OIDC-only sign-in, Vereinfacht connection test, locale defaults, and settings/docs cleanup #445
1 changed files with 56 additions and 1 deletions
|
|
@ -262,6 +262,20 @@ defmodule Mv.Config do
|
|||
end
|
||||
end
|
||||
|
||||
defp env_or_setting_bool(env_key, setting_key) do
|
||||
case System.get_env(env_key) do
|
||||
nil ->
|
||||
get_from_settings_bool(setting_key)
|
||||
|
||||
value when is_binary(value) ->
|
||||
v = String.trim(value) |> String.downcase()
|
||||
v in ["true", "1", "yes"]
|
||||
|
||||
_ ->
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
defp get_vereinfacht_from_settings(key) do
|
||||
get_from_settings(key)
|
||||
end
|
||||
|
|
@ -273,6 +287,19 @@ defmodule Mv.Config do
|
|||
end
|
||||
end
|
||||
|
||||
defp get_from_settings_bool(key) do
|
||||
case Mv.Membership.get_settings() do
|
||||
{:ok, settings} ->
|
||||
case Map.get(settings, key) do
|
||||
true -> true
|
||||
_ -> false
|
||||
end
|
||||
|
||||
{:error, _} ->
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
defp trim_nil(nil), do: nil
|
||||
|
||||
defp trim_nil(s) when is_binary(s) do
|
||||
|
|
@ -366,7 +393,34 @@ defmodule Mv.Config do
|
|||
def oidc_env_configured? do
|
||||
oidc_client_id_env_set?() or oidc_base_url_env_set?() or
|
||||
oidc_redirect_uri_env_set?() or oidc_client_secret_env_set?() or
|
||||
oidc_admin_group_name_env_set?() or oidc_groups_claim_env_set?()
|
||||
oidc_admin_group_name_env_set?() or oidc_groups_claim_env_set?() or
|
||||
oidc_only_env_set?()
|
||||
end
|
||||
|
||||
@doc """
|
||||
Returns true when OIDC is configured and can be used for sign-in (client ID, base URL,
|
||||
redirect URI, and client secret must be set). Used to show or hide the Single Sign-On button on the
|
||||
sign-in page. Without client secret, the OIDC flow fails with MissingSecret; without redirect_uri,
|
||||
the OIDC Plug crashes with URI.new(nil).
|
||||
"""
|
||||
@spec oidc_configured?() :: boolean()
|
||||
def oidc_configured? do
|
||||
id = oidc_client_id()
|
||||
base = oidc_base_url()
|
||||
secret = oidc_client_secret()
|
||||
redirect = oidc_redirect_uri()
|
||||
present = &(is_binary(&1) and String.trim(&1) != "")
|
||||
present.(id) and present.(base) and present.(secret) and present.(redirect)
|
||||
end
|
||||
|
||||
@doc """
|
||||
Returns true when only OIDC sign-in should be shown (password login hidden).
|
||||
ENV OIDC_ONLY first (true/1/yes vs false/0/no), then Settings.oidc_only.
|
||||
Only has effect when OIDC is configured; when false or OIDC not configured, both password and OIDC are shown as usual.
|
||||
"""
|
||||
@spec oidc_only?() :: boolean()
|
||||
def oidc_only? do
|
||||
env_or_setting_bool("OIDC_ONLY", :oidc_only)
|
||||
end
|
||||
|
||||
def oidc_client_id_env_set?, do: env_set?("OIDC_CLIENT_ID")
|
||||
|
|
@ -375,4 +429,5 @@ defmodule Mv.Config do
|
|||
def oidc_client_secret_env_set?, do: env_set?("OIDC_CLIENT_SECRET")
|
||||
def oidc_admin_group_name_env_set?, do: env_set?("OIDC_ADMIN_GROUP_NAME")
|
||||
def oidc_groups_claim_env_set?, do: env_set?("OIDC_GROUPS_CLAIM")
|
||||
def oidc_only_env_set?, do: env_set?("OIDC_ONLY")
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue