Skip to content

fix: allow for auth with activedirectory again #1061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jul 1, 2025
+58 −19
Merged

fix: allow for auth with activedirectory again #1061

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
dc208cd
fix: allow for auth with activedirectory again
06kellyjac Jun 25, 2025
6793fae
fix: make loadFromGit non-interactive
06kellyjac Jun 25, 2025
accf223
test: move valid url missing git repo test under our control
06kellyjac Jun 25, 2025
e85b3bd
Merge branch 'main' into fix_multi_auth
JamieSlome Jul 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/config/ConfigLoader.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -316,6 +316,8 @@ export class ConfigLoader extends EventEmitter {
const execOptions = {
cwd: process.cwd(),
env: {
// dont wait for credentials; the command should be sufficiently authed
GIT_TERMINAL_PROMPT: 0,
...process.env,
...(source.auth?.type === 'ssh'
? {
Expand Down
73 changes: 55 additions & 18 deletions src/service/routes/auth.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
const express = require('express');
const router = new express.Router();
const passport = require('../passport').getPassport();
const { getAuthMethods } = require('../../config');
const passportLocal = require('../passport/local');
const passportAD = require('../passport/activeDirectory');
const authStrategies = require('../passport').authStrategies;
const db = require('../../db');
const { GIT_PROXY_UI_HOST: uiHost = 'http://localhost', GIT_PROXY_UI_PORT: uiPort = 3000 } =
Expand All @@ -23,25 +26,59 @@
});
});

router.post('/login', passport.authenticate(authStrategies['local'].type), async (req, res) => {
try {
const currentUser = { ...req.user };
delete currentUser.password;
console.log(
`serivce.routes.auth.login: user logged in, username=${
currentUser.username
} profile=${JSON.stringify(currentUser)}`,
);
res.send({
message: 'success',
user: currentUser,
});
} catch (e) {
console.log(`service.routes.auth.login: Error logging user in ${JSON.stringify(e)}`);
res.status(500).send('Failed to login').end();
return;
// login strategies that will work with /login e.g. take username and password
const appropriateLoginStrategies = [passportLocal.type, passportAD.type];
// getLoginStrategy fetches the enabled auth methods and identifies if there's an appropriate
// auth method for username and password login. If there isn't it returns null, if there is it
// returns the first.
const getLoginStrategy = () => {
// returns only enabled auth methods
// returns at least one enabled auth method
const enabledAppropriateLoginStrategies = getAuthMethods().filter((am) =>
appropriateLoginStrategies.includes(am.type.toLowerCase()),
);
// for where no login strategies which work for /login are enabled
// just return null
if (enabledAppropriateLoginStrategies.length === 0) {
return null;

Check warning on line 43 in src/service/routes/auth.js

View check run for this annotation

Codecov / codecov/patch

src/service/routes/auth.js#L43 

Added line #L43 was not covered by tests
}
});
// return the first enabled auth method
return enabledAppropriateLoginStrategies[0].type.toLowerCase();
};

// TODO: provide separate auth endpoints for each auth strategy or chain compatibile auth strategies
// TODO: if providing separate auth methods, inform the frontend so it has relevant UI elements and appropriate client-side behavior
router.post(
'/login',
(req, res, next) => {
const authType = getLoginStrategy();
if (authType === null) {
res.status(403).send('Username and Password based Login is not enabled at this time').end();
return;

Check warning on line 57 in src/service/routes/auth.js

View check run for this annotation

Codecov / codecov/patch

src/service/routes/auth.js#L56-L57 

Added lines #L56 - L57 were not covered by tests
}
console.log('going to auth with', authType);
return passport.authenticate(authType)(req, res, next);
},
async (req, res) => {
try {
const currentUser = { ...req.user };
delete currentUser.password;
console.log(
`serivce.routes.auth.login: user logged in, username=${
currentUser.username
} profile=${JSON.stringify(currentUser)}`,
);
res.send({
message: 'success',
user: currentUser,
});
} catch (e) {
console.log(`service.routes.auth.login: Error logging user in ${JSON.stringify(e)}`);
res.status(500).send('Failed to login').end();
return;

Check warning on line 78 in src/service/routes/auth.js

View check run for this annotation

Codecov / codecov/patch

src/service/routes/auth.js#L76-L78 

Added lines #L76 - L78 were not covered by tests
}
},
);

router.get('/oidc', passport.authenticate(authStrategies['openidconnect'].type));

Expand Down
2 changes: 1 addition & 1 deletion test/ConfigLoader.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -437,7 +437,7 @@ describe('ConfigLoader', () => {
it('should throw error if repository is a valid URL but not a git repository', async function () {
const source = {
type: 'git',
repository: 'https://github.com/test-org/test-repo.git',
repository: 'https://github.com/finos/made-up-test-repo.git',
path: 'proxy.config.json',
branch: 'main',
enabled: true,
Expand Down
Loading