Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature: pkce for UI #9890 #11325

Closed
wants to merge 1 commit into from

Conversation

mmerrill3
Copy link
Contributor

Fixes [ISSUE #9890] . Implementation for PXCE using redis storage for the UI. Use the "state" nonce as the key for looking up the code verifier.

Signed-off-by: mmerrill3 jjpaacks@gmail.com

Note on DCO:

If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • Optional. My organization is added to USERS.md.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).

Signed-off-by: mmerrill3 <jjpaacks@gmail.com>
@mmerrill3
Copy link
Contributor Author

@crenshaw-dev, I'll be adding tests, but wanted to get feedback on the approach.

@codecov
Copy link

codecov bot commented Nov 16, 2022

Codecov Report

Base: 45.65% // Head: 45.69% // Increases project coverage by +0.03% 🎉

Coverage data is based on head (52b2b17) compared to base (817161a).
Patch coverage: 55.55% of modified lines in pull request are covered.

Additional details and impacted files
@@            Coverage Diff             @@
##           master   #11325      +/-   ##
==========================================
+ Coverage   45.65%   45.69%   +0.03%     
==========================================
  Files         239      239              
  Lines       28996    29014      +18     
==========================================
+ Hits        13238    13257      +19     
+ Misses      13939    13937       -2     
- Partials     1819     1820       +1     
Impacted Files Coverage Δ
cmd/argocd/commands/login.go 2.23% <0.00%> (+0.05%) ⬆️
util/oidc/oidc.go 58.39% <70.00%> (+0.68%) ⬆️
server/server.go 53.13% <75.00%> (+0.21%) ⬆️
util/io/path/resolved.go 76.56% <0.00%> (-0.37%) ⬇️
util/settings/settings.go 51.25% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

parts := strings.Split(iterator.Val(), "|")
if len(parts) < 2 {
log.Warnf("Unexpected redis key prefixed with '%s'. Must have nonce and code verifier, tilde separated, after the prefix but got: '%s'.",
pkceEntryPrefix+nonce,

Check failure

Code scanning / CodeQL

Log entries created from user input

This log entry depends on a [user-provided value](1).
}

if iterator.Err() != nil {
log.Warnf("Unexpected redis error when optimistically looking in redis for nonce '%s' : %v", nonce, iterator.Err())

Check failure

Code scanning / CodeQL

Log entries created from user input

This log entry depends on a [user-provided value](1).
log.Warnf("Unexpected redis error when optimistically looking in redis for nonce '%s' : %v", nonce, iterator.Err())
}
}
log.Warnf("Did not find code verifier for nonce '%s'", nonce)

Check failure

Code scanning / CodeQL

Log entries created from user input

This log entry depends on a [user-provided value](1).
@mmerrill3 mmerrill3 changed the title feature: pxce for UI #9890 feature: pkce for UI #9890 Nov 17, 2022
@crenshaw-dev
Copy link
Member

crenshaw-dev commented Nov 17, 2022

In the past, we used an encrypted cookie to avoid making Redis a firm requirement for UI functionality. Would that be viable here as well? cc @alexmt

@mmerrill3
Copy link
Contributor Author

@crenshaw-dev , yes, I believe the verification code could be embedded in the cookie. Thanks, I can try that out.

@mmerrill3 mmerrill3 closed this Nov 19, 2022
@mmerrill3 mmerrill3 deleted the feature/pxce-ui branch November 19, 2022 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants