npm - @sinequa/atomic-angular - Versions diffs - 1.0.18 → 1.0.19 - Mend

@sinequa/atomic-angular 1.0.18 → 1.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/fesm2022/sinequa-atomic-angular.mjs +50 -13
package/fesm2022/sinequa-atomic-angular.mjs.map +1 -1
package/index.d.ts +164 -157
package/package.json +1 -1

package/fesm2022/sinequa-atomic-angular.mjs CHANGED Viewed

@@ -10930,6 +10930,12 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.25", ngImpo
                 }]
         }], propDecorators: { cancel: [{ type: i0.Output, args: ["cancel"] }], success: [{ type: i0.Output, args: ["success"] }], userName: [{ type: i0.Input, args: [{ isSignal: true, alias: "userName", required: false }] }, { type: i0.Output, args: ["userNameChange"] }] } });
+/**
+ * Mirrors @sinequa/atomic's `AUTH_REDIRECT_ATTEMPT_KEY` (src/authentication/constants.ts): the
+ * sessionStorage flag set right before a provider full-page redirect (`window.location.href`).
+ * Reading it lets us tell "an IdP redirect is under way" from "no session", without a blind timer.
+ */
+const AUTH_REDIRECT_ATTEMPT_KEY = "sinequa-auth-redirect-attempt";
 /**
  * Represents the LoginComponent class, which is responsible for handling the login functionality.
  * This component is used to authenticate users and manage the user's authentication status.
@@ -10971,6 +10977,13 @@ class SignInComponent {
     authenticated = signal(isAuthenticated(), ...(ngDevMode ? [{ debugName: "authenticated" }] : []));
     user = signal(getState(this.principalStore), ...(ngDevMode ? [{ debugName: "user" }] : []));
     expiresSoonNotified = signal(false, ...(ngDevMode ? [{ debugName: "expiresSoonNotified" }] : []));
+    /**
+     * Forces the credentials form to show even while `externalAuth` is true. Set when a silent
+     * SSO/browser auth attempt fails and no OAuth/SAML provider is configured: in that case
+     * `useSSO` only meant "unknown — try SSO, then credentials", so we fall back to the form
+     * instead of routing to /error.
+     */
+    showCredentialsFallback = signal(false, ...(ngDevMode ? [{ debugName: "showCredentialsFallback" }] : []));
     constructor(destroyRef) {
         this.destroyRef = destroyRef;
         // If the user is already authenticated when landing here (e.g. page refresh on
@@ -10980,21 +10993,45 @@ class SignInComponent {
             const url = this.route.snapshot.queryParams["returnUrl"] || "/";
             this.router.navigateByUrl(url);
         }
-        // When authentication is delegated to the browser/proxy (SSO) or an OAuth/SAML
-        // provider, no credentials form is shown: this screen shows a loader and initiates
-        // the handshake automatically by calling `handleLogin()`. If the handshake never
-        // completes, fall back to /error after 5s; the fallback is cancelled as soon as
-        // the login succeeds (the `authenticated` event then drives navigation).
+        // When authentication is delegated to the browser/proxy (SSO) or an OAuth/SAML provider, no
+        // credentials form is shown: this screen shows a loader and starts the handshake automatically.
+        // Drive what happens next from the OUTCOME of `login()`, never a blind timer racing the network
+        // call (the old 5s timer fired while a slow but legitimate provider call — up to its own 10s
+        // network timeout — was still in flight, flashing /error just before the IdP redirect):
+        //   • rejected      → real failure (network timeout, 5xx, callback loop) → /error WITH the reason;
+        //   • resolved true  → authenticated → the `authenticated` event / returnUrl drives navigation;
+        //   • resolved false → either an OAuth/SAML full-page redirect is under way (the redirect flag was
+        //                      set just before `window.location.href`; the page is about to unload, so do
+        //                      nothing and let it leave for the IdP), or no provider is configured
+        //                      (ambiguous SSO → show the credentials form), or the provider returned no
+        //                      redirect at all (→ /error).
         if (this.externalAuth && !this.authenticated()) {
-            const timeout = setTimeout(() => {
+            login()
+                .then(result => {
+                if (result) {
+                    this.auditService.notifyLogin();
+                    return;
+                }
+                const hasAutoProvider = !!(globalConfig.autoOAuthProvider || globalConfig.autoSAMLProvider);
+                if (!hasAutoProvider) {
+                    this.showCredentialsFallback.set(true);
+                    return;
+                }
+                // A full-page redirect to the IdP was initiated → the page is about to unload. Routing to
+                // /error here is exactly what caused the transient "error" flash, so skip it.
+                if (sessionStorage.getItem(AUTH_REDIRECT_ATTEMPT_KEY))
+                    return;
+                // Provider configured but the server returned no redirectUrl and there is no session → error.
                 this.router.navigate(["/error"], {
                     queryParams: { returnUrl: this.route.snapshot.queryParams["returnUrl"] }
                 });
-            }, 5000);
-            destroyRef.onDestroy(() => clearTimeout(timeout));
-            this.handleLogin().then(result => {
-                if (result)
-                    clearTimeout(timeout);
+            })
+                .catch((err) => {
+                warn("An error occurred while logging in", err);
+                this.auditService.notify({ type: "Login_Denied" });
+                // Surface the failure reason on the error page (e.g. "OAuth provider not found: identity-dev").
+                const message = (err?.errorMessage ?? err?.message) || undefined;
+                this.router.navigate(["error"], { queryParams: { message } });
             });
         }
         effect(() => {
@@ -11106,7 +11143,7 @@ class SignInComponent {
     }
     static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.25", ngImport: i0, type: SignInComponent, deps: [{ token: i0.DestroyRef }], target: i0.ɵɵFactoryTarget.Component });
     static ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "17.0.0", version: "20.3.25", type: SignInComponent, isStandalone: true, selector: "signIn, signin, sign-in", inputs: { class: { classPropertyName: "class", publicName: "class", isSignal: true, isRequired: false, transformFunction: null }, username: { classPropertyName: "username", publicName: "username", isSignal: true, isRequired: false, transformFunction: null }, password: { classPropertyName: "password", publicName: "password", isSignal: true, isRequired: false, transformFunction: null } }, outputs: { forgotPassword: "forgotPassword", username: "usernameChange", password: "passwordChange" }, host: { properties: { "class": "cn('grid h-dvh w-full place-content-center', class())" } }, providers: [provideTranslocoScope("login")], ngImport: i0, template: `
-    @if (!authenticated() && !externalAuth) {
+    @if (!authenticated() && (!externalAuth || showCredentialsFallback())) {
       <Card
         hover="no"
         cdkTrapFocus
@@ -11179,7 +11216,7 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.25", ngImpo
                         CardHeaderComponent,
                         CardContentComponent
                     ], providers: [provideTranslocoScope("login")], template: `
-    @if (!authenticated() && !externalAuth) {
+    @if (!authenticated() && (!externalAuth || showCredentialsFallback())) {
       <Card
         hover="no"
         cdkTrapFocus