From 2f462f90d4608763e5cb9618ec80d939a679fe2e Mon Sep 17 00:00:00 2001 From: oupala Date: Wed, 1 Jul 2020 11:52:17 +0200 Subject: style: linting markdown files Linting markdown files according to default remark-lint configuration. Files inside the `public` directory were not linted. Signed-off-by: oupala --- docs/guides/auth/github.md | 36 +++++++-------- docs/guides/auth/gitlab-self-hosted.md | 8 ++-- docs/guides/auth/keycloak.md | 15 +++---- docs/guides/auth/ldap-AD.md | 41 ----------------- docs/guides/auth/ldap-ad.md | 38 ++++++++++++++++ docs/guides/auth/mattermost-self-hosted.md | 40 +++++++++-------- docs/guides/auth/nextcloud.md | 36 +++++++-------- docs/guides/auth/oauth.md | 20 ++++----- docs/guides/auth/saml-onelogin.md | 47 +++++++++++--------- docs/guides/auth/saml.md | 70 +++++++++++++++++------------- docs/guides/auth/twitter.md | 40 +++++++++-------- 11 files changed, 205 insertions(+), 186 deletions(-) delete mode 100644 docs/guides/auth/ldap-AD.md create mode 100644 docs/guides/auth/ldap-ad.md (limited to 'docs/guides/auth') diff --git a/docs/guides/auth/github.md b/docs/guides/auth/github.md index d16b486f..dc46f74c 100644 --- a/docs/guides/auth/github.md +++ b/docs/guides/auth/github.md @@ -1,10 +1,11 @@ -Authentication guide - GitHub -=== +# Authentication guide - GitHub -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! 1. Sign-in or sign-up for a GitHub account + 2. Navigate to developer settings in your GitHub account [here](https://github.com/settings/developers) and select the "OAuth Apps" tab + 3. Click on the **New OAuth App** button, to create a new OAuth App: ![create-oauth-app](../../images/auth/create-oauth-app.png) @@ -17,19 +18,20 @@ Authentication guide - GitHub ![application-page](../../images/auth/application-page.png) 6. Add the Client ID and Client Secret to your config.json file or pass them as environment variables - * `config.json`: - ```js - { - "production": { - "github": { - "clientID": "3747d30eaccXXXXXXXXX", - "clientSecret": "2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX" - } + - `config.json`: + ```js + { + "production": { + "github": { + "clientID": "3747d30eaccXXXXXXXXX", + "clientSecret": "2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX" } } - ``` - * environment variables: - ```sh - CMD_GITHUB_CLIENTID=3747d30eaccXXXXXXXXX - CMD_GITHUB_CLIENTSECRET=2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX - ```` + } + ``` + + - environment variables: + ```sh + CMD_GITHUB_CLIENTID=3747d30eaccXXXXXXXXX + CMD_GITHUB_CLIENTSECRET=2a8e682948eee0c580XXXXXXXXXXXXXXXXXXXXXX + ```` diff --git a/docs/guides/auth/gitlab-self-hosted.md b/docs/guides/auth/gitlab-self-hosted.md index 8b6e6c70..62ce1122 100644 --- a/docs/guides/auth/gitlab-self-hosted.md +++ b/docs/guides/auth/gitlab-self-hosted.md @@ -1,7 +1,6 @@ -GitLab (self-hosted) -=== +# GitLab (self-hosted) -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! 1. Sign in to your GitLab 2. Navigate to the application management page at `https://your.gitlab.domain/admin/applications` (admin permissions required) @@ -14,10 +13,9 @@ GitLab (self-hosted) ![Application: HackMD](../../images/auth/gitlab-application-details.png) - 6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:` -``` +```Dockerfile - CMD_DOMAIN=your.codimd.domain - CMD_URL_ADDPORT=true - CMD_PROTOCOL_USESSL=true diff --git a/docs/guides/auth/keycloak.md b/docs/guides/auth/keycloak.md index 437e01bf..cf667774 100644 --- a/docs/guides/auth/keycloak.md +++ b/docs/guides/auth/keycloak.md @@ -1,5 +1,4 @@ -Keycloak/Red Hat SSO (self-hosted) -=== +# Keycloak/Red Hat SSO (self-hosted) ## Prerequisites @@ -9,7 +8,7 @@ Where HTTPS is specified throughout, use HTTP instead. You may also have to spec ## Steps -1. Sign in to the administration portal for your Keycloak instance at https://keycloak.example.com/auth/admin/master/console +1. Sign in to the administration portal for your Keycloak instance at You may note that a separate realm is specified throughout this tutorial. It is best practice not to use the master realm, as it normally contains the realm-management client that federates access using the policies and permissions you can create. @@ -20,7 +19,7 @@ You may note that a separate realm is specified throughout this tutorial. It is --- -### Additional steps to circumvent generic OAuth2 issue: +### Additional steps to circumvent generic OAuth2 issue 1. Select Client Scopes from the sidebar, and begin to create a new client scope using the Create button. 2. Ensure that the **Name** field is set to `id`. @@ -29,9 +28,9 @@ You may note that a separate realm is specified throughout this tutorial. It is --- -6. In the `docker-compose.yml` add the following environment variables to `app:` `environment:` +5. In the `docker-compose.yml` add the following environment variables to `app:` `environment:` -``` +```Dockerfile CMD_OAUTH2_USER_PROFILE_URL=https://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/userinfo CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name @@ -46,5 +45,5 @@ CMD_PROTOCOL_USESSL=true CMD_URL_ADDPORT=false ``` -7. Run `docker-compose up -d` to apply your settings. -8. Sign in to your CodiMD using your Keycloak ID +6. Run `docker-compose up -d` to apply your settings. +7. Sign in to your CodiMD using your Keycloak ID diff --git a/docs/guides/auth/ldap-AD.md b/docs/guides/auth/ldap-AD.md deleted file mode 100644 index e74121f1..00000000 --- a/docs/guides/auth/ldap-AD.md +++ /dev/null @@ -1,41 +0,0 @@ -AD LDAP auth -=== - -To setup your CodiMD instance with Active Directory you need the following configs: - -``` -CMD_LDAP_URL=ldap://internal.example.com -CMD_LDAP_BINDDN=cn=binduser,cn=Users,dc=internal,dc=example,dc=com -CMD_LDAP_BINDCREDENTIALS= -CMD_LDAP_SEARCHBASE=dc=internal,dc=example,dc=com -CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}}))) -CMD_LDAP_USERIDFIELD=sAMAccountName -CMD_LDAP_PROVIDERNAME=Example Inc AD -``` - - -`CMD_LDAP_BINDDN` is either the `distinguishedName` or the `userPrincipalName`. *This can cause "username/password is invalid" when either this value or the password from `CMD_LDAP_BINDCREDENTIALS` are incorrect.* - -`CMD_LDAP_SEARCHFILTER` matches on all users and uses either the email address or the `sAMAccountName` (usually the login name you also use to login to Windows). - -*Only using `sAMAccountName` looks like this:* `(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))` - -`CMD_LDAP_USERIDFIELD` says we want to use `sAMAccountName` as unique identifier for the account itself. - -`CMD_LDAP_PROVIDERNAME` just the name written above the username and password field on the login page. - - -Same in json: - -```json -"ldap": { - "url": "ldap://internal.example.com", - "bindDn": "cn=binduser,cn=Users,dc=internal,dc=example,dc=com", - "bindCredentials": "", - "searchBase": "dc=internal,dc=example,dc=com", - "searchFilter": "(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))", - "useridField": "sAMAccountName", -}, -``` - -More details and example: https://www.npmjs.com/package/passport-ldapauth diff --git a/docs/guides/auth/ldap-ad.md b/docs/guides/auth/ldap-ad.md new file mode 100644 index 00000000..fa41346e --- /dev/null +++ b/docs/guides/auth/ldap-ad.md @@ -0,0 +1,38 @@ +# AD LDAP auth + +To setup your CodiMD instance with Active Directory you need the following configs: + +```env +CMD_LDAP_URL=ldap://internal.example.com +CMD_LDAP_BINDDN=cn=binduser,cn=Users,dc=internal,dc=example,dc=com +CMD_LDAP_BINDCREDENTIALS= +CMD_LDAP_SEARCHBASE=dc=internal,dc=example,dc=com +CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}}))) +CMD_LDAP_USERIDFIELD=sAMAccountName +CMD_LDAP_PROVIDERNAME=Example Inc AD +``` + +`CMD_LDAP_BINDDN` is either the `distinguishedName` or the `userPrincipalName`. *This can cause "username/password is invalid" when either this value or the password from `CMD_LDAP_BINDCREDENTIALS` are incorrect.* + +`CMD_LDAP_SEARCHFILTER` matches on all users and uses either the email address or the `sAMAccountName` (usually the login name you also use to login to Windows). + +*Only using `sAMAccountName` looks like this:* `(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))` + +`CMD_LDAP_USERIDFIELD` says we want to use `sAMAccountName` as unique identifier for the account itself. + +`CMD_LDAP_PROVIDERNAME` just the name written above the username and password field on the login page. + +Same in json: + +```json +"ldap": { + "url": "ldap://internal.example.com", + "bindDn": "cn=binduser,cn=Users,dc=internal,dc=example,dc=com", + "bindCredentials": "", + "searchBase": "dc=internal,dc=example,dc=com", + "searchFilter": "(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))", + "useridField": "sAMAccountName", +}, +``` + +More details and example: diff --git a/docs/guides/auth/mattermost-self-hosted.md b/docs/guides/auth/mattermost-self-hosted.md index d8280399..5085b4e7 100644 --- a/docs/guides/auth/mattermost-self-hosted.md +++ b/docs/guides/auth/mattermost-self-hosted.md @@ -1,15 +1,16 @@ -Authentication guide - Mattermost (self-hosted) -=== +# Authentication guide - Mattermost (self-hosted) **Note:** *The Mattermost setup portion of this document is just a quick guide. See the [official documentation](https://docs.mattermost.com/developer/oauth-2-0-applications.html) for more details.* This guide uses the generic OAuth2 module for compatibility with Mattermost version 5.0 and above. 1. Sign-in with an administrator account to your Mattermost instance + 2. Make sure **OAuth 2.0 Service Provider** is enabled in the Main Menu (menu button next to your username in the top left corner) --> System Console --> Custom Integrations menu, which you can find at `https://your.mattermost.domain/admin_console/integrations/custom` ![mattermost-enable-oauth2](../../images/auth/mattermost-enable-oauth2.png) 3. Navigate to the OAuth integration settings through Main Menu --> Integrations --> OAuth 2.0 Applications, at `https://your.mattermost.domain/yourteam/integrations/oauth2-apps` + 4. Click on the **Add OAuth 2.0 Application** button to add a new OAuth application ![mattermost-oauth-app-add](../../images/auth/mattermost-oauth-app-add.png) @@ -22,25 +23,26 @@ This guide uses the generic OAuth2 module for compatibility with Mattermost vers ![mattermost-oauth-app-done](../../images/auth/mattermost-oauth-app-done.png) 7. Add the Client ID and Client Secret to your config.json file or pass them as environment variables - * `config.json`: - ```javascript - { - "production": { - "oauth2": { - "baseURL": "https://your.mattermost.domain", - "userProfileURL": "https://your.mattermost.domain/api/v4/users/me", - "userProfileUsernameAttr": "id", - "userProfileDisplayNameAttr": "username", - "userProfileEmailAttr": "email", - "tokenURL": "https://your.mattermost.domain/oauth/access_token", - "authorizationURL": "https://your.mattermost.domain/oauth/authorize", - "clientID": "ii4p1u3jz7dXXXXXXXXXXXXXXX", - "clientSecret": "mqzzx6fydbXXXXXXXXXXXXXXXX" - } + - `config.json`: + ```javascript + { + "production": { + "oauth2": { + "baseURL": "https://your.mattermost.domain", + "userProfileURL": "https://your.mattermost.domain/api/v4/users/me", + "userProfileUsernameAttr": "id", + "userProfileDisplayNameAttr": "username", + "userProfileEmailAttr": "email", + "tokenURL": "https://your.mattermost.domain/oauth/access_token", + "authorizationURL": "https://your.mattermost.domain/oauth/authorize", + "clientID": "ii4p1u3jz7dXXXXXXXXXXXXXXX", + "clientSecret": "mqzzx6fydbXXXXXXXXXXXXXXXX" } } - ``` - * environment variables: + } + ``` + + - environment variables: ```sh CMD_OAUTH2_BASEURL=https://your.mattermost.domain CMD_OAUTH2_USER_PROFILE_URL=https://your.mattermost.domain/api/v4/users/me diff --git a/docs/guides/auth/nextcloud.md b/docs/guides/auth/nextcloud.md index 3bf86d31..8ce90ca9 100644 --- a/docs/guides/auth/nextcloud.md +++ b/docs/guides/auth/nextcloud.md @@ -1,5 +1,4 @@ -Authentication guide - Nextcloud (self-hosted) -=== +# Authentication guide - Nextcloud (self-hosted) *This has been constructed using the [Nextcloud OAuth2 Documentation](https://docs.nextcloud.com/server/14/admin_manual/configuration_server/oauth2.html?highlight=oauth2) combined with [this issue comment on the nextcloud bugtracker](https://github.com/nextcloud/server/issues/5694#issuecomment-314761326).* @@ -22,24 +21,25 @@ This guide uses the generic OAuth2 module for compatibility with Nextcloud 13 an 5. That's it for Nextcloud, the rest is configured in your CodiMD `config.json` or via the `CMD_` environment variables! 6. Add the Client ID and Client Secret to your `config.json` file or pass them as environment variables. Make sure you also replace `` with the right domain name. - * `config.json`: - ```javascript - { - "production": { - "oauth2": { - "clientID": "ii4p1u3jz7dXXXXXXXXXXXXXXX", - "clientSecret": "mqzzx6fydbXXXXXXXXXXXXXXXX", - "authorizationURL": "https:///apps/oauth2/authorize", - "tokenURL": "https:///apps/oauth2/api/v1/token", - "userProfileURL": "https:///ocs/v2.php/cloud/user?format=json", - "userProfileUsernameAttr": "ocs.data.id", - "userProfileDisplayNameAttr": "ocs.data.display-name", - "userProfileEmailAttr": "ocs.data.email" - } + - `config.json`: + ```javascript + { + "production": { + "oauth2": { + "clientID": "ii4p1u3jz7dXXXXXXXXXXXXXXX", + "clientSecret": "mqzzx6fydbXXXXXXXXXXXXXXXX", + "authorizationURL": "https:///apps/oauth2/authorize", + "tokenURL": "https:///apps/oauth2/api/v1/token", + "userProfileURL": "https:///ocs/v2.php/cloud/user?format=json", + "userProfileUsernameAttr": "ocs.data.id", + "userProfileDisplayNameAttr": "ocs.data.display-name", + "userProfileEmailAttr": "ocs.data.email" } } - ``` - * environment variables: + } + ``` + + - environment variables: ```sh CMD_OAUTH2_CLIENT_ID=ii4p1u3jz7dXXXXXXXXXXXXXXX CMD_OAUTH2_CLIENT_SECRET=mqzzx6fydbXXXXXXXXXXXXXXXX diff --git a/docs/guides/auth/oauth.md b/docs/guides/auth/oauth.md index 46314e26..de2ca20a 100644 --- a/docs/guides/auth/oauth.md +++ b/docs/guides/auth/oauth.md @@ -1,12 +1,12 @@ # OAuth general information -| service | callback URL (after the server URL) | -| ------- | --------- | -| facebook | `/auth/facebook/callback` | -| twitter | `/auth/twitter/callback` | -| github | `/auth/github/callback` | -| gitlab | `/auth/gitlab/callback` | -| mattermost | `/auth/mattermost/callback` | -| dropbox | `/auth/dropbox/callback` | -| google | `/auth/google/callback` | -| saml | `/auth/saml/callback` | +| service | callback URL (after the server URL) | +| ---------- | ----------------------------------- | +| facebook | `/auth/facebook/callback` | +| twitter | `/auth/twitter/callback` | +| github | `/auth/github/callback` | +| gitlab | `/auth/gitlab/callback` | +| mattermost | `/auth/mattermost/callback` | +| dropbox | `/auth/dropbox/callback` | +| google | `/auth/google/callback` | +| saml | `/auth/saml/callback` | diff --git a/docs/guides/auth/saml-onelogin.md b/docs/guides/auth/saml-onelogin.md index 785e36ba..46134e60 100644 --- a/docs/guides/auth/saml-onelogin.md +++ b/docs/guides/auth/saml-onelogin.md @@ -1,10 +1,11 @@ -Authentication guide - SAML (OneLogin) -=== +# Authentication guide - SAML (OneLogin) **Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* 1. Sign-in or sign-up for an OneLogin account. (available free trial for 2 weeks) + 2. Go to the administration page. + 3. Select the **APPS** menu and click on the **Add Apps**. ![onelogin-add-app](../../images/auth/onelogin-add-app.png) @@ -15,34 +16,40 @@ Authentication guide - SAML (OneLogin) ![onelogin-edit-app-name](../../images/auth/onelogin-edit-app-name.png) 6. After that other tabs will appear, click the **Configuration**, and fill out the below items, and click **SAVE**. - * RelayState: The base URL of your CodiMD, which is issuer. (last slash is not needed) - * ACS (Consumer) URL Validator: The callback URL of your CodiMD. (serverurl + /auth/saml/callback) - * ACS (Consumer) URL: same as above. - * Login URL: login URL(SAML requester) of your CopiMD. (serverurl + /auth/saml) - ![onelogin-edit-sp-metadata](../../images/auth/onelogin-edit-sp-metadata.png) + - RelayState: The base URL of your CodiMD, which is issuer. (last slash is not needed) + + - ACS (Consumer) URL Validator: The callback URL of your CodiMD. (serverurl + /auth/saml/callback) + + - ACS (Consumer) URL: same as above. + + - Login URL: login URL(SAML requester) of your CopiMD. (serverurl + /auth/saml) + ![onelogin-edit-sp-metadata](../../images/auth/onelogin-edit-sp-metadata.png) 7. The registration is completed. Next, click **SSO** and copy or download the items below. - * X.509 Certificate: Click **View Details** and **DOWNLOAD** or copy the content of certificate ....(A) - * SAML 2.0 Endpoint (HTTP): Copy the URL ....(B) - ![onelogin-copy-idp-metadata](../../images/auth/onelogin-copy-idp-metadata.png) + - X.509 Certificate: Click **View Details** and **DOWNLOAD** or copy the content of certificate ....(A) + + - SAML 2.0 Endpoint (HTTP): Copy the URL ....(B) + ![onelogin-copy-idp-metadata](../../images/auth/onelogin-copy-idp-metadata.png) 8. In your CodiMD server, create IdP certificate file from (A) 9. Add the IdP URL (B) and the Idp certificate file path to your config.json file or pass them as environment variables. - * `config.json`: - ```javascript - { - "production": { - "saml": { - "idpSsoUrl": "https://*******.onelogin.com/trust/saml2/http-post/sso/******", - "idpCert": "/path/to/idp_cert.pem" - } + - `config.json`: + ```javascript + { + "production": { + "saml": { + "idpSsoUrl": "https://*******.onelogin.com/trust/saml2/http-post/sso/******", + "idpCert": "/path/to/idp_cert.pem" } } - ``` - * environment variables + } + ``` + + - environment variables ```sh CMD_SAML_IDPSSOURL=https://*******.onelogin.com/trust/saml2/http-post/sso/****** CMD_SAML_IDPCERT=/path/to/idp_cert.pem ``` + 10. Try sign-in with SAML from your CodiMD sign-in button or OneLogin dashboard (like the screenshot below). ![onelogin-use-dashboard](../../images/auth/onelogin-use-dashboard.png) diff --git a/docs/guides/auth/saml.md b/docs/guides/auth/saml.md index 3a64f5f7..3b8291b7 100644 --- a/docs/guides/auth/saml.md +++ b/docs/guides/auth/saml.md @@ -1,19 +1,21 @@ -Authentication guide - SAML -=== +# Authentication guide - SAML -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! The basic procedure is the same as the case of OneLogin which is mentioned in [OneLogin-Guide](./saml-onelogin.md). If you want to match your IdP, you can use more configurations as below. -* If your IdP accepts metadata XML of the service provider to ease configuration, use this url to download metadata XML. - * {{your-serverurl}}/auth/saml/metadata - * _Note: If not accessible from IdP, download to local once and upload to IdP._ -* Change the value of `issuer`, `identifierFormat` to match your IdP. - * `issuer`: A unique id to identify the application to the IdP, which is the base URL of your CodiMD as default - * `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below. - * urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default) - * urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - * `config.json`: +- If your IdP accepts metadata XML of the service provider to ease configuration, use this url to download metadata XML. + - {{your-serverurl}}/auth/saml/metadata + - *Note:* If not accessible from IdP, download to local once and upload to IdP. + +- Change the value of `issuer`, `identifierFormat` to match your IdP. + - `issuer`: A unique id to identify the application to the IdP, which is the base URL of your CodiMD as default + + - `identifierFormat`: A format of unique id to identify the user of IdP, which is the format based on email address as default. It is recommend that you use as below. + - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress (default) + - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + - `config.json`: ```javascript { "production": { @@ -25,19 +27,24 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O } } ``` - * environment variables - ``` + + - environment variables + ```env CMD_SAML_ISSUER=mycodimd CMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ``` -* Change mapping of attribute names to customize the displaying user name and email address to match your IdP. - * `attribute`: A dictionary to map attribute names - * `attribute.id`: A primary key of user table for your CodiMD - * `attribute.username`: Attribute name of displaying user name on CodiMD - * `attribute.email`: Attribute name of email address, which will be also used for Gravatar - * _Note: Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default._ - * `config.json`: +- Change mapping of attribute names to customize the displaying user name and email address to match your IdP. + - `attribute`: A dictionary to map attribute names + + - `attribute.id`: A primary key of user table for your CodiMD + + - `attribute.username`: Attribute name of displaying user name on CodiMD + + - `attribute.email`: Attribute name of email address, which will be also used for Gravatar + - *Note:* Default value of all attributes is NameID of SAML response, which is email address if `identifierFormat` is default. + + - `config.json`: ```javascript { "production": { @@ -52,19 +59,23 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O } } ``` - * environment variables + + - environment variables ```sh CMD_SAML_ATTRIBUTE_ID=sAMAccountName CMD_SAML_ATTRIBUTE_USERNAME=nickName CMD_SAML_ATTRIBUTE_EMAIL=mail ``` -* If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed). - * `groupAttribute`: An attribute name of group membership - * `requiredGroups`: Group names array for allowed access to CodiMD. Use vertical bar to separate for environment variables. - * `externalGroups`: Group names array for not allowed access to CodiMD. Use vertical bar to separate for environment variables. - * _Note: Evaluates `externalGroups` first_ - * `config.json`: +- If you want to control permission by group membership, add group attribute name and required group (allowed) or external group (not allowed). + - `groupAttribute`: An attribute name of group membership + + - `requiredGroups`: Group names array for allowed access to CodiMD. Use vertical bar to separate for environment variables. + + - `externalGroups`: Group names array for not allowed access to CodiMD. Use vertical bar to separate for environment variables. + - *Note:* Evaluates `externalGroups` first + + - `config.json`: ```javascript { "production": { @@ -77,7 +88,8 @@ The basic procedure is the same as the case of OneLogin which is mentioned in [O } } ``` - * environment variables + + - environment variables ```sh CMD_SAML_GROUPATTRIBUTE=memberOf CMD_SAML_REQUIREDGROUPS=codimd-users|board-members diff --git a/docs/guides/auth/twitter.md b/docs/guides/auth/twitter.md index 1973515c..5e709bb4 100644 --- a/docs/guides/auth/twitter.md +++ b/docs/guides/auth/twitter.md @@ -1,17 +1,18 @@ -Authentication guide - Twitter -=== +# Authentication guide - Twitter -**Note:** *This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks!* +*Note:* This guide was written before the renaming. Just replace `HackMD` with `CodiMD` in your mind :smile: thanks! 1. Sign-in or sign-up for a Twitter account + 2. Go to the Twitter Application management page [here](https://apps.twitter.com/) + 3. Click on the **Create New App** button to create a new Twitter app: ![create-twitter-app](../../images/auth/create-twitter-app.png) 4. Fill out the create application form, check the developer agreement box, and click **Create Your Twitter Application** ![register-twitter-application](../../images/auth/register-twitter-application.png) - *Note: you may have to register your phone number with Twitter to create a Twitter application* + *Note:* you may have to register your phone number with Twitter to create a Twitter application To do this Click your profile icon --> Settings and privacy --> Mobile --> Select Country/region --> Enter phone number --> Click Continue @@ -21,20 +22,21 @@ Authentication guide - Twitter 6. Obtain your Twitter Consumer Key and Consumer Secret ![twitter-app-keys](../../images/auth/twitter-app-keys.png) -7. Add your Consumer Key and Consumer Secret to your `config.json` file or pass them as environment variables: - * `config.json`: - ```javascript - { - "production": { - "twitter": { - "consumerKey": "esTCJFXXXXXXXXXXXXXXXXXXX", - "consumerSecret": "zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" - } +7. Add your Consumer Key and Consumer Secret to your `config.json` file or pass them as environment variables: + - `config.json`: + ```javascript + { + "production": { + "twitter": { + "consumerKey": "esTCJFXXXXXXXXXXXXXXXXXXX", + "consumerSecret": "zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" } } - ``` - * environment variables: - ```sh - CMD_TWITTER_CONSUMERKEY=esTCJFXXXXXXXXXXXXXXXXXXX - CMD_TWITTER_CONSUMERSECRET=zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - ``` + } + ``` + + - environment variables: + ```sh + CMD_TWITTER_CONSUMERKEY=esTCJFXXXXXXXXXXXXXXXXXXX + CMD_TWITTER_CONSUMERSECRET=zpCs4tU86pRVXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + ``` -- cgit v1.2.3