(ui) add profile edition url for openid

app/controllers/api/auth_providers_controller.rb

@@ -84,7 +84,7 @@ class API::AuthProvidersController < API::ApiController
 
   def provider_params
     if params['auth_provider']['providable_type'] == DatabaseProvider.name
-      params.require(:auth_provider).permit(:name, :providable_type)
+      params.require(:auth_provider).permit(:name, :providable_type, providable_attributes: [:id])
     elsif params['auth_provider']['providable_type'] == OAuth2Provider.name
       params.require(:auth_provider)
             .permit(:name, :providable_type,

app/frontend/src/javascript/components/authentication-provider/database-form.tsx

@@ -0,0 +1,21 @@
+import React from 'react';
+import { FormInput } from '../form/form-input';
+import { UseFormRegister } from 'react-hook-form';
+import { FieldValues } from 'react-hook-form/dist/types/fields';
+
+interface DatabaseFormProps<TFieldValues> {
+  register: UseFormRegister<TFieldValues>,
+}
+
+/**
+ * Partial form to fill the settings for a new/existing database provider.
+ */
+export const DatabaseForm = <TFieldValues extends FieldValues>({ register }: DatabaseFormProps<TFieldValues>) => {
+  return (
+    <div className="database-form">
+      <FormInput id="providable_attributes.id"
+                 register={register}
+                 type="hidden" />
+    </div>
+  );
+};

app/frontend/src/javascript/components/authentication-provider/openid-connect-form.tsx

@@ -27,7 +27,7 @@ export const OpenidConnectForm = <TFieldValues extends FieldValues, TContext ext
       <FormInput id="providable_attributes.issuer"
                  register={register}
                  label={t('app.admin.authentication.openid_connect_form.issuer')}
-                 placeholder="https://myprovider.com"
+                 placeholder="https://sso.exemple.com"
                  tooltip={t('app.admin.authentication.openid_connect_form.issuer_help')}
                  rules={{ required: true, pattern: urlRegex }} />
       <FormSelect id="providable_attributes.discovery"
@@ -37,7 +37,7 @@ export const OpenidConnectForm = <TFieldValues extends FieldValues, TContext ext
                     { value: true, label: t('app.admin.authentication.openid_connect_form.discovery_enabled') },
                     { value: false, label: t('app.admin.authentication.openid_connect_form.discovery_disabled') }
                   ]}
-                  valueDefault={false}
+                  valueDefault={true}
                   control={control} />
       <FormSelect id="providable_attributes.client_auth_method"
                   label={t('app.admin.authentication.openid_connect_form.client_auth_method')}
@@ -110,6 +110,12 @@ export const OpenidConnectForm = <TFieldValues extends FieldValues, TContext ext
                  defaultValue="sub"
                  placeholder="user_id"
                  register={register} />
+      <FormInput id="providable_attributes.profile_url"
+                 register={register}
+                 placeholder="https://sso.exemple.com/my-account"
+                 label={t('app.admin.authentication.openid_connect_form.profile_edition_url')}
+                 tooltip={t('app.admin.authentication.openid_connect_form.profile_edition_url_help')}
+                 rules={{ pattern: urlRegex }} />
       <h4>{t('app.admin.authentication.openid_connect_form.client_options')}</h4>
       <FormInput id="providable_attributes.client__identifier"
                  label={t('app.admin.authentication.openid_connect_form.client__identifier')}
@@ -135,7 +141,7 @@ export const OpenidConnectForm = <TFieldValues extends FieldValues, TContext ext
                    placeholder="/userinfo"
                    rules={{ required: !currentFormValues?.discovery, pattern: endpointRegex }}
                    register={register} />
-        {currentFormValues.client_auth_method === 'jwks' && <FormInput id="providable_attributes.client__jwks_uri"
+        {currentFormValues?.client_auth_method === 'jwks' && <FormInput id="providable_attributes.client__jwks_uri"
                    label={t('app.admin.authentication.openid_connect_form.client__jwks_uri')}
                    rules={{ required: currentFormValues.client_auth_method === 'jwks', pattern: endpointRegex }}
                    placeholder="/jwk"

app/frontend/src/javascript/components/authentication-provider/provider-form.tsx

@@ -13,6 +13,7 @@ import { DataMappingForm } from './data-mapping-form';
 import { FabButton } from '../base/fab-button';
 import AuthProviderAPI from '../../api/auth-provider';
 import { OpenidConnectForm } from './openid-connect-form';
+import { DatabaseForm } from './database-form';
 
 declare const Application: IApplication;
 
@@ -100,6 +101,7 @@ export const ProviderForm: React.FC<ProviderFormProps> = ({ action, provider, on
                   onChange={onProvidableTypeChange}
                   readOnly={action === 'update'}
                   rules={{ required: true }} />
+      {providableType === 'DatabaseProvider' && <DatabaseForm register={register} />}
       {providableType === 'OAuth2Provider' && <Oauth2Form register={register} strategyName={strategyName} />}
       {providableType === 'OpenIdConnectProvider' && <OpenidConnectForm register={register} control={control} currentFormValues={output.providable_attributes as OpenIdConnectProvider} />}
       {providableType && providableType !== 'DatabaseProvider' && <DataMappingForm register={register} control={control} />}

app/frontend/src/javascript/controllers/admin/authentications.js

@@ -18,7 +18,8 @@
 // list of supported authentication methods
 const METHODS = {
   DatabaseProvider: 'local_database',
-  OAuth2Provider: 'o_auth2'
+  OAuth2Provider: 'o_auth2',
+  OpenIdConnectProvider: 'openid_connect'
 };
 
 /**

app/models/open_id_connect_provider.rb

@@ -17,8 +17,8 @@ class OpenIdConnectProvider < ApplicationRecord
   validates :prompt, inclusion: { in: %w[none login consent select_account], allow_nil: true }
   validates :client_auth_method, inclusion: { in: %w[basic jwks] }
 
-  before_save :set_post_logout_redirect_uri
+  before_validation :set_post_logout_redirect_uri
-  before_save :set_client_scheme_host_port
+  before_validation :set_client_scheme_host_port
 
   def config
     OpenIdConnectProvider.columns.map(&:name).filter { |n| !n.start_with?('client__') && n != 'profile_url' }.map do |n|

app/policies/auth_provider_policy.rb

@@ -5,7 +5,7 @@ class AuthProviderPolicy < ApplicationPolicy
 
   class Scope < Scope
     def resolve
-      scope.includes(:providable)
+      scope.includes(:providable, :auth_provider_mappings)
     end
   end
 

config/locales/app.admin.en.yml

@@ -877,6 +877,7 @@ en:
           an_error_occurred_unable_to_delete_the_specified_provider: "An error occurred: unable to delete the specified provider."
           local_database: "Local database"
           o_auth2: "OAuth 2.0"
+          openid_connect: "OpenID Connect"
         group_form:
           add_a_group: "Add a group"
           group_name: "Group name"
@@ -1138,6 +1139,8 @@ en:
           uid_field_help: "The field of the user info response to be used as a unique id."
           extra_authorize_params: "Extra authorize params"
           extra_authorize_params_help_html: "A list of extra fixed parameters that will be merged to the authorization request.<br>The list is expected to be in a JSON-like format.<br> <b>Eg.</b> {tenant: common, max_age: 3600}"
+          profile_edition_url: "Profil edition URL"
+          profile_edition_url_help: "The URL of the page where the user can edit his profile."
           client_options: "Client options"
           client__identifier: "Identifier"
           client__secret: "Secret"