Skip to content

Commit

Permalink
feat(themes): add support for WebAuthN-related theme files (fixes #159)…
Browse files Browse the repository at this point in the history 
… (#162)

* feat(themes): add support for WebAuthN-related theme files (fixes #159)

* docs: update docs for new theme files
  • Loading branch information
@chimericdream
chimericdream authored Dec 2, 2022
1 parent 7320fd5 commit 518d6cd
Show file tree
Hide file tree
Showing 5 changed files with 138 additions and 38 deletions.
12 changes: 12 additions & 0 deletions docs/resources/theme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ resource "fusionauth_theme" "mytheme" {
account_two_factor_disable = "[#ftl/]"
account_two_factor_enable = "[#ftl/]"
account_two_factor_index = "[#ftl/]"
account_webauthn_add = "[#ftl/]"
account_webauthn_delete = "[#ftl/]"
account_webauthn_index = "[#ftl/]"
email_complete = "[#ftl/]"
email_sent = "[#ftl/]"
email_verification_required = "[#ftl/]"
Expand All @@ -37,6 +40,9 @@ resource "fusionauth_theme" "mytheme" {
oauth2_two_factor = "[#ftl/]"
oauth2_two_factor_methods = "[#ftl/]"
oauth2_wait = "[#ftl/]"
oauth2_webauthn = "[#ftl/]"
oauth2_webauthn_reauth = "[#ftl/]"
oauth2_webauthn_reauth_enable = "[#ftl/]"
password_change = "[#ftl/]"
password_complete = "[#ftl/]"
password_forgot = "[#ftl/]"
Expand Down Expand Up @@ -66,6 +72,9 @@ resource "fusionauth_theme" "mytheme" {
* `account_two_factor_disable` - (Optional) A FreeMarker template that is rendered when the user requests the /account/two-factor/disable path. This page contains a form that accepts a verification code used to disable a multi-factor authentication method.
* `account_two_factor_enable` - (Optional) A FreeMarker template that is rendered when the user requests the /account/two-factor/enable path. This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page contains presentation of recovery codes when a user enables multi-factor authentication for the first time.
* `account_two_factor_index` - (Optional) A FreeMarker template that is rendered when the user requests the /account/two-factor path. This page displays an authenticated user’s configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method.
* `account_webauthn_add` - (Optional) A FreeMarker template that is rendered when the user requests the /account/webauthn/add path. This page contains a form that allows a user to register a new WebAuthn passkey.
* `account_webauthn_delete` - (Optional) A FreeMarker template that is rendered when the user requests the /account/webauthn/delete path. This page contains a form that allows a user to delete a WebAuthn passkey.
* `account_webauthn_index` - (Optional) A FreeMarker template that is rendered when the user requests the /account/webauthn/ path. This page displays an authenticated user’s registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey.
* `email_complete` - (Optional) A FreeMarker template that is rendered when the user requests the /email/complete path. This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page.
* `email_sent` - (Optional) A FreeMarker template that is rendered when the user requests the /email/sent path. This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page.
* `email_verification_required` - (Optional) A FreeMarker template that is rendered when the user requests the /email/verification-required path. This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when Unverified behavior is set to Gated in email verification settings on the Tenant.
Expand All @@ -87,6 +96,9 @@ resource "fusionauth_theme" "mytheme" {
* `oauth2_two_factor` - (Optional) A FreeMarker template that is rendered when the user requests the /oauth2/two-factor path. This page is used if the user has two-factor authentication enabled and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into.
* `oauth2_two_factor_methods` - (Optional) A FreeMarker template that is rendered when the user requests the /oauth2/two-factor-methods path. This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge.
* `oauth2_wait` - (Optional) A FreeMarker template that is rendered when the user requests the /oauth2/wait path. This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication.
* `oauth2_webauthn` - (Optional) A FreeMarker template that is rendered when the user requests the /oauth2/webauthn path. This page contains a form where a user can enter their loginId (username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.
* `oauth2_webauthn_reauth` - (Optional) A FreeMarker template that is rendered when the user requests the /oauth2/webauthn-reauth path. This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account.
* `oauth2_webauthn_reauth_enable` - (Optional) A FreeMarker template that is rendered when the user requests the /oauth2/webauthn-reauth-enable path. This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication.
* `password_change` - (Optional) A FreeMarker template that is rendered when the user requests the /password/change path. This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password.
* `password_complete` - (Optional) A FreeMarker template that is rendered when the user requests the /password/complete path. This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again.
* `password_forgot` - (Optional) A FreeMarker template that is rendered when the user requests the /password/forgot path. This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address.
Expand Down
66 changes: 66 additions & 0 deletions fusionauth/resource_fusionauth_themes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,27 @@ func newTheme() *schema.Resource {
Description: "A FreeMarker template that is rendered when the user requests the /account/two-factor path. This page displays an authenticated user’s configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method.",
DiffSuppressFunc: diffSuppressTemplate,
},
"account_webauthn_add": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: "A FreeMarker template that is rendered when the user requests the /account/webauthn/add path. This page contains a form that allows a user to register a new WebAuthn passkey.",
DiffSuppressFunc: diffSuppressTemplate,
},
"account_webauthn_delete": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: "A FreeMarker template that is rendered when the user requests the /account/webauthn/delete path. This page contains a form that allows a user to delete a WebAuthn passkey.",
DiffSuppressFunc: diffSuppressTemplate,
},
"account_webauthn_index": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: "A FreeMarker template that is rendered when the user requests the /account/webauthn/ path. This page displays an authenticated user’s registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey.",
DiffSuppressFunc: diffSuppressTemplate,
},
"email_complete": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -230,6 +251,27 @@ func newTheme() *schema.Resource {
Description: "A FreeMarker template that is rendered when the user requests the /oauth2/wait path. This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication.",
DiffSuppressFunc: diffSuppressTemplate,
},
"oauth2_webauthn": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn path. This page contains a form where a user can enter their loginId (username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.",
DiffSuppressFunc: diffSuppressTemplate,
},
"oauth2_webauthn_reauth": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn-reauth path. This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account.",
DiffSuppressFunc: diffSuppressTemplate,
},
"oauth2_webauthn_reauth_enable": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn-reauth-enable path. This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication.",
DiffSuppressFunc: diffSuppressTemplate,
},
"password_change": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -337,6 +379,9 @@ func buildTheme(data *schema.ResourceData) fusionauth.Theme {
AccountTwoFactorDisable: data.Get("account_two_factor_disable").(string),
AccountTwoFactorEnable: data.Get("account_two_factor_enable").(string),
AccountTwoFactorIndex: data.Get("account_two_factor_index").(string),
AccountWebAuthnAdd: data.Get("account_webauthn_add").(string),
AccountWebAuthnDelete: data.Get("account_webauthn_delete").(string),
AccountWebAuthnIndex: data.Get("account_webauthn_index").(string),
EmailComplete: data.Get("email_complete").(string),
EmailSend: data.Get("email_send").(string),
EmailSent: data.Get("email_sent").(string),
Expand All @@ -359,6 +404,9 @@ func buildTheme(data *schema.ResourceData) fusionauth.Theme {
Oauth2TwoFactor: data.Get("oauth2_two_factor").(string),
Oauth2TwoFactorMethods: data.Get("oauth2_two_factor_methods").(string),
Oauth2Wait: data.Get("oauth2_wait").(string),
Oauth2WebAuthn: data.Get("oauth2_webauthn").(string),
Oauth2WebAuthnReauth: data.Get("oauth2_webauthn_reauth").(string),
Oauth2WebAuthnReauthEnable: data.Get("oauth2_webauthn_reauth_enable").(string),
PasswordChange: data.Get("password_change").(string),
PasswordComplete: data.Get("password_complete").(string),
PasswordForgot: data.Get("password_forgot").(string),
Expand Down Expand Up @@ -494,6 +542,15 @@ func buildResourceDataFromTheme(t fusionauth.Theme, data *schema.ResourceData) d
if err := data.Set("account_two_factor_index", t.Templates.AccountTwoFactorIndex); err != nil {
return diag.Errorf("theme.account_two_factor_index: %s", err.Error())
}
if err := data.Set("account_webauthn_add", t.Templates.AccountWebAuthnAdd); err != nil {
return diag.Errorf("theme.account_webauthn_add: %s", err.Error())
}
if err := data.Set("account_webauthn_delete", t.Templates.AccountWebAuthnDelete); err != nil {
return diag.Errorf("theme.account_webauthn_delete: %s", err.Error())
}
if err := data.Set("account_webauthn_index", t.Templates.AccountWebAuthnIndex); err != nil {
return diag.Errorf("theme.account_webauthn_index: %s", err.Error())
}
if err := data.Set("email_complete", t.Templates.EmailComplete); err != nil {
return diag.Errorf("theme.email_complete: %s", err.Error())
}
Expand Down Expand Up @@ -548,6 +605,15 @@ func buildResourceDataFromTheme(t fusionauth.Theme, data *schema.ResourceData) d
if err := data.Set("oauth2_wait", t.Templates.Oauth2Wait); err != nil {
return diag.Errorf("theme.oauth2_wait: %s", err.Error())
}
if err := data.Set("oauth2_webauthn", t.Templates.Oauth2WebAuthn); err != nil {
return diag.Errorf("theme.oauth2_webauthn: %s", err.Error())
}
if err := data.Set("oauth2_webauthn_reauth", t.Templates.Oauth2WebAuthnReauth); err != nil {
return diag.Errorf("theme.oauth2_webauthn_reauth: %s", err.Error())
}
if err := data.Set("oauth2_webauthn_reauth_enable", t.Templates.Oauth2WebAuthnReauthEnable); err != nil {
return diag.Errorf("theme.oauth2_webauthn_reauth_enable: %s", err.Error())
}
if err := data.Set("password_change", t.Templates.PasswordChange); err != nil {
return diag.Errorf("theme.password_change: %s", err.Error())
}
Expand Down
Loading

0 comments on commit 518d6cd

Please sign in to comment.