From e7082c409d95981a921a88f6989ae573496ff841 Mon Sep 17 00:00:00 2001 From: Ilja Neumann Date: Wed, 19 Feb 2020 15:06:24 +0100 Subject: [PATCH] Add disable-identifier-webapp option #25 Allows to use a different identifier-client, for example one served from elsewhere. --- bootstrap/bootstrap.go | 3 +++ bootstrap/kc.go | 1 + bootstrap/ldap.go | 1 + cmd/konnectd/serve.go | 1 + identifier/config.go | 1 + identifier/identifier.go | 23 ++++++++++++++--------- 6 files changed, 21 insertions(+), 9 deletions(-) diff --git a/bootstrap/bootstrap.go b/bootstrap/bootstrap.go index 6daf550..dd10b71 100644 --- a/bootstrap/bootstrap.go +++ b/bootstrap/bootstrap.go @@ -83,6 +83,7 @@ type Config struct { IdentifierClientPath string IdentifierRegistrationConf string IdentifierScopesConf string + IdentifierWebAppDisabled bool SigningKid string SigningMethod string SigningPrivateKeyFiles []string @@ -109,6 +110,7 @@ type bootstrap struct { issuerIdentifierURI *url.URL identifierClientPath string + identifierWebAppDisabled bool identifierRegistrationConf string identifierAuthoritiesConf string identifierScopesConf string @@ -271,6 +273,7 @@ func (bs *bootstrap) initialize(cfg *Config) error { bs.cfg.ListenAddr = cfg.Listen bs.identifierClientPath = cfg.IdentifierClientPath + bs.identifierWebAppDisabled = cfg.IdentifierWebAppDisabled bs.identifierRegistrationConf = cfg.IdentifierRegistrationConf if bs.identifierRegistrationConf != "" { diff --git a/bootstrap/kc.go b/bootstrap/kc.go index df3fb60..67890bb 100644 --- a/bootstrap/kc.go +++ b/bootstrap/kc.go @@ -132,6 +132,7 @@ func newKCIdentityManager(bs *bootstrap) (identity.Manager, error) { StaticFolder: bs.identifierClientPath, LogonCookieName: "__Secure-KKT", // Kopano-Konnect-Token ScopesConf: bs.identifierScopesConf, + WebAppDisabled: bs.identifierWebAppDisabled, AuthorizationEndpointURI: fullAuthorizationEndpointURL, diff --git a/bootstrap/ldap.go b/bootstrap/ldap.go index 07cefe3..c99b077 100644 --- a/bootstrap/ldap.go +++ b/bootstrap/ldap.go @@ -96,6 +96,7 @@ func newLDAPIdentityManager(bs *bootstrap) (identity.Manager, error) { StaticFolder: bs.identifierClientPath, LogonCookieName: "__Secure-KKT", // Kopano-Konnect-Token ScopesConf: bs.identifierScopesConf, + WebAppDisabled: bs.identifierWebAppDisabled, AuthorizationEndpointURI: fullAuthorizationEndpointURL, diff --git a/cmd/konnectd/serve.go b/cmd/konnectd/serve.go index b15824d..e81b586 100644 --- a/cmd/konnectd/serve.go +++ b/cmd/konnectd/serve.go @@ -85,6 +85,7 @@ func commandServe() *cobra.Command { serveCmd.Flags().StringVar(&cfg.AuthorizationEndpointURI, "authorization-endpoint-uri", "", "Custom authorization endpoint URI") serveCmd.Flags().StringVar(&cfg.EndsessionEndpointURI, "endsession-endpoint-uri", "", "Custom endsession endpoint URI") serveCmd.Flags().StringVar(&cfg.IdentifierClientPath, "identifier-client-path", envOrDefault("KONNECTD_IDENTIFIER_CLIENT_PATH", defaultIdentifierClientPath), fmt.Sprintf("Path to the identifier web client base folder (default \"%s\")", defaultIdentifierClientPath)) + serveCmd.Flags().BoolVar(&cfg.IdentifierWebAppDisabled, "disable-identifier-webapp", false, "Disable the identifier webapp if you want to use a different web-interface.") serveCmd.Flags().StringVar(&cfg.IdentifierRegistrationConf, "identifier-registration-conf", "", "Path to a identifier-registration.yaml configuration file") serveCmd.Flags().StringVar(&cfg.IdentifierScopesConf, "identifier-scopes-conf", "", "Path to a scopes.yaml configuration file") serveCmd.Flags().BoolVar(&cfg.Insecure, "insecure", false, "Disable TLS certificate and hostname validation") diff --git a/identifier/config.go b/identifier/config.go index e0ea946..3565ce4 100644 --- a/identifier/config.go +++ b/identifier/config.go @@ -33,6 +33,7 @@ type Config struct { StaticFolder string LogonCookieName string ScopesConf string + WebAppDisabled bool AuthorizationEndpointURI *url.URL diff --git a/identifier/identifier.go b/identifier/identifier.go index bf32fce..a8fb28d 100644 --- a/identifier/identifier.go +++ b/identifier/identifier.go @@ -83,20 +83,24 @@ type Identifier struct { // NewIdentifier returns a new Identifier. func NewIdentifier(c *Config) (*Identifier, error) { staticFolder := c.StaticFolder - webappIndexHTMLFilename := staticFolder + "/index.html" - if _, err := os.Stat(webappIndexHTMLFilename); os.IsNotExist(err) { - return nil, fmt.Errorf("identifier static client files: %v", err) - } - webappIndexHTML, err := ioutil.ReadFile(webappIndexHTMLFilename) - if err != nil { - return nil, fmt.Errorf("identifier failed to read client index.html: %v", err) + var webappIndexHTML = make([]byte, 0) + + if !c.WebAppDisabled { + webappIndexHTMLFilename := staticFolder + "/index.html" + if _, err := os.Stat(webappIndexHTMLFilename); os.IsNotExist(err) { + return nil, fmt.Errorf("identifier static client files: %v", err) + } + webappIndexHTML, err := ioutil.ReadFile(webappIndexHTMLFilename) + if err != nil { + return nil, fmt.Errorf("identifier failed to read client index.html: %v", err) + } + + webappIndexHTML = bytes.Replace(webappIndexHTML, []byte("__PATH_PREFIX__"), []byte(c.PathPrefix), 1) } oauth2CbEndpointURI, _ := url.Parse(c.BaseURI.String()) oauth2CbEndpointURI.Path = c.PathPrefix + "/identifier/oauth2/cb" - webappIndexHTML = bytes.Replace(webappIndexHTML, []byte("__PATH_PREFIX__"), []byte(c.PathPrefix), 1) - i := &Identifier{ Config: c, @@ -118,6 +122,7 @@ func NewIdentifier(c *Config) (*Identifier, error) { logger: c.Config.Logger, } + var err error i.meta = &meta.Meta{} i.meta.Scopes, err = scopes.NewScopesFromFile(i.scopesConf, i.logger) if err != nil {