Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(admin-ui): update token script should reject the tampered user-info-jwt #1960

Merged
merged 4 commits into from
Jan 7, 2025
Merged

fix(admin-ui): update token script should reject the tampered user-info-jwt #1960

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cf96770
update token script should reject the tampered user-info-jwt
mjatin-dev Jan 5, 2025
a93bea8
resolve sonar qube issues
mjatin-dev Jan 5, 2025
1e0e4d1
show alert when token expored
mjatin-dev Jan 6, 2025
5a6358c
Merge branch 'main' into admin-ui-issue-1952
mjatin-dev Jan 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion admin-ui/app/locales/en/translation.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,10 @@
"config_api_status":"Config API Status",
"key_cloak":"Keycloak",
"jans_lock":"Jans Lock",
"jans_link":"Jans Link"
"jans_link":"Jans Link",
"access_denied":"Access Denied",
"access_denied_message":"You do not have permission to access this page",
"access_contact_admin":"Please contact your administrator for more information"
},
"fields": {
"access_token_signing_alg": "JWS alg for signing",
Expand Down
8 changes: 5 additions & 3 deletions admin-ui/app/locales/fr/translation.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,10 @@
"config_api_status": "État de l'API de configuration",
"key_cloak": "Keycloak",
"jans_lock": "Jans Lock",
"jans_link": "Lien Jans"
"jans_link": "Lien Jans",
"access_denied":"Accès refusé",
"access_denied_message":"Vous n'êtes pas autorisé à accéder à cette page",
"access_contact_admin":"Veuillez contacter l'administrateur pour obtenir de l'aide"
},
"menus": {
"adminui": "Administratrice",
Expand Down Expand Up @@ -104,8 +107,7 @@
"customer_backend_key_attributes": "Clé/attributs du backend client",
"source_backend_ldap_servers": "Serveurs LDAP dorsaux sources",
"inum_db_server": "Serveur de base de données Inum",
"static_configuration": "Configuration statique",
"dynamic_configuration": "Configuration dynamique"
"static_configuration": "Configuration statique"
},
"actions": {
"accept": "J'accepte",
Expand Down
8 changes: 5 additions & 3 deletions admin-ui/app/locales/pt/translation.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,10 @@
"config_api_status": "Status da API de configuração",
"key_cloak": "Keycloak",
"jans_lock": "Jans Lock",
"jans_link": "Link Jans"
"jans_link": "Link Jans",
"access_denied":"Acesso negado",
"access_denied_message":"Entre em contato com o administrador para obter ajuda",
"access_contact_admin":"Se você acha que isso é um erro, entre em contato com o administrador"
},
"menus": {
"adminui": "Admin",
Expand Down Expand Up @@ -102,8 +105,7 @@
"customer_backend_key_attributes": "Chave/atributos de back-end do cliente",
"source_backend_ldap_servers": "Servidores LDAP de back-end de origem",
"inum_db_server": "Servidor DB Inum",
"static_configuration": "Configuração estática",
"dynamic_configuration": "Configuração Dinâmica"
"static_configuration": "Configuração estática"
},
"actions": {
"accept": "Aceitar",
Expand Down
56 changes: 56 additions & 0 deletions admin-ui/app/routes/Apps/Gluu/GluuPermissionModal.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
import React from "react";
import { useTranslation } from "react-i18next";
import { Button, Modal, ModalBody, ModalFooter, ModalHeader } from "reactstrap";
import PropTypes from 'prop-types'

const GluuPermissionModal = ({ handler, isOpen }) => {
const { t } = useTranslation();

return (
<div>
<Modal
centered
isOpen={isOpen}
style={{ minWidth: "45vw" }}
toggle={handler}
className="modal-outline-primary"
backdrop="static"
>
<ModalHeader>
<i className="bi bi-shield-lock" /> {t("dashboard.access_denied")}
</ModalHeader>
<ModalBody className="text-center">
<p className="text-muted">
🚫 <strong>{t("dashboard.access_denied_message")}</strong>
</p>
<p>{t("dashboard.access_contact_admin")}</p>
</ModalBody>
<ModalFooter>
<Button
className="d-flex align-items-center"
onClick={handler}
>
{t("menus.signout")}
</Button>
</ModalFooter>
</Modal>

{/* Scoped CSS inside the component */}
<style>
{`
.modal {
background: #000 !important;
}
`}
</style>
</div>
);
};


GluuPermissionModal.propTypes = {
handler: PropTypes.func,
isOpen: PropTypes.bool,
}

export default GluuPermissionModal;
36 changes: 24 additions & 12 deletions admin-ui/app/routes/Dashboards/DashboardPage.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,13 @@ import UsersIcon from "Components/SVG/menu/Users";
import Administrator from "Components/SVG/menu/Administrator";
import OAuthIcon from "Components/SVG/menu/OAuth";
import { getHealthServerStatus } from "../../redux/features/healthSlice";
import GluuPermissionModal from "Routes/Apps/Gluu/GluuPermissionModal";
import { auditLogoutLogs } from "../../../plugins/user-management/redux/features/userSlice";
import { useNavigate } from "react-router";

function DashboardPage() {
const { t } = useTranslation();
const navigate = useNavigate();
const isTabletOrMobile = useMediaQuery({ query: "(max-width: 1224px)" });
const breakDashboardCard = useMediaQuery({ query: "(max-width: 1424px)" });
const isMobile = useMediaQuery({ maxWidth: 767 });
Expand Down Expand Up @@ -80,20 +84,22 @@ function DashboardPage() {
}, [statData]);

useEffect(() => {
if (Object.keys(license).length === 0 && access_token) {
if (Object.keys(license).length === 0 && access_token && hasBoth(permissions, STAT_READ, STAT_JANS_READ)) {
getLicense();
}
}, [access_token, license]);

useEffect(() => {
if (clients.length === 0 && access_token) {
if (clients.length === 0 && access_token && hasBoth(permissions, STAT_READ, STAT_JANS_READ)) {
buildPayload(userAction, "Fetch openid connect clients", {});
dispatch(getClients({ action: userAction }));
}
}, [access_token, clients]);

useEffect(() => {
if (access_token) {

if (access_token && hasBoth(permissions, STAT_READ, STAT_JANS_READ)) {
console.log("access_token", access_token,hasBoth(permissions, STAT_READ, STAT_JANS_READ));
getServerStatus();
buildPayload(userAction, "GET Health Status", { service: "all" });
dispatch(getHealthServerStatus({ action: userAction }));
Expand Down Expand Up @@ -289,14 +295,27 @@ function DashboardPage() {
);
}, [serverStatus, serverHealth, dbStatus, t, statusDetails, classes]);

const handleLogout = () => {
if(access_token){
dispatch(auditLogoutLogs({ message: "Logging out due to insufficient permissions for Admin UI access." }));
}
else navigate("/logout")

};

return (
<GluuLoader blocking={loading}>
<GluuPermissionModal
handler={() => {
handleLogout();
}}
isOpen={!access_token || !hasBoth(permissions, STAT_READ, STAT_JANS_READ)}
/>
<GluuViewWrapper
canShow={hasBoth(permissions, STAT_READ, STAT_JANS_READ)}
>
<div className={classes.root}>
<Grid container className="px-40 h-100" spacing={2}>

<Grid item lg={3} md={12} xs={12} height="auto">
<div
className={classes.userInfoTitle}
Expand Down Expand Up @@ -336,13 +355,7 @@ function DashboardPage() {
{StatusCard}
</Grid>

<Grid
item
lg={4}
md={12}
xs={12}

>
<Grid item lg={4} md={12} xs={12}>
<Paper
className={`${classes.dashboardCard} top-minus-40 d-flex justify-content-center`}
elevation={0}
Expand Down Expand Up @@ -396,7 +409,6 @@ function DashboardPage() {
</Grid>
</Paper>
</Grid>

</Grid>

<Grid container className={`px-40`}>
Expand Down
Loading