From f23448be3340c56f6fae85b19a52aecf55e4753b Mon Sep 17 00:00:00 2001 From: guillaume Date: Thu, 22 Nov 2018 18:00:21 +0100 Subject: revert changes for patch authentication --- .meteor/packages | 1 + .meteor/versions | 1 + Dockerfile | 8 ++++ client/components/main/layouts.jade | 1 - client/components/main/layouts.js | 89 ++++++++++++++++++------------------- docker-compose.yml | 12 +++++ models/settings.js | 30 +++++++++++++ models/users.js | 8 ++-- server/publications/users.js | 1 + snap-src/bin/config | 18 +++++++- snap-src/bin/wekan-help | 16 +++++++ 11 files changed, 133 insertions(+), 52 deletions(-) diff --git a/.meteor/packages b/.meteor/packages index 3779a684..698f1a73 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -89,3 +89,4 @@ mquandalle:moment msavin:usercache wekan:wekan-ldap wekan:accounts-cas +msavin:sjobs \ No newline at end of file diff --git a/.meteor/versions b/.meteor/versions index 6415eb8b..5235e6a0 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -117,6 +117,7 @@ mquandalle:jquery-ui-drag-drop-sort@0.2.0 mquandalle:moment@1.0.1 mquandalle:mousetrap-bindglobal@0.0.1 mquandalle:perfect-scrollbar@0.6.5_2 +msavin:sjobs@3.0.6 msavin:usercache@1.0.0 npm-bcrypt@0.9.3 npm-mongo@2.2.33 diff --git a/Dockerfile b/Dockerfile index f9b71521..96749eb0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -65,6 +65,10 @@ ARG LDAP_SYNC_USER_DATA ARG LDAP_SYNC_USER_DATA_FIELDMAP ARG LDAP_SYNC_GROUP_ROLES ARG LDAP_DEFAULT_DOMAIN +ARG LOGOUT_WITH_TIMER +ARG LOGOUT_IN +ARG LOGOUT_ON_HOURS +ARG LOGOUT_ON_MINUTES # Set the environment variables (defaults where required) # DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303 @@ -133,6 +137,10 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth LDAP_SYNC_USER_DATA_FIELDMAP="" \ LDAP_SYNC_GROUP_ROLES="" \ LDAP_DEFAULT_DOMAIN="" + LOGOUT_WITH_TIMER="false" \ + LOGOUT_IN="" \ + LOGOUT_ON_HOURS="" \ + LOGOUT_ON_MINUTES="" # Copy the app to the image COPY ${SRC_PATH} /home/wekan/app diff --git a/client/components/main/layouts.jade b/client/components/main/layouts.jade index e434eaba..969ec6a9 100644 --- a/client/components/main/layouts.jade +++ b/client/components/main/layouts.jade @@ -23,7 +23,6 @@ template(name="userFormsLayout") br section.auth-dialog +Template.dynamic(template=content) - +connectionMethod if isCas .at-form button#cas(class='at-btn submit' type='submit') {{casSignInLabel}} diff --git a/client/components/main/layouts.js b/client/components/main/layouts.js index d4a9d6d1..c98eb6b9 100644 --- a/client/components/main/layouts.js +++ b/client/components/main/layouts.js @@ -6,29 +6,14 @@ const i18nTagToT9n = (i18nTag) => { return i18nTag; }; -const validator = { - set(obj, prop, value) { - if (prop === 'state' && value !== 'signIn') { - $('.at-form-authentication').hide(); - } else if (prop === 'state' && value === 'signIn') { - $('.at-form-authentication').show(); - } - // The default behavior to store the value - obj[prop] = value; - // Indicate success - return true; - }, -}; - Template.userFormsLayout.onCreated(() => { Meteor.subscribe('setting'); - + Meteor.call('getDefaultAuthenticationMethod', (error, result) => { + this.data.defaultAuthenticationMethod = new ReactiveVar(error ? undefined : result); + }); }); Template.userFormsLayout.onRendered(() => { - - AccountsTemplates.state.form.keys = new Proxy(AccountsTemplates.state.form.keys, validator); - const i18nTag = navigator.language; if (i18nTag) { T9n.setLanguage(i18nTagToT9n(i18nTag)); @@ -37,7 +22,6 @@ Template.userFormsLayout.onRendered(() => { }); Template.userFormsLayout.helpers({ - currentSetting() { return Settings.findOne(); }, @@ -92,13 +76,14 @@ Template.userFormsLayout.events({ } }); }, - 'click #at-btn'(event) { + 'click #at-btn'(event, instance) { /* All authentication method can be managed/called here. !! DON'T FORGET to correctly fill the fields of the user during its creation if necessary authenticationMethod : String !! */ - const authenticationMethodSelected = $('.select-authentication').val(); - // Local account - if (authenticationMethodSelected === 'password') { + const email = $('#at-field-username_and_email').val(); + const password = $('#at-field-password').val(); + + if (FlowRouter.getRouteName() !== 'atSignIn' || password === '') { return; } @@ -106,29 +91,11 @@ Template.userFormsLayout.events({ event.preventDefault(); event.stopImmediatePropagation(); - const email = $('#at-field-username_and_email').val(); - const password = $('#at-field-password').val(); - - // Ldap account - if (authenticationMethodSelected === 'ldap') { - // Check if the user can use the ldap connection - Meteor.subscribe('user-authenticationMethod', email, { - onReady() { - const user = Users.findOne(); - if (user === undefined || user.authenticationMethod === 'ldap') { - // Use the ldap connection package - Meteor.loginWithLDAP(email, password, function(error) { - if (!error) { - // Connection - return FlowRouter.go('/'); - } - return error; - }); - } - return this.stop(); - }, - }); - } + Meteor.subscribe('user-authenticationMethod', email, { + onReady() { + return authentication.call(this, instance, email, password); + }, + }); }, }); @@ -137,3 +104,33 @@ Template.defaultLayout.events({ Modal.close(); }, }); + +function authentication(instance, email, password) { + let user = Users.findOne(); + // Authentication with password + if (user && user.authenticationMethod === 'password') { + $('#at-pwd-form').submit(); + // Meteor.call('logoutWithTimer', user._id, () => {}); + return this.stop(); + } + + // If user doesn't exist, uses the default authentication method if it defined + if (user === undefined) { + user = { + 'authenticationMethod': instance.data.defaultAuthenticationMethod.get(), + }; + } + + // Authentication with LDAP + if (user.authenticationMethod === 'ldap') { + // Use the ldap connection package + Meteor.loginWithLDAP(email, password, function(error) { + if (!error) { + // Meteor.call('logoutWithTimer', Users.findOne()._id, () => {}); + return FlowRouter.go('/'); + } + return error; + }); + } + return this.stop(); +} diff --git a/docker-compose.yml b/docker-compose.yml index 4d3f1c9b..5054e135 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -198,6 +198,18 @@ services: # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #- LDAP_DEFAULT_DOMAIN= + # LOGOUT_WITH_TIMER : Enables or not the option logout with timer + # example : LOGOUT_WITH_TIMER=true + #- LOGOUT_WITH_TIMER= + # LOGOUT_IN : The number of days + # example : LOGOUT_IN=1 + #- LOGOUT_IN= + # LOGOUT_ON_HOURS : The number of hours + # example : LOGOUT_ON_HOURS=9 + #- LOGOUT_ON_HOURS= + # LOGOUT_ON_MINUTES : The number of minutes + # example : LOGOUT_ON_MINUTES=55 + #- LOGOUT_ON_MINUTES= depends_on: - wekandb diff --git a/models/settings.js b/models/settings.js index 52212809..8d067c6d 100644 --- a/models/settings.js +++ b/models/settings.js @@ -239,5 +239,35 @@ if (Meteor.isServer) { cas: isCasEnabled(), }; }, + + getDefaultAuthenticationMethod() { + return process.env.DEFAULT_AUTHENTICATION_METHOD; + }, + + // TODO: patch error : did not check all arguments during call + logoutWithTimer(userId) { + if (process.env.LOGOUT_WITH_TIMER) { + Jobs.run('logOut', userId, { + in: { + days: process.env.LOGOUT_IN, + }, + on: { + hour: process.env.LOGOUT_ON_HOURS, + minute: process.env.LOGOUT_ON_MINUTES, + }, + priority: 1, + }); + } + }, + }); + + Jobs.register({ + logOut(userId) { + Meteor.users.update( + {_id: userId}, + {$set: {'services.resume.loginTokens': []}} + ); + this.success(); + }, }); } diff --git a/models/users.js b/models/users.js index 630f4703..2e879d94 100644 --- a/models/users.js +++ b/models/users.js @@ -520,10 +520,10 @@ if (Meteor.isServer) { } const disableRegistration = Settings.findOne().disableRegistration; - // If ldap, bypass the inviation code if the self registration isn't allowed. - // TODO : pay attention if ldap field in the user model change to another content ex : ldap field to connection_type - if (options.ldap || !disableRegistration) { - user.authenticationMethod = 'ldap'; + if (!disableRegistration) { + if (options.ldap) { + user.authenticationMethod = 'ldap'; + } return user; } diff --git a/server/publications/users.js b/server/publications/users.js index f0c94153..136e1e08 100644 --- a/server/publications/users.js +++ b/server/publications/users.js @@ -22,6 +22,7 @@ Meteor.publish('user-authenticationMethod', function(match) { check(match, String); return Users.find({$or: [{_id: match}, {email: match}, {username: match}]}, { fields: { + '_id': 1, 'authenticationMethod': 1, }, }); diff --git a/snap-src/bin/config b/snap-src/bin/config index 0472f4f9..4aa12475 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN" +keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER, LOGOUT_IN, LOGOUT_ON_HOURS, LOGOUT_ON_MINUTES" # default values DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\ @@ -269,3 +269,19 @@ KEY_LDAP_SYNC_GROUP_ROLES="ldap-sync-group-roles" DESCRIPTION_LDAP_DEFAULT_DOMAIN="The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP" DEFAULT_LDAP_DEFAULT_DOMAIN="" KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain" + +DESCRIPTION_LOGOUT_WITH_TIMER="Enables or not the option logout with timer" +DEFAULT_LOGOUT_WITH_TIMER="false" +KEY_LOGOUT_WITH_TIMER="logout-with-timer" + +DESCRIPTION_LOGOUT_IN="The number of days" +DEFAULT_LOGOUT_IN="" +KEY_LOGOUT_IN="logout-in" + +DESCRIPTION_LOGOUT_ON_HOURS="The number of hours" +DEFAULT_LOGOUT_ON_HOURS="" +KEY_LOGOUT_ON_HOURS="logout-on-hours" + +DESCRIPTION_LOGOUT_ON_MINUTES="The number of minutes" +DEFAULT_LOGOUT_ON_MINUTES="" +KEY_LOGOUT_ON_MINUTES="logout-on-minutes" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index f28f8f9d..4bd7c277 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -249,6 +249,22 @@ echo -e "Ldap Default Domain." echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:" echo -e "\t$ snap set $SNAP_NAME LDAP_DEFAULT_DOMAIN=''" echo -e "\n" +echo -e "Logout with timer." +echo -e "Enable or not the option that allows to disconnect an user after a given time:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'" +echo -e "\n" +echo -e "Logout in." +echo -e "Logout in how many days:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'" +echo -e "\n" +echo -e "Logout on hours." +echo -e "Logout in how many hours:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'" +echo -e "\n" +echo -e "Logout on minutes." +echo -e "Logout in how many minutes:" +echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'" +echo -e "\n" # parse config file for supported settings keys echo -e "wekan supports settings keys" echo -e "values can be changed by calling\n$ snap set $SNAP_NAME =''" -- cgit v1.2.3-1-g7c22 From 745bd7e8068213487f5829f24ba99b26f6935818 Mon Sep 17 00:00:00 2001 From: guillaume Date: Fri, 23 Nov 2018 18:04:05 +0100 Subject: finish prepare for test --- client/components/main/layouts.js | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/client/components/main/layouts.js b/client/components/main/layouts.js index c98eb6b9..3db228ee 100644 --- a/client/components/main/layouts.js +++ b/client/components/main/layouts.js @@ -6,11 +6,11 @@ const i18nTagToT9n = (i18nTag) => { return i18nTag; }; -Template.userFormsLayout.onCreated(() => { - Meteor.subscribe('setting'); +Template.userFormsLayout.onCreated(function() { Meteor.call('getDefaultAuthenticationMethod', (error, result) => { this.data.defaultAuthenticationMethod = new ReactiveVar(error ? undefined : result); }); + Meteor.subscribe('setting'); }); Template.userFormsLayout.onRendered(() => { @@ -83,7 +83,7 @@ Template.userFormsLayout.events({ const email = $('#at-field-username_and_email').val(); const password = $('#at-field-password').val(); - if (FlowRouter.getRouteName() !== 'atSignIn' || password === '') { + if (FlowRouter.getRouteName() !== 'atSignIn' || password === '' || email === '') { return; } @@ -132,5 +132,10 @@ function authentication(instance, email, password) { return error; }); } + + /* else { + process.env.DEFAULT_AUTHENTICATION_METHOD is not defined + } */ + return this.stop(); } -- cgit v1.2.3-1-g7c22