Home Explore Help
Sign In
mirrors
/
wekan
mirror of https://github.com/wekan/wekan.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

- Fix OIDC error "a.join is not a function" b reverting
configurable OAUTH2_ID_TOKEN_WHITELIST_FIELDS and
OAUTH2_REQUEST_PERMISSIONS from Wekan v2.22-2.26.

Thanks to xet7 !

Closes #2206,
Related #1874,
Related #1722

Lauri Ojansivu 6 years ago
parent
5e66119bf0
commit
05351c0ac1
8 changed files with 3 additions and 44 deletions
Split View Show Diff Stats
  1. 0 4
      Dockerfile
  2. 0 4
      docker-compose.yml
  3. 0 4
      releases/virtualbox/start-wekan.sh
  4. 2 2
      server/authentication.js
  5. 1 9
      snap-src/bin/config
  6. 0 12
      snap-src/bin/wekan-help
  7. 0 5
      start-wekan.bat
  8. 0 4
      start-wekan.sh

+ 0 - 4
Dockerfile
View File 

@@ -31,8 +31,6 @@ ARG OAUTH2_ID_MAP
 
 ARG OAUTH2_USERNAME_MAP
 
 ARG OAUTH2_FULLNAME_MAP
 
 ARG OAUTH2_EMAIL_MAP
 
-ARG OAUTH2_ID_TOKEN_WHITELIST_FIELDS
 
-ARG OAUTH2_REQUEST_PERMISSIONS
 
 ARG LDAP_ENABLE
 
 ARG LDAP_PORT
 
 ARG LDAP_HOST
 
@@ -117,8 +115,6 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
 
     OAUTH2_USERNAME_MAP="" \
 
     OAUTH2_FULLNAME_MAP="" \
 
     OAUTH2_EMAIL_MAP="" \
 
-    OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[] \
 
-    OAUTH2_REQUEST_PERMISSIONS=[openid] \
 
     LDAP_ENABLE=false \
 
     LDAP_PORT=389 \
 
     LDAP_HOST="" \

+ 0 - 4
docker-compose.yml
View File 

@@ -315,10 +315,6 @@ services:
 
       #- OAUTH2_FULLNAME_MAP=
 
       # OAuth2 Email Mapping
 
       #- OAUTH2_EMAIL_MAP=
 
-      # OAUTH2 ID Token Whitelist Fields.
 
-      #- OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
 
-      # OAUTH2 Request Permissions.
 
-      #- OAUTH2_REQUEST_PERMISSIONS=[openid email profile]
 
       #-----------------------------------------------------------------
 
       # ==== LDAP ====
 
       # https://github.com/wekan/wekan/wiki/LDAP

+ 0 - 4
releases/virtualbox/start-wekan.sh
View File 

@@ -114,10 +114,6 @@
 
         #export OAUTH2_FULLNAME_MAP=
 
         # OAuth2 Email Mapping
 
         #export OAUTH2_EMAIL_MAP=
 
-        # OAUTH2 ID Token Whitelist Fields.
 
-        #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
 
-        # OAUTH2 Request Permissions.
 
-        #export OAUTH2_REQUEST_PERMISSIONS=[openid profile email]
 
         #---------------------------------------------
 
         # LDAP_ENABLE : Enable or not the connection by the LDAP
 
         # example :  export LDAP_ENABLE=true

+ 2 - 2
server/authentication.js
View File 

@@ -76,8 +76,8 @@ Meteor.startup(() => {
 
             authorizationEndpoint: process.env.OAUTH2_AUTH_ENDPOINT,
 
             userinfoEndpoint: process.env.OAUTH2_USERINFO_ENDPOINT,
 
             tokenEndpoint: process.env.OAUTH2_TOKEN_ENDPOINT,
 
-            idTokenWhitelistFields: process.env.OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
 
-            requestPermissions: process.env.OAUTH2_REQUEST_PERMISSIONS || ['openid', 'profile', 'email'],
 
+            idTokenWhitelistFields: [],
 
+            requestPermissions: ['openid'],
 
           },
 
         }
 
       );

+ 1 - 9
snap-src/bin/config
View File 

@@ -3,7 +3,7 @@
 
 # All supported keys are defined here together with descriptions and default values
 
 
 # list of supported keys
 
-keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
 
+keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
 
 
 # default values
 
 DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
 
@@ -142,14 +142,6 @@ DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email"
 
 DEFAULT_OAUTH2_EMAIL_MAP=""
 
 KEY_OAUTH2_EMAIL_MAP="oauth2-email-map"
 
 
-DESCRIPTION_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="OAuth2 ID Token Whitelist Fields. Example: []"
 
-DEFAULT_OAUTH2_ID_TOKEN_WHITELIST_FIELDS=""
 
-KEY_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="oauth2-id-token-whitelist-fields"
 
-
 
-DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: [openid profile email]"
 
-DEFAULT_OAUTH2_REQUEST_PERMISSIONS=""
 
-KEY_OAUTH2_REQUEST_PERMISSIONS="oauth2-request-permissions"
 
-
 
 DESCRIPTION_LDAP_ENABLE="Enable or not the connection by the LDAP"
 
 DEFAULT_LDAP_ENABLE="false"
 
 KEY_LDAP_ENABLE="ldap-enable"

+ 0 - 12
snap-src/bin/wekan-help
View File 

@@ -130,18 +130,6 @@ echo -e "\t$ snap set $SNAP_NAME oauth2-email-map='email'"
 
 echo -e "\t-Disable the OAuth2 Email Mapping of Wekan:"
 
 echo -e "\t$ snap set $SNAP_NAME oauth2-email-map=''"
 
 echo -e "\n"
 
-echo -e "OAuth2 ID Token Whitelist Fields."
 
-echo -e "To enable the OAuth2 ID Token Whitelist Fields of Wekan:"
 
-echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields='[]'"
 
-echo -e "\t-Disable the OAuth2 ID Token Whitelist Fields of Wekan:"
 
-echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=''"
 
-echo -e "\n"
 
-echo -e "OAuth2 Request Permissions."
 
-echo -e "To enable the OAuth2 Request Permissions of Wekan:"
 
-echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions='[openid profile email]'"
 
-echo -e "\t-Disable the OAuth2 Request Permissions of Wekan:"
 
-echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=''"
 
-echo -e "\n"
 
 echo -e "Ldap Enable."
 
 echo -e "To enable the ldap of Wekan:"
 
 echo -e "\t$ snap set $SNAP_NAME ldap-enable='true'"

+ 0 - 5
start-wekan.bat
View File 

@@ -74,11 +74,6 @@ REM # OAuth2 Token Endpoint. Example: /oauth/token
 
 REM # example: OAUTH2_TOKEN_ENDPOINT=/oauth/token
 
 REM SET OAUTH2_TOKEN_ENDPOINT=
 
 
-REM # OAUTH2 ID Token Whitelist Fields.
 
-REM SET OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
 
-REM # OAUTH2 Request Permissions.
 
-REM SET OAUTH2_REQUEST_PERMISSIONS=[openid email profile]
 
-
 
 REM ------------------------------------------------------------
 
 
 REM # LDAP_ENABLE : Enable or not the connection by the LDAP

+ 0 - 4
start-wekan.sh
View File 

@@ -95,10 +95,6 @@ function wekan_repo_check(){
 
       #export OAUTH2_FULLNAME_MAP=name
 
       # The claim name you want to map to the email field:
 
       #export OAUTH2_EMAIL_MAP=email
 
-      # OAUTH2 ID Token Whitelist Fields.
 
-      #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
 
-      # OAUTH2 Request Permissions.
 
-      #export OAUTH2_REQUEST_PERMISSIONS=[openid profile email]
 
       #-----------------------------------------------------------------
 
       # ==== OAUTH2 KEYCLOAK ====
 
       # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED