Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add JWT authentication type to MultipleAuthentication #2107

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Add JWT authentication type to MultipleAuthentication #2107

wants to merge 12 commits into from

Conversation

merlinz01
Copy link

@merlinz01 merlinz01 commented Aug 28, 2024
edited
Loading

Description

Allows JWT to be included in a multiple-authentication configuration.

Category

Enhancement

Why these changes are required?

Previously one cannot use basic auth and JWT auth together

What is the old behavior before changes and new behavior after changes?

OSD error when basic auth and JWT auth are configured

Issues Resolved

#1814

Testing

[Please provide details of testing done: unit testing, integration testing and manual testing]

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@merlinz01 merlinz01 mentioned this pull request Aug 28, 2024
Closed
3 tasks
@merlinz01
Copy link
Author

merlinz01 commented Aug 29, 2024
edited
Loading

At this point what I am seeing is that the session cookie is being lost (deleted) when the browser requests /startup.js initiated by a script tag in the response. This results in all further API calls being unauthenticated and ultimately results in an endless loop of refreshing the page.

@merlinz01
Copy link
Author

The request for /startup.js is the first request after the initial HTML is loaded, and it runs through the authentication flow that APIs use.

The logic here

security-dashboards-plugin/server/auth/types/authentication_type.ts

Line 100 in c143bce

if (this.authNotRequired(request)) {

decides that the request needs authenticated.

This line

security-dashboards-plugin/server/auth/types/authentication_type.ts

Line 145 in c143bce

this.sessionStorageFactory.asScoped(request).clear();

is then called, which deletes the auth cookie.

I assume this is not the desired behavior, and it seems like it would cause problems even without my changes.

Any input?

@merlinz01
Copy link
Author

merlinz01 commented Sep 2, 2024
edited
Loading

OK, I think I fixed the endless loop of the page refreshing with the above commit.

@merlinz01 merlinz01 marked this pull request as ready for review September 3, 2024 00:26
@codecov Codecov
Copy link

codecov bot commented Sep 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.91%. Comparing base (1f657ab) to head (bf5ddf6).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2107      +/-   ##
==========================================
+ Coverage   71.40%   73.91%   +2.50%     
==========================================
  Files          97       97              
  Lines        2651     2649       -2     
  Branches      404      403       -1     
==========================================
+ Hits         1893     1958      +65     
+ Misses        642      641       -1     
+ Partials      116       50      -66

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

cwperks
cwperks previously approved these changes Sep 10, 2024
View reviewed changes
cwperks
cwperks previously approved these changes Sep 11, 2024
View reviewed changes
@merlinz01
remove unneeded comment
bf5ddf6 
Signed-off-by: merlinz01 <[email protected]>
@cwperks
Copy link
Member

cwperks commented Sep 12, 2024

@derek-ho @RyanL1997 @DarshitChanpura Could one of you take a look as well?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cwperks cwperks cwperks approved these changes

@DarshitChanpura DarshitChanpura Awaiting requested review from DarshitChanpura DarshitChanpura is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

@stephen-crawford stephen-crawford Awaiting requested review from stephen-crawford stephen-crawford is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@merlinz01 @cwperks