From aaea018c759fdf65e9da1dcc6f0925d803410154 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Fri, 22 Nov 2024 13:35:18 +0200 Subject: [PATCH 1/2] settings/types: String list can now be cleared out --- docs/core/settings/types.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/core/settings/types.md b/docs/core/settings/types.md index 545701385..4bf65b3e8 100644 --- a/docs/core/settings/types.md +++ b/docs/core/settings/types.md @@ -211,6 +211,16 @@ fs_randomfail_ops { } ``` +You can clear out an existing string list by setting it to an empty value. +This is mainly useful to drop default settings. For example: + +``` +auth_policy_request_attributes = +auth_policy_request_attributes { + login = %{requested_username} +} +``` + ## Boolean List The boolean list type is a list of `key=yes/no` pairs. Each key is unique From 31a2d4e68d1d62c819f6d1a194f2b3059619f690 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Fri, 22 Nov 2024 13:40:27 +0200 Subject: [PATCH 2/2] settings, auth/policy: Change auth_policy_request_attributes to be strlist Also just link to the supported variables rather than duplicating them. The duplication was also missing fail_type. --- data/settings.js | 16 +++------------- docs/core/config/auth/policy.md | 11 ++++++++++- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/data/settings.js b/data/settings.js index c22f1ba32..68f522397 100644 --- a/data/settings.js +++ b/data/settings.js @@ -4340,23 +4340,13 @@ If \`no\`, there will be no report for the authentication result.` Default has changed.` }, tags: [ 'auth_policy' ], - values: setting_types.STRING, + values: setting_types.STRLIST, seealso: [ 'auth_policy_server_url' ], text: ` Request attributes specification. -Variables that can be used for this setting: - -- [[variable,auth]] - -- \`%{hashed_password}\` - - - Truncated auth policy hash of username and password - -- \`%{requested_username}\` - - - Logged in user. Same as \`%{user}\`, except for master user logins the - same as \`%{login_user}\`.` +See [[link,auth_policy_variables]] for variables that can be used for this +setting.` }, auth_policy_server_api_header: { diff --git a/docs/core/config/auth/policy.md b/docs/core/config/auth/policy.md index 31560dc3a..c3b7d2bb4 100644 --- a/docs/core/config/auth/policy.md +++ b/docs/core/config/auth/policy.md @@ -6,6 +6,9 @@ dovecotlinks: auth_policy_configuration: hash: configuration text: Auth Policy Configuration + auth_policy_variables: + hash: list-of-fields + text: Auth Policy Variables --- # Authentication Policy @@ -44,7 +47,13 @@ auth_policy_hash_nonce = localized_random_string # OPTIONAL settings #auth_policy_server_api_header = Authorization: Basic #auth_policy_hash_mech = sha256 -#auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%{protocol} +#auth_policy_request_attributes { +# login = %{requested_username} +# pwhash = %{hashed_password} +# remote = %{rip} +# device_id = %{client_id} +# protocol = %{protocol} +#} #auth_policy_reject_on_fail = no #auth_policy_hash_truncate = 12 #auth_policy_check_before_auth = yes