Show admin console header if serverinfo is forbidden

Fixes: #30683

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>

.github/workflows/js-ci.yml

@@ -282,7 +282,6 @@ jobs:
           wait-on: http://localhost:8080
           working-directory: js/apps/admin-ui
         env:
-          CYPRESS_BASE_URL: http://localhost:8080/admin/
           SPLIT: ${{ strategy.job-total }}
           SPLIT_INDEX: ${{ strategy.job-index }}
           SPLIT_RANDOM_SEED: ${{ needs.generate-test-seed.outputs.seed }}

js/apps/admin-ui/cypress/e2e/masthead_test.spec.ts

@@ -1,7 +1,9 @@
+import { v4 as uuid } from "uuid";
 import LoginPage from "../support/pages/LoginPage";
 import SidebarPage from "../support/pages/admin-ui/SidebarPage";
 import Masthead from "../support/pages/admin-ui/Masthead";
 import { keycloakBefore } from "../support/util/keycloak_hooks";
+import adminClient from "../support/util/AdminClient";
 
 const loginPage = new LoginPage();
 const masthead = new Masthead();
@@ -64,6 +66,47 @@ describe("Masthead tests", () => {
     });
   });
 
+  describe("Login works for unprivileged users", () => {
+    const realmName = `test-realm-${uuid()}`;
+    const username = `test-user-${uuid()}`;
+
+    before(async () => {
+      await adminClient.createRealm(realmName, { enabled: true });
+
+      await adminClient.inRealm(realmName, () =>
+        adminClient.createUser({
+          username,
+          enabled: true,
+          emailVerified: true,
+          credentials: [{ type: "password", value: "test" }],
+          firstName: "Test",
+          lastName: "User",
+          email: "test@keycloak.org",
+        }),
+      );
+    });
+
+    after(() => adminClient.deleteRealm(realmName));
+
+    it("Login without privileges to see admin console", () => {
+      sidebarPage.waitForPageLoad();
+      masthead.signOut();
+
+      cy.visit(`/admin/${realmName}/console`);
+
+      cy.get('[role="progressbar"]').should("not.exist");
+      cy.get("#username").type(username);
+      cy.get("#password").type("test");
+
+      cy.get("#kc-login").click();
+
+      sidebarPage.waitForPageLoad();
+      masthead.signOut();
+      sidebarPage.waitForPageLoad();
+      loginPage.isLogInPage();
+    });
+  });
+
   describe("Mobile view", () => {
     it("Mobile menu is shown when in mobile view", () => {
       cy.viewport("samsung-s10");

js/apps/admin-ui/src/context/server-info/ServerInfoProvider.tsx

@@ -3,7 +3,8 @@ import {
   createNamedContext,
   useRequiredContext,
 } from "@keycloak/keycloak-ui-shared";
-import { PropsWithChildren, useState } from "react";
+import { NetworkError } from "@keycloak/keycloak-admin-client";
+import { PropsWithChildren, useCallback, useState } from "react";
 import { useAdminClient } from "../../admin-client";
 import { KeycloakSpinner } from "../../components/keycloak-spinner/KeycloakSpinner";
 import { sortProviders } from "../../util";
@@ -22,7 +23,21 @@ export const ServerInfoProvider = ({ children }: PropsWithChildren) => {
   const { adminClient } = useAdminClient();
   const [serverInfo, setServerInfo] = useState<ServerInfoRepresentation>();
 
-  useFetch(adminClient.serverInfo.find, setServerInfo, []);
+  const findServerInfo = useCallback(async () => {
+    try {
+      const serverInfo = await adminClient.serverInfo.find();
+      return serverInfo;
+    } catch (error) {
+      // The user is not allowed to view the server info
+      if (error instanceof NetworkError && error.response?.status === 403) {
+        return {};
+      }
+
+      throw error;
+    }
+  }, []);
+
+  useFetch(findServerInfo, setServerInfo, []);
 
   if (!serverInfo) {
     return <KeycloakSpinner />;