Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Server] handling of token and cookies, auth and session middleware #11003

Merged
merged 1 commit into from
May 21, 2024
Merged

[Server] handling of token and cookies, auth and session middleware #11003

merged 1 commit into from
May 21, 2024
+117 −70

Conversation

MUzairS15
Copy link
Contributor

@MUzairS15 MUzairS15 commented May 21, 2024
edited

Notes for Reviewers

This PR fixes #10977

  1. The autoselect was not enabled if the server is configured to use a specific provider unless the provider is Meshery.
    This caused an issue where users were being redirected to 401 Unauthenticated page when server was configured to use a specific provider (None) but because auto-select doesn't; happen on the Provider UI page, if the user selects a provider different than None it was being treated by the server as unauthorized (sending 401 response directly).

The PR ensures if the server is configured to use a specific provider, it gets auto-selected.
Before continuing the server to configure for auto-selection the provided env var PROVIDER is verified if it's supported.

  1. SessionInjectionMiddleware was also performing auth checks in addition to checks being already done with AuthMiddleware.
  2. Adding utilities to set and unset cookies to ensure expiry, name, value, path and other cookie-related configurations are identical.
  3. Setting the expiry of all provider/token/session cookies to the correct value (24h).
    Signed commits
  • Yes, I signed my commits.

@MUzairS15
handling of token and cookies, auth and session middleware
9cb4add 
Signed-off-by: MUzairS15 <muzair.shaikh810@gmail.com>
@MUzairS15 MUzairS15 requested a review from leecalcote May 21, 2024 11:23
@github-actions GitHub Actions
Copy link

@MUzairS15 MUzairS15 marked this pull request as draft May 21, 2024 11:29
@MUzairS15 MUzairS15 marked this pull request as ready for review May 21, 2024 11:44
@leecalcote
Copy link
Member

@nebula-aac fyi

@leecalcote
Copy link
Member

@sudhanshutech will you take care of the eslint issues?

@sudhanshutech
Copy link
Member

@sudhanshutech will you take care of the eslint issues?

sure

MUzairS15
MUzairS15 commented May 21, 2024
View reviewed changes
server/models/remote_auth.go
@@ -20,6 +20,17 @@ import (
"golang.org/x/oauth2"
)

const (
// Stores meshery provider related info.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add these to docs.

@leecalcote leecalcote merged commit f1791ac into meshery:master May 21, 2024
11 of 13 checks passed
@leecalcote leecalcote mentioned this pull request May 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leecalcote leecalcote leecalcote approved these changes

Assignees
No one assigned
Labels
component/server
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Mishandled Cookie
3 participants
@MUzairS15 @leecalcote @sudhanshutech