SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
							# Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/

class OpenIdConnectSettings < ActiveRecord::Migration[7.1]
  def change
    # return if it's a new setup
    return if !Setting.exists?(name: 'system_init_done')

    Setting.create_if_not_exists(
      title:       'Authentication via %s',
      name:        'auth_openid_connect',
      area:        'Security::ThirdPartyAuthentication',
      description: 'Enables user authentication via %s.',
      options:     {
        form: [
          {
            display: '',
            null:    true,
            name:    'auth_openid_connect',
            tag:     'boolean',
            options: {
              true  => 'yes',
              false => 'no',
            },
          },
        ],
      },
      preferences: {
        controller:       'SettingsAreaSwitch',
        sub:              ['auth_openid_connect_credentials'],
        title_i18n:       ['OpenID Connect'],
        description_i18n: ['OpenID Connect'],
        permission:       ['admin.security'],
      },
      state:       false,
      frontend:    true
    )

    Setting.create_if_not_exists(
      title:       'OpenID Connect Options',
      name:        'auth_openid_connect_credentials',
      area:        'Security::ThirdPartyAuthentication::OIDC',
      description: 'Enables user authentication via OpenID Connect.',
      options:     {
        form: [
          {
            display:     'Display name',
            null:        true,
            name:        'display_name',
            tag:         'input',
            placeholder: 'OpenID Connect',
          },
          {
            display:     'Identifier',
            null:        true,
            name:        'identifier',
            tag:         'input',
            required:    true,
            placeholder: '',
          },
          {
            display:     'Issuer',
            null:        true,
            name:        'issuer',
            tag:         'input',
            placeholder: 'https://example.com',
            required:    true,
          },
          {
            display:     'UID Field',
            null:        true,
            name:        'uid_field',
            tag:         'input',
            placeholder: 'sub',
            help:        'Field that uniquely identifies the user. If unset, "sub" is used.'
          },
          {
            display:     'Scopes',
            null:        true,
            name:        'scope',
            tag:         'input',
            placeholder: 'openid email profile',
            help:        'Scopes that are included, separated by a single space character. If unset, "openid email profile" is used.'
          },
        ],
      },
      state:       {},
      preferences: {
        permission: ['admin.security'],
      },
      frontend:    false
    )
  end
end