cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2025-01-09 20:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Working on first-round updates for the authentication settings view.

Browse Source
This commit is contained in:
Matt Scott 2023-02-20 11:25:25 -05:00
parent bd94c97486
commit 0e94e18485
1 changed files with 586 additions and 484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

258
powerdnsadmin/templates/admin_setting_authentication.html
View File

@ -53,7 +53,7 @@
OAuth</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#tabs-github" data-toggle="pill" role="tab">Github
<a class="nav-link" href="#tabs-github" data-toggle="pill" role="tab">GitHub
OAuth</a>
</li>
<li class="nav-item">
@ -68,6 +68,8 @@
<div class="tab-content">
<div class="tab-pane active" id="tabs-general">
<div class="row">
<div class="col-12 col-sm-6 col-lg-4">
<form role="form" method="post">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<input type="hidden" value="general" name="config_tab"/>
@ -81,19 +83,34 @@
name="local_db_enabled"
class="checkbox"
{% if SETTING.get('local_db_enabled') %}checked{% endif %}>
<label for="local_db_enabled">Local DB Authentication</label>
<label for="local_db_enabled">Local DB
Authentication</label>
</div>
<div class="form-group">
<input type="checkbox" id="signup_enabled" name="signup_enabled"
<input type="checkbox" id="signup_enabled"
name="signup_enabled"
class="checkbox"
{% if SETTING.get('signup_enabled') %}checked{% endif %}>
<label for="signup_enabled">Allow users to sign up</label>
<label for="signup_enabled">Allow users to sign
up</label>
</div>
<button type="submit" class="btn btn-primary">Save</button>
</div>
</div>
</form>
</div>
<div class="col-12 col-sm-6 col-lg-8">
<div class="card">
<div class="card-header">
<h3 class="card-title">Settings Help</h3>
</div>
<div class="card-body">
<p>Fill in all the fields in the left form.</p>
</div>
</div>
</div>
</div>
</div>
<!-- /.tab-pane -->
<div class="tab-pane" id="tabs-ldap">
@ -117,7 +134,6 @@
</div>
<div class="card-body">
<fieldset>
<legend>GENERAL</legend>
<div class="form-group">
<input type="checkbox" id="ldap_enabled"
name="ldap_enabled"
@ -382,7 +398,7 @@
<div class="col-12 col-sm-6 col-lg-8">
<div class="card">
<div class="card-header">
<h3 class="card-title">LDAP Settings Help</h3>
<h3 class="card-title">Settings Help</h3>
</div>
<div class="card-body">
<dl class="dl-horizontal">
@ -532,7 +548,6 @@
keep
their existing associations and their current
Role.
</li>
</ul>
</dd>
@ -546,15 +561,17 @@
<div class="tab-pane" id="tabs-google">
<div class="row">
<div class="col-4">
<div class="card">
<div class="card-body">
<div class="col-12 col-sm-6 col-lg-4">
<form role="form" method="post" data-toggle="validator">
<input type="hidden" name="_csrf_token"
value="{{ csrf_token() }}">
<input type="hidden" value="google" name="config_tab"/>
<div class="card">
<div class="card-header">
<h3 class="card-title">Google OAuth Settings</h3>
</div>
<div class="card-body">
<fieldset>
<legend>GENERAL</legend>
<div class="form-group">
<input type="checkbox" id="google_oauth_enabled"
name="google_oauth_enabled" class="checkbox"
@ -632,14 +649,14 @@
class="btn btn-primary float-right">Save
</button>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
<div class="col-8">
<div class="col-12 col-sm-6 col-lg-8">
<div class="card">
<div class="card-header">
<h3 class="card-title">Help</h3>
<h3 class="card-title">Settings Help</h3>
</div>
<div class="card-body">
<p>Fill in all the fields in the left form.</p>
@ -655,12 +672,16 @@
<div class="tab-pane" id="tabs-github">
<div class="row">
<div class="col-4">
<div class="col-12 col-sm-6 col-lg-4">
<form role="form" method="post" data-toggle="validator">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<input type="hidden" value="github" name="config_tab"/>
<div class="card">
<div class="card-header">
<h3 class="card-title">GitHub OAuth Settings</h3>
</div>
<div class="card-body">
<fieldset>
<legend>GENERAL</legend>
<div class="form-group">
<input type="checkbox" id="github_oauth_enabled"
name="github_oauth_enabled" class="checkbox"
@ -678,9 +699,11 @@
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="github_oauth_secret">Client secret</label>
<label for="github_oauth_secret">Client
secret</label>
<input type="text" class="form-control"
name="github_oauth_secret" id="github_oauth_secret"
name="github_oauth_secret"
id="github_oauth_secret"
placeholder="Github OAuth client secret"
data-error="Please input Client secret"
value="{{ SETTING.get('github_oauth_secret') }}">
@ -692,7 +715,8 @@
<div class="form-group">
<label for="github_oauth_scope">Scope</label>
<input type="text" class="form-control"
name="github_oauth_scope" id="github_oauth_scope"
name="github_oauth_scope"
id="github_oauth_scope"
placeholder="e.g. email"
data-error="Please input scope"
value="{{ SETTING.get('github_oauth_scope') }}">
@ -701,14 +725,16 @@
<div class="form-group">
<label for="github_oauth_api_url">API URL</label>
<input type="text" class="form-control"
name="github_oauth_api_url" id="github_oauth_api_url"
name="github_oauth_api_url"
id="github_oauth_api_url"
placeholder="e.g. https://api.github.com/user"
data-error="Please input API URL"
value="{{ SETTING.get('github_oauth_api_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="github_oauth_token_url">Token URL</label>
<label for="github_oauth_token_url">Token
URL</label>
<input type="text" class="form-control"
name="github_oauth_token_url"
id="github_oauth_token_url"
@ -730,32 +756,46 @@
</div>
</fieldset>
<div class="form-group">
<button type="submit" class="btn btn-flat btn-primary">Save
<button type="submit" class="btn btn-flat btn-primary">
Save
</button>
</div>
</div>
</div>
</form>
</div>
<div class="col-8">
<legend>Help</legend>
<div class="col-12 col-sm-6 col-lg-8">
<div class="card">
<div class="card-header">
<h3 class="card-title">Settings Help</h3>
</div>
<div class="card-body">
<p>Fill in all the fields in the left form.</p>
</div>
</div>
</div>
</div>
</div>
<!-- /.tab-pane -->
<div class="tab-pane" id="tabs-azure">
<div class="row">
<div class="col-4">
<div class="col-12 col-sm-6 col-lg-4">
<form role="form" method="post" data-toggle="validator">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<input type="hidden" value="azure" name="config_tab"/>
<div class="card">
<div class="card-header">
<h3 class="card-title">Microsoft OAuth Settings</h3>
</div>
<div class="card-body">
<fieldset>
<legend>GENERAL</legend>
<div class="form-group">
<input type="checkbox" id="azure_oauth_enabled"
name="azure_oauth_enabled" class="checkbox"
{% if SETTING.get('azure_oauth_enabled') %}checked{% endif %}>
<label for="azure_oauth_enabled">Enable Microsoft Azure
<label for="azure_oauth_enabled">Enable Microsoft
Azure
OAuth</label>
</div>
<div class="form-group">
@ -768,9 +808,11 @@
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="azure_oauth_secret">Client secret</label>
<label for="azure_oauth_secret">Client
secret</label>
<input type="text" class="form-control"
name="azure_oauth_secret" id="azure_oauth_secret"
name="azure_oauth_secret"
id="azure_oauth_secret"
placeholder="Azure OAuth client secret"
data-error="Please input Client secret"
value="{{ SETTING.get('azure_oauth_secret') }}">
@ -782,7 +824,8 @@
<div class="form-group">
<label for="azure_oauth_scope">Scope</label>
<input type="text" class="form-control"
name="azure_oauth_scope" id="azure_oauth_scope"
name="azure_oauth_scope"
id="azure_oauth_scope"
placeholder="e.g. email"
data-error="Please input scope - e.g. User.Read"
value="{{ SETTING.get('azure_oauth_scope') }}">
@ -791,7 +834,8 @@
<div class="form-group">
<label for="azure_oauth_api_url">API URL</label>
<input type="text" class="form-control"
name="azure_oauth_api_url" id="azure_oauth_api_url"
name="azure_oauth_api_url"
id="azure_oauth_api_url"
placeholder="e.g. https://graph.microsoft.com/v1.0/"
data-error="Please input API URL"
value="{{ SETTING.get('azure_oauth_api_url') }}">
@ -808,7 +852,8 @@
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="azure_oauth_authorize_url">Authorize URL</label>
<label for="azure_oauth_authorize_url">Authorize
URL</label>
<input type="text" class="form-control"
name="azure_oauth_authorize_url"
id="azure_oauth_authorize_url"
@ -841,16 +886,19 @@
<div class="form-group">
<label for="azure_admin_group">Admin group</label>
<input type="text" class="form-control"
name="azure_admin_group" id="azure_admin_group"
name="azure_admin_group"
id="azure_admin_group"
placeholder="e.g. 00000000-0000-0000-0000-000000000000"
data-error="Please input the ID for Admin group"
value="{{ SETTING.get('azure_admin_group') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="azure_operator_group">Operator group</label>
<label for="azure_operator_group">Operator
group</label>
<input type="text" class="form-control"
name="azure_operator_group" id="azure_operator_group"
name="azure_operator_group"
id="azure_operator_group"
placeholder="e.g. 00000000-0000-0000-0000-000000000000"
data-error="Please input the ID for Operator group"
value="{{ SETTING.get('azure_operator_group') }}">
@ -869,12 +917,14 @@
<fieldset>
<legend>AZURE GROUP ACCOUNT SYNC/CREATION</legend>
<div class="form-group">
<label for="azure_group_accounts_enabled">Status</label>
<label
for="azure_group_accounts_enabled">Status</label>
<div class="radio">
<label>
<input type="radio"
name="azure_group_accounts_enabled"
id="azure_group_accounts_off" value="OFF"
id="azure_group_accounts_off"
value="OFF"
{% if not SETTING.get('azure_group_accounts_enabled') %}checked{% endif %}>
OFF
</label>
@ -882,14 +932,16 @@
<label>
<input type="radio"
name="azure_group_accounts_enabled"
id="azure_group_accounts_on" value="ON"
id="azure_group_accounts_on"
value="ON"
{% if SETTING.get('azure_group_accounts_enabled') %}checked{% endif %}>
ON
</label>
</div>
</div>
<div class="form-group">
<label for="azure_group_accounts_name">Azure group name
<label for="azure_group_accounts_name">Azure group
name
claim</label>
<input type="text" class="form-control"
name="azure_group_accounts_name"
@ -900,7 +952,8 @@
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="azure_group_accounts_name_re">Azure group name
<label for="azure_group_accounts_name_re">Azure
group name
claim regex</label>
<input type="text" class="form-control"
name="azure_group_accounts_name_re"
@ -911,7 +964,8 @@
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="azure_group_accounts_description">Azure group
<label for="azure_group_accounts_description">Azure
group
description claim</label>
<input type="text" class="form-control"
name="azure_group_accounts_description"
@ -922,7 +976,8 @@
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="azure_group_accounts_name_re">Azure group name
<label for="azure_group_accounts_name_re">Azure
group name
description regex</label>
<input type="text" class="form-control"
name="azure_group_accounts_description_re"
@ -934,54 +989,78 @@
</div>
</fieldset>
<div class="form-group">
<button type="submit" class="btn btn-flat btn-primary">Save
<button type="submit" class="btn btn-flat btn-primary">
Save
</button>
</div>
</div>
</div>
</form>
</div>
<div class="col-8">
<legend>Help</legend>
<div class="col-12 col-sm-6 col-lg-8">
<div class="card">
<div class="card-header">
<h3 class="card-title">Settings Help</h3>
</div>
<div class="card-body">
<p>Fill in all the fields in the left form.</p>
<p>You first need to define an Application Registration in your Azure
Active Directory, with the appropriate HTTPS URL for this endpoint,
<p>You first need to define an Application Registration in your
Azure
Active Directory, with the appropriate HTTPS URL for this
endpoint,
and with the appropriate rights, as explained in the
documentation.</p>
<p>
<ul>
<li>Under the Azure Active Directory, select App Registrations, and
create a new one. Give it any name you want, and the Redirect
<li>Under the Azure Active Directory, select App
Registrations, and
create a new one. Give it any name you want, and the
Redirect
URI shoule be type 'Web' and of the format <b>https://powerdnsadmin/azure/authorized</b>
(replace the host name approriately).
</li>
<li>Select the newly-created registration</li>
<li>On the Overview page, the Application ID is your new Client ID
<li>On the Overview page, the Application ID is your new
Client ID
to use with PowerDNS-Admin
</li>
<li>On the Overview page, make a note of your Directory/Tenant ID -
<li>On the Overview page, make a note of your
Directory/Tenant ID -
you need it for the API URLs later
</li>
<li>Ensure Access Tokens are enabled in the Authentication section
<li>Ensure Access Tokens are enabled in the Authentication
section
</li>
<li>Under Certificates and Secrets, create a new Client Secret. Note
<li>Under Certificates and Secrets, create a new Client
Secret. Note
this secret as it is the new Client Secret to use with
PowerDNS-Admin
</li>
<li>Under API Permissions, you need to add permissions. Add
permissions for Graph API, Delegated. Add: email, openid,
profile, GroupMember.Read, User.Read and possibly User.Read.All.
You then need to grant admin approval for your organisation.
permissions for Graph API, Delegated. Add: email,
openid,
profile, GroupMember.Read, User.Read and possibly
User.Read.All.
You then need to grant admin approval for your
organisation.
</li>
<li>For the Scope, use <b>User.Read openid mail profile</b></li>
<li>Replace the [tenantID] in the default URLs for authorize and
<li>For the Scope, use <b>User.Read openid mail profile</b>
</li>
<li>Replace the [tenantID] in the default URLs for authorize
and
token with your Tenant ID.
</li>
</ul>
</p>
<p>If <b>AZURE GROUP ACCOUNT SYNC/CREATION</b> is enabled, Accounts will
be created automatically based on group membership. If an Account
exists, an authenticated user with group membership is added to the
<p>If <b>AZURE GROUP ACCOUNT SYNC/CREATION</b> is enabled,
Accounts will
be created automatically based on group membership. If an
Account
exists, an authenticated user with group membership is added
to the
Account</p>
</div>
</div>
</div>
</div>
</div>
@ -989,17 +1068,22 @@
<div class="tab-pane" id="tabs-oidc">
<div class="row">
<div class="col-4">
<div class="col-12 col-sm-6 col-lg-4">
<form role="form" method="post" data-toggle="validator">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<input type="hidden" value="oidc" name="config_tab"/>
<div class="card">
<div class="card-header">
<h3 class="card-title">OpenID Connect OAuth Settings</h3>
</div>
<div class="card-body">
<fieldset>
<legend>GENERAL</legend>
<div class="form-group">
<input type="checkbox" id="oidc_oauth_enabled"
name="oidc_oauth_enabled" class="checkbox"
{% if SETTING.get('oidc_oauth_enabled') %}checked{% endif %}>
<label for="oidc_oauth_enabled">Enable OpenID Connect
<label for="oidc_oauth_enabled">Enable OpenID
Connect
OAuth</label>
</div>
<div class="form-group">
@ -1014,7 +1098,8 @@
<div class="form-group">
<label for="oidc_oauth_secret">Client secret</label>
<input type="text" class="form-control"
name="oidc_oauth_secret" id="oidc_oauth_secret"
name="oidc_oauth_secret"
id="oidc_oauth_secret"
placeholder="OIDC OAuth client secret"
data-error="Please input Client secret"
value="{{ SETTING.get('oidc_oauth_secret') }}">
@ -1032,7 +1117,8 @@
<div class="form-group">
<label for="oidc_oauth_api_url">API URL</label>
<input type="text" class="form-control"
name="oidc_oauth_api_url" id="oidc_oauth_api_url"
name="oidc_oauth_api_url"
id="oidc_oauth_api_url"
placeholder="e.g. https://api.oidc.com/user"
data-error="Please input API URL"
value="{{ SETTING.get('oidc_oauth_api_url') }}">
@ -1041,14 +1127,16 @@
<div class="form-group">
<label for="oidc_oauth_token_url">Token URL</label>
<input type="text" class="form-control"
name="oidc_oauth_token_url" id="oidc_oauth_token_url"
name="oidc_oauth_token_url"
id="oidc_oauth_token_url"
placeholder="e.g. https://oidc.com/login/oauth/access_token"
data-error="Please input Token URL"
value="{{ SETTING.get('oidc_oauth_token_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="oidc_oauth_authorize_url">Authorize URL</label>
<label for="oidc_oauth_authorize_url">Authorize
URL</label>
<input type="text" class="form-control"
name="oidc_oauth_authorize_url"
id="oidc_oauth_authorize_url"
@ -1058,7 +1146,8 @@
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="oidc_oauth_logout_url">Logout URL</label>
<label for="oidc_oauth_logout_url">Logout
URL</label>
<input type="text" class="form-control"
name="oidc_oauth_logout_url"
id="oidc_oauth_logout_url"
@ -1073,7 +1162,8 @@
<div class="form-group">
<label for="oidc_oauth_username">Username</label>
<input type="text" class="form-control"
name="oidc_oauth_username" id="oidc_oauth_username"
name="oidc_oauth_username"
id="oidc_oauth_username"
placeholder="e.g. preferred_username"
data-error="Please input Username claim"
value="{{ SETTING.get('oidc_oauth_username') }}">
@ -1082,7 +1172,8 @@
<div class="form-group">
<label for="oidc_oauth_firstname">First Name</label>
<input type="text" class="form-control"
name="oidc_oauth_firstname" id="oidc_oauth_firstname"
name="oidc_oauth_firstname"
id="oidc_oauth_firstname"
placeholder="e.g. given_name"
data-error="Please input First Name claim"
value="{{ SETTING.get('oidc_oauth_firstname') }}">
@ -1091,7 +1182,8 @@
<div class="form-group">
<label for="oidc_oauth_last_name">Last Name</label>
<input type="text" class="form-control"
name="oidc_oauth_last_name" id="oidc_oauth_last_name"
name="oidc_oauth_last_name"
id="oidc_oauth_last_name"
placeholder="e.g. family_name"
data-error="Please input Last Name claim"
value="{{ SETTING.get('oidc_oauth_last_name') }}">
@ -1121,7 +1213,8 @@
<span class="help-block with-errors"></span>
</div>
<div class="form-group">
<label for="oidc_oauth_account_description_property">Autoprovision
<label
for="oidc_oauth_account_description_property">Autoprovision
Account Description property</label>
<input type="text" class="form-control"
name="oidc_oauth_account_description_property"
@ -1133,17 +1226,26 @@
</div>
</fieldset>
<div class="form-group">
<button type="submit" class="btn btn-flat btn-primary">Save
<button type="submit" class="btn btn-flat btn-primary">
Save
</button>
</div>
</div>
</div>
</form>
</div>
<div class="col-8">
<legend>Help</legend>
<div class="col-12 col-sm-6 col-lg-8">
<div class="card">
<div class="card-header">
<h3 class="card-title">Settings Help</h3>
</div>
<div class="card-body">
<p>Fill in all the fields in the left form.</p>
</div>
</div>
</div>
</div>
</div>
<!-- /.tab-pane -->
</div>