This repository has been archived by the owner on Jan 20, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 25
Support single-host mode of Che server. #11
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FYI Travis CI build failed.
|
* A custom URI prefix for the auth redirect can be configured. This is so that we can construct valid externally reachable URLs even behind a path-rewriting ingress * Change the order in which the auth token is located. First we try to find it in the query params, then in the Authorization header as a bearer token and only then in the cookie. This enables us to "refresh" the token from the client side easily. * On any error to validate the token (apart from the inability to parse the token in the first place) we know send the auth redirect instead of an error. This should help the client side refresh the token on timeouts, etc. * Do not set the cookie in the response if cookies are not enabled in the config. * Respond with 403 - Forbidden if cookies are not enabled. In this case the client needs to directly authenticate with the backend server.
Fixed. Silly me :) |
skabashnyuk
approved these changes
Aug 28, 2019
Please don't merge this yet until we resolve the naming of the new config properties in eclipse-che/che#14335 (review) |
what the value actually is.
sleshchenko
reviewed
Sep 2, 2019
sleshchenko
reviewed
Sep 2, 2019
sleshchenko
approved these changes
Sep 2, 2019
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Please take a look inline comments
8 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Support single-host mode of Che server.
that we can construct valid externally reachable URLs even behind a
path-rewriting ingress
find it in the query params, then in the Authorization header as a bearer
token and only then in the cookie. This enables us to "refresh" the token
from the client side easily.
token in the first place) we know send the auth redirect instead of an
error. This should help the client side refresh the token on timeouts, etc.
config.
the client needs to directly authenticate with the backend server.
What issues does this PR fix or reference?
eclipse-che/che#14189