Refactor auth handling (!624) · Merge requests · Particify / Software Development / FOSS / ARSnova Web Client

Daniel Gerhardt requested to merge refac-auth-handling into master Aug 07, 2020

Large parts of auth handling have been refactored to improve maintainability and performance:

Room access control

Room role mappings are no longer cached in localStorage.
New API endpoints are used to retrieve room memberships and room summaries (basic info + stats). Instead of querying data for each room individually they are now fetched in bulk.
Membership and summary data is only loaded once and cached in-memory until the cache is invalidated though a client-side or WebSocket (implementation not final / server-side implementation missing) event.
Room authorization handling was moved to a new RoomMembershipService.
Account management methods were moved to user service.
Authorization header is only overridden if it wasn't already set.
UserRole is now a string-based enum (code constructs like user.role < 3 are no longer allowed). Templates can now use the string and now longer need to hard-code a number.
The AuthenticationGuard now returns an Observable.
A Resolver is used to pass the role for viewing to components.
Use helper methods in components to check the role (instead of component fields).

App-wide authentication handling

ClientAuthentication is now used throught the app and replaces the User class. Previously, it was only used to handle the API response. User was basically the same as ClientAuthentication with a few additional properties which became obsolete properties which became obsolete.
AuthenticationService's getUser, getUserAsSubject and watchUser methods have been replace with a single getAuthentication method which returns an Observable<ClientAuthentication>. Internally, a higher-order Observable is used to emit changes to authentication as a stream.
The logic of AuthenticationService's login-related methods have been refactored. Instead of returning the strings true, false and activation, a ClientAuthenticationResult is return which contains the status and the auth object if successful.
refreshLogin logic has been refactored to reuse code for normal logins.
An APP_INITIALIZER is used to initialize authentication at startup.

Known issue

Role-based, conditional rendering for elements of the header bar no longer works (e.g. session ID in comment list for room owner).

Edited Aug 19, 2020 by Daniel Gerhardt

Refactor auth handling