diff --git a/backend/build.gradle b/backend/build.gradle index 1ef670fa5..a6797b52c 100644 --- a/backend/build.gradle +++ b/backend/build.gradle @@ -49,6 +49,10 @@ configurations { processResources.dependsOn(':ui:npm_run_buildProd') +jar { + enabled = true +} + //Integration of the frontend and backend into the build to have all of the UI resources available in the app's executable war bootWar.dependsOn(':ui:npm_run_buildProd') bootWar.baseName = 'shibui' diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrap.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrap.groovy index f9ab4ffb0..19b27dd1c 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrap.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrap.groovy @@ -32,7 +32,7 @@ class UserBootstrap { if (shibUIConfiguration.userBootstrapResource) { log.info("configuring users from ${shibUIConfiguration.userBootstrapResource.URI}") new CSVReader(new InputStreamReader(shibUIConfiguration.userBootstrapResource.inputStream)).each { it -> - def (username, password, firstName, lastName, roleName) = it + def (username, password, firstName, lastName, roleName, email) = it def role = roleRepository.findByName(roleName).orElse(new Role(name: roleName)) roleRepository.saveAndFlush(role) def user = userRepository.findByUsername(username).orElse(new User(username: username)).with { @@ -40,6 +40,7 @@ class UserBootstrap { it.firstName = firstName it.lastName = lastName it.roles.add(role) + it.emailAddress = email it } userRepository.saveAndFlush(user) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EmailServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EmailServiceImpl.java index 6e8d20f28..e21051abd 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EmailServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EmailServiceImpl.java @@ -2,6 +2,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.model.User; import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository; +import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.context.support.ResourceBundleMessageSource; @@ -72,6 +73,6 @@ public String[] getSystemAdminEmailAddresses() { logger.warn("No users with ROLE_ADMIN were found! Check your configuration!"); systemAdmins = new HashSet<>(); } - return systemAdmins.stream().map(User::getEmailAddress).distinct().toArray(String[]::new); + return systemAdmins.stream().filter(user -> StringUtils.isNotBlank(user.getEmailAddress())).map(User::getEmailAddress).distinct().toArray(String[]::new); } } diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 6e999d002..ab466cce6 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -67,7 +67,7 @@ shibui.nameid-filter-ui-schema-location=classpath:nameid-filter.schema.json # shibui.metadataProviders.taskRunRate=30000 # Email configuration (local mailhog) -spring.mail.host=localhost +spring.mail.host=mailhog spring.mail.port=1025 spring.mail.username=username spring.mail.password=password diff --git a/backend/src/main/resources/dynamic-http-metadata-provider.schema.json b/backend/src/main/resources/dynamic-http-metadata-provider.schema.json index 1969c9ab4..68fdf6fd7 100644 --- a/backend/src/main/resources/dynamic-http-metadata-provider.schema.json +++ b/backend/src/main/resources/dynamic-http-metadata-provider.schema.json @@ -117,15 +117,14 @@ "refreshDelayFactor": { "title": "label.refresh-delay-factor", "description": "tooltip.refresh-delay-factor", - "type": "number", + "type": "string", "widget": { - "id": "number", - "step": 0.01 + "id": "string", + "help": "message.real-number" }, "placeholder": "label.real-number", - "minimum": 0.01, - "maximum": 0.99, - "default": null + "default": "", + "pattern": "^(?:([0]*(\\.[0-9]+)?|[0]*\\.[0-9]*[1-9][0-9]*)|)$" }, "minCacheDuration": { "title": "label.min-cache-duration", @@ -598,8 +597,7 @@ "certificateFile": { "title": "label.certificate-file", "description": "tooltip.certificate-file", - "type": "string", - "default": "" + "type": "string" } }, "anyOf": [ diff --git a/backend/src/main/resources/file-system-metadata-provider.schema.json b/backend/src/main/resources/file-system-metadata-provider.schema.json index 95dfbf1f7..cbfec6b8c 100644 --- a/backend/src/main/resources/file-system-metadata-provider.schema.json +++ b/backend/src/main/resources/file-system-metadata-provider.schema.json @@ -128,15 +128,14 @@ "refreshDelayFactor": { "title": "label.refresh-delay-factor", "description": "tooltip.refresh-delay-factor", - "type": "number", + "type": "string", "widget": { - "id": "number", - "step": 0.01 + "id": "string", + "help": "message.real-number" }, "placeholder": "label.real-number", - "minimum": 0, - "maximum": 0.99, - "default": null + "default": "", + "pattern": "^(?:([0]*(\\.[0-9]+)?|[0]*\\.[0-9]*[1-9][0-9]*)|)$" } } } diff --git a/backend/src/main/resources/i18n/messages_en.properties b/backend/src/main/resources/i18n/messages_en.properties index 1c207ee38..e6f30bfe3 100644 --- a/backend/src/main/resources/i18n/messages_en.properties +++ b/backend/src/main/resources/i18n/messages_en.properties @@ -392,6 +392,7 @@ message.name-must-be-unique=Name must be unique. message.uri-valid-format=URI must be valid format. message.id-unique=ID must be unique. message.array-items-must-be-unique=Items in list must be unique. +message.real-number=Optional. If using a value, must be a real number between 0-1. message.org-name-required=Organization Name is required. message.org-displayName-required=Organization Name is required. @@ -401,6 +402,7 @@ message.org-incomplete=These three fields must all be entered if any single fiel message.type-required=Missing required property: Type message.match-required=Missing required property: Match message.value-required=Missing required property: Value +message.required=Missing required property. message.conflict=Conflict message.data-version-contention=Data Version Contention @@ -432,6 +434,9 @@ message.required-for-regex=Required for Regex message.file-doesnt-exist=The requested file to be processed does not exist on the server. message.database-constraint=There was a database constraint problem processing the request. Check the request to ensure that fields that must be unique are truly unique. +message.user-request-received-title=User request received +message.user-request-received-body=Your request has been received and is being reviewed. You will be notified with access status. + tooltip.entity-id=Entity ID tooltip.service-provider-name=Service Provider Name (Dashboard Display Only) tooltip.force-authn=Disallows use (or reuse) of authentication results and login flows that don\u0027t provide a real-time proof of user presence in the login process diff --git a/backend/src/main/resources/local-dynamic-metadata-provider.schema.json b/backend/src/main/resources/local-dynamic-metadata-provider.schema.json index c76434258..b3414be39 100644 --- a/backend/src/main/resources/local-dynamic-metadata-provider.schema.json +++ b/backend/src/main/resources/local-dynamic-metadata-provider.schema.json @@ -61,15 +61,14 @@ "refreshDelayFactor": { "title": "label.refresh-delay-factor", "description": "tooltip.refresh-delay-factor", - "type": "number", + "type": "string", "widget": { - "id": "number", - "step": 0.01 + "id": "string", + "help": "message.real-number" }, "placeholder": "label.real-number", - "minimum": 0, - "maximum": 0.99, - "default": null + "default": "", + "pattern": "^(?:([0]*(\\.[0-9]+)?|[0]*\\.[0-9]*[1-9][0-9]*)|)$" }, "minCacheDuration": { "title": "label.min-cache-duration", diff --git a/backend/src/test/resources/conf/1044.csv b/backend/src/test/resources/conf/1044.csv index 666681a0b..d8dfbcd76 100644 --- a/backend/src/test/resources/conf/1044.csv +++ b/backend/src/test/resources/conf/1044.csv @@ -1,2 +1,2 @@ -"user1","password1","firstName1","lastName1","ROLE_ADMIN" -"user2","password2","firstName2","lastName2","ROLE_USER" \ No newline at end of file +"user1","password1","firstName1","lastName1","ROLE_ADMIN","user1@example.org" +"user2","password2","firstName2","lastName2","ROLE_USER","user2@example.org" \ No newline at end of file diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle index 5133e4e48..8bdb9c5d6 100644 --- a/pac4j-module/build.gradle +++ b/pac4j-module/build.gradle @@ -1,8 +1,7 @@ plugins { - id 'java' + id 'groovy' id 'com.palantir.docker' version '0.20.1' id 'jacoco' - id 'io.franzbecker.gradle-lombok' version '1.13' id 'org.springframework.boot' version '2.0.0.RELEASE' apply false id 'io.spring.dependency-management' version '1.0.6.RELEASE' } @@ -18,11 +17,6 @@ repositories { } } -lombok { - version = "1.16.20" - sha256 = "c5178b18caaa1a15e17b99ba5e4023d2de2ebc18b58cde0f5a04ca4b31c10e6d" -} - dependencyManagement { imports { mavenBom org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES @@ -39,6 +33,11 @@ dependencies { exclude group: 'org.opensaml' } + testCompile project(':backend') + testCompile "org.springframework.boot:spring-boot-starter-test" + testCompile "org.spockframework:spock-core:1.1-groovy-2.4" + testCompile "org.spockframework:spock-spring:1.1-groovy-2.4" + annotationProcessor "org.springframework.boot:spring-boot-configuration-processor" docker project(':backend') diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java new file mode 100644 index 000000000..ed25da18a --- /dev/null +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java @@ -0,0 +1,136 @@ +package net.unicon.shibui.pac4j; + +import com.fasterxml.jackson.databind.ObjectMapper; +import edu.internet2.tier.shibboleth.admin.ui.controller.ErrorResponse; +import edu.internet2.tier.shibboleth.admin.ui.security.model.Role; +import edu.internet2.tier.shibboleth.admin.ui.security.model.User; +import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository; +import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository; +import edu.internet2.tier.shibboleth.admin.ui.service.EmailService; +import org.apache.commons.lang3.RandomStringUtils; +import org.pac4j.saml.profile.SAML2Profile; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.crypto.bcrypt.BCrypt; + +import javax.mail.MessagingException; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +/** + * @author Bill Smith (wsmith@unicon.net) + */ +public class AddNewUserFilter implements Filter { + + private static final Logger logger = LoggerFactory.getLogger(AddNewUserFilter.class); + + private static final String ROLE_NONE = "ROLE_NONE"; + + private UserRepository userRepository; + private RoleRepository roleRepository; + private EmailService emailService; + + private Pac4jConfigurationProperties pac4jConfigurationProperties; + + private Pac4jConfigurationProperties.SAML2ProfileMapping saml2ProfileMapping; + + public AddNewUserFilter(Pac4jConfigurationProperties pac4jConfigurationProperties, UserRepository userRepository, RoleRepository roleRepository, EmailService emailService) { + this.userRepository = userRepository; + this.roleRepository = roleRepository; + this.emailService = emailService; + this.pac4jConfigurationProperties = pac4jConfigurationProperties; + saml2ProfileMapping = this.pac4jConfigurationProperties.getSaml2ProfileMapping(); + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + } + + private User buildAndPersistNewUserFromProfile(SAML2Profile profile) { + Role noRole = roleRepository.findByName(ROLE_NONE).orElse(new Role(ROLE_NONE)); + roleRepository.save(noRole); + + User user = new User(); + user.getRoles().add(noRole); + user.setUsername(getAttributeFromProfile(profile, "username")); + user.setPassword(BCrypt.hashpw(RandomStringUtils.randomAlphanumeric(20), BCrypt.gensalt())); + user.setFirstName(getAttributeFromProfile(profile, "firstName")); + user.setLastName(getAttributeFromProfile(profile, "lastName")); + user.setEmailAddress(getAttributeFromProfile(profile, "email")); + User persistedUser = userRepository.save(user); + if (logger.isDebugEnabled()) { + logger.debug("Persisted new user:\n" + user); + } + return persistedUser; + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + SAML2Profile profile = (SAML2Profile) authentication.getPrincipal(); + if (profile != null) { + String username = getAttributeFromProfile(profile, "username"); + if (username != null) { + Optional persistedUser = userRepository.findByUsername(username); + User user; + if (!persistedUser.isPresent()) { + user = buildAndPersistNewUserFromProfile(profile); + try { + emailService.sendNewUserMail(username); + } catch (MessagingException e) { + logger.warn(String.format("Unable to send new user email for user [%s]", username), e); + } + } else { + user = persistedUser.get(); + } + if (user.getRole().equals(ROLE_NONE)) { + ((HttpServletResponse) response).sendRedirect("/unsecured/error.html"); + } else { + chain.doFilter(request, response); // else, user is in the system already, carry on + } + } + } + } + + @Override + public void destroy() { + } + + private String getAttributeFromProfile(SAML2Profile profile, String stringKey) { + String attribute = null; + switch (stringKey) { + case "username": + attribute = saml2ProfileMapping.getUsername(); + break; + case "firstName": + attribute = saml2ProfileMapping.getFirstName(); + break; + case "lastName": + attribute = saml2ProfileMapping.getLastName(); + break; + case "email": + attribute = saml2ProfileMapping.getEmail(); + break; + default: + // do we care? Not yet. + } + List attributeList = (List) profile.getAttribute(attribute); + return attributeList.size() < 1 ? null : attributeList.get(0); + } + + private byte[] getJsonResponseBytes(ErrorResponse eErrorResponse) throws IOException { + String errorResponseJson = new ObjectMapper().writeValueAsString(eErrorResponse); + return errorResponseJson.getBytes(); + } +} diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java index afb1369a1..cf36d8e65 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java @@ -1,10 +1,12 @@ package net.unicon.shibui.pac4j; import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.stereotype.Component; @Component @ConfigurationProperties(prefix = "shibui.pac4j") +@EnableConfigurationProperties public class Pac4jConfigurationProperties { private String keystorePath = "/tmp/samlKeystore.jks"; private String keystorePassword = "changeit"; @@ -16,6 +18,46 @@ public class Pac4jConfigurationProperties { private boolean forceServiceProviderMetadataGeneration = false; private String callbackUrl; private boolean wantAssertionsSigned = true; + private SAML2ProfileMapping saml2ProfileMapping; + + public static class SAML2ProfileMapping { + private String username; + private String email; + private String firstName; + private String lastName; + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + public String getFirstName() { + return firstName; + } + + public void setFirstName(String firstName) { + this.firstName = firstName; + } + + public String getLastName() { + return lastName; + } + + public void setLastName(String lastName) { + this.lastName = lastName; + } + } public String getKeystorePath() { return keystorePath; @@ -96,4 +138,12 @@ public boolean isWantAssertionsSigned() { public void setWantAssertionsSigned(boolean wantAssertionsSigned) { this.wantAssertionsSigned = wantAssertionsSigned; } + + public SAML2ProfileMapping getSaml2ProfileMapping() { + return saml2ProfileMapping; + } + + public void setSaml2ProfileMapping(SAML2ProfileMapping saml2ProfileMapping) { + this.saml2ProfileMapping = saml2ProfileMapping; + } } diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java index e3ff9d4b6..120a45f36 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java @@ -1,5 +1,8 @@ package net.unicon.shibui.pac4j; +import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository; +import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository; +import edu.internet2.tier.shibboleth.admin.ui.service.EmailService; import org.pac4j.core.config.Config; import org.pac4j.springframework.security.web.CallbackFilter; import org.pac4j.springframework.security.web.SecurityFilter; @@ -17,8 +20,8 @@ @AutoConfigureOrder(-1) public class WebSecurity { @Bean("webSecurityConfig") - public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config) { - return new Pac4jWebSecurityConfigurerAdapter(config); + public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, EmailService emailService, Pac4jConfigurationProperties pac4jConfigurationProperties) { + return new Pac4jWebSecurityConfigurerAdapter(config, userRepository, roleRepository, emailService, pac4jConfigurationProperties); } @Configuration @@ -30,12 +33,38 @@ protected void configure(HttpSecurity http) throws Exception { } } + @Configuration @Order(1) + public static class UnsecuredSecurityConfiguration extends WebSecurityConfigurerAdapter { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.antMatcher("/unsecured/**/*").authorizeRequests().antMatchers("/unsecured/**/*").permitAll(); + } + } + + @Configuration + @Order(2) + public static class ErrorSecurityConfiguration extends WebSecurityConfigurerAdapter { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.antMatcher("/error").authorizeRequests().antMatchers("/error").permitAll(); + } + } + + @Order(100) public static class Pac4jWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { private final Config config; + private UserRepository userRepository; + private RoleRepository roleRepository; + private EmailService emailService; + private Pac4jConfigurationProperties pac4jConfigurationProperties; - public Pac4jWebSecurityConfigurerAdapter(final Config config) { + public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, EmailService emailService, Pac4jConfigurationProperties pac4jConfigurationProperties) { this.config = config; + this.userRepository = userRepository; + this.roleRepository = roleRepository; + this.emailService = emailService; + this.pac4jConfigurationProperties = pac4jConfigurationProperties; } @Override @@ -43,15 +72,14 @@ protected void configure(HttpSecurity http) throws Exception { final SecurityFilter securityFilter = new SecurityFilter(this.config, "Saml2Client"); final CallbackFilter callbackFilter = new CallbackFilter(this.config); - // http.regexMatcher("/callback").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class); - http.antMatcher("/**").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class); + http.antMatcher("/**").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class) + .addFilterBefore(securityFilter, BasicAuthenticationFilter.class) + .addFilterAfter(new AddNewUserFilter(pac4jConfigurationProperties, userRepository, roleRepository, emailService), SecurityFilter.class); + http.authorizeRequests().anyRequest().fullyAuthenticated(); - http.addFilterBefore(securityFilter, BasicAuthenticationFilter.class); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS); - // http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); - http.csrf().disable(); http.headers().frameOptions().disable(); } diff --git a/pac4j-module/src/main/resources/META-INF/spring.factories b/pac4j-module/src/main/resources/META-INF/spring.factories index 90f792d84..f46ede845 100644 --- a/pac4j-module/src/main/resources/META-INF/spring.factories +++ b/pac4j-module/src/main/resources/META-INF/spring.factories @@ -1,4 +1,5 @@ org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ net.unicon.shibui.pac4j.Pac4jConfiguration,\ net.unicon.shibui.pac4j.WebSecurity,\ - net.unicon.shibui.pac4j.Pac4jConfigurationProperties \ No newline at end of file + net.unicon.shibui.pac4j.Pac4jConfigurationProperties,\ + net.unicon.shibui.pac4j.CustomPropertiesConfiguration \ No newline at end of file diff --git a/pac4j-module/src/main/resources/application.yml b/pac4j-module/src/main/resources/application.yml new file mode 100644 index 000000000..4042fd939 --- /dev/null +++ b/pac4j-module/src/main/resources/application.yml @@ -0,0 +1,7 @@ +shibui: + pac4j: + saml2ProfileMapping: + username: urn:oid:0.9.2342.19200300.100.1.3 + firstName: givenName + lastName: sn + email: mail \ No newline at end of file diff --git a/pac4j-module/src/test/docker/conf/application.yml b/pac4j-module/src/test/docker/conf/application.yml index 07c4083a6..e24389d17 100644 --- a/pac4j-module/src/test/docker/conf/application.yml +++ b/pac4j-module/src/test/docker/conf/application.yml @@ -13,7 +13,7 @@ shibui: keystorePath: "/conf/samlKeystore.jks" keystorePassword: "changeit" privateKeyPassword: "changeit" - serviceProviderEntityId: "https://unicon.net/shibui" + serviceProviderEntityId: "https://unicon.net/test/shibui" serviceProviderMetadataPath: "/conf/sp-metadata.xml" identityProviderMetadataPath: "/conf/idp-metadata.xml" forceServiceProviderMetadataGeneration: true @@ -22,4 +22,4 @@ shibui: logging: level: org.pac4j: "TRACE" - org.opensaml: "INFO" \ No newline at end of file + org.opensaml: "INFO" diff --git a/pac4j-module/src/test/docker/conf/idp-metadata.xml b/pac4j-module/src/test/docker/conf/idp-metadata.xml index eddc5010c..0c0924b54 100644 --- a/pac4j-module/src/test/docker/conf/idp-metadata.xml +++ b/pac4j-module/src/test/docker/conf/idp-metadata.xml @@ -1,30 +1,82 @@ - - - - - - - MIIDdDCCAlygAwIBAgIGAVWm+BpSMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ -bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv -b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMTYwNzAx -MTQ1ODQ0WhcNMjEwNjMwMTQ1ODQ0WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN -TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx -CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAirwyeCS6SZpnYxprfXhpTNXwVfQC+J9OvBlJp8/7ngA627yER1bvfUkBMQxo0CXe -H6HX6Vw1DgalZJeEGDZSErlAY7lWkXkHdsejlMoYayQSZz2b/EfeRetwxh3Ek0hMDScOgDlsdfAn -AiZ4//n3IlypCi4ZMnLPs308FYunvp+R0Wd8Yqj8ctKhiYs6fCSHksDd+JKPe2FC1Zqw9GCGhi32 -DBNRTHfE3tX3rTRs1pT0qbrQmpPfeBYfX00astGa3Dq/XWVO62IlqM7nVjglIPdi0tCIx+5RVZrY -uvULMipA+131TMxTpcGjUFxNwzPdogdpNhtL8+erfhG26C6b8wIDAQABMA0GCSqGSIb3DQEBCwUA -A4IBAQCIOe/bW+mdE9PuarSz60HPGe9ROibyEOTyAWGxvSFfqoNFzaH3oOiEHMNG+ZkHHGtGEeWc -KYQ72V1OKO4aNqy2XaT3onOkd2oh4N8Q5pWrgMRkAB2HvBhBcQeO6yojVamTd43Kbtc+Hly3o+Or -XXOR9cgfxX/0Dbb+xwzTcwcMoJ1CPd3T4zxByKMHNflWrgrmZ9DmDOya4Aqs+xvrvPJB2VHaXoJ6 -r/N+xtG8zO8wNRuxQxNUvtcFKKX2sZAqQRASGi1z8Y1FhU6rWBdBRtaiASAIgkNwOmS603Mm08Yr -0Yq7x6h3XlG8HO0bAOto6pr6q85pLqqv7v7/x7mfdjV3 - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - - - - + + + + + + + unicon.net + + Unicon, Inc. + Login service for Unicon Employees + https://idp.unicon.net/logo_135_0.png + + + + + + + + MIIDIzCCAgugAwIBAgIUIEHTfbStY0ckKZzxIgqd5p1O2K0wDQYJKoZIhvcNAQEF + BQAwGTEXMBUGA1UEAxMOaWRwLnVuaWNvbi5uZXQwHhcNMTEwOTEzMDMyMzE2WhcN + MzEwOTEzMDMyMzE2WjAZMRcwFQYDVQQDEw5pZHAudW5pY29uLm5ldDCCASIwDQYJ + KoZIhvcNAQEBBQADggEPADCCAQoCggEBANtUsFXxlhvD3bWT5Y7TqKkf5rxa+dPA + z7vpbJ6bWhDPSMXb/9MiJe/ciY5ZKKrB1rdRC04s7blrzem3YtjGihfGd4ld+NRt + Pi0xoAT2YIp83CvEe5BHAKwqD7KTonN1unbN84mVo65itbme9d8lZKc0PfLM+BQp + fhXKUBfYeBCkYU4YWxmgL4Vs7XBaKjEjpTN4ncar4YSrarWTTPyO5RzmVPLAcv88 + 1OBqewTyN41+JRXt0Jopi4ZQ8JjKkm73vhoYDBPHr/VMqk1lFfrDcDwJa2ygyWCm + qTlq6zyLE9Fr6sYz6CbgA2lAqu/b1rYCqVCnRpoHZKahAQ9uGQSfHD8CAwEAAaNj + MGEwQAYDVR0RBDkwN4IOaWRwLnVuaWNvbi5uZXSGJWh0dHBzOi8vaWRwLnVuaWNv + bi5uZXQvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFK6yUrpGjvY3B09ke0kVl4wA + CMAnMA0GCSqGSIb3DQEBBQUAA4IBAQDG/gMpr3N+nAMuo7RhtDBsckiJV2+BwT/r + JmpxlHAV1Zgc3eeuOdyxm5/jA78tspLldL0+6W/LzZWov/je36IqVT1wSGy1n0Sc + Pjw8DHgyEJLCij2vVScV+j/Y4Eg0bVy6pZTeQW+e3ygb6WgiVT/ARM8QBp6GjAUC + qIlJCads9Rcx3vAih72I4exUUD4qMuBMeLIdY5XReHy5YHqxbkPjQhDIEORAFlzJ + jLqO/Ldzn4waEa5snDZyeYjsl6pi+8CVGfXLSDVsDuk5s47B9OD+gOSJ1wEc7O/N + nU9d/WCcM1V4IGZGL8TXUdfJoVXYZUFF08jUGSL2mj30WS1orIWo + + + + + + + + + + + MIIDIzCCAgugAwIBAgIUIEHTfbStY0ckKZzxIgqd5p1O2K0wDQYJKoZIhvcNAQEF + BQAwGTEXMBUGA1UEAxMOaWRwLnVuaWNvbi5uZXQwHhcNMTEwOTEzMDMyMzE2WhcN + MzEwOTEzMDMyMzE2WjAZMRcwFQYDVQQDEw5pZHAudW5pY29uLm5ldDCCASIwDQYJ + KoZIhvcNAQEBBQADggEPADCCAQoCggEBANtUsFXxlhvD3bWT5Y7TqKkf5rxa+dPA + z7vpbJ6bWhDPSMXb/9MiJe/ciY5ZKKrB1rdRC04s7blrzem3YtjGihfGd4ld+NRt + Pi0xoAT2YIp83CvEe5BHAKwqD7KTonN1unbN84mVo65itbme9d8lZKc0PfLM+BQp + fhXKUBfYeBCkYU4YWxmgL4Vs7XBaKjEjpTN4ncar4YSrarWTTPyO5RzmVPLAcv88 + 1OBqewTyN41+JRXt0Jopi4ZQ8JjKkm73vhoYDBPHr/VMqk1lFfrDcDwJa2ygyWCm + qTlq6zyLE9Fr6sYz6CbgA2lAqu/b1rYCqVCnRpoHZKahAQ9uGQSfHD8CAwEAAaNj + MGEwQAYDVR0RBDkwN4IOaWRwLnVuaWNvbi5uZXSGJWh0dHBzOi8vaWRwLnVuaWNv + bi5uZXQvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFK6yUrpGjvY3B09ke0kVl4wA + CMAnMA0GCSqGSIb3DQEBBQUAA4IBAQDG/gMpr3N+nAMuo7RhtDBsckiJV2+BwT/r + JmpxlHAV1Zgc3eeuOdyxm5/jA78tspLldL0+6W/LzZWov/je36IqVT1wSGy1n0Sc + Pjw8DHgyEJLCij2vVScV+j/Y4Eg0bVy6pZTeQW+e3ygb6WgiVT/ARM8QBp6GjAUC + qIlJCads9Rcx3vAih72I4exUUD4qMuBMeLIdY5XReHy5YHqxbkPjQhDIEORAFlzJ + jLqO/Ldzn4waEa5snDZyeYjsl6pi+8CVGfXLSDVsDuk5s47B9OD+gOSJ1wEc7O/N + nU9d/WCcM1V4IGZGL8TXUdfJoVXYZUFF08jUGSL2mj30WS1orIWo + + + + + + + urn:mace:shibboleth:1.0:nameIdentifier + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + diff --git a/pac4j-module/src/test/docker/docker-compose.yml b/pac4j-module/src/test/docker/docker-compose.yml index e6b2f6e70..ac3a781c2 100644 --- a/pac4j-module/src/test/docker/docker-compose.yml +++ b/pac4j-module/src/test/docker/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.7" services: shibui: image: unicon/shibui-pac4j - entrypoint: ["/usr/bin/java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005", "-jar", "app.jar"] + entrypoint: ["/usr/bin/java", "-Dspring.profiles.active=dev", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005", "-jar", "app.jar"] ports: - 8080:8080 - 5005:5005 @@ -13,6 +13,16 @@ services: - ./conf/application.yml:/application.yml networks: - front + + mailhog: + image: mailhog/mailhog:latest + ports: + - 1025:1025 + - 8025:8025 + container_name: mailhog + networks: + - front + networks: front: - driver: bridge \ No newline at end of file + driver: bridge diff --git a/pac4j-module/src/test/groovy/net/unicon/shibui/pac4j/AddNewUserFilterTests.groovy b/pac4j-module/src/test/groovy/net/unicon/shibui/pac4j/AddNewUserFilterTests.groovy new file mode 100644 index 000000000..9a824e97e --- /dev/null +++ b/pac4j-module/src/test/groovy/net/unicon/shibui/pac4j/AddNewUserFilterTests.groovy @@ -0,0 +1,96 @@ +package net.unicon.shibui.pac4j + +import edu.internet2.tier.shibboleth.admin.ui.security.model.Role +import edu.internet2.tier.shibboleth.admin.ui.security.model.User +import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository +import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository +import edu.internet2.tier.shibboleth.admin.ui.service.EmailService +import org.pac4j.saml.profile.SAML2Profile +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.context.properties.EnableConfigurationProperties +import org.springframework.boot.test.context.SpringBootTest +import org.springframework.security.core.Authentication +import org.springframework.security.core.context.SecurityContext +import org.springframework.security.core.context.SecurityContextHolder +import spock.lang.Specification +import spock.lang.Subject + +import javax.servlet.FilterChain +import javax.servlet.ServletRequest +import javax.servlet.http.HttpServletResponse + +/** + * @author Bill Smith (wsmith@unicon.net) + */ +@SpringBootTest(classes = [Pac4jConfigurationProperties]) +@EnableConfigurationProperties([Pac4jConfigurationProperties]) +class AddNewUserFilterTests extends Specification { + + UserRepository userRepository = Mock() + RoleRepository roleRepository = Mock() + EmailService emailService = Mock() + + ServletRequest request = Mock() + HttpServletResponse response = Mock() + FilterChain chain = Mock() + + SecurityContext securityContext = Mock() + Authentication authentication = Mock() + SAML2Profile saml2Profile = Mock() + + @Autowired + Pac4jConfigurationProperties pac4jConfigurationProperties + + Pac4jConfigurationProperties.SAML2ProfileMapping saml2ProfileMapping + + @Subject + AddNewUserFilter addNewUserFilter + + def setup() { + SecurityContextHolder.setContext(securityContext) + securityContext.getAuthentication() >> authentication + authentication.getPrincipal() >> saml2Profile + + addNewUserFilter = new AddNewUserFilter(pac4jConfigurationProperties, userRepository, roleRepository, emailService) + saml2ProfileMapping = pac4jConfigurationProperties.saml2ProfileMapping + } + + def "new users are redirected"() { + given: + ['Username': 'newUser', + 'FirstName': 'New', + 'LastName': 'User', + 'Email': 'newuser@institution.edu'].each { key, value -> + saml2Profile.getAttribute(saml2ProfileMapping."get${key}"()) >> [value] + } + userRepository.findByUsername('newUser') >> Optional.empty() + roleRepository.findByName('ROLE_NONE') >> Optional.of(new Role('ROLE_NONE')) + + when: + addNewUserFilter.doFilter(request, response, chain) + + then: + 1 * roleRepository.save(_) + 1 * userRepository.save(_ as User) >> { User user -> user } + 1 * emailService.sendNewUserMail('newUser') + 1 * response.sendRedirect("/unsecured/error.html") + } + + def "existing users are not redirected"() { + given: + saml2Profile.getAttribute(saml2ProfileMapping.getUsername()) >> ['existingUser'] + userRepository.findByUsername('existingUser') >> Optional.of(new User().with { + it.username = 'existingUser' + it.roles = [new Role('ROLE_USER')] + it + }) + + when: + addNewUserFilter.doFilter(request, response, chain) + + then: + 0 * roleRepository.save(_) + 0 * userRepository.save(_) + 1 * chain.doFilter(_, _) + } +} diff --git a/ui/angular.json b/ui/angular.json index ebefdc05a..74517d5fc 100644 --- a/ui/angular.json +++ b/ui/angular.json @@ -35,7 +35,7 @@ "configurations": { "production": { "optimization": true, - "outputHashing": "all", + "outputHashing": "bundles", "sourceMap": false, "extractCss": true, "namedChunks": false, diff --git a/ui/build.js b/ui/build.js new file mode 100644 index 000000000..e68d3d848 --- /dev/null +++ b/ui/build.js @@ -0,0 +1,20 @@ +const fs = require('fs-extra'); + +fs.ensureDir('./dist/unsecured').then(function () { + try { + fs.copySync('./src/error.html', './dist/unsecured/error.html') + console.log('copy error page success!') + } catch (err) { + console.error(err) + } + + try { + fs.copySync('./node_modules/font-awesome/fonts', './dist/unsecured'); + console.log('copy fonts success!') + } catch (err) { + console.log(err); + } +}); + + + diff --git a/ui/package-lock.json b/ui/package-lock.json index bb8441756..841137feb 100644 --- a/ui/package-lock.json +++ b/ui/package-lock.json @@ -4618,6 +4618,17 @@ "null-check": "1.0.0" } }, + "fs-extra": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-7.0.1.tgz", + "integrity": "sha512-YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw==", + "dev": true, + "requires": { + "graceful-fs": "4.1.11", + "jsonfile": "4.0.0", + "universalify": "0.1.2" + } + }, "fs-write-stream-atomic": { "version": "1.0.10", "resolved": "https://registry.npmjs.org/fs-write-stream-atomic/-/fs-write-stream-atomic-1.0.10.tgz", @@ -6414,6 +6425,15 @@ "integrity": "sha1-Hq3nrMASA0rYTiOWdn6tn6VJWCE=", "dev": true }, + "jsonfile": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "integrity": "sha1-h3Gq4HmbZAdrdmQPygWPnBDjPss=", + "dev": true, + "requires": { + "graceful-fs": "4.1.11" + } + }, "jsonify": { "version": "0.0.0", "resolved": "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz", @@ -7401,6 +7421,12 @@ } } }, + "ncp": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ncp/-/ncp-2.0.0.tgz", + "integrity": "sha1-GVoh1sRuNh0vsSgbo4uR6d9727M=", + "dev": true + }, "negotiator": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.1.tgz", @@ -10699,6 +10725,12 @@ "imurmurhash": "0.1.4" } }, + "universalify": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==", + "dev": true + }, "unpipe": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", diff --git a/ui/package.json b/ui/package.json index ed5f531dc..6f18e59dd 100644 --- a/ui/package.json +++ b/ui/package.json @@ -9,7 +9,10 @@ "test": "ng test --code-coverage", "lint": "ng lint", "e2e": "ng e2e", - "buildProd": "ng build --prod", + "build:static": "node-sass src/static.scss ./dist/unsecured/static.css", + "copy:static": "node ./build", + "copy": "npm run copy:static && npm run build:static", + "buildProd": "ng build --prod && npm run copy", "bundle-report": "webpack-bundle-analyzer dist/stats.json" }, "private": true, @@ -52,6 +55,7 @@ "@types/jasminewd2": "~2.0.2", "@types/node": "~6.0.60", "codelyzer": "~4.2.1", + "fs-extra": "^7.0.1", "jasmine-core": "~2.99.0", "jasmine-marbles": "^0.3.1", "jasmine-spec-reporter": "~4.1.0", @@ -63,6 +67,7 @@ "karma-jasmine-html-reporter": "^0.2.2", "karma-phantomjs-launcher": "^1.0.4", "karma-spec-reporter": "0.0.31", + "ncp": "^2.0.0", "path": "^0.12.7", "protractor": "~5.1.2", "ts-node": "~3.2.0", diff --git a/ui/src/app/metadata/domain/model/wizards/metadata-source-base.ts b/ui/src/app/metadata/domain/model/wizards/metadata-source-base.ts index ebc8921d8..673f176c1 100644 --- a/ui/src/app/metadata/domain/model/wizards/metadata-source-base.ts +++ b/ui/src/app/metadata/domain/model/wizards/metadata-source-base.ts @@ -60,6 +60,28 @@ export class MetadataSourceBase implements Wizard { } getValidators(entityIdList: string[]): { [key: string]: any } { + const checkRequiredChild = (value, property, form) => { + if (!value) { + return { + code: 'REQUIRED', + path: `#${property.path}`, + message: `message.required`, + params: [value] + }; + } + return null; + }; + const checkRequiredChildren = (value, property, form) => { + let errors; + Object.keys(value).forEach((item, index, all) => { + const error = checkRequiredChild(item, { path: `${index}` }, form); + if (error) { + errors = errors || []; + errors.push(error); + } + }); + return errors; + }; const checkOrg = (value, property, form) => { const org = property.parent; const orgValue = org.value || {}; diff --git a/ui/src/app/metadata/metadata.module.ts b/ui/src/app/metadata/metadata.module.ts index 946c89423..fd00a2274 100644 --- a/ui/src/app/metadata/metadata.module.ts +++ b/ui/src/app/metadata/metadata.module.ts @@ -9,7 +9,8 @@ import { MetadataRoutingModule } from './metadata.routing'; import { ProviderModule } from './provider/provider.module'; import { I18nModule } from '../i18n/i18n.module'; import { CustomWidgetRegistry } from '../schema-form/registry'; -import { WidgetRegistry } from 'ngx-schema-form'; +import { WidgetRegistry, SchemaValidatorFactory } from 'ngx-schema-form'; +import { CustomSchemaValidatorFactory } from '../schema-form/service/schema-validator'; @NgModule({ @@ -23,7 +24,11 @@ import { WidgetRegistry } from 'ngx-schema-form'; I18nModule ], providers: [ - { provide: WidgetRegistry, useClass: CustomWidgetRegistry } + { provide: WidgetRegistry, useClass: CustomWidgetRegistry }, + { + provide: SchemaValidatorFactory, + useClass: CustomSchemaValidatorFactory + } ], declarations: [ MetadataPageComponent diff --git a/ui/src/app/schema-form/model/messages.ts b/ui/src/app/schema-form/model/messages.ts new file mode 100644 index 000000000..6d6fa61fd --- /dev/null +++ b/ui/src/app/schema-form/model/messages.ts @@ -0,0 +1,3 @@ +export const HARD_CODED_REQUIRED_MSG = RegExp('Missing required property'); + +export const REQUIRED_MSG_OVERRIDE = 'message.required'; \ No newline at end of file diff --git a/ui/src/app/schema-form/schema-form.module.ts b/ui/src/app/schema-form/schema-form.module.ts index 842e903dd..13aba1369 100644 --- a/ui/src/app/schema-form/schema-form.module.ts +++ b/ui/src/app/schema-form/schema-form.module.ts @@ -1,5 +1,5 @@ import { NgModule } from '@angular/core'; -import { SchemaFormModule } from 'ngx-schema-form'; +import { SchemaFormModule, SchemaValidatorFactory } from 'ngx-schema-form'; import { CommonModule } from '@angular/common'; import { ReactiveFormsModule } from '@angular/forms'; @@ -23,6 +23,7 @@ import { CustomObjectWidget } from './widget/object/object.component'; import { CustomRadioComponent } from './widget/radio/radio.component'; import { InlineObjectListComponent } from './widget/array/inline-obj-list.component'; import { InlineObjectComponent } from './widget/object/inline-obj.component'; +import { CustomSchemaValidatorFactory } from './service/schema-validator'; export const COMPONENTS = [ BooleanRadioComponent, diff --git a/ui/src/app/schema-form/service/schema-validator.ts b/ui/src/app/schema-form/service/schema-validator.ts new file mode 100644 index 000000000..075a78ec9 --- /dev/null +++ b/ui/src/app/schema-form/service/schema-validator.ts @@ -0,0 +1,19 @@ +import * as ZSchema from 'z-schema'; +import { ZSchemaValidatorFactory } from 'ngx-schema-form'; + +export class CustomSchemaValidatorFactory extends ZSchemaValidatorFactory { + + protected zschema; + + constructor() { + super(); + this.createSchemaValidator(); + } + + private createSchemaValidator() { + this.zschema = new ZSchema({ + breakOnFirstError: false + }); + } +} + diff --git a/ui/src/app/schema-form/service/schema.service.ts b/ui/src/app/schema-form/service/schema.service.ts index 9cd7346de..617769de6 100644 --- a/ui/src/app/schema-form/service/schema.service.ts +++ b/ui/src/app/schema-form/service/schema.service.ts @@ -31,7 +31,8 @@ export class SchemaService { Object .keys(condition.properties) .some( - key => values.hasOwnProperty(key) ? condition.properties[key].enum[0] === values[key] : false + key => values.hasOwnProperty(key) && condition.properties[key].enum ? + condition.properties[key].enum[0] === values[key] : false ) ); currentConditions.forEach(el => { diff --git a/ui/src/app/schema-form/widget/datalist/datalist.component.html b/ui/src/app/schema-form/widget/datalist/datalist.component.html index 6ec585342..ece3d7878 100644 --- a/ui/src/app/schema-form/widget/datalist/datalist.component.html +++ b/ui/src/app/schema-form/widget/datalist/datalist.component.html @@ -21,4 +21,10 @@ role="textbox" [attr.aria-label]="schema.title | translate"> + + + , + error + + diff --git a/ui/src/app/schema-form/widget/datalist/datalist.component.ts b/ui/src/app/schema-form/widget/datalist/datalist.component.ts index 3393bd2c5..aecbe2fc3 100644 --- a/ui/src/app/schema-form/widget/datalist/datalist.component.ts +++ b/ui/src/app/schema-form/widget/datalist/datalist.component.ts @@ -2,6 +2,7 @@ import { Component, AfterViewInit } from '@angular/core'; import { ControlWidget } from 'ngx-schema-form'; import { SchemaService } from '../../service/schema.service'; +import { HARD_CODED_REQUIRED_MSG } from '../../model/messages'; @Component({ selector: 'datalist-component', @@ -26,4 +27,8 @@ export class DatalistComponent extends ControlWidget implements AfterViewInit { get required(): boolean { return this.widgetService.isRequired(this.formProperty); } + + getError(error: string): string { + return HARD_CODED_REQUIRED_MSG.test(error) ? 'message.required' : error; + } } diff --git a/ui/src/app/schema-form/widget/select/select.component.html b/ui/src/app/schema-form/widget/select/select.component.html index e66a83350..a7d1dd2ff 100644 --- a/ui/src/app/schema-form/widget/select/select.component.html +++ b/ui/src/app/schema-form/widget/select/select.component.html @@ -42,7 +42,7 @@ , - error + error diff --git a/ui/src/app/schema-form/widget/select/select.component.ts b/ui/src/app/schema-form/widget/select/select.component.ts index 5c6a2b65d..ecd50a75b 100644 --- a/ui/src/app/schema-form/widget/select/select.component.ts +++ b/ui/src/app/schema-form/widget/select/select.component.ts @@ -1,17 +1,21 @@ -import { Component, AfterViewInit } from '@angular/core'; +import { Component, AfterViewInit, OnDestroy } from '@angular/core'; import { SelectWidget } from 'ngx-schema-form'; import { SchemaService } from '../../service/schema.service'; -import { map, shareReplay } from 'rxjs/operators'; +import { map, shareReplay, startWith } from 'rxjs/operators'; +import { Subscription } from 'rxjs'; +import { HARD_CODED_REQUIRED_MSG } from '../../model/messages'; @Component({ selector: 'select-component', templateUrl: `./select.component.html` }) -export class CustomSelectComponent extends SelectWidget implements AfterViewInit { +export class CustomSelectComponent extends SelectWidget implements AfterViewInit, OnDestroy { options$: any; + errorSub: Subscription; + constructor( private widgetService: SchemaService ) { @@ -38,9 +42,23 @@ export class CustomSelectComponent extends SelectWidget implements AfterViewInit ) ); } + + this.errorSub = this.control.valueChanges.pipe(startWith(this.control.value)).subscribe(v => { + if (!v && this.required && !this.errorMessages.some(msg => HARD_CODED_REQUIRED_MSG.test(msg))) { + this.errorMessages.push('message.required'); + } + }); + } + + ngOnDestroy(): void { + this.errorSub.unsubscribe(); } get required(): boolean { return this.widgetService.isRequired(this.formProperty); } + + getError(error: string): string { + return HARD_CODED_REQUIRED_MSG.test(error) ? 'message.required' : error; + } } diff --git a/ui/src/app/schema-form/widget/string/string.component.html b/ui/src/app/schema-form/widget/string/string.component.html index 26964a59f..4986846ff 100644 --- a/ui/src/app/schema-form/widget/string/string.component.html +++ b/ui/src/app/schema-form/widget/string/string.component.html @@ -13,6 +13,7 @@ validate="true" [attr.readonly]="schema.readOnly?true:null" class="text-widget.id textline-widget form-control" + [class.is-invalid]="control.touched && !control.value && errorMessages.length" [attr.type]="this.getInputType()" [attr.id]="id" [formControl]="control" @@ -25,7 +26,7 @@ , - error + error { + if (!this.control.value + && this.required + && !this.errorMessages.some(msg => HARD_CODED_REQUIRED_MSG.test(msg)) + && this.errorMessages.indexOf(REQUIRED_MSG_OVERRIDE) < 0) { + this.errorMessages.push(REQUIRED_MSG_OVERRIDE); + } + if (!this.required) { + this.errorMessages = this.errorMessages.filter(e => e !== REQUIRED_MSG_OVERRIDE); + } + }); + } + + ngOnDestroy(): void { + this.errorSub.unsubscribe(); + } + get required(): boolean { - return this.widgetService.isRequired(this.formProperty); + const req = this.widgetService.isRequired(this.formProperty); + + return req; + } + + getError(error: string): string { + return HARD_CODED_REQUIRED_MSG.test(error) ? REQUIRED_MSG_OVERRIDE : error; } } diff --git a/ui/src/app/schema-form/widget/textarea/textarea.component.html b/ui/src/app/schema-form/widget/textarea/textarea.component.html index fb8164600..d47d6007d 100644 --- a/ui/src/app/schema-form/widget/textarea/textarea.component.html +++ b/ui/src/app/schema-form/widget/textarea/textarea.component.html @@ -18,4 +18,10 @@ [rows]="schema.widget.rows || 5" [formControl]="control" [attr.aria-label]="schema.title"> + + + , + error + + diff --git a/ui/src/app/schema-form/widget/textarea/textarea.component.ts b/ui/src/app/schema-form/widget/textarea/textarea.component.ts index 0f68e524f..fdbce4b35 100644 --- a/ui/src/app/schema-form/widget/textarea/textarea.component.ts +++ b/ui/src/app/schema-form/widget/textarea/textarea.component.ts @@ -1,20 +1,43 @@ -import { Component } from '@angular/core'; +import { Component, AfterViewInit, OnDestroy } from '@angular/core'; import { TextAreaWidget } from 'ngx-schema-form'; import { SchemaService } from '../../service/schema.service'; +import { Subscription } from 'rxjs'; +import { startWith } from 'rxjs/operators'; +import { HARD_CODED_REQUIRED_MSG } from '../../model/messages'; @Component({ selector: 'textarea-component', templateUrl: `./textarea.component.html` }) -export class CustomTextAreaComponent extends TextAreaWidget { +export class CustomTextAreaComponent extends TextAreaWidget implements AfterViewInit, OnDestroy { + + errorSub: Subscription; + constructor( private widgetService: SchemaService ) { super(); } + ngAfterViewInit(): void { + super.ngAfterViewInit(); + this.errorSub = this.control.valueChanges.pipe(startWith(this.control.value)).subscribe(v => { + if (!v && this.required && !this.errorMessages.some(msg => HARD_CODED_REQUIRED_MSG.test(msg))) { + this.errorMessages.push('message.required'); + } + }); + } + + ngOnDestroy(): void { + this.errorSub.unsubscribe(); + } + get required(): boolean { return this.widgetService.isRequired(this.formProperty); } + + getError(error: string): string { + return error.match('required').length ? 'message.required' : error; + } } diff --git a/ui/src/app/shared/autocomplete/autocomplete.component.scss b/ui/src/app/shared/autocomplete/autocomplete.component.scss index b721d9ea2..f794dce0c 100644 --- a/ui/src/app/shared/autocomplete/autocomplete.component.scss +++ b/ui/src/app/shared/autocomplete/autocomplete.component.scss @@ -1,5 +1,6 @@ @import "~bootstrap/scss/functions"; @import "~bootstrap/scss/variables"; +@import "../../../theme/palette"; .dropdown.form-group { margin-bottom: 0px; @@ -14,4 +15,16 @@ .btn-outline-secondary { border-color: $input-border-color; } + + &.is-invalid { + input.form-control { + border-color: $brand-danger; + } + } + + &.is-valid { + input.form-control { + border-color: $brand-success; + } + } } \ No newline at end of file diff --git a/ui/src/assets/schema/provider/filebacked-http-filters.schema.json b/ui/src/assets/schema/provider/filebacked-http-filters.schema.json index 4bb2f399c..820063bfa 100644 --- a/ui/src/assets/schema/provider/filebacked-http-filters.schema.json +++ b/ui/src/assets/schema/provider/filebacked-http-filters.schema.json @@ -50,8 +50,7 @@ "title": "label.certificate-file", "description": "tooltip.certificate-file", "type": "string", - "widget": "textline", - "default": "" + "widget": "textline" } }, "anyOf": [ @@ -59,6 +58,10 @@ "properties": { "requireSignedRoot": { "enum": [ true ] + }, + "certificateFile": { + "minLength": 1, + "type": "string" } }, "required": [ diff --git a/ui/src/assets/schema/provider/filebacked-http-reloading.schema.json b/ui/src/assets/schema/provider/filebacked-http-reloading.schema.json index de58d5137..4de59a093 100644 --- a/ui/src/assets/schema/provider/filebacked-http-reloading.schema.json +++ b/ui/src/assets/schema/provider/filebacked-http-reloading.schema.json @@ -51,7 +51,7 @@ "refreshDelayFactor": { "title": "label.refresh-delay-factor", "description": "tooltip.refresh-delay-factor", - "type": "number", + "type": "string", "widget": { "id": "number", "step": 0.01 @@ -59,7 +59,8 @@ "placeholder": "label.real-number", "minimum": 0, "maximum": 1, - "default": null + "default": null, + "pattern": "^([0]*(\\.[0-9]+)?|[0]*\\.[0-9]*[1-9][0-9]*)$" } } } diff --git a/ui/src/error.html b/ui/src/error.html new file mode 100644 index 000000000..5535dc452 --- /dev/null +++ b/ui/src/error.html @@ -0,0 +1,30 @@ + + + + + Shibboleth Metadata Management + + + + + + + + +
+
+
+
+ +
+
User request received
+

Your request has been received and is being reviewed. You will be notified with access status.

+
+
+
+
+
+ + diff --git a/ui/src/static.scss b/ui/src/static.scss new file mode 100644 index 000000000..67ebeacae --- /dev/null +++ b/ui/src/static.scss @@ -0,0 +1,28 @@ +@import '../node_modules/bootstrap/scss/bootstrap'; + +@import './theme/palette'; + +$font-size-xs: .75rem !default; +$fa-font-path: "."; + +@import '../node_modules/font-awesome/scss/font-awesome'; + +body { + background-color: map-get($theme-colors, light); + padding-top: 56px; +} + +.section { + .section-body { + background: $white; + } +} + +nav.fixed-top { + border-bottom: 3px solid map-get($theme-colors, primary); +} + +.card { + margin: 100px; + max-width: 500px; +}