liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: new login experience (#2139)

Browse Source 
* feat: multiple auth instances

* fix: auth setup + strategy initialization

* feat: admin auth - add strategy

* feat: redirect on login - group setting

* feat: oauth2 generic - props definitions

* feat: new login UI (wip)

* feat: new login UI (wip)

* feat: admin security login settings

* feat: tabset editor indicators + print view improvements

* fix: code styling
This commit is contained in:
Nicolas Giard
2020-07-03 19:36:33 -04:00
committed by GitHub
parent 1c4829f70f
commit c009cc1392
46 changed files with 1365 additions and 710 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/app/data.yml
View File

@@ -53,6 +53,12 @@ defaults:
theme: 'default'
iconset: 'md'
darkMode: false
auth:
autoLogin: false
loginBgUrl: ''
audience: 'urn:wiki.js'
tokenExpiration: '30m'
tokenRenewal: '14d'
features:
featurePageRatings: true
featurePageComments: true

7
server/core/auth.js
View File

@@ -78,9 +78,8 @@ module.exports = {
const enabledStrategies = await WIKI.models.authentication.getStrategies()
for (let idx in enabledStrategies) {
const stg = enabledStrategies[idx]
if (!stg.isEnabled) { continue }
try {
const strategy = require(`../modules/authentication/${stg.key}/authentication.js`)
const strategy = require(`../modules/authentication/${stg.strategyKey}/authentication.js`)
stg.config.callbackURL = `${WIKI.config.host}/login/${stg.key}/callback`
strategy.init(passport, stg.config)
@@ -90,9 +89,9 @@ module.exports = {
...strategy,
...stg
}
WIKI.logger.info(`Authentication Strategy ${stg.key}: [ OK ]`)
WIKI.logger.info(`Authentication Strategy ${stg.displayName}: [ OK ]`)
} catch (err) {
WIKI.logger.error(`Authentication Strategy ${stg.key}: [ FAILED ]`)
WIKI.logger.error(`Authentication Strategy ${stg.displayName} (${stg.key}): [ FAILED ]`)
WIKI.logger.error(err)
}
}

23
server/db/migrations-sqlite/2.5.1.js Normal file
View File

@@ -0,0 +1,23 @@
exports.up = async knex => {
await knex('authentication').where('isEnabled', false).del()
await knex.schema
.alterTable('authentication', table => {
table.dropColumn('isEnabled')
table.integer('order').unsigned().notNullable().defaultTo(0)
table.string('strategyKey').notNullable().defaultTo('')
table.string('displayName').notNullable().defaultTo('')
})
// Fix pre-2.5 strategies
const strategies = await knex('authentication')
let idx = 1
for (const strategy of strategies) {
await knex('authentication').where('key', strategy.key).update({
strategyKey: strategy.key,
order: (strategy.key === 'local') ? 0 : idx++
})
}
}
exports.down = knex => { }

8
server/db/migrations-sqlite/2.5.12.js Normal file
View File

@@ -0,0 +1,8 @@
exports.up = async knex => {
await knex.schema
.alterTable('groups', table => {
table.string('redirectOnLogin').notNullable().defaultTo('/')
})
}
exports.down = knex => { }

23
server/db/migrations/2.5.1.js Normal file
View File

@@ -0,0 +1,23 @@
exports.up = async knex => {
await knex('authentication').where('isEnabled', false).del()
await knex.schema
.alterTable('authentication', table => {
table.dropColumn('isEnabled')
table.integer('order').unsigned().notNullable().defaultTo(0)
table.string('strategyKey').notNullable().defaultTo('')
table.string('displayName').notNullable().defaultTo('')
})
// Fix pre-2.5 strategies
const strategies = await knex('authentication')
let idx = 1
for (const strategy of strategies) {
await knex('authentication').where('key', strategy.key).update({
strategyKey: strategy.key,
order: (strategy.key === 'local') ? 0 : idx++
})
}
}
exports.down = knex => { }

8
server/db/migrations/2.5.12.js Normal file
View File

@@ -0,0 +1,8 @@
exports.up = async knex => {
await knex.schema
.alterTable('groups', table => {
table.string('redirectOnLogin').notNullable().defaultTo('/')
})
}
exports.down = knex => { }

66
server/graph/resolvers/authentication.js
View File

@@ -34,16 +34,28 @@ module.exports = {
apiState () {
return WIKI.config.api.isEnabled
},
async strategies () {
return WIKI.data.authentication.map(stg => ({
...stg,
isAvailable: stg.isAvailable === true,
props: _.sortBy(_.transform(stg.props, (res, value, key) => {
res.push({
key,
value: JSON.stringify(value)
})
}, []), 'key')
}))
},
/**
* Fetch active authentication strategies
*/
async strategies (obj, args, context, info) {
let strategies = await WIKI.models.authentication.getStrategies(args.isEnabled)
async activeStrategies (obj, args, context, info) {
let strategies = await WIKI.models.authentication.getStrategies()
strategies = strategies.map(stg => {
const strategyInfo = _.find(WIKI.data.authentication, ['key', stg.key]) || {}
const strategyInfo = _.find(WIKI.data.authentication, ['key', stg.strategyKey]) || {}
return {
...strategyInfo,
...stg,
strategy: strategyInfo,
config: _.sortBy(_.transform(stg.config, (res, value, key) => {
const configData = _.get(strategyInfo.props, key, false)
if (configData) {
@@ -174,16 +186,18 @@ module.exports = {
*/
async updateStrategies (obj, args, context) {
try {
WIKI.config.auth = {
audience: _.get(args, 'config.audience', WIKI.config.auth.audience),
tokenExpiration: _.get(args, 'config.tokenExpiration', WIKI.config.auth.tokenExpiration),
tokenRenewal: _.get(args, 'config.tokenRenewal', WIKI.config.auth.tokenRenewal)
}
await WIKI.configSvc.saveToDb(['auth'])
// WIKI.config.auth = {
// audience: _.get(args, 'config.audience', WIKI.config.auth.audience),
// tokenExpiration: _.get(args, 'config.tokenExpiration', WIKI.config.auth.tokenExpiration),
// tokenRenewal: _.get(args, 'config.tokenRenewal', WIKI.config.auth.tokenRenewal)
// }
// await WIKI.configSvc.saveToDb(['auth'])
for (let str of args.strategies) {
await WIKI.models.authentication.query().patch({
isEnabled: str.isEnabled,
const previousStrategies = await WIKI.models.authentication.getStrategies()
for (const str of args.strategies) {
const newStr = {
displayName: str.displayName,
order: str.order,
config: _.reduce(str.config, (result, value, key) => {
_.set(result, `${value.key}`, _.get(JSON.parse(value.value), 'v', null))
return result
@@ -191,8 +205,32 @@ module.exports = {
selfRegistration: str.selfRegistration,
domainWhitelist: { v: str.domainWhitelist },
autoEnrollGroups: { v: str.autoEnrollGroups }
}).where('key', str.key)
}
if (_.some(previousStrategies, ['key', str.key])) {
await WIKI.models.authentication.query().patch({
key: str.key,
strategyKey: str.strategyKey,
...newStr
}).where('key', str.key)
} else {
await WIKI.models.authentication.query().insert({
key: str.key,
strategyKey: str.strategyKey,
...newStr
})
}
}
for (const str of _.differenceBy(previousStrategies, args.strategies, 'key')) {
const hasUsers = await WIKI.models.users.query().count('* as total').where({ providerKey: str.key }).first()
if (_.toSafeInteger(hasUsers.total) > 0) {
throw new Error(`Cannot delete ${str.displayName} as 1 or more users are still using it.`)
} else {
await WIKI.models.authentication.query().delete().where('key', str.key)
}
}
await WIKI.auth.activateStrategies()
WIKI.events.outbound.emit('reloadAuthStrategies')
return {

5
server/graph/resolvers/group.js
View File

@@ -102,8 +102,13 @@ module.exports = {
throw new gql.GraphQLError('Some Page Rules contains unsafe or exponential time regex.')
}
if (_.isEmpty(args.redirectOnLogin)) {
args.redirectOnLogin = '/'
}
await WIKI.models.groups.query().patch({
name: args.name,
redirectOnLogin: args.redirectOnLogin,
permissions: JSON.stringify(args.permissions),
pageRules: JSON.stringify(args.pageRules)
}).where('id', args.id)

27
server/graph/resolvers/page.js
View File

@@ -171,18 +171,18 @@ module.exports = {
* FETCH TAGS
*/
async tags (obj, args, context, info) {
const pages = await WIKI.models.pages.query().column([
'path',
{ locale: 'localeCode' },
])
const pages = await WIKI.models.pages.query()
.column([
'path',
{ locale: 'localeCode' }
])
.withGraphJoined('tags')
const allTags = _.filter(pages, r => {
return WIKI.auth.checkAccess(context.req.user, ['read:pages'], {
path: r.path,
locale: r.locale
})
})
.flatMap(r => r.tags)
}).flatMap(r => r.tags)
return _.orderBy(_.uniqBy(allTags, 'id'), ['tag'], ['asc'])
},
/**
@@ -190,10 +190,11 @@ module.exports = {
*/
async searchTags (obj, args, context, info) {
const query = _.trim(args.query)
const pages = await WIKI.models.pages.query().column([
'path',
{ locale: 'localeCode' },
])
const pages = await WIKI.models.pages.query()
.column([
'path',
{ locale: 'localeCode' }
])
.withGraphJoined('tags')
.modifyGraph('tags', builder => {
builder.select('tag')
@@ -212,9 +213,7 @@ module.exports = {
path: r.path,
locale: r.locale
})
})
.flatMap(r => r.tags)
.map(t => t.tag)
}).flatMap(r => r.tags).map(t => t.tag)
return _.uniq(allTags).slice(0, 5)
},
/**
@@ -271,7 +270,7 @@ module.exports = {
* FETCH PAGE LINKS
*/
async links (obj, args, context, info) {
let results;
let results
if (WIKI.config.db.type === 'mysql' || WIKI.config.db.type === 'mariadb' || WIKI.config.db.type === 'sqlite') {
results = await WIKI.models.knex('pages')

15
server/graph/resolvers/site.js
View File

@@ -21,6 +21,11 @@ module.exports = {
...WIKI.config.seo,
...WIKI.config.features,
...WIKI.config.security,
authAutoLogin: WIKI.config.auth.autoLogin,
authLoginBgUrl: WIKI.config.auth.loginBgUrl,
authJwtAudience: WIKI.config.auth.audience,
authJwtExpiration: WIKI.config.auth.tokenExpiration,
authJwtRenewablePeriod: WIKI.config.auth.tokenRenewal,
uploadMaxFileSize: WIKI.config.uploads.maxFileSize,
uploadMaxFiles: WIKI.config.uploads.maxFiles
}
@@ -60,6 +65,14 @@ module.exports = {
analyticsId: _.get(args, 'analyticsId', WIKI.config.seo.analyticsId)
}
WIKI.config.auth = {
autoLogin: _.get(args, 'authAutoLogin', WIKI.config.auth.autoLogin),
loginBgUrl: _.get(args, 'authLoginBgUrl', WIKI.config.auth.loginBgUrl),
audience: _.get(args, 'authJwtAudience', WIKI.config.auth.audience),
tokenExpiration: _.get(args, 'authJwtExpiration', WIKI.config.auth.tokenExpiration),
tokenRenewal: _.get(args, 'authJwtRenewablePeriod', WIKI.config.auth.tokenRenewal)
}
WIKI.config.features = {
featurePageRatings: _.get(args, 'featurePageRatings', WIKI.config.features.featurePageRatings),
featurePageComments: _.get(args, 'featurePageComments', WIKI.config.features.featurePageComments),
@@ -83,7 +96,7 @@ module.exports = {
maxFiles: _.get(args, 'uploadMaxFiles', WIKI.config.uploads.maxFiles)
}
await WIKI.configSvc.saveToDb(['host', 'title', 'company', 'contentLicense', 'seo', 'logoUrl', 'features', 'security', 'uploads'])
await WIKI.configSvc.saveToDb(['host', 'title', 'company', 'contentLicense', 'seo', 'logoUrl', 'auth', 'features', 'security', 'uploads'])
if (WIKI.config.security.securityTrustProxy) {
WIKI.app.enable('trust proxy')

26
server/graph/schemas/authentication.graphql
View File

@@ -19,9 +19,8 @@ type AuthenticationQuery {
apiState: Boolean! @auth(requires: ["manage:system", "manage:api"])
strategies(
isEnabled: Boolean
): [AuthenticationStrategy]
strategies: [AuthenticationStrategy] @auth(requires: ["manage:system"])
activeStrategies: [AuthenticationActiveStrategy]
}
# -----------------------------------------------
@@ -68,7 +67,6 @@ type AuthenticationMutation {
updateStrategies(
strategies: [AuthenticationStrategyInput]!
config: AuthenticationConfigInput
): DefaultResponse @auth(requires: ["manage:system"])
regenerateCertificates: DefaultResponse @auth(requires: ["manage:system"])
@@ -81,9 +79,8 @@ type AuthenticationMutation {
# -----------------------------------------------
type AuthenticationStrategy {
isEnabled: Boolean!
key: String!
props: [String]
props: [KeyValuePair] @auth(requires: ["manage:system"])
title: String!
description: String
isAvailable: Boolean
@@ -92,6 +89,13 @@ type AuthenticationStrategy {
color: String
website: String
icon: String
}
type AuthenticationActiveStrategy {
key: String!
strategy: AuthenticationStrategy!
displayName: String!
order: Int!
config: [KeyValuePair] @auth(requires: ["manage:system"])
selfRegistration: Boolean!
domainWhitelist: [String]! @auth(requires: ["manage:system"])
@@ -112,20 +116,16 @@ type AuthenticationRegisterResponse {
}
input AuthenticationStrategyInput {
isEnabled: Boolean!
key: String!
strategyKey: String!
config: [KeyValuePairInput]
displayName: String!
order: Int!
selfRegistration: Boolean!
domainWhitelist: [String]!
autoEnrollGroups: [Int]!
}
input AuthenticationConfigInput {
audience: String!
tokenExpiration: String!
tokenRenewal: String!
}
type AuthenticationApiKey {
id: Int!
name: String!

2
server/graph/schemas/group.graphql
View File

@@ -37,6 +37,7 @@ type GroupMutation {
update(
id: Int!
name: String!
redirectOnLogin: String!
permissions: [String]!
pageRules: [PageRuleInput]!
): DefaultResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
@@ -78,6 +79,7 @@ type Group {
id: Int!
name: String!
isSystem: Boolean!
redirectOnLogin: String
permissions: [String]!
pageRules: [PageRule]
users: [UserMinimal]

10
server/graph/schemas/site.graphql
View File

@@ -33,6 +33,11 @@ type SiteMutation {
company: String
contentLicense: String
logoUrl: String
authAutoLogin: Boolean
authLoginBgUrl: String
authJwtAudience: String
authJwtExpiration: String
authJwtRenewablePeriod: String
featurePageRatings: Boolean
featurePageComments: Boolean
featurePersonalWikis: Boolean
@@ -65,6 +70,11 @@ type SiteConfig {
company: String!
contentLicense: String!
logoUrl: String!
authAutoLogin: Boolean
authLoginBgUrl: String
authJwtAudience: String
authJwtExpiration: String
authJwtRenewablePeriod: String
featurePageRatings: Boolean!
featurePageComments: Boolean!
featurePersonalWikis: Boolean!

73
server/models/authentication.js
View File

@@ -17,11 +17,10 @@ module.exports = class Authentication extends Model {
static get jsonSchema () {
return {
type: 'object',
required: ['key', 'isEnabled'],
required: ['key'],
properties: {
key: {type: 'string'},
isEnabled: {type: 'boolean'},
selfRegistration: {type: 'boolean'}
}
}
@@ -35,8 +34,8 @@ module.exports = class Authentication extends Model {
return WIKI.models.authentication.query().findOne({ key })
}
static async getStrategies(isEnabled) {
const strategies = await WIKI.models.authentication.query().where(_.isBoolean(isEnabled) ? { isEnabled } : {})
static async getStrategies() {
const strategies = await WIKI.models.authentication.query().orderBy('order')
return _.sortBy(strategies.map(str => ({
...str,
domainWhitelist: _.get(str.domainWhitelist, 'v', []),
@@ -45,7 +44,7 @@ module.exports = class Authentication extends Model {
}
static async getStrategiesForLegacyClient() {
const strategies = await WIKI.models.authentication.query().select('key', 'selfRegistration').where({ isEnabled: true })
const strategies = await WIKI.models.authentication.query().select('key', 'selfRegistration')
let formStrategies = []
let socialStrategies = []
@@ -77,64 +76,42 @@ module.exports = class Authentication extends Model {
}
static async refreshStrategiesFromDisk() {
let trx
try {
const dbStrategies = await WIKI.models.authentication.query()
// -> Fetch definitions from disk
const authDirs = await fs.readdir(path.join(WIKI.SERVERPATH, 'modules/authentication'))
let diskStrategies = []
WIKI.data.authentication = []
for (let dir of authDirs) {
const def = await fs.readFile(path.join(WIKI.SERVERPATH, 'modules/authentication', dir, 'definition.yml'), 'utf8')
diskStrategies.push(yaml.safeLoad(def))
const defRaw = await fs.readFile(path.join(WIKI.SERVERPATH, 'modules/authentication', dir, 'definition.yml'), 'utf8')
const def = yaml.safeLoad(defRaw)
WIKI.data.authentication.push({
...def,
props: commonHelper.parseModuleProps(def.props)
})
}
WIKI.data.authentication = diskStrategies.map(strategy => ({
...strategy,
props: commonHelper.parseModuleProps(strategy.props)
}))
let newStrategies = []
for (let strategy of WIKI.data.authentication) {
if (!_.some(dbStrategies, ['key', strategy.key])) {
newStrategies.push({
key: strategy.key,
isEnabled: false,
config: _.transform(strategy.props, (result, value, key) => {
_.set(result, key, value.default)
return result
}, {}),
selfRegistration: false,
domainWhitelist: { v: [] },
autoEnrollGroups: { v: [] }
})
} else {
const strategyConfig = _.get(_.find(dbStrategies, ['key', strategy.key]), 'config', {})
for (const strategy of dbStrategies) {
const strategyDef = _.find(WIKI.data.authentication, ['key', strategy.strategyKey])
strategy.config = _.transform(strategyDef.props, (result, value, key) => {
if (!_.has(result, key)) {
_.set(result, key, value.default)
}
return result
}, strategy.config)
// Fix pre-2.5 strategies displayName
if (!strategy.displayName) {
await WIKI.models.authentication.query().patch({
config: _.transform(strategy.props, (result, value, key) => {
if (!_.has(result, key)) {
_.set(result, key, value.default)
}
return result
}, strategyConfig)
displayName: strategyDef.title
}).where('key', strategy.key)
}
}
if (newStrategies.length > 0) {
trx = await WIKI.models.Objection.transaction.start(WIKI.models.knex)
for (let strategy of newStrategies) {
await WIKI.models.authentication.query(trx).insert(strategy)
}
await trx.commit()
WIKI.logger.info(`Loaded ${newStrategies.length} new authentication strategies: [ OK ]`)
} else {
WIKI.logger.info(`No new authentication strategies found: [ SKIPPED ]`)
}
WIKI.logger.info(`Loaded ${WIKI.data.authentication.length} authentication strategies: [ OK ]`)
} catch (err) {
WIKI.logger.error(`Failed to scan or load new authentication providers: [ FAILED ]`)
WIKI.logger.error(err)
if (trx) {
trx.rollback()
}
}
}
}

2
server/models/groups.js
View File

@@ -14,6 +14,8 @@ module.exports = class Group extends Model {
properties: {
id: {type: 'integer'},
name: {type: 'string'},
isSystem: {type: 'boolean'},
redirectOnLogin: {type: 'string'},
createdAt: {type: 'string'},
updatedAt: {type: 'string'}
}

2
server/modules/authentication/local/definition.yml
View File

@@ -1,5 +1,5 @@
key: local
title: Local
title: Local Database
description: Built-in authentication for Wiki.js
author: requarks.io
logo: https://static.requarks.io/logo/wikijs.svg

53
server/modules/authentication/oauth2/definition.yml
View File

@@ -5,9 +5,54 @@ author: requarks.io
logo: https://static.requarks.io/logo/oauth2.svg
color: grey darken-4
website: https://oauth.net/2/
isAvailable: true
useForm: false
props:
clientId: String
clientSecret: String
authorizationURL: String
tokenURL: String
clientId:
type: String
title: Client ID
hint: Application Client ID
order: 1
clientSecret:
type: String
title: Client Secret
hint: Application Client Secret
order: 2
authorizationURL:
type: String
title: Authorization Endpoint URL
hint: The full URL to the authorization endpoint, used to get an authorization code.
order: 3
tokenURL:
type: String
title: Token Endpoint URL
hint: The full URL to the token endpoint, used to get an access token.
order: 4
mappingUID:
title: Unique ID Field Mapping
type: String
default: 'id'
hint: The field storing the user unique identifier, e.g. "id" or "_id".
maxWidth: 500
order: 20
mappingEmail:
title: Email Field Mapping
type: String
default: 'email'
hint: The field storing the user email, e.g. "email" or "mail".
maxWidth: 500
order: 21
mappingDisplayName:
title: Display Name Field Mapping
type: String
default: 'name'
hint: The field storing the user display name, e.g. "name", "displayName" or "username".
maxWidth: 500
order: 22
mappingPicture:
title: Avatar Picture Field Mapping
type: String
default: 'pictureUrl'
hint: The field storing the user avatar picture, e.g. "pictureUrl" or "avatarUrl".
maxWidth: 500
order: 23

14
server/setup.js
View File

@@ -253,9 +253,17 @@ module.exports = () => {
throw new Error('Incorrect groups auto-increment configuration! Should start at 0 and increment by 1. Contact your database administrator.')
}
// Load authentication strategies + enable local
await WIKI.models.authentication.refreshStrategiesFromDisk()
await WIKI.models.authentication.query().patch({ isEnabled: true }).where('key', 'local')
// Load local authentication strategy
await WIKI.models.authentication.query().insert({
key: 'local',
config: {},
selfRegistration: false,
domainWhitelist: {v: []},
autoEnrollGroups: {v: []},
order: 0,
strategyKey: 'local',
displayName: 'Local'
})
// Load editors + enable default
await WIKI.models.editors.refreshEditorsFromDisk()