Skip to content

Custom login base domain using GUI whitelabel themes#13412

Merged
DaanHoogland merged 2 commits into
apache:mainfrom
scclouds:base-domain-name-in-authentication
Jul 2, 2026
Merged

Custom login base domain using GUI whitelabel themes#13412
DaanHoogland merged 2 commits into
apache:mainfrom
scclouds:base-domain-name-in-authentication

Conversation

@hsato03

@hsato03 hsato03 commented Jun 12, 2026

Copy link
Copy Markdown
Member

Description

When logging in via the ACS GUI, if the user does not belong to the ROOT domain, its full domain path must be specified.

With that, the GUI whitelabel runtime system has been extended with the loginBaseDomain parameter, which allows administrators to specify a base domain for a theme, enabling users to log in without specifying the domain or by providing the domain relative path.

For example, when creating a theme specifying the /domain1/ domain as the base, instead of the user typing /domain1/domain2 when logging in, they will only need to provide domain2.

Furthermore, the new parameter only works with the commonNames parameter.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • Build/CI
  • Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

  1. I created the domain d1;
  2. I created a theme with loginBaseDomain being d1;
(local) 👻 > create guitheme name=theme css="@import url('https://arquivos.scclouds.com.br/css-themes/scclouds-theme.css')" loginbasedomain="d1" commonnames="d1.local" ispublic=true
{
  "guiThemes": {
    "commonnames": "d1.local",
    "created": "2026-06-12T18:12:32+0000",
    "css": "@import url('https://arquivos.scclouds.com.br/css-themes/scclouds-theme.css')",
    "id": "fad8fdcb-0dc2-4c02-9f68-e7ec6c2032bd",
    "ispublic": true,
    "loginbasedomain": "d1",
    "name": "theme",
    "recursivedomains": false
  }
}
  1. When accessing the ACS GUI via the d1.local URL, I verified that it was not necessary to specify the domain to access a d1 account;
  2. When accessing the ACS GUI using any other URL (via IP address, for example), I verified that it was necessary to enter the domain to access a d1 account.

How did you try to break this feature and the system with this change?

@hsato03

hsato03 commented Jun 12, 2026

Copy link
Copy Markdown
Member Author

@blueorangutan package

@blueorangutan

Copy link
Copy Markdown

@hsato03 a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress.

@codecov

codecov Bot commented Jun 12, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 10.52632% with 34 lines in your changes missing coverage. Please review.
✅ Project coverage is 18.94%. Comparing base (06aebb6) to head (8ef6e7f).
⚠️ Report is 39 commits behind head on main.

Files with missing lines Patch % Lines
...ache/cloudstack/gui/theme/GuiThemeServiceImpl.java 23.52% 13 Missing ⚠️
...ache/cloudstack/api/response/GuiThemeResponse.java 0.00% 6 Missing ⚠️
...va/org/apache/cloudstack/gui/theme/GuiThemeVO.java 0.00% 5 Missing ⚠️
.../api/command/user/gui/theme/CreateGuiThemeCmd.java 0.00% 3 Missing ⚠️
.../api/command/user/gui/theme/UpdateGuiThemeCmd.java 0.00% 3 Missing ⚠️
...rg/apache/cloudstack/gui/theme/GuiThemeJoinVO.java 0.00% 3 Missing ⚠️
...src/main/java/com/cloud/api/ApiResponseHelper.java 0.00% 1 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##               main   #13412      +/-   ##
============================================
- Coverage     18.94%   18.94%   -0.01%     
  Complexity    18366    18366              
============================================
  Files          6192     6192              
  Lines        556361   556395      +34     
  Branches      67908    67909       +1     
============================================
+ Hits         105407   105410       +3     
- Misses       439383   439412      +29     
- Partials      11571    11573       +2     
Flag Coverage Δ
uitests 3.51% <ø> (-0.01%) ⬇️
unittests 20.15% <10.52%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@hsato03 hsato03 added this to the 4.23.0 milestone Jun 12, 2026
@blueorangutan

Copy link
Copy Markdown

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✖️ debian ✔️ suse15. SL-JID 18245

@github-actions

Copy link
Copy Markdown

This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.

@blueorangutan

Copy link
Copy Markdown

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 18407

@DaanHoogland

Copy link
Copy Markdown
Contributor

@blueorangutan test

@DaanHoogland

Copy link
Copy Markdown
Contributor

@winterhazel @weizhouapache , is testing for this planned somehow, or should we postpone?

@winterhazel

Copy link
Copy Markdown
Member

@DaanHoogland I will test this one. We can include it in 4.23

@winterhazel winterhazel self-assigned this Jun 29, 2026

@winterhazel winterhazel left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code looks good. Also tested manually:

  1. I created domains d1 and d1/d2
  2. I created a theme for http://d1.local/ with d1 as the loginbasedomain
     (admin) 🐱 > create guitheme name=d1 css="@import url('http://192.168.10.1/test-theme.css')" loginbasedomain="d1" commonnames="d1.local" ispublic=true
     {
       "guiThemes": {
         "commonnames": "d1.local",
         "created": "2026-07-01T23:22:35-0300",
         "css": "@import url('http://192.168.10.1/test-theme.css')",
         "id": "b4be7e7b-1732-469d-bfb2-b12c1cecf10c",
         "ispublic": true,
         "loginbasedomain": "d1",
         "name": "d1",
         "recursivedomains": false
       }
     }
  3. I verified that, when accessing the portal through http://d1.local/, I could log into accounts from d1 without having to enter the domain.
  4. I verified that, when accessing the portal through http://d1.local/,, I could log into accounts from d1/d2 by entering d2 as the domain.
  5. I verified that it was still possible to login in root and subdomains when accessing via a URL that does not have any associated theme.

@winterhazel winterhazel requested a review from erikbocks July 2, 2026 02:25
@winterhazel winterhazel removed their assignment Jul 2, 2026

@Tonitzpp Tonitzpp left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CLGTM, tests that I made:

  1. I created 2 domains: d1 and d1/d1d1;
  2. I created a theme with d1 as the loginbasedomain:
🐱 > create guitheme name=theme css="@import url('https://arquivos.scclouds.com.br/css-themes/scclouds-theme.css')" loginbasedomain="d1" commonnames="d1.local" ispublic=true
{
  "guiThemes": {
    "commonnames": "d1.local",
    "created": "2026-07-02T11:31:51+0000",
    "css": "@import url('https://arquivos.scclouds.com.br/css-themes/scclouds-theme.css')",
    "id": "11dd27d7-41d0-4e60-9754-d57a8b2b891c",
    "ispublic": true,
    "loginbasedomain": "d1",
    "name": "theme",
    "recursivedomains": false
  }
}
  1. I verified that, when accessing the GUI through d1.local, I could log into accounts from d1 without having to enter the domain.
  2. I verified that, when accessing the GUI through d1.local, I could log into accounts from d1/d1d1 by entering d1d1 as the domain.
  3. When accessing the GUI using the URL that does not have any associated theme, I verified that it was necessary to enter the domain to access a d1 account.
  4. When accessing the GUI using the URL that does not have any associated theme, I verified that it was still possible to login in root and subdomains.

@DaanHoogland DaanHoogland merged commit 6f30b0d into apache:main Jul 2, 2026
25 of 27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants