Previously, the server just hijacked the super admin context in order to
get raw access to the underlying data stores, this introduces a way to
specify the it is explicitly the server making the request and no longer
hijack the super admin context.
This also adds test coverage to ensure that the correct values are being
set on context in the AuthorizedUser method.
SuperAdmin is not a role type, but it a status of a user that is
tangentially related to a users role in an organization. This renames
the variable to reflect that difference.
JWTs will only life five minutes into the future. Any time
the server receives an authenicated request, the JWT's expire at
will be extended into the future.
* User can now set oauth cookie session duration via the CLI to any duration or to expire on browser close
* Refactor GET 'me' into heartbeat at constant interval
* Add ping route to all routes
* Add /chronograf/v1/ping endpoint for server status
* Refactor cookie generation to use an interface
* WIP adding refreshable tokens
* Add reminder to review index.js Login error handling
* Refactor Authenticator interface to accommodate cookie duration and logout delay
* Update make run-dev to be more TICKStack compliant
* Remove heartbeat/logout duration from authentication
* WIP Refactor tests to accommodate cookie and auth refactor
* Update oauth2 tests to newly refactored design
* Update oauth provider tests
* Remove unused oauth2/consts.go
* Move authentication middleware to server package
* Fix authentication comment
* Update authenication documentation to mention AUTH_DURATION
* Update /chronograf/v1/ping to simply return 204
* Fix Makefile run-dev target
* Remove spurious ping route
* Update auth docs to clarify authentication duration
* Revert "Refactor GET 'me' into heartbeat at constant interval"
This reverts commit 298a8c47e1431720d9bd97a9cb853744f04501a3.
Conflicts:
ui/src/index.js
* Add auth test for JWT signing method
* Add comments for why coverage isn't written for some areas of jwt code
* Update auth docs to explicitly mention how to require re-auth for all users on server restart
* Add Duration to Validation interface for Tokens
* Make auth duration of zero yield a everlasting token
* Revert "Revert "Refactor GET 'me' into heartbeat at constant interval""
This reverts commit b4773c15afe4fcd227ad88aa9d5686beb6b0a6cd.
* Rename http status constants and add FORBIDDEN
* Heartbeat only when logged in, notify user if heartbeat fails
* Update changelog
* Fix minor word semantics
* Update oauth2 tests to be in the oauth2_test package
* Add check at compile time that JWT implements Tokenizer
* Rename CookieMux to AuthMux for consistency with earlier refactor
* Fix logout middleware
* Fix logout button not showing due to obsolete data shape expectations
* Update changelog
* Fix proptypes for logout button data shape in SideNav
Created an oauth2 package which encapsulates all oauth2 providers,
utility functions, types, and interfaces. Previously some methods of the
Github provider were used as http.HandlerFuncs. These have now been
pulled into a concrete type called a JWTMux to implement other Oauth2
providers.
JWTMux has all of the functionality required to take a token from any
provider and store it as a JWT in a browser, and that is the extent of
its responsibilities. It implements the oauth2.Mux interface which would
potentially allow other strategies of oauth2 credential storage.
Michael Desa
Jared Scheib
Chris Goller
Jared Scheib
Tim Raymond