[pve-devel] [PATCH manager 1/1] fix #4281: manager: Enabled logging in with Open ID

From: Alexander Abraham <a.abraham@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH manager 1/1] fix #4281: manager: Enabled logging in with Open ID
Date: Tue, 29 Apr 2025 17:07:57 +0200	[thread overview]
Message-ID: <20250429150757.130996-4-a.abraham@proxmox.com> (raw)
In-Reply-To: <20250429150757.130996-1-a.abraham@proxmox.com>

This commit adds an authorization flow for logging
in a user using Open ID on the PVE web frontend in
the mobile view.

Signed-off-by: Alexander Abraham <a.abraham@proxmox.com>
---
 www/mobile/Login.js | 148 ++++++++++++++++++++++++++++++++++----------
 1 file changed, 116 insertions(+), 32 deletions(-)

diff --git a/www/mobile/Login.js b/www/mobile/Login.js
index 06c8b3d4..05038036 100644
--- a/www/mobile/Login.js
+++ b/www/mobile/Login.js
@@ -1,8 +1,10 @@
+/ https://git.proxmox.com/?p=pve-manager.git;a=blob;f=www/manager6/Workspace.js;h=922e01df86718e8fc89ce5835f81d21f6d849b81;hb=HEAD
+
 Ext.define('PVE.Login', {
     extend: 'Ext.form.Panel',
     alias: "widget.pveLogin",
-
-    handleTFA: function(username, ticketResponse) {
+    id: 'loginFormPanel',
+       handleTFA: function(username, ticketResponse) {
 	let me = this;
 	let errlabel = me.down('#signInFailedLabel');
 
@@ -32,8 +34,7 @@ Ext.define('PVE.Login', {
 		    } else {
 			me.mask({
 			    xtype: 'loadmask',
-			    message: 'Loading...',
-			});
+			    message: 'Loading...', });
 			Proxmox.Utils.API2Request({
 			    url: '/api2/extjs/access/ticket',
 			    params: {
@@ -57,16 +58,16 @@ Ext.define('PVE.Login', {
 				Proxmox.Utils.authClear();
 				errlabel.show();
 			    },
-			});
+			})
 		    }
 		},
 	    });
 	}
     },
-
     config: {
 	title: 'Login',
 	padding: 10,
+        itemId: 'loginForm',
 	appUrl: 'login',
 	items: [
 	    {
@@ -78,7 +79,7 @@ Ext.define('PVE.Login', {
 	    {
 	        xtype: 'fieldset',
 	        title: 'Proxmox VE Login',
-	        items: [
+	        items:[
 	            {
 	                xtype: 'textfield',
 	                placeHolder: gettext('User name'),
@@ -97,8 +98,19 @@ Ext.define('PVE.Login', {
 			xtype: 'pveRealmSelector',
 	                itemId: 'realmSelectorField',
 			name: 'realm',
+                        listeners: {
+                          change: function(field, newValue){
+                            let record = field.record;
+                            let realmType = record.data.type;
+                            let currForm = this.up("formpanel");
+                            let usernameField = currForm.down("#userNameTextField");
+                            let passwordField = currForm.down("#passwordTextField");
+                            usernameField.setHidden(realmType === "openid");
+                            passwordField.setHidden(realmType === "openid");
+                          }                        
+                        }
 		    },
-	        ],
+	          ],
 	    },
 	    {
 	        xtype: 'label',
@@ -124,35 +136,107 @@ Ext.define('PVE.Login', {
 
 		    errlabel.hide();
 
+                    
 		    var username = usernameField.getValue();
 	            var password = passwordField.getValue();
-	            var realm = realmField.getValue();
+ 	            var realm = realmField.getValue();
 
-		    Proxmox.Utils.API2Request({
-			url: '/access/ticket',
-			method: 'POST',
-			waitMsgTarget: form,
-			params: { username: username, password: password, realm: realm },
-			failure: function(response, options) {
-			    errlabel.show();
-			},
-			success: function(response, options) {
-			    passwordField.setValue('');
 
-			    let data = response.result.data;
-			    if (Ext.isDefined(data.NeedTFA)) {
-				form.handleTFA(username, data);
-			    } else {
-				PVE.Workspace.updateLoginData(data);
-			    }
-			},
-		    });
-		},
-	    },
-	],
-    },
-});
+                    if (realmField.record.data.type === "openid"){
+                      const redirectUrl = location.origin;
+                      const realmName = realmField.record.data.realm;
+                      Proxmox.Utils.API2Request(
+                        {
+                          url: '/access/openid/auth-url',
+                          method: 'POST',
+                          waitMsgTarget: form,
+                          params: {
+                            realm: realmName,
+                            "redirect-url": redirectUrl
+                          },
+                          success: (resp, opts) => {
+                            window.location = resp.result.data;
+                          },
+                          failure: (resp, opts) => {
+                            Proxmox.Utils.authClear();
+                            form.unmask();
+                            Ext.Msg.alert(
+                               gettext('Error'),
+                               gettext('OpenID redirect failed.') + `<br>${resp.htmlStatus}`,
+                            );
+                          }
+                        }
+                      );
+                      return;
+                    }
+                    else {
+		      Proxmox.Utils.API2Request({
+			  url: '/access/ticket',
+			  method: 'POST',
+			  waitMsgTarget: form,
+			  params: { username: username, password: password, realm: realm },
+			  failure: function(response, options) {
+			      errlabel.show();
+			  },
+			  success: function(response, options) {
+			      passwordField.setValue('');
 
+			      let data = response.result.data;
+			      if (Ext.isDefined(data.NeedTFA)) {
+			  	  form.handleTFA(username, data);
+			      } else {
+				  PVE.Workspace.updateLoginData(data);
+			      }
+                           },
+                      });
+                    }
+                 },
+              },
+          ],
+      },
+      show: function(){
+      let auth = Proxmox.Utils.getOpenIDRedirectionAuthorization();
+      let lForm = this.callParent();
+      if (auth !== undefined){
+        let state = auth.state;
+        let code = auth.code;
+        Proxmox.Utils.authClear()
+        lForm.setMasked(
+          {
+            xtype: 'loadmask',
+            message: gettext('OpenID login - please wait..')
+          }
+        );
+        const redirectUrl = location.origin;
+        Proxmox.Utils.API2Request({
+          url: '/access/openid/login',
+          params: {
+            "state": auth.state,
+            "code": auth.code,
+            "redirect-url": redirectUrl,
+          },
+         method: 'POST',
+          failure: function(response) {
+            lForm.unmask();
+            let error = response.htmlStatus;
+            Ext.Msg.alert(
+              gettext('Error'),
+              gettext('OpenID login failed, please try again') + `<br>${error}`,
+              () => { window.location = redirectUrl; },
+            );
+          },
+          success: function(response, options) {
+            lForm.unmask();
+            let data = response.result.data;
+            history.replaceState(null, '', redirectUrl);
+            lForm.success(data)
+            PVE.Workspace.updateLoginData(data);
+          },
+        });
+      }
+    }
+}); 
+   
 Ext.define('PVE.field.TFACode', {
     extend: 'Ext.field.Text',
     xtype: 'tfacode',
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

