Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth jetstream refactor #3882

Merged
merged 25 commits into from
Nov 1, 2019
Merged

Auth jetstream refactor #3882

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
a131b2d
Sketch out minimal login/logout refactor implementation
kreinecke Sep 6, 2019
9a10910
1st version of auth refactor building and unit tests pass
kreinecke Sep 11, 2019
dfacbac
Finish sketching out minimal login/logout refactor implementation
kreinecke Sep 6, 2019
f5ffacb
1st version of auth refactor working
kreinecke Sep 11, 2019
d44287c
More imprvements to auth refactor
kreinecke Sep 15, 2019
4010f7b
Refactor complete docs started
kreinecke Sep 16, 2019
b2ccad4
UAA Auth documented and complete
kreinecke Sep 16, 2019
206acd4
Local Auth documented and complete
kreinecke Sep 16, 2019
57eda90
Transfer some portalProxy fields to localAuth and uaaAuth structs
kreinecke Sep 16, 2019
56263d7
Complete Login Auth refactor. Tidy up echo routing - create session a…
kreinecke Sep 18, 2019
d8bcb03
Codeclimate fixes
kreinecke Sep 18, 2019
f8a85a5
Fix codeclimate issue
kreinecke Sep 18, 2019
3df620d
Don't log error when verifying session and session not found
kreinecke Sep 20, 2019
f4fefd7
More appropriate log statement for login failure
kreinecke Sep 20, 2019
7687d35
Merge remote-tracking branch 'origin/v2-master' into auth-jetstream-r…
nwmac Sep 24, 2019
1cf3edd
Fix automatic merge issue
nwmac Sep 24, 2019
ba731b4
Remove need for overriding auth type and initing auth service in CF h…
kreinecke Oct 16, 2019
3754439
CF hosted remote user working
kreinecke Oct 17, 2019
bf4c587
CF hosted local users working
kreinecke Oct 17, 2019
e459a2f
Merge branch 'v2-master' into auth-jetstream-refactor
kreinecke Oct 17, 2019
c064a2c
Merge remote-tracking branch 'origin/master' into auth-jetstream-refa…
nwmac Oct 30, 2019
7b7b506
Fix formatting of http error
nwmac Oct 30, 2019
abeaf78
Move back manifest file
nwmac Oct 31, 2019
ee7b9e4
Merge remote-tracking branch 'origin/master' into auth-jetstream-refa…
nwmac Oct 31, 2019
bb1bb1c
Remove InitStratosAuthService from API
nwmac Nov 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Remove need for overriding auth type and initing auth service in CF h… 
…osting plugin
  • Loading branch information
@kreinecke
kreinecke committed Oct 16, 2019
commit ba731b468b5db597f995c2c5ecb365e47fa07fdd
2 changes: 1 addition & 1 deletion src/jetstream/authlocal.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ type localAuth struct {
func (a *localAuth) Login(c echo.Context) error {

//This check will remain in until auth is factored down into its own package
if interfaces.AuthEndpointTypes[a.p.Config.ConsoleConfig.AuthEndpointType] != interfaces.Local {
if interfaces.AuthEndpointTypes[a.p.Config.AuthEndpointType] != interfaces.Local {
err := interfaces.NewHTTPShadowError(
http.StatusNotFound,
"Local Login is not enabled",
Expand Down
25 changes: 11 additions & 14 deletions src/jetstream/authuaa.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package main

import (

"database/sql"
"encoding/base64"
"encoding/json"
Expand All @@ -17,8 +16,8 @@ import (
"github.com/labstack/echo"

"github.com/cloudfoundry-incubator/stratos/src/jetstream/repository/interfaces"
"github.com/cloudfoundry-incubator/stratos/src/jetstream/stringutils"
"github.com/cloudfoundry-incubator/stratos/src/jetstream/repository/tokens"
"github.com/cloudfoundry-incubator/stratos/src/jetstream/stringutils"
)

// UAAAdminIdentifier - The identifier that UAA uses to convey administrative level perms
Expand All @@ -27,15 +26,15 @@ const UAAAdminIdentifier = "stratos.admin"
//More fields will be moved into here as global portalProxy struct is phased out
type uaaAuth struct {
databaseConnectionPool *sql.DB
p *portalProxy
skipSSLValidation bool
p *portalProxy
skipSSLValidation bool
}

//Login provides UAA-auth specific Stratos login
func (a *uaaAuth) Login(c echo.Context) error {

log.Debug("UAA Login")
//This check will remain in until auth is factored down into its own package
if interfaces.AuthEndpointTypes[a.p.Config.ConsoleConfig.AuthEndpointType] != interfaces.Remote {
if interfaces.AuthEndpointTypes[a.p.Config.AuthEndpointType] != interfaces.Remote {
err := interfaces.NewHTTPShadowError(
http.StatusNotFound,
"UAA Login is not enabled",
Expand Down Expand Up @@ -83,7 +82,7 @@ func (a *uaaAuth) GetUsername(userid string) (string, error) {
//GetUser gets the user guid for the specified UAA user
func (a *uaaAuth) GetUser(userGUID string) (*interfaces.ConnectedUser, error) {
log.Debug("GetUser")

// get the uaa token record
uaaTokenRecord, err := a.p.GetUAATokenRecord(userGUID)
if err != nil {
Expand Down Expand Up @@ -112,7 +111,7 @@ func (a *uaaAuth) GetUser(userGUID string) (*interfaces.ConnectedUser, error) {
}

return uaaEntry, nil

}

//VerifySession verifies the session the specified UAA user and refreshes the token if necessary
Expand Down Expand Up @@ -310,7 +309,7 @@ func (p *portalProxy) RefreshUAALogin(username, password string, store bool) err
return nil
}

//getUAATokenWithAuthorizationCode
//getUAATokenWithAuthorizationCode
func (p *portalProxy) getUAATokenWithAuthorizationCode(skipSSLValidation bool, code, client, clientSecret, authEndpoint string, state string, cnsiGUID string) (*interfaces.UAAResponse, error) {
log.Debug("getUAATokenWithAuthorizationCode")

Expand Down Expand Up @@ -405,8 +404,6 @@ func (p *portalProxy) GetUAATokenRecord(userGUID string) (interfaces.TokenRecord
return tr, nil
}



//RefreshUAAToken refreshes the UAA Token for the user using the refresh token, then updates our store
func (p *portalProxy) RefreshUAAToken(userGUID string) (t interfaces.TokenRecord, err error) {
log.Debug("RefreshUAAToken")
Expand Down Expand Up @@ -556,7 +553,7 @@ func getSSORedirectURI(base string, state string, endpointGUID string) string {

//HTTP Basic

//fetchHTTPBasicToken currently unused?
//fetchHTTPBasicToken currently unused?
func (p *portalProxy) fetchHTTPBasicToken(cnsiRecord interfaces.CNSIRecord, c echo.Context) (*interfaces.UAAResponse, *interfaces.JWTUserTokenInfo, *interfaces.CNSIRecord, error) {

uaaRes, u, err := p.loginHTTPBasic(c)
Expand All @@ -570,7 +567,7 @@ func (p *portalProxy) fetchHTTPBasicToken(cnsiRecord interfaces.CNSIRecord, c ec
return uaaRes, u, &cnsiRecord, nil
}

//fetchHTTPBasicToken currently unused?
//fetchHTTPBasicToken currently unused?
func (p *portalProxy) loginHTTPBasic(c echo.Context) (uaaRes *interfaces.UAAResponse, u *interfaces.JWTUserTokenInfo, err error) {
log.Debug("login")
username := c.FormValue("username")
Expand All @@ -585,4 +582,4 @@ func (p *portalProxy) loginHTTPBasic(c echo.Context) (uaaRes *interfaces.UAAResp

uaaRes.AccessToken = fmt.Sprintf("Basic %s", base64EncodedAuthString)
return uaaRes, u, nil
}
}
19 changes: 16 additions & 3 deletions src/jetstream/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -499,6 +499,19 @@ func loadPortalConfig(pc interfaces.PortalConfig, env *env.VarSet) (interfaces.P
pc.HTTPClientTimeoutMutatingInSecs = pc.HTTPClientTimeoutInSecs
}

if len(pc.AuthEndpointType) == 0 {
//Default to "remote" if AUTH_ENDPOINT_TYPE is not set
pc.AuthEndpointType = string(interfaces.Remote)
} else {
val, endpointTypeSupported := interfaces.AuthEndpointTypes[pc.AuthEndpointType]
if endpointTypeSupported {
pc.AuthEndpointType = string(val)
} else {
return pc, fmt.Errorf("AUTH_ENDPOINT_TYPE: %v is not valid. Must be set to local or remote (defaults to remote)", val)
}
}

log.Debugf("Portal config auth endpoint type initialised to: %v", pc.AuthEndpointType)
return pc, nil
}

Expand Down Expand Up @@ -597,10 +610,10 @@ func newPortalProxy(pc interfaces.PortalConfig, dcp *sql.DB, ss HttpSessionStore
})

err := pp.InitStratosAuthService(interfaces.AuthEndpointTypes[pp.Config.AuthEndpointType])
if(err != nil) {
if err != nil {
log.Warnf("Defaulting to UAA authentication: %v", err)
err = pp.InitStratosAuthService(interfaces.Remote)
if(err != nil) {
if err != nil {
log.Fatalf("Could not initialise auth service. %v", err)
}
}
Expand Down Expand Up @@ -959,7 +972,7 @@ func echoV2DefaultHTTPErrorHandler(err error, c echo.Context) {
}

//Only log if there is a message to log
he, _ := err.(*echo.HTTPError)
he, _ := err.(*echo.HTTPError)
if err != nil && he.Message.(string) != "" {
c.Logger().Error(err)
}
Expand Down
9 changes: 1 addition & 8 deletions src/jetstream/plugins/cloudfoundryhosting/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,13 +124,6 @@ func (ch *CFHosting) Init() error {

ch.portalProxy.GetConfig().ConsoleConfig = new(interfaces.ConsoleConfig)

//Force auth endpoint type to remote (CF UAA)
ch.portalProxy.GetConfig().ConsoleConfig.AuthEndpointType = "remote"
err := ch.portalProxy.InitStratosAuthService(interfaces.Remote)
if(err != nil) {
return fmt.Errorf("Could not initialise auth service: %v", err)
}

// We are using the CF UAA - so the Console must use the same Client and Secret as CF
ch.portalProxy.GetConfig().ConsoleConfig.ConsoleClient = ch.portalProxy.GetConfig().CFClient
ch.portalProxy.GetConfig().ConsoleConfig.ConsoleClientSecret = ch.portalProxy.GetConfig().CFClientSecret
Expand Down Expand Up @@ -158,7 +151,7 @@ func (ch *CFHosting) Init() error {
var appData interfaces.VCapApplicationData
vCapApp, _ := ch.portalProxy.Env().Lookup(VCapApplication)
data := []byte(vCapApp)
err = json.Unmarshal(data, &appData)
err := json.Unmarshal(data, &appData)
if err != nil {
log.Fatalf("Could not get the Cloud Foundry API URL: %+v", err)
return nil
Expand Down
14 changes: 7 additions & 7 deletions src/jetstream/plugins/userinfo/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,12 @@ func (userInfo *UserInfo) AddSessionGroupRoutes(echoGroup *echo.Group) {

// Init performs plugin initialization
func (userInfo *UserInfo) Init() error {

return nil
}

func (userInfo *UserInfo) getProvider(c echo.Context) Provider {
if interfaces.AuthEndpointTypes[userInfo.portalProxy.GetConfig().ConsoleConfig.AuthEndpointType] == interfaces.Local {
if interfaces.AuthEndpointTypes[userInfo.portalProxy.GetConfig().AuthEndpointType] == interfaces.Local {
return InitLocalUserInfo(userInfo.portalProxy)
}

Expand Down Expand Up @@ -108,7 +109,6 @@ func (userInfo *UserInfo) userInfo(c echo.Context) error {
return nil
}


// update the user info for the current user
func (userInfo *UserInfo) updateUserInfo(c echo.Context) error {
_, err := userInfo.preFlightChecks(c)
Expand Down Expand Up @@ -142,8 +142,8 @@ func (userInfo *UserInfo) updateUserInfo(c echo.Context) error {
"Unable to update user profile",
"Unable to update user profile: %v", err,
)
}
}

c.Response().WriteHeader(http.StatusOK)

return nil
Expand Down Expand Up @@ -182,9 +182,9 @@ func (userInfo *UserInfo) updateUserPassword(c echo.Context) error {
"Unable to update user password",
"Unable to update user password: %v", err,
)
}
}

c.Response().WriteHeader(http.StatusOK)

return nil
}
}