WIP move to SSP UI

Author: cicnavi

hooks/hook_adminmenu.php

@@ -20,7 +20,7 @@ function oidc_hook_adminmenu(Template &$template): void
 
     $oidcMenuEntry = [
         ModuleConfig::MODULE_NAME => [
-            'url' => $moduleConfig->getModuleUrl(RoutesEnum::Configuration->value),
+            'url' => $moduleConfig->getModuleUrl(RoutesEnum::AdminConfigOverview->value),
             'name' => Translate::noop('OIDC'),
         ],
     ];

public/assets/css/src/default.css

@@ -0,0 +1,71 @@
+.wrap {
+    max-width: 1300px;
+}
+
+h2 {
+    margin: 0.3em;
+}
+
+h3 {
+    margin-bottom: 0.5em;
+    font-size: 1.2em;
+    font-weight: 600;
+    color: #1c1c1c;
+}
+
+h4 {
+    margin: 0.4em 0;
+    font-size: 1.0em;
+    font-weight: 600;
+    color: #1c1c1c;
+}
+
+/* Container to hold menu and content */
+.oidc-container {
+    display: flex;
+    max-width: inherit;
+    margin: 0 auto;
+}
+
+/* Style for the left menu */
+.menu {
+    min-width: 200px;
+    /*background-color: #f4f4f4;*/
+    /*border-right: solid 1px #bbb;*/
+    width: auto;
+}
+
+/* Style for the menu items */
+.menu ul {
+    list-style-type: none;
+    padding: 0;
+}
+
+.menu ul li {
+    padding: 0.25rem;
+}
+
+.menu ul li a {
+    text-decoration: none;
+    color: #333;
+    display: block;
+    padding: 0.5rem;
+}
+
+.menu ul li a:hover {
+    background-color: #ddd;
+    padding: 0.5rem;
+}
+
+.menu ul li a.active {
+    background-color: #eeeeee;
+    padding: 0.5rem;
+}
+
+/* Style for the content area */
+.content {
+    flex-grow: 1;
+    padding: 20px;
+    max-width: inherit;
+    background-color: #fff;
+}

routing/routes/routes.php

@@ -8,6 +8,7 @@
 
 use SimpleSAML\Module\oidc\Codebooks\RoutesEnum;
 use SimpleSAML\Module\oidc\Controller\AccessTokenController;
+use SimpleSAML\Module\oidc\Controller\AdminController;
 use SimpleSAML\Module\oidc\Controller\AuthorizationController;
 use SimpleSAML\Module\oidc\Controller\ConfigurationDiscoveryController;
 use SimpleSAML\Module\oidc\Controller\EndSessionController;
@@ -19,6 +20,15 @@
 
 /** @psalm-suppress InvalidArgument */
 return function (RoutingConfigurator $routes): void {
+    /**
+     * Admin area routes.
+     */
+    $routes->add(RoutesEnum::AdminConfigOverview->name, RoutesEnum::AdminConfigOverview->value)
+        ->controller([AdminController::class, 'configOverview']);
+
+    /**
+     * OpenID Connect Discovery routes.
+     */
     $routes->add(RoutesEnum::Configuration->name, RoutesEnum::Configuration->value)
         ->controller(ConfigurationDiscoveryController::class);
 

routing/services/services.yml

@@ -29,6 +29,9 @@ services:
   SimpleSAML\Module\oidc\Factories\:
     resource: '../../src/Factories/*'
 
+  SimpleSAML\Module\oidc\Admin\:
+    resource: '../../src/Admin/*'
+
   SimpleSAML\Module\oidc\Stores\:
     resource: '../../src/Stores/*'
 

src/Admin/Authorization.php

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\oidc\Admin;
+
+use SimpleSAML\Error\Exception;
+use SimpleSAML\Locale\Translate;
+use SimpleSAML\Module\oidc\Bridges\SspBridge;
+use SimpleSAML\Module\oidc\Exceptions\AuthorizationException;
+
+class Authorization
+{
+    public function __construct(
+        protected readonly SspBridge $sspBridge,
+    ) {
+    }
+
+    /**
+     * @throws \SimpleSAML\Module\oidc\Exceptions\AuthorizationException
+     */
+    public function requireSspAdmin(bool $forceAdminAuthentication = false): void
+    {
+        if ($forceAdminAuthentication) {
+            try {
+                $this->sspBridge->utils()->auth()->requireAdmin();
+            } catch (Exception $exception) {
+                throw new AuthorizationException(
+                    Translate::noop('Unable to initiate SimpleSAMLphp admin authentication.'),
+                    $exception->getCode(),
+                    $exception,
+                );
+            }
+        }
+
+        if (! $this->sspBridge->utils()->auth()->isAdmin()) {
+            throw new AuthorizationException(Translate::noop('SimpleSAMLphp admin access required.'));
+        }
+    }
+}

src/Admin/Menu.php

@@ -0,0 +1,52 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\oidc\Admin;
+
+use SimpleSAML\Module\oidc\Admin\Menu\Item;
+
+class Menu
+{
+    /**
+     * @var array<Item>
+     */
+    protected array $items = [];
+
+    protected ?string $activeHrefPath = null;
+
+    public function __construct(Item ...$items)
+    {
+        array_push($this->items, ...$items);
+    }
+
+    public function addItem(Item $menuItem, int $offset = null): void
+    {
+        $offset ??= count($this->items);
+
+        array_splice($this->items, $offset, 0, [$menuItem]);
+    }
+
+    public function getItems(): array
+    {
+        return $this->items;
+    }
+
+    public function setActiveHrefPath(?string $value): void
+    {
+        $this->activeHrefPath = $value;
+    }
+
+    public function getActiveHrefPath(): ?string
+    {
+        return $this->activeHrefPath;
+    }
+
+    /**
+     * Item factory method for easy injection in tests.
+     */
+    public function buildItem(string $hrefPath, string $label, ?string $iconAssetPath = null): Item
+    {
+        return new Item($hrefPath, $label, $iconAssetPath);
+    }
+}

src/Admin/Menu/Item.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\oidc\Admin\Menu;
+
+class Item
+{
+    public function __construct(
+        protected string $hrefPath,
+        protected string $label,
+        protected ?string $iconAssetPath = null,
+    ) {
+    }
+
+    public function getHrefPath(): string
+    {
+        return $this->hrefPath;
+    }
+
+    public function getLabel(): string
+    {
+        return $this->label;
+    }
+
+    public function getIconAssetPath(): ?string
+    {
+        return $this->iconAssetPath;
+    }
+}

src/Bridges/SspBridge/Utils.php

@@ -4,6 +4,7 @@
 
 namespace SimpleSAML\Module\oidc\Bridges\SspBridge;
 
+use SimpleSAML\Utils\Auth;
 use SimpleSAML\Utils\Config;
 use SimpleSAML\Utils\HTTP;
 use SimpleSAML\Utils\Random;
@@ -13,6 +14,7 @@ class Utils
     protected static ?Config $config = null;
     protected static ?HTTP $http = null;
     protected static ?Random $random = null;
+    protected static ?Auth $auth = null;
 
     public function config(): Config
     {
@@ -28,4 +30,9 @@ public function random(): Random
     {
         return self::$random ??= new Random();
     }
+
+    public function auth(): Auth
+    {
+        return self::$auth ??= new Auth();
+    }
 }

src/Codebooks/RoutesEnum.php

@@ -6,6 +6,10 @@
 
 enum RoutesEnum: string
 {
+    // Admin area
+    case AdminConfigOverview = 'admin/config-overview';
+
+    // Protocols
     case Authorization = 'authorization';
     case Configuration = '.well-known/openid-configuration';
     case FederationConfiguration = '.well-known/openid-federation';

src/Controller/AdminController.php

@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\oidc\Controller;
+
+use SimpleSAML\Module\oidc\Admin\Authorization;
+use SimpleSAML\Module\oidc\Factories\TemplateFactory;
+use SimpleSAML\Module\oidc\ModuleConfig;
+use Symfony\Component\HttpFoundation\Response;
+
+class AdminController
+{
+    public function __construct(
+        protected readonly ModuleConfig $moduleConfig,
+        protected readonly TemplateFactory $templateFactory,
+        protected readonly Authorization $authorization,
+    ) {
+        $this->authorization->requireSspAdmin(true);
+    }
+
+    public function configOverview(): Response
+    {
+        return $this->templateFactory->render(
+            'oidc:config/overview.twig',
+            [
+                'moduleConfig' => $this->moduleConfig,
+            ],
+        );
+    }
+}