diff options
author | Lauri Ojansivu <x@xet7.org> | 2019-03-21 21:37:38 +0200 |
---|---|---|
committer | Lauri Ojansivu <x@xet7.org> | 2019-03-21 21:37:38 +0200 |
commit | 7919ae362866c0cacf2a486bf91b12e4d25807d7 (patch) | |
tree | 06f164b817896ae78aac9d0fb2ba586d7136befb | |
parent | 188d42dcd678025e7de537463ee2a1c774b4e062 (diff) | |
download | wekan-7919ae362866c0cacf2a486bf91b12e4d25807d7.tar.gz wekan-7919ae362866c0cacf2a486bf91b12e4d25807d7.tar.bz2 wekan-7919ae362866c0cacf2a486bf91b12e4d25807d7.zip |
- OAUTH2_LOGIN_STYLE popup or redirect, part 2.
Thanks to xet7 !
-rw-r--r-- | Dockerfile | 2 | ||||
-rw-r--r-- | docker-compose.yml | 6 | ||||
-rw-r--r-- | rebuild-wekan.bat | 3 | ||||
-rwxr-xr-x | releases/virtualbox/start-wekan.sh | 8 | ||||
-rw-r--r-- | server/authentication.js | 2 | ||||
-rwxr-xr-x | snap-src/bin/config | 6 | ||||
-rwxr-xr-x | snap-src/bin/wekan-help | 6 | ||||
-rwxr-xr-x | start-wekan.bat | 7 | ||||
-rwxr-xr-x | start-wekan.sh | 9 |
9 files changed, 44 insertions, 5 deletions
@@ -27,6 +27,7 @@ ARG BROWSER_POLICY_ENABLED ARG TRUSTED_URL ARG WEBHOOKS_ATTRIBUTES ARG OAUTH2_ENABLED +ARG OAUTH2_LOGIN_STYLE ARG OAUTH2_CLIENT_ID ARG OAUTH2_SECRET ARG OAUTH2_SERVER_URL @@ -123,6 +124,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth TRUSTED_URL="" \ WEBHOOKS_ATTRIBUTES="" \ OAUTH2_ENABLED=false \ + OAUTH2_LOGIN_STYLE=redirect \ OAUTH2_CLIENT_ID="" \ OAUTH2_SECRET="" \ OAUTH2_SERVER_URL="" \ diff --git a/docker-compose.yml b/docker-compose.yml index ef1580aa..83fc0ac2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -272,6 +272,8 @@ services: # 2) Configure the environment variables. This differs slightly # by installation type, but make sure you have the following: #- OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #- OAUTH2_LOGIN_STYLE=redirect # Application GUID captured during app registration: #- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx # Secret key generated during app registration: @@ -292,6 +294,8 @@ services: # ==== OAUTH2 KEYCLOAK ==== # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED #- OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #- OAUTH2_LOGIN_STYLE=redirect #- OAUTH2_CLIENT_ID=<Keycloak create Client ID> #- OAUTH2_SERVER_URL=<Keycloak server name>/auth #- OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth @@ -305,6 +309,8 @@ services: # Enable the OAuth2 connection #- OAUTH2_ENABLED=true # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 + # OAuth2 login style: popup or redirect. + #- OAUTH2_LOGIN_STYLE=redirect # OAuth2 Client ID. #- OAUTH2_CLIENT_ID=abcde12345 # OAuth2 Secret. diff --git a/rebuild-wekan.bat b/rebuild-wekan.bat index 5d0fa37d..ca4d7f61 100644 --- a/rebuild-wekan.bat +++ b/rebuild-wekan.bat @@ -1,6 +1,7 @@ @ECHO OFF
-REM IN PROGRESS: Build on Windows.
+REM NOTE: THIS .BAT DOES NOT WORK !!
+REM Use instead this webpage instructions to build on Windows:
REM https://github.com/wekan/wekan/wiki/Install-Wekan-from-source-on-Windows
REM Please add fix PRs, like config of MongoDB etc.
diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh index 9a948bac..77fbdd54 100755 --- a/releases/virtualbox/start-wekan.sh +++ b/releases/virtualbox/start-wekan.sh @@ -71,6 +71,8 @@ # 2) Configure the environment variables. This differs slightly # by installation type, but make sure you have the following: #export OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect # Application GUID captured during app registration: #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx # Secret key generated during app registration: @@ -91,6 +93,8 @@ # ==== OAUTH2 KEYCLOAK ==== # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED #export OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect #export OAUTH2_CLIENT_ID=<Keycloak create Client ID> #export OAUTH2_SERVER_URL=<Keycloak server name>/auth #export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth @@ -99,11 +103,13 @@ #export OAUTH2_SECRET=<keycloak client secret> #----------------------------------------------------------------- # ==== OAUTH2 DOORKEEPER ==== + # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 # https://github.com/wekan/wekan/issues/1874 # https://github.com/wekan/wekan/wiki/OAuth2 # Enable the OAuth2 connection #export OAUTH2_ENABLED=true - # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect # OAuth2 Client ID. #export OAUTH2_CLIENT_ID=abcde12345 # OAuth2 Secret. diff --git a/server/authentication.js b/server/authentication.js index 4d3cc53e..5ca45b68 100644 --- a/server/authentication.js +++ b/server/authentication.js @@ -69,7 +69,7 @@ Meteor.startup(() => { { service: 'oidc' }, { $set: { - loginStyle: 'redirect', + loginStyle: process.env.OAUTH2_LOGIN_STYLE, clientId: process.env.OAUTH2_CLIENT_ID, secret: process.env.OAUTH2_SECRET, serverUrl: process.env.OAUTH2_SERVER_URL, diff --git a/snap-src/bin/config b/snap-src/bin/config index 30e389c1..7d68e26d 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD" +keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD" # default values DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'" @@ -122,6 +122,10 @@ DESCRIPTION_OAUTH2_ENABLED="Enable the OAuth2 connection" DEFAULT_OAUTH2_ENABLED="false" KEY_OAUTH2_ENABLED="oauth2-enabled" +DESCRIPTION_OAUTH2_LOGIN_STYLE="OAuth2 login style: popup or redirect. Default: redirect" +DEFAULT_OAUTH2_LOGIN_STYLE="redirect" +KEY_OAUTH2_LOGIN_STYLE="oauth2-login-style" + DESCRIPTION_OAUTH2_CLIENT_ID="OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345" DEFAULT_OAUTH2_CLIENT_ID="" KEY_OAUTH2_CLIENT_ID="oauth2-client-id" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index 55e4037b..d1eeaccd 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -94,6 +94,12 @@ echo -e "\t$ snap set $SNAP_NAME oauth2-client-id='54321abcde'" echo -e "\t-Disable the OAuth2 Client ID of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-client-id=''" echo -e "\n" +echo -e "OAuth2 login style: popup or redirect. Default: redirect" +echo -e "To enable the OAuth2 login style popup of Wekan:" +echo -e "\t$ snap set $SNAP_NAME oauth2-login-style='popup'" +echo -e "\t-Disable the OAuth2 login style popup of Wekan:" +echo -e "\t$ snap set $SNAP_NAME oauth2-login-style='redirect'" +echo -e "\n" echo -e "OAuth2 Secret." echo -e "To enable the OAuth2 Secret of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-secret='54321abcde'" diff --git a/start-wekan.bat b/start-wekan.bat index 6cf481c3..cd56af28 100755 --- a/start-wekan.bat +++ b/start-wekan.bat @@ -1,5 +1,12 @@ REM ------------------------------------------------------------ +REM NOTE: THIS .BAT DOES NOT WORK !! +REM Use instead this webpage instructions to build on Windows: +REM https://github.com/wekan/wekan/wiki/Install-Wekan-from-source-on-Windows +REM Please add fix PRs, like config of MongoDB etc. + +REM ------------------------------------------------------------ + REM # Debug OIDC OAuth2 etc. REM SET DEBUG=true diff --git a/start-wekan.sh b/start-wekan.sh index a791944e..4e7f930c 100755 --- a/start-wekan.sh +++ b/start-wekan.sh @@ -89,6 +89,9 @@ function wekan_repo_check(){ # 2) Configure the environment variables. This differs slightly # by installation type, but make sure you have the following: #export OAUTH2_ENABLED=true + # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect # Application GUID captured during app registration: #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx # Secret key generated during app registration: @@ -109,6 +112,8 @@ function wekan_repo_check(){ # ==== OAUTH2 KEYCLOAK ==== # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED #export OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect #export OAUTH2_CLIENT_ID=<Keycloak create Client ID> #export OAUTH2_SERVER_URL=<Keycloak server name>/auth #export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth @@ -117,11 +122,13 @@ function wekan_repo_check(){ #export OAUTH2_SECRET=<keycloak client secret> #----------------------------------------------------------------- # ==== OAUTH2 DOORKEEPER ==== + # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 # https://github.com/wekan/wekan/issues/1874 # https://github.com/wekan/wekan/wiki/OAuth2 # Enable the OAuth2 connection #export OAUTH2_ENABLED=true - # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect # OAuth2 Client ID. #export OAUTH2_CLIENT_ID=abcde12345 # OAuth2 Secret. |