From b0b128f53de7e1894d44d4fff0884121d1d16775 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 7 Oct 2023 17:38:52 +0200 Subject: [PATCH] Remove unused 'redirected_regex' mechanism, + we don't need the label and show_tile property on acls --- README.md | 13 +------------ access.lua | 13 ------------- conf.json.example | 3 --- 3 files changed, 1 insertion(+), 28 deletions(-) diff --git a/README.md b/README.md index 9db97de..dcfbce9 100644 --- a/README.md +++ b/README.md @@ -55,11 +55,8 @@ Only the `portal_domain` SSOwat configuration parameters is required, but it is - `cookie_secret_file`: Where the secret used for signing and encrypting cookie is stored. It should only be readable by root. - `cookie_name`: The name of the cookie used for authentication. Its content is expected to be a JWT signed with the cookie secret and should contain a key `user` and `password` (which is needed for Basic HTTP Auth). Because JWT is only encoded and signed (not encrypted), the `password` is expected to be encrypted using the cookie secret. -- `portal_domain`: Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**). -- `portal_path`: URI of the authentication portal (**default**: `/ssowat/`). This path **must** end with “`/`”. -- `domains`: List of handled domains (**default**: similar to `portal_domain`). +- `domain_portal_urls`: Location of the portal to use for login and browsing apps, to redirect to when access to some route is denied - `redirected_urls`: Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ "/": "example.org/subpath" }`). -- `redirected_regex`: Array of regular expressions to be matched against URLs **and** URIs and their redirect URI/URL (**example**: `{ "example.org/megusta$": "example.org/subpath" }`). ### `permissions` @@ -107,18 +104,10 @@ The list of permissions depicted as follows: Does the SSO add an authentication header that allows certain apps to connect automatically? (**True by default**) -#### label - -A user-friendly name displayed in the portal and in the administration panel to manage permission. (**By convention it is of the form: Name of the app (specificity of this permission)**) - #### public Can a person who is not connected to the SSO have access to this authorization? -#### show_tile - -Display or not the tile in the user portal. - #### uris A list of url attatched to this permission, a regex url start with `re:`. diff --git a/access.lua b/access.lua index 5854339..614313a 100644 --- a/access.lua +++ b/access.lua @@ -151,17 +151,6 @@ if conf["redirected_urls"] then end end -if conf["redirected_regex"] then - for regex, redirect_url in pairs(conf["redirected_regex"]) do - if match(ngx.var.host..ngx.var.uri..uri_args_string(), regex) - or match(ngx.var.scheme.."://"..ngx.var.host..ngx.var.uri..uri_args_string(), regex) - or match(ngx.var.uri..uri_args_string(), regex) then - logger:debug("Found in redirected_regex, redirecting to "..url) - ngx.redirect(convert_to_absolute_url(redirect_url)) - end - end -end - -- ########################################################################### -- 3. IDENTIFY PERMISSION MATCHING THE REQUESTED URL -- @@ -169,9 +158,7 @@ end -- -- "foobar": { -- "auth_header": false, --- "label": "Foobar permission", -- "public": false, --- "show_tile": true, -- "uris": [ -- "yolo.test/foobar", -- "re:^[^/]*/%.well%-known/foobar/.*$", diff --git a/conf.json.example b/conf.json.example index fa5ab05..19f9a63 100644 --- a/conf.json.example +++ b/conf.json.example @@ -55,8 +55,5 @@ ] } }, - "redirected_regex": { - "example.tld/yunohost[\\/]?$": "https://example.tld/yunohost/sso/" - }, "redirected_urls": {} }