@sinequa/atomic-angular 1.0.17 → 1.0.19

package/fesm2022/sinequa-atomic-angular.mjs

@@ -1,13 +1,13 @@
 import * as i0 from '@angular/core';
 import { Injectable, inject, HostBinding, Component, Pipe, InjectionToken, computed, ChangeDetectorRef, DestroyRef, LOCALE_ID, Inject, Optional, input, output, signal, effect, assertInInjectionContext, runInInjectionContext, EnvironmentInjector, Injector, EventEmitter, Directive, viewChild, ElementRef, afterNextRender, untracked, linkedSignal, model, TemplateRef, HostListener, Renderer2, contentChildren, contentChild, booleanAttribute, ChangeDetectionStrategy, resource, ViewContainerRef, viewChildren, numberAttribute, afterRenderEffect, afterEveryRender } from '@angular/core';
-import { BehaviorSubject, Subscription, catchError, throwError, firstValueFrom, map, Subject, of, tap, EMPTY, filter, shareReplay, fromEvent, debounceTime, from, switchMap } from 'rxjs';
+import { BehaviorSubject, Subscription, catchError, throwError, firstValueFrom, map, Subject, of, tap, EMPTY, filter, shareReplay, from, fromEvent, debounceTime, switchMap } from 'rxjs';
 import { TranslocoService, TranslocoPipe, provideTranslocoScope } from '@jsverse/transloco';
 import { DropdownComponent, DropdownContentComponent, InputComponent, ButtonComponent, cn, FaIconComponent, EllipsisIcon, ChevronRightIcon, MenuComponent, MenuContentComponent, MenuItemComponent, CardComponent, CardHeaderComponent, CardContentComponent, BadgeComponent, DialogComponent, DialogHeaderComponent, DialogTitleComponent, DialogContentComponent, DialogFooterComponent, ListItemComponent, SwitchComponent, SelectOptionDirective, DialogService, TabsComponent, TabsListComponent, TabComponent, ChevronLeftIconComponent, ChevronsLeftIconComponent, ChevronsRightIconComponent, Separator, SheetCloseDirective, SheetService, DateRangePickerDirective, DatepickerDirective, ButtonGroup, InputGroupInput, InputGroupComponent, InputGroupAddonComponent, SearchIcon, FilterIcon, LoadingCircleIconComponent, CircleCheckIconComponent, PopoverComponent, CardFooterComponent, BookmarkIcon, PopoverContentComponent, UserIcon, TrashIcon, FolderIcon, VerticalDividerComponent, BreakpointObserverService, HorizontalDividerComponent, FlagEnglishIconComponent, FlagFrenchIconComponent, EditIcon, UndoIcon, AvatarComponent, AvatarFallbackComponent, AvatarImageComponent } from '@sinequa/ui';
 import highlightWords from 'highlight-words';
 import { ActivatedRoute, Router, NavigationEnd, RouterLink, RouterModule } from '@angular/router';
 import { withDevtools } from '@angular-architects/ngrx-toolkit';
 import { signalStore, signalStoreFeature, withState, withMethods, patchState, getState, withComputed } from '@ngrx/signals';
-import { globalConfig, EngineType, extraColumns, sysLang, getQueryParamsFromUrl, clearSessionTokens, login, info, error, setGlobalConfig, initializeAppConfig, notify, addConcepts, queryParamsFromUrl, patchUserSettings, deleteUserSettings, fetchUserSettings, warn, buildPathsAndLevels, escapeExpr, isAuthenticated, isExpired, debug, AuditEventType, fetchSuggest, isObject, Audit, getMetadata, bisect, isNotInputEvent, fetchSponsoredLinks, fetchQuery, translateAggregationToDateOptions, aggItemRegex, parseValueAndOperatorFromItem, fetchSuggestField, fetchSimilarDocuments, logout, fetchChangePassword, fetchSendPasswordResetEmail, expiresSoon, suggestionsToTreeAggregationNodes, labels, fetchLabels, guid, getRelativeDate, createUserProfile, deleteUserProfileProperty, patchUserProfile, isJsonable, addAuditAdditionalInfo, getToken, setToken, createHeaders } from '@sinequa/atomic';
+import { globalConfig, EngineType, extraColumns, sysLang, fetchPrincipal, getQueryParamsFromUrl, clearSessionTokens, login, info, error, setGlobalConfig, initializeAppConfig, notify, addConcepts, queryParamsFromUrl, patchUserSettings, deleteUserSettings, fetchUserSettings, warn, buildPathsAndLevels, escapeExpr, isAuthenticated, isExpired, debug, AuditEventType, fetchSuggest, isObject, Audit, getMetadata, bisect, isNotInputEvent, fetchSponsoredLinks, fetchQuery, translateAggregationToDateOptions, aggItemRegex, parseValueAndOperatorFromItem, fetchSuggestField, fetchSimilarDocuments, logout, fetchChangePassword, fetchSendPasswordResetEmail, expiresSoon, suggestionsToTreeAggregationNodes, labels, fetchLabels, guid, getRelativeDate, createUserProfile, deleteUserProfileProperty, patchUserProfile, isJsonable, addAuditAdditionalInfo, getToken, setToken, createHeaders } from '@sinequa/atomic';
 import { HttpClient, HttpParams, httpResource, HttpResponse, HttpContextToken, HttpHeaders } from '@angular/common/http';
 import { takeUntilDestroyed, toSignal } from '@angular/core/rxjs-interop';
 import { DatePipe, DATE_PIPE_DEFAULT_TIMEZONE, DATE_PIPE_DEFAULT_OPTIONS, Location, NgTemplateOutlet, NgStyle, NgClass, NgComponentOutlet } from '@angular/common';
@@ -1314,26 +1314,24 @@ const PrincipalStore = signalStore({ providedIn: 'root' }, withDevtools('Princip
     }
 })), withPrincipalFeatures());
 function withPrincipalFeatures() {
-    return signalStoreFeature(withMethods((store) => {
-        const http = inject(HttpClient);
-        const API_URL = `${globalConfig.backendUrl}/api/v1`;
-        return {
-            initialize() {
-                patchState(store, { state: 'loading' });
-                const params = new HttpParams()
-                    .set('action', 'get')
-                    .set('noAuthentication', 'true');
-                return firstValueFrom(http.get(`${API_URL}/principal`, { params }).pipe(catchError((error) => {
-                    console.error('Principal fetch failed', error);
-                    patchState(store, { state: 'error' });
-                    throw error;
-                }), map((principal) => {
-                    const { userOverrideActive = false } = globalConfig;
-                    patchState(store, { ...initialPrincipal, ...principal, userOverrideActive, state: 'loaded' });
-                })));
+    return signalStoreFeature(withMethods((store) => ({
+        async initialize() {
+            patchState(store, { state: 'loading' });
+            try {
+                // Use the SDK's fetchPrincipal so the principal load goes through the same auth handling
+                // as the rest of atomic (credentials: "include" + the authMode-aware noAutoAuthentication
+                // flag). In SSO mode it sends noAutoAuthentication=false, letting IIS/Windows authenticate.
+                const principal = await fetchPrincipal();
+                const { userOverrideActive = false } = globalConfig;
+                patchState(store, { ...initialPrincipal, ...principal, userOverrideActive, state: 'loaded' });
             }
-        };
-    }));
+            catch (error) {
+                console.error('Principal fetch failed', error);
+                patchState(store, { state: 'error' });
+                throw error;
+            }
+        }
+    })));
 }
 
 /**
@@ -4587,17 +4585,14 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.25", ngImpo
  * @deprecated This service is deprecated and should not be used directly. Please use the PrincipalStore instead.
 */
 class PrincipalService {
-    http = inject(HttpClient);
-    API_URL = `${globalConfig.backendUrl}/api/v1`;
     /**
      * Retrieves the principal information from the server.
      *
      * @returns Observable<Principal> An observable that emits the principal information.
      *
      * @remarks
-     * This method sends a GET request to the API endpoint to fetch the principal data.
-     * It includes query parameters to specify the action and to indicate that no authentication is required.
-     * In case of an error, it logs the error to the console and returns an empty observable.
+     * Delegates to the SDK's fetchPrincipal so the request goes through atomic's auth handling
+     * (credentials + authMode-aware noAutoAuthentication). On error it logs and returns EMPTY.
      *
      * @example
      * ```typescript
@@ -4607,9 +4602,7 @@ class PrincipalService {
      * ```
      */
     getPrincipal() {
-        const params = new HttpParams().set('action', 'get');
-        params.append('noAuthentication', 'true');
-        return this.http.get(this.API_URL + '/principal', { params }).pipe(catchError(error => {
+        return from(fetchPrincipal()).pipe(catchError(error => {
             console.error('PrincipalService.getPrincipal failure - error: ', error);
             return EMPTY;
         }));
@@ -10937,6 +10930,12 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.25", ngImpo
                 }]
         }], propDecorators: { cancel: [{ type: i0.Output, args: ["cancel"] }], success: [{ type: i0.Output, args: ["success"] }], userName: [{ type: i0.Input, args: [{ isSignal: true, alias: "userName", required: false }] }, { type: i0.Output, args: ["userNameChange"] }] } });
 
+/**
+ * Mirrors @sinequa/atomic's `AUTH_REDIRECT_ATTEMPT_KEY` (src/authentication/constants.ts): the
+ * sessionStorage flag set right before a provider full-page redirect (`window.location.href`).
+ * Reading it lets us tell "an IdP redirect is under way" from "no session", without a blind timer.
+ */
+const AUTH_REDIRECT_ATTEMPT_KEY = "sinequa-auth-redirect-attempt";
 /**
  * Represents the LoginComponent class, which is responsible for handling the login functionality.
  * This component is used to authenticate users and manage the user's authentication status.
@@ -10978,6 +10977,13 @@ class SignInComponent {
     authenticated = signal(isAuthenticated(), ...(ngDevMode ? [{ debugName: "authenticated" }] : []));
     user = signal(getState(this.principalStore), ...(ngDevMode ? [{ debugName: "user" }] : []));
     expiresSoonNotified = signal(false, ...(ngDevMode ? [{ debugName: "expiresSoonNotified" }] : []));
+    /**
+     * Forces the credentials form to show even while `externalAuth` is true. Set when a silent
+     * SSO/browser auth attempt fails and no OAuth/SAML provider is configured: in that case
+     * `useSSO` only meant "unknown — try SSO, then credentials", so we fall back to the form
+     * instead of routing to /error.
+     */
+    showCredentialsFallback = signal(false, ...(ngDevMode ? [{ debugName: "showCredentialsFallback" }] : []));
     constructor(destroyRef) {
         this.destroyRef = destroyRef;
         // If the user is already authenticated when landing here (e.g. page refresh on
@@ -10987,21 +10993,45 @@ class SignInComponent {
             const url = this.route.snapshot.queryParams["returnUrl"] || "/";
             this.router.navigateByUrl(url);
         }
-        // When authentication is delegated to the browser/proxy (SSO) or an OAuth/SAML
-        // provider, no credentials form is shown: this screen shows a loader and initiates
-        // the handshake automatically by calling `handleLogin()`. If the handshake never
-        // completes, fall back to /error after 5s; the fallback is cancelled as soon as
-        // the login succeeds (the `authenticated` event then drives navigation).
+        // When authentication is delegated to the browser/proxy (SSO) or an OAuth/SAML provider, no
+        // credentials form is shown: this screen shows a loader and starts the handshake automatically.
+        // Drive what happens next from the OUTCOME of `login()`, never a blind timer racing the network
+        // call (the old 5s timer fired while a slow but legitimate provider call — up to its own 10s
+        // network timeout — was still in flight, flashing /error just before the IdP redirect):
+        //   • rejected      → real failure (network timeout, 5xx, callback loop) → /error WITH the reason;
+        //   • resolved true  → authenticated → the `authenticated` event / returnUrl drives navigation;
+        //   • resolved false → either an OAuth/SAML full-page redirect is under way (the redirect flag was
+        //                      set just before `window.location.href`; the page is about to unload, so do
+        //                      nothing and let it leave for the IdP), or no provider is configured
+        //                      (ambiguous SSO → show the credentials form), or the provider returned no
+        //                      redirect at all (→ /error).
         if (this.externalAuth && !this.authenticated()) {
-            const timeout = setTimeout(() => {
+            login()
+                .then(result => {
+                if (result) {
+                    this.auditService.notifyLogin();
+                    return;
+                }
+                const hasAutoProvider = !!(globalConfig.autoOAuthProvider || globalConfig.autoSAMLProvider);
+                if (!hasAutoProvider) {
+                    this.showCredentialsFallback.set(true);
+                    return;
+                }
+                // A full-page redirect to the IdP was initiated → the page is about to unload. Routing to
+                // /error here is exactly what caused the transient "error" flash, so skip it.
+                if (sessionStorage.getItem(AUTH_REDIRECT_ATTEMPT_KEY))
+                    return;
+                // Provider configured but the server returned no redirectUrl and there is no session → error.
                 this.router.navigate(["/error"], {
                     queryParams: { returnUrl: this.route.snapshot.queryParams["returnUrl"] }
                 });
-            }, 5000);
-            destroyRef.onDestroy(() => clearTimeout(timeout));
-            this.handleLogin().then(result => {
-                if (result)
-                    clearTimeout(timeout);
+            })
+                .catch((err) => {
+                warn("An error occurred while logging in", err);
+                this.auditService.notify({ type: "Login_Denied" });
+                // Surface the failure reason on the error page (e.g. "OAuth provider not found: identity-dev").
+                const message = (err?.errorMessage ?? err?.message) || undefined;
+                this.router.navigate(["error"], { queryParams: { message } });
             });
         }
         effect(() => {
@@ -11113,7 +11143,7 @@ class SignInComponent {
     }
     static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.25", ngImport: i0, type: SignInComponent, deps: [{ token: i0.DestroyRef }], target: i0.ɵɵFactoryTarget.Component });
     static ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "17.0.0", version: "20.3.25", type: SignInComponent, isStandalone: true, selector: "signIn, signin, sign-in", inputs: { class: { classPropertyName: "class", publicName: "class", isSignal: true, isRequired: false, transformFunction: null }, username: { classPropertyName: "username", publicName: "username", isSignal: true, isRequired: false, transformFunction: null }, password: { classPropertyName: "password", publicName: "password", isSignal: true, isRequired: false, transformFunction: null } }, outputs: { forgotPassword: "forgotPassword", username: "usernameChange", password: "passwordChange" }, host: { properties: { "class": "cn('grid h-dvh w-full place-content-center', class())" } }, providers: [provideTranslocoScope("login")], ngImport: i0, template: `
-    @if (!authenticated() && !externalAuth) {
+    @if (!authenticated() && (!externalAuth || showCredentialsFallback())) {
       <Card
         hover="no"
         cdkTrapFocus
@@ -11186,7 +11216,7 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.25", ngImpo
                         CardHeaderComponent,
                         CardContentComponent
                     ], providers: [provideTranslocoScope("login")], template: `
-    @if (!authenticated() && !externalAuth) {
+    @if (!authenticated() && (!externalAuth || showCredentialsFallback())) {
       <Card
         hover="no"
         cdkTrapFocus