Skip to content

Commit

Permalink
fixed #353 - auto-enable auth policy when adding an OTP after a passw…
Browse files Browse the repository at this point in the history 
…ord or a public key
  • Loading branch information
@Eugeny
Eugeny committed Sep 21, 2022
1 parent 04e5ecf commit deab505
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 19 deletions.
21 changes: 11 additions & 10 deletions warpgate-web/src/admin/AuthPolicyEditor.svelte
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
<script lang="ts">
import { Input } from 'sveltestrap'
import type { CredentialKind, User, UserRequireCredentialsPolicy } from './lib/api'
import { CredentialKind, User, UserRequireCredentialsPolicy } from './lib/api'
export let user: User
export let value: UserRequireCredentialsPolicy
export let possibleCredentials: Set<CredentialKind>
export let protocolId: string
const labels = {
Expand All @@ -15,16 +16,16 @@ const labels = {
WebUserApproval: 'In-browser auth',
}
let isAny = !value[protocolId]
let validCredentials = new Set<string>()
const possibleCredentials = {
ssh: new Set(['Password', 'PublicKey', 'Totp', 'WebUserApproval']),
http: new Set(['Password', 'Totp', 'Sso']),
mysql: new Set(['Password']),
}[protocolId]!
let isAny = false
let validCredentials = new Set<CredentialKind>()
$: {
validCredentials = new Set(user.credentials.map(x => x.kind))
validCredentials.add('WebUserApproval')
validCredentials = new Set(user.credentials.map(x => x.kind as CredentialKind))
validCredentials.add(CredentialKind.WebUserApproval)
setTimeout(() => {
isAny = !value[protocolId]
})
}
function updateAny () {
Expand Down
47 changes: 38 additions & 9 deletions warpgate-web/src/admin/User.svelte
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<script lang="ts">
import { faIdBadge, faKey, faKeyboard, faMobileScreen } from '@fortawesome/free-solid-svg-icons'
import {api, Role, User, UserAuthCredential, UserRequireCredentialsPolicy} from 'admin/lib/api'
import { api, CredentialKind, Role, User, UserAuthCredential, UserRequireCredentialsPolicy } from 'admin/lib/api'
import AsyncButton from 'common/AsyncButton.svelte'
import DelayedSpinner from 'common/DelayedSpinner.svelte'
import Fa from 'svelte-fa'
Expand All @@ -24,6 +24,12 @@ const policyProtocols = [
{ id: 'mysql', name: 'MySQL' },
]
const possibleCredentials: Record<string, Set<CredentialKind>> = {
ssh: new Set([CredentialKind.Password, CredentialKind.PublicKey, CredentialKind.Totp, CredentialKind.WebUserApproval]),
http: new Set([CredentialKind.Password, CredentialKind.Totp, CredentialKind.Sso]),
mysql: new Set([CredentialKind.Password]),
}
async function load () {
try {
user = await api.getUser({ id: params.id })
Expand Down Expand Up @@ -79,6 +85,35 @@ async function toggleRole (role: Role) {
roleIsAllowed = { ...roleIsAllowed, [role.id]: true }
}
}
function saveCredential () {
if (!editingCredential) {
return
}
if (user.credentials.includes(editingCredential)) {
user.credentials = [...user.credentials]
} else {
user.credentials.push(editingCredential)
for (const protocol of ['http', 'ssh'] as ('http'|'ssh')[]) {
for (const ck of [CredentialKind.Password, CredentialKind.PublicKey]) {
if (
editingCredential.kind === CredentialKind.Totp
&& !user.credentialPolicy?.[protocol]
&& user.credentials.some(x => x.kind === ck)
&& possibleCredentials[protocol].has(ck)
) {
user.credentialPolicy = {
...user.credentialPolicy ?? {},
[protocol]: [ck, CredentialKind.Totp],
}
policy = user.credentialPolicy
}
}
}
}
editingCredential = undefined
}
</script>

{#await load()}
Expand Down Expand Up @@ -170,6 +205,7 @@ async function toggleRole (role: Role) {
<AuthPolicyEditor
user={user}
bind:value={policy}
possibleCredentials={possibleCredentials[protocol.id]}
protocolId={protocol.id}
/>
</div>
Expand Down Expand Up @@ -217,14 +253,7 @@ async function toggleRole (role: Role) {
<UserCredentialModal
credential={editingCredential}
username={user.username}
save={() => {
if (!editingCredential) {
return
}
user.credentials = user.credentials.filter(c => c !== editingCredential)
user.credentials.push(editingCredential)
editingCredential = undefined
}}
save={saveCredential}
cancel={() => editingCredential = undefined}
/>
{/if}
Expand Down

0 comments on commit deab505

Please sign in to comment.