Custom login shib logic

myconext-gui/docker/conf/000-default.conf

@@ -18,8 +18,6 @@ RewriteCond %{REQUEST_URI} !^/actuator
 RewriteCond %{REQUEST_URI} !^/internal
 RewriteCond %{REQUEST_URI} !^/robots.txt
 RewriteCond %{REQUEST_URI} !^/config
-RewriteCond %{REQUEST_URI} !^/login
-RewriteCond %{REQUEST_URI} !^/startSSO
 RewriteCond %{REQUEST_URI} !^/fonts
 RewriteCond %{REQUEST_URI} !^/.well-known
 RewriteRule (.*) /index.html [L]
@@ -36,8 +34,6 @@ ProxyPassReverse /tiqr http://myconextserver:8080/tiqr
 ProxyPass /internal http://myconextserver:8080/internal
 ProxyPass /actuator http://myconextserver:8080/internal
 ProxyPass /robots.txt http://myconextserver:8080/robots.txt
-ProxyPass /login http://myconextserver:8080/login
-ProxyPass /startSSO http://myconextserver:8080/startSSO
 ProxyPass /config http://myconextserver:8080/config
 
 <Location />

myconext-server/src/main/java/myconext/api/LoginController.java

@@ -108,16 +108,7 @@ public LoginController(UserRepository userRepository,
 
     @GetMapping("/config")
     public Map<String, Object> config() {
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        Map<String ,Object> copyConfig = new HashMap<>(config);
-        //Can be an AnonymousAuthenticationToken with Principal=anonymousUser
-        boolean authenticated = authentication != null && authentication.isAuthenticated() && authentication.getPrincipal() instanceof User;
-        copyConfig.put("authenticated", authenticated);
-        if (authenticated ) {
-            User user = (User) authentication.getPrincipal();
-            copyConfig.put("user", user.serviceDeskSummary());
-        }
-        return copyConfig;
+        return config;
     }
 
     @GetMapping("/register")

myconext-server/src/main/java/myconext/shibboleth/ShibbolethPreAuthenticatedProcessingFilter.java

@@ -67,7 +67,10 @@ protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
         String familyName = getHeader(SHIB_SUR_NAME, request);
 
         boolean valid = Stream.of(uid, schacHomeOrganization, email, givenName, familyName).allMatch(StringUtils::hasText);
-        if (!valid) {
+        if (valid) {
+            LOG.info(String.format("Required attribute(s) present in shib headers: uid '%s', schacHomeOrganization '%s', givenName '%s', familyName '%s', email '%s'",
+                    uid, schacHomeOrganization, givenName, familyName, email));
+        } else {
             //this is the contract. See AbstractPreAuthenticatedProcessingFilter#doAuthenticate
             LOG.warn(String.format("Missing required attribute(s): uid '%s', schacHomeOrganization '%s', givenName '%s', familyName '%s', email '%s'",
                     uid, schacHomeOrganization, givenName, familyName, email));

servicedesk-gui/docker/conf/000-default.conf

@@ -19,7 +19,6 @@ RewriteCond %{REQUEST_URI} !^/actuator
 RewriteCond %{REQUEST_URI} !^/internal
 RewriteCond %{REQUEST_URI} !^/robots.txt
 RewriteCond %{REQUEST_URI} !^/config
-RewriteCond %{REQUEST_URI} !^/startSSO
 RewriteCond %{REQUEST_URI} !^/fonts
 RewriteCond %{REQUEST_URI} !^/.well-known
 RewriteRule (.*) /index.html [L]
@@ -36,7 +35,6 @@ ProxyPassReverse /tiqr http://myconextserver:8080/tiqr
 ProxyPass /internal http://myconextserver:8080/internal
 ProxyPass /actuator http://myconextserver:8080/internal
 ProxyPass /robots.txt http://myconextserver:8080/robots.txt
-ProxyPass /startSSO http://myconextserver:8080/startSSO
 ProxyPass /config http://myconextserver:8080/config
 
 <Location />
@@ -54,13 +52,17 @@ DocumentRoot "/var/www"
 </Directory>
 
 # Public endpoints
-<Location ~ "/(config|404|robots.txt)">
+<Location ~ "/(config|404|robots.txt|login)">
   Require all granted
 </Location>
 
-# <Location ~ "/(.*)">
-#   Require all granted
-# </Location>
+<LocationMatch "^/">
+  Require all granted
+</LocationMatch>
+
+<Location ~ "/login(.*)">
+  Require all granted
+</Location>
 
 <Location ~ "/internal/">
   Require all granted

servicedesk-gui/src/App.jsx

@@ -2,8 +2,7 @@ import React, {useEffect, useState} from 'react'
 import {Loader} from "@surfnet/sds";
 import './App.scss';
 import {Navigate, Route, Routes, useNavigate} from "react-router-dom";
-// import {useNavigate} from "react-router-dom";
-import {configuration, me} from "./api/index.js";
+import {me} from "./api/index.js";
 import {useAppStore} from "./stores/AppStore.js";
 import {Flash} from "./components/Flash.jsx";
 import {Header} from "./components/Header.jsx";
@@ -22,25 +21,19 @@ const App = () => {
     const navigate = useNavigate();
 
     useEffect(() => {
-        configuration().then(res => {
-            me()
-                .then(js => {
-                    console.log(JSON.stringify(js))
-                    useAppStore.setState(() => ({config: res, authenticated: res.authenticated, user: res.user}));
-                    setLoading(false);
-                    setIsAuthenticated(res.authenticated);
-                    if (res.authenticated && res.user?.serviceDeskMember) {
-                        navigate("/home")
-                    } else if (res.authenticated && !res.user)
-                        navigate("/not-found")
-                    else {
-                        navigate("/login")
-                    }
-
-            }).catch(e => {
+        me()
+            .then(res => {
+                useAppStore.setState(() => ({user: res}));
+                setLoading(false);
+                setIsAuthenticated(true);
+                if (res.serviceDeskMember) {
+                    navigate("/home");
+                } else {
+                    navigate("/not-found");
+                }
+            }).catch(() => {
                 setLoading(false);
                 navigate("/login");
-            });
         });
 
     }, []);
@@ -59,7 +52,6 @@ const App = () => {
                     <Routes>
                         <Route path="/" element={<Navigate replace to="home"/>}/>
                         <Route path="home/:tab?" element={<Home/>}/>
-                        <Route path="login" element={<Login/>}/>
                         <Route path="refresh-route/:path" element={<RefreshRoute/>}/>
                         <Route path="*" element={<NotFound/>}/>
                     </Routes>}

servicedesk-gui/src/components/Header.jsx

@@ -7,7 +7,7 @@ import {useAppStore} from "../stores/AppStore";
 import I18n from "../locale/I18n";
 
 export const Header = () => {
-    const {user, config} = useAppStore(state => state);
+    const {user} = useAppStore(state => state);
 
     return (
         <div className="header-container">
@@ -19,7 +19,6 @@ export const Header = () => {
                 </Link>
                 {user &&
                     <UserMenu user={user}
-                              config={config}
                               actions={[]}
                     />
                 }

servicedesk-gui/src/components/UserMenu.jsx

@@ -19,7 +19,7 @@ export const UserMenu = ({user}) => {
             useAppStore.setState(() => ({breadcrumbPath: []}));
             navigate("/login", {state: "force"});
             setTimeout(() =>
-                useAppStore.setState(() => ({user: null, breadcrumbPath: []})), 500);
+                useAppStore.setState(() => ({user: null, breadcrumbPath: []})), 125);
         });
     }
 

servicedesk-gui/src/pages/Login.jsx

@@ -10,7 +10,7 @@ export const Login = () => {
 
     const doLogin = () => {
         const path = window.location.origin;
-        window.location.href = `${path}/Shibboleth.sso/Login?target=/`;
+        window.location.href = `${path}/Shibboleth.sso/Login?target=/home`;
     }
 
     return (

servicedesk-gui/src/stores/AppStore.js

@@ -1,9 +1,6 @@
 import {create} from 'zustand'
 
 export const useAppStore = create(set => ({
-    authenticated: false,
-    reload: false,
-    config: {},
     user: {},
     controlCode: {},
     flash: {msg: "", className: "hide", type: "info"},