-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor SAML auth, make /admin/queues require auth #640
Conversation
b2c73c6
to
6beab85
Compare
|
||
<h1>Telescope</h1> | ||
|
||
<p>NOTE: this page is going away soon, just for testing login/logout.</p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure what this is referring too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This entire web page will be replaced by our GatsbyJS app. I just have this here now for testing that the authenticated routes work. I added this note so people didn't wonder why I had this page.
delete req.session.returnTo; | ||
} | ||
|
||
res.redirect(returnTo || telescopeHomeUrl); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
interesting - i was just saying that seneca works needs this ability.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it's really critical, and you have to hack it in place yourself.
.eslintrc.js
Outdated
/** | ||
* Some passport properties are only exposed via underscore names | ||
*/ | ||
'no-underscore-dangle': 'off', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the advantage/disadvantage of this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just needed it to get eslint to pass, since I (currently) have to access the logout function I need via passport._strategy
and our rules don't allow names with leading _
. I might be able to fix this later so I don't need to do this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general, anything named _name
is a "private" variable, and you aren't usually supposed to access it.
This is a great, short article on the kind of login flow that I'm using here to protect these api routes: https://auth0.com/docs/login/spa/authenticate-with-cookies |
1017080
to
6ebdd91
Compare
This pull request is being automatically deployed with ZEIT Now (learn more). 🔍 Inspect: https://zeit.co/humphd/telescope/hw3b1cxwq |
6ebdd91
to
f19895d
Compare
Fixes #202
Description
This is a WIP experimental PR to try and get our authentication code working smoothly. I've focused on the node/passport bits, and gotten it to the point that it works in basic HTML. The next step is connecting this into our GatsbyJS app.
Here's some of what I've done:
env.example
for allSAML_*
values, so things "Just Work" (@manekenpix is suggesting we try and do this more often, and I think it's a good idea)./login
to/auth
and we now have these routes:/auth/login
,/auth/logout
, and/auth/callback
which enable our SAML SSO flowI have a bunch of
TODO
s in the code, which need work. The main thing I'm stuck on is that you should be able to do this:I have a stupid redirect issue, where it goes back to the homepage instead of falling through to the proper handler.
To test this, pull my branch and do this:
Now go to
http://localhost:3000
. You can try going to any of the buttons at the top:When you're logging in/out, you can look at your cookies: