Merge pull request #2281 from mantis-toboggan-md/auth

fix ldap/saml add users and groups

assets/translations/en-us.yaml

@@ -1985,6 +1985,7 @@ validation:
     exactly: '"{key}" should contain {count, plural, =1 {# item} other {# items}}'
     max: '"{key}" should contain at most {count} {count, plural, =1 {item} other {items}}'
     min: '"{key}" should contain at least {count} {count, plural, =1 {item} other {items}}'
+  boolean: '"{key}" must be a boolean value.'
   chars: '"{key}" contains {count, plural, =1 {an invalid character} other {# invalid characters}}: {chars}'
   custom:
     missing: 'No validtor exists for { validatorName }! Does the validtor exist in custom-validtors? Is the name spelled correctly?'

components/auth/AllowedPrincipals.vue

@@ -40,6 +40,10 @@ export default {
         };
       });
     },
+
+    accessMode() {
+      return this.authConfig?.accessMode;
+    }
   },
 
   created() {
@@ -71,6 +75,7 @@ export default {
       </div>
       <div class="col span-6">
         <ArrayList
+          v-if="accessMode!=='unrestricted'"
           key="allowedPrincipalIds"
           v-model="authConfig.allowedPrincipalIds"
           title-key="authConfig.allowedPrincipalIds.label"

components/auth/login/saml.vue

@@ -5,7 +5,7 @@ export default {
 
   methods: {
     async login() {
-      const res = await this.$store.dispatch('auth/login', { provider: name, body: { finalRedirectUrl: window.location.origin } });
+      const res = await this.$store.dispatch('auth/login', { provider: this.name, body: { finalRedirectUrl: window.location.origin } });
       const { idpRedirectUrl } = res;
 
       window.location.href = idpRedirectUrl;

edit/auth/googleoauth.vue

@@ -84,7 +84,7 @@ export default {
       @finish="save"
       @cancel="done"
     >
-      <template v-if="model.enabled && !isSaving">
+      <template v-if="model.enabled && !isEnabling">
         <Banner color="success clearfix">
           <div class="pull-left mt-10">
             {{ t('authConfig.stateBanner.enabled', tArgs) }}

edit/auth/ldap/index.vue

@@ -86,7 +86,7 @@ export default {
       @finish="save"
       @cancel="done"
     >
-      <template v-if="model.enabled && !isSaving">
+      <template v-if="model.enabled && !isEnabling">
         <Banner color="success clearfix">
           <div class="pull-left mt-10">
             {{ t('authConfig.stateBanner.enabled', tArgs) }}

edit/auth/saml.vue

@@ -76,7 +76,7 @@ export default {
       @finish="save"
       @cancel="done"
     >
-      <template v-if="model.enabled && !isSaving">
+      <template v-if="model.enabled && !isEnabling">
         <Banner color="success clearfix">
           <div class="pull-left mt-10">
             {{ t('authConfig.stateBanner.enabled', tArgs) }}

mixins/auth-config.js

@@ -28,7 +28,7 @@ export default {
   },
 
   data() {
-    return { isSaving: false };
+    return { isEnabling: false };
   },
 
   computed: {
@@ -38,6 +38,13 @@ export default {
       return out;
     },
 
+    doneLocationOverride() {
+      return {
+        name:   this.$route.name,
+        params: this.$route.params
+      };
+    },
+
     serverUrl() {
       if ( this.serverSetting ) {
         return this.serverSetting;
@@ -69,9 +76,12 @@ export default {
     async save(btnCb) {
       const configType = this.value.configType;
 
-      this.isSaving = true;
       this.errors = [];
       const wasEnabled = this.model.enabled;
+
+      if (!wasEnabled) {
+        this.isEnabling = true;
+      }
       let obj = this.toSave;
 
       if (!obj) {
@@ -92,8 +102,7 @@ export default {
             }
             await this.model.save();
             await this.$store.dispatch('auth/test', { provider: this.model.id, body: this.model });
-
-            await this.reloadModel();
+            this.model.enabled = true;
           } else {
             this.model.enabled = true;
             if (!this.model.accessMode) {
@@ -101,7 +110,6 @@ export default {
             }
             await this.model.doAction('testAndApply', obj);
           }
-
           // Reload principals to get the new ones from the provider
           this.principals = await this.$store.dispatch('rancher/findAll', {
             type: NORMAN.PRINCIPAL,
@@ -113,12 +121,9 @@ export default {
             addObject(this.model.allowedPrincipalIds, this.me.id);
           }
         }
-
-        if (configType === 'oauth') {
-          await this.model.save();
-          await this.reloadModel();
-        }
-        this.isSaving = false;
+        await this.model.save();
+        await this.reloadModel();
+        this.isEnabling = false;
         btnCb(true);
         if ( wasEnabled ) {
           this.done();
@@ -128,7 +133,7 @@ export default {
         this.errors = [err];
         btnCb(false);
         this.model.enabled = wasEnabled;
-        this.isSaving = false;
+        this.isEnabling = false;
       }
     },
 

pages/auth/verify.vue

@@ -19,7 +19,7 @@ export default {
 
   async fetch({ store, route, redirect }) {
     const code = route.query[GITHUB_CODE];
-    const state = route.query[GITHUB_NONCE];
+    const state = route.query[GITHUB_NONCE] || '';
     const isGoogle = state.includes('-googleoauth');
     const isTesting = state.includes('-test');
 
@@ -34,7 +34,7 @@ export default {
         provider: isGoogle ? 'googleoauth' : 'github'
       });
 
-      if ( res === true ) {
+      if ( res._status === 200) {
         const backTo = route.query[BACK_TO] || '/';
 
         redirect(backTo);
@@ -45,7 +45,7 @@ export default {
   },
 
   data() {
-    const state = this.$route.query[GITHUB_NONCE];
+    const state = this.$route.query[GITHUB_NONCE] || '';
 
     const testing = state.includes('-test');
 

plugins/steve/resource-instance.js

@@ -27,6 +27,7 @@ import {
   validateChars,
   validateDnsLikeTypes,
   validateLength,
+  validateBoolean
 } from '@/utils/validators';
 
 import { ANNOTATIONS_TO_IGNORE_REGEX, DESCRIPTION, LABELS_TO_IGNORE_REGEX, NORMAN_NAME } from '@/config/labels-annotations';
@@ -804,6 +805,7 @@ export default {
     return async(opt = {}) => {
       delete this.__rehydrate;
       const forNew = !this.id;
+
       const errors = await this.validationErrors(this);
 
       if (!isEmpty(errors)) {
@@ -1253,8 +1255,12 @@ export default {
           }
         }
 
-        validateLength(val, field, displayKey, this.$rootGetters, errors);
-        validateChars(val, field, displayKey, this.$rootGetters, errors);
+        if (fieldType === 'boolean') {
+          validateBoolean(val, field, displayKey, this.$rootGetters, errors);
+        } else {
+          validateLength(val, field, displayKey, this.$rootGetters, errors);
+          validateChars(val, field, displayKey, this.$rootGetters, errors);
+        }
 
         if (errors.length > 0) {
           errors.push(this.t('validation.required', { key: displayKey }));

store/auth.js

@@ -216,13 +216,13 @@ export const actions = {
     const driver = await dispatch('getAuthProvider', provider);
 
     try {
-      await driver.doAction('login', {
+      const res = await driver.doAction('login', {
         description:  'UI session',
         responseType: 'cookie',
         ...body
       }, { redirectUnauthorized: false });
 
-      return true;
+      return res;
     } catch (err) {
       if ( err._status >= 400 && err._status <= 499 ) {
         return Promise.reject(ERR_CLIENT);

utils/validators/index.js

@@ -254,3 +254,14 @@ export function validateDnsLikeTypes(val, type, displayKey, getters, opts, error
 
   return errors;
 }
+
+export function validateBoolean(val, field, displayKey, getters, errors = []) {
+  if (!val && val !== false) {
+    errors.push(getters['i18n/t']('validation.required', { key: displayKey }));
+
+    return;
+  }
+  if (typeof val !== 'boolean') {
+    errors.push(getters['i18n/t']('validation.boolean', { key: displayKey }));
+  }
+}