Add support for using OIDC tokens via the Docker CLI
This commit is contained in:
parent
6600b380ca
commit
e724125459
16 changed files with 176 additions and 14 deletions
|
@ -21,7 +21,6 @@ angular.module('quay').directive('externalLoginButton', function () {
|
|||
$scope.startSignin = function() {
|
||||
$scope.signInStarted({'service': $scope.provider});
|
||||
ExternalLoginService.getLoginUrl($scope.provider, $scope.action || 'login', function(url) {
|
||||
|
||||
// Save the redirect URL in a cookie so that we can redirect back after the service returns to us.
|
||||
var redirectURL = $scope.redirectUrl || window.location.toString();
|
||||
CookieService.putPermanent('quay.redirectAfterLoad', redirectURL);
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
function UserViewCtrl($scope, $routeParams, $timeout, ApiService, UserService, UIService, AvatarService, Config, ExternalLoginService) {
|
||||
var username = $routeParams.username;
|
||||
|
||||
$scope.Config = Config;
|
||||
|
||||
$scope.showAppsCounter = 0;
|
||||
$scope.showRobotsCounter = 0;
|
||||
$scope.showBillingCounter = 0;
|
||||
|
@ -23,7 +25,27 @@
|
|||
$scope.hasSingleSignin = ExternalLoginService.hasSingleSignin();
|
||||
$scope.context = {};
|
||||
|
||||
UserService.updateUserIn($scope);
|
||||
$scope.oidcLoginProvider = null;
|
||||
|
||||
if (Config['INTERNAL_OIDC_SERVICE_ID']) {
|
||||
ExternalLoginService.EXTERNAL_LOGINS.forEach(function(provider) {
|
||||
if (provider.id == Config['INTERNAL_OIDC_SERVICE_ID']) {
|
||||
$scope.oidcLoginProvider = provider;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
UserService.updateUserIn($scope, function(user) {
|
||||
if (user && user.username) {
|
||||
if ($scope.oidcLoginProvider && $routeParams['idtoken']) {
|
||||
$scope.context.idTokenCredentials = {
|
||||
'username': UserService.getCLIUsername(),
|
||||
'password': $routeParams['idtoken'],
|
||||
'namespace': UserService.currentUser().username
|
||||
};
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
var loadRepositories = function() {
|
||||
var options = {
|
||||
|
|
|
@ -70,8 +70,25 @@
|
|||
|
||||
<!-- Settings -->
|
||||
<cor-tab-pane id="settings">
|
||||
<!-- OIDC Token -->
|
||||
<div class="settings-section" ng-if="Config.AUTHENTICATION_TYPE == 'OIDC'">
|
||||
<h3>Docker CLI Token</h3>
|
||||
<div>
|
||||
A generated token is <strong>required</strong> to login via the Docker CLI.
|
||||
</div>
|
||||
|
||||
<table class="co-list-table" style="margin-top: 10px;">
|
||||
<tr>
|
||||
<td>CLI Token:</td>
|
||||
<td>
|
||||
<span class="external-login-button" is-link="true" action="cli" provider="oidcLoginProvider"></span>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<!-- Encrypted Password -->
|
||||
<div class="settings-section">
|
||||
<div class="settings-section" ng-if="Config.AUTHENTICATION_TYPE != 'OIDC'">
|
||||
<h3>Docker CLI Password</h3>
|
||||
<div ng-if="!Features.REQUIRE_ENCRYPTED_BASIC_AUTH">
|
||||
The Docker CLI stores passwords entered on the command line in <strong>plaintext</strong>. It is therefore highly recommended to generate an an encrypted version of your password to use for <code>docker login</code>.
|
||||
|
@ -185,4 +202,7 @@
|
|||
|
||||
<!-- Credentials for encrypted passwords -->
|
||||
<div class="credentials-dialog" credentials="context.encryptedPasswordCredentials" secret-title="Encrypted Password" entity-title="encrypted password" entity-icon="fa-key">
|
||||
|
||||
<!-- Credentials for ID token -->
|
||||
<div class="credentials-dialog" credentials="context.idTokenCredentials" secret-title="CLI Token" entity-title="Docker CLI token" entity-icon="fa-key">
|
||||
</div>
|
||||
|
|
Reference in a new issue