From 245e68c5ba1189a1707b49554dd9cd8f4e703a00 Mon Sep 17 00:00:00 2001
From: ToxicMushroom <32853531+ToxicMushroom@users.noreply.github.com>
Date: Fri, 23 Aug 2024 02:47:54 +0200
Subject: [PATCH 1/7] - Form validation - Editable emails - Basic profile
updating
---
server/core/Cargo.toml | 2 +-
server/core/src/https/views/mod.rs | 13 +
server/core/src/https/views/profile.rs | 226 +++++++++++++++++-
server/core/static/external/forms.js | 25 ++
.../static/external/htmx_bs_validation.js | 34 +++
server/core/static/style.css | 1 +
server/core/templates/user_settings.html | 2 +
...ifiable_entry_modifiable_list_partial.html | 7 +
.../profile_changes_partial.html | 89 +++++++
.../user_settings_profile_partial.html | 50 ++--
10 files changed, 429 insertions(+), 20 deletions(-)
create mode 100644 server/core/static/external/forms.js
create mode 100644 server/core/static/external/htmx_bs_validation.js
create mode 100644 server/core/templates/user_settings/form_modifiable_entry_modifiable_list_partial.html
create mode 100644 server/core/templates/user_settings/profile_changes_partial.html
diff --git a/server/core/Cargo.toml b/server/core/Cargo.toml
index 1c753cb44..b7ab2004c 100644
--- a/server/core/Cargo.toml
+++ b/server/core/Cargo.toml
@@ -24,7 +24,7 @@ askama = { workspace = true, features = ["with-axum"] }
askama_axum = { workspace = true }
axum = { workspace = true }
axum-htmx = { workspace = true }
-axum-extra = { version = "0.9.6", features = ["cookie"] }
+axum-extra = { version = "0.9.6", features = ["cookie", "form"] }
axum-macros = "0.4.2"
axum-server = { version = "0.7.1", default-features = false }
bytes = { workspace = true }
diff --git a/server/core/src/https/views/mod.rs b/server/core/src/https/views/mod.rs
index b52546180..ffc74c916 100644
--- a/server/core/src/https/views/mod.rs
+++ b/server/core/src/https/views/mod.rs
@@ -56,6 +56,7 @@ pub fn view_router() -> Router<ServerState> {
.route("/reset", get(reset::view_reset_get))
.route("/update_credentials", get(reset::view_self_reset_get))
.route("/profile", get(profile::view_profile_get))
+ .route("/profile/diff", get(profile::view_profile_get))
.route("/profile/unlock", get(profile::view_profile_unlock_get))
.route("/logout", get(login::view_logout_get))
.route("/oauth2", get(oauth2::view_index_get));
@@ -129,6 +130,18 @@ pub fn view_router() -> Router<ServerState> {
)
.route("/api/cu_cancel", post(reset::cancel_cred_update))
.route("/api/cu_commit", post(reset::commit))
+ .route(
+ "/api/user_settings/add_email",
+ post(profile::view_new_email_entry_partial),
+ )
+ .route(
+ "/api/user_settings/edit_profile",
+ post(profile::view_profile_diff_start_save_post),
+ )
+ .route(
+ "/api/user_settings/confirm_profile",
+ post(profile::view_profile_diff_confirm_save_post),
+ )
.layer(HxRequestGuardLayer::new("/ui"));
let admin_router = admin_router();
diff --git a/server/core/src/https/views/profile.rs b/server/core/src/https/views/profile.rs
index 9d00bbe1c..93e58ea3b 100644
--- a/server/core/src/https/views/profile.rs
+++ b/server/core/src/https/views/profile.rs
@@ -7,6 +7,8 @@ use axum::extract::State;
use axum::response::Response;
use axum::Extension;
use axum_extra::extract::cookie::CookieJar;
+use axum_htmx::{HxPushUrl, HxRequest};
+use futures_util::TryFutureExt;
use kanidm_proto::internal::UserAuthToken;
use super::constants::{ProfileMenuItems, UiMessage, Urls};
@@ -26,9 +28,43 @@ pub(crate) struct ProfileView {
struct ProfilePartialView {
menu_active_item: ProfileMenuItems,
can_rw: bool,
+ attrs: ProfileAttributes,
+ posix_enabled: bool,
+}
+
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub(crate) struct ProfileAttributes {
account_name: String,
display_name: String,
- email: Option<String>,
+ legal_name: String,
+ #[serde(rename = "emails[]")]
+ emails: Vec<String>,
+ primary_email: Option<String>,
+}
+
+#[derive(Template, Clone)]
+#[template(path = "user_settings/profile_changes_partial.html")]
+struct ProfileChangesPartialView {
+ can_rw: bool,
+ attrs: ProfileAttributes,
+ new_attrs: ProfileAttributes
+}
+
+#[derive(Template, Clone)]
+#[template(path = "user_settings/form_modifiable_entry_modifiable_list_partial.html")]
+// Modifiable entry in a modifiable list partial
+pub(crate) struct FormModEntryModListPartial {
+ can_rw: bool,
+ r#type: String,
+ name: String,
+ value: String,
+ invalid_feedback: String,
+}
+
+impl Display for ProfileAttributes {
+ fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
+ write!(f, "{self:?}")
+ }
}
pub(crate) async fn view_profile_get(
@@ -42,6 +78,21 @@ pub(crate) async fn view_profile_get(
.handle_whoami_uat(client_auth_info, kopid.eventid)
.await?;
+ let filter = filter_all!(f_and!([f_eq(
+ Attribute::Uuid,
+ PartialValue::Uuid(uat.uuid)
+ )]));
+ let base: Vec<Entry> = state
+ .qe_r_ref
+ .handle_internalsearch(client_auth_info.clone(), filter, None, kopid.eventid)
+ .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .await?;
+
+ let self_entry = base.first().expect("Self no longer exists");
+ let empty = vec![];
+ let emails = self_entry.attrs.get(ATTR_MAIL).unwrap_or(&empty).clone();
+ let primary_email = emails.first().cloned();
+
let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
let can_rw = uat.purpose_readwrite_active(time);
@@ -52,11 +103,180 @@ pub(crate) async fn view_profile_get(
profile_partial: ProfilePartialView {
menu_active_item: ProfileMenuItems::UserProfile,
can_rw,
+ attrs: ProfileAttributes {
+ account_name: uat.name().to_string(),
+ display_name: uat.displayname.clone(),
+ legal_name: "hardcoded".to_string(),
+ emails,
+ primary_email,
+
+ },
+ })
+}
+
+
+pub(crate) async fn view_profile_diff_start_save_post(
+ State(state): State<ServerState>,
+ Extension(kopid): Extension<KOpId>,
+ VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+ Form(new_attrs): Form<ProfileAttributes>,
+) -> axum::response::Result<Response> {
+ let uat: UserAuthToken = state
+ .qe_r_ref
+ .handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
+ .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .await?;
+
+ let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
+ let can_rw = uat.purpose_readwrite_active(time);
+
+ let filter = filter_all!(f_and!([f_eq(
+ Attribute::Uuid,
+ PartialValue::Uuid(uat.uuid)
+ )]));
+ let base: Vec<Entry> = state
+ .qe_r_ref
+ .handle_internalsearch(client_auth_info.clone(), filter, None, kopid.eventid)
+ .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .await?;
+
+ let self_entry = base.first().expect("Self no longer exists");
+ let empty = vec![];
+ let emails = self_entry.attrs.get(ATTR_MAIL).unwrap_or(&empty).clone();
+ let primary_email = emails.first().cloned();
+
+ let profile_view = ProfileChangesPartialView {
+ can_rw,
+ attrs: ProfileAttributes {
account_name: uat.name().to_string(),
display_name: uat.displayname.clone(),
- email: uat.mail_primary.clone(),
+ legal_name: "hardcoded".to_string(),
+ emails,
+ primary_email,
},
- })
+ new_attrs,
+ posix_enabled: true,
+ };
+
+ Ok((
+ HxPushUrl(Uri::from_static("/ui/profile/diff")),
+ HtmlTemplate(profile_view),
+ )
+ .into_response())
+}
+
+pub(crate) async fn view_profile_diff_confirm_save_post(
+ State(state): State<ServerState>,
+ Extension(kopid): Extension<KOpId>,
+ HxRequest(hx_request): HxRequest,
+ VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+ Form(new_attrs): Form<ProfileAttributes>,
+) -> axum::response::Result<Response> {
+ let uat: UserAuthToken = state
+ .qe_r_ref
+ .handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
+ .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .await?;
+ dbg!(&new_attrs);
+
+ let filter = filter_all!(f_and!([f_id(uat.uuid.to_string().as_str())]));
+
+ state
+ .qe_w_ref
+ .handle_setattribute(
+ client_auth_info.clone(),
+ uat.uuid.to_string(),
+ ATTR_LEGALNAME.to_string(),
+ vec![new_attrs.legal_name],
+ filter.clone(),
+ kopid.eventid,
+ )
+ .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .await?;
+
+ state
+ .qe_w_ref
+ .handle_setattribute(
+ client_auth_info.clone(),
+ uat.uuid.to_string(),
+ ATTR_DISPLAYNAME.to_string(),
+ vec![new_attrs.display_name],
+ filter.clone(),
+ kopid.eventid,
+ )
+ .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .await?;
+
+ state
+ .qe_w_ref
+ .handle_setattribute(
+ client_auth_info.clone(),
+ uat.uuid.to_string(),
+ ATTR_MAIL.to_string(),
+ new_attrs.emails,
+ filter.clone(),
+ kopid.eventid,
+ )
+ .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .await?;
+
+ // TODO: These are normally not permitted, user should be prevented from changing non modifiable fields in the UI though
+ // state
+ // .qe_w_ref
+ // .handle_setattribute(
+ // client_auth_info.clone(),
+ // uat.uuid.to_string(),
+ // ATTR_EMAIL.to_string(),
+ // vec![new_attrs.email.unwrap_or("".to_string())],
+ // filter.clone(),
+ // kopid.eventid,
+ // )
+ // .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ // .await?;
+ //
+ // state
+ // .qe_w_ref
+ // .handle_setattribute(
+ // client_auth_info.clone(),
+ // uat.uuid.to_string(),
+ // ATTR_NAME.to_string(),
+ // vec![new_attrs.account_name],
+ // filter.clone(),
+ // kopid.eventid,
+ // )
+ // .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ // .await?;
+
+ // TODO: Calling this here returns the old attributes
+ view_profile_get(
+ State(state),
+ Extension(kopid),
+ HxRequest(hx_request),
+ VerifiedClientInformation(client_auth_info),
+ )
+ .await
+}
+
+// Sends the user a new email input to fill in :)
+pub(crate) async fn view_new_email_entry_partial(
+ State(_state): State<ServerState>,
+ VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+ Extension(_kopid): Extension<KOpId>,
+) -> axum::response::Result<Response> {
+ let passkey_init_trigger =
+ HxResponseTrigger::after_swap([HxEvent::new("addEmailSwapped".to_string())]);
+ Ok((
+ passkey_init_trigger,
+ HtmlTemplate(FormModEntryModListPartial {
+ can_rw: true,
+ r#type: "email".to_string(),
+ name: "emails[]".to_string(),
+ value: "".to_string(),
+ invalid_feedback: "Please enter a valid email address.".to_string(),
+ })
+ .into_response(),
+ )
+ .into_response())
}
pub(crate) async fn view_profile_unlock_get(
diff --git a/server/core/static/external/forms.js b/server/core/static/external/forms.js
new file mode 100644
index 000000000..c60b009d2
--- /dev/null
+++ b/server/core/static/external/forms.js
@@ -0,0 +1,25 @@
+// This file will contain js helpers to have some interactivity on forms that we can't achieve with pure html.
+function rehook_string_list_removers() {
+ const buttons = document.getElementsByClassName("kanidm-remove-list-entry");
+ for (let i = 0; i < buttons.length; i++) {
+ const button = buttons.item(i)
+ if (button.getAttribute("kanidm_hooked") !== null) return
+
+ button.addEventListener("click", (e) => {
+ // Expected html nesting: li > div.input-group > button.kanidm-remove-list-entry
+ let li = button.parentElement?.parentElement;
+ if (li && li.tagName === "LI") {
+ li.remove();
+ }
+ })
+ button.setAttribute("kanidm_hooked", "")
+ }
+}
+
+window.onload = function () {
+ rehook_string_list_removers();
+ document.body.addEventListener("addEmailSwapped", () => {
+ rehook_string_list_removers();
+ })
+};
+
diff --git a/server/core/static/external/htmx_bs_validation.js b/server/core/static/external/htmx_bs_validation.js
new file mode 100644
index 000000000..e5bbb2142
--- /dev/null
+++ b/server/core/static/external/htmx_bs_validation.js
@@ -0,0 +1,34 @@
+htmx.defineExtension("bs-validation", {
+ onEvent: function (name, evt) {
+ let form = evt.detail.elt;
+ // Htmx propagates attributes onto children like button, which would break those buttons, so we return if not a form.
+ if (form.tagName !== "FORM") return;
+
+ // check if trigger attribute and submit event exists
+ // for the form
+ if (!form.hasAttribute("hx-trigger")) {
+ // set trigger for custom event bs-send
+ form.setAttribute("hx-trigger", "bs-send");
+
+ // and attach the event only once
+ form.addEventListener("submit", function (event) {
+ if (form.checkValidity()) {
+ // trigger custom event hx-trigger="bs-send"
+ htmx.trigger(form, "bsSend");
+ }
+
+ // focus the first :invalid field
+ let invalidField = form.querySelector(":invalid");
+ if (invalidField) {
+ invalidField.focus();
+ }
+
+ console.log("prevented htmx send, form was invalid")
+ event.preventDefault()
+ event.stopPropagation()
+
+ form.classList.add("was-validated")
+ }, false)
+ }
+ }
+});
\ No newline at end of file
diff --git a/server/core/static/style.css b/server/core/static/style.css
index a2dc18278..c90fdaac0 100644
--- a/server/core/static/style.css
+++ b/server/core/static/style.css
@@ -29,6 +29,7 @@ body {
display: block !important;
}
+
/*
* Sidebar
*/
diff --git a/server/core/templates/user_settings.html b/server/core/templates/user_settings.html
index 636af5b63..811652f23 100644
--- a/server/core/templates/user_settings.html
+++ b/server/core/templates/user_settings.html
@@ -3,6 +3,8 @@
(% block title %)Profile(% endblock %)
(% block head %)
+<script src="/pkg/external/forms.js"></script>
+<script src="/pkg/external/htmx_bs_validation.js"></script>
(% endblock %)
(% block main %)
diff --git a/server/core/templates/user_settings/form_modifiable_entry_modifiable_list_partial.html b/server/core/templates/user_settings/form_modifiable_entry_modifiable_list_partial.html
new file mode 100644
index 000000000..df035e3ec
--- /dev/null
+++ b/server/core/templates/user_settings/form_modifiable_entry_modifiable_list_partial.html
@@ -0,0 +1,7 @@
+<li class="mb-2">
+ <div class="input-group">
+ <input type="(( type ))" class="form-control" name="(( name ))" value="(( value ))" hx-validate="true" required>
+ (% if can_rw %)<button type="button" class="btn btn-secondary kanidm-remove-list-entry">Remove</button>(% endif %)
+ </div>
+ <div class="invalid-feedback">(( invalid_feedback ))</div>
+</li>
\ No newline at end of file
diff --git a/server/core/templates/user_settings/profile_changes_partial.html b/server/core/templates/user_settings/profile_changes_partial.html
new file mode 100644
index 000000000..bc3451c32
--- /dev/null
+++ b/server/core/templates/user_settings/profile_changes_partial.html
@@ -0,0 +1,89 @@
+(% extends "user_settings_partial_base.html" %)
+
+(% block selected_setting_group %)
+Profile Difference
+(% endblock %)
+
+(% block settings_vertical_point %)lg(% endblock %)
+
+(% block settings_window %)
+
+<form>
+ <input type="hidden" name="account_name" value="(( new_attrs.account_name ))"/>
+ <input type="hidden" name="display_name" value="(( new_attrs.display_name ))"/>
+ <input type="hidden" name="legal_name" value="(( new_attrs.legal_name ))"/>
+ (% for email in new_attrs.emails %)
+ <input type="hidden" name="emails[]" value="(( email ))"/>
+ (% endfor %)
+
+ <table class="table table-bordered table-responsive">
+ <thead>
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Old value</th>
+ <th scope="col">New value</th>
+ </tr>
+ </thead>
+ (% if attrs.account_name != new_attrs.account_name %)
+ <tr>
+ <th scope="row">User name</th>
+ <td class="text-break">(( attrs.account_name ))</td>
+ <td class="text-break">(( new_attrs.account_name ))</td>
+ </tr>
+ (% endif %)
+
+ (% if attrs.display_name != new_attrs.display_name %)
+ <tr>
+ <th scope="row">Display name</th>
+ <td class="text-break">(( attrs.display_name ))</td>
+ <td class="text-break">(( new_attrs.display_name ))</td>
+ </tr>
+ (% endif %)
+
+ (% if attrs.legal_name != new_attrs.legal_name %)
+ <tr>
+ <th scope="row">Legal name</th>
+ <td class="text-break">(( attrs.legal_name ))</td>
+ <td class="text-break">(( new_attrs.legal_name ))</td>
+ </tr>
+ (% endif %)
+
+ (% if attrs.emails != new_attrs.emails %)
+
+ <!-- TODO: List new items with +, same items with . -->
+ <tr>
+ <th scope="row">Emails</th>
+ <td class="text-break">
+ <ul>
+ (% for email in attrs.emails %)
+ <li>(( email ))</li>
+ (% endfor %)
+ </ul>
+ </td>
+ <td class="text-break">
+ <ul>
+ (% for email in new_attrs.emails %)
+ <li>(( email ))</li>
+ (% endfor %)
+ </ul>
+ </td>
+ </tr>
+ (% endif %)
+ </table>
+ <!-- Edit button -->
+ <div class="pt-4" hx-target="#user_settings_container" hx-swap="outerHTML">
+ (% if can_rw %)
+ <button class="btn btn-danger" type="button" hx-get="/ui/profile" hx-target="#user_settings_container" hx-swap="outerHTML">Discard Changes</button>
+ <button class="btn btn-primary" type="button" hx-post="/ui/api/user_settings/confirm_profile" hx-target="#user_settings_container" hx-swap="outerHTML">Confirm Changes</button>
+ (% else %)
+ <a href="/ui/profile/unlock" hx-boost="false">
+ <!-- TODO: at the moment, session expiring here means progress is lost. Do we just show an error screen ? We can't pass the update state through the reauth session, and we don't have profile update sessions like cred update. -->
+ <button class="btn btn-primary" type="button">Unlock Confirm 🔓</button>
+ </a>
+ (% endif %)
+ </div>
+
+</form>
+
+(% endblock %)
+
diff --git a/server/core/templates/user_settings_profile_partial.html b/server/core/templates/user_settings_profile_partial.html
index 7d29d5bda..d4ec7487d 100644
--- a/server/core/templates/user_settings_profile_partial.html
+++ b/server/core/templates/user_settings_profile_partial.html
@@ -6,38 +6,56 @@ Profile
(% block settings_window %)
-<form>
+<form class="needs-validation" hx-post="/ui/api/user_settings/edit_profile" hx-target="#user_settings_container" hx-swap="outerHTML" hx-validate="true" hx-ext="bs-validation" novalidate>
<div class="mb-2 row">
- <label for="profileUserName" class="col-12 col-md-3 col-xl-2 col-form-label">User name</label>
+ <label for="profileUserName" class="col-12 col-md-3 col-lg-2 col-form-label">User name</label>
<div class="col-12 col-md-6 col-lg-5">
<input type="text" readonly class="form-control-plaintext" id="profileUserName" value="(( account_name ))">
</div>
</div>
-
- <div class="mb-2 row">
- <label for="profileDisplayName" class="col-12 col-md-3 col-xl-2 col-form-label">Display name</label>
- <div class="col-12 col-md-6 col-lg-5">
- <input type="text" class="form-control-plaintext" id="profileDisplayName" value="(( display_name ))" disabled>
- </div>
- </div>
<div class="mb-2 row">
- <label for="profileEmail" class="col-12 col-md-3 col-xl-2 col-form-label">Email</label>
+ <label for="profileDisplayName" class="col-12 col-md-3 col-lg-2 col-form-label">Display name</label>
<div class="col-12 col-md-6 col-lg-5">
- <input type="email" disabled class="form-control-plaintext" id="profileEmail" value="(( email.clone().unwrap_or("None configured".to_string())))">
+ <input type="text" class="form-control-plaintext" id="profileDisplayName" value="(( display_name ))">
+ </div>
+ </div>
+
+ <div class="mb-2 row">
+ <label for="profileLegalName" class="col-12 col-md-3 col-lg-2 col-form-label">Legal name</label>
+ <div class="col-12 col-md-6 col-lg-5">
+ <input type="text" class="form-control-plaintext" id="profileLegalName" value="(( legal_name ))">
+ </div>
+ </div>
+
+ <div class="mb-2">
+ <label for="profileEmail" class="mb-2">Emails</label>
+ <div>
+ <div class="row">
+ <ul class="col-12 col-md-11 col-lg-8" id="emailList">
+ (% for email in attrs.emails %)
+ (% let type = "email" %)
+ (% let name = "emails[]" %)
+ (% let value = email %)
+ (% let invalid_feedback = "Please enter a valid email address." %)
+ (% include "user_settings/form_modifiable_entry_modifiable_list_partial.html" %)
+ (% endfor %)
+ </ul>
+ </div>
+ (% if can_rw %)<button type="button" class="btn btn-primary" hx-post="/ui/api/user_settings/add_email" hx-target="#emailList" hx-swap="beforeend">Add Email</button>(% endif %)
</div>
</div>
<!-- Edit button -->
- <!-- <div class="pt-4">
+ <div class="pt-4">
(% if can_rw %)
- <button class="btn btn-primary" type="button" hx-post="/ui/api/user_settings/edit_profile" disabled>Edit (Currently Not Working!)</button>
+ <button class="btn btn-primary" type="submit">Edit</button>
(% else %)
- <a href=(Urls::ProfileUnlock) hx-boost="false">
- <button class="btn btn-primary" type="button">((UiMessage::UnlockEdit))</button>
+ <a href="/ui/profile/unlock" hx-boost="false">
+ <button class="btn btn-primary" type="button">Unlock Edit 🔒</button>
</a>
(% endif %)
- </div> -->
+ </div>
</form>
(% endblock %)
From 645f13b285698896a69654d110392c6bcec1ef2c Mon Sep 17 00:00:00 2001
From: ToxicMushroom <32853531+ToxicMushroom@users.noreply.github.com>
Date: Thu, 13 Feb 2025 23:46:35 +0100
Subject: [PATCH 2/7] patch up rebase
---
Cargo.lock | 14 ++++
server/core/src/https/views/constants.rs | 22 +++---
server/core/src/https/views/profile.rs | 76 +++++++++++--------
.../user_settings_profile_partial.html | 6 +-
4 files changed, 74 insertions(+), 44 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index fe306e47e..0f4fa00ad 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -391,6 +391,7 @@ dependencies = [
"multer",
"pin-project-lite",
"serde",
+ "serde_html_form",
"tower 0.5.2",
"tower-layer",
"tower-service",
@@ -5136,6 +5137,19 @@ dependencies = [
"syn 2.0.100",
]
+[[package]]
+name = "serde_html_form"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9d2de91cf02bbc07cde38891769ccd5d4f073d22a40683aa4bc7a95781aaa2c4"
+dependencies = [
+ "form_urlencoded",
+ "indexmap 2.7.1",
+ "itoa",
+ "ryu",
+ "serde",
+]
+
[[package]]
name = "serde_json"
version = "1.0.140"
diff --git a/server/core/src/https/views/constants.rs b/server/core/src/https/views/constants.rs
index 8e4167941..7276e8c2f 100644
--- a/server/core/src/https/views/constants.rs
+++ b/server/core/src/https/views/constants.rs
@@ -9,17 +9,17 @@ pub(crate) enum ProfileMenuItems {
UnixPassword,
}
-pub(crate) enum UiMessage {
- UnlockEdit,
-}
-
-impl std::fmt::Display for UiMessage {
- fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
- match self {
- UiMessage::UnlockEdit => write!(f, "Unlock Edit 🔒"),
- }
- }
-}
+// pub(crate) enum UiMessage {
+// UnlockEdit,
+// }
+//
+// impl std::fmt::Display for UiMessage {
+// fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+// match self {
+// UiMessage::UnlockEdit => write!(f, "Unlock Edit 🔒"),
+// }
+// }
+// }
pub(crate) enum Urls {
Apps,
diff --git a/server/core/src/https/views/profile.rs b/server/core/src/https/views/profile.rs
index 93e58ea3b..99ff596fc 100644
--- a/server/core/src/https/views/profile.rs
+++ b/server/core/src/https/views/profile.rs
@@ -1,20 +1,34 @@
+use super::constants::{ProfileMenuItems, Urls};
+use super::errors::HtmxError;
+use super::login::{LoginDisplayCtx, Reauth, ReauthPurpose};
+use super::navbar::NavbarCtx;
use crate::https::errors::WebError;
use crate::https::extractors::{DomainInfo, VerifiedClientInformation};
use crate::https::middleware::KOpId;
use crate::https::ServerState;
use askama::Template;
+use askama_axum::IntoResponse;
use axum::extract::State;
+use axum::http::Uri;
use axum::response::Response;
use axum::Extension;
use axum_extra::extract::cookie::CookieJar;
-use axum_htmx::{HxPushUrl, HxRequest};
+use axum_extra::extract::Form;
+use axum_htmx::{HxEvent, HxPushUrl, HxResponseTrigger};
use futures_util::TryFutureExt;
+use kanidm_proto::attribute::Attribute;
+use kanidm_proto::constants::{ATTR_DISPLAYNAME, ATTR_LEGALNAME, ATTR_MAIL};
use kanidm_proto::internal::UserAuthToken;
-
-use super::constants::{ProfileMenuItems, UiMessage, Urls};
-use super::errors::HtmxError;
-use super::login::{LoginDisplayCtx, Reauth, ReauthPurpose};
-use super::navbar::NavbarCtx;
+use kanidm_proto::v1::Entry;
+use kanidmd_lib::filter::{f_eq, f_id, Filter};
+use kanidmd_lib::prelude::f_and;
+use kanidmd_lib::prelude::PartialValue;
+use kanidmd_lib::prelude::FC;
+use serde::Deserialize;
+use serde::Serialize;
+use std::fmt;
+use std::fmt::Display;
+use std::fmt::Formatter;
#[derive(Template)]
#[template(path = "user_settings.html")]
@@ -28,8 +42,7 @@ pub(crate) struct ProfileView {
struct ProfilePartialView {
menu_active_item: ProfileMenuItems,
can_rw: bool,
- attrs: ProfileAttributes,
- posix_enabled: bool,
+ attrs: ProfileAttributes
}
#[derive(Clone, Debug, Serialize, Deserialize)]
@@ -45,9 +58,10 @@ pub(crate) struct ProfileAttributes {
#[derive(Template, Clone)]
#[template(path = "user_settings/profile_changes_partial.html")]
struct ProfileChangesPartialView {
+ menu_active_item: ProfileMenuItems,
can_rw: bool,
attrs: ProfileAttributes,
- new_attrs: ProfileAttributes
+ new_attrs: ProfileAttributes,
}
#[derive(Template, Clone)]
@@ -75,7 +89,7 @@ pub(crate) async fn view_profile_get(
) -> Result<ProfileView, WebError> {
let uat: UserAuthToken = state
.qe_r_ref
- .handle_whoami_uat(client_auth_info, kopid.eventid)
+ .handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
.await?;
let filter = filter_all!(f_and!([f_eq(
@@ -85,7 +99,6 @@ pub(crate) async fn view_profile_get(
let base: Vec<Entry> = state
.qe_r_ref
.handle_internalsearch(client_auth_info.clone(), filter, None, kopid.eventid)
- .map_err(|op_err| HtmxError::new(&kopid, op_err))
.await?;
let self_entry = base.first().expect("Self no longer exists");
@@ -109,22 +122,23 @@ pub(crate) async fn view_profile_get(
legal_name: "hardcoded".to_string(),
emails,
primary_email,
-
},
+ },
})
}
-
pub(crate) async fn view_profile_diff_start_save_post(
State(state): State<ServerState>,
Extension(kopid): Extension<KOpId>,
VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+ DomainInfo(domain_info): DomainInfo,
+ // Form must be the last parameter because it consumes the request body
Form(new_attrs): Form<ProfileAttributes>,
) -> axum::response::Result<Response> {
let uat: UserAuthToken = state
.qe_r_ref
.handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
- .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
.await?;
let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
@@ -137,7 +151,7 @@ pub(crate) async fn view_profile_diff_start_save_post(
let base: Vec<Entry> = state
.qe_r_ref
.handle_internalsearch(client_auth_info.clone(), filter, None, kopid.eventid)
- .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info))
.await?;
let self_entry = base.first().expect("Self no longer exists");
@@ -146,6 +160,7 @@ pub(crate) async fn view_profile_diff_start_save_post(
let primary_email = emails.first().cloned();
let profile_view = ProfileChangesPartialView {
+ menu_active_item: ProfileMenuItems::UserProfile,
can_rw,
attrs: ProfileAttributes {
account_name: uat.name().to_string(),
@@ -154,13 +169,12 @@ pub(crate) async fn view_profile_diff_start_save_post(
emails,
primary_email,
},
- new_attrs,
- posix_enabled: true,
+ new_attrs
};
Ok((
HxPushUrl(Uri::from_static("/ui/profile/diff")),
- HtmlTemplate(profile_view),
+ profile_view,
)
.into_response())
}
@@ -168,14 +182,15 @@ pub(crate) async fn view_profile_diff_start_save_post(
pub(crate) async fn view_profile_diff_confirm_save_post(
State(state): State<ServerState>,
Extension(kopid): Extension<KOpId>,
- HxRequest(hx_request): HxRequest,
VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+ DomainInfo(domain_info): DomainInfo,
+ // Form must be the last parameter because it consumes the request body
Form(new_attrs): Form<ProfileAttributes>,
) -> axum::response::Result<Response> {
let uat: UserAuthToken = state
.qe_r_ref
.handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
- .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
.await?;
dbg!(&new_attrs);
@@ -191,7 +206,7 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
filter.clone(),
kopid.eventid,
)
- .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
.await?;
state
@@ -204,7 +219,7 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
filter.clone(),
kopid.eventid,
)
- .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
.await?;
state
@@ -217,7 +232,7 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
filter.clone(),
kopid.eventid,
)
- .map_err(|op_err| HtmxError::new(&kopid, op_err))
+ .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
.await?;
// TODO: These are normally not permitted, user should be prevented from changing non modifiable fields in the UI though
@@ -248,13 +263,15 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
// .await?;
// TODO: Calling this here returns the old attributes
- view_profile_get(
+ match view_profile_get(
State(state),
Extension(kopid),
- HxRequest(hx_request),
VerifiedClientInformation(client_auth_info),
- )
- .await
+ DomainInfo(domain_info)
+ ).await {
+ Ok(pv) => Ok(pv.into_response()),
+ Err(e) => Ok(e.into_response()),
+ }
}
// Sends the user a new email input to fill in :)
@@ -267,14 +284,13 @@ pub(crate) async fn view_new_email_entry_partial(
HxResponseTrigger::after_swap([HxEvent::new("addEmailSwapped".to_string())]);
Ok((
passkey_init_trigger,
- HtmlTemplate(FormModEntryModListPartial {
+ FormModEntryModListPartial {
can_rw: true,
r#type: "email".to_string(),
name: "emails[]".to_string(),
value: "".to_string(),
invalid_feedback: "Please enter a valid email address.".to_string(),
- })
- .into_response(),
+ },
)
.into_response())
}
diff --git a/server/core/templates/user_settings_profile_partial.html b/server/core/templates/user_settings_profile_partial.html
index d4ec7487d..193684c2f 100644
--- a/server/core/templates/user_settings_profile_partial.html
+++ b/server/core/templates/user_settings_profile_partial.html
@@ -10,21 +10,21 @@ Profile
<div class="mb-2 row">
<label for="profileUserName" class="col-12 col-md-3 col-lg-2 col-form-label">User name</label>
<div class="col-12 col-md-6 col-lg-5">
- <input type="text" readonly class="form-control-plaintext" id="profileUserName" value="(( account_name ))">
+ <input type="text" readonly class="form-control-plaintext" id="profileUserName" value="(( attrs.account_name ))">
</div>
</div>
<div class="mb-2 row">
<label for="profileDisplayName" class="col-12 col-md-3 col-lg-2 col-form-label">Display name</label>
<div class="col-12 col-md-6 col-lg-5">
- <input type="text" class="form-control-plaintext" id="profileDisplayName" value="(( display_name ))">
+ <input type="text" class="form-control-plaintext" id="profileDisplayName" value="(( attrs.display_name ))">
</div>
</div>
<div class="mb-2 row">
<label for="profileLegalName" class="col-12 col-md-3 col-lg-2 col-form-label">Legal name</label>
<div class="col-12 col-md-6 col-lg-5">
- <input type="text" class="form-control-plaintext" id="profileLegalName" value="(( legal_name ))">
+ <input type="text" class="form-control-plaintext" id="profileLegalName" value="(( attrs.legal_name ))">
</div>
</div>
From bb0e7591346d55893e210a701dc8021bdf320af3 Mon Sep 17 00:00:00 2001
From: ToxicMushroom <32853531+ToxicMushroom@users.noreply.github.com>
Date: Sat, 5 Apr 2025 03:02:22 +0200
Subject: [PATCH 3/7] Add primary email selection, update email add button. Use
scim.
---
server/core/src/https/views/admin/mod.rs | 2 +-
server/core/src/https/views/admin/persons.rs | 21 ++---
server/core/src/https/views/profile.rs | 92 ++++++------------
server/core/static/external/forms.js | 2 +-
server/core/static/style.css | 4 +
.../profile_changes_partial.html | 26 ++----
.../user_settings_profile_partial.html | 93 ++++++++++++-------
7 files changed, 107 insertions(+), 133 deletions(-)
diff --git a/server/core/src/https/views/admin/mod.rs b/server/core/src/https/views/admin/mod.rs
index e728e33b0..a0c826942 100644
--- a/server/core/src/https/views/admin/mod.rs
+++ b/server/core/src/https/views/admin/mod.rs
@@ -3,7 +3,7 @@ use axum::routing::get;
use axum::Router;
use axum_htmx::HxRequestGuardLayer;
-mod persons;
+pub(crate) mod persons;
pub fn admin_router() -> Router<ServerState> {
let unguarded_router = Router::new()
diff --git a/server/core/src/https/views/admin/persons.rs b/server/core/src/https/views/admin/persons.rs
index e1a2d723f..385e7b0f0 100644
--- a/server/core/src/https/views/admin/persons.rs
+++ b/server/core/src/https/views/admin/persons.rs
@@ -1,3 +1,4 @@
+use crate::https::errors::WebError;
use crate::https::extractors::{DomainInfo, VerifiedClientInformation};
use crate::https::middleware::KOpId;
use crate::https::views::errors::HtmxError;
@@ -7,17 +8,15 @@ use crate::https::ServerState;
use askama::Template;
use axum::extract::{Path, State};
use axum::http::Uri;
-use axum::response::{ErrorResponse, IntoResponse, Response};
+use axum::response::{IntoResponse, Response};
use axum::Extension;
use axum_htmx::{HxPushUrl, HxRequest};
-use futures_util::TryFutureExt;
use kanidm_proto::attribute::Attribute;
use kanidm_proto::internal::OperationError;
use kanidm_proto::scim_v1::client::ScimFilter;
use kanidm_proto::scim_v1::server::{ScimEffectiveAccess, ScimEntryKanidm, ScimPerson};
use kanidm_proto::scim_v1::ScimEntryGetQuery;
use kanidmd_lib::constants::EntryClass;
-use kanidmd_lib::idm::server::DomainInfoRead;
use kanidmd_lib::idm::ClientAuthInfo;
use std::str::FromStr;
use uuid::Uuid;
@@ -70,7 +69,7 @@ pub(crate) async fn view_person_view_get(
DomainInfo(domain_info): DomainInfo,
) -> axum::response::Result<Response> {
let (person, scim_effective_access) =
- get_person_info(uuid, state, &kopid, client_auth_info, domain_info.clone()).await?;
+ get_person_info(uuid, state, &kopid, client_auth_info).await?;
let person_partial = PersonViewPartial {
person,
scim_effective_access,
@@ -101,7 +100,7 @@ pub(crate) async fn view_persons_get(
DomainInfo(domain_info): DomainInfo,
VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
) -> axum::response::Result<Response> {
- let persons = get_persons_info(state, &kopid, client_auth_info, domain_info.clone()).await?;
+ let persons = get_persons_info(state, &kopid, client_auth_info).await?;
let persons_partial = PersonsPartialView { persons };
let push_url = HxPushUrl(Uri::from_static("/ui/admin/persons"));
@@ -119,13 +118,12 @@ pub(crate) async fn view_persons_get(
})
}
-async fn get_person_info(
+pub async fn get_person_info(
uuid: Uuid,
state: ServerState,
kopid: &KOpId,
client_auth_info: ClientAuthInfo,
- domain_info: DomainInfoRead,
-) -> Result<(ScimPerson, ScimEffectiveAccess), ErrorResponse> {
+) -> Result<(ScimPerson, ScimEffectiveAccess), WebError> {
let scim_entry: ScimEntryKanidm = state
.qe_r_ref
.scim_entry_id_get(
@@ -138,13 +136,12 @@ async fn get_person_info(
ext_access_check: true,
},
)
- .map_err(|op_err| HtmxError::new(kopid, op_err, domain_info.clone()))
.await?;
if let Some(personinfo_info) = scimentry_into_personinfo(scim_entry) {
Ok(personinfo_info)
} else {
- Err(HtmxError::new(kopid, OperationError::InvalidState, domain_info.clone()).into())
+ Err(WebError::from(OperationError::InvalidState))
}
}
@@ -152,8 +149,7 @@ async fn get_persons_info(
state: ServerState,
kopid: &KOpId,
client_auth_info: ClientAuthInfo,
- domain_info: DomainInfoRead,
-) -> Result<Vec<(ScimPerson, ScimEffectiveAccess)>, ErrorResponse> {
+) -> Result<Vec<(ScimPerson, ScimEffectiveAccess)>, WebError> {
let filter = ScimFilter::Equal(Attribute::Class.into(), EntryClass::Person.into());
let base: Vec<ScimEntryKanidm> = state
@@ -167,7 +163,6 @@ async fn get_persons_info(
ext_access_check: true,
},
)
- .map_err(|op_err| HtmxError::new(kopid, op_err, domain_info.clone()))
.await?;
// TODO: inefficient to sort here
diff --git a/server/core/src/https/views/profile.rs b/server/core/src/https/views/profile.rs
index 99ff596fc..fbfa0c581 100644
--- a/server/core/src/https/views/profile.rs
+++ b/server/core/src/https/views/profile.rs
@@ -1,3 +1,4 @@
+use kanidm_proto::attribute::Attribute;
use super::constants::{ProfileMenuItems, Urls};
use super::errors::HtmxError;
use super::login::{LoginDisplayCtx, Reauth, ReauthPurpose};
@@ -16,13 +17,11 @@ use axum_extra::extract::cookie::CookieJar;
use axum_extra::extract::Form;
use axum_htmx::{HxEvent, HxPushUrl, HxResponseTrigger};
use futures_util::TryFutureExt;
-use kanidm_proto::attribute::Attribute;
-use kanidm_proto::constants::{ATTR_DISPLAYNAME, ATTR_LEGALNAME, ATTR_MAIL};
+use kanidm_proto::constants::{ATTR_DISPLAYNAME, ATTR_MAIL};
use kanidm_proto::internal::UserAuthToken;
-use kanidm_proto::v1::Entry;
-use kanidmd_lib::filter::{f_eq, f_id, Filter};
+use kanidm_proto::scim_v1::server::{ScimEffectiveAccess, ScimPerson};
+use kanidmd_lib::filter::{f_id, Filter};
use kanidmd_lib::prelude::f_and;
-use kanidmd_lib::prelude::PartialValue;
use kanidmd_lib::prelude::FC;
use serde::Deserialize;
use serde::Serialize;
@@ -42,17 +41,20 @@ pub(crate) struct ProfileView {
struct ProfilePartialView {
menu_active_item: ProfileMenuItems,
can_rw: bool,
- attrs: ProfileAttributes
+ person: ScimPerson,
+ scim_effective_access: ScimEffectiveAccess,
}
#[derive(Clone, Debug, Serialize, Deserialize)]
pub(crate) struct ProfileAttributes {
+ #[serde(rename = "name")]
account_name: String,
+ #[serde(rename = "displayname")]
display_name: String,
- legal_name: String,
#[serde(rename = "emails[]")]
emails: Vec<String>,
- primary_email: Option<String>,
+ // radio buttons are used to pick a primary index
+ primary_email_index: u16,
}
#[derive(Template, Clone)]
@@ -60,7 +62,7 @@ pub(crate) struct ProfileAttributes {
struct ProfileChangesPartialView {
menu_active_item: ProfileMenuItems,
can_rw: bool,
- attrs: ProfileAttributes,
+ person: ScimPerson,
new_attrs: ProfileAttributes,
}
@@ -92,19 +94,12 @@ pub(crate) async fn view_profile_get(
.handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
.await?;
- let filter = filter_all!(f_and!([f_eq(
- Attribute::Uuid,
- PartialValue::Uuid(uat.uuid)
- )]));
- let base: Vec<Entry> = state
- .qe_r_ref
- .handle_internalsearch(client_auth_info.clone(), filter, None, kopid.eventid)
- .await?;
+ let (scim_person, scim_effective_access) = crate::https::views::admin::persons::get_person_info(
+ uat.uuid,
+ state,
+ &kopid,
+ client_auth_info.clone()).await?;
- let self_entry = base.first().expect("Self no longer exists");
- let empty = vec![];
- let emails = self_entry.attrs.get(ATTR_MAIL).unwrap_or(&empty).clone();
- let primary_email = emails.first().cloned();
let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
@@ -116,13 +111,8 @@ pub(crate) async fn view_profile_get(
profile_partial: ProfilePartialView {
menu_active_item: ProfileMenuItems::UserProfile,
can_rw,
- attrs: ProfileAttributes {
- account_name: uat.name().to_string(),
- display_name: uat.displayname.clone(),
- legal_name: "hardcoded".to_string(),
- emails,
- primary_email,
- },
+ person: scim_person,
+ scim_effective_access
},
})
}
@@ -143,32 +133,17 @@ pub(crate) async fn view_profile_diff_start_save_post(
let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
let can_rw = uat.purpose_readwrite_active(time);
-
- let filter = filter_all!(f_and!([f_eq(
- Attribute::Uuid,
- PartialValue::Uuid(uat.uuid)
- )]));
- let base: Vec<Entry> = state
- .qe_r_ref
- .handle_internalsearch(client_auth_info.clone(), filter, None, kopid.eventid)
- .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info))
- .await?;
-
- let self_entry = base.first().expect("Self no longer exists");
- let empty = vec![];
- let emails = self_entry.attrs.get(ATTR_MAIL).unwrap_or(&empty).clone();
- let primary_email = emails.first().cloned();
+ // TODO: A bit overkill to request scimEffectiveAccess here.
+ let (scim_person, _) = crate::https::views::admin::persons::get_person_info(
+ uat.uuid,
+ state,
+ &kopid,
+ client_auth_info.clone()).await?;
let profile_view = ProfileChangesPartialView {
menu_active_item: ProfileMenuItems::UserProfile,
can_rw,
- attrs: ProfileAttributes {
- account_name: uat.name().to_string(),
- display_name: uat.displayname.clone(),
- legal_name: "hardcoded".to_string(),
- emails,
- primary_email,
- },
+ person: scim_person,
new_attrs
};
@@ -196,19 +171,6 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
let filter = filter_all!(f_and!([f_id(uat.uuid.to_string().as_str())]));
- state
- .qe_w_ref
- .handle_setattribute(
- client_auth_info.clone(),
- uat.uuid.to_string(),
- ATTR_LEGALNAME.to_string(),
- vec![new_attrs.legal_name],
- filter.clone(),
- kopid.eventid,
- )
- .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
- .await?;
-
state
.qe_w_ref
.handle_setattribute(
@@ -280,10 +242,10 @@ pub(crate) async fn view_new_email_entry_partial(
VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
Extension(_kopid): Extension<KOpId>,
) -> axum::response::Result<Response> {
- let passkey_init_trigger =
+ let add_email_trigger =
HxResponseTrigger::after_swap([HxEvent::new("addEmailSwapped".to_string())]);
Ok((
- passkey_init_trigger,
+ add_email_trigger,
FormModEntryModListPartial {
can_rw: true,
r#type: "email".to_string(),
diff --git a/server/core/static/external/forms.js b/server/core/static/external/forms.js
index c60b009d2..7e5bfe74c 100644
--- a/server/core/static/external/forms.js
+++ b/server/core/static/external/forms.js
@@ -3,7 +3,7 @@ function rehook_string_list_removers() {
const buttons = document.getElementsByClassName("kanidm-remove-list-entry");
for (let i = 0; i < buttons.length; i++) {
const button = buttons.item(i)
- if (button.getAttribute("kanidm_hooked") !== null) return
+ if (button.getAttribute("kanidm_hooked") !== null) continue
button.addEventListener("click", (e) => {
// Expected html nesting: li > div.input-group > button.kanidm-remove-list-entry
diff --git a/server/core/static/style.css b/server/core/static/style.css
index c90fdaac0..3566d8f3f 100644
--- a/server/core/static/style.css
+++ b/server/core/static/style.css
@@ -207,3 +207,7 @@ footer {
height: var(--icon-size);
transform: rotate(35deg);
}
+
+.cursor-pointer:hover {
+ cursor: pointer;
+}
\ No newline at end of file
diff --git a/server/core/templates/user_settings/profile_changes_partial.html b/server/core/templates/user_settings/profile_changes_partial.html
index bc3451c32..6288868aa 100644
--- a/server/core/templates/user_settings/profile_changes_partial.html
+++ b/server/core/templates/user_settings/profile_changes_partial.html
@@ -11,7 +11,7 @@ Profile Difference
<form>
<input type="hidden" name="account_name" value="(( new_attrs.account_name ))"/>
<input type="hidden" name="display_name" value="(( new_attrs.display_name ))"/>
- <input type="hidden" name="legal_name" value="(( new_attrs.legal_name ))"/>
+<!-- <input type="hidden" name="legal_name" value=" new_attrs.legal_name "/>-->
(% for email in new_attrs.emails %)
<input type="hidden" name="emails[]" value="(( email ))"/>
(% endfor %)
@@ -24,39 +24,30 @@ Profile Difference
<th scope="col">New value</th>
</tr>
</thead>
- (% if attrs.account_name != new_attrs.account_name %)
+ (% if person.name != new_attrs.account_name %)
<tr>
- <th scope="row">User name</th>
- <td class="text-break">(( attrs.account_name ))</td>
+ <th scope="row">Username</th>
+ <td class="text-break">(( person.name ))</td>
<td class="text-break">(( new_attrs.account_name ))</td>
</tr>
(% endif %)
- (% if attrs.display_name != new_attrs.display_name %)
+ (% if person.displayname != new_attrs.display_name %)
<tr>
<th scope="row">Display name</th>
- <td class="text-break">(( attrs.display_name ))</td>
+ <td class="text-break">(( person.displayname ))</td>
<td class="text-break">(( new_attrs.display_name ))</td>
</tr>
(% endif %)
- (% if attrs.legal_name != new_attrs.legal_name %)
- <tr>
- <th scope="row">Legal name</th>
- <td class="text-break">(( attrs.legal_name ))</td>
- <td class="text-break">(( new_attrs.legal_name ))</td>
- </tr>
- (% endif %)
-
- (% if attrs.emails != new_attrs.emails %)
<!-- TODO: List new items with +, same items with . -->
<tr>
<th scope="row">Emails</th>
<td class="text-break">
<ul>
- (% for email in attrs.emails %)
- <li>(( email ))</li>
+ (% for email in person.mails %)
+ <li>(( email.value ))</li>
(% endfor %)
</ul>
</td>
@@ -68,7 +59,6 @@ Profile Difference
</ul>
</td>
</tr>
- (% endif %)
</table>
<!-- Edit button -->
<div class="pt-4" hx-target="#user_settings_container" hx-swap="outerHTML">
diff --git a/server/core/templates/user_settings_profile_partial.html b/server/core/templates/user_settings_profile_partial.html
index 193684c2f..2ab46ff69 100644
--- a/server/core/templates/user_settings_profile_partial.html
+++ b/server/core/templates/user_settings_profile_partial.html
@@ -4,56 +4,79 @@
Profile
(% endblock %)
+(% macro string_attr(dispname, name, value, editable, attribute) %)
+(% if scim_effective_access.search.check(attribute|as_ref) %)
+<div class="row g-0 mt-3">
+ <label for="person(( name ))" class="col-12 col-md-3 col-lg-2 col-form-label fw-bold py-0">(( dispname ))</label>
+ <div class="col-12 col-md-8 col-lg-6">
+ (% if scim_effective_access.modify_present.check(attribute|as_ref) %)
+ <input class="form-control py-0" id="person(( name ))" name="(( name ))" value="(( value ))">
+ (% else %)
+ <input readonly class="form-control-plaintext py-0" id="person(( name ))" name="(( name ))" value="(( value ))">
+ (% endif %)
+ </div>
+</div>
+(% endif %)
+(% endmacro %)
+
(% block settings_window %)
-<form class="needs-validation" hx-post="/ui/api/user_settings/edit_profile" hx-target="#user_settings_container" hx-swap="outerHTML" hx-validate="true" hx-ext="bs-validation" novalidate>
- <div class="mb-2 row">
- <label for="profileUserName" class="col-12 col-md-3 col-lg-2 col-form-label">User name</label>
- <div class="col-12 col-md-6 col-lg-5">
- <input type="text" readonly class="form-control-plaintext" id="profileUserName" value="(( attrs.account_name ))">
- </div>
- </div>
-
- <div class="mb-2 row">
- <label for="profileDisplayName" class="col-12 col-md-3 col-lg-2 col-form-label">Display name</label>
- <div class="col-12 col-md-6 col-lg-5">
- <input type="text" class="form-control-plaintext" id="profileDisplayName" value="(( attrs.display_name ))">
- </div>
- </div>
+<form id="user_settings_container" class="needs-validation" hx-post="/ui/api/user_settings/edit_profile"
+ hx-target="#user_settings_container" hx-swap="outerHTML" hx-validate="true" hx-ext="bs-validation" novalidate>
+ (% call string_attr("Name", "name", person.name, true, Attribute::Name) %)
- <div class="mb-2 row">
- <label for="profileLegalName" class="col-12 col-md-3 col-lg-2 col-form-label">Legal name</label>
- <div class="col-12 col-md-6 col-lg-5">
- <input type="text" class="form-control-plaintext" id="profileLegalName" value="(( attrs.legal_name ))">
- </div>
- </div>
+ (% call string_attr("Displayname", "displayname", person.displayname, true, Attribute::DisplayName) %)
<div class="mb-2">
- <label for="profileEmail" class="mb-2">Emails</label>
+ <div class="mt-3 mb-2 col-12 col-md-11 col-lg-8">
+ <label for="profileEmail" class="fw-bold">Email addresses (select primary)</label>
+ (% if can_rw %)
+ <a class="cursor-pointer float-end" hx-boost="true" hx-post="/ui/api/user_settings/add_email" hx-target="#emailAddresses"
+ hx-swap="beforeend">
+ <svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" class="bi bi-plus-square"
+ viewBox="0 0 16 16" width="20" height="20">
+ <path d="M14 1a1 1 0 0 1 1 1v12a1 1 0 0 1-1 1H2a1 1 0 0 1-1-1V2a1 1 0 0 1 1-1zM2 0a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V2a2 2 0 0 0-2-2z"></path>
+ <path d="M8 4a.5.5 0 0 1 .5.5v3h3a.5.5 0 0 1 0 1h-3v3a.5.5 0 0 1-1 0v-3h-3a.5.5 0 0 1 0-1h3v-3A.5.5 0 0 1 8 4"></path>
+ </svg>
+ </a>
+ </div>
+ (% endif %)
<div>
- <div class="row">
- <ul class="col-12 col-md-11 col-lg-8" id="emailList">
- (% for email in attrs.emails %)
- (% let type = "email" %)
- (% let name = "emails[]" %)
- (% let value = email %)
- (% let invalid_feedback = "Please enter a valid email address." %)
- (% include "user_settings/form_modifiable_entry_modifiable_list_partial.html" %)
+ <div class="row g-0">
+ <div class="col-12 col-md-11 col-lg-8" id="emailAddresses">
+ (% for (i, email) in person.mails.iter().enumerate() %)
+ (% let type = "email" %)
+ (% let name = "emails[]" %)
+ (% let value = email.value.clone() %)
+ (% let invalid_feedback = "Please enter a valid email address." %)
+
+ <div class="input-group mb-1">
+ <div class="input-group-text">
+ <input class="form-check-input mt-0" name="primary_email_index" type="radio" value="((i))" aria-label="Primary email radio button for following text input">
+ </div>
+
+ <input type="(( type ))" class="form-control" name="(( name ))" value="(( value ))" hx-validate="true" required>
+ (% if can_rw %)
+ <button type="button" class="btn btn-secondary kanidm-remove-list-entry">Remove</button>
+ (% endif %)
+
+ </div>
+ <div class="invalid-feedback">(( invalid_feedback ))</div>
+
(% endfor %)
- </ul>
+ </div>
</div>
- (% if can_rw %)<button type="button" class="btn btn-primary" hx-post="/ui/api/user_settings/add_email" hx-target="#emailList" hx-swap="beforeend">Add Email</button>(% endif %)
</div>
</div>
<!-- Edit button -->
<div class="pt-4">
(% if can_rw %)
- <button class="btn btn-primary" type="submit">Edit</button>
+ <button class="btn btn-primary" type="submit">Save</button>
(% else %)
- <a href="/ui/profile/unlock" hx-boost="false">
- <button class="btn btn-primary" type="button">Unlock Edit 🔒</button>
- </a>
+ <a href="/ui/profile/unlock" hx-boost="false">
+ <button class="btn btn-primary" type="button">Unlock Edit 🔒</button>
+ </a>
(% endif %)
</div>
</form>
From 339a20947a5f818088577e54ceecf0eb376d7536 Mon Sep 17 00:00:00 2001
From: ToxicMushroom <32853531+ToxicMushroom@users.noreply.github.com>
Date: Sat, 5 Apr 2025 17:22:07 +0200
Subject: [PATCH 4/7] Fixup email submission, tested
---
Cargo.lock | 2 +-
server/core/src/https/views/mod.rs | 2 +-
server/core/src/https/views/profile.rs | 103 +++++++++++++-----
server/core/static/external/forms.js | 4 +-
.../form_email_entry_partial.html | 17 +++
.../profile_changes_partial.html | 4 +-
.../user_settings_profile_partial.html | 39 +++----
7 files changed, 114 insertions(+), 57 deletions(-)
create mode 100644 server/core/templates/user_settings/form_email_entry_partial.html
diff --git a/Cargo.lock b/Cargo.lock
index 0f4fa00ad..f3b24271c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -5144,7 +5144,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9d2de91cf02bbc07cde38891769ccd5d4f073d22a40683aa4bc7a95781aaa2c4"
dependencies = [
"form_urlencoded",
- "indexmap 2.7.1",
+ "indexmap 2.8.0",
"itoa",
"ryu",
"serde",
diff --git a/server/core/src/https/views/mod.rs b/server/core/src/https/views/mod.rs
index ffc74c916..8157257a5 100644
--- a/server/core/src/https/views/mod.rs
+++ b/server/core/src/https/views/mod.rs
@@ -132,7 +132,7 @@ pub fn view_router() -> Router<ServerState> {
.route("/api/cu_commit", post(reset::commit))
.route(
"/api/user_settings/add_email",
- post(profile::view_new_email_entry_partial),
+ get(profile::view_new_email_entry_partial),
)
.route(
"/api/user_settings/edit_profile",
diff --git a/server/core/src/https/views/profile.rs b/server/core/src/https/views/profile.rs
index fbfa0c581..a3678010f 100644
--- a/server/core/src/https/views/profile.rs
+++ b/server/core/src/https/views/profile.rs
@@ -1,4 +1,3 @@
-use kanidm_proto::attribute::Attribute;
use super::constants::{ProfileMenuItems, Urls};
use super::errors::HtmxError;
use super::login::{LoginDisplayCtx, Reauth, ReauthPurpose};
@@ -9,7 +8,7 @@ use crate::https::middleware::KOpId;
use crate::https::ServerState;
use askama::Template;
use askama_axum::IntoResponse;
-use axum::extract::State;
+use axum::extract::{Query, State};
use axum::http::Uri;
use axum::response::Response;
use axum::Extension;
@@ -17,9 +16,11 @@ use axum_extra::extract::cookie::CookieJar;
use axum_extra::extract::Form;
use axum_htmx::{HxEvent, HxPushUrl, HxResponseTrigger};
use futures_util::TryFutureExt;
+use kanidm_proto::attribute::Attribute;
use kanidm_proto::constants::{ATTR_DISPLAYNAME, ATTR_MAIL};
use kanidm_proto::internal::UserAuthToken;
use kanidm_proto::scim_v1::server::{ScimEffectiveAccess, ScimPerson};
+use kanidm_proto::scim_v1::ScimMail;
use kanidmd_lib::filter::{f_id, Filter};
use kanidmd_lib::prelude::f_and;
use kanidmd_lib::prelude::FC;
@@ -46,17 +47,26 @@ struct ProfilePartialView {
}
#[derive(Clone, Debug, Serialize, Deserialize)]
-pub(crate) struct ProfileAttributes {
+pub(crate) struct SaveProfileQuery {
#[serde(rename = "name")]
account_name: String,
#[serde(rename = "displayname")]
display_name: String,
+ #[serde(rename = "email_index")]
+ emails_indexes: Vec<u16>,
#[serde(rename = "emails[]")]
emails: Vec<String>,
- // radio buttons are used to pick a primary index
+ // radio buttons are used to pick a primary index, remove causes holes, map back into [emails] using [emails_indexes]
primary_email_index: u16,
}
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub(crate) struct ProfileAttributes {
+ account_name: String,
+ display_name: String,
+ emails: Vec<ScimMail>,
+}
+
#[derive(Template, Clone)]
#[template(path = "user_settings/profile_changes_partial.html")]
struct ProfileChangesPartialView {
@@ -67,14 +77,12 @@ struct ProfileChangesPartialView {
}
#[derive(Template, Clone)]
-#[template(path = "user_settings/form_modifiable_entry_modifiable_list_partial.html")]
-// Modifiable entry in a modifiable list partial
-pub(crate) struct FormModEntryModListPartial {
- can_rw: bool,
- r#type: String,
- name: String,
+#[template(path = "user_settings/form_email_entry_partial.html")]
+pub(crate) struct FormEmailEntryListPartial {
+ can_edit: bool,
value: String,
- invalid_feedback: String,
+ primary: bool,
+ index: u16,
}
impl Display for ProfileAttributes {
@@ -94,12 +102,14 @@ pub(crate) async fn view_profile_get(
.handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
.await?;
- let (scim_person, scim_effective_access) = crate::https::views::admin::persons::get_person_info(
- uat.uuid,
- state,
- &kopid,
- client_auth_info.clone()).await?;
-
+ let (scim_person, scim_effective_access) =
+ crate::https::views::admin::persons::get_person_info(
+ uat.uuid,
+ state,
+ &kopid,
+ client_auth_info.clone(),
+ )
+ .await?;
let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
@@ -112,7 +122,7 @@ pub(crate) async fn view_profile_get(
menu_active_item: ProfileMenuItems::UserProfile,
can_rw,
person: scim_person,
- scim_effective_access
+ scim_effective_access,
},
})
}
@@ -123,7 +133,7 @@ pub(crate) async fn view_profile_diff_start_save_post(
VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
DomainInfo(domain_info): DomainInfo,
// Form must be the last parameter because it consumes the request body
- Form(new_attrs): Form<ProfileAttributes>,
+ Form(query): Form<SaveProfileQuery>,
) -> axum::response::Result<Response> {
let uat: UserAuthToken = state
.qe_r_ref
@@ -138,13 +148,34 @@ pub(crate) async fn view_profile_diff_start_save_post(
uat.uuid,
state,
&kopid,
- client_auth_info.clone()).await?;
+ client_auth_info.clone(),
+ )
+ .await?;
+
+ let primary_index = query
+ .emails_indexes
+ .iter()
+ .position(|ei| ei == &query.primary_email_index)
+ .unwrap_or(0);
+ let new_mails = query
+ .emails
+ .iter()
+ .enumerate()
+ .map(|(ei, email)| ScimMail {
+ primary: ei == primary_index,
+ value: email.to_string(),
+ })
+ .collect();
let profile_view = ProfileChangesPartialView {
menu_active_item: ProfileMenuItems::UserProfile,
can_rw,
person: scim_person,
- new_attrs
+ new_attrs: ProfileAttributes {
+ account_name: query.account_name,
+ display_name: query.display_name,
+ emails: new_mails,
+ },
};
Ok((
@@ -160,7 +191,7 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
DomainInfo(domain_info): DomainInfo,
// Form must be the last parameter because it consumes the request body
- Form(new_attrs): Form<ProfileAttributes>,
+ Form(mut new_attrs): Form<ProfileAttributes>,
) -> axum::response::Result<Response> {
let uat: UserAuthToken = state
.qe_r_ref
@@ -184,13 +215,17 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
.map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
.await?;
+ new_attrs
+ .emails
+ .sort_by_key(|sm| if sm.primary { 0 } else { 1 });
+ let email_addresses = new_attrs.emails.into_iter().map(|sm| sm.value).collect();
state
.qe_w_ref
.handle_setattribute(
client_auth_info.clone(),
uat.uuid.to_string(),
ATTR_MAIL.to_string(),
- new_attrs.emails,
+ email_addresses,
filter.clone(),
kopid.eventid,
)
@@ -229,29 +264,37 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
State(state),
Extension(kopid),
VerifiedClientInformation(client_auth_info),
- DomainInfo(domain_info)
- ).await {
+ DomainInfo(domain_info),
+ )
+ .await
+ {
Ok(pv) => Ok(pv.into_response()),
Err(e) => Ok(e.into_response()),
}
}
+#[derive(Deserialize)]
+pub(crate) struct AddEmailQuery {
+ // the last email index is passed so we can return an incremented id
+ email_index: Option<u16>,
+}
+
// Sends the user a new email input to fill in :)
pub(crate) async fn view_new_email_entry_partial(
State(_state): State<ServerState>,
VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
Extension(_kopid): Extension<KOpId>,
+ Query(email_query): Query<AddEmailQuery>,
) -> axum::response::Result<Response> {
let add_email_trigger =
HxResponseTrigger::after_swap([HxEvent::new("addEmailSwapped".to_string())]);
Ok((
add_email_trigger,
- FormModEntryModListPartial {
- can_rw: true,
- r#type: "email".to_string(),
- name: "emails[]".to_string(),
+ FormEmailEntryListPartial {
+ can_edit: true,
value: "".to_string(),
- invalid_feedback: "Please enter a valid email address.".to_string(),
+ primary: email_query.email_index.is_none(),
+ index: email_query.email_index.map(|i| i + 1).unwrap_or(0),
},
)
.into_response())
diff --git a/server/core/static/external/forms.js b/server/core/static/external/forms.js
index 7e5bfe74c..7c34fc76f 100644
--- a/server/core/static/external/forms.js
+++ b/server/core/static/external/forms.js
@@ -6,9 +6,9 @@ function rehook_string_list_removers() {
if (button.getAttribute("kanidm_hooked") !== null) continue
button.addEventListener("click", (e) => {
- // Expected html nesting: li > div.input-group > button.kanidm-remove-list-entry
+ // Expected html nesting: div.email-entry > div.input-group > button.kanidm-remove-list-entry
let li = button.parentElement?.parentElement;
- if (li && li.tagName === "LI") {
+ if (li && li.classList.contains("email-entry")) {
li.remove();
}
})
diff --git a/server/core/templates/user_settings/form_email_entry_partial.html b/server/core/templates/user_settings/form_email_entry_partial.html
new file mode 100644
index 000000000..032c29bc4
--- /dev/null
+++ b/server/core/templates/user_settings/form_email_entry_partial.html
@@ -0,0 +1,17 @@
+<div class="email-entry">
+ <input hidden class="email-index-state" type="text" name="email_index" value="((index))">
+ <div class="input-group mb-1">
+
+ <div class="input-group-text">
+ <input class="form-check-input mt-0" name="primary_email_index" type="radio" value="((index))" aria-label="Primary email radio button for following text input" (% if primary %) checked (% endif %)(% if !can_edit %) disabled (% endif %)>
+ </div>
+
+ (% if can_edit %)
+ <input type="email" aria-label="Email address input ((index))" class="form-control" name="emails[]" value="(( value ))" hx-validate="true" required>
+ <button type="button" class="btn btn-secondary kanidm-remove-list-entry">Remove</button>
+ (% else %)
+ <input type="email" aria-label="Email address input ((index))" class="form-control" name="emails[]" value="(( value ))" hx-validate="true" required disabled>
+ (% endif %)
+ </div>
+ <div class="invalid-feedback">Please enter a valid email address.</div>
+</div>
\ No newline at end of file
diff --git a/server/core/templates/user_settings/profile_changes_partial.html b/server/core/templates/user_settings/profile_changes_partial.html
index 6288868aa..078c6f134 100644
--- a/server/core/templates/user_settings/profile_changes_partial.html
+++ b/server/core/templates/user_settings/profile_changes_partial.html
@@ -13,7 +13,7 @@ Profile Difference
<input type="hidden" name="display_name" value="(( new_attrs.display_name ))"/>
<!-- <input type="hidden" name="legal_name" value=" new_attrs.legal_name "/>-->
(% for email in new_attrs.emails %)
- <input type="hidden" name="emails[]" value="(( email ))"/>
+ <input type="hidden" name="emails[]" value="(( email.value ))"/>
(% endfor %)
<table class="table table-bordered table-responsive">
@@ -54,7 +54,7 @@ Profile Difference
<td class="text-break">
<ul>
(% for email in new_attrs.emails %)
- <li>(( email ))</li>
+ <li>(( email.value ))</li>
(% endfor %)
</ul>
</td>
diff --git a/server/core/templates/user_settings_profile_partial.html b/server/core/templates/user_settings_profile_partial.html
index 2ab46ff69..0f170280b 100644
--- a/server/core/templates/user_settings_profile_partial.html
+++ b/server/core/templates/user_settings_profile_partial.html
@@ -21,17 +21,26 @@ Profile
(% block settings_window %)
-<form id="user_settings_container" class="needs-validation" hx-post="/ui/api/user_settings/edit_profile"
- hx-target="#user_settings_container" hx-swap="outerHTML" hx-validate="true" hx-ext="bs-validation" novalidate>
+<form id="user_settings_container" class="needs-validation"
+ hx-post="/ui/api/user_settings/edit_profile"
+ hx-target="#user_settings_container"
+ hx-swap="outerHTML"
+ hx-validate="true"
+ hx-ext="bs-validation"
+ novalidate>
(% call string_attr("Name", "name", person.name, true, Attribute::Name) %)
(% call string_attr("Displayname", "displayname", person.displayname, true, Attribute::DisplayName) %)
<div class="mb-2">
<div class="mt-3 mb-2 col-12 col-md-11 col-lg-8">
- <label for="profileEmail" class="fw-bold">Email addresses (select primary)</label>
+ <label for="profileEmail" class="fw-bold">Email addresses (% if can_rw %)(selected => primary)(% else %)(select primary)(% endif %)</label>
(% if can_rw %)
- <a class="cursor-pointer float-end" hx-boost="true" hx-post="/ui/api/user_settings/add_email" hx-target="#emailAddresses"
+ <a class="cursor-pointer float-end"
+ hx-boost="true"
+ hx-get="/ui/api/user_settings/add_email"
+ hx-target="#emailAddresses"
+ hx-include="#emailAddresses :last-child .email-index-state"
hx-swap="beforeend">
<svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" class="bi bi-plus-square"
viewBox="0 0 16 16" width="20" height="20">
@@ -39,29 +48,17 @@ Profile
<path d="M8 4a.5.5 0 0 1 .5.5v3h3a.5.5 0 0 1 0 1h-3v3a.5.5 0 0 1-1 0v-3h-3a.5.5 0 0 1 0-1h3v-3A.5.5 0 0 1 8 4"></path>
</svg>
</a>
+ (% endif %)
</div>
- (% endif %)
<div>
<div class="row g-0">
<div class="col-12 col-md-11 col-lg-8" id="emailAddresses">
- (% for (i, email) in person.mails.iter().enumerate() %)
- (% let type = "email" %)
- (% let name = "emails[]" %)
+ (% for (index, email) in person.mails.iter().enumerate() %)
(% let value = email.value.clone() %)
- (% let invalid_feedback = "Please enter a valid email address." %)
+ (% let primary = email.primary %)
+ (% let can_edit = scim_effective_access.modify_present.check(Attribute::Mail|as_ref) %)
- <div class="input-group mb-1">
- <div class="input-group-text">
- <input class="form-check-input mt-0" name="primary_email_index" type="radio" value="((i))" aria-label="Primary email radio button for following text input">
- </div>
-
- <input type="(( type ))" class="form-control" name="(( name ))" value="(( value ))" hx-validate="true" required>
- (% if can_rw %)
- <button type="button" class="btn btn-secondary kanidm-remove-list-entry">Remove</button>
- (% endif %)
-
- </div>
- <div class="invalid-feedback">(( invalid_feedback ))</div>
+ (% include "user_settings/form_email_entry_partial.html" %)
(% endfor %)
</div>
From a708d8c9380dd11f1da4750373cd7191eb2700bb Mon Sep 17 00:00:00 2001
From: ToxicMushroom <32853531+ToxicMushroom@users.noreply.github.com>
Date: Sun, 6 Apr 2025 01:25:35 +0200
Subject: [PATCH 5/7] Working diff viewer
---
server/core/src/https/views/profile.rs | 54 ++++++++++++------
.../profile_changes_partial.html | 57 ++++++++++++-------
.../user_settings_profile_partial.html | 2 +-
3 files changed, 75 insertions(+), 38 deletions(-)
diff --git a/server/core/src/https/views/profile.rs b/server/core/src/https/views/profile.rs
index a3678010f..770ead2b2 100644
--- a/server/core/src/https/views/profile.rs
+++ b/server/core/src/https/views/profile.rs
@@ -10,7 +10,7 @@ use askama::Template;
use askama_axum::IntoResponse;
use axum::extract::{Query, State};
use axum::http::Uri;
-use axum::response::Response;
+use axum::response::{Redirect, Response};
use axum::Extension;
use axum_extra::extract::cookie::CookieJar;
use axum_extra::extract::Form;
@@ -60,6 +60,18 @@ pub(crate) struct SaveProfileQuery {
primary_email_index: u16,
}
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub(crate) struct CommitSaveProfileQuery {
+ #[serde(rename = "account_name")]
+ account_name: String,
+ #[serde(rename = "display_name")]
+ display_name: String,
+ #[serde(rename = "emails[]")]
+ emails: Vec<String>,
+ #[serde(rename = "new_primary_mail")]
+ new_primary_mail: Option<String>
+}
+
#[derive(Clone, Debug, Serialize, Deserialize)]
pub(crate) struct ProfileAttributes {
account_name: String,
@@ -73,7 +85,9 @@ struct ProfileChangesPartialView {
menu_active_item: ProfileMenuItems,
can_rw: bool,
person: ScimPerson,
+ primary_mail: Option<String>,
new_attrs: ProfileAttributes,
+ new_primary_mail: Option<String>,
}
#[derive(Template, Clone)]
@@ -109,7 +123,7 @@ pub(crate) async fn view_profile_get(
&kopid,
client_auth_info.clone(),
)
- .await?;
+ .await?;
let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
@@ -149,8 +163,7 @@ pub(crate) async fn view_profile_diff_start_save_post(
state,
&kopid,
client_auth_info.clone(),
- )
- .await?;
+ ).await?;
let primary_index = query
.emails_indexes
@@ -166,23 +179,28 @@ pub(crate) async fn view_profile_diff_start_save_post(
value: email.to_string(),
})
.collect();
+ let old_primary_mail = scim_person.mails.iter()
+ .find(|sm| sm.primary)
+ .map(|sm| sm.value.clone());
+
let profile_view = ProfileChangesPartialView {
menu_active_item: ProfileMenuItems::UserProfile,
can_rw,
person: scim_person,
+ primary_mail: old_primary_mail,
new_attrs: ProfileAttributes {
account_name: query.account_name,
display_name: query.display_name,
emails: new_mails,
},
+ new_primary_mail: query.emails.get(primary_index).cloned(),
};
Ok((
HxPushUrl(Uri::from_static("/ui/profile/diff")),
profile_view,
- )
- .into_response())
+ ).into_response())
}
pub(crate) async fn view_profile_diff_confirm_save_post(
@@ -191,14 +209,14 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
DomainInfo(domain_info): DomainInfo,
// Form must be the last parameter because it consumes the request body
- Form(mut new_attrs): Form<ProfileAttributes>,
+ Form(query): Form<CommitSaveProfileQuery>,
) -> axum::response::Result<Response> {
let uat: UserAuthToken = state
.qe_r_ref
.handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
.map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
.await?;
- dbg!(&new_attrs);
+ dbg!(&query);
let filter = filter_all!(f_and!([f_id(uat.uuid.to_string().as_str())]));
@@ -208,24 +226,26 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
client_auth_info.clone(),
uat.uuid.to_string(),
ATTR_DISPLAYNAME.to_string(),
- vec![new_attrs.display_name],
+ vec![query.display_name],
filter.clone(),
kopid.eventid,
)
.map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
.await?;
- new_attrs
- .emails
- .sort_by_key(|sm| if sm.primary { 0 } else { 1 });
- let email_addresses = new_attrs.emails.into_iter().map(|sm| sm.value).collect();
+
+ let mut emails = query.emails;
+ if let Some(primary) = query.new_primary_mail {
+ emails.insert(0, primary);
+ }
+
state
.qe_w_ref
.handle_setattribute(
client_auth_info.clone(),
uat.uuid.to_string(),
ATTR_MAIL.to_string(),
- email_addresses,
+ emails,
filter.clone(),
kopid.eventid,
)
@@ -266,9 +286,9 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
VerifiedClientInformation(client_auth_info),
DomainInfo(domain_info),
)
- .await
+ .await
{
- Ok(pv) => Ok(pv.into_response()),
+ Ok(_) => Ok(Redirect::to(Urls::Profile.as_ref()).into_response()),
Err(e) => Ok(e.into_response()),
}
}
@@ -331,5 +351,5 @@ pub(crate) async fn view_profile_unlock_get(
Urls::Profile.as_ref(),
display_ctx,
)
- .await)
+ .await)
}
diff --git a/server/core/templates/user_settings/profile_changes_partial.html b/server/core/templates/user_settings/profile_changes_partial.html
index 078c6f134..43229b24e 100644
--- a/server/core/templates/user_settings/profile_changes_partial.html
+++ b/server/core/templates/user_settings/profile_changes_partial.html
@@ -13,10 +13,15 @@ Profile Difference
<input type="hidden" name="display_name" value="(( new_attrs.display_name ))"/>
<!-- <input type="hidden" name="legal_name" value=" new_attrs.legal_name "/>-->
(% for email in new_attrs.emails %)
- <input type="hidden" name="emails[]" value="(( email.value ))"/>
+ (% if !email.primary %)
+ <input type="hidden" name="emails[]" value="(( email.value ))"/>
+ (% endif %)
(% endfor %)
+ (% if let Some(new_primary_mail) = new_primary_mail %)
+ <input type="hidden" name="new_primary_mail" value="(( new_primary_mail ))"/>
+ (% endif %)
- <table class="table table-bordered table-responsive">
+ <table class="table table-bordered overflow-x-scroll">
<thead>
<tr>
<th scope="col">Attribute</th>
@@ -39,32 +44,44 @@ Profile Difference
<td class="text-break">(( new_attrs.display_name ))</td>
</tr>
(% endif %)
-
-
- <!-- TODO: List new items with +, same items with . -->
- <tr>
- <th scope="row">Emails</th>
- <td class="text-break">
- <ul>
+ <!-- TODO: List new items with +, same items with . -->
+ <tr>
+ <th scope="row">Primary Emails</th>
+ <td class="text-nowrap">
+ (( primary_mail.clone().unwrap_or("none".to_string()) ))
+ </td>
+ <td class="text-nowrap">
+ (( new_primary_mail.clone().unwrap_or("none".to_string()) ))
+ </td>
+ </tr>
+ <tr>
+ <th scope="row">Secondary Emails</th>
+ <td class="text-break">
+ <ul class="ps-3">
(% for email in person.mails %)
- <li>(( email.value ))</li>
+ (% if !email.primary %)
+ <li class="text-nowrap">(( email.value ))</li>
+ (% endif %)
(% endfor %)
- </ul>
- </td>
- <td class="text-break">
- <ul>
+ </ul>
+ </td>
+ <td class="text-break">
+ <ul class="ps-3">
(% for email in new_attrs.emails %)
- <li>(( email.value ))</li>
+ (% if !email.primary %)
+ <li class="text-nowrap">(( email.value ))</li>
+ (% endif %)
(% endfor %)
- </ul>
- </td>
- </tr>
+ </ul>
+ </td>
+ </tr>
+
</table>
<!-- Edit button -->
<div class="pt-4" hx-target="#user_settings_container" hx-swap="outerHTML">
(% if can_rw %)
- <button class="btn btn-danger" type="button" hx-get="/ui/profile" hx-target="#user_settings_container" hx-swap="outerHTML">Discard Changes</button>
- <button class="btn btn-primary" type="button" hx-post="/ui/api/user_settings/confirm_profile" hx-target="#user_settings_container" hx-swap="outerHTML">Confirm Changes</button>
+ <button class="btn btn-danger" type="button" hx-get="/ui/profile" hx-target="body" hx-swap="outerHTML">Discard Changes</button>
+ <button class="btn btn-primary" type="button" hx-post="/ui/api/user_settings/confirm_profile" hx-target="body" hx-swap="outerHTML">Confirm Changes</button>
(% else %)
<a href="/ui/profile/unlock" hx-boost="false">
<!-- TODO: at the moment, session expiring here means progress is lost. Do we just show an error screen ? We can't pass the update state through the reauth session, and we don't have profile update sessions like cred update. -->
diff --git a/server/core/templates/user_settings_profile_partial.html b/server/core/templates/user_settings_profile_partial.html
index 0f170280b..24a788b2d 100644
--- a/server/core/templates/user_settings_profile_partial.html
+++ b/server/core/templates/user_settings_profile_partial.html
@@ -23,7 +23,7 @@ Profile
<form id="user_settings_container" class="needs-validation"
hx-post="/ui/api/user_settings/edit_profile"
- hx-target="#user_settings_container"
+ hx-target="#main"
hx-swap="outerHTML"
hx-validate="true"
hx-ext="bs-validation"
From 9b3f814b676b80a1023d0ca769fcd467d47aa43b Mon Sep 17 00:00:00 2001
From: ToxicMushroom <32853531+ToxicMushroom@users.noreply.github.com>
Date: Sun, 6 Apr 2025 01:29:26 +0200
Subject: [PATCH 6/7] cargo fmt
---
server/core/src/https/views/profile.rs | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/server/core/src/https/views/profile.rs b/server/core/src/https/views/profile.rs
index 770ead2b2..2c6ab892a 100644
--- a/server/core/src/https/views/profile.rs
+++ b/server/core/src/https/views/profile.rs
@@ -69,7 +69,7 @@ pub(crate) struct CommitSaveProfileQuery {
#[serde(rename = "emails[]")]
emails: Vec<String>,
#[serde(rename = "new_primary_mail")]
- new_primary_mail: Option<String>
+ new_primary_mail: Option<String>,
}
#[derive(Clone, Debug, Serialize, Deserialize)]
@@ -123,7 +123,7 @@ pub(crate) async fn view_profile_get(
&kopid,
client_auth_info.clone(),
)
- .await?;
+ .await?;
let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
@@ -163,7 +163,8 @@ pub(crate) async fn view_profile_diff_start_save_post(
state,
&kopid,
client_auth_info.clone(),
- ).await?;
+ )
+ .await?;
let primary_index = query
.emails_indexes
@@ -179,11 +180,12 @@ pub(crate) async fn view_profile_diff_start_save_post(
value: email.to_string(),
})
.collect();
- let old_primary_mail = scim_person.mails.iter()
+ let old_primary_mail = scim_person
+ .mails
+ .iter()
.find(|sm| sm.primary)
.map(|sm| sm.value.clone());
-
let profile_view = ProfileChangesPartialView {
menu_active_item: ProfileMenuItems::UserProfile,
can_rw,
@@ -200,7 +202,8 @@ pub(crate) async fn view_profile_diff_start_save_post(
Ok((
HxPushUrl(Uri::from_static("/ui/profile/diff")),
profile_view,
- ).into_response())
+ )
+ .into_response())
}
pub(crate) async fn view_profile_diff_confirm_save_post(
@@ -233,7 +236,6 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
.map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
.await?;
-
let mut emails = query.emails;
if let Some(primary) = query.new_primary_mail {
emails.insert(0, primary);
@@ -286,7 +288,7 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
VerifiedClientInformation(client_auth_info),
DomainInfo(domain_info),
)
- .await
+ .await
{
Ok(_) => Ok(Redirect::to(Urls::Profile.as_ref()).into_response()),
Err(e) => Ok(e.into_response()),
@@ -351,5 +353,5 @@ pub(crate) async fn view_profile_unlock_get(
Urls::Profile.as_ref(),
display_ctx,
)
- .await)
+ .await)
}
From 3077d86aa1cb77a83bc7c6bdf8c400c0a57f5f65 Mon Sep 17 00:00:00 2001
From: ToxicMushroom <32853531+ToxicMushroom@users.noreply.github.com>
Date: Sun, 6 Apr 2025 04:22:56 +0200
Subject: [PATCH 7/7] final fixes
---
proto/src/scim_v1/mod.rs | 2 +-
server/core/src/https/views/profile.rs | 52 ++++++---
.../profile_changes_partial.html | 106 ++++++++++--------
3 files changed, 93 insertions(+), 67 deletions(-)
diff --git a/proto/src/scim_v1/mod.rs b/proto/src/scim_v1/mod.rs
index db9c7a8aa..5750e9572 100644
--- a/proto/src/scim_v1/mod.rs
+++ b/proto/src/scim_v1/mod.rs
@@ -71,7 +71,7 @@ pub enum ScimSchema {
}
#[serde_as]
-#[derive(Deserialize, Serialize, Debug, Clone, ToSchema)]
+#[derive(Deserialize, Serialize, PartialEq, Eq, Debug, Clone, ToSchema)]
#[serde(deny_unknown_fields, rename_all = "camelCase")]
pub struct ScimMail {
#[serde(default)]
diff --git a/server/core/src/https/views/profile.rs b/server/core/src/https/views/profile.rs
index 2c6ab892a..63cbf1603 100644
--- a/server/core/src/https/views/profile.rs
+++ b/server/core/src/https/views/profile.rs
@@ -17,7 +17,7 @@ use axum_extra::extract::Form;
use axum_htmx::{HxEvent, HxPushUrl, HxResponseTrigger};
use futures_util::TryFutureExt;
use kanidm_proto::attribute::Attribute;
-use kanidm_proto::constants::{ATTR_DISPLAYNAME, ATTR_MAIL};
+use kanidm_proto::constants::{ATTR_DISPLAYNAME, ATTR_MAIL, ATTR_NAME};
use kanidm_proto::internal::UserAuthToken;
use kanidm_proto::scim_v1::server::{ScimEffectiveAccess, ScimPerson};
use kanidm_proto::scim_v1::ScimMail;
@@ -63,9 +63,9 @@ pub(crate) struct SaveProfileQuery {
#[derive(Clone, Debug, Serialize, Deserialize)]
pub(crate) struct CommitSaveProfileQuery {
#[serde(rename = "account_name")]
- account_name: String,
+ account_name: Option<String>,
#[serde(rename = "display_name")]
- display_name: String,
+ display_name: Option<String>,
#[serde(rename = "emails[]")]
emails: Vec<String>,
#[serde(rename = "new_primary_mail")]
@@ -88,6 +88,7 @@ struct ProfileChangesPartialView {
primary_mail: Option<String>,
new_attrs: ProfileAttributes,
new_primary_mail: Option<String>,
+ emails_are_same: bool,
}
#[derive(Template, Clone)]
@@ -186,6 +187,8 @@ pub(crate) async fn view_profile_diff_start_save_post(
.find(|sm| sm.primary)
.map(|sm| sm.value.clone());
+ let emails_are_same = scim_person.mails == new_mails;
+
let profile_view = ProfileChangesPartialView {
menu_active_item: ProfileMenuItems::UserProfile,
can_rw,
@@ -196,6 +199,7 @@ pub(crate) async fn view_profile_diff_start_save_post(
display_name: query.display_name,
emails: new_mails,
},
+ emails_are_same,
new_primary_mail: query.emails.get(primary_index).cloned(),
};
@@ -219,23 +223,37 @@ pub(crate) async fn view_profile_diff_confirm_save_post(
.handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
.map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
.await?;
- dbg!(&query);
let filter = filter_all!(f_and!([f_id(uat.uuid.to_string().as_str())]));
- state
- .qe_w_ref
- .handle_setattribute(
- client_auth_info.clone(),
- uat.uuid.to_string(),
- ATTR_DISPLAYNAME.to_string(),
- vec![query.display_name],
- filter.clone(),
- kopid.eventid,
- )
- .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
- .await?;
-
+ if let Some(account_name) = query.account_name {
+ state
+ .qe_w_ref
+ .handle_setattribute(
+ client_auth_info.clone(),
+ uat.uuid.to_string(),
+ ATTR_NAME.to_string(),
+ vec![account_name],
+ filter.clone(),
+ kopid.eventid,
+ )
+ .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
+ .await?;
+ }
+ if let Some(display_name) = query.display_name {
+ state
+ .qe_w_ref
+ .handle_setattribute(
+ client_auth_info.clone(),
+ uat.uuid.to_string(),
+ ATTR_DISPLAYNAME.to_string(),
+ vec![display_name],
+ filter.clone(),
+ kopid.eventid,
+ )
+ .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
+ .await?;
+ }
let mut emails = query.emails;
if let Some(primary) = query.new_primary_mail {
emails.insert(0, primary);
diff --git a/server/core/templates/user_settings/profile_changes_partial.html b/server/core/templates/user_settings/profile_changes_partial.html
index 43229b24e..36b5c59ba 100644
--- a/server/core/templates/user_settings/profile_changes_partial.html
+++ b/server/core/templates/user_settings/profile_changes_partial.html
@@ -9,79 +9,87 @@ Profile Difference
(% block settings_window %)
<form>
+ (% if person.name != new_attrs.account_name %)
<input type="hidden" name="account_name" value="(( new_attrs.account_name ))"/>
+ (% endif %)
+ (% if person.displayname != new_attrs.display_name %)
<input type="hidden" name="display_name" value="(( new_attrs.display_name ))"/>
-<!-- <input type="hidden" name="legal_name" value=" new_attrs.legal_name "/>-->
+ (% endif %)
+
(% for email in new_attrs.emails %)
- (% if !email.primary %)
- <input type="hidden" name="emails[]" value="(( email.value ))"/>
- (% endif %)
+ (% if !email.primary %)
+ <input type="hidden" name="emails[]" value="(( email.value ))"/>
+ (% endif %)
(% endfor %)
(% if let Some(new_primary_mail) = new_primary_mail %)
- <input type="hidden" name="new_primary_mail" value="(( new_primary_mail ))"/>
+ <input type="hidden" name="new_primary_mail" value="(( new_primary_mail ))"/>
(% endif %)
<table class="table table-bordered overflow-x-scroll">
<thead>
- <tr>
- <th scope="col">Attribute</th>
- <th scope="col">Old value</th>
- <th scope="col">New value</th>
- </tr>
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Old value</th>
+ <th scope="col">New value</th>
+ </tr>
</thead>
- (% if person.name != new_attrs.account_name %)
+ (% if person.name != new_attrs.account_name %)
<tr>
<th scope="row">Username</th>
<td class="text-break">(( person.name ))</td>
<td class="text-break">(( new_attrs.account_name ))</td>
</tr>
- (% endif %)
+ (% endif %)
- (% if person.displayname != new_attrs.display_name %)
+ (% if person.displayname != new_attrs.display_name %)
<tr>
<th scope="row">Display name</th>
<td class="text-break">(( person.displayname ))</td>
<td class="text-break">(( new_attrs.display_name ))</td>
</tr>
- (% endif %)
- <!-- TODO: List new items with +, same items with . -->
- <tr>
- <th scope="row">Primary Emails</th>
- <td class="text-nowrap">
- (( primary_mail.clone().unwrap_or("none".to_string()) ))
- </td>
- <td class="text-nowrap">
- (( new_primary_mail.clone().unwrap_or("none".to_string()) ))
- </td>
- </tr>
- <tr>
- <th scope="row">Secondary Emails</th>
- <td class="text-break">
- <ul class="ps-3">
- (% for email in person.mails %)
- (% if !email.primary %)
- <li class="text-nowrap">(( email.value ))</li>
- (% endif %)
- (% endfor %)
- </ul>
- </td>
- <td class="text-break">
- <ul class="ps-3">
- (% for email in new_attrs.emails %)
- (% if !email.primary %)
- <li class="text-nowrap">(( email.value ))</li>
- (% endif %)
- (% endfor %)
- </ul>
- </td>
- </tr>
-
+ (% endif %)
+ (% if !emails_are_same %)
+ <tr>
+ <th scope="row">Primary Emails</th>
+ <td class="text-nowrap">
+ (( primary_mail.clone().unwrap_or("none".to_string()) ))
+ </td>
+ <td class="text-nowrap">
+ (( new_primary_mail.clone().unwrap_or("none".to_string()) ))
+ </td>
+ </tr>
+ <tr>
+ <th scope="row">Secondary Emails</th>
+ <td class="text-break">
+ <ul class="ps-3">
+ (% for email in person.mails %)
+ (% if !email.primary %)
+ <li class="text-nowrap">(( email.value ))</li>
+ (% endif %)
+ (% endfor %)
+ </ul>
+ </td>
+ <td class="text-break">
+ <ul class="ps-3">
+ (% for email in new_attrs.emails %)
+ (% if !email.primary %)
+ <li class="text-nowrap">(( email.value ))</li>
+ (% endif %)
+ (% endfor %)
+ </ul>
+ </td>
+ </tr>
+ (% endif %)
</table>
- <!-- Edit button -->
+
<div class="pt-4" hx-target="#user_settings_container" hx-swap="outerHTML">
(% if can_rw %)
- <button class="btn btn-danger" type="button" hx-get="/ui/profile" hx-target="body" hx-swap="outerHTML">Discard Changes</button>
- <button class="btn btn-primary" type="button" hx-post="/ui/api/user_settings/confirm_profile" hx-target="body" hx-swap="outerHTML">Confirm Changes</button>
+ <button class="btn btn-danger" type="button" hx-get="/ui/profile" hx-target="body" hx-swap="outerHTML">Discard
+ Changes
+ </button>
+ <button class="btn btn-primary" type="button" hx-post="/ui/api/user_settings/confirm_profile" hx-target="body"
+ hx-swap="outerHTML">Confirm Changes
+ </button>
(% else %)
<a href="/ui/profile/unlock" hx-boost="false">
<!-- TODO: at the moment, session expiring here means progress is lost. Do we just show an error screen ? We can't pass the update state through the reauth session, and we don't have profile update sessions like cred update. -->