Merge branch '77-nouveau-service-flarum' into 'master'

Resolve "[nouveau service] flarum" Closes #77 See merge request acides/hiboo/hiboo!32

Merge branch '77-nouveau-service-flarum' into 'master'
52cfa00f · kaiyou · f3b26d9a · c75e9e17 · 52cfa00f · 52cfa00f
Commit 52cfa00f authored 3 years ago by kaiyou
--- a/hiboo/application/social.py
+++ b/hiboo/application/social.py
@@ -173,3 +173,22 @@ class PeertubeApplication(base.OIDCApplication):
            "grant_types": ["authorization_code"],
            "response_types": ["code"],
        }
+
+
+@register("flarum")
+class FlarumApplication(base.SAMLApplication):
+    """ Flarum is a simple discussion platform, fast and easy to use, with all the features you need to run a successful community.
+    """
+
+    name = _("Flarum")
+
+    class Form(base.BaseForm):
+        application_uri = fields.StringField(_("Flarum URL"), [validators.URL(require_tld=False)])
+        submit = fields.SubmitField(_('Submit'))
+
+    def configure(self, form):
+        return {
+            "acs": form.application_uri.data + "/auth/saml/acs",
+            "entityid": form.application_uri.data + "/auth/saml/metadata",
+            "sign_mode": "response"
+        }
--- a/hiboo/application/templates/application_flarum.html
+++ b/hiboo/application/templates/application_flarum.html
+<h3>Setting up Flarum</h3>
+<p>Flarum uses the <a href="https://github.com/askvortsov1/flarum-saml">flarum_saml</a> extension in order to handle SAML2 authentication.</p>
+<p>You must first install this extension on your instance, then enable the <i>SAML2 SSO</i> extension in the <i>Administration</i> panel and fill in the following parameters.</p>
+
+<dt>Identity Provider Metadata URL (Alternative to XML)</dt>
+<dd><pre>{{ url_for("sso.saml_metadata", service_uuid=service.uuid, _external=True) }}</pre></dd>
+
+<dt>NameID format</dt>
+<dd><pre>Persistent</pre></dd>
+
+<dt>Attribute to map the username to</dt>
+<dd><pre>urn:oid:0.9.2342.19200300.100.1.1</pre></dd>
+
+<dt>Sign authn requests?</dt>
+<dd>Yes</dd>
+<dt>Sign logout requests?</dt>
+<dd>Yes</dd>
+<dt>Sign logout responses?</dt>
+<dd>Yes</dd>
+<dt>Sign metadata?</dt>
+<dd>Yes</dd>
+<dt>Want Assertions Encrypted?</dt>
+<dd>Not supported</dd>
+<dt>Want Assertions Signed?</dt>
+<dd>Not supported</dd>
+<dt>Want Messages Signed?</dt>
+<dd>Yes</dd>
+<dt>Enable SLO? If your IDP does not support this, this will do nothing.</dt>
+<dd>Yes</dd>
+<dt>Use SAML2 SSO as only login option?</dt>
+<dd>Remember to have an SAML user as Flarum admin if enabled</dd>
+
+<dt>x509 Private Key (needed for signing, if enabled)</dt>
+<dd><pre>{{ "".join(service.config["sp_key"].strip().split("\n")[1:-1]) }}</pre></dd>
+
+<dt>x509 Certificate (needed for signing, if enabled)</dt>
+<dd><pre>{{ "".join(service.config["sp_cert"].strip().split("\n")[1:-1]) }}</pre></dd>
+
+{% include "application_saml.html" %}