Reconfigure auth with next-cas-client (#107)

uhawaii-system-its-ti-iam · Nov 12, 2024 · efe8fe0 · efe8fe0
1 parent 0dde260
commit efe8fe0
Show file tree

Hide file tree

Showing 68 changed files with 338 additions and 689 deletions.
diff --git a/ui/.env b/ui/.env
@@ -6,7 +6,7 @@ NEXT_PUBLIC_API_2_1_BASE_URL=http://localhost:8081/uhgroupingsapi/api/groupings/
 # =========================================================================
 # CAS.
 NEXT_PUBLIC_CAS_URL=https://cas-test.its.hawaii.edu/cas
-NEXT_PUBLIC_SAML_REQUEST_TEMPLATE=<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="%s" IssueInstant="%s"><samlp:AssertionArtifact>%s</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>
+NEXT_CAS_CLIENT_SAML_TOLERANCE=18000
 
 # =========================================================================
 # Table Properties.
@@ -15,6 +15,3 @@ NEXT_PUBLIC_PAGE_SIZE=20
 # =========================================================================
 # Test Properties.
 TEST_USER_A={ "name": "Testf-iwt-a TestIAM-staff", "firstName": "Testf-iwt-a", "lastName": "TestIAM-staff", "uid": "testiwta", "uhUuid": "99997010", "roles": [] }
-XML_SOAP_RESPONSE=<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><saml1p:Response xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="myserver.example.edu" IssueInstant="2018-05-03T19:50:56.390Z" MajorVersion="1" MinorVersion="1" ResponseID="_0044d5b611aac99d82cb9926281bbd30"><saml1p:Status><saml1p:StatusCode Value="saml1p:Success"/></saml1p:Status><saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_0b1889b7ce444ecbe8cfd131501c4f59" IssueInstant="2018-05-03T19:50:56.390Z" Issuer="localhost" MajorVersion="1" MinorVersion="1"><saml1:Conditions NotBefore="2018-05-03T19:50:56.390Z" NotOnOrAfter="2018-05-03T19:51:26.390Z"><saml1:AudienceRestrictionCondition><saml1:Audience>https://myserver.example.edu/myapp</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AuthenticationStatement AuthenticationInstant="2018-05-03T19:50:56.320Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><saml1:Subject><saml1:NameIdentifier>iam_0108</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject></saml1:AuthenticationStatement><saml1:AttributeStatement><saml1:Subject><saml1:NameIdentifier>testiwta</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject><saml1:Attribute AttributeName="mail" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">[email protected]</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="eduPersonAffiliation" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">staff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="uhUuid" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">99997010</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="givenName" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">Testf-iwt-a</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="eduPersonOrgDN" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">uhsystem</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="cn" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">Testf-iwt-a TestIAM-staff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="uid" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">testiwta</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="uhEmail" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">[email protected]</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="eduPersonPrincipalName" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">[email protected]</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="sn" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">TestIAM-staff</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="uhOrgAffiliation" AttributeNamespace="http://www.ja-sig.org/products/cas/"><saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">eduPersonOrgDN=uhsystem,eduPersonAffiliation=staff</saml1:AttributeValue></saml1:Attribute></saml1:AttributeStatement></saml1:Assertion></saml1p:Response></SOAP-ENV:Body></SOAP-ENV:Envelope>
-XML_SOAP_RESPONSE_REQUEST_DENIED=<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><saml1p:Response InResponseTo="fu4lt9kuex6.2024-03-02T04:22:20.681Z" IssueInstant="2024-03-02T04:21:52.029Z" MajorVersion="1" MinorVersion="1" ResponseID="_19a94ee2c5ebf35f62a6d482c2e23e9a" xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol"><saml1p:Status><saml1p:StatusCode Value="saml1p:RequestDenied"/><saml1p:StatusMessage>Ticket 'test' not recognized</saml1p:StatusMessage></saml1p:Status></saml1p:Response></SOAP-ENV:Body></SOAP-ENV:Envelope>
-IRON_SESSION_SECRET=IronSessionSecretForTestingAuthentication
diff --git a/ui/__mocks__/iron-session.ts b/ui/__mocks__/iron-session.ts
diff --git a/ui/__mocks__/next/headers.ts b/ui/__mocks__/next/headers.ts
diff --git a/ui/__mocks__/next/navigation.ts b/ui/__mocks__/next/navigation.ts
diff --git a/ui/jest.config.ts b/ui/jest.config.ts
@@ -1,26 +1,22 @@
-import type { Config } from 'jest'
-import nextJest from 'next/jest.js'
+import type { Config } from 'jest';
+import nextJest from 'next/jest.js';
 
 const createJestConfig = nextJest({
-    dir: './',
+    dir: './'
 });
 
 const config: Config = {
     clearMocks: true,
-    collectCoverageFrom: [
-        './src/**/*.ts*',
-    ],
+    collectCoverageFrom: ['./src/**/*.ts*'],
     coveragePathIgnorePatterns: [
-        './src/components/ui', // Ignore shadcn/ui components
+        './src/components/ui' // Ignore shadcn/ui components
     ],
     coverageReporters: ['json-summary', 'text', 'html'],
     testEnvironment: 'jsdom',
     testEnvironmentOptions: {
         customExportConditions: []
     },
-    setupFilesAfterEnv: [
-        '<rootDir>/tests/setup-jest.ts'
-    ],
+    setupFilesAfterEnv: ['<rootDir>/tests/setup-jest.ts'],
     moduleFileExtensions: ['ts', 'tsx', 'js', 'jsx', 'json', 'node'],
     moduleDirectories: ['node_modules', '<rootDir>'],
     moduleNameMapper: {

diff --git a/ui/package.json b/ui/package.json
@@ -28,20 +28,18 @@
         "@radix-ui/react-tabs": "^1.0.4",
         "@radix-ui/react-tooltip": "^1.1.2",
         "@tanstack/react-table": "^8.20.1",
-        "camaro": "^6.2.2",
         "class-variance-authority": "^0.7.0",
         "clsx": "^2.1.0",
         "dotenv": "^16.4.1",
-        "iron-session": "^8.0.1",
         "lucide-react": "^0.453.0",
         "next": "14.2.15",
+        "next-cas-client": "^1.2.2",
         "react": "^18",
         "react-dom": "^18",
         "react-hook-form": "^7.50.1",
         "react-idle-timer": "^5.7.2",
         "tailwind-merge": "^2.2.1",
         "tailwindcss-animate": "^1.0.7",
-        "uniqid": "^5.4.0",
         "usehooks-ts": "^3.1.0",
         "zod": "^3.22.4"
     },

diff --git a/ui/src/access/authentication.ts b/ui/src/access/authentication.ts
diff --git a/ui/src/access/saml-11-validator.ts b/ui/src/access/saml-11-validator.ts
diff --git a/ui/src/access/session.ts b/ui/src/access/session.ts
diff --git a/ui/src/access/user.ts b/ui/src/access/user.ts
diff --git a/ui/src/app/(home)/_components/after-login.tsx b/ui/src/app/(home)/_components/after-login.tsx
@@ -1,14 +1,14 @@
-import Role from '@/access/role';
+import Role from '@/lib/access/role';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import {faKey, faIdCard, faWrench, faUser} from '@fortawesome/free-solid-svg-icons';
+import { faKey, faIdCard, faWrench, faUser } from '@fortawesome/free-solid-svg-icons';
 import Link from 'next/link';
 import { Button } from '@/components/ui/button';
 import { getNumberOfGroupings, getNumberOfMemberships } from '@/lib/fetchers';
-import { getCurrentUser } from '@/access/authentication';
+import { getUser } from '@/lib/access/user';
 
 const AfterLogin = async () => {
     const [currentUser, numberOfGroupings, numberOfMemberships] = await Promise.all([
-        getCurrentUser(),
+        getUser(),
         getNumberOfGroupings(),
         getNumberOfMemberships()
     ]);
@@ -72,7 +72,11 @@ const AfterLogin = async () => {
                                     className="bg-blue-background rounded-full flex justify-center
                                     items-center h-[30px] w-[30px] absolute left-3 bottom-0 ml-16"
                                 >
-                                    <FontAwesomeIcon className="text-white stroke-none p-0.5" aria-label="key-round" icon={faKey} />
+                                    <FontAwesomeIcon
+                                        className="text-white stroke-none p-0.5"
+                                        aria-label="key-round"
+                                        icon={faKey}
+                                    />
                                 </div>
                             </div>
                         </div>
@@ -98,7 +102,12 @@ const AfterLogin = async () => {
                         <div key={index} className="flex flex-col justify-between">
                             <div>
                                 <div className="flex items-center mb-1">
-                                    <FontAwesomeIcon icon={pageInfoItem.icon} style={{ width: `${pageInfoItem.width}px`, height: `${pageInfoItem.height}px` }} className="mr-5 mb-4 max-w-${pageInfoItem.icon.width} h-auto text-text-primary" aria-label={pageInfoItem.ariaLabel} />
+                                    <FontAwesomeIcon
+                                        icon={pageInfoItem.icon}
+                                        style={{ width: `${pageInfoItem.width}px`, height: `${pageInfoItem.height}px` }}
+                                        className="mr-5 mb-4 max-w-${pageInfoItem.icon.width} h-auto text-text-primary"
+                                        aria-label={pageInfoItem.ariaLabel}
+                                    />
                                     {pageInfoItem.number !== null && (
                                         <span className="text-[2.5rem] text-text-color ">{pageInfoItem.number}</span>
                                     )}

diff --git a/ui/src/app/(home)/_components/login-button.tsx b/ui/src/app/(home)/_components/login-button.tsx
@@ -1,28 +1,18 @@
 'use client';
 
 import { Button } from '@/components/ui/button';
-import Role from '@/access/role';
-import User from '@/access/user';
-import { login, logout } from '@/access/authentication';
+import Role from '@/lib/access/role';
+import { login, logout } from 'next-cas-client';
+import { User } from '@/lib/access/user';
 
-const LoginButton = ({
-    currentUser
-}: {
-    currentUser: User;
-}) => (
+const LoginButton = ({ currentUser }: { currentUser: User }) => (
     <>
-        {!currentUser.roles.includes(Role.UH) ? (
-            <Button
-                size="lg"
-                variant="default"
-                onClick={() => login()}>
+        {!currentUser?.roles.includes(Role.UH) ? (
+            <Button size="lg" variant="default" onClick={() => login()}>
                 Login Here
             </Button>
         ) : (
-            <Button
-                size="lg"
-                variant="default"
-                onClick={() => logout()}>
+            <Button size="lg" variant="default" onClick={() => logout()}>
                 Logout
             </Button>
         )}

diff --git a/ui/src/app/(home)/page.tsx b/ui/src/app/(home)/page.tsx
@@ -1,13 +1,13 @@
 import Image from 'next/image';
 import BeforeLogin from '@/app/(home)/_components/before-login';
 import AfterLogin from '@/app/(home)/_components/after-login';
-import { getCurrentUser } from '@/access/authentication';
-import Role from '@/access/role';
+import Role from '@/lib/access/role';
 import LoginButton from '@/app/(home)/_components/login-button';
 import Announcements from '@/app/(home)/_components/announcements';
+import { getUser } from '@/lib/access/user';
 
 const Home = async () => {
-    const currentUser = await getCurrentUser();
+    const currentUser = await getUser();
 
     return (
         <main>

diff --git a/ui/src/app/api/cas/[client]/route.ts b/ui/src/app/api/cas/[client]/route.ts
@@ -0,0 +1,5 @@
+import { loadUser } from '@/lib/access/user';
+import { ValidatorProtocol } from 'next-cas-client';
+import { handleAuth } from 'next-cas-client/app';
+
+export const GET = handleAuth({ loadUser, validator: ValidatorProtocol.SAML11 });
diff --git a/ui/src/app/api/cas/login/route.ts b/ui/src/app/api/cas/login/route.ts
diff --git a/ui/src/app/api/cas/logout/route.ts b/ui/src/app/api/cas/logout/route.ts