e92e727279
Extend oidc auth provider
2024-03-13 17:09:36 +01:00
f761900a3e
Add initial code for oidc authentication support
2024-03-13 09:37:12 +01:00
bb1c8cc25d
fix: Move name extract from token in else branch
2023-09-08 12:11:49 +02:00
4b06fa788d
fix: Fix buggy logic and simplify code if ValidateUser enabled
2023-09-08 11:50:28 +02:00
Pay Giesselmann
fd94d30a8e
make ldap username attribute configurable
2023-08-29 09:30:57 +02:00
ebcae32e23
Update docs and cleanup
2023-08-18 15:56:11 +02:00
3028f60807
Reformat and add debug output
2023-08-18 11:59:16 +02:00
Christoph Kluge
734e818b19
Merge branch '189-refactor-authentication-module' of https://github.com/ClusterCockpit/cc-backend into 189-refactor-authentication-module
2023-08-18 11:17:33 +02:00
Christoph Kluge
57bda63506
Cleanup some error strings
2023-08-18 11:17:31 +02:00
da551a0bb4
Repair broken error handlng
2023-08-18 11:00:13 +02:00
32b0c8bdd7
Refactor and cleanup Auth configuration
2023-08-18 10:43:06 +02:00
56d559fdd7
Fix bug with jwt max-age option
2023-08-18 09:19:30 +02:00
cfcf939339
Add config to jwt again
2023-08-18 08:57:56 +02:00
d51be5c308
Formatting and minor fixes
2023-08-18 08:49:25 +02:00
29552fadc3
Cleanup SyncOnLogin Handling
2023-08-17 14:02:04 +02:00
15231bc683
Cleanup and adapt to new structure
2023-08-17 12:34:30 +02:00
87ce4f63d4
Refactor auth module
...
Separate parts
Add user repository
Add user schema
2023-08-17 10:29:00 +02:00
80aed87415
Retry fetching user after CanLogin
2023-08-16 17:21:12 +02:00
65cf86586a
Merge branch '105_modify_user_via_api' into 189-refactor-authentication-module
2023-08-16 09:46:41 +02:00
4f6d1fec68
Fix errors in ldap auth
2023-08-16 09:19:41 +02:00
Christoph Kluge
fe6de5bc68
Merge branch '189-refactor-authentication-module' of https://github.com/ClusterCockpit/cc-backend into 189-refactor-authentication-module
2023-08-14 13:52:29 +02:00
Christoph Kluge
e550e57ac0
Fix Java/Grails issued token parsing
...
- Tested locally until successfull login
- Initialize empty projects array
2023-08-14 13:52:26 +02:00
4a2afc7a5a
Add LDAPSyncOnLogin option
...
Cleanup
Extend docs
Remove obsolete Expiration attribute
2023-08-14 12:40:21 +02:00
19d645f65c
Readd URL token and cleanup
...
Fix session values.
2023-08-12 09:02:41 +02:00
b8273a9b02
refactor auth module
...
Restructure module
Separate JWT auth variants
Cleanup code
Fixes #189
2023-08-11 10:00:23 +02:00
Jan Eitzinger
c0ab5de2f1
Merge pull request #182 from ClusterCockpit/179_fix_frontend_apiusers
...
Fix frontend render for users with api role
2023-07-20 07:42:15 +02:00
04e8279ae4
Change log level for JWT Cross login warning to debug
2023-07-19 09:04:27 +02:00
Christoph Kluge
55943cacbf
Fix frontend render for users with api role
2023-07-17 12:19:49 +02:00
df9fd77d06
Refactor auth and add docs
...
Cleanup and reformat
2023-07-05 09:50:44 +02:00
Pay Giesselmann
a9544f5609
lower log level for frequent messages
2023-06-20 15:47:38 +02:00
f0685919fd
Streamline auth error handling
2023-06-15 12:00:45 +02:00
e6a5874999
Fix bug if local login provides wrong pw
...
Fixes #140
2023-06-14 14:35:25 +02:00
Christoph Kluge
14665df439
Better test array
2023-03-06 16:35:14 +01:00
Christoph Kluge
cae7257673
Add tests for role checks, update test.db
2023-03-06 16:32:58 +01:00
Christoph Kluge
f37e7c26f6
Rework roles as enum, change AuthSource to enum
2023-03-06 11:44:38 +01:00
Christoph Kluge
8bd72ce807
Small fixes after full file review
...
- Remove unnecessary field 'project' from GQl and regenerate
- Add newlines to file ends
- Fix command-line manager user addition
2023-02-23 12:33:14 +01:00
Christoph Kluge
e0e51813ad
Merge branch 'master' into 40_45_82_update_roles
2023-02-21 17:17:41 +01:00
8ffb562d6b
Introduce db migration support
2023-02-21 10:57:22 +01:00
Christoph Kluge
397ab08b3b
Add support for multiple projects per manager
...
- Handled like roles in admin view
- !! NEW COLUMN CHANGED TO "projects"
2023-02-17 15:45:31 +01:00
033598a656
Remove loglevel notice
2023-02-15 11:50:51 +01:00
Christoph Kluge
a2ebebd7f6
Remove role label array from frontend
...
- made centralized role array uncentralized again
2023-02-01 14:49:10 +01:00
Christoph Kluge
a885e69125
Adapt loglevel for logs, shorten strings, fix formats, streamline
...
- Switched to Warn for most errors, reduces bloat, improves log control
2023-02-01 11:58:27 +01:00
Christoph Kluge
b77bd078e5
Add log messages to error events w/o log message, primaryly error level
...
- "log spam" to be controlled via loglevel flag on startup
2023-01-31 18:28:44 +01:00
Christoph Kluge
7fb94c33cf
Add API call for frontend to fetch list of valid roles from backend
...
- only relevant for admin config (addUser, editRole)
- admin only (double-checked)
2023-01-30 17:01:11 +01:00
Christoph Kluge
b2aed2f16b
Add 'project' to user table, add 'manager' role, conditional web render
...
- Addresses issues #40 #45 #82
- Reworked Navigation Header for all roles
- 'Manager' role added, can be assigned a project-id in config by admins
- BREAKING! -> Added 'project' column in SQLite3 table 'user'
- Manager-Assigned project will be added to all graphql filters: Only show Jobs and Users of given project
- 'My Jobs' Tab for all Roles
- Switched from Bool "isAdmin" to integer authLevels
- Removed critical data frontend logging
- Reworked repo.query.SecurityCheck()
2023-01-27 18:36:58 +01:00
Christoph Kluge
834f9d9085
Add role helper functions, add project role barebone, add valid role arr
...
- HasAnyRoles([]string): Checks if user has *one* of the roles
- HasAllRoles([]string): Cheks if user has *all* of the roles
- HasNotRoles([]string): Checks if user has *none* of the roles
- IsValidRole(string): Checks if given string is known valid role
2023-01-25 16:59:16 +01:00
Christoph Kluge
79a949b55e
Rework pkg/log, add 'loglevel' and 'logdate' flags, streamline
...
- removes some previously added manual location strings: now handled by pkg/log depending on loglevel
- kept manual string locations on fmt print functions
- add 'notice' and 'critical' loglevels
- add 'Panic' and 'Panicf' functions to log panics
- adresses issue #26
2023-01-23 18:48:06 +01:00
Christoph Kluge
24a4244f19
add more information to existing errors logs and panics
...
- '$ROOT/$FILE' for better localization in the code
- add text where none was given
- fix unnecessary sprintf nesting in influxv2 and prometheus metricrepo logging
2023-01-19 16:59:14 +01:00
Pay Gießelmann
e5573a9b29
Fix remove role support
2022-11-30 11:46:32 +01:00
Michael Schwarz
f817ac5240
Accept externally generated JWTs provided via cookie
...
If there is an external service like an AuthAPI that can generate JWTs and
hand them over to ClusterCockpit via cookies, CC can be configured to
accept them
2022-10-19 13:36:13 +02:00