fix problems with oidc iss in web interface

d223b402 · Gabriel Zachmann · d7483950 · d223b402 · d223b402 · d223b402
Verified Commit d223b402 authored 2 years ago by Gabriel Zachmann
--- a/internal/server/handlers.go
+++ b/internal/server/handlers.go
@@ -16,6 +16,10 @@ func handleIndex(ctx *fiber.Ctx) error {
 	binding := homeBindingData()
 	binding[templating.MustacheKeyLoggedIn] = false
 	binding[templating.MustacheKeyCookieLifetime] = cookies.CookieLifetime
+	return ctx.Render("sites/home", binding, templating.LayoutMain)
+}
+
+func homeBindingData() map[string]interface{} {
 	providers := []map[string]string{}
 	for _, p := range config.Get().Providers {
 		pp := make(map[string]string, 2)
@@ -23,11 +27,6 @@ func handleIndex(ctx *fiber.Ctx) error {
 		pp["name"] = p.Name
 		providers = append(providers, pp)
 	}
-	binding["providers"] = providers
-	return ctx.Render("sites/home", binding, templating.LayoutMain)
-}
-
-func homeBindingData() map[string]interface{} {
 	return map[string]interface{}{
 		templating.MustacheKeyLoggedIn:        true,
 		templating.MustacheKeyRestrictionsGUI: true,
@@ -43,6 +42,7 @@ func homeBindingData() map[string]interface{} {
 		templating.MustacheSubCreateMT: map[string]interface{}{
 			templating.MustacheKeyPrefix: "createMT-",
 		},
+		"providers": providers,
 	}
 }


--- a/internal/server/web/partials/create-mt.mustache
+++ b/internal/server/web/partials/create-mt.mustache
@@ -3,6 +3,19 @@
        <div>
            <div class="row">
                <div class="col">
+                    <div class="alert border border-primary">
+                        <h4>OpenID Provider</h4>
+                        <label for="mt-oidc-iss">OpenID Provider</label>
+                        <select id="mt-oidc-iss" class="form-control custom-select">
+                            {{#providers}}
+                                <option value="{{issuer}}">{{name}}</option>
+                            {{/providers}}
+                        </select>
+                        <small id="mt-oidc-iss-help" class="form-text text-muted">OpenID Provider for which this
+                            mytoken can obtain access tokens.
+                        </small>
+                    </div>
+
                    <div class="form-group alert border">
                        <h4>Token Name</h4>
                        <label for="tokenName">Token Name</label>

--- a/internal/server/web/partials/navbar.mustache
+++ b/internal/server/web/partials/navbar.mustache
@@ -24,7 +24,7 @@
            <form class="form-inline" id="login-form" method="post" role="form">
                <input type="hidden" name="grant_type" value="oidc_flow"/>
                <input type="hidden" name="oidc_flow" value="authorization_code"/>
-                <select id="login-iss" class="form-control custom-select" name="oidc_issuer">
+                <select class="form-control custom-select" name="oidc_issuer">
                    {{#providers}}
                        <option value="{{issuer}}">{{name}}</option>
                    {{/providers}}

--- a/internal/server/web/static/js/create-at.js
+++ b/internal/server/web/static/js/create-at.js
@@ -125,7 +125,7 @@ $('#get-at').on('click', function (e) {
 function initAT(...next) {
    let scopes = storageGet("token_scopes");
    if (scopes === "") { // token not restricted with scopes
-        scopes = getSupportedScopesFromStorage();
+        scopes = getSupportedScopesFromStorage(storageGet("oidc_issuer"));
    } else {
        scopes = scopes.split(' ')
    }

--- a/internal/server/web/static/js/create-mt.js
+++ b/internal/server/web/static/js/create-mt.js
@@ -11,10 +11,14 @@ const authURL = $('#authorization-url');
 const maxTokenLenDiv = $('#max_token_len_div');
 const tokenTypeBadge = $('#token-badge');
 const $mtInstructions = $('#mt-instructions');
+const $mtOIDCIss = $('#mt-oidc-iss');

 const mtPrefix = "createMT-";

 function initCreateMT(...next) {
+    if (loggedIn) {
+        $mtOIDCIss.val(storageGet("oidc_issuer"));
+    }
    initCapabilities(mtPrefix);
    checkCapability("tokeninfo", mtPrefix);
    checkCapability("AT", mtPrefix);
@@ -23,6 +27,9 @@ function initCreateMT(...next) {
    doNext(...next);
 }

+$mtOIDCIss.on('change', function () {
+    initRestrGUI(mtPrefix);
+});

 $('#next-mt').on('click', function () {
    window.clearInterval(intervalID);
@@ -41,7 +48,7 @@ $('#select-token-type').on('change', function () {
 function sendCreateMTReq() {
    let data = {
        "name": $('#tokenName').val(),
-        "oidc_issuer": storageGet("oidc_issuer") || $('#login-iss').val(),
+        "oidc_issuer": $mtOIDCIss.val(),
        "grant_type": "oidc_flow",
        "oidc_flow": "authorization_code",
        "redirect_type": "native",

--- a/internal/server/web/static/js/home-not-logged-in.js
+++ b/internal/server/web/static/js/home-not-logged-in.js
@@ -8,7 +8,3 @@ $(function () {
    );
    openCorrectTab();
 })
-
-$('#login-iss').on('change', function () {
-    initRestrGUI(mtPrefix);
-});
\ No newline at end of file
--- a/internal/server/web/static/js/restr-gui.js
+++ b/internal/server/web/static/js/restr-gui.js
@@ -128,7 +128,13 @@ function initRestrGUI(prefix = "") {
 function getSupportedScopesFromStorage(iss = "") {
    const providers = storageGet("providers_supported");
    if (iss === "") {
-        iss = typeof (issuer) !== 'undefined' ? issuer : storageGet("oidc_issuer") || $('#login-iss').val();
+        if (typeof (issuer) !== 'undefined') {
+            iss = issuer;
+        } else if (typeof ($mtOIDCIss !== 'undefined')) {
+            iss = $mtOIDCIss.val();
+        } else {
+            iss = storageGet("oidc_issuer");
+        }
    }
    return providers.find(x => x.issuer === iss).scopes_supported;
 }