Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication with user/pass, OAuth2 and Keycloak #172

Closed
wants to merge 1 commit into from
Closed

Authentication with user/pass, OAuth2 and Keycloak #172

wants to merge 1 commit into from

Conversation

rsnyman
Copy link
Contributor

@rsnyman rsnyman commented May 19, 2021

  • AuthService for authentication
  • HttpClient for all http calls
  • Login page
  • Login controller

@rsnyman rsnyman added backend enhancement New feature or request frontend labels May 19, 2021
@rsnyman rsnyman added this to In progress in Authentication and Authorization via automation May 19, 2021
@rsnyman rsnyman force-pushed the login-controller branch 7 times, most recently from 497d856 to 764946c Compare May 27, 2021 18:34
@rsnyman rsnyman marked this pull request as draft June 10, 2021 16:34
@rsnyman rsnyman changed the title Basic username/password login [WIP] Authentication with user/pass, OAuth2 and Keycloak Jun 10, 2021
@rsnyman rsnyman force-pushed the login-controller branch 5 times, most recently from 80acff4 to d86bf45 Compare August 4, 2021 22:03
@rsnyman rsnyman marked this pull request as ready for review August 5, 2021 15:21
@rsnyman rsnyman changed the title [WIP] Authentication with user/pass, OAuth2 and Keycloak Authentication with user/pass, OAuth2 and Keycloak Aug 5, 2021
john-dupuy
john-dupuy reviewed Aug 9, 2021
View reviewed changes
frontend/src/login.js Outdated Show resolved Hide resolved
@john-dupuy
Copy link
Contributor

john-dupuy commented Aug 9, 2021
edited
Loading

I've only tried out Gitlab auth so far but I noticed the following:

  • Clicking the "Sign up" button on the login page reloads the page but doesn't take you to a sign-up form. Just the same page is displayed. Same thing with the "Forgot username or password" button
  • When we deploy outside of VPN, we should disable these buttons and default to some pre-configured auth mode through Github or SSO
  • After logging in via Gitlab, all the requests from the frontend to the backend failed with:
Access to fetch at 'http://localhost:8080/api/run?estimate=true&pageSize=20&page=1' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

@rsnyman
Add authentication and authorisation to Ibutsu
fef5d8c 
- Add a login page
- Add a login controller
- Use JWT authentication
- Make HttpClient service object that transparently auths requests
- Add OAuth2 login to Ibutsu
- Add tests for the login controller
- Add Keycloak integration
- Add authorisation, users can only see resources for projects they are part of
- Use the 'from_file' method if it exists
- Add support for running the dev servers under TLS
@rsnyman
Copy link
Contributor Author

rsnyman commented Aug 25, 2021

I've only tried out Gitlab auth so far but I noticed the following:

  • Clicking the "Sign up" button on the login page reloads the page but doesn't take you to a sign-up form. Just the same page is displayed. Same thing with the "Forgot username or password" button
  • When we deploy outside of VPN, we should disable these buttons and default to some pre-configured auth mode through Github or SSO
  • After logging in via Gitlab, all the requests from the frontend to the backend failed with:
Access to fetch at 'http://localhost:8080/api/run?estimate=true&pageSize=20&page=1' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I've fixed up some DB queries that were wrong, maybe they were causing this issue? Everything works for me right now.

@john-dupuy
Copy link
Contributor

@rsnyman Finally got a chance to check this out again today. Gitlab login is working fine but now I see when trying to access the runs page:

  File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/ibutsu_server/util/projects.py", line 40, in add_user_filter
    query = query.filter(or_(project in user.projects, project.owner == user))
  File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/.ibutsu-env/lib/python3.9/site-packages/sqlalchemy/orm/attributes.py", line 238, in __getattr__
    util.raise_(
  File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/.ibutsu-env/lib/python3.9/site-packages/sqlalchemy/util/compat.py", line 182, in raise_
    raise exception
AttributeError: Neither 'InstrumentedAttribute' object nor 'Comparator' object associated with Run.project has an attribute 'owner'

For the results page:

  File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/.ibutsu-env/lib/python3.9/site-packages/sqlalchemy/orm/attributes.py", line 238, in __getattr__
    util.raise_(
  File "/home/jdupuy/iqe/iqe-repos/ibutsu/ibutsu-server/backend/.ibutsu-env/lib/python3.9/site-packages/sqlalchemy/util/compat.py", line 182, in raise_
    raise exception
AttributeError: Neither 'InstrumentedAttribute' object nor 'Comparator' object associated with Run.project has an attribute 'owner'

Also, I'm wondering about the swagger UI, how can we authenticate there to mess with API queries?

@rsnyman rsnyman moved this from In Progress to Development Done in Authentication and Authorization Oct 5, 2021
@rsnyman
Copy link
Contributor Author

rsnyman commented Oct 14, 2021

Superseded by #227

@rsnyman rsnyman closed this Oct 14, 2021
Authentication and Authorization automation moved this from Development Done to Done Oct 14, 2021
@rsnyman rsnyman deleted the login-controller branch October 14, 2021 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@john-dupuy john-dupuy john-dupuy left review comments

Assignees
No one assigned
Labels
backend enhancement New feature or request frontend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rsnyman @john-dupuy