* [pdm-devel] [PATCH yew-comp 1/1] user panel: add a parameter to set the current product's realm
2026-01-12 12:24 [pdm-devel] [PATCH datacenter-manager/yew-comp 0/4] fix adding users manually for openid/ldap/ad realms Shannon Sterz
@ 2026-01-12 12:24 ` Shannon Sterz
2026-01-12 12:24 ` [pdm-devel] [PATCH datacenter-manager 1/3] fix #7182: server: auth: add dummy openid authenticator Shannon Sterz
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Shannon Sterz @ 2026-01-12 12:24 UTC (permalink / raw)
To: pdm-devel
so that password and confirm password fields can be ommitted
appropriatelly when adding users and the "change password" button is
disabled appropriatelly.
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
src/user_panel.rs | 33 ++++++++++++++++++++++++++-------
1 file changed, 26 insertions(+), 7 deletions(-)
diff --git a/src/user_panel.rs b/src/user_panel.rs
index c6d0b56..547fdfe 100644
--- a/src/user_panel.rs
+++ b/src/user_panel.rs
@@ -4,7 +4,9 @@ use std::rc::Rc;
use anyhow::Error;
use proxmox_client::ApiResponseData;
+use pwt_macros::builder;
use serde_json::Value;
+use yew::html::IntoPropValue;
use proxmox_access_control::types::UserWithTokens;
use proxmox_auth_api::types::Username;
@@ -89,7 +91,13 @@ async fn update_user(form_ctx: FormContext) -> Result<(), Error> {
}
#[derive(PartialEq, Properties)]
-pub struct UserPanel {}
+#[builder]
+pub struct UserPanel {
+ /// The realm of the current product. For example: "pdm"
+ #[builder(IntoPropValue, into_prop_value)]
+ #[prop_or_default]
+ product_realm: Option<AttrValue>,
+}
impl Default for UserPanel {
fn default() -> Self {
@@ -99,7 +107,7 @@ impl Default for UserPanel {
impl UserPanel {
pub fn new() -> Self {
- Self {}
+ yew::props!(Self {})
}
}
@@ -119,6 +127,7 @@ pub struct ProxmoxUserPanel {
state: LoadableComponentState<ViewState>,
store: Store<UserWithTokens>,
selection: Selection,
+ product_realm: Option<AttrValue>,
}
pwt::impl_deref_mut_property!(ProxmoxUserPanel, state, LoadableComponentState<ViewState>);
@@ -154,6 +163,7 @@ impl LoadableComponent for ProxmoxUserPanel {
state: LoadableComponentState::new(),
store,
selection,
+ product_realm: ctx.props().product_realm.clone(),
}
}
@@ -180,7 +190,11 @@ impl LoadableComponent for ProxmoxUserPanel {
let no_selection = self.selection.is_empty();
let disable_change_password = self
.get_selected_user()
- .map(|user| user.user.userid.realm().as_str() == "pam")
+ .and_then(|user| {
+ self.product_realm
+ .as_ref()
+ .map(|p| p != user.user.userid.realm().as_str())
+ })
.unwrap_or(no_selection);
let toolbar = Toolbar::new()
@@ -279,8 +293,9 @@ impl ProxmoxUserPanel {
}
fn create_add_dialog(&self, ctx: &LoadableComponentContext<Self>) -> Html {
+ let product_realm = self.product_realm.clone();
EditWindow::new(tr!("Add") + ": " + &tr!("User"))
- .renderer(add_user_input_panel)
+ .renderer(move |form_ctx| add_user_input_panel(form_ctx, &product_realm))
.on_submit(create_user)
.on_done(ctx.link().change_view_callback(|_| None))
.on_change(check_confirm_password)
@@ -484,8 +499,12 @@ fn password_change_input_panel(_form_ctx: &FormContext) -> Html {
.into()
}
-fn add_user_input_panel(form_ctx: &FormContext) -> Html {
- let is_pam = form_ctx.read().get_field_text("realm") == "pam";
+fn add_user_input_panel(form_ctx: &FormContext, product_realm: &Option<AttrValue>) -> Html {
+ let realm = form_ctx.read().get_field_text("realm");
+ let is_product_realm = product_realm
+ .as_deref()
+ .map(|p| p == realm)
+ .unwrap_or_default();
let mut panel = InputPanel::new()
.padding(4)
@@ -506,7 +525,7 @@ fn add_user_input_panel(form_ctx: &FormContext) -> Html {
.submit(false),
);
- if !is_pam {
+ if is_product_realm {
panel = panel
.with_field(
tr!("Password"),
--
2.47.3
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
^ permalink raw reply [flat|nested] 5+ messages in thread* [pdm-devel] [PATCH datacenter-manager 1/3] fix #7182: server: auth: add dummy openid authenticator
2026-01-12 12:24 [pdm-devel] [PATCH datacenter-manager/yew-comp 0/4] fix adding users manually for openid/ldap/ad realms Shannon Sterz
2026-01-12 12:24 ` [pdm-devel] [PATCH yew-comp 1/1] user panel: add a parameter to set the current product's realm Shannon Sterz
@ 2026-01-12 12:24 ` Shannon Sterz
2026-01-12 12:24 ` [pdm-devel] [PATCH datacenter-manager 2/3] ui: run cargo fmt Shannon Sterz
2026-01-12 12:24 ` [pdm-devel] [PATCH datacenter-manager 3/3] ui: set prodcut realm so that the add user dialogs are rendered properly Shannon Sterz
3 siblings, 0 replies; 5+ messages in thread
From: Shannon Sterz @ 2026-01-12 12:24 UTC (permalink / raw)
To: pdm-devel
when manually adding users from an openid realm, the api checks
whether the realm exists. so at least a dummy implementation is needed
here.
Fixes: https://bugzilla.proxmox.com/show_bug.cgi?id=7182
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
server/src/auth/mod.rs | 61 ++++++++++++++++++++++++++++++++++--------
1 file changed, 50 insertions(+), 11 deletions(-)
diff --git a/server/src/auth/mod.rs b/server/src/auth/mod.rs
index 82425e8..312ed72 100644
--- a/server/src/auth/mod.rs
+++ b/server/src/auth/mod.rs
@@ -16,10 +16,10 @@ use proxmox_auth_api::types::Authid;
use proxmox_auth_api::{HMACKey, Keyring};
use proxmox_ldap::types::{AdRealmConfig, LdapRealmConfig};
use proxmox_rest_server::AuthError;
-use proxmox_router::UserInformation;
+use proxmox_router::{http_bail, UserInformation};
use proxmox_tfa::api::{OpenUserChallengeData, TfaConfig};
-use pdm_api_types::{RealmRef, Userid};
+use pdm_api_types::{OpenIdRealmConfig, RealmRef, Userid, UsernameRef};
pub mod certs;
pub mod csrf;
@@ -189,17 +189,17 @@ pub(crate) fn lookup_authenticator(
lock_filename: pdm_buildcfg::configdir!("/access/shadow.json.lock"),
})),
realm => {
- if let Ok((domains, _digest)) = pdm_config::domains::config() {
- if let Ok(config) = domains.lookup::<LdapRealmConfig>("ldap", realm) {
- return Ok(Box::new(LdapAuthenticator::new(config)));
- }
+ let (domains, _digest) = pdm_config::domains::config()?;
- if let Ok(config) = domains.lookup::<AdRealmConfig>("ad", realm) {
- return Ok(Box::new(AdAuthenticator::new(config)));
- }
+ if let Ok(config) = domains.lookup::<LdapRealmConfig>("ldap", realm) {
+ Ok(Box::new(LdapAuthenticator::new(config)))
+ } else if let Ok(config) = domains.lookup::<AdRealmConfig>("ad", realm) {
+ Ok(Box::new(AdAuthenticator::new(config)))
+ } else if domains.lookup::<OpenIdRealmConfig>("openid", realm).is_ok() {
+ Ok(Box::new(OpenIdAuthenticator()))
+ } else {
+ bail!("unknwon realm {realm}");
}
-
- bail!("unknwon realm {realm}");
}
}
}
@@ -234,3 +234,42 @@ impl LockedTfaConfig for PdmLockedTfaConfig {
tfa::write(&self.config)
}
}
+
+struct OpenIdAuthenticator();
+/// When a user is manually added, the lookup_authenticator is called to verify that
+/// the realm exists. Thus, it is necessary to have an (empty) implementation for
+/// OpendID as well.
+impl Authenticator for OpenIdAuthenticator {
+ fn authenticate_user<'a>(
+ &'a self,
+ _username: &'a UsernameRef,
+ _password: &'a str,
+ _client_ip: Option<&'a IpAddr>,
+ ) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'a>> {
+ Box::pin(async move {
+ http_bail!(
+ NOT_IMPLEMENTED,
+ "password authentication is not implemented for OpenID realms"
+ );
+ })
+ }
+
+ fn store_password(
+ &self,
+ _username: &UsernameRef,
+ _password: &str,
+ _client_ip: Option<&IpAddr>,
+ ) -> Result<(), Error> {
+ http_bail!(
+ NOT_IMPLEMENTED,
+ "storing passwords is not implemented for OpenID realms"
+ );
+ }
+
+ fn remove_password(&self, _username: &UsernameRef) -> Result<(), Error> {
+ http_bail!(
+ NOT_IMPLEMENTED,
+ "storing passwords is not implemented for OpenID realms"
+ );
+ }
+}
--
2.47.3
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
^ permalink raw reply [flat|nested] 5+ messages in thread* [pdm-devel] [PATCH datacenter-manager 2/3] ui: run cargo fmt
2026-01-12 12:24 [pdm-devel] [PATCH datacenter-manager/yew-comp 0/4] fix adding users manually for openid/ldap/ad realms Shannon Sterz
2026-01-12 12:24 ` [pdm-devel] [PATCH yew-comp 1/1] user panel: add a parameter to set the current product's realm Shannon Sterz
2026-01-12 12:24 ` [pdm-devel] [PATCH datacenter-manager 1/3] fix #7182: server: auth: add dummy openid authenticator Shannon Sterz
@ 2026-01-12 12:24 ` Shannon Sterz
2026-01-12 12:24 ` [pdm-devel] [PATCH datacenter-manager 3/3] ui: set prodcut realm so that the add user dialogs are rendered properly Shannon Sterz
3 siblings, 0 replies; 5+ messages in thread
From: Shannon Sterz @ 2026-01-12 12:24 UTC (permalink / raw)
To: pdm-devel
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
ui/src/configuration/subscription_panel.rs | 6 +-----
ui/src/remotes/firewall/tree.rs | 6 +-----
2 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/ui/src/configuration/subscription_panel.rs b/ui/src/configuration/subscription_panel.rs
index 4cbb60e..9e51d47 100644
--- a/ui/src/configuration/subscription_panel.rs
+++ b/ui/src/configuration/subscription_panel.rs
@@ -41,11 +41,7 @@ pub struct ProxmoxSubscriptionPanel {
checking: bool,
}
-pwt::impl_deref_mut_property!(
- ProxmoxSubscriptionPanel,
- state,
- LoadableComponentState<()>
-);
+pwt::impl_deref_mut_property!(ProxmoxSubscriptionPanel, state, LoadableComponentState<()>);
impl LoadableComponent for ProxmoxSubscriptionPanel {
type Message = Msg;
diff --git a/ui/src/remotes/firewall/tree.rs b/ui/src/remotes/firewall/tree.rs
index 594df97..41a53f8 100644
--- a/ui/src/remotes/firewall/tree.rs
+++ b/ui/src/remotes/firewall/tree.rs
@@ -163,11 +163,7 @@ pub struct FirewallTreeComponent {
tree_collapsed: bool,
}
-pwt::impl_deref_mut_property!(
- FirewallTreeComponent,
- state,
- LoadableComponentState<()>
-);
+pwt::impl_deref_mut_property!(FirewallTreeComponent, state, LoadableComponentState<()>);
impl FirewallTreeComponent {
fn reset_tree_for_loading(&mut self) {
--
2.47.3
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
^ permalink raw reply [flat|nested] 5+ messages in thread* [pdm-devel] [PATCH datacenter-manager 3/3] ui: set prodcut realm so that the add user dialogs are rendered properly
2026-01-12 12:24 [pdm-devel] [PATCH datacenter-manager/yew-comp 0/4] fix adding users manually for openid/ldap/ad realms Shannon Sterz
` (2 preceding siblings ...)
2026-01-12 12:24 ` [pdm-devel] [PATCH datacenter-manager 2/3] ui: run cargo fmt Shannon Sterz
@ 2026-01-12 12:24 ` Shannon Sterz
3 siblings, 0 replies; 5+ messages in thread
From: Shannon Sterz @ 2026-01-12 12:24 UTC (permalink / raw)
To: pdm-devel
without setting this the add user dialog won't display the fields for
the password and confirming the password anymore
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
ui/src/configuration/mod.rs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ui/src/configuration/mod.rs b/ui/src/configuration/mod.rs
index 18fc396..6ffb64b 100644
--- a/ui/src/configuration/mod.rs
+++ b/ui/src/configuration/mod.rs
@@ -68,7 +68,7 @@ pub fn access_control() -> Html {
Container::new()
.class("pwt-content-spacer")
.class(pwt::css::FlexFit)
- .with_child(UserPanel::new())
+ .with_child(UserPanel::new().product_realm(AttrValue::from("pdm")))
// forces a reload when the tab becomes visible again
.key(format!(
"user-management-{}",
--
2.47.3
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
^ permalink raw reply [flat|nested] 5+ messages in thread