all files / src/ open-id-connect-authorize-step.ts

100% Statements 26/26
88.89% Branches 8/9
100% Functions 5/5
100% Lines 24/24
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53                                                          
import { autoinject } from 'aurelia-framework';
import {
  NavigationInstruction,
  Next,
  PipelineStep,
  Redirect,
} from 'aurelia-router';
import { UserManager } from 'oidc-client';
import OpenIdConnectConfigurationManager from './open-id-connect-configuration-manager';
import OpenIdConnectLogger from './open-id-connect-logger';
import OpenIdConnectRoles from './open-id-connect-roles';
 
@autoinject
export default class OpenIdConnectAuthorizeStep implements PipelineStep {
 
  constructor(
    private userManager: UserManager,
    private configuration: OpenIdConnectConfigurationManager,
    private logger: OpenIdConnectLogger) { }
 
  public async run(
    navigationInstruction: NavigationInstruction,
    next: Next): Promise<any> {
 
    const user = await this.userManager.getUser();
 
    // TODO: Make this open for extension,
    // so that user-land can configure multiple, arbitrary roles.
    Eif (this.requiresRole(navigationInstruction, OpenIdConnectRoles.Authenticated)) {
      if (user === null) {
        this.logger.debug('Requires authenticated role.');
        const redirect = new Redirect(this.configuration.unauthorizedRedirectRoute);
        return next.cancel(redirect);
      }
    }
 
    return next();
  }
 
  private requiresRole(
    navigationInstruction: NavigationInstruction,
    role: OpenIdConnectRoles): boolean {
 
    const instructions = navigationInstruction.getAllInstructions();
    return instructions.some((instruction) =>
      instruction !== undefined &&
      instruction.config !== undefined &&
      instruction.config.settings !== undefined &&
      instruction.config.settings.roles !== undefined &&
      instruction.config.settings.roles.includes(role));
  }
}