mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-12-28 22:15:40 +00:00
748 lines
53 KiB
HTML
748 lines
53 KiB
HTML
{% extends "base.html" %}
|
|
{% set active_page = "admin_settings" %}
|
|
{% block title %}
|
|
<title>Authentication Settings - {{ SITE_NAME }}</title>
|
|
{% endblock %} {% block dashboard_stat %}
|
|
<!-- Content Header (Page header) -->
|
|
<section class="content-header">
|
|
<h1>
|
|
Settings <small>PowerDNS-Admin settings</small>
|
|
</h1>
|
|
<ol class="breadcrumb">
|
|
<li><a href="{{ url_for('dashboard.dashboard') }}"><i class="fa fa-dashboard"></i> Home</a></li>
|
|
<li><a href="#">Setting</a></li>
|
|
<li class="active">Authentication</li>
|
|
</ol>
|
|
<script>
|
|
function ldapSelection() {
|
|
if (document.getElementById('ldap').checked) {
|
|
document.getElementById('ldap_openldap_fields').style.display = 'block';
|
|
document.getElementById('ldap_ad_fields').style.display = 'none';
|
|
} else {
|
|
document.getElementById('ldap_openldap_fields').style.display = 'none';
|
|
document.getElementById('ldap_ad_fields').style.display = 'block';
|
|
}
|
|
}
|
|
|
|
window.onload = function() {
|
|
ldapSelection();
|
|
}
|
|
</script>
|
|
</section>
|
|
{% endblock %}
|
|
{% block content %}
|
|
<section class="content">
|
|
<div class="row">
|
|
<div class="col-lg-12">
|
|
<div class="box box-primary">
|
|
<div class="box-header with-border">
|
|
<h3 class="box-title">Authentication Settings</h3>
|
|
</div>
|
|
<div class="box-body">
|
|
{% if result %}
|
|
<div class="alert {% if result['status'] %}alert-success{% else %}alert-danger{% endif%} alert-dismissible">
|
|
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
|
|
{{ result['msg'] }}
|
|
</div>
|
|
{% endif %}
|
|
<!-- Custom Tabs -->
|
|
<div class="nav-tabs-custom" id="tabs">
|
|
<ul class="nav nav-tabs">
|
|
<li class="active"><a href="#tabs-general" data-toggle="tab">General</a></li>
|
|
<li class="active"><a href="#tabs-ldap" data-toggle="tab">LDAP</a></li>
|
|
<li><a href="#tabs-google" data-toggle="tab">Google OAuth</a></li>
|
|
<li><a href="#tabs-github" data-toggle="tab">Github OAuth</a></li>
|
|
<li><a href="#tabs-azure" data-toggle="tab">Microsoft OAuth</a></li>
|
|
<li><a href="#tabs-oidc" data-toggle="tab">OpenID Connect OAuth</a></li>
|
|
</ul>
|
|
<div class="tab-content">
|
|
<div class="tab-pane active" id="tabs-general">
|
|
<form role="form" method="post">
|
|
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
|
|
<input type="hidden" value="general" name="config_tab" />
|
|
<div class="form-group">
|
|
<input type="checkbox" id="local_db_enabled" name="local_db_enabled" class="checkbox" {% if SETTING.get('local_db_enabled') %}checked{% endif %}>
|
|
<label for="local_db_enabled">Local DB Authentication</label>
|
|
</div>
|
|
<div class="form-group">
|
|
<input type="checkbox" id="signup_enabled" name="signup_enabled" class="checkbox" {% if SETTING.get('signup_enabled') %}checked{% endif %}>
|
|
<label for="signup_enabled">Allow users to sign up</label>
|
|
</div>
|
|
<div class="form-group">
|
|
<button type="submit" class="btn btn-flat btn-primary">Save</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
<div class="tab-pane active" id="tabs-ldap">
|
|
<div class="row">
|
|
<div class="col-md-4">
|
|
<form role="form" method="post" data-toggle="validator">
|
|
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
|
|
<input type="hidden" value="ldap" name="config_tab" />
|
|
<fieldset>
|
|
<legend>GENERAL</legend>
|
|
<div class="form-group">
|
|
<input type="checkbox" id="ldap_enabled" name="ldap_enabled" class="checkbox" {% if SETTING.get('ldap_enabled') %}checked{% endif %}>
|
|
<label for="ldap_enabled">Enable LDAP Authentication</label>
|
|
</div>
|
|
<div class="form-group">
|
|
<label>Type</label>
|
|
<div class="radio">
|
|
<label>
|
|
<input type="radio" name="ldap_type" id="ldap" onclick="javascript:ldapSelection();" value="ldap" {% if SETTING.get('ldap_type')=='ldap' %}checked{% endif %}> OpenLDAP
|
|
</label>
|
|
|
|
<label>
|
|
<input type="radio" name="ldap_type" id="ad" onclick="javascript:ldapSelection();" value="ad" {% if SETTING.get('ldap_type')=='ad' %}checked{% endif %}> Active Directory
|
|
</label>
|
|
</div>
|
|
</div>
|
|
</fieldset>
|
|
<fieldset>
|
|
<legend>ADMINISTRATOR INFO</legend>
|
|
<div class="form-group">
|
|
<label for="ldap_uri">LDAP URI</label>
|
|
<input type="text" class="form-control" name="ldap_uri" id="ldap_uri" placeholder="e.g. ldaps://your-ldap-server:636" data-error="Please input LDAP URI" value="{{ SETTING.get('ldap_uri') }}">
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="ldap_base_dn">LDAP Base DN</label>
|
|
<input type="text" class="form-control" name="ldap_base_dn" id="ldap_base_dn" placeholder="e.g. dc=mydomain,dc=com" data-error="Please input LDAP Base DN" value="{{ SETTING.get('ldap_base_dn') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div id="ldap_openldap_fields">
|
|
<div class="form-group">
|
|
<label for="ldap_admin_username">LDAP admin username</label>
|
|
<input type="text" class="form-control" name="ldap_admin_username" id="ldap_admin_username" placeholder="e.g. cn=admin,dc=mydomain,dc=com" data-error="Please input LDAP admin username" value="{{ SETTING.get('ldap_admin_username') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="ldap_admin_password">LDAP admin password</label>
|
|
<input type="password" class="form-control" name="ldap_admin_password" id="ldap_admin_password" placeholder="LDAP Admin password" data-error="Please input LDAP admin password" value="{{ SETTING.get('ldap_admin_password') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</div>
|
|
<div id="ldap_ad_fields">
|
|
<div class="form-group">
|
|
<label for="ldap_domain">Active Directory domain</label>
|
|
<input type="text" class="form-control" name="ldap_domain" id="ldap_domain" placeholder="Active Directory domain" data-error="Please input Actve Directory domain value" value="{{ SETTING.get('ldap_domain') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</div>
|
|
</fieldset>
|
|
<fieldset>
|
|
<legend>FILTERS</legend>
|
|
<div class="form-group">
|
|
<label for="ldap_filter_basic">Basic filter</label>
|
|
<input type="text" class="form-control" name="ldap_filter_basic" id="ldap_filter_basic" placeholder="e.g. (objectClass=inetorgperson)" data-error="Please input LDAP filter" value="{{ SETTING.get('ldap_filter_basic') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="ldap_filter_username">Username field</label>
|
|
<input type="text" class="form-control" name="ldap_filter_username" id="ldap_filter_username" placeholder="e.g. uid" data-error="Please input field for username filtering" value="{{ SETTING.get('ldap_filter_username') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</fieldset>
|
|
<fieldset>
|
|
<legend>GROUP SECURITY</legend>
|
|
<div class="form-group">
|
|
<label>Status</label>
|
|
<div class="radio">
|
|
<label>
|
|
<input type="radio" name="ldap_sg_enabled" id="ldap_sg_off" value="OFF" {% if not SETTING.get('ldap_sg_enabled') %}checked{% endif %}> OFF
|
|
</label>
|
|
|
|
<label>
|
|
<input type="radio" name="ldap_sg_enabled" id="ldap_sg_on" value="ON" {% if SETTING.get('ldap_sg_enabled') %}checked{% endif %}> ON
|
|
</label>
|
|
</div>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="ldap_admin_group">Admin group</label>
|
|
<input type="text" class="form-control" name="ldap_admin_group" id="ldap_admin_group" placeholder="e.g. cn=sysops,dc=mydomain,dc=com" data-error="Please input LDAP DN for Admin group" value="{{ SETTING.get('ldap_admin_group') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="ldap_operator_group">Operator group</label>
|
|
<input type="text" class="form-control" name="ldap_operator_group" id="ldap_operator_group" placeholder="e.g. cn=operators,dc=mydomain,dc=com" data-error="Please input LDAP DN for Operator group" value="{{ SETTING.get('ldap_operator_group') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="ldap_user_group">User group</label>
|
|
<input type="text" class="form-control" name="ldap_user_group" id="ldap_user_group" placeholder="e.g. cn=users,dc=mydomain,dc=com" data-error="Please input LDAP DN for User group" value="{{ SETTING.get('ldap_user_group') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</fieldset>
|
|
<div class="form-group">
|
|
<button type="submit" class="btn btn-flat btn-primary">Save</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
<div class="col-md-8">
|
|
<legend>Help</legend>
|
|
<dl class="dl-horizontal">
|
|
<dt>Enable LDAP Authentication</dt>
|
|
<dd>Turn on / off the LDAP authentication.</dd>
|
|
<dt>Type</dt>
|
|
<dd>Select your current directory service type.
|
|
<ul>
|
|
<li>
|
|
OpenLDAP - Open source implementation of the Lightweight Directory Access Protocol.
|
|
</li>
|
|
<li>
|
|
Active Directory - Active Directory is a directory service that Microsoft developed for the Windows domain networks.
|
|
</li>
|
|
</ul>
|
|
</dd>
|
|
<dt>ADMINISTRATOR INFO</dt>
|
|
<dd>Your LDAP connection string and admin credential used by PDA to query user information.
|
|
<ul>
|
|
<li>
|
|
LDAP URI - The fully qualified domain names of your directory servers. (e.g. ldap://127.0.0.1:389)
|
|
</li>
|
|
<li>
|
|
LDAP Base DN - The point from where a PDA will search for users.
|
|
</li>
|
|
<li>
|
|
LDAP admin username - Your LDAP administrator user which has permission to query information in the Base DN above. Not needed for Active Directory authentication.
|
|
</li>
|
|
<li>
|
|
LDAP admin password - The password of LDAP administrator user. Not needed for Active Directory authentication.
|
|
</li>
|
|
<li>
|
|
Active Directory domain - Active Directory domain used.
|
|
</li>
|
|
</ul>
|
|
</dd>
|
|
<dt>FILTERS</dt>
|
|
<dd>Define how you want to filter your user in LDAP query.
|
|
<ul>
|
|
<li>
|
|
Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. <i>(objectClass=inetorgperson)</i> for OpenLDAP and <i>(objectClass=organizationalPerson)</i> for Active Directory)
|
|
</li>
|
|
<li>
|
|
Username field - The field PDA will look for user's username. (e.g. <i>uid</i> for OpenLDAP and <i>sAMAccountName</i> for Active Directory)
|
|
</li>
|
|
</ul>
|
|
</dd>
|
|
<dt>GROUP SECURITY</dt>
|
|
<dd>User can be assigned to PDA's User or Admin group by matching following LDAP Group.
|
|
<ul>
|
|
<li>
|
|
Status - Turn on / off group security feature.
|
|
</li>
|
|
<li>
|
|
Admin group - Your LDAP admin group.
|
|
</li>
|
|
<li>
|
|
Operator group - Your LDAP operator group.
|
|
</li>
|
|
<li>
|
|
User group - Your LDAP user group.
|
|
</li>
|
|
</ul>
|
|
</dd>
|
|
</dl>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="tab-pane" id="tabs-google">
|
|
<div class="row">
|
|
<div class="col-md-4">
|
|
<form role="form" method="post" data-toggle="validator">
|
|
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
|
|
<input type="hidden" value="google" name="config_tab" />
|
|
<fieldset>
|
|
<legend>GENERAL</legend>
|
|
<div class="form-group">
|
|
<input type="checkbox" id="google_oauth_enabled" name="google_oauth_enabled" class="checkbox" {% if SETTING.get('google_oauth_enabled') %}checked{% endif %}>
|
|
<label for="google_oauth_enabled">Enable Google OAuth</label>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="google_oauth_client_id">Client ID</label>
|
|
<input type="text" class="form-control" name="google_oauth_client_id" id="google_oauth_client_id" placeholder="Google OAuth client ID" data-error="Please input Client ID" value="{{ SETTING.get('google_oauth_client_id') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="google_oauth_client_secret">Client secret</label>
|
|
<input type="text" class="form-control" name="google_oauth_client_secret" id="google_oauth_client_secret" placeholder="Google OAuth client secret" data-error="Please input Client secret" value="{{ SETTING.get('google_oauth_client_secret') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</fieldset>
|
|
<fieldset>
|
|
<legend>ADVANCE</legend>
|
|
<div class="form-group">
|
|
<label for="google_token_url">Token URL</label>
|
|
<input type="text" class="form-control" name="google_token_url" id="google_token_url" placeholder="e.g. https://accounts.google.com/o/oauth2/token" data-error="Please input token URL" value="{{ SETTING.get('google_token_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="google_oauth_scope">Scope</label>
|
|
<input type="text" class="form-control" name="google_oauth_scope" id="google_oauth_scope" placeholder="e.g. email profile" data-error="Please input scope" value="{{ SETTING.get('google_oauth_scope') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="google_authorize_url">Authorize URL</label>
|
|
<input type="text" class="form-control" name="google_authorize_url" id="google_authorize_url" placeholder="e.g. https://accounts.google.com/o/oauth2/auth" data-error="Please input Authorize URL" value="{{ SETTING.get('google_authorize_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="google_base_url">Base URL</label>
|
|
<input type="text" class="form-control" name="google_base_url" id="google_base_url" placeholder="e.g. https://www.googleapis.com/oauth2/v1/" data-error="Please input base URL" value="{{ SETTING.get('google_base_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</fieldset>
|
|
<div class="form-group">
|
|
<button type="submit" class="btn btn-flat btn-primary">Save</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
<div class="col-md-8">
|
|
<legend>Help</legend>
|
|
<p>Fill in all the fields in the left form.</p>
|
|
<p>Make sure you add PDA redirection URI (e.g http://localhost:9191/google/authorized) to your Google App Credentials Restriction.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="tab-pane" id="tabs-github">
|
|
<div class="row">
|
|
<div class="col-md-4">
|
|
<form role="form" method="post" data-toggle="validator">
|
|
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
|
|
<input type="hidden" value="github" name="config_tab" />
|
|
<fieldset>
|
|
<legend>GENERAL</legend>
|
|
<div class="form-group">
|
|
<input type="checkbox" id="github_oauth_enabled" name="github_oauth_enabled" class="checkbox" {% if SETTING.get('github_oauth_enabled') %}checked{% endif %}>
|
|
<label for="github_oauth_enabled">Enable Github OAuth</label>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="github_oauth_key">Client key</label>
|
|
<input type="text" class="form-control" name="github_oauth_key" id="github_oauth_key" placeholder="Github OAuth client ID" data-error="Please input Client key" value="{{ SETTING.get('github_oauth_key') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="github_oauth_secret">Client secret</label>
|
|
<input type="text" class="form-control" name="github_oauth_secret" id="github_oauth_secret" placeholder="Github OAuth client secret" data-error="Please input Client secret" value="{{ SETTING.get('github_oauth_secret') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</fieldset>
|
|
<fieldset>
|
|
<legend>ADVANCE</legend>
|
|
<div class="form-group">
|
|
<label for="github_oauth_scope">Scope</label>
|
|
<input type="text" class="form-control" name="github_oauth_scope" id="github_oauth_scope" placeholder="e.g. email" data-error="Please input scope" value="{{ SETTING.get('github_oauth_scope') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="github_oauth_api_url">API URL</label>
|
|
<input type="text" class="form-control" name="github_oauth_api_url" id="github_oauth_api_url" placeholder="e.g. https://api.github.com/user" data-error="Please input API URL" value="{{ SETTING.get('github_oauth_api_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="github_oauth_token_url">Token URL</label>
|
|
<input type="text" class="form-control" name="github_oauth_token_url" id="github_oauth_token_url" placeholder="e.g. https://github.com/login/oauth/access_token" data-error="Please input Token URL" value="{{ SETTING.get('github_oauth_token_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="github_oauth_authorize_url">Authorize URL</label>
|
|
<input type="text" class="form-control" name="github_oauth_authorize_url" id="github_oauth_authorize_url" placeholder="e.g. https://github.com/login/oauth/authorize" data-error="Plesae input Authorize URL" value="{{ SETTING.get('github_oauth_authorize_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</fieldset>
|
|
<div class="form-group">
|
|
<button type="submit" class="btn btn-flat btn-primary">Save</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
<div class="col-md-8">
|
|
<legend>Help</legend>
|
|
<p>Fill in all the fields in the left form.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="tab-pane" id="tabs-azure">
|
|
<div class="row">
|
|
<div class="col-md-4">
|
|
<form role="form" method="post" data-toggle="validator">
|
|
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
|
|
<input type="hidden" value="azure" name="config_tab" />
|
|
<fieldset>
|
|
<legend>GENERAL</legend>
|
|
<div class="form-group">
|
|
<input type="checkbox" id="azure_oauth_enabled" name="azure_oauth_enabled" class="checkbox" {% if SETTING.get('azure_oauth_enabled') %}checked{% endif %}>
|
|
<label for="azure_oauth_enabled">Enable Microsoft Azure OAuth</label>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="azure_oauth_key">Client key</label>
|
|
<input type="text" class="form-control" name="azure_oauth_key" id="azure_oauth_key" placeholder="Azure OAuth client ID" data-error="Please input Client key" value="{{ SETTING.get('azure_oauth_key') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="azure_oauth_secret">Client secret</label>
|
|
<input type="text" class="form-control" name="azure_oauth_secret" id="azure_oauth_secret" placeholder="Azure OAuth client secret" data-error="Please input Client secret" value="{{ SETTING.get('azure_oauth_secret') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</fieldset>
|
|
<fieldset>
|
|
<legend>ADVANCE</legend>
|
|
<div class="form-group">
|
|
<label for="azure_oauth_scope">Scope</label>
|
|
<input type="text" class="form-control" name="azure_oauth_scope" id="azure_oauth_scope" placeholder="e.g. email" data-error="Please input scope - e.g. User.Read" value="{{ SETTING.get('azure_oauth_scope') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="azure_oauth_api_url">API URL</label>
|
|
<input type="text" class="form-control" name="azure_oauth_api_url" id="azure_oauth_api_url" placeholder="e.g. https://graph.microsoft.com/v1.0/" data-error="Please input API URL" value="{{ SETTING.get('azure_oauth_api_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="azure_oauth_token_url">Token URL</label>
|
|
<input type="text" class="form-control" name="azure_oauth_token_url" id="azure_oauth_token_url" placeholder="e.g. https://login.microsoftonline.com/[tenancyID]/oauth2/v2.0/token" data-error="Please input Token URL" value="{{ SETTING.get('azure_oauth_token_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="azure_oauth_authorize_url">Authorize URL</label>
|
|
<input type="text" class="form-control" name="azure_oauth_authorize_url" id="azure_oauth_authorize_url" placeholder="e.g. https://login.microsoftonline.com/[tenancyID]/oauth2/v2.0/authorize" data-error="Please input Authorize URL" value="{{ SETTING.get('azure_oauth_authorize_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</fieldset>
|
|
<div class="form-group">
|
|
<button type="submit" class="btn btn-flat btn-primary">Save</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
<div class="col-md-8">
|
|
<legend>Help</legend>
|
|
<p>Fill in all the fields in the left form.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="tab-pane" id="tabs-oidc">
|
|
<div class="row">
|
|
<div class="col-md-4">
|
|
<form role="form" method="post" data-toggle="validator">
|
|
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
|
|
<input type="hidden" value="oidc" name="config_tab" />
|
|
<fieldset>
|
|
<legend>GENERAL</legend>
|
|
<div class="form-group">
|
|
<input type="checkbox" id="oidc_oauth_enabled" name="oidc_oauth_enabled" class="checkbox" {% if SETTING.get('oidc_oauth_enabled') %}checked{% endif %}>
|
|
<label for="oidc_oauth_enabled">Enable OpenID Connect OAuth</label>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="oidc_oauth_key">Client key</label>
|
|
<input type="text" class="form-control" name="oidc_oauth_key" id="oidc_oauth_key" placeholder="OIDC OAuth client ID" data-error="Please input Client key" value="{{ SETTING.get('oidc_oauth_key') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="oidc_oauth_secret">Client secret</label>
|
|
<input type="text" class="form-control" name="oidc_oauth_secret" id="oidc_oauth_secret" placeholder="OIDC OAuth client secret" data-error="Please input Client secret" value="{{ SETTING.get('oidc_oauth_secret') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</fieldset>
|
|
<fieldset>
|
|
<legend>ADVANCE</legend>
|
|
<div class="form-group">
|
|
<label for="oidc_oauth_scope">Scope</label>
|
|
<input type="text" class="form-control" name="oidc_oauth_scope" id="oidc_oauth_scope" placeholder="e.g. email" data-error="Please input scope" value="{{ SETTING.get('oidc_oauth_scope') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="oidc_oauth_api_url">API URL</label>
|
|
<input type="text" class="form-control" name="oidc_oauth_api_url" id="oidc_oauth_api_url" placeholder="e.g. https://api.oidc.com/user" data-error="Please input API URL" value="{{ SETTING.get('oidc_oauth_api_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="oidc_oauth_token_url">Token URL</label>
|
|
<input type="text" class="form-control" name="oidc_oauth_token_url" id="oidc_oauth_token_url" placeholder="e.g. https://oidc.com/login/oauth/access_token" data-error="Please input Token URL" value="{{ SETTING.get('oidc_oauth_token_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="oidc_oauth_authorize_url">Authorize URL</label>
|
|
<input type="text" class="form-control" name="oidc_oauth_authorize_url" id="oidc_oauth_authorize_url" placeholder="e.g. https://oidc.com/login/oauth/authorize" data-error="Plesae input Authorize URL" value="{{ SETTING.get('oidc_oauth_authorize_url') }}">
|
|
<span class="help-block with-errors"></span>
|
|
</div>
|
|
</fieldset>
|
|
<div class="form-group">
|
|
<button type="submit" class="btn btn-flat btn-primary">Save</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
<div class="col-md-8">
|
|
<legend>Help</legend>
|
|
<p>Fill in all the fields in the left form.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</section>
|
|
{% endblock %}
|
|
{% block extrascripts %}
|
|
{% assets "js_validation" -%}
|
|
<script type="text/javascript" src="{{ ASSET_URL }}"></script>
|
|
{%- endassets %}
|
|
|
|
<script>
|
|
|
|
$(function() {
|
|
$('#tabs').tabs({
|
|
// add url anchor tags
|
|
activate: function(event, ui) {
|
|
window.location.hash = ui.newPanel.attr('id');
|
|
}
|
|
});
|
|
// re-set active tab (ui)
|
|
var activeTabIdx = $('#tabs').tabs('option','active');
|
|
$('#tabs li:eq('+activeTabIdx+')').tab('show')
|
|
});
|
|
|
|
// START: General tab js
|
|
$('#local_db_enabled').iCheck({
|
|
checkboxClass : 'icheckbox_square-blue',
|
|
increaseArea : '20%'
|
|
})
|
|
|
|
$('#signup_enabled').iCheck({
|
|
checkboxClass : 'icheckbox_square-blue',
|
|
increaseArea : '20%'
|
|
})
|
|
// END: General tab js
|
|
|
|
// START: LDAP tab js
|
|
// update validation requirement when checkbox is togged
|
|
$('#ldap_enabled').iCheck({
|
|
checkboxClass : 'icheckbox_square-blue',
|
|
increaseArea : '20%'
|
|
}).on('ifChanged', function(e) {
|
|
var is_enabled = e.currentTarget.checked;
|
|
if (is_enabled){
|
|
$('#ldap_uri').prop('required', true);
|
|
$('#ldap_base_dn').prop('required', true);
|
|
if ($('#ldap').is(":checked") ) {
|
|
$('#ldap_admin_username').prop('required', true);
|
|
$('#ldap_admin_password').prop('required', true);
|
|
$('#ldap_domain').prop('required', false);
|
|
} else {
|
|
$('#ldap_admin_username').prop('required', false);
|
|
$('#ldap_admin_password').prop('required', false);
|
|
$('#ldap_domain').prop('required', true);
|
|
}
|
|
$('#ldap_filter_basic').prop('required', true);
|
|
$('#ldap_filter_username').prop('required', true);
|
|
|
|
if ($('#ldap_sg_on').is(":checked")) {
|
|
$('#ldap_admin_group').prop('required', true);
|
|
$('#ldap_operator_group').prop('required', true);
|
|
$('#ldap_user_group').prop('required', true);
|
|
}
|
|
|
|
} else {
|
|
$('#ldap_uri').prop('required', false);
|
|
$('#ldap_base_dn').prop('required', false);
|
|
$('#ldap_admin_username').prop('required', false);
|
|
$('#ldap_admin_password').prop('required', false);
|
|
$('#ldap_filter_basic').prop('required', false);
|
|
$('#ldap_filter_username').prop('required', false);
|
|
|
|
if ($('#ldap_sg_on').is(":checked")) {
|
|
$('#ldap_admin_group').prop('required', false);
|
|
$('#ldap_operator_group').prop('required', false);
|
|
$('#ldap_user_group').prop('required', false);
|
|
}
|
|
}
|
|
});
|
|
|
|
$("input[name='ldap_sg_enabled']" ).change(function(){
|
|
if ($('#ldap_sg_on').is(":checked") && $('#ldap_enabled').is(":checked")) {
|
|
$('#ldap_admin_group').prop('required', true);
|
|
$('#ldap_operator_group').prop('required', true);
|
|
$('#ldap_user_group').prop('required', true);
|
|
} else {
|
|
$('#ldap_admin_group').prop('required', false);
|
|
$('#ldap_operator_group').prop('required', false);
|
|
$('#ldap_user_group').prop('required', false);
|
|
}
|
|
});
|
|
|
|
$("input[name='ldap_type']" ).change(function(){
|
|
if ($('#ldap').is(":checked") && $('#ldap_enabled').is(":checked")) {
|
|
$('#ldap_admin_group').prop('required', true);
|
|
$('#ldap_operator_group').prop('required', true);
|
|
$('#ldap_user_group').prop('required', true);
|
|
$('#ldap_domain').prop('required', false);
|
|
} else {
|
|
$('#ldap_admin_group').prop('required', false);
|
|
$('#ldap_operator_group').prop('required', false);
|
|
$('#ldap_user_group').prop('required', false);
|
|
$('#ldap_domain').prop('required', true);
|
|
}
|
|
});
|
|
|
|
// init validation requirement at first time page load
|
|
{% if SETTING.get('ldap_enabled') %}
|
|
$('#ldap_uri').prop('required', true);
|
|
$('#ldap_base_dn').prop('required', true);
|
|
if ($('#ldap').is(":checked") ) {
|
|
$('#ldap_admin_username').prop('required', true);
|
|
$('#ldap_admin_password').prop('required', true);
|
|
$('#ldap_domain').prop('required', false);
|
|
} else {
|
|
$('#ldap_admin_username').prop('required', false);
|
|
$('#ldap_admin_password').prop('required', false);
|
|
$('#ldap_domain').prop('required', true);
|
|
}
|
|
$('#ldap_filter_basic').prop('required', true);
|
|
$('#ldap_filter_username').prop('required', true);
|
|
|
|
if ($('#ldap_sg_on').is(":checked")) {
|
|
$('#ldap_admin_group').prop('required', true);
|
|
$('#ldap_operator_group').prop('required', true);
|
|
$('#ldap_user_group').prop('required', true);
|
|
}
|
|
{% endif %}
|
|
// END: LDAP tab js
|
|
|
|
// START: Google tab js
|
|
// update validation requirement when checkbox is togged
|
|
$('#google_oauth_enabled').iCheck({
|
|
checkboxClass : 'icheckbox_square-blue',
|
|
increaseArea : '20%'
|
|
}).on('ifChanged', function(e) {
|
|
var is_enabled = e.currentTarget.checked;
|
|
if (is_enabled){
|
|
$('#google_oauth_client_id').prop('required', true);
|
|
$('#google_oauth_client_secret').prop('required', true);
|
|
$('#google_token_url').prop('required', true);
|
|
$('#google_oauth_scope').prop('required', true);
|
|
$('#google_authorize_url').prop('required', true);
|
|
$('#google_base_url').prop('required', true);
|
|
} else {
|
|
$('#google_oauth_client_id').prop('required', false);
|
|
$('#google_oauth_client_secret').prop('required', false);
|
|
$('#google_token_url').prop('required', false);
|
|
$('#google_oauth_scope').prop('required', false);
|
|
$('#google_authorize_url').prop('required', false);
|
|
$('#google_base_url').prop('required', false);
|
|
}
|
|
});
|
|
|
|
// init validation requirement at first time page load
|
|
{% if SETTING.get('google_oauth_enabled') %}
|
|
$('#google_oauth_client_id').prop('required', true);
|
|
$('#google_oauth_client_secret').prop('required', true);
|
|
$('#google_token_url').prop('required', true);
|
|
$('#google_oauth_scope').prop('required', true);
|
|
$('#google_authorize_url').prop('required', true);
|
|
$('#google_base_url').prop('required', true);
|
|
{% endif %}
|
|
// END: Google tab js
|
|
|
|
// START: Github tab js
|
|
// update validation requirement when checkbox is togged
|
|
$('#github_oauth_enabled').iCheck({
|
|
checkboxClass : 'icheckbox_square-blue',
|
|
increaseArea : '20%'
|
|
}).on('ifChanged', function(e) {
|
|
var is_enabled = e.currentTarget.checked;
|
|
if (is_enabled){
|
|
$('#github_oauth_key').prop('required', true);
|
|
$('#github_oauth_secret').prop('required', true);
|
|
$('#github_oauth_scope').prop('required', true);
|
|
$('#github_oauth_api_url').prop('required', true);
|
|
$('#github_oauth_token_url').prop('required', true);
|
|
$('#github_oauth_authorize_url').prop('required', true);
|
|
} else {
|
|
$('#github_oauth_key').prop('required', false);
|
|
$('#github_oauth_secret').prop('required', false);
|
|
$('#github_oauth_scope').prop('required', false);
|
|
$('#github_oauth_api_url').prop('required', false);
|
|
$('#github_oauth_token_url').prop('required', false);
|
|
$('#github_oauth_authorize_url').prop('required', false);
|
|
}
|
|
});
|
|
// init validation requirement at first time page load
|
|
{% if SETTING.get('github_oauth_enabled') %}
|
|
$('#github_oauth_key').prop('required', true);
|
|
$('#github_oauth_secret').prop('required', true);
|
|
$('#github_oauth_scope').prop('required', true);
|
|
$('#github_oauth_api_url').prop('required', true);
|
|
$('#github_oauth_token_url').prop('required', true);
|
|
$('#github_oauth_authorize_url').prop('required', true);
|
|
{% endif %}
|
|
// END: Github tab js
|
|
|
|
// START: Azure tab js
|
|
// update validation requirement when checkbox is togged
|
|
$('#azure_oauth_enabled').iCheck({
|
|
checkboxClass : 'icheckbox_square-blue',
|
|
increaseArea : '20%'
|
|
}).on('ifChanged', function(e) {
|
|
var is_enabled = e.currentTarget.checked;
|
|
if (is_enabled){
|
|
$('#azure_oauth_key').prop('required', true);
|
|
$('#azure_oauth_secret').prop('required', true);
|
|
$('#azure_oauth_scope').prop('required', true);
|
|
$('#azure_oauth_api_url').prop('required', true);
|
|
$('#azure_oauth_token_url').prop('required', true);
|
|
$('#azure_oauth_authorize_url').prop('required', true);
|
|
} else {
|
|
$('#azure_oauth_key').prop('required', false);
|
|
$('#azure_oauth_secret').prop('required', false);
|
|
$('#azure_oauth_scope').prop('required', false);
|
|
$('#azure_oauth_api_url').prop('required', false);
|
|
$('#azure_oauth_token_url').prop('required', false);
|
|
$('#azure_oauth_authorize_url').prop('required', false);
|
|
}
|
|
});
|
|
// init validation requirement at first time page load
|
|
{% if SETTING.get('azure_oauth_enabled') %}
|
|
$('#azure_oauth_key').prop('required', true);
|
|
$('#azure_oauth_secret').prop('required', true);
|
|
$('#azure_oauth_scope').prop('required', true);
|
|
$('#azure_oauth_api_url').prop('required', true);
|
|
$('#azure_oauth_token_url').prop('required', true);
|
|
$('#azure_oauth_authorize_url').prop('required', true);
|
|
{% endif %}
|
|
// END: Azure tab js
|
|
|
|
// START: OIDC tab js
|
|
$('#oidc_oauth_enabled').iCheck({
|
|
checkboxClass : 'icheckbox_square-blue',
|
|
increaseArea : '20%'
|
|
}).on('ifChanged', function(e) {
|
|
var is_enabled = e.currentTarget.checked;
|
|
if (is_enabled){
|
|
$('#oidc_oauth_key').prop('required', true);
|
|
$('#oidc_oauth_secret').prop('required', true);
|
|
$('#oidc_oauth_scope').prop('required', true);
|
|
$('#oidc_oauth_api_url').prop('required', true);
|
|
$('#oidc_oauth_token_url').prop('required', true);
|
|
$('#oidc_oauth_authorize_url').prop('required', true);
|
|
} else {
|
|
$('#oidc_oauth_key').prop('required', false);
|
|
$('#oidc_oauth_secret').prop('required', false);
|
|
$('#oidc_oauth_scope').prop('required', false);
|
|
$('#oidc_oauth_api_url').prop('required', false);
|
|
$('#oidc_oauth_token_url').prop('required', false);
|
|
$('#oidc_oauth_authorize_url').prop('required', false);
|
|
}
|
|
});
|
|
// init validation requirement at first time page load
|
|
{% if SETTING.get('oidc_oauth_enabled') %}
|
|
$('#oidc_oauth_key').prop('required', true);
|
|
$('#oidc_oauth_secret').prop('required', true);
|
|
$('#oidc_oauth_scope').prop('required', true);
|
|
$('#oidc_oauth_api_url').prop('required', true);
|
|
$('#oidc_oauth_token_url').prop('required', true);
|
|
$('#oidc_oauth_authorize_url').prop('required', true);
|
|
{% endif %}
|
|
//END: OIDC Tab JS
|
|
|
|
</script>
|
|
{% endblock %}
|