Commit Graph

2163 Commits

Author SHA1 Message Date
Ken Sternberg 2222f6722e Late addition: I had an inspiration about how to reduce the way
reactivity broke focus by, basically, removing the reactivity and
managing the first-time-through lifecycle to prevent the update
from causing refocus.  It works well!  Now I just need to test it.
2023-08-11 20:47:55 -07:00
Ken Sternberg 356488809c It looks like my brilliant strategy has hit a snag.
The idea is simple.  Let's start with this picture:

```
<application-wizard .steps=${[... a collection of step objects ...]}>
  <wizard-main .steps=${(steps from above)}>
    <application-current-panel>
      <current-form>
```

- ApplicationWizard has a Context for the ApplicationProviderPair (or whatever it's going to be).
  This context does not know about the steps; it just knows about: the "application" object, the
  "provider" object, and a discriminator to know *which* provider the user has selected.
- ApplicationWizard has Steps that, among other things, provides Panels for:
  - Application
  - Pick Provider
  - Configure Provider
  - Submit ApplicationProviderPair to the back-end
- The WizardFrame renders the CurrentPanel for the CurrentStep

The CurrentPanel gets its data from the ApplicationWizard in the form of a Context. It then sends
messages (events) to ApplicationWizard about the contents of each field as the user is filling out
the form, so that the ApplicationWizard can record those in the ApplicationProviderPair for later
submission.

When a CurrentForm is valid, the ApplicationWizard updates the Steps object to show that the "Next
button" on the Wizard is now available.

In this way, the user can progress through the system.  When they get to the last page, we can
provide in the ApplicationWizard with the means to submit the form and/or send the user back to
the page with the validation failure.

Problem: The context is being updated in real-time, which is triggering re-renders of the form. This
leads to focus problems as the fields that are not yet valid are triggering "focus grab" behavior.
This is a classic problem with "controlled" inputs. What we really want is for the CurrentPanel to
not re-render at all, but to behave like a normal, uncontrolled form, and let the browser do most of
the work.  We still want the [Next] button to enable when the form is valid enough to permit that.

---

Other details: I've ripped out a lot of Jen's work, which is probably a mistake.  It's still
preserved elsewhere.  I've also cleaned up the various wizardly things to try and look organized.
It *looks* like it should work, it just... doesn't.  Not yet.
2023-08-11 15:48:31 -07:00
Ken Sternberg c0294191ad Turns out that was one layer too many; the topmost component was fine for
maintaining the context.
2023-08-11 14:57:48 -07:00
Ken Sternberg 7fae17dac3 web: application wizard
Found where the hook for form validity should go.  Excellent!  Now I just need to incorporate
that basic validation into the business logic and we're good to go.
2023-08-10 12:51:39 -07:00
Ken Sternberg 03d9360995 Linting. 2023-08-10 12:37:15 -07:00
Ken Sternberg ae99ef5fe4 web: 80% of the way there
This commit includes the first three pages of the wizard, the
completion of the wizard framework with evented handling, and control
over progression.

Some shortcomings of this design have become evident: it isn't
possible to communicate between the steps' wrappers, as they are
POJOs without access to the context.  An imperative decision-making
process has to be inserted in the orchestration layer,
which is kinda annoying.

But it looks good and it behaves correctly, to the extent that I've
given it behavior.  It's an excellent foundation.
2023-08-10 11:52:08 -07:00
Ken Sternberg 2a05a9d012 Web: This is coming together amazingly well. Like, almost too well. 2023-08-09 14:08:24 -07:00
Ken Sternberg 7465929475 Added SAML Story to Storybook. 2023-08-08 11:00:57 -07:00
Ken Sternberg ae66297196 web: SAML Manual Configuration
Added a 'design document' that just kinda describes what I'm trying
to do, in case I don't get this done by Friday Aug 11, 2023.

I had two tables doing the same thing, so I merged them and then
wrote a few map/filters to specialize them for those two use cases.

Along the way I had to fiddle with the ESLint settings so that
underscore-prefixed unused variables would be ignored.

I cleaned up the visual appeal of the forms in the LDAP application.

I was copy/pasting the "handleProviderEvent" function, so I pulled
it out into ApplicationWizardProviderPageBase.  Not so much a matter
of abstraction as just disliking that kind of duplication; it served
no purpose.
2023-08-08 10:47:07 -07:00
Ken Sternberg 67b7371026 Rounding out the catalog. 2023-08-07 16:09:47 -07:00
Ken Sternberg fe17f116ed web: Tactical change. Put all the variants on the second page; it's
a longer list, but it's also easier to manage than all those
required sub-options.
2023-08-07 15:56:12 -07:00
Ken Sternberg 303278964e Proxy Provider done. 2023-08-07 10:59:18 -07:00
Ken Sternberg eed32b0235 Merge branch 'ak-select-crypto-certificate' into application-wizard-2
* ak-select-crypto-certificate:
  web: display tests for CryptoCertificateKeypair search
  web: Replace ad-hoc search for CryptoCertificateKeyPairs with ak-crypto-certeficate-search
2023-08-07 09:58:49 -07:00
Ken Sternberg 564ce4fc0c Merge branch 'ak-toggle-group' into application-wizard-2
* ak-toggle-group:
  Bugs found by CI/CD.
  web: adding a storybook for the ak-toggle-group component
  web: minor code formatting issue.
  web: Replace ad-hoc toggle control with ak-toggle-group
2023-08-07 09:54:20 -07:00
Ken Sternberg 53828cda70 Fixed behavioral problem with the radio; the `if` there was
preventing the radio from reflecting the default correctly.
The observed behavior was that the radio wouldn't "activate"
until the item selected during the render pass was clicked on
first.
2023-08-07 08:46:02 -07:00
Ken Sternberg fa0a9166d1 Merge branch 'main' into application-wizard-2
* main:
  web/flows: fix identification stage band color (#6489)
  providers/proxy: only intercept auth header when a value is set (#6488)
  web: bump @goauthentik/api from 2023.6.1-1691242648 to 2023.6.1-1691266058 in /web (#6486)
  providers/proxy: set outpost session cookie to httponly and secure wh… (#6482)
  web: bump @esbuild/linux-arm64 from 0.18.17 to 0.18.18 in /web (#6483)
  web/admin: fix user sorting by active field (#6485)
  web: bump @esbuild/darwin-arm64 from 0.18.17 to 0.18.18 in /web (#6484)
  web: bump storybook (#6481)
  web: bump the sentry group in /web with 2 updates (#6480)
  web: bump API Client version (#6479)
  api: optimise pagination in API schema (#6478)
  website/dev-docs: tweaks to template (#6474)
  website: bump react-tooltip from 5.19.0 to 5.20.0 in /website (#6471)
  website: bump prettier from 3.0.0 to 3.0.1 in /website (#6472)
2023-08-07 08:23:00 -07:00
Jens L c5222bf439
web/flows: fix identification stage band color (#6489)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-06 01:18:46 +02:00
Jens L 287cf6f0c7
web/admin: fix user sorting by active field (#6485)
* web/admin: fix user sorting by active field

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web/admin: fix hide service account toggle

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-05 22:07:17 +02:00
Jens L 00fae2353c
api: optimise pagination in API schema (#6478) 2023-08-05 15:37:06 +02:00
Ken Sternberg 5d52038afc web: display tests for CryptoCertificateKeypair search
This adds a Storybook for the CryptoCertificateKeypair search, including
a mock fetch of the data.  In the course of running the tests, we discovered
that including the SearchSelect _class_ won't include the customElement declaration
unless you include the whole file!  Other bugs found: including the CSS from
Storybook is different from that of LitElement native, so much so that the
adapter needed to be included.  FlowSearch had a similar bug.  The problem
only manifests when building via Webpack (which Storybook uses) and not
Rollup, but we should support both in distribution.
2023-08-04 14:06:09 -07:00
Ken Sternberg 911f8e49cc web: Replace ad-hoc search for CryptoCertificateKeyPairs with ak-crypto-certeficate-search
This commit replaces various ad-hoc implementations of `search-select` for CryptoCertificateKeyPairs
with a web component that encapsulates all of the needed behavior and exposes a single API.

The results are: Lots of visual clutter is eliminated.  A single search of:

```HTML
<ak-search-select
    .fetchObjects=${async (query?: string): Promise<CertificateKeyPair[]> => {
        const args: CryptoCertificatekeypairsListRequest = {
            ordering: "name",
            hasKey: true,
            includeDetails: false,
        };
        if (query !== undefined) {
            args.search = query;
        }
        const certificates = await new CryptoApi(
            DEFAULT_CONFIG,
        ).cryptoCertificatekeypairsList(args);
        return certificates.results;
    }}
    .renderElement=${(item: CertificateKeyPair): string => {
        return item.name;
    }}
    .value=${(item: CertificateKeyPair | undefined): string | undefined => {
        return item?.pk;
    }}
    .selected=${(item: CertificateKeyPair): boolean => {
        return this.instance?.tlsVerification === item.pk;
    }}
    ?blankable=${true}
>
</ak-search-select>
```

Now looks like:

```HTML
<ak-crypto-certificate-search certificate=${this.instance?.tlsVerification}>
</ak-crypto-certificate-search>
```

There are three searches that do not require there to be a valid key with the certificate; these are
supported with the boolean property `nokey`; likewise, there is one search (in SAMLProviderForm)
that states that if there is no current certificate in the SAMLProvider and only one certificate can
be found in the Authentik database, use that one; this is supported with the boolean property
`singleton`.

These changes replace 382 lines of object-oriented invocations with 36 lines of declarative
configuration, and 98 lines for the class.  Overall, the code for "find a crypto certificate" has
been reduced by 46%.

Suggestions for a better word than `singleton` are welcome!
2023-08-04 11:04:25 -07:00
Ken Sternberg 134c6976fa Bugs found by CI/CD. 2023-08-03 15:39:01 -07:00
Ken Sternberg 46926d54ca web: adding a storybook for the ak-toggle-group component 2023-08-03 15:11:55 -07:00
Ken Sternberg 6018ffe13d web: minor code formatting issue. 2023-08-03 14:53:05 -07:00
Ken Sternberg df16dc3088 web: Replace ad-hoc toggle control with ak-toggle-group
This commit replaces various ad-hoc implementations of the Patternfly Toggle Group HTML with a web
component that encapsulates all of the needed behavior and exposes a single API with a single event
handler, return the value of the option clicked.

The results are: Lots of visual clutter is eliminated.  A single link of:

```
<div class="pf-c-toggle-group__item">
  <button
      class="pf-c-toggle-group__button ${this.mode === ProxyMode.Proxy
          ? "pf-m-selected"
          : ""}"
      type="button"
      @click=${() => {
          this.mode = ProxyMode.Proxy;
      }}>
      <span class="pf-c-toggle-group__text">${msg("Proxy")}</span>
  </button>
</div>
<div class="pf-c-divider pf-m-vertical" role="separator"></div>
```

Now looks like:

```
<option value=${ProxyMode.Proxy}>${msg("Proxy")}</option>
```

This also means that the three pages that used the Patternfly Toggle Group could eliminate all of
their Patternfly PFToggleGroup needs, as well as the `justify-content: center` extension, which also
eliminated the `css` import.

The savings aren't as spectacular as I'd hoped: removed 178 lines, but added 123; total savings 55
lines of code.  I still count this a win: we need never write another toggle component again, and
any bugs, extensions or features we may want to add can be centralized or forked without risking the
whole edifice.
2023-08-03 14:43:31 -07:00
Ken Sternberg 79e0a32fa8 Merge branch 'main' into application-wizard-2
* main: (36 commits)
  website/blog: add github user name links (#6468)
  website/developer-docs: add new template for procedures (#6390)
  website/blogs: blog to celebrate hackathon (#6457)
  web/flows: add more stories (#6444)
  web: bump prettier from 3.0.0 to 3.0.1 in /web (#6465)
  core: bump debugpy from 1.6.7 to 1.6.8 (#6458)
  ci: bump peter-evans/create-pull-request from 4 to 5 (#6459)
  web: bump lit from 2.7.6 to 2.8.0 in /web (#6460)
  web: bump @fortawesome/fontawesome-free from 6.4.0 to 6.4.2 in /web (#6461)
  web: bump chart.js from 4.3.2 to 4.3.3 in /web (#6462)
  web: bump @lit-labs/task from 2.1.2 to 3.0.0 in /web (#6463)
  web, website: compress images (#6121)
  core: bump cryptography from 41.0.2 to 41.0.3 (#6456)
  root: replace builtin psycopg libpq binary implementation with distro… (#6448)
  website: fix broken links in NewsBar
  core: bump github.com/getsentry/sentry-go from 0.22.0 to 0.23.0 (#6449)
  core: bump goauthentik.io/api/v3 from 3.2023061.6 to 3.2023061.7 (#6450)
  web: bump pyright from 1.1.319 to 1.1.320 in /web (#6451)
  core: bump ruff from 0.0.281 to 0.0.282 (#6453)
  core: bump golang from 1.20.6-bullseye to 1.20.7-bullseye (#6454)
  ...
2023-08-03 13:51:25 -07:00
Ken Sternberg e8b1e9d075 web: one more toggle group. 2023-08-03 13:42:30 -07:00
Ken Sternberg 8042d9f276 web: Converted our toggle groups to a more streamlined implementation. 2023-08-03 13:39:58 -07:00
Tana M Berry 5755a9a7c0
website/blogs: blog to celebrate hackathon (#6457)
* blog to celebrate hackathon

* Optimised images with calibre/image-actions

* fixing the mess

* restore images

* final text polishes

* "final polishes"

* Optimised images with calibre/image-actions

* fix formatting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make github usernames clickable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana Berry <tana@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-08-03 12:22:17 -05:00
Jens L 1451f3757d
web/flows: add more stories (#6444)
remove default example stories that were broken

currently only the dark theme works due to the way storybook includes CSS files in the iframe

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-08-03 17:27:58 +02:00
Ken Sternberg 0bba3ae97f web: ak-application-wizard-authentication-by-oauth, and many fixes!
1. Fixed `eventEmitter` so that if the detail object is a scalar, it will not attempt to "objectify"
   it.  This was causing a bug where retrofitting the eventEmitter to some older components resulted
   in a detail of "some" being translated into ['s', 'o', 'm', 'e'].  Not what is wanted.
2. Removed the "transitional form" from the existing components; they had a two-step where the web
   component class was just a wrapper around an independent rendering function.  While this worked,
   it was only to make the case that they *were* independent rendering objects and could be
   supported with the right web component framework.  We're halfway there now; the last step will be
   to transform the horizontal-element and various input CSS into componentized CSS, the way
   Patternfly-Elements is currently doing.
3. Fixed the `help` field so that it could take a string or a TemplateResult, and if the latter,
   don't bother wrapping it in the helper text functionality; just let it be its own thing.  This
   supports the multi-line help of redirectURI as well as the `ak-utils-time-delta` capability.
4. Transform Oauth2ProviderForm to use the new components, to the best of our ability.  Also used
   the `provider = this.wizard.provider` and `provider = this.instance` syntax to make the render
   function *completely portable*; it's the exact same text that is dropped into...
5. The complete `ak-application-wizard-authentication-by-oauth` component. They're so similar part
   of me wonders if I could push them both out to a common reference, or a collection of common
   references.  Both components use the PropertyMapping and Sources, and both use the same
   collection of searches (Crypto, Flow).
6. A Storybook for `ak-application-wizard-authentication-by-oauth`, showing the works working.
7. New mocks for `authorizationFlow`, `propertyMappings`, and `hasJWKs`.

This sequence has revealed a bug in the radio control.  (It's always the radio control.)  If the
default doesn't match the current setting, the radio control doesn't behave as expected; it won't
change when you fully expect that it should.  I'll investigate how to harmonize those tomorrow.
2023-08-02 15:36:20 -07:00
Ken Sternberg f4807a3081 web: a HACK for Storybook to inject the "use light theme" flag into the body.
This isn't really a very good hack; what it does is say that every story is
responsible for hacking its theme into the parent.  This is very annoying, but
it does mean that we can at least show our components in the best light.
2023-08-02 11:37:12 -07:00
Ken Sternberg a9a120cd68 web: now passing the precommit phase 2023-08-02 09:09:38 -07:00
Ken Sternberg b7b85d6f5d web: tracked down that weirld bug with the radio.
Because radio inputs are actually multiples, the events handling for
radio is... wonky.  If we want our `<ak-radio>` component to be a
unitary event dispatcher, saying "This is the element selected," we
needed to do more than what was currently being handled.

I've intercepted the events that we care about and have placed
them into a controller that dictates both the setting and the
re-render of the component.  This makes it "controlled" (to use the
Angular/React/Vue) language and depends on Lit's reactiveElement
lifecycle to work, rather than trust the browser, but the browser's
experience with respect to the `<input type=radio` is pretty bad:
both input elements fire events, one for "losing selection" and
one for "gaining selection".  That can be very confusing to handle,
so we funnel them down in our aggregate radio element to a single
event, "selection changed".

As a quality-of-life measure, I've also set the label to be
unselectable; this means that a click on the label will trigger the
selection event, and a long click will not disable selection or
confuse the selection event generator.
2023-08-02 08:51:24 -07:00
Ken Sternberg b158074d78 Now, it's starting to look like a complete package. The LDAP method is working, but there is a bug:
the radio is sending the wrong value !?!?!?. Track that down, dammit. The search wrappers now resend
their events as standard `input` events, and that actually seems to work well; the browser is
decorating it with the right target, with the right `name` attribute, and since we have good
definitions of the `value` as a string (the real value of any search object is its UUID4), that
works quite well. Added search wrappers for CoreGroup and CryptoCertificate (CertificateKeyPairs),
and the latter has flags for "use the first one if it's the only one" and "allow the display of
keyless certificates."

Not sure why `state()` is blocking the transmission of typing information from the typed element
to the context handler, but it's a bug in the typechecker, and it's not a problem so far.
2023-08-01 16:18:58 -07:00
Ken Sternberg b4d3b75434 Now, it's starting to look like a complete package. The LDAP method is working, but there is a bug:
the radio is sending the wrong value !?!?!?. Track that down, dammit. The search wrappers now resend
their events as standard `input` events, and that actually seems to work well; the browser is
decorating it with the right target, with the right `name` attribute, and since we have good
definitions of the `value` as a string (the real value of any search object is its UUID4), that
works quite well. Added search wrappers for CoreGroup and CryptoCertificate (CertificateKeyPairs),
and the latter has flags for "use the first one if it's the only one" and "allow the display of
keyless certificates."

Not sure why `state()` is blocking the transmission of typing information from the typed element
to the context handler, but it's a bug in the typechecker, and it's not a problem so far.
2023-08-01 16:16:57 -07:00
Ken Sternberg bf26e5d11e web: Baby steps
I become frustrated with my inability to make any progress on this project, so I decided to reach
for a tool that I consider highly reliable but also incredibly time-consuming and boring: test
driven development.

In this case, I wrote a story about how I wanted to see the first page rendered: just put the HTML
tag, completely unadorned, that will handle the first page of the wizard. Then, add an event handler
that will send the updated content to some parent object, since what we really want is to
orchestrate the state of the user's input with a centralized location. Then, rather than fiddling
with the attributes and properties of the various pages, I wanted them to be able to "look up" the
values they want, much as we'd expect a standalone form to be able to pull its values from the
server, so I added a context object that receives the update event and incorporates the new
knowledge about the state of the process into itself.

The result is surprisingly satisfying: the first page renders cleanly, displays the content that we
want, and as we fiddle with, we can *watch in real time* as the results of the context are updated
and retransmitted to all receiving objects. And the sending object gets the results so it
re-renders, but it ends up looking the same as it was before the render.
2023-07-31 16:33:42 -07:00
Ken Sternberg bbc47e0fce web: Marking down the start of the 'components' library. 2023-07-31 11:04:26 -07:00
Jens L 8079952d47
web: rework and expand tooltips (#6435)
* web: replace custom tooltip with pfe-tooltip

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tooltips to all edit buttons

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tooltips to remaining table actions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add a bunch more tooltips

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-31 19:35:09 +02:00
Ken Sternberg 48083ac380 web: Legibility in the ApplicationForm.
This is a pretty good result.  By using the LightDOM setting, this
provides the existing Authentik form manager with access to the
ak-form-horizontal-element components without having to do any
cross-border magic.  It's not ideal, and it shows up just how badly
we've got patternfly splattered everywhere, but the actual results
are remarkable.  The patterns for text, switch, radio, textarea,
file, and even select are smaller and easier here.

I'm still noodling on what an unspread search-select element would
look like.  It's just dependency injection, so it ought to be as
straightforward as that.
2023-07-30 09:51:19 -07:00
Ken Sternberg 6a60174371 Broke out the text input into a single renderer. Still works as required. 2023-07-30 06:44:40 -07:00
Ken Sternberg 540eee1612 Adding comments to the wizard. 2023-07-30 06:26:54 -07:00
Ken Sternberg 369c7be68d A lot of comments about forms. 2023-07-28 18:10:11 -07:00
Jens L 2340e925ee
web/user: fix alignment between image icons and fallback text icons (#6416)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-28 22:58:16 +02:00
Ken Sternberg 3f02534eb1
web: weightloss program, part 1: FlowSearch (#6332)
* web: weightloss program, part 1: FlowSearch

This commit extracts the multiple uses of SearchSelect for Flow lookups in the `providers`
collection and replaces them with a slightly more legible format, from:

```HTML
<ak-search-select
    .fetchObjects=${async (query?: string): Promise<Flow[]> => {
        const args: FlowsInstancesListRequest = {
            ordering: "slug",
            designation: FlowsInstancesListDesignationEnum.Authentication,
        };
        if (query !== undefined) {
            args.search = query;
        }
        const flows = await new FlowsApi(DEFAULT_CONFIG).flowsInstancesList(args);
        return flows.results;
    }}
    .renderElement=${(flow: Flow): string => {
        return RenderFlowOption(flow);
    }}
    .renderDescription=${(flow: Flow): TemplateResult => {
        return html`${flow.name}`;
    }}
    .value=${(flow: Flow | undefined): string | undefined => {
        return flow?.pk;
    }}
    .selected=${(flow: Flow): boolean => {
        return flow.pk === this.instance?.authenticationFlow;
    }}
>
</ak-search-select>
```

... to:

```HTML
<ak-flow-search
    flowType=${FlowsInstancesListDesignationEnum.Authentication}
    .currentFlow=${this.instance?.authenticationFlow}
    required
></ak-flow-search>
```

All of those middle methods, like `renderElement`, `renderDescription`, etc, are *completely the
same* for *all* of the searches, and there are something like 25 of them; this commit only covers
the 8 in `providers`, but the next commit should carry all of them.

The topmost example has been extracted into its own Web Component, `ak-flow-search`, that takes only
two arguments: the type of `FlowInstanceListDesignation` and the current instance of the flow.

The static methods for `renderElement`, `renderDescription` and `value` (which are all the same in
all 25 instances of `FlowInstancesListRequest`) have been made into standalone functions.
`fetchObjects` has been made into a method that takes the parameter from the `designation` property,
and `selected` has been turned into a method that takes the comparator instance from the
`currentFlow` property.  That's it.  That's the whole of it.

`SearchSelect` now emits an event whenever the user changes the field, and `ak-flow-search`
intercepts that event to mirror the value locally.

`Form` has been adapted to recognize the `ak-flow-search` element and extract the current value.

There are a number of legibility issues remaining, even with this fix.  The Authentik Form manager
is dependent upon a component named `ak-form-element-horizontal`, which is a container for a single
displayed element in a form:

```HTML
<ak-form-element-horizontal
    label=${msg("Authorization flow")}
    ?required=${true}
    name="authorizationFlow"
>
    <ak-flow-search
        flowType=${FlowsInstancesListDesignationEnum.Authorization}
        .currentFlow=${this.instance?.authorizationFlow}
        required
    ></ak-flow-search>
    <p class="pf-c-form__helper-text">
        ${msg("Flow used when authorizing this provider.")}
    </p>
</ak-form-element-horizontal>
```

Imagine, instead, if we could write:

```HTML
<ak-form-element-flow-search
    flowType=${FlowsInstancesListDesignationEnum.Authorization}
    .currentFlow=${this.instance?.authorizationFlow}
    required
    name="authorizationFlow">
<label slot="label">${msg("Authorization flow")}</label>
<span slot="help">${msg("Flow used when authorizing this provider.")}</span>
<ak-form-element-flow-search>
```

Starting with a superclass that understands the need for `label` and `help` slots, it would
automatically configure the input object that would be used.  We've already specified multiple
identical copies of this thing in multiple different places; centralizing their definition and then
re-using them would be classic code re-use.

Even better, since the Authorization flow is used 10 times in the whole of our code base, and the
Authentication flow 8 times, and they are *all identical*, it would be fitting if we just created
wrappers:

```HTML
<ak-form-element-flow-search
    flowType=${FlowsInstancesListDesignationEnum.Authorization}>
<ak-form-element-flow-search>
```

That's really all that's needed. There are *hundreds* (about 470 total) cases where nine or more
lines of repetitious HTML could be replaced with a one-liner like the above.

A "narrow waist" design is one that allows for a system to communicate between two different
components through a small but consistent collection of calls. The Form manager needs to be narrowed
hard. The `ak-form-element-horizontal` is a wrapper around an input object, and it has this at its
core for extracting that information. This forwards the name component to the containing input
object so that when the input object generates an event, we can identify the field it's associated
with.

```Javascript
this.querySelectorAll("*").forEach((input) => {
    switch (input.tagName.toLowerCase()) {
        case "input":
        case "textarea":
        case "select":
        case "ak-codemirror":
        case "ak-chip-group":
        case "ak-search-select":
        case "ak-radio":
            input.setAttribute("name", this.name);
            break;
        default:
            return;
    }
```

A *temporary* variant of this is in the `ak-flow-search` component, to support this API without
having to modify `ak-form-element-horizontal`.

And then `ak-form` itself has this:

```Javascript
if (
    inputElement.tagName.toLowerCase() === "select" &&
    "multiple" in inputElement.attributes
) {
    const selectElement = inputElement as unknown as HTMLSelectElement;
    json[element.name] = Array.from(selectElement.selectedOptions).map((v) => v.value);
} else if (
    inputElement.tagName.toLowerCase() === "input" &&
    inputElement.type === "date"
) {
    json[element.name] = inputElement.valueAsDate;
} else if (
    inputElement.tagName.toLowerCase() === "input" &&
    inputElement.type === "datetime-local"
) {
    json[element.name] = new Date(inputElement.valueAsNumber);
}
// ... another 20 lines removed
```

This ought to read:

```Javascript
const json = elements.filter((element => element instanceof AkFormComponent)
    .reduce((acc, element) => ({ ...acc, [element.name]: element.value] });
```

Where, instead of hand-writing all the different input objects for date and datetime and checkbox
into our forms, and then having to craft custom value extractors for each and every one of them,
just write *one* version of each with all the wrappers and bells and whistles already attached, and
have each one of them have a `value` getter descriptor that returns the value expected by our form
handler.

A back-of-the-envelope estimation is that there's about four *thousand* lines that could disappear
if we did this right.

More importantly, it would be possible to create new `AkFormComponent`s without having to register
them or define them for `ak-form`; as long as they conformed to the AkFormComponent's expectations
for "what is a source of values for a Form", `ak-form` would understand how to handle it.

Ultimately, what I want is to be able to do this:

``` HTML
<ak-input-form
   itemtype="ak-search"
   itemid="ak-authentication"
   itemprop=${this.instance}></ak-inputform>
```

And it will (1) go out and find the right kind of search to put there, (2) conduct the right kind of
fetch to fill that search, (3) pre-configure it with the user's current choice in that locale.

I don't think this is possible-- for one thing, it would be very expensive in terms of development,
and it may break the "narrow waist" ideal by require that the `ak-input-form` object know all the
different kinds of searches that are available.  The old Midgardian dream was that the object would
have *just* the identity triple (A table, a row of that table, a field of that row), and the
Javascript would go out and, using the identity, *find* the right object for CRUD (Creating,
Retrieving, Updating, and Deleting) it.

But that inspiration, as unreachable as it is, is where I'm headed.  Where our objects are both
*smart* and *standalone*.  Where they're polite citizens in an ordered universe, capable of
independence sufficient to be tested and validated and trusted, but working in concert to achieve
our aims.

* web: unravel the search-select for flows completely.

This commit removes *all* instances of the search-select
for flows, classifying them into four different categories:

- a search with no default
- a search with a default
- a search with a default and a fallback to a static default if non specified
- a search with a default and a fallback to the tenant's preferred default if this is a new instance
  and no flow specified.

It's not humanly possible to test all the instances where this has been committed, but the linters
are very happy with the results, and I'm going to eyeball every one of them in the github
presentation before I move this out of draft.

* web: several were declared 'required' that were not.

* web: I can't believe this was rejected because of a misspelling in a code comment. Well done\!

* web: another codespell fix for a comment.

* web: adding 'codespell' to the pre-commit command. Fixed spelling error in eventEmitter.
2023-07-28 22:57:14 +02:00
Jens Langhammer 1ba1a1def5
web/user: fix app icon size for user interface
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-28 17:11:20 +02:00
Jens L 782d95b4a3
web: app icons v2 (#6410)
* fix more icons stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor app icon into separate component

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make app icon work correctly in admin list and app view page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-28 14:25:56 +02:00
Jens L 5803c39e91
web: fix app icon rendering, style refinements (#6409)
* add very slight drop shadow to icons so dark colours are better visible, fix expand text

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web/admin: fix rendering of icons for admin interface

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-28 11:09:11 +02:00
Jens L de16988cac
web/user: experiment with some slightly different styles (#6405)
* web/user: experiment with some slightly different styles

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rework application card

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix color and expand

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix expansion

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-28 00:23:06 +02:00
Jens L 3cce6d79eb
web/user: fix background alignment (#6383)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-26 11:03:58 +02:00