This commit adds an authorization flow for logging in a user using Open ID on the PVE web frontend in the mobile view.
Signed-off-by: Alexander Abraham <a.abra...@proxmox.com> --- www/mobile/Login.js | 148 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 116 insertions(+), 32 deletions(-) diff --git a/www/mobile/Login.js b/www/mobile/Login.js index 06c8b3d4..05038036 100644 --- a/www/mobile/Login.js +++ b/www/mobile/Login.js @@ -1,8 +1,10 @@ +/ https://git.proxmox.com/?p=pve-manager.git;a=blob;f=www/manager6/Workspace.js;h=922e01df86718e8fc89ce5835f81d21f6d849b81;hb=HEAD + Ext.define('PVE.Login', { extend: 'Ext.form.Panel', alias: "widget.pveLogin", - - handleTFA: function(username, ticketResponse) { + id: 'loginFormPanel', + handleTFA: function(username, ticketResponse) { let me = this; let errlabel = me.down('#signInFailedLabel'); @@ -32,8 +34,7 @@ Ext.define('PVE.Login', { } else { me.mask({ xtype: 'loadmask', - message: 'Loading...', - }); + message: 'Loading...', }); Proxmox.Utils.API2Request({ url: '/api2/extjs/access/ticket', params: { @@ -57,16 +58,16 @@ Ext.define('PVE.Login', { Proxmox.Utils.authClear(); errlabel.show(); }, - }); + }) } }, }); } }, - config: { title: 'Login', padding: 10, + itemId: 'loginForm', appUrl: 'login', items: [ { @@ -78,7 +79,7 @@ Ext.define('PVE.Login', { { xtype: 'fieldset', title: 'Proxmox VE Login', - items: [ + items:[ { xtype: 'textfield', placeHolder: gettext('User name'), @@ -97,8 +98,19 @@ Ext.define('PVE.Login', { xtype: 'pveRealmSelector', itemId: 'realmSelectorField', name: 'realm', + listeners: { + change: function(field, newValue){ + let record = field.record; + let realmType = record.data.type; + let currForm = this.up("formpanel"); + let usernameField = currForm.down("#userNameTextField"); + let passwordField = currForm.down("#passwordTextField"); + usernameField.setHidden(realmType === "openid"); + passwordField.setHidden(realmType === "openid"); + } + } }, - ], + ], }, { xtype: 'label', @@ -124,35 +136,107 @@ Ext.define('PVE.Login', { errlabel.hide(); + var username = usernameField.getValue(); var password = passwordField.getValue(); - var realm = realmField.getValue(); + var realm = realmField.getValue(); - Proxmox.Utils.API2Request({ - url: '/access/ticket', - method: 'POST', - waitMsgTarget: form, - params: { username: username, password: password, realm: realm }, - failure: function(response, options) { - errlabel.show(); - }, - success: function(response, options) { - passwordField.setValue(''); - let data = response.result.data; - if (Ext.isDefined(data.NeedTFA)) { - form.handleTFA(username, data); - } else { - PVE.Workspace.updateLoginData(data); - } - }, - }); - }, - }, - ], - }, -}); + if (realmField.record.data.type === "openid"){ + const redirectUrl = location.origin; + const realmName = realmField.record.data.realm; + Proxmox.Utils.API2Request( + { + url: '/access/openid/auth-url', + method: 'POST', + waitMsgTarget: form, + params: { + realm: realmName, + "redirect-url": redirectUrl + }, + success: (resp, opts) => { + window.location = resp.result.data; + }, + failure: (resp, opts) => { + Proxmox.Utils.authClear(); + form.unmask(); + Ext.Msg.alert( + gettext('Error'), + gettext('OpenID redirect failed.') + `<br>${resp.htmlStatus}`, + ); + } + } + ); + return; + } + else { + Proxmox.Utils.API2Request({ + url: '/access/ticket', + method: 'POST', + waitMsgTarget: form, + params: { username: username, password: password, realm: realm }, + failure: function(response, options) { + errlabel.show(); + }, + success: function(response, options) { + passwordField.setValue(''); + let data = response.result.data; + if (Ext.isDefined(data.NeedTFA)) { + form.handleTFA(username, data); + } else { + PVE.Workspace.updateLoginData(data); + } + }, + }); + } + }, + }, + ], + }, + show: function(){ + let auth = Proxmox.Utils.getOpenIDRedirectionAuthorization(); + let lForm = this.callParent(); + if (auth !== undefined){ + let state = auth.state; + let code = auth.code; + Proxmox.Utils.authClear() + lForm.setMasked( + { + xtype: 'loadmask', + message: gettext('OpenID login - please wait..') + } + ); + const redirectUrl = location.origin; + Proxmox.Utils.API2Request({ + url: '/access/openid/login', + params: { + "state": auth.state, + "code": auth.code, + "redirect-url": redirectUrl, + }, + method: 'POST', + failure: function(response) { + lForm.unmask(); + let error = response.htmlStatus; + Ext.Msg.alert( + gettext('Error'), + gettext('OpenID login failed, please try again') + `<br>${error}`, + () => { window.location = redirectUrl; }, + ); + }, + success: function(response, options) { + lForm.unmask(); + let data = response.result.data; + history.replaceState(null, '', redirectUrl); + lForm.success(data) + PVE.Workspace.updateLoginData(data); + }, + }); + } + } +}); + Ext.define('PVE.field.TFACode', { extend: 'Ext.field.Text', xtype: 'tfacode', -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
