Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Web/update provider forms for invalidation #11856

Open
wants to merge 12 commits into
base: main
Choose a base branch
from

Commits on Oct 22, 2024

  1. web: Isolate the OAuth2 Provider Form into a reusable rendering function

    - Pull the OAuth2 Provider Form `render()` method out into a standalone function.
      - Why: So it can be shared by both the Wizard and the Provider function. The renderer is (or at
        least, can be) a pure function: you give it input and it produces HTML, *and then it stops*.
    - Provide a test harness that can test the OAuth2 provider form.
    kensternberg-authentik committed Oct 22, 2024
    Configuration menu
    Copy the full SHA
    4af6ecf View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    4439b29 View commit details
    Browse the repository at this point in the history

Commits on Oct 23, 2024

  1. Configuration menu
    Copy the full SHA
    f9f8495 View commit details
    Browse the repository at this point in the history
  2. Merge branch 'main' into web/update-provider-forms-for-invalidation

    * main: (44 commits)
      web/admin: add strict dompurify config for diagram (#11783)
      core: bump cryptography from 43.0.1 to 43.0.3 (#11750)
      web: bump API Client version (#11781)
      sources: add Kerberos (#10815)
      root: rework CSRF middleware to set secure flag (#11753)
      web/admin: improve invalidation flow default & field grouping (#11769)
      providers/scim: add comparison with existing group on update and delta update users (#11414)
      website: bump mermaid from 10.6.0 to 10.9.3 in /website (#11766)
      web/flows: use dompurify for footer links (#11773)
      core, web: update translations (#11775)
      core: bump goauthentik.io/api/v3 from 3.2024083.10 to 3.2024083.11 (#11776)
      website: bump @types/react from 18.3.11 to 18.3.12 in /website (#11777)
      website: bump http-proxy-middleware from 2.0.6 to 2.0.7 in /website (#11771)
      web: bump API Client version (#11770)
      stages: authenticator_endpoint_gdtc (#10477)
      core: add prompt_data to auth flow (#11702)
      tests/e2e: fix dex tests failing (#11761)
      web/rac: disable DPI scaling (#11757)
      web/admin: update flow background (#11758)
      website/docs: fix some broken links (#11742)
      ...
    kensternberg-authentik committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    e497dbc View commit details
    Browse the repository at this point in the history
  3. Merge branch 'main' into web/update-provider-forms-for-invalidation

    * main:
      web/admin: Add InvalidationFlow to Radius Provider dialogues (#11786)
      core, web: update translations (#11782)
      providers/oauth2: fix amr claim not set due to login event not associated (#11780)
    kensternberg-authentik committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    6ff260d View commit details
    Browse the repository at this point in the history
  4. Configuration menu
    Copy the full SHA
    a36cc82 View commit details
    Browse the repository at this point in the history

Commits on Oct 24, 2024

  1. Configuration menu
    Copy the full SHA
    99af95b View commit details
    Browse the repository at this point in the history

Commits on Oct 25, 2024

  1. Almost there!

    kensternberg-authentik committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    c0814ad View commit details
    Browse the repository at this point in the history

Commits on Oct 28, 2024

  1. Merge branch 'main' into web/update-provider-forms-for-invalidation

    * main: (22 commits)
      lifecycle: fix missing krb5 deps for full testing in image (#11815)
      translate: Updates for file web/xliff/en.xlf in zh-Hans (#11810)
      translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11809)
      translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11808)
      web: bump API Client version (#11807)
      core: bump goauthentik.io/api/v3 from 3.2024083.12 to 3.2024083.13 (#11806)
      core: bump ruff from 0.7.0 to 0.7.1 (#11805)
      core: bump twilio from 9.3.4 to 9.3.5 (#11804)
      core, web: update translations (#11803)
      providers/scim: handle no members in group in consistency check (#11801)
      stages/identification: add captcha to identification stage (#11711)
      website/docs: improve root page and redirect (#11798)
      providers/scim: clamp batch size for patch requests (#11797)
      web/admin: fix missing div in wizard forms (#11794)
      providers/proxy: fix handling of AUTHENTIK_HOST_BROWSER (#11722)
      core, web: update translations (#11789)
      core: bump goauthentik.io/api/v3 from 3.2024083.11 to 3.2024083.12 (#11790)
      core: bump gssapi from 1.8.3 to 1.9.0 (#11791)
      web: bump API Client version (#11792)
      stages/authenticator_validate: autoselect last used 2fa device (#11087)
      ...
    kensternberg-authentik committed Oct 28, 2024
    Configuration menu
    Copy the full SHA
    5bd7ced View commit details
    Browse the repository at this point in the history

Commits on Oct 29, 2024

  1. web/admin: Unify the forms for providers between the ./admin/provider…

    …s and ./admin/applications/wizard
    
    ## What
    
    - For LDAP, OAuth2, Radius, SAML, SCIM, and Proxy providers, extract the literal form rendering
      component of each provider into a function.  After all, that's what they are: they take input (the
      render state) and produce output (HTML with event handlers).
    - Rip out all of the forms in the wizard and replace them with ☝️
    - Write E2E tests that exercise *all* of the components in *all* of the forms mentioned. See test
      results.  These tests come in two flavors, "simple" (minimum amount needed to make the provider
      "pass" the backend's parsers) and "complete" (touches every legal field in the form according to
      the authentik `./schema.yml` file).  As a result, every field is validated against the schema
      (although the schema is currently ported into the test by hand.
    - Fixed some serious bugginess in the way the wizard `commit` phase handles errors.
    
    ## Details
    
    ### Providers
    
    In some cases, I broke up the forms into smaller units:
    
    - Proxy, especially, with standalone units now for `renderHttpBasic`, `renderModeSelector`,
    `renderSettings`, and the differing modes)
    - SAML now has a `renderHasSigningKp` object, which makes that part of the code much more readable.
    
    I also extracted a few of static `options` collections into static const objects, so that the form
    object itself would be a bit more readable.
    
    ### Wizard
    
    Just ripped out all of the Provider forms.  All of them.  They weren't going to be needed in our
    glorious new future.
    
    Using the information provided by the `providerTypes` object, it was easy to extract all of the
    information that had once been in `ak-application-wizard-authentication-method-choice.choices`. The
    only thing left now is the renderers, one for each of the forms ripped out. Everything else is just
    gone.
    
    As a result, though, that's no longer a static list. It has to be derived from information sent via
    the API.  So now it's in a context that's built when the wizard is initialized, and accessed by the
    `createTypes` pass as well as the specific provider.
    
    The error handling in the `commit` pass was just broken.  I have improved it quite a bit, and now it
    actually displays helpful messages when things go wrong.
    
    ### Tests
    
    Wrote a simple test runner that iterates through a collection of fields, setting their values via
    field-type instructions contained in each line. For example, the "simple" OAuth2 Provider test looks
    like this:
    
    ```
    export const simpleOAuth2ProviderForm: TestProvider = () => [
        [setTypeCreate, "selectProviderType", "OAuth2/OpenID Provider"],
        [clickButton, "Next"],
        [setTextInput, "name", newObjectName("New Oauth2 Provider")],
        [setSearchSelect, "authorizationFlow", /default-provider-authorization-explicit-consent/],
    ];
    ```
    
    Each control checks for the existence of the object, and in most cases its current `display`.
    (SearchSelect only checks existence, due to the oddness of the portaled popup.)  Where a field can't
    reasonably be modified and still pass, we at least verify that the name provided in `schema.yml`
    corresponds to an existing, available control on the form or wizard panel.
    
    Combined with a routine for logging in and navigating to the Provider page, and another one to
    validate that a new and uniqute "Successfully Created Provider" notification appeared, this makes
    testing each provider a simple message of filling out the table of fields you want populated.
    
    Equally simple: these *exact same tests* can be incorporated into a wrapper for logging in,
    navigating to the Application page, and filling out an Application, and then a new and unique
    Provider for that Application, by Provider Type.
    
    As a special case, the Wizard variant checks the `TestSequence` object returned by the
    `TestProvider` function and removes the `name` field, since the Wizard pre-populates that
    automatically.
    
    As a result of this, the contents of `./web/src` has lost 1,504 lines of code. And results like
    these, where the behavior has been cross-checked three ways (the forms, the tests (and so the
    back-end), *and the schema* all agree on field names and behaviors, gives me much more confidence
    that the refactor works as expected:
    
    ```
    [chrome 130.0.6723.70 mac #0-1] Running: chrome (v130.0.6723.70) on mac
    [chrome 130.0.6723.70 mac #0-1] Session ID: 039c70690eebc83ffbc2eef97043c774
    [chrome 130.0.6723.70 mac #0-1]
    [chrome 130.0.6723.70 mac #0-1] » /tests/specs/providers.ts
    [chrome 130.0.6723.70 mac #0-1] Configuring Providers
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Simple LDAP provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Simple OAuth2 provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Simple Radius provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Simple SAML provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Simple SCIM provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Simple Proxy provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Simple Forward Auth (single application) provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Simple Forward Auth (domain level) provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Complete OAuth2 provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Complete LDAP provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Complete Radius provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Complete SAML provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Complete SCIM provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Complete Proxy provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Complete Forward Auth (single application) provider
    [chrome 130.0.6723.70 mac #0-1]    ✓ Should successfully configure a Complete Forward Auth (domain level) provider
    [chrome 130.0.6723.70 mac #0-1]
    [chrome 130.0.6723.70 mac #0-1] 16 passing (1m 48.5s)
    ------------------------------------------------------------------
    [chrome 130.0.6723.70 mac #0-2] Running: chrome (v130.0.6723.70) on mac
    [chrome 130.0.6723.70 mac #0-2] Session ID: 5a3ae12c851eff8fffd2686096759146
    [chrome 130.0.6723.70 mac #0-2]
    [chrome 130.0.6723.70 mac #0-2] » /tests/specs/new-application-by-wizard.ts
    [chrome 130.0.6723.70 mac #0-2] Configuring Applications Via the Wizard
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Simple LDAP provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Simple OAuth2 provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Simple Radius provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Simple SAML provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Simple SCIM provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Simple Proxy provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Simple Forward Auth (single) provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Simple Forward Auth (domain) provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Complete OAuth2 provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Complete LDAP provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Complete Radius provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Complete SAML provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Complete SCIM provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Complete Proxy provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Complete Forward Auth (single) provider
    [chrome 130.0.6723.70 mac #0-2]    ✓ Should successfully configure an application with a Complete Forward Auth (domain) provider
    [chrome 130.0.6723.70 mac #0-2]
    [chrome 130.0.6723.70 mac #0-2] 16 passing (2m 3s)
    ```
    
    🎉
    kensternberg-authentik committed Oct 29, 2024
    Configuration menu
    Copy the full SHA
    807e2a9 View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    11bc9b8 View commit details
    Browse the repository at this point in the history
  3. Merge branch 'main' into web/update-provider-forms-for-invalidation

    * main:
      web/admin: fix code-based MFA toggle not working in wizard (#11854)
      sources/kerberos: add kiprop to ignored system principals (#11852)
      translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11846)
      translate: Updates for file locale/en/LC_MESSAGES/django.po in it (#11845)
      translate: Updates for file web/xliff/en.xlf in zh_CN (#11847)
      translate: Updates for file web/xliff/en.xlf in zh-Hans (#11848)
      translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11849)
      translate: Updates for file web/xliff/en.xlf in it (#11850)
      website: 2024.10 Release Notes (#11839)
      translate: Updates for file web/xliff/en.xlf in zh-Hans (#11814)
      core, web: update translations (#11821)
      core: bump goauthentik.io/api/v3 from 3.2024083.13 to 3.2024083.14 (#11830)
      core: bump service-identity from 24.1.0 to 24.2.0 (#11831)
      core: bump twilio from 9.3.5 to 9.3.6 (#11832)
      core: bump pytest-randomly from 3.15.0 to 3.16.0 (#11833)
      website/docs: Update social-logins github (#11822)
      website/docs: remove � (#11823)
      lifecycle: fix kdc5-config missing (#11826)
      website/docs: update preview status of different features (#11817)
    kensternberg-authentik committed Oct 29, 2024
    Configuration menu
    Copy the full SHA
    401850c View commit details
    Browse the repository at this point in the history