Merge pull request #4901 from 4Science/task/dspace-7_x/DURACOM-390

[Port dspace-7_x] Add route guard to prevent access to register page for authenticated users

Author: tdonohue

src/app/app-routing.module.ts

@@ -42,6 +42,7 @@ import { MenuResolver } from './menu.resolver';
 import { ThemedPageErrorComponent } from './page-error/themed-page-error.component';
 import { HomePageResolver } from './home-page/home-page.resolver';
 import { ViewTrackerResolverService } from './statistics/angulartics/dspace/view-tracker-resolver.service';
+import { notAuthenticatedGuard } from './core/auth/not-authenticated.guard';
 
 @NgModule({
   imports: [
@@ -98,13 +99,13 @@ import { ViewTrackerResolverService } from './statistics/angulartics/dspace/view
             path: REGISTER_PATH,
             loadChildren: () => import('./register-page/register-page.module')
               .then((m) => m.RegisterPageModule),
-            canActivate: [SiteRegisterGuard]
+            canActivate: [notAuthenticatedGuard, SiteRegisterGuard]
           },
           {
             path: FORGOT_PASSWORD_PATH,
             loadChildren: () => import('./forgot-password/forgot-password.module')
               .then((m) => m.ForgotPasswordModule),
-            canActivate: [EndUserAgreementCurrentUserGuard]
+            canActivate: [notAuthenticatedGuard, EndUserAgreementCurrentUserGuard]
           },
           {
             path: COMMUNITY_MODULE_PATH,
@@ -169,12 +170,14 @@ import { ViewTrackerResolverService } from './statistics/angulartics/dspace/view
           {
             path: 'login',
             loadChildren: () => import('./login-page/login-page.module')
-              .then((m) => m.LoginPageModule)
+              .then((m) => m.LoginPageModule),
+            canActivate: [notAuthenticatedGuard]
           },
           {
             path: 'logout',
             loadChildren: () => import('./logout-page/logout-page.module')
-              .then((m) => m.LogoutPageModule)
+              .then((m) => m.LogoutPageModule),
+            canActivate: [AuthenticatedGuard]
           },
           {
             path: 'submit',

src/app/core/auth/not-authenticated.guard.spec.ts

@@ -0,0 +1,60 @@
+import { TestBed } from '@angular/core/testing';
+import {
+  ActivatedRouteSnapshot,
+  RouterStateSnapshot,
+} from '@angular/router';
+import {
+  firstValueFrom,
+  of,
+} from 'rxjs';
+import { PAGE_NOT_FOUND_PATH } from 'src/app/app-routing-paths';
+
+import { HardRedirectService } from '../services/hard-redirect.service';
+import { AuthService } from './auth.service';
+import { notAuthenticatedGuard } from './not-authenticated.guard';
+
+describe('notAuthenticatedGuard', () => {
+  let authService: jasmine.SpyObj<AuthService>;
+  let hardRedirectService: jasmine.SpyObj<HardRedirectService>;
+  const mockRoute = {} as ActivatedRouteSnapshot;
+  const mockState = {} as RouterStateSnapshot;
+
+  beforeEach(() => {
+    const authSpy = jasmine.createSpyObj('AuthService', ['isAuthenticated']);
+    const redirectSpy = jasmine.createSpyObj('HardRedirectService', ['redirect']);
+
+    TestBed.configureTestingModule({
+      providers: [
+        { provide: AuthService, useValue: authSpy },
+        { provide: HardRedirectService, useValue: redirectSpy },
+      ],
+    });
+
+    authService = TestBed.inject(AuthService) as jasmine.SpyObj<AuthService>;
+    hardRedirectService = TestBed.inject(HardRedirectService) as jasmine.SpyObj<HardRedirectService>;
+  });
+
+  it('should block access and redirect if user is logged in', async () => {
+    authService.isAuthenticated.and.returnValue(of(true));
+
+    const result$ = TestBed.runInInjectionContext(() =>
+      notAuthenticatedGuard(mockRoute, mockState),
+    );
+
+    const result = await firstValueFrom(result$ as any);
+    expect(result).toBe(false);
+    expect(hardRedirectService.redirect).toHaveBeenCalledWith(PAGE_NOT_FOUND_PATH);
+  });
+
+  it('should allow access if user is not logged in', async () => {
+    authService.isAuthenticated.and.returnValue(of(false));
+
+    const result$ = TestBed.runInInjectionContext(() =>
+      notAuthenticatedGuard(mockRoute, mockState),
+    );
+
+    const result = await firstValueFrom(result$ as any);
+    expect(result).toBe(true);
+    expect(hardRedirectService.redirect).not.toHaveBeenCalled();
+  });
+});

src/app/core/auth/not-authenticated.guard.ts

@@ -0,0 +1,23 @@
+import { inject } from '@angular/core';
+import { CanActivateFn } from '@angular/router';
+import { map } from 'rxjs/operators';
+import { PAGE_NOT_FOUND_PATH } from 'src/app/app-routing-paths';
+
+import { HardRedirectService } from '../services/hard-redirect.service';
+import { AuthService } from './auth.service';
+
+export const notAuthenticatedGuard: CanActivateFn = () => {
+  const authService = inject(AuthService);
+  const redirectService = inject(HardRedirectService);
+
+  return authService.isAuthenticated().pipe(
+    map((isLoggedIn) => {
+      if (isLoggedIn) {
+        redirectService.redirect(PAGE_NOT_FOUND_PATH);
+        return false;
+      }
+
+      return true;
+    }),
+  );
+};