Created auth interceptor for use with Angular's HttpClient (#11)

* Created auth interceptor for use with Angular's HttpClient

The implementation contains a workaround for passing additional context to the interceptor since Angualr doesn't currently support it.  Here is an issue describing the problem: angular/angular#18155

* Formatted imports/exports

* Removed unused parameter

* Added comment to code coverage suppression

* Created `SkyAuthHttpClientModule`

Author: Blackbaud-PaulCrowder

src/app/public/modules/auth-http-client/auth-http-client.module.ts

@@ -0,0 +1,30 @@
+//#region imports
+
+import {
+  NgModule
+} from '@angular/core';
+
+import {
+  HTTP_INTERCEPTORS,
+  HttpClientModule
+} from '@angular/common/http';
+
+import {
+  SkyAuthInterceptor
+} from './auth-interceptor';
+
+//#endregion
+
+@NgModule({
+  providers: [
+    {
+      provide: HTTP_INTERCEPTORS,
+      useClass: SkyAuthInterceptor,
+      multi: true
+    }
+  ],
+  exports: [
+    HttpClientModule
+  ]
+})
+export class SkyAuthHttpClientModule { }

src/app/public/modules/auth-http-client/auth-interceptor-params.ts

@@ -0,0 +1,2 @@
+export const SKY_AUTH_PARAM_AUTH = 'sky_auth';
+export const SKY_AUTH_PARAM_PERMISSION_SCOPE = 'sky_permissionScope';

src/app/public/modules/auth-http-client/auth-interceptor.spec.ts

@@ -0,0 +1,177 @@
+//#region imports
+
+import {
+  HttpEventType,
+  HttpHandler,
+  HttpParams,
+  HttpRequest,
+  HttpSentEvent
+} from '@angular/common/http';
+
+import {
+  Observable
+} from 'rxjs/Observable';
+
+import 'rxjs/add/observable/of';
+
+import {
+  SkyAuthInterceptor
+} from './auth-interceptor';
+
+import {
+  SKY_AUTH_PARAM_AUTH,
+  SKY_AUTH_PARAM_PERMISSION_SCOPE
+} from './auth-interceptor-params';
+
+//#endregion
+
+class MockHttpHandler extends HttpHandler {
+  public handle() {
+    return Observable.of({
+      type: HttpEventType.Sent
+    } as HttpSentEvent);
+  }
+}
+
+describe('Auth interceptor', () => {
+  let mockTokenProvider = {
+    getToken: () => Promise.resolve('abc')
+  };
+
+  function createInteceptor(envId?: string, leId?: string, url?: string) {
+    return new SkyAuthInterceptor(
+      mockTokenProvider,
+      {
+        runtime: {
+          params: {
+            get: (name: string) => {
+              switch (name) {
+                case 'envid':
+                  return envId;
+                case 'leid':
+                  return leId;
+                default:
+                  return undefined;
+              }
+            },
+            getUrl: () => url || 'https://example.com/get/'
+          }
+        } as any,
+        skyux: {}
+      });
+  }
+
+  function createRequest(params?: HttpParams) {
+    const request = new HttpRequest(
+      'GET',
+      'https://example.com/get/',
+      {
+        params: params
+      }
+    );
+
+    return request;
+  }
+
+  function validateAuthRequest(
+    next: MockHttpHandler,
+    done: DoneFn,
+    cb: (authRequest: HttpRequest<any>) => void
+  ) {
+    spyOn(next, 'handle').and.callFake(
+      (authRequest: HttpRequest<any>) => {
+        cb(authRequest);
+        done();
+        return Observable.of('');
+      }
+    );
+  }
+
+  function validateContext(
+    envId: string,
+    leId: string,
+    permissionScope: string,
+    expectedUrl: string,
+    done: DoneFn
+  ) {
+    const interceptor = createInteceptor(envId, leId, expectedUrl);
+
+    let params = new HttpParams().set(SKY_AUTH_PARAM_AUTH, 'true');
+
+    if (permissionScope) {
+      params = params.set(SKY_AUTH_PARAM_PERMISSION_SCOPE, permissionScope);
+    }
+
+    const request = createRequest(params);
+
+    const next = new MockHttpHandler();
+
+    const getTokenSpy = spyOn(mockTokenProvider, 'getToken').and.callThrough();
+
+    interceptor.intercept(request, next);
+
+    validateAuthRequest(next, done, (authRequest) => {
+      expect(authRequest.url).toBe(expectedUrl);
+    });
+
+    interceptor.intercept(request, next).subscribe(() => {});
+
+    const expectedTokenArgs: any = {};
+
+    if (envId) {
+      expectedTokenArgs.envId = envId;
+    }
+
+    if (leId) {
+      expectedTokenArgs.leId = leId;
+    }
+
+    expect(getTokenSpy).toHaveBeenCalledWith(
+      jasmine.objectContaining(expectedTokenArgs)
+    );
+  }
+
+  it('should pass through the existing request when not an auth request', () => {
+    const interceptor = createInteceptor();
+
+    const request = createRequest();
+
+    const next = new MockHttpHandler();
+
+    const handleSpy = spyOn(next, 'handle');
+
+    interceptor.intercept(request, next);
+
+    expect(handleSpy).toHaveBeenCalledWith(request);
+  });
+
+  it('should add a token to the request if the sky_auth parameter is set', (done) => {
+    const interceptor = createInteceptor();
+
+    const request = createRequest(
+      new HttpParams()
+        .set(SKY_AUTH_PARAM_AUTH, 'true')
+    );
+
+    const next = new MockHttpHandler();
+
+    validateAuthRequest(next, done, (authRequest) => {
+      expect(authRequest.headers.get('Authorization')).toBe('Bearer abc');
+    });
+
+    interceptor.intercept(request, next).subscribe(() => {});
+  });
+
+  it('should add a permission scope to the token request if specified', (done) => {
+    validateContext(undefined, undefined, '123', 'https://example.com/get/', done);
+  });
+
+  it('should apply the appropriate environment context', (done) => {
+    validateContext('abc', undefined, undefined, 'https://example.com/get/?envid=abc', done);
+  });
+
+  it('should apply the appropriate legal entity context', (done) => {
+    validateContext(undefined, 'abc', undefined, 'https://example.com/get/?leid=abc', done);
+  });
+
+});

src/app/public/modules/auth-http-client/auth-interceptor.ts

@@ -0,0 +1,122 @@
+//#region imports
+
+import {
+  Injectable
+} from '@angular/core';
+
+import {
+  HttpEvent,
+  HttpHandler,
+  HttpInterceptor,
+  HttpRequest
+} from '@angular/common/http';
+
+import {
+  Observable
+} from 'rxjs/Observable';
+
+import 'rxjs/add/observable/fromPromise';
+import 'rxjs/add/operator/switchMap';
+
+import {
+  SkyAppConfig
+} from '@skyux/config';
+
+import {
+  SkyAuthTokenProvider
+} from '../auth-http/auth-token-provider';
+
+import {
+  SKY_AUTH_PARAM_AUTH,
+  SKY_AUTH_PARAM_PERMISSION_SCOPE
+} from './auth-interceptor-params';
+
+//#endregion
+
+function removeSkyParams(request: HttpRequest<any>): HttpRequest<any> {
+  // The if statement here is just a sanity check; it appears that by the time
+  // this interceptor is called, the params property is always defined, even if
+  // it's not provided when the HTTP request is created.
+  /* istanbul ignore else */
+  if (request.params) {
+    request = request.clone(
+      {
+        params: request.params
+          .delete(SKY_AUTH_PARAM_AUTH)
+          .delete(SKY_AUTH_PARAM_PERMISSION_SCOPE)
+      }
+    );
+  }
+
+  return request;
+}
+
+@Injectable()
+export class SkyAuthInterceptor implements HttpInterceptor {
+  constructor(
+    private tokenProvider: SkyAuthTokenProvider,
+    private config: SkyAppConfig
+  ) { }
+
+  public intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
+    let auth: boolean;
+    let permissionScope: string;
+
+    const params = request.params;
+
+    if (
+      params &&
+      (
+        params.has(SKY_AUTH_PARAM_AUTH) ||
+        params.has(SKY_AUTH_PARAM_PERMISSION_SCOPE)
+      )
+    ) {
+      auth = params.get(SKY_AUTH_PARAM_AUTH) === 'true';
+      permissionScope = params.get(SKY_AUTH_PARAM_PERMISSION_SCOPE);
+
+      request = removeSkyParams(request);
+    }
+
+    if (auth) {
+      const leId = this.getLeId();
+      const envId = this.getEnvId();
+      const tokenArgs: any = {};
+
+      if (permissionScope) {
+        tokenArgs.permissionScope = permissionScope;
+      }
+
+      if (envId) {
+        tokenArgs.envId = envId;
+      }
+
+      if (leId) {
+        tokenArgs.leId = leId;
+      }
+
+      return Observable
+        .fromPromise(this.tokenProvider.getToken(tokenArgs))
+        .switchMap((token) => {
+          let authRequest = request.clone({
+            setHeaders: {
+              Authorization: `Bearer ${token}`
+            },
+            url: this.config.runtime.params.getUrl(request.url)
+          });
+
+          return next.handle(authRequest);
+        });
+    }
+
+    return next.handle(request);
+  }
+
+  private getEnvId(): string {
+    return this.config.runtime.params.get('envid');
+  }
+
+  private getLeId(): string {
+    return this.config.runtime.params.get('leid');
+  }
+
+}

src/app/public/modules/auth-http-client/auth-options.spec.ts

@@ -0,0 +1,40 @@
+//#region imports
+
+import {
+  HttpParams
+} from '@angular/common/http';
+
+import {
+  skyAuthHttpOptions
+} from './auth-options';
+
+//#endregion
+
+describe('Auth options', () => {
+
+  it('should add an auth parameter to the resulting options object', () => {
+    const options = skyAuthHttpOptions();
+
+    expect(options.params.get('sky_auth')).toBe('true');
+  });
+
+  it('should add a permission scope parameter and remove it from the options', () => {
+    const options = skyAuthHttpOptions({
+      permissionScope: 'abc'
+    });
+
+    expect(options.params.get('sky_permissionScope')).toBe('abc');
+
+    expect('permissionScope' in options).toBe(false);
+  });
+
+  it('should preserve existing parameters', () => {
+    const options = skyAuthHttpOptions({
+      params: new HttpParams()
+        .set('abc', '123')
+    });
+
+    expect(options.params.get('abc')).toBe('123');
+  });
+
+});