From d7cdc3e7bc77fb058c50aceeab1304a987827620 Mon Sep 17 00:00:00 2001
From: deetz99 <dietrich@wolpert.ca>
Date: Wed, 11 Dec 2024 15:37:21 -0800
Subject: [PATCH 1/3] block vertain idps from logging in

---
 strr-base-web/app/locales/en-CA.ts     | 10 +++++++++-
 strr-base-web/app/middleware/auth.ts   | 13 +++++++++----
 strr-base-web/app/pages/auth/login.vue |  8 ++++++++
 strr-host-pm-web/nuxt.config.ts        |  4 ++--
 4 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/strr-base-web/app/locales/en-CA.ts b/strr-base-web/app/locales/en-CA.ts
index 57eb43946..edc3c0b06 100644
--- a/strr-base-web/app/locales/en-CA.ts
+++ b/strr-base-web/app/locales/en-CA.ts
@@ -390,7 +390,15 @@ export default {
     streetHint: 'Street address, PO box, rural route, or general delivery address',
     noAccountsFound: 'No accounts found, please click below to get started with an account.'
   },
-  toast: {},
+  toast: {
+    invalidIdp: {
+      generic: 'Invalid login source. Please login with one of the options provided.',
+      BCROS: '', // TODO: more specific messages ???
+      IDIR: '',
+      BCSC: '',
+      BCEID: ''
+    }
+  },
   feeSummary: {
     title: 'Fee Summary',
     total: 'Total Fees',
diff --git a/strr-base-web/app/middleware/auth.ts b/strr-base-web/app/middleware/auth.ts
index 965e621b2..291048ef3 100644
--- a/strr-base-web/app/middleware/auth.ts
+++ b/strr-base-web/app/middleware/auth.ts
@@ -1,8 +1,13 @@
 export default defineNuxtRouteMiddleware(() => {
-  const { isAuthenticated } = useKeycloak()
-  const localePath = useLocalePath()
-
-  if (!isAuthenticated.value) {
+  const { isAuthenticated, kcUser, logout } = useKeycloak()
+  const allowedIdps = useAppConfig().strrBaseLayer.page.login.options.idps
+  if (!isAuthenticated.value) { // redirect to login page if user not authenticated
+    const localePath = useLocalePath()
     return navigateTo(localePath('/auth/login'))
+  } else if (!allowedIdps.includes(kcUser.value.loginSource.toLowerCase())) { // log user out and redirect to login page if user authenticated with invalid login source
+    const locale = useNuxtApp().$i18n.locale.value
+    const redirectUrl =
+      useRuntimeConfig().public.baseUrl + locale + '/auth/login?invalidIdp=' + kcUser.value.loginSource
+    logout(redirectUrl)
   }
 })
diff --git a/strr-base-web/app/pages/auth/login.vue b/strr-base-web/app/pages/auth/login.vue
index 70cfd40b2..8f3f87234 100644
--- a/strr-base-web/app/pages/auth/login.vue
+++ b/strr-base-web/app/pages/auth/login.vue
@@ -41,6 +41,14 @@ definePageMeta({
   middleware: 'login-page',
   hideBreadcrumbs: true
 })
+
+// show notification if user was redirected here with an invalid login
+onMounted(() => {
+  const invalidIdp = useRoute().query.invalidIdp
+  if (invalidIdp && LoginSource[invalidIdp as LoginSource] !== undefined) {
+    useToast().add({ title: t('toast.invalidIdp.generic') })
+  }
+})
 </script>
 <template>
   <div class="flex grow justify-center py-10">
diff --git a/strr-host-pm-web/nuxt.config.ts b/strr-host-pm-web/nuxt.config.ts
index ca8647626..079470c61 100644
--- a/strr-host-pm-web/nuxt.config.ts
+++ b/strr-host-pm-web/nuxt.config.ts
@@ -39,8 +39,8 @@ export default defineNuxtConfig({
   },
 
   extends: [
-    // '../strr-base-web' // dev only
-    ['github:bcgov/STRR/strr-base-web', { install: true }]
+    '../strr-base-web' // dev only
+    // ['github:bcgov/STRR/strr-base-web', { install: true }]
   ],
 
   imports: {

From 3d3bbc849f71ae184ad7d868c0f576556a7792ff Mon Sep 17 00:00:00 2001
From: deetz99 <dietrich@wolpert.ca>
Date: Wed, 11 Dec 2024 15:38:24 -0800
Subject: [PATCH 2/3] middleware update

---
 strr-base-web/app/middleware/auth.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/strr-base-web/app/middleware/auth.ts b/strr-base-web/app/middleware/auth.ts
index 291048ef3..57cee6d41 100644
--- a/strr-base-web/app/middleware/auth.ts
+++ b/strr-base-web/app/middleware/auth.ts
@@ -4,7 +4,7 @@ export default defineNuxtRouteMiddleware(() => {
   if (!isAuthenticated.value) { // redirect to login page if user not authenticated
     const localePath = useLocalePath()
     return navigateTo(localePath('/auth/login'))
-  } else if (!allowedIdps.includes(kcUser.value.loginSource.toLowerCase())) { // log user out and redirect to login page if user authenticated with invalid login source
+  } else if (isAuthenticated.value && !allowedIdps.includes(kcUser.value.loginSource.toLowerCase())) { // log user out and redirect to login page if user authenticated with invalid login source
     const locale = useNuxtApp().$i18n.locale.value
     const redirectUrl =
       useRuntimeConfig().public.baseUrl + locale + '/auth/login?invalidIdp=' + kcUser.value.loginSource

From 77ef7fd762446b4354886a17ac5c8acaeea05419 Mon Sep 17 00:00:00 2001
From: deetz99 <dietrich@wolpert.ca>
Date: Wed, 11 Dec 2024 15:48:54 -0800
Subject: [PATCH 3/3] bump version for all apps

---
 strr-host-pm-web/nuxt.config.ts | 4 ++--
 strr-host-pm-web/package.json   | 2 +-
 strr-platform-web/package.json  | 2 +-
 strr-strata-web/package.json    | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/strr-host-pm-web/nuxt.config.ts b/strr-host-pm-web/nuxt.config.ts
index 079470c61..ca8647626 100644
--- a/strr-host-pm-web/nuxt.config.ts
+++ b/strr-host-pm-web/nuxt.config.ts
@@ -39,8 +39,8 @@ export default defineNuxtConfig({
   },
 
   extends: [
-    '../strr-base-web' // dev only
-    // ['github:bcgov/STRR/strr-base-web', { install: true }]
+    // '../strr-base-web' // dev only
+    ['github:bcgov/STRR/strr-base-web', { install: true }]
   ],
 
   imports: {
diff --git a/strr-host-pm-web/package.json b/strr-host-pm-web/package.json
index ed8810e25..bd5b31022 100644
--- a/strr-host-pm-web/package.json
+++ b/strr-host-pm-web/package.json
@@ -2,7 +2,7 @@
   "name": "strr-host-pm-web",
   "private": true,
   "type": "module",
-  "version": "0.0.3",
+  "version": "0.0.4",
   "scripts": {
     "build-check": "nuxt build",
     "build": "nuxt generate",
diff --git a/strr-platform-web/package.json b/strr-platform-web/package.json
index fd97b0f4d..fc5d5d038 100644
--- a/strr-platform-web/package.json
+++ b/strr-platform-web/package.json
@@ -2,7 +2,7 @@
   "name": "strr-platform-web",
   "private": true,
   "type": "module",
-  "version": "0.0.17",
+  "version": "0.0.18",
   "scripts": {
     "build-check": "nuxt build",
     "build": "nuxt generate",
diff --git a/strr-strata-web/package.json b/strr-strata-web/package.json
index fa893995d..b4365dbfe 100644
--- a/strr-strata-web/package.json
+++ b/strr-strata-web/package.json
@@ -2,7 +2,7 @@
   "name": "strr-strata-web",
   "private": true,
   "type": "module",
-  "version": "0.0.14",
+  "version": "0.0.15",
   "scripts": {
     "build-check": "nuxt build",
     "build": "nuxt generate",