mirrors/homebox
1
0
Fork 1
mirror of https://github.com/hay-kot/homebox.git synced 2025-08-03 16:20:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

added option HBOX_OPTIONS_HEADER_SSO_AUTOREGISTER to be able to disable autoregister (default: true)

Browse source
This commit is contained in:
verybadsoldier 2023-05-01 00:42:05 +02:00
parent e03461fd03
commit e0ad97ec74
5 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
backend/app/api/handlers/v1/controller.go
View file

@ -55,6 +55,12 @@ func WithHeaderSSOAllowedIP(headerSSOAllowedIP string) func(*V1Controller) {
} }
} }
func WithHeaderSSOAutoRegister(headerSSOAutoRegister bool) func(*V1Controller) {
return func(ctrl *V1Controller) {
ctrl.headerSSOAutoRegister = headerSSOAutoRegister
}
}
func WithHeaderSSOHeaderName(headerSSOHeaderName string) func(*V1Controller) { func WithHeaderSSOHeaderName(headerSSOHeaderName string) func(*V1Controller) {
return func(ctrl *V1Controller) { return func(ctrl *V1Controller) {
ctrl.headerSSOHeaderName = headerSSOHeaderName ctrl.headerSSOHeaderName = headerSSOHeaderName
@ -75,6 +81,7 @@ type V1Controller struct {
allowRegistration bool allowRegistration bool
headerSSOEnabled bool headerSSOEnabled bool
headerSSOAllowedIP string headerSSOAllowedIP string
headerSSOAutoRegister bool
headerSSOHeaderName string headerSSOHeaderName string
headerSSOHeaderEmail string headerSSOHeaderEmail string
} }

4
backend/app/api/handlers/v1/v1_ctrl_auth.go
View file

@ -115,6 +115,10 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc {
_, err := ctrl.repo.Users.GetOneEmail(r.Context(), email) _, err := ctrl.repo.Users.GetOneEmail(r.Context(), email)
if err != nil { if err != nil {
if !ctrl.headerSSOAutoRegister {
return validate.NewRequestError(errors.New("authentication failed. User not found but SSO autoregister is disabled"), http.StatusInternalServerError)
}
// user not found -> create it // user not found -> create it
// if the name header does not exist then the empty string will be used as name // if the name header does not exist then the empty string will be used as name
var username = r.Header.Get(ctrl.headerSSOHeaderName) var username = r.Header.Get(ctrl.headerSSOHeaderName)

1
backend/app/api/routes.go
View file

@ -56,6 +56,7 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
v1.WithDemoStatus(a.conf.Demo), // Disable Password Change in Demo Mode v1.WithDemoStatus(a.conf.Demo), // Disable Password Change in Demo Mode
v1.WithHeaderSSO(a.conf.Options.HeaderSSOEnabled), v1.WithHeaderSSO(a.conf.Options.HeaderSSOEnabled),
v1.WithHeaderSSOAllowedIP(a.conf.Options.HeaderSSOAllowedIP), v1.WithHeaderSSOAllowedIP(a.conf.Options.HeaderSSOAllowedIP),
v1.WithHeaderSSOAutoRegister(a.conf.Options.HeaderSSOAutoRegister),
v1.WithHeaderSSOHeaderEmail(a.conf.Options.HeaderSSOHeaderEmail), v1.WithHeaderSSOHeaderEmail(a.conf.Options.HeaderSSOHeaderEmail),
v1.WithHeaderSSOHeaderName(a.conf.Options.HeaderSSOHeaderName), v1.WithHeaderSSOHeaderName(a.conf.Options.HeaderSSOHeaderName),
) )

1
backend/internal/sys/config/conf.go
View file

@ -30,6 +30,7 @@ type Options struct {
AutoIncrementAssetID bool `yaml:"auto_increment_asset_id" conf:"default:true"` AutoIncrementAssetID bool `yaml:"auto_increment_asset_id" conf:"default:true"`
HeaderSSOEnabled bool `yaml:"header_sso_enabled" conf:"default:false"` HeaderSSOEnabled bool `yaml:"header_sso_enabled" conf:"default:false"`
HeaderSSOAllowedIP string `yaml:"header_sso_allowed_ip" conf:"default:0.0.0.0"` HeaderSSOAllowedIP string `yaml:"header_sso_allowed_ip" conf:"default:0.0.0.0"`
HeaderSSOAutoRegister bool `yaml:"header_sso_autoregister" conf:"default:true"`
HeaderSSOHeaderName string `yaml:"header_sso_header_name" conf:"default:Remote-Name"` HeaderSSOHeaderName string `yaml:"header_sso_header_name" conf:"default:Remote-Name"`
HeaderSSOHeaderEmail string `yaml:"header_sso_header_email" conf:"default:Remote-Email"` HeaderSSOHeaderEmail string `yaml:"header_sso_header_email" conf:"default:Remote-Email"`
} }

4
docs/docs/quick-start.md
View file

@ -49,6 +49,7 @@ volumes:
| HBOX_OPTIONS_AUTO_INCREMENT_ASSET_ID | true | auto increments the asset_id field for new items | | HBOX_OPTIONS_AUTO_INCREMENT_ASSET_ID | true | auto increments the asset_id field for new items |
| HBOX_OPTIONS_HEADER_SSO_ENABLED | false | allow login via trusted SSO HTTP headers | | HBOX_OPTIONS_HEADER_SSO_ENABLED | false | allow login via trusted SSO HTTP headers |
| HBOX_OPTIONS_HEADER_SSO_ALLOWED_IP | | request IP being allowed to send trusted SSO HTTP headers | | HBOX_OPTIONS_HEADER_SSO_ALLOWED_IP | | request IP being allowed to send trusted SSO HTTP headers |
| HBOX_OPTIONS_HEADER_SSO_AUTOREGISTER | | automatically register unknown users |
| HBOX_OPTIONS_HEADER_SSO_HEADER_NAME | | name of the HTTP header that contains the name when using SSO HTTP headers | | HBOX_OPTIONS_HEADER_SSO_HEADER_NAME | | name of the HTTP header that contains the name when using SSO HTTP headers |
| HBOX_OPTIONS_HEADER_SSO_HEADER_EMAIL | | name of the HTTP header that contains the email when using SSO HTTP headers | | HBOX_OPTIONS_HEADER_SSO_HEADER_EMAIL | | name of the HTTP header that contains the email when using SSO HTTP headers |
| HBOX_WEB_MAX_UPLOAD_SIZE | 10 | maximum file upload size supported in MB | | HBOX_WEB_MAX_UPLOAD_SIZE | 10 | maximum file upload size supported in MB |
@ -93,6 +94,9 @@ volumes:
--options-auto-increment-asset-id/$HBOX_OPTIONS_AUTO_INCREMENT_ASSET_ID <bool> (default: true) --options-auto-increment-asset-id/$HBOX_OPTIONS_AUTO_INCREMENT_ASSET_ID <bool> (default: true)
--options-header-sso-enabled/$HBOX_OPTIONS_HEADER_SSO_ENABLED <bool> (default: false) --options-header-sso-enabled/$HBOX_OPTIONS_HEADER_SSO_ENABLED <bool> (default: false)
--options-header-sso-allowed_ip/$HBOX_OPTIONS_HEADER_SSO_ALLOWED_IP <string> --options-header-sso-allowed_ip/$HBOX_OPTIONS_HEADER_SSO_ALLOWED_IP <string>
--options-header-sso-autoregsiter/$HBOX_OPTIONS_HEADER_SSO_AUTOREGISTER <bool> (default: true)
--options-header-sso-allowed_ip/$HBOX_OPTIONS_HEADER_SSO_HEADER_EMAIL <string> (default: Remote-Email)
--options-header-sso-allowed_ip/$HBOX_OPTIONS_HEADER_SSO_HEADER_NAME <string> (default: Remote-Name)
--help/-h --help/-h
display this help message display this help message
``` ```