[DURACOM-380] backporting

Author: FrancescoMolinaro

src/app/app-routes.ts

@@ -25,6 +25,7 @@ import { COLLECTION_MODULE_PATH } from './collection-page/collection-page-routin
 import { COMMUNITY_MODULE_PATH } from './community-page/community-page-routing-paths';
 import { authBlockingGuard } from './core/auth/auth-blocking.guard';
 import { authenticatedGuard } from './core/auth/authenticated.guard';
+import { notAuthenticatedGuard } from './core/auth/not-authenticated.guard';
 import { groupAdministratorGuard } from './core/data/feature-authorization/feature-authorization-guard/group-administrator.guard';
 import { siteAdministratorGuard } from './core/data/feature-authorization/feature-authorization-guard/site-administrator.guard';
 import { siteRegisterGuard } from './core/data/feature-authorization/feature-authorization-guard/site-register.guard';
@@ -97,13 +98,13 @@ export const APP_ROUTES: Route[] = [
         path: REGISTER_PATH,
         loadChildren: () => import('./register-page/register-page-routes')
           .then((m) => m.ROUTES),
-        canActivate: [siteRegisterGuard],
+        canActivate: [notAuthenticatedGuard, siteRegisterGuard],
       },
       {
         path: FORGOT_PASSWORD_PATH,
         loadChildren: () => import('./forgot-password/forgot-password-routes')
           .then((m) => m.ROUTES),
-        canActivate: [endUserAgreementCurrentUserGuard, forgotPasswordCheckGuard],
+        canActivate: [notAuthenticatedGuard, endUserAgreementCurrentUserGuard, forgotPasswordCheckGuard],
       },
       {
         path: COMMUNITY_MODULE_PATH,
@@ -180,11 +181,13 @@ export const APP_ROUTES: Route[] = [
         path: 'login',
         loadChildren: () => import('./login-page/login-page-routes')
           .then((m) => m.ROUTES),
+        canActivate: [notAuthenticatedGuard],
       },
       {
         path: 'logout',
         loadChildren: () => import('./logout-page/logout-page-routes')
           .then((m) => m.ROUTES),
+        canActivate: [authenticatedGuard],
       },
       {
         path: 'submit',
@@ -272,6 +275,7 @@ export const APP_ROUTES: Route[] = [
       {
         path: 'external-login/:token',
         loadChildren: () => import('./external-login-page/external-login-routes').then((m) => m.ROUTES),
+        canActivate: [notAuthenticatedGuard],
       },
       {
         path: 'review-account/:token',
@@ -282,6 +286,7 @@ export const APP_ROUTES: Route[] = [
         path: 'email-confirmation',
         loadChildren: () => import('./external-login-email-confirmation-page/external-login-email-confirmation-page-routes')
           .then((m) => m.ROUTES),
+        canActivate: [notAuthenticatedGuard],
       },
       { path: '**', pathMatch: 'full', component: ThemedPageNotFoundComponent },
     ],

src/app/core/auth/not-authenticated.guard.spec.ts

@@ -0,0 +1,60 @@
+import { TestBed } from '@angular/core/testing';
+import {
+  ActivatedRouteSnapshot,
+  RouterStateSnapshot,
+} from '@angular/router';
+import {
+  firstValueFrom,
+  of,
+} from 'rxjs';
+import { PAGE_NOT_FOUND_PATH } from 'src/app/app-routing-paths';
+
+import { HardRedirectService } from '../services/hard-redirect.service';
+import { AuthService } from './auth.service';
+import { notAuthenticatedGuard } from './not-authenticated.guard';
+
+describe('notAuthenticatedGuard', () => {
+  let authService: jasmine.SpyObj<AuthService>;
+  let hardRedirectService: jasmine.SpyObj<HardRedirectService>;
+  const mockRoute = {} as ActivatedRouteSnapshot;
+  const mockState = {} as RouterStateSnapshot;
+
+  beforeEach(() => {
+    const authSpy = jasmine.createSpyObj('AuthService', ['isAuthenticated']);
+    const redirectSpy = jasmine.createSpyObj('HardRedirectService', ['redirect']);
+
+    TestBed.configureTestingModule({
+      providers: [
+        { provide: AuthService, useValue: authSpy },
+        { provide: HardRedirectService, useValue: redirectSpy },
+      ],
+    });
+
+    authService = TestBed.inject(AuthService) as jasmine.SpyObj<AuthService>;
+    hardRedirectService = TestBed.inject(HardRedirectService) as jasmine.SpyObj<HardRedirectService>;
+  });
+
+  it('should block access and redirect if user is logged in', async () => {
+    authService.isAuthenticated.and.returnValue(of(true));
+
+    const result$ = TestBed.runInInjectionContext(() =>
+      notAuthenticatedGuard(mockRoute, mockState),
+    );
+
+    const result = await firstValueFrom(result$ as any);
+    expect(result).toBe(false);
+    expect(hardRedirectService.redirect).toHaveBeenCalledWith(PAGE_NOT_FOUND_PATH);
+  });
+
+  it('should allow access if user is not logged in', async () => {
+    authService.isAuthenticated.and.returnValue(of(false));
+
+    const result$ = TestBed.runInInjectionContext(() =>
+      notAuthenticatedGuard(mockRoute, mockState),
+    );
+
+    const result = await firstValueFrom(result$ as any);
+    expect(result).toBe(true);
+    expect(hardRedirectService.redirect).not.toHaveBeenCalled();
+  });
+});

src/app/core/auth/not-authenticated.guard.ts

@@ -0,0 +1,23 @@
+import { inject } from '@angular/core';
+import { CanActivateFn } from '@angular/router';
+import { map } from 'rxjs/operators';
+import { PAGE_NOT_FOUND_PATH } from 'src/app/app-routing-paths';
+
+import { HardRedirectService } from '../services/hard-redirect.service';
+import { AuthService } from './auth.service';
+
+export const notAuthenticatedGuard: CanActivateFn = () => {
+  const authService = inject(AuthService);
+  const redirectService = inject(HardRedirectService);
+
+  return authService.isAuthenticated().pipe(
+    map((isLoggedIn) => {
+      if (isLoggedIn) {
+        redirectService.redirect(PAGE_NOT_FOUND_PATH);
+        return false;
+      }
+
+      return true;
+    }),
+  );
+};