diff --git a/config/settings.yml b/config/settings.yml index 979297cd7..4de2d872a 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -128,15 +128,15 @@ database: auto-db-migrate: '_env:AUTO_DB_MIGRATE:true' -# External databases used for authentication and user data lookup -# If the first user database in the list is unreachable, the application will perform a failover to the next list entry, etc. +# External databases used for authentication and userdata lookups user-database: mode: single-source - protocol: oauth2 + protocol: azureadv2 config: - client-id: "_env:OAUTH2CLIENTID:" - client-secret: "_env:OAUTH2CLIENTSECRET:" - tenant-id: "_env:OAUTH2TENANTID:" + client-id: "_env:AZURECLIENTID:00000000-0000-0000-0000-000000000000" + client-secret: "_env:AZURECLIENTSECRET:verysecret" + tenant-id: "_env:AZURETENANTID:00000000-0000-0000-0000-000000000000" + scopes: "_env:AZURESCOPES:[]" # protocol: "ldap" # config: # host: "_env:LDAPHOST:" @@ -148,12 +148,13 @@ user-database: # scope: "_env:LDAPSCOPE:WholeSubtree" # timeout: "_env:LDAPTIMEOUT:5" # search-timeout: "_env:LDAPSEARCHTIME:5" - # pool: - # stripes: "_env:LDAPSTRIPES:1" - # timeout: "_env:LDAPTIMEOUT:20" - # limit: "_env:LDAPLIMIT:10" -userdb-retest-failover: 60 +ldap-pool: + stripes: "_env:LDAPSTRIPES:1" + timeout: "_env:LDAPTIMEOUT:20" + limit: "_env:LDAPLIMIT:10" + +# userdb-retest-failover: 60 userdb-sync-within: "_env:USERDB_SYNC_WITHIN:1209600" # 14 Tage in Sekunden userdb-sync-interval: "_env:USERDB_SYNC_INTERVAL:3600" # jede Stunde diff --git a/src/Settings.hs b/src/Settings.hs index 133613cdd..d86518124 100644 --- a/src/Settings.hs +++ b/src/Settings.hs @@ -142,7 +142,7 @@ instance FromJSON PWHashConf where return PWHashConf{..} -data UserDbConf' = UserDbLdap LdapConf | UserDbOAuth2 OAuth2Conf +data UserDbConf' = UserDbLdap LdapConf | UserDbAzureAdV2 AzureConf deriving (Show) data UserDbConf = @@ -517,10 +517,12 @@ data AppSettings = AppSettings , appHealthCheckHTTPReachableTimeout :: NominalDiffTime , appHealthCheckMatchingClusterConfigTimeout :: NominalDiffTime - , appUserdbRetestFailover :: DiffTime + -- , appUserdbRetestFailover :: DiffTime , appUserdbSyncWithin :: Maybe NominalDiffTime , appUserdbSyncInterval :: NominalDiffTime + , appLdapPoolConf :: Maybe ResourcePoolConf + , appSynchroniseAvsUsersWithin :: Maybe NominalDiffTime , appSynchroniseAvsUsersInterval :: NominalDiffTime @@ -628,6 +630,7 @@ instance FromJSON AppSettings where -- nonEmptyHost (UserDbOAuth2 OAuth2Conf{..}) = not $ or [ null oauth2TenantId, null oauth2ClientId, null oauth2ClientSecret ] appUserDbConf <- o .: "user-database" -- P.fromList . mapMaybe (assertM nonEmptyHost) <$> o .:? "user-database" .!= [] + appLdapPoolConf <- o .:? "ldap-pool" appLmsConf <- o .: "lms-direct" appAvsConf <- assertM (not . null . avsPass) <$> o .:? "avs" appLprConf <- o .: "lpr" @@ -692,7 +695,7 @@ instance FromJSON AppSettings where appSessionTimeout <- o .: "session-timeout" - appUserdbRetestFailover <- o .: "userdb-retest-failover" + -- appUserdbRetestFailover <- o .: "userdb-retest-failover" appUserdbSyncWithin <- o .:? "userdb-sync-within" appUserdbSyncInterval <- o .: "userdb-sync-interval" diff --git a/src/Settings/Ldap.hs b/src/Settings/Ldap.hs index 0a3bdea23..88df04e9d 100644 --- a/src/Settings/Ldap.hs +++ b/src/Settings/Ldap.hs @@ -6,12 +6,11 @@ module Settings.Ldap ( LdapConf(..) - , _ldapHost, _ldapDn, _ldapBase, _ldapScope, _ldapTimeout, _ldapSearchTimeout, _ldapPool + , _ldapHost, _ldapDn, _ldapBase, _ldapScope, _ldapTimeout, _ldapSearchTimeout ) where import ClassyPrelude -import Settings.ResourcePool import Utils.Lens.TH import Control.Monad.Fail (fail) @@ -33,7 +32,6 @@ data LdapConf = LdapConf , ldapScope :: Ldap.Scope , ldapTimeout :: NominalDiffTime , ldapSearchTimeout :: Int32 - , ldapPool :: ResourcePoolConf } deriving (Show) makeLenses_ ''LdapConf @@ -60,5 +58,4 @@ instance FromJSON LdapConf where ldapScope <- o .: "scope" ldapTimeout <- o .: "timeout" ldapSearchTimeout <- o .: "search-timeout" - ldapPool <- o .: "pool" return LdapConf{..} diff --git a/src/Settings/OAuth2.hs b/src/Settings/OAuth2.hs index c1c5fbeba..a07bc606f 100644 --- a/src/Settings/OAuth2.hs +++ b/src/Settings/OAuth2.hs @@ -3,32 +3,30 @@ -- SPDX-License-Identifier: AGPL-3.0-or-later module Settings.OAuth2 - ( OAuth2Conf(..) - , _oauth2ClientId, _oauth2ClientSecret, _oauth2TenantId, _oauth2Scopes + ( AzureConf(..) + , _azureClientId, _azureClientSecret, _azureTenantId, _azureScopes ) where import ClassyPrelude -import Utils.Lens.TH - import Data.Aeson -import qualified Data.Set as Set +import Data.Aeson.TH +import Data.UUID + +import Utils.Lens.TH +import Utils.PathPiece (camelToPathPiece') -- TODO: use better types -data OAuth2Conf = OAuth2Conf - { oauth2ClientId :: Text - , oauth2ClientSecret :: Text - , oauth2TenantId :: Text - , oauth2Scopes :: Set Text +data AzureConf = AzureConf + { azureClientId :: UUID + , azureClientSecret :: Text + , azureTenantId :: UUID + , azureScopes :: Set Text -- TODO: use better type } deriving (Show) -makeLenses_ ''OAuth2Conf +makeLenses_ ''AzureConf -instance FromJSON OAuth2Conf where - parseJSON = withObject "OAuth2Conf" $ \o -> do - oauth2ClientId <- o .:? "client-id" .!= "" - oauth2ClientSecret <- o .:? "client-secret" .!= "" - oauth2TenantId <- o .:? "tenant-id" .!= "" - oauth2Scopes <- o .:? "scopes" .!= Set.empty - return OAuth2Conf{..} +deriveFromJSON defaultOptions + { fieldLabelModifier = camelToPathPiece' 1 + } ''AzureConf