Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
c725f14bf2
|
|||
|
9b5216431d
|
|||
|
1d5c00768c
|
|||
|
7f1c9ec9a8
|
|||
|
fe0a4d5991
|
|||
|
f06ff83dce
|
|||
|
251aa6cf97
|
|||
|
60003d64d5
|
|||
|
535dde13ff
|
|||
|
63d102296f
|
|||
|
77d203b2b0
|
|||
|
fcbf25e3ce
|
|||
|
084ec7bbc1
|
|||
|
6b3339a883
|
|||
|
8f1bbfef56
|
|||
|
e400e16ccc
|
|||
|
97096f619f
|
@@ -38,14 +38,18 @@ export default class MFAChallengePage extends Component {
|
||||
static get props() { return ['app_name'] }
|
||||
static get template() { return template }
|
||||
|
||||
loading = false
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
verify_code = ''
|
||||
verify_success = false
|
||||
this.loading = false
|
||||
|
||||
error_message = ''
|
||||
other_message = ''
|
||||
t = {}
|
||||
this.verify_code = ''
|
||||
this.verify_success = false
|
||||
|
||||
this.error_message = ''
|
||||
this.other_message = ''
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
async vue_on_create() {
|
||||
this.t = await T(
|
||||
|
||||
@@ -28,12 +28,16 @@ export default class MFADisableComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get props() { return [] }
|
||||
|
||||
app_name = ''
|
||||
step = 0
|
||||
loading = false
|
||||
error_message = ''
|
||||
other_message = ''
|
||||
t = {}
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
this.app_name = ''
|
||||
this.step = 0
|
||||
this.loading = false
|
||||
this.error_message = ''
|
||||
this.other_message = ''
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
async vue_on_create() {
|
||||
this.app_name = session.get('app.name')
|
||||
|
||||
@@ -38,12 +38,16 @@ export default class MFARecoveryComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get props() { return ['app_name'] }
|
||||
|
||||
verify_success = false
|
||||
loading = false
|
||||
recovery_code = ''
|
||||
error_message = ''
|
||||
other_message = ''
|
||||
t = {}
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
this.verify_success = false
|
||||
this.loading = false
|
||||
this.recovery_code = ''
|
||||
this.error_message = ''
|
||||
this.other_message = ''
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
async vue_on_create() {
|
||||
this.t = await T(
|
||||
|
||||
@@ -61,19 +61,23 @@ export default class MFASetupPage extends Component {
|
||||
static get props() { return ['app_name'] }
|
||||
static get template() { return template }
|
||||
|
||||
loading = false
|
||||
step = 0
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
qr_data = ''
|
||||
otpauth_url = ''
|
||||
secret = ''
|
||||
verify_code = ''
|
||||
this.loading = false
|
||||
this.step = 0
|
||||
|
||||
verify_success = false
|
||||
this.qr_data = ''
|
||||
this.otpauth_url = ''
|
||||
this.secret = ''
|
||||
this.verify_code = ''
|
||||
|
||||
error_message = ''
|
||||
other_message = ''
|
||||
t = {}
|
||||
this.verify_success = false
|
||||
|
||||
this.error_message = ''
|
||||
this.other_message = ''
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
async vue_on_create() {
|
||||
this.t = await T(
|
||||
|
||||
@@ -25,7 +25,11 @@ export default class AuthPage extends Component {
|
||||
static get props() { return ['app_name', 'message', 'actions'] }
|
||||
static get template() { return template }
|
||||
|
||||
loading = false
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
this.loading = false
|
||||
}
|
||||
|
||||
async action_click(index) {
|
||||
this.loading = true
|
||||
|
||||
@@ -78,23 +78,27 @@ export default class PasswordResetComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get props() { return ['app_name'] }
|
||||
|
||||
step = 0
|
||||
loading = false
|
||||
has_mfa = false
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
error_message = ''
|
||||
other_message = ''
|
||||
this.step = 0
|
||||
this.loading = false
|
||||
this.has_mfa = false
|
||||
|
||||
step_1_valid = false
|
||||
step_1_calc_time = ''
|
||||
step_1_problem = ''
|
||||
this.error_message = ''
|
||||
this.other_message = ''
|
||||
|
||||
step_2_valid = false
|
||||
this.step_1_valid = false
|
||||
this.step_1_calc_time = ''
|
||||
this.step_1_problem = ''
|
||||
|
||||
password = ''
|
||||
confirm_password = ''
|
||||
t = {}
|
||||
ready = false
|
||||
this.step_2_valid = false
|
||||
|
||||
this.password = ''
|
||||
this.confirm_password = ''
|
||||
this.t = {}
|
||||
this.ready = false
|
||||
}
|
||||
|
||||
async vue_on_create() {
|
||||
this.has_mfa = !!session.get('user.has_mfa')
|
||||
|
||||
@@ -63,18 +63,21 @@ export default class AuthLoginForm extends Component {
|
||||
] }
|
||||
static get template() { return template }
|
||||
|
||||
username = ''
|
||||
password = ''
|
||||
button_text = ''
|
||||
step_two = false
|
||||
btn_disabled = true
|
||||
loading = false
|
||||
error_message = ''
|
||||
other_message = ''
|
||||
allow_back = true
|
||||
auth_user = false
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
t = {}
|
||||
this.username = ''
|
||||
this.password = ''
|
||||
this.button_text = ''
|
||||
this.step_two = false
|
||||
this.btn_disabled = true
|
||||
this.loading = false
|
||||
this.error_message = ''
|
||||
this.other_message = ''
|
||||
this.allow_back = true
|
||||
this.auth_user = false
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
watch_username(new_username, old_username) {
|
||||
this.btn_disabled = !new_username
|
||||
|
||||
@@ -98,19 +98,23 @@ export default class RegistrationFormComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get props() { return ['app_name'] }
|
||||
|
||||
loading = false
|
||||
step = 1
|
||||
other_message = ''
|
||||
error_message = ''
|
||||
message = ''
|
||||
btn_disabled = true
|
||||
button_text = ''
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
first_name = ''
|
||||
last_name = ''
|
||||
username = ''
|
||||
email = ''
|
||||
t = {}
|
||||
this.loading = false
|
||||
this.step = 1
|
||||
this.other_message = ''
|
||||
this.error_message = ''
|
||||
this.message = ''
|
||||
this.btn_disabled = true
|
||||
this.button_text = ''
|
||||
|
||||
this.first_name = ''
|
||||
this.last_name = ''
|
||||
this.username = ''
|
||||
this.email = ''
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
async vue_on_create() {
|
||||
// Batch-load translated phrases
|
||||
|
||||
@@ -146,20 +146,24 @@ export default class FormComponent extends Component {
|
||||
return ['resource', 'form_id', 'initial_mode']
|
||||
}
|
||||
|
||||
definition = {}
|
||||
data = {}
|
||||
uuid = ''
|
||||
title = ''
|
||||
error_message = ''
|
||||
other_message = ''
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
access_msg = ''
|
||||
can_access = false
|
||||
this.definition = {}
|
||||
this.data = {}
|
||||
this.uuid = ''
|
||||
this.title = ''
|
||||
this.error_message = ''
|
||||
this.other_message = ''
|
||||
|
||||
is_ready = false
|
||||
mode = ''
|
||||
id = ''
|
||||
t = {}
|
||||
this.access_msg = ''
|
||||
this.can_access = false
|
||||
|
||||
this.is_ready = false
|
||||
this.mode = ''
|
||||
this.id = ''
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
reset() {
|
||||
this.definition = {}
|
||||
|
||||
@@ -65,13 +65,17 @@ export default class ListingComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get props() { return ['resource'] }
|
||||
|
||||
definition = {}
|
||||
data = []
|
||||
resource_class = {}
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
access_msg = ''
|
||||
can_access = false
|
||||
t = {}
|
||||
this.definition = {}
|
||||
this.data = []
|
||||
this.resource_class = {}
|
||||
|
||||
this.access_msg = ''
|
||||
this.can_access = false
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
async vue_on_create() {
|
||||
this.t = await T(
|
||||
|
||||
@@ -232,35 +232,39 @@ export default class AppSetupComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get props() { return [] }
|
||||
|
||||
step = 0
|
||||
btn_disabled = true
|
||||
btn_back = false
|
||||
btn_hidden = false
|
||||
btn_listing = false
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
name = ''
|
||||
identifier = ''
|
||||
type = '' // ldap | saml | oauth
|
||||
oauth_redirect_uri = ''
|
||||
this.step = 0
|
||||
this.btn_disabled = true
|
||||
this.btn_back = false
|
||||
this.btn_hidden = false
|
||||
this.btn_listing = false
|
||||
|
||||
saml_entity_id = ''
|
||||
saml_acs_url = ''
|
||||
saml_slo_url = ''
|
||||
this.name = ''
|
||||
this.identifier = ''
|
||||
this.type = '' // ldap | saml | oauth
|
||||
this.oauth_redirect_uri = ''
|
||||
|
||||
ldap_username = ''
|
||||
ldap_password = ''
|
||||
ldap_password_confirm = ''
|
||||
ldap_config = {}
|
||||
this.saml_entity_id = ''
|
||||
this.saml_acs_url = ''
|
||||
this.saml_slo_url = ''
|
||||
|
||||
error_message = ''
|
||||
this.ldap_username = ''
|
||||
this.ldap_password = ''
|
||||
this.ldap_password_confirm = ''
|
||||
this.ldap_config = {}
|
||||
|
||||
app = {}
|
||||
oauth_client = {}
|
||||
saml_provider = {}
|
||||
ldap_client = {}
|
||||
this.error_message = ''
|
||||
|
||||
app_name = ''
|
||||
host = ''
|
||||
this.app = {}
|
||||
this.oauth_client = {}
|
||||
this.saml_provider = {}
|
||||
this.ldap_client = {}
|
||||
|
||||
this.app_name = ''
|
||||
this.host = ''
|
||||
}
|
||||
|
||||
make_url(path) {
|
||||
return session.url(path)
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
import { Component } from '../../lib/vues6/vues6.js'
|
||||
import { event_bus } from '../service/EventBus.service.js'
|
||||
import { session } from '../service/Session.service.js'
|
||||
import { message_service } from '../service/Message.service.js'
|
||||
|
||||
const template = `
|
||||
<nav class="navbar navbar-expand-lg navbar-light bg-light border-bottom">
|
||||
@@ -53,10 +52,10 @@ export default class NavBarComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get props() { return [] }
|
||||
|
||||
can = {}
|
||||
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
this.can = {}
|
||||
this.toggle_event = event_bus.event('sidebar.toggle')
|
||||
this.first_name = session.get('user.first_name')
|
||||
this.last_name = session.get('user.last_name')
|
||||
|
||||
@@ -23,9 +23,14 @@ export default class SideBarComponent extends Component {
|
||||
static get props() { return ['app_name'] }
|
||||
static get template() { return template }
|
||||
|
||||
actions = []
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
possible_actions = [
|
||||
this.actions = []
|
||||
|
||||
this.isCollapsed = false
|
||||
|
||||
this.possible_actions = [
|
||||
{
|
||||
text: 'Profile',
|
||||
action: 'redirect',
|
||||
@@ -87,8 +92,6 @@ export default class SideBarComponent extends Component {
|
||||
},
|
||||
]
|
||||
|
||||
constructor() {
|
||||
super()
|
||||
event_bus.event('sidebar.toggle').subscribe(() => {
|
||||
this.toggle()
|
||||
})
|
||||
@@ -120,8 +123,6 @@ export default class SideBarComponent extends Component {
|
||||
this.actions = new_actions
|
||||
}
|
||||
|
||||
isCollapsed = false
|
||||
|
||||
toggle() {
|
||||
this.isCollapsed = !this.isCollapsed
|
||||
}
|
||||
|
||||
@@ -68,8 +68,12 @@ export default class MessageContainerComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get props() { return [] }
|
||||
|
||||
messages = []
|
||||
modals = []
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
this.messages = []
|
||||
this.modals = []
|
||||
}
|
||||
|
||||
vue_on_create() {
|
||||
this.alert_event = event_bus.event('message.alert')
|
||||
|
||||
@@ -195,31 +195,35 @@ export default class EditProfileComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get props() { return ['user_id'] }
|
||||
|
||||
profile_first = ''
|
||||
profile_last = ''
|
||||
profile_email = ''
|
||||
profile_tagline = ''
|
||||
last_reset = ''
|
||||
mfa_enable_date = ''
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
has_mfa_recovery = false
|
||||
mfa_recovery_date = ''
|
||||
mfa_recovery_codes = 0
|
||||
this.profile_first = ''
|
||||
this.profile_last = ''
|
||||
this.profile_email = ''
|
||||
this.profile_tagline = ''
|
||||
this.last_reset = ''
|
||||
this.mfa_enable_date = ''
|
||||
|
||||
form_message = 'No changes.'
|
||||
this.has_mfa_recovery = false
|
||||
this.mfa_recovery_date = ''
|
||||
this.mfa_recovery_codes = 0
|
||||
|
||||
has_mfa = false
|
||||
ready = false
|
||||
this.form_message = 'No changes.'
|
||||
|
||||
notify_gateway_url = ''
|
||||
notify_app_key = ''
|
||||
notify_enabled = false
|
||||
notify_created_on = ''
|
||||
notify_loaded = false
|
||||
this.has_mfa = false
|
||||
this.ready = false
|
||||
|
||||
app_passwords = []
|
||||
app_name = ''
|
||||
t = {}
|
||||
this.notify_gateway_url = ''
|
||||
this.notify_app_key = ''
|
||||
this.notify_enabled = false
|
||||
this.notify_created_on = ''
|
||||
this.notify_loaded = false
|
||||
|
||||
this.app_passwords = []
|
||||
this.app_name = ''
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
on_key_up = ($event) => {}
|
||||
|
||||
|
||||
@@ -72,12 +72,16 @@ export default class AppPasswordFormComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get props() { return [] }
|
||||
|
||||
name = ''
|
||||
valid = false
|
||||
uuid = ''
|
||||
enable_form = true
|
||||
display_password = ''
|
||||
t = {}
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
this.name = ''
|
||||
this.valid = false
|
||||
this.uuid = ''
|
||||
this.enable_form = true
|
||||
this.display_password = ''
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
async vue_on_create() {
|
||||
this.t = await T(
|
||||
|
||||
@@ -29,8 +29,12 @@ export default class ProfilePhotoUploaderComponent extends Component {
|
||||
static get template() { return template }
|
||||
static get params() { return [] }
|
||||
|
||||
ready = false
|
||||
t = {}
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
this.ready = false
|
||||
this.t = {}
|
||||
}
|
||||
|
||||
async vue_on_create() {
|
||||
this.t = await T(
|
||||
|
||||
@@ -2,14 +2,17 @@ import CRUDBase from './CRUDBase.js'
|
||||
import { session } from '../service/Session.service.js'
|
||||
|
||||
class AppResource extends CRUDBase {
|
||||
endpoint = '/api/v1/applications'
|
||||
required_fields = ['name', 'identifier']
|
||||
permission_base = 'v1:applications'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'Application'
|
||||
plural = 'Applications'
|
||||
this.endpoint = '/api/v1/applications'
|
||||
this.required_fields = ['name', 'identifier']
|
||||
this.permission_base = 'v1:applications'
|
||||
|
||||
listing_definition = {
|
||||
this.item = 'Application'
|
||||
this.plural = 'Applications'
|
||||
|
||||
this.listing_definition = {
|
||||
display: `
|
||||
An application is anything that can authenticate users against ${session.get('app.name')}. Applications can have any number of associated LDAP clients, SAML service providers, and OAuth2 clients.
|
||||
`,
|
||||
@@ -60,7 +63,7 @@ class AppResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'Name',
|
||||
@@ -123,6 +126,7 @@ class AppResource extends CRUDBase {
|
||||
},
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const app = new AppResource()
|
||||
|
||||
@@ -2,15 +2,17 @@ import APIParseError from './APIParseError.js'
|
||||
import { session } from '../service/Session.service.js'
|
||||
|
||||
export default class CRUDBase {
|
||||
endpoint = '/api/v1'
|
||||
required_fields = []
|
||||
permission_base = ''
|
||||
constructor() {
|
||||
this.endpoint = '/api/v1'
|
||||
this.required_fields = []
|
||||
this.permission_base = ''
|
||||
|
||||
listing_definition = {}
|
||||
form_definition = {}
|
||||
this.listing_definition = {}
|
||||
this.form_definition = {}
|
||||
|
||||
item = ''
|
||||
plural = ''
|
||||
this.item = ''
|
||||
this.plural = ''
|
||||
}
|
||||
|
||||
async can(action) {
|
||||
return session.check_permissions(`${this.permission_base}:${action}`)
|
||||
|
||||
@@ -2,14 +2,17 @@ import CRUDBase from './CRUDBase.js'
|
||||
import { session } from '../service/Session.service.js'
|
||||
|
||||
class SettingResource extends CRUDBase {
|
||||
endpoint = '/api/v1/settings'
|
||||
required_fields = ['key', 'value']
|
||||
permission_base = 'v1:settings'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'Setting'
|
||||
plural = 'Settings'
|
||||
this.endpoint = '/api/v1/settings'
|
||||
this.required_fields = ['key', 'value']
|
||||
this.permission_base = 'v1:settings'
|
||||
|
||||
listing_definition = {
|
||||
this.item = 'Setting'
|
||||
this.plural = 'Settings'
|
||||
|
||||
this.listing_definition = {
|
||||
display: `
|
||||
<p>These are advanced settings that allow you to tweak the way ${session.get('app.name')} behaves. Tweak them at your own risk.</p>
|
||||
`,
|
||||
@@ -35,7 +38,7 @@ class SettingResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'Setting Key',
|
||||
@@ -50,6 +53,7 @@ class SettingResource extends CRUDBase {
|
||||
},
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const setting = new SettingResource()
|
||||
|
||||
@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
|
||||
import { session } from '../../service/Session.service.js'
|
||||
|
||||
class GroupResource extends CRUDBase {
|
||||
endpoint = '/api/v1/auth/groups'
|
||||
required_fields = ['name']
|
||||
permission_base = 'v1:auth:groups'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'Group'
|
||||
plural = 'Groups'
|
||||
this.endpoint = '/api/v1/auth/groups'
|
||||
this.required_fields = ['name']
|
||||
this.permission_base = 'v1:auth:groups'
|
||||
|
||||
listing_definition = {
|
||||
this.item = 'Group'
|
||||
this.plural = 'Groups'
|
||||
|
||||
this.listing_definition = {
|
||||
display: `
|
||||
In ${session.get('app.name')}, groups are simply a tool for organizing users and assigning permissions and access in bulk. After creating and assigning users to a group, you can manage permissions for that group, and its policies will be applied to all users in that group.
|
||||
`,
|
||||
@@ -50,7 +53,7 @@ class GroupResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'Name',
|
||||
@@ -71,6 +74,7 @@ class GroupResource extends CRUDBase {
|
||||
},
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const auth_group = new GroupResource()
|
||||
|
||||
@@ -1,12 +1,17 @@
|
||||
import CRUDBase from '../CRUDBase.js'
|
||||
|
||||
class RoleResource extends CRUDBase {
|
||||
endpoint = '/api/v1/auth/roles'
|
||||
required_fields = ['role', 'permissions']
|
||||
permission_base = 'v1:auth:roles'
|
||||
|
||||
item = 'Role'
|
||||
plural = 'Roles'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
this.endpoint = '/api/v1/auth/roles'
|
||||
this.required_fields = ['role', 'permissions']
|
||||
this.permission_base = 'v1:auth:roles'
|
||||
|
||||
this.item = 'Role'
|
||||
this.plural = 'Roles'
|
||||
}
|
||||
}
|
||||
|
||||
const auth_role = new RoleResource()
|
||||
|
||||
@@ -1,12 +1,16 @@
|
||||
import CRUDBase from '../CRUDBase.js'
|
||||
|
||||
class TrapResource extends CRUDBase {
|
||||
endpoint = '/api/v1/auth/traps'
|
||||
required_fields = ['name', 'trap', 'redirect_to']
|
||||
permission_base = 'v1:auth:traps'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'Trap'
|
||||
plural = 'Traps'
|
||||
this.endpoint = '/api/v1/auth/traps'
|
||||
this.required_fields = ['name', 'trap', 'redirect_to']
|
||||
this.permission_base = 'v1:auth:traps'
|
||||
|
||||
this.item = 'Trap'
|
||||
this.plural = 'Traps'
|
||||
}
|
||||
}
|
||||
|
||||
const auth_trap = new TrapResource()
|
||||
|
||||
@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
|
||||
import { session } from '../../service/Session.service.js'
|
||||
|
||||
class UserResource extends CRUDBase {
|
||||
endpoint = '/api/v1/auth/users'
|
||||
required_fields = ['uid', 'first_name', 'last_name', 'email']
|
||||
permission_base = 'v1:auth:users'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'User'
|
||||
plural = 'Users'
|
||||
this.endpoint = '/api/v1/auth/users'
|
||||
this.required_fields = ['uid', 'first_name', 'last_name', 'email']
|
||||
this.permission_base = 'v1:auth:users'
|
||||
|
||||
listing_definition = {
|
||||
this.item = 'User'
|
||||
this.plural = 'Users'
|
||||
|
||||
this.listing_definition = {
|
||||
display: `
|
||||
Users can be assigned permissions and, if granted, can manage their ${session.get('app.name')} accounts from the Profile page, as well as login to the external applications they've been given access to.
|
||||
`,
|
||||
@@ -57,7 +60,7 @@ class UserResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'First Name',
|
||||
@@ -111,6 +114,7 @@ class UserResource extends CRUDBase {
|
||||
},
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const auth_user = new UserResource()
|
||||
|
||||
@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
|
||||
import { session } from '../../service/Session.service.js'
|
||||
|
||||
class PolicyResource extends CRUDBase {
|
||||
endpoint = '/api/v1/iam/policy'
|
||||
required_fields = ['entity_id', 'entity_type', 'target_id', 'target_type', 'access_type']
|
||||
permission_base = 'v1:iam:policy'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'IAM Policy'
|
||||
plural = 'IAM Policies'
|
||||
this.endpoint = '/api/v1/iam/policy'
|
||||
this.required_fields = ['entity_id', 'entity_type', 'target_id', 'target_type', 'access_type']
|
||||
this.permission_base = 'v1:iam:policy'
|
||||
|
||||
listing_definition = {
|
||||
this.item = 'IAM Policy'
|
||||
this.plural = 'IAM Policies'
|
||||
|
||||
this.listing_definition = {
|
||||
display: `
|
||||
Identity & Access Management (IAM) policies give you fine grained control over which ${session.get('app.name')} users and groups are allowed to access which applications.
|
||||
<br><br>
|
||||
@@ -65,7 +68,7 @@ class PolicyResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'Subject Type',
|
||||
@@ -73,8 +76,8 @@ class PolicyResource extends CRUDBase {
|
||||
required: true,
|
||||
type: 'select',
|
||||
options: [
|
||||
{ display: 'User', value: 'user' },
|
||||
{ display: 'Group', value: 'group' },
|
||||
{display: 'User', value: 'user'},
|
||||
{display: 'Group', value: 'group'},
|
||||
],
|
||||
},
|
||||
{
|
||||
@@ -107,8 +110,8 @@ class PolicyResource extends CRUDBase {
|
||||
required: true,
|
||||
type: 'select',
|
||||
options: [
|
||||
{ display: '...is granted access to...', value: 'allow' },
|
||||
{ display: '...is denied access to...', value: 'deny' },
|
||||
{display: '...is granted access to...', value: 'allow'},
|
||||
{display: '...is denied access to...', value: 'deny'},
|
||||
],
|
||||
},
|
||||
{
|
||||
@@ -117,8 +120,8 @@ class PolicyResource extends CRUDBase {
|
||||
required: true,
|
||||
type: 'select',
|
||||
options: [
|
||||
{ display: 'Application', value: 'application' },
|
||||
{ display: 'API Scope', value: 'api_scope' },
|
||||
{display: 'Application', value: 'application'},
|
||||
{display: 'API Scope', value: 'api_scope'},
|
||||
],
|
||||
},
|
||||
{
|
||||
@@ -155,6 +158,7 @@ class PolicyResource extends CRUDBase {
|
||||
},
|
||||
},*/
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const iam_policy = new PolicyResource()
|
||||
|
||||
@@ -2,19 +2,18 @@ import CRUDBase from '../CRUDBase.js'
|
||||
import { session } from '../../service/Session.service.js'
|
||||
|
||||
class ClientResource extends CRUDBase {
|
||||
endpoint = '/api/v1/ldap/clients'
|
||||
required_fields = ['name', 'uid', 'password']
|
||||
permission_base = 'v1:ldap:clients'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'LDAP Client'
|
||||
plural = 'LDAP Clients'
|
||||
this.endpoint = '/api/v1/ldap/clients'
|
||||
this.required_fields = ['name', 'uid', 'password']
|
||||
this.permission_base = 'v1:ldap:clients'
|
||||
|
||||
async server_config() {
|
||||
const results = await axios.get('/api/v1/ldap/config')
|
||||
if ( results && results.data && results.data.data ) return results.data.data
|
||||
}
|
||||
this.item = 'LDAP Client'
|
||||
this.plural = 'LDAP Clients'
|
||||
|
||||
listing_definition = {
|
||||
|
||||
this.listing_definition = {
|
||||
display: `
|
||||
LDAP Clients are special user accounts that external applications can use to bind to ${session.get('app.name')}'s built-in LDAP server to allow these applications to authenticate users.
|
||||
<br><br>
|
||||
@@ -56,7 +55,7 @@ class ClientResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'Provider Name',
|
||||
@@ -80,6 +79,12 @@ class ClientResource extends CRUDBase {
|
||||
},
|
||||
],
|
||||
}
|
||||
}
|
||||
|
||||
async server_config() {
|
||||
const results = await axios.get('/api/v1/ldap/config')
|
||||
if (results && results.data && results.data.data) return results.data.data
|
||||
}
|
||||
}
|
||||
|
||||
const ldap_client = new ClientResource()
|
||||
|
||||
@@ -1,14 +1,17 @@
|
||||
import CRUDBase from '../CRUDBase.js'
|
||||
|
||||
class GroupResource extends CRUDBase {
|
||||
endpoint = '/api/v1/ldap/groups'
|
||||
required_fields = ['name', 'role']
|
||||
permission_base = 'v1:ldap:groups'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'LDAP Group'
|
||||
plural = 'LDAP Groups'
|
||||
this.endpoint = '/api/v1/ldap/groups'
|
||||
this.required_fields = ['name', 'role']
|
||||
this.permission_base = 'v1:ldap:groups'
|
||||
|
||||
listing_definition = {
|
||||
this.item = 'LDAP Group'
|
||||
this.plural = 'LDAP Groups'
|
||||
|
||||
this.listing_definition = {
|
||||
columns: [
|
||||
{
|
||||
name: 'Group Name',
|
||||
@@ -50,7 +53,7 @@ class GroupResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
// back_action: {
|
||||
// text: 'Back',
|
||||
// action: 'back',
|
||||
@@ -93,6 +96,7 @@ class GroupResource extends CRUDBase {
|
||||
},
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const ldap_group = new GroupResource()
|
||||
|
||||
@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
|
||||
import { session } from '../../service/Session.service.js';
|
||||
|
||||
class ClientResource extends CRUDBase {
|
||||
endpoint = '/api/v1/oauth/clients'
|
||||
required_fields = ['name', 'redirect_url', 'api_scopes']
|
||||
permission_base = 'v1:oauth:clients'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'OAuth2 Client'
|
||||
plural = 'OAuth2 Clients'
|
||||
this.endpoint = '/api/v1/oauth/clients'
|
||||
this.required_fields = ['name', 'redirect_url', 'api_scopes']
|
||||
this.permission_base = 'v1:oauth:clients'
|
||||
|
||||
listing_definition = {
|
||||
this.item = 'OAuth2 Client'
|
||||
this.plural = 'OAuth2 Clients'
|
||||
|
||||
this.listing_definition = {
|
||||
display: `
|
||||
OAuth2 clients are applications that support authentication over the OAuth2 protocol. This allows you to add a "Sign-In with XXX" button for ${session.get('app.name')} to the application in question. To do this, you need to create an OAuth2 client for that application, and provide the name, redirect URL, and API scopes.
|
||||
<br><br>
|
||||
@@ -58,7 +61,7 @@ class ClientResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'Client Name',
|
||||
@@ -101,6 +104,7 @@ class ClientResource extends CRUDBase {
|
||||
},
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const oauth_client = new ClientResource()
|
||||
|
||||
@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
|
||||
import { session } from '../../service/Session.service.js'
|
||||
|
||||
class ClientResource extends CRUDBase {
|
||||
endpoint = '/openid/clients'
|
||||
required_fields = ['client_name', 'grant_types', 'redirect_uri']
|
||||
permission_base = 'v1:openid:clients'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'OpenID Connect Client'
|
||||
plural = 'OpenID Connect Clients'
|
||||
this.endpoint = '/openid/clients'
|
||||
this.required_fields = ['client_name', 'grant_types', 'redirect_uri']
|
||||
this.permission_base = 'v1:openid:clients'
|
||||
|
||||
listing_definition = {
|
||||
this.item = 'OpenID Connect Client'
|
||||
this.plural = 'OpenID Connect Clients'
|
||||
|
||||
this.listing_definition = {
|
||||
display: `
|
||||
OpenID Connect clients are applications that support authentication over the OpenID Connect protocol. This allows you to add a "Sign-In with XXX" button for ${session.get('app.name')} to the application in question. To do this, the application need only comply with the OpenID standards.
|
||||
`,
|
||||
@@ -49,7 +52,7 @@ class ClientResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'Client Name',
|
||||
@@ -70,8 +73,8 @@ class ClientResource extends CRUDBase {
|
||||
field: 'grant_types',
|
||||
type: 'select.multiple',
|
||||
options: [
|
||||
{ display: 'Refresh Token', value: 'refresh_token' },
|
||||
{ display: 'Authorization Code', value: 'authorization_code' },
|
||||
{display: 'Refresh Token', value: 'refresh_token'},
|
||||
{display: 'Authorization Code', value: 'authorization_code'},
|
||||
],
|
||||
required: true,
|
||||
},
|
||||
@@ -91,6 +94,7 @@ class ClientResource extends CRUDBase {
|
||||
},
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const openid_client = new ClientResource()
|
||||
|
||||
@@ -1,12 +1,16 @@
|
||||
import CRUDBase from '../CRUDBase.js'
|
||||
|
||||
class ScopeResource extends CRUDBase {
|
||||
endpoint = '/api/v1/reflect/scopes'
|
||||
required_fields = ['scope']
|
||||
permission_base = 'v1:reflect:scopes'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'API Scope'
|
||||
plural = 'API Scopes'
|
||||
this.endpoint = '/api/v1/reflect/scopes'
|
||||
this.required_fields = ['scope']
|
||||
this.permission_base = 'v1:reflect:scopes'
|
||||
|
||||
this.item = 'API Scope'
|
||||
this.plural = 'API Scopes'
|
||||
}
|
||||
}
|
||||
|
||||
const reflect_scope = new ScopeResource()
|
||||
|
||||
@@ -1,14 +1,16 @@
|
||||
import CRUDBase from '../CRUDBase.js'
|
||||
|
||||
class TokenResource extends CRUDBase {
|
||||
endpoint = '/api/v1/reflect/tokens'
|
||||
required_fields = ['client_id']
|
||||
permission_base = 'v1:reflect:tokens'
|
||||
constructor() {
|
||||
super()
|
||||
this.endpoint = '/api/v1/reflect/tokens'
|
||||
this.required_fields = ['client_id']
|
||||
this.permission_base = 'v1:reflect:tokens'
|
||||
|
||||
item = 'API Token'
|
||||
plural = 'API Tokens'
|
||||
this.item = 'API Token'
|
||||
this.plural = 'API Tokens'
|
||||
|
||||
listing_definition = {
|
||||
this.listing_definition = {
|
||||
display: `
|
||||
This allows you to create bearer tokens manually to allow for easier testing of the API. Notably, this is meant as a measure for testing and development, not for long term use.
|
||||
<br><br>
|
||||
@@ -54,7 +56,7 @@ class TokenResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'Client',
|
||||
@@ -83,6 +85,7 @@ class TokenResource extends CRUDBase {
|
||||
},
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const reflect_token = new TokenResource()
|
||||
|
||||
@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
|
||||
import { session } from '../../service/Session.service.js'
|
||||
|
||||
class ProviderResource extends CRUDBase {
|
||||
endpoint = '/api/v1/saml/providers'
|
||||
required_fields = ['name', 'acs_url', 'entity_id']
|
||||
permission_base = 'v1:saml:providers'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'SAML Service Provider'
|
||||
plural = 'SAML Service Providers'
|
||||
this.endpoint = '/api/v1/saml/providers'
|
||||
this.required_fields = ['name', 'acs_url', 'entity_id']
|
||||
this.permission_base = 'v1:saml:providers'
|
||||
|
||||
listing_definition = {
|
||||
this.item = 'SAML Service Provider'
|
||||
this.plural = 'SAML Service Providers'
|
||||
|
||||
this.listing_definition = {
|
||||
display: `SAML Service Providers are applications that support external authentication to a SAML Identity Provider. In this case, ${session.get('app.name')} is the identity provider, so these external applications can authenticate against it.
|
||||
<br><br>
|
||||
To do this, you need to know the SAML service provider's entity ID, assertion consumer service URL, and single-logout URL (if supported).`,
|
||||
@@ -58,7 +61,7 @@ class ProviderResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'Provider Name',
|
||||
@@ -89,6 +92,7 @@ class ProviderResource extends CRUDBase {
|
||||
},
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const saml_provider = new ProviderResource()
|
||||
|
||||
@@ -1,14 +1,17 @@
|
||||
import CRUDBase from '../CRUDBase.js'
|
||||
|
||||
class AnnouncementResource extends CRUDBase {
|
||||
endpoint = '/api/v1/system/announcements'
|
||||
required_fields = ['user_ids', 'group_ids', 'title', 'message', 'type']
|
||||
permission_base = 'v1:system:announcements'
|
||||
constructor() {
|
||||
super()
|
||||
|
||||
item = 'System Announcement'
|
||||
plural = 'System Announcements'
|
||||
this.endpoint = '/api/v1/system/announcements'
|
||||
this.required_fields = ['user_ids', 'group_ids', 'title', 'message', 'type']
|
||||
this.permission_base = 'v1:system:announcements'
|
||||
|
||||
listing_definition = {
|
||||
this.item = 'System Announcement'
|
||||
this.plural = 'System Announcements'
|
||||
|
||||
this.listing_definition = {
|
||||
display: `
|
||||
System announcements are administrative messages that you want all or some of your users to see. These messages can be delivered via e-mail, as a message after login, or as a system banner announcement.
|
||||
`,
|
||||
@@ -42,7 +45,7 @@ class AnnouncementResource extends CRUDBase {
|
||||
],
|
||||
}
|
||||
|
||||
form_definition = {
|
||||
this.form_definition = {
|
||||
fields: [
|
||||
{
|
||||
name: 'Title',
|
||||
@@ -79,9 +82,9 @@ class AnnouncementResource extends CRUDBase {
|
||||
field: 'type',
|
||||
type: 'select',
|
||||
options: [
|
||||
{ display: 'Login Intercept', value: 'login' },
|
||||
{ display: 'E-Mail', value: 'email' },
|
||||
{ display: 'System Banner', value: 'banner' },
|
||||
{display: 'Login Intercept', value: 'login'},
|
||||
{display: 'E-Mail', value: 'email'},
|
||||
{display: 'System Banner', value: 'banner'},
|
||||
],
|
||||
},
|
||||
],
|
||||
@@ -92,6 +95,7 @@ class AnnouncementResource extends CRUDBase {
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const system_announcement = new AnnouncementResource()
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
class Event {
|
||||
firings = []
|
||||
subscriptions = []
|
||||
|
||||
constructor(name) {
|
||||
this.name = name
|
||||
this.firings = []
|
||||
this.subscriptions = []
|
||||
}
|
||||
|
||||
subscribe(handler) {
|
||||
@@ -22,7 +22,9 @@ class Event {
|
||||
}
|
||||
|
||||
class EventBusService {
|
||||
_events = {}
|
||||
constructor() {
|
||||
this._events = {}
|
||||
}
|
||||
|
||||
event(name) {
|
||||
if ( !this._events[name] ) {
|
||||
|
||||
@@ -2,7 +2,9 @@ import { event_bus } from './EventBus.service.js'
|
||||
import { auth_api } from './AuthApi.service.js'
|
||||
|
||||
class MessageService {
|
||||
listener_interval = 25000
|
||||
constructor() {
|
||||
this.listener_interval = 25000
|
||||
}
|
||||
|
||||
alert({type, message, timeout = 0, on_dismiss = () => {} }) {
|
||||
event_bus.event('message.alert').fire({ type, message, timeout, on_dismiss })
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
class Session {
|
||||
data = {}
|
||||
constructor() {
|
||||
this.data = {}
|
||||
}
|
||||
|
||||
init(data) {
|
||||
this.data = data
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
class TranslateService {
|
||||
_cache = {}
|
||||
constructor() {
|
||||
this._cache = {}
|
||||
}
|
||||
|
||||
check_cache(...keys) {
|
||||
const obj = {}
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
class UtilityService {
|
||||
_debounce_timeouts = {}
|
||||
constructor() {
|
||||
this._debounce_timeouts = {}
|
||||
}
|
||||
|
||||
uuid() {
|
||||
return ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, c =>
|
||||
|
||||
35
app/assets/error-log.js
Normal file
35
app/assets/error-log.js
Normal file
@@ -0,0 +1,35 @@
|
||||
window.COREID_ERROR_LOG_URL = window.COREID_ERROR_LOG_URL || '/api/v1/log-error'
|
||||
|
||||
async function logError(error) {
|
||||
try {
|
||||
await fetch(window.COREID_ERROR_LOG_URL, {
|
||||
method: 'POST',
|
||||
cache: 'no-cache',
|
||||
headers: {
|
||||
'Accept': 'application/json',
|
||||
'Content-Type': 'application/json',
|
||||
},
|
||||
body: JSON.stringify({
|
||||
full_url: window.location.href,
|
||||
trace: [
|
||||
error.name + ': ' + error.message,
|
||||
error.stack,
|
||||
].join('\n')
|
||||
}),
|
||||
})
|
||||
} catch (e) {}
|
||||
}
|
||||
|
||||
;(function() {
|
||||
var old_onerror = window.onerror
|
||||
|
||||
window.onerror = function(msg, src, line, col, error) {
|
||||
logError(error).then(function() {
|
||||
if ( typeof old_onerror === 'function' ) {
|
||||
try {
|
||||
old_onerror(msg, src, line, col, error)
|
||||
} catch(e) {}
|
||||
}
|
||||
})
|
||||
}
|
||||
})()
|
||||
1
app/assets/lib/axios/axios.min.js
vendored
1
app/assets/lib/axios/axios.min.js
vendored
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
1
app/assets/lib/popper/popper-1.16.0.min.js
vendored
1
app/assets/lib/popper/popper-1.16.0.min.js
vendored
File diff suppressed because one or more lines are too long
@@ -18,6 +18,11 @@ class CoreIDAdapter {
|
||||
expiresAt = new Date(Date.now() + (expiresIn * 1000))
|
||||
}
|
||||
|
||||
if ( payload.uid ) {
|
||||
payload.originalUid = payload.uid
|
||||
payload.uid = payload.uid.toLowerCase()
|
||||
}
|
||||
|
||||
await this.coll().updateOne(
|
||||
{ _id },
|
||||
{ $set: { payload, ...(expiresAt ? { expiresAt } : undefined) } },
|
||||
@@ -34,6 +39,11 @@ class CoreIDAdapter {
|
||||
).limit(1).next()
|
||||
|
||||
if (!result) return undefined
|
||||
|
||||
if ( result?.payload?.originalUid ) {
|
||||
result.payload.uid = result.payload.originalUid
|
||||
}
|
||||
|
||||
return result.payload
|
||||
}
|
||||
|
||||
@@ -49,11 +59,16 @@ class CoreIDAdapter {
|
||||
|
||||
async findByUid(uid) {
|
||||
const result = await this.coll().find(
|
||||
{ 'payload.uid': uid },
|
||||
{ 'payload.uid': uid.toLowerCase() },
|
||||
{ payload: 1 },
|
||||
).limit(1).next()
|
||||
|
||||
if (!result) return undefined
|
||||
|
||||
if ( result?.payload?.originalUid ) {
|
||||
result.payload.uid = result.payload.originalUid
|
||||
}
|
||||
|
||||
return result.payload
|
||||
}
|
||||
|
||||
|
||||
@@ -43,7 +43,7 @@ class FlitterProfileMapper {
|
||||
getClaims() {
|
||||
const claims = {}
|
||||
|
||||
claims[this.map.nameIdentifier] = this.user.uid
|
||||
claims[this.map.nameIdentifier] = this.user.uid.toLowerCase()
|
||||
claims[this.map.email] = this.user.email
|
||||
claims[this.map.name] = `${this.user.first_name} ${this.user.last_name}`
|
||||
claims[this.map.givenname] = this.user.first_name
|
||||
@@ -54,7 +54,7 @@ class FlitterProfileMapper {
|
||||
}
|
||||
|
||||
getNameIdentifier() {
|
||||
return { nameIdentifier: this.user.uid }
|
||||
return { nameIdentifier: this.user.uid.toLowerCase() }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -29,6 +29,12 @@ class Home extends Controller {
|
||||
async tmpl(req, res) {
|
||||
return res.page('tmpl', {...this.Vue.data(), ...this.Vue.session(req)})
|
||||
}
|
||||
|
||||
async log_front_end_error(req, res, next) {
|
||||
const FrontEndError = this.models.get('FrontEndError')
|
||||
await FrontEndError.log(req)
|
||||
return res.api()
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = Home
|
||||
|
||||
@@ -119,14 +119,12 @@ class OpenIDController extends Controller {
|
||||
uid, prompt, params, session,
|
||||
} = await this.openid_connect.provider.interactionDetails(req, res)
|
||||
|
||||
console.log({uid, prompt, params, session})
|
||||
|
||||
const name = prompt.name
|
||||
if ( typeof this[name] !== 'function' ) {
|
||||
return this.fail(res, 'Sorry, something has gone wrong.')
|
||||
}
|
||||
|
||||
return this[name](req, res, { uid, prompt, params, session })
|
||||
return this[name](req, res, { uid: uid.toLowerCase(), prompt, params, session })
|
||||
}
|
||||
|
||||
async consent(req, res, { uid, prompt, params, session }) {
|
||||
@@ -142,13 +140,13 @@ class OpenIDController extends Controller {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
const application = await Application.findOne({ openid_client_ids: params.client_id })
|
||||
if ( !application ) {
|
||||
this.output.warning('IAM Denial!')
|
||||
this.output.warn('IAM Denial!')
|
||||
return this.Vue.auth_message(res, {
|
||||
message: req.T('saml.no_access').replace('APP_NAME', 'this application'),
|
||||
next_destination: '/dash',
|
||||
})
|
||||
} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
|
||||
this.output.warning('IAM Denial!')
|
||||
this.output.warn('IAM Denial!')
|
||||
return this.Vue.auth_message(res, {
|
||||
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
||||
next_destination: '/dash',
|
||||
@@ -172,7 +170,7 @@ class OpenIDController extends Controller {
|
||||
{
|
||||
text: req.T('common.grant'),
|
||||
action: 'redirect',
|
||||
next: `/openid/interaction/${uid}/grant`,
|
||||
next: `/openid/interaction/${uid.toLowerCase()}/grant`,
|
||||
},
|
||||
],
|
||||
})
|
||||
@@ -180,7 +178,7 @@ class OpenIDController extends Controller {
|
||||
}
|
||||
|
||||
async login(req, res, { uid, prompt, params, session }) {
|
||||
return res.redirect(`/openid/interaction/${uid}/start-session`)
|
||||
return res.redirect(`/openid/interaction/${uid.toLowerCase()}/start-session`)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -202,13 +200,13 @@ class OpenIDController extends Controller {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
const application = await Application.findOne({ openid_client_ids: params.client_id })
|
||||
if ( !application ) {
|
||||
this.output.warning('IAM Denial!')
|
||||
this.output.warn('IAM Denial!')
|
||||
return this.Vue.auth_message(res, {
|
||||
message: req.T('saml.no_access').replace('APP_NAME', 'this application'),
|
||||
next_destination: '/dash',
|
||||
})
|
||||
} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
|
||||
this.output.warning('IAM Denial!')
|
||||
this.output.warn('IAM Denial!')
|
||||
return this.Vue.auth_message(res, {
|
||||
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
||||
next_destination: '/dash',
|
||||
@@ -238,13 +236,13 @@ class OpenIDController extends Controller {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
const application = await Application.findOne({ openid_client_ids: params.client_id })
|
||||
if ( !application ) {
|
||||
this.output.warning('IAM Denial!')
|
||||
this.output.warn('IAM Denial!')
|
||||
return this.Vue.auth_message(res, {
|
||||
message: req.T('saml.no_access').replace('APP_NAME', 'this application'),
|
||||
next_destination: '/dash',
|
||||
})
|
||||
} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
|
||||
this.output.warning('IAM Denial!')
|
||||
this.output.warn('IAM Denial!')
|
||||
return this.Vue.auth_message(res, {
|
||||
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
||||
next_destination: '/dash',
|
||||
|
||||
@@ -71,7 +71,7 @@ class AuthController extends Controller {
|
||||
const user = new User({
|
||||
first_name: req.body.first_name,
|
||||
last_name: req.body.last_name,
|
||||
uid: req.body.uid,
|
||||
uid: req.body.uid.toLowerCase(),
|
||||
email: req.body.email,
|
||||
trap: 'password_reset', // Force user to reset password
|
||||
})
|
||||
@@ -297,7 +297,7 @@ class AuthController extends Controller {
|
||||
.api()
|
||||
|
||||
const user = new User({
|
||||
uid: req.body.uid,
|
||||
uid: req.body.uid.toLowerCase(),
|
||||
email: req.body.email,
|
||||
first_name: req.body.first_name,
|
||||
last_name: req.body.last_name,
|
||||
@@ -417,7 +417,7 @@ class AuthController extends Controller {
|
||||
|
||||
user.first_name = req.body.first_name
|
||||
user.last_name = req.body.last_name
|
||||
user.uid = req.body.uid
|
||||
user.uid = req.body.uid.toLowerCase()
|
||||
user.email = req.body.email
|
||||
|
||||
if ( req.body.tagline )
|
||||
@@ -493,7 +493,7 @@ class AuthController extends Controller {
|
||||
|
||||
if ( is_valid ) {
|
||||
const User = this.models.get('auth:User')
|
||||
const user = await User.findOne({uid: req.body.username})
|
||||
const user = await User.findOne({uid: req.body.username.toLowerCase()})
|
||||
if ( !user || !user.can_login ) is_valid = false
|
||||
}
|
||||
|
||||
@@ -511,7 +511,7 @@ class AuthController extends Controller {
|
||||
const data = {}
|
||||
if ( req.body.username ) {
|
||||
const existing_user = await User.findOne({
|
||||
uid: req.body.username,
|
||||
uid: req.body.username.toLowerCase(),
|
||||
})
|
||||
|
||||
data.username_taken = !!existing_user
|
||||
@@ -544,7 +544,8 @@ class AuthController extends Controller {
|
||||
.message(req.T('auth.unable_to_complete'))
|
||||
.api({ errors })
|
||||
|
||||
const login_args = await flitter.get_login_args(req.body)
|
||||
const [username, ...other_args] = await flitter.get_login_args(req.body)
|
||||
const login_args = [username.toLowerCase(), ...other_args]
|
||||
const user = await flitter.login.apply(flitter, login_args)
|
||||
|
||||
if ( !user )
|
||||
|
||||
@@ -96,7 +96,7 @@ class LDAPController extends Controller {
|
||||
|
||||
// Make sure the uid is free
|
||||
const User = this.models.get('auth:User')
|
||||
const existing_user = await User.findOne({ uid: req.body.uid })
|
||||
const existing_user = await User.findOne({ uid: req.body.uid.toLowerCase() })
|
||||
if ( existing_user )
|
||||
return res.status(400)
|
||||
.message(req.T('api.user_already_exists'))
|
||||
@@ -113,7 +113,7 @@ class LDAPController extends Controller {
|
||||
// Create the client
|
||||
const Client = this.models.get('ldap:Client')
|
||||
const client = await Client.create({
|
||||
uid: req.body.uid,
|
||||
uid: req.body.uid.toLowerCase(),
|
||||
password: req.body.password,
|
||||
name: req.body.name,
|
||||
})
|
||||
@@ -210,16 +210,16 @@ class LDAPController extends Controller {
|
||||
}
|
||||
|
||||
// Update the uid
|
||||
if ( req.body.uid !== user.uid ) {
|
||||
if ( req.body.uid.toLowerCase() !== user.uid ) {
|
||||
// Make sure the UID is free
|
||||
const User = this.models.get('auth:User')
|
||||
const existing_user = await User.findOne({ uid: req.body.uid })
|
||||
const existing_user = await User.findOne({ uid: req.body.uid.toLowerCase() })
|
||||
if ( existing_user )
|
||||
return res.status(400)
|
||||
.message(req.T('api.user_already_exists'))
|
||||
.api()
|
||||
|
||||
user.uid = req.body.uid
|
||||
user.uid = req.body.uid.toLowerCase()
|
||||
}
|
||||
|
||||
// Update the password
|
||||
|
||||
@@ -8,7 +8,7 @@ const Oauth2Controller = require('flitter-auth/controllers/Oauth2')
|
||||
*/
|
||||
class Oauth2 extends Oauth2Controller {
|
||||
static get services() {
|
||||
return [...super.services, 'Vue', 'configs', 'models']
|
||||
return [...super.services, 'Vue', 'configs', 'models', 'output']
|
||||
}
|
||||
|
||||
async authorize_post(req, res, next) {
|
||||
@@ -18,6 +18,24 @@ class Oauth2 extends Oauth2Controller {
|
||||
const StarshipClient = this.models.get('oauth:Client')
|
||||
const starship_client = await StarshipClient.findOne({ active: true, uuid: client.clientID })
|
||||
|
||||
// Make sure the user has IAM access before proceeding
|
||||
const Application = this.models.get('Application')
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
const application = await Application.findOne({ oauth_client_ids: starship_client.id })
|
||||
if ( !application ) {
|
||||
this.output.warn('IAM Denial!')
|
||||
return this.Vue.auth_message(res, {
|
||||
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
||||
next_destination: '/dash',
|
||||
})
|
||||
} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
|
||||
this.output.warn('IAM Denial!')
|
||||
return this.Vue.auth_message(res, {
|
||||
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
||||
next_destination: '/dash',
|
||||
})
|
||||
}
|
||||
|
||||
req.user.authorize(starship_client)
|
||||
await req.user.save()
|
||||
return super.authorize_post(req, res, next)
|
||||
@@ -31,6 +49,24 @@ class Oauth2 extends Oauth2Controller {
|
||||
const StarshipClient = this.models.get('oauth:Client')
|
||||
const starship_client = await StarshipClient.findOne({ active: true, uuid: client.clientID })
|
||||
|
||||
// Make sure the user has IAM access before proceeding
|
||||
const Application = this.models.get('Application')
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
const application = await Application.findOne({ oauth_client_ids: starship_client.id })
|
||||
if ( !application ) {
|
||||
this.output.warn('IAM Denial!')
|
||||
return this.Vue.auth_message(res, {
|
||||
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
||||
next_destination: '/dash',
|
||||
})
|
||||
} else if ( !(await Policy.check_user_access(req.user, application.id)) ) {
|
||||
this.output.warn('IAM Denial!')
|
||||
return this.Vue.auth_message(res, {
|
||||
message: req.T('saml.no_access').replace('APP_NAME', application.name),
|
||||
next_destination: '/dash',
|
||||
})
|
||||
}
|
||||
|
||||
if ( req.user.has_authorized(starship_client) ) {
|
||||
return this.Vue.invoke_action(res, {
|
||||
text: 'Grant Access',
|
||||
|
||||
@@ -67,7 +67,7 @@ class SAMLController extends Controller {
|
||||
key: await this.saml.private_key(),
|
||||
protocolBinding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||
clearIdPSession: done => {
|
||||
this.output.info(`${req.T('saml.clear_idp_session')} ${req.user.uid}`)
|
||||
this.output.info(`${req.T('saml.clear_idp_session')} ${req.user.uid.toLowerCase()}`)
|
||||
req.saml.participants.clear().then(async () => {
|
||||
if ( this.saml.config().slo.end_coreid_session ) {
|
||||
await req.user.logout(req)
|
||||
|
||||
@@ -12,7 +12,7 @@ class EMailJob extends Job {
|
||||
|
||||
const { data } = job
|
||||
let { from = config.default_sender, to, subject, html = undefined, email_params = undefined } = data
|
||||
this.output.info(`Sending mail to ${to}...`)
|
||||
this.info(`Sending mail to ${to}...`)
|
||||
|
||||
if ( !html && email_params ) html = this.email(email_params)
|
||||
|
||||
@@ -20,9 +20,11 @@ class EMailJob extends Job {
|
||||
from, to, subject, html,
|
||||
})
|
||||
} catch (e) {
|
||||
this.output.error(e)
|
||||
this.error(e)
|
||||
throw e
|
||||
}
|
||||
this.output.success(`Mail sent!`)
|
||||
|
||||
this.success(`Mail sent!`)
|
||||
}
|
||||
|
||||
email({ header_text, body_paragraphs = [], button_text = '', button_link = '' }) {
|
||||
|
||||
@@ -12,7 +12,7 @@ class ForeignIPLoginAlertJob extends Job {
|
||||
const user = await User.findById(user_id)
|
||||
if ( !user ) throw new Error('Unable to find user with ID: '+user_id)
|
||||
|
||||
this.output.info('Sending foreign IP login alert to user.')
|
||||
this.info('Sending foreign IP login alert to user ' + user.uid)
|
||||
|
||||
await this.jobs.queue('mailer').add('EMail', {
|
||||
to: user.email,
|
||||
@@ -29,14 +29,19 @@ class ForeignIPLoginAlertJob extends Job {
|
||||
}
|
||||
})
|
||||
|
||||
this.info('Logged e-mail job')
|
||||
|
||||
if ( user.notify_config && user.notify_config.active ) {
|
||||
await user.notify_config.log({
|
||||
title: `${this.configs.get('app.name')}: Sign-In From New IP`,
|
||||
message: `Someone signed into your account (${user.uid}) from the IP address ${ip}. If this was you, no further action is required.`,
|
||||
})
|
||||
|
||||
this.info('Logged push notification job')
|
||||
}
|
||||
} catch (e) {
|
||||
this.output.error(e)
|
||||
this.error(e)
|
||||
throw e
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,13 +13,17 @@ class PasswordResetJob extends Job {
|
||||
const User = this.models.get('auth:User')
|
||||
const user = await User.findById(user_id)
|
||||
if (!user) {
|
||||
this.output.error(`Unable to find user with ID: ${user_id}`)
|
||||
this.error(`Unable to find user with ID: ${user_id}`)
|
||||
throw new Error('Unable to find user with that ID.')
|
||||
}
|
||||
|
||||
this.output.info(`Resetting password for user: ${user.uid}`)
|
||||
this.info(`Resetting password for user: ${user.uid}`)
|
||||
|
||||
// Create an authenticated key-action
|
||||
const key_action = await this.key_action(user)
|
||||
|
||||
this.info(`Created reset keyaction ${key_action.id} (key: ${key_action.key}, handler: ${key_action.handler})`)
|
||||
|
||||
await this.jobs.queue('mailer').add('EMail', {
|
||||
to: user.email,
|
||||
subject: 'Reset Your Password | ' + this.configs.get('app.name'),
|
||||
@@ -34,17 +38,22 @@ class PasswordResetJob extends Job {
|
||||
}
|
||||
})
|
||||
|
||||
this.info('Logged e-mail job.')
|
||||
|
||||
if ( user.notify_config && user.notify_config.active ) {
|
||||
await user.notify_config.log({
|
||||
title: `${this.configs.get('app.name')}: Password Reset Requested`,
|
||||
message: `A password reset request was logged for your account (${user.uid}). If this was you, please check your e-mail for further instructions.`,
|
||||
priority: 8,
|
||||
})
|
||||
|
||||
this.info('Logged security push notification job')
|
||||
}
|
||||
|
||||
this.output.success('Password reset logged.')
|
||||
this.success('Password reset logged.')
|
||||
} catch (e) {
|
||||
this.output.error(e)
|
||||
this.error(e)
|
||||
throw e
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ class PasswordResetAlertJob extends Job {
|
||||
const user = await User.findById(user_id)
|
||||
if ( !user ) throw new Error('Unable to find user with ID: '+user_id)
|
||||
|
||||
this.output.info('Sending password reset alert to user.')
|
||||
this.info('Sending password reset alert to user ' + user.uid)
|
||||
|
||||
await this.jobs.queue('mailer').add('EMail', {
|
||||
to: user.email,
|
||||
@@ -28,15 +28,20 @@ class PasswordResetAlertJob extends Job {
|
||||
},
|
||||
})
|
||||
|
||||
this.info('Logged e-mail job')
|
||||
|
||||
if ( user.notify_config && user.notify_config.active ) {
|
||||
await user.notify_config.log({
|
||||
title: `${this.configs.get('app.name')}: Password Reset`,
|
||||
message: `The password to your account (${user.uid}) was reset from the IP address ${ip}. If this was not you, please contact your system administrator.`,
|
||||
priority: 8,
|
||||
})
|
||||
|
||||
this.info('Logged push notification job')
|
||||
}
|
||||
} catch (e) {
|
||||
this.output.error(e)
|
||||
this.error(e)
|
||||
throw e
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,14 +14,15 @@ class PopulateAnnouncementJob extends Job {
|
||||
const announcement = await Announcement.findById(announcement_id)
|
||||
|
||||
if ( !announcement ) {
|
||||
this.output.error(`Unable to find announcement with ID: ${announcement_id}`)
|
||||
this.error(`Unable to find announcement with ID: ${announcement_id}`)
|
||||
throw new Error('Unable to find announcement with that ID.')
|
||||
}
|
||||
|
||||
await announcement.populate()
|
||||
this.output.success('Populated announcements.')
|
||||
this.success('Populated announcements.')
|
||||
} catch (e) {
|
||||
this.output.error(e)
|
||||
this.error(e)
|
||||
throw e
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,13 +18,15 @@ class PushNotifyJob extends Job {
|
||||
const notify = user.notify_config
|
||||
if ( !notify || !notify.active ) throw new Error('User does not have notifications configured.')
|
||||
|
||||
this.output.info(`Sending notification to ${user.uid}...`)
|
||||
this.info(`Sending notification to ${user.uid}...`)
|
||||
|
||||
await notify.send({ title, message, priority })
|
||||
} catch (e) {
|
||||
this.output.error(e)
|
||||
this.error(e)
|
||||
throw e
|
||||
}
|
||||
this.output.success(`Notification sent!`)
|
||||
|
||||
this.success(`Notification sent!`)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -52,7 +52,7 @@ class UsersController extends LDAPController {
|
||||
first_name: req_data.cn ? req_data.cn[0] : '',
|
||||
last_name: req_data.sn ? req_data.sn[0] : '',
|
||||
email: req_data.mail ? req_data.mail[0] : '',
|
||||
username: req_data.uid ? req_data.uid[0] : '',
|
||||
username: req_data.uid ? req_data.uid[0].toLowerCase() : '',
|
||||
password: req_data.userpassword ? req_data.userpassword[0] : '',
|
||||
}
|
||||
|
||||
@@ -327,7 +327,7 @@ class UsersController extends LDAPController {
|
||||
|
||||
try {
|
||||
if ( typeof dn === 'string' ) dn = LDAP.parseDN(dn)
|
||||
return dn.rdns[0].attrs[uid_field].value
|
||||
return dn.rdns[0].attrs[uid_field].value.toLowerCase()
|
||||
} catch (e) {}
|
||||
}
|
||||
|
||||
@@ -335,7 +335,7 @@ class UsersController extends LDAPController {
|
||||
const uid = this.get_uid_from_dn(dn)
|
||||
if ( uid ) {
|
||||
const User = this.models.get('auth:User')
|
||||
return User.findOne({uid, ldap_visible: true})
|
||||
return User.findOne({uid: uid.toLowerCase(), ldap_visible: true})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
29
app/models/FrontEndError.model.js
Normal file
29
app/models/FrontEndError.model.js
Normal file
@@ -0,0 +1,29 @@
|
||||
const { Model } = require('flitter-orm')
|
||||
|
||||
class FrontEndErrorModel extends Model {
|
||||
static get schema() {
|
||||
return {
|
||||
user_agent: String,
|
||||
logged_at: { type: Date, default: () => new Date },
|
||||
user_id: String,
|
||||
session_id: String,
|
||||
full_url: String,
|
||||
trace: String,
|
||||
}
|
||||
}
|
||||
|
||||
static async log(request) {
|
||||
const err = new this({
|
||||
user_agent: request.get('user-agent'),
|
||||
user_id: request?.user?.id,
|
||||
session_id: request.sessionID,
|
||||
full_url: request.body.full_url,
|
||||
trace: request.body.trace,
|
||||
})
|
||||
|
||||
await err.save()
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = exports = FrontEndErrorModel
|
||||
@@ -173,7 +173,7 @@ class User extends AuthUser {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
|
||||
const ldap_data = {
|
||||
uid: this.uid,
|
||||
uid: this.uid.toLowerCase(),
|
||||
uuid: this.uuid,
|
||||
cn: this.first_name,
|
||||
sn: this.last_name,
|
||||
@@ -213,7 +213,7 @@ class User extends AuthUser {
|
||||
}
|
||||
|
||||
get dn() {
|
||||
return LDAP.parseDN(`uid=${this.uid},${this.ldap_server.auth_dn().format(this.configs.get('ldap:server.format'))}`)
|
||||
return LDAP.parseDN(`uid=${this.uid.toLowerCase()},${this.ldap_server.auth_dn().format(this.configs.get('ldap:server.format'))}`)
|
||||
}
|
||||
|
||||
// The following are used by OpenID connect
|
||||
@@ -227,15 +227,15 @@ class User extends AuthUser {
|
||||
given_name: this.first_name,
|
||||
locale: 'en_US', // TODO
|
||||
name: `${this.first_name} ${this.last_name}`,
|
||||
preferred_username: this.uid,
|
||||
username: this.uid,
|
||||
preferred_username: this.uid.toLowerCase(),
|
||||
username: this.uid.toLowerCase(),
|
||||
}
|
||||
}
|
||||
|
||||
static async findByLogin(login) {
|
||||
return this.findOne({
|
||||
active: true,
|
||||
uid: login,
|
||||
uid: login.toLowerCase(),
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
@@ -118,7 +118,7 @@ class PolicyModel extends Model {
|
||||
if ( this.entity_type === 'user' ) {
|
||||
const User = this.models.get('auth:User')
|
||||
const user = await User.findById(this.entity_id)
|
||||
entity_display = `User: ${user.last_name}, ${user.first_name} (${user.uid})`
|
||||
entity_display = `User: ${user.last_name}, ${user.first_name} (${user.uid.toLowerCase()})`
|
||||
} else if ( this.entity_type === 'group' ) {
|
||||
const Group = this.models.get('auth:Group')
|
||||
const group = await Group.findById(this.entity_id)
|
||||
|
||||
@@ -19,7 +19,7 @@ class ClientModel extends Model {
|
||||
const user = new User({
|
||||
first_name: name,
|
||||
last_name: '(LDAP Agent)',
|
||||
uid,
|
||||
uid: uid.toLowerCase(),
|
||||
roles: ['ldap_client'],
|
||||
})
|
||||
|
||||
@@ -58,7 +58,7 @@ class ClientModel extends Model {
|
||||
id: this.id,
|
||||
name: this.name,
|
||||
user_id: user.id,
|
||||
uid: user.uid,
|
||||
uid: user.uid.toLowerCase(),
|
||||
last_invocation: this.last_invocation,
|
||||
permissions: [...user.permissions, ...role_permissions],
|
||||
}
|
||||
|
||||
@@ -17,7 +17,7 @@ class SessionParticipantStore extends Injectable {
|
||||
async issue({ service_provider }) {
|
||||
const sp = new this.SessionParticipant({
|
||||
service_provider_id: service_provider.id,
|
||||
name_id: this.request.user.uid,
|
||||
name_id: this.request.user.uid.toLowerCase(),
|
||||
// session_index: this.get_index(),
|
||||
slo_url: service_provider.slo_url,
|
||||
// TODO sp_cert,
|
||||
|
||||
@@ -8,6 +8,7 @@ class PermissionMiddleware extends Middleware {
|
||||
async test(req, res, next, { check }) {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
|
||||
if ( !req.additional_api_log_data ) req.additional_api_log_data = {}
|
||||
req.additional_api_log_data.permission_check = check
|
||||
|
||||
// If the request was authorized using an OAuth2 bearer token,
|
||||
|
||||
@@ -59,6 +59,10 @@ const index = {
|
||||
'middleware::auth:GuestOnly',
|
||||
'controller::api:v1:Password.request_reset',
|
||||
],
|
||||
|
||||
'/api/v1/log-error': [
|
||||
'controller::Home.log_front_end_error'
|
||||
],
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ class MFAService extends Service {
|
||||
secret(user) {
|
||||
return speakeasy.generateSecret({
|
||||
length: this.configs.get('auth.mfa.secret_length') ?? 20,
|
||||
name: `${this.configs.get('app.name')} (${user.uid})`,
|
||||
name: `${this.configs.get('app.name')} (${user.uid.toLowerCase()})`,
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ class VueService extends Service {
|
||||
user: {
|
||||
first_name: req.user.first_name,
|
||||
last_name: req.user.last_name,
|
||||
username: req.user.uid,
|
||||
username: req.user.uid.toLowerCase(),
|
||||
email: req.user.email,
|
||||
tagline: req.user.tagline,
|
||||
user_id: req.user.id,
|
||||
|
||||
@@ -28,7 +28,7 @@ class OpenIDConnectUnit extends Unit {
|
||||
clients: [],
|
||||
interactions: {
|
||||
interactions,
|
||||
url: (ctx, interaction) => `/openid/interaction/${ctx.oidc.uid}`,
|
||||
url: (ctx, interaction) => `/openid/interaction/${ctx.oidc.uid.toLowerCase()}`,
|
||||
},
|
||||
cookies: {
|
||||
long: { signed: true, maxAge: 24 * 60 * 60 * 1000 }, // 1 day, ms
|
||||
|
||||
@@ -15,6 +15,7 @@ html(lang='en')
|
||||
.app-container
|
||||
block app
|
||||
block script
|
||||
script(src='/assets/error-log.js')
|
||||
script(src='/assets/lib/axios/axios.min.js')
|
||||
script(src='/assets/lib/jquery/jquery-3.4.1.slim.min.js')
|
||||
script(src='/assets/lib/popper/popper-1.16.0.min.js')
|
||||
|
||||
@@ -31,6 +31,13 @@ const jobs_config = {
|
||||
// worker processes of the same type.
|
||||
// (e.g. you can have two "main" workers)
|
||||
},
|
||||
|
||||
connector: {
|
||||
enabled: env('JOB_QUEUE_CONNECTOR', false),
|
||||
mount: env('JOB_QUEUE_CONNECTOR_MOUNT', '/job_queue_api'),
|
||||
secret: env('JOB_QUEUE_CONNECTOR_SECRET'),
|
||||
},
|
||||
|
||||
}
|
||||
|
||||
module.exports = exports = jobs_config
|
||||
|
||||
@@ -35,7 +35,12 @@ const server_config = {
|
||||
* The secret used to encrypt the session.
|
||||
* This should be set in the environment.
|
||||
*/
|
||||
secret: env("SECRET", "changeme")
|
||||
secret: env("SECRET", "changeme"),
|
||||
|
||||
/*
|
||||
* The max age of a session in milliseconds
|
||||
*/
|
||||
max_age: env("SESSION_MAX_AGE", 1000 * 60 * 60 * 24 * 2), // default to 2 days
|
||||
},
|
||||
|
||||
uploads: {
|
||||
|
||||
@@ -33,3 +33,6 @@ SMTP_PORT="587"
|
||||
SMTP_USER="coreid@localhost.localdomain"
|
||||
SMTP_DEFAULT_SENDER="coreid@localhost.localdomain"
|
||||
SMTP_PASS="something super secure"
|
||||
|
||||
JOB_QUEUE_CONNECTOR=true
|
||||
JOB_QUEUE_CONNECTOR_SECRET=
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
"flitter-forms": "^0.8.1",
|
||||
"flitter-gotify": "^0.1.0",
|
||||
"flitter-i18n": "^0.1.1",
|
||||
"flitter-jobs": "^0.1.2",
|
||||
"flitter-jobs": "^0.4.0",
|
||||
"flitter-less": "^0.5.3",
|
||||
"flitter-orm": "^0.4.0",
|
||||
"flitter-redis": "^0.1.1",
|
||||
@@ -33,7 +33,7 @@
|
||||
"ioredis": "^4.17.1",
|
||||
"is-absolute-url": "^3.0.3",
|
||||
"ldapjs": "^1.0.2",
|
||||
"libflitter": "^0.56.1",
|
||||
"libflitter": "^0.57.1",
|
||||
"moment": "^2.24.0",
|
||||
"mongodb": "^3.5.9",
|
||||
"nodemailer": "^6.4.6",
|
||||
|
||||
16
yarn.lock
16
yarn.lock
@@ -2148,10 +2148,10 @@ flitter-i18n@^0.1.1:
|
||||
ncp "^2.0.0"
|
||||
pluralize "^8.0.0"
|
||||
|
||||
flitter-jobs@^0.1.2:
|
||||
version "0.1.2"
|
||||
resolved "https://registry.yarnpkg.com/flitter-jobs/-/flitter-jobs-0.1.2.tgz#5536bb12be728b61f6e0940b6c18760e4f1b59d6"
|
||||
integrity sha512-bxJD3akDnoKPRyIXXy8ytlypGI8uj0Fjn2C8gIY2HFxZeFIBJo47MqQ9qZvVWFS28pS6aUY+0emOvTFkuG/2zA==
|
||||
flitter-jobs@^0.4.0:
|
||||
version "0.4.0"
|
||||
resolved "https://registry.yarnpkg.com/flitter-jobs/-/flitter-jobs-0.4.0.tgz#6871f611fddb43e8e0ecdb144743ada967aedf8a"
|
||||
integrity sha512-L7SPCzxR+pR9LflWOsChkalhLav7YSES79dv7N8VEFpQuhXZ01jm0MwUnKMJyS9+QOiogDzQuab7IsVdMojUFQ==
|
||||
dependencies:
|
||||
bullmq "^1.8.8"
|
||||
flitter-redis "^0.1.1"
|
||||
@@ -3235,10 +3235,10 @@ leven@^1.0.2:
|
||||
resolved "https://registry.yarnpkg.com/leven/-/leven-1.0.2.tgz#9144b6eebca5f1d0680169f1a6770dcea60b75c3"
|
||||
integrity sha1-kUS27ryl8dBoAWnxpncNzqYLdcM=
|
||||
|
||||
libflitter@^0.56.1:
|
||||
version "0.56.1"
|
||||
resolved "https://registry.yarnpkg.com/libflitter/-/libflitter-0.56.1.tgz#250166027b9cab727c9deb6b1fa1865428b1eafb"
|
||||
integrity sha512-QikFtFRa9okKOjOio5ehpQ6hyacCoMbtOlqcXt4I7uU3lntBeP5qSbz1q3x1wUY/AdBc2k70+Eg8BcpGmBEs4Q==
|
||||
libflitter@^0.57.1:
|
||||
version "0.57.1"
|
||||
resolved "https://registry.yarnpkg.com/libflitter/-/libflitter-0.57.1.tgz#e605333a5e38cadac1203e4be8ea685c5520472b"
|
||||
integrity sha512-bEu02HZjcAp53A2xnE0hz/LVhkErvnqaKmlNOqvJJaGMjKClfVuqJlr9bFfWU84qXL9SaHWd06P3nxIVKTvFIw==
|
||||
dependencies:
|
||||
colors "^1.3.3"
|
||||
connect-mongodb-session "^2.2.0"
|
||||
|
||||
Reference in New Issue
Block a user