From cfb9b7c5919fed2cb47a0770d28b9d5267b40a03 Mon Sep 17 00:00:00 2001 From: Tiara Rodney Date: Sat, 14 Mar 2026 20:12:10 +0100 Subject: [PATCH] fix(bugzilla): allow anonymous browsing --- ansible/roles/bugzilla/tasks/deploy-bugzilla.yml | 2 +- .../roles/bugzilla/templates/bugzilla-vhost.conf.j2 | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ansible/roles/bugzilla/tasks/deploy-bugzilla.yml b/ansible/roles/bugzilla/tasks/deploy-bugzilla.yml index 9650252..1f718ab 100644 --- a/ansible/roles/bugzilla/tasks/deploy-bugzilla.yml +++ b/ansible/roles/bugzilla/tasks/deploy-bugzilla.yml @@ -126,7 +126,7 @@ name: Deploy OIDC login redirect page copy: src: oidc-login.html - dest: "{{ bugzilla_dir }}/oidc-login.html" + dest: "{{ install_dir }}/oidc-login.html" owner: www-data group: www-data when: oauth_client_id is defined diff --git a/ansible/roles/bugzilla/templates/bugzilla-vhost.conf.j2 b/ansible/roles/bugzilla/templates/bugzilla-vhost.conf.j2 index fc89b8a..26311e9 100644 --- a/ansible/roles/bugzilla/templates/bugzilla-vhost.conf.j2 +++ b/ansible/roles/bugzilla/templates/bugzilla-vhost.conf.j2 @@ -25,8 +25,12 @@ OIDCPassClaimsAs environment OIDCSSLValidateServer Off OIDCProviderEndSessionEndpoint {{ oauth_issuer_url }}/end-session/ + OIDCDefaultURL https://{{ domain }}/ - + # Login trigger — Alias to file outside DocumentRoot so the + # Directory's OIDCUnAuthAction pass does not apply here. + Alias /oidc-login {{ install_dir }}/oidc-login.html + AuthType openid-connect Require valid-user @@ -45,7 +49,11 @@ Options +ExecCGI +FollowSymLinks DirectoryIndex index.cgi index.html AllowOverride All -{% if oauth_client_id is not defined %} +{% if oauth_client_id is defined %} + AuthType openid-connect + OIDCUnAuthAction pass + Require valid-user +{% else %} Require all granted {% endif %}