Login process improvements

Author: Brijesh

src/actionCreators/index.js

@@ -86,8 +86,6 @@ export const resetTimeoutForReAuth = (reauthenticate) => (dispatch, getState) =>
 export const signOut = () => (dispatch) => {
   // clear the local storage in the browser
   localStorage.clear();
-  document.cookie =
-    'SMSESSION=; path=/; domain=.gov.bc.ca; expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; SameSite=None';
   dispatch(actions.removeAuthDataAndUser());
 };
 

src/components/ReturnPage.js

@@ -1,9 +1,9 @@
 import React, { Component } from 'react';
 import PropTypes from 'prop-types';
 import { parseQuery, getTokenFromSSO, saveAuthDataInLocal, getDataFromLocalStorage } from '../utils';
-import { SSO_LOGOUT_ENDPOINT } from '../constants/api';
 import { REDIRECTING } from '../constants/strings';
 import { LOCAL_STORAGE_KEY, RETURN_PAGE_TYPE } from '../constants/variables';
+import { SSO_LOGOUT_ENDPOINT } from '../constants/api';
 
 class ReturnPage extends Component {
   static propTypes = {
@@ -18,8 +18,8 @@ class ReturnPage extends Component {
     switch (type) {
       case RETURN_PAGE_TYPE.LOGIN:
         if (code) {
-          const { codeVerifier, codeVerifierHash } = getDataFromLocalStorage(LOCAL_STORAGE_KEY.AUTH_PKCE_CODE);
-          if (!codeVerifier || !codeVerifierHash) {
+          const pkce = getDataFromLocalStorage(LOCAL_STORAGE_KEY.AUTH_PKCE_CODE);
+          if (!pkce?.codeVerifier || !pkce?.codeVerifierHash) {
             // we cannot proceed without the pkce challenge code
             window.close();
           } else {

src/components/loginPage/SignInButtons.js

@@ -1,72 +1,60 @@
 import React, { Component, Fragment } from 'react';
 import { PrimaryButton } from '../common';
 import { ELEMENT_ID, LOCAL_STORAGE_KEY } from '../../constants/variables';
-import { SSO_LOGIN_ENDPOINT, SSO_BCEID_LOGIN_ENDPOINT } from '../../constants/api';
-import { saveDataInLocalStorage } from '../../utils';
-import { encode as base64encode } from 'base64-arraybuffer';
+import { SSO_BCEID_LOGIN_ENDPOINT, SSO_IDIR_LOGIN_ENDPOINT } from '../../constants/api';
+import { getDataFromLocalStorage, saveDataInLocalStorage } from '../../utils';
+import { generatePKCE } from '../../utils/pkceUtils';
 
 class SignInButtons extends Component {
   openNewTab = (link) => window.open(link, '_blank');
-  onSigninBtnClick = () => {
-    this.openNewTab(SSO_LOGIN_ENDPOINT.replace('_CODE_CHALLENGE_VALUE_', this.state.codeVerifierHash));
-  };
-  onBceidSigninBtnClick = () => {
-    this.openNewTab(SSO_BCEID_LOGIN_ENDPOINT.replace('_CODE_CHALLENGE_VALUE_', this.state.codeVerifierHash));
-  };
-
-  constructor() {
-    super();
-    this.state = {
-      codeVerifier: null,
-      codeVerifierHash: null,
-      hashComputed: false,
-    };
-  }
 
-  componentDidMount() {
-    // generate and save new ones, and update the state
-    let codeVerifier = '';
-
-    const VALID_CHARS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
-    for (let i = 0; i < 128; i++) {
-      codeVerifier += VALID_CHARS.charAt(Math.floor(Math.random() * VALID_CHARS.length));
+  onSignInButtonClick = () => {
+    let loginEndpoint = SSO_BCEID_LOGIN_ENDPOINT.replace(
+      '_CODE_CHALLENGE_VALUE_',
+      getDataFromLocalStorage(LOCAL_STORAGE_KEY.AUTH_PKCE_CODE).codeVerifierHash,
+    );
+    if (getDataFromLocalStorage(LOCAL_STORAGE_KEY.USER)?.ssoId?.startsWith('idir')) {
+      loginEndpoint = SSO_IDIR_LOGIN_ENDPOINT.replace(
+        '_CODE_CHALLENGE_VALUE_',
+        getDataFromLocalStorage(LOCAL_STORAGE_KEY.AUTH_PKCE_CODE).codeVerifierHash,
+      );
     }
+    this.openNewTab(loginEndpoint);
+  };
 
-    const encoder = new TextEncoder();
-    const data = encoder.encode(codeVerifier);
-    crypto.subtle.digest('SHA-256', data).then((hash) => {
-      // hash complete
-
-      const encodedHash = base64encode(hash).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-
-      this.setState({
-        ...this.state,
-        codeVerifier: codeVerifier,
-        codeVerifierHash: encodedHash,
-        hashComputed: true,
-      });
-
+  componentDidMount() {
+    generatePKCE().then((pkce) => {
       saveDataInLocalStorage(LOCAL_STORAGE_KEY.AUTH_PKCE_CODE, {
-        codeVerifier: codeVerifier,
-        codeVerifierHash: encodedHash,
+        codeVerifier: pkce.codeVerifier,
+        codeVerifierHash: pkce.codeVerifierHash,
       });
     });
   }
 
   render() {
-    if (!this.state.hashComputed) {
-      return <Fragment>...</Fragment>;
+    if (getDataFromLocalStorage(LOCAL_STORAGE_KEY.USER)?.ssoId?.startsWith('idir')) {
+      return (
+        <Fragment>
+          <PrimaryButton
+            id={ELEMENT_ID.LOGIN_IDIR_BUTTON}
+            className="signin__button"
+            fluid
+            style={{ height: '45px', marginTop: '15px', marginRight: '0' }}
+            onClick={this.onSignInButtonClick}
+            content="Login using IDIR"
+          />
+        </Fragment>
+      );
     }
-
     return (
       <Fragment>
         <PrimaryButton
           id={ELEMENT_ID.LOGIN_BCEID_BUTTON}
           className="signin__button"
           fluid
           style={{ height: '45px', marginTop: '15px', marginRight: '0' }}
-          onClick={this.onBceidSigninBtnClick}
-          content="Login"
+          onClick={this.onSignInButtonClick}
+          content="Login using BCeID"
         />
       </Fragment>
     );

src/components/loginPage/index.js

@@ -4,11 +4,13 @@ import { connect } from 'react-redux';
 import { Icon } from 'semantic-ui-react';
 import { IMAGE_SRC, LOCAL_STORAGE_KEY } from '../../constants/variables';
 import { LOGIN_TITLE, APP_NAME } from '../../constants/strings';
-import { detectIE, isTokenExpired, getDataFromLocalStorage } from '../../utils';
+import { detectIE, isTokenExpired, getDataFromLocalStorage, saveDataInLocalStorage } from '../../utils';
 import { fetchUser } from '../../actionCreators';
 import { Footer, PrimaryButton } from '../common';
 import SignInBox from './SignInBox';
 import BrowserWarningHeader from './BrowserWarningHeader';
+import { SSO_IDIR_LOGIN_ENDPOINT } from '../../constants/api';
+import { generatePKCE } from '../../utils/pkceUtils';
 
 export class LoginPage extends Component {
   static propTypes = {
@@ -26,8 +28,24 @@ export class LoginPage extends Component {
       // try to fetch the user from the server
       this.props.fetchUser();
     }
+    generatePKCE().then((pkce) => {
+      saveDataInLocalStorage(LOCAL_STORAGE_KEY.AUTH_PKCE_CODE, {
+        codeVerifier: pkce.codeVerifier,
+        codeVerifierHash: pkce.codeVerifierHash,
+      });
+    });
   }
 
+  staffLoginBtnClicked = () => {
+    window.open(
+      SSO_IDIR_LOGIN_ENDPOINT.replace(
+        '_CODE_CHALLENGE_VALUE_',
+        getDataFromLocalStorage(LOCAL_STORAGE_KEY.AUTH_PKCE_CODE).codeVerifierHash,
+      ),
+      '_blank',
+    );
+  };
+
   registerBtnClicked = () => {
     window.open('https://www.bceid.ca/register/', '_blank');
   };
@@ -42,7 +60,19 @@ export class LoginPage extends Component {
         <article className="login__header">
           <div className="container">
             <div className="login__header__content">
-              <img className="login__header__logo" src={IMAGE_SRC.MYRANGEBC_LOGO} alt="Logo" />
+              <img
+                className="login__header__logo"
+                style={{ textAlign: 'center' }}
+                src={IMAGE_SRC.MYRANGEBC_LOGO}
+                alt="Logo"
+              />
+              <div className="login__header__button__container">
+                <PrimaryButton
+                  className="login__header__signin__button"
+                  content="Staff Login"
+                  onClick={this.staffLoginBtnClicked}
+                />
+              </div>
             </div>
           </div>
         </article>

src/constants/api.js

@@ -24,7 +24,7 @@ const DEV_API_BASE_URL = process.env.REACT_APP_API_URL || 'https://myrangebc-dev
 const DEV = {
   // eslint-disable-line no-unused-vars
   SSO_BASE_URL: 'https://dev.loginproxy.gov.bc.ca',
-  SITEMINDER_BASE_URL: 'https://logontest.gov.bc.ca',
+  SITEMINDER_BASE_URL: 'https://logontest7.gov.bc.ca',
   API_BASE_URL: DEV_API_BASE_URL,
 };
 
@@ -42,15 +42,21 @@ export const SSO_BASE_AUTH_ENDPOINT = `${SSO_BASE_URL}/auth/realms/${SSO_REALM_N
 export const SSO_LOGIN_REDIRECT_URI = `${window.location.origin}/return-page?type=${RETURN_PAGE_TYPE.LOGIN}`;
 export const SSO_LOGIN_ENDPOINT = `${SSO_BASE_AUTH_ENDPOINT}/auth?response_type=code&client_id=${SSO_CLIENT_ID}&redirect_uri=${SSO_LOGIN_REDIRECT_URI}&code_challenge_method=S256&code_challenge=_CODE_CHALLENGE_VALUE_`;
 export const SSO_IDIR_LOGIN_ENDPOINT = `${SSO_LOGIN_ENDPOINT}&kc_idp_hint=idir`;
-export const SSO_BCEID_LOGIN_ENDPOINT = `${SSO_LOGIN_ENDPOINT}&kc_idp_hint=bceid`;
+export const SSO_BCEID_LOGIN_ENDPOINT = `${SSO_LOGIN_ENDPOINT}&kc_idp_hint=bceidboth`;
 
 export const SSO_LOGOUT_REDIRECT_URI = `${window.location.origin}/return-page?type=${RETURN_PAGE_TYPE.LOGOUT}`;
-export const SSO_LOGOUT_ENDPOINT = `${SSO_BASE_AUTH_ENDPOINT}/logout?redirect_uri=${SSO_LOGOUT_REDIRECT_URI}`;
+export const SSO_LOGOUT_ENDPOINT =
+  `${SSO_BASE_AUTH_ENDPOINT}/logout?post_logout_redirect_uri=` +
+  encodeURIComponent(SSO_LOGOUT_REDIRECT_URI) +
+  `&client_id=${SSO_CLIENT_ID}`;
 
 export const SITEMINDER_BASE_URL = isBundled ? '{{env "SITEMINDER_BASE_URL"}}' : DEV_ENV.SITEMINDER_BASE_URL;
 
 export const SITEMINDER_LOGOUT_REDIRECT_URI = `${window.location.origin}/return-page?type=${RETURN_PAGE_TYPE.SITEMINDER_LOGOUT}`;
-export const SITEMINDER_LOGOUT_ENDPOINT = `${SITEMINDER_BASE_URL}/clp-cgi/logoff.cgi?returl=${SITEMINDER_LOGOUT_REDIRECT_URI}&retnow=1`;
+export const SITEMINDER_LOGOUT_ENDPOINT =
+  `${SITEMINDER_BASE_URL}/clp-cgi/logoff.cgi?returl=` +
+  encodeURIComponent(SITEMINDER_LOGOUT_REDIRECT_URI) +
+  `&retnow=1`;
 
 export const GET_TOKEN_FROM_SSO = `/auth/realms/${SSO_REALM_NAME}/protocol/openid-connect/token`;
 export const REFRESH_TOKEN_FROM_SSO = `/auth/realms/${SSO_REALM_NAME}/protocol/openid-connect/token`;