migrate oidc handling to more supported oidcc module

pluralsh · Feb 24, 2025 · 6c04cd7 · 6c04cd7
1 parent 5879bbf
commit 6c04cd7
Show file tree

Hide file tree

Showing 17 changed files with 13,843 additions and 16,595 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -84,14 +84,14 @@ jobs:
         uses: actions/cache@v3
         with:
           path: deps
-          key: ${{ runner.os }}-mix-2-${{ hashFiles('**/mix.lock') }}
-          restore-keys: ${{ runner.os }}-mix-2
+          key: ${{ runner.os }}-mix-3-${{ hashFiles('**/mix.lock') }}
+          restore-keys: ${{ runner.os }}-mix-3
       - name: Restore _build
         uses: actions/cache@v3
         with:
           path: _build
-          key: ${{ runner.os }}-mix-2-${{ hashFiles('**/mix.lock') }}
-          restore-keys: ${{ runner.os }}-mix-2
+          key: ${{ runner.os }}-mix-3-${{ hashFiles('**/mix.lock') }}
+          restore-keys: ${{ runner.os }}-mix-3
       - run: mix deps.get
       - run: mix test
       - uses: 8398a7/action-slack@v3
@@ -114,14 +114,14 @@ jobs:
         uses: actions/cache@v3
         with:
           path: deps
-          key: ${{ runner.os }}-mix-2-${{ hashFiles('**/mix.lock') }}
-          restore-keys: ${{ runner.os }}-mix-2
+          key: ${{ runner.os }}-mix-3-${{ hashFiles('**/mix.lock') }}
+          restore-keys: ${{ runner.os }}-mix-3
       - name: Restore _build
         uses: actions/cache@v3
         with:
           path: _build
-          key: ${{ runner.os }}-mix-2-${{ hashFiles('**/mix.lock') }}
-          restore-keys: ${{ runner.os }}-mix-2
+          key: ${{ runner.os }}-mix-3-${{ hashFiles('**/mix.lock') }}
+          restore-keys: ${{ runner.os }}-mix-3
       - name: get dependencies
         run: mix deps.get
       - name: update schema

diff --git a/assets/src/components/login/OauthCallback.tsx b/assets/src/components/login/OauthCallback.tsx
@@ -1,32 +1,21 @@
 import { useEffect, useRef } from 'react'
-import gql from 'graphql-tag'
 import { useLocation } from 'react-router'
 import qs from 'query-string'
-import { useMutation } from '@apollo/client'
 import { useNavigate } from 'react-router-dom'
 import { Button, Callout } from '@pluralsh/design-system'
 import { useTheme } from 'styled-components'
 
 import { GqlError } from 'components/utils/Alert'
 import LoadingIndicator from 'components/utils/LoadingIndicator'
-import { RefreshTokenFragment } from 'components/graphql/users'
 
 import { setRefreshToken, setToken } from '../../helpers/auth'
 import { localized } from '../../helpers/hostname'
 
 import { LoginPortal } from './LoginPortal'
-
-const CALLBACK = gql`
-  mutation Callback($code: String!, $redirect: String) {
-    oauthCallback(code: $code, redirect: $redirect) {
-      jwt
-      refreshToken {
-        ...RefreshTokenFragment
-      }
-    }
-  }
-  ${RefreshTokenFragment}
-`
+import {
+  OauthCallbackMutationVariables,
+  useOauthCallbackMutation,
+} from 'generated/graphql'
 
 function OAuthError({ error: { error, error_description: description } }: any) {
   return (
@@ -46,10 +35,14 @@ export function OAuthCallback() {
   const location = useLocation()
   const navigate = useNavigate()
   const theme = useTheme()
-  const { code, ...oauthError } = qs.parse(location.search)
+  const { code, state, ...oauthError } = qs.parse(location.search)
   const prevCode = useRef<any>(undefined)
-  const [mutation, { error, loading }] = useMutation(CALLBACK, {
-    variables: { code, redirect: localized('/oauth/callback') },
+  const [mutation, { error, loading }] = useOauthCallbackMutation({
+    variables: {
+      code,
+      state,
+      redirect: localized('/oauth/callback'),
+    } as OauthCallbackMutationVariables,
     onCompleted: (result) => {
       const { jwt, refreshToken } = result?.oauthCallback || {}
 

diff --git a/assets/src/generated/graphql.ts b/assets/src/generated/graphql.ts
@@ -6292,6 +6292,7 @@ export type RootMutationTypeMergeServiceArgs = {
 export type RootMutationTypeOauthCallbackArgs = {
   code: Scalars['String']['input'];
   redirect?: InputMaybe<Scalars['String']['input']>;
+  state?: InputMaybe<Scalars['String']['input']>;
 };
 
 
@@ -12123,6 +12124,15 @@ export type RefreshQueryVariables = Exact<{
 
 export type RefreshQuery = { __typename?: 'RootQueryType', refresh?: { __typename?: 'User', jwt?: string | null, id: string, pluralId?: string | null, name: string, email: string, profile?: string | null, backgroundColor?: string | null, readTimestamp?: string | null, emailSettings?: { __typename?: 'EmailSettings', digest?: boolean | null } | null, roles?: { __typename?: 'UserRoles', admin?: boolean | null } | null, personas?: Array<{ __typename?: 'Persona', id: string, name: string, description?: string | null, bindings?: Array<{ __typename?: 'PolicyBinding', id?: string | null, user?: { __typename?: 'User', id: string, name: string, email: string } | null, group?: { __typename?: 'Group', id: string, name: string } | null } | null> | null, configuration?: { __typename?: 'PersonaConfiguration', all?: boolean | null, deployments?: { __typename?: 'PersonaDeployment', addOns?: boolean | null, clusters?: boolean | null, pipelines?: boolean | null, providers?: boolean | null, repositories?: boolean | null, services?: boolean | null } | null, home?: { __typename?: 'PersonaHome', manager?: boolean | null, security?: boolean | null } | null, sidebar?: { __typename?: 'PersonaSidebar', audits?: boolean | null, kubernetes?: boolean | null, pullRequests?: boolean | null, settings?: boolean | null, backups?: boolean | null, stacks?: boolean | null } | null } | null } | null> | null } | null };
 
+export type OauthCallbackMutationVariables = Exact<{
+  code: Scalars['String']['input'];
+  redirect?: InputMaybe<Scalars['String']['input']>;
+  state?: InputMaybe<Scalars['String']['input']>;
+}>;
+
+
+export type OauthCallbackMutation = { __typename?: 'RootMutationType', oauthCallback?: { __typename?: 'User', jwt?: string | null, refreshToken?: { __typename?: 'RefreshToken', id: string, token: string, insertedAt?: string | null, updatedAt?: string | null } | null } | null };
+
 export type VulnerabilityReportTinyFragment = { __typename?: 'VulnerabilityReport', id: string, artifactUrl?: string | null, services?: Array<{ __typename?: 'ServiceVuln', service?: { __typename?: 'ServiceDeployment', name: string } | null } | null> | null, namespaces?: Array<{ __typename?: 'NamespaceVuln', namespace: string } | null> | null, summary?: { __typename?: 'VulnSummary', criticalCount?: number | null, highCount?: number | null, mediumCount?: number | null, lowCount?: number | null, unknownCount?: number | null, noneCount?: number | null } | null };
 
 export type VulnerabilityReportFragment = { __typename?: 'VulnerabilityReport', id: string, artifactUrl?: string | null, vulnerabilities?: Array<{ __typename?: 'Vulnerability', id: string, title?: string | null, description?: string | null, severity?: VulnSeverity | null, score?: number | null, primaryLink?: string | null, links?: Array<string | null> | null, target?: string | null, class?: string | null, packageType?: string | null, pkgPath?: string | null, publishedDate?: string | null, installedVersion?: string | null, fixedVersion?: string | null, lastModifiedDate?: string | null, cvssSource?: string | null, resource?: string | null, insertedAt?: string | null, updatedAt?: string | null, cvss?: { __typename?: 'CvssBundle', attackComplexity?: VulnSeverity | null, attackVector?: VulnAttackVector | null, availability?: VulnSeverity | null, confidentiality?: VulnSeverity | null, integrity?: VulnSeverity | null, privilegesRequired?: VulnSeverity | null, userInteraction?: VulnUserInteraction | null, nvidia?: { __typename?: 'Cvss', v2Score?: number | null, v2Vector?: string | null, v3Score?: number | null, v3Vector?: string | null, v40Score?: number | null, v40Vector?: string | null } | null, redhat?: { __typename?: 'Cvss', v2Score?: number | null, v2Vector?: string | null, v3Score?: number | null, v3Vector?: string | null, v40Score?: number | null, v40Vector?: string | null } | null } | null } | null> | null, services?: Array<{ __typename?: 'ServiceVuln', service?: { __typename?: 'ServiceDeployment', name: string } | null } | null> | null, namespaces?: Array<{ __typename?: 'NamespaceVuln', namespace: string } | null> | null, summary?: { __typename?: 'VulnSummary', criticalCount?: number | null, highCount?: number | null, mediumCount?: number | null, lowCount?: number | null, unknownCount?: number | null, noneCount?: number | null } | null };
@@ -26157,6 +26167,44 @@ export type RefreshQueryHookResult = ReturnType<typeof useRefreshQuery>;
 export type RefreshLazyQueryHookResult = ReturnType<typeof useRefreshLazyQuery>;
 export type RefreshSuspenseQueryHookResult = ReturnType<typeof useRefreshSuspenseQuery>;
 export type RefreshQueryResult = Apollo.QueryResult<RefreshQuery, RefreshQueryVariables>;
+export const OauthCallbackDocument = gql`
+    mutation OauthCallback($code: String!, $redirect: String, $state: String) {
+  oauthCallback(code: $code, redirect: $redirect, state: $state) {
+    jwt
+    refreshToken {
+      ...RefreshToken
+    }
+  }
+}
+    ${RefreshTokenFragmentDoc}`;
+export type OauthCallbackMutationFn = Apollo.MutationFunction<OauthCallbackMutation, OauthCallbackMutationVariables>;
+
+/**
+ * __useOauthCallbackMutation__
+ *
+ * To run a mutation, you first call `useOauthCallbackMutation` within a React component and pass it any options that fit your needs.
+ * When your component renders, `useOauthCallbackMutation` returns a tuple that includes:
+ * - A mutate function that you can call at any time to execute the mutation
+ * - An object with fields that represent the current status of the mutation's execution
+ *
+ * @param baseOptions options that will be passed into the mutation, supported options are listed on: https://www.apollographql.com/docs/react/api/react-hooks/#options-2;
+ *
+ * @example
+ * const [oauthCallbackMutation, { data, loading, error }] = useOauthCallbackMutation({
+ *   variables: {
+ *      code: // value for 'code'
+ *      redirect: // value for 'redirect'
+ *      state: // value for 'state'
+ *   },
+ * });
+ */
+export function useOauthCallbackMutation(baseOptions?: Apollo.MutationHookOptions<OauthCallbackMutation, OauthCallbackMutationVariables>) {
+        const options = {...defaultOptions, ...baseOptions}
+        return Apollo.useMutation<OauthCallbackMutation, OauthCallbackMutationVariables>(OauthCallbackDocument, options);
+      }
+export type OauthCallbackMutationHookResult = ReturnType<typeof useOauthCallbackMutation>;
+export type OauthCallbackMutationResult = Apollo.MutationResult<OauthCallbackMutation>;
+export type OauthCallbackMutationOptions = Apollo.BaseMutationOptions<OauthCallbackMutation, OauthCallbackMutationVariables>;
 export const VulnerabilityReportsDocument = gql`
     query VulnerabilityReports($clusters: [ID], $namespaces: [String], $q: String, $grade: VulnReportGrade, $first: Int, $after: String) {
   vulnerabilityReports(
@@ -26600,7 +26648,8 @@ export const namedOperations = {
     ConsumeSecret: 'ConsumeSecret',
     UpdateUser: 'UpdateUser',
     CreateInvite: 'CreateInvite',
-    Logout: 'Logout'
+    Logout: 'Logout',
+    OauthCallback: 'OauthCallback'
   },
   Subscription: {
     AIChatStream: 'AIChatStream',

diff --git a/assets/src/graph/users.graphql b/assets/src/graph/users.graphql
@@ -181,3 +181,12 @@ query Refresh($token: String!) {
     jwt
   }
 }
+
+mutation OauthCallback($code: String!, $redirect: String, $state: String) {
+  oauthCallback(code: $code, redirect: $redirect, state: $state) {
+    jwt
+    refreshToken {
+      ...RefreshToken
+    }
+  }
+}
diff --git a/config/config.exs b/config/config.exs
@@ -14,7 +14,7 @@ config :botanist,
 config :piazza_core,
   shutdown_delay: 60 * 1000
 
-config :console, :oidc_providers, :ignore
+config :console, :oidc_providers, []
 config :console,
     plural_login: false