Cleanup oauth env variables

2023-06-01 22:44:42 +02:00 · 2023-06-01 22:44:42 +02:00 · a67a06d69b
parent 6ab8be4e58
commit a67a06d69b
9 changed files with 16 additions and 10 deletions
--- a/caprover_create_app.py
+++ b/caprover_create_app.py
@ -72,12 +72,7 @@ def main(app_name, image_name, environment_file):
        image_name=image_name,
        container_http_port=7555,
        environment_variables={
-            # 'DJANGO_SETTINGS_MODULE': 'config.settings.base',
            "VITE_APP_ENVIRONMENT": env.str("VITE_APP_ENVIRONMENT", "dev-feature"),
-            "VITE_LOGOUT_REDIRECT": env.str(
-                "VITE_LOGOUT_REDIRECT",
-                "https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://vbv-lernwelt.control.iterativ.ch",
-            ),
            "IT_DEFAULT_ADMIN_PASSWORD": env.str("fWwoQzreIS5uztLOyF8jJpS9M"),
            "POSTGRES_HOST": f"srv-captain--{app_name}-postgres",
            "POSTGRES_PORT": 5432,
--- a/caprover_deploy.sh
+++ b/caprover_deploy.sh
@ -27,12 +27,15 @@ APP_NAME=${1:-$(generate_default_app_name)}

 if [[ "$APP_NAME" == "myvbv" ]]; then
    VITE_LOGOUT_REDIRECT="https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://myvbv.iterativ.ch/"
+                          https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/B2C_1_SignUpAndSignIn_v3/oauth2/v2.0/
    VITE_SENTRY_ENV="production"
 elif [[ "$APP_NAME" == "myvbv-stage" ]]; then
    VITE_LOGOUT_REDIRECT="https://vbvtst.b2clogin.com/vbvtst.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://myvbv-stage.iterativ.ch/"
+                          https://vbvtst.b2clogin.com/vbvtst.onmicrosoft.com/B2C_1_SignUpAndSignIn_v3/oauth2/v2.0/
    VITE_SENTRY_ENV="stage"
 elif [[ "$APP_NAME" == "vbv-lernwelt" ]]; then
-    VITE_LOGOUT_REDIRECT="https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://vbv-lernwelt.control.iterativ.ch"
+    VITE_OAUTH_API_BASE_URL=  https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/B2C_1_SignUpAndSignIn_v3/oauth2/v2.0/
+    VITE_LOGOUT_REDIRECT="    https://vbvdev.b2clogin.com/vbvdev.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://vbv-lernwelt.control.iterativ.ch"
    VITE_SENTRY_ENV="development"
 elif [[ "$APP_NAME" == "prod-azure" ]]; then
    VITE_LOGOUT_REDIRECT="https://edumgr.b2clogin.com/edumgr.onmicrosoft.com/b2c_1_signupandsignin/oauth2/v2.0/logout/?post_logout_redirect_uri=https://my.vbv-afa.ch/"
--- a/client/src/stores/user.ts
+++ b/client/src/stores/user.ts
@ -5,7 +5,15 @@ import { loadLocaleMessages, setI18nLanguage } from "@/i18n";
 import dayjs from "dayjs";
 import { defineStore } from "pinia";

-const logoutRedirectUrl = import.meta.env.VITE_LOGOUT_REDIRECT || "/";
+let logoutRedirectUrl = import.meta.env.VITE_LOGOUT_REDIRECT || "/";
+
+// TODO: check if user logged in with SSO or login-local
+if (import.meta.env.VITE_OAUTH_API_BASE_URL) {
+  logoutRedirectUrl = `${
+    import.meta.env.VITE_OAUTH_API_BASE_URL
+  }logout/?post_logout_redirect_uri=${window.location.origin}`;
+}
+
 // typed state https://stackoverflow.com/questions/71012513/when-using-pinia-and-typescript-how-do-you-use-an-action-to-set-the-state

 export type AvailableLanguages = "de" | "fr" | "it";
--- a/env_secrets/caprover_dev.env
+++ b/env_secrets/caprover_dev.env
--- a/env_secrets/caprover_prod.env
+++ b/env_secrets/caprover_prod.env
--- a/env_secrets/caprover_stage.env
+++ b/env_secrets/caprover_stage.env
--- a/env_secrets/local_chrigu.env
+++ b/env_secrets/local_chrigu.env
--- a/env_secrets/prod-azure.json
+++ b/env_secrets/prod-azure.json
--- a/server/config/settings/base.py
+++ b/server/config/settings/base.py
@ -555,18 +555,18 @@ OAUTH = {
    "authorize_params": IT_OAUTH_AUTHORIZE_PARAMS,
    "access_token_params": IT_OAUTH_AUTHORIZE_PARAMS,
    "api_base_url": env(
-        "IT_OAUTH_API_BASE_URL",
+        "VITE_OAUTH_API_BASE_URL",
        default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/",
    ),
    "local_redirect_uri": env(
-        "IT_OAUTH_LOCAL_DIRECT_URI", default="http://localhost:8000/sso/callback/"
+        "IT_OAUTH_LOCAL_REDIRECT_URI", default="http://localhost:8000/sso/callback/"
    ),
    "server_metadata_url": env(
        "IT_OAUTH_SERVER_METADATA_URL",
        default="https://sso.test.b.lernetz.host/auth/realms/vbv/.well-known/openid-configuration",
    ),
    "client_kwargs": {
-        "scope": env("IT_OAUTH_SCOPE", default=""),
+        "scope": env("IT_OAUTH_SCOPE", default="openid email"),
        "token_endpoint_auth_method": "client_secret_post",
        "token_placement": "body",
    },