Revert "Merge pull request #446 from sanopsmx/release-1.28.x"

This reverts commit 3d163b8, reversing changes made to 1158057.
OpsMx · Dec 21, 2023 · bfa0316 · bfa0316
1 parent 786064c
commit bfa0316
Show file tree

Hide file tree

Showing 8 changed files with 12 additions and 216 deletions.
diff --git a/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy b/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy
@@ -34,7 +34,6 @@ import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.builders.WebSecurity
 import org.springframework.security.core.Authentication
-import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
@@ -93,13 +92,11 @@ class AuthConfig {
         .antMatchers(HttpMethod.POST, '/managed/notifications/callbacks/**').permitAll()
         .antMatchers('/health').permitAll()
         .antMatchers('/**').authenticated()
-
-    Authentication auth  = SecurityContextHolder.getContext().getAuthentication();
     if (fiatSessionFilterEnabled) {
       Filter fiatSessionFilter = new FiatSessionFilter(
         fiatSessionFilterEnabled,
         fiatStatus,
-        permissionEvaluator, auth)
+        permissionEvaluator)
 
       http.addFilterBefore(fiatSessionFilter, AnonymousAuthenticationFilter.class)
     }

diff --git a/gate-core/src/main/groovy/com/netflix/spinnaker/gate/filters/FiatSessionFilter.groovy b/gate-core/src/main/groovy/com/netflix/spinnaker/gate/filters/FiatSessionFilter.groovy
@@ -19,11 +19,16 @@ package com.netflix.spinnaker.gate.filters
 import com.netflix.spinnaker.fiat.model.UserPermission
 import com.netflix.spinnaker.fiat.shared.FiatPermissionEvaluator
 import com.netflix.spinnaker.fiat.shared.FiatStatus
+import com.netflix.spinnaker.security.AuthenticatedRequest
 import groovy.util.logging.Slf4j
-import org.springframework.security.core.Authentication
 import org.springframework.security.core.context.SecurityContextHolder
 
-import javax.servlet.*
+import javax.servlet.Filter
+import javax.servlet.FilterChain
+import javax.servlet.FilterConfig
+import javax.servlet.ServletException
+import javax.servlet.ServletRequest
+import javax.servlet.ServletResponse
 import javax.servlet.http.HttpServletRequest
 import javax.servlet.http.HttpSession
 
@@ -38,16 +43,12 @@ class FiatSessionFilter implements Filter {
 
   FiatPermissionEvaluator permissionEvaluator
 
-  Authentication auth
-
   FiatSessionFilter(boolean enabled,
                     FiatStatus fiatStatus,
-                    FiatPermissionEvaluator permissionEvaluator,
-                    Authentication auth ) {
+                    FiatPermissionEvaluator permissionEvaluator) {
     this.enabled = enabled
     this.fiatStatus = fiatStatus
     this.permissionEvaluator = permissionEvaluator
-    this.auth = auth
   }
 
   /**
@@ -59,11 +60,10 @@ class FiatSessionFilter implements Filter {
     UserPermission.View fiatPermission = null
 
     if (fiatStatus.isEnabled() && this.enabled) {
-      String user = auth.getName();
+      String user = AuthenticatedRequest.getSpinnakerUser().orElse(null)
       log.debug("Fiat session filter - found user: ${user}")
 
       if (user != null) {
-        SecurityContextHolder.getContext().setAuthentication(auth);
         fiatPermission = permissionEvaluator.getPermission(user)
         if (fiatPermission == null) {
           HttpServletRequest httpReq = (HttpServletRequest) request

diff --git a/gate-noauth/gate-noauth.gradle b/gate-noauth/gate-noauth.gradle
diff --git a/gate-noauth/src/main/groovy/com/netflix/spinnaker/gate/security/noauth/NoAuthConfig.groovy b/gate-noauth/src/main/groovy/com/netflix/spinnaker/gate/security/noauth/NoAuthConfig.groovy
diff --git a/gate-noauth/src/main/groovy/com/netflix/spinnaker/gate/security/noauth/NoAuthProvider.groovy b/gate-noauth/src/main/groovy/com/netflix/spinnaker/gate/security/noauth/NoAuthProvider.groovy
diff --git a/gate-web/gate-web.gradle b/gate-web/gate-web.gradle
@@ -62,8 +62,7 @@ dependencies {
 
   testImplementation "com.graphql-java-kickstart:graphql-spring-boot-starter-test:7.0.1"
 
-  testImplementation project(":gate-ldap")
-  testImplementation project(":gate-noauth")// TODO: Move system tests to own module
+  testImplementation project(":gate-ldap") // TODO: Move system tests to own module
   testImplementation project(":gate-basic")
   testImplementation project(":gate-oauth2")
   testImplementation "com.squareup.okhttp:mockwebserver"

diff --git a/gradle.properties b/gradle.properties
@@ -1,6 +1,6 @@
 enablePublishing=false
 fiatVersion=1.31.1
-includeProviders=basic,iap,ldap,oauth2,saml,x509,noauth
+includeProviders=basic,iap,ldap,oauth2,saml,x509
 korkVersion=7.136.0
 kotlinVersion=1.4.0
 org.gradle.parallel=true

diff --git a/settings.gradle b/settings.gradle
@@ -35,7 +35,6 @@ include "gate-api",
   "gate-bom",
   "gate-iap",
   "gate-ldap",
-  "gate-noauth",
   "gate-oauth2",
   "gate-proxy",
   "gate-saml",