diff options
| author | Mirah Gary <mgary@vmware.com> | 2022-03-11 11:04:49 +0100 |
|---|---|---|
| committer | Mirah Gary <mgary@vmware.com> | 2022-03-11 11:04:49 +0100 |
| commit | e45f6fd89d359c8383cbb3e0e4430bdcf3f9e540 (patch) | |
| tree | 62f44d8d464fd29442cae0771757ad2b657df80c | |
| parent | 387410c789d26d57c40c2c7cd807cb3b5a5b4201 (diff) | |
| download | rabbitmq-server-git-generic-management-oauth.tar.gz | |
Support generic OAuth2 user flows - WIP.generic-management-oauth
| -rw-r--r-- | deps/rabbitmq_management/priv/www/js/global.js | 5 | ||||
| -rw-r--r-- | deps/rabbitmq_management/priv/www/js/main.js | 42 | ||||
| -rw-r--r-- | deps/rabbitmq_management/priv/www/js/tmpl/layout.ejs | 6 |
3 files changed, 45 insertions, 8 deletions
diff --git a/deps/rabbitmq_management/priv/www/js/global.js b/deps/rabbitmq_management/priv/www/js/global.js index dbdedc2ab7..af6486b672 100644 --- a/deps/rabbitmq_management/priv/www/js/global.js +++ b/deps/rabbitmq_management/priv/www/js/global.js @@ -698,7 +698,7 @@ function setup_global_vars() { disable_stats = overview.disable_stats; enable_queue_totals = overview.enable_queue_totals; COLUMNS = disable_stats?DISABLED_STATS_COLUMNS:ALL_COLUMNS; - + setup_chart_ranges(overview.sample_retention_policies); } @@ -814,3 +814,6 @@ var last_page_out_of_range_error = 0; var enable_uaa; var uaa_client_id; var uaa_location; + +var enable_oauth; +var oauth_location; diff --git a/deps/rabbitmq_management/priv/www/js/main.js b/deps/rabbitmq_management/priv/www/js/main.js index 43791fce02..e3a1b833f7 100644 --- a/deps/rabbitmq_management/priv/www/js/main.js +++ b/deps/rabbitmq_management/priv/www/js/main.js @@ -8,6 +8,15 @@ $(document).ready(function() { replace_content('outer', format('login_uaa', {})); } }); + } else if (enable_oauth) { + get(oauth_location + "/.well-known/oauth-authorization-server", "application/json", function(req) { + if (req.status !== 200) { + replace_content('outer', format('login_oauth', {})); + replace_content('login-status', '<p class="warning">' + oauth_location + "does not appear to be a running OAuth2 IDP or may not have a trusted SSL certificate" + '</p> <button id="loginWindow" onclic="oauth_login_window()">Single Sign On</button>'); + } else { + replace_content('outer', format('login_oauth', {})); + } + }); } else { replace_content('outer', format('login', {})); start_app_login(); @@ -63,7 +72,7 @@ function start_app_login() { check_login(); }); }); - if (enable_uaa) { + if (enable_uaa || enable_oauth) { var token = getAccessToken(); if (token != null) { set_auth_pref(uaa_client_id + ':' + token); @@ -80,7 +89,6 @@ function start_app_login() { } } - function uaa_logout_window() { uaa_invalid = true; uaa_login_window(); @@ -102,6 +110,27 @@ function uaa_login_window() { window.open(loginRedirectUrl, "LOGIN_WINDOW"); } +function oauth_logout_window() { + oauth_invalid = true; + oauth_login_window(); +} + +function oauth_login_window() { + var redirect; + if (window.location.hash != "") { + redirect = window.location.href.split(window.location.hash)[0]; + } else { + redirect = window.location.href + }; + var loginRedirectUrl; + if (oauth_invalid) { + loginRedirectUrl = Singular.properties.oauthLocation + '/logout.do?client_id=' + Singular.properties.clientId + '&redirect=' + redirect; + } else { + loginRedirectUrl = Singular.properties.oauthLocation + '/authorize?response_type=token&client_id=' + Singular.properties.clientId + '&redirect_uri=' + redirect; + }; + window.open(loginRedirectUrl, "LOGIN_WINDOW"); +} + function check_login() { user = JSON.parse(sync_get('/whoami')); if (user == false) { @@ -112,6 +141,9 @@ function check_login() { if (enable_uaa) { uaa_invalid = true; replace_content('login-status', '<button id="loginWindow" onclick="uaa_login_window()">Log out</button>'); + } else if (enable_oauth) { + oauth_invalid = true; + replace_content('login-status', '<button id="loginWindow" onclick="oauth_login_window()">Log out</button>') } else { replace_content('login-status', '<p>Login failed</p>'); } @@ -602,7 +634,7 @@ function submit_import(form) { vhost_part = '/' + esc(vhost_name); } - if (enable_uaa) { + if (enable_uaa || enable_oauth) { var form_action = "/definitions" + vhost_part + '?token=' + get_pref('uaa_token'); } else { var form_action = "/definitions" + vhost_part + '?auth=' + get_cookie_value('auth'); @@ -646,7 +678,7 @@ function postprocess() { $('#download-definitions').on('click', function() { var idx = $("select[name='vhost-download'] option:selected").index(); var vhost = ((idx <=0 ) ? "" : "/" + esc($("select[name='vhost-download'] option:selected").val())); - if (enable_uaa) { + if (enable_uaa || enable_oauth) { var path = 'api/definitions' + vhost + '?download=' + esc($('#download-filename').val()) + '&token=' + get_pref('uaa_token'); @@ -1189,7 +1221,7 @@ function has_auth_cookie_value() { } function auth_header() { - if(has_auth_cookie_value() && enable_uaa) { + if(has_auth_cookie_value() && (enable_uaa || enable_oauth)) { return "Bearer " + decodeURIComponent(get_pref('uaa_token')); } else { if(has_auth_cookie_value()) { diff --git a/deps/rabbitmq_management/priv/www/js/tmpl/layout.ejs b/deps/rabbitmq_management/priv/www/js/tmpl/layout.ejs index e10a71553b..10aee429fa 100644 --- a/deps/rabbitmq_management/priv/www/js/tmpl/layout.ejs +++ b/deps/rabbitmq_management/priv/www/js/tmpl/layout.ejs @@ -8,12 +8,12 @@ <option value="5000">Refresh every 5 seconds</option> <% } else { %> <option value="5000">Refresh every 5 seconds</option> - <% } %> + <% } %> <option value="10000">Refresh every 10 seconds</option> <option value="30000">Refresh every 30 seconds</option> <% if(!disable_stats) { %> <option value="">Do not refresh</option> - <% } %> + <% } %> </select> </li> <li id="vhost"> @@ -25,6 +25,8 @@ <li id="logout"> <% if (enable_uaa) { %> <input type="submit" id="loginWindow" onclick="uaa_logout_window()" value="Log out"/> + <% } else if (enable_oauth) { + <input type="submit" id="loginWindow" onclick="oauth_logout_window()" value="Log out"/> <% } else { %> <form action="#/logout" method="put"> <input type="submit" value="Log out"/> |