Merge pull request #733 from openziti/add-ext-jwt-auth

Add ext jwt auth

.editorconfig

@@ -97,3 +97,7 @@ dotnet_style_require_accessibility_modifiers = for_non_interface_members:silent
 dotnet_style_allow_multiple_blank_lines_experimental = true:silent
 dotnet_style_allow_statement_immediately_after_block_experimental = true:silent
 dotnet_code_quality_unused_parameters = all:suggestion
+
+[*.xaml]
+indent_style = space
+indent_size = 4

DesktopEdge/MainWindow.xaml.cs

@@ -439,7 +439,7 @@ public MainWindow() {
             notifyIcon.BalloonTipClosed += NotifyIcon_BalloonTipClosed;
             notifyIcon.MouseClick += NotifyIcon_MouseClick;
             notifyIcon.ContextMenu = this.contextMenu;
-
+            
             IdentityMenu.OnDetach += OnDetach;
             MainMenu.OnDetach += OnDetach;
 
@@ -1125,6 +1125,7 @@ private void ServiceClient_OnIdentityEvent(object sender, IdentityEvent e) {
                         found.IsEnabled = zid.IsEnabled;
                         found.IsMFAEnabled = e.Id.MfaEnabled;
                         found.IsConnected = true;
+                        found.NeedsExtAuth = e.Id.NeedsExtAuth;
                         for (int i = 0; i < identities.Count; i++) {
                             if (identities[i].Identifier == found.Identifier) {
                                 identities[i] = found;
@@ -1157,7 +1158,10 @@ private void ServiceClient_OnIdentityEvent(object sender, IdentityEvent e) {
                         }
                     }
                     LoadIdentities(true);
+                } else if (e.Action == "needs_ext_login") {
+                    logger.Debug("needs_ext_login action received"); //handled through identity event at the moment (forever?)
                 } else {
+                    logger.Warn("unexpected action received: {}", e.Action);
                     IdentityForgotten(ZitiIdentity.FromClient(e.Id));
                 }
             });
@@ -1251,7 +1255,6 @@ private void ServiceClient_OnTunnelStatusEvent(object sender, TunnelStatusEvent
 				}*/
                 this.MainMenu.LogLevel = e.Status.LogLevel;
                 Ziti.Desktop.Edge.Utils.UIUtils.SetLogLevel(e.Status.LogLevel);
-
                 InitializeTimer((int)e.Status.Duration);
                 LoadStatusFromService(e.Status);
                 LoadIdentities(true);
@@ -1429,7 +1432,9 @@ private void LoadIdentities(Boolean repaint) {
                         idItem.Identity = id;
                         idItem.IdentityChanged += IdItem_IdentityChanged;
 
-                        if (repaint) idItem.RefreshUI();
+                        if (repaint) {
+                            idItem.RefreshUI();
+                        }
 
                         IdList.Children.Add(idItem);
 

DesktopEdge/Models/ZitiIdentity.cs

@@ -90,6 +90,8 @@ public bool HasServiceFailingPostureCheck {
             }
         }
 
+        public bool NeedsExtAuth { get; set; }
+
         /// <summary>
         /// Default constructor to support named initialization
         /// </summary>
@@ -134,7 +136,8 @@ public static ZitiIdentity FromClient(DataStructures.Identity id) {
                 MaxTimeout = id.MaxTimeout,
                 LastUpdatedTime = id.MfaLastUpdatedTime,
                 TimeoutMessage = "",
-                IsConnected = true
+                IsConnected = true,
+                NeedsExtAuth = id.NeedsExtAuth,
             };
 
 #if DEBUG

DesktopEdge/Views/ItemRenderers/IdentityItem.xaml

@@ -39,14 +39,14 @@
                 </Label>
                 <Image Name="PostureTimedOut" Visibility="Collapsed" Grid.Column="2" Source="/Assets/Images/lockout.png" VerticalAlignment="Bottom" HorizontalAlignment="Center" RenderOptions.BitmapScalingMode="Fant" Width="26" Height="26" Margin="0,0,0,6" Cursor="Hand" MouseUp="MFAAuthenticate"></Image>
                 <Image Name="MfaRequired" Source="/Assets/Images/mfaoff.png" Grid.Column="2" Cursor="Hand" Width="50" Height="26" VerticalAlignment="Bottom" RenderOptions.BitmapScalingMode="Fant" Stretch="Uniform" Visibility="Visible" MouseUp="MFAAuthenticate"></Image>
+                <Image Name="ExtAuthRequired" Source="/Assets/Images/ext-auth-needed.png" Grid.Column="2" Cursor="Hand" Width="50" Height="26" VerticalAlignment="Bottom" RenderOptions.BitmapScalingMode="Fant" Stretch="Uniform" Visibility="Visible" MouseUp="CompleteExtAuth"></Image>
                 <Canvas Name="ServiceCountArea" Grid.Column="2" Grid.Row="0" Width="50" Height="40" Cursor="Hand" Visibility="Collapsed">
 					<Border Name="ServiceCountBorder" Width="44" Height="26" Background="#0068F9" CornerRadius="12" Canvas.Top="10" Canvas.Left="3"></Border>
                     <Label Name="ServiceCount" Width="50" Height="26" Canvas.Top="9" Padding="0,0,0,0" FontSize="14" Content="23" Foreground="White" HorizontalAlignment="Center" VerticalContentAlignment="Center" HorizontalContentAlignment="Center"></Label>
                 </Canvas>
                 <Image Name="TimerCountdown" Visibility="Collapsed" Grid.Column="2" Source="/Assets/Images/timer.png" VerticalAlignment="Bottom" HorizontalAlignment="Center" Width="26" Height="26" Margin="0,0,0,6" Cursor="Hand" MouseUp="MFAAuthenticate"></Image>
                 <Label Name="ServiceCountAreaLabel" Grid.Column="3" MouseUp="OpenDetails" Grid.Row="1" Margin="0,-5,0,0" Content="authenticate" Cursor="Hand" Foreground="White" FontSize="11" HorizontalAlignment="Stretch" Typography.Capitals="AllSmallCaps" HorizontalContentAlignment="Center"></Label>
                 <Rectangle Fill="Transparent" Grid.Column="2" Grid.RowSpan="2" VerticalAlignment="Stretch" HorizontalAlignment="Stretch" Cursor="Hand" MouseUp="DoMFAOrOpen"></Rectangle>
-
             </Grid>
             <Image Grid.Column="1" Source="/Assets/Images/next.png" Width="12" MouseUp="OpenDetails" Cursor="Hand"></Image>
             <Rectangle Fill="Transparent" Grid.Column="1" VerticalAlignment="Stretch" HorizontalAlignment="Stretch" Cursor="Hand" MouseUp="OpenDetails"></Rectangle>

DesktopEdge/Views/ItemRenderers/IdentityItem.xaml.cs

@@ -24,6 +24,9 @@ limitations under the License.
 using NLog;
 using SWM = System.Windows.Media;
 using Windows.UI.WebUI;
+using Windows.Media.Protection.PlayReady;
+using ZitiDesktopEdge.DataStructures;
+using System.Diagnostics;
 
 namespace ZitiDesktopEdge {
     /// <summary>
@@ -206,6 +209,16 @@ public void RefreshUI() {
                 }
             }
 
+            if (_identity.NeedsExtAuth) {
+                //show ext auth
+                ExtAuthRequired.Visibility = Visibility.Visible;
+                ServiceCountArea.Visibility = Visibility.Collapsed;
+            } else {
+                //hide ext auth
+                ExtAuthRequired.Visibility = Visibility.Collapsed;
+                ServiceCountArea.Visibility = Visibility.Visible;
+            }
+
             IdName.Content = _identity.Name;
             IdUrl.Content = _identity.ControllerUrl;
             if (_identity.ContollerVersion != null && _identity.ContollerVersion.Length > 0) IdUrl.Content = _identity.ControllerUrl + " at " + _identity.ContollerVersion;
@@ -333,9 +346,22 @@ private void ToggledSwitch(object sender, MouseButtonEventArgs e) {
         private void DoMFAOrOpen(object sender, MouseButtonEventArgs e) {
             if (MfaRequired.Visibility == Visibility.Visible || TimerCountdown.Visibility == Visibility.Visible || PostureTimedOut.Visibility == Visibility.Visible) {
                 MFAAuthenticate(sender, e);
+            } else if (ExtAuthRequired.Visibility == Visibility.Visible) {
+                CompleteExtAuth(sender, e);
             } else {
                 OpenDetails(sender, e);
             }
         }
+
+        async private void CompleteExtAuth(object sender, MouseButtonEventArgs e) {
+            try {
+                DataClient client = (DataClient)Application.Current.Properties["ServiceClient"];
+                ExternalAuthLoginResponse resp = await client.ExternalAuthLogin(_identity.Identifier);
+                Console.WriteLine(resp.Data.url);
+                Process.Start(resp.Data.url);
+            } catch (Exception ex) {
+                logger.Error("unexpected error!", ex);
+            }
+        }
     }
 }

DesktopEdge/ZitiDesktopEdge.csproj

@@ -475,6 +475,7 @@
     <Resource Include="Assets\Images\processing.png" />
   </ItemGroup>
   <ItemGroup>
+    <Resource Include="Assets\Images\ext-auth-needed.png" />
     <Resource Include="ziti-v2.ico" />
     <Content Include="..\ziti.ico" />
   </ItemGroup>

ZitiDesktopEdge.Client/DataStructures/DataStructures.cs

@@ -201,9 +201,7 @@ public SetLogLevelFunction(string level) {
 
     public class ZitiDumpPayloadFunction {
         public string DumpPath { get; set; }
-
     }
-
     public class ZitiDumpFunction : ServiceFunction {
         public ZitiDumpFunction(string dumpPath) {
             this.Command = "ZitiDump";
@@ -214,6 +212,26 @@ public ZitiDumpFunction(string dumpPath) {
         public ZitiDumpPayloadFunction Data { get; set; }
     }
 
+    public class ExternalAuthFunction {
+        public string Identifier { get; set; }
+    }
+    public class ExternalAuthLogin : ServiceFunction {
+        public ExternalAuthLogin(string identifier) {
+            this.Command = "ExternalAuth";
+            this.Data = new ExternalAuthFunction() {
+                Identifier = identifier,
+            };
+        }
+        public ExternalAuthFunction Data { get; set; }
+    }
+    public class ExternalAuthLoginResponse : SvcResponse {
+        public ExternalAuthLoginPayload Data { get; set; }
+    }
+    public class ExternalAuthLoginPayload {
+        public string identifier { get; set; }
+        public string url { get; set; }
+    }
+
     public class IdentifierPayload {
         public string Identifier { get; set; }
     }
@@ -259,7 +277,7 @@ public class Identity {
         public int MinTimeout { get; set; }
         public int MaxTimeout { get; set; }
         public DateTime MfaLastUpdatedTime { get; set; }
-
+        public bool NeedsExtAuth { get; set; }
     }
 
     public class Service {

ZitiDesktopEdge.Client/ServiceClient/DataClient.cs

@@ -318,6 +318,20 @@ async public Task<SvcResponse> RemoveMFA(string identifier, string totp) {
             return null;
         }
 
+        async public Task<ExternalAuthLoginResponse> ExternalAuthLogin(string identifier) {
+            try {
+                await sendAsync(new ExternalAuthLogin(identifier));
+                ExternalAuthLoginResponse extAuthResp = await readAsync<ExternalAuthLoginResponse>(ipcReader);
+                return extAuthResp;
+            } catch (Exception ioe) {
+                //almost certainly a problem with the pipe - recreate the pipe...
+                //throw ioe;
+                Logger.Error(ioe, "Unexpected error");
+                CommunicationError(ioe);
+            }
+            return null;
+        }
+
         protected override void ProcessLine(string line) {
             try {
                 string respAsString = line;