Auth SignIn - OIDC / Superuser #1490
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Ah! We should export all the auth related components/context/etc out of index.ts for use in EE too! |
This reverts commit 286211b.
jpellizzari
pushed a commit
that referenced
this pull request
Feb 28, 2022
* WG309 Auth Context and Welcome screen - WIP * WG309 Auth Context and Welcome screen - WIP2 * WG309 Auth Context and Welcome screen - WIP * Add sign_in handler * WG309 Update welcome screen form * WG309 Update sign in formData submit * WG309 Update sign in req and payload * Fix format in helm testdata * Enable CORS for dev * Remove unnecessary package * WG309 Userinfo draft and cleanup * Callback working - use REACT_API_URL=http://0.0.0.0:9001 * WG309 User info returns 200 * WG309 Remove CORS related code * WG309 Remove CORS related code - update * Add tests for Signin handler * Update tests * Remove username from sign in form * Add token signer/verifier * Fix test * Add new middleware * Add tests for Signin handler * User from stash * WG309 AuthContext update on user info check * WG309 AuthContext update on user info check - 2 * WG309 Refactor loading in AuthContext * WG309 AuthContext reruns on history change * Fix conflict * WG309 AuthContext refactor * WG309 On refresh page doesnt go to 404 anymore * Wrap loading page * WG309 Fix oidc return url * Issued cookies should have the Secure attribute to true * WG309 Display alert error * Remove secret yaml example * WG309 Improve loading transition * Add OIDC flow test for user info endpoint * WG309 Improve loading transition - 2 * Fix eslint errors * Split out authchecking from the authcontext, single router * WG309 Add switch for password visibility * WG309 Add switch for password visibility - updated * Update package.json with main version * Lint it * Rm security risk printing user-supplied value * WG309 Hide UI behind flag - WIP * Push first pass at GET /v1/config * https in tests * Revert "https in tests" This reverts commit 286211b. * get feature flags innit * WG309 Hide UI behind feature flag - updated * Linting and testing * Update exports * untagglin * fix fix fix * OIDC is optional now * Update package.lock * WG309 Hide UI behind feature flag - updated2 * Fix issues in package-lock.json * Fix issues in package-lock.json - 2 Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com>
jpellizzari
pushed a commit
that referenced
this pull request
Feb 28, 2022
* WG309 Auth Context and Welcome screen - WIP * WG309 Auth Context and Welcome screen - WIP2 * WG309 Auth Context and Welcome screen - WIP * Add sign_in handler * WG309 Update welcome screen form * WG309 Update sign in formData submit * WG309 Update sign in req and payload * Fix format in helm testdata * Enable CORS for dev * Remove unnecessary package * WG309 Userinfo draft and cleanup * Callback working - use REACT_API_URL=http://0.0.0.0:9001 * WG309 User info returns 200 * WG309 Remove CORS related code * WG309 Remove CORS related code - update * Add tests for Signin handler * Update tests * Remove username from sign in form * Add token signer/verifier * Fix test * Add new middleware * Add tests for Signin handler * User from stash * WG309 AuthContext update on user info check * WG309 AuthContext update on user info check - 2 * WG309 Refactor loading in AuthContext * WG309 AuthContext reruns on history change * Fix conflict * WG309 AuthContext refactor * WG309 On refresh page doesnt go to 404 anymore * Wrap loading page * WG309 Fix oidc return url * Issued cookies should have the Secure attribute to true * WG309 Display alert error * Remove secret yaml example * WG309 Improve loading transition * Add OIDC flow test for user info endpoint * WG309 Improve loading transition - 2 * Fix eslint errors * Split out authchecking from the authcontext, single router * WG309 Add switch for password visibility * WG309 Add switch for password visibility - updated * Update package.json with main version * Lint it * Rm security risk printing user-supplied value * WG309 Hide UI behind flag - WIP * Push first pass at GET /v1/config * https in tests * Revert "https in tests" This reverts commit 286211b. * get feature flags innit * WG309 Hide UI behind feature flag - updated * Linting and testing * Update exports * untagglin * fix fix fix * OIDC is optional now * Update package.lock * WG309 Hide UI behind feature flag - updated2 * Fix issues in package-lock.json * Fix issues in package-lock.json - 2 Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com>
Callisto13
added a commit
that referenced
this pull request
Mar 1, 2022
* Auth SignIn - OIDC / Superuser (#1490) * WG309 Auth Context and Welcome screen - WIP * WG309 Auth Context and Welcome screen - WIP2 * WG309 Auth Context and Welcome screen - WIP * Add sign_in handler * WG309 Update welcome screen form * WG309 Update sign in formData submit * WG309 Update sign in req and payload * Fix format in helm testdata * Enable CORS for dev * Remove unnecessary package * WG309 Userinfo draft and cleanup * Callback working - use REACT_API_URL=http://0.0.0.0:9001 * WG309 User info returns 200 * WG309 Remove CORS related code * WG309 Remove CORS related code - update * Add tests for Signin handler * Update tests * Remove username from sign in form * Add token signer/verifier * Fix test * Add new middleware * Add tests for Signin handler * User from stash * WG309 AuthContext update on user info check * WG309 AuthContext update on user info check - 2 * WG309 Refactor loading in AuthContext * WG309 AuthContext reruns on history change * Fix conflict * WG309 AuthContext refactor * WG309 On refresh page doesnt go to 404 anymore * Wrap loading page * WG309 Fix oidc return url * Issued cookies should have the Secure attribute to true * WG309 Display alert error * Remove secret yaml example * WG309 Improve loading transition * Add OIDC flow test for user info endpoint * WG309 Improve loading transition - 2 * Fix eslint errors * Split out authchecking from the authcontext, single router * WG309 Add switch for password visibility * WG309 Add switch for password visibility - updated * Update package.json with main version * Lint it * Rm security risk printing user-supplied value * WG309 Hide UI behind flag - WIP * Push first pass at GET /v1/config * https in tests * Revert "https in tests" This reverts commit 286211b. * get feature flags innit * WG309 Hide UI behind feature flag - updated * Linting and testing * Update exports * untagglin * fix fix fix * OIDC is optional now * Update package.lock * WG309 Hide UI behind feature flag - updated2 * Fix issues in package-lock.json * Fix issues in package-lock.json - 2 Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> * Auth logout (#1492) * WG309 Auth Context and Welcome screen - WIP * WG309 Auth Context and Welcome screen - WIP2 * WG309 Auth Context and Welcome screen - WIP * Add sign_in handler * WG309 Update welcome screen form * WG309 Update sign in formData submit * WG309 Update sign in req and payload * Fix format in helm testdata * Enable CORS for dev * Remove unnecessary package * WG309 Userinfo draft and cleanup * Callback working - use REACT_API_URL=http://0.0.0.0:9001 * WG309 User info returns 200 * WG309 Remove CORS related code * WG309 Remove CORS related code - update * Add tests for Signin handler * Update tests * Remove username from sign in form * Add token signer/verifier * Fix test * Add new middleware * Add tests for Signin handler * User from stash * WG309 AuthContext update on user info check * WG309 AuthContext update on user info check - 2 * WG309 Refactor loading in AuthContext * WG309 AuthContext reruns on history change * Fix conflict * WG309 AuthContext refactor * WG309 On refresh page doesnt go to 404 anymore * Wrap loading page * WG309 Fix oidc return url * Issued cookies should have the Secure attribute to true * WG309 Display alert error * Remove secret yaml example * WG309 Improve loading transition * Add OIDC flow test for user info endpoint * WG309 Improve loading transition - 2 * Fix eslint errors * Split out authchecking from the authcontext, single router * WG309 Add switch for password visibility * WG309 Add switch for password visibility - updated * Add BE logout code * Update package.json with main version * Lint it * WG407 Add user settings section - WIP * Rm security risk printing user-supplied value * WG407 Add user settings section - WIP2 * WG309 Hide UI behind flag - WIP * Push first pass at GET /v1/config * https in tests * Revert "https in tests" This reverts commit 286211b. * get feature flags innit * WG309 Hide UI behind feature flag - updated * Linting and testing * Update exports * untagglin * fix fix fix * OIDC is optional now * Update package.lock * WG407 Hide userSettings when authFlag is null * WG309 Hide UI behind feature flag - updated2 * WG407 Hide userSettings when authFlag is null - 2 * Fix issues in package-lock.json * Fix issues in package-lock.json - 2 * WG407 Add FeatureFlags context * WG407 Add FeatureFlags context - updated * WG407 Add FeatureFlags context - updated2 * Fix linting error * Update ui/contexts/AuthContext.tsx Co-authored-by: Simon <footless@gmail.com> * Implement PR feedback * Implement PR feedback - 2 Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> * Add logout endpoint (#1472) * Add logout endpoint * linting * more linting * Add test * Remove extra cookie * Add failure test * Set UI proxy port back to 9000 * Render UI even when featureflags route has an error * run make proto Co-authored-by: AlinaGoaga <35202557+AlinaGoaga@users.noreply.github.com> Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> Co-authored-by: sarataha <sara@weave.works> Co-authored-by: Claudia Beresford <claudiaberesford@gmail.com>
jpellizzari
added a commit
that referenced
this pull request
Mar 3, 2022
* Auth SignIn - OIDC / Superuser (#1490) * WG309 Auth Context and Welcome screen - WIP * WG309 Auth Context and Welcome screen - WIP2 * WG309 Auth Context and Welcome screen - WIP * Add sign_in handler * WG309 Update welcome screen form * WG309 Update sign in formData submit * WG309 Update sign in req and payload * Fix format in helm testdata * Enable CORS for dev * Remove unnecessary package * WG309 Userinfo draft and cleanup * Callback working - use REACT_API_URL=http://0.0.0.0:9001 * WG309 User info returns 200 * WG309 Remove CORS related code * WG309 Remove CORS related code - update * Add tests for Signin handler * Update tests * Remove username from sign in form * Add token signer/verifier * Fix test * Add new middleware * Add tests for Signin handler * User from stash * WG309 AuthContext update on user info check * WG309 AuthContext update on user info check - 2 * WG309 Refactor loading in AuthContext * WG309 AuthContext reruns on history change * Fix conflict * WG309 AuthContext refactor * WG309 On refresh page doesnt go to 404 anymore * Wrap loading page * WG309 Fix oidc return url * Issued cookies should have the Secure attribute to true * WG309 Display alert error * Remove secret yaml example * WG309 Improve loading transition * Add OIDC flow test for user info endpoint * WG309 Improve loading transition - 2 * Fix eslint errors * Split out authchecking from the authcontext, single router * WG309 Add switch for password visibility * WG309 Add switch for password visibility - updated * Update package.json with main version * Lint it * Rm security risk printing user-supplied value * WG309 Hide UI behind flag - WIP * Push first pass at GET /v1/config * https in tests * Revert "https in tests" This reverts commit 286211b. * get feature flags innit * WG309 Hide UI behind feature flag - updated * Linting and testing * Update exports * untagglin * fix fix fix * OIDC is optional now * Update package.lock * WG309 Hide UI behind feature flag - updated2 * Fix issues in package-lock.json * Fix issues in package-lock.json - 2 Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> * Auth logout (#1492) * WG309 Auth Context and Welcome screen - WIP * WG309 Auth Context and Welcome screen - WIP2 * WG309 Auth Context and Welcome screen - WIP * Add sign_in handler * WG309 Update welcome screen form * WG309 Update sign in formData submit * WG309 Update sign in req and payload * Fix format in helm testdata * Enable CORS for dev * Remove unnecessary package * WG309 Userinfo draft and cleanup * Callback working - use REACT_API_URL=http://0.0.0.0:9001 * WG309 User info returns 200 * WG309 Remove CORS related code * WG309 Remove CORS related code - update * Add tests for Signin handler * Update tests * Remove username from sign in form * Add token signer/verifier * Fix test * Add new middleware * Add tests for Signin handler * User from stash * WG309 AuthContext update on user info check * WG309 AuthContext update on user info check - 2 * WG309 Refactor loading in AuthContext * WG309 AuthContext reruns on history change * Fix conflict * WG309 AuthContext refactor * WG309 On refresh page doesnt go to 404 anymore * Wrap loading page * WG309 Fix oidc return url * Issued cookies should have the Secure attribute to true * WG309 Display alert error * Remove secret yaml example * WG309 Improve loading transition * Add OIDC flow test for user info endpoint * WG309 Improve loading transition - 2 * Fix eslint errors * Split out authchecking from the authcontext, single router * WG309 Add switch for password visibility * WG309 Add switch for password visibility - updated * Add BE logout code * Update package.json with main version * Lint it * WG407 Add user settings section - WIP * Rm security risk printing user-supplied value * WG407 Add user settings section - WIP2 * WG309 Hide UI behind flag - WIP * Push first pass at GET /v1/config * https in tests * Revert "https in tests" This reverts commit 286211b. * get feature flags innit * WG309 Hide UI behind feature flag - updated * Linting and testing * Update exports * untagglin * fix fix fix * OIDC is optional now * Update package.lock * WG407 Hide userSettings when authFlag is null * WG309 Hide UI behind feature flag - updated2 * WG407 Hide userSettings when authFlag is null - 2 * Fix issues in package-lock.json * Fix issues in package-lock.json - 2 * WG407 Add FeatureFlags context * WG407 Add FeatureFlags context - updated * WG407 Add FeatureFlags context - updated2 * Fix linting error * Update ui/contexts/AuthContext.tsx Co-authored-by: Simon <footless@gmail.com> * Implement PR feedback * Implement PR feedback - 2 Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> * Add logout endpoint (#1472) * Add logout endpoint * linting * more linting * Add test * Remove extra cookie * Add failure test * Set UI proxy port back to 9000 * Render UI even when featureflags route has an error * run make proto Co-authored-by: AlinaGoaga <35202557+AlinaGoaga@users.noreply.github.com> Co-authored-by: Yiannis <yiannis@weave.works> Co-authored-by: Simon Howe <footless@gmail.com> Co-authored-by: sarataha <sara@weave.works> Co-authored-by: Claudia Beresford <claudiaberesford@gmail.com>
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes: https://app.zenhub.com/workspaces/weave-gitops-enterprise-6127680175876a0014fc5657/issues/weaveworks/weave-gitops-enterprise/309
What changed?
Implement sign in with OIDC / superuser.
How did you test it?
BE tests and browser tests.
To test:
OIDC (using DEX for testing purposes): start server with
WEAVE_GITOPS_AUTH_ENABLED=true go run ./cmd/gitops/main.go ui run --oidc-issuer-url https://dex-01.wge.dev.weave.works --oidc-client-id weave-gitops --oidc-client-secret ZXhhbXBsZS1hcHAtc2VjcmV0 --oidc-redirect-url http://localhost:4567/oauth2/callbacksuper user (password:
my-secret-password+ secret to add to cluster, corresponding to pass):