Add database columns to store OpenID Connect information for Proxy Hosts.

2025-10-31 07:43:33 +00:00 · 2020-05-22 12:31:03 -05:00
parent 8e10b7da37
commit 53792a5cf7
6 changed files with 148 additions and 7 deletions
--- a/backend/migrations/20200522113248_openid_connect.js
+++ b/backend/migrations/20200522113248_openid_connect.js
@@ -0,0 +1,48 @@
+const migrate_name = 'openid_connect';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.integer('openidc_enabled').notNull().unsigned().defaultTo(0);
+		proxy_host.text('openidc_redirect_uri').notNull().defaultTo('');
+		proxy_host.text('openidc_discovery').notNull().defaultTo('');
+		proxy_host.text('openidc_auth_method').notNull().defaultTo('client_secret_post');
+		proxy_host.text('openidc_client_id').notNull().defaultTo('');
+		proxy_host.text('openidc_client_secret').notNull().defaultTo('');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+		});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.dropColumn('openidc_enabled');
+		proxy_host.dropColumn('openidc_redirect_uri');
+		proxy_host.dropColumn('openidc_discovery');
+		proxy_host.dropColumn('openidc_auth_method');
+		proxy_host.dropColumn('openidc_client_id');
+		proxy_host.dropColumn('openidc_client_secret');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+		});
+};
--- a/backend/schema/definitions.json
+++ b/backend/schema/definitions.json
@@ -235,6 +235,27 @@
      "description": "Should we cache assets",
      "example": true,
      "type": "boolean"
+    },
+    "openidc_enabled": {
+      "description": "Is OpenID Connect authentication enabled",
+      "example": true,
+      "type": "boolean"
+    },
+    "openidc_redirect_uri": {
+      "type": "string"
+    },
+    "openidc_discovery": {
+      "type": "string"
+    },
+    "openidc_auth_method": {
+      "type": "string",
+      "pattern": "^(client_secret_basic|client_secret_post)$"
+    },
+    "openidc_client_id": {
+      "type": "string"
+    },
+    "openidc_client_secret": {
+      "type": "string"
    }
  }
 }
--- a/backend/schema/endpoints/proxy-hosts.json
+++ b/backend/schema/endpoints/proxy-hosts.json
@@ -64,6 +64,24 @@
    "advanced_config": {
      "type": "string"
    },
+    "openidc_enabled": {
+      "$ref": "../definitions.json#/definitions/openidc_enabled"
+    },
+    "openidc_redirect_uri": {
+      "$ref": "../definitions.json#/definitions/openidc_redirect_uri"
+    },
+    "openidc_discovery": {
+      "$ref": "../definitions.json#/definitions/openidc_discovery"
+    },
+    "openidc_auth_method": {
+      "$ref": "../definitions.json#/definitions/openidc_auth_method"
+    },
+    "openidc_client_id": {
+      "$ref": "../definitions.json#/definitions/openidc_client_id"
+    },
+    "openidc_client_secret": {
+      "$ref": "../definitions.json#/definitions/openidc_client_secret"
+    },
    "enabled": {
      "$ref": "../definitions.json#/definitions/enabled"
    },
@@ -161,6 +179,24 @@
    "advanced_config": {
      "$ref": "#/definitions/advanced_config"
    },
+    "openidc_enabled": {
+      "$ref": "#/definitions/openidc_enabled"
+    },
+    "openidc_redirect_uri": {
+      "$ref": "#/definitions/openidc_redirect_uri"
+    },
+    "openidc_discovery": {
+      "$ref": "#/definitions/openidc_discovery"
+    },
+    "openidc_auth_method": {
+      "$ref": "#/definitions/openidc_auth_method"
+    },
+    "openidc_client_id": {
+      "$ref": "#/definitions/openidc_client_id"
+    },
+    "openidc_client_secret": {
+      "$ref": "#/definitions/openidc_client_secret"
+    },
    "enabled": {
      "$ref": "#/definitions/enabled"
    },
@@ -251,6 +287,24 @@
          "advanced_config": {
            "$ref": "#/definitions/advanced_config"
          },
+          "openidc_enabled": {
+            "$ref": "#/definitions/openidc_enabled"
+          },
+          "openidc_redirect_uri": {
+            "$ref": "#/definitions/openidc_redirect_uri"
+          },
+          "openidc_discovery": {
+            "$ref": "#/definitions/openidc_discovery"
+          },
+          "openidc_auth_method": {
+            "$ref": "#/definitions/openidc_auth_method"
+          },
+          "openidc_client_id": {
+            "$ref": "#/definitions/openidc_client_id"
+          },
+          "openidc_client_secret": {
+            "$ref": "#/definitions/openidc_client_secret"
+          },
          "enabled": {
            "$ref": "#/definitions/enabled"
          },
@@ -324,6 +378,24 @@
          "advanced_config": {
            "$ref": "#/definitions/advanced_config"
          },
+          "openidc_enabled": {
+            "$ref": "#/definitions/openidc_enabled"
+          },
+          "openidc_redirect_uri": {
+            "$ref": "#/definitions/openidc_redirect_uri"
+          },
+          "openidc_discovery": {
+            "$ref": "#/definitions/openidc_discovery"
+          },
+          "openidc_auth_method": {
+            "$ref": "#/definitions/openidc_auth_method"
+          },
+          "openidc_client_id": {
+            "$ref": "#/definitions/openidc_client_id"
+          },
+          "openidc_client_secret": {
+            "$ref": "#/definitions/openidc_client_secret"
+          },
          "enabled": {
            "$ref": "#/definitions/enabled"
          },
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@@ -278,7 +278,7 @@
                        <div class="col-sm-12 col-md-12">
                            <div class="form-group">
                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="openidc_enabled" value="1<%- openidc_enabled ? ' checked' : '' %>">
+                                    <input type="checkbox" class="custom-switch-input" name="openidc_enabled" value="1"<%- openidc_enabled ? ' checked' : '' %>>
                                    <span class="custom-switch-indicator"></span>
                                    <span class="custom-switch-description">Use OpenID Connect authentication <span class="form-required">*</span></span>
                                </label>
--- a/frontend/js/app/nginx/proxy/form.js
+++ b/frontend/js/app/nginx/proxy/form.js
@@ -132,7 +132,6 @@ module.exports = Mn.View.extend({
        },

        'change @ui.openidc_enabled': function () {
-            console.log('Changing');
            let checked = this.ui.openidc_enabled.prop('checked');

            if (checked) {
@@ -367,6 +366,7 @@ module.exports = Mn.View.extend({

        // OpenID Connect
        this.ui.openidc.hide().find('input').prop('required', false);
+        this.ui.openidc_enabled.trigger('change');
    },

    initialize: function (options) {
--- a/frontend/js/models/proxy-host.js
+++ b/frontend/js/models/proxy-host.js
@@ -23,11 +23,11 @@ const model = Backbone.Model.extend({
            http2_support:           false,
            advanced_config:         '',
            openidc_enabled:         false,
-            openidc_redirect_uri:    null,
-            openidc_discovery:       null,
-            openidc_auth_method:     null,
-            openidc_client_id:       null,
-            openidc_client_secret:   null,
+            openidc_redirect_uri:    '',
+            openidc_discovery:       '',
+            openidc_auth_method:     'client_secret_post',
+            openidc_client_id:       '',
+            openidc_client_secret:   '',
            enabled:                 true,
            meta:                    {},
            // The following are expansions: