diff options
-rw-r--r-- | .meteor/packages | 1 | ||||
-rw-r--r-- | .meteor/versions | 1 | ||||
-rw-r--r-- | Dockerfile | 12 | ||||
-rw-r--r-- | client/components/main/layouts.jade | 1 | ||||
-rw-r--r-- | client/components/main/layouts.js | 87 | ||||
-rw-r--r-- | client/components/settings/connectionMethod.jade | 6 | ||||
-rw-r--r-- | client/components/settings/connectionMethod.js | 34 | ||||
-rw-r--r-- | docker-compose.yml | 12 | ||||
-rw-r--r-- | models/settings.js | 31 | ||||
-rw-r--r-- | models/users.js | 8 | ||||
-rw-r--r-- | server/publications/users.js | 1 | ||||
-rwxr-xr-x | snap-src/bin/config | 18 | ||||
-rwxr-xr-x | snap-src/bin/wekan-help | 16 |
13 files changed, 138 insertions, 90 deletions
diff --git a/.meteor/packages b/.meteor/packages index 3779a684..f8626704 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -89,3 +89,4 @@ mquandalle:moment msavin:usercache wekan:wekan-ldap wekan:accounts-cas +msavin:sjobs diff --git a/.meteor/versions b/.meteor/versions index 6415eb8b..5235e6a0 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -117,6 +117,7 @@ mquandalle:jquery-ui-drag-drop-sort@0.2.0 mquandalle:moment@1.0.1 mquandalle:mousetrap-bindglobal@0.0.1 mquandalle:perfect-scrollbar@0.6.5_2 +msavin:sjobs@3.0.6 msavin:usercache@1.0.0 npm-bcrypt@0.9.3 npm-mongo@2.2.33 @@ -64,6 +64,10 @@ ARG LDAP_SYNC_USER_DATA ARG LDAP_SYNC_USER_DATA_FIELDMAP ARG LDAP_SYNC_GROUP_ROLES ARG LDAP_DEFAULT_DOMAIN +ARG LOGOUT_WITH_TIMER +ARG LOGOUT_IN +ARG LOGOUT_ON_HOURS +ARG LOGOUT_ON_MINUTES # Set the environment variables (defaults where required) # DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303 @@ -130,7 +134,11 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth LDAP_SYNC_USER_DATA=false \ LDAP_SYNC_USER_DATA_FIELDMAP="" \ LDAP_SYNC_GROUP_ROLES="" \ - LDAP_DEFAULT_DOMAIN="" + LDAP_DEFAULT_DOMAIN="" \ + LOGOUT_WITH_TIMER="false" \ + LOGOUT_IN="" \ + LOGOUT_ON_HOURS="" \ + LOGOUT_ON_MINUTES="" # Copy the app to the image COPY ${SRC_PATH} /home/wekan/app @@ -159,7 +167,7 @@ RUN \ # Also see beginning of wekan/server/authentication.js # import Fiber from "fibers"; # Fiber.poolSize = 1e9; - # OLD: Download node version 8.12.0 prerelease that has fix included, => Official 8.12.0 has been released + # OLD: Download node version 8.12.0 prerelease that has fix included, => Official 8.12.0 has been released # Description at https://releases.wekan.team/node.txt #wget https://releases.wekan.team/node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \ #echo "1ed54adb8497ad8967075a0b5d03dd5d0a502be43d4a4d84e5af489c613d7795 node-v8.12.0-linux-x64.tar.gz" >> SHASUMS256.txt.asc && \ diff --git a/client/components/main/layouts.jade b/client/components/main/layouts.jade index 68876dc5..ac7da3af 100644 --- a/client/components/main/layouts.jade +++ b/client/components/main/layouts.jade @@ -18,7 +18,6 @@ template(name="userFormsLayout") img(src="{{pathFor '/wekan-logo.png'}}" alt="Wekan") section.auth-dialog +Template.dynamic(template=content) - +connectionMethod if isCas .at-form button#cas(class='at-btn submit' type='submit') {{casSignInLabel}} diff --git a/client/components/main/layouts.js b/client/components/main/layouts.js index 393f890b..52584169 100644 --- a/client/components/main/layouts.js +++ b/client/components/main/layouts.js @@ -6,23 +6,13 @@ const i18nTagToT9n = (i18nTag) => { return i18nTag; }; -const validator = { - set(obj, prop, value) { - if (prop === 'state' && value !== 'signIn') { - $('.at-form-authentication').hide(); - } else if (prop === 'state' && value === 'signIn') { - $('.at-form-authentication').show(); - } - // The default behavior to store the value - obj[prop] = value; - // Indicate success - return true; - }, -}; +Template.userFormsLayout.onCreated(function() { + Meteor.call('getDefaultAuthenticationMethod', (error, result) => { + this.data.defaultAuthenticationMethod = new ReactiveVar(error ? undefined : result); + }); +}); Template.userFormsLayout.onRendered(() => { - AccountsTemplates.state.form.keys = new Proxy(AccountsTemplates.state.form.keys, validator); - const i18nTag = navigator.language; if (i18nTag) { T9n.setLanguage(i18nTagToT9n(i18nTag)); @@ -81,13 +71,14 @@ Template.userFormsLayout.events({ } }); }, - 'click #at-btn'(event) { + 'click #at-btn'(event, instance) { /* All authentication method can be managed/called here. !! DON'T FORGET to correctly fill the fields of the user during its creation if necessary authenticationMethod : String !! */ - const authenticationMethodSelected = $('.select-authentication').val(); - // Local account - if (authenticationMethodSelected === 'password') { + const email = $('#at-field-username_and_email').val(); + const password = $('#at-field-password').val(); + + if (FlowRouter.getRouteName() !== 'atSignIn' || password === '') { return; } @@ -95,29 +86,11 @@ Template.userFormsLayout.events({ event.preventDefault(); event.stopImmediatePropagation(); - const email = $('#at-field-username_and_email').val(); - const password = $('#at-field-password').val(); - - // Ldap account - if (authenticationMethodSelected === 'ldap') { - // Check if the user can use the ldap connection - Meteor.subscribe('user-authenticationMethod', email, { - onReady() { - const user = Users.findOne(); - if (user === undefined || user.authenticationMethod === 'ldap') { - // Use the ldap connection package - Meteor.loginWithLDAP(email, password, function(error) { - if (!error) { - // Connection - return FlowRouter.go('/'); - } - return error; - }); - } - return this.stop(); - }, - }); - } + Meteor.subscribe('user-authenticationMethod', email, { + onReady() { + return authentication.call(this, instance, email, password); + }, + }); }, }); @@ -126,3 +99,33 @@ Template.defaultLayout.events({ Modal.close(); }, }); + +function authentication(instance, email, password) { + let user = Users.findOne(); + // Authentication with password + if (user && user.authenticationMethod === 'password') { + $('#at-pwd-form').submit(); + // Meteor.call('logoutWithTimer', user._id, () => {}); + return this.stop(); + } + + // If user doesn't exist, uses the default authentication method if it defined + if (user === undefined) { + user = { + "authenticationMethod": instance.data.defaultAuthenticationMethod.get() + }; + } + + // Authentication with LDAP + if (user.authenticationMethod === 'ldap') { + // Use the ldap connection package + Meteor.loginWithLDAP(email, password, function(error) { + if (!error) { + // Meteor.call('logoutWithTimer', Users.findOne()._id, () => {}); + return FlowRouter.go('/'); + } + return error; + }); + } + return this.stop(); +}
\ No newline at end of file diff --git a/client/components/settings/connectionMethod.jade b/client/components/settings/connectionMethod.jade deleted file mode 100644 index ac4c8c64..00000000 --- a/client/components/settings/connectionMethod.jade +++ /dev/null @@ -1,6 +0,0 @@ -template(name='connectionMethod') - div.at-form-authentication - label {{_ 'authentication-method'}} - select.select-authentication - each authentications - option(value="{{value}}") {{_ value}} diff --git a/client/components/settings/connectionMethod.js b/client/components/settings/connectionMethod.js deleted file mode 100644 index 9fe8f382..00000000 --- a/client/components/settings/connectionMethod.js +++ /dev/null @@ -1,34 +0,0 @@ -Template.connectionMethod.onCreated(function() { - this.authenticationMethods = new ReactiveVar([]); - - Meteor.call('getAuthenticationsEnabled', (_, result) => { - if (result) { - // TODO : add a management of different languages - // (ex {value: ldap, text: TAPi18n.__('ldap', {}, T9n.getLanguage() || 'en')}) - this.authenticationMethods.set([ - {value: 'password'}, - // Gets only the authentication methods availables - ...Object.entries(result).filter((e) => e[1]).map((e) => ({value: e[0]})), - ]); - } - - // If only the default authentication available, hides the select boxe - const content = $('.at-form-authentication'); - if (!(this.authenticationMethods.get().length > 1)) { - content.hide(); - } else { - content.show(); - } - }); -}); - -Template.connectionMethod.onRendered(() => { - // Moves the select boxe in the first place of the at-pwd-form div - $('.at-form-authentication').detach().prependTo('.at-pwd-form'); -}); - -Template.connectionMethod.helpers({ - authentications() { - return Template.instance().authenticationMethods.get(); - }, -}); diff --git a/docker-compose.yml b/docker-compose.yml index 56ca7775..3a3befbb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -195,6 +195,18 @@ services: # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #- LDAP_DEFAULT_DOMAIN= + # LOGOUT_WITH_TIMER : Enables or not the option logout with timer + # example : LOGOUT_WITH_TIMER=true + #- LOGOUT_WITH_TIMER= + # LOGOUT_IN : The number of days + # example : LOGOUT_IN=1 + #- LOGOUT_IN= + # LOGOUT_ON_HOURS : The number of hours + # example : LOGOUT_ON_HOURS=9 + #- LOGOUT_ON_HOURS= + # LOGOUT_ON_MINUTES : The number of minutes + # example : LOGOUT_ON_MINUTES=55 + #- LOGOUT_ON_MINUTES= depends_on: - wekandb diff --git a/models/settings.js b/models/settings.js index c2a9bf01..6c9f5a53 100644 --- a/models/settings.js +++ b/models/settings.js @@ -76,6 +76,7 @@ if (Meteor.isServer) { }, createdAt: now, modifiedAt: now}; Settings.insert(defaultSetting); } + const newSetting = Settings.findOne(); if (!process.env.MAIL_URL && newSetting.mailUrl()) process.env.MAIL_URL = newSetting.mailUrl(); @@ -235,5 +236,35 @@ if (Meteor.isServer) { cas: isCasEnabled(), }; }, + + getDefaultAuthenticationMethod() { + return process.env.DEFAULT_AUTHENTICATION_METHOD; + }, + + // TODO: patch error : did not check all arguments during call + logoutWithTimer(userId) { + if (process.env.LOGOUT_WITH_TIMER) { + Jobs.run('logOut', userId, { + in: { + days: process.env.LOGOUT_IN, + }, + on: { + hour: process.env.LOGOUT_ON_HOURS, + minute: process.env.LOGOUT_ON_MINUTES, + }, + priority: 1, + }); + } + }, + }); + + Jobs.register({ + logOut(userId) { + Meteor.users.update( + {_id: userId}, + {$set: {'services.resume.loginTokens': []}} + ); + this.success(); + }, }); } diff --git a/models/users.js b/models/users.js index 630f4703..2e879d94 100644 --- a/models/users.js +++ b/models/users.js @@ -520,10 +520,10 @@ if (Meteor.isServer) { } const disableRegistration = Settings.findOne().disableRegistration; - // If ldap, bypass the inviation code if the self registration isn't allowed. - // TODO : pay attention if ldap field in the user model change to another content ex : ldap field to connection_type - if (options.ldap || !disableRegistration) { - user.authenticationMethod = 'ldap'; + if (!disableRegistration) { + if (options.ldap) { + user.authenticationMethod = 'ldap'; + } return user; } diff --git a/server/publications/users.js b/server/publications/users.js index f0c94153..136e1e08 100644 --- a/server/publications/users.js +++ b/server/publications/users.js @@ -22,6 +22,7 @@ Meteor.publish('user-authenticationMethod', function(match) { check(match, String); return Users.find({$or: [{_id: match}, {email: match}, {username: match}]}, { fields: { + '_id': 1, 'authenticationMethod': 1, }, }); diff --git a/snap-src/bin/config b/snap-src/bin/config index a19baf7d..a89dfffd 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN" +keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER, LOGOUT_IN, LOGOUT_ON_HOURS, LOGOUT_ON_MINUTES" # default values DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\ @@ -265,3 +265,19 @@ KEY_LDAP_SYNC_GROUP_ROLES="ldap-sync-group-roles" DESCRIPTION_LDAP_DEFAULT_DOMAIN="The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP" DEFAULT_LDAP_DEFAULT_DOMAIN="" KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain" + +DESCRIPTION_LOGOUT_WITH_TIMER="Enables or not the option logout with timer" +DEFAULT_LOGOUT_WITH_TIMER="false" +KEY_LOGOUT_WITH_TIMER="logout-with-timer" + +DESCRIPTION_LOGOUT_IN="The number of days" +DEFAULT_LOGOUT_IN="" +KEY_LOGOUT_IN="logout-in" + +DESCRIPTION_LOGOUT_ON_HOURS="The number of hours" +DEFAULT_LOGOUT_ON_HOURS="" +KEY_LOGOUT_ON_HOURS="logout-on-hours" + +DESCRIPTION_LOGOUT_ON_MINUTES="The number of minutes" +DEFAULT_LOGOUT_ON_MINUTES="" +KEY_LOGOUT_ON_MINUTES="logout-on-minutes" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index c488a538..4cd0001e 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -245,6 +245,22 @@ echo -e "Ldap Default Domain." echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:" echo -e "\t$ snap set $SNAP_NAME LDAP_DEFAULT_DOMAIN=''" echo -e "\n" +echo -e "Logout with timer." +echo -e "Enable or not the option that allows to disconnect an user after a given time:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'" +echo -e "\n" +echo -e "Logout in." +echo -e "Logout in how many days:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'" +echo -e "\n" +echo -e "Logout on hours." +echo -e "Logout in how many hours:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'" +echo -e "\n" +echo -e "Logout on minutes." +echo -e "Logout in how many minutes:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'" +echo -e "\n" # parse config file for supported settings keys echo -e "wekan supports settings keys" echo -e "values can be changed by calling\n$ snap set $SNAP_NAME <key name>='<key value>'" |