homeserver/opt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
220c96b1e5aa62ca353b8bf83800dbf6a445f783
opt/seafile/conf/unused_oauth.py
Rik Veenboer c2c61f93c7 snapshot seafile
2024-11-24 12:29:01 +01:00

82 lines
3.5 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## Remote User Authentication
ENABLE_REMOTE_USER_AUTHENTICATION = False
# Optional, HTTP header, which is configured in your web server conf file,
# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
REMOTE_USER_HEADER = 'X-Seafile-User'
# Optional, when the value of HTTP_REMOTE_USER is not a valid email address
# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'
# and this domain, e.g. user1@example.com.
REMOTE_USER_DOMAIN = 'veenboer.xyz'
# Optional, whether to create new user in Seafile system, default value is True.
# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
# The admin has to first import the users from external systems like LDAP.
REMOTE_USER_CREATE_UNKNOWN_USER = True
# Optional, whether to activate new user in Seafile system, default value is True.
# If this setting is disabled, user will be unable to login by default.
# the administrator needs to manually activate this user.
REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True
# Optional, map user attribute in HTTP header and Seafile's user attribute.
REMOTE_USER_ATTRIBUTE_MAP = {
'X-Authentik-Username': 'name',
'X-Seafile-User': 'contact_email',
# for user info
# "HTTP_GIVENNAME": 'givenname',
# "HTTP_SN": 'surname',
# "HTTP_ORGANIZATION": 'institution',
# for user role
# 'HTTP_Shibboleth-affiliation': 'affiliation',
}
# Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP,
# it is not restricted to Shibboleth
SHIBBOLETH_AFFILIATION_ROLE_MAP = {
# 'employee@uni-mainz.de': 'staff',
# 'member@uni-mainz.de': 'staff',
# 'student@uni-mainz.de': 'student',
# 'employee@hu-berlin.de': 'guest',
# 'patterns': (
# ('*@hu-berlin.de', 'guest1'),
# ('*@*.de', 'guest2'),
# ('*', 'guest'),
# ),
}
## OAuth Authentication
ENABLE_OAUTH = True
# If create new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_CREATE_UNKNOWN_USER = True
# If active new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_ACTIVATE_USER_AFTER_CREATION = True
# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error.
OAUTH_ENABLE_INSECURE_TRANSPORT = True
# Client id/secret generated by authorization server when you register your client application.
OAUTH_CLIENT_ID = "ppPkXbiyxpYKOlHdKHNM69HlzrKBz1DB9eTgvfgh"
OAUTH_CLIENT_SECRET = "G1F5UwQyMDFSZpo8OjMLdU7TbMniWzNDJqjGHsGo1Yr03MOMM5uAw4gHLRMdxM72DLZUWWgSllEOkHk8ifBH7FVhlNw9zwc5LNOFIoXzMNZAuaJhLDlWPjWrfMCiosNT"
# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
OAUTH_REDIRECT_URL = 'https://seafile.rik.veenboer.xyz/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'authentik.rik.veenboer.xyz'
OAUTH_AUTHORIZATION_URL = 'https://authentik.rik.veenboer.xyz/application/o/authorize/'
OAUTH_TOKEN_URL = 'https://authentik.rik.veenboer.xyz/application/o/token/'
OAUTH_USER_INFO_URL = 'https://authentik.rik.veenboer.xyz/application/o/userinfo/'
OAUTH_SCOPE = ["user",]
OAUTH_ATTRIBUTE_MAP = {
# "id": (True, "email"), # Please keep the 'email' option unchanged to be compatible with the login of users of version 11.0 and earlier.
"name": (False, "name"),
"email": (False, "contact_email"),
"uid": (True, "uid"), # Seafile v11.0 +
}
Reference in New Issue View Git Blame Copy Permalink