From b6739e9d77deb46ddb834fd7c248766e54c8d6ee Mon Sep 17 00:00:00 2001 From: Johannes Zellner Date: Thu, 15 Jun 2023 15:08:09 +0200 Subject: [PATCH] Support local development dashboard login --- dashboard/src/js/client.js | 3 +-- src/oidc.js | 20 ++++++++++++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/dashboard/src/js/client.js b/dashboard/src/js/client.js index 7137c5f80..51c87be79 100644 --- a/dashboard/src/js/client.js +++ b/dashboard/src/js/client.js @@ -2714,8 +2714,7 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout this.setToken(null); // start oidc flow - window.location.href = '/openid/auth?client_id=dashboard&scope=openid email profile&response_type=code token&redirect_uri=' + window.location.origin + '/authcallback.html'; - // window.location.href = '/login.html?returnTo=/' + encodeURIComponent(window.location.hash); + window.location.href = this.apiOrigin + '/openid/auth?client_id=' + (this.apiOrigin ? 'development' : 'dashboard') + '&scope=openid email profile&response_type=code token&redirect_uri=' + window.location.origin + '/authcallback.html'; }; Client.prototype.logout = function () { diff --git a/src/oidc.js b/src/oidc.js index 908bd05f9..fda64a31f 100644 --- a/src/oidc.js +++ b/src/oidc.js @@ -42,6 +42,9 @@ const OIDC_CLIENTS_FIELDS = [ 'id', 'secret', 'name', 'appId', 'loginRedirectUri const ROUTE_PREFIX = '/openid'; const DEFAULT_TOKEN_SIGNATURE_ALGORITHM='RS256'; +const DASHBOARD_CLIENT_ID = 'dashboard'; +const DEV_CLIENT_ID = 'development'; + let gHttpServer = null; // ----------------------------- @@ -75,15 +78,24 @@ async function clientsAdd(id, data) { async function clientsGet(id) { assert.strictEqual(typeof id, 'string'); - if (id === 'dashboard') { + if (id === DASHBOARD_CLIENT_ID) { return { - id: 'dashboard', + id: DASHBOARD_CLIENT_ID, secret: 'notused', application_type: 'web', response_types: ['code', 'code token'], grant_types: ['authorization_code', 'implicit'], loginRedirectUri: settings.dashboardOrigin() + '/authcallback.html' }; + } else if (id === DEV_CLIENT_ID) { + return { + id: DEV_CLIENT_ID, + secret: 'notused', + application_type: 'native', // have to use native here to support plaintext http, this however makes it impossible to skip consent screen + response_types: ['code', 'code token'], + grant_types: ['authorization_code', 'implicit'], + loginRedirectUri: 'http://localhost:4000/authcallback.html' + }; } const result = await database.query(`SELECT ${OIDC_CLIENTS_FIELDS} FROM ${OIDC_CLIENTS_TABLE_NAME} WHERE id = ?`, [ id ]); @@ -224,7 +236,7 @@ class CloudronAdapter { async upsert(id, payload, expiresIn) { if (this.name === 'Client') { debug('upsert: this should not happen as it is stored in our db'); - } else if (this.name === 'AccessToken' && payload.clientId === 'dashboard') { + } else if (this.name === 'AccessToken' && (payload.clientId === DASHBOARD_CLIENT_ID || payload.clientId === DEV_CLIENT_ID)) { const clientId = payload.clientId; const identifier = payload.accountId; const expires = Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS; @@ -762,7 +774,7 @@ async function start() { if (grantId) { return await ctx.oidc.provider.Grant.find(grantId); - } else if (ctx.oidc.client.clientId === 'dashboard') { + } else if (ctx.oidc.client.clientId === DASHBOARD_CLIENT_ID || ctx.oidc.client.clientId === DEV_CLIENT_ID) { const grant = new ctx.oidc.provider.Grant({ clientId: ctx.oidc.client.clientId, accountId: ctx.oidc.session.accountId,