OIDC auth implemented, tests updated

2024-06-06 15:56:06 +04:00
parent b5a542e2b1
commit b6945531b8
5 changed files with 92 additions and 28 deletions
--- a/start.sh
+++ b/start.sh
@@ -52,20 +52,29 @@ xmlstarlet ed --inplace \
 # origin
 xmlstarlet ed --inplace --update '//properties/entry[@key="web.url"]' -v "${CLOUDRON_APP_ORIGIN}" /app/data/traccar.xml

-# ldap
-if [[ -n "${CLOUDRON_LDAP_URL:-}" ]]; then
-    echo "=> Ensure LDAP settings"
+# get rid of ldap, can be removed in the next release
+sed -e 's/ldap.url/openid.clientId/g' \
+    -e 's/ldap.base/openid.clientSecret/g' \
+    -e 's/ldap.idAttribute/openid.issuerUrl/g' \
+    -e 's/ldap.searchFilter/openid.authUrl/g' \
+    -e 's/ldap.user/openid.tokenUrl/g' \
+    -e 's/ldap.password/openid.userInfoUrl/g' \
+    -e 's/^.*ldap\..*$//g' \
+    -i /app/data/traccar.xml
+
+# OIDC
+if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+    echo "=> Ensure OIDC settings"
    xmlstarlet ed --inplace \
-        --update '//properties/entry[@key="ldap.enable"]' -v "true" \
-        --update '//properties/entry[@key="ldap.url"]' -v "${CLOUDRON_LDAP_URL}" \
-        --update '//properties/entry[@key="ldap.base"]' -v "${CLOUDRON_LDAP_USERS_BASE_DN}" \
-        --update '//properties/entry[@key="ldap.idAttribute"]' -v "username" \
-        --update '//properties/entry[@key="ldap.searchFilter"]' -v '(|(username=:login)(mail=:login))' \
-        --update '//properties/entry[@key="ldap.user"]' -v "${CLOUDRON_LDAP_BIND_DN}" \
-        --update '//properties/entry[@key="ldap.password"]' -v "${CLOUDRON_LDAP_BIND_PASSWORD}" \
+        --update '//properties/entry[@key="openid.clientId"]' -v "${CLOUDRON_OIDC_CLIENT_ID}" \
+        --update '//properties/entry[@key="openid.clientSecret"]' -v "${CLOUDRON_OIDC_CLIENT_SECRET}" \
+        --update '//properties/entry[@key="openid.issuerUrl"]' -v "${CLOUDRON_OIDC_ISSUER}" \
+        --update '//properties/entry[@key="openid.authUrl"]' -v "${CLOUDRON_OIDC_AUTH_ENDPOINT}" \
+        --update '//properties/entry[@key="openid.tokenUrl"]' -v "${CLOUDRON_OIDC_TOKEN_ENDPOINT}" \
+        --update '//properties/entry[@key="openid.userInfoUrl"]' -v "${CLOUDRON_OIDC_PROFILE_ENDPOINT}" \
        /app/data/traccar.xml
 else
-    xmlstarlet ed --inplace --update '//properties/entry[@key="ldap.enable"]' -v "false" /app/data/traccar.xml
+    sed -e 's/^.*openid\..*$//g' -i /app/data/traccar.xml
 fi

 # email