import React, { useEffect, useCallback } from 'react'; import { pathUtils } from '@growi/core/dist/utils'; import { useTranslation } from 'next-i18next'; import { useForm } from 'react-hook-form'; import urljoin from 'url-join'; import AdminGeneralSecurityContainer from '~/client/services/AdminGeneralSecurityContainer'; import AdminOidcSecurityContainer from '~/client/services/AdminOidcSecurityContainer'; import { toastSuccess, toastError } from '~/client/util/toastr'; import { useSiteUrlWithEmptyValueWarn } from '~/states/global'; import { withUnstatedContainers } from '../../UnstatedUtils'; type Props = { adminGeneralSecurityContainer: AdminGeneralSecurityContainer; adminOidcSecurityContainer: AdminOidcSecurityContainer; }; const OidcSecurityManagementContents = (props: Props) => { const { t } = useTranslation('admin'); const siteUrl = useSiteUrlWithEmptyValueWarn(); const { adminGeneralSecurityContainer, adminOidcSecurityContainer, } = props; const { isOidcEnabled } = adminGeneralSecurityContainer.state; const { oidcProviderName, oidcIssuerHost, oidcClientId, oidcClientSecret, oidcAuthorizationEndpoint, oidcTokenEndpoint, oidcRevocationEndpoint, oidcIntrospectionEndpoint, oidcUserInfoEndpoint, oidcEndSessionEndpoint, oidcRegistrationEndpoint, oidcJWKSUri, oidcAttrMapId, oidcAttrMapUserName, oidcAttrMapName, oidcAttrMapEmail, } = adminOidcSecurityContainer.state; const oidcCallbackUrl = urljoin(pathUtils.removeTrailingSlash(siteUrl), '/passport/oidc/callback'); const { register, handleSubmit, reset } = useForm(); useEffect(() => { reset({ oidcProviderName, oidcIssuerHost, oidcClientId, oidcClientSecret, oidcAuthorizationEndpoint, oidcTokenEndpoint, oidcRevocationEndpoint, oidcIntrospectionEndpoint, oidcUserInfoEndpoint, oidcEndSessionEndpoint, oidcRegistrationEndpoint, oidcJWKSUri, oidcAttrMapId, oidcAttrMapUserName, oidcAttrMapName, oidcAttrMapEmail, }); }, [ reset, oidcProviderName, oidcIssuerHost, oidcClientId, oidcClientSecret, oidcAuthorizationEndpoint, oidcTokenEndpoint, oidcRevocationEndpoint, oidcIntrospectionEndpoint, oidcUserInfoEndpoint, oidcEndSessionEndpoint, oidcRegistrationEndpoint, oidcJWKSUri, oidcAttrMapId, oidcAttrMapUserName, oidcAttrMapName, oidcAttrMapEmail, ]); const onSubmit = useCallback(async(data) => { try { await adminOidcSecurityContainer.updateOidcSetting({ oidcProviderName: data.oidcProviderName, oidcIssuerHost: data.oidcIssuerHost, oidcClientId: data.oidcClientId, oidcClientSecret: data.oidcClientSecret, oidcAuthorizationEndpoint: data.oidcAuthorizationEndpoint, oidcTokenEndpoint: data.oidcTokenEndpoint, oidcRevocationEndpoint: data.oidcRevocationEndpoint, oidcIntrospectionEndpoint: data.oidcIntrospectionEndpoint, oidcUserInfoEndpoint: data.oidcUserInfoEndpoint, oidcEndSessionEndpoint: data.oidcEndSessionEndpoint, oidcRegistrationEndpoint: data.oidcRegistrationEndpoint, oidcJWKSUri: data.oidcJWKSUri, oidcAttrMapId: data.oidcAttrMapId, oidcAttrMapUserName: data.oidcAttrMapUserName, oidcAttrMapName: data.oidcAttrMapName, oidcAttrMapEmail: data.oidcAttrMapEmail, isSameUsernameTreatedAsIdenticalUser: adminOidcSecurityContainer.state.isSameUsernameTreatedAsIdenticalUser, isSameEmailTreatedAsIdenticalUser: adminOidcSecurityContainer.state.isSameEmailTreatedAsIdenticalUser, }); await adminGeneralSecurityContainer.retrieveSetupStratedies(); toastSuccess(t('security_settings.OAuth.OIDC.updated_oidc')); } catch (err) { toastError(err); } }, [t, adminOidcSecurityContainer, adminGeneralSecurityContainer]); return ( <>

{t('security_settings.OAuth.OIDC.name')}

{ adminGeneralSecurityContainer.switchIsOidcEnabled() }} /> {t('security_settings.OAuth.enable_oidc')}

{(!adminGeneralSecurityContainer.state.setupStrategies.includes('oidc') && isOidcEnabled) &&

{t('security_settings.setup_is_not_yet_complete')}

}

{t('security_settings.callback_URL')}

{t('security_settings.desc_of_callback_URL', { AuthName: 'OAuth' })}

{(siteUrl == null || siteUrl === '') && (

error ${t('headers.app_settings', { ns: 'commons' })}login`, ns: 'commons' }) }} />

)}

{isOidcEnabled && (

{t('security_settings.configuration')}

{t('security_settings.providerName')}

{t('security_settings.issuerHost')}

{t('security_settings.clientID')}

{t('security_settings.client_secret')}

{t('security_settings.authorization_endpoint')}

{t('security_settings.token_endpoint')}

{t('security_settings.revocation_endpoint')}

{t('security_settings.introspection_endpoint')}

{t('security_settings.userinfo_endpoint')}

{t('security_settings.end_session_endpoint')}

{t('security_settings.registration_endpoint')}

{t('security_settings.jwks_uri')}

Attribute Mapping ({t('optional')})

Identifier

{t('username')}

{t('Name')}

{t('Email')}

{t('security_settings.callback_URL')}

{t('security_settings.desc_of_callback_URL', { AuthName: 'OAuth' })}

{(siteUrl == null || siteUrl === '') && (

error ${t('headers.app_settings', { ns: 'commons' })}login`, ns: 'commons' }) }} />

)}

{ adminOidcSecurityContainer.switchIsSameUsernameTreatedAsIdenticalUser() }} />

{ adminOidcSecurityContainer.switchIsSameEmailTreatedAsIdenticalUser() }} />

)}

{t('security_settings.OAuth.how_to.oidc')}

{t('security_settings.OAuth.OIDC.register_1')}
{t('security_settings.OAuth.OIDC.register_3')}

); }; const OidcSecurityManagementContentsWrapper = withUnstatedContainers(OidcSecurityManagementContents, [ AdminGeneralSecurityContainer, AdminOidcSecurityContainer, ]); export default OidcSecurityManagementContentsWrapper;

{t('security_settings.OAuth.OIDC.name')}

{t('security_settings.configuration')}

Attribute Mapping ({t('optional')})

help {t('security_settings.OAuth.how_to.oidc')}

{t('security_settings.OAuth.how_to.oidc')}