diff --git a/seafile/conf/conf b/seafile/conf/conf new file mode 120000 index 0000000..eaa1b30 --- /dev/null +++ b/seafile/conf/conf @@ -0,0 +1 @@ +/seafile/conf \ No newline at end of file diff --git a/seafile/conf/seahub_settings.py b/seafile/conf/seahub_settings.py index 443328c..409dbc5 100644 --- a/seafile/conf/seahub_settings.py +++ b/seafile/conf/seahub_settings.py @@ -1,86 +1,3 @@ ## General SECRET_KEY = "zt^$p=*-yzytt3)1lidvsfjrq7qe+3t^$nw6wp_+bqhttxy4c!" SERVICE_URL = "https://seafile.rik.veenboer.xyz/" - - -## Remote User Authentication -ENABLE_REMOTE_USER_AUTHENTICATION = False - -# Optional, HTTP header, which is configured in your web server conf file, -# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'. -REMOTE_USER_HEADER = 'X-Seafile-User' - -# Optional, when the value of HTTP_REMOTE_USER is not a valid email address, -# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER' -# and this domain, e.g. user1@example.com. -REMOTE_USER_DOMAIN = 'veenboer.xyz' - -# Optional, whether to create new user in Seafile system, default value is True. -# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login. -# The admin has to first import the users from external systems like LDAP. -REMOTE_USER_CREATE_UNKNOWN_USER = True - -# Optional, whether to activate new user in Seafile system, default value is True. -# If this setting is disabled, user will be unable to login by default. -# the administrator needs to manually activate this user. -REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True - -# Optional, map user attribute in HTTP header and Seafile's user attribute. -REMOTE_USER_ATTRIBUTE_MAP = { - 'X-Authentik-Username': 'name', - 'X-Seafile-User': 'contact_email', - - # for user info - # "HTTP_GIVENNAME": 'givenname', - # "HTTP_SN": 'surname', - # "HTTP_ORGANIZATION": 'institution', - - # for user role - # 'HTTP_Shibboleth-affiliation': 'affiliation', -} - -# Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP, -# it is not restricted to Shibboleth -SHIBBOLETH_AFFILIATION_ROLE_MAP = { - # 'employee@uni-mainz.de': 'staff', - # 'member@uni-mainz.de': 'staff', - # 'student@uni-mainz.de': 'student', - # 'employee@hu-berlin.de': 'guest', - # 'patterns': ( - # ('*@hu-berlin.de', 'guest1'), - # ('*@*.de', 'guest2'), - # ('*', 'guest'), - # ), -} - - -## OAuth Authentication -ENABLE_OAUTH = True - -# If create new user when he/she logs in Seafile for the first time, defalut `True`. -OAUTH_CREATE_UNKNOWN_USER = True - -# If active new user when he/she logs in Seafile for the first time, defalut `True`. -OAUTH_ACTIVATE_USER_AFTER_CREATION = True - -# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error. -OAUTH_ENABLE_INSECURE_TRANSPORT = True - -# Client id/secret generated by authorization server when you register your client application. -OAUTH_CLIENT_ID = "ppPkXbiyxpYKOlHdKHNM69HlzrKBz1DB9eTgvfgh" -OAUTH_CLIENT_SECRET = "G1F5UwQyMDFSZpo8OjMLdU7TbMniWzNDJqjGHsGo1Yr03MOMM5uAw4gHLRMdxM72DLZUWWgSllEOkHk8ifBH7FVhlNw9zwc5LNOFIoXzMNZAuaJhLDlWPjWrfMCiosNT" - -# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value. -OAUTH_REDIRECT_URL = 'https://seafile.rik.veenboer.xyz/oauth/callback/' - -OAUTH_PROVIDER_DOMAIN = 'authentik.rik.veenboer.xyz' -OAUTH_AUTHORIZATION_URL = 'https://authentik.rik.veenboer.xyz/application/o/authorize/' -OAUTH_TOKEN_URL = 'https://authentik.rik.veenboer.xyz/application/o/token/' -OAUTH_USER_INFO_URL = 'https://authentik.rik.veenboer.xyz/application/o/userinfo/' -OAUTH_SCOPE = ["user",] -OAUTH_ATTRIBUTE_MAP = { - # "id": (True, "email"), # Please keep the 'email' option unchanged to be compatible with the login of users of version 11.0 and earlier. - "name": (False, "name"), - "email": (False, "contact_email"), - "uid": (True, "uid"), # Seafile v11.0 + -} diff --git a/seafile/conf/unused_oauth.py b/seafile/conf/unused_oauth.py new file mode 100644 index 0000000..9c57557 --- /dev/null +++ b/seafile/conf/unused_oauth.py @@ -0,0 +1,81 @@ +## Remote User Authentication +ENABLE_REMOTE_USER_AUTHENTICATION = False + +# Optional, HTTP header, which is configured in your web server conf file, +# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'. +REMOTE_USER_HEADER = 'X-Seafile-User' + +# Optional, when the value of HTTP_REMOTE_USER is not a valid email address, +# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER' +# and this domain, e.g. user1@example.com. +REMOTE_USER_DOMAIN = 'veenboer.xyz' + +# Optional, whether to create new user in Seafile system, default value is True. +# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login. +# The admin has to first import the users from external systems like LDAP. +REMOTE_USER_CREATE_UNKNOWN_USER = True + +# Optional, whether to activate new user in Seafile system, default value is True. +# If this setting is disabled, user will be unable to login by default. +# the administrator needs to manually activate this user. +REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True + +# Optional, map user attribute in HTTP header and Seafile's user attribute. +REMOTE_USER_ATTRIBUTE_MAP = { + 'X-Authentik-Username': 'name', + 'X-Seafile-User': 'contact_email', + + # for user info + # "HTTP_GIVENNAME": 'givenname', + # "HTTP_SN": 'surname', + # "HTTP_ORGANIZATION": 'institution', + + # for user role + # 'HTTP_Shibboleth-affiliation': 'affiliation', +} + +# Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP, +# it is not restricted to Shibboleth +SHIBBOLETH_AFFILIATION_ROLE_MAP = { + # 'employee@uni-mainz.de': 'staff', + # 'member@uni-mainz.de': 'staff', + # 'student@uni-mainz.de': 'student', + # 'employee@hu-berlin.de': 'guest', + # 'patterns': ( + # ('*@hu-berlin.de', 'guest1'), + # ('*@*.de', 'guest2'), + # ('*', 'guest'), + # ), +} + + +## OAuth Authentication +ENABLE_OAUTH = True + +# If create new user when he/she logs in Seafile for the first time, defalut `True`. +OAUTH_CREATE_UNKNOWN_USER = True + +# If active new user when he/she logs in Seafile for the first time, defalut `True`. +OAUTH_ACTIVATE_USER_AFTER_CREATION = True + +# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error. +OAUTH_ENABLE_INSECURE_TRANSPORT = True + +# Client id/secret generated by authorization server when you register your client application. +OAUTH_CLIENT_ID = "ppPkXbiyxpYKOlHdKHNM69HlzrKBz1DB9eTgvfgh" +OAUTH_CLIENT_SECRET = "G1F5UwQyMDFSZpo8OjMLdU7TbMniWzNDJqjGHsGo1Yr03MOMM5uAw4gHLRMdxM72DLZUWWgSllEOkHk8ifBH7FVhlNw9zwc5LNOFIoXzMNZAuaJhLDlWPjWrfMCiosNT" + +# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value. +OAUTH_REDIRECT_URL = 'https://seafile.rik.veenboer.xyz/oauth/callback/' + +OAUTH_PROVIDER_DOMAIN = 'authentik.rik.veenboer.xyz' +OAUTH_AUTHORIZATION_URL = 'https://authentik.rik.veenboer.xyz/application/o/authorize/' +OAUTH_TOKEN_URL = 'https://authentik.rik.veenboer.xyz/application/o/token/' +OAUTH_USER_INFO_URL = 'https://authentik.rik.veenboer.xyz/application/o/userinfo/' +OAUTH_SCOPE = ["user",] +OAUTH_ATTRIBUTE_MAP = { + # "id": (True, "email"), # Please keep the 'email' option unchanged to be compatible with the login of users of version 11.0 and earlier. + "name": (False, "name"), + "email": (False, "contact_email"), + "uid": (True, "uid"), # Seafile v11.0 + +}