This is required for allowing the web office to download images to
insert into documents.
The secret is generated by `opencloud init` and the server refuses
to start now without a secret being set. (Breaking Change)
Also the setting is now moved to the shared options as all involved
services need the same secret to work properly.
Related: https://github.com/opencloud-eu/web/issues/704
* fix: collaboration service name
* change: do not use app name in service name
* feat: make collaboration service name configurable
* test: fix test config
With the ocdav service being able to provided signed download URLs we
need the proxy to be able to verify the signatures.
This should also be a first step towards phasing out the weird ocs based
client side signed urls.
Related Tickets: #1104
This introduces the "additional_headers", "remote_user_header" and
"skip_x_access_token" config keys to allow configuring routes to
external services that require addtional headers to be set.
"remote_user_header": defines the name of a Header that will carry the
userid of the authenticated user on the outgoing request.
"additional_headers": defines a list of header names and values that will
be added to outgoing requests on matching routes.
"skip_x_access_token": when set to true the reva access token will not
be added to the outgoing request.
Needed for #206
Add support for autoprovisioning group memberships from OIDC claims.
Users are added to and removed from groups based on the value of an OIDC
claim. If a group does not exist, it is created.
Closes: #5538
When auto-provisioning user accounts we used a fixed mapping for claims
for the userinfo response to user attributes. This change introduces
configuration options to defined which claims should be user for the
username, display name and email address of the auto-provisioned
accounts.
This also removes the automatic fallback to use the 'mail' claim as the
username when the 'preferred_username' claim does not exist.
Fixes: #8635
* feat: add CSP and other security related headers in the oCIS proxy service
* fix: consolidate security related headers - drop middleware.Secure
* fix: use github.com/DeepDiver1975/secure
* fix: acceptance tests
* feat: support env var replacements in csp.yaml
