wip redirect on landing page and logout to oidc provider

client/components/main/layouts.js

@@ -8,7 +8,7 @@ const i18nTagToT9n = i18nTag => {
 
 let alreadyCheck = 1;
 let isCheckDone = false;
-
+let counter = 0;
 const validator = {
   set(obj, prop, value) {
     if (prop === 'state' && value !== 'signIn') {
@@ -54,6 +54,46 @@ Template.userFormsLayout.onCreated(function() {
     }
   });
 
+  Meteor.call('isOidcRedirectionEnabled', (_, result) => {
+    serviceName = 'oidc';
+    if (result) {
+      if(Session.get("tmp") && ((Math.floor(Date.now() / 1000) - Session.get("tmp") < 5) ))
+      {
+        window.location.reload(true);
+        console.log(Meteor.user().profile);
+      }
+      else
+      {
+        Session.set("tmp", Math.floor(Date.now() / 1000));
+        console.log("Säschön", Session.get("tmp"));
+        methodName = "loginWithOidc";
+        var loginWithService = Meteor[methodName];
+        AccountsTemplates.options.socialLoginStyle = 'redirect';
+        options = {
+            loginStyle: AccountsTemplates.options.socialLoginStyle,
+        };
+        console.log("keys", options);
+        loginWithService(options, function(err) {
+          AccountsTemplates.setDisabled(false);
+          if (err && err instanceof Accounts.LoginCancelledError)
+          {
+            console.log("login cancelled");
+          }
+          else if (err && err instanceof ServiceConfiguration.ConfigError)
+          {
+            console.log("service config");
+            if (Accounts._loginButtonsSession) return Accounts._loginButtonsSession.configureService('oidc');
+          }
+          else
+          {
+            console.log("else_block");
+            AccountsTemplates.submitCallback(err, state);
+          }
+      });
+      }
+    }
+    else console.log("kein result");
+  });
   Meteor.call('isDisableRegistration', (_, result) => {
     if (result) {
       $('.at-signup-link').hide();
@@ -286,6 +326,7 @@ Template.userFormsLayout.events({
     event.preventDefault();
   },
   'click #at-btn'(event, templateInstance) {
+    console.log("hello");
     if (FlowRouter.getRouteName() === 'atSignIn') {
       templateInstance.isLoading.set(true);
       authentication(event, templateInstance).then(() => {

config/accounts.js

@@ -3,6 +3,7 @@ const emailField = AccountsTemplates.removeField('email');
 let disableRegistration = false;
 let disableForgotPassword = false;
 let passwordLoginDisabled = false;
+let oidcEnabled = false;
 
 Meteor.call('isPasswordLoginDisabled', (_, result) => {
   if (result) {
@@ -11,6 +12,16 @@ Meteor.call('isPasswordLoginDisabled', (_, result) => {
     //console.log(result);
   }
 });
+Meteor.call('getOauthServerUrl', (_, result) => {
+  if (result) {
+    oauthServerUrl = result;
+    const a = document.createElement("a");
+    a.href = oauthServerUrl;
+    const baseUrl = `${a.protocol}//${a.hostname}`;
+    console.log(baseUrl);
+  }
+  else oauthServerUrl = "home";
+});
 
 Meteor.call('isDisableRegistration', (_, result) => {
   if (result) {
@@ -19,7 +30,9 @@ Meteor.call('isDisableRegistration', (_, result) => {
     //console.log(result);
   }
 });
-
+Meteor.call('isOidcRedirectionEnabled', (_, result) => {
+  oidcEnabled = result ? true : false;
+});
 Meteor.call('isDisableForgotPassword', (_, result) => {
   if (result) {
     disableForgotPassword = true;
@@ -57,6 +70,12 @@ AccountsTemplates.configure({
   showForgotPasswordLink: !disableForgotPassword,
   forbidClientAccountCreation: disableRegistration,
   onLogoutHook() {
+    if(oidcEnabled && oauthServerUrl!=="home")
+    {
+
+      oidcEnabled = !oidcEnabled;
+      window.location.href = oauthServerUrl + "/if/user/#/library";
+    }
     const homePage = 'home';
     if (FlowRouter.getRouteName() === homePage) {
       FlowRouter.reload();

models/settings.js

@@ -494,6 +494,12 @@ if (Meteor.isServer) {
       };
     },
 
+    getOauthServerUrl(){
+      return process.env.OAUTH2_SERVER_URL;
+    },
+    getOauthDashboardUrl(){
+      return process.env.DASHBOARD_URL;
+    },
     getDefaultAuthenticationMethod() {
       return process.env.DEFAULT_AUTHENTICATION_METHOD;
     },
@@ -501,6 +507,10 @@ if (Meteor.isServer) {
     isPasswordLoginDisabled() {
       return process.env.PASSWORD_LOGIN_ENABLED === 'false';
     },
+    isOidcRedirectionEnabled(){
+      console.log(process.env.REDIRECT_LOGIN_LOGOUT_TO_OIDC === 'true');
+      return process.env.REDIRECT_LOGIN_LOGOUT_TO_OIDC === 'true';
+    },
   });
 }
 

packages/wekan-accounts-oidc/oidc.js

@@ -7,11 +7,14 @@ if (Meteor.isClient) {
       callback = options;
       options = null;
     }
-
+    console.log(options.loginStyle);
+    console.log(callback);
     var credentialRequestCompleteCallback = Accounts.oauth.credentialRequestCompleteHandler(callback);
+    console.log("credentialCallback",credentialRequestCompleteCallback);
     Oidc.requestCredential(options, credentialRequestCompleteCallback);
   };
-} else {
+  }
+  else {
   Accounts.addAutopublishFields({
     // not sure whether the OIDC api can be used from the browser,
     // thus not sure if we should be sending access tokens; but we do it

packages/wekan-oidc/oidc_client.js

@@ -7,6 +7,8 @@ Oidc = {};
 //   error.
 Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
   // support both (options, callback) and (callback).
+  console.log("from client");
+  console.log(options);
   if (!credentialRequestCompleteCallback && typeof options === 'function') {
     credentialRequestCompleteCallback = options;
     options = {};
@@ -55,13 +57,14 @@ Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
     width:  options.popupOptions.width || 320,
     height: options.popupOptions.height || 450
   };
-
-  OAuth.launchLogin({
-    loginService: 'oidc',
-    loginStyle: loginStyle,
-    loginUrl: loginUrl,
-    credentialRequestCompleteCallback: credentialRequestCompleteCallback,
-    credentialToken: credentialToken,
-    popupOptions: popupOptions,
-  });
+  OAuth.saveDataForRedirect(options.loginService, options.credentialToken);
+  Accounts.oauth.tryLoginAfterPopupClosed(credentialToken, credentialRequestCompleteCallback);
+  // OAuth.launchLogin({
+  //   loginService: 'oidc',
+  //   loginStyle: loginStyle,
+  //   loginUrl: loginUrl,
+  //   credentialRequestCompleteCallback: credentialRequestCompleteCallback,
+  //   credentialToken: credentialToken,
+  //   popupOptions: popupOptions,
+  // });
 };

packages/wekan-oidc/oidc_server.js

@@ -19,7 +19,8 @@ var serviceData = {};
 var userinfo = {};
 
 OAuth.registerService('oidc', 2, null, function (query) {
-
+  console.log(Date.now());
+  console.log("query: ", query);
   var debug = process.env.DEBUG || false;
 
   var token = getToken(query);

server/authentication.js

@@ -108,7 +108,7 @@ Meteor.startup(() => {
           // OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
           // OAUTH2_REQUEST_PERMISSIONS || 'openid profile email',
         },
-      );
+        );
     } else if (
       process.env.CAS_ENABLED === 'true' ||
       process.env.CAS_ENABLED === true