feat(auth): integrated oauth2 mock server
This commit is contained in:
David Mosbach
parent
a67697d159
commit
8acfc1d10c
30
shell.nix
30
shell.nix
@ -1,4 +1,4 @@
|
|||||||
# SPDX-FileCopyrightText: 2022-2023 Gregor Kleen <gregor@kleen.consulting>, Sarah Vaupel <sarah.vaupel@uniworx.de>, Steffen Jost <jost@tcs.ifi.lmu.de>
|
# SPDX-FileCopyrightText: 2022-2024 Gregor Kleen <gregor@kleen.consulting>, Sarah Vaupel <sarah.vaupel@uniworx.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, David Mosbach <david.mosbach@uniworx.de>
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
@ -9,6 +9,12 @@ let
|
|||||||
|
|
||||||
haskellPackages = pkgs.haskellPackages;
|
haskellPackages = pkgs.haskellPackages;
|
||||||
|
|
||||||
|
oauth2Flake = (builtins.getFlake "git+https://gitlab.uniworx.de/mosbach/oauth2-mock-server/?rev=11548e5aacca29c6ba389a62bca3d7a80d54eb6f&ref=refresh-tokens").packages.x86_64-linux;
|
||||||
|
|
||||||
|
oauth2MockServer = oauth2Flake.default;
|
||||||
|
mkOauth2DB = oauth2Flake.mkOauth2DB;
|
||||||
|
killOauth2DB = oauth2Flake.killOauth2DB;
|
||||||
|
|
||||||
postgresSchema = pkgs.writeText "schema.sql" ''
|
postgresSchema = pkgs.writeText "schema.sql" ''
|
||||||
CREATE USER uniworx WITH SUPERUSER;
|
CREATE USER uniworx WITH SUPERUSER;
|
||||||
CREATE DATABASE uniworx_test;
|
CREATE DATABASE uniworx_test;
|
||||||
@ -21,6 +27,17 @@ let
|
|||||||
local all all trust
|
local all all trust
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
oauth2Schema = pkgs.writeText "oauth2_schema.sql" ''
|
||||||
|
CREATE USER oauth2mock WITH SUPERUSER;
|
||||||
|
CREATE DATABASE test_users;
|
||||||
|
GRANT ALL ON DATABASE test_users TO oauth2mock;
|
||||||
|
'';
|
||||||
|
|
||||||
|
oauth2Hba = pkgs.writeText "oauth2_hba_file" ''
|
||||||
|
local all all trust
|
||||||
|
'';
|
||||||
|
|
||||||
|
|
||||||
develop = pkgs.writeScriptBin "develop" ''
|
develop = pkgs.writeScriptBin "develop" ''
|
||||||
#!${pkgs.zsh}/bin/zsh -e
|
#!${pkgs.zsh}/bin/zsh -e
|
||||||
|
|
||||||
@ -44,6 +61,7 @@ let
|
|||||||
type cleanup_cache_memcached &>/dev/null && cleanup_cache_memcached
|
type cleanup_cache_memcached &>/dev/null && cleanup_cache_memcached
|
||||||
type cleanup_minio &>/dev/null && cleanup_minio
|
type cleanup_minio &>/dev/null && cleanup_minio
|
||||||
type cleanup_maildev &>/dev/null && cleanup_maildev
|
type cleanup_maildev &>/dev/null && cleanup_maildev
|
||||||
|
[[ -z "$OAUTH2_PGDIR" ]] || source ${killOauth2DB}/bin/killOauth2DB
|
||||||
|
|
||||||
[ -f "''${basePath}/.develop.env" ] && rm -vf "''${basePath}/.develop.env"
|
[ -f "''${basePath}/.develop.env" ] && rm -vf "''${basePath}/.develop.env"
|
||||||
set +x
|
set +x
|
||||||
@ -53,6 +71,12 @@ let
|
|||||||
|
|
||||||
export PORT_OFFSET=$(((16#$(sha256sum <<<"$(hostname -f):''${basePath}" | head -c 16)) % 1000))
|
export PORT_OFFSET=$(((16#$(sha256sum <<<"$(hostname -f):''${basePath}" | head -c 16)) % 1000))
|
||||||
|
|
||||||
|
if [[ -z "$OAUTH2_PGHOST" ]]; then
|
||||||
|
set -xe
|
||||||
|
source ${mkOauth2DB}/bin/mkOauth2DB
|
||||||
|
set +xe
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ -z "$PGHOST" ]]; then
|
if [[ -z "$PGHOST" ]]; then
|
||||||
set -xe
|
set -xe
|
||||||
|
|
||||||
@ -271,7 +295,9 @@ in pkgs.mkShell {
|
|||||||
|
|
||||||
export CHROME_BIN=${pkgs.chromium}/bin/chromium
|
export CHROME_BIN=${pkgs.chromium}/bin/chromium
|
||||||
'';
|
'';
|
||||||
nativeBuildInputs = [develop inDevelop killallUni2work diffRunning]
|
OAUTH2_HBA = oauth2Hba;
|
||||||
|
OAUTH2_DB_SCHEMA = oauth2Schema;
|
||||||
|
nativeBuildInputs = [develop inDevelop killallUni2work diffRunning oauth2MockServer]
|
||||||
++ (with pkgs;
|
++ (with pkgs;
|
||||||
[ stack nodejs-14_x postgresql_12 openldap exiftool memcached minio minio-client
|
[ stack nodejs-14_x postgresql_12 openldap exiftool memcached minio minio-client
|
||||||
gup reuse pre-commit
|
gup reuse pre-commit
|
||||||
|
|||||||
@ -30,7 +30,7 @@ instance Exception AzureUserException
|
|||||||
----------------------------------------
|
----------------------------------------
|
||||||
|
|
||||||
mockPluginName :: Text
|
mockPluginName :: Text
|
||||||
mockPluginName = "uniworx_dev"
|
mockPluginName = "dev-oauth2-mock"
|
||||||
|
|
||||||
newtype UserID = UserID Text
|
newtype UserID = UserID Text
|
||||||
instance FromJSON UserID where
|
instance FromJSON UserID where
|
||||||
@ -40,14 +40,14 @@ instance FromJSON UserID where
|
|||||||
oauth2MockServer :: YesodAuth m => AuthPlugin m
|
oauth2MockServer :: YesodAuth m => AuthPlugin m
|
||||||
oauth2MockServer =
|
oauth2MockServer =
|
||||||
let oa = OAuth2
|
let oa = OAuth2
|
||||||
{ oauth2ClientId = "uniworx"
|
{ oauth2ClientId = "42"
|
||||||
, oauth2ClientSecret = Just "shh"
|
, oauth2ClientSecret = Just "shhh"
|
||||||
, oauth2AuthorizeEndpoint = fromString $ mockServerURL <> "/authorize"
|
, oauth2AuthorizeEndpoint = (fromString $ mockServerURL <> "/auth") `withQuery` [scopeParam " " ["ID", "Profile"]]
|
||||||
, oauth2TokenEndpoint = fromString $ mockServerURL <> "/token"
|
, oauth2TokenEndpoint = fromString $ mockServerURL <> "/token"
|
||||||
, oauth2RedirectUri = Nothing
|
, oauth2RedirectUri = Nothing
|
||||||
}
|
}
|
||||||
mockServerURL = "0.0.0.0/"
|
mockServerURL = "http://localhost:9443"
|
||||||
profileSrc = fromString $ mockServerURL <> "/foo"
|
profileSrc = fromString $ mockServerURL <> "/users/me"
|
||||||
in authOAuth2 mockPluginName oa $ \manager token -> do
|
in authOAuth2 mockPluginName oa $ \manager token -> do
|
||||||
(UserID userID, userResponse) <- authGetProfile mockPluginName manager token profileSrc
|
(UserID userID, userResponse) <- authGetProfile mockPluginName manager token profileSrc
|
||||||
return Creds
|
return Creds
|
||||||
|
|||||||
@ -140,7 +140,7 @@ instance YesodAuth UniWorX where
|
|||||||
$(widgetFile "login")
|
$(widgetFile "login")
|
||||||
|
|
||||||
authenticate c@Creds{..}
|
authenticate c@Creds{..}
|
||||||
| credsPlugin `elem` ["azureadv2", "uniworx_dev"] = UniWorX.oAuthenticate c
|
| credsPlugin `elem` ["azureadv2", "dev-oauth2-mock"] = UniWorX.oAuthenticate c
|
||||||
| otherwise = UniWorX.authenticate c
|
| otherwise = UniWorX.authenticate c
|
||||||
|
|
||||||
authPlugins UniWorX{ appSettings' = AppSettings{..}, appLdapPool, appAuthPlugins } = appAuthPlugins ++ catMaybes
|
authPlugins UniWorX{ appSettings' = AppSettings{..}, appLdapPool, appAuthPlugins } = appAuthPlugins ++ catMaybes
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
$newline never
|
$newline never
|
||||||
|
|
||||||
$# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
|
$# SPDX-FileCopyrightText: 2022-2024 Gregor Kleen <gregor.kleen@ifi.lmu.de>,David Mosbach <david.mosbach@uniworx.de>
|
||||||
$#
|
$#
|
||||||
$# SPDX-License-Identifier: AGPL-3.0-or-later
|
$# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
@ -9,7 +9,7 @@ $forall AuthPlugin{apName, apLogin} <- plugins
|
|||||||
<section>
|
<section>
|
||||||
<h2>Azure
|
<h2>Azure
|
||||||
^{apLogin toParent}
|
^{apLogin toParent}
|
||||||
$elseif apName == "uniworx_dev"
|
$elseif apName == "dev-oauth2-mock"
|
||||||
<section>
|
<section>
|
||||||
<h2>_{MsgDummyLoginTitle}
|
<h2>_{MsgDummyLoginTitle}
|
||||||
^{apLogin toParent}
|
^{apLogin toParent}
|
||||||
|
|||||||
Reference in New Issue
Block a user