An authentication and authorization helper service for Angular client applications.
- AngularJS - http://angularjs.org
- Lodash - http://lodash.com
Add this module to your app as a dependency:
var app = angular.module('yourApp', ['authentication.service']);Inject $authentication as a parameter in declarations that require it:
app.controller('yourController', function($scope, $authentication){ ... });To override the default configuration options, configure the module with an options argument during application configuration and provide overrides for any of the following options.
app.config(['$authenticationProvider', function ($authenticationProvider) { $authenticationProvider.configure({ authCookieKey: undefined, storageService: undefined, profileStorageKey: '$authentication.user.profile', lastAttemptedUrlStorageKey: '$authentication.last-attempted-url', onLoginRedirectUrl: '/', onLogoutRedirectUrl: '/', notAuthorizedRedirectUrl: '/', notAuthenticatedRedirectUrl: '/', trackLastAttemptedUrl: true, userRolesProperty: 'roles', extensions: undefined, expirationProperty: undefined, events: { loginConfirmed: 'event:auth-loginConfirmed', loginRequired: 'event:auth-loginRequired', logoutConfirmed: 'event:auth-logoutConfirmed', notAuthenticated: 'event:auth-notAuthenticated', notAuthorized: 'event:auth-notAuthorized' }, rolesFunction: function (userProfile) { if (_.has(userProfile, this.userRolesProperty)) { var roles = userProfile[this.userRolesProperty]; return _.isArray(roles) ? roles : [roles]; } return []; }, validationFunction: function (userRoles, allowedRoles) { return !_.isEmpty(userRoles) && !_.isEmpty(allowedRoles) && (_.find(allowedRoles, function (role) { return _.includes(userRoles, role); }) !== undefined); }, reauthentication: { fn: function () {}, timeout: 1200000, timer: undefined } }); }]);All properties (own and inherited) of the extensions object will be available as native to the $authentication service API. The extensions object is applied using the _.defaults(...) method and cannot overwrite any of the existing API properties. This is intended to provide implementors with a way to add objects or functions that are application specific and should fall within the context of the authentication service to expose, e.g., functions to check if a profile has specific roles.
If you do not provide a storage service then a simple, in-memory dictionary will be used.
You can provide any storage service or object that supports the following API:
any get(key)boolean has(key)void remove(key)void set(key, value)
To configure a storage service for the authentication provider you provide the service name:
app.config(['$authenticationProvider', function ($authenticationProvider) { $authenticationProvider.configure({ storageService: '$store' }); }]);or an object that provides the expected functionality:
app.config(['$authenticationProvider', function ($authenticationProvider) { $authenticationProvider.configure({ storageService: new CustomStorageService() }); }]);The ng-authentication-service was designed in tandem with the ng-local-storage-service.
// Returns true if there is a user profile loaded in local storage, false otherwise. $authentication.isAuthenticated();// Returns true if the authCookieKey is defined and no auth cookie is present, false otherwise. $authentication.isAuthCookieMissing();// Returns true if there is a user profile and it has an expiration value in the past, false otherwise. $authentication.isProfileExpired();// Store the profile (data) in local storage, notify all listeners of login, and redirect to: // 1. lastAttemptedUrl if defined and trackLastAttemptedUrl is true // 2. onLoginRedirectUrl if defined // 3. do not redirect $authentication.loginConfirmed({ ... });Broadcast via: event:auth-loginConfirmed with the data parameter as an argument.
// Check whether a user is logged in and broadcast the auth-loginConfirmed event, if so. $authentication.checkAndBroadcastLoginConfirmed();// Notify all listeners that authentication is required. $authentication.loginRequired();Broadcast via: event:auth-loginRequired.
// Remove any existing profile from local storage, notify all listeners of logout, and redirect to: // 1. do not redirect if @doNotRedirect === true // 2. lastAttemptedUrl if defined and trackLastAttemptedUrl is true // 3. onLogoutRedirectUrl if defined // 4. do not redirect $authentication.logoutConfirmed();Broadcast via: event:auth-logoutConfirmed.
// Return true if the user is unauthenticated, false otherwise. $authentication.allowed('anonymous'); // Return true if the user is authenticated, false otherwise. $authenticated.allowed('all'); // Return true if the configured validationFunction returns true, false otherwise. $authenticated.allowed('role1', 'role2', ...); // will flatten provided arrays that are any depth in the arguments list $authentication.allowed('X', ['Y', 'Z'], [['A']]) === $authentication.allowed('X', 'Y', 'Z', 'A')// Get or set the current user profile from local storage. // If data is provided then it overwrites the existing user profile before returning it. $authentication.profile(data);// Return the current collection of roles of the user profile from local storage if it exists. $authentication.roles();// Return true if the current user profile is in all of the specified roles, false otherwise. $authentication.isInAllRoles('role1', 'role2', ...); // will flatten provided arrays that are any depth in the arguments list $authentication.isInAllRoles('X', ['Y', 'Z'], [['A']]) === $authentication.isInAllRoles('X', 'Y', 'Z', 'A')// Return true if the current user profile is in at least one of the specified roles, false otherwise. $authentication.isInAnyRoles('role1', 'role2', ...); // will flatten provided arrays that are any depth in the arguments list $authentication.isInAnyRoles('X', ['Y', 'Z'], [['A']]) === $authentication.isInAnyRoles('X', 'Y', 'Z', 'A')// Determine if the current user profile is allowed and redirect to either notAuthorizedRedirectUrl or notAuthenticatedRedirectUrl if not. $authentication.permit('role1', 'role2', ...); // will flatten provided arrays that are any depth in the arguments list $authentication.permit('X', ['Y', 'Z'], [['A']]) === $authentication.permit('X', 'Y', 'Z', 'A')// Return the configuration object. $authentication.getConfiguration();// Return the last attempted url value, or fallback if value is undefined or tracking is disabled,. $authentication.getLastAttemptedUrl();// Set and return the last attempted url value. $authentication.setLastAttemptedUrl();// Returns the configured storage service. $authentication.store();// Enable re-authentication via the configured reauthentication.fn at reauthentication.timeout intervals. $authentication.reauthenticate();// Sets the provided function handler as a listener to the event: 'event:auth-loginConfirmed'. // The event data is the data provided to the loginConfirmed call that triggered this event. $authentication.$onLoginConfirmed(function (event, data) { ... });// Sets the provided function handler as a listener to the event: 'event:auth-loginRequired'. $authentication.$onLoginRequired(function (event) { ... });// Sets the provided function handler as a listener to the event: 'event:auth-logoutConfirmed'. $authentication.$onLogoutConfirmed(function (event) { ... });// Sets the provided function handler as a listener to the event: 'event:auth-notAuthenticated'. // The event data is the array of arguments provided to the permit call that triggered this event. $authentication.$onNotAuthenticated(function (event, data) { ... });// Sets the provided function handler as a listener to the event: 'event:auth-notAuthorized'. // The event data is the array of arguments provided to the permit call that triggered this event. $authentication.$onNotAuthorized(function (event, data) { ... });After forking you should only have to run npm install from a command line to get your environment setup.
After install you have two gulp commands available to you:
gulp js:lintgulp js:test