luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/ui/packages/consul-ui
History
John Cowen 0f49982cee
ui: [BUGFIX] Properly encode non-URL safe characters in OIDC responses (#10901) 
This commit fixes 2 problems with our OIDC flow in the UI, the first is straightforwards, the second is relatively more in depth:

1: A typo (1.10.1 only)

During #10503 we injected our settings service into the our oidc-provider service, there are some comments in the PR as to the whys and wherefores for this change (https://github.com/hashicorp/consul/pull/10503/files#diff-aa2ffda6d0a966ba631c079fa3a5f60a2a1bdc7eed5b3a98ee7b5b682f1cb4c3R28)

Fixing the typo so it was no longer looking for an unknown service (repository/settings > settings)
fixed this.

2: URL encoding (1.9.x, 1.10.x)

TL;DR: /oidc/authorize/provider/with/slashes/code/with/slashes/status/with/slashes should be /oidc/authorize/provider%2Fwith%2Fslashes/code%2Fwith%2Fslashes/status%2Fwith%2Fslashes

When we receive our authorization response back from the OIDC 3rd party, we POST the code and status data from that response back to consul via acallback as part of the OIDC flow. From what I remember back when this feature was originally added, the method is a POST request to avoid folks putting secret-like things into API requests/URLs/query params that are more likely to be visible to the human eye, and POSTing is expected behaviour.

Additionally, in the UI we identify all external resources using unique resource identifiers. Our OIDC flow uses these resources and their identifiers to perform the OIDC flow using a declarative state machine. If any information in these identifiers uses non-URL-safe characters then these characters require URL encoding and we added a helper a while back to specifically help us to do this once we started using this for things that required URL encoding.

The final fix here make sure that we URL encode code and status before using them with one of our unique resource identifiers, just like we do with the majority of other places where we use these identifiers.
 		2021-08-24 16:58:45 +01:00
..
app ui: [BUGFIX] Properly encode non-URL safe characters in OIDC responses (#10901) 2021-08-24 16:58:45 +01:00
blueprints
config ui: Allow disabling of sourcemaps via env var (#10491) 2021-07-06 16:57:53 +01:00
docs ui: Don't default to the default namespace, use the token default namespace instead (#10503) 2021-07-07 11:46:41 +01:00
lib ui: [BUGFIX] Fix KV Code Editor syntax loading (#10605) 2021-07-14 18:55:35 +01:00
mock-api ui: Add Vault as a Service External Source (#10769) 2021-08-04 18:22:43 -04:00
node-tests/config
public
server
tests ui: [BUGFIX] Properly encode non-URL safe characters in OIDC responses (#10901) 2021-08-24 16:58:45 +01:00
translations ui: Update intention permissions notice wording (#10836) 2021-08-16 12:04:26 -04:00
vendor ui: [BUGFIX] Fix KV Code Editor syntax loading (#10605) 2021-07-14 18:55:35 +01:00
.dev.eslintrc.js
.docfy-config.js ui: CopyButton amends (#10511) 2021-07-06 16:56:36 +01:00
.editorconfig
.ember-cli
.eslintignore
.eslintrc.js
.istanbul.yml
.nvmrc ui: Bump node to v14 (#10238) 2021-05-18 16:30:19 +01:00
.prettierrc
.template-lintrc.js
.watchmanconfig
GNUmakefile
README.md ui: Enable specifying additional docfy config as json (#10464) 2021-06-25 10:41:41 +01:00
ember-cli-build.js ui: Allow disabling of sourcemaps via env var (#10491) 2021-07-06 16:57:53 +01:00
package.json ui: Add intl debug helpers (#10513) 2021-07-06 17:01:08 +01:00
testem.js

README.md

consul-ui

Prerequisites

You will need the following things properly installed on your computer.

Installation

  • git clone https://github.com/hashicorp/consul.git this repository
  • cd ui/packages/consul-ui
  • make start or yarn && yarn start

Yarn Commands

Most used tooling scripts below primarily use make which will yarn install and in turn call node package scripts.

List of available project commands. yarn run <command-name>

Command Description
build:staging Builds the UI in staging mode (ready for PR preview site).
build:ci Builds the UI for CI.
build Builds the UI for production.
lint Runs all lint commands.
lint:hbs Lints hbs template files.
lint:js Lints js files.
format Runs all auto-formatters.
format:js Auto-formats js files using Prettier.
format:sass Auto-formats scss files using Prettier.
start Runs the development app on a local server using the mock API.
start:consul Runs the development app local server using a real consul instance as the backend.
start:staging Runs the staging app local server.
test Runs the ember tests in a headless browser.
test:view Runs the ember tests in a non-headless browser.
test:oss Runs only the OSS ember tests in a headless browser.
test:oss:view Runs only the OSS ember tests in a non-headless browser.
test:coverage:view Runs only the test specified for coverage in a non-headless browser.
test:node Runs tests that can't be run in ember using node.
doc:toc Automatically generates a table of contents for this README file.

Running / Development

The source code comes with a small development mode that runs enough of the consul API as a set of mocks/fixtures to be able to run the UI without having to run consul.

You can also run the UI against a normal Consul installation.

  • consul server -dev to start consul listening on http://localhost:8500
  • make start-consul to start the ember app proxying to consul (this will respect the CONSUL_HTTP_ADDR environment variable to locate the Consul installation.
  • Visit your app at http://localhost:4200.

Example:

CONSUL_HTTP_ADDR=http://10.0.0.1:8500 make start-consul

Environment Variables

See ./docs/index.mdx

Contributing/Engineering Documentation

We have an in-app (only during development) component storybook and documentation site which can be visited using the Eng Docs link in the top navigation of the UI.

Browser 'Debug Utility' Functions and 'Environment' Variables

Run make start then visit http://localhost:4200/ui/docs/bookmarklets for a list of debug/engineering utilities you can use to help development of the UI under certain scenarios.

Code Generators

Many classes used in the UI can be generated with ember generators, try ember help generate for more details

Running Tests

Tests use the mock api (see ./mock-api for details)

  • make test or yarn run test
  • make test-view or yarn run test:view to view the tests running in Chrome

OSS only tests can also be run using:

  • make test-oss or yarn run test:oss
  • make test-oss-view or yarn run test:oss:view to view the tests running in Chrome

Linting

make lint currently runs linting on the majority of js files and hbs files (using ember-template-lint).

See .eslintrc.js and .eslintignore for specific configuration.

Building

  • make build builds the UI for production usage (env=production)
  • make build-ci builds the UI for CI/test usage (env=test)

Static files are built into ./dist

Running Tests in Parallel

Alternatively, ember-exam can be used to split the tests across multiple browser instances for faster results. Most options are the same as ember test. To see a full list of options, run ember exam --help.

Note: The EMBER_EXAM_PARALLEL environment variable must be set to override the default parallel value of 1 browser instance in testem.js.

To quickly run the tests across 4 parallel browser instances:

make test-parallel

To run manually:

$ EMBER_EXAM_PARALLEL=true ./node_modules/.bin/ember exam --split <num> --parallel

More ways to split tests can be found in the ember-exam README.md.