fraport/fradrive-old
fraport/fradrive-old
Archived
3
1
Fork 0
Code Issues 65 Pull Requests 5 Actions Packages Projects Releases 197 Wiki Activity

chore(auth): actually use user-auth config for determining auth plugins to load

Browse Source
This commit is contained in:
Sarah Vaupel 2024-03-03 06:16:53 +01:00
parent 2196e89208
commit bb03d28b7d
1 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/Application.hs
View File

@ -60,7 +60,6 @@ import System.Directory
import Jobs import Jobs
import qualified Data.Text.Encoding as Text import qualified Data.Text.Encoding as Text
import qualified Data.Text as Text
import Yesod.Auth.OAuth2.AzureADv2 (oauth2AzureADv2Scoped) import Yesod.Auth.OAuth2.AzureADv2 (oauth2AzureADv2Scoped)
import Yesod.Auth.Util.PasswordStore import Yesod.Auth.Util.PasswordStore
@ -344,21 +343,33 @@ makeFoundation appSettings''@AppSettings{..} = do
appAuthKey <- clusterSetting (Proxy :: Proxy 'ClusterAuthKey) `customRunSqlPool` sqlPool appAuthKey <- clusterSetting (Proxy :: Proxy 'ClusterAuthKey) `customRunSqlPool` sqlPool
appPersonalisedSheetFilesSeedKey <- clusterSetting (Proxy :: Proxy 'ClusterPersonalisedSheetFilesSeedKey) `customRunSqlPool` sqlPool appPersonalisedSheetFilesSeedKey <- clusterSetting (Proxy :: Proxy 'ClusterPersonalisedSheetFilesSeedKey) `customRunSqlPool` sqlPool
-- TODO: either migrate these to Foundation.Instances, or migrate additions in Foundation.Instances here
mAzureTenantID <- liftIO $ (fmap Text.pack) <$> (return $ Just "123") -- lookupEnv "AZURE_ADV2_TENANT_ID" -- TODO: use scopes from Settings
#ifdef DEVELOPMENT
oauth2Plugins <- liftIO $ sequence
[ (azureMockServer . fromJust) <$> lookupEnv "OAUTH2_SERVER_PORT"
, return $ oauth2AzureADv2Scoped ["openid", "profile", "offline_access"] "42" "42" "shhh"
]
#else
let -- Auth Plugins let -- Auth Plugins
tenantID = fromMaybe (error "Tenant ID mising") mAzureTenantID
loadPlugin p prefix = do -- Loads given YesodAuthPlugin loadPlugin p prefix = do -- Loads given YesodAuthPlugin
mID <- (fmap Text.pack) <$> (return $ Just "UWX") -- (lookupEnv $ prefix ++ "_CLIENT_ID") mID <- fmap Text.pack <$> appUserAuthConf ^? _UserAuthConfSingleSource . _AuthSourceConfAzure . _azureConfClientId
mSecret <- (fmap Text.pack) <$> (return $ Just prefix) -- (lookupEnv $ prefix ++ "_CLIENT_SECRET") mSecret <- fmap Text.pack <$> appUserAuthConf ^? _UserAuthConfSingleSource . _AuthSourceConfAzure . _azureConfClientSecret
let mArgs = (,) <$> mID <*> mSecret let mArgs = (,) <$> mID <*> mSecret
guard $ isJust mArgs guard $ isJust mArgs
return . uncurry p $ fromJust mArgs return . uncurry p $ fromJust mArgs
tenantID = case appUserAuthConf of
appAuthPlugins <- liftIO $ sequence [ UserAuthConfSingleSource (AuthSourceConfAzure AzureConf{..})
(azureMockServer . fromJust) <$> lookupEnv "OAUTH2_SERVER_PORT" -> Text.pack azureConfTenantId
, loadPlugin (oauth2AzureADv2Scoped ["openid", "profile", "offline_access"] tenantID) "AZURE_ADV2" _other
] -> error "Tenant ID missing!"
oauth2Plugins
| UserAuthConfSingleSource (AuthSourceConfAzure AzureConf{..}) appUserAuthConf
-> singleton $ oauth2AzureADv2Scoped (Set.toList azureConfScopes) azureConfTenantId azureConfClientId azureConfClientSecret
| otherwise
-> mempty
#endif
let appAuthPlugins = oauth2Plugins
let appVolatileClusterSettingsCacheTime' = Clock.fromNanoSecs ns let appVolatileClusterSettingsCacheTime' = Clock.fromNanoSecs ns