web/admin: revise wizard form handling (#7331)
* web: break circular dependency between AKElement & Interface. This commit changes the way the root node of the web application shell is discovered by child components, such that the base class shared by both no longer results in a circular dependency between the two models. I've run this in isolation and have seen no failures of discovery; the identity token exists as soon as the Interface is constructed and is found by every item on the page. * web: fix broken typescript references This built... and then it didn't? Anyway, the current fix is to provide type information the AkInterface for the data that consumers require. * web: extract the form processing from the form submission process Our forms have a lot of customized value handling, and the function `serializeForm` takes our input structures and creates a JSON object ready for submission across the wire for the various models provided by the API. That function was embedded in the `ak-form` object, but it has no actual dependencies on the state of that object; aside from identifying the input elements, which is done at the very start of processing, this large block of code stands alone. Separating out the "processing the form" from "identifying the form" allows us to customize our form handling and preserve form information on the client for transactional purposes such as our wizard. w * web: multi-select, but there's a styling issue. * web: provide a closed control for multi-select This commit creates a new control, using the ak-form-element-horizontal as a *CLOSED* object, for our multi-select. This control right now is limited to what we expect to be using in the wizard, but that doesn't mean it can't be smarter in the future. * web: hung up by a silly spelling error * web: update the form-handling method With the `serializeForm` method extracted, it's much easier to examine and parse every *form* with every keystroke, preserving them against the changes that happen as the customer navigates the Wizard. With that in place, it became straightforward to retrofit the "handle changes to the application, to the provider, and to the providerType" into the three pages of the wizard, and to provide *all* of the form elements in a base class such that no specialized handling needs to happen to any of the child pages. Fixed an ugly typo in the oauth2 provider, as well. * web: wizard should work with multi-select and should reflect default values (Note: This commit is predicated on both the "Extract serializeForm function from Form.ts" and "Provide a controlled multi-select input control" PRs.) The initial attempt at the wizard was woefully naive in its implementation, missing some critical details along the way. This revision starts off with one stronger assumption: trust that Jens knows what he's doing, and knew what he was building when he wrote the initial `Form` handler. The problem with the `Form` handler, and the reason I avoided it, was simply that it does too many things, especially in its ModelForm variant: it receives a model from the back-end, renders a (hand-written) form for that model, allows the user to interact with that model, and facilitates saving it to the back-end again, complete with on-page notifications of success or failure. The Wizard could not use all of that. It needs to gather the information for *two* models (an Application and a Provider, plus the ProviderType) and has a new and specialized end-point for a transaction that allows the committing or roll back of both models to happen simultaneously, predicated on success or failure respectively. With "Extract `serializeForm` completed, it was possible to repurpose the forms that already existed, stripping them down to just their input components, and eventing the entire thing in a single event loop of "events flow up, data flows down." In this case, the *entire form* is serialized on a per-event basis and pushed up the to the orchestration layer, which saves them off. Writing a parent `BasePanel` class that has accessors for `formValues` and `valid` means that the state of every page is accessible with a simple query. This simplified the `BaseProviderPanel` class to just specialize the `dispatchUpdate` method to send the wizard update with the new provider information filled out. Because the *form* is being treated as the source of truth about the state of a `Partial<Application>` or `Partial<*Provider>` object, the defaults are now being captured as expected. Likewise, this simplified the `providerCache` layer which preserves customer input in the event that the customer starts filling out the wrong provider to a simple conditional clause in the orchestrator. The Wizard has much fewer smarts because it doesn't (and probably never did) need them. Along with the above changes, the following has also been done: For SAML and SCIM, the providerMappings now works. They weren't being managed as `state` objects, so they weren't receiving updates when the update event retrieved the information from the back-end. In order to make clear what's happening, I have extracted the loops from the original definition and built them as named objects: `propertyMappings`, `pmUserValues`, `pmGroupValues` and so on, which I then pass into the new multi-select component. I fixed a really embarrassing typo in Oauth2's "advanced settings" block. I have extracted the CoreGroup search-select into a custom component. I deleted the `merge` function. That was a faulty experiment with non-deterministic outcomes, and I was never happy with it. I'm glad its gone. I've added a title header to each of the providers, so the user can be sure that they're looking at the right provider type when they start filling out the form. I've created a new token, `data-ak-control`, with which we can mark all objects that we can treat as Authentik value-producing components, the form value of which is available through a `json()` method. I've added this bit of intelligence to the `serializeForm` function, short-circuiting the complex processing and putting the "this is the shape of the value we expect from this input" *onto the input itself*. Which is where it belongs. * web: add error handling to wizard. * web: improve error handling in light components Rather than reproduce the error handling across all of the LightComponents, I've made a parent class that takes the common fields to distribute between the ak-form-element-horizontal and the input object itself. This made it much easier to properly display errors in freeform input fields in the wizard, as well as working with the routine error handling in Form.ts * Added the radio control to the list of LightComponents. * Fix bug where event was recorded twice. * Fixed merge bug (?) that somehow deleted the Authorization Select block in OAuth2. * web: prettier had opinions * web: added error handling and display * web: bump @lit-labs/context from 0.4.1 to 0.5.1 in /web Bumps [@lit-labs/context](https://github.com/lit/lit/tree/HEAD/packages/labs/context) from 0.4.1 to 0.5.1. - [Release notes](https://github.com/lit/lit/releases) - [Changelog](https://github.com/lit/lit/blob/main/packages/labs/context/CHANGELOG.md) - [Commits](https://github.com/lit/lit/commits/@lit-labs/context@0.5.1/packages/labs/context) --- updated-dependencies: - dependency-name: "@lit-labs/context" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * web: updated wizard to run with latest package.json configuration Apparently, there were stale dependencies in package-lock.json that were conflicting with the requests in our package.json. By running `npm update`, I was able to resolve the conflict. I have also removed the default names from the context names collection; they weren't doing any good, and they permit frictionless renaming of dependencies, which is never a good idea. * web: schlepping on the errors messages During testing, I realized I was unhappy with the error messages. They're not very helpful. By adding links to navigate back to the place where the error occurred, and providing better context for what the error could have been, I hope to help the use correct their errors. * make package the same as main Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
067ddb6936
commit
afdc7d241f
|
@ -89,17 +89,15 @@ export class ApplicationListPage extends TablePage<Application> {
|
|||
];
|
||||
}
|
||||
|
||||
renderSectionBefore(): TemplateResult {
|
||||
return html`<ak-application-wizard-hint></ak-application-wizard-hint>`;
|
||||
}
|
||||
|
||||
renderSidebarAfter(): TemplateResult {
|
||||
// Rendering the wizard with .open here, as if we set the attribute in
|
||||
// renderObjectCreate() it'll open two wizards, since that function gets called twice
|
||||
|
||||
/* Re-enable the wizard later:
|
||||
<ak-application-wizard
|
||||
.open=${getURLParam("createWizard", false)}
|
||||
.showButton=${false}
|
||||
></ak-application-wizard>*/
|
||||
|
||||
return html` <div class="pf-c-sidebar__panel pf-m-width-25">
|
||||
return html`<div class="pf-c-sidebar__panel pf-m-width-25">
|
||||
<div class="pf-c-card">
|
||||
<div class="pf-c-card__body">
|
||||
<ak-markdown .md=${MDApplication}></ak-markdown>
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
import { WizardPanel } from "@goauthentik/components/ak-wizard-main/types";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
import { KeyUnknown, serializeForm } from "@goauthentik/elements/forms/Form";
|
||||
import { HorizontalFormElement } from "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import { CustomEmitterElement } from "@goauthentik/elements/utils/eventEmitter";
|
||||
|
||||
import { consume } from "@lit-labs/context";
|
||||
|
@ -10,6 +12,15 @@ import { styles as AwadStyles } from "./BasePanel.css";
|
|||
import { applicationWizardContext } from "./ContextIdentity";
|
||||
import type { ApplicationWizardState, ApplicationWizardStateUpdate } from "./types";
|
||||
|
||||
/**
|
||||
* Application Wizard Base Panel
|
||||
*
|
||||
* All of the displays in our system inherit from this object, which supplies the basic CSS for all
|
||||
* the inputs we display, as well as the values and validity state for the form currently being
|
||||
* displayed.
|
||||
*
|
||||
*/
|
||||
|
||||
export class ApplicationWizardPageBase
|
||||
extends CustomEmitterElement(AKElement)
|
||||
implements WizardPanel
|
||||
|
@ -18,15 +29,41 @@ export class ApplicationWizardPageBase
|
|||
return AwadStyles;
|
||||
}
|
||||
|
||||
@query("form")
|
||||
form!: HTMLFormElement;
|
||||
|
||||
rendered = false;
|
||||
|
||||
@consume({ context: applicationWizardContext })
|
||||
public wizard!: ApplicationWizardState;
|
||||
|
||||
// This used to be more complex; now it just establishes the event name.
|
||||
@query("form")
|
||||
form!: HTMLFormElement;
|
||||
|
||||
/**
|
||||
* Provide access to the values on the current form. Child implementations use this to craft the
|
||||
* update that will be sent using `dispatchWizardUpdate` below.
|
||||
*/
|
||||
get formValues(): KeyUnknown | undefined {
|
||||
const elements = [
|
||||
...Array.from(
|
||||
this.form.querySelectorAll<HorizontalFormElement>("ak-form-element-horizontal"),
|
||||
),
|
||||
...Array.from(this.form.querySelectorAll<HTMLElement>("[data-ak-control=true]")),
|
||||
];
|
||||
return serializeForm(elements as unknown as NodeListOf<HorizontalFormElement>);
|
||||
}
|
||||
|
||||
/**
|
||||
* Provide access to the validity of the current form. Child implementations use this to craft
|
||||
* the update that will be sent using `dispatchWizardUpdate` below.
|
||||
*/
|
||||
get valid() {
|
||||
return this.form.checkValidity();
|
||||
}
|
||||
|
||||
rendered = false;
|
||||
|
||||
/**
|
||||
* Provide a single source of truth for the token used to notify the orchestrator that an event
|
||||
* happens. The token `ak-wizard-update` is used by the Wizard framework's reactive controller
|
||||
* to route "data on the current step has changed" events to the orchestrator.
|
||||
*/
|
||||
dispatchWizardUpdate(update: ApplicationWizardStateUpdate) {
|
||||
this.dispatchCustomEvent("ak-wizard-update", update);
|
||||
}
|
||||
|
|
|
@ -5,5 +5,3 @@ import { ApplicationWizardState } from "./types";
|
|||
export const applicationWizardContext = createContext<ApplicationWizardState>(
|
||||
Symbol("ak-application-wizard-state-context"),
|
||||
);
|
||||
|
||||
export default applicationWizardContext;
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
import { merge } from "@goauthentik/common/merge";
|
||||
import { AkWizard } from "@goauthentik/components/ak-wizard-main/AkWizard";
|
||||
import { CustomListenerElement } from "@goauthentik/elements/utils/eventEmitter";
|
||||
|
||||
|
@ -6,7 +5,7 @@ import { ContextProvider } from "@lit-labs/context";
|
|||
import { msg } from "@lit/localize";
|
||||
import { customElement, state } from "lit/decorators.js";
|
||||
|
||||
import applicationWizardContext from "./ContextIdentity";
|
||||
import { applicationWizardContext } from "./ContextIdentity";
|
||||
import { newSteps } from "./steps";
|
||||
import {
|
||||
ApplicationStep,
|
||||
|
@ -15,10 +14,11 @@ import {
|
|||
OneOfProvider,
|
||||
} from "./types";
|
||||
|
||||
const freshWizardState = () => ({
|
||||
const freshWizardState = (): ApplicationWizardState => ({
|
||||
providerModel: "",
|
||||
app: {},
|
||||
provider: {},
|
||||
errors: {},
|
||||
});
|
||||
|
||||
@customElement("ak-application-wizard")
|
||||
|
@ -56,28 +56,6 @@ export class ApplicationWizard extends CustomListenerElement(
|
|||
*/
|
||||
providerCache: Map<string, OneOfProvider> = new Map();
|
||||
|
||||
maybeProviderSwap(providerModel: string | undefined): boolean {
|
||||
if (
|
||||
providerModel === undefined ||
|
||||
typeof providerModel !== "string" ||
|
||||
providerModel === this.wizardState.providerModel
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
this.providerCache.set(this.wizardState.providerModel, this.wizardState.provider);
|
||||
const prevProvider = this.providerCache.get(providerModel);
|
||||
this.wizardState.provider = prevProvider ?? {
|
||||
name: `Provider for ${this.wizardState.app.name}`,
|
||||
};
|
||||
const method = this.steps.find(({ id }) => id === "provider-details");
|
||||
if (!method) {
|
||||
throw new Error("Could not find Authentication Method page?");
|
||||
}
|
||||
method.disabled = false;
|
||||
return true;
|
||||
}
|
||||
|
||||
// And this is where all the special cases go...
|
||||
handleUpdate(detail: ApplicationWizardStateUpdate) {
|
||||
if (detail.status === "submitted") {
|
||||
|
@ -87,17 +65,26 @@ export class ApplicationWizard extends CustomListenerElement(
|
|||
}
|
||||
|
||||
this.step.valid = this.step.valid || detail.status === "valid";
|
||||
|
||||
const update = detail.update;
|
||||
|
||||
if (!update) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (this.maybeProviderSwap(update.providerModel)) {
|
||||
this.requestUpdate();
|
||||
// When the providerModel enum changes, retrieve the customer's prior work for *this* wizard
|
||||
// session (and only this wizard session) or provide an empty model with a default provider
|
||||
// name.
|
||||
if (update.providerModel && update.providerModel !== this.wizardState.providerModel) {
|
||||
const requestedProvider = this.providerCache.get(update.providerModel) ?? {
|
||||
name: `Provider for ${this.wizardState.app.name}`,
|
||||
};
|
||||
if (this.wizardState.providerModel) {
|
||||
this.providerCache.set(this.wizardState.providerModel, this.wizardState.provider);
|
||||
}
|
||||
update.provider = requestedProvider;
|
||||
}
|
||||
|
||||
this.wizardState = merge(this.wizardState, update) as ApplicationWizardState;
|
||||
this.wizardState = update as ApplicationWizardState;
|
||||
this.wizardStateProvider.setValue(this.wizardState);
|
||||
this.requestUpdate();
|
||||
}
|
||||
|
|
30
web/src/admin/applications/wizard/ak-wizard-title.ts
Normal file
30
web/src/admin/applications/wizard/ak-wizard-title.ts
Normal file
|
@ -0,0 +1,30 @@
|
|||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
|
||||
import { css, html } from "lit";
|
||||
import { customElement } from "lit/decorators.js";
|
||||
|
||||
import PFContent from "@patternfly/patternfly/components/Content/content.css";
|
||||
import PFTitle from "@patternfly/patternfly/components/Title/title.css";
|
||||
|
||||
@customElement("ak-wizard-title")
|
||||
export class AkWizardTitle extends AKElement {
|
||||
static get styles() {
|
||||
return [
|
||||
PFContent,
|
||||
PFTitle,
|
||||
css`
|
||||
.ak-bottom-spacing {
|
||||
padding-bottom: var(--pf-global--spacer--lg);
|
||||
}
|
||||
`,
|
||||
];
|
||||
}
|
||||
|
||||
render() {
|
||||
return html`<div class="ak-bottom-spacing pf-c-content">
|
||||
<h3><slot></slot></h3>
|
||||
</div>`;
|
||||
}
|
||||
}
|
||||
|
||||
export default AkWizardTitle;
|
|
@ -5,7 +5,6 @@ import "@goauthentik/components/ak-slug-input";
|
|||
import "@goauthentik/components/ak-switch-input";
|
||||
import "@goauthentik/components/ak-text-input";
|
||||
import "@goauthentik/elements/forms/FormGroup";
|
||||
import "@goauthentik/elements/forms/FormGroup";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
|
@ -17,28 +16,20 @@ import BasePanel from "../BasePanel";
|
|||
|
||||
@customElement("ak-application-wizard-application-details")
|
||||
export class ApplicationWizardApplicationDetails extends BasePanel {
|
||||
handleChange(ev: Event) {
|
||||
if (!ev.target) {
|
||||
console.warn(`Received event with no target: ${ev}`);
|
||||
return;
|
||||
handleChange(_ev: Event) {
|
||||
const formValues = this.formValues;
|
||||
if (!formValues) {
|
||||
throw new Error("No application values on form?");
|
||||
}
|
||||
|
||||
const target = ev.target as HTMLInputElement;
|
||||
const value = target.type === "checkbox" ? target.checked : target.value;
|
||||
this.dispatchWizardUpdate({
|
||||
update: {
|
||||
app: {
|
||||
[target.name]: value,
|
||||
},
|
||||
...this.wizard,
|
||||
app: formValues,
|
||||
},
|
||||
status: this.form.checkValidity() ? "valid" : "invalid",
|
||||
status: this.valid ? "valid" : "invalid",
|
||||
});
|
||||
}
|
||||
|
||||
validator() {
|
||||
return this.form.reportValidity();
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
return html` <form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
|
@ -48,6 +39,7 @@ export class ApplicationWizardApplicationDetails extends BasePanel {
|
|||
required
|
||||
help=${msg("Application's display Name.")}
|
||||
id="ak-application-wizard-details-name"
|
||||
.errorMessages=${this.wizard.errors.app?.name ?? []}
|
||||
></ak-text-input>
|
||||
<ak-slug-input
|
||||
name="slug"
|
||||
|
@ -56,11 +48,13 @@ export class ApplicationWizardApplicationDetails extends BasePanel {
|
|||
source="#ak-application-wizard-details-name"
|
||||
required
|
||||
help=${msg("Internal application name used in URLs.")}
|
||||
.errorMessages=${this.wizard.errors.app?.slug ?? []}
|
||||
></ak-slug-input>
|
||||
<ak-text-input
|
||||
name="group"
|
||||
value=${ifDefined(this.wizard.app?.group)}
|
||||
label=${msg("Group")}
|
||||
.errorMessages=${this.wizard.errors.app?.group ?? []}
|
||||
help=${msg(
|
||||
"Optionally enter a group name. Applications with identical groups are shown grouped together.",
|
||||
)}
|
||||
|
@ -71,6 +65,7 @@ export class ApplicationWizardApplicationDetails extends BasePanel {
|
|||
name="policyEngineMode"
|
||||
.options=${policyOptions}
|
||||
.value=${this.wizard.app?.policyEngineMode}
|
||||
.errorMessages=${this.wizard.errors.app?.policyEngineMode ?? []}
|
||||
></ak-radio-input>
|
||||
<ak-form-group aria-label="UI Settings">
|
||||
<span slot="header"> ${msg("UI Settings")} </span>
|
||||
|
@ -82,6 +77,7 @@ export class ApplicationWizardApplicationDetails extends BasePanel {
|
|||
help=${msg(
|
||||
"If left empty, authentik will try to extract the launch URL based on the selected provider.",
|
||||
)}
|
||||
.errorMessages=${this.wizard.errors.app?.metaLaunchUrl ?? []}
|
||||
></ak-text-input>
|
||||
<ak-switch-input
|
||||
name="openInNewTab"
|
||||
|
|
|
@ -19,13 +19,17 @@ type ProviderRenderer = () => TemplateResult;
|
|||
|
||||
type ModelConverter = (provider: OneOfProvider) => ModelRequest;
|
||||
|
||||
/**
|
||||
* There's an internal key and an API key because "Proxy" has three different subtypes.
|
||||
*/
|
||||
// prettier-ignore
|
||||
type ProviderType = [
|
||||
string,
|
||||
string,
|
||||
string,
|
||||
ProviderRenderer,
|
||||
ProviderModelEnumType,
|
||||
ModelConverter,
|
||||
string, // internal key used by the wizard to distinguish between providers
|
||||
string, // Name of the provider
|
||||
string, // Description
|
||||
ProviderRenderer, // Function that returns the provider's wizard panel as a TemplateResult
|
||||
ProviderModelEnumType, // key used by the API to distinguish between providers
|
||||
ModelConverter, // Handler that takes a generic provider and returns one specifically typed to its panel
|
||||
];
|
||||
|
||||
export type LocalTypeCreate = TypeCreate & {
|
||||
|
|
|
@ -25,19 +25,15 @@ export class ApplicationWizardAuthenticationMethodChoice extends BasePanel {
|
|||
handleChoice(ev: InputEvent) {
|
||||
const target = ev.target as HTMLInputElement;
|
||||
this.dispatchWizardUpdate({
|
||||
update: { providerModel: target.value },
|
||||
status: this.validator() ? "valid" : "invalid",
|
||||
update: {
|
||||
...this.wizard,
|
||||
providerModel: target.value,
|
||||
errors: {},
|
||||
},
|
||||
status: this.valid ? "valid" : "invalid",
|
||||
});
|
||||
}
|
||||
|
||||
validator() {
|
||||
const radios = Array.from(this.form.querySelectorAll('input[type="radio"]'));
|
||||
const chosen = radios.find(
|
||||
(radio: Element) => radio instanceof HTMLInputElement && radio.checked,
|
||||
);
|
||||
return !!chosen;
|
||||
}
|
||||
|
||||
renderProvider(type: LocalTypeCreate) {
|
||||
const method = this.wizard.providerModel;
|
||||
|
||||
|
|
|
@ -18,12 +18,14 @@ import PFTitle from "@patternfly/patternfly/components/Title/title.css";
|
|||
import PFBullseye from "@patternfly/patternfly/layouts/Bullseye/bullseye.css";
|
||||
|
||||
import {
|
||||
ApplicationRequest,
|
||||
type ApplicationRequest,
|
||||
CoreApi,
|
||||
TransactionApplicationRequest,
|
||||
TransactionApplicationResponse,
|
||||
type ModelRequest,
|
||||
type TransactionApplicationRequest,
|
||||
type TransactionApplicationResponse,
|
||||
ValidationError,
|
||||
ValidationErrorFromJSON,
|
||||
} from "@goauthentik/api";
|
||||
import type { ModelRequest } from "@goauthentik/api";
|
||||
|
||||
import BasePanel from "../BasePanel";
|
||||
import providerModelsList from "../auth-method-choice/ak-application-wizard-authentication-method-choice.choices";
|
||||
|
@ -88,7 +90,7 @@ export class ApplicationWizardCommitApplication extends BasePanel {
|
|||
commitState: State = idleState;
|
||||
|
||||
@state()
|
||||
errors: string[] = [];
|
||||
errors?: ValidationError;
|
||||
|
||||
response?: TransactionApplicationResponse;
|
||||
|
||||
|
@ -121,27 +123,10 @@ export class ApplicationWizardCommitApplication extends BasePanel {
|
|||
}
|
||||
}
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
decodeErrors(body: Record<string, any>) {
|
||||
const spaceify = (src: Record<string, string>) =>
|
||||
Object.values(src).map((msg) => `\u00a0\u00a0\u00a0\u00a0${msg}`);
|
||||
|
||||
let errs: string[] = [];
|
||||
if (body["app"] !== undefined) {
|
||||
errs = [...errs, msg("In the Application:"), ...spaceify(body["app"])];
|
||||
}
|
||||
if (body["provider"] !== undefined) {
|
||||
errs = [...errs, msg("In the Provider:"), ...spaceify(body["provider"])];
|
||||
}
|
||||
console.log(body, errs);
|
||||
return errs;
|
||||
}
|
||||
|
||||
async send(
|
||||
data: TransactionApplicationRequest,
|
||||
): Promise<TransactionApplicationResponse | void> {
|
||||
this.errors = [];
|
||||
|
||||
this.errors = undefined;
|
||||
new CoreApi(DEFAULT_CONFIG)
|
||||
.coreTransactionalApplicationsUpdate({
|
||||
transactionApplicationRequest: data,
|
||||
|
@ -153,18 +138,57 @@ export class ApplicationWizardCommitApplication extends BasePanel {
|
|||
this.commitState = successState;
|
||||
})
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
.catch((resolution: any) => {
|
||||
resolution.response.json().then(
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
(body: Record<string, any>) => {
|
||||
this.errors = this.decodeErrors(body);
|
||||
.catch(async (resolution: any) => {
|
||||
const errors = (this.errors = ValidationErrorFromJSON(
|
||||
await resolution.response.json(),
|
||||
));
|
||||
this.dispatchWizardUpdate({
|
||||
update: {
|
||||
...this.wizard,
|
||||
errors,
|
||||
},
|
||||
);
|
||||
status: "failed",
|
||||
});
|
||||
this.commitState = errorState;
|
||||
});
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
renderErrors(errors?: ValidationError) {
|
||||
if (!errors) {
|
||||
return nothing;
|
||||
}
|
||||
|
||||
const navTo = (step: number) => () =>
|
||||
this.dispatchCustomEvent("ak-wizard-nav", {
|
||||
command: "goto",
|
||||
step,
|
||||
});
|
||||
|
||||
if (errors.app) {
|
||||
return html`<p>${msg("There was an error in the application.")}</p>
|
||||
<p><a @click=${navTo(0)}>${msg("Review the application.")}</a></p>`;
|
||||
}
|
||||
if (errors.provider) {
|
||||
return html`<p>${msg("There was an error in the provider.")}</p>
|
||||
<p><a @click=${navTo(2)}>${msg("Review the provider.")}</a></p>`;
|
||||
}
|
||||
if (errors.detail) {
|
||||
return html`<p>${msg("There was an error")}: ${errors.detail}</p>`;
|
||||
}
|
||||
if ((errors?.nonFieldErrors ?? []).length > 0) {
|
||||
return html`<p>$(msg("There was an error")}:</p>
|
||||
<ul>
|
||||
${(errors.nonFieldErrors ?? []).map((e: string) => html`<li>${e}</li>`)}
|
||||
</ul>`;
|
||||
}
|
||||
return html`<p>
|
||||
${msg(
|
||||
"There was an error creating the application, but no error message was sent. Please review the server logs.",
|
||||
)}
|
||||
</p>`;
|
||||
}
|
||||
|
||||
render() {
|
||||
const icon = classMap(
|
||||
this.commitState.icon.reduce((acc, icon) => ({ ...acc, [icon]: true }), {}),
|
||||
);
|
||||
|
@ -184,13 +208,7 @@ export class ApplicationWizardCommitApplication extends BasePanel {
|
|||
>
|
||||
${this.commitState.label}
|
||||
</h1>
|
||||
${this.errors.length > 0
|
||||
? html`<ul>
|
||||
${this.errors.map(
|
||||
(msg) => html`<li><code>${msg}</code></li>`,
|
||||
)}
|
||||
</ul>`
|
||||
: nothing}
|
||||
${this.renderErrors(this.errors)}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -1,26 +1,19 @@
|
|||
import BasePanel from "../BasePanel";
|
||||
|
||||
export class ApplicationWizardProviderPageBase extends BasePanel {
|
||||
handleChange(ev: InputEvent) {
|
||||
if (!ev.target) {
|
||||
console.warn(`Received event with no target: ${ev}`);
|
||||
return;
|
||||
handleChange(_ev: InputEvent) {
|
||||
const formValues = this.formValues;
|
||||
if (!formValues) {
|
||||
throw new Error("No provider values on form?");
|
||||
}
|
||||
const target = ev.target as HTMLInputElement;
|
||||
const value = target.type === "checkbox" ? target.checked : target.value;
|
||||
this.dispatchWizardUpdate({
|
||||
update: {
|
||||
provider: {
|
||||
[target.name]: value,
|
||||
},
|
||||
...this.wizard,
|
||||
provider: formValues,
|
||||
},
|
||||
status: this.form.checkValidity() ? "valid" : "invalid",
|
||||
status: this.valid ? "valid" : "invalid",
|
||||
});
|
||||
}
|
||||
|
||||
validator() {
|
||||
return this.form.reportValidity();
|
||||
}
|
||||
}
|
||||
|
||||
export default ApplicationWizardProviderPageBase;
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import "@goauthentik/admin/applications/wizard/ak-wizard-title";
|
||||
import "@goauthentik/admin/common/ak-core-group-search";
|
||||
import "@goauthentik/admin/common/ak-crypto-certificate-search";
|
||||
import "@goauthentik/admin/common/ak-flow-search/ak-tenanted-flow-search";
|
||||
|
@ -34,112 +35,132 @@ import {
|
|||
export class ApplicationWizardApplicationDetails extends BaseProviderPanel {
|
||||
render() {
|
||||
const provider = this.wizard.provider as LDAPProvider | undefined;
|
||||
const errors = this.wizard.errors.provider;
|
||||
|
||||
return html` <form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
value=${ifDefined(provider?.name)}
|
||||
label=${msg("Name")}
|
||||
required
|
||||
help=${msg("Method's display Name.")}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Bind flow")}
|
||||
?required=${true}
|
||||
name="authorizationFlow"
|
||||
>
|
||||
<ak-tenanted-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${provider?.authorizationFlow}
|
||||
.tenantFlow=${rootInterface()?.tenant?.flowAuthentication}
|
||||
return html` <ak-wizard-title>${msg("Configure LDAP Provider")}</ak-wizard-title>
|
||||
<form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
value=${ifDefined(provider?.name)}
|
||||
label=${msg("Name")}
|
||||
.errorMessages=${errors?.name ?? []}
|
||||
required
|
||||
></ak-tenanted-flow-search>
|
||||
<p class="pf-c-form__helper-text">${msg("Flow used for users to authenticate.")}</p>
|
||||
</ak-form-element-horizontal>
|
||||
help=${msg("Method's display Name.")}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal label=${msg("Search group")} name="searchGroup">
|
||||
<ak-core-group-search
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Bind flow")}
|
||||
?required=${true}
|
||||
name="authorizationFlow"
|
||||
.errorMessages=${errors?.authorizationFlow ?? []}
|
||||
>
|
||||
<ak-tenanted-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${provider?.authorizationFlow}
|
||||
.tenantFlow=${rootInterface()?.tenant?.flowAuthentication}
|
||||
required
|
||||
></ak-tenanted-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used for users to authenticate.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Search group")}
|
||||
name="searchGroup"
|
||||
group=${ifDefined(provider?.searchGroup ?? nothing)}
|
||||
></ak-core-group-search>
|
||||
<p class="pf-c-form__helper-text">${groupHelp}</p>
|
||||
</ak-form-element-horizontal>
|
||||
.errorMessages=${errors?.searchGroup ?? []}
|
||||
>
|
||||
<ak-core-group-search
|
||||
name="searchGroup"
|
||||
group=${ifDefined(provider?.searchGroup ?? nothing)}
|
||||
></ak-core-group-search>
|
||||
<p class="pf-c-form__helper-text">${groupHelp}</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-radio-input
|
||||
label=${msg("Bind mode")}
|
||||
name="bindMode"
|
||||
.options=${bindModeOptions}
|
||||
.value=${provider?.bindMode}
|
||||
help=${msg("Configure how the outpost authenticates requests.")}
|
||||
>
|
||||
</ak-radio-input>
|
||||
<ak-radio-input
|
||||
label=${msg("Bind mode")}
|
||||
name="bindMode"
|
||||
.options=${bindModeOptions}
|
||||
.value=${provider?.bindMode}
|
||||
help=${msg("Configure how the outpost authenticates requests.")}
|
||||
>
|
||||
</ak-radio-input>
|
||||
|
||||
<ak-radio-input
|
||||
label=${msg("Search mode")}
|
||||
name="searchMode"
|
||||
.options=${searchModeOptions}
|
||||
.value=${provider?.searchMode}
|
||||
help=${msg("Configure how the outpost queries the core authentik server's users.")}
|
||||
>
|
||||
</ak-radio-input>
|
||||
<ak-radio-input
|
||||
label=${msg("Search mode")}
|
||||
name="searchMode"
|
||||
.options=${searchModeOptions}
|
||||
.value=${provider?.searchMode}
|
||||
help=${msg(
|
||||
"Configure how the outpost queries the core authentik server's users.",
|
||||
)}
|
||||
>
|
||||
</ak-radio-input>
|
||||
|
||||
<ak-switch-input
|
||||
name="openInNewTab"
|
||||
label=${msg("Code-based MFA Support")}
|
||||
?checked=${provider?.mfaSupport}
|
||||
help=${mfaSupportHelp}
|
||||
>
|
||||
</ak-switch-input>
|
||||
<ak-switch-input
|
||||
name="openInNewTab"
|
||||
label=${msg("Code-based MFA Support")}
|
||||
?checked=${provider?.mfaSupport ?? true}
|
||||
help=${mfaSupportHelp}
|
||||
>
|
||||
</ak-switch-input>
|
||||
|
||||
<ak-form-group .expanded=${true}>
|
||||
<span slot="header"> ${msg("Protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="baseDn"
|
||||
label=${msg("Base DN")}
|
||||
required
|
||||
value="${first(provider?.baseDn, "DC=ldap,DC=goauthentik,DC=io")}"
|
||||
help=${msg(
|
||||
"LDAP DN under which bind requests and search requests can be made.",
|
||||
)}
|
||||
>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal label=${msg("Certificate")} name="certificate">
|
||||
<ak-crypto-certificate-search
|
||||
certificate=${ifDefined(provider?.certificate ?? nothing)}
|
||||
name="certificate"
|
||||
<ak-form-group .expanded=${true}>
|
||||
<span slot="header"> ${msg("Protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="baseDn"
|
||||
label=${msg("Base DN")}
|
||||
required
|
||||
value="${first(provider?.baseDn, "DC=ldap,DC=goauthentik,DC=io")}"
|
||||
.errorMessages=${errors?.baseDn ?? []}
|
||||
help=${msg(
|
||||
"LDAP DN under which bind requests and search requests can be made.",
|
||||
)}
|
||||
>
|
||||
</ak-crypto-certificate-search>
|
||||
<p class="pf-c-form__helper-text">${cryptoCertificateHelp}</p>
|
||||
</ak-form-element-horizontal>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-text-input
|
||||
label=${msg("TLS Server name")}
|
||||
name="tlsServerName"
|
||||
value="${first(provider?.tlsServerName, "")}"
|
||||
help=${tlsServerNameHelp}
|
||||
></ak-text-input>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Certificate")}
|
||||
name="certificate"
|
||||
.errorMessages=${errors?.certificate ?? []}
|
||||
>
|
||||
<ak-crypto-certificate-search
|
||||
certificate=${ifDefined(provider?.certificate ?? nothing)}
|
||||
name="certificate"
|
||||
>
|
||||
</ak-crypto-certificate-search>
|
||||
<p class="pf-c-form__helper-text">${cryptoCertificateHelp}</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-number-input
|
||||
label=${msg("UID start number")}
|
||||
required
|
||||
name="uidStartNumber"
|
||||
value="${first(provider?.uidStartNumber, 2000)}"
|
||||
help=${uidStartNumberHelp}
|
||||
></ak-number-input>
|
||||
<ak-text-input
|
||||
label=${msg("TLS Server name")}
|
||||
name="tlsServerName"
|
||||
value="${first(provider?.tlsServerName, "")}"
|
||||
.errorMessages=${errors?.tlsServerName ?? []}
|
||||
help=${tlsServerNameHelp}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-number-input
|
||||
label=${msg("GID start number")}
|
||||
required
|
||||
name="gidStartNumber"
|
||||
value="${first(provider?.gidStartNumber, 4000)}"
|
||||
help=${gidStartNumberHelp}
|
||||
></ak-number-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
<ak-number-input
|
||||
label=${msg("UID start number")}
|
||||
required
|
||||
name="uidStartNumber"
|
||||
value="${first(provider?.uidStartNumber, 2000)}"
|
||||
.errorMessages=${errors?.uidStartNumber ?? []}
|
||||
help=${uidStartNumberHelp}
|
||||
></ak-number-input>
|
||||
|
||||
<ak-number-input
|
||||
label=${msg("GID start number")}
|
||||
required
|
||||
name="gidStartNumber"
|
||||
value="${first(provider?.gidStartNumber, 4000)}"
|
||||
.errorMessages=${errors?.gidStartNumber ?? []}
|
||||
help=${gidStartNumberHelp}
|
||||
></ak-number-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import "@goauthentik/admin/applications/wizard/ak-wizard-title";
|
||||
import "@goauthentik/admin/common/ak-crypto-certificate-search";
|
||||
import "@goauthentik/admin/common/ak-flow-search/ak-tenanted-flow-search";
|
||||
import {
|
||||
|
@ -27,10 +28,10 @@ import {
|
|||
PropertymappingsApi,
|
||||
SourcesApi,
|
||||
} from "@goauthentik/api";
|
||||
import type {
|
||||
OAuth2Provider,
|
||||
PaginatedOAuthSourceList,
|
||||
PaginatedScopeMappingList,
|
||||
import {
|
||||
type OAuth2Provider,
|
||||
type PaginatedOAuthSourceList,
|
||||
type PaginatedScopeMappingList,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
import BaseProviderPanel from "../BaseProviderPanel";
|
||||
|
@ -38,7 +39,7 @@ import BaseProviderPanel from "../BaseProviderPanel";
|
|||
@customElement("ak-application-wizard-authentication-by-oauth")
|
||||
export class ApplicationWizardAuthenticationByOauth extends BaseProviderPanel {
|
||||
@state()
|
||||
showClientSecret = false;
|
||||
showClientSecret = true;
|
||||
|
||||
@state()
|
||||
propertyMappings?: PaginatedScopeMappingList;
|
||||
|
@ -68,234 +69,254 @@ export class ApplicationWizardAuthenticationByOauth extends BaseProviderPanel {
|
|||
|
||||
render() {
|
||||
const provider = this.wizard.provider as OAuth2Provider | undefined;
|
||||
const errors = this.wizard.errors.provider;
|
||||
|
||||
return html`<form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
label=${msg("Name")}
|
||||
value=${ifDefined(provider?.name)}
|
||||
required
|
||||
></ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
name="authenticationFlow"
|
||||
label=${msg("Authentication flow")}
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${provider?.authenticationFlow}
|
||||
return html`<ak-wizard-title>${msg("Configure OAuth2/OpenId Provider")}</ak-wizard-title>
|
||||
<form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
label=${msg("Name")}
|
||||
value=${ifDefined(provider?.name)}
|
||||
.errorMessages=${errors?.name ?? []}
|
||||
required
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used when a user access this provider and is not authenticated.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
></ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
name="authorizationFlow"
|
||||
label=${msg("Authorization flow")}
|
||||
?required=${true}
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authorization}
|
||||
.currentFlow=${provider?.authorizationFlow}
|
||||
required
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used when authorizing this provider.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-form-group .expanded=${true}>
|
||||
<span slot="header"> ${msg("Protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-radio-input
|
||||
name="clientType"
|
||||
label=${msg("Client type")}
|
||||
.value=${provider?.clientType}
|
||||
<ak-form-element-horizontal
|
||||
name="authenticationFlow"
|
||||
label=${msg("Authentication flow")}
|
||||
.errorMessages=${errors?.authenticationFlow ?? []}
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${provider?.authenticationFlow}
|
||||
required
|
||||
@change=${(ev: CustomEvent<{ value: ClientTypeEnum }>) => {
|
||||
this.showClientSecret = ev.detail.value !== ClientTypeEnum.Public;
|
||||
}}
|
||||
.options=${clientTypeOptions}
|
||||
>
|
||||
</ak-radio-input>
|
||||
|
||||
<ak-text-input
|
||||
name="clientId"
|
||||
label=${msg("Client ID")}
|
||||
value="${first(
|
||||
provider?.clientId,
|
||||
randomString(40, ascii_letters + digits),
|
||||
)}"
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Flow used when a user access this provider and is not authenticated.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
name="authorizationFlow"
|
||||
label=${msg("Authorization flow")}
|
||||
.errorMessages=${errors?.authorizationFlow ?? []}
|
||||
?required=${true}
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authorization}
|
||||
.currentFlow=${provider?.authorizationFlow}
|
||||
required
|
||||
>
|
||||
</ak-text-input>
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used when authorizing this provider.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-text-input
|
||||
name="clientSecret"
|
||||
label=${msg("Client Secret")}
|
||||
value="${first(
|
||||
provider?.clientSecret,
|
||||
randomString(128, ascii_letters + digits),
|
||||
)}"
|
||||
?hidden=${!this.showClientSecret}
|
||||
>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-textarea-input
|
||||
name="redirectUris"
|
||||
label=${msg("Redirect URIs/Origins (RegEx)")}
|
||||
.value=${provider?.redirectUris}
|
||||
.bighelp=${redirectUriHelp}
|
||||
>
|
||||
</ak-textarea-input>
|
||||
|
||||
<ak-form-element-horizontal label=${msg("Signing Key")} name="signingKey">
|
||||
<ak-crypto-certificate-search
|
||||
certificate=${ifDefined(provider?.signingKey ?? nothing)}
|
||||
name="certificate"
|
||||
singleton
|
||||
<ak-form-group .expanded=${true}>
|
||||
<span slot="header"> ${msg("Protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-radio-input
|
||||
name="clientType"
|
||||
label=${msg("Client type")}
|
||||
.value=${provider?.clientType}
|
||||
required
|
||||
@change=${(ev: CustomEvent<{ value: ClientTypeEnum }>) => {
|
||||
this.showClientSecret = ev.detail.value !== ClientTypeEnum.Public;
|
||||
}}
|
||||
.options=${clientTypeOptions}
|
||||
>
|
||||
</ak-crypto-certificate-search>
|
||||
<p class="pf-c-form__helper-text">${msg("Key used to sign the tokens.")}</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</ak-radio-input>
|
||||
|
||||
<ak-form-group>
|
||||
<span slot="header"> ${msg("Advanced protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="accessCodeValidity"
|
||||
label=${msg("Access code validity")}
|
||||
required
|
||||
value="${first(provider?.accessCodeValidity, "minutes=1")}"
|
||||
.bighelp=${html`<p class="pf-c-form__helper-text">
|
||||
${msg("Configure how long access codes are valid for.")}
|
||||
<ak-text-input
|
||||
name="clientId"
|
||||
label=${msg("Client ID")}
|
||||
value=${provider?.clientId ?? randomString(40, ascii_letters + digits)}
|
||||
.errorMessages=${errors?.clientId ?? []}
|
||||
required
|
||||
>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-text-input
|
||||
name="clientSecret"
|
||||
label=${msg("Client Secret")}
|
||||
value=${provider?.clientSecret ??
|
||||
randomString(128, ascii_letters + digits)}
|
||||
.errorMessages=${errors?.clientSecret ?? []}
|
||||
?hidden=${!this.showClientSecret}
|
||||
>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-textarea-input
|
||||
name="redirectUris"
|
||||
label=${msg("Redirect URIs/Origins (RegEx)")}
|
||||
.value=${provider?.redirectUris}
|
||||
.errorMessages=${errors?.redirectUriHelp ?? []}
|
||||
.bighelp=${redirectUriHelp}
|
||||
>
|
||||
</ak-textarea-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Signing Key")}
|
||||
name="signingKey"
|
||||
.errorMessages=${errors?.signingKey ?? []}
|
||||
>
|
||||
<ak-crypto-certificate-search
|
||||
certificate=${ifDefined(provider?.signingKey ?? nothing)}
|
||||
name="certificate"
|
||||
singleton
|
||||
>
|
||||
</ak-crypto-certificate-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Key used to sign the tokens.")}
|
||||
</p>
|
||||
<ak-utils-time-delta-help></ak-utils-time-delta-help>`}
|
||||
>
|
||||
</ak-text-input>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
|
||||
<ak-text-input
|
||||
name="accessTokenValidity"
|
||||
label=${msg("Access Token validity")}
|
||||
value="${first(provider?.accessTokenValidity, "minutes=5")}"
|
||||
required
|
||||
.bighelp=${html` <p class="pf-c-form__helper-text">
|
||||
${msg("Configure how long access tokens are valid for.")}
|
||||
<ak-form-group>
|
||||
<span slot="header"> ${msg("Advanced protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="accessCodeValidity"
|
||||
label=${msg("Access code validity")}
|
||||
required
|
||||
value="${first(provider?.accessCodeValidity, "minutes=1")}"
|
||||
.errorMessages=${errors?.accessCodeValidity ?? []}
|
||||
.bighelp=${html`<p class="pf-c-form__helper-text">
|
||||
${msg("Configure how long access codes are valid for.")}
|
||||
</p>
|
||||
<ak-utils-time-delta-help></ak-utils-time-delta-help>`}
|
||||
>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-text-input
|
||||
name="accessTokenValidity"
|
||||
label=${msg("Access Token validity")}
|
||||
value="${first(provider?.accessTokenValidity, "minutes=5")}"
|
||||
required
|
||||
.errorMessages=${errors?.accessTokenValidity ?? []}
|
||||
.bighelp=${html` <p class="pf-c-form__helper-text">
|
||||
${msg("Configure how long access tokens are valid for.")}
|
||||
</p>
|
||||
<ak-utils-time-delta-help></ak-utils-time-delta-help>`}
|
||||
>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-text-input
|
||||
name="refreshTokenValidity"
|
||||
label=${msg("Refresh Token validity")}
|
||||
value="${first(provider?.refreshTokenValidity, "days=30")}"
|
||||
.errorMessages=${errors?.refreshTokenValidity ?? []}
|
||||
?required=${true}
|
||||
.bighelp=${html` <p class="pf-c-form__helper-text">
|
||||
${msg("Configure how long refresh tokens are valid for.")}
|
||||
</p>
|
||||
<ak-utils-time-delta-help></ak-utils-time-delta-help>`}
|
||||
>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Scopes")}
|
||||
name="propertyMappings"
|
||||
.errorMessages=${errors?.propertyMappings ?? []}
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.propertyMappings?.results.map((scope) => {
|
||||
let selected = false;
|
||||
if (!provider?.propertyMappings) {
|
||||
selected =
|
||||
scope.managed?.startsWith(
|
||||
"goauthentik.io/providers/oauth2/scope-",
|
||||
) || false;
|
||||
} else {
|
||||
selected = Array.from(provider?.propertyMappings).some(
|
||||
(su) => {
|
||||
return su == scope.pk;
|
||||
},
|
||||
);
|
||||
}
|
||||
return html`<option
|
||||
value=${ifDefined(scope.pk)}
|
||||
?selected=${selected}
|
||||
>
|
||||
${scope.name}
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Select which scopes can be used by the client. The client still has to specify the scope to access the data.",
|
||||
)}
|
||||
</p>
|
||||
<ak-utils-time-delta-help></ak-utils-time-delta-help>`}
|
||||
>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-text-input
|
||||
name="refreshTokenValidity"
|
||||
label=${msg("Refresh Token validity")}
|
||||
value="${first(provider?.refreshTokenValidity, "days=30")}"
|
||||
?required=${true}
|
||||
.bighelp=${html` <p class="pf-c-form__helper-text">
|
||||
${msg("Configure how long refresh tokens are valid for.")}
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
<ak-utils-time-delta-help></ak-utils-time-delta-help>`}
|
||||
>
|
||||
</ak-text-input>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-form-element-horizontal label=${msg("Scopes")} name="propertyMappings">
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.propertyMappings?.results.map((scope) => {
|
||||
let selected = false;
|
||||
if (!provider?.propertyMappings) {
|
||||
selected =
|
||||
scope.managed?.startsWith(
|
||||
"goauthentik.io/providers/oauth2/scope-",
|
||||
) || false;
|
||||
} else {
|
||||
selected = Array.from(provider?.propertyMappings).some((su) => {
|
||||
return su == scope.pk;
|
||||
<ak-radio-input
|
||||
name="subMode"
|
||||
label=${msg("Subject mode")}
|
||||
required
|
||||
.options=${subjectModeOptions}
|
||||
.value=${provider?.subMode}
|
||||
help=${msg(
|
||||
"Configure what data should be used as unique User Identifier. For most cases, the default should be fine.",
|
||||
)}
|
||||
>
|
||||
</ak-radio-input>
|
||||
<ak-switch-input
|
||||
name="includeClaimsInIdToken"
|
||||
label=${msg("Include claims in id_token")}
|
||||
?checked=${first(provider?.includeClaimsInIdToken, true)}
|
||||
help=${msg(
|
||||
"Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.",
|
||||
)}
|
||||
></ak-switch-input>
|
||||
<ak-radio-input
|
||||
name="issuerMode"
|
||||
label=${msg("Issuer mode")}
|
||||
required
|
||||
.options=${issuerModeOptions}
|
||||
.value=${provider?.issuerMode}
|
||||
help=${msg(
|
||||
"Configure how the issuer field of the ID Token should be filled.",
|
||||
)}
|
||||
>
|
||||
</ak-radio-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
|
||||
<ak-form-group>
|
||||
<span slot="header">${msg("Machine-to-Machine authentication settings")}</span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Trusted OIDC Sources")}
|
||||
name="jwksSources"
|
||||
.errorMessages=${errors?.jwksSources ?? []}
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.oauthSources?.results.map((source) => {
|
||||
const selected = (provider?.jwksSources || []).some((su) => {
|
||||
return su == source.pk;
|
||||
});
|
||||
}
|
||||
return html`<option
|
||||
value=${ifDefined(scope.pk)}
|
||||
?selected=${selected}
|
||||
>
|
||||
${scope.name}
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Select which scopes can be used by the client. The client still has to specify the scope to access the data.",
|
||||
)}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-radio-input
|
||||
name="subMode"
|
||||
label=${msg("Subject mode")}
|
||||
required
|
||||
.options=${subjectModeOptions}
|
||||
.value=${provider?.subMode}
|
||||
help=${msg(
|
||||
"Configure what data should be used as unique User Identifier. For most cases, the default should be fine.",
|
||||
)}
|
||||
>
|
||||
</ak-radio-input>
|
||||
<ak-switch-input
|
||||
name="includeClaimsInIdToken"
|
||||
label=${msg("Include claims in id_token")}
|
||||
?checked=${first(provider?.includeClaimsInIdToken, true)}
|
||||
help=${msg(
|
||||
"Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint.",
|
||||
)}
|
||||
></ak-switch-input>
|
||||
<ak-radio-input
|
||||
name="issuerMode"
|
||||
label=${msg("Issuer mode")}
|
||||
required
|
||||
.options=${issuerModeOptions}
|
||||
.value=${provider?.issuerMode}
|
||||
help=${msg(
|
||||
"Configure how the issuer field of the ID Token should be filled.",
|
||||
)}
|
||||
>
|
||||
</ak-radio-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
|
||||
<ak-form-group>
|
||||
<span slot="header">${msg("Machine-to-Machine authentication settings")}</span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Trusted OIDC Sources")}
|
||||
name="jwksSources"
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.oauthSources?.results.map((source) => {
|
||||
const selected = (provider?.jwksSources || []).some((su) => {
|
||||
return su == source.pk;
|
||||
});
|
||||
return html`<option value=${source.pk} ?selected=${selected}>
|
||||
${source.name} (${source.slug})
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider.",
|
||||
)}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
return html`<option value=${source.pk} ?selected=${selected}>
|
||||
${source.name} (${source.slug})
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider.",
|
||||
)}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import "@goauthentik/admin/applications/wizard/ak-wizard-title";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { first } from "@goauthentik/common/utils";
|
||||
import "@goauthentik/components/ak-switch-input";
|
||||
|
@ -61,11 +62,11 @@ export class AkTypeProxyApplicationWizardPage extends BaseProviderPanel {
|
|||
return nothing;
|
||||
}
|
||||
|
||||
renderProxyMode() {
|
||||
return html`<h2>This space intentionally left blank</h2>`;
|
||||
renderProxyMode(): TemplateResult {
|
||||
throw new Error("Must be implemented in a child class.");
|
||||
}
|
||||
|
||||
renderHttpBasic(): TemplateResult {
|
||||
renderHttpBasic() {
|
||||
return html`<ak-text-input
|
||||
name="basicAuthUserAttribute"
|
||||
label=${msg("HTTP-Basic Username Key")}
|
||||
|
@ -87,168 +88,194 @@ export class AkTypeProxyApplicationWizardPage extends BaseProviderPanel {
|
|||
</ak-text-input>`;
|
||||
}
|
||||
|
||||
scopeMappingConfiguration(provider?: ProxyProvider) {
|
||||
const propertyMappings = this.propertyMappings?.results ?? [];
|
||||
|
||||
const defaultScopes = () =>
|
||||
propertyMappings
|
||||
.filter((scope) => !(scope?.managed ?? "").startsWith("goauthentik.io/providers"))
|
||||
.map((pm) => pm.pk);
|
||||
|
||||
const configuredScopes = (providerMappings: string[]) =>
|
||||
propertyMappings.map((scope) => scope.pk).filter((pk) => providerMappings.includes(pk));
|
||||
|
||||
const scopeValues = provider?.propertyMappings
|
||||
? configuredScopes(provider?.propertyMappings ?? [])
|
||||
: defaultScopes();
|
||||
|
||||
const scopePairs = propertyMappings.map((scope) => [scope.pk, scope.name]);
|
||||
|
||||
return { scopePairs, scopeValues };
|
||||
}
|
||||
|
||||
render() {
|
||||
return html`<form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
${this.renderModeDescription()}
|
||||
<ak-text-input
|
||||
name="name"
|
||||
value=${ifDefined(this.instance?.name)}
|
||||
required
|
||||
label=${msg("Name")}
|
||||
></ak-text-input>
|
||||
const errors = this.wizard.errors.provider;
|
||||
const { scopePairs, scopeValues } = this.scopeMappingConfiguration(this.instance);
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authentication flow")}
|
||||
?required=${false}
|
||||
name="authenticationFlow"
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${this.instance?.authenticationFlow}
|
||||
return html` <ak-wizard-title>${msg("Configure Proxy Provider")}</ak-wizard-title>
|
||||
<form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
${this.renderModeDescription()}
|
||||
<ak-text-input
|
||||
name="name"
|
||||
value=${ifDefined(this.instance?.name)}
|
||||
required
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used when a user access this provider and is not authenticated.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
.errorMessages=${errors?.name ?? []}
|
||||
label=${msg("Name")}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authorization flow")}
|
||||
?required=${true}
|
||||
name="authorizationFlow"
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authorization}
|
||||
.currentFlow=${this.instance?.authorizationFlow}
|
||||
required
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used when authorizing this provider.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authentication flow")}
|
||||
?required=${false}
|
||||
.errorMessages=${errors?.authenticationFlow ?? []}
|
||||
name="authenticationFlow"
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${this.instance?.authenticationFlow}
|
||||
required
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Flow used when a user access this provider and is not authenticated.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
${this.renderProxyMode()}
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authorization flow")}
|
||||
?required=${true}
|
||||
name="authorizationFlow"
|
||||
.errorMessages=${errors?.authorizationFlow ?? []}
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authorization}
|
||||
.currentFlow=${this.instance?.authorizationFlow}
|
||||
required
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used when authorizing this provider.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-text-input
|
||||
name="accessTokenValidity"
|
||||
value=${first(this.instance?.accessTokenValidity, "hours=24")}
|
||||
label=${msg("Token validity")}
|
||||
help=${msg("Configure how long tokens are valid for.")}
|
||||
></ak-text-input>
|
||||
${this.renderProxyMode()}
|
||||
|
||||
<ak-form-group>
|
||||
<span slot="header">${msg("Advanced protocol settings")}</span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal label=${msg("Certificate")} name="certificate">
|
||||
<ak-crypto-certificate-search
|
||||
certificate=${ifDefined(this.instance?.certificate ?? undefined)}
|
||||
></ak-crypto-certificate-search>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-text-input
|
||||
name="accessTokenValidity"
|
||||
value=${first(this.instance?.accessTokenValidity, "hours=24")}
|
||||
label=${msg("Token validity")}
|
||||
help=${msg("Configure how long tokens are valid for.")}
|
||||
.errorMessages=${errors?.accessTokenValidity ?? []}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Additional scopes")}
|
||||
name="propertyMappings"
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.propertyMappings?.results
|
||||
.filter((scope) => {
|
||||
return !scope.managed?.startsWith("goauthentik.io/providers");
|
||||
})
|
||||
.map((scope) => {
|
||||
const selected = (this.instance?.propertyMappings || []).some(
|
||||
<ak-form-group>
|
||||
<span slot="header">${msg("Advanced protocol settings")}</span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Certificate")}
|
||||
name="certificate"
|
||||
.errorMessages=${errors?.certificate ?? []}
|
||||
>
|
||||
<ak-crypto-certificate-search
|
||||
certificate=${ifDefined(this.instance?.certificate ?? undefined)}
|
||||
></ak-crypto-certificate-search>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-multi-select
|
||||
label=${msg("AdditionalScopes")}
|
||||
name="propertyMappings"
|
||||
required
|
||||
.options=${scopePairs}
|
||||
.values=${scopeValues}
|
||||
.errorMessages=${errors?.propertyMappings ?? []}
|
||||
.richhelp=${html`
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Additional scope mappings, which are passed to the proxy.",
|
||||
)}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
`}
|
||||
></ak-multi-select>
|
||||
|
||||
<ak-textarea-input
|
||||
name="skipPathRegex"
|
||||
label=${this.mode === ProxyMode.ForwardDomain
|
||||
? msg("Unauthenticated URLs")
|
||||
: msg("Unauthenticated Paths")}
|
||||
value=${ifDefined(this.instance?.skipPathRegex)}
|
||||
.errorMessages=${errors?.skipPathRegex ?? []}
|
||||
.bighelp=${html` <p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Regular expressions for which authentication is not required. Each new line is interpreted as a new expression.",
|
||||
)}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions.",
|
||||
)}
|
||||
</p>`}
|
||||
>
|
||||
</ak-textarea-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group>
|
||||
<span slot="header">${msg("Authentication settings")}</span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-switch-input
|
||||
name="interceptHeaderAuth"
|
||||
?checked=${first(this.instance?.interceptHeaderAuth, true)}
|
||||
label=${msg("Intercept header authentication")}
|
||||
help=${msg(
|
||||
"When enabled, authentik will intercept the Authorization header to authenticate the request.",
|
||||
)}
|
||||
></ak-switch-input>
|
||||
|
||||
<ak-switch-input
|
||||
name="basicAuthEnabled"
|
||||
?checked=${first(this.instance?.basicAuthEnabled, false)}
|
||||
@change=${(ev: Event) => {
|
||||
const el = ev.target as HTMLInputElement;
|
||||
this.showHttpBasic = el.checked;
|
||||
}}
|
||||
label=${msg("Send HTTP-Basic Authentication")}
|
||||
help=${msg(
|
||||
"Send a custom HTTP-Basic Authentication header based on values from authentik.",
|
||||
)}
|
||||
></ak-switch-input>
|
||||
|
||||
${this.showHttpBasic ? this.renderHttpBasic() : html``}
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Trusted OIDC Sources")}
|
||||
name="jwksSources"
|
||||
.errorMessages=${errors?.jwksSources ?? []}
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.oauthSources?.results.map((source) => {
|
||||
const selected = (this.instance?.jwksSources || []).some(
|
||||
(su) => {
|
||||
return su == scope.pk;
|
||||
return su == source.pk;
|
||||
},
|
||||
);
|
||||
return html`<option
|
||||
value=${ifDefined(scope.pk)}
|
||||
?selected=${selected}
|
||||
>
|
||||
${scope.name}
|
||||
return html`<option value=${source.pk} ?selected=${selected}>
|
||||
${source.name} (${source.slug})
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Additional scope mappings, which are passed to the proxy.")}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-textarea-input
|
||||
name="skipPathRegex"
|
||||
label=${this.mode === ProxyMode.ForwardDomain
|
||||
? msg("Unauthenticated URLs")
|
||||
: msg("Unauthenticated Paths")}
|
||||
value=${ifDefined(this.instance?.skipPathRegex)}
|
||||
.bighelp=${html` <p class="pf-c-form__helper-text">
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Regular expressions for which authentication is not required. Each new line is interpreted as a new expression.",
|
||||
"JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider.",
|
||||
)}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions.",
|
||||
)}
|
||||
</p>`}
|
||||
>
|
||||
</ak-textarea-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group>
|
||||
<span slot="header">${msg("Authentication settings")}</span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-switch-input
|
||||
name="interceptHeaderAuth"
|
||||
?checked=${first(this.instance?.interceptHeaderAuth, true)}
|
||||
label=${msg("Intercept header authentication")}
|
||||
help=${msg(
|
||||
"When enabled, authentik will intercept the Authorization header to authenticate the request.",
|
||||
)}
|
||||
></ak-switch-input>
|
||||
|
||||
<ak-switch-input
|
||||
name="basicAuthEnabled"
|
||||
?checked=${first(this.instance?.basicAuthEnabled, false)}
|
||||
@change=${(ev: Event) => {
|
||||
const el = ev.target as HTMLInputElement;
|
||||
this.showHttpBasic = el.checked;
|
||||
}}
|
||||
label=${msg("Send HTTP-Basic Authentication")}
|
||||
help=${msg(
|
||||
"Send a custom HTTP-Basic Authentication header based on values from authentik.",
|
||||
)}
|
||||
></ak-switch-input>
|
||||
|
||||
${this.showHttpBasic ? this.renderHttpBasic() : html``}
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Trusted OIDC Sources")}
|
||||
name="jwksSources"
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.oauthSources?.results.map((source) => {
|
||||
const selected = (this.instance?.jwksSources || []).some((su) => {
|
||||
return su == source.pk;
|
||||
});
|
||||
return html`<option value=${source.pk} ?selected=${selected}>
|
||||
${source.name} (${source.slug})
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider.",
|
||||
)}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -5,6 +5,8 @@ import { customElement } from "@lit/reactive-element/decorators.js";
|
|||
import { html } from "lit";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { ProxyProvider } from "@goauthentik/api";
|
||||
|
||||
import AkTypeProxyApplicationWizardPage from "./AuthenticationByProxyPage";
|
||||
|
||||
@customElement("ak-application-wizard-authentication-for-forward-proxy-domain")
|
||||
|
@ -28,11 +30,15 @@ export class AkForwardDomainProxyApplicationWizardPage extends AkTypeProxyApplic
|
|||
}
|
||||
|
||||
renderProxyMode() {
|
||||
const provider = this.wizard.provider as ProxyProvider | undefined;
|
||||
const errors = this.wizard.errors.provider;
|
||||
|
||||
return html`
|
||||
<ak-text-input
|
||||
name="externalHost"
|
||||
label=${msg("External host")}
|
||||
value=${ifDefined(this.instance?.externalHost)}
|
||||
value=${ifDefined(provider?.externalHost)}
|
||||
.errorMessages=${errors?.externalHost ?? []}
|
||||
required
|
||||
help=${msg(
|
||||
"The external URL you'll authenticate at. The authentik core server should be reachable under this URL.",
|
||||
|
@ -42,7 +48,8 @@ export class AkForwardDomainProxyApplicationWizardPage extends AkTypeProxyApplic
|
|||
<ak-text-input
|
||||
name="cookieDomain"
|
||||
label=${msg("Cookie domain")}
|
||||
value="${ifDefined(this.instance?.cookieDomain)}"
|
||||
value="${ifDefined(provider?.cookieDomain)}"
|
||||
.errorMessages=${errors?.cookieDomain ?? []}
|
||||
required
|
||||
help=${msg(
|
||||
"Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'.",
|
||||
|
|
|
@ -7,6 +7,8 @@ import { customElement } from "@lit/reactive-element/decorators.js";
|
|||
import { html } from "lit";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { ProxyProvider } from "@goauthentik/api";
|
||||
|
||||
import AkTypeProxyApplicationWizardPage from "./AuthenticationByProxyPage";
|
||||
|
||||
@customElement("ak-application-wizard-authentication-for-reverse-proxy")
|
||||
|
@ -20,25 +22,30 @@ export class AkReverseProxyApplicationWizardPage extends AkTypeProxyApplicationW
|
|||
}
|
||||
|
||||
renderProxyMode() {
|
||||
const provider = this.wizard.provider as ProxyProvider | undefined;
|
||||
const errors = this.wizard.errors.provider;
|
||||
|
||||
return html` <ak-text-input
|
||||
name="externalHost"
|
||||
value=${ifDefined(this.instance?.externalHost)}
|
||||
value=${ifDefined(provider?.externalHost)}
|
||||
required
|
||||
label=${msg("External host")}
|
||||
.errorMessages=${errors?.externalHost ?? []}
|
||||
help=${msg(
|
||||
"The external URL you'll access the application at. Include any non-standard port.",
|
||||
)}
|
||||
></ak-text-input>
|
||||
<ak-text-input
|
||||
name="internalHost"
|
||||
value=${ifDefined(this.instance?.internalHost)}
|
||||
value=${ifDefined(provider?.internalHost)}
|
||||
.errorMessages=${errors?.internalHost ?? []}
|
||||
required
|
||||
label=${msg("Internal host")}
|
||||
help=${msg("Upstream host that the requests are forwarded to.")}
|
||||
></ak-text-input>
|
||||
<ak-switch-input
|
||||
name="internalHostSslValidation"
|
||||
?checked=${first(this.instance?.internalHostSslValidation, true)}
|
||||
?checked=${first(provider?.internalHostSslValidation, true)}
|
||||
label=${msg("Internal host SSL Validation")}
|
||||
help=${msg("Validate SSL Certificates of upstream servers.")}
|
||||
>
|
||||
|
|
|
@ -5,6 +5,8 @@ import { customElement } from "@lit/reactive-element/decorators.js";
|
|||
import { html } from "lit";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { ProxyProvider } from "@goauthentik/api";
|
||||
|
||||
import AkTypeProxyApplicationWizardPage from "./AuthenticationByProxyPage";
|
||||
|
||||
@customElement("ak-application-wizard-authentication-for-single-forward-proxy")
|
||||
|
@ -21,11 +23,15 @@ export class AkForwardSingleProxyApplicationWizardPage extends AkTypeProxyApplic
|
|||
}
|
||||
|
||||
renderProxyMode() {
|
||||
const provider = this.wizard.provider as ProxyProvider | undefined;
|
||||
const errors = this.wizard.errors.provider;
|
||||
|
||||
return html`<ak-text-input
|
||||
name="externalHost"
|
||||
value=${ifDefined(this.instance?.externalHost)}
|
||||
value=${ifDefined(provider?.externalHost)}
|
||||
required
|
||||
label=${msg("External host")}
|
||||
.errorMessages=${errors?.externalHost ?? []}
|
||||
help=${msg(
|
||||
"The external URL you'll access the application at. Include any non-standard port.",
|
||||
)}
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import "@goauthentik/admin/applications/wizard/ak-wizard-title";
|
||||
import "@goauthentik/admin/common/ak-crypto-certificate-search";
|
||||
import "@goauthentik/admin/common/ak-flow-search/ak-tenanted-flow-search";
|
||||
import { ascii_letters, digits, first, randomString } from "@goauthentik/common/utils";
|
||||
|
@ -19,54 +20,62 @@ import BaseProviderPanel from "../BaseProviderPanel";
|
|||
export class ApplicationWizardAuthenticationByRadius extends BaseProviderPanel {
|
||||
render() {
|
||||
const provider = this.wizard.provider as RadiusProvider | undefined;
|
||||
const errors = this.wizard.errors.provider;
|
||||
|
||||
return html`<form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
label=${msg("Name")}
|
||||
value=${ifDefined(provider?.name)}
|
||||
required
|
||||
>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authentication flow")}
|
||||
?required=${true}
|
||||
name="authorizationFlow"
|
||||
>
|
||||
<ak-tenanted-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${provider?.authorizationFlow}
|
||||
.tenantFlow=${rootInterface()?.tenant?.flowAuthentication}
|
||||
return html`<ak-wizard-title>${msg("Configure Radius Provider")}</ak-wizard-title>
|
||||
<form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
label=${msg("Name")}
|
||||
value=${ifDefined(provider?.name)}
|
||||
.errorMessages=${errors?.name ?? []}
|
||||
required
|
||||
></ak-tenanted-flow-search>
|
||||
<p class="pf-c-form__helper-text">${msg("Flow used for users to authenticate.")}</p>
|
||||
</ak-form-element-horizontal>
|
||||
>
|
||||
</ak-text-input>
|
||||
|
||||
<ak-form-group expanded>
|
||||
<span slot="header"> ${msg("Protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="sharedSecret"
|
||||
label=${msg("Shared secret")}
|
||||
value=${first(
|
||||
provider?.sharedSecret,
|
||||
randomString(128, ascii_letters + digits),
|
||||
)}
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authentication flow")}
|
||||
?required=${true}
|
||||
name="authorizationFlow"
|
||||
.errorMessages=${errors?.authorizationFlow ?? []}
|
||||
>
|
||||
<ak-tenanted-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${provider?.authorizationFlow}
|
||||
.tenantFlow=${rootInterface()?.tenant?.flowAuthentication}
|
||||
required
|
||||
></ak-text-input>
|
||||
<ak-text-input
|
||||
name="clientNetworks"
|
||||
label=${msg("Client Networks")}
|
||||
value=${first(provider?.clientNetworks, "0.0.0.0/0, ::/0")}
|
||||
required
|
||||
help=${msg(`List of CIDRs (comma-seperated) that clients can connect from. A more specific
|
||||
></ak-tenanted-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used for users to authenticate.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-form-group expanded>
|
||||
<span slot="header"> ${msg("Protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="sharedSecret"
|
||||
label=${msg("Shared secret")}
|
||||
.errorMessages=${errors?.sharedSecret ?? []}
|
||||
value=${first(
|
||||
provider?.sharedSecret,
|
||||
randomString(128, ascii_letters + digits),
|
||||
)}
|
||||
required
|
||||
></ak-text-input>
|
||||
<ak-text-input
|
||||
name="clientNetworks"
|
||||
label=${msg("Client Networks")}
|
||||
value=${first(provider?.clientNetworks, "0.0.0.0/0, ::/0")}
|
||||
.errorMessages=${errors?.clientNetworks ?? []}
|
||||
required
|
||||
help=${msg(`List of CIDRs (comma-seperated) that clients can connect from. A more specific
|
||||
CIDR will match before a looser one. Clients connecting from a non-specified CIDR
|
||||
will be dropped.`)}
|
||||
></ak-text-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
></ak-text-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
import "@goauthentik/admin/applications/wizard/ak-wizard-title";
|
||||
import "@goauthentik/admin/applications/wizard/ak-wizard-title";
|
||||
import "@goauthentik/admin/common/ak-core-group-search";
|
||||
import "@goauthentik/admin/common/ak-crypto-certificate-search";
|
||||
import "@goauthentik/admin/common/ak-flow-search/ak-tenanted-flow-search";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/ak-multi-select";
|
||||
import "@goauthentik/components/ak-number-input";
|
||||
import "@goauthentik/components/ak-radio-input";
|
||||
import "@goauthentik/components/ak-switch-input";
|
||||
|
@ -10,7 +13,7 @@ import "@goauthentik/elements/forms/FormGroup";
|
|||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { customElement } from "@lit/reactive-element/decorators/custom-element.js";
|
||||
import { customElement, state } from "@lit/reactive-element/decorators.js";
|
||||
import { html } from "lit";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
|
@ -27,9 +30,11 @@ import {
|
|||
signatureAlgorithmOptions,
|
||||
spBindingOptions,
|
||||
} from "./SamlProviderOptions";
|
||||
import "./saml-property-mappings-search";
|
||||
|
||||
@customElement("ak-application-wizard-authentication-by-saml-configuration")
|
||||
export class ApplicationWizardProviderSamlConfiguration extends BaseProviderPanel {
|
||||
@state()
|
||||
propertyMappings?: PaginatedSAMLPropertyMappingList;
|
||||
|
||||
constructor() {
|
||||
|
@ -43,207 +48,229 @@ export class ApplicationWizardProviderSamlConfiguration extends BaseProviderPane
|
|||
});
|
||||
}
|
||||
|
||||
propertyMappingConfiguration(provider?: SAMLProvider) {
|
||||
const propertyMappings = this.propertyMappings?.results ?? [];
|
||||
|
||||
const configuredMappings = (providerMappings: string[]) =>
|
||||
propertyMappings.map((pm) => pm.pk).filter((pmpk) => providerMappings.includes(pmpk));
|
||||
|
||||
const managedMappings = () =>
|
||||
propertyMappings
|
||||
.filter((pm) => (pm?.managed ?? "").startsWith("goauthentik.io/providers/saml"))
|
||||
.map((pm) => pm.pk);
|
||||
|
||||
const pmValues = provider?.propertyMappings
|
||||
? configuredMappings(provider?.propertyMappings ?? [])
|
||||
: managedMappings();
|
||||
|
||||
const propertyPairs = propertyMappings.map((pm) => [pm.pk, pm.name]);
|
||||
|
||||
return { pmValues, propertyPairs };
|
||||
}
|
||||
|
||||
render() {
|
||||
const provider = this.wizard.provider as SAMLProvider | undefined;
|
||||
const errors = this.wizard.errors.provider;
|
||||
|
||||
return html` <form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
value=${ifDefined(provider?.name)}
|
||||
required
|
||||
label=${msg("Name")}
|
||||
></ak-text-input>
|
||||
const { pmValues, propertyPairs } = this.propertyMappingConfiguration(provider);
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authentication flow")}
|
||||
?required=${false}
|
||||
name="authenticationFlow"
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${provider?.authenticationFlow}
|
||||
return html` <ak-wizard-title>${msg("Configure SAML Provider")}</ak-wizard-title>
|
||||
<form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
value=${ifDefined(provider?.name)}
|
||||
required
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used when a user access this provider and is not authenticated.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
label=${msg("Name")}
|
||||
.errorMessages=${errors?.name ?? []}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authorization flow")}
|
||||
?required=${true}
|
||||
name="authorizationFlow"
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authorization}
|
||||
.currentFlow=${provider?.authorizationFlow}
|
||||
required
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used when authorizing this provider.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-form-group .expanded=${true}>
|
||||
<span slot="header"> ${msg("Protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="acsUrl"
|
||||
value=${ifDefined(provider?.acsUrl)}
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authentication flow")}
|
||||
?required=${false}
|
||||
name="authenticationFlow"
|
||||
.errorMessages=${errors?.authenticationFlow ?? []}
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authentication}
|
||||
.currentFlow=${provider?.authenticationFlow}
|
||||
required
|
||||
label=${msg("ACS URL")}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-text-input
|
||||
name="issuer"
|
||||
value=${provider?.issuer || "authentik"}
|
||||
required
|
||||
label=${msg("Issuer")}
|
||||
help=${msg("Also known as EntityID.")}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-radio-input
|
||||
name="spBinding"
|
||||
label=${msg("Service Provider Binding")}
|
||||
required
|
||||
.options=${spBindingOptions}
|
||||
.value=${provider?.spBinding}
|
||||
help=${msg(
|
||||
"Determines how authentik sends the response back to the Service Provider.",
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Flow used when a user access this provider and is not authenticated.",
|
||||
)}
|
||||
>
|
||||
</ak-radio-input>
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-text-input
|
||||
name="audience"
|
||||
value=${ifDefined(provider?.audience)}
|
||||
label=${msg("Audience")}
|
||||
></ak-text-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authorization flow")}
|
||||
?required=${true}
|
||||
name="authorizationFlow"
|
||||
.errorMessages=${errors?.authorizationFlow ?? []}
|
||||
>
|
||||
<ak-flow-search
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authorization}
|
||||
.currentFlow=${provider?.authorizationFlow}
|
||||
required
|
||||
></ak-flow-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used when authorizing this provider.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-form-group>
|
||||
<span slot="header"> ${msg("Advanced protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Signing Certificate")}
|
||||
name="signingKp"
|
||||
>
|
||||
<ak-crypto-certificate-search
|
||||
certificate=${ifDefined(provider?.signingKp ?? undefined)}
|
||||
></ak-crypto-certificate-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Certificate used to sign outgoing Responses going to the Service Provider.",
|
||||
<ak-form-group .expanded=${true}>
|
||||
<span slot="header"> ${msg("Protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="acsUrl"
|
||||
value=${ifDefined(provider?.acsUrl)}
|
||||
required
|
||||
label=${msg("ACS URL")}
|
||||
.errorMessages=${errors?.acsUrl ?? []}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-text-input
|
||||
name="issuer"
|
||||
value=${provider?.issuer || "authentik"}
|
||||
required
|
||||
label=${msg("Issuer")}
|
||||
help=${msg("Also known as EntityID.")}
|
||||
.errorMessages=${errors?.issuer ?? []}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-radio-input
|
||||
name="spBinding"
|
||||
label=${msg("Service Provider Binding")}
|
||||
required
|
||||
.options=${spBindingOptions}
|
||||
.value=${provider?.spBinding}
|
||||
help=${msg(
|
||||
"Determines how authentik sends the response back to the Service Provider.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
>
|
||||
</ak-radio-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Verification Certificate")}
|
||||
name="verificationKp"
|
||||
>
|
||||
<ak-crypto-certificate-search
|
||||
certificate=${ifDefined(provider?.verificationKp ?? undefined)}
|
||||
nokey
|
||||
></ak-crypto-certificate-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-text-input
|
||||
name="audience"
|
||||
value=${ifDefined(provider?.audience)}
|
||||
label=${msg("Audience")}
|
||||
.errorMessages=${errors?.audience ?? []}
|
||||
></ak-text-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Property mappings")}
|
||||
?required=${true}
|
||||
name="propertyMappings"
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.propertyMappings?.results.map((mapping) => {
|
||||
let selected = false;
|
||||
if (!provider?.propertyMappings) {
|
||||
selected =
|
||||
mapping.managed?.startsWith(
|
||||
"goauthentik.io/providers/saml",
|
||||
) || false;
|
||||
} else {
|
||||
selected = Array.from(provider?.propertyMappings).some((su) => {
|
||||
return su == mapping.pk;
|
||||
});
|
||||
}
|
||||
return html`<option
|
||||
value=${ifDefined(mapping.pk)}
|
||||
?selected=${selected}
|
||||
>
|
||||
${mapping.name}
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-group>
|
||||
<span slot="header"> ${msg("Advanced protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Signing Certificate")}
|
||||
name="signingKp"
|
||||
>
|
||||
<ak-crypto-certificate-search
|
||||
certificate=${ifDefined(provider?.signingKp ?? undefined)}
|
||||
></ak-crypto-certificate-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Certificate used to sign outgoing Responses going to the Service Provider.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("NameID Property Mapping")}
|
||||
name="nameIdMapping"
|
||||
>
|
||||
<ak-saml-property-mapping-search
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Verification Certificate")}
|
||||
name="verificationKp"
|
||||
>
|
||||
<ak-crypto-certificate-search
|
||||
certificate=${ifDefined(provider?.verificationKp ?? undefined)}
|
||||
nokey
|
||||
></ak-crypto-certificate-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-multi-select
|
||||
label=${msg("Property Mappings")}
|
||||
name="propertyMappings"
|
||||
required
|
||||
.options=${propertyPairs}
|
||||
.values=${pmValues}
|
||||
.richhelp=${html` <p class="pf-c-form__helper-text">
|
||||
${msg("Property mappings used for user mapping.")}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>`}
|
||||
></ak-multi-select>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("NameID Property Mapping")}
|
||||
name="nameIdMapping"
|
||||
propertymapping=${ifDefined(provider?.nameIdMapping ?? undefined)}
|
||||
></ak-saml-property-mapping-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected.",
|
||||
>
|
||||
<ak-saml-property-mapping-search
|
||||
name="nameIdMapping"
|
||||
propertymapping=${ifDefined(provider?.nameIdMapping ?? undefined)}
|
||||
></ak-saml-property-mapping-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-text-input
|
||||
name="assertionValidNotBefore"
|
||||
value=${provider?.assertionValidNotBefore || "minutes=-5"}
|
||||
required
|
||||
label=${msg("Assertion valid not before")}
|
||||
help=${msg(
|
||||
"Configure the maximum allowed time drift for an assertion.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
.errorMessages=${errors?.assertionValidNotBefore ?? []}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-text-input
|
||||
name="assertionValidNotBefore"
|
||||
value=${provider?.assertionValidNotBefore || "minutes=-5"}
|
||||
required
|
||||
label=${msg("Assertion valid not before")}
|
||||
help=${msg("Configure the maximum allowed time drift for an assertion.")}
|
||||
></ak-text-input>
|
||||
<ak-text-input
|
||||
name="assertionValidNotOnOrAfter"
|
||||
value=${provider?.assertionValidNotOnOrAfter || "minutes=5"}
|
||||
required
|
||||
label=${msg("Assertion valid not on or after")}
|
||||
help=${msg(
|
||||
"Assertion not valid on or after current time + this value.",
|
||||
)}
|
||||
.errorMessages=${errors?.assertionValidNotOnOrAfter ?? []}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-text-input
|
||||
name="assertionValidNotOnOrAfter"
|
||||
value=${provider?.assertionValidNotOnOrAfter || "minutes=5"}
|
||||
required
|
||||
label=${msg("Assertion valid not on or after")}
|
||||
help=${msg("Assertion not valid on or after current time + this value.")}
|
||||
></ak-text-input>
|
||||
<ak-text-input
|
||||
name="sessionValidNotOnOrAfter"
|
||||
value=${provider?.sessionValidNotOnOrAfter || "minutes=86400"}
|
||||
required
|
||||
label=${msg("Session valid not on or after")}
|
||||
help=${msg("Session not valid on or after current time + this value.")}
|
||||
.errorMessages=${errors?.sessionValidNotOnOrAfter ?? []}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-text-input
|
||||
name="sessionValidNotOnOrAfter"
|
||||
value=${provider?.sessionValidNotOnOrAfter || "minutes=86400"}
|
||||
required
|
||||
label=${msg("Session valid not on or after")}
|
||||
help=${msg("Session not valid on or after current time + this value.")}
|
||||
></ak-text-input>
|
||||
<ak-radio-input
|
||||
name="digestAlgorithm"
|
||||
label=${msg("Digest algorithm")}
|
||||
required
|
||||
.options=${digestAlgorithmOptions}
|
||||
.value=${provider?.digestAlgorithm}
|
||||
>
|
||||
</ak-radio-input>
|
||||
|
||||
<ak-radio-input
|
||||
name="digestAlgorithm"
|
||||
label=${msg("Digest algorithm")}
|
||||
required
|
||||
.options=${digestAlgorithmOptions}
|
||||
.value=${provider?.digestAlgorithm}
|
||||
>
|
||||
</ak-radio-input>
|
||||
|
||||
<ak-radio-input
|
||||
name="signatureAlgorithm"
|
||||
label=${msg("Signature algorithm")}
|
||||
required
|
||||
.options=${signatureAlgorithmOptions}
|
||||
.value=${provider?.signatureAlgorithm}
|
||||
>
|
||||
</ak-radio-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
<ak-radio-input
|
||||
name="signatureAlgorithm"
|
||||
label=${msg("Signature algorithm")}
|
||||
required
|
||||
.options=${signatureAlgorithmOptions}
|
||||
.value=${provider?.signatureAlgorithm}
|
||||
>
|
||||
</ak-radio-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,81 +0,0 @@
|
|||
import "@goauthentik/admin/common/ak-flow-search/ak-flow-search-no-default";
|
||||
import "@goauthentik/components/ak-file-input";
|
||||
import { AkFileInput } from "@goauthentik/components/ak-file-input";
|
||||
import "@goauthentik/components/ak-text-input";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { customElement } from "@lit/reactive-element/decorators/custom-element.js";
|
||||
import { html } from "lit";
|
||||
import { query } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import {
|
||||
FlowsInstancesListDesignationEnum,
|
||||
ProvidersSamlImportMetadataCreateRequest,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
import BaseProviderPanel from "../BaseProviderPanel";
|
||||
|
||||
@customElement("ak-application-wizard-authentication-by-saml-import")
|
||||
export class ApplicationWizardProviderSamlImport extends BaseProviderPanel {
|
||||
@query('ak-file-input[name="metadata"]')
|
||||
fileInput!: AkFileInput;
|
||||
|
||||
handleChange(ev: InputEvent) {
|
||||
if (!ev.target) {
|
||||
console.warn(`Received event with no target: ${ev}`);
|
||||
return;
|
||||
}
|
||||
const target = ev.target as HTMLInputElement;
|
||||
if (target.type === "file") {
|
||||
const file = this.fileInput.files?.[0] ?? null;
|
||||
if (file) {
|
||||
this.dispatchWizardUpdate({
|
||||
update: {
|
||||
provider: {
|
||||
file,
|
||||
},
|
||||
},
|
||||
status: this.form.checkValidity() ? "valid" : "invalid",
|
||||
});
|
||||
}
|
||||
return;
|
||||
}
|
||||
super.handleChange(ev);
|
||||
}
|
||||
|
||||
render() {
|
||||
const provider = this.wizard.provider as
|
||||
| ProvidersSamlImportMetadataCreateRequest
|
||||
| undefined;
|
||||
|
||||
return html` <form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
value=${ifDefined(provider?.name)}
|
||||
label=${msg("Name")}
|
||||
required
|
||||
help=${msg("Method's display Name.")}
|
||||
></ak-text-input>
|
||||
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Authorization flow")}
|
||||
?required=${true}
|
||||
name="authorizationFlow"
|
||||
>
|
||||
<ak-flow-search-no-default
|
||||
flowType=${FlowsInstancesListDesignationEnum.Authorization}
|
||||
required
|
||||
></ak-flow-search-no-default>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Flow used when authorizing this provider.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
|
||||
<ak-file-input name="metadata" label=${msg("Metadata")} required></ak-file-input>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
|
||||
export default ApplicationWizardProviderSamlImport;
|
|
@ -1,7 +1,10 @@
|
|||
import "@goauthentik/admin/applications/wizard/ak-wizard-title";
|
||||
import "@goauthentik/admin/common/ak-core-group-search";
|
||||
import "@goauthentik/admin/common/ak-crypto-certificate-search";
|
||||
import "@goauthentik/admin/common/ak-flow-search/ak-tenanted-flow-search";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { first } from "@goauthentik/common/utils";
|
||||
import "@goauthentik/components/ak-multi-select";
|
||||
import "@goauthentik/components/ak-switch-input";
|
||||
import "@goauthentik/components/ak-text-input";
|
||||
import "@goauthentik/elements/forms/FormGroup";
|
||||
|
@ -12,14 +15,7 @@ import { customElement, state } from "@lit/reactive-element/decorators.js";
|
|||
import { html } from "lit";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import {
|
||||
CoreApi,
|
||||
CoreGroupsListRequest,
|
||||
type Group,
|
||||
PaginatedSCIMMappingList,
|
||||
PropertymappingsApi,
|
||||
type SCIMProvider,
|
||||
} from "@goauthentik/api";
|
||||
import { PaginatedSCIMMappingList, PropertymappingsApi, type SCIMProvider } from "@goauthentik/api";
|
||||
|
||||
import BaseProviderPanel from "../BaseProviderPanel";
|
||||
|
||||
|
@ -31,158 +27,129 @@ export class ApplicationWizardAuthenticationBySCIM extends BaseProviderPanel {
|
|||
constructor() {
|
||||
super();
|
||||
new PropertymappingsApi(DEFAULT_CONFIG)
|
||||
.propertymappingsScopeList({
|
||||
ordering: "scope_name",
|
||||
.propertymappingsScimList({
|
||||
ordering: "managed",
|
||||
})
|
||||
.then((propertyMappings: PaginatedSCIMMappingList) => {
|
||||
this.propertyMappings = propertyMappings;
|
||||
});
|
||||
}
|
||||
|
||||
propertyMappingConfiguration(provider?: SCIMProvider) {
|
||||
const propertyMappings = this.propertyMappings?.results ?? [];
|
||||
|
||||
const configuredMappings = (providerMappings: string[]) =>
|
||||
propertyMappings.map((pm) => pm.pk).filter((pmpk) => providerMappings.includes(pmpk));
|
||||
|
||||
const managedMappings = (key: string) =>
|
||||
propertyMappings
|
||||
.filter((pm) => pm.managed === `goauthentik.io/providers/scim/${key}`)
|
||||
.map((pm) => pm.pk);
|
||||
|
||||
const pmUserValues = provider?.propertyMappings
|
||||
? configuredMappings(provider?.propertyMappings ?? [])
|
||||
: managedMappings("user");
|
||||
|
||||
const pmGroupValues = provider?.propertyMappingsGroup
|
||||
? configuredMappings(provider?.propertyMappingsGroup ?? [])
|
||||
: managedMappings("group");
|
||||
|
||||
const propertyPairs = propertyMappings.map((pm) => [pm.pk, pm.name]);
|
||||
|
||||
return { pmUserValues, pmGroupValues, propertyPairs };
|
||||
}
|
||||
|
||||
render() {
|
||||
const provider = this.wizard.provider as SCIMProvider | undefined;
|
||||
const errors = this.wizard.errors.provider;
|
||||
|
||||
return html`<form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
label=${msg("Name")}
|
||||
value=${ifDefined(provider?.name)}
|
||||
required
|
||||
></ak-text-input>
|
||||
<ak-form-group expanded>
|
||||
<span slot="header"> ${msg("Protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="url"
|
||||
label=${msg("URL")}
|
||||
value="${first(provider?.url, "")}"
|
||||
required
|
||||
help=${msg("SCIM base url, usually ends in /v2.")}
|
||||
>
|
||||
</ak-text-input>
|
||||
<ak-text-input
|
||||
name="token"
|
||||
label=${msg("Token")}
|
||||
value="${first(provider?.token, "")}"
|
||||
required
|
||||
help=${msg(
|
||||
"Token to authenticate with. Currently only bearer authentication is supported.",
|
||||
)}
|
||||
>
|
||||
</ak-text-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group expanded>
|
||||
<span slot="header">${msg("User filtering")}</span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-switch-input
|
||||
name="excludeUsersServiceAccount"
|
||||
?checked=${first(provider?.excludeUsersServiceAccount, true)}
|
||||
label=${msg("Exclude service accounts")}
|
||||
></ak-switch-input>
|
||||
<ak-form-element-horizontal label=${msg("Group")} name="filterGroup">
|
||||
<ak-search-select
|
||||
.fetchObjects=${async (query?: string): Promise<Group[]> => {
|
||||
const args: CoreGroupsListRequest = {
|
||||
ordering: "name",
|
||||
};
|
||||
if (query !== undefined) {
|
||||
args.search = query;
|
||||
}
|
||||
const groups = await new CoreApi(DEFAULT_CONFIG).coreGroupsList(
|
||||
args,
|
||||
);
|
||||
return groups.results;
|
||||
}}
|
||||
.renderElement=${(group: Group): string => {
|
||||
return group.name;
|
||||
}}
|
||||
.value=${(group: Group | undefined): string | undefined => {
|
||||
return group ? group.pk : undefined;
|
||||
}}
|
||||
.selected=${(group: Group): boolean => {
|
||||
return group.pk === provider?.filterGroup;
|
||||
}}
|
||||
?blankable=${true}
|
||||
const { pmUserValues, pmGroupValues, propertyPairs } =
|
||||
this.propertyMappingConfiguration(provider);
|
||||
|
||||
return html`<ak-wizard-title>${msg("Configure SCIM Provider")}</ak-wizard-title>
|
||||
<form class="pf-c-form pf-m-horizontal" @input=${this.handleChange}>
|
||||
<ak-text-input
|
||||
name="name"
|
||||
label=${msg("Name")}
|
||||
value=${ifDefined(provider?.name)}
|
||||
.errorMessages=${errors?.name ?? []}
|
||||
required
|
||||
></ak-text-input>
|
||||
<ak-form-group expanded>
|
||||
<span slot="header"> ${msg("Protocol settings")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-text-input
|
||||
name="url"
|
||||
label=${msg("URL")}
|
||||
value="${first(provider?.url, "")}"
|
||||
required
|
||||
help=${msg("SCIM base url, usually ends in /v2.")}
|
||||
.errorMessages=${errors?.url ?? []}
|
||||
>
|
||||
</ak-search-select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Only sync users within the selected group.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group ?expanded=${true}>
|
||||
<span slot="header"> ${msg("Attribute mapping")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("User Property Mappings")}
|
||||
?required=${true}
|
||||
name="propertyMappings"
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.propertyMappings?.results.map((mapping) => {
|
||||
let selected = false;
|
||||
if (!provider?.propertyMappings) {
|
||||
selected =
|
||||
mapping.managed === "goauthentik.io/providers/scim/user" ||
|
||||
false;
|
||||
} else {
|
||||
selected = Array.from(provider?.propertyMappings).some((su) => {
|
||||
return su == mapping.pk;
|
||||
});
|
||||
}
|
||||
return html`<option
|
||||
value=${ifDefined(mapping.pk)}
|
||||
?selected=${selected}
|
||||
>
|
||||
${mapping.name}
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Property mappings used to user mapping.")}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Group Property Mappings")}
|
||||
?required=${true}
|
||||
name="propertyMappingsGroup"
|
||||
>
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.propertyMappings?.results.map((mapping) => {
|
||||
let selected = false;
|
||||
if (!provider?.propertyMappingsGroup) {
|
||||
selected =
|
||||
mapping.managed === "goauthentik.io/providers/scim/group";
|
||||
} else {
|
||||
selected = Array.from(provider?.propertyMappingsGroup).some(
|
||||
(su) => {
|
||||
return su == mapping.pk;
|
||||
},
|
||||
);
|
||||
}
|
||||
return html`<option
|
||||
value=${ifDefined(mapping.pk)}
|
||||
?selected=${selected}
|
||||
>
|
||||
${mapping.name}
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Property mappings used to group creation.")}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
</ak-text-input>
|
||||
<ak-text-input
|
||||
name="token"
|
||||
label=${msg("Token")}
|
||||
value="${first(provider?.token, "")}"
|
||||
.errorMessages=${errors?.token ?? []}
|
||||
required
|
||||
help=${msg(
|
||||
"Token to authenticate with. Currently only bearer authentication is supported.",
|
||||
)}
|
||||
>
|
||||
</ak-text-input>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group expanded>
|
||||
<span slot="header">${msg("User filtering")}</span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-switch-input
|
||||
name="excludeUsersServiceAccount"
|
||||
?checked=${first(provider?.excludeUsersServiceAccount, true)}
|
||||
label=${msg("Exclude service accounts")}
|
||||
></ak-switch-input>
|
||||
<ak-form-element-horizontal label=${msg("Group")} name="filterGroup">
|
||||
<ak-core-group-search
|
||||
.group=${provider?.filterGroup}
|
||||
></ak-core-group-search>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Only sync users within the selected group.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
<ak-form-group ?expanded=${true}>
|
||||
<span slot="header"> ${msg("Attribute mapping")} </span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-multi-select
|
||||
label=${msg("User Property Mappings")}
|
||||
required
|
||||
name="propertyMappings"
|
||||
.options=${propertyPairs}
|
||||
.values=${pmUserValues}
|
||||
.richhelp=${html` <p class="pf-c-form__helper-text">
|
||||
${msg("Property mappings used for user mapping.")}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>`}
|
||||
></ak-multi-select>
|
||||
<ak-multi-select
|
||||
label=${msg("Group Property Mappings")}
|
||||
required
|
||||
name="propertyMappingsGroup"
|
||||
.options=${propertyPairs}
|
||||
.values=${pmGroupValues}
|
||||
.richhelp=${html` <p class="pf-c-form__helper-text">
|
||||
${msg("Property mappings used for group creation.")}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>`}
|
||||
></ak-multi-select>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -15,6 +15,12 @@ import "./commit/ak-application-wizard-commit-application";
|
|||
import "./methods/ak-application-wizard-authentication-method";
|
||||
import { ApplicationStep as ApplicationStepType } from "./types";
|
||||
|
||||
/**
|
||||
* In the current implementation, all of the child forms have access to the wizard's
|
||||
* global context, into which all data is written, and which is updated by events
|
||||
* flowing into the top-level orchestrator.
|
||||
*/
|
||||
|
||||
class ApplicationStep implements ApplicationStepType {
|
||||
id = "application";
|
||||
label = "Application Details";
|
||||
|
|
|
@ -3,7 +3,7 @@ import { customElement } from "@lit/reactive-element/decorators/custom-element.j
|
|||
import { state } from "@lit/reactive-element/decorators/state.js";
|
||||
import { LitElement, html } from "lit";
|
||||
|
||||
import applicationWizardContext from "../ContextIdentity";
|
||||
import { applicationWizardContext } from "../ContextIdentity";
|
||||
import type { ApplicationWizardState } from "../types";
|
||||
|
||||
@customElement("ak-application-context-display-for-test")
|
||||
|
|
|
@ -9,6 +9,7 @@ import {
|
|||
type RadiusProviderRequest,
|
||||
type SAMLProviderRequest,
|
||||
type SCIMProviderRequest,
|
||||
type ValidationError,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
export type OneOfProvider =
|
||||
|
@ -24,12 +25,13 @@ export interface ApplicationWizardState {
|
|||
providerModel: string;
|
||||
app: Partial<ApplicationRequest>;
|
||||
provider: OneOfProvider;
|
||||
errors: ValidationError;
|
||||
}
|
||||
|
||||
type StatusType = "invalid" | "valid" | "submitted" | "failed";
|
||||
|
||||
export type ApplicationWizardStateUpdate = {
|
||||
update?: Partial<ApplicationWizardState>;
|
||||
update?: ApplicationWizardState;
|
||||
status?: StatusType;
|
||||
};
|
||||
|
||||
|
|
|
@ -1,120 +0,0 @@
|
|||
/** Taken from: https://github.com/zellwk/javascript/tree/master
|
||||
*
|
||||
* We have added some typescript annotations, but this is such a rich feature with deep nesting
|
||||
* we'll just have to watch it closely for any issues. So far there don't seem to be any.
|
||||
*
|
||||
*/
|
||||
|
||||
function objectType<T>(value: T) {
|
||||
return Object.prototype.toString.call(value);
|
||||
}
|
||||
|
||||
// Creates a deep clone for each value
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
function cloneDescriptorValue(value: any) {
|
||||
// Arrays
|
||||
if (objectType(value) === "[object Array]") {
|
||||
const array = [];
|
||||
for (let v of value) {
|
||||
v = cloneDescriptorValue(v);
|
||||
array.push(v);
|
||||
}
|
||||
return array;
|
||||
}
|
||||
|
||||
// Objects
|
||||
if (objectType(value) === "[object Object]") {
|
||||
const obj = {};
|
||||
const props = Object.keys(value);
|
||||
for (const prop of props) {
|
||||
const descriptor = Object.getOwnPropertyDescriptor(value, prop);
|
||||
if (!descriptor) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (descriptor.value) {
|
||||
descriptor.value = cloneDescriptorValue(descriptor.value);
|
||||
}
|
||||
Object.defineProperty(obj, prop, descriptor);
|
||||
}
|
||||
return obj;
|
||||
}
|
||||
|
||||
// Other Types of Objects
|
||||
if (objectType(value) === "[object Date]") {
|
||||
return new Date(value.getTime());
|
||||
}
|
||||
|
||||
if (objectType(value) === "[object Map]") {
|
||||
const map = new Map();
|
||||
for (const entry of value) {
|
||||
map.set(entry[0], cloneDescriptorValue(entry[1]));
|
||||
}
|
||||
return map;
|
||||
}
|
||||
|
||||
if (objectType(value) === "[object Set]") {
|
||||
const set = new Set();
|
||||
for (const entry of value.entries()) {
|
||||
set.add(cloneDescriptorValue(entry[0]));
|
||||
}
|
||||
return set;
|
||||
}
|
||||
|
||||
// Types we don't need to clone or cannot clone.
|
||||
// Examples:
|
||||
// - Primitives don't need to clone
|
||||
// - Functions cannot clone
|
||||
return value;
|
||||
}
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
function _merge(output: Record<string, any>, input: Record<string, any>) {
|
||||
const props = Object.keys(input);
|
||||
|
||||
for (const prop of props) {
|
||||
// Prevents Prototype Pollution
|
||||
if (prop === "__proto__") continue;
|
||||
|
||||
const descriptor = Object.getOwnPropertyDescriptor(input, prop);
|
||||
if (!descriptor) {
|
||||
continue;
|
||||
}
|
||||
|
||||
const value = descriptor.value;
|
||||
if (value) descriptor.value = cloneDescriptorValue(value);
|
||||
|
||||
// If don't have prop => Define property
|
||||
// [ken@goauthentik] Using `hasOwn` is preferable over
|
||||
// the basic identity test, according to Typescript.
|
||||
if (!Object.hasOwn(output, prop)) {
|
||||
Object.defineProperty(output, prop, descriptor);
|
||||
continue;
|
||||
}
|
||||
|
||||
// If have prop, but type is not object => Overwrite by redefining property
|
||||
if (typeof output[prop] !== "object") {
|
||||
Object.defineProperty(output, prop, descriptor);
|
||||
continue;
|
||||
}
|
||||
|
||||
// If have prop, but type is Object => Concat the arrays together.
|
||||
if (objectType(descriptor.value) === "[object Array]") {
|
||||
output[prop] = output[prop].concat(descriptor.value);
|
||||
continue;
|
||||
}
|
||||
|
||||
// If have prop, but type is Object => Merge.
|
||||
_merge(output[prop], descriptor.value);
|
||||
}
|
||||
}
|
||||
|
||||
export function merge(...sources: Array<object>) {
|
||||
const result = {};
|
||||
for (const source of sources) {
|
||||
_merge(result, source);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
export default merge;
|
|
@ -54,6 +54,13 @@ export function camelToSnake(key: string): string {
|
|||
return result.split(" ").join("_").toLowerCase();
|
||||
}
|
||||
|
||||
const capitalize = (key: string) => (key.length === 0 ? "" : key[0].toUpperCase() + key.slice(1));
|
||||
|
||||
export function snakeToCamel(key: string) {
|
||||
const [start, ...rest] = key.split("_");
|
||||
return [start, ...rest.map(capitalize)].join("");
|
||||
}
|
||||
|
||||
export function groupBy<T>(objects: T[], callback: (obj: T) => string): Array<[string, T[]]> {
|
||||
const m = new Map<string, T[]>();
|
||||
objects.forEach((obj) => {
|
||||
|
|
72
web/src/components/HorizontalLightComponent.ts
Normal file
72
web/src/components/HorizontalLightComponent.ts
Normal file
|
@ -0,0 +1,72 @@
|
|||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
|
||||
import { TemplateResult, html, nothing } from "lit";
|
||||
import { property } from "lit/decorators.js";
|
||||
|
||||
type HelpType = TemplateResult | typeof nothing;
|
||||
|
||||
export class HorizontalLightComponent extends AKElement {
|
||||
// Render into the lightDOM. This effectively erases the shadowDOM nature of this component, but
|
||||
// we're not actually using that and, for the meantime, we need the form handlers to be able to
|
||||
// find the children of this component.
|
||||
//
|
||||
// TODO: This abstraction is wrong; it's putting *more* layers in as a way of managing the
|
||||
// visual clutter and legibility issues of ak-form-elemental-horizontal and patternfly in
|
||||
// general.
|
||||
protected createRenderRoot() {
|
||||
return this;
|
||||
}
|
||||
|
||||
@property({ type: String })
|
||||
name!: string;
|
||||
|
||||
@property({ type: String })
|
||||
label = "";
|
||||
|
||||
@property({ type: Boolean })
|
||||
required = false;
|
||||
|
||||
@property({ type: String })
|
||||
help = "";
|
||||
|
||||
@property({ type: Object })
|
||||
bighelp?: TemplateResult | TemplateResult[];
|
||||
|
||||
@property({ type: Boolean })
|
||||
hidden = false;
|
||||
|
||||
@property({ type: Boolean })
|
||||
invalid = false;
|
||||
|
||||
@property({ attribute: false })
|
||||
errorMessages: string[] = [];
|
||||
|
||||
renderControl() {
|
||||
throw new Error("Must be implemented in a subclass");
|
||||
}
|
||||
|
||||
renderHelp(): HelpType[] {
|
||||
const bigHelp: HelpType[] = Array.isArray(this.bighelp)
|
||||
? this.bighelp
|
||||
: [this.bighelp ?? nothing];
|
||||
return [
|
||||
this.help ? html`<p class="pf-c-form__helper-text">${this.help}</p>` : nothing,
|
||||
...bigHelp,
|
||||
];
|
||||
}
|
||||
|
||||
render() {
|
||||
// prettier-ignore
|
||||
return html`<ak-form-element-horizontal
|
||||
label=${this.label}
|
||||
?required=${this.required}
|
||||
?hidden=${this.hidden}
|
||||
name=${this.name}
|
||||
.errorMessages=${this.errorMessages}
|
||||
?invalid=${this.invalid}
|
||||
>
|
||||
${this.renderControl()}
|
||||
${this.renderHelp()}
|
||||
</ak-form-element-horizontal> `;
|
||||
}
|
||||
}
|
150
web/src/components/ak-multi-select.ts
Normal file
150
web/src/components/ak-multi-select.ts
Normal file
|
@ -0,0 +1,150 @@
|
|||
import "@goauthentik/app/elements/forms/HorizontalFormElement";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
|
||||
import { TemplateResult, css, html, nothing } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
import { map } from "lit/directives/map.js";
|
||||
import { Ref, createRef, ref } from "lit/directives/ref.js";
|
||||
|
||||
import PFForm from "@patternfly/patternfly/components/Form/form.css";
|
||||
import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
type Pair = [string, string];
|
||||
|
||||
const selectStyles = css`
|
||||
select[multiple] {
|
||||
min-height: 15rem;
|
||||
}
|
||||
`;
|
||||
|
||||
/**
|
||||
* Horizontal layout control with a multi-select.
|
||||
*
|
||||
* @part select - The select itself, to override the height specified above.
|
||||
*/
|
||||
@customElement("ak-multi-select")
|
||||
export class AkMultiSelect extends AKElement {
|
||||
constructor() {
|
||||
super();
|
||||
this.dataset.akControl = "true";
|
||||
}
|
||||
|
||||
static get styles() {
|
||||
return [PFBase, PFForm, PFFormControl, selectStyles];
|
||||
}
|
||||
|
||||
/**
|
||||
* The [name] attribute, which is also distributed to the layout manager and the input control.
|
||||
*/
|
||||
@property({ type: String })
|
||||
name!: string;
|
||||
|
||||
/**
|
||||
* The text label to display on the control
|
||||
*/
|
||||
@property({ type: String })
|
||||
label = "";
|
||||
|
||||
/**
|
||||
* The values to be displayed in the select. The format is [Value, Label], where the label is
|
||||
* what will be displayed.
|
||||
*/
|
||||
@property({ attribute: false })
|
||||
options: Pair[] = [];
|
||||
|
||||
/**
|
||||
* If true, at least one object must be selected
|
||||
*/
|
||||
@property({ type: Boolean })
|
||||
required = false;
|
||||
|
||||
/**
|
||||
* Supporting a simple help string
|
||||
*/
|
||||
@property({ type: String })
|
||||
help = "";
|
||||
|
||||
/**
|
||||
* For more complex help instructions, provide a template result.
|
||||
*/
|
||||
@property({ type: Object })
|
||||
bighelp!: TemplateResult | TemplateResult[];
|
||||
|
||||
/**
|
||||
* An array of strings representing the objects currently selected.
|
||||
*/
|
||||
@property({ type: Array })
|
||||
values: string[] = [];
|
||||
|
||||
/**
|
||||
* Helper accessor for older code
|
||||
*/
|
||||
get value() {
|
||||
return this.values;
|
||||
}
|
||||
|
||||
/**
|
||||
* One of two criteria (the other being the data-ak-control flag) that specifies this as a
|
||||
* control that produces values of specific interest to our REST API. This is our modern
|
||||
* accessor name.
|
||||
*/
|
||||
json() {
|
||||
return this.values;
|
||||
}
|
||||
|
||||
renderHelp() {
|
||||
return [
|
||||
this.help ? html`<p class="pf-c-form__helper-text">${this.help}</p>` : nothing,
|
||||
this.bighelp ? this.bighelp : nothing,
|
||||
];
|
||||
}
|
||||
|
||||
handleChange(ev: Event) {
|
||||
if (ev.type === "change") {
|
||||
this.values = Array.from(this.selectRef.value!.querySelectorAll("option"))
|
||||
.filter((option) => option.selected)
|
||||
.map((option) => option.value);
|
||||
this.dispatchEvent(
|
||||
new CustomEvent("ak-select", {
|
||||
detail: this.values,
|
||||
composed: true,
|
||||
bubbles: true,
|
||||
}),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
selectRef: Ref<HTMLSelectElement> = createRef();
|
||||
|
||||
render() {
|
||||
return html` <div class="pf-c-form">
|
||||
<ak-form-element-horizontal
|
||||
label=${this.label}
|
||||
?required=${this.required}
|
||||
name=${this.name}
|
||||
>
|
||||
<select
|
||||
part="select"
|
||||
class="pf-c-form-control"
|
||||
name=${ifDefined(this.name)}
|
||||
multiple
|
||||
${ref(this.selectRef)}
|
||||
@change=${this.handleChange}
|
||||
>
|
||||
${map(
|
||||
this.options,
|
||||
([value, label]) =>
|
||||
html`<option value=${value} ?selected=${this.values.includes(value)}>
|
||||
${label}
|
||||
</option>`,
|
||||
)}
|
||||
</select>
|
||||
${this.renderHelp()}
|
||||
</ak-form-element-horizontal>
|
||||
</div>`;
|
||||
}
|
||||
}
|
||||
|
||||
export default AkMultiSelect;
|
|
@ -1,51 +1,21 @@
|
|||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
|
||||
import { html, nothing } from "lit";
|
||||
import { html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { HorizontalLightComponent } from "./HorizontalLightComponent";
|
||||
|
||||
@customElement("ak-number-input")
|
||||
export class AkNumberInput extends AKElement {
|
||||
// Render into the lightDOM. This effectively erases the shadowDOM nature of this component, but
|
||||
// we're not actually using that and, for the meantime, we need the form handlers to be able to
|
||||
// find the children of this component.
|
||||
//
|
||||
// TODO: This abstraction is wrong; it's putting *more* layers in as a way of managing the
|
||||
// visual clutter and legibility issues of ak-form-elemental-horizontal and patternfly in
|
||||
// general.
|
||||
protected createRenderRoot() {
|
||||
return this;
|
||||
}
|
||||
|
||||
@property({ type: String })
|
||||
name!: string;
|
||||
|
||||
@property({ type: String })
|
||||
label = "";
|
||||
|
||||
export class AkNumberInput extends HorizontalLightComponent {
|
||||
@property({ type: Number, reflect: true })
|
||||
value = 0;
|
||||
|
||||
@property({ type: Boolean })
|
||||
required = false;
|
||||
|
||||
@property({ type: String })
|
||||
help = "";
|
||||
|
||||
render() {
|
||||
return html`<ak-form-element-horizontal
|
||||
label=${this.label}
|
||||
renderControl() {
|
||||
return html`<input
|
||||
type="number"
|
||||
value=${ifDefined(this.value)}
|
||||
class="pf-c-form-control"
|
||||
?required=${this.required}
|
||||
name=${this.name}
|
||||
>
|
||||
<input
|
||||
type="number"
|
||||
value=${ifDefined(this.value)}
|
||||
class="pf-c-form-control"
|
||||
?required=${this.required}
|
||||
/>
|
||||
${this.help ? html`<p class="pf-c-form__helper-text">${this.help}</p>` : nothing}
|
||||
</ak-form-element-horizontal> `;
|
||||
/>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,35 +1,13 @@
|
|||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
import { RadioOption } from "@goauthentik/elements/forms/Radio";
|
||||
import "@goauthentik/elements/forms/Radio";
|
||||
|
||||
import { html, nothing } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { HorizontalLightComponent } from "./HorizontalLightComponent";
|
||||
|
||||
@customElement("ak-radio-input")
|
||||
export class AkRadioInput<T> extends AKElement {
|
||||
// Render into the lightDOM. This effectively erases the shadowDOM nature of this component, but
|
||||
// we're not actually using that and, for the meantime, we need the form handlers to be able to
|
||||
// find the children of this component.
|
||||
//
|
||||
// TODO: This abstraction is wrong; it's putting *more* layers in as a way of managing the
|
||||
// visual clutter and legibility issues of ak-form-elemental-horizontal and patternfly in
|
||||
// general.
|
||||
protected createRenderRoot() {
|
||||
return this;
|
||||
}
|
||||
|
||||
@property({ type: String })
|
||||
name!: string;
|
||||
|
||||
@property({ type: String })
|
||||
label = "";
|
||||
|
||||
@property({ type: String })
|
||||
help = "";
|
||||
|
||||
@property({ type: Boolean })
|
||||
required = false;
|
||||
|
||||
export class AkRadioInput<T> extends HorizontalLightComponent {
|
||||
@property({ type: Object })
|
||||
value!: T;
|
||||
|
||||
|
@ -37,24 +15,25 @@ export class AkRadioInput<T> extends AKElement {
|
|||
options: RadioOption<T>[] = [];
|
||||
|
||||
handleInput(ev: CustomEvent) {
|
||||
this.value = ev.detail.value;
|
||||
if ("detail" in ev) {
|
||||
this.value = ev.detail.value;
|
||||
}
|
||||
}
|
||||
|
||||
render() {
|
||||
return html`<ak-form-element-horizontal
|
||||
label=${this.label}
|
||||
?required=${this.required}
|
||||
name=${this.name}
|
||||
>
|
||||
<ak-radio
|
||||
renderHelp() {
|
||||
// This is weird, but Typescript says it's necessary?
|
||||
return [nothing as typeof nothing];
|
||||
}
|
||||
|
||||
renderControl() {
|
||||
return html`<ak-radio
|
||||
.options=${this.options}
|
||||
.value=${this.value}
|
||||
@input=${this.handleInput}
|
||||
></ak-radio>
|
||||
${this.help.trim()
|
||||
? html`<p class="pf-c-form__helper-radio">${this.help}</p>`
|
||||
: nothing}
|
||||
</ak-form-element-horizontal> `;
|
||||
: nothing}`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,44 +1,16 @@
|
|||
import { convertToSlug } from "@goauthentik/common/utils";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
|
||||
import { TemplateResult, html, nothing } from "lit";
|
||||
import { html } from "lit";
|
||||
import { customElement, property, query } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { HorizontalLightComponent } from "./HorizontalLightComponent";
|
||||
|
||||
@customElement("ak-slug-input")
|
||||
export class AkSlugInput extends AKElement {
|
||||
// Render into the lightDOM. This effectively erases the shadowDOM nature of this component, but
|
||||
// we're not actually using that and, for the meantime, we need the form handlers to be able to
|
||||
// find the children of this component.
|
||||
//
|
||||
// TODO: This abstraction is wrong; it's putting *more* layers in as a way of managing the
|
||||
// visual clutter and legibility issues of ak-form-elemental-horizontal and patternfly in
|
||||
// general.
|
||||
protected createRenderRoot() {
|
||||
return this;
|
||||
}
|
||||
|
||||
@property({ type: String })
|
||||
name!: string;
|
||||
|
||||
@property({ type: String })
|
||||
label = "";
|
||||
|
||||
export class AkSlugInput extends HorizontalLightComponent {
|
||||
@property({ type: String, reflect: true })
|
||||
value = "";
|
||||
|
||||
@property({ type: Boolean })
|
||||
required = false;
|
||||
|
||||
@property({ type: String })
|
||||
help = "";
|
||||
|
||||
@property({ type: Boolean })
|
||||
hidden = false;
|
||||
|
||||
@property({ type: Object })
|
||||
bighelp!: TemplateResult | TemplateResult[];
|
||||
|
||||
@property({ type: String })
|
||||
source = "";
|
||||
|
||||
|
@ -59,13 +31,6 @@ export class AkSlugInput extends AKElement {
|
|||
this.input.addEventListener("input", this.handleTouch);
|
||||
}
|
||||
|
||||
renderHelp() {
|
||||
return [
|
||||
this.help ? html`<p class="pf-c-form__helper-text">${this.help}</p>` : nothing,
|
||||
this.bighelp ? this.bighelp : nothing,
|
||||
];
|
||||
}
|
||||
|
||||
// Do not stop propagation of this event; it must be sent up the tree so that a parent
|
||||
// component, such as a custom forms manager, may receive it.
|
||||
handleTouch(ev: Event) {
|
||||
|
@ -150,21 +115,13 @@ export class AkSlugInput extends AKElement {
|
|||
super.disconnectedCallback();
|
||||
}
|
||||
|
||||
render() {
|
||||
return html`<ak-form-element-horizontal
|
||||
label=${this.label}
|
||||
renderControl() {
|
||||
return html`<input
|
||||
type="text"
|
||||
value=${ifDefined(this.value)}
|
||||
class="pf-c-form-control"
|
||||
?required=${this.required}
|
||||
?hidden=${this.hidden}
|
||||
name=${this.name}
|
||||
>
|
||||
<input
|
||||
type="text"
|
||||
value=${ifDefined(this.value)}
|
||||
class="pf-c-form-control"
|
||||
?required=${this.required}
|
||||
/>
|
||||
${this.renderHelp()}
|
||||
</ak-form-element-horizontal> `;
|
||||
/>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,65 +1,21 @@
|
|||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
|
||||
import { TemplateResult, html, nothing } from "lit";
|
||||
import { html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { HorizontalLightComponent } from "./HorizontalLightComponent";
|
||||
|
||||
@customElement("ak-text-input")
|
||||
export class AkTextInput extends AKElement {
|
||||
// Render into the lightDOM. This effectively erases the shadowDOM nature of this component, but
|
||||
// we're not actually using that and, for the meantime, we need the form handlers to be able to
|
||||
// find the children of this component.
|
||||
//
|
||||
// TODO: This abstraction is wrong; it's putting *more* layers in as a way of managing the
|
||||
// visual clutter and legibility issues of ak-form-elemental-horizontal and patternfly in
|
||||
// general.
|
||||
protected createRenderRoot() {
|
||||
return this;
|
||||
}
|
||||
|
||||
@property({ type: String })
|
||||
name!: string;
|
||||
|
||||
@property({ type: String })
|
||||
label = "";
|
||||
|
||||
export class AkTextInput extends HorizontalLightComponent {
|
||||
@property({ type: String, reflect: true })
|
||||
value = "";
|
||||
|
||||
@property({ type: Boolean })
|
||||
required = false;
|
||||
|
||||
@property({ type: String })
|
||||
help = "";
|
||||
|
||||
@property({ type: Boolean })
|
||||
hidden = false;
|
||||
|
||||
@property({ type: Object })
|
||||
bighelp!: TemplateResult | TemplateResult[];
|
||||
|
||||
renderHelp() {
|
||||
return [
|
||||
this.help ? html`<p class="pf-c-form__helper-text">${this.help}</p>` : nothing,
|
||||
this.bighelp ? this.bighelp : nothing,
|
||||
];
|
||||
}
|
||||
|
||||
render() {
|
||||
return html`<ak-form-element-horizontal
|
||||
label=${this.label}
|
||||
renderControl() {
|
||||
return html` <input
|
||||
type="text"
|
||||
value=${ifDefined(this.value)}
|
||||
class="pf-c-form-control"
|
||||
?required=${this.required}
|
||||
?hidden=${this.hidden}
|
||||
name=${this.name}
|
||||
>
|
||||
<input
|
||||
type="text"
|
||||
value=${ifDefined(this.value)}
|
||||
class="pf-c-form-control"
|
||||
?required=${this.required}
|
||||
/>
|
||||
${this.renderHelp()}
|
||||
</ak-form-element-horizontal> `;
|
||||
/>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,57 +1,22 @@
|
|||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
|
||||
import { TemplateResult, html, nothing } from "lit";
|
||||
import { html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { HorizontalLightComponent } from "./HorizontalLightComponent";
|
||||
|
||||
@customElement("ak-textarea-input")
|
||||
export class AkTextareaInput extends AKElement {
|
||||
// Render into the lightDOM. This effectively erases the shadowDOM nature of this component, but
|
||||
// we're not actually using that and, for the meantime, we need the form handlers to be able to
|
||||
// find the children of this component.
|
||||
//
|
||||
// TODO: This abstraction is wrong; it's putting *more* layers in as a way of managing the
|
||||
// visual clutter and legibility issues of ak-form-elemental-horizontal and patternfly in
|
||||
// general.
|
||||
protected createRenderRoot() {
|
||||
return this;
|
||||
}
|
||||
|
||||
@property({ type: String })
|
||||
name!: string;
|
||||
|
||||
@property({ type: String })
|
||||
label = "";
|
||||
|
||||
@property({ type: String })
|
||||
export class AkTextareaInput extends HorizontalLightComponent {
|
||||
@property({ type: String, reflect: true })
|
||||
value = "";
|
||||
|
||||
@property({ type: Boolean })
|
||||
required = false;
|
||||
|
||||
@property({ type: String })
|
||||
help = "";
|
||||
|
||||
@property({ type: Object })
|
||||
bighelp!: TemplateResult | TemplateResult[];
|
||||
|
||||
renderHelp() {
|
||||
return [
|
||||
this.help ? html`<p class="pf-c-form__helper-textarea">${this.help}</p>` : nothing,
|
||||
this.bighelp ? this.bighelp : nothing,
|
||||
];
|
||||
}
|
||||
|
||||
render() {
|
||||
return html`<ak-form-element-horizontal
|
||||
label=${this.label}
|
||||
renderControl() {
|
||||
// Prevent the leading spaces added by Prettier's whitespace algo
|
||||
// prettier-ignore
|
||||
return html`<textarea
|
||||
class="pf-c-form-control"
|
||||
?required=${this.required}
|
||||
name=${this.name}
|
||||
>
|
||||
<textarea class="pf-c-form-control" ?required=${this.required} name=${this.name}>
|
||||
${this.value !== undefined ? this.value : ""}</textarea
|
||||
>
|
||||
${this.renderHelp()}
|
||||
</ak-form-element-horizontal> `;
|
||||
>${this.value !== undefined ? this.value : ""}</textarea
|
||||
> `;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
79
web/src/components/stories/ak-multi-select.stories.ts
Normal file
79
web/src/components/stories/ak-multi-select.stories.ts
Normal file
|
@ -0,0 +1,79 @@
|
|||
import "@goauthentik/elements/messages/MessageContainer";
|
||||
import { Meta } from "@storybook/web-components";
|
||||
|
||||
import { TemplateResult, html, render } from "lit";
|
||||
|
||||
import "../ak-multi-select";
|
||||
import AkMultiSelect from "../ak-multi-select";
|
||||
|
||||
const metadata: Meta<AkMultiSelect> = {
|
||||
title: "Components / MultiSelect",
|
||||
component: "ak-multi-select",
|
||||
parameters: {
|
||||
docs: {
|
||||
description: {
|
||||
component: "A stylized value control for multi-select displays",
|
||||
},
|
||||
},
|
||||
},
|
||||
};
|
||||
|
||||
export default metadata;
|
||||
|
||||
const container = (testItem: TemplateResult) =>
|
||||
html` <div style="background: #fff; padding: 2em">
|
||||
<style>
|
||||
li {
|
||||
display: block;
|
||||
}
|
||||
p {
|
||||
margin-top: 1em;
|
||||
}
|
||||
</style>
|
||||
|
||||
${testItem}
|
||||
|
||||
<div id="message-pad" style="margin-top: 1em"></div>
|
||||
</div>`;
|
||||
|
||||
const testOptions = [
|
||||
["funky", "Option One: Funky"],
|
||||
["strange", "Option Two: Strange"],
|
||||
["weird", "Option Three: Weird"],
|
||||
];
|
||||
|
||||
export const RadioInput = () => {
|
||||
const result = "";
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
const displayChange = (ev: any) => {
|
||||
const messagePad = document.getElementById("message-pad");
|
||||
const component: AkMultiSelect | null = document.querySelector(
|
||||
'ak-multi-select[name="ak-test-multi-select"]',
|
||||
);
|
||||
|
||||
const results = html`
|
||||
<p>Results from event:</p>
|
||||
<ul style="list-style-type: disc">
|
||||
${ev.target.value.map((v: string) => html`<li>${v}</li>`)}
|
||||
</ul>
|
||||
<p>Results from component:</p>
|
||||
<ul style="list-style-type: disc">
|
||||
${component!.json().map((v: string) => html`<li>${v}</li>`)}
|
||||
</ul>
|
||||
`;
|
||||
|
||||
render(results, messagePad!);
|
||||
};
|
||||
|
||||
return container(
|
||||
html`<ak-multi-select
|
||||
@ak-select=${displayChange}
|
||||
label="Test Radio Button"
|
||||
name="ak-test-multi-select"
|
||||
help="This is where you would read the help messages"
|
||||
.options=${testOptions}
|
||||
></ak-multi-select>
|
||||
<div>${result}</div>`,
|
||||
);
|
||||
};
|
|
@ -31,10 +31,15 @@ export interface KeyUnknown {
|
|||
[key: string]: unknown;
|
||||
}
|
||||
|
||||
// Literally the only field `assignValue()` cares about.
|
||||
type HTMLNamedElement = Pick<HTMLInputElement, "name">;
|
||||
|
||||
type AkControlElement = HTMLInputElement & { json: () => string | string[] };
|
||||
|
||||
/**
|
||||
* Recursively assign `value` into `json` while interpreting the dot-path of `element.name`
|
||||
*/
|
||||
function assignValue(element: HTMLInputElement, value: unknown, json: KeyUnknown): void {
|
||||
function assignValue(element: HTMLNamedElement, value: unknown, json: KeyUnknown): void {
|
||||
let parent = json;
|
||||
if (!element.name?.includes(".")) {
|
||||
parent[element.name] = value;
|
||||
|
@ -60,6 +65,16 @@ export function serializeForm<T extends KeyUnknown>(
|
|||
const json: { [key: string]: unknown } = {};
|
||||
elements.forEach((element) => {
|
||||
element.requestUpdate();
|
||||
if (element.hidden) {
|
||||
return;
|
||||
}
|
||||
|
||||
// TODO: Tighten up the typing so that we can handle both.
|
||||
if ("akControl" in element.dataset) {
|
||||
assignValue(element, (element as unknown as AkControlElement).json(), json);
|
||||
return;
|
||||
}
|
||||
|
||||
const inputElement = element.querySelector<HTMLInputElement>("[name]");
|
||||
if (element.hidden || !inputElement) {
|
||||
return;
|
||||
|
|
|
@ -5800,12 +5800,6 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<trans-unit id="s848288f8c2265aad">
|
||||
<source>Your application has been saved</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf60f1e5b76897c93">
|
||||
<source>In the Application:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ce65cf482b7bff0">
|
||||
<source>In the Provider:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s67d858051b34c38b">
|
||||
<source>Method's display Name.</source>
|
||||
</trans-unit>
|
||||
|
@ -6075,6 +6069,51 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
</trans-unit>
|
||||
<trans-unit id="s52bdc80690a9a8dc">
|
||||
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scda8dc24b561e205">
|
||||
<source>There was an error in the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdaca9c2c0361ed3a">
|
||||
<source>Review the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb50000a8fada5672">
|
||||
<source>There was an error in the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s21f95eaf151d4ce3">
|
||||
<source>Review the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9fd39a5cb20b4e61">
|
||||
<source>There was an error</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7a6b3453209e1066">
|
||||
<source>There was an error creating the application, but no error message was sent. Please review the server logs.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a711c19cda48375">
|
||||
<source>Configure LDAP Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9368e965b5c292ab">
|
||||
<source>Configure OAuth2/OpenId Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf5cbccdc6254c8dc">
|
||||
<source>Configure Proxy Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf6d46bb442b77e91">
|
||||
<source>AdditionalScopes</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2c8c6f89089b31d4">
|
||||
<source>Configure Radius Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfe906cde5dddc041">
|
||||
<source>Configure SAML Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb3defbacd01ad972">
|
||||
<source>Property mappings used for user mapping.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ccce0ec8d228db6">
|
||||
<source>Configure SCIM Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd7728d2b6e1d25e9">
|
||||
<source>Property mappings used for group creation.</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
|
@ -6077,12 +6077,6 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<trans-unit id="s848288f8c2265aad">
|
||||
<source>Your application has been saved</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf60f1e5b76897c93">
|
||||
<source>In the Application:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ce65cf482b7bff0">
|
||||
<source>In the Provider:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s67d858051b34c38b">
|
||||
<source>Method's display Name.</source>
|
||||
</trans-unit>
|
||||
|
@ -6352,6 +6346,51 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
</trans-unit>
|
||||
<trans-unit id="s52bdc80690a9a8dc">
|
||||
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scda8dc24b561e205">
|
||||
<source>There was an error in the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdaca9c2c0361ed3a">
|
||||
<source>Review the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb50000a8fada5672">
|
||||
<source>There was an error in the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s21f95eaf151d4ce3">
|
||||
<source>Review the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9fd39a5cb20b4e61">
|
||||
<source>There was an error</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7a6b3453209e1066">
|
||||
<source>There was an error creating the application, but no error message was sent. Please review the server logs.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a711c19cda48375">
|
||||
<source>Configure LDAP Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9368e965b5c292ab">
|
||||
<source>Configure OAuth2/OpenId Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf5cbccdc6254c8dc">
|
||||
<source>Configure Proxy Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf6d46bb442b77e91">
|
||||
<source>AdditionalScopes</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2c8c6f89089b31d4">
|
||||
<source>Configure Radius Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfe906cde5dddc041">
|
||||
<source>Configure SAML Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb3defbacd01ad972">
|
||||
<source>Property mappings used for user mapping.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ccce0ec8d228db6">
|
||||
<source>Configure SCIM Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd7728d2b6e1d25e9">
|
||||
<source>Property mappings used for group creation.</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
|
@ -5716,12 +5716,6 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<trans-unit id="s848288f8c2265aad">
|
||||
<source>Your application has been saved</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf60f1e5b76897c93">
|
||||
<source>In the Application:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ce65cf482b7bff0">
|
||||
<source>In the Provider:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s67d858051b34c38b">
|
||||
<source>Method's display Name.</source>
|
||||
</trans-unit>
|
||||
|
@ -5991,6 +5985,51 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
</trans-unit>
|
||||
<trans-unit id="s52bdc80690a9a8dc">
|
||||
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scda8dc24b561e205">
|
||||
<source>There was an error in the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdaca9c2c0361ed3a">
|
||||
<source>Review the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb50000a8fada5672">
|
||||
<source>There was an error in the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s21f95eaf151d4ce3">
|
||||
<source>Review the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9fd39a5cb20b4e61">
|
||||
<source>There was an error</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7a6b3453209e1066">
|
||||
<source>There was an error creating the application, but no error message was sent. Please review the server logs.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a711c19cda48375">
|
||||
<source>Configure LDAP Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9368e965b5c292ab">
|
||||
<source>Configure OAuth2/OpenId Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf5cbccdc6254c8dc">
|
||||
<source>Configure Proxy Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf6d46bb442b77e91">
|
||||
<source>AdditionalScopes</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2c8c6f89089b31d4">
|
||||
<source>Configure Radius Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfe906cde5dddc041">
|
||||
<source>Configure SAML Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb3defbacd01ad972">
|
||||
<source>Property mappings used for user mapping.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ccce0ec8d228db6">
|
||||
<source>Configure SCIM Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd7728d2b6e1d25e9">
|
||||
<source>Property mappings used for group creation.</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
|
@ -7617,14 +7617,6 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
|
|||
<source>Your application has been saved</source>
|
||||
<target>L'application a été sauvegardée</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf60f1e5b76897c93">
|
||||
<source>In the Application:</source>
|
||||
<target>Dans l'application :</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ce65cf482b7bff0">
|
||||
<source>In the Provider:</source>
|
||||
<target>Dans le fournisseur :</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s67d858051b34c38b">
|
||||
<source>Method's display Name.</source>
|
||||
<target>Nom d'affichage de la méthode.</target>
|
||||
|
@ -7986,6 +7978,51 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
|
|||
<trans-unit id="s52bdc80690a9a8dc">
|
||||
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||
<target>Lorsqu'activé, l'étape acceptera toujours l'identifiant utilisateur donné et continuera.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="scda8dc24b561e205">
|
||||
<source>There was an error in the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdaca9c2c0361ed3a">
|
||||
<source>Review the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb50000a8fada5672">
|
||||
<source>There was an error in the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s21f95eaf151d4ce3">
|
||||
<source>Review the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9fd39a5cb20b4e61">
|
||||
<source>There was an error</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7a6b3453209e1066">
|
||||
<source>There was an error creating the application, but no error message was sent. Please review the server logs.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a711c19cda48375">
|
||||
<source>Configure LDAP Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9368e965b5c292ab">
|
||||
<source>Configure OAuth2/OpenId Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf5cbccdc6254c8dc">
|
||||
<source>Configure Proxy Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf6d46bb442b77e91">
|
||||
<source>AdditionalScopes</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2c8c6f89089b31d4">
|
||||
<source>Configure Radius Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfe906cde5dddc041">
|
||||
<source>Configure SAML Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb3defbacd01ad972">
|
||||
<source>Property mappings used for user mapping.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ccce0ec8d228db6">
|
||||
<source>Configure SCIM Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd7728d2b6e1d25e9">
|
||||
<source>Property mappings used for group creation.</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
|
@ -5924,12 +5924,6 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<trans-unit id="s848288f8c2265aad">
|
||||
<source>Your application has been saved</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf60f1e5b76897c93">
|
||||
<source>In the Application:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ce65cf482b7bff0">
|
||||
<source>In the Provider:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s67d858051b34c38b">
|
||||
<source>Method's display Name.</source>
|
||||
</trans-unit>
|
||||
|
@ -6199,6 +6193,51 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
</trans-unit>
|
||||
<trans-unit id="s52bdc80690a9a8dc">
|
||||
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scda8dc24b561e205">
|
||||
<source>There was an error in the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdaca9c2c0361ed3a">
|
||||
<source>Review the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb50000a8fada5672">
|
||||
<source>There was an error in the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s21f95eaf151d4ce3">
|
||||
<source>Review the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9fd39a5cb20b4e61">
|
||||
<source>There was an error</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7a6b3453209e1066">
|
||||
<source>There was an error creating the application, but no error message was sent. Please review the server logs.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a711c19cda48375">
|
||||
<source>Configure LDAP Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9368e965b5c292ab">
|
||||
<source>Configure OAuth2/OpenId Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf5cbccdc6254c8dc">
|
||||
<source>Configure Proxy Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf6d46bb442b77e91">
|
||||
<source>AdditionalScopes</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2c8c6f89089b31d4">
|
||||
<source>Configure Radius Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfe906cde5dddc041">
|
||||
<source>Configure SAML Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb3defbacd01ad972">
|
||||
<source>Property mappings used for user mapping.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ccce0ec8d228db6">
|
||||
<source>Configure SCIM Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd7728d2b6e1d25e9">
|
||||
<source>Property mappings used for group creation.</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
|
@ -7556,14 +7556,6 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Your application has been saved</source>
|
||||
<target>Ŷōũŕ àƥƥĺĩćàţĩōń ĥàś ƀēēń śàvēď</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf60f1e5b76897c93">
|
||||
<source>In the Application:</source>
|
||||
<target>Ĩń ţĥē Àƥƥĺĩćàţĩōń:</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ce65cf482b7bff0">
|
||||
<source>In the Provider:</source>
|
||||
<target>Ĩń ţĥē Ƥŕōvĩďēŕ:</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s67d858051b34c38b">
|
||||
<source>Method's display Name.</source>
|
||||
<target>Mēţĥōď'ś ďĩśƥĺàŷ Ńàmē.</target>
|
||||
|
@ -7732,149 +7724,258 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
</trans-unit>
|
||||
<trans-unit id="s4bd386db7302bb22">
|
||||
<source>Create With Wizard</source>
|
||||
<target>Ćŕēàţē Ŵĩţĥ Ŵĩźàŕď</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s070fdfb03034ca9b">
|
||||
<source>One hint, 'New Application Wizard', is currently hidden</source>
|
||||
<target>Ōńē ĥĩńţ, 'Ńēŵ Àƥƥĺĩćàţĩōń Ŵĩźàŕď', ĩś ćũŕŕēńţĺŷ ĥĩďďēń</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s61bd841e66966325">
|
||||
<source>External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access.</source>
|
||||
<target>Ēxţēŕńàĺ àƥƥĺĩćàţĩōńś ţĥàţ ũśē àũţĥēńţĩķ àś àń ĩďēńţĩţŷ ƥŕōvĩďēŕ vĩà ƥŕōţōćōĺś ĺĩķē ŌÀũţĥ2 àńď ŚÀMĹ. Àĺĺ àƥƥĺĩćàţĩōńś àŕē śĥōŵń ĥēŕē, ēvēń ōńēś ŷōũ ćàńńōţ àććēśś.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1cc306d8e28c4464">
|
||||
<source>Deny message</source>
|
||||
<target>Ďēńŷ mēśśàĝē</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s6985c401e1100122">
|
||||
<source>Message shown when this stage is run.</source>
|
||||
<target>Mēśśàĝē śĥōŵń ŵĥēń ţĥĩś śţàĝē ĩś ŕũń.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s09f0c100d0ad2fec">
|
||||
<source>Open Wizard</source>
|
||||
<target>Ōƥēń Ŵĩźàŕď</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf2ef885f7d0a101d">
|
||||
<source>Demo Wizard</source>
|
||||
<target>Ďēmō Ŵĩźàŕď</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s77505ee5d2e45e53">
|
||||
<source>Run the demo wizard</source>
|
||||
<target>Ŕũń ţĥē ďēmō ŵĩźàŕď</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4498e890d47a8066">
|
||||
<source>OAuth2/OIDC (Open Authorization/OpenID Connect)</source>
|
||||
<target>ŌÀũţĥ2/ŌĨĎĆ (Ōƥēń Àũţĥōŕĩźàţĩōń/ŌƥēńĨĎ Ćōńńēćţ)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4f2e195d09e2868c">
|
||||
<source>LDAP (Lightweight Directory Access Protocol)</source>
|
||||
<target>ĹĎÀƤ (Ĺĩĝĥţŵēĩĝĥţ Ďĩŕēćţōŕŷ Àććēśś Ƥŕōţōćōĺ)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7f5bb0c9923315ed">
|
||||
<source>Forward Auth (Single Application)</source>
|
||||
<target>Ƒōŕŵàŕď Àũţĥ (Śĩńĝĺē Àƥƥĺĩćàţĩōń)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf8008d2d6b064b95">
|
||||
<source>Forward Auth (Domain Level)</source>
|
||||
<target>Ƒōŕŵàŕď Àũţĥ (Ďōmàĩń Ĺēvēĺ)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfa8a1ffa9fee07d3">
|
||||
<source>SAML (Security Assertion Markup Language)</source>
|
||||
<target>ŚÀMĹ (Śēćũŕĩţŷ Àśśēŕţĩōń Màŕķũƥ Ĺàńĝũàĝē)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s848a23972e388662">
|
||||
<source>RADIUS (Remote Authentication Dial-In User Service)</source>
|
||||
<target>ŔÀĎĨŨŚ (Ŕēmōţē Àũţĥēńţĩćàţĩōń Ďĩàĺ-Ĩń Ũśēŕ Śēŕvĩćē)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s3e902999ddf7b50e">
|
||||
<source>SCIM (System for Cross-domain Identity Management)</source>
|
||||
<target>ŚĆĨM (Śŷśţēm ƒōŕ Ćŕōśś-ďōmàĩń Ĩďēńţĩţŷ Màńàĝēmēńţ)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdc5690be4a342985">
|
||||
<source>The token has been copied to your clipboard</source>
|
||||
<target>Ţĥē ţōķēń ĥàś ƀēēń ćōƥĩēď ţō ŷōũŕ ćĺĩƥƀōàŕď</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7f3edfee24690c9f">
|
||||
<source>The token was displayed because authentik does not have permission to write to the clipboard</source>
|
||||
<target>Ţĥē ţōķēń ŵàś ďĩśƥĺàŷēď ƀēćàũśē àũţĥēńţĩķ ďōēś ńōţ ĥàvē ƥēŕmĩśśĩōń ţō ŵŕĩţē ţō ţĥē ćĺĩƥƀōàŕď</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="saf6097bfa25205b8">
|
||||
<source>A copy of this recovery link has been placed in your clipboard</source>
|
||||
<target>À ćōƥŷ ōƒ ţĥĩś ŕēćōvēŕŷ ĺĩńķ ĥàś ƀēēń ƥĺàćēď ĩń ŷōũŕ ćĺĩƥƀōàŕď</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s5b8ee296ed258568">
|
||||
<source>The current tenant must have a recovery flow configured to use a recovery link</source>
|
||||
<target>Ţĥē ćũŕŕēńţ ţēńàńţ mũśţ ĥàvē à ŕēćōvēŕŷ ƒĺōŵ ćōńƒĩĝũŕēď ţō ũśē à ŕēćōvēŕŷ ĺĩńķ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s895514dda9cb9c94">
|
||||
<source>Create recovery link</source>
|
||||
<target>Ćŕēàţē ŕēćōvēŕŷ ĺĩńķ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="se5c795faf2c07514">
|
||||
<source>Create Recovery Link</source>
|
||||
<target>Ćŕēàţē Ŕēćōvēŕŷ Ĺĩńķ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s84fcddede27b8e2a">
|
||||
<source>External</source>
|
||||
<target>Ēxţēŕńàĺ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a635369edaf4dc3">
|
||||
<source>Service account</source>
|
||||
<target>Śēŕvĩćē àććōũńţ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sff930bf2834e2201">
|
||||
<source>Service account (internal)</source>
|
||||
<target>Śēŕvĩćē àććōũńţ (ĩńţēŕńàĺ)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s66313b45b69cfc88">
|
||||
<source>Check the release notes</source>
|
||||
<target>Ćĥēćķ ţĥē ŕēĺēàśē ńōţēś</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb4d7bae2440d9781">
|
||||
<source>User Statistics</source>
|
||||
<target>Ũśēŕ Śţàţĩśţĩćś</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s0924f51b028233a3">
|
||||
<source><No name set></source>
|
||||
<target><Ńō ńàmē śēţ></target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdc9a6ad1af30572c">
|
||||
<source>For nginx's auth_request or traefik's forwardAuth</source>
|
||||
<target>Ƒōŕ ńĝĩńx'ś àũţĥ_ŕēǫũēśţ ōŕ ţŕàēƒĩķ'ś ƒōŕŵàŕďÀũţĥ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfc31264ef7ff86ef">
|
||||
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
|
||||
<target>Ƒōŕ ńĝĩńx'ś àũţĥ_ŕēǫũēśţ ōŕ ţŕàēƒĩķ'ś ƒōŕŵàŕďÀũţĥ ƥēŕ ŕōōţ ďōmàĩń</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sc615309d10a9228c">
|
||||
<source>RBAC is in preview.</source>
|
||||
<target>ŔßÀĆ ĩś ĩń ƥŕēvĩēŵ.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s32babfed740fd3c1">
|
||||
<source>User type used for newly created users.</source>
|
||||
<target>Ũśēŕ ţŷƥē ũśēď ƒōŕ ńēŵĺŷ ćŕēàţēď ũśēŕś.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4a34a6be4c68ec87">
|
||||
<source>Users created</source>
|
||||
<target>Ũśēŕś ćŕēàţēď</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s275c956687e2e656">
|
||||
<source>Failed logins</source>
|
||||
<target>Ƒàĩĺēď ĺōĝĩńś</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb35c08e3a541188f">
|
||||
<source>Also known as Client ID.</source>
|
||||
<target>Àĺśō ķńōŵń àś Ćĺĩēńţ ĨĎ.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd46fd9b647cfea10">
|
||||
<source>Also known as Client Secret.</source>
|
||||
<target>Àĺśō ķńōŵń àś Ćĺĩēńţ Śēćŕēţ.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s4476e9c50cfd13f4">
|
||||
<source>Global status</source>
|
||||
<target>Ĝĺōƀàĺ śţàţũś</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd21a971eea208533">
|
||||
<source>Vendor</source>
|
||||
<target>Vēńďōŕ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sadadfe9dfa06d7dd">
|
||||
<source>No sync status.</source>
|
||||
<target>Ńō śŷńć śţàţũś.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2b1c81130a65a55b">
|
||||
<source>Sync currently running.</source>
|
||||
<target>Śŷńć ćũŕŕēńţĺŷ ŕũńńĩńĝ.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf36170f71cea38c2">
|
||||
<source>Connectivity</source>
|
||||
<target>Ćōńńēćţĩvĩţŷ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd94e99af8b41ff54">
|
||||
<source>0: Too guessable: risky password. (guesses &lt; 10^3)</source>
|
||||
<target>0: Ţōō ĝũēśśàƀĺē: ŕĩśķŷ ƥàśśŵōŕď. (ĝũēśśēś &ĺţ; 10^3)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sc926385d1a624c3a">
|
||||
<source>1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6)</source>
|
||||
<target>1: Vēŕŷ ĝũēśśàƀĺē: ƥŕōţēćţĩōń ƒŕōm ţĥŕōţţĺēď ōńĺĩńē àţţàćķś. (ĝũēśśēś &ĺţ; 10^6)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s8aae61c41319602c">
|
||||
<source>2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8)</source>
|
||||
<target>2: Śōmēŵĥàţ ĝũēśśàƀĺē: ƥŕōţēćţĩōń ƒŕōm ũńţĥŕōţţĺēď ōńĺĩńē àţţàćķś. (ĝũēśśēś &ĺţ; 10^8)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sc1f4b57e722a89d6">
|
||||
<source>3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10)</source>
|
||||
<target>3: Śàƒēĺŷ ũńĝũēśśàƀĺē: mōďēŕàţē ƥŕōţēćţĩōń ƒŕōm ōƒƒĺĩńē śĺōŵ-ĥàśĥ śćēńàŕĩō. (ĝũēśśēś &ĺţ; 10^10)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd47f3d3c9741343d">
|
||||
<source>4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10)</source>
|
||||
<target>4: Vēŕŷ ũńĝũēśśàƀĺē: śţŕōńĝ ƥŕōţēćţĩōń ƒŕōm ōƒƒĺĩńē śĺōŵ-ĥàśĥ śćēńàŕĩō. (ĝũēśśēś &ĝţ;= 10^10)</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s3d2a8b86a4f5a810">
|
||||
<source>Successfully created user and added to group <x id="0" equiv-text="${this.group.name}"/></source>
|
||||
<target>Śũććēśśƒũĺĺŷ ćŕēàţēď ũśēŕ àńď àďďēď ţō ĝŕōũƥ <x id="0" equiv-text="${this.group.name}"/></target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s824e0943a7104668">
|
||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||
<target>Ţĥĩś ũśēŕ ŵĩĺĺ ƀē àďďēď ţō ţĥē ĝŕōũƥ "<x id="0" equiv-text="${this.targetGroup.name}"/>".</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||
<source>Pretend user exists</source>
|
||||
<target>Ƥŕēţēńď ũśēŕ ēxĩśţś</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s52bdc80690a9a8dc">
|
||||
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||
<target>Ŵĥēń ēńàƀĺēď, ţĥē śţàĝē ŵĩĺĺ àĺŵàŷś àććēƥţ ţĥē ĝĩvēń ũśēŕ ĩďēńţĩƒĩēŕ àńď ćōńţĩńũē.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="scda8dc24b561e205">
|
||||
<source>There was an error in the application.</source>
|
||||
<target>Ţĥēŕē ŵàś àń ēŕŕōŕ ĩń ţĥē àƥƥĺĩćàţĩōń.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdaca9c2c0361ed3a">
|
||||
<source>Review the application.</source>
|
||||
<target>Ŕēvĩēŵ ţĥē àƥƥĺĩćàţĩōń.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb50000a8fada5672">
|
||||
<source>There was an error in the provider.</source>
|
||||
<target>Ţĥēŕē ŵàś àń ēŕŕōŕ ĩń ţĥē ƥŕōvĩďēŕ.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s21f95eaf151d4ce3">
|
||||
<source>Review the provider.</source>
|
||||
<target>Ŕēvĩēŵ ţĥē ƥŕōvĩďēŕ.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9fd39a5cb20b4e61">
|
||||
<source>There was an error</source>
|
||||
<target>Ţĥēŕē ŵàś àń ēŕŕōŕ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7a6b3453209e1066">
|
||||
<source>There was an error creating the application, but no error message was sent. Please review the server logs.</source>
|
||||
<target>Ţĥēŕē ŵàś àń ēŕŕōŕ ćŕēàţĩńĝ ţĥē àƥƥĺĩćàţĩōń, ƀũţ ńō ēŕŕōŕ mēśśàĝē ŵàś śēńţ. Ƥĺēàśē ŕēvĩēŵ ţĥē śēŕvēŕ ĺōĝś.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a711c19cda48375">
|
||||
<source>Configure LDAP Provider</source>
|
||||
<target>Ćōńƒĩĝũŕē ĹĎÀƤ Ƥŕōvĩďēŕ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9368e965b5c292ab">
|
||||
<source>Configure OAuth2/OpenId Provider</source>
|
||||
<target>Ćōńƒĩĝũŕē ŌÀũţĥ2/ŌƥēńĨď Ƥŕōvĩďēŕ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf5cbccdc6254c8dc">
|
||||
<source>Configure Proxy Provider</source>
|
||||
<target>Ćōńƒĩĝũŕē Ƥŕōxŷ Ƥŕōvĩďēŕ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf6d46bb442b77e91">
|
||||
<source>AdditionalScopes</source>
|
||||
<target>ÀďďĩţĩōńàĺŚćōƥēś</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2c8c6f89089b31d4">
|
||||
<source>Configure Radius Provider</source>
|
||||
<target>Ćōńƒĩĝũŕē Ŕàďĩũś Ƥŕōvĩďēŕ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfe906cde5dddc041">
|
||||
<source>Configure SAML Provider</source>
|
||||
<target>Ćōńƒĩĝũŕē ŚÀMĹ Ƥŕōvĩďēŕ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb3defbacd01ad972">
|
||||
<source>Property mappings used for user mapping.</source>
|
||||
<target>Ƥŕōƥēŕţŷ màƥƥĩńĝś ũśēď ƒōŕ ũśēŕ màƥƥĩńĝ.</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ccce0ec8d228db6">
|
||||
<source>Configure SCIM Provider</source>
|
||||
<target>Ćōńƒĩĝũŕē ŚĆĨM Ƥŕōvĩďēŕ</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd7728d2b6e1d25e9">
|
||||
<source>Property mappings used for group creation.</source>
|
||||
<target>Ƥŕōƥēŕţŷ màƥƥĩńĝś ũśēď ƒōŕ ĝŕōũƥ ćŕēàţĩōń.</target>
|
||||
</trans-unit>
|
||||
</body></file></xliff>
|
||||
|
|
|
@ -5709,12 +5709,6 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<trans-unit id="s848288f8c2265aad">
|
||||
<source>Your application has been saved</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf60f1e5b76897c93">
|
||||
<source>In the Application:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ce65cf482b7bff0">
|
||||
<source>In the Provider:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s67d858051b34c38b">
|
||||
<source>Method's display Name.</source>
|
||||
</trans-unit>
|
||||
|
@ -5984,6 +5978,51 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
</trans-unit>
|
||||
<trans-unit id="s52bdc80690a9a8dc">
|
||||
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scda8dc24b561e205">
|
||||
<source>There was an error in the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdaca9c2c0361ed3a">
|
||||
<source>Review the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb50000a8fada5672">
|
||||
<source>There was an error in the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s21f95eaf151d4ce3">
|
||||
<source>Review the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9fd39a5cb20b4e61">
|
||||
<source>There was an error</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7a6b3453209e1066">
|
||||
<source>There was an error creating the application, but no error message was sent. Please review the server logs.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a711c19cda48375">
|
||||
<source>Configure LDAP Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9368e965b5c292ab">
|
||||
<source>Configure OAuth2/OpenId Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf5cbccdc6254c8dc">
|
||||
<source>Configure Proxy Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf6d46bb442b77e91">
|
||||
<source>AdditionalScopes</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2c8c6f89089b31d4">
|
||||
<source>Configure Radius Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfe906cde5dddc041">
|
||||
<source>Configure SAML Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb3defbacd01ad972">
|
||||
<source>Property mappings used for user mapping.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ccce0ec8d228db6">
|
||||
<source>Configure SCIM Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd7728d2b6e1d25e9">
|
||||
<source>Property mappings used for group creation.</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
|
@ -7619,14 +7619,6 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Your application has been saved</source>
|
||||
<target>您的应用程序已保存</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf60f1e5b76897c93">
|
||||
<source>In the Application:</source>
|
||||
<target>在应用程序中:</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ce65cf482b7bff0">
|
||||
<source>In the Provider:</source>
|
||||
<target>在提供程序中:</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s67d858051b34c38b">
|
||||
<source>Method's display Name.</source>
|
||||
<target>方法的显示名称。</target>
|
||||
|
@ -7988,6 +7980,51 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<trans-unit id="s52bdc80690a9a8dc">
|
||||
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||
<target>启用时,此阶段总是会接受指定的用户 ID 并继续。</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="scda8dc24b561e205">
|
||||
<source>There was an error in the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdaca9c2c0361ed3a">
|
||||
<source>Review the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb50000a8fada5672">
|
||||
<source>There was an error in the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s21f95eaf151d4ce3">
|
||||
<source>Review the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9fd39a5cb20b4e61">
|
||||
<source>There was an error</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7a6b3453209e1066">
|
||||
<source>There was an error creating the application, but no error message was sent. Please review the server logs.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a711c19cda48375">
|
||||
<source>Configure LDAP Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9368e965b5c292ab">
|
||||
<source>Configure OAuth2/OpenId Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf5cbccdc6254c8dc">
|
||||
<source>Configure Proxy Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf6d46bb442b77e91">
|
||||
<source>AdditionalScopes</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2c8c6f89089b31d4">
|
||||
<source>Configure Radius Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfe906cde5dddc041">
|
||||
<source>Configure SAML Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb3defbacd01ad972">
|
||||
<source>Property mappings used for user mapping.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ccce0ec8d228db6">
|
||||
<source>Configure SCIM Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd7728d2b6e1d25e9">
|
||||
<source>Property mappings used for group creation.</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
|
@ -5757,12 +5757,6 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<trans-unit id="s848288f8c2265aad">
|
||||
<source>Your application has been saved</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf60f1e5b76897c93">
|
||||
<source>In the Application:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ce65cf482b7bff0">
|
||||
<source>In the Provider:</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s67d858051b34c38b">
|
||||
<source>Method's display Name.</source>
|
||||
</trans-unit>
|
||||
|
@ -6032,6 +6026,51 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
</trans-unit>
|
||||
<trans-unit id="s52bdc80690a9a8dc">
|
||||
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scda8dc24b561e205">
|
||||
<source>There was an error in the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdaca9c2c0361ed3a">
|
||||
<source>Review the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb50000a8fada5672">
|
||||
<source>There was an error in the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s21f95eaf151d4ce3">
|
||||
<source>Review the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9fd39a5cb20b4e61">
|
||||
<source>There was an error</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7a6b3453209e1066">
|
||||
<source>There was an error creating the application, but no error message was sent. Please review the server logs.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a711c19cda48375">
|
||||
<source>Configure LDAP Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9368e965b5c292ab">
|
||||
<source>Configure OAuth2/OpenId Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf5cbccdc6254c8dc">
|
||||
<source>Configure Proxy Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf6d46bb442b77e91">
|
||||
<source>AdditionalScopes</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2c8c6f89089b31d4">
|
||||
<source>Configure Radius Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfe906cde5dddc041">
|
||||
<source>Configure SAML Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb3defbacd01ad972">
|
||||
<source>Property mappings used for user mapping.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ccce0ec8d228db6">
|
||||
<source>Configure SCIM Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd7728d2b6e1d25e9">
|
||||
<source>Property mappings used for group creation.</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
|
@ -7555,14 +7555,6 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
<source>Your application has been saved</source>
|
||||
<target>已經儲存您的應用程式</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf60f1e5b76897c93">
|
||||
<source>In the Application:</source>
|
||||
<target>在應用程式:</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ce65cf482b7bff0">
|
||||
<source>In the Provider:</source>
|
||||
<target>在供應商:</target>
|
||||
</trans-unit>
|
||||
<trans-unit id="s67d858051b34c38b">
|
||||
<source>Method's display Name.</source>
|
||||
<target>方法的顯示名稱。</target>
|
||||
|
@ -7925,6 +7917,51 @@ Bindings to groups/users are checked against the user of the event.</source>
|
|||
</trans-unit>
|
||||
<trans-unit id="s5d7748b1d2363478">
|
||||
<source>Are you sure you want to remove the selected users from the group <x id="0" equiv-text="${this.targetGroup?.name}"/>?</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="scda8dc24b561e205">
|
||||
<source>There was an error in the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sdaca9c2c0361ed3a">
|
||||
<source>Review the application.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb50000a8fada5672">
|
||||
<source>There was an error in the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s21f95eaf151d4ce3">
|
||||
<source>Review the provider.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9fd39a5cb20b4e61">
|
||||
<source>There was an error</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7a6b3453209e1066">
|
||||
<source>There was an error creating the application, but no error message was sent. Please review the server logs.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s1a711c19cda48375">
|
||||
<source>Configure LDAP Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s9368e965b5c292ab">
|
||||
<source>Configure OAuth2/OpenId Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf5cbccdc6254c8dc">
|
||||
<source>Configure Proxy Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sf6d46bb442b77e91">
|
||||
<source>AdditionalScopes</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s2c8c6f89089b31d4">
|
||||
<source>Configure Radius Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sfe906cde5dddc041">
|
||||
<source>Configure SAML Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sb3defbacd01ad972">
|
||||
<source>Property mappings used for user mapping.</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="s7ccce0ec8d228db6">
|
||||
<source>Configure SCIM Provider</source>
|
||||
</trans-unit>
|
||||
<trans-unit id="sd7728d2b6e1d25e9">
|
||||
<source>Property mappings used for group creation.</source>
|
||||
</trans-unit>
|
||||
</body>
|
||||
</file>
|
||||
|
|
Reference in a new issue