Merge pull request #2695 from coreos-inc/oidc-internal-auth

OIDC internal auth support
2017-10-02 16:51:17 -04:00 · 2017-10-02 16:51:17 -04:00 · 3bef21253d
commit 3bef21253d
parent 491b9c8278 f51a863158
29 changed files with 341 additions and 38 deletions
--- a/static/js/core-config-setup.js
+++ b/static/js/core-config-setup.js
@ -43,6 +43,10 @@ angular.module("core-config-setup", ['angularFileUpload'])
            return config.AUTHENTICATION_TYPE == 'Keystone';
          }, 'password': true},

+          {'id': 'oidc-auth', 'title': 'OIDC Authentication', 'condition': function(config) {
+            return config.AUTHENTICATION_TYPE == 'OIDC';
+          }},
+
          {'id': 'signer', 'title': 'ACI Signing', 'condition': function(config) {
            return config.FEATURE_ACI_CONVERSION;
          }},
@ -203,7 +207,7 @@ angular.module("core-config-setup", ['angularFileUpload'])
            return null;
          }

-          return key.substr(0, index);
+          return key.substr(0, index).toLowerCase();
        };

        $scope.getOIDCProviders = function(config) {
@ -687,6 +691,12 @@ angular.module("core-config-setup", ['angularFileUpload'])
          $scope.configform.$setValidity('storageConfig', valid);
        };

+        $scope.$watch('config.INTERNAL_OIDC_SERVICE_ID', function(service_id) {
+          if (service_id) {
+            $scope.config['FEATURE_DIRECT_LOGIN'] = false;
+          }
+        });
+
        $scope.$watch('config.FEATURE_STORAGE_REPLICATION', function() {
          refreshStorageConfig();
        });
--- a/static/js/directives/ui/external-login-button.js
+++ b/static/js/directives/ui/external-login-button.js
@ -21,7 +21,6 @@ angular.module('quay').directive('externalLoginButton', function () {
      $scope.startSignin = function() {
        $scope.signInStarted({'service': $scope.provider});
        ExternalLoginService.getLoginUrl($scope.provider, $scope.action || 'login', function(url) {
-
          // Save the redirect URL in a cookie so that we can redirect back after the service returns to us.
          var redirectURL = $scope.redirectUrl || window.location.toString();
          CookieService.putPermanent('quay.redirectAfterLoad', redirectURL);
--- a/static/js/pages/setup.js
+++ b/static/js/pages/setup.js
@ -237,11 +237,10 @@ import * as URI from 'urijs';

    $scope.serializeDbUri = function(fields) {
      if (!fields['server']) { return ''; }
+      if (!fields['database']) { return ''; }

      var uri = URI();
      try {
-        if (!fields['server']) { return ''; }
-        if (!fields['database']) { return ''; }
        uri = uri && uri.host(fields['server']);
        uri = uri && uri.protocol(fields['kind']);
        uri = uri && uri.username(fields['username']);
--- a/static/js/pages/user-view.js
+++ b/static/js/pages/user-view.js
@ -13,6 +13,8 @@
  function UserViewCtrl($scope, $routeParams, $timeout, ApiService, UserService, UIService, AvatarService, Config, ExternalLoginService) {
    var username = $routeParams.username;

+    $scope.Config = Config;
+
    $scope.showAppsCounter = 0;
    $scope.showRobotsCounter = 0;
    $scope.showBillingCounter = 0;
@ -25,7 +27,27 @@
    $scope.hasSingleSignin = ExternalLoginService.hasSingleSignin();
    $scope.context = {};

-    UserService.updateUserIn($scope);
+    $scope.oidcLoginProvider = null;
+
+    if (Config['INTERNAL_OIDC_SERVICE_ID']) {
+      ExternalLoginService.EXTERNAL_LOGINS.forEach(function(provider) {
+        if (provider.id == Config['INTERNAL_OIDC_SERVICE_ID']) {
+          $scope.oidcLoginProvider = provider;
+        }
+      });
+    }
+
+    UserService.updateUserIn($scope, function(user) {
+      if (user && user.username) {
+        if ($scope.oidcLoginProvider && $routeParams['idtoken']) {
+          $scope.context.idTokenCredentials = {
+            'username': UserService.getCLIUsername(),
+            'password': $routeParams['idtoken'],
+            'namespace': UserService.currentUser().username
+          };
+        }
+      }
+    });

    var loadRepositories = function() {
      var options = {