-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRouteGuard.jsx
73 lines (57 loc) · 2.76 KB
/
RouteGuard.jsx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
import { useState, useEffect } from 'react';
import { useLocation, Navigate } from 'react-router-dom';
import { useMsal, MsalAuthenticationTemplate } from '@azure/msal-react';
import { InteractionType } from '@azure/msal-browser';
import { checkGroupsInStorage, getGroupsFromStorage } from '../utils/storageUtils';
import { loginRequest } from '../authConfig';
export const RouteGuard = ({ Component, ...props }) => {
const location = useLocation();
const { instance } = useMsal();
const [isAuthorized, setIsAuthorized] = useState(false);
const [isOveraged, setIsOveraged] = useState(false);
const [message, setMessage] = useState(null);
const onLoad = async () => {
const activeAccount = instance.getActiveAccount() || instance.getAllAccounts()[0];
// check either the ID token or a non-expired storage entry for the groups membership claim
if (!activeAccount?.idTokenClaims?.groups && !checkGroupsInStorage(activeAccount)) {
if (activeAccount.idTokenClaims.hasOwnProperty('_claim_names') && activeAccount.idTokenClaims['_claim_names'].hasOwnProperty('groups')) {
setIsOveraged(true);
setMessage('You have too many group memberships. The application will now query Microsoft Graph to check if you are a member of any of the groups required.');
return;
}
setMessage('Token does not have groups claim. Please ensure that your account is assigned to a security group and then sign-out and sign-in again.');
return;
}
const hasRequiredGroup = props.requiredGroups.some((group) =>
activeAccount?.idTokenClaims?.groups?.includes(group) || getGroupsFromStorage(activeAccount)?.includes(group)
);
if (!hasRequiredGroup) setMessage('You do not have access. Please ensure that your account is assigned to the required security group and then sign-out and sign-in again.')
setIsAuthorized(hasRequiredGroup);
};
useEffect(() => {
onLoad();
// eslint-disable-next-line
}, [instance]);
useEffect(() => {
if (message) window.alert(message);
}, [message]);
const authRequest = {
...loginRequest,
};
return (
<MsalAuthenticationTemplate
interactionType={InteractionType.Redirect}
authenticationRequest={authRequest}
>
{isAuthorized ? (
<div>{props.children}</div>
) : isOveraged ? (
<Navigate replace to="/overage" state={location.pathname} />
) : (
<div className="data-area-div">
<h3>You are unauthorized to view this content.</h3>
</div>
)}
</MsalAuthenticationTemplate>
);
};