Improve SSO Config validation (#572)

* Extract SsoConfig enums to own file

* Add ChangeStripSpaces directive

* Move custom validators to jslib

* Add a11y-invalid directive

* Add and implement dirtyValidators

* Create ssoConfigView model and factory methods

* Add interface for select options

* Don't build SsoConfigData if null

Co-authored-by: Oscar Hinton <oscar@oscarhinton.com>

common/src/models/api/ssoConfigApi.ts

@@ -1,40 +1,58 @@
 import { BaseResponse } from "../response/baseResponse";
 
-enum SsoType {
-  OpenIdConnect = 1,
-  Saml2 = 2,
-}
-
-enum OpenIdConnectRedirectBehavior {
-  RedirectGet = 0,
-  FormPost = 1,
-}
-
-enum Saml2BindingType {
-  HttpRedirect = 1,
-  HttpPost = 2,
-  Artifact = 4,
-}
-
-enum Saml2NameIdFormat {
-  NotConfigured = 0,
-  Unspecified = 1,
-  EmailAddress = 2,
-  X509SubjectName = 3,
-  WindowsDomainQualifiedName = 4,
-  KerberosPrincipalName = 5,
-  EntityIdentifier = 6,
-  Persistent = 7,
-  Transient = 8,
-}
-
-enum Saml2SigningBehavior {
-  IfIdpWantAuthnRequestsSigned = 0,
-  Always = 1,
-  Never = 3,
-}
+import {
+  OpenIdConnectRedirectBehavior,
+  Saml2BindingType,
+  Saml2NameIdFormat,
+  Saml2SigningBehavior,
+  SsoType,
+} from "../../enums/ssoEnums";
+import { SsoConfigView } from "../view/ssoConfigView";
 
 export class SsoConfigApi extends BaseResponse {
+  static fromView(view: SsoConfigView, api = new SsoConfigApi()) {
+    api.configType = view.configType;
+
+    api.keyConnectorEnabled = view.keyConnectorEnabled;
+    api.keyConnectorUrl = view.keyConnectorUrl;
+
+    if (api.configType === SsoType.OpenIdConnect) {
+      api.authority = view.openId.authority;
+      api.clientId = view.openId.clientId;
+      api.clientSecret = view.openId.clientSecret;
+      api.metadataAddress = view.openId.metadataAddress;
+      api.redirectBehavior = view.openId.redirectBehavior;
+      api.getClaimsFromUserInfoEndpoint = view.openId.getClaimsFromUserInfoEndpoint;
+      api.additionalScopes = view.openId.additionalScopes;
+      api.additionalUserIdClaimTypes = view.openId.additionalUserIdClaimTypes;
+      api.additionalEmailClaimTypes = view.openId.additionalEmailClaimTypes;
+      api.additionalNameClaimTypes = view.openId.additionalNameClaimTypes;
+      api.acrValues = view.openId.acrValues;
+      api.expectedReturnAcrValue = view.openId.expectedReturnAcrValue;
+    } else if (api.configType === SsoType.Saml2) {
+      api.spNameIdFormat = view.saml.spNameIdFormat;
+      api.spOutboundSigningAlgorithm = view.saml.spOutboundSigningAlgorithm;
+      api.spSigningBehavior = view.saml.spSigningBehavior;
+      api.spMinIncomingSigningAlgorithm = view.saml.spMinIncomingSigningAlgorithm;
+      api.spWantAssertionsSigned = view.saml.spWantAssertionsSigned;
+      api.spValidateCertificates = view.saml.spValidateCertificates;
+
+      api.idpEntityId = view.saml.idpEntityId;
+      api.idpBindingType = view.saml.idpBindingType;
+      api.idpSingleSignOnServiceUrl = view.saml.idpSingleSignOnServiceUrl;
+      api.idpSingleLogoutServiceUrl = view.saml.idpSingleLogoutServiceUrl;
+      api.idpArtifactResolutionServiceUrl = view.saml.idpArtifactResolutionServiceUrl;
+      api.idpX509PublicCert = view.saml.idpX509PublicCert;
+      api.idpOutboundSigningAlgorithm = view.saml.idpOutboundSigningAlgorithm;
+      api.idpAllowUnsolicitedAuthnResponse = view.saml.idpAllowUnsolicitedAuthnResponse;
+      api.idpWantAuthnRequestsSigned = view.saml.idpWantAuthnRequestsSigned;
+
+      // Value is inverted in the api model (disable instead of allow)
+      api.idpDisableOutboundLogoutRequests = !view.saml.idpAllowOutboundLogoutRequests;
+    }
+
+    return api;
+  }
   configType: SsoType;
 
   keyConnectorEnabled: boolean;