diff options
Diffstat (limited to 'docs/guides/auth')
| -rw-r--r-- | docs/guides/auth/github.md | 31 | ||||
| -rw-r--r-- | docs/guides/auth/gitlab-self-hosted.md | 14 | ||||
| -rw-r--r-- | docs/guides/auth/ldap-AD.md | 1 | ||||
| -rw-r--r-- | docs/guides/auth/mattermost-self-hosted.md | 32 | ||||
| -rw-r--r-- | docs/guides/auth/nextcloud.md | 10 | ||||
| -rw-r--r-- | docs/guides/auth/oauth.md | 12 | ||||
| -rw-r--r-- | docs/guides/auth/saml-onelogin.md | 52 | ||||
| -rw-r--r-- | docs/guides/auth/saml.md | 62 | ||||
| -rw-r--r-- | docs/guides/auth/twitter.md | 42 | 
9 files changed, 125 insertions, 131 deletions
| diff --git a/docs/guides/auth/github.md b/docs/guides/auth/github.md index d6a1095e..d16b486f 100644 --- a/docs/guides/auth/github.md +++ b/docs/guides/auth/github.md @@ -1,27 +1,24 @@  Authentication guide - GitHub  === -***Note:** This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*  1. Sign-in or sign-up for a GitHub account  2. Navigate to developer settings in your GitHub account [here](https://github.com/settings/developers) and select the "OAuth Apps" tab -3. Click on the **New OAuth App** button, to create a new OAuth App: +3. Click on the **New OAuth App** button, to create a new OAuth App:   +    - +4. Fill out the new OAuth application registration form, and click **Register Application**   +    -4. Fill out the new OAuth application registration form, and click **Register Application** +   **Note:** *The callback URL is <your-codimd-url>/auth/github/callback* - - -*Note: The callback URL is <your-hackmd-url>/auth/github/callback* - -5. After successfully registering the application, you'll receive the Client ID and Client Secret for the application - - +5. After successfully registering the application, you'll receive the Client ID and Client Secret for the application   +     6. Add the Client ID and Client Secret to your config.json file or pass them as environment variables -    * config.json: -      ````javascript +    * `config.json`: +      ```js        {          "production": {            "github": { @@ -30,9 +27,9 @@ Authentication guide - GitHub            }          }        } -      ```` +      ```      * environment variables: -      ```` -      HMD_GITHUB_CLIENTID=3747d30eaccXXXXXXXXX -      HMD_GITHUB_CLIENTSECRET=2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX +      ```sh +      CMD_GITHUB_CLIENTID=3747d30eaccXXXXXXXXX +      CMD_GITHUB_CLIENTSECRET=2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX        ```` diff --git a/docs/guides/auth/gitlab-self-hosted.md b/docs/guides/auth/gitlab-self-hosted.md index 60f62616..ea1ad6bd 100644 --- a/docs/guides/auth/gitlab-self-hosted.md +++ b/docs/guides/auth/gitlab-self-hosted.md @@ -1,24 +1,24 @@ -# GitLab (self-hosted) +GitLab (self-hosted)  === -***Note:** This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*  1. Sign in to your GitLab  2. Navigate to the application management page at `https://your.gitlab.domain/admin/applications` (admin permissions required)  3. Click **New application** to create a new application and fill out the registration form: - +  4. Click **Submit**  5. In the list of applications select **HackMD**. Leave that site open to copy the application ID and secret in the next step. - +  6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:`  ``` -- HMD_DOMAIN=your.hackmd.domain +- HMD_DOMAIN=your.codimd.domain  - HMD_URL_ADDPORT=443  - HMD_PROTOCOL_USESSL=true  - HMD_GITLAB_BASEURL=https://your.gitlab.domain @@ -27,6 +27,6 @@  ```  7. Run `docker-compose up -d` to apply your settings. -8. Sign in to your HackMD using your GitLab ID: +8. Sign in to your CodiMD using your GitLab ID: - + diff --git a/docs/guides/auth/ldap-AD.md b/docs/guides/auth/ldap-AD.md index 77521db3..e74121f1 100644 --- a/docs/guides/auth/ldap-AD.md +++ b/docs/guides/auth/ldap-AD.md @@ -1,7 +1,6 @@  AD LDAP auth  === -  To setup your CodiMD instance with Active Directory you need the following configs:  ``` diff --git a/docs/guides/auth/mattermost-self-hosted.md b/docs/guides/auth/mattermost-self-hosted.md index 631aabd3..d8280399 100644 --- a/docs/guides/auth/mattermost-self-hosted.md +++ b/docs/guides/auth/mattermost-self-hosted.md @@ -1,33 +1,29 @@  Authentication guide - Mattermost (self-hosted)  === -*Note: The Mattermost setup portion of this document is just a quick guide. See the [official documentation](https://docs.mattermost.com/developer/oauth-2-0-applications.html) for more details.* +**Note:** *The Mattermost setup portion of this document is just a quick guide. See the [official documentation](https://docs.mattermost.com/developer/oauth-2-0-applications.html) for more details.*  This guide uses the generic OAuth2 module for compatibility with Mattermost version 5.0 and above.  1. Sign-in with an administrator account to your Mattermost instance -2. Make sure **OAuth 2.0 Service Provider** is enabled in the Main Menu (menu button next to your username in the top left corner) --> System Console --> Custom Integrations menu, which you can find at `https://your.mattermost.domain/admin_console/integrations/custom` - - +2. Make sure **OAuth 2.0 Service Provider** is enabled in the Main Menu (menu button next to your username in the top left corner) --> System Console --> Custom Integrations menu, which you can find at `https://your.mattermost.domain/admin_console/integrations/custom`   +     3. Navigate to the OAuth integration settings through Main Menu --> Integrations --> OAuth 2.0 Applications, at `https://your.mattermost.domain/yourteam/integrations/oauth2-apps` -4. Click on the **Add OAuth 2.0 Application** button to add a new OAuth application - - +4. Click on the **Add OAuth 2.0 Application** button to add a new OAuth application   +    -5. Fill out the form and click **Save** - - +5. Fill out the form and click **Save**   +     *Note: The callback URL is \<your-codimd-url\>/auth/oauth2/callback* -6. After saving the application, you'll receive the Client ID and Client Secret - - +6. After saving the application, you'll receive the Client ID and Client Secret   +     7. Add the Client ID and Client Secret to your config.json file or pass them as environment variables -    * config.json: -      ````javascript +    * `config.json`: +      ```javascript        {          "production": {            "oauth2": { @@ -43,9 +39,9 @@ This guide uses the generic OAuth2 module for compatibility with Mattermost vers            }          }        } -      ```` +      ```      * environment variables: -      ```` +      ```sh        CMD_OAUTH2_BASEURL=https://your.mattermost.domain        CMD_OAUTH2_USER_PROFILE_URL=https://your.mattermost.domain/api/v4/users/me        CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=id @@ -55,4 +51,4 @@ This guide uses the generic OAuth2 module for compatibility with Mattermost vers        CMD_OAUTH2_AUTHORIZATION_URL=https://your.mattermost.domain/oauth/authorize        CMD_OAUTH2_CLIENT_ID=ii4p1u3jz7dXXXXXXXXXXXXXXX        CMD_OAUTH2_CLIENT_SECRET=mqzzx6fydbXXXXXXXXXXXXXXXX -      ```` +      ``` diff --git a/docs/guides/auth/nextcloud.md b/docs/guides/auth/nextcloud.md index 108772dd..3bf86d31 100644 --- a/docs/guides/auth/nextcloud.md +++ b/docs/guides/auth/nextcloud.md @@ -9,15 +9,15 @@ This guide uses the generic OAuth2 module for compatibility with Nextcloud 13 an  2. Navigate to the OAuth integration settings: Profile Icon (top right) --> Settings     Then choose Security Settings from the *Administration* part of the list - Don't confuse this with Personal Security Settings, where you would change your personal password! -   At the top there's OAuth 2.0-Clients. -    +   At the top there's OAuth 2.0-Clients.   +    -3. Add your CodiMD instance by giving it a *name* (perhaps CodiMD, but could be anything) and a *Redirection-URI*. The Redirection-URI will be `\<your-codimd-url\>/auth/oauth2/callback`. Click <kbd>Add</kbd>. -    +3. Add your CodiMD instance by giving it a *name* (perhaps CodiMD, but could be anything) and a *Redirection-URI*. The Redirection-URI will be `\<your-codimd-url\>/auth/oauth2/callback`. Click <kbd>Add</kbd>.   +     4. You'll now see a line containing a *client identifier* and a *Secret*. -    +     5. That's it for Nextcloud, the rest is configured in your CodiMD `config.json` or via the `CMD_` environment variables! diff --git a/docs/guides/auth/oauth.md b/docs/guides/auth/oauth.md new file mode 100644 index 00000000..46314e26 --- /dev/null +++ b/docs/guides/auth/oauth.md @@ -0,0 +1,12 @@ +# OAuth general information + +| service | callback URL (after the server URL) | +| ------- | --------- | +| facebook | `/auth/facebook/callback` | +| twitter | `/auth/twitter/callback` | +| github | `/auth/github/callback` | +| gitlab | `/auth/gitlab/callback` | +| mattermost | `/auth/mattermost/callback` | +| dropbox | `/auth/dropbox/callback` | +| google | `/auth/google/callback` | +| saml | `/auth/saml/callback` | diff --git a/docs/guides/auth/saml-onelogin.md b/docs/guides/auth/saml-onelogin.md index 02a5ffac..785e36ba 100644 --- a/docs/guides/auth/saml-onelogin.md +++ b/docs/guides/auth/saml-onelogin.md @@ -1,40 +1,35 @@  Authentication guide - SAML (OneLogin)  === -***Note:** This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*  1. Sign-in or sign-up for an OneLogin account. (available free trial for 2 weeks)  2. Go to the administration page. -3. Select the **APPS** menu and click on the **Add Apps**. +3. Select the **APPS** menu and click on the **Add Apps**.   +    - +4. Find "SAML Test Connector (SP)" for template of settings and select it.   +    -4. Find "SAML Test Connector (SP)" for template of settings and select it. - - - -5. Edit display name and icons for OneLogin dashboard as you want, and click **SAVE**. - - +5. Edit display name and icons for OneLogin dashboard as you want, and click **SAVE**.   +     6. After that other tabs will appear, click the **Configuration**, and fill out the below items, and click **SAVE**. -    * RelayState: The base URL of your hackmd, which is issuer. (last slash is not needed) -    * ACS (Consumer) URL Validator: The callback URL of your hackmd. (serverurl + /auth/saml/callback) +    * RelayState: The base URL of your CodiMD, which is issuer. (last slash is not needed) +    * ACS (Consumer) URL Validator: The callback URL of your CodiMD. (serverurl + /auth/saml/callback)      * ACS (Consumer) URL: same as above. -    * Login URL: login URL(SAML requester) of your hackmd. (serverurl + /auth/saml) - - +    * Login URL: login URL(SAML requester) of your CopiMD. (serverurl + /auth/saml)   +        7. The registration is completed. Next, click **SSO** and copy or download the items below.      * X.509 Certificate: Click **View Details** and **DOWNLOAD** or copy the content of certificate ....(A) -    * SAML 2.0 Endpoint (HTTP): Copy the URL ....(B) - - +    * SAML 2.0 Endpoint (HTTP): Copy the URL ....(B)   +       -8. In your hackmd server, create IdP certificate file from (A) +8. In your CodiMD server, create IdP certificate file from (A)  9. Add the IdP URL (B) and the Idp certificate file path to your config.json file or pass them as environment variables. -    * config.json: -      ````javascript +    * `config.json`: +      ```javascript        {          "production": {            "saml": { @@ -43,12 +38,11 @@ Authentication guide - SAML (OneLogin)            }          }        } -      ```` +      ```      * environment variables -      ```` -      HMD_SAML_IDPSSOURL=https://*******.onelogin.com/trust/saml2/http-post/sso/****** -      HMD_SAML_IDPCERT=/path/to/idp_cert.pem -      ```` -10. Try sign-in with SAML from your hackmd sign-in button or OneLogin dashboard (like the screenshot below). - - +      ```sh +      CMD_SAML_IDPSSOURL=https://*******.onelogin.com/trust/saml2/http-post/sso/****** +      CMD_SAML_IDPCERT=/path/to/idp_cert.pem +      ``` +10. Try sign-in with SAML from your CodiMD sign-in button or OneLogin dashboard (like the screenshot below).   +    diff --git a/docs/guides/auth/saml.md b/docs/guides/auth/saml.md index 7f63b748..3a64f5f7 100644 --- a/docs/guides/auth/saml.md +++ b/docs/guides/auth/saml.md @@ -1,7 +1,7 @@  Authentication guide - SAML  === -***Note:** This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*  The basic procedure is the same as the case of OneLogin which is mentioned in [OneLogin-Guide](./saml-onelogin.md). If you want to match your IdP, you can use more configurations as below. @@ -9,36 +9,36 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O      * {{your-serverurl}}/auth/saml/metadata      * _Note: If not accessible from IdP, download to local once and upload to IdP._  * Change the value of `issuer`, `identifierFormat` to match your IdP. -  * `issuer`: A unique id to identify the application to the IdP, which is the base URL of your HackMD as default +  * `issuer`: A unique id to identify the application to the IdP, which is the base URL of your CodiMD as default    * `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below.      * urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default)      * urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified -  * config.json: -    ````javascript +  * `config.json`: +    ```javascript      {        "production": {          "saml": {            /* omitted */ -          "issuer": "myhackmd" +          "issuer": "mycodimd"            "identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"          }        }      } -    ```` +    ```    * environment variables -    ```` -    HMD_SAML_ISSUER=myhackmd -    HMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified -    ```` +    ``` +    CMD_SAML_ISSUER=mycodimd +    CMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified +    ```  * Change mapping of attribute names to customize the displaying user name and email address to match your IdP.    * `attribute`: A dictionary to map attribute names -  * `attribute.id`: A primary key of user table for your HackMD -  * `attribute.username`: Attribute name of displaying user name on HackMD +  * `attribute.id`: A primary key of user table for your CodiMD +  * `attribute.username`: Attribute name of displaying user name on CodiMD    * `attribute.email`: Attribute name of email address, which will be also used for Gravatar      * _Note: Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default._ -  * config.json: -    ````javascript +  * `config.json`: +    ```javascript      {        "production": {          "saml": { @@ -51,35 +51,35 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O          }        }      } -    ```` +    ```    * environment variables -    ```` -    HMD_SAML_ATTRIBUTE_ID=sAMAccountName -    HMD_SAML_ATTRIBUTE_USERNAME=nickName -    HMD_SAML_ATTRIBUTE_EMAIL=mail -    ```` +    ```sh +    CMD_SAML_ATTRIBUTE_ID=sAMAccountName +    CMD_SAML_ATTRIBUTE_USERNAME=nickName +    CMD_SAML_ATTRIBUTE_EMAIL=mail +    ```  * If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed).    * `groupAttribute`: An attribute name of group membership -  * `requiredGroups`: Group names array for allowed access to HackMD. Use vertical bar to separate for environment variables. -  * `externalGroups`: Group names array for not allowed access to HackMD. Use vertical bar to separate for environment variables. +  * `requiredGroups`: Group names array for allowed access to CodiMD. Use vertical bar to separate for environment variables. +  * `externalGroups`: Group names array for not allowed access to CodiMD. Use vertical bar to separate for environment variables.      * _Note: Evaluates `externalGroups` first_ -  * config.json: -    ````javascript +  * `config.json`: +    ```javascript      {        "production": {          "saml": {            /* omitted */            "groupAttribute": "memberOf", -          "requiredGroups": [ "hackmd-users", "board-members" ], +          "requiredGroups": [ "codimd-users", "board-members" ],            "externalGroups": [ "temporary-staff" ]          }        }      } -    ```` +    ```    * environment variables -    ```` -    HMD_SAML_GROUPATTRIBUTE=memberOf -    HMD_SAML_REQUIREDGROUPS=hackmd-users|board-members -    HMD_SAML_EXTERNALGROUPS=temporary-staff -    ```` +    ```sh +    CMD_SAML_GROUPATTRIBUTE=memberOf +    CMD_SAML_REQUIREDGROUPS=codimd-users|board-members +    CMD_SAML_EXTERNALGROUPS=temporary-staff +    ``` diff --git a/docs/guides/auth/twitter.md b/docs/guides/auth/twitter.md index 1b96288f..1973515c 100644 --- a/docs/guides/auth/twitter.md +++ b/docs/guides/auth/twitter.md @@ -1,33 +1,29 @@  Authentication guide - Twitter  === -***Note:** This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!*  1. Sign-in or sign-up for a Twitter account  2. Go to the Twitter Application management page [here](https://apps.twitter.com/) -3. Click on the **Create New App** button to create a new Twitter app: +3. Click on the **Create New App** button to create a new Twitter app:   +    - +4. Fill out the create application form, check the developer agreement box, and click **Create Your Twitter Application**   +    -4. Fill out the create application form, check the developer agreement box, and click **Create Your Twitter Application** +   *Note: you may have to register your phone number with Twitter to create a Twitter application* - +   To do this Click your profile icon --> Settings and privacy --> Mobile  --> Select Country/region --> Enter phone number --> Click Continue -*Note: you may have to register your phone number with Twitter to create a Twitter application* +5. After you receive confirmation that the Twitter application was created, click **Keys and Access Tokens**   +    -To do this Click your profile icon --> Settings and privacy --> Mobile  --> Select Country/region --> Enter phone number --> Click Continue +6. Obtain your Twitter Consumer Key and Consumer Secret   +    -5. After you receive confirmation that the Twitter application was created, click **Keys and Access Tokens** - - - -6. Obtain your Twitter Consumer Key and Consumer Secret - - - -7.  Add your Consumer Key and Consumer Secret to your config.json file or pass them as environment variables: -    * config.json: -      ````javascript +7.  Add your Consumer Key and Consumer Secret to your `config.json` file or pass them as environment variables: +    * `config.json`: +      ```javascript        {          "production": {            "twitter": { @@ -36,9 +32,9 @@ To do this Click your profile icon --> Settings and privacy --> Mobile  --> Sele            }          }        } -      ```` +      ```      * environment variables: -      ```` -      HMD_TWITTER_CONSUMERKEY=esTCJFXXXXXXXXXXXXXXXXXXX -      HMD_TWITTER_CONSUMERSECRET=zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -      ```` +      ```sh +      CMD_TWITTER_CONSUMERKEY=esTCJFXXXXXXXXXXXXXXXXXXX +      CMD_TWITTER_CONSUMERSECRET=zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +      ``` | 
