liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: handle disabled auth strategies

Browse Source
This commit is contained in:
NGPixel 2020-09-05 18:33:15 -04:00
parent 715364de1d
commit 8490fc1267
7 changed files with 113 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
client/components/admin/admin-auth.vue
View File

@ -77,64 +77,80 @@
.admin-providerlogo .admin-providerlogo
img(:src='strategy.strategy.logo', :alt='strategy.strategy.title') img(:src='strategy.strategy.logo', :alt='strategy.strategy.title')
v-card-text v-card-text
.overline.mb-5 {{$t('admin:auth.strategyConfiguration')}} .row
v-text-field.mb-3( .col-8
outlined v-text-field(
label='Display Name' outlined
v-model='strategy.displayName' :label='$t(`admin:auth.displayName`)'
prepend-icon='mdi-format-title' v-model='strategy.displayName'
hint='The title shown to the end user for this authentication strategy.' prepend-icon='mdi-format-title'
persistent-hint :hint='$t(`admin:auth.displayNameHint`)'
) persistent-hint
template(v-for='cfg in strategy.config') )
v-select.mb-3( .col-4
v-if='cfg.value.type === "string" && cfg.value.enum' v-switch.mt-1(
outlined :label='$t(`admin:auth.strategyIsEnabled`)'
:items='cfg.value.enum' v-model='strategy.isEnabled'
:key='cfg.key' color='primary'
:label='cfg.value.title' prepend-icon='mdi-power'
v-model='cfg.value.value' :hint='$t(`admin:auth.strategyIsEnabledHint`)'
prepend-icon='mdi-cog-box' persistent-hint
:hint='cfg.value.hint ? cfg.value.hint : ""' inset
persistent-hint :disabled='strategy.key === `local`'
:class='cfg.value.hint ? "mb-2" : ""' )
:style='cfg.value.maxWidth > 0 ? `max-width:` + cfg.value.maxWidth + `px;` : ``' template(v-if='strategy.config && Object.keys(strategy.config).length > 0')
) v-divider
v-switch.mb-6( .overline.my-5 {{$t('admin:auth.strategyConfiguration')}}
v-else-if='cfg.value.type === "boolean"' .pr-3
:key='cfg.key' template(v-for='cfg in strategy.config')
:label='cfg.value.title' v-select.mb-3(
v-model='cfg.value.value' v-if='cfg.value.type === "string" && cfg.value.enum'
color='primary' outlined
prepend-icon='mdi-cog-box' :items='cfg.value.enum'
:hint='cfg.value.hint ? cfg.value.hint : ""' :key='cfg.key'
persistent-hint :label='cfg.value.title'
inset v-model='cfg.value.value'
) prepend-icon='mdi-cog-box'
v-textarea.mb-3( :hint='cfg.value.hint ? cfg.value.hint : ""'
v-else-if='cfg.value.type === "string" && cfg.value.multiline' persistent-hint
outlined :class='cfg.value.hint ? "mb-2" : ""'
:key='cfg.key' :style='cfg.value.maxWidth > 0 ? `max-width:` + cfg.value.maxWidth + `px;` : ``'
:label='cfg.value.title' )
v-model='cfg.value.value' v-switch.mb-6(
prepend-icon='mdi-cog-box' v-else-if='cfg.value.type === "boolean"'
:hint='cfg.value.hint ? cfg.value.hint : ""' :key='cfg.key'
persistent-hint :label='cfg.value.title'
:class='cfg.value.hint ? "mb-2" : ""' v-model='cfg.value.value'
) color='primary'
v-text-field.mb-3( prepend-icon='mdi-cog-box'
v-else :hint='cfg.value.hint ? cfg.value.hint : ""'
outlined persistent-hint
:key='cfg.key' inset
:label='cfg.value.title' )
v-model='cfg.value.value' v-textarea.mb-3(
prepend-icon='mdi-cog-box' v-else-if='cfg.value.type === "string" && cfg.value.multiline'
:hint='cfg.value.hint ? cfg.value.hint : ""' outlined
persistent-hint :key='cfg.key'
:class='cfg.value.hint ? "mb-2" : ""' :label='cfg.value.title'
:style='cfg.value.maxWidth > 0 ? `max-width:` + cfg.value.maxWidth + `px;` : ``' v-model='cfg.value.value'
) prepend-icon='mdi-cog-box'
v-divider.mt-3 :hint='cfg.value.hint ? cfg.value.hint : ""'
persistent-hint
:class='cfg.value.hint ? "mb-2" : ""'
)
v-text-field.mb-3(
v-else
outlined
:key='cfg.key'
:label='cfg.value.title'
v-model='cfg.value.value'
prepend-icon='mdi-cog-box'
:hint='cfg.value.hint ? cfg.value.hint : ""'
persistent-hint
:class='cfg.value.hint ? "mb-2" : ""'
:style='cfg.value.maxWidth > 0 ? `max-width:` + cfg.value.maxWidth + `px;` : ``'
)
v-divider
.overline.my-5 {{$t('admin:auth.registration')}} .overline.my-5 {{$t('admin:auth.registration')}}
.pr-3 .pr-3
v-switch.ml-3( v-switch.ml-3(
@ -145,7 +161,7 @@
persistent-hint persistent-hint
inset inset
) )
v-combobox.ml-3.mt-3( v-combobox.ml-3.mt-5(
:label='$t(`admin:auth.domainsWhitelist`)' :label='$t(`admin:auth.domainsWhitelist`)'
v-model='strategy.domainWhitelist' v-model='strategy.domainWhitelist'
prepend-icon='mdi-email-check-outline' prepend-icon='mdi-email-check-outline'
@ -272,6 +288,7 @@ export default {
} }
})), })),
order: this.activeStrategies.length, order: this.activeStrategies.length,
isEnabled: true,
displayName: str.title, displayName: str.title,
selfRegistration: false, selfRegistration: false,
domainWhitelist: [], domainWhitelist: [],
@ -309,6 +326,7 @@ export default {
strategyKey: str.strategy.key, strategyKey: str.strategy.key,
displayName: str.displayName, displayName: str.displayName,
order: str.order, order: str.order,
isEnabled: str.isEnabled,
config: str.config.map(cfg => ({...cfg, value: JSON.stringify({ v: cfg.value.value })})), config: str.config.map(cfg => ({...cfg, value: JSON.stringify({ v: cfg.value.value })})),
selfRegistration: str.selfRegistration, selfRegistration: str.selfRegistration,
domainWhitelist: str.domainWhitelist, domainWhitelist: str.domainWhitelist,
@ -384,6 +402,7 @@ export default {
value value
} }
order order
isEnabled
displayName displayName
selfRegistration selfRegistration
domainWhitelist domainWhitelist

2
client/components/login.vue
View File

@ -661,7 +661,7 @@ export default {
query: gql` query: gql`
{ {
authentication { authentication {
activeStrategies { activeStrategies(enabledOnly: true) {
key key
strategy { strategy {
key key

10
server/db/migrations/2.5.1.js
View File

@ -1,9 +1,15 @@
exports.up = async knex => { exports.up = async knex => {
await knex('authentication').where('isEnabled', false).del() // Check for users using disabled strategies
const disabledStrategies = await knex('authentication').where('isEnabled', false)
const incompatibleUsers = await knex('users').distinct('providerKey').whereIn('providerKey', disabledStrategies.map(s => s.key))
const protectedStrategies = (incompatibleUsers && incompatibleUsers.length > 0) ? incompatibleUsers.map(u => u.providerKey) : []
// Delete disabled strategies
await knex('authentication').whereNotIn('key', protectedStrategies).andWhere('isEnabled', false).del()
// Update table schema
await knex.schema await knex.schema
.alterTable('authentication', table => { .alterTable('authentication', table => {
table.dropColumn('isEnabled')
table.integer('order').unsigned().notNullable().defaultTo(0) table.integer('order').unsigned().notNullable().defaultTo(0)
table.string('strategyKey').notNullable().defaultTo('') table.string('strategyKey').notNullable().defaultTo('')
table.string('displayName').notNullable().defaultTo('') table.string('displayName').notNullable().defaultTo('')

14
server/db/migrations/2.5.108.js Normal file
View File

@ -0,0 +1,14 @@
const has = require('lodash/has')
exports.up = async knex => {
// -> Fix 2.5.1 added isEnabled columns for beta users
const localStrategy = await knex('authentication').where('key', 'local')
if (!has(localStrategy, 'isEnabled')) {
await knex.schema
.alterTable('authentication', table => {
table.boolean('isEnabled').notNullable().defaultTo(true)
})
}
}
exports.down = knex => { }

10
server/graph/resolvers/authentication.js
View File

@ -70,7 +70,7 @@ module.exports = {
}, []), 'key') }, []), 'key')
} }
}) })
return strategies return args.enabledOnly ? _.filter(strategies, 'isEnabled') : strategies
} }
}, },
AuthenticationMutation: { AuthenticationMutation: {
@ -199,18 +199,12 @@ module.exports = {
*/ */
async updateStrategies (obj, args, context) { async updateStrategies (obj, args, context) {
try { try {
// WIKI.config.auth = {
// audience: _.get(args, 'config.audience', WIKI.config.auth.audience),
// tokenExpiration: _.get(args, 'config.tokenExpiration', WIKI.config.auth.tokenExpiration),
// tokenRenewal: _.get(args, 'config.tokenRenewal', WIKI.config.auth.tokenRenewal)
// }
// await WIKI.configSvc.saveToDb(['auth'])
const previousStrategies = await WIKI.models.authentication.getStrategies() const previousStrategies = await WIKI.models.authentication.getStrategies()
for (const str of args.strategies) { for (const str of args.strategies) {
const newStr = { const newStr = {
displayName: str.displayName, displayName: str.displayName,
order: str.order, order: str.order,
isEnabled: str.isEnabled,
config: _.reduce(str.config, (result, value, key) => { config: _.reduce(str.config, (result, value, key) => {
_.set(result, `${value.key}`, _.get(JSON.parse(value.value), 'v', null)) _.set(result, `${value.key}`, _.get(JSON.parse(value.value), 'v', null))
return result return result

7
server/graph/schemas/authentication.graphql
View File

@ -20,7 +20,10 @@ type AuthenticationQuery {
apiState: Boolean! @auth(requires: ["manage:system", "manage:api"]) apiState: Boolean! @auth(requires: ["manage:system", "manage:api"])
strategies: [AuthenticationStrategy] @auth(requires: ["manage:system"]) strategies: [AuthenticationStrategy] @auth(requires: ["manage:system"])
activeStrategies: [AuthenticationActiveStrategy]
activeStrategies(
enabledOnly: Boolean
): [AuthenticationActiveStrategy]
} }
# ----------------------------------------------- # -----------------------------------------------
@ -102,6 +105,7 @@ type AuthenticationActiveStrategy {
strategy: AuthenticationStrategy! strategy: AuthenticationStrategy!
displayName: String! displayName: String!
order: Int! order: Int!
isEnabled: Boolean!
config: [KeyValuePair] @auth(requires: ["manage:system"]) config: [KeyValuePair] @auth(requires: ["manage:system"])
selfRegistration: Boolean! selfRegistration: Boolean!
domainWhitelist: [String]! @auth(requires: ["manage:system"]) domainWhitelist: [String]! @auth(requires: ["manage:system"])
@ -130,6 +134,7 @@ input AuthenticationStrategyInput {
config: [KeyValuePairInput] config: [KeyValuePairInput]
displayName: String! displayName: String!
order: Int! order: Int!
isEnabled: Boolean!
selfRegistration: Boolean! selfRegistration: Boolean!
domainWhitelist: [String]! domainWhitelist: [String]!
autoEnrollGroups: [Int]! autoEnrollGroups: [Int]!

4
server/models/users.js
View File

@ -277,6 +277,10 @@ module.exports = class User extends Model {
static async login (opts, context) { static async login (opts, context) {
if (_.has(WIKI.auth.strategies, opts.strategy)) { if (_.has(WIKI.auth.strategies, opts.strategy)) {
const selStrategy = _.get(WIKI.auth.strategies, opts.strategy) const selStrategy = _.get(WIKI.auth.strategies, opts.strategy)
if (!selStrategy.isEnabled) {
throw new WIKI.Error.AuthProviderInvalid()
}
const strInfo = _.find(WIKI.data.authentication, ['key', selStrategy.strategyKey]) const strInfo = _.find(WIKI.data.authentication, ['key', selStrategy.strategyKey])
// Inject form user/pass // Inject form user/pass