cloudron/gitea-app
1
0
Fork 0
mirror of https://git.cloudron.io/cloudron/gitea-app synced 2025-09-01 23:35:06 +00:00
Code Issues Releases Wiki Activity

LDAP to OIDC auth migration, tests refactored

Browse Source
This commit is contained in:
Vladimir D
2023-09-26 15:30:53 +04:00
parent dd44f81d04
commit e176d6c705
6 changed files with 94 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
start.sh
View File

@@ -25,6 +25,25 @@ setup_ldap_source() {
fi
}
migrate_ldap_users_to_oidc() {
set -eu
echo "==> migrate LDAP to OIDC"
mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e \
"UPDATE user u, (select id from login_source WHERE name='cloudron' and type='6') ls SET u.login_type=6, u.login_source=u.id WHERE u.login_type=2 AND u.login_source=1"
}
setup_oidc_source() {
set -eu
echo "==> Setup OIDC source"
now=$(date +%s)
mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -e \
"REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
}
setup_root_user() {
set -eu
@@ -51,7 +70,15 @@ setup_auth() {
setup_ldap_source
fi
user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user;")
if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
setup_oidc_source
ldap_users_to_migrate=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "select count(*) from user WHERE login_type=2 AND login_source=1")
if [ "${ldap_users_to_migrate:0}" -gt 0 ]; then
migrate_ldap_users_to_oidc
fi
fi
user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
# be careful, not to create root user for existing LDAP based installs
if [[ "${user_count}" == "0" ]]; then
echo "==> Setting up root user for first run"