Implements Haufe-Lexware/wicked.haufe.io#171

- Allow setting API association to Auth Method from Auth Server page.

Author: DonMartin76

public/js/authserver.js

@@ -81,6 +81,16 @@ Vue.component('auth-method', {
             this.newAdfsGroup = '';
             this.newWickedGroup = '';
             this.$set(this.value.config.defaultGroups, adfsGroup, wickedGroup);
+        },
+        selectAllApis: function () {
+            for (let apiId in this.value.apis) {
+                this.$set(this.value.apis, apiId, true);
+            }
+        },
+        deselectAllApis: function () {
+            for (let apiId in this.value.apis) {
+                this.$set(this.value.apis, apiId, false);
+            }
         }
     },
     template:
@@ -197,6 +207,16 @@ Vue.component('auth-method', {
         <div v-else>
             <p><i>Unknown auth method type. To change this, please edit the JSON file directly.</i></p>
         </div>
+
+        <br>
+
+        <wicked-panel :open=false 
+            type="success" 
+            title="Supported APIs">
+            <button v-on:click="selectAllApis" class="btn btn-sm btn-primary">Select all</button>
+            <button v-on:click="deselectAllApis" class="btn btn-sm btn-default">Deselect all</button>
+            <wicked-checkbox v-for="(v, apiId) in value.apis" v-model="value.apis[apiId]" :label="apiId" />
+        </wicked-panel>
     </wicked-panel>
     `
 });
@@ -223,7 +243,8 @@ Vue.component('add-auth-method', {
                 name: this.authMethodId,
                 friendlyShort: 'Short friendly name',
                 friendlyLong: 'Long friendly name',
-                config: createDefaultConfig(this.selectedType, this.authMethodId)
+                config: createDefaultConfig(this.selectedType, this.authMethodId),
+                apis: JSON.parse(JSON.stringify(injectedData.oauthApis))
             });
         }
     },
@@ -265,30 +286,35 @@ Vue.component('password-validation', {
 });
 
 function createDefaultConfig(authMethodType, authMethodId) {
+    let defaultConfig;
     switch (authMethodType) {
         case 'local':
-            return {
+            defaultConfig = {
                 trustUsers: false,
                 disableSignup: false
             };
+            break;
         case 'external':
-            return {
+            defaultConfig = {
                 validateUserPassUrl: 'http://your-service.default.cluster.local:2000/login',
                 allowRefreshUrl: 'http://your-service.default.cluster.local:2000/refresh'
             };
+            break;
         case 'github':
         case 'google':
-            return {
+            defaultConfig = {
                 clientId: 'your-client-id',
                 clientSecret: 'your-client-secret'
             };
+            break;
         case 'twitter':
-            return {
+            defaultConfig = {
                 consumerKey: 'twitter-consumer-key',
                 consumerSecret: 'twitter-consumer-secret'
             };
+            break;
         case 'oauth2':
-            return {
+            defaultConfig = {
                 clientId: 'your-client-id',
                 clientSecret: 'your-client-secret',
                 endpoints: {
@@ -303,8 +329,9 @@ function createDefaultConfig(authMethodType, authMethodId) {
                 lastNameField: 'family_name',
                 emailField: 'email'
             };
+            break;
         case 'adfs':
-            return {
+            defaultConfig = {
                 clientId: 'your-client-id',
                 clientSecret: 'your-client-secret',
                 endpoints: {
@@ -322,9 +349,10 @@ function createDefaultConfig(authMethodType, authMethodId) {
                     "DOMAIN\\_Some_Group": "dev"
                 }
             };
+            break;
         case 'saml': {
             const envVarPrefix = '$PORTAL_AUTH_SAML_' + authMethodId.toUpperCase().replace(/-/g, '_') + '_';
-            return {
+            defaultConfig = {
                 trustUsers: true,
                 profile: JSON.stringify({
                     "sub": "{{{your_id}}}",
@@ -350,10 +378,13 @@ function createDefaultConfig(authMethodType, authMethodId) {
                     "allow_unencrypted_assertion": true
                 }, null, 2)
             };
+            break;
         }
         default:
-            return {};
+            defaultConfig = {};
+            break;
     }
+    return defaultConfig;
 }
 
 function displayCallbackUris(uri, authMethodId) {

routes/authservers.js

@@ -18,7 +18,7 @@ router.get('/', function (req, res, next) {
         // If we only have one, redirect there directly
         return res.redirect(`/authservers/${authServerNames[0]}`);
     }
- 
+
     res.render('authservers',
         {
             configPath: req.app.get('config_path'),
@@ -84,7 +84,8 @@ router.get('/:serverId', function (req, res, next) {
     const authId = `${serverId}-auth`;
     authServer.id = authId;
     authServer.config.api.name = authId;
-    
+
+
     let origPlugins = [];
     if (authServer.config && authServer.config.plugins)
         origPlugins = authServer.config.plugins;
@@ -117,6 +118,30 @@ router.get('/:serverId', function (req, res, next) {
         }
     }
 
+    // Mix in api auth methods as well
+    const apis = utils.loadApis(req.app);
+    // console.log(JSON.stringify(apis, null, 2));
+    for (let authMethod of authServer.authMethods) {
+        authMethod.apis = {};
+        for (let api of apis.apis) {
+            if (api.auth !== 'oauth2')
+                continue;
+            const authMethodName = `${serverId}:${authMethod.name}`;
+            if (api.authMethods.indexOf(authMethodName) >= 0)
+                authMethod.apis[api.id] = true;
+            else
+                authMethod.apis[api.id] = false;
+        }
+    }
+
+    // For new auth methods
+    const oauthApis = {};
+    for (let api of apis.apis) {
+        if (api.auth !== 'oauth2')
+            continue;
+        oauthApis[api.id] = false;
+    }
+
     const groups = utils.loadGroups(req.app);
     const passwordStrategies = passwordValidator.getStrategies();
 
@@ -128,7 +153,8 @@ router.get('/:serverId', function (req, res, next) {
         authServer: authServer,
         plugins: plugins,
         groups: groups,
-        passwordStrategies: passwordStrategies
+        passwordStrategies: passwordStrategies,
+        oauthApis: oauthApis
     };
 
     res.render('authserver', viewModel);
@@ -197,11 +223,41 @@ router.post('/:serverId/api', function (req, res, next) {
         if (thisAm.hasOwnProperty('useForPortal'))
             delete thisAm.useForPortal;
     }
+
+    // Now do the same for the APIs; first strip all method IDs from this Auth Server
+    const apis = utils.loadApis(req.app);
+    for (let api of apis.apis) {
+        if (api.auth !== 'oauth2')
+            continue;
+        const strippedList = [];
+        const apiAuthMethods = api.authMethods ? api.authMethods : [];
+        for (let authMethodId of apiAuthMethods) {
+            if (!authMethodId.startsWith(`${serverId}:`))
+                strippedList.push(authMethodId);
+        }
+        api.authMethods = strippedList;
+    }
+    // And then add them back from the auth server JSON (and delete the "apis" object)
+    for (let am of authMethods) {
+        for (let apiId in am.apis) {
+            if (am.apis[apiId]) {
+                const thisApi = apis.apis.find(a => a.id === apiId);
+                if (!thisApi) {
+                    warn(`Could not add auth method ${am.name} to API ${apiId}, API not found.`);
+                }
+                thisApi.authMethods.push(`${serverId}:${am.name}`);
+            }
+        }
+        // Delete the apis object
+        delete am.apis;
+    }
+
     debug(glob);
     debug(JSON.stringify(authServer, null, 2));
 
     utils.saveGlobals(req.app, glob);
     utils.saveAuthServer(req.app, serverId, authServer);
+    utils.saveApis(req.app, apis);
 
     res.status(204).json({ message: 'OK' });
 });

views/authserver.jade

@@ -34,7 +34,8 @@ block afterScripts
             plugins: !{JSON.stringify(plugins)},
             groups: !{JSON.stringify(groups)},
             glob: !{JSON.stringify(glob)},
-            passwordStrategies: !{JSON.stringify(passwordStrategies)}
+            passwordStrategies: !{JSON.stringify(passwordStrategies)},
+            oauthApis: !{JSON.stringify(oauthApis)}
         };
 
     script(src='/js/authserver.js')