feat: update OAuth client IDs and secrets in configuration files

2026-03-14 01:37:38 +00:00
parent 06118fbd40
commit 808a775ebe
3 changed files with 169 additions and 18 deletions
--- a/ansible/casdoor/init_data.json.j2
+++ b/ansible/casdoor/init_data.json.j2
@@ -66,8 +66,8 @@
      "enablePassword": true,
      "enableSignUp": true,
      "disableSignin": false,
-      "clientId": "{{ vault_angelia_oauth_client_id }}",
-      "clientSecret": "{{ vault_angelia_oauth_client_secret }}",
+      "clientId": "{{ angelia_oauth_client_id }}",
+      "clientSecret": "{{ angelia_oauth_client_secret }}",
      "providers": [],
      "signinMethods": [
        {"name": "Password", "displayName": "Password", "rule": "All"},
@@ -101,6 +101,144 @@
      "formCss": "<style>.login-panel{background-color:#ffffff;border-radius:10px;box-shadow:0 0 30px 20px rgba(255,164,21,0.12)}.ant-btn-primary{background-color:#4b96ff!important;border-color:#4b96ff!important}.ant-btn-primary:hover{background-color:#58c0ff!important;border-color:#58c0ff!important}a{color:#ffa415}a:hover{color:#ffc219}.ant-input:focus,.ant-input-focused{border-color:#4b96ff!important;box-shadow:0 0 0 2px rgba(75,150,255,0.2)!important}.ant-checkbox-checked .ant-checkbox-inner{background-color:#4b96ff!important;border-color:#4b96ff!important}</style>",
      "footerHtml": "<div style=\"text-align:center;padding:10px;color:#666;\"><a href=\"https://helu.ca\" style=\"color:#4b96ff;text-decoration:none;\">Powered by Helu.ca</a></div>"
    },
+    {
+      "owner": "admin",
+      "name": "athena",
+      "displayName": "Athena",
+      "logo": "https://helu.ca/media/images/helu-ca_logo.original.svg",
+      "homepageUrl": "https://athena.ouranos.helu.ca",
+      "organization": "heluca",
+      "cert": "cert-heluca",
+      "enablePassword": true,
+      "enableSignUp": true,
+      "disableSignin": false,
+      "clientId": "{{ athena_oauth2_client_id }}",
+      "clientSecret": "{{ athena_oauth2_client_secret }}",
+      "providers": [],
+      "signinMethods": [
+        {"name": "Password", "displayName": "Password", "rule": "All"},
+        {"name": "Verification code", "displayName": "Verification code", "rule": "All"},
+        {"name": "WebAuthn", "displayName": "WebAuthn", "rule": "None"}
+      ],
+      "signupItems": [
+        {"name": "ID", "visible": false, "required": true, "prompted": false, "rule": "Random"},
+        {"name": "Email", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Display name", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Password", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Confirm password", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Agreement", "visible": true, "required": true, "prompted": false, "rule": "None"}
+      ],
+      "grantTypes": [
+        "authorization_code",
+        "password",
+        "client_credentials",
+        "token",
+        "id_token",
+        "refresh_token"
+      ],
+      "redirectUris": [
+        "https://athena.ouranos.helu.ca/accounts/oidc/casdoor/login/callback/"
+      ],
+      "tokenFormat": "JWT",
+      "tokenFields": [],
+      "expireInHours": 168,
+      "failedSigninLimit": 5,
+      "failedSigninFrozenTime": 15,
+      "formCss": "<style>.login-panel{background-color:#ffffff;border-radius:10px;box-shadow:0 0 30px 20px rgba(255,164,21,0.12)}.ant-btn-primary{background-color:#4b96ff!important;border-color:#4b96ff!important}.ant-btn-primary:hover{background-color:#58c0ff!important;border-color:#58c0ff!important}a{color:#ffa415}a:hover{color:#ffc219}.ant-input:focus,.ant-input-focused{border-color:#4b96ff!important;box-shadow:0 0 0 2px rgba(75,150,255,0.2)!important}.ant-checkbox-checked .ant-checkbox-inner{background-color:#4b96ff!important;border-color:#4b96ff!important}</style>",
+      "footerHtml": "<div style=\"text-align:center;padding:10px;color:#666;\"><a href=\"https://helu.ca\" style=\"color:#4b96ff;text-decoration:none;\">Powered by Helu.ca</a></div>"
+    },
+    {
+      "owner": "admin",
+      "name": "kairos",
+      "displayName": "Kairos",
+      "logo": "https://helu.ca/media/images/helu-ca_logo.original.svg",
+      "homepageUrl": "https://kairos.ouranos.helu.ca",
+      "organization": "heluca",
+      "cert": "cert-heluca",
+      "enablePassword": true,
+      "enableSignUp": true,
+      "disableSignin": false,
+      "clientId": "{{ kairos_oauth2_client_id }}",
+      "clientSecret": "{{ kairos_oauth2_client_secret }}",
+      "providers": [],
+      "signinMethods": [
+        {"name": "Password", "displayName": "Password", "rule": "All"},
+        {"name": "Verification code", "displayName": "Verification code", "rule": "All"},
+        {"name": "WebAuthn", "displayName": "WebAuthn", "rule": "None"}
+      ],
+      "signupItems": [
+        {"name": "ID", "visible": false, "required": true, "prompted": false, "rule": "Random"},
+        {"name": "Email", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Display name", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Password", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Confirm password", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Agreement", "visible": true, "required": true, "prompted": false, "rule": "None"}
+      ],
+      "grantTypes": [
+        "authorization_code",
+        "password",
+        "client_credentials",
+        "token",
+        "id_token",
+        "refresh_token"
+      ],
+      "redirectUris": [
+        "https://kairos.ouranos.helu.ca/accounts/oidc/casdoor/login/callback/"
+      ],
+      "tokenFormat": "JWT",
+      "tokenFields": [],
+      "expireInHours": 168,
+      "failedSigninLimit": 5,
+      "failedSigninFrozenTime": 15,
+      "formCss": "<style>.login-panel{background-color:#ffffff;border-radius:10px;box-shadow:0 0 30px 20px rgba(255,164,21,0.12)}.ant-btn-primary{background-color:#4b96ff!important;border-color:#4b96ff!important}.ant-btn-primary:hover{background-color:#58c0ff!important;border-color:#58c0ff!important}a{color:#ffa415}a:hover{color:#ffc219}.ant-input:focus,.ant-input-focused{border-color:#4b96ff!important;box-shadow:0 0 0 2px rgba(75,150,255,0.2)!important}.ant-checkbox-checked .ant-checkbox-inner{background-color:#4b96ff!important;border-color:#4b96ff!important}</style>",
+      "footerHtml": "<div style=\"text-align:center;padding:10px;color:#666;\"><a href=\"https://helu.ca\" style=\"color:#4b96ff;text-decoration:none;\">Powered by Helu.ca</a></div>"
+    },
+    {
+      "owner": "admin",
+      "name": "spelunker",
+      "displayName": "Spelunker",
+      "logo": "https://helu.ca/media/images/helu-ca_logo.original.svg",
+      "homepageUrl": "https://spelunker.ouranos.helu.ca",
+      "organization": "heluca",
+      "cert": "cert-heluca",
+      "enablePassword": true,
+      "enableSignUp": true,
+      "disableSignin": false,
+      "clientId": "{{ spelunker_oauth2_client_id }}",
+      "clientSecret": "{{ spelunker_oauth2_client_secret }}",
+      "providers": [],
+      "signinMethods": [
+        {"name": "Password", "displayName": "Password", "rule": "All"},
+        {"name": "Verification code", "displayName": "Verification code", "rule": "All"},
+        {"name": "WebAuthn", "displayName": "WebAuthn", "rule": "None"}
+      ],
+      "signupItems": [
+        {"name": "ID", "visible": false, "required": true, "prompted": false, "rule": "Random"},
+        {"name": "Email", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Display name", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Password", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Confirm password", "visible": true, "required": true, "prompted": false, "rule": "None"},
+        {"name": "Agreement", "visible": true, "required": true, "prompted": false, "rule": "None"}
+      ],
+      "grantTypes": [
+        "authorization_code",
+        "password",
+        "client_credentials",
+        "token",
+        "id_token",
+        "refresh_token"
+      ],
+      "redirectUris": [
+        "https://spelunker.ouranos.helu.ca/accounts/oidc/casdoor/login/callback/"
+      ],
+      "tokenFormat": "JWT",
+      "tokenFields": [],
+      "expireInHours": 168,
+      "failedSigninLimit": 5,
+      "failedSigninFrozenTime": 15,
+      "formCss": "<style>.login-panel{background-color:#ffffff;border-radius:10px;box-shadow:0 0 30px 20px rgba(255,164,21,0.12)}.ant-btn-primary{background-color:#4b96ff!important;border-color:#4b96ff!important}.ant-btn-primary:hover{background-color:#58c0ff!important;border-color:#58c0ff!important}a{color:#ffa415}a:hover{color:#ffc219}.ant-input:focus,.ant-input-focused{border-color:#4b96ff!important;box-shadow:0 0 0 2px rgba(75,150,255,0.2)!important}.ant-checkbox-checked .ant-checkbox-inner{background-color:#4b96ff!important;border-color:#4b96ff!important}</style>",
+      "footerHtml": "<div style=\"text-align:center;padding:10px;color:#666;\"><a href=\"https://helu.ca\" style=\"color:#4b96ff;text-decoration:none;\">Powered by Helu.ca</a></div>"
+    },  
    {
      "owner": "admin",
      "name": "gitea",
@@ -111,8 +249,8 @@
      "cert": "cert-heluca",
      "enablePassword": true,
      "enableSignUp": false,
-      "clientId": "{{ vault_gitea_oauth_client_id }}",
-      "clientSecret": "{{ vault_gitea_oauth_client_secret }}",
+      "clientId": "{{ gitea_oauth_client_id }}",
+      "clientSecret": "{{ gitea_oauth_client_secret }}",
      "providers": [],
      "signinMethods": [
        {"name": "Password", "displayName": "Password", "rule": "All"}
@@ -146,8 +284,8 @@
      "cert": "cert-heluca",
      "enablePassword": true,
      "enableSignUp": false,
-      "clientId": "{{ vault_jupyterlab_oauth_client_id }}",
-      "clientSecret": "{{ vault_jupyterlab_oauth_client_secret }}",
+      "clientId": "{{ jupyterlab_oauth_client_id }}",
+      "clientSecret": "{{ jupyterlab_oauth_client_secret }}",
      "providers": [],
      "signinMethods": [
        {"name": "Password", "displayName": "Password", "rule": "All"}
@@ -181,8 +319,8 @@
      "cert": "cert-heluca",
      "enablePassword": true,
      "enableSignUp": false,
-      "clientId": "{{ vault_searxng_oauth_client_id }}",
-      "clientSecret": "{{ vault_searxng_oauth_client_secret }}",
+      "clientId": "{{ searxng_oauth_client_id }}",
+      "clientSecret": "{{ searxng_oauth_client_secret }}",
      "providers": [],
      "signinMethods": [
        {"name": "Password", "displayName": "Password", "rule": "All"}
@@ -216,8 +354,8 @@
      "cert": "cert-heluca",
      "enablePassword": true,
      "enableSignUp": false,
-      "clientId": "{{ vault_openwebui_oauth_client_id }}",
-      "clientSecret": "{{ vault_openwebui_oauth_client_secret }}",
+      "clientId": "{{ openwebui_oauth_client_id }}",
+      "clientSecret": "{{ openwebui_oauth_client_secret }}",
      "providers": [],
      "signinMethods": [
        {"name": "Password", "displayName": "Password", "rule": "All"}
@@ -251,8 +389,8 @@
      "cert": "cert-heluca",
      "enablePassword": true,
      "enableSignUp": false,
-      "clientId": "{{ vault_daedalus_oauth_client_id }}",
-      "clientSecret": "{{ vault_daedalus_oauth_client_secret }}",
+      "clientId": "{{ daedalus_oauth_client_id }}",
+      "clientSecret": "{{ daedalus_oauth_client_secret }}",
      "providers": [],
      "signinMethods": [
        {"name": "Password", "displayName": "Password", "rule": "All"}
--- a/ansible/inventory/host_vars/titania.incus.yml
+++ b/ansible/inventory/host_vars/titania.incus.yml
@@ -220,3 +220,16 @@ casdoor_ldaps_server_port: 0
 casdoor_radius_server_port: 1812
 casdoor_radius_default_organization: "built-in"
 casdoor_radius_secret: "{{ vault_casdoor_radius_secret }}"
+# Oath2
+angelia_oauth_client_id: "{{ vault_angelia_oauth_client_id }}"
+angelia_oauth_client_secret: "{{ vault_angelia_oauth_client_secret }}"
+daedalus_oauth_client_id: "{{ vault_daedalus_oauth_client_id }}"
+daedalus_oauth_client_secret: "{{ vault_daedalus_oauth_client_secret }}"
+gitea_oauth_client_id: "{{ vault_gitea_oauth_client_id }}"
+gitea_oauth_client_secret: "{{ vault_gitea_oauth_client_secret }}"
+jupyterlab_oauth_client_id: "{{ vault_jupyterlab_oauth_client_id }}"
+jupyterlab_oauth_client_secret: "{{ vault_jupyterlab_oauth_client_secret }}"
+openwebui_oauth_client_id: "{{ vault_openwebui_oauth_client_id }}"
+openwebui_oauth_client_secret: "{{ vault_openwebui_oauth_client_secret }}"
+searxng_oauth_client_id: "{{ vault_searxng_oauth_client_id }}"
+searxng_oauth_client_secret: "{{ vault_searxng_oauth_client_secret }}"
--- a/terraform/containers.tf
+++ b/terraform/containers.tf
@@ -31,8 +31,8 @@ EOT
        name = "app_ports"
        type = "proxy"
        properties = {
-          listen  = "tcp:0.0.0.0:25580-25599"
-          connect = "tcp:127.0.0.1:25580-25599"
+          listen  = "tcp:0.0.0.0:25590-25599"
+          connect = "tcp:127.0.0.1:25590-25599"
        }
      }]
    }
@@ -114,15 +114,15 @@ EOT
        name = "puck_ports"
        type = "proxy"
        properties = {
-          listen  = "tcp:0.0.0.0:25570-25579"
-          connect = "tcp:127.0.0.1:25570-25579"
+          listen  = "tcp:0.0.0.0:25570-25589"
+          connect = "tcp:127.0.0.1:25570-25589"
        }
      },
        {
        name = "puck_rdp"
        type = "proxy"
        properties = {
-          listen  = "tcp:0.0.0.0:25520"
+          listen  = "tcp:0.0.0.0:25589"
          connect = "tcp:127.0.0.1:3389"
        }
      },
@@ -145,7 +145,7 @@ EOT
        name = "caliban"
        type = "proxy"
        properties = {
-          listen  = "tcp:0.0.0.0:25521"
+          listen  = "tcp:0.0.0.0:25519"
          connect = "tcp:127.0.0.1:3389"
        }
      },