mirror of
https://github.com/YunoHost-Apps/gotosocial_ynh.git
synced 2024-09-03 19:16:06 +02:00
add OIDC pertaining variables in the scripts & in the config panel
This commit is contained in:
parent
0222c9640c
commit
043946baeb
5 changed files with 112 additions and 6 deletions
|
@ -611,36 +611,36 @@ tls-certificate-key: ""
|
||||||
# internal oauth flow will be used, where users sign in to GtS with username/password.
|
# internal oauth flow will be used, where users sign in to GtS with username/password.
|
||||||
# Options: [true, false]
|
# Options: [true, false]
|
||||||
# Default: false
|
# Default: false
|
||||||
oidc-enabled: false
|
oidc-enabled: __OIDC_ENABLED__
|
||||||
|
|
||||||
# String. Name of the oidc idp (identity provider). This will be shown to users when
|
# String. Name of the oidc idp (identity provider). This will be shown to users when
|
||||||
# they log in.
|
# they log in.
|
||||||
# Examples: ["Google", "Dex", "Auth0"]
|
# Examples: ["Google", "Dex", "Auth0"]
|
||||||
# Default: ""
|
# Default: ""
|
||||||
oidc-idp-name: ""
|
oidc-idp-name: "__OIDC_IDP_NAME__"
|
||||||
|
|
||||||
# Bool. Skip the normal verification flow of tokens returned from the OIDC provider, ie.,
|
# Bool. Skip the normal verification flow of tokens returned from the OIDC provider, ie.,
|
||||||
# don't check the expiry or signature. This should only be used in debugging or testing,
|
# don't check the expiry or signature. This should only be used in debugging or testing,
|
||||||
# never ever in a production environment as it's extremely unsafe!
|
# never ever in a production environment as it's extremely unsafe!
|
||||||
# Options: [true, false]
|
# Options: [true, false]
|
||||||
# Default: false
|
# Default: false
|
||||||
oidc-skip-verification: false
|
oidc-skip-verification: __OIDC_SKIP_VERIFICATION__
|
||||||
|
|
||||||
# String. The OIDC issuer URI. This is where GtS will redirect users to for login.
|
# String. The OIDC issuer URI. This is where GtS will redirect users to for login.
|
||||||
# Typically this will look like a standard web URL.
|
# Typically this will look like a standard web URL.
|
||||||
# Examples: ["https://auth.example.org", "https://example.org/auth"]
|
# Examples: ["https://auth.example.org", "https://example.org/auth"]
|
||||||
# Default: ""
|
# Default: ""
|
||||||
oidc-issuer: ""
|
oidc-issuer: "__OIDC_ISSUER__"
|
||||||
|
|
||||||
# String. The ID for this client as registered with the OIDC provider.
|
# String. The ID for this client as registered with the OIDC provider.
|
||||||
# Examples: ["some-client-id", "fda3772a-ad35-41c9-9a59-f1943ad18f54"]
|
# Examples: ["some-client-id", "fda3772a-ad35-41c9-9a59-f1943ad18f54"]
|
||||||
# Default: ""
|
# Default: ""
|
||||||
oidc-client-id: ""
|
oidc-client-id: "__OIDC_CLIENT_ID__"
|
||||||
|
|
||||||
# String. The secret for this client as registered with the OIDC provider.
|
# String. The secret for this client as registered with the OIDC provider.
|
||||||
# Examples: ["super-secret-business", "79379cf5-8057-426d-bb83-af504d98a7b0"]
|
# Examples: ["super-secret-business", "79379cf5-8057-426d-bb83-af504d98a7b0"]
|
||||||
# Default: ""
|
# Default: ""
|
||||||
oidc-client-secret: ""
|
oidc-client-secret: "__OIDC_CLIENT_SECRET__"
|
||||||
|
|
||||||
# Array of string. Scopes to request from the OIDC provider. The returned values will be used to
|
# Array of string. Scopes to request from the OIDC provider. The returned values will be used to
|
||||||
# populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required.
|
# populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required.
|
||||||
|
|
|
@ -406,6 +406,72 @@ Cette limite est basée sur des estimations de la taille des objets en mémoire
|
||||||
Exemples : 100MiB, 200MiB, 500MiB, 1GiB; Par défaut : 100MiB"""
|
Exemples : 100MiB, 200MiB, 500MiB, 1GiB; Par défaut : 100MiB"""
|
||||||
type = "string"
|
type = "string"
|
||||||
|
|
||||||
|
####################
|
||||||
|
#### OIDC SETTINGS
|
||||||
|
####################
|
||||||
|
|
||||||
|
[main.OIDC]
|
||||||
|
|
||||||
|
name = "OpenID Connect settings"
|
||||||
|
|
||||||
|
help = "Settings pertaining to... OpenID Connect"
|
||||||
|
|
||||||
|
[main.OIDC.oidc_enabled]
|
||||||
|
ask.en = "Activate OpenID Connect?"
|
||||||
|
ask.fr = "Activer OpenID Connect ?"
|
||||||
|
bind = "oidc-enabled:__FINALPATH__/config.yaml"
|
||||||
|
choices = ["true", "false"]
|
||||||
|
default = "false"
|
||||||
|
help.en = "Enable authentication with external OIDC provider."
|
||||||
|
help.fr = "Activer l'authentification avec un fournisseur OIDC externe"
|
||||||
|
type = "select"
|
||||||
|
|
||||||
|
[main.cache.oidc_idp_name]
|
||||||
|
ask.en = "Name of the OIDC IDP (identity provider)"
|
||||||
|
ask.fr = "Nom de l'OIDC IDP (identity provider)"
|
||||||
|
bind = "oidc-idp-name:__FINALPATH__/config.yaml"
|
||||||
|
default = ""
|
||||||
|
help.en = "This will be shown to users when they log in. Examples: \"Dex\" or \"YunoHost\""
|
||||||
|
help.fr = "Sera affiché aux utilisateurices lros de leur connexion. Exemples: \"Dex\" ou \"YunoHost\""
|
||||||
|
type = "string"
|
||||||
|
|
||||||
|
[main.OIDC.oidc_skip_verification]
|
||||||
|
ask.en = "Skip the normal verification flow of tokens returned from the OIDC provider"
|
||||||
|
ask.fr = "Passer la vérification du flux des jetons renvoyés par le fournisseur OIDC"
|
||||||
|
bind = "oidc-skip-verification:__FINALPATH__/config.yaml"
|
||||||
|
choices = ["true", "false"]
|
||||||
|
default = "false"
|
||||||
|
help.en = "ie. don't check the expiry or signature. This should only be used in debugging or testing, never ever in a production environment as it's extremely unsafe!"
|
||||||
|
help.fr = "C'est-à-dire, ne pas vérifier l'expiration ou la signature. Cette méthode ne doit être utilisée qu'en cas de débogage ou de test, jamais dans un environnement de production, car elle est extrêmement dangereuse !"
|
||||||
|
type = "select"
|
||||||
|
|
||||||
|
[main.OIDC.oidc_issuer]
|
||||||
|
ask.en = "The OIDC issuer URI."
|
||||||
|
ask.fr = "URI du fournisseur OIDC"
|
||||||
|
bind = "oidc-issuer:__FINALPATH__/config.yaml"
|
||||||
|
default = ""
|
||||||
|
help.en = "This is where GtS will redirect users to for login. Typically this will look like a standard web URL. Examples: \"https://auth.example.org\", \"https://example.org/auth\""
|
||||||
|
help.fr = ""
|
||||||
|
type = "string"
|
||||||
|
|
||||||
|
[main.OIDC.oidc_client_id]
|
||||||
|
ask.en = "OIDC client ID"
|
||||||
|
ask.fr = "Client ID du fournisseur OIDC"
|
||||||
|
bind = "oidc-client-id:__FINALPATH__/config.yaml"
|
||||||
|
default = ""
|
||||||
|
help.en = "The ID for this client as registered with the OIDC provider."
|
||||||
|
help.fr = ""
|
||||||
|
type = "string"
|
||||||
|
|
||||||
|
[main.OIDC.oidc_client_secret]
|
||||||
|
ask.en = "OIDC client secret (password)"
|
||||||
|
ask.fr = "Client secret (mot de passe) du fournisseur OIDC"
|
||||||
|
bind = "oidc-client-secret:__FINALPATH__/config.yaml"
|
||||||
|
default = ""
|
||||||
|
help.en = "The secret for this client as registered with the OIDC provider."
|
||||||
|
help.fr = ""
|
||||||
|
type = "string"
|
||||||
|
|
||||||
####################
|
####################
|
||||||
#### ADVANCED SETTINGS
|
#### ADVANCED SETTINGS
|
||||||
####################
|
####################
|
||||||
|
|
|
@ -76,6 +76,13 @@ statuses_poll_max_options="6"
|
||||||
statuses_poll_option_max_chars="50"
|
statuses_poll_option_max_chars="50"
|
||||||
statuses_media_max_files="6"
|
statuses_media_max_files="6"
|
||||||
|
|
||||||
|
oidc_enabled="false"
|
||||||
|
oidc_idp_name=""
|
||||||
|
oidc_skip_verification="false"
|
||||||
|
oidc_issuer=""
|
||||||
|
oidc_client_id=""
|
||||||
|
oidc_client_secret=""
|
||||||
|
|
||||||
smtp_host="localhost"
|
smtp_host="localhost"
|
||||||
smtp_port="25"
|
smtp_port="25"
|
||||||
smtp_username=""
|
smtp_username=""
|
||||||
|
|
|
@ -81,6 +81,13 @@ statuses_poll_max_options=$(ynh_app_setting_get --app="$app" --key=statuses_poll
|
||||||
statuses_poll_option_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_poll_option_max_chars)
|
statuses_poll_option_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_poll_option_max_chars)
|
||||||
statuses_media_max_files=$(ynh_app_setting_get --app="$app" --key=statuses_media_max_files)
|
statuses_media_max_files=$(ynh_app_setting_get --app="$app" --key=statuses_media_max_files)
|
||||||
|
|
||||||
|
oidc_enabled=$(ynh_app_setting_get --app="$app" --key=oidc_enabled)
|
||||||
|
oidc_idp_name=$(ynh_app_setting_get --app="$app" --key=oidc_idp_name)
|
||||||
|
oidc_skip_verification=$(ynh_app_setting_get --app="$app" --key=oidc_skip_verification)
|
||||||
|
oidc_issuer=$(ynh_app_setting_get --app="$app" --key=oidc_issuer)
|
||||||
|
oidc_client_id=$(ynh_app_setting_get --app="$app" --key=oidc_client_id)
|
||||||
|
oidc_client_secret=$(ynh_app_setting_get --app="$app" --key=oidc_client_secret)
|
||||||
|
|
||||||
smtp_host=$(ynh_app_setting_get --app="$app" --key=smtp_host)
|
smtp_host=$(ynh_app_setting_get --app="$app" --key=smtp_host)
|
||||||
smtp_port=$(ynh_app_setting_get --app="$app" --key=smtp_port)
|
smtp_port=$(ynh_app_setting_get --app="$app" --key=smtp_port)
|
||||||
smtp_username=$(ynh_app_setting_get --app="$app" --key=smtp_username)
|
smtp_username=$(ynh_app_setting_get --app="$app" --key=smtp_username)
|
||||||
|
|
|
@ -69,6 +69,13 @@ statuses_poll_max_options=$(ynh_app_setting_get --app="$app" --key=statuses_poll
|
||||||
statuses_poll_option_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_poll_option_max_chars)
|
statuses_poll_option_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_poll_option_max_chars)
|
||||||
statuses_media_max_files=$(ynh_app_setting_get --app="$app" --key=statuses_media_max_files)
|
statuses_media_max_files=$(ynh_app_setting_get --app="$app" --key=statuses_media_max_files)
|
||||||
|
|
||||||
|
oidc_enabled=$(ynh_app_setting_get --app="$app" --key=oidc_enabled)
|
||||||
|
oidc_idp_name=$(ynh_app_setting_get --app="$app" --key=oidc_idp_name)
|
||||||
|
oidc_skip_verification=$(ynh_app_setting_get --app="$app" --key=oidc_skip_verification)
|
||||||
|
oidc_issuer=$(ynh_app_setting_get --app="$app" --key=oidc_issuer)
|
||||||
|
oidc_client_id=$(ynh_app_setting_get --app="$app" --key=oidc_client_id)
|
||||||
|
oidc_client_secret=$(ynh_app_setting_get --app="$app" --key=oidc_client_secret)
|
||||||
|
|
||||||
smtp_host=$(ynh_app_setting_get --app="$app" --key=smtp_host)
|
smtp_host=$(ynh_app_setting_get --app="$app" --key=smtp_host)
|
||||||
smtp_port=$(ynh_app_setting_get --app="$app" --key=smtp_port)
|
smtp_port=$(ynh_app_setting_get --app="$app" --key=smtp_port)
|
||||||
smtp_username=$(ynh_app_setting_get --app="$app" --key=smtp_username)
|
smtp_username=$(ynh_app_setting_get --app="$app" --key=smtp_username)
|
||||||
|
@ -336,6 +343,25 @@ then
|
||||||
ynh_app_setting_set --app="$app" --key=instance_federation_mode --value="$instance_federation_mode"
|
ynh_app_setting_set --app="$app" --key=instance_federation_mode --value="$instance_federation_mode"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Upgrade from <0.12.1~ynh2:
|
||||||
|
if ynh_compare_current_package_version --comparison lt --version 0.12.1~ynh2 || [ -z "$oidc_enabled" ]
|
||||||
|
then
|
||||||
|
# declaration of new parameter
|
||||||
|
oidc_enabled="false"
|
||||||
|
oidc_idp_name=""
|
||||||
|
oidc_skip_verification="false"
|
||||||
|
oidc_issuer=""
|
||||||
|
oidc_client_id=""
|
||||||
|
oidc_client_secret=""
|
||||||
|
# registration of parameter
|
||||||
|
ynh_app_setting_set --app="$app" --key=oidc_enabled --value="$oidc_enabled"
|
||||||
|
ynh_app_setting_set --app="$app" --key=oidc_idp_name --value="$oidc_idp_name"
|
||||||
|
ynh_app_setting_set --app="$app" --key=oidc_skip_verification --value="$oidc_skip_verification"
|
||||||
|
ynh_app_setting_set --app="$app" --key=oidc_issuer --value="$oidc_issuer"
|
||||||
|
ynh_app_setting_set --app="$app" --key=oidc_client_id --value="$oidc_client_id"
|
||||||
|
ynh_app_setting_set --app="$app" --key=oidc_client_secret --value="$oidc_client_secret"
|
||||||
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE DEDICATED USER
|
# CREATE DEDICATED USER
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
Loading…
Add table
Reference in a new issue