luci-base: add extra auth plugin config

Revert "luci-mod-system: add extra auth plugin config"
add extra auth plugin config page in luci-mod-system

Signed-off-by: Han Yiming <moebest@outlook.jp>

Author: Tokisaki-Galaxy

modules/luci-base/htdocs/luci-static/resources/exauth.js

@@ -0,0 +1,139 @@
+'use strict';
+'require view';
+'require dom';
+'require ui';
+'require uci';
+'require rpc';
+
+var callListAuthPlugins = rpc.declare({
+	object: 'luci',
+	method: 'listAuthPlugins',
+	expect: { }
+});
+
+return view.extend({
+	load: function() {
+		return Promise.all([
+			uci.load('luci'),
+			callListAuthPlugins()
+		]);
+	},
+
+	render: function(data) {
+		var pluginsData = data[1] || { external_auth: '0', plugins: [] };
+		var externalAuth = pluginsData.external_auth == '1';
+		var plugins = pluginsData.plugins || [];
+
+		var body = E('div', { 'class': 'cbi-map' }, [
+			E('h2', {}, _('Authentication Settings')),
+			E('div', { 'class': 'cbi-map-descr' },
+				_('Configure global authentication settings and manage individual authentication plugins.'))
+		]);
+
+		// Global settings section
+		var globalSection = E('div', { 'class': 'cbi-section' }, [
+			E('h3', {}, _('Global Settings')),
+			E('div', { 'class': 'cbi-section-descr' },
+				_('Enable or disable external authentication system-wide. When disabled, only password authentication is used.'))
+		]);
+
+		var globalTable = E('table', { 'class': 'table cbi-section-table' });
+		var globalRow = E('tr', { 'class': 'tr cbi-section-table-row' });
+
+		var globalCheckbox = E('input', {
+			'type': 'checkbox',
+			'id': 'external_auth',
+			'checked': externalAuth ? '' : null
+		});
+
+		globalRow.appendChild(E('td', { 'class': 'td cbi-value-field', 'style': 'width: 30px;' }, globalCheckbox));
+		globalRow.appendChild(E('td', { 'class': 'td' }, [
+			E('label', { 'for': 'external_auth', 'style': 'font-weight: bold;' }, _('Enable External Authentication')),
+			E('br'),
+			E('span', { 'class': 'cbi-value-description' },
+				_('When enabled, authentication plugins in /usr/share/luci/auth.d/ will be loaded and used for additional verification during login.'))
+		]));
+
+		globalTable.appendChild(globalRow);
+		globalSection.appendChild(globalTable);
+		body.appendChild(globalSection);
+
+		// Plugin settings section
+		var pluginSection = E('div', { 'class': 'cbi-section' }, [
+			E('h3', {}, _('Authentication Plugins')),
+			E('div', { 'class': 'cbi-section-descr' },
+				_('Enable or disable individual authentication plugins. Disabled plugins will be skipped during login.'))
+		]);
+
+		if (plugins.length === 0) {
+			pluginSection.appendChild(E('p', { 'class': 'cbi-section-note' },
+				_('No authentication plugins found in /usr/share/luci/auth.d/')
+			));
+		} else {
+			var pluginTable = E('table', { 'class': 'table cbi-section-table' }, [
+				E('tr', { 'class': 'tr table-titles' }, [
+					E('th', { 'class': 'th cbi-section-table-cell', 'style': 'width: 50px;' }, _('Enabled')),
+					E('th', { 'class': 'th cbi-section-table-cell' }, _('Plugin Name')),
+					E('th', { 'class': 'th cbi-section-table-cell' }, _('Filename'))
+				])
+			]);
+
+			for (var i = 0; i < plugins.length; i++) {
+				var plugin = plugins[i];
+				var pluginRow = E('tr', { 'class': 'tr cbi-section-table-row' });
+
+				var pluginCheckbox = E('input', {
+					'type': 'checkbox',
+					'id': 'plugin_' + plugin.name,
+					'data-plugin': plugin.name,
+					'checked': plugin.enabled ? '' : null
+				});
+
+				pluginRow.appendChild(E('td', { 'class': 'td cbi-value-field', 'style': 'text-align: center;' }, pluginCheckbox));
+				pluginRow.appendChild(E('td', { 'class': 'td' }, plugin.name));
+				pluginRow.appendChild(E('td', { 'class': 'td' }, plugin.filename));
+
+				pluginTable.appendChild(pluginRow);
+			}
+
+			pluginSection.appendChild(pluginTable);
+		}
+
+		body.appendChild(pluginSection);
+
+		return body;
+	},
+
+	handleSave: function() {
+		var externalAuthCheckbox = document.getElementById('external_auth');
+		var externalAuthValue = externalAuthCheckbox && externalAuthCheckbox.checked ? '1' : '0';
+
+		// Save global external_auth setting
+		uci.set('luci', 'main', 'external_auth', externalAuthValue);
+
+		// Save individual plugin settings
+		var pluginCheckboxes = document.querySelectorAll('input[data-plugin]');
+		pluginCheckboxes.forEach(function(checkbox) {
+			var pluginName = checkbox.getAttribute('data-plugin');
+			var isDisabled = !checkbox.checked ? '1' : '0';
+			
+			// Ensure sauth section exists (type: internal)
+			if (!uci.get('luci', 'sauth')) {
+				uci.add('luci', 'internal', 'sauth');
+			}
+			
+			uci.set('luci', 'sauth', pluginName + '_disabled', isDisabled);
+		});
+
+		return uci.save().then(function() {
+			return uci.apply();
+		}).then(function() {
+			ui.addNotification(null, E('p', _('Authentication settings have been saved.')), 'info');
+		}).catch(function(err) {
+			ui.addNotification(null, E('p', _('Failed to save authentication settings: ') + err.message), 'danger');
+		});
+	},
+
+	handleSaveApply: null,
+	handleReset: null
+});

modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json

@@ -17,6 +17,7 @@
 			},
 			"ubus": {
 				"file": [ "list" ],
+				"luci": [ "listAuthPlugins" ],
 				"uci": [ "changes", "get" ]
 			},
 			"uci": [ "system" ]

modules/luci-base/root/usr/share/rpcd/ucode/luci

@@ -679,6 +679,41 @@ const methods = {
 
 			return { result: dev_stats };
 		}
+	},
+
+	listAuthPlugins: {
+		call: function() {
+			const uci = cursor();
+			let plugins = [];
+			let auth_plugins_dir = '/usr/share/luci/auth.d';
+
+			// Get global external_auth setting
+			let external_auth = uci.get('luci', 'main', 'external_auth') || '0';
+
+			// List files in auth.d directory
+			let files = glob(auth_plugins_dir + '/*.uc') || [];
+
+			for (let path in files) {
+				// Extract filename without extension as plugin name
+				let filename = replace(path, auth_plugins_dir + '/', '');
+				let plugin_name = replace(filename, '.uc', '');
+
+				// Check if this plugin is disabled
+				let is_disabled = uci.get('luci', 'sauth', plugin_name + '_disabled');
+				let enabled = (is_disabled != '1');
+
+				push(plugins, {
+					name: plugin_name,
+					filename: filename,
+					enabled: enabled
+				});
+			}
+
+			return {
+				external_auth: external_auth,
+				plugins: plugins
+			};
+		}
 	}
 };
 

modules/luci-mod-system/htdocs/luci-static/resources/view/system/password.js

@@ -4,13 +4,11 @@
 'require ui';
 'require form';
 'require rpc';
-'require uci';
 
 var formData = {
 	password: {
 		pw1: null,
-		pw2: null,
-		external_auth: null
+		pw2: null
 	}
 };
 
@@ -22,10 +20,6 @@ var callSetPassword = rpc.declare({
 });
 
 return view.extend({
-	load: function() {
-		return uci.load('luci');
-	},
-
 	checkPassword: function(section_id, value) {
 		var strength = document.querySelector('.cbi-value-description'),
 		    strongRegex = new RegExp("^(?=.{8,})(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*\\W).*$", "g"),
@@ -49,9 +43,7 @@ return view.extend({
 	render: function() {
 		var m, s, o;
 
-		formData.password.external_auth = uci.get('luci', 'main', 'external_auth') || '0';
-
-		m = new form.JSONMap(formData, _('Router Password'), _('Changes the administrator password for accessing the device and configures secondary authentication.'));
+		m = new form.JSONMap(formData, _('Router Password'), _('Changes the administrator password for accessing the device'));
 		m.readonly = !L.hasViewPermission();
 
 		s = m.section(form.NamedSection, 'password', 'password');
@@ -73,47 +65,31 @@ return view.extend({
 			return node;
 		};
 
-		o = s.option(form.Flag, 'external_auth', _('Enable external auth plugins'),
-			_('Allow third-party plugins (like 2FA) to provide additional authentication challenges.'));
-		o.enabled = '1';
-		o.disabled = '0';
-		o.default = o.disabled;
-
 		return m.render();
 	},
 
 	handleSave: function() {
 		var map = document.querySelector('.cbi-map');
-		var self = this;
 
 		return dom.callClassMethod(map, 'save').then(function() {
+			if (formData.password.pw1 == null || formData.password.pw1.length == 0)
+				return;
+
+			if (formData.password.pw1 != formData.password.pw2) {
+				ui.addNotification(null, E('p', _('Given password confirmation did not match, password not changed!')), 'danger');
+				return;
+			}
+
+			return callSetPassword('root', formData.password.pw1).then(function(success) {
+				if (success)
+					ui.addNotification(null, E('p', _('The system password has been successfully changed.')), 'info');
+				else
+					ui.addNotification(null, E('p', _('Failed to change the system password.')), 'danger');
+
+				formData.password.pw1 = null;
+				formData.password.pw2 = null;
 
-			uci.set('luci', 'main', 'external_auth', formData.password.external_auth);
-
-			return uci.save().then(function() {
-				return uci.commit('luci');
-			}).then(function() {
-				if (formData.password.pw1 != null && formData.password.pw1.length > 0) {
-					if (formData.password.pw1 != formData.password.pw2) {
-						ui.addNotification(null, E('p', _('Given password confirmation did not match, password not changed!')), 'danger');
-						return;
-					}
-
-					return callSetPassword('root', formData.password.pw1).then(function(success) {
-						if (success) {
-							ui.addNotification(null, E('p', _('Password and authentication settings have been successfully changed.')), 'info');
-						} else {
-							ui.addNotification(null, E('p', _('Failed to change the system password.')), 'danger');
-						}
-
-						formData.password.pw1 = null;
-						formData.password.pw2 = null;
-						dom.callClassMethod(map, 'render');
-					});
-				} else {
-					ui.addNotification(null, E('p', _('Authentication settings have been successfully saved.')), 'info');
-					dom.callClassMethod(map, 'render');
-				}
+				dom.callClassMethod(map, 'render');
 			});
 		});
 	},

modules/luci-mod-system/root/usr/share/luci/menu.d/luci-mod-system.json

@@ -85,6 +85,19 @@
 		}
 	},
 
+	"admin/system/admin/exauth": {
+		"title": "Authentication",
+		"order": 6,
+		"action": {
+			"type": "view",
+			"path": "system/exauth"
+		},
+		"depends": {
+			"acl": [ "luci-mod-system-config" ],
+			"uci": { "luci": true }
+		}
+	},
+
 	"admin/system/startup": {
 		"title": "Startup",
 		"order": 45,