mirror of
https://github.com/gravitl/netmaker.git
synced 2026-04-23 00:17:10 +08:00
Abhishek Kondur
12cc967ba1
* fix(go): set persistent keep alive when registering host using sso; * fix(go): run posture check violations on delete; * fix(go): upsert node on approving pending host; * fix(go): resolve concurrency issues during group delete cleanup; * fix(go): update doc links; * fix(go): add created and updated fields to host; * fix(go): skip delete and update superadmin on sync users; * fix(go): use conn directly for now; * fix(go): remove acl for idp groups; * fix(go): quote fields; * fix(go): use filters with count; * feat(go): add a search query; * fix(go): cleanup acls; * fix(go): review fixes; * fix(go): remove additional loop; * fix(go): fix * v1.5.1: separate out idp sync and reset signals for HA * v1.5.1: add grps with name for logging * v1.5.1: clear posture check violations when all checks are deleted * v1.5.1: set static when default host * v1.5.1: fix db status check * rm set max conns * v1.5.1: reset auto assigned gw when disconnected * fix(go): skip global network admin and user groups when splitting; * v1.5.1: fix update node call from client * fix(go): separate out migration from normal usage; * fix(go): skip default groups; * fix(go): create policies for existing groups on network create; * fix(go): skip fatal log on clickhouse conn; * fix(go): add posture check cleanup; --------- Co-authored-by: VishalDalwadi <dalwadivishal26@gmail.com> Co-authored-by: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
176 lines
6.0 KiB
Go
176 lines
6.0 KiB
Go
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/gravitl/netmaker/servercfg"
|
|
)
|
|
|
|
var htmlBaseTemplate = `<!DOCTYPE html>
|
|
<html lang="en">
|
|
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes">
|
|
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
|
<title>Netmaker :: SSO</title>
|
|
<script type="text/javascript">
|
|
function redirect()
|
|
{
|
|
window.location.href="` + fmt.Sprintf("https://dashboard.%s/login", servercfg.GetNmBaseDomain()) + `";
|
|
}
|
|
</script>
|
|
<style>
|
|
html,
|
|
body {
|
|
margin: 0px;
|
|
padding: 0px;
|
|
}
|
|
|
|
body {
|
|
height: 100vh;
|
|
overflow: hidden;
|
|
display: flex;
|
|
flex-flow: column nowrap;
|
|
justify-content: center;
|
|
align-items: center;
|
|
}
|
|
|
|
#logo {
|
|
width: 150px;
|
|
}
|
|
|
|
h3 {
|
|
margin-bottom: 3rem;
|
|
color: rgb(25, 135, 84);
|
|
font-size: xx-large;
|
|
}
|
|
|
|
h4 {
|
|
margin-bottom: 0px;
|
|
}
|
|
|
|
p {
|
|
margin-top: 0px;
|
|
margin-bottom: 0px;
|
|
}
|
|
.back-to-login-btn {
|
|
background: #5E5DF0;
|
|
border-radius: 999px;
|
|
box-shadow: #5E5DF0 0 10px 20px -10px;
|
|
box-sizing: border-box;
|
|
color: #FFFFFF;
|
|
cursor: pointer;
|
|
font-family: Inter,Helvetica,"Apple Color Emoji","Segoe UI Emoji",NotoColorEmoji,"Noto Color Emoji","Segoe UI Symbol","Android Emoji",EmojiSymbols,-apple-system,system-ui,"Segoe UI",Roboto,"Helvetica Neue","Noto Sans",sans-serif;
|
|
font-size: 16px;
|
|
font-weight: 700;
|
|
line-height: 24px;
|
|
opacity: 1;
|
|
outline: 0 solid transparent;
|
|
padding: 8px 18px;
|
|
user-select: none;
|
|
-webkit-user-select: none;
|
|
touch-action: manipulation;
|
|
width: fit-content;
|
|
word-break: break-word;
|
|
border: 0;
|
|
margin: 20px;
|
|
}
|
|
</style>
|
|
</head>
|
|
|
|
<body>
|
|
<img
|
|
src="https://media.netmaker.io/logos/svg/netmaker-logo-full-light-1.svg"
|
|
alt="netmaker logo"
|
|
id="logo"
|
|
>
|
|
%s
|
|
|
|
</body>
|
|
</html>`
|
|
|
|
var oauthNotConfigured = fmt.Sprintf(htmlBaseTemplate, `<h2>Your Netmaker server does not have OAuth configured.</h2>
|
|
<p>Please visit the docs <a href="https://learn.netmaker.io/how-to-guides/identity-provider-integration-guide" target="_blank" rel="noopener">here</a> to learn how to.</p>`)
|
|
|
|
var oauthStateInvalid = fmt.Sprintf(htmlBaseTemplate, `<h2>Invalid OAuth Session. Please re-try again.</h2>`)
|
|
|
|
var userNotAllowed = fmt.Sprintf(htmlBaseTemplate, `<h2>Your account does not have access to the dashboard. Please contact your administrator for more information about your account.</h2>
|
|
<p>Non-Admins can access the netmaker networks using <a href="https://learn.netmaker.io/getting-started/server-and-client-management/client-installation/netmaker-desktop-installation" target="_blank" rel="noopener">our Netmaker Desktop App.</a></p>`)
|
|
|
|
var userFirstTimeSignUp = fmt.Sprintf(htmlBaseTemplate, `<h2>Thank you for signing up. Please contact your administrator for access.</h2>`)
|
|
|
|
var userSignUpApprovalPending = fmt.Sprintf(htmlBaseTemplate, `<h2>Your account is yet to be approved. Please contact your administrator for access.</h2>`)
|
|
|
|
var userNotFound = fmt.Sprintf(htmlBaseTemplate, `<h2>User Not Found.</h2>`)
|
|
|
|
var somethingwentwrong = fmt.Sprintf(htmlBaseTemplate, `<h2>Something went wrong. Contact Admin.</h2>`)
|
|
|
|
var notallowedtosignup = fmt.Sprintf(htmlBaseTemplate, `<h2>Your email is not allowed. Please contact your administrator.</h2>`)
|
|
|
|
var authTypeMismatch = fmt.Sprintf(htmlBaseTemplate, `<h2>It looks like you already have an account with us using Basic Authentication.</h2>
|
|
<p>To continue, please log in with your existing credentials or reset your password if needed.</p>`)
|
|
|
|
var userAccountDisabled = fmt.Sprintf(htmlBaseTemplate, `<h2>Your account has been disabled. Please contact your administrator for more information about your account.</h2>`)
|
|
|
|
func handleOauthUserNotFound(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusNotFound)
|
|
response.Write([]byte(userNotFound))
|
|
}
|
|
|
|
func handleOauthUserNotAllowed(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusForbidden)
|
|
response.Write([]byte(userNotAllowed))
|
|
}
|
|
func handleFirstTimeOauthUserSignUp(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusForbidden)
|
|
response.Write([]byte(userFirstTimeSignUp))
|
|
}
|
|
|
|
func handleOauthUserSignUpApprovalPending(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusForbidden)
|
|
response.Write([]byte(userSignUpApprovalPending))
|
|
}
|
|
|
|
func handleOauthUserNotAllowedToSignUp(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusForbidden)
|
|
response.Write([]byte(notallowedtosignup))
|
|
}
|
|
|
|
// handleOauthNotConfigured - returns an appropriate html page when oauth is not configured on netmaker server but an oauth login was attempted
|
|
func handleOauthNotConfigured(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusInternalServerError)
|
|
response.Write([]byte(oauthNotConfigured))
|
|
}
|
|
|
|
func handleOauthNotValid(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusBadRequest)
|
|
response.Write([]byte(oauthStateInvalid))
|
|
}
|
|
|
|
func handleSomethingWentWrong(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusInternalServerError)
|
|
response.Write([]byte(somethingwentwrong))
|
|
}
|
|
|
|
func handleAuthTypeMismatch(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusBadRequest)
|
|
response.Write([]byte(authTypeMismatch))
|
|
}
|
|
|
|
func handleUserAccountDisabled(response http.ResponseWriter) {
|
|
response.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
response.WriteHeader(http.StatusUnauthorized)
|
|
response.Write([]byte(userAccountDisabled))
|
|
}
|