Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ui, sso] warn user about pending token expiry #15091

Merged
merged 11 commits into from
Nov 2, 2022
Merged

[ui, sso] warn user about pending token expiry #15091

merged 11 commits into from
Nov 2, 2022

Conversation

philrenaud
Copy link
Contributor

@philrenaud philrenaud commented Oct 31, 2022
edited
Loading

Throw a global notification when an active token is within 10 minutes of expiring, and prompt the user to re-authenticate.

These notifications pair with the tokens page changes from #15073 to resolve #15061; these notifications will be seen anyplace in the UI.

image
image
image

TODO

  • Notification tests
  • Mirage soon-expiring token

@philrenaud philrenaud self-assigned this Oct 31, 2022
philrenaud
philrenaud commented Oct 31, 2022
View reviewed changes
ui/app/services/token.js Outdated
Comment on lines 130 to 183
@task(function* () {
while (this.selfToken) {
const diff = new Date(this.selfToken.expirationTime) - new Date();
// Let the user know at the 10 minute mark,
// or any time they refresh with under 10 minutes left
if (diff < 1000 * 60 * MINUTES_LEFT_AT_WARNING) {
const existingNotification = this.flashMessages.queue?.find(
(m) => m.title === EXPIRY_NOTIFICATION_TITLE
);
// For the sake of updating the "time left" message, we keep running the task down to the moment of expiration
if (diff > 0) {
if (existingNotification) {
existingNotification.set(
'message',
`Your token access expires ${moment(
this.selfToken.expirationTime
).fromNow()}`
);
} else {
if (!this.expirationNotificationDismissed) {
this.flashMessages.add({
title: EXPIRY_NOTIFICATION_TITLE,
message: `Your token access expires ${moment(
this.selfToken.expirationTime
).fromNow()}`,
type: 'error',
destroyOnClick: false,
sticky: true,
customCloseAction: () => {
this.set('expirationNotificationDismissed', true);
},
customAction: {
label: 'Re-authenticate',
action: () => {
this.router.transitionTo('settings.tokens');
},
},
});
}
}
} else {
if (existingNotification) {
existingNotification.setProperties({
title: 'Your access has expired',
message: `Your token will need to be re-authenticated`,
});
}
this.monitorTokenTime.cancelAll(); // Stop updating time left after expiration
}
}
yield timeout(1000);
}
})
monitorTokenTime;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is using a syntax common to Nomad's front-end, inherited from Ember Concurrency. There were a few attempts to handle this using native JS async/await but, despite the large block size, this ended up feeling more streamlined.

philrenaud
philrenaud commented Oct 31, 2022
View reviewed changes
ui/app/styles/core/notifications.scss
@@ -1,3 +1,5 @@
$bonusRightPadding: 20px;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

variablizing the px-specific space we hold open for our close button

philrenaud
philrenaud commented Oct 31, 2022
View reviewed changes
ui/app/templates/application.hbs Outdated
Comment on lines 11 to 25
<span class="close-button" role="button" {{on "click" (queue (action close) (action flash.customCloseAction))}}>&times;</span>
{{#if flash.title}}
<h3>{{flash.title}}</h3>
{{/if}}
{{#if flash.message}}
<p>{{flash.message}}</p>
{{/if}}
{{#if flash.customAction}}
<button type="button" class="button custom-action-button" {{on "click" (action flash.customAction.action)}}>{{flash.customAction.label}}</button>
{{/if}}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a couple spots in our notifications for custom actions; both optional. One on close and another that appears as a button in the notification itself.

philrenaud
philrenaud commented Oct 31, 2022
View reviewed changes
ui/app/templates/settings/tokens.hbs
<div class="columns">
<div class="column">
<h3 class="title is-4">Token Failed to Authenticate</h3>
<p>The token secret you have provided does not match an existing token, or has expired.</p>
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review this file with "Hide Whitespace" enabled for the sake of sanity; this block was just moved into an ...unless of the token.isExpired block from before.

@github-actions
Copy link

github-actions bot commented Oct 31, 2022
edited
Loading

Ember Asset Size action

As of c000e5e

Files that got Bigger 🚨:

File raw gzip
nomad-ui.js +1.82 kB +415 B
nomad-ui.css +92 B +55 B

Files that stayed the same size 🤷‍:

File raw gzip
vendor.js 0 B 0 B
vendor.css 0 B 0 B

jrasell
jrasell approved these changes Nov 1, 2022
View reviewed changes
Copy link
Member

@jrasell jrasell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

would be worth adding a changelog entry for this.

Base automatically changed from 15061-ui-sso-handle-ttl-ending-gracefully to f-ui/sso November 1, 2022 23:33
@philrenaud philrenaud force-pushed the 15061-ui-sso-warn-user-about-expiry branch from 154c35d to c000e5e Compare November 1, 2022 23:37
@philrenaud philrenaud merged commit 40c821e into f-ui/sso Nov 2, 2022
@philrenaud philrenaud deleted the 15061-ui-sso-warn-user-about-expiry branch November 2, 2022 02:44
philrenaud added a commit that referenced this pull request Nov 3, 2022
@philrenaud
[ui, sso] warn user about pending token expiry (#15091)
91ae600 
* Handle error states generally

* Dont direct, just redirect

* no longer need explicit error on controller

* Linting on _blank

* Custom notification actions and shift the template to within an else block

* Lintfix

* Make the closeAction optional

* changelog

* Add a mirage token that will always expire in 11 minutes

* Test for token expiry with ember concurrency waiters

* concurrency handling for earlier test, and button redirect test
philrenaud added a commit that referenced this pull request Nov 28, 2022
@philrenaud
[ui, epic] SSO and Auth improvements (#15110)
79afeee 
* Top nav auth dropdown (#15055)

* Basic dropdown styles

* Some cleanup

* delog

* Default nomad hover state styles

* Component separation-of-concerns and acceptance tests for auth dropdown

* lintfix

* [ui, sso] Handle token expiry 500s (#15073)

* Handle error states generally

* Dont direct, just redirect

* no longer need explicit error on controller

* Redirect on token-doesnt-exist

* Forgot to import our time lib

* Linting on _blank

* Redirect tests

* changelog

* [ui, sso] warn user about pending token expiry (#15091)

* Handle error states generally

* Dont direct, just redirect

* no longer need explicit error on controller

* Linting on _blank

* Custom notification actions and shift the template to within an else block

* Lintfix

* Make the closeAction optional

* changelog

* Add a mirage token that will always expire in 11 minutes

* Test for token expiry with ember concurrency waiters

* concurrency handling for earlier test, and button redirect test

* [ui] if ACLs are disabled, remove the Sign In link from the top of the UI (#15114)

* Remove top nav link if ACLs disabled

* Change to an enabled-by-default model since you get no agent config when ACLs are disabled but you lack a token

* PR feedback addressed; down with double negative conditionals

* lintfix

* ember getter instead of ?.prop

* [SSO] Auth Methods and Mock OIDC Flow (#15155)

* Big ol first pass at a redirect sign in flow

* dont recursively add queryparams on redirect

* Passing state and code qps

* In which I go off the deep end and embed a faux provider page in the nomad ui

* Buggy but self-contained flow

* Flow auto-delay added and a little more polish to resetting token

* secret passing turned to accessor passing

* Handle SSO Failure

* General cleanup and test fix

* Lintfix

* SSO flow acceptance tests

* Percy snapshots added

* Explicitly note the OIDC test route is mirage only

* Handling failure case for complete-auth

* Leentfeex

* Tokens page styles (#15273)

* styling and moving columns around

* autofocus and enter press handling

* Styles refined

* Split up manager and regular tests

* Standardizing to a binary status state

* Serialize auth-methods response to use "name" as primary key (#15380)

* Serializer for unique-by-name

* Use @classic because of class extension
@github-actions
Copy link

github-actions bot commented Mar 3, 2023

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jrasell jrasell jrasell approved these changes

@pkazmierczak pkazmierczak Awaiting requested review from pkazmierczak

@mikenomitch mikenomitch Awaiting requested review from mikenomitch

Assignees

@philrenaud philrenaud

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@philrenaud @jrasell