Merge branch 'feature/ldap' into develop

# Conflicts: # app/Http/Controllers/Auth/LoginController.php # composer.json # composer.lock # config/firefly.php
2025-09-04 11:48:05 +00:00 · 2021-06-12 06:26:45 +02:00
parent 310448e9bb 33f6725d37
commit 8c171fa4d1
1 changed files with 106 additions and 50 deletions
--- a/.env.example
+++ b/.env.example
@@ -53,8 +53,7 @@ LOG_CHANNEL=stack
 APP_LOG_LEVEL=notice

 # Audit log level.
-# set to "emergency" if you dont want to store audit logs.
-# leave on info otherwise.
+# Set this to "emergency" if you dont want to store audit logs, leave on info otherwise.
 AUDIT_LOG_LEVEL=info

 # Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
@@ -89,11 +88,11 @@ PGSQL_SSL_CERT=null
 PGSQL_SSL_KEY=null
 PGSQL_SSL_CRL_FILE=null

-# If you're looking for performance improvements, you could install memcached.
+# If you're looking for performance improvements, you could install memcached or redis
 CACHE_DRIVER=file
 SESSION_DRIVER=file

-# If you set either of these to 'redis', you might want to update these settings too
+# If you set either of the options above to 'redis', you might want to update these settings too
 # If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or
 # REDIS_PORT_FILE to set the value from a file instead of from an environment variable

@@ -106,8 +105,8 @@ REDIS_PATH=
 # use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise.
 REDIS_HOST=127.0.0.1
 REDIS_PORT=6379
-
 REDIS_PASSWORD=null
+
 # always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly.
 REDIS_DB="0"
 REDIS_CACHE_DB="1"
@@ -115,12 +114,13 @@ REDIS_CACHE_DB="1"
 # Cookie settings. Should not be necessary to change these.
 # If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set
 # the value from a file instead of from an environment variable
+# Setting samesite to "strict" may give you trouble logging in.
 COOKIE_PATH="/"
 COOKIE_DOMAIN=
 COOKIE_SECURE=false
 COOKIE_SAMESITE=lax

-# If you want Firefly III to mail you, update these settings
+# If you want Firefly III to email you, update these settings
 # For instructions, see: https://docs.firefly-iii.org/advanced-installation/email
 # If you use Docker or similar, you can set these variables from a file by appending them with _FILE
 MAIL_MAILER=log
@@ -145,7 +145,7 @@ MAILGUN_ENDPOINT=api.mailgun.net
 MANDRILL_SECRET=
 SPARKPOST_SECRET=

-# Firefly III can send you the following messages
+# Firefly III can send you the following messages.
 SEND_REGISTRATION_MAIL=true
 SEND_ERROR_MESSAGE=true
 SEND_LOGIN_NEW_IP_WARNING=true
@@ -153,16 +153,9 @@ SEND_LOGIN_NEW_IP_WARNING=true
 # These messages contain (sensitive) transaction information:
 SEND_REPORT_JOURNALS=true

-# Set a Mapbox API key here (see mapbox.com) so there might be a map available at various places.
-# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
-# Take note: it is no longer necessary to set this value, and it will be removed in future versions.
-MAPBOX_API_KEY=
-
-#
-# Instead of the mapbox API key, just set this value to true if you want to set the location
+# Set this value to true if you want to set the location
 # of certain things, like transactions. Since this involves an external service, it's optional
 # and disabled by default.
-#
 ENABLE_EXTERNAL_MAP=false

 # The map will default to this location:
@@ -170,6 +163,13 @@ MAP_DEFAULT_LAT=51.983333
 MAP_DEFAULT_LONG=5.916667
 MAP_DEFAULT_ZOOM=6

+#
+# Firefly III authentication settings
+#
+
+
+
+# update me.
 # Firefly III has two options for user authentication. "eloquent" is the default,
 # and "ldap" for LDAP servers.
 # For full instructions on these settings please visit:
@@ -179,8 +179,6 @@ MAP_DEFAULT_ZOOM=6
 # If you enable 'ldap' AND you run Docker, the Docker image will contact packagist.org
 # This is necessary to download the required packages.
 #
-LOGIN_PROVIDER=eloquent
-
 # It's also possible to change the way users are authenticated. You could use Authelia for example.
 # Authentication via the REMOTE_USER header is supported. Change the value below to "remote_user_guard".
 #
@@ -190,7 +188,7 @@ LOGIN_PROVIDER=eloquent
 # https://docs.firefly-iii.org/advanced-installation/authentication
 #
 # This function is available in Firefly III v5.3.0 and higher.
-AUTHENTICATION_GUARD=web
+#AUTHENTICATION_GUARD=web

 # If the guard is changed, Firefly III uses the 'REMOTE_USER' header as per RFC 3875.
 # You can also use another header, like AUTH_USER when using Windows SSO.
@@ -200,7 +198,7 @@ AUTHENTICATION_GUARD=web
 # If this header is 'unexpectedly empty', check out the documentation.
 # https://docs.firefly-iii.org/advanced-installation/authentication
 #
-AUTHENTICATION_GUARD_HEADER=REMOTE_USER
+# AUTHENTICATION_GUARD_HEADER=REMOTE_USER

 #
 # Firefly III uses email addresses as user identifiers. When you're using an external authentication guard
@@ -212,58 +210,121 @@ AUTHENTICATION_GUARD_HEADER=REMOTE_USER
 #
 # Example value: AUTHENTICATION_GUARD_EMAIL=HTTP_X_AUTH_EMAIL
 #
-AUTHENTICATION_GUARD_EMAIL=
+# AUTHENTICATION_GUARD_EMAIL=


 # It's impossible to log out users who's authentication is handled by an external system.
 # Enter a custom URL here that will force a logout (your authentication provider can tell you).
 # Setting this variable only works when AUTHENTICATION_GUARD != web
 #
-CUSTOM_LOGOUT_URI=
+# CUSTOM_LOGOUT_URI=

 # LDAP connection configuration
 # OpenLDAP, FreeIPA or ActiveDirectory
 # # If you use Docker or similar, you can set this variable from a file by appending it with _FILE
-ADLDAP_CONNECTION_SCHEME=OpenLDAP
-ADLDAP_AUTO_CONNECT=true
+#ADLDAP_CONNECTION_SCHEME=OpenLDAP
+#ADLDAP_AUTO_CONNECT=true

 # LDAP connection settings
 # You can set the following variables from a file by appending them with _FILE:
 # ADLDAP_CONTROLLERS, ADLDAP_PORT, ADLDAP_BASEDN
-ADLDAP_CONTROLLERS=
-ADLDAP_PORT=389
-ADLDAP_TIMEOUT=5
-ADLDAP_BASEDN=""
-ADLDAP_FOLLOW_REFFERALS=false
+#ADLDAP_CONTROLLERS=
+#ADLDAP_PORT=389
+#ADLDAP_TIMEOUT=5
+#ADLDAP_BASEDN=""
+#ADLDAP_FOLLOW_REFFERALS=false

 # SSL/TLS settings
-ADLDAP_USE_SSL=false
-ADLDAP_USE_TLS=false
-ADLDAP_SSL_CACERTDIR=
-ADLDAP_SSL_CACERTFILE=
-ADLDAP_SSL_CERTFILE=
-ADLDAP_SSL_KEYFILE=
-ADLDAP_SSL_CIPHER_SUITE=
-ADLDAP_SSL_REQUIRE_CERT=
+#ADLDAP_USE_SSL=false
+#ADLDAP_USE_TLS=false
+#ADLDAP_SSL_CACERTDIR=
+#ADLDAP_SSL_CACERTFILE=
+#ADLDAP_SSL_CERTFILE=
+#ADLDAP_SSL_KEYFILE=
+#ADLDAP_SSL_CIPHER_SUITE=
+#ADLDAP_SSL_REQUIRE_CERT=

 # You can set the following variables from a file by appending them with _FILE:
-ADLDAP_ADMIN_USERNAME=
-ADLDAP_ADMIN_PASSWORD=
+#ADLDAP_ADMIN_USERNAME=
+#ADLDAP_ADMIN_PASSWORD=

 # You can set the following variables from a file by appending them with _FILE:
-ADLDAP_ACCOUNT_PREFIX=
-ADLDAP_ACCOUNT_SUFFIX=
+#ADLDAP_ACCOUNT_PREFIX=
+#ADLDAP_ACCOUNT_SUFFIX=

 # LDAP authentication settings.
-ADLDAP_PASSWORD_SYNC=false
-ADLDAP_LOGIN_FALLBACK=false
+#ADLDAP_PASSWORD_SYNC=false
+#ADLDAP_LOGIN_FALLBACK=false

-ADLDAP_DISCOVER_FIELD=distinguishedname
-ADLDAP_AUTH_FIELD=distinguishedname
+#ADLDAP_DISCOVER_FIELD=distinguishedname
+#ADLDAP_AUTH_FIELD=distinguishedname

 # field to sync as local username.
 # You can set the following variable from a file by appending it with _FILE:
-ADLDAP_SYNC_FIELD=userprincipalname
+#ADLDAP_SYNC_FIELD=userprincipalname
+
+
+# Login provider is obsolete
+#LOGIN_PROVIDER=eloquent
+#AUTHENTICATION_GUARD=ldap
+#CUSTOM_LOGOUT_URI=https://nu.nl
+
+# start new LDAP settings
+#LDAP_LOGGING=true
+#LDAP_CONNECTION=default
+#LDAP_HOST=ldap.jumpcloud.com
+#LDAP_USERNAME="uid=authelia,ou=Users,o=5fdddb09ae7868233b9d26d6,dc=jumpcloud,dc=com"
+#LDAP_PASSWORD=FZWhDnXVb_.ciGFVwuQC@m9CVo@vdVMx
+#LDAP_PORT=389
+#LDAP_BASE_DN="ou=Users,o=5fdddb09ae7868233b9d26d6,dc=jumpcloud,dc=com"
+#LDAP_TIMEOUT=5
+#DAP_SSL=true
+#LDAP_TLS=false
+# end new LDAP settings
+
+# start custom LDAP settings
+#LDAP_AUTH_FIELD=uid
+# end custom LDAP settings
+
+
+# LDAP connection configuration
+# OpenLDAP, FreeIPA or ActiveDirectory
+#ADLDAP_CONNECTION_SCHEME=OpenLDAP
+#ADLDAP_AUTO_CONNECT=true
+
+# LDAP connection settings
+#ADLDAP_CONTROLLERS=
+#ADLDAP_PORT=389
+#ADLDAP_TIMEOUT=5
+#ADLDAP_BASEDN=""
+#ADLDAP_FOLLOW_REFFERALS=false
+#ADLDAP_USE_SSL=false
+#ADLDAP_USE_TLS=false
+#ADLDAP_SSL_CACERTDIR=
+#ADLDAP_SSL_CACERTFILE=
+#ADLDAP_SSL_CERTFILE=
+#ADLDAP_SSL_KEYFILE=
+#ADLDAP_SSL_CIPHER_SUITE=
+#ADLDAP_SSL_REQUIRE_CERT=
+#ADLDAP_ADMIN_USERNAME=
+#ADLDAP_ADMIN_PASSWORD=
+#ADLDAP_ACCOUNT_PREFIX=
+#ADLDAP_ACCOUNT_SUFFIX=
+# LDAP authentication settings.
+#ADLDAP_PASSWORD_SYNC=false
+#ADLDAP_LOGIN_FALLBACK=false
+#ADLDAP_DISCOVER_FIELD=distinguishedname
+#ADLDAP_AUTH_FIELD=distinguishedname
+
+# Will allow SSO if your server provides an AUTH_USER field.
+#WINDOWS_SSO_DISCOVER=samaccountname
+#WINDOWS_SSO_KEY=AUTH_USER
+
+# field to sync as local username.
+#ADLDAP_SYNC_FIELD=userprincipalname
+
+
+

 # You can disable the X-Frame-Options header if it interferes with tools like
 # Organizr. This is at your own risk. Applications running in frames run the risk
@@ -284,11 +345,6 @@ DISABLE_CSP_HEADER=false
 TRACKER_SITE_ID=
 TRACKER_URL=

-# Firefly III can collect telemetry on how you use Firefly III. This is opt-in.
-# In order to allow this, change the following variable to true.
-# To read more about this feature, go to this page: https://docs.firefly-iii.org/support/telemetry
-SEND_TELEMETRY=false
-
 #
 # Firefly III supports webhooks. These are security sensitive and must be enabled manually first.
 #