Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Token validity check #1103

Merged
merged 6 commits into from
Oct 1, 2021
Merged

feat: Token validity check #1103

merged 6 commits into from
Oct 1, 2021

Conversation

metlos
Copy link
Contributor

@metlos metlos commented Sep 30, 2021

What does this PR do?

This adds a check for token validity on OpenShift in native user mode. This prevents the unauthenticated traffic from even reaching the endpoints backed by the gateway. Note that the workspace endpoints handled by the gateway already contain similar configuration. This PR adds it also to the authenticated server endpoints, like /api. The unauthenticated endpoints like /devfile-registry are not affected.

Screenshot/screencast of this PR

N/A

What issues does this PR fix or reference?

eclipse-che/che#20304

How to test this PR?

Follow the instructions on the above mentioned issue. Instead of 500, the server should now return 401 Unauthorized HTTP status code.

PR Checklist

As the author of this Pull Request I made sure that:

Reviewers

Reviewers, please comment how you tested the PR when approving it.

@openshift-ci
Copy link

openshift-ci bot commented Sep 30, 2021

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@metlos
use the correct yaml parser. I mean...
bcd7cb4 
Thanks to @sparkoo for spotting this. I would have never found this...
@metlos metlos changed the title Token validity check feat: Token validity check Sep 30, 2021
@metlos metlos marked this pull request as ready for review September 30, 2021 10:40
@openshift-ci openshift-ci bot added the lgtm label Sep 30, 2021
@metlos
Copy link
Contributor Author

metlos commented Sep 30, 2021

/retest

@openshift-ci
Copy link

openshift-ci bot commented Sep 30, 2021

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: metlos, sparkoo, tolusha

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@sparkoo
Copy link
Member

sparkoo commented Sep 30, 2021

/retest

@metlos metlos merged commit 1af912b into eclipse-che:main Oct 1, 2021
@che-bot che-bot added this to the 7.38 milestone Oct 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sparkoo sparkoo sparkoo approved these changes

@tolusha tolusha tolusha approved these changes

@AndrienkoAleksandr AndrienkoAleksandr Awaiting requested review from AndrienkoAleksandr

@flacatus flacatus Awaiting requested review from flacatus

@mmorhun mmorhun Awaiting requested review from mmorhun

@nickboldt nickboldt Awaiting requested review from nickboldt

Assignees

@sparkoo sparkoo

@tolusha tolusha

Labels
lgtm
Projects
None yet
Milestone
7.38
Development

Successfully merging this pull request may close these issues.
4 participants
@metlos @sparkoo @tolusha @che-bot