From 31de1960ec079f1cd30a9152a5365edb22584022 Mon Sep 17 00:00:00 2001 From: npalaska Date: Mon, 6 Feb 2023 17:28:26 -0500 Subject: [PATCH 1/5] Enable OIDC redirect in dashboard PBENCH-1072 --- dashboard/src/actions/authActions.js | 19 +++++++++++++++++++ .../AuthComponent/common-components.jsx | 9 +++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/dashboard/src/actions/authActions.js b/dashboard/src/actions/authActions.js index 1474ec412c..ed9cfb8b2a 100644 --- a/dashboard/src/actions/authActions.js +++ b/dashboard/src/actions/authActions.js @@ -8,6 +8,25 @@ import { SUCCESS } from "assets/constants/overviewConstants"; import { showToast } from "actions/toastActions"; import { uid } from "../utils/helper"; + +// Create an Authentication Request +export const authenticationRequest = () => async (dispatch, getState) => { + const endpoints = getState().apiEndpoint.endpoints; + const oidcServer = endpoints?.authentication?.issuer; + const oidcRealm = endpoints?.authentication?.realm; + const oidcClient = endpoints?.authentication?.client; + const oidcClientSecret = endpoints?.authentication?.secret; + let req = oidcServer + '/realms/' + oidcRealm + '/protocol/openid-connect/auth'; + req += '?client_id=' + oidcClient; + req += '&client_secret=' + oidcClientSecret; + req += '&response_type=code'; + req += '&redirect_uri=' + window.location.href.split('?')[0]; + req += '&scope=profile'; + req += '&prompt=login'; + req += '&max_age=120'; + window.location.href = req; +} + export const makeLoginRequest = (details, navigate) => async (dispatch, getState) => { try { diff --git a/dashboard/src/modules/components/AuthComponent/common-components.jsx b/dashboard/src/modules/components/AuthComponent/common-components.jsx index 385a1e9623..716ab18092 100644 --- a/dashboard/src/modules/components/AuthComponent/common-components.jsx +++ b/dashboard/src/modules/components/AuthComponent/common-components.jsx @@ -18,7 +18,7 @@ import { import { CheckIcon, CloseIcon, TimesIcon } from "@patternfly/react-icons"; import { useDispatch, useSelector } from "react-redux"; import { useNavigate, useOutletContext } from "react-router-dom"; - +import { authenticationRequest } from "actions/authActions"; import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; import PBenchLogo from "assets/logo/pbench_logo.svg"; import React from "react"; @@ -117,7 +117,12 @@ export const AuthForm = () => {
Or log in with...
- +
From db6499c539db0c2460f4add2ebf09ca8a9096a1c Mon Sep 17 00:00:00 2001 From: npalaska Date: Tue, 7 Feb 2023 15:01:58 -0500 Subject: [PATCH 2/5] update the buttons on UI --- .../modules/components/AuthComponent/common-components.jsx | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/dashboard/src/modules/components/AuthComponent/common-components.jsx b/dashboard/src/modules/components/AuthComponent/common-components.jsx index 716ab18092..b6c11ed6ee 100644 --- a/dashboard/src/modules/components/AuthComponent/common-components.jsx +++ b/dashboard/src/modules/components/AuthComponent/common-components.jsx @@ -121,10 +121,8 @@ export const AuthForm = () => { variant="primary" onClick={() => {dispatch(authenticationRequest())}} > - Red Hat SSO + Pbench OpenId - - From 00d41a932c5ccb668c9793eba9d01d85b3a108f5 Mon Sep 17 00:00:00 2001 From: npalaska Date: Tue, 7 Feb 2023 20:17:11 -0500 Subject: [PATCH 3/5] add try-catch, sync with latest server endpoints api changes --- dashboard/src/actions/authActions.js | 54 ++++++++++++++++++++-------- dashboard/src/actions/types.js | 1 + 2 files changed, 40 insertions(+), 15 deletions(-) diff --git a/dashboard/src/actions/authActions.js b/dashboard/src/actions/authActions.js index ed9cfb8b2a..adbd595130 100644 --- a/dashboard/src/actions/authActions.js +++ b/dashboard/src/actions/authActions.js @@ -11,21 +11,45 @@ import { uid } from "../utils/helper"; // Create an Authentication Request export const authenticationRequest = () => async (dispatch, getState) => { - const endpoints = getState().apiEndpoint.endpoints; - const oidcServer = endpoints?.authentication?.issuer; - const oidcRealm = endpoints?.authentication?.realm; - const oidcClient = endpoints?.authentication?.client; - const oidcClientSecret = endpoints?.authentication?.secret; - let req = oidcServer + '/realms/' + oidcRealm + '/protocol/openid-connect/auth'; - req += '?client_id=' + oidcClient; - req += '&client_secret=' + oidcClientSecret; - req += '&response_type=code'; - req += '&redirect_uri=' + window.location.href.split('?')[0]; - req += '&scope=profile'; - req += '&prompt=login'; - req += '&max_age=120'; - window.location.href = req; -} + try { + const endpoints = getState().apiEndpoint.endpoints; + const oidcServer = endpoints["openid-connect"]?.issuer; + const oidcRealm = endpoints["openid-connect"]?.realm; + const oidcClient = endpoints["openid-connect"]?.client; + const oidcClientSecret = endpoints["openid-connect"]?.secret; + let req = oidcServer + '/realms/' + oidcRealm + '/protocol/openid-connect/auth'; + req += '?client_id=' + oidcClient; + req += '&client_secret=' + oidcClientSecret; + req += '&response_type=code'; + req += '&redirect_uri=' + window.location.href.split('?')[0]; + req += '&scope=profile'; + req += '&prompt=login'; + req += '&max_age=120'; + window.location.href = req; + } catch (error) { + const alerts = getState().userAuth.alerts; + let alert = {}; + if (error?.response) { + alert = { + title: error?.response?.data?.message, + key: uid(), + }; + dispatch(toggleLoginBtn(true)); + } else { + alert = { + title: error?.message, + key: uid(), + }; + dispatch({ type: TYPES.OPENID_ERROR }); + } + alerts.push(alert); + dispatch({ + type: TYPES.USER_NOTION_ALERTS, + payload: alerts, + }); + dispatch({ type: TYPES.COMPLETED }); + } +}; export const makeLoginRequest = (details, navigate) => async (dispatch, getState) => { diff --git a/dashboard/src/actions/types.js b/dashboard/src/actions/types.js index bf93b1b038..5780207860 100644 --- a/dashboard/src/actions/types.js +++ b/dashboard/src/actions/types.js @@ -10,6 +10,7 @@ export const SHOW_FAILURE_TOAST = "SHOW_FAILURE_TOAST"; export const LOADING = "LOADING"; export const COMPLETED = "COMPLETED"; export const NETWORK_ERROR = "NETWORK_ERROR"; +export const OPENID_ERROR = "OPENID_ERROR"; export const DASHBOARD_LOADING = "DASHBOARD_LOADING"; /* USER AUTHENTICATION */ From d32e20ba43fa9c061264a8a56be4e5aee6517f0b Mon Sep 17 00:00:00 2001 From: npalaska Date: Wed, 8 Feb 2023 15:12:51 -0500 Subject: [PATCH 4/5] we dont need client secret when redirecting --- dashboard/src/actions/authActions.js | 4 ++-- docs/user_authentication/third_party_token_management.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/dashboard/src/actions/authActions.js b/dashboard/src/actions/authActions.js index adbd595130..29b141902a 100644 --- a/dashboard/src/actions/authActions.js +++ b/dashboard/src/actions/authActions.js @@ -16,10 +16,10 @@ export const authenticationRequest = () => async (dispatch, getState) => { const oidcServer = endpoints["openid-connect"]?.issuer; const oidcRealm = endpoints["openid-connect"]?.realm; const oidcClient = endpoints["openid-connect"]?.client; - const oidcClientSecret = endpoints["openid-connect"]?.secret; + // URI parameters ref: https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint + // Refer Step 3 of pbench/docs/user_authentication/third_party_token_management.md let req = oidcServer + '/realms/' + oidcRealm + '/protocol/openid-connect/auth'; req += '?client_id=' + oidcClient; - req += '&client_secret=' + oidcClientSecret; req += '&response_type=code'; req += '&redirect_uri=' + window.location.href.split('?')[0]; req += '&scope=profile'; diff --git a/docs/user_authentication/third_party_token_management.md b/docs/user_authentication/third_party_token_management.md index 0bb4fcfe09..602da84e0c 100644 --- a/docs/user_authentication/third_party_token_management.md +++ b/docs/user_authentication/third_party_token_management.md @@ -37,6 +37,7 @@ abox over Browser:Identity broker instructs the browser to \nload identity provi deactivate Browser Browser->Identity-Provider:GET identity provider auth page +note over Browser:Ref: https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint note right of Browser:GET request:\n\n?client_id=\n&response_type=code\n&redirect_uri=\n&scope=openid Identity-Provider->Browser:303 Response\n(Redirect to identity provider auth page) From de042300f5ceffd0aeff83908701bc4e3aedd967 Mon Sep 17 00:00:00 2001 From: npalaska Date: Sat, 11 Feb 2023 12:13:59 -0500 Subject: [PATCH 5/5] refactor and remove redux state mutation --- dashboard/src/actions/authActions.js | 47 +++++++++++++--------------- 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/dashboard/src/actions/authActions.js b/dashboard/src/actions/authActions.js index 29b141902a..94138224ae 100644 --- a/dashboard/src/actions/authActions.js +++ b/dashboard/src/actions/authActions.js @@ -13,39 +13,34 @@ import { uid } from "../utils/helper"; export const authenticationRequest = () => async (dispatch, getState) => { try { const endpoints = getState().apiEndpoint.endpoints; - const oidcServer = endpoints["openid-connect"]?.issuer; - const oidcRealm = endpoints["openid-connect"]?.realm; - const oidcClient = endpoints["openid-connect"]?.client; + const oidcServer = endpoints.openid.server; + const oidcRealm = endpoints.openid.realm; + const oidcClient = endpoints.openid.client; // URI parameters ref: https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint // Refer Step 3 of pbench/docs/user_authentication/third_party_token_management.md - let req = oidcServer + '/realms/' + oidcRealm + '/protocol/openid-connect/auth'; - req += '?client_id=' + oidcClient; - req += '&response_type=code'; - req += '&redirect_uri=' + window.location.href.split('?')[0]; - req += '&scope=profile'; - req += '&prompt=login'; - req += '&max_age=120'; - window.location.href = req; + const uri = `${oidcServer}/realms/${oidcRealm}/protocol/openid-connect/auth`; + const queryParams = [ + 'client_id=' + oidcClient, + 'response_type=code', + 'redirect_uri=' + window.location.href.split('?')[0], + 'scope=profile', + 'prompt=login', + 'max_age=120' + ]; + window.location.href = uri + '?' + queryParams.join('&'); } catch (error) { const alerts = getState().userAuth.alerts; - let alert = {}; - if (error?.response) { - alert = { - title: error?.response?.data?.message, - key: uid(), - }; - dispatch(toggleLoginBtn(true)); - } else { - alert = { - title: error?.message, + dispatch(error?.response + ? toggleLoginBtn(true) + : { type: TYPES.OPENID_ERROR } + ); + const alert = { + title: error?.response ? error.response.data?.message : error?.message, key: uid(), - }; - dispatch({ type: TYPES.OPENID_ERROR }); - } - alerts.push(alert); + }; dispatch({ type: TYPES.USER_NOTION_ALERTS, - payload: alerts, + payload: [...alerts, alert], }); dispatch({ type: TYPES.COMPLETED }); }