-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add logout endpoint #1472
Add logout endpoint #1472
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice one! Can we add a couple of unit tests for failure/success too? 🙏
pkg/server/auth/server_test.go
Outdated
"github.com/go-logr/logr" | ||
"github.com/oauth2-proxy/mockoidc" | ||
"github.com/weaveworks/weave-gitops/pkg/server/auth" | ||
"gotest.tools/v3/assert" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets use the normal testify lib here
pkg/server/auth/server_test.go
Outdated
|
||
w := httptest.NewRecorder() | ||
|
||
http.SetCookie(w, cookie) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line is introducing the 2nd cookie in the response, we can remove it 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💯
* Add logout endpoint * linting * more linting * Add test * Remove extra cookie * Add failure test
* Add logout endpoint * linting * more linting * Add test * Remove extra cookie * Add failure test
* Auth SignIn - OIDC / Superuser (#1490) * WG309 Auth Context and Welcome screen - WIP * WG309 Auth Context and Welcome screen - WIP2 * WG309 Auth Context and Welcome screen - WIP * Add sign_in handler * WG309 Update welcome screen form * WG309 Update sign in formData submit * WG309 Update sign in req and payload * Fix format in helm testdata * Enable CORS for dev * Remove unnecessary package * WG309 Userinfo draft and cleanup * Callback working - use REACT_API_URL=http://0.0.0.0:9001 * WG309 User info returns 200 * WG309 Remove CORS related code * WG309 Remove CORS related code - update * Add tests for Signin handler * Update tests * Remove username from sign in form * Add token signer/verifier * Fix test * Add new middleware * Add tests for Signin handler * User from stash * WG309 AuthContext update on user info check * WG309 AuthContext update on user info check - 2 * WG309 Refactor loading in AuthContext * WG309 AuthContext reruns on history change * Fix conflict * WG309 AuthContext refactor * WG309 On refresh page doesnt go to 404 anymore * Wrap loading page * WG309 Fix oidc return url * Issued cookies should have the Secure attribute to true * WG309 Display alert error * Remove secret yaml example * WG309 Improve loading transition * Add OIDC flow test for user info endpoint * WG309 Improve loading transition - 2 * Fix eslint errors * Split out authchecking from the authcontext, single router * WG309 Add switch for password visibility * WG309 Add switch for password visibility - updated * Update package.json with main version * Lint it * Rm security risk printing user-supplied value * WG309 Hide UI behind flag - WIP * Push first pass at GET /v1/config * https in tests * Revert "https in tests" This reverts commit 286211b. * get feature flags innit * WG309 Hide UI behind feature flag - updated * Linting and testing * Update exports * untagglin * fix fix fix * OIDC is optional now * Update package.lock * WG309 Hide UI behind feature flag - updated2 * Fix issues in package-lock.json * Fix issues in package-lock.json - 2 Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> * Auth logout (#1492) * WG309 Auth Context and Welcome screen - WIP * WG309 Auth Context and Welcome screen - WIP2 * WG309 Auth Context and Welcome screen - WIP * Add sign_in handler * WG309 Update welcome screen form * WG309 Update sign in formData submit * WG309 Update sign in req and payload * Fix format in helm testdata * Enable CORS for dev * Remove unnecessary package * WG309 Userinfo draft and cleanup * Callback working - use REACT_API_URL=http://0.0.0.0:9001 * WG309 User info returns 200 * WG309 Remove CORS related code * WG309 Remove CORS related code - update * Add tests for Signin handler * Update tests * Remove username from sign in form * Add token signer/verifier * Fix test * Add new middleware * Add tests for Signin handler * User from stash * WG309 AuthContext update on user info check * WG309 AuthContext update on user info check - 2 * WG309 Refactor loading in AuthContext * WG309 AuthContext reruns on history change * Fix conflict * WG309 AuthContext refactor * WG309 On refresh page doesnt go to 404 anymore * Wrap loading page * WG309 Fix oidc return url * Issued cookies should have the Secure attribute to true * WG309 Display alert error * Remove secret yaml example * WG309 Improve loading transition * Add OIDC flow test for user info endpoint * WG309 Improve loading transition - 2 * Fix eslint errors * Split out authchecking from the authcontext, single router * WG309 Add switch for password visibility * WG309 Add switch for password visibility - updated * Add BE logout code * Update package.json with main version * Lint it * WG407 Add user settings section - WIP * Rm security risk printing user-supplied value * WG407 Add user settings section - WIP2 * WG309 Hide UI behind flag - WIP * Push first pass at GET /v1/config * https in tests * Revert "https in tests" This reverts commit 286211b. * get feature flags innit * WG309 Hide UI behind feature flag - updated * Linting and testing * Update exports * untagglin * fix fix fix * OIDC is optional now * Update package.lock * WG407 Hide userSettings when authFlag is null * WG309 Hide UI behind feature flag - updated2 * WG407 Hide userSettings when authFlag is null - 2 * Fix issues in package-lock.json * Fix issues in package-lock.json - 2 * WG407 Add FeatureFlags context * WG407 Add FeatureFlags context - updated * WG407 Add FeatureFlags context - updated2 * Fix linting error * Update ui/contexts/AuthContext.tsx Co-authored-by: Simon <footless@gmail.com> * Implement PR feedback * Implement PR feedback - 2 Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> * Add logout endpoint (#1472) * Add logout endpoint * linting * more linting * Add test * Remove extra cookie * Add failure test * Set UI proxy port back to 9000 * Render UI even when featureflags route has an error * run make proto Co-authored-by: AlinaGoaga <35202557+AlinaGoaga@users.noreply.github.com> Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> Co-authored-by: sarataha <sara@weave.works> Co-authored-by: Claudia Beresford <claudiaberesford@gmail.com>
* Auth SignIn - OIDC / Superuser (#1490) * WG309 Auth Context and Welcome screen - WIP * WG309 Auth Context and Welcome screen - WIP2 * WG309 Auth Context and Welcome screen - WIP * Add sign_in handler * WG309 Update welcome screen form * WG309 Update sign in formData submit * WG309 Update sign in req and payload * Fix format in helm testdata * Enable CORS for dev * Remove unnecessary package * WG309 Userinfo draft and cleanup * Callback working - use REACT_API_URL=http://0.0.0.0:9001 * WG309 User info returns 200 * WG309 Remove CORS related code * WG309 Remove CORS related code - update * Add tests for Signin handler * Update tests * Remove username from sign in form * Add token signer/verifier * Fix test * Add new middleware * Add tests for Signin handler * User from stash * WG309 AuthContext update on user info check * WG309 AuthContext update on user info check - 2 * WG309 Refactor loading in AuthContext * WG309 AuthContext reruns on history change * Fix conflict * WG309 AuthContext refactor * WG309 On refresh page doesnt go to 404 anymore * Wrap loading page * WG309 Fix oidc return url * Issued cookies should have the Secure attribute to true * WG309 Display alert error * Remove secret yaml example * WG309 Improve loading transition * Add OIDC flow test for user info endpoint * WG309 Improve loading transition - 2 * Fix eslint errors * Split out authchecking from the authcontext, single router * WG309 Add switch for password visibility * WG309 Add switch for password visibility - updated * Update package.json with main version * Lint it * Rm security risk printing user-supplied value * WG309 Hide UI behind flag - WIP * Push first pass at GET /v1/config * https in tests * Revert "https in tests" This reverts commit 286211b. * get feature flags innit * WG309 Hide UI behind feature flag - updated * Linting and testing * Update exports * untagglin * fix fix fix * OIDC is optional now * Update package.lock * WG309 Hide UI behind feature flag - updated2 * Fix issues in package-lock.json * Fix issues in package-lock.json - 2 Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> * Auth logout (#1492) * WG309 Auth Context and Welcome screen - WIP * WG309 Auth Context and Welcome screen - WIP2 * WG309 Auth Context and Welcome screen - WIP * Add sign_in handler * WG309 Update welcome screen form * WG309 Update sign in formData submit * WG309 Update sign in req and payload * Fix format in helm testdata * Enable CORS for dev * Remove unnecessary package * WG309 Userinfo draft and cleanup * Callback working - use REACT_API_URL=http://0.0.0.0:9001 * WG309 User info returns 200 * WG309 Remove CORS related code * WG309 Remove CORS related code - update * Add tests for Signin handler * Update tests * Remove username from sign in form * Add token signer/verifier * Fix test * Add new middleware * Add tests for Signin handler * User from stash * WG309 AuthContext update on user info check * WG309 AuthContext update on user info check - 2 * WG309 Refactor loading in AuthContext * WG309 AuthContext reruns on history change * Fix conflict * WG309 AuthContext refactor * WG309 On refresh page doesnt go to 404 anymore * Wrap loading page * WG309 Fix oidc return url * Issued cookies should have the Secure attribute to true * WG309 Display alert error * Remove secret yaml example * WG309 Improve loading transition * Add OIDC flow test for user info endpoint * WG309 Improve loading transition - 2 * Fix eslint errors * Split out authchecking from the authcontext, single router * WG309 Add switch for password visibility * WG309 Add switch for password visibility - updated * Add BE logout code * Update package.json with main version * Lint it * WG407 Add user settings section - WIP * Rm security risk printing user-supplied value * WG407 Add user settings section - WIP2 * WG309 Hide UI behind flag - WIP * Push first pass at GET /v1/config * https in tests * Revert "https in tests" This reverts commit 286211b. * get feature flags innit * WG309 Hide UI behind feature flag - updated * Linting and testing * Update exports * untagglin * fix fix fix * OIDC is optional now * Update package.lock * WG407 Hide userSettings when authFlag is null * WG309 Hide UI behind feature flag - updated2 * WG407 Hide userSettings when authFlag is null - 2 * Fix issues in package-lock.json * Fix issues in package-lock.json - 2 * WG407 Add FeatureFlags context * WG407 Add FeatureFlags context - updated * WG407 Add FeatureFlags context - updated2 * Fix linting error * Update ui/contexts/AuthContext.tsx Co-authored-by: Simon <footless@gmail.com> * Implement PR feedback * Implement PR feedback - 2 Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> * Add logout endpoint (#1472) * Add logout endpoint * linting * more linting * Add test * Remove extra cookie * Add failure test * Set UI proxy port back to 9000 * Render UI even when featureflags route has an error * run make proto Co-authored-by: AlinaGoaga <35202557+AlinaGoaga@users.noreply.github.com> Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> Co-authored-by: sarataha <sara@weave.works> Co-authored-by: Claudia Beresford <claudiaberesford@gmail.com>
Closes: weaveworks/weave-gitops-enterprise#407
What changed?
Added a new /logout endpoint to be called by FE for cookie deletion.
Why?
Part of Auth implementation.
How did you test it?
Tested locally + unit tests.
Release notes
Documentation Changes