ramon
/
vbv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup oauth env variables

This commit is contained in:
Daniel Egger 2023-06-01 22:44:42 +02:00
parent 6ab8be4e58
commit a67a06d69b
9 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
caprover_create_app.py
View File

@ -72,12 +72,7 @@ def main(app_name, image_name, environment_file):
image_name=image_name, image_name=image_name,
container_http_port=7555, container_http_port=7555,
environment_variables={ environment_variables={
# 'DJANGO_SETTINGS_MODULE': 'config.settings.base',
"VITE_APP_ENVIRONMENT": env.str("VITE_APP_ENVIRONMENT", "dev-feature"), "VITE_APP_ENVIRONMENT": env.str("VITE_APP_ENVIRONMENT", "dev-feature"),
"VITE_LOGOUT_REDIRECT": env.str(
"VITE_LOGOUT_REDIRECT",
"https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://vbv-lernwelt.control.iterativ.ch",
),
"IT_DEFAULT_ADMIN_PASSWORD": env.str("fWwoQzreIS5uztLOyF8jJpS9M"), "IT_DEFAULT_ADMIN_PASSWORD": env.str("fWwoQzreIS5uztLOyF8jJpS9M"),
"POSTGRES_HOST": f"srv-captain--{app_name}-postgres", "POSTGRES_HOST": f"srv-captain--{app_name}-postgres",
"POSTGRES_PORT": 5432, "POSTGRES_PORT": 5432,

5
caprover_deploy.sh
View File

@ -27,12 +27,15 @@ APP_NAME=${1:-$(generate_default_app_name)}
if [[ "$APP_NAME" == "myvbv" ]]; then if [[ "$APP_NAME" == "myvbv" ]]; then
VITE_LOGOUT_REDIRECT="https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://myvbv.iterativ.ch/" VITE_LOGOUT_REDIRECT="https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://myvbv.iterativ.ch/"
https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/B2C_1_SignUpAndSignIn_v3/oauth2/v2.0/
VITE_SENTRY_ENV="production" VITE_SENTRY_ENV="production"
elif [[ "$APP_NAME" == "myvbv-stage" ]]; then elif [[ "$APP_NAME" == "myvbv-stage" ]]; then
VITE_LOGOUT_REDIRECT="https://vbvtst.b2clogin.com/vbvtst.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://myvbv-stage.iterativ.ch/" VITE_LOGOUT_REDIRECT="https://vbvtst.b2clogin.com/vbvtst.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://myvbv-stage.iterativ.ch/"
https://vbvtst.b2clogin.com/vbvtst.onmicrosoft.com/B2C_1_SignUpAndSignIn_v3/oauth2/v2.0/
VITE_SENTRY_ENV="stage" VITE_SENTRY_ENV="stage"
elif [[ "$APP_NAME" == "vbv-lernwelt" ]]; then elif [[ "$APP_NAME" == "vbv-lernwelt" ]]; then
VITE_LOGOUT_REDIRECT="https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://vbv-lernwelt.control.iterativ.ch" VITE_OAUTH_API_BASE_URL= https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/B2C_1_SignUpAndSignIn_v3/oauth2/v2.0/
VITE_LOGOUT_REDIRECT=" https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://vbv-lernwelt.control.iterativ.ch"
VITE_SENTRY_ENV="development" VITE_SENTRY_ENV="development"
elif [[ "$APP_NAME" == "prod-azure" ]]; then elif [[ "$APP_NAME" == "prod-azure" ]]; then
VITE_LOGOUT_REDIRECT="https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://my.vbv-afa.ch/" VITE_LOGOUT_REDIRECT="https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://my.vbv-afa.ch/"

10
client/src/stores/user.ts
View File

@ -5,7 +5,15 @@ import { loadLocaleMessages, setI18nLanguage } from "@/i18n";
import dayjs from "dayjs"; import dayjs from "dayjs";
import { defineStore } from "pinia"; import { defineStore } from "pinia";
const logoutRedirectUrl = import.meta.env.VITE_LOGOUT_REDIRECT || "/"; let logoutRedirectUrl = import.meta.env.VITE_LOGOUT_REDIRECT || "/";
// TODO: check if user logged in with SSO or login-local
if (import.meta.env.VITE_OAUTH_API_BASE_URL) {
logoutRedirectUrl = `${
import.meta.env.VITE_OAUTH_API_BASE_URL
}logout/?post_logout_redirect_uri=${window.location.origin}`;
}
// typed state https://stackoverflow.com/questions/71012513/when-using-pinia-and-typescript-how-do-you-use-an-action-to-set-the-state // typed state https://stackoverflow.com/questions/71012513/when-using-pinia-and-typescript-how-do-you-use-an-action-to-set-the-state
export type AvailableLanguages = "de" | "fr" | "it"; export type AvailableLanguages = "de" | "fr" | "it";

BIN
env_secrets/caprover_dev.env
View File

Binary file not shown.

BIN
env_secrets/caprover_prod.env
View File

Binary file not shown.

BIN
env_secrets/caprover_stage.env
View File

Binary file not shown.

BIN
env_secrets/local_chrigu.env
View File

Binary file not shown.

BIN
env_secrets/prod-azure.json
View File

Binary file not shown.

6
server/config/settings/base.py
View File

@ -555,18 +555,18 @@ OAUTH = {
"authorize_params": IT_OAUTH_AUTHORIZE_PARAMS, "authorize_params": IT_OAUTH_AUTHORIZE_PARAMS,
"access_token_params": IT_OAUTH_AUTHORIZE_PARAMS, "access_token_params": IT_OAUTH_AUTHORIZE_PARAMS,
"api_base_url": env( "api_base_url": env(
"IT_OAUTH_API_BASE_URL", "VITE_OAUTH_API_BASE_URL",
default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/",
), ),
"local_redirect_uri": env( "local_redirect_uri": env(
"IT_OAUTH_LOCAL_DIRECT_URI", default="http://localhost:8000/sso/callback/" "IT_OAUTH_LOCAL_REDIRECT_URI", default="http://localhost:8000/sso/callback/"
), ),
"server_metadata_url": env( "server_metadata_url": env(
"IT_OAUTH_SERVER_METADATA_URL", "IT_OAUTH_SERVER_METADATA_URL",
default="https://sso.test.b.lernetz.host/auth/realms/vbv/.well-known/openid-configuration", default="https://sso.test.b.lernetz.host/auth/realms/vbv/.well-known/openid-configuration",
), ),
"client_kwargs": { "client_kwargs": {
"scope": env("IT_OAUTH_SCOPE", default=""), "scope": env("IT_OAUTH_SCOPE", default="openid email"),
"token_endpoint_auth_method": "client_secret_post", "token_endpoint_auth_method": "client_secret_post",
"token_placement": "body", "token_placement": "body",
}, },