Merge remote-tracking branch 'origin/publisher-oauth' into dev

# Conflicts: # .lagoon.yml # README.md # apps/cms/composer.lock # apps/cms/config/sync/simple_oauth.settings.yml
AmazeeLabs · Oct 18, 2023 · f21b5d3 · f21b5d3
2 parents a66c83e + 7620f49
commit f21b5d3
Show file tree

Hide file tree

Showing 5 changed files with 78 additions and 58 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -7,6 +7,10 @@ jobs:
     name: Test
     runs-on: ubuntu-20.04
     steps:
+      - name: Init check
+        if: ${{ github.repository != 'AmazeeLabs/silverback-template'}}
+        run: echo 'Please run the INIT script. See the root README.md for instructions.' && false
+
       - name: Checkout
         uses: actions/checkout@v3
         with:

diff --git a/.lagoon.yml b/.lagoon.yml
@@ -23,8 +23,9 @@ tasks:
     - run:
         name: Create Keys for Simple OAuth if necessary
         command: |
-          if [[ ! -f /app/keys/private.key || ! -f /app/keys/public.key ]]; then
-            drush simple-oauth:generate-keys /app/keys
+          if [[ ! -f /app/web/sites/default/files/private/keys/private.key || ! -f /app/web/sites/default/files/private/keys/public.key ]]; then
+            mkdir -p /app/web/sites/default/files/private/keys
+            drush simple-oauth:generate-keys /app/web/sites/default/files/private/keys
           fi
         service: cli
 environments:

diff --git a/README.md b/README.md
@@ -168,53 +168,68 @@ lagoon add variable -p [project name] -e dev -N NETLIFY_SITE_ID -V [netlify site
 ### Publisher authentication with Drupal
 
 Publisher can require to authenticate with Drupal based on OAuth2.
-Only used on Lagoon environments.
-
-#### Drupal configuration
-
-##### Create keys
-
-Per environment, keys are gitignored.
-
-Via Drush
-
-```bash
-drush simple-oauth:generate-keys ./keys
-```
-
-Or via the UI
-
-- Go to `/admin/config/people/simple_oauth`
-- Click on "Generate keys", the directory should be set to `../keys`
-
-##### Create the Publisher Consumer
-
-Per environment, Consumers are content entities.
-
-- Go to `/admin/config/services/consumer`
-- Create a Consumer 
-  - Label: `Publisher`
-  - Client ID: `publisher`
-  - Secret: a random string
-  - Redirect URI: `[publisher-url]/oauth/callback`
-  - Scope: `Publisher`
-- Optional: the default Consumer can be safely deleted
-
-Troubleshoot: make sure that the `DRUPAL_HASH_SALT` environment variable is >= 32 chars.
-
-#### Publisher authentication
-
-Edit [website environment variables](./apps/website/.lagoon.env)
-
-```
-PUBLISHER_SKIP_AUTHENTICATION=false
-PUBLISHER_OAUTH2_CLIENT_SECRET="[secret used in the Drupal Consumer]"
-PUBLISHER_OAUTH2_SESSION_SECRET="[another random string]"
-```
-
-##### Set the 'Access Publisher' permission
-
-Optional: add this permission to relevant roles.
+It is only used on Lagoon environments.
+
+<details>
+  <summary>How it works</summary>
+
+  #### Drupal configuration
+
+  ##### Create keys
+
+  Per environment, keys are gitignored and are auto-generated via a Lagoon post-rollout task.
+
+  To generate keys manually
+
+  via Drush: cd in the cms directory then
+
+  ```bash
+  drush simple-oauth:generate-keys ./keys
+  ```
+
+  or via the UI
+
+  - Go to `/admin/config/people/simple_oauth`
+  - Click on "Generate keys", the directory should be set to `../keys`
+
+  ##### Create the Publisher Consumer
+
+  Per environment, Consumers are content entities.
+
+  - Go to `/admin/config/services/consumer`
+    - Create a Consumer
+      - Label: `Publisher`
+      - Client ID: `publisher`
+      - Secret: a random string
+      - Redirect URI: `[publisher-url]/oauth/callback`
+      - Scope: `Publisher`
+    - Optional: the default Consumer can be safely deleted
+
+  Troubleshooting:
+  - make sure that the `DRUPAL_HASH_SALT` environment variable is >= 32 chars.
+  - if enabled on local development, use `127.0.0.1:8888` for the cms and `127.0.0.1:8000` for Publisher
+
+  #### Publisher authentication
+
+  Edit [website environment variables](./apps/website/.lagoon.env)
+
+  ```
+  PUBLISHER_SKIP_AUTHENTICATION=false
+  PUBLISHER_OAUTH2_CLIENT_SECRET="[secret used in the Drupal Consumer]"
+  PUBLISHER_OAUTH2_SESSION_SECRET="[another random string]"
+  ```
+
+  ##### Set the 'Access Publisher' permission
+
+  Optional: add this permission to relevant roles.
+
+</details>
+
+<details>
+  <summary>How to disable it</summary>
+
+  In website `.lagoon.env` set `PUBLISHER_SKIP_AUTHENTICATION=true`
+</details>
 
 ## Storybook
 

diff --git a/apps/cms/composer.lock b/apps/cms/composer.lock
diff --git a/apps/cms/config/sync/simple_oauth.settings.yml b/apps/cms/config/sync/simple_oauth.settings.yml
@@ -4,8 +4,8 @@ access_token_expiration: 3600
 authorization_code_expiration: 300
 refresh_token_expiration: 1209600
 token_cron_batch_size: 0
-public_key: ../keys/public.key
-private_key: ../keys/private.key
+public_key: ./sites/default/files/private/keys/public.key
+private_key: ./sites/default/files/private/keys/private.key
 remember_clients: true
 use_implicit: false
 disable_openid_connect: false