Merged in task/dspace-cris-2024_02_x/DSC-2401 (pull request DSpace#3348)

Andrea Barbasso · atarix83 · commit 7ac0ee9024e9 · 2025-06-27T10:51:37.000Z
[DSC-2401] add options to disable the standard login

Approved-by: Giuseppe Digilio
diff --git a/config/config.example.yml b/config/config.example.yml
@@ -135,6 +135,8 @@ auth:
     # If the rest token expires in less than this amount of time, it will be refreshed automatically.
     # This is independent from the idle warning.
     timeLeftBeforeTokenRefresh: 120000 # 2 minutes
+  # Standard login enabled
+  disableStandardLogin: false
 
 # Form settings
 form:
diff --git a/src/app/app-routes.ts b/src/app/app-routes.ts
@@ -4,6 +4,7 @@ import {
   RouterConfigOptions,
 } from '@angular/router';
 
+import { environment } from '../environments/environment';
 import { NOTIFICATIONS_MODULE_PATH } from './admin/admin-routing-paths';
 import {
   ACCESS_CONTROL_MODULE_PATH,
@@ -171,10 +172,20 @@ export const APP_ROUTES: Route[] = [
         providers: [provideSuggestionNotificationsState()],
         canActivate: [authenticatedGuard, endUserAgreementCurrentUserGuard],
       },
+      {
+        path: 'standard-login',
+        loadChildren: () => import('./login-page/login-page-routes').then((m) => m.ROUTES),
+        data: {
+          isBackDoor: true,
+        },
+      },
       {
         path: 'login',
-        loadChildren: () => import('./login-page/login-page-routes')
-          .then((m) => m.ROUTES),
+        loadChildren: () => import('./login-page/login-page-routes').then((m) => m.ROUTES),
+        data: {
+          isBackDoor: false,
+        },
+        canMatch: [() => !environment.auth.disableStandardLogin],
       },
       {
         path: 'logout',
diff --git a/src/app/shared/log-in/log-in.component.spec.ts b/src/app/shared/log-in/log-in.component.spec.ts
@@ -19,6 +19,7 @@ import { StoreModule } from '@ngrx/store';
 import { provideMockStore } from '@ngrx/store/testing';
 import { TranslateModule } from '@ngx-translate/core';
 import { of } from 'rxjs';
+import { AuthMethodType } from 'src/app/core/auth/models/auth.method-type';
 
 import { authReducer } from '../../core/auth/auth.reducer';
 import { AuthService } from '../../core/auth/auth.service';
@@ -140,6 +141,59 @@ describe('LogInComponent', () => {
       expect(loginContainers.length).toBe(2);
 
     });
+
+    it('returns only password method when backdoor is enabled', () => {
+      const authMethods = [
+        { authMethodType: AuthMethodType.Password, position: 1 },
+        { authMethodType: AuthMethodType.Ip, position: 2 },
+        { authMethodType: AuthMethodType.Shibboleth, position: 3 },
+      ];
+      const isBackdoor = true;
+      component.excludedAuthMethod = undefined;
+      const result = component.filterAndSortAuthMethods(authMethods, isBackdoor);
+      expect(result).toEqual([{ authMethodType: AuthMethodType.Password, position: 1 }]);
+    });
+
+    it('excludes password method when standard login is disabled', () => {
+      const authMethods = [
+        { authMethodType: AuthMethodType.Password, position: 1 },
+        { authMethodType: AuthMethodType.Shibboleth, position: 2 },
+      ];
+      component.excludedAuthMethod = undefined;
+      const result = component.filterAndSortAuthMethods(authMethods, false, true);
+      expect(result).toEqual([
+        { authMethodType: AuthMethodType.Shibboleth, position: 2 },
+      ]);
+    });
+
+    it('excludes methods based on excludedAuthMethod input', () => {
+      const authMethods = [
+        { authMethodType: AuthMethodType.Password, position: 1 },
+        { authMethodType: AuthMethodType.Ip, position: 2 },
+        { authMethodType: AuthMethodType.Shibboleth, position: 3 },
+      ];
+      const isBackdoor = false;
+      component.excludedAuthMethod = AuthMethodType.Ip;
+      const result = component.filterAndSortAuthMethods(authMethods, isBackdoor);
+      expect(result).toEqual([
+        { authMethodType: AuthMethodType.Password, position: 1 },
+        { authMethodType: AuthMethodType.Shibboleth, position: 3 },
+      ]);
+    });
+
+    it('sorts methods by position', () => {
+      const authMethods = [
+        { authMethodType: AuthMethodType.Password, position: 2 },
+        { authMethodType: AuthMethodType.Shibboleth, position: 1 },
+      ];
+      const isBackdoor = false;
+      component.excludedAuthMethod = undefined;
+      const result = component.filterAndSortAuthMethods(authMethods, isBackdoor);
+      expect(result).toEqual([
+        { authMethodType: AuthMethodType.Shibboleth, position: 1 },
+        { authMethodType: AuthMethodType.Password, position: 2 },
+      ]);
+    });
   });
 
 });
diff --git a/src/app/shared/log-in/log-in.component.ts b/src/app/shared/log-in/log-in.component.ts
@@ -10,15 +10,18 @@ import {
   OnDestroy,
   OnInit,
 } from '@angular/core';
-import { RouterLink } from '@angular/router';
+import {
+  ActivatedRoute,
+  RouterLink,
+} from '@angular/router';
 import {
   select,
   Store,
 } from '@ngrx/store';
 import { TranslateModule } from '@ngx-translate/core';
 import uniqBy from 'lodash/uniqBy';
 import {
-  combineLatest,
+  combineLatestWith,
   map,
   Observable,
   Subscription,
@@ -28,6 +31,7 @@ import {
   shareReplay,
 } from 'rxjs/operators';
 
+import { environment } from '../../../environments/environment';
 import {
   getForgotPasswordRoute,
   getRegisterRoute,
@@ -116,19 +120,20 @@ export class LogInComponent implements OnInit, OnDestroy {
 
   constructor(private store: Store<CoreState>,
               private authService: AuthService,
+              private route: ActivatedRoute,
               protected authorizationService: AuthorizationDataService,
   ) {
   }
 
   ngOnInit(): void {
     this.authMethods = this.store.pipe(
       select(getAuthenticationMethods),
-      map((methods: AuthMethod[]) => methods
-        // ignore the given auth method if it should be excluded
-        .filter((authMethod: AuthMethod) => authMethod.authMethodType !== this.excludedAuthMethod)
-        .filter((authMethod: AuthMethod) => rendersAuthMethodType(authMethod.authMethodType) !== undefined)
-        .sort((method1: AuthMethod, method2: AuthMethod) => method1.position - method2.position),
-      ),
+      combineLatestWith(
+        this.route.data.pipe(
+          filter(routeData => !!routeData),
+          map(data => data.isBackDoor),
+        )),
+      map(([methods, isBackdoor]) => this.filterAndSortAuthMethods(methods, isBackdoor, environment.auth.disableStandardLogin)),
       // ignore the ip authentication method when it's returned by the backend
       map((authMethods: AuthMethod[]) => uniqBy(authMethods.filter(a => a.authMethodType !== AuthMethodType.Ip), 'authMethodType')),
     );
@@ -149,11 +154,31 @@ export class LogInComponent implements OnInit, OnDestroy {
     this.canRegister$ = this.authorizationService.isAuthorized(FeatureID.EPersonRegistration);
 
     this.canForgot$ = this.authorizationService.isAuthorized(FeatureID.EPersonForgotPassword).pipe(shareReplay({ refCount: false, bufferSize: 1 }));
-    this.canShowDivider$ = combineLatest([this.canRegister$, this.canForgot$])
-      .pipe(
-        map(([canRegister, canForgot]) => canRegister || canForgot),
-        filter(Boolean),
-      );
+    this.canShowDivider$ = this.canRegister$.pipe(
+      combineLatestWith(this.canForgot$)
+      ,
+      map(([canRegister, canForgot]) => canRegister || canForgot),
+      filter(Boolean),
+    );
+  }
+
+  filterAndSortAuthMethods(authMethods: AuthMethod[], isBackdoor: boolean, isStandardLoginDisabled = false): AuthMethod[] {
+    return authMethods.filter((authMethod: AuthMethod) => {
+      const methodComparison = (authM) => {
+        if (isBackdoor) {
+          return authM.authMethodType === AuthMethodType.Password;
+        }
+        if (isStandardLoginDisabled) {
+          return authM.authMethodType !== AuthMethodType.Password;
+        }
+        return true;
+
+      };
+      return methodComparison(authMethod) &&
+          authMethod.authMethodType !== this.excludedAuthMethod &&
+          rendersAuthMethodType(authMethod.authMethodType) !== undefined;
+    },
+    ).sort((method1: AuthMethod, method2: AuthMethod) => method1.position - method2.position);
   }
 
   getRegisterRoute() {
diff --git a/src/config/auth-config.interfaces.ts b/src/config/auth-config.interfaces.ts
@@ -20,4 +20,7 @@ export interface AuthConfig extends Config {
     // This is independent from the idle warning.
     timeLeftBeforeTokenRefresh: number;
   };
+
+  // Whether the standard login form should be enabled.
+  disableStandardLogin?: boolean;
 }
diff --git a/src/config/default-app-config.ts b/src/config/default-app-config.ts
@@ -146,6 +146,7 @@ export class DefaultAppConfig implements AppConfig {
       // This is independent from the idle warning.
       timeLeftBeforeTokenRefresh: 2 * 60 * 1000, // 2 minutes
     },
+    disableStandardLogin: false, // Enable the standard login form
   };
 
   // Form settings
diff --git a/src/environments/environment.test.ts b/src/environments/environment.test.ts
@@ -97,6 +97,7 @@ export const environment: BuildConfig = {
       // This is independent from the idle warning.
       timeLeftBeforeTokenRefresh: 20000, // 20 sec
     },
+    disableStandardLogin: false,
   },
 
   // Form settings

Original file line number	Diff line number	Diff line change
`@@ -20,4 +20,7 @@ export interface AuthConfig extends Config {`
`20`	`20`	`// This is independent from the idle warning.`
`21`	`21`	`timeLeftBeforeTokenRefresh: number;`
`22`	`22`	`};`
	`23`	`+`
	`24`	`+ // Whether the standard login form should be enabled.`
	`25`	`+ disableStandardLogin?: boolean;`
`23`	`26`	`}`