diff options
author | Lauri Ojansivu <x@xet7.org> | 2018-11-17 16:50:42 +0200 |
---|---|---|
committer | Lauri Ojansivu <x@xet7.org> | 2018-11-17 16:50:42 +0200 |
commit | aa691b0af105c8dbc5443b1e0823a701e53c3871 (patch) | |
tree | 7f76c9e79c6da428d85160ea9108d586a0e560f8 | |
parent | 7a75d821147c7d9e2ad48b212348c4bf2d4db063 (diff) | |
download | wekan-aa691b0af105c8dbc5443b1e0823a701e53c3871.tar.gz wekan-aa691b0af105c8dbc5443b1e0823a701e53c3871.tar.bz2 wekan-aa691b0af105c8dbc5443b1e0823a701e53c3871.zip |
- Revert Improve authentication to [fix Login failure](https://github.com/wekan/wekan/issues/2004).
Thanks to xet7 !
Closes #2004
-rw-r--r-- | .meteor/packages | 1 | ||||
-rw-r--r-- | .meteor/versions | 1 | ||||
-rw-r--r-- | Dockerfile | 10 | ||||
-rw-r--r-- | client/components/main/layouts.jade | 1 | ||||
-rw-r--r-- | client/components/main/layouts.js | 87 | ||||
-rw-r--r-- | client/components/settings/connectionMethod.jade | 6 | ||||
-rw-r--r-- | client/components/settings/connectionMethod.js | 34 | ||||
-rw-r--r-- | docker-compose.yml | 12 | ||||
-rw-r--r-- | models/settings.js | 31 | ||||
-rw-r--r-- | models/users.js | 8 | ||||
-rw-r--r-- | server/publications/users.js | 1 | ||||
-rwxr-xr-x | snap-src/bin/config | 18 | ||||
-rwxr-xr-x | snap-src/bin/wekan-help | 16 |
13 files changed, 89 insertions, 137 deletions
diff --git a/.meteor/packages b/.meteor/packages index f8626704..3779a684 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -89,4 +89,3 @@ mquandalle:moment msavin:usercache wekan:wekan-ldap wekan:accounts-cas -msavin:sjobs diff --git a/.meteor/versions b/.meteor/versions index 5235e6a0..6415eb8b 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -117,7 +117,6 @@ mquandalle:jquery-ui-drag-drop-sort@0.2.0 mquandalle:moment@1.0.1 mquandalle:mousetrap-bindglobal@0.0.1 mquandalle:perfect-scrollbar@0.6.5_2 -msavin:sjobs@3.0.6 msavin:usercache@1.0.0 npm-bcrypt@0.9.3 npm-mongo@2.2.33 @@ -64,10 +64,6 @@ ARG LDAP_SYNC_USER_DATA ARG LDAP_SYNC_USER_DATA_FIELDMAP ARG LDAP_SYNC_GROUP_ROLES ARG LDAP_DEFAULT_DOMAIN -ARG LOGOUT_WITH_TIMER -ARG LOGOUT_IN -ARG LOGOUT_ON_HOURS -ARG LOGOUT_ON_MINUTES # Set the environment variables (defaults where required) # DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303 @@ -134,11 +130,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth LDAP_SYNC_USER_DATA=false \ LDAP_SYNC_USER_DATA_FIELDMAP="" \ LDAP_SYNC_GROUP_ROLES="" \ - LDAP_DEFAULT_DOMAIN="" \ - LOGOUT_WITH_TIMER="false" \ - LOGOUT_IN="" \ - LOGOUT_ON_HOURS="" \ - LOGOUT_ON_MINUTES="" + LDAP_DEFAULT_DOMAIN="" # Copy the app to the image COPY ${SRC_PATH} /home/wekan/app diff --git a/client/components/main/layouts.jade b/client/components/main/layouts.jade index ac7da3af..68876dc5 100644 --- a/client/components/main/layouts.jade +++ b/client/components/main/layouts.jade @@ -18,6 +18,7 @@ template(name="userFormsLayout") img(src="{{pathFor '/wekan-logo.png'}}" alt="Wekan") section.auth-dialog +Template.dynamic(template=content) + +connectionMethod if isCas .at-form button#cas(class='at-btn submit' type='submit') {{casSignInLabel}} diff --git a/client/components/main/layouts.js b/client/components/main/layouts.js index 9838354f..393f890b 100644 --- a/client/components/main/layouts.js +++ b/client/components/main/layouts.js @@ -6,13 +6,23 @@ const i18nTagToT9n = (i18nTag) => { return i18nTag; }; -Template.userFormsLayout.onCreated(function() { - Meteor.call('getDefaultAuthenticationMethod', (error, result) => { - this.data.defaultAuthenticationMethod = new ReactiveVar(error ? undefined : result); - }); -}); +const validator = { + set(obj, prop, value) { + if (prop === 'state' && value !== 'signIn') { + $('.at-form-authentication').hide(); + } else if (prop === 'state' && value === 'signIn') { + $('.at-form-authentication').show(); + } + // The default behavior to store the value + obj[prop] = value; + // Indicate success + return true; + }, +}; Template.userFormsLayout.onRendered(() => { + AccountsTemplates.state.form.keys = new Proxy(AccountsTemplates.state.form.keys, validator); + const i18nTag = navigator.language; if (i18nTag) { T9n.setLanguage(i18nTagToT9n(i18nTag)); @@ -71,14 +81,13 @@ Template.userFormsLayout.events({ } }); }, - 'click #at-btn'(event, instance) { + 'click #at-btn'(event) { /* All authentication method can be managed/called here. !! DON'T FORGET to correctly fill the fields of the user during its creation if necessary authenticationMethod : String !! */ - const email = $('#at-field-username_and_email').val(); - const password = $('#at-field-password').val(); - - if (FlowRouter.getRouteName() !== 'atSignIn' || password === '') { + const authenticationMethodSelected = $('.select-authentication').val(); + // Local account + if (authenticationMethodSelected === 'password') { return; } @@ -86,11 +95,29 @@ Template.userFormsLayout.events({ event.preventDefault(); event.stopImmediatePropagation(); - Meteor.subscribe('user-authenticationMethod', email, { - onReady() { - return authentication.call(this, instance, email, password); - }, - }); + const email = $('#at-field-username_and_email').val(); + const password = $('#at-field-password').val(); + + // Ldap account + if (authenticationMethodSelected === 'ldap') { + // Check if the user can use the ldap connection + Meteor.subscribe('user-authenticationMethod', email, { + onReady() { + const user = Users.findOne(); + if (user === undefined || user.authenticationMethod === 'ldap') { + // Use the ldap connection package + Meteor.loginWithLDAP(email, password, function(error) { + if (!error) { + // Connection + return FlowRouter.go('/'); + } + return error; + }); + } + return this.stop(); + }, + }); + } }, }); @@ -99,33 +126,3 @@ Template.defaultLayout.events({ Modal.close(); }, }); - -function authentication(instance, email, password) { - let user = Users.findOne(); - // Authentication with password - if (user && user.authenticationMethod === 'password') { - $('#at-pwd-form').submit(); - // Meteor.call('logoutWithTimer', user._id, () => {}); - return this.stop(); - } - - // If user doesn't exist, uses the default authentication method if it defined - if (user === undefined) { - user = { - 'authenticationMethod': instance.data.defaultAuthenticationMethod.get(), - }; - } - - // Authentication with LDAP - if (user.authenticationMethod === 'ldap') { - // Use the ldap connection package - Meteor.loginWithLDAP(email, password, function(error) { - if (!error) { - // Meteor.call('logoutWithTimer', Users.findOne()._id, () => {}); - return FlowRouter.go('/'); - } - return error; - }); - } - return this.stop(); -} diff --git a/client/components/settings/connectionMethod.jade b/client/components/settings/connectionMethod.jade new file mode 100644 index 00000000..ac4c8c64 --- /dev/null +++ b/client/components/settings/connectionMethod.jade @@ -0,0 +1,6 @@ +template(name='connectionMethod') + div.at-form-authentication + label {{_ 'authentication-method'}} + select.select-authentication + each authentications + option(value="{{value}}") {{_ value}} diff --git a/client/components/settings/connectionMethod.js b/client/components/settings/connectionMethod.js new file mode 100644 index 00000000..9fe8f382 --- /dev/null +++ b/client/components/settings/connectionMethod.js @@ -0,0 +1,34 @@ +Template.connectionMethod.onCreated(function() { + this.authenticationMethods = new ReactiveVar([]); + + Meteor.call('getAuthenticationsEnabled', (_, result) => { + if (result) { + // TODO : add a management of different languages + // (ex {value: ldap, text: TAPi18n.__('ldap', {}, T9n.getLanguage() || 'en')}) + this.authenticationMethods.set([ + {value: 'password'}, + // Gets only the authentication methods availables + ...Object.entries(result).filter((e) => e[1]).map((e) => ({value: e[0]})), + ]); + } + + // If only the default authentication available, hides the select boxe + const content = $('.at-form-authentication'); + if (!(this.authenticationMethods.get().length > 1)) { + content.hide(); + } else { + content.show(); + } + }); +}); + +Template.connectionMethod.onRendered(() => { + // Moves the select boxe in the first place of the at-pwd-form div + $('.at-form-authentication').detach().prependTo('.at-pwd-form'); +}); + +Template.connectionMethod.helpers({ + authentications() { + return Template.instance().authenticationMethods.get(); + }, +}); diff --git a/docker-compose.yml b/docker-compose.yml index 3a3befbb..56ca7775 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -195,18 +195,6 @@ services: # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #- LDAP_DEFAULT_DOMAIN= - # LOGOUT_WITH_TIMER : Enables or not the option logout with timer - # example : LOGOUT_WITH_TIMER=true - #- LOGOUT_WITH_TIMER= - # LOGOUT_IN : The number of days - # example : LOGOUT_IN=1 - #- LOGOUT_IN= - # LOGOUT_ON_HOURS : The number of hours - # example : LOGOUT_ON_HOURS=9 - #- LOGOUT_ON_HOURS= - # LOGOUT_ON_MINUTES : The number of minutes - # example : LOGOUT_ON_MINUTES=55 - #- LOGOUT_ON_MINUTES= depends_on: - wekandb diff --git a/models/settings.js b/models/settings.js index 6c9f5a53..c2a9bf01 100644 --- a/models/settings.js +++ b/models/settings.js @@ -76,7 +76,6 @@ if (Meteor.isServer) { }, createdAt: now, modifiedAt: now}; Settings.insert(defaultSetting); } - const newSetting = Settings.findOne(); if (!process.env.MAIL_URL && newSetting.mailUrl()) process.env.MAIL_URL = newSetting.mailUrl(); @@ -236,35 +235,5 @@ if (Meteor.isServer) { cas: isCasEnabled(), }; }, - - getDefaultAuthenticationMethod() { - return process.env.DEFAULT_AUTHENTICATION_METHOD; - }, - - // TODO: patch error : did not check all arguments during call - logoutWithTimer(userId) { - if (process.env.LOGOUT_WITH_TIMER) { - Jobs.run('logOut', userId, { - in: { - days: process.env.LOGOUT_IN, - }, - on: { - hour: process.env.LOGOUT_ON_HOURS, - minute: process.env.LOGOUT_ON_MINUTES, - }, - priority: 1, - }); - } - }, - }); - - Jobs.register({ - logOut(userId) { - Meteor.users.update( - {_id: userId}, - {$set: {'services.resume.loginTokens': []}} - ); - this.success(); - }, }); } diff --git a/models/users.js b/models/users.js index 2e879d94..630f4703 100644 --- a/models/users.js +++ b/models/users.js @@ -520,10 +520,10 @@ if (Meteor.isServer) { } const disableRegistration = Settings.findOne().disableRegistration; - if (!disableRegistration) { - if (options.ldap) { - user.authenticationMethod = 'ldap'; - } + // If ldap, bypass the inviation code if the self registration isn't allowed. + // TODO : pay attention if ldap field in the user model change to another content ex : ldap field to connection_type + if (options.ldap || !disableRegistration) { + user.authenticationMethod = 'ldap'; return user; } diff --git a/server/publications/users.js b/server/publications/users.js index 136e1e08..f0c94153 100644 --- a/server/publications/users.js +++ b/server/publications/users.js @@ -22,7 +22,6 @@ Meteor.publish('user-authenticationMethod', function(match) { check(match, String); return Users.find({$or: [{_id: match}, {email: match}, {username: match}]}, { fields: { - '_id': 1, 'authenticationMethod': 1, }, }); diff --git a/snap-src/bin/config b/snap-src/bin/config index a89dfffd..a19baf7d 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER, LOGOUT_IN, LOGOUT_ON_HOURS, LOGOUT_ON_MINUTES" +keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN" # default values DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\ @@ -265,19 +265,3 @@ KEY_LDAP_SYNC_GROUP_ROLES="ldap-sync-group-roles" DESCRIPTION_LDAP_DEFAULT_DOMAIN="The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP" DEFAULT_LDAP_DEFAULT_DOMAIN="" KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain" - -DESCRIPTION_LOGOUT_WITH_TIMER="Enables or not the option logout with timer" -DEFAULT_LOGOUT_WITH_TIMER="false" -KEY_LOGOUT_WITH_TIMER="logout-with-timer" - -DESCRIPTION_LOGOUT_IN="The number of days" -DEFAULT_LOGOUT_IN="" -KEY_LOGOUT_IN="logout-in" - -DESCRIPTION_LOGOUT_ON_HOURS="The number of hours" -DEFAULT_LOGOUT_ON_HOURS="" -KEY_LOGOUT_ON_HOURS="logout-on-hours" - -DESCRIPTION_LOGOUT_ON_MINUTES="The number of minutes" -DEFAULT_LOGOUT_ON_MINUTES="" -KEY_LOGOUT_ON_MINUTES="logout-on-minutes" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index 4cd0001e..c488a538 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -245,22 +245,6 @@ echo -e "Ldap Default Domain." echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:" echo -e "\t$ snap set $SNAP_NAME LDAP_DEFAULT_DOMAIN=''" echo -e "\n" -echo -e "Logout with timer." -echo -e "Enable or not the option that allows to disconnect an user after a given time:" -echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'" -echo -e "\n" -echo -e "Logout in." -echo -e "Logout in how many days:" -echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'" -echo -e "\n" -echo -e "Logout on hours." -echo -e "Logout in how many hours:" -echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'" -echo -e "\n" -echo -e "Logout on minutes." -echo -e "Logout in how many minutes:" -echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'" -echo -e "\n" # parse config file for supported settings keys echo -e "wekan supports settings keys" echo -e "values can be changed by calling\n$ snap set $SNAP_NAME <key name>='<key value>'" |