Renamed oauth2_client settings
Signed-off-by: Martin Michaelis <code@mgjm.de>
This commit is contained in:
parent
527c7e61d9
commit
6a3a0e7c0b
@ -504,16 +504,16 @@ BLACKLISTED_URIS =
|
||||
|
||||
[oauth2_client]
|
||||
; Whether a new auto registered oauth2 user needs to confirm their email.
|
||||
; Do not include to use the REGISTER_EMAIL_CONFIRM setting.
|
||||
;OAUTH2_REGISTER_EMAIL_CONFIRM =
|
||||
; Do not include to use the REGISTER_EMAIL_CONFIRM setting from the `[service]` section.
|
||||
;REGISTER_EMAIL_CONFIRM =
|
||||
; Scopes for the openid connect oauth2 provider (seperated by space, the openid scope is implicitly added).
|
||||
; Typical values are profile and email.
|
||||
; For more information about the possible values see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
|
||||
OAUTH2_OPENID_CONNECT_SCOPES =
|
||||
OPENID_CONNECT_SCOPES =
|
||||
; Automatically create user accounts for new oauth2 users.
|
||||
ENABLE_OAUTH2_AUTO_REGISTRATION = false
|
||||
; Use the nickname attribute from the oauth2 provider instead of the userid as the new username
|
||||
OAUTH2_USE_NICKNAME = false
|
||||
ENABLE_AUTO_REGISTRATION = false
|
||||
; Use the nickname attribute from the oauth2 provider instead of the userid as the new username.
|
||||
USE_NICKNAME = false
|
||||
|
||||
[service]
|
||||
; Time limit to confirm account/email registration
|
||||
|
@ -310,14 +310,10 @@ set name for unique queues. Individual queues will default to
|
||||
|
||||
## OAuth2 Client (`oauth2_client`)
|
||||
|
||||
- `OAUTH2_REGISTER_EMAIL_CONFIRM`: **REGISTER\_EMAIL\_CONFIRM**: Set this to enable or disable
|
||||
mail confirmation of OAuth2 auto-registration.
|
||||
- `OAUTH2_OPENID_CONNECT_SCOPES`: **\<empty\>**: List of additional openid connect scopes.
|
||||
(`openid` is implicitly added)
|
||||
- `ENABLE_OAUTH2_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration
|
||||
for oauth2 authentication.
|
||||
- `OAUTH2_USE_NICKNAME`: **false**: Set this to use the nickname from the oauth2 provider
|
||||
instead of the userid for the username of the new user.
|
||||
- `REGISTER_EMAIL_CONFIRM`: *[service]* **REGISTER\_EMAIL\_CONFIRM**: Set this to enable or disable email confirmation of OAuth2 auto-registration. (Overwrites the REGISTER\_EMAIL\_CONFIRM setting of the `[service]` section)
|
||||
- `OPENID_CONNECT_SCOPES`: **\<empty\>**: List of additional openid connect scopes. (`openid` is implicitly added)
|
||||
- `ENABLE_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration for oauth2 authentication.
|
||||
- `USE_NICKNAME`: **false**: Set this to use the nickname from the oauth2 provider instead of the userid for the username of the new user.
|
||||
|
||||
## Service (`service`)
|
||||
|
||||
|
@ -169,7 +169,7 @@ func createProvider(providerName, providerType, clientID, clientSecret, openIDCo
|
||||
case "gplus": // named gplus due to legacy gplus -> google migration (Google killed Google+). This ensures old connections still work
|
||||
provider = google.New(clientID, clientSecret, callbackURL)
|
||||
case "openidConnect":
|
||||
if provider, err = openidConnect.New(clientID, clientSecret, callbackURL, openIDConnectAutoDiscoveryURL, setting.OAuth2Client.OAuth2OpenIDConnectScopes...); err != nil {
|
||||
if provider, err = openidConnect.New(clientID, clientSecret, callbackURL, openIDConnectAutoDiscoveryURL, setting.OAuth2Client.OpenIDConnectScopes...); err != nil {
|
||||
log.Warn("Failed to create OpenID Connect Provider with name '%s' with url '%s': %v", providerName, openIDConnectAutoDiscoveryURL, err)
|
||||
}
|
||||
case "twitter":
|
||||
|
@ -57,10 +57,10 @@ var Service struct {
|
||||
|
||||
// OAuth2Client settings
|
||||
var OAuth2Client struct {
|
||||
OAuth2RegisterEmailConfirm bool
|
||||
OAuth2OpenIDConnectScopes []string
|
||||
EnableOAuth2AutoRegister bool
|
||||
OAuth2UseNickname bool
|
||||
RegisterEmailConfirm bool
|
||||
OpenIDConnectScopes []string
|
||||
EnableAutoRegistration bool
|
||||
UseNickname bool
|
||||
}
|
||||
|
||||
func newService() {
|
||||
@ -120,14 +120,14 @@ func newService() {
|
||||
}
|
||||
|
||||
sec = Cfg.Section("oauth2_client")
|
||||
OAuth2Client.OAuth2RegisterEmailConfirm = sec.Key("OAUTH2_REGISTER_EMAIL_CONFIRM").MustBool(Service.RegisterEmailConfirm)
|
||||
pats = sec.Key("OAUTH2_OPENID_CONNECT_SCOPES").Strings(" ")
|
||||
OAuth2Client.OAuth2OpenIDConnectScopes = make([]string, 0, len(pats))
|
||||
OAuth2Client.RegisterEmailConfirm = sec.Key("REGISTER_EMAIL_CONFIRM").MustBool(Service.RegisterEmailConfirm)
|
||||
pats = sec.Key("OPENID_CONNECT_SCOPES").Strings(" ")
|
||||
OAuth2Client.OpenIDConnectScopes = make([]string, 0, len(pats))
|
||||
for _, scope := range pats {
|
||||
if scope != "" {
|
||||
OAuth2Client.OAuth2OpenIDConnectScopes = append(OAuth2Client.OAuth2OpenIDConnectScopes, scope)
|
||||
OAuth2Client.OpenIDConnectScopes = append(OAuth2Client.OpenIDConnectScopes, scope)
|
||||
}
|
||||
}
|
||||
OAuth2Client.EnableOAuth2AutoRegister = sec.Key("ENABLE_OAUTH2_AUTO_REGISTRATION").MustBool()
|
||||
OAuth2Client.OAuth2UseNickname = sec.Key("OAUTH2_USE_NICKNAME").MustBool()
|
||||
OAuth2Client.EnableAutoRegistration = sec.Key("ENABLE_AUTO_REGISTRATION").MustBool()
|
||||
OAuth2Client.UseNickname = sec.Key("USE_NICKNAME").MustBool()
|
||||
}
|
||||
|
@ -588,10 +588,10 @@ func SignInOAuthCallback(ctx *context.Context) {
|
||||
}
|
||||
|
||||
if u == nil {
|
||||
if setting.OAuth2Client.EnableOAuth2AutoRegister {
|
||||
if setting.OAuth2Client.EnableAutoRegistration {
|
||||
// create new user with details from oauth2 provider
|
||||
var name string
|
||||
if setting.OAuth2Client.OAuth2UseNickname {
|
||||
if setting.OAuth2Client.UseNickname {
|
||||
name = gothUser.NickName
|
||||
} else {
|
||||
name = gothUser.UserID
|
||||
@ -600,7 +600,7 @@ func SignInOAuthCallback(ctx *context.Context) {
|
||||
Name: name,
|
||||
FullName: gothUser.Name,
|
||||
Email: gothUser.Email,
|
||||
IsActive: !setting.OAuth2Client.OAuth2RegisterEmailConfirm,
|
||||
IsActive: !setting.OAuth2Client.RegisterEmailConfirm,
|
||||
LoginType: models.LoginOAuth2,
|
||||
LoginSource: loginSource.ID,
|
||||
LoginName: gothUser.UserID,
|
||||
|
Loading…
Reference in New Issue
Block a user