Add support for local authentication.

2024-08-21 19:37:52 -07:00 · 2024-08-21 19:37:52 -07:00 · 964662d7f7
commit 964662d7f7
parent 1669d64a5a
4 changed files with 18 additions and 2 deletions
--- a/.env.sample
+++ b/.env.sample
@ -18,6 +18,12 @@ COMPOSE_FILE=compose.yml

 #VIKUNJA_RATELIMIT_NOAUTHLIMIT=10

+# uncomment to enable local authentication
+# LOCAL_AUTH_ENABLED=true
+# uncomment to enable self-registration (if disabled, can be done via
+# command line in the api container with vikunja user command)
+# LOCAL_REGISTRATION_ENABLED=true
+
 # SSO OAUTH
 # e.g. see https://goauthentik.io/integrations/services/vikunja/
 # COMPOSE_FILE="${COMPOSE_FILE}:compose.oauth.yml"
--- a/abra.sh
+++ b/abra.sh
@ -1 +1 @@
-export CONFIG_YML_VERSION=v4
+export CONFIG_YML_VERSION=v6
--- a/compose.yml
+++ b/compose.yml
@ -8,6 +8,8 @@ services:
      - DOMAIN
      - LOG_LEVEL
      - VIKUNJA_RATELIMIT_NOAUTHLIMIT
+      - LOCAL_AUTH_ENABLED
+      - LOCAL_REGISTRATION_ENABLED
    volumes:
      - files:/app/vikunja/files
    networks:
--- a/config.yml.tmpl
+++ b/config.yml.tmpl
@ -33,7 +33,11 @@ service:
 #   # Enable sharing of lists via a link
 #   enablelinksharing: true
 #   # Whether to let new users registering themselves or not
-#   enableregistration: true
+{{ if eq (env "LOCAL_REGISTRATION_ENABLED") "true" }}
+  enableregistration: true
+{{ else }}
+  enableregistration: false
+{{ end }}
 #   # Whether to enable task attachments or not
 #   enabletaskattachments: true
 #   # The time zone all timestamps are in. Please note that time zones have to use [the official tz database names](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). UTC or GMT offsets won't work.
@ -290,7 +294,11 @@ auth:
  # This is the default auth mechanism and does not require any additional configuration.
  local:
    # Enable or disable local authentication
+{{ if eq (env "LOCAL_AUTH_ENABLED") "true" }}
+    enabled: true
+{{ else }}
    enabled: false
+{{ end }}
  # OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.<br/>
  # The provider needs to support the `openid`, `profile` and `email` scopes.<br/>
  # **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible.