feat: add empty auth config service (#311)

openmfp/portal#626

Author: Sobyt483

README.md

@@ -11,16 +11,21 @@ It is closely related to the [portal ui library](https://github.com/openmfp/port
 The main features of this library are:
 
 - Provide a Dynamic Luigi configuration without the need to deploy a library
-- Authentication capabilities with GitHub and Auth Server
+- Optional authentication capabilities with GitHub and Auth Server
 - Dynamic development capabilities - Embed your local MicroFrontend into a running luigi frame.
+- Can run without any authentication infrastructure
 
 # Getting started
 
 ## Set up an environment
 
-To be able to use the library, the following environment properties have to be provided:
+The portal can run without any authentication infrastructure. Authentication configuration is optional and only required if you want to enable user authentication.
 
-- **Mandatory**
+### Environment properties
+
+- **Optional - Authentication**
+
+> **Note:** All authentication-related environment variables are optional. The portal can run without any auth services to display node configurations. Configure these only if you want to enable authentication features.
 
 | Property name                           | Description                                                                                                                                                                                    |
 | --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -44,17 +49,19 @@ To be able to use the library, the following environment properties have to be p
 | VALID_WEBCOMPONENT_URLS | To enable CORS Web component Loading: basically you need to add external domains where the Web Components are hosted; `".?"` in this examle, we are sepcify that we can load Web Components from everyhere. |
 | FEATURE_TOGGLES         | Comma separated values of features following the convention `featureName=boolean`. Boolean value indicates is the feature is on/off (true/false)                                                           |
 
-Below is an example of a `.env` file for configuring the application:
+#### Full configuration (with authentication)
 
 ```properties
 ## Mandatory
 CONTENT_CONFIGURATION_VALIDATOR_API_URL=https://example.com/validate
+
+## Auth Optional
 IDP_NAMES=app,dev
 BASE_DOMAINS_APP=localhost,example.com
 AUTH_SERVER_URL_APP=https://example.com/auth
 TOKEN_URL_APP=https://example.com/token
 OIDC_CLIENT_ID_APP=app_client_id
-OIDC_CLIENT_SECRET_APP= app_client_secret
+OIDC_CLIENT_SECRET_APP=app_client_secret
 
 ## Portal
 OPENMFP_PORTAL_CONTEXT_CRD_GATEWAY_API_URL=https://example.com/graphql

src/auth/auth-config.service.spec.ts

@@ -1,10 +1,41 @@
 import { DiscoveryService, EnvService } from '../env/index.js';
-import { EnvAuthConfigService } from './auth-config.service.js';
+import {
+  EmptyAuthConfigService,
+  EnvAuthConfigService,
+} from './auth-config.service.js';
 import { HttpException, HttpStatus } from '@nestjs/common';
 import { Test, TestingModule } from '@nestjs/testing';
 import type { Request } from 'express';
 import { mock } from 'jest-mock-extended';
 
+describe('EmptyAuthConfigService', () => {
+  let service: EmptyAuthConfigService;
+
+  beforeEach(() => {
+    service = new EmptyAuthConfigService();
+  });
+
+  describe('getAuthConfig', () => {
+    it('should return empty object', async () => {
+      const request = mock<Request>();
+      request.hostname = 'example.com';
+
+      const result = await service.getAuthConfig(request);
+
+      expect(result).toEqual({});
+    });
+
+    it('should return empty object for any hostname', async () => {
+      const request = mock<Request>();
+      request.hostname = 'test.localhost';
+
+      const result = await service.getAuthConfig(request);
+
+      expect(result).toEqual({});
+    });
+  });
+});
+
 describe('EnvAuthConfigService', () => {
   let service: EnvAuthConfigService;
   let discoveryServiceMock: DiscoveryService;

src/auth/auth-config.service.ts

@@ -9,20 +9,29 @@ interface BaseDomainsToIdp {
 }
 
 export interface ServerAuthVariables {
-  idpName: string;
-  baseDomain: string;
-  oauthServerUrl: string;
-  oauthTokenUrl: string;
-  clientId: string;
-  clientSecret: string;
-  oidcIssuerUrl: string;
+  idpName?: string;
+  baseDomain?: string;
+  oauthServerUrl?: string;
+  oauthTokenUrl?: string;
+  clientId?: string;
+  clientSecret?: string;
+  oidcIssuerUrl?: string;
   endSessionUrl?: string;
 }
 
 export interface AuthConfigService {
   getAuthConfig(request: Request): Promise<ServerAuthVariables>;
 }
 
+@Injectable()
+export class EmptyAuthConfigService implements AuthConfigService {
+  constructor() {}
+
+  public async getAuthConfig(request: Request): Promise<ServerAuthVariables> {
+    return {};
+  }
+}
+
 @Injectable()
 export class EnvAuthConfigService implements AuthConfigService {
   constructor(

src/auth/auth-token.service.spec.ts

@@ -1,8 +1,12 @@
 import { EnvService } from '../env/index.js';
-import { AUTH_CALLBACK_INJECTION_TOKEN } from '../injection-tokens.js';
+import {
+  AUTH_CALLBACK_INJECTION_TOKEN,
+  AUTH_CONFIG_INJECTION_TOKEN,
+} from '../injection-tokens.js';
 import { PortalModule } from '../portal.module.js';
 import {
   AuthConfigService,
+  EmptyAuthConfigService,
   EnvAuthConfigService,
 } from './auth-config.service.js';
 import { AuthTokenData, AuthTokenService } from './auth-token.service.js';
@@ -30,15 +34,21 @@ describe('AuthTokenService', () => {
 
     authCallbackMock = mock<AuthCallback>();
     const module: TestingModule = await Test.createTestingModule({
-      imports: [PortalModule.create({})],
+      imports: [
+        PortalModule.create({
+          authConfigProvider: EnvAuthConfigService,
+        }),
+      ],
     })
       .overrideProvider(AUTH_CALLBACK_INJECTION_TOKEN)
       .useValue(authCallbackMock)
       .compile();
 
     service = module.get<AuthTokenService>(AuthTokenService);
     envService = module.get<EnvService>(EnvService);
-    authConfigService = module.get<AuthConfigService>(EnvAuthConfigService);
+    authConfigService = module.get<AuthConfigService>(
+      AUTH_CONFIG_INJECTION_TOKEN,
+    );
     responseMock = mock<Response>();
     requestMock = mock<Request>();
   });
@@ -128,6 +138,29 @@ describe('AuthTokenService', () => {
           'Unexpected response code from auth token server: 206, Partial Content',
         );
       });
+
+      it('should throw error when clientId is not configured', async () => {
+        const module: TestingModule = await Test.createTestingModule({
+          imports: [
+            PortalModule.create({
+              authConfigProvider: EmptyAuthConfigService,
+            }),
+          ],
+        })
+          .overrideProvider(AUTH_CALLBACK_INJECTION_TOKEN)
+          .useValue(authCallbackMock)
+          .compile();
+
+        const emptyService = module.get<AuthTokenService>(AuthTokenService);
+
+        await expect(
+          emptyService.exchangeTokenForRefreshToken(
+            requestMock,
+            responseMock,
+            refreshToken,
+          ),
+        ).rejects.toThrow('Client ID is not configured');
+      });
     });
 
     describe('token for code - authorization_code flow', () => {
@@ -182,6 +215,29 @@ describe('AuthTokenService', () => {
         // Assert
         assertResponseAndCookies(authTokenResponse);
       });
+
+      it('should throw error when clientId is not configured', async () => {
+        const module: TestingModule = await Test.createTestingModule({
+          imports: [
+            PortalModule.create({
+              authConfigProvider: EmptyAuthConfigService,
+            }),
+          ],
+        })
+          .overrideProvider(AUTH_CALLBACK_INJECTION_TOKEN)
+          .useValue(authCallbackMock)
+          .compile();
+
+        const emptyService = module.get<AuthTokenService>(AuthTokenService);
+
+        await expect(
+          emptyService.exchangeTokenForCode(
+            requestMock,
+            responseMock,
+            'test-code',
+          ),
+        ).rejects.toThrow('Client ID is not configured');
+      });
     });
 
     it('handles an auth server error', async () => {

src/auth/auth-token.service.ts

@@ -44,6 +44,10 @@ export class AuthTokenService {
     const authConfig = await this.authConfigService.getAuthConfig(request);
     const redirectUri = getRedirectUri(request);
 
+    if (!authConfig.clientId) {
+      throw new Error('Client ID is not configured');
+    }
+
     const body = new URLSearchParams({
       client_id: authConfig.clientId,
       grant_type: 'authorization_code',
@@ -66,6 +70,10 @@ export class AuthTokenService {
   ): Promise<AuthTokenData> {
     const authConfig = await this.authConfigService.getAuthConfig(request);
 
+    if (!authConfig.clientId) {
+      throw new Error('Client ID is not configured');
+    }
+
     const body = new URLSearchParams({
       grant_type: 'refresh_token',
       refresh_token: refreshToken,

src/auth/index.ts

@@ -1,5 +1,9 @@
-export { AuthController } from './auth.controller.js';
+export {
+  AuthConfigService,
+  EnvAuthConfigService,
+  ServerAuthVariables,
+} from './auth-config.service.js';
+export { AuthTokenData, AuthTokenService } from './auth-token.service.js';
 export * from './auth.callback.js';
-export * from './auth-config.service.js';
-export { AuthTokenService, AuthTokenData } from './auth-token.service.js';
 export { AuthCallback } from './auth.callback.js';
+export { AuthController } from './auth.controller.js';

src/config/context/service-provider-default.ts

@@ -0,0 +1,44 @@
+import { RawServiceProvider } from './service-provider.js';
+
+export const DEFAULT_SERVICE_PROVIDERS: RawServiceProvider[] = [
+  {
+    name: 'getting-started',
+    displayName: 'Getting Started',
+    creationTimestamp: '',
+    contentConfiguration: [
+      {
+        name: 'getting-started',
+        creationTimestamp: '',
+        luigiConfigFragment: {
+          data: {
+            nodes: [
+              {
+                entityType: 'global',
+                pathSegment: 'home',
+                label: 'Overview',
+                icon: 'home',
+                hideFromNav: true,
+                defineEntity: {
+                  id: 'example',
+                },
+                viewUrl: '/home',
+                children: [
+                  {
+                    pathSegment: 'overview',
+                    viewUrl: '/overview',
+                    label: 'Overview',
+                    icon: 'home',
+                    url: '/assets/openmfp-portal-ui-wc.js#getting-started',
+                    webcomponent: {
+                      selfRegistered: true,
+                    },
+                  },
+                ],
+              },
+            ],
+          },
+        },
+      },
+    ],
+  },
+];

src/config/context/service-provider.spec.ts

@@ -1,23 +1,26 @@
+import { DEFAULT_SERVICE_PROVIDERS } from './service-provider-default.js';
 import {
-  EmptyServiceProviderService,
+  DefaultServiceProviderService,
   ServiceProviderService,
-} from './service-provider';
+} from './service-provider.js';
 import { Test, TestingModule } from '@nestjs/testing';
 
-describe('EmptyServiceProviderService', () => {
+describe('DefaultServiceProviderService', () => {
   let service: ServiceProviderService;
 
   beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
-      providers: [EmptyServiceProviderService],
+      providers: [DefaultServiceProviderService],
     }).compile();
 
-    service = module.get<ServiceProviderService>(EmptyServiceProviderService);
+    service = module.get<ServiceProviderService>(DefaultServiceProviderService);
   });
 
-  it('should return an empty serviceProviders', async () => {
+  it('should return an default serviceProviders', async () => {
     const response = await service.getServiceProviders('token', [], {});
 
-    expect(response).toEqual({ rawServiceProviders: [] });
+    expect(response).toEqual({
+      rawServiceProviders: DEFAULT_SERVICE_PROVIDERS,
+    });
   });
 });

src/config/context/service-provider.ts

@@ -1,5 +1,6 @@
 import { ContentConfiguration } from '../model/content-configuration.js';
 import { StackSearch } from '../model/luigi.node.js';
+import { DEFAULT_SERVICE_PROVIDERS } from './service-provider-default.js';
 
 export interface HelpCenterData {
   stackSearch?: StackSearch;
@@ -32,10 +33,10 @@ export interface ServiceProviderService {
   ): Promise<ServiceProviderResponse>;
 }
 
-export class EmptyServiceProviderService implements ServiceProviderService {
+export class DefaultServiceProviderService implements ServiceProviderService {
   getServiceProviders(): Promise<ServiceProviderResponse> {
     return Promise.resolve({
-      rawServiceProviders: [],
+      rawServiceProviders: DEFAULT_SERVICE_PROVIDERS,
     });
   }
-}
+}

src/config/index.ts

@@ -2,7 +2,7 @@ export {
   ServiceProviderResponse,
   ServiceProviderService,
   RawServiceProvider,
-  EmptyServiceProviderService,
+  DefaultServiceProviderService,
   HelpCenterData,
 } from './context/service-provider.js';
 export * from './model/content-configuration.js';