Add support for using OIDC tokens via the Docker CLI

2017-06-08 13:13:22 -04:00 · 2017-06-08 13:13:22 -04:00 · e724125459
commit e724125459
parent 6600b380ca
16 changed files with 176 additions and 14 deletions
--- a/static/js/directives/ui/external-login-button.js
+++ b/static/js/directives/ui/external-login-button.js
@ -21,7 +21,6 @@ angular.module('quay').directive('externalLoginButton', function () {
      $scope.startSignin = function() {
        $scope.signInStarted({'service': $scope.provider});
        ExternalLoginService.getLoginUrl($scope.provider, $scope.action || 'login', function(url) {
-
          // Save the redirect URL in a cookie so that we can redirect back after the service returns to us.
          var redirectURL = $scope.redirectUrl || window.location.toString();
          CookieService.putPermanent('quay.redirectAfterLoad', redirectURL);
--- a/static/js/pages/user-view.js
+++ b/static/js/pages/user-view.js
@ -13,6 +13,8 @@
  function UserViewCtrl($scope, $routeParams, $timeout, ApiService, UserService, UIService, AvatarService, Config, ExternalLoginService) {
    var username = $routeParams.username;

+    $scope.Config = Config;
+
    $scope.showAppsCounter = 0;
    $scope.showRobotsCounter = 0;
    $scope.showBillingCounter = 0;
@ -23,7 +25,27 @@
    $scope.hasSingleSignin = ExternalLoginService.hasSingleSignin();
    $scope.context = {};

-    UserService.updateUserIn($scope);
+    $scope.oidcLoginProvider = null;
+
+    if (Config['INTERNAL_OIDC_SERVICE_ID']) {
+      ExternalLoginService.EXTERNAL_LOGINS.forEach(function(provider) {
+        if (provider.id == Config['INTERNAL_OIDC_SERVICE_ID']) {
+          $scope.oidcLoginProvider = provider;
+        }
+      });
+    }
+
+    UserService.updateUserIn($scope, function(user) {
+      if (user && user.username) {
+        if ($scope.oidcLoginProvider && $routeParams['idtoken']) {
+          $scope.context.idTokenCredentials = {
+            'username': UserService.getCLIUsername(),
+            'password': $routeParams['idtoken'],
+            'namespace': UserService.currentUser().username
+          };
+        }
+      }
+    });

    var loadRepositories = function() {
      var options = {
--- a/static/partials/user-view.html
+++ b/static/partials/user-view.html
@ -70,8 +70,25 @@

        <!-- Settings -->
        <cor-tab-pane id="settings">
+          <!-- OIDC Token -->
+          <div class="settings-section" ng-if="Config.AUTHENTICATION_TYPE == 'OIDC'">
+            <h3>Docker CLI Token</h3>
+            <div>
+              A generated token is <strong>required</strong> to login via the Docker CLI.
+            </div>
+
+            <table class="co-list-table" style="margin-top: 10px;">
+              <tr>
+                <td>CLI Token:</td>
+                <td>
+                  <span class="external-login-button" is-link="true" action="cli" provider="oidcLoginProvider"></span>
+                </td>
+              </tr>
+            </table>
+          </div>
+
          <!-- Encrypted Password -->
-          <div class="settings-section">
+          <div class="settings-section" ng-if="Config.AUTHENTICATION_TYPE != 'OIDC'">
            <h3>Docker CLI Password</h3>
            <div ng-if="!Features.REQUIRE_ENCRYPTED_BASIC_AUTH">
              The Docker CLI stores passwords entered on the command line in <strong>plaintext</strong>. It is therefore highly recommended to generate an an encrypted version of your password to use for <code>docker login</code>.
@ -185,4 +202,7 @@

  <!-- Credentials for encrypted passwords -->
  <div class="credentials-dialog" credentials="context.encryptedPasswordCredentials" secret-title="Encrypted Password" entity-title="encrypted password" entity-icon="fa-key">
+
+  <!-- Credentials for ID token -->
+  <div class="credentials-dialog" credentials="context.idTokenCredentials" secret-title="CLI Token" entity-title="Docker CLI token" entity-icon="fa-key">
 </div>