mirror of
https://github.com/goauthentik/authentik
synced 2026-04-25 17:15:26 +02:00
03e67aea34
* web/elements: rename hasSlotted to findSlotted and refactor host styles Rename the slot-inspection helper on `AKElement` from `hasSlotted` to `findSlotted` and return the first matching element rather than a boolean, so callers can both check for presence and reach the node. Update every call site in the tree (default callers pass no argument instead of `null`). Along the way, tidy `AKElement`'s host-style plumbing: expose `hostStyles` as a getter/setter backed by a `CSSStyleSheet` cache and move the adoption logic into `attachHostStyles` / `detachHostStyles` class methods, so subclasses can share the lifecycle. Drop the now unused `@localized` decorator import. Also add a `findAssignedSlot` helper in `elements/utils/slots.ts` for light-DOM → slot lookups, and give `EmptyState` an explicit `display: block` so empty-state placement doesn't collapse when wrapped. * web/chips: tighten chip group rendering and add placeholder class Make `ChipGroup` generic over its chip value type, expose a `placeholder` property that renders an inline placeholder when the default slot is empty, and intercept clicks that land on child chips so outer handlers can tell "clicked the group" apart from "clicked a chip". Give the host an explicit `display: block` so the group participates in layout correctly. Move the removal tooltip on `Chip` to the right so it doesn't clip at the top of the row. In `base/common.css`, add the `ak-m-placeholder` class used by the new chip-group placeholder and extend `.ak-fade-in` with an opt-in `ak-m-delayed` modifier that animates height alongside the fade via `interpolate-size`, so loading cards can slide in without jank. * web/elements: add scrollbar helpers and polish table styles Introduce `elements/utils/scrollbars.ts` with `measureScrollbarWidth` and `applyScrollbarClass`, and call it from `Interface` so the root document picks up `ak-m-visible-scrollbars` / `ak-m-overlay-scrollbars` depending on the platform. Add an `ak-m-thin-scrollbar` selector to the thin-scrollbar rule in `base/scrollbars.css` so ad-hoc containers can opt in. Refresh `Table.css`: expose `search-form`, `search-input`, `pagination-bottom`, and `table` parts; introduce `--ak-c-table--expandable-overlay--Color` theming for expandable rows (including a nested-table background pass); add an `ak-c-table__actions` helper so per-row action buttons wrap consistently; and teach the host to honor `display-box="contents"` so tables embedded in `display: contents` parents still participate in layout checks. Drop the unused `elements/utils/isVisible.ts`; the only live `isVisible` helpers live beside their callers under SearchSelect. * web/buttons: support split-button Dropdown layout Teach `ak-dropdown` to recognize a PatternFly split-button toggle — look for `.pf-c-dropdown__toggle.pf-m-split-button .pf-c-dropdown__toggle-button:last-child` first and fall back to the single-button selector — so a primary action and a menu trigger can coexist in one dropdown. Drop the workaround that skipped wiring menu-item click handlers: now that dropdowns live inside native dialogs, letting a menu-item click bubble no longer closes the parent modal. Switch the private fields to `protected` so subclasses can reach them, and anchor the AKRefreshEvent and outside-click listeners at `window` explicitly (matching the new `@listen` default). In `@listen`, flip the default target from `window` to `this`. A component's own element is the more intuitive default for a decorator attached to an instance method, and call sites that want the window now opt in explicitly. Extend `Dropdown/dropdown.css` with `--pf-c-dropdown__toggle--*` padding variables so split-button variants get consistent spacing. * web/forms: improve form ARIA scaffolding and tighten group styles Add a sticky `ak-c-form__header` row to `Form.css` with a `form-actions` part so form headers can host an inline title and action cluster without each form reinventing the layout. In `Form/form.css`, add a `.ak-m-content-center` variant for forms that center their body inside a fixed-size container, and introduce a PatternFly-compatible grid-based Radio label so the input and its description align cleanly and the whole row is clickable. Tighten the `FormGroup` summary spacing (use `spacer--sm` inline and `spacer-xs` block) and hoist the high-contrast overrides onto the open group so the details marker stays aligned. Make `AKControlElement` abstract (requiring a `name`), rename `isValid` → `valid`, declare it as implementing the new `FormField<T>` interface, and mark it deprecated in favor of `FormAssociatedElement`. Make `FormField` generic over the JSON value type, extend `HTMLElement`, and drop the `Jsonifiable` runtime import in favor of a type-only import. `HorizontalFormElement` now searches for either legacy control elements or the new `FormField` shape when picking its focus target. * web/elements: migrate modal plumbing to the native <dialog> element Replace the bespoke modal stack with an `<ak-modal>` built on the browser's native `<dialog>`, and collect every piece of the new infrastructure under `#elements/dialogs`: * `ak-modal.ts` / `ak-modal.css` — the element + its PatternFly compatible styles. * `dialog.css` — the global `ak-c-dialog` token and backdrop rules, imported via the new `components/Modal/modal.css` entry point (replacing the old `base/modal.css` import in `base.css` and `interface.global.css`). * `shared.ts` — the `TransclusionChildElement` / `TransclusionChildSymbol` contract plus the parent-side helpers (`isTransclusionParentElement`, `slottedElementUpdatedAt`), so forms and tables hosted inside a modal can signal re-render hints to the dialog wrapper. * `directives.ts` / `invokers.ts` / `utils.ts` — the `modalInvoker`, `renderModal`, and `DialogInit` helpers that declarative call sites use to open a modal from a button without imperatively mounting the element. * `components/` — the ready-made invoker buttons (`ModalInvokerButton`, `IconEditButton`, `IconEditButtonByTagName`, `IconPermissionButton`) and the `components.ts` barrel. * `components/Modal/modal.css` — the short host wrapper that pulls `dialog.css` into the bundled base stylesheet chain. Rewire the existing modal consumers to use the new contract: * `Form` now implements `TransclusionChildElement`, exposes `verboseName`/`verboseNamePlural`/`createLabel`/`submitVerb` statics, tracks visibility via `intersectionObserver`, and forwards `asModalInvoker` / `showModal` through the new `modalInvoker` / `renderModal` helpers. `ModalForm` and `ModelForm` follow the same shape. `ModalButton` drops its own `pf-c-modal-box` padding fix (the dialog handles it). * `Table` implements `TransclusionChildElement`, dispatches refresh via `AKRefreshEvent`, and exposes `display-box="contents"` so tables embedded in dialogs participate in layout checks. `TablePage` / `TableSearch` widen types and surface `search-form` / `search-input` parts for dialog-scoped styling. * `ak-about-modal`, `ObjectPermissionModal`, `RACLaunchEndpointModal`, the command palette, and the admin/user interface roots all move off `#elements/modals` and onto `#elements/dialogs`. * `AdminSettingsForm` / `AdminSettingsPage` render their header / actions through the new `ak-c-form__header` + `form-actions` slots introduced in the prior Form CSS commit, and swap the outermost `<section>` for `<main>` for better landmark semantics. * `elements/utils/render-roots.ts` and `elements/utils/unsafe.ts` gain dialog-aware helpers (notably a directive-based replacement for the old `unsafe` builder). * `base/globals.css` disables overscroll while any dialog is open via `html[data-dialog-count]`; `package.json` adds the `#elements/dialogs` barrel alias. Delete the old `elements/modals/` directory (`ak-modal.ts`, `shared.ts`, `styles.css`, `utils.ts`) and `styles/authentik/base/modal.css` now that nothing imports them. * web/wizards: refactor wizards to dialog-based flow Rebuild the shared Wizard primitives on top of the new <dialog> contract: split CreateWizard/utils out of Wizard, rename admin *Wizard.ts entry points to ak-*-wizard.ts (Policy, Provider, Source, Stage, PropertyMapping, ServiceConnection), and port the Application wizard steps to the new WizardStep base. Adds the user wizard and recovery invoker plus the refreshed Wizard component styles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * web/admin: migrate forms and list pages to dialog-based modals Port every admin form, list page, and RBAC surface to the new TransclusionChildElement / asModalInvoker contract introduced with the native <dialog> migration. Replace the old ModalButton-driven helpers with the new modalInvoker/renderModal flow, add the shared IconCopyButton/IconTokenCopyButton/IconEnrollmentTokenCopyButton components (with .ak-c-button--icon__progress styling), and refresh messages, notifications, flow inspector, and user portal consumers to match. Includes small common/element utility updates picked up along the way. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * web/test: update browser e2e tests for dialog-based flow Adjust application, group, session, and user browser tests to the new wizard and modal selectors introduced by the <dialog> migration and relax a handful of timeouts that were tight against the old ModalButton animation sequence. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix visibility detection. * Fix layout, behavior. * Fix type. * Flesh out test revisions. * Fix type. * Format. * Use plural path. * Fix strict selector in Safari. * Remove unused. * Spellcheck. * Partial type fix. * Fix translation. --------- Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
authentik WebUI
This is the default UI for the authentik server. The documentation is going to be a little sparse for awhile, but at least let's get started.
The Theory of the authentik UI
In Peter Naur's 1985 essay Programming as Theory Building, programming is described as creating a mental model of how a program should run, then writing the code to test if the program can run that way.
The mental model for the authentik UI is straightforward. There are five "applications" within the UI, each with its own base URL, router, and responsibilities, and each application needs as many as three contexts in which to run.
The three contexts corresponds to objects in the API's model section, so let's use those names.
- The root
Config. The root configuration object of the server, containing mostly caching and error reporting information. This is misleading, however; theConfigobject contains some user information, specifically a list of permissions the current user (or "no user") has. - The root
CurrentTenant. This describes theBrandinformation UIs should use, such as themes, logos, favicon, and specific default flows for logging in, logging out, and recovering a user password. - The current
SessionUser, the person logged in: username, display name, and various states. (Note: the authentik server permits administrators to "impersonate" any other user in order to debug their authentication experience. If impersonation is active, theuserfield reflects that user, but it also includes a field,original, with the administrator's information.)
(There is a fourth context object, Version, but its use is limited to displaying version information and checking for upgrades. Just be aware that you will see it, but you will probably never interact with it.)
There are five applications. Two (loading and api-browser) are trivial applications whose
insides are provided by third-party libraries (Patternfly and Rapidoc, respectively). The other
three are actual applications. The descriptions below are wholly from the view of the user's
experience:
Flow: From a given URL, displays a form that requests information from the user to accomplish a task. Some tasks require the user to be logged in, but many (such as logging in itself!) obviously do not.User: Provides the user with access to the applications they can access, plus a few user settings.Admin: Provides someone with super-user permissions access to the administrative functions of the authentik server.
Mental Model
- Upon initialization, every authentik UI application fetches
ConfigandCurrentTenant.UserandAdminwill also attempt to load theSessionUser; if there is none, the user is kicked out to theFlowfor logging into authentik itself. Config,CurrentTenant, andSessionUser, are provided by the@goauthentik/apiapplication, not by the codebase under./web. (Where you are now).Flow,User, andAdminare all calledInterfacesand are found in./web/src/flow/FlowInterface,./web/src/user/UserInterface,./web/src/admin/AdminInterface, respectively.
Inside each of these you will find, in a hierarchal order:
- The context layer described above
- A theme managing layer
- The orchestration layer:
- web socket handler for server-generated events
- The router
- Individual routes for each vertical slice and its relationship to other objects:
Each slice corresponds to an object table on the server, and each slice usually consists of the following:
- A paginated collection display, usually using the
Tablefoundation (found in./web/src/elements/Table) - The ability to view an individual object from the collection, which you may be able to:
- Edit
- Delete
- A form for creating a new object
- Tabs showing that object's relationship to other objects
- Interactive elements for changing or deleting those relationships, or creating new ones.
- The ability to create new objects with which to have that relationship, if they're not part of the core objects (such as User->MFA authenticator apps, since the latter is not a "core" object and has no tab of its own).
We are still a bit "all over the place" with respect to sub-units and common units; there are
folders common, elements, and components, and ideally they would be:
common: non-UI related libraries all of our applications needelements: UI elements shared among multiple applications that do not need contextcomponents: UI elements shared among multiple that use one or more context
... but at the moment there are some context-sensitive elements, and some UI-related stuff in
common.
Comments
NOTE: The comments in this section are for specific changes to this repository that cannot be reliably documented any other way. For the most part, they contain comments related to custom settings in JSON files, which do not support comments.
tsconfig.json:compilerOptions.useDefineForClassFields: falseis required to make TSC use the "classic" form of field definition when compiling class definitions. Storybook does not handle the ESNext proposed definition mechanism (yet).compilerOptions.plugins.ts-lit-plugin.rules.no-unknown-tag-name: "off": required to support rapidoc, which exports its tag late.compilerOptions.plugins.ts-lit-plugin.rules.no-missing-import: "off": lit-analyzer currently does not support path aliases very well, and cannot find the definition files associated with imports using them.compilerOptions.plugins.ts-lit-plugin.rules.no-incompatible-type-binding: "warn": lit-analyzer does not support generics well when parsing a subtype ofHTMLElement. As a result, this threw too many errors to be supportable.
License
This code is licensed under the MIT License. A copy of the license is included with this project.