ajout header authentification et correction filtre

Author: cdebarros

apps/datahub/src/app/app.component.html

@@ -98,30 +98,15 @@
         </dsfr-tool-link-menu>
       </li>
       <li>
-        <dsfr-tool-link-menu
-          [outline]="false"
-          [labelMenu]="'Mon espace'"
-          [iconMenu]="'fr-icon-account-circle-fill'"
-        >
-          <ng-template #linksTemplate>
-            <ul>
-              <dsfr-link
-                [link]="'https://cartes.gouv.fr/tableau-de-bord'"
-                [label]="'Tableau de bord'"
-                [icon]="'fr-icon-dashboard-3-line'"
-                [customClass]="'fr-nav__link'"
-                [iconPosition]="'left'"
-              ></dsfr-link>
-              <dsfr-link
-                [link]="'https://cartes.gouv.fr/mon-compte'"
-                [label]="'Mon compte'"
-                [icon]="'fr-icon-user-line'"
-                [customClass]="'fr-nav__link'"
-                [iconPosition]="'left'"
-              ></dsfr-link>
-            </ul>
-          </ng-template>
-        </dsfr-tool-link-menu>
+        <div id="header-auth">
+          <button
+            class="login-btn fr-icon-account-circle-fill fr-btn"
+            type="button"
+            title="Se connecter"
+          >
+            Se connecter
+          </button>
+        </div>
       </li>
     </ng-template>
   </dsfr-header>

apps/datahub/src/app/app.component.ts

@@ -1,6 +1,7 @@
 import { Component, OnInit, AfterViewInit, Renderer2 } from '@angular/core'
 import { getThemeConfig } from '@geonetwork-ui/util/app-config'
 import { ThemeService } from '@geonetwork-ui/util/shared'
+import Keycloak from 'keycloak-js'
 
 @Component({
   selector: 'datahub-root',
@@ -9,7 +10,7 @@ import { ThemeService } from '@geonetwork-ui/util/shared'
   standalone: false,
 })
 export class AppComponent implements OnInit, AfterViewInit {
-  constructor(public renderer: Renderer2) { }
+  constructor(public renderer: Renderer2) {}
 
   ngOnInit(): void {
     const favicon = getThemeConfig().FAVICON
@@ -27,5 +28,116 @@ export class AppComponent implements OnInit, AfterViewInit {
     this.renderer.removeClass(title, 'fr-badge--green-emeraude')
     this.renderer.insertBefore(title, spanBadge, title.firstChild)
     this.renderer.addClass(title, 'fr-badge--blue-cumulus')
+    this.keycloakCheckAuth()
+  }
+
+  keycloakCheckAuth(): void {
+    const authContainer = document.getElementById('header-auth')
+    if (!authContainer) return
+
+    const renderLoggedOut = () => {
+      document.querySelectorAll('.login-btn').forEach((btn) => {
+        btn.addEventListener('click', () => {
+          keycloak.login({ redirectUri: window.location.href })
+        })
+      })
+    }
+
+    const renderLoggedIn = async () => {
+      const claims = keycloak.idTokenParsed || keycloak.tokenParsed || {}
+
+      const displayName =
+        (typeof claims.name === 'string' && claims.name) ||
+        [claims.given_name, claims.family_name].filter(Boolean).join(' ') ||
+        (typeof claims.preferred_username === 'string' &&
+          claims.preferred_username) ||
+        (typeof claims.email === 'string' && claims.email) ||
+        'Compte'
+
+      const generateUserMenuHTML = (collapseId) => {
+        const currentUrl = encodeURIComponent(window.location.href)
+        return `
+                <li>
+                    <div class="fr-translate fr-nav">
+                        <div class="fr-nav__item">
+                            <button aria-controls="${collapseId}" aria-expanded="false" title="Mon espace" class="fr-nav__btn fr-btn fr-px-2w">
+                                <span class="fr-icon-account-circle-fill fr-icon--sm fr-mr-1w" aria-hidden="true"></span>Mon espace</button>
+                            <div class="fr-collapse fr-translate__menu fr-menu" id="${collapseId}">
+                                <ul class="fr-menu__list">
+                                    <li style="pointer-events: none;">
+                                        <div class="fr-text--sm">
+                                            <p class="custom-center-btn fr-text--bold fr-mx-2w fr-text--sm fr-mt-3v fr-mb-2v">${displayName}</p>
+                                            <p class="fr-text--xs fr-mb-3v fr-mx-2w fr-text-mention--grey" style="text-align: left;">${claims.email}</p>
+                                        </div>
+                                    </li>
+                                    <li>
+                                        <a class="fr-nav__link fr-mr-3w" href="https://cartes.gouv.fr/tableau-de-bord">
+                                            <span class="fr-icon-dashboard-3-line fr-icon--sm">&emsp;Tableau de bord</span></a>
+                                    </li>
+                                    <li>
+                                        <a class="fr-nav__link fr-mr-3w" href="https://cartes.gouv.fr/mon-compte">
+                                            <span class="fr-icon-user-line fr-icon--sm">&emsp;Mon compte</span></a>
+                                    </li>
+                                    <li>
+                                        <div>
+                                            <a href="https://sso.geopf.fr/realms/geoplateforme/protocol/openid-connect/logout?post_logout_redirect_uri=${currentUrl}&client_id=cartes-gouv-public"
+                                                class="fr-icon-logout-box-r-line fr-icon--sm custom-center-btn fr-btn fr-btn--tertiary fr-btn--sm fr-mt-3v fr-mx-2w">
+                                                Se déconnecter
+                                            </a>
+                                        </div>
+                                    </li>
+                                </ul>
+                            </div>
+                        </div>
+                    </div>
+                </li>
+            `
+      }
+
+      authContainer.innerHTML = generateUserMenuHTML('espace-collapse')
+
+      const authContainerMobile = document.getElementById('header-auth-mobile')
+      if (authContainerMobile) {
+        authContainerMobile.innerHTML = generateUserMenuHTML(
+          'espace-collapse-mobile'
+        )
+      }
+    }
+
+    const keycloak = new Keycloak({
+      url: 'https://sso.geopf.fr',
+      realm: 'geoplateforme',
+      clientId: 'cartes-gouv-public',
+    })
+
+    // "Authorization Code" flow avec PKCE (type de client Keycloak : Public).
+    keycloak
+      .init({
+        onLoad: 'check-sso',
+        flow: 'standard',
+        pkceMethod: 'S256',
+        checkLoginIframe: false,
+        silentCheckSsoRedirectUri: `${window.location.origin}/silent-check-sso.html`,
+      })
+      .then(async (authenticated) => {
+        if (!authenticated) {
+          renderLoggedOut()
+          return
+        }
+
+        await renderLoggedIn()
+
+        // Si on veut garder le token à jour pour d'éventuelles futures appels API :
+        // window.setInterval(() => {
+        //     keycloak.updateToken(60).catch(() => {
+        //         // Si le rafraîchissement échoue, on affiche simplement l'interface déconnectée.
+        //         renderLoggedOut();
+        //     });
+        // }, 30_000);
+      })
+      .catch((error) => {
+        console.error('Failed to initialize Keycloak', error)
+        renderLoggedOut()
+      })
   }
 }

apps/datahub/src/app/home/search/search-filters/search-filters.component.ts

@@ -106,6 +106,7 @@ export class SearchFiltersComponent implements OnInit {
   }
 
   ngOnInit(): void {
+    this.isQualitySortable = false
     if (this.platformService.supportsAuthentication()) {
       this.platformService.getMe().subscribe((user) => (this.userId = user?.id))
     }

apps/datahub/src/assets/js/header-auth.js

@@ -0,0 +1,112 @@
+import Keycloak from './keycloak.js'
+
+;(() => {
+  const authContainer = document.getElementById('header-auth')
+  if (!authContainer) return
+
+  const renderLoggedOut = () => {
+    document.querySelectorAll('.login-btn').forEach((btn) => {
+      btn.addEventListener('click', () => {
+        keycloak.login({ redirectUri: window.location.href })
+        console.log(window.location.href)
+      })
+    })
+  }
+
+  const renderLoggedIn = async () => {
+    const claims = keycloak.idTokenParsed || keycloak.tokenParsed || {}
+
+    const displayName =
+      (typeof claims.name === 'string' && claims.name) ||
+      [claims.given_name, claims.family_name].filter(Boolean).join(' ') ||
+      (typeof claims.preferred_username === 'string' &&
+        claims.preferred_username) ||
+      (typeof claims.email === 'string' && claims.email) ||
+      'Compte'
+
+    const generateUserMenuHTML = (collapseId) => {
+      const currentUrl = encodeURIComponent(window.location.href)
+      return `
+                <li>
+                    <div class="fr-translate fr-nav">
+                        <div class="fr-nav__item">
+                            <button aria-controls="${collapseId}" aria-expanded="false" title="Mon espace" class="fr-translate__btn fr-btn fr-px-2w">
+                                <span class="fr-icon-account-circle-fill fr-icon--sm fr-mr-1w" aria-hidden="true"></span>Mon espace</button>
+                            <div class="fr-collapse fr-translate__menu fr-menu" id="${collapseId}">
+                                <ul class="fr-menu__list">
+                                    <li style="pointer-events: none;">
+                                        <div class="fr-text--sm">
+                                            <p class="custom-center-btn fr-text--bold fr-mx-2w fr-text--sm fr-mt-3v fr-mb-2v">${displayName}</p>
+                                            <p class="fr-text--xs fr-mb-3v fr-mx-2w fr-text-mention--grey" style="text-align: left;">${claims.email}</p>
+                                        </div>
+                                    </li>
+                                    <li>
+                                        <a class="fr-nav__link fr-mr-3w" href="https://cartes.gouv.fr/tableau-de-bord">
+                                            <span class="fr-icon-dashboard-3-line fr-icon--sm">&emsp;Tableau de bord</span></a>
+                                    </li>
+                                    <li>
+                                        <a class="fr-nav__link fr-mr-3w" href="https://cartes.gouv.fr/mon-compte">
+                                            <span class="fr-icon-user-line fr-icon--sm">&emsp;Mon compte</span></a>
+                                    </li>
+                                    <li>
+                                        <div>
+                                            <a href="https://sso.geopf.fr/realms/geoplateforme/protocol/openid-connect/logout?post_logout_redirect_uri=${currentUrl}&client_id=cartes-gouv-public"
+                                                class="fr-icon-logout-box-r-line fr-icon--sm custom-center-btn fr-btn fr-btn--tertiary fr-btn--sm fr-mt-3v fr-mx-2w">
+                                                Se déconnecter
+                                            </a>
+                                        </div>
+                                    </li>
+                                </ul>
+                            </div>
+                        </div>
+                    </div>
+                </li>
+            `
+    }
+
+    authContainer.innerHTML = generateUserMenuHTML('espace-collapse')
+
+    const authContainerMobile = document.getElementById('header-auth-mobile')
+    if (authContainerMobile) {
+      authContainerMobile.innerHTML = generateUserMenuHTML(
+        'espace-collapse-mobile'
+      )
+    }
+  }
+
+  const keycloak = new Keycloak({
+    url: 'https://sso.geopf.fr',
+    realm: 'geoplateforme',
+    clientId: 'cartes-gouv-public',
+  })
+
+  // "Authorization Code" flow avec PKCE (type de client Keycloak : Public).
+  keycloak
+    .init({
+      onLoad: 'check-sso',
+      flow: 'standard',
+      pkceMethod: 'S256',
+      checkLoginIframe: false,
+      silentCheckSsoRedirectUri: `${window.location.origin}/assets/silent-check-sso.html`,
+    })
+    .then(async (authenticated) => {
+      if (!authenticated) {
+        renderLoggedOut()
+        return
+      }
+
+      await renderLoggedIn()
+
+      // Si on veut garder le token à jour pour d'éventuelles futures appels API :
+      // window.setInterval(() => {
+      //     keycloak.updateToken(60).catch(() => {
+      //         // Si le rafraîchissement échoue, on affiche simplement l'interface déconnectée.
+      //         renderLoggedOut();
+      //     });
+      // }, 30_000);
+    })
+    .catch((error) => {
+      console.error('Failed to initialize Keycloak', error)
+      renderLoggedOut()
+    })
+})()

apps/datahub/src/assets/silent-check-sso.html

@@ -0,0 +1,16 @@
+<!doctype html>
+<html lang="fr">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <meta name="robots" content="noindex,nofollow" />
+    <title>silent-check-sso</title>
+  </head>
+
+  <body>
+    <script>
+      // keycloak-js : utilisé pour le check-sso sans rediriger l'utilisateur.
+      parent.postMessage(location.href, location.origin)
+    </script>
+  </body>
+</html>

apps/datahub/src/types/keycloak.d.ts

@@ -0,0 +1,50 @@
+declare module 'keycloak-js' {
+  export interface KeycloakConfig {
+    url?: string
+    realm?: string
+    clientId?: string
+    [key: string]: any
+  }
+
+  export interface KeycloakInitOptions {
+    onLoad?: string
+    flow?: string
+    pkceMethod?: string
+    checkLoginIframe?: boolean
+    silentCheckSsoRedirectUri?: string
+    [key: string]: any
+  }
+
+  export interface KeycloakTokenParsed {
+    exp?: number
+    iat?: number
+    nonce?: string
+    sub?: string
+    session_state?: string
+    realm_access?: { roles: string[] }
+    resource_access?: { [key: string]: { roles: string[] } }
+    name?: string
+    given_name?: string
+    family_name?: string
+    preferred_username?: string
+    email?: string
+    [key: string]: any
+  }
+
+  export default class Keycloak {
+    constructor(config?: KeycloakConfig | string)
+    init(options?: KeycloakInitOptions): Promise<boolean>
+    login(options?: { redirectUri?: string; [key: string]: any }): Promise<void>
+    logout(options?: {
+      redirectUri?: string
+      [key: string]: any
+    }): Promise<void>
+    updateToken(minValidity?: number): Promise<boolean>
+
+    token?: string
+    tokenParsed?: KeycloakTokenParsed
+    idToken?: string
+    idTokenParsed?: KeycloakTokenParsed
+    authenticated?: boolean
+  }
+}

conf/default.toml

@@ -240,4 +240,5 @@ record.metadata.quality.contacts.success="Le contact est renseigné"
 record.metadata.quality.abstract.success="La description est renseignée"
 record.metadata.quality.abstract.failed="La description n'est pas renseignée"
 search.filters.organization="Producteur"
-results.records.hits.found="{hits, plural, =0{Aucun résultat.} one{1 résultat trouvé.} other{{hits} résultats.}}"
+results.records.hits.found="{hits, plural, =0{Aucun résultat.} one{1 résultat trouvé.} other{{hits} résultats.}}"
+results.sortBy.changeDate="Dernière modification"

libs/feature/search/src/lib/sort-by/sort-by.component.ts

@@ -40,6 +40,10 @@ export class SortByComponent implements OnInit {
       label: marker('results.sortBy.popularity'),
       value: SortByEnum.POPULARITY,
     },
+    {
+      label: marker('results.sortBy.changeDate'),
+      value: SortByEnum.CHANGE_DATE,
+    },
   ]
   currentSortBy$ = this.facade.sortBy$.pipe(
     filter((sortBy) => !!sortBy),