Move OIDC URL params out of env files (#1273)

kubermatic · May 30, 2019 · 57b8fbe · 57b8fbe
1 parent ce10548
commit 57b8fbe
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 38 deletions.
diff --git a/src/app/core/services/auth/auth.service.ts b/src/app/core/services/auth/auth.service.ts
@@ -4,9 +4,16 @@ import {CookieService} from 'ngx-cookie-service';
 
 import {environment} from '../../../../environments/environment';
 import {AppConfigService} from '../../../app-config.service';
+import {RandomString} from '../../../shared/functions/generate-random-string';
 
 @Injectable()
 export class Auth {
+  private readonly _nonce = RandomString(32);
+  private readonly _responseType = 'id_token';
+  private readonly _clientId = 'kubermatic';
+  private readonly _defaultScope = 'openid email profile groups';
+  private readonly _redirectUri = window.location.protocol + '//' + window.location.host + '/projects';
+
   constructor(private readonly _cookieService: CookieService, private readonly _appConfigService: AppConfigService) {
     const token = this.getTokenFromQuery();
     const nonce = this.getNonce();
@@ -24,10 +31,16 @@ export class Auth {
   }
 
   getOIDCProviderURL(): string {
-    return this._appConfigService.getConfig().oidc_provider_url &&
-            this._appConfigService.getConfig().oidc_provider_url.length > 0 ?
+    const baseUrl = this._appConfigService.getConfig().oidc_provider_url ?
         this._appConfigService.getConfig().oidc_provider_url :
         environment.oidcProviderUrl;
+
+    const scope = this._appConfigService.getConfig().oidc_provider_scope ?
+        this._appConfigService.getConfig().oidc_provider_scope :
+        this._defaultScope;
+
+    return `${baseUrl}?response_type=${this._responseType}&client_id=${this._clientId}` +
+        `&redirect_uri=${this._redirectUri}&scope=${scope}&nonce=${this._nonce}`;
   }
 
   getBearerToken(): string {

diff --git a/src/app/shared/model/Config.ts b/src/app/shared/model/Config.ts
@@ -11,6 +11,7 @@ export interface Config {
   cleanup_cluster?: boolean;
   custom_links?: CustomLink[];
   oidc_provider_url?: string;
+  oidc_provider_scope?: string;
 }
 
 export interface UserGroupConfig {

diff --git a/src/environments/environment.e2e.local.ts b/src/environments/environment.e2e.local.ts
@@ -1,10 +1,3 @@
-import {RandomString} from '../app/shared/functions/generate-random-string';
-
-const redirect_uri = window.location.protocol + '//' + window.location.host + '/projects';
-const oauth = 'http://dex.oauth:5556/auth';
-const scope: string[] = ['openid', 'email', 'profile', 'groups'];
-const nonceString = RandomString(32);
-
 export const environment = {
   name: 'dev',
   production: false,
@@ -15,6 +8,6 @@ export const environment = {
   restRoot: 'api/v1',
   restRootV3: 'api/v3',
   digitalOceanRestRoot: 'https://api.digitalocean.com/v2',
-  oidcProviderUrl: oauth + '?response_type=id_token&client_id=kubermatic&redirect_uri=' + redirect_uri +
-      '&scope=' + scope.join(' ') + '&nonce=' + nonceString,
+  oidcProviderUrl: 'http://dex.oauth:5556/auth',
+  animations: false,
 };
diff --git a/src/environments/environment.e2e.ts b/src/environments/environment.e2e.ts
@@ -1,10 +1,3 @@
-import {RandomString} from '../app/shared/functions/generate-random-string';
-
-const redirect_uri = window.location.protocol + '//' + window.location.host + '/projects';
-const oauth = 'https://dev.kubermatic.io/dex/auth';
-const scope: string[] = ['openid', 'email', 'profile', 'groups'];
-const nonceString = RandomString(32);
-
 export const environment = {
   name: 'dev',
   production: false,
@@ -15,6 +8,6 @@ export const environment = {
   restRoot: 'api/v1',
   restRootV3: 'api/v3',
   digitalOceanRestRoot: 'https://api.digitalocean.com/v2',
-  oidcProviderUrl: oauth + '?response_type=id_token&client_id=kubermatic&redirect_uri=' + redirect_uri +
-      '&scope=' + scope.join(' ') + '&nonce=' + nonceString,
+  oidcProviderUrl: 'https://dev.kubermatic.io/dex/auth',
+  animations: false,
 };
diff --git a/src/environments/environment.prod.ts b/src/environments/environment.prod.ts
@@ -1,10 +1,3 @@
-import {RandomString} from '../app/shared/functions/generate-random-string';
-
-const redirect_uri = window.location.protocol + '//' + window.location.host + '/projects';
-const oauth = window.location.protocol + '//' + window.location.host + '/dex/auth';
-const scope: string[] = ['openid', 'email', 'profile', 'groups'];
-const nonceString = RandomString(32);
-
 export const environment = {
   name: 'prod',
   production: true,
@@ -15,6 +8,6 @@ export const environment = {
   restRoot: '/api/v1',
   restRootV3: '/api/v3',
   digitalOceanRestRoot: 'https://api.digitalocean.com/v2',
-  oidcProviderUrl: oauth + '?response_type=id_token&client_id=kubermatic&redirect_uri=' + redirect_uri +
-      '&scope=' + scope.join(' ') + '&nonce=' + nonceString,
+  oidcProviderUrl: window.location.protocol + '//' + window.location.host + '/dex/auth',
+  animations: true,
 };
diff --git a/src/environments/environment.ts b/src/environments/environment.ts
@@ -3,13 +3,6 @@
 // 'ng build --env=prod' then 'environment.prod.ts' will be used instead.
 // The list of which env maps to which file can be found in 'angular-cli.json'.
 
-import {RandomString} from '../app/shared/functions/generate-random-string';
-
-const redirect_uri = window.location.protocol + '//' + window.location.host + '/projects';
-const oauth = 'https://dev.kubermatic.io/dex/auth';
-const scope: string[] = ['openid', 'email', 'profile', 'groups'];
-const nonceString = RandomString(32);
-
 export const environment = {
   name: 'dev',
   production: false,
@@ -20,6 +13,6 @@ export const environment = {
   restRoot: 'api/v1',
   restRootV3: 'api/v3',
   digitalOceanRestRoot: 'https://api.digitalocean.com/v2',
-  oidcProviderUrl: oauth + '?response_type=id_token&client_id=kubermatic&redirect_uri=' + redirect_uri +
-      '&scope=' + scope.join(' ') + '&nonce=' + nonceString,
+  oidcProviderUrl: 'https://dev.kubermatic.io/dex/auth',
+  animations: true,
 };