wiki
/
weseek__growi
-ын хуулбар https://github.com/weseek/growi


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494
							import React, { useEffect, useCallback } from 'react';

import { pathUtils } from '@growi/core/dist/utils';
import { useTranslation } from 'next-i18next';
import { useForm } from 'react-hook-form';
import urljoin from 'url-join';


import AdminGeneralSecurityContainer from '~/client/services/AdminGeneralSecurityContainer';
import AdminOidcSecurityContainer from '~/client/services/AdminOidcSecurityContainer';
import { toastSuccess, toastError } from '~/client/util/toastr';
import { useSiteUrl } from '~/stores-universal/context';

import { withUnstatedContainers } from '../../UnstatedUtils';

type Props = {
  adminGeneralSecurityContainer: AdminGeneralSecurityContainer;
  adminOidcSecurityContainer: AdminOidcSecurityContainer;
};

const OidcSecurityManagementContents = (props: Props) => {
  const { t } = useTranslation('admin');
  const { data: siteUrl } = useSiteUrl();

  const {
    adminGeneralSecurityContainer, adminOidcSecurityContainer,
  } = props;
  const { isOidcEnabled } = adminGeneralSecurityContainer.state;
  const {
    oidcProviderName, oidcIssuerHost, oidcClientId, oidcClientSecret,
    oidcAuthorizationEndpoint, oidcTokenEndpoint, oidcRevocationEndpoint, oidcIntrospectionEndpoint,
    oidcUserInfoEndpoint, oidcEndSessionEndpoint, oidcRegistrationEndpoint, oidcJWKSUri,
    oidcAttrMapId, oidcAttrMapUserName, oidcAttrMapName, oidcAttrMapEmail,
  } = adminOidcSecurityContainer.state;

  const oidcCallbackUrl = urljoin(
    siteUrl == null ? '' : pathUtils.removeTrailingSlash(siteUrl),
    '/passport/oidc/callback',
  );

  const { register, handleSubmit, reset } = useForm();

  useEffect(() => {
    reset({
      oidcProviderName,
      oidcIssuerHost,
      oidcClientId,
      oidcClientSecret,
      oidcAuthorizationEndpoint,
      oidcTokenEndpoint,
      oidcRevocationEndpoint,
      oidcIntrospectionEndpoint,
      oidcUserInfoEndpoint,
      oidcEndSessionEndpoint,
      oidcRegistrationEndpoint,
      oidcJWKSUri,
      oidcAttrMapId,
      oidcAttrMapUserName,
      oidcAttrMapName,
      oidcAttrMapEmail,
    });
  }, [
    reset, oidcProviderName, oidcIssuerHost, oidcClientId, oidcClientSecret,
    oidcAuthorizationEndpoint, oidcTokenEndpoint, oidcRevocationEndpoint, oidcIntrospectionEndpoint,
    oidcUserInfoEndpoint, oidcEndSessionEndpoint, oidcRegistrationEndpoint, oidcJWKSUri,
    oidcAttrMapId, oidcAttrMapUserName, oidcAttrMapName, oidcAttrMapEmail,
  ]);

  const onSubmit = useCallback(async(data) => {
    try {
      await adminOidcSecurityContainer.updateOidcSetting({
        oidcProviderName: data.oidcProviderName,
        oidcIssuerHost: data.oidcIssuerHost,
        oidcClientId: data.oidcClientId,
        oidcClientSecret: data.oidcClientSecret,
        oidcAuthorizationEndpoint: data.oidcAuthorizationEndpoint,
        oidcTokenEndpoint: data.oidcTokenEndpoint,
        oidcRevocationEndpoint: data.oidcRevocationEndpoint,
        oidcIntrospectionEndpoint: data.oidcIntrospectionEndpoint,
        oidcUserInfoEndpoint: data.oidcUserInfoEndpoint,
        oidcEndSessionEndpoint: data.oidcEndSessionEndpoint,
        oidcRegistrationEndpoint: data.oidcRegistrationEndpoint,
        oidcJWKSUri: data.oidcJWKSUri,
        oidcAttrMapId: data.oidcAttrMapId,
        oidcAttrMapUserName: data.oidcAttrMapUserName,
        oidcAttrMapName: data.oidcAttrMapName,
        oidcAttrMapEmail: data.oidcAttrMapEmail,
        isSameUsernameTreatedAsIdenticalUser: adminOidcSecurityContainer.state.isSameUsernameTreatedAsIdenticalUser,
        isSameEmailTreatedAsIdenticalUser: adminOidcSecurityContainer.state.isSameEmailTreatedAsIdenticalUser,
      });
      await adminGeneralSecurityContainer.retrieveSetupStratedies();
      toastSuccess(t('security_settings.OAuth.OIDC.updated_oidc'));
    }
    catch (err) {
      toastError(err);
    }
  }, [t, adminOidcSecurityContainer, adminGeneralSecurityContainer]);

  return (
    <>
      <h2 className="alert-anchor border-bottom">
        {t('security_settings.OAuth.OIDC.name')}
      </h2>

      <div className="row  my-4">
        <div className="offset-3 col-6">
          <div className="form-check form-switch form-check-success">
            <input
              id="isOidcEnabled"
              className="form-check-input"
              type="checkbox"
              checked={adminGeneralSecurityContainer.state.isOidcEnabled}
              onChange={() => { adminGeneralSecurityContainer.switchIsOidcEnabled() }}
            />
            <label className="form-label form-check-label" htmlFor="isOidcEnabled">
              {t('security_settings.OAuth.enable_oidc')}
            </label>
          </div>
          {(!adminGeneralSecurityContainer.state.setupStrategies.includes('oidc') && isOidcEnabled)
              && <div className="badge text-bg-warning">{t('security_settings.setup_is_not_yet_complete')}</div>}
        </div>
      </div>

      <div className="row mb-5">
        <label className="text-start text-md-end col-md-3 col-form-label">{t('security_settings.callback_URL')}</label>
        <div className="col-md-6">
          <input
            className="form-control"
            type="text"
            value={oidcCallbackUrl}
            readOnly
          />
          <p className="form-text text-muted small">{t('security_settings.desc_of_callback_URL', { AuthName: 'OAuth' })}</p>
          {(siteUrl == null || siteUrl === '') && (
            <div className="alert alert-danger">
              <span className="material-symbols-outlined">error</span>
              <span
                // eslint-disable-next-line max-len
                dangerouslySetInnerHTML={{ __html: t('alert.siteUrl_is_not_set', { link: `<a href="/admin/app">${t('headers.app_settings', { ns: 'commons' })}<span class="material-symbols-outlined">login</span></a>`, ns: 'commons' }) }}
              />
            </div>
          )}
        </div>
      </div>

      {isOidcEnabled && (
        <form onSubmit={handleSubmit(onSubmit)}>

          <h3 className="border-bottom mb-4">{t('security_settings.configuration')}</h3>

          <div className="row mb-4">
            <label htmlFor="oidcProviderName" className="text-start text-md-end col-md-3 col-form-label">{t('security_settings.providerName')}</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcProviderName')}
              />
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcIssuerHost" className="text-start text-md-end col-md-3 col-form-label">{t('security_settings.issuerHost')}</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcIssuerHost')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.Use env var if empty', { env: 'OAUTH_OIDC_ISSUER_HOST' }) }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcClientId" className="text-start text-md-end col-md-3 col-form-label">{t('security_settings.clientID')}</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcClientId')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.Use env var if empty', { env: 'OAUTH_OIDC_CLIENT_ID' }) }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcClientSecret" className="text-start text-md-end col-md-3 col-form-label">{t('security_settings.client_secret')}</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcClientSecret')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.Use env var if empty', { env: 'OAUTH_OIDC_CLIENT_SECRET' }) }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcAuthorizationEndpoint" className="text-start text-md-end col-md-3 col-form-label">
              {t('security_settings.authorization_endpoint')}
            </label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcAuthorizationEndpoint')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.Use discovered URL if empty') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcTokenEndpoint" className="text-start text-md-end col-md-3 col-form-label">{t('security_settings.token_endpoint')}</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcTokenEndpoint')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.Use discovered URL if empty') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcRevocationEndpoint" className="text-start text-md-end col-md-3 col-form-label">
              {t('security_settings.revocation_endpoint')}
            </label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcRevocationEndpoint')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.Use discovered URL if empty') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcIntrospectionEndpoint" className="text-start text-md-end col-md-3 col-form-label">
              {t('security_settings.introspection_endpoint')}
            </label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcIntrospectionEndpoint')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.Use discovered URL if empty') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcUserInfoEndpoint" className="text-start text-md-end col-md-3 col-form-label">
              {t('security_settings.userinfo_endpoint')}
            </label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcUserInfoEndpoint')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.Use discovered URL if empty') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcEndSessionEndpoint" className="text-start text-md-end col-md-3 col-form-label">
              {t('security_settings.end_session_endpoint')}
            </label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcEndSessionEndpoint')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.Use discovered URL if empty') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcRegistrationEndpoint" className="text-start text-md-end col-md-3 col-form-label">
              {t('security_settings.registration_endpoint')}
            </label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcRegistrationEndpoint')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.Use discovered URL if empty') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcJWKSUri" className="text-start text-md-end col-md-3 col-form-label">{t('security_settings.jwks_uri')}</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcJWKSUri')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.Use discovered URL if empty') }} />
              </p>
            </div>
          </div>

          <h3 className="alert-anchor border-bottom mb-4">
            Attribute Mapping ({t('optional')})
          </h3>

          <div className="row mb-4">
            <label htmlFor="oidcAttrMapId" className="text-start text-md-end col-md-3 col-form-label">Identifier</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcAttrMapId')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.id_detail') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcAttrMapUserName" className="text-start text-md-end col-md-3 col-form-label">{t('username')}</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcAttrMapUserName')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.username_detail') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcAttrMapName" className="text-start text-md-end col-md-3 col-form-label">{t('Name')}</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcAttrMapName')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.name_detail') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label htmlFor="oidcAttrMapEmail" className="text-start text-md-end col-md-3 col-form-label">{t('Email')}</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                {...register('oidcAttrMapEmail')}
              />
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.mapping_detail', { target: t('Email') }) }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <label className="form-label text-start text-md-end col-md-3 col-form-label">{t('security_settings.callback_URL')}</label>
            <div className="col-md-6">
              <input
                className="form-control"
                type="text"
                defaultValue={oidcCallbackUrl}
                readOnly
              />
              <p className="form-text text-muted small">{t('security_settings.desc_of_callback_URL', { AuthName: 'OAuth' })}</p>
              {(siteUrl == null || siteUrl === '') && (
                <div className="alert alert-danger">
                  <span className="material-symbols-outlined">error</span>
                  <span
                    // eslint-disable-next-line max-len
                    dangerouslySetInnerHTML={{ __html: t('alert.siteUrl_is_not_set', { link: `<a href="/admin/app">${t('headers.app_settings', { ns: 'commons' })}<span class="material-symbols-outlined">login</span></a>`, ns: 'commons' }) }}
                  />
                </div>
              )}
            </div>
          </div>

          <div className="row mb-4">
            <div className="offset-md-3 col-md-6">
              <div className="form-check form-check-success">
                <input
                  id="bindByUserName-oidc"
                  className="form-check-input"
                  type="checkbox"
                  checked={adminOidcSecurityContainer.state.isSameUsernameTreatedAsIdenticalUser}
                  onChange={() => { adminOidcSecurityContainer.switchIsSameUsernameTreatedAsIdenticalUser() }}
                />
                <label
                  className="form-label form-check-label"
                  htmlFor="bindByUserName-oidc"
                  dangerouslySetInnerHTML={{ __html: t('security_settings.Treat username matching as identical') }}
                />
              </div>
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.Treat username matching as identical_warn') }} />
              </p>
            </div>
          </div>

          <div className="row mb-4">
            <div className="offset-md-3 col-md-6">
              <div className="form-check form-check-success">
                <input
                  id="bindByEmail-oidc"
                  className="form-check-input"
                  type="checkbox"
                  checked={adminOidcSecurityContainer.state.isSameEmailTreatedAsIdenticalUser || false}
                  onChange={() => { adminOidcSecurityContainer.switchIsSameEmailTreatedAsIdenticalUser() }}
                />
                <label
                  className="form-label form-check-label"
                  htmlFor="bindByEmail-oidc"
                  dangerouslySetInnerHTML={{ __html: t('security_settings.Treat email matching as identical') }}
                />
              </div>
              <p className="form-text text-muted">
                <small dangerouslySetInnerHTML={{ __html: t('security_settings.Treat email matching as identical_warn') }} />
              </p>
            </div>
          </div>

          <div className="row my-3">
            <div className="offset-3 col-5">
              <button
                type="submit"
                className="btn btn-primary"
                disabled={adminOidcSecurityContainer.state.retrieveError != null}
              >
                {t('Update')}
              </button>
            </div>
          </div>
        </form>
      )}


      <hr />

      <div style={{ minHeight: '300px' }}>
        <h4>
          <span className="material-symbols-outlined" aria-hidden="true">help</span>
          <a href="#collapseHelpForOidcOauth" data-bs-toggle="collapse"> {t('security_settings.OAuth.how_to.oidc')}</a>
        </h4>
        <div className=" card custom-card bg-body-tertiary">
          <ol id="collapseHelpForOidcOauth" className="collapse mb-0">
            <li>{t('security_settings.OAuth.OIDC.register_1')}</li>
            <li dangerouslySetInnerHTML={{ __html: t('security_settings.OAuth.OIDC.register_2', { url: oidcCallbackUrl }) }} />
            <li>{t('security_settings.OAuth.OIDC.register_3')}</li>
          </ol>
        </div>
      </div>

    </>
  );
};

const OidcSecurityManagementContentsWrapper = withUnstatedContainers(OidcSecurityManagementContents, [
  AdminGeneralSecurityContainer,
  AdminOidcSecurityContainer,
]);

export default OidcSecurityManagementContentsWrapper;