Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-08-07 23:05:26 +02:00
Code Issues Releases Activity

feat(oauth): merge pr from https://github.com/portainer/portainer/pull/2515

Browse source
This commit is contained in:
Chaim Lev Ari 2018-12-30 18:02:22 +02:00
parent 463b379876
commit 241a701eca
19 changed files with 501 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/portainer/components/datatables/users-datatable/usersDatatable.html
View file

@ -65,8 +65,9 @@
</span>
</td>
<td>
<span ng-if="item.Id === 1 || $ctrl.authenticationMethod !== 2">Internal</span>
<span ng-if="item.Id === 1 || $ctrl.authenticationMethod !== 2 && $ctrl.authenticationMethod !== 3">Internal</span>
<span ng-if="item.Id !== 1 && $ctrl.authenticationMethod === 2">LDAP</span>
<span ng-if="item.Id !== 1 && $ctrl.authenticationMethod === 3">OAuth</span>
</td>
</tr>
<tr ng-if="!$ctrl.dataset">

17
app/portainer/models/settings.js
View file

@ -3,6 +3,11 @@ function SettingsViewModel(data) {
this.BlackListedLabels = data.BlackListedLabels;
this.AuthenticationMethod = data.AuthenticationMethod;
this.LDAPSettings = data.LDAPSettings;
this.OAuthSettings = data.OAuthSettings;
this.ClientID = data.ClientID;
this.RedirectURI = data.RedirectURI;
this.Scopes = data.Scopes;
this.AuthorizationURI = data.AuthorizationURI;
this.AllowBindMountsForRegularUsers = data.AllowBindMountsForRegularUsers;
this.AllowPrivilegedModeForRegularUsers = data.AllowPrivilegedModeForRegularUsers;
this.SnapshotInterval = data.SnapshotInterval;
@ -31,3 +36,15 @@ function LDAPGroupSearchSettings(GroupBaseDN, GroupAttribute, GroupFilter) {
this.GroupAttribute = GroupAttribute;
this.GroupFilter = GroupFilter;
}
function OAuthSettingsViewModel(data) {
this.ClientID = data.ClientID;
this.ClientSecret = data.ClientSecret;
this.AccessTokenURI = data.AccessTokenURI;
this.AuthorizationURI = data.AuthorizationURI;
this.ResourceURI = data.ResourceURI;
this.RedirectURI = data.RedirectURI;
this.UserIdentifier = data.UserIdentifier;
this.Scopes = data.Scopes;
this.OAuthAutoCreateUsers = data.OAuthAutoCreateUsers;
}

9
app/portainer/rest/oauth.js Normal file
View file

@ -0,0 +1,9 @@
angular.module('portainer.app')
.factory('OAuth', ['$resource', 'API_ENDPOINT_OAUTH', function OAuthFactory($resource, API_ENDPOINT_OAUTH) {
'use strict';
return $resource(API_ENDPOINT_OAUTH, {}, {
login: {
method: 'POST', ignoreLoadingBar: true
}
});
}]);

21
app/portainer/services/authentication.js
View file

@ -1,11 +1,12 @@
angular.module('portainer.app')
.factory('Authentication', ['$q', 'Auth', 'jwtHelper', 'LocalStorage', 'StateManager', 'EndpointProvider', function AuthenticationFactory($q, Auth, jwtHelper, LocalStorage, StateManager, EndpointProvider) {
.factory('Authentication', ['$q', 'Auth', 'OAuth', 'jwtHelper', 'LocalStorage', 'StateManager', 'EndpointProvider', function AuthenticationFactory($q, Auth, OAuth, jwtHelper, LocalStorage, StateManager, EndpointProvider) {
'use strict';
var service = {};
var user = {};
service.init = init;
service.oAuthLogin = oAuthLogin;
service.login = login;
service.logout = logout;
service.isAuthenticated = isAuthenticated;
@ -22,6 +23,24 @@ angular.module('portainer.app')
}
}
function oAuthLogin(code) {
var deferred = $q.defer();
OAuth.login({code: code}).$promise
.then(function success(data) {
LocalStorage.storeJWT(data.jwt);
var tokenPayload = jwtHelper.decodeToken(data.jwt);
user.username = tokenPayload.username;
user.ID = tokenPayload.id;
user.role = tokenPayload.role;
deferred.resolve();
})
.catch(function error() {
deferred.reject();
});
return deferred.promise;
}
function login(username, password) {
var deferred = $q.defer();

4
app/portainer/views/auth/auth.html
View file

@ -28,13 +28,15 @@
<!-- login button -->
<div class="form-group">
<div class="col-sm-12">
<a ng-href="{{ AuthorizationURI }}?response_type=code&client_id={{ ClientID }}&redirect_uri={{ RedirectURI }}&scope={{ Scopes }}&state=portainer"><div class="btn btn-primary btn-sm pull-right" ng-if="AuthenticationMethod === 3" style="margin-left:2px"><i class="fa fa-sign-in-alt" aria-hidden="true"></i> OAuth Login</div></a>
<button type="submit" class="btn btn-primary btn-sm pull-right" ng-click="authenticateUser()"><i class="fa fa-sign-in-alt" aria-hidden="true"></i> Login</button>
<span class="pull-left" style="margin: 5px;" ng-if="state.AuthenticationError">
<span class="pull-left" style="margin: 5px;" ng-if="state.AuthenticationError">
<i class="fa fa-exclamation-triangle red-icon" aria-hidden="true" style="margin-right: 2px;"></i>
<span class="small text-danger">{{ state.AuthenticationError }}</span>
</span>
</div>
</div>
<!-- !login button -->
</form>
<!-- !login form -->

45
app/portainer/views/auth/authController.js
View file

@ -1,6 +1,6 @@
angular.module('portainer.app')
.controller('AuthenticationController', ['$q', '$scope', '$state', '$transition$', '$sanitize', 'Authentication', 'UserService', 'EndpointService', 'StateManager', 'Notifications', 'SettingsService',
function ($q, $scope, $state, $transition$, $sanitize, Authentication, UserService, EndpointService, StateManager, Notifications, SettingsService) {
.controller('AuthenticationController', ['$q', '$scope', '$state', '$transition$', '$sanitize', '$location', '$window', 'Authentication', 'UserService', 'EndpointService', 'StateManager', 'Notifications', 'SettingsService',
function ($q, $scope, $state, $transition$, $sanitize, $location, $window, Authentication, UserService, EndpointService, StateManager, Notifications, SettingsService) {
$scope.logo = StateManager.getState().application.logo;
@ -12,6 +12,16 @@ function ($q, $scope, $state, $transition$, $sanitize, Authentication, UserServi
$scope.state = {
AuthenticationError: ''
};
SettingsService.publicSettings()
.then(function success(settings) {
$scope.AuthenticationMethod = settings.AuthenticationMethod;
$scope.ClientID = settings.ClientID;
$scope.RedirectURI = settings.RedirectURI;
$scope.Scopes = settings.Scopes;
$scope.AuthorizationURI = settings.AuthorizationURI;
});
$scope.authenticateUser = function() {
var username = $scope.formValues.Username;
@ -74,6 +84,7 @@ function ($q, $scope, $state, $transition$, $sanitize, Authentication, UserServi
$state.go('portainer.init.endpoint');
} else {
$state.go('portainer.home');
$window.location.search = '';
}
})
.catch(function error(err) {
@ -100,5 +111,35 @@ function ($q, $scope, $state, $transition$, $sanitize, Authentication, UserServi
}
}
function oAuthLogin(code) {
Authentication.oAuthLogin(code)
.then(function success() {
$state.go('portainer.home');
$window.location.search = '';
})
.catch(function error() {
$scope.state.AuthenticationError = 'Failed to authenticate with OAuth2 Provider';
});
}
function getParameter(param) {
var URL = $location.absUrl();
var params = URL.split('?')[1];
if (params === undefined) {
return null;
}
params = params.split('&');
for (var i = 0; i < params.length; i++) {
var parameter = params[i].split('=');
if (parameter[0] === param) {
return parameter[1].split('#')[0];
}
}
return null;
}
initView();
if (getParameter('code') !== null) {
oAuthLogin(getParameter('code'));
}
}]);

120
app/portainer/views/settings/authentication/settingsAuthentication.html
View file

@ -37,6 +37,16 @@
<p>LDAP authentication</p>
</label>
</div>
<div>
<input type="radio" id="registry_auth" ng-model="settings.AuthenticationMethod" ng-value="3">
<label for="registry_auth">
<div class="boxselector_header">
<i class="fa fa-users" aria-hidden="true" style="margin-right: 2px;"></i>
OAuth
</div>
<p>OAuth authentication</p>
</label>
</div>
</div>
</div>
<div class="col-sm-12 form-section-title">
@ -52,6 +62,11 @@
When using LDAP authentication, Portainer will delegate user authentication to a LDAP server and fallback to internal authentication if LDAP authentication fails.
</span>
</div>
<div class="form-group" ng-if="settings.AuthenticationMethod === 3">
<span class="col-sm-12 text-muted small">
When using OAuth authentication, Portainer will allow users to optionally authenticate with an OAuth authorization server.
</span>
</div>
<div ng-if="settings.AuthenticationMethod === 2">
<div class="col-sm-12 form-section-title">
@ -306,7 +321,110 @@
<!-- !group-search-settings -->
</div>
<!-- actions -->
<div ng-if="settings.AuthenticationMethod === 3">
<div class="col-sm-12 form-section-title">
OAuth Configuration
</div>
<div class="form-group">
<label for="oauth_client_id" class="col-sm-3 col-lg-2 control-label text-left">
Client ID
<portainer-tooltip position="bottom" message="Client ID that authorization server supports"></portainer-tooltip>
</label>
<div class="col-sm-9 col-lg-10">
<input type="text" class="form-control" id="oauth_client_id" ng-model="OAuthSettings.ClientID" placeholder="xxxxxxxxxxxxxxxxxxxx">
</div>
</div>
<div class="form-group">
<label for="oauth_client_secret" class="col-sm-3 col-lg-2 control-label text-left">
Client Secret
<portainer-tooltip position="bottom" message="Client secret that authorization server supports"></portainer-tooltip>
</label>
<div class="col-sm-9 col-lg-10">
<input type="password" class="form-control" id="oauth_client_secret" ng-model="OAuthSettings.ClientSecret" placeholder="xxxxxxxxxxxxxxxxxxxx">
</div>
</div>
<div class="form-group">
<label for="oauth_authorization_uri" class="col-sm-3 col-lg-2 control-label text-left">
Authorization URI
<portainer-tooltip position="bottom" message="URI where the user is redirected in order to login with OAuth provider"></portainer-tooltip>
</label>
<div class="col-sm-9 col-lg-10">
<input type="text" class="form-control" id="oauth_authorization_uri" ng-model="OAuthSettings.AuthorizationURI" placeholder="https://example.com/oauth/authorize">
</div>
</div>
<div class="form-group">
<label for="oauth_access_token_uri" class="col-sm-3 col-lg-2 control-label text-left">
Access Token URI
<portainer-tooltip position="bottom" message="URI where portainer will attempt to obtain an access token"></portainer-tooltip>
</label>
<div class="col-sm-9 col-lg-10">
<input type="text" class="form-control" id="oauth_access_token_uri" ng-model="OAuthSettings.AccessTokenURI" placeholder="https://example.com/oauth/token">
</div>
</div>
<div class="form-group">
<label for="oauth_resource_uri" class="col-sm-3 col-lg-2 control-label text-left">
Resource URI
<portainer-tooltip position="bottom" message="URI where portainer will attempt to retrieve the user identifier value"></portainer-tooltip>
</label>
<div class="col-sm-9 col-lg-10">
<input type="text" class="form-control" id="oauth_resource_uri" ng-model="OAuthSettings.ResourceURI" placeholder="https://example.com/user">
</div>
</div>
<div class="form-group">
<label for="oauth_redirect_uri" class="col-sm-3 col-lg-2 control-label text-left">
Redirect URI
<portainer-tooltip position="bottom" message="Set this as your portainer index"></portainer-tooltip>
</label>
<div class="col-sm-9 col-lg-10">
<input type="text" class="form-control" id="oauth_redirect_uri" ng-model="OAuthSettings.RedirectURI" placeholder="http://yourportainer.com/">
</div>
</div>
<div class="form-group">
<label for="oauth_user_identifier" class="col-sm-3 col-lg-2 control-label text-left">
User Identifier
<portainer-tooltip position="bottom" message="Key that identifies the user in the resource server request"></portainer-tooltip>
</label>
<div class="col-sm-9 col-lg-10">
<input type="text" class="form-control" id="oauth_user_identifier" ng-model="OAuthSettings.UserIdentifier" placeholder="id">
</div>
</div>
<div class="form-group">
<label for="oauth_scopes" class="col-sm-3 col-lg-2 control-label text-left">
Scopes
<portainer-tooltip position="bottom" message="Scopes that are required to obtain the user identifier separated by delimiter if server expects it"></portainer-tooltip>
</label>
<div class="col-sm-9 col-lg-10">
<input type="text" class="form-control" id="oauth_scopes" ng-model="OAuthSettings.Scopes" placeholder="id,email,name">
</div>
</div>
<div class="form-group">
<span class="col-sm-12 text-muted small">
With automatic user provisioning enabled, Portainer will create user(s) automatically with standard user role. If disabled, users must be created in Portainer in order to login.
</span>
</div>
<div class="form-group">
<div class="col-sm-12">
<label for="oauth_provisioning">
Automatic user provisioning
</label>
<label class="switch" style="margin-left: 20px">
<input type="checkbox" ng-model="OAuthSettings.OAuthAutoCreateUsers"><i></i>
</label>
</div>
</div>
</div>
<!-- actions -->
<div class="form-group">
<div class="col-sm-12">
<button type="button" class="btn btn-primary btn-sm" ng-click="saveSettings()" ng-disabled="state.actionInProgress" button-spinner="state.actionInProgress">

1
app/portainer/views/settings/authentication/settingsAuthenticationController.js
View file

@ -97,6 +97,7 @@ function ($q, $scope, Notifications, SettingsService, FileUploadService) {
var settings = data;
$scope.settings = settings;
$scope.LDAPSettings = settings.LDAPSettings;
$scope.OAuthSettings = settings.OAuthSettings;
$scope.formValues.TLSCACert = settings.LDAPSettings.TLSConfig.TLSCACert;
})
.catch(function error(err) {