fix: block user without proper roles #277

GluuFederation · Jul 7, 2022 · 98feedb · 98feedb
1 parent 207fcf4
commit 98feedb
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 11 deletions.
diff --git a/admin-ui/app/routes/Apps/Gluu/GluuNotification.js b/admin-ui/app/routes/Apps/Gluu/GluuNotification.js
@@ -60,7 +60,7 @@ function GluuNotification({ type, message, description, show }) {
       <ToastContainer
         style={{ width: '98%' }}
         position="top-left"
-        autoClose={10000}
+        autoClose={100000}
         closeOnClick
         newestOnTop
         draggable={false}

diff --git a/admin-ui/app/utils/ApiKeyRedirect.js b/admin-ui/app/utils/ApiKeyRedirect.js
@@ -8,6 +8,7 @@ function ApiKeyRedirect({
   isLicenseValid,
   islicenseCheckResultLoaded,
   isLicenseActivationResultLoaded,
+  roleNotFound,
 }) {
   const { t } = useTranslation()
 
@@ -39,16 +40,24 @@ function ApiKeyRedirect({
           </div>
         )}
 
-        {!backendIsUp && (
-          <GluuNotification
-            type="error"
-            message={t('The UI backend service is down')}
-            description={t(
-              'Please contact the side administrator or make sure it is up and running.',
-            )}
-            show={true}
-          />
-        )}
+        <GluuNotification
+          type="error"
+          message={t('The UI backend service is down')}
+          description={t(
+            'Please contact the side administrator or make sure it is up and running.',
+          )}
+          show={!backendIsUp}
+        />
+
+        <GluuNotification
+          type="error"
+          message={t('Unauthorized User')}
+          description={t(
+            'The logged-in user do not have valid role. Logging out of Admin UI',
+          )}
+          show={roleNotFound}
+        />
+
         {isLicenseActivationResultLoaded && !isLicenseValid && (
           <GluuNotification
             type="error"

diff --git a/admin-ui/app/utils/AppAuthProvider.js b/admin-ui/app/utils/AppAuthProvider.js
@@ -17,6 +17,7 @@ export default function AppAuthProvider(props) {
   const dispatch = useDispatch()
   const location = useLocation()
   const [showContent, setShowContent] = useState(false)
+  const [roleNotFound, setRoleNotFound] = useState(false)
 
   const { config, userinfo, userinfo_jwt, token, backendIsUp } = useSelector(
     (state) => state.authReducer,
@@ -91,6 +92,15 @@ export default function AppAuthProvider(props) {
         setShowContent(false)
         return null
       } else {
+        if (userinfo.jansAdminUIRole || userinfo.length === 0) {
+          setShowContent(false)
+          setRoleNotFound(true)
+          alert('The logged-in user do not have valid role. Logging out of Admin UI')
+          const state = uuidv4()
+          const sessionEndpoint = `${config.endSessionEndpoint}?state=${state}&post_logout_redirect_uri=${config.postLogoutRedirectUri}`
+          window.location.href = sessionEndpoint
+          return null
+        }
         if (!token) {
           dispatch(getAPIAccessToken(userinfo_jwt))
         }