Fix oauth flow and remove go-oidc library (#1063)

- Update transport to use the same from Console in IDP Auth
- Validate provided idp URL

Co-authored-by: Harshavardhana <harsha@minio.io>
Signed-off-by: Ricardo Katz <rkatz@vmware.com>
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>

Co-authored-by: Ricardo Katz <rkatz@vmware.com>
Co-authored-by: Harshavardhana <harsha@minio.io>
This commit is contained in:
Lenin Alevski
2021-09-20 16:13:16 -07:00
committed by GitHub
parent 64e38ca8d3
commit 2b6d5e5128
28 changed files with 85 additions and 113 deletions

2
go.mod
View File

@@ -5,7 +5,6 @@ go 1.16
require (
github.com/blang/semver/v4 v4.0.0
github.com/cheggaaa/pb/v3 v3.0.6
github.com/coreos/go-oidc v2.2.1+incompatible
github.com/dustin/go-humanize v1.0.0
github.com/go-openapi/errors v0.19.9
github.com/go-openapi/loads v0.20.2
@@ -27,7 +26,6 @@ require (
github.com/minio/pkg v1.1.3
github.com/minio/selfupdate v0.3.1
github.com/mitchellh/go-homedir v1.1.0
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
github.com/rs/xid v1.2.1
github.com/secure-io/sio-go v0.3.1
github.com/stretchr/testify v1.7.0

5
go.sum
View File

@@ -204,8 +204,6 @@ github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -1025,8 +1023,6 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr
github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.44.1/go.mod h1:3WYi4xqXxGGXWDdQIITnLNmuDzO5n6wYva9spVhR4fg=
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.46.0/go.mod h1:3WYi4xqXxGGXWDdQIITnLNmuDzO5n6wYva9spVhR4fg=
github.com/prometheus-operator/prometheus-operator/pkg/client v0.46.0/go.mod h1:k4BrWlVQQsvBiTcDnKEMgyh/euRxyxgrHdur/ZX/sdA=
@@ -1718,7 +1714,6 @@ gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4=
gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=

View File

@@ -407,10 +407,6 @@ type IdpConfigurationOidc struct {
// secret id
// Required: true
SecretID *string `json:"secret_id"`
// url
// Required: true
URL *string `json:"url"`
}
// Validate validates this idp configuration oidc
@@ -433,10 +429,6 @@ func (m *IdpConfigurationOidc) Validate(formats strfmt.Registry) error {
res = append(res, err)
}
if err := m.validateURL(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
@@ -479,15 +471,6 @@ func (m *IdpConfigurationOidc) validateSecretID(formats strfmt.Registry) error {
return nil
}
func (m *IdpConfigurationOidc) validateURL(formats strfmt.Registry) error {
if err := validate.Required("oidc"+"."+"url", "body", m.URL); err != nil {
return err
}
return nil
}
// ContextValidate validates this idp configuration oidc based on context it is used
func (m *IdpConfigurationOidc) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
return nil

View File

@@ -1970,7 +1970,6 @@ func init() {
"type": "object",
"required": [
"configuration_url",
"url",
"client_id",
"secret_id",
"claim_name"
@@ -1993,9 +1992,6 @@ func init() {
},
"secret_id": {
"type": "string"
},
"url": {
"type": "string"
}
}
}
@@ -4763,7 +4759,6 @@ func init() {
"type": "object",
"required": [
"configuration_url",
"url",
"client_id",
"secret_id",
"claim_name"
@@ -4786,9 +4781,6 @@ func init() {
},
"secret_id": {
"type": "string"
},
"url": {
"type": "string"
}
}
},
@@ -5713,7 +5705,6 @@ func init() {
"type": "object",
"required": [
"configuration_url",
"url",
"client_id",
"secret_id",
"claim_name"
@@ -5736,9 +5727,6 @@ func init() {
},
"secret_id": {
"type": "string"
},
"url": {
"type": "string"
}
}
}

View File

@@ -180,15 +180,13 @@ func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, *models.E
// getLoginDetailsResponse returns information regarding the Console authentication mechanism.
func getLoginDetailsResponse() (*models.LoginDetails, *models.Error) {
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
defer cancel()
loginStrategy := models.LoginDetailsLoginStrategyServiceDashAccount
redirectURL := ""
if oauth2.IsIDPEnabled() {
loginStrategy = models.LoginDetailsLoginStrategyRedirect
// initialize new oauth2 client
oauth2Client, err := oauth2.NewOauth2ProviderClient(ctx, nil, restapi.GetConsoleHTTPClient())
oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, restapi.GetConsoleHTTPClient())
if err != nil {
return nil, prepareError(err)
}

View File

@@ -1058,13 +1058,13 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
} else if tenantReq.Idp.Oidc != nil {
tenantExternalIDPConfigured = true
// Enable IDP (OIDC) for MinIO
url := *tenantReq.Idp.Oidc.ConfigurationURL
configurationURL := *tenantReq.Idp.Oidc.ConfigurationURL
clientID := *tenantReq.Idp.Oidc.ClientID
secretID := *tenantReq.Idp.Oidc.SecretID
claimName := *tenantReq.Idp.Oidc.ClaimName
scopes := tenantReq.Idp.Oidc.Scopes
callbackURL := tenantReq.Idp.Oidc.CallbackURL
tenantConfigurationENV["MINIO_IDENTITY_OPENID_CONFIG_URL"] = url
tenantConfigurationENV["MINIO_IDENTITY_OPENID_CONFIG_URL"] = configurationURL
tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLIENT_ID"] = clientID
tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLIENT_SECRET"] = secretID
tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLAIM_NAME"] = claimName

View File

@@ -20,6 +20,7 @@ import (
"context"
"crypto/sha1"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"net/http"
@@ -30,7 +31,6 @@ import (
"github.com/minio/minio-go/v7/pkg/credentials"
"github.com/coreos/go-oidc"
"github.com/minio/console/pkg/auth/utils"
"golang.org/x/crypto/pbkdf2"
"golang.org/x/oauth2"
@@ -49,6 +49,24 @@ type Config struct {
xoauth2.Config
}
// DiscoveryDoc - parses the output from openid-configuration
// for example https://accounts.google.com/.well-known/openid-configuration
type DiscoveryDoc struct {
Issuer string `json:"issuer,omitempty"`
AuthEndpoint string `json:"authorization_endpoint,omitempty"`
TokenEndpoint string `json:"token_endpoint,omitempty"`
UserInfoEndpoint string `json:"userinfo_endpoint,omitempty"`
RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
JwksURI string `json:"jwks_uri,omitempty"`
ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
SubjectTypesSupported []string `json:"subject_types_supported,omitempty"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
ScopesSupported []string `json:"scopes_supported,omitempty"`
TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported,omitempty"`
ClaimsSupported []string `json:"claims_supported,omitempty"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"`
}
func (ac Config) Exchange(ctx context.Context, code string, opts ...xoauth2.AuthCodeOption) (*xoauth2.Token, error) {
return ac.Exchange(ctx, code, opts...)
}
@@ -92,7 +110,6 @@ type Provider struct {
// if enabled means that we need extrace access_token as well
UserInfo bool
oauth2Config Configuration
oidcProvider *oidc.Provider
provHTTPClient *http.Client
}
@@ -105,9 +122,9 @@ var derivedKey = func() []byte {
// NewOauth2ProviderClient instantiates a new oauth2 client using the configured credentials
// it returns a *Provider object that contains the necessary configuration to initiate an
// oauth2 authentication flow
func NewOauth2ProviderClient(ctx context.Context, scopes []string, httpClient *http.Client) (*Provider, error) {
customCtx := oidc.ClientContext(ctx, httpClient)
provider, err := oidc.NewProvider(customCtx, GetIDPURL())
func NewOauth2ProviderClient(scopes []string, httpClient *http.Client) (*Provider, error) {
ddoc, err := parseDiscoveryDoc(GetIDPURL(), httpClient)
if err != nil {
return nil, err
}
@@ -118,17 +135,20 @@ func NewOauth2ProviderClient(ctx context.Context, scopes []string, httpClient *h
}
// add "openid" scope always.
scopes = append(scopes, oidc.ScopeOpenID)
scopes = append(scopes, "openid")
client := new(Provider)
client.oauth2Config = &xoauth2.Config{
ClientID: GetIDPClientID(),
ClientSecret: GetIDPSecret(),
RedirectURL: GetIDPCallbackURL(),
Endpoint: provider.Endpoint(),
Scopes: scopes,
Endpoint: oauth2.Endpoint{
AuthURL: ddoc.AuthEndpoint,
TokenURL: ddoc.TokenEndpoint,
},
Scopes: scopes,
}
client.oidcProvider = provider
client.ClientID = GetIDPClientID()
client.UserInfo = GetIDPUserInfo()
client.provHTTPClient = httpClient
@@ -241,6 +261,32 @@ func validateOauth2State(state string) error {
return nil
}
// parseDiscoveryDoc parses a discovery doc from an OAuth provider
// into a DiscoveryDoc struct that have the correct endpoints
func parseDiscoveryDoc(ustr string, httpClient *http.Client) (DiscoveryDoc, error) {
d := DiscoveryDoc{}
req, err := http.NewRequest(http.MethodGet, ustr, nil)
if err != nil {
return d, err
}
clnt := http.Client{
Transport: httpClient.Transport,
}
resp, err := clnt.Do(req)
if err != nil {
return d, err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return d, err
}
dec := json.NewDecoder(resp.Body)
if err = dec.Decode(&d); err != nil {
return d, err
}
return d, nil
}
// GetRandomStateWithHMAC computes message + hmac(message, pbkdf2(key, salt)) to be used as state during the oauth authorization
func GetRandomStateWithHMAC(length int) string {
state := utils.RandomCharString(length)

View File

@@ -21,7 +21,6 @@ import (
"net/http"
"testing"
"github.com/coreos/go-oidc"
"github.com/stretchr/testify/assert"
"golang.org/x/oauth2"
)
@@ -58,7 +57,6 @@ func TestGenerateLoginURL(t *testing.T) {
funcAssert := assert.New(t)
oauth2Provider := Provider{
oauth2Config: Oauth2configMock{},
oidcProvider: &oidc.Provider{},
}
// Test-1 : GenerateLoginURL() generates URL correctly with provided state
oauth2ConfigAuthCodeURLMock = func(state string, opts ...oauth2.AuthCodeOption) string {

View File

@@ -1,23 +1,23 @@
{
"files": {
"main.css": "./static/css/main.8cfac526.chunk.css",
"main.js": "./static/js/main.220aa385.chunk.js",
"main.js.map": "./static/js/main.220aa385.chunk.js.map",
"main.js": "./static/js/main.7ad4b880.chunk.js",
"main.js.map": "./static/js/main.7ad4b880.chunk.js.map",
"runtime-main.js": "./static/js/runtime-main.3fe0c1ac.js",
"runtime-main.js.map": "./static/js/runtime-main.3fe0c1ac.js.map",
"static/css/2.c5a51b70.chunk.css": "./static/css/2.c5a51b70.chunk.css",
"static/js/2.6e0d770e.chunk.js": "./static/js/2.6e0d770e.chunk.js",
"static/js/2.6e0d770e.chunk.js.map": "./static/js/2.6e0d770e.chunk.js.map",
"static/css/2.60e04a19.chunk.css": "./static/css/2.60e04a19.chunk.css",
"static/js/2.b63e7857.chunk.js": "./static/js/2.b63e7857.chunk.js",
"static/js/2.b63e7857.chunk.js.map": "./static/js/2.b63e7857.chunk.js.map",
"index.html": "./index.html",
"static/css/2.c5a51b70.chunk.css.map": "./static/css/2.c5a51b70.chunk.css.map",
"static/css/2.60e04a19.chunk.css.map": "./static/css/2.60e04a19.chunk.css.map",
"static/css/main.8cfac526.chunk.css.map": "./static/css/main.8cfac526.chunk.css.map",
"static/js/2.6e0d770e.chunk.js.LICENSE.txt": "./static/js/2.6e0d770e.chunk.js.LICENSE.txt"
"static/js/2.b63e7857.chunk.js.LICENSE.txt": "./static/js/2.b63e7857.chunk.js.LICENSE.txt"
},
"entrypoints": [
"static/js/runtime-main.3fe0c1ac.js",
"static/css/2.c5a51b70.chunk.css",
"static/js/2.6e0d770e.chunk.js",
"static/css/2.60e04a19.chunk.css",
"static/js/2.b63e7857.chunk.js",
"static/css/main.8cfac526.chunk.css",
"static/js/main.220aa385.chunk.js"
"static/js/main.7ad4b880.chunk.js"
]
}

View File

@@ -1 +1 @@
<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="MinIO Console"/><link href="https://fonts.googleapis.com/css2?family=Lato:wght@400;500;700;900&display=swap" rel="stylesheet"/><link href="./styles/root-styles.css" rel="stylesheet"/><link rel="apple-touch-icon" sizes="180x180" href="./apple-icon-180x180.png"/><link rel="icon" type="image/png" sizes="32x32" href="./favicon-32x32.png"/><link rel="icon" type="image/png" sizes="96x96" href="./favicon-96x96.png"/><link rel="icon" type="image/png" sizes="16x16" href="./favicon-16x16.png"/><link rel="manifest" href="./manifest.json"/><link rel="mask-icon" href="./safari-pinned-tab.svg" color="#3a4e54"/><title>MinIO Console</title><link href="./static/css/2.c5a51b70.chunk.css" rel="stylesheet"><link href="./static/css/main.8cfac526.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="loader-block"><svg class="loader-svg-container" viewBox="22 22 44 44"><circle class="loader-style MuiCircularProgress-circle MuiCircularProgress-circleIndeterminate" cx="44" cy="44" r="20.2" fill="none" stroke-width="3.6"></circle></svg></div></div><script>!function(e){function r(r){for(var n,l,i=r[0],a=r[1],p=r[2],c=0,s=[];c<i.length;c++)l=i[c],Object.prototype.hasOwnProperty.call(o,l)&&o[l]&&s.push(o[l][0]),o[l]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(f&&f(r);s.length;)s.shift()();return u.push.apply(u,p||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++){var a=t[i];0!==o[a]&&(n=!1)}n&&(u.splice(r--,1),e=l(l.s=t[0]))}return e}var n={},o={1:0},u=[];function l(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,l),t.l=!0,t.exports}l.m=e,l.c=n,l.d=function(e,r,t){l.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},l.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},l.t=function(e,r){if(1&r&&(e=l(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(l.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)l.d(t,n,function(r){return e[r]}.bind(null,n));return t},l.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return l.d(r,"a",r),r},l.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},l.p="./";var i=this["webpackJsonpportal-ui"]=this["webpackJsonpportal-ui"]||[],a=i.push.bind(i);i.push=r,i=i.slice();for(var p=0;p<i.length;p++)r(i[p]);var f=a;t()}([])</script><script src="./static/js/2.6e0d770e.chunk.js"></script><script src="./static/js/main.220aa385.chunk.js"></script></body></html>
<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#081C42" media="(prefers-color-scheme: light)"/><meta name="theme-color" content="#081C42" media="(prefers-color-scheme: dark)"/><meta name="description" content="MinIO Console"/><link href="https://fonts.googleapis.com/css2?family=Lato:wght@400;500;700;900&display=swap" rel="stylesheet"/><link href="./styles/root-styles.css" rel="stylesheet"/><link rel="apple-touch-icon" sizes="180x180" href="./apple-icon-180x180.png"/><link rel="icon" type="image/png" sizes="32x32" href="./favicon-32x32.png"/><link rel="icon" type="image/png" sizes="96x96" href="./favicon-96x96.png"/><link rel="icon" type="image/png" sizes="16x16" href="./favicon-16x16.png"/><link rel="manifest" href="./manifest.json"/><link rel="mask-icon" href="./safari-pinned-tab.svg" color="#3a4e54"/><title>MinIO Console</title><link href="./static/css/2.60e04a19.chunk.css" rel="stylesheet"><link href="./static/css/main.8cfac526.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="loader-block"><svg class="loader-svg-container" viewBox="22 22 44 44"><circle class="loader-style MuiCircularProgress-circle MuiCircularProgress-circleIndeterminate" cx="44" cy="44" r="20.2" fill="none" stroke-width="3.6"></circle></svg></div></div><script>!function(e){function r(r){for(var n,l,i=r[0],a=r[1],p=r[2],c=0,s=[];c<i.length;c++)l=i[c],Object.prototype.hasOwnProperty.call(o,l)&&o[l]&&s.push(o[l][0]),o[l]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(f&&f(r);s.length;)s.shift()();return u.push.apply(u,p||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++){var a=t[i];0!==o[a]&&(n=!1)}n&&(u.splice(r--,1),e=l(l.s=t[0]))}return e}var n={},o={1:0},u=[];function l(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,l),t.l=!0,t.exports}l.m=e,l.c=n,l.d=function(e,r,t){l.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},l.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},l.t=function(e,r){if(1&r&&(e=l(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(l.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)l.d(t,n,function(r){return e[r]}.bind(null,n));return t},l.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return l.d(r,"a",r),r},l.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},l.p="./";var i=this["webpackJsonpportal-ui"]=this["webpackJsonpportal-ui"]||[],a=i.push.bind(i);i.push=r,i=i.slice();for(var p=0;p<i.length;p++)r(i[p]);var f=a;t()}([])</script><script src="./static/js/2.b63e7857.chunk.js"></script><script src="./static/js/main.7ad4b880.chunk.js"></script></body></html>

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@@ -103,7 +103,6 @@ const AddTenant = ({
const exposeMinIO = fields.configure.exposeMinIO;
const exposeConsole = fields.configure.exposeConsole;
const idpSelection = fields.identityProvider.idpSelection;
const openIDURL = fields.identityProvider.openIDURL;
const openIDConfigurationURL =
fields.identityProvider.openIDConfigurationURL;
const openIDClientID = fields.identityProvider.openIDClientID;
@@ -525,7 +524,6 @@ const AddTenant = ({
case "OpenID":
dataIDP = {
oidc: {
url: openIDURL,
configuration_url: openIDConfigurationURL,
client_id: openIDClientID,
secret_id: openIDSecretID,

View File

@@ -47,7 +47,6 @@ interface IIdentityProviderProps {
idpSelection: string;
accessKeys: string[];
secretKeys: string[];
openIDURL: string;
openIDConfigurationURL: string;
openIDClientID: string;
openIDSecretID: string;
@@ -98,7 +97,6 @@ const IdentityProvider = ({
idpSelection,
accessKeys,
secretKeys,
openIDURL,
openIDConfigurationURL,
openIDClientID,
openIDSecretID,
@@ -177,11 +175,6 @@ const IdentityProvider = ({
if (idpSelection === "OpenID") {
customIDPValidation = [
...customIDPValidation,
{
fieldKey: "openID_URL",
required: true,
value: openIDURL,
},
{
fieldKey: "openID_CONFIGURATION_URL",
required: true,
@@ -233,7 +226,6 @@ const IdentityProvider = ({
idpSelection,
accessKeys,
secretKeys,
openIDURL,
openIDClientID,
openIDSecretID,
ADURL,
@@ -416,21 +408,6 @@ const IdentityProvider = ({
)}
{idpSelection === "OpenID" && (
<Fragment>
<Grid item xs={12}>
<InputBoxWrapper
id="openID_URL"
name="openID_URL"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
updateField("openIDURL", e.target.value);
cleanValidation("openID_URL");
}}
label="URL"
value={openIDURL}
placeholder="https://your-identity-provider.com/"
error={validationErrors["openID_URL"] || ""}
required
/>
</Grid>
<Grid item xs={12}>
<InputBoxWrapper
id="openID_CONFIGURATION_URL"
@@ -710,7 +687,6 @@ const mapState = (state: AppState) => ({
idpSelection: state.tenants.createTenant.fields.identityProvider.idpSelection,
accessKeys: state.tenants.createTenant.fields.identityProvider.accessKeys,
secretKeys: state.tenants.createTenant.fields.identityProvider.secretKeys,
openIDURL: state.tenants.createTenant.fields.identityProvider.openIDURL,
openIDConfigurationURL:
state.tenants.createTenant.fields.identityProvider.openIDConfigurationURL,
openIDClientID:

View File

@@ -247,11 +247,11 @@ const TenantSummary = ({
<b>Endpoint:</b>
<i>
<a
href={tenant?.endpoints.minio}
href={tenant?.endpoints?.minio}
target="_blank"
rel="noopener noreferrer"
>
{tenant?.endpoints.minio}
{tenant?.endpoints?.minio}
</a>
</i>
<div />
@@ -278,11 +278,11 @@ const TenantSummary = ({
<b>Console:</b>
<i>
<a
href={tenant?.endpoints.console}
href={tenant?.endpoints?.console}
target="_blank"
rel="noopener noreferrer"
>
{tenant?.endpoints.console}
{tenant?.endpoints?.console}
</a>
</i>
<div />
@@ -333,7 +333,7 @@ const TenantSummary = ({
{tenant && tenant.status && (
<span
className={healthStatusToClass(
tenant.status.health_status
tenant?.status?.health_status
)}
>
<CircleIcon />

View File

@@ -89,7 +89,6 @@ const initialState: ITenantState = {
idpSelection: "Built-in",
accessKeys: [getRandomString(16)],
secretKeys: [getRandomString(32)],
openIDURL: "",
openIDConfigurationURL: "",
openIDClientID: "",
openIDSecretID: "",
@@ -559,7 +558,6 @@ export function tenantsReducer(
idpSelection: "Built-in",
accessKeys: [getRandomString(16)],
secretKeys: [getRandomString(32)],
openIDURL: "",
openIDConfigurationURL: "",
openIDClientID: "",
openIDSecretID: "",

View File

@@ -151,7 +151,6 @@ export interface IIdentityProviderFields {
idpSelection: string;
accessKeys: string[];
secretKeys: string[];
openIDURL: string;
openIDConfigurationURL: string;
openIDClientID: string;
openIDSecretID: string;

View File

@@ -178,15 +178,13 @@ func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, *models.E
// getLoginDetailsResponse returns information regarding the Console authentication mechanism.
func getLoginDetailsResponse() (*models.LoginDetails, *models.Error) {
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
defer cancel()
loginStrategy := models.LoginDetailsLoginStrategyForm
redirectURL := ""
if oauth2.IsIDPEnabled() {
loginStrategy = models.LoginDetailsLoginStrategyRedirect
// initialize new oauth2 client
oauth2Client, err := oauth2.NewOauth2ProviderClient(ctx, nil, GetConsoleHTTPClient())
oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, GetConsoleHTTPClient())
if err != nil {
return nil, prepareError(err)
}
@@ -217,7 +215,7 @@ func getLoginOauth2AuthResponse(lr *models.LoginOauth2AuthRequest) (*models.Logi
defer cancel()
if oauth2.IsIDPEnabled() {
// initialize new oauth2 client
oauth2Client, err := oauth2.NewOauth2ProviderClient(ctx, nil, GetConsoleHTTPClient())
oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, GetConsoleHTTPClient())
if err != nil {
return nil, prepareError(err)
}

View File

@@ -1358,13 +1358,10 @@ definitions:
type: object
required:
- configuration_url
- url
- client_id
- secret_id
- claim_name
properties:
url:
type: string
configuration_url:
type: string
client_id: