Unauthorized client routing

Added Auth Interceptor tests

cleaned up test

Update routes
This commit is contained in:
Andrew Throener
2015-08-13 12:45:38 -05:00
parent 979c4e56a4
commit ed89f9ea08
6 changed files with 126 additions and 18 deletions

View File

@@ -4,13 +4,16 @@
angular.module(ApplicationConfiguration.applicationModuleName, ApplicationConfiguration.applicationModuleVendorDependencies);
// Setting HTML5 Location Mode
angular.module(ApplicationConfiguration.applicationModuleName).config(['$locationProvider',
function ($locationProvider) {
angular.module(ApplicationConfiguration.applicationModuleName).config(['$locationProvider', '$httpProvider',
function ($locationProvider, $httpProvider) {
$locationProvider.html5Mode(true).hashPrefix('!');
$httpProvider.interceptors.push('authInterceptor');
}
]);
angular.module(ApplicationConfiguration.applicationModuleName).run(function ($rootScope, $state, Authentication) {
// Check authentication before changing state
$rootScope.$on('$stateChangeStart', function (event, toState, toParams, fromState, fromParams) {
if (toState.data && toState.data.roles && toState.data.roles.length > 0) {
@@ -24,11 +27,11 @@ angular.module(ApplicationConfiguration.applicationModuleName).run(function ($ro
if (!allowed) {
event.preventDefault();
$state.go('authentication.signin', {}, {
notify: false
}).then(function () {
$rootScope.$broadcast('$stateChangeSuccess', 'authentication.signin', {}, toState, toParams);
});
if (Authentication.user !== undefined && typeof Authentication.user === 'object') {
$state.go('forbidden');
} else {
$state.go('authentication.signin');
}
}
}
});

View File

@@ -13,16 +13,30 @@ angular.module('core').config(['$stateProvider', '$urlRouterProvider',
// Home state routing
$stateProvider
.state('home', {
url: '/',
templateUrl: 'modules/core/client/views/home.client.view.html'
})
.state('not-found', {
url: '/not-found',
templateUrl: 'modules/core/client/views/404.client.view.html',
data: {
ignoreState: true
}
});
.state('home', {
url: '/',
templateUrl: 'modules/core/client/views/home.client.view.html'
})
.state('not-found', {
url: '/not-found',
templateUrl: 'modules/core/client/views/404.client.view.html',
data: {
ignoreState: true
}
})
.state('bad-request', {
url: '/bad-request',
templateUrl: 'modules/core/client/views/400.client.view.html',
data: {
ignoreState: true
}
})
.state('forbidden', {
url: '/forbidden',
templateUrl: 'modules/core/client/views/403.client.view.html',
data: {
ignoreState: true
}
});
}
]);

View File

@@ -0,0 +1,22 @@
'use strict';
angular.module('core').factory('authInterceptor', ['$q', '$injector',
function ($q, $injector) {
return {
responseError: function(rejection) {
if (!rejection.config.ignoreAuthModule) {
switch (rejection.status) {
case 401:
$injector.get('$state').transitionTo('authentication.signin');
break;
case 403:
$injector.get('$state').transitionTo('forbidden');
break;
}
}
// otherwise, default behaviour
return $q.reject(rejection);
}
};
}
]);

View File

@@ -0,0 +1,6 @@
<h1>Bad Request</h1>
<div class="alert alert-danger" role="alert">
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
<span class="sr-only">Error:</span>
You made a bad request
</div>

View File

@@ -0,0 +1,6 @@
<h1>Forbidden</h1>
<div class="alert alert-danger" role="alert">
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
<span class="sr-only">Error:</span>
You are not authorized to access this resource
</div>

View File

@@ -0,0 +1,57 @@
'use strict';
(function() {
describe('authInterceptor', function() {
//Initialize global variables
var authInterceptor,
$q,
$state,
httpProvider;
// Load the main application module
beforeEach(module(ApplicationConfiguration.applicationModuleName));
//Load httpProvider
beforeEach(module(function($httpProvider) {
httpProvider = $httpProvider;
}));
beforeEach(inject(function(_authInterceptor_, _$q_, _$state_) {
authInterceptor = _authInterceptor_;
$q = _$q_;
$state = _$state_;
spyOn($q,'reject');
spyOn($state,'transitionTo');
}));
it('Auth Interceptor should be object', function() {
expect( typeof authInterceptor).toEqual('object');
});
it('Auth Interceptor should contain responseError function', function() {
expect( typeof authInterceptor.responseError).toEqual('function');
});
it('httpProvider Interceptor should have authInterceptor', function() {
expect(httpProvider.interceptors).toContain('authInterceptor');
});
describe('Forbidden Interceptor', function() {
it('should redirect to forbidden route', function () {
var response = {status:403,config:{}};
var promise = authInterceptor.responseError(response);
expect($q.reject).toHaveBeenCalled();
expect($state.transitionTo).toHaveBeenCalledWith('forbidden');
});
});
describe('Authorization Interceptor', function() {
it('should redirect to signIn page for unauthorized access', function () {
var response = {status:401,config:{}};
var promise = authInterceptor.responseError(response);
expect($q.reject).toHaveBeenCalled();
expect($state.transitionTo).toHaveBeenCalledWith('authentication.signin');
});
});
});
})();