diff --git a/TODO.text b/TODO.text new file mode 100644 index 0000000..889a994 --- /dev/null +++ b/TODO.text @@ -0,0 +1,21 @@ +- Tagline bug - cannot save with empty text +- Profile photos + - Allow uploading/changing + - Default photo + - Expose photo endpoint for public services +- App setup wizard +- SAML IAM handling +- LDAP IAM handling +- User registration +- Cobalt form JSON field type - Setting resource +- MFA recovery codes handling +- Forgot password handling + - Admin password reset mechanism -> flag users as needing PW resets + - Make this a general flow for pre-empting user logins +- Cobalt form - when multiselect make selection box taller +- Cobalt form - after action handlers + - e.g. after insert perform action + - e.g. after update perform action, &c. +- IAM manage user API scopes +- Eliminate LDAP group model, make LDAP server use standard auth group +- OAuth2 -> support refresh tokens diff --git a/Units.flitter.js b/Units.flitter.js index 80ac02f..5633aae 100644 --- a/Units.flitter.js +++ b/Units.flitter.js @@ -31,6 +31,7 @@ const FlitterUnits = { * Custom units that modify or add functionality that needs to be made * available to the middleware-routing-controller stack. */ + 'Settings' : require('./app/unit/SettingsUnit'), 'Upload' : require('flitter-upload/UploadUnit'), 'Less' : require('flitter-less/LessUnit'), 'LDAPServer' : require('./app/unit/LDAPServerUnit'), diff --git a/app/assets/app/InvokeAction.component.js b/app/assets/app/InvokeAction.component.js new file mode 100644 index 0000000..0509fb8 --- /dev/null +++ b/app/assets/app/InvokeAction.component.js @@ -0,0 +1,17 @@ +import { Component } from '../lib/vues6/vues6.js' +import { action_service } from './service/Action.service.js'; + +const template = ` +
+` + +export default class InvokeActionComponent extends Component { + static get selector() { return 'coreid-invoke-action' } + static get template() { return template } + static get props() { return ['action'] } + + async vue_on_create() { + console.log('IAC', this) + await action_service.perform(this.action) + } +} diff --git a/app/assets/app/components.js b/app/assets/app/components.js index 6198307..25cd76e 100644 --- a/app/assets/app/components.js +++ b/app/assets/app/components.js @@ -4,6 +4,7 @@ import MFASetupPage from './auth/MFASetup.component.js' import MFAChallengePage from './auth/MFAChallenge.component.js' import MFADisableComponent from './auth/MFADisable.component.js' import PasswordResetComponent from './auth/PasswordReset.component.js' +import InvokeActionComponent from './InvokeAction.component.js' const components = { AuthLoginForm, @@ -12,6 +13,7 @@ const components = { MFAChallengePage, MFADisableComponent, PasswordResetComponent, + InvokeActionComponent, } export { components } diff --git a/app/assets/app/dash/NavBar.component.js b/app/assets/app/dash/NavBar.component.js index 375e204..e5eb349 100644 --- a/app/assets/app/dash/NavBar.component.js +++ b/app/assets/app/dash/NavBar.component.js @@ -64,6 +64,7 @@ export default class NavBarComponent extends Component { async vue_on_create() { this.can.api_tokens = await session.check_permissions('v1:reflect:tokens:list') + this.$forceUpdate() } toggle_sidebar() { diff --git a/app/assets/app/dash/SideBar.component.js b/app/assets/app/dash/SideBar.component.js index 1713e19..04be211 100644 --- a/app/assets/app/dash/SideBar.component.js +++ b/app/assets/app/dash/SideBar.component.js @@ -77,8 +77,9 @@ export default class SideBarComponent extends Component { }, { text: 'Settings', - action: 'redirect', - next: '/dash/settings', + action: 'list', + type: 'resource', + resource: 'Setting', }, ] diff --git a/app/assets/app/resource/Setting.resource.js b/app/assets/app/resource/Setting.resource.js new file mode 100644 index 0000000..b0fe10f --- /dev/null +++ b/app/assets/app/resource/Setting.resource.js @@ -0,0 +1,52 @@ +import CRUDBase from './CRUDBase.js' + +class SettingResource extends CRUDBase { + endpoint = '/api/v1/settings' + required_fields = ['key', 'value'] + permission_base = 'v1:settings' + + item = 'Setting' + plural = 'Settings' + + listing_definition = { + columns: [ + { + name: 'Setting Key', + field: 'key', + }, + { + name: 'Value', + field: 'value', + renderer: (v) => JSON.stringify(v), + }, + ], + actions: [ + { + type: 'resource', + position: 'row', + action: 'update', + icon: 'fa fa-edit', + color: 'primary', + }, + ], + } + + form_definition = { + fields: [ + { + name: 'Setting Key', + field: 'key', + type: 'text', + readonly: true, + }, + { + name: 'Value (JSON)', + field: 'value', + type: 'json', + }, + ], + } +} + +const setting = new SettingResource() +export { setting } diff --git a/app/assets/app/service/Action.service.js b/app/assets/app/service/Action.service.js index d829faa..0b95582 100644 --- a/app/assets/app/service/Action.service.js +++ b/app/assets/app/service/Action.service.js @@ -23,6 +23,26 @@ class ActionService { } else if ( action === 'list' ) { return location_service.redirect(`/dash/c/listing/${resource}`, 0) } + } else if ( action === 'post' ) { + const inputs = [] + + if ( args.params ) { + for (const param in args.params) { + if ( !args.params.hasOwnProperty(param) ) continue + inputs.push(``) + } + } + + const form_attrs = ['method="POST"'] + if ( args.destination ) { + form_attrs.push(`action="${args.destination}"`) + } + + $(` + + `).appendTo('body').submit() } else { throw new TypeError(`Unknown action type: ${action}`) } diff --git a/app/controllers/api/v1/Settings.controller.js b/app/controllers/api/v1/Settings.controller.js new file mode 100644 index 0000000..a46f018 --- /dev/null +++ b/app/controllers/api/v1/Settings.controller.js @@ -0,0 +1,47 @@ +const { Controller } = require('libflitter') + +class SettingsController extends Controller { + static get services() { + return [...super.services, 'models'] + } + + async get_settings(req, res, next) { + const Setting = this.models.get('Setting') + const settings = await Setting.find() + const data = [] + + for ( const setting of settings ) { + data.push(await setting.to_api()) + } + + return res.api(data) + } + + async get_setting(req, res, next) { + const Setting = this.models.get('Setting') + const setting = await Setting.findOne({ key: req.params.key }) + + if ( !setting ) + return res.status(404) + .message('No setting exists with that key.') + .api() + + return res.api(await setting.to_api()) + } + + async update_setting(req, res, next) { + const Setting = this.models.get('Setting') + const setting = await Setting.findOne({ key: req.params.key }) + + if ( !setting ) + return res.status(404) + .message('No setting exists with that key.') + .api() + + setting.set(req.body.value) + await setting.save() + return res.api() + } +} + +module.exports = exports = SettingsController diff --git a/app/controllers/auth/Oauth2.controller.js b/app/controllers/auth/Oauth2.controller.js index 6203cbf..f018e3e 100644 --- a/app/controllers/auth/Oauth2.controller.js +++ b/app/controllers/auth/Oauth2.controller.js @@ -7,6 +7,67 @@ const Oauth2Controller = require('flitter-auth/controllers/Oauth2') * as you need. */ class Oauth2 extends Oauth2Controller { + static get services() { + return [...super.services, 'Vue', 'configs', 'models'] + } + + async authorize_post(req, res, next) { + const client = await this._get_authorize_client({query: req.body}) + if ( !client ) return this._uniform(res, 'Unable to authorize client application. The application config is invalid. Please check the client ID and redirect URI and try again.') + + const StarshipClient = this.models.get('oauth:Client') + const starship_client = await StarshipClient.findOne({ active: true, uuid: client.clientID }) + + req.user.authorize(starship_client) + await req.user.save() + return super.authorize_post(req, res, next) + } + + async authorize_get(req, res, next) { + const client = await this._get_authorize_client(req) + if ( !client ) return this._uniform(res, 'Unable to authorize client application. The application config is invalid. Please check the client ID and redirect URI and try again.') + const uri = new URL(req.query.redirect_uri) + + const StarshipClient = this.models.get('oauth:Client') + const starship_client = await StarshipClient.findOne({ active: true, uuid: client.clientID }) + + if ( req.user.has_authorized(starship_client) ) { + return this.Vue.invoke_action(res, { + text: 'Grant Access', + action: 'post', + params: { + redirect_uri: uri.toString(), + client_id: client.clientID, + }, + }) + } + + return res.page('public:message', { + ...this.Vue.data({ + message: `