From 1e4719e818dea94872eddfa0da58522f6495f23c Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 25 Jul 2017 11:26:58 +0200 Subject: [PATCH 1/5] add GOOGLE_OAUTH2_HD parameter --- env | 2 ++ 1 file changed, 2 insertions(+) diff --git a/env b/env index 5af29171..47d6c2ae 100644 --- a/env +++ b/env @@ -33,8 +33,10 @@ TWITTER_SECRET= # For the callback URL use 'http:///auth/google/callback' # Once registered copy the ID and Secret here # +# GOOGLE_OAUTH2_HD: (Optional) Limit sign-in to a particular Google Apps hosted domain. This can be simply string 'domain.com' GOOGLE_OAUTH2_ID= GOOGLE_OAUTH2_SECRET= +GOOGLE_OAUTH2_HD= # LDAP Login Provider (optional) # From 9ff5519abb8533b4926d6bef2b8b0501d7bb08cf Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 25 Jul 2017 11:28:55 +0200 Subject: [PATCH 2/5] pass GOOGLE_OAUTH2_ID to provider --- config/initializers/omniauth.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 6f4af204..20926337 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -8,8 +8,13 @@ Rails.application.config.omniauth_ldap = ENV['LDAP_SERVER'].present? Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET'] - provider :google_oauth2, ENV['GOOGLE_OAUTH2_ID'], ENV['GOOGLE_OAUTH2_SECRET'], - scope: ['profile', 'email', 'youtube', 'youtube.upload'], access_type: 'online', name: 'google' + provider :google_oauth2, + ENV['GOOGLE_OAUTH2_ID'], + ENV['GOOGLE_OAUTH2_SECRET'], + scope: ['profile', 'email', 'youtube', 'youtube.upload'], + access_type: 'online', + name: 'google', + hd: ENV['GOOGLE_OAUTH2_HD'] provider :ldap, host: ENV['LDAP_SERVER'], port: ENV['LDAP_PORT'], From 9edf2bc225542ef68fbe1f615aa7155c581ce438 Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 25 Jul 2017 16:11:36 +0200 Subject: [PATCH 3/5] correctly handle empty GOOGLE_OAUTH2_hd --- config/initializers/omniauth.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 20926337..1dcfbe19 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -14,7 +14,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do scope: ['profile', 'email', 'youtube', 'youtube.upload'], access_type: 'online', name: 'google', - hd: ENV['GOOGLE_OAUTH2_HD'] + hd: ENV['GOOGLE_OAUTH2_HD'].blank? ? nil : ENV['GOOGLE_OAUTH2_HD'] provider :ldap, host: ENV['LDAP_SERVER'], port: ENV['LDAP_PORT'], From de948a929998b0dc6a45e55ed0d870cfcef1e40e Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 25 Jul 2017 16:55:00 +0200 Subject: [PATCH 4/5] Formatting of comment about GOOGLE_OAUTH2_HD --- env | 5 ++- env~ | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 env~ diff --git a/env b/env index 47d6c2ae..7feb9d49 100644 --- a/env +++ b/env @@ -33,7 +33,10 @@ TWITTER_SECRET= # For the callback URL use 'http:///auth/google/callback' # Once registered copy the ID and Secret here # -# GOOGLE_OAUTH2_HD: (Optional) Limit sign-in to a particular Google Apps hosted domain. This can be simply string 'domain.com' +# The GOOGLE_OAUTH2_HD variable is used to limit sign-in to a particular Google Apps hosted domain. This +# can be a string such as, 'domain.com'. If left blank, GreenLight will allow sign-in from all Google Apps hosted +# domains. +# GOOGLE_OAUTH2_ID= GOOGLE_OAUTH2_SECRET= GOOGLE_OAUTH2_HD= diff --git a/env~ b/env~ new file mode 100644 index 00000000..47d6c2ae --- /dev/null +++ b/env~ @@ -0,0 +1,111 @@ +# Step 1 - Create a secret key for rails +# +# You can generate a secure one through the Greenlight docker image +# with with the command +# +# docker run --rm bigbluebutton/greenlight rake secret +# +SECRET_KEY_BASE= +# Step 2 - Enter credentials for your BigBlueButton Server +# +# The endpoint and secret from your bigbluebutton server. To get these values, run +# the following command on your BigBlueButton server +# +# bbb-conf --secret +# +# and uncomment the following two variables +#BIGBLUEBUTTON_ENDPOINT= +#BIGBLUEBUTTON_SECRET= + +# Twitter Login Provider (optional) +# +# You will need to register the app at https://apps.twitter.com/ +# For the callback URL use 'http:///auth/twitter/callback' +# Once registered copy the ID and Secret here +# +TWITTER_ID= +TWITTER_SECRET= + +# Google Login Provider (optional) +# +# You will need to register for at https://console.developers.google.com/apis/credentials +# Select Oauth client ID -> web application +# For the callback URL use 'http:///auth/google/callback' +# Once registered copy the ID and Secret here +# +# GOOGLE_OAUTH2_HD: (Optional) Limit sign-in to a particular Google Apps hosted domain. This can be simply string 'domain.com' +GOOGLE_OAUTH2_ID= +GOOGLE_OAUTH2_SECRET= +GOOGLE_OAUTH2_HD= + +# LDAP Login Provider (optional) +# +# You can enable LDAP authentication by providing values for the variables below. +# For information about setting up LDAP, see: +# http://docs.bigbluebutton.org/install/green-light.html#ldap-oauth +# +LDAP_SERVER= +LDAP_PORT= +LDAP_METHOD= +LDAP_UID= +LDAP_BASE= +LDAP_BIND_DN= +LDAP_PASSWORD= + +# If "true", GreenLight will register a webhook callback for each meeting +# created. This callback is called for all events that happen in the meeting, +# including the processing of its recording. These events are used to update +# the web page dynamically as things happen in the server. +# If not "true", the application will add a metadata to the meetings with this same +# callback URL. Scripts can then be added to BigBlueButton to call this callback +# URL and send specific events to GreenLight (e.g. a post publish script to warn +# the application when recordings are done). +GREENLIGHT_USE_WEBHOOKS=false + +# Slack Integration (optional) +# +# You will need to register an incoming-webhook for your slack channel +# in order for GreenLight to post to it. You can do this by going +# to https://slack.com/apps/A0F7XDUAZ-incoming-webhooks, selecting your +# team and then selecting "Add Incoming WebHooks integration" on the +# desired channel. You will then need to paste the webhook below. +# +SLACK_WEBHOOK= +SLACK_CHANNEL= + +# Landing Background (optional) +# +# Supply a URL to an image to change the landing background. If no +# URL is provided GreenLight will use a default image. If you +# supply a path that does not lead to an image, no landing image +# will appear. +# +LANDING_BACKGROUND= + +# SMTP Mailer +# +GREENLIGHT_MAIL_NOTIFICATIONS=true +GREENLIGHT_DOMAIN=localhost-lxc.org +SMTP_FROM=youremail@gmail.com +SMTP_SERVER=smtp.gmail.com +SMTP_PORT=587 +SMTP_DOMAIN=gmail.com +SMTP_USERNAME=youremail@gmail.com +SMTP_PASSWORD=yourpassword +# SMTP_TLS=false +# SMTP_AUTH=login +# SMTP_STARTTLS_AUTO=true + +# Prefix for the application's root URL +# Useful for deploying the application to a subdirectory +# +# default is '/b' (recommended) +# +#RELATIVE_URL_ROOT=/b + +# Uncomment and set to 'true' to only allow users to create meetings when authenticated. +# Unauthenticated users are still able to join meetings through invites. +#DISABLE_GUEST_ACCESS=false + +# Comment this out to send logs to STDOUT in production instead of log/production.log . +DISABLE_RAILS_LOG_TO_STDOUT=true From fe6e7c3efe8cffae512fc3e90d601677216a3481 Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 25 Jul 2017 16:56:23 +0200 Subject: [PATCH 5/5] should fix my gitignore --- env~ | 111 ----------------------------------------------------------- 1 file changed, 111 deletions(-) delete mode 100644 env~ diff --git a/env~ b/env~ deleted file mode 100644 index 47d6c2ae..00000000 --- a/env~ +++ /dev/null @@ -1,111 +0,0 @@ -# Step 1 - Create a secret key for rails -# -# You can generate a secure one through the Greenlight docker image -# with with the command -# -# docker run --rm bigbluebutton/greenlight rake secret -# -SECRET_KEY_BASE= -# Step 2 - Enter credentials for your BigBlueButton Server -# -# The endpoint and secret from your bigbluebutton server. To get these values, run -# the following command on your BigBlueButton server -# -# bbb-conf --secret -# -# and uncomment the following two variables -#BIGBLUEBUTTON_ENDPOINT= -#BIGBLUEBUTTON_SECRET= - -# Twitter Login Provider (optional) -# -# You will need to register the app at https://apps.twitter.com/ -# For the callback URL use 'http:///auth/twitter/callback' -# Once registered copy the ID and Secret here -# -TWITTER_ID= -TWITTER_SECRET= - -# Google Login Provider (optional) -# -# You will need to register for at https://console.developers.google.com/apis/credentials -# Select Oauth client ID -> web application -# For the callback URL use 'http:///auth/google/callback' -# Once registered copy the ID and Secret here -# -# GOOGLE_OAUTH2_HD: (Optional) Limit sign-in to a particular Google Apps hosted domain. This can be simply string 'domain.com' -GOOGLE_OAUTH2_ID= -GOOGLE_OAUTH2_SECRET= -GOOGLE_OAUTH2_HD= - -# LDAP Login Provider (optional) -# -# You can enable LDAP authentication by providing values for the variables below. -# For information about setting up LDAP, see: -# http://docs.bigbluebutton.org/install/green-light.html#ldap-oauth -# -LDAP_SERVER= -LDAP_PORT= -LDAP_METHOD= -LDAP_UID= -LDAP_BASE= -LDAP_BIND_DN= -LDAP_PASSWORD= - -# If "true", GreenLight will register a webhook callback for each meeting -# created. This callback is called for all events that happen in the meeting, -# including the processing of its recording. These events are used to update -# the web page dynamically as things happen in the server. -# If not "true", the application will add a metadata to the meetings with this same -# callback URL. Scripts can then be added to BigBlueButton to call this callback -# URL and send specific events to GreenLight (e.g. a post publish script to warn -# the application when recordings are done). -GREENLIGHT_USE_WEBHOOKS=false - -# Slack Integration (optional) -# -# You will need to register an incoming-webhook for your slack channel -# in order for GreenLight to post to it. You can do this by going -# to https://slack.com/apps/A0F7XDUAZ-incoming-webhooks, selecting your -# team and then selecting "Add Incoming WebHooks integration" on the -# desired channel. You will then need to paste the webhook below. -# -SLACK_WEBHOOK= -SLACK_CHANNEL= - -# Landing Background (optional) -# -# Supply a URL to an image to change the landing background. If no -# URL is provided GreenLight will use a default image. If you -# supply a path that does not lead to an image, no landing image -# will appear. -# -LANDING_BACKGROUND= - -# SMTP Mailer -# -GREENLIGHT_MAIL_NOTIFICATIONS=true -GREENLIGHT_DOMAIN=localhost-lxc.org -SMTP_FROM=youremail@gmail.com -SMTP_SERVER=smtp.gmail.com -SMTP_PORT=587 -SMTP_DOMAIN=gmail.com -SMTP_USERNAME=youremail@gmail.com -SMTP_PASSWORD=yourpassword -# SMTP_TLS=false -# SMTP_AUTH=login -# SMTP_STARTTLS_AUTO=true - -# Prefix for the application's root URL -# Useful for deploying the application to a subdirectory -# -# default is '/b' (recommended) -# -#RELATIVE_URL_ROOT=/b - -# Uncomment and set to 'true' to only allow users to create meetings when authenticated. -# Unauthenticated users are still able to join meetings through invites. -#DISABLE_GUEST_ACCESS=false - -# Comment this out to send logs to STDOUT in production instead of log/production.log . -DISABLE_RAILS_LOG_TO_STDOUT=true