瀏覽代碼

Fix Scope parsing Issue for OAuth2 Login

DominikPf 6 年之前
父節點
當前提交
892ee60527

+ 1 - 1
Dockerfile

@@ -41,7 +41,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
     OAUTH2_USERNAME_MAP="" \
     OAUTH2_USERNAME_MAP="" \
     OAUTH2_FULLNAME_MAP="" \
     OAUTH2_FULLNAME_MAP="" \
     OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[] \
     OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[] \
-    OAUTH2_REQUEST_PERMISSIONS=['openid','profiles','email'] \
+    OAUTH2_REQUEST_PERMISSIONS='openid profiles email' \
     OAUTH2_EMAIL_MAP="" \
     OAUTH2_EMAIL_MAP="" \
     LDAP_ENABLE=false \
     LDAP_ENABLE=false \
     LDAP_PORT=389 \
     LDAP_PORT=389 \

+ 1 - 1
docker-compose.yml

@@ -327,7 +327,7 @@ services:
       # OAUTH2 ID Token Whitelist Fields.
       # OAUTH2 ID Token Whitelist Fields.
       #- OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
       #- OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
       # OAUTH2 Request Permissions.
       # OAUTH2 Request Permissions.
-      #- OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
+      #- OAUTH2_REQUEST_PERMISSIONS='openid profile email'
       # OAuth2 ID Mapping
       # OAuth2 ID Mapping
       #- OAUTH2_ID_MAP=
       #- OAUTH2_ID_MAP=
       # OAuth2 Username Mapping
       # OAuth2 Username Mapping

+ 2 - 3
packages/wekan-oidc/oidc_client.js

@@ -18,10 +18,9 @@ Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
       new ServiceConfiguration.ConfigError('Service oidc not configured.'));
       new ServiceConfiguration.ConfigError('Service oidc not configured.'));
     return;
     return;
   }
   }
-  
+
   var credentialToken = Random.secret();
   var credentialToken = Random.secret();
   var loginStyle = OAuth._loginStyle('oidc', config, options);
   var loginStyle = OAuth._loginStyle('oidc', config, options);
-  var scope = config.requestPermissions || ['openid', 'profile', 'email'];
 
 
   // options
   // options
   options = options || {};
   options = options || {};
@@ -29,7 +28,7 @@ Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
   options.response_type = options.response_type || 'code';
   options.response_type = options.response_type || 'code';
   options.redirect_uri = OAuth._redirectUri('oidc', config);
   options.redirect_uri = OAuth._redirectUri('oidc', config);
   options.state = OAuth._stateParam(loginStyle, credentialToken, options.redirectUrl);
   options.state = OAuth._stateParam(loginStyle, credentialToken, options.redirectUrl);
-  options.scope = scope.join(' ');
+  options.scope = config.requestPermissions || 'openid profile email';
 
 
   if (config.loginStyle && config.loginStyle == 'popup') {
   if (config.loginStyle && config.loginStyle == 'popup') {
     options.display = 'popup';
     options.display = 'popup';

+ 1 - 1
releases/virtualbox/start-wekan.sh

@@ -84,7 +84,7 @@
         # OAUTH2 ID Token Whitelist Fields.
         # OAUTH2 ID Token Whitelist Fields.
         #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
         #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
         # OAUTH2 Request Permissions.
         # OAUTH2 Request Permissions.
-        #export OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
+        #export OAUTH2_REQUEST_PERMISSIONS='openid profile email'
         # The claim name you want to map to the unique ID field:
         # The claim name you want to map to the unique ID field:
         #export OAUTH2_ID_MAP=email
         #export OAUTH2_ID_MAP=email
         # The claim name you want to map to the username field:
         # The claim name you want to map to the username field:

+ 1 - 1
server/authentication.js

@@ -77,7 +77,7 @@ Meteor.startup(() => {
             userinfoEndpoint: process.env.OAUTH2_USERINFO_ENDPOINT,
             userinfoEndpoint: process.env.OAUTH2_USERINFO_ENDPOINT,
             tokenEndpoint: process.env.OAUTH2_TOKEN_ENDPOINT,
             tokenEndpoint: process.env.OAUTH2_TOKEN_ENDPOINT,
             idTokenWhitelistFields: process.env.OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
             idTokenWhitelistFields: process.env.OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
-            requestPermissions: process.env.OAUTH2_REQUEST_PERMISSIONS || ['openid','profile','email'],
+            requestPermissions: process.env.OAUTH2_REQUEST_PERMISSIONS || 'openid profile email',
           },
           },
         }
         }
       );
       );

+ 2 - 2
snap-src/bin/config

@@ -170,8 +170,8 @@ DESCRIPTION_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="OAuth2 ID Token Whitelist Fields.
 DEFAULT_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="[]"
 DEFAULT_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="[]"
 KEY_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="oauth2-id-token-whitelist-fields"
 KEY_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="oauth2-id-token-whitelist-fields"
 
 
-DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: ['openid','profile','email']"
-DEFAULT_OAUTH2_REQUEST_PERMISSIONS="['openid','profile','email']"
+DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: 'openid profile email'"
+DEFAULT_OAUTH2_REQUEST_PERMISSIONS="'openid profile email'"
 KEY_OAUTH2_REQUEST_PERMISSIONS="oauth2-request-permissions"
 KEY_OAUTH2_REQUEST_PERMISSIONS="oauth2-request-permissions"
 
 
 DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email"
 DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email"

+ 1 - 1
snap-src/bin/wekan-help

@@ -138,7 +138,7 @@ echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=''"
 echo -e "\n"
 echo -e "\n"
 echo -e "OAuth2 Request Permissions."
 echo -e "OAuth2 Request Permissions."
 echo -e "To enable the OAuth2 Request Permissions of Wekan:"
 echo -e "To enable the OAuth2 Request Permissions of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=\"['openid','profile','email']\""
+echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=\"'openid profile email'\""
 echo -e "\t-Disable the OAuth2 Request Permissions of Wekan:"
 echo -e "\t-Disable the OAuth2 Request Permissions of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=''"
 echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=''"
 echo -e "\n"
 echo -e "\n"

+ 1 - 1
start-wekan.bat

@@ -96,7 +96,7 @@ REM # OAUTH2 ID Token Whitelist Fields.
 REM SET OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
 REM SET OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
 
 
 REM # OAUTH2 Request Permissions.
 REM # OAUTH2 Request Permissions.
-REM SET OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
+REM SET OAUTH2_REQUEST_PERMISSIONS='openid profile email'
 
 
 REM # OAuth2 ID Mapping
 REM # OAuth2 ID Mapping
 REM SET OAUTH2_ID_MAP=
 REM SET OAUTH2_ID_MAP=

+ 1 - 1
start-wekan.sh

@@ -144,7 +144,7 @@ function wekan_repo_check(){
       # OAUTH2 ID Token Whitelist Fields.
       # OAUTH2 ID Token Whitelist Fields.
       #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
       #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
       # OAUTH2 Request Permissions.
       # OAUTH2 Request Permissions.
-      #export OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
+      #export OAUTH2_REQUEST_PERMISSIONS='openid profile email'
       # OAuth2 ID Mapping
       # OAuth2 ID Mapping
       #export OAUTH2_ID_MAP=
       #export OAUTH2_ID_MAP=
       # OAuth2 Username Mapping
       # OAuth2 Username Mapping