Commit 49e4dccc authored by Ryan Diehl's avatar Ryan Diehl

updates readme

parent 02550204
Pipeline #109704 passed with stages
in 2 minutes and 50 seconds
# utils-security-ngrx
# @psu/utils/security-ngrx
This library was generated with [Nx](https://nx.dev).
NgRx extensions for @psu/utils/security.
## Running unit tests
## Class Interfaces
Run `nx test utils-security-ngrx` to execute the unit tests.
This library makes use of class interfaces for dependency injection of vendor-specific authentication functionality.
External libraries such as @psu/msal-oidc will provide implementation of these interfaces.
### SecurityEventListener
`SecurityEventListener` defines an interface for a service that handles authentication related events that should
trigger NgRx actions.
### Providers
This library exports a helper function to allow you to provide implementations for these class interfaces -
`provideSecurityEventListener()`.
```
providers: [
...,
VendorSecurityEventListener,
provideSecurityEventListener(VendorSecurityEventListener),
]
```
## Facade
The `SecurityFacade` abstracts away most details of the NgRx implementation and provides helper functions and properties
for apps to use. It injects the `SecurityEventListener` and listens for login success, failure, etc. events, and
then dispatches corresponding actions against the store.
......@@ -58,7 +58,7 @@ describe('SecurityFacade', () => {
it('listener loginFailure should dispatch loginFailure action', () => {
loginFailed$.next('no');
expect(store.dispatch).toHaveBeenCalledWith(loginFailure({ message: 'no' }));
loginFailed$.next(undefined);
loginFailed$.next();
expect(store.dispatch).toHaveBeenCalledWith(loginFailure({}));
});
});
# Security Utils
# @psu/utils/security
This will eventually be the home of the refactored and de-spaghettified security utils, but for now it just has a single string constant for the `REQUIRE_AUTH_HEADER` since I needed somewhere to put it and didn't want to import the entire security library just for one constant.
This entrypoint contains cross-cutting security functionality that is independent of any actual auth
implementation. Where we need to interact with a specific auth implementation (@psu/security, @psu/msal-oidc, etc.),
this entrypoint exposes class interfaces and dependency injection helpers for the implementor.
## Class Interfaces
This library makes use of class interfaces for dependency injection of vendor-specific authentication functionality.
External libraries such as @psu/msal-oidc will provide implementation of these interfaces.
### AuthService
`AuthService` defines methods to log a user into a system and get user information such as userName (ideally from
something like an ID token using OIDC).
### TokenService
`TokenService` defines methods to acquire tokens during HTTP flows.
### Providers
This library exports a couple of helper functions to allow you to provide implementations for these class interfaces -
`provideAuthService()` and `provideTokenService()`.
```
providers: [
...,
VendorAuthService,
provideAuthService(VendorAuthService),
VendorTokenService,
provideVendorTokenService(VendorTokenService),
]
```
## Interceptors
### AuthInterceptor
`AuthInterceptor` provides an implementation-agnostic way to attach `Bearer` tokens to outgoing HTTP requests.
It leverages the existing `REQUIRE_AUTH_HEADER` constant that our apis library already uses. It should be a drop-in
replacement for the implementation from @psu/security, with the exception that we no longer support the legacy
`protectedUrls` configuration parameter (though it could be re-added if needed).
The interceptor injects `TokenService`, which is a class interface. This library does not provide an implementation
for this service, instead it should be implemented by vendor-specific libraries like @psu/msal-oidc. The TokenService
is used to acquire a token.
### UseridRequestTracingInterceptor
`UseridRequestTracingInterceptor` provides an implementation-agnostic way to set custom `x-request-id` headers that
include the username of the currently logged in user. It is a drop-in replacement for the version in @psu/security.
The interceptor injects `AuthService`, which is a class interface. This library does not provide an implementation
for this service, instead it should be implemented by vendor-specific libraries like @psu/msal-oidc. The AuthService
is used to determine if a user is currently logged in.
## Models
The `User` interface defines an authenticated user. Its only field is a `userName` at this point. Your implementation
will likely have additional fields such as identity claims.
## Guards
### AlreadyLoggedInGuard
The `AlreadyLoggedInGuard` can be used to redirect users away from anonymous resources like a login screen, if they are
currently authenticated. It injects `AuthService`, see above.
  • SonarQube analysis indicates that quality gate is failed.

    • Bugs is failed: Actual value 1 > 0
    • high_severity_vulns is passed: Actual value 0
    • medium_severity_vulns is passed: Actual value 0

    SonarQube analysis reported 17 issues

    • 5 major
    • 🔽 7 minor
    • 5 info

    Top 10 extra issues

    Note: The following issues were found on lines that were not modified in the commit. Because these issues can't be reported as line comments, they are summarized here:

    1. Unexpected empty source 📘
    2. Remove this useless assignment to variable "result". 📘
    3. Remove this useless assignment to variable "complete". 📘
    4. Remove this useless assignment to variable "loadResult". 📘
    5. Remove this useless assignment to variable "loadComplete". 📘
    6. 🔽 Add an "alt" attribute to this image. 📘
    7. 🔽 This assertion is unnecessary since it does not change the type of the expression. 📘
    8. 🔽 This assertion is unnecessary since it does not change the type of the expression. 📘
    9. 🔽 This assertion is unnecessary since it does not change the type of the expression. 📘
    10. 🔽 This assertion is unnecessary since it does not change the type of the expression. 📘
    • ... 7 more
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment