* [pbs-devel] [PATCH proxmox-backup 1/4] api: add consent api handler and config
2024-05-16 16:24 [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Gabriel Goller
@ 2024-05-16 16:24 ` Gabriel Goller
2024-05-16 16:24 ` [pbs-devel] [PATCH proxmox-backup 2/4] ui: show consent banner before login Gabriel Goller
` (4 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Gabriel Goller @ 2024-05-16 16:24 UTC (permalink / raw)
To: pbs-devel
Add config function to retrieve consent from file and api handler to
serve it via the http.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
src/api2/access/consent.rs | 25 +++++++++++++++++++++++++
src/api2/access/mod.rs | 2 ++
src/config/consent.rs | 11 +++++++++++
src/config/mod.rs | 1 +
4 files changed, 39 insertions(+)
create mode 100644 src/api2/access/consent.rs
create mode 100644 src/config/consent.rs
diff --git a/src/api2/access/consent.rs b/src/api2/access/consent.rs
new file mode 100644
index 00000000..c8cb89c3
--- /dev/null
+++ b/src/api2/access/consent.rs
@@ -0,0 +1,25 @@
+use anyhow::Error;
+use proxmox_router::http_bail;
+use proxmox_router::{Permission, Router};
+use proxmox_schema::api;
+
+pub(crate) const ROUTER: Router = Router::new().get(&API_METHOD_GET_CONSENT);
+
+#[api(
+ returns: {
+ type: String,
+ description: "Consent banner text.",
+ },
+ access: {
+ description: "Anyone can access this, because we need to display the consent box before the user is logged in.",
+ permission: &Permission::World,
+ }
+)]
+/// Get consent banner text.
+pub fn get_consent() -> Result<String, Error> {
+ let consent = crate::config::consent::config()?;
+ if consent.trim().is_empty() {
+ http_bail!(NO_CONTENT, "No consent banner exists.")
+ }
+ Ok(consent)
+}
diff --git a/src/api2/access/mod.rs b/src/api2/access/mod.rs
index 15509fd9..44e67602 100644
--- a/src/api2/access/mod.rs
+++ b/src/api2/access/mod.rs
@@ -20,6 +20,7 @@ use pbs_config::acl::AclTreeNode;
use pbs_config::CachedUserInfo;
pub mod acl;
+pub mod consent;
pub mod domain;
pub mod openid;
pub mod role;
@@ -275,6 +276,7 @@ const SUBDIRS: SubdirMap = &sorted!([
("roles", &role::ROUTER),
("users", &user::ROUTER),
("tfa", &tfa::ROUTER),
+ ("consent", &consent::ROUTER),
]);
pub const ROUTER: Router = Router::new()
diff --git a/src/config/consent.rs b/src/config/consent.rs
new file mode 100644
index 00000000..55ef201c
--- /dev/null
+++ b/src/config/consent.rs
@@ -0,0 +1,11 @@
+use anyhow::Error;
+
+use pbs_buildcfg::configdir;
+
+const CONF_FILE: &str = configdir!("/consent.txt");
+
+/// Read the Consent config.
+pub fn config() -> Result<String, Error> {
+ let content = proxmox_sys::fs::file_read_optional_string(CONF_FILE)?.unwrap_or_default();
+ Ok(content)
+}
diff --git a/src/config/mod.rs b/src/config/mod.rs
index 324fabca..81caf0d5 100644
--- a/src/config/mod.rs
+++ b/src/config/mod.rs
@@ -15,6 +15,7 @@ use proxmox_lang::try_block;
use pbs_buildcfg::{self, configdir};
pub mod acme;
+pub mod consent;
pub mod node;
pub mod tfa;
--
2.43.0
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* [pbs-devel] [PATCH proxmox-backup 2/4] ui: show consent banner before login
2024-05-16 16:24 [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Gabriel Goller
2024-05-16 16:24 ` [pbs-devel] [PATCH proxmox-backup 1/4] api: add consent api handler and config Gabriel Goller
@ 2024-05-16 16:24 ` Gabriel Goller
2024-05-16 16:25 ` [pbs-devel] [PATCH proxmox-backup 3/4] docs: add short section about consent banner Gabriel Goller
` (3 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Gabriel Goller @ 2024-05-16 16:24 UTC (permalink / raw)
To: pbs-devel
Before showing the LoginView, make an api request to retrieve the
consent text. If it fails, don't show the banner, if it succeeds, show
the banner.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
www/LoginView.js | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/www/LoginView.js b/www/LoginView.js
index d4d8e73e..ec2995dd 100644
--- a/www/LoginView.js
+++ b/www/LoginView.js
@@ -20,6 +20,19 @@ Ext.define('PBS.LoginView', {
controller: {
xclass: 'Ext.app.ViewController',
+ init: async function() {
+ let resp = await Proxmox.Async.api2({
+ url: '/api2/extjs/access/consent',
+ method: 'GET',
+ });
+ if (resp.result.status === 200) {
+ Ext.create('Proxmox.window.ConsentModal', {
+ autoShow: true,
+ consent: resp.result.data,
+ });
+ }
+ },
+
submitForm: async function() {
var me = this;
var loginForm = me.lookupReference('loginForm');
@@ -333,3 +346,4 @@ Ext.define('PBS.LoginView', {
},
],
});
+
--
2.43.0
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* [pbs-devel] [PATCH proxmox-backup 3/4] docs: add short section about consent banner
2024-05-16 16:24 [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Gabriel Goller
2024-05-16 16:24 ` [pbs-devel] [PATCH proxmox-backup 1/4] api: add consent api handler and config Gabriel Goller
2024-05-16 16:24 ` [pbs-devel] [PATCH proxmox-backup 2/4] ui: show consent banner before login Gabriel Goller
@ 2024-05-16 16:25 ` Gabriel Goller
2024-05-16 16:25 ` [pbs-devel] [PATCH backup 4/4] window: add consent modal Gabriel Goller
` (2 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Gabriel Goller @ 2024-05-16 16:25 UTC (permalink / raw)
To: pbs-devel
Add short section about the consent banner.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
docs/gui.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/docs/gui.rst b/docs/gui.rst
index 9547c73f..15c885ef 100644
--- a/docs/gui.rst
+++ b/docs/gui.rst
@@ -40,6 +40,13 @@ Proxmox Backup Server supports various languages and authentication back ends
.. note:: For convenience, you can save the username on the client side, by
selecting the "Save User name" checkbox at the bottom of the window.
+Consent Banner
+^^^^^^^^^^^^^^
+
+A consent banner that has to be accepted before login can be displayed
+by creating a /etc/proxmox-backup/consent.txt file. If this file exists,
+and is not empty, the content will be displayed in a popup.
+
GUI Overview
------------
--
2.43.0
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* [pbs-devel] [PATCH backup 4/4] window: add consent modal
2024-05-16 16:24 [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Gabriel Goller
` (2 preceding siblings ...)
2024-05-16 16:25 ` [pbs-devel] [PATCH proxmox-backup 3/4] docs: add short section about consent banner Gabriel Goller
@ 2024-05-16 16:25 ` Gabriel Goller
2024-05-17 7:15 ` [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Dominik Csapak
2024-05-22 13:28 ` Gabriel Goller
5 siblings, 0 replies; 10+ messages in thread
From: Gabriel Goller @ 2024-05-16 16:25 UTC (permalink / raw)
To: pbs-devel
Add consentModal that gets displayed before the login. Simply shows the
text in a scrollable box and contains two buttons: "I agree" and "I
decline".
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
src/Makefile | 1 +
src/window/ConsentModal.js | 39 ++++++++++++++++++++++++++++++++++++++
2 files changed, 40 insertions(+)
create mode 100644 src/window/ConsentModal.js
diff --git a/src/Makefile b/src/Makefile
index 0478251..3c2fd4b 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -87,6 +87,7 @@ JSSRC= \
window/DiskSmart.js \
window/ZFSDetail.js \
window/Certificates.js \
+ window/ConsentModal.js \
window/ACMEAccount.js \
window/ACMEPluginEdit.js \
window/ACMEDomains.js \
diff --git a/src/window/ConsentModal.js b/src/window/ConsentModal.js
new file mode 100644
index 0000000..de5dc4f
--- /dev/null
+++ b/src/window/ConsentModal.js
@@ -0,0 +1,39 @@
+Ext.define('Proxmox.window.ConsentModal', {
+ extend: 'Ext.window.Window',
+ alias: ['widget.pmxConsentModal'],
+ mixins: ['Proxmox.Mixin.CBind'],
+
+ width: 600,
+ modal: true,
+ closable: false,
+ resizable: false,
+ title: gettext('Consent'),
+
+ items: [
+ {
+ xtype: 'textareafield',
+ cbind: {
+ value: '{consent}',
+ },
+ editable: false,
+ width: 600,
+ height: 400,
+ scrollable: 'y',
+ },
+ ],
+ buttons: [
+ {
+ handler: function() {
+ this.up('window').close();
+ },
+ text: gettext('I Accept'),
+ },
+ {
+ handler: function() {
+ Ext.Msg.alert('Error', 'To login, the terms&conditions must be accepted.');
+ },
+ text: gettext('I Decline'),
+ },
+ ],
+});
+
--
2.43.0
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login
2024-05-16 16:24 [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Gabriel Goller
` (3 preceding siblings ...)
2024-05-16 16:25 ` [pbs-devel] [PATCH backup 4/4] window: add consent modal Gabriel Goller
@ 2024-05-17 7:15 ` Dominik Csapak
2024-05-21 8:22 ` Gabriel Goller
2024-05-22 13:28 ` Gabriel Goller
5 siblings, 1 reply; 10+ messages in thread
From: Dominik Csapak @ 2024-05-17 7:15 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Gabriel Goller
thanks for tackling this
first, while this approach seems ok to me, there are probably still some
things to figure out yet in the bug report (see the bug report)
probably the biggest thing i'd change is the need for an extra api call.
since we already have to serve the index file,
we could use a similar mechanism to register the consent text
there (i.e. save it in memory and reread it when the mtime of the file changes)
and render the text of the consent directly into the index template.
that way we can avoid an extra round trip and directly show it
without an api call
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login
2024-05-17 7:15 ` [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Dominik Csapak
@ 2024-05-21 8:22 ` Gabriel Goller
2024-05-21 8:35 ` Dominik Csapak
0 siblings, 1 reply; 10+ messages in thread
From: Gabriel Goller @ 2024-05-21 8:22 UTC (permalink / raw)
To: Dominik Csapak; +Cc: Proxmox Backup Server development discussion
On 17.05.2024 09:15, Dominik Csapak wrote:
>thanks for tackling this
>
>first, while this approach seems ok to me, there are probably still some
>things to figure out yet in the bug report (see the bug report)
>probably the biggest thing i'd change is the need for an extra api call.
>
>since we already have to serve the index file,
>we could use a similar mechanism to register the consent text
>there (i.e. save it in memory and reread it when the mtime of the file changes)
>
>and render the text of the consent directly into the index template.
>that way we can avoid an extra round trip and directly show it
>without an api call
Oooh, that's an interesting idea...
Added these few lines to the index.hbs file. I think the only way is to
bind the function to a window.* variable isn't there?
{{#if consentText}}
<script type='text/javascript' > window.getConsentText = function () { return `{{ consentText }}`; } </script>
{{else}}
<script type='text/javascript'> window.getConsentText = function () { return ""; } </script>
{{/if}}
Another question is if we'd like to have customizable buttons. On
one hand 'I agree' and 'I decline' probably cover 99% of the use-cases,
(especially as we can translate it) but we could still add something like
"<agree-text>|<decline-text>" to the end of the consent.txt file. For
example:
YES|NO
or
Agree|Decline
or (this won't show the disagree button)
Agree|
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login
2024-05-21 8:22 ` Gabriel Goller
@ 2024-05-21 8:35 ` Dominik Csapak
2024-05-21 10:13 ` Gabriel Goller
0 siblings, 1 reply; 10+ messages in thread
From: Dominik Csapak @ 2024-05-21 8:35 UTC (permalink / raw)
To: Gabriel Goller; +Cc: Proxmox Backup Server development discussion
On 5/21/24 10:22, Gabriel Goller wrote:
> On 17.05.2024 09:15, Dominik Csapak wrote:
>> thanks for tackling this
>>
>> first, while this approach seems ok to me, there are probably still some
>> things to figure out yet in the bug report (see the bug report)
>> probably the biggest thing i'd change is the need for an extra api call.
>>
>> since we already have to serve the index file,
>> we could use a similar mechanism to register the consent text
>> there (i.e. save it in memory and reread it when the mtime of the file changes)
>>
>> and render the text of the consent directly into the index template.
>> that way we can avoid an extra round trip and directly show it
>> without an api call
>
> Oooh, that's an interesting idea...
> Added these few lines to the index.hbs file. I think the only way is to
> bind the function to a window.* variable isn't there?
>
> {{#if consentText}}
> <script type='text/javascript' > window.getConsentText = function () { return
> `{{ consentText }}`; } </script>
> {{else}}
> <script type='text/javascript'> window.getConsentText = function () { return ""; } </script>
> {{/if}}
>
i don't think it has to be as complicated.
e.g. i'd just add a new property for the 'Proxmox' object in the template:
---
Proxmox = {
...
consentText: "{{ consentText }}",
};
---
and then checking in the ui if it's the non empty string ?
(maybe we could find a way to add it in a more general way instead of
adding each option we want individually
if that's possible, we wouldn't have to add a new option to the template
every time
(e.g. some kind of 'additionalData' object with keys+values ?
not sure what the templating systems of pbs and pve support)
>
> Another question is if we'd like to have customizable buttons. On
> one hand 'I agree' and 'I decline' probably cover 99% of the use-cases,
> (especially as we can translate it) but we could still add something like
> "<agree-text>|<decline-text>" to the end of the consent.txt file. For
> example:
>
> YES|NO
>
> or
> Agree|Decline
>
> or (this won't show the disagree button)
>
> Agree|
>
>
>
according to the bug report this should not be necessary, a simple box with
'OK' as only option should even be enough
that would be generic for now that others could even repurpose it for some kind of system
announcements (like outages, etc.?)
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login
2024-05-21 8:35 ` Dominik Csapak
@ 2024-05-21 10:13 ` Gabriel Goller
0 siblings, 0 replies; 10+ messages in thread
From: Gabriel Goller @ 2024-05-21 10:13 UTC (permalink / raw)
To: Dominik Csapak; +Cc: Proxmox Backup Server development discussion
On 21.05.2024 10:35, Dominik Csapak wrote:
>On 5/21/24 10:22, Gabriel Goller wrote:
>>On 17.05.2024 09:15, Dominik Csapak wrote:
>>>thanks for tackling this
>>>
>>>first, while this approach seems ok to me, there are probably still some
>>>things to figure out yet in the bug report (see the bug report)
>>>probably the biggest thing i'd change is the need for an extra api call.
>>>
>>>since we already have to serve the index file,
>>>we could use a similar mechanism to register the consent text
>>>there (i.e. save it in memory and reread it when the mtime of the file changes)
>>>
>>>and render the text of the consent directly into the index template.
>>>that way we can avoid an extra round trip and directly show it
>>>without an api call
>>
>>Oooh, that's an interesting idea...
>>Added these few lines to the index.hbs file. I think the only way is to
>>bind the function to a window.* variable isn't there?
>>
>> {{#if consentText}}
>> <script type='text/javascript' > window.getConsentText =
>>function () { return `{{ consentText }}`; } </script>
>> {{else}}
>> <script type='text/javascript'> window.getConsentText = function () { return ""; } </script>
>> {{/if}}
>>
>
>i don't think it has to be as complicated.
>
>e.g. i'd just add a new property for the 'Proxmox' object in the template:
>
>---
>Proxmox = {
> ...
> consentText: "{{ consentText }}",
>};
>---
>
>and then checking in the ui if it's the non empty string ?
Oh, you are right, I missed this :)
(We just need to use the `` quotes here to support newlines.)
>(maybe we could find a way to add it in a more general way instead of
>adding each option we want individually
>if that's possible, we wouldn't have to add a new option to the template
>every time
>
>(e.g. some kind of 'additionalData' object with keys+values ?
>not sure what the templating systems of pbs and pve support)
I just did some quick tests, and it seems there is no easy way to assign
the templates (of more complex objects) to a variable in js. We could
convert the HashMap (or BTreeMap) to json and then parse it in js
though.
Mind you, I am a complete handlebars beginner, so there could be a
simpler way :)
Also, I don't suspect we'll add a significant amount of variables here
in the near future...
>>Another question is if we'd like to have customizable buttons. On
>>one hand 'I agree' and 'I decline' probably cover 99% of the use-cases,
>>(especially as we can translate it) but we could still add something like
>>"<agree-text>|<decline-text>" to the end of the consent.txt file. For
>>example:
>>
>> YES|NO
>>
>>or
>> Agree|Decline
>>
>>or (this won't show the disagree button)
>>
>> Agree|
>>
>>
>>
>
>
>according to the bug report this should not be necessary, a simple box with
>'OK' as only option should even be enough
>
>that would be generic for now that others could even repurpose it for
>some kind of system announcements (like outages, etc.?)
Yep, that was my idea as well!
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login
2024-05-16 16:24 [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Gabriel Goller
` (4 preceding siblings ...)
2024-05-17 7:15 ` [pbs-devel] [RFC backup/proxmox-backup 0/4] fix #5463: add optional consent banner before login Dominik Csapak
@ 2024-05-22 13:28 ` Gabriel Goller
5 siblings, 0 replies; 10+ messages in thread
From: Gabriel Goller @ 2024-05-22 13:28 UTC (permalink / raw)
To: Proxmox Backup Server development discussion
Sent a new version of this patch!
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 10+ messages in thread