Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Preserve Query in nextUrl during openid login redirect #2140

Merged
merged 11 commits into from
Dec 10, 2024

Conversation

KleinSebastian
Copy link
Contributor

Description

Successful Openid Login redirects back to the URL, from where the login was initiated.

Category

Bug fix

Why these changes are required?

Bug was reported: #1823 and #2119

What is the old behaviour before changes and new behaviour after changes?

The changed behaviour is best explained by following user-flow

  • User is not logged in
  • User clicks on a shared Dashboard Link
  • User is redirected to configured Openid IDP
  • After successful login, user is redirected to
    • Before: /app/dashboards
    • After: /app/dashboards#/view/....
  • Optional: When Multitenancy is enabled, the tenant from the link was discarded before and is now kept.

The whole functionality is basically ported from the SAML login method.

Issues Resolved

Fix: #1823
Fix: #2119

Testing

Existing Tests pass

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Copy link

codecov bot commented Oct 23, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.46%. Comparing base (e68ae88) to head (2d03947).
Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #2140   +/-   ##
=======================================
  Coverage   71.46%   71.46%           
=======================================
  Files          97       97           
  Lines        2649     2649           
  Branches      403      411    +8     
=======================================
  Hits         1893     1893           
  Misses        641      641           
  Partials      115      115           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@cwperks
Copy link
Member

cwperks commented Oct 29, 2024

@KleinSebastian Can you add a test to go along with the changes being introduced in this PR?

@KleinSebastian
Copy link
Contributor Author

@cwperks I added a set of unit tests for the handleUnauthRequest call. E2E Tests for the functionality are unfortunately not working on my machine, so I skipped them. If you insist upon Cypress Tests I will try my best to do it on another machine.

@cwperks
Copy link
Member

cwperks commented Nov 5, 2024

@KleinSebastian please fix the eslint issues. You can fix them automatically with yarn run lint:es --fix

@cwperks
Copy link
Member

cwperks commented Nov 8, 2024

@KleinSebastian There are a few test errors. Are these errors due to changes from this PR or was there a change in OSD that introduced these errors?

@KleinSebastian
Copy link
Contributor Author

@cwperks I was able to reproduce the error. It was an issue with updating the "security_authentication" cookie due to the mismatch of "localhost" and "127.0.0.1" between OSD and Keycloak, resulting rejection of set-cookie in the browser due to the default SameSite behaviour "Lax".

Fixing the configuration does fix the E2E Tests as well as the need for a second redirect the existing E2E Tests.

@cwperks
Copy link
Member

cwperks commented Nov 12, 2024

@cwperks I was able to reproduce the error. It was an issue with updating the "security_authentication" cookie due to the mismatch of "localhost" and "127.0.0.1" between OSD and Keycloak, resulting rejection of set-cookie in the browser due to the default SameSite behaviour "Lax".

Fixing the configuration does fix the E2E Tests as well as the need for a second redirect the existing E2E Tests.

Awesome, thank you! I just approved the CI checks to run again. We will get results in ~45min - 1 hr

@KleinSebastian
Copy link
Contributor Author

@cwperks I saw that the E2E test runs failed again, but this time the OSD Server did not even start properly. I also saw that I introduced unwanted line ending changes. I reverted them because this might be the reason for the not starting server.

@cwperks
Copy link
Member

cwperks commented Nov 13, 2024

@cwperks I saw that the E2E test runs failed again, but this time the OSD Server did not even start properly. I also saw that I introduced unwanted line ending changes. I reverted them because this might be the reason for the not starting server.

I just started the CI checks again.

@KleinSebastian
Copy link
Contributor Author

OSD is still not starting, I assume that the server is not able to contact Keycloak by using the "127.0.0.1" address and exits. I reverted the changes done to the E2E Setup and tried fixing the tests with the manual redirect workaround present in the existing tests.

@cwperks cwperks added the backport 2.x backport to 2.x branch label Nov 22, 2024
@KleinSebastian
Copy link
Contributor Author

@cwperks Are there some additional actions required from my side? Its my first time performing a PR on a public repo, so I'm a bit unsure about the process.

@cwperks
Copy link
Member

cwperks commented Nov 27, 2024

The PR needs 2 maintainer approvals and some are out of the office this week. @DarshitChanpura or @RyanL1997 could you take a look at this PR?

Copy link
Member

@DarshitChanpura DarshitChanpura left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks @KleinSebastian !

@cwperks cwperks merged commit ded4012 into opensearch-project:main Dec 10, 2024
19 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Dec 10, 2024
* Preserve Query in nextUrl during openid login redirect

Signed-off-by: Sebastian Klein <[email protected]>

* Add release notes for 2.18 release (#2137)

Signed-off-by: Sebastian Klein <[email protected]>

* Added Unittest Test Suite for OpenID handling unauthorized calls

Signed-off-by: Sebastian Klein <[email protected]>

* Revert "Add release notes for 2.18 release (#2137)"

Signed-off-by: Sebastian Klein <[email protected]>

* Fix ES-Lint issues

Signed-off-by: Sebastian Klein <[email protected]>

* Fixing OIDC E2E tests and added a new one

Signed-off-by: Sebastian Klein <[email protected]>

* Reverting line ending changes from last commit

Signed-off-by: Sebastian Klein <[email protected]>

* Reverting changes to E2E OIDC Setup and added an alternative fix for the tests

Signed-off-by: Sebastian Klein <[email protected]>

* Fix ESLint issues and try fixing new tests

Signed-off-by: Sebastian Klein <[email protected]>

* Prevent Tenant Selection Popup to show during new E2E Test

Signed-off-by: Sebastian Klein <[email protected]>

---------

Signed-off-by: Sebastian Klein <[email protected]>
Co-authored-by: Derek Ho <[email protected]>
Co-authored-by: SKLEIN3 <[email protected]>
Co-authored-by: Darshit Chanpura <[email protected]>
(cherry picked from commit ded4012)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
cwperks pushed a commit that referenced this pull request Dec 11, 2024
* Preserve Query in nextUrl during openid login redirect



* Add release notes for 2.18 release (#2137)



* Added Unittest Test Suite for OpenID handling unauthorized calls



* Revert "Add release notes for 2.18 release (#2137)"



* Fix ES-Lint issues



* Fixing OIDC E2E tests and added a new one



* Reverting line ending changes from last commit



* Reverting changes to E2E OIDC Setup and added an alternative fix for the tests



* Fix ESLint issues and try fixing new tests



* Prevent Tenant Selection Popup to show during new E2E Test



---------





(cherry picked from commit ded4012)

Signed-off-by: Sebastian Klein <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Derek Ho <[email protected]>
Co-authored-by: SKLEIN3 <[email protected]>
Co-authored-by: Darshit Chanpura <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 2.x backport to 2.x branch v2.19.0
Projects
None yet
5 participants