Merge pull request #218 from ClusterCockpit/hotfix

Prepare bugfix release
2025-08-02 17:30:36 +02:00 · 2023-09-15 16:02:19 +02:00 · 2023-09-15 15:59:54 +02:00 · 2023-09-15 12:34:47 +02:00 · 2023-09-15 11:09:01 +02:00 · 2023-09-08 12:17:49 +02:00
5 changed files with 74 additions and 69 deletions
--- a/2
+++ b/2
@@ -2,7 +2,7 @@ TARGET = ./cc-backend
 VAR = ./var
 CFG = config.json .env
 FRONTEND = ./web/frontend
-VERSION = 1.2.1
+VERSION = 1.2.2
 GIT_HASH := $(shell git rev-parse --short HEAD || echo 'development')
 CURRENT_TIME = $(shell date +"%Y-%m-%d:T%H:%M:%S")
 LD_FLAGS = '-s -X main.date=${CURRENT_TIME} -X main.version=${VERSION} -X main.commit=${GIT_HASH}'
--- a/ReleaseNotes.md
+++ b/ReleaseNotes.md
@@ -1,4 +1,4 @@
-# `cc-backend` version 1.2.1
+# `cc-backend` version 1.2.2

 Supports job archive version 1 and database version 6.

@@ -7,7 +7,7 @@ implementation of ClusterCockpit.

 ** Breaking changes **

-* The LDAP configuration option user_filter was changed and now should not include
+* The LDAP configuration option `user_filter` was changed and now should not include
 the uid wildcard. Example:
   - Old: `"user_filter": "(&(objectclass=posixAccount)(uid=*))"`
   - New: `"user_filter": "(&(objectclass=posixAccount))"`
--- a/internal/auth/jwtCookieSession.go
+++ b/internal/auth/jwtCookieSession.go
@@ -6,6 +6,7 @@ package auth

 import (
 	"crypto/ed25519"
+	"database/sql"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -152,31 +153,35 @@ func (ja *JWTCookieSessionAuthenticator) Login(
 	claims := token.Claims.(jwt.MapClaims)
 	sub, _ := claims["sub"].(string)

-	var name string
-	if wrap, ok := claims["name"].(map[string]interface{}); ok {
-		if vals, ok := wrap["values"].([]interface{}); ok {
-			if len(vals) != 0 {
-				name = fmt.Sprintf("%v", vals[0])
-
-				for i := 1; i < len(vals); i++ {
-					name += fmt.Sprintf(" %v", vals[i])
-				}
-			}
-		}
-	}
-
 	var roles []string
+	projects := make([]string, 0)

 	if jc.ValidateUser {
+		var err error
+		user, err = repository.GetUserRepository().GetUser(sub)
+		if err != nil && err != sql.ErrNoRows {
+			log.Errorf("Error while loading user '%v'", sub)
+		}
+
 		// Deny any logins for unknown usernames
 		if user == nil {
 			log.Warn("Could not find user from JWT in internal database.")
 			return nil, errors.New("unknown user")
 		}
-
-		// Take user roles from database instead of trusting the JWT
-		roles = user.Roles
 	} else {
+		var name string
+		if wrap, ok := claims["name"].(map[string]interface{}); ok {
+			if vals, ok := wrap["values"].([]interface{}); ok {
+				if len(vals) != 0 {
+					name = fmt.Sprintf("%v", vals[0])
+
+					for i := 1; i < len(vals); i++ {
+						name += fmt.Sprintf(" %v", vals[i])
+					}
+				}
+			}
+		}
+
 		// Extract roles from JWT (if present)
 		if rawroles, ok := claims["roles"].([]interface{}); ok {
 			for _, rr := range rawroles {
@@ -185,20 +190,6 @@ func (ja *JWTCookieSessionAuthenticator) Login(
 				}
 			}
 		}
-	}
-
-	// (Ask browser to) Delete JWT cookie
-	deletedCookie := &http.Cookie{
-		Name:     jc.CookieName,
-		Value:    "",
-		Path:     "/",
-		MaxAge:   -1,
-		HttpOnly: true,
-	}
-	http.SetCookie(rw, deletedCookie)
-
-	if user == nil {
-		projects := make([]string, 0)
 		user = &schema.User{
 			Username:   sub,
 			Name:       name,
@@ -215,5 +206,15 @@ func (ja *JWTCookieSessionAuthenticator) Login(
 		}
 	}

+	// (Ask browser to) Delete JWT cookie
+	deletedCookie := &http.Cookie{
+		Name:     jc.CookieName,
+		Value:    "",
+		Path:     "/",
+		MaxAge:   -1,
+		HttpOnly: true,
+	}
+	http.SetCookie(rw, deletedCookie)
+
 	return user, nil
 }
--- a/internal/auth/jwtSession.go
+++ b/internal/auth/jwtSession.go
@@ -5,6 +5,7 @@
 package auth

 import (
+	"database/sql"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -78,31 +79,35 @@ func (ja *JWTSessionAuthenticator) Login(
 	claims := token.Claims.(jwt.MapClaims)
 	sub, _ := claims["sub"].(string)

-	var name string
-	if wrap, ok := claims["name"].(map[string]interface{}); ok {
-		if vals, ok := wrap["values"].([]interface{}); ok {
-			if len(vals) != 0 {
-				name = fmt.Sprintf("%v", vals[0])
-
-				for i := 1; i < len(vals); i++ {
-					name += fmt.Sprintf(" %v", vals[i])
-				}
-			}
-		}
-	}
-
 	var roles []string
+	projects := make([]string, 0)

 	if config.Keys.JwtConfig.ValidateUser {
+		var err error
+		user, err = repository.GetUserRepository().GetUser(sub)
+		if err != nil && err != sql.ErrNoRows {
+			log.Errorf("Error while loading user '%v'", sub)
+		}
+
 		// Deny any logins for unknown usernames
 		if user == nil {
 			log.Warn("Could not find user from JWT in internal database.")
 			return nil, errors.New("unknown user")
 		}
-
-		// Take user roles from database instead of trusting the JWT
-		roles = user.Roles
 	} else {
+		var name string
+		if wrap, ok := claims["name"].(map[string]interface{}); ok {
+			if vals, ok := wrap["values"].([]interface{}); ok {
+				if len(vals) != 0 {
+					name = fmt.Sprintf("%v", vals[0])
+
+					for i := 1; i < len(vals); i++ {
+						name += fmt.Sprintf(" %v", vals[i])
+					}
+				}
+			}
+		}
+
 		// Extract roles from JWT (if present)
 		if rawroles, ok := claims["roles"].([]interface{}); ok {
 			for _, rr := range rawroles {
@@ -113,23 +118,17 @@ func (ja *JWTSessionAuthenticator) Login(
 				}
 			}
 		}
-	}

-	projects := make([]string, 0)
-	// Java/Grails Issued Token
-	// if rawprojs, ok := claims["projects"].([]interface{}); ok {
-	// 	for _, pp := range rawprojs {
-	// 		if p, ok := pp.(string); ok {
-	// 			projects = append(projects, p)
-	// 		}
-	// 	}
-	// } else if rawprojs, ok := claims["projects"]; ok {
-	// 	for _, p := range rawprojs.([]string) {
-	// 		projects = append(projects, p)
-	// 	}
-	// }
+		if rawprojs, ok := claims["projects"].([]interface{}); ok {
+			for _, pp := range rawprojs {
+				if p, ok := pp.(string); ok {
+					projects = append(projects, p)
+				}
+			}
+		} else if rawprojs, ok := claims["projects"]; ok {
+			projects = append(projects, rawprojs.([]string)...)
+		}

-	if user == nil {
 		user = &schema.User{
 			Username:   sub,
 			Name:       name,
--- a/web/frontend/src/plots/Roofline.svelte
+++ b/web/frontend/src/plots/Roofline.svelte
@@ -15,6 +15,8 @@
    let uplot = null
    let timeoutId = null

+    const lineWidth = clusterCockpitConfig.plot_general_lineWidth
+
    /* Data Format
     * data       = [null, [], []] // 0: null-axis required for scatter, 1: Array of XY-Array for Scatter, 2: Optional Time Info
     * data[1][0] = [100, 200, 500, ...] // X Axis -> Intensity (Vals up to clusters' flopRateScalar value)
@@ -160,7 +162,7 @@
                                const padding = u._padding // [top, right, bottom, left]

                                u.ctx.strokeStyle = 'black'
-                                u.ctx.lineWidth = 2
+                                u.ctx.lineWidth = lineWidth
                                u.ctx.beginPath()

                                const ycut = 0.01 * cluster.memoryBandwidth.value
@@ -171,14 +173,17 @@
                                    flopRateScalarY = u.valToPos(cluster.flopRateScalar.value, 'y', true),
                                    flopRateSimdY = u.valToPos(cluster.flopRateSimd.value, 'y', true)

-                                if (scalarKneeX < width - padding[1]) { // Top horizontal roofline
+                                // Debug get zoomLevel from browser
+                                // console.log("Zoom", Math.round(window.devicePixelRatio * 100))
+
+                                if (scalarKneeX < (width * window.devicePixelRatio) - (padding[1] * window.devicePixelRatio)) { // Top horizontal roofline
                                    u.ctx.moveTo(scalarKneeX, flopRateScalarY)
-                                    u.ctx.lineTo(width - padding[1], flopRateScalarY)
+                                    u.ctx.lineTo((width * window.devicePixelRatio) - (padding[1] * window.devicePixelRatio), flopRateScalarY)
                                }

-                                if (simdKneeX < width - padding[1]) { // Lower horitontal roofline
+                                if (simdKneeX < (width * window.devicePixelRatio) - (padding[1] * window.devicePixelRatio)) { // Lower horitontal roofline
                                    u.ctx.moveTo(simdKneeX, flopRateSimdY)
-                                    u.ctx.lineTo(width - padding[1], flopRateSimdY)
+                                    u.ctx.lineTo((width * window.devicePixelRatio) - (padding[1] * window.devicePixelRatio), flopRateSimdY)
                                }

                                let x1 = u.valToPos(0.01, 'x', true),
Author	SHA1	Message	Date
Jan Eitzinger	280b16c11c	Merge pull request #218 from ClusterCockpit/hotfix Prepare bugfix release	2023-09-15 16:02:19 +02:00
Jan Eitzinger	4b922c575e	Prepare bugfix release	2023-09-15 15:59:54 +02:00
Jan Eitzinger	09528ed6b9	Merge pull request #217 from ClusterCockpit/hotfix fix: adapt roofline render to browser zoomlevel	2023-09-15 12:34:47 +02:00
Christoph Kluge	e61ff01518	fix: adapt roofline render to browser zoomlevel - make roofline linewidth configurable	2023-09-15 11:09:01 +02:00
Jan Eitzinger	a4c68bf7fe	Merge pull request #215 from ClusterCockpit/hotfix Hotfix	2023-09-08 12:17:49 +02:00
Jan Eitzinger	bb1c8cc25d	fix: Move name extract from token in else branch	2023-09-08 12:11:49 +02:00
Jan Eitzinger	4b06fa788d	fix: Fix buggy logic and simplify code if ValidateUser enabled	2023-09-08 11:50:28 +02:00