mirror of
https://github.com/mealie-recipes/mealie.git
synced 2025-07-09 03:04:54 -04:00
Add new OIDC TLS CA Certfile option (#3496)
This commit is contained in:
parent
c6f5b62ad0
commit
1a385e941c
@ -99,6 +99,7 @@ For usage, see [Usage - OpenID Connect](../authentication/oidc.md)
|
||||
| OIDC_REMEMBER_ME | False | Because redirects bypass the login screen, you cant extend your session by clicking the "Remember Me" checkbox. By setting this value to true, a session will be extended as if "Remember Me" was checked |
|
||||
| OIDC_SIGNING_ALGORITHM | RS256 | The algorithm used to sign the id token (examples: RS256, HS256) |
|
||||
| OIDC_USER_CLAIM | email | Optional: 'email', 'preferred_username' |
|
||||
| OIDC_TLS_CACERTFILE | None | File path to Certificate Authority used to verify server certificate (e.g. `/path/to/ca.crt`) |
|
||||
|
||||
### Themeing
|
||||
|
||||
|
@ -119,20 +119,27 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
|
||||
|
||||
if not (settings.OIDC_READY and settings.OIDC_CONFIGURATION_URL):
|
||||
return None
|
||||
configuration = None
|
||||
with requests.get(settings.OIDC_CONFIGURATION_URL, timeout=5) as config_response:
|
||||
config_response.raise_for_status()
|
||||
configuration = config_response.json()
|
||||
|
||||
session = requests.Session()
|
||||
if settings.OIDC_TLS_CACERTFILE:
|
||||
session.verify = settings.OIDC_TLS_CACERTFILE
|
||||
|
||||
config_response = session.get(settings.OIDC_CONFIGURATION_URL, timeout=5)
|
||||
config_response.raise_for_status()
|
||||
configuration = config_response.json()
|
||||
|
||||
if not configuration:
|
||||
OpenIDProvider._logger.warning("[OIDC] Unable to fetch configuration from the OIDC_CONFIGURATION_URL")
|
||||
session.close()
|
||||
return None
|
||||
|
||||
jwks_uri = configuration.get("jwks_uri", None)
|
||||
if not jwks_uri:
|
||||
OpenIDProvider._logger.warning("[OIDC] Unable to find the jwks_uri from the OIDC_CONFIGURATION_URL")
|
||||
session.close()
|
||||
return None
|
||||
|
||||
with requests.get(jwks_uri, timeout=5) as response:
|
||||
response.raise_for_status()
|
||||
return JsonWebKey.import_key_set(response.json())
|
||||
response = session.get(jwks_uri, timeout=5)
|
||||
response.raise_for_status()
|
||||
session.close()
|
||||
return JsonWebKey.import_key_set(response.json())
|
||||
|
@ -192,6 +192,7 @@ class AppSettings(BaseSettings):
|
||||
OIDC_REMEMBER_ME: bool = False
|
||||
OIDC_SIGNING_ALGORITHM: str = "RS256"
|
||||
OIDC_USER_CLAIM: str = "email"
|
||||
OIDC_TLS_CACERTFILE: str | None = None
|
||||
|
||||
@property
|
||||
def OIDC_READY(self) -> bool:
|
||||
|
Loading…
x
Reference in New Issue
Block a user