feat: Add warning that internal authentication shouldn't be used in p…

…roduction (#506)

README.md

@@ -165,6 +165,7 @@ cd -
 
 Once Service Workbench is fully deployed, the console will output the Website URL and Root Password for Service Workbench. You can log in by navigating to the Website URL in any browser, and then using the username 'root' and the Root Password given by the console. Please note that logging as the root user is highly discouraged, and should only be used for initial setup. You can create a new user by clicking the "Users" tab on the left, then "Add Local User". Follow the instructions given to create the user (you can leave the 'Project' field blank for now), then log out of the root account and into your new user account.
 
+Adding a local user should only be done in test environments. We highly recommend using an IDP for prod environments. For more details on how to set up an IDP, please click [here](/docs/docs/user_guide/sidebar/admin/auth/introduction.md)
 ## Linking an existing AWS account
 
 Once in your user account, you'll need to link your AWS account. Navigate to "AWS Accounts" in the left bar, then click the "AWS Accounts" tab. From here, you can create an AWS account, or link an existing one.

addons/addon-base-raas-ui/packages/base-raas-ui/src/models/users/User.js

@@ -102,6 +102,10 @@ const User = types
       return _.toLower(self.userType) === 'root';
     },
 
+    get isInternalAuthUser() {
+      return _.toLower(self.authenticationProviderId) === 'internal';
+    },
+
     get isActive() {
       return _.toLower(self.status) === 'active';
     },

addons/addon-base-raas-ui/packages/base-raas-ui/src/models/users/__tests__/User.test.js

@@ -0,0 +1,50 @@
+import { User } from '../User';
+
+describe('User', () => {
+  it('should get all user fields correctly', () => {
+    const userJson = {
+      uid: 'u-N__Z_pJTr5oSNUaM6-oP7',
+      firstName: 'John',
+      lastName: 'Smith',
+      isAdmin: false,
+      isExternalUser: false,
+      username: 'JohnSmith@amazon.com',
+      ns: 'internal',
+      email: 'JohnSmith@amazon.com',
+      authenticationProviderId: 'internal',
+      status: 'active',
+      createdBy: 'u-0Jse-jzwgiczKaa74IFKg',
+      rev: 1,
+      userRole: 'researcher',
+      projectId: ['Project1'],
+      encryptedCreds: 'N/A',
+      applyReason: 'N/A',
+    };
+
+    const user = User.create(userJson);
+
+    expect(user.displayName).toEqual('John Smith');
+    expect(user.longDisplayName).toEqual('John Smith (JohnSmith@amazon.com)');
+    expect(user.unknown).toEqual(false);
+    expect(user.isRootUser).toEqual(false);
+    expect(user.isInternalAuthUser).toEqual(true);
+    expect(user.isActive).toEqual(true);
+    expect(user.isInternalGuest).toEqual(false);
+    expect(user.isExternalGuest).toEqual(false);
+    expect(user.isInternalResearcher).toEqual(true);
+    expect(user.isSystem).toEqual(false);
+    expect(user.isSame('abcd')).toEqual(false);
+    expect(user.isSamePrincipal('abcd', 'xyz')).toEqual(false);
+    expect(user.id).toEqual('u-N__Z_pJTr5oSNUaM6-oP7');
+    expect(user.principal).toEqual({ username: 'JohnSmith@amazon.com', ns: 'internal' });
+    expect(user.principalStr).toEqual(JSON.stringify({ username: 'JohnSmith@amazon.com', ns: 'internal' }));
+    expect(user.hasProjects).toEqual(true);
+    expect(user.hasCredentials).toEqual(false);
+    expect(user.capabilities).toEqual({
+      canCreateStudy: true,
+      canCreateWorkspace: true,
+      canSelectStudy: true,
+      canViewDashboard: true,
+    });
+  });
+});

addons/addon-base-ui/packages/base-ui/src/plugins/initialization-plugin.js

@@ -80,9 +80,17 @@ async function postInit(payload, appContext) {
   await userStore.load();
 
   const isRootUser = userStore.user.isRootUser;
+  const isInternalAuthUser = userStore.user.isInternalAuthUser;
   if (isRootUser) {
     displayWarning('You have logged in as root user. Logging in as root user is discouraged.');
   }
+
+  const isProduction = process.env.REACT_APP_SITE_ENV_TYPE === 'prod';
+  if (isInternalAuthUser && isProduction) {
+    displayWarning(
+      'You are using internal Authentication for this user. Internal Authentication is not recommended for prod environments. Please consider using an IDP.',
+    );
+  }
 }
 
 const plugin = {

docs/docs/deployment/post_deployment/create_admin_user.md

@@ -15,8 +15,10 @@ _**Figure 7: Create an Administrator**_
 
 _**Note**: A root user account will already be created, however, you must not routinely use the root user account._ 
 
-1.	Click ‘**Add Local User**’. Assign the user the administrator’s role, and associate the user with the **Project** you created, and set the status to ‘**Active**’. See **Figure 8**.
+For testing purposes, you can create a local user by clicking  ‘**Add Local User**’. Assign the user the administrator’s role, and associate the user with the **Project** you created, and set the status to ‘**Active**’. See **Figure 8**.
 
 <img src={useBaseUrl('img/deployment/post_deployment/create_user_01.jpg')} />
 
 _**Figure 8: Add Local User**_
+
+**In prod environments we highly recommend using an IDP. For more details, click [here](../../user_guide/sidebar/admin/auth/introduction.md)**

main/solution/ui/config/environment/env-template.yml

@@ -17,6 +17,7 @@ REACT_APP_AUTO_LOGOUT_TIMEOUT_IN_MINUTES: ${self:custom.settings.autoLogoutTimeo
 REACT_APP_ENV_MGMT_ROLE_NAME: ${self:custom.settings.envMgmtRoleName}
 REACT_APP_ENABLE_BUILT_IN_WORKSPACES: ${self:custom.settings.enableBuiltInWorkspaces}
 REACT_APP_VERSION_AND_DATE: ${self:custom.settings.versionAndDate}
+REACT_APP_SITE_ENV_TYPE: ${self:custom.settings.envType}
 
 # ========================================================================
 # Overrides for .env.local