mealie/tests/e2e/docker/docker-compose.yml

version: "3.4"
services:
  oidc-mock-server:
    container_name: oidc-mock-server
    image: ghcr.io/navikt/mock-oauth2-server:2.1.9
    network_mode: host
    environment:
      LOG_LEVEL: "debug"
      SERVER_PORT: 8080

  ldap:
    image: rroemhild/test-openldap
    ports:
      - 10389:10389

  mealie:
    container_name: mealie
    image: mealie:e2e
    build:
      context: ../../../
      target: production
      dockerfile: ./docker/Dockerfile
    restart: always
    volumes:
      - mealie-data:/app/data/
    network_mode: host
    environment:
      ALLOW_SIGNUP: True
      DB_ENGINE: sqlite

      OIDC_AUTH_ENABLED: True
      OIDC_SIGNUP_ENABLED: True
      OIDC_USER_GROUP: user
      OIDC_ADMIN_GROUP: admin
      OIDC_CONFIGURATION_URL: http://localhost:8080/default/.well-known/openid-configuration
      OIDC_CLIENT_ID: default
      OIDC_CLIENT_SECRET: secret

      LDAP_AUTH_ENABLED: True
      LDAP_SERVER_URL: ldap://localhost:10389
      LDAP_TLS_INSECURE: true
      LDAP_ENABLE_STARTTLS: false
      LDAP_BASE_DN: "ou=people,dc=planetexpress,dc=com"
      LDAP_QUERY_BIND: "cn=admin,dc=planetexpress,dc=com"
      LDAP_QUERY_PASSWORD: "GoodNewsEveryone"
      LDAP_USER_FILTER: "(&(|({id_attribute}={input})({mail_attribute}={input}))(|(memberOf=cn=ship_crew,ou=people,dc=planetexpress,dc=com)(memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com)))"
      LDAP_ADMIN_FILTER: "memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com"
      LDAP_ID_ATTRIBUTE: uid
      LDAP_NAME_ATTRIBUTE: cn
      LDAP_MAIL_ATTRIBUTE: mail

volumes:
  mealie-data:
    driver: local
feat: Login with OAuth via OpenID Connect (OIDC) (#3280) * initial oidc implementation * add dynamic scheme * e2e test setup * add caching * fix * try this * add libldap-2.5 to runtime dependencies (#2849) * New translations en-us.json (Norwegian) (#2851) * New Crowdin updates (#2855) * New translations en-us.json (Italian) * New translations en-us.json (Norwegian) * New translations en-us.json (Portuguese) * fix * remove cache * cache yarn deps * cache docker image * cleanup action * lint * fix tests * remove not needed variables * run code gen * fix tests * add docs * move code into custom scheme * remove unneeded type * fix oidc admin * add more tests * add better spacing on login page * create auth providers * clean up testing stuff * type fixes * add OIDC auth method to postgres enum * add option to bypass login screen and go directly to iDP * remove check so we can fallback to another auth method oauth fails * Add provider name to be shown at the login screen * add new properties to admin about api * fix spec * add a prompt to change auth method when changing password * Create new auth section. Add more info on auth methods * update docs * run ruff * update docs * format * docs gen * formatting * initialize logger in class * mypy type fixes * docs gen * add models to get proper fields in docs and fix serialization * validate id token before using it * only request a mealie token on initial callback * remove unused method * fix unit tests * docs gen * check for valid idToken before getting token * add iss to mealie token * check to see if we already have a mealie token before getting one * fix lock file * update authlib * update lock file * add remember me environment variable * add user group setting to allow only certain groups to log in --------- Co-authored-by: Carter Mintey <cmintey8@gmail.com> Co-authored-by: Carter <35710697+cmintey@users.noreply.github.com> 2024-03-10 13:51:36 -05:00			`version: "3.4"`
			`services:`
			`oidc-mock-server:`
			`container_name: oidc-mock-server`
feat: Add OIDC_CLIENT_SECRET and other changes for v2 (#4254) Co-authored-by: boc-the-git <3479092+boc-the-git@users.noreply.github.com> 2024-10-05 16:12:11 -05:00			`image: ghcr.io/navikt/mock-oauth2-server:2.1.9`
feat: Login with OAuth via OpenID Connect (OIDC) (#3280) * initial oidc implementation * add dynamic scheme * e2e test setup * add caching * fix * try this * add libldap-2.5 to runtime dependencies (#2849) * New translations en-us.json (Norwegian) (#2851) * New Crowdin updates (#2855) * New translations en-us.json (Italian) * New translations en-us.json (Norwegian) * New translations en-us.json (Portuguese) * fix * remove cache * cache yarn deps * cache docker image * cleanup action * lint * fix tests * remove not needed variables * run code gen * fix tests * add docs * move code into custom scheme * remove unneeded type * fix oidc admin * add more tests * add better spacing on login page * create auth providers * clean up testing stuff * type fixes * add OIDC auth method to postgres enum * add option to bypass login screen and go directly to iDP * remove check so we can fallback to another auth method oauth fails * Add provider name to be shown at the login screen * add new properties to admin about api * fix spec * add a prompt to change auth method when changing password * Create new auth section. Add more info on auth methods * update docs * run ruff * update docs * format * docs gen * formatting * initialize logger in class * mypy type fixes * docs gen * add models to get proper fields in docs and fix serialization * validate id token before using it * only request a mealie token on initial callback * remove unused method * fix unit tests * docs gen * check for valid idToken before getting token * add iss to mealie token * check to see if we already have a mealie token before getting one * fix lock file * update authlib * update lock file * add remember me environment variable * add user group setting to allow only certain groups to log in --------- Co-authored-by: Carter Mintey <cmintey8@gmail.com> Co-authored-by: Carter <35710697+cmintey@users.noreply.github.com> 2024-03-10 13:51:36 -05:00			`network_mode: host`
			`environment:`
			`LOG_LEVEL: "debug"`
			`SERVER_PORT: 8080`

			`ldap:`
			`image: rroemhild/test-openldap`
			`ports:`
			`- 10389:10389`

			`mealie:`
			`container_name: mealie`
			`image: mealie:e2e`
			`build:`
			`context: ../../../`
			`target: production`
			`dockerfile: ./docker/Dockerfile`
			`restart: always`
			`volumes:`
			`- mealie-data:/app/data/`
			`network_mode: host`
			`environment:`
			`ALLOW_SIGNUP: True`
			`DB_ENGINE: sqlite`

			`OIDC_AUTH_ENABLED: True`
			`OIDC_SIGNUP_ENABLED: True`
Fix OIDC infinite loop if user is not in OIDC_USER_GROUP (#3487) 2024-04-18 19:17:45 -05:00			`OIDC_USER_GROUP: user`
feat: Login with OAuth via OpenID Connect (OIDC) (#3280) * initial oidc implementation * add dynamic scheme * e2e test setup * add caching * fix * try this * add libldap-2.5 to runtime dependencies (#2849) * New translations en-us.json (Norwegian) (#2851) * New Crowdin updates (#2855) * New translations en-us.json (Italian) * New translations en-us.json (Norwegian) * New translations en-us.json (Portuguese) * fix * remove cache * cache yarn deps * cache docker image * cleanup action * lint * fix tests * remove not needed variables * run code gen * fix tests * add docs * move code into custom scheme * remove unneeded type * fix oidc admin * add more tests * add better spacing on login page * create auth providers * clean up testing stuff * type fixes * add OIDC auth method to postgres enum * add option to bypass login screen and go directly to iDP * remove check so we can fallback to another auth method oauth fails * Add provider name to be shown at the login screen * add new properties to admin about api * fix spec * add a prompt to change auth method when changing password * Create new auth section. Add more info on auth methods * update docs * run ruff * update docs * format * docs gen * formatting * initialize logger in class * mypy type fixes * docs gen * add models to get proper fields in docs and fix serialization * validate id token before using it * only request a mealie token on initial callback * remove unused method * fix unit tests * docs gen * check for valid idToken before getting token * add iss to mealie token * check to see if we already have a mealie token before getting one * fix lock file * update authlib * update lock file * add remember me environment variable * add user group setting to allow only certain groups to log in --------- Co-authored-by: Carter Mintey <cmintey8@gmail.com> Co-authored-by: Carter <35710697+cmintey@users.noreply.github.com> 2024-03-10 13:51:36 -05:00			`OIDC_ADMIN_GROUP: admin`
			`OIDC_CONFIGURATION_URL: http://localhost:8080/default/.well-known/openid-configuration`
			`OIDC_CLIENT_ID: default`
feat: Add OIDC_CLIENT_SECRET and other changes for v2 (#4254) Co-authored-by: boc-the-git <3479092+boc-the-git@users.noreply.github.com> 2024-10-05 16:12:11 -05:00			`OIDC_CLIENT_SECRET: secret`
feat: Login with OAuth via OpenID Connect (OIDC) (#3280) * initial oidc implementation * add dynamic scheme * e2e test setup * add caching * fix * try this * add libldap-2.5 to runtime dependencies (#2849) * New translations en-us.json (Norwegian) (#2851) * New Crowdin updates (#2855) * New translations en-us.json (Italian) * New translations en-us.json (Norwegian) * New translations en-us.json (Portuguese) * fix * remove cache * cache yarn deps * cache docker image * cleanup action * lint * fix tests * remove not needed variables * run code gen * fix tests * add docs * move code into custom scheme * remove unneeded type * fix oidc admin * add more tests * add better spacing on login page * create auth providers * clean up testing stuff * type fixes * add OIDC auth method to postgres enum * add option to bypass login screen and go directly to iDP * remove check so we can fallback to another auth method oauth fails * Add provider name to be shown at the login screen * add new properties to admin about api * fix spec * add a prompt to change auth method when changing password * Create new auth section. Add more info on auth methods * update docs * run ruff * update docs * format * docs gen * formatting * initialize logger in class * mypy type fixes * docs gen * add models to get proper fields in docs and fix serialization * validate id token before using it * only request a mealie token on initial callback * remove unused method * fix unit tests * docs gen * check for valid idToken before getting token * add iss to mealie token * check to see if we already have a mealie token before getting one * fix lock file * update authlib * update lock file * add remember me environment variable * add user group setting to allow only certain groups to log in --------- Co-authored-by: Carter Mintey <cmintey8@gmail.com> Co-authored-by: Carter <35710697+cmintey@users.noreply.github.com> 2024-03-10 13:51:36 -05:00
			`LDAP_AUTH_ENABLED: True`
			`LDAP_SERVER_URL: ldap://localhost:10389`
			`LDAP_TLS_INSECURE: true`
			`LDAP_ENABLE_STARTTLS: false`
			`LDAP_BASE_DN: "ou=people,dc=planetexpress,dc=com"`
			`LDAP_QUERY_BIND: "cn=admin,dc=planetexpress,dc=com"`
			`LDAP_QUERY_PASSWORD: "GoodNewsEveryone"`
			`LDAP_USER_FILTER: "(&(\|({id_attribute}={input})({mail_attribute}={input}))(\|(memberOf=cn=ship_crew,ou=people,dc=planetexpress,dc=com)(memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com)))"`
			`LDAP_ADMIN_FILTER: "memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com"`
			`LDAP_ID_ATTRIBUTE: uid`
			`LDAP_NAME_ATTRIBUTE: cn`
			`LDAP_MAIL_ATTRIBUTE: mail`

			`volumes:`
			`mealie-data:`
			`driver: local`