WIP Move to SSP UI

Author: cicnavi

public/assets/css/src/default.css

@@ -114,3 +114,7 @@ table.client-table {
 }
 
 .confirm-action {}
+
+form.pure-form-stacked input {
+    width: 100%;
+}

routing/routes/routes.php

@@ -43,10 +43,7 @@
         ->controller([ClientController::class, 'index']);
     $routes->add(RoutesEnum::AdminClientsAdd->name, RoutesEnum::AdminClientsAdd->value)
         ->controller([ClientController::class, 'add'])
-        ->methods([HttpMethodsEnum::GET->value]);
-    $routes->add(RoutesEnum::AdminClientsAddPersist->name, RoutesEnum::AdminClientsAddPersist->value)
-        ->controller([ClientController::class, 'addPersist'])
-        ->methods([HttpMethodsEnum::POST->value]);
+        ->methods([HttpMethodsEnum::GET->value, HttpMethodsEnum::POST->value]);
     $routes->add(RoutesEnum::AdminClientsShow->name, RoutesEnum::AdminClientsShow->value)
         ->controller([ClientController::class, 'show'])
         ->methods([HttpMethodsEnum::GET->value]);

src/Codebooks/RoutesEnum.php

@@ -20,7 +20,6 @@ enum RoutesEnum: string
     case AdminClients = 'admin/clients';
     case AdminClientsShow = 'admin/clients/show';
     case AdminClientsAdd = 'admin/clients/add';
-    case AdminClientsAddPersist = 'admin/clients/add/persist';
     case AdminClientsResetSecret = 'admin/clients/reset-secret';
     case AdminClientsDelete = 'admin/clients/delete';
 

src/Controllers/Admin/ClientController.php

@@ -4,16 +4,21 @@
 
 namespace SimpleSAML\Module\oidc\Controllers\Admin;
 
+use Nette\Forms\Form;
 use SimpleSAML\Locale\Translate;
 use SimpleSAML\Module\oidc\Admin\Authorization;
 use SimpleSAML\Module\oidc\Bridges\SspBridge;
 use SimpleSAML\Module\oidc\Codebooks\ParametersEnum;
+use SimpleSAML\Module\oidc\Codebooks\RegistrationTypeEnum;
 use SimpleSAML\Module\oidc\Codebooks\RoutesEnum;
+use SimpleSAML\Module\oidc\Entities\ClientEntity;
 use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface;
 use SimpleSAML\Module\oidc\Exceptions\OidcException;
+use SimpleSAML\Module\oidc\Factories\Entities\ClientEntityFactory;
 use SimpleSAML\Module\oidc\Factories\FormFactory;
 use SimpleSAML\Module\oidc\Factories\TemplateFactory;
 use SimpleSAML\Module\oidc\Forms\ClientForm;
+use SimpleSAML\Module\oidc\Helpers;
 use SimpleSAML\Module\oidc\Repositories\AllowedOriginRepository;
 use SimpleSAML\Module\oidc\Repositories\ClientRepository;
 use SimpleSAML\Module\oidc\Services\AuthContextService;
@@ -29,11 +34,13 @@ public function __construct(
         protected readonly TemplateFactory $templateFactory,
         protected readonly Authorization $authorization,
         protected readonly ClientRepository $clientRepository,
+        protected readonly ClientEntityFactory $clientEntityFactory,
         protected readonly AllowedOriginRepository $allowedOriginRepository,
         protected readonly FormFactory $formFactory,
         protected readonly SspBridge $sspBridge,
         protected readonly SessionMessagesService $sessionMessagesService,
         protected readonly Routes $routes,
+        protected readonly Helpers $helpers,
         protected readonly LoggerService $logger,
     ) {
         $this->authorization->requireAdminOrUserWithPermission(AuthContextService::PERM_CLIENT);
@@ -146,15 +153,53 @@ public function delete(Request $request): Response
         );
     }
 
+    /**
+     * @throws \SimpleSAML\Error\ConfigurationError
+     * @throws \SimpleSAML\Error\Exception
+     * @throws \SimpleSAML\Module\oidc\Exceptions\OidcException
+     */
     public function add(): Response
     {
         $form = $this->formFactory->build(ClientForm::class);
-        $form->setAction($this->routes->urlAdminClientsAddPersist());
+
+        if ($form->isSuccess()) {
+            $createdAt = $this->helpers->dateTime()->getUtc();
+            $updatedAt = $createdAt;
+
+            $owner = $this->authorization->isAdmin() ? null : $this->authorization->getUserId();
+
+            $client = $this->buildClientFromFormData(
+                $form,
+                $this->sspBridge->utils()->random()->generateID(),
+                $this->sspBridge->utils()->random()->generateID(),
+                RegistrationTypeEnum::Manual,
+                $updatedAt,
+                $createdAt,
+                null,
+                $owner,
+            );
+
+            $this->clientRepository->add($client);
+
+            // Also persist allowed origins for this client.
+            is_array($allowedOrigins = $form->getValues('array')['allowed_origin'] ?? []) ||
+            throw new OidcException('Unexpected value for allowed origins.');
+            /** @var string[] $allowedOrigins */
+            $this->allowedOriginRepository->set($client->getIdentifier(), $allowedOrigins);
+
+            $this->sessionMessagesService->addMessage(Translate::noop('Client has been added.'));
+
+            return $this->routes->getRedirectResponseToModuleUrl(
+                RoutesEnum::AdminClientsShow->value,
+                [ParametersEnum::ClientId->value => $client->getIdentifier()],
+            );
+        }
 
         return $this->templateFactory->build(
             'oidc:clients/new.twig',
             [
                 'form' => $form,
+                'actionRoute' => $this->routes->urlAdminClientsAdd(),
                 'regexUri' => ClientForm::REGEX_URI,
                 'regexAllowedOriginUrl' => ClientForm::REGEX_ALLOWED_ORIGIN_URL,
                 'regexHttpUri' => ClientForm::REGEX_HTTP_URI,
@@ -163,4 +208,77 @@ public function add(): Response
             RoutesEnum::AdminClients->value,
         );
     }
+
+    /**
+     * TODO mivanci Move to ClientEntityFactory::fromRegistrationData on dynamic client registration implementation.
+     * @throws \SimpleSAML\Module\oidc\Exceptions\OidcException
+     */
+    protected function buildClientFromFormData(
+        Form $form,
+        string $identifier,
+        string $secret,
+        RegistrationTypeEnum $registrationType,
+        \DateTimeImmutable $updatedAt,
+        ?\DateTimeImmutable $createdAt = null,
+        ?\DateTimeImmutable $expiresAt = null,
+        ?string $owner = null,
+    ): ClientEntityInterface {
+        /** @var array $data */
+        $data = $form->getValues('array');
+
+        if (
+            !is_string($data[ClientEntity::KEY_NAME]) ||
+            !is_string($data[ClientEntity::KEY_DESCRIPTION]) ||
+            !is_array($data[ClientEntity::KEY_REDIRECT_URI]) ||
+            !is_array($data[ClientEntity::KEY_SCOPES]) ||
+            !is_array($data[ClientEntity::KEY_POST_LOGOUT_REDIRECT_URI])
+        ) {
+            throw new OidcException('Invalid Client Entity data');
+        }
+
+        /** @var string[] $redirectUris */
+        $redirectUris = $data[ClientEntity::KEY_REDIRECT_URI];
+        /** @var string[] $scopes */
+        $scopes = $data[ClientEntity::KEY_SCOPES];
+        /** @var string[] $postLogoutRedirectUris */
+        $postLogoutRedirectUris = $data[ClientEntity::KEY_POST_LOGOUT_REDIRECT_URI];
+        /** @var ?string[] $clientRegistrationTypes */
+        $clientRegistrationTypes = is_array($data[ClientEntity::KEY_CLIENT_REGISTRATION_TYPES]) ?
+        $data[ClientEntity::KEY_CLIENT_REGISTRATION_TYPES] : null;
+        /** @var ?array[] $federationJwks */
+        $federationJwks = is_array($data[ClientEntity::KEY_FEDERATION_JWKS]) ?
+        $data[ClientEntity::KEY_FEDERATION_JWKS] : null;
+        /** @var ?array[] $jwks */
+        $jwks = is_array($data[ClientEntity::KEY_JWKS]) ? $data[ClientEntity::KEY_JWKS] : null;
+        $jwksUri = empty($data[ClientEntity::KEY_JWKS_URI]) ? null : (string)$data[ClientEntity::KEY_JWKS_URI];
+        $signedJwksUri = empty($data[ClientEntity::KEY_SIGNED_JWKS_URI]) ?
+        null : (string)$data[ClientEntity::KEY_SIGNED_JWKS_URI];
+        $isFederated = (bool)$data[ClientEntity::KEY_IS_FEDERATED];
+
+        return $this->clientEntityFactory->fromData(
+            $identifier,
+            $secret,
+            $data['name'],
+            $data['description'],
+            $redirectUris,
+            $scopes,
+            (bool) $data['is_enabled'],
+            (bool) $data['is_confidential'],
+            empty($data['auth_source']) ? null : (string)$data['auth_source'],
+            $owner,
+            $postLogoutRedirectUris,
+            empty($data['backchannel_logout_uri']) ? null : (string)$data['backchannel_logout_uri'],
+            empty($data['entity_identifier']) ? null : (string)$data['entity_identifier'],
+            $clientRegistrationTypes,
+            $federationJwks,
+            $jwks,
+            $jwksUri,
+            $signedJwksUri,
+            $registrationType,
+            $updatedAt,
+            $createdAt,
+            $expiresAt,
+            $isFederated,
+        );
+    }
 }

src/Controllers/Client/CreateController.php

@@ -95,6 +95,7 @@ public function __invoke(): Template|RedirectResponse
             $jwks = is_array($client['jwks']) ? $client['jwks'] : null;
             $jwksUri = empty($client['jwks_uri']) ? null : (string)$client['jwks_uri'];
             $signedJwksUri = empty($client['signed_jwks_uri']) ? null : (string)$client['signed_jwks_uri'];
+
             $registrationType = RegistrationTypeEnum::Manual;
             $createdAt = $this->helpers->dateTime()->getUtc();
             $updatedAt = $createdAt;

src/Controllers/Client/EditController.php

@@ -101,6 +101,7 @@ public function __invoke(ServerRequest $request): Template|RedirectResponse
             $jwks = is_array($data['jwks']) ? $data['jwks'] : null;
             $jwksUri = empty($data['jwks_uri']) ? null : (string)$data['jwks_uri'];
             $signedJwksUri = empty($data['signed_jwks_uri']) ? null : (string)$data['signed_jwks_uri'];
+
             $registrationType = $client->getRegistrationType();
             $updatedAt = $this->helpers->dateTime()->getUtc();
             $createdAt = $client->getCreatedAt();

src/Forms/ClientForm.php

@@ -18,6 +18,7 @@
 
 use Nette\Forms\Form;
 use SimpleSAML\Auth\Source;
+use SimpleSAML\Locale\Translate;
 use SimpleSAML\Module\oidc\Forms\Controls\CsrfProtection;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\OpenID\Codebooks\ClientRegistrationTypesEnum;
@@ -341,11 +342,11 @@ protected function buildForm(): void
 
         $this->addText('name', '{oidc:client:name}')
             ->setMaxLength(255)
-            ->setRequired('Set a name');
+            ->setRequired(Translate::noop('Name is required.'));
 
         $this->addTextArea('description', '{oidc:client:description}', null, 5);
         $this->addTextArea('redirect_uri', '{oidc:client:redirect_uri}', null, 5)
-            ->setRequired('Write one redirect URI at least');
+            ->setRequired(Translate::noop('At least one redirect URI is required.'));
 
         $this->addCheckbox('is_enabled', '{oidc:client:is_enabled}');
 
@@ -355,14 +356,14 @@ protected function buildForm(): void
         $this->addSelect('auth_source', '{oidc:client:auth_source}:')
             ->setHtmlAttribute('class', 'ui fluid dropdown clearable')
             ->setItems(Source::getSources(), false)
-            ->setPrompt('Pick an AuthSource');
+            ->setPrompt(Translate::noop('Pick an AuthSource'));
 
         $scopes = $this->getScopes();
 
         $this->addMultiSelect('scopes', '{oidc:client:scopes}')
             ->setHtmlAttribute('class', 'ui fluid dropdown')
             ->setItems($scopes)
-            ->setRequired('Select one scope at least');
+            ->setRequired(Translate::noop('At least one scope is required.'));
 
         $this->addText('owner', '{oidc:client:owner}')
             ->setMaxLength(190);

src/Utils/Routes.php

@@ -80,11 +80,6 @@ public function urlAdminClientsAdd(array $parameters = []): string
         return $this->getModuleUrl(RoutesEnum::AdminClientsAdd->value, $parameters);
     }
 
-    public function urlAdminClientsAddPersist(array $parameters = []): string
-    {
-        return $this->getModuleUrl(RoutesEnum::AdminClientsAddPersist->value, $parameters);
-    }
-
     public function urlAdminClientsResetSecret(string $clientId, array $parameters = []): string
     {
         $parameters[ParametersEnum::ClientId->value] = $clientId;

templates/clients/includes/form.twig

@@ -0,0 +1,32 @@
+
+{% if form.hasErrors %}
+    <div class="message-box warning">
+        <ul>
+            {% for error in form.getErrors %}
+                <li>{{ error | trans }}</li>
+            {% endfor %}
+        </ul>
+    </div>
+{% endif %}
+
+<p>{{ form.hasErrors ? 'yes' : 'no' }}</p>
+
+<form method="post"
+      action="{{ actionRoute }}"
+        class="pure-form pure-form-stacked">
+
+    {{ form['_token_'].control | raw }}
+
+    <fieldset>
+        <label for="frm-name">{{ 'Name'|trans }}</label>
+        {{ form.name.label |raw }}
+        {{ form.name.control | raw }}
+        {% if form.name.hasErrors %}
+        <span class="pure-form-message red-text">{{ form.name.getError }}</span>
+        {% endif %}
+
+
+        <br>
+        <button type="submit" class="pure-button ">{{ (actionText|default('Submit'))|trans }}</button>
+    </fieldset>
+</form>

templates/clients/new-old.twig

@@ -1,4 +1,4 @@
-{% extends "@oidc/clients/_form.twig" %}
+{% extends "@oidc/clients/_form-old.twig" %}
 
 {% set pagetitle = 'Create new OpenID Connect Client' | trans %}