Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implementation of Oauth of Github, Google and Microsoft #4298

Open
wants to merge 81 commits into
base: master
Choose a base branch
from

Conversation

feyruzb
Copy link
Collaborator

@feyruzb feyruzb commented Jul 18, 2024

fixes #4160

The right way it should look after logging in
Screenshot from 2024-07-18 17-38-29

new added button to log in with github
Screenshot from 2024-07-18 17-40-36

Changes:

  • added new buttons on login page for GitHub,Google Oauth authorization
  • added functions createLink and getOAuthToken into authentication.thrift
  • changed the current version of thrift API from 6.58.0 to 6.59.0
  • imported OAuth2Session in client.py
  • added a case for Oauth authorization in login_user function
  • added definition for thrift
  • imported OAuth2Session in authentication.py
  • added code to load the authentication configuration from
  • added oauth method for authentication in performLogin function
  • added oauth case in session manager
  • added fields for server_config file in the server_config.json
  • added oauth cases in auth.js
  • added reusable providers dict to server config to allow easier adding of new oauth providers
  • create a new function get_oauth_config for getting different providers configs in session manager
  • added documentation for configuration

@feyruzb feyruzb force-pushed the branch-2-backup branch 2 times, most recently from 5ce7f18 to 68eaf7b Compare July 25, 2024 11:05
@feyruzb feyruzb requested a review from dkrupp as a code owner July 29, 2024 15:14
@feyruzb feyruzb force-pushed the branch-2-backup branch 2 times, most recently from de2e213 to d3f6b29 Compare July 30, 2024 11:02
Copy link
Collaborator

@vodorok vodorok left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see my remarks.

I have some additional comments apart from the direct in code messages:

  • My major concern with the implementation is that the oauth related API and its implementation is not generalized enough. The configuration is good enough for the time being.
  • I am not sure if we are allowed to use the Git Hub logo in our repo.
  • Please invite @cservakt to review the JS and VueJS parts.

I did not do a thorough review of the oauth flow in authentication.py after you addressed the above issues I will do another round concentrating on that.

Thanks for the hard work!

web/server/config/server_config.json Outdated Show resolved Hide resolved
web/server/config/server_config.json Show resolved Hide resolved
docs/web/authentication.md Outdated Show resolved Hide resolved
web/api/authentication.thrift Outdated Show resolved Hide resolved
web/client/codechecker_client/client.py Outdated Show resolved Hide resolved
web/server/vue-cli/src/store/actions.type.js Show resolved Hide resolved
web/server/config/server_config.json Outdated Show resolved Hide resolved
web/server/codechecker_server/api/authentication.py Outdated Show resolved Hide resolved
web/server/codechecker_server/session_manager.py Outdated Show resolved Hide resolved
web/server/codechecker_server/session_manager.py Outdated Show resolved Hide resolved
@feyruzb feyruzb force-pushed the branch-2-backup branch 10 times, most recently from 12c68e7 to f064c2b Compare July 31, 2024 14:41
@feyruzb feyruzb requested a review from vodorok July 31, 2024 15:03
@feyruzb feyruzb force-pushed the branch-2-backup branch 3 times, most recently from b4d5a0a to d3847d6 Compare July 31, 2024 16:05
@feyruzb feyruzb force-pushed the branch-2-backup branch 7 times, most recently from 9db4828 to afbf03b Compare October 14, 2024 13:05
@feyruzb feyruzb force-pushed the branch-2-backup branch 7 times, most recently from 9256875 to 75072a3 Compare October 15, 2024 16:56
with DBSession(self.__config_db) as session:
state_db = session.query(StateCodes) \
.filter(StateCodes.id == state_id) \
.first().state
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Expired states might not have been purged at this point - add an explicit check here for expires_at.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

.filter(StateCodes.state == new_state.state
and
StateCodes.expires_at == new_state.expires_at) \
.first().id
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be worthwhile to explicitly store other parameters of the "state" here as well - oauth provider, PKCE if added, etc.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

OpenID Connect based authentication (oauth)
6 participants