Add default clients #105

Merged
pierre merged 9 commits from feat-default-client into master 2023-04-15 10:19:16 +00:00
6 changed files with 31 additions and 15 deletions
Showing only changes of commit d27c542e1f - Show all commits

View File

@ -18,6 +18,8 @@ You can configure a list of clients (Relying Parties) in a `clients.yaml` file w
redirect_uri: https://mygit.mywebsite.com/
# If you want new accounts to be granted access to this client by default
default: true
# If you want the client to be granted to every users, regardless their account configuration
granted_to_all_users: true
```
On the first run, BasicOIDC will create a new administrator with credentials `admin` / `admin`. On first login you will have to change these default credentials.

View File

@ -42,8 +42,8 @@ pub async fn clients_route(user: CurrentUser, clients: web::Data<ClientManager>)
_p: BaseSettingsPage::get("Clients list", &user, None, None),
clients: clients.cloned(),
}
.render()
.unwrap(),
.render()
.unwrap(),
)
}
@ -197,7 +197,7 @@ pub async fn users_route(
true => "Failed to create user!",
false => "Failed to update user!",
}
.to_string(),
.to_string(),
)
} else {
success = Some(match is_creating {
@ -228,14 +228,20 @@ pub async fn users_route(
_p: BaseSettingsPage::get("Users list", &admin, danger, success),
users,
}
.render()
.unwrap(),
.render()
.unwrap(),
)
}
pub async fn create_user(admin: CurrentUser, clients: web::Data<ClientManager>) -> impl Responder {
let mut user = User::default();
user.authorized_clients = Some(clients.get_default_clients().iter().map(|u| u.id.clone()).collect());
user.authorized_clients = Some(
clients
.get_default_clients()
.iter()
.map(|u| u.id.clone())
.collect(),
);
HttpResponse::Ok().body(
EditUserTemplate {
@ -243,8 +249,8 @@ pub async fn create_user(admin: CurrentUser, clients: web::Data<ClientManager>)
u: user,
clients: clients.cloned(),
}
.render()
.unwrap(),
.render()
.unwrap(),
)
}
@ -279,7 +285,7 @@ pub async fn edit_user(
u: edited_account.unwrap_or_default(),
clients: clients.cloned(),
}
.render()
.unwrap(),
.render()
.unwrap(),
)
}

View File

@ -164,7 +164,7 @@ pub async fn authorize(
};
// Check if user is authorized to access the application
if !user.can_access_app(&client.id) {
if !user.can_access_app(&client) {
return error_redirect(
&query,
"invalid_request",

View File

@ -24,6 +24,10 @@ pub struct Client {
/// Specify if the client must be allowed by default for new account
#[serde(default = "bool::default")]
pub default: bool,
/// Specify whether a client is granted to all users
#[serde(default = "bool::default")]
pub granted_to_all_users: bool,
}
impl PartialEq for Client {

View File

@ -2,7 +2,7 @@ use std::collections::HashMap;
use std::net::IpAddr;
use crate::constants::SECOND_FACTOR_EXEMPTION_AFTER_SUCCESSFUL_LOGIN;
use crate::data::client::ClientID;
use crate::data::client::{Client, ClientID};
use crate::data::login_redirect::LoginRedirect;
use crate::data::totp_key::TotpKey;
use crate::data::webauthn_manager::WebauthnPubKey;
@ -170,10 +170,14 @@ impl User {
}
}
pub fn can_access_app(&self, id: &ClientID) -> bool {
pub fn can_access_app(&self, client: &Client) -> bool {
if client.granted_to_all_users {
return true;
}
match self.granted_clients() {
GrantedClients::AllClients => true,
GrantedClients::SomeClients(c) => c.contains(id),
GrantedClients::SomeClients(c) => c.contains(&client.id),
GrantedClients::NoClient => false,
}
}

View File

@ -144,7 +144,7 @@
<div class="form-check">
<input id="client-{{ c.id.0 }}" class="form-check-input authorize_client_checkbox" type="checkbox"
data-id="{{ c.id.0 }}"
{% if u.can_access_app(c.id) %} checked="" {% endif %}>
{% if u.can_access_app(c) %} checked="" {% endif %}>
<label class="form-check-label" for="client-{{ c.id.0 }}">
{{ c.name }}
</label>