From ff825d6123ecfd033ccb08ce97c11cefee676104 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Fri, 8 Mar 2019 18:40:43 +0200 Subject: [HTTP header automatic login. Not tested yet.](https://github.com/wekan/wekan/issues/2019). Thanks to xet7 ! Related #2019 --- Dockerfile | 8 ++++++++ client/components/main/layouts.js | 24 +++++++++++++++++++----- docker-compose.yml | 7 +++++++ releases/virtualbox/start-wekan.sh | 8 ++++++++ snap-src/bin/config | 18 +++++++++++++++++- snap-src/bin/wekan-help | 7 +++++++ start-wekan.bat | 7 +++++++ start-wekan.sh | 8 ++++++++ 8 files changed, 81 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 58a1b629..c833bc17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -77,6 +77,10 @@ ARG LDAP_SYNC_GROUP_ROLES ARG LDAP_DEFAULT_DOMAIN ARG LDAP_SYNC_ADMIN_STATUS ARG LDAP_SYNC_ADMIN_GROUPS +ARG HEADER_LOGIN_ID +ARG HEADER_LOGIN_FIRSTNAME +ARG HEADER_LOGIN_LASTNAME +ARG HEADER_LOGIN_EMAIL ARG LOGOUT_WITH_TIMER ARG LOGOUT_IN ARG LOGOUT_ON_HOURS @@ -163,6 +167,10 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth LDAP_DEFAULT_DOMAIN="" \ LDAP_SYNC_ADMIN_STATUS="" \ LDAP_SYNC_ADMIN_GROUPS="" \ + HEADER_LOGIN_ID="" \ + HEADER_LOGIN_FIRSTNAME="" \ + HEADER_LOGIN_LASTNAME="" \ + HEADER_LOGIN_EMAIL="" \ LOGOUT_WITH_TIMER=false \ LOGOUT_IN="" \ LOGOUT_ON_HOURS="" \ diff --git a/client/components/main/layouts.js b/client/components/main/layouts.js index 6f7c914a..b3b95d32 100644 --- a/client/components/main/layouts.js +++ b/client/components/main/layouts.js @@ -101,8 +101,19 @@ Template.defaultLayout.events({ }); async function authentication(event, instance) { - const match = $('#at-field-username_and_email').val(); - const password = $('#at-field-password').val(); + + // If header login id is set, use it for login + if (process.env.HEADER_LOGIN_ID) { + // Header username = Email address + const match = req.headers[process.env.HEADER_LOGIN_EMAIL]; + // Header password = Login ID + const password = req.headers[process.env.HEADER_LOGIN_ID]; + //const headerLoginFirstname = req.headers[process.env.HEADER_LOGIN_FIRSTNAME]; + //const headerLoginLastname = req.headers[process.env.HEADER_LOGIN_LASTNAME]; + } else { + const match = $('#at-field-username_and_email').val(); + const password = $('#at-field-password').val(); + } if (!match || !password) return; @@ -110,9 +121,12 @@ async function authentication(event, instance) { if (result === 'password') return; - // Stop submit #at-pwd-form - event.preventDefault(); - event.stopImmediatePropagation(); + // If header login id is not set, don't try to login automatically. + if (!process.env.HEADER_LOGIN_ID) { + // Stop submit #at-pwd-form + event.preventDefault(); + event.stopImmediatePropagation(); + } switch (result) { case 'ldap': diff --git a/docker-compose.yml b/docker-compose.yml index 9646a012..454964e8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -508,6 +508,13 @@ services: # Comma separated list of admin group names to sync. #- LDAP_SYNC_ADMIN_GROUPS=group1,group2 #--------------------------------------------------------------------- + # Login to LDAP automatically with HTTP header. + # In below example for siteminder, at right side of = is header name. + #- HEADER_LOGIN_ID=BNPPUID + #- HEADER_LOGIN_FIRSTNAME=BNPPFIRSTNAME + #- HEADER_LOGIN_LASTNAME=BNPPLASTNAME + #- HEADER_LOGIN_EMAIL=BNPPEMAILADDRESS + #--------------------------------------------------------------------- # ==== LOGOUT TIMER, probably does not work yet ==== # LOGOUT_WITH_TIMER : Enables or not the option logout with timer # example : LOGOUT_WITH_TIMER=true diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh index 08c79778..31a95728 100755 --- a/releases/virtualbox/start-wekan.sh +++ b/releases/virtualbox/start-wekan.sh @@ -251,6 +251,14 @@ #export LDAP_SYNC_ADMIN_STATUS=true # Comma separated list of admin group names. #export LDAP_SYNC_ADMIN_GROUPS=group1,group2 + #--------------------------------------------------------------------- + # Login to LDAP automatically with HTTP header. + # In below example for siteminder, at right side of = is header name. + #export HEADER_LOGIN_ID=BNPPUID + #export HEADER_LOGIN_FIRSTNAME=BNPPFIRSTNAME + #export HEADER_LOGIN_LASTNAME=BNPPLASTNAME + #export HEADER_LOGIN_EMAIL=BNPPEMAILADDRESS + #--------------------------------------------------------------------- # LOGOUT_WITH_TIMER : Enables or not the option logout with timer # example : LOGOUT_WITH_TIMER=true #export LOGOUT_WITH_TIMER= diff --git a/snap-src/bin/config b/snap-src/bin/config index 3e32c221..eecb7ba1 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD" +keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD" # default values DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'" @@ -326,6 +326,22 @@ DESCRIPTION_LDAP_DEFAULT_DOMAIN="The default domain of the ldap it is used to cr DEFAULT_LDAP_DEFAULT_DOMAIN="" KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain" +DESCRIPTION_HEADER_LOGIN_ID="Header login ID. Example for siteminder: BNPPUID" +DEFAULT_HEADER_LOGIN_ID="" +KEY_HEADER_LOGIN_ID="header-login-id" + +DESCRIPTION_HEADER_LOGIN_FIRSTNAME="Header login firstname. Example for siteminder: BNPPFIRSTNAME" +DEFAULT_HEADER_LOGIN_FIRSTNAME="Header login firstname. Example for siteminder: BNPPFIRSTNAME" +KEY_HEADER_LOGIN_FIRSTNAME="header-login-firstname" + +DESCRIPTION_HEADER_LOGIN_LASTNAME="Header login lastname. Example for siteminder: BNPPLASTNAME" +DEFAULT_HEADER_LOGIN_LASTNAME="Header login firstname. Example for siteminder: BNPPLASTNAME" +KEY_HEADER_LOGIN_LASTNAME="header-login-lastname" + +DESCRIPTION_HEADER_LOGIN_EMAIL="Header login email. Example for siteminder: BNPPEMAILADDRESS" +DEFAULT_HEADER_LOGIN_EMAIL="Header login email. Example for siteminder: BNPPEMAILADDRESS" +KEY_HEADER_LOGIN_EMAIL="header-login-email" + DESCRIPTION_LOGOUT_WITH_TIMER="Enables or not the option logout with timer" DEFAULT_LOGOUT_WITH_TIMER="false" KEY_LOGOUT_WITH_TIMER="logout-with-timer" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index e1945357..766a7df7 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -307,6 +307,13 @@ echo -e "Logout with timer." echo -e "Enable or not the option that allows to disconnect an user after a given time:" echo -e "\t$ snap set $SNAP_NAME logout-with-timer='true'" echo -e "\n" +echo -e "Login to LDAP automatically with HTTP header." +echo -e "In below example for siteminder, at right side of = is header name." +echo -e "\t$ snap set $SNAP_NAME header-login-id='BNPPUID'" +echo -e "\t$ snap set $SNAP_NAME header-login-firstname='BNPPFIRSTNAME'" +echo -e "\t$ snap set $SNAP_NAME header-login-lastname='BNPPLASTNAME'" +echo -e "\t$ snap set $SNAP_NAME header-login-email='BNPPEMAILADDRESS'" +echo -e "\n" echo -e "Logout in." echo -e "Logout in how many days:" echo -e "\t$ snap set $SNAP_NAME logout-in='1'" diff --git a/start-wekan.bat b/start-wekan.bat index 229bf2db..001700f3 100755 --- a/start-wekan.bat +++ b/start-wekan.bat @@ -254,6 +254,13 @@ REM SET LDAP_SYNC_ADMIN_STATUS=true REM # Comma separated list of admin group names to sync. REM SET LDAP_SYNC_ADMIN_GROUPS=group1,group2 +REM # Login to LDAP automatically with HTTP header. +REM # In below example for siteminder, at right side of = is header name. +REM SET HEADER_LOGIN_ID=BNPPUID +REM SET HEADER_LOGIN_FIRSTNAME=BNPPFIRSTNAME +REM SET HEADER_LOGIN_LASTNAME=BNPPLASTNAME +REM SET HEADER_LOGIN_EMAIL=BNPPEMAILADDRESS + REM ------------------------------------------------ REM # LOGOUT_WITH_TIMER : Enables or not the option logout with timer diff --git a/start-wekan.sh b/start-wekan.sh index 78084c1c..184be575 100755 --- a/start-wekan.sh +++ b/start-wekan.sh @@ -269,6 +269,14 @@ function wekan_repo_check(){ #export LDAP_SYNC_ADMIN_STATUS=true # Comma separated list of admin group names to sync. #export LDAP_SYNC_ADMIN_GROUPS=group1,group2 + #--------------------------------------------------------------------- + # Login to LDAP automatically with HTTP header. + # In below example for siteminder, at right side of = is header name. + #export HEADER_LOGIN_ID=BNPPUID + #export HEADER_LOGIN_FIRSTNAME=BNPPFIRSTNAME + #export HEADER_LOGIN_LASTNAME=BNPPLASTNAME + #export HEADER_LOGIN_EMAIL=BNPPEMAILADDRESS + #--------------------------------------------------------------------- # LOGOUT_WITH_TIMER : Enables or not the option logout with timer # example : LOGOUT_WITH_TIMER=true #export LOGOUT_WITH_TIMER= -- cgit v1.2.3-1-g7c22