New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oc login: Show tokenURL message if only IDP is basic and user has not provided username #553
oc login: Show tokenURL message if only IDP is basic and user has not provided username #553
Conversation
I don't think this is a good approach, b/c you're basically forcing username to be passed to pick basic auth. I was rather imagining that when you get information from the server about supported auth methods, and if only basic you'd go with that always. But when more than basic is present always prefer the other one. @stlaz might help you with that and I think that's what @smarterclayton had in mind |
The actual response you're faking here is coming from oauth-server, from here: https://github.com/openshift/oauth-server/blob/dcbeb48c9cedcf0827629556f1e6cdb8538d4ebe/pkg/authenticator/challenger/placeholderchallenger/placeholder_challenger.go#L24 |
I saw that, ok - i'll rework this. |
f927e22
to
a0a593e
Compare
I've reworked this: |
a0a593e
to
c5d9bcd
Compare
/test e2e-cmd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you're also going to have to improve
oc/pkg/helpers/tokencmd/basicauth.go
Line 115 in ea0d540
func basicRealm(headers http.Header) (bool, string) { |
so that it prefers non-kubeadmin realms
c5d9bcd
to
5a7fdd3
Compare
@stlaz pt-another-l, thanks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there any specific code that will handle the warning received from the oauth-server? I couldn't find where the message about the token URL is actually printed in the case of the placeholderchallenger on the oauth-server side
5a7fdd3
to
0ea5a8b
Compare
a6f2422
to
0fe41a9
Compare
@stlaz, updated this PR, I fixed all the issues and added unit tests. I have a question about the |
9c777a5
to
bcf0351
Compare
@stlaz ptal at the unit test changes, head is spinning w/ those, thank you : ) |
pkg/helpers/tokencmd/basicauth.go
Outdated
if _, ok := err.(*basicNoUsername); ok { | ||
return true | ||
} | ||
return false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
_, ok := err.(*basicNoUsername)
return ok
or export the error an inline it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done, exported/inline, thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
there are some nits from Standa left, so I'm leaving him final tag
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs further improvements and refactoring due to the changes of basic challenge handler.
The test case changes seem wrong -> you can add more but keep the behavior of the old tests. Unless I missed anything, the old tests weren't prompting for password only so just do that instead of turning them into negative tests.
/hold |
709a09a
to
97e9b30
Compare
@@ -98,34 +98,6 @@ Password: `, | |||
}, | |||
}, | |||
|
|||
"interactive challenge": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sallyom can this be changed to half-interactive when you pass username it should still ask you for a password, or we have one covering that case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this can be omitted, as the one above covers that, it's "interactive challenge with default user"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
@stlaz I've updated all test cases, i think you can remove the hold now, and thanks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nits only \o/
The PR looks good to me now
pkg/helpers/tokencmd/basicauth.go
Outdated
@@ -14,6 +14,16 @@ import ( | |||
"github.com/openshift/oc/pkg/helpers/term" | |||
) | |||
|
|||
type BasicNoUsername struct{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
godoc please :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// BasicAuthNoUsernameError is an error that means that basic authentication challenge handling was attempted but the required username was not provided from the command line options
- rename to
BasicAuthNoUsernameError
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated, much better, thanks
/hold cancel |
97e9b30
to
1a68b3e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
last nits, I promise
pkg/helpers/tokencmd/basicauth.go
Outdated
@@ -14,6 +14,16 @@ import ( | |||
"github.com/openshift/oc/pkg/helpers/term" | |||
) | |||
|
|||
type BasicNoUsername struct{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// BasicAuthNoUsernameError is an error that means that basic authentication challenge handling was attempted but the required username was not provided from the command line options
- rename to
BasicAuthNoUsernameError
pkg/helpers/tokencmd/basicauth.go
Outdated
} | ||
|
||
// BasicNoUsernameError returns an error for a basic challenge without a username | ||
func BasicNoUsernameError() error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NewBasicAuthNoUsernameError()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, much better, updated : )
Also, in request_token.go, updated BasicNoUsernameMessage
to BasicAuthNoUsernameMessage
1a68b3e
to
4f3f784
Compare
… provided username
4f3f784
to
57684f9
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sallyom, soltysh, stlaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
oc login -u anything
, try for basic auth prompt.