mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-03-11 09:04:54 +00:00
64f1a1c918
- Use the excellent Apache module auth_openidc. - Implement macros that can be easily used to configure OpenID Connect. Tests: - Accessing /freedombox/apache/discover-idp/ shows - 'method' other than 'get' throw a 'bad request' error - oidc_callback should match host. Otherwise 'bad request' error is raised. - Mismatched host header is not allowed - Invalid domain setup is not allowed - target_link_uri is returned as is - method is returned as is and only 'get' is allowed. - x_csrf is returned as is - oidc_scopes is returned as 'email freedombox_groups' - HTTP request is answered and not redirected to https - When logging in with OIDC, authorization is skipped. When authorization is shown, it is shown as 'Web app protected by FreedomBox'. - libapache2-mod-auth-openidc is added a dependency for freedombox package. It is installable in stable, testing, and unstable distributions. - On applying patches, Apache setup configuration is run and OpenIDC component is created. - When patches are applied and setup install is run, auth_openidc module, 10-freedombox, freedombox-openidc config is enabled in Apache. - When setup is rerun, passphrase is not changed - metadata directory and parent are created when apache setup is run. Mode is 0o700 and ownership is www-data. - freedombox-openidc is created when apache setup is run and has 0o700 permissions. - Metadata directory will contain the client id and client passphrase when discovery happens for a particular domain. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>