1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/outline_ynh.git synced 2024-09-03 19:56:12 +02:00

Setup LDAP auth for Outline through Dex app

This commit is contained in:
Limezy 2022-03-24 15:31:29 +07:00
parent afab5522a3
commit 43147112fc
9 changed files with 68 additions and 46 deletions

View file

@ -54,8 +54,8 @@ AWS_S3_ACL=private
# #
# When configuring the Client ID, add a redirect URL under "OAuth & Permissions": # When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
# https://<URL>/auth/slack.callback # https://<URL>/auth/slack.callback
SLACK_KEY=__SLACK_KEY__ SLACK_KEY=
SLACK_SECRET=__SLACK_SECRET__ SLACK_SECRET=
# To configure Google auth, you'll need to create an OAuth Client ID at # To configure Google auth, you'll need to create an OAuth Client ID at
# => https://console.cloud.google.com/apis/credentials # => https://console.cloud.google.com/apis/credentials
@ -75,18 +75,18 @@ AZURE_RESOURCE_APP_ID=
# To configure generic OIDC auth, you'll need some kind of identity provider. # To configure generic OIDC auth, you'll need some kind of identity provider.
# See documentation for whichever IdP you use to acquire the following info: # See documentation for whichever IdP you use to acquire the following info:
# Redirect URI is https://<URL>/auth/oidc.callback # Redirect URI is https://<URL>/auth/oidc.callback
OIDC_CLIENT_ID= OIDC_CLIENT_ID=__OIDC_NAME__
OIDC_CLIENT_SECRET= OIDC_CLIENT_SECRET=__OIDC_SECRET__
OIDC_AUTH_URI= OIDC_AUTH_URI=__DEX_DOMAIN____DEX_PATH__/auth
OIDC_TOKEN_URI= OIDC_TOKEN_URI=__DEX_DOMAIN____DEX_PATH__/token
OIDC_USERINFO_URI= OIDC_USERINFO_URI=__DEX_DOMAIN____DEX_PATH__/userinfo
# Specify which claims to derive user information from # Specify which claims to derive user information from
# Supports any valid JSON path with the JWT payload # Supports any valid JSON path with the JWT payload
OIDC_USERNAME_CLAIM=preferred_username OIDC_USERNAME_CLAIM=preferred_username
# Display name for OIDC authentication # Display name for OIDC authentication
OIDC_DISPLAY_NAME=OpenID OIDC_DISPLAY_NAME=Yunohost
# Space separated auth scopes. # Space separated auth scopes.
OIDC_SCOPES="openid profile email" OIDC_SCOPES="openid profile email"

View file

@ -2,22 +2,12 @@
1. Because this app can't yet run in the CI server, its integration level is unkonwn at the moment and standard Yunohost packages testing couldn't run yet. **Please don't use it on a prod server** 1. Because this app can't yet run in the CI server, its integration level is unkonwn at the moment and standard Yunohost packages testing couldn't run yet. **Please don't use it on a prod server**
2. The app requires MinIO app to be installed (MinIO installation is automatic, though) 2. The app requires MinIO app to be installed (MinIO installation is automatic, though)
3. The app is requiring two full dedicated domains (one for MinIO server, one for Outline) 3. The app is requiring three domains including two fully dedicated (one for MinIO server, one for Dex, one for Outline)
4. ARM architectures are not supported (and may never be as Outline was built for AMD64) 4. ARM architectures are not supported (and may never be as Outline was built for AMD64)
5. Not yet working Yunohost SSO integration (for now it requires a Slack account and Slack app - see below)
6. Because it's built from sources, the app requires an important amount of RAM, disk and time to install properly 6. Because it's built from sources, the app requires an important amount of RAM, disk and time to install properly
### How to create a "Slack app" and get your "Client ID" and "Signing Secret" ### How to create an admin user
You should perform all below steps before starting the package installation on Yunohost : The first user to login will automatically be granted admin rights
1. Visit https://api.slack.com/apps You can then change the user rights by default and/or change the admin user afterwards from the Outline settings page
2. Sign in into a Slack workspace
3. Create a new app from scratch
4. Give it a name and associate it to your workspace
![image](https://user-images.githubusercontent.com/24638389/134668089-3b1a73f2-dbca-47c4-8e57-1ee26d1c034a.png)
6. In the basic information tab, you'll find a "Client ID" and a "Signing Secret" - keep both as you'll need them to run the package installation
7. Go to "Features" then "OAuth & Permissions"
8. Add a new redirect URL. Use https://example.mydomain.fr/auth/slack.callback (assuming https://example.mydomain.fr is the domain on which you will install outline package)

View file

@ -31,7 +31,9 @@
"install" : [ "install" : [
{ {
"name": "domain", "name": "domain",
"type": "domain" "type": "domain",
"example": "wiki.domain.tld",
"ask": "Domain for Outline app. This will be the main domain to access the wiki. Outline has to be installed at the root"
}, },
{ {
"name": "is_public", "name": "is_public",
@ -49,19 +51,22 @@
"default": "en" "default": "en"
}, },
{ {
"name": "slack_key", "name": "dex_domain",
"type": "string", "type": "domain",
"ask": "Slack Client ID (from https://api.slack.com/apps)" "example": "auth.domain.tld",
"ask": "Domain for authentification. It can't be the same domain as above. Dex app will be installed and used for the authentification mechanism"
}, },
{ {
"name": "slack_secret", "name": "dex_path",
"type": "string", "type": "path",
"ask": "Slack Client Secret (from https://api.slack.com/apps)" "example": "/example",
"default": "/example"
}, },
{ {
"name": "minio_domain", "name": "minio_domain",
"type": "domain", "type": "domain",
"ask": "Domain for MinIO app (if not yet installed, it will automatically be). Please note that this domain has to be free from any app" "example": "docs.domain.tld",
"ask": "Domain for Minio app, used for images and attachements storage. If not yet installed, it will automatically be. Minio has to be installed at the root"
} }
] ]
} }

View file

@ -34,13 +34,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
language_key=$(ynh_app_setting_get --app=$app --key=language_key) language_key=$(ynh_app_setting_get --app=$app --key=language_key)
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
#================================================= #=================================================
# DECLARE DATA AND CONF FILES TO BACKUP # DECLARE DATA AND CONF FILES TO BACKUP

View file

@ -33,13 +33,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
language_key=$(ynh_app_setting_get --app=$app --key=language_key) language_key=$(ynh_app_setting_get --app=$app --key=language_key)
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
#================================================= #=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP

View file

@ -41,9 +41,6 @@ fi
secret_key=$(ynh_hex_32_random) secret_key=$(ynh_hex_32_random)
utils_secret=$(ynh_hex_32_random) utils_secret=$(ynh_hex_32_random)
slack_key=$YNH_APP_ARG_SLACK_KEY
slack_secret=$YNH_APP_ARG_SLACK_SECRET
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
#================================================= #=================================================
@ -64,6 +61,19 @@ minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
#=================================================
# CHECK IF MINIO IS INSTALLED, IF NOT INSTALL IT
#=================================================
ynh_script_progression --message="Installing Dex..." --weight=18
dex_domain=$YNH_APP_ARG_DEX_DOMAIN
dex_path=$YNH_APP_ARG_DEX_PATH
oidc_secret=$(ynh_hex_32_random)
oidc_name="Outline"
oidc_callback="$domain/auth/oidc.callback"
yunohost app install https://github.com/YunoHost-Apps/dex_ynh --force --args "domain=$dex_domain&path=$dex_path&OIDC_name=$oidc_name&OIDC_secret=$oidc_secret&OIDC_callback=$oidc_callback"
#================================================= #=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#================================================= #=================================================
@ -88,7 +98,11 @@ ynh_app_setting_set --app=$app --key=utils_secret --value=$utils_secret
ynh_app_setting_set --app=$app --key=slack_key --value=$slack_key ynh_app_setting_set --app=$app --key=slack_key --value=$slack_key
ynh_app_setting_set --app=$app --key=slack_secret --value=$slack_secret ynh_app_setting_set --app=$app --key=slack_secret --value=$slack_secret
ynh_app_setting_set --app=$app --key=language_key --value=$language_key ynh_app_setting_set --app=$app --key=language_key --value=$language_key
ynh_app_setting_set --app=$app --key=dex_domain --value=$dex_domain
ynh_app_setting_set --app=$app --key=dex_path --value=$dex_path
ynh_app_setting_set --app=$app --key=oidc_name --value=$oidc_name
ynh_app_setting_set --app=$app --key=oidc_secret --value=$oidc_secret
ynh_app_setting_set --app=$app --key=oidc_callback --value=$oidc_callback
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS

View file

@ -21,15 +21,16 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path_url) path_url=$(ynh_app_setting_get --app=$app --key=path_url)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
language_key=$(ynh_app_setting_get --app=$app --key=language_key) language_key=$(ynh_app_setting_get --app=$app --key=language_key)
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE

View file

@ -43,13 +43,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
language_key=$(ynh_app_setting_get --app=$app --key=language_key) language_key=$(ynh_app_setting_get --app=$app --key=language_key)
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
#================================================= #=================================================
# CHECK IF THE APP CAN BE RESTORED # CHECK IF THE APP CAN BE RESTORED

View file

@ -22,13 +22,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url)
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
language_key=$(ynh_app_setting_get --app=$app --key=language_key) language_key=$(ynh_app_setting_get --app=$app --key=language_key)
slack_key=$(ynh_app_setting_get --app=$app --key=slack_key)
slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret)
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret)
minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain)
minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key)
mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path)
dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain)
dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path)
oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret)
oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name)
oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback)
#================================================= #=================================================
# CHECK VERSION # CHECK VERSION