search

opensearch-project / security-dashboards-plugin

🔐 Manage your internal users, roles, access control, and audit logs from OpenSearch Dashboards
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
71 stars 161 forks source link

Preserve Query in nextUrl during openid login redirect #2140

Open KleinSebastian opened 1 month ago

KleinSebastian commented 1 month ago

Description

Successful Openid Login redirects back to the URL, from where the login was initiated.

Category

Bug fix

Why these changes are required?

Bug was reported: https://github.com/opensearch-project/security-dashboards-plugin/issues/1823 and https://github.com/opensearch-project/security-dashboards-plugin/issues/2119

What is the old behaviour before changes and new behaviour after changes?

The changed behaviour is best explained by following user-flow

The whole functionality is basically ported from the SAML login method.

Issues Resolved

Fix: https://github.com/opensearch-project/security-dashboards-plugin/issues/1823 Fix: https://github.com/opensearch-project/security-dashboards-plugin/issues/2119

Testing

Existing Tests pass

Check List

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 71.46%. Comparing base (506d803) to head (d5bb312). Report is 2 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #2140 +/- ## ======================================= Coverage 71.46% 71.46% ======================================= Files 97 97 Lines 2649 2649 Branches 411 403 -8 ======================================= Hits 1893 1893 Misses 641 641 Partials 115 115 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

🚨 Try these New Features:

cwperks commented 3 weeks ago

@KleinSebastian Can you add a test to go along with the changes being introduced in this PR?

KleinSebastian commented 2 weeks ago

@cwperks I added a set of unit tests for the handleUnauthRequest call. E2E Tests for the functionality are unfortunately not working on my machine, so I skipped them. If you insist upon Cypress Tests I will try my best to do it on another machine.

cwperks commented 2 weeks ago

@KleinSebastian please fix the eslint issues. You can fix them automatically with yarn run lint:es --fix

cwperks commented 2 weeks ago

@KleinSebastian There are a few test errors. Are these errors due to changes from this PR or was there a change in OSD that introduced these errors?

KleinSebastian commented 1 week ago

@cwperks I was able to reproduce the error. It was an issue with updating the "security_authentication" cookie due to the mismatch of "localhost" and "127.0.0.1" between OSD and Keycloak, resulting rejection of set-cookie in the browser due to the default SameSite behaviour "Lax".

Fixing the configuration does fix the E2E Tests as well as the need for a second redirect the existing E2E Tests.

cwperks commented 1 week ago

@cwperks I was able to reproduce the error. It was an issue with updating the "security_authentication" cookie due to the mismatch of "localhost" and "127.0.0.1" between OSD and Keycloak, resulting rejection of set-cookie in the browser due to the default SameSite behaviour "Lax".

Fixing the configuration does fix the E2E Tests as well as the need for a second redirect the existing E2E Tests.

Awesome, thank you! I just approved the CI checks to run again. We will get results in ~45min - 1 hr

KleinSebastian commented 1 week ago

@cwperks I saw that the E2E test runs failed again, but this time the OSD Server did not even start properly. I also saw that I introduced unwanted line ending changes. I reverted them because this might be the reason for the not starting server.

cwperks commented 1 week ago

@cwperks I saw that the E2E test runs failed again, but this time the OSD Server did not even start properly. I also saw that I introduced unwanted line ending changes. I reverted them because this might be the reason for the not starting server.

I just started the CI checks again.

KleinSebastian commented 1 week ago

OSD is still not starting, I assume that the server is not able to contact Keycloak by using the "127.0.0.1" address and exits. I reverted the changes done to the E2E Setup and tried fixing the tests with the manual redirect workaround present in the existing tests.