mrc-5092 Proof of concept: login to packit from index page

[EmmaLRussell]

The changes in this PR, and the related Packit PR are a proof of concept to show how we can support Montagu auth in Packit. These branches should not be merged but will form the basis of further tickets to do a full implementation.

Unlike our approach in OrderlyWeb, where Montagu auth was a special case, and where OrderlyWeb interacted directly with Montagu API to deal with Auth, here we support Basic Auth in Packit, which knows nothing about Montagu. Instead, it's Montagu which will work with Packit's auth requirements. We'll migrate Montagu users into the Packit DB as Packit users, and make the add user admin feature in Montagu create a corresponding new user in Packit. So here the bulk of the work is implementing Basic auth in Packit and integrating Packit into the Montagu proxy, ensuring that login requests to Packit are routed via the Montagu login page, which authenticates with both Montagu and Packit.

I'm sure there are some wrinkles to iron out here - you may have a weird experience with multiple tabs or back button. As @richfitz pointed out, we should also make sure Montagu and Packit tokens are given the same expiry duration....

The changes in these PRs cover the following aspects:

1. SUPPORTING BASIC AUTH IN PACKIT

I've reinstated Lekan's old Basic auth, somewhat changed for the refactored security classes. This uses a JSON POST of credentials, but we should put credentials in the Authorization header when we implement this for real. There isn't actually a user database as yet, just a single hardcoded test user. You can see the implementation in the backend changes in Packit, which includes some refactoring of the user principal classes to support both Basic and OAuth2 users.

2. ADDING PACKIT TO MONTAGU-PROXY DEMO

Packit containers added to Docker compose and added some config wrangling in related scripts.

3. ROUTING PACKIT REQUESTS IN MONTAGU PROXY

nginx.montagu.conf updated to route requests under /packit to the Packit front end container, and under /packit/api to the Packit back end container:

location /packit/api/ {
    proxy_pass http://packit-api:8080/;
    proxy_redirect default;
}

location /packit/ {
    proxy_pass http://packit/;
    proxy_redirect default;
}

Also needed to make a change in Packit, so that the front end router can route to the /packit path when required rather than always directly under the domain route. To do this, I added an appRoute config value, which is passed to the front end as part of authConfig, and made a custom PackitBrowserRouter component which sets the basename in BrowserRouter to appRoute.

4. LOGGING INTO PACKIT WHEN LOG IN TO MONTAGU

The login method in montagu-login.js, called from the montagu index page, now also logs into Packit, via a new packit-auth.jsmodule, which gets the Packit token from the api's auth/login/basic endpoint and saves it to local storage, as expected by Packit.

5. REDIRECTING FROM PACKIT LOGIN PAGE TO MONTAGU LOGIN PAGE

nginx.montagu.conf updated to redirect requests to the packit login page to the index page, where the user can login. Sets the redirectTo qs param, so that the user is automatically redirected to Packit after login with Montagu.

rewrite ^/packit/login$ /?redirectTo=packit permanent;

What isn't implemented yet is redirecting to any initially requested page within Packit e.g. a Packit group page.

6. REDIRECTING FROM PACKIT PROTECTED ROUTES TO MONTAGU LOGIN PAGE

Usually, the user wouldn't browse direct to /packit/login to login, but instead would be directed there by Packit itself when they attempt to access a protected route (e.g the Packit home page). We want users to be redirected to the Montagu page in these cases too, but this required a change in Packit. so that rather than using front-end only react router navigating, it uses ordinary window.location navigation, which round trips to the server and gives the proxy the opportunity to do the redirect. This is implemented in ProtectedRoute.tsx and in AccountHeaderDropdown.tsx (to cover the case where the user explicitly logs out and is directed to the login page).

7. LOGGING OUT FROM MONTAGU PAGE

When the user logs out from the Montagu index page, it also 'logs out' of Packit by calling deleteUser in packit-auth.js to delete the token from local storage.

8. LOGGING OUT FROM PACKIT

When the user logs out explicity from Packit, as well as being directed to the Montagu index page, they should also be logged out of Montagu, so we need some way of telling Montagu that it needs to log out too. So, when Packit's AccountHeaderDropdown.tsx redirects with the new window navigation on logout, it also includes a loggingOut=1 query string. This is not used within Packit (which already knows to delete the token), but is picked up by the Montagu index page (the nginx rewrite configuration passes the parameter through) - if the loggingOut param is present, the index page will log out of Montagu on page load.

TESTING

To test locally, run ./scripts/dev.sh, browse to https://localhost and push through the dire warnings to get to the Montagu index page. I haven't added a button to take you directly to Packit, but once you've logged in (as [email protected]) you should be able to browse to https://localhost/packit to see the Packit front page, logged in as the test user. (You'll also be able to see some packets if you run up the proxy in a folder at the same level as a packit folder with an initialised outpack demo).

You should be able to do all the actions described above e.g. get redirected to Montagu when log out from Packit, get redirected to Montagu if browse to https://localhost/packit when not logged in etc.

[EmmaLRussell]

Hack to get working locally for me as db was timing out, shouldn't really be needed!