mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-05 19:59:37 -06:00
chore: fix typo in DyamicClientSecretDurationSeconds
This commit is contained in:
Thomas Müller
@@ -70,9 +70,6 @@ type Client struct {
|
||||
}
|
||||
|
||||
type Settings struct {
|
||||
// don't change the order of elements in this struct
|
||||
// it needs to match github.com/libregraph/lico/bootstrap.Settings
|
||||
|
||||
Iss string `yaml:"iss" env:"OCIS_URL;OCIS_OIDC_ISSUER;IDP_ISS" desc:"The OIDC issuer URL to use." introductionVersion:"pre5.0"`
|
||||
|
||||
IdentityManager string `yaml:"identity_manager" env:"IDP_IDENTITY_MANAGER" desc:"The identity manager implementation to use. Supported identity managers are 'ldap', 'cs3', 'libregraph' and 'guest'." introductionVersion:"pre5.0"`
|
||||
@@ -115,8 +112,8 @@ type Settings struct {
|
||||
CookieNames []string
|
||||
CookieSameSite http.SameSite
|
||||
|
||||
AccessTokenDurationSeconds uint64 `yaml:"access_token_duration_seconds" env:"IDP_ACCESS_TOKEN_EXPIRATION" desc:"'Access token lifespan in seconds (time before an access token is expired).'" introductionVersion:"pre5.0"`
|
||||
IDTokenDurationSeconds uint64 `yaml:"id_token_duration_seconds" env:"IDP_ID_TOKEN_EXPIRATION" desc:"ID token lifespan in seconds (time before an ID token is expired)." introductionVersion:"pre5.0"`
|
||||
RefreshTokenDurationSeconds uint64 `yaml:"refresh_token_duration_seconds" env:"IDP_REFRESH_TOKEN_EXPIRATION" desc:"Refresh token lifespan in seconds (time before an refresh token is expired). This also limits the duration of an idle offline session." introductionVersion:"pre5.0"`
|
||||
DyamicClientSecretDurationSeconds uint64 `yaml:"dynamic_client_secret_duration_seconds" env:"IDP_DYNAMIC_CLIENT_SECRET_DURATION" desc:"Lifespan in seconds of a dynamically registered OIDC client." introductionVersion:"pre5.0"`
|
||||
AccessTokenDurationSeconds uint64 `yaml:"access_token_duration_seconds" env:"IDP_ACCESS_TOKEN_EXPIRATION" desc:"'Access token lifespan in seconds (time before an access token is expired).'" introductionVersion:"pre5.0"`
|
||||
IDTokenDurationSeconds uint64 `yaml:"id_token_duration_seconds" env:"IDP_ID_TOKEN_EXPIRATION" desc:"ID token lifespan in seconds (time before an ID token is expired)." introductionVersion:"pre5.0"`
|
||||
RefreshTokenDurationSeconds uint64 `yaml:"refresh_token_duration_seconds" env:"IDP_REFRESH_TOKEN_EXPIRATION" desc:"Refresh token lifespan in seconds (time before an refresh token is expired). This also limits the duration of an idle offline session." introductionVersion:"pre5.0"`
|
||||
DynamicClientSecretDurationSeconds uint64 `yaml:"dynamic_client_secret_duration_seconds" env:"IDP_DYNAMIC_CLIENT_SECRET_DURATION" desc:"Lifespan in seconds of a dynamically registered OIDC client." introductionVersion:"pre5.0"`
|
||||
}
|
||||
|
||||
@@ -38,38 +38,38 @@ func DefaultConfig() *config.Config {
|
||||
Name: "idp",
|
||||
},
|
||||
IDP: config.Settings{
|
||||
Iss: "https://localhost:9200",
|
||||
IdentityManager: "ldap",
|
||||
URIBasePath: "",
|
||||
SignInURI: "",
|
||||
SignedOutURI: "",
|
||||
AuthorizationEndpointURI: "",
|
||||
EndsessionEndpointURI: "",
|
||||
Insecure: false,
|
||||
TrustedProxy: nil,
|
||||
AllowScope: nil,
|
||||
AllowClientGuests: false,
|
||||
AllowDynamicClientRegistration: false,
|
||||
EncryptionSecretFile: filepath.Join(defaults.BaseDataPath(), "idp", "encryption.key"),
|
||||
Listen: "",
|
||||
IdentifierClientDisabled: true,
|
||||
IdentifierClientPath: filepath.Join(defaults.BaseDataPath(), "idp"),
|
||||
IdentifierRegistrationConf: filepath.Join(defaults.BaseDataPath(), "idp", "tmp", "identifier-registration.yaml"),
|
||||
IdentifierScopesConf: "",
|
||||
IdentifierDefaultBannerLogo: "",
|
||||
IdentifierDefaultSignInPageText: "",
|
||||
IdentifierDefaultUsernameHintText: "",
|
||||
SigningKid: "private-key",
|
||||
SigningMethod: "PS256",
|
||||
SigningPrivateKeyFiles: []string{filepath.Join(defaults.BaseDataPath(), "idp", "private-key.pem")},
|
||||
ValidationKeysPath: "",
|
||||
CookieBackendURI: "",
|
||||
CookieNames: nil,
|
||||
CookieSameSite: http.SameSiteStrictMode,
|
||||
AccessTokenDurationSeconds: 60 * 5, // 5 minutes
|
||||
IDTokenDurationSeconds: 60 * 5, // 5 minutes
|
||||
RefreshTokenDurationSeconds: 60 * 60 * 24 * 30, // 30 days
|
||||
DyamicClientSecretDurationSeconds: 0,
|
||||
Iss: "https://localhost:9200",
|
||||
IdentityManager: "ldap",
|
||||
URIBasePath: "",
|
||||
SignInURI: "",
|
||||
SignedOutURI: "",
|
||||
AuthorizationEndpointURI: "",
|
||||
EndsessionEndpointURI: "",
|
||||
Insecure: false,
|
||||
TrustedProxy: nil,
|
||||
AllowScope: nil,
|
||||
AllowClientGuests: false,
|
||||
AllowDynamicClientRegistration: false,
|
||||
EncryptionSecretFile: filepath.Join(defaults.BaseDataPath(), "idp", "encryption.key"),
|
||||
Listen: "",
|
||||
IdentifierClientDisabled: true,
|
||||
IdentifierClientPath: filepath.Join(defaults.BaseDataPath(), "idp"),
|
||||
IdentifierRegistrationConf: filepath.Join(defaults.BaseDataPath(), "idp", "tmp", "identifier-registration.yaml"),
|
||||
IdentifierScopesConf: "",
|
||||
IdentifierDefaultBannerLogo: "",
|
||||
IdentifierDefaultSignInPageText: "",
|
||||
IdentifierDefaultUsernameHintText: "",
|
||||
SigningKid: "private-key",
|
||||
SigningMethod: "PS256",
|
||||
SigningPrivateKeyFiles: []string{filepath.Join(defaults.BaseDataPath(), "idp", "private-key.pem")},
|
||||
ValidationKeysPath: "",
|
||||
CookieBackendURI: "",
|
||||
CookieNames: nil,
|
||||
CookieSameSite: http.SameSiteStrictMode,
|
||||
AccessTokenDurationSeconds: 60 * 5, // 5 minutes
|
||||
IDTokenDurationSeconds: 60 * 5, // 5 minutes
|
||||
RefreshTokenDurationSeconds: 60 * 60 * 24 * 30, // 30 days
|
||||
DynamicClientSecretDurationSeconds: 0,
|
||||
},
|
||||
Clients: []config.Client{
|
||||
{
|
||||
|
||||
@@ -79,8 +79,41 @@ func NewService(opts ...Option) Service {
|
||||
libreGraphBackendSupport.MustRegister()
|
||||
}
|
||||
|
||||
// https://play.golang.org/p/Mh8AVJCd593
|
||||
idpSettings := bootstrap.Settings(options.Config.IDP)
|
||||
idpSettings := bootstrap.Settings{
|
||||
Iss: options.Config.IDP.Iss,
|
||||
IdentityManager: options.Config.IDP.IdentityManager,
|
||||
URIBasePath: options.Config.IDP.URIBasePath,
|
||||
SignInURI: options.Config.IDP.SignInURI,
|
||||
SignedOutURI: options.Config.IDP.SignedOutURI,
|
||||
AuthorizationEndpointURI: options.Config.IDP.AuthorizationEndpointURI,
|
||||
EndsessionEndpointURI: options.Config.IDP.EndsessionEndpointURI,
|
||||
Insecure: options.Config.IDP.Insecure,
|
||||
TrustedProxy: options.Config.IDP.TrustedProxy,
|
||||
AllowScope: options.Config.IDP.AllowScope,
|
||||
AllowClientGuests: options.Config.IDP.AllowClientGuests,
|
||||
AllowDynamicClientRegistration: options.Config.IDP.AllowDynamicClientRegistration,
|
||||
EncryptionSecretFile: options.Config.IDP.EncryptionSecretFile,
|
||||
Listen: options.Config.IDP.Listen,
|
||||
IdentifierClientDisabled: options.Config.IDP.IdentifierClientDisabled,
|
||||
IdentifierClientPath: options.Config.IDP.IdentifierClientPath,
|
||||
IdentifierRegistrationConf: options.Config.IDP.IdentifierRegistrationConf,
|
||||
IdentifierScopesConf: options.Config.IDP.IdentifierScopesConf,
|
||||
IdentifierDefaultBannerLogo: options.Config.IDP.IdentifierDefaultBannerLogo,
|
||||
IdentifierDefaultSignInPageText: options.Config.IDP.IdentifierDefaultSignInPageText,
|
||||
IdentifierDefaultUsernameHintText: options.Config.IDP.IdentifierDefaultUsernameHintText,
|
||||
IdentifierUILocales: options.Config.IDP.IdentifierUILocales,
|
||||
SigningKid: options.Config.IDP.SigningKid,
|
||||
SigningMethod: options.Config.IDP.SigningMethod,
|
||||
SigningPrivateKeyFiles: options.Config.IDP.SigningPrivateKeyFiles,
|
||||
ValidationKeysPath: options.Config.IDP.ValidationKeysPath,
|
||||
CookieBackendURI: options.Config.IDP.CookieBackendURI,
|
||||
CookieNames: options.Config.IDP.CookieNames,
|
||||
CookieSameSite: options.Config.IDP.CookieSameSite,
|
||||
AccessTokenDurationSeconds: options.Config.IDP.AccessTokenDurationSeconds,
|
||||
IDTokenDurationSeconds: options.Config.IDP.IDTokenDurationSeconds,
|
||||
RefreshTokenDurationSeconds: options.Config.IDP.RefreshTokenDurationSeconds,
|
||||
DyamicClientSecretDurationSeconds: options.Config.IDP.DynamicClientSecretDurationSeconds,
|
||||
}
|
||||
bs, err := bootstrap.Boot(ctx, &idpSettings, &licoconfig.Config{
|
||||
Logger: log.LogrusWrap(logger),
|
||||
})
|
||||
@@ -179,7 +212,7 @@ func initLicoInternalLDAPEnvVars(ldap *config.Ldap) error {
|
||||
|
||||
if ldap.UserEnabledAttribute != "" {
|
||||
// Using a (!(enabled=FALSE)) filter here to allow user without
|
||||
// any value for the enable flag to login
|
||||
// any value for the enable flag to log in
|
||||
filter += fmt.Sprintf("(!(%s=FALSE))", ldap.UserEnabledAttribute)
|
||||
needsAnd = true
|
||||
}
|
||||
@@ -225,7 +258,7 @@ type IDP struct {
|
||||
tp trace.TracerProvider
|
||||
}
|
||||
|
||||
// initMux initializes the internal idp gorilla mux and mounts it in to a ocis chi-router
|
||||
// initMux initializes the internal idp gorilla mux and mounts it in to an ocis chi-router
|
||||
func (idp *IDP) initMux(ctx context.Context, r []server.WithRoutes, h http.Handler, options Options) {
|
||||
gm := mux.NewRouter()
|
||||
for _, route := range r {
|
||||
|
||||
Reference in New Issue
Block a user