Merge pull request #258 from ursinn/feature/sso/develop

lbr38 · web-flow · commit d93fd9dbb758 · 2025-04-16T15:53:11.000+02:00
Add missing http proxy support for oidc
diff --git a/www/controllers/App/Config/Settings.php b/www/controllers/App/Config/Settings.php
@@ -35,7 +35,7 @@ public static function get()
             /**
              *  Following parameters can be empty (or equal to 0), we don't increment the error counter in their case
              */
-            $ignoreEmptyParam = array('EMAIL_RECIPIENT', 'PROXY', 'RPM_DEFAULT_ARCH', 'DEB_DEFAULT_ARCH', 'DEB_DEFAULT_TRANSLATION', 'REPO_CONF_FILES_PREFIX', 'RETENTION', 'OIDC_PROVIDER_URL', 'OIDC_AUTHORIZATION_ENDPOINT', 'OIDC_TOKEN_ENDPOINT', 'OIDC_USERINFO_ENDPOINT', 'OIDC_SCOPES', 'OIDC_CLIENT_ID', 'OIDC_CLIENT_SECRET');
+            $ignoreEmptyParam = array('EMAIL_RECIPIENT', 'PROXY', 'RPM_DEFAULT_ARCH', 'DEB_DEFAULT_ARCH', 'DEB_DEFAULT_TRANSLATION', 'REPO_CONF_FILES_PREFIX', 'RETENTION', 'OIDC_PROVIDER_URL', 'OIDC_AUTHORIZATION_ENDPOINT', 'OIDC_TOKEN_ENDPOINT', 'OIDC_USERINFO_ENDPOINT', 'OIDC_SCOPES', 'OIDC_CLIENT_ID', 'OIDC_CLIENT_SECRET', 'OIDC_HTTP_PROXY', 'OIDC_CERT_PATH');
 
             if (in_array($key, $ignoreEmptyParam)) {
                 continue;
@@ -499,6 +499,22 @@ public static function get()
                     define('OIDC_GROUP_SUPER_ADMINISTRATOR', 'super-administrator');
                 }
             }
+
+            if (!defined('OIDC_HTTP_PROXY')) {
+                if (!empty($settings['OIDC_HTTP_PROXY'])) {
+                    define('OIDC_HTTP_PROXY', $settings['OIDC_HTTP_PROXY']);
+                } else {
+                    define('OIDC_HTTP_PROXY', '');
+                }
+            }
+
+            if (!defined('OIDC_CERT_PATH')) {
+                if (!empty($settings['OIDC_CERT_PATH'])) {
+                    define('OIDC_CERT_PATH', $settings['OIDC_CERT_PATH']);
+                } else {
+                    define('OIDC_CERT_PATH', '');
+                }
+            }
         }
 
         if (!defined('__LOAD_SETTINGS_ERROR')) {
@@ -604,6 +620,14 @@ public static function getYaml()
             define('OIDC_GROUP_SUPER_ADMINISTRATOR', Common::validateData($appYaml['oidc']['group_super_administrator']));
         }
 
+        if (!defined('OIDC_HTTP_PROXY') and isset($appYaml['oidc']['http_proxy'])) {
+            define('OIDC_HTTP_PROXY', Common::validateData($appYaml['oidc']['http_proxy']));
+        }
+
+        if (!defined('OIDC_CERT_PATH') and isset($appYaml['oidc']['cert_path'])) {
+            define('OIDC_CERT_PATH', Common::validateData($appYaml['oidc']['cert_path']));
+        }
+
         if (!defined('__LOAD_SETTINGS_YAML_ERROR')) {
             define('__LOAD_SETTINGS_YAML_ERROR', $__LOAD_SETTINGS_YAML_ERROR);
         }
diff --git a/www/controllers/Settings.php b/www/controllers/Settings.php
@@ -401,6 +401,16 @@ public function apply(array $sendSettings) : void
             $settingsToApply['OIDC_GROUP_SUPER_ADMINISTRATOR'] = $oidcGroupSuperAdministrator;
         }
 
+        if (!empty($sendSettings['oidcHttpProxy'])) {
+            $oidcHttpProxy = Common::validateData($sendSettings['oidcHttpProxy']);
+            $settingsToApply['OIDC_HTTP_PROXY'] = $oidcHttpProxy;
+        }
+
+        if (!empty($sendSettings['oidcCertPath'])) {
+            $oidcCertPath = Common::validateData($sendSettings['oidcCertPath']);
+            $settingsToApply['OIDC_CERT_PATH'] = $oidcCertPath;
+        }
+
         /**
          *  Write settings to database
          */
diff --git a/www/controllers/User/Login.php b/www/controllers/User/Login.php
@@ -149,6 +149,20 @@ public function ssoLogin(): void
                 $oidc->addScope($scopes);
             }
 
+            /**
+             *  Use OIDC_HTTP_PROXY as httpProxy if defined
+             */
+            if (!empty(OIDC_HTTP_PROXY)) {
+                $oidc->setHttpProxy(OIDC_HTTP_PROXY);
+            }
+
+            /**
+             *  Use OIDC_CERT_PATH as certPath if defined
+             */
+            if (!empty(OIDC_CERT_PATH)) {
+                $oidc->setCertPath(OIDC_CERT_PATH);
+            }
+
             /**
              *  Try to authenticate user
              */
diff --git a/www/models/Connection.php b/www/models/Connection.php
@@ -592,7 +592,9 @@ private function generateMainTables()
         OIDC_EMAIL VARCHAR(255),
         OIDC_GROUPS VARCHAR(255),
         OIDC_GROUP_ADMINISTRATOR VARCHAR(255),
-        OIDC_GROUP_SUPER_ADMINISTRATOR VARCHAR(255))");
+        OIDC_GROUP_SUPER_ADMINISTRATOR VARCHAR(255),
+        OIDC_HTTP_PROXY VARCHAR(255),
+        OIDC_CERT_PATH VARCHAR(255))");
 
         /**
          *  If settings table is empty then populate it
@@ -636,6 +638,8 @@ private function generateMainTables()
             $oidcGroups = defined('OIDC_GROUPS') ? OIDC_GROUPS : 'groups';
             $oidcGroupAdministrator = defined('OIDC_GROUP_ADMINISTRATOR') ? OIDC_GROUP_ADMINISTRATOR : 'administrator';
             $oidcGroupSuperAdministrator = defined('OIDC_GROUP_SUPER_ADMINISTRATOR') ? OIDC_GROUP_SUPER_ADMINISTRATOR : 'super-administrator';
+            $oidcHttpProxy = defined('OIDC_HTTP_PROXY') ? OIDC_HTTP_PROXY : '';
+            $oidcCertPath = defined('OIDC_CERT_PATH') ? OIDC_CERT_PATH : '';
 
             $this->exec("INSERT INTO settings (
                 EMAIL_RECIPIENT,
@@ -682,7 +686,9 @@ private function generateMainTables()
                 OIDC_EMAIL,
                 OIDC_GROUPS,
                 OIDC_GROUP_ADMINISTRATOR,
-                OIDC_GROUP_SUPER_ADMINISTRATOR
+                OIDC_GROUP_SUPER_ADMINISTRATOR,
+                OIDC_HTTP_PROXY,
+                OIDC_CERT_PATH
             )
             VALUES (
                 '',
@@ -729,7 +735,9 @@ private function generateMainTables()
                 '$oidcEmail',
                 '$oidcGroups',
                 '$oidcGroupAdministrator',
-                '$oidcGroupSuperAdministrator'
+                '$oidcGroupSuperAdministrator',
+                '$oidcHttpProxy',
+                '$oidcCertPath'
             )");
         }
 
diff --git a/www/templates/app.yaml b/www/templates/app.yaml
@@ -65,3 +65,11 @@ oidc:
   # Groups value for Super Administrator
   # Default Value: super-administrator
   #group_super_administrator: super-administrator
+
+  # HTTP Proxy
+  # Default Value: not set
+  #http_proxy:
+
+  # Path to cert file
+  # Default Value: not set
+  #cert_path:
diff --git a/www/update/database/4.x.0.php b/www/update/database/4.x.0.php
@@ -0,0 +1,18 @@
+<?php
+/**
+ *  4.x.0 update
+ */
+
+/**
+ *  Add 'OIDC_HTTP_PROXY' column to settings table
+ */
+if (!$this->db->columnExist('settings', 'OIDC_HTTP_PROXY')) {
+    $this->db->exec("ALTER TABLE settings ADD COLUMN OIDC_HTTP_PROXY VARCHAR(255)");
+}
+
+/**
+ *  Add 'OIDC_CERT_PATH' column to settings table
+ */
+if (!$this->db->columnExist('settings', 'OIDC_CERT_PATH')) {
+    $this->db->exec("ALTER TABLE settings ADD COLUMN OIDC_CERT_PATH VARCHAR(255)");
+}
diff --git a/www/views/includes/containers/settings/settings.inc.php b/www/views/includes/containers/settings/settings.inc.php
@@ -493,6 +493,14 @@
                     <!-- <h6>GROUP SUPER ADMINISTRATOR</h6>
                     <p class="note">Groups value for Super Administrator.</p>
                     <input class="settings-param" param-name="oidcGroupSuperAdministrator" type="text" value="<?= OIDC_GROUP_SUPER_ADMINISTRATOR ?>"> -->
+
+                    <h6>HTTP PROXY</h6>
+                    <p class="note">Http proxy.</p>
+                    <input class="settings-param" param-name="oidcHttpProxy" type="text" value="<?= OIDC_HTTP_PROXY ?>">
+
+                    <h6>CERT FILE</h6>
+                    <p class="note">Path to cert file.</p>
+                    <input class="settings-param" param-name="oidcCertPath" type="text" value="<?= OIDC_CERT_PATH ?>">
                     <?php
                 endif; ?>
 
