mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-05 19:59:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #49 from opencloud-eu/invitations

Browse Source 
invitations
This commit is contained in:
Andre Duffeck
2025-01-17 08:17:19 +01:00
committed by GitHub
parent 98adba403b 34a3598747
commit c9d66c6f97
4 changed files with 31 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/keycloak/client.go
View File

@@ -13,8 +13,8 @@ import (
// Some attribute constants.
// TODO: Make these configurable in the future.
const (
_idAttr = "OWNCLOUD_ID"
_userTypeAttr = "OWNCLOUD_USER_TYPE"
_idAttr = "OPENCLOUD_ID"
_userTypeAttr = "OPENCLOUD_USER_TYPE"
)
// ConcreteClient represents a concrete implementation of a keycloak client

8
services/invitations/README.md
View File

@@ -19,7 +19,7 @@ The default and currently only available backend used to handle invitations is [
<!--- Note that the link below must be an absolute URL and not a relative file path --->
See the [example configuration json file](https://github.com/owncloud/ocis/blob/master/services/invitations/md-sources/example-realm.json) of a Keycloak realm the backend will work with. This file includes the `invitations` client, which is relevant for this service.
See the [example configuration json file](https://github.com/opencloud-eu/opencloud/blob/master/services/invitations/md-sources/example-realm.json) of a Keycloak realm the backend will work with. This file includes the `invitations` client, which is relevant for this service.
To use the example json, set the `INVITATIONS_KEYCLOAK_CLIENT_ID` setting to `invitations`, though any other client ID can be configured.
@@ -27,7 +27,7 @@ Importing this example into Keycloak will give you a realm that federates with a
clients configured and all mappers correctly set. Be sure to set all the credentials after the import,
as they will be disabled.
The most relevant bits are the mappers for the `OWNCLOUD_ID` and `OWNCLOUD_USER_TYPE` user properties.
The most relevant bits are the mappers for the `OPENCLOUD_ID` and `OPENCLOUD_USER_TYPE` user properties.
## Backend Configuration
@@ -36,8 +36,8 @@ After Keycloak has been configured, the invitation service needs to be configure
* `INVITATIONS_KEYCLOAK_BASE_PATH`: The URL to access Keycloak.
* `INVITATIONS_KEYCLOAK_CLIENT_ID`: The client ID of the client to use. In the above example, `invitations` is used.
* `INVITATIONS_KEYCLOAK_CLIENT_SECRET`: The client secret used to authenticate. This can be found in the Keycloak UI.
* `INVITATIONS_KEYCLOAK_CLIENT_REALM`: The realm where the client was added. In the example above, `ocis` is used.
* `INVITATIONS_KEYCLOAK_USER_REALM`: The realm where to add the users. In the example above, `ocis` is used.
* `INVITATIONS_KEYCLOAK_CLIENT_REALM`: The realm where the client was added. In the example above, `opencloud` is used.
* `INVITATIONS_KEYCLOAK_USER_REALM`: The realm where to add the users. In the example above, `opencloud` is used.
* `INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY`: If set to true, the verification of the Keycloak HTTPS certificate is skipped. This is not recommended in production environments.
## Bridging Provisioning Delay

46
services/invitations/md-sources/example-realm.json
View File

@@ -1,6 +1,6 @@
{
"id": "c59e5222-f0b8-4169-a7a2-0cb6bfed8d33",
"realm": "ocis",
"realm": "opencloud",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
@@ -45,7 +45,7 @@
"failureFactor": 30,
"defaultRole": {
"id": "66d42d82-e003-4dca-931d-ac25fe27fcdc",
"name": "default-roles-ocis",
"name": "default-roles-opencloud",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
@@ -129,13 +129,13 @@
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/ocis/account/",
"baseUrl": "/realms/opencloud/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/realms/ocis/account/*"
"/realms/opencloud/account/*"
],
"webOrigins": [],
"notBefore": 0,
@@ -173,13 +173,13 @@
"clientId": "account-console",
"name": "${client_account-console}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/ocis/account/",
"baseUrl": "/realms/opencloud/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/realms/ocis/account/*"
"/realms/opencloud/account/*"
],
"webOrigins": [],
"notBefore": 0,
@@ -656,13 +656,13 @@
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"rootUrl": "${authAdminUrl}",
"baseUrl": "/admin/ocis/console/",
"baseUrl": "/admin/opencloud/console/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/admin/ocis/console/*"
"/admin/opencloud/console/*"
],
"webOrigins": [
"+"
@@ -718,17 +718,17 @@
{
"id": "06dc1405-3631-4714-b4b1-19580e7c0465",
"clientId": "web",
"name": "ownCloud Web",
"name": "OpenCloud Web",
"description": "",
"rootUrl": "https://ocis.schule.owncloud.works",
"adminUrl": "https://ocis.schule.owncloud.works",
"baseUrl": "https://ocis.schule.owncloud.works",
"rootUrl": "https://cloud.schule.opencloud.eu",
"adminUrl": "https://cloud.schule.opencloud.eu",
"baseUrl": "https://cloud.schule.opencloud.eu",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://ocis.schule.owncloud.works/*"
"https://cloud.schule.opencloud.eu/*"
],
"webOrigins": [
"+"
@@ -745,7 +745,7 @@
"protocol": "openid-connect",
"attributes": {
"oidc.ciba.grant.enabled": "false",
"post.logout.redirect.uris": "https://ocis.schule.owncloud.works/*",
"post.logout.redirect.uris": "https://cloud.schule.opencloud.eu/*",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"backchannel.logout.revoke.offline.tokens": "false"
@@ -934,7 +934,7 @@
"protocolMappers": [
{
"id": "596f067b-ae2f-4771-96c5-d0c3942b04da",
"name": "owncloud-uuid",
"name": "opencloud-uuid",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
@@ -945,7 +945,7 @@
"user.attribute": "LDAP_ID",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "ocis\\.user\\.uuid"
"claim.name": "opencloud\\.user\\.uuid"
}
}
]
@@ -1699,7 +1699,7 @@
"uid"
],
"groups.dn": [
"ou=groups,dc=owncloud,dc=com"
"ou=groups,dc=opencloud,dc=eu"
],
"mode": [
"LDAP_ONLY"
@@ -1821,7 +1821,7 @@
},
{
"id": "92aa0407-daed-4780-89b5-72b23f4ddbca",
"name": "owncloud-uuid",
"name": "opencloud-uuid",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
@@ -1844,13 +1844,13 @@
"false"
],
"user.model.attribute": [
"OWNCLOUD_ID"
"OPENCLOUD_ID"
]
}
},
{
"id": "b5d0c6e6-2b2c-4403-ba2f-7e7ea711cbdc",
"name": "owncloud-usertype",
"name": "opencloud-usertype",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
@@ -1876,7 +1876,7 @@
"true"
],
"user.model.attribute": [
"OWNCLOUD_USER_TYPE"
"OPENCLOUD_USER_TYPE"
]
}
}
@@ -1896,7 +1896,7 @@
"false"
],
"usersDn": [
"ou=users,dc=owncloud,dc=com"
"ou=users,dc=opencloud,dc=eu"
],
"cachePolicy": [
"EVICT_DAILY"
@@ -1923,7 +1923,7 @@
"-1"
],
"bindDn": [
"cn=admin,dc=owncloud,dc=com"
"cn=admin,dc=opencloud,dc=eu"
],
"lastSync": [
"1679575179"

4
services/invitations/pkg/command/root.go
View File

@@ -22,11 +22,11 @@ func GetCommands(cfg *config.Config) cli.Commands {
}
}
// Execute is the entry point for the ocis invitations command.
// Execute is the entry point for the opencloud invitations command.
func Execute(cfg *config.Config) error {
app := clihelper.DefaultApp(&cli.App{
Name: "invitations",
Usage: "Serve invitations API for oCIS",
Usage: "Serve invitations API for OpenCloud",
Commands: GetCommands(cfg),
})