Commit | Line | Data |
---|---|---|
7b617429 TO |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
4 | | Copyright CiviCRM LLC. All rights reserved. | | |
5 | | | | |
6 | | This work is published under the GNU AGPLv3 license with some | | |
7 | | permitted exceptions and without any warranty. For full license | | |
8 | | and copyright information, see https://civicrm.org/licensing | | |
9 | +--------------------------------------------------------------------+ | |
10 | */ | |
11 | ||
12 | use CRM_Authx_ExtensionUtil as E; | |
13 | ||
14 | /** | |
15 | * | |
16 | * @package CRM | |
17 | * @copyright CiviCRM LLC https://civicrm.org/licensing | |
18 | */ | |
53951784 | 19 | $_authx_settings = function() { |
bab432f3 | 20 | $weight = 10; |
eafc90f7 TO |
21 | $flows = [ |
22 | 'auto' => ts('Auto Login'), | |
23 | 'header' => ts('HTTP Header'), | |
24 | 'login' => ts('HTTP Session Login'), | |
25 | 'param' => ts('HTTP Parameter'), | |
26 | 'xheader' => ts('HTTP X-Header'), | |
27 | 'legacyrest' => ts('Legacy REST'), | |
28 | 'pipe' => ts('Pipe'), | |
29 | 'script' => ts('Script'), | |
30 | ]; | |
7b617429 TO |
31 | $basic = [ |
32 | 'group_name' => 'CiviCRM Preferences', | |
33 | 'group' => 'authx', | |
34 | 'is_domain' => 1, | |
35 | 'is_contact' => 0, | |
36 | 'add' => '5.36', | |
37 | ]; | |
38 | ||
39 | $s = []; | |
a0956f3c TO |
40 | $s["authx_guards"] = $basic + [ |
41 | 'name' => 'authx_guards', | |
42 | 'type' => 'Array', | |
43 | 'quick_form_type' => 'Select', | |
44 | 'html_type' => 'Select', | |
45 | 'html_attributes' => [ | |
46 | 'multiple' => 1, | |
0c2434fa | 47 | 'class' => 'huge crm-select2', |
a0956f3c TO |
48 | ], |
49 | 'default' => ['site_key', 'perm'], | |
50 | 'title' => ts('Authentication guard'), | |
eafc90f7 | 51 | 'description' => ts('Enable an authentication guard if you want to limit which users may authenticate via authx. The permission-based guard is satisfied by checking user permissions. The key-based guard is satisfied by checking the secret site-key. If there are no guards, then any user can authenticate.'), |
a0956f3c TO |
52 | 'pseudoconstant' => [ |
53 | 'callback' => ['\Civi\Authx\Meta', 'getGuardTypes'], | |
54 | ], | |
bab432f3 | 55 | 'settings_pages' => ['authx' => ['weight' => $weight]], |
a0956f3c | 56 | ]; |
eafc90f7 | 57 | foreach ($flows as $flow => $flowLabel) { |
cb9722cc | 58 | $weight = $weight + 10; |
7b617429 TO |
59 | $s["authx_{$flow}_cred"] = $basic + [ |
60 | 'name' => "authx_{$flow}_cred", | |
61 | 'type' => 'Array', | |
62 | 'quick_form_type' => 'Select', | |
63 | 'html_type' => 'Select', | |
64 | 'html_attributes' => [ | |
65 | 'multiple' => 1, | |
0c2434fa | 66 | 'class' => 'huge crm-select2', |
7b617429 TO |
67 | ], |
68 | 'default' => ['jwt'], | |
eafc90f7 | 69 | 'title' => ts('Acceptable credentials (%1)', [1 => $flowLabel]), |
7b617429 TO |
70 | 'pseudoconstant' => [ |
71 | 'callback' => ['\Civi\Authx\Meta', 'getCredentialTypes'], | |
72 | ], | |
0c2434fa | 73 | 'settings_pages' => ['authx' => ['weight' => 1000 + $weight]], |
7b617429 TO |
74 | ]; |
75 | $s["authx_{$flow}_user"] = $basic + [ | |
76 | 'name' => "authx_{$flow}_user", | |
77 | 'type' => 'String', | |
78 | 'quick_form_type' => 'Select', | |
79 | 'html_type' => 'Select', | |
80 | 'html_attributes' => [ | |
0c2434fa | 81 | 'class' => 'huge crm-select2', |
7b617429 TO |
82 | ], |
83 | 'default' => 'optional', | |
eafc90f7 | 84 | 'title' => ts('User account requirements (%1)', [1 => $flowLabel]), |
7b617429 TO |
85 | 'help_text' => NULL, |
86 | 'pseudoconstant' => [ | |
87 | 'callback' => ['\Civi\Authx\Meta', 'getUserModes'], | |
88 | ], | |
0c2434fa | 89 | 'settings_pages' => ['authx' => ['weight' => 2000 + $weight]], |
7b617429 TO |
90 | ]; |
91 | } | |
470101a9 | 92 | |
df9b24b2 TO |
93 | // Override defaults for a few specific elements |
94 | $s['authx_legacyrest_cred']['default'] = ['jwt', 'api_key']; | |
95 | $s['authx_legacyrest_user']['default'] = 'require'; | |
470101a9 TO |
96 | $s['authx_param_cred']['default'] = ['jwt', 'api_key']; |
97 | $s['authx_header_cred']['default'] = ['jwt', 'api_key']; | |
98 | $s['authx_xheader_cred']['default'] = ['jwt', 'api_key']; | |
02dc5c62 | 99 | $s['authx_pipe_cred']['default'] = ['jwt', 'api_key']; |
470101a9 | 100 | |
eafc90f7 TO |
101 | // Oof. Attach description to one flow. This is silly - should be on all flows. But, at time of writing, the auto-generated `settings_pages` would become unreadable. |
102 | $finalFlow = key(array_slice($flows, -1)); | |
103 | $seeAlso = ts('See also: <a %1>Authentication Documentation</a>', [1 => 'href="https://docs.civicrm.org/dev/en/latest/framework/authx/" target="_blank"']); | |
104 | $s["authx_{$finalFlow}_cred"]['description'] = ts('Specify which types of <em>credentials</em> are allowed in each <em>authentication flow</em>.') . '<br/>' . $seeAlso; | |
105 | $s["authx_{$finalFlow}_user"]['description'] = ts('CiviCRM <em>Contacts</em> are often attached to CMS <em>User Accounts</em>. When authenticating a <em>Contact</em>, should it also load the <em>User Account</em>?') . '<br/>' . $seeAlso; | |
106 | ||
7b617429 | 107 | return $s; |
53951784 | 108 | }; |
7b617429 TO |
109 | |
110 | /** | |
111 | * Settings metadata file | |
112 | */ | |
53951784 | 113 | return $_authx_settings(); |