yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-12-26 17:37:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(oidc): fix oidc authentication loop (#6848)

Browse Source 
* fix(oidc): fix oidc authentication loop
This commit is contained in:
david-leifker 2022-12-22 16:12:51 -06:00 committed by GitHub
parent 1d0c7852a7
commit bacc2f957b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 32 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
datahub-frontend/app/auth/AuthUtils.java
View File

@ -6,6 +6,8 @@ import play.mvc.Http;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.HashMap;
import java.util.Map;
@Slf4j
public class AuthUtils {
@ -77,8 +79,8 @@ public class AuthUtils {
*/
public static boolean hasValidSessionCookie(final Http.Request req) {
return req.session().data().containsKey(ACTOR)
&& req.cookie(ACTOR) != null
&& req.session().data().get(ACTOR).equals(req.cookie(ACTOR).value());
&& req.getCookie(ACTOR).isPresent()
&& req.session().data().get(ACTOR).equals(req.getCookie(ACTOR).get().value());
}
/**
@ -101,6 +103,13 @@ public class AuthUtils {
.build();
}
public static Map<String, String> createSessionMap(final String userUrnStr, final String accessToken) {
final Map<String, String> sessionAttributes = new HashMap<>();
sessionAttributes.put(ACTOR, userUrnStr);
sessionAttributes.put(ACCESS_TOKEN, accessToken);
return sessionAttributes;
}
private AuthUtils() { }
}

12
datahub-frontend/app/auth/sso/oidc/OidcCallbackLogic.java
View File

@ -57,10 +57,10 @@ import org.pac4j.play.PlayWebContext;
import play.mvc.Result;
import auth.sso.SsoManager;
import static auth.AuthUtils.ACCESS_TOKEN;
import static auth.AuthUtils.ACTOR;
import static auth.AuthUtils.createActorCookie;
import static com.linkedin.metadata.Constants.*;
import static auth.AuthUtils.createSessionMap;
import static com.linkedin.metadata.Constants.CORP_USER_ENTITY_NAME;
import static com.linkedin.metadata.Constants.GROUP_MEMBERSHIP_ASPECT_NAME;
import static play.mvc.Results.internalServerError;
@ -152,9 +152,9 @@ public class OidcCallbackLogic extends DefaultCallbackLogic<Result, PlayWebConte
// Successfully logged in - Generate GMS login token
final String accessToken = _authClient.generateSessionTokenForUser(corpUserUrn.getId());
context.getNativeSession().adding(ACCESS_TOKEN, accessToken);
context.getNativeSession().adding(ACTOR, corpUserUrn.toString());
return result.withCookies(createActorCookie(corpUserUrn.toString(), oidcConfigs.getSessionTtlInHours()));
return result
.withSession(createSessionMap(corpUserUrn.toString(), accessToken))
.withCookies(createActorCookie(corpUserUrn.toString(), oidcConfigs.getSessionTtlInHours()));
}
return internalServerError(
"Failed to authenticate current user. Cannot find valid identity provider profile in session.");

12
datahub-frontend/app/controllers/AuthenticationController.java
View File

@ -12,8 +12,6 @@ import com.linkedin.common.urn.Urn;
import com.typesafe.config.Config;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.inject.Inject;
@ -32,8 +30,6 @@ import play.mvc.Result;
import play.mvc.Results;
import security.AuthenticationManager;
import static auth.AuthUtils.ACCESS_TOKEN;
import static auth.AuthUtils.ACTOR;
import static auth.AuthUtils.DEFAULT_ACTOR_URN;
import static auth.AuthUtils.DEFAULT_SESSION_TTL_HOURS;
import static auth.AuthUtils.EMAIL;
@ -46,6 +42,7 @@ import static auth.AuthUtils.SESSION_TTL_CONFIG_PATH;
import static auth.AuthUtils.TITLE;
import static auth.AuthUtils.USER_NAME;
import static auth.AuthUtils.createActorCookie;
import static auth.AuthUtils.createSessionMap;
import static org.pac4j.core.client.IndirectClient.ATTEMPTED_AUTHENTICATION_SUFFIX;
@ -329,11 +326,4 @@ public class AuthenticationController extends Controller {
return Results.ok().withSession(createSessionMap(userUrnString, accessToken))
.withCookies(createActorCookie(userUrnString, ttlInHours));
}
private Map<String, String> createSessionMap(final String userUrnStr, final String accessToken) {
final Map<String, String> sessionAttributes = new HashMap<>();
sessionAttributes.put(ACTOR, userUrnStr);
sessionAttributes.put(ACCESS_TOKEN, accessToken);
return sessionAttributes;
}
}

17
datahub-frontend/test/app/ApplicationTest.java
View File

@ -24,10 +24,13 @@ import play.test.WithBrowser;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static play.mvc.Http.Status.NOT_FOUND;
import static play.mvc.Http.Status.OK;
import static play.test.Helpers.fakeRequest;
@ -72,11 +75,14 @@ public class ApplicationTest extends WithBrowser {
private String _wellKnownUrl;
private static final String TEST_USER = "urn:li:corpuser:testUser@myCompany.com";
private static final String TEST_TOKEN = "faketoken_YCpYIrjQH4sD3_rAc3VPPFg4";
@BeforeAll
public void init() throws IOException, InterruptedException {
_gmsServer = new MockWebServer();
_gmsServer.enqueue(new MockResponse().setBody("{\"value\":\"urn:li:corpuser:testUser@myCompany.com\"}"));
_gmsServer.enqueue(new MockResponse().setBody("{\"accessToken\":\"faketoken_YCpYIrjQH4sD3_rAc3VPPFg4\"}"));
_gmsServer.enqueue(new MockResponse().setBody(String.format("{\"value\":\"%s\"}", TEST_USER)));
_gmsServer.enqueue(new MockResponse().setBody(String.format("{\"accessToken\":\"%s\"}", TEST_TOKEN)));
_gmsServer.start(gmsServerPort());
_oauthServer = new MockOAuth2Server();
@ -140,8 +146,13 @@ public class ApplicationTest extends WithBrowser {
public void testHappyPathOidc() throws InterruptedException {
browser.goTo("/authenticate");
assertEquals("", browser.url());
Cookie actorCookie = browser.getCookie("actor");
assertEquals("urn:li:corpuser:testUser@myCompany.com", actorCookie.getValue());
assertEquals(TEST_USER, actorCookie.getValue());
Cookie sessionCookie = browser.getCookie("PLAY_SESSION");
assertTrue(sessionCookie.getValue().contains("token=" + TEST_TOKEN));
assertTrue(sessionCookie.getValue().contains("actor=" + URLEncoder.encode(TEST_USER, StandardCharsets.UTF_8)));
}
}