ***parseResponse()*** method parses and processes the SAML response received from the IdP after a login attempt.
+
+
+### Creating a Logout Request URL
+
+
+>The ***createLogoutRequestUrl(user)*** method generates a logout URL based on user information (nameID).
+
+
+## Usage
+The following example illustrates the use of the SSO module within a NestJS application.
+
+
+### Session Management
+Example implementation of user session management with express-session.
+
+#### Installation
+```sh
+npm install express-session
+```
+
+#### Configuring the Session
+In your NestJS application, configure express-session in the main file (e.g., main.ts) as follows::
+```typescript
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+import * as session from 'express-session';
+
+async function bootstrap() {
+ const app = await NestFactory.create(AppModule);
+
+ app.use(session({
+ secret: 'votre_secret', // Replace with a strong secret.
+ resave: false,
+ saveUninitialized: false,
+ cookie: { secure: false }, // Set to true in production if you are using HTTPS.
+ }));
+
+ await app.listen(3000);
+}
+bootstrap();
+
+```
+
+#### Initialisation du service
+Integrate SamlService by injecting it into your NestJS controller or service for optimal usage.
+```typescript
+import { SamlService } from './saml.service';
+
+@Controller('auth')
+export class AuthController {
+ constructor(private readonly samlService: SamlService) {}
+
+ @Get('login')
+ async login(@Res() res: Response) {
+ const loginUrl = await this.samlService.createLoginRequestUrl();
+ return res.redirect(loginUrl);
+ }
+
+ @Post('sso/acs')
+ async handleSSO(@Req() req: Request) {
+ const response = await this.samlService.parseResponse(req);
+ req.session.user = response; // Register the user in the session.
+ return response; // Process the response according to your logic.
+ }
+
+ @Get('logout')
+ async logout(@Req() req: Request, @Res() res: Response) {
+ const logoutUrl = await this.samlService.createLogoutRequestUrl(req.session.user);
+ req.session.destroy(); // Destroy the session.
+ return res.redirect(logoutUrl);
+ }
+
+}
+```
+
+1. **Login method**
+
+ Endpoint : ***GET /auth/login***
+
+ This method initiates the login process by redirecting the user to the SAML login request URL
+
+>##### Mechanism
+>When a user accesses the endpoint /auth/login, the login method is called.
+The method uses the SAML service (SamlService) to generate a login request URL.
+The user is then redirected to this URL to proceed with authentication.
+
+2. **SSO Response Handling Method**
+ Endpoint : ***POST /auth/sso/acs***
+
+ This method handles SSO responses after the user has authenticated.
+
+>#### Mechanism
+>When the user is authenticated, the SSO redirects to the endpoint /auth/sso/acs with a SAML response.
+The handleSSO method is called, which uses the SAML service to parse the response.
+The user's information is extracted from the response and stored in the session.
+
+3. **Logout Method**
+ Endpoint : ***GET /auth/logout***
+
+ This method allows the user to log out and manages the logout process with the SSO.
+
+>#### Mechanism
+>When the user wishes to log out, they access the endpoint /auth/logout.
+The logout method is called, which generates a SAML logout request URL.
+The user's session is destroyed, and the user is redirected to the logout URL to finalize the process.
diff --git a/packages/generic/sso/babel.config.json b/packages/generic/sso/babel.config.json
new file mode 100644
index 000000000..a1292bd52
--- /dev/null
+++ b/packages/generic/sso/babel.config.json
@@ -0,0 +1,21 @@
+{
+ "presets": [
+ [
+ "@babel/preset-env",
+ {
+ "targets": {
+ "node": "current"
+ }
+ }
+ ],
+ "@babel/preset-typescript"
+ ],
+ "plugins": [
+ [
+ "@babel/plugin-proposal-decorators",
+ {
+ "legacy": true
+ }
+ ]
+ ]
+}
diff --git a/packages/generic/sso/docs/images/LABEL_auth_workflow.png b/packages/generic/sso/docs/images/LABEL_auth_workflow.png
new file mode 100644
index 000000000..413a74cf0
Binary files /dev/null and b/packages/generic/sso/docs/images/LABEL_auth_workflow.png differ
diff --git a/packages/generic/sso/jest.config.json b/packages/generic/sso/jest.config.json
new file mode 100644
index 000000000..4438bafb9
--- /dev/null
+++ b/packages/generic/sso/jest.config.json
@@ -0,0 +1,18 @@
+{
+ "moduleFileExtensions": [
+ "js",
+ "json",
+ "ts"
+ ],
+ "rootDir": "src",
+ "testRegex": ".*\\.spec\\.ts$",
+ "transform": {
+ "^.+\\.(t|j)s$": "ts-jest"
+ },
+ "collectCoverageFrom": [
+ "**/*.(t|j)s"
+ ],
+ "coverageDirectory": "../coverage",
+ "testEnvironment": "node",
+ "setupFiles": []
+}
\ No newline at end of file
diff --git a/packages/generic/sso/package.json b/packages/generic/sso/package.json
new file mode 100644
index 000000000..4e9aa2fbd
--- /dev/null
+++ b/packages/generic/sso/package.json
@@ -0,0 +1,66 @@
+{
+ "name": "@label/sso",
+ "version": "1.0.0",
+ "description": "Module d'interface d'authentification SSO",
+ "author": "@open-groupe",
+ "license": "ISC",
+ "main": "dist/index",
+ "types": "dist/index",
+ "repository": {
+ "type": "git",
+ "url": "ssh://git@git.boost.open.global:443/cour_de_cassation/cassation_lab/label.git"
+ },
+ "files": [
+ "dist"
+ ],
+ "scripts": {
+ "test": "RUN_MODE=TEST jest --passWithNoTests",
+ "test:watch": "RUN_MODE=TEST jest --passWithNoTests --watch",
+ "test:coverage": "RUN_MODE=TEST jest --passWithNoTests --coverage",
+ "build": "yarn clean && yarn compile",
+ "clean": "rimraf -rf ./dist",
+ "clean:all": "rimraf -rf ./dist && rimraf -rf ./node_modules",
+ "compile": "tsc -p tsconfig.json",
+ "fix": "eslint 'src/**/*.{js,ts,tsx}' --quiet --fix",
+ "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
+ "lint": "eslint 'src/**/*.{js,ts,tsx}' --quiet"
+ },
+ "eslintConfig": {
+ "extends": "react-app"
+ },
+ "dependencies": {
+ "@authenio/samlify-node-xmllint": "^1.0.1",
+ "@nestjs/common": "^8.4.7",
+ "@nestjs/config": "^0.5.0",
+ "@nestjs/core": "8.4.7",
+ "@nestjs/platform-express": "7.6.18",
+ "body-parser": "^1.19.0",
+ "dotenv": "^16.4.5",
+ "reflect-metadata": "^0.2.1",
+ "samlify": "2.6.0"
+ },
+ "devDependencies": {
+ "@babel/cli": "^7.11.6",
+ "@babel/core": "^7.11.6",
+ "@babel/polyfill": "^7.11.5",
+ "@babel/preset-env": "^7.11.5",
+ "@babel/preset-typescript": "^7.10.4",
+ "@babel/plugin-proposal-decorators": "^7.10.5",
+ "@nestjs/testing": "^8.4.7",
+ "@types/body-parser": "^1.19.0",
+ "@types/jest": "^26.0.13",
+ "@types/supertest": "^2.0.8",
+ "@typescript-eslint/eslint-plugin": "^4.4.1",
+ "@typescript-eslint/parser": "^4.4.1",
+ "core-js": "^3.6.5",
+ "eslint": "7.7.0",
+ "eslint-config-prettier": "^6.12.0",
+ "eslint-plugin-prettier": "^3.1.4",
+ "jest": "24.9.0",
+ "prettier": "^2.1.2",
+ "rimraf": "^3.0.2",
+ "supertest": "^4.0.2",
+ "ts-jest": "^29.2.5",
+ "typescript": "~4.0.0"
+ }
+}
diff --git a/packages/generic/sso/src/api/saml/saml.service.spec.ts b/packages/generic/sso/src/api/saml/saml.service.spec.ts
new file mode 100644
index 000000000..965b16515
--- /dev/null
+++ b/packages/generic/sso/src/api/saml/saml.service.spec.ts
@@ -0,0 +1,164 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { SamlService } from './saml.service';
+import * as fs from 'fs';
+import * as samlify from 'samlify';
+import * as validator from '@authenio/samlify-node-xmllint';
+
+jest.mock('fs');
+jest.mock('samlify', () => {
+ const mockExtractor = {
+ loginResponseFields: jest.fn().mockReturnValue([]),
+ extract: jest.fn().mockReturnValue({
+ // Simuler la réponse extraite ici
+ samlContent: 'mock-saml-content',
+ fields: [],
+ attributes: { nom: 'Xx', prenom: 'Alain', role: ['ANNOTATEUR'], email: 'mail.573@justice.fr', name: 'Xx Alain' },
+ }),
+ };
+
+ return {
+ // Autres méthodes de samlify
+ ServiceProvider: jest.fn().mockReturnValue({
+ getMetadata: jest.fn().mockReturnValue('(SamlService);
+ });
+
+ it('should be defined', () => {
+ expect(service).toBeDefined();
+ });
+
+ it('should generate metadata', () => {
+ const metadata = service.generateMetadata();
+ expect(metadata).toEqual(';
+ } = samlify.Extractor.extract(samlContent, extractFields) as {
+ nameID?: string;
+ sessionIndex?: string;
+ attributes?: Record;
+ };
+
+ const roleKey = process.env.SSO_ATTRIBUTE_ROLE || 'role';
+ const appName = process.env.SSO_APP_NAME || '';
+
+ if (extract.attributes) {
+ const roleKeyValue = extract.attributes[roleKey];
+
+ const normalizedRoles = Array.isArray(roleKeyValue) ? roleKeyValue : roleKeyValue ? [roleKeyValue] : [];
+
+ extract.attributes[roleKey] = normalizedRoles
+ .filter((role) => role.includes(appName))
+ .map((role) => role.replace(`${appName}:`, ''));
+ }
+
+ return {
+ samlContent,
+ extract,
+ };
+ }
+
+ async createLogoutRequestUrl(user: { nameID: string; sessionIndex: string }) {
+ return this.sp.createLogoutRequest(this.idp, 'redirect', {
+ logoutNameID: user.nameID,
+ id: user.sessionIndex,
+ nameIDFormat: process.env.SSO_NAME_ID_FORMAT,
+ sessionIndex: user.sessionIndex,
+ signRequest: true,
+ signatureAlgorithm: process.env.SSO_SIGNATURE_ALGORITHM,
+ });
+ }
+}
diff --git a/packages/generic/sso/src/index.ts b/packages/generic/sso/src/index.ts
new file mode 100644
index 000000000..36336d050
--- /dev/null
+++ b/packages/generic/sso/src/index.ts
@@ -0,0 +1 @@
+export * from './api/saml/saml.service';
diff --git a/packages/generic/sso/tsconfig.json b/packages/generic/sso/tsconfig.json
new file mode 100644
index 000000000..5680259f7
--- /dev/null
+++ b/packages/generic/sso/tsconfig.json
@@ -0,0 +1,16 @@
+{
+ "compilerOptions": {
+ "module": "commonjs",
+ "declaration": true,
+ "removeComments": true,
+ "emitDecoratorMetadata": true,
+ "experimentalDecorators": true,
+ "allowSyntheticDefaultImports": true,
+ "target": "ES2020",
+ "sourceMap": true,
+ "outDir": "./dist",
+ "baseUrl": "./",
+ "incremental": true,
+ "skipLibCheck": true
+ }
+}
\ No newline at end of file
diff --git a/sso_files/certificate.pem b/sso_files/certificate.pem
new file mode 100644
index 000000000..6bb6844e2
--- /dev/null
+++ b/sso_files/certificate.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIUGROx096mS1jemzv+M6W7N/KrhJowDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDEwMDcxMTE0NDFaFw0yNDEx
+MDYxMTE0NDFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC9bs3r/g6KZ7PlsPYSEt4O84pFZpMHGGnGdPVULNgT
+2mSacPYEYc3G+qfrGjZ673Yk9mfRe2CnvQaKD4SoDlXGEwrSus1j/fNqzdu6XsVv
+hQSzjX8gwWb9DaRxpI+wHMqSqP4vcKP8u/R7Zgjb5NnHxZ5tE3GNH+MsuoKeo5ev
+ck8eb9k0jbh4BNmwsRXu9rwB9at1N4AMCl1NTcBRGYs6HDeRJF9LsDMhOo3pDHR4
+Wi6i/DkAp6GqmMf0IFvWLpjQNZNdJBszP+S/cc3L8X3aZtx1sAmGDI75y5Y06wRV
+29C5CJnGb3MtS8jZDqEof9m8vrtw11p2nn4IOzrF089HAgMBAAGjUzBRMB0GA1Ud
+DgQWBBRj8buUgMEU/NS2o9e7gvn9H+Yb4zAfBgNVHSMEGDAWgBRj8buUgMEU/NS2
+o9e7gvn9H+Yb4zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBu
+gXRYq77BrFe9Q0d4Jxwc/1Mrw4sa8O4Bk+tMaxkdO2/X7/PMXxJKqSeDqtLfnc4v
+2BZWSuYpDP4zuUmXbLo9irME05RaObvPXsjjeUIwBpY0u10RlgufTxZlhpq4spIn
+qtyOQw6WcgRjVLlfqzNUJE6ancUM326qnAnX344+iBUiD495vLQ41MKRJrmJV6G2
+7xZHsDbZCEQ/6V+otz1fh69FFcvXI37ufipb54PWO0oWSot5/b+iok22e7Qac/51
+ZDGUoisvww3FjPkt9325EzXlZbe4TC7ouZnkVyy7R7it8dSmH7or+UmdwRUkqrNx
+lTghkmPqil3zLWUOV0at
+-----END CERTIFICATE-----
diff --git a/sso_files/descriptor.txt b/sso_files/descriptor.txt
new file mode 100644
index 000000000..c1540fe17
--- /dev/null
+++ b/sso_files/descriptor.txt
@@ -0,0 +1 @@
+dXjGiBQM-RFDe5r-73YijXUff7SQPhMLMCuqeI-xKVw MIICnTCCAYUCBgGUvbGhrTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdtb2NrU1NPMB4XDTI1MDEzMTE4NDcwMloXDTM1MDEzMTE4NDg0MlowEjEQMA4GA1UEAwwHbW9ja1NTTzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPYd012W2ajvV+DjHGU9H5TWDHJJ5MiQDHud/uhVDPRlPGOXCFv4JMs55KXd4tjlFJHIpTrOSZrQ6KXTf5fHukP+jwFHNmWbNCWq/pZn/JwfxfSZK9BdYu6VQIaD9tWUpO7ClI8V7tgX6+QLfNkRBkxpCm2A6c/dwVMWmBORlUJFOos+1+wBAD6iCowHQYV7f4l/A1EeXqLEyvn/b+6+DgFIjhXIo+01Op4qRyl1v+J+L3AWUKhmWrzpz8o6uUZxCvfNYWQGrhocz47v24bNusYPQNyu+PsAcLj7QjG1egS8TJkSMgokIYNNkEEEQa9syvWDZJzy2/3F92TBnNHijf8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA3pOUWm83H3Xy8h3/km6q94LGZ9dmJ6p3FT3rBzm9MIQN+q+eCkehPXdQuzMMlHgvlCX1jfax4MnhXGgFwdL9D0gFfT+KzgGS8Cv0Gzg88m7e5wD11wBhJ5j9gw4K/dtLfjgHZAdJPGX7kxaZHeIZMr1KyqeXjn+AqIhV8+Xk199ZOlNb454VSNBj+4uUxptm0z4p3WkJ33mehq+aRQe2P+XQ36MIJC+cIEyumqClz6UHR9miPKap3AXOS+5wkZeTI3WWqAxedmJ2Gp+QLtH++gxBh7/ENoY/y5eTKPiEEfJ6+ucIpqcaYjODLiMB9DpI9C+TzKZ7H0UGZD9KXvE0wg== urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+
+
+
+nujwbKvmA_vsAlZfUh1FNTxFUzKiiUswe2c9Xrin314
+
+ MIICmzCCAYMCBgGUvMgDBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjUwMTMxMTQzMTUyWhcNMzUwMTMxMTQzMzMyWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMVXixE+OVEgPn2VmNpk/u1uQDVE25y66SpiIJp9UQwlg3zxQr0XdYZ0kF404KqiONhJuMuw6ixZg5ZCqWdNnT9Nn8X+Kpn4ICzE/kkNtpuuhdLcBCwu6YPJebAXMez+Hvucx7n4kauNpt5qHYGvmWK+Hvy2T+HBuXMWn0ez+u55jVx5m8suzp9i3afzG5U5Mn4kGR2QK0/p9+InGjJBAtWPFnib9LlHA2venV1r6N0kYEDibVKBkKYWSTmaYVAIHvsms9f5dBKWAPKCdaXq4+sUYJEym1/o82+640aiWYlZNTF2nSzE+0aSgyeK1ZU+6Yg2Doo31UFzUyqZ5C9kWhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFSi9zKIw4oYd2B57G23nk1hyqUFmYqVSvcMggqYzs+GlafGWOaJebE+op+iwSAyvEhWXYVqnXRAelxZmH6CqBWJlvxWXlOkX0osc4muDbDsiE+KceDx9dDaQlpz1fSUa6lUTTgkksbqn7SrJ7+2VxH9eaY1fS2U6FNnfgttNb3zXBIJMTNaMJuFdkPDnR92/JZMdoppuOKZ7WahGjB/YMXPIQaCSLa+deMA/5iCDUbSbmAeHtG4bf2jljy0/gQT9AwcbrhMk9Sc/G9HEnE1DoFD/ezJIhN/T/YeTuY7HKo0Ow9eje2ytjANWbnO0cawiMUfywU6EaIBPCU53X3vNlE=
+
+
+
+
+
+
+
+ MIICmzCCAYMCBgGUvMgDBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjUwMTMxMTQzMTUyWhcNMzUwMTMxMTQzMzMyWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMVXixE+OVEgPn2VmNpk/u1uQDVE25y66SpiIJp9UQwlg3zxQr0XdYZ0kF404KqiONhJuMuw6ixZg5ZCqWdNnT9Nn8X+Kpn4ICzE/kkNtpuuhdLcBCwu6YPJebAXMez+Hvucx7n4kauNpt5qHYGvmWK+Hvy2T+HBuXMWn0ez+u55jVx5m8suzp9i3afzG5U5Mn4kGR2QK0/p9+InGjJBAtWPFnib9LlHA2venV1r6N0kYEDibVKBkKYWSTmaYVAIHvsms9f5dBKWAPKCdaXq4+sUYJEym1/o82+640aiWYlZNTF2nSzE+0aSgyeK1ZU+6Yg2Doo31UFzUyqZ5C9kWhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFSi9zKIw4oYd2B57G23nk1hyqUFmYqVSvcMggqYzs+GlafGWOaJebE+op+iwSAyvEhWXYVqnXRAelxZmH6CqBWJlvxWXlOkX0osc4muDbDsiE+KceDx9dDaQlpz1fSUa6lUTTgkksbqn7SrJ7+2VxH9eaY1fS2U6FNnfgttNb3zXBIJMTNaMJuFdkPDnR92/JZMdoppuOKZ7WahGjB/YMXPIQaCSLa+deMA/5iCDUbSbmAeHtG4bf2jljy0/gQT9AwcbrhMk9Sc/G9HEnE1DoFD/ezJIhN/T/YeTuY7HKo0Ow9eje2ytjANWbnO0cawiMUfywU6EaIBPCU53X3vNlE=
+
+
+
+
+urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+
+
+
+
+
+ MIICmzCCAYMCBgGUvMgDBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjUwMTMxMTQzMTUyWhcNMzUwMTMxMTQzMzMyWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMVXixE+OVEgPn2VmNpk/u1uQDVE25y66SpiIJp9UQwlg3zxQr0XdYZ0kF404KqiONhJuMuw6ixZg5ZCqWdNnT9Nn8X+Kpn4ICzE/kkNtpuuhdLcBCwu6YPJebAXMez+Hvucx7n4kauNpt5qHYGvmWK+Hvy2T+HBuXMWn0ez+u55jVx5m8suzp9i3afzG5U5Mn4kGR2QK0/p9+InGjJBAtWPFnib9LlHA2venV1r6N0kYEDibVKBkKYWSTmaYVAIHvsms9f5dBKWAPKCdaXq4+sUYJEym1/o82+640aiWYlZNTF2nSzE+0aSgyeK1ZU+6Yg2Doo31UFzUyqZ5C9kWhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFSi9zKIw4oYd2B57G23nk1hyqUFmYqVSvcMggqYzs+GlafGWOaJebE+op+iwSAyvEhWXYVqnXRAelxZmH6CqBWJlvxWXlOkX0osc4muDbDsiE+KceDx9dDaQlpz1fSUa6lUTTgkksbqn7SrJ7+2VxH9eaY1fS2U6FNnfgttNb3zXBIJMTNaMJuFdkPDnR92/JZMdoppuOKZ7WahGjB/YMXPIQaCSLa+deMA/5iCDUbSbmAeHtG4bf2jljy0/gQT9AwcbrhMk9Sc/G9HEnE1DoFD/ezJIhN/T/YeTuY7HKo0Ow9eje2ytjANWbnO0cawiMUfywU6EaIBPCU53X3vNlE=
+
+
+
+
+
+
+
+ MIICmzCCAYMCBgGUvMgDBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjUwMTMxMTQzMTUyWhcNMzUwMTMxMTQzMzMyWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMVXixE+OVEgPn2VmNpk/u1uQDVE25y66SpiIJp9UQwlg3zxQr0XdYZ0kF404KqiONhJuMuw6ixZg5ZCqWdNnT9Nn8X+Kpn4ICzE/kkNtpuuhdLcBCwu6YPJebAXMez+Hvucx7n4kauNpt5qHYGvmWK+Hvy2T+HBuXMWn0ez+u55jVx5m8suzp9i3afzG5U5Mn4kGR2QK0/p9+InGjJBAtWPFnib9LlHA2venV1r6N0kYEDibVKBkKYWSTmaYVAIHvsms9f5dBKWAPKCdaXq4+sUYJEym1/o82+640aiWYlZNTF2nSzE+0aSgyeK1ZU+6Yg2Doo31UFzUyqZ5C9kWhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFSi9zKIw4oYd2B57G23nk1hyqUFmYqVSvcMggqYzs+GlafGWOaJebE+op+iwSAyvEhWXYVqnXRAelxZmH6CqBWJlvxWXlOkX0osc4muDbDsiE+KceDx9dDaQlpz1fSUa6lUTTgkksbqn7SrJ7+2VxH9eaY1fS2U6FNnfgttNb3zXBIJMTNaMJuFdkPDnR92/JZMdoppuOKZ7WahGjB/YMXPIQaCSLa+deMA/5iCDUbSbmAeHtG4bf2jljy0/gQT9AwcbrhMk9Sc/G9HEnE1DoFD/ezJIhN/T/YeTuY7HKo0Ow9eje2ytjANWbnO0cawiMUfywU6EaIBPCU53X3vNlE=
+
+
+
+
+urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
+urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
+urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
+urn:oasis:names:tc:SAML:2.0:nameid-format:entity
+urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+
+
+
+
+
+ MIICmzCCAYMCBgGUvMgDBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjUwMTMxMTQzMTUyWhcNMzUwMTMxMTQzMzMyWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMVXixE+OVEgPn2VmNpk/u1uQDVE25y66SpiIJp9UQwlg3zxQr0XdYZ0kF404KqiONhJuMuw6ixZg5ZCqWdNnT9Nn8X+Kpn4ICzE/kkNtpuuhdLcBCwu6YPJebAXMez+Hvucx7n4kauNpt5qHYGvmWK+Hvy2T+HBuXMWn0ez+u55jVx5m8suzp9i3afzG5U5Mn4kGR2QK0/p9+InGjJBAtWPFnib9LlHA2venV1r6N0kYEDibVKBkKYWSTmaYVAIHvsms9f5dBKWAPKCdaXq4+sUYJEym1/o82+640aiWYlZNTF2nSzE+0aSgyeK1ZU+6Yg2Doo31UFzUyqZ5C9kWhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFSi9zKIw4oYd2B57G23nk1hyqUFmYqVSvcMggqYzs+GlafGWOaJebE+op+iwSAyvEhWXYVqnXRAelxZmH6CqBWJlvxWXlOkX0osc4muDbDsiE+KceDx9dDaQlpz1fSUa6lUTTgkksbqn7SrJ7+2VxH9eaY1fS2U6FNnfgttNb3zXBIJMTNaMJuFdkPDnR92/JZMdoppuOKZ7WahGjB/YMXPIQaCSLa+deMA/5iCDUbSbmAeHtG4bf2jljy0/gQT9AwcbrhMk9Sc/G9HEnE1DoFD/ezJIhN/T/YeTuY7HKo0Ow9eje2ytjANWbnO0cawiMUfywU6EaIBPCU53X3vNlE=
+
+
+
+
+
+
+
+ MIICmzCCAYMCBgGUvMgDBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjUwMTMxMTQzMTUyWhcNMzUwMTMxMTQzMzMyWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMVXixE+OVEgPn2VmNpk/u1uQDVE25y66SpiIJp9UQwlg3zxQr0XdYZ0kF404KqiONhJuMuw6ixZg5ZCqWdNnT9Nn8X+Kpn4ICzE/kkNtpuuhdLcBCwu6YPJebAXMez+Hvucx7n4kauNpt5qHYGvmWK+Hvy2T+HBuXMWn0ez+u55jVx5m8suzp9i3afzG5U5Mn4kGR2QK0/p9+InGjJBAtWPFnib9LlHA2venV1r6N0kYEDibVKBkKYWSTmaYVAIHvsms9f5dBKWAPKCdaXq4+sUYJEym1/o82+640aiWYlZNTF2nSzE+0aSgyeK1ZU+6Yg2Doo31UFzUyqZ5C9kWhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFSi9zKIw4oYd2B57G23nk1hyqUFmYqVSvcMggqYzs+GlafGWOaJebE+op+iwSAyvEhWXYVqnXRAelxZmH6CqBWJlvxWXlOkX0osc4muDbDsiE+KceDx9dDaQlpz1fSUa6lUTTgkksbqn7SrJ7+2VxH9eaY1fS2U6FNnfgttNb3zXBIJMTNaMJuFdkPDnR92/JZMdoppuOKZ7WahGjB/YMXPIQaCSLa+deMA/5iCDUbSbmAeHtG4bf2jljy0/gQT9AwcbrhMk9Sc/G9HEnE1DoFD/ezJIhN/T/YeTuY7HKo0Ow9eje2ytjANWbnO0cawiMUfywU6EaIBPCU53X3vNlE=
+
+
+
+
+urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
+urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
+urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
+urn:oasis:names:tc:SAML:2.0:nameid-format:entity
+urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+
+
diff --git a/sso_files/privatekey.pem b/sso_files/privatekey.pem
new file mode 100644
index 000000000..1ab4e2df9
--- /dev/null
+++ b/sso_files/privatekey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvW7N6/4Oimez5bD2EhLeDvOKRWaTBxhpxnT1VCzYE9pkmnD2
+BGHNxvqn6xo2eu92JPZn0Xtgp70Gig+EqA5VxhMK0rrNY/3zas3bul7Fb4UEs41/
+IMFm/Q2kcaSPsBzKkqj+L3Cj/Lv0e2YI2+TZx8WebRNxjR/jLLqCnqOXr3JPHm/Z
+NI24eATZsLEV7va8AfWrdTeADApdTU3AURmLOhw3kSRfS7AzITqN6Qx0eFouovw5
+AKehqpjH9CBb1i6Y0DWTXSQbMz/kv3HNy/F92mbcdbAJhgyO+cuWNOsEVdvQuQiZ
+xm9zLUvI2Q6hKH/ZvL67cNdadp5+CDs6xdPPRwIDAQABAoIBAAQvdo1IR7n3IJpq
+loU/tXhPGTb/VTBK8ctYujLp6rxFjwN6i3T9VDaZQyyGn72HnOykJRcTysbp/kL+
+pMexyWNe+FY/mlojOkWZ1sj/Xw1fuwLclXp7y3K74m5AXIxflno3EaaqrnTfEj/H
+uVpibA1l6GIwk8mycqqCVHB83NUbf7g7I1fUfhfY24/LxaxkTZIFPBKiLV/CLTL8
+2czfpd1NwOLRMLgpLdMxx03DP4uaZfq7UNCBgDXnghWbGzZuzpZrKYNOpPYeNASh
+HMg4g1mvJCbcYpF5Q+u+4h/cgTDYNmSyX39ctkYxeOJotmH8M5eogBr1oCoBYroG
+TDMu9cECgYEA4Ror48HEbV2onQ44mnioZkraYKwhBsxuM8jyQJPShxuGK6PCgXua
+sQYooIVIR0RCwWZQ4hw2dwATVXRhB7nA3Eh2XwWCh5FedWDHIe5DvzYC0+aJJKTE
+AyrD2WsJMux6unZMo8qMkQSe7zkCFftWpRzvVKWzrKzyQ3zo/vnqdW0CgYEA129A
+f4gH5IBhSqmpBKBjNBEhSWT6L1v6DFET7ytXgR9cYLAykTLBAKAXJKGME/Kv5fci
+7vfVdbuLG1GR7JcfDw3NXDcSranOq6/K88NIsYY/pH4Vq0UGiBgU1+IrLdBhOMB6
+KJgi8p4cv3r+QpEfu7iLjci2OHXzhlEms8FzywMCgYEAxAKREzsH+x+iElhuy3uj
+T6eAbsuT2qKql2c0Iy1VFhbOhzOKzEtAUUOGnvhQDtaOtm+MoMdmWcr0CuZTE3IZ
+UPe8M1PN7JSVxunlnFMoJNk4LyJAa2sZz5QuhCTjFre6yqD2bW2TZze52Z8vhMqe
+ERqYAIJlaUgTkNa04EnociUCgYAQr5k7R3n1BMyET+e7aADHA5ykZqHKEUGouo7k
+s2KvqZIqGvuPq3KvbbbdK3YCBYYCNcYK5D8wQzpe/05iGMJbFCKXxdw4fzJ2scLy
+Zmm29kLvpqRfA5Wh7NuQbQATKFSfZKkRg9cRG5X2brxKw5rFm2GTtbwHW3tlJ9vr
+iExDqQKBgHnZUVLIU8u53L+wGe0hCf+RxS/kMXpe6gymvHPms2D2L9NYlWBee+7k
+QjPaBRMTxJivRfARDEgbYSatBVvXXq0njvdNpIIFjDGwr1ve18aD876yB6FIWY/V
+TeEKzppbu6I4Eyzyhg312AABxqEoiT8CI3R7e8KsM4D0vGaCdXRg
+-----END RSA PRIVATE KEY-----
diff --git a/sso_files/sp-keycloack-metadata.txt b/sso_files/sp-keycloack-metadata.txt
new file mode 100644
index 000000000..cc239d0be
--- /dev/null
+++ b/sso_files/sp-keycloack-metadata.txt
@@ -0,0 +1 @@
+nujwbKvmA_vsAlZfUh1FNTxFUzKiiUswe2c9Xrin314 MIICmzCCAYMCBgGUvMgDBzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjUwMTMxMTQzMTUyWhcNMzUwMTMxMTQzMzMyWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMVXixE+OVEgPn2VmNpk/u1uQDVE25y66SpiIJp9UQwlg3zxQr0XdYZ0kF404KqiONhJuMuw6ixZg5ZCqWdNnT9Nn8X+Kpn4ICzE/kkNtpuuhdLcBCwu6YPJebAXMez+Hvucx7n4kauNpt5qHYGvmWK+Hvy2T+HBuXMWn0ez+u55jVx5m8suzp9i3afzG5U5Mn4kGR2QK0/p9+InGjJBAtWPFnib9LlHA2venV1r6N0kYEDibVKBkKYWSTmaYVAIHvsms9f5dBKWAPKCdaXq4+sUYJEym1/o82+640aiWYlZNTF2nSzE+0aSgyeK1ZU+6Yg2Doo31UFzUyqZ5C9kWhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFSi9zKIw4oYd2B57G23nk1hyqUFmYqVSvcMggqYzs+GlafGWOaJebE+op+iwSAyvEhWXYVqnXRAelxZmH6CqBWJlvxWXlOkX0osc4muDbDsiE+KceDx9dDaQlpz1fSUa6lUTTgkksbqn7SrJ7+2VxH9eaY1fS2U6FNnfgttNb3zXBIJMTNaMJuFdkPDnR92/JZMdoppuOKZ7WahGjB/YMXPIQaCSLa+deMA/5iCDUbSbmAeHtG4bf2jljy0/gQT9AwcbrhMk9Sc/G9HEnE1DoFD/ezJIhN/T/YeTuY7HKo0Ow9eje2ytjANWbnO0cawiMUfywU6EaIBPCU53X3vNlE= urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
-
-
-
-
- updateField('firstName', firstName)}
- placeholder={wordings.workingUsersPage.createWorkingUserDrawer.fields.firstName}
- style={styles.field}
- />
-
-
- updateField('lastName', lastName)}
- placeholder={wordings.workingUsersPage.createWorkingUserDrawer.fields.lastName}
- style={styles.field}
- />
-
-
- updateField('email', email)}
- placeholder={wordings.workingUsersPage.createWorkingUserDrawer.fields.email}
- style={styles.field}
- />
-
-
-
- label={wordings.workingUsersPage.createWorkingUserDrawer.fields.role}
- error={!!formErrors.role}
- items={userModule.models.user.content.role.content.map((role) => ({
- text: wordings.business.userRoles[role],
- value: role,
- }))}
- onChange={(role: userType['role']) => updateField('role', role)}
- width={FIELD_WIDTH}
- />
-
-
-
-
-
- {wordings.workingUsersPage.createWorkingUserDrawer.createdWorkingUserPopup.createdWorkingUserConfirmation}
-
-
-{wordings.workingUsersPage.createWorkingUserDrawer.createdWorkingUserPopup.passwordIndication}
-
- -
- {props.password}
-
-
-
-
- {wordings.workingUsersPage.table.passwordResetSuccessPopup.passwordResetConfirmation}
-
-{wordings.workingUsersPage.table.passwordResetSuccessPopup.passwordIndication}
-
- -
- {props.password}
-
-
-
-
-
- );
-
- function buildUserFields() {
- const usersFields: Array
-
-
-
-
-
-
- {!!newPassword && setNewPassword(undefined)} />}
- {!!resetPasswordUserId && (
- setResetPasswordUserId(undefined)}
- onConfirm={buildOnConfirmResetPassword(resetPasswordUserId)}
- text={wordings.workingUsersPage.table.passwordResetConfirmationPopup.text}
- />
- )}
- {!!deleteUserId && (
- setDeleteUserId(undefined)}
- onConfirm={buildOnConfirmDeleteUser(deleteUserId)}
- text={wordings.workingUsersPage.table.deleteUserConfirmationPopup.text}
- />
- )}
-
-
- );
-
- function isRowMinored(workingUser: apiRouteOutType<'get', 'workingUsers'>[number]) {
- return !workingUser.isActivated;
- }
-
- function buildOnConfirmResetPassword(resetPasswordUserId: userType['_id']) {
- return () => {
- resetPasswordForUserId(resetPasswordUserId);
- setResetPasswordUserId(undefined);
- };
- }
-
- function buildOnConfirmDeleteUser(deleteUserId: userType['_id']) {
- return async () => {
- await apiCaller.post<'setDeletionDateForUser'>('setDeletionDateForUser', { userId: deleteUserId });
- setDeleteUserId(undefined);
- props.refetch();
- };
- }
-
- async function resetPasswordForUserId(userId: userType['_id']) {
- const { data: newPassword } = await apiCaller.post<'resetPassword'>('resetPassword', {
- userId,
- });
- setNewPassword(newPassword);
- }
-
- function buildOptionItems(workingUser: apiRouteOutType<'get', 'workingUsers'>[number]) {
- const toggleIsActivatedOptionItem = buildToggleIsActivatedOptionItem(workingUser);
- return [
- {
- kind: 'text' as const,
- text: wordings.workingUsersPage.table.optionItems.resetPassword,
- onClick: async () => setResetPasswordUserId(workingUser._id),
- iconName: 'key' as const,
- },
- toggleIsActivatedOptionItem,
- {
- kind: 'text' as const,
- text: wordings.workingUsersPage.table.optionItems.delete,
- onClick: () => {
- setDeleteUserId(workingUser._id);
- },
- iconName: 'delete' as const,
- },
- ];
- }
-
- function buildToggleIsActivatedOptionItem(user: apiRouteOutType<'get', 'workingUsers'>[number]) {
- const iconName: 'lock' | 'unlock' = user.isActivated ? 'lock' : 'unlock';
- const onClick = async () => {
- await apiCaller.post<'setIsActivatedForUser'>('setIsActivatedForUser', {
- isActivated: !user.isActivated,
- userId: user._id,
- });
- props.refetch();
- };
- const text = user.isActivated
- ? wordings.workingUsersPage.table.optionItems.deactivate
- : wordings.workingUsersPage.table.optionItems.activate;
- return { kind: 'text' as const, iconName, text, onClick };
- }
-
- function buildStyles() {
- return {
- container: {
- height: '100%',
- },
- };
- }
-}
diff --git a/packages/generic/client/src/pages/Admin/WorkingUsers/index.ts b/packages/generic/client/src/pages/Admin/WorkingUsers/index.ts
deleted file mode 100644
index 16e24a5ea..000000000
--- a/packages/generic/client/src/pages/Admin/WorkingUsers/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { WorkingUsers } from './WorkingUsers';
diff --git a/packages/generic/client/src/pages/DataFetcher.tsx b/packages/generic/client/src/pages/DataFetcher.tsx
index 6624113b9..f1c08386b 100644
--- a/packages/generic/client/src/pages/DataFetcher.tsx
+++ b/packages/generic/client/src/pages/DataFetcher.tsx
@@ -1,7 +1,6 @@
import React, { ReactElement } from 'react';
import { Route, Redirect } from 'react-router-dom';
import { handleFetchedData } from '../api';
-import { localStorage } from '../services/localStorage';
import { ErrorPage } from './ErrorPage';
import { LoadingPage } from './LoadingPage';
@@ -23,8 +22,6 @@ function DataFetcher
+ Redirection vers SSO...
);
- async function handleSubmit({ email, password }: { email: string; password: string }) {
- const {
- data: { _id, email: userEmail, name, role, token, passwordTimeValidityStatus },
- } = await apiCaller.post<'login'>('login', { email, password });
- localStorage.bearerTokenHandler.set(token);
- localStorage.userHandler.set({ _id: idModule.lib.buildId(_id), email: userEmail, name, role });
- localStorage.userHandler.setPasswordTimeValidityStatus(passwordTimeValidityStatus);
- history.push(routes.DEFAULT.getPath());
- }
-
function buildStyles(theme: customThemeType) {
return {
mainContainer: {
diff --git a/packages/generic/client/src/pages/ResetPassword/ResetPassword.tsx b/packages/generic/client/src/pages/ResetPassword/ResetPassword.tsx
deleted file mode 100644
index 76e8c8c83..000000000
--- a/packages/generic/client/src/pages/ResetPassword/ResetPassword.tsx
+++ /dev/null
@@ -1,65 +0,0 @@
-import React, { useState } from 'react';
-import { useHistory } from 'react-router';
-import { customThemeType, useCustomTheme, ConfirmationPopup } from 'pelta-design-system';
-import { ResetPasswordForm } from '../../components';
-import { localStorage } from '../../services/localStorage';
-import { wordings } from '../../wordings';
-import { routes } from '../routes';
-
-export { ResetPassword };
-
-const FORM_WIDTH = 400;
-
-function ResetPassword() {
- const theme = useCustomTheme();
- const history = useHistory();
- const styles = buildStyles(theme);
- const [isInformationPopupOpen, setIsInformationPopupOpen] = useState(true);
-
- return (
-
- {isInformationPopupOpen && (
- setIsInformationPopupOpen(false)}
- />
- )}
-
- );
-
- function logout() {
- localStorage.userHandler.remove();
- localStorage.bearerTokenHandler.remove();
- history.push(routes.DEFAULT.getPath());
- }
-
- function onUpdatePassword() {
- history.push(routes.DEFAULT.getPath());
- }
-}
-
-function buildStyles(theme: customThemeType) {
- return {
- container: {
- flexDirection: 'column',
- display: 'flex',
- justifyContent: 'center',
- alignItems: 'center',
- height: '100vh',
- width: '100vw',
- },
- formContainer: {
- display: 'flex',
- flexDirection: 'column',
- minWidth: FORM_WIDTH,
- padding: theme.spacing * 6,
- paddingBottom: theme.spacing * 3,
- borderRadius: theme.shape.borderRadius.m,
- boxShadow: theme.boxShadow.major.out,
- },
- } as const;
-}
diff --git a/packages/generic/client/src/pages/ResetPassword/index.ts b/packages/generic/client/src/pages/ResetPassword/index.ts
deleted file mode 100644
index 966b77748..000000000
--- a/packages/generic/client/src/pages/ResetPassword/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { ResetPassword } from './ResetPassword';
diff --git a/packages/generic/client/src/pages/router.tsx b/packages/generic/client/src/pages/router.tsx
index 002927999..9145f8334 100644
--- a/packages/generic/client/src/pages/router.tsx
+++ b/packages/generic/client/src/pages/router.tsx
@@ -4,7 +4,6 @@ import { localStorage } from '../services/localStorage';
import { wordings } from '../wordings';
import { AdminPage } from './Admin/AdminPage';
import { AdminInfosDataFetcher } from './Admin/AdminInfosDataFetcher';
-import { WorkingUsers } from './Admin/WorkingUsers';
import { DocumentInspector } from './Admin/DocumentInspector';
import { TreatedDocuments } from './Admin/TreatedDocuments';
import { ProblemReports } from './Admin/ProblemReports';
@@ -13,26 +12,24 @@ import { UntreatedDocuments } from './Admin/UntreatedDocuments';
import { AnonymizedDocument } from './AnonymizedDocument';
import { Home } from './Home';
import { Login } from './Login';
-import { ResetPassword } from './ResetPassword';
import { PublishableDocuments } from './PublishableDocuments';
import { SettingsDataFetcher } from './SettingsDataFetcher';
import { Statistics } from './Admin/Statistics';
import { defaultRoutes, routes } from './routes';
import { ToBeConfirmedDocuments } from './Admin/ToBeConfirmedDocuments';
import { Summary } from './Admin/Summary';
+import { CurrentUser, useCtxUser } from '../contexts/user.context';
export { Router };
function Router() {
+ const { user } = useCtxUser();
return (
-
- Loading...
;
+ }
+ return (
+ Loading...
;
+ }
+ return (
+ Loading...
;
+ }
+ return (
+
+
+1. Lorsqu'un utilisateur accède à LABEL, le frontend interroge le backend pour vérifier son authentification. Si l'utilisateur n'est pas authentifié, le backend redirige vers le fournisseur d'identité (IdP) avec les paramètres nécessaires.
+
+
+2. L'utilisateur se connecte sur la page SSO et, après authentification, le fournisseur d'identité génère et envoie une assertion SAML au backend de LABEL via l'URL de l'ACS.
+
+
+3. Le backend valide l'assertion SAML pour garantir l'intégrité des données et la conformité de la signature numérique.
+
+
+4. Après validation, l'accès aux ressources sécurisées est accordé, permettant à l'utilisateur de poursuivre sa session authentifiée.
+
+1. When a user initiates access to LABEL, the frontend communicates with the backend to check the user’s authentication status. If the user is not authenticated, the backend initiates a redirect to the identity provider (IdP), passing the necessary authentication parameters.
+
+
+2. The user is then prompted to log in via the SSO page. Upon successful authentication, the identity provider generates a SAML assertion and sends it to LABEL's backend via the Assertion Consumer Service (ACS) URL.
+
+
+3. The backend processes and validates the SAML assertion to ensure data integrity and verify the authenticity of the digital signature
+
+
+4. After validation, access to secured resources is granted, allowing the user to continue their authenticated session.
+
+