From 53a49c2a68f6983362216dbe028d1f18fc008e22 Mon Sep 17 00:00:00 2001
From: Daniel Schmidt <dcschmidt@berkeley.edu>
Date: Tue, 9 Jul 2024 14:48:26 -0700
Subject: [PATCH] DEV-527: Make all CAS variables configurable via the
 environment with default values set by init script

---
 Dockerfile                           |  1 +
 docker-compose.yml                   |  5 -----
 files/etc/httpd/conf.d/auth_cas.conf | 16 +++++++---------
 files/pre-init/50-cas-variables.sh   | 14 ++++++++++++++
 4 files changed, 22 insertions(+), 14 deletions(-)
 create mode 100644 files/pre-init/50-cas-variables.sh

diff --git a/Dockerfile b/Dockerfile
index 10151fb..04e57c4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,4 +11,5 @@ RUN yum -y update && \
 
 USER root
 COPY files/etc/httpd /etc/httpd
+COPY files/pre-init /usr/share/container-scripts/httpd/pre-init
 COPY files/var/www /var/www
diff --git a/docker-compose.yml b/docker-compose.yml
index 2b3e7e0..3232b65 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,11 +3,6 @@
 services:
   app:
     build: .
-    environment:
-      - CAS_LOGIN_URL=https://auth.berkeley.edu/cas/
-      - CAS_VALIDATE_URL=https://auth.berkeley.edu/cas/serviceValidate
-      - CAS_PROXY_VALIDATE_URL=https://auth.berkeley.edu/cas/proxyValidate
-      - CAS_ROOT_PROXIED_AS=http://localhost
     ports:
       - 80:8080
     volumes:
diff --git a/files/etc/httpd/conf.d/auth_cas.conf b/files/etc/httpd/conf.d/auth_cas.conf
index 33d29fa..9d96400 100644
--- a/files/etc/httpd/conf.d/auth_cas.conf
+++ b/files/etc/httpd/conf.d/auth_cas.conf
@@ -1,15 +1,13 @@
 <IfModule auth_cas_module>
-    CASVersion 2
-    CASDebug Off
+    CASVersion ${CAS_VERSION}
+    CASDebug ${CAS_DEBUG}
     CASLoginURL ${CAS_LOGIN_URL}
     CASValidateURL ${CAS_VALIDATE_URL}
     CASProxyValidateURL ${CAS_PROXY_VALIDATE_URL}
-    CASTimeout 7200
-    CASIdleTimeout 3600
-    CASCacheCleanInterval 1800
-    CASCookiePath /var/cache/httpd/mod_auth_cas/
-    CASCookieEntropy 32
-
-    # You must set CAS_ROOT_PROXIED_AS in the environment
+    CASTimeout ${CAS_TIMEOUT}
+    CASIdleTimeout ${CAS_IDLE_TIMEOUT}
+    CASCacheCleanInterval ${CAS_CACHE_CLEAN_INTERVAL}
+    CASCookieEntropy ${CAS_COOKIE_ENTROPY}
     CASRootProxiedAs ${CAS_ROOT_PROXIED_AS}
+    CASCookiePath ${CAS_COOKIE_PATH}
 </IfModule>
diff --git a/files/pre-init/50-cas-variables.sh b/files/pre-init/50-cas-variables.sh
new file mode 100644
index 0000000..ee64fbd
--- /dev/null
+++ b/files/pre-init/50-cas-variables.sh
@@ -0,0 +1,14 @@
+# For option definitions:
+# @see https://github.com/apereo/mod_auth_cas
+
+export CAS_CACHE_CLEAN_INTERVAL="${CAS_CACHE_CLEAN_INTERVAL:-1800}"
+export CAS_COOKIE_ENTROPY="${CAS_COOKIE_ENTROPY:-32}"
+export CAS_COOKIE_PATH="${CAS_COOKIE_PATH:-/var/cache/httpd/mod_auth_cas/}"
+export CAS_DEBUG="${CAS_DEBUG:-off}"
+export CAS_IDLE_TIMEOUT="${CAS_IDLE_TIMEOUT:-3600}"
+export CAS_LOGIN_URL="${CAS_LOGIN_URL:-https://auth.berkeley.edu/cas/}"
+export CAS_PROXY_VALIDATE_URL="${CAS_PROXY_VALIDATE_URL:-https://auth.berkeley.edu/cas/proxyValidate}"
+export CAS_ROOT_PROXIED_AS="${CAS_ROOT_PROXIED_AS:-http://localhost}"
+export CAS_TIMEOUT="${CAS_TIMEOUT:-7200}"
+export CAS_VALIDATE_URL="${CAS_VALIDATE_URL:-https://auth.berkeley.edu/cas/serviceValidate}"
+export CAS_VERSION="${CAS_VERSION:-2}"