local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 60 Pull requests 4 Projects 2 Releases Packages 1 Activity Actions

Config: oidc_configured?/0, oidc_only?/0, OIDC_ONLY ENV and settings fallback

Browse source
This commit is contained in:
Moritz 2026-02-24 15:07:41 +01:00
parent e775fe118b
commit 4b31578f6c
Signed by: moritz
GPG key ID: 1020A035E5DD0824
1 changed files with 56 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

57
lib/mv/config.ex
View file

@ -262,6 +262,20 @@ defmodule Mv.Config do
end end
end end
defp env_or_setting_bool(env_key, setting_key) do
case System.get_env(env_key) do
nil ->
get_from_settings_bool(setting_key)
value when is_binary(value) ->
v = String.trim(value) |> String.downcase()
v in ["true", "1", "yes"]
_ ->
false
end
end
defp get_vereinfacht_from_settings(key) do defp get_vereinfacht_from_settings(key) do
get_from_settings(key) get_from_settings(key)
end end
@ -273,6 +287,19 @@ defmodule Mv.Config do
end end
end end
defp get_from_settings_bool(key) do
case Mv.Membership.get_settings() do
{:ok, settings} ->
case Map.get(settings, key) do
true -> true
_ -> false
end
{:error, _} ->
false
end
end
defp trim_nil(nil), do: nil defp trim_nil(nil), do: nil
defp trim_nil(s) when is_binary(s) do defp trim_nil(s) when is_binary(s) do
@ -366,7 +393,34 @@ defmodule Mv.Config do
def oidc_env_configured? do def oidc_env_configured? do
oidc_client_id_env_set?() or oidc_base_url_env_set?() or oidc_client_id_env_set?() or oidc_base_url_env_set?() or
oidc_redirect_uri_env_set?() or oidc_client_secret_env_set?() or oidc_redirect_uri_env_set?() or oidc_client_secret_env_set?() or
oidc_admin_group_name_env_set?() or oidc_groups_claim_env_set?() oidc_admin_group_name_env_set?() or oidc_groups_claim_env_set?() or
oidc_only_env_set?()
end
@doc """
Returns true when OIDC is configured and can be used for sign-in (client ID, base URL,
redirect URI, and client secret must be set). Used to show or hide the Single Sign-On button on the
sign-in page. Without client secret, the OIDC flow fails with MissingSecret; without redirect_uri,
the OIDC Plug crashes with URI.new(nil).
"""
@spec oidc_configured?() :: boolean()
def oidc_configured? do
id = oidc_client_id()
base = oidc_base_url()
secret = oidc_client_secret()
redirect = oidc_redirect_uri()
present = &(is_binary(&1) and String.trim(&1) != "")
present.(id) and present.(base) and present.(secret) and present.(redirect)
end
@doc """
Returns true when only OIDC sign-in should be shown (password login hidden).
ENV OIDC_ONLY first (true/1/yes vs false/0/no), then Settings.oidc_only.
Only has effect when OIDC is configured; when false or OIDC not configured, both password and OIDC are shown as usual.
"""
@spec oidc_only?() :: boolean()
def oidc_only? do
env_or_setting_bool("OIDC_ONLY", :oidc_only)
end end
def oidc_client_id_env_set?, do: env_set?("OIDC_CLIENT_ID") def oidc_client_id_env_set?, do: env_set?("OIDC_CLIENT_ID")
@ -375,4 +429,5 @@ defmodule Mv.Config do
def oidc_client_secret_env_set?, do: env_set?("OIDC_CLIENT_SECRET") def oidc_client_secret_env_set?, do: env_set?("OIDC_CLIENT_SECRET")
def oidc_admin_group_name_env_set?, do: env_set?("OIDC_ADMIN_GROUP_NAME") def oidc_admin_group_name_env_set?, do: env_set?("OIDC_ADMIN_GROUP_NAME")
def oidc_groups_claim_env_set?, do: env_set?("OIDC_GROUPS_CLAIM") def oidc_groups_claim_env_set?, do: env_set?("OIDC_GROUPS_CLAIM")
def oidc_only_env_set?, do: env_set?("OIDC_ONLY")
end end