Add OAUTH2 OIDC login support (#1140)

* Somewhat working * Change Autocreate logic * Add OAuth Error Message if Auto create Disabled * Display OAUTH2 username(email) in Account Settings * Disable Change user/pass for Oauth2 user * Hide SSO Button if SSO login Disabled * Remove some spaces and comments * Add OAUTH2 Login example docker-compose file * Add Some Comments * Hide Printing of Client secret * Remove OAUTH2 Beans and replace with applicationProperties * Add conditional annotation to Bean Creation * Update settings.yml.template Add OAUTH2 enabling template. * Update messages_en_GB.properties
2024-04-29 15:01:22 -06:00
parent 777e512e61
commit d9fa8f7b48
12 changed files with 282 additions and 5 deletions
--- a/src/main/resources/messages_en_GB.properties
+++ b/src/main/resources/messages_en_GB.properties
@@ -437,6 +437,8 @@ login.rememberme=Remember me
 login.invalid=Invalid username or password.
 login.locked=Your account has been locked.
 login.signinTitle=Please sign in
+login.ssoSignIn=Login via Single Sign-on
+login.oauth2AutoCreateDisabled=OAUTH2 Auto-Create User Disabled


 #auto-redact
--- a/src/main/resources/messages_en_US.properties
+++ b/src/main/resources/messages_en_US.properties
@@ -437,6 +437,8 @@ login.rememberme=Remember me
 login.invalid=Invalid username or password.
 login.locked=Your account has been locked.
 login.signinTitle=Please sign in
+login.ssoSignIn=Login via Single Sign-on
+login.oauth2AutoCreateDisabled=OAUTH2 Auto-Create User Disabled


 #auto-redact
--- a/src/main/resources/settings.yml.template
+++ b/src/main/resources/settings.yml.template
@@ -7,6 +7,12 @@ security:
  csrfDisabled: true
  loginAttemptCount: 5 # lock user account after 5 tries
  loginResetTimeMinutes : 120 # lock account for 2 hours after x attempts
+  #oauth2:
+  #  enabled: false # set to 'true' to enable login (Note: enableLogin must also be 'true' for this to work)
+  #  issuer: "" # set to any provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) end-point
+  #  clientId: "" # Client ID from your provider
+  #  clientSecret: "" # Client Secret from your provider
+  #  autoCreateUser: false # set to 'true' to allow auto-creation of non-existing users

 system:
  defaultLocale: 'en-US' # Set the default language (e.g. 'de-DE', 'fr-FR', etc)
--- a/src/main/resources/templates/account.html
+++ b/src/main/resources/templates/account.html
@@ -42,7 +42,7 @@
              </div>
              </th:block>
              <!-- Change Username Form -->
-              <form action="api/v1/user/change-username" method="post">
+              <form th:if="${!oAuth2Login}" action="api/v1/user/change-username" method="post">
                <div class="mb-3">
                  <label for="newUsername" th:text="#{account.changeUsername}">Change Username</label>
                  <input type="text" class="form-control" name="newUsername" id="newUsername" th:placeholder="#{account.newUsername}">
@@ -59,8 +59,8 @@
              <hr> <!-- Separator Line -->

              <!-- Change Password Form -->
-              <h4 th:text="#{account.changePassword}">Change Password?</h4>
-              <form action="api/v1/user/change-password" method="post">
+              <h4 th:if="${!oAuth2Login}" th:text="#{account.changePassword}">Change Password?</h4>
+              <form th:if="${!oAuth2Login}" action="api/v1/user/change-password" method="post">
                <div class="mb-3">
                  <label for="currentPassword" th:text="#{account.oldPassword}">Old Password</label>
                  <input type="password" class="form-control" name="currentPassword" id="currentPasswordPassword" th:placeholder="#{account.oldPassword}">
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@@ -139,6 +139,13 @@
        <form th:action="@{login}" method="post">
          <img class="mb-4" src="favicon.svg?v=2" alt="" width="144" height="144">
          <h1 class="h1 mb-3 fw-normal" th:text="${@appName}">Stirling-PDF</h1>
+          <div th:if="${oAuth2Enabled}">
+            <a href="oauth2/authorization/oidc" class="w-100 btn btn-lg btn-primary" th:text="#{login.ssoSignIn}">Login Via SSO</a>
+            <div class="text-danger text-center">
+              <div th:if="${error == 'oauth2AutoCreateDisabled'}" th:text="#{login.oauth2AutoCreateDisabled}">OAUTH2 Auto-Create User Disabled.</div>
+            </div>
+            <hr />
+          </div>
          <h2 class="h5 mb-3 fw-normal" th:text="#{login.signinTitle}">Please sign in</h2>

          <div class="form-floating">