ソースを参照

Revert autologin, because it broke OIDC login with Keycloak.

Thanks to wb9688 and xet7 !

Fixes #4660,
related https://github.com/wekan/wekan/pull/4588
Lauri Ojansivu 3 年 前
コミット
43a7096753

+ 26 - 37
client/components/main/layouts.js

@@ -4,7 +4,7 @@ BlazeLayout.setRoot('body');
 
 let alreadyCheck = 1;
 let isCheckDone = false;
-let counter = 0;
+
 const validator = {
   set(obj, prop, value) {
     if (prop === 'state' && value !== 'signIn') {
@@ -21,7 +21,7 @@ const validator = {
 
 // let isSettingDatabaseFctCallDone = false;
 
-Template.userFormsLayout.onCreated(function () {
+Template.userFormsLayout.onCreated(function() {
   const templateInstance = this;
   templateInstance.currentSetting = new ReactiveVar();
   templateInstance.isLoading = new ReactiveVar(false);
@@ -37,7 +37,7 @@ Template.userFormsLayout.onCreated(function () {
       }
 
       // isSettingDatabaseFctCallDone = true;
-      if (currSetting && currSetting !== undefined && currSetting.customLoginLogoImageUrl !== undefined)
+      if(currSetting && currSetting !== undefined && currSetting.customLoginLogoImageUrl !== undefined)
         document.getElementById("isSettingDatabaseCallDone").style.display = 'none';
       else
         document.getElementById("isSettingDatabaseCallDone").style.display = 'block';
@@ -50,18 +50,6 @@ Template.userFormsLayout.onCreated(function () {
     }
   });
 
-  if (!Meteor.user()?.profile) {
-      Meteor.call('isOidcRedirectionEnabled', (_, result) => {
-        if (result) {
-          AccountsTemplates.options.socialLoginStyle = 'redirect';
-          options = {
-            loginStyle: AccountsTemplates.options.socialLoginStyle,
-          };
-          Meteor.loginWithOidc(options);
-        }
-        else console.log("oidc redirect not set");
-      });
-  }
   Meteor.call('isDisableRegistration', (_, result) => {
     if (result) {
       $('.at-signup-link').hide();
@@ -93,22 +81,22 @@ Template.userFormsLayout.helpers({
   //   return isSettingDatabaseFctCallDone;
   // },
 
-  isLegalNoticeLinkExist() {
+  isLegalNoticeLinkExist(){
     const currSet = Template.instance().currentSetting.get();
-    if (currSet && currSet !== undefined && currSet != null) {
+    if(currSet && currSet !== undefined && currSet != null){
       return currSet.legalNotice !== undefined && currSet.legalNotice.trim() != "";
     }
     else
       return false;
   },
 
-  getLegalNoticeWithWritTraduction() {
+  getLegalNoticeWithWritTraduction(){
     let spanLegalNoticeElt = $("#legalNoticeSpan");
-    if (spanLegalNoticeElt != null && spanLegalNoticeElt != undefined) {
+    if(spanLegalNoticeElt != null && spanLegalNoticeElt != undefined){
       spanLegalNoticeElt.html(TAPi18n.__('acceptance_of_our_legalNotice', {}));
     }
     let atLinkLegalNoticeElt = $("#legalNoticeAtLink");
-    if (atLinkLegalNoticeElt != null && atLinkLegalNoticeElt != undefined) {
+    if(atLinkLegalNoticeElt != null && atLinkLegalNoticeElt != undefined){
       atLinkLegalNoticeElt.html(TAPi18n.__('legalNotice', {}));
     }
     return true;
@@ -159,41 +147,41 @@ Template.userFormsLayout.events({
     }
     isCheckDone = false;
   },
-  'click #at-signUp'(event, templateInstance) {
+  'click #at-signUp'(event, templateInstance){
     isCheckDone = false;
   },
-  'DOMSubtreeModified #at-oidc'(event) {
-    if (alreadyCheck <= 2) {
+  'DOMSubtreeModified #at-oidc'(event){
+    if(alreadyCheck <= 2){
       let currSetting = Settings.findOne();
       let oidcBtnElt = $("#at-oidc");
-      if (currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined) {
+      if(currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined){
         let htmlvalue = "<i class='fa fa-oidc'></i>" + currSetting.oidcBtnText;
-        if (alreadyCheck == 1) {
+        if(alreadyCheck == 1){
           alreadyCheck++;
           oidcBtnElt.html("");
         }
-        else {
+        else{
           alreadyCheck++;
           oidcBtnElt.html(htmlvalue);
         }
       }
     }
-    else {
+    else{
       alreadyCheck = 1;
     }
   },
-  'DOMSubtreeModified .at-form'(event) {
-    if (alreadyCheck <= 2 && !isCheckDone) {
-      if (document.getElementById("at-oidc") != null) {
+  'DOMSubtreeModified .at-form'(event){
+    if(alreadyCheck <= 2 && !isCheckDone){
+      if(document.getElementById("at-oidc") != null){
         let currSetting = Settings.findOne();
         let oidcBtnElt = $("#at-oidc");
-        if (currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined) {
+        if(currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined){
           let htmlvalue = "<i class='fa fa-oidc'></i>" + currSetting.oidcBtnText;
-          if (alreadyCheck == 1) {
+          if(alreadyCheck == 1){
             alreadyCheck++;
             oidcBtnElt.html("");
           }
-          else {
+          else{
             alreadyCheck++;
             isCheckDone = true;
             oidcBtnElt.html(htmlvalue);
@@ -201,7 +189,7 @@ Template.userFormsLayout.events({
         }
       }
     }
-    else {
+    else{
       alreadyCheck = 1;
     }
   },
@@ -233,7 +221,7 @@ async function authentication(event, templateInstance) {
   switch (result) {
     case 'ldap':
       return new Promise(resolve => {
-        Meteor.loginWithLDAP(match, password, function () {
+        Meteor.loginWithLDAP(match, password, function() {
           resolve(FlowRouter.go('/'));
         });
       });
@@ -245,7 +233,7 @@ async function authentication(event, templateInstance) {
           {
             provider,
           },
-          function () {
+          function() {
             resolve(FlowRouter.go('/'));
           },
         );
@@ -253,7 +241,7 @@ async function authentication(event, templateInstance) {
 
     case 'cas':
       return new Promise(resolve => {
-        Meteor.loginWithCas(match, password, function () {
+        Meteor.loginWithCas(match, password, function() {
           resolve(FlowRouter.go('/'));
         });
       });
@@ -279,6 +267,7 @@ function getUserAuthenticationMethod(defaultAuthenticationMethod, match) {
       Meteor.subscribe('user-authenticationMethod', match, {
         onReady() {
           const user = Users.findOne();
+
           const authenticationMethod = user
             ? user.authenticationMethod
             : defaultAuthenticationMethod;

+ 5 - 35
config/accounts.js

@@ -5,16 +5,6 @@ const emailField = AccountsTemplates.removeField('email');
 let disableRegistration = false;
 let disableForgotPassword = false;
 let passwordLoginDisabled = false;
-let oidcRedirectionEnabled = false;
-let oauthServerUrl = "home";
-let oauthDashboardUrl = "";
-
-Meteor.call('isOidcRedirectionEnabled', (_, result) => {
-  if(result)
-  {
-    oidcRedirectionEnabled = true;
-  }
-});
 
 Meteor.call('isPasswordLoginDisabled', (_, result) => {
   if (result) {
@@ -24,18 +14,6 @@ Meteor.call('isPasswordLoginDisabled', (_, result) => {
   }
 });
 
-Meteor.call('getOauthServerUrl', (_, result) => {
-  if (result) {
-    oauthServerUrl = result;
-  }
-});
-
-Meteor.call('getOauthDashboardUrl', (_, result) => {
-  if (result) {
-    oauthDashboardUrl = result;
-  }
-});
-
 Meteor.call('isDisableRegistration', (_, result) => {
   if (result) {
     disableRegistration = true;
@@ -81,19 +59,11 @@ AccountsTemplates.configure({
   showForgotPasswordLink: !disableForgotPassword,
   forbidClientAccountCreation: disableRegistration,
   onLogoutHook() {
-    // here comeslogic for redirect
-    if(oidcRedirectionEnabled)
-    {
-      window.location = oauthServerUrl + oauthDashboardUrl;
-    }
-    else
-    {
-      const homePage = 'home';
-      if (FlowRouter.getRouteName() === homePage) {
-        FlowRouter.reload();
-      } else {
-        FlowRouter.go(homePage);
-      }
+    const homePage = 'home';
+    if (FlowRouter.getRouteName() === homePage) {
+      FlowRouter.reload();
+    } else {
+      FlowRouter.go(homePage);
     }
   },
 });

+ 0 - 18
models/settings.js

@@ -229,12 +229,6 @@ if (Meteor.isServer) {
     ]);
   }
 
-  function loadOidcConfig(service){
-    check(service, String);
-    var config = ServiceConfiguration.configurations.findOne({service: service});
-    return config;
-  }
-
   function sendInvitationEmail(_id) {
     const icode = InvitationCodes.findOne(_id);
     const author = Users.findOne(Meteor.userId());
@@ -501,12 +495,6 @@ if (Meteor.isServer) {
       };
     },
 
-    getOauthServerUrl(){
-      return process.env.OAUTH2_SERVER_URL;
-    },
-    getOauthDashboardUrl(){
-      return process.env.DASHBOARD_URL;
-    },
     getDefaultAuthenticationMethod() {
       return process.env.DEFAULT_AUTHENTICATION_METHOD;
     },
@@ -514,12 +502,6 @@ if (Meteor.isServer) {
     isPasswordLoginDisabled() {
       return process.env.PASSWORD_LOGIN_ENABLED === 'false';
     },
-    isOidcRedirectionEnabled(){
-      return process.env.OIDC_REDIRECTION_ENABLED === 'true' && Object.keys(loadOidcConfig("oidc")).length > 0;
-    },
-    getServiceConfiguration(service){
-      return loadOidcConfig(service);
-      }
   });
 }
 

+ 2 - 2
packages/wekan-accounts-oidc/oidc.js

@@ -7,11 +7,11 @@ if (Meteor.isClient) {
       callback = options;
       options = null;
     }
+
     var credentialRequestCompleteCallback = Accounts.oauth.credentialRequestCompleteHandler(callback);
     Oidc.requestCredential(options, credentialRequestCompleteCallback);
   };
-  }
-  else {
+} else {
   Accounts.addAutopublishFields({
     // not sure whether the OIDC api can be used from the browser,
     // thus not sure if we should be sending access tokens; but we do it

+ 1 - 1
server/authentication.js

@@ -108,7 +108,7 @@ Meteor.startup(() => {
           // OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
           // OAUTH2_REQUEST_PERMISSIONS || 'openid profile email',
         },
-        );
+      );
     } else if (
       process.env.CAS_ENABLED === 'true' ||
       process.env.CAS_ENABLED === true