WIP: fix: Add studio login check to ensure authenticated #2335
Conversation
This PoC avoids authentication errors in the case where the LMS is logged in, but Studio is not yet authenticated. Private-ref: https://tasks.opencraft.com/browse/BB-9549
|
Thanks for the pull request, @samuelallan72! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. 🔘 Update the status of your PRYour PR is currently marked as a draft. After completing the steps above, update its status by clicking "Ready for Review", or removing "WIP" from the title, as appropriate. Where can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
openedx-webhooks
added
the
open-source-contribution
|
Hi @samuelallan72 - thanks for this contribution! Please let me know if you have any questions regarding submitting a CLA form. Thanks! |
mphilbrick211
added
the
needs test run
mphilbrick211
moved this from Needs Triage
to Needs Tests Run or CLA Signed
in Contributions
|
@mphilbrick211 Samuel recently joined OpenCraft and should be part of our CLA. |
Thanks, @bradenmacdonald and welcome, @samuelallan72! |
| const studioBaseUrl = getConfig().STUDIO_BASE_URL; | ||
| // hacky try/catch with xblock handler as a PoC | ||
| try { | ||
| const url = `${studioBaseUrl }/xblock/`; |
There was a problem hiding this comment.
Is anyone aware of an appropriate cms api endpoint we can call here to check if the user is logged in? It needs to be a readonly (get) request that will return something we can use to check - eg. a 403 if the user isn't logged in.
The /xblock/ endpoint is not good for this purpose, but it's used here in the PoC because it redirects to the login page and the request fails with the CORS error if we're not logged in, otherwise it will return something.
There was a problem hiding this comment.
Would it be reasonable to add such an api endpoint to the CMS if one doesn't already exist?
Or we may need to look at other methods, such as checking for a valid studio_session_id cookie locally(?).
There was a problem hiding this comment.
Authentication is supposed to be abstracted away by frontend-platform so I'd look there for a relevant JS API method, or add one if it doesn't exist (checkAuthStatus() ?).
There was a problem hiding this comment.
But also there's what I said on the other issue - a cookie should not be required for our MFEs. All APIs should accept a JWT token as auth, and it's easy to check if the JWT is expired or not. If a given API is not accepting a JWT, it should be fixed upstream or we should change to use a proper API endpoint. This would also solve the fake CORS errors, because proper API endpoints will not mask a 403 error with a CORS error.
There was a problem hiding this comment.
I'd look there for a relevant JS API method, or add one if it doesn't exist (checkAuthStatus() ?).
I did check there, and found that it does have the method for this, which is called in the init phase if requireAuthenticatedUser is true. However, that appears to go through the LMS, and it uses the login_refresh endpoint to refresh the JWT. This endpoint does actually exist on the CMS - but if that's for setting the JWT, and if the JWT is shared between the LMS and CMS, and we should be updating the CMS APIs to use JWTs, then it shouldn't be needed at all. I think. I need to learn more about how auth is set up here. :)
mphilbrick211
removed
the
needs test run
mphilbrick211
moved this from Needs Tests Run or CLA Signed
to Waiting on Author
in Contributions
Description
Avoid authentication errors in the case where the LMS is logged in, but Studio is not yet authenticated.
Fixes: #1080
Supporting information
Private-ref: https://tasks.opencraft.com/browse/BB-9549
Testing instructions
Other information
See also #1080 (comment) . There may be alternate or better methods of implementing this.
Best Practices Checklist
We're trying to move away from some deprecated patterns in this codebase. Please
check if your PR meets these recommendations before asking for a review:
.ts,.tsx).propTypes,defaultProps, andinjectIntlpatterns are not used in any new or modified code.src/testUtils.tsx(specificallyinitializeMocks)apiHooks.tsin this repo for examples.messages.tsfiles have adescriptionfor translators to use.../. To import from parent folders, use@src, e.g.import { initializeMocks } from '@src/testUtils';instead offrom '../../../../testUtils'