- 08 Feb, 2022 1 commit
-
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 28 Jan, 2022 5 commits
-
-
Andrej Shadura authored
The fixup is no longer needed: $ docker run -it debian:stretch-slim /bin/bash root@35839f6c2f2c:/# egrep '^deb.*stretch|stable' /etc/apt/sources.list deb http://deb.debian.org/debian stretch main deb http://security.debian.org/debian-security stretch/updates main deb http://deb.debian.org/debian stretch-updates main Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
This Docker image installs obs-build from packages and everything else directly from the sources. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 21 Jan, 2022 1 commit
-
-
Andrej Shadura authored
An empty hash can be iterated, but a false value (unset) cannot be. Even though we no longer iterate this hash in the initialiser, we do so elsewhere in the code. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 02 Dec, 2021 4 commits
-
-
Andrej Shadura authored
Rename the SSO config example into .example, add guard conditions to not fail on missing or empty file. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 01 Dec, 2021 3 commits
-
-
Andrej Shadura authored
A front-end is what it really is, and it’s also the name the upstream uses for their container. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
When the container is deployed, it will have a real HTTP server in front of it, so there is no need to have Apache and TLS inside. Since Passenger (at least of the version in Debian stretch) cannot be easily used without Apache, use the standard solution for such cases which is Puma, and expose OBS_FRONTEND_WORKERS (default: 4) to allow scaling it. Drop no longer necessary supervisord. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 23 Nov, 2021 2 commits
-
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
There’s no need to keep the database inside when it can be a separate container. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 22 Nov, 2021 2 commits
-
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
When logging in with e.g. OpenID Connect/Azure, two email addresses may be provided, one in "email" field and another in "username" or "nickname". Since this is exactly the opposite of what the separate Azure backend does, migration from Azure to OpenID Connect/Azure needs to try both emails which may be different. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 30 Sep, 2021 1 commit
-
-
Andrej Shadura authored
Add omniauth_openid_connect and other related gems in order to support OpenID Connect in OmniAuth. This version of omniauth_openid_connect is the oldest version available supporting Debiab stretch with upstream fixes backported. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 29 Jun, 2021 21 commits
-
-
Andrej Shadura authored
Add a new "hash type" for invalid passwords, which is never equal to normal passwords, but nevertheless can be changed without being known by the user. This "invalid" password can only be set by directly setting the password hash type. When updating the password using update_password method, it will always be upgrade it to the strongest hash type, sha256crypt. To allow changing this "invalid" password to a normal one, stop requiring a non-empty current password in the password change dialog when changing a password from an "invalid" one. Don’t show the current password box either, as it is not used anyway in this case, making it better not to show it to avoid confusion. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Mark-passwords-for-SSO-only-users-as-invalid-to-allow-cha.patch
-
Andrej Shadura authored
Backports of upstream commits 5524ffcc and 362bdc3a moved some validation code into a validate method which was never called. A simple fix makes this code run again. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic backports Gbp-Pq: Name Unbreak-the-validators.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Allow-passing-SSO-auth-configuration-as-a-secret.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora Gbp-Pq: Name Allow-changing-the-session-lifetime.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora Gbp-Pq: Name Install-and-configure-mstmp.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora Gbp-Pq: Name Clean-up-stale-pid-files-on-start.patch
-
Andrej Shadura authored
Some providers set username or nickname to an email address. For this reason, first collect the best possible user name we can find, and only then fix it to match our requirements. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Try-harder-to-derive-the-username-from-email-addresses.patch
-
Andrej Shadura authored
The generator requires Python 3 and pyyaml Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Generate-the-SSO-config-from-the-environment-variables.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Move-Docker-related-files-under-docker.patch
-
Andrej Shadura authored
Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Split-docker-entrypoint.sh-into-three-separate-files.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Preinstall-gems-for-Azure-OAuth2.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Build-Docker-images-in-GitLab-CI.patch
-
Andrej Shadura authored
Create a Docker image with a Debian package built from the current Git source. This eliminates an extra round trip with a manual upload to OBS and the package getting published and fetched from apt repos. Unfortunately, doing this in a way compatible with what was previously done requires some non-trivial hacks. Since we want fairly recent OmniAuth gems, we install them from external sources directly into the resulting Docker image. ruby-faraday is used by the OAuth2 auth backend, but new versions require newer Ruby than what stretch has, so we preinstall it from packages to avoid pinning it. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Build-a-Docker-image-with-the-Web-UI-only.patch
-
Andrej Shadura authored
OmniAuth 2.x breaks CSRF, needs more investigation. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Limit-OmniAuth-to-1.x-only.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Implement-login-flow.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Add-SSO-callback-to-allow-existing-users-log-in-with-an-e.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name user-model-add-find_with_omniauth-create_with_omniauth.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Rename-create_ldap_user-to-create_external_user.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Add-SSO-buttons-to-the-normal-login-page.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Add-a-link-to-the-SSO-login-to-the-dropdown-login-box.patch
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk> Gbp-Pq: Topic collabora/sso Gbp-Pq: Name Add-an-SSO-login-page-so-that-users-can-choose-between-pr.patch
-