| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559 |
- /* eslint-disable react/no-danger */
- import React from 'react';
- import { pathUtils } from '@growi/core/dist/utils';
- import { useTranslation } from 'next-i18next';
- import PropTypes from 'prop-types';
- import { Collapse } from 'reactstrap';
- import urljoin from 'url-join';
- import AdminGeneralSecurityContainer from '~/client/services/AdminGeneralSecurityContainer';
- import AdminSamlSecurityContainer from '~/client/services/AdminSamlSecurityContainer';
- import { toastSuccess, toastError } from '~/client/util/toastr';
- import { useSiteUrl } from '~/stores/context';
- import { withUnstatedContainers } from '../../UnstatedUtils';
- class SamlSecurityManagementContents extends React.Component {
- constructor(props) {
- super(props);
- this.state = {
- isHelpOpened: false,
- };
- this.onClickSubmit = this.onClickSubmit.bind(this);
- }
- async onClickSubmit() {
- const { t, adminSamlSecurityContainer, adminGeneralSecurityContainer } = this.props;
- try {
- await adminSamlSecurityContainer.updateSamlSetting();
- await adminGeneralSecurityContainer.retrieveSetupStratedies();
- toastSuccess(t('security_settings.SAML.updated_saml'));
- }
- catch (err) {
- toastError(err);
- }
- }
- render() {
- const {
- t, adminGeneralSecurityContainer, adminSamlSecurityContainer, siteUrl,
- } = this.props;
- const { useOnlyEnvVars } = adminSamlSecurityContainer.state;
- const { isSamlEnabled } = adminGeneralSecurityContainer.state;
- const samlCallbackUrl = urljoin(pathUtils.removeTrailingSlash(siteUrl), '/passport/saml/callback');
- return (
- <React.Fragment>
- <h2 className="alert-anchor border-bottom">
- {t('security_settings.SAML.name')}
- </h2>
- {useOnlyEnvVars && (
- <p
- className="alert alert-info"
- dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.note for the only env option', { env: 'SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS' }) }}
- />
- )}
- <div className="row form-group mb-5">
- <div className="col-6 offset-3">
- <div className="custom-control custom-switch custom-checkbox-success">
- <input
- id="isSamlEnabled"
- className="custom-control-input"
- type="checkbox"
- checked={adminGeneralSecurityContainer.state.isSamlEnabled}
- onChange={() => { adminGeneralSecurityContainer.switchIsSamlEnabled() }}
- disabled={adminSamlSecurityContainer.state.useOnlyEnvVars}
- />
- <label className="custom-control-label" htmlFor="isSamlEnabled">
- {t('security_settings.SAML.enable_saml')}
- </label>
- </div>
- {(!adminGeneralSecurityContainer.state.setupStrategies.includes('saml') && isSamlEnabled)
- && <div className="badge bg-warning">{t('security_settings.setup_is_not_yet_complete')}</div>}
- </div>
- </div>
- <div className="row form-group mb-5">
- <label className="text-left text-md-right col-md-3 col-form-label">{t('security_settings.callback_URL')}</label>
- <div className="col-md-6">
- <input
- className="form-control"
- type="text"
- defaultValue={samlCallbackUrl}
- readOnly
- />
- <p className="form-text text-muted small">{t('security_settings.desc_of_callback_URL', { AuthName: 'SAML Identity' })}</p>
- {(siteUrl == null || siteUrl === '') && (
- <div className="alert alert-danger">
- <i
- className="icon-exclamation"
- // eslint-disable-next-line max-len
- dangerouslySetInnerHTML={{ __html: t('alert.siteUrl_is_not_set', { link: `<a href="/admin/app">${t('headers.app_settings', { ns: 'commons' })}<i class="icon-login"></i></a>`, ns: 'commons' }) }}
- />
- </div>
- )}
- </div>
- </div>
- {isSamlEnabled && (
- <React.Fragment>
- {(adminSamlSecurityContainer.state.missingMandatoryConfigKeys.length !== 0) && (
- <div className="alert alert-danger">
- {t('security_settings.missing mandatory configs')}
- <ul>
- {adminSamlSecurityContainer.state.missingMandatoryConfigKeys.map((configKey) => {
- const key = configKey.replace('security:passport-saml:', '');
- return <li key={configKey}>{t(`security_settings.form_item_name.${key}`)}</li>;
- })}
- </ul>
- </div>
- )}
- <h3 className="alert-anchor border-bottom">
- Basic Settings
- </h3>
- <table className={`table settings-table ${useOnlyEnvVars && 'use-only-env-vars'}`}>
- <colgroup>
- <col className="item-name" />
- <col className="from-db" />
- <col className="from-env-vars" />
- </colgroup>
- <thead>
- <tr><th></th><th>Database</th><th>Environment variables</th></tr>
- </thead>
- <tbody>
- <tr>
- <th>{t('security_settings.form_item_name.entryPoint')}</th>
- <td>
- <input
- className="form-control"
- type="text"
- name="samlEntryPoint"
- readOnly={useOnlyEnvVars}
- defaultValue={adminSamlSecurityContainer.state.samlEntryPoint}
- onChange={e => adminSamlSecurityContainer.changeSamlEntryPoint(e.target.value)}
- />
- </td>
- <td>
- <input
- className="form-control"
- type="text"
- value={adminSamlSecurityContainer.state.envEntryPoint || ''}
- readOnly
- />
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.Use env var if empty', { env: 'SAML_ENTRY_POINT' }) }} />
- </p>
- </td>
- </tr>
- <tr>
- <th>{t('security_settings.form_item_name.issuer')}</th>
- <td>
- <input
- className="form-control"
- type="text"
- name="samlEnvVarissuer"
- readOnly={useOnlyEnvVars}
- defaultValue={adminSamlSecurityContainer.state.samlIssuer}
- onChange={e => adminSamlSecurityContainer.changeSamlIssuer(e.target.value)}
- />
- </td>
- <td>
- <input
- className="form-control"
- type="text"
- value={adminSamlSecurityContainer.state.envIssuer || ''}
- readOnly
- />
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.Use env var if empty', { env: 'SAML_ISSUER' }) }} />
- </p>
- </td>
- </tr>
- <tr>
- <th>{t('security_settings.form_item_name.cert')}</th>
- <td>
- <textarea
- className="form-control form-control-sm"
- type="text"
- rows="5"
- name="samlCert"
- readOnly={useOnlyEnvVars}
- defaultValue={adminSamlSecurityContainer.state.samlCert}
- onChange={e => adminSamlSecurityContainer.changeSamlCert(e.target.value)}
- />
- <p>
- <small>
- {t('security_settings.SAML.cert_detail')}
- </small>
- </p>
- <div>
- <small>
- e.g.
- <pre className="well card">{`-----BEGIN CERTIFICATE-----
- MIICBzCCAXACCQD4US7+0A/b/zANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJK
- UDEOMAwGA1UECAwFVG9reW8xFTATBgNVBAoMDFdFU0VFSywgSW5jLjESMBAGA1UE
- ...
- crmVwBzbloUO2l6k1ibwD2WVwpdxMKIF5z58HfKAvxZAzCHE7kMEZr1ge30WRXQA
- pWVdnzS1VCO8fKsJ7YYIr+JmHvseph3kFUOI5RqkCcMZlKUv83aUThsTHw==
- -----END CERTIFICATE-----
- `}
- </pre>
- </small>
- </div>
- </td>
- <td>
- <textarea
- className="form-control form-control-sm"
- type="text"
- rows="5"
- readOnly
- value={adminSamlSecurityContainer.state.envCert || ''}
- />
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.Use env var if empty', { env: 'SAML_CERT' }) }} />
- </p>
- </td>
- </tr>
- </tbody>
- </table>
- <h3 className="alert-anchor border-bottom">
- Attribute Mapping
- </h3>
- <table className="table settings-table">
- <colgroup>
- <col className="item-name" />
- <col className="from-db" />
- <col className="from-env-vars" />
- </colgroup>
- <thead>
- <tr><th></th><th>Database</th><th>Environment variables</th></tr>
- </thead>
- <tbody>
- <tr>
- <th>{t('security_settings.form_item_name.attrMapId')}</th>
- <td>
- <input
- className="form-control"
- type="text"
- defaultValue={adminSamlSecurityContainer.state.samlAttrMapId}
- onChange={e => adminSamlSecurityContainer.changeSamlAttrMapId(e.target.value)}
- />
- <p className="form-text text-muted">
- <small>
- {t('security_settings.SAML.id_detail')}
- </small>
- </p>
- </td>
- <td>
- <input
- className="form-control"
- type="text"
- value={adminSamlSecurityContainer.state.envAttrMapId || ''}
- readOnly
- />
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.Use env var if empty', { env: 'SAML_ATTR_MAPPING_ID' }) }} />
- </p>
- </td>
- </tr>
- <tr>
- <th>{t('security_settings.form_item_name.attrMapUsername')}</th>
- <td>
- <input
- className="form-control"
- type="text"
- defaultValue={adminSamlSecurityContainer.state.samlAttrMapUsername}
- onChange={e => adminSamlSecurityContainer.changeSamlAttrMapUserName(e.target.value)}
- />
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.username_detail') }} />
- </p>
- </td>
- <td>
- <input
- className="form-control"
- type="text"
- value={adminSamlSecurityContainer.state.envAttrMapUsername || ''}
- readOnly
- />
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.Use env var if empty', { env: 'SAML_ATTR_MAPPING_USERNAME' }) }} />
- </p>
- </td>
- </tr>
- <tr>
- <th>{t('security_settings.form_item_name.attrMapMail')}</th>
- <td>
- <input
- className="form-control"
- type="text"
- defaultValue={adminSamlSecurityContainer.state.samlAttrMapMail}
- onChange={e => adminSamlSecurityContainer.changeSamlAttrMapMail(e.target.value)}
- />
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.mapping_detail', { target: 'Email' }) }} />
- </p>
- </td>
- <td>
- <input
- className="form-control"
- type="text"
- value={adminSamlSecurityContainer.state.envAttrMapMail || ''}
- readOnly
- />
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.Use env var if empty', { env: 'SAML_ATTR_MAPPING_MAIL' }) }} />
- </p>
- </td>
- </tr>
- <tr>
- <th>{t('security_settings.form_item_name.attrMapFirstName')}</th>
- <td>
- <input
- className="form-control"
- type="text"
- defaultValue={adminSamlSecurityContainer.state.samlAttrMapFirstName}
- onChange={e => adminSamlSecurityContainer.changeSamlAttrMapFirstName(e.target.value)}
- />
- <p className="form-text text-muted">
- {/* eslint-disable-next-line max-len */}
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.mapping_detail', { target: t('security_settings.form_item_name.attrMapFirstName') }) }} />
- </p>
- </td>
- <td>
- <input
- className="form-control"
- type="text"
- value={adminSamlSecurityContainer.state.envAttrMapFirstName || ''}
- readOnly
- />
- <p className="form-text text-muted">
- <small>
- <span dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.Use env var if empty', { env: 'SAML_ATTR_MAPPING_FIRST_NAME' }) }} />
- <br />
- <span dangerouslySetInnerHTML={{ __html: t('security_settings.Use default if both are empty', { target: 'firstName' }) }} />
- </small>
- </p>
- </td>
- </tr>
- <tr>
- <th>{t('security_settings.form_item_name.attrMapLastName')}</th>
- <td>
- <input
- className="form-control"
- type="text"
- defaultValue={adminSamlSecurityContainer.state.samlAttrMapLastName}
- onChange={e => adminSamlSecurityContainer.changeSamlAttrMapLastName(e.target.value)}
- />
- <p className="form-text text-muted">
- {/* eslint-disable-next-line max-len */}
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.mapping_detail', { target: t('security_settings.form_item_name.attrMapLastName') }) }} />
- </p>
- </td>
- <td>
- <input
- className="form-control"
- type="text"
- value={adminSamlSecurityContainer.state.envAttrMapLastName || ''}
- readOnly
- />
- <p className="form-text text-muted">
- <small>
- <span dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.Use env var if empty', { env: 'SAML_ATTR_MAPPING_LAST_NAME' }) }} />
- <br />
- <span dangerouslySetInnerHTML={{ __html: t('security_settings.Use default if both are empty', { target: 'lastName' }) }} />
- </small>
- </p>
- </td>
- </tr>
- </tbody>
- </table>
- <h3 className="alert-anchor border-bottom">
- Attribute Mapping Options
- </h3>
- <div className="row form-group mb-5">
- <div className="offset-md-3 col-md-6 text-left">
- <div className="custom-control custom-checkbox custom-checkbox-success">
- <input
- id="bindByUserName-SAML"
- className="custom-control-input"
- type="checkbox"
- checked={adminSamlSecurityContainer.state.isSameUsernameTreatedAsIdenticalUser || false}
- onChange={() => { adminSamlSecurityContainer.switchIsSameUsernameTreatedAsIdenticalUser() }}
- />
- <label
- className="custom-control-label"
- htmlFor="bindByUserName-SAML"
- dangerouslySetInnerHTML={{ __html: t('security_settings.Treat username matching as identical') }}
- />
- </div>
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.Treat username matching as identical_warn') }} />
- </p>
- </div>
- </div>
- <div className="row form-group mb-5">
- <div className="offset-md-3 col-md-6 text-left">
- <div className="custom-control custom-checkbox custom-checkbox-success">
- <input
- id="bindByEmail-SAML"
- className="custom-control-input"
- type="checkbox"
- checked={adminSamlSecurityContainer.state.isSameEmailTreatedAsIdenticalUser || false}
- onChange={() => { adminSamlSecurityContainer.switchIsSameEmailTreatedAsIdenticalUser() }}
- />
- <label
- className="custom-control-label"
- htmlFor="bindByEmail-SAML"
- dangerouslySetInnerHTML={{ __html: t('security_settings.Treat email matching as identical') }}
- />
- </div>
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.Treat email matching as identical_warn') }} />
- </p>
- </div>
- </div>
- <h3 className="alert-anchor border-bottom">
- Attribute-based Login Control
- </h3>
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.attr_based_login_control_detail') }} />
- </p>
- <table className="table settings-table">
- <colgroup>
- <col className="item-name" />
- <col className="from-db" />
- <col className="from-env-vars" />
- </colgroup>
- <thead>
- <tr><th></th><th>Database</th><th>Environment variables</th></tr>
- </thead>
- <tbody>
- <tr>
- <th>
- { t('security_settings.form_item_name.ABLCRule') }
- </th>
- <td>
- <textarea
- className="form-control"
- type="text"
- defaultValue={adminSamlSecurityContainer.state.samlABLCRule || ''}
- onChange={(e) => { adminSamlSecurityContainer.changeSamlABLCRule(e.target.value) }}
- />
- <div className="mt-2">
- <p>
- See
- <a
- href="https://lucene.apache.org/core/2_9_4/queryparsersyntax.html"
- target="_blank"
- rel="noreferer noreferrer"
- >
- Apache Lucene - Query Parser Syntax <i className="icon-share-alt"></i>
- </a>.
- </p>
- <div className="accordion" id="accordionExample">
- <div className="card">
- <div className="card-header p-1">
- <h2 className="mb-0">
- <button
- className="btn btn-link btn-block text-left"
- type="button"
- onClick={() => this.setState({ isHelpOpened: !this.state.isHelpOpened })}
- aria-expanded="true"
- aria-controls="ablchelp"
- >
- <i className={`icon-fw ${this.state.isHelpOpened ? 'icon-arrow-down' : 'icon-arrow-right'} small`}></i> Show more...
- </button>
- </h2>
- </div>
- <Collapse isOpen={this.state.isHelpOpened}>
- <div className="card-body">
- <p dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.attr_based_login_control_rule_help') }} />
- <p dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.attr_based_login_control_rule_example1') }} />
- <p dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.attr_based_login_control_rule_example2') }} />
- </div>
- </Collapse>
- </div>
- </div>
- </div>
- </td>
- <td>
- <textarea
- className="form-control"
- type="text"
- value={adminSamlSecurityContainer.state.envABLCRule || ''}
- readOnly
- />
- <p className="form-text text-muted">
- <small dangerouslySetInnerHTML={{ __html: t('security_settings.SAML.Use env var if empty', { env: 'SAML_ABLC_RULE' }) }} />
- </p>
- </td>
- </tr>
- </tbody>
- </table>
- <div className="row my-3">
- <div className="offset-3 col-5">
- <button
- type="button"
- className="btn btn-primary"
- disabled={adminSamlSecurityContainer.state.retrieveError != null}
- onClick={this.onClickSubmit}
- >
- {t('Update')}
- </button>
- </div>
- </div>
- </React.Fragment>
- )}
- </React.Fragment>
- );
- }
- }
- SamlSecurityManagementContents.propTypes = {
- t: PropTypes.func.isRequired, // i18next
- adminGeneralSecurityContainer: PropTypes.instanceOf(AdminGeneralSecurityContainer).isRequired,
- adminSamlSecurityContainer: PropTypes.instanceOf(AdminSamlSecurityContainer).isRequired,
- siteUrl: PropTypes.string,
- };
- const SamlSecurityManagementContentsWrapperFC = (props) => {
- const { t } = useTranslation('admin');
- const { data: siteUrl } = useSiteUrl();
- return <SamlSecurityManagementContents t={t} siteUrl={siteUrl} {...props} />;
- };
- const SamlSecurityManagementContentsWrapper = withUnstatedContainers(SamlSecurityManagementContentsWrapperFC, [
- AdminGeneralSecurityContainer,
- AdminSamlSecurityContainer,
- ]);
- export default SamlSecurityManagementContentsWrapper;
|
