From 827a77dd52d3af81f8a7f832b4100ba44516ec59 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Sat, 4 Apr 2026 21:35:11 +0100 Subject: [PATCH] web/admin: more and more polish (#21303) * fix user edit button Signed-off-by: Jens Langhammer * fix impersonate button not aligned Signed-off-by: Jens Langhammer * cleanup oauth2 provider page Signed-off-by: Jens Langhammer * better desc for outpost health Signed-off-by: Jens Langhammer * fix static table not updating when items change Signed-off-by: Jens Langhammer * fix lint Signed-off-by: Jens Langhammer * include oidc providers in ssf provider retrieve Signed-off-by: Jens Langhammer * consistent oauth provider label Signed-off-by: Jens Langhammer * rework ssf view page Signed-off-by: Jens Langhammer * make client-rust makefile on macos specifically when gnu sed is installed in the path Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- .../enterprise/providers/ssf/api/providers.py | 7 +- packages/client-go/model_ssf_provider.go | 31 ++- packages/client-rust/Makefile | 2 +- .../client-rust/src/models/ssf_provider.rs | 4 + packages/client-ts/src/models/SSFProvider.ts | 17 +- schema.yml | 6 + .../connectors/agent/AgentConnectorForm.ts | 2 +- web/src/admin/outposts/OutpostViewPage.ts | 3 + web/src/admin/policies/BoundPoliciesList.ts | 1 - .../oauth2/OAuth2ProviderFormForm.ts | 2 +- .../oauth2/OAuth2ProviderViewPage.ts | 179 +++++++----------- .../providers/proxy/ProxyProviderFormForm.ts | 2 +- .../providers/ssf/SSFProviderFormPage.ts | 2 +- .../providers/ssf/SSFProviderViewPage.ts | 99 +++++----- web/src/admin/users/UserViewPage.ts | 2 +- web/src/elements/table/StaticTable.ts | 8 + web/src/elements/table/Table.css | 9 - 17 files changed, 199 insertions(+), 177 deletions(-) diff --git a/authentik/enterprise/providers/ssf/api/providers.py b/authentik/enterprise/providers/ssf/api/providers.py index ad1dfefda6..07fd68108e 100644 --- a/authentik/enterprise/providers/ssf/api/providers.py +++ b/authentik/enterprise/providers/ssf/api/providers.py @@ -18,6 +18,10 @@ class SSFProviderSerializer(EnterpriseRequiredMixin, ProviderSerializer): ssf_url = SerializerMethodField() token_obj = TokenSerializer(source="token", required=False, read_only=True) + oidc_auth_providers_obj = ProviderSerializer( + read_only=True, source="oidc_auth_providers", many=True + ) + def get_ssf_url(self, instance: SSFProvider) -> str | None: request: Request = self._context.get("request") if not request: @@ -45,6 +49,7 @@ class SSFProviderSerializer(EnterpriseRequiredMixin, ProviderSerializer): "signing_key", "token_obj", "oidc_auth_providers", + "oidc_auth_providers_obj", "ssf_url", "event_retention", ] @@ -54,7 +59,7 @@ class SSFProviderSerializer(EnterpriseRequiredMixin, ProviderSerializer): class SSFProviderViewSet(UsedByMixin, ModelViewSet): """SSFProvider Viewset""" - queryset = SSFProvider.objects.all() + queryset = SSFProvider.objects.all().prefetch_related("oidc_auth_providers") serializer_class = SSFProviderSerializer filterset_fields = { "application": ["isnull"], diff --git a/packages/client-go/model_ssf_provider.go b/packages/client-go/model_ssf_provider.go index b588b9852c..3ea283366a 100644 --- a/packages/client-go/model_ssf_provider.go +++ b/packages/client-go/model_ssf_provider.go @@ -35,6 +35,7 @@ type SSFProvider struct { SigningKey string `json:"signing_key"` TokenObj Token `json:"token_obj"` OidcAuthProviders []int32 `json:"oidc_auth_providers,omitempty"` + OidcAuthProvidersObj []Provider `json:"oidc_auth_providers_obj"` SsfUrl NullableString `json:"ssf_url"` EventRetention *string `json:"event_retention,omitempty"` AdditionalProperties map[string]interface{} @@ -46,7 +47,7 @@ type _SSFProvider SSFProvider // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewSSFProvider(pk int32, name string, component string, verboseName string, verboseNamePlural string, metaModelName string, signingKey string, tokenObj Token, ssfUrl NullableString) *SSFProvider { +func NewSSFProvider(pk int32, name string, component string, verboseName string, verboseNamePlural string, metaModelName string, signingKey string, tokenObj Token, oidcAuthProvidersObj []Provider, ssfUrl NullableString) *SSFProvider { this := SSFProvider{} this.Pk = pk this.Name = name @@ -56,6 +57,7 @@ func NewSSFProvider(pk int32, name string, component string, verboseName string, this.MetaModelName = metaModelName this.SigningKey = signingKey this.TokenObj = tokenObj + this.OidcAuthProvidersObj = oidcAuthProvidersObj this.SsfUrl = ssfUrl return &this } @@ -292,6 +294,30 @@ func (o *SSFProvider) SetOidcAuthProviders(v []int32) { o.OidcAuthProviders = v } +// GetOidcAuthProvidersObj returns the OidcAuthProvidersObj field value +func (o *SSFProvider) GetOidcAuthProvidersObj() []Provider { + if o == nil { + var ret []Provider + return ret + } + + return o.OidcAuthProvidersObj +} + +// GetOidcAuthProvidersObjOk returns a tuple with the OidcAuthProvidersObj field value +// and a boolean to check if the value has been set. +func (o *SSFProvider) GetOidcAuthProvidersObjOk() ([]Provider, bool) { + if o == nil { + return nil, false + } + return o.OidcAuthProvidersObj, true +} + +// SetOidcAuthProvidersObj sets field value +func (o *SSFProvider) SetOidcAuthProvidersObj(v []Provider) { + o.OidcAuthProvidersObj = v +} + // GetSsfUrl returns the SsfUrl field value // If the value is explicit nil, the zero value for string will be returned func (o *SSFProvider) GetSsfUrl() string { @@ -371,6 +397,7 @@ func (o SSFProvider) ToMap() (map[string]interface{}, error) { if !IsNil(o.OidcAuthProviders) { toSerialize["oidc_auth_providers"] = o.OidcAuthProviders } + toSerialize["oidc_auth_providers_obj"] = o.OidcAuthProvidersObj toSerialize["ssf_url"] = o.SsfUrl.Get() if !IsNil(o.EventRetention) { toSerialize["event_retention"] = o.EventRetention @@ -396,6 +423,7 @@ func (o *SSFProvider) UnmarshalJSON(data []byte) (err error) { "meta_model_name", "signing_key", "token_obj", + "oidc_auth_providers_obj", "ssf_url", } @@ -435,6 +463,7 @@ func (o *SSFProvider) UnmarshalJSON(data []byte) (err error) { delete(additionalProperties, "signing_key") delete(additionalProperties, "token_obj") delete(additionalProperties, "oidc_auth_providers") + delete(additionalProperties, "oidc_auth_providers_obj") delete(additionalProperties, "ssf_url") delete(additionalProperties, "event_retention") o.AdditionalProperties = additionalProperties diff --git a/packages/client-rust/Makefile b/packages/client-rust/Makefile index 0a58e8cb8f..7dbcf8f2aa 100644 --- a/packages/client-rust/Makefile +++ b/packages/client-rust/Makefile @@ -5,7 +5,7 @@ GID = $(shell id -g) UNAME_S := $(shell uname -s) ifeq ($(UNAME_S),Darwin) - SED_INPLACE = sed -i '' + SED_INPLACE = /usr/bin/sed -i '' else SED_INPLACE = sed -i endif diff --git a/packages/client-rust/src/models/ssf_provider.rs b/packages/client-rust/src/models/ssf_provider.rs index e905f22f70..62c9cb09b2 100644 --- a/packages/client-rust/src/models/ssf_provider.rs +++ b/packages/client-rust/src/models/ssf_provider.rs @@ -39,6 +39,8 @@ pub struct SsfProvider { skip_serializing_if = "Option::is_none" )] pub oidc_auth_providers: Option>, + #[serde(rename = "oidc_auth_providers_obj")] + pub oidc_auth_providers_obj: Vec, #[serde(rename = "ssf_url", deserialize_with = "Option::deserialize")] pub ssf_url: Option, #[serde(rename = "event_retention", skip_serializing_if = "Option::is_none")] @@ -56,6 +58,7 @@ impl SsfProvider { meta_model_name: String, signing_key: uuid::Uuid, token_obj: models::Token, + oidc_auth_providers_obj: Vec, ssf_url: Option, ) -> SsfProvider { SsfProvider { @@ -68,6 +71,7 @@ impl SsfProvider { signing_key, token_obj, oidc_auth_providers: None, + oidc_auth_providers_obj, ssf_url, event_retention: None, } diff --git a/packages/client-ts/src/models/SSFProvider.ts b/packages/client-ts/src/models/SSFProvider.ts index ff782534b7..bdcd7c7ffc 100644 --- a/packages/client-ts/src/models/SSFProvider.ts +++ b/packages/client-ts/src/models/SSFProvider.ts @@ -20,6 +20,13 @@ import { TokenToJSON, TokenToJSONTyped, } from './Token'; +import type { Provider } from './Provider'; +import { + ProviderFromJSON, + ProviderFromJSONTyped, + ProviderToJSON, + ProviderToJSONTyped, +} from './Provider'; /** * SSFProvider Serializer @@ -81,6 +88,12 @@ export interface SSFProvider { * @memberof SSFProvider */ oidcAuthProviders?: Array; + /** + * + * @type {Array} + * @memberof SSFProvider + */ + readonly oidcAuthProvidersObj: Array; /** * * @type {string} @@ -107,6 +120,7 @@ export function instanceOfSSFProvider(value: object): value is SSFProvider { if (!('metaModelName' in value) || value['metaModelName'] === undefined) return false; if (!('signingKey' in value) || value['signingKey'] === undefined) return false; if (!('tokenObj' in value) || value['tokenObj'] === undefined) return false; + if (!('oidcAuthProvidersObj' in value) || value['oidcAuthProvidersObj'] === undefined) return false; if (!('ssfUrl' in value) || value['ssfUrl'] === undefined) return false; return true; } @@ -130,6 +144,7 @@ export function SSFProviderFromJSONTyped(json: any, ignoreDiscriminator: boolean 'signingKey': json['signing_key'], 'tokenObj': TokenFromJSON(json['token_obj']), 'oidcAuthProviders': json['oidc_auth_providers'] == null ? undefined : json['oidc_auth_providers'], + 'oidcAuthProvidersObj': ((json['oidc_auth_providers_obj'] as Array).map(ProviderFromJSON)), 'ssfUrl': json['ssf_url'], 'eventRetention': json['event_retention'] == null ? undefined : json['event_retention'], }; @@ -139,7 +154,7 @@ export function SSFProviderToJSON(json: any): SSFProvider { return SSFProviderToJSONTyped(json, false); } -export function SSFProviderToJSONTyped(value?: Omit | null, ignoreDiscriminator: boolean = false): any { +export function SSFProviderToJSONTyped(value?: Omit | null, ignoreDiscriminator: boolean = false): any { if (value == null) { return value; } diff --git a/schema.yml b/schema.yml index 0f567ab443..28f268e39f 100644 --- a/schema.yml +++ b/schema.yml @@ -54685,6 +54685,11 @@ components: type: array items: type: integer + oidc_auth_providers_obj: + type: array + items: + $ref: '#/components/schemas/Provider' + readOnly: true ssf_url: type: string nullable: true @@ -54695,6 +54700,7 @@ components: - component - meta_model_name - name + - oidc_auth_providers_obj - pk - signing_key - ssf_url diff --git a/web/src/admin/endpoints/connectors/agent/AgentConnectorForm.ts b/web/src/admin/endpoints/connectors/agent/AgentConnectorForm.ts index 2fcaba9e0f..33a4ae0a9d 100644 --- a/web/src/admin/endpoints/connectors/agent/AgentConnectorForm.ts +++ b/web/src/admin/endpoints/connectors/agent/AgentConnectorForm.ts @@ -120,7 +120,7 @@ export class AgentConnectorForm extends WithBrandConfig(ModelForm +
+ ${msg(str`${healthyCount}/${totalCount} instances are healthy.`)} +
extends `; } else if (item.user) { return html`
-
-
- ${msg("Client ID")} -
-
-
- ${this.provider.clientId} -
-
-
-
-
- ${msg("Redirect URIs")} -
-
-
-
    - ${this.provider.redirectUris.map((ru) => { - return html`
  • - ${ru.matchingMode}: ${ru.url} -
    • `; - })} -
-
-
-
-
-
- ${msg("Logout URI")} -
-
-
- ${this.provider.logoutUri} -
-
-
- ${msg("Logout Method")} -
-
-
- ${this.provider.logoutMethod === - OAuth2ProviderLogoutMethodEnum.Backchannel - ? msg("Back-channel") - : this.provider.logoutMethod === - OAuth2ProviderLogoutMethodEnum.Frontchannel - ? msg("Front-channel") - : msg("")} -
-
-
- - -
- - ${msg("Save Changes")} - ${msg("Update OAuth2 Provider")} - - - - + ${msg("Edit")} + + `, + ], + ])}
@@ -345,7 +294,11 @@ export class OAuth2ProviderViewPage extends AKElement { value="${this.providerUrls?.issuer || msg("-")}" />
-
+ + +
+
+
diff --git a/web/src/admin/providers/proxy/ProxyProviderFormForm.ts b/web/src/admin/providers/proxy/ProxyProviderFormForm.ts index 9b8aa8194b..4c624b0177 100644 --- a/web/src/admin/providers/proxy/ProxyProviderFormForm.ts +++ b/web/src/admin/providers/proxy/ProxyProviderFormForm.ts @@ -334,7 +334,7 @@ ${provider.skipPathRegex} {
-
-
-
- ${msg("Name")} -
-
-
- ${this.provider.name} -
-
-
-
-
- ${msg("URL")} -
-
-
- -
-
-
-
-
-
- - ${msg("Save Changes")} - ${msg("Update SSF Provider")} - - - - + ${renderDescriptionList([ + [msg("Name"), html`${this.provider.name}`], + [ + msg("URL"), + html``, + ], + [ + msg("Federated OAuth2/OpenID Providers"), + (this.provider.oidcAuthProvidersObj || []).length > 0 + ? html`
    + ${this.provider.oidcAuthProvidersObj.map((provider) => { + return html` +
  • + + ${provider.name} + +
    • + `; + })} +
` + : html`-`, + ], + [ + msg("Related actions"), + html` + ${msg("Save Changes")} + ${msg("Update SSF Provider")} + + + + `, + ], + ])}
diff --git a/web/src/admin/users/UserViewPage.ts b/web/src/admin/users/UserViewPage.ts index 208225f144..1cfd84d31f 100644 --- a/web/src/admin/users/UserViewPage.ts +++ b/web/src/admin/users/UserViewPage.ts @@ -176,7 +176,7 @@ export class UserViewPage extends WithBrandConfig(WithCapabilitiesConfig(WithSes ${showImpersonate ? html`