* Add new route to marketplace modal
* Add redux logic for showing and displaying marketplace modal
* Redirect to marketplace view if console is in operator and marketplace mode
* Add marketplace component
* Use navigate instead of redirect
.substr() is deprecated so we replace it with functions which work similarily but aren't deprecated
Signed-off-by: Tobias Speicher <rootcommander@gmail.com>
This PR includes many fixes and refactors for oauth2 authentication and
login endpoints, ie:
- Invalid login returns `403` instead of `500` error
- Removed the session token from console/operator `user credentials
login`, `oauth flow login` and `change-password` api responses
- Removed session token from localStorage
- Added styles for oauth_callback page and display more descriptive
errors for debugging
- Success logins returns `204` instead of `200`
- Removed unused swagger apis and code from both, operator and console
projects
- Operator `Oauth2` login flow was not validating anything, now it does
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Operator UI - Provide and store License key
- New License section in Operator UI will allow user to provide the
license key via input form
- New License section in Operator UI will allow the user to fetch the
license key using subnet credentials
- Console backend has to verify provided license is valid -
https://godoc.org/github.com/minio/minio/pkg/licverifier#example-package
- Console backend has to store the license key in k8s secrets
Operator UI - Set license to tenant during provisioning
- Check if license key exists in k8s secret during tenant creation
- If License is present attach the license-key jwt to the new console
tenant via an environment variable
Operator UI - Set license for an existing tenant
- Tenant view will display information about the current status of the
Tenant License
- If Tenant doesn't have a License then Operator-UI will allow to attach
new license by clicking the Add License button
- Console backend will extract the license from the k8s secret and save
the license-key jwt in the tenant console environment variable and
redeploy
- Added support for cookie authentication (authorization header will have priority)
- Removed local storage token management from UI
- cookie hardening (sameSite, httpOnly, secure)
- login endpoint sets cookie via header, logout endpoint expires cookie
- Refactor Routes and ProtectedRoutes components, improvement on the way
application check if user session is valid
Future improvements
- look for all places in backend that returns 401 unauthorized, and destroy session there (not a priority since cookie its invalid anyway)
- Downloading objects in object browser can be simplified since is just a GET request and users will be authenticated via Cookies, no need to craft additional requests
fixes: https://github.com/minio/mcs/issues/184
There was a bug in Safari in related to the browser not setting the session token
correctly in localstorage, this was because we were using
window.location.href for redirect instead of history.push after login, the redirect execution was faster
was faster that the promise function getting the response after the login request
and it seems to be that Safari will kill all current request of a
window when the page is getting redirected.
Test this:
Try to sign-in using Safari browser (latest version is recommended)
Delete in memory session when user logout from mcs
lint fixes
Click logout button triggers logout request
Clicking the actual logout button send the POST /logout request on mcs
UI
Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
