Set default values where sensible and remove unnecessary conditionals in .env.j2.
Check for empty string instead of Null to verify if an openid_server_name is pinned.
This commit is contained in:
parent
d67d8c07f5
commit
96dd86d33b
|
@ -81,10 +81,10 @@ In case Jitsi is also managed by this playbook and 'matrix' authentication in Ji
|
||||||
In theory (however currently untested), UVS can handle federation. Simply set:
|
In theory (however currently untested), UVS can handle federation. Simply set:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
matrix_user_verification_service_uvs_openid_verify_server_name: ~
|
matrix_user_verification_service_uvs_openid_verify_server_name: ""
|
||||||
```
|
```
|
||||||
|
|
||||||
using host_vars to override the group_vars.
|
in your host_vars.
|
||||||
|
|
||||||
This will instruct UVS to verify the OpenID token against any domain given in a request.
|
This will instruct UVS to verify the OpenID token against any domain given in a request.
|
||||||
Homeserver discovery is done via '.well-known/matrix/server' of the given domain.
|
Homeserver discovery is done via '.well-known/matrix/server' of the given domain.
|
||||||
|
|
|
@ -3212,10 +3212,6 @@ matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_s
|
||||||
|
|
||||||
matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}"
|
matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}"
|
||||||
|
|
||||||
# Pin UVS to only check openId Tokens for the matrix_server_name configured by this playbook.
|
|
||||||
# This is not the homeserverURL, but rather the domain in the matrix "user ID"
|
|
||||||
matrix_user_verification_service_uvs_openid_verify_server_name: "{{ matrix_domain }}"
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# /matrix-user-verification-service
|
# /matrix-user-verification-service
|
||||||
|
|
|
@ -48,14 +48,15 @@ matrix_user_verification_service_uvs_disable_ip_blacklist: false
|
||||||
# need have the header "Authorization: Bearer changeme".
|
# need have the header "Authorization: Bearer changeme".
|
||||||
# matrix_user_verification_service_uvs_auth_token: changeme
|
# matrix_user_verification_service_uvs_auth_token: changeme
|
||||||
|
|
||||||
# Matrix server name to verify OpenID tokens against. See below section.
|
# Matrix server name to verify OpenID tokens against.
|
||||||
# Defaults to empty value which means verification is made against
|
# Pin UVS to only check openId Tokens for the matrix_server_name configured by this playbook.
|
||||||
# whatever Matrix server name passed in with the token
|
# This is not the homeserverURL, but rather the domain in the matrix "user ID"
|
||||||
# matrix_user_verification_service_uvs_openid_verify_server_name: matrix.org
|
# UVS can also be instructed to verify against the Matrix server name passed in the token, to enable set to ""
|
||||||
|
matrix_user_verification_service_uvs_openid_verify_server_name: "{{ matrix_domain }}"
|
||||||
|
|
||||||
# Log level, defaults to 'info'
|
# Log level
|
||||||
# See choices here: https://github.com/winstonjs/winston#logging-levels
|
# See choices here: https://github.com/winstonjs/winston#logging-levels
|
||||||
matrix_user_verification_service_uvs_log_level: warning
|
matrix_user_verification_service_uvs_log_level: info
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
|
@ -1,14 +1,9 @@
|
||||||
UVS_ACCESS_TOKEN={{ matrix_user_verification_service_uvs_access_token }}
|
UVS_ACCESS_TOKEN={{ matrix_user_verification_service_uvs_access_token }}
|
||||||
UVS_HOMESERVER_URL={{ matrix_user_verification_service_uvs_homeserver_url }}
|
UVS_HOMESERVER_URL={{ matrix_user_verification_service_uvs_homeserver_url }}
|
||||||
UVS_DISABLE_IP_BLACKLIST={{ matrix_user_verification_service_uvs_disable_ip_blacklist }}
|
UVS_DISABLE_IP_BLACKLIST={{ matrix_user_verification_service_uvs_disable_ip_blacklist }}
|
||||||
|
UVS_LOG_LEVEL={{ matrix_user_verification_service_uvs_log_level }}
|
||||||
{% if matrix_user_verification_service_uvs_auth_token is defined and matrix_user_verification_service_uvs_auth_token|length %}
|
|
||||||
UVS_AUTH_TOKEN={{ matrix_user_verification_service_uvs_auth_token }}
|
UVS_AUTH_TOKEN={{ matrix_user_verification_service_uvs_auth_token }}
|
||||||
{% endif %}
|
{% if matrix_user_verification_service_uvs_openid_verify_server_name | length > 0 %}
|
||||||
{% if matrix_user_verification_service_uvs_openid_verify_server_name is defined and matrix_user_verification_service_uvs_openid_verify_server_name|length %}
|
|
||||||
UVS_OPENID_VERIFY_SERVER_NAME={{ matrix_user_verification_service_uvs_openid_verify_server_name }}
|
UVS_OPENID_VERIFY_SERVER_NAME={{ matrix_user_verification_service_uvs_openid_verify_server_name }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if matrix_user_verification_service_uvs_log_level is defined and matrix_user_verification_service_uvs_log_level|length %}
|
|
||||||
UVS_LOG_LEVEL={{ matrix_user_verification_service_uvs_log_level }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue