From 376c858ab5be1e8e24c616ed94ce848e25e37174 Mon Sep 17 00:00:00 2001
From: loganhz <logan@rancher.com>
Date: Thu, 23 Aug 2018 16:41:01 +0800
Subject: [PATCH] Enhance Azure AD

https://github.com/rancher/rancher/issues/15175
---
 .../components/azuread-endpoints/component.js | 67 +++++++++++++++++++
 .../components/azuread-endpoints/template.hbs | 59 ++++++++++++++++
 .../authentication/azuread/controller.js      |  1 +
 .../authentication/azuread/template.hbs       | 31 +--------
 lib/shared/addon/utils/constants.js           | 14 ++++
 translations/en-us.yaml                       |  6 ++
 6 files changed, 150 insertions(+), 28 deletions(-)
 create mode 100644 lib/global-admin/addon/components/azuread-endpoints/component.js
 create mode 100644 lib/global-admin/addon/components/azuread-endpoints/template.hbs

diff --git a/lib/global-admin/addon/components/azuread-endpoints/component.js b/lib/global-admin/addon/components/azuread-endpoints/component.js
new file mode 100644
index 000000000..0cc890059
--- /dev/null
+++ b/lib/global-admin/addon/components/azuread-endpoints/component.js
@@ -0,0 +1,67 @@
+import Component from '@ember/component';
+import layout from './template';
+import { get, set, observer, setProperties } from '@ember/object';
+import C from 'ui/utils/constants';
+
+export default Component.extend({
+  layout,
+
+  authConfig: null,
+  isEnabled:  null,
+
+  region: null,
+
+  init() {
+    this._super(...arguments);
+
+    if ( get(this, 'isEnabled') ) {
+      const endpoint = get(this, 'authConfig.endpoint');
+
+      if ( C.AZURE_AD.STANDARD.ENDPOINT.startsWith(endpoint) ) {
+        set(this, 'region', C.AZURE_AD.STANDARD.KEY);
+      } else if ( C.AZURE_AD.CHINA.ENDPOINT.startsWith(endpoint) ) {
+        set(this, 'region', C.AZURE_AD.CHINA.KEY);
+      } else {
+        set(this, 'region', C.AZURE_AD.CUSTOM.KEY);
+      }
+    } else {
+      set(this, 'region', C.AZURE_AD.STANDARD.KEY);
+      this.regionDidChange();
+    }
+  },
+
+  regionDidChange: observer('region', 'authConfig.tenantId', function() {
+    const config = get(this, 'authConfig');
+
+    const tenantId = get(this, 'authConfig.tenantId') || '';
+
+    const region = get(this, 'region');
+
+    switch (region) {
+    case C.AZURE_AD.STANDARD.KEY:
+      setProperties(config, {
+        endpoint:      C.AZURE_AD.STANDARD.ENDPOINT,
+        graphEndpoint: C.AZURE_AD.STANDARD.GRAPH_ENDPOINT,
+        tokenEndpoint: `${ C.AZURE_AD.STANDARD.ENDPOINT }${ tenantId }/oauth2/token`,
+        authEndpoint:  `${ C.AZURE_AD.STANDARD.ENDPOINT }${ tenantId }/oauth2/authorize`,
+      });
+      break;
+    case C.AZURE_AD.CHINA.KEY:
+      setProperties(config, {
+        endpoint:      C.AZURE_AD.CHINA.ENDPOINT,
+        graphEndpoint: C.AZURE_AD.CHINA.GRAPH_ENDPOINT,
+        tokenEndpoint: `${ C.AZURE_AD.CHINA.ENDPOINT }${ tenantId }/oauth2/token`,
+        authEndpoint:  `${ C.AZURE_AD.CHINA.ENDPOINT }${ tenantId }/oauth2/authorize`,
+      });
+      break;
+    case C.AZURE_AD.CUSTOM.KEY:
+      setProperties(config, {
+        endpoint:      C.AZURE_AD.STANDARD.ENDPOINT,
+        graphEndpoint: '',
+        tokenEndpoint: '',
+        authEndpoint:  '',
+      });
+      break;
+    }
+  }),
+});
diff --git a/lib/global-admin/addon/components/azuread-endpoints/template.hbs b/lib/global-admin/addon/components/azuread-endpoints/template.hbs
new file mode 100644
index 000000000..0a6fcf198
--- /dev/null
+++ b/lib/global-admin/addon/components/azuread-endpoints/template.hbs
@@ -0,0 +1,59 @@
+<label class="acc-label mt-5">{{t 'authPage.azuread.configure.endpoints.label'}}{{field-required}}</label>
+<div class="row">
+<div class="col span-6">
+  <div class="radio">
+    <label>
+      {{radio-button selection=region value='standard'}} {{t 'authPage.azuread.configure.regions.standard'}}
+    </label>
+  </div>
+</div>
+</div>
+<div class="row">
+<div class="col span-6">
+  <div class="radio">
+    <label>
+      {{radio-button selection=region value='china'}} {{t 'authPage.azuread.configure.regions.china'}}
+    </label>
+  </div>
+</div>
+</div>
+<div class="row">
+<div class="col span-6">
+  <div class="radio">
+    <label>
+      {{radio-button selection=region value='custom'}} {{t 'authPage.azuread.configure.regions.custom'}}
+    </label>
+  </div>
+</div>
+</div>
+{{!-- {{#if (eq region 'custom')}} --}}
+<div class="row">
+  <div class="col span-6">
+    <div class="inline-form">
+      <label class="acc-label pb-5" for="endpoint">{{t 'authPage.azuread.configure.azureADEndpoint.label'}}{{field-required}}</label>
+      {{input id="endpoint" type="url" value=authConfig.endpoint classNames="form-control"}}
+    </div>
+  </div>
+  <div class="col span-6">
+    <div class="inline-form">
+      <label class="acc-label pb-5" for="graph-endpoint">{{t 'authPage.azuread.configure.azureADGraphEndpoint.label'}}{{field-required}}</label>
+      {{input id="graph-endpoint" type="url" value=authConfig.graphEndpoint classNames="form-control"}}
+    </div>
+  </div>
+</div>
+
+<div class="row">
+  <div class="col span-6">
+    <div class="inline-form">
+      <label class="acc-label pb-5" for="token-endpoint" >{{t 'authPage.azuread.configure.azureADTokenEndpoint.label'}}{{field-required}}</label>
+      {{input id="token-endpoint" type="url" value=authConfig.tokenEndpoint classNames="form-control"}}
+    </div>
+  </div>
+  <div class="col span-6">
+    <div class="inline-form">
+      <label class="acc-label pb-5" for="auth-endpoint">{{t 'authPage.azuread.configure.azureADAuthEndpoint.label'}}{{field-required}}</label>
+      {{input id="auth-endpoint" type="url" value=authConfig.authEndpoint classNames="form-control"}}
+    </div>
+  </div>
+</div>
+{{!-- {{/if}} --}}
\ No newline at end of file
diff --git a/lib/global-admin/addon/security/authentication/azuread/controller.js b/lib/global-admin/addon/security/authentication/azuread/controller.js
index 5f83cba7a..287f5c06a 100644
--- a/lib/global-admin/addon/security/authentication/azuread/controller.js
+++ b/lib/global-admin/addon/security/authentication/azuread/controller.js
@@ -17,6 +17,7 @@ export default Controller.extend(AuthMixin, {
   editing:        false,
   errors:         null,
   error:          null,
+  region:         null,
   _boundSucceed:  null,
 
   authConfig:     alias('model.azureADConfig'),
diff --git a/lib/global-admin/addon/security/authentication/azuread/template.hbs b/lib/global-admin/addon/security/authentication/azuread/template.hbs
index ac507f892..ec8f4314f 100644
--- a/lib/global-admin/addon/security/authentication/azuread/template.hbs
+++ b/lib/global-admin/addon/security/authentication/azuread/template.hbs
@@ -106,34 +106,9 @@
               </div>
             </div>
           </div>
-          <div class="row">
-            <div class="col span-6">
-              <div class="inline-form">
-                <label class="acc-label pb-5" for="endpoint">{{t 'authPage.azuread.configure.azureADEndpoint.label'}}{{field-required}}</label>
-                {{input id="endpoint" type="url" value=authConfig.endpoint classNames="form-control"}}
-              </div>
-            </div>
-            <div class="col span-6">
-              <div class="inline-form">
-                <label class="acc-label pb-5" for="graph-endpoint">{{t 'authPage.azuread.configure.azureADGraphEndpoint.label'}}{{field-required}}</label>
-                {{input id="graph-endpoint" type="url" value=authConfig.graphEndpoint classNames="form-control"}}
-              </div>
-            </div>
-          </div>
-          <div class="row">
-            <div class="col span-6">
-              <div class="inline-form">
-                <label class="acc-label pb-5" for="token-endpoint" >{{t 'authPage.azuread.configure.azureADTokenEndpoint.label'}}{{field-required}}</label>
-                {{input id="token-endpoint" type="url" value=authConfig.tokenEndpoint classNames="form-control"}}
-              </div>
-            </div>
-            <div class="col span-6">
-              <div class="inline-form">
-                <label class="acc-label pb-5" for="auth-endpoint">{{t 'authPage.azuread.configure.azureADAuthEndpoint.label'}}{{field-required}}</label>
-                {{input id="auth-endpoint" type="url" value=authConfig.authEndpoint classNames="form-control"}}
-              </div>
-            </div>
-          </div>
+          {{#if authConfig}}
+            {{azuread-endpoints isEnabled=isEnabled authConfig=authConfig}}
+          {{/if}}
           <div class="row mt-10">
             <div class="inline-form">
               <button class="btn bg-primary" style="display: block;margin: 0 auto;" {{action "test"}}>
diff --git a/lib/shared/addon/utils/constants.js b/lib/shared/addon/utils/constants.js
index 29c2cbac0..b741f9113 100644
--- a/lib/shared/addon/utils/constants.js
+++ b/lib/shared/addon/utils/constants.js
@@ -604,6 +604,20 @@ C.SUPPORTED_SCHEMA_INPUTS = [
   'base64',
 ];
 
+C.AZURE_AD = {
+  STANDARD: {
+    KEY:            'standard',
+    ENDPOINT:       'https://login.microsoftonline.com/',
+    GRAPH_ENDPOINT: 'https://graph.windows.net/'
+  },
+  CHINA: {
+    KEY:            'china',
+    ENDPOINT:       'https://login.chinacloudapi.cn/',
+    GRAPH_ENDPOINT: 'https://graph.chinacloudapi.cn/'
+  },
+  CUSTOM: { KEY: 'custom' }
+};
+
 C.AZURE_DEFAULTS = [
   'aadClientCertPassword',
   'aadClientCertPath',
diff --git a/translations/en-us.yaml b/translations/en-us.yaml
index 102138453..14def108f 100644
--- a/translations/en-us.yaml
+++ b/translations/en-us.yaml
@@ -511,6 +511,12 @@ authPage:
         label: Token Endpoint
       azureADAuthEndpoint:
         label: Auth Endpoint
+      endpoints:
+        label: Endpoints
+      regions:
+        standard: Standard
+        china: China
+        custom: Custom
       tenantId:
         label: Tenant ID
         placeholder: A long UUID string