summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLauri Ojansivu <x@xet7.org>2018-11-17 16:50:42 +0200
committerLauri Ojansivu <x@xet7.org>2018-11-17 16:50:42 +0200
commitaa691b0af105c8dbc5443b1e0823a701e53c3871 (patch)
tree7f76c9e79c6da428d85160ea9108d586a0e560f8
parent7a75d821147c7d9e2ad48b212348c4bf2d4db063 (diff)
downloadwekan-aa691b0af105c8dbc5443b1e0823a701e53c3871.tar.gz
wekan-aa691b0af105c8dbc5443b1e0823a701e53c3871.tar.bz2
wekan-aa691b0af105c8dbc5443b1e0823a701e53c3871.zip
- Revert Improve authentication to [fix Login failure](https://github.com/wekan/wekan/issues/2004).
Thanks to xet7 ! Closes #2004
-rw-r--r--.meteor/packages1
-rw-r--r--.meteor/versions1
-rw-r--r--Dockerfile10
-rw-r--r--client/components/main/layouts.jade1
-rw-r--r--client/components/main/layouts.js87
-rw-r--r--client/components/settings/connectionMethod.jade6
-rw-r--r--client/components/settings/connectionMethod.js34
-rw-r--r--docker-compose.yml12
-rw-r--r--models/settings.js31
-rw-r--r--models/users.js8
-rw-r--r--server/publications/users.js1
-rwxr-xr-xsnap-src/bin/config18
-rwxr-xr-xsnap-src/bin/wekan-help16
13 files changed, 89 insertions, 137 deletions
diff --git a/.meteor/packages b/.meteor/packages
index f8626704..3779a684 100644
--- a/.meteor/packages
+++ b/.meteor/packages
@@ -89,4 +89,3 @@ mquandalle:moment
msavin:usercache
wekan:wekan-ldap
wekan:accounts-cas
-msavin:sjobs
diff --git a/.meteor/versions b/.meteor/versions
index 5235e6a0..6415eb8b 100644
--- a/.meteor/versions
+++ b/.meteor/versions
@@ -117,7 +117,6 @@ mquandalle:jquery-ui-drag-drop-sort@0.2.0
mquandalle:moment@1.0.1
mquandalle:mousetrap-bindglobal@0.0.1
mquandalle:perfect-scrollbar@0.6.5_2
-msavin:sjobs@3.0.6
msavin:usercache@1.0.0
npm-bcrypt@0.9.3
npm-mongo@2.2.33
diff --git a/Dockerfile b/Dockerfile
index 90f1d0a4..bab307e3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -64,10 +64,6 @@ ARG LDAP_SYNC_USER_DATA
ARG LDAP_SYNC_USER_DATA_FIELDMAP
ARG LDAP_SYNC_GROUP_ROLES
ARG LDAP_DEFAULT_DOMAIN
-ARG LOGOUT_WITH_TIMER
-ARG LOGOUT_IN
-ARG LOGOUT_ON_HOURS
-ARG LOGOUT_ON_MINUTES
# Set the environment variables (defaults where required)
# DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303
@@ -134,11 +130,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
LDAP_SYNC_USER_DATA=false \
LDAP_SYNC_USER_DATA_FIELDMAP="" \
LDAP_SYNC_GROUP_ROLES="" \
- LDAP_DEFAULT_DOMAIN="" \
- LOGOUT_WITH_TIMER="false" \
- LOGOUT_IN="" \
- LOGOUT_ON_HOURS="" \
- LOGOUT_ON_MINUTES=""
+ LDAP_DEFAULT_DOMAIN=""
# Copy the app to the image
COPY ${SRC_PATH} /home/wekan/app
diff --git a/client/components/main/layouts.jade b/client/components/main/layouts.jade
index ac7da3af..68876dc5 100644
--- a/client/components/main/layouts.jade
+++ b/client/components/main/layouts.jade
@@ -18,6 +18,7 @@ template(name="userFormsLayout")
img(src="{{pathFor '/wekan-logo.png'}}" alt="Wekan")
section.auth-dialog
+Template.dynamic(template=content)
+ +connectionMethod
if isCas
.at-form
button#cas(class='at-btn submit' type='submit') {{casSignInLabel}}
diff --git a/client/components/main/layouts.js b/client/components/main/layouts.js
index 9838354f..393f890b 100644
--- a/client/components/main/layouts.js
+++ b/client/components/main/layouts.js
@@ -6,13 +6,23 @@ const i18nTagToT9n = (i18nTag) => {
return i18nTag;
};
-Template.userFormsLayout.onCreated(function() {
- Meteor.call('getDefaultAuthenticationMethod', (error, result) => {
- this.data.defaultAuthenticationMethod = new ReactiveVar(error ? undefined : result);
- });
-});
+const validator = {
+ set(obj, prop, value) {
+ if (prop === 'state' && value !== 'signIn') {
+ $('.at-form-authentication').hide();
+ } else if (prop === 'state' && value === 'signIn') {
+ $('.at-form-authentication').show();
+ }
+ // The default behavior to store the value
+ obj[prop] = value;
+ // Indicate success
+ return true;
+ },
+};
Template.userFormsLayout.onRendered(() => {
+ AccountsTemplates.state.form.keys = new Proxy(AccountsTemplates.state.form.keys, validator);
+
const i18nTag = navigator.language;
if (i18nTag) {
T9n.setLanguage(i18nTagToT9n(i18nTag));
@@ -71,14 +81,13 @@ Template.userFormsLayout.events({
}
});
},
- 'click #at-btn'(event, instance) {
+ 'click #at-btn'(event) {
/* All authentication method can be managed/called here.
!! DON'T FORGET to correctly fill the fields of the user during its creation if necessary authenticationMethod : String !!
*/
- const email = $('#at-field-username_and_email').val();
- const password = $('#at-field-password').val();
-
- if (FlowRouter.getRouteName() !== 'atSignIn' || password === '') {
+ const authenticationMethodSelected = $('.select-authentication').val();
+ // Local account
+ if (authenticationMethodSelected === 'password') {
return;
}
@@ -86,11 +95,29 @@ Template.userFormsLayout.events({
event.preventDefault();
event.stopImmediatePropagation();
- Meteor.subscribe('user-authenticationMethod', email, {
- onReady() {
- return authentication.call(this, instance, email, password);
- },
- });
+ const email = $('#at-field-username_and_email').val();
+ const password = $('#at-field-password').val();
+
+ // Ldap account
+ if (authenticationMethodSelected === 'ldap') {
+ // Check if the user can use the ldap connection
+ Meteor.subscribe('user-authenticationMethod', email, {
+ onReady() {
+ const user = Users.findOne();
+ if (user === undefined || user.authenticationMethod === 'ldap') {
+ // Use the ldap connection package
+ Meteor.loginWithLDAP(email, password, function(error) {
+ if (!error) {
+ // Connection
+ return FlowRouter.go('/');
+ }
+ return error;
+ });
+ }
+ return this.stop();
+ },
+ });
+ }
},
});
@@ -99,33 +126,3 @@ Template.defaultLayout.events({
Modal.close();
},
});
-
-function authentication(instance, email, password) {
- let user = Users.findOne();
- // Authentication with password
- if (user && user.authenticationMethod === 'password') {
- $('#at-pwd-form').submit();
- // Meteor.call('logoutWithTimer', user._id, () => {});
- return this.stop();
- }
-
- // If user doesn't exist, uses the default authentication method if it defined
- if (user === undefined) {
- user = {
- 'authenticationMethod': instance.data.defaultAuthenticationMethod.get(),
- };
- }
-
- // Authentication with LDAP
- if (user.authenticationMethod === 'ldap') {
- // Use the ldap connection package
- Meteor.loginWithLDAP(email, password, function(error) {
- if (!error) {
- // Meteor.call('logoutWithTimer', Users.findOne()._id, () => {});
- return FlowRouter.go('/');
- }
- return error;
- });
- }
- return this.stop();
-}
diff --git a/client/components/settings/connectionMethod.jade b/client/components/settings/connectionMethod.jade
new file mode 100644
index 00000000..ac4c8c64
--- /dev/null
+++ b/client/components/settings/connectionMethod.jade
@@ -0,0 +1,6 @@
+template(name='connectionMethod')
+ div.at-form-authentication
+ label {{_ 'authentication-method'}}
+ select.select-authentication
+ each authentications
+ option(value="{{value}}") {{_ value}}
diff --git a/client/components/settings/connectionMethod.js b/client/components/settings/connectionMethod.js
new file mode 100644
index 00000000..9fe8f382
--- /dev/null
+++ b/client/components/settings/connectionMethod.js
@@ -0,0 +1,34 @@
+Template.connectionMethod.onCreated(function() {
+ this.authenticationMethods = new ReactiveVar([]);
+
+ Meteor.call('getAuthenticationsEnabled', (_, result) => {
+ if (result) {
+ // TODO : add a management of different languages
+ // (ex {value: ldap, text: TAPi18n.__('ldap', {}, T9n.getLanguage() || 'en')})
+ this.authenticationMethods.set([
+ {value: 'password'},
+ // Gets only the authentication methods availables
+ ...Object.entries(result).filter((e) => e[1]).map((e) => ({value: e[0]})),
+ ]);
+ }
+
+ // If only the default authentication available, hides the select boxe
+ const content = $('.at-form-authentication');
+ if (!(this.authenticationMethods.get().length > 1)) {
+ content.hide();
+ } else {
+ content.show();
+ }
+ });
+});
+
+Template.connectionMethod.onRendered(() => {
+ // Moves the select boxe in the first place of the at-pwd-form div
+ $('.at-form-authentication').detach().prependTo('.at-pwd-form');
+});
+
+Template.connectionMethod.helpers({
+ authentications() {
+ return Template.instance().authenticationMethods.get();
+ },
+});
diff --git a/docker-compose.yml b/docker-compose.yml
index 3a3befbb..56ca7775 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -195,18 +195,6 @@ services:
# LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
# example :
#- LDAP_DEFAULT_DOMAIN=
- # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
- # example : LOGOUT_WITH_TIMER=true
- #- LOGOUT_WITH_TIMER=
- # LOGOUT_IN : The number of days
- # example : LOGOUT_IN=1
- #- LOGOUT_IN=
- # LOGOUT_ON_HOURS : The number of hours
- # example : LOGOUT_ON_HOURS=9
- #- LOGOUT_ON_HOURS=
- # LOGOUT_ON_MINUTES : The number of minutes
- # example : LOGOUT_ON_MINUTES=55
- #- LOGOUT_ON_MINUTES=
depends_on:
- wekandb
diff --git a/models/settings.js b/models/settings.js
index 6c9f5a53..c2a9bf01 100644
--- a/models/settings.js
+++ b/models/settings.js
@@ -76,7 +76,6 @@ if (Meteor.isServer) {
}, createdAt: now, modifiedAt: now};
Settings.insert(defaultSetting);
}
-
const newSetting = Settings.findOne();
if (!process.env.MAIL_URL && newSetting.mailUrl())
process.env.MAIL_URL = newSetting.mailUrl();
@@ -236,35 +235,5 @@ if (Meteor.isServer) {
cas: isCasEnabled(),
};
},
-
- getDefaultAuthenticationMethod() {
- return process.env.DEFAULT_AUTHENTICATION_METHOD;
- },
-
- // TODO: patch error : did not check all arguments during call
- logoutWithTimer(userId) {
- if (process.env.LOGOUT_WITH_TIMER) {
- Jobs.run('logOut', userId, {
- in: {
- days: process.env.LOGOUT_IN,
- },
- on: {
- hour: process.env.LOGOUT_ON_HOURS,
- minute: process.env.LOGOUT_ON_MINUTES,
- },
- priority: 1,
- });
- }
- },
- });
-
- Jobs.register({
- logOut(userId) {
- Meteor.users.update(
- {_id: userId},
- {$set: {'services.resume.loginTokens': []}}
- );
- this.success();
- },
});
}
diff --git a/models/users.js b/models/users.js
index 2e879d94..630f4703 100644
--- a/models/users.js
+++ b/models/users.js
@@ -520,10 +520,10 @@ if (Meteor.isServer) {
}
const disableRegistration = Settings.findOne().disableRegistration;
- if (!disableRegistration) {
- if (options.ldap) {
- user.authenticationMethod = 'ldap';
- }
+ // If ldap, bypass the inviation code if the self registration isn't allowed.
+ // TODO : pay attention if ldap field in the user model change to another content ex : ldap field to connection_type
+ if (options.ldap || !disableRegistration) {
+ user.authenticationMethod = 'ldap';
return user;
}
diff --git a/server/publications/users.js b/server/publications/users.js
index 136e1e08..f0c94153 100644
--- a/server/publications/users.js
+++ b/server/publications/users.js
@@ -22,7 +22,6 @@ Meteor.publish('user-authenticationMethod', function(match) {
check(match, String);
return Users.find({$or: [{_id: match}, {email: match}, {username: match}]}, {
fields: {
- '_id': 1,
'authenticationMethod': 1,
},
});
diff --git a/snap-src/bin/config b/snap-src/bin/config
index a89dfffd..a19baf7d 100755
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@@ -3,7 +3,7 @@
# All supported keys are defined here together with descriptions and default values
# list of supported keys
-keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER, LOGOUT_IN, LOGOUT_ON_HOURS, LOGOUT_ON_MINUTES"
+keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN"
# default values
DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\
@@ -265,19 +265,3 @@ KEY_LDAP_SYNC_GROUP_ROLES="ldap-sync-group-roles"
DESCRIPTION_LDAP_DEFAULT_DOMAIN="The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP"
DEFAULT_LDAP_DEFAULT_DOMAIN=""
KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain"
-
-DESCRIPTION_LOGOUT_WITH_TIMER="Enables or not the option logout with timer"
-DEFAULT_LOGOUT_WITH_TIMER="false"
-KEY_LOGOUT_WITH_TIMER="logout-with-timer"
-
-DESCRIPTION_LOGOUT_IN="The number of days"
-DEFAULT_LOGOUT_IN=""
-KEY_LOGOUT_IN="logout-in"
-
-DESCRIPTION_LOGOUT_ON_HOURS="The number of hours"
-DEFAULT_LOGOUT_ON_HOURS=""
-KEY_LOGOUT_ON_HOURS="logout-on-hours"
-
-DESCRIPTION_LOGOUT_ON_MINUTES="The number of minutes"
-DEFAULT_LOGOUT_ON_MINUTES=""
-KEY_LOGOUT_ON_MINUTES="logout-on-minutes"
diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help
index 4cd0001e..c488a538 100755
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@@ -245,22 +245,6 @@ echo -e "Ldap Default Domain."
echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:"
echo -e "\t$ snap set $SNAP_NAME LDAP_DEFAULT_DOMAIN=''"
echo -e "\n"
-echo -e "Logout with timer."
-echo -e "Enable or not the option that allows to disconnect an user after a given time:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'"
-echo -e "\n"
-echo -e "Logout in."
-echo -e "Logout in how many days:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'"
-echo -e "\n"
-echo -e "Logout on hours."
-echo -e "Logout in how many hours:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'"
-echo -e "\n"
-echo -e "Logout on minutes."
-echo -e "Logout in how many minutes:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'"
-echo -e "\n"
# parse config file for supported settings keys
echo -e "wekan supports settings keys"
echo -e "values can be changed by calling\n$ snap set $SNAP_NAME <key name>='<key value>'"