Support openid authentication
Whether to thwart spam or to make more private pads add support for very simple auth mechanism using mod_auth_openid. Change-Id: Ife0daf670a20afde46516c60f877e1da8026758a
This commit is contained in:
Clark Boylan
parent
cbe2ba8724
commit
9816851524
@ -10,6 +10,21 @@ class etherpad_lite::apache (
|
|||||||
$ssl_key_file = '',
|
$ssl_key_file = '',
|
||||||
$ssl_key_file_contents = '', # If left empty puppet will not create file.
|
$ssl_key_file_contents = '', # If left empty puppet will not create file.
|
||||||
$vhost_name = $::fqdn,
|
$vhost_name = $::fqdn,
|
||||||
|
# Table containing openid auth details. If undef not enabled
|
||||||
|
# Example dict:
|
||||||
|
# {
|
||||||
|
# banner => "Welcome",
|
||||||
|
# singleIdp => "https://openstackid.org",
|
||||||
|
# trusted => '^https://openstackid.org/.*$',
|
||||||
|
# any_valid_user => false,
|
||||||
|
# users => ['https://openstackid.org/foo',
|
||||||
|
# 'https://openstackid.org/bar'],
|
||||||
|
# }
|
||||||
|
# Note that if you care which users get access set any_valid_user to false
|
||||||
|
# and then provide an explicit list of openids in the users list. Otherwise
|
||||||
|
# set any_valid_user to true and any successfully authenticated user will
|
||||||
|
# get access.
|
||||||
|
$auth_openid = undef,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
package { 'ssl-cert':
|
package { 'ssl-cert':
|
||||||
@ -40,6 +55,19 @@ class etherpad_lite::apache (
|
|||||||
ensure => present,
|
ensure => present,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if ($auth_openid != undef) {
|
||||||
|
if !defined(Package['libapache2-mod-auth-openid']) {
|
||||||
|
package { 'libapache2-mod-auth-openid':
|
||||||
|
ensure => present,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if !defined(Mod['auth_openid']) {
|
||||||
|
httpd::mod { 'auth_openid':
|
||||||
|
ensure => present,
|
||||||
|
require => Package['libapache2-mod-auth-openid'],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
file { '/etc/apache2':
|
file { '/etc/apache2':
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
|
|||||||
@ -38,6 +38,26 @@
|
|||||||
# MSIE 7 and newer should be able to use keepalive
|
# MSIE 7 and newer should be able to use keepalive
|
||||||
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
||||||
|
|
||||||
|
<% if @auth_openid != nil %>
|
||||||
|
<Location /p/>
|
||||||
|
AuthType OpenID
|
||||||
|
AuthName "<%= @auth_openid['banner'] %>"
|
||||||
|
AuthOpenIDSecureCookie On
|
||||||
|
AuthOpenIDCookieLifespan 3600
|
||||||
|
AuthOpenIDTrustRoot <%= @vhost_name %>
|
||||||
|
AuthOpenIDServerName <%= @vhost_name %>
|
||||||
|
AuthOpenIDSingleIdP <%= @auth_openid['singleIdp'] %>
|
||||||
|
AuthOpenIDTrusted <%= @auth_openid['trusted'] %>
|
||||||
|
<% if @auth_openid['any_valid_user'] %>
|
||||||
|
Require valid-user
|
||||||
|
<% elsif !@auth_openid['users'].empty? %>
|
||||||
|
<% @auth_openid['users'].each do |user| -%>
|
||||||
|
Require user <%= user %>
|
||||||
|
<% end -%>
|
||||||
|
<% end %>
|
||||||
|
</Location>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
<IfModule mod_proxy.c>
|
<IfModule mod_proxy.c>
|
||||||
# The following redirects "nice" urls such as https://etherpad.example.org/padname
|
# The following redirects "nice" urls such as https://etherpad.example.org/padname
|
||||||
# to https://etherpad.example.org/p/padname. It was problematic directly
|
# to https://etherpad.example.org/p/padname. It was problematic directly
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user