Show admin console header if serverinfo is forbidden

Fixes: #30683 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-06-27 17:38:20 +02:00 · 2024-06-27 17:38:20 +02:00 · 287916997e
commit 287916997e
parent d534860e2b
3 changed files with 60 additions and 3 deletions
--- a/.github/workflows/js-ci.yml
+++ b/.github/workflows/js-ci.yml
@ -282,7 +282,6 @@ jobs:
          wait-on: http://localhost:8080
          working-directory: js/apps/admin-ui
        env:
-          CYPRESS_BASE_URL: http://localhost:8080/admin/
          SPLIT: ${{ strategy.job-total }}
          SPLIT_INDEX: ${{ strategy.job-index }}
          SPLIT_RANDOM_SEED: ${{ needs.generate-test-seed.outputs.seed }}
--- a/js/apps/admin-ui/cypress/e2e/masthead_test.spec.ts
+++ b/js/apps/admin-ui/cypress/e2e/masthead_test.spec.ts
@ -1,7 +1,9 @@
+import { v4 as uuid } from "uuid";
 import LoginPage from "../support/pages/LoginPage";
 import SidebarPage from "../support/pages/admin-ui/SidebarPage";
 import Masthead from "../support/pages/admin-ui/Masthead";
 import { keycloakBefore } from "../support/util/keycloak_hooks";
+import adminClient from "../support/util/AdminClient";

 const loginPage = new LoginPage();
 const masthead = new Masthead();
@ -64,6 +66,47 @@ describe("Masthead tests", () => {
    });
  });

+  describe("Login works for unprivileged users", () => {
+    const realmName = `test-realm-${uuid()}`;
+    const username = `test-user-${uuid()}`;
+
+    before(async () => {
+      await adminClient.createRealm(realmName, { enabled: true });
+
+      await adminClient.inRealm(realmName, () =>
+        adminClient.createUser({
+          username,
+          enabled: true,
+          emailVerified: true,
+          credentials: [{ type: "password", value: "test" }],
+          firstName: "Test",
+          lastName: "User",
+          email: "test@keycloak.org",
+        }),
+      );
+    });
+
+    after(() => adminClient.deleteRealm(realmName));
+
+    it("Login without privileges to see admin console", () => {
+      sidebarPage.waitForPageLoad();
+      masthead.signOut();
+
+      cy.visit(`/admin/${realmName}/console`);
+
+      cy.get('[role="progressbar"]').should("not.exist");
+      cy.get("#username").type(username);
+      cy.get("#password").type("test");
+
+      cy.get("#kc-login").click();
+
+      sidebarPage.waitForPageLoad();
+      masthead.signOut();
+      sidebarPage.waitForPageLoad();
+      loginPage.isLogInPage();
+    });
+  });
+
  describe("Mobile view", () => {
    it("Mobile menu is shown when in mobile view", () => {
      cy.viewport("samsung-s10");
--- a/js/apps/admin-ui/src/context/server-info/ServerInfoProvider.tsx
+++ b/js/apps/admin-ui/src/context/server-info/ServerInfoProvider.tsx
@ -3,7 +3,8 @@ import {
  createNamedContext,
  useRequiredContext,
 } from "@keycloak/keycloak-ui-shared";
-import { PropsWithChildren, useState } from "react";
+import { NetworkError } from "@keycloak/keycloak-admin-client";
+import { PropsWithChildren, useCallback, useState } from "react";
 import { useAdminClient } from "../../admin-client";
 import { KeycloakSpinner } from "../../components/keycloak-spinner/KeycloakSpinner";
 import { sortProviders } from "../../util";
@ -22,7 +23,21 @@ export const ServerInfoProvider = ({ children }: PropsWithChildren) => {
  const { adminClient } = useAdminClient();
  const [serverInfo, setServerInfo] = useState<ServerInfoRepresentation>();

-  useFetch(adminClient.serverInfo.find, setServerInfo, []);
+  const findServerInfo = useCallback(async () => {
+    try {
+      const serverInfo = await adminClient.serverInfo.find();
+      return serverInfo;
+    } catch (error) {
+      // The user is not allowed to view the server info
+      if (error instanceof NetworkError && error.response?.status === 403) {
+        return {};
+      }
+
+      throw error;
+    }
+  }, []);
+
+  useFetch(findServerInfo, setServerInfo, []);

  if (!serverInfo) {
    return <KeycloakSpinner />;