diff options
Diffstat (limited to 'src/pybind/mgr/dashboard/frontend/src/app/shared/services/change-password-guard.service.ts')
-rw-r--r-- | src/pybind/mgr/dashboard/frontend/src/app/shared/services/change-password-guard.service.ts | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/change-password-guard.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/change-password-guard.service.ts new file mode 100644 index 000000000..d97160f92 --- /dev/null +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/change-password-guard.service.ts @@ -0,0 +1,42 @@ +import { Injectable } from '@angular/core'; +import { + ActivatedRouteSnapshot, + CanActivate, + CanActivateChild, + Router, + RouterStateSnapshot +} from '@angular/router'; + +import { AuthStorageService } from './auth-storage.service'; + +/** + * This service guard checks if a user must be redirected to a special + * page at '/login-change-password' to set a new password. + */ +@Injectable({ + providedIn: 'root' +}) +export class ChangePasswordGuardService implements CanActivate, CanActivateChild { + constructor(private router: Router, private authStorageService: AuthStorageService) {} + + canActivate(_route: ActivatedRouteSnapshot, state: RouterStateSnapshot) { + // Redirect to '/login-change-password' when the following constraints + // are fulfilled: + // - The user must be logged in. + // - SSO must be disabled. + // - The flag 'User must change password at next logon' must be set. + if ( + this.authStorageService.isLoggedIn() && + !this.authStorageService.isSSO() && + this.authStorageService.getPwdUpdateRequired() + ) { + this.router.navigate(['/login-change-password'], { queryParams: { returnUrl: state.url } }); + return false; + } + return true; + } + + canActivateChild(childRoute: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean { + return this.canActivate(childRoute, state); + } +} |