import { HaveIBeenPwendPolicy, PoliciesApi } from "authentik-api"; import { t } from "@lingui/macro"; import { customElement, property } from "lit-element"; import { html, TemplateResult } from "lit-html"; import { DEFAULT_CONFIG } from "../../../api/Config"; import { Form } from "../../../elements/forms/Form"; import { ifDefined } from "lit-html/directives/if-defined"; import "../../../elements/forms/HorizontalFormElement"; import "../../../elements/forms/FormGroup"; import { first } from "../../../utils"; @customElement("ak-policy-hibp-form") export class HaveIBeenPwnedPolicyForm extends Form { set policyUUID(value: string) { new PoliciesApi(DEFAULT_CONFIG).policiesHaveibeenpwnedRead({ policyUuid: value, }).then(policy => { this.policy = policy; }); } @property({attribute: false}) policy?: HaveIBeenPwendPolicy; getSuccessMessage(): string { if (this.policy) { return t`Successfully updated policy.`; } else { return t`Successfully created policy.`; } } send = (data: HaveIBeenPwendPolicy): Promise => { if (this.policy) { return new PoliciesApi(DEFAULT_CONFIG).policiesHaveibeenpwnedUpdate({ policyUuid: this.policy.pk || "", data: data }); } else { return new PoliciesApi(DEFAULT_CONFIG).policiesHaveibeenpwnedCreate({ data: data }); } }; renderForm(): TemplateResult { return html`
${t`Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that. Note that only a part of the hash of the password is sent, the full comparison is done clientside.`}

${t`When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.`}

${t`Policy-specific settings`}

${t`Field key to check, field keys defined in Prompt stages are available.`}

${t`Allow up to N occurrences in the HIBP database.`}

`; } }