Enable setting the login binding field for Github and Google login

Right now, this is mostly a cut and paste job, which is a bit ugly, but works. Longer term, I've filed https://jira.coreos.com/browse/QUAY-801 to remove the custom code for Github and Google and, instead, support them generically as part of our OIDC provider setup Fixes https://jira.coreos.com/browse/QUAY-781
2018-01-25 15:21:37 -05:00 · 2018-01-25 15:21:37 -05:00 · 498c29ca89
commit 498c29ca89
parent c228734978
1 changed files with 48 additions and 0 deletions
--- a/static/directives/config/config-setup-tool.html
+++ b/static/directives/config/config-setup-tool.html
@ -964,6 +964,10 @@
              Enable GitHub Authentication
            </div>

+            <div class="co-alert co-alert-warning" ng-if="config.FEATURE_GITHUB_LOGIN && config.AUTHENTICATION_TYPE && config.AUTHENTICATION_TYPE != 'Database' && config.AUTHENTICATION_TYPE != 'AppToken' && !config.GITHUB_LOGIN_CONFIG.LOGIN_BINDING_FIELD">
+              Warning: This provider is not bound to your <strong>{{ config.AUTHENTICATION_TYPE }}</strong> authentication. Logging in via this provider will create a <strong><span class="registry-name"></span>-only user</strong>, which is not the recommended approach. It is <strong>highly</strong> recommended to choose a "Binding Field" below.
+            </div>
+
            <table class="config-table" ng-if="config.FEATURE_GITHUB_LOGIN">
              <tr>
                <td>GitHub:</td>
@ -1021,6 +1025,26 @@
                  </span>
                </td>
              </tr>
+              <tr ng-if="config.AUTHENTICATION_TYPE != 'Database' && config.AUTHENTICATION_TYPE != 'AppToken'">
+                <td>Binding Field:</td>
+                <td>
+                  <select class="form-control" ng-model="config.GITHUB_LOGIN_CONFIG.LOGIN_BINDING_FIELD">
+                    <option value="">(None)</option>
+                    <option value="sub">Subject (User ID)</option>
+                    <option value="username">Username</option>
+                    <option value="email">E-mail address</option>
+                  </select>
+                  <div class="help-text">
+                    If selected, when a user logs in via this provider, they will be automatically bound to their user in <strong>{{ config.AUTHENTICATION_TYPE }}</strong> by matching the selected field from the provider to the associated user in {{ config.AUTHENTICATION_TYPE }}.
+                  </div>
+                  <div class="help-text">
+                    For example, selecting <code>Subject</code> here with a backing authentication system of LDAP means that a user logging in via this provider will also be bound to their user in LDAP by username.
+                  </div>
+                  <div class="help-text">
+                    If none selected, a <strong>user unique to <span class="registry-name"></span></strong> will be created on initial login with this provider. <strong>This is not the recommended setup.</strong>
+                  </div>
+                </td>
+              </tr>
            </table>
          </div>
        </div> <!-- /GitHub Authentication -->
@ -1049,6 +1073,10 @@
              Enable Google Authentication
            </div>

+            <div class="co-alert co-alert-warning" ng-if="config.FEATURE_GOOGLE_LOGIN && config.AUTHENTICATION_TYPE && config.AUTHENTICATION_TYPE != 'Database' && config.AUTHENTICATION_TYPE != 'AppToken' && !config.GOOGLE_LOGIN_CONFIG.LOGIN_BINDING_FIELD">
+              Warning: This provider is not bound to your <strong>{{ config.AUTHENTICATION_TYPE }}</strong> authentication. Logging in via this provider will create a <strong><span class="registry-name"></span>-only user</strong>, which is not the recommended approach. It is <strong>highly</strong> recommended to choose a "Binding Field" below.
+            </div>
+
            <table class="config-table" ng-if="config.FEATURE_GOOGLE_LOGIN">
              <tr>
                <td>OAuth Client ID:</td>
@ -1064,6 +1092,26 @@
                  </span>
                </td>
              </tr>
+              <tr ng-if="config.AUTHENTICATION_TYPE != 'Database' && config.AUTHENTICATION_TYPE != 'AppToken'">
+                <td>Binding Field:</td>
+                <td>
+                  <select class="form-control" ng-model="config.GOOGLE_LOGIN_CONFIG.LOGIN_BINDING_FIELD">
+                    <option value="">(None)</option>
+                    <option value="sub">Subject (User ID)</option>
+                    <option value="username">Username</option>
+                    <option value="email">E-mail address</option>
+                  </select>
+                  <div class="help-text">
+                    If selected, when a user logs in via this provider, they will be automatically bound to their user in <strong>{{ config.AUTHENTICATION_TYPE }}</strong> by matching the selected field from the provider to the associated user in {{ config.AUTHENTICATION_TYPE }}.
+                  </div>
+                  <div class="help-text">
+                    For example, selecting <code>Subject</code> here with a backing authentication system of LDAP means that a user logging in via this provider will also be bound to their user in LDAP by username.
+                  </div>
+                  <div class="help-text">
+                    If none selected, a <strong>user unique to <span class="registry-name"></span></strong> will be created on initial login with this provider. <strong>This is not the recommended setup.</strong>
+                  </div>
+                </td>
+              </tr>
            </table>
          </div>
        </div> <!-- /Google Authentication -->