fix(services-bff): Bff fixes (#17222)

* fix(react-spa-bff): Enhance broadcaster with subpath handling (#17212) * feat: enhance session management with subpath handling Add subpath to NewSessionEvent and LogoutEvent types. Update BffProvider to include applicationBasePath in postMessage dependencies. Modify event handling to only act on events matching the current subpath, ensuring proper session management across multiple tabs/windows/iframes. * feat: update BffProvider to use bffBasePath consistently Add bffBasePath to broadcast messages for logout and new session events. Update event handling to match against bffBasePath instead of applicationBasePath. This ensures consistent behavior across different components and improves clarity in the event broadcasting mechanism. * remove from context * refactor: streamline BFF base path handling Update BffProvider to use a consistent BFF base path variable. This change improves clarity and ensures that broadcast events are filtered correctly by matching the BFF base path, preventing unintended interactions with other applications on the same domain. Adjust dependencies in useEffect hooks to reflect the new variable. * refactor: simplify BffPoller dependency array Update the BffPoller component to use bffBasePath directly in the dependency array of the useEffect hook. This change improves readability and ensures that the effect correctly responds to changes in theffBasePath variable * fix * refactor: rename bffBasePath to bffBaseUrl for clarity Update variable names from `bffBasePath` to `bffBaseUrl` to enhance clarity and consistency across the codebase. This change improves the understanding of the code explicitly indicating that the variable represents a base URL rather than a path. Adjust related comments and event types to reflect this change. * update deps * refactor(services-bff): Update failed login attempt data retrieval (#17213) * refactor(services-bff): improve login attempt data retrieval * fix(auth): simplify error handling in login process Remove unnecessary error code from redirect in the login process.
island-is · Dec 13, 2024 · 00953f6 · 00953f6
1 parent de143cb
commit 00953f6
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 26 deletions.
diff --git a/apps/services/bff/src/app/modules/auth/auth.service.ts b/apps/services/bff/src/app/modules/auth/auth.service.ts
@@ -277,14 +277,24 @@ export class AuthService {
       })
     }
 
-    let loginAttemptData: LoginAttemptData | undefined
+    const loginAttemptCacheKey = this.cacheService.createSessionKeyType(
+      'attempt',
+      query.state,
+    )
+    // Get login attempt data from the cache
+    const loginAttemptData = await this.cacheService.get<LoginAttemptData>(
+      loginAttemptCacheKey,
+      // Do not throw an error if the key is not found
+      false,
+    )
 
-    try {
-      // Get login attempt from cache
-      loginAttemptData = await this.cacheService.get<LoginAttemptData>(
-        this.cacheService.createSessionKeyType('attempt', query.state),
-      )
+    if (!loginAttemptData) {
+      this.logger.warn(this.cacheService.createKeyError(loginAttemptCacheKey))
 
+      return this.redirectWithError(res)
+    }
+
+    try {
       // Get tokens and user information from the authorization code
       const tokenResponse = await this.idsService.getTokens({
         code: query.code,

diff --git a/libs/react-spa/bff/src/lib/BffPoller.tsx b/libs/react-spa/bff/src/lib/BffPoller.tsx
@@ -46,6 +46,7 @@ export const BffPoller = ({
   const { signIn, bffUrlGenerator } = useBff()
   const userInfo = useUserInfo()
   const { postMessage } = useBffBroadcaster()
+  const bffBaseUrl = bffUrlGenerator()
 
   const url = useMemo(
     () => bffUrlGenerator('/user', { refresh: 'true' }),
@@ -86,12 +87,13 @@ export const BffPoller = ({
         postMessage({
           type: BffBroadcastEvents.NEW_SESSION,
           userInfo: newUser,
+          bffBaseUrl,
         })
 
         newSessionCb()
       }
     }
-  }, [newUser, error, userInfo, signIn, postMessage, newSessionCb])
+  }, [newUser, error, userInfo, signIn, postMessage, newSessionCb, bffBaseUrl])
 
   return children
 }
diff --git a/libs/react-spa/bff/src/lib/BffProvider.tsx b/libs/react-spa/bff/src/lib/BffProvider.tsx
@@ -43,25 +43,37 @@ export const BffProvider = ({
     authState === 'logging-out'
   const isLoggedIn = authState === 'logged-in'
   const oldLoginPath = `${applicationBasePath}/login`
+  const bffBaseUrl = bffUrlGenerator()
 
   const { postMessage } = useBffBroadcaster((event) => {
-    if (
-      isLoggedIn &&
-      event.data.type === BffBroadcastEvents.NEW_SESSION &&
-      isNewUser(state.userInfo, event.data.userInfo)
-    ) {
-      setSessionExpiredScreen(true)
-    } else if (event.data.type === BffBroadcastEvents.LOGOUT) {
-      // We will wait 1 seconds before we dispatch logout action.
-      // The reason is that IDS will not log the user out immediately.
-      // Note! The bff poller may have triggered logout by that time anyways.
-      setTimeout(() => {
-        dispatch({
-          type: ActionType.LOGGED_OUT,
-        })
-
-        signIn()
-      }, 1000)
+    /**
+     * Filter broadcast events by matching BFF base url
+     *
+     * Since the Broadcaster sends messages to all tabs/windows/iframes
+     * sharing the same origin (domain), we need to explicitly check if
+     * the message belongs to our specific BFF instance by comparing base urls.
+     * This prevents handling events meant for other applications/contexts
+     * running on the same domain.
+     */
+    if (event.data.bffBaseUrl === bffBaseUrl) {
+      if (
+        isLoggedIn &&
+        event.data.type === BffBroadcastEvents.NEW_SESSION &&
+        isNewUser(state.userInfo, event.data.userInfo)
+      ) {
+        setSessionExpiredScreen(true)
+      } else if (event.data.type === BffBroadcastEvents.LOGOUT) {
+        // We will wait 1 seconds before we dispatch logout action.
+        // The reason is that IDS will not log the user out immediately.
+        // Note! The bff poller may have triggered logout by that time anyways.
+        setTimeout(() => {
+          dispatch({
+            type: ActionType.LOGGED_OUT,
+          })
+
+          signIn()
+        }, 1000)
+      }
     }
   })
 
@@ -71,9 +83,10 @@ export const BffProvider = ({
       postMessage({
         type: BffBroadcastEvents.NEW_SESSION,
         userInfo: state.userInfo,
+        bffBaseUrl,
       })
     }
-  }, [postMessage, state.userInfo, isLoggedIn])
+  }, [postMessage, state.userInfo, isLoggedIn, bffBaseUrl])
 
   /**
    * Builds authentication query parameters for login redirection:
@@ -175,12 +188,13 @@ export const BffProvider = ({
     // Broadcast to all tabs/windows/iframes that the user is logging out
     postMessage({
       type: BffBroadcastEvents.LOGOUT,
+      bffBaseUrl,
     })
 
     window.location.href = bffUrlGenerator('/logout', {
       sid: state.userInfo.profile.sid,
     })
-  }, [bffUrlGenerator, postMessage, state.userInfo])
+  }, [bffUrlGenerator, postMessage, state.userInfo, bffBaseUrl])
 
   const switchUser = useCallback(
     (nationalId?: string) => {

diff --git a/libs/react-spa/bff/src/lib/bff.hooks.ts b/libs/react-spa/bff/src/lib/bff.hooks.ts
@@ -64,10 +64,12 @@ export enum BffBroadcastEvents {
 type NewSessionEvent = {
   type: BffBroadcastEvents.NEW_SESSION
   userInfo: BffUser
+  bffBaseUrl: string
 }
 
 type LogoutEvent = {
   type: BffBroadcastEvents.LOGOUT
+  bffBaseUrl: string
 }
 
 export type BffBroadcastEvent = NewSessionEvent | LogoutEvent