From d9826a34d8464253ac9ebd7ab8308740dfc403e9 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Sat, 28 Sep 2024 02:15:04 +0200 Subject: [PATCH] #862 --- web/.env | 10 ++++++++++ web/src/core/bootstrap.ts | 8 +++++++- web/src/env.ts | 15 +++++++++++++++ web/src/ui/App/App.tsx | 3 ++- web/src/vite-env.d.ts | 1 + 5 files changed, 35 insertions(+), 2 deletions(-) diff --git a/web/.env b/web/.env index 441c75d17..087883db5 100644 --- a/web/.env +++ b/web/.env @@ -745,6 +745,16 @@ DISABLE_PERSONAL_INFOS_INJECTION_IN_GROUP=false # DISABLE_AUTO_LAUNCH=false +# This parameter enables you to make it so that when users access your Onyxia instance +# and they are not authenticated they are redirected to the login page automatically, +# without being able to browse the homepage and the catalog of services anonymously. +# +# Type: "true" or "false" +# +# Default: false (users can browse the homepage and the catalog without being authenticated) +# +AUTH_GLOBALLY_REQUIRED=false + # In the Data Explorer helper text there's a link to a sample dataset. # You can customize the URL of this dataset with this parameter. diff --git a/web/src/core/bootstrap.ts b/web/src/core/bootstrap.ts index 2d45cbcda..b183c6156 100644 --- a/web/src/core/bootstrap.ts +++ b/web/src/core/bootstrap.ts @@ -28,6 +28,7 @@ type ParamsOfBootstrapCore = { isCommandBarEnabledByDefault: boolean; quotaWarningThresholdPercent: number; quotaCriticalThresholdPercent: number; + isAuthGloballyRequired: boolean; }; export type Context = { @@ -45,7 +46,7 @@ export type Core = GenericCore; export async function bootstrapCore( params: ParamsOfBootstrapCore ): Promise<{ core: Core }> { - const { apiUrl, transformUrlBeforeRedirectToLogin } = params; + const { apiUrl, transformUrlBeforeRedirectToLogin, isAuthGloballyRequired } = params; const isSandboxEnvironment = apiUrl === ""; @@ -136,6 +137,11 @@ export async function bootstrapCore( }); })(); + if (isAuthGloballyRequired && !oidc.isUserLoggedIn) { + await oidc.login({ "doesCurrentHrefRequiresAuth": true }); + // NOTE: Never reached + } + const context: Context = { "paramsOfBootstrapCore": params, oidc, diff --git a/web/src/env.ts b/web/src/env.ts index 4303eb0cd..b7644915c 100644 --- a/web/src/env.ts +++ b/web/src/env.ts @@ -892,6 +892,21 @@ export const { env, injectTransferableEnvsInQueryParams } = createParsedEnvs([ return envValue === "true"; } }, + { + "envName": "AUTH_GLOBALLY_REQUIRED", + "isUsedInKeycloakTheme": false, + "validateAndParseOrGetDefault": ({ envValue, envName }) => { + + const possibleValues = ["true", "false"]; + + assert( + possibleValues.indexOf(envValue) >= 0, + `${envName} should either be ${possibleValues.join(" or ")}` + ); + + return envValue === "true"; + } + }, { "envName": "HEADER_HIDE_ONYXIA", "isUsedInKeycloakTheme": false, diff --git a/web/src/ui/App/App.tsx b/web/src/ui/App/App.tsx index 085374bba..3d0c3a7ae 100644 --- a/web/src/ui/App/App.tsx +++ b/web/src/ui/App/App.tsx @@ -62,7 +62,8 @@ const { CoreProvider } = createCoreProvider({ "disablePersonalInfosInjectionInGroup": env.DISABLE_PERSONAL_INFOS_INJECTION_IN_GROUP, "isCommandBarEnabledByDefault": !env.DISABLE_COMMAND_BAR, "quotaWarningThresholdPercent": env.QUOTA_WARNING_THRESHOLD * 100, - "quotaCriticalThresholdPercent": env.QUOTA_CRITICAL_THRESHOLD * 100 + "quotaCriticalThresholdPercent": env.QUOTA_CRITICAL_THRESHOLD * 100, + "isAuthGloballyRequired": env.AUTH_GLOBALLY_REQUIRED }); export default function App() { diff --git a/web/src/vite-env.d.ts b/web/src/vite-env.d.ts index 0e3749077..3cb5f6895 100644 --- a/web/src/vite-env.d.ts +++ b/web/src/vite-env.d.ts @@ -48,6 +48,7 @@ type ImportMetaEnv = { DISABLE_COMMAND_BAR: string DISABLE_PERSONAL_INFOS_INJECTION_IN_GROUP: string DISABLE_AUTO_LAUNCH: string + AUTH_GLOBALLY_REQUIRED: string SAMPLE_DATASET_URL: string QUOTA_WARNING_THRESHOLD: string QUOTA_CRITICAL_THRESHOLD: string