nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-03-11 09:04:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

calibre: Use OpenID Connect instead of pubtkt based SSO

Browse Source 
Tests:

- Functional tests work.

- Admin user is able to access the application

- User belonging to special group is able to access the application

- Regular user is not able to access the application

- Anonymous user is not able to access the application

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Sunil Mohan Adapa 2025-11-24 08:56:27 -08:00 committed by James Valleroy
parent 3c1d801e15
commit 4ab2007c99
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
plinth/modules/calibre/data/usr/share/freedombox/etc/apache2/conf-available/calibre-freedombox.conf
View File

@ -3,8 +3,13 @@
##
<Location /calibre>
ProxyPass http://localhost:8844/calibre
Include includes/freedombox-single-sign-on.conf
<IfModule mod_auth_pubtkt.c>
TKTAuthToken "admin" "calibre"
</IfModule>
Use AuthOpenIDConnect
Use RequireGroup calibre
# Calibre has a bug where an empty value for a HTTP header is treated as
# invalid. OIDC_CLAIM_email can be empty and this causes Calibre to error
# out. So, try to pass all the OpenID Connect user information and claims as
# headers that can't have an empty value.
OIDCPassIDTokenAs "serialized"
OIDCPassUserInfoAs "json"
</Location>