2020-05-11 15:37:11 +00:00
|
|
|
<StateChart @src={{chart}} @initial={{if (eq type 'oidc') 'provider' 'secret'}} as |State Guard Action dispatch state|>
|
|
|
|
|
<Guard @name="isSecret" @cond={{action 'isSecret'}} />
|
ui: Don't default to the default namespace, use the token default namespace instead (#10503)
The default namespace, and the tokens default namespace (or its origin namespace) is slightly more complicated than other things we deal with in the UI, there's plenty of info/docs on this that I've added in this PR.
Previously:
When a namespace was not specified in the URL, we used to default to the default namespace. When you logged in using a token we automatically forward you the namespace URL that your token originates from, so you are then using the namespace for your token by default. You can of course then edit the URL to remove the namespace portion, or perhaps revisit the UI at the root path with you token already set. In these latter cases we would show you information from the default namespace. So if you had no namespace segment/portion in the URL, we would assume default, perform actions against the default namespace and highlight the default namespace in the namespace selector menu. If you wanted to perform actions in your tokens origin namespace you would have to manually select it from the namespace selector menu.
This PR:
Now, when you have no namespace segment/portion in the URL, we use the token's origin namespace instead (and if you don't have a token, we then use the default namespace like it was previously)
Notes/thoughts:
I originally thought we were showing an incorrectly selected namespace in the namespace selector, but it also matched up with what we were doing with the API, so it was in fact correct. The issue was more that we weren't selecting the origin namespace of the token for the user when a namespace segment was omitted from the URL. Seeing as we automatically forward you to the tokens origin namespace when you log in, and we were correctly showing the namespace we were acting on when you had no namespace segment in the URL (in the previous case default), I'm not entirely sure how much of an issue this actually was.
This characteristic of namespace+token+namespace is a little weird and its easy to miss a subtlety or two so I tried to add some documentation in here for future me/someone else (including some in depth code comment around one of the API endpoints where this is very subtle and very hard to miss). I'm not the greatest at words, so would be great to get some edits there if it doesn't seem clear to folks.
The fact that we used to save your previous datacenter and namespace into local storage for reasons also meant the interaction here was slightly more complicated than it needed to be, so whilst we were here we rejigged things slightly to satisfy said reasons still but not use local storage (we try and grab the info from higher up). A lot of the related code here is from before we had our Routlets which I think could probably make all of this a lot less complicated, but I didn't want to do a wholesale replacement in this PR, we can save that for a separate PR on its own at some point.
2021-07-07 10:46:41 +00:00
|
|
|
{{!-- This `or` can be completely removed post 1.10 as 1.10 has optional params with default values --}}
|
2021-09-15 18:50:11 +00:00
|
|
|
{{#let (concat '/' (or partition '') '/' (or nspace '') '/' dc) as |path|}}
|
2020-05-11 15:37:11 +00:00
|
|
|
<State @matches="secret">
|
|
|
|
|
<DataSource
|
ui: Make it hard to not URLEncode DataSource srcs/URIs (#11117)
Our DataSource came in very iteratively, when we first started using it we specifically tried not to use it for things that would require portions of the @src="" attribute to be URL encoded (so things like service names couldn't be used, but dc etc would be fine). We then gradually added an easy way to url encode the @src="" attributes with a uri helper and began to use the DataSource component more and more. This meant that some DataSource usage continued to be used without our uri helper.
Recently we hit #10901 which was a direct result of us not encoding @src values/URIs (I didn't realise this was one of the places that required URL encoding) and not going back over things to finish things off once we had implemented our uri helper, resulting in ~half of the codebase using it and ~half of it not.
Now that almost all of the UI uses our DataSource component, this PR makes it even harder to not use the uri helper, by wrapping the string that it requires in a private URI class/object, that is then expected/asserted within the DataSource component/service. This means that as a result of this PR you cannot pass a plain string to the DataSource component without seeing an error in your JS console, which in turn means you have to use the uri helper, and it's very very hard to not URL encode any dynamic/user provided values, which otherwise could lead to bugs/errors similar to the one mentioned above.
The error that you see when you don't use the uri helper is currently a 'soft' dev time only error, but like our other functionality that produces a soft error when you mistakenly pass an undefined value to a uri, at some point soon we will make these hard failing "do not do this" errors.
Both of these 'soft error' DX features have been used this to great effect to implement our Admin Partition feature and these kind of things will minimize the amount of these types of bugs moving forwards in a preventative rather than curative manner. Hopefully these are the some of the kinds of things that get added to our codebase that prevent a multitude of problems and therefore are often never noticed/appreciated.
Additionally here we moved the remaining non-uri using DataSources to use uri (that were now super easy to find), and also fixed up a place where I noticed (due to the soft errors) where we were sometimes passing undefined values to a uri call.
The work here also led me to find another couple of non-important 'bugs' that I've PRed already separately, one of which is yet to be merged (#11105), hence the currently failing tests here. I'll rebase that once that PR is in and the tests here should then pass 🤞
Lastly, I didn't go the whole hog here to make DataSink also be this strict with its uri usage, there is a tiny bit more work on DataSink as a result of recently work, so I may (or may not) make DataSink equally as strict as part of that work in a separate PR.
2021-09-30 14:54:46 +00:00
|
|
|
@src={{uri (concat path '/token/self/${value}')
|
|
|
|
|
(hash
|
|
|
|
|
value=value
|
|
|
|
|
)
|
|
|
|
|
}}
|
2020-05-11 15:37:11 +00:00
|
|
|
@onchange={{action 'change'}}
|
|
|
|
|
@onerror={{action onerror}}
|
|
|
|
|
/>
|
|
|
|
|
</State>
|
|
|
|
|
<State @matches="provider">
|
|
|
|
|
<DataSource
|
|
|
|
|
@src={{concat path '/oidc/provider/' value}}
|
|
|
|
|
@onchange={{queue (action (mut provider) value="data") (action dispatch "SUCCESS")}}
|
|
|
|
|
@onerror={{action onerror}}
|
|
|
|
|
/>
|
|
|
|
|
</State>
|
|
|
|
|
<State @matches="jwt">
|
|
|
|
|
<JwtSource
|
|
|
|
|
@src={{provider.AuthURL}}
|
|
|
|
|
@onchange={{queue (action (mut jwt) value="data") (action dispatch "SUCCESS")}}
|
|
|
|
|
@onerror={{action onerror}}
|
|
|
|
|
/>
|
|
|
|
|
</State>
|
|
|
|
|
<State @matches="token">
|
|
|
|
|
<DataSource
|
2021-08-24 15:58:45 +00:00
|
|
|
@src={{uri
|
|
|
|
|
(concat path '/oidc/authorize/${provider}/${code}/${state}')
|
|
|
|
|
(hash
|
|
|
|
|
provider=provider.Name
|
|
|
|
|
code=jwt.authorizationCode
|
|
|
|
|
state=(or jwt.authorizationState '')
|
|
|
|
|
)
|
|
|
|
|
}}
|
2020-05-11 15:37:11 +00:00
|
|
|
@onchange={{action 'change'}}
|
|
|
|
|
@onerror={{action onerror}}
|
|
|
|
|
/>
|
|
|
|
|
</State>
|
|
|
|
|
{{/let}}
|
|
|
|
|
</StateChart>
|