Commit 9ef34011 authored by Maarten de Waard's avatar Maarten de Waard 🤘🏻
Browse files

Merge branch '38-make-it-possible-to-add-functions-to-functions-php' into...

Merge branch '38-make-it-possible-to-add-functions-to-functions-php' into '34-add-openid-connect-plugin-and-configuration'

Resolve "Make it possible to add functions to `functions.php`"

See merge request !28
parents ad00a01f 53e9afe7
Pipeline #9589 passed with stage
in 2 minutes and 18 seconds
......@@ -66,6 +66,8 @@ openid_connect_settings:
endpoint_end_session: https://end-session-endpoint-url
no_sslverify: "0"
enable_logging: "1"
role_mapping_enabled: false
role_key: roles
# NOT USED YET
deflect:
......
......@@ -31,6 +31,12 @@ openid_connect_settings:
# Where in the user claim array to find the user's nickname. Possible standard
# values: preferred_username, name, or sub.
nickname_key: "preferred_username"
# If set to true roles are mapped to users when they log in. If this value is
# set to true, role_key has to be set as well.
role_mapping_enabled: false
# Where in the user claim array to find the user's roles. Possible standard
# values: roles or groups
role_key: "roles"
# String from which the user's email address is built. Specify "{email}" as
# long as the user claim contains an email claim.
# This value is quoted twice, because otherwise the wp cli call interprets
......@@ -269,6 +275,7 @@ ansibleSecrets: |
WP_WPML_ENABLED: {{ .Values.wordpress.site.wpml }}
WP_WPS_PATH: {{ .Values.wordpress.site.alt_path }}
WP_OPENID_CONNECT_ENABLED: {{ .Values.openid_connect_settings.enabled }}
WP_OPENID_CONNECT_ROLE_MAPPING_ENABLED: {{ .Values.openid_connect_settings.role_mapping_enabled }}
WP_OPENID_CONNECT_SETTINGS:
alternate_redirect_uri: {{ .Values.openid_connect_settings.alternate_redirect_uri }}
client_id: {{ .Values.openid_connect_settings.client_id }}
......@@ -293,6 +300,7 @@ ansibleSecrets: |
redirect_user_back: {{ .Values.openid_connect_settings.redirect_user_back }}
scope: {{ .Values.openid_connect_settings.scope }}
state_time_limit: {{ .Values.openid_connect_settings.state_time_limit }}
role_key: {{ .Values.openid_connect_settings.role_key }}
WP_SALTS:
AUTH_KEY: {{ .Values.wpSalts.AUTH_KEY | default ( randAlphaNum 32) }}
AUTH_SALT: {{ .Values.wpSalts.AUTH_SALT | default ( randAlphaNum 32) }}
......
......@@ -5,3 +5,16 @@
- name: Set openid connect plugin options
command: wp {{ cli_args }} option set openid_connect_generic_settings --format=json '{{ WP_OPENID_CONNECT_SETTINGS | tojson }}'
- name: Extend functions.php file
lineinfile:
path: "{{ wordpress_homedir }}/wp-includes/functions.php"
regexp: '^require.+additional_functions.php'
line: require( ABSPATH . WPINC . '/additional_functions.php' );
when: WP_OPENID_CONNECT_ROLE_MAPPING_ENABLED
- name: Copy additional functions file
template:
src: templates/additional_functions.php
dest: "{{ wordpress_homedir }}/wp-includes/additional_functions.php"
when: WP_OPENID_CONNECT_ROLE_MAPPING_ENABLED
<?php
add_action('openid-connect-generic-update-user-using-current-claim', function( $user, $user_claim) {
// Based on some data in the user_claim, modify the user.
if ( array_key_exists( '{{ WP_OPENID_CONNECT_SETTINGS.role_key }}', $user_claim ) ) {
if ( in_array('admin',$user_claim['{{ WP_OPENID_CONNECT_SETTINGS.role_key }}'] )) {
$user->set_role( 'administrator' );
}
else {
$user->set_role( 'contributor' );
}
}
}, 10, 2);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment