Disable ldap (#237)

* Backport from #20 * Disable ldap role mapping, add docs to env * Split test in frontend and backend and avoid tests run twice on branches / pr * Remove unnecessary options from .env files as misconfiguring of the settings can cause trouble getting started * Adjust readme to new ldap settings * Update changelog
THM-Health · Jul 20, 2022 · f54bb7a · f54bb7a
1 parent 5a95dc7
commit f54bb7a
Show file tree

Hide file tree

Showing 12 changed files with 237 additions and 123 deletions.
diff --git a/.env.ci b/.env.ci
@@ -1,28 +1,30 @@
-APP_NAME=Laravel
+APP_NAME=PILOS
 APP_ENV=local
 APP_KEY=
 APP_DEBUG=true
+# API Server URL
 APP_URL=http://localhost
+# URL of the frontend, usually the same as APP_URL
+MIX_FRONTEND_BASE_URL="${APP_URL}"
+
+SESSION_DRIVER=file
+SESSION_LIFETIME=120
 
+# For production daily recommended
 LOG_CHANNEL=stack
 
+# Database config
 DB_CONNECTION=mysql
 DB_HOST=127.0.0.1
 DB_PORT=3306
 DB_DATABASE=test
 DB_USERNAME=user
 DB_PASSWORD=password
 
-BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 QUEUE_CONNECTION=sync
-SESSION_DRIVER=file
-SESSION_LIFETIME=120
-
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
 
+# Email config
 MAIL_MAILER=smtp
 MAIL_HOST=smtp.mailtrap.io
 MAIL_PORT=2525
@@ -32,45 +34,90 @@ MAIL_ENCRYPTION=null
 MAIL_FROM_ADDRESS=null
 MAIL_FROM_NAME="${APP_NAME}"
 
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
-AWS_DEFAULT_REGION=us-east-1
-AWS_BUCKET=
-
-PUSHER_APP_ID=
-PUSHER_APP_KEY=
-PUSHER_APP_SECRET=
-PUSHER_APP_CLUSTER=mt1
-
-MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
-MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
-
-LDAP_LOGGING=true
-LDAP_CONNECTION=default
+# LDAP config
+LDAP_ENABLED=false
 LDAP_HOST=127.0.0.1
+# For anonymous bind keep LDAP_USERNAME and LDAP_PASSWORD empty
 LDAP_USERNAME="cn=user,dc=local,dc=om"
 LDAP_PASSWORD="secret"
 LDAP_PORT=389
 LDAP_BASE_DN="dc=local,dc=com"
 LDAP_TIMEOUT=5
-LDAP_SSL=false
+LDAP_SSL=true
 LDAP_TLS=false
+# LDAP logging debugging only
+LDAP_LOGGING=false
+# LDAP role mapping, to disable keep LDAP_ROLE_ATTRIBUTE empty
+# Attribute with the users role, can be a multi value attribute
+LDAP_ROLE_ATTRIBUTE=userclass
+# Map the attribute to the name of a local role, defined as array, ldap role is key, pilos role is value
+LDAP_ROLE_MAP=A=admin,U=user
 
-SANCTUM_STATEFUL_DOMAINS=localhost,127.0.0.1
-SESSION_DOMAIN=localhost,127.0.0.1
+# Login logging
+AUTH_LOG_SUCCESSFUL=false
+AUTH_LOG_FAILED=false
+AUTH_LOG_LDAP_ROLES=false
 
-# Don't forget to rebuild frontend on changing this environment variables
+# Don't forget to rebuild frontend on changing any environment variables starting with MIX_
+# Available languages for the language picker
 MIX_AVAILABLE_LOCALES=en,de
+# Default language
 MIX_DEFAULT_LOCALE=en
-
-LDAP_ROLE_ATTRIBUTE=userclass
-LDAP_ROLE_MAP=admin=admin,user=user
-
-BROWSERSYNC_URL=localhost
+# Maximum length of the room welcome message
 MIX_WELCOME_MESSAGE_LIMIT=500
+# Maximum length of the room name
 MIX_ROOM_NAME_LIMIT=50
-
+# Default logo of the application
 DEFAULT_LOGO=/images/logo.svg
+# Default favicon of the application
+DEFAULT_FAVICON=/images/favicon.ico
+# Global room limit
 DEFAULT_ROOM_LIMIT=-1
+# Global length of paginated lists
+DEFAULT_PAGINATION_PAGE_SIZE=15
+# Length of the paginated list of the own and shared rooms
+OWN_ROOMS_PAGINATION_PAGE_SIZE=5
+# Allow users to self reset password
+PASSWORD_SELF_RESET_ENABLED=false
+# Link lifetime for password reset email
+PASSWORD_RESET_EXPIRE=60
 
-MIX_FRONTEND_BASE_URL="${APP_URL}"
+PASSWORD_RESET_THROTTLE=60
+NEW_USER_PASSWORD_RESET_EXPIRE=60
+NEW_USER_PASSWORD_RESET_THROTTLE=60
+# Default timezone for new users
+DEFAULT_TIMEZONE=UTC
+# Lifetime in minutes of room tokens, -1 for unlimited
+ROOM_TOKEN_EXPIRATION=-1
+
+# Enable statistical usage data of the servers and duration in days to keep data
+STATISTICS_SERVERS_ENABLED=false
+STATISTICS_SERVERS_RETENTION_PERIOD=30
+
+# Enable statistical usage data of the meetings and duration in days to keep data
+STATISTICS_MEETINGS_ENABLED=false
+STATISTICS_MEETINGS_RETENTION_PERIOD=30
+
+# Enable attendance logging for meetings and duration in days to keep data
+ATTENDANCE_ENABLED=false
+ATTENDANCE_RETENTION_PERIOD=30
+
+# Enable auto room delete
+ROOM_AUTO_DELETE_ENABLED=false
+# Send email to owner if room was not used within the last x days
+ROOM_AUTO_DELETE_INACTIVE_PERIOD=365
+# Send email to owner if room was never used since x days of the creation
+ROOM_AUTO_DELETE_NEVER_USED_PERIOD=90
+# Days from sending the email to deleting the room
+ROOM_AUTO_DELETE_DEADLINE_PERIOD=14
+
+# Support greenlight urls: room urls, signin, ldap_signin and default_room, see MIGRATE_GREENLIGHT.md for more details
+GREENLIGHT_COMPATIBILITY=false
+GREENLIGHT_PATH=b
+
+
+# Development
+# Enable axe accessibility check tools
+ENABLE_AXE=false
+# Browsersync url
+BROWSERSYNC_URL=localhost
diff --git a/.env.example b/.env.example
@@ -1,28 +1,30 @@
-APP_NAME=Laravel
+APP_NAME=PILOS
 APP_ENV=local
 APP_KEY=
 APP_DEBUG=true
+# API Server URL
 APP_URL=http://localhost
+# URL of the frontend, usually the same as APP_URL
+MIX_FRONTEND_BASE_URL="${APP_URL}"
+
+SESSION_DRIVER=file
+SESSION_LIFETIME=120
 
+# For production daily recommended
 LOG_CHANNEL=stack
 
+# Database config
 DB_CONNECTION=mysql
 DB_HOST=127.0.0.1
 DB_PORT=3306
 DB_DATABASE=laravel
 DB_USERNAME=root
 DB_PASSWORD=
 
-BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 QUEUE_CONNECTION=sync
-SESSION_DRIVER=file
-SESSION_LIFETIME=120
-
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
 
+# Email config
 MAIL_MAILER=smtp
 MAIL_HOST=smtp.mailtrap.io
 MAIL_PORT=2525
@@ -32,70 +34,62 @@ MAIL_ENCRYPTION=null
 MAIL_FROM_ADDRESS=null
 MAIL_FROM_NAME="${APP_NAME}"
 
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
-AWS_DEFAULT_REGION=us-east-1
-AWS_BUCKET=
-
-PUSHER_APP_ID=
-PUSHER_APP_KEY=
-PUSHER_APP_SECRET=
-PUSHER_APP_CLUSTER=mt1
-
-MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
-MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
-
-LDAP_CONNECTION=default
+# LDAP config
+LDAP_ENABLED=false
 LDAP_HOST=127.0.0.1
+# For anonymous bind keep LDAP_USERNAME and LDAP_PASSWORD empty
 LDAP_USERNAME="cn=user,dc=local,dc=om"
 LDAP_PASSWORD="secret"
 LDAP_PORT=389
 LDAP_BASE_DN="dc=local,dc=com"
 LDAP_TIMEOUT=5
-LDAP_SSL=false
+LDAP_SSL=true
 LDAP_TLS=false
+# LDAP logging debugging only
+LDAP_LOGGING=false
+# LDAP role mapping, to disable keep LDAP_ROLE_ATTRIBUTE empty
+# Attribute with the users role, can be a multi value attribute
+LDAP_ROLE_ATTRIBUTE=userclass
+# Map the attribute to the name of a local role, defined as array, ldap role is key, pilos role is value
+LDAP_ROLE_MAP=A=admin,U=user
 
-SANCTUM_STATEFUL_DOMAINS=localhost,127.0.0.1
-SESSION_DOMAIN=localhost,127.0.0.1
+# Login logging
+AUTH_LOG_SUCCESSFUL=false
+AUTH_LOG_FAILED=false
+AUTH_LOG_LDAP_ROLES=false
 
-# Don't forget to rebuild frontend on changing this environment variables
+# Don't forget to rebuild frontend on changing any environment variables starting with MIX_
+# Available languages for the language picker
 MIX_AVAILABLE_LOCALES=en,de
+# Default language
 MIX_DEFAULT_LOCALE=en
-
-LDAP_ROLE_ATTRIBUTE=userclass
-LDAP_ROLE_MAP=admin=admin,user=user
-
-BROWSERSYNC_URL=localhost
+# Maximum length of the room welcome message
 MIX_WELCOME_MESSAGE_LIMIT=500
+# Maximum length of the room name
 MIX_ROOM_NAME_LIMIT=50
-
+# Default logo of the application
 DEFAULT_LOGO=/images/logo.svg
+# Default favicon of the application
 DEFAULT_FAVICON=/images/favicon.ico
+# Global room limit
 DEFAULT_ROOM_LIMIT=-1
+# Global length of paginated lists
 DEFAULT_PAGINATION_PAGE_SIZE=15
+# Length of the paginated list of the own and shared rooms
 OWN_ROOMS_PAGINATION_PAGE_SIZE=5
-
+# Allow users to self reset password
 PASSWORD_SELF_RESET_ENABLED=false
+# Link lifetime for password reset email
 PASSWORD_RESET_EXPIRE=60
+
 PASSWORD_RESET_THROTTLE=60
 NEW_USER_PASSWORD_RESET_EXPIRE=60
 NEW_USER_PASSWORD_RESET_THROTTLE=60
+# Default timezone for new users
 DEFAULT_TIMEZONE=UTC
+# Lifetime in minutes of room tokens, -1 for unlimited
 ROOM_TOKEN_EXPIRATION=-1
 
-# Enable axe accessibility check tools, only considered in development
-ENABLE_AXE=false
-
-AUTH_LOG_SUCCESSFUL=false
-AUTH_LOG_FAILED=false
-AUTH_LOG_LDAP_ROLES=false
-
-# Support greenlight urls: room urls, signin, ldap_signin and default_room, see MIGRATE_GREENLIGHT.md for more details
-GREENLIGHT_COMPATIBILITY=false
-GREENLIGHT_PATH=b
-
-MIX_FRONTEND_BASE_URL="${APP_URL}"
-
 # Enable statistical usage data of the servers and duration in days to keep data
 STATISTICS_SERVERS_ENABLED=false
 STATISTICS_SERVERS_RETENTION_PERIOD=30
@@ -116,3 +110,14 @@ ROOM_AUTO_DELETE_INACTIVE_PERIOD=365
 ROOM_AUTO_DELETE_NEVER_USED_PERIOD=90
 # Days from sending the email to deleting the room
 ROOM_AUTO_DELETE_DEADLINE_PERIOD=14
+
+# Support greenlight urls: room urls, signin, ldap_signin and default_room, see MIGRATE_GREENLIGHT.md for more details
+GREENLIGHT_COMPATIBILITY=false
+GREENLIGHT_PATH=b
+
+
+# Development
+# Enable axe accessibility check tools
+ENABLE_AXE=false
+# Browsersync url
+BROWSERSYNC_URL=localhost
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,11 +2,11 @@ name: CI
 
 on:
   push:
+    branches: [ master ]
   pull_request:
-
 jobs:
-  laravel-tests:
-    name: Laravel (PHP ${{ matrix.php-versions }}
+  pilos-backend:
+    name: Backend (PHP ${{ matrix.php-versions }})
     runs-on: ubuntu-latest
 
     services:
@@ -54,18 +54,6 @@ jobs:
         key: ${{ runner.os }}-${{ matrix.php-versions }}-composer-${{ hashFiles('**/composer.lock') }}
         restore-keys: |
           ${{ runner.os }}-${{ matrix.php-versions }}-composer-
-    - name: Get NPM Cache Directory
-      id: npm-cache
-      run: |
-        echo "::set-output name=dir::$(npm config get cache)"
-    - name: Get NPM Cache Keys
-      uses: actions/cache@v2
-      with:
-        path: ${{ steps.npm-cache.outputs.dir }}
-        key: ${{ runner.os }}-${{ matrix.php-versions }}-node-${{ hashFiles('**/package-lock.json') }}
-        restore-keys: |
-          ${{ runner.os }}-${{ matrix.php-versions }}-node-
-
     - name: Install php dependencies
       run: |
         composer self-update
@@ -80,10 +68,6 @@ jobs:
       run: php artisan migrate --no-interaction -vvv
     - name: Execute code style check via php-cs-fixer
       run: vendor/bin/php-cs-fixer fix --dry-run --allow-risky=yes
-    - name: Execute frontend code style check via eslint and frontend tests
-      run: |
-        npm ci
-        npm run ci
     - name: Execute tests (Unit and Feature tests) via PHPUnit and upload coverage
       env:
         CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -98,9 +82,32 @@ jobs:
       with:
         name: ${{ runner.os }}-${{ matrix.php-versions }}-laravel.log
         path: storage/logs/laravel.log
-    - name: Upload npm logs
-      uses: actions/upload-artifact@v2
-      if: failure()
-      with:
-        name: npm-debug.log
-        path: /home/runner/.npm/_logs/*-debug.log
+  pilos-frontend:
+          name: Frontend
+          runs-on: ubuntu-latest
+          steps:
+            - name: Checkout
+              uses: actions/checkout@v2
+            - name: Copy .env
+              run: php -r "copy('.env.example', '.env');"
+            - name: Get NPM Cache Directory
+              id: npm-cache
+              run: |
+                echo "::set-output name=dir::$(npm config get cache)"
+            - name: Get NPM Cache Keys
+              uses: actions/cache@v2
+              with:
+                path: ${{ steps.npm-cache.outputs.dir }}
+                key: ${{ runner.os }}-${{ matrix.php-versions }}-node-${{ hashFiles('**/package-lock.json') }}
+                restore-keys: |
+                  ${{ runner.os }}-${{ matrix.php-versions }}-node-
+            - name: Execute frontend code style check via eslint and frontend tests
+              run: |
+                npm ci
+                npm run ci
+            - name: Upload npm logs
+              uses: actions/upload-artifact@v2
+              if: failure()
+              with:
+                name: npm-debug.log
+                path: /home/runner/.npm/_logs/*-debug.log