Skip to content
This repository has been archived by the owner on Apr 5, 2024. It is now read-only.

feat(auth): add authentification with keycloak #50

Merged
merged 99 commits into from
Jun 17, 2022
Merged

feat(auth): add authentification with keycloak #50

merged 99 commits into from
Jun 17, 2022

Conversation

maxgfr
Copy link
Member

@maxgfr maxgfr commented Apr 8, 2022
edited
Loading

fix SocialGouv/support#185

DONE :

  1. Ajout d'une page profil où les informations sont accessibles si et seulement l'utilisateur est connecté
  2. Ajout du provider keycloak pour l'authentification
  3. Ajout d'un withAuth qui verifie si le client est connecté côté server side props
  4. Utilisation de next-auth au lieu de react-keycloak
  5. Création du thème avec keycloackify
  6. Création du chart pour keycloack
  7. Mise en place de kube-workflow pour l'app
  8. Mise en place de kube-workflow pour keycloak
  9. Mise en place du français comme langue par défaut
  10. Ajout de FranceConnect 🇫🇷
  11. Documentation qui explique la différence entre la branche main et static

@maxgfr maxgfr requested a review from revolunet April 8, 2022 17:32
@maxgfr
Copy link
Member Author

maxgfr commented Apr 8, 2022

@revolunet J'ai fait une PR sur main directement. Faudrait-il pas le faire sur une branche à part plutôt ?

@github-actions github-actions bot temporarily deployed to template-maxgfr-authentification-5fu0fu April 8, 2022 17:39 Inactive
@revolunet
Copy link
Member

Oui je pense qu'on peut faire une branche keycloak pour l'instant

@gitguardian
Copy link

gitguardian bot commented Apr 22, 2022

⚠️ GitGuardian has uncovered 4 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id Secret Commit Filename
3178153 Generic High Entropy Secret b0f9761 .env.development View secret
3178153 Generic High Entropy Secret 6f0625b .env.development View secret
3178153 Generic High Entropy Secret ecdcd12 .env.development View secret
3178153 Generic High Entropy Secret 55d8a90 .env.development View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

@gitguardian
Copy link

gitguardian bot commented Apr 22, 2022
edited
Loading

⚠️ GitGuardian has uncovered 14 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id Secret Commit Filename
3178153 Generic High Entropy Secret b0f9761 .env.development View secret
3178153 Generic High Entropy Secret 6f0625b .env.development View secret
3178153 Generic High Entropy Secret ecdcd12 .env.development View secret
3178153 Generic High Entropy Secret 55d8a90 .env.development View secret
3178153 Generic High Entropy Secret bc39902 .env.development View secret
3356537 Generic High Entropy Secret 65df1ed .kube-workflow/templates/realm.configmap.yaml View secret
3356537 Generic High Entropy Secret 15a0502 config/keycloak/realm.json View secret
3356537 Generic High Entropy Secret eb30d43 config/realm-export.json View secret
3356537 Generic High Entropy Secret 70a2cfe .kube-workflow/templates/realm.configmap.yaml View secret
3178153 Generic High Entropy Secret 2b87cf4 .env.development View secret
3178153 Generic High Entropy Secret 0fca6ea .env.development View secret
3178153 Generic High Entropy Secret 0fca6ea .env.development View secret
3178153 Generic High Entropy Secret cd67c69 .env.development View secret
3513932 Generic High Entropy Secret cd67c69 .env.development View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

@maxgfr maxgfr changed the title feat(auth): add SSR authentification with keycloak feat(auth): add authentification with keycloak Apr 22, 2022
revolunet
revolunet reviewed May 8, 2022
View reviewed changes
src/lib/auth.ts Outdated Show resolved Hide resolved
maxgfr and others added 2 commits June 9, 2022 20:05
@maxgfr
Update .github/workflows/production.yml
7332b77 
Co-authored-by: Julien Bouquillon <julien.bouquillon@sg.social.gouv.fr>
@maxgfr
Update .github/workflows/preproduction.yml
6688c6e 
Co-authored-by: Julien Bouquillon <julien.bouquillon@sg.social.gouv.fr>
@sonarcloud
Copy link

sonarcloud bot commented Jun 9, 2022

Please retry analysis of this Pull-Request directly on SonarCloud.

maxgfr and others added 2 commits June 9, 2022 20:06
@maxgfr
Update .kube-workflow/values.yaml
ae1df9d 
Co-authored-by: Julien Bouquillon <julien.bouquillon@sg.social.gouv.fr>
@maxgfr
Update .github/workflows/review.yml
088830d 
Co-authored-by: Julien Bouquillon <julien.bouquillon@sg.social.gouv.fr>
@github-actions github-actions bot temporarily deployed to template-maxgfr-authentification-5fu0fu June 9, 2022 18:15 Inactive
@maxgfr
Copy link
Member Author

maxgfr commented Jun 10, 2022

Le NEXT_PUBLIC_HOST qui est utilisé dans le robots.txt, on le rajoute dans les .env pour exemple ?

On en a besoin au niveau du build, car celui-ci est utilisé pour générer le bon robots.txt du coup je l'ai rajouté au niveau des docker build args

@maxgfr maxgfr requested a review from revolunet June 10, 2022 09:03
@github-actions github-actions bot temporarily deployed to template-maxgfr-authentification-5fu0fu June 10, 2022 09:09 Inactive
@maxgfr
Update .github/workflows/preproduction.yml
d234f73 
Co-authored-by: Julien Bouquillon <julien.bouquillon@sg.social.gouv.fr>
@github-actions github-actions bot temporarily deployed to template-maxgfr-authentification-5fu0fu June 10, 2022 09:30 Inactive
@maxgfr
Copy link
Member Author

maxgfr commented Jun 13, 2022

Merci pour les retours @revolunet. C'est réglé ;)

@maxgfr maxgfr requested a review from revolunet June 13, 2022 08:03
@github-actions github-actions bot temporarily deployed to template-maxgfr-authentification-5fu0fu June 14, 2022 09:04 Inactive
feat: keycloak 18 + kontinuous (#73)
a273e04 
* docker-compose: use keycloak 18

* feat: use kontinuous deployments

* fix: fix logout flow

* fix: realm export

* fix: weborigins

* fix: use secure password and prevent bruteforce

* fix: FC secrets

* fix: add NEXT_PUBLIC_APP_VERSION_COMMIT and NEXT_PUBLIC_IS_PRODUCTION_DEPLOYMENT

* ci: add ks-review-deactivate

* fix: dummy

* fix: realm

* docs

* Update CODEOWNERS

* fix: secrets

* fix: log KC events

* docs

* fix: prod build args

* fix: deactivate

* fix: dummy
@socket-security
Copy link

Socket Security Report

📜 New install scripts detected

A dependency change in this PR is introducing new install scripts to your install step.

Package Script field Location
@sentry/cli@1.74.4 (upgraded) install package.json via @sentry/nextjs@6.19.7, @sentry/webpack-plugin@1.18.8
Socket.dev scan summary
Issue Status
Did you mean? ✅ no new possible package typos
Install scripts ⚠️ 1 new install script detected
Telemetry ✅ no new telemetry
Troll package ✅ no new troll packages
Malware ✅ no new malware
Native code ✅ no new native modules

Powered by socket.dev

@sonarcloud
Copy link

sonarcloud bot commented Jun 16, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@github-actions github-actions bot temporarily deployed to production June 16, 2022 20:44 Destroyed
@github-actions
Copy link

🎉 Deployment for commit 0f8453d :

Ingresses
Docker images
  • 📦 docker pull harbor.fabrique.social.gouv.fr/fabrique/template/app:sha-0f8453d99f84fc3c67c402b60ffc900473bd1f3a
Debug

@maxgfr maxgfr merged commit 18b0bb4 into main Jun 17, 2022
@maxgfr maxgfr deleted the maxgfr/authentification branch June 17, 2022 09:08
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@revolunet revolunet revolunet approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[TEMPLATE] Integration KeyCloak
2 participants
@maxgfr @revolunet