summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLauri Ojansivu <x@xet7.org>2019-03-21 21:37:38 +0200
committerLauri Ojansivu <x@xet7.org>2019-03-21 21:37:38 +0200
commit7919ae362866c0cacf2a486bf91b12e4d25807d7 (patch)
tree06f164b817896ae78aac9d0fb2ba586d7136befb
parent188d42dcd678025e7de537463ee2a1c774b4e062 (diff)
downloadwekan-7919ae362866c0cacf2a486bf91b12e4d25807d7.tar.gz
wekan-7919ae362866c0cacf2a486bf91b12e4d25807d7.tar.bz2
wekan-7919ae362866c0cacf2a486bf91b12e4d25807d7.zip
- OAUTH2_LOGIN_STYLE popup or redirect, part 2.
Thanks to xet7 !
-rw-r--r--Dockerfile2
-rw-r--r--docker-compose.yml6
-rw-r--r--rebuild-wekan.bat3
-rwxr-xr-xreleases/virtualbox/start-wekan.sh8
-rw-r--r--server/authentication.js2
-rwxr-xr-xsnap-src/bin/config6
-rwxr-xr-xsnap-src/bin/wekan-help6
-rwxr-xr-xstart-wekan.bat7
-rwxr-xr-xstart-wekan.sh9
9 files changed, 44 insertions, 5 deletions
diff --git a/Dockerfile b/Dockerfile
index fa0eebe7..5f89a998 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,6 +27,7 @@ ARG BROWSER_POLICY_ENABLED
ARG TRUSTED_URL
ARG WEBHOOKS_ATTRIBUTES
ARG OAUTH2_ENABLED
+ARG OAUTH2_LOGIN_STYLE
ARG OAUTH2_CLIENT_ID
ARG OAUTH2_SECRET
ARG OAUTH2_SERVER_URL
@@ -123,6 +124,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
TRUSTED_URL="" \
WEBHOOKS_ATTRIBUTES="" \
OAUTH2_ENABLED=false \
+ OAUTH2_LOGIN_STYLE=redirect \
OAUTH2_CLIENT_ID="" \
OAUTH2_SECRET="" \
OAUTH2_SERVER_URL="" \
diff --git a/docker-compose.yml b/docker-compose.yml
index ef1580aa..83fc0ac2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -272,6 +272,8 @@ services:
# 2) Configure the environment variables. This differs slightly
# by installation type, but make sure you have the following:
#- OAUTH2_ENABLED=true
+ # OAuth2 login style: popup or redirect.
+ #- OAUTH2_LOGIN_STYLE=redirect
# Application GUID captured during app registration:
#- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
# Secret key generated during app registration:
@@ -292,6 +294,8 @@ services:
# ==== OAUTH2 KEYCLOAK ====
# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
#- OAUTH2_ENABLED=true
+ # OAuth2 login style: popup or redirect.
+ #- OAUTH2_LOGIN_STYLE=redirect
#- OAUTH2_CLIENT_ID=<Keycloak create Client ID>
#- OAUTH2_SERVER_URL=<Keycloak server name>/auth
#- OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
@@ -305,6 +309,8 @@ services:
# Enable the OAuth2 connection
#- OAUTH2_ENABLED=true
# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+ # OAuth2 login style: popup or redirect.
+ #- OAUTH2_LOGIN_STYLE=redirect
# OAuth2 Client ID.
#- OAUTH2_CLIENT_ID=abcde12345
# OAuth2 Secret.
diff --git a/rebuild-wekan.bat b/rebuild-wekan.bat
index 5d0fa37d..ca4d7f61 100644
--- a/rebuild-wekan.bat
+++ b/rebuild-wekan.bat
@@ -1,6 +1,7 @@
@ECHO OFF
-REM IN PROGRESS: Build on Windows.
+REM NOTE: THIS .BAT DOES NOT WORK !!
+REM Use instead this webpage instructions to build on Windows:
REM https://github.com/wekan/wekan/wiki/Install-Wekan-from-source-on-Windows
REM Please add fix PRs, like config of MongoDB etc.
diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh
index 9a948bac..77fbdd54 100755
--- a/releases/virtualbox/start-wekan.sh
+++ b/releases/virtualbox/start-wekan.sh
@@ -71,6 +71,8 @@
# 2) Configure the environment variables. This differs slightly
# by installation type, but make sure you have the following:
#export OAUTH2_ENABLED=true
+ # OAuth2 login style: popup or redirect.
+ #export OAUTH2_LOGIN_STYLE=redirect
# Application GUID captured during app registration:
#export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
# Secret key generated during app registration:
@@ -91,6 +93,8 @@
# ==== OAUTH2 KEYCLOAK ====
# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
#export OAUTH2_ENABLED=true
+ # OAuth2 login style: popup or redirect.
+ #export OAUTH2_LOGIN_STYLE=redirect
#export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
#export OAUTH2_SERVER_URL=<Keycloak server name>/auth
#export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
@@ -99,11 +103,13 @@
#export OAUTH2_SECRET=<keycloak client secret>
#-----------------------------------------------------------------
# ==== OAUTH2 DOORKEEPER ====
+ # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
# https://github.com/wekan/wekan/issues/1874
# https://github.com/wekan/wekan/wiki/OAuth2
# Enable the OAuth2 connection
#export OAUTH2_ENABLED=true
- # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+ # OAuth2 login style: popup or redirect.
+ #export OAUTH2_LOGIN_STYLE=redirect
# OAuth2 Client ID.
#export OAUTH2_CLIENT_ID=abcde12345
# OAuth2 Secret.
diff --git a/server/authentication.js b/server/authentication.js
index 4d3cc53e..5ca45b68 100644
--- a/server/authentication.js
+++ b/server/authentication.js
@@ -69,7 +69,7 @@ Meteor.startup(() => {
{ service: 'oidc' },
{
$set: {
- loginStyle: 'redirect',
+ loginStyle: process.env.OAUTH2_LOGIN_STYLE,
clientId: process.env.OAUTH2_CLIENT_ID,
secret: process.env.OAUTH2_SECRET,
serverUrl: process.env.OAUTH2_SERVER_URL,
diff --git a/snap-src/bin/config b/snap-src/bin/config
index 30e389c1..7d68e26d 100755
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@@ -3,7 +3,7 @@
# All supported keys are defined here together with descriptions and default values
# list of supported keys
-keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
+keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
# default values
DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
@@ -122,6 +122,10 @@ DESCRIPTION_OAUTH2_ENABLED="Enable the OAuth2 connection"
DEFAULT_OAUTH2_ENABLED="false"
KEY_OAUTH2_ENABLED="oauth2-enabled"
+DESCRIPTION_OAUTH2_LOGIN_STYLE="OAuth2 login style: popup or redirect. Default: redirect"
+DEFAULT_OAUTH2_LOGIN_STYLE="redirect"
+KEY_OAUTH2_LOGIN_STYLE="oauth2-login-style"
+
DESCRIPTION_OAUTH2_CLIENT_ID="OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345"
DEFAULT_OAUTH2_CLIENT_ID=""
KEY_OAUTH2_CLIENT_ID="oauth2-client-id"
diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help
index 55e4037b..d1eeaccd 100755
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@@ -94,6 +94,12 @@ echo -e "\t$ snap set $SNAP_NAME oauth2-client-id='54321abcde'"
echo -e "\t-Disable the OAuth2 Client ID of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-client-id=''"
echo -e "\n"
+echo -e "OAuth2 login style: popup or redirect. Default: redirect"
+echo -e "To enable the OAuth2 login style popup of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-login-style='popup'"
+echo -e "\t-Disable the OAuth2 login style popup of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-login-style='redirect'"
+echo -e "\n"
echo -e "OAuth2 Secret."
echo -e "To enable the OAuth2 Secret of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-secret='54321abcde'"
diff --git a/start-wekan.bat b/start-wekan.bat
index 6cf481c3..cd56af28 100755
--- a/start-wekan.bat
+++ b/start-wekan.bat
@@ -1,5 +1,12 @@
REM ------------------------------------------------------------
+REM NOTE: THIS .BAT DOES NOT WORK !!
+REM Use instead this webpage instructions to build on Windows:
+REM https://github.com/wekan/wekan/wiki/Install-Wekan-from-source-on-Windows
+REM Please add fix PRs, like config of MongoDB etc.
+
+REM ------------------------------------------------------------
+
REM # Debug OIDC OAuth2 etc.
REM SET DEBUG=true
diff --git a/start-wekan.sh b/start-wekan.sh
index a791944e..4e7f930c 100755
--- a/start-wekan.sh
+++ b/start-wekan.sh
@@ -89,6 +89,9 @@ function wekan_repo_check(){
# 2) Configure the environment variables. This differs slightly
# by installation type, but make sure you have the following:
#export OAUTH2_ENABLED=true
+ # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+ # OAuth2 login style: popup or redirect.
+ #export OAUTH2_LOGIN_STYLE=redirect
# Application GUID captured during app registration:
#export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
# Secret key generated during app registration:
@@ -109,6 +112,8 @@ function wekan_repo_check(){
# ==== OAUTH2 KEYCLOAK ====
# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
#export OAUTH2_ENABLED=true
+ # OAuth2 login style: popup or redirect.
+ #export OAUTH2_LOGIN_STYLE=redirect
#export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
#export OAUTH2_SERVER_URL=<Keycloak server name>/auth
#export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
@@ -117,11 +122,13 @@ function wekan_repo_check(){
#export OAUTH2_SECRET=<keycloak client secret>
#-----------------------------------------------------------------
# ==== OAUTH2 DOORKEEPER ====
+ # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
# https://github.com/wekan/wekan/issues/1874
# https://github.com/wekan/wekan/wiki/OAuth2
# Enable the OAuth2 connection
#export OAUTH2_ENABLED=true
- # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+ # OAuth2 login style: popup or redirect.
+ #export OAUTH2_LOGIN_STYLE=redirect
# OAuth2 Client ID.
#export OAUTH2_CLIENT_ID=abcde12345
# OAuth2 Secret.