Commit Graph

54 Commits

Author SHA1 Message Date
29552fadc3 Cleanup SyncOnLogin Handling 2023-08-17 14:02:04 +02:00
15231bc683 Cleanup and adapt to new structure 2023-08-17 12:34:30 +02:00
87ce4f63d4 Refactor auth module
Separate parts
Add user repository
Add user schema
2023-08-17 10:29:00 +02:00
80aed87415 Retry fetching user after CanLogin 2023-08-16 17:21:12 +02:00
65cf86586a Merge branch '105_modify_user_via_api' into 189-refactor-authentication-module 2023-08-16 09:46:41 +02:00
4f6d1fec68 Fix errors in ldap auth 2023-08-16 09:19:41 +02:00
Christoph Kluge
fe6de5bc68 Merge branch '189-refactor-authentication-module' of https://github.com/ClusterCockpit/cc-backend into 189-refactor-authentication-module 2023-08-14 13:52:29 +02:00
Christoph Kluge
e550e57ac0 Fix Java/Grails issued token parsing
- Tested locally until successfull login
- Initialize empty projects array
2023-08-14 13:52:26 +02:00
4a2afc7a5a Add LDAPSyncOnLogin option
Cleanup
Extend docs
Remove obsolete Expiration attribute
2023-08-14 12:40:21 +02:00
19d645f65c Readd URL token and cleanup
Fix session values.
2023-08-12 09:02:41 +02:00
b8273a9b02 refactor auth module
Restructure module
Separate JWT auth variants
Cleanup code
Fixes #189
2023-08-11 10:00:23 +02:00
Jan Eitzinger
c0ab5de2f1
Merge pull request #182 from ClusterCockpit/179_fix_frontend_apiusers
Fix frontend render for users with api role
2023-07-20 07:42:15 +02:00
04e8279ae4 Change log level for JWT Cross login warning to debug 2023-07-19 09:04:27 +02:00
Christoph Kluge
55943cacbf Fix frontend render for users with api role 2023-07-17 12:19:49 +02:00
df9fd77d06 Refactor auth and add docs
Cleanup and reformat
2023-07-05 09:50:44 +02:00
Pay Giesselmann
a9544f5609 lower log level for frequent messages 2023-06-20 15:47:38 +02:00
f0685919fd Streamline auth error handling 2023-06-15 12:00:45 +02:00
e6a5874999 Fix bug if local login provides wrong pw
Fixes #140
2023-06-14 14:35:25 +02:00
Christoph Kluge
14665df439 Better test array 2023-03-06 16:35:14 +01:00
Christoph Kluge
cae7257673 Add tests for role checks, update test.db 2023-03-06 16:32:58 +01:00
Christoph Kluge
f37e7c26f6 Rework roles as enum, change AuthSource to enum 2023-03-06 11:44:38 +01:00
Christoph Kluge
8bd72ce807 Small fixes after full file review
- Remove unnecessary field 'project' from GQl and regenerate
- Add newlines to file ends
- Fix command-line manager user addition
2023-02-23 12:33:14 +01:00
Christoph Kluge
e0e51813ad Merge branch 'master' into 40_45_82_update_roles 2023-02-21 17:17:41 +01:00
8ffb562d6b Introduce db migration support 2023-02-21 10:57:22 +01:00
Christoph Kluge
397ab08b3b Add support for multiple projects per manager
- Handled like roles in admin view
- !! NEW COLUMN CHANGED TO "projects"
2023-02-17 15:45:31 +01:00
033598a656 Remove loglevel notice 2023-02-15 11:50:51 +01:00
Christoph Kluge
a2ebebd7f6 Remove role label array from frontend
- made centralized role array uncentralized again
2023-02-01 14:49:10 +01:00
Christoph Kluge
a885e69125 Adapt loglevel for logs, shorten strings, fix formats, streamline
- Switched to Warn for most errors, reduces bloat, improves log control
2023-02-01 11:58:27 +01:00
Christoph Kluge
b77bd078e5 Add log messages to error events w/o log message, primaryly error level
- "log spam" to be controlled via loglevel flag on startup
2023-01-31 18:28:44 +01:00
Christoph Kluge
7fb94c33cf Add API call for frontend to fetch list of valid roles from backend
- only relevant for admin config (addUser, editRole)
- admin only (double-checked)
2023-01-30 17:01:11 +01:00
Christoph Kluge
b2aed2f16b Add 'project' to user table, add 'manager' role, conditional web render
- Addresses issues #40 #45 #82
- Reworked Navigation Header for all roles
- 'Manager' role added, can be assigned a project-id in config by admins
- BREAKING! -> Added 'project' column in SQLite3 table 'user'
- Manager-Assigned project will be added to all graphql filters: Only show Jobs and Users of given project
- 'My Jobs' Tab for all Roles
- Switched from Bool "isAdmin" to integer authLevels
- Removed critical data frontend logging
- Reworked repo.query.SecurityCheck()
2023-01-27 18:36:58 +01:00
Christoph Kluge
834f9d9085 Add role helper functions, add project role barebone, add valid role arr
- HasAnyRoles([]string): Checks if user has *one* of the roles
- HasAllRoles([]string): Cheks if user has *all* of the roles
- HasNotRoles([]string): Checks if user has *none* of the roles
- IsValidRole(string): Checks if given string is known valid role
2023-01-25 16:59:16 +01:00
Christoph Kluge
79a949b55e Rework pkg/log, add 'loglevel' and 'logdate' flags, streamline
- removes some previously added manual location strings: now handled by pkg/log depending on loglevel
- kept manual string locations on fmt print functions
- add 'notice' and 'critical' loglevels
- add 'Panic' and 'Panicf' functions to log panics
- adresses issue #26
2023-01-23 18:48:06 +01:00
Christoph Kluge
24a4244f19 add more information to existing errors logs and panics
- '$ROOT/$FILE' for better localization in the code
- add text where none was given
- fix unnecessary sprintf nesting in influxv2 and prometheus metricrepo logging
2023-01-19 16:59:14 +01:00
Pay Gießelmann
e5573a9b29
Fix remove role support 2022-11-30 11:46:32 +01:00
Michael Schwarz
f817ac5240 Accept externally generated JWTs provided via cookie
If there is an external service like an AuthAPI that can generate JWTs and
  hand them over to ClusterCockpit via cookies, CC can be configured to
  accept them
2022-10-19 13:36:13 +02:00
Jan Eitzinger
918a07735d
Merge branch 'master' into dev-job-archive-module 2022-09-26 15:12:46 +02:00
Jan Eitzinger
adc22f6bc1
Merge branch 'master' into config-component 2022-09-13 09:05:07 +02:00
Jan Eitzinger
d8aaa26c27 Cleanup and small fixes 2022-09-13 07:38:18 +02:00
Jan Eitzinger
8856f26fb0 Reformat and Refactor packages. Rebuild GraphQL. 2022-09-07 12:24:45 +02:00
Jan Eitzinger
b7907d33aa Move data structures to config package 2022-09-06 15:43:57 +02:00
Christoph Kluge
c9954787c1 Add admin function to remove roles, rename addroles to editroles 2022-08-26 15:15:36 +02:00
Michael Schwarz
84bac7e520 Add new role support. This enables designated users to see all jobs. 2022-08-25 12:45:11 +02:00
Jan Eitzinger
26df1e7c14 Add copyright and license header. Update license year 2022-07-29 06:29:21 +02:00
Lou Knauer
d4b1b32ca0 token based login: fix re-logins 2022-07-26 13:50:54 +02:00
Lou Knauer
dc0bf80742 Fix auth.AddUser method 2022-07-26 11:00:41 +02:00
Lou Knauer
dc4c7f0033 bugfix: LDAP is optional 2022-07-25 17:27:42 +02:00
Lou Knauer
e500c1515e Allow login via token in URL 2022-07-25 10:36:20 +02:00
Lou Knauer
a48e94ab3e bugfixes in auth/ 2022-07-25 09:33:36 +02:00
Lou Knauer
2d57e4cfe8 Change to HS256 as login token alg 2022-07-25 09:03:48 +02:00