luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/ui/packages/consul-ui/app/components
History
John Cowen 0f49982cee
ui: [BUGFIX] Properly encode non-URL safe characters in OIDC responses (#10901) 
This commit fixes 2 problems with our OIDC flow in the UI, the first is straightforwards, the second is relatively more in depth:

1: A typo (1.10.1 only)

During #10503 we injected our settings service into the our oidc-provider service, there are some comments in the PR as to the whys and wherefores for this change (https://github.com/hashicorp/consul/pull/10503/files#diff-aa2ffda6d0a966ba631c079fa3a5f60a2a1bdc7eed5b3a98ee7b5b682f1cb4c3R28)

Fixing the typo so it was no longer looking for an unknown service (repository/settings > settings)
fixed this.

2: URL encoding (1.9.x, 1.10.x)

TL;DR: /oidc/authorize/provider/with/slashes/code/with/slashes/status/with/slashes should be /oidc/authorize/provider%2Fwith%2Fslashes/code%2Fwith%2Fslashes/status%2Fwith%2Fslashes

When we receive our authorization response back from the OIDC 3rd party, we POST the code and status data from that response back to consul via acallback as part of the OIDC flow. From what I remember back when this feature was originally added, the method is a POST request to avoid folks putting secret-like things into API requests/URLs/query params that are more likely to be visible to the human eye, and POSTing is expected behaviour.

Additionally, in the UI we identify all external resources using unique resource identifiers. Our OIDC flow uses these resources and their identifiers to perform the OIDC flow using a declarative state machine. If any information in these identifiers uses non-URL-safe characters then these characters require URL encoding and we added a helper a while back to specifically help us to do this once we started using this for things that required URL encoding.

The final fix here make sure that we URL encode code and status before using them with one of our unique resource identifiers, just like we do with the majority of other places where we use these identifiers.
 		2021-08-24 16:58:45 +01:00
..
action ui: Search/filtering 'Filtered by:' search status (#9442) 2021-01-25 18:13:54 +00:00
anchors ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
anonymous ui: Notice component (#9011) 2020-10-23 09:26:32 +01:00
app ui: Fixup prettier for scss files and run (#10296) 2021-05-27 13:23:54 +01:00
app-error ui: Move control of login modal to use JS rather than HTML (label/id) (#9883) 2021-04-06 13:40:40 +01:00
app-view ui: Show the correct 'ACLs Disabled' page when ACLs are disabled (#10604) 2021-07-14 18:52:13 +01:00
aria-menu ui: Adds CRD popover 'informed action' for intentions managed by CRDs (#10100) 2021-05-04 17:21:54 +01:00
auth-dialog ui: Improves UI engineering docs (#9875) 2021-03-17 15:58:17 +00:00
auth-form ui: Don't default to the default namespace, use the token default namespace instead (#10503) 2021-07-07 11:46:41 +01:00
auth-modal ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
auth-profile ui: Improves UI engineering docs (#9875) 2021-03-17 15:58:17 +00:00
badge ui: %horizontal-kv-list CSS component (and related) (#10285) 2021-06-21 11:40:14 +01:00
brand-loader ui: Loader amends/improvements (#10181) 2021-05-07 12:23:29 +01:00
breadcrumbs ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
buttons ui: CopyButton amends (#10511) 2021-07-06 16:56:36 +01:00
card ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
certificate ui: Add a README to the new Certificate component (#9908) 2021-03-23 09:22:09 -04:00
checkbox-group ui: Colocate old base components into our app/component folder (#10275) 2021-05-26 15:08:57 +01:00
child-selector ui: Don't default to the default namespace, use the token default namespace instead (#10503) 2021-07-07 11:46:41 +01:00
code-editor ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
collapsible-notices ui: Fixup prettier for scss files and run (#10296) 2021-05-27 13:23:54 +01:00
composite-row ui: Add copy button for Secret ID in Tokens list page (#10735) 2021-07-30 13:52:37 -04:00
confirmation-alert ui: Search/filtering 'Filtered by:' search status (#9442) 2021-01-25 18:13:54 +00:00
confirmation-dialog ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
consul ui: Update intention permissions notice wording (#10836) 2021-08-16 12:04:26 -04:00
copy-button ui: CopyButton amends (#10511) 2021-07-06 16:56:36 +01:00
csv-list ui: %horizontal-kv-list CSS component (and related) (#10285) 2021-06-21 11:40:14 +01:00
data-collection ui: Fix text search for upstream instances (#10151) 2021-05-04 17:25:57 +01:00
data-form ui: Change URI helper to a template based approach (#9344) 2020-12-09 09:22:46 +00:00
data-loader ui: Restrict the viewing/editing of certain UI elements based on the users ACLs (#9687) 2021-02-19 16:42:16 +00:00
data-sink ui: Improves UI engineering docs (#9875) 2021-03-17 15:58:17 +00:00
data-source ui: Remove storybook, add docfy (#9831) 2021-03-08 12:22:01 +00:00
data-writer ui: Move to Workspaced Structure (#8994) 2020-10-21 15:23:16 +01:00
debug/navigation ui: Remove storybook, add docfy (#9831) 2021-03-08 12:22:01 +00:00
definition-table ui: Fixup definition-table + copy-button margin (#10512) 2021-07-06 16:57:20 +01:00
delete-confirmation ui: Move to Workspaced Structure (#8994) 2020-10-21 15:23:16 +01:00
display-toggle ui: Colocate old base components into our app/component folder (#10275) 2021-05-26 15:08:57 +01:00
dom-recycling-table ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
empty-state ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
error-state ui: Move control of login modal to use JS rather than HTML (label/id) (#9883) 2021-04-06 13:40:40 +01:00
event-source ui: Improves UI engineering docs (#9875) 2021-03-17 15:58:17 +00:00
expanded-single-select ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
filter-bar ui: Fixup prettier for scss files and run (#10296) 2021-05-27 13:23:54 +01:00
flash-message ui: Rename icons for consistency and remove unused icons (#10311) 2021-06-22 18:56:17 +01:00
form-component ui: Move linting to the `node:test` script (#9385) 2020-12-14 15:28:35 +00:00
form-elements ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
form-group ui: [BUGFIX] Replace all replaceAll with split.join for older browsers without replaceAll (#9715) 2021-02-11 09:49:39 +00:00
freetext-filter ui: [BUGFIX] Replace all replaceAll with split.join for older browsers without replaceAll (#9715) 2021-02-11 09:49:39 +00:00
hashicorp-consul ui: Fixup prettier for scss files and run (#10296) 2021-05-27 13:23:54 +01:00
horizontal-kv-list ui: %horizontal-kv-list CSS component (and related) (#10285) 2021-06-21 11:40:14 +01:00
icon-definition ui: Add socket icon for UDS (#10573) 2021-07-12 09:28:01 -04:00
informed-action ui: Adds CRD popover 'informed action' for intentions managed by CRDs (#10100) 2021-05-04 17:21:54 +01:00
inline-alert ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
inline-code ui: Add information regarding Host header for ingress gateways (#10050) 2021-04-22 12:16:56 +01:00
jwt-source ui: Improves UI engineering docs (#9875) 2021-03-17 15:58:17 +00:00
list-collection ui: Adds ability to show a 'partial' list in list-collections (#10174) 2021-05-07 16:54:45 +01:00
list-row ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
main-header-horizontal ui: Increase z-index of main menus to avoid layering issues (#10428) 2021-06-22 14:19:13 +01:00
main-nav-horizontal ui: Move control of login modal to use JS rather than HTML (label/id) (#9883) 2021-04-06 13:40:40 +01:00
main-nav-vertical ui: Fixup prettier for scss files and run (#10296) 2021-05-27 13:23:54 +01:00
menu-panel ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
modal-dialog ui: Fixup prettier for scss files and run (#10296) 2021-05-27 13:23:54 +01:00
modal-layer ui: Move control of login modal to use JS rather than HTML (label/id) (#9883) 2021-04-06 13:40:40 +01:00
more-popover-menu ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
notice ui: Rename icons for consistency and remove unused icons (#10311) 2021-06-22 18:56:17 +01:00
notification ui: Move to Workspaced Structure (#8994) 2020-10-21 15:23:16 +01:00
oidc-select ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
outlet ui: Move control of login modal to use JS rather than HTML (label/id) (#9883) 2021-04-06 13:40:40 +01:00
overlay ui: Fixup prettier for scss files and run (#10296) 2021-05-27 13:23:54 +01:00
pill ui: Add Vault as a Service External Source (#10769) 2021-08-04 18:22:43 -04:00
policy-form ui: Move control of login modal to use JS rather than HTML (label/id) (#9883) 2021-04-06 13:40:40 +01:00
policy-selector ui: Move control of login modal to use JS rather than HTML (label/id) (#9883) 2021-04-06 13:40:40 +01:00
popover-menu ui: Colocate old base components into our app/component folder (#10275) 2021-05-26 15:08:57 +01:00
popover-select ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
power-select ui: Initial Intention Permission Integration and acceptance testing (#9003) 2020-10-23 17:26:06 +01:00
progress ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
radio-card ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
radio-group ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
ref ui: Improves UI engineering docs (#9875) 2021-03-17 15:58:17 +00:00
role-form ui: Move control of login modal to use JS rather than HTML (label/id) (#9883) 2021-04-06 13:40:40 +01:00
role-selector ui: Move control of login modal to use JS rather than HTML (label/id) (#9883) 2021-04-06 13:40:40 +01:00
route ui: Support Route optional parameters/segments (#10212) 2021-05-26 17:43:46 +01:00
search-bar ui: Fixup prettier for scss files and run (#10296) 2021-05-27 13:23:54 +01:00
secret-button ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
skip-links ui: Fixup prettier for scss files and run (#10296) 2021-05-27 13:23:54 +01:00
sliding-toggle ui: Colocate old base components into our app/component folder (#10275) 2021-05-26 15:08:57 +01:00
state ui: Improves UI engineering docs (#9875) 2021-03-17 15:58:17 +00:00
state-chart ui: Improves UI engineering docs (#9875) 2021-03-17 15:58:17 +00:00
tab-nav ui: change coloring of secondary navigation elements (#10259) 2021-05-24 11:51:16 +01:00
table ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
tabular-collection ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
tabular-details ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
tabular-dl ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
tag-list ui: %horizontal-kv-list CSS component (and related) (#10285) 2021-06-21 11:40:14 +01:00
toggle-button ui: Colocate old base components into our app/component folder (#10275) 2021-05-26 15:08:57 +01:00
token-list ui: Move to Workspaced Structure (#8994) 2020-10-21 15:23:16 +01:00
token-source ui: [BUGFIX] Properly encode non-URL safe characters in OIDC responses (#10901) 2021-08-24 16:58:45 +01:00
tooltip ui: Fixup prettier for scss files and run (#10296) 2021-05-27 13:23:54 +01:00
tooltip-panel ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
topology-metrics ui: Add tests for topology metrics stats (#10600) 2021-07-20 11:09:15 -04:00