feat(login): add flag to skip MAS-SSO login (#477)

redhat-developer · Mar 24, 2021 · be6a842 · be6a842
1 parent 4460938
commit be6a842
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 7 deletions.
diff --git a/cmd/rhoas/pkged.go b/cmd/rhoas/pkged.go
diff --git a/docs/commands/rhoas_login.adoc b/docs/commands/rhoas_login.adoc
@@ -36,6 +36,7 @@ $ rhoas login --print-sso-url
       --mas-auth-url string   The URL of the MAS-SSO Authentication server. (default "https://keycloak-edge-redhat-rhoam-user-sso.apps.mas-sso-stage.1gzl.s1.devshift.org/auth/realms/mas-sso-staging")
       --print-sso-url         Prints the console login URL, which you can use to log in to RHOAS from a different web browser. This is useful if you need to log in with different credentials than the credentials you used in your default web browser.
       --scope stringArray     Override the default OpenID scope. To specify multiple scopes, use a separate --scope for each scope. (default [openid])
+      --skip-mas-login        Skip logging in to MAS-SSO
   -t, --token string          Allows you to log in using an offline token, which can be obtained at https://cloud.redhat.com/openshift/token.
 ....
 

diff --git a/locales/cmd/login/active.en.toml b/locales/cmd/login/active.en.toml
@@ -55,6 +55,10 @@ one = "Prints the console login URL, which you can use to log in to RHOAS from a
 description = 'Description for the --scope flag'
 one = 'Override the default OpenID scope. To specify multiple scopes, use a separate --scope for each scope.'
 
+[login.flag.skipMasSSOLogin]
+description = 'Description for the --skip-mas-login flag'
+one = 'Skip logging in to MAS-SSO'
+
 [login.redirectPage.title]
 description = 'Title for the RHOAS login redirect webpage'
 one = 'Welcome to RHOAS'

diff --git a/pkg/auth/login/login.go b/pkg/auth/login/login.go
@@ -30,22 +30,40 @@ type AuthorizationCodeGrant struct {
 type SSOConfig struct {
 	AuthURL      string
 	RedirectPath string
+	SkipAuth     bool
 }
 
 // Execute runs an Authorization Code flow login
 // enabling the user to log in to SSO and MAS-SSO in succession
 // https://tools.ietf.org/html/rfc6749#section-4.1
-func (a *AuthorizationCodeGrant) Execute(ctx context.Context, ssoCfg *SSOConfig, masSSOCfg *SSOConfig) (err error) {
+func (a *AuthorizationCodeGrant) Execute(ctx context.Context, ssoCfg *SSOConfig, masSSOCfg *SSOConfig) error {
 	// log in to SSO
 	a.Logger.Info(localizer.MustLocalizeFromID("login.log.info.loggingIn"))
-	if err = a.loginSSO(ctx, ssoCfg); err != nil {
+	if err := a.loginSSO(ctx, ssoCfg); err != nil {
 		return err
 	}
 	a.Logger.Info(localizer.MustLocalizeFromID("login.log.info.loggedIn"))
 
+	if masSSOCfg.SkipAuth {
+
+		cfg, err := a.Config.Load()
+		if err != nil {
+			return err
+		}
+
+		cfg.MasAccessToken = ""
+		cfg.MasRefreshToken = ""
+
+		if err = a.Config.Save(cfg); err != nil {
+			return err
+		}
+
+		return nil
+	}
+
 	a.Logger.Info(localizer.MustLocalizeFromID("login.log.info.loggingInMAS"))
 	// log in to MAS-SSO
-	if err = a.loginMAS(ctx, masSSOCfg); err != nil {
+	if err := a.loginMAS(ctx, masSSOCfg); err != nil {
 		return err
 	}
 	a.Logger.Info(localizer.MustLocalizeFromID("login.log.info.loggedInMAS"))

diff --git a/pkg/cmd/login/login.go b/pkg/cmd/login/login.go
@@ -61,6 +61,7 @@ type Options struct {
 	insecureSkipTLSVerify bool
 	printURL              bool
 	offlineToken          string
+	skipMasSSOLogin       bool
 }
 
 // NewLoginCmd gets the command that's log the user in
@@ -93,6 +94,7 @@ func NewLoginCmd(f *factory.Factory) *cobra.Command {
 	cmd.Flags().BoolVar(&opts.printURL, "print-sso-url", false, localizer.MustLocalizeFromID("login.flag.printSsoUrl"))
 	cmd.Flags().StringArrayVar(&opts.scopes, "scope", connection.DefaultScopes, localizer.MustLocalizeFromID("login.flag.scope"))
 	cmd.Flags().StringVarP(&opts.offlineToken, "token", "t", "", localizer.MustLocalizeFromID("login.flag.token"))
+	cmd.Flags().BoolVar(&opts.skipMasSSOLogin, "skip-mas-login", false, localizer.MustLocalizeFromID("login.flag.skipMasSSOLogin"))
 
 	return cmd
 }
@@ -146,6 +148,7 @@ func runLogin(opts *Options) (err error) {
 		masSsoCfg := &login.SSOConfig{
 			AuthURL:      opts.masAuthURL,
 			RedirectPath: "mas-sso-callback",
+			SkipAuth:     opts.skipMasSSOLogin,
 		}
 
 		if err = loginExec.Execute(context.Background(), ssoCfg, masSsoCfg); err != nil {

diff --git a/pkg/connection/keycloak_connection.go b/pkg/connection/keycloak_connection.go
@@ -131,9 +131,11 @@ func (c *KeycloakConnection) Logout(ctx context.Context) (err error) {
 		return &AuthError{err}
 	}
 
-	err = c.masKeycloakClient.Logout(ctx, c.clientID, "", c.masRealm, c.MASToken.RefreshToken)
-	if err != nil {
-		return &AuthError{err}
+	if c.MASToken.RefreshToken != "" {
+		err = c.masKeycloakClient.Logout(ctx, c.clientID, "", c.masRealm, c.MASToken.RefreshToken)
+		if err != nil {
+			return &AuthError{err}
+		}
 	}
 
 	c.Token.AccessToken = ""