diff --git a/public/assets/pages/adminpage/ctrl_backend_state.js b/public/assets/pages/adminpage/ctrl_backend_state.js index 09a1a454..e67f612d 100644 --- a/public/assets/pages/adminpage/ctrl_backend_state.js +++ b/public/assets/pages/adminpage/ctrl_backend_state.js @@ -111,6 +111,7 @@ export function getState() { .map(([key, value]) => [key.replace(new RegExp(`^${authType}\.`), ""), value]) // format the relevant keys .reduce((acc, [key, value]) => { // transform onto something ready to be saved if (key === "type") return acc; + else if (key === "banner") return acc; else if (typeof key !== "string") return acc; return { ...acc, diff --git a/server/plugin/plg_authenticate_htpasswd/index.go b/server/plugin/plg_authenticate_htpasswd/index.go index 69615fd1..74f13f9b 100644 --- a/server/plugin/plg_authenticate_htpasswd/index.go +++ b/server/plugin/plg_authenticate_htpasswd/index.go @@ -25,6 +25,13 @@ type Htpasswd struct{} func (this Htpasswd) Setup() Form { return Form{ Elmnts: []FormElement{ + { + Name: "banner", + Type: "hidden", + Description: `Inspired by Apache, the htpasswd plugin uses the content of a .htpasswd file to authenticate users. It displays a username and password login page, verifying credentials against the provided htpasswd data. + +The plugin exposes 2 variables: {{ .user }} and {{ .password }} which can be used in the attribute mapping section to create rules tailored to your specific use case. Examples of this can be found [in the documentation](https://www.filestash.app/docs/install-and-upgrade/#advanced-authentication---facade-pattern)`, + }, { Name: "type", Type: "hidden", @@ -41,9 +48,7 @@ test5:$5$RkdUxGLHGhmrO0yj$K6bCqmB.OPR7KM4i5eiAG.mxFyhElLNdthSL.dreqN5 test6:$1$vuUKD.37$R6eCPFBa6lKIVfnkABveB1`, Default: "", Description: `The list of users who are granted access using either or both the htpasswd file format or the /etc/shadow file format. To generate a password: -'openssl passwd -6' or 'mkpasswd -m SHA-512' or the htpasswd cli tool. - -This plugin exposes {{ .user }} and {{ .password }} for the attribute mapping section`, +'openssl passwd -6' or 'mkpasswd -m SHA-512' or the htpasswd cli tool.`, }, }, } diff --git a/server/plugin/plg_authenticate_ldap/index.go b/server/plugin/plg_authenticate_ldap/index.go index ffdac8b6..ad66551e 100644 --- a/server/plugin/plg_authenticate_ldap/index.go +++ b/server/plugin/plg_authenticate_ldap/index.go @@ -14,6 +14,14 @@ type Ldap struct{} func (this Ldap) Setup() Form { return Form{ Elmnts: []FormElement{ + { + Name: "banner", + Type: "hidden", + Description: `This enterprise SSO plugin delegates authentication to an LDAP server, presenting users with a username and password login page. Their credentials are then verified against your LDAP directory. + +The plugin exposes the LDAP attribute of the authenticated users which can be used in the attribute mapping section to create rules tailored to your specific use case, see the documentation [on the website](https://www.filestash.app/setup-ldap.html). +`, + }, { Name: "type", Type: "hidden", @@ -22,37 +30,38 @@ func (this Ldap) Setup() Form { { Name: "Hostname", Type: "text", - ReadOnly: true, - Placeholder: "plugin available in the enterprise release", + Value: "", + Placeholder: "eg: ldap.example.com", }, { Name: "Port", Type: "text", - ReadOnly: true, - Placeholder: "plugin available in the enterprise release", + Value: "", + Placeholder: "eg: 389", }, { Name: "Bind DN", Type: "text", - ReadOnly: true, - Placeholder: "plugin available in the enterprise release", + Value: "", + Placeholder: "Bind DN", }, { Name: "Bind DN Password", - Type: "text", - ReadOnly: true, - Placeholder: "plugin available in the enterprise release", + Type: "password", + Value: "", + Placeholder: "Bind CN Password", }, { Name: "Base DN", Type: "text", - ReadOnly: true, - Placeholder: "plugin available in the enterprise release", - Description: `This plugin is to integrate with your LDAP server. After successfully authenticating to your IDP, the attributes relating to the user will be available in the attribute mapping section either by: -  1. copying those attributes in any field: {{ .sAMAccountName }} {{ .cn }} {{ .userPrincipalName }} {{ .mail }}, ... -  2. create custom rules based on some attributes like this: {{ if contains .memberOf "cn=admins" }}adminuser{{ else }}regularuser{{ end }} or {{ if eq .userPrincipalName "root" }}adminuser{{ else }}regularuser{{ end }} - -[Purchase the enterprise edition](https://www.filestash.app/purchase-enterprise-selfhosted.html)`, + Value: "", + Placeholder: "Base DN", + }, + { + Name: "Search Filter", + Type: "text", + Value: "", + Placeholder: "default: (&(objectclass=person)(|(uid={{.username}})(mail={{.username}})(sAMAccountName={{.username}})))", }, }, } @@ -61,7 +70,7 @@ func (this Ldap) Setup() Form { func (this Ldap) EntryPoint(idpParams map[string]string, req *http.Request, res http.ResponseWriter) error { http.Redirect( res, req, - "/?error=ldap is available for enterprise customer, see https://www.filestash.app/pricing/?modal=enterprise", + "https://www.filestash.app/purchase-enterprise-selfhosted.html", http.StatusTemporaryRedirect, ) return nil diff --git a/server/plugin/plg_authenticate_openid/index.go b/server/plugin/plg_authenticate_openid/index.go index f55eb209..cf0e55c6 100644 --- a/server/plugin/plg_authenticate_openid/index.go +++ b/server/plugin/plg_authenticate_openid/index.go @@ -14,6 +14,12 @@ type OpenID struct{} func (this OpenID) Setup() Form { return Form{ Elmnts: []FormElement{ + { + Name: "banner", + Type: "hidden", + Description: `This enterprise SSO plugin delegates authentication to an OIDC compliant Identity Provider (IDP). It exposes the attributes of the authenticated user, which can then be used in the attribute mapping section to create rules tailored to your specific use case. See the [full documentation](https://www.filestash.app/setup-oidc.html). +`, + }, { Name: "type", Type: "hidden", @@ -22,23 +28,28 @@ func (this OpenID) Setup() Form { { Name: "OpenID Config URL", Type: "text", - ReadOnly: true, - Placeholder: "plugin available in the enterprise release", + Value: "", + Placeholder: "OpenID Config URL", + Description: "The OpenID Configuration URL is given by your IDP. Eg: google (https://accounts.google.com/.well-known/openid-configuration), facebook (https://www.facebook.com/.well-known/openid-configuration/), keycloak (http://127.0.0.1:8080/realms/master/.well-known/openid-configuration), ...", }, { Name: "Client ID", Type: "text", - ReadOnly: true, - Placeholder: "plugin available in the enterprise release", + Value: "", + Placeholder: "ClientID provided by your identity provider", + }, + { + Name: "Client Secret", + Type: "text", + Value: "", + Placeholder: "ClientSecret provided by your identity provider", }, { Name: "Scope", Type: "text", - ReadOnly: true, - Placeholder: "plugin available in the enterprise release", - Description: `This plugin is to integrate with your IDP using SSO via OpenID. After having authenticated to your IDP, all the information related to the user will be available in the attribute mapping section like this: {{ .email }} {{ .name }} {{ .sub }}, ... - -[Purchase the enterprise edition](https://www.filestash.app/purchase-enterprise-selfhosted.html)`, + Value: "", + Placeholder: "OpenID Scope. Default: 'openid'", + Default: "openid", }, }, } @@ -47,7 +58,7 @@ func (this OpenID) Setup() Form { func (this OpenID) EntryPoint(idpParams map[string]string, req *http.Request, res http.ResponseWriter) error { http.Redirect( res, req, - "/?error=oidc is available for enterprise customer, see https://www.filestash.app/pricing/?modal=enterprise", + "https://www.filestash.app/purchase-enterprise-selfhosted.html", http.StatusTemporaryRedirect, ) return nil diff --git a/server/plugin/plg_authenticate_saml/index.go b/server/plugin/plg_authenticate_saml/index.go index bd6b96a6..8322f1eb 100644 --- a/server/plugin/plg_authenticate_saml/index.go +++ b/server/plugin/plg_authenticate_saml/index.go @@ -14,36 +14,43 @@ type Saml struct{} func (this Saml) Setup() Form { return Form{ Elmnts: []FormElement{ + { + Name: "banner", + Type: "hidden", + Description: `This enterprise SSO plugin delegates authentication to a SAML compliant Identity Provider (IDP). It exposes the attributes of the authenticated user, which can then be used in the attribute mapping section to create rules tailored to your specific use case. See the [full documentation](https://www.filestash.app/setup-saml.html). +`, + }, { Name: "type", Type: "hidden", Value: "saml", }, + { + Name: "IDP Metadata", + Type: "long_text", + Value: "", + Placeholder: "Paste the metadata from your IDP", + Description: `if your IDP asks for some information before giving the metadata file, use these: +- entityID: http://localhost:8334/saml/metadata +- assertionConsumerService (acs): http://localhost:8334/saml/acs +- singleLogoutService (slo): http://localhost:8334/saml/slo`, + }, { Name: "SP Metadata", Type: "text", ReadOnly: true, - Placeholder: "plugin available in the enterprise release", - }, - { - Name: "IDP Metadata", - Type: "text", - ReadOnly: true, - Placeholder: "plugin available in the enterprise release", - Description: `This plugin is to integrate with your IDP using SAML Single Sign-On. After having authenticated to your IDP, all the information about the user sent by your IDP will be available in the attribute mapping section either by: -  1. copying those attributes in any field: {{ .mail }}, {{ .uid }}, {{ .givenName }} -  2. create custom rules based on some attributes like this: {{ if eq .role "admin" }}adminuser{{ else }}regularuser{{ end }} - -[Purchase the enterprise edition](https://www.filestash.app/purchase-enterprise-selfhosted.html)`, + Value: "", + Placeholder: "visit: /saml/metadata", + Description: "The metadata file will be available under /saml/metadata once you've entered a valid IDP metadata which should come from your IDP", }, }, } } func (this Saml) EntryPoint(idpParams map[string]string, req *http.Request, res http.ResponseWriter) error { - http.Redirect( // TODO + http.Redirect( res, req, - "/?error=saml is available for enterprise customer, see https://www.filestash.app/pricing/?modal=enterprise", + "https://www.filestash.app/purchase-enterprise-selfhosted.html", http.StatusTemporaryRedirect, ) return nil