ts('Auto Login'), 'header' => ts('HTTP Header'), 'login' => ts('HTTP Session Login'), 'param' => ts('HTTP Parameter'), 'xheader' => ts('HTTP X-Header'), 'legacyrest' => ts('Legacy REST'), 'pipe' => ts('Pipe'), 'script' => ts('Script'), ]; $basic = [ 'group_name' => 'CiviCRM Preferences', 'group' => 'authx', 'is_domain' => 1, 'is_contact' => 0, 'add' => '5.36', ]; $s = []; $s["authx_guards"] = $basic + [ 'name' => 'authx_guards', 'type' => 'Array', 'quick_form_type' => 'Select', 'html_type' => 'Select', 'html_attributes' => [ 'multiple' => 1, 'class' => 'huge crm-select2', ], 'default' => ['site_key', 'perm'], 'title' => ts('Authentication guard'), 'description' => ts('Enable an authentication guard if you want to limit which users may authenticate via authx. The permission-based guard is satisfied by checking user permissions. The key-based guard is satisfied by checking the secret site-key. If there are no guards, then any user can authenticate.'), 'pseudoconstant' => [ 'callback' => ['\Civi\Authx\Meta', 'getGuardTypes'], ], 'settings_pages' => ['authx' => ['weight' => $weight]], ]; foreach ($flows as $flow => $flowLabel) { $weight = $weight + 10; $s["authx_{$flow}_cred"] = $basic + [ 'name' => "authx_{$flow}_cred", 'type' => 'Array', 'quick_form_type' => 'Select', 'html_type' => 'Select', 'html_attributes' => [ 'multiple' => 1, 'class' => 'huge crm-select2', ], 'default' => ['jwt'], 'title' => ts('Acceptable credentials (%1)', [1 => $flowLabel]), 'pseudoconstant' => [ 'callback' => ['\Civi\Authx\Meta', 'getCredentialTypes'], ], 'settings_pages' => ['authx' => ['weight' => 1000 + $weight]], ]; $s["authx_{$flow}_user"] = $basic + [ 'name' => "authx_{$flow}_user", 'type' => 'String', 'quick_form_type' => 'Select', 'html_type' => 'Select', 'html_attributes' => [ 'class' => 'huge crm-select2', ], 'default' => 'optional', 'title' => ts('User account requirements (%1)', [1 => $flowLabel]), 'help_text' => NULL, 'pseudoconstant' => [ 'callback' => ['\Civi\Authx\Meta', 'getUserModes'], ], 'settings_pages' => ['authx' => ['weight' => 2000 + $weight]], ]; } // Override defaults for a few specific elements $s['authx_legacyrest_cred']['default'] = ['jwt', 'api_key']; $s['authx_legacyrest_user']['default'] = 'require'; $s['authx_param_cred']['default'] = ['jwt', 'api_key']; $s['authx_header_cred']['default'] = ['jwt', 'api_key']; $s['authx_xheader_cred']['default'] = ['jwt', 'api_key']; $s['authx_pipe_cred']['default'] = ['jwt', 'api_key']; // Oof. Attach description to one flow. This is silly - should be on all flows. But, at time of writing, the auto-generated `settings_pages` would become unreadable. $finalFlow = key(array_slice($flows, -1)); $seeAlso = ts('See also: Authentication Documentation', [1 => 'href="https://docs.civicrm.org/dev/en/latest/framework/authx/" target="_blank"']); $s["authx_{$finalFlow}_cred"]['description'] = ts('Specify which types of credentials are allowed in each authentication flow.') . '
' . $seeAlso; $s["authx_{$finalFlow}_user"]['description'] = ts('CiviCRM Contacts are often attached to CMS User Accounts. When authenticating a Contact, should it also load the User Account?') . '
' . $seeAlso; return $s; }; /** * Settings metadata file */ return $_authx_settings();