flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-10-31 10:27:14 +00:00
Code Issues Releases Wiki Activity

Only add guest mode configuration if guest mode is (#263)

Browse Source 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
This commit is contained in:
Felix Bartels 2019-10-18 14:04:23 +02:00 committed by GitHub
parent 88d71e94aa
commit 4fb98fb69c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
konnect/wrapper.sh
View File

@ -19,12 +19,15 @@ if [ ! -s "$eckey" ]; then
openssl ec -in "$ecparam" -out "$eckey" >/dev/null 2>&1 openssl ec -in "$ecparam" -out "$eckey" >/dev/null 2>&1
fi fi
konnectd utils jwk-from-pem --use sig "$eckey" > /tmp/jwk-meet.json if [ "${allow_client_guests:-}" = "yes" ]; then
CONFIG_JSON=/etc/kopano/konnectd-identifier-registration.yaml echo "Patching identifier registration for use of the Meet guest mode"
#yq -y ".clients += [{\"id\": \"grapi-explorer.js\", \"name\": \"Grapi Explorer\", \"application_type\": \"web\", \"trusted\": true, \"insecure\": true, \"redirect_uris\": [\"http://$FQDNCLEANED:3000/\"]}]" $CONFIG_JSON | sponge $CONFIG_JSON konnectd utils jwk-from-pem --use sig "$eckey" > /tmp/jwk-meet.json
yq -y ".clients += [{\"id\": \"kpop-https://$FQDN/meet/\", \"name\": \"Kopano Meet\", \"application_type\": \"web\", \"trusted\": true, \"redirect_uris\": [\"https://$FQDN/meet/\"], \"trusted_scopes\": [\"konnect/guestok\", \"kopano/kwm\"], \"jwks\": {\"keys\": [{\"kty\": $(jq .kty /tmp/jwk-meet.json), \"use\": $(jq .use /tmp/jwk-meet.json), \"crv\": $(jq .crv /tmp/jwk-meet.json), \"d\": $(jq .d /tmp/jwk-meet.json), \"kid\": $(jq .kid /tmp/jwk-meet.json), \"x\": $(jq .x /tmp/jwk-meet.json), \"y\": $(jq .y /tmp/jwk-meet.json)}]},\"request_object_signing_alg\": \"ES256\"}]" $CONFIG_JSON | sponge $CONFIG_JSON CONFIG_JSON=/etc/kopano/konnectd-identifier-registration.yaml
# TODO this last bit can likely go #yq -y ".clients += [{\"id\": \"grapi-explorer.js\", \"name\": \"Grapi Explorer\", \"application_type\": \"web\", \"trusted\": true, \"insecure\": true, \"redirect_uris\": [\"http://$FQDNCLEANED:3000/\"]}]" $CONFIG_JSON | sponge $CONFIG_JSON
yq -y . $CONFIG_JSON | sponge /kopano/ssl/konnectd-identifier-registration.yaml yq -y ".clients += [{\"id\": \"kpop-https://$FQDN/meet/\", \"name\": \"Kopano Meet\", \"application_type\": \"web\", \"trusted\": true, \"redirect_uris\": [\"https://$FQDN/meet/\"], \"trusted_scopes\": [\"konnect/guestok\", \"kopano/kwm\"], \"jwks\": {\"keys\": [{\"kty\": $(jq .kty /tmp/jwk-meet.json), \"use\": $(jq .use /tmp/jwk-meet.json), \"crv\": $(jq .crv /tmp/jwk-meet.json), \"d\": $(jq .d /tmp/jwk-meet.json), \"kid\": $(jq .kid /tmp/jwk-meet.json), \"x\": $(jq .x /tmp/jwk-meet.json), \"y\": $(jq .y /tmp/jwk-meet.json)}]},\"request_object_signing_alg\": \"ES256\"}]" $CONFIG_JSON | sponge $CONFIG_JSON
# TODO this last bit can likely go
yq -y . $CONFIG_JSON | sponge /kopano/ssl/konnectd-identifier-registration.yaml
fi
# source additional configuration from Konnect cfg (potentially overwrites env vars) # source additional configuration from Konnect cfg (potentially overwrites env vars)
if [ -e /etc/kopano/konnectd.cfg ]; then if [ -e /etc/kopano/konnectd.cfg ]; then