Compare commits
13 Commits
feature/au
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
1809574fe6 | ||
|
|
858975f03f | ||
|
|
30db609aff | ||
|
|
45b5f473c9 | ||
|
|
71688dea16 | ||
|
|
b63b9aa4bb | ||
|
|
7565cdcf2f | ||
|
|
b7d390adf4 | ||
|
|
29769480be | ||
|
|
657281461d | ||
|
|
af53eca7f6 | ||
|
|
4f6e7ea4dc | ||
| 96fc55b932 |
@@ -112,6 +112,12 @@ Env-scoped read-path controllers (`AlertController`, `AlertRuleController`, `Ale
|
||||
- `DatabaseAdminController` — GET `/api/v1/admin/database/**` (conditional on `infrastructureendpoints` flag).
|
||||
- `ServerMetricsAdminController` — `/api/v1/admin/server-metrics/**`. GET `/catalog`, GET `/instances`, POST `/query`. Generic read API over the `server_metrics` ClickHouse table so SaaS dashboards don't need direct CH access. Delegates to `ServerMetricsQueryStore` (impl `ClickHouseServerMetricsQueryStore`). Visibility matches ClickHouse/Database admin: `@ConditionalOnProperty(infrastructureendpoints, matchIfMissing=true)` + class-level `@PreAuthorize("hasRole('ADMIN')")`. Validation: metric/tag regex `^[a-zA-Z0-9._]+$`, statistic regex `^[a-z_]+$`, `to - from ≤ 31 days`, stepSeconds ∈ [10, 3600], response capped at 500 series. `IllegalArgumentException` → 400. `/query` supports `raw` + `delta` modes (delta does per-`server_instance_id` positive-clipped differences, then aggregates across instances). Derived `statistic=mean` for timers computes `sum(total|total_time)/sum(count)` per bucket.
|
||||
|
||||
### Auth (flat)
|
||||
|
||||
- `UiAuthController` — `/api/v1/auth` (login, refresh, me). Local username/password against env-var admin or DB BCrypt hash. Lockout after 5 failed attempts.
|
||||
- `OidcAuthController` — `/api/v1/auth/oidc` (config, callback). Code → token exchange. Roles via custom JWT claim, claim mapping rules, or default roles.
|
||||
- `AuthCapabilitiesController` — `GET /api/v1/auth/capabilities` (unauthenticated). Reports `{oidc:{enabled, providerName, primary}, localAccounts:{enabled, adminRecoveryOnly}}` so the SPA renders the login page deterministically. `oidc.primary == oidc.enabled`; `localAccounts.adminRecoveryOnly == oidc.primary`. `providerName` is best-effort label via `OidcProviderNameDeriver` (Logto / Keycloak / Auth0 / Okta / Single Sign-On). The SPA hides the local form behind `?local` when `adminRecoveryOnly` is true.
|
||||
|
||||
### Other (flat)
|
||||
|
||||
- `DetailController` — GET `/api/v1/executions/{executionId}` + processor snapshot endpoints.
|
||||
|
||||
@@ -47,14 +47,19 @@ paths:
|
||||
|
||||
## license/ — License domain (signed-token tier system)
|
||||
|
||||
The pure license **contract types** live in the separate `cameleer-license-api` module under package `com.cameleer.license` (no Spring, no server-runtime deps) so consumers like `cameleer-license-minter` and `cameleer-saas` can use them without inheriting server internals. Server-core only contains the runtime state holder (`LicenseGate`).
|
||||
|
||||
Contract types in `cameleer-license-api` (package `com.cameleer.license`):
|
||||
- `LicenseInfo` — record: `(UUID licenseId, String tenantId, String label, Map<String,Integer> limits, Instant issuedAt, Instant expiresAt, int gracePeriodDays)`. `isExpired()` true once `now > expiresAt + gracePeriodDays`; `isAfterRawExpiry()` true once `now > expiresAt`. Constructed via `LicenseValidator`; canonical ctor null-checks all required fields and rejects blank tenantId / negative grace.
|
||||
- `LicenseLimits` — typed limits container backed by `Map<String,Integer>`. `defaultsOnly()` returns the `DefaultTierLimits.DEFAULTS` view; `mergeOverDefaults(overrides)` produces the license-overrides UNION default tier. `get(String key)` returns the cap; throws `IllegalArgumentException` for unknown keys (programmer error). `isDefaultSourced(key, license)` reports whether a key fell through to the default tier.
|
||||
- `DefaultTierLimits` — immutable `LinkedHashMap` of constants for the no-license fallback tier: `max_environments=1, max_apps=3, max_agents=5, max_users=3, max_outbound_connections=1, max_alert_rules=2, max_total_cpu_millis=2000, max_total_memory_mb=2048, max_total_replicas=5, max_execution_retention_days=1, max_log_retention_days=1, max_metric_retention_days=1, max_jar_retention_count=3`.
|
||||
- `LicenseValidator` — verifies signed token. Constructor `(String publicKeyBase64, String expectedTenantId)` decodes an X.509 Ed25519 public key. `validate(String token)` splits `payload.signature`, verifies the Ed25519 signature, parses the JSON payload, enforces `tenantId == expectedTenantId`, and returns `LicenseInfo`. Throws `SecurityException` on signature mismatch / `IllegalArgumentException` on parse failure / expired payload.
|
||||
- `LicenseGate` — runtime state holder (thread-safe via `AtomicReference<Snapshot>`). `getCurrent()` returns the current `LicenseInfo` (null when ABSENT/INVALID); `getState()` delegates to `LicenseStateMachine.classify(...)`; `getEffectiveLimits()` returns license-overrides UNION defaults in `ACTIVE`/`GRACE`, defaults-only otherwise. `getInvalidReason()`, `load(LicenseInfo)`, `markInvalid(String reason)`, `clear()` are the mutators. `getLimit(key, defaultValue)` shorthand swallows unknown-key errors.
|
||||
- `LicenseStateMachine` — pure classifier. `classify(LicenseInfo, String invalidReason)` returns `INVALID` if a reason is set, `ABSENT` if no license, `ACTIVE` if `now <= expiresAt`, `GRACE` if expired but within grace window, `EXPIRED` otherwise.
|
||||
- `LicenseState` — enum: `ABSENT, ACTIVE, GRACE, EXPIRED, INVALID`.
|
||||
|
||||
Runtime state holder in server-core (package `com.cameleer.server.core.license`):
|
||||
- `LicenseGate` — runtime state holder (thread-safe via `AtomicReference<Snapshot>`). `getCurrent()` returns the current `LicenseInfo` (null when ABSENT/INVALID); `getState()` delegates to `LicenseStateMachine.classify(...)`; `getEffectiveLimits()` returns license-overrides UNION defaults in `ACTIVE`/`GRACE`, defaults-only otherwise. `getInvalidReason()`, `load(LicenseInfo)`, `markInvalid(String reason)`, `clear()` are the mutators. `getLimit(key, defaultValue)` shorthand swallows unknown-key errors.
|
||||
|
||||
## search/ — Execution search and stats
|
||||
|
||||
- `SearchService` — search, count, stats, statsForApp, statsForRoute, timeseries, timeseriesForApp, timeseriesForRoute, timeseriesGroupedByApp, timeseriesGroupedByRoute, slaCompliance, slaCountsByApp, slaCountsByRoute, topErrors, activeErrorTypes, punchcard, distinctAttributeKeys. `statsForRoute`/`timeseriesForRoute` take `(routeId, applicationId)` — app filter is applied to `stats_1m_route`.
|
||||
|
||||
@@ -86,7 +86,7 @@ jobs:
|
||||
|
||||
- name: Deploy minter to Maven registry
|
||||
if: github.event_name == 'push'
|
||||
run: mvn deploy -DskipTests -DskipITs --batch-mode -pl .,cameleer-server-core,cameleer-license-minter
|
||||
run: mvn deploy -DskipTests -DskipITs --batch-mode -pl .,cameleer-license-api,cameleer-server-core,cameleer-license-minter
|
||||
env:
|
||||
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
|
||||
@@ -14,8 +14,10 @@ Cameleer Server — observability server that receives, stores, and serves Camel
|
||||
|
||||
## Modules
|
||||
|
||||
- `cameleer-license-api` — pure license contract types (`LicenseInfo`, `LicenseValidator`, `LicenseState`, `LicenseStateMachine`, `LicenseLimits`, `DefaultTierLimits`) under package `com.cameleer.license`. No Spring or server-runtime deps; consumed by `cameleer-server-core` (validation/runtime gate) and `cameleer-license-minter` (vendor signing) — and transitively by `cameleer-saas` via the minter — without inheriting server internals.
|
||||
- `cameleer-server-core` — domain logic, storage interfaces, services (no Spring dependencies)
|
||||
- `cameleer-server-app` — Spring Boot web app, REST controllers, SSE, persistence, Docker orchestration
|
||||
- `cameleer-license-minter` — vendor-only Ed25519 license signing library + CLI. Depends only on `cameleer-license-api` so consumers don't pull in `cameleer-server-core`.
|
||||
|
||||
## Build Commands
|
||||
|
||||
@@ -59,6 +61,7 @@ java -jar cameleer-server-app/target/cameleer-server-app-1.0-SNAPSHOT.jar
|
||||
- Log processor correlation: The agent sets `cameleer.processorId` in MDC, identifying which processor node emitted a log line.
|
||||
- Logging: ClickHouse JDBC set to INFO (`com.clickhouse`), HTTP client to WARN (`org.apache.hc.client5`) in application.yml
|
||||
- Security: JWT auth with RBAC (AGENT/VIEWER/OPERATOR/ADMIN roles), Ed25519 config signing (key derived deterministically from JWT secret via HMAC-SHA256), bootstrap token for registration. CORS: `CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS` (comma-separated) overrides `CAMELEER_SERVER_SECURITY_UIORIGIN` for multi-origin setups. Infrastructure access: `CAMELEER_SERVER_SECURITY_INFRASTRUCTUREENDPOINTS=false` disables Database and ClickHouse admin endpoints. Last-ADMIN guard: system prevents removal of the last ADMIN role (409 Conflict). Password policy: min 12 chars, 3-of-4 character classes, no username match. Brute-force protection: 5 failed attempts -> 15 min lockout. Token revocation: `token_revoked_before` column on users, checked in `JwtAuthenticationFilter`, set on password change.
|
||||
- Login routing: `GET /api/v1/auth/capabilities` (unauthenticated) tells the SPA whether OIDC is the primary entry point. When OIDC is configured, the SSO button is the primary CTA and the local form is hidden behind `?local` (admin-recovery escape hatch). Per RFC 9700 §4.4 we do **not** use `prompt=none` for primary login — that returns `login_required` for first-time users and traps them on a local form.
|
||||
- OIDC: Optional external identity provider support (token exchange pattern). Configured via admin API/UI, stored in database (`server_config` table). Resource server mode: accepts external access tokens (Logto M2M) via JWKS validation when `CAMELEER_SERVER_SECURITY_OIDCISSUERURI` is set. Scope-based role mapping via `SystemRole.normalizeScope()`. System roles synced on every OIDC login via `applyClaimMappings()` in `OidcAuthController` (calls `clearManagedAssignments` + `assignManagedRole` on `RbacService`) — always overwrites managed role assignments; uses managed assignment origin to avoid touching group-inherited or directly-assigned roles. Supports ES384, ES256, RS256.
|
||||
- OIDC role extraction: `OidcTokenExchanger` reads roles from the **access_token** first (JWT with `at+jwt` type), then falls back to id_token. `OidcConfig` includes `audience` (RFC 8707 resource indicator) and `additionalScopes`. All provider-specific configuration is external — no provider-specific code in the server.
|
||||
- Sensitive keys: Global enforced baseline for masking sensitive data in agent payloads. Merge rule: `final = global UNION per-app` (case-insensitive dedup, per-app can only add, never remove global keys).
|
||||
@@ -96,7 +99,7 @@ When adding, removing, or renaming classes, controllers, endpoints, UI component
|
||||
<!-- gitnexus:start -->
|
||||
# GitNexus — Code Intelligence
|
||||
|
||||
This project is indexed by GitNexus as **cameleer-server** (9731 symbols, 24987 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.
|
||||
This project is indexed by GitNexus as **cameleer-server** (10530 symbols, 27383 relationships, 300 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.
|
||||
|
||||
> If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first.
|
||||
|
||||
|
||||
54
cameleer-license-api/pom.xml
Normal file
54
cameleer-license-api/pom.xml
Normal file
@@ -0,0 +1,54 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<parent>
|
||||
<groupId>com.cameleer</groupId>
|
||||
<artifactId>cameleer-server-parent</artifactId>
|
||||
<version>1.0-SNAPSHOT</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>cameleer-license-api</artifactId>
|
||||
<name>Cameleer License API</name>
|
||||
<description>Pure license contract types — LicenseInfo, LicenseValidator, LicenseState, LicenseStateMachine, LicenseLimits, DefaultTierLimits. Shared by server-core (validation/runtime gate) and cameleer-license-minter (vendor-side signing). Has no Spring or server-runtime dependencies so consumers like cameleer-saas can depend on the minter without inheriting server internals.</description>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.fasterxml.jackson.core</groupId>
|
||||
<artifactId>jackson-databind</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-api</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.junit.jupiter</groupId>
|
||||
<artifactId>junit-jupiter</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.assertj</groupId>
|
||||
<artifactId>assertj-core</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||
<executions>
|
||||
<!-- Plain library JAR — no repackage. -->
|
||||
<execution>
|
||||
<id>repackage</id>
|
||||
<phase>none</phase>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.cameleer.server.core.license;
|
||||
package com.cameleer.license;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashMap;
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.cameleer.server.core.license;
|
||||
package com.cameleer.license;
|
||||
|
||||
import java.time.Instant;
|
||||
import java.util.Map;
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.cameleer.server.core.license;
|
||||
package com.cameleer.license;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.LinkedHashMap;
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.cameleer.server.core.license;
|
||||
package com.cameleer.license;
|
||||
|
||||
public enum LicenseState {
|
||||
ABSENT,
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.cameleer.server.core.license;
|
||||
package com.cameleer.license;
|
||||
|
||||
public final class LicenseStateMachine {
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.cameleer.server.core.license;
|
||||
package com.cameleer.license;
|
||||
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.cameleer.server.core.license;
|
||||
package com.cameleer.license;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.cameleer.server.core.license;
|
||||
package com.cameleer.license;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.cameleer.server.core.license;
|
||||
package com.cameleer.license;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
package com.cameleer.server.core.license;
|
||||
package com.cameleer.license;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@@ -58,7 +58,7 @@ Two JARs land in `cameleer-license-minter/target/`:
|
||||
|
||||
```java
|
||||
import com.cameleer.license.minter.LicenseMinter;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
|
||||
LicenseInfo info = new LicenseInfo(
|
||||
java.util.UUID.randomUUID(),
|
||||
@@ -136,11 +136,11 @@ base64(canonicalJson) + "." + base64(ed25519Signature)
|
||||
- The signature is computed with `Signature.getInstance("Ed25519")` over the canonical payload bytes (not over the base64-encoded form).
|
||||
- Encoding is `Base64.getEncoder()` (RFC 4648 §4 — *not* base64url). The validator decodes with the matching `Base64.getDecoder()`.
|
||||
|
||||
`LicenseValidator.validate(...)` (`cameleer-server-core/src/main/java/com/cameleer/server/core/license/LicenseValidator.java:42`) splits on the first `.`, decodes both halves, verifies the signature, then deserializes the payload.
|
||||
`LicenseValidator.validate(...)` (`cameleer-license-api/src/main/java/com/cameleer/license/LicenseValidator.java:42`) splits on the first `.`, decodes both halves, verifies the signature, then deserializes the payload.
|
||||
|
||||
## LicenseInfo schema
|
||||
|
||||
Source: `cameleer-server-core/src/main/java/com/cameleer/server/core/license/LicenseInfo.java`. Field-by-field:
|
||||
Source: `cameleer-license-api/src/main/java/com/cameleer/license/LicenseInfo.java`. Field-by-field:
|
||||
|
||||
| Field | Type | Required | Semantics |
|
||||
|---|---|---|---|
|
||||
@@ -154,7 +154,7 @@ Source: `cameleer-server-core/src/main/java/com/cameleer/server/core/license/Lic
|
||||
|
||||
## Limits dictionary
|
||||
|
||||
Canonical key set: `cameleer-server-core/src/main/java/com/cameleer/server/core/license/DefaultTierLimits.java`. Any key not listed here is silently ignored by the server's `LicenseGate.getEffectiveLimits()`.
|
||||
Canonical key set: `cameleer-license-api/src/main/java/com/cameleer/license/DefaultTierLimits.java`. Any key not listed here is silently ignored by the server's `LicenseGate.getEffectiveLimits()`.
|
||||
|
||||
| CLI flag | Key | Default | What the server enforces |
|
||||
|---|---|---|---|
|
||||
@@ -284,4 +284,4 @@ mvn -pl cameleer-server-app dependency:tree | grep license-minter
|
||||
# expected: empty output (or, in development branches, a single line scoped 'test')
|
||||
```
|
||||
|
||||
`cameleer-license-minter/pom.xml` depends on `cameleer-server-core` for `LicenseInfo` and the validator round-trip used by `--verify`. The server app intentionally does not depend on the minter — vendors mint outside the customer-deployed runtime, and a compromised customer cannot leverage server code to forge tokens.
|
||||
`cameleer-license-minter/pom.xml` depends on `cameleer-license-api` for the pure license contract types (`LicenseInfo`, `LicenseValidator`) used by mint + `--verify`. It deliberately does **not** depend on `cameleer-server-core`, so consumers of the minter (e.g. `cameleer-saas`) do not inherit server-runtime types onto their classpath. The server app intentionally does not depend on the minter — vendors mint outside the customer-deployed runtime, and a compromised customer cannot leverage server code to forge tokens.
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.cameleer</groupId>
|
||||
<artifactId>cameleer-server-core</artifactId>
|
||||
<artifactId>cameleer-license-api</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.fasterxml.jackson.core</groupId>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
package com.cameleer.license.minter;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||
import com.fasterxml.jackson.databind.node.ObjectNode;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.cameleer.license.minter.cli;
|
||||
|
||||
import com.cameleer.license.minter.LicenseMinter;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
|
||||
import java.io.PrintStream;
|
||||
import java.nio.file.Files;
|
||||
@@ -107,7 +107,7 @@ public final class LicenseMinterCli {
|
||||
}
|
||||
try {
|
||||
String pubB64 = Files.readString(Path.of(pubPath)).trim();
|
||||
new com.cameleer.server.core.license.LicenseValidator(pubB64, tenant).validate(token);
|
||||
new com.cameleer.license.LicenseValidator(pubB64, tenant).validate(token);
|
||||
out.println("verified ok");
|
||||
} catch (Exception ve) {
|
||||
err.println("VERIFY FAILED: " + ve.getMessage());
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.cameleer.license.minter;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.server.core.license.LicenseValidator;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseValidator;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.security.KeyPair;
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
package com.cameleer.license.minter.cli;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseValidator;
|
||||
import com.cameleer.license.LicenseValidator;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.io.TempDir;
|
||||
|
||||
|
||||
@@ -4,8 +4,8 @@ import com.cameleer.server.app.license.LicenseRepository;
|
||||
import com.cameleer.server.app.license.LicenseService;
|
||||
import com.cameleer.server.core.admin.AuditService;
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.server.core.license.LicenseValidator;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseValidator;
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@@ -3,7 +3,7 @@ package com.cameleer.server.app.controller;
|
||||
import com.cameleer.server.app.license.LicenseRepository;
|
||||
import com.cameleer.server.app.license.LicenseService;
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import io.swagger.v3.oas.annotations.Operation;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
package com.cameleer.server.app.dto;
|
||||
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
|
||||
@Schema(description = "Authentication capabilities reported to the SPA so it can render the login page deterministically")
|
||||
public record AuthCapabilitiesResponse(
|
||||
@@ -12,7 +11,7 @@ public record AuthCapabilitiesResponse(
|
||||
@Schema(description = "OIDC interactive login")
|
||||
public record Oidc(
|
||||
@Schema(description = "Whether OIDC is configured AND enabled") boolean enabled,
|
||||
@Schema(description = "Best-effort display label, e.g. \"Logto\", \"Keycloak\", \"Single Sign-On\"") @NotNull String providerName,
|
||||
@Schema(description = "Best-effort display label, e.g. \"Logto\", \"Keycloak\", \"Single Sign-On\"") String providerName,
|
||||
@Schema(description = "When true, OIDC is the canonical entry point and the SPA hides the local form unless ?local is set") boolean primary
|
||||
) {}
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.cameleer.server.app.license;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.server.core.license.LicenseState;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseState;
|
||||
|
||||
import java.util.Objects;
|
||||
|
||||
|
||||
@@ -3,8 +3,8 @@ package com.cameleer.server.app.license;
|
||||
import com.cameleer.server.core.admin.AuditCategory;
|
||||
import com.cameleer.server.core.admin.AuditResult;
|
||||
import com.cameleer.server.core.admin.AuditService;
|
||||
import com.cameleer.license.LicenseLimits;
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseLimits;
|
||||
import io.micrometer.core.instrument.Counter;
|
||||
import io.micrometer.core.instrument.MeterRegistry;
|
||||
import io.micrometer.core.instrument.simple.SimpleMeterRegistry;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.cameleer.server.app.license;
|
||||
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.ControllerAdvice;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.cameleer.server.app.license;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.server.core.license.LicenseState;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseState;
|
||||
|
||||
import java.time.Duration;
|
||||
import java.time.Instant;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.cameleer.server.app.license;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseState;
|
||||
import com.cameleer.license.LicenseState;
|
||||
import io.micrometer.core.instrument.Gauge;
|
||||
import io.micrometer.core.instrument.MeterRegistry;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
|
||||
@@ -3,9 +3,9 @@ package com.cameleer.server.app.license;
|
||||
import com.cameleer.server.core.admin.AuditCategory;
|
||||
import com.cameleer.server.core.admin.AuditResult;
|
||||
import com.cameleer.server.core.admin.AuditService;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseValidator;
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.server.core.license.LicenseValidator;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.cameleer.server.app.license;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseLimits;
|
||||
import com.cameleer.license.LicenseLimits;
|
||||
import com.cameleer.server.core.runtime.Environment;
|
||||
import com.cameleer.server.core.runtime.EnvironmentRepository;
|
||||
import org.slf4j.Logger;
|
||||
|
||||
@@ -0,0 +1,52 @@
|
||||
package com.cameleer.server.app.security;
|
||||
|
||||
import com.cameleer.server.app.dto.AuthCapabilitiesResponse;
|
||||
import com.cameleer.server.core.security.OidcConfig;
|
||||
import com.cameleer.server.core.security.OidcConfigRepository;
|
||||
import io.swagger.v3.oas.annotations.Operation;
|
||||
import io.swagger.v3.oas.annotations.responses.ApiResponse;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
/**
|
||||
* Reports auth capabilities so the SPA renders the login page deterministically
|
||||
* instead of inferring from {@code GET /api/v1/auth/oidc/config} 200/404.
|
||||
*
|
||||
* <p>Unauthenticated by design — the SPA calls this before any sign-in attempt.
|
||||
* Inherits permit-all from the {@code /api/v1/auth/**} matcher in
|
||||
* {@link SecurityConfig}.
|
||||
*
|
||||
* <p>Future deferred work (issue #154) extends this same payload with MFA
|
||||
* enrollment URL and password-reset URL fields.
|
||||
*/
|
||||
@RestController
|
||||
@RequestMapping("/api/v1/auth")
|
||||
@Tag(name = "Authentication", description = "Login and token refresh endpoints")
|
||||
public class AuthCapabilitiesController {
|
||||
|
||||
private final OidcConfigRepository oidcConfigRepository;
|
||||
|
||||
public AuthCapabilitiesController(OidcConfigRepository oidcConfigRepository) {
|
||||
this.oidcConfigRepository = oidcConfigRepository;
|
||||
}
|
||||
|
||||
@GetMapping("/capabilities")
|
||||
@Operation(summary = "Auth capabilities for the SPA login page")
|
||||
@ApiResponse(responseCode = "200", description = "Capabilities resolved")
|
||||
public ResponseEntity<AuthCapabilitiesResponse> getCapabilities() {
|
||||
Optional<OidcConfig> config = oidcConfigRepository.find();
|
||||
boolean oidcEnabled = config.isPresent() && config.get().enabled();
|
||||
String providerName = oidcEnabled
|
||||
? OidcProviderNameDeriver.deriveName(config.get().issuerUri())
|
||||
: "";
|
||||
|
||||
var oidc = new AuthCapabilitiesResponse.Oidc(oidcEnabled, providerName, oidcEnabled);
|
||||
var local = new AuthCapabilitiesResponse.LocalAccounts(true, oidcEnabled);
|
||||
return ResponseEntity.ok(new AuthCapabilitiesResponse(oidc, local));
|
||||
}
|
||||
}
|
||||
@@ -2,7 +2,7 @@ package com.cameleer.server.app;
|
||||
|
||||
import com.cameleer.server.core.agent.AgentRegistryService;
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.server.core.security.JwtService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
|
||||
@@ -0,0 +1,96 @@
|
||||
package com.cameleer.server.app.controller;
|
||||
|
||||
import com.cameleer.server.app.AbstractPostgresIT;
|
||||
import com.cameleer.server.app.dto.AuthCapabilitiesResponse;
|
||||
import com.cameleer.server.core.security.OidcConfig;
|
||||
import com.cameleer.server.core.security.OidcConfigRepository;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.mock.mockito.MockBean;
|
||||
import org.springframework.boot.test.web.client.TestRestTemplate;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* Integration tests for {@link com.cameleer.server.app.security.AuthCapabilitiesController}.
|
||||
* Mocks {@link OidcConfigRepository} so each test controls the OIDC state it observes.
|
||||
*/
|
||||
class AuthCapabilitiesControllerIT extends AbstractPostgresIT {
|
||||
|
||||
@Autowired private TestRestTemplate restTemplate;
|
||||
@MockBean private OidcConfigRepository oidcConfigRepository;
|
||||
|
||||
@BeforeEach
|
||||
void resetMock() {
|
||||
when(oidcConfigRepository.find()).thenReturn(Optional.empty());
|
||||
}
|
||||
|
||||
@Test
|
||||
void noOidcConfig_returnsLocalOnlyCaps() {
|
||||
var resp = restTemplate.getForEntity("/api/v1/auth/capabilities", AuthCapabilitiesResponse.class);
|
||||
|
||||
assertThat(resp.getStatusCode().value()).isEqualTo(200);
|
||||
assertThat(resp.getBody()).isNotNull();
|
||||
assertThat(resp.getBody().oidc().enabled()).isFalse();
|
||||
assertThat(resp.getBody().oidc().providerName()).isEqualTo("");
|
||||
assertThat(resp.getBody().oidc().primary()).isFalse();
|
||||
assertThat(resp.getBody().localAccounts().enabled()).isTrue();
|
||||
assertThat(resp.getBody().localAccounts().adminRecoveryOnly()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
void oidcDisabledRow_behavesLikeAbsent() {
|
||||
OidcConfig disabled = new OidcConfig(false, "https://auth.logto.example/", "client-id", "secret",
|
||||
"roles", List.of("VIEWER"), true, "name", "sub", "", List.of());
|
||||
when(oidcConfigRepository.find()).thenReturn(Optional.of(disabled));
|
||||
|
||||
var resp = restTemplate.getForEntity("/api/v1/auth/capabilities", AuthCapabilitiesResponse.class);
|
||||
|
||||
assertThat(resp.getStatusCode().value()).isEqualTo(200);
|
||||
assertThat(resp.getBody().oidc().enabled()).isFalse();
|
||||
assertThat(resp.getBody().oidc().providerName()).isEqualTo("");
|
||||
assertThat(resp.getBody().oidc().primary()).isFalse();
|
||||
assertThat(resp.getBody().localAccounts().adminRecoveryOnly()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
void oidcEnabledLogto_returnsOidcPrimaryWithProviderName() {
|
||||
OidcConfig enabled = new OidcConfig(true, "https://auth.logto.example/", "client-id", "secret",
|
||||
"roles", List.of("VIEWER"), true, "name", "sub", "", List.of());
|
||||
when(oidcConfigRepository.find()).thenReturn(Optional.of(enabled));
|
||||
|
||||
var resp = restTemplate.getForEntity("/api/v1/auth/capabilities", AuthCapabilitiesResponse.class);
|
||||
|
||||
assertThat(resp.getStatusCode().value()).isEqualTo(200);
|
||||
assertThat(resp.getBody().oidc().enabled()).isTrue();
|
||||
assertThat(resp.getBody().oidc().providerName()).isEqualTo("Logto");
|
||||
assertThat(resp.getBody().oidc().primary()).isTrue();
|
||||
assertThat(resp.getBody().localAccounts().enabled()).isTrue();
|
||||
assertThat(resp.getBody().localAccounts().adminRecoveryOnly()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
void oidcEnabledUnknownProvider_returnsGenericProviderName() {
|
||||
OidcConfig enabled = new OidcConfig(true, "https://idp.example.com/", "client-id", "secret",
|
||||
"roles", List.of("VIEWER"), true, "name", "sub", "", List.of());
|
||||
when(oidcConfigRepository.find()).thenReturn(Optional.of(enabled));
|
||||
|
||||
var resp = restTemplate.getForEntity("/api/v1/auth/capabilities", AuthCapabilitiesResponse.class);
|
||||
|
||||
assertThat(resp.getStatusCode().value()).isEqualTo(200);
|
||||
assertThat(resp.getBody().oidc().providerName()).isEqualTo("Single Sign-On");
|
||||
assertThat(resp.getBody().oidc().primary()).isTrue();
|
||||
assertThat(resp.getBody().localAccounts().adminRecoveryOnly()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
void endpointIsUnauthenticated() {
|
||||
var resp = restTemplate.getForEntity("/api/v1/auth/capabilities", String.class);
|
||||
assertThat(resp.getStatusCode().value()).isEqualTo(200);
|
||||
}
|
||||
}
|
||||
@@ -22,7 +22,7 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
* Verifies that the {@code max_alert_rules} cap from the default tier is enforced at
|
||||
* {@code POST /api/v1/environments/{envSlug}/alerts/rules}. Default tier
|
||||
* {@code max_alert_rules = 2}; with no license installed the gate is in
|
||||
* {@link com.cameleer.server.core.license.LicenseState#ABSENT} and the defaults are
|
||||
* {@link com.cameleer.license.LicenseState#ABSENT} and the defaults are
|
||||
* authoritative. The first two creates succeed; the third must be rejected with the
|
||||
* structured 403 envelope produced by {@link LicenseExceptionAdvice}.
|
||||
*/
|
||||
|
||||
@@ -19,7 +19,7 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
/**
|
||||
* Verifies that the {@code max_apps} cap from the default tier is enforced at
|
||||
* {@code POST /api/v1/environments/{envSlug}/apps}. Default tier {@code max_apps = 3}; with no
|
||||
* license installed the gate is in {@link com.cameleer.server.core.license.LicenseState#ABSENT}
|
||||
* license installed the gate is in {@link com.cameleer.license.LicenseState#ABSENT}
|
||||
* and the defaults are authoritative. The fourth create attempt must be rejected with the
|
||||
* structured 403 envelope produced by {@link LicenseExceptionAdvice}.
|
||||
*/
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.cameleer.server.app.license;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.time.Instant;
|
||||
|
||||
@@ -4,8 +4,8 @@ import com.cameleer.license.minter.LicenseMinter;
|
||||
import com.cameleer.server.app.AbstractPostgresIT;
|
||||
import com.cameleer.server.app.TestSecurityHelper;
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.server.core.license.LicenseState;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseState;
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.cameleer.server.app.license;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.server.core.license.LicenseState;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseState;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.time.Instant;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package com.cameleer.server.app.license;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import io.micrometer.core.instrument.simple.SimpleMeterRegistry;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
|
||||
@@ -4,9 +4,9 @@ import com.cameleer.server.core.admin.AuditCategory;
|
||||
import com.cameleer.server.core.admin.AuditResult;
|
||||
import com.cameleer.server.core.admin.AuditService;
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.server.core.license.LicenseState;
|
||||
import com.cameleer.server.core.license.LicenseValidator;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseState;
|
||||
import com.cameleer.license.LicenseValidator;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
|
||||
@@ -20,7 +20,7 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
* Verifies that the {@code max_outbound_connections} cap from the default tier is enforced at
|
||||
* {@code POST /api/v1/admin/outbound-connections}. Default tier
|
||||
* {@code max_outbound_connections = 1}; with no license installed the gate is in
|
||||
* {@link com.cameleer.server.core.license.LicenseState#ABSENT} and the defaults are
|
||||
* {@link com.cameleer.license.LicenseState#ABSENT} and the defaults are
|
||||
* authoritative. The first create succeeds; the second must be rejected with the structured
|
||||
* 403 envelope produced by {@link LicenseExceptionAdvice}.
|
||||
*/
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
package com.cameleer.server.app.license;
|
||||
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseInfo;
|
||||
import com.cameleer.server.core.license.LicenseState;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseState;
|
||||
import com.cameleer.server.core.runtime.Environment;
|
||||
import com.cameleer.server.core.runtime.EnvironmentRepository;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
|
||||
@@ -3,7 +3,7 @@ package com.cameleer.server.app.license;
|
||||
import com.cameleer.server.app.AbstractPostgresIT;
|
||||
import com.cameleer.server.app.TestSecurityHelper;
|
||||
import com.cameleer.server.core.license.LicenseGate;
|
||||
import com.cameleer.server.core.license.LicenseState;
|
||||
import com.cameleer.license.LicenseState;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
@@ -15,6 +15,10 @@
|
||||
<description>Domain logic, storage, and agent registry</description>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>com.cameleer</groupId>
|
||||
<artifactId>cameleer-license-api</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.cameleer</groupId>
|
||||
<artifactId>cameleer-common</artifactId>
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
package com.cameleer.server.core.license;
|
||||
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseLimits;
|
||||
import com.cameleer.license.LicenseState;
|
||||
import com.cameleer.license.LicenseStateMachine;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
package com.cameleer.server.core.license;
|
||||
|
||||
import com.cameleer.license.DefaultTierLimits;
|
||||
import com.cameleer.license.LicenseInfo;
|
||||
import com.cameleer.license.LicenseState;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.time.Instant;
|
||||
6
pom.xml
6
pom.xml
@@ -20,6 +20,7 @@
|
||||
<description>Observability server for Cameleer agents</description>
|
||||
|
||||
<modules>
|
||||
<module>cameleer-license-api</module>
|
||||
<module>cameleer-server-core</module>
|
||||
<module>cameleer-server-app</module>
|
||||
<module>cameleer-license-minter</module>
|
||||
@@ -40,6 +41,11 @@
|
||||
<artifactId>cameleer-common</artifactId>
|
||||
<version>${cameleer-common.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.cameleer</groupId>
|
||||
<artifactId>cameleer-license-api</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.cameleer</groupId>
|
||||
<artifactId>cameleer-server-core</artifactId>
|
||||
|
||||
File diff suppressed because one or more lines are too long
46
ui/src/api/queries/auth.test.tsx
Normal file
46
ui/src/api/queries/auth.test.tsx
Normal file
@@ -0,0 +1,46 @@
|
||||
import { describe, it, expect, beforeEach, vi } from 'vitest';
|
||||
import { renderHook, waitFor } from '@testing-library/react';
|
||||
import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
|
||||
import type { ReactNode } from 'react';
|
||||
|
||||
vi.mock('../client', () => ({ api: { GET: vi.fn() } }));
|
||||
|
||||
import { api as apiClient } from '../client';
|
||||
import { useAuthCapabilities } from './auth';
|
||||
|
||||
function wrapper({ children }: { children: ReactNode }) {
|
||||
const qc = new QueryClient({ defaultOptions: { queries: { retry: false } } });
|
||||
return <QueryClientProvider client={qc}>{children}</QueryClientProvider>;
|
||||
}
|
||||
|
||||
describe('useAuthCapabilities', () => {
|
||||
beforeEach(() => vi.clearAllMocks());
|
||||
|
||||
it('returns the capabilities body on success', async () => {
|
||||
(apiClient.GET as any).mockResolvedValue({
|
||||
data: {
|
||||
oidc: { enabled: true, providerName: 'Logto', primary: true },
|
||||
localAccounts: { enabled: true, adminRecoveryOnly: true },
|
||||
},
|
||||
error: null,
|
||||
});
|
||||
|
||||
const { result } = renderHook(() => useAuthCapabilities(), { wrapper });
|
||||
|
||||
await waitFor(() => expect(result.current.isSuccess).toBe(true));
|
||||
expect(result.current.data?.oidc?.enabled).toBe(true);
|
||||
expect(result.current.data?.oidc?.providerName).toBe('Logto');
|
||||
expect(result.current.data?.localAccounts?.adminRecoveryOnly).toBe(true);
|
||||
});
|
||||
|
||||
it('exposes error state when the request fails', async () => {
|
||||
(apiClient.GET as any).mockResolvedValue({
|
||||
data: undefined,
|
||||
error: { message: 'boom' },
|
||||
});
|
||||
|
||||
const { result } = renderHook(() => useAuthCapabilities(), { wrapper });
|
||||
|
||||
await waitFor(() => expect(result.current.isError).toBe(true));
|
||||
});
|
||||
});
|
||||
@@ -1,6 +1,8 @@
|
||||
import { useQuery } from '@tanstack/react-query';
|
||||
import { config } from '../../config';
|
||||
import { useAuthStore } from '../../auth/auth-store';
|
||||
import { api } from '../client';
|
||||
import type { components } from '../schema';
|
||||
|
||||
export interface RoleSummary {
|
||||
id: string;
|
||||
@@ -46,3 +48,18 @@ export function useMe(enabled = false) {
|
||||
staleTime: 30_000,
|
||||
});
|
||||
}
|
||||
|
||||
export type AuthCapabilities = components['schemas']['AuthCapabilitiesResponse'];
|
||||
|
||||
export function useAuthCapabilities() {
|
||||
return useQuery<AuthCapabilities>({
|
||||
queryKey: ['auth', 'capabilities'],
|
||||
queryFn: async () => {
|
||||
const { data, error } = await api.GET('/auth/capabilities');
|
||||
if (error || !data) throw new Error('Failed to load auth capabilities');
|
||||
return data as AuthCapabilities;
|
||||
},
|
||||
staleTime: Infinity,
|
||||
retry: false,
|
||||
});
|
||||
}
|
||||
|
||||
135
ui/src/api/schema.d.ts
vendored
135
ui/src/api/schema.d.ts
vendored
@@ -1131,10 +1131,10 @@ export interface paths {
|
||||
path?: never;
|
||||
cookie?: never;
|
||||
};
|
||||
/** Get current license info */
|
||||
/** Get current license state, invalid reason, and parsed envelope */
|
||||
get: operations["getCurrent"];
|
||||
put?: never;
|
||||
/** Update license token at runtime */
|
||||
/** Install or replace the license token at runtime */
|
||||
post: operations["update_5"];
|
||||
delete?: never;
|
||||
options?: never;
|
||||
@@ -1872,6 +1872,23 @@ export interface paths {
|
||||
patch?: never;
|
||||
trace?: never;
|
||||
};
|
||||
"/auth/capabilities": {
|
||||
parameters: {
|
||||
query?: never;
|
||||
header?: never;
|
||||
path?: never;
|
||||
cookie?: never;
|
||||
};
|
||||
/** Auth capabilities for the SPA login page */
|
||||
get: operations["getCapabilities"];
|
||||
put?: never;
|
||||
post?: never;
|
||||
delete?: never;
|
||||
options?: never;
|
||||
head?: never;
|
||||
patch?: never;
|
||||
trace?: never;
|
||||
};
|
||||
"/agents/{id}/events": {
|
||||
parameters: {
|
||||
query?: never;
|
||||
@@ -2005,6 +2022,22 @@ export interface paths {
|
||||
patch?: never;
|
||||
trace?: never;
|
||||
};
|
||||
"/admin/license/usage": {
|
||||
parameters: {
|
||||
query?: never;
|
||||
header?: never;
|
||||
path?: never;
|
||||
cookie?: never;
|
||||
};
|
||||
get: operations["get_4"];
|
||||
put?: never;
|
||||
post?: never;
|
||||
delete?: never;
|
||||
options?: never;
|
||||
head?: never;
|
||||
patch?: never;
|
||||
trace?: never;
|
||||
};
|
||||
"/admin/database/tables": {
|
||||
parameters: {
|
||||
query?: never;
|
||||
@@ -2194,6 +2227,12 @@ export interface components {
|
||||
color?: string;
|
||||
/** Format: date-time */
|
||||
createdAt?: string;
|
||||
/** Format: int32 */
|
||||
executionRetentionDays?: number;
|
||||
/** Format: int32 */
|
||||
logRetentionDays?: number;
|
||||
/** Format: int32 */
|
||||
metricRetentionDays?: number;
|
||||
};
|
||||
/** @description Per-application dashboard settings */
|
||||
AppSettingsRequest: {
|
||||
@@ -3594,6 +3633,29 @@ export interface components {
|
||||
effectiveRoles?: components["schemas"]["RoleSummary"][];
|
||||
effectiveGroups?: components["schemas"]["GroupSummary"][];
|
||||
};
|
||||
/** @description Authentication capabilities reported to the SPA so it can render the login page deterministically */
|
||||
AuthCapabilitiesResponse: {
|
||||
/** @description OIDC interactive login capability */
|
||||
oidc?: components["schemas"]["Oidc"];
|
||||
/** @description Local username/password account capability */
|
||||
localAccounts?: components["schemas"]["LocalAccounts"];
|
||||
};
|
||||
/** @description Local username/password accounts */
|
||||
LocalAccounts: {
|
||||
/** @description Whether the local form is reachable at all */
|
||||
enabled?: boolean;
|
||||
/** @description When true, the SPA gates the local form behind ?local with an admin-recovery banner */
|
||||
adminRecoveryOnly?: boolean;
|
||||
};
|
||||
/** @description OIDC interactive login */
|
||||
Oidc: {
|
||||
/** @description Whether OIDC is configured AND enabled */
|
||||
enabled?: boolean;
|
||||
/** @description Best-effort display label, e.g. "Logto", "Keycloak", "Single Sign-On" */
|
||||
providerName: string;
|
||||
/** @description When true, OIDC is the canonical entry point and the SPA hides the local form unless ?local is set */
|
||||
primary?: boolean;
|
||||
};
|
||||
SseEmitter: {
|
||||
/** Format: int64 */
|
||||
timeout?: number;
|
||||
@@ -3651,18 +3713,6 @@ export interface components {
|
||||
/** Format: int32 */
|
||||
roleCount?: number;
|
||||
};
|
||||
LicenseInfo: {
|
||||
tier?: string;
|
||||
features?: ("topology" | "lineage" | "correlation" | "debugger" | "replay")[];
|
||||
limits?: {
|
||||
[key: string]: number;
|
||||
};
|
||||
/** Format: date-time */
|
||||
issuedAt?: string;
|
||||
/** Format: date-time */
|
||||
expiresAt?: string;
|
||||
expired?: boolean;
|
||||
};
|
||||
GroupDetail: {
|
||||
/** Format: uuid */
|
||||
id?: string;
|
||||
@@ -3832,7 +3882,7 @@ export interface components {
|
||||
username?: string;
|
||||
action?: string;
|
||||
/** @enum {string} */
|
||||
category?: "INFRA" | "AUTH" | "USER_MGMT" | "CONFIG" | "RBAC" | "AGENT" | "OUTBOUND_CONNECTION_CHANGE" | "OUTBOUND_HTTP_TRUST_CHANGE" | "ALERT_RULE_CHANGE" | "ALERT_SILENCE_CHANGE" | "DEPLOYMENT";
|
||||
category?: "INFRA" | "AUTH" | "USER_MGMT" | "CONFIG" | "RBAC" | "AGENT" | "OUTBOUND_CONNECTION_CHANGE" | "OUTBOUND_HTTP_TRUST_CHANGE" | "ALERT_RULE_CHANGE" | "ALERT_SILENCE_CHANGE" | "DEPLOYMENT" | "LICENSE";
|
||||
target?: string;
|
||||
detail?: {
|
||||
[key: string]: Record<string, never>;
|
||||
@@ -4825,6 +4875,15 @@ export interface operations {
|
||||
"*/*": Record<string, never>;
|
||||
};
|
||||
};
|
||||
/** @description jarRetentionCount exceeds license cap */
|
||||
422: {
|
||||
headers: {
|
||||
[name: string]: unknown;
|
||||
};
|
||||
content: {
|
||||
"*/*": Record<string, never>;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
updateDefaultContainerConfig: {
|
||||
@@ -6553,7 +6612,9 @@ export interface operations {
|
||||
[name: string]: unknown;
|
||||
};
|
||||
content: {
|
||||
"*/*": components["schemas"]["LicenseInfo"];
|
||||
"*/*": {
|
||||
[key: string]: Record<string, never>;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -7886,6 +7947,26 @@ export interface operations {
|
||||
};
|
||||
};
|
||||
};
|
||||
getCapabilities: {
|
||||
parameters: {
|
||||
query?: never;
|
||||
header?: never;
|
||||
path?: never;
|
||||
cookie?: never;
|
||||
};
|
||||
requestBody?: never;
|
||||
responses: {
|
||||
/** @description Capabilities resolved */
|
||||
200: {
|
||||
headers: {
|
||||
[name: string]: unknown;
|
||||
};
|
||||
content: {
|
||||
"*/*": components["schemas"]["AuthCapabilitiesResponse"];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
events: {
|
||||
parameters: {
|
||||
query?: never;
|
||||
@@ -8062,6 +8143,28 @@ export interface operations {
|
||||
};
|
||||
};
|
||||
};
|
||||
get_4: {
|
||||
parameters: {
|
||||
query?: never;
|
||||
header?: never;
|
||||
path?: never;
|
||||
cookie?: never;
|
||||
};
|
||||
requestBody?: never;
|
||||
responses: {
|
||||
/** @description OK */
|
||||
200: {
|
||||
headers: {
|
||||
[name: string]: unknown;
|
||||
};
|
||||
content: {
|
||||
"*/*": {
|
||||
[key: string]: Record<string, never>;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
getTables: {
|
||||
parameters: {
|
||||
query?: never;
|
||||
|
||||
@@ -91,3 +91,32 @@
|
||||
width: 100%;
|
||||
justify-content: center;
|
||||
}
|
||||
|
||||
.adminRecoveryBanner {
|
||||
margin-bottom: 1rem;
|
||||
}
|
||||
|
||||
.adminRecoveryBanner .backToSsoLink {
|
||||
display: inline-block;
|
||||
margin-top: 0.5rem;
|
||||
color: var(--accent);
|
||||
text-decoration: none;
|
||||
font-size: 0.875rem;
|
||||
}
|
||||
|
||||
.adminRecoveryBanner .backToSsoLink:hover {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
.adminRecoveryLink {
|
||||
display: inline-block;
|
||||
margin-top: 0.75rem;
|
||||
color: var(--text-muted);
|
||||
font-size: 0.8125rem;
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
.adminRecoveryLink:hover {
|
||||
color: var(--accent);
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
156
ui/src/auth/LoginPage.test.tsx
Normal file
156
ui/src/auth/LoginPage.test.tsx
Normal file
@@ -0,0 +1,156 @@
|
||||
import { describe, it, expect, beforeEach, vi } from 'vitest';
|
||||
import { render, screen, fireEvent, waitFor } from '@testing-library/react';
|
||||
import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
|
||||
import { MemoryRouter } from 'react-router';
|
||||
import type { ReactNode } from 'react';
|
||||
|
||||
vi.mock('../api/client', () => ({ api: { GET: vi.fn() } }));
|
||||
vi.mock('./auth-store', () => ({
|
||||
useAuthStore: Object.assign(
|
||||
() => ({ isAuthenticated: false, login: vi.fn(), loading: false, error: null }),
|
||||
{ setState: vi.fn() }
|
||||
),
|
||||
}));
|
||||
|
||||
import { api as apiClient } from '../api/client';
|
||||
import { useAuthStore } from './auth-store';
|
||||
import { LoginPage } from './LoginPage';
|
||||
|
||||
function wrapper(initialEntries: string[]) {
|
||||
return ({ children }: { children: ReactNode }) => {
|
||||
const qc = new QueryClient({ defaultOptions: { queries: { retry: false } } });
|
||||
return (
|
||||
<QueryClientProvider client={qc}>
|
||||
<MemoryRouter initialEntries={initialEntries}>{children}</MemoryRouter>
|
||||
</QueryClientProvider>
|
||||
);
|
||||
};
|
||||
}
|
||||
|
||||
function mockCaps(body: any) {
|
||||
(apiClient.GET as any).mockImplementation((path: string) => {
|
||||
if (path === '/auth/capabilities') return Promise.resolve({ data: body, error: null });
|
||||
if (path === '/auth/oidc/config') return Promise.resolve({
|
||||
data: {
|
||||
clientId: 'spa-client',
|
||||
authorizationEndpoint: 'https://auth.logto.example/oidc/auth',
|
||||
resource: 'https://api.cameleer.local',
|
||||
additionalScopes: [],
|
||||
},
|
||||
error: null,
|
||||
});
|
||||
return Promise.resolve({ data: undefined, error: { message: 'unexpected' } });
|
||||
});
|
||||
}
|
||||
|
||||
describe('LoginPage', () => {
|
||||
beforeEach(() => vi.clearAllMocks());
|
||||
|
||||
it('SSO primary, no ?local: renders SSO button only and admin-recovery link, no local form', async () => {
|
||||
mockCaps({
|
||||
oidc: { enabled: true, providerName: 'Logto', primary: true },
|
||||
localAccounts: { enabled: true, adminRecoveryOnly: true },
|
||||
});
|
||||
|
||||
render(<LoginPage />, { wrapper: wrapper(['/login']) });
|
||||
|
||||
expect(await screen.findByRole('button', { name: /sign in with logto/i })).toBeInTheDocument();
|
||||
expect(screen.queryByLabelText(/username/i)).toBeNull();
|
||||
expect(screen.queryByLabelText(/password/i)).toBeNull();
|
||||
expect(screen.getByRole('link', { name: /admin recovery/i })).toBeInTheDocument();
|
||||
});
|
||||
|
||||
it('SSO primary, ?local present: renders local form with amber recovery banner and back-to-SSO link', async () => {
|
||||
mockCaps({
|
||||
oidc: { enabled: true, providerName: 'Logto', primary: true },
|
||||
localAccounts: { enabled: true, adminRecoveryOnly: true },
|
||||
});
|
||||
|
||||
render(<LoginPage />, { wrapper: wrapper(['/login?local']) });
|
||||
|
||||
expect(await screen.findByLabelText(/username/i)).toBeInTheDocument();
|
||||
expect(screen.getByLabelText(/password/i)).toBeInTheDocument();
|
||||
expect(screen.getByText(/admin recovery/i)).toBeInTheDocument();
|
||||
expect(screen.getByRole('link', { name: /back to sso/i })).toBeInTheDocument();
|
||||
});
|
||||
|
||||
it('OIDC disabled: renders local form only, no SSO button', async () => {
|
||||
mockCaps({
|
||||
oidc: { enabled: false, providerName: '', primary: false },
|
||||
localAccounts: { enabled: true, adminRecoveryOnly: false },
|
||||
});
|
||||
|
||||
render(<LoginPage />, { wrapper: wrapper(['/login']) });
|
||||
|
||||
expect(await screen.findByLabelText(/username/i)).toBeInTheDocument();
|
||||
expect(screen.queryByRole('button', { name: /sign in with/i })).toBeNull();
|
||||
expect(screen.queryByText(/admin recovery/i)).toBeNull();
|
||||
});
|
||||
|
||||
it('capabilities request fails: renders degraded local form with warning banner', async () => {
|
||||
(apiClient.GET as any).mockImplementation((path: string) => {
|
||||
if (path === '/auth/capabilities') return Promise.resolve({ data: undefined, error: { message: 'fail' } });
|
||||
return Promise.resolve({ data: undefined, error: { message: 'unexpected' } });
|
||||
});
|
||||
|
||||
render(<LoginPage />, { wrapper: wrapper(['/login']) });
|
||||
|
||||
expect(await screen.findByLabelText(/username/i)).toBeInTheDocument();
|
||||
expect(screen.getByText(/sign-in options couldn't load/i)).toBeInTheDocument();
|
||||
});
|
||||
|
||||
it('SSO button click: navigates to authorize URL WITHOUT prompt=none', async () => {
|
||||
mockCaps({
|
||||
oidc: { enabled: true, providerName: 'Logto', primary: true },
|
||||
localAccounts: { enabled: true, adminRecoveryOnly: true },
|
||||
});
|
||||
|
||||
const originalLocation = window.location;
|
||||
const hrefSetter = vi.fn();
|
||||
Object.defineProperty(window, 'location', {
|
||||
configurable: true,
|
||||
value: { ...originalLocation, get href() { return ''; }, set href(v: string) { hrefSetter(v); } },
|
||||
});
|
||||
|
||||
try {
|
||||
render(<LoginPage />, { wrapper: wrapper(['/login']) });
|
||||
const btn = await screen.findByRole('button', { name: /sign in with logto/i });
|
||||
fireEvent.click(btn);
|
||||
|
||||
await waitFor(() => expect(hrefSetter).toHaveBeenCalled());
|
||||
const url: string = hrefSetter.mock.calls[0][0];
|
||||
expect(url).toMatch(/^https:\/\/auth\.logto\.example\/oidc\/auth\?/);
|
||||
expect(url).not.toMatch(/prompt=none/);
|
||||
expect(url).toMatch(/response_type=code/);
|
||||
expect(url).toMatch(/client_id=spa-client/);
|
||||
expect(url).toMatch(/scope=/);
|
||||
} finally {
|
||||
Object.defineProperty(window, 'location', { configurable: true, value: originalLocation });
|
||||
}
|
||||
});
|
||||
|
||||
it('SSO button click: when /auth/oidc/config fails, button unlocks and error is set', async () => {
|
||||
const setStateMock = vi.fn();
|
||||
const useAuthStoreMock = vi.mocked(useAuthStore) as unknown as { setState: typeof setStateMock };
|
||||
useAuthStoreMock.setState = setStateMock;
|
||||
|
||||
(apiClient.GET as any).mockImplementation((path: string) => {
|
||||
if (path === '/auth/capabilities') return Promise.resolve({
|
||||
data: { oidc: { enabled: true, providerName: 'Logto', primary: true }, localAccounts: { enabled: true, adminRecoveryOnly: true } },
|
||||
error: null,
|
||||
});
|
||||
if (path === '/auth/oidc/config') return Promise.reject(new Error('network down'));
|
||||
return Promise.resolve({ data: undefined, error: { message: 'unexpected' } });
|
||||
});
|
||||
|
||||
render(<LoginPage />, { wrapper: wrapper(['/login']) });
|
||||
const btn = await screen.findByRole('button', { name: /sign in with logto/i });
|
||||
fireEvent.click(btn);
|
||||
|
||||
await waitFor(() => expect(setStateMock).toHaveBeenCalled());
|
||||
const errorPayload = setStateMock.mock.calls[0][0];
|
||||
expect(errorPayload.error).toMatch(/OIDC configuration unavailable/i);
|
||||
// Button should not stay locked in "Redirecting…"
|
||||
await waitFor(() => expect(btn).not.toHaveTextContent(/redirecting/i));
|
||||
});
|
||||
});
|
||||
@@ -1,21 +1,13 @@
|
||||
import { type FormEvent, useEffect, useMemo, useRef, useState } from 'react';
|
||||
import { Navigate, useSearchParams } from 'react-router';
|
||||
import { type FormEvent, useMemo, useState } from 'react';
|
||||
import { Link, Navigate, useSearchParams } from 'react-router';
|
||||
import { useAuthStore } from './auth-store';
|
||||
import { api } from '../api/client';
|
||||
import { config } from '../config';
|
||||
import { useAuthCapabilities } from '../api/queries/auth';
|
||||
import { Card, Input, Button, Alert, FormField } from '@cameleer/design-system';
|
||||
import brandLogo from '@cameleer/design-system/assets/cameleer-logo.svg';
|
||||
import styles from './LoginPage.module.css';
|
||||
|
||||
interface OidcInfo {
|
||||
clientId: string;
|
||||
authorizationEndpoint: string;
|
||||
resource?: string;
|
||||
additionalScopes?: string[];
|
||||
}
|
||||
|
||||
// Logto org scopes required for role mapping in multi-tenant setups.
|
||||
// Always requested, harmless for non-Logto providers (unknown scopes are ignored per OIDC spec).
|
||||
const PLATFORM_SCOPES = ['urn:logto:scope:organizations', 'urn:logto:scope:organization_roles'];
|
||||
|
||||
const SUBTITLES = [
|
||||
@@ -53,66 +45,55 @@ export function LoginPage() {
|
||||
const subtitle = useMemo(() => SUBTITLES[Math.floor(Math.random() * SUBTITLES.length)], []);
|
||||
const [username, setUsername] = useState('');
|
||||
const [password, setPassword] = useState('');
|
||||
const [oidc, setOidc] = useState<OidcInfo | null>(null);
|
||||
const [oidcLoading, setOidcLoading] = useState(false);
|
||||
const autoRedirected = useRef(false);
|
||||
|
||||
useEffect(() => {
|
||||
api.GET('/auth/oidc/config')
|
||||
.then(({ data }) => {
|
||||
if (data?.authorizationEndpoint && data?.clientId) {
|
||||
setOidc({
|
||||
clientId: data.clientId,
|
||||
authorizationEndpoint: data.authorizationEndpoint,
|
||||
resource: data.resource ?? undefined,
|
||||
additionalScopes: data.additionalScopes ?? undefined,
|
||||
});
|
||||
if (data.endSessionEndpoint) {
|
||||
localStorage.setItem('cameleer-oidc-end-session', data.endSessionEndpoint);
|
||||
}
|
||||
}
|
||||
})
|
||||
.catch(() => {});
|
||||
}, []);
|
||||
|
||||
// Auto-redirect to OIDC provider for SSO (skip if ?local is in URL)
|
||||
useEffect(() => {
|
||||
if (oidc && !forceLocal && !autoRedirected.current) {
|
||||
autoRedirected.current = true;
|
||||
const redirectUri = `${window.location.origin}${config.basePath}oidc/callback`;
|
||||
const scopes = ['openid', 'email', 'profile', ...PLATFORM_SCOPES, ...(oidc.additionalScopes || [])];
|
||||
const params = new URLSearchParams({
|
||||
response_type: 'code',
|
||||
client_id: oidc.clientId,
|
||||
redirect_uri: redirectUri,
|
||||
scope: scopes.join(' '),
|
||||
prompt: 'none',
|
||||
});
|
||||
if (oidc.resource) params.set('resource', oidc.resource);
|
||||
window.location.href = `${oidc.authorizationEndpoint}?${params}`;
|
||||
}
|
||||
}, [oidc, forceLocal]);
|
||||
const { data: caps, isError: capsFailed, isLoading: capsLoading } = useAuthCapabilities();
|
||||
|
||||
if (isAuthenticated) return <Navigate to="/" replace />;
|
||||
if (capsLoading) return null;
|
||||
|
||||
const oidcPrimary = caps?.oidc?.primary === true;
|
||||
const adminRecoveryOnly = caps?.localAccounts?.adminRecoveryOnly === true;
|
||||
const providerName = caps?.oidc?.providerName || 'Single Sign-On';
|
||||
|
||||
// Render decisions
|
||||
const showSsoPrimary = oidcPrimary && adminRecoveryOnly && !forceLocal;
|
||||
const showLocalForm = !oidcPrimary || forceLocal || !adminRecoveryOnly || capsFailed;
|
||||
const showAdminRecoveryBanner = oidcPrimary && adminRecoveryOnly && forceLocal;
|
||||
|
||||
const handleSubmit = (e: FormEvent) => {
|
||||
e.preventDefault();
|
||||
login(username, password);
|
||||
};
|
||||
|
||||
const handleOidcLogin = () => {
|
||||
if (!oidc) return;
|
||||
const handleOidcLogin = async () => {
|
||||
setOidcLoading(true);
|
||||
try {
|
||||
const { data } = await api.GET('/auth/oidc/config');
|
||||
if (!data?.authorizationEndpoint || !data?.clientId) {
|
||||
useAuthStore.setState({ error: 'OIDC configuration unavailable. Try the local form via /login?local.' });
|
||||
return;
|
||||
}
|
||||
if (data.endSessionEndpoint) {
|
||||
localStorage.setItem('cameleer-oidc-end-session', data.endSessionEndpoint);
|
||||
}
|
||||
const redirectUri = `${window.location.origin}${config.basePath}oidc/callback`;
|
||||
const scopes = ['openid', 'email', 'profile', ...PLATFORM_SCOPES, ...(oidc.additionalScopes || [])];
|
||||
const scopes = ['openid', 'email', 'profile', ...PLATFORM_SCOPES, ...(data.additionalScopes || [])];
|
||||
const params = new URLSearchParams({
|
||||
response_type: 'code',
|
||||
client_id: oidc.clientId,
|
||||
client_id: data.clientId,
|
||||
redirect_uri: redirectUri,
|
||||
scope: scopes.join(' '),
|
||||
});
|
||||
if (oidc.resource) params.set('resource', oidc.resource);
|
||||
window.location.href = `${oidc.authorizationEndpoint}?${params}`;
|
||||
if (data.resource) params.set('resource', data.resource);
|
||||
// Note: NO prompt=none. Per RFC 9700 §4.4, that's silent re-auth only;
|
||||
// for first-time login it returns login_required and traps users on a local form.
|
||||
window.location.href = `${data.authorizationEndpoint}?${params}`;
|
||||
} catch {
|
||||
useAuthStore.setState({ error: 'OIDC configuration unavailable. Try the local form via /login?local.' });
|
||||
} finally {
|
||||
setOidcLoading(false);
|
||||
}
|
||||
};
|
||||
|
||||
return (
|
||||
@@ -125,33 +106,45 @@ export function LoginPage() {
|
||||
</div>
|
||||
<p className={styles.subtitle}>{subtitle}</p>
|
||||
|
||||
{capsFailed && (
|
||||
<div className={styles.error}>
|
||||
<Alert variant="warning">Sign-in options couldn't load. Refresh or use the form below.</Alert>
|
||||
</div>
|
||||
)}
|
||||
|
||||
{showAdminRecoveryBanner && (
|
||||
<div className={styles.adminRecoveryBanner}>
|
||||
<Alert variant="warning">
|
||||
Admin recovery login. Use SSO for normal sign-in.
|
||||
</Alert>
|
||||
<Link to="/login" className={styles.backToSsoLink}>← Back to SSO</Link>
|
||||
</div>
|
||||
)}
|
||||
|
||||
{error && (
|
||||
<div className={styles.error}>
|
||||
<Alert variant="error">{error}</Alert>
|
||||
</div>
|
||||
)}
|
||||
|
||||
{oidc && (
|
||||
<>
|
||||
{showSsoPrimary && (
|
||||
<div className={styles.socialSection}>
|
||||
<Button
|
||||
variant="secondary"
|
||||
variant="primary"
|
||||
className={styles.ssoButton}
|
||||
onClick={handleOidcLogin}
|
||||
disabled={oidcLoading}
|
||||
type="button"
|
||||
>
|
||||
{oidcLoading ? 'Redirecting...' : 'Sign in with SSO'}
|
||||
{oidcLoading ? 'Redirecting\u2026' : `Sign in with ${providerName}`}
|
||||
</Button>
|
||||
<Link to="/login?local" className={styles.adminRecoveryLink}>
|
||||
Admin recovery →
|
||||
</Link>
|
||||
</div>
|
||||
<div className={styles.divider}>
|
||||
<div className={styles.dividerLine} />
|
||||
<span className={styles.dividerText}>or</span>
|
||||
<div className={styles.dividerLine} />
|
||||
</div>
|
||||
</>
|
||||
)}
|
||||
|
||||
{showLocalForm && (
|
||||
<form className={styles.fields} onSubmit={handleSubmit} aria-label="Sign in" noValidate>
|
||||
<FormField label="Username" htmlFor="login-username">
|
||||
<Input
|
||||
@@ -187,6 +180,7 @@ export function LoginPage() {
|
||||
Sign in
|
||||
</Button>
|
||||
</form>
|
||||
)}
|
||||
</div>
|
||||
</Card>
|
||||
</div>
|
||||
|
||||
@@ -20,11 +20,6 @@ export function OidcCallback() {
|
||||
const errorParam = params.get('error');
|
||||
|
||||
if (errorParam) {
|
||||
// prompt=none failed — no session, fall back to login form
|
||||
if (errorParam === 'login_required' || errorParam === 'interaction_required') {
|
||||
window.location.replace(`${config.basePath}login?local`);
|
||||
return;
|
||||
}
|
||||
// consent_required — retry without prompt=none so user can grant scopes
|
||||
if (errorParam === 'consent_required' && !sessionStorage.getItem('oidc-consent-retry')) {
|
||||
sessionStorage.setItem('oidc-consent-retry', '1');
|
||||
@@ -43,7 +38,7 @@ export function OidcCallback() {
|
||||
window.location.href = `${data.authorizationEndpoint}?${p}`;
|
||||
}
|
||||
}).catch(() => {
|
||||
window.location.replace(`${config.basePath}login?local`);
|
||||
useAuthStore.setState({ error: 'OIDC consent retry failed.', loading: false });
|
||||
});
|
||||
return;
|
||||
}
|
||||
@@ -77,7 +72,7 @@ export function OidcCallback() {
|
||||
{error && (
|
||||
<>
|
||||
<Alert variant="error">{error}</Alert>
|
||||
<Button variant="secondary" onClick={() => navigate('/login?local')} className={styles.backButton}>
|
||||
<Button variant="secondary" onClick={() => navigate('/login')} className={styles.backButton}>
|
||||
Back to Login
|
||||
</Button>
|
||||
</>
|
||||
|
||||
@@ -154,11 +154,11 @@ export const useAuthStore = create<AuthState>((set, get) => ({
|
||||
isAuthenticated: false,
|
||||
error: null,
|
||||
});
|
||||
const loginUrl = `${config.basePath}login?local`;
|
||||
const loginUrl = `${config.basePath}login`;
|
||||
if (endSessionEndpoint && idToken) {
|
||||
const params = new URLSearchParams({
|
||||
id_token_hint: idToken,
|
||||
post_logout_redirect_uri: `${window.location.origin}${config.basePath}login?local`,
|
||||
post_logout_redirect_uri: `${window.location.origin}${config.basePath}login`,
|
||||
});
|
||||
fetch(`${endSessionEndpoint}?${params}`, { mode: 'no-cors' }).finally(() => {
|
||||
window.location.href = loginUrl;
|
||||
|
||||
@@ -19,8 +19,9 @@ type Fixtures = {
|
||||
export const test = base.extend<Fixtures>({
|
||||
loggedIn: [
|
||||
async ({ page }, use) => {
|
||||
// `?local` keeps the login page's auto-OIDC-redirect from firing so the
|
||||
// form-based login works even when an OIDC config happens to be present.
|
||||
// Navigate to ?local to bypass the SSO-primary page and reach the local
|
||||
// form directly, so the fixture works regardless of whether OIDC is
|
||||
// configured on the test server.
|
||||
await page.goto('/login?local');
|
||||
await page.getByLabel(/username/i).fill(ADMIN_USER);
|
||||
await page.getByLabel(/password/i).fill(ADMIN_PASS);
|
||||
|
||||
Reference in New Issue
Block a user