Commit 975d1f96 authored by Lars Kruse's avatar Lars Kruse
Browse files

feat(matrix_chat): remove references to django-cas-server

The [django-cas-server](https://github.com/nitmir/django-cas-server/)
works nicely as a single-sign-on session provider, but since its session
is not related to the grouprise session (in the same Django
application), it requires an additional login activity (see
[django-cas-server#70](https://github.com/nitmir/django-cas-server/issues/70)).

Thus we stick with the (local-only) grouprise authentication module for
matrix-synapse for now.
In the future we may want to explore the possibility of using an OIDC
provider module, which is tied to our grouprise session.
parent ddc3bcfb
......@@ -160,8 +160,6 @@ Depends:
jq,
matrix-synapse,
moreutils,
# the package shipped in Buster does not support Django 2.0 or newer
python3-django-cas-server (>= 1.2),
# this package is not shipped in buster or buster-backports ("bullseye" is necessary)
python3-matrix-nio,
Description: Matrix integration for grouprise platform
......
......@@ -3,17 +3,8 @@
enable_registration: false
#cas_config:
# enabled: true
# server_url: "https://example.org/cas"
# service_url: "https://example.org:8448"
#
#sso:
# client_whitelist:
# - "https://example.org/stadt/chat/"
password_config:
enabled: false
enabled: true
password_providers:
- module: "grouprise.auth.matrix_synapse_auth_grouprise.GroupriseAuthProvider"
......
......@@ -99,9 +99,9 @@ configure_grouprise_element() {
configure_grouprise() {
# the file may not be empty, otherwise "sed '$afoo'" would not do anything (lacking a line)
[ -s "$GROUPRISE_CONFIG_FILE" ] || echo "$GROUPRISE_CONFIG_FILE"
if ! grep -q "cas_server" "$GROUPRISE_CONFIG_FILE"; then
if ! grep -q "matrix_chat" "$GROUPRISE_CONFIG_FILE"; then
# shellcheck disable=SC2016
sed -i '$aINSTALLED_APPS.extend(["cas_server", "grouprise.features.matrix_chat"])' "$GROUPRISE_CONFIG_FILE"
sed -i '$aINSTALLED_APPS.append("grouprise.features.matrix_chat")' "$GROUPRISE_CONFIG_FILE"
fi
if ! grep -q "MATRIX_CHAT" "$GROUPRISE_CONFIG_FILE"; then
# shellcheck disable=SC2016
......@@ -114,7 +114,6 @@ if [ "$1" = "configure" ]; then
configure_grouprise_matrix
configure_grouprise_element
configure_grouprise
grouprisectl matrix_chat_authentication add grouprise-matrix
fi
set +eu
......
#!/bin/sh
set -eu
if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then
grouprisectl grouprisectl matrix_chat_authentication remove grouprise-matrix || true
fi
set +eu
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
......@@ -43,9 +43,6 @@ packages with proper security support.
1. add the `buster-backports` repository to your apt sources file
(for the `matrix-synapse` package)
1. install `python3-django-cas-server` from the Debian *testing* repository
The required version of `python3-django-cas-server` will be part of the *Debian Bullseye* in 2021.
Hint: do not forget to remove the *testing* repository from your sources list afterwards.
1. install the matrix integration package for grouprise: `apt install grouprise-matrix`
1. answer the configuration questions during package installation:
* matrix-synapse:
......
import sys
from django.contrib.sites.models import Site
from django.core.management.base import BaseCommand
import cas_server.models as models
class Command(BaseCommand):
args = ""
help = "Enable or disable CAS authentication for the attached matrix server"
def add_arguments(self, parser):
default_app_url = "https://{}:8448/".format(Site.objects.get_current().domain)
parser.add_argument("action", choices=("add", "remove"))
parser.add_argument("label", type=str)
parser.add_argument("--app-url", type=str, default=default_app_url)
def get_cas_service_pattern(self, label):
patterns = models.ServicePattern.objects.filter(name=label)
try:
return patterns[0]
except IndexError:
return None
def handle(self, *args, **options):
action = options["action"]
label = options["label"]
app_url = options["app_url"]
if action == "add":
existing = self.get_cas_service_pattern(label)
if existing is None:
new_obj = models.ServicePattern(pattern=app_url, name=label)
new_obj.save()
self.stdout.write(
self.style.SUCCESS("Added service pattern for authentication")
)
elif existing.pattern == app_url:
self.stdout.write(
self.style.NOTICE("Keeping existing service pattern unchanged")
)
else:
existing.pattern = app_url
existing.save()
self.stdout.write(
self.style.SUCCESS("Modified existing service pattern")
)
elif action == "remove":
existing = self.get_cas_service_pattern(label)
if existing is None:
self.stdout.write(
self.style.NOTICE("No matching service pattern found")
)
else:
existing.delete()
self.stdout.write(
self.style.SUCCESS("Removed existing service pattern")
)
else:
self.stderr.write(
self.style.ERROR("Invalid action requested: {}".format(action))
)
sys.exit(1)
from django.conf import settings
from django.urls import include, path
if "grouprise.features.matrix_chat" in settings.INSTALLED_APPS:
urlpatterns = [
path("cas/", include("cas_server.urls", namespace="cas_server")),
]
else:
urlpatterns = []
......@@ -16,7 +16,6 @@ urlpatterns = [
path('', include('grouprise.features.gestalten.urls')),
path('', include('grouprise.features.gestalten.auth.urls')),
path('', include('grouprise.features.groups.urls')),
path('', include('grouprise.features.matrix_chat.urls')),
path('', include('grouprise.features.memberships.urls')),
path('', include('grouprise.features.polls.urls')),
path('', include('grouprise.features.rest_api.urls')),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment