Merge branch 'main' into 1150-vitest-migration-from-service

Author: jescalada

config.schema.json

@@ -7,7 +7,7 @@
   "properties": {
     "proxyUrl": {
       "type": "string",
-      "description": "Used in early versions of git proxy to configure the remote host that traffic is proxied to. In later versions, the repository URL is used to determine the domain proxied, allowing multiple hosts to be proxied by one instance.",
+      "description": "Deprecated: Used in early versions of git proxy to configure the remote host that traffic is proxied to. In later versions, the repository URL is used to determine the domain proxied, allowing multiple hosts to be proxied by one instance.",
       "deprecated": true
     },
     "cookieSecret": { "type": "string" },
@@ -27,19 +27,34 @@
                 "https://somedomain.com/some/path/checkUserGroups?domain=<domain>&name=<name>&id=<id>"
               ]
             }
-          }
+          },
+          "additionalProperties": false
         },
         "github": {
           "type": "object",
+          "description": "Deprecated: Defunct property that was used to provide the API URL for GitHub. No longer referenced in the codebase.",
           "properties": {
             "baseUrl": {
               "type": "string",
               "format": "uri",
-              "examples": ["https://api.github.com"]
+              "examples": ["https://api.github.com"],
+              "deprecated": true
             }
+          },
+          "additionalProperties": false
+        },
+        "gitleaks": {
+          "type": "object",
+          "description": "Configuration for the gitleaks (https://github.com/gitleaks/gitleaks) plugin",
+          "properties": {
+            "enabled": { "type": "boolean" },
+            "ignoreGitleaksAllow": { "type": "boolean" },
+            "noColor": { "type": "boolean" },
+            "configPath": { "type": "string" }
           }
         }
-      }
+      },
+      "additionalProperties": false
     },
     "commitConfig": {
       "description": "Enforce rules and patterns on commits including e-mail and message",

cypress/e2e/login.cy.js

@@ -40,18 +40,4 @@ describe('Login page', () => {
       .should('be.visible')
       .and('contain', 'You entered an invalid username or password...');
   });
-
-  describe('OIDC login button', () => {
-    it('should exist', () => {
-      cy.get('[data-test="oidc-login"]').should('exist');
-    });
-
-    // Validates that OIDC is configured correctly
-    it('should redirect to /oidc', () => {
-      // Set intercept first, since redirect on click can be quick
-      cy.intercept('GET', '/api/auth/oidc').as('oidcRedirect');
-      cy.get('[data-test="oidc-login"]').click();
-      cy.wait('@oidcRedirect');
-    });
-  });
 });

src/config/generated/config.ts

@@ -63,9 +63,9 @@ export interface GitProxyConfig {
    */
   privateOrganizations?: any[];
   /**
-   * Used in early versions of git proxy to configure the remote host that traffic is proxied
-   * to. In later versions, the repository URL is used to determine the domain proxied,
-   * allowing multiple hosts to be proxied by one instance.
+   * Deprecated: Used in early versions of git proxy to configure the remote host that traffic
+   * is proxied to. In later versions, the repository URL is used to determine the domain
+   * proxied, allowing multiple hosts to be proxied by one instance.
    */
   proxyUrl?: string;
   /**
@@ -108,18 +108,39 @@ export interface GitProxyConfig {
  * Third party APIs
  */
 export interface API {
+  /**
+   * Deprecated: Defunct property that was used to provide the API URL for GitHub. No longer
+   * referenced in the codebase.
+   */
   github?: Github;
+  /**
+   * Configuration for the gitleaks (https://github.com/gitleaks/gitleaks) plugin
+   */
+  gitleaks?: Gitleaks;
   /**
    * Configuration used in conjunction with ActiveDirectory auth, which relates to a REST API
    * used to check user group membership, as opposed to direct querying via LDAP.<br />If this
    * configuration is set direct querying of group membership via LDAP will be disabled.
    */
   ls?: Ls;
-  [property: string]: any;
 }
 
+/**
+ * Deprecated: Defunct property that was used to provide the API URL for GitHub. No longer
+ * referenced in the codebase.
+ */
 export interface Github {
   baseUrl?: string;
+}
+
+/**
+ * Configuration for the gitleaks (https://github.com/gitleaks/gitleaks) plugin
+ */
+export interface Gitleaks {
+  configPath?: string;
+  enabled?: boolean;
+  ignoreGitleaksAllow?: boolean;
+  noColor?: boolean;
   [property: string]: any;
 }
 
@@ -139,7 +160,6 @@ export interface Ls {
    * membership of.</li><li>"&lt;id&gt;": The username to check group membership for.</li></ul>
    */
   userInADGroup?: string;
-  [property: string]: any;
 }
 
 /**
@@ -540,12 +560,22 @@ const typeMap: any = {
   API: o(
     [
       { json: 'github', js: 'github', typ: u(undefined, r('Github')) },
+      { json: 'gitleaks', js: 'gitleaks', typ: u(undefined, r('Gitleaks')) },
       { json: 'ls', js: 'ls', typ: u(undefined, r('Ls')) },
     ],
+    false,
+  ),
+  Github: o([{ json: 'baseUrl', js: 'baseUrl', typ: u(undefined, '') }], false),
+  Gitleaks: o(
+    [
+      { json: 'configPath', js: 'configPath', typ: u(undefined, '') },
+      { json: 'enabled', js: 'enabled', typ: u(undefined, true) },
+      { json: 'ignoreGitleaksAllow', js: 'ignoreGitleaksAllow', typ: u(undefined, true) },
+      { json: 'noColor', js: 'noColor', typ: u(undefined, true) },
+    ],
     'any',
   ),
-  Github: o([{ json: 'baseUrl', js: 'baseUrl', typ: u(undefined, '') }], 'any'),
-  Ls: o([{ json: 'userInADGroup', js: 'userInADGroup', typ: u(undefined, '') }], 'any'),
+  Ls: o([{ json: 'userInADGroup', js: 'userInADGroup', typ: u(undefined, '') }], false),
   AuthenticationElement: o(
     [
       { json: 'enabled', js: 'enabled', typ: true },

src/service/routes/auth.ts

@@ -73,6 +73,18 @@ const loginSuccessHandler = () => async (req: Request, res: Response) => {
   }
 };
 
+router.get('/config', (req, res) => {
+  const usernamePasswordMethod = getLoginStrategy();
+  res.send({
+    // enabled username /password auth method
+    usernamePasswordMethod: usernamePasswordMethod,
+    // other enabled auth methods
+    otherMethods: getAuthMethods()
+      .map((am) => am.type.toLowerCase())
+      .filter((authType) => authType !== usernamePasswordMethod),
+  });
+});
+
 // TODO: provide separate auth endpoints for each auth strategy or chain compatibile auth strategies
 // TODO: if providing separate auth methods, inform the frontend so it has relevant UI elements and appropriate client-side behavior
 router.post(
@@ -89,9 +101,9 @@ router.post(
   loginSuccessHandler(),
 );
 
-router.get('/oidc', passport.authenticate(authStrategies['openidconnect'].type));
+router.get('/openidconnect', passport.authenticate(authStrategies['openidconnect'].type));
 
-router.get('/oidc/callback', (req: Request, res: Response, next: NextFunction) => {
+router.get('/openidconnect/callback', (req: Request, res: Response, next: NextFunction) => {
   passport.authenticate(authStrategies['openidconnect'].type, (err: any, user: any, info: any) => {
     if (err) {
       console.error('Authentication error:', err);

src/ui/services/auth.js

@@ -32,7 +32,7 @@ export const getAxiosConfig = () => {
   return {
     withCredentials: true,
     headers: {
-      'X-CSRF-TOKEN': getCookie('csrf'),
+      'X-CSRF-TOKEN': getCookie('csrf') || '',
       Authorization: jwtToken ? `Bearer ${jwtToken}` : undefined,
     },
   };
@@ -43,9 +43,9 @@ export const getAxiosConfig = () => {
  * @param {Object} error - The error object
  * @return {string} The error message
  */
-export const processAuthError = (error) => {
+export const processAuthError = (error, jwtAuthEnabled = false) => {
   let errorMessage = `Failed to authorize user: ${error.response.data.trim()}. `;
-  if (!localStorage.getItem('ui_jwt_token')) {
+  if (jwtAuthEnabled && !localStorage.getItem('ui_jwt_token')) {
     errorMessage +=
       'Set your JWT token in the settings page or disable JWT auth in your app configuration.';
   } else {