Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial work on authentication #844

Merged
merged 37 commits into from
Jan 14, 2025
Merged

Initial work on authentication #844

merged 37 commits into from
Jan 14, 2025

Conversation

VictorDelCampo
Copy link
Member

RISDEV-5805

@VictorDelCampo VictorDelCampo added the do not merge For sharing prototypes or ideas that are not intended for merging label Dec 16, 2024
VictorDelCampo and others added 14 commits December 16, 2024 14:03
@VictorDelCampo
Add explicit ports for webapp
2fac499 
RISDEV-5805
@SebastianRossa
Add mock user for functional tests
11d3d48 
RISDEV-5805
@VictorDelCampo
Merge remote-tracking branch 'refs/remotes/origin/main' into RISDEV-5…
51503a8 
…805_spring_security_oauth2

# Conflicts:
#	backend/gradle/libs.versions.toml
@VictorDelCampo
Second iteration authentication (nginx + fallback backend route)
dae9cf7 
RISDEV-5805
@SebastianRossa
Use testcontainers to spin up keycloak
de4e7e5 
RISDEV-5805
@VictorDelCampo
Handover to malte
6540081 
RISDEV-5805
@malte-laukoetter
Fix local keycloak setup
d430b9c 
We use a service called localhost to be able to address the keycloak
service as "localhost:8443" in the application.yaml of our application.
Using "keycloak:8443" is not possible as spring would then redirect the
user to "keycloak:8443" to login, but that is a host that is not
available on the host system. The spring boot oauth implementation is
very restrictive on the issuer and therefore creates errors if the hosts
used by it and the user to connect to keycloak differ.

See also:
 - spring-projects/spring-security#14633
 - keycloak/keycloak#29783
 - keycloak/keycloak#24252
 - https://medium.com/@kostapchuk/integrating-keycloak-with-spring-boot-in-a-dockerized-environment-813eab1f140c

RISDEV-5805
@malte-laukoetter
Enable keycloak healthcheck
61cef17 
RISDEV-5805
@SebastianRossa
Fix unit tests
5fbb6aa 
RISDEV-5805
@SebastianRossa
Ignore fallback serving index.html for api routes
8e00c5e 
RISDEV-5805
@malte-laukoetter
Split docker-compose into two files
21b91de 
One for the full application and one for just the services. We need
different network configurations for both.

RISDEV-5805
@malte-laukoetter
Respond with 401 for unauthorized api calls
34e2422 
RISDEV-5805
@malte-laukoetter
Redirect to login page if api calls respond with 401
26179c7 
RISDEV-5805
@malte-laukoetter
Extend vite proxy with auth urls
e6d8ad3 
RISDEV-5805
andreasphil and others added 13 commits January 7, 2025 14:30
@andreasphil
test: include auth in E2E tests
63fa80c 
RISDEV-5805
@andreasphil
Merge remote-tracking branch 'origin/main' into RISDEV-5805_spring_se…
8349669 
…curity_oauth2
@andreasphil
test: separate setup for different browsers
f34e0ce 
RISDEV-5805
@malte-laukoetter
Bind path parameter
05d3e97 
To fix sonar warning, removing is not possible as regexes in the
get-mapping need to be assigned to a name

RISDEV-5805
@SebastianRossa
Invalidate session in keycloak on logout and add logout button
36c03d8 
- using RP-Initiated Logout see https://docs.spring.io/spring-security/reference/servlet/oauth2/login/logout.html

RISDEV-5806
@hamo225
Navigate to /logout endpoint NOT make logout api call
eed4c22 
RISDEV-5805
@SebastianRossa
Add integration test that user must be logged in
fae2061 
RISDEV-5806
@SebastianRossa
Get username from endpoint
fe9ec16 
RISDEV-5806
@hamo225
feat: add useGetUserName service and update logout button to link
1c81aeb 
- Added `useGetUserName` service to fetch logged-in user's name
- Replaced the logout button with a `RouterLink`
- Updated the navbar layout to display user details and the logout link

RISDEV-5805
@hamo225
feat(router): add /logout route to handle logout redirection
99725b9 
RISDEV-5805
@hamo225
feat(ui): add fallback for username in case API fails
5df74e8 
RISDEV-5805
@SebastianRossa
Get oidc username from endpoint
543ecea 
RISDEV-6102
@malte-laukoetter
Remove port publishing for keycloak when using localhost-network
f32e904 
RISDEV-0000
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
86.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
94.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@VictorDelCampo VictorDelCampo merged commit caff328 into main Jan 14, 2025
26 checks passed
@VictorDelCampo VictorDelCampo deleted the RISDEV-5805_spring_security_oauth2 branch January 14, 2025 08:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@malte-laukoetter malte-laukoetter malte-laukoetter left review comments

Assignees
No one assigned
Labels
do not merge For sharing prototypes or ideas that are not intended for merging
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@VictorDelCampo @malte-laukoetter @SebastianRossa @andreasphil @hamo225