Backup_Repos/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash synced 2026-01-03 22:33:08 +01:00
Code Issues Projects Releases Wiki Activity

chore (banner): auth middleware banners

Browse source
This commit is contained in:
MickaelK 2024-12-10 00:42:06 +11:00
parent 5a3feaeab4
commit d6bc0d55f1
5 changed files with 77 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
public/assets/pages/adminpage/ctrl_backend_state.js
View file

@ -111,6 +111,7 @@ export function getState() {
.map(([key, value]) => [key.replace(new RegExp(`^${authType}\.`), ""), value]) // format the relevant keys
.reduce((acc, [key, value]) => { // transform onto something ready to be saved
if (key === "type") return acc;
else if (key === "banner") return acc;
else if (typeof key !== "string") return acc;
return {
...acc,

11
server/plugin/plg_authenticate_htpasswd/index.go
View file

@ -25,6 +25,13 @@ type Htpasswd struct{}
func (this Htpasswd) Setup() Form {
return Form{
Elmnts: []FormElement{
{
Name: "banner",
Type: "hidden",
Description: `Inspired by Apache, the htpasswd plugin uses the content of a .htpasswd file to authenticate users. It displays a username and password login page, verifying credentials against the provided htpasswd data.
The plugin exposes 2 variables: {{ .user }} and {{ .password }} which can be used in the attribute mapping section to create rules tailored to your specific use case. Examples of this can be found [in the documentation](https://www.filestash.app/docs/install-and-upgrade/#advanced-authentication---facade-pattern)`,
},
{
Name: "type",
Type: "hidden",
@ -41,9 +48,7 @@ test5:$5$RkdUxGLHGhmrO0yj$K6bCqmB.OPR7KM4i5eiAG.mxFyhElLNdthSL.dreqN5
test6:$1$vuUKD.37$R6eCPFBa6lKIVfnkABveB1`,
Default: "",
Description: `The list of users who are granted access using either or both the htpasswd file format or the /etc/shadow file format. To generate a password:
'openssl passwd -6' or 'mkpasswd -m SHA-512' or the htpasswd cli tool.
This plugin exposes {{ .user }} and {{ .password }} for the attribute mapping section`,
'openssl passwd -6' or 'mkpasswd -m SHA-512' or the htpasswd cli tool.`,
},
},
}

43
server/plugin/plg_authenticate_ldap/index.go
View file

@ -14,6 +14,14 @@ type Ldap struct{}
func (this Ldap) Setup() Form {
return Form{
Elmnts: []FormElement{
{
Name: "banner",
Type: "hidden",
Description: `This enterprise SSO plugin delegates authentication to an LDAP server, presenting users with a username and password login page. Their credentials are then verified against your LDAP directory.
The plugin exposes the LDAP attribute of the authenticated users which can be used in the attribute mapping section to create rules tailored to your specific use case, see the documentation [on the website](https://www.filestash.app/setup-ldap.html).
`,
},
{
Name: "type",
Type: "hidden",
@ -22,37 +30,38 @@ func (this Ldap) Setup() Form {
{
Name: "Hostname",
Type: "text",
ReadOnly: true,
Placeholder: "plugin available in the enterprise release",
Value: "",
Placeholder: "eg: ldap.example.com",
},
{
Name: "Port",
Type: "text",
ReadOnly: true,
Placeholder: "plugin available in the enterprise release",
Value: "",
Placeholder: "eg: 389",
},
{
Name: "Bind DN",
Type: "text",
ReadOnly: true,
Placeholder: "plugin available in the enterprise release",
Value: "",
Placeholder: "Bind DN",
},
{
Name: "Bind DN Password",
Type: "text",
ReadOnly: true,
Placeholder: "plugin available in the enterprise release",
Type: "password",
Value: "",
Placeholder: "Bind CN Password",
},
{
Name: "Base DN",
Type: "text",
ReadOnly: true,
Placeholder: "plugin available in the enterprise release",
Description: `This plugin is to integrate with your LDAP server. After successfully authenticating to your IDP, the attributes relating to the user will be available in the attribute mapping section either by:
  1. copying those attributes in any field: {{ .sAMAccountName }} {{ .cn }} {{ .userPrincipalName }} {{ .mail }}, ...
  2. create custom rules based on some attributes like this: {{ if contains .memberOf "cn=admins" }}adminuser{{ else }}regularuser{{ end }} or {{ if eq .userPrincipalName "root" }}adminuser{{ else }}regularuser{{ end }}
[Purchase the enterprise edition](https://www.filestash.app/purchase-enterprise-selfhosted.html)`,
Value: "",
Placeholder: "Base DN",
},
{
Name: "Search Filter",
Type: "text",
Value: "",
Placeholder: "default: (&(objectclass=person)(|(uid={{.username}})(mail={{.username}})(sAMAccountName={{.username}})))",
},
},
}
@ -61,7 +70,7 @@ func (this Ldap) Setup() Form {
func (this Ldap) EntryPoint(idpParams map[string]string, req *http.Request, res http.ResponseWriter) error {
http.Redirect(
res, req,
"/?error=ldap is available for enterprise customer, see https://www.filestash.app/pricing/?modal=enterprise",
"https://www.filestash.app/purchase-enterprise-selfhosted.html",
http.StatusTemporaryRedirect,
)
return nil

31
server/plugin/plg_authenticate_openid/index.go
View file

@ -14,6 +14,12 @@ type OpenID struct{}
func (this OpenID) Setup() Form {
return Form{
Elmnts: []FormElement{
{
Name: "banner",
Type: "hidden",
Description: `This enterprise SSO plugin delegates authentication to an OIDC compliant Identity Provider (IDP). It exposes the attributes of the authenticated user, which can then be used in the attribute mapping section to create rules tailored to your specific use case. See the [full documentation](https://www.filestash.app/setup-oidc.html).
`,
},
{
Name: "type",
Type: "hidden",
@ -22,23 +28,28 @@ func (this OpenID) Setup() Form {
{
Name: "OpenID Config URL",
Type: "text",
ReadOnly: true,
Placeholder: "plugin available in the enterprise release",
Value: "",
Placeholder: "OpenID Config URL",
Description: "The OpenID Configuration URL is given by your IDP. Eg: google (https://accounts.google.com/.well-known/openid-configuration), facebook (https://www.facebook.com/.well-known/openid-configuration/), keycloak (http://127.0.0.1:8080/realms/master/.well-known/openid-configuration), ...",
},
{
Name: "Client ID",
Type: "text",
ReadOnly: true,
Placeholder: "plugin available in the enterprise release",
Value: "",
Placeholder: "ClientID provided by your identity provider",
},
{
Name: "Client Secret",
Type: "text",
Value: "",
Placeholder: "ClientSecret provided by your identity provider",
},
{
Name: "Scope",
Type: "text",
ReadOnly: true,
Placeholder: "plugin available in the enterprise release",
Description: `This plugin is to integrate with your IDP using SSO via OpenID. After having authenticated to your IDP, all the information related to the user will be available in the attribute mapping section like this: {{ .email }} {{ .name }} {{ .sub }}, ...
[Purchase the enterprise edition](https://www.filestash.app/purchase-enterprise-selfhosted.html)`,
Value: "",
Placeholder: "OpenID Scope. Default: 'openid'",
Default: "openid",
},
},
}
@ -47,7 +58,7 @@ func (this OpenID) Setup() Form {
func (this OpenID) EntryPoint(idpParams map[string]string, req *http.Request, res http.ResponseWriter) error {
http.Redirect(
res, req,
"/?error=oidc is available for enterprise customer, see https://www.filestash.app/pricing/?modal=enterprise",
"https://www.filestash.app/purchase-enterprise-selfhosted.html",
http.StatusTemporaryRedirect,
)
return nil

35
server/plugin/plg_authenticate_saml/index.go
View file

@ -14,36 +14,43 @@ type Saml struct{}
func (this Saml) Setup() Form {
return Form{
Elmnts: []FormElement{
{
Name: "banner",
Type: "hidden",
Description: `This enterprise SSO plugin delegates authentication to a SAML compliant Identity Provider (IDP). It exposes the attributes of the authenticated user, which can then be used in the attribute mapping section to create rules tailored to your specific use case. See the [full documentation](https://www.filestash.app/setup-saml.html).
`,
},
{
Name: "type",
Type: "hidden",
Value: "saml",
},
{
Name: "IDP Metadata",
Type: "long_text",
Value: "",
Placeholder: "Paste the metadata from your IDP",
Description: `if your IDP asks for some information before giving the metadata file, use these:
- entityID: http://localhost:8334/saml/metadata
- assertionConsumerService (acs): http://localhost:8334/saml/acs
- singleLogoutService (slo): http://localhost:8334/saml/slo`,
},
{
Name: "SP Metadata",
Type: "text",
ReadOnly: true,
Placeholder: "plugin available in the enterprise release",
},
{
Name: "IDP Metadata",
Type: "text",
ReadOnly: true,
Placeholder: "plugin available in the enterprise release",
Description: `This plugin is to integrate with your IDP using SAML Single Sign-On. After having authenticated to your IDP, all the information about the user sent by your IDP will be available in the attribute mapping section either by:
  1. copying those attributes in any field: {{ .mail }}, {{ .uid }}, {{ .givenName }}
  2. create custom rules based on some attributes like this: {{ if eq .role "admin" }}adminuser{{ else }}regularuser{{ end }}
[Purchase the enterprise edition](https://www.filestash.app/purchase-enterprise-selfhosted.html)`,
Value: "",
Placeholder: "visit: /saml/metadata",
Description: "The metadata file will be available under /saml/metadata once you've entered a valid IDP metadata which should come from your IDP",
},
},
}
}
func (this Saml) EntryPoint(idpParams map[string]string, req *http.Request, res http.ResponseWriter) error {
http.Redirect( // TODO
http.Redirect(
res, req,
"/?error=saml is available for enterprise customer, see https://www.filestash.app/pricing/?modal=enterprise",
"https://www.filestash.app/purchase-enterprise-selfhosted.html",
http.StatusTemporaryRedirect,
)
return nil