mirror of
https://github.com/OpenMaxIO/openmaxio-object-browser
synced 2026-07-01 07:41:18 -07:00
Fix oauth flow and remove go-oidc library (#1063)
- Update transport to use the same from Console in IDP Auth - Validate provided idp URL Co-authored-by: Harshavardhana <harsha@minio.io> Signed-off-by: Ricardo Katz <rkatz@vmware.com> Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com> Co-authored-by: Ricardo Katz <rkatz@vmware.com> Co-authored-by: Harshavardhana <harsha@minio.io>
This commit is contained in:
2
go.mod
2
go.mod
@@ -5,7 +5,6 @@ go 1.16
|
||||
require (
|
||||
github.com/blang/semver/v4 v4.0.0
|
||||
github.com/cheggaaa/pb/v3 v3.0.6
|
||||
github.com/coreos/go-oidc v2.2.1+incompatible
|
||||
github.com/dustin/go-humanize v1.0.0
|
||||
github.com/go-openapi/errors v0.19.9
|
||||
github.com/go-openapi/loads v0.20.2
|
||||
@@ -27,7 +26,6 @@ require (
|
||||
github.com/minio/pkg v1.1.3
|
||||
github.com/minio/selfupdate v0.3.1
|
||||
github.com/mitchellh/go-homedir v1.1.0
|
||||
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
|
||||
github.com/rs/xid v1.2.1
|
||||
github.com/secure-io/sio-go v0.3.1
|
||||
github.com/stretchr/testify v1.7.0
|
||||
|
||||
5
go.sum
5
go.sum
@@ -204,8 +204,6 @@ github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc
|
||||
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
|
||||
github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
|
||||
github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
|
||||
github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
|
||||
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
|
||||
github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
|
||||
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
|
||||
@@ -1025,8 +1023,6 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr
|
||||
github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
|
||||
github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
|
||||
github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
|
||||
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
|
||||
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
|
||||
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.44.1/go.mod h1:3WYi4xqXxGGXWDdQIITnLNmuDzO5n6wYva9spVhR4fg=
|
||||
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.46.0/go.mod h1:3WYi4xqXxGGXWDdQIITnLNmuDzO5n6wYva9spVhR4fg=
|
||||
github.com/prometheus-operator/prometheus-operator/pkg/client v0.46.0/go.mod h1:k4BrWlVQQsvBiTcDnKEMgyh/euRxyxgrHdur/ZX/sdA=
|
||||
@@ -1718,7 +1714,6 @@ gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
|
||||
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
|
||||
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
|
||||
gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4=
|
||||
gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
|
||||
|
||||
@@ -407,10 +407,6 @@ type IdpConfigurationOidc struct {
|
||||
// secret id
|
||||
// Required: true
|
||||
SecretID *string `json:"secret_id"`
|
||||
|
||||
// url
|
||||
// Required: true
|
||||
URL *string `json:"url"`
|
||||
}
|
||||
|
||||
// Validate validates this idp configuration oidc
|
||||
@@ -433,10 +429,6 @@ func (m *IdpConfigurationOidc) Validate(formats strfmt.Registry) error {
|
||||
res = append(res, err)
|
||||
}
|
||||
|
||||
if err := m.validateURL(formats); err != nil {
|
||||
res = append(res, err)
|
||||
}
|
||||
|
||||
if len(res) > 0 {
|
||||
return errors.CompositeValidationError(res...)
|
||||
}
|
||||
@@ -479,15 +471,6 @@ func (m *IdpConfigurationOidc) validateSecretID(formats strfmt.Registry) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *IdpConfigurationOidc) validateURL(formats strfmt.Registry) error {
|
||||
|
||||
if err := validate.Required("oidc"+"."+"url", "body", m.URL); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ContextValidate validates this idp configuration oidc based on context it is used
|
||||
func (m *IdpConfigurationOidc) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
|
||||
return nil
|
||||
|
||||
@@ -1970,7 +1970,6 @@ func init() {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"configuration_url",
|
||||
"url",
|
||||
"client_id",
|
||||
"secret_id",
|
||||
"claim_name"
|
||||
@@ -1993,9 +1992,6 @@ func init() {
|
||||
},
|
||||
"secret_id": {
|
||||
"type": "string"
|
||||
},
|
||||
"url": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -4763,7 +4759,6 @@ func init() {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"configuration_url",
|
||||
"url",
|
||||
"client_id",
|
||||
"secret_id",
|
||||
"claim_name"
|
||||
@@ -4786,9 +4781,6 @@ func init() {
|
||||
},
|
||||
"secret_id": {
|
||||
"type": "string"
|
||||
},
|
||||
"url": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -5713,7 +5705,6 @@ func init() {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"configuration_url",
|
||||
"url",
|
||||
"client_id",
|
||||
"secret_id",
|
||||
"claim_name"
|
||||
@@ -5736,9 +5727,6 @@ func init() {
|
||||
},
|
||||
"secret_id": {
|
||||
"type": "string"
|
||||
},
|
||||
"url": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -180,15 +180,13 @@ func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, *models.E
|
||||
|
||||
// getLoginDetailsResponse returns information regarding the Console authentication mechanism.
|
||||
func getLoginDetailsResponse() (*models.LoginDetails, *models.Error) {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
|
||||
defer cancel()
|
||||
loginStrategy := models.LoginDetailsLoginStrategyServiceDashAccount
|
||||
redirectURL := ""
|
||||
|
||||
if oauth2.IsIDPEnabled() {
|
||||
loginStrategy = models.LoginDetailsLoginStrategyRedirect
|
||||
// initialize new oauth2 client
|
||||
oauth2Client, err := oauth2.NewOauth2ProviderClient(ctx, nil, restapi.GetConsoleHTTPClient())
|
||||
oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, restapi.GetConsoleHTTPClient())
|
||||
if err != nil {
|
||||
return nil, prepareError(err)
|
||||
}
|
||||
|
||||
@@ -1058,13 +1058,13 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
|
||||
} else if tenantReq.Idp.Oidc != nil {
|
||||
tenantExternalIDPConfigured = true
|
||||
// Enable IDP (OIDC) for MinIO
|
||||
url := *tenantReq.Idp.Oidc.ConfigurationURL
|
||||
configurationURL := *tenantReq.Idp.Oidc.ConfigurationURL
|
||||
clientID := *tenantReq.Idp.Oidc.ClientID
|
||||
secretID := *tenantReq.Idp.Oidc.SecretID
|
||||
claimName := *tenantReq.Idp.Oidc.ClaimName
|
||||
scopes := tenantReq.Idp.Oidc.Scopes
|
||||
callbackURL := tenantReq.Idp.Oidc.CallbackURL
|
||||
tenantConfigurationENV["MINIO_IDENTITY_OPENID_CONFIG_URL"] = url
|
||||
tenantConfigurationENV["MINIO_IDENTITY_OPENID_CONFIG_URL"] = configurationURL
|
||||
tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLIENT_ID"] = clientID
|
||||
tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLIENT_SECRET"] = secretID
|
||||
tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLAIM_NAME"] = claimName
|
||||
|
||||
@@ -20,6 +20,7 @@ import (
|
||||
"context"
|
||||
"crypto/sha1"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
@@ -30,7 +31,6 @@ import (
|
||||
|
||||
"github.com/minio/minio-go/v7/pkg/credentials"
|
||||
|
||||
"github.com/coreos/go-oidc"
|
||||
"github.com/minio/console/pkg/auth/utils"
|
||||
"golang.org/x/crypto/pbkdf2"
|
||||
"golang.org/x/oauth2"
|
||||
@@ -49,6 +49,24 @@ type Config struct {
|
||||
xoauth2.Config
|
||||
}
|
||||
|
||||
// DiscoveryDoc - parses the output from openid-configuration
|
||||
// for example https://accounts.google.com/.well-known/openid-configuration
|
||||
type DiscoveryDoc struct {
|
||||
Issuer string `json:"issuer,omitempty"`
|
||||
AuthEndpoint string `json:"authorization_endpoint,omitempty"`
|
||||
TokenEndpoint string `json:"token_endpoint,omitempty"`
|
||||
UserInfoEndpoint string `json:"userinfo_endpoint,omitempty"`
|
||||
RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
|
||||
JwksURI string `json:"jwks_uri,omitempty"`
|
||||
ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
|
||||
SubjectTypesSupported []string `json:"subject_types_supported,omitempty"`
|
||||
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
|
||||
ScopesSupported []string `json:"scopes_supported,omitempty"`
|
||||
TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported,omitempty"`
|
||||
ClaimsSupported []string `json:"claims_supported,omitempty"`
|
||||
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"`
|
||||
}
|
||||
|
||||
func (ac Config) Exchange(ctx context.Context, code string, opts ...xoauth2.AuthCodeOption) (*xoauth2.Token, error) {
|
||||
return ac.Exchange(ctx, code, opts...)
|
||||
}
|
||||
@@ -92,7 +110,6 @@ type Provider struct {
|
||||
// if enabled means that we need extrace access_token as well
|
||||
UserInfo bool
|
||||
oauth2Config Configuration
|
||||
oidcProvider *oidc.Provider
|
||||
provHTTPClient *http.Client
|
||||
}
|
||||
|
||||
@@ -105,9 +122,9 @@ var derivedKey = func() []byte {
|
||||
// NewOauth2ProviderClient instantiates a new oauth2 client using the configured credentials
|
||||
// it returns a *Provider object that contains the necessary configuration to initiate an
|
||||
// oauth2 authentication flow
|
||||
func NewOauth2ProviderClient(ctx context.Context, scopes []string, httpClient *http.Client) (*Provider, error) {
|
||||
customCtx := oidc.ClientContext(ctx, httpClient)
|
||||
provider, err := oidc.NewProvider(customCtx, GetIDPURL())
|
||||
func NewOauth2ProviderClient(scopes []string, httpClient *http.Client) (*Provider, error) {
|
||||
|
||||
ddoc, err := parseDiscoveryDoc(GetIDPURL(), httpClient)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -118,17 +135,20 @@ func NewOauth2ProviderClient(ctx context.Context, scopes []string, httpClient *h
|
||||
}
|
||||
|
||||
// add "openid" scope always.
|
||||
scopes = append(scopes, oidc.ScopeOpenID)
|
||||
scopes = append(scopes, "openid")
|
||||
|
||||
client := new(Provider)
|
||||
client.oauth2Config = &xoauth2.Config{
|
||||
ClientID: GetIDPClientID(),
|
||||
ClientSecret: GetIDPSecret(),
|
||||
RedirectURL: GetIDPCallbackURL(),
|
||||
Endpoint: provider.Endpoint(),
|
||||
Scopes: scopes,
|
||||
Endpoint: oauth2.Endpoint{
|
||||
AuthURL: ddoc.AuthEndpoint,
|
||||
TokenURL: ddoc.TokenEndpoint,
|
||||
},
|
||||
Scopes: scopes,
|
||||
}
|
||||
client.oidcProvider = provider
|
||||
|
||||
client.ClientID = GetIDPClientID()
|
||||
client.UserInfo = GetIDPUserInfo()
|
||||
client.provHTTPClient = httpClient
|
||||
@@ -241,6 +261,32 @@ func validateOauth2State(state string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// parseDiscoveryDoc parses a discovery doc from an OAuth provider
|
||||
// into a DiscoveryDoc struct that have the correct endpoints
|
||||
func parseDiscoveryDoc(ustr string, httpClient *http.Client) (DiscoveryDoc, error) {
|
||||
d := DiscoveryDoc{}
|
||||
req, err := http.NewRequest(http.MethodGet, ustr, nil)
|
||||
if err != nil {
|
||||
return d, err
|
||||
}
|
||||
clnt := http.Client{
|
||||
Transport: httpClient.Transport,
|
||||
}
|
||||
resp, err := clnt.Do(req)
|
||||
if err != nil {
|
||||
return d, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return d, err
|
||||
}
|
||||
dec := json.NewDecoder(resp.Body)
|
||||
if err = dec.Decode(&d); err != nil {
|
||||
return d, err
|
||||
}
|
||||
return d, nil
|
||||
}
|
||||
|
||||
// GetRandomStateWithHMAC computes message + hmac(message, pbkdf2(key, salt)) to be used as state during the oauth authorization
|
||||
func GetRandomStateWithHMAC(length int) string {
|
||||
state := utils.RandomCharString(length)
|
||||
|
||||
@@ -21,7 +21,6 @@ import (
|
||||
"net/http"
|
||||
"testing"
|
||||
|
||||
"github.com/coreos/go-oidc"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"golang.org/x/oauth2"
|
||||
)
|
||||
@@ -58,7 +57,6 @@ func TestGenerateLoginURL(t *testing.T) {
|
||||
funcAssert := assert.New(t)
|
||||
oauth2Provider := Provider{
|
||||
oauth2Config: Oauth2configMock{},
|
||||
oidcProvider: &oidc.Provider{},
|
||||
}
|
||||
// Test-1 : GenerateLoginURL() generates URL correctly with provided state
|
||||
oauth2ConfigAuthCodeURLMock = func(state string, opts ...oauth2.AuthCodeOption) string {
|
||||
|
||||
@@ -1,23 +1,23 @@
|
||||
{
|
||||
"files": {
|
||||
"main.css": "./static/css/main.8cfac526.chunk.css",
|
||||
"main.js": "./static/js/main.220aa385.chunk.js",
|
||||
"main.js.map": "./static/js/main.220aa385.chunk.js.map",
|
||||
"main.js": "./static/js/main.7ad4b880.chunk.js",
|
||||
"main.js.map": "./static/js/main.7ad4b880.chunk.js.map",
|
||||
"runtime-main.js": "./static/js/runtime-main.3fe0c1ac.js",
|
||||
"runtime-main.js.map": "./static/js/runtime-main.3fe0c1ac.js.map",
|
||||
"static/css/2.c5a51b70.chunk.css": "./static/css/2.c5a51b70.chunk.css",
|
||||
"static/js/2.6e0d770e.chunk.js": "./static/js/2.6e0d770e.chunk.js",
|
||||
"static/js/2.6e0d770e.chunk.js.map": "./static/js/2.6e0d770e.chunk.js.map",
|
||||
"static/css/2.60e04a19.chunk.css": "./static/css/2.60e04a19.chunk.css",
|
||||
"static/js/2.b63e7857.chunk.js": "./static/js/2.b63e7857.chunk.js",
|
||||
"static/js/2.b63e7857.chunk.js.map": "./static/js/2.b63e7857.chunk.js.map",
|
||||
"index.html": "./index.html",
|
||||
"static/css/2.c5a51b70.chunk.css.map": "./static/css/2.c5a51b70.chunk.css.map",
|
||||
"static/css/2.60e04a19.chunk.css.map": "./static/css/2.60e04a19.chunk.css.map",
|
||||
"static/css/main.8cfac526.chunk.css.map": "./static/css/main.8cfac526.chunk.css.map",
|
||||
"static/js/2.6e0d770e.chunk.js.LICENSE.txt": "./static/js/2.6e0d770e.chunk.js.LICENSE.txt"
|
||||
"static/js/2.b63e7857.chunk.js.LICENSE.txt": "./static/js/2.b63e7857.chunk.js.LICENSE.txt"
|
||||
},
|
||||
"entrypoints": [
|
||||
"static/js/runtime-main.3fe0c1ac.js",
|
||||
"static/css/2.c5a51b70.chunk.css",
|
||||
"static/js/2.6e0d770e.chunk.js",
|
||||
"static/css/2.60e04a19.chunk.css",
|
||||
"static/js/2.b63e7857.chunk.js",
|
||||
"static/css/main.8cfac526.chunk.css",
|
||||
"static/js/main.220aa385.chunk.js"
|
||||
"static/js/main.7ad4b880.chunk.js"
|
||||
]
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="MinIO Console"/><link href="https://fonts.googleapis.com/css2?family=Lato:wght@400;500;700;900&display=swap" rel="stylesheet"/><link href="./styles/root-styles.css" rel="stylesheet"/><link rel="apple-touch-icon" sizes="180x180" href="./apple-icon-180x180.png"/><link rel="icon" type="image/png" sizes="32x32" href="./favicon-32x32.png"/><link rel="icon" type="image/png" sizes="96x96" href="./favicon-96x96.png"/><link rel="icon" type="image/png" sizes="16x16" href="./favicon-16x16.png"/><link rel="manifest" href="./manifest.json"/><link rel="mask-icon" href="./safari-pinned-tab.svg" color="#3a4e54"/><title>MinIO Console</title><link href="./static/css/2.c5a51b70.chunk.css" rel="stylesheet"><link href="./static/css/main.8cfac526.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="loader-block"><svg class="loader-svg-container" viewBox="22 22 44 44"><circle class="loader-style MuiCircularProgress-circle MuiCircularProgress-circleIndeterminate" cx="44" cy="44" r="20.2" fill="none" stroke-width="3.6"></circle></svg></div></div><script>!function(e){function r(r){for(var n,l,i=r[0],a=r[1],p=r[2],c=0,s=[];c<i.length;c++)l=i[c],Object.prototype.hasOwnProperty.call(o,l)&&o[l]&&s.push(o[l][0]),o[l]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(f&&f(r);s.length;)s.shift()();return u.push.apply(u,p||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++){var a=t[i];0!==o[a]&&(n=!1)}n&&(u.splice(r--,1),e=l(l.s=t[0]))}return e}var n={},o={1:0},u=[];function l(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,l),t.l=!0,t.exports}l.m=e,l.c=n,l.d=function(e,r,t){l.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},l.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},l.t=function(e,r){if(1&r&&(e=l(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(l.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)l.d(t,n,function(r){return e[r]}.bind(null,n));return t},l.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return l.d(r,"a",r),r},l.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},l.p="./";var i=this["webpackJsonpportal-ui"]=this["webpackJsonpportal-ui"]||[],a=i.push.bind(i);i.push=r,i=i.slice();for(var p=0;p<i.length;p++)r(i[p]);var f=a;t()}([])</script><script src="./static/js/2.6e0d770e.chunk.js"></script><script src="./static/js/main.220aa385.chunk.js"></script></body></html>
|
||||
<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#081C42" media="(prefers-color-scheme: light)"/><meta name="theme-color" content="#081C42" media="(prefers-color-scheme: dark)"/><meta name="description" content="MinIO Console"/><link href="https://fonts.googleapis.com/css2?family=Lato:wght@400;500;700;900&display=swap" rel="stylesheet"/><link href="./styles/root-styles.css" rel="stylesheet"/><link rel="apple-touch-icon" sizes="180x180" href="./apple-icon-180x180.png"/><link rel="icon" type="image/png" sizes="32x32" href="./favicon-32x32.png"/><link rel="icon" type="image/png" sizes="96x96" href="./favicon-96x96.png"/><link rel="icon" type="image/png" sizes="16x16" href="./favicon-16x16.png"/><link rel="manifest" href="./manifest.json"/><link rel="mask-icon" href="./safari-pinned-tab.svg" color="#3a4e54"/><title>MinIO Console</title><link href="./static/css/2.60e04a19.chunk.css" rel="stylesheet"><link href="./static/css/main.8cfac526.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"><div id="loader-block"><svg class="loader-svg-container" viewBox="22 22 44 44"><circle class="loader-style MuiCircularProgress-circle MuiCircularProgress-circleIndeterminate" cx="44" cy="44" r="20.2" fill="none" stroke-width="3.6"></circle></svg></div></div><script>!function(e){function r(r){for(var n,l,i=r[0],a=r[1],p=r[2],c=0,s=[];c<i.length;c++)l=i[c],Object.prototype.hasOwnProperty.call(o,l)&&o[l]&&s.push(o[l][0]),o[l]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(f&&f(r);s.length;)s.shift()();return u.push.apply(u,p||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++){var a=t[i];0!==o[a]&&(n=!1)}n&&(u.splice(r--,1),e=l(l.s=t[0]))}return e}var n={},o={1:0},u=[];function l(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,l),t.l=!0,t.exports}l.m=e,l.c=n,l.d=function(e,r,t){l.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},l.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},l.t=function(e,r){if(1&r&&(e=l(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(l.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)l.d(t,n,function(r){return e[r]}.bind(null,n));return t},l.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return l.d(r,"a",r),r},l.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},l.p="./";var i=this["webpackJsonpportal-ui"]=this["webpackJsonpportal-ui"]||[],a=i.push.bind(i);i.push=r,i=i.slice();for(var p=0;p<i.length;p++)r(i[p]);var f=a;t()}([])</script><script src="./static/js/2.b63e7857.chunk.js"></script><script src="./static/js/main.7ad4b880.chunk.js"></script></body></html>
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
3
portal-ui/build/static/js/2.b63e7857.chunk.js
Normal file
3
portal-ui/build/static/js/2.b63e7857.chunk.js
Normal file
File diff suppressed because one or more lines are too long
1
portal-ui/build/static/js/2.b63e7857.chunk.js.map
Normal file
1
portal-ui/build/static/js/2.b63e7857.chunk.js.map
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
2
portal-ui/build/static/js/main.7ad4b880.chunk.js
Normal file
2
portal-ui/build/static/js/main.7ad4b880.chunk.js
Normal file
File diff suppressed because one or more lines are too long
1
portal-ui/build/static/js/main.7ad4b880.chunk.js.map
Normal file
1
portal-ui/build/static/js/main.7ad4b880.chunk.js.map
Normal file
File diff suppressed because one or more lines are too long
@@ -103,7 +103,6 @@ const AddTenant = ({
|
||||
const exposeMinIO = fields.configure.exposeMinIO;
|
||||
const exposeConsole = fields.configure.exposeConsole;
|
||||
const idpSelection = fields.identityProvider.idpSelection;
|
||||
const openIDURL = fields.identityProvider.openIDURL;
|
||||
const openIDConfigurationURL =
|
||||
fields.identityProvider.openIDConfigurationURL;
|
||||
const openIDClientID = fields.identityProvider.openIDClientID;
|
||||
@@ -525,7 +524,6 @@ const AddTenant = ({
|
||||
case "OpenID":
|
||||
dataIDP = {
|
||||
oidc: {
|
||||
url: openIDURL,
|
||||
configuration_url: openIDConfigurationURL,
|
||||
client_id: openIDClientID,
|
||||
secret_id: openIDSecretID,
|
||||
|
||||
@@ -47,7 +47,6 @@ interface IIdentityProviderProps {
|
||||
idpSelection: string;
|
||||
accessKeys: string[];
|
||||
secretKeys: string[];
|
||||
openIDURL: string;
|
||||
openIDConfigurationURL: string;
|
||||
openIDClientID: string;
|
||||
openIDSecretID: string;
|
||||
@@ -98,7 +97,6 @@ const IdentityProvider = ({
|
||||
idpSelection,
|
||||
accessKeys,
|
||||
secretKeys,
|
||||
openIDURL,
|
||||
openIDConfigurationURL,
|
||||
openIDClientID,
|
||||
openIDSecretID,
|
||||
@@ -177,11 +175,6 @@ const IdentityProvider = ({
|
||||
if (idpSelection === "OpenID") {
|
||||
customIDPValidation = [
|
||||
...customIDPValidation,
|
||||
{
|
||||
fieldKey: "openID_URL",
|
||||
required: true,
|
||||
value: openIDURL,
|
||||
},
|
||||
{
|
||||
fieldKey: "openID_CONFIGURATION_URL",
|
||||
required: true,
|
||||
@@ -233,7 +226,6 @@ const IdentityProvider = ({
|
||||
idpSelection,
|
||||
accessKeys,
|
||||
secretKeys,
|
||||
openIDURL,
|
||||
openIDClientID,
|
||||
openIDSecretID,
|
||||
ADURL,
|
||||
@@ -416,21 +408,6 @@ const IdentityProvider = ({
|
||||
)}
|
||||
{idpSelection === "OpenID" && (
|
||||
<Fragment>
|
||||
<Grid item xs={12}>
|
||||
<InputBoxWrapper
|
||||
id="openID_URL"
|
||||
name="openID_URL"
|
||||
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
|
||||
updateField("openIDURL", e.target.value);
|
||||
cleanValidation("openID_URL");
|
||||
}}
|
||||
label="URL"
|
||||
value={openIDURL}
|
||||
placeholder="https://your-identity-provider.com/"
|
||||
error={validationErrors["openID_URL"] || ""}
|
||||
required
|
||||
/>
|
||||
</Grid>
|
||||
<Grid item xs={12}>
|
||||
<InputBoxWrapper
|
||||
id="openID_CONFIGURATION_URL"
|
||||
@@ -710,7 +687,6 @@ const mapState = (state: AppState) => ({
|
||||
idpSelection: state.tenants.createTenant.fields.identityProvider.idpSelection,
|
||||
accessKeys: state.tenants.createTenant.fields.identityProvider.accessKeys,
|
||||
secretKeys: state.tenants.createTenant.fields.identityProvider.secretKeys,
|
||||
openIDURL: state.tenants.createTenant.fields.identityProvider.openIDURL,
|
||||
openIDConfigurationURL:
|
||||
state.tenants.createTenant.fields.identityProvider.openIDConfigurationURL,
|
||||
openIDClientID:
|
||||
|
||||
@@ -247,11 +247,11 @@ const TenantSummary = ({
|
||||
<b>Endpoint:</b>
|
||||
<i>
|
||||
<a
|
||||
href={tenant?.endpoints.minio}
|
||||
href={tenant?.endpoints?.minio}
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
>
|
||||
{tenant?.endpoints.minio}
|
||||
{tenant?.endpoints?.minio}
|
||||
</a>
|
||||
</i>
|
||||
<div />
|
||||
@@ -278,11 +278,11 @@ const TenantSummary = ({
|
||||
<b>Console:</b>
|
||||
<i>
|
||||
<a
|
||||
href={tenant?.endpoints.console}
|
||||
href={tenant?.endpoints?.console}
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
>
|
||||
{tenant?.endpoints.console}
|
||||
{tenant?.endpoints?.console}
|
||||
</a>
|
||||
</i>
|
||||
<div />
|
||||
@@ -333,7 +333,7 @@ const TenantSummary = ({
|
||||
{tenant && tenant.status && (
|
||||
<span
|
||||
className={healthStatusToClass(
|
||||
tenant.status.health_status
|
||||
tenant?.status?.health_status
|
||||
)}
|
||||
>
|
||||
<CircleIcon />
|
||||
|
||||
@@ -89,7 +89,6 @@ const initialState: ITenantState = {
|
||||
idpSelection: "Built-in",
|
||||
accessKeys: [getRandomString(16)],
|
||||
secretKeys: [getRandomString(32)],
|
||||
openIDURL: "",
|
||||
openIDConfigurationURL: "",
|
||||
openIDClientID: "",
|
||||
openIDSecretID: "",
|
||||
@@ -559,7 +558,6 @@ export function tenantsReducer(
|
||||
idpSelection: "Built-in",
|
||||
accessKeys: [getRandomString(16)],
|
||||
secretKeys: [getRandomString(32)],
|
||||
openIDURL: "",
|
||||
openIDConfigurationURL: "",
|
||||
openIDClientID: "",
|
||||
openIDSecretID: "",
|
||||
|
||||
@@ -151,7 +151,6 @@ export interface IIdentityProviderFields {
|
||||
idpSelection: string;
|
||||
accessKeys: string[];
|
||||
secretKeys: string[];
|
||||
openIDURL: string;
|
||||
openIDConfigurationURL: string;
|
||||
openIDClientID: string;
|
||||
openIDSecretID: string;
|
||||
|
||||
@@ -178,15 +178,13 @@ func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, *models.E
|
||||
|
||||
// getLoginDetailsResponse returns information regarding the Console authentication mechanism.
|
||||
func getLoginDetailsResponse() (*models.LoginDetails, *models.Error) {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
|
||||
defer cancel()
|
||||
loginStrategy := models.LoginDetailsLoginStrategyForm
|
||||
redirectURL := ""
|
||||
|
||||
if oauth2.IsIDPEnabled() {
|
||||
loginStrategy = models.LoginDetailsLoginStrategyRedirect
|
||||
// initialize new oauth2 client
|
||||
oauth2Client, err := oauth2.NewOauth2ProviderClient(ctx, nil, GetConsoleHTTPClient())
|
||||
oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, GetConsoleHTTPClient())
|
||||
if err != nil {
|
||||
return nil, prepareError(err)
|
||||
}
|
||||
@@ -217,7 +215,7 @@ func getLoginOauth2AuthResponse(lr *models.LoginOauth2AuthRequest) (*models.Logi
|
||||
defer cancel()
|
||||
if oauth2.IsIDPEnabled() {
|
||||
// initialize new oauth2 client
|
||||
oauth2Client, err := oauth2.NewOauth2ProviderClient(ctx, nil, GetConsoleHTTPClient())
|
||||
oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, GetConsoleHTTPClient())
|
||||
if err != nil {
|
||||
return nil, prepareError(err)
|
||||
}
|
||||
|
||||
@@ -1358,13 +1358,10 @@ definitions:
|
||||
type: object
|
||||
required:
|
||||
- configuration_url
|
||||
- url
|
||||
- client_id
|
||||
- secret_id
|
||||
- claim_name
|
||||
properties:
|
||||
url:
|
||||
type: string
|
||||
configuration_url:
|
||||
type: string
|
||||
client_id:
|
||||
|
||||
Reference in New Issue
Block a user