luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/ui/packages/consul-ui/app/services/repository/oidc-provider.js

92 lines
3.4 KiB
JavaScript
Raw Normal View History

ui: Model Layer for SSO Support (#7771) * ui: Adds model layer required for SSO 1. oidc-provider ember-data triplet plus repo, plus addition of torii addon 2. Make blocking queries support a Cache-Control: no-cache header 3. Tweaks to the token model layer in preparation for SSO work * Fix up meta related Cache-Control tests * Add tests adapter tests for URL shapes * Reset Cache-Control to the original value, return something from logout
2020-05-05 16:29:35 +00:00
import { inject as service } from '@ember/service';
ui: Run Ember native class code mod (#9093) * ui: Apply native class codemod to all services * ui: Apply native class codemod to routes * ui: Apply native class codemod to controllers * Fix up ember proxy `content` issue * Add a CreateTime on policy creation * Minor formatting * Convert child based saving to use ec instead of custom approach * Remove custom event source repo wrapping initializer * Repos here are no longer proxy objects revert to using them normally * Remove areas of code that were used to set up source backed repos
2020-11-09 09:25:35 +00:00
import RepositoryService from 'consul-ui/services/repository';
ui: Model Layer for SSO Support (#7771) * ui: Adds model layer required for SSO 1. oidc-provider ember-data triplet plus repo, plus addition of torii addon 2. Make blocking queries support a Cache-Control: no-cache header 3. Tweaks to the token model layer in preparation for SSO work * Fix up meta related Cache-Control tests * Add tests adapter tests for URL shapes * Reset Cache-Control to the original value, return something from logout
2020-05-05 16:29:35 +00:00
import { getOwner } from '@ember/application';
import { set } from '@ember/object';
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
import dataSource from 'consul-ui/decorators/data-source';
ui: Model Layer for SSO Support (#7771) * ui: Adds model layer required for SSO 1. oidc-provider ember-data triplet plus repo, plus addition of torii addon 2. Make blocking queries support a Cache-Control: no-cache header 3. Tweaks to the token model layer in preparation for SSO work * Fix up meta related Cache-Control tests * Add tests adapter tests for URL shapes * Reset Cache-Control to the original value, return something from logout
2020-05-05 16:29:35 +00:00
const modelName = 'oidc-provider';
const OAUTH_PROVIDER_NAME = 'oidc-with-url';
ui: Run Ember native class code mod (#9093) * ui: Apply native class codemod to all services * ui: Apply native class codemod to routes * ui: Apply native class codemod to controllers * Fix up ember proxy `content` issue * Add a CreateTime on policy creation * Minor formatting * Convert child based saving to use ec instead of custom approach * Remove custom event source repo wrapping initializer * Repos here are no longer proxy objects revert to using them normally * Remove areas of code that were used to set up source backed repos
2020-11-09 09:25:35 +00:00
export default class OidcProviderService extends RepositoryService {
ui: Don't default to the default namespace, use the token default namespace instead (#10503) The default namespace, and the tokens default namespace (or its origin namespace) is slightly more complicated than other things we deal with in the UI, there's plenty of info/docs on this that I've added in this PR. Previously: When a namespace was not specified in the URL, we used to default to the default namespace. When you logged in using a token we automatically forward you the namespace URL that your token originates from, so you are then using the namespace for your token by default. You can of course then edit the URL to remove the namespace portion, or perhaps revisit the UI at the root path with you token already set. In these latter cases we would show you information from the default namespace. So if you had no namespace segment/portion in the URL, we would assume default, perform actions against the default namespace and highlight the default namespace in the namespace selector menu. If you wanted to perform actions in your tokens origin namespace you would have to manually select it from the namespace selector menu. This PR: Now, when you have no namespace segment/portion in the URL, we use the token's origin namespace instead (and if you don't have a token, we then use the default namespace like it was previously) Notes/thoughts: I originally thought we were showing an incorrectly selected namespace in the namespace selector, but it also matched up with what we were doing with the API, so it was in fact correct. The issue was more that we weren't selecting the origin namespace of the token for the user when a namespace segment was omitted from the URL. Seeing as we automatically forward you to the tokens origin namespace when you log in, and we were correctly showing the namespace we were acting on when you had no namespace segment in the URL (in the previous case default), I'm not entirely sure how much of an issue this actually was. This characteristic of namespace+token+namespace is a little weird and its easy to miss a subtlety or two so I tried to add some documentation in here for future me/someone else (including some in depth code comment around one of the API endpoints where this is very subtle and very hard to miss). I'm not the greatest at words, so would be great to get some edits there if it doesn't seem clear to folks. The fact that we used to save your previous datacenter and namespace into local storage for reasons also meant the interaction here was slightly more complicated than it needed to be, so whilst we were here we rejigged things slightly to satisfy said reasons still but not use local storage (we try and grab the info from higher up). A lot of the related code here is from before we had our Routlets which I think could probably make all of this a lot less complicated, but I didn't want to do a wholesale replacement in this PR, we can save that for a separate PR on its own at some point.
2021-07-07 10:46:41 +00:00
@service('torii') manager;
@service('repository/settings') settings;
ui: Run Ember native class code mod (#9093) * ui: Apply native class codemod to all services * ui: Apply native class codemod to routes * ui: Apply native class codemod to controllers * Fix up ember proxy `content` issue * Add a CreateTime on policy creation * Minor formatting * Convert child based saving to use ec instead of custom approach * Remove custom event source repo wrapping initializer * Repos here are no longer proxy objects revert to using them normally * Remove areas of code that were used to set up source backed repos
2020-11-09 09:25:35 +00:00
init() {
super.init(...arguments);
ui: Model Layer for SSO Support (#7771) * ui: Adds model layer required for SSO 1. oidc-provider ember-data triplet plus repo, plus addition of torii addon 2. Make blocking queries support a Cache-Control: no-cache header 3. Tweaks to the token model layer in preparation for SSO work * Fix up meta related Cache-Control tests * Add tests adapter tests for URL shapes * Reset Cache-Control to the original value, return something from logout
2020-05-05 16:29:35 +00:00
this.provider = getOwner(this).lookup(`torii-provider:${OAUTH_PROVIDER_NAME}`);
ui: Run Ember native class code mod (#9093) * ui: Apply native class codemod to all services * ui: Apply native class codemod to routes * ui: Apply native class codemod to controllers * Fix up ember proxy `content` issue * Add a CreateTime on policy creation * Minor formatting * Convert child based saving to use ec instead of custom approach * Remove custom event source repo wrapping initializer * Repos here are no longer proxy objects revert to using them normally * Remove areas of code that were used to set up source backed repos
2020-11-09 09:25:35 +00:00
}
getModelName() {
ui: Model Layer for SSO Support (#7771) * ui: Adds model layer required for SSO 1. oidc-provider ember-data triplet plus repo, plus addition of torii addon 2. Make blocking queries support a Cache-Control: no-cache header 3. Tweaks to the token model layer in preparation for SSO work * Fix up meta related Cache-Control tests * Add tests adapter tests for URL shapes * Reset Cache-Control to the original value, return something from logout
2020-05-05 16:29:35 +00:00
return modelName;
ui: Run Ember native class code mod (#9093) * ui: Apply native class codemod to all services * ui: Apply native class codemod to routes * ui: Apply native class codemod to controllers * Fix up ember proxy `content` issue * Add a CreateTime on policy creation * Minor formatting * Convert child based saving to use ec instead of custom approach * Remove custom event source repo wrapping initializer * Repos here are no longer proxy objects revert to using them normally * Remove areas of code that were used to set up source backed repos
2020-11-09 09:25:35 +00:00
}
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
@dataSource('/:ns/:dc/oidc/providers')
async findAllByDatacenter() {
return super.findAllByDatacenter(...arguments);
}
@dataSource('/:ns/:dc/oidc/provider/:id')
ui: Don't default to the default namespace, use the token default namespace instead (#10503) The default namespace, and the tokens default namespace (or its origin namespace) is slightly more complicated than other things we deal with in the UI, there's plenty of info/docs on this that I've added in this PR. Previously: When a namespace was not specified in the URL, we used to default to the default namespace. When you logged in using a token we automatically forward you the namespace URL that your token originates from, so you are then using the namespace for your token by default. You can of course then edit the URL to remove the namespace portion, or perhaps revisit the UI at the root path with you token already set. In these latter cases we would show you information from the default namespace. So if you had no namespace segment/portion in the URL, we would assume default, perform actions against the default namespace and highlight the default namespace in the namespace selector menu. If you wanted to perform actions in your tokens origin namespace you would have to manually select it from the namespace selector menu. This PR: Now, when you have no namespace segment/portion in the URL, we use the token's origin namespace instead (and if you don't have a token, we then use the default namespace like it was previously) Notes/thoughts: I originally thought we were showing an incorrectly selected namespace in the namespace selector, but it also matched up with what we were doing with the API, so it was in fact correct. The issue was more that we weren't selecting the origin namespace of the token for the user when a namespace segment was omitted from the URL. Seeing as we automatically forward you to the tokens origin namespace when you log in, and we were correctly showing the namespace we were acting on when you had no namespace segment in the URL (in the previous case default), I'm not entirely sure how much of an issue this actually was. This characteristic of namespace+token+namespace is a little weird and its easy to miss a subtlety or two so I tried to add some documentation in here for future me/someone else (including some in depth code comment around one of the API endpoints where this is very subtle and very hard to miss). I'm not the greatest at words, so would be great to get some edits there if it doesn't seem clear to folks. The fact that we used to save your previous datacenter and namespace into local storage for reasons also meant the interaction here was slightly more complicated than it needed to be, so whilst we were here we rejigged things slightly to satisfy said reasons still but not use local storage (we try and grab the info from higher up). A lot of the related code here is from before we had our Routlets which I think could probably make all of this a lot less complicated, but I didn't want to do a wholesale replacement in this PR, we can save that for a separate PR on its own at some point.
2021-07-07 10:46:41 +00:00
async findBySlug(params) {
// This addition is mainly due to ember-data book-keeping This is one of
// the only places where Consul w/namespaces enabled doesn't return a
// response with a Namespace property, but in order to keep ember-data
// id's happy we need to fake one. Usually when we make a request to consul
// with an empty `ns=` Consul will use the namespace that is assigned to
// the token, and when we get the response we can pick that back off the
// responses `Namespace` property. As we don't receive a `Namespace`
// property here, we have to figure this out ourselves. Biut we also want
// to make this completely invisible to 'the application engineer/a
// template engineer'. This feels like the best place/way to do it as we
// are already in a asynchronous method, and we avoid adding extra 'just
// for us' parameters to the query object. There is a chance that as we
// are discovering the tokens default namespace on the frontend and
// assigning that to the ns query param, the token default namespace 'may'
// have changed by the time the request hits the backend. As this is
// extremely unlikely and in the scheme of things not a big deal, we
// decided that doing this here is ok and avoids doing this in a more
// complicated manner.
const token = (await this.settings.findBySlug('token')) || {};
return super.findBySlug({
ns: params.ns || token.Namespace || 'default',
dc: params.dc,
id: params.id,
});
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
}
@dataSource('/:ns/:dc/oidc/authorize/:id/:code/:state')
authorize(params, configuration = {}) {
return this.store.authorize(this.getModelName(), params);
ui: Run Ember native class code mod (#9093) * ui: Apply native class codemod to all services * ui: Apply native class codemod to routes * ui: Apply native class codemod to controllers * Fix up ember proxy `content` issue * Add a CreateTime on policy creation * Minor formatting * Convert child based saving to use ec instead of custom approach * Remove custom event source repo wrapping initializer * Repos here are no longer proxy objects revert to using them normally * Remove areas of code that were used to set up source backed repos
2020-11-09 09:25:35 +00:00
}
logout(id, code, state, dc, nspace, configuration = {}) {
ui: Model Layer for SSO Support (#7771) * ui: Adds model layer required for SSO 1. oidc-provider ember-data triplet plus repo, plus addition of torii addon 2. Make blocking queries support a Cache-Control: no-cache header 3. Tweaks to the token model layer in preparation for SSO work * Fix up meta related Cache-Control tests * Add tests adapter tests for URL shapes * Reset Cache-Control to the original value, return something from logout
2020-05-05 16:29:35 +00:00
// TODO: Temporarily call this secret, as we alreayd do that with
// self in the `store` look to see whether we should just call it id like
// the rest
const query = {
id: id,
};
return this.store.logout(this.getModelName(), query);
ui: Run Ember native class code mod (#9093) * ui: Apply native class codemod to all services * ui: Apply native class codemod to routes * ui: Apply native class codemod to controllers * Fix up ember proxy `content` issue * Add a CreateTime on policy creation * Minor formatting * Convert child based saving to use ec instead of custom approach * Remove custom event source repo wrapping initializer * Repos here are no longer proxy objects revert to using them normally * Remove areas of code that were used to set up source backed repos
2020-11-09 09:25:35 +00:00
}
close() {
ui: Model Layer for SSO Support (#7771) * ui: Adds model layer required for SSO 1. oidc-provider ember-data triplet plus repo, plus addition of torii addon 2. Make blocking queries support a Cache-Control: no-cache header 3. Tweaks to the token model layer in preparation for SSO work * Fix up meta related Cache-Control tests * Add tests adapter tests for URL shapes * Reset Cache-Control to the original value, return something from logout
2020-05-05 16:29:35 +00:00
this.manager.close(OAUTH_PROVIDER_NAME);
ui: Run Ember native class code mod (#9093) * ui: Apply native class codemod to all services * ui: Apply native class codemod to routes * ui: Apply native class codemod to controllers * Fix up ember proxy `content` issue * Add a CreateTime on policy creation * Minor formatting * Convert child based saving to use ec instead of custom approach * Remove custom event source repo wrapping initializer * Repos here are no longer proxy objects revert to using them normally * Remove areas of code that were used to set up source backed repos
2020-11-09 09:25:35 +00:00
}
findCodeByURL(src) {
ui: Model Layer for SSO Support (#7771) * ui: Adds model layer required for SSO 1. oidc-provider ember-data triplet plus repo, plus addition of torii addon 2. Make blocking queries support a Cache-Control: no-cache header 3. Tweaks to the token model layer in preparation for SSO work * Fix up meta related Cache-Control tests * Add tests adapter tests for URL shapes * Reset Cache-Control to the original value, return something from logout
2020-05-05 16:29:35 +00:00
// TODO: Maybe move this to the provider itself
set(this.provider, 'baseUrl', src);
return this.manager.open(OAUTH_PROVIDER_NAME, {}).catch(e => {
let err;
switch (true) {
case e.message.startsWith('remote was closed'):
err = new Error('Remote was closed');
err.statusCode = 499;
break;
default:
err = new Error(e.message);
err.statusCode = 500;
}
this.store.adapterFor(this.getModelName()).error(err);
});
ui: Run Ember native class code mod (#9093) * ui: Apply native class codemod to all services * ui: Apply native class codemod to routes * ui: Apply native class codemod to controllers * Fix up ember proxy `content` issue * Add a CreateTime on policy creation * Minor formatting * Convert child based saving to use ec instead of custom approach * Remove custom event source repo wrapping initializer * Repos here are no longer proxy objects revert to using them normally * Remove areas of code that were used to set up source backed repos
2020-11-09 09:25:35 +00:00
}
}