-
Notifications
You must be signed in to change notification settings - Fork 704
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chat Copilot Security Improvements #126
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gitri-ms
requested review from
glahaye,
TaoChenOSU,
alliscode,
dehoward and
teresaqhoang
August 8, 2023 18:14
github-actions
bot
added
documentation
Improvements or additions to documentation
webapp
Pull requests that update Typescript code
webapi
Pull requests that update .net code
PR: ready for review
labels
Aug 8, 2023
gitri-ms
commented
Aug 12, 2023
gitri-ms
commented
Aug 12, 2023
gitri-ms
commented
Aug 12, 2023
gitri-ms
commented
Aug 14, 2023
gitri-ms
commented
Aug 14, 2023
gitri-ms
commented
Aug 14, 2023
alliscode
reviewed
Aug 18, 2023
alliscode
approved these changes
Aug 18, 2023
This was referenced Aug 21, 2023
teamleader-dev
pushed a commit
to vlink-group/chat-copilot
that referenced
this pull request
Oct 7, 2024
### Motivation and Context This PR addresses microsoft/semantic-kernel#1639. It is a combination of PRs microsoft#92 and microsoft#110 ### Description #### Backend changes - Remove API key authorization - Use "AzureAD" as default authentication configuration for deployments, "None" for running locally (Note: UI changes to disable sign in flow for the latter case are still forthcoming) - Enable auth policy on controllers that checks if the user is part of the conversation they are trying to access This PR changes the contract between the frontend and backend around how user IDs are communicated. Users who have been signing into the frontend with AAD will now only see their chats if the backend is also gated by AAD authentication, which was not the case previously. #### Frontend changes - adds `REACT_APP_AUTH_TYPE` and changes AAD variables in `.env` to be optional - adds `AuthHelper.IsAuthAAD` to conditionally render different elements throughout the app - changes user settings menu popup to instead just show as a settings button: ![image](https://github.com/microsoft/chat-copilot/assets/52973358/342f977d-d011-464d-b122-5eff5f8222ac) Existing users will need to uncomment `REACT_APP_AUTH_TYPE=AzureAd` in `webapp/.env` to continue using AAD as their authorization type. ### Contribution Checklist <!-- Before submitting this PR, please make sure: --> - [x] The code builds clean without any errors or warnings - [x] The PR follows the [Contribution Guidelines](https://github.com/microsoft/copilot-chat/blob/main/CONTRIBUTING.md) and the [pre-submission formatting script](https://github.com/microsoft/copilot-chat/blob/main/CONTRIBUTING.md#development-scripts) raises no violations - [ ] All unit tests pass, and I have added new tests where possible - [x] I didn't break anyone 😄 --------- Co-authored-by: Desmond Howard <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
deployment
Issues related to deploying Chat-Copilot
documentation
Improvements or additions to documentation
github actions
Pull requests that update GitHub Actions code
webapi
Pull requests that update .net code
webapp
Pull requests that update Typescript code
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation and Context
This PR addresses microsoft/semantic-kernel#1639. It is a combination of PRs #92 and #110
Description
Backend changes
This PR changes the contract between the frontend and backend around how user IDs are communicated. Users who have been signing into the frontend with AAD will now only see their chats if the backend is also gated by AAD authentication, which was not the case previously.
Frontend changes
REACT_APP_AUTH_TYPE
and changes AAD variables in.env
to be optionalAuthHelper.IsAuthAAD
to conditionally render different elements throughout the appExisting users will need to uncomment
REACT_APP_AUTH_TYPE=AzureAd
inwebapp/.env
to continue using AAD as their authorization type.Contribution Checklist