github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(LDAP): skip pw validation on edit [EE-616] (#11666) 

Co-authored-by: testa113 <testa113>
pull/11820/head
Ali 2024-05-13 15:08:48 +12:00 committed by GitHub
parent 6a51b6b41e
commit a0ab82b866
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 34 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
app/portainer/views/settings/authentication/settingsAuthenticationController.js
View File

@ -3,6 +3,8 @@ import _ from 'lodash-es';
import { buildLdapSettingsModel, buildAdSettingsModel } from '@/portainer/settings/authentication/ldap/ldap-settings.model'; import { buildLdapSettingsModel, buildAdSettingsModel } from '@/portainer/settings/authentication/ldap/ldap-settings.model';
import { options } from '@/react/portainer/settings/AuthenticationView/InternalAuth/options'; import { options } from '@/react/portainer/settings/AuthenticationView/InternalAuth/options';
import { SERVER_TYPES } from '@/react/portainer/settings/AuthenticationView/ldap-options';
import { AuthenticationMethod } from '@/react/portainer/settings/types';
angular.module('portainer.app').controller('SettingsAuthenticationController', SettingsAuthenticationController); angular.module('portainer.app').controller('SettingsAuthenticationController', SettingsAuthenticationController);
@ -52,13 +54,13 @@ function SettingsAuthenticationController($q, $scope, $state, Notifications, Set
$scope.authMethod = value; $scope.authMethod = value;
if (value === 4) { if (value === 4) {
$scope.settings.AuthenticationMethod = 2; $scope.settings.AuthenticationMethod = AuthenticationMethod.LDAP;
$scope.formValues.ldap.serverType = 2; $scope.formValues.ldap.serverType = SERVER_TYPES.AD;
return; return;
} }
if (value === 2) { if (value === 2) {
$scope.settings.AuthenticationMethod = 2; $scope.settings.AuthenticationMethod = AuthenticationMethod.LDAP;
$scope.formValues.ldap.serverType = $scope.formValues.ldap.ldapSettings.ServerType; $scope.formValues.ldap.serverType = $scope.formValues.ldap.ldapSettings.ServerType;
return; return;
} }
@ -77,19 +79,19 @@ function SettingsAuthenticationController($q, $scope, $state, Notifications, Set
return false; return false;
} }
if (value === 4) { if (value === AuthenticationMethod.AD) {
return $scope.settings.AuthenticationMethod === 2 && $scope.formValues.ldap.serverType === 2; return $scope.settings.AuthenticationMethod === AuthenticationMethod.LDAP && $scope.formValues.ldap.serverType === SERVER_TYPES.AD;
} }
if (value === 2) { if (value === AuthenticationMethod.LDAP) {
return $scope.settings.AuthenticationMethod === 2 && $scope.formValues.ldap.serverType !== 2; return $scope.settings.AuthenticationMethod === AuthenticationMethod.LDAP && $scope.formValues.ldap.serverType !== SERVER_TYPES.AD;
} }
return $scope.settings.AuthenticationMethod === value; return $scope.settings.AuthenticationMethod === value;
}; };
$scope.isOauthEnabled = function isOauthEnabled() { $scope.isOauthEnabled = function isOauthEnabled() {
return $scope.settings && $scope.settings.AuthenticationMethod === 3; return $scope.settings && $scope.settings.AuthenticationMethod === AuthenticationMethod.OAuth;
}; };
$scope.LDAPConnectivityCheck = LDAPConnectivityCheck; $scope.LDAPConnectivityCheck = LDAPConnectivityCheck;
@ -152,7 +154,7 @@ function SettingsAuthenticationController($q, $scope, $state, Notifications, Set
const tlscaFile = tlscaCert !== $scope.settings.LDAPSettings.TLSConfig.TLSCACert ? tlscaCert : null; const tlscaFile = tlscaCert !== $scope.settings.LDAPSettings.TLSConfig.TLSCACert ? tlscaCert : null;
const isADServer = $scope.formValues.ldap.serverType === 2; const isADServer = $scope.formValues.ldap.serverType === SERVER_TYPES.AD;
const settings = isADServer ? $scope.formValues.ldap.adSettings : $scope.formValues.ldap.ldapSettings; const settings = isADServer ? $scope.formValues.ldap.adSettings : $scope.formValues.ldap.ldapSettings;
@ -185,17 +187,27 @@ function SettingsAuthenticationController($q, $scope, $state, Notifications, Set
$scope.isLDAPFormValid = isLDAPFormValid; $scope.isLDAPFormValid = isLDAPFormValid;
function isLDAPFormValid() { function isLDAPFormValid() {
const ldapSettings = $scope.formValues.ldap.serverType === 2 ? $scope.formValues.ldap.adSettings : $scope.formValues.ldap.ldapSettings; const ldapSettings = $scope.formValues.ldap.serverType === SERVER_TYPES.AD ? $scope.formValues.ldap.adSettings : $scope.formValues.ldap.ldapSettings;
const isTLSMode = ldapSettings.TLSConfig.TLS || ldapSettings.StartTLS; const isTLSMode = ldapSettings.TLSConfig.TLS || ldapSettings.StartTLS;
return ( return (
_.compact(ldapSettings.URLs).length && _.compact(ldapSettings.URLs).length &&
(ldapSettings.AnonymousMode || (ldapSettings.ReaderDN && ldapSettings.Password)) && (ldapSettings.AnonymousMode || (ldapSettings.ReaderDN && isLDAPPasswordValid(ldapSettings.Password))) &&
(!isTLSMode || (isTLSMode && $scope.formValues.TLSCACert) || ldapSettings.TLSConfig.TLSSkipVerify) && (!isTLSMode || (isTLSMode && $scope.formValues.TLSCACert) || ldapSettings.TLSConfig.TLSSkipVerify) &&
(!$scope.settings.LDAPSettings.AdminAutoPopulate || ($scope.settings.LDAPSettings.AdminAutoPopulate && $scope.formValues.selectedAdminGroups.length > 0)) (!$scope.settings.LDAPSettings.AdminAutoPopulate || ($scope.settings.LDAPSettings.AdminAutoPopulate && $scope.formValues.selectedAdminGroups.length > 0))
); );
} }
// isLDAPPasswordValid is used to validate the password field in the LDAP settings form, and avoids the password field to be required when the form is in edit mode
function isLDAPPasswordValid(password) {
// if isEdit and it doesn't switch between AD and LDAP, then an empty password is valid
if ($scope.state.isEditLDAP && $scope.state.initialServerType === $scope.formValues.ldap.serverType) {
return true;
}
// otherwise the password is required
return !!password;
}
$scope.isOAuthTeamMembershipFormValid = isOAuthTeamMembershipFormValid; $scope.isOAuthTeamMembershipFormValid = isOAuthTeamMembershipFormValid;
function isOAuthTeamMembershipFormValid() { function isOAuthTeamMembershipFormValid() {
if ($scope.settings && $scope.settings.OAuthSettings.OAuthAutoMapTeamMemberships && $scope.settings.OAuthSettings.TeamMemberships) { if ($scope.settings && $scope.settings.OAuthSettings.OAuthAutoMapTeamMemberships && $scope.settings.OAuthSettings.TeamMemberships) {
@ -223,8 +235,8 @@ function SettingsAuthenticationController($q, $scope, $state, Notifications, Set
$scope.OAuthSettings = settings.OAuthSettings; $scope.OAuthSettings = settings.OAuthSettings;
$scope.authMethod = settings.AuthenticationMethod; $scope.authMethod = settings.AuthenticationMethod;
if (settings.AuthenticationMethod === 2 && settings.LDAPSettings.ServerType === 2) { if (settings.AuthenticationMethod === AuthenticationMethod.LDAP && settings.LDAPSettings.ServerType === SERVER_TYPES.AD) {
$scope.authMethod = 4; $scope.authMethod = AuthenticationMethod.AD;
} }
if (settings.LDAPSettings.URL) { if (settings.LDAPSettings.URL) {
@ -237,15 +249,17 @@ function SettingsAuthenticationController($q, $scope, $state, Notifications, Set
settings.LDAPSettings.URLs.push(''); settings.LDAPSettings.URLs.push('');
} }
if (!settings.LDAPSettings.ServerType) { if (!settings.LDAPSettings.ServerType) {
settings.LDAPSettings.ServerType = 0; settings.LDAPSettings.ServerType = SERVER_TYPES.CUSTOM;
} }
$scope.formValues.ldap.serverType = settings.LDAPSettings.ServerType; $scope.formValues.ldap.serverType = settings.LDAPSettings.ServerType;
if (settings.LDAPSettings.ServerType === 2) { if (settings.LDAPSettings.ServerType === SERVER_TYPES.AD) {
$scope.formValues.ldap.adSettings = settings.LDAPSettings; $scope.formValues.ldap.adSettings = settings.LDAPSettings;
} else { } else {
$scope.formValues.ldap.ldapSettings = Object.assign($scope.formValues.ldap.ldapSettings, settings.LDAPSettings); $scope.formValues.ldap.ldapSettings = Object.assign($scope.formValues.ldap.ldapSettings, settings.LDAPSettings);
} }
$scope.state.isEditLDAP = settings.LDAPSettings.ServerType === SERVER_TYPES.AD || settings.LDAPSettings.ServerType === SERVER_TYPES.LDAP;
$scope.state.initialServerType = settings.LDAPSettings.ServerType;
}) })
.catch(function error(err) { .catch(function error(err) {
Notifications.error('Failure', err, 'Unable to retrieve application settings'); Notifications.error('Failure', err, 'Unable to retrieve application settings');

2
app/react/portainer/settings/AuthenticationView/ldap-options.tsx
View File

@ -3,7 +3,7 @@ import { Edit } from 'lucide-react';
import { FeatureId } from '@/react/portainer/feature-flags/enums'; import { FeatureId } from '@/react/portainer/feature-flags/enums';
import Openldap from '@/assets/ico/vendor/openldap.svg?c'; import Openldap from '@/assets/ico/vendor/openldap.svg?c';
const SERVER_TYPES = { export const SERVER_TYPES = {
CUSTOM: 0, CUSTOM: 0,
OPEN_LDAP: 1, OPEN_LDAP: 1,
AD: 2, AD: 2,

4
app/react/portainer/settings/types.ts
View File

@ -85,6 +85,10 @@ export enum AuthenticationMethod {
* OAuth represents the OAuth authentication method (authentication against a authorization server) * OAuth represents the OAuth authentication method (authentication against a authorization server)
*/ */
OAuth, OAuth,
/**
* AD represents the Active Directory authentication method (authentication against a Microsoft Active Directory server)
*/
AD,
} }
/** /**