From e8445507101df4a0073e5b3baf96846e9e9fc9f8 Mon Sep 17 00:00:00 2001
From: Sae126V <saitejav2021@gmail.com>
Date: Wed, 8 Nov 2023 17:48:28 +0000
Subject: [PATCH] Add support for admin to customize login layout

---
 .../it/infn/mw/iam/config/IamProperties.java  |  43 ++++++
 .../DefaultLoginPageConfiguration.java        |  14 ++
 .../web/loginpage/LoginPageConfiguration.java |   4 +
 .../src/main/resources/application.yml        |   9 +-
 .../webapp/WEB-INF/views/iam/login-form.jsp   |  17 ++-
 .../main/webapp/WEB-INF/views/iam/login.jsp   | 127 +++++++++++-------
 .../src/main/webapp/resources/iam/css/iam.css |   5 +-
 7 files changed, 170 insertions(+), 49 deletions(-)

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/config/IamProperties.java b/iam-login-service/src/main/java/it/infn/mw/iam/config/IamProperties.java
index a6793d664..facb0a316 100644
--- a/iam-login-service/src/main/java/it/infn/mw/iam/config/IamProperties.java
+++ b/iam-login-service/src/main/java/it/infn/mw/iam/config/IamProperties.java
@@ -46,6 +46,11 @@ public enum LocalAuthenticationAllowedUsers {
     NONE
   }
 
+  public enum LoginPageLayoutOptions {
+    LOGIN_FORM,
+    LOGIN_EXTERNAL_AUTHN
+  }
+
   public enum LocalAuthenticationLoginPageMode {
     VISIBLE,
     HIDDEN,
@@ -390,6 +395,34 @@ public void setText(String text) {
     }
   }
 
+  public static class LoginPageLayout {
+
+    public enum ExternalAuthnOptions {
+      X509,
+      OIDC,
+      SAML
+    }
+
+    LoginPageLayoutOptions sectionToBeDisplayedFirst;
+    List<ExternalAuthnOptions> externalAuthnOrder;
+
+    public LoginPageLayoutOptions getSectionToBeDisplayedFirst() {
+      return sectionToBeDisplayedFirst;
+    }
+
+    public void setSectionToBeDisplayedFirst(LoginPageLayoutOptions sectionToBeDisplayedFirst) {
+      this.sectionToBeDisplayedFirst = sectionToBeDisplayedFirst;
+    }
+
+    public List<ExternalAuthnOptions> getExternalAuthnOrder() {
+      return externalAuthnOrder;
+    }
+
+    public void setExternalAuthnOrder(List<ExternalAuthnOptions> externalAuthnOrder) {
+      this.externalAuthnOrder = externalAuthnOrder;
+    }
+  }
+
   public static class RegistractionAccessToken {
     long lifetime = -1;
 
@@ -531,6 +564,8 @@ public void setLocation(String location) {
 
   private PrivacyPolicy privacyPolicy = new PrivacyPolicy();
 
+  private LoginPageLayout loginPageLayout = new LoginPageLayout();
+
   private ActuatorUserProperties actuatorUser = new ActuatorUserProperties();
 
   private JWTProfile jwtProfile = new JWTProfile();
@@ -631,6 +666,14 @@ public PrivacyPolicy getPrivacyPolicy() {
     return privacyPolicy;
   }
 
+  public LoginPageLayout getLoginPageLayout() {
+    return loginPageLayout;
+  }
+
+  public void setLoginLayout(LoginPageLayout loginPageLayout) {
+    this.loginPageLayout = loginPageLayout;
+  }
+
   public String getHost() {
     return host;
   }
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/core/web/loginpage/DefaultLoginPageConfiguration.java b/iam-login-service/src/main/java/it/infn/mw/iam/core/web/loginpage/DefaultLoginPageConfiguration.java
index 46fe84bdc..850a5f094 100644
--- a/iam-login-service/src/main/java/it/infn/mw/iam/core/web/loginpage/DefaultLoginPageConfiguration.java
+++ b/iam-login-service/src/main/java/it/infn/mw/iam/core/web/loginpage/DefaultLoginPageConfiguration.java
@@ -31,6 +31,7 @@
 
 import it.infn.mw.iam.config.IamProperties;
 import it.infn.mw.iam.config.IamProperties.Logo;
+import it.infn.mw.iam.config.IamProperties.LoginPageLayout.ExternalAuthnOptions;
 import it.infn.mw.iam.config.oidc.OidcProvider;
 import it.infn.mw.iam.config.oidc.OidcValidatedProviders;
 
@@ -48,6 +49,7 @@ public class DefaultLoginPageConfiguration implements LoginPageConfiguration, En
   private boolean registrationEnabled;
   private boolean localAuthenticationVisible;
   private boolean showLinkToLocalAuthn;
+  private boolean defaultLoginPageLayout;
 
   @Value("${iam.account-linking.enable}")
   private Boolean accountLinkingEnabled;
@@ -74,6 +76,8 @@ public void init() {
       .equals(iamProperties.getLocalAuthn().getLoginPageVisibility());
     showLinkToLocalAuthn = IamProperties.LocalAuthenticationLoginPageMode.HIDDEN_WITH_LINK
       .equals(iamProperties.getLocalAuthn().getLoginPageVisibility());
+    defaultLoginPageLayout = IamProperties.LoginPageLayoutOptions.LOGIN_FORM
+      .equals(iamProperties.getLoginPageLayout().getSectionToBeDisplayedFirst());
   }
 
   @Override
@@ -179,4 +183,14 @@ public boolean isIncludeCustomContent() {
   public String getCustomContentUrl() {
     return iamProperties.getCustomization().getCustomLoginPageContentUrl();
   }
+
+  @Override
+  public boolean isDefaultLoginPageLayout() {
+    return defaultLoginPageLayout;
+  }
+
+  @Override
+  public List<ExternalAuthnOptions> getExternalAuthnOptionsOrder() {
+    return iamProperties.getLoginPageLayout().getExternalAuthnOrder();
+  }
 }
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/core/web/loginpage/LoginPageConfiguration.java b/iam-login-service/src/main/java/it/infn/mw/iam/core/web/loginpage/LoginPageConfiguration.java
index ef428d68d..6e516855e 100644
--- a/iam-login-service/src/main/java/it/infn/mw/iam/core/web/loginpage/LoginPageConfiguration.java
+++ b/iam-login-service/src/main/java/it/infn/mw/iam/core/web/loginpage/LoginPageConfiguration.java
@@ -19,6 +19,7 @@
 import java.util.Optional;
 
 import it.infn.mw.iam.config.IamProperties.Logo;
+import it.infn.mw.iam.config.IamProperties.LoginPageLayout.ExternalAuthnOptions;
 import it.infn.mw.iam.config.oidc.OidcProvider;
 
 public interface LoginPageConfiguration {
@@ -55,4 +56,7 @@ public interface LoginPageConfiguration {
 
   Logo getLogo();
 
+  boolean isDefaultLoginPageLayout();
+
+  List<ExternalAuthnOptions> getExternalAuthnOptionsOrder();
 }
diff --git a/iam-login-service/src/main/resources/application.yml b/iam-login-service/src/main/resources/application.yml
index bf051419b..c4c1de4c6 100644
--- a/iam-login-service/src/main/resources/application.yml
+++ b/iam-login-service/src/main/resources/application.yml
@@ -119,7 +119,7 @@ iam:
     lifetime: ${IAM_REGISTRATION_TOKEN_LIFETIME:-1}  
 
   organisation:
-    name: ${IAM_ORGANISATION_NAME:indigo-dc}
+    name: ${IAM_ORGANISATION_NAME:IRIS-IAM}
   
   privacyPolicy:
     url: ${IAM_PRIVACY_POLICY_URL:}
@@ -181,6 +181,13 @@ iam:
     
   account-linking:
     enable: ${IAM_ACCOUNT_LINKING_ENABLE:true}
+    
+  login-page-layout:
+    section-to-be-displayed-first: ${IAM_LOGIN_LAYOUT_PRIMARY_CHOICE:LOGIN_FORM}
+    external-authn-order:
+      - x509
+      - oidc
+      - saml
 
 redis-cache:
   enabled: ${IAM_REDIS_CACHE_ENABLED:false}
diff --git a/iam-login-service/src/main/webapp/WEB-INF/views/iam/login-form.jsp b/iam-login-service/src/main/webapp/WEB-INF/views/iam/login-form.jsp
index 5b5bf5918..bfe91c528 100644
--- a/iam-login-service/src/main/webapp/WEB-INF/views/iam/login-form.jsp
+++ b/iam-login-service/src/main/webapp/WEB-INF/views/iam/login-form.jsp
@@ -19,8 +19,21 @@
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
 <%@ taglib prefix="t" tagdir="/WEB-INF/tags/iam"%>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
-<form id="login-form" action="/login" method="post">
-  <div class="signin-preamble text-muted">Sign in with your ${iamOrganisationName} credentials</div>
+<c:if test="${loginPageConfiguration.defaultLoginPageLayout}">
+  <c:set value="container-spacer" var="containerSpacer"></c:set>
+</c:if>
+
+<form id="login-form" class="${containerSpacer}" action="/login" method="post">
+  <div class="signin-preamble text-muted">
+    <c:choose>
+      <c:when test="${loginPageConfiguration.defaultLoginPageLayout}">
+        Sign in with your ${iamOrganisationName} credentials
+      </c:when>
+      <c:otherwise>
+        Or sign in with your ${iamOrganisationName} credentials
+      </c:otherwise>
+    </c:choose>
+  </div>
   <div class="form-group">
     <div class="input-group">
       <span class="input-group-addon">
diff --git a/iam-login-service/src/main/webapp/WEB-INF/views/iam/login.jsp b/iam-login-service/src/main/webapp/WEB-INF/views/iam/login.jsp
index 9b6ee9a91..38731e92b 100644
--- a/iam-login-service/src/main/webapp/WEB-INF/views/iam/login.jsp
+++ b/iam-login-service/src/main/webapp/WEB-INF/views/iam/login.jsp
@@ -72,62 +72,99 @@
             <h3>Welcome to <strong>${iamOrganisationName}</strong>
       </h3>
         </div>
+
+        <c:if test="${(loginPageConfiguration.localAuthenticationVisible or param.sll != null) && loginPageConfiguration.defaultLoginPageLayout}">
+            <jsp:include page="login-form.jsp" />
+        </c:if>
         
-        <c:if test="${loginPageConfiguration.localAuthenticationVisible or param.sll != null}">
-          <jsp:include page="login-form.jsp" />
+        <c:if test="${!loginPageConfiguration.defaultLoginPageLayout}">
+            <c:set value="container-spacer" var="containerSpacer"></c:set>
         </c:if>
         
-        <div id="login-external-authn">
+        <div id="login-external-authn" class="${containerSpacer}">
             <c:if
-        test="${loginPageConfiguration.oidcEnabled or loginPageConfiguration.samlEnabled or IAM_X509_CAN_LOGIN}">
-              <div class="ext-login-preamble text-muted">
+                test="${loginPageConfiguration.oidcEnabled or loginPageConfiguration.samlEnabled or IAM_X509_CAN_LOGIN}"
+            >
+                <div class="ext-login-preamble text-muted">
+                    <c:choose>
+                        <c:when
+                            test="${loginPageConfiguration.localAuthenticationVisible && loginPageConfiguration.defaultLoginPageLayout}"
+                        >
+                            Or sign in with
+                        </c:when>
+                        <c:otherwise>
+                            Sign in with
+                        </c:otherwise>
+                    </c:choose>
+                </div>
+            </c:if>
+
+            <c:forEach items="${loginPageConfiguration.externalAuthnOptionsOrder}" var="externalAuthnMethodName">
                 <c:choose>
-                    <c:when test="${ loginPageConfiguration.localAuthenticationVisible}">Or sign in with</c:when>
-                    <c:otherwise>
-                        Sign in with
-                    </c:otherwise>
+                    <c:when test="${externalAuthnMethodName == 'X509'}">
+                        <c:if test="${IAM_X509_CAN_LOGIN}">
+                            <div id="x509-login" class="ext-authn-login-button">
+                                <a
+                                    class="btn btn-block btn-default"
+                                    href="/dashboard?x509ClientAuth=true"
+                                    title="${IAM_X509_CRED.subject}"
+                                >
+                                    Your X.509 certificate
+                                </a>
+                            </div>
+                        </c:if>
+                    </c:when>
+
+                    <c:when test="${externalAuthnMethodName == 'OIDC'}">
+                        <c:if test="${loginPageConfiguration.oidcEnabled}">
+                            <c:forEach items="${loginPageConfiguration.oidcProviders}" var="provider">
+                                <t:loginButton
+                                    cssClass="ext-authn-login-button"
+                                    href="/openid_connect_login?iss=${provider.issuer}"
+                                    btn="${provider.loginButton}"
+                                    id="oidc-login-${provider.name}"
+                                 />
+                            </c:forEach>
+                        </c:if>
+                    </c:when>
+
+                    <c:when test="${ externalAuthnMethodName == 'SAML'}">
+                        <c:if test="${loginPageConfiguration.samlEnabled}">
+
+                            <!-- WAYF login button -->
+                            <c:if test="${iamSamlProperties.wayfLoginButton.visible}">
+                                <t:loginButton
+                                    href="/saml/login"
+                                    btn="${iamSamlProperties.wayfLoginButton}"
+                                    cssClass="ext-authn-login-button"
+                                    id="saml-login"
+                                />
+                            </c:if>
+
+                            <!-- SAML login shortcuts -->
+                            <c:forEach items="${iamSamlProperties.loginShortcuts}" var="ls">
+                                <c:if test="${ls.enabled}">
+                                    <t:loginButton
+                                        cssClass="ext-authn-login-button"
+                                        href="/saml/login?idp=${ls.entityId}"
+                                        btn="${ls.loginButton}"
+                                        id="saml-login-${ls.name}"
+                                    />
+                                </c:if>
+                            </c:forEach>
+                        </c:if>
+                    </c:when>
                 </c:choose>
-              </div>
-            </c:if>
-            
-            <c:if test="${IAM_X509_CAN_LOGIN}">
-              <div id="x509-login" class="ext-authn-login-button">
-                <a class="btn btn-block btn-default" href="/dashboard?x509ClientAuth=true"
-            title="${IAM_X509_CRED.subject}">
-                  Your X.509 certificate 
-               </a>
-              </div>
-            </c:if>
-            
-            <c:if test="${loginPageConfiguration.oidcEnabled}">
-            	<c:forEach items="${loginPageConfiguration.oidcProviders}" var="provider">
-                <t:loginButton cssClass="ext-authn-login-button" href="/openid_connect_login?iss=${provider.issuer}"
-            btn="${provider.loginButton}" id="oidc-login-${provider.name}" />
-            	</c:forEach> 
-            </c:if>
+            </c:forEach>
 
-            <c:if test="${loginPageConfiguration.samlEnabled}">
-                
-                <!-- WAYF login button -->
-                <c:if test="${iamSamlProperties.wayfLoginButton.visible}">
-                  <t:loginButton href="/saml/login" btn="${iamSamlProperties.wayfLoginButton}"
-            cssClass="ext-authn-login-button" id="saml-login" />
-                </c:if>
-                
-                <!-- SAML login shortcuts -->
-                <c:forEach items="${iamSamlProperties.loginShortcuts}" var="ls">
-                  <c:if test="${ls.enabled}">
-                    <t:loginButton cssClass="ext-authn-login-button" href="/saml/login?idp=${ls.entityId}"
-              btn="${ls.loginButton}" id="saml-login-${ls.name}" />
-                  </c:if>
-                </c:forEach>
-            </c:if>
-            
             <c:if test="${loginPageConfiguration.showLinkToLocalAuthenticationPage and param.sll == null}">
                 <a class="btn btn-block btn-login" href="/login?sll=y">Local credentials</a>
             </c:if>
         </div>
-        
+
+        <c:if test="${(loginPageConfiguration.localAuthenticationVisible or param.sll != null) && !loginPageConfiguration.defaultLoginPageLayout}">
+            <jsp:include page="login-form.jsp" />
+        </c:if>
 
         <c:if test="${loginPageConfiguration.registrationEnabled && loginPageConfiguration.showRegistrationButton}">
             
diff --git a/iam-login-service/src/main/webapp/resources/iam/css/iam.css b/iam-login-service/src/main/webapp/resources/iam/css/iam.css
index 28503cae3..2508b9319 100644
--- a/iam-login-service/src/main/webapp/resources/iam/css/iam.css
+++ b/iam-login-service/src/main/webapp/resources/iam/css/iam.css
@@ -66,7 +66,7 @@
 }
 
 #login-form {
-    padding-top: 1em;
+    padding-top: 2em;
     margin: 0 auto;
     max-width: 250px;
 }
@@ -684,3 +684,6 @@ body.skin-blue {
     border-bottom-right-radius: 5px;
 }
 
+.container-spacer {
+    padding-top: 1em !important;
+}