From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 8DF4C905DA for ; Tue, 2 Apr 2024 13:27:35 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AD0804B1E for ; Tue, 2 Apr 2024 13:27:34 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 2 Apr 2024 13:27:33 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id C946944A03 for ; Tue, 2 Apr 2024 13:27:32 +0200 (CEST) From: Markus Frank To: pmg-devel@lists.proxmox.com Date: Tue, 2 Apr 2024 13:27:20 +0200 Message-Id: <20240402112721.14405-6-m.frank@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240402112721.14405-1-m.frank@proxmox.com> References: <20240402112721.14405-1-m.frank@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.034 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] [PATCH pmg-gui 5/6] login: add option to login with OpenID realm X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Apr 2024 11:27:35 -0000 Signed-off-by: Markus Frank --- js/LoginView.js | 200 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 153 insertions(+), 47 deletions(-) diff --git a/js/LoginView.js b/js/LoginView.js index 63f4099..bdfedaf 100644 --- a/js/LoginView.js +++ b/js/LoginView.js @@ -2,6 +2,21 @@ Ext.define('PMG.LoginView', { extend: 'Ext.container.Container', xtype: 'loginview', + viewModel: { + data: { + openid: false, + }, + formulas: { + button_text: function(get) { + if (get("openid") === true) { + return gettext("Login (OpenID redirect)"); + } else { + return gettext("Login"); + } + }, + }, + }, + controller: { xclass: 'Ext.app.ViewController', @@ -45,51 +60,78 @@ Ext.define('PMG.LoginView', { }, submitForm: async function() { - let me = this; - let view = me.getView(); - let loginForm = me.lookupReference('loginForm'); - var unField = me.lookupReference('usernameField'); - var saveunField = me.lookupReference('saveunField'); - - if (loginForm.isValid()) { - if (loginForm.isVisible()) { - loginForm.mask(gettext('Please wait...'), 'x-mask-loading'); - } + var me = this; - // set or clear username for admin view - if (view.targetview !== 'quarantineview') { - var sp = Ext.state.Manager.getProvider(); - if (saveunField.getValue() === true) { - sp.set(unField.getStateId(), unField.getValue()); - } else { - sp.clear(unField.getStateId()); - } - sp.set(saveunField.getStateId(), saveunField.getValue()); + var loginForm = this.lookupReference('loginForm'); + var unField = this.lookupReference('usernameField'); + var saveunField = this.lookupReference('saveunField'); + var view = this.getView(); + + if (!loginForm.isValid()) { + return; + } + + if (loginForm.isVisible()) { + loginForm.mask(gettext('Please wait...'), 'x-mask-loading'); + } + + // set or clear username for admin view + if (view.targetview !== 'quarantineview') { + var sp = Ext.state.Manager.getProvider(); + if (saveunField.getValue() === true) { + sp.set(unField.getStateId(), unField.getValue()); + } else { + sp.clear(unField.getStateId()); } + sp.set(saveunField.getStateId(), saveunField.getValue()); + } - let creds = loginForm.getValues(); + let creds = loginForm.getValues(); - try { - let resp = await Proxmox.Async.api2({ - url: '/api2/extjs/access/ticket', - params: creds, - method: 'POST', - }); + if (this.getViewModel().data.openid === true) { + const redirectURL = location.origin; + Proxmox.Utils.API2Request({ + url: '/api2/extjs/access/openid/auth-url', + params: { + realm: creds.realm, + "redirect-url": redirectURL, + }, + method: 'POST', + success: function(resp, opts) { + window.location = resp.result.data; + }, + failure: function(resp, opts) { + Proxmox.Utils.authClear(); + loginForm.unmask(); + Ext.MessageBox.alert( + gettext('Error'), + gettext('OpenID redirect failed.') + `
${resp.htmlStatus}`, + ); + }, + }); + return; + } - let data = resp.result.data; - if (data.ticket.startsWith('PMG:!tfa!')) { - data = await me.performTFAChallenge(data); - } - PMG.Utils.updateLoginData(data); - PMG.app.changeView(view.targetview); - } catch (error) { - Proxmox.Utils.authClear(); - loginForm.unmask(); - Ext.MessageBox.alert( - gettext('Error'), - gettext('Login failed. Please try again'), - ); + try { + let resp = await Proxmox.Async.api2({ + url: '/api2/extjs/access/ticket', + params: creds, + method: 'POST', + }); + + let data = resp.result.data; + if (data.ticket.startsWith('PMG:!tfa!')) { + data = await me.performTFAChallenge(data); } + PMG.Utils.updateLoginData(data); + PMG.app.changeView(view.targetview); + } catch (error) { + Proxmox.Utils.authClear(); + loginForm.unmask(); + Ext.MessageBox.alert( + gettext('Error'), + gettext('Login failed. Please try again'), + ); } }, @@ -115,6 +157,15 @@ Ext.define('PMG.LoginView', { return resp.result.data; }, + success: function(data) { + var me = this; + var view = me.getView(); + var handler = view.handler || Ext.emptyFn; + handler.call(me, data); + PMG.Utils.updateLoginData(data); + PMG.app.changeView(view.targetview); + }, + openQuarantineLinkWindow: function() { let me = this; me.lookup('loginwindow').setVisible(false); @@ -150,6 +201,14 @@ Ext.define('PMG.LoginView', { window.location.reload(); }, }, + 'field[name=realm]': { + change: function(f, value) { + let record = f.store.getById(value); + if (record === undefined) return; + let data = record.data; + this.getViewModel().set("openid", data.type === "openid"); + }, + }, 'button[reference=quarantineButton]': { click: 'openQuarantineLinkWindow', }, @@ -174,6 +233,41 @@ Ext.define('PMG.LoginView', { var pwField = this.lookupReference('passwordField'); pwField.focus(); } + + let auth = Proxmox.Utils.getOpenIDRedirectionAuthorization(); + if (auth !== undefined) { + Proxmox.Utils.authClear(); + + let loginForm = this.lookupReference('loginForm'); + loginForm.mask(gettext('OpenID login - please wait...'), 'x-mask-loading'); + + const redirectURL = location.origin; + + Proxmox.Utils.API2Request({ + url: '/api2/extjs/access/openid/login', + params: { + state: auth.state, + code: auth.code, + "redirect-url": redirectURL, + }, + method: 'POST', + failure: function(response) { + loginForm.unmask(); + let error = response.htmlStatus; + Ext.MessageBox.alert( + gettext('Error'), + gettext('OpenID login failed, please try again') + `
${error}`, + () => { window.location = redirectURL; }, + ); + }, + success: function(response, options) { + loginForm.unmask(); + let data = response.result.data; + history.replaceState(null, '', redirectURL); + me.success(data); + }, + }); + } } }, }, @@ -249,6 +343,10 @@ Ext.define('PMG.LoginView', { itemId: 'usernameField', reference: 'usernameField', stateId: 'login-username', + bind: { + visible: "{!openid}", + disabled: "{openid}", + }, }, { xtype: 'textfield', @@ -256,6 +354,16 @@ Ext.define('PMG.LoginView', { fieldLabel: gettext('Password'), name: 'password', reference: 'passwordField', + bind: { + visible: "{!openid}", + disabled: "{openid}", + }, + }, + { + xtype: 'pmxRealmComboBox', + reference: 'realmfield', + name: 'realm', + value: 'pam', }, { xtype: 'proxmoxLanguageSelector', @@ -264,12 +372,6 @@ Ext.define('PMG.LoginView', { name: 'lang', submitValue: false, }, - { - xtype: 'hiddenfield', - reference: 'realmfield', - name: 'realm', - value: 'pmg', - }, ], buttons: [ { @@ -281,15 +383,19 @@ Ext.define('PMG.LoginView', { labelAlign: 'right', labelWidth: 150, submitValue: false, + bind: { + visible: "{!openid}", + }, }, { text: gettext('Request Quarantine Link'), reference: 'quarantineButton', }, { - text: gettext('Login'), + bind: { + text: "{button_text}", + }, reference: 'loginButton', - formBind: true, }, ], }, -- 2.39.2