-
-
Notifications
You must be signed in to change notification settings - Fork 891
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Web/update provider forms for invalidation #11856
Open
kensternberg-authentik
wants to merge
12
commits into
main
Choose a base branch
from
web/update-provider-forms-for-invalidation
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
4af6ecf
web: Isolate the OAuth2 Provider Form into a reusable rendering function
kensternberg-authentik 4439b29
Still trying to find components by internal text. Still not working.
kensternberg-authentik f9f8495
We have working tests!!!!!!
kensternberg-authentik e497dbc
Merge branch 'main' into web/update-provider-forms-for-invalidation
kensternberg-authentik 6ff260d
Merge branch 'main' into web/update-provider-forms-for-invalidation
kensternberg-authentik a36cc82
Radius form has been isolated.
kensternberg-authentik 99af95b
Committed harmony on SAML. Streamlined the tests even further.
kensternberg-authentik c0814ad
Almost there!
kensternberg-authentik 5bd7ced
Merge branch 'main' into web/update-provider-forms-for-invalidation
kensternberg-authentik 807e2a9
web/admin: Unify the forms for providers between the ./admin/provider…
kensternberg-authentik 11bc9b8
Not sure how *that* got lost, but...
kensternberg-authentik 401850c
Merge branch 'main' into web/update-provider-forms-for-invalidation
kensternberg-authentik File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,12 @@ | ||
import { createContext } from "@lit/context"; | ||
|
||
import { LocalTypeCreate } from "./auth-method-choice/ak-application-wizard-authentication-method-choice.choices.js"; | ||
import { ApplicationWizardState } from "./types"; | ||
|
||
export const applicationWizardContext = createContext<ApplicationWizardState>( | ||
Symbol("ak-application-wizard-state-context"), | ||
); | ||
|
||
export const applicationWizardProvidersContext = createContext<LocalTypeCreate[]>( | ||
Symbol("ak-application-wizard-providers-context"), | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
182 changes: 17 additions & 165 deletions
182
...s/wizard/auth-method-choice/ak-application-wizard-authentication-method-choice.choices.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,176 +1,28 @@ | ||
import "@goauthentik/admin/common/ak-license-notice"; | ||
|
||
import { msg } from "@lit/localize"; | ||
import { TemplateResult, html } from "lit"; | ||
|
||
import type { ProviderModelEnum as ProviderModelEnumType, TypeCreate } from "@goauthentik/api"; | ||
import { ProviderModelEnum, ProxyMode } from "@goauthentik/api"; | ||
import type { | ||
LDAPProviderRequest, | ||
ModelRequest, | ||
OAuth2ProviderRequest, | ||
ProxyProviderRequest, | ||
RACProviderRequest, | ||
RadiusProviderRequest, | ||
SAMLProviderRequest, | ||
SCIMProviderRequest, | ||
} from "@goauthentik/api"; | ||
|
||
import { OneOfProvider } from "../types"; | ||
import type { TypeCreate } from "@goauthentik/api"; | ||
|
||
type ProviderRenderer = () => TemplateResult; | ||
|
||
type ModelConverter = (provider: OneOfProvider) => ModelRequest; | ||
|
||
type ProviderNoteProvider = () => TemplateResult | undefined; | ||
type ProviderNote = ProviderNoteProvider | undefined; | ||
|
||
export type LocalTypeCreate = TypeCreate & { | ||
formName: string; | ||
modelName: ProviderModelEnumType; | ||
converter: ModelConverter; | ||
note?: ProviderNote; | ||
renderer: ProviderRenderer; | ||
}; | ||
|
||
export const providerModelsList: LocalTypeCreate[] = [ | ||
{ | ||
formName: "oauth2provider", | ||
name: msg("OAuth2/OIDC (Open Authorization/OpenID Connect)"), | ||
description: msg("Modern applications, APIs and Single-page applications."), | ||
renderer: () => | ||
html`<ak-application-wizard-authentication-by-oauth></ak-application-wizard-authentication-by-oauth>`, | ||
modelName: ProviderModelEnum.Oauth2Oauth2provider, | ||
converter: (provider: OneOfProvider) => ({ | ||
providerModel: ProviderModelEnum.Oauth2Oauth2provider, | ||
...(provider as OAuth2ProviderRequest), | ||
}), | ||
component: "", | ||
iconUrl: "/static/authentik/sources/openidconnect.svg", | ||
}, | ||
{ | ||
formName: "ldapprovider", | ||
name: msg("LDAP (Lightweight Directory Access Protocol)"), | ||
description: msg( | ||
"Provide an LDAP interface for applications and users to authenticate against.", | ||
), | ||
renderer: () => | ||
html`<ak-application-wizard-authentication-by-ldap></ak-application-wizard-authentication-by-ldap>`, | ||
modelName: ProviderModelEnum.LdapLdapprovider, | ||
converter: (provider: OneOfProvider) => ({ | ||
providerModel: ProviderModelEnum.LdapLdapprovider, | ||
...(provider as LDAPProviderRequest), | ||
}), | ||
component: "", | ||
iconUrl: "/static/authentik/sources/ldap.png", | ||
}, | ||
{ | ||
formName: "proxyprovider-proxy", | ||
name: msg("Transparent Reverse Proxy"), | ||
description: msg("For transparent reverse proxies with required authentication"), | ||
renderer: () => | ||
html`<ak-application-wizard-authentication-for-reverse-proxy></ak-application-wizard-authentication-for-reverse-proxy>`, | ||
modelName: ProviderModelEnum.ProxyProxyprovider, | ||
converter: (provider: OneOfProvider) => ({ | ||
providerModel: ProviderModelEnum.ProxyProxyprovider, | ||
...(provider as ProxyProviderRequest), | ||
mode: ProxyMode.Proxy, | ||
}), | ||
component: "", | ||
iconUrl: "/static/authentik/sources/proxy.svg", | ||
}, | ||
{ | ||
formName: "proxyprovider-forwardsingle", | ||
name: msg("Forward Auth (Single Application)"), | ||
description: msg("For nginx's auth_request or traefik's forwardAuth"), | ||
renderer: () => | ||
html`<ak-application-wizard-authentication-for-single-forward-proxy></ak-application-wizard-authentication-for-single-forward-proxy>`, | ||
modelName: ProviderModelEnum.ProxyProxyprovider, | ||
converter: (provider: OneOfProvider) => ({ | ||
providerModel: ProviderModelEnum.ProxyProxyprovider, | ||
...(provider as ProxyProviderRequest), | ||
mode: ProxyMode.ForwardSingle, | ||
}), | ||
component: "", | ||
iconUrl: "/static/authentik/sources/proxy.svg", | ||
}, | ||
{ | ||
formName: "proxyprovider-forwarddomain", | ||
name: msg("Forward Auth (Domain Level)"), | ||
description: msg("For nginx's auth_request or traefik's forwardAuth per root domain"), | ||
renderer: () => | ||
html`<ak-application-wizard-authentication-for-forward-proxy-domain></ak-application-wizard-authentication-for-forward-proxy-domain>`, | ||
modelName: ProviderModelEnum.ProxyProxyprovider, | ||
converter: (provider: OneOfProvider) => ({ | ||
providerModel: ProviderModelEnum.ProxyProxyprovider, | ||
...(provider as ProxyProviderRequest), | ||
mode: ProxyMode.ForwardDomain, | ||
}), | ||
component: "", | ||
iconUrl: "/static/authentik/sources/proxy.svg", | ||
}, | ||
{ | ||
formName: "racprovider", | ||
name: msg("Remote Access Provider"), | ||
description: msg("Remotely access computers/servers via RDP/SSH/VNC"), | ||
renderer: () => | ||
html`<ak-application-wizard-authentication-for-rac></ak-application-wizard-authentication-for-rac>`, | ||
modelName: ProviderModelEnum.RacRacprovider, | ||
converter: (provider: OneOfProvider) => ({ | ||
providerModel: ProviderModelEnum.RacRacprovider, | ||
...(provider as RACProviderRequest), | ||
}), | ||
note: () => html`<ak-license-notice></ak-license-notice>`, | ||
requiresEnterprise: true, | ||
component: "", | ||
iconUrl: "/static/authentik/sources/rac.svg", | ||
}, | ||
{ | ||
formName: "samlprovider", | ||
name: msg("SAML (Security Assertion Markup Language)"), | ||
description: msg("Configure SAML provider manually"), | ||
renderer: () => | ||
html`<ak-application-wizard-authentication-by-saml-configuration></ak-application-wizard-authentication-by-saml-configuration>`, | ||
modelName: ProviderModelEnum.SamlSamlprovider, | ||
converter: (provider: OneOfProvider) => ({ | ||
providerModel: ProviderModelEnum.SamlSamlprovider, | ||
...(provider as SAMLProviderRequest), | ||
}), | ||
component: "", | ||
iconUrl: "/static/authentik/sources/saml.png", | ||
}, | ||
{ | ||
formName: "radiusprovider", | ||
name: msg("RADIUS (Remote Authentication Dial-In User Service)"), | ||
description: msg("Configure RADIUS provider manually"), | ||
renderer: () => | ||
html`<ak-application-wizard-authentication-by-radius></ak-application-wizard-authentication-by-radius>`, | ||
modelName: ProviderModelEnum.RadiusRadiusprovider, | ||
converter: (provider: OneOfProvider) => ({ | ||
providerModel: ProviderModelEnum.RadiusRadiusprovider, | ||
...(provider as RadiusProviderRequest), | ||
}), | ||
component: "", | ||
iconUrl: "/static/authentik/sources/radius.svg", | ||
}, | ||
{ | ||
formName: "scimprovider", | ||
name: msg("SCIM (System for Cross-domain Identity Management)"), | ||
description: msg("Configure SCIM provider manually"), | ||
renderer: () => | ||
html`<ak-application-wizard-authentication-by-scim></ak-application-wizard-authentication-by-scim>`, | ||
modelName: ProviderModelEnum.ScimScimprovider, | ||
converter: (provider: OneOfProvider) => ({ | ||
providerModel: ProviderModelEnum.ScimScimprovider, | ||
...(provider as SCIMProviderRequest), | ||
}), | ||
component: "", | ||
iconUrl: "/static/authentik/sources/scim.png", | ||
}, | ||
]; | ||
|
||
export const providerRendererList = new Map<string, ProviderRenderer>( | ||
providerModelsList.map((tc) => [tc.formName, tc.renderer]), | ||
); | ||
|
||
export default providerModelsList; | ||
export const providerTypeRenderers: Record<string, () => TemplateResult> = { | ||
oauth2provider: () => | ||
html`<ak-application-wizard-authentication-by-oauth></ak-application-wizard-authentication-by-oauth>`, | ||
ldapprovider: () => | ||
html`<ak-application-wizard-authentication-by-ldap></ak-application-wizard-authentication-by-ldap>`, | ||
proxyprovider: () => | ||
html`<ak-application-wizard-authentication-for-reverse-proxy></ak-application-wizard-authentication-for-reverse-proxy>`, | ||
racprovider: () => | ||
html`<ak-application-wizard-authentication-for-rac></ak-application-wizard-authentication-for-rac>`, | ||
samlprovider: () => | ||
html`<ak-application-wizard-authentication-by-saml-configuration></ak-application-wizard-authentication-by-saml-configuration>`, | ||
radiusprovider: () => | ||
html`<ak-application-wizard-authentication-by-radius></ak-application-wizard-authentication-by-radius>`, | ||
scimprovider: () => | ||
html`<ak-application-wizard-authentication-by-scim></ak-application-wizard-authentication-by-scim>`, | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,41 +7,37 @@ import "@goauthentik/elements/forms/HorizontalFormElement"; | |
import "@goauthentik/elements/wizard/TypeCreateWizardPage"; | ||
import { TypeCreateWizardPageLayouts } from "@goauthentik/elements/wizard/TypeCreateWizardPage"; | ||
|
||
import { consume } from "@lit/context"; | ||
import { msg } from "@lit/localize"; | ||
import { customElement } from "@lit/reactive-element/decorators/custom-element.js"; | ||
import { html } from "lit"; | ||
|
||
import BasePanel from "../BasePanel"; | ||
import { applicationWizardProvidersContext } from "../ContextIdentity"; | ||
import type { LocalTypeCreate } from "./ak-application-wizard-authentication-method-choice.choices"; | ||
import providerModelsList from "./ak-application-wizard-authentication-method-choice.choices"; | ||
|
||
@customElement("ak-application-wizard-authentication-method-choice") | ||
export class ApplicationWizardAuthenticationMethodChoice extends WithLicenseSummary(BasePanel) { | ||
@consume({ context: applicationWizardProvidersContext }) | ||
public providerModelsList!: LocalTypeCreate[]; | ||
|
||
render() { | ||
const selectedTypes = providerModelsList.filter( | ||
(t) => t.formName === this.wizard.providerModel, | ||
const selectedTypes = this.providerModelsList.filter( | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Since I'm using the form as provided by the ProxyProviderForm, I no longer need this distinction. They're just modelNames now. |
||
(t) => t.modelName === this.wizard.providerModel, | ||
); | ||
|
||
// As a hack, the Application wizard has separate provider paths for our three types of | ||
// proxy providers. This patch swaps the form we want to be directed to on page 3 from the | ||
// modelName to the formName, so we get the right one. This information isn't modified | ||
// or forwarded, so the proxy-plus-subtype is correctly mapped on submission. | ||
const typesForWizard = providerModelsList.map((provider) => ({ | ||
...provider, | ||
modelName: provider.formName, | ||
})); | ||
|
||
return providerModelsList.length > 0 | ||
return this.providerModelsList.length > 0 | ||
? html`<form class="pf-c-form pf-m-horizontal"> | ||
<ak-wizard-page-type-create | ||
.types=${typesForWizard} | ||
.types=${this.providerModelsList} | ||
name="selectProviderType" | ||
layout=${TypeCreateWizardPageLayouts.grid} | ||
.selectedType=${selectedTypes.length > 0 ? selectedTypes[0] : undefined} | ||
@select=${(ev: CustomEvent<LocalTypeCreate>) => { | ||
this.dispatchWizardUpdate({ | ||
update: { | ||
...this.wizard, | ||
providerModel: ev.detail.formName, | ||
providerModel: ev.detail.modelName, | ||
errors: {}, | ||
}, | ||
status: this.valid ? "valid" : "invalid", | ||
|
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By removing all the static provider choices, I can now rely on the ProvidersApi to give me that list instead.