diff --git a/deps/rabbitmq_management/.gitignore b/deps/rabbitmq_management/.gitignore index 96463fa9b6..e44f8b646f 100644 --- a/deps/rabbitmq_management/.gitignore +++ b/deps/rabbitmq_management/.gitignore @@ -2,12 +2,5 @@ test/config_schema_SUITE_data/schema/ -selenium/node_modules -selenium/package-lock.json -selenium/screens/*/* -selenium/logs -selenium/suites/logs/* -selenium/suites/screens/* -selenium/test/oauth/*/h2/*.trace.db -selenium/test/oauth/*/h2/*.lock.db -selenium/*/target/* +test/js/node_modules +test/js/package-lock.json \ No newline at end of file diff --git a/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js b/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js index 0df8b3d056..db0a46b654 100644 --- a/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js +++ b/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js @@ -133,40 +133,41 @@ export function oauth_initiate(oauth) { } return oauth; } -function oauth_initialize_user_manager(resource_server) { - let oidcSettings = { - userStore: new oidc.WebStorageStateStore({ store: window.localStorage }), - authority: resource_server.oauth_provider_url, - client_id: resource_server.oauth_client_id, - response_type: resource_server.oauth_response_type, - scope: resource_server.oauth_scopes, -// resource: resource_server.id, - redirect_uri: rabbit_base_uri() + "/js/oidc-oauth/login-callback.html", - post_logout_redirect_uri: rabbit_base_uri() + "/", - - automaticSilentRenew: true, - revokeAccessTokenOnSignout: true, - extraQueryParams: { - audience: resource_server.id, // required by oauth0 - }, - }; - if (resource_server.end_session_endpoint != "") { - oidcSettings.metadataSeed = { - end_session_endpoint: resource_server.end_session_endpoint - } - } - if (resource_server.oauth_client_secret != "") { - oidcSettings.client_secret = resource_server.oauth_client_secret; - } - if (resource_server.oauth_metadata_url != "") { - oidcSettings.metadataUrl = resource_server.oauth_metadata_url; - } +export function oidc_settings_from(resource_server) { + let oidcSettings = { + userStore: new oidc.WebStorageStateStore({ store: window.localStorage }), + authority: resource_server.oauth_provider_url, + metadataUrl: resource_server.oauth_metadata_url, + client_id: resource_server.oauth_client_id, + response_type: resource_server.oauth_response_type, + scope: resource_server.oauth_scopes, + redirect_uri: rabbit_base_uri() + "/js/oidc-oauth/login-callback.html", + post_logout_redirect_uri: rabbit_base_uri() + "/", + automaticSilentRenew: true, + revokeAccessTokenOnSignout: true + } + if (resource_server.end_session_endpoint != "") { + oidcSettings.metadataSeed = { + end_session_endpoint: resource_server.end_session_endpoint + } + } + if (resource_server.oauth_client_secret != "") { + oidcSettings.client_secret = resource_server.oauth_client_secret + } + if (resource_server.authorization_endpoint_params != "") { + oidcSettings.extraQueryParams = resource_server.authorization_endpoint_params + } + if (resource_server.token_endpoint_params != "") { + oidcSettings.extraTokenParams = resource_server.token_endpoint_params + } + return oidcSettings +} +function oauth_initialize_user_manager(resource_server) { oidc.Log.setLevel(oidc.Log.DEBUG); oidc.Log.setLogger(console); - mgr = new oidc.UserManager(oidcSettings); -// oauth.readiness_url = mgr.settings.metadataUrl; + mgr = new oidc.UserManager(oidc_settings_from(resource_server)) _management_logger = new oidc.Logger("Management"); @@ -212,20 +213,6 @@ export function oauth_initialize(authSettings) { return oauth; } -function log() { - message = "" - Array.prototype.forEach.call(arguments, function(msg) { - if (msg instanceof Error) { - msg = "Error: " + msg.message; - } - else if (typeof msg !== "string") { - msg = JSON.stringify(msg, null, 2); - } - message += msg - }); - _management_logger.info(message) -} - function oauth_is_logged_in() { return mgr.getUser().then(user => { if (!user) { diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl b/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl index 854bb8784a..8b249f3429 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_wm_auth.erl @@ -77,6 +77,10 @@ getAllDeclaredOauth2Resources(OAuth2BackendProps) -> undefined -> OAuth2Resources; Id -> maps:put(Id, [{id, Id}], OAuth2Resources) end. +buildRootResourceServerIfAny(Props) -> + [ {id, proplists:get_value(resource_server_id, Props) }, + {oauth_client_id, proplists:get_value(oauth_client_id, Props)}, + {oauth_client_id, proplists:get_value(oauth_client_id, Props)} ]. authSettings() -> ManagementProps = application:get_all_env(rabbitmq_management), diff --git a/deps/rabbitmq_management/test/js/.babelrc b/deps/rabbitmq_management/test/js/.babelrc new file mode 100644 index 0000000000..1320b9a327 --- /dev/null +++ b/deps/rabbitmq_management/test/js/.babelrc @@ -0,0 +1,3 @@ +{ + "presets": ["@babel/preset-env"] +} diff --git a/deps/rabbitmq_management/test/js/package.json b/deps/rabbitmq_management/test/js/package.json new file mode 100644 index 0000000000..0748d98ba9 --- /dev/null +++ b/deps/rabbitmq_management/test/js/package.json @@ -0,0 +1,35 @@ +{ + "type":"module", + "dependencies": { + + + "json": "^11.0.0", + + + "mocha": "^10.7.3" + + }, + + "scripts": { + + + "test": "mocha --recursive --trace-warnings --require @babel/register" + + }, + + "devDependencies": { + + + "@babel/cli": "^7.25.6", + + + "@babel/core": "^7.25.2", + + + "@babel/preset-env": "^7.25.4", + + + "@babel/register": "^7.24.6" + + } +} diff --git a/deps/rabbitmq_management/test/js/test/oidc-oauth/helper.test.js b/deps/rabbitmq_management/test/js/test/oidc-oauth/helper.test.js new file mode 100644 index 0000000000..88431a0c94 --- /dev/null +++ b/deps/rabbitmq_management/test/js/test/oidc-oauth/helper.test.js @@ -0,0 +1,22 @@ +const assert = require('assert') +import oidc_settings_from from '../../../../priv/www/js/oidc-oauth/helper.js' + +describe('oidc_settings_from', function () { + describe('single root resource', function () { + + describe('with minimum required settings', function () { + var resource = { + oauth_client_id : "some-client", + oauth_provider_url : "https://someurl", + oauth_metadata_url : "https://someurl/extra" + } + var oidc_settings = oidc_settings_from(resource) + + it('oidc_settings should have client_id ', function () { + assert.equal(resource.oauth_provider_url, oidc_settings.authority) + assert.equal(resource.oauth_metadata_url, oidc_settings.metadataUrl) + assert.equal(resource.oauth_client_id, oidc_settings.client_id) + }) + }) + }) +}) \ No newline at end of file diff --git a/deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl b/deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl index d47350d2b9..224555da71 100644 --- a/deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl +++ b/deps/rabbitmq_management/test/rabbit_mgmt_wm_auth_SUITE.erl @@ -40,7 +40,7 @@ groups() -> should_return_disabled_auth_settings, {with_root_issuer_url1, [], [ {with_resource_server_id_rabbit, [], [ - should_return_disabled_auth_settings, + should_return_disabled_auth_settings, {with_mgt_oauth_client_id_z, [], [ should_return_oauth_enabled, should_return_oauth_client_id_z,