habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
782d95b4a3338d9717403c1eff578f95bfc0831e
authentik/web/src/admin/flows/FlowImportForm.ts
Jens L b0fbd576fc security: cure53 fix (#6039) 
* ATH-01-001: resolve path and check start before loading blueprints

This is even less of an issue since 411ef239f6, since with that commit we only allow files that the listing returns

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: fix missing user filter for webauthn device

This prevents an attack that is only possible when an attacker can intercept HTTP traffic and in the case of HTTPS decrypt it.

* ATH-01-008: fix web forms not submitting correctly when pressing enter

When submitting some forms with the Enter key instead of clicking "Confirm"/etc, the form would not get submitted correctly

This would in the worst case is when setting a user's password, where the new password can end up in the URL, but the password was not actually saved to the user.

* ATH-01-004: remove env from admin system endpoint

this endpoint already required admin access, but for debugging the env variables are used very little

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-003 / ATH-01-012: disable htmlLabels in mermaid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-005: use hmac.compare_digest for secret_key authentication

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-009: migrate impersonation to use API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-010: rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-014: save authenticator validation state in flow context

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

bugfixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ATH-01-012: escape quotation marks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update release ntoes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update with all notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-22 22:25:04 +02:00

101 lines
4.4 KiB
TypeScript
Raw Blame History

import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { SentryIgnoredError } from "@goauthentik/common/errors";
import { PFColor } from "@goauthentik/elements/Label";
import { Form } from "@goauthentik/elements/forms/Form";
import "@goauthentik/elements/forms/HorizontalFormElement";
import { msg } from "@lit/localize";
import { CSSResult, TemplateResult, html } from "lit";
import { customElement, state } from "lit/decorators.js";
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
import { Flow, FlowImportResult, FlowsApi } from "@goauthentik/api";
@customElement("ak-flow-import-form")
export class FlowImportForm extends Form<Flow> {
@state()
result?: FlowImportResult;
getSuccessMessage(): string {
return msg("Successfully imported flow.");
}
static get styles(): CSSResult[] {
return super.styles.concat(PFDescriptionList);
}
async send(): Promise<FlowImportResult> {
const file = this.getFormFiles()["flow"];
if (!file) {
throw new SentryIgnoredError("No form data");
}
const result = await new FlowsApi(DEFAULT_CONFIG).flowsInstancesImportCreate({
file: file,
});
if (!result.success) {
this.result = result;
throw new SentryIgnoredError("Failed to import flow");
}
return result;
}
renderResult(): TemplateResult {
return html`
<ak-form-element-horizontal label=${msg("Successful")}>
<div class="pf-c-form__group-label">
<div class="c-form__horizontal-group">
<span class="pf-c-form__label-text">
<ak-label color=${this.result?.success ? PFColor.Green : PFColor.Red}>
${this.result?.success ? msg("Yes") : msg("No")}
</ak-label>
</span>
</div>
</div>
</ak-form-element-horizontal>
<ak-form-element-horizontal label=${msg("Log messages")}>
<div class="pf-c-form__group-label">
<div class="c-form__horizontal-group">
<dl class="pf-c-description-list pf-m-horizontal">
${(this.result?.logs || []).length > 0
? this.result?.logs?.map((m) => {
return html`<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text"
>${m.log_level}</span
>
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
${m.event}
</div>
</dd>
</div>`;
})
: html`<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text"
>${msg("No log messages.")}</span
>
</dt>
</div>`}
</dl>
</div>
</div>
</ak-form-element-horizontal>
`;
}
renderInlineForm(): TemplateResult {
return html`<ak-form-element-horizontal label=${msg("Flow")} name="flow">
<input type="file" value="" class="pf-c-form-control" />
<p class="pf-c-form__helper-text">
${msg(
".yaml files, which can be found on goauthentik.io and can be exported by authentik.",
)}
</p>
</ak-form-element-horizontal>
${this.result ? this.renderResult() : html``}`;
}
}
Reference in New Issue View Git Blame Copy Permalink