1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2024-08-20 21:08:15 -07:00

Compare commits

...

2 commits

Author SHA1 Message Date
Matt Jankowski
7965b8bf8c
Merge 027143561b into 549ab089ee 2024-07-31 11:06:49 +00:00
Matt Jankowski
027143561b Move omniauth feature enabled checks to config_for yml 2024-07-25 11:17:56 -04:00
11 changed files with 35 additions and 23 deletions

View file

@ -79,7 +79,7 @@ class ApplicationController < ActionController::Base
end end
def after_sign_out_path_for(_resource_or_scope) def after_sign_out_path_for(_resource_or_scope)
if ENV['OMNIAUTH_ONLY'] == 'true' && ENV['OIDC_ENABLED'] == 'true' if Rails.configuration.x.omniauth.only && Rails.configuration.x.omniauth.oidc_enabled
'/auth/auth/openid_connect/logout' '/auth/auth/openid_connect/logout'
else else
new_user_session_path new_user_session_path

View file

@ -11,7 +11,7 @@ module WebAppControllerConcern
end end
def skip_csrf_meta_tags? def skip_csrf_meta_tags?
!(ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1) && current_user.nil? !(ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && Rails.configuration.x.omniauth.only && Devise.omniauth_providers.length == 1) && current_user.nil?
end end
def set_app_body_class def set_app_body_class

View file

@ -49,7 +49,7 @@ module ApplicationHelper
end end
def omniauth_only? def omniauth_only?
ENV['OMNIAUTH_ONLY'] == 'true' Rails.configuration.x.omniauth.only
end end
def link_to_login(name = nil, html_options = nil, &block) def link_to_login(name = nil, html_options = nil, &block)

View file

@ -12,7 +12,7 @@ module RegistrationHelper
end end
def omniauth_only? def omniauth_only?
ENV['OMNIAUTH_ONLY'] == 'true' Rails.configuration.x.omniauth.only
end end
def ip_blocked?(remote_ip) def ip_blocked?(remote_ip)

View file

@ -125,6 +125,6 @@ class InitialStateSerializer < ActiveModel::Serializer
end end
def sso_redirect def sso_redirect
"/auth/auth/#{Devise.omniauth_providers[0]}" if ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1 "/auth/auth/#{Devise.omniauth_providers[0]}" if ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && Rails.configuration.x.omniauth.only && Devise.omniauth_providers.length == 1
end end
end end

View file

@ -112,6 +112,9 @@ module Mastodon
end end
end end
# Load config/omniauth.yml settings
config.x.omniauth = config_for(:omniauth)
config.to_prepare do config.to_prepare do
Doorkeeper::AuthorizationsController.layout 'modal' Doorkeeper::AuthorizationsController.layout 'modal'
Doorkeeper::AuthorizedApplicationsController.layout 'admin' Doorkeeper::AuthorizedApplicationsController.layout 'admin'

View file

@ -10,7 +10,7 @@ end
Devise.setup do |config| Devise.setup do |config|
# CAS strategy # CAS strategy
if ENV['CAS_ENABLED'] == 'true' if Rails.configuration.x.omniauth.cas_enabled
cas_options = {} cas_options = {}
cas_options[:display_name] = ENV['CAS_DISPLAY_NAME'] cas_options[:display_name] = ENV['CAS_DISPLAY_NAME']
cas_options[:url] = ENV['CAS_URL'] if ENV['CAS_URL'] cas_options[:url] = ENV['CAS_URL'] if ENV['CAS_URL']
@ -39,7 +39,7 @@ Devise.setup do |config|
end end
# SAML strategy # SAML strategy
if ENV['SAML_ENABLED'] == 'true' if Rails.configuration.x.omniauth.saml_enabled
saml_options = {} saml_options = {}
saml_options[:display_name] = ENV['SAML_DISPLAY_NAME'] saml_options[:display_name] = ENV['SAML_DISPLAY_NAME']
saml_options[:assertion_consumer_service_url] = ENV['SAML_ACS_URL'] if ENV['SAML_ACS_URL'] saml_options[:assertion_consumer_service_url] = ENV['SAML_ACS_URL'] if ENV['SAML_ACS_URL']
@ -71,7 +71,7 @@ Devise.setup do |config|
end end
# OpenID Connect Strategy # OpenID Connect Strategy
if ENV['OIDC_ENABLED'] == 'true' if Rails.configuration.x.omniauth.oidc_enabled
oidc_options = {} oidc_options = {}
oidc_options[:display_name] = ENV['OIDC_DISPLAY_NAME'] # OPTIONAL oidc_options[:display_name] = ENV['OIDC_DISPLAY_NAME'] # OPTIONAL
oidc_options[:issuer] = ENV['OIDC_ISSUER'] if ENV['OIDC_ISSUER'] # NEED oidc_options[:issuer] = ENV['OIDC_ISSUER'] if ENV['OIDC_ISSUER'] # NEED

View file

@ -14,7 +14,7 @@ media_hosts = policy.media_hosts
def sso_host def sso_host
return unless ENV['ONE_CLICK_SSO_LOGIN'] == 'true' return unless ENV['ONE_CLICK_SSO_LOGIN'] == 'true'
return unless ENV['OMNIAUTH_ONLY'] == 'true' return unless Rails.configuration.omniauth.only
return unless Devise.omniauth_providers.length == 1 return unless Devise.omniauth_providers.length == 1
provider = Devise.omniauth_configs[Devise.omniauth_providers[0]] provider = Devise.omniauth_configs[Devise.omniauth_providers[0]]

6
config/omniauth.yml Normal file
View file

@ -0,0 +1,6 @@
---
shared:
only: <%= ENV.fetch('OMNIAUTH_ONLY', 'false') == 'true' %>
cas_enabled: <%= ENV.fetch('CAS_ENABLED', 'false') == 'true' %>
oidc_enabled: <%= ENV.fetch('OIDC_ENABLED', 'false') == 'true' %>
saml_enabled: <%= ENV.fetch('SAML_ENABLED', 'false') == 'true' %>

View file

@ -88,9 +88,10 @@ describe ApplicationHelper do
context 'when in omniauth only mode' do context 'when in omniauth only mode' do
around do |example| around do |example|
ClimateControl.modify OMNIAUTH_ONLY: 'true' do original = Rails.configuration.x.omniauth.only
example.run Rails.configuration.x.omniauth.only = true
end example.run
Rails.configuration.x.omniauth.only = original
end end
it 'redirects to joinmastodon site' do it 'redirects to joinmastodon site' do
@ -106,11 +107,12 @@ describe ApplicationHelper do
end end
describe 'omniauth_only?' do describe 'omniauth_only?' do
context 'when env var is set to true' do context 'when configuration is set to true' do
around do |example| around do |example|
ClimateControl.modify OMNIAUTH_ONLY: 'true' do original = Rails.configuration.x.omniauth.only
example.run Rails.configuration.x.omniauth.only = true
end example.run
Rails.configuration.x.omniauth.only = original
end end
it 'returns true' do it 'returns true' do
@ -118,11 +120,12 @@ describe ApplicationHelper do
end end
end end
context 'when env var is not set' do context 'when configuration is false' do
around do |example| around do |example|
ClimateControl.modify OMNIAUTH_ONLY: nil do original = Rails.configuration.x.omniauth.only
example.run Rails.configuration.x.omniauth.only = false
end example.run
Rails.configuration.x.omniauth.only = original
end end
it 'returns false' do it 'returns false' do

View file

@ -129,15 +129,15 @@ describe 'OmniAuth callbacks' do
end end
end end
describe '#openid_connect', if: ENV['OIDC_ENABLED'] == 'true' && ENV['OIDC_SCOPE'].present? do describe '#openid_connect', if: Rails.configuration.x.omniauth.oidc_enabled && ENV['OIDC_SCOPE'].present? do
include_examples 'omniauth provider callbacks', :openid_connect include_examples 'omniauth provider callbacks', :openid_connect
end end
describe '#cas', if: ENV['CAS_ENABLED'] == 'true' do describe '#cas', if: Rails.configuration.x.omniauth.cas_enabled do
include_examples 'omniauth provider callbacks', :cas include_examples 'omniauth provider callbacks', :cas
end end
describe '#saml', if: ENV['SAML_ENABLED'] == 'true' do describe '#saml', if: Rails.configuration.x.omniauth.saml_enabled do
include_examples 'omniauth provider callbacks', :saml include_examples 'omniauth provider callbacks', :saml
end end
end end