Centralize Authentication (#9593)

* Introduce centralized authentication context to manage auth state and replace scattered authentication logic in the frontend.

* Refactor `useUser` and `ConfigProvider` hooks to use `useCallback` and `useAPI`, streamlining state management and simplifying configuration retrieval logic.

* Consolidate authentication status and logic into `authContext`, remove redundant `status.ts`, and rename `RequireAuth` to `RequiresAuth` for consistency.

* Refactor authentication logic by consolidating `markAuthenticated` and `markUnauthenticated` into `setAuthStatus`, simplifying auth state management.

* Refactor login flow to use `RedirectIfAuthenticated` component, centralizing auth redirection logic and simplifying `login.tsx`.

* Refactor `RedirectIfAuthenticated` to use a functional component and simplify child rendering logic.

* Refactor `authContext` to use functional components, arrow functions, and improve readability of authentication logic.

* Refactor `RequiresAuth` to use `React.FC` and arrow function for consistency with functional component style.

* Refactor `authContext` to reorder `AuthContext` and `AuthContextType` definitions for improved readability and organization.

* Refactor login flow to handle redirect authentication with `useEffect` and `setAuthStatus`, simplifying and centralizing auth logic.

* Refactor `login.tsx` to simplify `next` variable assignment by removing redundant type assertions.

* Refactor `login.tsx` to reorder conditional logic for readability and maintain consistency in authentication flow.

* Refactor `login.tsx` to replace `useEffect` with direct conditional navigation logic and simplify SSO handling flow.

* Refactor `login.tsx` to remove unused `useEffect` import.

* Refactor `login.tsx` to remove redundant type assertions in `next` variable assignment.

* Refactor `login.tsx` to remove unused authenticated redirect logic for cleaner and simplified authentication flow.

* Refactor `login.tsx` to remove unused imports and redundant `useAuth` destructuring for cleaner code.

* Refactor authentication flow in `login.tsx` and `requiresAuth.tsx` to centralize redirect logic and ensure consistent handling of authenticated and unauthenticated states.

* Refactor `login.tsx` to simplify `next` variable assignment by removing redundant parentheses.

* Refactor `AuthProvider` to use `useEffect` for dynamic authentication status and simplify `login.tsx` by removing unused redirect logic.

* Refactor `api.jsx` to reset request state on authentication error for consistent error handling and cleaner unmount logic.

* Refactor `requiresAuth.tsx` to simplify authentication flow by removing unused API call and redundant state handling.

* Refactor `authContext.tsx` to streamline `AuthProvider`, remove `useEffect`, and simplify initial auth status handling.

* Refactor `navbar.jsx` to simplify logout flow by removing conditional navigation logic.

* Refactor `navbar.jsx` and `requiresAuth.tsx` to clean up unused imports and simplify `next` variable assignment with hash handling.

* Refactor `index.jsx` to adjust route nesting by relocating `index` route within `RequiresAuth` for cleaner route structure.

* Refactor `index.jsx` to relocate fallback route for improved route structure and eliminate redundancy.

* Refactor `layout.tsx` to remove unnecessary `useEffect` and streamline RBAC alert dismissal logic.

* Refactor `api.jsx` to improve unmount logic by adding `isMounted` checks and streamline request state handling on authentication errors.

* Refactor `authContext.tsx`, `api.jsx`, and `user.jsx` to introduce `UNKNOWN` auth status, improve auth status synchronization, and streamline user fetching logic.

* Refactor `authContext.tsx` to simplify `AuthProvider` by replacing `readInitialStatus` with direct `UNKNOWN` initialization.

* Refactor `user.jsx` to handle `UNKNOWN` auth status, improve user-fetching logic, and optimize auth state synchronization.

* Refactor `navbar.jsx`, `login.tsx`, `api.jsx`, and `user.jsx` to improve logout flow by leveraging `sessionStorage` for state management and ensuring clean API handling during logout.

* Simplify logout logic in `navbar.jsx` by replacing hardcoded URL with `logoutUrl` variable.

* Remove `sessionStorage`-based logout flow logic from `navbar.jsx`, `login.tsx`, `api.jsx`, and `user.jsx` for simplification and cleanup.

* Remove unused `useEffect` import from `login.tsx`.

* Improve logout flow by finalizing `sessionStorage` logic in `navbar.jsx`, `login.tsx`, `api.jsx`, and `user.jsx` to ensure clean state management and prevent race conditions.

* Simplify logout logic in `navbar.jsx` by using `window.location.replace` instead of `window.location` for better URL handling.

* Remove `sessionStorage`-based logout flow logic from `navbar.jsx`, `login.tsx`, `api.jsx`, and `user.jsx` to simplify and streamline state management.

* Remove unused `auth` and `useAuth` imports from `navbar.jsx` and remove commented-out legacy `useUser` logic from `user.jsx` for cleanup.

* Cleanup `api.jsx` by simplifying `useEffect` cleanup logic and consistent formatting adjustments.

* Add missing newline at end of `api.jsx` for consistency.

* Fix inconsistent object formatting in `api.jsx` within `setRequest` function.

* Refactor `login.tsx` to streamline URL query handling and `ConfigProvider` for improved memoization efficiency.

* Refactor `useUser` to simplify authentication status logic and update logout flow in `navbar.jsx` to clear user state via `auth.clearCurrentUser`.

* Refactor `useUser` to enhance authentication status handling by improving `fetcher` logic and ensuring accurate status updates.

* Refactor `useUser` to optimize `fetcher` logic and streamline authentication status updates.

* Update `RequiresAuth` to display loading state when user authentication is in progress

* Refactor `RequiresAuth` and `useUser` to improve user authentication flow by optimizing loading state handling and revalidation logic.

* Refactor `useUser` to simplify `fetcher` logic by removing unnecessary dependencies and improving readability.

* Refactor `useUser` to handle unauthenticated status explicitly in `fetcher` logic and update dependencies for improved accuracy.

* add changes

* Fix inconsistent formatting in `onClick` handler within `navbar.jsx`.

* Remove unused `logged` prop from `Layout` in `create-user-with-password.jsx`.

* Add `logged` prop to `Layout` in `create-user-with-password.jsx` to ensure proper rendering

* changes

* Refactor login redirection logic to ensure `state` resets correctly and simplify unauthenticated error handling in API hook.

* Remove unused `status` destructure in `useAPI` hook to clean up code.

* Refactor login redirection logic and simplify unauthenticated error handling in `useAPI` hook.

* Fix typo in `Logout` label text within `navbar.jsx`.

* Fix typo in `Logout` label and add missing return statement in `useAPI` hook

* Refactor `RequiresAuth` to use `AUTH_STATUS` and centralize authentication state handling

* Simplify unauthenticated user check in `RequiresAuth` component.

* Refactor `useUser` hook to improve cache validation and enhance loading state tracking in `RequiresAuth`.

* Add fallback to `getCurrentUser` in login flow to handle edge cases

* Refactor `useUser` hook and login flow to streamline `getCurrentUser` handling and improve state management.

* Enhance `useUser` hook with `pageshow` handling and optimize authentication state updates. Simplify `RequiresAuth` loading logic.

* Refactor `useUser` hook to remove unused `status`, streamline `fetcher` logic, and enhance `loading` state tracking in `RequiresAuth`.

* Remove redundant `getCurrentUser` call in login flow to streamline authentication handling.

* Refactor authentication flow to standardize `AUTH_STATUS` usage and improve state management in `RequiresAuth` and `useUser`.

* Simplify logout flow by removing redundant authentication state updates.

* Remove unused `setAuthStatus` and clean up imports in `navbar.jsx`.

* Update logout flow to set `AUTH_STATUS.UNAUTHENTICATED` before redirecting to logout URL.

* Simplify logout flow by removing `setAuthStatus`, cleaning up imports, and directly handling user state reset.

* Set `AUTH_STATUS.UNAUTHENTICATED` in logout flow and clean up imports in `navbar.jsx`.

* Add `setAuthStatus` to `navbar.jsx` and update imports for authentication state management.

* Simplify logout flow by replacing `onClick` logic with direct `href` to `logoutUrl`.

* Update logout item to replace URL in history before redirect

* Remove redundant comment in `RequiresAuth` component.

* Refactor authentication flow to check session cookies before making user state transitions.

* Update logout flow to set `AUTH_STATUS.UNAUTHENTICATED` and use `window.location.replace` for redirect.

* Comment out unused `auth` import in `navbar.jsx`.

* Reset user state on logout by calling `auth.clearCurrentUser`.

* Refactor auth flow by simplifying cookie checks, consolidating logout logic, and streamlining user state updates.

* Update logout flow: clear user state and set `AUTH_STATUS.UNAUTHENTICATED` in `navbar.jsx`.

* Simplify logout item by replacing `onClick` logic with direct URL handling and timestamp parameter.

* Remove unused `auth` and `AUTH_STATUS` imports in `navbar.jsx`.

* Refactor authentication flow: streamline session cookie checks, consolidate auth logic, and enhance user redirection handling.

* Remove unused `auth` and `AUTH_STATUS` imports from `navbar.jsx`.

* Remove unused `useEffect` and `pageshow` listener for session cookie checks in `requiresAuth.tsx`.

* Remove unused `useEffect` import from `requiresAuth.tsx`.

* Update logout flow: clear user state, set `AUTH_STATUS.UNAUTHENTICATED`, and redirect to logout URL in `navbar.jsx`.

* Refactor authentication flow: unify session cookie checks, simplify state management, and remove redundant logic in `navbar.jsx`, `requiresAuth.tsx`, and `user.jsx`.

* Remove unused `auth` import from `navbar.jsx`.

* Refactor logout flow: extract `handleLogout` function, update redirection logic, and clean up state management in `navbar.jsx`.

* Remove unused `happy-dom` router import and consolidate `LOGIN_COOKIE_NAMES` definition.

* Refactor logout logic: replace router navigation with `window.history.replaceState`, clean up `auth.clearCurrentUser` call.

* Refactor logout and authentication flow: simplify `handleLogout` logic in `navbar.jsx`, add cleanup for `unload` event in `requiresAuth.tsx`.

* Remove unused `auth` import and redundant `as="button"` prop from `navbar.jsx`.

* Add BFCache handling to `requiresAuth.tsx` and update session cookie check logic.

* Refactor authentication flow: simplify session handling, remove redundant session cookie checks, and clean up `useUser` and `requiresAuth.tsx` logic.

* Add BFCache and session cookie handling logic to `requiresAuth.tsx` to ensure proper authentication redirection.

* Add eslint-disable comment for unused `__lakefsBFGuard` declaration in `requiresAuth.tsx`.

* Remove eslint-disable comment for unused `__lakefsBFGuard` declaration and format global interface in `requiresAuth.tsx`.

* Update `onPageShow` type in `requiresAuth.tsx` for better type safety

* Remove unused BFCache and session cookie handling logic from `requiresAuth.tsx` to simplify authentication flow.

* Refactor logout logic in `navbar.jsx`: add `auth.clearCurrentUser` call before resetting auth status.

* Enhance authentication redirection in `useAPI`: add 401 error handling with navigation to login page and simplify `useUser` logic.

* Refactor authentication redirection in `useAPI`: consolidate public auth route checks and enhance `next` state handling.

* Refactor `useAPI` and `authContext`: consolidate unauthorized handling logic into `onUnauthorized` callback for improved reuse and clarity.

* Remove unused `AUTH_STATUS` and `useNavigate` imports from `api.jsx` for cleaner codebase.

* Refactor `useUser` and `requiresAuth`: remove `useLocation` dependency and simplify auth status handling logic.

* Refactor `requiresAuth`: replace `useAuth` with `useUser` for simplified and consistent authentication handling.

* Comment out redundant `setRequest` and `return` logic in 401 error handling within `useAPI`.

* Remove commented-out redundant `setRequest` and `return` logic in `useAPI` 401 error handling

* Enhance login redirection: persist `next` state in sessionStorage and improve fallback login URL handling.

* Refactor login redirection: consolidate `next` state handling and streamline sessionStorage usage.

* Refactor login redirection: streamline `redirected` handling, normalize URLs, and enhance `next` state persistence logic.

* Refactor login redirection: simplify `next` state handling and remove unnecessary try-catch block.

* Refactor login redirection: consolidate rendering logic, centralize auth checks, and simplify `next` state handling.

* Refactor login redirection: remove redundant `typeof` check for `next` state.

* Refactor login redirection: extract `withNext` function, enhance `next` state handling, and improve redirection cleanup logic.

* Enhance login redirection: add `useEffect` to handle `post_login_next` navigation from sessionStorage.

* Refactor login flow: introduce `DEFAULT_LOGIN_CONFIG`, streamline login config handling, and consolidate rendering logic.

* Refactor login flow: streamline rendering logic, remove `DEFAULT_LOGIN_CONFIG`, and enhance redirection handling with `Navigate`.

* Refactor login redirection: simplify loading state, enhance `setup` redirection logic, and improve query string handling.

* Refactor login flow: extract `getLoginIntent`, introduce `DoNavigate` and `ExternalRedirect` components, and enhance `next` state handling.

* Refactor navbar and login route: remove unused auth context references and simplify redirection logic.

* Refactor authentication handling: rename `setAuthStatus` to `setStatus`, replace `AUTH_STATUS.UNKNOWN` with `AUTH_STATUS.PENDING`, and centralize utility functions for redirection and route management.

* Refactor authentication flow: replace `buildNextFromWindow` with `getCurrentRelativeUrl`, unify `lakefs_post_login_next` handling, and centralize redirection utilities for consistency.

* Refactor authentication flow: remove `useUser` hook, centralize user management in `authContext`, and update components accordingly.

* commit

* Enhance authContext: refresh user data on `pageshow` for better session consistency after page restores.

* Refactor authentication handling: rename `onUnauthorized` to `onUnauthenticated`, improve user refresh logic, and streamline login flow by removing unused utilities and centralizing route management.

* Refactor authContext and navbar: remove redundant dependencies, disable cache for user refresh, and improve logout redirection logic.

* Format imports in `authContext.tsx` for consistent styling.

* commit

* changes

Author: Ben-El

webui/src/lib/auth/authContext.tsx

@@ -0,0 +1,104 @@
+import React, { createContext, useContext, useMemo, useState, ReactNode, useCallback, useEffect } from "react";
+import { useNavigate } from "react-router-dom";
+import { auth } from "../api";
+import { getCurrentRelativeUrl, isPublicAuthRoute, ROUTES } from "../utils";
+
+export const LAKEFS_POST_LOGIN_NEXT = "lakefs_post_login_next";
+export const AUTH_STATUS = {
+    AUTHENTICATED: "authenticated",
+    UNAUTHENTICATED: "unauthenticated",
+    PENDING: "pending",
+} as const;
+
+export type AuthStatus = typeof AUTH_STATUS[keyof typeof AUTH_STATUS];
+
+type User = { id?: string } | null;
+
+type AuthContextType = {
+    status: AuthStatus;
+    user: User;
+    refreshUser: (opts?: { useCache?: boolean }) => Promise<void>;
+    setStatus: (s: AuthStatus) => void;
+    onUnauthenticated: () => void;
+};
+
+const AuthContext = createContext<AuthContextType | null>(null);
+
+export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) => {
+    const [status, setStatus] = useState<AuthStatus>(AUTH_STATUS.PENDING);
+    const [user, setUser] = useState<User>(null);
+    const navigate = useNavigate();
+
+    const refreshUser = useCallback(
+        async ({ useCache = true }: { useCache?: boolean } = {}) => {
+            if (!useCache && status !== AUTH_STATUS.AUTHENTICATED) setStatus(AUTH_STATUS.PENDING);
+            try {
+                const u = useCache
+                    ? await auth.getCurrentUserWithCache()
+                    : await auth.getCurrentUser();
+                const ok = Boolean(u?.id);
+                setUser(ok ? u : null);
+                setStatus(ok ? AUTH_STATUS.AUTHENTICATED : AUTH_STATUS.UNAUTHENTICATED);
+            } catch {
+                setUser(null);
+                setStatus(AUTH_STATUS.UNAUTHENTICATED);
+            }
+        },
+        []
+    );
+
+    // When we get a 401, clear local auth and navigate to the login page.
+    // We set `redirected: true` and pass `next` (the current URL) so the login page
+    // knows this is an auth-driven redirect: it should apply the configured login
+    // strategy (e.g. auto-redirect to SSO) and, after successful auth, return to `next`.
+    const onUnauthenticated = useCallback(() => {
+        auth.clearCurrentUser();
+        setUser(null);
+        setStatus(AUTH_STATUS.UNAUTHENTICATED);
+
+        if (isPublicAuthRoute(window.location.pathname)) return;
+
+        navigate(ROUTES.LOGIN, {
+            replace: true,
+            state: { redirected: true, next: getCurrentRelativeUrl() },
+        });
+    }, [navigate]);
+
+    useEffect(() => { void refreshUser({ useCache: false }); }, []);
+
+    useEffect(() => {
+        const onPageShow = (e: PageTransitionEvent) => {
+            if ((e).persisted) {
+                void refreshUser({ useCache: false });
+            }
+        };
+        window.addEventListener('pageshow', onPageShow);
+        return () => window.removeEventListener('pageshow', onPageShow);
+    }, [refreshUser]);
+
+    useEffect(() => {
+        if (status === AUTH_STATUS.AUTHENTICATED) {
+            const postLoginNext = window.sessionStorage.getItem(LAKEFS_POST_LOGIN_NEXT);
+            if (postLoginNext && postLoginNext.startsWith("/")) {
+                window.sessionStorage.removeItem(LAKEFS_POST_LOGIN_NEXT);
+                const next = getCurrentRelativeUrl();
+                if (next !== postLoginNext) {
+                    navigate(postLoginNext, { replace: true });
+                }
+            }
+        }
+    }, [status, navigate]);
+
+    const value = useMemo<AuthContextType>(
+        () => ({ status, user, refreshUser, setStatus, onUnauthenticated }),
+        [status, user, refreshUser, onUnauthenticated]
+    );
+
+    return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;
+};
+
+export const useAuth = (): AuthContextType => {
+    const ctx = useContext(AuthContext);
+    if (!ctx) throw new Error("useAuth must be used within <AuthProvider>");
+    return ctx;
+};

webui/src/lib/components/auth/layout.tsx

@@ -1,4 +1,4 @@
-import React, {useEffect, useState} from "react";
+import React, {useState} from "react";
 import {Outlet, useOutletContext} from "react-router-dom";
 import Container from "react-bootstrap/Container";
 import Row from "react-bootstrap/Row";
@@ -8,8 +8,6 @@ import Card from "react-bootstrap/Card";
 
 import {Link} from "../nav";
 import {useLoginConfigContext} from "../../hooks/conf";
-import {useLayoutOutletContext} from "../layout";
-import {useRouter} from "../../hooks/router";
 import Alert from "react-bootstrap/Alert";
 import {InfoIcon} from "@primer/octicons-react";
 
@@ -20,22 +18,6 @@ export const AuthLayout = () => {
     const [showRBACAlert, setShowRBACAlert] = useState(!window.localStorage.getItem(rbacDismissedKey));
     const [activeTab, setActiveTab] = useState("credentials");
     const {RBAC: rbac} = useLoginConfigContext();
-    const [isLogged] = useLayoutOutletContext();
-    const router = useRouter();
-
-    useEffect(() => {
-        if (!isLogged) {
-            // Redirect to the login page here, instead of in Layout where isLogged is set, because Layout also wraps
-            // routes that don't require authentication, and redirecting would be incorrect.
-            router.push({
-                pathname: '/auth/login',
-                params: {},
-                query: { next: '/', redirected: 'true' },
-            });
-        }
-    }, [isLogged, router]);
-
-    if (!isLogged) return null;
 
     return (
         <Container fluid="xl">

webui/src/lib/components/layout.tsx

@@ -1,41 +1,30 @@
-import React, { FC, useContext, useState, useEffect } from "react";
-import { Outlet, useOutletContext } from "react-router-dom";
+import React, { FC, useContext, useEffect } from "react";
+import { Outlet } from "react-router-dom";
 import { ConfigProvider } from "../hooks/configProvider";
 import TopNav from './navbar';
 import { AppContext } from "../hooks/appContext";
-import useUser from "../hooks/user";
+import {AUTH_STATUS, useAuth} from "../auth/authContext";
 
-type LayoutOutletContext = [boolean];
+const Layout: FC = () => {
+    const { status } = useAuth();
+    const showTopNav = status === AUTH_STATUS.AUTHENTICATED;
 
-const Layout: FC<{logged: boolean}> = ({logged}) => {
-    const [isLogged, setIsLogged] = useState(logged ?? true);
-    const { user, loading, error } = useUser();
-    const userWithId = user as { id?: string } | null;
-
-    // Update isLogged state based on actual authentication status
+    const { state } = useContext(AppContext);
     useEffect(() => {
-        if (!loading) {
-            // If there's a user and no error, show authenticated (full) navbar
-            setIsLogged(!!userWithId?.id && !error);
-        }
-    }, [userWithId, loading, error]);
-
-    // handle global dark mode here
-    const {state} = useContext(AppContext);
-    document.documentElement.setAttribute('data-bs-theme', state.settings.darkMode ? 'dark' : 'light')
+        document.documentElement.setAttribute(
+            "data-bs-theme",
+            state.settings.darkMode ? "dark" : "light"
+        );
+    }, [state.settings.darkMode]);
 
     return (
         <ConfigProvider>
-            {!loading && <TopNav logged={isLogged}/>}
+            {showTopNav && <TopNav/>}
             <div className="main-app">
-                <Outlet context={[isLogged] satisfies LayoutOutletContext}/>
+                <Outlet />
             </div>
         </ConfigProvider>
     );
 };
 
-export function useLayoutOutletContext() {
-    return useOutletContext<LayoutOutletContext>();
-}
-
-export default Layout;
+export default Layout;

webui/src/lib/components/navbar.jsx

@@ -1,6 +1,4 @@
 import React from "react";
-import useUser from '../hooks/user'
-import {auth} from "../api";
 import {useRouter} from "../hooks/router";
 import {Link} from "./nav";
 import DarkModeToggle from "./darkModeToggle";
@@ -9,15 +7,19 @@ import Container from "react-bootstrap/Container";
 import {useLoginConfigContext} from "../hooks/conf";
 import {FeedPersonIcon} from "@primer/octicons-react";
 import {useConfigContext} from "../hooks/configProvider";
+import {auth} from "../api";
+import {AUTH_STATUS, LAKEFS_POST_LOGIN_NEXT, useAuth} from "../auth/authContext";
+import {ROUTES} from "../utils";
 
 const NavUserInfo = () => {
-    const { user, loading: userLoading, error } = useUser();
+    const { user, status } = useAuth();
+    const userLoading = status === AUTH_STATUS.PENDING;
     const logoutUrl = useLoginConfigContext()?.logout_url || "/logout"
     const {config, error: versionError, loading: versionLoading} = useConfigContext();
     const versionConfig = config?.versionConfig || {};
 
     if (userLoading || versionLoading) return <Navbar.Text>Loading...</Navbar.Text>;
-    if (!user || !!error) return (<></>);
+    if (!user) return (<></>);
     const notifyNewVersion = !versionLoading && !versionError && versionConfig.upgrade_recommended
     const NavBarTitle = () => {
         return (
@@ -37,17 +39,19 @@ const NavUserInfo = () => {
                     </>
             </NavDropdown.Item><NavDropdown.Divider/></>}
             <NavDropdown.Item
-                onClick={()=> {
+                onClick={() => {
                     auth.clearCurrentUser();
-                    window.location = logoutUrl;
+                    window.sessionStorage.removeItem(LAKEFS_POST_LOGIN_NEXT);
+                    window.history.replaceState(null, "", `${ROUTES.LOGIN}?redirected=true`);
+                    window.location.replace(logoutUrl);
                 }}>
                 Logout
             </NavDropdown.Item>
             <NavDropdown.Divider/>
             {!versionLoading && !versionError && <>
-            <NavDropdown.Item disabled={true}>
-                {`${versionConfig.version_context} ${versionConfig.version}`}
-            </NavDropdown.Item></>}
+                <NavDropdown.Item disabled={true}>
+                    {`${versionConfig.version_context} ${versionConfig.version}`}
+                </NavDropdown.Item></>}
         </NavDropdown>
     );
 };
@@ -63,8 +67,8 @@ const TopNavLink = ({ href, children }) => {
     );
 };
 
-const TopNav = ({logged = true}) => {
-    return logged && (
+const TopNav = () => {
+    return (
         <Navbar variant="dark" bg="dark" expand="md" className="border-bottom">
             <Container fluid={true}>
                 <Link component={Navbar.Brand} href="/">

webui/src/lib/components/requiresAuth.tsx

@@ -0,0 +1,21 @@
+import React from "react";
+import {Navigate, Outlet} from "react-router-dom";
+import {Loading} from "./controls";
+import {ROUTES} from "../utils";
+import {getCurrentRelativeUrl} from "../utils";
+import {AUTH_STATUS, useAuth} from "../auth/authContext";
+
+const RequiresAuth: React.FC = () => {
+    const { user, status } = useAuth();
+
+    if (status === AUTH_STATUS.PENDING) return <Loading />;
+    if (!user) {
+        const next = getCurrentRelativeUrl();
+        const params = new URLSearchParams({ redirected: "true", next });
+        return <Navigate to={{ pathname: ROUTES.LOGIN, search: `?${params.toString()}` }} replace state={{ redirected: true, next }}/>;
+    }
+
+    return <Outlet/>;
+};
+
+export default RequiresAuth;

webui/src/lib/hooks/api.jsx

@@ -1,6 +1,6 @@
 import {useEffect, useState} from 'react';
 import {AuthenticationError} from "../api";
-import {useRouter} from "./router";
+import {useAuth} from "../auth/authContext";
 
 const initialPaginationState = {
     loading: true,
@@ -50,46 +50,23 @@ const initialAPIState = {
 };
 
 export const useAPI = (promise, deps = []) => {
-    const router = useRouter();
     const [request, setRequest] = useState(initialAPIState);
-    const [needToLogin, setNeedToLogin] = useState(false);
-
-    useEffect(() => {
-        if (needToLogin) {
-            const loginPathname = '/auth/login';
-            if (router.route === loginPathname) {
-                return;
-            }
-            // If the user is not logged in and attempts to access a lakeFS endpoint other than '/auth/login',
-            // they are first redirected to the '/auth/login' endpoint. For users logging in via lakeFS
-            // (not via SSO), after successful authentication they will be redirected back to the original endpoint
-            // they attempted to access. The redirected flag is set here so it can later be used to properly
-            // handle SSO redirection when login via SSO is configured.
-            router.push({
-                pathname: loginPathname,
-                query: {next: router.route, redirected: true},
-            });
-            setNeedToLogin(false);
-        }
-    }, [needToLogin, router])
+    const { onUnauthenticated } = useAuth();
 
     useEffect(() => {
         let isMounted = true;
         setRequest(initialAPIState);
         const execute = async () => {
             try {
                 const response = await promise();
-                setRequest({
-                    loading: false,
-                    error: null,
-                    response,
-                });
+                if (!isMounted) return;
+                setRequest({ loading: false, error: null, response });
             } catch (error) {
-                if (error instanceof AuthenticationError) {
-                    if (isMounted) {
-                        setNeedToLogin(true);
-                    }
-                    return;
+                if (!isMounted) return;
+                // On 401 we delegate to onUnauthenticated(), which redirects to /auth/login
+                // with { redirected: true, next } so the login page can apply SSO and return.
+                if (error instanceof AuthenticationError && error.status === 401) {
+                    onUnauthenticated();
                 }
                 setRequest({
                     loading: false,

webui/src/lib/hooks/configProvider.tsx

@@ -1,8 +1,9 @@
-import React, { createContext, FC, useContext, useEffect, useState, } from "react";
+import React, {createContext, FC, useContext, useEffect, useMemo} from "react";
 
 import { config } from "../api";
-import useUser from "./user";
 import { usePluginManager } from "../../extendable/plugins/pluginsContext";
+import {useAPI} from "./api";
+import {useAuth} from "../auth/authContext";
 
 type ConfigContextType = {
     error: Error | null;
@@ -57,21 +58,23 @@ const useConfigContext = () => useContext(configContext);
 
 const ConfigProvider: FC<{children: React.ReactNode}> = ({children}) => {
     const pluginManager = usePluginManager();
-    const {user} = useUser();
-    const [storageConfig, setConfig] = useState<ConfigContextType>(configInitialState);
+    const {user} = useAuth();
+    const { response, loading, error } = useAPI(() => config.getConfig(), [user]);
 
     useEffect(() => {
-        config.getConfig()
-            .then(configData => {
-                pluginManager.customObjectRenderers?.init(configData);
-                setConfig({config: configData, loading: false, error: null});
-            })
-            .catch((error) =>
-                setConfig({config: null, loading: false, error}));
-    }, [user]);
+        if (response) {
+            pluginManager.customObjectRenderers?.init(response);
+        }
+    }, [response, pluginManager]);
+
+    const value = useMemo(
+        () => (
+            { config: response ?? null, loading, error } satisfies ConfigContextType
+        ),
+        [response, loading, error]);
 
     return (
-        <configContext.Provider value={storageConfig}>
+        <configContext.Provider value={value}>
             {children}
         </configContext.Provider>
     );