portal refactoring: update ssowat conf format with a dict mapping domains to portal urls. For now, let's have one portal per main/parent domain (which is anyway imposed by cookie management unless we reintroduce complex cross-domain authentication...)

2024-09-03 20:06:10 +02:00 · 2023-07-15 21:20:15 +02:00 · 2023-07-15 21:20:15 +02:00 · 4561f900df
commit 4561f900df
parent ec96558c81
2 changed files with 24 additions and 10 deletions
--- a/src/app.py
+++ b/src/app.py
@ -1712,7 +1712,7 @@ def app_ssowatconf():


    """
-    from yunohost.domain import domain_list, _get_maindomain, domain_config_get
+    from yunohost.domain import domain_list, _get_maindomain, domain_config_get, _get_domain_portal_dict
    from yunohost.permission import user_permission_list
    from yunohost.settings import settings_get

@ -1740,6 +1740,8 @@ def app_ssowatconf():
            ],
        }
    }
+
+    # FIXME : what's the reason we do this only for the maindomain ? x_X
    redirected_regex = {
        main_domain + r"/yunohost[\/]?$": "https://" + main_domain + "/yunohost/sso/"
    }
@ -1808,17 +1810,9 @@ def app_ssowatconf():
        "cookie_secret_file": "/etc/yunohost/.ssowat_cookie_secret",
        "cookie_name": "yunohost.portal",
        "theme": settings_get("misc.portal.portal_theme"),
-        "portal_domain": main_domain,
-        "portal_path": "/yunohost/sso/",
-        "additional_headers": {
-            "Auth-User": "uid",
-            "Remote-User": "uid",
-            "Name": "cn",
-            "Email": "mail",
-        },
-        "domains": domains,
        "redirected_urls": redirected_urls,
        "redirected_regex": redirected_regex,
+        "domain_portal_urls": _get_domain_portal_dict(),
        "permissions": permissions,
    }

--- a/src/domain.py
+++ b/src/domain.py
@ -99,6 +99,26 @@ def _get_domains(exclude_subdomains=False):
    return domain_list_cache


+def _get_domain_portal_dict():
+
+    domains = _get_domains()
+    out = OrderedDict()
+
+    for domain in domains:
+
+        parent = None
+
+        # Use the topest parent domain if any
+        for d in out.keys():
+            if domain.endswith(f".{d}"):
+                parent = d
+                break
+
+        out[domain] = f'{parent or domain}/yunohost/sso'
+
+    return dict(out)
+
+
 def domain_list(exclude_subdomains=False, tree=False, features=[]):
    """
    List domains