diff options
author | Lauri Ojansivu <x@xet7.org> | 2020-04-14 21:23:10 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-14 21:23:10 +0300 |
commit | 13563e20e7b322dfb4534ef1096674e9e1c4b7de (patch) | |
tree | 15758c81968eaf1d0d65a09e0195ec9d9d4e9bfb | |
parent | c5f782976b971fa3f2323e80a013bbf6a49c0596 (diff) | |
parent | 4f1330c777ae52f2b52eacda4f0945dee1cb51af (diff) | |
download | wekan-13563e20e7b322dfb4534ef1096674e9e1c4b7de.tar.gz wekan-13563e20e7b322dfb4534ef1096674e9e1c4b7de.tar.bz2 wekan-13563e20e7b322dfb4534ef1096674e9e1c4b7de.zip |
Merge pull request #3014 from salleman33/master
hide password auth with PASSWORD_LOGIN_ENABLED variable
-rw-r--r-- | Dockerfile | 3 | ||||
-rw-r--r-- | client/components/main/layouts.js | 5 | ||||
-rw-r--r-- | docker-compose.yml | 3 | ||||
-rw-r--r-- | models/settings.js | 5 | ||||
-rw-r--r-- | sandstorm-pkgdef.capnp | 1 | ||||
-rwxr-xr-x | snap-src/bin/config | 7 | ||||
-rwxr-xr-x | snap-src/bin/wekan-help | 3 | ||||
-rwxr-xr-x | start-wekan.bat | 7 | ||||
-rwxr-xr-x | start-wekan.sh | 3 | ||||
-rw-r--r-- | torodb-postgresql/docker-compose.yml | 5 |
10 files changed, 40 insertions, 2 deletions
@@ -113,7 +113,8 @@ ENV BUILD_DEPS="apt-utils libarchive-tools gnupg gosu wget curl bzip2 g++ build- CORS_EXPOSE_HEADERS="" \ DEFAULT_AUTHENTICATION_METHOD="" \ SCROLLINERTIA="0" \ - SCROLLAMOUNT="auto" + SCROLLAMOUNT="auto" \ + PASSWORD_LOGIN_ENABLED=true # Copy the app to the image COPY ${SRC_PATH} /home/wekan/app diff --git a/client/components/main/layouts.js b/client/components/main/layouts.js index e5c86d76..83678e73 100644 --- a/client/components/main/layouts.js +++ b/client/components/main/layouts.js @@ -31,6 +31,11 @@ Template.userFormsLayout.onCreated(function() { return this.stop(); }, }); + Meteor.call('isPasswordLoginDisabled', (_, result) => { + if (result) { + $('.at-pwd-form').hide(); + } + }); }); Template.userFormsLayout.onRendered(() => { diff --git a/docker-compose.yml b/docker-compose.yml index fe037add..071fb5a6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -598,6 +598,9 @@ services: # example : LOGOUT_ON_MINUTES=55 #- LOGOUT_ON_MINUTES= #------------------------------------------------------------------- + # Hide password login form + # - PASSWORD_LOGIN_ENABLED=true + #------------------------------------------------------------------- depends_on: - wekandb diff --git a/models/settings.js b/models/settings.js index 0d671aa4..03ef9052 100644 --- a/models/settings.js +++ b/models/settings.js @@ -334,6 +334,11 @@ if (Meteor.isServer) { getDefaultAuthenticationMethod() { return process.env.DEFAULT_AUTHENTICATION_METHOD; }, + + isPasswordLoginDisabled() { + return process.env.PASSWORD_LOGIN_ENABLED === 'false'; + }, + }); } diff --git a/sandstorm-pkgdef.capnp b/sandstorm-pkgdef.capnp index a4da206b..0b2f1c36 100644 --- a/sandstorm-pkgdef.capnp +++ b/sandstorm-pkgdef.capnp @@ -259,6 +259,7 @@ const myCommand :Spk.Manifest.Command = ( (key = "OAUTH2_USERINFO_ENDPOINT", value=""), (key = "OAUTH2_TOKEN_ENDPOINT", value=""), (key = "LDAP_ENABLE", value="false"), + (key = "PASSWORD_LOGIN_ENABLED", value="true"), (key = "SANDSTORM", value="1"), (key = "METEOR_SETTINGS", value = "{\"public\": {\"sandstorm\": true}}") ] diff --git a/snap-src/bin/config b/snap-src/bin/config index 90c70c91..48ab6393 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="DEBUG MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH SCROLLINERTIA SCROLLAMOUNT" +keys="DEBUG MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH SCROLLINERTIA SCROLLAMOUNT PASSWORD_LOGIN_ENABLED" # default values DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'" @@ -461,3 +461,8 @@ KEY_SCROLLINERTIA="scrollinertia" DESCRIPTION_SCROLLINERTIA="Mousewheel scroll amount, issue #2949. Default: 'auto'" DEFAULT_SCROLLINERTIA="auto" KEY_SCROLLINERTIA="scrollamount" + +DESCRIPTION_PASSWORD_LOGIN_ENABLED="To hide the password login form" +DEFAULT_PASSWORD_LOGIN_ENABLED="true" +KEY_PASSWORD_LOGIN_ENABLED="password-login-enabled" + diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index 008a4de1..dfcf40a5 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -461,6 +461,9 @@ echo -e "Default authentication method." echo -e "The default authentication method used if a user does not exist to create and authenticate. Method can be password or ldap." echo -e "\t$ snap set $SNAP_NAME default-authentication-method='ldap'" echo -e "\n" +echo -e "Enable or not password login Form" +echo -e "\t$ snap set $SNAP_NAME password-login-enabled='false'" +echo -e "\n" # parse config file for supported settings keys echo -e "wekan supports settings keys" echo -e "values can be changed by calling\n$ snap set $SNAP_NAME <key name>='<key value>'" diff --git a/start-wekan.bat b/start-wekan.bat index 61c242ee..272e963e 100755 --- a/start-wekan.bat +++ b/start-wekan.bat @@ -363,6 +363,13 @@ REM SET LDAP_SYNC_ADMIN_STATUS=true REM # Comma separated list of admin group names to sync. REM SET LDAP_SYNC_ADMIN_GROUPS=group1,group2 +REM ------------------------------------------------ + +REM # Enable/Disable password login form. +REM SET PASSWORD_LOGIN_ENABLED=true + +REM ------------------------------------------------ + REM # Login to LDAP automatically with HTTP header. REM # In below example for siteminder, at right side of = is header name. REM SET HEADER_LOGIN_ID=HEADERUID diff --git a/start-wekan.sh b/start-wekan.sh index bf598e39..f3fb18e9 100755 --- a/start-wekan.sh +++ b/start-wekan.sh @@ -362,6 +362,9 @@ # LOGOUT_ON_MINUTES : The number of minutes # example : LOGOUT_ON_MINUTES=55 #export LOGOUT_ON_MINUTES= + #--------------------------------------------------------------------- + # PASSWORD_LOGIN_ENABLED : Enable or not the password login form. + #export PASSWORD_LOGIN_ENABLED=true node main.js # & >> ../../wekan.log diff --git a/torodb-postgresql/docker-compose.yml b/torodb-postgresql/docker-compose.yml index e742402f..793a9b4f 100644 --- a/torodb-postgresql/docker-compose.yml +++ b/torodb-postgresql/docker-compose.yml @@ -527,7 +527,12 @@ services: # LOGOUT_ON_MINUTES : The number of minutes # example : LOGOUT_ON_MINUTES=55 #- LOGOUT_ON_MINUTES= + #--------------------------------------------------------------------- + # PASSWORD_LOGIN_ENABLED : Enable or not the password login form. + # example: PASSWORD_LOGIN_ENABLED=false + # - PASSWORD_LOGIN_ENABLED #------------------------------------------------------------------- + depends_on: - mongodb |