Add basic settings page

NHAS · NHAS · commit 06adf586b8b4 · 2024-11-23T13:21:06.000+13:00
diff --git a/adminui/settings.go b/adminui/settings.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 
 	"github.com/NHAS/wag/internal/data"
+	"github.com/NHAS/wag/internal/mfaportal/authenticators"
 )
 
 func (au *AdminUI) adminUsersData(w http.ResponseWriter, r *http.Request) {
@@ -89,3 +90,16 @@ func (au *AdminUI) updateLoginSettings(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 }
+
+func (au *AdminUI) getAllMfaMethods(w http.ResponseWriter, r *http.Request) {
+
+	resp := []MFAMethodDTO{}
+
+	authenticators := authenticators.GetAllAvaliableMethods()
+	for _, a := range authenticators {
+		resp = append(resp, MFAMethodDTO{FriendlyName: a.FriendlyName(), Method: a.Type()})
+	}
+
+	w.Header().Set("content-type", "application/json")
+	json.NewEncoder(w).Encode(resp)
+}
diff --git a/adminui/structs.go b/adminui/structs.go
@@ -153,3 +153,8 @@ type EditDevicesDTO struct {
 	Action    string   `json:"action"`
 	Addresses []string `json:"addresses"`
 }
+
+type MFAMethodDTO struct {
+	FriendlyName string `json:"friendly_name"`
+	Method       string `json:"method"`
+}
diff --git a/adminui/ui_webserver.go b/adminui/ui_webserver.go
@@ -263,6 +263,7 @@ func New(firewall *router.Firewall, errs chan<- error) (ui *AdminUI, err error)
 		protectedRoutes.HandleFunc("PUT /api/settings/login", adminUI.updateLoginSettings)
 		protectedRoutes.HandleFunc("GET /api/settings/general", adminUI.getGeneralSettings)
 		protectedRoutes.HandleFunc("GET /api/settings/login", adminUI.getLoginSettings)
+		protectedRoutes.HandleFunc("GET /api/settings/all_mfa_methods", adminUI.getAllMfaMethods)
 
 		protectedRoutes.HandleFunc("GET /api/settings/management_users", adminUI.adminUsersData)
 
diff --git a/adminui2/src/api/settings.ts b/adminui2/src/api/settings.ts
@@ -1,4 +1,4 @@
-import type { GenericResponseDTO, ChangePasswordRequestDTO, LoginSettingsResponseDTO, GeneralSettingsResponseDTO } from './types'
+import type { GenericResponseDTO, MFAMethodDTO, LoginSettingsResponseDTO, GeneralSettingsResponseDTO } from './types'
 
 import { client } from '.'
 
@@ -16,4 +16,8 @@ export function getLoginSettings(): Promise<LoginSettingsResponseDTO> {
 
 export function updateLoginSettings(settings: LoginSettingsResponseDTO): Promise<GenericResponseDTO> {
     return client.put('/api/settings/login', settings).then(res => res.data)
-}
+}
+
+export function getMFAMethods(): Promise<MFAMethodDTO[]> {
+    return client.get('/api/settings/all_mfa_methods').then(res => res.data)
+}
diff --git a/adminui2/src/api/types.ts b/adminui2/src/api/types.ts
@@ -150,7 +150,7 @@ export interface OidcResponseDTO {
   client_secret: string
   client_id: string
   group_claim_name: string
-  DeviceUsernameClaim: string
+  device_username_claim: string
 }
 
 
@@ -171,4 +171,10 @@ export interface LoginSettingsResponseDTO {
 
   oidc: OidcResponseDTO
   pam: PamResponseDTO
-}
+}
+
+
+export interface MFAMethodDTO {
+	friendly_name: string
+	method: string
+}
diff --git a/adminui2/src/composables/useTextareaInput.ts b/adminui2/src/composables/useTextareaInput.ts
@@ -1,4 +1,4 @@
-import { ref, computed } from 'vue'
+import { ref, computed, watch, type Ref } from 'vue'
 
 export function useTextareaInput() {
   const Input = ref('')
diff --git a/adminui2/src/pages/Dashboard.vue b/adminui2/src/pages/Dashboard.vue
@@ -9,19 +9,17 @@ import { useTokensStore } from '@/stores/registration_tokens'
 import { useAuthStore } from '@/stores/auth'
 import { useInstanceDetailsStore } from '@/stores/serverInfo'
 
-import { Icons } from '@/util/icons'
-
 const devicesStore = useDevicesStore()
-devicesStore.load(true)
+devicesStore.load(false)
 
 const registrationTokensStore = useTokensStore()
-registrationTokensStore.load(true)
+registrationTokensStore.load(false)
 
 const instanceDetails = useInstanceDetailsStore()
-instanceDetails.load(false)
+instanceDetails.load(true)
 
 const usersStore = useUsersStore()
-usersStore.load(true)
+usersStore.load(false)
 
 const authStore = useAuthStore()
 const toast = useToast()
diff --git a/adminui2/src/pages/Settings.vue b/adminui2/src/pages/Settings.vue
@@ -1,13 +1,12 @@
 <script setup lang="ts">
 import { storeToRefs } from 'pinia'
-import { ref, computed } from 'vue'
+import { ref, computed, watch } from 'vue'
 import { useToast } from 'vue-toastification'
 
 import { useToastError } from '@/composables/useToastError'
 
 import { useAuthStore } from '@/stores/auth'
-import { useTextareaInput } from '@/composables/useTextareaInput'
-import { getGeneralSettings, getLoginSettings, updateGeneralSettings, updateLoginSettings, type GeneralSettingsResponseDTO as GeneralSettingsDTO, type LoginSettingsResponseDTO as LoginSettingsDTO } from '@/api'
+import { getMFAMethods, getGeneralSettings, getLoginSettings, updateGeneralSettings, updateLoginSettings, type GeneralSettingsResponseDTO as GeneralSettingsDTO, type LoginSettingsResponseDTO as LoginSettingsDTO } from '@/api'
 import { useApi } from '@/composables/useApi'
 import PageLoading from '@/components/PageLoading.vue'
 
@@ -21,15 +20,24 @@ const { catcher } = useToastError()
 const { data: general, isLoading: isLoadingGeneralSettings, silentlyRefresh: refreshGeneral } = useApi(() => getGeneralSettings())
 const { data: loginSettings, isLoading: isLoadingLoginSettings, silentlyRefresh: refreshLoginSettings } = useApi(() => getLoginSettings())
 
+const { data: mfaTypes, isLoading: isLoadingMFATypes } = useApi(() => getMFAMethods())
 
 const generalData = computed(() => general.value ?? {} as GeneralSettingsDTO)
 const loginSettingsData = computed(() => loginSettings.value ?? {} as LoginSettingsDTO)
 
+const textValue = ref(general.value?.dns.join('\n') ?? '')
 
-const { Input: Dns, Arr: DnsArr } = useTextareaInput()
-
-Dns.value = (general.value?.dns ?? []).join("\n")
+watch(textValue, (newValue) => {
+  if (general.value) {
+    general.value.dns = newValue.split('\n').filter(item => item.trim() !== '')
+  }
+})
 
+watch(general, (newValue) => {
+  if (newValue) {
+    textValue.value = newValue.dns.join('\n')
+  }
+})
 
 async function saveGeneralSettings() {
   try {
@@ -50,7 +58,7 @@ async function saveGeneralSettings() {
 async function saveLoginSettings() {
   try {
     const resp = await updateLoginSettings(loginSettingsData.value as LoginSettingsDTO)
-    refreshGeneral()
+    refreshLoginSettings()
 
     if (!resp.success) {
       toast.error(resp.message ?? 'Failed')
@@ -68,13 +76,13 @@ async function saveLoginSettings() {
 
 <template>
   <main class="w-full p-4">
-    <PageLoading v-if="isLoadingGeneralSettings || isLoadingLoginSettings" />
+    <PageLoading v-if="isLoadingGeneralSettings || isLoadingLoginSettings || isLoadingMFATypes" />
 
     <div v-else>
       <h1 class="text-4xl font-bold">Settings</h1>
       <div class="mt-6 flex flex-wrap gap-6">
-        <div class="flex w-full gap-4">
-          <div class="card bg-base-100 shadow-xl min-w-[400px]">
+        <div class="flex flex-wrap w-full gap-4">
+          <div class="card bg-base-100 shadow-xl min-w-[350px]">
             <div class="card-body">
               <h2 class="card-title">General</h2>
 
@@ -103,48 +111,155 @@ async function saveLoginSettings() {
               <div class="form-control">
                 <label for="dns" class="block font-medium text-gray-900 pt-6">DNS</label>
                 <textarea class="rules-input textarea textarea-bordered w-full font-mono" rows="3"
-                  v-model="Dns"></textarea>
+                  v-model="textValue"></textarea>
               </div>
 
+              <div class="flex flex-grow"></div>
 
-                <button type="submit" class="btn btn-primary w-full"
-                  @click="() => saveGeneralSettings()">
-                  <span class="loading loading-spinner loading-md" v-if="isLoadingGeneralSettings"></span>
-                  Save
-                </button>
+              <button type="submit" class="btn btn-primary w-full" @click="() => saveGeneralSettings()">
+                <span class="loading loading-spinner loading-md" v-if="isLoadingGeneralSettings"></span>
+                Save
+              </button>
             </div>
           </div>
-          <div class="card bg-base-100 shadow-xl min-w-[400px]">
+          <div class="card bg-base-100 shadow-xl min-w-[350px]">
             <div class="card-body">
               <h2 class="card-title">Login</h2>
 
               <div class="form-control">
                 <label class="label font-bold">
                   <span class="label-text">Session Life Time (Minutes)</span>
                 </label>
-                <input v-model="loginSettingsData.max_session_lifetime_minutes" type="number" class="input input-bordered w-full" />
+                <input v-model="loginSettingsData.max_session_lifetime_minutes" type="number"
+                  class="input input-bordered w-full" />
               </div>
 
               <div class="form-control">
                 <label class="label font-bold">
                   <span class="label-text">Inactivity Timeout (Minutes)</span>
                 </label>
-                <input v-model="loginSettingsData.session_inactivity_timeout_minutes" type="number" class="input input-bordered w-full" />
+                <input v-model="loginSettingsData.session_inactivity_timeout_minutes" type="number"
+                  class="input input-bordered w-full" />
               </div>
 
               <div class="form-control">
                 <label class="label font-bold">
                   <span class="label-text">Max Authentication Attempts</span>
                 </label>
-                <input v-model="loginSettingsData.lockout" type="number"
+                <input v-model="loginSettingsData.lockout" type="number" class="input input-bordered w-full" />
+              </div>
+
+              <div class="form-control w-full">
+                <label for="default_method" class="label font-bold">Default MFA Method</label>
+                <select class="select select-bordered " name="default_method"
+                  v-model="loginSettingsData.default_mfa_method">
+                  <option v-for="method in loginSettingsData.enabled_mfa_methods"
+                    :selected="method == loginSettingsData.default_mfa_method" :value="method">{{ method }}</option>
+                </select>
+              </div>
+
+              <div class="flex flex-col">
+                <div v-for="method in mfaTypes" class="form-control w-full">
+                  <label :for=method.method class="label cursor-pointer">
+                    <span class="label-text">{{ method.friendly_name }}</span>
+                    <input :name=method.method type="checkbox" class="toggle toggle-primary" :value="method.method"
+                      v-model="loginSettingsData.enabled_mfa_methods"
+                      :checked="loginSettingsData.enabled_mfa_methods.indexOf(method.method) != -1" />
+                  </label>
+                </div>
+              </div>
+
+              <div class="flex flex-grow"></div>
+
+              <button type="submit" class="btn btn-primary w-full" @click="() => saveLoginSettings()">
+                <span class="loading loading-spinner loading-md" v-if="isLoadingLoginSettings"></span>
+                Save
+              </button>
+            </div>
+          </div>
+
+          <div>
+            <div
+              v-if="loginSettingsData.enabled_mfa_methods.indexOf('totp') != -1 || loginSettingsData.enabled_mfa_methods.indexOf('webauthn') != -1"
+              class="card bg-base-100 shadow-xl min-w-[350px] h-max mb-4">
+              <div class="card-body">
+                <h2 class="card-title">Login > General</h2>
+
+                <div class="form-control">
+                  <label class="label font-bold">
+                    <span class="label-text">Issuer</span>
+                  </label>
+                  <input v-model="loginSettingsData.issuer" type="text" required class="input input-bordered w-full" />
+                </div>
+                <div class="form-control">
+                  <label class="label font-bold">
+                    <span class="label-text">Internal VPN Domain</span>
+                  </label>
+                  <input v-model="loginSettingsData.domain" type="text" required class="input input-bordered w-full" />
+                </div>
+              </div>
+            </div>
+
+            <div v-if="loginSettingsData.enabled_mfa_methods.indexOf('pam') != -1"
+              class="card bg-base-100 shadow-xl min-w-[350px] h-max">
+              <div class="card-body">
+                <h2 class="card-title">Login > System Login</h2>
+
+                <div class="form-control">
+                  <label class="label font-bold">
+                    <span class="label-text">Service Name</span>
+                  </label>
+                  <input v-model="loginSettingsData.pam.service_name" type="text" required
+                    class="input input-bordered w-full" />
+                </div>
+              </div>
+            </div>
+          </div>
+
+          <div v-if="loginSettingsData.enabled_mfa_methods.indexOf('oidc') != -1"
+            class="card bg-base-100 shadow-xl min-w-[350px] h-max">
+            <div class="card-body">
+              <h2 class="card-title">Login > SSO Settings</h2>
+
+              <div class="form-control">
+                <label class="label font-bold">
+                  <span class="label-text">Provider URL</span>
+                </label>
+                <input v-model="loginSettingsData.oidc.issuer" type="text" required
+                  class="input input-bordered w-full" />
+              </div>
+
+              <div class="form-control">
+                <label class="label font-bold">
+                  <span class="label-text">Client ID</span>
+                </label>
+                <input v-model="loginSettingsData.oidc.client_id" type="text" required
+                  class="input input-bordered w-full" />
+              </div>
+
+              <div class="form-control">
+                <label class="label font-bold">
+                  <span class="label-text">Client Secret</span>
+                </label>
+                <input v-model="loginSettingsData.oidc.client_secret" type="password" required
                   class="input input-bordered w-full" />
               </div>
 
-                <button type="submit" class="btn btn-primary w-full"
-                  @click="() => saveLoginSettings()">
-                  <span class="loading loading-spinner loading-md" v-if="isLoadingLoginSettings"></span>
-                  Save
-                </button>
+              <div class="form-control">
+                <label class="label font-bold">
+                  <span class="label-text">Groups Claim Name</span>
+                </label>
+                <input v-model="loginSettingsData.oidc.group_claim_name" type="text"
+                  class="input input-bordered w-full" />
+              </div>
+
+              <div class="form-control">
+                <label class="label font-bold">
+                  <span class="label-text">Device Username Claim</span>
+                </label>
+                <input v-model="loginSettingsData.oidc.device_username_claim" type="text"
+                  class="input input-bordered w-full" />
+              </div>
             </div>
           </div>
         </div>
diff --git a/internal/data/config.go b/internal/data/config.go
@@ -142,7 +142,10 @@ func GetWebauthn() (wba Webauthn, err error) {
 	}
 
 	var urlData string
+	// Issuer
 	json.Unmarshal(response.Responses[0].GetResponseRange().Kvs[0].Value, &wba.DisplayName)
+
+	//Domain
 	json.Unmarshal(response.Responses[1].GetResponseRange().Kvs[0].Value, &urlData)
 
 	tunnelURL, err := url.Parse(urlData)
@@ -187,7 +190,7 @@ func SetAuthenticationMethods(methods []string) error {
 	return err
 }
 
-func GetAuthenicationMethods() (result []string, err error) {
+func GetEnabledAuthenicationMethods() (result []string, err error) {
 
 	resp, err := etcd.Get(context.Background(), MFAMethodsEnabledKey)
 	if err != nil {
diff --git a/internal/mfaportal/authenticators/authenticators.go b/internal/mfaportal/authenticators/authenticators.go
@@ -141,7 +141,7 @@ func AddMFARoutes(mux *http.ServeMux, firewall *router.Firewall) error {
 
 	}
 
-	enabledMethods, err := data.GetAuthenicationMethods()
+	enabledMethods, err := data.GetEnabledAuthenicationMethods()
 	if err != nil {
 		return err
 	}
diff --git a/internal/mfaportal/statemachine.go b/internal/mfaportal/statemachine.go
@@ -57,7 +57,7 @@ func (mp *MfaPortal) oidcChanges(_ string, _ data.OIDC, _ data.OIDC, et data.Eve
 		authenticators.DisableMethods(types.Oidc)
 	case data.CREATED, data.MODIFIED:
 		// Oidc and other mfa methods pull data from the etcd store themselves. So as dirty as this seems, its really just a notification to reinitialise themselves
-		methods, err := data.GetAuthenicationMethods()
+		methods, err := data.GetEnabledAuthenicationMethods()
 		if err != nil {
 			log.Println("Couldnt get authenication methods to enable oidc: ", err)
 			return err
@@ -78,7 +78,7 @@ func (mp *MfaPortal) domainChanged(_ string, _ string, _ string, et data.EventTy
 	switch et {
 	case data.MODIFIED:
 
-		methods, err := data.GetAuthenicationMethods()
+		methods, err := data.GetEnabledAuthenicationMethods()
 		if err != nil {
 			log.Println("Couldnt get authenication methods to enable oidc: ", err)
 			return err

Original file line number	Diff line number	Diff line change
`@@ -153,3 +153,8 @@ type EditDevicesDTO struct {`
`153`	`153`	Action string `json:"action"`
`154`	`154`	Addresses []string `json:"addresses"`
`155`	`155`	`}`
	`156`	`+`
	`157`	`+type MFAMethodDTO struct {`
	`158`	+ FriendlyName string `json:"friendly_name"`
	`159`	+ Method string `json:"method"`
	`160`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-import { ref, computed } from 'vue'`
	`1`	`+import { ref, computed, watch, type Ref } from 'vue'`
`2`	`2`
`3`	`3`	`export function useTextareaInput() {`
`4`	`4`	`const Input = ref('')`
Original file line number	Diff line number	Diff line change
`@@ -141,7 +141,7 @@ func AddMFARoutes(mux http.ServeMux, firewall router.Firewall) error {`
`141`	`141`
`142`	`142`	`}`
`143`	`143`
`144`		`- enabledMethods, err := data.GetAuthenicationMethods()`
	`144`	`+ enabledMethods, err := data.GetEnabledAuthenicationMethods()`
`145`	`145`	`if err != nil {`
`146`	`146`	`return err`
`147`	`147`	`}`