From 399f096e5ea0d887003945d7d676468490622485 Mon Sep 17 00:00:00 2001
From: praju-aot <praveen.raju@aot-technologies.com>
Date: Thu, 4 Jul 2024 23:25:30 -0400
Subject: [PATCH] fix: ORV2-2532 - The application should validate guards and
 proceed to route handler if at least one of them succeeds.

---
 dops/src/guard/jwt-one-of-auth.guard.ts       | 25 +++++++++++++++++++
 dops/src/modules/dgen/dgen.controller.ts      |  5 ++--
 .../notification/notification.controller.ts   |  5 ++--
 .../src/common/guard/jwt-one-of-auth.guard.ts | 25 +++++++++++++++++++
 4 files changed, 54 insertions(+), 6 deletions(-)
 create mode 100644 dops/src/guard/jwt-one-of-auth.guard.ts
 create mode 100644 vehicles/src/common/guard/jwt-one-of-auth.guard.ts

diff --git a/dops/src/guard/jwt-one-of-auth.guard.ts b/dops/src/guard/jwt-one-of-auth.guard.ts
new file mode 100644
index 000000000..3e2523ccb
--- /dev/null
+++ b/dops/src/guard/jwt-one-of-auth.guard.ts
@@ -0,0 +1,25 @@
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { JwtAuthGuard } from './auth.guard';
+import { JwtServiceAccountAuthGuard } from './jwt-sa-auth.guard';
+import { Reflector } from '@nestjs/core';
+
+@Injectable()
+export class JwtOneOfAuthGuard implements CanActivate {
+  constructor(private reflector: Reflector) {}
+  canActivate(
+    context: ExecutionContext,
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    const jwtAuthGuard = new JwtAuthGuard(this.reflector);
+    const jwtServiceAccountAuthGuard = new JwtServiceAccountAuthGuard(
+      this.reflector,
+    );
+
+    try {
+      return jwtAuthGuard.canActivate(context); // Attempt to activate the jwtAuthGuard
+    } catch (error) {
+      // If the jwtAuthGuard fails, attempt to activate the jwtServiceAccountAuthGuard
+      return jwtServiceAccountAuthGuard.canActivate(context);
+    }
+  }
+}
diff --git a/dops/src/modules/dgen/dgen.controller.ts b/dops/src/modules/dgen/dgen.controller.ts
index d3e7e3e3f..1f85fb9cb 100644
--- a/dops/src/modules/dgen/dgen.controller.ts
+++ b/dops/src/modules/dgen/dgen.controller.ts
@@ -28,8 +28,7 @@ import { Role } from '../../enum/roles.enum';
 import { CreateGeneratedReportDto } from './dto/request/create-generated-report.dto';
 import { DgenService } from './dgen.service';
 import { ReadFileDto } from '../common/dto/response/read-file.dto';
-import { JwtAuthGuard } from 'src/guard/auth.guard';
-import { JwtServiceAccountAuthGuard } from 'src/guard/jwt-sa-auth.guard';
+import { JwtOneOfAuthGuard } from '../../guard/jwt-one-of-auth.guard';
 
 @ApiTags('Document Generator (DGEN)')
 @ApiBadRequestResponse({
@@ -64,7 +63,7 @@ export class DgenController {
     description: 'Required when IDP is not IDIR .',
   })
   @Roles(Role.GENERATE_DOCUMENT)
-  @UseGuards(JwtAuthGuard, JwtServiceAccountAuthGuard)
+  @UseGuards(JwtOneOfAuthGuard)
   @Post('/template/render')
   async generate(
     @Req() request: Request,
diff --git a/dops/src/modules/notification/notification.controller.ts b/dops/src/modules/notification/notification.controller.ts
index 9df13f327..6bc38e4ef 100644
--- a/dops/src/modules/notification/notification.controller.ts
+++ b/dops/src/modules/notification/notification.controller.ts
@@ -21,8 +21,7 @@ import { NotificationService } from './notification.service';
 import { ExceptionDto } from '../../exception/exception.dto';
 import { NotificationDocumentDto } from './dto/request/notification-document.dto';
 import { NotificationDto } from './dto/request/notification.dto';
-import { JwtAuthGuard } from 'src/guard/auth.guard';
-import { JwtServiceAccountAuthGuard } from 'src/guard/jwt-sa-auth.guard';
+import { JwtOneOfAuthGuard } from '../../guard/jwt-one-of-auth.guard';
 
 @ApiBearerAuth()
 @ApiBadRequestResponse({
@@ -61,7 +60,7 @@ export class NotificationController {
     description:
       'Processes and sends an notification with specified documents as attachments to the given recipient(s), and returns a transaction ID for the operation.',
   })
-  @UseGuards(JwtAuthGuard, JwtServiceAccountAuthGuard)
+  @UseGuards(JwtOneOfAuthGuard)
   @Post('/document')
   @Roles({ allOf: [Role.SEND_NOTIFICATION, Role.READ_DOCUMENT] })
   async notificationWithDocumentsFromDops(
diff --git a/vehicles/src/common/guard/jwt-one-of-auth.guard.ts b/vehicles/src/common/guard/jwt-one-of-auth.guard.ts
new file mode 100644
index 000000000..3e2523ccb
--- /dev/null
+++ b/vehicles/src/common/guard/jwt-one-of-auth.guard.ts
@@ -0,0 +1,25 @@
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { JwtAuthGuard } from './auth.guard';
+import { JwtServiceAccountAuthGuard } from './jwt-sa-auth.guard';
+import { Reflector } from '@nestjs/core';
+
+@Injectable()
+export class JwtOneOfAuthGuard implements CanActivate {
+  constructor(private reflector: Reflector) {}
+  canActivate(
+    context: ExecutionContext,
+  ): boolean | Promise<boolean> | Observable<boolean> {
+    const jwtAuthGuard = new JwtAuthGuard(this.reflector);
+    const jwtServiceAccountAuthGuard = new JwtServiceAccountAuthGuard(
+      this.reflector,
+    );
+
+    try {
+      return jwtAuthGuard.canActivate(context); // Attempt to activate the jwtAuthGuard
+    } catch (error) {
+      // If the jwtAuthGuard fails, attempt to activate the jwtServiceAccountAuthGuard
+      return jwtServiceAccountAuthGuard.canActivate(context);
+    }
+  }
+}