From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <l.wagner@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 6E53B93152
for <pbs-devel@lists.proxmox.com>; Tue, 3 Jan 2023 15:23:59 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 12377C03B
for <pbs-devel@lists.proxmox.com>; Tue, 3 Jan 2023 15:23:29 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[94.136.29.106])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS
for <pbs-devel@lists.proxmox.com>; Tue, 3 Jan 2023 15:23:27 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id CC10244330
for <pbs-devel@lists.proxmox.com>; Tue, 3 Jan 2023 15:23:26 +0100 (CET)
From: Lukas Wagner <l.wagner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Tue, 3 Jan 2023 15:23:06 +0100
Message-Id: <20230103142308.656240-16-l.wagner@proxmox.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20230103142308.656240-1-l.wagner@proxmox.com>
References: <20230103142308.656240-1-l.wagner@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.179 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
information. [result.data]
Subject: [pbs-devel] [PATCH proxmox-widget-toolkit 15/17] auth ui: add LDAP
sync UI
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
<pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2023 14:23:59 -0000
Taken and adapted from PVE.
Changes:
- Removed fields that are irrelevant for PBS for now (PBS has no
groups yet). If PVE is adapted to use the implementation from the
widget toolkit, the fields can simply be readded and somehow
feature-gated so that the fields are only visible/editable on PVE
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---
src/Makefile | 1 +
src/Schema.js | 4 +
src/panel/AuthView.js | 24 +++++
src/window/AuthEditLDAP.js | 161 +++++++++++++++++++++++++++++++
src/window/SyncWindow.js | 192 +++++++++++++++++++++++++++++++++++++
5 files changed, 382 insertions(+)
create mode 100644 src/window/SyncWindow.js
diff --git a/src/Makefile b/src/Makefile
index a24ae43..458ae93 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -91,6 +91,7 @@ JSSRC= \
window/AddYubico.js \
window/TfaEdit.js \
window/NotesEdit.js \
+ window/SyncWindow.js \
node/APT.js \
node/APTRepositories.js \
node/NetworkEdit.js \
diff --git a/src/Schema.js b/src/Schema.js
index 372af89..b247b1e 100644
--- a/src/Schema.js
+++ b/src/Schema.js
@@ -7,6 +7,7 @@ Ext.define('Proxmox.Schema', { // a singleton
add: false,
edit: false,
pwchange: true,
+ sync: false,
},
openid: {
name: gettext('OpenID Connect Server'),
@@ -15,15 +16,18 @@ Ext.define('Proxmox.Schema', { // a singleton
edit: true,
tfa: false,
pwchange: false,
+ sync: false,
iconCls: 'pmx-itype-icon-openid-logo',
},
ldap: {
name: gettext('LDAP Server'),
ipanel: 'pmxAuthLDAPPanel',
+ syncipanel: 'pmxAuthLDAPSyncPanel',
add: true,
edit: true,
tfa: true,
pwchange: false,
+ sync: true,
},
},
// to add or change existing for product specific ones
diff --git a/src/panel/AuthView.js b/src/panel/AuthView.js
index 69fe1a5..52b6cac 100644
--- a/src/panel/AuthView.js
+++ b/src/panel/AuthView.js
@@ -75,6 +75,23 @@ Ext.define('Proxmox.panel.AuthView', {
me.openEditWindow(rec.data.type, rec.data.realm);
},
+ open_sync_window: function() {
+ let rec = this.getSelection()[0];
+ if (!rec) {
+ return;
+ }
+ if (!Proxmox.Schema.authDomains[rec.data.type].sync) {
+ return;
+ }
+ Ext.create('Proxmox.window.SyncWindow', {
+ type: rec.data.type,
+ realm: rec.data.realm,
+ listeners: {
+ destroy: () => this.reload(),
+ },
+ }).show();
+ },
+
initComponent: function() {
var me = this;
@@ -115,6 +132,13 @@ Ext.define('Proxmox.panel.AuthView', {
enableFn: (rec) => Proxmox.Schema.authDomains[rec.data.type].add,
callback: () => me.reload(),
},
+ {
+ xtype: 'proxmoxButton',
+ text: gettext('Sync'),
+ disabled: true,
+ enableFn: (rec) => Proxmox.Schema.authDomains[rec.data.type].sync,
+ handler: () => me.open_sync_window(),
+ },
];
if (me.extraButtons) {
diff --git a/src/window/AuthEditLDAP.js b/src/window/AuthEditLDAP.js
index a44c536..4195efe 100644
--- a/src/window/AuthEditLDAP.js
+++ b/src/window/AuthEditLDAP.js
@@ -192,3 +192,164 @@ Ext.define('Proxmox.panel.LDAPInputPanel', {
});
+
+Ext.define('Proxmox.panel.LDAPSyncInputPanel', {
+ extend: 'Proxmox.panel.InputPanel',
+ xtype: 'pmxAuthLDAPSyncPanel',
+ mixins: ['Proxmox.Mixin.CBind'],
+
+ editableAttributes: ['email'],
+ editableDefaults: ['scope', 'enable-new'],
+ default_opts: {},
+ sync_attributes: {},
+
+ type: 'ldap',
+
+ // (de)construct the sync-attributes from the list above,
+ // not touching all others
+ onGetValues: function(values) {
+ this.editableDefaults.forEach((attr) => {
+ if (values[attr]) {
+ this.default_opts[attr] = values[attr];
+ delete values[attr];
+ } else {
+ delete this.default_opts[attr];
+ }
+ });
+ let vanished_opts = [];
+ ['acl', 'entry', 'properties'].forEach((prop) => {
+ if (values[`remove-vanished-${prop}`]) {
+ vanished_opts.push(prop);
+ }
+ delete values[`remove-vanished-${prop}`];
+ });
+ this.default_opts['remove-vanished'] = vanished_opts.join(';');
+
+ values['sync-defaults-options'] = Proxmox.Utils.printPropertyString(this.default_opts);
+ this.editableAttributes.forEach((attr) => {
+ if (values[attr]) {
+ this.sync_attributes[attr] = values[attr];
+ delete values[attr];
+ } else {
+ delete this.sync_attributes[attr];
+ }
+ });
+ values['sync-attributes'] = Proxmox.Utils.printPropertyString(this.sync_attributes);
+
+ Proxmox.Utils.delete_if_default(values, 'sync-defaults-options');
+ Proxmox.Utils.delete_if_default(values, 'sync-attributes');
+
+ if (this.isCreate) {
+ delete values.delete; // on create we cannot delete values
+ }
+
+ return values;
+ },
+
+ setValues: function(values) {
+ if (values['sync-attributes']) {
+ this.sync_attributes = Proxmox.Utils.parsePropertyString(values['sync-attributes']);
+ delete values['sync-attributes'];
+ this.editableAttributes.forEach((attr) => {
+ if (this.sync_attributes[attr]) {
+ values[attr] = this.sync_attributes[attr];
+ }
+ });
+ }
+ if (values['sync-defaults-options']) {
+ this.default_opts = Proxmox.Utils.parsePropertyString(values['sync-defaults-options']);
+ delete values.default_opts;
+ this.editableDefaults.forEach((attr) => {
+ if (this.default_opts[attr]) {
+ values[attr] = this.default_opts[attr];
+ }
+ });
+
+ if (this.default_opts['remove-vanished']) {
+ let opts = this.default_opts['remove-vanished'].split(';');
+ for (const opt of opts) {
+ values[`remove-vanished-${opt}`] = 1;
+ }
+ }
+ }
+ return this.callParent([values]);
+ },
+
+ column1: [
+ {
+ xtype: 'proxmoxtextfield',
+ name: 'email',
+ fieldLabel: gettext('E-Mail attribute'),
+ },
+ {
+ xtype: 'displayfield',
+ value: gettext('Default Sync Options'),
+ },
+ {
+ xtype: 'proxmoxKVComboBox',
+ value: '__default__',
+ deleteEmpty: false,
+ comboItems: [
+ [
+ '__default__',
+ Ext.String.format(
+ gettext("{0} ({1})"),
+ Proxmox.Utils.yesText,
+ Proxmox.Utils.defaultText,
+ ),
+ ],
+ ['true', Proxmox.Utils.yesText],
+ ['false', Proxmox.Utils.noText],
+ ],
+ name: 'enable-new',
+ fieldLabel: gettext('Enable new users'),
+ },
+ ],
+
+ column2: [
+ {
+ xtype: 'proxmoxtextfield',
+ name: 'user-classes',
+ fieldLabel: gettext('User classes'),
+ deleteEmpty: true,
+ emptyText: 'inetorgperson, posixaccount, person, user',
+ autoEl: {
+ tag: 'div',
+ 'data-qtip': gettext('Default user classes: inetorgperson, posixaccount, person, user'),
+ },
+ },
+ {
+ xtype: 'proxmoxtextfield',
+ name: 'filter',
+ fieldLabel: gettext('User Filter'),
+ deleteEmpty: true,
+ },
+ ],
+
+ columnB: [
+ {
+ xtype: 'fieldset',
+ title: gettext('Remove Vanished Options'),
+ items: [
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('ACL'),
+ name: 'remove-vanished-acl',
+ boxLabel: gettext('Remove ACLs of vanished users'),
+ },
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('Entry'),
+ name: 'remove-vanished-entry',
+ boxLabel: gettext('Remove vanished user'),
+ },
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('Properties'),
+ name: 'remove-vanished-properties',
+ boxLabel: gettext('Remove vanished properties from synced users.'),
+ },
+ ],
+ },
+ ],
+});
diff --git a/src/window/SyncWindow.js b/src/window/SyncWindow.js
new file mode 100644
index 0000000..449782a
--- /dev/null
+++ b/src/window/SyncWindow.js
@@ -0,0 +1,192 @@
+Ext.define('Proxmox.window.SyncWindow', {
+ extend: 'Ext.window.Window',
+
+ title: gettext('Realm Sync'),
+
+ width: 600,
+ bodyPadding: 10,
+ modal: true,
+ resizable: false,
+
+ controller: {
+ xclass: 'Ext.app.ViewController',
+
+ control: {
+ 'form': {
+ validitychange: function(field, valid) {
+ this.lookup('preview_btn').setDisabled(!valid);
+ this.lookup('sync_btn').setDisabled(!valid);
+ },
+ },
+ 'button': {
+ click: function(btn) {
+ this.sync_realm(btn.reference === 'preview_btn');
+ },
+ },
+ },
+
+ sync_realm: function(is_preview) {
+ let view = this.getView();
+ let ipanel = this.lookup('ipanel');
+ let params = ipanel.getValues();
+
+ let vanished_opts = [];
+ ['acl', 'entry', 'properties'].forEach((prop) => {
+ if (params[`remove-vanished-${prop}`]) {
+ vanished_opts.push(prop);
+ }
+ delete params[`remove-vanished-${prop}`];
+ });
+ if (vanished_opts.length > 0) {
+ params['remove-vanished'] = vanished_opts.join(';');
+ }
+
+ params['dry-run'] = is_preview ? 1 : 0;
+ Proxmox.Utils.API2Request({
+ url: `/access/domains/${view.realm}/sync`,
+ waitMsgTarget: view,
+ method: 'POST',
+ params,
+ failure: (response) => {
+ view.show();
+ Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+ },
+ success: (response) => {
+ view.hide();
+ Ext.create('Proxmox.window.TaskViewer', {
+ upid: response.result.data,
+ listeners: {
+ destroy: () => {
+ if (is_preview) {
+ view.show();
+ } else {
+ view.close();
+ }
+ },
+ },
+ }).show();
+ },
+ });
+ },
+ },
+
+ items: [
+ {
+ xtype: 'form',
+ reference: 'form',
+ border: false,
+ fieldDefaults: {
+ labelWidth: 100,
+ anchor: '100%',
+ },
+ items: [{
+ xtype: 'inputpanel',
+ reference: 'ipanel',
+ column1: [
+ {
+ xtype: 'proxmoxKVComboBox',
+ value: 'true',
+ deleteEmpty: false,
+ allowBlank: false,
+ comboItems: [
+ ['true', Proxmox.Utils.yesText],
+ ['false', Proxmox.Utils.noText],
+ ],
+ name: 'enable-new',
+ fieldLabel: gettext('Enable new'),
+ },
+ ],
+
+ column2: [
+ ],
+
+ columnB: [
+ {
+ xtype: 'fieldset',
+ title: gettext('Remove Vanished Options'),
+ items: [
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('ACL'),
+ name: 'remove-vanished-acl',
+ boxLabel: gettext('Remove ACLs of vanished users and groups.'),
+ },
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('Entry'),
+ name: 'remove-vanished-entry',
+ boxLabel: gettext('Remove vanished user and group entries.'),
+ },
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('Properties'),
+ name: 'remove-vanished-properties',
+ boxLabel: gettext('Remove vanished properties from synced users.'),
+ },
+ ],
+ },
+ {
+ xtype: 'displayfield',
+ reference: 'defaulthint',
+ value: gettext('Default sync options can be set by editing the realm.'),
+ userCls: 'pmx-hint',
+ hidden: true,
+ },
+ ],
+ }],
+ },
+ ],
+
+ buttons: [
+ '->',
+ {
+ text: gettext('Preview'),
+ reference: 'preview_btn',
+ },
+ {
+ text: gettext('Sync'),
+ reference: 'sync_btn',
+ },
+ ],
+
+ initComponent: function() {
+ if (!this.realm) {
+ throw "no realm defined";
+ }
+
+ if (!this.type) {
+ throw "no realm type defined";
+ }
+
+ this.callParent();
+
+ Proxmox.Utils.API2Request({
+ url: `/config/access/${this.type}/${this.realm}`,
+ waitMsgTarget: this,
+ method: 'GET',
+ failure: (response) => {
+ Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+ this.close();
+ },
+ success: (response) => {
+ let default_options = response.result.data['sync-defaults-options'];
+ if (default_options) {
+ let options = Proxmox.Utils.parsePropertyString(default_options);
+ if (options['remove-vanished']) {
+ let opts = options['remove-vanished'].split(';');
+ for (const opt of opts) {
+ options[`remove-vanished-${opt}`] = 1;
+ }
+ }
+ let ipanel = this.lookup('ipanel');
+ ipanel.setValues(options);
+ } else {
+ this.lookup('defaulthint').setVisible(true);
+ }
+
+ // check validity for button state
+ this.lookup('form').isValid();
+ },
+ });
+ },
+});
--
2.30.2