Fix issue where Stratos SSO failed to show (#4764)

* Fix issue where Stratos SSO failed to show
- ensure x-stratos-sso-login header is returned for verify
- also ensure secure cache middlewear rungs for /api

* fix error

src/jetstream/main.go

@@ -957,8 +957,11 @@ func (p *portalProxy) registerRoutes(e *echo.Echo, needSetupMiddleware bool) {
 
 	staticDir, staticDirErr := getStaticFiles(p.Env().String("UI_PATH", "./ui"))
 
+	api := e.Group("/api")
+	api.Use(p.setSecureCacheContentMiddleware)
+
 	// Verify Session
-	e.GET("/api/v1/auth/verify", p.verifySession)
+	api.GET("/v1/auth/verify", p.verifySession)
 
 	// Always serve the backend API from /pp
 	pp := e.Group("/pp")
@@ -1010,7 +1013,7 @@ func (p *portalProxy) registerRoutes(e *echo.Echo, needSetupMiddleware bool) {
 	apiKeyGroupConfig := MiddlewareConfig{Skipper: p.apiKeySkipper}
 
 	// API endpoints with Swagger documentation and accessible with an API key
-	stableAPIGroup := e.Group("/api/v1")
+	stableAPIGroup := api.Group("/v1")
 	stableAPIGroup.Use(p.apiKeyMiddleware)
 	stableAPIGroup.Use(p.sessionMiddlewareWithConfig(apiKeyGroupConfig))
 	stableAPIGroup.Use(p.xsrfMiddlewareWithConfig(apiKeyGroupConfig))

src/jetstream/middleware.go

@@ -24,9 +24,6 @@ const cfSessionCookieName = "JSESSIONID"
 // Header to communicate the configured Cookie Domain
 const StratosDomainHeader = "x-stratos-domain"
 
-// Header to communicate whether SSO Login is enabled and if so, any configured options
-const StratosSSOHeader = "x-stratos-sso-login"
-
 // Header to communicate any error during SSO
 const StratosSSOErrorHeader = "x-stratos-sso-error"
 
@@ -42,17 +39,6 @@ const APIKeyAuthScheme = "Bearer"
 func handleSessionError(config interfaces.PortalConfig, c echo.Context, err error, doNotLog bool, msg string) error {
 	log.Debug("handleSessionError")
 
-	// Add header so front-end knows SSO login is enabled
-	if config.SSOLogin {
-		// A non-empty SSO Header means SSO is enabled
-		// Use the string "enabled" or send the options string if we have one
-		options := "enabled"
-		if len(config.SSOOptions) > 0 {
-			options = config.SSOOptions
-		}
-		c.Response().Header().Set(StratosSSOHeader, options)
-	}
-
 	if strings.Contains(err.Error(), "dial tcp") {
 		return interfaces.NewHTTPShadowError(
 			http.StatusServiceUnavailable,

src/jetstream/session.go

@@ -33,6 +33,9 @@ const (
 	jetstreamSessionName              = "console-session"
 	jetStreamSessionContextKey        = "jetstream-session"
 	jetStreamSessionContextUpdatedKey = "jetstream-session-updated"
+
+	// Header to communicate whether SSO Login is enabled and if so, any configured options
+	stratosSSOHeader = "x-stratos-sso-login"
 )
 
 // SessionValueNotFound - Error returned when a requested key was not found in the session
@@ -274,32 +277,35 @@ func (p *portalProxy) verifySession(c echo.Context) error {
 		return info, err
 	}
 
-	var jsonErr error
-
 	info, sessionVerifyErr := collectErrors(p, c)
 	if sessionVerifyErr != nil {
 		p.clearSessionCookie(c, true)
 
-		jsonErr = c.JSON(
+		// Add header so front-end knows SSO login is enabled
+		if p.Config.SSOLogin {
+			// A non-empty SSO Header means SSO is enabled
+			// Use the string "enabled" or send the options string if we have one
+			options := "enabled"
+			if len(p.Config.SSOOptions) > 0 {
+				options = p.Config.SSOOptions
+			}
+			c.Response().Header().Set(stratosSSOHeader, options)
+		}
+
+		return c.JSON(
 			http.StatusOK,
 			SessionInfoEnvelope{
 				Status: "error",
 				Error:  sessionVerifyErr.Error(),
 			},
 		)
-	} else {
-		jsonErr = c.JSON(
-			http.StatusOK,
-			SessionInfoEnvelope{
-				Status: "ok",
-				Data:   info,
-			},
-		)
 	}
 
-	if jsonErr != nil {
-		return jsonErr
-	}
-
-	return nil
+	return c.JSON(
+		http.StatusOK,
+		SessionInfoEnvelope{
+			Status: "ok",
+			Data:   info,
+		},
+	)
 }