re-add oidc

adminui/frontend/src/api/auth.ts

@@ -15,9 +15,7 @@ export function apiRefreshAuth(): Promise<AuthLoginResponseDTO> {
   return client.post('/api/refresh').then(res => res.data)
 }
 
-// export function changeTemporaryPassword(body: AuthChangePasswordRequestDTO): Promise<string> {
-//   return client.post('/change_password', body).then(res => res.data)
-// }
+
 
 export function logout() {
   return client.get('/api/logout')

adminui/frontend/src/api/config.ts

@@ -0,0 +1,7 @@
+import type { ConfigResponseDTO } from './types'
+
+import { client } from '.'
+
+export function getConfig(): Promise<ConfigResponseDTO> {
+  return client.get('/api/config').then(res => res.data)
+}

adminui/frontend/src/api/index.ts

@@ -20,3 +20,4 @@ export * from './account'
 export * from './server_info'
 export * from './settings'
 export * from './diagnostics'
+export * from './config'

adminui/frontend/src/api/types.ts

@@ -257,3 +257,8 @@ export interface TestNotificationsRequestDTO {
 export interface AcknowledgeErrorResponseDTO {
   error_id: string
 }
+
+export interface ConfigResponseDTO {
+  sso: boolean
+  password: boolean
+}

adminui/frontend/src/pages/Login.vue

@@ -3,6 +3,7 @@ import { ref, watch, computed } from 'vue'
 import { storeToRefs } from 'pinia'
 import { useRouter } from 'vue-router'
 import { useToast } from 'vue-toastification'
+import PageLoading from '@/components/PageLoading.vue'
 
 import HrOr from '@/components/HrOr.vue'
 
@@ -12,14 +13,18 @@ import { useAuthStore } from '@/stores/auth'
 
 import { Icons } from '@/util/icons'
 
-import { changePassword } from '@/api'
+import { changePassword, getConfig } from '@/api'
+import { useApi } from '@/composables/useApi'
 
 const authStore = useAuthStore()
 const router = useRouter()
 const toast = useToast()
 
 const { hasCompletedAuth, loginError, isLoginLoading, loggedInUser } = storeToRefs(authStore)
 
+const { data: config, isLoading: isConfigLoading } = useApi(() => getConfig())
+
+
 enum ActiveScreens {
   FirstStep,
   PasswordChange,
@@ -59,7 +64,7 @@ async function doCredentialLogin(event: Event) {
   authStore.login(username.value, password.value)
 }
 
-async function startOIDCLogin() {
+async function oidcLogin() {
   window.location.href = '/login/oidc'
 }
 
@@ -110,14 +115,15 @@ async function doPasswordChange(event: Event) {
 
 <template>
   <main class="z-10 flex min-h-screen items-center justify-center self-center bg-neutral">
-    <div class="card w-96 bg-base-100 shadow-xl">
+    <PageLoading v-if="isConfigLoading" />
+    <div v-else class="card w-96 bg-base-100 shadow-xl">
       <div class="card-body">
         <div class="card-title justify-center">
           <h2>{{ cardTitle }}</h2>
         </div>
 
         <div v-if="activeScreen == ActiveScreens.FirstStep">
-          <form @submit="doCredentialLogin">
+          <form @submit="doCredentialLogin" v-if="config?.password">
             <div v-if="loginError != null" class="my-2 text-center text-red-500">
               <p>{{ loginError }}</p>
             </div>
@@ -141,10 +147,10 @@ async function doPasswordChange(event: Event) {
             </div>
           </form>
 
-          <HrOr class="my-4" v-if="true" />
+          <HrOr class="my-4" v-if="config?.password && config?.sso" />
 
-          <div class="form-control" v-if="true">
-            <button class="btn btn-primary" @click="startOIDCLogin" :disabled="isLoginLoading">Login with SSO</button>
+          <div class="form-control" v-if="config?.sso">
+            <button class="btn btn-primary" @click="oidcLogin" :disabled="isLoginLoading">Login with SSO</button>
           </div>
         </div>
 

adminui/frontend/vite.config.ts

@@ -23,7 +23,16 @@ export default defineConfig({
         headers: {
           origin: process.env.DEV_API_URL
         }
-      }
+      },
+      '/login':{
+        target: process.env.DEV_API_URL,
+        changeOrigin: true,
+        secure: false,      
+        ws: true,
+        headers: {
+          origin: process.env.DEV_API_URL
+        }
+      },
     }
   }
 })

adminui/structs.go

@@ -194,3 +194,8 @@ type NodeControlRequestDTO struct {
 	Node   string `json:"node"`
 	Action string `json:"actions"`
 }
+
+type ConfigResponseDTO struct {
+	SSO      bool `json:"sso"`
+	Password bool `json:"password"`
+}

adminui/ui_webserver.go

@@ -191,18 +191,18 @@ func New(firewall *router.Firewall, errs chan<- error) (ui *AdminUI, err error)
 		allRoutes.HandleFunc("GET /assets/", frontend.Assets)
 
 		allRoutes.HandleFunc("POST /api/login", adminUI.doLogin)
+		allRoutes.HandleFunc("GET /api/config", adminUI.uiConfig)
 		allRoutes.HandleFunc("POST /api/refresh", adminUI.doAuthRefresh)
 
 		if config.Values.ManagementUI.OIDC.Enabled {
-
-			allRoutes.HandleFunc("/login/oidc", func(w http.ResponseWriter, r *http.Request) {
+			allRoutes.HandleFunc("GET /login/oidc", func(w http.ResponseWriter, r *http.Request) {
 				rp.AuthURLHandler(func() string {
 					r, _ := utils.GenerateRandomHex(32)
 					return r
 				}, adminUI.oidcProvider)(w, r)
 			})
 
-			allRoutes.HandleFunc("/login/oidc/callback", adminUI.oidcCallback)
+			allRoutes.HandleFunc("GET /login/oidc/callback", adminUI.oidcCallback)
 		}
 
 		allRoutes.Handle("/api/", adminUI.sessionManager.AuthorisationChecks(protectedRoutes,
@@ -336,6 +336,15 @@ func New(firewall *router.Firewall, errs chan<- error) (ui *AdminUI, err error)
 	return &adminUI, nil
 }
 
+func (au *AdminUI) uiConfig(w http.ResponseWriter, r *http.Request) {
+	m := ConfigResponseDTO{
+		SSO:      config.Values.ManagementUI.OIDC.Enabled,
+		Password: *config.Values.ManagementUI.Password.Enabled,
+	}
+
+	json.NewEncoder(w).Encode(m)
+}
+
 func (au *AdminUI) doAuthRefresh(w http.ResponseWriter, r *http.Request) {
 	sessId, user := au.sessionManager.GetSessionFromRequest(r)
 	if user == nil {
@@ -454,7 +463,7 @@ func (au *AdminUI) oidcCallback(w http.ResponseWriter, r *http.Request) {
 		data.SetLastLoginInformation(info.Subject, r.RemoteAddr)
 
 		au.sessionManager.StartSession(w, r, adminLogin, nil)
-		http.Redirect(w, r, "/dashboard", http.StatusTemporaryRedirect)
+		http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
 	}
 
 	rp.CodeExchangeHandler(rp.UserinfoCallback(marshalUserinfo), au.oidcProvider)(w, r)

docker-test-config.json

@@ -16,7 +16,17 @@
     "ManagementUI": {
         "ListenAddress": "127.0.0.1:4433",
         "Enabled": true,
-        "Debug": false
+        "Debug": false,
+        "Password": {
+            "Enabled": true
+        },
+        "OIDC": {
+            "AdminDomainURL": "",
+			"IssuerURL": "",
+			"ClientSecret": "",
+			"ClientID": "",
+			"Enabled": false
+        }
     },
     "Webserver": {
         "Public": {

go.mod

@@ -6,7 +6,7 @@ toolchain go1.23.2
 
 require (
 	github.com/NHAS/autoetcdtls v0.0.0-20240225231227-9d5906c5b4f2
-	github.com/NHAS/session v0.0.0-20241105193613-908b3caea1a4
+	github.com/NHAS/session v0.0.0-20241124222245-5e27e2e39187
 	github.com/NHAS/webauthn v0.0.0-20240606085832-ea3172ef4dfa
 	github.com/boombuler/barcode v1.0.2
 	github.com/coreos/go-iptables v0.8.0

go.sum

@@ -16,6 +16,8 @@ github.com/NHAS/session v0.0.0-20240328005943-54860ccd92f8 h1:mwOpQmLJtp8BMAT6Ht
 github.com/NHAS/session v0.0.0-20240328005943-54860ccd92f8/go.mod h1:RrYUQgrmfMmXblxB8uWEWhmTKk24PT/VoMsyQ5PD580=
 github.com/NHAS/session v0.0.0-20241105193613-908b3caea1a4 h1:WHwVINwVexLI2K7A2JhgPHHNrJeOquOEEnf7ixvdjPc=
 github.com/NHAS/session v0.0.0-20241105193613-908b3caea1a4/go.mod h1:RrYUQgrmfMmXblxB8uWEWhmTKk24PT/VoMsyQ5PD580=
+github.com/NHAS/session v0.0.0-20241124222245-5e27e2e39187 h1:7Dytx10eY9QVpHCd+MWDEigMAu4VOHgglq3bxucB5hM=
+github.com/NHAS/session v0.0.0-20241124222245-5e27e2e39187/go.mod h1:RrYUQgrmfMmXblxB8uWEWhmTKk24PT/VoMsyQ5PD580=
 github.com/NHAS/webauthn v0.0.0-20240606085832-ea3172ef4dfa h1:z8Lo9+R9h4ZF5qvq2NTrWGVjL8gE92cPUv9J4i4yYKg=
 github.com/NHAS/webauthn v0.0.0-20240606085832-ea3172ef4dfa/go.mod h1:WfTnekCrJZ8MTDSlOeFACJTeGFvQnLInNzbZLRpoqTU=
 github.com/NHAS/wireguard-go v0.0.0-20241018020717-74ab25b11058 h1:QEUGPjvBqKm53fFaOF+e+thevcleTTGmkYoDPBYnZtE=