mirror of
https://github.com/kanidm/kanidm.git
synced 2025-06-12 11:07:46 +02:00
* wireframed up the admin menu and components * banner-shaped yak shaving * making some nicer messages in the cert script * removing wee_alloc * adding admin_groups ui * adding oauth2 basics * added group view page * changing to expect_throw * serde-wasm-bindgen fixes * adding view person and view service account basics * adding basic testy things * dropping breadcrumbs all over the place * minor changes to oauth2 admin interface, adding automation around wasm testing
225 lines
7.1 KiB
Rust
225 lines
7.1 KiB
Rust
use crate::constants::CSS_PAGE_HEADER;
|
|
use crate::error::*;
|
|
use crate::models;
|
|
use crate::utils;
|
|
|
|
use crate::components::change_unix_password::ChangeUnixPassword;
|
|
use crate::manager::Route;
|
|
use crate::views::{ViewProps, ViewRoute};
|
|
|
|
use compact_jwt::{Jws, JwsUnverified};
|
|
#[cfg(debug)]
|
|
use gloo::console;
|
|
use std::str::FromStr;
|
|
use yew::prelude::*;
|
|
use yew_router::prelude::*;
|
|
|
|
use kanidm_proto::v1::{CUSessionToken, CUStatus, UserAuthToken};
|
|
|
|
use wasm_bindgen::{JsCast, UnwrapThrowExt};
|
|
use wasm_bindgen_futures::JsFuture;
|
|
use web_sys::{Request, RequestInit, RequestMode, Response};
|
|
|
|
#[allow(clippy::large_enum_variant)]
|
|
// Page state
|
|
pub enum Msg {
|
|
// Nothing
|
|
RequestCredentialUpdate,
|
|
BeginCredentialUpdate {
|
|
token: CUSessionToken,
|
|
status: CUStatus,
|
|
},
|
|
Error {
|
|
emsg: String,
|
|
kopid: Option<String>,
|
|
},
|
|
}
|
|
|
|
impl From<FetchError> for Msg {
|
|
fn from(fe: FetchError) -> Self {
|
|
Msg::Error {
|
|
emsg: fe.as_string(),
|
|
kopid: None,
|
|
}
|
|
}
|
|
}
|
|
|
|
enum State {
|
|
Init,
|
|
Waiting,
|
|
Error { emsg: String, kopid: Option<String> },
|
|
}
|
|
|
|
pub struct SecurityApp {
|
|
state: State,
|
|
}
|
|
|
|
impl Component for SecurityApp {
|
|
type Message = Msg;
|
|
type Properties = ViewProps;
|
|
|
|
fn create(_ctx: &Context<Self>) -> Self {
|
|
#[cfg(debug)]
|
|
console::debug!("views::security::create");
|
|
SecurityApp { state: State::Init }
|
|
}
|
|
|
|
fn changed(&mut self, _ctx: &Context<Self>) -> bool {
|
|
#[cfg(debug)]
|
|
console::debug!("views::security::changed");
|
|
true
|
|
}
|
|
|
|
fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
|
|
#[cfg(debug)]
|
|
console::debug!("views::security::update");
|
|
match msg {
|
|
Msg::RequestCredentialUpdate => {
|
|
// Submit a req to init the session.
|
|
// The uuid we want to submit against - hint, it's us.
|
|
let token = ctx.props().token.clone();
|
|
|
|
let jwtu =
|
|
JwsUnverified::from_str(&token).expect_throw("Invalid UAT, unable to parse");
|
|
|
|
let uat: Jws<UserAuthToken> = jwtu
|
|
.unsafe_release_without_verification()
|
|
.expect_throw("Unvalid UAT, unable to release ");
|
|
|
|
let id = uat.inner.uuid.to_string();
|
|
|
|
ctx.link().send_future(async {
|
|
match Self::fetch_token_valid(id, token).await {
|
|
Ok(v) => v,
|
|
Err(v) => v.into(),
|
|
}
|
|
});
|
|
|
|
self.state = State::Waiting;
|
|
true
|
|
}
|
|
Msg::BeginCredentialUpdate { token, status } => {
|
|
// Got the rec, setup.
|
|
models::push_cred_update_session((token, status));
|
|
models::push_return_location(models::Location::Views(ViewRoute::Security));
|
|
|
|
ctx.link()
|
|
.history()
|
|
.expect_throw("failed to read history")
|
|
.push(Route::CredentialReset);
|
|
// No need to redraw, or reset state, since this redirect will destroy
|
|
// the state.
|
|
false
|
|
}
|
|
Msg::Error { emsg, kopid } => {
|
|
self.state = State::Error { emsg, kopid };
|
|
true
|
|
}
|
|
}
|
|
}
|
|
|
|
fn rendered(&mut self, _ctx: &Context<Self>, _first_render: bool) {
|
|
#[cfg(debug)]
|
|
console::debug!("views::security::rendered");
|
|
}
|
|
|
|
fn view(&self, ctx: &Context<Self>) -> Html {
|
|
let submit_enabled = match self.state {
|
|
State::Init | State::Error { .. } => true,
|
|
State::Waiting => false,
|
|
};
|
|
|
|
let flash = match &self.state {
|
|
State::Error { emsg, kopid } => {
|
|
let message = match kopid {
|
|
Some(k) => format!("An error occured - {} - {}", emsg, k),
|
|
None => format!("An error occured - {} - No Operation ID", emsg),
|
|
};
|
|
html! {
|
|
<div class="alert alert-danger alert-dismissible fade show" role="alert">
|
|
{ message }
|
|
<button type="button" class="btn btn-close" data-dismiss="alert" aria-label="Close"></button>
|
|
</div>
|
|
}
|
|
}
|
|
_ => html! { <></> },
|
|
};
|
|
|
|
let current_user = ctx.props().current_user.clone();
|
|
|
|
html! {
|
|
<>
|
|
<div class={CSS_PAGE_HEADER}>
|
|
<h2>{ "Security" }</h2>
|
|
</div>
|
|
{ flash }
|
|
<div>
|
|
<p>
|
|
<button type="button" class="btn btn-primary"
|
|
disabled={ !submit_enabled }
|
|
onclick={
|
|
// TODO: figure out if we need the e here? :)
|
|
ctx.link().callback(|_e| {
|
|
Msg::RequestCredentialUpdate
|
|
})
|
|
}
|
|
>
|
|
{ "Password and Authentication Settings" }
|
|
</button>
|
|
</p>
|
|
</div>
|
|
<hr/>
|
|
if let Some(user) = current_user {
|
|
if user.youare.attrs.get("class").map(|x| x.contains(&String::from("posixaccount"))).unwrap_or(true) {
|
|
<div>
|
|
<p>
|
|
<ChangeUnixPassword token={ctx.props().token.clone()}></ChangeUnixPassword>
|
|
</p>
|
|
</div>
|
|
}
|
|
}
|
|
</>
|
|
}
|
|
}
|
|
}
|
|
|
|
impl SecurityApp {
|
|
async fn fetch_token_valid(id: String, token: String) -> Result<Msg, FetchError> {
|
|
let mut opts = RequestInit::new();
|
|
opts.method("GET");
|
|
opts.mode(RequestMode::SameOrigin);
|
|
|
|
let uri = format!("/v1/person/{}/_credential/_update", id);
|
|
|
|
let request = Request::new_with_str_and_init(uri.as_str(), &opts)?;
|
|
|
|
request
|
|
.headers()
|
|
.set("content-type", "application/json")
|
|
.expect_throw("failed to set header");
|
|
request
|
|
.headers()
|
|
.set("authorization", format!("Bearer {}", token).as_str())
|
|
.expect_throw("failed to set header");
|
|
|
|
let window = utils::window();
|
|
let resp_value = JsFuture::from(window.fetch_with_request(&request)).await?;
|
|
let resp: Response = resp_value.dyn_into().expect_throw("Invalid response type");
|
|
let status = resp.status();
|
|
|
|
if status == 200 {
|
|
let jsval = JsFuture::from(resp.json()?).await?;
|
|
let (token, status): (CUSessionToken, CUStatus) =
|
|
serde_wasm_bindgen::from_value(jsval).expect_throw("Invalid response type");
|
|
Ok(Msg::BeginCredentialUpdate { token, status })
|
|
} else {
|
|
let headers = resp.headers();
|
|
let kopid = headers.get("x-kanidm-opid").ok().flatten();
|
|
let text = JsFuture::from(resp.text()?).await?;
|
|
let emsg = text.as_string().unwrap_or_else(|| "".to_string());
|
|
// let jsval_json = JsFuture::from(resp.json()?).await?;
|
|
Ok(Msg::Error { emsg, kopid })
|
|
}
|
|
}
|
|
}
|