We use cookies to ensure you get the best experience on our website
Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
0ct0pu5
/
kafka-ui
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

Fix UserInfoUri usage for Github Enterprise (#3545)

* Fix #3542

* Fix orgs sub url

* Replace a constant with a well-known one

* Remove an unused constant

* Update local run config file
Roman Zabaluev 2 lat temu
rodzic
4a1e987a1d
commit
8348241e3d
2 zmienionych plików z 56 dodań i 25 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 18 3
      kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/rbac/extractor/GithubAuthorityExtractor.java
  2. 38 22
      kafka-ui-api/src/main/resources/application-local.yml

+ 18 - 3
kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/rbac/extractor/GithubAuthorityExtractor.java
Wyświetl plik 

@@ -12,6 +12,7 @@ import java.util.stream.Stream;
 
 import lombok.extern.slf4j.Slf4j;
 
 import org.springframework.core.ParameterizedTypeReference;
 
 import org.springframework.http.HttpHeaders;
 
+import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
 
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
 
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 
 import org.springframework.web.reactive.function.client.WebClient;
 
@@ -24,8 +25,7 @@ public class GithubAuthorityExtractor implements ProviderAuthorityExtractor {
 
   private static final String USERNAME_ATTRIBUTE_NAME = "login";
 
   private static final String ORGANIZATION_NAME = "login";
 
   private static final String GITHUB_ACCEPT_HEADER = "application/vnd.github+json";
 
-
 
-  private final WebClient webClient = WebClient.create("https://api.github.com");
 
+  private static final String DUMMY = "dummy";
 
 
   @Override
 
   public boolean isApplicable(String provider) {
 
@@ -64,9 +64,24 @@ public class GithubAuthorityExtractor implements ProviderAuthorityExtractor {
 
       return Mono.just(groupsByUsername);
 
     }
 
 
+    OAuth2UserRequest req = (OAuth2UserRequest) additionalParams.get("request");
 
+    String infoEndpoint = req.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri();
 
+
 
+    if (infoEndpoint == null) {
 
+      infoEndpoint = CommonOAuth2Provider.GITHUB
 
+          .getBuilder(DUMMY)
 
+          .clientId(DUMMY)
 
+          .build()
 
+          .getProviderDetails()
 
+          .getUserInfoEndpoint()
 
+          .getUri();
 
+    }
 
+
 
+    WebClient webClient = WebClient.create(infoEndpoint);
 
+
 
     final Mono<List<Map<String, Object>>> userOrganizations = webClient
 
         .get()
 
-        .uri("/user/orgs")
 
+        .uri("/orgs")
 
         .headers(headers -> {
 
           headers.set(HttpHeaders.ACCEPT, GITHUB_ACCEPT_HEADER);
 
           OAuth2UserRequest request = (OAuth2UserRequest) additionalParams.get("request");

+ 38 - 22
kafka-ui-api/src/main/resources/application-local.yml
Wyświetl plik 

@@ -6,6 +6,9 @@ logging:
 
     #org.springframework.http.codec.json.Jackson2JsonDecoder: DEBUG
 
     reactor.netty.http.server.AccessLog: INFO
 
 
+#server:
 
+#  port: 8080 #- Port in which kafka-ui will run.
 
+
 
 kafka:
 
   clusters:
 
     - name: local
 
@@ -42,27 +45,40 @@ kafka:
 
 spring:
 
   jmx:
 
     enabled: true
 
-  security:
 
-    oauth2:
 
-      client:
 
-        registration:
 
-          cognito:
 
-            clientId: xx
 
-            clientSecret: yy
 
-            scope: openid
 
-            client-name: cognito
 
-            provider: cognito
 
-            redirect-uri: http://localhost:8080/login/oauth2/code/cognito
 
-            authorization-grant-type: authorization_code
 
-        provider:
 
-          cognito:
 
-            issuer-uri: https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_M7cIUn1nj
 
-            jwk-set-uri: https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_M7cIUn1nj/.well-known/jwks.json
 
-            user-name-attribute: username
 
+
 
 auth:
 
   type: DISABLED
 
-
 
-roles.file: /tmp/roles.yml
 
-
 
-#server:
 
-#  port: 8080 #- Port in which kafka-ui will run.
 
+#  type: OAUTH2
 
+#  oauth2:
 
+#    client:
 
+#      cognito:
 
+#        clientId:
 
+#        clientSecret:
 
+#        scope: openid
 
+#        client-name: cognito
 
+#        provider: cognito
 
+#        redirect-uri: http://localhost:8080/login/oauth2/code/cognito
 
+#        authorization-grant-type: authorization_code
 
+#        issuer-uri: https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_M7cIUn1nj
 
+#        jwk-set-uri: https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_M7cIUn1nj/.well-known/jwks.json
 
+#        user-name-attribute: username
 
+#        custom-params:
 
+#          type: cognito
 
+#          logoutUrl: https://kafka-ui.auth.eu-central-1.amazoncognito.com/logout
 
+#      google:
 
+#        provider: google
 
+#        clientId:
 
+#        clientSecret:
 
+#        user-name-attribute: email
 
+#        custom-params:
 
+#          type: google
 
+#          allowedDomain: provectus.com
 
+#      github:
 
+#        provider: github
 
+#        clientId:
 
+#        clientSecret:
 
+#        scope:
 
+#          - read:org
 
+#        user-name-attribute: login
 
+#        custom-params:
 
+#          type: github

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5