From 9a677fce72affba2854415709da526ecec6d5bea Mon Sep 17 00:00:00 2001 From: Dean Date: Thu, 18 Aug 2022 10:59:40 +0100 Subject: [PATCH 1/7] Added scope customisation to the OIDC SSO configuration. Users can add or remove whichever scopes they like except 'openid'. They can revert to our core default values if they run into any issues --- packages/bbui/src/Tags/Tag.svelte | 3 +- .../builder/portal/manage/auth/index.svelte | 203 +++++++++++++++++- .../worker/src/api/controllers/global/auth.ts | 15 +- .../worker/src/api/routes/global/configs.js | 1 + 4 files changed, 219 insertions(+), 3 deletions(-) diff --git a/packages/bbui/src/Tags/Tag.svelte b/packages/bbui/src/Tags/Tag.svelte index f7089decdb..9c4cb6e583 100644 --- a/packages/bbui/src/Tags/Tag.svelte +++ b/packages/bbui/src/Tags/Tag.svelte @@ -8,6 +8,7 @@ export let invalid = false export let disabled = false export let closable = false + export let onClick
{#if closable} - + {/if}
diff --git a/packages/builder/src/pages/builder/portal/manage/auth/index.svelte b/packages/builder/src/pages/builder/portal/manage/auth/index.svelte index bc77329a32..ffc5bed7ce 100644 --- a/packages/builder/src/pages/builder/portal/manage/auth/index.svelte +++ b/packages/builder/src/pages/builder/portal/manage/auth/index.svelte @@ -18,6 +18,8 @@ Body, Select, Toggle, + Tag, + Tags, } from "@budibase/bbui" import { onMount } from "svelte" import { API } from "api" @@ -208,6 +210,7 @@ providers[res.type]._id = res._id }) notifications.success(`Settings saved`) + scopesFields[0].editing = false }) .catch(() => { notifications.error("Failed to update auth settings") @@ -215,6 +218,21 @@ } } + let defaultScopes = ["profile", "email", "offline_access"] + + const refreshScopes = idx => { + providers.oidc.config.configs[idx]["scopes"] = + providers.oidc.config.configs[idx]["scopes"] + } + + let scopesFields = [ + { + editing: false, + inputText: null, + error: null, + }, + ] + onMount(async () => { try { await organisation.init() @@ -276,7 +294,7 @@ if (!oidcDoc?._id) { providers.oidc = { type: ConfigTypes.OIDC, - config: { configs: [{ activated: true }] }, + config: { configs: [{ activated: true, scopes: defaultScopes }] }, } } else { originalOidcDoc = cloneDeep(oidcDoc) @@ -397,10 +415,193 @@ /> + + + +
Advanced
+
+ + Changes to your authentication scopes will only take effect when you + next log in. Please refer to your vendor documentation before + modification. + + +
+ + {#if scopesFields[0].editing} + + { + if (!scopesFields[0].inputText) { + scopesFields[0].error = null + } + if ( + e.key === "Enter" || + e.keyCode === 13 || + e.code == "Space" || + e.keyCode == 32 + ) { + let scopes = providers.oidc.config.configs[0]["scopes"] + ? providers.oidc.config.configs[0]["scopes"] + : [...defaultScopes] + + let update = scopesFields[0].inputText.trim() + + if (/[\\"\s]/.test(update)) { + scopesFields[0].error = + "Auth scopes cannot contain spaces, double quotes or backslashes" + return + } else if (scopes.indexOf(update) > -1) { + scopesFields[0].error = "Auth scope already exists" + return + } else if (!update.length) { + scopesFields[0].inputText = null + scopesFields[0].error = null + return + } else { + scopesFields[0].error = null + } + + if (scopes.indexOf(update) == -1) { + scopes.push(update) + providers.oidc.config.configs[0]["scopes"] = scopes + } + scopesFields[0].inputText = null + } + }} + /> + + {/if} + +
+ + + openid + + {#each providers.oidc.config.configs[0]["scopes"] || [...defaultScopes] as tag, idx} + { + let idxScopes = providers.oidc.config.configs[0]["scopes"] + if (idxScopes.length == 1) { + idxScopes.pop() + } else { + idxScopes.splice(idx, 1) + refreshScopes(0) + } + }} + > + {tag} + + {/each} + + {#if !scopesFields[0].editing} + { + if (!providers.oidc.config.configs[0]) { + providers.oidc.config.configs[0]["scopes"] = [ + ...defaultScopes, + ] + } + scopesFields[0].editing = !scopesFields[0].editing + }} + > + Edit + + {/if} + +
+ + {#if scopesFields[0].editing} +
+ + +
+ {/if} +
+
+
{/if}