Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add device management mechanism #6100

Merged
merged 2 commits into from
Jun 26, 2024
Merged

feat: add device management mechanism #6100

merged 2 commits into from
Jun 26, 2024

Conversation

guqing
Copy link
Member

@guqing guqing commented Jun 19, 2024
edited
Loading

What type of PR is this?

/kind feature
/area core
/milestone 2.17.x

What this PR does / why we need it:

新增设备管理功能,实现机制:

  1. 通过 device_id 的 cookie 来追踪新登录设备
  2. 当会话 id 变更时通过 device_id 更新已经被管理的当前登录设备会话
  3. 通过 device_id 来将同设备的额外会话剔除(如关闭浏览器重新打开会剔除旧会话保留当前新会话)
  4. 如果 user agent 或 ip 不匹配则在登录时认为是新设备

Which issue(s) this PR fixes:

Fixes #6023

Does this PR introduce a user-facing change?

新增设备管理功能,允许管理已登录你账号的设备并随时移除可疑设备

@guqing
Copy link
Member Author

guqing commented Jun 19, 2024

Hi @ruibaby , 需要在个人中心增加设备管理的入口,帮忙补充一下 UI 部分

@codecov Codecov
Copy link

codecov bot commented Jun 19, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 23.56495% with 253 lines in your changes missing coverage. Please review.

Project coverage is 54.59%. Comparing base (5fdf6c0) to head (2c9d94f).
Report is 273 commits behind head on main.

Files Patch % Lines
...un/halo/app/security/device/DeviceServiceImpl.java 25.00% 96 Missing and 6 partials ⚠️
...a/run/halo/app/security/device/DeviceEndpoint.java 29.57% 50 Missing ⚠️
...run/halo/app/security/device/DeviceReconciler.java 3.33% 29 Missing ⚠️
...lo/app/security/device/NewDeviceLoginListener.java 3.44% 28 Missing ⚠️
.../main/java/run/halo/app/core/extension/Device.java 0.00% 17 Missing ⚠️
.../app/security/device/DeviceCookieResolverImpl.java 23.52% 13 Missing ⚠️
...berme/PersistentRememberMeTokenRepositoryImpl.java 0.00% 7 Missing ⚠️
.../halo/app/security/device/NewDeviceLoginEvent.java 0.00% 4 Missing ⚠️
.../authentication/login/UsernamePasswordHandler.java 50.00% 2 Missing ⚠️
...ain/java/run/halo/app/infra/SchemeInitializer.java 83.33% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #6100      +/-   ##
============================================
- Coverage     56.91%   54.59%   -2.32%     
- Complexity     3319     3507     +188     
============================================
  Files           587      643      +56     
  Lines         18968    21713    +2745     
  Branches       1401     1516     +115     
============================================
+ Hits          10795    11855    +1060     
- Misses         7594     9247    +1653     
- Partials        579      611      +32

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@f2c-ci-robot f2c-ci-robot
Copy link

f2c-ci-robot bot commented Jun 20, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from guqing. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@f2c-ci-robot f2c-ci-robot bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Jun 20, 2024
@ruibaby ruibaby marked this pull request as ready for review June 20, 2024 06:39
@f2c-ci-robot f2c-ci-robot bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 20, 2024
@f2c-ci-robot f2c-ci-robot bot requested review from JohnNiang and wan92hen June 20, 2024 06:39
@ruibaby
Copy link
Member

ruibaby commented Jun 20, 2024

Hi @ruibaby , 需要在个人中心增加设备管理的入口,帮忙补充一下 UI 部分

Done

@guqing guqing force-pushed the feature/6023 branch 2 times, most recently from c38e427 to 68607ea Compare June 20, 2024 08:05
@guqing guqing mentioned this pull request Jun 24, 2024
Merged
@JohnNiang JohnNiang added kind/feature Categorizes issue or PR as related to a new feature. area/core Issues or PRs related to the Halo Core labels Jun 25, 2024
@JohnNiang JohnNiang added this to the 2.17.x milestone Jun 25, 2024
f2c-ci-robot bot pushed a commit that referenced this pull request Jun 26, 2024
@guqing
feat: implement persistent token based remember me mechanism (#6131)
ae6724a 
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x

#### What this PR does / why we need it:
新增基于持久化 Token 的 RememberMe 机制

本次更新引入了一种新的 RememberMe 机制,该机制基于持久化 Token,以增强安全性和管理灵活性。在此之前,RememberMe 功能通过以下方式生成 Token,并将其作为 cookie 发送回客户端:
```
 username + ":" + expiryTime + ":" + algorithmName + ":"
   + algorithmHex(username + ":" + expiryTime + ":" + password + ":" + key)
```
此方法的优点在于无需存储 Token 就可以进行验证,并且用户密码的更改会自动使 Token 失效。然而,它的主要缺点是缺乏管理能力,例如无法手动撤销 Token。

鉴于最新的设备管理需求(见 PR #6100),我们需要一种支持设备撤销(revoke)的机制。因此,我们采用了持久化 Token 的方式,并通过随机生成的方法来提高安全性,而不将用户名和密码直接签名在 Token 中。新的 Token 格式如下:
```
base64(tokenValue:series)
```
此更改将为系统带来更高的安全保障和更灵活的管理选项,特别是在需要高度控制和监管设备访问时。

#### Does this PR introduce a user-facing change?
```release-note
引入基于持久化 Token 的新 RememberMe 机制以增强安全性和管理灵活性,升级后需要重新登录
```
@f2c-ci-robot f2c-ci-robot bot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Jun 26, 2024
@guqing
Copy link
Member Author

guqing commented Jun 26, 2024

@ruibaby 设备管理页面需要处理一下空状态

@JohnNiang JohnNiang added the tide/merge-method-merge Denotes a PR that should use a standard merge by tide when it merges. label Jun 26, 2024
@JohnNiang JohnNiang merged commit 59edade into halo-dev:main Jun 26, 2024
6 of 7 checks passed
@ruibaby ruibaby modified the milestones: 2.17.x, 2.17.0 Jun 26, 2024
@guqing guqing deleted the feature/6023 branch July 17, 2024 09:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JohnNiang JohnNiang JohnNiang left review comments

@wan92hen wan92hen Awaiting requested review from wan92hen

Assignees
No one assigned
Labels
area/core Issues or PRs related to the Halo Core kind/feature Categorizes issue or PR as related to a new feature. release-note Denotes a PR that will be considered when it comes time to generate release notes. tide/merge-method-merge Denotes a PR that should use a standard merge by tide when it merges.
Projects
None yet
Milestone
2.17.0
Development

Successfully merging this pull request may close these issues.

希望新增设备管理功能
3 participants
@guqing @ruibaby @JohnNiang