From 00953f65a69e525fc920588eb022ada83f1b8ceb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sn=C3=A6r=20Seljan=20=C3=9E=C3=B3roddsson?= Date: Fri, 13 Dec 2024 09:22:08 +0000 Subject: [PATCH] fix(services-bff): Bff fixes (#17222) * fix(react-spa-bff): Enhance broadcaster with subpath handling (#17212) * feat: enhance session management with subpath handling Add subpath to NewSessionEvent and LogoutEvent types. Update BffProvider to include applicationBasePath in postMessage dependencies. Modify event handling to only act on events matching the current subpath, ensuring proper session management across multiple tabs/windows/iframes. * feat: update BffProvider to use bffBasePath consistently Add bffBasePath to broadcast messages for logout and new session events. Update event handling to match against bffBasePath instead of applicationBasePath. This ensures consistent behavior across different components and improves clarity in the event broadcasting mechanism. * remove from context * refactor: streamline BFF base path handling Update BffProvider to use a consistent BFF base path variable. This change improves clarity and ensures that broadcast events are filtered correctly by matching the BFF base path, preventing unintended interactions with other applications on the same domain. Adjust dependencies in useEffect hooks to reflect the new variable. * refactor: simplify BffPoller dependency array Update the BffPoller component to use bffBasePath directly in the dependency array of the useEffect hook. This change improves readability and ensures that the effect correctly responds to changes in theffBasePath variable * fix * refactor: rename bffBasePath to bffBaseUrl for clarity Update variable names from `bffBasePath` to `bffBaseUrl` to enhance clarity and consistency across the codebase. This change improves the understanding of the code explicitly indicating that the variable represents a base URL rather than a path. Adjust related comments and event types to reflect this change. * update deps * refactor(services-bff): Update failed login attempt data retrieval (#17213) * refactor(services-bff): improve login attempt data retrieval * fix(auth): simplify error handling in login process Remove unnecessary error code from redirect in the login process. --- .../bff/src/app/modules/auth/auth.service.ts | 22 +++++--- libs/react-spa/bff/src/lib/BffPoller.tsx | 4 +- libs/react-spa/bff/src/lib/BffProvider.tsx | 52 ++++++++++++------- libs/react-spa/bff/src/lib/bff.hooks.ts | 2 + 4 files changed, 54 insertions(+), 26 deletions(-) diff --git a/apps/services/bff/src/app/modules/auth/auth.service.ts b/apps/services/bff/src/app/modules/auth/auth.service.ts index 4c8ee5b5b02b..282cbf868f7b 100644 --- a/apps/services/bff/src/app/modules/auth/auth.service.ts +++ b/apps/services/bff/src/app/modules/auth/auth.service.ts @@ -277,14 +277,24 @@ export class AuthService { }) } - let loginAttemptData: LoginAttemptData | undefined + const loginAttemptCacheKey = this.cacheService.createSessionKeyType( + 'attempt', + query.state, + ) + // Get login attempt data from the cache + const loginAttemptData = await this.cacheService.get( + loginAttemptCacheKey, + // Do not throw an error if the key is not found + false, + ) - try { - // Get login attempt from cache - loginAttemptData = await this.cacheService.get( - this.cacheService.createSessionKeyType('attempt', query.state), - ) + if (!loginAttemptData) { + this.logger.warn(this.cacheService.createKeyError(loginAttemptCacheKey)) + return this.redirectWithError(res) + } + + try { // Get tokens and user information from the authorization code const tokenResponse = await this.idsService.getTokens({ code: query.code, diff --git a/libs/react-spa/bff/src/lib/BffPoller.tsx b/libs/react-spa/bff/src/lib/BffPoller.tsx index 8374bbcdc5b0..fbd878938b8f 100644 --- a/libs/react-spa/bff/src/lib/BffPoller.tsx +++ b/libs/react-spa/bff/src/lib/BffPoller.tsx @@ -46,6 +46,7 @@ export const BffPoller = ({ const { signIn, bffUrlGenerator } = useBff() const userInfo = useUserInfo() const { postMessage } = useBffBroadcaster() + const bffBaseUrl = bffUrlGenerator() const url = useMemo( () => bffUrlGenerator('/user', { refresh: 'true' }), @@ -86,12 +87,13 @@ export const BffPoller = ({ postMessage({ type: BffBroadcastEvents.NEW_SESSION, userInfo: newUser, + bffBaseUrl, }) newSessionCb() } } - }, [newUser, error, userInfo, signIn, postMessage, newSessionCb]) + }, [newUser, error, userInfo, signIn, postMessage, newSessionCb, bffBaseUrl]) return children } diff --git a/libs/react-spa/bff/src/lib/BffProvider.tsx b/libs/react-spa/bff/src/lib/BffProvider.tsx index f10534fc550e..a8917228a07e 100644 --- a/libs/react-spa/bff/src/lib/BffProvider.tsx +++ b/libs/react-spa/bff/src/lib/BffProvider.tsx @@ -43,25 +43,37 @@ export const BffProvider = ({ authState === 'logging-out' const isLoggedIn = authState === 'logged-in' const oldLoginPath = `${applicationBasePath}/login` + const bffBaseUrl = bffUrlGenerator() const { postMessage } = useBffBroadcaster((event) => { - if ( - isLoggedIn && - event.data.type === BffBroadcastEvents.NEW_SESSION && - isNewUser(state.userInfo, event.data.userInfo) - ) { - setSessionExpiredScreen(true) - } else if (event.data.type === BffBroadcastEvents.LOGOUT) { - // We will wait 1 seconds before we dispatch logout action. - // The reason is that IDS will not log the user out immediately. - // Note! The bff poller may have triggered logout by that time anyways. - setTimeout(() => { - dispatch({ - type: ActionType.LOGGED_OUT, - }) - - signIn() - }, 1000) + /** + * Filter broadcast events by matching BFF base url + * + * Since the Broadcaster sends messages to all tabs/windows/iframes + * sharing the same origin (domain), we need to explicitly check if + * the message belongs to our specific BFF instance by comparing base urls. + * This prevents handling events meant for other applications/contexts + * running on the same domain. + */ + if (event.data.bffBaseUrl === bffBaseUrl) { + if ( + isLoggedIn && + event.data.type === BffBroadcastEvents.NEW_SESSION && + isNewUser(state.userInfo, event.data.userInfo) + ) { + setSessionExpiredScreen(true) + } else if (event.data.type === BffBroadcastEvents.LOGOUT) { + // We will wait 1 seconds before we dispatch logout action. + // The reason is that IDS will not log the user out immediately. + // Note! The bff poller may have triggered logout by that time anyways. + setTimeout(() => { + dispatch({ + type: ActionType.LOGGED_OUT, + }) + + signIn() + }, 1000) + } } }) @@ -71,9 +83,10 @@ export const BffProvider = ({ postMessage({ type: BffBroadcastEvents.NEW_SESSION, userInfo: state.userInfo, + bffBaseUrl, }) } - }, [postMessage, state.userInfo, isLoggedIn]) + }, [postMessage, state.userInfo, isLoggedIn, bffBaseUrl]) /** * Builds authentication query parameters for login redirection: @@ -175,12 +188,13 @@ export const BffProvider = ({ // Broadcast to all tabs/windows/iframes that the user is logging out postMessage({ type: BffBroadcastEvents.LOGOUT, + bffBaseUrl, }) window.location.href = bffUrlGenerator('/logout', { sid: state.userInfo.profile.sid, }) - }, [bffUrlGenerator, postMessage, state.userInfo]) + }, [bffUrlGenerator, postMessage, state.userInfo, bffBaseUrl]) const switchUser = useCallback( (nationalId?: string) => { diff --git a/libs/react-spa/bff/src/lib/bff.hooks.ts b/libs/react-spa/bff/src/lib/bff.hooks.ts index b768ad209ba7..6ea26ab56973 100644 --- a/libs/react-spa/bff/src/lib/bff.hooks.ts +++ b/libs/react-spa/bff/src/lib/bff.hooks.ts @@ -64,10 +64,12 @@ export enum BffBroadcastEvents { type NewSessionEvent = { type: BffBroadcastEvents.NEW_SESSION userInfo: BffUser + bffBaseUrl: string } type LogoutEvent = { type: BffBroadcastEvents.LOGOUT + bffBaseUrl: string } export type BffBroadcastEvent = NewSessionEvent | LogoutEvent