diff --git a/nexus/src/external_api/console_api.rs b/nexus/src/external_api/console_api.rs index e68f9b08823..d87e76bcf1f 100644 --- a/nexus/src/external_api/console_api.rs +++ b/nexus/src/external_api/console_api.rs @@ -619,6 +619,17 @@ pub async fn console_settings_page( console_index_or_login_redirect(rqctx).await } +#[endpoint { + method = GET, + path = "/", + unpublished = true, +}] +pub async fn console_root( + rqctx: Arc>>, +) -> Result, HttpError> { + console_index_or_login_redirect(rqctx).await +} + /// Make a new PathBuf with `.gz` on the end fn with_gz_ext(path: &PathBuf) -> PathBuf { let mut new_path = path.clone(); diff --git a/nexus/src/external_api/device_auth.rs b/nexus/src/external_api/device_auth.rs index 00132cc078c..746b973716a 100644 --- a/nexus/src/external_api/device_auth.rs +++ b/nexus/src/external_api/device_auth.rs @@ -15,7 +15,7 @@ use crate::context::OpContext; use crate::db::model::DeviceAccessToken; use crate::ServerContext; use dropshot::{ - endpoint, HttpError, HttpResponseOk, Query, RequestContext, TypedBody, + endpoint, HttpError, HttpResponseOk, RequestContext, TypedBody, }; use http::{header, Response, StatusCode}; use hyper::Body; @@ -121,11 +121,10 @@ pub struct DeviceAuthVerify { #[endpoint { method = GET, path = "/device/verify", - tags = ["hidden"], // "token" + unpublished = true, }] pub async fn device_auth_verify( rqctx: Arc>>, - _params: Query, ) -> Result, HttpError> { console_index_or_login_redirect(rqctx).await } diff --git a/nexus/src/external_api/http_entrypoints.rs b/nexus/src/external_api/http_entrypoints.rs index e5ec80ed579..8f97431c077 100644 --- a/nexus/src/external_api/http_entrypoints.rs +++ b/nexus/src/external_api/http_entrypoints.rs @@ -219,6 +219,8 @@ pub fn external_api() -> NexusApiDescription { api.register(console_api::session_me)?; api.register(console_api::logout)?; api.register(console_api::console_page)?; + api.register(console_api::console_root)?; + api.register(console_api::console_settings_page)?; api.register(console_api::asset)?; api.register(console_api::login)?; diff --git a/nexus/tests/integration_tests/console_api.rs b/nexus/tests/integration_tests/console_api.rs index e5a4002d5ae..d727e3fc926 100644 --- a/nexus/tests/integration_tests/console_api.rs +++ b/nexus/tests/integration_tests/console_api.rs @@ -158,10 +158,18 @@ async fn test_console_pages(cptestctx: &ControlPlaneTestContext) { let session_token = log_in_and_extract_token(&testctx).await; - // hit console page with session, should get back HTML response - let console_page = - RequestBuilder::new(&testctx, Method::GET, "/orgs/irrelevant-path") - .header(http::header::COOKIE, session_token) + // hit console pages with session, should get back HTML response + let console_paths = &[ + "/", + "/orgs/irrelevant-path", + "/settings/irrelevant-path", + "/device/success", + "/device/verify", + ]; + + for path in console_paths { + let console_page = RequestBuilder::new(&testctx, Method::GET, path) + .header(http::header::COOKIE, session_token.clone()) .expect_status(Some(StatusCode::OK)) .expect_response_header( http::header::CONTENT_TYPE, @@ -171,7 +179,8 @@ async fn test_console_pages(cptestctx: &ControlPlaneTestContext) { .await .expect("failed to get console index"); - assert_eq!(console_page.body, "".as_bytes()); + assert_eq!(console_page.body, "".as_bytes()); + } } #[nexus_test] diff --git a/nexus/tests/output/nexus_tags.txt b/nexus/tests/output/nexus_tags.txt index 2ceaa81bdcf..8961f214ca2 100644 --- a/nexus/tests/output/nexus_tags.txt +++ b/nexus/tests/output/nexus_tags.txt @@ -17,7 +17,6 @@ OPERATION ID URL PATH device_access_token /device/token device_auth_confirm /device/confirm device_auth_request /device/auth -device_auth_verify /device/verify logout /logout session_me /session/me spoof_login /login diff --git a/nexus/tests/output/uncovered-authz-endpoints.txt b/nexus/tests/output/uncovered-authz-endpoints.txt index dd197825a47..6a0cae41685 100644 --- a/nexus/tests/output/uncovered-authz-endpoints.txt +++ b/nexus/tests/output/uncovered-authz-endpoints.txt @@ -1,6 +1,5 @@ API endpoints with no coverage in authz tests: session_sshkey_delete (delete "/session/me/sshkeys/{ssh_key_name}") -device_auth_verify (get "/device/verify") login (get "/login/{silo_name}/{provider_name}") session_me (get "/session/me") session_sshkey_list (get "/session/me/sshkeys") diff --git a/openapi/nexus.json b/openapi/nexus.json index b21a90036d3..10f926b221a 100644 --- a/openapi/nexus.json +++ b/openapi/nexus.json @@ -112,37 +112,6 @@ } } }, - "/device/verify": { - "get": { - "tags": [ - "hidden" - ], - "summary": "Verify an OAuth 2.0 Device Authorization Grant", - "description": "This endpoint should be accessed in a full user agent (e.g., a browser). If the user is not logged in, we redirect them to the login page and use the `state` parameter to get them back here on completion. If they are logged in, serve up the console verification page so they can verify the user code.", - "operationId": "device_auth_verify", - "parameters": [ - { - "in": "query", - "name": "user_code", - "required": true, - "schema": { - "type": "string" - }, - "style": "form" - } - ], - "responses": { - "default": { - "description": "", - "content": { - "*/*": { - "schema": {} - } - } - } - } - } - }, "/hardware/racks": { "get": { "tags": [