Skip to content

Commit

Permalink
Add client viewers and view config page
Browse files Browse the repository at this point in the history
  • Loading branch information
@OllieJC
OllieJC committed Feb 16, 2024
1 parent 3d072b5 commit c9f6d04
Show file tree
Hide file tree
Showing 4 changed files with 168 additions and 6 deletions.
10 changes: 6 additions & 4 deletions templates/dashboard.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,14 @@ <h3 class="govuk-heading-m" id="{{ a }}">
{%- if app["sign_in_url"] %}
<a href="{{ app['sign_in_url'] }}" role="button" draggable="false" class="govuk-button" data-module="govuk-button">{{ app["button_text"] }}</a>
{%- endif %}

{%- if app["sign_in_url"] and app["can_manage"] %}
&nbsp;
{%- endif %}

{%- if app["can_view"] %}
&nbsp;
<a href="/view?client_id={{ a }}" role="button" draggable="false" class="govuk-button govuk-button--secondary" data-module="govuk-button">View configuration</a>
{%- endif %}

{%- if app["can_manage"] %}
&nbsp;
<a href="/manage?client_id={{ a }}" role="button" draggable="false" class="govuk-button govuk-button--secondary" data-module="govuk-button">Manage</a>
{%- endif %}
</p>
Expand Down
2 changes: 1 addition & 1 deletion templates/manage.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ <h3 class="govuk-label-wrapper">
</a>
{%- endif %}
</div>
{%- elif manager_type %}
{%- elif manager_type and manager_type in ["owner", "manager"] %}
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
<div>
Expand Down
127 changes: 127 additions & 0 deletions templates/view.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
{% extends "_primary.html" %}

{% block content %}
<div class="govuk-breadcrumbs">
<ol class="govuk-breadcrumbs__list">
<li class="govuk-breadcrumbs__list-item">
<a class="govuk-breadcrumbs__link" href="/">Single Sign-On</a>
</li>
<li class="govuk-breadcrumbs__list-item" aria-current="page">View {{ client.get("name") }} configuration</li>
</ol>
</div>

<main class="govuk-main-wrapper govuk-body " id="main-content" role="main">
<h2 class="govuk-heading-l">View {{ client.get("name") }} configuration</h2>

{%- if manager_type and manager_type in ["owner", "manager", "viewer"] %}
<div>
<h3 class="govuk-heading-m">Client ID</h3>
<p>{{ client_id }}</p>

{%- if client.get("description", None) %}
<h3 class="govuk-heading-m">Client Description</h3>
<p>{{ client.get("description") }}</p>
{%- endif %}

{%- if client.get("owners", []) %}
<h3 class="govuk-heading-m">Client Owners</h3>
<div id="owners_hint" class="govuk-hint">
Owners can manage all aspects of this application, including resetting the client secret
</div>
<ul aria-describedby="owners_hint">
{%- for em in client.get("owners", []) | sort %}
<li>{{ em }}</li>
{%- endfor %}
</ul>
{%- endif %}

{%- if client.get("managers", []) %}
<h3 class="govuk-heading-m">Client Managers</h3>
<div id="managers_hint" class="govuk-hint">
Managers can manage this application's allowed/blocked list and some other settings
</div>
<ul aria-describedby="managers_hint">
{%- for em in client.get("managers", []) | sort %}
<li>{{ em }}</li>
{%- endfor %}
</ul>
{%- endif %}

{%- if client.get("viewers", []) %}
<h3 class="govuk-heading-m">Client Viewers</h3>
<div id="viewers_hint" class="govuk-hint">
Viewers can view some settings via this current page
</div>
<ul aria-describedby="viewers_hint">
{%- for em in client.get("viewers", []) | sort %}
<li>{{ em }}</li>
{%- endfor %}
</ul>
{%- endif %}

{%- if client.get("blocked_domains", []) %}
<h3 class="govuk-heading-m">Blocked domains</h3>
<div id="blocked_domains_hint" class="govuk-hint">
Blocked domains take precedence over any allowed domains or emails
</div>
<ul aria-describedby="blocked_domains_hint">
{%- for d in client.get("blocked_domains", []) | sort %}
<li>{{ d }}</li>
<li>*.{{ d }}</li>
{%- endfor %}
</ul>
{%- endif %}

{%- if client.get("blocked_emails", []) %}
<h3 class="govuk-heading-m">Blocked emails</h3>
<div id="blocked_emails_hint" class="govuk-hint">
Blocked emails take precedence over any allowed domains or emails
</div>
<ul aria-describedby="blocked_emails_hint">
{%- for em in client.get("blocked_emails", []) | sort %}
<li>{{ em }}</li>
{%- endfor %}
</ul>
{%- endif %}

{%- if client.get("allowed_emails", []) %}
<h3 class="govuk-heading-m">Allowed emails</h3>
<div id="allowed_emails_hint" class="govuk-hint">
The below emails can authenticate using this client. Note that the client may include additional authorisation steps that prevents user access.
</div>
<ul aria-describedby="allowed_emails_hint">
{%- for em in client.get("allowed_emails", []) | sort %}
<li>{{ em }}</li>
{%- endfor %}
</ul>
{%- endif %}

{%- if client.get("allowed_domains", []) %}
<h3 class="govuk-heading-m">Allowed domains</h3>
<div id="allowed_domains_hint" class="govuk-hint">
Users with email addresses ending in the below domains can authenticate using this client. Note that the client may include additional authorisation steps that prevents user access.
</div>
<ul aria-describedby="allowed_domains_hint">
{%- for d in client.get("allowed_domains", []) | sort %}
<li>{{ d }}</li>
<li>*.{{ d }}</li>
{%- endfor %}
</ul>
{%- endif %}

<div>
<a href="/dashboard#{{ client_id }}" class="govuk-button govuk-button--secondary" data-module="govuk-button">
Return to dashboard
</a>
{%- if manager_type and manager_type in ["owner", "manager"] %}
&nbsp;
<a href="/manage?client_id={{ client_id }}" class="govuk-button govuk-button--secondary" data-module="govuk-button">
Manage
</a>
{%- endif %}
</div>
</div>
{%- endif %}

</main>
{% endblock %}
35 changes: 34 additions & 1 deletion wsgi.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1246,6 +1246,7 @@ def signout(country_missmatch: bool = False):
return redirect(redirect_url)


@app.route("/view", methods=["GET"])
@app.route("/manage", methods=["GET", "POST"])
@UserShouldBeSignedIn
@SetBrowserCookie
Expand Down Expand Up @@ -1294,6 +1295,7 @@ def route_manage():

owners = client.get("owners", [])
managers = client.get("managers", [])
viewers = client.get("viewers", [])

manager_type = None

Expand All @@ -1305,6 +1307,8 @@ def route_manage():
manager_type = "owner"
elif users_email and users_email in managers:
manager_type = "manager"
elif users_email and users_email in viewers:
manager_type = "viewer"

if not manager_type:
jprint(
Expand All @@ -1317,6 +1321,19 @@ def route_manage():
)
return redirect("/dashboard?error=management-no-access")

if "view" in request.path or manager_type == "viewer":
return renderTemplate(
"view.html",
{
"session": session,
"client_id": client_id,
"manager_type": manager_type,
"client": client,
"title": "View",
"nav_item": "view",
},
)

client_json = None
client_json_lines = 0

Expand Down Expand Up @@ -1347,9 +1364,10 @@ def route_manage():
else:
new_config["secret"] = client["secret"]

if manager_type == "manager":
if manager_type != "owner":
new_config["owners"] = client.get("owners", [])
new_config["managers"] = client.get("managers", [])
new_config["viewers"] = client.get("viewers", [])

save_success = sso_oidc.save_client(
filename=client.get("_filename", None),
Expand Down Expand Up @@ -1409,6 +1427,20 @@ def dashboard():
else f"Open {name}"
)

can_view = (
True
if (
users_email
in (
client.get("owners", [])
+ client.get("managers", [])
+ client.get("viewers", [])
)
or users_email in SUPERUSERS
)
else False
)

can_manage = (
True
if (
Expand All @@ -1435,6 +1467,7 @@ def dashboard():
"sign_in_url": sign_in_url,
"button_text": button_text,
"dashboard_display": dashboard_display,
"can_view": can_view,
"can_manage": can_manage,
}

Expand Down

0 comments on commit c9f6d04

Please sign in to comment.