Skip to content
This repository has been archived by the owner on Oct 9, 2023. It is now read-only.

Introduce pre redirect hook plugin during auth callback #601

Merged
merged 10 commits into from
Aug 10, 2023
Merged

Introduce pre redirect hook plugin during auth callback #601

merged 10 commits into from
Aug 10, 2023

Conversation

pmahindrakar-oss
Copy link
Contributor

@pmahindrakar-oss pmahindrakar-oss commented Aug 10, 2023
edited
Loading

TL;DR

Introduces a preRedirectHook plugin handler to allow custom code to be able to be plugged in before the successful auth call back redirect happens

Type

  • Bug Fix
  • Feature
  • Plugin

Are all requirements met?

  • Code completed
  • Smoke tested
  • Unit tests added
  • Code documentation added
  • Any pending items have an associated Issue

Complete description

type PreRedirectHookFunc func(ctx context.Context, authCtx interfaces.AuthenticationContext, request *http.Request, w http.ResponseWriter) *PreRedirectHookError

PreRedirectHookFunc Interface is used for running custom code before the redirect happens during a successful auth flow.

The API allows you to access the authenticationContext, request and response

This might be useful in cases where the auth flow allows the user to login since the IDP has been configured
for eg: to allow all users from a particular domain to login but you want to restrict access to only a particular set of user ids. eg : [email protected] are allowed to login but user [email protected], [email protected] should only be allowed

The current Plugin hook will allow you to add such a custom code.

PreRedirectHookError is the error interface which allows the user to set correct http status code and Message to be set in case the function returns an error without which the current usage in GetCallbackHandler will set this to InternalServerError

Tracking Issue

fixes flyteorg/flyte#3940

Follow-up issue

NA

@pmahindrakar-oss pmahindrakar-oss changed the title Introduce callback plugin Introduce pre redirect hook plugin during auth callback Aug 10, 2023
@codecov
Copy link

codecov bot commented Aug 10, 2023
edited
Loading

Codecov Report

Merging #601 (034ae68) into master (86c00cc) will increase coverage by 1.61%.
The diff coverage is 62.50%.

❗ Current head 034ae68 differs from pull request most recent head c7b92c7. Consider uploading reports for the commit c7b92c7 to get more accurate results

@@            Coverage Diff             @@
##           master     #601      +/-   ##
==========================================
+ Coverage   58.66%   60.27%   +1.61%     
==========================================
  Files         171      171              
  Lines       16464    13456    -3008     
==========================================
- Hits         9659     8111    -1548     
+ Misses       5954     4493    -1461     
- Partials      851      852       +1
Flag Coverage Δ
unittests ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed Coverage Δ
plugins/registry.go 100.00% <ø> (ø)
auth/handlers.go 35.79% <62.50%> (+0.68%) ⬆️

... and 155 files with indirect coverage changes

katrogan
katrogan reviewed Aug 10, 2023
View reviewed changes
auth/handlers.go
logger.Infof(ctx, "preRedirect hook is set")
if err := preRedirectHook(ctx, authCtx, request, writer); err != nil {
logger.Errorf(ctx, "failed the preRedirect hook due %v with status code %v", err.Message, err.Code)
if http.StatusText(err.Code) != "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we also check that it isn't status ok? https://go.dev/src/net/http/status.go

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So i am relying on the user code which set the hook to set the correct http status code .
If they choose to set OK, then thats what we will set on the header.

auth/handlers.go Outdated Show resolved Hide resolved
@pmahindrakar-oss
Adding a predredirect hook plugin
92d2a8b 
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss
Add test logs
19ddf62 
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss
test logs
256a582 
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss
fix
7c7915d 
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss
Reading identity token for getting subject
799f72d 
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss
reverting
ae9e5cc 
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss
Adding PreRedirectHookError
f81f441 
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss
Add some more tests
253e0b2 
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss
lint fixes
269b0e1 
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss
removed log line
c7b92c7 
Signed-off-by: pmahindrakar-oss <[email protected]>
@pmahindrakar-oss pmahindrakar-oss enabled auto-merge (squash) August 10, 2023 18:01
@pmahindrakar-oss pmahindrakar-oss merged commit 38a233d into master Aug 10, 2023
11 checks passed
@pmahindrakar-oss pmahindrakar-oss deleted the introduce-callback-plugin branch August 10, 2023 18:05
eapolinario pushed a commit that referenced this pull request Sep 6, 2023
@pmahindrakar-oss
Introduce pre redirect hook plugin during auth callback (#601)
304420a 
* Adding a predredirect hook plugin

Signed-off-by: pmahindrakar-oss <[email protected]>

* Add test logs

Signed-off-by: pmahindrakar-oss <[email protected]>

* test logs

Signed-off-by: pmahindrakar-oss <[email protected]>

* fix

Signed-off-by: pmahindrakar-oss <[email protected]>

* Reading identity token for getting subject

Signed-off-by: pmahindrakar-oss <[email protected]>

* reverting

Signed-off-by: pmahindrakar-oss <[email protected]>

* Adding PreRedirectHookError

Signed-off-by: pmahindrakar-oss <[email protected]>

* Add some more tests

Signed-off-by: pmahindrakar-oss <[email protected]>

* lint fixes

Signed-off-by: pmahindrakar-oss <[email protected]>

* removed log line

Signed-off-by: pmahindrakar-oss <[email protected]>

---------

Signed-off-by: pmahindrakar-oss <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@katrogan katrogan katrogan approved these changes

@wild-endeavor wild-endeavor Awaiting requested review from wild-endeavor wild-endeavor is a code owner

@EngHabu EngHabu Awaiting requested review from EngHabu EngHabu is a code owner

@kumare3 kumare3 Awaiting requested review from kumare3 kumare3 is a code owner

@hamersaw hamersaw Awaiting requested review from hamersaw hamersaw is a code owner

@eapolinario eapolinario Awaiting requested review from eapolinario eapolinario is a code owner

@jeevb jeevb Awaiting requested review from jeevb

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Core feature] Introduce PreRedirectHook plugin which can be used during authflow before redirect
2 participants
@pmahindrakar-oss @katrogan