Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
mgr/dashboard: JWT authentication #22833
This PR changes the authentication scheme we were using in the dashboard, from a stateful scheme to a stateless scheme based on JWT tokens.
This solves two problems:
The login function now returns a JWT token with a validity of 8 hours (configurable by a dashboard CLI command) that must be added to the request header
This PR takes care of both backend and frontend code to use JWT tokens.
TBH, I don't see the necessity for adding this. It adds lots of complexity to the code base with little benefit for users:
Is there any real and noticeable benefit for users?
@sebastian-philipp this feature allows the ceph-dasboard user session to be available when the browser needs to connect to a different backend server. I agree that this case should not be frequent but it may happen.
I don't think the code in this PR adds complexity to existing code. The code added in this PR is limited to the implementation of the token based support and does not change the remaining of the dashboard code. Also, it does not introduce any change in the methodology, or process, of implementing new features to the dashboard.
But if you think this PR will cause problems when developing new features for the dashboard, I'm happy to close this PR.
In controllers/user.py the removed class Session is still imported.
2018-07-27 07:37:00.287 7f8e4c614700 -1 Traceback (most recent call last): File "/ceph/src/pybind/mgr/dashboard/module.py", line 288, in serve mapper, parent_urls = generate_routes(self.url_prefix) File "/ceph/src/pybind/mgr/dashboard/controllers/__init__.py", line 231, in generate_routes ctrls = load_controllers() File "/ceph/src/pybind/mgr/dashboard/controllers/__init__.py", line 170, in load_controllers package='dashboard') File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module __import__(name) File "/ceph/src/pybind/mgr/dashboard/controllers/user.py", line 11, in <module> from ..tools import Session ImportError: cannot import name Session
The config key path
Yes, but there is no command to do that. What is there is the infrastructure to invalidate a user session/token, and we already use that in this PR for instance when changing the user properties like the password, or the its roles.
2 times, most recently
Oct 18, 2018
Let's add that in a separate PR. There is a tracker issue for this feature here: https://tracker.ceph.com/issues/25229