Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change DB schema and backend to support storing a client/secret for each Endpoint #2269

Closed
wants to merge 8 commits into from
Closed

Change DB schema and backend to support storing a client/secret for each Endpoint #2269

wants to merge 8 commits into from

Conversation

andrewghobrial
Copy link
Contributor

@andrewghobrial andrewghobrial commented Jun 5, 2018
edited
Loading

This a pull request to support storing a client_id and client_secret in the cnsis DB table. This is needed to support SSO when different endpoints have unique client/secret credentials.

Description

This PR does not make any functional changes. It allows to a different client/secret to be stored for each endpoint in the cnsis DB. Whenever logging into an endpoint, its unique client/secret is pulled from its database entry. The default client/secret is still "cf", "". So there are no breaking changes.

Motivation and Context

Required to support SSO for multiple endpoints.

How Has This Been Tested?

Types of changes

  • [x ] Bug fix (non-breaking change which fixes an issue)
  • Docs update
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • [ x] My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have followed the guidelines in CONTRIBUTING.md, including the required formatting of the commit message

@cfdreddbot
Copy link

Hey andrewghobrial!

Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA.

@nwmac nwmac added the in review label Jun 8, 2018
@nwmac nwmac self-requested a review June 8, 2018 13:04
@nwmac nwmac added the V1 label Jun 11, 2018
nwmac
nwmac suggested changes Jun 14, 2018
View reviewed changes
Copy link
Contributor

@nwmac nwmac left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really good.

Minor changes - see comments.

Would also suggest that the Client Secret database column is encrypted, as we do with the Access and Refresh tokens.

Once we get this in, I am happy to apply these changes to V2 code base.

components/app-core/backend/cnsi.go Outdated
@@ -46,7 +46,15 @@ func (p *portalProxy) RegisterEndpoint(c echo.Context, fetchInfo interfaces.Info
skipSSLValidation = false
}

newCNSI, err := p.DoRegisterEndpoint(cnsiName, apiEndpoint, skipSSLValidation, fetchInfo)
cfclientid := c.FormValue("cf_client_id")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make these vars and the form values generically named - ie. loose the cf prefix. We will support other endpoint types over time.

deploy/db/migrations/20180605183300_CFClient.go Outdated
databaseProvider := os.Getenv("DATABASE_PROVIDER")
fmt.Printf("ENV is: %s", databaseProvider)

alterCnsis := "ALTER TABLE cnsis ADD COLUMN client_id boolean NOT NULL DEFAULT 'cf';"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Column type boolean - should be string?

deploy/db/migrations/20180605183300_CFClient.go Outdated
fmt.Printf("Failed to migrate due to: %v", err)
}

alterCnsis = "ALTER TABLE cnsis ADD COLUMN client_secret boolean NOT NULL DEFAULT '';"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Column type boolean - seems wrong.

@nwmac nwmac added the needs attention This PR needs attention label Jun 14, 2018
@andrewghobrial
Copy link
Contributor Author

@nwmac ok thanks for the review. i'm looking into encrypting the client secret.

@andrewghobrial
Copy link
Contributor Author

@nwmac ok made it so that it encrypts the client secret and fixed the other things

@nwmac nwmac removed the in review label Jun 19, 2018
This was referenced Jun 27, 2018
Closed
Merged
@nwmac
Copy link
Contributor

nwmac commented Aug 24, 2018

@andrewghobrial Do you still want this in V1, or given we have this in V2, can we close?

1 similar comment
@nwmac
Copy link
Contributor

nwmac commented Aug 24, 2018

@andrewghobrial Do you still want this in V1, or given we have this in V2, can we close?

@andrewghobrial
Copy link
Contributor Author

@nwmac We've fully switched to v2 so you can close this.

@nwmac
Copy link
Contributor

nwmac commented Aug 24, 2018

Fixed in V2

@nwmac nwmac closed this Aug 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nwmac nwmac nwmac requested changes

Assignees
No one assigned
Labels
needs attention This PR needs attention V1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewghobrial @cfdreddbot @nwmac