From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH widget-toolkit 6/7] add Proxmox.panel.TfaView
Date: Tue, 9 Nov 2021 12:27:20 +0100 [thread overview]
Message-ID: <20211109112721.130935-32-w.bumiller@proxmox.com> (raw)
In-Reply-To: <20211109112721.130935-1-w.bumiller@proxmox.com>
copied from pbs with s/pbs/pmx/ and s/PBS/Proxmox/
DELETE call changed from using a body to url parameters,
since pve doesn't support a body there currently, and pbs
doesn't care
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
src/Makefile | 1 +
src/panel/TfaView.js | 270 ++++++++++++++++++++++++++++++++++++++++++
src/window/TfaEdit.js | 135 +++++++++++++++++++++
3 files changed, 406 insertions(+)
create mode 100644 src/panel/TfaView.js
diff --git a/src/Makefile b/src/Makefile
index ad7a3c2..bf2eab0 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -63,6 +63,7 @@ JSSRC= \
panel/ACMEPlugin.js \
panel/ACMEDomains.js \
panel/StatusView.js \
+ panel/TfaView.js \
window/Edit.js \
window/PasswordEdit.js \
window/SafeDestroy.js \
diff --git a/src/panel/TfaView.js b/src/panel/TfaView.js
new file mode 100644
index 0000000..a0cb04a
--- /dev/null
+++ b/src/panel/TfaView.js
@@ -0,0 +1,270 @@
+Ext.define('pmx-tfa-users', {
+ extend: 'Ext.data.Model',
+ fields: ['userid'],
+ idProperty: 'userid',
+ proxy: {
+ type: 'proxmox',
+ url: '/api2/json/access/tfa',
+ },
+});
+
+Ext.define('pmx-tfa-entry', {
+ extend: 'Ext.data.Model',
+ fields: ['fullid', 'userid', 'type', 'description', 'created', 'enable'],
+ idProperty: 'fullid',
+});
+
+
+Ext.define('Proxmox.panel.TfaView', {
+ extend: 'Ext.grid.GridPanel',
+ alias: 'widget.pmxTfaView',
+
+ title: gettext('Second Factors'),
+ reference: 'tfaview',
+
+ issuerName: 'Proxmox',
+
+ store: {
+ type: 'diff',
+ autoDestroy: true,
+ autoDestroyRstore: true,
+ model: 'pmx-tfa-entry',
+ rstore: {
+ type: 'store',
+ proxy: 'memory',
+ storeid: 'pmx-tfa-entry',
+ model: 'pmx-tfa-entry',
+ },
+ },
+
+ controller: {
+ xclass: 'Ext.app.ViewController',
+
+ init: function(view) {
+ let me = this;
+ view.tfaStore = Ext.create('Proxmox.data.UpdateStore', {
+ autoStart: true,
+ interval: 5 * 1000,
+ storeid: 'pmx-tfa-users',
+ model: 'pmx-tfa-users',
+ });
+ view.tfaStore.on('load', this.onLoad, this);
+ view.on('destroy', view.tfaStore.stopUpdate);
+ Proxmox.Utils.monStoreErrors(view, view.tfaStore);
+ },
+
+ reload: function() { this.getView().tfaStore.load(); },
+
+ onLoad: function(store, data, success) {
+ if (!success) return;
+
+ let records = [];
+ Ext.Array.each(data, user => {
+ Ext.Array.each(user.data.entries, entry => {
+ records.push({
+ fullid: `${user.id}/${entry.id}`,
+ userid: user.id,
+ type: entry.type,
+ description: entry.description,
+ created: entry.created,
+ enable: entry.enable,
+ });
+ });
+ });
+
+ let rstore = this.getView().store.rstore;
+ rstore.loadData(records);
+ rstore.fireEvent('load', rstore, records, true);
+ },
+
+ addTotp: function() {
+ let me = this;
+
+ Ext.create('Proxmox.window.AddTotp', {
+ isCreate: true,
+ issuerName: me.getView().issuerName,
+ listeners: {
+ destroy: function() {
+ me.reload();
+ },
+ },
+ }).show();
+ },
+
+ addWebauthn: function() {
+ let me = this;
+
+ Ext.create('Proxmox.window.AddWebauthn', {
+ isCreate: true,
+ listeners: {
+ destroy: function() {
+ me.reload();
+ },
+ },
+ }).show();
+ },
+
+ addRecovery: async function() {
+ let me = this;
+
+ Ext.create('Proxmox.window.AddTfaRecovery', {
+ listeners: {
+ destroy: function() {
+ me.reload();
+ },
+ },
+ }).show();
+ },
+
+ editItem: function() {
+ let me = this;
+ let view = me.getView();
+ let selection = view.getSelection();
+ if (selection.length !== 1 || selection[0].id.endsWith("/recovery")) {
+ return;
+ }
+
+ Ext.create('Proxmox.window.TfaEdit', {
+ 'tfa-id': selection[0].data.fullid,
+ listeners: {
+ destroy: function() {
+ me.reload();
+ },
+ },
+ }).show();
+ },
+
+ renderUser: fullid => fullid.split('/')[0],
+
+ renderEnabled: enabled => {
+ if (enabled === undefined) {
+ return Proxmox.Utils.yesText;
+ } else {
+ return Proxmox.Utils.format_boolean(enabled);
+ }
+ },
+
+ onRemoveButton: function(btn, event, record) {
+ let me = this;
+
+ Ext.create('Proxmox.tfa.confirmRemove', {
+ ...record.data,
+ callback: password => me.removeItem(password, record),
+ })
+ .show();
+ },
+
+ removeItem: async function(password, record) {
+ let me = this;
+
+ if (password !== null) {
+ password = '?password=' + encodeURIComponent(password);
+ } else {
+ password = '';
+ }
+
+ try {
+ me.getView().mask(gettext('Please wait...'), 'x-mask-loading');
+ await Proxmox.Async.api2({
+ url: `/api2/extjs/access/tfa/${record.id}${password}`,
+ method: 'DELETE',
+ });
+ me.reload();
+ } catch (response) {
+ Ext.Msg.alert(gettext('Error'), response.result.message);
+ } finally {
+ me.getView().unmask();
+ }
+ },
+ },
+
+ viewConfig: {
+ trackOver: false,
+ },
+
+ listeners: {
+ itemdblclick: 'editItem',
+ },
+
+ columns: [
+ {
+ header: gettext('User'),
+ width: 200,
+ sortable: true,
+ dataIndex: 'fullid',
+ renderer: 'renderUser',
+ },
+ {
+ header: gettext('Enabled'),
+ width: 80,
+ sortable: true,
+ dataIndex: 'enable',
+ renderer: 'renderEnabled',
+ },
+ {
+ header: gettext('TFA Type'),
+ width: 80,
+ sortable: true,
+ dataIndex: 'type',
+ },
+ {
+ header: gettext('Created'),
+ width: 150,
+ sortable: true,
+ dataIndex: 'created',
+ renderer: Proxmox.Utils.render_timestamp,
+ },
+ {
+ header: gettext('Description'),
+ width: 300,
+ sortable: true,
+ dataIndex: 'description',
+ renderer: Ext.String.htmlEncode,
+ flex: 1,
+ },
+ ],
+
+ tbar: [
+ {
+ text: gettext('Add'),
+ menu: {
+ xtype: 'menu',
+ items: [
+ {
+ text: gettext('TOTP'),
+ itemId: 'totp',
+ iconCls: 'fa fa-fw fa-clock-o',
+ handler: 'addTotp',
+ },
+ {
+ text: gettext('Webauthn'),
+ itemId: 'webauthn',
+ iconCls: 'fa fa-fw fa-shield',
+ handler: 'addWebauthn',
+ },
+ {
+ text: gettext('Recovery Keys'),
+ itemId: 'recovery',
+ iconCls: 'fa fa-fw fa-file-text-o',
+ handler: 'addRecovery',
+ },
+ ],
+ },
+ },
+ '-',
+ {
+ xtype: 'proxmoxButton',
+ text: gettext('Edit'),
+ handler: 'editItem',
+ enableFn: rec => !rec.id.endsWith("/recovery"),
+ disabled: true,
+ },
+ {
+ xtype: 'proxmoxButton',
+ disabled: true,
+ text: gettext('Remove'),
+ getRecordName: rec => rec.data.description,
+ handler: 'onRemoveButton',
+ },
+ ],
+});
diff --git a/src/window/TfaEdit.js b/src/window/TfaEdit.js
index 710f2b9..4a8b937 100644
--- a/src/window/TfaEdit.js
+++ b/src/window/TfaEdit.js
@@ -91,3 +91,138 @@ Ext.define('Proxmox.window.TfaEdit', {
return values;
},
});
+
+Ext.define('Proxmox.tfa.confirmRemove', {
+ extend: 'Proxmox.window.Edit',
+ mixins: ['Proxmox.Mixin.CBind'],
+
+ title: gettext("Confirm TFA Removal"),
+
+ modal: true,
+ resizable: false,
+ width: 600,
+ isCreate: true, // logic
+ isRemove: true,
+
+ url: '/access/tfa',
+
+ initComponent: function() {
+ let me = this;
+
+ if (typeof me.type !== "string") {
+ throw "missing type";
+ }
+
+ if (!me.callback) {
+ throw "missing callback";
+ }
+
+ me.callParent();
+
+ if (Proxmox.UserName === 'root@pam') {
+ me.lookup('password').setVisible(false);
+ me.lookup('password').setDisabled(true);
+ }
+ },
+
+ submit: function() {
+ let me = this;
+ if (Proxmox.UserName === 'root@pam') {
+ me.callback(null);
+ } else {
+ me.callback(me.lookup('password').getValue());
+ }
+ me.close();
+ },
+
+ items: [
+ {
+ xtype: 'box',
+ padding: '0 0 10 0',
+ html: Ext.String.format(
+ gettext('Are you sure you want to remove this {0} entry?'),
+ 'TFA',
+ ),
+ },
+ {
+ xtype: 'container',
+ layout: {
+ type: 'hbox',
+ align: 'begin',
+ },
+ defaults: {
+ border: false,
+ layout: 'anchor',
+ flex: 1,
+ padding: 5,
+ },
+ items: [
+ {
+ xtype: 'container',
+ layout: {
+ type: 'vbox',
+ },
+ padding: '0 10 0 0',
+ items: [
+ {
+ xtype: 'displayfield',
+ fieldLabel: gettext('User'),
+ cbind: {
+ value: '{userid}',
+ },
+ },
+ {
+ xtype: 'displayfield',
+ fieldLabel: gettext('Type'),
+ cbind: {
+ value: '{type}',
+ },
+ },
+ ],
+ },
+ {
+ xtype: 'container',
+ layout: {
+ type: 'vbox',
+ },
+ padding: '0 0 0 10',
+ items: [
+ {
+ xtype: 'displayfield',
+ fieldLabel: gettext('Created'),
+ renderer: v => Proxmox.Utils.render_timestamp(v),
+ cbind: {
+ value: '{created}',
+ },
+ },
+ {
+ xtype: 'textfield',
+ fieldLabel: gettext('Description'),
+ cbind: {
+ value: '{description}',
+ },
+ emptyText: Proxmox.Utils.NoneText,
+ submitValue: false,
+ editable: false,
+ },
+ ],
+ },
+ ],
+ },
+ {
+ xtype: 'textfield',
+ inputType: 'password',
+ fieldLabel: gettext('Password'),
+ minLength: 5,
+ reference: 'password',
+ name: 'password',
+ allowBlank: false,
+ validateBlank: true,
+ padding: '10 0 0 0',
+ cbind: {
+ emptyText: () =>
+ Ext.String.format(gettext("Confirm your ({0}) password"), Proxmox.UserName),
+ },
+ },
+ ],
+});
--
2.30.2
next prev parent reply other threads:[~2021-11-09 11:28 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 11:26 [pve-devel] [PATCH multiple 0/9] PBS-like TFA support in PVE Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 1/6] import basic skeleton Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 2/6] import pve-rs Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 3/6] move apt to /perl-apt, use PERLMOD_PRODUCT env var Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 4/6] pve: add tfa api Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 5/6] build fix: pmg-rs is not here yet Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH proxmox-perl-rs 6/6] Add some dev tips to a README Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 01/10] use rust parser for TFA config Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 02/10] update read_user_tfa_type call Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 03/10] use PBS-like auth api call flow Wolfgang Bumiller
2021-11-09 11:26 ` [pve-devel] [PATCH access-control 04/10] handle yubico authentication in new path Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 05/10] move TFA api path into its own module Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 06/10] add pbs-style TFA API implementation Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 07/10] support registering yubico otp keys Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 08/10] update tfa cleanup when deleting users Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 09/10] pveum: update tfa delete command Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH access-control 10/10] set/remove 'x' for tfa keys in user.cfg in new api Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH cluster] add webauthn configuration to datacenter.cfg Wolfgang Bumiller
2021-11-10 10:12 ` [pve-devel] applied: " Thomas Lamprecht
2021-11-09 11:27 ` [pve-devel] [PATCH common] Ticket: uri-escape colons Wolfgang Bumiller
2021-11-09 12:26 ` [pve-devel] applied: " Thomas Lamprecht
2021-11-09 11:27 ` [pve-devel] [PATCH manager 1/7] www: use render_u2f_error from wtk Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 2/7] www: use UserSelector " Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 3/7] use u2f-api.js and qrcode.min.js " Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 4/7] www: switch to new tfa login format Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 5/7] www: use af-address-book-o for realms Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 6/7] www: add TFA view to config Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH manager 7/7] www: redirect user TFA button to TFA view Wolfgang Bumiller
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 1/7] add pmxUserSelector Wolfgang Bumiller
2021-11-10 8:29 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 2/7] add Utils used for u2f and webauthn Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 3/7] add u2f-api.js and qrcode.min.js Wolfgang Bumiller
2021-11-10 8:31 ` Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 4/7] add Proxmox.window.TfaLoginWindow Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 5/7] add totp, wa and recovery creation and tfa edit windows Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-09 11:27 ` Wolfgang Bumiller [this message]
2021-11-10 8:30 ` [pve-devel] applied: [PATCH widget-toolkit 6/7] add Proxmox.panel.TfaView Dominik Csapak
2021-11-09 11:27 ` [pve-devel] [PATCH widget-toolkit 7/7] add yubico otp windows & login support Wolfgang Bumiller
2021-11-10 8:30 ` [pve-devel] applied: " Dominik Csapak
2021-11-11 15:52 ` [pve-devel] applied-series: [PATCH multiple 0/9] PBS-like TFA support in PVE Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211109112721.130935-32-w.bumiller@proxmox.com \
--to=w.bumiller@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox