diff options
-rw-r--r-- | .meteor/packages | 1 | ||||
-rw-r--r-- | .meteor/versions | 1 | ||||
-rw-r--r-- | Dockerfile | 12 | ||||
-rw-r--r-- | client/components/main/layouts.js | 2 | ||||
-rw-r--r-- | docker-compose.yml | 12 | ||||
-rw-r--r-- | models/settings.js | 23 | ||||
-rw-r--r-- | server/publications/users.js | 1 | ||||
-rwxr-xr-x | snap-src/bin/config | 18 | ||||
-rwxr-xr-x | snap-src/bin/wekan-help | 16 |
9 files changed, 83 insertions, 3 deletions
diff --git a/.meteor/packages b/.meteor/packages index 3779a684..f8626704 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -89,3 +89,4 @@ mquandalle:moment msavin:usercache wekan:wekan-ldap wekan:accounts-cas +msavin:sjobs diff --git a/.meteor/versions b/.meteor/versions index 6415eb8b..5235e6a0 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -117,6 +117,7 @@ mquandalle:jquery-ui-drag-drop-sort@0.2.0 mquandalle:moment@1.0.1 mquandalle:mousetrap-bindglobal@0.0.1 mquandalle:perfect-scrollbar@0.6.5_2 +msavin:sjobs@3.0.6 msavin:usercache@1.0.0 npm-bcrypt@0.9.3 npm-mongo@2.2.33 @@ -64,6 +64,10 @@ ARG LDAP_SYNC_USER_DATA ARG LDAP_SYNC_USER_DATA_FIELDMAP ARG LDAP_SYNC_GROUP_ROLES ARG LDAP_DEFAULT_DOMAIN +ARG LOGOUT_WITH_TIMER +ARG LOGOUT_IN +ARG LOGOUT_ON_HOURS +ARG LOGOUT_ON_MINUTES # Set the environment variables (defaults where required) # DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303 @@ -130,7 +134,11 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth LDAP_SYNC_USER_DATA=false \ LDAP_SYNC_USER_DATA_FIELDMAP="" \ LDAP_SYNC_GROUP_ROLES="" \ - LDAP_DEFAULT_DOMAIN="" + LDAP_DEFAULT_DOMAIN="" \ + LOGOUT_WITH_TIMER="false" \ + LOGOUT_IN="" \ + LOGOUT_ON_HOURS="" \ + LOGOUT_ON_MINUTES="" # Copy the app to the image COPY ${SRC_PATH} /home/wekan/app @@ -159,7 +167,7 @@ RUN \ # Also see beginning of wekan/server/authentication.js # import Fiber from "fibers"; # Fiber.poolSize = 1e9; - # OLD: Download node version 8.12.0 prerelease that has fix included, => Official 8.12.0 has been released + # OLD: Download node version 8.12.0 prerelease that has fix included, => Official 8.12.0 has been released # Description at https://releases.wekan.team/node.txt #wget https://releases.wekan.team/node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \ #echo "1ed54adb8497ad8967075a0b5d03dd5d0a502be43d4a4d84e5af489c613d7795 node-v8.12.0-linux-x64.tar.gz" >> SHASUMS256.txt.asc && \ diff --git a/client/components/main/layouts.js b/client/components/main/layouts.js index 18cc6cc4..3fda11b7 100644 --- a/client/components/main/layouts.js +++ b/client/components/main/layouts.js @@ -80,6 +80,7 @@ Template.userFormsLayout.events({ const user = Users.findOne(); if (user && user.authenticationMethod === 'password') { + logoutWithTimer(user._id); return this.stop(); } @@ -93,6 +94,7 @@ Template.userFormsLayout.events({ // Use the ldap connection package Meteor.loginWithLDAP(email, password, function(error) { if (!error) { + logoutWithTimer(user._id); // Connection return FlowRouter.go('/'); } diff --git a/docker-compose.yml b/docker-compose.yml index 56ca7775..3a3befbb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -195,6 +195,18 @@ services: # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #- LDAP_DEFAULT_DOMAIN= + # LOGOUT_WITH_TIMER : Enables or not the option logout with timer + # example : LOGOUT_WITH_TIMER=true + #- LOGOUT_WITH_TIMER= + # LOGOUT_IN : The number of days + # example : LOGOUT_IN=1 + #- LOGOUT_IN= + # LOGOUT_ON_HOURS : The number of hours + # example : LOGOUT_ON_HOURS=9 + #- LOGOUT_ON_HOURS= + # LOGOUT_ON_MINUTES : The number of minutes + # example : LOGOUT_ON_MINUTES=55 + #- LOGOUT_ON_MINUTES= depends_on: - wekandb diff --git a/models/settings.js b/models/settings.js index c2a9bf01..35d71533 100644 --- a/models/settings.js +++ b/models/settings.js @@ -235,5 +235,28 @@ if (Meteor.isServer) { cas: isCasEnabled(), }; }, + logoutWithTimer(userId) { + if (process.env.LOGOUT_WITH_TIMER) { + Jobs.run('logOut', userId, { + in: { + days: process.env.LOGOUT_IN, + }, + on: { + hour: process.env.LOGOUT_ON_HOURS, + minute: process.env.LOGOUT_ON_MINUTES, + }, + priority: 1, + }); + } + }, + }); + + Jobs.register({ + logOut(userId) { + Meteor.users.update( + {_id: userId}, + {$set: {'services.resume.loginTokens': []}} + ); + }, }); } diff --git a/server/publications/users.js b/server/publications/users.js index f0c94153..136e1e08 100644 --- a/server/publications/users.js +++ b/server/publications/users.js @@ -22,6 +22,7 @@ Meteor.publish('user-authenticationMethod', function(match) { check(match, String); return Users.find({$or: [{_id: match}, {email: match}, {username: match}]}, { fields: { + '_id': 1, 'authenticationMethod': 1, }, }); diff --git a/snap-src/bin/config b/snap-src/bin/config index a19baf7d..a89dfffd 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN" +keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER, LOGOUT_IN, LOGOUT_ON_HOURS, LOGOUT_ON_MINUTES" # default values DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\ @@ -265,3 +265,19 @@ KEY_LDAP_SYNC_GROUP_ROLES="ldap-sync-group-roles" DESCRIPTION_LDAP_DEFAULT_DOMAIN="The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP" DEFAULT_LDAP_DEFAULT_DOMAIN="" KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain" + +DESCRIPTION_LOGOUT_WITH_TIMER="Enables or not the option logout with timer" +DEFAULT_LOGOUT_WITH_TIMER="false" +KEY_LOGOUT_WITH_TIMER="logout-with-timer" + +DESCRIPTION_LOGOUT_IN="The number of days" +DEFAULT_LOGOUT_IN="" +KEY_LOGOUT_IN="logout-in" + +DESCRIPTION_LOGOUT_ON_HOURS="The number of hours" +DEFAULT_LOGOUT_ON_HOURS="" +KEY_LOGOUT_ON_HOURS="logout-on-hours" + +DESCRIPTION_LOGOUT_ON_MINUTES="The number of minutes" +DEFAULT_LOGOUT_ON_MINUTES="" +KEY_LOGOUT_ON_MINUTES="logout-on-minutes" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index c488a538..4cd0001e 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -245,6 +245,22 @@ echo -e "Ldap Default Domain." echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:" echo -e "\t$ snap set $SNAP_NAME LDAP_DEFAULT_DOMAIN=''" echo -e "\n" +echo -e "Logout with timer." +echo -e "Enable or not the option that allows to disconnect an user after a given time:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'" +echo -e "\n" +echo -e "Logout in." +echo -e "Logout in how many days:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'" +echo -e "\n" +echo -e "Logout on hours." +echo -e "Logout in how many hours:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'" +echo -e "\n" +echo -e "Logout on minutes." +echo -e "Logout in how many minutes:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'" +echo -e "\n" # parse config file for supported settings keys echo -e "wekan supports settings keys" echo -e "values can be changed by calling\n$ snap set $SNAP_NAME <key name>='<key value>'" |