Skip to content

[installer] Add JWT cookie opts to config WEB-101 #17332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 24, 2023
Merged

[installer] Add JWT cookie opts to config WEB-101 #17332

merged 5 commits into from
Apr 24, 2023

Conversation

easyCZ
Copy link
Member

@easyCZ easyCZ commented Apr 23, 2023
edited by github-actions bot
Loading

Description

We want to be able to create/read cookies on both Public API and Server. For that, we should have a shared understanding of the cookie names to look for when extracting the (JWT) session.

  • Cookie Name, and opts are specified in auth.session.cookie config, used by both server and public-api

Related Issue(s)

How to test

Unit tests

Preview

  1. View
  2. Check JWT cookie is set, and the naming
  3. Check both server & public-api receive the config in their configmap

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

Build Options:

  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish Options
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer Options
  • analytics=segment
  • with-dedicated-emulation
  • with-ws-manager-mk2
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated

Preview Environment Options:

  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh

/hold

@easyCZ easyCZ requested a review from a team April 23, 2023 19:37
@github-actions github-actions bot added the team: webapp Issue belongs to the WebApp team label Apr 23, 2023
@easyCZ easyCZ changed the title [installer] Add JWT cookie name to config WEB-101 [installer] Add JWT cookie opts to config WEB-101 Apr 23, 2023
easyCZ
easyCZ commented Apr 23, 2023
View reviewed changes
install/installer/pkg/components/auth/config.go
Issuer: fmt.Sprintf("https://%s", ctx.Config.Domain),
Cookie: CookieConfig{
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This becomes the canonical place to set the JWT cookie properties across both components.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand why we need to pull this config out. But honestly, it's nothing we should configure as we need.

Would love to see a "CAUTION" comment here. Incl. some comments on the config settings, esp. highlighting the security implications. 🧡

Copy link
Member Author

@easyCZ easyCZ Apr 24, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will do. It's not exposed to the installer (as config for the installer), just a way to share the config between the components, which should limit the exposure

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added

@easyCZ easyCZ mentioned this pull request Apr 23, 2023
Closed
14 tasks
@easyCZ easyCZ force-pushed the mp/jwt-config-expiry-issuer branch from eafe2aa to bc6f64d Compare April 24, 2023 07:18
@easyCZ easyCZ force-pushed the mp/config-cookie-name branch from 42fe56c to 8b6eb2b Compare April 24, 2023 07:19
Base automatically changed from mp/jwt-config-expiry-issuer to main April 24, 2023 09:07
@roboquat roboquat added size/XL and removed size/L labels Apr 24, 2023
@easyCZ easyCZ force-pushed the mp/config-cookie-name branch from 8b6eb2b to e725cca Compare April 24, 2023 09:08
@roboquat roboquat added size/L and removed size/XL labels Apr 24, 2023
easyCZ
easyCZ commented Apr 24, 2023
View reviewed changes
install/installer/pkg/components/auth/config_test.go

import "testing"

func TestCookieNameFromDomain(t *testing.T) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Largely generated by ChatGPT, with a prompt to take the JS implementation of this and convert, including write table tests

geropl
geropl approved these changes Apr 24, 2023
View reviewed changes
Copy link
Member

@geropl geropl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works! 🎉

@easyCZ
Copy link
Member Author

easyCZ commented Apr 24, 2023

Thanks for the review!

/unhold

@roboquat roboquat merged commit 233ec94 into main Apr 24, 2023
@roboquat roboquat deleted the mp/config-cookie-name branch April 24, 2023 09:46
@easyCZ easyCZ mentioned this pull request Apr 24, 2023
Merged
14 tasks
@roboquat roboquat added deployed: webapp Meta team change is running in production deployed Change is completely running in production labels May 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geropl geropl geropl approved these changes

Assignees
No one assigned
Labels
deployed: webapp Meta team change is running in production deployed Change is completely running in production size/L team: webapp Issue belongs to the WebApp team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@easyCZ @geropl @roboquat