public/hass-oidc-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Further UI improvements (#8)

Browse Source 
* Only set autosign in cookie upon clicking the button

* Show an already signed in link if you already have a token
This commit is contained in:
Christiaan Goossens
2024-12-28 15:21:37 +01:00
committed by GitHub
parent 9f60e9ea9a
commit ca83e86acb
6 changed files with 69 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
custom_components/auth_oidc/endpoints/callback.py
View File

@@ -34,7 +34,6 @@ class OIDCCallbackView(HomeAssistantView):
"error", "error",
{ {
"error": "Missing code or state parameter.", "error": "Missing code or state parameter.",
"link": get_url("/auth/oidc/redirect"),
}, },
) )
return web.Response(text=view_html, content_type="text/html") return web.Response(text=view_html, content_type="text/html")
@@ -49,7 +48,6 @@ class OIDCCallbackView(HomeAssistantView):
{ {
"error": "Failed to get user details, " "error": "Failed to get user details, "
+ "see Home Assistant logs for more information.", + "see Home Assistant logs for more information.",
"link": get_url("/auth/oidc/redirect"),
}, },
) )
return web.Response(text=view_html, content_type="text/html") return web.Response(text=view_html, content_type="text/html")

35
custom_components/auth_oidc/endpoints/finish.py
View File

@@ -2,7 +2,7 @@
from homeassistant.components.http import HomeAssistantView from homeassistant.components.http import HomeAssistantView
from aiohttp import web from aiohttp import web
from ..helpers import get_view, get_url from ..helpers import get_view
PATH = "/auth/oidc/finish" PATH = "/auth/oidc/finish"
@@ -15,21 +15,40 @@ class OIDCFinishView(HomeAssistantView):
name = "auth:oidc:finish" name = "auth:oidc:finish"
async def get(self, request: web.Request) -> web.Response: async def get(self, request: web.Request) -> web.Response:
"""Show the finish screen to allow the user to view their code."""
code = request.query.get("code")
if not code:
view_html = await get_view(
"error",
{"error": "Missing code to show the finish screen."},
)
return web.Response(text=view_html, content_type="text/html")
view_html = await get_view("finish", {"code": code})
return web.Response(text=view_html, content_type="text/html")
async def post(self, request: web.Request) -> web.Response:
"""Receive response.""" """Receive response."""
code = request.query.get("code", "FAIL") # Get code from the message body
link = get_url("/") data = await request.post()
code = data.get("code")
view_html = await get_view("finish", {"code": code, "link": link}) if not code:
return web.Response( return web.Response(text="No code received", status=500)
# Return redirect to the main page for sign in with a cookie
return web.HTTPFound(
location="/",
headers={ headers={
"content-type": "text/html",
# Set a cookie to enable autologin on only the specific path used # Set a cookie to enable autologin on only the specific path used
# for the POST request, with all strict parameters set # for the POST request, with all strict parameters set
# This cookie should not be read by any Javascript or any other paths. # This cookie should not be read by any Javascript or any other paths.
# It can be really short lifetime as we redirect immediately (15 seconds)
"set-cookie": "auth_oidc_code=" "set-cookie": "auth_oidc_code="
+ code + code
+ "; Path=/auth/login_flow; SameSite=Strict; HttpOnly; Max-Age=300", + "; Path=/auth/login_flow; SameSite=Strict; HttpOnly; Max-Age=15",
}, },
text=view_html,
) )

5
custom_components/auth_oidc/endpoints/redirect.py
View File

@@ -31,10 +31,7 @@ class OIDCRedirectView(HomeAssistantView):
view_html = await get_view( view_html = await get_view(
"error", "error",
{ {"error": "Integration is misconfigured, discovery could not be obtained."},
"error": "Integration is misconfigured, discovery could not be obtained.",
"link": get_url("/auth/oidc/redirect"),
},
) )
return web.Response(text=view_html, content_type="text/html") return web.Response(text=view_html, content_type="text/html")

2
custom_components/auth_oidc/views/error.html
View File

@@ -8,7 +8,7 @@
<h1 class="text-2xl font-bold mb-4">Login failed.</h1> <h1 class="text-2xl font-bold mb-4">Login failed.</h1>
<p class="mb-4">{{ error }}</p> <p class="mb-4">{{ error }}</p>
<div class="my-6"> <div class="my-6">
<a href='{{ link }}' <a href='/auth/oidc/redirect'
class="w-full py-2 px-4 bg-blue-500 text-white font-semibold rounded-lg shadow-md hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-400 focus:ring-opacity-75">Try class="w-full py-2 px-4 bg-blue-500 text-white font-semibold rounded-lg shadow-md hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-400 focus:ring-opacity-75">Try
again</a> again</a>
</div> </div>

10
custom_components/auth_oidc/views/finish.html
View File

@@ -7,9 +7,13 @@
<div class="text-center"> <div class="text-center">
<div class="my-6"> <div class="my-6">
<h2 class="text-xl font-semibold mb-6 text-gray-800">I want to login to this browser</h2> <h2 class="text-xl font-semibold mb-6 text-gray-800">I want to login to this browser</h2>
<a href='{{ link }}' <form method="post">
class="w-full py-2 px-4 bg-blue-500 text-white font-semibold rounded-lg shadow-md hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-400 focus:ring-opacity-75">Click <input type="hidden" name="code" value="{{ code }}">
here to login automatically</a> <button type="submit"
class="w-full py-2 px-4 bg-blue-500 text-white font-semibold rounded-lg shadow-md hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-400 focus:ring-opacity-75">
Login to Home Assistant in this browser
</button>
</form>
</div> </div>
<hr class="my-12"> <hr class="my-12">

32
custom_components/auth_oidc/views/welcome.html
View File

@@ -5,25 +5,51 @@
{% endblock %} {% endblock %}
{% block content %} {% block content %}
<div class="text-center"> <div class="text-center">
<div id="signed-in" class="bg-blue-100 border border-blue-400 text-blue-700 px-4 py-3 rounded relative mb-8 hidden"
role="alert">
<p>You seem to be logged in already.</p>
<p><a href="/" class="text-blue-600 hover:underline hover:text-blue-700 font-bold">Open the Home Assistant
dashboard</a></p>
</div>
<h1 class="text-2xl font-bold mb-4">Home Assistant</h1> <h1 class="text-2xl font-bold mb-4">Home Assistant</h1>
<p class="mb-4">You have been invited to login to Home Assistant.<br />Start the login process below.</p> <p class="mb-4">You have been invited to login to Home Assistant.<br />Start the login process below.</p>
<div>
<button id="oidc-login-btn" <button id="oidc-login-btn"
class="w-full py-2 px-4 bg-blue-500 text-white font-semibold rounded-lg shadow-md hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-400 focus:ring-opacity-75"> class="w-full py-2 px-4 bg-blue-500 text-white font-semibold rounded-lg shadow-md hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-400 focus:ring-opacity-75">
Login with OpenID Connect (SSO) Login with OpenID Connect (SSO)
</button> </button>
<div role="status" id="loader" class="items-center justify-center flex hidden">
<svg aria-hidden="true" class="w-10 h-10 text-gray-200 animate-spin fill-blue-600" viewBox="0 0 100 101"
fill="none" xmlns="http://www.w3.org/2000/svg">
<path
d="M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z"
fill="currentColor" />
<path
d="M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z"
fill="currentFill" />
</svg>
<span class="sr-only">Redirecting...</span>
</div>
</div>
<p class="mt-6 text-sm">After login, you will be granted a one-time code to login to any device. You may complete <p class="mt-6 text-sm">After login, you will be granted a one-time code to login to any device. You may complete
this login on your desktop or any mobile browser and then use the token for any desktop or the Home Assistant this login on your desktop or any mobile browser and then use the token for any desktop or the Home Assistant
app.</p> app.</p>
</div> </div>
<script> <script>
// Hide the login button and show the loader when clicked
document.getElementById('oidc-login-btn').addEventListener('click', function () { document.getElementById('oidc-login-btn').addEventListener('click', function () {
this.innerHTML = 'Redirecting...'; this.classList.add('hidden');
this.disabled = true; document.getElementById('loader').classList.remove('hidden');
this.classList.add('bg-gray-500');
window.location.href = '/auth/oidc/redirect'; window.location.href = '/auth/oidc/redirect';
}); });
// Show the direct login button if we already have a token
if (localStorage.getItem('hassTokens')) {
document.getElementById('signed-in').classList.remove('hidden');
}
</script> </script>
{% endblock %} {% endblock %}