Merge pull request #420 from ameerul-deriv/FEWP-366-migrate-p2p-standalone-to-oidc

Ameerul / FEWP-366 Migrate P2P standalone to OIDC

Author: amam-deriv

.github/workflows/build-and-deploy-test.yml

@@ -44,7 +44,7 @@ jobs:
 
             - name: Get cached dependencies
               id: cache-npm
-              uses: actions/cache/restore@e12d46a63a90f2fae62d114769bbf2a179198b5c
+              uses: actions/cache@v3
               with:
                   path: node_modules
                   key: npm-${{ hashFiles('./package-lock.json') }}

package-lock.json

@@ -20,7 +20,7 @@
         "@datadog/browser-rum": "^5.11.0",
         "@deriv-com/analytics": "^1.27.0",
         "@deriv-com/api-hooks": "^1.7.1",
-        "@deriv-com/auth-client": "1.0.27",
+        "@deriv-com/auth-client": "1.4.3",
         "@deriv-com/translations": "^1.3.9",
         "@deriv-com/ui": "^1.35.6",
         "@deriv-com/utils": "^0.0.39",

package.json

@@ -0,0 +1,20 @@
+<!doctype html>
+<html>
+    <head>
+        <title>Deriv</title>
+        <meta charset="utf-8" />
+        <script>
+            try {
+                // we check if we can access the top.location, if we can't it will throw an error
+                // and this means this front-channel is not rendered on the same window as the application which is logging out
+                let isSameOrigin = top.location.hostname === self.location.hostname;
+            } catch (err) {
+                localStorage.removeItem('client.accounts');
+                localStorage.removeItem('active_loginid');
+                localStorage.removeItem('authToken');
+            }
+        </script>
+    </head>
+
+    <body></body>
+</html>

public/front-channel.html

@@ -10,6 +10,7 @@ import { Loader, useDevice } from '@deriv-com/ui';
 import { URLConstants } from '@deriv-com/utils';
 import useGrowthbookGetFeatureValue from './hooks/custom-hooks/useGrowthbookGetFeatureValue';
 import useOAuth2Enabled from './hooks/custom-hooks/useOAuth2Enabled';
+import { getCurrentRoute } from './utils';
 
 const { VITE_CROWDIN_BRANCH_NAME, VITE_PROJECT_NAME, VITE_TRANSLATIONS_CDN_URL } = process.env;
 const i18nInstance = initializeI18n({
@@ -26,19 +27,22 @@ const App = () => {
     const { initialise: initDatadog } = useDatadog();
     const { isDesktop } = useDevice();
     const { initialise: initDerivAnalytics } = useDerivAnalytics();
+    const isCallbackPage = getCurrentRoute() === 'callback';
 
     initTrackJS();
     initDerivAnalytics();
     initDatadog();
-    onRenderAuthCheck();
 
     useEffect(() => {
         if (isGBLoaded && ShouldRedirectToDerivApp) {
             const NODE_ENV = process.env.VITE_NODE_ENV;
             const APP_URL = NODE_ENV === 'production' ? URLConstants.derivAppProduction : URLConstants.derivAppStaging;
             window.location.href = `${APP_URL}/cashier/p2p`;
+        } else if (isGBLoaded) {
+            onRenderAuthCheck();
         }
-    }, [isGBLoaded, ShouldRedirectToDerivApp]);
+    }, [isGBLoaded, ShouldRedirectToDerivApp, onRenderAuthCheck]);
+
     return (
         <BrowserRouter>
             <ErrorBoundary>
@@ -52,9 +56,9 @@ const App = () => {
                             }
                         >
                             {!isOAuth2Enabled && <DerivIframe />}
-                            <AppHeader />
+                            {!isCallbackPage && <AppHeader />}
                             <AppContent />
-                            {isDesktop && <AppFooter />}
+                            {isDesktop && !isCallbackPage && <AppFooter />}
                         </Suspense>
                     </TranslationProvider>
                 </QueryParamProvider>

src/App.tsx

@@ -4,6 +4,7 @@ import { api, useGrowthbookGetFeatureValue, useOAuth } from '@/hooks';
 import { Chat, getCurrentRoute } from '@/utils';
 import { StandaloneCircleUserRegularIcon } from '@deriv/quill-icons';
 import { useAuthData } from '@deriv-com/api-hooks';
+import { requestOidcAuthentication } from '@deriv-com/auth-client';
 import { useTranslations } from '@deriv-com/translations';
 import { Button, Header, Text, Tooltip, useDevice, Wrapper } from '@deriv-com/ui';
 import { LocalStorageUtils } from '@deriv-com/utils';
@@ -29,7 +30,7 @@ const AppHeader = () => {
     useEffect(() => {
         document.documentElement.dir = instance.dir((currentLang || 'en').toLowerCase());
     }, [currentLang, instance]);
-    const { oAuthLogout } = useOAuth();
+    const { isOAuth2Enabled, oAuthLogout } = useOAuth();
     const [isNotificationServiceEnabled] = useGrowthbookGetFeatureValue({
         featureFlag: 'new_notifications_service_enabled',
     });
@@ -75,7 +76,15 @@ const AppHeader = () => {
             <Button
                 className='w-36'
                 color='primary-light'
-                onClick={() => window.open(oauthUrl, '_self')}
+                onClick={async () => {
+                    if (isOAuth2Enabled) {
+                        await requestOidcAuthentication({
+                            redirectCallbackUri: `${window.location.origin}/callback`,
+                        });
+                    } else {
+                        window.open(oauthUrl, '_self');
+                    }
+                }}
                 variant='ghost'
             >
                 <Text weight='bold'>{localize('Log in')}</Text>

src/components/AppHeader/AppHeader.tsx

@@ -92,6 +92,21 @@ jest.mock('@/hooks', () => ({
     },
 }));
 
+jest.mock('@deriv-com/auth-client', () => ({
+    OAuth2Logout: jest.fn(({ WSLogoutAndRedirect }) => {
+        const mockIframe = document.createElement('iframe');
+        mockIframe.id = 'logout-iframe';
+        document.body.appendChild(mockIframe);
+        setTimeout(() => {
+            const event = new MessageEvent('message', { data: 'logout_complete' });
+            window.dispatchEvent(event);
+        }, 100);
+        WSLogoutAndRedirect();
+    }),
+    useIsOAuth2Enabled: jest.fn().mockReturnValue(false),
+    useOAuth2: jest.fn().mockReturnValue({ isOAuth2Enabled: false }),
+}));
+
 describe('<AppHeader/>', () => {
     window.open = jest.fn();
 
@@ -134,7 +149,7 @@ describe('<AppHeader/>', () => {
         });
 
         Object.defineProperty(document, 'domain', {
-            value: 'example.com',
+            value: 'example.com/endpoint',
             writable: true,
         });
 

src/components/AppHeader/__tests__/AppHeader.spec.tsx

@@ -2,11 +2,18 @@ import { useCallback } from 'react';
 import Cookies from 'js-cookie';
 import { getOauthUrl } from '@/constants';
 import { getCurrentRoute, removeCookies } from '@/utils';
+import { isSafariBrowser } from '@/utils/browser';
 import { useAuthData } from '@deriv-com/api-hooks';
-import { TOAuth2EnabledAppList, useOAuth2 } from '@deriv-com/auth-client';
+import {
+    OAuth2Logout,
+    requestOidcAuthentication,
+    TOAuth2EnabledAppList,
+    useIsOAuth2Enabled,
+} from '@deriv-com/auth-client';
 import useGrowthbookGetFeatureValue from './useGrowthbookGetFeatureValue';
 
 type UseOAuthReturn = {
+    isOAuth2Enabled: boolean;
     oAuthLogout: () => void;
     onRenderAuthCheck: () => void;
 };
@@ -20,29 +27,51 @@ const useOAuth = (): UseOAuthReturn => {
         featureFlag: 'hydra_be',
     }) as unknown as [TOAuth2EnabledAppList, boolean];
 
-    const oAuthGrowthbookConfig = {
-        OAuth2EnabledApps,
-        OAuth2EnabledAppsInitialised,
-    };
+    const isOAuth2Enabled = useIsOAuth2Enabled(OAuth2EnabledApps, OAuth2EnabledAppsInitialised);
 
     const { logout } = useAuthData();
     const { error, isAuthorized, isAuthorizing } = useAuthData();
     const isEndpointPage = getCurrentRoute() === 'endpoint';
+    const isCallbackPage = getCurrentRoute() === 'callback';
     const isRedirectPage = getCurrentRoute() === 'redirect';
     const oauthUrl = getOauthUrl();
     const authTokenLocalStorage = localStorage.getItem('authToken');
 
     const WSLogoutAndRedirect = async () => {
         await logout();
         removeCookies('affiliate_token', 'affiliate_tracking', 'utm_data', 'onfido_token', 'gclid');
-        window.open(oauthUrl, '_self');
+        if (!isOAuth2Enabled) {
+            window.open(oauthUrl, '_self');
+        }
     };
-    const { OAuth2Logout: oAuthLogout } = useOAuth2(oAuthGrowthbookConfig, WSLogoutAndRedirect);
+    const handleLogout = async () => {
+        await OAuth2Logout({
+            postLogoutRedirectUri: window.location.origin,
+            redirectCallbackUri: `${window.location.origin}/callback`,
+            WSLogoutAndRedirect,
+        });
+    };
+
+    const redirectToAuth = async () => {
+        if (isOAuth2Enabled) {
+            await requestOidcAuthentication({
+                redirectCallbackUri: `${window.location.origin}/callback`,
+            });
+        } else {
+            window.open(oauthUrl, '_self');
+        }
+    };
+
+    const hasAuthToken = localStorage.getItem('authToken');
+    const loggedState = Cookies.get('logged_state');
 
-    const onRenderAuthCheck = useCallback(() => {
-        if (!isEndpointPage) {
-            if (error?.code === 'InvalidToken') {
-                oAuthLogout();
+    const onRenderAuthCheck = useCallback(async () => {
+        if (!isEndpointPage && !isCallbackPage) {
+            // NOTE: we only do single logout using logged_state cookie checks only in Safari
+            // because front channels do not work in Safari, front channels (front-channel.html) would already help us automatically log out
+            const shouldSingleLogoutWithLoggedState = hasAuthToken && loggedState === 'false' && isSafariBrowser();
+            if ((shouldSingleLogoutWithLoggedState && isOAuth2Enabled) || error?.code === 'InvalidToken') {
+                await handleLogout();
             } else if (isRedirectPage) {
                 const params = new URLSearchParams(location.search);
                 const from = params.get('from');
@@ -55,21 +84,24 @@ const useOAuth = (): UseOAuthReturn => {
                     window.location.href = window.location.origin;
                 }
             } else if (!isAuthorized && !isAuthorizing && !authTokenLocalStorage) {
-                window.open(oauthUrl, '_self');
+                await redirectToAuth();
             }
         }
+        // eslint-disable-next-line react-hooks/exhaustive-deps
     }, [
         isEndpointPage,
+        isCallbackPage,
+        hasAuthToken,
+        loggedState,
+        isOAuth2Enabled,
         error?.code,
         isRedirectPage,
         isAuthorized,
         isAuthorizing,
         authTokenLocalStorage,
-        oAuthLogout,
-        oauthUrl,
     ]);
 
-    return { oAuthLogout, onRenderAuthCheck };
+    return { isOAuth2Enabled, oAuthLogout: handleLogout, onRenderAuthCheck };
 };
 
 export default useOAuth;