summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichal Papuga <mpapuga@prescientco.com>2019-11-23 23:21:21 +0100
committerdcorbacho <dparracorbacho@piotal.io>2020-11-17 14:35:07 +0000
commit24a90889a5d1b7f4cf2ccf93314071ca7a5c8d6f (patch)
tree45c0800f012949f32c191d9f9f5420dcd4f75861
parent620e013a58cc6e8df98c6039d968054a97d1a3e6 (diff)
downloadrabbitmq-server-git-24a90889a5d1b7f4cf2ccf93314071ca7a5c8d6f.tar.gz
Cleanup code - revert UAA naming convention. Check values different parameter sets for UAA and IdentityServer.
Diffstat
-rw-r--r--deps/rabbitmq_management/priv/www/index.html19
-rw-r--r--deps/rabbitmq_management/priv/www/js/global.js10
-rw-r--r--deps/rabbitmq_management/priv/www/js/main.js69
-rw-r--r--deps/rabbitmq_management/priv/www/js/tmpl/layout.ejs2
-rw-r--r--deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl59
-rw-r--r--deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management.schema6
6 files changed, 84 insertions, 81 deletions
diff --git a/deps/rabbitmq_management/priv/www/index.html b/deps/rabbitmq_management/priv/www/index.html
index 29ea88fc1c..abc7d54f13 100644
--- a/deps/rabbitmq_management/priv/www/index.html
+++ b/deps/rabbitmq_management/priv/www/index.html
@@ -25,21 +25,20 @@
var oauth2_user_logged_in = false;
var uaa_invalid = false;
var auth = JSON.parse(sync_get('/auth'));
- enable_oauth2 = auth.enable_oauth2;
+ enable_uaa = auth.enable_uaa;
oauth2_implementation = auth.oauth2_implementation;
- oauth2_client_id = auth.oauth2_client_id;
- oauth2_location = auth.oauth2_location;
+ uaa_client_id = auth.uaa_client_id;
+ uaa_location = auth.uaa_location;
oauth2_scopes = auth.oauth2_scopes;
-
oauth2_implementation = oauth2_implementation.toLowerCase()
- if (enable_oauth2) {
+ if (enable_uaa) {
switch (oauth2_implementation) {
- case oauth2_Uaa:
+ case uaa_oauth2_implementation:
Singular.init({
singularLocation: './js/singular/',
- uaaLocation: oauth2_location,
- clientId: oauth2_client_id,
+ uaaLocation: uaa_location,
+ clientId: uaa_client_id,
onIdentityChange: function (identity) {
oauth2_user_logged_in = true;
start_app_login();
@@ -61,10 +60,10 @@
}
});
break;
- case oauth2_IdentityServer:
+ case identityServer_oauth2_implementation:
break;
default:
- enable_oauth2 = false;
+ enable_uaa = false;
}
}
</script>
diff --git a/deps/rabbitmq_management/priv/www/js/global.js b/deps/rabbitmq_management/priv/www/js/global.js
index 1abf2c4426..8dc4c24eb8 100644
--- a/deps/rabbitmq_management/priv/www/js/global.js
+++ b/deps/rabbitmq_management/priv/www/js/global.js
@@ -793,14 +793,14 @@ var chart_data = {};
// because things were deleted between refreshes
var last_page_out_of_range_error = 0;
-var enable_oauth2;
+var enable_uaa;
var oauth2_implementation;
-var oauth2_client_id;
-var oauth2_location;
+var uaa_client_id;
+var uaa_location;
var oauth2_scopes;
-var oauth2_Uaa = 'uaa';
-var oauth2_IdentityServer = 'identityserver';
+var uaa_oauth2_implementation = 'uaa';
+var identityServer_oauth2_implementation = 'identityserver';
var oidcClientSettings;
var oidcClientEventInitialized = false;
diff --git a/deps/rabbitmq_management/priv/www/js/main.js b/deps/rabbitmq_management/priv/www/js/main.js
index 670386e360..f6dd89275f 100644
--- a/deps/rabbitmq_management/priv/www/js/main.js
+++ b/deps/rabbitmq_management/priv/www/js/main.js
@@ -1,25 +1,24 @@
$(document).ready(function() {
- if (enable_oauth2) {
+ if (enable_uaa) {
switch (oauth2_implementation) {
- case oauth2_Uaa:
- get(oauth2_location + "/info", "application/json", function(req) {
+ case uaa_oauth2_implementation:
+ get(uaa_location + "/info", "application/json", function(req) {
if (req.status !== 200) {
replace_content('outer', format('login_uaa', {}));
- replace_content('login-status', '<p class="warning">' + oauth2_location + " does not appear to be a running UAA instance or may not have a trusted SSL certificate" +
+ replace_content('login-status', '<p class="warning">' + uaa_location + " does not appear to be a running UAA instance or may not have a trusted SSL certificate" +
'</p> <button id="loginWindow" style="text-align: center; margin: 0 auto;" onclick="oauth2_login()">Single Log On</button>');
} else {
replace_content('outer', format('login_uaa', {}));
}
});
break;
- case oauth2_IdentityServer:
-
+ case identityServer_oauth2_implementation:
siteURI = new URL(window.location.href);
hostOrigin = siteURI.origin;
oidcClientSettings = {
- authority: oauth2_location,
- client_id: oauth2_client_id,
+ authority: uaa_location,
+ client_id: uaa_client_id,
redirect_uri: hostOrigin + "/callback.html",
response_type: "id_token token",
scope: oauth2_scopes,
@@ -36,7 +35,6 @@ $(document).ready(function() {
oidcClientEventInitialized = true;
oidcClient.events.addAccessTokenExpiring(function (e) {
- console.log("Access token expiring...");
oidcClient.signinSilentCallback();
});
oidcClient.events.addAccessTokenExpired(function (e) {
@@ -52,7 +50,7 @@ $(document).ready(function() {
});
oidcClient.events.addUserLoaded(function (user) {
console.log("check this: user loaded");
- set_auth_pref(oauth2_client_id + ':' + user.access_token);
+ set_auth_pref(uaa_client_id + ':' + user.access_token);
store_pref('jwt_token', user.access_token);
});
oidcClient.events.addUserUnloaded(function (e) {
@@ -65,14 +63,14 @@ $(document).ready(function() {
console.log("User unloaded. Token cleared.");
});
oidcClient.events.addSilentRenewError(function (e) {
- console.log("silent renew error", e.message);
+ console.log("Silent renew error", e.message);
});
}
- get(oauth2_location + "/.well-known/openid-configuration", "application/json", function(req) {
+ get(uaa_location + "/.well-known/openid-configuration", "application/json", function(req) {
if (req.status !== 200) {
replace_content('outer', format('login_uaa', {}));
- replace_content('login-status', '<p class="warning">' + oauth2_location + " does not appear to be a running IdentityServer instance!" + '</p>');
+ replace_content('login-status', '<p class="warning">' + uaa_location + " does not appear to be a running IdentityServer instance!" + '</p>');
} else {
oidcClient.getUser().then(function(user) {
if (user) {
@@ -81,12 +79,10 @@ $(document).ready(function() {
}
}
if(user){
- //console.log("main.js - ready - User logged in.", user.profile);
oauth2_login();
} else {
- console.log("User not logged in!");
replace_content('outer', format('login_uaa', {}));
- replace_content('login-status', '<p class="success">' + oauth2_location + " appear to be a running IdentityServer instance." +
+ replace_content('login-status', '<p class="success">' + uaa_location + " appear to be a running IdentityServer instance." +
'</p> <button id="loginWindow" style="text-align: center; margin: 0 auto;" onclick="oauth2_login()">Log in</button>');
};
});
@@ -177,10 +173,10 @@ function start_app_login() {
this.get('#/login/:username/:password', login_route);
this.get(/\#\/login\/(.*)/, login_route_with_path);
});
- if (enable_oauth2) {
+ if (enable_uaa) {
var token = getAccessToken();
if (token != null) {
- set_auth_pref(oauth2_client_id + ':' + token);
+ set_auth_pref(uaa_client_id + ':' + token);
store_pref('jwt_token', token);
check_login();
} else if(has_auth_cookie_value()) {
@@ -201,7 +197,7 @@ function oauth2_logout() {
function oauth2_login() {
switch (oauth2_implementation) {
- case oauth2_Uaa:
+ case uaa_oauth2_implementation:
var redirect;
if (window.location.hash != "") {
redirect = window.location.href.split(window.location.hash)[0];
@@ -216,31 +212,27 @@ function oauth2_login() {
};
window.open(loginRedirectUrl, "LOGIN_WINDOW");
break;
- case oauth2_IdentityServer:
+ case identityServer_oauth2_implementation:
oidcClient.getUser().then(function(user) {
if (user) {
if (oauth2_logout_invoked){
oidcClient.removeUser().then(function() {
- console.log("oauth2_login - User removed (remove cookies)");
oauth2_logout_invoked = false;
}).then().catch(function(err) {
console.log(err);
});
- } else {
- //console.log("oauth2_login - User logged in", user.profile);
+ } else {
oauth2_user_logged_in = true;
var token = user.access_token;
if (token != null) {
- set_auth_pref(oauth2_client_id + ':' + token);
+ set_auth_pref(uaa_client_id + ':' + token);
store_pref('jwt_token', token);
check_login();
};
}
}
else {
- console.log("oauth2_login - User not logged in");
oidcClient.signinRedirect({state:'some data'}).then(function() {
- console.log("oauth2_login - signinRedirect done");
}).catch(function(err) {
console.log(err);
});
@@ -250,7 +242,7 @@ function oauth2_login() {
});
break;
default:
- enable_oauth2 = false;
+ enable_uaa = false;
}
}
@@ -262,29 +254,22 @@ function check_login() {
clear_pref('jwt_token');
clear_cookie_value('auth');
- if (enable_oauth2) {
+ if (enable_uaa) {
oauth2_logout_invoked = true;
switch (oauth2_implementation) {
- case oauth2_Uaa:
+ case uaa_oauth2_implementation:
replace_content('login-status', '<button id="loginWindow" onclick="oauth2_login()">Log out</button>');
break;
- case oauth2_IdentityServer:
- // todo: OpenId client logoout!
+ case identityServer_oauth2_implementation:
+ // todo: OpenId client logout!
replace_content('login-status', '<p>Login failed</p>');
break;
default:
- enable_oauth2 = false;
+ enable_uaa = false;
}
} else {
replace_content('login-status', '<p>Login failed</p>');
}
-
- // if (enable_uaa) {
- // oauth2_logout_invoked = true;
- // replace_content('login-status', '<button id="loginWindow" onclick="oauth2_login()">Log out</button>');
- // } else {
- // replace_content('login-status', '<p>Login failed</p>');
- // }
}
else {
hide_popup_warn();
@@ -770,7 +755,7 @@ function submit_import(form) {
vhost_part = '/' + esc(vhost_name);
}
- if (enable_oauth2) {
+ if (enable_uaa) {
var form_action = "/definitions" + vhost_part + '?token=' + get_pref('jwt_token');
} else {
var form_action = "/definitions" + vhost_part + '?auth=' + get_cookie_value('auth');
@@ -814,7 +799,7 @@ function postprocess() {
$('#download-definitions').on('click', function() {
var idx = $("select[name='vhost-download'] option:selected").index();
var vhost = ((idx <=0 ) ? "" : "/" + esc($("select[name='vhost-download'] option:selected").val()));
- if (enable_oauth2) {
+ if (enable_uaa) {
var path = 'api/definitions' + vhost + '?download=' +
esc($('#download-filename').val()) +
'&token=' + get_pref('jwt_token');
@@ -1334,7 +1319,7 @@ function has_auth_cookie_value() {
}
function auth_header() {
- if(has_auth_cookie_value() && enable_oauth2) {
+ if(has_auth_cookie_value() && enable_uaa) {
return "Bearer " + decodeURIComponent(get_pref('jwt_token'));
} else {
if(has_auth_cookie_value()) {
diff --git a/deps/rabbitmq_management/priv/www/js/tmpl/layout.ejs b/deps/rabbitmq_management/priv/www/js/tmpl/layout.ejs
index 45d7e0f596..4421ebca6e 100644
--- a/deps/rabbitmq_management/priv/www/js/tmpl/layout.ejs
+++ b/deps/rabbitmq_management/priv/www/js/tmpl/layout.ejs
@@ -23,7 +23,7 @@
</select>
</li>
<li id="logout">
- <% if (enable_oauth2) { %>
+ <% if (enable_uaa) { %>
<input type="submit" id="loginWindow" onclick="oauth2_logout()" value="Log out"/>
<% } else { %>
<form action="#/logout" method="put">
diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl
index 89beaf8e65..6e3d599dd5 100644
--- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl
+++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl
@@ -25,27 +25,43 @@ content_types_provided(ReqData, Context) ->
{rabbit_mgmt_util:responder_map(to_json), ReqData, Context}.
to_json(ReqData, Context) ->
- EnableOAuth2 = application:get_env(rabbitmq_management, enable_oauth2, false),
+ EnableUAA = application:get_env(rabbitmq_management, enable_uaa, false),
OAuth2Implementation = application:get_env(rabbitmq_management, oauth2_implementation, uaa),
- Data = case EnableOAuth2 of
- true ->
- OAuth2ClientId = application:get_env(rabbitmq_management, oauth2_client_id, ""),
- OAuth2Location = application:get_env(rabbitmq_management, oauth2_location, ""),
- OAuth2Scopes = application:get_env(rabbitmq_management, oauth2_scopes, ""),
- case is_invalid([OAuth2ClientId, OAuth2Location, OAuth2Scopes]) of
- true ->
- rabbit_log:warning("Disabling OAuth 2 authorization, relevant configuration settings are missing", []),
- [{enable_oauth2, false}, {oauth2_client_id, <<>>}, {oauth2_location, <<>>}];
- false ->
- [{enable_oauth2, true},
- {oauth2_client_id, rabbit_data_coercion:to_binary(OAuth2ClientId)},
- {oauth2_location, rabbit_data_coercion:to_binary(OAuth2Location)},
- {oauth2_scopes, rabbit_data_coercion:to_binary(OAuth2Scopes)},
- {oauth2_implementation, rabbit_data_coercion:to_binary(OAuth2Implementation)}]
- end;
- false ->
- [{enable_oauth2, false}, {oauth2_client_id, <<>>}, {oauth2_location, <<>>}]
- end,
+ Data = case EnableUAA of
+ true ->
+ case OAuth2Implementation of
+ uaa ->
+ UAAClientId = application:get_env(rabbitmq_management, uaa_client_id, ""),
+ UAALocation = application:get_env(rabbitmq_management, uaa_location, ""),
+ case is_invalid([UAAClientId, UAALocation]) of
+ true ->
+ log_invalid_configuration(),
+ [{enable_uaa, false}, {uaa_client_id, <<>>}, {uaa_location, <<>>}];
+ false ->
+ [{enable_uaa, true},
+ {uaa_client_id, rabbit_data_coercion:to_binary(UAAClientId)},
+ {uaa_location, rabbit_data_coercion:to_binary(UAALocation)},
+ {oauth2_implementation, rabbit_data_coercion:to_binary(OAuth2Implementation)}]
+ end;
+ identityserver ->
+ UAAClientId = application:get_env(rabbitmq_management, uaa_client_id, ""),
+ UAALocation = application:get_env(rabbitmq_management, uaa_location, ""),
+ OAuth2Scopes = application:get_env(rabbitmq_management, oauth2_scopes, ""),
+ case is_invalid([UAAClientId, UAALocation, OAuth2Scopes]) of
+ true ->
+ log_invalid_configuration(),
+ [{enable_uaa, false}, {uaa_client_id, <<>>}, {uaa_location, <<>>}, {oauth2_scopes, <<>>}];
+ false ->
+ [{enable_uaa, true},
+ {uaa_client_id, rabbit_data_coercion:to_binary(UAAClientId)},
+ {uaa_location, rabbit_data_coercion:to_binary(UAALocation)},
+ {oauth2_scopes, rabbit_data_coercion:to_binary(OAuth2Scopes)},
+ {oauth2_implementation, rabbit_data_coercion:to_binary(OAuth2Implementation)}]
+ end
+ end;
+ false ->
+ [{enable_uaa, false}, {uaa_client_id, <<>>}, {uaa_location, <<>>}, {oauth2_scopes, <<>>}]
+ end,
rabbit_mgmt_util:reply(Data, ReqData, Context).
is_authorized(ReqData, Context) ->
@@ -53,3 +69,6 @@ is_authorized(ReqData, Context) ->
is_invalid(List) ->
lists:any(fun(V) -> V == "" end, List).
+
+log_invalid_configuration() ->
+ rabbit_log:warning("Disabling OAuth 2 authorization, relevant configuration settings are missing", []).
diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management.schema b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management.schema
index 40839fa78c..e35f12f502 100644
--- a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management.schema
+++ b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management.schema
@@ -377,13 +377,13 @@ end}.
%% ===========================================================================
%% Authorization
-{mapping, "management.enable_oauth2", "rabbitmq_management.enable_oauth2",
+{mapping, "management.enable_uaa", "rabbitmq_management.enable_uaa",
[{datatype, {enum, [true, false]}}]}.
-{mapping, "management.oauth2_client_id", "rabbitmq_management.oauth2_client_id",
+{mapping, "management.uaa_client_id", "rabbitmq_management.uaa_client_id",
[{datatype, string}]}.
-{mapping, "management.oauth2_location", "rabbitmq_management.oauth2_location",
+{mapping, "management.uaa_location", "rabbitmq_management.uaa_location",
[{datatype, string}]}.
{mapping, "management.oauth2_scopes", "rabbitmq_management.oauth2_scopes",
View Lorry Controller Status