Merge pull request #24496 from backstage/patch-release-pr-24484-24479…

…-24447-24469-24384-24368

Patch release of #24484, #24479, #24447, #24469, #24384, #24368

package.json

@@ -1,6 +1,6 @@
 {
   "name": "root",
-  "version": "1.26.3",
+  "version": "1.26.4",
   "private": true,
   "repository": {
     "type": "git",

packages/backend-app-api/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @backstage/backend-app-api
 
+## 0.7.1
+
+### Patch Changes
+
+- 3554ebe: Move the JWKS registration outside of the lifecycle middleware
+
 ## 0.7.0
 
 ### Minor Changes

packages/backend-app-api/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@backstage/backend-app-api",
   "description": "Core API used by Backstage backend apps",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "main": "src/index.ts",
   "types": "src/index.ts",
   "publishConfig": {

packages/backend-app-api/src/services/implementations/httpRouter/httpRouterServiceFactory.ts

@@ -75,8 +75,8 @@ export const httpRouterServiceFactory = createServiceFactory(
         config,
       });
 
-      router.use(createLifecycleMiddleware({ lifecycle }));
       router.use(createAuthIntegrationRouter({ auth }));
+      router.use(createLifecycleMiddleware({ lifecycle }));
       router.use(credentialsBarrier.middleware);
       router.use(createCookieAuthRefreshMiddleware({ auth, httpAuth }));
 

packages/core-components/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @backstage/core-components
 
+## 0.14.5
+
+### Patch Changes
+
+- a29ed8d: The `SignInPage` guest provider will now fall back to legacy guest auth if the backend request fails, allowing guest auth without a running backend.
+
 ## 0.14.4
 
 ### Patch Changes

packages/core-components/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@backstage/core-components",
   "description": "Core components used by Backstage plugins and apps",
-  "version": "0.14.4",
+  "version": "0.14.5",
   "publishConfig": {
     "access": "public"
   },

packages/core-components/src/layout/SignInPage/guestProvider.tsx

@@ -60,7 +60,11 @@ const Component: ProviderComponent = ({
       discoveryApi,
     });
 
-    const identityResponse = await getIdentity(identity);
+    const identityResponse = await getIdentity(identity).catch(error => {
+      // eslint-disable-next-line no-console
+      console.warn(`Failed to sign in as a guest, ${error}`);
+      return undefined;
+    });
 
     if (!identityResponse) {
       // eslint-disable-next-line no-alert
@@ -108,7 +112,11 @@ const loader: ProviderLoader = async apis => {
     provider: 'guest',
     discoveryApi: apis.get(discoveryApiRef)!,
   });
-  const identityResponse = await getIdentity(identity);
+  const identityResponse = await getIdentity(identity).catch(error => {
+    // eslint-disable-next-line no-console
+    console.warn(`Failed to sign in as a guest, ${error}`);
+    return undefined;
+  });
 
   if (!identityResponse && !useLegacyGuestToken) {
     return undefined;

packages/techdocs-cli/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @techdocs/cli
 
+## 1.8.10
+
+### Patch Changes
+
+- 15768bc: Fix cookie endpoint mock for `serve`
+
 ## 1.8.9
 
 ### Patch Changes

packages/techdocs-cli/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@techdocs/cli",
   "description": "Utility CLI for managing TechDocs sites in Backstage.",
-  "version": "1.8.9",
+  "version": "1.8.10",
   "publishConfig": {
     "access": "public"
   },

packages/techdocs-cli/src/lib/httpServer.ts

@@ -62,7 +62,7 @@ export default class HTTPServer {
           // This endpoind is used by the frontend to issue a cookie for the user.
           // But the MkDocs server doesn't expose it as a the Backestage backend does.
           // So we need to fake it here to prevent 404 errors.
-          if (request.url === '/api/techdocs/cookie') {
+          if (request.url === '/api/techdocs/.backstage/auth/v1/cookie') {
             const oneHourInMilliseconds = 60 * 60 * 1000;
             const expiresAt = new Date(Date.now() + oneHourInMilliseconds);
             const cookie = { expiresAt: expiresAt.toISOString() };

plugins/auth-react/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @backstage/plugin-auth-react
 
+## 0.1.1
+
+### Patch Changes
+
+- efa0e83: When using `CookieAuthRefreshProvider` or `useCookieAuthRefresh`, a 404 response from the cookie endpoint will now be treated as if cookie auth is disabled and is not needed.
+
 ## 0.1.0
 
 ### Minor Changes

plugins/auth-react/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-auth-react",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Web library for the auth plugin",
   "backstage": {
     "role": "web-library"

plugins/auth-react/src/hooks/useCookieAuthRefresh/useCookieAuthRefresh.test.tsx

@@ -217,6 +217,39 @@ describe('useCookieAuthRefresh', () => {
     );
   });
 
+  it('should handle 404 as disabled cookie auth', async () => {
+    const { result } = renderHook(
+      () => useCookieAuthRefresh({ pluginId: 'techdocs' }),
+      {
+        wrapper: ({ children }) => (
+          <TestApiProvider
+            apis={[
+              [
+                fetchApiRef,
+                {
+                  fetch: jest.fn().mockResolvedValue({
+                    ok: false,
+                    status: 404,
+                  }),
+                },
+              ],
+              [discoveryApiRef, discoveryApiMock],
+            ]}
+          >
+            {children}
+          </TestApiProvider>
+        ),
+      },
+    );
+
+    await waitFor(() =>
+      expect(result.current).toEqual({
+        status: 'success',
+        data: { expiresAt: expect.any(Date) },
+      }),
+    );
+  });
+
   it('should call the api to get the cookie and use it', async () => {
     const { result } = renderHook(
       () => useCookieAuthRefresh({ pluginId: 'techdocs' }),

plugins/auth-react/src/hooks/useCookieAuthRefresh/useCookieAuthRefresh.tsx

@@ -24,6 +24,7 @@ import { useAsync, useMountEffect } from '@react-hookz/web';
 import { ResponseError } from '@backstage/errors';
 
 const COOKIE_PATH = '/.backstage/auth/v1/cookie';
+const ONE_YEAR_MS = 365 * 24 * 3600_000;
 
 /**
  * @public
@@ -54,6 +55,14 @@ export function useCookieAuthRefresh(options: {
       credentials: 'include',
     });
     if (!response.ok) {
+      // If we get a 404 from the cookie endpoint we assume that it does not
+      // exist and cookie auth is not needed. For all active tabs we don't
+      // schedule another refresh for the forseeable future, but new tabs will
+      // still check if cookie auth has been added to the deployment.
+      // TODO(Rugvip): Once the legacy backend system is no longer supported we should remove this check
+      if (response.status === 404) {
+        return { expiresAt: new Date(Date.now() + ONE_YEAR_MS) };
+      }
       throw await ResponseError.fromResponse(response);
     }
     const data = await response.json();

plugins/search-backend-module-catalog/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @backstage/plugin-search-backend-module-catalog
 
+## 0.1.23
+
+### Patch Changes
+
+- 9d6543c: Fix wiring of the module exported at the `/alpha` path, which was causing authentication failures.
+
 ## 0.1.22
 
 ### Patch Changes

plugins/search-backend-module-catalog/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-search-backend-module-catalog",
-  "version": "0.1.22",
+  "version": "0.1.23",
   "description": "A module for the search backend that exports catalog modules",
   "backstage": {
     "role": "backend-plugin-module"

plugins/search-backend-module-catalog/src/alpha.ts

@@ -77,6 +77,7 @@ export default createBackendModule({
 
     env.registerInit({
       deps: {
+        auth: coreServices.auth,
         config: coreServices.rootConfig,
         discovery: coreServices.discovery,
         tokenManager: coreServices.tokenManager,
@@ -85,6 +86,7 @@ export default createBackendModule({
         catalog: catalogServiceRef,
       },
       async init({
+        auth,
         config,
         discovery,
         tokenManager,
@@ -97,6 +99,7 @@ export default createBackendModule({
             readScheduleConfigOptions(config),
           ),
           factory: DefaultCatalogCollatorFactory.fromConfig(config, {
+            auth,
             entityTransformer,
             discovery,
             tokenManager,

plugins/search-backend-module-explore/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @backstage/plugin-search-backend-module-explore
 
+## 0.1.23
+
+### Patch Changes
+
+- da02d13: Migrate search collator to use the new auth services.
+
 ## 0.1.22
 
 ### Patch Changes

plugins/search-backend-module-explore/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-search-backend-module-explore",
-  "version": "0.1.22",
+  "version": "0.1.23",
   "description": "A module for the search backend that exports explore modules",
   "backstage": {
     "role": "backend-plugin-module"

plugins/search-backend-module-explore/src/alpha.ts

@@ -44,15 +44,17 @@ export default createBackendModule({
         discovery: coreServices.discovery,
         scheduler: coreServices.scheduler,
         tokenManager: coreServices.tokenManager,
+        auth: coreServices.auth,
         indexRegistry: searchIndexRegistryExtensionPoint,
       },
       async init({
         config,
         logger,
         discovery,
         scheduler,
-        indexRegistry,
         tokenManager,
+        auth,
+        indexRegistry,
       }) {
         const defaultSchedule = {
           frequency: { minutes: 10 },
@@ -71,6 +73,7 @@ export default createBackendModule({
           factory: ToolDocumentCollatorFactory.fromConfig(config, {
             discovery,
             logger,
+            auth,
             tokenManager,
           }),
         });