From 53792a5cf700987a20c05c8ae83be0cdd48d9d10 Mon Sep 17 00:00:00 2001
From: Subv <subv2112@gmail.com>
Date: Fri, 22 May 2020 12:31:03 -0500
Subject: [PATCH] Add database columns to store OpenID Connect information for
Proxy Hosts.
---
.../20200522113248_openid_connect.js | 48 +++++++++++++
backend/schema/definitions.json | 21 ++++++
backend/schema/endpoints/proxy-hosts.json | 72 +++++++++++++++++++
frontend/js/app/nginx/proxy/form.ejs | 2 +-
frontend/js/app/nginx/proxy/form.js | 2 +-
frontend/js/models/proxy-host.js | 10 +--
6 files changed, 148 insertions(+), 7 deletions(-)
create mode 100644 backend/migrations/20200522113248_openid_connect.js
diff --git a/backend/migrations/20200522113248_openid_connect.js b/backend/migrations/20200522113248_openid_connect.js
new file mode 100644
index 0000000..f27a5e6
--- /dev/null
+++ b/backend/migrations/20200522113248_openid_connect.js
@@ -0,0 +1,48 @@
+const migrate_name = 'openid_connect';
+const logger = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+ logger.info('[' + migrate_name + '] Migrating Up...');
+
+ return knex.schema.table('proxy_host', function (proxy_host) {
+ proxy_host.integer('openidc_enabled').notNull().unsigned().defaultTo(0);
+ proxy_host.text('openidc_redirect_uri').notNull().defaultTo('');
+ proxy_host.text('openidc_discovery').notNull().defaultTo('');
+ proxy_host.text('openidc_auth_method').notNull().defaultTo('client_secret_post');
+ proxy_host.text('openidc_client_id').notNull().defaultTo('');
+ proxy_host.text('openidc_client_secret').notNull().defaultTo('');
+ })
+ .then(() => {
+ logger.info('[' + migrate_name + '] proxy_host Table altered');
+ });
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+ return knex.schema.table('proxy_host', function (proxy_host) {
+ proxy_host.dropColumn('openidc_enabled');
+ proxy_host.dropColumn('openidc_redirect_uri');
+ proxy_host.dropColumn('openidc_discovery');
+ proxy_host.dropColumn('openidc_auth_method');
+ proxy_host.dropColumn('openidc_client_id');
+ proxy_host.dropColumn('openidc_client_secret');
+ })
+ .then(() => {
+ logger.info('[' + migrate_name + '] proxy_host Table altered');
+ });
+};
diff --git a/backend/schema/definitions.json b/backend/schema/definitions.json
index 9895b87..87db39a 100644
--- a/backend/schema/definitions.json
+++ b/backend/schema/definitions.json
@@ -235,6 +235,27 @@
"description": "Should we cache assets",
"example": true,
"type": "boolean"
+ },
+ "openidc_enabled": {
+ "description": "Is OpenID Connect authentication enabled",
+ "example": true,
+ "type": "boolean"
+ },
+ "openidc_redirect_uri": {
+ "type": "string"
+ },
+ "openidc_discovery": {
+ "type": "string"
+ },
+ "openidc_auth_method": {
+ "type": "string",
+ "pattern": "^(client_secret_basic|client_secret_post)$"
+ },
+ "openidc_client_id": {
+ "type": "string"
+ },
+ "openidc_client_secret": {
+ "type": "string"
}
}
}
diff --git a/backend/schema/endpoints/proxy-hosts.json b/backend/schema/endpoints/proxy-hosts.json
index 9a3fff2..849a0f7 100644
--- a/backend/schema/endpoints/proxy-hosts.json
+++ b/backend/schema/endpoints/proxy-hosts.json
@@ -64,6 +64,24 @@
"advanced_config": {
"type": "string"
},
+ "openidc_enabled": {
+ "$ref": "../definitions.json#/definitions/openidc_enabled"
+ },
+ "openidc_redirect_uri": {
+ "$ref": "../definitions.json#/definitions/openidc_redirect_uri"
+ },
+ "openidc_discovery": {
+ "$ref": "../definitions.json#/definitions/openidc_discovery"
+ },
+ "openidc_auth_method": {
+ "$ref": "../definitions.json#/definitions/openidc_auth_method"
+ },
+ "openidc_client_id": {
+ "$ref": "../definitions.json#/definitions/openidc_client_id"
+ },
+ "openidc_client_secret": {
+ "$ref": "../definitions.json#/definitions/openidc_client_secret"
+ },
"enabled": {
"$ref": "../definitions.json#/definitions/enabled"
},
@@ -161,6 +179,24 @@
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
+ "openidc_enabled": {
+ "$ref": "#/definitions/openidc_enabled"
+ },
+ "openidc_redirect_uri": {
+ "$ref": "#/definitions/openidc_redirect_uri"
+ },
+ "openidc_discovery": {
+ "$ref": "#/definitions/openidc_discovery"
+ },
+ "openidc_auth_method": {
+ "$ref": "#/definitions/openidc_auth_method"
+ },
+ "openidc_client_id": {
+ "$ref": "#/definitions/openidc_client_id"
+ },
+ "openidc_client_secret": {
+ "$ref": "#/definitions/openidc_client_secret"
+ },
"enabled": {
"$ref": "#/definitions/enabled"
},
@@ -251,6 +287,24 @@
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
+ "openidc_enabled": {
+ "$ref": "#/definitions/openidc_enabled"
+ },
+ "openidc_redirect_uri": {
+ "$ref": "#/definitions/openidc_redirect_uri"
+ },
+ "openidc_discovery": {
+ "$ref": "#/definitions/openidc_discovery"
+ },
+ "openidc_auth_method": {
+ "$ref": "#/definitions/openidc_auth_method"
+ },
+ "openidc_client_id": {
+ "$ref": "#/definitions/openidc_client_id"
+ },
+ "openidc_client_secret": {
+ "$ref": "#/definitions/openidc_client_secret"
+ },
"enabled": {
"$ref": "#/definitions/enabled"
},
@@ -324,6 +378,24 @@
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
+ "openidc_enabled": {
+ "$ref": "#/definitions/openidc_enabled"
+ },
+ "openidc_redirect_uri": {
+ "$ref": "#/definitions/openidc_redirect_uri"
+ },
+ "openidc_discovery": {
+ "$ref": "#/definitions/openidc_discovery"
+ },
+ "openidc_auth_method": {
+ "$ref": "#/definitions/openidc_auth_method"
+ },
+ "openidc_client_id": {
+ "$ref": "#/definitions/openidc_client_id"
+ },
+ "openidc_client_secret": {
+ "$ref": "#/definitions/openidc_client_secret"
+ },
"enabled": {
"$ref": "#/definitions/enabled"
},
diff --git a/frontend/js/app/nginx/proxy/form.ejs b/frontend/js/app/nginx/proxy/form.ejs
index 3777b25..36b62bb 100644
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@@ -278,7 +278,7 @@
<div class="col-sm-12 col-md-12">
<div class="form-group">
<label class="custom-switch">
- <input type="checkbox" class="custom-switch-input" name="openidc_enabled" value="1<%- openidc_enabled ? ' checked' : '' %>">
+ <input type="checkbox" class="custom-switch-input" name="openidc_enabled" value="1"<%- openidc_enabled ? ' checked' : '' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description">Use OpenID Connect authentication <span class="form-required">*</span></span>
</label>
diff --git a/frontend/js/app/nginx/proxy/form.js b/frontend/js/app/nginx/proxy/form.js
index 413712b..b72457a 100644
--- a/frontend/js/app/nginx/proxy/form.js
+++ b/frontend/js/app/nginx/proxy/form.js
@@ -132,7 +132,6 @@ module.exports = Mn.View.extend({
},
'change @ui.openidc_enabled': function () {
- console.log('Changing');
let checked = this.ui.openidc_enabled.prop('checked');
if (checked) {
@@ -367,6 +366,7 @@ module.exports = Mn.View.extend({
// OpenID Connect
this.ui.openidc.hide().find('input').prop('required', false);
+ this.ui.openidc_enabled.trigger('change');
},
initialize: function (options) {
diff --git a/frontend/js/models/proxy-host.js b/frontend/js/models/proxy-host.js
index 77302a7..ef1f1f4 100644
--- a/frontend/js/models/proxy-host.js
+++ b/frontend/js/models/proxy-host.js
@@ -23,11 +23,11 @@ const model = Backbone.Model.extend({
http2_support: false,
advanced_config: '',
openidc_enabled: false,
- openidc_redirect_uri: null,
- openidc_discovery: null,
- openidc_auth_method: null,
- openidc_client_id: null,
- openidc_client_secret: null,
+ openidc_redirect_uri: '',
+ openidc_discovery: '',
+ openidc_auth_method: 'client_secret_post',
+ openidc_client_id: '',
+ openidc_client_secret: '',
enabled: true,
meta: {},
// The following are expansions: