rabbitmq
diff --git a/‎.github/workflows/test-management-ui-for-pr.yaml
Lines changed: 4 additions & 5 deletions b/‎.github/workflows/test-management-ui-for-pr.yaml
Lines changed: 4 additions & 5 deletions
diff --git a/‎deps/rabbitmq_management/priv/www/index.html
Lines changed: 3 additions & 3 deletions b/‎deps/rabbitmq_management/priv/www/index.html
Lines changed: 3 additions & 3 deletions
diff --git a/‎deps/rabbitmq_management/priv/www/js/main.js
Lines changed: 10 additions & 3 deletions b/‎deps/rabbitmq_management/priv/www/js/main.js
Lines changed: 10 additions & 3 deletions
diff --git a/‎deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js
Lines changed: 17 additions & 11 deletions b/‎deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js
Lines changed: 17 additions & 11 deletions
diff --git a/‎deps/rabbitmq_management/src/rabbit_mgmt_dispatcher.erl
Lines changed: 2 additions & 1 deletion b/‎deps/rabbitmq_management/src/rabbit_mgmt_dispatcher.erl
Lines changed: 2 additions & 1 deletion
diff --git a/‎deps/rabbitmq_management/src/rabbit_mgmt_headers.erl
Lines changed: 6 additions & 2 deletions b/‎deps/rabbitmq_management/src/rabbit_mgmt_headers.erl
Lines changed: 6 additions & 2 deletions
diff --git a/‎deps/rabbitmq_management/src/rabbit_mgmt_wm_version.erl
Lines changed: 38 additions & 0 deletions b/‎deps/rabbitmq_management/src/rabbit_mgmt_wm_version.erl
Lines changed: 38 additions & 0 deletions
diff --git a/‎deps/rabbitmq_management/test/rabbit_mgmt_http_SUITE.erl
Lines changed: 10 additions & 3 deletions b/‎deps/rabbitmq_management/test/rabbit_mgmt_http_SUITE.erl
Lines changed: 10 additions & 3 deletions
diff --git a/‎selenium/README.md
Lines changed: 3 additions & 0 deletions b/‎selenium/README.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎selenium/bin/components/keycloak
Lines changed: 1 addition & 1 deletion b/‎selenium/bin/components/keycloak
Lines changed: 1 addition & 1 deletion
@@ -56,21 +56,20 @@ jobs:
         cd ${SELENIUM_DIR}
         docker build -t mocha-test --target test .
 
-    - name: Run full ui suites on a standalone rabbitmq server
+    - name: Run short ui suites on a standalone rabbitmq server
       run: |
         IMAGE_TAG=$(find PACKAGES/rabbitmq-server-generic-unix-*.tar.xz | awk -F 'PACKAGES/rabbitmq-server-generic-unix-|.tar.xz' '{print $2}')
         RABBITMQ_DOCKER_IMAGE=pivotalrabbitmq/rabbitmq:$IMAGE_TAG \
-          ${SELENIUM_DIR}/run-suites.sh short-suite-management-ui
-        mkdir -p /tmp/full-suite
-        mv /tmp/selenium/* /tmp/full-suite
+          ${SELENIUM_DIR}/run-suites.sh short-suite-management-ui        
+        mkdir -p /tmp/short-suite
+        mv /tmp/selenium/* /tmp/short-suite
         
     - name: Upload Test Artifacts
       if: always()
       uses: actions/[email protected]
       with:
         name: test-artifacts-${{ matrix.browser }}-${{ matrix.erlang_version }}
         path: |
-          /tmp/full-suite
           /tmp/short-suite
 
   summary-selenium:
 
@@ -21,9 +21,9 @@
     <link href="css/main.css" rel="stylesheet" type="text/css"/>
     <link href="favicon.ico" rel="shortcut icon" type="image/x-icon"/>    
 
-    <script type="module">
-      window.oauth = oauth_initialize_if_required();
-      
+    <script type="module">   
+      check_version()   
+      window.oauth = oauth_initialize_if_required()      
     </script>
 
 
 
@@ -119,15 +119,13 @@ function check_login () {
   if (user == false || user.error) {
     clear_auth();
     if (oauth.enabled) {
-      //hide_popup_warn();
       renderWarningMessageInLoginStatus(oauth, 'Not authorized');
     } else {
-      //hide_popup_warn();
       replace_content('login-status', '<p>Login failed</p>');
     }
     return false;
   }
-
+  check_version()
   hide_popup_warn()
   replace_content('outer', format('layout', {}))
   var user_login_session_timeout = parseInt(user.login_session_timeout)
@@ -1862,3 +1860,12 @@ function get_chart_range_type(arg) {
     console.log('[WARNING]: range type not found for arg: ' + arg);
     return 'basic';
 }
+
+function check_version() {
+    let curVersion = sync_get('/version')
+    let storedVersion = get_pref('version')
+    if (!storedVersion || storedVersion != curVersion) {
+        store_pref('version', curVersion)
+        location.reload()
+    }
+}
@@ -290,18 +290,26 @@ export function oauth_completeLogin() {
 
 export function oauth_initiateLogout() {
   if (oauth.sp_initiated) {
-    mgr.metadataService.getEndSessionEndpoint().then(endpoint => {
-      if (endpoint == undefined) {
-        // Logout only from management UI
-        mgr.removeUser().then(res => {
-          clear_auth()
-          oauth_redirectToLogin()
+    return mgr.getUser().then(user => {
+      if (user != null) {
+        mgr.metadataService.getEndSessionEndpoint().then(endpoint => {
+          if (endpoint == undefined) {
+            // Logout only from management UI
+            mgr.removeUser().then(res => {
+              clear_auth()
+              oauth_redirectToLogin()
+            })
+          }else {
+            // OpenId Connect RP-Initiated Logout
+            mgr.signoutRedirect()
+          }
         })
       }else {
-        // OpenId Connect RP-Initiated Logout
-        mgr.signoutRedirect()
+        clear_auth()
+        go_to_home()
       }
     })
+
   } else {
     go_to_authority()
   }
@@ -370,8 +378,7 @@ export function hasAnyResourceServerReady(oauth, onReadyCallback) {
           return group;
         }, {})
         let warnings = []
-        for(var url in groupByProviderURL){
-          console.log(url + ': ' + groupByProviderURL[url]);
+        for(var url in groupByProviderURL){          
           const notReadyResources = groupByProviderURL[url].filter((oauthserver) => notReadyServers.includes(oauthserver.oauth_provider_url))
           const notCompliantResources = groupByProviderURL[url].filter((oauthserver) => notCompliantServers.includes(oauthserver.oauth_provider_url))
           if (notReadyResources.length == 1) {
@@ -385,7 +392,6 @@ export function hasAnyResourceServerReady(oauth, onReadyCallback) {
             warnings.push(warningMessageOAuthResources(url, notCompliantResources, " not compliant"))
           }
         }
-        console.log("warnings:" + warnings)
         oauth.declared_resource_servers_count = oauth.resource_servers.length
         oauth.resource_servers = oauth.resource_servers.filter((resource) =>
           !notReadyServers.includes(resource.oauth_provider_url) && !notCompliantServers.includes(resource.oauth_provider_url))
 
@@ -208,5 +208,6 @@ dispatcher() ->
      {"/auth/attempts/:node/source",                           rabbit_mgmt_wm_auth_attempts, [by_source]},
      {"/login",                                                rabbit_mgmt_wm_login, []},
      {"/config/effective",                                     rabbit_mgmt_wm_environment, []},
-     {"/auth/hash_password/:password",                         rabbit_mgmt_wm_hash_password, []}
+     {"/auth/hash_password/:password",                         rabbit_mgmt_wm_hash_password, []},
+     {"/version",                                              rabbit_mgmt_wm_version, []}
     ].
@@ -55,14 +55,18 @@ set_common_permission_headers(ReqData0, EndpointModule) ->
     lists:foldl(fun(Fun, ReqData) ->
                         Fun(ReqData, EndpointModule)
                 end, ReqData0,
-               [fun set_csp_headers/2,
+               [fun set_etag_based_cache_headers/2,
+                fun set_csp_headers/2,
                 fun set_hsts_headers/2,
                 fun set_cors_headers/2,
                 fun set_content_type_options_header/2,
                 fun set_xss_protection_header/2,
                 fun set_frame_options_header/2]).
 
+set_etag_based_cache_headers(ReqData0, _Module) ->
+    cowboy_req:set_resp_header(<<"cache-control">>, <<"public, max-age=0, must-revalidate">>, ReqData0).
+
 set_no_cache_headers(ReqData0, _Module) ->
-    ReqData1 = cowboy_req:set_resp_header(<<"cache-control">>, <<"no-cache, no-store, must-revalidate">>, ReqData0),
+    ReqData1 = cowboy_req:set_resp_header(<<"cache-control">>, <<"no-cache, no-store, max-age=0, must-revalidate">>, ReqData0),
     ReqData2 = cowboy_req:set_resp_header(<<"pragma">>, <<"no-cache">>, ReqData1),
     cowboy_req:set_resp_header(<<"expires">>, rabbit_data_coercion:to_binary(0), ReqData2).
@@ -0,0 +1,38 @@
+%% This Source Code Form is subject to the terms of the Mozilla Public
+%% License, v. 2.0. If a copy of the MPL was not distributed with this
+%% file, You can obtain one at https://mozilla.org/MPL/2.0/.
+%%
+%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
+%%
+
+-module(rabbit_mgmt_wm_version).
+
+-export([init/2]).
+-export([to_json/2, content_types_provided/2]).
+-export([variances/2]).
+
+-include_lib("rabbit_common/include/rabbit.hrl").
+-include_lib("rabbitmq_management_agent/include/rabbit_mgmt_records.hrl").
+
+%%--------------------------------------------------------------------
+
+init(Req, _State) ->
+    {cowboy_rest, rabbit_mgmt_headers:set_no_cache_headers(
+        rabbit_mgmt_headers:set_common_permission_headers(Req, ?MODULE), ?MODULE), 
+        #context{}}.
+
+variances(Req, Context) ->
+    {[<<"accept-encoding">>, <<"origin">>], Req, Context}.
+
+content_types_provided(ReqData, Context) ->
+   {rabbit_mgmt_util:responder_map(to_json), ReqData, Context}.
+
+to_json(ReqData, Context) ->   
+    Version = case rabbit:product_version() of
+        undefined -> rabbit:base_product_version();
+        V -> V
+    end,
+    rabbit_mgmt_util:reply(list_to_binary(Version), ReqData, Context).
+
+%%--------------------------------------------------------------------
+
@@ -56,7 +56,7 @@ all() ->
     ].
 
 groups() ->
-    [
+    [        
         {all_tests_with_prefix, [], some_tests() ++ all_tests()},
         {all_tests_without_prefix, [], some_tests()},
         %% We have several groups because their interference is
@@ -104,7 +104,6 @@ definitions_group4_tests() ->
         definitions_vhost_test
     ].
 
-
 all_tests() -> [
     cli_redirect_test,
     api_redirect_test,
@@ -205,7 +204,8 @@ all_tests() -> [
     amqp_sessions,
     amqpl_sessions,
     enable_plugin_amqp,
-    cluster_and_node_tags_test
+    cluster_and_node_tags_test,
+    version_test
 ].
 
 %% -------------------------------------------------------------------
@@ -3896,6 +3896,13 @@ oauth_test(Config) ->
     %% cleanup
     rpc(Config, application, unset_env, [rabbitmq_management, oauth_enabled]).
 
+version_test(Config) ->
+    ActualVersion = http_get(Config, "/version"),
+    ct:log("ActualVersion : ~p", [ActualVersion]),
+    ExpectedVersion = rpc(Config, rabbit, base_product_version, []),
+    ct:log("ExpectedVersion : ~p", [ExpectedVersion]),
+    ?assertEqual(ExpectedVersion, binary_to_list(ActualVersion)).
+
 login_test(Config) ->
     http_put(Config, "/users/myuser", [{password, <<"myuser">>},
                                        {tags,     <<"management">>}], {group, '2xx'}),
 
@@ -62,6 +62,9 @@ not see any browser interaction, everything happens in the background, i.e. rabb
 
 **The interactive mode** - This mode is convenient when we are still working on RabbitMQ source code and/or in the selenium tests. In this mode, you run RabbitMQ and tests directly from source to speed things up. The components, such as, UAA or keycloak, run in docker.
 
+**IMPORTANT** - If you intend to switch between version of RabbitMQ, make sure
+you run `./clean.sh` to clear any state left from the last test run. 
+
 
 ## Run tests in headless-mode
 
 
@@ -42,7 +42,7 @@ start_keycloak() {
     --publish 8443:8443 \
 		--env KEYCLOAK_ADMIN=admin \
 		--env KEYCLOAK_ADMIN_PASSWORD=admin \
-		--mount type=bind,source=${MOUNT_KEYCLOAK_CONF_DIR},target=/opt/keycloak/data/import/ \
+		-v ${MOUNT_KEYCLOAK_CONF_DIR}:/opt/keycloak/data/import/ \
 		${KEYCLOAK_DOCKER_IMAGE} start-dev --import-realm \
     --https-certificate-file=/opt/keycloak/data/import/server_keycloak_certificate.pem \
     --https-certificate-key-file=/opt/keycloak/data/import/server_keycloak_key.pem