feat(oauth): merge pr from https://github.com/portainer/portainer/pull/2515

api/http/handler/settings/handler.go

@@ -11,6 +11,7 @@ import (
 
 func hideFields(settings *portainer.Settings) {
 	settings.LDAPSettings.Password = ""
+	settings.OAuthSettings.ClientSecret = ""
 }
 
 // Handler is the HTTP handler used to handle settings operations.
@@ -18,6 +19,7 @@ type Handler struct {
 	*mux.Router
 	SettingsService portainer.SettingsService
 	LDAPService     portainer.LDAPService
+	OAuthService    portainer.OAuthService
 	FileService     portainer.FileService
 	JobScheduler    portainer.JobScheduler
 	ScheduleService portainer.ScheduleService

api/http/handler/settings/settings_public.go

@@ -15,6 +15,10 @@ type publicSettingsResponse struct {
 	AllowPrivilegedModeForRegularUsers bool                           `json:"AllowPrivilegedModeForRegularUsers"`
 	EnableHostManagementFeatures       bool                           `json:"EnableHostManagementFeatures"`
 	ExternalTemplates                  bool                           `json:"ExternalTemplates"`
+	AuthorizationURI                   string                         `json:"AuthorizationURI"`
+	ClientID                           string                         `json:"ClientID"`
+	RedirectURI                        string                         `json:"RedirectURI"`
+	Scopes                             string                         `json:"Scopes"`
 }
 
 // GET request on /api/settings/public
@@ -31,6 +35,10 @@ func (handler *Handler) settingsPublic(w http.ResponseWriter, r *http.Request) *
 		AllowPrivilegedModeForRegularUsers: settings.AllowPrivilegedModeForRegularUsers,
 		EnableHostManagementFeatures:       settings.EnableHostManagementFeatures,
 		ExternalTemplates:                  false,
+		AuthorizationURI:                   settings.OAuthSettings.AuthorizationURI,
+		ClientID:                           settings.OAuthSettings.ClientID,
+		RedirectURI:                        settings.OAuthSettings.RedirectURI,
+		Scopes:                             settings.OAuthSettings.Scopes,
 	}
 
 	if settings.TemplatesURL != "" {

api/http/handler/settings/settings_update.go

@@ -16,6 +16,7 @@ type settingsUpdatePayload struct {
 	BlackListedLabels                  []portainer.Pair
 	AuthenticationMethod               *int
 	LDAPSettings                       *portainer.LDAPSettings
+	OAuthSettings                      *portainer.OAuthSettings
 	AllowBindMountsForRegularUsers     *bool
 	AllowPrivilegedModeForRegularUsers *bool
 	EnableHostManagementFeatures       *bool
@@ -24,7 +25,7 @@ type settingsUpdatePayload struct {
 }
 
 func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
-	if *payload.AuthenticationMethod != 1 && *payload.AuthenticationMethod != 2 {
+	if *payload.AuthenticationMethod != 1 && *payload.AuthenticationMethod != 2 && *payload.AuthenticationMethod != 3 {
 		return portainer.Error("Invalid authentication method value. Value must be one of: 1 (internal) or 2 (LDAP/AD)")
 	}
 	if payload.LogoURL != nil && *payload.LogoURL != "" && !govalidator.IsURL(*payload.LogoURL) {
@@ -69,6 +70,10 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		settings.LDAPSettings = *payload.LDAPSettings
 	}
 
+	if payload.OAuthSettings != nil {
+		settings.OAuthSettings = *payload.OAuthSettings
+	}
+
 	if payload.AllowBindMountsForRegularUsers != nil {
 		settings.AllowBindMountsForRegularUsers = *payload.AllowBindMountsForRegularUsers
 	}