Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ui: Login Flow for Admin UI #18206

Closed
mrtracy opened this issue Sep 5, 2017 · 2 comments
Closed

ui: Login Flow for Admin UI #18206

mrtracy opened this issue Sep 5, 2017 · 2 comments
Labels
A-webui-security C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
Milestone
2.1

Comments

@mrtracy
Copy link
Contributor

mrtracy commented Sep 5, 2017

The Admin API now fully supports cookie-based authentication, which will restrict admin functions to authenticated users. However, the UI does not currently provide a way for a user to authenticate, so that system has been disabled in 1.1.

A login page should be added to the frontend, and all other activities on the Admin UI should be protected by that login. Details are available in the "web_session_login" RFC found under /docs/RFCS.

Works towards #6307
@mrtracy mrtracy added this to the 1.2 milestone Sep 5, 2017
@mrtracy mrtracy mentioned this issue Sep 5, 2017
Closed
@vivekmenezes vivekmenezes mentioned this issue Sep 20, 2017
Closed
@dianasaur323
Copy link
Contributor

Draft Acceptance Criteria - Accepting Comments

User Story
This is an important open source and enterprise user request. Currently, you have to some manual workarounds to block access to the admin UI.

Feature Scope
Given that we will be implementing RBAC in 1.2, we will need to update user login to match that use case. For now, we will release user login as a beta feature before rolling it out permanently. The beta feature will be composed of:

  • Simple login page that allows a user to log into the admin UI
  • Talks to the backend, which authorizes any user with a password to log into the admin UI
  • We will need a cluster setting to turn this on. It should be off by default so as not to effect our existing users and their workflows

Required States

  • Login page
  • Loading state
  • Some sign of logged in status in the admin UI

PM Acceptance Testing

  • Create a user and password
  • Login as that user
  • Observe the different states that the admin UI gets into
  • Try accessing the admin UI from a different node
  • Try chrome, safari, mozilla, IE
  • Observe what happens when you close out the window

@couchand couchand modified the milestones: 2.0, Later Jan 29, 2018
@couchand couchand mentioned this issue Mar 13, 2018
Closed
@couchand couchand added A-webui-security C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) labels Apr 24, 2018
@vilterp vilterp modified the milestones: Later, 2.1 May 2, 2018
@couchand couchand mentioned this issue May 15, 2018
Closed
@couchand couchand mentioned this issue Aug 2, 2018
Closed
vilterp pushed a commit to vilterp/cockroach that referenced this issue Aug 7, 2018
@couchand
ui: require web login for secure clusters
58d9e63 
Closes: cockroachdb#6307
Closes: cockroachdb#18206
Closes: cockroachdb#26518
Release note (admin ui change): Login is now required for secure clusters.
Users log in with a regular database username, so that user must already have a
password set.  Insecure clusters do not require login, and have a visual
indicator showing that they are insecure.
vilterp pushed a commit to couchand/cockroach that referenced this issue Aug 9, 2018
@couchand
ui: require web login for secure clusters
d90517d 
Closes: cockroachdb#6307
Closes: cockroachdb#18206
Closes: cockroachdb#26518
Release note (admin ui change): Login is now required for secure clusters.
Users log in with a regular database username, so that user must already have a
password set.  Insecure clusters do not require login, and have a visual
indicator showing that they are insecure.
@couchand
Copy link
Contributor

Closed in #28416

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-webui-security C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
Projects
None yet
Milestone
2.1
Development

Successfully merging a pull request may close this issue.

ui: require web login for secure clusters couchand/cockroach
4 participants
@vilterp @couchand @dianasaur323 @mrtracy