No OneTemporary
Actions

Authored By

Unknown

Size

8 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/app/Console/Commands/Data/InitCommand.php b/src/app/Console/Commands/Data/InitCommand.php
	index 2cdb4499..31a88e14 100644
	--- a/src/app/Console/Commands/Data/InitCommand.php
	+++ b/src/app/Console/Commands/Data/InitCommand.php
	@@ -1,160 +1,160 @@
	<?php

	namespace App\Console\Commands\Data;

	use App\Console\Command;
	use App\User;
	use Laravel\Passport\Passport;

	class InitCommand extends Command
	{
	/**
	* The name and signature of the console command.
	*
	* @var string
	*/
	protected $signature = 'data:init';

	/**
	* The console command description.
	*
	* @var string
	*/
	protected $description = 'Initialization for some expected db entries. Rerunnable to apply latest config changes.';

	/**
	* Execute the console command.
	*
	* @return mixed
	*/
	public function handle()
	{
	$this->createImapAdmin();
	$this->createNoreplyUser();
	$this->createPassportClients();
	}

	private function createImapAdmin()
	{
	$user = User::where(['email' => \config('services.imap.admin_login')])->first();
	if (!$user) {
	$user = new User();
	$user->email = \config('services.imap.admin_login');
	$user->password = \config('services.imap.admin_password');
	$user->role = User::ROLE_SERVICE;
	} else {
	$user->password = \config('services.imap.admin_password');
	$user->role = User::ROLE_SERVICE;
	}
	$user->save();
	}

	private function createNoreplyUser()
	{
	if (!empty(\config('mail.mailers.smtp.username'))) {
	$user = User::where(['email' => \config('mail.mailers.smtp.username')])->first();
	if (!$user) {
	$user = new User();
	$user->email = \config('mail.mailers.smtp.username');
	$user->password = \config('mail.mailers.smtp.password');
	$user->role = User::ROLE_SERVICE;
	} else {
	$user->password = \config('mail.mailers.smtp.password');
	$user->role = User::ROLE_SERVICE;
	}
	$user->save();
	}
	}

	/**
	* Execute the console command.
	*
	* @return mixed
	*/
	private function createPassportClients()
	{
	$domain = \config('app.website_domain');

	// Create a password grant client for the webapp
	if (
	!empty(\config('auth.proxy.client_secret'))
	&& !Passport::client()->where('id', \config('auth.proxy.client_id'))->exists()
	) {
	$client = Passport::client()->forceFill([
	'user_id' => null,
	'name' => "Kolab Password Grant Client",
	'secret' => \config('auth.proxy.client_secret'),
	'provider' => 'users',
	'redirect' => "https://{$domain}",
	'personal_access_client' => 0,
	'password_client' => 1,
	'revoked' => false,
	]);
	$client->id = \config('auth.proxy.client_id');
	$client->save();
	}

	// Create a client for Webmail SSO
	if (
	!empty(\config('auth.sso.client_secret'))
	&& !Passport::client()->where('id', \config('auth.sso.client_id'))->exists()
	) {
	$client = Passport::client()->forceFill([
	'user_id' => null,
	'name' => 'Webmail SSO client',
	'secret' => \config('auth.sso.client_secret'),
	'provider' => 'users',
	'redirect' => (str_starts_with(\config('app.webmail_url'), 'http') ? '' : 'https://' . $domain)
	. \config('app.webmail_url') . 'index.php/login/oauth',
	'personal_access_client' => 0,
	'password_client' => 0,
	'revoked' => false,
	'allowed_scopes' => ['email', 'auth.token'],
	]);
	$client->id = \config('auth.sso.client_id');
	$client->save();
	}

	// Create a client for synapse oauth
	if (
	!empty(\config('auth.synapse.client_secret'))
	&& !Passport::client()->where('id', \config('auth.synapse.client_id'))->exists()
	) {
	$client = Passport::client()->forceFill([
	'user_id' => null,
	'name' => "Synapse oauth client",
	'secret' => \config('auth.synapse.client_secret'),
	'provider' => 'users',
	'redirect' => "https://{$domain}/_synapse/client/oidc/callback",
	'personal_access_client' => 0,
	'password_client' => 0,
	'revoked' => false,
	'allowed_scopes' => ['email'],
	]);
	$client->id = \config('auth.synapse.client_id');
	$client->save();
	}

	// Inject extra passport clients
	if (!empty(\config('auth.extra_passport_clients'))) {
	foreach (\config('auth.extra_passport_clients') as $clientConfig) {
	if (!Passport::client()->where('id', $clientConfig['id'])->exists()) {
	- \Log::info("Creating client ". $clientConfig['id']);
	+ \Log::info("Creating client " . $clientConfig['id']);
	$client = Passport::client()->forceFill([
	'user_id' => null,
	'name' => $clientConfig['name'],
	'secret' => $clientConfig['secret'],
	'provider' => $clientConfig['provider'],
	'redirect' => $clientConfig['redirect'],
	'personal_access_client' => $clientConfig['personal_access_client'],
	'password_client' => $clientConfig['password_client'],
	'revoked' => $clientConfig['revoked'],
	'allowed_scopes' => $clientConfig['allowed_scopes'],
	]);
	$client->id = $clientConfig['id'];
	$client->save();
	}
	}
	}
	}
	}
	diff --git a/src/config/openid.php b/src/config/openid.php
	index 7141fcc3..fd453a72 100644
	--- a/src/config/openid.php
	+++ b/src/config/openid.php
	@@ -1,75 +1,75 @@
	<?php

	use App\Auth\IdentityRepository;
	use Lcobucci\JWT\Signer\Rsa\Sha256;

	return [
	'passport' => [
	// Place your Passport and OpenID Connect scopes here.
	// To receive an `id_token`, you should at least provide the openid scope.
	'tokens_can' => [
	'openid' => 'Enable OpenID Connect',
	'email' => 'Information about your email address',
	// 'profile' => 'Information about your profile',
	// 'phone' => 'Information about your phone numbers',
	// 'address' => 'Information about your address',
	// 'login' => 'See your login information',
	'auth.token' => 'Kolab authentication token',
	],
	],

	// Place your custom claim sets here.
	'custom_claim_sets' => [
	// 'login' => [
	// 'last-login',
	// ],
	// 'company' => [
	// 'company_name',
	// 'company_address',
	// 'company_phone',
	// 'company_email',
	// ],
	'auth.token' => [
	'auth.token',
	],
	],

	// You can override the repositories below.
	'repositories' => [
	// 'identity' => \OpenIDConnect\Repositories\IdentityRepository::class,
	'identity' => IdentityRepository::class,
	],

	'routes' => [
	// When set to true, this package will expose the OpenID Connect Discovery endpoint.
	// - /.well-known/openid-configuration
	'discovery' => true,

	// When set to true, this package will expose the JSON Web Key Set endpoint.
	'jwks' => true,

	// Optional URL to change the JWKS path to align with your custom Passport routes.
	// Defaults to /oauth/jwks
	'jwks_url' => '/oauth/jwks',
	],

	// Settings for the discovery endpoint
	'discovery' => [
	// Hide scopes that aren't from the OpenID Core spec from the Discovery,
	// default = false (all scopes are listed)
	'hide_scopes' => false,
	],

	// The signer to be used
	'signer' => Sha256::class,

	// Optional associative array that will be used to set headers on the JWT
	'token_headers' => [
	// https://datatracker.ietf.org/doc/html/rfc7517#section-4.5
	// This should be optional according to rfc, but is required by the nextcloud user_oidc plugin.
	- 'kid' => 'key1'
	+ 'kid' => 'key1',
	],

	// By default, microseconds are included.
	'use_microseconds' => true,
	];

File Metadata

Mime Type: text/x-diff
Expires: Fri, Apr 24, 2:07 PM (1 w, 2 d ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18895307
Default Alt Text: (8 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions