only activate github auth if no other is active

This commit is contained in:
phaer 2023-10-26 13:01:08 +02:00 committed by Mic92
parent 10db40a5a8
commit eac9acc041

View file

@ -761,20 +761,6 @@ class NixConfigurator(ConfiguratorBase):
config["secretsProviders"] = config.get("secretsProviders", []) config["secretsProviders"] = config.get("secretsProviders", [])
config["secretsProviders"].append(systemd_secrets) config["secretsProviders"].append(systemd_secrets)
config["www"] = config.get("www", {}) config["www"] = config.get("www", {})
config["www"]["avatar_methods"] = config["www"].get("avatar_methods", [])
config["www"]["avatar_methods"].append(util.AvatarGitHub())
config["www"]["auth"] = util.GitHubAuth(
self.github.oauth_id, read_secret_file(self.github.oauth_secret_name)
)
config["www"]["authz"] = util.Authz(
roleMatchers=[
util.RolesFromUsername(roles=["admin"], usernames=self.github.admins)
],
allowRules=[
util.AnyEndpointMatcher(role="admin", defaultDeny=False),
util.AnyControlEndpointMatcher(role="admins"),
],
)
config["www"]["change_hook_dialects"] = config["www"].get( config["www"]["change_hook_dialects"] = config["www"].get(
"change_hook_dialects", {} "change_hook_dialects", {}
) )
@ -784,3 +770,19 @@ class NixConfigurator(ConfiguratorBase):
"token": self.github.token(), "token": self.github.token(),
"github_property_whitelist": "*", "github_property_whitelist": "*",
} }
if not config["www"].get("auth"):
config["www"]["avatar_methods"] = config["www"].get("avatar_methods", [])
config["www"]["avatar_methods"].append(util.AvatarGitHub())
config["www"]["auth"] = util.GitHubAuth(
self.github.oauth_id, read_secret_file(self.github.oauth_secret_name)
)
config["www"]["authz"] = util.Authz(
roleMatchers=[
util.RolesFromUsername(roles=["admin"], usernames=self.github.admins)
],
allowRules=[
util.AnyEndpointMatcher(role="admin", defaultDeny=False),
util.AnyControlEndpointMatcher(role="admins"),
],
)