- Use the excellent Apache module auth_openidc.
- Implement macros that can be easily used to configure OpenID Connect.
Tests:
- Accessing /freedombox/apache/discover-idp/ shows
- 'method' other than 'get' throw a 'bad request' error
- oidc_callback should match host. Otherwise 'bad request' error is raised.
- Mismatched host header is not allowed
- Invalid domain setup is not allowed
- target_link_uri is returned as is
- method is returned as is and only 'get' is allowed.
- x_csrf is returned as is
- oidc_scopes is returned as 'email freedombox_groups'
- HTTP request is answered and not redirected to https
- When logging in with OIDC, authorization is skipped. When authorization is
shown, it is shown as 'Web app protected by FreedomBox'.
- libapache2-mod-auth-openidc is added a dependency for freedombox package. It
is installable in stable, testing, and unstable distributions.
- On applying patches, Apache setup configuration is run and OpenIDC component
is created.
- When patches are applied and setup install is run, auth_openidc module,
10-freedombox, freedombox-openidc config is enabled in Apache.
- When setup is rerun, passphrase is not changed
- metadata directory and parent are created when apache setup is run. Mode is
0o700 and ownership is www-data.
- freedombox-openidc is created when apache setup is run and has 0o700
permissions.
- Metadata directory will contain the client id and client passphrase when
discovery happens for a particular domain.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Try to mark class variables in component classes.
- Leave typing hints generic, such as 'list' and 'dict' where content is usually
not filled, too complex, or context is unimportant.
- backups: Handle failure for tarfile extraction so that methods are not called
on potentially None valued variables.
- backups: Prevent potentially passing a keyword argument twice.
- dynamicdns: Deal properly with outcome of urlparsing.
- ejabberd: Deal with failed regex match
- email: Fix a mypy compliant when iterating a filtered list.
- tor: Don't reuse variables for different typed values.
- tor: Don't reuse variables for different typed values.
- operation: Return None explicitly.
- operation: Ensure that keyword argument is not repeated.
Tests:
- Where only typing hints were modified and no syntax error came up, additional
testing was not done.
- `mypy --ignore-missing-imports .` run successfully.
- Generate developer documentation.
- Service runs without errors upon start up.
- backups: Listing and restoring specific apps from a backup works.
- backups: Mounting a remote backup repository works.
- NOT TESTED: dynamicdns: Migrating from old style configuration works.
- ejabberd: Verify that setting coturn configuration works.
- email: Test that showing configuration from postfix works.
- tor: Orport value is properly shown.
- transmission: Configuration values are properly set.
- users: Running unit tests as root works.
- operation: Operation status messages are show properly during app install.
- ./setup.py install runs
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
