Feat/login UI (unitycatalog#450)

jamieknight-db · web-flow · commit 7ddb4d5bdd79 · 2024-09-12T10:53:10.000-06:00
**PR Checklist** - [x ] A description of the changes is added to the description of this PR. - [x ] If there is a related issue, make sure it is linked to this PR. - [ ] If you've fixed a bug or added code that should be tested, add tests! - [ ] If you've added or modified a feature, documentation in `docs` is updated **Description of changes** Allows users to login via google auth once auth configuration is in place and users have been added to users table. <img width="1064" alt="Screenshot 2024-09-11 at 12 37 00 PM" src="https://github.com/user-attachments/assets/7f5db283-2604-4e6a-a179-f17d6c5537d1"> <img width="323" alt="Screenshot 2024-09-11 at 12 38 38 PM" src="https://github.com/user-attachments/assets/1824e68a-6a76-4f11-87f4-d49522a54a16"> Closes unitycatalog#430
diff --git a/server/src/main/java/io/unitycatalog/server/persist/utils/ServerPropertiesUtils.java b/server/src/main/java/io/unitycatalog/server/persist/utils/ServerPropertiesUtils.java
@@ -126,6 +126,8 @@ public Map<String, ADLSStorageConfig> getAdlsConfigurations() {
 
   // Get a property value by key with a default value
   public String getProperty(String key, String defaultValue) {
+    if (System.getProperty(key) != null) return System.getProperty(key);
+    if (System.getenv().containsKey(key)) return System.getenv(key);
     return properties.getProperty(key, defaultValue);
   }
 }
diff --git a/server/src/main/java/io/unitycatalog/server/service/AuthService.java b/server/src/main/java/io/unitycatalog/server/service/AuthService.java
@@ -16,6 +16,7 @@
 import io.unitycatalog.server.exception.GlobalExceptionHandler;
 import io.unitycatalog.server.exception.OAuthInvalidRequestException;
 import io.unitycatalog.server.persist.UserRepository;
+import io.unitycatalog.server.persist.utils.ServerPropertiesUtils;
 import io.unitycatalog.server.security.SecurityContext;
 import io.unitycatalog.server.utils.JwksOperations;
 import lombok.Builder;
@@ -126,6 +127,13 @@ public HttpResponse grantToken(OAuthTokenExchangeRequest request) {
           ErrorCode.INVALID_ARGUMENT, "Actor tokens not currently supported");
     }
 
+    String authorization =
+        ServerPropertiesUtils.getInstance().getProperty("server.authorization", "disable");
+    if (!authorization.equals("enable")) {
+      throw new OAuthInvalidRequestException(
+          ErrorCode.INVALID_ARGUMENT, "Authorization is disabled");
+    }
+
     DecodedJWT decodedJWT = JWT.decode(request.getSubjectToken());
     String issuer = decodedJWT.getClaim("iss").asString();
     String keyId = decodedJWT.getHeaderClaim("kid").asString();
@@ -162,7 +170,7 @@ private static void verifyPrincipal(DecodedJWT decodedJWT) {
 
     try {
       User user = USER_REPOSITORY.getUserByEmail(subject);
-      if (user != null && user.getState() != User.StateEnum.ENABLED) {
+      if (user != null && user.getState() != User.StateEnum.DISABLED) {
         return;
       }
     } catch (Exception e) {
diff --git a/ui/README.md b/ui/README.md
@@ -30,4 +30,6 @@ You will also see any lint errors in the console.
 
 OSS Unity Catalog supports Sign in with Google. You can authenticate with Google by clicking the "Sign in with Google" button on the login page, once OAuth has been configured. To configure this, follow the steps to obtain a [Google API Client ID](https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid) and configure your OAuth consent screen.
 
+NOTE: The google client ID should match what is configured in the server.properties file on the server side. See README in root directory. In order for login to work, authentication must be enabled on server side AND UI side and users must be added to users table.
+
 Once you have the client ID, add it to the `.env` file after `REACT_APP_GOOGLE_CLIENT_ID=` and change the `REACT_APP_GOOGLE_AUTH_ENABLED` flag from false to true. Restart yarn. 
diff --git a/ui/src/App.tsx b/ui/src/App.tsx
@@ -61,8 +61,9 @@ const router = createBrowserRouter([
 ]);
 
 function AppProvider() {
-  const { accessToken, logout } = useAuth();
+  const { accessToken, logout, currentUser } = useAuth();
   const navigate = useNavigate();
+  const authEnabled = process.env.REACT_APP_GOOGLE_AUTH_ENABLED === 'true';
   const loggedIn = accessToken !== '';
 
   const profileMenuItems = useMemo(
@@ -77,8 +78,8 @@ function AppProvider() {
               cursor: 'default',
             }}
           >
-            <Typography.Text>User name here</Typography.Text>
-            <Typography.Text>user.email@goeshere.com</Typography.Text>
+            <Typography.Text>{currentUser?.displayName}</Typography.Text>
+            <Typography.Text>{currentUser?.emails[0]?.value}</Typography.Text>
           </div>
         ),
       },
@@ -91,14 +92,13 @@ function AppProvider() {
         onClick: () => logout().then(() => navigate('/')),
       },
     ],
-    [],
+    [currentUser],
   );
 
   // commenting login UI for now until repositories are merged
-  // return !loggedIn ? (
-  //   <Login />
-  // ) : (
-  return (
+  return authEnabled && !loggedIn ? (
+    <Login />
+  ) : (
     <ConfigProvider
       theme={{
         components: {
@@ -143,22 +143,24 @@ function AppProvider() {
               style={{ flex: 1, minWidth: 0 }}
             />
           </div>
-          {/*<div>*/}
-          {/*  <Dropdown*/}
-          {/*    menu={{ items: profileMenuItems }}*/}
-          {/*    trigger={['click']}*/}
-          {/*    placement={'bottomRight'}*/}
-          {/*  >*/}
-          {/*    <Avatar*/}
-          {/*      icon={<UserOutlined />}*/}
-          {/*      style={{*/}
-          {/*        backgroundColor: 'white',*/}
-          {/*        color: 'black',*/}
-          {/*        cursor: 'pointer',*/}
-          {/*      }}*/}
-          {/*    />*/}
-          {/*  </Dropdown>*/}
-          {/*</div>*/}
+          {authEnabled && (
+            <div>
+              <Dropdown
+                menu={{ items: profileMenuItems }}
+                trigger={['click']}
+                placement={'bottomRight'}
+              >
+                <Avatar
+                  icon={<UserOutlined />}
+                  style={{
+                    backgroundColor: 'white',
+                    color: 'black',
+                    cursor: 'pointer',
+                  }}
+                />
+              </Dropdown>
+            </div>
+          )}
         </Layout.Header>
         {/* Content */}
         <Layout.Content
diff --git a/ui/src/context/auth-context.tsx b/ui/src/context/auth-context.tsx
@@ -1,6 +1,7 @@
 import React, { useCallback, useEffect, useMemo, useState } from 'react';
 import { useGetCurrentUser, useLoginWithToken } from '../hooks/user';
 import apiClient from './client';
+import { useNotification } from '../utils/NotificationContext';
 
 interface AuthContextProps {
   accessToken: any;
@@ -19,15 +20,22 @@ AuthContext.displayName = 'AuthContext';
 
 function AuthProvider(props: any) {
   const [accessToken, setAccessToken] = useState<string>('');
-  // const { data: currentUser, refetch } = useGetCurrentUser(accessToken);
+  const { data: currentUser, refetch } = useGetCurrentUser(accessToken);
   const loginWithTokenMutation = useLoginWithToken();
+  const { setNotification } = useNotification();
 
   const loginWithToken = useCallback(
     async (idToken: string) => {
       return loginWithTokenMutation.mutate(idToken, {
         onSuccess: (response) => {
           setAccessToken(response.access_token);
         },
+        onError: (error) => {
+          setNotification(
+            'Login failed. Please contact your system administrator.',
+            'error',
+          );
+        },
       });
     },
     [loginWithTokenMutation],
@@ -70,7 +78,7 @@ function AuthProvider(props: any) {
       accessToken,
       loginWithToken,
       logout,
-      // currentUser,
+      currentUser,
     }),
     [accessToken, loginWithToken, logout],
   );
diff --git a/ui/src/pages/Login.tsx b/ui/src/pages/Login.tsx
@@ -4,12 +4,10 @@ import GoogleAuthButton from '../components/login/GoogleAuthButton';
 import OktaAuthButton from '../components/login/OktaAuthButton';
 import { useAuth } from '../context/auth-context';
 import KeycloakAuthButton from '../components/login/KeycloakAuthButton';
-import { useNotification } from '../utils/NotificationContext';
 import { useNavigate, useLocation } from 'react-router-dom';
 
 export default function () {
-  const { setNotification } = useNotification();
-  const { loginWithToken, logout } = useAuth();
+  const { loginWithToken } = useAuth();
   const navigate = useNavigate();
   const location = useLocation();
   const from = location.state?.from || '/';
@@ -19,11 +17,7 @@ export default function () {
     process.env.REACT_APP_KEYCLOAK_AUTH_ENABLED === 'true';
 
   const handleGoogleSignIn = async (idToken: string) => {
-    await loginWithToken(idToken)
-      .then(() => navigate(from, { replace: true }))
-      .catch((e: any) => {
-        setNotification(e.message, 'error');
-      });
+    await loginWithToken(idToken).then(() => navigate(from, { replace: true }));
   };
 
   return (

Original file line number	Diff line number	Diff line change
`@@ -126,6 +126,8 @@ public Map<String, ADLSStorageConfig> getAdlsConfigurations() {`
`126`	`126`
`127`	`127`	`// Get a property value by key with a default value`
`128`	`128`	`public String getProperty(String key, String defaultValue) {`
	`129`	`+ if (System.getProperty(key) != null) return System.getProperty(key);`
	`130`	`+ if (System.getenv().containsKey(key)) return System.getenv(key);`
`129`	`131`	`return properties.getProperty(key, defaultValue);`
`130`	`132`	`}`
`131`	`133`	`}`