Skip to content

[WebUI] Implement API Token Authentication in WebUI #3598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
hamidonos opened this issue Nov 8, 2024 · 0 comments · Fixed by #3851
Closed

[WebUI] Implement API Token Authentication in WebUI #3598

hamidonos opened this issue Nov 8, 2024 · 0 comments · Fixed by #3851
Labels
web-ui

Comments

@hamidonos
Copy link
Collaborator

hamidonos commented Nov 8, 2024
edited
Loading

Situation

Currently the API Token is not used for authentication inside the SecHub WebUI.

Wanted

We want to enable API Token authentication so that users can either log in with OAuth2 or API Token.

Solution

  • Add Basic Auth login api to SecHub WebUI
  • Upon login attempt the WebUI Backend calls the SecHub Server to validate the Basic Auth Credentials
  • Make sure the API Token is set in the cookies (encrypted) after successful authentication
  • That way we ensure that the user is not logged out in the next request
  • The cookie should be alive for the 24h (configured by the backend)
hamidonos added a commit that referenced this issue Feb 4, 2025
@hamidonos
implement cookie based authentication for user id + api token #3598
51622ef
@hamidonos hamidonos mentioned this issue Feb 4, 2025
Merged
hamidonos added a commit that referenced this issue Feb 5, 2025
@hamidonos
Merge branch 'refs/heads/develop' into feature-Implement-API-Token-Au…
86475ff 
…thentication-in-WebUI-#3598
de-jcup added a commit that referenced this issue Feb 13, 2025
@de-jcup
Added info log output for server and login modes #3598
cc60e87
de-jcup added a commit that referenced this issue Feb 13, 2025
@de-jcup
Updated technical documentation for local development #3598
3b27c52
hamidonos added a commit that referenced this issue Feb 17, 2025
@hamidonos
Merge remote-tracking branch 'origin/feature-Implement-API-Token-Auth…
191eb88 
…entication-in-WebUI-#3598' into feature-Implement-API-Token-Authentication-in-WebUI-#3598
hamidonos added a commit that referenced this issue Feb 18, 2025
@hamidonos @de-jcup
Feature implement api token authentication in web UI #3598 (#3851)
e5ed7ea 
* implement cookie based authentication for user id + api token #3598

* tests

* reading username password from formlogin parameters

* pr fixes

* add exception handling for 403 Forbidden

* fix display error of login tabs in login.html

* Added info log output for server and login modes #3598

* Updated technical documentation for local development #3598

* implement LoginModeOAuth2ActiveCondition tests

* implement LoginModeOAuth2ActiveCondition tests

* implement LoginModeOAuth2ActiveCondition tests

---------

Co-authored-by: Albert Tregnaghi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
web-ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature implement api token authentication in web UI #3598 mercedes-benz/sechub
1 participant
@hamidonos