From 4cf89584d2abdec2ccf3a797e5240e70f50b0bbc Mon Sep 17 00:00:00 2001 From: zdp886 Date: Wed, 2 Oct 2024 07:42:19 -0500 Subject: [PATCH] testing pkce shanges on stable branch --- ui/src/app/app.tsx | 9 ++++++++- ui/src/app/login/components/pkce-verify.tsx | 3 ++- ui/src/app/login/components/utils.ts | 20 +++++++++++++++++--- 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/ui/src/app/app.tsx b/ui/src/app/app.tsx index fb52e54e03ddc..d4ece54c81cd4 100644 --- a/ui/src/app/app.tsx +++ b/ui/src/app/app.tsx @@ -19,6 +19,7 @@ import {Banner} from './ui-banner/ui-banner'; import userInfo from './user-info'; import {AuthSettings} from './shared/models'; import {PKCEVerification} from './login/components/pkce-verify'; +import {getPKCERedirectURI, pkceLogin} from './login/components/utils'; services.viewPreferences.init(); const bases = document.getElementsByTagName('base'); @@ -100,7 +101,13 @@ requests.onError.subscribe(async err => { // If basehref is the default `/` it will become an empty string. const basehref = document.querySelector('head > base').getAttribute('href').replace(/\/$/, ''); if (isSSO) { - window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`; + const authSettings = await services.authService.settings(); + + if (authSettings?.oidcConfig?.enablePKCEAuthentication) { + pkceLogin(authSettings.oidcConfig, getPKCERedirectURI().toString()); + } else { + window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`; + } } else { history.push(`/login?return_url=${encodeURIComponent(location.href)}`); } diff --git a/ui/src/app/login/components/pkce-verify.tsx b/ui/src/app/login/components/pkce-verify.tsx index f8207e8a5d81f..1dfa9430ef5d6 100644 --- a/ui/src/app/login/components/pkce-verify.tsx +++ b/ui/src/app/login/components/pkce-verify.tsx @@ -2,6 +2,7 @@ import React, {useEffect, useState} from 'react'; import {RouteComponentProps} from 'react-router'; import {services} from '../../shared/services'; import {PKCECodeVerifier, PKCELoginError, getPKCERedirectURI, pkceCallback} from './utils'; +import requests from '../../shared/services/requests'; import './pkce-verify.scss'; @@ -31,7 +32,7 @@ export const PKCEVerification = (props: RouteComponentProps) => {

Error occurred:

{error?.message || JSON.stringify(error)}

- Try to Login again + Try to Login again
); diff --git a/ui/src/app/login/components/utils.ts b/ui/src/app/login/components/utils.ts index 6c715077cc9cc..09206f87dd67c 100644 --- a/ui/src/app/login/components/utils.ts +++ b/ui/src/app/login/components/utils.ts @@ -13,6 +13,7 @@ import { validateAuthResponse } from 'oauth4webapi'; import {AuthSettings} from '../../shared/models'; +import requests from '../../shared/services/requests'; export const discoverAuthServer = (issuerURL: URL): Promise => discoveryRequest(issuerURL).then(res => processDiscoveryResponse(issuerURL, res)); @@ -25,7 +26,7 @@ export const PKCECodeVerifier = { export const getPKCERedirectURI = () => { const currentOrigin = new URL(window.location.origin); - currentOrigin.pathname = '/pkce/verify'; + currentOrigin.pathname = requests.toAbsURL('/pkce/verify'); return currentOrigin; }; @@ -70,6 +71,8 @@ const validateAndGetOIDCForPKCE = async (oidcConfig: AuthSettings['oidcConfig']) export const pkceLogin = async (oidcConfig: AuthSettings['oidcConfig'], redirectURI: string) => { const {authorizationServer} = await validateAndGetOIDCForPKCE(oidcConfig); + sessionStorage.setItem('return_uri', location.pathname + location.search) + if (!authorizationServer.authorization_endpoint) { throw new PKCELoginError('No Authorization Server endpoint found'); } @@ -145,7 +148,18 @@ export const pkceCallback = async (queryParams: string, oidcConfig: AuthSettings throw new PKCELoginError('No token in response'); } - document.cookie = `argocd.token=${result.id_token}; path=/`; + // This regex removes any leading or trailing '/' characters and the result is appended to a '/'. + // This is because when base href if not just '/' toAbsURL() will append a trailing '/'. + // Just removing a trailing '/' from the string would break when base href is not specified, defaulted to '/'. + // This pattern is used to handle both cases. + document.cookie = `argocd.token=${result.id_token}; path=/${requests.toAbsURL('').replace(/^\/|\/$/g, '')}`; + + const returnURI = sessionStorage.getItem('return_uri'); - window.location.replace('/applications'); + if (returnURI) { + sessionStorage.removeItem('return_uri'); + window.location.replace(returnURI); + } else { + window.location.replace(requests.toAbsURL('/applications')); + } };