From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 6E53B93152 for ; Tue, 3 Jan 2023 15:23:59 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 12377C03B for ; Tue, 3 Jan 2023 15:23:29 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 3 Jan 2023 15:23:27 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id CC10244330 for ; Tue, 3 Jan 2023 15:23:26 +0100 (CET) From: Lukas Wagner To: pbs-devel@lists.proxmox.com Date: Tue, 3 Jan 2023 15:23:06 +0100 Message-Id: <20230103142308.656240-16-l.wagner@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230103142308.656240-1-l.wagner@proxmox.com> References: <20230103142308.656240-1-l.wagner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.179 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [result.data] Subject: [pbs-devel] [PATCH proxmox-widget-toolkit 15/17] auth ui: add LDAP sync UI X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jan 2023 14:23:59 -0000 Taken and adapted from PVE. Changes: - Removed fields that are irrelevant for PBS for now (PBS has no groups yet). If PVE is adapted to use the implementation from the widget toolkit, the fields can simply be readded and somehow feature-gated so that the fields are only visible/editable on PVE Signed-off-by: Lukas Wagner --- src/Makefile | 1 + src/Schema.js | 4 + src/panel/AuthView.js | 24 +++++ src/window/AuthEditLDAP.js | 161 +++++++++++++++++++++++++++++++ src/window/SyncWindow.js | 192 +++++++++++++++++++++++++++++++++++++ 5 files changed, 382 insertions(+) create mode 100644 src/window/SyncWindow.js diff --git a/src/Makefile b/src/Makefile index a24ae43..458ae93 100644 --- a/src/Makefile +++ b/src/Makefile @@ -91,6 +91,7 @@ JSSRC= \ window/AddYubico.js \ window/TfaEdit.js \ window/NotesEdit.js \ + window/SyncWindow.js \ node/APT.js \ node/APTRepositories.js \ node/NetworkEdit.js \ diff --git a/src/Schema.js b/src/Schema.js index 372af89..b247b1e 100644 --- a/src/Schema.js +++ b/src/Schema.js @@ -7,6 +7,7 @@ Ext.define('Proxmox.Schema', { // a singleton add: false, edit: false, pwchange: true, + sync: false, }, openid: { name: gettext('OpenID Connect Server'), @@ -15,15 +16,18 @@ Ext.define('Proxmox.Schema', { // a singleton edit: true, tfa: false, pwchange: false, + sync: false, iconCls: 'pmx-itype-icon-openid-logo', }, ldap: { name: gettext('LDAP Server'), ipanel: 'pmxAuthLDAPPanel', + syncipanel: 'pmxAuthLDAPSyncPanel', add: true, edit: true, tfa: true, pwchange: false, + sync: true, }, }, // to add or change existing for product specific ones diff --git a/src/panel/AuthView.js b/src/panel/AuthView.js index 69fe1a5..52b6cac 100644 --- a/src/panel/AuthView.js +++ b/src/panel/AuthView.js @@ -75,6 +75,23 @@ Ext.define('Proxmox.panel.AuthView', { me.openEditWindow(rec.data.type, rec.data.realm); }, + open_sync_window: function() { + let rec = this.getSelection()[0]; + if (!rec) { + return; + } + if (!Proxmox.Schema.authDomains[rec.data.type].sync) { + return; + } + Ext.create('Proxmox.window.SyncWindow', { + type: rec.data.type, + realm: rec.data.realm, + listeners: { + destroy: () => this.reload(), + }, + }).show(); + }, + initComponent: function() { var me = this; @@ -115,6 +132,13 @@ Ext.define('Proxmox.panel.AuthView', { enableFn: (rec) => Proxmox.Schema.authDomains[rec.data.type].add, callback: () => me.reload(), }, + { + xtype: 'proxmoxButton', + text: gettext('Sync'), + disabled: true, + enableFn: (rec) => Proxmox.Schema.authDomains[rec.data.type].sync, + handler: () => me.open_sync_window(), + }, ]; if (me.extraButtons) { diff --git a/src/window/AuthEditLDAP.js b/src/window/AuthEditLDAP.js index a44c536..4195efe 100644 --- a/src/window/AuthEditLDAP.js +++ b/src/window/AuthEditLDAP.js @@ -192,3 +192,164 @@ Ext.define('Proxmox.panel.LDAPInputPanel', { }); + +Ext.define('Proxmox.panel.LDAPSyncInputPanel', { + extend: 'Proxmox.panel.InputPanel', + xtype: 'pmxAuthLDAPSyncPanel', + mixins: ['Proxmox.Mixin.CBind'], + + editableAttributes: ['email'], + editableDefaults: ['scope', 'enable-new'], + default_opts: {}, + sync_attributes: {}, + + type: 'ldap', + + // (de)construct the sync-attributes from the list above, + // not touching all others + onGetValues: function(values) { + this.editableDefaults.forEach((attr) => { + if (values[attr]) { + this.default_opts[attr] = values[attr]; + delete values[attr]; + } else { + delete this.default_opts[attr]; + } + }); + let vanished_opts = []; + ['acl', 'entry', 'properties'].forEach((prop) => { + if (values[`remove-vanished-${prop}`]) { + vanished_opts.push(prop); + } + delete values[`remove-vanished-${prop}`]; + }); + this.default_opts['remove-vanished'] = vanished_opts.join(';'); + + values['sync-defaults-options'] = Proxmox.Utils.printPropertyString(this.default_opts); + this.editableAttributes.forEach((attr) => { + if (values[attr]) { + this.sync_attributes[attr] = values[attr]; + delete values[attr]; + } else { + delete this.sync_attributes[attr]; + } + }); + values['sync-attributes'] = Proxmox.Utils.printPropertyString(this.sync_attributes); + + Proxmox.Utils.delete_if_default(values, 'sync-defaults-options'); + Proxmox.Utils.delete_if_default(values, 'sync-attributes'); + + if (this.isCreate) { + delete values.delete; // on create we cannot delete values + } + + return values; + }, + + setValues: function(values) { + if (values['sync-attributes']) { + this.sync_attributes = Proxmox.Utils.parsePropertyString(values['sync-attributes']); + delete values['sync-attributes']; + this.editableAttributes.forEach((attr) => { + if (this.sync_attributes[attr]) { + values[attr] = this.sync_attributes[attr]; + } + }); + } + if (values['sync-defaults-options']) { + this.default_opts = Proxmox.Utils.parsePropertyString(values['sync-defaults-options']); + delete values.default_opts; + this.editableDefaults.forEach((attr) => { + if (this.default_opts[attr]) { + values[attr] = this.default_opts[attr]; + } + }); + + if (this.default_opts['remove-vanished']) { + let opts = this.default_opts['remove-vanished'].split(';'); + for (const opt of opts) { + values[`remove-vanished-${opt}`] = 1; + } + } + } + return this.callParent([values]); + }, + + column1: [ + { + xtype: 'proxmoxtextfield', + name: 'email', + fieldLabel: gettext('E-Mail attribute'), + }, + { + xtype: 'displayfield', + value: gettext('Default Sync Options'), + }, + { + xtype: 'proxmoxKVComboBox', + value: '__default__', + deleteEmpty: false, + comboItems: [ + [ + '__default__', + Ext.String.format( + gettext("{0} ({1})"), + Proxmox.Utils.yesText, + Proxmox.Utils.defaultText, + ), + ], + ['true', Proxmox.Utils.yesText], + ['false', Proxmox.Utils.noText], + ], + name: 'enable-new', + fieldLabel: gettext('Enable new users'), + }, + ], + + column2: [ + { + xtype: 'proxmoxtextfield', + name: 'user-classes', + fieldLabel: gettext('User classes'), + deleteEmpty: true, + emptyText: 'inetorgperson, posixaccount, person, user', + autoEl: { + tag: 'div', + 'data-qtip': gettext('Default user classes: inetorgperson, posixaccount, person, user'), + }, + }, + { + xtype: 'proxmoxtextfield', + name: 'filter', + fieldLabel: gettext('User Filter'), + deleteEmpty: true, + }, + ], + + columnB: [ + { + xtype: 'fieldset', + title: gettext('Remove Vanished Options'), + items: [ + { + xtype: 'proxmoxcheckbox', + fieldLabel: gettext('ACL'), + name: 'remove-vanished-acl', + boxLabel: gettext('Remove ACLs of vanished users'), + }, + { + xtype: 'proxmoxcheckbox', + fieldLabel: gettext('Entry'), + name: 'remove-vanished-entry', + boxLabel: gettext('Remove vanished user'), + }, + { + xtype: 'proxmoxcheckbox', + fieldLabel: gettext('Properties'), + name: 'remove-vanished-properties', + boxLabel: gettext('Remove vanished properties from synced users.'), + }, + ], + }, + ], +}); diff --git a/src/window/SyncWindow.js b/src/window/SyncWindow.js new file mode 100644 index 0000000..449782a --- /dev/null +++ b/src/window/SyncWindow.js @@ -0,0 +1,192 @@ +Ext.define('Proxmox.window.SyncWindow', { + extend: 'Ext.window.Window', + + title: gettext('Realm Sync'), + + width: 600, + bodyPadding: 10, + modal: true, + resizable: false, + + controller: { + xclass: 'Ext.app.ViewController', + + control: { + 'form': { + validitychange: function(field, valid) { + this.lookup('preview_btn').setDisabled(!valid); + this.lookup('sync_btn').setDisabled(!valid); + }, + }, + 'button': { + click: function(btn) { + this.sync_realm(btn.reference === 'preview_btn'); + }, + }, + }, + + sync_realm: function(is_preview) { + let view = this.getView(); + let ipanel = this.lookup('ipanel'); + let params = ipanel.getValues(); + + let vanished_opts = []; + ['acl', 'entry', 'properties'].forEach((prop) => { + if (params[`remove-vanished-${prop}`]) { + vanished_opts.push(prop); + } + delete params[`remove-vanished-${prop}`]; + }); + if (vanished_opts.length > 0) { + params['remove-vanished'] = vanished_opts.join(';'); + } + + params['dry-run'] = is_preview ? 1 : 0; + Proxmox.Utils.API2Request({ + url: `/access/domains/${view.realm}/sync`, + waitMsgTarget: view, + method: 'POST', + params, + failure: (response) => { + view.show(); + Ext.Msg.alert(gettext('Error'), response.htmlStatus); + }, + success: (response) => { + view.hide(); + Ext.create('Proxmox.window.TaskViewer', { + upid: response.result.data, + listeners: { + destroy: () => { + if (is_preview) { + view.show(); + } else { + view.close(); + } + }, + }, + }).show(); + }, + }); + }, + }, + + items: [ + { + xtype: 'form', + reference: 'form', + border: false, + fieldDefaults: { + labelWidth: 100, + anchor: '100%', + }, + items: [{ + xtype: 'inputpanel', + reference: 'ipanel', + column1: [ + { + xtype: 'proxmoxKVComboBox', + value: 'true', + deleteEmpty: false, + allowBlank: false, + comboItems: [ + ['true', Proxmox.Utils.yesText], + ['false', Proxmox.Utils.noText], + ], + name: 'enable-new', + fieldLabel: gettext('Enable new'), + }, + ], + + column2: [ + ], + + columnB: [ + { + xtype: 'fieldset', + title: gettext('Remove Vanished Options'), + items: [ + { + xtype: 'proxmoxcheckbox', + fieldLabel: gettext('ACL'), + name: 'remove-vanished-acl', + boxLabel: gettext('Remove ACLs of vanished users and groups.'), + }, + { + xtype: 'proxmoxcheckbox', + fieldLabel: gettext('Entry'), + name: 'remove-vanished-entry', + boxLabel: gettext('Remove vanished user and group entries.'), + }, + { + xtype: 'proxmoxcheckbox', + fieldLabel: gettext('Properties'), + name: 'remove-vanished-properties', + boxLabel: gettext('Remove vanished properties from synced users.'), + }, + ], + }, + { + xtype: 'displayfield', + reference: 'defaulthint', + value: gettext('Default sync options can be set by editing the realm.'), + userCls: 'pmx-hint', + hidden: true, + }, + ], + }], + }, + ], + + buttons: [ + '->', + { + text: gettext('Preview'), + reference: 'preview_btn', + }, + { + text: gettext('Sync'), + reference: 'sync_btn', + }, + ], + + initComponent: function() { + if (!this.realm) { + throw "no realm defined"; + } + + if (!this.type) { + throw "no realm type defined"; + } + + this.callParent(); + + Proxmox.Utils.API2Request({ + url: `/config/access/${this.type}/${this.realm}`, + waitMsgTarget: this, + method: 'GET', + failure: (response) => { + Ext.Msg.alert(gettext('Error'), response.htmlStatus); + this.close(); + }, + success: (response) => { + let default_options = response.result.data['sync-defaults-options']; + if (default_options) { + let options = Proxmox.Utils.parsePropertyString(default_options); + if (options['remove-vanished']) { + let opts = options['remove-vanished'].split(';'); + for (const opt of opts) { + options[`remove-vanished-${opt}`] = 1; + } + } + let ipanel = this.lookup('ipanel'); + ipanel.setValues(options); + } else { + this.lookup('defaulthint').setVisible(true); + } + + // check validity for button state + this.lookup('form').isValid(); + }, + }); + }, +}); -- 2.30.2