From 541134a88f11252206483935451bcc0d776be684 Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Sun, 15 Sep 2024 22:22:28 -0400
Subject: [PATCH 01/36] sso init

---
 src/boot/axios.js                             |  12 +-
 .../modals/coresettings/EditCoreSettings.vue  |   8 +
 src/ee/sso/api/sso.ts                         |  97 ++++++++++
 src/ee/sso/components/SSOProvidersForm.vue    | 112 ++++++++++++
 src/ee/sso/components/SSOProvidersTable.vue   | 172 ++++++++++++++++++
 src/ee/sso/types/sso.ts                       |   8 +
 src/ee/sso/utils/cookies.ts                   |  15 ++
 src/ee/sso/views/ProviderCallback.vue         |  28 +++
 src/router/routes.js                          |   5 +
 src/views/LoginView.vue                       |  27 ++-
 10 files changed, 482 insertions(+), 2 deletions(-)
 create mode 100644 src/ee/sso/api/sso.ts
 create mode 100644 src/ee/sso/components/SSOProvidersForm.vue
 create mode 100644 src/ee/sso/components/SSOProvidersTable.vue
 create mode 100644 src/ee/sso/types/sso.ts
 create mode 100644 src/ee/sso/utils/cookies.ts
 create mode 100644 src/ee/sso/views/ProviderCallback.vue

diff --git a/src/boot/axios.js b/src/boot/axios.js
index 9bd758bf..a57aed0e 100644
--- a/src/boot/axios.js
+++ b/src/boot/axios.js
@@ -22,6 +22,8 @@ export function setErrorMessage(data, message) {
 export default function ({ app, router }) {
   app.config.globalProperties.$axios = axios;
 
+  axios.defaults.withCredentials = true;
+
   axios.interceptors.request.use(
     function (config) {
       const auth = useAuthStore();
@@ -60,7 +62,15 @@ export default function ({ app, router }) {
       }
       // unauthorized
       else if (error.response.status === 401) {
-        router.push({ path: "/expired" });
+        // bypass redirect for auth check endpoint
+        if (
+          error.config.url !== "_allauth/browser/v1/auth/session" ||
+          error.config.url !== "ws/dashinfo" // TODO once auth is working, need to extend it to websockets
+        ) {
+          return Promise.reject({ ...error });
+        } else {
+          router.push({ path: "/expired" });
+        }
       }
       // perms
       else if (error.response.status === 403) {
diff --git a/src/components/modals/coresettings/EditCoreSettings.vue b/src/components/modals/coresettings/EditCoreSettings.vue
index 23303293..e78b90c3 100644
--- a/src/components/modals/coresettings/EditCoreSettings.vue
+++ b/src/components/modals/coresettings/EditCoreSettings.vue
@@ -13,6 +13,7 @@
           <q-tab name="webhooks" label="Web Hooks" />
           <q-tab name="retention" label="Retention" />
           <q-tab name="apikeys" label="API Keys" />
+          <q-tab name="sso" label="SSO Integration" />
           <!-- <q-tab name="openai" label="Open AI" /> -->
         </q-tabs>
       </template>
@@ -636,6 +637,11 @@
                 <APIKeysTable />
               </q-tab-panel>
 
+              <!-- sso integration -->
+              <q-tab-panel name="sso">
+                <SSOProvidersTable />
+              </q-tab-panel>
+
               <!-- Open AI -->
               <!-- <q-tab-panel name="openai">
                 <div class="text-subtitle2">Open AI</div>
@@ -722,6 +728,7 @@ import CustomFields from "@/components/modals/coresettings/CustomFields.vue";
 import KeyStoreTable from "@/components/modals/coresettings/KeyStoreTable.vue";
 import URLActionsTable from "@/components/modals/coresettings/URLActionsTable.vue";
 import APIKeysTable from "@/components/core/APIKeysTable.vue";
+import SSOProvidersTable from "@/ee/sso/components/SSOProvidersTable.vue";
 
 export default {
   name: "EditCoreSettings",
@@ -731,6 +738,7 @@ export default {
     KeyStoreTable,
     URLActionsTable,
     APIKeysTable,
+    SSOProvidersTable,
     // ServerTasksTable,
   },
   mixins: [mixins],
diff --git a/src/ee/sso/api/sso.ts b/src/ee/sso/api/sso.ts
new file mode 100644
index 00000000..ec3dd136
--- /dev/null
+++ b/src/ee/sso/api/sso.ts
@@ -0,0 +1,97 @@
+import axios from "axios";
+import { getCookie } from "@/ee/sso/utils/cookies";
+import { getBaseUrl } from "@/boot/axios";
+
+import type { SSOProvider } from "@/ee/sso/types/sso";
+
+const baseUrl = "accounts";
+
+interface FormData {
+  provider: string;
+  process: string;
+  callback_url: string;
+  csrfmiddlewaretoken: string;
+}
+
+export function getCSRFToken() {
+  return getCookie("csrftoken");
+}
+
+// needed for sso provider redirect
+function postForm(url: string, data: FormData) {
+  const f = document.createElement("form");
+  f.method = "POST";
+  f.action = url;
+
+  for (const key in data) {
+    const d = document.createElement("input");
+    d.type = "hidden";
+    d.name = key;
+    d.value = data[key];
+    f.appendChild(d);
+  }
+  document.body.appendChild(f);
+  f.submit();
+}
+
+// sso providers
+export interface AllAuthResponse<T> {
+  data: T;
+  status: number;
+}
+
+export async function fetchSSOProviders(): Promise<SSOProvider> {
+  const { data } = await axios.get(`${baseUrl}/ssoproviders/`);
+  return data;
+}
+
+export async function addSSOProvider(payload: SSOProvider) {
+  const { data } = await axios.post(`${baseUrl}/ssoproviders/`, payload);
+  return data;
+}
+
+export async function editSSOProvider(id: number, payload: SSOProvider) {
+  const { data } = await axios.put(`${baseUrl}/ssoproviders/${id}/`, payload);
+  return data;
+}
+
+export async function removeSSOProvider(id: number) {
+  const { data } = await axios.delete(`${baseUrl}/ssoproviders/${id}/`);
+  return data;
+}
+
+export async function getCurrentSession() {
+  const { data } = await axios.get("_allauth/browser/v1/auth/session");
+  return data;
+}
+
+export interface SSOProviderConfig {
+  client_id: string;
+  flows: string[];
+  id: string;
+  name: string;
+}
+
+export interface SSOConfigResponseProviders {
+  providers: SSOProviderConfig[];
+}
+
+export interface SSOConfigResponse {
+  socialaccount: SSOConfigResponseProviders;
+}
+
+export async function getSSOConfig(): Promise<
+  AllAuthResponse<SSOConfigResponse>
+> {
+  const { data } = await axios.get("_allauth/browser/v1/config");
+  return data;
+}
+
+export async function openSSOProviderRedirect(id: string) {
+  postForm(`${getBaseUrl()}/_allauth/browser/v1/auth/provider/redirect`, {
+    provider: id,
+    process: "login",
+    callback_url: `${location.origin}/account/provider/callback`,
+    csrfmiddlewaretoken: getCSRFToken() || "",
+  });
+}
diff --git a/src/ee/sso/components/SSOProvidersForm.vue b/src/ee/sso/components/SSOProvidersForm.vue
new file mode 100644
index 00000000..b13f80b6
--- /dev/null
+++ b/src/ee/sso/components/SSOProvidersForm.vue
@@ -0,0 +1,112 @@
+<template>
+  <q-dialog ref="dialogRef" @hide="onDialogHide">
+    <q-card class="q-dialog-plugin" style="width: 50">
+      <q-bar>
+        {{ props.provider ? "Edit SSO Provider" : "Add SSO Provider" }}
+        <q-space />
+        <q-btn dense flat icon="close" v-close-popup>
+          <q-tooltip class="bg-white text-primary">Close</q-tooltip>
+        </q-btn>
+      </q-bar>
+
+      <!-- name -->
+      <q-card-section>
+        <q-input
+          :readonly="!!props.provider"
+          label="Name"
+          outlined
+          dense
+          v-model="localProvider.name"
+          :rules="[(val) => !!val || '*Required']"
+        />
+      </q-card-section>
+
+      <!-- url -->
+      <q-card-section>
+        <q-input
+          label="Server URL"
+          outlined
+          dense
+          v-model="localProvider.server_url"
+          :rules="[(val) => !!val || '*Required']"
+        />
+      </q-card-section>
+
+      <!-- client id -->
+      <q-card-section>
+        <q-input
+          label="Client ID"
+          outlined
+          dense
+          v-model="localProvider.client_id"
+          :rules="[(val) => !!val || '*Required']"
+        />
+      </q-card-section>
+
+      <!-- secret -->
+      <q-card-section>
+        <q-input
+          label="Secret"
+          outlined
+          dense
+          v-model="localProvider.secret"
+          :rules="[(val) => !!val || '*Required']"
+        />
+      </q-card-section>
+
+      <q-card-actions align="right">
+        <q-btn flat label="Cancel" v-close-popup />
+        <q-btn
+          flat
+          label="Submit"
+          color="primary"
+          :loading="loading"
+          @click="submit"
+        />
+      </q-card-actions>
+    </q-card>
+  </q-dialog>
+</template>
+
+<script setup lang="ts">
+// composition imports
+import { ref, reactive } from "vue";
+import { useDialogPluginComponent, extend } from "quasar";
+import { editSSOProvider, addSSOProvider } from "@/ee/sso/api/sso";
+import { notifySuccess } from "@/utils/notify";
+import { SSOProvider } from "@/types/accounts";
+
+// define emits
+defineEmits([...useDialogPluginComponent.emits]);
+
+// define props
+const props = defineProps<{ provider?: SSOProvider }>();
+
+const { dialogRef, onDialogHide, onDialogOK } = useDialogPluginComponent();
+
+const loading = ref(false);
+
+const localProvider: SSOProvider = props.provider
+  ? reactive(extend({}, props.provider))
+  : reactive({
+      id: 0,
+      name: "",
+      client_id: "",
+      secret: "",
+      server_url: "",
+    } as SSOProvider);
+
+async function submit() {
+  loading.value = true;
+
+  try {
+    props.provider
+      ? await editSSOProvider(localProvider.id, localProvider)
+      : await addSSOProvider(localProvider);
+    onDialogOK();
+    notifySuccess("SSO Provider was edited!");
+  } catch (e) {}
+
+  loading.value = false;
+}
+</script>
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
new file mode 100644
index 00000000..a5efed7d
--- /dev/null
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -0,0 +1,172 @@
+<template>
+  <div>
+    <div class="row">
+      <div class="text-subtitle2">SSO Providers</div>
+      <q-space />
+      <q-btn
+        size="sm"
+        color="grey-5"
+        icon="fas fa-plus"
+        text-color="black"
+        label="Add SSO Provider"
+        @click="addSSOProvider"
+      />
+    </div>
+    <q-separator />
+    <q-table
+      dense
+      :rows="providers"
+      :columns="columns"
+      :pagination="{ rowsPerPage: 0, sortBy: 'name', descending: true }"
+      row-key="id"
+      binary-state-sort
+      hide-pagination
+      virtual-scroll
+      :rows-per-page-options="[0]"
+      no-data-label="No SSO Providers added yet"
+      :loading="loading"
+    >
+      <!-- body slots -->
+      <template v-slot:body="props">
+        <q-tr
+          :props="props"
+          class="cursor-pointer"
+          @dblclick="editSSOProvider(props.row)"
+        >
+          <!-- context menu -->
+          <q-menu context-menu>
+            <q-list dense style="min-width: 200px">
+              <q-item
+                clickable
+                v-close-popup
+                @click="editSSOProvider(props.row)"
+              >
+                <q-item-section side>
+                  <q-icon name="edit" />
+                </q-item-section>
+                <q-item-section>Edit</q-item-section>
+              </q-item>
+              <q-item
+                clickable
+                v-close-popup
+                @click="deleteSSOProvider(props.row)"
+              >
+                <q-item-section side>
+                  <q-icon name="delete" />
+                </q-item-section>
+                <q-item-section>Delete</q-item-section>
+              </q-item>
+
+              <q-separator></q-separator>
+
+              <q-item clickable v-close-popup>
+                <q-item-section>Close</q-item-section>
+              </q-item>
+            </q-list>
+          </q-menu>
+          <!-- name -->
+          <q-td>
+            {{ props.row.name }}
+          </q-td>
+          <!-- server_url -->
+          <q-td>
+            {{ props.row.server_url }}
+          </q-td>
+          <!-- pattern -->
+          <q-td>
+            {{ props.row.client_id }}
+          </q-td>
+        </q-tr>
+      </template>
+    </q-table>
+  </div>
+</template>
+
+<script setup lang="ts">
+// composition imports
+import { ref, onMounted } from "vue";
+import { QTableColumn, useQuasar } from "quasar";
+import { fetchSSOProviders, removeSSOProvider } from "@/ee/sso/api/sso";
+import { notifySuccess } from "@/utils/notify";
+
+// ui imports
+import SSOProvidersForm from "@/components/modals/coresettings/SSOProvidersForm.vue";
+
+// types
+import { type SSOProvider } from "@/types/accounts";
+
+// setup quasar
+const $q = useQuasar();
+
+const loading = ref(false);
+
+const providers = ref([] as SSOProvider[]);
+
+const columns: QTableColumn[] = [
+  {
+    name: "name",
+    label: "Name",
+    field: "name",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "server_url",
+    label: "Server Url",
+    field: "server_url",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "client_id",
+    label: "Client ID",
+    field: "client_id",
+    align: "left",
+    sortable: true,
+  },
+];
+
+async function getSSOProviders() {
+  loading.value = true;
+  try {
+    providers.value = await fetchSSOProviders();
+  } catch (e) {
+    console.error(e);
+  }
+  loading.value = false;
+}
+
+function addSSOProvider() {
+  $q.dialog({
+    component: SSOProvidersForm,
+  }).onOk(getSSOProviders);
+}
+
+function editSSOProvider(provider: SSOProvider) {
+  $q.dialog({
+    component: SSOProvidersForm,
+    componentProps: {
+      provider: provider,
+    },
+  }).onOk(getSSOProviders);
+}
+
+function deleteSSOProvider(provider: SSOProvider) {
+  $q.dialog({
+    title: `Delete SSO Provider: ${provider.name}?`,
+    cancel: true,
+    ok: { label: "Delete", color: "negative" },
+  }).onOk(async () => {
+    loading.value = true;
+    try {
+      await removeSSOProvider(provider.id);
+      await getSSOProviders();
+      notifySuccess(`SSO Provider: ${provider.name} was deleted!`);
+    } catch (e) {
+      console.error(e);
+    }
+    loading.value = false;
+  });
+}
+onMounted(getSSOProviders);
+</script>
diff --git a/src/ee/sso/types/sso.ts b/src/ee/sso/types/sso.ts
new file mode 100644
index 00000000..18ad9d13
--- /dev/null
+++ b/src/ee/sso/types/sso.ts
@@ -0,0 +1,8 @@
+export interface SSOProvider {
+  id: number;
+  name: string;
+  provider_id: string;
+  client_id: string;
+  secret: string;
+  server_url: string;
+}
diff --git a/src/ee/sso/utils/cookies.ts b/src/ee/sso/utils/cookies.ts
new file mode 100644
index 00000000..681d043e
--- /dev/null
+++ b/src/ee/sso/utils/cookies.ts
@@ -0,0 +1,15 @@
+export function getCookie(name: string) {
+  let cookieValue = null;
+  if (document.cookie && document.cookie !== "") {
+    const cookies = document.cookie.split(";");
+    for (let i = 0; i < cookies.length; i++) {
+      const cookie = cookies[i].trim();
+      // Does this cookie string begin with the name we want?
+      if (cookie.substring(0, name.length + 1) === name + "=") {
+        cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+        break;
+      }
+    }
+  }
+  return cookieValue;
+}
diff --git a/src/ee/sso/views/ProviderCallback.vue b/src/ee/sso/views/ProviderCallback.vue
new file mode 100644
index 00000000..841f7b11
--- /dev/null
+++ b/src/ee/sso/views/ProviderCallback.vue
@@ -0,0 +1,28 @@
+<template>
+  <div class="fixed-center text-center" v-if="error">
+    <p class="text-faded">There was an error logging into your provider.</p>
+    <q-btn color="secondary" style="width: 200px" to="/login"
+      >Go back to Login</q-btn
+    >
+  </div>
+</template>
+
+<script lang="ts" setup>
+import { useRoute, useRouter } from "vue-router";
+import { useAuthStore } from "@/stores/auth";
+
+const route = useRoute();
+const error = route.params.error;
+
+const router = useRouter();
+
+const auth = useAuthStore();
+
+if (!error) {
+  if (auth.loggedIn) {
+    router.push({ name: "Dashboard" });
+  } else {
+    router.push({ name: "Login" });
+  }
+}
+</script>
diff --git a/src/router/routes.js b/src/router/routes.js
index ae418229..7f8c9145 100644
--- a/src/router/routes.js
+++ b/src/router/routes.js
@@ -75,6 +75,11 @@ const routes = [
     name: "SessionExpired",
     component: () => import("@/views/SessionExpired.vue"),
   },
+  {
+    path: "/account/provider/callback",
+    name: "ProviderCallback",
+    component: () => import("@/ee/sso/views/ProviderCallback.vue"),
+  },
   { path: "/:catchAll(.*)", component: () => import("@/views/NotFound.vue") },
 ];
 
diff --git a/src/views/LoginView.vue b/src/views/LoginView.vue
index 6d5fbabc..1bd448bf 100644
--- a/src/views/LoginView.vue
+++ b/src/views/LoginView.vue
@@ -49,7 +49,18 @@
               </div>
             </q-form>
           </q-card-section>
+
+          <q-card-section v-if="ssoProviders.length > 0">
+            <q-list dense v-for="provider in ssoProviders" :key="provider.id">
+              <q-item @click="openSSOProviderRedirect(provider.id)" clickable>
+                <q-item-section>
+                  <q-item-label>{{ provider.name }}</q-item-label>
+                </q-item-section>
+              </q-item>
+            </q-list>
+          </q-card-section>
         </q-card>
+
         <!-- 2 factor modal -->
         <q-dialog persistent v-model="prompt">
           <q-card style="min-width: 400px">
@@ -84,10 +95,16 @@
 </template>
 
 <script setup lang="ts">
-import { ref, reactive } from "vue";
+import { ref, reactive, onMounted } from "vue";
 import { type QForm, useQuasar } from "quasar";
 import { useAuthStore } from "@/stores/auth";
 import { useRouter } from "vue-router";
+import {
+  openSSOProviderRedirect,
+  getSSOConfig,
+  getCurrentSession,
+  type SSOProviderConfig,
+} from "@/ee/sso/api/sso";
 
 // setup quasar
 const $q = useQuasar();
@@ -107,6 +124,7 @@ const credentials = reactive({ username: "", password: "" });
 const twofactor = ref("");
 const prompt = ref(false);
 const showPassword = ref(true);
+const ssoProviders = ref([] as SSOProviderConfig[]);
 
 async function checkCreds() {
   try {
@@ -135,6 +153,13 @@ async function onSubmit() {
     prompt.value = false;
   }
 }
+
+onMounted(async () => {
+  const result = await getSSOConfig();
+  ssoProviders.value = result.data.socialaccount.providers;
+
+  await getCurrentSession();
+});
 </script>
 
 <style>

From 0eb81662d332ab3026042306a915e57fd5ccbb89 Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Sun, 15 Sep 2024 22:32:37 -0400
Subject: [PATCH 02/36] move sso auth to auth store

---
 src/ee/sso/views/ProviderCallback.vue | 17 ++++++++++++-----
 src/stores/auth.ts                    |  7 +++++++
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/ee/sso/views/ProviderCallback.vue b/src/ee/sso/views/ProviderCallback.vue
index 841f7b11..543bab0b 100644
--- a/src/ee/sso/views/ProviderCallback.vue
+++ b/src/ee/sso/views/ProviderCallback.vue
@@ -19,10 +19,17 @@ const router = useRouter();
 const auth = useAuthStore();
 
 if (!error) {
-  if (auth.loggedIn) {
-    router.push({ name: "Dashboard" });
-  } else {
-    router.push({ name: "Login" });
-  }
+  auth
+    .checkSessionAuth()
+    .then((r) => {
+      // auth was successful
+      console.log(r);
+      router.push({ name: "Dashboard" });
+    })
+    .catch((e) => {
+      // auth was not successful
+      console.error(e);
+      router.push({ name: "Login" });
+    });
 }
 </script>
diff --git a/src/stores/auth.ts b/src/stores/auth.ts
index b4855746..ee97fb53 100644
--- a/src/stores/auth.ts
+++ b/src/stores/auth.ts
@@ -1,5 +1,7 @@
 import { defineStore } from "pinia";
 import { useStorage } from "@vueuse/core";
+import { getCurrentSession } from "@/ee/sso/api/sso";
+
 import axios from "axios";
 
 interface CheckCredentialsRequest {
@@ -66,5 +68,10 @@ export const useAuthStore = defineStore("auth", {
       const { data } = await axios.post("/accounts/users/setup_totp/");
       return data;
     },
+    async checkSessionAuth() {
+      const result = await getCurrentSession();
+      console.log(result);
+      return result;
+    },
   },
 });

From 75a9ef88d1133bb9035b9eae3109cf28be5ffa4e Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Tue, 17 Sep 2024 23:24:55 -0400
Subject: [PATCH 03/36] implement session auth login logic and cleanup views

---
 src/ee/sso/api/sso.ts                       | 23 ++++++++++++++-------
 src/ee/sso/components/SSOProvidersTable.vue |  4 ++--
 src/ee/sso/views/ProviderCallback.vue       | 17 +++++----------
 src/router/routes.js                        |  5 -----
 src/stores/auth.ts                          |  6 ------
 src/views/LoginView.vue                     |  3 ---
 6 files changed, 23 insertions(+), 35 deletions(-)

diff --git a/src/ee/sso/api/sso.ts b/src/ee/sso/api/sso.ts
index ec3dd136..d120bb16 100644
--- a/src/ee/sso/api/sso.ts
+++ b/src/ee/sso/api/sso.ts
@@ -34,10 +34,15 @@ function postForm(url: string, data: FormData) {
   f.submit();
 }
 
+export interface MetaIsAuthenticated {
+  is_authenticated: boolean;
+}
+
 // sso providers
 export interface AllAuthResponse<T> {
   data: T;
   status: number;
+  meta?: MetaIsAuthenticated;
 }
 
 export async function fetchSSOProviders(): Promise<SSOProvider> {
@@ -60,8 +65,14 @@ export async function removeSSOProvider(id: number) {
   return data;
 }
 
-export async function getCurrentSession() {
-  const { data } = await axios.get("_allauth/browser/v1/auth/session");
+export async function getSSOProviderToken() {
+  const { data } = await axios.post(
+    `${baseUrl}/ssoproviders/token/`,
+    {},
+    {
+      headers: { "X-CSRFToken": getCSRFToken() },
+    },
+  );
   return data;
 }
 
@@ -72,12 +83,10 @@ export interface SSOProviderConfig {
   name: string;
 }
 
-export interface SSOConfigResponseProviders {
-  providers: SSOProviderConfig[];
-}
-
 export interface SSOConfigResponse {
-  socialaccount: SSOConfigResponseProviders;
+  socialaccount: {
+    providers: SSOProviderConfig[];
+  };
 }
 
 export async function getSSOConfig(): Promise<
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index a5efed7d..eaed39b9 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -90,10 +90,10 @@ import { fetchSSOProviders, removeSSOProvider } from "@/ee/sso/api/sso";
 import { notifySuccess } from "@/utils/notify";
 
 // ui imports
-import SSOProvidersForm from "@/components/modals/coresettings/SSOProvidersForm.vue";
+import SSOProvidersForm from "@/ee/sso/components/SSOProvidersForm.vue";
 
 // types
-import { type SSOProvider } from "@/types/accounts";
+import { type SSOProvider } from "@/ee/sso/types/sso";
 
 // setup quasar
 const $q = useQuasar();
diff --git a/src/ee/sso/views/ProviderCallback.vue b/src/ee/sso/views/ProviderCallback.vue
index 543bab0b..841f7b11 100644
--- a/src/ee/sso/views/ProviderCallback.vue
+++ b/src/ee/sso/views/ProviderCallback.vue
@@ -19,17 +19,10 @@ const router = useRouter();
 const auth = useAuthStore();
 
 if (!error) {
-  auth
-    .checkSessionAuth()
-    .then((r) => {
-      // auth was successful
-      console.log(r);
-      router.push({ name: "Dashboard" });
-    })
-    .catch((e) => {
-      // auth was not successful
-      console.error(e);
-      router.push({ name: "Login" });
-    });
+  if (auth.loggedIn) {
+    router.push({ name: "Dashboard" });
+  } else {
+    router.push({ name: "Login" });
+  }
 }
 </script>
diff --git a/src/router/routes.js b/src/router/routes.js
index 7f8c9145..ae418229 100644
--- a/src/router/routes.js
+++ b/src/router/routes.js
@@ -75,11 +75,6 @@ const routes = [
     name: "SessionExpired",
     component: () => import("@/views/SessionExpired.vue"),
   },
-  {
-    path: "/account/provider/callback",
-    name: "ProviderCallback",
-    component: () => import("@/ee/sso/views/ProviderCallback.vue"),
-  },
   { path: "/:catchAll(.*)", component: () => import("@/views/NotFound.vue") },
 ];
 
diff --git a/src/stores/auth.ts b/src/stores/auth.ts
index ee97fb53..cae2439b 100644
--- a/src/stores/auth.ts
+++ b/src/stores/auth.ts
@@ -1,6 +1,5 @@
 import { defineStore } from "pinia";
 import { useStorage } from "@vueuse/core";
-import { getCurrentSession } from "@/ee/sso/api/sso";
 
 import axios from "axios";
 
@@ -68,10 +67,5 @@ export const useAuthStore = defineStore("auth", {
       const { data } = await axios.post("/accounts/users/setup_totp/");
       return data;
     },
-    async checkSessionAuth() {
-      const result = await getCurrentSession();
-      console.log(result);
-      return result;
-    },
   },
 });
diff --git a/src/views/LoginView.vue b/src/views/LoginView.vue
index 1bd448bf..6ed50880 100644
--- a/src/views/LoginView.vue
+++ b/src/views/LoginView.vue
@@ -102,7 +102,6 @@ import { useRouter } from "vue-router";
 import {
   openSSOProviderRedirect,
   getSSOConfig,
-  getCurrentSession,
   type SSOProviderConfig,
 } from "@/ee/sso/api/sso";
 
@@ -157,8 +156,6 @@ async function onSubmit() {
 onMounted(async () => {
   const result = await getSSOConfig();
   ssoProviders.value = result.data.socialaccount.providers;
-
-  await getCurrentSession();
 });
 </script>
 

From 09e39ef6dac63cbee708cb58c7c04dc9c7d75209 Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Tue, 17 Sep 2024 23:30:31 -0400
Subject: [PATCH 04/36] rollback axios not redirecting on 401 errors for
 certain urls

---
 src/boot/axios.js | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/src/boot/axios.js b/src/boot/axios.js
index a57aed0e..185fdcbb 100644
--- a/src/boot/axios.js
+++ b/src/boot/axios.js
@@ -62,15 +62,7 @@ export default function ({ app, router }) {
       }
       // unauthorized
       else if (error.response.status === 401) {
-        // bypass redirect for auth check endpoint
-        if (
-          error.config.url !== "_allauth/browser/v1/auth/session" ||
-          error.config.url !== "ws/dashinfo" // TODO once auth is working, need to extend it to websockets
-        ) {
-          return Promise.reject({ ...error });
-        } else {
-          router.push({ path: "/expired" });
-        }
+        router.push({ path: "/expired" });
       }
       // perms
       else if (error.response.status === 403) {

From c31ed666b51fd4325dbbb4e7c4a0d2b5b8e389aa Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Sat, 28 Sep 2024 15:33:15 -0400
Subject: [PATCH 05/36] added user session tracking, social accoutn tracking, 
 and implemented local user logon blocking

---
 src/api/accounts.js                           |  28 ++
 src/api/core.ts                               |   7 +
 src/components/AdminManager.vue               | 335 +++++++++++-------
 src/components/accounts/UserSessionsTable.vue | 150 ++++++++
 .../modals/coresettings/EditCoreSettings.vue  |   1 -
 src/ee/sso/api/sso.ts                         |  59 ++-
 src/ee/sso/components/SSOAccountsTable.vue    | 141 ++++++++
 src/ee/sso/components/SSOProvidersForm.vue    |   6 +
 src/ee/sso/components/SSOProvidersTable.vue   |  61 +++-
 src/ee/sso/types/sso.ts                       |  19 +
 src/ee/sso/utils/cookies.ts                   |   6 +
 src/ee/sso/views/ProviderCallback.vue         |   6 +
 src/stores/auth.ts                            |   3 +
 src/types/accounts.ts                         |   9 +
 src/types/core/settings.ts                    |   3 +
 15 files changed, 684 insertions(+), 150 deletions(-)
 create mode 100644 src/components/accounts/UserSessionsTable.vue
 create mode 100644 src/ee/sso/components/SSOAccountsTable.vue
 create mode 100644 src/types/core/settings.ts

diff --git a/src/api/accounts.js b/src/api/accounts.js
index b0286732..217b9051 100644
--- a/src/api/accounts.js
+++ b/src/api/accounts.js
@@ -31,6 +31,34 @@ export async function resetTwoFactor() {
   }
 }
 
+// sessions api
+export async function fetchUserSessions(id) {
+  try {
+    const { data } = await axios.get(`${baseUrl}/users/${id}/sessions/`);
+    return data;
+  } catch (e) {
+    console.error(e);
+  }
+}
+
+export async function deleteAllUserSessions(id) {
+  try {
+    const { data } = await axios.delete(`${baseUrl}/users/${id}/sessions/`);
+    return data;
+  } catch (e) {
+    console.error(e);
+  }
+}
+
+export async function deleteUserSession(id) {
+  try {
+    const { data } = await axios.delete(`${baseUrl}/sessions/${id}/`);
+    return data;
+  } catch (e) {
+    console.error(e);
+  }
+}
+
 // role api function
 export async function fetchRoles(params = {}) {
   try {
diff --git a/src/api/core.ts b/src/api/core.ts
index 6aa77b65..11e91307 100644
--- a/src/api/core.ts
+++ b/src/api/core.ts
@@ -8,8 +8,15 @@ import type {
   TestRunURLActionResponse,
 } from "@/types/core/urlactions";
 
+import type { CoreSetting } from "@/types/core/settings";
+
 const baseUrl = "/core";
 
+export async function fetchCoreSettings(params = {}): Promise<CoreSetting> {
+  const { data } = await axios.get("/core/settings/", { params: params });
+  return data;
+}
+
 export async function fetchDashboardInfo(params = {}) {
   const { data } = await axios.get(`${baseUrl}/dashinfo/`, { params: params });
   return data;
diff --git a/src/components/AdminManager.vue b/src/components/AdminManager.vue
index e6eaa4f7..2e25bac4 100644
--- a/src/components/AdminManager.vue
+++ b/src/components/AdminManager.vue
@@ -1,159 +1,191 @@
 <template>
-  <div style="width: 900px; max-width: 90vw">
-    <q-card>
-      <q-bar>
+  <q-card style="width: 900px; max-width: 90vw; min-height: 50vh">
+    <q-bar>
+      <q-btn
+        ref="refresh"
+        @click="getUsers"
+        class="q-mr-sm"
+        dense
+        flat
+        push
+        icon="refresh"
+      />User Administration
+      <q-space />
+      <q-btn dense flat icon="close" v-close-popup>
+        <q-tooltip class="bg-white text-primary">Close</q-tooltip>
+      </q-btn>
+    </q-bar>
+    <div class="q-pa-md">
+      <div class="q-gutter-sm">
         <q-btn
-          ref="refresh"
-          @click="getUsers"
-          class="q-mr-sm"
+          ref="new"
+          label="New"
           dense
           flat
           push
-          icon="refresh"
-        />User Administration
-        <q-space />
-        <q-btn dense flat icon="close" v-close-popup>
-          <q-tooltip class="bg-white text-primary">Close</q-tooltip>
-        </q-btn>
-      </q-bar>
-      <div class="q-pa-md">
-        <div class="q-gutter-sm">
-          <q-btn
-            ref="new"
-            label="New"
-            dense
-            flat
-            push
-            unelevated
-            no-caps
-            icon="add"
-            @click="showAddUserModal"
-          />
-        </div>
-        <q-table
-          dense
-          :rows="users"
-          :columns="columns"
-          v-model:pagination="pagination"
-          row-key="id"
-          binary-state-sort
-          hide-pagination
-          virtual-scroll
-        >
-          <!-- header slots -->
-          <template v-slot:header-cell-is_active="props">
-            <q-th :props="props" auto-width>
-              <q-icon name="power_settings_new" size="1.5em">
-                <q-tooltip>Enable User</q-tooltip>
-              </q-icon>
-            </q-th>
-          </template>
+          unelevated
+          no-caps
+          icon="add"
+          @click="showAddUserModal"
+        />
+      </div>
+      <q-table
+        dense
+        :rows="users"
+        :columns="columns"
+        v-model:pagination="pagination"
+        row-key="id"
+        binary-state-sort
+        hide-pagination
+        virtual-scroll
+      >
+        <!-- header slots -->
+        <template v-slot:header-cell-is_active="props">
+          <q-th :props="props" auto-width>
+            <q-icon name="power_settings_new" size="1.5em">
+              <q-tooltip>Enable User</q-tooltip>
+            </q-icon>
+          </q-th>
+        </template>
 
-          <!-- No data Slot -->
-          <template v-slot:no-data>
-            <div class="full-width row flex-center q-gutter-sm">
-              <span v-if="users.length === 0">No Users</span>
-            </div>
-          </template>
+        <!-- No data Slot -->
+        <template v-slot:no-data>
+          <div class="full-width row flex-center q-gutter-sm">
+            <span v-if="users.length === 0">No Users</span>
+          </div>
+        </template>
 
-          <!-- body slots -->
-          <template v-slot:body="props">
-            <q-tr
-              :props="props"
-              class="cursor-pointer"
-              @dblclick="showEditUserModal(props.row)"
-            >
-              <!-- context menu -->
-              <q-menu context-menu>
-                <q-list dense style="min-width: 200px">
-                  <q-item
-                    clickable
-                    v-close-popup
-                    @click="showEditUserModal(props.row)"
-                  >
-                    <q-item-section side>
-                      <q-icon name="edit" />
-                    </q-item-section>
-                    <q-item-section>Edit</q-item-section>
-                  </q-item>
-                  <q-item
-                    clickable
-                    v-close-popup
-                    @click="deleteUser(props.row)"
-                    :disable="props.row.username === logged_in_user"
-                  >
-                    <q-item-section side>
-                      <q-icon name="delete" />
-                    </q-item-section>
-                    <q-item-section>Delete</q-item-section>
-                  </q-item>
+        <!-- body slots -->
+        <template v-slot:body="props">
+          <q-tr
+            :props="props"
+            class="cursor-pointer"
+            @dblclick="showEditUserModal(props.row)"
+          >
+            <!-- context menu -->
+            <q-menu context-menu>
+              <q-list dense style="min-width: 200px">
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="showEditUserModal(props.row)"
+                >
+                  <q-item-section side>
+                    <q-icon name="edit" />
+                  </q-item-section>
+                  <q-item-section>Edit</q-item-section>
+                </q-item>
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="deleteUser(props.row)"
+                  :disable="props.row.username === logged_in_user"
+                >
+                  <q-item-section side>
+                    <q-icon name="delete" />
+                  </q-item-section>
+                  <q-item-section>Delete</q-item-section>
+                </q-item>
 
-                  <q-separator></q-separator>
+                <q-separator></q-separator>
 
-                  <q-item
-                    clickable
-                    v-close-popup
-                    @click="ResetPassword(props.row)"
-                    id="context-reset"
-                  >
-                    <q-item-section side>
-                      <q-icon name="autorenew" />
-                    </q-item-section>
-                    <q-item-section>Reset Password</q-item-section>
-                  </q-item>
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="ResetPassword(props.row)"
+                  id="context-reset"
+                  :disable="localLogonDisabled"
+                >
+                  <q-item-section side>
+                    <q-icon name="autorenew" />
+                  </q-item-section>
+                  <q-item-section>Reset Password</q-item-section>
+                </q-item>
 
-                  <q-item
-                    clickable
-                    v-close-popup
-                    @click="reset2FA(props.row)"
-                    id="context-reset"
-                  >
-                    <q-item-section side>
-                      <q-icon name="autorenew" />
-                    </q-item-section>
-                    <q-item-section>Reset Two-Factor Auth</q-item-section>
-                  </q-item>
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="reset2FA(props.row)"
+                  id="context-reset"
+                  :disable="localLogonDisabled"
+                >
+                  <q-item-section side>
+                    <q-icon name="autorenew" />
+                  </q-item-section>
+                  <q-item-section>Reset Two-Factor Auth</q-item-section>
+                </q-item>
 
-                  <q-separator></q-separator>
+                <q-separator></q-separator>
 
-                  <q-item clickable v-close-popup>
-                    <q-item-section>Close</q-item-section>
-                  </q-item>
-                </q-list>
-              </q-menu>
-              <!-- enabled checkbox -->
-              <q-td>
-                <q-checkbox
-                  dense
-                  @update:model-value="toggleEnabled(props.row)"
-                  v-model="props.row.is_active"
-                  :disable="props.row.username === logged_in_user"
-                />
-              </q-td>
-              <q-td>{{ props.row.username }}</q-td>
-              <q-td>{{ props.row.first_name }} {{ props.row.last_name }}</q-td>
-              <q-td>{{ props.row.email }}</q-td>
-              <q-td v-if="props.row.last_login">{{
-                formatDate(props.row.last_login)
-              }}</q-td>
-              <q-td v-else>Never</q-td>
-              <q-td>{{ props.row.last_login_ip }}</q-td>
-            </q-tr>
-          </template>
-        </q-table>
-      </div>
-    </q-card>
-  </div>
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="showSSOAccounts(props.row)"
+                  id="context-reset"
+                  :disable="props.row.social_accounts.length === 0"
+                >
+                  <q-item-section side>
+                    <q-icon name="groups" />
+                  </q-item-section>
+                  <q-item-section>Show Connected SSO Accounts</q-item-section>
+                </q-item>
+
+                <q-item
+                  clickable
+                  v-close-popup
+                  @click="showSessions(props.row)"
+                  id="context-reset"
+                >
+                  <q-item-section side>
+                    <q-icon name="groups" />
+                  </q-item-section>
+                  <q-item-section>Show Active Sessions</q-item-section>
+                </q-item>
+
+                <q-separator></q-separator>
+
+                <q-item clickable v-close-popup>
+                  <q-item-section>Close</q-item-section>
+                </q-item>
+              </q-list>
+            </q-menu>
+            <!-- enabled checkbox -->
+            <q-td>
+              <q-checkbox
+                dense
+                @update:model-value="toggleEnabled(props.row)"
+                v-model="props.row.is_active"
+                :disable="props.row.username === logged_in_user"
+              />
+            </q-td>
+            <q-td>{{ props.row.username }}</q-td>
+            <q-td>{{ props.row.first_name }} {{ props.row.last_name }}</q-td>
+            <q-td>{{ props.row.email }}</q-td>
+            <q-td v-if="props.row.last_login">{{
+              formatDate(props.row.last_login)
+            }}</q-td>
+            <q-td v-else>Never</q-td>
+            <q-td>{{ props.row.last_login_ip }}</q-td>
+          </q-tr>
+        </template>
+      </q-table>
+    </div>
+  </q-card>
 </template>
 
 <script>
 import mixins from "@/mixins/mixins";
-import { computed } from "vue";
+import { computed, onMounted, ref } from "vue";
 import { useStore } from "vuex";
+import { useQuasar } from "quasar";
+import { fetchCoreSettings } from "@/api/core";
+
 import { mapState as piniaMapState } from "pinia";
 import { useAuthStore } from "@/stores/auth";
 import UserForm from "@/components/modals/admin/UserForm.vue";
 import UserResetPasswordForm from "@/components/modals/admin/UserResetPasswordForm.vue";
+import SSOAccountsTable from "@/ee/sso/components/SSOAccountsTable.vue";
+import UserSessionsTable from "@/components/accounts/UserSessionsTable.vue";
 
 export default {
   name: "AdminManager",
@@ -163,8 +195,41 @@ export default {
     const store = useStore();
     const formatDate = computed(() => store.getters.formatDate);
 
+    const $q = useQuasar();
+
+    const localLogonDisabled = ref(false);
+
+    function showSSOAccounts(user) {
+      $q.dialog({
+        component: SSOAccountsTable,
+        componentProps: {
+          user,
+        },
+      });
+    }
+
+    async function getCoreSettings() {
+      const result = await fetchCoreSettings();
+
+      localLogonDisabled.value = result.block_local_user_logon;
+    }
+
+    async function showSessions(user) {
+      $q.dialog({
+        component: UserSessionsTable,
+        componentProps: {
+          user,
+        },
+      });
+    }
+
+    onMounted(getCoreSettings);
+
     return {
+      localLogonDisabled,
       formatDate,
+      showSSOAccounts,
+      showSessions,
     };
   },
   data() {
diff --git a/src/components/accounts/UserSessionsTable.vue b/src/components/accounts/UserSessionsTable.vue
new file mode 100644
index 00000000..f6c0b3a8
--- /dev/null
+++ b/src/components/accounts/UserSessionsTable.vue
@@ -0,0 +1,150 @@
+<template>
+  <q-dialog ref="dialogRef" @hide="onDialogHide">
+    <q-card style="width: 60vw; max-width: 90vw; min-height: 40vh">
+      <q-bar>
+        User Sessions for {{ user.username }}
+        <q-space />
+        <q-btn v-close-popup dense flat icon="close">
+          <q-tooltip class="bg-white text-primary">Close</q-tooltip>
+        </q-btn>
+      </q-bar>
+      <q-table
+        dense
+        :table-class="{
+          'table-bgcolor': !$q.dark.isActive,
+          'table-bgcolor-dark': $q.dark.isActive,
+        }"
+        :style="{ 'max-height': `${$q.screen.height - 24}px` }"
+        class="tbl-sticky"
+        :rows="sessions"
+        :columns="columns"
+        :loading="loading"
+        :pagination="{ rowsPerPage: 0, sortBy: 'display', descending: true }"
+        row-key="id"
+        binary-state-sort
+        virtual-scroll
+        :rows-per-page-options="[0]"
+      >
+        <template #top>
+          <q-space />
+          <q-btn
+            label="Remove All Sessions"
+            @click="removeAllSessions"
+            size="sm"
+            color="negative"
+          />
+        </template>
+        <template #body="props">
+          <q-tr>
+            <!-- rows -->
+            <td>{{ props.row.created }}</td>
+            <td>{{ props.row.expiry }}</td>
+            <td>
+              <q-btn
+                size="sm"
+                @click="removeSession(props.row)"
+                label="Disconnect"
+                color="negative"
+              ></q-btn>
+            </td>
+          </q-tr>
+        </template>
+      </q-table>
+    </q-card>
+  </q-dialog>
+</template>
+
+<script setup lang="ts">
+// composition imports
+import { onMounted, ref } from "vue";
+import { useDialogPluginComponent, useQuasar, type QTableColumn } from "quasar";
+import { notifySuccess } from "@/utils/notify";
+
+import {
+  fetchUserSessions,
+  deleteAllUserSessions,
+  deleteUserSession,
+} from "@/api/accounts";
+
+//types
+import type { SSOUser } from "@/ee/sso/types/sso";
+import type { AuthToken } from "@/types/accounts";
+
+const columns: QTableColumn[] = [
+  {
+    name: "created",
+    label: "Created",
+    field: "created",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "expiry",
+    label: "Expires",
+    field: "expiry",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "action",
+    label: "",
+    field: "action",
+    align: "left",
+    sortable: true,
+  },
+];
+
+// emits
+defineEmits([...useDialogPluginComponent.emits]);
+
+// props
+const props = defineProps<{
+  user: SSOUser;
+}>();
+
+const { dialogRef, onDialogHide } = useDialogPluginComponent();
+const $q = useQuasar();
+
+const sessions = ref([] as AuthToken[]);
+const loading = ref(false);
+
+function removeSession(token: AuthToken) {
+  $q.dialog({
+    title: `Disconnect session for ${token.user}?`,
+    cancel: true,
+    ok: { label: "Delete", color: "negative" },
+  }).onOk(async () => {
+    loading.value = true;
+    try {
+      await deleteUserSession(token.digest);
+      notifySuccess("Login session deleted successfully");
+    } finally {
+      loading.value = false;
+      await getSessions();
+    }
+  });
+}
+
+function removeAllSessions() {
+  $q.dialog({
+    title: `Disconnect all sessions for ${props.user.username}?`,
+    cancel: true,
+    ok: { label: "Delete", color: "negative" },
+  }).onOk(async () => {
+    loading.value = true;
+    try {
+      await deleteAllUserSessions(props.user.id);
+      notifySuccess("Login sessions deleted successfully");
+    } finally {
+      loading.value = false;
+      onDialogHide();
+    }
+  });
+}
+
+async function getSessions() {
+  sessions.value = await fetchUserSessions(props.user.id);
+}
+
+onMounted(getSessions);
+</script>
diff --git a/src/components/modals/coresettings/EditCoreSettings.vue b/src/components/modals/coresettings/EditCoreSettings.vue
index e78b90c3..d31e4dd6 100644
--- a/src/components/modals/coresettings/EditCoreSettings.vue
+++ b/src/components/modals/coresettings/EditCoreSettings.vue
@@ -739,7 +739,6 @@ export default {
     URLActionsTable,
     APIKeysTable,
     SSOProvidersTable,
-    // ServerTasksTable,
   },
   mixins: [mixins],
   data() {
diff --git a/src/ee/sso/api/sso.ts b/src/ee/sso/api/sso.ts
index d120bb16..0531232d 100644
--- a/src/ee/sso/api/sso.ts
+++ b/src/ee/sso/api/sso.ts
@@ -34,16 +34,7 @@ function postForm(url: string, data: FormData) {
   f.submit();
 }
 
-export interface MetaIsAuthenticated {
-  is_authenticated: boolean;
-}
-
 // sso providers
-export interface AllAuthResponse<T> {
-  data: T;
-  status: number;
-  meta?: MetaIsAuthenticated;
-}
 
 export async function fetchSSOProviders(): Promise<SSOProvider> {
   const { data } = await axios.get(`${baseUrl}/ssoproviders/`);
@@ -65,6 +56,24 @@ export async function removeSSOProvider(id: number) {
   return data;
 }
 
+export interface SSOSettings {
+  block_local_user_logon: boolean;
+}
+
+export async function fetchSSOSettings(): Promise<SSOSettings> {
+  const { data } = await axios.get(`${baseUrl}/ssoproviders/settings/`);
+  return data;
+}
+
+export async function updateSSOSettings(settings: SSOSettings) {
+  console.log(settings);
+  const { data } = await axios.post(
+    `${baseUrl}/ssoproviders/settings/`,
+    settings,
+  );
+  return data;
+}
+
 export async function getSSOProviderToken() {
   const { data } = await axios.post(
     `${baseUrl}/ssoproviders/token/`,
@@ -76,6 +85,17 @@ export async function getSSOProviderToken() {
   return data;
 }
 
+// allauth
+const allauthBase = "_allauth/browser/v1";
+
+export interface AllAuthResponse<T> {
+  data: T;
+  status: number;
+  meta?: {
+    is_autheticated: boolean;
+  };
+}
+
 export interface SSOProviderConfig {
   client_id: string;
   flows: string[];
@@ -92,12 +112,29 @@ export interface SSOConfigResponse {
 export async function getSSOConfig(): Promise<
   AllAuthResponse<SSOConfigResponse>
 > {
-  const { data } = await axios.get("_allauth/browser/v1/config");
+  const { data } = await axios.get(`${allauthBase}/config`);
+  return data;
+}
+
+export interface SSOAccountsResponse {
+  uid: string;
+  display: string;
+  provider: SSOProviderConfig;
+}
+
+export async function disconnectSSOAccount(
+  provider: string,
+  account: string,
+): Promise<AllAuthResponse<SSOAccountsResponse[]>> {
+  const { data } = await axios.delete(`${allauthBase}/account/providers`, {
+    data: { provider, account },
+    headers: { "X-CSRFToken": getCSRFToken() },
+  });
   return data;
 }
 
 export async function openSSOProviderRedirect(id: string) {
-  postForm(`${getBaseUrl()}/_allauth/browser/v1/auth/provider/redirect`, {
+  postForm(`${getBaseUrl()}/${allauthBase}/auth/provider/redirect`, {
     provider: id,
     process: "login",
     callback_url: `${location.origin}/account/provider/callback`,
diff --git a/src/ee/sso/components/SSOAccountsTable.vue b/src/ee/sso/components/SSOAccountsTable.vue
new file mode 100644
index 00000000..e982050a
--- /dev/null
+++ b/src/ee/sso/components/SSOAccountsTable.vue
@@ -0,0 +1,141 @@
+<!--
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+-->
+
+<template>
+  <q-dialog ref="dialogRef" @hide="onDialogHide">
+    <q-card style="width: 60vw; max-width: 90vw; min-height: 40vh">
+      <q-bar>
+        Connected Social Accounts for {{ user.username }}
+        <q-space />
+        <q-btn v-close-popup dense flat icon="close">
+          <q-tooltip class="bg-white text-primary">Close</q-tooltip>
+        </q-btn>
+      </q-bar>
+      <q-table
+        dense
+        :table-class="{
+          'table-bgcolor': !$q.dark.isActive,
+          'table-bgcolor-dark': $q.dark.isActive,
+        }"
+        :style="{ 'max-height': `${$q.screen.height - 24}px` }"
+        class="tbl-sticky"
+        :rows="user.social_accounts"
+        :columns="columns"
+        :loading="loading"
+        :pagination="{ rowsPerPage: 0, sortBy: 'display', descending: true }"
+        row-key="id"
+        binary-state-sort
+        virtual-scroll
+        :rows-per-page-options="[0]"
+      >
+        <template #body="props">
+          <q-tr>
+            <!-- rows -->
+            <td>{{ props.row.display }}</td>
+            <td>{{ props.row.provider }}</td>
+            <td>{{ props.row.last_login }}</td>
+            <td>{{ props.row.date_joined }}</td>
+            <td>
+              <q-btn
+                size="sm"
+                @click="removeSSOAccount(props.row)"
+                label="Disconnect"
+                color="negative"
+              ></q-btn>
+            </td>
+          </q-tr>
+        </template>
+      </q-table>
+    </q-card>
+  </q-dialog>
+</template>
+
+<script setup lang="ts">
+// composition imports
+import { ref } from "vue";
+import { useDialogPluginComponent, useQuasar, type QTableColumn } from "quasar";
+import { disconnectSSOAccount } from "@/ee/sso/api/sso";
+import { notifySuccess } from "@/utils/notify";
+import { useAuthStore } from "@/stores/auth";
+
+//types
+import type { SSOAccount, SSOUser } from "../types/sso";
+
+const columns: QTableColumn[] = [
+  {
+    name: "display",
+    label: "Display Name",
+    field: "display",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "provider",
+    label: "Provider",
+    field: "provider",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "last_login",
+    label: "Last Login",
+    field: "last_login",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "date_joined",
+    label: "Date Joined",
+    field: "date_joined",
+    align: "left",
+    sortable: true,
+  },
+  {
+    name: "action",
+    label: "",
+    field: "action",
+    align: "left",
+    sortable: true,
+  },
+];
+
+// emits
+defineEmits([...useDialogPluginComponent.emits]);
+
+// props
+const props = defineProps<{
+  user: SSOUser;
+}>();
+
+const { dialogRef, onDialogHide } = useDialogPluginComponent();
+const $q = useQuasar();
+const auth = useAuthStore();
+
+const loading = ref(false);
+
+function removeSSOAccount(account: SSOAccount) {
+  $q.dialog({
+    title: `Disconnect social account: ${account.display}? If you are signed in with this account you will be logged off`,
+    cancel: true,
+    ok: { label: "Delete", color: "negative" },
+  }).onOk(async () => {
+    loading.value = true;
+    try {
+      await disconnectSSOAccount(account.provider, account.uid);
+      notifySuccess("Social account disconnected successfully");
+      if (
+        auth.username === props.user.username &&
+        auth.ssoLoginProvider === account.provider
+      ) {
+        await auth.logout();
+      }
+    } finally {
+      loading.value = false;
+      onDialogHide();
+    }
+  });
+}
+</script>
diff --git a/src/ee/sso/components/SSOProvidersForm.vue b/src/ee/sso/components/SSOProvidersForm.vue
index b13f80b6..3f77b710 100644
--- a/src/ee/sso/components/SSOProvidersForm.vue
+++ b/src/ee/sso/components/SSOProvidersForm.vue
@@ -1,3 +1,9 @@
+<!--
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+-->
+
 <template>
   <q-dialog ref="dialogRef" @hide="onDialogHide">
     <q-card class="q-dialog-plugin" style="width: 50">
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index eaed39b9..cc61a2bb 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -1,3 +1,9 @@
+<!--
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+-->
+
 <template>
   <div>
     <div class="row">
@@ -26,6 +32,23 @@
       no-data-label="No SSO Providers added yet"
       :loading="loading"
     >
+      <template v-slot:top>
+        <q-space />
+        <q-btn
+          @click="
+            changeSSOSettings({
+              block_local_user_logon: !ssoSettings.block_local_user_logon,
+            })
+          "
+          :label="
+            ssoSettings.block_local_user_logon
+              ? 'Allow Local Logon'
+              : 'Block Local Logon'
+          "
+          no-caps
+          color="primary"
+        />
+      </template>
       <!-- body slots -->
       <template v-slot:body="props">
         <q-tr
@@ -86,7 +109,13 @@
 // composition imports
 import { ref, onMounted } from "vue";
 import { QTableColumn, useQuasar } from "quasar";
-import { fetchSSOProviders, removeSSOProvider } from "@/ee/sso/api/sso";
+import {
+  fetchSSOProviders,
+  removeSSOProvider,
+  fetchSSOSettings,
+  updateSSOSettings,
+  type SSOSettings,
+} from "@/ee/sso/api/sso";
 import { notifySuccess } from "@/utils/notify";
 
 // ui imports
@@ -101,7 +130,7 @@ const $q = useQuasar();
 const loading = ref(false);
 
 const providers = ref([] as SSOProvider[]);
-
+const ssoSettings = ref({} as SSOSettings);
 const columns: QTableColumn[] = [
   {
     name: "name",
@@ -136,6 +165,28 @@ async function getSSOProviders() {
   loading.value = false;
 }
 
+async function getSSOSettings() {
+  loading.value = true;
+  try {
+    ssoSettings.value = await fetchSSOSettings();
+  } catch (e) {
+    console.error(e);
+  }
+  loading.value = false;
+}
+
+async function changeSSOSettings(data: SSOSettings) {
+  loading.value = true;
+  try {
+    ssoSettings.value = await updateSSOSettings(data);
+    await getSSOSettings();
+    notifySuccess("Settings updated successfully");
+  } catch (e) {
+    console.error(e);
+  }
+  loading.value = false;
+}
+
 function addSSOProvider() {
   $q.dialog({
     component: SSOProvidersForm,
@@ -168,5 +219,9 @@ function deleteSSOProvider(provider: SSOProvider) {
     loading.value = false;
   });
 }
-onMounted(getSSOProviders);
+
+onMounted(async () => {
+  await getSSOProviders();
+  await getSSOSettings();
+});
 </script>
diff --git a/src/ee/sso/types/sso.ts b/src/ee/sso/types/sso.ts
index 18ad9d13..0e5fe102 100644
--- a/src/ee/sso/types/sso.ts
+++ b/src/ee/sso/types/sso.ts
@@ -1,3 +1,10 @@
+/*
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+*/
+
+import { User } from "@/types/accounts";
 export interface SSOProvider {
   id: number;
   name: string;
@@ -6,3 +13,15 @@ export interface SSOProvider {
   secret: string;
   server_url: string;
 }
+
+export interface SSOAccount {
+  uid: string;
+  display: string;
+  provider: string;
+  last_login: string;
+  date_joined: string;
+}
+
+export interface SSOUser extends User {
+  social_accounts: SSOAccount[];
+}
diff --git a/src/ee/sso/utils/cookies.ts b/src/ee/sso/utils/cookies.ts
index 681d043e..c646413d 100644
--- a/src/ee/sso/utils/cookies.ts
+++ b/src/ee/sso/utils/cookies.ts
@@ -1,3 +1,9 @@
+/*
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+*/
+
 export function getCookie(name: string) {
   let cookieValue = null;
   if (document.cookie && document.cookie !== "") {
diff --git a/src/ee/sso/views/ProviderCallback.vue b/src/ee/sso/views/ProviderCallback.vue
index 841f7b11..0a4c9c62 100644
--- a/src/ee/sso/views/ProviderCallback.vue
+++ b/src/ee/sso/views/ProviderCallback.vue
@@ -1,3 +1,9 @@
+<!--
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+-->
+
 <template>
   <div class="fixed-center text-center" v-if="error">
     <p class="text-faded">There was an error logging into your provider.</p>
diff --git a/src/stores/auth.ts b/src/stores/auth.ts
index cae2439b..68fe6f78 100644
--- a/src/stores/auth.ts
+++ b/src/stores/auth.ts
@@ -29,6 +29,7 @@ export const useAuthStore = defineStore("auth", {
   state: () => ({
     username: useStorage("user_name", null),
     token: useStorage("access_token", null),
+    ssoLoginProvider: useStorage("sso_provider", null),
   }),
   getters: {
     loggedIn: (state) => {
@@ -51,6 +52,7 @@ export const useAuthStore = defineStore("auth", {
       const { data } = await axios.post("/v2/login/", credentials);
       this.username = data.username;
       this.token = data.token;
+      this.ssoLoginProvider = null;
 
       return data;
     },
@@ -62,6 +64,7 @@ export const useAuthStore = defineStore("auth", {
       }
       this.token = null;
       this.username = null;
+      this.ssoLoginProvider = null;
     },
     async setupTotp(): Promise<TOTPSetupResponse | false> {
       const { data } = await axios.post("/accounts/users/setup_totp/");
diff --git a/src/types/accounts.ts b/src/types/accounts.ts
index 48dcde5c..bdb60f62 100644
--- a/src/types/accounts.ts
+++ b/src/types/accounts.ts
@@ -1,4 +1,13 @@
 export interface User {
   id: number;
   username: string;
+  name: string;
+  email: string;
+}
+
+export interface AuthToken {
+  digest: string;
+  created: string;
+  expiry: string;
+  user: string;
 }
diff --git a/src/types/core/settings.ts b/src/types/core/settings.ts
new file mode 100644
index 00000000..b0432523
--- /dev/null
+++ b/src/types/core/settings.ts
@@ -0,0 +1,3 @@
+export interface CoreSetting {
+  block_local_user_logon: boolean;
+}

From 65096e6b8875521996f3913f7a92eda9c60db392 Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Tue, 8 Oct 2024 07:21:44 -0400
Subject: [PATCH 06/36] implement role assignment on sso user signups and log
 ip for sso logins

---
 src/composables/accounts.js                 | 26 ++++++++++++++++++++-
 src/ee/sso/api/sso.ts                       |  3 +--
 src/ee/sso/components/SSOProvidersForm.vue  | 24 ++++++++++++++++++-
 src/ee/sso/components/SSOProvidersTable.vue |  1 +
 src/ee/sso/types/sso.ts                     |  1 +
 5 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/src/composables/accounts.js b/src/composables/accounts.js
index 8c4a1fb3..210eb072 100644
--- a/src/composables/accounts.js
+++ b/src/composables/accounts.js
@@ -1,5 +1,5 @@
 import { ref, onMounted } from "vue";
-import { fetchUsers } from "@/api/accounts";
+import { fetchUsers, fetchRoles } from "@/api/accounts";
 import { formatUserOptions } from "@/utils/format";
 
 export function useUserDropdown(onMount = false) {
@@ -44,3 +44,27 @@ export function useUserDropdown(onMount = false) {
     getDynamicUserOptions,
   };
 }
+
+export function useRoleDropdown(opts = {}) {
+  const roleOptions = ref([]);
+  async function getRoleOptions() {
+    const roles = await fetchRoles();
+    console.log(roles);
+    roleOptions.value = roles.map((role) => ({
+      value: role.id,
+      label: role.name,
+    }));
+  }
+
+  if (opts.onMount) {
+    onMounted(getRoleOptions);
+  }
+
+  return {
+    //data
+    roleOptions,
+
+    //methods
+    getRoleOptions,
+  };
+}
diff --git a/src/ee/sso/api/sso.ts b/src/ee/sso/api/sso.ts
index 0531232d..6cdd5842 100644
--- a/src/ee/sso/api/sso.ts
+++ b/src/ee/sso/api/sso.ts
@@ -36,7 +36,7 @@ function postForm(url: string, data: FormData) {
 
 // sso providers
 
-export async function fetchSSOProviders(): Promise<SSOProvider> {
+export async function fetchSSOProviders(): Promise<SSOProvider[]> {
   const { data } = await axios.get(`${baseUrl}/ssoproviders/`);
   return data;
 }
@@ -66,7 +66,6 @@ export async function fetchSSOSettings(): Promise<SSOSettings> {
 }
 
 export async function updateSSOSettings(settings: SSOSettings) {
-  console.log(settings);
   const { data } = await axios.post(
     `${baseUrl}/ssoproviders/settings/`,
     settings,
diff --git a/src/ee/sso/components/SSOProvidersForm.vue b/src/ee/sso/components/SSOProvidersForm.vue
index 3f77b710..9a0e77fa 100644
--- a/src/ee/sso/components/SSOProvidersForm.vue
+++ b/src/ee/sso/components/SSOProvidersForm.vue
@@ -60,6 +60,19 @@ For details, see: https://license.tacticalrmm.com/ee
         />
       </q-card-section>
 
+      <q-card-section>
+        <tactical-dropdown
+          label="Default Role"
+          :options="roleOptions"
+          outlined
+          dense
+          clearable
+          mapOptions
+          filled
+          v-model="localProvider.role"
+        />
+      </q-card-section>
+
       <q-card-actions align="right">
         <q-btn flat label="Cancel" v-close-popup />
         <q-btn
@@ -80,7 +93,13 @@ import { ref, reactive } from "vue";
 import { useDialogPluginComponent, extend } from "quasar";
 import { editSSOProvider, addSSOProvider } from "@/ee/sso/api/sso";
 import { notifySuccess } from "@/utils/notify";
-import { SSOProvider } from "@/types/accounts";
+import { useRoleDropdown } from "@/composables/accounts";
+
+// components
+import TacticalDropdown from "@/components/ui/TacticalDropdown.vue";
+
+// types
+import type { SSOProvider } from "@/ee/sso/types/sso";
 
 // define emits
 defineEmits([...useDialogPluginComponent.emits]);
@@ -92,6 +111,8 @@ const { dialogRef, onDialogHide, onDialogOK } = useDialogPluginComponent();
 
 const loading = ref(false);
 
+const { roleOptions } = useRoleDropdown({ onMount: true });
+
 const localProvider: SSOProvider = props.provider
   ? reactive(extend({}, props.provider))
   : reactive({
@@ -100,6 +121,7 @@ const localProvider: SSOProvider = props.provider
       client_id: "",
       secret: "",
       server_url: "",
+      role: null,
     } as SSOProvider);
 
 async function submit() {
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index cc61a2bb..9815889b 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -47,6 +47,7 @@ For details, see: https://license.tacticalrmm.com/ee
           "
           no-caps
           color="primary"
+          size="sm"
         />
       </template>
       <!-- body slots -->
diff --git a/src/ee/sso/types/sso.ts b/src/ee/sso/types/sso.ts
index 0e5fe102..d76c8289 100644
--- a/src/ee/sso/types/sso.ts
+++ b/src/ee/sso/types/sso.ts
@@ -12,6 +12,7 @@ export interface SSOProvider {
   client_id: string;
   secret: string;
   server_url: string;
+  role: number | null;
 }
 
 export interface SSOAccount {

From d0cf72bbd2a1b1efdfff54c3aeb126e99f0017bf Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Fri, 18 Oct 2024 11:05:20 -0400
Subject: [PATCH 07/36] fix 403 on sso provider signup and other tweaks to UI.
 Setting to disable SSO

---
 src/boot/axios.js                             |   7 +-
 src/components/accounts/UserSessionsTable.vue |   6 +-
 src/ee/sso/api/sso.ts                         |   6 +-
 src/ee/sso/components/SSOAccountsTable.vue    |   5 +-
 src/ee/sso/components/SSOProvidersTable.vue   |  63 +++--------
 src/ee/sso/components/SSOSettings.vue         | 104 ++++++++++++++++++
 src/ee/sso/types/sso.ts                       |   5 +
 7 files changed, 139 insertions(+), 57 deletions(-)
 create mode 100644 src/ee/sso/components/SSOSettings.vue

diff --git a/src/boot/axios.js b/src/boot/axios.js
index 185fdcbb..914ebfd5 100644
--- a/src/boot/axios.js
+++ b/src/boot/axios.js
@@ -21,7 +21,6 @@ export function setErrorMessage(data, message) {
 
 export default function ({ app, router }) {
   app.config.globalProperties.$axios = axios;
-
   axios.defaults.withCredentials = true;
 
   axios.interceptors.request.use(
@@ -67,7 +66,11 @@ export default function ({ app, router }) {
       // perms
       else if (error.response.status === 403) {
         // don't notify user if method is GET
-        if (error.config.method === "get" || error.config.method === "patch")
+        if (
+          error.config.method === "get" ||
+          error.config.method === "patch" ||
+          error.config.url === "accounts/ssoproviders/token/"
+        )
           return Promise.reject({ ...error });
         text = error.response.data.detail;
       }
diff --git a/src/components/accounts/UserSessionsTable.vue b/src/components/accounts/UserSessionsTable.vue
index f6c0b3a8..6f8242f1 100644
--- a/src/components/accounts/UserSessionsTable.vue
+++ b/src/components/accounts/UserSessionsTable.vue
@@ -37,8 +37,8 @@
         <template #body="props">
           <q-tr>
             <!-- rows -->
-            <td>{{ props.row.created }}</td>
-            <td>{{ props.row.expiry }}</td>
+            <td>{{ formatDate(props.row.created) }}</td>
+            <td>{{ formatDate(props.row.expiry) }}</td>
             <td>
               <q-btn
                 size="sm"
@@ -59,7 +59,7 @@
 import { onMounted, ref } from "vue";
 import { useDialogPluginComponent, useQuasar, type QTableColumn } from "quasar";
 import { notifySuccess } from "@/utils/notify";
-
+import { formatDate } from "@/utils/format";
 import {
   fetchUserSessions,
   deleteAllUserSessions,
diff --git a/src/ee/sso/api/sso.ts b/src/ee/sso/api/sso.ts
index 6cdd5842..e7e1b3e0 100644
--- a/src/ee/sso/api/sso.ts
+++ b/src/ee/sso/api/sso.ts
@@ -2,7 +2,7 @@ import axios from "axios";
 import { getCookie } from "@/ee/sso/utils/cookies";
 import { getBaseUrl } from "@/boot/axios";
 
-import type { SSOProvider } from "@/ee/sso/types/sso";
+import type { SSOProvider, SSOSettings } from "@/ee/sso/types/sso";
 
 const baseUrl = "accounts";
 
@@ -56,10 +56,6 @@ export async function removeSSOProvider(id: number) {
   return data;
 }
 
-export interface SSOSettings {
-  block_local_user_logon: boolean;
-}
-
 export async function fetchSSOSettings(): Promise<SSOSettings> {
   const { data } = await axios.get(`${baseUrl}/ssoproviders/settings/`);
   return data;
diff --git a/src/ee/sso/components/SSOAccountsTable.vue b/src/ee/sso/components/SSOAccountsTable.vue
index e982050a..565a0970 100644
--- a/src/ee/sso/components/SSOAccountsTable.vue
+++ b/src/ee/sso/components/SSOAccountsTable.vue
@@ -36,8 +36,8 @@ For details, see: https://license.tacticalrmm.com/ee
             <!-- rows -->
             <td>{{ props.row.display }}</td>
             <td>{{ props.row.provider }}</td>
-            <td>{{ props.row.last_login }}</td>
-            <td>{{ props.row.date_joined }}</td>
+            <td>{{ formatDate(props.row.last_login) }}</td>
+            <td>{{ formatDate(props.row.date_joined) }}</td>
             <td>
               <q-btn
                 size="sm"
@@ -60,6 +60,7 @@ import { useDialogPluginComponent, useQuasar, type QTableColumn } from "quasar";
 import { disconnectSSOAccount } from "@/ee/sso/api/sso";
 import { notifySuccess } from "@/utils/notify";
 import { useAuthStore } from "@/stores/auth";
+import { formatDate } from "@/utils/format";
 
 //types
 import type { SSOAccount, SSOUser } from "../types/sso";
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index 9815889b..192fa07a 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -33,18 +33,9 @@ For details, see: https://license.tacticalrmm.com/ee
       :loading="loading"
     >
       <template v-slot:top>
-        <q-space />
         <q-btn
-          @click="
-            changeSSOSettings({
-              block_local_user_logon: !ssoSettings.block_local_user_logon,
-            })
-          "
-          :label="
-            ssoSettings.block_local_user_logon
-              ? 'Allow Local Logon'
-              : 'Block Local Logon'
-          "
+          @click="openSSOSettings"
+          label="SSO Settings"
           no-caps
           color="primary"
           size="sm"
@@ -90,15 +81,18 @@ For details, see: https://license.tacticalrmm.com/ee
           </q-menu>
           <!-- name -->
           <q-td>
-            {{ props.row.name }}
+            {{ truncateText(props.row.name, 35) }}
+            <q-tooltip>{{ props.row.name }}</q-tooltip>
           </q-td>
           <!-- server_url -->
           <q-td>
-            {{ props.row.server_url }}
+            {{ truncateText(props.row.server_url, 35) }}
+            <q-tooltip>{{ props.row.server_url }}</q-tooltip>
           </q-td>
           <!-- pattern -->
           <q-td>
-            {{ props.row.client_id }}
+            {{ truncateText(props.row.client_id, 35) }}
+            <q-tooltip>{{ props.row.client_id }}</q-tooltip>
           </q-td>
         </q-tr>
       </template>
@@ -110,20 +104,16 @@ For details, see: https://license.tacticalrmm.com/ee
 // composition imports
 import { ref, onMounted } from "vue";
 import { QTableColumn, useQuasar } from "quasar";
-import {
-  fetchSSOProviders,
-  removeSSOProvider,
-  fetchSSOSettings,
-  updateSSOSettings,
-  type SSOSettings,
-} from "@/ee/sso/api/sso";
+import { fetchSSOProviders, removeSSOProvider } from "@/ee/sso/api/sso";
 import { notifySuccess } from "@/utils/notify";
+import { truncateText } from "@/utils/format";
 
 // ui imports
 import SSOProvidersForm from "@/ee/sso/components/SSOProvidersForm.vue";
 
 // types
 import { type SSOProvider } from "@/ee/sso/types/sso";
+import SSOSettings from "@/ee/sso/components/SSOSettings.vue";
 
 // setup quasar
 const $q = useQuasar();
@@ -131,7 +121,7 @@ const $q = useQuasar();
 const loading = ref(false);
 
 const providers = ref([] as SSOProvider[]);
-const ssoSettings = ref({} as SSOSettings);
+
 const columns: QTableColumn[] = [
   {
     name: "name",
@@ -166,28 +156,6 @@ async function getSSOProviders() {
   loading.value = false;
 }
 
-async function getSSOSettings() {
-  loading.value = true;
-  try {
-    ssoSettings.value = await fetchSSOSettings();
-  } catch (e) {
-    console.error(e);
-  }
-  loading.value = false;
-}
-
-async function changeSSOSettings(data: SSOSettings) {
-  loading.value = true;
-  try {
-    ssoSettings.value = await updateSSOSettings(data);
-    await getSSOSettings();
-    notifySuccess("Settings updated successfully");
-  } catch (e) {
-    console.error(e);
-  }
-  loading.value = false;
-}
-
 function addSSOProvider() {
   $q.dialog({
     component: SSOProvidersForm,
@@ -221,8 +189,13 @@ function deleteSSOProvider(provider: SSOProvider) {
   });
 }
 
+function openSSOSettings() {
+  $q.dialog({
+    component: SSOSettings,
+  });
+}
+
 onMounted(async () => {
   await getSSOProviders();
-  await getSSOSettings();
 });
 </script>
diff --git a/src/ee/sso/components/SSOSettings.vue b/src/ee/sso/components/SSOSettings.vue
new file mode 100644
index 00000000..4a4e3c80
--- /dev/null
+++ b/src/ee/sso/components/SSOSettings.vue
@@ -0,0 +1,104 @@
+<!--
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+-->
+
+<template>
+  <q-dialog ref="dialogRef" @hide="onDialogHide">
+    <q-card class="q-dialog-plugin" style="width: 50">
+      <q-bar>
+        SSO Settings
+        <q-space />
+        <q-btn dense flat icon="close" v-close-popup>
+          <q-tooltip class="bg-white text-primary">Close</q-tooltip>
+        </q-btn>
+      </q-bar>
+
+      <!-- disable sso-->
+      <q-card-section>
+        <q-checkbox
+          dense
+          label="Enable SSO"
+          v-model="ssoSettings.sso_enabled"
+        />
+      </q-card-section>
+
+      <!-- block local user logon -->
+      <q-card-section>
+        <q-checkbox
+          dense
+          label="Block Local Logon"
+          v-model="ssoSettings.block_local_user_logon"
+          :disable="!ssoSettings.sso_enabled"
+        />
+      </q-card-section>
+
+      <q-card-actions align="right">
+        <q-btn flat label="Cancel" v-close-popup />
+        <q-btn
+          flat
+          label="Submit"
+          color="primary"
+          :loading="loading"
+          @click="submit"
+        />
+      </q-card-actions>
+    </q-card>
+  </q-dialog>
+</template>
+
+<script setup lang="ts">
+// composition imports
+import { ref, watch, onMounted } from "vue";
+import { useDialogPluginComponent } from "quasar";
+import { notifySuccess } from "@/utils/notify";
+import { fetchSSOSettings, updateSSOSettings } from "@/ee/sso/api/sso";
+
+// types
+import { SSOSettings } from "../types/sso";
+
+// define emits
+defineEmits([...useDialogPluginComponent.emits]);
+
+const { dialogRef, onDialogHide, onDialogOK } = useDialogPluginComponent();
+
+const ssoSettings = ref({} as SSOSettings);
+const loading = ref(false);
+
+// watcher to disable block local login if sso is disabled
+watch(
+  () => ssoSettings.value.sso_enabled,
+  (newValue) => {
+    if (newValue) {
+      ssoSettings.value.block_local_user_logon = false;
+    }
+  },
+);
+async function getSSOSettings() {
+  loading.value = true;
+  try {
+    ssoSettings.value = await fetchSSOSettings();
+  } catch (e) {
+    console.error(e);
+  }
+  loading.value = false;
+}
+
+async function submit() {
+  loading.value = true;
+  try {
+    ssoSettings.value = await updateSSOSettings(ssoSettings.value);
+    await getSSOSettings();
+    notifySuccess("Settings updated successfully");
+    onDialogOK();
+  } catch (e) {
+    console.error(e);
+  }
+  loading.value = false;
+}
+
+onMounted(async () => {
+  await getSSOSettings();
+});
+</script>
diff --git a/src/ee/sso/types/sso.ts b/src/ee/sso/types/sso.ts
index d76c8289..a8604372 100644
--- a/src/ee/sso/types/sso.ts
+++ b/src/ee/sso/types/sso.ts
@@ -26,3 +26,8 @@ export interface SSOAccount {
 export interface SSOUser extends User {
   social_accounts: SSOAccount[];
 }
+
+export interface SSOSettings {
+  sso_enabled: boolean;
+  block_local_user_logon: boolean;
+}

From 0e59f580c3b1d9544cccac9e0acc9d5e7f6e29a1 Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Fri, 18 Oct 2024 20:01:42 -0400
Subject: [PATCH 08/36] auto redirect to sso login on sso signup

---
 src/ee/sso/api/sso.ts                 | 3 +++
 src/ee/sso/views/ProviderCallback.vue | 4 +---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/ee/sso/api/sso.ts b/src/ee/sso/api/sso.ts
index e7e1b3e0..9ae88e02 100644
--- a/src/ee/sso/api/sso.ts
+++ b/src/ee/sso/api/sso.ts
@@ -1,6 +1,7 @@
 import axios from "axios";
 import { getCookie } from "@/ee/sso/utils/cookies";
 import { getBaseUrl } from "@/boot/axios";
+import { useStorage } from "@vueuse/core";
 
 import type { SSOProvider, SSOSettings } from "@/ee/sso/types/sso";
 
@@ -129,6 +130,8 @@ export async function disconnectSSOAccount(
 }
 
 export async function openSSOProviderRedirect(id: string) {
+  //save provider to local storage
+  useStorage("provider_id", id);
   postForm(`${getBaseUrl()}/${allauthBase}/auth/provider/redirect`, {
     provider: id,
     process: "login",
diff --git a/src/ee/sso/views/ProviderCallback.vue b/src/ee/sso/views/ProviderCallback.vue
index 0a4c9c62..749353f1 100644
--- a/src/ee/sso/views/ProviderCallback.vue
+++ b/src/ee/sso/views/ProviderCallback.vue
@@ -18,12 +18,10 @@ import { useRoute, useRouter } from "vue-router";
 import { useAuthStore } from "@/stores/auth";
 
 const route = useRoute();
-const error = route.params.error;
+const error = route.query.error;
 
 const router = useRouter();
-
 const auth = useAuthStore();
-
 if (!error) {
   if (auth.loggedIn) {
     router.push({ name: "Dashboard" });

From 856a3b8b96f5773cf0051b9764cd389522735577 Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Mon, 21 Oct 2024 11:29:51 -0400
Subject: [PATCH 09/36] allow dispay full name in UI if present

---
 src/layouts/MainLayout.vue | 4 ++--
 src/stores/auth.ts         | 7 +++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index c0c1d237..6d3a3b3b 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -157,7 +157,7 @@
 
         <AlertsIcon />
 
-        <q-btn-dropdown flat no-caps stretch :label="username || ''">
+        <q-btn-dropdown flat no-caps stretch :label="displayName || ''">
           <q-list>
             <q-item
               clickable
@@ -240,7 +240,7 @@ const {
   daysUntilCertExpires,
 } = storeToRefs(useDashboardStore());
 
-const { username } = storeToRefs(useAuthStore());
+const { displayName } = storeToRefs(useAuthStore());
 
 const darkMode = computed({
   get: () => {
diff --git a/src/stores/auth.ts b/src/stores/auth.ts
index 68fe6f78..57db6375 100644
--- a/src/stores/auth.ts
+++ b/src/stores/auth.ts
@@ -28,6 +28,7 @@ interface TOTPSetupResponse {
 export const useAuthStore = defineStore("auth", {
   state: () => ({
     username: useStorage("user_name", null),
+    name: useStorage("name", null),
     token: useStorage("access_token", null),
     ssoLoginProvider: useStorage("sso_provider", null),
   }),
@@ -35,6 +36,9 @@ export const useAuthStore = defineStore("auth", {
     loggedIn: (state) => {
       return state.token !== null;
     },
+    displayName: (state) => {
+      return state.name ? state.name : state.username;
+    },
   },
   actions: {
     async checkCredentials(
@@ -45,12 +49,14 @@ export const useAuthStore = defineStore("auth", {
       if (!data.totp) {
         this.token = data.token;
         this.username = data.username;
+        this.name = data.name;
       }
       return data;
     },
     async login(credentials: LoginRequest) {
       const { data } = await axios.post("/v2/login/", credentials);
       this.username = data.username;
+      this.name = data.name;
       this.token = data.token;
       this.ssoLoginProvider = null;
 
@@ -64,6 +70,7 @@ export const useAuthStore = defineStore("auth", {
       }
       this.token = null;
       this.username = null;
+      this.name = null;
       this.ssoLoginProvider = null;
     },
     async setupTotp(): Promise<TOTPSetupResponse | false> {

From 0ce8da44c1412034261298604ded1a3821303a1d Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Tue, 22 Oct 2024 11:53:32 -0400
Subject: [PATCH 10/36] add sso user column in user table and fix disconnecting
 sso accounts

---
 src/components/AdminManager.vue             | 19 ++++++++++++
 src/ee/sso/api/sso.ts                       | 33 ++++++++-------------
 src/ee/sso/components/SSOAccountsTable.vue  |  3 +-
 src/ee/sso/components/SSOProvidersTable.vue | 25 ++++++++++++++--
 4 files changed, 57 insertions(+), 23 deletions(-)

diff --git a/src/components/AdminManager.vue b/src/components/AdminManager.vue
index 2e25bac4..029a1502 100644
--- a/src/components/AdminManager.vue
+++ b/src/components/AdminManager.vue
@@ -48,6 +48,10 @@
           </q-th>
         </template>
 
+        <template v-slot:header-cell-sso="props">
+          <q-th :props="props" auto-width></q-th>
+        </template>
+
         <!-- No data Slot -->
         <template v-slot:no-data>
           <div class="full-width row flex-center q-gutter-sm">
@@ -158,6 +162,14 @@
                 :disable="props.row.username === logged_in_user"
               />
             </q-td>
+            <q-td>
+              <q-chip
+                v-if="props.row.social_accounts.length > 0"
+                color="primary"
+                dense
+                >SSO</q-chip
+              >
+            </q-td>
             <q-td>{{ props.row.username }}</q-td>
             <q-td>{{ props.row.first_name }} {{ props.row.last_name }}</q-td>
             <q-td>{{ props.row.email }}</q-td>
@@ -242,6 +254,13 @@ export default {
           field: "is_active",
           align: "left",
         },
+        {
+          name: "sso",
+          label: "",
+          field: "sso",
+          align: "left",
+          sortable: true,
+        },
         {
           name: "username",
           label: "Username",
diff --git a/src/ee/sso/api/sso.ts b/src/ee/sso/api/sso.ts
index 9ae88e02..c52d30ae 100644
--- a/src/ee/sso/api/sso.ts
+++ b/src/ee/sso/api/sso.ts
@@ -3,7 +3,7 @@ import { getCookie } from "@/ee/sso/utils/cookies";
 import { getBaseUrl } from "@/boot/axios";
 import { useStorage } from "@vueuse/core";
 
-import type { SSOProvider, SSOSettings } from "@/ee/sso/types/sso";
+import type { SSOAccount, SSOProvider, SSOSettings } from "@/ee/sso/types/sso";
 
 const baseUrl = "accounts";
 
@@ -81,6 +81,16 @@ export async function getSSOProviderToken() {
   return data;
 }
 
+export async function disconnectSSOAccount(
+  provider: string,
+  account: string,
+): Promise<SSOAccount> {
+  const { data } = await axios.delete(`${baseUrl}/ssoproviders/account/`, {
+    data: { provider, account },
+  });
+  return data;
+}
+
 // allauth
 const allauthBase = "_allauth/browser/v1";
 
@@ -108,31 +118,14 @@ export interface SSOConfigResponse {
 export async function getSSOConfig(): Promise<
   AllAuthResponse<SSOConfigResponse>
 > {
-  const { data } = await axios.get(`${allauthBase}/config`);
-  return data;
-}
-
-export interface SSOAccountsResponse {
-  uid: string;
-  display: string;
-  provider: SSOProviderConfig;
-}
-
-export async function disconnectSSOAccount(
-  provider: string,
-  account: string,
-): Promise<AllAuthResponse<SSOAccountsResponse[]>> {
-  const { data } = await axios.delete(`${allauthBase}/account/providers`, {
-    data: { provider, account },
-    headers: { "X-CSRFToken": getCSRFToken() },
-  });
+  const { data } = await axios.get(`${allauthBase}/config/`);
   return data;
 }
 
 export async function openSSOProviderRedirect(id: string) {
   //save provider to local storage
   useStorage("provider_id", id);
-  postForm(`${getBaseUrl()}/${allauthBase}/auth/provider/redirect`, {
+  postForm(`${getBaseUrl()}/${allauthBase}/auth/provider/redirect/`, {
     provider: id,
     process: "login",
     callback_url: `${location.origin}/account/provider/callback`,
diff --git a/src/ee/sso/components/SSOAccountsTable.vue b/src/ee/sso/components/SSOAccountsTable.vue
index 565a0970..ccadc4ec 100644
--- a/src/ee/sso/components/SSOAccountsTable.vue
+++ b/src/ee/sso/components/SSOAccountsTable.vue
@@ -119,7 +119,8 @@ const loading = ref(false);
 
 function removeSSOAccount(account: SSOAccount) {
   $q.dialog({
-    title: `Disconnect social account: ${account.display}? If you are signed in with this account you will be logged off`,
+    title: `Disconnect social account: ${account.display}?`,
+    message: "If you are signed in with this account you will be logged off",
     cancel: true,
     ok: { label: "Delete", color: "negative" },
   }).onOk(async () => {
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index 192fa07a..9443caa1 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -74,6 +74,19 @@ For details, see: https://license.tacticalrmm.com/ee
 
               <q-separator></q-separator>
 
+              <q-item
+                clickable
+                v-close-popup
+                @click="getCallbackURL(props.row)"
+              >
+                <q-item-section side>
+                  <q-icon name="description" />
+                </q-item-section>
+                <q-item-section>Copy Callback URL</q-item-section>
+              </q-item>
+
+              <q-separator></q-separator>
+
               <q-item clickable v-close-popup>
                 <q-item-section>Close</q-item-section>
               </q-item>
@@ -103,10 +116,11 @@ For details, see: https://license.tacticalrmm.com/ee
 <script setup lang="ts">
 // composition imports
 import { ref, onMounted } from "vue";
-import { QTableColumn, useQuasar } from "quasar";
+import { QTableColumn, useQuasar, copyToClipboard } from "quasar";
 import { fetchSSOProviders, removeSSOProvider } from "@/ee/sso/api/sso";
 import { notifySuccess } from "@/utils/notify";
 import { truncateText } from "@/utils/format";
+import { getBaseUrl } from "@/boot/axios";
 
 // ui imports
 import SSOProvidersForm from "@/ee/sso/components/SSOProvidersForm.vue";
@@ -119,7 +133,6 @@ import SSOSettings from "@/ee/sso/components/SSOSettings.vue";
 const $q = useQuasar();
 
 const loading = ref(false);
-
 const providers = ref([] as SSOProvider[]);
 
 const columns: QTableColumn[] = [
@@ -189,6 +202,14 @@ function deleteSSOProvider(provider: SSOProvider) {
   });
 }
 
+function getCallbackURL(provider: SSOProvider) {
+  copyToClipboard(
+    `${getBaseUrl()}/accounts/oidc/${provider.provider_id}/login/callback/`,
+  ).then(() => {
+    notifySuccess("Callback URL copied!");
+  });
+}
+
 function openSSOSettings() {
   $q.dialog({
     component: SSOSettings,

From 8aab8406339165ab222b4df78683686f4ab0ea19 Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Tue, 22 Oct 2024 12:14:32 -0400
Subject: [PATCH 11/36] change secret field to password and allow toggling
 visibility

---
 src/ee/sso/components/SSOProvidersForm.vue | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/ee/sso/components/SSOProvidersForm.vue b/src/ee/sso/components/SSOProvidersForm.vue
index 9a0e77fa..050c903d 100644
--- a/src/ee/sso/components/SSOProvidersForm.vue
+++ b/src/ee/sso/components/SSOProvidersForm.vue
@@ -52,12 +52,22 @@ For details, see: https://license.tacticalrmm.com/ee
       <!-- secret -->
       <q-card-section>
         <q-input
+          v-model="localProvider.secret"
+          filled
+          :type="hideSecret ? 'password' : 'text'"
           label="Secret"
           outlined
           dense
-          v-model="localProvider.secret"
           :rules="[(val) => !!val || '*Required']"
-        />
+        >
+          <template v-slot:append>
+            <q-icon
+              :name="hideSecret ? 'visibility_off' : 'visibility'"
+              class="cursor-pointer"
+              @click="hideSecret = !hideSecret"
+            />
+          </template>
+        </q-input>
       </q-card-section>
 
       <q-card-section>
@@ -113,6 +123,7 @@ const loading = ref(false);
 
 const { roleOptions } = useRoleDropdown({ onMount: true });
 
+const hideSecret = ref(true);
 const localProvider: SSOProvider = props.provider
   ? reactive(extend({}, props.provider))
   : reactive({

From 3ce67b07014af1afb080a78b0d53ddd393d5f177 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 25 Oct 2024 19:21:43 +0000
Subject: [PATCH 12/36] remove debug

---
 src/composables/accounts.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/composables/accounts.js b/src/composables/accounts.js
index 210eb072..5856a2af 100644
--- a/src/composables/accounts.js
+++ b/src/composables/accounts.js
@@ -49,7 +49,6 @@ export function useRoleDropdown(opts = {}) {
   const roleOptions = ref([]);
   async function getRoleOptions() {
     const roles = await fetchRoles();
-    console.log(roles);
     roleOptions.value = roles.map((role) => ({
       value: role.id,
       label: role.name,

From 79d02060ef82549edababf84b1174ff760e423f8 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 25 Oct 2024 19:24:17 +0000
Subject: [PATCH 13/36] style sso login

---
 src/views/LoginView.vue | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/views/LoginView.vue b/src/views/LoginView.vue
index 6ed50880..aeb3a776 100644
--- a/src/views/LoginView.vue
+++ b/src/views/LoginView.vue
@@ -50,9 +50,21 @@
             </q-form>
           </q-card-section>
 
-          <q-card-section v-if="ssoProviders.length > 0">
-            <q-list dense v-for="provider in ssoProviders" :key="provider.id">
-              <q-item @click="openSSOProviderRedirect(provider.id)" clickable>
+          <q-card-section v-if="ssoProviders?.length > 0">
+            <div class="text-h6 text-center q-mb-md">Log in with SSO</div>
+            <q-separator />
+
+            <q-list dense bordered class="q-pa-sm">
+              <q-item
+                v-for="provider in ssoProviders"
+                :key="provider.id"
+                @click="openSSOProviderRedirect(provider.id)"
+                clickable
+                class="q-pa-xs hover-bg"
+              >
+                <q-item-section avatar>
+                  <q-icon name="vpn_key" size="sm" class="text-primary" />
+                </q-item-section>
                 <q-item-section>
                   <q-item-label>{{ provider.name }}</q-item-label>
                 </q-item-section>
@@ -154,8 +166,12 @@ async function onSubmit() {
 }
 
 onMounted(async () => {
-  const result = await getSSOConfig();
-  ssoProviders.value = result.data.socialaccount.providers;
+  try {
+    const result = await getSSOConfig();
+    ssoProviders.value = result.data.socialaccount.providers;
+  } catch (e) {
+    console.error(e);
+  }
 });
 </script>
 

From c1cd6114de5f716852e52a655feba746bf8295c3 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 25 Oct 2024 19:25:36 +0000
Subject: [PATCH 14/36] add disable and hint to sso form

---
 src/ee/sso/components/SSOProvidersForm.vue | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/ee/sso/components/SSOProvidersForm.vue b/src/ee/sso/components/SSOProvidersForm.vue
index 050c903d..5a2b01c2 100644
--- a/src/ee/sso/components/SSOProvidersForm.vue
+++ b/src/ee/sso/components/SSOProvidersForm.vue
@@ -19,6 +19,7 @@ For details, see: https://license.tacticalrmm.com/ee
       <q-card-section>
         <q-input
           :readonly="!!props.provider"
+          :disable="!!props.provider"
           label="Name"
           outlined
           dense
@@ -80,6 +81,7 @@ For details, see: https://license.tacticalrmm.com/ee
           mapOptions
           filled
           v-model="localProvider.role"
+          hint="The role to assign the user on first sign-in"
         />
       </q-card-section>
 

From fada3c2ed762068c8b18900b6ab13259a2d9bc8c Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 25 Oct 2024 19:26:20 +0000
Subject: [PATCH 15/36] also add column for copying callback url

---
 src/ee/sso/components/SSOProvidersTable.vue | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index 9443caa1..fae694dd 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -38,7 +38,7 @@ For details, see: https://license.tacticalrmm.com/ee
           label="SSO Settings"
           no-caps
           color="primary"
-          size="sm"
+          size="md"
         />
       </template>
       <!-- body slots -->
@@ -107,6 +107,15 @@ For details, see: https://license.tacticalrmm.com/ee
             {{ truncateText(props.row.client_id, 35) }}
             <q-tooltip>{{ props.row.client_id }}</q-tooltip>
           </q-td>
+          <q-td>
+            <q-icon
+              size="sm"
+              name="content_copy"
+              @click="getCallbackURL(props.row)"
+            >
+              <q-tooltip>Copy Callback URL to Clipboard</q-tooltip>
+            </q-icon>
+          </q-td>
         </q-tr>
       </template>
     </q-table>
@@ -157,6 +166,12 @@ const columns: QTableColumn[] = [
     align: "left",
     sortable: true,
   },
+  {
+    name: "callback_url",
+    label: "Callback URL",
+    align: "left",
+    sortable: false,
+  },
 ];
 
 async function getSSOProviders() {

From 16b9bf1529c7d7b9b59003a1993b8386938b5cd3 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Mon, 28 Oct 2024 21:26:14 +0000
Subject: [PATCH 16/36] fix run on server missing for posix

---
 src/components/modals/agents/RunScript.vue | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/components/modals/agents/RunScript.vue b/src/components/modals/agents/RunScript.vue
index 2478ee0f..1272c2a1 100644
--- a/src/components/modals/agents/RunScript.vue
+++ b/src/components/modals/agents/RunScript.vue
@@ -140,9 +140,9 @@
           />
           <q-checkbox v-model="state.save_all_output" label="Save all output" />
         </q-card-section>
-        <q-card-section v-if="agent.plat === 'windows'">
+        <q-card-section>
           <q-checkbox
-            v-if="!state.run_on_server"
+            v-if="agent.plat === 'windows' && !state.run_on_server"
             v-model="state.run_as_user"
             label="Run As User"
           >

From 54207d1c0f241f791df4324942985a4b5735930c Mon Sep 17 00:00:00 2001
From: sadnub <josh@torchlake.com>
Date: Tue, 29 Oct 2024 11:18:27 -0400
Subject: [PATCH 17/36] disable certain UI elements if block_local_user_local
 is enabled

---
 src/components/AdminManager.vue               | 16 ++++---------
 .../modals/coresettings/EditCoreSettings.vue  | 10 +++++++-
 src/ee/sso/api/sso.ts                         |  6 +++++
 src/ee/sso/components/SSOProvidersTable.vue   |  6 +++++
 src/ee/sso/components/SSOSettings.vue         | 23 +++++++++----------
 src/layouts/MainLayout.vue                    |  5 +++-
 src/store/index.js                            |  9 ++++++++
 7 files changed, 49 insertions(+), 26 deletions(-)

diff --git a/src/components/AdminManager.vue b/src/components/AdminManager.vue
index 029a1502..202563e4 100644
--- a/src/components/AdminManager.vue
+++ b/src/components/AdminManager.vue
@@ -187,10 +187,9 @@
 
 <script>
 import mixins from "@/mixins/mixins";
-import { computed, onMounted, ref } from "vue";
+import { computed } from "vue";
 import { useStore } from "vuex";
 import { useQuasar } from "quasar";
-import { fetchCoreSettings } from "@/api/core";
 
 import { mapState as piniaMapState } from "pinia";
 import { useAuthStore } from "@/stores/auth";
@@ -206,11 +205,12 @@ export default {
     // setup vuex
     const store = useStore();
     const formatDate = computed(() => store.getters.formatDate);
+    const localLogonDisabled = computed(
+      () => store.state.block_local_user_logon,
+    );
 
     const $q = useQuasar();
 
-    const localLogonDisabled = ref(false);
-
     function showSSOAccounts(user) {
       $q.dialog({
         component: SSOAccountsTable,
@@ -220,12 +220,6 @@ export default {
       });
     }
 
-    async function getCoreSettings() {
-      const result = await fetchCoreSettings();
-
-      localLogonDisabled.value = result.block_local_user_logon;
-    }
-
     async function showSessions(user) {
       $q.dialog({
         component: UserSessionsTable,
@@ -235,8 +229,6 @@ export default {
       });
     }
 
-    onMounted(getCoreSettings);
-
     return {
       localLogonDisabled,
       formatDate,
diff --git a/src/components/modals/coresettings/EditCoreSettings.vue b/src/components/modals/coresettings/EditCoreSettings.vue
index d31e4dd6..d92028f4 100644
--- a/src/components/modals/coresettings/EditCoreSettings.vue
+++ b/src/components/modals/coresettings/EditCoreSettings.vue
@@ -691,7 +691,8 @@
               v-show="
                 tab !== 'customfields' &&
                 tab !== 'keystore' &&
-                tab !== 'urlactions'
+                tab !== 'urlactions' &&
+                tab !== 'sso'
               "
               label="Save"
               color="primary"
@@ -774,6 +775,13 @@ export default {
       return this.$store.state.hosted;
     },
   },
+  watch: {
+    tab(newTab, oldTab) {
+      if (oldTab === "sso") {
+        this.getCoreSettings();
+      }
+    },
+  },
   methods: {
     openURL(url) {
       openURL(url);
diff --git a/src/ee/sso/api/sso.ts b/src/ee/sso/api/sso.ts
index c52d30ae..3d140136 100644
--- a/src/ee/sso/api/sso.ts
+++ b/src/ee/sso/api/sso.ts
@@ -1,3 +1,9 @@
+/*
+Copyright (c) 2023-present Amidaware Inc.
+This file is subject to the EE License Agreement.
+For details, see: https://license.tacticalrmm.com/ee
+*/
+
 import axios from "axios";
 import { getCookie } from "@/ee/sso/utils/cookies";
 import { getBaseUrl } from "@/boot/axios";
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index fae694dd..e4733097 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -125,6 +125,7 @@ For details, see: https://license.tacticalrmm.com/ee
 <script setup lang="ts">
 // composition imports
 import { ref, onMounted } from "vue";
+import { useStore } from "vuex";
 import { QTableColumn, useQuasar, copyToClipboard } from "quasar";
 import { fetchSSOProviders, removeSSOProvider } from "@/ee/sso/api/sso";
 import { notifySuccess } from "@/utils/notify";
@@ -141,6 +142,9 @@ import SSOSettings from "@/ee/sso/components/SSOSettings.vue";
 // setup quasar
 const $q = useQuasar();
 
+// setup vuew store
+const store = useStore();
+
 const loading = ref(false);
 const providers = ref([] as SSOProvider[]);
 
@@ -228,6 +232,8 @@ function getCallbackURL(provider: SSOProvider) {
 function openSSOSettings() {
   $q.dialog({
     component: SSOSettings,
+  }).onOk((ssoSettings: SSOSettings) => {
+    store.commit("setBlockLocalUserLogon", ssoSettings.block_local_user_logon);
   });
 }
 
diff --git a/src/ee/sso/components/SSOSettings.vue b/src/ee/sso/components/SSOSettings.vue
index 4a4e3c80..681a9b2c 100644
--- a/src/ee/sso/components/SSOSettings.vue
+++ b/src/ee/sso/components/SSOSettings.vue
@@ -66,15 +66,6 @@ const { dialogRef, onDialogHide, onDialogOK } = useDialogPluginComponent();
 const ssoSettings = ref({} as SSOSettings);
 const loading = ref(false);
 
-// watcher to disable block local login if sso is disabled
-watch(
-  () => ssoSettings.value.sso_enabled,
-  (newValue) => {
-    if (newValue) {
-      ssoSettings.value.block_local_user_logon = false;
-    }
-  },
-);
 async function getSSOSettings() {
   loading.value = true;
   try {
@@ -88,10 +79,9 @@ async function getSSOSettings() {
 async function submit() {
   loading.value = true;
   try {
-    ssoSettings.value = await updateSSOSettings(ssoSettings.value);
-    await getSSOSettings();
+    await updateSSOSettings(ssoSettings.value);
     notifySuccess("Settings updated successfully");
-    onDialogOK();
+    onDialogOK(ssoSettings.value);
   } catch (e) {
     console.error(e);
   }
@@ -100,5 +90,14 @@ async function submit() {
 
 onMounted(async () => {
   await getSSOSettings();
+  // watcher to disable block local login if sso is disabled
+  watch(
+    () => ssoSettings.value.sso_enabled,
+    (newValue) => {
+      if (newValue) {
+        ssoSettings.value.block_local_user_logon = false;
+      }
+    },
+  );
 });
 </script>
diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index 6d3a3b3b..23f61b16 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -169,7 +169,7 @@
                 <q-item-label>Preferences</q-item-label>
               </q-item-section>
             </q-item>
-            <q-item clickable>
+            <q-item clickable v-if="!block_local_user_logon">
               <q-item-section>Account</q-item-section>
               <q-item-section side>
                 <q-icon name="keyboard_arrow_right" />
@@ -259,6 +259,9 @@ const hosted = computed(() => store.state.hosted);
 const tokenExpired = computed(() => store.state.tokenExpired);
 const dash_warning_color = computed(() => store.state.dash_warning_color);
 const dash_negative_color = computed(() => store.state.dash_negative_color);
+const block_local_user_logon = computed(
+  () => store.state.block_local_user_logon,
+);
 
 const latestReleaseURL = computed(() => {
   return latestTRMMVersion.value
diff --git a/src/store/index.js b/src/store/index.js
index 16b8bdbe..20c3fa8d 100644
--- a/src/store/index.js
+++ b/src/store/index.js
@@ -43,6 +43,8 @@ export default function () {
         },
         server_scripts_enabled: true,
         web_terminal_enabled: true,
+        sso_enabled: false,
+        block_local_user_logon: false,
       };
     },
     getters: {
@@ -159,6 +161,12 @@ export default function () {
       setWebTerminalEnabled(state, obj) {
         state.web_terminal_enabled = obj;
       },
+      setSSOEnabled(state, obj) {
+        state.sso_enabled = obj;
+      },
+      setBlockLocalUserLogon(state, obj) {
+        state.block_local_user_logon = obj;
+      },
     },
     actions: {
       setClientTreeSplitter(context, val) {
@@ -245,6 +253,7 @@ export default function () {
         commit("setRunCmdPlaceholders", data.run_cmd_placeholder_text);
         commit("setServerScriptsEnabled", data.server_scripts_enabled);
         commit("setWebTerminalEnabled", data.web_terminal_enabled);
+        commit("setBlockLocalUserLogon", data.block_local_user_logon);
 
         if (data?.date_format !== "") commit("setDateFormat", data.date_format);
         else commit("setDateFormat", data.default_date_format);

From 02eeea50e335ec1b8680e9f8197e78107f98e9e3 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Thu, 31 Oct 2024 20:46:33 +0000
Subject: [PATCH 18/36] rename type to avoid naming conflict with component

---
 src/ee/sso/api/sso.ts                       | 10 +++++++---
 src/ee/sso/components/SSOProvidersTable.vue |  4 ++--
 src/ee/sso/components/SSOSettings.vue       |  4 ++--
 src/ee/sso/types/sso.ts                     |  2 +-
 4 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/ee/sso/api/sso.ts b/src/ee/sso/api/sso.ts
index 3d140136..3da0d4a8 100644
--- a/src/ee/sso/api/sso.ts
+++ b/src/ee/sso/api/sso.ts
@@ -9,7 +9,11 @@ import { getCookie } from "@/ee/sso/utils/cookies";
 import { getBaseUrl } from "@/boot/axios";
 import { useStorage } from "@vueuse/core";
 
-import type { SSOAccount, SSOProvider, SSOSettings } from "@/ee/sso/types/sso";
+import type {
+  SSOAccount,
+  SSOProvider,
+  SSOSettingsType,
+} from "@/ee/sso/types/sso";
 
 const baseUrl = "accounts";
 
@@ -63,12 +67,12 @@ export async function removeSSOProvider(id: number) {
   return data;
 }
 
-export async function fetchSSOSettings(): Promise<SSOSettings> {
+export async function fetchSSOSettings(): Promise<SSOSettingsType> {
   const { data } = await axios.get(`${baseUrl}/ssoproviders/settings/`);
   return data;
 }
 
-export async function updateSSOSettings(settings: SSOSettings) {
+export async function updateSSOSettings(settings: SSOSettingsType) {
   const { data } = await axios.post(
     `${baseUrl}/ssoproviders/settings/`,
     settings,
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index e4733097..abaf7d19 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -136,7 +136,7 @@ import { getBaseUrl } from "@/boot/axios";
 import SSOProvidersForm from "@/ee/sso/components/SSOProvidersForm.vue";
 
 // types
-import { type SSOProvider } from "@/ee/sso/types/sso";
+import { type SSOProvider, SSOSettingsType } from "@/ee/sso/types/sso";
 import SSOSettings from "@/ee/sso/components/SSOSettings.vue";
 
 // setup quasar
@@ -232,7 +232,7 @@ function getCallbackURL(provider: SSOProvider) {
 function openSSOSettings() {
   $q.dialog({
     component: SSOSettings,
-  }).onOk((ssoSettings: SSOSettings) => {
+  }).onOk((ssoSettings: SSOSettingsType) => {
     store.commit("setBlockLocalUserLogon", ssoSettings.block_local_user_logon);
   });
 }
diff --git a/src/ee/sso/components/SSOSettings.vue b/src/ee/sso/components/SSOSettings.vue
index 681a9b2c..60d26ac8 100644
--- a/src/ee/sso/components/SSOSettings.vue
+++ b/src/ee/sso/components/SSOSettings.vue
@@ -56,14 +56,14 @@ import { notifySuccess } from "@/utils/notify";
 import { fetchSSOSettings, updateSSOSettings } from "@/ee/sso/api/sso";
 
 // types
-import { SSOSettings } from "../types/sso";
+import { SSOSettingsType } from "../types/sso";
 
 // define emits
 defineEmits([...useDialogPluginComponent.emits]);
 
 const { dialogRef, onDialogHide, onDialogOK } = useDialogPluginComponent();
 
-const ssoSettings = ref({} as SSOSettings);
+const ssoSettings = ref({} as SSOSettingsType);
 const loading = ref(false);
 
 async function getSSOSettings() {
diff --git a/src/ee/sso/types/sso.ts b/src/ee/sso/types/sso.ts
index a8604372..66fbdac0 100644
--- a/src/ee/sso/types/sso.ts
+++ b/src/ee/sso/types/sso.ts
@@ -27,7 +27,7 @@ export interface SSOUser extends User {
   social_accounts: SSOAccount[];
 }
 
-export interface SSOSettings {
+export interface SSOSettingsType {
   sso_enabled: boolean;
   block_local_user_logon: boolean;
 }

From 4270fd0d193f3f61a4ad5848b47aa48b72912a38 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Thu, 31 Oct 2024 21:14:44 +0000
Subject: [PATCH 19/36] fix logic

---
 src/ee/sso/components/SSOSettings.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ee/sso/components/SSOSettings.vue b/src/ee/sso/components/SSOSettings.vue
index 60d26ac8..9688e34c 100644
--- a/src/ee/sso/components/SSOSettings.vue
+++ b/src/ee/sso/components/SSOSettings.vue
@@ -94,7 +94,7 @@ onMounted(async () => {
   watch(
     () => ssoSettings.value.sso_enabled,
     (newValue) => {
-      if (newValue) {
+      if (!newValue) {
         ssoSettings.value.block_local_user_logon = false;
       }
     },

From 583f57f2af80eea9de467198394deffd098c2426 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 1 Nov 2024 17:49:09 +0000
Subject: [PATCH 20/36] add sso

---
 src/ee/LICENSE.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ee/LICENSE.md b/src/ee/LICENSE.md
index fb1889a3..20510d55 100644
--- a/src/ee/LICENSE.md
+++ b/src/ee/LICENSE.md
@@ -4,7 +4,7 @@ Copyright (c) 2023 Amidaware Inc. All rights reserved.
 
 This Agreement is entered into between the licensee ("You" or the "Licensee") and Amidaware Inc. ("Amidaware") and governs the use of the enterprise features of the Tactical RMM Software (hereinafter referred to as the "Software").
 
-The EE features of the Software, including but not limited to Reporting and White-labeling, are exclusively contained within directories named "ee," "enterprise," or "premium" in Amidaware's repositories, or in any files bearing the EE License header. The use of the Software is also governed by the terms and conditions set forth in the Tactical RMM License, available at https://license.tacticalrmm.com, which terms are incorporated herein by reference.
+The EE features of the Software, including but not limited to SSO (Single Sign-On), Reporting and White-labeling, are exclusively contained within directories named "ee," "enterprise," or "premium" in Amidaware's repositories, or in any files bearing the EE License header. The use of the Software is also governed by the terms and conditions set forth in the Tactical RMM License, available at https://license.tacticalrmm.com, which terms are incorporated herein by reference.
 
 ## License Grant
 

From 6f6d98fae218571a8fb927b8382016c316e259f0 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 1 Nov 2024 17:52:59 +0000
Subject: [PATCH 21/36] set provider icon from api

---
 src/views/LoginView.vue | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/views/LoginView.vue b/src/views/LoginView.vue
index aeb3a776..27285b0a 100644
--- a/src/views/LoginView.vue
+++ b/src/views/LoginView.vue
@@ -63,7 +63,11 @@
                 class="q-pa-xs hover-bg"
               >
                 <q-item-section avatar>
-                  <q-icon name="vpn_key" size="sm" class="text-primary" />
+                  <q-icon
+                    :name="provider.icon ?? 'mdi-key'"
+                    size="sm"
+                    class="text-primary"
+                  />
                 </q-item-section>
                 <q-item-section>
                   <q-item-label>{{ provider.name }}</q-item-label>

From 237b097684b95a0da96d353096be1db48034ca86 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 1 Nov 2024 18:29:19 +0000
Subject: [PATCH 22/36] return error from backend instead if local login
 disabled rather than not displaying at all in UI

---
 src/layouts/MainLayout.vue | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index 23f61b16..6d3a3b3b 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -169,7 +169,7 @@
                 <q-item-label>Preferences</q-item-label>
               </q-item-section>
             </q-item>
-            <q-item clickable v-if="!block_local_user_logon">
+            <q-item clickable>
               <q-item-section>Account</q-item-section>
               <q-item-section side>
                 <q-icon name="keyboard_arrow_right" />
@@ -259,9 +259,6 @@ const hosted = computed(() => store.state.hosted);
 const tokenExpired = computed(() => store.state.tokenExpired);
 const dash_warning_color = computed(() => store.state.dash_warning_color);
 const dash_negative_color = computed(() => store.state.dash_negative_color);
-const block_local_user_logon = computed(
-  () => store.state.block_local_user_logon,
-);
 
 const latestReleaseURL = computed(() => {
   return latestTRMMVersion.value

From ec5ef65911772a39ce384697079352e76e330ade Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 1 Nov 2024 18:29:49 +0000
Subject: [PATCH 23/36] don't allow SSO reset from UI

---
 src/components/AdminManager.vue | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/components/AdminManager.vue b/src/components/AdminManager.vue
index 202563e4..471a110d 100644
--- a/src/components/AdminManager.vue
+++ b/src/components/AdminManager.vue
@@ -98,7 +98,7 @@
                   v-close-popup
                   @click="ResetPassword(props.row)"
                   id="context-reset"
-                  :disable="localLogonDisabled"
+                  :disable="props.row.social_accounts.length !== 0"
                 >
                   <q-item-section side>
                     <q-icon name="autorenew" />
@@ -111,7 +111,7 @@
                   v-close-popup
                   @click="reset2FA(props.row)"
                   id="context-reset"
-                  :disable="localLogonDisabled"
+                  :disable="props.row.social_accounts.length !== 0"
                 >
                   <q-item-section side>
                     <q-icon name="autorenew" />
@@ -205,9 +205,6 @@ export default {
     // setup vuex
     const store = useStore();
     const formatDate = computed(() => store.getters.formatDate);
-    const localLogonDisabled = computed(
-      () => store.state.block_local_user_logon,
-    );
 
     const $q = useQuasar();
 
@@ -230,7 +227,6 @@ export default {
     }
 
     return {
-      localLogonDisabled,
       formatDate,
       showSSOAccounts,
       showSessions,

From 2690e9daeff1e382566ee33baa0b96f8bf967b1c Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Mon, 4 Nov 2024 20:33:19 +0000
Subject: [PATCH 24/36] add descriptive wording

---
 .../modals/coresettings/EditCoreSettings.vue  |  2 +-
 src/ee/sso/components/SSOProvidersForm.vue    | 21 +++++++----
 src/ee/sso/components/SSOProvidersTable.vue   | 35 +++++++++++++++----
 src/ee/sso/components/SSOSettings.vue         | 15 ++++++--
 4 files changed, 56 insertions(+), 17 deletions(-)

diff --git a/src/components/modals/coresettings/EditCoreSettings.vue b/src/components/modals/coresettings/EditCoreSettings.vue
index d92028f4..16ab5fb1 100644
--- a/src/components/modals/coresettings/EditCoreSettings.vue
+++ b/src/components/modals/coresettings/EditCoreSettings.vue
@@ -13,7 +13,7 @@
           <q-tab name="webhooks" label="Web Hooks" />
           <q-tab name="retention" label="Retention" />
           <q-tab name="apikeys" label="API Keys" />
-          <q-tab name="sso" label="SSO Integration" />
+          <q-tab name="sso" label="Single Sign-On" />
           <!-- <q-tab name="openai" label="Open AI" /> -->
         </q-tabs>
       </template>
diff --git a/src/ee/sso/components/SSOProvidersForm.vue b/src/ee/sso/components/SSOProvidersForm.vue
index 5a2b01c2..cff16f49 100644
--- a/src/ee/sso/components/SSOProvidersForm.vue
+++ b/src/ee/sso/components/SSOProvidersForm.vue
@@ -6,9 +6,9 @@ For details, see: https://license.tacticalrmm.com/ee
 
 <template>
   <q-dialog ref="dialogRef" @hide="onDialogHide">
-    <q-card class="q-dialog-plugin" style="width: 50">
+    <q-card class="q-dialog-plugin" style="width: 35vw; max-width: 35vw">
       <q-bar>
-        {{ props.provider ? "Edit SSO Provider" : "Add SSO Provider" }}
+        {{ props.provider ? "Edit OIDC Provider" : "Add OIDC Provider" }}
         <q-space />
         <q-btn dense flat icon="close" v-close-popup>
           <q-tooltip class="bg-white text-primary">Close</q-tooltip>
@@ -20,22 +20,29 @@ For details, see: https://license.tacticalrmm.com/ee
         <q-input
           :readonly="!!props.provider"
           :disable="!!props.provider"
-          label="Name"
+          label="Provider Name"
           outlined
           dense
           v-model="localProvider.name"
-          :rules="[(val) => !!val || '*Required']"
+          :rules="[
+            (val) => !!val || '*Required',
+            (val) =>
+              /^[a-zA-Z0-9_-]+$/.test(val) ||
+              'Only letters, numbers, hyphens, and underscores are allowed',
+          ]"
+          hint="A unique identifier for the SSO provider. Avoid spaces and special characters, as this will be part of the callback URL."
         />
       </q-card-section>
 
       <!-- url -->
       <q-card-section>
         <q-input
-          label="Server URL"
+          label="Issuer URL"
           outlined
           dense
           v-model="localProvider.server_url"
           :rules="[(val) => !!val || '*Required']"
+          hint="The OpenID Connect Issuer URL provided by the SSO provider. This is typically the base URL where the provider hosts their OIDC configuration."
         />
       </q-card-section>
 
@@ -73,7 +80,7 @@ For details, see: https://license.tacticalrmm.com/ee
 
       <q-card-section>
         <tactical-dropdown
-          label="Default Role"
+          label="Default User Role"
           :options="roleOptions"
           outlined
           dense
@@ -81,7 +88,7 @@ For details, see: https://license.tacticalrmm.com/ee
           mapOptions
           filled
           v-model="localProvider.role"
-          hint="The role to assign the user on first sign-in"
+          hint="The role assigned to users upon first sign-in through this provider."
         />
       </q-card-section>
 
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index abaf7d19..1dae7ae5 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -14,9 +14,14 @@ For details, see: https://license.tacticalrmm.com/ee
         color="grey-5"
         icon="fas fa-plus"
         text-color="black"
-        label="Add SSO Provider"
+        label="Add OIDC Provider"
         @click="addSSOProvider"
-      />
+        :disable="!ssoSettings.sso_enabled"
+      >
+        <q-tooltip v-if="!ssoSettings.sso_enabled" class="text-caption"
+          >Enable SSO in the settings to allow adding a provider.</q-tooltip
+        >
+      </q-btn>
     </div>
     <q-separator />
     <q-table
@@ -29,7 +34,7 @@ For details, see: https://license.tacticalrmm.com/ee
       hide-pagination
       virtual-scroll
       :rows-per-page-options="[0]"
-      no-data-label="No SSO Providers added yet"
+      no-data-label="No OIDC Providers added yet"
       :loading="loading"
     >
       <template v-slot:top>
@@ -127,7 +132,11 @@ For details, see: https://license.tacticalrmm.com/ee
 import { ref, onMounted } from "vue";
 import { useStore } from "vuex";
 import { QTableColumn, useQuasar, copyToClipboard } from "quasar";
-import { fetchSSOProviders, removeSSOProvider } from "@/ee/sso/api/sso";
+import {
+  fetchSSOProviders,
+  removeSSOProvider,
+  fetchSSOSettings,
+} from "@/ee/sso/api/sso";
 import { notifySuccess } from "@/utils/notify";
 import { truncateText } from "@/utils/format";
 import { getBaseUrl } from "@/boot/axios";
@@ -147,6 +156,7 @@ const store = useStore();
 
 const loading = ref(false);
 const providers = ref([] as SSOProvider[]);
+const ssoSettings = ref({} as SSOSettingsType);
 
 const columns: QTableColumn[] = [
   {
@@ -178,6 +188,14 @@ const columns: QTableColumn[] = [
   },
 ];
 
+async function getSSOSettings() {
+  try {
+    ssoSettings.value = await fetchSSOSettings();
+  } catch (e) {
+    console.error(e);
+  }
+}
+
 async function getSSOProviders() {
   loading.value = true;
   try {
@@ -232,12 +250,17 @@ function getCallbackURL(provider: SSOProvider) {
 function openSSOSettings() {
   $q.dialog({
     component: SSOSettings,
-  }).onOk((ssoSettings: SSOSettingsType) => {
-    store.commit("setBlockLocalUserLogon", ssoSettings.block_local_user_logon);
+  }).onOk((updatedSSOSettings: SSOSettingsType) => {
+    store.commit(
+      "setBlockLocalUserLogon",
+      updatedSSOSettings.block_local_user_logon,
+    );
+    ssoSettings.value = { ...updatedSSOSettings };
   });
 }
 
 onMounted(async () => {
+  await getSSOSettings();
   await getSSOProviders();
 });
 </script>
diff --git a/src/ee/sso/components/SSOSettings.vue b/src/ee/sso/components/SSOSettings.vue
index 9688e34c..15b96028 100644
--- a/src/ee/sso/components/SSOSettings.vue
+++ b/src/ee/sso/components/SSOSettings.vue
@@ -28,10 +28,16 @@ For details, see: https://license.tacticalrmm.com/ee
       <q-card-section>
         <q-checkbox
           dense
-          label="Block Local Logon"
+          label="Block Local User Login"
           v-model="ssoSettings.block_local_user_logon"
           :disable="!ssoSettings.sso_enabled"
-        />
+          hint="When enabled, only users with SSO accounts can log in, with the exception of local superuser accounts."
+        >
+          <q-tooltip class="text-caption"
+            >When enabled, only users with SSO accounts can log in, with the
+            exception of local superuser accounts.</q-tooltip
+          >
+        </q-checkbox>
       </q-card-section>
 
       <q-card-actions align="right">
@@ -52,7 +58,7 @@ For details, see: https://license.tacticalrmm.com/ee
 // composition imports
 import { ref, watch, onMounted } from "vue";
 import { useDialogPluginComponent } from "quasar";
-import { notifySuccess } from "@/utils/notify";
+import { notifySuccess, notifyWarning } from "@/utils/notify";
 import { fetchSSOSettings, updateSSOSettings } from "@/ee/sso/api/sso";
 
 // types
@@ -83,6 +89,9 @@ async function submit() {
     notifySuccess("Settings updated successfully");
     onDialogOK(ssoSettings.value);
   } catch (e) {
+    if (e.status === 423) {
+      notifyWarning(e.response.data, 7000);
+    }
     console.error(e);
   }
   loading.value = false;

From face0994607bf10f41f456a3e76c64f831560df0 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Mon, 4 Nov 2024 22:35:07 +0000
Subject: [PATCH 25/36] urls now sent by backend and add javascript origin url

---
 .../modals/coresettings/EditCoreSettings.vue  |  2 +-
 src/ee/sso/components/SSOProvidersTable.vue   | 51 ++++++++++++++-----
 2 files changed, 40 insertions(+), 13 deletions(-)

diff --git a/src/components/modals/coresettings/EditCoreSettings.vue b/src/components/modals/coresettings/EditCoreSettings.vue
index 16ab5fb1..26009a7d 100644
--- a/src/components/modals/coresettings/EditCoreSettings.vue
+++ b/src/components/modals/coresettings/EditCoreSettings.vue
@@ -13,7 +13,7 @@
           <q-tab name="webhooks" label="Web Hooks" />
           <q-tab name="retention" label="Retention" />
           <q-tab name="apikeys" label="API Keys" />
-          <q-tab name="sso" label="Single Sign-On" />
+          <q-tab name="sso" label="Single Sign-On (SSO)" />
           <!-- <q-tab name="openai" label="Open AI" /> -->
         </q-tabs>
       </template>
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index 1dae7ae5..76dbebcc 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -28,6 +28,7 @@ For details, see: https://license.tacticalrmm.com/ee
       dense
       :rows="providers"
       :columns="columns"
+      :visible-columns="visibleColumns"
       :pagination="{ rowsPerPage: 0, sortBy: 'name', descending: true }"
       row-key="id"
       binary-state-sort
@@ -79,10 +80,11 @@ For details, see: https://license.tacticalrmm.com/ee
 
               <q-separator></q-separator>
 
+              <!-- callback url -->
               <q-item
                 clickable
                 v-close-popup
-                @click="getCallbackURL(props.row)"
+                @click="getCallbackURL(props.row.callback_url)"
               >
                 <q-item-section side>
                   <q-icon name="description" />
@@ -90,6 +92,20 @@ For details, see: https://license.tacticalrmm.com/ee
                 <q-item-section>Copy Callback URL</q-item-section>
               </q-item>
 
+              <!-- javascript origin url (used by google oath) -->
+              <q-item
+                clickable
+                v-close-popup
+                @click="getCallbackURL(props.row.javascript_origin_url)"
+              >
+                <q-item-section side>
+                  <q-icon name="description" />
+                </q-item-section>
+                <q-item-section
+                  >Copy Allowed JavaScript Origin to Clipboard</q-item-section
+                >
+              </q-item>
+
               <q-separator></q-separator>
 
               <q-item clickable v-close-popup>
@@ -99,24 +115,24 @@ For details, see: https://license.tacticalrmm.com/ee
           </q-menu>
           <!-- name -->
           <q-td>
-            {{ truncateText(props.row.name, 35) }}
+            {{ truncateText(props.row.name, 25) }}
             <q-tooltip>{{ props.row.name }}</q-tooltip>
           </q-td>
           <!-- server_url -->
           <q-td>
-            {{ truncateText(props.row.server_url, 35) }}
+            {{ truncateText(props.row.server_url, 20) }}
             <q-tooltip>{{ props.row.server_url }}</q-tooltip>
           </q-td>
           <!-- pattern -->
           <q-td>
-            {{ truncateText(props.row.client_id, 35) }}
+            {{ truncateText(props.row.client_id, 20) }}
             <q-tooltip>{{ props.row.client_id }}</q-tooltip>
           </q-td>
           <q-td>
             <q-icon
               size="sm"
               name="content_copy"
-              @click="getCallbackURL(props.row)"
+              @click="getCallbackURL(props.row.callback_url)"
             >
               <q-tooltip>Copy Callback URL to Clipboard</q-tooltip>
             </q-icon>
@@ -129,7 +145,7 @@ For details, see: https://license.tacticalrmm.com/ee
 
 <script setup lang="ts">
 // composition imports
-import { ref, onMounted } from "vue";
+import { computed, ref, onMounted } from "vue";
 import { useStore } from "vuex";
 import { QTableColumn, useQuasar, copyToClipboard } from "quasar";
 import {
@@ -139,7 +155,6 @@ import {
 } from "@/ee/sso/api/sso";
 import { notifySuccess } from "@/utils/notify";
 import { truncateText } from "@/utils/format";
-import { getBaseUrl } from "@/boot/axios";
 
 // ui imports
 import SSOProvidersForm from "@/ee/sso/components/SSOProvidersForm.vue";
@@ -183,11 +198,25 @@ const columns: QTableColumn[] = [
   {
     name: "callback_url",
     label: "Callback URL",
+    field: "callback_url",
+    align: "left",
+    sortable: false,
+  },
+  {
+    name: "javascript_origin_url",
+    label: "Javascript Origin URL",
+    field: "javascript_origin_url",
     align: "left",
     sortable: false,
   },
 ];
 
+const visibleColumns = computed(() => {
+  return columns
+    .map((column) => column.name)
+    .filter((name) => name !== "javascript_origin_url");
+});
+
 async function getSSOSettings() {
   try {
     ssoSettings.value = await fetchSSOSettings();
@@ -239,11 +268,9 @@ function deleteSSOProvider(provider: SSOProvider) {
   });
 }
 
-function getCallbackURL(provider: SSOProvider) {
-  copyToClipboard(
-    `${getBaseUrl()}/accounts/oidc/${provider.provider_id}/login/callback/`,
-  ).then(() => {
-    notifySuccess("Callback URL copied!");
+function getCallbackURL(url: string) {
+  copyToClipboard(url).then(() => {
+    notifySuccess("URL copied!");
   });
 }
 

From 795ba12f3a2ac8883b876b6f5dd7df0b8ea0c2ee Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Mon, 4 Nov 2024 23:50:02 +0000
Subject: [PATCH 26/36] handle 423

---
 src/boot/axios.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/boot/axios.js b/src/boot/axios.js
index 914ebfd5..05f55d52 100644
--- a/src/boot/axios.js
+++ b/src/boot/axios.js
@@ -75,7 +75,11 @@ export default function ({ app, router }) {
         text = error.response.data.detail;
       }
       // catch all for other 400 error messages
-      else if (error.response.status >= 400 && error.response.status < 500) {
+      else if (
+        error.response.status >= 400 &&
+        error.response.status < 500 &&
+        error.response.status !== 423
+      ) {
         if (error.config.responseType === "blob") {
           text = (await error.response.data.text()).replace(/^"|"$/g, "");
         } else if (error.response.data.non_field_errors) {
@@ -90,7 +94,7 @@ export default function ({ app, router }) {
         }
       }
 
-      if (text || error.response) {
+      if ((text || error.response) && error.response.status !== 423) {
         Notify.create({
           color: "negative",
           message: text ? text : "",

From acaced7122c8fba26869ecd5f2ab05f0f4bd862e Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Tue, 5 Nov 2024 20:26:22 +0000
Subject: [PATCH 27/36] clear the provider id on logout

---
 src/stores/auth.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/stores/auth.ts b/src/stores/auth.ts
index 57db6375..61ec197c 100644
--- a/src/stores/auth.ts
+++ b/src/stores/auth.ts
@@ -31,6 +31,7 @@ export const useAuthStore = defineStore("auth", {
     name: useStorage("name", null),
     token: useStorage("access_token", null),
     ssoLoginProvider: useStorage("sso_provider", null),
+    provider_id: useStorage("provider_id", null),
   }),
   getters: {
     loggedIn: (state) => {
@@ -72,6 +73,7 @@ export const useAuthStore = defineStore("auth", {
       this.username = null;
       this.name = null;
       this.ssoLoginProvider = null;
+      this.provider_id = null;
     },
     async setupTotp(): Promise<TOTPSetupResponse | false> {
       const { data } = await axios.post("/accounts/users/setup_totp/");

From 2583e9ac9eac574330c06234f6dfc219206c57a5 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Wed, 6 Nov 2024 20:45:42 +0000
Subject: [PATCH 28/36] make user admin modal wider

---
 src/components/AdminManager.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/components/AdminManager.vue b/src/components/AdminManager.vue
index 471a110d..e5b82a83 100644
--- a/src/components/AdminManager.vue
+++ b/src/components/AdminManager.vue
@@ -1,5 +1,5 @@
 <template>
-  <q-card style="width: 900px; max-width: 90vw; min-height: 50vh">
+  <q-card style="width: 65vw; max-width: 70vw; min-height: 50vh">
     <q-bar>
       <q-btn
         ref="refresh"

From bb828b5996e5f21a83ed0b63a1bc9c434fdb0d04 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Thu, 7 Nov 2024 21:06:36 +0000
Subject: [PATCH 29/36] add client/site columns to alerts table

---
 src/components/modals/alerts/AlertsOverview.vue | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/components/modals/alerts/AlertsOverview.vue b/src/components/modals/alerts/AlertsOverview.vue
index 5c4b1642..806dff80 100644
--- a/src/components/modals/alerts/AlertsOverview.vue
+++ b/src/components/modals/alerts/AlertsOverview.vue
@@ -249,6 +249,20 @@ export default {
           sortable: true,
           format: (a) => this.formatDate(a),
         },
+        {
+          name: "client",
+          label: "Client",
+          field: "client",
+          align: "left",
+          sortable: true,
+        },
+        {
+          name: "site",
+          label: "Site",
+          field: "site",
+          align: "left",
+          sortable: true,
+        },
         {
           name: "hostname",
           label: "Agent",

From 26ed91cad9ad3f9494e36550e320eb3fc48b5418 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Thu, 7 Nov 2024 22:08:10 +0000
Subject: [PATCH 30/36] update reqs

---
 package-lock.json | 66 +++++++++++++++++++++++------------------------
 package.json      | 12 ++++-----
 2 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 59833595..d2149f80 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6,21 +6,21 @@
   "packages": {
     "": {
       "name": "web",
-      "version": "0.101.48",
+      "version": "0.101.49",
       "dependencies": {
-        "@quasar/extras": "1.16.12",
-        "@vueuse/core": "11.1.0",
-        "@vueuse/integrations": "11.1.0",
-        "@vueuse/shared": "11.1.0",
+        "@quasar/extras": "1.16.13",
+        "@vueuse/core": "11.2.0",
+        "@vueuse/integrations": "11.2.0",
+        "@vueuse/shared": "11.2.0",
         "@xterm/addon-fit": "0.10.0",
         "@xterm/xterm": "5.5.0",
         "apexcharts": "3.54.1",
         "axios": "1.7.7",
         "dotenv": "16.4.5",
         "monaco-editor": "0.50.0",
-        "pinia": "2.2.4",
+        "pinia": "2.2.6",
         "qrcode": "1.5.4",
-        "quasar": "2.17.1",
+        "quasar": "2.17.2",
         "vue": "3.5.12",
         "vue-router": "4.4.5",
         "vue3-apexcharts": "1.7.0",
@@ -972,9 +972,9 @@
       }
     },
     "node_modules/@quasar/extras": {
-      "version": "1.16.12",
-      "resolved": "https://registry.npmjs.org/@quasar/extras/-/extras-1.16.12.tgz",
-      "integrity": "sha512-hLlb3Buxo38Xg/2w0BTkz98RBh/VH8apZ2r6Fl8YpPgrVQ0diHyN/BVTvIOk5Kch2y38L2kvwOIddsB2UcCuIg==",
+      "version": "1.16.13",
+      "resolved": "https://registry.npmjs.org/@quasar/extras/-/extras-1.16.13.tgz",
+      "integrity": "sha512-6QdnYbFYhgeWFAwytUWTDgpP/mcJxydBmgO91cHr9MMTx0GLaVJY6d10m/G/XS9TzMnSsZgqO7kbVHf3Hvml3w==",
       "license": "MIT",
       "funding": {
         "type": "github",
@@ -1606,14 +1606,14 @@
       "license": "MIT"
     },
     "node_modules/@vueuse/core": {
-      "version": "11.1.0",
-      "resolved": "https://registry.npmjs.org/@vueuse/core/-/core-11.1.0.tgz",
-      "integrity": "sha512-P6dk79QYA6sKQnghrUz/1tHi0n9mrb/iO1WTMk/ElLmTyNqgDeSZ3wcDf6fRBGzRJbeG1dxzEOvLENMjr+E3fg==",
+      "version": "11.2.0",
+      "resolved": "https://registry.npmjs.org/@vueuse/core/-/core-11.2.0.tgz",
+      "integrity": "sha512-JIUwRcOqOWzcdu1dGlfW04kaJhW3EXnnjJJfLTtddJanymTL7lF1C0+dVVZ/siLfc73mWn+cGP1PE1PKPruRSA==",
       "license": "MIT",
       "dependencies": {
         "@types/web-bluetooth": "^0.0.20",
-        "@vueuse/metadata": "11.1.0",
-        "@vueuse/shared": "11.1.0",
+        "@vueuse/metadata": "11.2.0",
+        "@vueuse/shared": "11.2.0",
         "vue-demi": ">=0.14.10"
       },
       "funding": {
@@ -1647,13 +1647,13 @@
       }
     },
     "node_modules/@vueuse/integrations": {
-      "version": "11.1.0",
-      "resolved": "https://registry.npmjs.org/@vueuse/integrations/-/integrations-11.1.0.tgz",
-      "integrity": "sha512-O2ZgrAGPy0qAjpoI2YR3egNgyEqwG85fxfwmA9BshRIGjV4G6yu6CfOPpMHAOoCD+UfsIl7Vb1bXJ6ifrHYDDA==",
+      "version": "11.2.0",
+      "resolved": "https://registry.npmjs.org/@vueuse/integrations/-/integrations-11.2.0.tgz",
+      "integrity": "sha512-zGXz3dsxNHKwiD9jPMvR3DAxQEOV6VWIEYTGVSB9PNpk4pTWR+pXrHz9gvXWcP2sTk3W2oqqS6KwWDdntUvNVA==",
       "license": "MIT",
       "dependencies": {
-        "@vueuse/core": "11.1.0",
-        "@vueuse/shared": "11.1.0",
+        "@vueuse/core": "11.2.0",
+        "@vueuse/shared": "11.2.0",
         "vue-demi": ">=0.14.10"
       },
       "funding": {
@@ -1739,18 +1739,18 @@
       }
     },
     "node_modules/@vueuse/metadata": {
-      "version": "11.1.0",
-      "resolved": "https://registry.npmjs.org/@vueuse/metadata/-/metadata-11.1.0.tgz",
-      "integrity": "sha512-l9Q502TBTaPYGanl1G+hPgd3QX5s4CGnpXriVBR5fEZ/goI6fvDaVmIl3Td8oKFurOxTmbXvBPSsgrd6eu6HYg==",
+      "version": "11.2.0",
+      "resolved": "https://registry.npmjs.org/@vueuse/metadata/-/metadata-11.2.0.tgz",
+      "integrity": "sha512-L0ZmtRmNx+ZW95DmrgD6vn484gSpVeRbgpWevFKXwqqQxW9hnSi2Ppuh2BzMjnbv4aJRiIw8tQatXT9uOB23dQ==",
       "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/antfu"
       }
     },
     "node_modules/@vueuse/shared": {
-      "version": "11.1.0",
-      "resolved": "https://registry.npmjs.org/@vueuse/shared/-/shared-11.1.0.tgz",
-      "integrity": "sha512-YUtIpY122q7osj+zsNMFAfMTubGz0sn5QzE5gPzAIiCmtt2ha3uQUY1+JPyL4gRCTsLPX82Y9brNbo/aqlA91w==",
+      "version": "11.2.0",
+      "resolved": "https://registry.npmjs.org/@vueuse/shared/-/shared-11.2.0.tgz",
+      "integrity": "sha512-VxFjie0EanOudYSgMErxXfq6fo8vhr5ICI+BuE3I9FnX7ePllEsVrRQ7O6Q1TLgApeLuPKcHQxAXpP+KnlrJsg==",
       "license": "MIT",
       "dependencies": {
         "vue-demi": ">=0.14.10"
@@ -6520,9 +6520,9 @@
       }
     },
     "node_modules/pinia": {
-      "version": "2.2.4",
-      "resolved": "https://registry.npmjs.org/pinia/-/pinia-2.2.4.tgz",
-      "integrity": "sha512-K7ZhpMY9iJ9ShTC0cR2+PnxdQRuwVIsXDO/WIEV/RnMC/vmSoKDTKW/exNQYPI+4ij10UjXqdNiEHwn47McANQ==",
+      "version": "2.2.6",
+      "resolved": "https://registry.npmjs.org/pinia/-/pinia-2.2.6.tgz",
+      "integrity": "sha512-vIsR8JkDN5Ga2vAxqOE2cJj4VtsHnzpR1Fz30kClxlh0yCHfec6uoMeM3e/ddqmwFUejK3NlrcQa/shnpyT4hA==",
       "license": "MIT",
       "dependencies": {
         "@vue/devtools-api": "^6.6.3",
@@ -6534,7 +6534,7 @@
       "peerDependencies": {
         "@vue/composition-api": "^1.4.0",
         "typescript": ">=4.4.4",
-        "vue": "^2.6.14 || ^3.3.0"
+        "vue": "^2.6.14 || ^3.5.11"
       },
       "peerDependenciesMeta": {
         "@vue/composition-api": {
@@ -6768,9 +6768,9 @@
       }
     },
     "node_modules/quasar": {
-      "version": "2.17.1",
-      "resolved": "https://registry.npmjs.org/quasar/-/quasar-2.17.1.tgz",
-      "integrity": "sha512-4tnprxb+oEFChqcHGeQnprTmsr9gRK/R4N2O6Gg0AxpP22G9ttKeeqhH7+Soyjdi9RUcc6d5Y49T6rRg4hGJXw==",
+      "version": "2.17.2",
+      "resolved": "https://registry.npmjs.org/quasar/-/quasar-2.17.2.tgz",
+      "integrity": "sha512-wycJcrjXsNxyNFYaw7eviKAo0I3LaQap0GCHXUEiaAi4H+a9LJbgkoZSZKCP4M0UO4iVnkWVkQzsFodyHk5uHQ==",
       "license": "MIT",
       "engines": {
         "node": ">= 10.18.1",
diff --git a/package.json b/package.json
index 95f512ac..b579507c 100644
--- a/package.json
+++ b/package.json
@@ -10,17 +10,17 @@
     "format": "prettier --write \"**/*.{js,ts,vue,,html,md,json}\" --ignore-path .gitignore"
   },
   "dependencies": {
-    "@quasar/extras": "1.16.12",
-    "@vueuse/core": "11.1.0",
-    "@vueuse/integrations": "11.1.0",
-    "@vueuse/shared": "11.1.0",
+    "@quasar/extras": "1.16.13",
+    "@vueuse/core": "11.2.0",
+    "@vueuse/integrations": "11.2.0",
+    "@vueuse/shared": "11.2.0",
     "apexcharts": "3.54.1",
     "axios": "1.7.7",
     "dotenv": "16.4.5",
     "monaco-editor": "0.50.0",
-    "pinia": "2.2.4",
+    "pinia": "2.2.6",
     "qrcode": "1.5.4",
-    "quasar": "2.17.1",
+    "quasar": "2.17.2",
     "vue": "3.5.12",
     "vue-router": "4.4.5",
     "vue3-apexcharts": "1.7.0",

From 85f408ae940eb9614a1b3673d6fe94649b0431d9 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 8 Nov 2024 21:01:08 +0000
Subject: [PATCH 31/36] increase chunksize limit

---
 quasar.config.js | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/quasar.config.js b/quasar.config.js
index d9bc1e37..8a82845a 100644
--- a/quasar.config.js
+++ b/quasar.config.js
@@ -8,6 +8,7 @@
 // Configuration for your app
 // https://v2.quasar.dev/quasar-cli-vite/quasar-config-js
 
+const { mergeConfig } = require("vite");
 const { configure } = require("quasar/wrappers");
 const path = require("path");
 require("dotenv").config();
@@ -78,9 +79,19 @@ module.exports = configure(function (/* ctx */) {
       // polyfillModulePreload: true,
       distDir: "dist/",
 
-      // extendViteConf (viteConf) {},
+      extendViteConf(viteConf, { isServer, isClient }) {
+        viteConf.build = mergeConfig(viteConf.build, {
+          chunkSizeWarningLimit: 1600,
+          rollupOptions: {
+            output: {
+              entryFileNames: `[hash].js`,
+              chunkFileNames: `[hash].js`,
+              assetFileNames: `[hash].[ext]`,
+            },
+          },
+        });
+      },
       // viteVuePluginOptions: {},
-
       // vitePlugins: []
     },
 

From 64edab9df41b020133c5a95b58f819055de69a8b Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 8 Nov 2024 21:25:02 +0000
Subject: [PATCH 32/36] fix lint

---
 quasar.config.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/quasar.config.js b/quasar.config.js
index 8a82845a..af5aa71b 100644
--- a/quasar.config.js
+++ b/quasar.config.js
@@ -79,6 +79,8 @@ module.exports = configure(function (/* ctx */) {
       // polyfillModulePreload: true,
       distDir: "dist/",
 
+      /* eslint-disable quotes */
+      // eslint-disable-next-line @typescript-eslint/no-unused-vars
       extendViteConf(viteConf, { isServer, isClient }) {
         viteConf.build = mergeConfig(viteConf.build, {
           chunkSizeWarningLimit: 1600,
@@ -91,6 +93,7 @@ module.exports = configure(function (/* ctx */) {
           },
         });
       },
+      /* eslint-enable quotes */
       // viteVuePluginOptions: {},
       // vitePlugins: []
     },

From e51efaa9e2029498ae58d906a2fb442c4acfa372 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 15 Nov 2024 20:52:15 +0000
Subject: [PATCH 33/36] typo

---
 src/ee/sso/components/SSOProvidersTable.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index 76dbebcc..9c4ac671 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -92,7 +92,7 @@ For details, see: https://license.tacticalrmm.com/ee
                 <q-item-section>Copy Callback URL</q-item-section>
               </q-item>
 
-              <!-- javascript origin url (used by google oath) -->
+              <!-- javascript origin url (used by google oauth) -->
               <q-item
                 clickable
                 v-close-popup

From 9f143a7e0539b01ebc28858f2359800f9f124a18 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Fri, 15 Nov 2024 23:55:05 +0000
Subject: [PATCH 34/36] restore missing livepoll function that got missed
 during rework

---
 src/layouts/MainLayout.vue | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/layouts/MainLayout.vue b/src/layouts/MainLayout.vue
index 6d3a3b3b..b57f29bd 100644
--- a/src/layouts/MainLayout.vue
+++ b/src/layouts/MainLayout.vue
@@ -211,7 +211,7 @@
 </template>
 <script setup lang="ts">
 // composition imports
-import { computed, onMounted } from "vue";
+import { computed, onMounted, onBeforeUnmount, ref } from "vue";
 import { useQuasar } from "quasar";
 import { useStore } from "vuex";
 import { useDashboardStore } from "@/stores/dashboard";
@@ -315,8 +315,25 @@ const updateAvailable = computed(() => {
   return currentTRMMVersion.value !== latestTRMMVersion.value;
 });
 
+const poll = ref(null);
+
+function livePoll() {
+  poll.value = setInterval(
+    () => {
+      store.dispatch("checkVer");
+      store.dispatch("getDashInfo", false);
+    },
+    60 * 4 * 1000,
+  );
+}
+
 onMounted(() => {
   store.dispatch("getDashInfo");
   store.dispatch("checkVer");
+  livePoll();
+});
+
+onBeforeUnmount(() => {
+  clearInterval(poll.value);
 });
 </script>

From 4d8abbaa12d76b677c941d354359dd01260399e4 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Tue, 19 Nov 2024 23:14:45 +0000
Subject: [PATCH 35/36] make the modal persistent

---
 src/ee/sso/components/SSOProvidersForm.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ee/sso/components/SSOProvidersForm.vue b/src/ee/sso/components/SSOProvidersForm.vue
index cff16f49..56c4795f 100644
--- a/src/ee/sso/components/SSOProvidersForm.vue
+++ b/src/ee/sso/components/SSOProvidersForm.vue
@@ -5,7 +5,7 @@ For details, see: https://license.tacticalrmm.com/ee
 -->
 
 <template>
-  <q-dialog ref="dialogRef" @hide="onDialogHide">
+  <q-dialog persistent ref="dialogRef" @hide="onDialogHide">
     <q-card class="q-dialog-plugin" style="width: 35vw; max-width: 35vw">
       <q-bar>
         {{ props.provider ? "Edit OIDC Provider" : "Add OIDC Provider" }}

From 09ecc36bcd18d72281766d69f58506cf8f356b56 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Tue, 19 Nov 2024 23:15:17 +0000
Subject: [PATCH 36/36] wording

---
 src/components/accounts/UserSessionsTable.vue | 1 +
 src/ee/sso/components/SSOAccountsTable.vue    | 1 -
 src/ee/sso/components/SSOProvidersTable.vue   | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/components/accounts/UserSessionsTable.vue b/src/components/accounts/UserSessionsTable.vue
index 6f8242f1..3a093fdf 100644
--- a/src/components/accounts/UserSessionsTable.vue
+++ b/src/components/accounts/UserSessionsTable.vue
@@ -111,6 +111,7 @@ const loading = ref(false);
 function removeSession(token: AuthToken) {
   $q.dialog({
     title: `Disconnect session for ${token.user}?`,
+    message: "This user will be signed out immediately.",
     cancel: true,
     ok: { label: "Delete", color: "negative" },
   }).onOk(async () => {
diff --git a/src/ee/sso/components/SSOAccountsTable.vue b/src/ee/sso/components/SSOAccountsTable.vue
index ccadc4ec..8e261c86 100644
--- a/src/ee/sso/components/SSOAccountsTable.vue
+++ b/src/ee/sso/components/SSOAccountsTable.vue
@@ -120,7 +120,6 @@ const loading = ref(false);
 function removeSSOAccount(account: SSOAccount) {
   $q.dialog({
     title: `Disconnect social account: ${account.display}?`,
-    message: "If you are signed in with this account you will be logged off",
     cancel: true,
     ok: { label: "Delete", color: "negative" },
   }).onOk(async () => {
diff --git a/src/ee/sso/components/SSOProvidersTable.vue b/src/ee/sso/components/SSOProvidersTable.vue
index 9c4ac671..9d2ac97d 100644
--- a/src/ee/sso/components/SSOProvidersTable.vue
+++ b/src/ee/sso/components/SSOProvidersTable.vue
@@ -102,7 +102,7 @@ For details, see: https://license.tacticalrmm.com/ee
                   <q-icon name="description" />
                 </q-item-section>
                 <q-item-section
-                  >Copy Allowed JavaScript Origin to Clipboard</q-item-section
+                  >Copy Authorized JavaScript origin</q-item-section
                 >
               </q-item>