OIDC auth implemented, tests updated
This commit is contained in:
Vladimir D
committed by
Johannes Zellner
Johannes Zellner
parent
fdc4e20c77
commit
146b5ac17e
44
start.sh
44
start.sh
@@ -30,16 +30,40 @@ sed -e "s/DB_HOST=.*/DB_HOST=${CLOUDRON_POSTGRESQL_HOST}/g" \
|
||||
-e "s/WEB_DOMAIN=.*/WEB_DOMAIN=${CLOUDRON_APP_DOMAIN}/g" \
|
||||
-i /app/data/env.production
|
||||
|
||||
if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
|
||||
sed -e "s/LDAP_ENABLED=.*/LDAP_ENABLED=true/g" \
|
||||
-e "s/LDAP_HOST=.*/LDAP_HOST=${CLOUDRON_LDAP_SERVER}/g" \
|
||||
-e "s/LDAP_PORT=.*/LDAP_PORT=${CLOUDRON_LDAP_PORT}/g" \
|
||||
-e "s/LDAP_BASE=.*/LDAP_BASE=${CLOUDRON_LDAP_USERS_BASE_DN}/g" \
|
||||
-e "s/LDAP_BIND_DN=.*/LDAP_BIND_DN=${CLOUDRON_LDAP_BIND_DN}/g" \
|
||||
-e "s/LDAP_PASSWORD=.*/LDAP_PASSWORD=${CLOUDRON_LDAP_BIND_PASSWORD}/g" \
|
||||
# migrate LDAP settings to OIDC
|
||||
if grep -q "^LDAP_ENABLED" /app/data/env.production; then
|
||||
# get rid LDAP settings
|
||||
sed -e "s/LDAP_.*//g" \
|
||||
-e "s/# SSO configuration//g" \
|
||||
-i /app/data/env.production
|
||||
|
||||
cat >> /app/data/env.production <<EOT
|
||||
# SSO configuration
|
||||
OIDC_ENABLED=
|
||||
OIDC_DISPLAY_NAME=
|
||||
OIDC_ISSUER=
|
||||
OIDC_CLIENT_ID=
|
||||
OIDC_CLIENT_SECRET=
|
||||
OIDC_REDIRECT_URI=
|
||||
OIDC_DISCOVERY=
|
||||
OIDC_SCOPE=
|
||||
OIDC_UID_FIELD=
|
||||
EOT
|
||||
|
||||
fi
|
||||
|
||||
if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
|
||||
echo "==> Setting up OIDC"
|
||||
sed -e "s/OIDC_ENABLED=.*/OIDC_ENABLED=true/g" \
|
||||
-e "s/OIDC_DISPLAY_NAME=.*/OIDC_DISPLAY_NAME=Cloudron/g" \
|
||||
-e "s/OIDC_ISSUER=.*/OIDC_ISSUER=${CLOUDRON_OIDC_ISSUER//\//\\\/}/g" \
|
||||
-e "s/OIDC_CLIENT_ID=.*/OIDC_CLIENT_ID=${CLOUDRON_OIDC_CLIENT_ID}/g" \
|
||||
-e "s/OIDC_CLIENT_SECRET=.*/OIDC_CLIENT_SECRET=${CLOUDRON_OIDC_CLIENT_SECRET}/g" \
|
||||
-e "s/OIDC_REDIRECT_URI=.*/OIDC_REDIRECT_URI=${CLOUDRON_APP_ORIGIN//\//\\\/}\/auth\/auth\/openid_connect\/callback/g" \
|
||||
-e "s/OIDC_DISCOVERY=.*/OIDC_DISCOVERY=true/g" \
|
||||
-e "s/OIDC_SCOPE=.*/OIDC_SCOPE=openid,profile,email/g" \
|
||||
-e "s/OIDC_UID_FIELD=.*/OIDC_UID_FIELD=sub/g" \
|
||||
-i /app/data/env.production
|
||||
else
|
||||
sed -e "s/LDAP_ENABLED=.*/LDAP_ENABLED=false/g" -i /app/data/env.production
|
||||
fi
|
||||
|
||||
rm -f /run/mastodon/Gemfile.lock && cp /app/code/Gemfile.lock.original /run/mastodon/Gemfile.lock
|
||||
@@ -57,7 +81,7 @@ if grep -q "^SECRET_KEY_BASE=$" /app/data/env.production; then
|
||||
echo "==> Init database"
|
||||
HOME=/app/data SAFETY_ASSURED=1 bundle exec rails db:schema:load db:seed
|
||||
|
||||
if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
|
||||
if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
|
||||
echo "Disabling registration by default"
|
||||
PGPASSWORD=${CLOUDRON_POSTGRESQL_PASSWORD} psql -h ${CLOUDRON_POSTGRESQL_HOST} -p ${CLOUDRON_POSTGRESQL_PORT} -U ${CLOUDRON_POSTGRESQL_USERNAME} -d ${CLOUDRON_POSTGRESQL_DATABASE} \
|
||||
-c "INSERT INTO settings (var, value) VALUES ('registrations_mode', 'none')"
|
||||
|
||||
Reference in New Issue
Block a user