authentik/web/src/pages/generic/FlowExecutor.ts

import { gettext } from "django";
import { LitElement, html, customElement, property, TemplateResult, CSSResult, css } from "lit-element";
import { unsafeHTML } from "lit-html/directives/unsafe-html";
import { getCookie } from "../../utils";
import "../../elements/stages/identification/IdentificationStage";
import "../../elements/stages/password/PasswordStage";
import "../../elements/stages/consent/ConsentStage";
import "../../elements/stages/email/EmailStage";
import "../../elements/stages/autosubmit/AutosubmitStage";
import "../../elements/stages/prompt/PromptStage";
import "../../elements/stages/authenticator_totp/AuthenticatorTOTPStage";
import "../../elements/stages/authenticator_static/AuthenticatorStaticStage";
import "../../elements/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage";
import "../../elements/stages/authenticator_validate/AuthenticatorValidateStage";
import { ShellChallenge, Challenge, ChallengeTypes, Flow, RedirectChallenge } from "../../api/Flows";
import { DefaultClient } from "../../api/Client";
import { IdentificationChallenge } from "../../elements/stages/identification/IdentificationStage";
import { PasswordChallenge } from "../../elements/stages/password/PasswordStage";
import { ConsentChallenge } from "../../elements/stages/consent/ConsentStage";
import { EmailChallenge } from "../../elements/stages/email/EmailStage";
import { AutosubmitChallenge } from "../../elements/stages/autosubmit/AutosubmitStage";
import { PromptChallenge } from "../../elements/stages/prompt/PromptStage";
import { AuthenticatorTOTPChallenge } from "../../elements/stages/authenticator_totp/AuthenticatorTOTPStage";
import { AuthenticatorStaticChallenge } from "../../elements/stages/authenticator_static/AuthenticatorStaticStage";
import { AuthenticatorValidateStageChallenge } from "../../elements/stages/authenticator_validate/AuthenticatorValidateStage";
import { WebAuthnAuthenticatorRegisterChallenge } from "../../elements/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage";
import { COMMON_STYLES } from "../../common/styles";
import { SpinnerSize } from "../../elements/Spinner";
import { StageHost } from "../../elements/stages/base";

@customElement("ak-flow-executor")
export class FlowExecutor extends LitElement implements StageHost {
    @property()
    flowSlug = "";

    @property({attribute: false})
    challenge?: Challenge;

    @property({type: Boolean})
    loading = false;

    static get styles(): CSSResult[] {
        return COMMON_STYLES.concat(css`
            .ak-loading {
                display: flex;
                height: 100%;
                width: 100%;
                justify-content: center;
                align-items: center;
                position: absolute;
                background-color: #0303039e;
            }
            .ak-hidden {
                display: none;
            }
            :host {
                position: relative;
            }
        `);
    }

    constructor() {
        super();
        this.addEventListener("ak-flow-submit", () => {
            this.submit();
        });
    }

    submit(formData?: FormData): Promise<void> {
        const csrftoken = getCookie("authentik_csrf");
        const request = new Request(DefaultClient.makeUrl(["flows", "executor", this.flowSlug]), {
            headers: {
                "X-CSRFToken": csrftoken,
            },
        });
        this.loading = true;
        return fetch(request, {
            method: "POST",
            mode: "same-origin",
            body: formData,
        })
            .then((response) => {
                return response.json();
            })
            .then((data) => {
                this.challenge = data;
            })
            .catch((e) => {
                this.errorMessage(e);
            })
            .finally(() => {
                this.loading = false;
            });
    }

    firstUpdated(): void {
        this.loading = true;
        Flow.executor(this.flowSlug).then((challenge) => {
            this.challenge = challenge;
        }).catch((e) => {
            // Catch JSON or Update errors
            this.errorMessage(e);
        }).finally(() => {
            this.loading = false;
        });
    }

    errorMessage(error: string): void {
        this.challenge = <ShellChallenge>{
            type: ChallengeTypes.shell,
            body: `<style>
                    .ak-exception {
                        font-family: monospace;
                        overflow-x: scroll;
                    }
                </style>
                <header class="pf-c-login__main-header">
                    <h1 class="pf-c-title pf-m-3xl">
                        ${gettext("Whoops!")}
                    </h1>
                </header>
                <div class="pf-c-login__main-body">
                    <h3>${gettext("Something went wrong! Please try again later.")}</h3>
                    <pre class="ak-exception">${error}</pre>
                </div>`
        };
    }

    renderLoading(): TemplateResult {
        return html`<div class="ak-loading">
            <ak-spinner size=${SpinnerSize.XLarge}></ak-spinner>
        </div>`;
    }

    renderChallenge(): TemplateResult {
        if (!this.challenge) {
            return html``;
        }
        switch (this.challenge.type) {
            case ChallengeTypes.redirect:
                console.debug(`authentik/flows: redirecting to ${(this.challenge as RedirectChallenge).to}`);
                window.location.assign((this.challenge as RedirectChallenge).to);
                break;
            case ChallengeTypes.shell:
                return html`${unsafeHTML((this.challenge as ShellChallenge).body)}`;
            case ChallengeTypes.native:
                switch (this.challenge.component) {
                    case "ak-stage-identification":
                        return html`<ak-stage-identification .host=${this} .challenge=${this.challenge as IdentificationChallenge}></ak-stage-identification>`;
                    case "ak-stage-password":
                        return html`<ak-stage-password .host=${this} .challenge=${this.challenge as PasswordChallenge}></ak-stage-password>`;
                    case "ak-stage-consent":
                        return html`<ak-stage-consent .host=${this} .challenge=${this.challenge as ConsentChallenge}></ak-stage-consent>`;
                    case "ak-stage-email":
                        return html`<ak-stage-email .host=${this} .challenge=${this.challenge as EmailChallenge}></ak-stage-email>`;
                    case "ak-stage-autosubmit":
                        return html`<ak-stage-autosubmit .host=${this} .challenge=${this.challenge as AutosubmitChallenge}></ak-stage-autosubmit>`;
                    case "ak-stage-prompt":
                        return html`<ak-stage-prompt .host=${this} .challenge=${this.challenge as PromptChallenge}></ak-stage-prompt>`;
                    case "ak-stage-authenticator-totp":
                        return html`<ak-stage-authenticator-totp .host=${this} .challenge=${this.challenge as AuthenticatorTOTPChallenge}></ak-stage-authenticator-totp>`;
                    case "ak-stage-authenticator-static":
                        return html`<ak-stage-authenticator-static .host=${this} .challenge=${this.challenge as AuthenticatorStaticChallenge}></ak-stage-authenticator-static>`;
                    case "ak-stage-authenticator-webauthn":
                        return html`<ak-stage-authenticator-webauthn .host=${this} .challenge=${this.challenge as WebAuthnAuthenticatorRegisterChallenge}></ak-stage-authenticator-webauthn>`;
                    case "ak-stage-authenticator-validate":
                        return html`<ak-stage-authenticator-validate .host=${this} .challenge=${this.challenge as AuthenticatorValidateStageChallenge}></ak-stage-authenticator-validate>`;
                    default:
                        break;
                }
                break;
            default:
                console.debug(`authentik/flows: unexpected data type ${this.challenge.type}`);
                break;
        }
        return html``;
    }

    render(): TemplateResult {
        if (!this.challenge) {
            return this.renderLoading();
        }
        return html`
            ${this.loading ? this.renderLoading() : html``}
            ${this.renderChallenge()}
        `;
    }
}
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`import { gettext } from "django";`
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`import { LitElement, html, customElement, property, TemplateResult, CSSResult, css } from "lit-element";`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`import { unsafeHTML } from "lit-html/directives/unsafe-html";`
stages: add WebAuthn stage (#550) * core: add User.uid for globally unique user ID * admin: fix ?next for Flow list * stages: add initial webauthn implementation * web: add ak-flow-submit event to submit flow stage * web: show error message for webauthn registration * admin: fix next param not redirecting correctly * stages/webauthn: remove form * stages/webauthn: add API * web: update flow diagram on ak-refresh * stages/webauthn: add initial authentication * stages/webauthn: initial authentication implementation * web: cleanup webauthn utils * stages: rename otp_* to authenticator and move webauthn to authenticator * docs: fix broken links * stages/authenticator_: fix template paths stages/authenticator_validate: add device classes * stages/authenticator_webauthn: implement django_otp.devices * stages/authenticator_: update default stage names web: add button to create stage on flow page * web: don't minify HTML, remove nbsp * admin: fix typo in stage list * stages/: use common base class for stage serializer stages/authenticator_: create default objects after rename tests/e2e: adjust stage order 2021-02-17 19:49:58 +00:00			`import { getCookie } from "../../utils";`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`import "../../elements/stages/identification/IdentificationStage";`
stages/password: Migrate to SPA 2021-02-20 23:14:18 +00:00			`import "../../elements/stages/password/PasswordStage";`
stages/consent: migrate to SPA 2021-02-21 12:15:45 +00:00			`import "../../elements/stages/consent/ConsentStage";`
stages/email: migrate to SPA 2021-02-21 12:42:45 +00:00			`import "../../elements/stages/email/EmailStage";`
providers/saml: migrate to challenge for submit 2021-02-21 13:36:22 +00:00			`import "../../elements/stages/autosubmit/AutosubmitStage";`
stages/prompt: migrate to SPA 2021-02-21 17:13:47 +00:00			`import "../../elements/stages/prompt/PromptStage";`
stages/authenticator_totp: migrate to SPA 2021-02-21 18:10:50 +00:00			`import "../../elements/stages/authenticator_totp/AuthenticatorTOTPStage";`
stages/authenticator_static: migrate to SPA 2021-02-21 18:34:49 +00:00			`import "../../elements/stages/authenticator_static/AuthenticatorStaticStage";`
stages/authenticator_webauthn: migrate to SPA 2021-02-21 19:53:05 +00:00			`import "../../elements/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage";`
stages/authenticator_validate: create challenge per device, implement class switcher 2021-02-23 22:43:13 +00:00			`import "../../elements/stages/authenticator_validate/AuthenticatorValidateStage";`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`import { ShellChallenge, Challenge, ChallengeTypes, Flow, RedirectChallenge } from "../../api/Flows";`
			`import { DefaultClient } from "../../api/Client";`
			`import { IdentificationChallenge } from "../../elements/stages/identification/IdentificationStage";`
stages/password: Migrate to SPA 2021-02-20 23:14:18 +00:00			`import { PasswordChallenge } from "../../elements/stages/password/PasswordStage";`
stages/consent: migrate to SPA 2021-02-21 12:15:45 +00:00			`import { ConsentChallenge } from "../../elements/stages/consent/ConsentStage";`
stages/email: migrate to SPA 2021-02-21 12:42:45 +00:00			`import { EmailChallenge } from "../../elements/stages/email/EmailStage";`
providers/saml: migrate to challenge for submit 2021-02-21 13:36:22 +00:00			`import { AutosubmitChallenge } from "../../elements/stages/autosubmit/AutosubmitStage";`
stages/prompt: migrate to SPA 2021-02-21 17:13:47 +00:00			`import { PromptChallenge } from "../../elements/stages/prompt/PromptStage";`
stages/authenticator_totp: migrate to SPA 2021-02-21 18:10:50 +00:00			`import { AuthenticatorTOTPChallenge } from "../../elements/stages/authenticator_totp/AuthenticatorTOTPStage";`
stages/authenticator_static: migrate to SPA 2021-02-21 18:34:49 +00:00			`import { AuthenticatorStaticChallenge } from "../../elements/stages/authenticator_static/AuthenticatorStaticStage";`
stages/authenticator_validate: create challenge per device, implement class switcher 2021-02-23 22:43:13 +00:00			`import { AuthenticatorValidateStageChallenge } from "../../elements/stages/authenticator_validate/AuthenticatorValidateStage";`
stages/authenticator_webauthn: migrate to SPA 2021-02-21 19:53:05 +00:00			`import { WebAuthnAuthenticatorRegisterChallenge } from "../../elements/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage";`
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`import { COMMON_STYLES } from "../../common/styles";`
			`import { SpinnerSize } from "../../elements/Spinner";`
stages/authenticator_validate: start rewrite to SPA 2021-02-23 12:50:47 +00:00			`import { StageHost } from "../../elements/stages/base";`
static: rewrite custom components to typescript 2020-11-20 21:08:00 +00:00
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`@customElement("ak-flow-executor")`
stages/authenticator_validate: start rewrite to SPA 2021-02-23 12:50:47 +00:00			`export class FlowExecutor extends LitElement implements StageHost {`
static: rewrite custom components to typescript 2020-11-20 21:08:00 +00:00			`@property()`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`flowSlug = "";`
static: rewrite custom components to typescript 2020-11-20 21:08:00 +00:00
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`@property({attribute: false})`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`challenge?: Challenge;`
flow: re-add FlowShell as Web Component 2020-10-16 14:36:18 +00:00
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`@property({type: Boolean})`
web/stages: fix cancel URL 2021-02-21 21:01:58 +00:00			`loading = false;`
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00
			`static get styles(): CSSResult[] {`
			return COMMON_STYLES.concat(css`
			`.ak-loading {`
			`display: flex;`
			`height: 100%;`
			`width: 100%;`
			`justify-content: center;`
			`align-items: center;`
			`position: absolute;`
			`background-color: #0303039e;`
			`}`
			`.ak-hidden {`
			`display: none;`
			`}`
			`:host {`
			`position: relative;`
			`}`
			`);
flow: re-add FlowShell as Web Component 2020-10-16 14:36:18 +00:00			`}`

stages: add WebAuthn stage (#550) * core: add User.uid for globally unique user ID * admin: fix ?next for Flow list * stages: add initial webauthn implementation * web: add ak-flow-submit event to submit flow stage * web: show error message for webauthn registration * admin: fix next param not redirecting correctly * stages/webauthn: remove form * stages/webauthn: add API * web: update flow diagram on ak-refresh * stages/webauthn: add initial authentication * stages/webauthn: initial authentication implementation * web: cleanup webauthn utils * stages: rename otp_* to authenticator and move webauthn to authenticator * docs: fix broken links * stages/authenticator_: fix template paths stages/authenticator_validate: add device classes * stages/authenticator_webauthn: implement django_otp.devices * stages/authenticator_: update default stage names web: add button to create stage on flow page * web: don't minify HTML, remove nbsp * admin: fix typo in stage list * stages/: use common base class for stage serializer stages/authenticator_: create default objects after rename tests/e2e: adjust stage order 2021-02-17 19:49:58 +00:00			`constructor() {`
			`super();`
			`this.addEventListener("ak-flow-submit", () => {`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`this.submit();`
stages: add WebAuthn stage (#550) * core: add User.uid for globally unique user ID * admin: fix ?next for Flow list * stages: add initial webauthn implementation * web: add ak-flow-submit event to submit flow stage * web: show error message for webauthn registration * admin: fix next param not redirecting correctly * stages/webauthn: remove form * stages/webauthn: add API * web: update flow diagram on ak-refresh * stages/webauthn: add initial authentication * stages/webauthn: initial authentication implementation * web: cleanup webauthn utils * stages: rename otp_* to authenticator and move webauthn to authenticator * docs: fix broken links * stages/authenticator_: fix template paths stages/authenticator_validate: add device classes * stages/authenticator_webauthn: implement django_otp.devices * stages/authenticator_: update default stage names web: add button to create stage on flow page * web: don't minify HTML, remove nbsp * admin: fix typo in stage list * stages/: use common base class for stage serializer stages/authenticator_: create default objects after rename tests/e2e: adjust stage order 2021-02-17 19:49:58 +00:00			`});`
			`}`

stages/authenticator_webauthn: fix incorrect response being sent 2021-02-22 18:54:05 +00:00			`submit(formData?: FormData): Promise<void> {`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`const csrftoken = getCookie("authentik_csrf");`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`const request = new Request(DefaultClient.makeUrl(["flows", "executor", this.flowSlug]), {`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`headers: {`
			`"X-CSRFToken": csrftoken,`
			`},`
			`});`
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`this.loading = true;`
stages/authenticator_webauthn: migrate to SPA 2021-02-21 19:53:05 +00:00			`return fetch(request, {`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`method: "POST",`
			`mode: "same-origin",`
			`body: formData,`
			`})`
			`.then((response) => {`
			`return response.json();`
			`})`
			`.then((data) => {`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`this.challenge = data;`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`})`
			`.catch((e) => {`
			`this.errorMessage(e);`
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`})`
			`.finally(() => {`
			`this.loading = false;`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`});`
			`}`

web: switch to eslint 2020-12-01 08:15:41 +00:00			`firstUpdated(): void {`
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`this.loading = true;`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`Flow.executor(this.flowSlug).then((challenge) => {`
			`this.challenge = challenge;`
			`}).catch((e) => {`
			`// Catch JSON or Update errors`
			`this.errorMessage(e);`
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`}).finally(() => {`
			`this.loading = false;`
flow: re-add FlowShell as Web Component 2020-10-16 14:36:18 +00:00			`});`
			`}`

web: switch to eslint 2020-12-01 08:15:41 +00:00			`errorMessage(error: string): void {`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`this.challenge = <ShellChallenge>{`
			`type: ChallengeTypes.shell,`
			body: `<style>
			`.ak-exception {`
			`font-family: monospace;`
			`overflow-x: scroll;`
			`}`
			`</style>`
			`<header class="pf-c-login__main-header">`
			`<h1 class="pf-c-title pf-m-3xl">`
			`${gettext("Whoops!")}`
			`</h1>`
			`</header>`
			`<div class="pf-c-login__main-body">`
			`<h3>${gettext("Something went wrong! Please try again later.")}</h3>`
			`<pre class="ak-exception">${error}</pre>`
			</div>`
			`};`
static: improve error handling for FlowShellCard to prevent infinite spinners 2020-10-26 09:52:13 +00:00			`}`

web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`renderLoading(): TemplateResult {`
			return html`<div class="ak-loading">
			`<ak-spinner size=${SpinnerSize.XLarge}></ak-spinner>`
static: format code 2020-11-21 19:48:49 +00:00			</div>`;
flow: re-add FlowShell as Web Component 2020-10-16 14:36:18 +00:00			`}`

web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`renderChallenge(): TemplateResult {`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`if (!this.challenge) {`
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			return html``;
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`}`
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`switch (this.challenge.type) {`
			`case ChallengeTypes.redirect:`
			console.debug(`authentik/flows: redirecting to ${(this.challenge as RedirectChallenge).to}`);
			`window.location.assign((this.challenge as RedirectChallenge).to);`
			`break;`
			`case ChallengeTypes.shell:`
			return html`${unsafeHTML((this.challenge as ShellChallenge).body)}`;
			`case ChallengeTypes.native:`
			`switch (this.challenge.component) {`
			`case "ak-stage-identification":`
			return html`<ak-stage-identification .host=${this} .challenge=${this.challenge as IdentificationChallenge}></ak-stage-identification>`;
			`case "ak-stage-password":`
			return html`<ak-stage-password .host=${this} .challenge=${this.challenge as PasswordChallenge}></ak-stage-password>`;
			`case "ak-stage-consent":`
			return html`<ak-stage-consent .host=${this} .challenge=${this.challenge as ConsentChallenge}></ak-stage-consent>`;
			`case "ak-stage-email":`
			return html`<ak-stage-email .host=${this} .challenge=${this.challenge as EmailChallenge}></ak-stage-email>`;
			`case "ak-stage-autosubmit":`
			return html`<ak-stage-autosubmit .host=${this} .challenge=${this.challenge as AutosubmitChallenge}></ak-stage-autosubmit>`;
			`case "ak-stage-prompt":`
			return html`<ak-stage-prompt .host=${this} .challenge=${this.challenge as PromptChallenge}></ak-stage-prompt>`;
			`case "ak-stage-authenticator-totp":`
			return html`<ak-stage-authenticator-totp .host=${this} .challenge=${this.challenge as AuthenticatorTOTPChallenge}></ak-stage-authenticator-totp>`;
			`case "ak-stage-authenticator-static":`
			return html`<ak-stage-authenticator-static .host=${this} .challenge=${this.challenge as AuthenticatorStaticChallenge}></ak-stage-authenticator-static>`;
stages/authenticator_validate: start rewrite to SPA 2021-02-23 12:50:47 +00:00			`case "ak-stage-authenticator-webauthn":`
			return html`<ak-stage-authenticator-webauthn .host=${this} .challenge=${this.challenge as WebAuthnAuthenticatorRegisterChallenge}></ak-stage-authenticator-webauthn>`;
stages/authenticator_validate: create challenge per device, implement class switcher 2021-02-23 22:43:13 +00:00			`case "ak-stage-authenticator-validate":`
			return html`<ak-stage-authenticator-validate .host=${this} .challenge=${this.challenge as AuthenticatorValidateStageChallenge}></ak-stage-authenticator-validate>`;
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00			`default:`
			`break;`
			`}`
			`break;`
			`default:`
			console.debug(`authentik/flows: unexpected data type ${this.challenge.type}`);
			`break;`
flow: re-add FlowShell as Web Component 2020-10-16 14:36:18 +00:00			`}`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			return html``;
flow: re-add FlowShell as Web Component 2020-10-16 14:36:18 +00:00			`}`
web: add loading animation to flowexecutor 2021-02-21 21:01:35 +00:00
			`render(): TemplateResult {`
			`if (!this.challenge) {`
			`return this.renderLoading();`
			`}`
			return html`
			${this.loading ? this.renderLoading() : html``}
			`${this.renderChallenge()}`
			`;
			`}`
flow: re-add FlowShell as Web Component 2020-10-16 14:36:18 +00:00			`}`