mirror of
https://github.com/hay-kot/homebox.git
synced 2024-12-18 04:56:30 +00:00
feat(auth): support for forwarded auth provider
This commit is contained in:
parent
0041c277ad
commit
bbf9878963
12 changed files with 266 additions and 61 deletions
|
@ -10,6 +10,7 @@ import (
|
||||||
"github.com/hay-kot/homebox/backend/internal/core/services"
|
"github.com/hay-kot/homebox/backend/internal/core/services"
|
||||||
"github.com/hay-kot/homebox/backend/internal/core/services/reporting/eventbus"
|
"github.com/hay-kot/homebox/backend/internal/core/services/reporting/eventbus"
|
||||||
"github.com/hay-kot/homebox/backend/internal/data/repo"
|
"github.com/hay-kot/homebox/backend/internal/data/repo"
|
||||||
|
"github.com/hay-kot/homebox/backend/pkgs/ipcheck"
|
||||||
"github.com/hay-kot/httpkit/errchain"
|
"github.com/hay-kot/httpkit/errchain"
|
||||||
"github.com/hay-kot/httpkit/server"
|
"github.com/hay-kot/httpkit/server"
|
||||||
"github.com/rs/zerolog/log"
|
"github.com/rs/zerolog/log"
|
||||||
|
@ -57,6 +58,18 @@ func WithSecureCookies(secure bool) func(*V1Controller) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func WithForwardAuthHeader(forwardAuthHeader string) func(*V1Controller) {
|
||||||
|
return func(ctrl *V1Controller) {
|
||||||
|
ctrl.forwardAuthHeader = forwardAuthHeader
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func WithForwardAuthAllowedIps(forwardAuthAllowedIps string) func(*V1Controller) {
|
||||||
|
return func(ctrl *V1Controller) {
|
||||||
|
ctrl.forwardAuthAllowedIps = forwardAuthAllowedIps
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
type V1Controller struct {
|
type V1Controller struct {
|
||||||
cookieSecure bool
|
cookieSecure bool
|
||||||
repo *repo.AllRepos
|
repo *repo.AllRepos
|
||||||
|
@ -65,6 +78,8 @@ type V1Controller struct {
|
||||||
isDemo bool
|
isDemo bool
|
||||||
allowRegistration bool
|
allowRegistration bool
|
||||||
bus *eventbus.EventBus
|
bus *eventbus.EventBus
|
||||||
|
forwardAuthHeader string
|
||||||
|
forwardAuthAllowedIps string
|
||||||
}
|
}
|
||||||
|
|
||||||
type (
|
type (
|
||||||
|
@ -84,6 +99,7 @@ type (
|
||||||
Build Build `json:"build"`
|
Build Build `json:"build"`
|
||||||
Demo bool `json:"demo"`
|
Demo bool `json:"demo"`
|
||||||
AllowRegistration bool `json:"allowRegistration"`
|
AllowRegistration bool `json:"allowRegistration"`
|
||||||
|
ForwardAuthAvailable bool `json:"forwardAuthAvailable"`
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -117,6 +133,8 @@ func NewControllerV1(svc *services.AllServices, repos *repo.AllRepos, bus *event
|
||||||
// @Router /v1/status [GET]
|
// @Router /v1/status [GET]
|
||||||
func (ctrl *V1Controller) HandleBase(ready ReadyFunc, build Build) errchain.HandlerFunc {
|
func (ctrl *V1Controller) HandleBase(ready ReadyFunc, build Build) errchain.HandlerFunc {
|
||||||
return func(w http.ResponseWriter, r *http.Request) error {
|
return func(w http.ResponseWriter, r *http.Request) error {
|
||||||
|
forwardAuthAvailable := r.Header.Get(ctrl.forwardAuthHeader) != "" && ipcheck.ValidateAgainstList(r.RemoteAddr, ctrl.forwardAuthAllowedIps)
|
||||||
|
|
||||||
return server.JSON(w, http.StatusOK, APISummary{
|
return server.JSON(w, http.StatusOK, APISummary{
|
||||||
Healthy: ready(),
|
Healthy: ready(),
|
||||||
Title: "Homebox",
|
Title: "Homebox",
|
||||||
|
@ -124,6 +142,7 @@ func (ctrl *V1Controller) HandleBase(ready ReadyFunc, build Build) errchain.Hand
|
||||||
Build: build,
|
Build: build,
|
||||||
Demo: ctrl.isDemo,
|
Demo: ctrl.isDemo,
|
||||||
AllowRegistration: ctrl.allowRegistration,
|
AllowRegistration: ctrl.allowRegistration,
|
||||||
|
ForwardAuthAvailable: forwardAuthAvailable,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
36
backend/app/api/providers/forwardauth.go
Normal file
36
backend/app/api/providers/forwardauth.go
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
package providers
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/hay-kot/homebox/backend/internal/core/services"
|
||||||
|
"github.com/hay-kot/homebox/backend/internal/sys/config"
|
||||||
|
"github.com/hay-kot/homebox/backend/pkgs/ipcheck"
|
||||||
|
)
|
||||||
|
|
||||||
|
type ForwardAuthProvider struct {
|
||||||
|
service *services.UserService
|
||||||
|
authConfig *config.AuthConfig
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewForwardAuthProvider(service *services.UserService, authConfig *config.AuthConfig) *ForwardAuthProvider {
|
||||||
|
return &ForwardAuthProvider{
|
||||||
|
service: service,
|
||||||
|
authConfig: authConfig,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *ForwardAuthProvider) Name() string {
|
||||||
|
return "forwardauth"
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *ForwardAuthProvider) Authenticate(w http.ResponseWriter, r *http.Request) (services.UserAuthTokenDetail, error) {
|
||||||
|
if !ipcheck.ValidateAgainstList(r.RemoteAddr, p.authConfig.ForwardAuthAllowedIps) {
|
||||||
|
return services.UserAuthTokenDetail{}, errors.New("forward authentication denied, IP address not allowed")
|
||||||
|
}
|
||||||
|
|
||||||
|
username := r.Header.Get(p.authConfig.ForwardAuthHeader)
|
||||||
|
|
||||||
|
return p.service.PasswordlessLogin(r.Context(), username, p.authConfig.ForwardAuthAutoRegister)
|
||||||
|
}
|
|
@ -56,6 +56,8 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
|
||||||
v1.WithMaxUploadSize(a.conf.Web.MaxUploadSize),
|
v1.WithMaxUploadSize(a.conf.Web.MaxUploadSize),
|
||||||
v1.WithRegistration(a.conf.Options.AllowRegistration),
|
v1.WithRegistration(a.conf.Options.AllowRegistration),
|
||||||
v1.WithDemoStatus(a.conf.Demo), // Disable Password Change in Demo Mode
|
v1.WithDemoStatus(a.conf.Demo), // Disable Password Change in Demo Mode
|
||||||
|
v1.WithForwardAuthHeader(a.conf.Auth.ForwardAuthHeader),
|
||||||
|
v1.WithForwardAuthAllowedIps(a.conf.Auth.ForwardAuthAllowedIps),
|
||||||
)
|
)
|
||||||
|
|
||||||
r.Get(v1Base("/status"), chain.ToHandlerFunc(v1Ctrl.HandleBase(func() bool { return true }, v1.Build{
|
r.Get(v1Base("/status"), chain.ToHandlerFunc(v1Ctrl.HandleBase(func() bool { return true }, v1.Build{
|
||||||
|
@ -67,6 +69,7 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
|
||||||
r.Get(v1Base("/currencies"), chain.ToHandlerFunc(v1Ctrl.HandleCurrency()))
|
r.Get(v1Base("/currencies"), chain.ToHandlerFunc(v1Ctrl.HandleCurrency()))
|
||||||
|
|
||||||
providers := []v1.AuthProvider{
|
providers := []v1.AuthProvider{
|
||||||
|
providers.NewForwardAuthProvider(a.services.User, &a.conf.Auth),
|
||||||
providers.NewLocalProvider(a.services.User),
|
providers.NewLocalProvider(a.services.User),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -197,6 +197,30 @@ func (svc *UserService) Login(ctx context.Context, username, password string, ex
|
||||||
return svc.createSessionToken(ctx, usr.ID, extendedSession)
|
return svc.createSessionToken(ctx, usr.ID, extendedSession)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (svc *UserService) PasswordlessLogin(ctx context.Context, username string, autoRegister bool) (UserAuthTokenDetail, error) {
|
||||||
|
usr, err := svc.repos.Users.GetOneEmail(ctx, username)
|
||||||
|
if err == nil {
|
||||||
|
return svc.createSessionToken(ctx, usr.ID, false)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !autoRegister {
|
||||||
|
return UserAuthTokenDetail{}, ErrorInvalidLogin
|
||||||
|
}
|
||||||
|
|
||||||
|
data := UserRegistration{
|
||||||
|
Name: username,
|
||||||
|
Email: username,
|
||||||
|
Password: uuid.NewString(),
|
||||||
|
}
|
||||||
|
|
||||||
|
usr, err = svc.RegisterUser(ctx, data)
|
||||||
|
if err != nil {
|
||||||
|
return UserAuthTokenDetail{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return svc.createSessionToken(ctx, usr.ID, false)
|
||||||
|
}
|
||||||
|
|
||||||
func (svc *UserService) Logout(ctx context.Context, token string) error {
|
func (svc *UserService) Logout(ctx context.Context, token string) error {
|
||||||
hash := hasher.HashToken(token)
|
hash := hasher.HashToken(token)
|
||||||
err := svc.repos.AuthTokens.DeleteToken(ctx, hash)
|
err := svc.repos.AuthTokens.DeleteToken(ctx, hash)
|
||||||
|
|
|
@ -20,6 +20,7 @@ type Config struct {
|
||||||
conf.Version
|
conf.Version
|
||||||
Mode string `yaml:"mode" conf:"default:development"` // development or production
|
Mode string `yaml:"mode" conf:"default:development"` // development or production
|
||||||
Web WebConfig `yaml:"web"`
|
Web WebConfig `yaml:"web"`
|
||||||
|
Auth AuthConfig `yaml:"auth"`
|
||||||
Storage Storage `yaml:"storage"`
|
Storage Storage `yaml:"storage"`
|
||||||
Log LoggerConf `yaml:"logger"`
|
Log LoggerConf `yaml:"logger"`
|
||||||
Mailer MailerConf `yaml:"mailer"`
|
Mailer MailerConf `yaml:"mailer"`
|
||||||
|
@ -48,6 +49,12 @@ type WebConfig struct {
|
||||||
IdleTimeout time.Duration `yaml:"idle_timeout" conf:"default:30s"`
|
IdleTimeout time.Duration `yaml:"idle_timeout" conf:"default:30s"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type AuthConfig struct {
|
||||||
|
ForwardAuthHeader string `yaml:"forward_auth_header" conf:"default:Remote-Email"`
|
||||||
|
ForwardAuthAllowedIps string `yaml:"forward_auth_allowed_ips"`
|
||||||
|
ForwardAuthAutoRegister bool `yaml:"forward_auth_auto_register" conf:"default:false"`
|
||||||
|
}
|
||||||
|
|
||||||
// New parses the CLI/Config file and returns a Config struct. If the file argument is an empty string, the
|
// New parses the CLI/Config file and returns a Config struct. If the file argument is an empty string, the
|
||||||
// file is not read. If the file is not empty, the file is read and the Config struct is returned.
|
// file is not read. If the file is not empty, the file is read and the Config struct is returned.
|
||||||
func New(buildstr string, description string) (*Config, error) {
|
func New(buildstr string, description string) (*Config, error) {
|
||||||
|
|
37
backend/pkgs/ipcheck/ipcheck.go
Normal file
37
backend/pkgs/ipcheck/ipcheck.go
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
// Package ipcheck provides helper functions to validate IP addresses against criteria
|
||||||
|
package ipcheck
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"net"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
func ValidateAgainstList(ip string, comaSeparatedList string) bool {
|
||||||
|
if comaSeparatedList == "" || ip == "" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
if net.ParseIP(ip) == nil {
|
||||||
|
ip, _, _ = net.SplitHostPort(ip)
|
||||||
|
}
|
||||||
|
|
||||||
|
if ip == "" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
cidrs := strings.Split(comaSeparatedList, ",")
|
||||||
|
testedIP, _, err := net.ParseCIDR(fmt.Sprintf("%s/32", ip))
|
||||||
|
if err != nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, cidr := range cidrs {
|
||||||
|
_, ipnet, err := net.ParseCIDR(cidr)
|
||||||
|
if err == nil && ipnet.Contains(testedIP) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
54
backend/pkgs/ipcheck/ipcheck_test.go
Normal file
54
backend/pkgs/ipcheck/ipcheck_test.go
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
package ipcheck
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
func Test_ValidateAgainstList(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
ip string
|
||||||
|
list string
|
||||||
|
want bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "IPv4 matching the list",
|
||||||
|
ip: "192.168.1.1",
|
||||||
|
list: "192.168.11.0/24,192.168.1.0/24",
|
||||||
|
want: true,
|
||||||
|
}, {
|
||||||
|
name: "IPv4 with exact match",
|
||||||
|
ip: "192.168.2.2",
|
||||||
|
list: "192.168.2.2/32,192.168.0.0/24",
|
||||||
|
want: true,
|
||||||
|
}, {
|
||||||
|
name: "IPv4 with no match",
|
||||||
|
ip: "192.168.3.3",
|
||||||
|
list: "192.168.0.0/24,192.168.2.0/24",
|
||||||
|
want: false,
|
||||||
|
}, {
|
||||||
|
name: "IPv6 matching the list",
|
||||||
|
ip: "1111:1111:1111:1111:1111:1111:1111:1111",
|
||||||
|
list: "1111:1111:1111:1111::/64,2222:2222:2222:2222::/64",
|
||||||
|
want: true,
|
||||||
|
}, {
|
||||||
|
name: "IPv6 with exact match",
|
||||||
|
ip: "2222:2222:2222:2222:2222:2222:2222:2222",
|
||||||
|
list: "1111:1111:1111:1111::/64,2222:2222:2222:2222:2222:2222:2222:2222/128",
|
||||||
|
want: true,
|
||||||
|
}, {
|
||||||
|
name: "IPv6 with no match",
|
||||||
|
ip: "3333:3333:3333:3333:3333:3333:3333:3333",
|
||||||
|
list: "3333:3333:3333:3333:3333:3333:3333:4444/128,4444::/32",
|
||||||
|
want: false,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
if got := ValidateAgainstList(tt.ip, tt.list); got != tt.want {
|
||||||
|
t.Errorf("ValidateAgainstList() = %v, want %v", got, tt.want)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
|
@ -2847,6 +2847,9 @@
|
||||||
"demo": {
|
"demo": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
|
"forwardAuthAvailable": {
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
"health": {
|
"health": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
|
|
|
@ -55,17 +55,20 @@ volumes:
|
||||||
## Env Variables & Configuration
|
## Env Variables & Configuration
|
||||||
|
|
||||||
| Variable | Default | Description |
|
| Variable | Default | Description |
|
||||||
| ------------------------------------ | ---------------------- | ---------------------------------------------------------------------------------- |
|
| ------------------------------------ | ---------------------- | --------------------------------------------------------------------------------------------------- |
|
||||||
| HBOX_MODE | production | application mode used for runtime behavior can be one of: development, production |
|
| HBOX_MODE | production | application mode used for runtime behavior can be one of: development, production |
|
||||||
| HBOX_WEB_PORT | 7745 | port to run the web server on, if you're using docker do not change this |
|
| HBOX_WEB_PORT | 7745 | port to run the web server on, if you're using docker do not change this |
|
||||||
| HBOX_WEB_HOST | | host to run the web server on, if you're using docker do not change this |
|
| HBOX_WEB_HOST | | host to run the web server on, if you're using docker do not change this |
|
||||||
| HBOX_OPTIONS_ALLOW_REGISTRATION | true | allow users to register themselves |
|
| HBOX_OPTIONS_ALLOW_REGISTRATION | true | allow users to register themselves |
|
||||||
| HBOX_OPTIONS_AUTO_INCREMENT_ASSET_ID | true | auto increments the asset_id field for new items |
|
| HBOX_OPTIONS_AUTO_INCREMENT_ASSET_ID | true | auto increments the asset_id field for new items |
|
||||||
| HBOX_OPTIONS_CURRENCY_CONFIG | | json configuration file containing additional currencie |
|
| HBOX_OPTIONS_CURRENCY_CONFIG | | json configuration file containing additional currencies |
|
||||||
| HBOX_WEB_MAX_UPLOAD_SIZE | 10 | maximum file upload size supported in MB |
|
| HBOX_WEB_MAX_UPLOAD_SIZE | 10 | maximum file upload size supported in MB |
|
||||||
| HBOX_WEB_READ_TIMEOUT | 10 | Read timeout of HTTP sever |
|
| HBOX_WEB_READ_TIMEOUT | 10 | Read timeout of HTTP sever |
|
||||||
| HBOX_WEB_WRITE_TIMEOUT | 10 | Write timeout of HTTP server |
|
| HBOX_WEB_WRITE_TIMEOUT | 10 | Write timeout of HTTP server |
|
||||||
| HBOX_WEB_IDLE_TIMEOUT | 30 | Idle timeout of HTTP server |
|
| HBOX_WEB_IDLE_TIMEOUT | 30 | Idle timeout of HTTP server |
|
||||||
|
| HBOX_AUTH_FORWARD_AUTH_HEADER | Remote-Email | Header used to identify user, when forward auth proxy is used |
|
||||||
|
| HBOX_AUTH_FORWARD_AUTH_ALLOWED_IPS | | Coma separated list of IP CIDRs, allowed to use forward auth - empty list (default), means deny all |
|
||||||
|
| HBOX_AUTH_FORWARD_AUTH_AUTO_REGISTER | false | If true, non-existing user forwarded by auth proxy will be automatically registered |
|
||||||
| HBOX_STORAGE_DATA | /data/ | path to the data directory, do not change this if you're using docker |
|
| HBOX_STORAGE_DATA | /data/ | path to the data directory, do not change this if you're using docker |
|
||||||
| HBOX_STORAGE_SQLITE_URL | /data/homebox.db?_fk=1 | sqlite database url, if you're using docker do not change this |
|
| HBOX_STORAGE_SQLITE_URL | /data/homebox.db?_fk=1 | sqlite database url, if you're using docker do not change this |
|
||||||
| HBOX_LOG_LEVEL | info | log level to use, can be one of: trace, debug, info, warn, error, critical |
|
| HBOX_LOG_LEVEL | info | log level to use, can be one of: trace, debug, info, warn, error, critical |
|
||||||
|
@ -89,6 +92,12 @@ volumes:
|
||||||
--web-port/$HBOX_WEB_PORT <string> (default: 7745)
|
--web-port/$HBOX_WEB_PORT <string> (default: 7745)
|
||||||
--web-host/$HBOX_WEB_HOST <string>
|
--web-host/$HBOX_WEB_HOST <string>
|
||||||
--web-max-upload-size/$HBOX_WEB_MAX_UPLOAD_SIZE <int> (default: 10)
|
--web-max-upload-size/$HBOX_WEB_MAX_UPLOAD_SIZE <int> (default: 10)
|
||||||
|
--web-read-timeout/$HBOX_WEB_READ_TIMEOUT <duration> (default: 10s)
|
||||||
|
--web-write-timeout/$HBOX_WEB_WRITE_TIMEOUT <duration> (default: 10s)
|
||||||
|
--web-idle-timeout/$HBOX_WEB_IDLE_TIMEOUT <duration> (default: 30s)
|
||||||
|
--auth-forward-auth-header/$HBOX_AUTH_FORWARD_AUTH_HEADER <string> (default: Remote-Email)
|
||||||
|
--auth-forward-auth-allowed-ips/$HBOX_AUTH_FORWARD_AUTH_ALLOWED_IPS <string>
|
||||||
|
--auth-forward-auth-auto-register/$HBOX_AUTH_FORWARD_AUTH_AUTO_REGISTER <bool> (default: false)
|
||||||
--storage-data/$HBOX_STORAGE_DATA <string> (default: ./.data)
|
--storage-data/$HBOX_STORAGE_DATA <string> (default: ./.data)
|
||||||
--storage-sqlite-url/$HBOX_STORAGE_SQLITE_URL <string> (default: ./.data/homebox.db?_fk=1)
|
--storage-sqlite-url/$HBOX_STORAGE_SQLITE_URL <string> (default: ./.data/homebox.db?_fk=1)
|
||||||
--log-level/$HBOX_LOG_LEVEL <string> (default: info)
|
--log-level/$HBOX_LOG_LEVEL <string> (default: info)
|
||||||
|
|
|
@ -84,8 +84,8 @@ class AuthContext implements IAuthContext {
|
||||||
console.log("Session invalidated");
|
console.log("Session invalidated");
|
||||||
}
|
}
|
||||||
|
|
||||||
async login(api: PublicApi, email: string, password: string, stayLoggedIn: boolean) {
|
async login(api: PublicApi, email: string, password: string, stayLoggedIn: boolean, provider = "local") {
|
||||||
const r = await api.login(email, password, stayLoggedIn);
|
const r = await api.login(email, password, stayLoggedIn, provider);
|
||||||
|
|
||||||
if (!r.error) {
|
if (!r.error) {
|
||||||
const expiresAt = new Date(r.data.expiresAt);
|
const expiresAt = new Date(r.data.expiresAt);
|
||||||
|
|
|
@ -13,9 +13,9 @@ export class PublicApi extends BaseAPI {
|
||||||
return this.http.get<APISummary>({ url: route("/status") });
|
return this.http.get<APISummary>({ url: route("/status") });
|
||||||
}
|
}
|
||||||
|
|
||||||
public login(username: string, password: string, stayLoggedIn = false) {
|
public login(username: string, password: string, stayLoggedIn = false, provider = "local") {
|
||||||
return this.http.post<LoginForm, TokenResponse>({
|
return this.http.post<LoginForm, TokenResponse>({
|
||||||
url: route("/users/login"),
|
url: route("/users/login?provider=" + provider),
|
||||||
body: {
|
body: {
|
||||||
username,
|
username,
|
||||||
password,
|
password,
|
||||||
|
|
|
@ -45,6 +45,9 @@
|
||||||
email.value = "demo@example.com";
|
email.value = "demo@example.com";
|
||||||
loginPassword.value = "demo";
|
loginPassword.value = "demo";
|
||||||
}
|
}
|
||||||
|
if (status?.forwardAuthAvailable) {
|
||||||
|
loginViaForwardAuth()
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
const route = useRoute();
|
const route = useRoute();
|
||||||
|
@ -120,6 +123,16 @@
|
||||||
loading.value = false;
|
loading.value = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function loginViaForwardAuth() {
|
||||||
|
const { error } = await ctx.login(api, email.value, loginPassword.value, remember.value, "forwardauth");
|
||||||
|
|
||||||
|
if (error) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
navigateTo("/home");
|
||||||
|
}
|
||||||
|
|
||||||
const [registerForm, toggleLogin] = useToggle();
|
const [registerForm, toggleLogin] = useToggle();
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue