feat: OIDC configuration in global Settings (ENV or DB)

- Add oidc_* attributes to Setting, migration and Config helpers - Secrets and OidcRoleSyncConfig read from Config (ENV overrides DB) - GlobalSettingsLive: OIDC section with disabled fields when ENV set - OIDC role sync tests use DataCase for DB access
2026-02-24 13:55:19 +01:00 · 2026-02-24 13:55:19 +01:00 · 8edbbac95f
commit 8edbbac95f
parent f29bbb02a2
8 changed files with 487 additions and 136 deletions
--- a/priv/repo/migrations/20260224122831_add_oidc_to_settings.exs
+++ b/priv/repo/migrations/20260224122831_add_oidc_to_settings.exs
@ -0,0 +1,29 @@
+defmodule Mv.Repo.Migrations.AddOidcToSettings do
+  @moduledoc """
+  Adds OIDC configuration columns to settings (ENV-overridable in UI).
+  """
+
+  use Ecto.Migration
+
+  def up do
+    alter table(:settings) do
+      add :oidc_client_id, :string
+      add :oidc_base_url, :string
+      add :oidc_redirect_uri, :string
+      add :oidc_client_secret, :string
+      add :oidc_admin_group_name, :string
+      add :oidc_groups_claim, :string
+    end
+  end
+
+  def down do
+    alter table(:settings) do
+      remove :oidc_client_id
+      remove :oidc_base_url
+      remove :oidc_redirect_uri
+      remove :oidc_client_secret
+      remove :oidc_admin_group_name
+      remove :oidc_groups_claim
+    end
+  end
+end
--- a/priv/resource_snapshots/repo/settings/20260224122831.json
+++ b/priv/resource_snapshots/repo/settings/20260224122831.json
@ -0,0 +1,164 @@
+{
+  "attributes": [
+    {
+      "allow_nil?": false,
+      "default": "fragment(\"gen_random_uuid()\")",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": true,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "id",
+      "type": "uuid"
+    },
+    {
+      "allow_nil?": false,
+      "default": "nil",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "club_name",
+      "type": "text"
+    },
+    {
+      "allow_nil?": true,
+      "default": "nil",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "member_field_visibility",
+      "type": "map"
+    },
+    {
+      "allow_nil?": true,
+      "default": "nil",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "member_field_required",
+      "type": "map"
+    },
+    {
+      "allow_nil?": false,
+      "default": "true",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "include_joining_cycle",
+      "type": "boolean"
+    },
+    {
+      "allow_nil?": true,
+      "default": "nil",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "default_membership_fee_type_id",
+      "type": "uuid"
+    },
+    {
+      "allow_nil?": true,
+      "default": "nil",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "vereinfacht_api_url",
+      "type": "text"
+    },
+    {
+      "allow_nil?": true,
+      "default": "nil",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "vereinfacht_api_key",
+      "type": "text"
+    },
+    {
+      "allow_nil?": true,
+      "default": "nil",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "vereinfacht_club_id",
+      "type": "text"
+    },
+    {
+      "allow_nil?": true,
+      "default": "nil",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "vereinfacht_app_url",
+      "type": "text"
+    },
+    {
+      "allow_nil?": false,
+      "default": "fragment(\"(now() AT TIME ZONE 'utc')\")",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "inserted_at",
+      "type": "utc_datetime_usec"
+    },
+    {
+      "allow_nil?": false,
+      "default": "fragment(\"(now() AT TIME ZONE 'utc')\")",
+      "generated?": false,
+      "precision": null,
+      "primary_key?": false,
+      "references": null,
+      "scale": null,
+      "size": null,
+      "source": "updated_at",
+      "type": "utc_datetime_usec"
+    }
+  ],
+  "base_filter": null,
+  "check_constraints": [],
+  "create_table_options": null,
+  "custom_indexes": [],
+  "custom_statements": [],
+  "has_create_action": true,
+  "hash": "C84FC81A2A446451D6B5EA72F9BBB3593CD7F0D71C4B7C9CE04934414FDB52EB",
+  "identities": [],
+  "multitenancy": {
+    "attribute": null,
+    "global": null,
+    "strategy": null
+  },
+  "repo": "Elixir.Mv.Repo",
+  "schema": null,
+  "table": "settings"
+}