Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • go go
  • Project information
    • Project information
    • Activity
    • Labels
    • Planning hierarchy
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 21
    • Issues 21
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • SRCT
  • gogo
  • Issues
  • #187

Closed
Open
Created Sep 24, 2018 by David Haynes@dhaynes3🙆Owner

Implement auth flow for go_ahead

Summary

As a user I should be able to view the homepage and hit a login button. This login button should be placed in an easy to see area of the screen and redirect me to the CAS login page. After entering my credentials I should be redirected back to the site where I am presented with a visual indication that I am signed in. This session should last for the entire time that the browser is open. I should be able to sign out to clear the session early which should then prevent me from visiting any "internal" pages.

Auth flow exists on an API level through !122 (merged) - !124 (merged)

This should be mostly a React type of thing, pinging the API for auth status and getting the token.

  1. React renders the homepage, failing the token check => logged out
  2. Hit login
  3. Establish session auth
  4. React re-renders the homepage, passing the token check => logged in

bonus: build an "internal" page that functions as a proof of concept for a page that will not render "internal" data without access to the token.

Helpful Links

  • https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage
  • https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch
Assignee
Assign to
Time tracking