fixes and other changes and debug of WIP SAML (#2360)

* backup * remove debugs * oauth to saml and compare fixes etc * ee flag for saml * more fixes * info to debug * remove unused repo * spring dev fix for saml * debugs * saml stuff * debugs * fix
2024-11-29 15:11:59 +00:00
parent 99d481d69f
commit 3633a979d3
26 changed files with 345 additions and 182 deletions
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -3,6 +3,10 @@ multipart.enabled=true
 logging.level.org.springframework=WARN
 logging.level.org.hibernate=WARN
 logging.level.org.eclipse.jetty=WARN
+#logging.level.org.springframework.security.saml2=TRACE
+#logging.level.org.springframework.security=DEBUG
+#logging.level.org.opensaml=DEBUG
+#logging.level.stirling.software.SPDF.config.security: DEBUG
 logging.level.com.zaxxer.hikari=WARN

 spring.jpa.open-in-view=false
@@ -27,6 +31,8 @@ server.servlet.context-path=${SYSTEM_ROOTURIPATH:/}

 spring.devtools.restart.enabled=true
 spring.devtools.livereload.enabled=true
+spring.devtools.restart.exclude=stirling.software.SPDF.config.security/**
+
 spring.thymeleaf.encoding=UTF-8

 spring.web.resources.mime-mappings.webmanifest=application/manifest+json
--- a/src/main/resources/settings.yml.template
+++ b/src/main/resources/settings.yml.template
@@ -16,7 +16,7 @@ security:
  csrfDisabled: true # set to 'true' to disable CSRF protection (not recommended for production)
  loginAttemptCount: 5 # lock user account after 5 tries; when using e.g. Fail2Ban you can deactivate the function with -1
  loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts
-  loginMethod: all # 'all' (Login Username/Password and OAuth2[must be enabled and configured]), 'normal'(only Login with Username/Password) or 'oauth2'(only Login with OAuth2)
+  loginMethod: all # Accepts values like 'all' and 'normal'(only Login with Username/Password), 'oauth2'(only Login with OAuth2) or 'saml2'(only Login with SAML2) 
  initialLogin:
    username: '' # initial username for the first login
    password: '' # initial password for the first login
@@ -42,14 +42,14 @@ security:
    issuer: '' # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) endpoint
    clientId: '' # client ID from your provider
    clientSecret: '' # client secret from your provider
-    autoCreateUser: false # set to 'true' to allow auto-creation of non-existing users
+    autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
    blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
    useAsUsername: email # default is 'email'; custom fields can be used as the username
    scopes: openid, profile, email # specify the scopes for which the application will request permissions
    provider: google # set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
  saml2:
-    enabled: false # currently in alpha, not recommended for use yet, enableAlphaFunctionality must be set to true
-    autoCreateUser: false # set to 'true' to allow auto-creation of non-existing users
+    enabled: false # Only enabled for paid enterprise clients (enterpriseEdition.enabled must be true)
+    autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
    blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
    registrationId: stirling
    idpMetadataUri: https://dev-XXXXXXXX.okta.com/app/externalKey/sso/saml/metadata
--- a/src/main/resources/static/js/fileInput.js
+++ b/src/main/resources/static/js/fileInput.js
@@ -83,21 +83,22 @@ function setupFileInput(chooser) {
  $("#" + elementId).on("change", function (e) {
    let element = e.target;
    const isDragAndDrop = e.detail?.source == 'drag-drop';
+    
    if (element instanceof HTMLInputElement && element.hasAttribute("multiple")) {
      allFiles = isDragAndDrop ? allFiles : [... allFiles, ... element.files];
-  } else {
-    allFiles = Array.from(isDragAndDrop ? allFiles : [element.files[0]]);
-  }
+    } else {
+      allFiles = Array.from(isDragAndDrop ? allFiles : [element.files[0]]);
+    }

    if (!isDragAndDrop) {
-      let dataTransfer = new DataTransfer();
-      allFiles.forEach(file => dataTransfer.items.add(file));
-      element.files = dataTransfer.files;
+        let dataTransfer = new DataTransfer();
+        allFiles.forEach(file => dataTransfer.items.add(file));
+        element.files = dataTransfer.files;
    }

    handleFileInputChange(this);
    this.dispatchEvent(new CustomEvent("file-input-change", { bubbles: true }));
-  });
+});

  function handleFileInputChange(inputElement) {
    const files = allFiles;
--- a/src/main/resources/templates/addUsers.html
+++ b/src/main/resources/templates/addUsers.html
@@ -189,7 +189,7 @@
                  <label for="authType">Authentication Type</label>
                  <select id="authType" name="authType" class="form-control" required>
                    <option value="web" selected>WEB</option>
-                    <option value="oauth2">OAUTH2</option>
+                    <option value="sso">SSO</option>
                  </select>
                </div>
                <div class="form-check mb-3" id="checkboxContainer">
@@ -267,7 +267,7 @@
              var passwordFieldContainer = $('#passwordContainer');
              var checkboxContainer = $('#checkboxContainer');

-              if (authType === 'oauth2') {
+              if (authType === 'sso') {
                  passwordField.removeAttr('required');
                  passwordField.prop('disabled', true).val('');
                  passwordFieldContainer.slideUp('fast');
--- a/src/main/resources/templates/fragments/common.html
+++ b/src/main/resources/templates/fragments/common.html
@@ -59,7 +59,7 @@
    <link rel="stylesheet" th:href="@{'/css/fileSelect.css'}"  th:if="${currentPage != 'home'}">
    <link rel="stylesheet" th:href="@{'/css/footer.css'}">

-    <link rel="preload" href="/fonts/google-symbol.woff2" as="font" type="font/woff2" crossorigin="anonymous">
+    <link rel="preload" th:href="@{'/fonts/google-symbol.woff2'}" as="font" type="font/woff2" crossorigin="anonymous">


    <script th:src="@{'/js/thirdParty/fontfaceobserver.standalone.js'}"></script>
--- a/src/main/resources/templates/misc/compare.html
+++ b/src/main/resources/templates/misc/compare.html
@@ -156,7 +156,7 @@
                resultDiv2.innerHTML = loading;

                // Create a new Worker
-                const worker = new Worker('/js/compare/pdfWorker.js');
+                const worker = new Worker('./js/compare/pdfWorker.js');


                // Post messages to the worker