Upgrade node 18

package.json

@@ -65,7 +65,7 @@
   "packageManager": "yarn@3.6.1",
   "engines": {
     "yarn": ">=3.6.0",
-    "node": ">=16"
+    "node": ">=18"
   },
   "dependencies": {
     "jasmine": "^5.1.0"

packages/kubernetes-api-app/package.json

@@ -16,7 +16,7 @@
     "@patternfly/react-styles": "^4.92.6",
     "@patternfly/react-table": "^4.113.0",
     "@patternfly/react-tokens": "^4.94.6",
-    "@types/node": "^18.17.18",
+    "@types/node": "^18.18.9",
     "@types/react": "^18.2.21",
     "@types/react-dom": "^18.2.7",
     "mini-css-extract-plugin": "2.7.6",
@@ -59,6 +59,6 @@
   "packageManager": "yarn@3.6.0",
   "engines": {
     "yarn": ">=3.6.0",
-    "node": ">=16"
+    "node": ">=18"
   }
 }

packages/kubernetes-api-app/webpack.config.js

@@ -147,7 +147,6 @@ module.exports = () => {
       /Failed to parse source map/,
     ],
     resolve: {
-      modules: [path.resolve(__dirname, 'node_modules'), path.resolve(__dirname, '../../node_modules')],
       extensions: ['.js', '.ts', '.tsx', '.jsx'],
       alias: {
         'react-native': 'react-native-web',

packages/kubernetes-api/package.json

@@ -32,7 +32,7 @@
     "@hawtio/react": "^0.6.1",
     "@types/jquery": "^3.5.25",
     "@types/jsonpath": "^0.2.0",
-    "@types/node": "^18.17.18",
+    "@types/node": "^18.18.9",
     "eventemitter3": "^5.0.1",
     "jquery": "^3.7.0",
     "js-logger": "^1.6.1",
@@ -61,7 +61,7 @@
   "packageManager": "yarn@3.6.0",
   "engines": {
     "yarn": ">=3.6.0",
-    "node": ">=16"
+    "node": ">=18"
   },
   "publishConfig": {
     "access": "restricted"

packages/management-api-app/package.json

@@ -16,7 +16,7 @@
     "@patternfly/react-styles": "^4.92.6",
     "@patternfly/react-table": "^4.113.0",
     "@patternfly/react-tokens": "^4.94.6",
-    "@types/node": "^18.17.18",
+    "@types/node": "^18.18.9",
     "@types/react": "^18.2.21",
     "@types/react-dom": "^18.2.7",
     "mini-css-extract-plugin": "2.7.6",
@@ -59,6 +59,6 @@
   "packageManager": "yarn@3.6.0",
   "engines": {
     "yarn": ">=3.6.0",
-    "node": ">=16"
+    "node": ">=18"
   }
 }

packages/management-api-app/webpack.config.js

@@ -152,7 +152,6 @@ module.exports = () => {
       /Failed to parse source map/,
     ],
     resolve: {
-      modules: [path.resolve(__dirname, 'node_modules'), path.resolve(__dirname, '../../node_modules')],
       extensions: ['.js', '.ts', '.tsx', '.jsx'],
       alias: {
         'react-native': 'react-native-web',

packages/management-api/package.json

@@ -62,7 +62,7 @@
   "packageManager": "yarn@3.6.0",
   "engines": {
     "yarn": ">=3.6.0",
-    "node": ">=16"
+    "node": ">=18"
   },
   "publishConfig": {
     "access": "restricted"

packages/oauth-app/package.json

@@ -16,7 +16,7 @@
     "@patternfly/react-styles": "^4.92.6",
     "@patternfly/react-table": "^4.113.0",
     "@patternfly/react-tokens": "^4.94.6",
-    "@types/node": "^18.17.18",
+    "@types/node": "^18.18.9",
     "@types/react": "^18.2.21",
     "@types/react-dom": "^18.2.7",
     "mini-css-extract-plugin": "2.7.6",
@@ -61,6 +61,6 @@
   "packageManager": "yarn@3.6.0",
   "engines": {
     "yarn": ">=3.6.0",
-    "node": ">=16"
+    "node": ">=18"
   }
 }

packages/oauth-app/webpack.config.js

@@ -147,7 +147,6 @@ module.exports = () => {
       /Failed to parse source map/,
     ],
     resolve: {
-      modules: [path.resolve(__dirname, 'node_modules'), path.resolve(__dirname, '../../node_modules')],
       extensions: ['.js', '.ts', '.tsx', '.jsx'],
       alias: {
         'react-native': 'react-native-web',

packages/oauth/package.json

@@ -31,11 +31,13 @@
   "dependencies": {
     "@hawtio/react": "^0.6.1",
     "babel-jest": "^29.6.1",
+    "fetch-intercept": "^2.4.0",
     "jest-extended": "^4.0.0",
     "jquery": "^3.7.0",
     "js-logger": "^1.6.1",
     "ts-node": "^10.9.1",
-    "typescript": "^5.2.2"
+    "typescript": "^5.2.2",
+    "whatwg-fetch": "^3.6.19"
   },
   "devDependencies": {
     "@types/jest": "^29.5.8",
@@ -55,7 +57,7 @@
   "packageManager": "yarn@3.6.0",
   "engines": {
     "yarn": ">=3.6.0",
-    "node": ">=16"
+    "node": ">=18"
   },
   "publishConfig": {
     "access": "restricted"

packages/oauth/src/form/form-service.ts

@@ -1,4 +1,5 @@
 import $ from 'jquery'
+import * as fetchIntercept from 'fetch-intercept'
 import { getCookie } from '../utils'
 import { log, OAuthProtoService, UserProfile } from '../globals'
 import { FormConfig, FORM_TOKEN_STORAGE_KEY, FORM_AUTH_PROTOCOL_MODULE, ResolveUser } from './globals'
@@ -10,17 +11,24 @@ type LoginOptions = {
   uri: URL
 }
 
+interface Headers {
+  Authorization: string
+  'X-XSRF-TOKEN'?: string
+}
+
 export class FormService implements OAuthProtoService {
   private userProfile: UserProfile
   private formConfig: FormConfig | null
   private loggedIn: boolean
+  private fetchUnregister: (() => void) | null
 
   constructor(formConfig: FormConfig | null, userProfile: UserProfile) {
     log.debug('Initialising Form Auth Service')
     this.userProfile = userProfile
     this.userProfile.setOAuthType(FORM_AUTH_PROTOCOL_MODULE)
     this.formConfig = formConfig
     this.loggedIn = this.initLogin()
+    this.fetchUnregister = null
   }
 
   private initLogin(): boolean {
@@ -111,28 +119,27 @@ export class FormService implements OAuthProtoService {
     }
 
     log.debug('Intercept Fetch API to attach auth token to authorization header')
-    const { fetch: originalFetch } = window
-    window.fetch = async (input: RequestInfo | URL, init?: RequestInit): Promise<Response> => {
-      log.debug('Fetch intercepted for oAuth authentication')
-
-      init = { ...init }
-      init.headers = {
-        ...init.headers,
-        Authorization: `Bearer ${this.userProfile.getToken()}`,
-      }
+    this.fetchUnregister = fetchIntercept.register({
+      request: (url, config) => {
+        log.debug('Fetch intercepted for oAuth authentication')
 
-      // For CSRF protection with Spring Security
-      const token = getCookie('XSRF-TOKEN')
-      if (token) {
-        log.debug('Set XSRF token header from cookies')
-        init.headers = {
-          ...init.headers,
-          'X-XSRF-TOKEN': token,
+        let headers: Headers = {
+          Authorization: `Bearer ${this.userProfile.getToken()}`,
         }
-      }
 
-      return originalFetch(input, init)
-    }
+        // For CSRF protection with Spring Security
+        const token = getCookie('XSRF-TOKEN')
+        if (token) {
+          log.debug('Set XSRF token header from cookies')
+          headers = {
+            ...headers,
+            'X-XSRF-TOKEN': token,
+          }
+        }
+
+        return [url, { headers, ...config }]
+      },
+    })
   }
 
   private setupJQueryAjax() {
@@ -163,6 +170,8 @@ export class FormService implements OAuthProtoService {
   }
 
   doLogout(): void {
+    if (this.fetchUnregister) this.fetchUnregister()
+
     const currentURI = new URL(window.location.href)
     this.forceRelogin(currentURI)
   }

packages/oauth/src/openshift/osoauth-service.ts

@@ -1,4 +1,5 @@
 import $ from 'jquery'
+import * as fetchIntercept from 'fetch-intercept'
 import { log, OAuthProtoService, UserProfile } from '../globals'
 import { fetchPath, isBlank, getCookie } from '../utils'
 import { CLUSTER_CONSOLE_KEY } from '../metadata'
@@ -12,7 +13,7 @@ import {
   OpenShiftOAuthConfig,
   ResolveUser,
 } from './globals'
-import { buildUserInfoUri, checkToken, currentTimeSeconds, doLogout, tokenHasExpired } from './support'
+import { buildUserInfoUri, checkToken, currentTimeSeconds, forceRelogin, tokenHasExpired } from './support'
 import { userService } from '@hawtio/react'
 
 interface UserObject {
@@ -26,6 +27,11 @@ interface UserObject {
   groups: string[]
 }
 
+interface Headers {
+  Authorization: string
+  'X-XSRF-TOKEN'?: string
+}
+
 export class OSOAuthService implements OAuthProtoService {
   private userInfoUri = ''
   private keepaliveInterval = 10
@@ -34,13 +40,15 @@ export class OSOAuthService implements OAuthProtoService {
   private userProfile: UserProfile
   private readonly adaptedConfig: Promise<OpenShiftOAuthConfig | null>
   private readonly login: Promise<boolean>
+  private fetchUnregister: (() => void) | null
 
   constructor(openShiftConfig: OpenShiftOAuthConfig, userProfile: UserProfile) {
     log.debug('Initialising Openshift OAuth Service')
     this.userProfile = userProfile
     this.userProfile.setOAuthType(OAUTH_OS_PROTOCOL_MODULE)
     this.adaptedConfig = this.processConfig(openShiftConfig)
     this.login = this.createLogin()
+    this.fetchUnregister = null
   }
 
   private async processConfig(config: OpenShiftOAuthConfig): Promise<OpenShiftOAuthConfig | null> {
@@ -95,37 +103,37 @@ export class OSOAuthService implements OAuthProtoService {
     }
 
     log.debug('Intercept Fetch API to attach Openshift auth token to authorization header')
-    const { fetch: originalFetch } = window
-    window.fetch = async (input: RequestInfo | URL, init?: RequestInit): Promise<Response> => {
-      log.debug('Fetch intercepted for oAuth authentication')
+    const unregister = fetchIntercept.register({
+      request: (url, config) => {
+        log.debug('Fetch intercepted for oAuth authentication')
 
-      if (tokenHasExpired(this.userProfile)) {
-        return new Promise((resolve, _) => {
-          const reason = `Cannot navigate to ${input} as token expired so need to logout`
+        if (tokenHasExpired(this.userProfile)) {
+          const reason = `Cannot navigate to ${url} as token expired so need to logout`
           log.debug(reason)
-          doLogout(config)
-          resolve(Response.error())
-        })
-      }
 
-      init = { ...init }
-      init.headers = {
-        ...init.headers,
-        Authorization: `Bearer ${this.userProfile.getToken()}`,
-      }
+          // Unregister this fetch handler before logging out
+          unregister()
 
-      // For CSRF protection with Spring Security
-      const token = getCookie('XSRF-TOKEN')
-      if (token) {
-        log.debug('Set XSRF token header from cookies')
-        init.headers = {
-          ...init.headers,
-          'X-XSRF-TOKEN': token,
+          this.doLogout(config)
         }
-      }
 
-      return originalFetch(input, init)
-    }
+        let headers: Headers = {
+          Authorization: `Bearer ${this.userProfile.getToken()}`,
+        }
+
+        // For CSRF protection with Spring Security
+        const token = getCookie('XSRF-TOKEN')
+        if (token) {
+          log.debug('Set XSRF token header from cookies')
+          headers = {
+            ...headers,
+            'X-XSRF-TOKEN': token,
+          }
+        }
+
+        return [url, { headers, ...config }]
+      },
+    })
   }
 
   private setupJQueryAjax(config: OpenShiftOAuthConfig) {
@@ -137,7 +145,7 @@ export class OSOAuthService implements OAuthProtoService {
     const beforeSend = (xhr: JQueryXHR, settings: JQueryAjaxSettings) => {
       if (tokenHasExpired(this.userProfile)) {
         log.debug(`Cannot navigate to ${settings.url} as token expired so need to logout`)
-        doLogout(config)
+        this.doLogout(config)
         return
       }
 
@@ -187,7 +195,7 @@ export class OSOAuthService implements OAuthProtoService {
         // In that case, let's just skip the error and go through another refresh cycle.
         // See http://stackoverflow.com/questions/2000609/jquery-ajax-status-code-0 for more details.
         log.error('Failed to fetch user info, status: ', response.statusText)
-        doLogout(config)
+        this.doLogout(config)
       }
     }
 
@@ -206,7 +214,7 @@ export class OSOAuthService implements OAuthProtoService {
 
     if (tokenHasExpired(this.userProfile)) {
       log.debug('Token has expired so logging out')
-      doLogout(config)
+      this.doLogout(config)
       return true
     }
 
@@ -233,7 +241,7 @@ export class OSOAuthService implements OAuthProtoService {
       const tokenParams = checkToken(currentURI)
       if (!tokenParams) {
         log.debug('No Token so initiating new login')
-        doLogout(config)
+        this.doLogout(config)
         return false
       }
 
@@ -263,6 +271,19 @@ export class OSOAuthService implements OAuthProtoService {
     }
   }
 
+  private doLogout(config: OpenShiftOAuthConfig): void {
+    if (this.fetchUnregister) this.fetchUnregister()
+
+    const currentURI = new URL(window.location.href)
+    // The following request returns 403 when delegated authentication with an
+    // OAuthClient is used, as possible scopes do not grant permissions to access the OAuth API:
+    // See https://github.com/openshift/origin/issues/7011
+    //
+    // So little point in trying to delete the token. Lets do in client-side only
+    //
+    forceRelogin(currentURI, config)
+  }
+
   async isLoggedIn(): Promise<boolean> {
     return await this.login
   }
@@ -308,7 +329,7 @@ export class OSOAuthService implements OAuthProtoService {
 
       log.info('Log out Openshift')
       try {
-        doLogout(config)
+        this.doLogout(config)
       } catch (error) {
         log.error('Error logging out Openshift:', error)
       }