Merge pull request #66 from overleaf/jk-sp-external-auth-flag

Add new EXTERNAL_AUTH variable

CHANGELOG.md

@@ -2,6 +2,14 @@
 
 ## TBD
 ### Added
+- Server Pro: New variable to control LDAP and SAML, `EXTERNAL_AUTH`, which can
+  be set to one of `ldap`, `saml`, `none`. This is the preferred way to activate
+  LDAP and SAML.  For backward compatibility, if this is not set, we fall back
+  to the legacy behaviour of inferring which module to activate from the
+  relevant environment variables.
+  - This should not affect current installations. Please contact support if you
+    encounter any problems
+  - See [LDAP](./doc/ldap.md) and [SAML](./doc/saml.md) documentation for more
 - `bin/upgrade` displays any changes to the changelog and prompts for
    confirmation before applying the remote changes to the local branch.
 

doc/ldap.md

@@ -4,6 +4,16 @@ Available in Overleaf Server Pro is the ability to use a LDAP server to manage u
 
 LDAP is configured in the Toolkit via [`variables.env`](./configuration.md).
 
+The `EXTERNAL_AUTH` variable must be set to `ldap`, to enable the LDAP module:
+
+```
+EXTERNAL_AUTH=ldap
+```
+
+(To preserve backward compatibility with older configuration files, if
+`EXTERNAL_AUTH` is not set, but `SHARELATEX_LDAP_URL` is set, then the LDAP
+module will be activated. We still recommend setting `EXTERNAL_AUTH` explicitely)
+
 After bootstrapping Server Pro for the first time with LDAP authentication, an existing LDAP user must be given admin permissions visiting `/launchpad` page (or [via CLI](https://github.com/overleaf/overleaf/wiki/Creating-and-managing-users#creating-the-first-admin-user), but in this case ignoring password confirmation). 
 
 LDAP users will appear in Overleaf Admin Panel once they log in first time with their initial credentials.
@@ -17,6 +27,7 @@ At Overleaf, we test the LDAP integration against a [test openldap server](https
 ```
 # added to variables.env
 
+EXTERNAL_AUTH=ldap
 SHARELATEX_LDAP_URL=ldap://ldap:389
 SHARELATEX_LDAP_SEARCH_BASE=ou=people,dc=planetexpress,dc=com
 SHARELATEX_LDAP_SEARCH_FILTER=(uid={{username}})

doc/saml.md

@@ -4,6 +4,16 @@ Available in Overleaf Server Pro is the ability to use a SAML server to manage u
 
 SAML is configured in the Toolkit via [`variables.env`](./configuration.md).
 
+The `EXTERNAL_AUTH` variable must be set to `saml`, to enable the SAML module:
+
+```
+EXTERNAL_AUTH=saml
+```
+
+(To preserve backward compatibility with older configuration files, if
+`EXTERNAL_AUTH` is not set, but `SHARELATEX_SAML_ENTRYPOINT` is set, then the SAML
+module will be activated. We still recommend setting `EXTERNAL_AUTH` explicitely)
+
 The [Developer wiki](https://github.com/overleaf/overleaf/wiki/Server-Pro:-SAML-Config) contains further documentation on the available Environment Variables and other configuration elements. 
 
 ## Example
@@ -13,6 +23,7 @@ At Overleaf, we test the SAML integration against a SAML test server. The follow
 ```
 # added to variables.env
 
+EXTERNAL_AUTH=saml
 SHARELATEX_SAML_ENTRYPOINT=http://localhost:8081/simplesaml/saml2/idp/SSOService.php
 SHARELATEX_SAML_CALLBACK_URL=http://saml/saml/callback
 SHARELATEX_SAML_ISSUER=sharelatex-test-saml

lib/config-seed/variables.env

@@ -48,6 +48,7 @@ TEXMFVAR=/var/lib/sharelatex/tmp/texmf-var
 ## Server Pro ##
 ################
 
+EXTERNAL_AUTH=none
 # SHARELATEX_LDAP_URL=ldap://ldap:389
 # SHARELATEX_LDAP_SEARCH_BASE=ou=people,dc=planetexpress,dc=com
 # SHARELATEX_LDAP_SEARCH_FILTER=(uid={{username}})