Update comentario
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
@@ -144,7 +144,7 @@ index 7d3dc792..723e8149 100644
|
||||
[InstanceConfigItemKey.operationNewOwnerEnabled]: $localize`Non-owner users can add domains`,
|
||||
// Domain defaults
|
||||
diff --git a/internal/api/restapi/handlers/oauth.go b/internal/api/restapi/handlers/oauth.go
|
||||
index 0d8cd282..01324302 100644
|
||||
index 8c5129f2..3837d229 100644
|
||||
--- a/internal/api/restapi/handlers/oauth.go
|
||||
+++ b/internal/api/restapi/handlers/oauth.go
|
||||
@@ -220,7 +220,7 @@ func AuthOauthCallback(params api_general.AuthOauthCallbackParams) middleware.Re
|
||||
@@ -156,15 +156,26 @@ index 0d8cd282..01324302 100644
|
||||
|
||||
} else if sso {
|
||||
// SSO embed signup
|
||||
@@ -248,9 +248,18 @@ func AuthOauthCallback(params api_general.AuthOauthCallbackParams) middleware.Re
|
||||
@@ -248,9 +248,29 @@ func AuthOauthCallback(params api_general.AuthOauthCallbackParams) middleware.Re
|
||||
return errors.New(errMessage)
|
||||
}
|
||||
|
||||
+ // Check if the superuser claim is set
|
||||
+ superuser := false
|
||||
+ if raw, ok := fedUser.RawData[config.ServerConfig.SuperuserClaim]; ok {
|
||||
+ if isAdmin, ok := raw.(bool); ok && isAdmin {
|
||||
+ superuser = true
|
||||
+ if fidp, ok := config.FederatedIdProviders[models.FederatedIdpID(idpID)]; ok {
|
||||
+ if fidp.SuperuserClaim != "" {
|
||||
+ if raw, ok := fedUser.RawData[fidp.SuperuserClaim]; ok {
|
||||
+ switch v := raw.(type) {
|
||||
+ case bool:
|
||||
+ if v {
|
||||
+ superuser = true
|
||||
+ }
|
||||
+ case string:
|
||||
+ if v == "true" || v == "1" {
|
||||
+ superuser = true
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
@@ -173,25 +184,51 @@ index 0d8cd282..01324302 100644
|
||||
WithConfirmed(true). // Confirm the user right away as we trust the IdP
|
||||
+ WithSuperuser(superuser).
|
||||
WithLangFromReq(params.HTTPRequest).
|
||||
WithSignup(params.HTTPRequest, authSession.Host, !config.ServerConfig.LogFullIPs).
|
||||
WithSignup(params.HTTPRequest, authSession.Host, !config.ServerConfig.Logging.FullIPs).
|
||||
WithFederated(fedUser.UserID, idpID).
|
||||
diff --git a/internal/config/config.go b/internal/config/config.go
|
||||
index e1292447..1715a7f6 100644
|
||||
--- a/internal/config/config.go
|
||||
+++ b/internal/config/config.go
|
||||
@@ -36,6 +36,7 @@ type ServerConfiguration struct {
|
||||
TemplatePath string `long:"template-path" description:"Path to template files" default:"./templates" env:"TEMPLATE_PATH"`
|
||||
SecretsFile string `long:"secrets" description:"Path to YAML file with secrets" default:"secrets.yaml" env:"SECRETS_FILE"`
|
||||
Superuser string `long:"superuser" description:"ID or email of user to be made superuser" default:"" env:"SUPERUSER"`
|
||||
+ SuperuserClaim string `long:"superuser-claim" description:"Name of the OIDC claim for superusers" default:"is_superuser" env:"SUPERUSER_CLAIM"`
|
||||
LogFullIPs bool `long:"log-full-ips" description:"Log IP addresses in full" env:"LOG_FULL_IPS"`
|
||||
HomeContentURL string `long:"home-content-url" description:"URL of a HTML page to display on homepage" env:"HOME_CONTENT_URL"`
|
||||
GitLabURL string `long:"gitlab-url" description:"Custom GitLab URL for authentication" default:"" env:"GITLAB_URL"`
|
||||
diff --git a/internal/config/oauth.go b/internal/config/oauth.go
|
||||
index 10917c44..7ba997d9 100644
|
||||
--- a/internal/config/oauth.go
|
||||
+++ b/internal/config/oauth.go
|
||||
@@ -177,9 +177,10 @@ func oidcConfigure() error {
|
||||
// Add it to the configured providers map
|
||||
mid := models.FederatedIdpID(qid)
|
||||
FederatedIdProviders[mid] = &data.FederatedIdentityProvider{
|
||||
- ID: mid,
|
||||
- Name: p.Name,
|
||||
- GothName: qid,
|
||||
+ ID: mid,
|
||||
+ Name: p.Name,
|
||||
+ GothName: qid,
|
||||
+ SuperuserClaim: p.SuperuserClaim,
|
||||
}
|
||||
cnt++
|
||||
}
|
||||
diff --git a/internal/config/secrets.go b/internal/config/secrets.go
|
||||
index d3e2af97..92f33f74 100644
|
||||
--- a/internal/config/secrets.go
|
||||
+++ b/internal/config/secrets.go
|
||||
@@ -59,10 +59,11 @@ type APIKey struct {
|
||||
|
||||
// OIDCProvider stores OIDC provider configuration
|
||||
type OIDCProvider struct {
|
||||
- KeySecretURL `yaml:",inline"`
|
||||
- ID string `yaml:"id"` // Unique provider ID, e.g. "keycloak"
|
||||
- Name string `yaml:"name"` // Provider display name, e.g. "Keycloak"
|
||||
- Scopes []string `yaml:"scopes"` // Additional scopes to request
|
||||
+ KeySecretURL `yaml:",inline"`
|
||||
+ ID string `yaml:"id"` // Unique provider ID, e.g. "keycloak"
|
||||
+ Name string `yaml:"name"` // Provider display name, e.g. "Keycloak"
|
||||
+ Scopes []string `yaml:"scopes"` // Additional scopes to request
|
||||
+ SuperuserClaim string `yaml:"superuserClaim"` // Name of the OIDC claim for superusers
|
||||
}
|
||||
|
||||
// QualifiedID returns the provider's ID prepended with the common OIDC prefix
|
||||
diff --git a/internal/data/dyn_config.go b/internal/data/dyn_config.go
|
||||
index 8595ea2a..621fd132 100644
|
||||
index 0cd0d64e..b4ff042d 100644
|
||||
--- a/internal/data/dyn_config.go
|
||||
+++ b/internal/data/dyn_config.go
|
||||
@@ -170,6 +170,7 @@ const (
|
||||
@@ -171,6 +171,7 @@ const (
|
||||
ConfigKeyAuthSignupConfirmCommenter DynConfigItemKey = "auth.signup.confirm.commenter"
|
||||
ConfigKeyAuthSignupConfirmUser DynConfigItemKey = "auth.signup.confirm.user"
|
||||
ConfigKeyAuthSignupEnabled DynConfigItemKey = "auth.signup.enabled"
|
||||
@@ -199,7 +236,7 @@ index 8595ea2a..621fd132 100644
|
||||
ConfigKeyIntegrationsUseGravatar DynConfigItemKey = "integrations.useGravatar"
|
||||
ConfigKeyOperationNewOwnerEnabled DynConfigItemKey = "operation.newOwner.enabled"
|
||||
)
|
||||
@@ -203,6 +204,7 @@ var DefaultDynInstanceConfig = DynConfigMap{
|
||||
@@ -204,6 +205,7 @@ var DefaultDynInstanceConfig = DynConfigMap{
|
||||
ConfigKeyAuthSignupConfirmCommenter: {DefaultValue: "true", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionAuth},
|
||||
ConfigKeyAuthSignupConfirmUser: {DefaultValue: "true", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionAuth},
|
||||
ConfigKeyAuthSignupEnabled: {DefaultValue: "true", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionAuth},
|
||||
@@ -207,3 +244,21 @@ index 8595ea2a..621fd132 100644
|
||||
ConfigKeyIntegrationsUseGravatar: {DefaultValue: "true", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionIntegrations},
|
||||
ConfigKeyOperationNewOwnerEnabled: {DefaultValue: "false", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionMisc},
|
||||
ConfigKeyDomainDefaultsPrefix + DomainConfigKeyCommentDeletionAuthor: {DefaultValue: "true", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionComments},
|
||||
diff --git a/internal/data/models.go b/internal/data/models.go
|
||||
index 4561fad5..0b491724 100644
|
||||
--- a/internal/data/models.go
|
||||
+++ b/internal/data/models.go
|
||||
@@ -74,9 +74,10 @@ func (sd SortDirection) ToOrderedExpression(ident string) exp.OrderedExpression
|
||||
|
||||
// FederatedIdentityProvider describes a federated identity provider
|
||||
type FederatedIdentityProvider struct {
|
||||
- ID models.FederatedIdpID // Provider ID
|
||||
- Name string // Provider name
|
||||
- GothName string // Name of the corresponding goth provider
|
||||
+ ID models.FederatedIdpID // Provider ID
|
||||
+ Name string // Provider name
|
||||
+ GothName string // Name of the corresponding goth provider
|
||||
+ SuperuserClaim string // Name of the OIDC claim for superusers
|
||||
}
|
||||
|
||||
// ToDTO converts this model into an API model
|
||||
|
||||
Reference in New Issue
Block a user