Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HAI-3348 Display error message if user does not belong to allowed AD groups #1067

Merged
merged 2 commits into from
Feb 10, 2025
Merged

HAI-3348 Display error message if user does not belong to allowed AD groups #1067

merged 2 commits into from
Feb 10, 2025

Conversation

markohaarni
Copy link
Contributor

Description

When user authenticates with Helsinki AD, check that they belong to at least one of the allowed AD groups. If they don't, error message is displayed with a link to logout.

The AD groups are configurable and there's an option to disable the group checks.

Jira Issue: https://helsinkisolutionoffice.atlassian.net/browse/HAI-3348

Type of change

  • Bug fix
  • New feature
  • Other

Instructions for testing

  1. Login to Haitaton with Helsinki AD
  2. Your name should show up at the user icon in the top right corner and everything should work normally
  3. Change REACT_APP_USE_AD_FILTER env variable to 1. Logout from Haitaton and restart frontend
  4. Login again with AD
  5. Error message "Ei käyttöoikeutta Haitaton-asiointiin" should be displayed with logout link
  6. Click the logout link and check that you are logged out
  7. Get an AD group from your own bearer token, and use for example https://github.com/mike-engel/jwt-cli for decoding the JWT
  8. Add the AD group to REACT_APP_ALLOWED_AD_GROUPS env variable. Restart frontend
  9. Refresh the page. Everything should work normally again with no error message shown

Checklist:

  • I have written new tests (if applicable)
  • I have ran the tests myself (if applicable)
  • I have made necessary changes to the documentation, link to confluence
    or other location:

Other relevant info

Please describe here if there is e.g. some requirements for this change or
other info that the tester/user needs to know.

@markohaarni
HAI-3348 Display error message if user does not belong to allowed AD …
e3ee8ad 
…groups

When user authenticates with Helsinki AD, check that they belong
to at least one of the allowed AD groups. If they don't, error
message is displayed with a link to logout.

The AD groups are configurable and there's an option to disable the group checks.
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 7, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
84.2% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@markohaarni markohaarni merged commit ad3c4e9 into dev Feb 10, 2025
5 checks passed
@markohaarni markohaarni deleted the HAI-3348/wrong-AD-group-error-page branch February 10, 2025 06:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@corvidian corvidian corvidian approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markohaarni @corvidian