[civicrm-core.git] / ext / authx / settings / authx.setting.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

use CRM_Authx_ExtensionUtil as E;

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC https://civicrm.org/licensing
 */
$_authx_settings = function() {
  $weight = 10;
  $flows = [
    'auto' => ts('Auto Login'),
    'header' => ts('HTTP Header'),
    'login' => ts('HTTP Session Login'),
    'param' => ts('HTTP Parameter'),
    'xheader' => ts('HTTP X-Header'),
    'legacyrest' => ts('Legacy REST'),
    'pipe' => ts('Pipe'),
    'script' => ts('Script'),
  ];
  $basic = [
    'group_name' => 'CiviCRM Preferences',
    'group' => 'authx',
    'is_domain' => 1,
    'is_contact' => 0,
    'add' => '5.36',
  ];

  $s = [];
  $s["authx_guards"] = $basic + [
    'name' => 'authx_guards',
    'type' => 'Array',
    'quick_form_type' => 'Select',
    'html_type' => 'Select',
    'html_attributes' => [
      'multiple' => 1,
      'class' => 'huge crm-select2',
    ],
    'default' => ['site_key', 'perm'],
    'title' => ts('Authentication guard'),
    'description' => ts('Enable an authentication guard if you want to limit which users may authenticate via authx. The permission-based guard is satisfied by checking user permissions. The key-based guard is satisfied by checking the secret site-key. If there are no guards, then any user can authenticate.'),
    'pseudoconstant' => [
      'callback' => ['\Civi\Authx\Meta', 'getGuardTypes'],
    ],
    'settings_pages' => ['authx' => ['weight' => $weight]],
  ];
  foreach ($flows as $flow => $flowLabel) {
    $weight = $weight + 10;
    $s["authx_{$flow}_cred"] = $basic + [
      'name' => "authx_{$flow}_cred",
      'type' => 'Array',
      'quick_form_type' => 'Select',
      'html_type' => 'Select',
      'html_attributes' => [
        'multiple' => 1,
        'class' => 'huge crm-select2',
      ],
      'default' => ['jwt'],
      'title' => ts('Acceptable credentials (%1)', [1 => $flowLabel]),
      'pseudoconstant' => [
        'callback' => ['\Civi\Authx\Meta', 'getCredentialTypes'],
      ],
      'settings_pages' => ['authx' => ['weight' => 1000 + $weight]],
    ];
    $s["authx_{$flow}_user"] = $basic + [
      'name' => "authx_{$flow}_user",
      'type' => 'String',
      'quick_form_type' => 'Select',
      'html_type' => 'Select',
      'html_attributes' => [
        'class' => 'huge crm-select2',
      ],
      'default' => 'optional',
      'title' => ts('User account requirements (%1)', [1 => $flowLabel]),
      'help_text' => NULL,
      'pseudoconstant' => [
        'callback' => ['\Civi\Authx\Meta', 'getUserModes'],
      ],
      'settings_pages' => ['authx' => ['weight' => 2000 + $weight]],
    ];
  }

  // Override defaults for a few specific elements
  $s['authx_legacyrest_cred']['default'] = ['jwt', 'api_key'];
  $s['authx_legacyrest_user']['default'] = 'require';
  $s['authx_param_cred']['default'] = ['jwt', 'api_key'];
  $s['authx_header_cred']['default'] = ['jwt', 'api_key'];
  $s['authx_xheader_cred']['default'] = ['jwt', 'api_key'];
  $s['authx_pipe_cred']['default'] = ['jwt', 'api_key'];

  // Oof. Attach description to one flow. This is silly - should be on all flows. But, at time of writing, the auto-generated `settings_pages` would become unreadable.
  $finalFlow = key(array_slice($flows, -1));
  $seeAlso = ts('See also: <a %1>Authentication Documentation</a>', [1 => 'href="https://docs.civicrm.org/dev/en/latest/framework/authx/" target="_blank"']);
  $s["authx_{$finalFlow}_cred"]['description'] = ts('Specify which types of <em>credentials</em> are allowed in each <em>authentication flow</em>.') . '<br/>' . $seeAlso;
  $s["authx_{$finalFlow}_user"]['description'] = ts('CiviCRM <em>Contacts</em> are often attached to CMS <em>User Accounts</em>. When authenticating a <em>Contact</em>, should it also load the <em>User Account</em>?') . '<br/>' . $seeAlso;

  return $s;
};

/**
 * Settings metadata file
 */
return $_authx_settings();
Commit	Line	Data
7b617429 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
	4	\| Copyright CiviCRM LLC. All rights reserved. \|
	5	\| \|
	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
	9	+--------------------------------------------------------------------+
	10	*/
	11
	12	use CRM_Authx_ExtensionUtil as E;
	13
	14	/**
	15	*
	16	* @package CRM
	17	* @copyright CiviCRM LLC https://civicrm.org/licensing
	18	*/
53951784	19	$_authx_settings = function() {
bab432f3	20	$weight = 10;
eafc90f7 TO	21	$flows = [
	22	'auto' => ts('Auto Login'),
	23	'header' => ts('HTTP Header'),
	24	'login' => ts('HTTP Session Login'),
	25	'param' => ts('HTTP Parameter'),
	26	'xheader' => ts('HTTP X-Header'),
	27	'legacyrest' => ts('Legacy REST'),
	28	'pipe' => ts('Pipe'),
	29	'script' => ts('Script'),
	30	];
7b617429 TO	31	$basic = [
	32	'group_name' => 'CiviCRM Preferences',
	33	'group' => 'authx',
	34	'is_domain' => 1,
	35	'is_contact' => 0,
	36	'add' => '5.36',
	37	];
	38
	39	$s = [];
a0956f3c TO	40	$s["authx_guards"] = $basic + [
	41	'name' => 'authx_guards',
	42	'type' => 'Array',
	43	'quick_form_type' => 'Select',
	44	'html_type' => 'Select',
	45	'html_attributes' => [
	46	'multiple' => 1,
0c2434fa	47	'class' => 'huge crm-select2',
a0956f3c TO	48	],
	49	'default' => ['site_key', 'perm'],
	50	'title' => ts('Authentication guard'),
eafc90f7	51	'description' => ts('Enable an authentication guard if you want to limit which users may authenticate via authx. The permission-based guard is satisfied by checking user permissions. The key-based guard is satisfied by checking the secret site-key. If there are no guards, then any user can authenticate.'),
a0956f3c TO	52	'pseudoconstant' => [
	53	'callback' => ['\Civi\Authx\Meta', 'getGuardTypes'],
	54	],
bab432f3	55	'settings_pages' => ['authx' => ['weight' => $weight]],
a0956f3c	56	];
eafc90f7	57	foreach ($flows as $flow => $flowLabel) {
cb9722cc	58	$weight = $weight + 10;
7b617429 TO	59	$s["authx_{$flow}_cred"] = $basic + [
	60	'name' => "authx_{$flow}_cred",
	61	'type' => 'Array',
	62	'quick_form_type' => 'Select',
	63	'html_type' => 'Select',
	64	'html_attributes' => [
	65	'multiple' => 1,
0c2434fa	66	'class' => 'huge crm-select2',
7b617429 TO	67	],
7b617429 TO	68	'default' => ['jwt'],
eafc90f7	69	'title' => ts('Acceptable credentials (%1)', [1 => $flowLabel]),
7b617429 TO	70	'pseudoconstant' => [
	71	'callback' => ['\Civi\Authx\Meta', 'getCredentialTypes'],
	72	],
0c2434fa	73	'settings_pages' => ['authx' => ['weight' => 1000 + $weight]],
7b617429 TO	74	];
	75	$s["authx_{$flow}_user"] = $basic + [
	76	'name' => "authx_{$flow}_user",
	77	'type' => 'String',
	78	'quick_form_type' => 'Select',
	79	'html_type' => 'Select',
	80	'html_attributes' => [
0c2434fa	81	'class' => 'huge crm-select2',
7b617429 TO	82	],
7b617429 TO	83	'default' => 'optional',
eafc90f7	84	'title' => ts('User account requirements (%1)', [1 => $flowLabel]),
7b617429 TO	85	'help_text' => NULL,
	86	'pseudoconstant' => [
	87	'callback' => ['\Civi\Authx\Meta', 'getUserModes'],
	88	],
0c2434fa	89	'settings_pages' => ['authx' => ['weight' => 2000 + $weight]],
7b617429 TO	90	];
7b617429 TO	91	}
470101a9	92
df9b24b2 TO	93	// Override defaults for a few specific elements
	94	$s['authx_legacyrest_cred']['default'] = ['jwt', 'api_key'];
	95	$s['authx_legacyrest_user']['default'] = 'require';
470101a9 TO	96	$s['authx_param_cred']['default'] = ['jwt', 'api_key'];
	97	$s['authx_header_cred']['default'] = ['jwt', 'api_key'];
	98	$s['authx_xheader_cred']['default'] = ['jwt', 'api_key'];
02dc5c62	99	$s['authx_pipe_cred']['default'] = ['jwt', 'api_key'];
470101a9	100
eafc90f7 TO	101	// Oof. Attach description to one flow. This is silly - should be on all flows. But, at time of writing, the auto-generated `settings_pages` would become unreadable.
	102	$finalFlow = key(array_slice($flows, -1));
	103	$seeAlso = ts('See also: <a %1>Authentication Documentation</a>', [1 => 'href="https://docs.civicrm.org/dev/en/latest/framework/authx/" target="_blank"']);
	104	$s["authx_{$finalFlow}_cred"]['description'] = ts('Specify which types of <em>credentials</em> are allowed in each <em>authentication flow</em>.') . '<br/>' . $seeAlso;
	105	$s["authx_{$finalFlow}_user"]['description'] = ts('CiviCRM <em>Contacts</em> are often attached to CMS <em>User Accounts</em>. When authenticating a <em>Contact</em>, should it also load the <em>User Account</em>?') . '<br/>' . $seeAlso;
	106
7b617429	107	return $s;
53951784	108	};
7b617429 TO	109
	110	/**
	111	* Settings metadata file
	112	*/
53951784	113	return $_authx_settings();