- Harden hedgedoc config mode
- Enable keycloak authentication on HedgeDoc (and disable user registration)
- Unconfuse variable names in hedgedoc manifest
- Set session secret for hedgedoc
Related to T2951
Paths
| Differential D4994 Authored by olasd on Feb 2 2021, 2:52 PM.
Details
Summary
Related to T2951 Test Plan diff origin/production/bardo.internal.admin.swh.network current/bardo.internal.admin.swh.network ******************************************* File[/opt/hedgedoc/config.json] => parameters => content => @@ -1,5 +1,5 @@ { "production": { - "sessionSecret": "change-this-secret", + "sessionSecret": "hedgedoc::session_secret", "allowAnonymous": true, "allowAnonymousEdit": true, @@ -10,5 +10,16 @@ "allowOrigin": [ "localhost", "hedgedoc.softwareheritage.org"], "email": true, - "allowEmailRegister": true, + "allowEmailRegister": false, + "oauth2": { + "baseURL": "https://auth.softwareheritage.org/", + "userProfileURL": "https://auth.softwareheritage.org/auth/realms/SoftwareHeritage/protocol/openid-connect/userinfo", + "userProfileUsernameAttr": "preferred_username", + "userProfileDisplayNameAttr": "name", + "userProfileEmailAttr": "email", + "tokenURL": "https://auth.softwareheritage.org/auth/realms/SoftwareHeritage/protocol/openid-connect/token", + "authorizationURL": "https://auth.softwareheritage.org/auth/realms/SoftwareHeritage/protocol/openid-connect/auth", + "clientID": "hedgedoc", + "clientSecret": "hedgedoc::keycloak::client::secret" + }, "hsts": { "enable": true, mode => - 0644 + 0600 ******************************************* *** End octocatalog-diff on bardo.internal.admin.swh.network Checked that the new config.json file works on the prod instance 0:-)
Diff Detail
Event Timelineolasd created this revision. Harbormaster completed remote builds in B18953: Diff 17811.Feb 2 2021, 2:52 PM2021-02-02 14:52:16 (UTC+1) Harbormaster completed remote builds in B18954: Diff 17812.Feb 2 2021, 2:56 PM2021-02-02 14:56:08 (UTC+1) olasd edited the test plan for this revision. (Show Details)Feb 2 2021, 2:56 PM2021-02-02 14:56:52 (UTC+1) This revision is now accepted and ready to land.Feb 2 2021, 3:05 PM2021-02-02 15:05:43 (UTC+1) Harbormaster completed remote builds in B18957: Diff 17820.Feb 2 2021, 3:53 PM2021-02-02 15:53:35 (UTC+1) Closed by commit rSPSITEc9c80f291c9e: Harden hedgedoc config mode (authored by olasd). · Explain WhyFeb 2 2021, 3:54 PM2021-02-02 15:54:20 (UTC+1) This revision was automatically updated to reflect the committed changes.
Revision Contents
Diff 17811 data/hostname/bardo.internal.admin.swh.network.yaml
site-modules/profile/manifests/hedgedoc.pp
site-modules/profile/templates/hedgedoc/config.json.erb
|