import { HaveIBeenPwendPolicy, PoliciesApi } from "authentik-api"; import { t } from "@lingui/macro"; import { customElement } from "lit-element"; import { html, TemplateResult } from "lit-html"; import { DEFAULT_CONFIG } from "../../../api/Config"; import { ifDefined } from "lit-html/directives/if-defined"; import "../../../elements/forms/HorizontalFormElement"; import "../../../elements/forms/FormGroup"; import { first } from "../../../utils"; import { ModelForm } from "../../../elements/forms/ModelForm"; @customElement("ak-policy-hibp-form") export class HaveIBeenPwnedPolicyForm extends ModelForm { loadInstance(pk: string): Promise { return new PoliciesApi(DEFAULT_CONFIG).policiesHaveibeenpwnedRetrieve({ policyUuid: pk, }); } getSuccessMessage(): string { if (this.instance) { return t`Successfully updated policy.`; } else { return t`Successfully created policy.`; } } send = (data: HaveIBeenPwendPolicy): Promise => { if (this.instance) { return new PoliciesApi(DEFAULT_CONFIG).policiesHaveibeenpwnedUpdate({ policyUuid: this.instance.pk || "", haveIBeenPwendPolicyRequest: data, }); } else { return new PoliciesApi(DEFAULT_CONFIG).policiesHaveibeenpwnedCreate({ haveIBeenPwendPolicyRequest: data, }); } }; renderForm(): TemplateResult { return html`

${t`Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that. Note that only a part of the hash of the password is sent, the full comparison is done clientside.`}

${t`Execution logging`}

${t`When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.`}

${t`Policy-specific settings`}

${t`Field key to check, field keys defined in Prompt stages are available.`}

${t`Allow up to N occurrences in the HIBP database.`}

`; } }