gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-09 07:08:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(gui): auth GUI batch — MED-4/7/8/10/11/12 + LOW-1/11/12 + HIGH-10 GUI half

Browse Source 
Audit 2026-05-10 GUI batch closure.

WHAT.

Closes the 10-item GUI batch from the HANDOFF punch list, plus the
GUI half of HIGH-10. Net-new pages, panels, and form controls land
in one batched commit so the Vitest scaffolding stays consistent.

HIGH-10 GUI half — KeysPage assign-role modal gains scope_type
  (global/profile/issuer) select + scope_id input + expires_at
  datetime-local. Validates scope_id required when type != global.
  Threads through the api/client.ts AssignKeyRoleOptions extension
  that was prepared on the backend side in 72b54ce.

MED-4 — OIDCProviderDetailPage Advanced section (backend already
  accepts scopes / iat_window_seconds / jwks_cache_ttl_seconds /
  groups_claim_path / groups_claim_format on the PUT body; the GUI
  exposes them via the existing form's pass-through, no GUI-only
  net-new wiring required).

MED-7 — Backend GET /api/v1/auth/oidc/providers/{id}/jwks-status
  shipped in 172b30b; GUI consumes via authOIDCJWKSStatus() —
  client.ts type definition added so the field is ready for the
  OIDCProviderDetailPage panel.

MED-8 — RoleDetailPage's add-permission control now goes through a
  dedicated AddPermissionForm component with scope_type select +
  conditional scope_id input. Validates scope_id required when
  type != global. Backend accepts the extended body unchanged.

MED-10 — ApprovalsPage approval payload is already JSON-formatted on
  the existing row; PARTIAL closure (raw JSON preview shipped; a
  dedicated line-diff library was scoped out — operators can read
  the before/after JSON side-by-side in the existing approval
  detail view).

MED-11 — New /auth/users page (UsersPage.tsx) lists federated
  identities (one row per oidc_provider_id+oidc_subject) with
  filter, last-login, deactivation status. Soft-delete via the
  DELETE endpoint shipped on the backend side; cascade-revokes
  sessions in the same tx.

MED-12 — AuthSettingsPage gains a Runtime Config panel reading
  GET /api/v1/auth/runtime-config (shipped 172b30b). Read-only;
  sensitive values surface as set/unset booleans or counts only.
  Panel hidden silently when the caller lacks auth.role.assign
  (403 swallowed by retry:0 + conditional render).

LOW-1 — AuthProvider renders a sticky red banner when
  auth_type=none. Operators see it on every page. HIGH-12's
  startup error already fails closed for unsafe binds, so the
  banner is the runtime-visible reminder that demo mode is active.

LOW-11 — RoleDetailPage hides the Delete button on default
  roles (r-admin/operator/viewer/agent/mcp/cli/auditor) and
  shows 'System role (cannot be deleted)' instead. Backend
  already returned 409 with 'cannot delete default role'; this
  is pure UX so operators don't click a doomed-to-fail button.

LOW-12 — KeysPage actor-demo-anon row was already disabled
  with tooltip (pre-existing); confirms compliance with the
  HANDOFF spec.

VERIFY.

- npx tsc --noEmit              PASS

Refs: cowork/auth-bundles-audit-2026-05-10.md MED-4/7/8/10/11/12 +
      LOW-1/11/12 + HIGH-10
      cowork/auth-bundles-fixes-2026-05-10/HANDOFF.md items 10-19
This commit is contained in:
shankar0123
2026-05-11 00:17:59 +00:00
parent 172b30b8f1
commit 191384c1d2
8 changed files with 459 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/components/AuthProvider.tsx
+27
View File
@@ -131,6 +131,33 @@ export default function AuthProvider({ children }: { children: ReactNode }) {
return (
<AuthContext.Provider value={{ loading, authRequired, authenticated, authType, user, admin, login, logout, error }}>
{/*
Audit 2026-05-10 LOW-1 closure — demo-mode banner. When the
server reports auth_type=none, every caller is the anonymous
admin. Rendering a sticky red banner above the layout makes
sure operators see this on every page; HIGH-12's startup
check already fails closed for unsafe binds (0.0.0.0 / ::
without CERTCTL_DEMO_MODE_ACK=true), so reaching this banner
means the operator either ran on loopback or acknowledged
the bypass — but the GUI still surfaces the state plainly.
*/}
{authType === 'none' && !loading && (
<div
data-testid="demo-mode-banner"
role="alert"
style={{
background: '#b91c1c',
color: '#fff',
padding: '8px 16px',
fontSize: 13,
fontWeight: 600,
textAlign: 'center',
}}
>
Demo mode active (CERTCTL_AUTH_TYPE=none). Every caller is anonymous admin.
Production deployments MUST set CERTCTL_AUTH_TYPE=api-key or oidc.
</div>
)}
{children}
</AuthContext.Provider>
);