forked from baron/baron-sso
devfront 개발모드 unkown로그인 제거
This commit is contained in:
@@ -2,6 +2,7 @@ import { useEffect } from "react";
|
||||
import { useAuth } from "react-oidc-context";
|
||||
import { useNavigate } from "react-router-dom";
|
||||
import { userManager } from "../../lib/auth";
|
||||
import { isValidOidcSessionUser } from "../../lib/oidcStorage";
|
||||
|
||||
export default function AuthCallbackPage() {
|
||||
const auth = useAuth();
|
||||
@@ -16,7 +17,7 @@ export default function AuthCallbackPage() {
|
||||
return;
|
||||
}
|
||||
|
||||
if (auth.isAuthenticated) {
|
||||
if (auth.isAuthenticated && isValidOidcSessionUser(auth.user)) {
|
||||
const returnTo =
|
||||
typeof auth.user?.state === "object" &&
|
||||
auth.user?.state !== null &&
|
||||
@@ -29,7 +30,7 @@ export default function AuthCallbackPage() {
|
||||
console.error("Auth Error:", auth.error);
|
||||
navigate("/login", { replace: true });
|
||||
}
|
||||
}, [auth.isAuthenticated, auth.error, navigate, auth.user?.state]);
|
||||
}, [auth.isAuthenticated, auth.error, navigate, auth.user]);
|
||||
|
||||
return <div>Loading Auth...</div>;
|
||||
}
|
||||
|
||||
@@ -2,22 +2,26 @@ import { useEffect, useState } from "react";
|
||||
import { useAuth } from "react-oidc-context";
|
||||
import { Navigate, Outlet } from "react-router-dom";
|
||||
import { userManager } from "../../lib/auth";
|
||||
import { findPersistedOidcUser } from "../../lib/oidcStorage";
|
||||
import {
|
||||
findPersistedOidcUser,
|
||||
isValidOidcSessionUser,
|
||||
} from "../../lib/oidcStorage";
|
||||
|
||||
export default function AuthGuard() {
|
||||
const auth = useAuth();
|
||||
const hasActiveAuthUser =
|
||||
auth.isAuthenticated && isValidOidcSessionUser(auth.user);
|
||||
const [hasStoredUser, setHasStoredUser] = useState<boolean | null>(() =>
|
||||
findPersistedOidcUser() ? true : null,
|
||||
);
|
||||
const isDevelopmentMode = import.meta.env.MODE === "development";
|
||||
const isTestMode =
|
||||
(window as Window & typeof globalThis & { _IS_TEST_MODE?: boolean })
|
||||
._IS_TEST_MODE === true || navigator.webdriver === true;
|
||||
._IS_TEST_MODE === true;
|
||||
|
||||
useEffect(() => {
|
||||
let cancelled = false;
|
||||
|
||||
if (isDevelopmentMode || isTestMode) {
|
||||
if (isTestMode) {
|
||||
setHasStoredUser(true);
|
||||
return () => {
|
||||
cancelled = true;
|
||||
@@ -36,7 +40,7 @@ export default function AuthGuard() {
|
||||
.getUser()
|
||||
.then((user) => {
|
||||
if (!cancelled) {
|
||||
setHasStoredUser(Boolean(user && !user.expired));
|
||||
setHasStoredUser(isValidOidcSessionUser(user));
|
||||
}
|
||||
})
|
||||
.catch(() => {
|
||||
@@ -50,7 +54,7 @@ export default function AuthGuard() {
|
||||
};
|
||||
}, [isTestMode]);
|
||||
|
||||
if (isDevelopmentMode || isTestMode) {
|
||||
if (isTestMode) {
|
||||
return <Outlet />;
|
||||
}
|
||||
|
||||
@@ -76,7 +80,7 @@ export default function AuthGuard() {
|
||||
);
|
||||
}
|
||||
|
||||
if (!auth.isAuthenticated && !hasStoredUser) {
|
||||
if (!hasActiveAuthUser && !hasStoredUser) {
|
||||
return <Navigate to="/login" replace />;
|
||||
}
|
||||
|
||||
|
||||
@@ -11,6 +11,7 @@ import {
|
||||
CardTitle,
|
||||
} from "../../components/ui/card";
|
||||
import { canStartBrowserPkceLogin } from "../../lib/authConfig";
|
||||
import { isValidOidcSessionUser } from "../../lib/oidcStorage";
|
||||
|
||||
const insecurePkceMessage =
|
||||
"이 주소에서는 브라우저 보안 정책 때문에 SSO 로그인을 시작할 수 없습니다. HTTPS 또는 localhost로 접속하거나, 내부망/host.docker.internal 개발 접속은 Chrome의 insecure-origin secure context 옵션에 실제 auth UI origin(예: http://host.docker.internal:5000)을 정확히 등록해 주세요.";
|
||||
@@ -39,12 +40,14 @@ function LoginPage() {
|
||||
return message;
|
||||
}, [auth.error?.message]);
|
||||
const visibleLoginError = loginError || authErrorMessage;
|
||||
const hasActiveAuthUser =
|
||||
auth.isAuthenticated && isValidOidcSessionUser(auth.user);
|
||||
|
||||
useEffect(() => {
|
||||
if (auth.isAuthenticated) {
|
||||
if (hasActiveAuthUser) {
|
||||
navigate(returnTo, { replace: true });
|
||||
}
|
||||
}, [auth.isAuthenticated, navigate, returnTo]);
|
||||
}, [hasActiveAuthUser, navigate, returnTo]);
|
||||
|
||||
useEffect(() => {
|
||||
if (!shouldAutoLogin) {
|
||||
|
||||
@@ -2,21 +2,22 @@ import { act } from "react";
|
||||
import { createRoot, type Root } from "react-dom/client";
|
||||
import { MemoryRouter, Route, Routes } from "react-router-dom";
|
||||
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
|
||||
import type { PersistedOidcUser } from "../../lib/oidcStorage";
|
||||
import AuthCallbackPage from "./AuthCallbackPage";
|
||||
import AuthGuard from "./AuthGuard";
|
||||
import AuthPage from "./AuthPage";
|
||||
import LoginPage from "./LoginPage";
|
||||
|
||||
type AuthTestUser = PersistedOidcUser & {
|
||||
state?: unknown;
|
||||
};
|
||||
|
||||
const authState = {
|
||||
isAuthenticated: false,
|
||||
isLoading: false,
|
||||
activeNavigator: undefined as string | undefined,
|
||||
error: null as Error | null,
|
||||
user: undefined as
|
||||
| {
|
||||
state?: unknown;
|
||||
}
|
||||
| undefined,
|
||||
user: undefined as AuthTestUser | undefined,
|
||||
signinRedirect: vi.fn(),
|
||||
};
|
||||
|
||||
@@ -33,7 +34,19 @@ vi.mock("../../lib/auth", () => ({
|
||||
|
||||
const roots: Root[] = [];
|
||||
|
||||
function createAuthUser(overrides: Partial<AuthTestUser> = {}): AuthTestUser {
|
||||
return {
|
||||
access_token: "token-1",
|
||||
expires_at: Math.floor(Date.now() / 1000) + 3600,
|
||||
profile: { sub: "dev-admin-1" },
|
||||
...overrides,
|
||||
};
|
||||
}
|
||||
|
||||
beforeEach(() => {
|
||||
window.localStorage.clear();
|
||||
delete (window as Window & typeof globalThis & { _IS_TEST_MODE?: boolean })
|
||||
._IS_TEST_MODE;
|
||||
authState.isAuthenticated = false;
|
||||
authState.isLoading = false;
|
||||
authState.activeNavigator = undefined;
|
||||
@@ -137,13 +150,50 @@ describe("devfront auth pages", () => {
|
||||
expect(redirected.textContent).toContain("Login route");
|
||||
|
||||
authState.isAuthenticated = true;
|
||||
authState.user = createAuthUser();
|
||||
const protectedPage = await renderWithRouter(<AuthGuard />);
|
||||
expect(protectedPage.textContent).toContain("Protected outlet");
|
||||
});
|
||||
|
||||
it("does not restore placeholder unknown OIDC entries as authenticated sessions", async () => {
|
||||
window.localStorage.setItem(
|
||||
"oidc.user:issuer:devfront",
|
||||
JSON.stringify({
|
||||
expires_at: Math.floor(Date.now() / 1000) + 3600,
|
||||
profile: {
|
||||
name: "Unknown User",
|
||||
email: "unknown@example.com",
|
||||
},
|
||||
}),
|
||||
);
|
||||
|
||||
const redirected = await renderWithRouter(<AuthGuard />);
|
||||
|
||||
expect(redirected.textContent).toContain("Login route");
|
||||
});
|
||||
|
||||
it("keeps the login page visible for placeholder authenticated users", async () => {
|
||||
authState.isAuthenticated = true;
|
||||
authState.user = {
|
||||
expires_at: Math.floor(Date.now() / 1000) + 3600,
|
||||
profile: {
|
||||
name: "Unknown User",
|
||||
email: "unknown@example.com",
|
||||
},
|
||||
};
|
||||
|
||||
const container = await renderWithRouter(<LoginPage />, {
|
||||
entry: "/login?returnTo=/profile",
|
||||
path: "/login",
|
||||
});
|
||||
|
||||
expect(container.textContent).toContain("개발자 포털 로그인");
|
||||
expect(container.textContent).not.toContain("Profile route");
|
||||
});
|
||||
|
||||
it("navigates from callback by auth result and stored return target", async () => {
|
||||
authState.isAuthenticated = true;
|
||||
authState.user = { state: { returnTo: "/profile" } };
|
||||
authState.user = createAuthUser({ state: { returnTo: "/profile" } });
|
||||
|
||||
const authenticated = await renderWithRouter(<AuthCallbackPage />, {
|
||||
entry: "/auth/callback",
|
||||
|
||||
Reference in New Issue
Block a user