tftsr-devops_investigation

sarman/tftsr-devops_investigation

Fork 0

Commit Graph

Author	SHA1	Message	Date
Shaun Arman	fbce897608	feat: complete webview cookie extraction implementation Some checks failed Release / build-macos-arm64 (push) Successful in 5m4s Details Release / build-windows-amd64 (push) Has been cancelled Details Release / build-linux-amd64 (push) Has been cancelled Details Release / build-linux-arm64 (push) Has been cancelled Details Implement working cookie extraction using Tauri's IPC event system: How it works: 1. Opens embedded browser window for user to login 2. User completes authentication (including SSO) 3. User clicks "Complete Login" button in UI 4. JavaScript injected into webview extracts `document.cookie` 5. Parsed cookies emitted via Tauri event: `tftsr-cookies-extracted` 6. Rust listens for event and receives cookie data 7. Cookies encrypted and stored in database Technical implementation: - Uses `window.__TAURI__.event.emit()` from injected JavaScript - Rust listens via `app_handle.listen()` with Listener trait - 10-second timeout with clear error messages - Handles empty cookies and JavaScript errors gracefully - Cross-platform compatible (no platform-specific APIs) Cookie limitations: - `document.cookie` only exposes non-HttpOnly cookies - HttpOnly session cookies won't be captured via JavaScript - For HttpOnly cookies, services must provide API tokens as fallback Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-04-03 17:31:48 -05:00
Shaun Arman	32d83df3cf	feat: add multi-mode authentication for integrations (v0.2.10) Some checks failed Release / build-windows-amd64 (push) Has been cancelled Details Release / build-linux-amd64 (push) Has been cancelled Details Release / build-macos-arm64 (push) Has been cancelled Details Release / build-linux-arm64 (push) Has been cancelled Details Implement three authentication methods for Confluence, ServiceNow, and Azure DevOps: 1. OAuth2 - Traditional OAuth flow for enterprise SSO environments 2. Embedded Browser - Webview-based login that captures session cookies/tokens - Solves VPN constraints: users authenticate off-VPN via web UI - Extracted credentials work on-VPN for API calls - Based on confluence-publisher agent pattern 3. Manual Token - Direct API token/PAT input as fallback Changes: - Add webview_auth.rs module for embedded browser authentication - Implement authenticate_with_webview and extract_cookies_from_webview commands - Implement save_manual_token command with validation - Add AuthMethod enum to support all three modes - Add RadioGroup UI component for mode selection - Complete rewrite of Integrations settings page with mode-specific UI - Add secondary button variant for UI consistency VPN-friendly design: Users can authenticate via webview when off-VPN (web UI accessible), then use extracted cookies for API calls when on-VPN (API requires VPN). Addresses enterprise SSO limitations where OAuth app registration is blocked. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-04-03 17:26:09 -05:00

Author

SHA1

Message

Date

Shaun Arman

fbce897608

feat: complete webview cookie extraction implementation

Release / build-macos-arm64 (push) Successful in 5m4s

Details

Release / build-windows-amd64 (push) Has been cancelled

Details

Release / build-linux-amd64 (push) Has been cancelled

Details

Release / build-linux-arm64 (push) Has been cancelled

Details

Implement working cookie extraction using Tauri's IPC event system:

**How it works:**
1. Opens embedded browser window for user to login
2. User completes authentication (including SSO)
3. User clicks "Complete Login" button in UI
4. JavaScript injected into webview extracts `document.cookie`
5. Parsed cookies emitted via Tauri event: `tftsr-cookies-extracted`
6. Rust listens for event and receives cookie data
7. Cookies encrypted and stored in database

**Technical implementation:**
- Uses `window.__TAURI__.event.emit()` from injected JavaScript
- Rust listens via `app_handle.listen()` with Listener trait
- 10-second timeout with clear error messages
- Handles empty cookies and JavaScript errors gracefully
- Cross-platform compatible (no platform-specific APIs)

**Cookie limitations:**
- `document.cookie` only exposes non-HttpOnly cookies
- HttpOnly session cookies won't be captured via JavaScript
- For HttpOnly cookies, services must provide API tokens as fallback

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-04-03 17:31:48 -05:00

Shaun Arman

32d83df3cf

feat: add multi-mode authentication for integrations (v0.2.10)

Release / build-windows-amd64 (push) Has been cancelled

Details

Release / build-linux-amd64 (push) Has been cancelled

Details

Release / build-macos-arm64 (push) Has been cancelled

Details

Release / build-linux-arm64 (push) Has been cancelled

Details

Implement three authentication methods for Confluence, ServiceNow, and Azure DevOps:

1. **OAuth2** - Traditional OAuth flow for enterprise SSO environments
2. **Embedded Browser** - Webview-based login that captures session cookies/tokens
   - Solves VPN constraints: users authenticate off-VPN via web UI
   - Extracted credentials work on-VPN for API calls
   - Based on confluence-publisher agent pattern
3. **Manual Token** - Direct API token/PAT input as fallback

**Changes:**
- Add webview_auth.rs module for embedded browser authentication
- Implement authenticate_with_webview and extract_cookies_from_webview commands
- Implement save_manual_token command with validation
- Add AuthMethod enum to support all three modes
- Add RadioGroup UI component for mode selection
- Complete rewrite of Integrations settings page with mode-specific UI
- Add secondary button variant for UI consistency

**VPN-friendly design:**
Users can authenticate via webview when off-VPN (web UI accessible), then use extracted cookies for API calls when on-VPN (API requires VPN). Addresses enterprise SSO limitations where OAuth app registration is blocked.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-04-03 17:26:09 -05:00

2 Commits