Merge branch 'main' into react-conversion

Author: JamieSlome

.github/workflows/ci.yml

@@ -19,7 +19,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: [20.x]
         mongodb-version: [4.4]
 
     steps:
@@ -45,6 +45,12 @@ jobs:
     - name: Install dependencies
       run: npm i
 
+    # for now only check the types of the server
+    # tsconfig isn't quite set up right to respect what vite accepts
+    # for the frontend code
+    - name: Check Types (Server)
+      run: npm run check-types:server
+
     - name: Test
       id: test
       run: |

.github/workflows/experimental-inventory-ci.yml

@@ -19,7 +19,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: [20.x]
         mongodb-version: [4.4]
 
     steps:

.github/workflows/lint.yml

@@ -2,8 +2,8 @@ name: Code Cleanliness
 
 on: [pull_request]
 
-env: # environment variables (available in any part of the action)
-  NODE_VERSION: 18
+env:
+  NODE_VERSION: 20
 
 permissions:
   contents: read

.github/workflows/release.yml

@@ -52,7 +52,7 @@
 #       - uses: actions/checkout@8459bc0 # v4
 #       - uses: actions/setup-node@c2ac33f # v4, Setup .npmrc file to publish to npm
 #         with:
-#           node-version: '18.x'
+#           node-version: '20.x'
 #           registry-url: 'https://registry.npmjs.org'
 #       - run: npm ci
 #       - run: npm publish --access=public

experimental/li-cli/package-lock.json

@@ -21,7 +21,7 @@
   },
   "devDependencies": {
     "@jest/globals": "^29.7.0",
-    "@types/node": "^22.15.32",
+    "@types/node": "^22.15.34",
     "@types/yargs": "^17.0.33",
     "jest": "^29.7.0",
     "rimraf": "^6.0.1",

experimental/li-cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@finos/git-proxy",
-  "version": "1.18.0",
+  "version": "1.18.2",
   "description": "Deploy custom push protections and policies on top of Git.",
   "scripts": {
     "cli": "node ./packages/git-proxy-cli/index.js",
@@ -14,6 +14,7 @@
     "build-lib": "./scripts/build-for-publish.sh",
     "restore-lib": "./scripts/undo-build.sh",
     "check-types": "tsc",
+    "check-types:server": "tsc --project tsconfig.publish.json --noEmit",
     "test": "NODE_ENV=test ts-mocha './test/**/*.test.js' --exit",
     "test-coverage": "nyc npm run test",
     "test-coverage-ci": "nyc --reporter=lcovonly --reporter=text npm run test",

package-lock.json

@@ -316,6 +316,9 @@ export class ConfigLoader extends EventEmitter {
       const execOptions = {
         cwd: process.cwd(),
         env: {
+          // dont wait for credentials; the command should be sufficiently authed
+          // https://git-scm.com/docs/git#Documentation/git.txt-codeGITTERMINALPROMPTcode
+          GIT_TERMINAL_PROMPT: 'false',
           ...process.env,
           ...(source.auth?.type === 'ssh'
             ? {

package.json

@@ -1,6 +1,9 @@
 const express = require('express');
 const router = new express.Router();
 const passport = require('../passport').getPassport();
+const { getAuthMethods } = require('../../config');
+const passportLocal = require('../passport/local');
+const passportAD = require('../passport/activeDirectory');
 const authStrategies = require('../passport').authStrategies;
 const db = require('../../db');
 const { GIT_PROXY_UI_HOST: uiHost = 'http://localhost', GIT_PROXY_UI_PORT: uiPort = 3000 } =
@@ -23,25 +26,59 @@ router.get('/', (req, res) => {
   });
 });
 
-router.post('/login', passport.authenticate(authStrategies['local'].type), async (req, res) => {
-  try {
-    const currentUser = { ...req.user };
-    delete currentUser.password;
-    console.log(
-      `serivce.routes.auth.login: user logged in, username=${
-        currentUser.username
-      } profile=${JSON.stringify(currentUser)}`,
-    );
-    res.send({
-      message: 'success',
-      user: currentUser,
-    });
-  } catch (e) {
-    console.log(`service.routes.auth.login: Error logging user in ${JSON.stringify(e)}`);
-    res.status(500).send('Failed to login').end();
-    return;
+// login strategies that will work with /login e.g. take username and password
+const appropriateLoginStrategies = [passportLocal.type, passportAD.type];
+// getLoginStrategy fetches the enabled auth methods and identifies if there's an appropriate
+// auth method for username and password login. If there isn't it returns null, if there is it
+// returns the first.
+const getLoginStrategy = () => {
+  // returns only enabled auth methods
+  // returns at least one enabled auth method
+  const enabledAppropriateLoginStrategies = getAuthMethods().filter((am) =>
+    appropriateLoginStrategies.includes(am.type.toLowerCase()),
+  );
+  // for where no login strategies which work for /login are enabled
+  // just return null
+  if (enabledAppropriateLoginStrategies.length === 0) {
+    return null;
   }
-});
+  // return the first enabled auth method
+  return enabledAppropriateLoginStrategies[0].type.toLowerCase();
+};
+
+// TODO: provide separate auth endpoints for each auth strategy or chain compatibile auth strategies
+// TODO: if providing separate auth methods, inform the frontend so it has relevant UI elements and appropriate client-side behavior
+router.post(
+  '/login',
+  (req, res, next) => {
+    const authType = getLoginStrategy();
+    if (authType === null) {
+      res.status(403).send('Username and Password based Login is not enabled at this time').end();
+      return;
+    }
+    console.log('going to auth with', authType);
+    return passport.authenticate(authType)(req, res, next);
+  },
+  async (req, res) => {
+    try {
+      const currentUser = { ...req.user };
+      delete currentUser.password;
+      console.log(
+        `serivce.routes.auth.login: user logged in, username=${
+          currentUser.username
+        } profile=${JSON.stringify(currentUser)}`,
+      );
+      res.send({
+        message: 'success',
+        user: currentUser,
+      });
+    } catch (e) {
+      console.log(`service.routes.auth.login: Error logging user in ${JSON.stringify(e)}`);
+      res.status(500).send('Failed to login').end();
+      return;
+    }
+  },
+);
 
 router.get('/oidc', passport.authenticate(authStrategies['openidconnect'].type));