providers/ldap: Remove search group (#10639)

* remove search_group

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make api operations cleaerer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually use get

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use correct api client for ldap

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix migration warning

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix styling issue in dark mode

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated-ish fix button order in wizard

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix missing css import

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Optimised images with calibre/image-actions

* Update index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Update index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* update release notes based on new template

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>

web/src/admin/applications/wizard/methods/ldap/LDAPOptionsAndHelp.ts

@@ -43,10 +43,6 @@ export const mfaSupportHelp = msg(
     "When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon.",
 );
 
-export const groupHelp = msg(
-    "The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber",
-);
-
 export const cryptoCertificateHelp = msg(
     "The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate.",
 );

web/src/admin/applications/wizard/methods/ldap/ak-application-wizard-authentication-by-ldap.ts

@@ -1,5 +1,4 @@
 import "@goauthentik/admin/applications/wizard/ak-wizard-title";
-import "@goauthentik/admin/common/ak-core-group-search";
 import "@goauthentik/admin/common/ak-crypto-certificate-search";
 import "@goauthentik/admin/common/ak-flow-search/ak-branded-flow-search";
 import { first } from "@goauthentik/common/utils";
@@ -24,7 +23,6 @@ import {
     bindModeOptions,
     cryptoCertificateHelp,
     gidStartNumberHelp,
-    groupHelp,
     mfaSupportHelp,
     searchModeOptions,
     tlsServerNameHelp,
@@ -65,18 +63,6 @@ export class ApplicationWizardApplicationDetails extends WithBrandConfig(BasePro
                     </p>
                 </ak-form-element-horizontal>
 
-                <ak-form-element-horizontal
-                    label=${msg("Search group")}
-                    name="searchGroup"
-                    .errorMessages=${errors?.searchGroup ?? []}
-                >
-                    <ak-core-group-search
-                        name="searchGroup"
-                        group=${ifDefined(provider?.searchGroup ?? nothing)}
-                    ></ak-core-group-search>
-                    <p class="pf-c-form__helper-text">${groupHelp}</p>
-                </ak-form-element-horizontal>
-
                 <ak-radio-input
                     label=${msg("Bind mode")}
                     name="bindMode"

web/src/admin/applications/wizard/methods/proxy/ak-application-wizard-authentication-for-forward-domain-proxy.ts

@@ -5,19 +5,25 @@ import { customElement } from "@lit/reactive-element/decorators.js";
 import { html } from "lit";
 import { ifDefined } from "lit/directives/if-defined.js";
 
+import PFList from "@patternfly/patternfly/components/List/list.css";
+
 import { ProxyProvider } from "@goauthentik/api";
 
 import AkTypeProxyApplicationWizardPage from "./AuthenticationByProxyPage";
 
 @customElement("ak-application-wizard-authentication-for-forward-proxy-domain")
 export class AkForwardDomainProxyApplicationWizardPage extends AkTypeProxyApplicationWizardPage {
+    static get styles() {
+        return super.styles.concat(PFList);
+    }
+
     renderModeDescription() {
-        return html`<p class="pf-u-mb-xl">
+        return html`<p>
                 ${msg(
                     "Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.",
                 )}
             </p>
-            <div class="pf-u-mb-xl">
+            <div>
                 ${msg("An example setup can look like this:")}
                 <ul class="pf-c-list">
                     <li>${msg("authentik running on auth.example.com")}</li>

web/src/admin/applications/wizard/methods/saml/ak-application-wizard-authentication-by-saml-configuration.ts

@@ -1,6 +1,5 @@
 import "@goauthentik/admin/applications/wizard/ak-wizard-title";
 import "@goauthentik/admin/applications/wizard/ak-wizard-title";
-import "@goauthentik/admin/common/ak-core-group-search";
 import "@goauthentik/admin/common/ak-crypto-certificate-search";
 import "@goauthentik/admin/common/ak-flow-search/ak-branded-flow-search";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";

web/src/admin/applications/wizard/steps.ts

@@ -42,7 +42,7 @@ class ProviderMethodStep implements ApplicationStepType {
     valid = false;
 
     get buttons() {
-        return [BackStep, this.valid ? NextStep : DisabledNextStep, CancelWizard];
+        return [this.valid ? NextStep : DisabledNextStep, BackStep, CancelWizard];
     }
 
     render() {
@@ -58,7 +58,7 @@ class ProviderStepDetails implements ApplicationStepType {
     disabled = true;
     valid = false;
     get buttons() {
-        return [BackStep, this.valid ? SubmitStep : DisabledNextStep, CancelWizard];
+        return [this.valid ? SubmitStep : DisabledNextStep, BackStep, CancelWizard];
     }
 
     render() {

web/src/admin/providers/ldap/LDAPProviderForm.ts

@@ -15,10 +15,7 @@ import { customElement } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
 import {
-    CoreApi,
-    CoreGroupsListRequest,
     FlowsInstancesListDesignationEnum,
-    Group,
     LDAPAPIAccessMode,
     LDAPProvider,
     ProvidersApi,
@@ -73,37 +70,6 @@ export class LDAPProviderFormPage extends WithBrandConfig(BaseProviderForm<LDAPP
                 ></ak-branded-flow-search>
                 <p class="pf-c-form__helper-text">${msg("Flow used for users to authenticate.")}</p>
             </ak-form-element-horizontal>
-            <ak-form-element-horizontal label=${msg("Search group")} name="searchGroup">
-                <ak-search-select
-                    .fetchObjects=${async (query?: string): Promise<Group[]> => {
-                        const args: CoreGroupsListRequest = {
-                            ordering: "name",
-                            includeUsers: false,
-                        };
-                        if (query !== undefined) {
-                            args.search = query;
-                        }
-                        const groups = await new CoreApi(DEFAULT_CONFIG).coreGroupsList(args);
-                        return groups.results;
-                    }}
-                    .renderElement=${(group: Group): string => {
-                        return group.name;
-                    }}
-                    .value=${(group: Group | undefined): string | undefined => {
-                        return group?.pk;
-                    }}
-                    .selected=${(group: Group): boolean => {
-                        return group.pk === this.instance?.searchGroup;
-                    }}
-                    ?blankable=${true}
-                >
-                </ak-search-select>
-                <p class="pf-c-form__helper-text">
-                    ${msg(
-                        "Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed.",
-                    )}
-                </p>
-            </ak-form-element-horizontal>
             <ak-form-element-horizontal label=${msg("Bind mode")} name="bindMode">
                 <ak-radio
                     .options=${[

web/src/common/styles/theme-dark.css

@@ -45,11 +45,6 @@ body {
 .pf-c-card.pf-m-non-selectable-raised {
     --pf-c-card--BackgroundColor: var(--ak-dark-background-lighter);
 }
-.pf-c-card.pf-m-hoverable-raised::before,
-.pf-c-card.pf-m-selectable-raised::before,
-.pf-c-card.pf-m-non-selectable-raised::before {
-    --pf-c-card--m-selectable-raised--before--BackgroundColor: var(--ak-dark-background-light);
-}
 .pf-c-card__title,
 .pf-c-card__body {
     color: var(--ak-dark-foreground);