From 5836eebe0756dde95c34f8471203fe0a0ed0418b Mon Sep 17 00:00:00 2001 From: Marcial Rosales Date: Thu, 20 Jun 2024 10:58:46 +0200 Subject: [PATCH] Do not expose which backend was used instead just indicate if the user is internal or not (cherry picked from commit f0adf3a2e8af4cef327c88ed30b18a1adace5ea1) --- .../rabbitmq_management/priv/www/js/global.js | 7 ++--- .../src/rabbit_mgmt_oauth_bootstrap.erl | 29 ++++++++++++------- .../src/rabbit_mgmt_format.erl | 5 ++-- 3 files changed, 23 insertions(+), 18 deletions(-) diff --git a/deps/rabbitmq_management/priv/www/js/global.js b/deps/rabbitmq_management/priv/www/js/global.js index 566f825ccb8b..c98c8028849d 100644 --- a/deps/rabbitmq_management/priv/www/js/global.js +++ b/deps/rabbitmq_management/priv/www/js/global.js @@ -710,9 +710,6 @@ function DisplayControl() { } -function is_internal_user(user) { - return user.backends.includes("rabbit_auth_backend_internal"); -} // Set up the above vars function setup_global_vars(overview) { @@ -729,9 +726,9 @@ function setup_global_vars(overview) { '
  • Cluster ' + (user_administrator ? '' + cluster_name + '' : cluster_name) + '
    • ' ); - user_name = fmt_escape_html(user.name); + user_name = fmt_escape_html(user.name); $('#header #logout').prepend( - 'User ' + (user_administrator && is_internal_user(user) ? '' + user_name + '' : user_name) + 'User ' + (user_administrator && user.is_internal_user ? '' + user_name + '' : user_name) ); var product = overview.rabbitmq_version; diff --git a/deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl b/deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl index ff7c922595b8..86c47f6b9453 100644 --- a/deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl +++ b/deps/rabbitmq_management/src/rabbit_mgmt_oauth_bootstrap.erl @@ -26,31 +26,38 @@ bootstrap_oauth(Req0, State) -> Dependencies = oauth_dependencies(), JSContent = import_dependencies(Dependencies) ++ set_oauth_settings(AuthSettings) ++ - case proplists:get_value(oauth_enabled, AuthSettings, false) of - true -> set_token_auth(Req0) ++ export_dependencies(oauth_dependencies()); - false -> export_dependencies(["oauth_initialize_if_required", "set_oauth_settings"]) - end, - {ok, cowboy_req:reply(200, #{<<"content-type">> => <<"text/javascript; charset=utf-8">>}, JSContent, Req0), State}. + set_token_auth(AuthSettings, Req0) ++ + export_dependencies(Dependencies), + {ok, cowboy_req:reply(200, #{<<"content-type">> => <<"text/javascript; charset=utf-8">>}, + JSContent, Req0), State}. set_oauth_settings(AuthSettings) -> JsonAuthSettings = rabbit_json:encode(rabbit_mgmt_format:format_nulls(AuthSettings)), ["set_oauth_settings(", JsonAuthSettings, ");"]. - -set_token_auth(Req0) -> - case application:get_env(rabbitmq_management, oauth_enabled, false) of - true -> + +set_token_auth(AuthSettings, Req0) -> + case proplists:get_value(oauth_enabled, AuthSettings, false) of + true -> case cowboy_req:parse_header(<<"authorization">>, Req0) of {bearer, Token} -> ["set_token_auth('", Token, "');"]; _ -> [] end; - false -> [] + false -> + [] end. import_dependencies(Dependencies) -> ["import {", string:join(Dependencies, ","), "} from './helper.js';"]. oauth_dependencies() -> - ["oauth_initialize_if_required", "hasAnyResourceServerReady", "oauth_initialize", "oauth_initiate", "oauth_initiateLogin", "oauth_initiateLogout", "oauth_completeLogin", "oauth_completeLogout", "set_oauth_settings"]. + ["oauth_initialize_if_required", + "hasAnyResourceServerReady", + "oauth_initialize", "oauth_initiate", + "oauth_initiateLogin", + "oauth_initiateLogout", + "oauth_completeLogin", + "oauth_completeLogout", + "set_oauth_settings"]. export_dependencies(Dependencies) -> [ io_lib:format("window.~s = ~s;", [Dep, Dep]) || Dep <- Dependencies ]. diff --git a/deps/rabbitmq_management_agent/src/rabbit_mgmt_format.erl b/deps/rabbitmq_management_agent/src/rabbit_mgmt_format.erl index a485cdb41208..0e3a6a912899 100644 --- a/deps/rabbitmq_management_agent/src/rabbit_mgmt_format.erl +++ b/deps/rabbitmq_management_agent/src/rabbit_mgmt_format.erl @@ -269,10 +269,11 @@ internal_user(User) -> {tags, tags_as_binaries(internal_user:get_tags(User))}, {limits, internal_user:get_limits(User)}]. -user(User) -> +user(User) -> [{name, User#user.username}, {tags, tags_as_binaries(User#user.tags)}, - {backends, [ Module || {Module, _} <- User#user.authz_backends]}]. + {is_internal_user, lists:any(fun({Module,_}) -> Module == rabbit_auth_backend_internal end, + User#user.authz_backends)}]. tags_as_binaries(Tags) -> [to_binary(T) || T <- Tags].