diff options
| author | David Yip <yipdw@member.fsf.org> | 2018-02-04 16:36:19 -0600 |
|---|---|---|
| committer | David Yip <yipdw@member.fsf.org> | 2018-02-04 16:36:19 -0600 |
| commit | a6fb1c58eead1357a307813c69f798f32bcf7cae (patch) | |
| tree | d56d2721705d86a925279a737943cbaa28a60979 /config | |
| parent | 530fcc1c14d2b7a38c1b734c0b18955f109f0f20 (diff) | |
| parent | 38e0133e1b01c21a710111097102a6eb205b9b9b (diff) | |
Merge remote-tracking branch 'origin/master' into merge-upstream
Conflicts: .env.production.sample app/controllers/auth/confirmations_controller.rb db/schema.rb
Diffstat (limited to 'config')
| -rw-r--r-- | config/i18n-tasks.yml | 1 | ||||
| -rw-r--r-- | config/initializers/devise.rb | 27 | ||||
| -rw-r--r-- | config/initializers/omniauth.rb | 59 | ||||
| -rw-r--r-- | config/locales/en.yml | 8 | ||||
| -rw-r--r-- | config/locales/fr.yml | 2 | ||||
| -rw-r--r-- | config/locales/pl.yml | 3 | ||||
| -rw-r--r-- | config/locales/pt-BR.yml | 3 | ||||
| -rw-r--r-- | config/routes.rb | 2 | ||||
| -rw-r--r-- | config/settings.yml | 1 |
9 files changed, 88 insertions, 18 deletions
diff --git a/config/i18n-tasks.yml b/config/i18n-tasks.yml index 9e1b620f5..62e78556f 100644 --- a/config/i18n-tasks.yml +++ b/config/i18n-tasks.yml @@ -46,6 +46,7 @@ ignore_missing: - 'terms.body_html' - 'application_mailer.salutation' - 'errors.500' + - 'auth.providers.*' ignore_unused: - 'activemodel.errors.*' diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index f2f7f1ba3..ba7ad9e6c 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -315,22 +315,13 @@ Devise.setup do |config| # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' - # PAM: only look for email field - config.usernamefield = nil - config.emailfield = "email" - - # authentication with pam possible - # if not enabled, all pam settings are ignored - #config.pam_authentication = true - # check if email is actually a username - config.check_at_sign = true - # suffix for email address generation (warning: without pam must provide email in the pam environment) - config.pam_default_suffix = "pam" - # name of the pam service - # pam "auth" section is evaluated - config.pam_default_service = "rpam" - # name of the pam service used for checking if an user can register - # pam "account" section is evaluated - # nil for allowing registration of pam names (not recommended) - config.pam_controlled_service = "rpam" + if ENV['PAM_ENABLED'] == 'true' + config.pam_authentication = true + config.usernamefield = nil + config.emailfield = 'email' + config.check_at_sign = true + config.pam_default_suffix = ENV.fetch('PAM_DEFAULT_SUFFIX') { nil } + config.pam_default_service = ENV.fetch('PAM_DEFAULT_SERVICE') { 'rpam' } + config.pam_controlled_service = ENV.fetch('PAM_CONTROLLED_SERVICE') { 'rpam' } + end end diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb new file mode 100644 index 000000000..97f32c0a4 --- /dev/null +++ b/config/initializers/omniauth.rb @@ -0,0 +1,59 @@ +Rails.application.config.middleware.use OmniAuth::Builder do + # Vanilla omniauth stategies +end + +Devise.setup do |config| + # Devise omniauth strategies + + # CAS strategy + if ENV['CAS_ENABLED'] == 'true' + cas_options = {} + cas_options[:url] = ENV['CAS_URL'] if ENV['CAS_URL'] + cas_options[:host] = ENV['CAS_HOST'] if ENV['CAS_HOST'] + cas_options[:port] = ENV['CAS_PORT'] if ENV['CAS_PORT'] + cas_options[:ssl] = ENV['CAS_SSL'] == 'true' if ENV['CAS_SSL'] + cas_options[:validate_url] = ENV['CAS_VALIDATE_URL'] if ENV['CAS_VALIDATE_URL'] + cas_options[:callback_url] = ENV['CAS_CALLBACK_URL'] if ENV['CAS_CALLBACK_URL'] + cas_options[:logout_url] = ENV['CAS_LOGOUT_URL'] if ENV['CAS_LOGOUT_URL'] + cas_options[:login_url] = ENV['CAS_LOGIN_URL'] if ENV['CAS_LOGIN_URL'] + cas_options[:uid_field] = ENV['CAS_UID_FIELD'] || 'user' if ENV['CAS_UID_FIELD'] + cas_options[:ca_path] = ENV['CAS_CA_PATH'] if ENV['CAS_CA_PATH'] + cas_options[:disable_ssl_verification] = ENV['CAS_DISABLE_SSL_VERIFICATION'] == 'true' if ENV['CAS_DISABLE_SSL_VERIFICATION'] + cas_options[:uid_key] = ENV['CAS_UID_KEY'] || 'user' + cas_options[:name_key] = ENV['CAS_NAME_KEY'] || 'name' + cas_options[:email_key] = ENV['CAS_EMAIL_KEY'] || 'email' + cas_options[:nickname_key] = ENV['CAS_NICKNAME_KEY'] || 'nickname' + cas_options[:first_name_key] = ENV['CAS_FIRST_NAME_KEY'] || 'firstname' + cas_options[:last_name_key] = ENV['CAS_LAST_NAME_KEY'] || 'lastname' + cas_options[:location_key] = ENV['CAS_LOCATION_KEY'] || 'location' + cas_options[:image_key] = ENV['CAS_IMAGE_KEY'] || 'image' + cas_options[:phone_key] = ENV['CAS_PHONE_KEY'] || 'phone' + config.omniauth :cas, cas_options + end + + # SAML strategy + if ENV['SAML_ENABLED'] == 'true' + saml_options = {} + saml_options[:assertion_consumer_service_url] = ENV['SAML_ACS_URL'] if ENV['SAML_ACS_URL'] + saml_options[:issuer] = ENV['SAML_ISSUER'] if ENV['SAML_ISSUER'] + saml_options[:idp_sso_target_url] = ENV['SAML_IDP_SSO_TARGET_URL'] if ENV['SAML_IDP_SSO_TARGET_URL'] + saml_options[:idp_sso_target_url_runtime_params] = ENV['SAML_IDP_SSO_TARGET_PARAMS'] if ENV['SAML_IDP_SSO_TARGET_PARAMS'] # FIXME: Should be parsable Hash + saml_options[:idp_cert] = ENV['SAML_IDP_CERT'] if ENV['SAML_IDP_CERT'] + saml_options[:idp_cert_fingerprint] = ENV['SAML_IDP_CERT_FINGERPRINT'] if ENV['SAML_IDP_CERT_FINGERPRINT'] + saml_options[:idp_cert_fingerprint_validator] = ENV['SAML_IDP_CERT_FINGERPRINT_VALIDATOR'] if ENV['SAML_IDP_CERT_FINGERPRINT_VALIDATOR'] # FIXME: Should be Lambda { |fingerprint| } + saml_options[:name_identifier_format] = ENV['SAML_NAME_IDENTIFIER_FORMAT'] if ENV['SAML_NAME_IDENTIFIER_FORMAT'] + saml_options[:request_attributes] = {} + saml_options[:certificate] = ENV['SAML_CERT'] if ENV['SAML_CERT'] + saml_options[:private_key] = ENV['SAML_PRIVATE_KEY'] if ENV['SAML_PRIVATE_KEY'] + saml_options[:security] = {} + saml_options[:security][:want_assertions_signed] = ENV['SAML_SECURITY_WANT_ASSERTION_SIGNED'] == 'true' + saml_options[:security][:want_assertions_encrypted] = ENV['SAML_SECURITY_WANT_ASSERTION_ENCRYPTED'] == 'true' + saml_options[:attribute_statements] = {} + saml_options[:attribute_statements][:uid] = [ENV['SAML_ATTRIBUTES_STATEMENTS_UID']] if ENV['SAML_ATTRIBUTES_STATEMENTS_UID'] + saml_options[:attribute_statements][:email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL'] + saml_options[:attribute_statements][:full_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME'] + saml_options[:uid_attribute] = ENV['SAML_UID_ATTRIBUTE'] if ENV['SAML_UID_ATTRIBUTE'] + config.omniauth :saml, saml_options + end + +end diff --git a/config/locales/en.yml b/config/locales/en.yml index 7c3cd922b..5f9c0b3c5 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -290,6 +290,9 @@ en: open: desc_html: Allow anyone to create an account title: Open registration + show_known_fediverse_at_about_page: + desc_html: When toggled, it will show toots from all the known fediverse on preview. Otherwise it will only show local toots. + title: Show known fediverse on timeline preview show_staff_badge: desc_html: Show a staff badge on a user page title: Show staff badge @@ -355,6 +358,7 @@ en: auth: agreement_html: By signing up you agree to follow <a href="%{rules_path}">the rules of the instance</a> and <a href="%{terms_path}">our terms of service</a>. change_password: Security + confirm_email: Confirm email delete_account: Delete account delete_account_html: If you wish to delete your account, you can <a href="%{path}">proceed here</a>. You will be asked for confirmation. didnt_get_confirmation: Didn't receive confirmation instructions? @@ -364,6 +368,10 @@ en: logout: Logout migrate_account: Move to a different account migrate_account_html: If you wish to redirect this account to a different one, you can <a href="%{path}">configure it here</a>. + or_log_in_with: Or log in with + providers: + cas: CAS + saml: SAML register: Sign up resend_confirmation: Resend confirmation instructions reset_password: Reset password diff --git a/config/locales/fr.yml b/config/locales/fr.yml index b7be840a2..dcfa35802 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -355,6 +355,7 @@ fr: auth: agreement_html: En vous inscrivant, vous souscrivez <a href="%{rules_path}">aux règles de l’instance</a> et à <a href="%{terms_path}">nos conditions d’utilisation</a>. change_password: Sécurité + confirm_email: Confirmer mon adresse mail delete_account: Supprimer le compte delete_account_html: Si vous désirez supprimer votre compte, vous pouvez <a href="%{path}">cliquer ici</a>. Il vous sera demandé de confirmer cette action. didnt_get_confirmation: Vous n’avez pas reçu les consignes de confirmation ? @@ -364,6 +365,7 @@ fr: logout: Se déconnecter migrate_account: Déplacer vers un compte différent migrate_account_html: Si vous voulez rediriger ce compte vers un autre, vous pouvez le <a href="%{path}">configurer ici</a>. + or_log_in_with: Ou authentifiez-vous avec register: S’inscrire resend_confirmation: Envoyer à nouveau les consignes de confirmation reset_password: Réinitialiser le mot de passe diff --git a/config/locales/pl.yml b/config/locales/pl.yml index cb5f7da44..b3b967e93 100644 --- a/config/locales/pl.yml +++ b/config/locales/pl.yml @@ -291,6 +291,9 @@ pl: open: desc_html: Pozwól każdemu na założenie konta title: Otwarta rejestracja + show_known_fediverse_at_about_page: + desc_html: Jeśli włączone, podgląd instancji będzie wyświetlał wpisy z całego Fediwersum. W innym przypadku, będą wyświetlane tylko lokalne wpisy. + title: Pokazuj wszystkie znane wpisy na podglądzie instancji show_staff_badge: desc_html: Pokazuj odznakę uprawnień na stronie profilu użytkownika title: Pokazuj odznakę administracji diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml index de1f9a358..6b911a9a9 100644 --- a/config/locales/pt-BR.yml +++ b/config/locales/pt-BR.yml @@ -290,6 +290,9 @@ pt-BR: open: desc_html: Permitir que qualquer um crie uma conta title: Cadastro aberto + show_known_fediverse_at_about_page: + desc_html: Quando ligado, vai mostrar toots de todo o fediverso conhecido na prévia da timeline. Senão, mostra somente toots locais. + title: Mostrar fediverso conhecido na prévia da timeline show_staff_badge: desc_html: Mostrar uma insígnia de Equipe na página de usuário title: Mostrar insígnia de equipe diff --git a/config/routes.rb b/config/routes.rb index f45684519..8a52892f2 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -24,9 +24,11 @@ Rails.application.routes.draw do devise_scope :user do get '/invite/:invite_code', to: 'auth/registrations#new', as: :public_invite + match '/auth/finish_signup' => 'auth/confirmations#finish_signup', via: [:get, :patch], as: :finish_signup end devise_for :users, path: 'auth', controllers: { + omniauth_callbacks: 'auth/omniauth_callbacks', sessions: 'auth/sessions', registrations: 'auth/registrations', passwords: 'auth/passwords', diff --git a/config/settings.yml b/config/settings.yml index 507b7c066..592be1a8a 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -51,6 +51,7 @@ defaults: &defaults bootstrap_timeline_accounts: '' activity_api_enabled: true peers_api_enabled: true + show_known_fediverse_at_about_page: true development: <<: *defaults |