John Cowen 2b8273bc6e
ui: Support for SSO with Admin Partitions (#11604)
* Upgrade AuthForm and document current state a little better
* Hoist SSO out of the AuthForm
* Bare minimum admin partitioned SSO

also:

ui: Tabbed Login with Token or SSO interface (#11619)

- I upgraded our super old, almost the first ember component I wrote, to use glimmer/almost template only. This should use slots/contextual components somehow, but thats a bigger upgrade so I didn't go that far.
- I've been wanting to upgrade the shape of our StateChart component for a very long while now, here its very apparent that it would be much better to do this sooner rather than later. I left it as is for now, but there will be a PR coming soon with a slight reshaping of this component.
- Added a did-upsert modifier which is a mix of did-insert/did-update
- Documentation added/amended for all the new things.
2021-11-24 14:53:12 +00:00

164 lines
4.9 KiB
Handlebars

<StateChart
@src={{this.chart}}
as |State Guard ChartAction dispatch state|>
{{#let
(hash
State=State
Guard=Guard
Action=ChartAction
dispatch=dispatch
state=state
)
as |chart|}}
{{#let
(hash
reset=(action dispatch "RESET")
focus=this.focus
disabled=(state-matches state "loading")
error=(queue
(action dispatch "ERROR")
(action (mut this.error) value="error.errors.firstObject")
)
submit=(queue
(action (mut this.value))
(action dispatch "SUBMIT")
)
)
as |exported|}}
<Guard
@name="hasValue"
@cond={{this.hasValue}}
/>
{{!TODO: Call this reset or similar }}
<chart.Action
@name="clearError"
@exec={{queue (action (mut this.error) undefined) (action (mut this.secret) undefined)}}
/>
<div
class="auth-form"
...attributes
>
<StateChart
@src={{this.tabsChart}}
as |TabState IgnoredGuard IgnoredAction tabDispatch tabState|>
{{#if (can 'use SSO')}}
<TabNav
@items={{array
(hash
label='Token'
selected=(state-matches tabState 'token')
)
(hash
label='SSO'
selected=(state-matches tabState 'sso')
)
}}
@onclick={{queue (action tabDispatch) (action dispatch "RESET")}}
/>
{{/if}}
<State @matches="error">
{{#if this.error.status}}
<Notice
@type="error"
role="alert"
as |notice|>
<notice.Body>
<p>
{{#if this.value.Name}}
{{#if (eq this.error.status '403')}}
<strong>Consul login failed</strong><br />
We received a token from your OIDC provider but could not log in to Consul with it.
{{else if (eq this.error.status '401')}}
<strong>Could not log in to provider</strong><br />
The OIDC provider has rejected this access token. Please have an administrator check your auth method configuration.
{{else if (eq this.error.status '499')}}
<strong>SSO log in window closed</strong><br />
The OIDC provider window was closed. Please try again.
{{else}}
<strong>Error</strong><br />
{{this.error.detail}}
{{/if}}
{{else}}
{{#if (eq this.error.status '403')}}
<strong>Invalid token</strong><br />
The token entered does not exist. Please enter a valid token to log in.
{{else if (eq this.error.status '404')}}
<strong>No providers</strong><br />
No SSO providers are configured for that Admin Partition.
{{else}}
<strong>Error</strong><br />
{{this.error.detail}}
{{/if}}
{{/if}}
</p>
</notice.Body>
</Notice>
{{/if}}
</State>
<TabState @matches="token">
<form
onsubmit={{action dispatch "SUBMIT"}}
>
<fieldset>
<label
class={{concat "type-password" (if (and (state-matches state 'error') (not this.error.status)) ' has-error')}}
>
<span>Log in with a token</span>
{{! Blink/Webkit based seem to leak password inputs }}
{{! this will only occur during acceptance testing so }}
{{! turn them into text inputs during acceptance testing }}
<input
{{did-insert (set this 'input')}}
disabled={{state-matches state "loading"}}
type={{if (eq (env 'environment') 'testing') 'text' 'password'}}
name="auth[SecretID]"
placeholder="SecretID"
value={{this.secret}}
oninput={{queue
(action (mut this.secret) value="target.value")
(action (mut this.value) value="target.value")
(action dispatch "TYPING")
}}
/>
<State @matches="error">
{{#if (not this.error.status)}}
<strong role="alert">
Please enter your secret
</strong>
{{/if}}
</State>
</label>
</fieldset>
<Action
@type="submit"
disabled={{state-matches state "loading"}}
>
Log in
</Action>
</form>
</TabState>
{{yield (assign exported (hash Method=TabState))}}
<em>
Contact your administrator for login credentials.
</em>
</StateChart>
</div>
<State @matches="loading">
<TokenSource
@dc={{@dc}}
@nspace={{or this.value.Namespace @nspace}}
@partition={{or this.value.Partition @partition}}
@type={{if this.value.Name 'oidc' 'secret'}}
@value={{if this.value.Name this.value.Name this.value}}
@onchange={{queue (action dispatch "RESET") @onsubmit}}
@onerror={{queue (action (mut this.error) value="error.errors.firstObject") (action dispatch "ERROR")}}
/>
</State>
{{/let}}
{{/let}}
</StateChart>