diff options
Diffstat (limited to 'config/initializers')
| -rw-r--r-- | config/initializers/chewy.rb | 24 | ||||
| -rw-r--r-- | config/initializers/devise.rb | 59 | ||||
| -rw-r--r-- | config/initializers/omniauth.rb | 66 | ||||
| -rw-r--r-- | config/initializers/sidekiq.rb | 4 | ||||
| -rw-r--r-- | config/initializers/twitter_regex.rb | 2 |
5 files changed, 153 insertions, 2 deletions
diff --git a/config/initializers/chewy.rb b/config/initializers/chewy.rb new file mode 100644 index 000000000..d5347f2bf --- /dev/null +++ b/config/initializers/chewy.rb @@ -0,0 +1,24 @@ +enabled = ENV['ES_ENABLED'] == 'true' +host = ENV.fetch('ES_HOST') { 'localhost' } +port = ENV.fetch('ES_PORT') { 9200 } +fallback_prefix = ENV.fetch('REDIS_NAMESPACE') { nil } +prefix = ENV.fetch('ES_PREFIX') { fallback_prefix } + +Chewy.settings = { + host: "#{host}:#{port}", + prefix: prefix, + enabled: enabled, + journal: false, + sidekiq: { queue: 'pull' }, +} + +Chewy.root_strategy = enabled ? :sidekiq : :bypass +Chewy.request_strategy = enabled ? :sidekiq : :bypass + +module Chewy + class << self + def enabled? + settings[:enabled] + end + end +end diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 07912c28b..df45dcd1f 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -30,8 +30,43 @@ Warden::Manager.before_logout do |_, warden| warden.cookies.delete('_session_id') end +module Devise + mattr_accessor :pam_authentication + @@pam_authentication = false + mattr_accessor :pam_controlled_service + @@pam_controlled_service = nil + + mattr_accessor :check_at_sign + @@check_at_sign = false + + mattr_accessor :ldap_authentication + @@ldap_authentication = false + mattr_accessor :ldap_host + @@ldap_host = nil + mattr_accessor :ldap_port + @@ldap_port = nil + mattr_accessor :ldap_method + @@ldap_method = nil + mattr_accessor :ldap_base + @@ldap_base = nil + mattr_accessor :ldap_uid + @@ldap_uid = nil + mattr_accessor :ldap_bind_dn + @@ldap_bind_dn = nil + mattr_accessor :ldap_password + @@ldap_password = nil + + class Strategies::PamAuthenticatable + def valid? + super && ::Devise.pam_authentication + end + end +end + Devise.setup do |config| config.warden do |manager| + manager.default_strategies(scope: :user).unshift :ldap_authenticatable if Devise.ldap_authentication + manager.default_strategies(scope: :user).unshift :pam_authenticatable if Devise.pam_authentication manager.default_strategies(scope: :user).unshift :two_factor_authenticatable manager.default_strategies(scope: :user).unshift :two_factor_backupable end @@ -96,7 +131,7 @@ Devise.setup do |config| # given strategies, for example, `config.http_authenticatable = [:database]` will # enable it only for database authentication. The supported strategies are: # :database = Support basic authentication with authentication key + password - config.http_authenticatable = [:database] + config.http_authenticatable = [:pam, :database] # If 401 status code should be returned for AJAX requests. True by default. # config.http_authenticatable_on_xhr = true @@ -301,4 +336,26 @@ Devise.setup do |config| # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' + + if ENV['PAM_ENABLED'] == 'true' + config.pam_authentication = true + config.usernamefield = nil + config.emailfield = 'email' + config.check_at_sign = true + config.pam_default_suffix = ENV.fetch('PAM_DEFAULT_SUFFIX') { nil } + config.pam_default_service = ENV.fetch('PAM_DEFAULT_SERVICE') { 'rpam' } + config.pam_controlled_service = ENV.fetch('PAM_CONTROLLED_SERVICE') { nil } + end + + if ENV['LDAP_ENABLED'] == 'true' + config.ldap_authentication = true + config.check_at_sign = true + config.ldap_host = ENV.fetch('LDAP_HOST', 'localhost') + config.ldap_port = ENV.fetch('LDAP_PORT', 389).to_i + config.ldap_method = ENV.fetch('LDAP_METHOD', :simple_tls).to_sym + config.ldap_base = ENV.fetch('LDAP_BASE') + config.ldap_bind_dn = ENV.fetch('LDAP_BIND_DN') + config.ldap_password = ENV.fetch('LDAP_PASSWORD') + config.ldap_uid = ENV.fetch('LDAP_UID', 'cn') + end end diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb new file mode 100644 index 000000000..85fb81250 --- /dev/null +++ b/config/initializers/omniauth.rb @@ -0,0 +1,66 @@ +Rails.application.config.middleware.use OmniAuth::Builder do + # Vanilla omniauth stategies +end + +Devise.setup do |config| + # Devise omniauth strategies + options = {} + options[:redirect_at_sign_in] = ENV['OAUTH_REDIRECT_AT_SIGN_IN'] == 'true' + + # CAS strategy + if ENV['CAS_ENABLED'] == 'true' + cas_options = options + cas_options[:url] = ENV['CAS_URL'] if ENV['CAS_URL'] + cas_options[:host] = ENV['CAS_HOST'] if ENV['CAS_HOST'] + cas_options[:port] = ENV['CAS_PORT'] if ENV['CAS_PORT'] + cas_options[:ssl] = ENV['CAS_SSL'] == 'true' if ENV['CAS_SSL'] + cas_options[:validate_url] = ENV['CAS_VALIDATE_URL'] if ENV['CAS_VALIDATE_URL'] + cas_options[:callback_url] = ENV['CAS_CALLBACK_URL'] if ENV['CAS_CALLBACK_URL'] + cas_options[:logout_url] = ENV['CAS_LOGOUT_URL'] if ENV['CAS_LOGOUT_URL'] + cas_options[:login_url] = ENV['CAS_LOGIN_URL'] if ENV['CAS_LOGIN_URL'] + cas_options[:uid_field] = ENV['CAS_UID_FIELD'] || 'user' if ENV['CAS_UID_FIELD'] + cas_options[:ca_path] = ENV['CAS_CA_PATH'] if ENV['CAS_CA_PATH'] + cas_options[:disable_ssl_verification] = ENV['CAS_DISABLE_SSL_VERIFICATION'] == 'true' + cas_options[:uid_key] = ENV['CAS_UID_KEY'] || 'user' + cas_options[:name_key] = ENV['CAS_NAME_KEY'] || 'name' + cas_options[:email_key] = ENV['CAS_EMAIL_KEY'] || 'email' + cas_options[:nickname_key] = ENV['CAS_NICKNAME_KEY'] || 'nickname' + cas_options[:first_name_key] = ENV['CAS_FIRST_NAME_KEY'] || 'firstname' + cas_options[:last_name_key] = ENV['CAS_LAST_NAME_KEY'] || 'lastname' + cas_options[:location_key] = ENV['CAS_LOCATION_KEY'] || 'location' + cas_options[:image_key] = ENV['CAS_IMAGE_KEY'] || 'image' + cas_options[:phone_key] = ENV['CAS_PHONE_KEY'] || 'phone' + config.omniauth :cas, cas_options + end + + # SAML strategy + if ENV['SAML_ENABLED'] == 'true' + saml_options = options + saml_options[:assertion_consumer_service_url] = ENV['SAML_ACS_URL'] if ENV['SAML_ACS_URL'] + saml_options[:issuer] = ENV['SAML_ISSUER'] if ENV['SAML_ISSUER'] + saml_options[:idp_sso_target_url] = ENV['SAML_IDP_SSO_TARGET_URL'] if ENV['SAML_IDP_SSO_TARGET_URL'] + saml_options[:idp_sso_target_url_runtime_params] = ENV['SAML_IDP_SSO_TARGET_PARAMS'] if ENV['SAML_IDP_SSO_TARGET_PARAMS'] # FIXME: Should be parsable Hash + saml_options[:idp_cert] = ENV['SAML_IDP_CERT'] if ENV['SAML_IDP_CERT'] + saml_options[:idp_cert_fingerprint] = ENV['SAML_IDP_CERT_FINGERPRINT'] if ENV['SAML_IDP_CERT_FINGERPRINT'] + saml_options[:idp_cert_fingerprint_validator] = ENV['SAML_IDP_CERT_FINGERPRINT_VALIDATOR'] if ENV['SAML_IDP_CERT_FINGERPRINT_VALIDATOR'] # FIXME: Should be Lambda { |fingerprint| } + saml_options[:name_identifier_format] = ENV['SAML_NAME_IDENTIFIER_FORMAT'] if ENV['SAML_NAME_IDENTIFIER_FORMAT'] + saml_options[:request_attributes] = {} + saml_options[:certificate] = ENV['SAML_CERT'] if ENV['SAML_CERT'] + saml_options[:private_key] = ENV['SAML_PRIVATE_KEY'] if ENV['SAML_PRIVATE_KEY'] + saml_options[:security] = {} + saml_options[:security][:want_assertions_signed] = ENV['SAML_SECURITY_WANT_ASSERTION_SIGNED'] == 'true' + saml_options[:security][:want_assertions_encrypted] = ENV['SAML_SECURITY_WANT_ASSERTION_ENCRYPTED'] == 'true' + saml_options[:security][:assume_email_is_verified] = ENV['SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED'] == 'true' + saml_options[:attribute_statements] = {} + saml_options[:attribute_statements][:uid] = [ENV['SAML_ATTRIBUTES_STATEMENTS_UID']] if ENV['SAML_ATTRIBUTES_STATEMENTS_UID'] + saml_options[:attribute_statements][:email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL'] + saml_options[:attribute_statements][:full_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME'] + saml_options[:attribute_statements][:first_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME'] + saml_options[:attribute_statements][:last_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_LAST_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_LAST_NAME'] + saml_options[:attribute_statements][:verified] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED'] + saml_options[:attribute_statements][:verified_email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL'] + saml_options[:uid_attribute] = ENV['SAML_UID_ATTRIBUTE'] if ENV['SAML_UID_ATTRIBUTE'] + config.omniauth :saml, saml_options + end + +end diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb index b70784d79..f875fbd95 100644 --- a/config/initializers/sidekiq.rb +++ b/config/initializers/sidekiq.rb @@ -9,6 +9,10 @@ end Sidekiq.configure_server do |config| config.redis = redis_params + + config.server_middleware do |chain| + chain.add SidekiqErrorHandler + end end Sidekiq.configure_client do |config| diff --git a/config/initializers/twitter_regex.rb b/config/initializers/twitter_regex.rb index e924fac22..7fa828300 100644 --- a/config/initializers/twitter_regex.rb +++ b/config/initializers/twitter_regex.rb @@ -2,7 +2,7 @@ module Twitter class Regex REGEXEN[:valid_general_url_path_chars] = /[^\p{White_Space}\(\)\?]/iou - REGEXEN[:valid_url_path_ending_chars] = /[^\p{White_Space}\(\)\?!\*';:=\,\.\$%\[\]\p{Pd}~&\|@]|(?:#{REGEXEN[:valid_url_balanced_parens]})/iou + REGEXEN[:valid_url_path_ending_chars] = /[^\p{White_Space}\(\)\?!\*';:=\,\.\$%\[\]~&\|@]|(?:#{REGEXEN[:valid_url_balanced_parens]})/iou REGEXEN[:valid_url_balanced_parens] = / \( (?: |