ceph/src/pybind/mgr/dashboard/frontend/src/app/shared/services/change-password-guard.service.ts

   1 import { Injectable } from '@angular/core';
   2 import {
   3   ActivatedRouteSnapshot,
   4   CanActivate,
   5   CanActivateChild,
   6   Router,
   7   RouterStateSnapshot
   8 } from '@angular/router';
   9
  10 import { AuthStorageService } from './auth-storage.service';
  11
  12 /**
  13  * This service guard checks if a user must be redirected to a special
  14  * page at '/login-change-password' to set a new password.
  15  */
  16 @Injectable({
  17   providedIn: 'root'
  18 })
  19 export class ChangePasswordGuardService implements CanActivate, CanActivateChild {
  20   constructor(private router: Router, private authStorageService: AuthStorageService) {}
  21
  22   canActivate(_route: ActivatedRouteSnapshot, state: RouterStateSnapshot) {
  23     // Redirect to '/login-change-password' when the following constraints
  24     // are fulfilled:
  25     // - The user must be logged in.
  26     // - SSO must be disabled.
  27     // - The flag 'User must change password at next logon' must be set.
  28     if (
  29       this.authStorageService.isLoggedIn() &&
  30       !this.authStorageService.isSSO() &&
  31       this.authStorageService.getPwdUpdateRequired()
  32     ) {
  33       this.router.navigate(['/login-change-password'], { queryParams: { returnUrl: state.url } });
  34       return false;
  35     }
  36     return true;
  37   }
  38
  39   canActivateChild(childRoute: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean {
  40     return this.canActivate(childRoute, state);
  41   }
  42 }