From 089d442fb2607d513311492985c0d23df8855442 Mon Sep 17 00:00:00 2001 From: hakansa <43675540+hakansa@users.noreply.github.com> Date: Sat, 14 Jun 2025 00:51:57 +0300 Subject: [PATCH] [client] Display login popup on session expiration (#3955) This PR implements a feature enhancement to display a login popup when the session expires. Key changes include updating flag handling and client construction to support a new login URL popup, revising login and notification handling logic to use the new popup, and updating status and server-side session state management accordingly. --- client/cmd/status.go | 5 +- client/internal/state.go | 9 +-- client/server/server.go | 13 +++- client/ui/client_ui.go | 131 +++++++++++++++++++++++++++++++-------- client/ui/network.go | 2 - 5 files changed, 124 insertions(+), 36 deletions(-) diff --git a/client/cmd/status.go b/client/cmd/status.go index e466f73ab..a85ee925e 100644 --- a/client/cmd/status.go +++ b/client/cmd/status.go @@ -69,7 +69,10 @@ func statusFunc(cmd *cobra.Command, args []string) error { return err } - if resp.GetStatus() == string(internal.StatusNeedsLogin) || resp.GetStatus() == string(internal.StatusLoginFailed) { + status := resp.GetStatus() + + if status == string(internal.StatusNeedsLogin) || status == string(internal.StatusLoginFailed) || + status == string(internal.StatusSessionExpired) { cmd.Printf("Daemon status: %s\n\n"+ "Run UP command to log in with SSO (interactive login):\n\n"+ " netbird up \n\n"+ diff --git a/client/internal/state.go b/client/internal/state.go index 4ae99d944..041cb73f8 100644 --- a/client/internal/state.go +++ b/client/internal/state.go @@ -10,10 +10,11 @@ type StatusType string const ( StatusIdle StatusType = "Idle" - StatusConnecting StatusType = "Connecting" - StatusConnected StatusType = "Connected" - StatusNeedsLogin StatusType = "NeedsLogin" - StatusLoginFailed StatusType = "LoginFailed" + StatusConnecting StatusType = "Connecting" + StatusConnected StatusType = "Connected" + StatusNeedsLogin StatusType = "NeedsLogin" + StatusLoginFailed StatusType = "LoginFailed" + StatusSessionExpired StatusType = "SessionExpired" ) // CtxInitState setup context state into the context tree. diff --git a/client/server/server.go b/client/server/server.go index 72837b59d..31a437c99 100644 --- a/client/server/server.go +++ b/client/server/server.go @@ -8,6 +8,7 @@ import ( "runtime" "strconv" "sync" + "sync/atomic" "time" "github.com/cenkalti/backoff/v4" @@ -66,6 +67,7 @@ type Server struct { lastProbe time.Time persistNetworkMap bool + isSessionActive atomic.Bool } type oauthAuthFlow struct { @@ -567,9 +569,6 @@ func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLogin tokenInfo, err := s.oauthAuthFlow.flow.WaitToken(waitCTX, flowInfo) if err != nil { - if err == context.Canceled { - return nil, nil //nolint:nilnil - } s.mutex.Lock() s.oauthAuthFlow.expiresAt = time.Now() s.mutex.Unlock() @@ -640,6 +639,7 @@ func (s *Server) Up(callerCtx context.Context, _ *proto.UpRequest) (*proto.UpRes for { select { case <-runningChan: + s.isSessionActive.Store(true) return &proto.UpResponse{}, nil case <-callerCtx.Done(): log.Debug("context done, stopping the wait for engine to become ready") @@ -668,6 +668,7 @@ func (s *Server) Down(ctx context.Context, _ *proto.DownRequest) (*proto.DownRes log.Errorf("failed to shut down properly: %v", err) return nil, err } + s.isSessionActive.Store(false) state := internal.CtxGetState(s.rootCtx) state.Set(internal.StatusIdle) @@ -694,6 +695,12 @@ func (s *Server) Status( return nil, err } + if status == internal.StatusNeedsLogin && s.isSessionActive.Load() { + log.Debug("status requested while session is active, returning SessionExpired") + status = internal.StatusSessionExpired + s.isSessionActive.Store(false) + } + statusResponse := proto.StatusResponse{Status: string(status), DaemonVersion: version.NetbirdVersion()} s.statusRecorder.UpdateManagementAddress(s.config.ManagementURL.String()) diff --git a/client/ui/client_ui.go b/client/ui/client_ui.go index ea3349cd1..a1ca4120f 100644 --- a/client/ui/client_ui.go +++ b/client/ui/client_ui.go @@ -20,7 +20,10 @@ import ( "fyne.io/fyne/v2" "fyne.io/fyne/v2/app" + "fyne.io/fyne/v2/canvas" + "fyne.io/fyne/v2/container" "fyne.io/fyne/v2/dialog" + "fyne.io/fyne/v2/layout" "fyne.io/fyne/v2/theme" "fyne.io/fyne/v2/widget" "fyne.io/systray" @@ -51,7 +54,7 @@ const ( ) func main() { - daemonAddr, showSettings, showNetworks, showDebug, errorMsg, saveLogsInFile := parseFlags() + daemonAddr, showSettings, showNetworks, showLoginURL, showDebug, errorMsg, saveLogsInFile := parseFlags() // Initialize file logging if needed. var logFile string @@ -77,13 +80,13 @@ func main() { } // Create the service client (this also builds the settings or networks UI if requested). - client := newServiceClient(daemonAddr, logFile, a, showSettings, showNetworks, showDebug) + client := newServiceClient(daemonAddr, logFile, a, showSettings, showNetworks, showLoginURL, showDebug) // Watch for theme/settings changes to update the icon. go watchSettingsChanges(a, client) // Run in window mode if any UI flag was set. - if showSettings || showNetworks || showDebug { + if showSettings || showNetworks || showDebug || showLoginURL { a.Run() return } @@ -104,7 +107,7 @@ func main() { } // parseFlags reads and returns all needed command-line flags. -func parseFlags() (daemonAddr string, showSettings, showNetworks, showDebug bool, errorMsg string, saveLogsInFile bool) { +func parseFlags() (daemonAddr string, showSettings, showNetworks, showLoginURL, showDebug bool, errorMsg string, saveLogsInFile bool) { defaultDaemonAddr := "unix:///var/run/netbird.sock" if runtime.GOOS == "windows" { defaultDaemonAddr = "tcp://127.0.0.1:41731" @@ -112,6 +115,7 @@ func parseFlags() (daemonAddr string, showSettings, showNetworks, showDebug bool flag.StringVar(&daemonAddr, "daemon-addr", defaultDaemonAddr, "Daemon service address to serve CLI requests [unix|tcp]://[path|host:port]") flag.BoolVar(&showSettings, "settings", false, "run settings window") flag.BoolVar(&showNetworks, "networks", false, "run networks window") + flag.BoolVar(&showLoginURL, "login-url", false, "show login URL in a popup window") flag.BoolVar(&showDebug, "debug", false, "run debug window") flag.StringVar(&errorMsg, "error-msg", "", "displays an error message window") flag.BoolVar(&saveLogsInFile, "use-log-file", false, fmt.Sprintf("save logs in a file: %s/netbird-ui-PID.log", os.TempDir())) @@ -253,6 +257,7 @@ type serviceClient struct { exitNodeStates []exitNodeState mExitNodeDeselectAll *systray.MenuItem logFile string + wLoginURL fyne.Window } type menuHandler struct { @@ -263,7 +268,7 @@ type menuHandler struct { // newServiceClient instance constructor // // This constructor also builds the UI elements for the settings window. -func newServiceClient(addr string, logFile string, a fyne.App, showSettings bool, showNetworks bool, showDebug bool) *serviceClient { +func newServiceClient(addr string, logFile string, a fyne.App, showSettings bool, showNetworks bool, showLoginURL bool, showDebug bool) *serviceClient { ctx, cancel := context.WithCancel(context.Background()) s := &serviceClient{ ctx: ctx, @@ -286,6 +291,8 @@ func newServiceClient(addr string, logFile string, a fyne.App, showSettings bool s.showSettingsUI() case showNetworks: s.showNetworksUI() + case showLoginURL: + s.showLoginURL() case showDebug: s.showDebugUI() } @@ -445,11 +452,11 @@ func (s *serviceClient) getSettingsForm() *widget.Form { } } -func (s *serviceClient) login() error { +func (s *serviceClient) login(openURL bool) (*proto.LoginResponse, error) { conn, err := s.getSrvClient(defaultFailTimeout) if err != nil { log.Errorf("get client: %v", err) - return err + return nil, err } loginResp, err := conn.Login(s.ctx, &proto.LoginRequest{ @@ -457,24 +464,24 @@ func (s *serviceClient) login() error { }) if err != nil { log.Errorf("login to management URL with: %v", err) - return err + return nil, err } - if loginResp.NeedsSSOLogin { + if loginResp.NeedsSSOLogin && openURL { err = open.Run(loginResp.VerificationURIComplete) if err != nil { log.Errorf("opening the verification uri in the browser failed: %v", err) - return err + return nil, err } _, err = conn.WaitSSOLogin(s.ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode}) if err != nil { log.Errorf("waiting sso login failed with: %v", err) - return err + return nil, err } } - return nil + return loginResp, nil } func (s *serviceClient) menuUpClick() error { @@ -486,7 +493,7 @@ func (s *serviceClient) menuUpClick() error { return err } - err = s.login() + _, err = s.login(true) if err != nil { log.Errorf("login failed with: %v", err) return err @@ -558,7 +565,7 @@ func (s *serviceClient) updateStatus() error { defer s.updateIndicationLock.Unlock() // notify the user when the session has expired - if status.Status == string(internal.StatusNeedsLogin) { + if status.Status == string(internal.StatusSessionExpired) { s.onSessionExpire() } @@ -732,7 +739,6 @@ func (s *serviceClient) onTrayReady() { go s.eventHandler.listen(s.ctx) } - func (s *serviceClient) attachOutput(cmd *exec.Cmd) *os.File { if s.logFile == "" { // attach child's streams to parent's streams @@ -871,17 +877,9 @@ func (s *serviceClient) onUpdateAvailable() { // onSessionExpire sends a notification to the user when the session expires. func (s *serviceClient) onSessionExpire() { + s.sendNotification = true if s.sendNotification { - title := "Connection session expired" - if runtime.GOOS == "darwin" { - title = "NetBird connection session expired" - } - s.app.SendNotification( - fyne.NewNotification( - title, - "Please re-authenticate to connect to the network", - ), - ) + s.eventHandler.runSelfCommand("login-url", "true") s.sendNotification = false } } @@ -955,9 +953,9 @@ func (s *serviceClient) updateConfig() error { ServerSSHAllowed: &sshAllowed, RosenpassEnabled: &rosenpassEnabled, DisableAutoConnect: &disableAutoStart, + DisableNotifications: ¬ificationsDisabled, LazyConnectionEnabled: &lazyConnectionEnabled, BlockInbound: &blockInbound, - DisableNotifications: ¬ificationsDisabled, } if err := s.restartClient(&loginRequest); err != nil { @@ -991,6 +989,87 @@ func (s *serviceClient) restartClient(loginRequest *proto.LoginRequest) error { return nil } +// showLoginURL creates a borderless window styled like a pop-up in the top-right corner using s.wLoginURL. +func (s *serviceClient) showLoginURL() { + + resp, err := s.login(false) + if err != nil { + log.Errorf("failed to fetch login URL: %v", err) + return + } + verificationURL := resp.VerificationURIComplete + if verificationURL == "" { + verificationURL = resp.VerificationURI + } + + if verificationURL == "" { + log.Error("no verification URL provided in the login response") + return + } + + resIcon := fyne.NewStaticResource("netbird.png", iconAbout) + + if s.wLoginURL == nil { + s.wLoginURL = s.app.NewWindow("NetBird Session Expired") + s.wLoginURL.Resize(fyne.NewSize(400, 200)) + s.wLoginURL.SetIcon(resIcon) + } + // add a description label + label := widget.NewLabel("Your NetBird session has expired.\nPlease re-authenticate to continue using NetBird.") + + btn := widget.NewButtonWithIcon("Re-authenticate", theme.ViewRefreshIcon(), func() { + + conn, err := s.getSrvClient(defaultFailTimeout) + if err != nil { + log.Errorf("get client: %v", err) + return + } + + if err := openURL(verificationURL); err != nil { + log.Errorf("failed to open login URL: %v", err) + return + } + + _, err = conn.WaitSSOLogin(s.ctx, &proto.WaitSSOLoginRequest{UserCode: resp.UserCode}) + if err != nil { + log.Errorf("Waiting sso login failed with: %v", err) + label.SetText("Waiting login failed, please create \na debug bundle in the settings and contact support.") + return + } + + label.SetText("Re-authentication successful.\nReconnecting") + time.Sleep(300 * time.Millisecond) + _, err = conn.Up(s.ctx, &proto.UpRequest{}) + if err != nil { + label.SetText("Reconnecting failed, please create \na debug bundle in the settings and contact support.") + log.Errorf("Reconnecting failed with: %v", err) + return + } + + label.SetText("Connection successful.\nClosing this window.") + time.Sleep(time.Second) + + s.wLoginURL.Close() + }) + + img := canvas.NewImageFromResource(resIcon) + img.FillMode = canvas.ImageFillContain + img.SetMinSize(fyne.NewSize(64, 64)) + img.Resize(fyne.NewSize(64, 64)) + + // center the content vertically + content := container.NewVBox( + layout.NewSpacer(), + img, + label, + btn, + layout.NewSpacer(), + ) + s.wLoginURL.SetContent(container.NewCenter(content)) + + s.wLoginURL.Show() +} + func openURL(url string) error { var err error switch runtime.GOOS { diff --git a/client/ui/network.go b/client/ui/network.go index b3748a89d..fb73efd7b 100644 --- a/client/ui/network.go +++ b/client/ui/network.go @@ -358,8 +358,6 @@ func (s *serviceClient) updateExitNodes() { } else { s.mExitNode.Disable() } - - log.Debugf("Exit nodes updated: %d", len(s.mExitNodeItems)) } func (s *serviceClient) recreateExitNodeMenu(exitNodes []*proto.Network) {