feat: enable multiple auth methods

cypress/e2e/login.cy.js

@@ -19,15 +19,29 @@ describe('Login page', () => {
     cy.get('[data-test="login"]').should('exist');
   });
 
+  it('should redirect to repo list on valid login', () => {
+    cy.intercept('GET', '**/api/auth/me').as('getUser');
+
+    cy.get('[data-test="username"]').type('admin');
+    cy.get('[data-test="password"]').type('admin');
+    cy.get('[data-test="login"]').click();
+
+    cy.wait('@getUser');
+
+    cy.url().should('include', '/dashboard/repo');
+  })
+
   describe('OIDC login button', () => {
     it('should exist', () => {
       cy.get('[data-test="oidc-login"]').should('exist');
     });
 
     // Validates that OIDC is configured correctly
     it('should redirect to /oidc', () => {
+      // Set intercept first, since redirect on click can be quick
+      cy.intercept('GET', '/api/auth/oidc').as('oidcRedirect');
       cy.get('[data-test="oidc-login"]').click();
-      cy.url().should('include', '/oidc');
+      cy.wait('@oidcRedirect');
     });
   });
 });

cypress/e2e/repo.cy.js

@@ -1,6 +1,8 @@
 describe('Repo', () => {
   beforeEach(() => {
-    cy.visit('/admin/repo');
+    cy.login('admin', 'admin');
+
+    cy.visit('/dashboard/repo');
 
     // prevent failures on 404 request and uncaught promises
     cy.on('uncaught:exception', () => false);
@@ -18,7 +20,7 @@ describe('Repo', () => {
 
       cy
         // find the entry for finos/test-repo
-        .get('a[href="/admin/repo/test-repo"]')
+        .get('a[href="/dashboard/repo/test-repo"]')
         // take it's parent row
         .closest('tr')
         // find the nearby span containing Code we can click to open the tooltip

cypress/support/commands.js

@@ -29,9 +29,13 @@
 Cypress.Commands.add('login', (username, password) => {
   cy.session([username, password], () => {
     cy.visit('/login');
+    cy.intercept('GET', '**/api/auth/me').as('getUser');
+
     cy.get('[data-test=username]').type(username);
     cy.get('[data-test=password]').type(password);
     cy.get('[data-test=login]').click();
-    cy.url().should('contain', '/admin/profile');
+
+    cy.wait('@getUser');
+    cy.url().should('include', '/dashboard/repo');
   });
 });

src/config/index.js

@@ -70,27 +70,29 @@
   throw Error('No database cofigured!');
 };
 
-// Gets the configuared data sink, defaults to filesystem
-const getAuthentication = () => {
+/**
+ * Get the list of enabled authentication methods
+ * @return {Array} List of enabled authentication methods
+ */
+const getAuthMethods = () => {
   if (_userSettings !== null && _userSettings.authentication) {
     _authentication = _userSettings.authentication;
   }
-  for (const ix in _authentication) {
-    if (!ix) continue;
-    const auth = _authentication[ix];
-    if (auth.enabled) {
-      return auth;
-    }
+
+  const enabledAuthMethods = _authentication.filter(auth => auth.enabled);
+
+  if (enabledAuthMethods.length === 0) {
+    throw new Error("No authentication method enabled.");
   }
 
-  throw Error('No authentication cofigured!');
+  return enabledAuthMethods;
 };
 
 // Log configuration to console
 const logConfiguration = () => {
   console.log(`authorisedList = ${JSON.stringify(getAuthorisedList())}`);
   console.log(`data sink = ${JSON.stringify(getDatabase())}`);
-  console.log(`authentication = ${JSON.stringify(getAuthentication())}`);
+  console.log(`authentication = ${JSON.stringify(getAuthMethods())}`);
 };
 
 const getAPIs = () => {
@@ -202,7 +204,7 @@
 exports.getAuthorisedList = getAuthorisedList;
 exports.getDatabase = getDatabase;
 exports.logConfiguration = logConfiguration;
-exports.getAuthentication = getAuthentication;
+exports.getAuthMethods = getAuthMethods;
 exports.getTempPasswordConfig = getTempPasswordConfig;
 exports.getCookieSecret = getCookieSecret;
 exports.getSessionMaxAgeHours = getSessionMaxAgeHours;

src/index.jsx

@@ -2,21 +2,28 @@ import React from 'react';
 import ReactDOM from 'react-dom';
 import { createBrowserHistory } from 'history';
 import { BrowserRouter as Router, Route, Routes, Navigate } from 'react-router-dom';
+import { AuthProvider } from './ui/auth/AuthProvider';
 
 // core components
-import Admin from './ui/layouts/Admin';
+import Dashboard from './ui/layouts/Dashboard';
 import Login from './ui/views/Login/Login';
 import './ui/assets/css/material-dashboard-react.css';
+import NotAuthorized from './ui/views/Extras/NotAuthorized';
+import NotFound from './ui/views/Extras/NotFound';
 
 const hist = createBrowserHistory();
 
 ReactDOM.render(
-  <Router history={hist}>
-    <Routes>
-      <Route exact path='/admin/*' element={<Admin />} />
-      <Route exact path='/login' element={<Login />} />
-      <Route exact path='/' element={<Navigate from='/' to='/admin/repo' />} />
-    </Routes>
-  </Router>,
+  <AuthProvider>
+    <Router history={hist}>
+      <Routes>
+        <Route exact path='/dashboard/*' element={<Dashboard />} />
+        <Route exact path='/login' element={<Login />} />
+        <Route exact path='/not-authorized' element={<NotAuthorized />} />
+        <Route exact path='/' element={<Navigate from='/' to='/dashboard/repo' />} />
+        <Route path='*' element={<NotFound />} />
+      </Routes>
+    </Router>
+  </AuthProvider>,
   document.getElementById('root'),
 );

src/proxy/processors/push-action/blockForAuth.js

@@ -10,7 +10,7 @@ const exec = async (req, action) => {
     '\n\n\n' +
     `\x1B[32mGitProxy has received your push ✅\x1B[0m\n\n` +
     '🔗 Shareable Link\n\n' +
-    `\x1B[34m${url}/admin/push/${action.id}\x1B[0m` +
+    `\x1B[34m${url}/dashboard/push/${action.id}\x1B[0m` +
     '\n\n\n';
   step.setAsyncBlock(message);
 

src/routes.jsx

@@ -16,6 +16,8 @@
 
 */
 
+import React from 'react';
+import PrivateRoute from './ui/components/PrivateRoute/PrivateRoute';
 import Person from '@material-ui/icons/Person';
 import OpenPushRequests from './ui/views/OpenPushRequests/OpenPushRequests';
 import PushDetails from './ui/views/PushDetails/PushDetails';
@@ -33,58 +35,58 @@ const dashboardRoutes = [
     path: '/repo',
     name: 'Repositories',
     icon: RepoIcon,
-    component: RepoList,
-    layout: '/admin',
+    component: (props) => <PrivateRoute component={RepoList} />,
+    layout: '/dashboard',
     visible: true,
   },
+  {
+    path: '/repo/:id',
+    name: 'Repo Details',
+    icon: Person,
+    component: (props) => <PrivateRoute component={RepoDetails} />,
+    layout: '/dashboard',
+    visible: false,
+  },
   {
     path: '/push',
     name: 'Dashboard',
     icon: Dashboard,
-    component: OpenPushRequests,
-    layout: '/admin',
+    component: (props) => <PrivateRoute component={OpenPushRequests} />,
+    layout: '/dashboard',
     visible: true,
   },
   {
     path: '/push/:id',
     name: 'Open Push Requests',
     icon: Person,
-    component: PushDetails,
-    layout: '/admin',
+    component: (props) => <PrivateRoute component={PushDetails} />,
+    layout: '/dashboard',
     visible: false,
   },
   {
     path: '/profile',
     name: 'My Account',
     icon: AccountCircle,
-    component: User,
-    layout: '/admin',
+    component: (props) => <PrivateRoute component={User} />,
+    layout: '/dashboard',
     visible: true,
   },
   {
-    path: '/user/:id',
-    name: 'User',
-    icon: Person,
-    component: User,
-    layout: '/admin',
-    visible: false,
+    path: '/admin/user',
+    name: 'Users',
+    icon: Group,
+    component: (props) => <PrivateRoute adminOnly component={UserList} />,
+    layout: '/dashboard',
+    visible: true,
   },
   {
-    path: '/repo/:id',
-    name: 'Repo Details',
+    path: '/admin/user/:id',
+    name: 'User',
     icon: Person,
-    component: RepoDetails,
-    layout: '/admin',
+    component: (props) => <PrivateRoute adminOnly component={User} />,
+    layout: '/dashboard',
     visible: false,
   },
-  {
-    path: '/user',
-    name: 'Users',
-    icon: Group,
-    component: UserList,
-    layout: '/admin',
-    visible: true,
-  },
 ];
 
 export default dashboardRoutes;

src/service/passport/activeDirectory.js

@@ -1,16 +1,19 @@
-const configure = () => {
-  const passport = require('passport');
-  const ActiveDirectoryStrategy = require('passport-activedirectory');
-  const config = require('../../config').getAuthentication();
-  const adConfig = config.adConfig;
+const ActiveDirectoryStrategy = require('passport-activedirectory');
+const ldaphelper = require('./ldaphelper');
+
+const configure = (passport) => {
   const db = require('../../db');
-  const userGroup = config.userGroup;
-  const adminGroup = config.adminGroup;
-  const domain = config.domain;
+
+  // We can refactor this by normalizing auth strategy config and pass it directly into the configure() function,
+  // ideally when we convert this to TS.
+  const authMethods = require('../../config').getAuthMethods();
+  const config = authMethods.find((method) => method.type.toLowerCase() === "activeDirectory");
+  const adConfig = config.adConfig;
+
+  const { userGroup, adminGroup, domain } = config;
 
   console.log(`AD User Group: ${userGroup}, AD Admin Group: ${adminGroup}`);
 
-  const ldaphelper = require('./ldaphelper');
   passport.use(
     new ActiveDirectoryStrategy(
       {
@@ -19,42 +22,47 @@
         ldap: adConfig,
       },
       async function (req, profile, ad, done) {
-        profile.username = profile._json.sAMAccountName.toLowerCase();
-        profile.email = profile._json.mail;
-        profile.id = profile.username;
-        req.user = profile;
-
-        console.log(
-          `passport.activeDirectory: resolved login ${
-            profile._json.userPrincipalName
-          }, profile=${JSON.stringify(profile)}`,
-        );
-        // First check to see if the user is in the usergroups
-        const isUser = await ldaphelper.isUserInAdGroup(profile.username, domain, userGroup);
-
-        if (!isUser) {
-          const message = `User it not a member of ${userGroup}`;
-          return done(message, null);
-        }
+        try {
+          profile.username = profile._json.sAMAccountName?.toLowerCase();
+          profile.email = profile._json.mail;
+          profile.id = profile.username;
+          req.user = profile;
 
-        // Now check if the user is an admin
-        const isAdmin = await ldaphelper.isUserInAdGroup(profile.username, domain, adminGroup);
+          console.log(
+            `passport.activeDirectory: resolved login ${
+              profile._json.userPrincipalName
+            }, profile=${JSON.stringify(profile)}`,
+          );
+          // First check to see if the user is in the usergroups
+          const isUser = await ldaphelper.isUserInAdGroup(profile.username, domain, userGroup);
 
-        profile.admin = isAdmin;
-        console.log(`passport.activeDirectory: ${profile.username} admin=${isAdmin}`);
+          if (!isUser) {
+            const message = `User it not a member of ${userGroup}`;
+            return done(message, null);
+          }
 
-        const user = {
-          username: profile.username,
-          admin: isAdmin,
-          email: profile._json.mail,
-          displayName: profile.displayName,
-          title: profile._json.title,
-        };
+          // Now check if the user is an admin
+          const isAdmin = await ldaphelper.isUserInAdGroup(profile.username, domain, adminGroup);
 
-        await db.updateUser(user);
+          profile.admin = isAdmin;
+          console.log(`passport.activeDirectory: ${profile.username} admin=${isAdmin}`);
 
-        return done(null, user);
-      },
+          const user = {
+            username: profile.username,
+            admin: isAdmin,
+            email: profile._json.mail,
+            displayName: profile.displayName,
+            title: profile._json.title,
+          };
+
+          await db.updateUser(user);
+
+          return done(null, user);
+        } catch (err) {
+          console.log(`Error authenticating AD user: ${err.message}`);
+          return done(err, null);
+        }
+      }
     ),
   );
 
@@ -69,4 +77,4 @@
   return passport;
 };
 
-module.exports.configure = configure;
+module.exports = { configure };