Multitenancy dashboard

[prateek3255]

Checklist for all the things related for building the dashboard:

APIs:

• [x] List all tenants
• [x] Get login methods and core config for a tenant
• [x] Create or updating a tenant
• [x] Delete a tenant
• [x] Adding a new third-party provider
• [x] Updating third-party provider
• [x] Deleting a third-party provider
• [x] Associate user to a tenant
• [x] Disassociate user from a tenant
• [x] API for fetching core config options
• [x] API for fetching enabled recipes

UI:

• [x] Initial tenants listing page
• [x] Tenants detail page
  • [x] Core Config Section Integration
  • [x] Enabled login methods and MFA integration
    • [x] Handle edge cases to show relevant warnings when the user had not initialized recipes for the enabled login methods
  • [x] CRUD for third party

TODOs:

• [x] The login methods shown in the tenant listing page should take into account the recipes that are enabled. See how the API for get login methods is working + even if third party is enabled but no providers are configured, we do not show third party there
• [x] In search on the frontend, trim it. Also, when searching, should it be case insensitive? This depends on if the core normalises the tenant id or not.
• [x] Error for missing license key needs to have a better message and also have correct english.
• [x] Create new tenant with capital letters is failing. (Core only allows lowercase letters)
• [x] If a tenant has no login methods enabled, show a warning in the UI that setting that tenant ID on the frontend will cause the frontend to throw an error. Show the the warning in tenant listing page (in the tenant id row) and in tenant details page
• [x] Second factor Ui is weird cause there is too much space between totp and the toggle
• [x] The UI in the details should distinguish between a factor being enabled in the tenant config but the recipe not initialised.
• [x] Need to show a warning in case email password and passwordless are both enabled in first factor cause the pre built UI does not support it.
• [x] The providers on the tenant details page should take into account the statically init providers.
• [x] When you enable third party for a tenant, it needs to enforce that at least one provider is configured statically or for that tenant.
• [x] If the mfa getRequiredFactorsForMFA has been overriden by the developer, then we show a warning on the tenant details page for second factors setting wherein we tell them that the toggle below may not do anything depending on your implementation of the function. This can be communicated to the dashboard via a variable in the bundle instead of making an API.
• [x] No need to make an API for getting recipes that are init, cause the backedn sdk can add them as a variable in the bundle.
• [x] The core config for public tenant should not be hidden, and instead communicate that it should be modified via the config.yaml or docker env vars. This only happens if the app is public, else you allow modifications. The dashboard can know if it's a public app based on the connection uri path that is given to it as a dashboard variable.
• [ ] why does tenant listing api change the order of the tenants?
• [x] ~Wrong english for the "no property added". Also, link to postgresql and mysql config.~ (UI changed so this is no longer applicable)
• [x] The UI to allow users to edit the core config. We show a list of all configs and against each config, we show the value if it's not hidden by saas, and then allow users to modify it. If it can't be modified becasue its saas protected config or app wide config, we tell them and tell them what they can do to modify it. For example, if it's access token lifetime, which is app wide, and this is the public app we tell them to modify it via the docker env var or via config yaml (or saas dashboard), but if it's non public app, we tell them to modify it on the public tenant and link it to them.
• [x] Further segment built in oauth providers to be social vs enterprise
• [x] Allow users to add suffix to built in third party id
• [x] Active directory needs to ask for directory and not OIDC endpoint.
• [x] Pre added scopes for all providers needs to be shown.
• [x] Remove condition from blocking adding same type of providers multiple times, handle showing suffix in the third party list and check suffix doesn't already exist
• [ ] Decide if we want to do per user secondary factor
• [ ] Decide if we want to consider taking DB settings when creating a tenant
• [x] Check there are no other APIs in dashboard for login methods that already incorporate recipes initialized if there are any either remove those APIs or update them
• [x] Ensure there is no duplication amongst any dashboard APIs
• [ ] Revisit tooltips copies for third party forms and update them wherever necessary
• [x] Finalize boxy-saml integration
• [x] ~Don't let the user delete the last provider if third party is enabled~
• [ ] Show that user needs to add usesDynamicLoginMethods to the frontend SDK if they're using pre-built UI on the tenant details page
• [x] Fix back button behaviour for tenant detail page, it should take back to the listing page
• [x] Open the add new providers section as a modal instead of a new screen
• [x] Finish the new UI for core config
• [x] Finish third party stuff
  • [x] Add and integrate API for fetching third party config
  • [x] Remove the BuiltInProvider component and merge it into a common component for handling both in-built and custom providers
  • [x] Add the setup step for certain providers for asking hosted domain directory id etc.
  • [x] Handle overrides in the third party form
• [x] When deleting tenant ask the user to enter tenant id as confirmation
• [x] Show the curl request for editing plugin fields in description
• [x] Refactor the logic for showing why core config is not editable
• [x] Fix CSS for third party dialog
• [x] no thirdparty available popup for add new thirdparty provider needs to change
  • [x] show it only while enabling thirdparty and not if thirdparty is already enabled
• [x] show names instead of thirdparty ids in the list of thirdparty
• [x] modifyable only from config.yaml file or docker env
• [x] change the UI for core properties (make it better)
• [x] Change plugin properties to Database properties
  • [x] Fix english typos
• [x] Add app-id in the connection URI and check that modal that shows curl command is correct
  • [x] Use good example for list of database props
• [x] Some database properties are editable so think about it
• [x] Don't turn on toggle in cases of error. Just remain in untoggled state
• [x] Update error messages in the node-sdk backend for things like no suitable recipe is initialised for a login method
• [x] add new thirdparty provider has double scrollbar
• [x] Add custom provider and Add Saml provider should have same button styling. Also update all the button styles
• [x] Add (Oauth) in the header after Enterprise Providers & Social Providers
• [x] While adding a new provider, the title should say "Configure new Provider"
• [x] Update UX of thirdparty id postfix
  • [x] thidparty id = google next to it add post fix with a ? explaing what that is. Clicking on add postfix will reveal text box and - should be added.
• [x] If third party id already exists, update the error message
• [x] Update info description for all fields
• [x] Deleting a first client left the popup unclosed. Please check
• [x] When selecting Sometimes, should accept email field
• [x] When selecting Sometimes, have a checkbox for require email
• [x] Move the question How often does the provider return email outside the map box
  • [x] keep email and email verified in all cases
• [x] remove additional fields like directoryId for google workspaces, active directory and okta
• [x] in additional config, keep the cross button in disabled state where necessary
• [x] Give examples for okta domain, directory id, etc. while adding them
• [x] Boxy url to be removed
• [x] When you go back from the add new provider page, the popup should not show up
• [x] fix responsiveness for everything
• [x] in thirdparty, while adding new client, copy everything over
• [x] in thirdparty, when clicking save, there is no proper feedback for form errors
• [x] remove note when selecting sometimes
  • [x] no note, but boolean will be there
• [x] #145
• [x] when you go back from provider form , you should go back to provider selection
• [x] update example for google workspaces. '*' is not enough.
• [x] core: postgresql_user shouldn't have been editable
• [x] core: don't show individual table names as config
• [x] typo modifyable -> modifiable
• [x] core: do not show deprecated properties
• [ ] sattvik: review the property editing forbidden cases and messages for the same
• [x] unable to delete last static thirdparty provider (should have turned off thirdparty ideally)
• [x] Apple private key should accept new line
• [ ] add test case: adding multiple saml providers for the same tenant should work properly
• [x] okta example url doesn't work, this needs to be fixed
• [x] Ensure that we show proper message indicating that Multitenancy is a paid feature

TODOs from core issue:

• [ ] How will this affect SaaS migration given that it's going to affect the master db and not the target db
  • When copying over master db info for a CUD, we will have to insert the two booleans as true in the sql query when migrating from older core to this new one.
• [ ] Any changes required to the dashbaord / backend apis once this change is done in the context of the tenant screen?
• [ ] Check that this case is fine
  1. create a tenant - now all toggles are off
  2. turn on otp-email in secondary factors -> this also enables passwordless recipe
  3. reload the tenant detail page -> turns on all passwordless factors in the first factors section (since firstFactors array is undefined at this point)
• [ ] ~Initialising new recipe will enable login methods for all tenants by default - think about this~
• [ ] Test third party deletion (for both, public and non public tenant)
  1. there are 2 static configs defined: google and facebook
  2. Delete facebook using the dashboard, google will remain
  3. Delete google using the dashboard, now since this is the last provider, thirdParty login method gets disabled
  4. Now enable thirdParty login method
• [ ] Check if golang and python SDKs require any changes
• [ ] Check for docs changes, esp where it might be weirdly different for node and golang/python What providers should you see now? statically defined ones or the last provider that was deleted? It should start from no providers
• [ ] Check that when creating a tenant, if the user forgets to add v2 and uses the inputs of v2, there are no undesired side effects. Make sure of this by extracting common function in the tenant creation handling.
• [ ] Return booleans from loginMethodsGET API in the SDK to prevent FDI version from changing
• [ ] check if firstFactors from tenant is going to be considered when MFA is not initialised in the SDK

Later TODOs:

• [ ] For built-in providers collapse all other fields apart from the client config and the provider id suffix field inside a section called advanced config, because the user doesn't need to care about those fields anyways but they can modify or view them if they want to under the advanced config section

• [ ] Add UI and APIs to for boxy HQ

  • [ ] Add an API that allows user to upload their SAML metadata file with the boxy URL and get client ID and secret accordingly, the API would accept the boxy UR, the SAML metadata .XML file, and other things required by boxy like name, description etc. and the API would call the boxy instance with the required info and generate the client ID and secret accordingly and return it to the frontend
  • [ ] For the UI whenever the user selects add SAML provider, we ask them the details like the URL to their boxyHQ instance, metadata file and other information required by the API and then use the above API to generate client ID and secret and then pre-populate those fields in the frontend UI in the next step

• [ ] New provider form needs to be designed. the alignments are off

• [ ] Add screenshots for where to find okta domain, directory id, etc.