open-consul/ui/packages/consul-ui/app/components/auth-form/index.hbs

<StateChart @src={{this.chart}} as |State Guard ChartAction dispatch state|>
  {{#let
    (hash State=State Guard=Guard Action=ChartAction dispatch=dispatch state=state)
    as |chart|
  }}
    {{#let
      (hash
        reset=(action dispatch 'RESET')
        focus=this.focus
        disabled=(state-matches state 'loading')
        error=(queue
          (action dispatch 'ERROR') (action (mut this.error) value='error.errors.firstObject')
        )
        submit=(queue (action (mut this.value)) (action dispatch 'SUBMIT'))
      )
      as |exported|
    }}
      <Guard @name='hasValue' @cond={{this.hasValue}} />
      {{!TODO: Call this reset or similar }}
      <chart.Action
        @name='clearError'
        @exec={{queue (action (mut this.error) undefined) (action (mut this.secret) undefined)}}
      />
      <div class='auth-form' ...attributes>
        <StateChart
          @src={{this.tabsChart}}
          as |TabState IgnoredGuard IgnoredAction tabDispatch tabState|
        >
          {{#if (can 'use SSO')}}
            <TabNav
              @items={{array
                (hash label='Token' selected=(state-matches tabState 'token'))
                (hash label='SSO' selected=(state-matches tabState 'sso'))
              }}
              @onclick={{queue (action tabDispatch) (action dispatch 'RESET')}}
            />
          {{/if}}
          <State @matches='error'>
            {{#if this.error.status}}
              <Notice @type='error' role='alert' as |notice|>
                <notice.Body>
                  <p>
                    {{#if this.value.Name}}
                      {{#if (eq this.error.status '403')}}
                        <strong>Consul login failed</strong><br />
                        We received a token from your OIDC provider but could not log in to Consul
                        with it.
                      {{else if (eq this.error.status '401')}}
                        <strong>Could not log in to provider</strong><br />
                        The OIDC provider has rejected this access token. Please have an
                        administrator check your auth method configuration.
                      {{else if (eq this.error.status '499')}}
                        <strong>SSO log in window closed</strong><br />
                        The OIDC provider window was closed. Please try again.
                      {{else}}
                        <strong>Error</strong><br />
                        {{this.error.detail}}
                      {{/if}}
                    {{else}}
                      {{#if (eq this.error.status '403')}}
                        <strong>Invalid token</strong><br />
                        The token entered does not exist. Please enter a valid token to log in.
                      {{else if (eq this.error.status '404')}}
                        <strong>No providers</strong><br />
                        No SSO providers are configured for that Partition.
                      {{else}}
                        <strong>Error</strong><br />
                        {{this.error.detail}}
                      {{/if}}
                    {{/if}}
                  </p>
                </notice.Body>
              </Notice>
            {{/if}}
          </State>
          <TabState @matches='token'>
            <form onsubmit={{action dispatch 'SUBMIT'}}>
              <fieldset>
                <label
                  class={{concat
                    'type-password'
                    (if (and (state-matches state 'error') (not this.error.status)) ' has-error')
                  }}
                >
                  <span>Log in with a token</span>

                  {{! Blink/Webkit based seem to leak password inputs }}
                  {{! this will only occur during acceptance testing so }}
                  {{! turn them into text inputs during acceptance testing }}
                  <input
                    {{did-insert (set this 'input')}}
                    disabled={{state-matches state 'loading'}}
                    type={{if (eq (env 'environment') 'testing') 'text' 'password'}}
                    name='auth[SecretID]'
                    placeholder='SecretID'
                    value={{this.secret}}
                    oninput={{queue
                      (action (mut this.secret) value='target.value')
                      (action (mut this.value) value='target.value')
                      (action dispatch 'TYPING')
                    }}
                  />
                  <State @matches='error'>
                    {{#if (not this.error.status)}}
                      <strong role='alert'>
                        Please enter your secret
                      </strong>
                    {{/if}}
                  </State>
                </label>
              </fieldset>
              <Action @type='submit' disabled={{state-matches state 'loading'}}>
                Log in
              </Action>
            </form>
          </TabState>

          {{yield (assign exported (hash Method=TabState))}}

          <em>
            Contact your administrator for login credentials.
          </em>
        </StateChart>

      </div>
      <State @matches='loading'>
        <TokenSource
          @dc={{@dc}}
          @nspace={{or this.value.Namespace @nspace}}
          @partition={{or this.value.Partition @partition}}
          @type={{if this.value.Name 'oidc' 'secret'}}
          @value={{this.value}}
          @onchange={{queue (action dispatch 'RESET') @onsubmit}}
          @onerror={{queue
            (action (mut this.error) value='error.errors.firstObject')
            (action dispatch 'ERROR')
          }}
        />
      </State>
    {{/let}}
  {{/let}}
</StateChart>
Pre-populate partition on sso login 2022-10-19 23:26:25 +00:00			`<StateChart @src={{this.chart}} as \|State Guard ChartAction dispatch state\|>`
			`{{#let`
			`(hash State=State Guard=Guard Action=ChartAction dispatch=dispatch state=state)`
			`as \|chart\|`
			`}}`
			`{{#let`
			`(hash`
			`reset=(action dispatch 'RESET')`
			`focus=this.focus`
			`disabled=(state-matches state 'loading')`
			`error=(queue`
			`(action dispatch 'ERROR') (action (mut this.error) value='error.errors.firstObject')`
ui: Support for SSO with Admin Partitions (#11604) * Upgrade AuthForm and document current state a little better * Hoist SSO out of the AuthForm * Bare minimum admin partitioned SSO also: ui: Tabbed Login with Token or SSO interface (#11619) - I upgraded our super old, almost the first ember component I wrote, to use glimmer/almost template only. This should use slots/contextual components somehow, but thats a bigger upgrade so I didn't go that far. - I've been wanting to upgrade the shape of our StateChart component for a very long while now, here its very apparent that it would be much better to do this sooner rather than later. I left it as is for now, but there will be a PR coming soon with a slight reshaping of this component. - Added a did-upsert modifier which is a mix of did-insert/did-update - Documentation added/amended for all the new things. 2021-11-24 14:53:12 +00:00			`)`
Pre-populate partition on sso login 2022-10-19 23:26:25 +00:00			`submit=(queue (action (mut this.value)) (action dispatch 'SUBMIT'))`
			`)`
			`as \|exported\|`
			`}}`
			`<Guard @name='hasValue' @cond={{this.hasValue}} />`
			`{{!TODO: Call this reset or similar }}`
			`<chart.Action`
			`@name='clearError'`
			`@exec={{queue (action (mut this.error) undefined) (action (mut this.secret) undefined)}}`
			`/>`
			`<div class='auth-form' ...attributes>`
			`<StateChart`
			`@src={{this.tabsChart}}`
			`as \|TabState IgnoredGuard IgnoredAction tabDispatch tabState\|`
ui: Support for SSO with Admin Partitions (#11604) * Upgrade AuthForm and document current state a little better * Hoist SSO out of the AuthForm * Bare minimum admin partitioned SSO also: ui: Tabbed Login with Token or SSO interface (#11619) - I upgraded our super old, almost the first ember component I wrote, to use glimmer/almost template only. This should use slots/contextual components somehow, but thats a bigger upgrade so I didn't go that far. - I've been wanting to upgrade the shape of our StateChart component for a very long while now, here its very apparent that it would be much better to do this sooner rather than later. I left it as is for now, but there will be a PR coming soon with a slight reshaping of this component. - Added a did-upsert modifier which is a mix of did-insert/did-update - Documentation added/amended for all the new things. 2021-11-24 14:53:12 +00:00			`>`
Pre-populate partition on sso login 2022-10-19 23:26:25 +00:00			`{{#if (can 'use SSO')}}`
			`<TabNav`
			`@items={{array`
			`(hash label='Token' selected=(state-matches tabState 'token'))`
			`(hash label='SSO' selected=(state-matches tabState 'sso'))`
			`}}`
			`@onclick={{queue (action tabDispatch) (action dispatch 'RESET')}}`
			`/>`
			`{{/if}}`
			`<State @matches='error'>`
			`{{#if this.error.status}}`
			`<Notice @type='error' role='alert' as \|notice\|>`
			`<notice.Body>`
			`<p>`
			`{{#if this.value.Name}}`
			`{{#if (eq this.error.status '403')}}`
			`<strong>Consul login failed</strong><br />`
			`We received a token from your OIDC provider but could not log in to Consul`
			`with it.`
			`{{else if (eq this.error.status '401')}}`
			`<strong>Could not log in to provider</strong><br />`
			`The OIDC provider has rejected this access token. Please have an`
			`administrator check your auth method configuration.`
			`{{else if (eq this.error.status '499')}}`
			`<strong>SSO log in window closed</strong><br />`
			`The OIDC provider window was closed. Please try again.`
			`{{else}}`
			`<strong>Error</strong><br />`
			`{{this.error.detail}}`
			`{{/if}}`
			`{{else}}`
			`{{#if (eq this.error.status '403')}}`
			`<strong>Invalid token</strong><br />`
			`The token entered does not exist. Please enter a valid token to log in.`
			`{{else if (eq this.error.status '404')}}`
			`<strong>No providers</strong><br />`
			`No SSO providers are configured for that Partition.`
			`{{else}}`
			`<strong>Error</strong><br />`
			`{{this.error.detail}}`
			`{{/if}}`
			`{{/if}}`
			`</p>`
			`</notice.Body>`
			`</Notice>`
UI: Improved Login/Logout flow inc SSO support (#7790) * 6 new components for new login/logout flow, plus SSO support UI Components: 1. AuthDialog: Wraps/orchestrates AuthForm and AuthProfile 2. AuthForm: Authorization form shown when logged out. 3. AuthProfile: Simple presentational component to show the users 'Profile' 4. OidcSelect: A 'select' component for selecting an OIDC provider, dynamically uses either a single select menu or multiple buttons depending on the amount of providers Data Components: 1. JwtSource: Given an OIDC provider URL this component will request a token from the provider and fire an donchange event when it has been retrieved. Used by TokenSource. 2. TokenSource: Given a oidc provider name or a Consul SecretID, TokenSource will use whichever method/API requests required to retrieve Consul ACL Token, which is emitted to the onchange event handler. Very basic README documentation included here, which is likely to be refined somewhat. * CSS required for new auth/SSO UI components * Remaining app code required to tie the new auth/SSO work together * CSS code required to help tie the auth/SSO work together * Test code in order to get current tests passing with new auth/SSO flow ..plus extremely basics/skipped rendering tests for the new components * Treat the secret received from the server as the truth Previously we've always treated what the user typed as the truth, this breaks down when using SSO as the user doesn't type anything to retrieve a token. Therefore we change this so that we use the secret in the API response as the truth. * Make sure removing an dom tree from a buffer only removes its own tree 2020-05-11 15:37:11 +00:00			`{{/if}}`
			`</State>`
Pre-populate partition on sso login 2022-10-19 23:26:25 +00:00			`<TabState @matches='token'>`
			`<form onsubmit={{action dispatch 'SUBMIT'}}>`
			`<fieldset>`
			`<label`
			`class={{concat`
			`'type-password'`
			`(if (and (state-matches state 'error') (not this.error.status)) ' has-error')`
			`}}`
			`>`
			`<span>Log in with a token</span>`
ui: Support for SSO with Admin Partitions (#11604) * Upgrade AuthForm and document current state a little better * Hoist SSO out of the AuthForm * Bare minimum admin partitioned SSO also: ui: Tabbed Login with Token or SSO interface (#11619) - I upgraded our super old, almost the first ember component I wrote, to use glimmer/almost template only. This should use slots/contextual components somehow, but thats a bigger upgrade so I didn't go that far. - I've been wanting to upgrade the shape of our StateChart component for a very long while now, here its very apparent that it would be much better to do this sooner rather than later. I left it as is for now, but there will be a PR coming soon with a slight reshaping of this component. - Added a did-upsert modifier which is a mix of did-insert/did-update - Documentation added/amended for all the new things. 2021-11-24 14:53:12 +00:00
Pre-populate partition on sso login 2022-10-19 23:26:25 +00:00			`{{! Blink/Webkit based seem to leak password inputs }}`
			`{{! this will only occur during acceptance testing so }}`
			`{{! turn them into text inputs during acceptance testing }}`
			`<input`
			`{{did-insert (set this 'input')}}`
			`disabled={{state-matches state 'loading'}}`
			`type={{if (eq (env 'environment') 'testing') 'text' 'password'}}`
			`name='auth[SecretID]'`
			`placeholder='SecretID'`
			`value={{this.secret}}`
			`oninput={{queue`
			`(action (mut this.secret) value='target.value')`
			`(action (mut this.value) value='target.value')`
			`(action dispatch 'TYPING')`
			`}}`
			`/>`
			`<State @matches='error'>`
			`{{#if (not this.error.status)}}`
			`<strong role='alert'>`
			`Please enter your secret`
			`</strong>`
			`{{/if}}`
			`</State>`
			`</label>`
			`</fieldset>`
			`<Action @type='submit' disabled={{state-matches state 'loading'}}>`
			`Log in`
			`</Action>`
			`</form>`
			`</TabState>`
ui: Support for SSO with Admin Partitions (#11604) * Upgrade AuthForm and document current state a little better * Hoist SSO out of the AuthForm * Bare minimum admin partitioned SSO also: ui: Tabbed Login with Token or SSO interface (#11619) - I upgraded our super old, almost the first ember component I wrote, to use glimmer/almost template only. This should use slots/contextual components somehow, but thats a bigger upgrade so I didn't go that far. - I've been wanting to upgrade the shape of our StateChart component for a very long while now, here its very apparent that it would be much better to do this sooner rather than later. I left it as is for now, but there will be a PR coming soon with a slight reshaping of this component. - Added a did-upsert modifier which is a mix of did-insert/did-update - Documentation added/amended for all the new things. 2021-11-24 14:53:12 +00:00
Pre-populate partition on sso login 2022-10-19 23:26:25 +00:00			`{{yield (assign exported (hash Method=TabState))}}`
ui: Support for SSO with Admin Partitions (#11604) * Upgrade AuthForm and document current state a little better * Hoist SSO out of the AuthForm * Bare minimum admin partitioned SSO also: ui: Tabbed Login with Token or SSO interface (#11619) - I upgraded our super old, almost the first ember component I wrote, to use glimmer/almost template only. This should use slots/contextual components somehow, but thats a bigger upgrade so I didn't go that far. - I've been wanting to upgrade the shape of our StateChart component for a very long while now, here its very apparent that it would be much better to do this sooner rather than later. I left it as is for now, but there will be a PR coming soon with a slight reshaping of this component. - Added a did-upsert modifier which is a mix of did-insert/did-update - Documentation added/amended for all the new things. 2021-11-24 14:53:12 +00:00
Pre-populate partition on sso login 2022-10-19 23:26:25 +00:00			`<em>`
			`Contact your administrator for login credentials.`
			`</em>`
			`</StateChart>`
ui: Support for SSO with Admin Partitions (#11604) * Upgrade AuthForm and document current state a little better * Hoist SSO out of the AuthForm * Bare minimum admin partitioned SSO also: ui: Tabbed Login with Token or SSO interface (#11619) - I upgraded our super old, almost the first ember component I wrote, to use glimmer/almost template only. This should use slots/contextual components somehow, but thats a bigger upgrade so I didn't go that far. - I've been wanting to upgrade the shape of our StateChart component for a very long while now, here its very apparent that it would be much better to do this sooner rather than later. I left it as is for now, but there will be a PR coming soon with a slight reshaping of this component. - Added a did-upsert modifier which is a mix of did-insert/did-update - Documentation added/amended for all the new things. 2021-11-24 14:53:12 +00:00
Pre-populate partition on sso login 2022-10-19 23:26:25 +00:00			`</div>`
			`<State @matches='loading'>`
			`<TokenSource`
			`@dc={{@dc}}`
			`@nspace={{or this.value.Namespace @nspace}}`
			`@partition={{or this.value.Partition @partition}}`
			`@type={{if this.value.Name 'oidc' 'secret'}}`
			`@value={{this.value}}`
			`@onchange={{queue (action dispatch 'RESET') @onsubmit}}`
			`@onerror={{queue`
			`(action (mut this.error) value='error.errors.firstObject')`
			`(action dispatch 'ERROR')`
			`}}`
			`/>`
			`</State>`
			`{{/let}}`
			`{{/let}}`
			`</StateChart>`