2021-05-04 10:02:16 +00:00
|
|
|
import { OAuthSource, SourcesApi, FlowsApi, FlowDesignationEnum, OAuthSourceUserMatchingModeEnum } from "authentik-api";
|
2021-04-03 17:26:43 +00:00
|
|
|
import { t } from "@lingui/macro";
|
2021-04-02 13:15:19 +00:00
|
|
|
import { customElement, property } from "lit-element";
|
|
|
|
|
import { html, TemplateResult } from "lit-html";
|
|
|
|
|
import { DEFAULT_CONFIG } from "../../../api/Config";
|
|
|
|
|
import { Form } from "../../../elements/forms/Form";
|
|
|
|
|
import "../../../elements/forms/FormGroup";
|
|
|
|
|
import "../../../elements/forms/HorizontalFormElement";
|
|
|
|
|
import { ifDefined } from "lit-html/directives/if-defined";
|
|
|
|
|
import { until } from "lit-html/directives/until";
|
2021-04-03 22:36:53 +00:00
|
|
|
import { first } from "../../../utils";
|
2021-05-06 12:40:02 +00:00
|
|
|
import { AppURLManager } from "../../../api/legacy";
|
2021-04-02 13:15:19 +00:00
|
|
|
|
|
|
|
|
@customElement("ak-source-oauth-form")
|
|
|
|
|
export class OAuthSourceForm extends Form<OAuthSource> {
|
|
|
|
|
|
|
|
|
|
set sourceSlug(value: string) {
|
|
|
|
|
new SourcesApi(DEFAULT_CONFIG).sourcesOauthRead({
|
|
|
|
|
slug: value,
|
|
|
|
|
}).then(source => {
|
|
|
|
|
this.source = source;
|
2021-04-03 22:36:53 +00:00
|
|
|
this.showUrlOptions = first(source.type?.urlsCustomizable, false);
|
2021-04-02 13:15:19 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-17 17:16:23 +00:00
|
|
|
@property()
|
|
|
|
|
modelName?: string;
|
|
|
|
|
|
2021-04-02 13:15:19 +00:00
|
|
|
@property({attribute: false})
|
|
|
|
|
source?: OAuthSource;
|
|
|
|
|
|
|
|
|
|
@property({type: Boolean})
|
|
|
|
|
showUrlOptions = false;
|
|
|
|
|
|
2021-04-17 19:13:33 +00:00
|
|
|
@property({type: Boolean})
|
|
|
|
|
showRequestTokenURL = false;
|
|
|
|
|
|
2021-04-02 13:15:19 +00:00
|
|
|
getSuccessMessage(): string {
|
|
|
|
|
if (this.source) {
|
2021-04-03 17:26:43 +00:00
|
|
|
return t`Successfully updated source.`;
|
2021-04-02 13:15:19 +00:00
|
|
|
} else {
|
2021-04-03 17:26:43 +00:00
|
|
|
return t`Successfully created source.`;
|
2021-04-02 13:15:19 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
send = (data: OAuthSource): Promise<OAuthSource> => {
|
|
|
|
|
if (this.source) {
|
|
|
|
|
return new SourcesApi(DEFAULT_CONFIG).sourcesOauthUpdate({
|
|
|
|
|
slug: this.source.slug,
|
|
|
|
|
data: data
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
return new SourcesApi(DEFAULT_CONFIG).sourcesOauthCreate({
|
|
|
|
|
data: data
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
renderUrlOptions(): TemplateResult {
|
|
|
|
|
if (!this.showUrlOptions) {
|
|
|
|
|
return html``;
|
|
|
|
|
}
|
|
|
|
|
return html`
|
|
|
|
|
<ak-form-group>
|
|
|
|
|
<span slot="header">
|
2021-04-03 17:26:43 +00:00
|
|
|
${t`URL settings`}
|
2021-04-02 13:15:19 +00:00
|
|
|
</span>
|
|
|
|
|
<div slot="body" class="pf-c-form">
|
|
|
|
|
<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Authorization URL`}
|
2021-04-02 13:15:19 +00:00
|
|
|
?required=${true}
|
|
|
|
|
name="authorizationUrl">
|
2021-04-17 19:13:33 +00:00
|
|
|
<input type="text" value="${first(this.source?.authorizationUrl, "")}" class="pf-c-form-control" required>
|
2021-04-03 17:26:43 +00:00
|
|
|
<p class="pf-c-form__helper-text">${t`URL the user is redirect to to consent the authorization.`}</p>
|
2021-04-02 13:15:19 +00:00
|
|
|
</ak-form-element-horizontal>
|
|
|
|
|
<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Access token URL`}
|
2021-04-02 13:15:19 +00:00
|
|
|
?required=${true}
|
|
|
|
|
name="accessTokenUrl">
|
2021-04-17 19:13:33 +00:00
|
|
|
<input type="text" value="${first(this.source?.accessTokenUrl, "")}" class="pf-c-form-control" required>
|
2021-04-03 17:26:43 +00:00
|
|
|
<p class="pf-c-form__helper-text">${t`URL used by authentik to retrieve tokens.`}</p>
|
2021-04-02 13:15:19 +00:00
|
|
|
</ak-form-element-horizontal>
|
|
|
|
|
<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Profile URL`}
|
2021-04-02 13:15:19 +00:00
|
|
|
?required=${true}
|
|
|
|
|
name="profileUrl">
|
2021-04-17 19:13:33 +00:00
|
|
|
<input type="text" value="${first(this.source?.profileUrl, "")}" class="pf-c-form-control" required>
|
2021-04-03 17:26:43 +00:00
|
|
|
<p class="pf-c-form__helper-text">${t`URL used by authentik to get user information.`}</p>
|
2021-04-02 13:15:19 +00:00
|
|
|
</ak-form-element-horizontal>
|
2021-04-17 19:13:33 +00:00
|
|
|
${this.showRequestTokenURL ? html`<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Request token URL`}
|
2021-04-02 13:15:19 +00:00
|
|
|
name="requestTokenUrl">
|
2021-04-17 19:13:33 +00:00
|
|
|
<input type="text" value="${first(this.source?.requestTokenUrl, "")}" class="pf-c-form-control">
|
2021-04-03 17:26:43 +00:00
|
|
|
<p class="pf-c-form__helper-text">${t`URL used to request the initial token. This URL is only required for OAuth 1.`}</p>
|
2021-04-02 13:15:19 +00:00
|
|
|
</ak-form-element-horizontal>
|
2021-04-17 19:13:33 +00:00
|
|
|
` : html``}
|
2021-04-02 13:15:19 +00:00
|
|
|
</div>
|
|
|
|
|
</ak-form-group>`;
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-06 12:40:02 +00:00
|
|
|
getRedirectURI(slug?: string): string {
|
|
|
|
|
if (!slug) {
|
|
|
|
|
return "";
|
|
|
|
|
}
|
|
|
|
|
const path = AppURLManager.sourceOAuth(slug, "callback");
|
|
|
|
|
return `${window.location.protocol}//${window.location.host}${path}`;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-02 13:15:19 +00:00
|
|
|
renderForm(): TemplateResult {
|
|
|
|
|
return html`<form class="pf-c-form pf-m-horizontal">
|
|
|
|
|
<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Name`}
|
2021-04-02 13:15:19 +00:00
|
|
|
?required=${true}
|
|
|
|
|
name="name">
|
|
|
|
|
<input type="text" value="${ifDefined(this.source?.name)}" class="pf-c-form-control" required>
|
|
|
|
|
</ak-form-element-horizontal>
|
|
|
|
|
<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Slug`}
|
2021-04-02 13:15:19 +00:00
|
|
|
?required=${true}
|
|
|
|
|
name="slug">
|
2021-05-06 12:40:02 +00:00
|
|
|
<input type="text" value="${ifDefined(this.source?.slug)}" class="pf-c-form-control" required @input=${(ev: Event) => {
|
|
|
|
|
const current = (ev.target as HTMLInputElement).value;
|
|
|
|
|
const label = this.shadowRoot?.querySelector<HTMLSpanElement>("#callback-url");
|
|
|
|
|
if (!label) return;
|
|
|
|
|
label.innerText = this.getRedirectURI(current);
|
|
|
|
|
}}>
|
|
|
|
|
<p class="pf-c-form__helper-text">
|
|
|
|
|
${t`Use this redirect URL:`}
|
|
|
|
|
<span id="callback-url">${this.getRedirectURI(this.source?.slug)}</span>
|
|
|
|
|
</p>
|
2021-04-02 13:15:19 +00:00
|
|
|
</ak-form-element-horizontal>
|
|
|
|
|
<ak-form-element-horizontal name="enabled">
|
|
|
|
|
<div class="pf-c-check">
|
2021-04-03 22:36:53 +00:00
|
|
|
<input type="checkbox" class="pf-c-check__input" ?checked=${first(this.source?.enabled, true)}>
|
2021-04-02 13:15:19 +00:00
|
|
|
<label class="pf-c-check__label">
|
2021-04-03 17:26:43 +00:00
|
|
|
${t`Enabled`}
|
2021-04-02 13:15:19 +00:00
|
|
|
</label>
|
|
|
|
|
</div>
|
|
|
|
|
</ak-form-element-horizontal>
|
2021-05-04 10:02:16 +00:00
|
|
|
<ak-form-element-horizontal
|
|
|
|
|
label=${t`User matching mode`}
|
|
|
|
|
?required=${true}
|
|
|
|
|
name="userMatchingMode">
|
|
|
|
|
<select class="pf-c-form-control">
|
|
|
|
|
<option value=${OAuthSourceUserMatchingModeEnum.Identifier} ?selected=${this.source?.userMatchingMode === OAuthSourceUserMatchingModeEnum.Identifier}>
|
|
|
|
|
${t`Link users on unique identifier`}
|
|
|
|
|
</option>
|
|
|
|
|
<option value=${OAuthSourceUserMatchingModeEnum.UsernameLink} ?selected=${this.source?.userMatchingMode === OAuthSourceUserMatchingModeEnum.UsernameLink}>
|
|
|
|
|
${t`Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses`}
|
|
|
|
|
</option>
|
|
|
|
|
<option value=${OAuthSourceUserMatchingModeEnum.UsernameDeny} ?selected=${this.source?.userMatchingMode === OAuthSourceUserMatchingModeEnum.UsernameDeny}>
|
|
|
|
|
${t`Use the user's email address, but deny enrollment when the email address already exists.`}
|
|
|
|
|
</option>
|
|
|
|
|
<option value=${OAuthSourceUserMatchingModeEnum.EmailLink} ?selected=${this.source?.userMatchingMode === OAuthSourceUserMatchingModeEnum.EmailLink}>
|
|
|
|
|
${t`Link to a user with identical username address. Can have security implications when a username is used with another source.`}
|
|
|
|
|
</option>
|
|
|
|
|
<option value=${OAuthSourceUserMatchingModeEnum.EmailDeny} ?selected=${this.source?.userMatchingMode === OAuthSourceUserMatchingModeEnum.EmailDeny}>
|
|
|
|
|
${t`Use the user's username, but deny enrollment when the username already exists.`}
|
|
|
|
|
</option>
|
|
|
|
|
</select>
|
|
|
|
|
</ak-form-element-horizontal>
|
2021-04-02 13:15:19 +00:00
|
|
|
|
|
|
|
|
<ak-form-group .expanded=${true}>
|
|
|
|
|
<span slot="header">
|
2021-04-03 17:26:43 +00:00
|
|
|
${t`Protocol settings`}
|
2021-04-02 13:15:19 +00:00
|
|
|
</span>
|
|
|
|
|
<div slot="body" class="pf-c-form">
|
|
|
|
|
<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Consumer key`}
|
2021-04-02 13:15:19 +00:00
|
|
|
?required=${true}
|
|
|
|
|
name="consumerKey">
|
|
|
|
|
<input type="text" value="${ifDefined(this.source?.consumerKey)}" class="pf-c-form-control" required>
|
|
|
|
|
</ak-form-element-horizontal>
|
|
|
|
|
<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Consumer secret`}
|
2021-04-02 13:15:19 +00:00
|
|
|
?required=${true}
|
2021-05-04 20:58:52 +00:00
|
|
|
?writeOnly=${this.source !== undefined}
|
2021-04-02 13:15:19 +00:00
|
|
|
name="consumerSecret">
|
|
|
|
|
<input type="text" value="${ifDefined(this.source?.consumerSecret)}" class="pf-c-form-control" required>
|
|
|
|
|
</ak-form-element-horizontal>
|
|
|
|
|
<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Provider type`}
|
2021-04-02 13:15:19 +00:00
|
|
|
name="providerType">
|
|
|
|
|
<select class="pf-c-form-control" @change=${(ev: Event) => {
|
|
|
|
|
const el = (ev.target as HTMLSelectElement);
|
|
|
|
|
const selected = el.selectedOptions[0];
|
|
|
|
|
if ("data-urls-custom" in selected.attributes) {
|
|
|
|
|
this.showUrlOptions = true;
|
|
|
|
|
} else {
|
|
|
|
|
this.showUrlOptions = false;
|
|
|
|
|
}
|
2021-04-17 19:13:33 +00:00
|
|
|
if ("data-request-token" in selected.attributes) {
|
|
|
|
|
this.showRequestTokenURL = true;
|
|
|
|
|
} else {
|
|
|
|
|
this.showRequestTokenURL = false;
|
|
|
|
|
}
|
2021-04-17 17:06:56 +00:00
|
|
|
if (!this.source) {
|
|
|
|
|
this.source = {} as OAuthSource;
|
|
|
|
|
}
|
|
|
|
|
this.source.providerType = selected.value;
|
2021-04-02 13:15:19 +00:00
|
|
|
}}>
|
|
|
|
|
${until(new SourcesApi(DEFAULT_CONFIG).sourcesOauthSourceTypes().then(types => {
|
|
|
|
|
return types.map(type => {
|
2021-04-17 17:16:23 +00:00
|
|
|
let selected = this.source?.providerType === type.slug;
|
|
|
|
|
if (!this.source?.pk) {
|
|
|
|
|
if (this.modelName?.replace("oauthsource", "") === type.slug) {
|
|
|
|
|
selected = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-04-17 19:13:33 +00:00
|
|
|
return html`<option
|
|
|
|
|
?data-urls-custom=${type.urlsCustomizable}
|
|
|
|
|
?data-request-token=${type.requestTokenUrl}
|
|
|
|
|
value=${type.slug}
|
|
|
|
|
?selected=${selected}>
|
|
|
|
|
${type.name}
|
|
|
|
|
</option>`;
|
2021-04-02 13:15:19 +00:00
|
|
|
});
|
2021-04-03 22:24:06 +00:00
|
|
|
}), html`<option>${t`Loading...`}</option>`)}
|
2021-04-02 13:15:19 +00:00
|
|
|
</select>
|
|
|
|
|
</ak-form-element-horizontal>
|
|
|
|
|
</div>
|
|
|
|
|
</ak-form-group>
|
|
|
|
|
${this.renderUrlOptions()}
|
|
|
|
|
<ak-form-group>
|
|
|
|
|
<span slot="header">
|
2021-04-03 17:26:43 +00:00
|
|
|
${t`Flow settings`}
|
2021-04-02 13:15:19 +00:00
|
|
|
</span>
|
|
|
|
|
<div slot="body" class="pf-c-form">
|
|
|
|
|
<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Authentication flow`}
|
2021-04-02 13:15:19 +00:00
|
|
|
?required=${true}
|
|
|
|
|
name="authenticationFlow">
|
|
|
|
|
<select class="pf-c-form-control">
|
|
|
|
|
${until(new FlowsApi(DEFAULT_CONFIG).flowsInstancesList({
|
|
|
|
|
ordering: "pk",
|
|
|
|
|
designation: FlowDesignationEnum.Authentication,
|
|
|
|
|
}).then(flows => {
|
|
|
|
|
return flows.results.map(flow => {
|
|
|
|
|
let selected = this.source?.authenticationFlow === flow.pk;
|
2021-04-20 18:32:47 +00:00
|
|
|
if (!this.source?.pk && !this.source?.authenticationFlow && flow.slug === "default-source-authentication") {
|
2021-04-02 13:15:19 +00:00
|
|
|
selected = true;
|
|
|
|
|
}
|
|
|
|
|
return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`;
|
|
|
|
|
});
|
2021-04-03 22:24:06 +00:00
|
|
|
}), html`<option>${t`Loading...`}</option>`)}
|
2021-04-02 13:15:19 +00:00
|
|
|
</select>
|
2021-04-03 17:26:43 +00:00
|
|
|
<p class="pf-c-form__helper-text">${t`Flow to use when authenticating existing users.`}</p>
|
2021-04-02 13:15:19 +00:00
|
|
|
</ak-form-element-horizontal>
|
|
|
|
|
<ak-form-element-horizontal
|
2021-04-03 17:26:43 +00:00
|
|
|
label=${t`Enrollment flow`}
|
2021-04-02 13:15:19 +00:00
|
|
|
?required=${true}
|
|
|
|
|
name="enrollmentFlow">
|
|
|
|
|
<select class="pf-c-form-control">
|
|
|
|
|
${until(new FlowsApi(DEFAULT_CONFIG).flowsInstancesList({
|
|
|
|
|
ordering: "pk",
|
|
|
|
|
designation: FlowDesignationEnum.Enrollment,
|
|
|
|
|
}).then(flows => {
|
|
|
|
|
return flows.results.map(flow => {
|
|
|
|
|
let selected = this.source?.enrollmentFlow === flow.pk;
|
2021-04-20 18:32:47 +00:00
|
|
|
if (!this.source?.pk && !this.source?.enrollmentFlow && flow.slug === "default-source-enrollment") {
|
2021-04-02 13:15:19 +00:00
|
|
|
selected = true;
|
|
|
|
|
}
|
|
|
|
|
return html`<option value=${ifDefined(flow.pk)} ?selected=${selected}>${flow.name} (${flow.slug})</option>`;
|
|
|
|
|
});
|
2021-04-03 22:24:06 +00:00
|
|
|
}), html`<option>${t`Loading...`}</option>`)}
|
2021-04-02 13:15:19 +00:00
|
|
|
</select>
|
2021-04-03 17:26:43 +00:00
|
|
|
<p class="pf-c-form__helper-text">${t`Flow to use when enrolling new users.`}</p>
|
2021-04-02 13:15:19 +00:00
|
|
|
</ak-form-element-horizontal>
|
|
|
|
|
</div>
|
|
|
|
|
</ak-form-group>
|
|
|
|
|
</form>`;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
