Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(publisher): authenticate with drupal #86

Merged
merged 45 commits into from
Nov 1, 2023
Merged

feat(publisher): authenticate with drupal #86

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
fbcf711
chore: require simple oauth
colorfield Jun 28, 2023
9c6aaf5
chore: update publisher
colorfield Jun 28, 2023
0db1d61
chore: enable simple oauth
colorfield Jun 28, 2023
028970e
chore: update silverback gatsby
colorfield Jun 28, 2023
7e79b8e
chore: disable key permissions check
colorfield Jun 28, 2023
2a88a46
chore: add environment variables and configure publisher
colorfield Jun 28, 2023
5451ba9
chore: set keys directory
colorfield Jun 28, 2023
d91830a
chore: allow to use post on publisher access checker
colorfield Jun 28, 2023
553d520
chore: simple oauth and publisher role configuration
colorfield Jun 28, 2023
07510d6
chore: use min 32 chars for the hash salt
colorfield Jun 28, 2023
0749ea8
docs: project specific configuration for oauth
colorfield Jun 28, 2023
f3fecfc
chore: comment out environment vars so we use defaults
colorfield Jun 28, 2023
8836740
chore: gitignore keys
colorfield Jun 28, 2023
c71a69e
chore: adjust default hash salt to match >= 32 chars
colorfield Jul 3, 2023
d74cba3
Merge branch 'dev' into publisher-oauth
colorfield Aug 18, 2023
5299a3d
fix: pnpm-lock merge with duplicate entries
colorfield Aug 18, 2023
9922194
refactor: make oauth optional
colorfield Aug 18, 2023
1ead119
docs: improve wording
colorfield Aug 18, 2023
5c6b592
chore: set back after merge
colorfield Aug 18, 2023
8c6991b
docs: fix keys generation
colorfield Aug 18, 2023
f35ec54
chore: bump publisher
colorfield Aug 22, 2023
d3dbd33
Revert "chore: bump publisher"
colorfield Aug 22, 2023
417838d
chore: run pnpm i with manual bump of publisher
colorfield Aug 22, 2023
0e432f0
Merge remote-tracking branch 'origin/release' into publisher-oauth
colorfield Oct 16, 2023
24d983a
chore: write client and session secret with init
colorfield Oct 16, 2023
a9b4c0f
chore: create keys as a post-rollout task
colorfield Oct 16, 2023
5febe05
chore: bump silverback_gatsby, enable silverback_gatsby_oauth
colorfield Oct 17, 2023
61d491f
fix: add cli service
colorfield Oct 17, 2023
282b42e
fix: add cli service, gitignore keys, do no skip auth
colorfield Oct 17, 2023
a64311c
docs: update oauth section
colorfield Oct 18, 2023
71c29bf
chore: bump silverback_gatsby
colorfield Oct 18, 2023
6078a90
chore: use private scheme for keys due to infra limitations
colorfield Oct 18, 2023
6f243a3
docs: fix typo
colorfield Oct 18, 2023
7620f49
chore: no need for gitignore keys anymore
colorfield Oct 18, 2023
e5e4cd0
chore: use REPLACE_ME placeholder value
colorfield Oct 18, 2023
7ddcc8d
chore: source before deploy
colorfield Oct 18, 2023
b47b2c4
docs: fix keys directory
colorfield Oct 19, 2023
96fa474
refactor: delete publisher role
colorfield Nov 1, 2023
6e1fc32
refactor: move consumer setup in template
colorfield Nov 1, 2023
b2ce3dc
chore: prevent access to keys using the private scheme
colorfield Nov 1, 2023
0d24d90
chore: bump silverback_gatsby
colorfield Nov 1, 2023
d258b69
Merge remote-tracking branch 'origin/release' into publisher-oauth
colorfield Nov 1, 2023
abc563c
chore: update composer.lock
colorfield Nov 1, 2023
8884af6
docs: remove scope
colorfield Nov 1, 2023
4c3d69d
chore: bump publisher
colorfield Nov 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,49 @@ lagoon runtime configuration.
lagoon add variable -p [project name] -e dev -N NETLIFY_SITE_ID -V [netlify site id]
```

### Publisher authentication with Drupal

Publisher access can require to authenticate with Drupal with OAuth2.
To fully skip it, set this environment variable.

```
PUBLISHER_SKIP_AUTHENTICATION=true
```

#### Drupal configuration

##### Check the hash salt

It must be at least 32 chars long. See `DRUPAL_HASH_SALT` environment variable.

##### Create Certificates

- Go to `/admin/config/people/simple_oauth`
- Generate keys, set the directory to `../keys`
- Possibly gitignore keys but then needs to be part of the deployment process

##### Create Consumers

Per environment, as Consumers are content entities.

- Go to `/admin/config/services/consumer`
- Delete the default Consumer
- Create a Consumer
- Label: `Publisher`
- Client ID: `publisher`
- Secret: a random string
- Redirect URI: `[publisher-url]/oauth/callback`
- Scope: `Publisher`

##### Set the Access Publisher permission

Add this permission to relevant roles.

#### Publisher configuration

Configure [website environment variables](./apps/website/.lagoon.env) based
on Drupal configuration.

## Storybook

If a `CHROMATIC_PROJECT_TOKEN` environment variable is set, the Storybook build
Expand Down
4 changes: 4 additions & 0 deletions apps/cms/composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@
"drupal/redirect": "^1.7",
"drupal/reroute_email": "^2.2",
"drupal/role_delegation": "^1.2",
"drupal/simple_oauth": "^5.2",
"drupal/slack": "^1.4",
"drupal/stage_file_proxy": "^2.0",
"drupal/userprotect": "^1.2",
Expand All @@ -91,6 +92,9 @@
},
"extra": {
"patches": {
"drupal/core": {
"#2706241 AccessAwareRouter does not respect HTTP method": "https://www.drupal.org/files/issues/2023-03-17/2706241-74.patch"
},
"drupal/masquerade": {
"#915756 Add masquerade to admin menu": "https://www.drupal.org/files/issues/2023-06-22/915756-15.patch"
},
Expand Down
Loading