2
0
Эх сурвалжийг харах

Added back autologin, because reverting it broke Google OIDC login.

Thanks to xet7 !
Lauri Ojansivu 3 жил өмнө
parent
commit
1e4fba3ec8

+ 37 - 26
client/components/main/layouts.js

@@ -4,7 +4,7 @@ BlazeLayout.setRoot('body');
 
 
 let alreadyCheck = 1;
 let alreadyCheck = 1;
 let isCheckDone = false;
 let isCheckDone = false;
-
+let counter = 0;
 const validator = {
 const validator = {
   set(obj, prop, value) {
   set(obj, prop, value) {
     if (prop === 'state' && value !== 'signIn') {
     if (prop === 'state' && value !== 'signIn') {
@@ -21,7 +21,7 @@ const validator = {
 
 
 // let isSettingDatabaseFctCallDone = false;
 // let isSettingDatabaseFctCallDone = false;
 
 
-Template.userFormsLayout.onCreated(function() {
+Template.userFormsLayout.onCreated(function () {
   const templateInstance = this;
   const templateInstance = this;
   templateInstance.currentSetting = new ReactiveVar();
   templateInstance.currentSetting = new ReactiveVar();
   templateInstance.isLoading = new ReactiveVar(false);
   templateInstance.isLoading = new ReactiveVar(false);
@@ -37,7 +37,7 @@ Template.userFormsLayout.onCreated(function() {
       }
       }
 
 
       // isSettingDatabaseFctCallDone = true;
       // isSettingDatabaseFctCallDone = true;
-      if(currSetting && currSetting !== undefined && currSetting.customLoginLogoImageUrl !== undefined)
+      if (currSetting && currSetting !== undefined && currSetting.customLoginLogoImageUrl !== undefined)
         document.getElementById("isSettingDatabaseCallDone").style.display = 'none';
         document.getElementById("isSettingDatabaseCallDone").style.display = 'none';
       else
       else
         document.getElementById("isSettingDatabaseCallDone").style.display = 'block';
         document.getElementById("isSettingDatabaseCallDone").style.display = 'block';
@@ -50,6 +50,18 @@ Template.userFormsLayout.onCreated(function() {
     }
     }
   });
   });
 
 
+  if (!Meteor.user()?.profile) {
+      Meteor.call('isOidcRedirectionEnabled', (_, result) => {
+        if (result) {
+          AccountsTemplates.options.socialLoginStyle = 'redirect';
+          options = {
+            loginStyle: AccountsTemplates.options.socialLoginStyle,
+          };
+          Meteor.loginWithOidc(options);
+        }
+        else console.log("oidc redirect not set");
+      });
+  }
   Meteor.call('isDisableRegistration', (_, result) => {
   Meteor.call('isDisableRegistration', (_, result) => {
     if (result) {
     if (result) {
       $('.at-signup-link').hide();
       $('.at-signup-link').hide();
@@ -81,22 +93,22 @@ Template.userFormsLayout.helpers({
   //   return isSettingDatabaseFctCallDone;
   //   return isSettingDatabaseFctCallDone;
   // },
   // },
 
 
-  isLegalNoticeLinkExist(){
+  isLegalNoticeLinkExist() {
     const currSet = Template.instance().currentSetting.get();
     const currSet = Template.instance().currentSetting.get();
-    if(currSet && currSet !== undefined && currSet != null){
+    if (currSet && currSet !== undefined && currSet != null) {
       return currSet.legalNotice !== undefined && currSet.legalNotice.trim() != "";
       return currSet.legalNotice !== undefined && currSet.legalNotice.trim() != "";
     }
     }
     else
     else
       return false;
       return false;
   },
   },
 
 
-  getLegalNoticeWithWritTraduction(){
+  getLegalNoticeWithWritTraduction() {
     let spanLegalNoticeElt = $("#legalNoticeSpan");
     let spanLegalNoticeElt = $("#legalNoticeSpan");
-    if(spanLegalNoticeElt != null && spanLegalNoticeElt != undefined){
+    if (spanLegalNoticeElt != null && spanLegalNoticeElt != undefined) {
       spanLegalNoticeElt.html(TAPi18n.__('acceptance_of_our_legalNotice', {}));
       spanLegalNoticeElt.html(TAPi18n.__('acceptance_of_our_legalNotice', {}));
     }
     }
     let atLinkLegalNoticeElt = $("#legalNoticeAtLink");
     let atLinkLegalNoticeElt = $("#legalNoticeAtLink");
-    if(atLinkLegalNoticeElt != null && atLinkLegalNoticeElt != undefined){
+    if (atLinkLegalNoticeElt != null && atLinkLegalNoticeElt != undefined) {
       atLinkLegalNoticeElt.html(TAPi18n.__('legalNotice', {}));
       atLinkLegalNoticeElt.html(TAPi18n.__('legalNotice', {}));
     }
     }
     return true;
     return true;
@@ -147,41 +159,41 @@ Template.userFormsLayout.events({
     }
     }
     isCheckDone = false;
     isCheckDone = false;
   },
   },
-  'click #at-signUp'(event, templateInstance){
+  'click #at-signUp'(event, templateInstance) {
     isCheckDone = false;
     isCheckDone = false;
   },
   },
-  'DOMSubtreeModified #at-oidc'(event){
-    if(alreadyCheck <= 2){
+  'DOMSubtreeModified #at-oidc'(event) {
+    if (alreadyCheck <= 2) {
       let currSetting = Settings.findOne();
       let currSetting = Settings.findOne();
       let oidcBtnElt = $("#at-oidc");
       let oidcBtnElt = $("#at-oidc");
-      if(currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined){
+      if (currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined) {
         let htmlvalue = "<i class='fa fa-oidc'></i>" + currSetting.oidcBtnText;
         let htmlvalue = "<i class='fa fa-oidc'></i>" + currSetting.oidcBtnText;
-        if(alreadyCheck == 1){
+        if (alreadyCheck == 1) {
           alreadyCheck++;
           alreadyCheck++;
           oidcBtnElt.html("");
           oidcBtnElt.html("");
         }
         }
-        else{
+        else {
           alreadyCheck++;
           alreadyCheck++;
           oidcBtnElt.html(htmlvalue);
           oidcBtnElt.html(htmlvalue);
         }
         }
       }
       }
     }
     }
-    else{
+    else {
       alreadyCheck = 1;
       alreadyCheck = 1;
     }
     }
   },
   },
-  'DOMSubtreeModified .at-form'(event){
-    if(alreadyCheck <= 2 && !isCheckDone){
-      if(document.getElementById("at-oidc") != null){
+  'DOMSubtreeModified .at-form'(event) {
+    if (alreadyCheck <= 2 && !isCheckDone) {
+      if (document.getElementById("at-oidc") != null) {
         let currSetting = Settings.findOne();
         let currSetting = Settings.findOne();
         let oidcBtnElt = $("#at-oidc");
         let oidcBtnElt = $("#at-oidc");
-        if(currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined){
+        if (currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined) {
           let htmlvalue = "<i class='fa fa-oidc'></i>" + currSetting.oidcBtnText;
           let htmlvalue = "<i class='fa fa-oidc'></i>" + currSetting.oidcBtnText;
-          if(alreadyCheck == 1){
+          if (alreadyCheck == 1) {
             alreadyCheck++;
             alreadyCheck++;
             oidcBtnElt.html("");
             oidcBtnElt.html("");
           }
           }
-          else{
+          else {
             alreadyCheck++;
             alreadyCheck++;
             isCheckDone = true;
             isCheckDone = true;
             oidcBtnElt.html(htmlvalue);
             oidcBtnElt.html(htmlvalue);
@@ -189,7 +201,7 @@ Template.userFormsLayout.events({
         }
         }
       }
       }
     }
     }
-    else{
+    else {
       alreadyCheck = 1;
       alreadyCheck = 1;
     }
     }
   },
   },
@@ -221,7 +233,7 @@ async function authentication(event, templateInstance) {
   switch (result) {
   switch (result) {
     case 'ldap':
     case 'ldap':
       return new Promise(resolve => {
       return new Promise(resolve => {
-        Meteor.loginWithLDAP(match, password, function() {
+        Meteor.loginWithLDAP(match, password, function () {
           resolve(FlowRouter.go('/'));
           resolve(FlowRouter.go('/'));
         });
         });
       });
       });
@@ -233,7 +245,7 @@ async function authentication(event, templateInstance) {
           {
           {
             provider,
             provider,
           },
           },
-          function() {
+          function () {
             resolve(FlowRouter.go('/'));
             resolve(FlowRouter.go('/'));
           },
           },
         );
         );
@@ -241,7 +253,7 @@ async function authentication(event, templateInstance) {
 
 
     case 'cas':
     case 'cas':
       return new Promise(resolve => {
       return new Promise(resolve => {
-        Meteor.loginWithCas(match, password, function() {
+        Meteor.loginWithCas(match, password, function () {
           resolve(FlowRouter.go('/'));
           resolve(FlowRouter.go('/'));
         });
         });
       });
       });
@@ -267,7 +279,6 @@ function getUserAuthenticationMethod(defaultAuthenticationMethod, match) {
       Meteor.subscribe('user-authenticationMethod', match, {
       Meteor.subscribe('user-authenticationMethod', match, {
         onReady() {
         onReady() {
           const user = Users.findOne();
           const user = Users.findOne();
-
           const authenticationMethod = user
           const authenticationMethod = user
             ? user.authenticationMethod
             ? user.authenticationMethod
             : defaultAuthenticationMethod;
             : defaultAuthenticationMethod;

+ 35 - 5
config/accounts.js

@@ -5,6 +5,16 @@ const emailField = AccountsTemplates.removeField('email');
 let disableRegistration = false;
 let disableRegistration = false;
 let disableForgotPassword = false;
 let disableForgotPassword = false;
 let passwordLoginDisabled = false;
 let passwordLoginDisabled = false;
+let oidcRedirectionEnabled = false;
+let oauthServerUrl = "home";
+let oauthDashboardUrl = "";
+
+Meteor.call('isOidcRedirectionEnabled', (_, result) => {
+  if(result)
+  {
+    oidcRedirectionEnabled = true;
+  }
+});
 
 
 Meteor.call('isPasswordLoginDisabled', (_, result) => {
 Meteor.call('isPasswordLoginDisabled', (_, result) => {
   if (result) {
   if (result) {
@@ -14,6 +24,18 @@ Meteor.call('isPasswordLoginDisabled', (_, result) => {
   }
   }
 });
 });
 
 
+Meteor.call('getOauthServerUrl', (_, result) => {
+  if (result) {
+    oauthServerUrl = result;
+  }
+});
+
+Meteor.call('getOauthDashboardUrl', (_, result) => {
+  if (result) {
+    oauthDashboardUrl = result;
+  }
+});
+
 Meteor.call('isDisableRegistration', (_, result) => {
 Meteor.call('isDisableRegistration', (_, result) => {
   if (result) {
   if (result) {
     disableRegistration = true;
     disableRegistration = true;
@@ -59,11 +81,19 @@ AccountsTemplates.configure({
   showForgotPasswordLink: !disableForgotPassword,
   showForgotPasswordLink: !disableForgotPassword,
   forbidClientAccountCreation: disableRegistration,
   forbidClientAccountCreation: disableRegistration,
   onLogoutHook() {
   onLogoutHook() {
-    const homePage = 'home';
-    if (FlowRouter.getRouteName() === homePage) {
-      FlowRouter.reload();
-    } else {
-      FlowRouter.go(homePage);
+    // here comeslogic for redirect
+    if(oidcRedirectionEnabled)
+    {
+      window.location = oauthServerUrl + oauthDashboardUrl;
+    }
+    else
+    {
+      const homePage = 'home';
+      if (FlowRouter.getRouteName() === homePage) {
+        FlowRouter.reload();
+      } else {
+        FlowRouter.go(homePage);
+      }
     }
     }
   },
   },
 });
 });

+ 18 - 0
models/settings.js

@@ -229,6 +229,12 @@ if (Meteor.isServer) {
     ]);
     ]);
   }
   }
 
 
+  function loadOidcConfig(service){
+    check(service, String);
+    var config = ServiceConfiguration.configurations.findOne({service: service});
+    return config;
+  }
+
   function sendInvitationEmail(_id) {
   function sendInvitationEmail(_id) {
     const icode = InvitationCodes.findOne(_id);
     const icode = InvitationCodes.findOne(_id);
     const author = Users.findOne(Meteor.userId());
     const author = Users.findOne(Meteor.userId());
@@ -495,6 +501,12 @@ if (Meteor.isServer) {
       };
       };
     },
     },
 
 
+    getOauthServerUrl(){
+      return process.env.OAUTH2_SERVER_URL;
+    },
+    getOauthDashboardUrl(){
+      return process.env.DASHBOARD_URL;
+    },
     getDefaultAuthenticationMethod() {
     getDefaultAuthenticationMethod() {
       return process.env.DEFAULT_AUTHENTICATION_METHOD;
       return process.env.DEFAULT_AUTHENTICATION_METHOD;
     },
     },
@@ -502,6 +514,12 @@ if (Meteor.isServer) {
     isPasswordLoginDisabled() {
     isPasswordLoginDisabled() {
       return process.env.PASSWORD_LOGIN_ENABLED === 'false';
       return process.env.PASSWORD_LOGIN_ENABLED === 'false';
     },
     },
+    isOidcRedirectionEnabled(){
+      return process.env.OIDC_REDIRECTION_ENABLED === 'true' && Object.keys(loadOidcConfig("oidc")).length > 0;
+    },
+    getServiceConfiguration(service){
+      return loadOidcConfig(service);
+      }
   });
   });
 }
 }
 
 

+ 2 - 2
packages/wekan-accounts-oidc/oidc.js

@@ -7,11 +7,11 @@ if (Meteor.isClient) {
       callback = options;
       callback = options;
       options = null;
       options = null;
     }
     }
-
     var credentialRequestCompleteCallback = Accounts.oauth.credentialRequestCompleteHandler(callback);
     var credentialRequestCompleteCallback = Accounts.oauth.credentialRequestCompleteHandler(callback);
     Oidc.requestCredential(options, credentialRequestCompleteCallback);
     Oidc.requestCredential(options, credentialRequestCompleteCallback);
   };
   };
-} else {
+  }
+  else {
   Accounts.addAutopublishFields({
   Accounts.addAutopublishFields({
     // not sure whether the OIDC api can be used from the browser,
     // not sure whether the OIDC api can be used from the browser,
     // thus not sure if we should be sending access tokens; but we do it
     // thus not sure if we should be sending access tokens; but we do it

+ 1 - 1
server/authentication.js

@@ -108,7 +108,7 @@ Meteor.startup(() => {
           // OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
           // OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
           // OAUTH2_REQUEST_PERMISSIONS || 'openid profile email',
           // OAUTH2_REQUEST_PERMISSIONS || 'openid profile email',
         },
         },
-      );
+        );
     } else if (
     } else if (
       process.env.CAS_ENABLED === 'true' ||
       process.env.CAS_ENABLED === 'true' ||
       process.env.CAS_ENABLED === true
       process.env.CAS_ENABLED === true