Admin dashboard shows OS username instead of SSO user in navbar #12

New issue

Closed

opened 2026-05-27 13:46:47 +00:00 by mik-tf · 1 comment

mik-tf commented 2026-05-27 13:46:47 +00:00

Owner

Copy link

The deployer admin pages render the navbar top-right with the deployer process's OS username (label "driver" on the admin VM) instead of the SSO-authenticated user from the X-Hero-User proxy header.

Lives at crates/hero_tfgrid_deployer_admin/src/routes.rs:50-54:

fn current_username() -> String {
    std::env::var("USER")
        .or_else(|_| std::env::var("LOGNAME"))
        .unwrap_or_else(|_| "unknown".to_string())
}

This reads the process env (the systemd / hero_proc user the daemon runs as) rather than the per-request SSO identity that hero_proxy injects on the X-Hero-User header. Should consume the request header so an admin signed in as mik-tf sees mik-tf in the navbar, not driver.

Acceptance: navbar shows the SSO username after a Forge-OAuth-gated request, falls back to "unknown" for unauthenticated requests (which would have been bounced at the proxy anyway).

The deployer admin pages render the navbar top-right with the deployer process's OS username (label "driver" on the admin VM) instead of the SSO-authenticated user from the X-Hero-User proxy header. Lives at `crates/hero_tfgrid_deployer_admin/src/routes.rs:50-54`: ```rust fn current_username() -> String { std::env::var("USER") .or_else(|_| std::env::var("LOGNAME")) .unwrap_or_else(|_| "unknown".to_string()) } ``` This reads the process env (the systemd / hero_proc user the daemon runs as) rather than the per-request SSO identity that hero_proxy injects on the X-Hero-User header. Should consume the request header so an admin signed in as `mik-tf` sees `mik-tf` in the navbar, not `driver`. Acceptance: navbar shows the SSO username after a Forge-OAuth-gated request, falls back to "unknown" for unauthenticated requests (which would have been bounced at the proxy anyway).

mik-tf referenced this issue from a commit 2026-05-27 15:49:15 +00:00

deployer admin: SSO username + SSO-first onboarding copy + node SID help + Bootstrap modal dialogs

mik-tf closed this issue 2026-05-27 15:49:15 +00:00

mik-tf commented 2026-05-27 15:50:04 +00:00

Author

Owner

Copy link

Fixed by squash-merge c649d76 on development. display_username() now reads X-Hero-User (D-31) and falls back to OS env only when the header is absent. Pre-merge gate (fmt + clippy -D warnings + workspace release build + 26+2 tests) clean. Live verification queued for s170 redeploy on VM 0069.

Fixed by squash-merge `c649d76` on `development`. `display_username()` now reads `X-Hero-User` (D-31) and falls back to OS env only when the header is absent. Pre-merge gate (fmt + clippy `-D warnings` + workspace release build + 26+2 tests) clean. Live verification queued for s170 redeploy on VM `0069`.

mik-tf referenced this issue from lhumina_code/home 2026-05-27 16:11:11 +00:00

[META] Hero OS demo Phase 3 - complete admin and tester UX #238

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

development

integration

latest

dev

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_os_tfgrid_deployer#12

No description provided.