From a3b3b4258359e4889c951053dec27f86507985b5 Mon Sep 17 00:00:00 2001 From: Chris Wiegand Date: Wed, 29 Jan 2025 22:21:52 -0700 Subject: [PATCH] adjust Sign in with OpenID to Sign in with and let OpenID be replaceable (e.g. Google, Office 365, Authentik, Okta, etc). --- internal/config/config.go | 7 +++++++ internal/httpd/oidc.go | 2 ++ internal/httpd/server.go | 2 ++ internal/httpd/web.go | 25 +++++++++++++------------ sftpgo.json | 1 + static/locales/en/translation.json | 2 +- static/locales/it/translation.json | 2 +- templates/common/login.html | 10 ++++++++-- 8 files changed, 35 insertions(+), 16 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index 34feb21b..5df411c3 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -121,6 +121,7 @@ var ( RenderOpenAPI: true, Languages: []string{"en"}, OIDC: httpd.OIDC{ + DisplayName: "OpenID", ClientID: "", ClientSecret: "", ClientSecretFile: "", @@ -1626,6 +1627,12 @@ func getHTTPDOIDCFromEnv(idx int) (httpd.OIDC, bool) { isSet = true } + displayName, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__OIDC__DISPLAY_NAME", idx)) + if ok { + result.DisplayName = displayName + isSet = true + } + redirectBaseURL, ok := os.LookupEnv(fmt.Sprintf("SFTPGO_HTTPD__BINDINGS__%v__OIDC__REDIRECT_BASE_URL", idx)) if ok { result.RedirectBaseURL = redirectBaseURL diff --git a/internal/httpd/oidc.go b/internal/httpd/oidc.go index e6248350..63575707 100644 --- a/internal/httpd/oidc.go +++ b/internal/httpd/oidc.go @@ -76,6 +76,8 @@ type OIDC struct { // "web_root" if configured RedirectBaseURL string `json:"redirect_base_url" mapstructure:"redirect_base_url"` // ID token claims field to map to the SFTPGo username + DisplayName string `json:"display_name" mapstructure:"display_name"` + // sets the label to display for the OIDC provider UsernameField string `json:"username_field" mapstructure:"username_field"` // Optional ID token claims field to map to a SFTPGo role. // If the defined ID token claims field is set to "admin" the authenticated user diff --git a/internal/httpd/server.go b/internal/httpd/server.go index 17fb830f..d3341d42 100644 --- a/internal/httpd/server.go +++ b/internal/httpd/server.go @@ -192,6 +192,7 @@ func (s *httpdServer) renderClientLoginPage(w http.ResponseWriter, r *http.Reque data.ForgotPwdURL = webClientForgotPwdPath } if s.binding.OIDC.isEnabled() && !s.binding.isWebClientOIDCLoginDisabled() { + data.OpenIDDisplayName = s.binding.OIDC.DisplayName data.OpenIDLoginURL = webClientOIDCLoginPath } renderClientTemplate(w, templateCommonLogin, data) @@ -608,6 +609,7 @@ func (s *httpdServer) renderAdminLoginPage(w http.ResponseWriter, r *http.Reques data.ForgotPwdURL = webAdminForgotPwdPath } if s.binding.OIDC.hasRoles() && !s.binding.isWebAdminOIDCLoginDisabled() { + data.OpenIDDisplayName = s.binding.OIDC.DisplayName data.OpenIDLoginURL = webAdminOIDCLoginPath } renderAdminTemplate(w, templateCommonLogin, data) diff --git a/internal/httpd/web.go b/internal/httpd/web.go index a14ba497..4bc2d0e0 100644 --- a/internal/httpd/web.go +++ b/internal/httpd/web.go @@ -58,18 +58,19 @@ type commonBasePage struct { type loginPage struct { commonBasePage - CurrentURL string - Error *util.I18nError - CSRFToken string - AltLoginURL string - AltLoginName string - ForgotPwdURL string - OpenIDLoginURL string - Title string - Branding UIBranding - Languages []string - FormDisabled bool - CheckRedirect bool + CurrentURL string + Error *util.I18nError + CSRFToken string + AltLoginURL string + AltLoginName string + ForgotPwdURL string + OpenIDLoginURL string + OpenIDDisplayName string + Title string + Branding UIBranding + Languages []string + FormDisabled bool + CheckRedirect bool } type twoFactorPage struct { diff --git a/sftpgo.json b/sftpgo.json index 20361311..5b39ed73 100644 --- a/sftpgo.json +++ b/sftpgo.json @@ -290,6 +290,7 @@ "en" ], "oidc": { + "display_name": "OpenID", "client_id": "", "client_secret": "", "client_secret_file": "", diff --git a/static/locales/en/translation.json b/static/locales/en/translation.json index e67496b5..96ecf93b 100644 --- a/static/locales/en/translation.json +++ b/static/locales/en/translation.json @@ -81,7 +81,7 @@ "forgot_password_msg": "Enter your account username below, you will receive a password reset code by email.", "send_reset_code": "Send Reset Code", "signin": "Sign in", - "signin_openid": "Sign in with OpenID", + "signin_with": "Sign in with", "signout": "Sign out", "auth_code": "Authentication code", "two_factor_help": "Open the two-factor authentication app on your device to view your authentication code and verify your identity.", diff --git a/static/locales/it/translation.json b/static/locales/it/translation.json index 38379f93..5625e782 100644 --- a/static/locales/it/translation.json +++ b/static/locales/it/translation.json @@ -81,7 +81,7 @@ "forgot_password_msg": "Inserisci il nome utente del tuo account qui sotto, riceverai un codice di reimpostazione della password via e-mail.", "send_reset_code": "Invia codice di ripristino", "signin": "Accedi", - "signin_openid": "Accedi con OpenID", + "signin_with": "Accedi con", "signout": "Esci", "auth_code": "Codice di autenticazione", "two_factor_help": "Apri l'app di autenticazione a due fattori sul tuo dispositivo per visualizzare il tuo codice di autenticazione e verificare la tua identità.", diff --git a/templates/common/login.html b/templates/common/login.html index 45964f4b..7a52b8a2 100644 --- a/templates/common/login.html +++ b/templates/common/login.html @@ -72,7 +72,13 @@ explicit grant from the SFTPGo Team (support@sftpgo.com). {{- if .OpenIDLoginURL}} Logo - Sign in with OpenID + Sign in with +   + {{- if .OpenIDDisplayName}} + {{ .OpenIDDisplayName }} + {{- else}} + OpenID + {{- end}} {{- end}} @@ -98,4 +104,4 @@ explicit grant from the SFTPGo Team (support@sftpgo.com). {{- end}} -{{- end}} \ No newline at end of file +{{- end}}