před 6 roky · 892ee60527
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,7 +41,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
 
				     OAUTH2_USERNAME_MAP="" \
			
 
				     OAUTH2_FULLNAME_MAP="" \
			
 
				     OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[] \
			
 
				-    OAUTH2_REQUEST_PERMISSIONS=['openid','profiles','email'] \
			
 
				+    OAUTH2_REQUEST_PERMISSIONS='openid profiles email' \
			
 
				     OAUTH2_EMAIL_MAP="" \
			
 
				     LDAP_ENABLE=false \
			
 
				     LDAP_PORT=389 \
			
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -327,7 +327,7 @@ services:
 
				       # OAUTH2 ID Token Whitelist Fields.
			
 
				       #- OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
			
 
				       # OAUTH2 Request Permissions.
			
 
				-      #- OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
			
 
				+      #- OAUTH2_REQUEST_PERMISSIONS='openid profile email'
			
 
				       # OAuth2 ID Mapping
			
 
				       #- OAUTH2_ID_MAP=
			
 
				       # OAuth2 Username Mapping
			
--- a/packages/wekan-oidc/oidc_client.js
+++ b/packages/wekan-oidc/oidc_client.js
@@ -18,10 +18,9 @@ Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
 
				       new ServiceConfiguration.ConfigError('Service oidc not configured.'));
			
 
				     return;
			
 
				   }
			
 
				-  
			
 
				+
			
 
				   var credentialToken = Random.secret();
			
 
				   var loginStyle = OAuth._loginStyle('oidc', config, options);
			
 
				-  var scope = config.requestPermissions || ['openid', 'profile', 'email'];
			
 
				 
			
 
				   // options
			
 
				   options = options || {};
			
@@ -29,7 +28,7 @@ Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
 
				   options.response_type = options.response_type || 'code';
			
 
				   options.redirect_uri = OAuth._redirectUri('oidc', config);
			
 
				   options.state = OAuth._stateParam(loginStyle, credentialToken, options.redirectUrl);
			
 
				-  options.scope = scope.join(' ');
			
 
				+  options.scope = config.requestPermissions || 'openid profile email';
			
 
				 
			
 
				   if (config.loginStyle && config.loginStyle == 'popup') {
			
 
				     options.display = 'popup';
			
--- a/releases/virtualbox/start-wekan.sh
+++ b/releases/virtualbox/start-wekan.sh
@@ -84,7 +84,7 @@
 
				         # OAUTH2 ID Token Whitelist Fields.
			
 
				         #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
			
 
				         # OAUTH2 Request Permissions.
			
 
				-        #export OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
			
 
				+        #export OAUTH2_REQUEST_PERMISSIONS='openid profile email'
			
 
				         # The claim name you want to map to the unique ID field:
			
 
				         #export OAUTH2_ID_MAP=email
			
 
				         # The claim name you want to map to the username field:
			
--- a/server/authentication.js
+++ b/server/authentication.js
@@ -77,7 +77,7 @@ Meteor.startup(() => {
 
				             userinfoEndpoint: process.env.OAUTH2_USERINFO_ENDPOINT,
			
 
				             tokenEndpoint: process.env.OAUTH2_TOKEN_ENDPOINT,
			
 
				             idTokenWhitelistFields: process.env.OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
			
 
				-            requestPermissions: process.env.OAUTH2_REQUEST_PERMISSIONS || ['openid','profile','email'],
			
 
				+            requestPermissions: process.env.OAUTH2_REQUEST_PERMISSIONS || 'openid profile email',
			
 
				           },
			
 
				         }
			
 
				       );
			
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@@ -170,8 +170,8 @@ DESCRIPTION_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="OAuth2 ID Token Whitelist Fields.
 
				 DEFAULT_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="[]"
			
 
				 KEY_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="oauth2-id-token-whitelist-fields"
			
 
				 
			
 
				-DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: ['openid','profile','email']"
			
 
				-DEFAULT_OAUTH2_REQUEST_PERMISSIONS="['openid','profile','email']"
			
 
				+DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: 'openid profile email'"
			
 
				+DEFAULT_OAUTH2_REQUEST_PERMISSIONS="'openid profile email'"
			
 
				 KEY_OAUTH2_REQUEST_PERMISSIONS="oauth2-request-permissions"
			
 
				 
			
 
				 DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email"
			
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@@ -138,7 +138,7 @@ echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=''"
 
				 echo -e "\n"
			
 
				 echo -e "OAuth2 Request Permissions."
			
 
				 echo -e "To enable the OAuth2 Request Permissions of Wekan:"
			
 
				-echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=\"['openid','profile','email']\""
			
 
				+echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=\"'openid profile email'\""
			
 
				 echo -e "\t-Disable the OAuth2 Request Permissions of Wekan:"
			
 
				 echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=''"
			
 
				 echo -e "\n"
			
--- a/start-wekan.bat
+++ b/start-wekan.bat
@@ -96,7 +96,7 @@ REM # OAUTH2 ID Token Whitelist Fields.
 
				 REM SET OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
			
 
				 
			
 
				 REM # OAUTH2 Request Permissions.
			
 
				-REM SET OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
			
 
				+REM SET OAUTH2_REQUEST_PERMISSIONS='openid profile email'
			
 
				 
			
 
				 REM # OAuth2 ID Mapping
			
 
				 REM SET OAUTH2_ID_MAP=
			
--- a/start-wekan.sh
+++ b/start-wekan.sh
@@ -144,7 +144,7 @@ function wekan_repo_check(){
 
				       # OAUTH2 ID Token Whitelist Fields.
			
 
				       #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
			
 
				       # OAUTH2 Request Permissions.
			
 
				-      #export OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
			
 
				+      #export OAUTH2_REQUEST_PERMISSIONS='openid profile email'
			
 
				       # OAuth2 ID Mapping
			
 
				       #export OAUTH2_ID_MAP=
			
 
				       # OAuth2 Username Mapping