Skip to content

Feature/portal auth#61

Closed
rashmithachamikara wants to merge 174 commits into
wso2:mainfrom
rashmithachamikara:feature/portal-auth
Closed

Feature/portal auth#61
rashmithachamikara wants to merge 174 commits into
wso2:mainfrom
rashmithachamikara:feature/portal-auth

Conversation

@rashmithachamikara

Copy link
Copy Markdown
Contributor

Rabbit's Review Thread

rashmithachamikara and others added 28 commits May 12, 2026 14:39
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
- Update Go version to 1.26.3
- Enhance correlation ID validation with ASCII checks
- Update golangci-lint to version 2.12.2 and adjust Taskfile commands
- Fix go version in dockerfile

- Enhance CORS middleware to append Vary header
- Improve error handling for request body size
- Fix overwriting other users authorizations
- Add tests for read failures
- Add CORS support for same-origin requests without allowlist
- Correlation ID fallback now uses UnixNano + pid + atomic
- Client-supplied forwarding headers are stripped
- CORS allowed origins now reject path, query string, and fragment.
- handler.go: MeConsentApprove now routes ErrUpstreamResponseTooLarge through writeProxyError, so it returns the proper 502 UPSTREAM_RESPONSE_TOO_LARGE instead of 400 INVALID_PAYLOAD.
- service.go: proxy header filtering now strips Cookie and Authorization.
- Moved `golangci-lint` before tests in `.github/workflows/portal-backend-ci.yml`.
- Added a comment explaining the `time.Sleep(50 * time.Millisecond)` in `portal/backend/cmd/server/main.go`.
- Changed upstream timeout mapping from `503` to `504` in `portal/backend/internal/proxy/handler.go`.
- Added Phase 3 TODO comments for missing ownership enforcement in:
  - `MeConsentByID`
  - `MeConsentApprove`
  - `MeConsentRevoke`
- Consolidated duplicated correlation ID generation into shared code under `portal/backend/internal/correlation/`.
- Added TODO notes documenting the sequential metadata enrichment limitation in `portal/backend/internal/proxy/handler.go`.
- Updated docs/tests that depended on the timeout status change.
- Updated buildRevokePayload in [handler.go (line 585)](/abs/path/portal/backend/internal/proxy/handler.go:585) to initialize payload as an empty map and keep the final actionBy assignment as the source of truth.
- Added path escaping when forwarding `consentId`.
- Added invalid-consent-ID integration coverage.
- Updated integration fixtures to use valid UUID consent IDs.
- Add abstracted authnetication
- Add asgardeo and thunder sdk adapters
- `PortalAuth` now exposes `getAccessToken()`.
- Both adapters implement it.
- API requests retry once after `401`, obtaining a fresh SDK token for the retry.
- Added a test covering the single `401` retry.
- Updated test auth context.
- Replaced `accessToken.ts` with [authBridge.ts](D:\wso2\openfgc-portal\portal\frontend\src\auth\authBridge.ts).
- The bridge exposes only `getAccessToken` and one-shot `handleUnauthorized`.
- Both adapters register the bridge.
- API client retries `401` once, then triggers login once if still unauthorized.
- `403` has an explicit consent-registry authorization message.
- ThunderID now clears chached decoded ID-token profile data before sign-out
- /me/consents/{id}, approve, and revoke now fetch the consent and require an authorization entry whose userId matches the request’s UserIdentity.UserID.
- Non-owned consents returns 404 Not Found, preventing users from inferring that another user’s consent exists.
- `/me` now reads `UserIdentityFromContext()` directly.
- Removed legacy `WithUserID()` and `UserIDFromContext()`.
- Removed unused placeholder-only `middleware/userid.go` and its tests.
- Missing request identity now reports `500 IDENTITY_UNAVAILABLE`, since authentication middleware should have resolved it first.
- Add tests
- Update env.example
- Removes the fallback that injected TPP-client-id from BFF_PROXY__PLACEHOLDER_CLIENT_ID on every proxied request.
@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 03b3c93e-2d99-4ea2-947e-270f98bdba63

📥 Commits

Reviewing files that changed from the base of the PR and between fe4ce62 and fa40bbc.

⛔ Files ignored due to path filters (10)
  • portal/backend/go.sum is excluded by !**/*.sum
  • portal/frontend/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
  • portal/frontend/public/favicon/android-chrome-192x192.png is excluded by !**/*.png
  • portal/frontend/public/favicon/android-chrome-512x512.png is excluded by !**/*.png
  • portal/frontend/public/favicon/apple-touch-icon.png is excluded by !**/*.png
  • portal/frontend/public/favicon/favicon-16x16.png is excluded by !**/*.png
  • portal/frontend/public/favicon/favicon-32x32.png is excluded by !**/*.png
  • portal/frontend/public/favicon/favicon.ico is excluded by !**/*.ico
  • portal/frontend/public/wso2-logo.png is excluded by !**/*.png
  • portal/frontend/src/assets/react.svg is excluded by !**/*.svg
📒 Files selected for processing (106)
  • .github/workflows/portal-backend-ci.yml
  • .github/workflows/portal-frontend-ci.yml
  • portal/backend/.env.example
  • portal/backend/.gitignore
  • portal/backend/.golangci.yml
  • portal/backend/Dockerfile
  • portal/backend/README.md
  • portal/backend/Taskfile.yml
  • portal/backend/cmd/server/main.go
  • portal/backend/cmd/server/servicemanager.go
  • portal/backend/docker-compose.yml
  • portal/backend/go.mod
  • portal/backend/internal/me/handler.go
  • portal/backend/internal/me/init.go
  • portal/backend/internal/me/service.go
  • portal/backend/internal/me/service_test.go
  • portal/backend/internal/proxy/handler.go
  • portal/backend/internal/proxy/init.go
  • portal/backend/internal/proxy/init_test.go
  • portal/backend/internal/proxy/service.go
  • portal/backend/internal/proxy/service_test.go
  • portal/backend/internal/system/auth/validator.go
  • portal/backend/internal/system/auth/validator_test.go
  • portal/backend/internal/system/config/config.go
  • portal/backend/internal/system/config/config_test.go
  • portal/backend/internal/system/context/user.go
  • portal/backend/internal/system/correlation/id.go
  • portal/backend/internal/system/healthcheck/handler.go
  • portal/backend/internal/system/log/log.go
  • portal/backend/internal/system/log/log_test.go
  • portal/backend/internal/system/middleware/authentication.go
  • portal/backend/internal/system/middleware/authentication_test.go
  • portal/backend/internal/system/middleware/correlationid.go
  • portal/backend/internal/system/middleware/correlationid_test.go
  • portal/backend/internal/system/middleware/cors.go
  • portal/backend/internal/system/middleware/cors_test.go
  • portal/backend/openapi/portal-backend.yaml
  • portal/backend/tests/integration/auth_integration_test.go
  • portal/backend/tests/integration/health_test.go
  • portal/backend/tests/integration/proxy_integration_test.go
  • portal/backend/tests/integration/server_test.go
  • portal/bff-implementation-phases.md
  • portal/bff-implementation-plan.md
  • portal/frontend/.env.example
  • portal/frontend/.gitignore
  • portal/frontend/.prettierignore
  • portal/frontend/.prettierrc
  • portal/frontend/README.md
  • portal/frontend/eslint.config.js
  • portal/frontend/index.html
  • portal/frontend/package.json
  • portal/frontend/public/favicon/site.webmanifest
  • portal/frontend/src/App.tsx
  • portal/frontend/src/__tests__/AppSidebar.test.tsx
  • portal/frontend/src/__tests__/ConsentApprovalApi.test.ts
  • portal/frontend/src/__tests__/ConsentRegistryModals.test.tsx
  • portal/frontend/src/__tests__/ConsentRegistryPage.test.tsx
  • portal/frontend/src/__tests__/ConsentStatusChip.test.ts
  • portal/frontend/src/__tests__/DateTimeUtils.test.ts
  • portal/frontend/src/__tests__/I18nKeys.test.ts
  • portal/frontend/src/__tests__/MainLayout.test.tsx
  • portal/frontend/src/__tests__/smoke.test.tsx
  • portal/frontend/src/auth/PortalAuthContext.tsx
  • portal/frontend/src/auth/PortalAuthProvider.tsx
  • portal/frontend/src/auth/RequireAuthentication.tsx
  • portal/frontend/src/auth/asgardeo/AsgardeoAuthProvider.tsx
  • portal/frontend/src/auth/authBridge.ts
  • portal/frontend/src/auth/placeholder/PlaceholderAuthProvider.tsx
  • portal/frontend/src/auth/thunder/ThunderAuthProvider.tsx
  • portal/frontend/src/components/.gitkeep
  • portal/frontend/src/components/layout/main-layout/HeaderBreadcrumbs.tsx
  • portal/frontend/src/components/layout/main-layout/MainLayout.tsx
  • portal/frontend/src/components/layout/main-layout/UserProfileMenu.tsx
  • portal/frontend/src/components/layout/sidebar/AppSidebar.tsx
  • portal/frontend/src/features/.gitkeep
  • portal/frontend/src/features/consent-registry/ConsentDetailsPage.tsx
  • portal/frontend/src/features/consent-registry/ConsentRegistryPage.tsx
  • portal/frontend/src/features/consent-registry/api/consentsApi.ts
  • portal/frontend/src/features/consent-registry/components/ConsentApprovalDialog.tsx
  • portal/frontend/src/features/consent-registry/components/ConsentRegistryFilters.tsx
  • portal/frontend/src/features/consent-registry/components/ConsentRegistryTable.tsx
  • portal/frontend/src/features/consent-registry/components/ConsentRevocationDialog.tsx
  • portal/frontend/src/features/consent-registry/components/details/ConsentAuthorizationsSection.tsx
  • portal/frontend/src/features/consent-registry/components/details/ConsentMetadataCard.tsx
  • portal/frontend/src/features/consent-registry/components/details/ConsentPurposesSection.tsx
  • portal/frontend/src/features/consent-registry/components/details/ConsentResourcesModal.tsx
  • portal/frontend/src/features/consent-registry/constants.ts
  • portal/frontend/src/features/consent-registry/hooks/useConsentQueries.ts
  • portal/frontend/src/features/consent-registry/utils/statusChip.ts
  • portal/frontend/src/features/dashboard/DashboardPage.tsx
  • portal/frontend/src/hooks/.gitkeep
  • portal/frontend/src/i18n/i18n.ts
  • portal/frontend/src/i18n/resources/en/common.ts
  • portal/frontend/src/main.tsx
  • portal/frontend/src/types/.gitkeep
  • portal/frontend/src/types/consent.ts
  • portal/frontend/src/utils/.gitkeep
  • portal/frontend/src/utils/apiClient.ts
  • portal/frontend/src/utils/dateTime.ts
  • portal/frontend/src/utils/queryClient.ts
  • portal/frontend/tsconfig.app.json
  • portal/frontend/tsconfig.json
  • portal/frontend/tsconfig.node.json
  • portal/frontend/tsconfig.test.json
  • portal/frontend/vite.config.ts
  • portal/frontend/vitest.setup.ts

📝 Walkthrough

Summary

  • Added frontend authentication support with configurable Asgardeo, ThunderID, and placeholder providers, including token handling, retry behavior, sign-in/sign-out flows, and protected routing.
  • Added a Go backend-for-frontend with configuration management, JWT/JWKS validation, CORS, correlation IDs, health endpoints, scoped authorization, and controlled API proxying.
  • Added authenticated /me/consents listing, detail, approval, and revocation flows with user ownership enforcement and enriched consent responses.
  • Added the consent portal UI, including registry filters, pagination, detail views, approval/revocation dialogs, loading states, tooltips, navigation, localization, and profile controls.
  • Added OpenAPI documentation, environment examples, Docker and Compose setup, implementation plans, and frontend/backend CI workflows.
  • Added extensive unit, integration, authentication, proxy, configuration, middleware, API-client, and UI test coverage.

Walkthrough

This change adds a complete portal stack: a Go BFF with configuration, JWT/JWKS authentication, CORS and correlation middleware, health endpoints, allowlisted proxying, consent aggregation and mutation routes, OpenAPI contracts, Docker support, and integration tests. It also adds a React frontend with provider-based authentication, consent registry and detail views, API/query utilities, localization, UI components, tests, TypeScript/Vite configuration, and CI workflows for both backend and frontend.

Sequence Diagram(s)

sequenceDiagram
  participant Browser
  participant PortalFrontend
  participant PortalBackend
  participant OpenFGC
  Browser->>PortalFrontend: Request consent registry
  PortalFrontend->>PortalBackend: GET /me/consents with bearer token
  PortalBackend->>PortalBackend: Validate token and enforce scope
  PortalBackend->>OpenFGC: Forward consent query with trusted identity
  OpenFGC-->>PortalBackend: Consent response
  PortalBackend-->>PortalFrontend: JSON consent response
  PortalFrontend-->>Browser: Render consent registry
Loading
sequenceDiagram
  participant Browser
  participant PortalFrontend
  participant PortalBackend
  participant OpenFGC
  Browser->>PortalFrontend: Approve or revoke consent
  PortalFrontend->>PortalBackend: Submit consent mutation
  PortalBackend->>OpenFGC: Fetch consent and verify ownership
  PortalBackend->>OpenFGC: Submit transformed update
  OpenFGC-->>PortalBackend: Mutation response
  PortalBackend-->>PortalFrontend: Mutation result
  PortalFrontend-->>Browser: Update consent view
Loading
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants