6 description => "Add auth_provider and auth_provider_domains configuration tables",
9 my ($dbh, $out) = @$args{qw(dbh out)};
13 INSERT IGNORE permissions (module_bit, code, description)
15 ( 3, 'manage_authentication_providers', 'Manage authentication providers')
18 say $out "manage_authentication_providers permission added";
20 unless (TableExists('auth_providers')) {
22 CREATE TABLE `auth_providers` (
23 `auth_provider_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'unique key, used to identify the provider',
24 `code` varchar(20) NOT NULL COMMENT 'Provider code',
25 `description` varchar(255) NOT NULL COMMENT 'Description for the provider',
26 `protocol` enum('OAuth', 'OIDC', 'LDAP', 'CAS') COLLATE utf8mb4_unicode_ci NOT NULL COMMENT 'Protocol provider speaks',
27 `config` longtext NOT NULL DEFAULT '{}' COMMENT 'Configuration of the provider in JSON format',
28 `mapping` longtext NOT NULL DEFAULT '{}' COMMENT 'Configuration to map provider data to Koha user',
29 `matchpoint` enum('email','userid','cardnumber') NOT NULL COMMENT 'The patron attribute to be used as matchpoint',
30 `icon_url` varchar(255) COLLATE utf8mb4_unicode_ci DEFAULT NULL COMMENT 'Provider icon URL',
31 PRIMARY KEY (`auth_provider_id`),
33 KEY `protocol` (`protocol`)
34 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
38 unless (TableExists('auth_provider_domains')) {
40 CREATE TABLE `auth_provider_domains` (
41 `auth_provider_domain_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'unique key, used to identify providers domain',
42 `auth_provider_id` int(11) NOT NULL COMMENT 'Reference to provider',
43 `domain` varchar(100) COLLATE utf8mb4_unicode_ci DEFAULT NULL COMMENT 'Domain name. If null means all domains',
44 `auto_register` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'Allow user auto register',
45 `update_on_auth` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'Update user data on auth login',
46 `default_library_id` varchar(10) DEFAULT NULL COMMENT 'Default library to create user if auto register is enabled',
47 `default_category_id` varchar(10) DEFAULT NULL COMMENT 'Default category to create user if auto register is enabled',
48 `allow_opac` tinyint(1) NOT NULL DEFAULT 1 COMMENT 'Allow provider from opac interface',
49 `allow_staff` tinyint(1) NOT NULL DEFAULT 1 COMMENT 'Allow provider from staff interface',
50 PRIMARY KEY (`auth_provider_domain_id`),
51 UNIQUE KEY (`auth_provider_id`, `domain`),
52 KEY `domain` (`domain`),
53 KEY `allow_opac` (`allow_opac`),
54 KEY `allow_staff` (`allow_staff`),
55 CONSTRAINT `auth_provider_domain_ibfk_1` FOREIGN KEY (`auth_provider_id`) REFERENCES `auth_providers` (`auth_provider_id`) ON DELETE CASCADE,
56 CONSTRAINT `auth_provider_domain_ibfk_2` FOREIGN KEY (`default_library_id`) REFERENCES `branches` (`branchcode`) ON DELETE CASCADE,
57 CONSTRAINT `auth_provider_domain_ibfk_3` FOREIGN KEY (`default_category_id`) REFERENCES `categories` (`categorycode`) ON DELETE CASCADE
58 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
62 if (C4::Context->preference('GoogleOpenIDConnect')) {
63 # Print useful stuff here
64 say $out "Setting google provider";
66 INSERT INTO `auth_providers` (name, protocol, config, mapping), auto_register, registration_config, interface)
67 SELECT 'google' as name,
69 JSON_OBJECT("key", k.value, "secret", s.value, "well_known_url", "https://accounts.google.com/.well-known/openid-configuration", "scope", "openid email profile") as config,
70 JSON_OBJECT("email", "email", "firstname", "given_name", "surname", "family_name", "_key", "email") as mapping
72 (SELECT value FROM `systempreferences` where variable = 'GoogleOAuth2ClientID') k
74 (SELECT value FROM `systempreferences` where variable = 'GoogleOAuth2ClientSecret') s
78 INSERT INTO `auth_provider_domains` (auth_provider_id, domain, auto_register, update_on_auth, default_library_id, default_category_id, allow_opac, allow_staff)
81 r.value as auto_register,
83 b.value as default_branch,
84 c.value as default_category,
88 (SELECT id FROM `auth_provider` WHERE name = 'google') p
90 (SELECT CASE WHEN value = '' OR value IS NULL THEN NULL ELSE value END as value FROM `systempreferences` where variable = 'GoogleOpenIDConnectDomain') d
92 (SELECT CASE WHEN value = '' OR value IS NULL THEN '0' ELSE value END as value FROM `systempreferences` where variable = 'GoogleOpenIDConnectAutoRegister') r
94 (SELECT CASE WHEN value = '' OR value IS NULL THEN NULL ELSE value END as value FROM `systempreferences` where variable = 'GoogleOpenIDConnectDefaultCategory') c
96 (SELECT CASE WHEN value = '' OR value IS NULL THEN NULL ELSE value END as value FROM `systempreferences` where variable = 'GoogleOpenIDConnectDefaultBranch') b