4178860896
Closes #2984
657 lines
21 KiB
TypeScript
657 lines
21 KiB
TypeScript
import {
|
|
Alert,
|
|
AlertVariant,
|
|
ButtonVariant,
|
|
Divider,
|
|
DropdownItem,
|
|
Label,
|
|
PageSection,
|
|
Tab,
|
|
TabTitleText,
|
|
Tooltip,
|
|
} from "@patternfly/react-core";
|
|
import { InfoCircleIcon } from "@patternfly/react-icons";
|
|
import type ClientRepresentation from "@keycloak/keycloak-admin-client/lib/defs/clientRepresentation";
|
|
import { cloneDeep, sortBy } from "lodash-es";
|
|
import React, { useMemo, useState } from "react";
|
|
import { Controller, FormProvider, useForm, useWatch } from "react-hook-form";
|
|
import { useTranslation } from "react-i18next";
|
|
import { useHistory, useParams } from "react-router-dom";
|
|
import { useAlerts } from "../components/alert/Alerts";
|
|
import {
|
|
ConfirmDialogModal,
|
|
useConfirmDialog,
|
|
} from "../components/confirm-dialog/ConfirmDialog";
|
|
import { DownloadDialog } from "../components/download-dialog/DownloadDialog";
|
|
import {
|
|
stringToMultiline,
|
|
toStringValue,
|
|
} from "../components/multi-line-input/multi-line-convert";
|
|
import {
|
|
ViewHeader,
|
|
ViewHeaderBadge,
|
|
} from "../components/view-header/ViewHeader";
|
|
import { KeycloakSpinner } from "../components/keycloak-spinner/KeycloakSpinner";
|
|
import { useAdminClient, useFetch } from "../context/auth/AdminClient";
|
|
import { useRealm } from "../context/realm-context/RealmContext";
|
|
import { RolesList } from "../realm-roles/RolesList";
|
|
import {
|
|
convertFormValuesToObject,
|
|
convertToFormValues,
|
|
exportClient,
|
|
} from "../util";
|
|
import useToggle from "../utils/useToggle";
|
|
import { AdvancedTab } from "./AdvancedTab";
|
|
import { ClientSettings } from "./ClientSettings";
|
|
import { ClientSessions } from "./ClientSessions";
|
|
import { Credentials } from "./credentials/Credentials";
|
|
import { Keys } from "./keys/Keys";
|
|
import { ClientParams, ClientTab, toClient } from "./routes/Client";
|
|
import { toClients } from "./routes/Clients";
|
|
import { ClientScopes } from "./scopes/ClientScopes";
|
|
import { EvaluateScopes } from "./scopes/EvaluateScopes";
|
|
import { ServiceAccount } from "./service-account/ServiceAccount";
|
|
import { isRealmClient, getProtocolName } from "./utils";
|
|
import { SamlKeys } from "./keys/SamlKeys";
|
|
import { AuthorizationSettings } from "./authorization/Settings";
|
|
import { AuthorizationResources } from "./authorization/Resources";
|
|
import { AuthorizationScopes } from "./authorization/Scopes";
|
|
import { AuthorizationPolicies } from "./authorization/Policies";
|
|
import { AuthorizationPermissions } from "./authorization/Permissions";
|
|
import { AuthorizationEvaluate } from "./authorization/AuthorizationEvaluate";
|
|
import {
|
|
routableTab,
|
|
RoutableTabs,
|
|
} from "../components/routable-tabs/RoutableTabs";
|
|
import {
|
|
AuthorizationTab,
|
|
toAuthorizationTab,
|
|
} from "./routes/AuthenticationTab";
|
|
import { toClientScopesTab } from "./routes/ClientScopeTab";
|
|
import { AuthorizationExport } from "./authorization/AuthorizationExport";
|
|
import { useServerInfo } from "../context/server-info/ServerInfoProvider";
|
|
import { PermissionsTab } from "../components/permission-tab/PermissionTab";
|
|
import type { KeyValueType } from "../components/key-value-form/key-value-convert";
|
|
import { useAccess } from "../context/access/Access";
|
|
|
|
type ClientDetailHeaderProps = {
|
|
onChange: (value: boolean) => void;
|
|
value: boolean;
|
|
save: () => void;
|
|
client: ClientRepresentation;
|
|
toggleDownloadDialog: () => void;
|
|
toggleDeleteDialog: () => void;
|
|
};
|
|
|
|
const ClientDetailHeader = ({
|
|
onChange,
|
|
value,
|
|
save,
|
|
client,
|
|
toggleDownloadDialog,
|
|
toggleDeleteDialog,
|
|
}: ClientDetailHeaderProps) => {
|
|
const { t } = useTranslation("clients");
|
|
const [toggleDisableDialog, DisableConfirm] = useConfirmDialog({
|
|
titleKey: "clients:disableConfirmTitle",
|
|
messageKey: "clients:disableConfirm",
|
|
continueButtonLabel: "common:disable",
|
|
onConfirm: () => {
|
|
onChange(!value);
|
|
save();
|
|
},
|
|
});
|
|
|
|
const badges = useMemo<ViewHeaderBadge[]>(() => {
|
|
const protocolName = getProtocolName(
|
|
t,
|
|
client.protocol ?? "openid-connect"
|
|
);
|
|
|
|
const text = client.bearerOnly ? (
|
|
<Tooltip
|
|
data-testid="bearer-only-explainer-tooltip"
|
|
content={t("explainBearerOnly")}
|
|
>
|
|
<Label
|
|
data-testid="bearer-only-explainer-label"
|
|
icon={<InfoCircleIcon />}
|
|
>
|
|
{protocolName}
|
|
</Label>
|
|
</Tooltip>
|
|
) : (
|
|
<Label>{protocolName}</Label>
|
|
);
|
|
|
|
return [{ text }];
|
|
}, [client, t]);
|
|
|
|
const { hasAccess } = useAccess();
|
|
const isManager = hasAccess("manage-clients") || client.access?.configure;
|
|
|
|
const dropdownItems = [
|
|
<DropdownItem key="download" onClick={toggleDownloadDialog}>
|
|
{t("downloadAdapterConfig")}
|
|
</DropdownItem>,
|
|
<DropdownItem key="export" onClick={() => exportClient(client)}>
|
|
{t("common:export")}
|
|
</DropdownItem>,
|
|
...(!isRealmClient(client) && isManager
|
|
? [
|
|
<Divider key="divider" />,
|
|
<DropdownItem
|
|
data-testid="delete-client"
|
|
key="delete"
|
|
onClick={toggleDeleteDialog}
|
|
>
|
|
{t("common:delete")}
|
|
</DropdownItem>,
|
|
]
|
|
: []),
|
|
];
|
|
|
|
return (
|
|
<>
|
|
<DisableConfirm />
|
|
<ViewHeader
|
|
titleKey={client.clientId!}
|
|
subKey="clients:clientsExplain"
|
|
badges={badges}
|
|
divider={false}
|
|
isReadOnly={!isManager}
|
|
helpTextKey="clients-help:enableDisable"
|
|
dropdownItems={dropdownItems}
|
|
isEnabled={value}
|
|
onToggle={(value) => {
|
|
if (!value) {
|
|
toggleDisableDialog();
|
|
} else {
|
|
onChange(value);
|
|
save();
|
|
}
|
|
}}
|
|
/>
|
|
</>
|
|
);
|
|
};
|
|
|
|
export type SaveOptions = {
|
|
confirmed?: boolean;
|
|
messageKey?: string;
|
|
};
|
|
|
|
export default function ClientDetails() {
|
|
const { t } = useTranslation("clients");
|
|
const { adminClient } = useAdminClient();
|
|
const { addAlert, addError } = useAlerts();
|
|
const { realm } = useRealm();
|
|
const { profileInfo } = useServerInfo();
|
|
|
|
const { hasAccess } = useAccess();
|
|
const permissionsEnabled =
|
|
!profileInfo?.disabledFeatures?.includes("ADMIN_FINE_GRAINED_AUTHZ") &&
|
|
hasAccess("manage-authorization");
|
|
const hasManageClients = hasAccess("manage-clients");
|
|
const hasViewUsers = hasAccess("view-users");
|
|
|
|
const history = useHistory();
|
|
|
|
const [downloadDialogOpen, toggleDownloadDialogOpen] = useToggle();
|
|
const [changeAuthenticatorOpen, toggleChangeAuthenticatorOpen] = useToggle();
|
|
|
|
const form = useForm<ClientRepresentation>({ shouldUnregister: false });
|
|
const { clientId } = useParams<ClientParams>();
|
|
const [key, setKey] = useState(0);
|
|
|
|
const clientAuthenticatorType = useWatch({
|
|
control: form.control,
|
|
name: "clientAuthenticatorType",
|
|
defaultValue: "client-secret",
|
|
});
|
|
|
|
const [client, setClient] = useState<ClientRepresentation>();
|
|
|
|
const loader = async () => {
|
|
const roles = await adminClient.clients.listRoles({ id: clientId });
|
|
return sortBy(roles, (role) => role.name?.toUpperCase());
|
|
};
|
|
|
|
const [toggleDeleteDialog, DeleteConfirm] = useConfirmDialog({
|
|
titleKey: "clients:clientDeleteConfirmTitle",
|
|
messageKey: "clients:clientDeleteConfirm",
|
|
continueButtonLabel: "common:delete",
|
|
continueButtonVariant: ButtonVariant.danger,
|
|
onConfirm: async () => {
|
|
try {
|
|
await adminClient.clients.del({ id: clientId });
|
|
addAlert(t("clientDeletedSuccess"), AlertVariant.success);
|
|
history.push(toClients({ realm }));
|
|
} catch (error) {
|
|
addError("clients:clientDeleteError", error);
|
|
}
|
|
},
|
|
});
|
|
|
|
const setupForm = (client: ClientRepresentation) => {
|
|
form.reset({ ...client });
|
|
convertToFormValues(client, form.setValue);
|
|
form.setValue(
|
|
"attributes.request.uris",
|
|
stringToMultiline(client.attributes?.["request.uris"])
|
|
);
|
|
if (client.attributes?.["acr.loa.map"]) {
|
|
form.setValue(
|
|
"attributes.acr.loa.map",
|
|
Object.entries(JSON.parse(client.attributes["acr.loa.map"])).flatMap(
|
|
([key, value]) => ({ key, value })
|
|
)
|
|
);
|
|
}
|
|
if (client.attributes?.["default.acr.values"]) {
|
|
form.setValue(
|
|
"attributes.default.acr.values",
|
|
stringToMultiline(client.attributes["default.acr.values"])
|
|
);
|
|
}
|
|
if (client.attributes?.["post.logout.redirect.uris"]) {
|
|
form.setValue(
|
|
"attributes.post.logout.redirect.uris",
|
|
stringToMultiline(client.attributes["post.logout.redirect.uris"])
|
|
);
|
|
}
|
|
Object.entries(client.attributes || {})
|
|
.filter(([key]) => key.startsWith("saml.server.signature"))
|
|
.map(([key, value]) =>
|
|
form.setValue("attributes." + key.replaceAll(".", "$"), value)
|
|
);
|
|
};
|
|
|
|
useFetch(
|
|
() => adminClient.clients.findOne({ id: clientId }),
|
|
(fetchedClient) => {
|
|
if (!fetchedClient) {
|
|
throw new Error(t("common:notFound"));
|
|
}
|
|
setClient(cloneDeep(fetchedClient));
|
|
setupForm(fetchedClient);
|
|
},
|
|
[clientId, key]
|
|
);
|
|
|
|
const save = async (
|
|
{ confirmed = false, messageKey = "clientSaveSuccess" }: SaveOptions = {
|
|
confirmed: false,
|
|
messageKey: "clientSaveSuccess",
|
|
}
|
|
) => {
|
|
if (await form.trigger()) {
|
|
if (
|
|
!client?.publicClient &&
|
|
client?.clientAuthenticatorType !== clientAuthenticatorType &&
|
|
!confirmed
|
|
) {
|
|
toggleChangeAuthenticatorOpen();
|
|
return;
|
|
}
|
|
|
|
const values = form.getValues();
|
|
|
|
if (values.attributes?.request.uris) {
|
|
values.attributes["request.uris"] = toStringValue(
|
|
values.attributes.request.uris
|
|
);
|
|
}
|
|
|
|
if (values.attributes?.default?.acr?.values) {
|
|
values.attributes["default.acr.values"] = toStringValue(
|
|
values.attributes.default.acr.values
|
|
);
|
|
}
|
|
|
|
if (values.attributes?.post.logout.redirect.uris) {
|
|
values.attributes["post.logout.redirect.uris"] = toStringValue(
|
|
values.attributes.post.logout.redirect.uris
|
|
);
|
|
}
|
|
|
|
const submittedClient =
|
|
convertFormValuesToObject<ClientRepresentation>(values);
|
|
|
|
Object.entries(values.attributes || {})
|
|
.filter(([key]) => key.includes("$"))
|
|
.map(
|
|
([key, value]) =>
|
|
(submittedClient.attributes![key.replaceAll("$", ".")] = value)
|
|
);
|
|
|
|
if (submittedClient.attributes?.["acr.loa.map"]) {
|
|
submittedClient.attributes["acr.loa.map"] = JSON.stringify(
|
|
Object.fromEntries(
|
|
(submittedClient.attributes["acr.loa.map"] as KeyValueType[])
|
|
.filter(({ key }) => key !== "")
|
|
.map(({ key, value }) => [key, value])
|
|
)
|
|
);
|
|
}
|
|
|
|
try {
|
|
const newClient: ClientRepresentation = {
|
|
...client,
|
|
...submittedClient,
|
|
};
|
|
|
|
newClient.clientId = newClient.clientId?.trim();
|
|
|
|
await adminClient.clients.update({ id: clientId }, newClient);
|
|
setupForm(newClient);
|
|
setClient(newClient);
|
|
addAlert(t(messageKey), AlertVariant.success);
|
|
} catch (error) {
|
|
addError("clients:clientSaveError", error);
|
|
}
|
|
}
|
|
};
|
|
|
|
if (!client) {
|
|
return <KeycloakSpinner />;
|
|
}
|
|
|
|
const route = (tab: ClientTab) =>
|
|
routableTab({
|
|
to: toClient({
|
|
realm,
|
|
clientId,
|
|
tab,
|
|
}),
|
|
history,
|
|
});
|
|
|
|
const authenticationRoute = (tab: AuthorizationTab) =>
|
|
routableTab({
|
|
to: toAuthorizationTab({
|
|
realm,
|
|
clientId,
|
|
tab,
|
|
}),
|
|
history,
|
|
});
|
|
|
|
return (
|
|
<>
|
|
<ConfirmDialogModal
|
|
continueButtonLabel="common:yes"
|
|
titleKey={t("changeAuthenticatorConfirmTitle", {
|
|
clientAuthenticatorType: clientAuthenticatorType,
|
|
})}
|
|
open={changeAuthenticatorOpen}
|
|
toggleDialog={toggleChangeAuthenticatorOpen}
|
|
onConfirm={() => save({ confirmed: true })}
|
|
>
|
|
<>
|
|
{t("changeAuthenticatorConfirm", {
|
|
clientAuthenticatorType: clientAuthenticatorType,
|
|
})}
|
|
{clientAuthenticatorType === "client-jwt" && (
|
|
<Alert variant="info" isInline title={t("signedJWTConfirm")} />
|
|
)}
|
|
</>
|
|
</ConfirmDialogModal>
|
|
<DeleteConfirm />
|
|
<DownloadDialog
|
|
id={client.id!}
|
|
protocol={client.protocol}
|
|
open={downloadDialogOpen}
|
|
toggleDialog={toggleDownloadDialogOpen}
|
|
/>
|
|
<Controller
|
|
name="enabled"
|
|
control={form.control}
|
|
defaultValue={true}
|
|
render={({ onChange, value }) => (
|
|
<ClientDetailHeader
|
|
value={value}
|
|
onChange={onChange}
|
|
client={client}
|
|
save={save}
|
|
toggleDeleteDialog={toggleDeleteDialog}
|
|
toggleDownloadDialog={toggleDownloadDialogOpen}
|
|
/>
|
|
)}
|
|
/>
|
|
<PageSection variant="light" className="pf-u-p-0">
|
|
<FormProvider {...form}>
|
|
<RoutableTabs data-testid="client-tabs" isBox mountOnEnter>
|
|
<Tab
|
|
id="settings"
|
|
data-testid="clientSettingsTab"
|
|
title={<TabTitleText>{t("common:settings")}</TabTitleText>}
|
|
{...route("settings")}
|
|
>
|
|
<ClientSettings
|
|
client={client}
|
|
save={() => save()}
|
|
reset={() => setupForm(client)}
|
|
/>
|
|
</Tab>
|
|
{((!client.publicClient && !isRealmClient(client)) ||
|
|
client.protocol === "saml") && (
|
|
<Tab
|
|
id="keys"
|
|
data-testid="keysTab"
|
|
title={<TabTitleText>{t("keys")}</TabTitleText>}
|
|
{...route("keys")}
|
|
>
|
|
{client.protocol === "openid-connect" && (
|
|
<Keys
|
|
clientId={clientId}
|
|
save={save}
|
|
hasConfigureAccess={client.access?.configure}
|
|
/>
|
|
)}
|
|
{client.protocol === "saml" && (
|
|
<SamlKeys clientId={clientId} save={save} />
|
|
)}
|
|
</Tab>
|
|
)}
|
|
{!client.publicClient &&
|
|
!isRealmClient(client) &&
|
|
(hasManageClients || client.access?.configure) && (
|
|
<Tab
|
|
id="credentials"
|
|
title={<TabTitleText>{t("credentials")}</TabTitleText>}
|
|
{...route("credentials")}
|
|
>
|
|
<Credentials
|
|
key={key}
|
|
client={client}
|
|
save={save}
|
|
refresh={() => setKey(key + 1)}
|
|
/>
|
|
</Tab>
|
|
)}
|
|
<Tab
|
|
id="roles"
|
|
data-testid="rolesTab"
|
|
title={<TabTitleText>{t("roles")}</TabTitleText>}
|
|
{...route("roles")}
|
|
>
|
|
<RolesList
|
|
loader={loader}
|
|
paginated={false}
|
|
messageBundle="clients"
|
|
isReadOnly={!(hasManageClients || client.access?.configure)}
|
|
/>
|
|
</Tab>
|
|
{!isRealmClient(client) && !client.bearerOnly && (
|
|
<Tab
|
|
id="clientScopes"
|
|
data-testid="clientScopesTab"
|
|
title={<TabTitleText>{t("clientScopes")}</TabTitleText>}
|
|
{...route("clientScopes")}
|
|
>
|
|
<RoutableTabs
|
|
defaultLocation={toClientScopesTab({
|
|
realm,
|
|
clientId,
|
|
tab: "setup",
|
|
})}
|
|
>
|
|
<Tab
|
|
id="setup"
|
|
title={<TabTitleText>{t("setup")}</TabTitleText>}
|
|
{...routableTab({
|
|
to: toClientScopesTab({
|
|
realm,
|
|
clientId,
|
|
tab: "setup",
|
|
}),
|
|
history,
|
|
})}
|
|
>
|
|
<ClientScopes
|
|
clientName={client.clientId!}
|
|
clientId={clientId}
|
|
protocol={client!.protocol!}
|
|
fineGrainedAccess={client!.access?.manage}
|
|
/>
|
|
</Tab>
|
|
<Tab
|
|
id="evaluate"
|
|
title={<TabTitleText>{t("evaluate")}</TabTitleText>}
|
|
{...routableTab({
|
|
to: toClientScopesTab({
|
|
realm,
|
|
clientId,
|
|
tab: "evaluate",
|
|
}),
|
|
history,
|
|
})}
|
|
>
|
|
<EvaluateScopes
|
|
clientId={clientId}
|
|
protocol={client!.protocol!}
|
|
/>
|
|
</Tab>
|
|
</RoutableTabs>
|
|
</Tab>
|
|
)}
|
|
{client!.authorizationServicesEnabled && (
|
|
<Tab
|
|
id="authorization"
|
|
data-testid="authorizationTab"
|
|
title={<TabTitleText>{t("authorization")}</TabTitleText>}
|
|
{...route("authorization")}
|
|
>
|
|
<RoutableTabs
|
|
mountOnEnter
|
|
unmountOnExit
|
|
defaultLocation={toAuthorizationTab({
|
|
realm,
|
|
clientId,
|
|
tab: "settings",
|
|
})}
|
|
>
|
|
<Tab
|
|
id="settings"
|
|
data-testid="authorizationSettings"
|
|
title={<TabTitleText>{t("settings")}</TabTitleText>}
|
|
{...authenticationRoute("settings")}
|
|
>
|
|
<AuthorizationSettings clientId={clientId} />
|
|
</Tab>
|
|
<Tab
|
|
id="resources"
|
|
data-testid="authorizationResources"
|
|
title={<TabTitleText>{t("resources")}</TabTitleText>}
|
|
{...authenticationRoute("resources")}
|
|
>
|
|
<AuthorizationResources clientId={clientId} />
|
|
</Tab>
|
|
<Tab
|
|
id="scopes"
|
|
data-testid="authorizationScopes"
|
|
title={<TabTitleText>{t("scopes")}</TabTitleText>}
|
|
{...authenticationRoute("scopes")}
|
|
>
|
|
<AuthorizationScopes clientId={clientId} />
|
|
</Tab>
|
|
<Tab
|
|
id="policies"
|
|
data-testid="authorizationPolicies"
|
|
title={<TabTitleText>{t("policies")}</TabTitleText>}
|
|
{...authenticationRoute("policies")}
|
|
>
|
|
<AuthorizationPolicies clientId={clientId} />
|
|
</Tab>
|
|
<Tab
|
|
id="permissions"
|
|
data-testid="authorizationPermissions"
|
|
title={
|
|
<TabTitleText>{t("common:permissions")}</TabTitleText>
|
|
}
|
|
{...authenticationRoute("permissions")}
|
|
>
|
|
<AuthorizationPermissions clientId={clientId} />
|
|
</Tab>
|
|
<Tab
|
|
id="evaluate"
|
|
data-testid="authorizationEvaluate"
|
|
title={<TabTitleText>{t("evaluate")}</TabTitleText>}
|
|
{...authenticationRoute("evaluate")}
|
|
>
|
|
<AuthorizationEvaluate client={client} save={save} />
|
|
</Tab>
|
|
<Tab
|
|
id="export"
|
|
data-testid="authorizationExport"
|
|
title={<TabTitleText>{t("common:export")}</TabTitleText>}
|
|
{...authenticationRoute("export")}
|
|
>
|
|
<AuthorizationExport />
|
|
</Tab>
|
|
</RoutableTabs>
|
|
</Tab>
|
|
)}
|
|
{client!.serviceAccountsEnabled && hasViewUsers && (
|
|
<Tab
|
|
id="serviceAccount"
|
|
data-testid="serviceAccountTab"
|
|
title={<TabTitleText>{t("serviceAccount")}</TabTitleText>}
|
|
{...route("serviceAccount")}
|
|
>
|
|
<ServiceAccount client={client} />
|
|
</Tab>
|
|
)}
|
|
<Tab
|
|
id="sessions"
|
|
data-testid="sessionsTab"
|
|
title={<TabTitleText>{t("sessions")}</TabTitleText>}
|
|
{...route("sessions")}
|
|
>
|
|
<ClientSessions client={client} />
|
|
</Tab>
|
|
{permissionsEnabled && (hasManageClients || client.access?.manage) && (
|
|
<Tab
|
|
id="permissions"
|
|
data-testid="permissionsTab"
|
|
title={<TabTitleText>{t("common:permissions")}</TabTitleText>}
|
|
{...route("permissions")}
|
|
>
|
|
<PermissionsTab id={client.id!} type="clients" />
|
|
</Tab>
|
|
)}
|
|
<Tab
|
|
id="advanced"
|
|
data-testid="advancedTab"
|
|
title={<TabTitleText>{t("advanced")}</TabTitleText>}
|
|
{...route("advanced")}
|
|
>
|
|
<AdvancedTab save={save} client={client} />
|
|
</Tab>
|
|
</RoutableTabs>
|
|
</FormProvider>
|
|
</PageSection>
|
|
</>
|
|
);
|
|
}
|