local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 53 Pull requests 1 Projects 2 Releases 3 Packages 1 Activity Actions

Compare commits

base: local-it:dab038cba0c870c015625919e924fe92737b5219
Branches Tags
local-it:main
local-it:feature/ux_button_concistency
local-it:try-timeouts-on-drone-pipeline
local-it:persist-sort-order
local-it:feature/128_playwright_a11y_test
local-it:1.1.1
local-it:1.1.0
local-it:1.0.0
..
compare: local-it:c4b07d68e7d80266786809c3988da5c1082f9f45
Branches Tags
local-it:main
local-it:feature/ux_button_concistency
local-it:try-timeouts-on-drone-pipeline
local-it:persist-sort-order
local-it:feature/128_playwright_a11y_test
local-it:1.1.1
local-it:1.1.0
local-it:1.0.0

3 commits
dab038cba0 ... c4b07d68e7

Author SHA1 Message Date
Renovate Bot
c4b07d68e7 chore(deps): update renovate/renovate docker tag to v43
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-03-03 00:08:55 +00:00
moritz
f3be6ee198 Merge pull request '[Bug] OIDC: use Application config :oidc from runtime.exs for client secret in prod' (#456) from fix/oidc into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #456
 2026-03-02 15:18:08 +01:00
Moritz
3187d408c5
OIDC: use Application config :oidc from runtime.exs for client secret in prod
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/promote/production Build is passing
Details
2026-03-02 15:09:33 +01:00
2 changed files with 23 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.drone.yml
View file

@ -273,7 +273,7 @@ environment:
steps: steps:
- name: renovate - name: renovate
image: renovate/renovate:43.46 image: renovate/renovate:43.48
environment: environment:
RENOVATE_CONFIG_FILE: "renovate_backend_config.js" RENOVATE_CONFIG_FILE: "renovate_backend_config.js"
RENOVATE_TOKEN: RENOVATE_TOKEN:

25
lib/mv/config.ex
View file

@ -360,13 +360,29 @@ defmodule Mv.Config do
end end
@doc """ @doc """
Returns the OIDC client secret. ENV first, then Settings. Returns the OIDC client secret.
In production, uses the value from config :mv, :oidc (set by runtime.exs from OIDC_CLIENT_SECRET or OIDC_CLIENT_SECRET_FILE).
Otherwise ENV OIDC_CLIENT_SECRET, then Settings.
""" """
@spec oidc_client_secret() :: String.t() | nil @spec oidc_client_secret() :: String.t() | nil
def oidc_client_secret do def oidc_client_secret do
env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret) case Application.get_env(:mv, :oidc) do
oidc when is_list(oidc) -> oidc_client_secret_from_config(Keyword.get(oidc, :client_secret))
_ -> env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
end
end end
defp oidc_client_secret_from_config(nil),
do: env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
defp oidc_client_secret_from_config(secret) when is_binary(secret) do
s = String.trim(secret)
if s != "", do: s, else: env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
end
defp oidc_client_secret_from_config(_),
do: env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
@doc """ @doc """
Returns the OIDC admin group name (for role sync). ENV first, then Settings. Returns the OIDC admin group name (for role sync). ENV first, then Settings.
""" """
@ -426,7 +442,10 @@ defmodule Mv.Config do
def oidc_client_id_env_set?, do: env_set?("OIDC_CLIENT_ID") def oidc_client_id_env_set?, do: env_set?("OIDC_CLIENT_ID")
def oidc_base_url_env_set?, do: env_set?("OIDC_BASE_URL") def oidc_base_url_env_set?, do: env_set?("OIDC_BASE_URL")
def oidc_redirect_uri_env_set?, do: env_set?("OIDC_REDIRECT_URI") def oidc_redirect_uri_env_set?, do: env_set?("OIDC_REDIRECT_URI")
def oidc_client_secret_env_set?, do: env_set?("OIDC_CLIENT_SECRET")
def oidc_client_secret_env_set?,
do: env_set?("OIDC_CLIENT_SECRET") or env_set?("OIDC_CLIENT_SECRET_FILE")
def oidc_admin_group_name_env_set?, do: env_set?("OIDC_ADMIN_GROUP_NAME") def oidc_admin_group_name_env_set?, do: env_set?("OIDC_ADMIN_GROUP_NAME")
def oidc_groups_claim_env_set?, do: env_set?("OIDC_GROUPS_CLAIM") def oidc_groups_claim_env_set?, do: env_set?("OIDC_GROUPS_CLAIM")
def oidc_only_env_set?, do: env_set?("OIDC_ONLY") def oidc_only_env_set?, do: env_set?("OIDC_ONLY")