Add database columns to store OpenID Connect information for Proxy Hosts.

Author: Subv

backend/migrations/20200522113248_openid_connect.js

@@ -0,0 +1,48 @@
+const migrate_name = 'openid_connect';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.integer('openidc_enabled').notNull().unsigned().defaultTo(0);
+		proxy_host.text('openidc_redirect_uri').notNull().defaultTo('');
+		proxy_host.text('openidc_discovery').notNull().defaultTo('');
+		proxy_host.text('openidc_auth_method').notNull().defaultTo('client_secret_post');
+		proxy_host.text('openidc_client_id').notNull().defaultTo('');
+		proxy_host.text('openidc_client_secret').notNull().defaultTo('');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+		});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.dropColumn('openidc_enabled');
+		proxy_host.dropColumn('openidc_redirect_uri');
+		proxy_host.dropColumn('openidc_discovery');
+		proxy_host.dropColumn('openidc_auth_method');
+		proxy_host.dropColumn('openidc_client_id');
+		proxy_host.dropColumn('openidc_client_secret');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+		});
+};

backend/schema/definitions.json

@@ -222,6 +222,27 @@
       "description": "Should we cache assets",
       "example": true,
       "type": "boolean"
+    },
+    "openidc_enabled": {
+      "description": "Is OpenID Connect authentication enabled",
+      "example": true,
+      "type": "boolean"
+    },
+    "openidc_redirect_uri": {
+      "type": "string"
+    },
+    "openidc_discovery": {
+      "type": "string"
+    },
+    "openidc_auth_method": {
+      "type": "string",
+      "pattern": "^(client_secret_basic|client_secret_post)$"
+    },
+    "openidc_client_id": {
+      "type": "string"
+    },
+    "openidc_client_secret": {
+      "type": "string"
     }
   }
 }

backend/schema/endpoints/proxy-hosts.json

@@ -64,6 +64,24 @@
     "advanced_config": {
       "type": "string"
     },
+    "openidc_enabled": {
+      "$ref": "../definitions.json#/definitions/openidc_enabled"
+    },
+    "openidc_redirect_uri": {
+      "$ref": "../definitions.json#/definitions/openidc_redirect_uri"
+    },
+    "openidc_discovery": {
+      "$ref": "../definitions.json#/definitions/openidc_discovery"
+    },
+    "openidc_auth_method": {
+      "$ref": "../definitions.json#/definitions/openidc_auth_method"
+    },
+    "openidc_client_id": {
+      "$ref": "../definitions.json#/definitions/openidc_client_id"
+    },
+    "openidc_client_secret": {
+      "$ref": "../definitions.json#/definitions/openidc_client_secret"
+    },
     "enabled": {
       "$ref": "../definitions.json#/definitions/enabled"
     },
@@ -161,6 +179,24 @@
     "advanced_config": {
       "$ref": "#/definitions/advanced_config"
     },
+    "openidc_enabled": {
+      "$ref": "#/definitions/openidc_enabled"
+    },
+    "openidc_redirect_uri": {
+      "$ref": "#/definitions/openidc_redirect_uri"
+    },
+    "openidc_discovery": {
+      "$ref": "#/definitions/openidc_discovery"
+    },
+    "openidc_auth_method": {
+      "$ref": "#/definitions/openidc_auth_method"
+    },
+    "openidc_client_id": {
+      "$ref": "#/definitions/openidc_client_id"
+    },
+    "openidc_client_secret": {
+      "$ref": "#/definitions/openidc_client_secret"
+    },
     "enabled": {
       "$ref": "#/definitions/enabled"
     },
@@ -251,6 +287,24 @@
           "advanced_config": {
             "$ref": "#/definitions/advanced_config"
           },
+          "openidc_enabled": {
+            "$ref": "#/definitions/openidc_enabled"
+          },
+          "openidc_redirect_uri": {
+            "$ref": "#/definitions/openidc_redirect_uri"
+          },
+          "openidc_discovery": {
+            "$ref": "#/definitions/openidc_discovery"
+          },
+          "openidc_auth_method": {
+            "$ref": "#/definitions/openidc_auth_method"
+          },
+          "openidc_client_id": {
+            "$ref": "#/definitions/openidc_client_id"
+          },
+          "openidc_client_secret": {
+            "$ref": "#/definitions/openidc_client_secret"
+          },
           "enabled": {
             "$ref": "#/definitions/enabled"
           },
@@ -324,6 +378,24 @@
           "advanced_config": {
             "$ref": "#/definitions/advanced_config"
           },
+          "openidc_enabled": {
+            "$ref": "#/definitions/openidc_enabled"
+          },
+          "openidc_redirect_uri": {
+            "$ref": "#/definitions/openidc_redirect_uri"
+          },
+          "openidc_discovery": {
+            "$ref": "#/definitions/openidc_discovery"
+          },
+          "openidc_auth_method": {
+            "$ref": "#/definitions/openidc_auth_method"
+          },
+          "openidc_client_id": {
+            "$ref": "#/definitions/openidc_client_id"
+          },
+          "openidc_client_secret": {
+            "$ref": "#/definitions/openidc_client_secret"
+          },
           "enabled": {
             "$ref": "#/definitions/enabled"
           },

frontend/js/app/nginx/proxy/form.ejs

@@ -185,7 +185,7 @@
                         <div class="col-sm-12 col-md-12">
                             <div class="form-group">
                                 <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="openidc_enabled" value="1<%- openidc_enabled ? ' checked' : '' %>">
+                                    <input type="checkbox" class="custom-switch-input" name="openidc_enabled" value="1"<%- openidc_enabled ? ' checked' : '' %>>
                                     <span class="custom-switch-indicator"></span>
                                     <span class="custom-switch-description">Use OpenID Connect authentication <span class="form-required">*</span></span>
                                 </label>

frontend/js/app/nginx/proxy/form.js

@@ -94,7 +94,6 @@ module.exports = Mn.View.extend({
         },
 
         'change @ui.openidc_enabled': function () {
-            console.log('Changing');
             let checked = this.ui.openidc_enabled.prop('checked');
 
             if (checked) {
@@ -289,6 +288,7 @@ module.exports = Mn.View.extend({
 
         // OpenID Connect
         this.ui.openidc.hide().find('input').prop('required', false);
+        this.ui.openidc_enabled.trigger('change');
     },
 
     initialize: function (options) {

frontend/js/models/proxy-host.js

@@ -23,11 +23,11 @@ const model = Backbone.Model.extend({
             http2_support:           false,
             advanced_config:         '',
             openidc_enabled:         false,
-            openidc_redirect_uri:    null,
-            openidc_discovery:       null,
-            openidc_auth_method:     null,
-            openidc_client_id:       null,
-            openidc_client_secret:   null,
+            openidc_redirect_uri:    '',
+            openidc_discovery:       '',
+            openidc_auth_method:     'client_secret_post',
+            openidc_client_id:       '',
+            openidc_client_secret:   '',
             enabled:                 true,
             meta:                    {},
             // The following are expansions: