* Fixed share/download object regression
* Adding tests for computeObjectURLWithoutEncode function
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Policy listing in the Audit list tab was not displaying all the policies
with access to the current bucket
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Currently console only support "aws:username" as the
most basic variable for policy evaluation. This PR
extends this to add all the possible combinations
possible.
This includes all `jwt:*` and `ldap:*`
- Make Users & Policies clickeable only if user has permissions to view
in bucket page
- Add SecureComponent to policy detail page: api calls, menu options,
raw policy editor, etc.
- Add missing click action to groups in policy detail page
- Fix NPE in list groups for policy endpoint
- Added SecureComponent to ListPolicies page
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
To enable this feature you need `CONSOLE_IDP_CALLBACK_DYNAMIC=on`
```
export CONSOLE_IDP_URL=https://gitlab.com/.well-known/openid-configuration
export CONSOLE_IDP_CLIENT_ID="b0088c3836bb029393942f71ed7c8ac0add7f0856e6c86e67b0ff98f85c48658"
export CONSOLE_IDP_SECRET="ed72087b37624e89816ac27c1355420902045274edd7baad2ae29b1b0e8436fe"
export CONSOLE_IDP_SCOPES="openid,profile,email"
export CONSOLE_IDP_USERINFO="on"
export CONSOLE_IDP_CALLBACK_DYNAMIC=on
console srv
```
if this becomes a common practice, we should enable this as default in future.
This PR includes many fixes and refactors for oauth2 authentication and
login endpoints, ie:
- Invalid login returns `403` instead of `500` error
- Removed the session token from console/operator `user credentials
login`, `oauth flow login` and `change-password` api responses
- Removed session token from localStorage
- Added styles for oauth_callback page and display more descriptive
errors for debugging
- Success logins returns `204` instead of `200`
- Removed unused swagger apis and code from both, operator and console
projects
- Operator `Oauth2` login flow was not validating anything, now it does
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- `CONSOLE_STS_DURATION_IN_SECONDS` env renamed to `CONSOLE_STS_DURATION` to support more time formats
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Return S3 compatible error when an S3 API request is made to the console port.
Before:
```
λ mc ls local9090
mc: <ERROR> Unable to list folder. XML syntax error on line 1: invalid character entity &display (no semicolon)
```
After:
```
λ mc ls local9090
mc: <ERROR> Unable to list folder. S3 API Request made to Console port. S3 Requests should be sent to MinIO API port.
```
- removing limitation of characters for paths/folders
- fixed object names with international characters inside paths
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- Update operator dependency
- Don't store policy on session token, instead obtain it during session
validation
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- fix: objects with special characters (ie: /,&,%,*) won't open
- fix: create subdolders with special characters won't work, ie: /,&,%,*
- fix: view subfolders with special characters (ie: /,&,%,*) won't work
- refactor: browser breadcrumb
- fix: rewind enable/disable toggle button not working
- fix: undefined style for add bucket button in buckets page
- Added: validation for folder path naming
- refactor: encode prefix parameter using base64 to avoid url encode
issues
- fix: share link for versioned object won't work because of wrong
version_id
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
this PR fixes the behavior to avoid `/tmp` folder as
staging directory for large uploads, instead rely on
the client upload stream itself to upload the object
entirely.
- Update transport to use the same from Console in IDP Auth
- Validate provided idp URL
Co-authored-by: Harshavardhana <harsha@minio.io>
Signed-off-by: Ricardo Katz <rkatz@vmware.com>
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Co-authored-by: Ricardo Katz <rkatz@vmware.com>
Co-authored-by: Harshavardhana <harsha@minio.io>
With support for GitLab OpenID service,
we need to make sure to support userInfo
endpoint for this MinIO server requires that
access_token is additionally sent along with
id_token as before to make sure we can fetch
additional claims from /userinfo endpoint.
This PR brings support on console for this
feature.
Refer https://github.com/minio/minio/pull/12469
This PR fixes two bugs one is
- incorrect termination of the HTTP connections
when the resource URL path is `/`, since `/`
doesn't exist we should never call h.ServeHTTP()
instead should be directly served from public assets.
- add SSLHostFunc() such that if the Hostname is empty
redirection is not empty and this value is handled
properly when redirecting from 9090 to 9443.
Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
