Skip to content

Commit

Permalink
feat: local authentication
Browse files Browse the repository at this point in the history
- introduce passport
- add a passport local strategy for authentication
- introduce Authentication interface to contain the multiple
auth checks (authenticate, checkAuth, logout)

Contributes to: strimzi#106

Signed-off-by: Nic Townsend <[email protected]>
  • Loading branch information
nictownsend committed Nov 30, 2020
1 parent e449946 commit 6566cbc
Show file tree
Hide file tree
Showing 27 changed files with 644 additions and 178 deletions.
2 changes: 1 addition & 1 deletion config/static.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ const server: Config<Literal> = {
defaultConfig: {
configValue: {
authentication: {
strategy: 'none',
type: 'none',
},
client: {
configOverrides: {},
Expand Down
122 changes: 122 additions & 0 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 9 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -45,16 +45,19 @@
"dependencies": {
"@apollo/client": "^3.2.5",
"@apollo/react-hooks": "^4.0.0",
"@walmartlabs/json-to-simple-graphql-schema": "^2.0.3",
"@types/express-session": "^1.17.2",
"@walmartlabs/json-to-simple-graphql-schema": "^2.0.3",
"apollo-client": "^2.6.10",
"apollo-link-http": "^1.5.17",
"apollo-server-express": "^2.18.2",
"axios": "^0.21.0",
"compression-webpack-plugin": "^4.0.0",
"express": "^4.17.1",
"express-session": "^1.17.1",
"express-static-gzip": "^2.1.0",
"fromentries": "^1.3.2",
"graphql": "^15.4.0",
"graphql-ws": "^1.14.0",
"helmet": "^4.2.0",
"html-webpack-plugin": "^4.5.0",
"http-proxy": "^1.18.1",
Expand All @@ -68,6 +71,8 @@
"mini-css-extract-plugin": "^0.9.0",
"mustache": "^4.0.1",
"optimize-css-assets-webpack-plugin": "^5.0.4",
"passport": "^0.4.1",
"passport-local": "^1.0.0",
"pino": "^6.7.0",
"pino-filter": "^1.0.0",
"pino-http": "^5.3.0",
Expand Down Expand Up @@ -98,6 +103,8 @@
"@types/jest": "^26.0.15",
"@types/mustache": "^4.0.1",
"@types/node": "^14.14.6",
"@types/passport": "^1.0.4",
"@types/passport-local": "^1.0.33",
"@types/pino": "^6.3.3",
"@types/pino-http": "^5.0.5",
"@types/react-dom": "^16.9.9",
Expand Down Expand Up @@ -126,6 +133,7 @@
"license-check-and-add": "^3.0.4",
"lint-staged": "^10.5.1",
"mock-socket": "^9.0.3",
"nock": "^13.0.5",
"nodemon": "^2.0.6",
"npm-run-all": "^4.1.5",
"prettier": "^2.1.2",
Expand Down
7 changes: 3 additions & 4 deletions server/api/api.steps.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@
* Copyright Strimzi authors.
* License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html).
*/

import { RequestHandler } from 'express';
import { createProxyServer } from 'http-proxy';

// without setting up a second server (with secure and insecure modes), the best way to simulate the proxying of calls is mocking them/verifying the api usage
type mockProxyServerType = {
on: (event: string, handler: expressMiddleware) => void;
web: jest.Mock<expressMiddleware>;
on: (event: string, handler: RequestHandler) => void;
web: jest.Mock<RequestHandler>;
};

const placeholderProxyEvent = jest.fn();
Expand Down Expand Up @@ -55,7 +55,6 @@ import {
stepWhichUpdatesWorld,
stepWithWorld,
} from 'test_common/commonServerSteps';
import { expressMiddleware } from 'types';

Before(() => {
createProxyServer.mockReturnValue(createMockServerFn(false));
Expand Down
6 changes: 4 additions & 2 deletions server/api/router.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ const moduleName = 'api';

export const ApiModule: UIServerModule = {
moduleName,
addModule: (logger, authFn, serverConfig) => {
addModule: (logger, { checkAuth }, serverConfig) => {
const { proxy } = serverConfig;
const { exit } = logger.entry('addModule', proxy);
const { hostname, port, contextRoot, transport } = proxy;
Expand All @@ -40,7 +40,9 @@ export const ApiModule: UIServerModule = {
backendProxy.on('proxyReq', proxyStartHandler);
backendProxy.on('proxyRes', proxyCompleteHandler);
// proxy all requests post auth check
routerForModule.all('*', authFn, (req, res) => backendProxy.web(req, res));
routerForModule.all('*', checkAuth, (req, res) =>
backendProxy.web(req, res)
);

return exit({ mountPoint: '/api', routerForModule });
},
Expand Down
89 changes: 52 additions & 37 deletions server/client/client.feature
Original file line number Diff line number Diff line change
Expand Up @@ -5,44 +5,59 @@ Feature: client module
Behaviours and capabilities provided by the client module

Scenario Outline: If no <Asset> asset can be served, the client module returns 404
Given a 'client_only' server configuration
And There are no files to serve
And Authentication is required
And I run an instance of the Strimzi-UI server
When I make a 'get' request to '<Asset>'
Then I get the expected status code '<StatusCode>' response
Given a 'client_only' server configuration
And There are no files to serve
And I run an instance of the Strimzi-UI server
When I make a 'get' request to '<Asset>'
Then I get the expected status code '<StatusCode>' response

Examples:
| Asset | StatusCode |
| /index.html | 404 |
| /images/picture.svg | 404 |
| /doesnotexist.html | 404 |
| /someroute | 404 |
| /protected.html | 404 |
| / | 404 |
Examples:
| Asset | StatusCode |
| /index.html | 404 |
| /images/picture.svg | 404 |
| /doesnotexist.html | 404 |
| /someroute | 404 |
| /protected.html | 404 |
| / | 404 |

Scenario Outline: If assets can be served, the client module returns the appropriate <StatusCode> return code for a request of <Asset>
Given a 'client_only' server configuration
And There are files to serve
And Authentication is required
And I run an instance of the Strimzi-UI server
When I make a 'get' request to '<Asset>'
Then I get the expected status code '<StatusCode>' response
# if the route (not file) is not matched, we redirect to index.html. Hence / and someroute response
Examples:
| Asset | StatusCode |
| /index.html | 200 |
| /images/picture.svg | 200 |
| /doesnotexist.html | 404 |
| /someroute | 302 |
| /protected.html | 511 |
| / | 200 |
Scenario: Critical configuration is templated into index.html so the client can bootstrap
Given a 'client_only' server configuration
And There are files to serve
And Authentication is required
And I run an instance of the Strimzi-UI server
When I make a 'get' request to '/index.html'
Then the file is returned as with the expected configuration included

Scenario Outline: If assets can be served without authentication, the client module returns the appropriate <StatusCode> return code for a request of <Asset>
Given a 'client_only' server configuration
And There are files to serve
And 'none' authentication is required
And I run an instance of the Strimzi-UI server
When I make a 'get' request to '<Asset>'
Then I get the expected status code '<StatusCode>' response
# if the route (not file) is not matched, we redirect to index.html. Hence / and someroute response
Examples:
| Asset | StatusCode |
| /index.html | 200 |
| /images/picture.svg | 200 |
| /doesnotexist.html | 404 |
| /someroute | 302 |
| /protected.html | 200 |
| / | 200 |

Scenario: Critical configuration is templated into index.html so the client can bootstrap
Given a 'client_only' server configuration
And There are files to serve
And Authentication is required
And I run an instance of the Strimzi-UI server
When I make a 'get' request to '/index.html'
Then the file is returned as with the expected configuration included
Scenario Outline: If assets can be served with authentication, the client module returns the appropriate <StatusCode> return code for a request of <Asset>
Given a 'client_only' server configuration
And There are files to serve
And 'scram' authentication is required
And I run an instance of the Strimzi-UI server
When I make a 'get' request to '<Asset>'
Then I get the expected status code '<StatusCode>' response
# if the route (not file) is not matched, we redirect to index.html. Hence / and someroute response
Examples:
| Asset | StatusCode |
| /index.html | 200 |
| /images/picture.svg | 200 |
| /doesnotexist.html | 404 |
| /someroute | 302 |
| /protected.html | 302 |
| / | 200 |
Loading

0 comments on commit 6566cbc

Please sign in to comment.