From 0912dd2805dba75d2b3cc45bf3ac0f366c60eb36 Mon Sep 17 00:00:00 2001 From: Matt Scott Date: Mon, 10 Apr 2023 07:39:21 -0400 Subject: [PATCH] Working on Knockout model integration into existing authentication settings editor view. Settings are now loading via new backend API. --- powerdnsadmin/models/setting.py | 115 ++++++++++++++++++ powerdnsadmin/routes/admin.py | 7 ++ .../js/app-authentication-settings-editor.js | 70 ++++++++--- .../admin_setting_authentication.html | 108 ++++++++++------ powerdnsadmin/templates/base.html | 2 +- 5 files changed, 244 insertions(+), 58 deletions(-) diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py index 80a72c1..af90bbc 100644 --- a/powerdnsadmin/models/setting.py +++ b/powerdnsadmin/models/setting.py @@ -226,6 +226,103 @@ class Setting(db.Model): }, } + groups = { + 'authentication': [ + # Local Authentication Settings + 'local_db_enabled', + 'signup_enabled', + 'pwd_enforce_characters', + 'pwd_min_len', + 'pwd_min_lowercase', + 'pwd_min_uppercase', + 'pwd_min_digits', + 'pwd_min_special', + 'pwd_enforce_complexity', + 'pwd_min_complexity', + + # LDAP Authentication Settings + 'ldap_enabled', + 'ldap_type', + 'ldap_uri', + 'ldap_base_dn', + 'ldap_admin_username', + 'ldap_admin_password', + 'ldap_domain', + 'ldap_filter_basic', + 'ldap_filter_username', + 'ldap_filter_group', + 'ldap_filter_groupname', + 'ldap_sg_enabled', + 'ldap_admin_group', + 'ldap_operator_group', + 'ldap_user_group', + 'autoprovisioning', + 'autoprovisioning_attribute', + 'urn_value', + 'purge', + + # Google OAuth2 Settings + 'google_oauth_enabled', + 'google_oauth_client_id', + 'google_oauth_client_secret', + 'google_oauth_scope', + 'google_base_url', + 'google_oauth_auto_configure', + 'google_oauth_metadata_url', + 'google_token_url', + 'google_authorize_url', + + # GitHub OAuth2 Settings + 'github_oauth_enabled', + 'github_oauth_key', + 'github_oauth_secret', + 'github_oauth_scope', + 'github_oauth_api_url', + 'github_oauth_auto_configure', + 'github_oauth_metadata_url', + 'github_oauth_token_url', + 'github_oauth_authorize_url', + + # Azure OAuth2 Settings + 'azure_oauth_enabled', + 'azure_oauth_key', + 'azure_oauth_secret', + 'azure_oauth_scope', + 'azure_oauth_api_url', + 'azure_oauth_auto_configure', + 'azure_oauth_metadata_url', + 'azure_oauth_token_url', + 'azure_oauth_authorize_url', + 'azure_sg_enabled', + 'azure_admin_group', + 'azure_operator_group', + 'azure_user_group', + 'azure_group_accounts_enabled', + 'azure_group_accounts_name', + 'azure_group_accounts_name_re', + 'azure_group_accounts_description', + 'azure_group_accounts_description_re', + + # OIDC OAuth2 Settings + 'oidc_oauth_enabled', + 'oidc_oauth_key', + 'oidc_oauth_secret', + 'oidc_oauth_scope', + 'oidc_oauth_api_url', + 'oidc_oauth_auto_configure', + 'oidc_oauth_metadata_url', + 'oidc_oauth_token_url', + 'oidc_oauth_authorize_url', + 'oidc_oauth_logout_url', + 'oidc_oauth_username', + 'oidc_oauth_email', + 'oidc_oauth_firstname', + 'oidc_oauth_last_name', + 'oidc_oauth_account_name_property', + 'oidc_oauth_account_description_property', + ] + } + def __init__(self, id=None, name=None, value=None): self.id = id self.name = name @@ -321,6 +418,24 @@ class Setting(db.Model): else: current_app.logger.error('Unknown setting queried: {0}'.format(setting)) + def get_group(self, group): + if isinstance(group, str): + group = self.groups[group] + + result = {} + records = self.query.all() + + for record in records: + if record.name in group: + value = record.value + + if value in ['True', 'False']: + value = strtobool(value) + + result[record.name] = value + + return result + def get_records_allow_to_edit(self): return list( set(self.get_forward_records_allow_to_edit() + diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py index 7ec669d..b8bc9f3 100644 --- a/powerdnsadmin/routes/admin.py +++ b/powerdnsadmin/routes/admin.py @@ -1829,6 +1829,13 @@ def setting_authentication(): result=result) +@admin_bp.route('/setting/authentication/api', methods=['GET', 'POST']) +@login_required +@admin_role_required +def setting_authentication_api(): + return Setting().get_group('authentication') + + @admin_bp.route('/templates', methods=['GET', 'POST']) @admin_bp.route('/templates/list', methods=['GET', 'POST']) @login_required diff --git a/powerdnsadmin/static/custom/js/app-authentication-settings-editor.js b/powerdnsadmin/static/custom/js/app-authentication-settings-editor.js index db2530e..aed515a 100644 --- a/powerdnsadmin/static/custom/js/app-authentication-settings-editor.js +++ b/powerdnsadmin/static/custom/js/app-authentication-settings-editor.js @@ -1,7 +1,11 @@ let model; -let AuthenticationSettingsModel = function (user_data, csrf_token, selector) { +let AuthenticationSettingsModel = function (user_data, api_url, csrf_token, selector) { let self = this; + self.api_url = api_url; + self.csrf_token = csrf_token; + self.selector = selector; + self.loading = false; let defaults = { tab_active: '', @@ -31,14 +35,14 @@ let AuthenticationSettingsModel = function (user_data, csrf_token, selector) { ldap_filter_username: '', ldap_filter_group: '', ldap_filter_groupname: '', - ldap_sg_enabled: false, + ldap_sg_enabled: 0, ldap_admin_group: '', ldap_operator_group: '', ldap_user_group: '', - autoprovisioning: false, + autoprovisioning: 0, autoprovisioning_attribute: '', urn_value: '', - purge: false, + purge: 0, // Google OAuth2 Settings google_oauth_enabled: false, @@ -104,6 +108,7 @@ let AuthenticationSettingsModel = function (user_data, csrf_token, selector) { self.data = {}; self.setupObservables = function () { + self.loading = ko.observable(self.loading); self.tab_active = ko.observable(self.data.tab_active); self.tab_default = ko.observable(self.data.tab_default); @@ -201,6 +206,25 @@ let AuthenticationSettingsModel = function (user_data, csrf_token, selector) { self.oidc_oauth_account_description_property = ko.observable(self.data.oidc_oauth_account_description_property); } + self.initTabs = function () { + if (self.hasHash()) { + self.activateTab(self.getHash()); + } else { + self.activateDefaultTab(); + } + } + + self.loadData = function () { + self.loading = true; + $.ajax({ + url: self.api_url, + type: 'POST', + data: {_csrf_token: csrf_token}, + dataType: 'json', + success: self.onDataLoaded + }); + } + self.updateWithDefaults = function (instance) { self.data = $.extend(defaults, instance) } @@ -215,14 +239,6 @@ let AuthenticationSettingsModel = function (user_data, csrf_token, selector) { self.activateTab(self.tab_default()); } - self.initTabs = function() { - if (self.hasHash()) { - self.activateTab(self.getHash()); - } else { - self.activateDefaultTab(); - } - } - self.getHash = function () { return window.location.hash.substring(1); } @@ -243,6 +259,26 @@ let AuthenticationSettingsModel = function (user_data, csrf_token, selector) { } } + self.onDataLoaded = function (data) { + self.updateWithDefaults(data); + self.setupObservables(); + self.loading = false; + + let el = null; + if (typeof selector !== 'undefined') { + el = $(selector) + } + + if (el !== null && el.length > 0) { + ko.applyBindings(self, el[0]); + } else { + ko.applyBindings(self); + } + + self.initTabs(); + self.setupListeners(); + } + self.onTabClick = function (model, event) { self.activateTab($(event.target).data('tab')); return false; @@ -257,17 +293,11 @@ let AuthenticationSettingsModel = function (user_data, csrf_token, selector) { } } - self.updateWithDefaults(user_data); - self.setupObservables(); - - ko.applyBindings(self); - - self.initTabs(); - self.setupListeners(); + self.loadData(); } $(function () { // TODO: Load the data from the server and pass it to the model instantiation loaded_data = {}; - model = new AuthenticationSettingsModel(loaded_data, CSRF_TOKEN, '#settings-editor'); + model = new AuthenticationSettingsModel(loaded_data, API_URL, CSRF_TOKEN, '#settings-editor'); }) \ No newline at end of file diff --git a/powerdnsadmin/templates/admin_setting_authentication.html b/powerdnsadmin/templates/admin_setting_authentication.html index a20671b..8a91666 100644 --- a/powerdnsadmin/templates/admin_setting_authentication.html +++ b/powerdnsadmin/templates/admin_setting_authentication.html @@ -12,6 +12,7 @@
  1. Home
    2. +
  2. Settings
  3. Authentication Settings
@@ -31,6 +32,12 @@
+
+
+ +
Loading settings...
+
+
{% if result %}
@@ -351,7 +358,8 @@
-
+
-
+
-
+
+ data-bind="enable: ldap_enabled, checked: ldap_sg_enabled, checkedValue: 0"> OFF    
@@ -493,14 +503,14 @@    
@@ -538,7 +548,7 @@ + data-bind="enable: ldap_enabled() && autoprovisioning(), checked: purge, checkedValue: 0"> OFF     @@ -546,7 +556,7 @@ + data-bind="enable: ldap_enabled() && autoprovisioning(), checked: purge, checkedValue: 1"> ON
@@ -798,13 +808,17 @@
- -
-
+
-
+
-
+
- -
-
+
-
+
-
+
-
-
+
-
+
-
+
+ data-bind="enable: azure_oauth_enabled, checked: azure_sg_enabled, checkedValue: 0"> OFF    
@@ -1171,7 +1198,7 @@ name="azure_group_accounts_enabled" id="azure_group_accounts_off" value="0" - data-bind="enable: azure_oauth_enabled, checked: azure_group_accounts_enabled, checkedValue: false"> + data-bind="enable: azure_oauth_enabled, checked: azure_group_accounts_enabled, checkedValue: 0"> OFF     @@ -1180,7 +1207,7 @@ name="azure_group_accounts_enabled" id="azure_group_accounts_on" value="1" - data-bind="enable: azure_oauth_enabled, checked: azure_group_accounts_enabled, checkedValue: true"> + data-bind="enable: azure_oauth_enabled, checked: azure_group_accounts_enabled, checkedValue: 1"> ON
@@ -1383,13 +1410,16 @@
-
-
+
-
+
-
+
- let CSRF_TOKEN = '{{ csrf_token() }}'; + let API_URL = '{{ url_for('admin.setting_authentication_api') }}'; + let CSRF_TOKEN = '{{ csrf_token() }}'; - +