Home Explore Help
Sign In
RISCI_ATOM
/
mastodon
mirror of https://github.com/tootsuite/mastodon.git
1
0
Fork 0
Files Issues 8 Wiki
Tree: 21fd25a269
Branches Tags
mastodon
/
config
/
initializers
/
omniauth.rb

omniauth.rb 7.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104 
  1. Rails.application.config.middleware.use OmniAuth::Builder do
    2. 

  2.   # Vanilla omniauth strategies
    3. 

  3. end
    4. 

  4. 

  5. Devise.setup do |config|
    6. 

  6.   # Devise omniauth strategies
    7. 

  7.   options = {}
    8. 

  8. 

  9.   # CAS strategy
    10. 

  10.   if ENV['CAS_ENABLED'] == 'true'
    11. 

  11.     cas_options = {}
    12. 

  12.     cas_options[:display_name] = ENV['CAS_DISPLAY_NAME']
    13. 

  13.     cas_options[:url] = ENV['CAS_URL'] if ENV['CAS_URL']
    14. 

  14.     cas_options[:host] = ENV['CAS_HOST'] if ENV['CAS_HOST']
    15. 

  15.     cas_options[:port] = ENV['CAS_PORT'] if ENV['CAS_PORT']
    16. 

  16.     cas_options[:ssl] = ENV['CAS_SSL'] == 'true' if ENV['CAS_SSL']
    17. 

  17.     cas_options[:service_validate_url] = ENV['CAS_VALIDATE_URL'] if ENV['CAS_VALIDATE_URL']
    18. 

  18.     cas_options[:callback_url] = ENV['CAS_CALLBACK_URL'] if ENV['CAS_CALLBACK_URL']
    19. 

  19.     cas_options[:logout_url] = ENV['CAS_LOGOUT_URL'] if ENV['CAS_LOGOUT_URL']
    20. 

  20.     cas_options[:login_url] = ENV['CAS_LOGIN_URL'] if ENV['CAS_LOGIN_URL']
    21. 

  21.     cas_options[:uid_field] = ENV['CAS_UID_FIELD'] || 'user' if ENV['CAS_UID_FIELD']
    22. 

  22.     cas_options[:ca_path] = ENV['CAS_CA_PATH'] if ENV['CAS_CA_PATH']
    23. 

  23.     cas_options[:disable_ssl_verification] = ENV['CAS_DISABLE_SSL_VERIFICATION'] == 'true'
    24. 

  24.     cas_options[:uid_key] = ENV['CAS_UID_KEY'] || 'user'
    25. 

  25.     cas_options[:name_key] = ENV['CAS_NAME_KEY'] || 'name'
    26. 

  26.     cas_options[:email_key] = ENV['CAS_EMAIL_KEY'] || 'email'
    27. 

  27.     cas_options[:nickname_key] = ENV['CAS_NICKNAME_KEY'] || 'nickname'
    28. 

  28.     cas_options[:first_name_key] = ENV['CAS_FIRST_NAME_KEY'] || 'firstname'
    29. 

  29.     cas_options[:last_name_key] = ENV['CAS_LAST_NAME_KEY'] || 'lastname'
    30. 

  30.     cas_options[:location_key] = ENV['CAS_LOCATION_KEY'] || 'location'
    31. 

  31.     cas_options[:image_key] = ENV['CAS_IMAGE_KEY'] || 'image'
    32. 

  32.     cas_options[:phone_key] = ENV['CAS_PHONE_KEY'] || 'phone'
    33. 

  33.     cas_options[:security] = {}
    34. 

  34.     cas_options[:security][:assume_email_is_verified] = ENV['CAS_SECURITY_ASSUME_EMAIL_IS_VERIFIED'] == 'true'
    35. 

  35.     config.omniauth :cas, cas_options
    36. 

  36.   end
    37. 

  37. 

  38.   # SAML strategy
    39. 

  39.   if ENV['SAML_ENABLED'] == 'true'
    40. 

  40.     saml_options = {}
    41. 

  41.     saml_options[:display_name] = ENV['SAML_DISPLAY_NAME']
    42. 

  42.     saml_options[:assertion_consumer_service_url] = ENV['SAML_ACS_URL'] if ENV['SAML_ACS_URL']
    43. 

  43.     saml_options[:issuer] = ENV['SAML_ISSUER'] if ENV['SAML_ISSUER']
    44. 

  44.     saml_options[:idp_sso_target_url] = ENV['SAML_IDP_SSO_TARGET_URL'] if ENV['SAML_IDP_SSO_TARGET_URL']
    45. 

  45.     saml_options[:idp_sso_target_url_runtime_params] = ENV['SAML_IDP_SSO_TARGET_PARAMS'] if ENV['SAML_IDP_SSO_TARGET_PARAMS'] # FIXME: Should be parsable Hash
    46. 

  46.     saml_options[:idp_cert] = ENV['SAML_IDP_CERT'] if ENV['SAML_IDP_CERT']
    47. 

  47.     saml_options[:idp_cert_fingerprint] = ENV['SAML_IDP_CERT_FINGERPRINT'] if ENV['SAML_IDP_CERT_FINGERPRINT']
    48. 

  48.     saml_options[:idp_cert_fingerprint_validator] = ENV['SAML_IDP_CERT_FINGERPRINT_VALIDATOR'] if ENV['SAML_IDP_CERT_FINGERPRINT_VALIDATOR'] # FIXME: Should be Lambda { |fingerprint| }
    49. 

  49.     saml_options[:name_identifier_format] = ENV['SAML_NAME_IDENTIFIER_FORMAT'] if ENV['SAML_NAME_IDENTIFIER_FORMAT']
    50. 

  50.     saml_options[:request_attributes] = {}
    51. 

  51.     saml_options[:certificate] = ENV['SAML_CERT'] if ENV['SAML_CERT']
    52. 

  52.     saml_options[:private_key] = ENV['SAML_PRIVATE_KEY'] if ENV['SAML_PRIVATE_KEY']
    53. 

  53.     saml_options[:security] = {}
    54. 

  54.     saml_options[:security][:want_assertions_signed] = ENV['SAML_SECURITY_WANT_ASSERTION_SIGNED'] == 'true'
    55. 

  55.     saml_options[:security][:want_assertions_encrypted] = ENV['SAML_SECURITY_WANT_ASSERTION_ENCRYPTED'] == 'true'
    56. 

  56.     saml_options[:security][:assume_email_is_verified] = ENV['SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED'] == 'true'
    57. 

  57.     saml_options[:attribute_statements] = {}
    58. 

  58.     saml_options[:attribute_statements][:uid] = [ENV['SAML_ATTRIBUTES_STATEMENTS_UID']] if ENV['SAML_ATTRIBUTES_STATEMENTS_UID']
    59. 

  59.     saml_options[:attribute_statements][:email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_EMAIL']
    60. 

  60.     saml_options[:attribute_statements][:full_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_FULL_NAME']
    61. 

  61.     saml_options[:attribute_statements][:first_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME']
    62. 

  62.     saml_options[:attribute_statements][:last_name] = [ENV['SAML_ATTRIBUTES_STATEMENTS_LAST_NAME']] if ENV['SAML_ATTRIBUTES_STATEMENTS_LAST_NAME']
    63. 

  63.     saml_options[:attribute_statements][:verified] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']
    64. 

  64.     saml_options[:attribute_statements][:verified_email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']
    65. 

  65.     saml_options[:uid_attribute] = ENV['SAML_UID_ATTRIBUTE'] if ENV['SAML_UID_ATTRIBUTE']
    66. 

  66.     saml_options[:allowed_clock_drift] = ENV['SAML_ALLOWED_CLOCK_DRIFT'] if ENV['SAML_ALLOWED_CLOCK_DRIFT']
    67. 

  67.     config.omniauth :saml, saml_options
    68. 

  68.   end
    69. 

  69. 

  70.   # OpenID Connect Strategy
    71. 

  71.   if ENV['OIDC_ENABLED'] == 'true'
    72. 

  72.     oidc_options = {}
    73. 

  73.     oidc_options[:display_name] = ENV['OIDC_DISPLAY_NAME'] #OPTIONAL
    74. 

  74.     oidc_options[:issuer] = ENV['OIDC_ISSUER'] if ENV['OIDC_ISSUER'] #NEED
    75. 

  75.     oidc_options[:discovery] = ENV['OIDC_DISCOVERY'] == 'true' if ENV['OIDC_DISCOVERY'] #OPTIONAL (default: false)
    76. 

  76.     oidc_options[:client_auth_method] =  ENV['OIDC_CLIENT_AUTH_METHOD'] if ENV['OIDC_CLIENT_AUTH_METHOD'] #OPTIONAL (default: basic)
    77. 

  77.     scope_string = ENV['OIDC_SCOPE'] if ENV['OIDC_SCOPE'] #NEED
    78. 

  78.     scopes = scope_string.split(',')
    79. 

  79.     oidc_options[:scope] = scopes.map { |x| x.to_sym }
    80. 

  80.     oidc_options[:response_type] = ENV['OIDC_RESPONSE_TYPE'] if ENV['OIDC_RESPONSE_TYPE'] #OPTIONAL (default: code)
    81. 

  81.     oidc_options[:response_mode] = ENV['OIDC_RESPONSE_MODE'] if ENV['OIDC_RESPONSE_MODE'] #OPTIONAL (default: query)
    82. 

  82.     oidc_options[:display] = ENV['OIDC_DISPLAY'] if ENV['OIDC_DISPLAY'] #OPTIONAL (default: page)
    83. 

  83.     oidc_options[:prompt] = ENV['OIDC_PROMPT'] if ENV['OIDC_PROMPT'] #OPTIONAL
    84. 

  84.     oidc_options[:send_nonce] = ENV['OIDC_SEND_NONCE'] == 'true' if ENV['OIDC_SEND_NONCE'] #OPTIONAL (default: true)
    85. 

  85.     oidc_options[:send_scope_to_token_endpoint] = ENV['OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT'] == 'true' if ENV['OIDC_SEND_SCOPE_TO_TOKEN_ENDPOINT'] #OPTIONAL (default: true)
    86. 

  86.     oidc_options[:post_logout_redirect_uri] = ENV['OIDC_IDP_LOGOUT_REDIRECT_URI'] if ENV['OIDC_IDP_LOGOUT_REDIRECT_URI'] #OPTIONAL
    87. 

  87.     oidc_options[:uid_field] = ENV['OIDC_UID_FIELD'] if ENV['OIDC_UID_FIELD'] #NEED
    88. 

  88.     oidc_options[:client_options] = {}
    89. 

  89.     oidc_options[:client_options][:identifier] = ENV['OIDC_CLIENT_ID'] if ENV['OIDC_CLIENT_ID'] #NEED
    90. 

  90.     oidc_options[:client_options][:secret] = ENV['OIDC_CLIENT_SECRET'] if ENV['OIDC_CLIENT_SECRET'] #NEED
    91. 

  91.     oidc_options[:client_options][:redirect_uri] = ENV['OIDC_REDIRECT_URI'] if ENV['OIDC_REDIRECT_URI'] #NEED
    92. 

  92.     oidc_options[:client_options][:scheme] = ENV['OIDC_HTTP_SCHEME'] if ENV['OIDC_HTTP_SCHEME'] #OPTIONAL (default: https)
    93. 

  93.     oidc_options[:client_options][:host] = ENV['OIDC_HOST'] if ENV['OIDC_HOST'] #OPTIONAL
    94. 

  94.     oidc_options[:client_options][:port] = ENV['OIDC_PORT'] if ENV['OIDC_PORT'] #OPTIONAL
    95. 

  95.     oidc_options[:client_options][:authorization_endpoint] = ENV['OIDC_AUTH_ENDPOINT'] if ENV['OIDC_AUTH_ENDPOINT'] #NEED when discovery != true
    96. 

  96.     oidc_options[:client_options][:token_endpoint] = ENV['OIDC_TOKEN_ENDPOINT'] if ENV['OIDC_TOKEN_ENDPOINT'] #NEED when discovery != true
    97. 

  97.     oidc_options[:client_options][:userinfo_endpoint] = ENV['OIDC_USER_INFO_ENDPOINT'] if ENV['OIDC_USER_INFO_ENDPOINT'] #NEED when discovery != true
    98. 

  98.     oidc_options[:client_options][:jwks_uri] = ENV['OIDC_JWKS_URI'] if ENV['OIDC_JWKS_URI'] #NEED when discovery != true
    99. 

  99.     oidc_options[:client_options][:end_session_endpoint] = ENV['OIDC_END_SESSION_ENDPOINT'] if ENV['OIDC_END_SESSION_ENDPOINT'] #OPTIONAL
    100. 

  100.     oidc_options[:security] = {}
    101. 

  101.     oidc_options[:security][:assume_email_is_verified] = ENV['OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED'] == 'true' #OPTIONAL
    102. 

  102.     config.omniauth :openid_connect, oidc_options
    103. 

  103.   end
    104. 

  104. end
    105.