Merge pull request #26058 from rhcs-dashboard/37917-sso-404-page

mgr/dashboard: SSO - UserDoesNotExist page

Reviewed-by: Kanika Murarka <kmurarka@redhat.com>

src/pybind/mgr/dashboard/controllers/saml2.py

@@ -64,18 +64,16 @@ class Saml2(BaseController):
                                              mgr.SSO_DB.saml2.get_username_attribute(),
                                              auth.get_attributes()))
             username = username_attribute[0]
+            url_prefix = prepare_url_prefix(mgr.get_module_option('url_prefix', default=''))
             try:
                 mgr.ACCESS_CTRL_DB.get_user(username)
             except UserDoesNotExist:
-                raise cherrypy.HTTPError(400,
+                raise cherrypy.HTTPRedirect("{}/#/sso/404".format(url_prefix))
-                                         'SSO error - Username `{}` does not exist.'
-                                         .format(username))
 
             token = JwtManager.gen_token(username)
             JwtManager.set_user(JwtManager.decode_token(token))
             token = token.decode('utf-8')
             logger.debug("JWT Token: %s", token)
-            url_prefix = prepare_url_prefix(mgr.get_module_option('url_prefix', default=''))
             raise cherrypy.HTTPRedirect("{}/#/login?access_token={}".format(url_prefix, token))
         else:
             return {

src/pybind/mgr/dashboard/frontend/src/app/app-routing.module.ts

@@ -29,6 +29,7 @@ import { RgwUserListComponent } from './ceph/rgw/rgw-user-list/rgw-user-list.com
 import { LoginComponent } from './core/auth/login/login.component';
 import { RoleFormComponent } from './core/auth/role-form/role-form.component';
 import { RoleListComponent } from './core/auth/role-list/role-list.component';
+import { SsoNotFoundComponent } from './core/auth/sso/sso-not-found/sso-not-found.component';
 import { UserFormComponent } from './core/auth/user-form/user-form.component';
 import { UserListComponent } from './core/auth/user-list/user-list.component';
 import { ForbiddenComponent } from './core/forbidden/forbidden.component';
@@ -282,6 +283,8 @@ const routes: Routes = [
       }
     ]
   },
+  // Single Sign-On (SSO)
+  { path: 'sso/404', component: SsoNotFoundComponent },
   // System
   { path: 'login', component: LoginComponent },
   { path: 'logout', children: [] },

src/pybind/mgr/dashboard/frontend/src/app/core/auth/auth.module.ts

@@ -12,6 +12,7 @@ import { LoginComponent } from './login/login.component';
 import { RoleDetailsComponent } from './role-details/role-details.component';
 import { RoleFormComponent } from './role-form/role-form.component';
 import { RoleListComponent } from './role-list/role-list.component';
+import { SsoNotFoundComponent } from './sso/sso-not-found/sso-not-found.component';
 import { UserFormComponent } from './user-form/user-form.component';
 import { UserListComponent } from './user-list/user-list.component';
 import { UserTabsComponent } from './user-tabs/user-tabs.component';
@@ -32,6 +33,7 @@ import { UserTabsComponent } from './user-tabs/user-tabs.component';
     RoleDetailsComponent,
     RoleFormComponent,
     RoleListComponent,
+    SsoNotFoundComponent,
     UserTabsComponent,
     UserListComponent,
     UserFormComponent

src/pybind/mgr/dashboard/frontend/src/app/core/auth/sso/sso-not-found/sso-not-found.component.html

@@ -0,0 +1,15 @@
+<div class="row">
+  <div class="col-md-12 text-center">
+    <h1 i18n>Sorry, the user does not exist in Ceph.</h1>
+    <h4 i18n>Return to <a class="sso-logout" [href]="logoutUrl">Login Page</a>. You'll be logged out from the Identity Provider when you retry logging in.</h4>
+
+    <img class="img-responsive center-block img-rounded"
+         src="/assets/1280px-Nautilus_Octopus.jpg">
+    <span>
+      "<a href="https://www.flickr.com/photos/146401137@N06/40335060661">Nautilus Octopus</a>" by Jin Kemoole is licensed under
+      <a rel="nofollow"
+         class="external text"
+         href="https://creativecommons.org/licenses/by/2.0/">CC BY 2.0</a>
+    </span>
+  </div>
+</div>

src/pybind/mgr/dashboard/frontend/src/app/core/auth/sso/sso-not-found/sso-not-found.component.scss

@@ -0,0 +1,11 @@
+h1 {
+  font-size: -webkit-xxx-large;
+}
+
+* {
+  font-family: monospace;
+}
+
+img {
+  width: 50vw;
+}

src/pybind/mgr/dashboard/frontend/src/app/core/auth/sso/sso-not-found/sso-not-found.component.spec.ts

@@ -0,0 +1,30 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { configureTestBed } from '../../../../../testing/unit-test-helper';
+import { SsoNotFoundComponent } from './sso-not-found.component';
+
+describe('SsoNotFoundComponent', () => {
+  let component: SsoNotFoundComponent;
+  let fixture: ComponentFixture<SsoNotFoundComponent>;
+
+  configureTestBed({
+    declarations: [SsoNotFoundComponent]
+  });
+
+  beforeEach(() => {
+    fixture = TestBed.createComponent(SsoNotFoundComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('should create', () => {
+    expect(component).toBeTruthy();
+  });
+
+  it('should render the correct logout url', () => {
+    const expectedUrl = `http://localhost/auth/saml2/slo`;
+    const logoutAnchor = fixture.debugElement.nativeElement.querySelector('.sso-logout');
+
+    expect(logoutAnchor.href).toEqual(expectedUrl);
+  });
+});

src/pybind/mgr/dashboard/frontend/src/app/core/auth/sso/sso-not-found/sso-not-found.component.ts

@@ -0,0 +1,14 @@
+import { Component } from '@angular/core';
+
+@Component({
+  selector: 'cd-sso-not-found',
+  templateUrl: './sso-not-found.component.html',
+  styleUrls: ['./sso-not-found.component.scss']
+})
+export class SsoNotFoundComponent {
+  logoutUrl: string;
+
+  constructor() {
+    this.logoutUrl = `${window.location.origin}/auth/saml2/slo`;
+  }
+}

src/pybind/mgr/dashboard/frontend/src/locale/messages.xlf

@@ -2552,6 +2552,18 @@
           <context context-type="sourcefile">app/core/auth/user-form/user-form.component.html</context>
           <context context-type="linenumber">147</context>
         </context-group>
+      </trans-unit><trans-unit id="58fc1b5c79a75370eb52644fd83fb2e7096b6649" datatype="html">
+        <source>Sorry, the user does not exist in Ceph.</source>
+        <context-group purpose="location">
+          <context context-type="sourcefile">app/core/auth/sso/sso-not-found/sso-not-found.component.html</context>
+          <context context-type="linenumber">3</context>
+        </context-group>
+      </trans-unit><trans-unit id="d9deb94f78e7c41b35c6622b874f06657d7604c1" datatype="html">
+        <source>Return to <x id="START_LINK" ctype="x-a" equiv-text="&lt;a&gt;"/>Login Page<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>. You&apos;ll be logged out from the Identity Provider when you retry logging in.</source>
+        <context-group purpose="location">
+          <context context-type="sourcefile">app/core/auth/sso/sso-not-found/sso-not-found.component.html</context>
+          <context context-type="linenumber">4</context>
+        </context-group>
       </trans-unit><trans-unit id="e83cda1d2f391695610a1c572332e5f81499dd83" datatype="html">
         <source><x id="ICU" equiv-text="{mode, select, editing {...} other {...}}"/> User</source>
         <context-group purpose="location">