1 год назад · 93be112a94
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -54,6 +54,7 @@ ENV \
 
				     OAUTH2_ENABLED=false \
			
 
				     OAUTH2_CA_CERT="" \
			
 
				     OAUTH2_ADFS_ENABLED=false \
			
 
				+    OAUTH2_B2C_ENABLED=false \
			
 
				     OAUTH2_LOGIN_STYLE=redirect \
			
 
				     OAUTH2_CLIENT_ID="" \
			
 
				     OAUTH2_SECRET="" \
			
--- a/Dockerfile
+++ b/Dockerfile
@@ -69,6 +69,7 @@ ENV BUILD_DEPS="apt-utils libarchive-tools gnupg gosu wget curl bzip2 g++ build-
 
				     OIDC_REDIRECTION_ENABLED=false \
			
 
				     OAUTH2_CA_CERT="" \
			
 
				     OAUTH2_ADFS_ENABLED=false \
			
 
				+    OAUTH2_B2C_ENABLED=false \
			
 
				     OAUTH2_LOGIN_STYLE=redirect \
			
 
				     OAUTH2_CLIENT_ID="" \
			
 
				     OAUTH2_SECRET="" \
			
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -391,6 +391,8 @@ services:
 
				       #- OAUTH2_CA_CERT=ABCD1234
			
 
				       # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
			
 
				       #- OAUTH2_ADFS_ENABLED=false
			
 
				+      # Azure AD B2C. https://github.com/wekan/wekan/issues/5242
			
 
				+      #- OAUTH2_B2C_ENABLED=false
			
 
				       # OAuth2 login style: popup or redirect.
			
 
				       #- OAUTH2_LOGIN_STYLE=redirect
			
 
				       # Application GUID captured during app registration:
			
--- a/packages/wekan-oidc/oidc_server.js
+++ b/packages/wekan-oidc/oidc_server.js
@@ -27,11 +27,14 @@ OAuth.registerService('oidc', 2, null, function (query) {
 
				   var accessToken = token.access_token || token.id_token;
			
 
				   var expiresAt = (+new Date) + (1000 * parseInt(token.expires_in, 10));
			
 
				 
			
 
				-  var claimsInAccessToken = (process.env.OAUTH2_ADFS_ENABLED === 'true' || process.env.OAUTH2_ADFS_ENABLED === true) || false;
			
 
				+  var claimsInAccessToken = (process.env.OAUTH2_ADFS_ENABLED === 'true'  ||
			
 
				+                             process.env.OAUTH2_ADFS_ENABLED === true    ||
			
 
				+                             process.env.OAUTH2_B2C_ENABLED  === 'true'  ||
			
 
				+                             process.env.OAUTH2_B2C_ENABLED  === true)   || false;
			
 
				 
			
 
				   if(claimsInAccessToken)
			
 
				   {
			
 
				-    // hack when using custom claims in the accessToken. On premise ADFS
			
 
				+    // hack when using custom claims in the accessToken. On premise ADFS. And Azure AD B2C.
			
 
				     userinfo = getTokenContent(accessToken);
			
 
				   }
			
 
				   else
			
@@ -64,6 +67,10 @@ OAuth.registerService('oidc', 2, null, function (query) {
 
				     serviceData.email = userinfo[process.env.OAUTH2_EMAIL_MAP]; // || userinfo["email"];
			
 
				   }
			
 
				 
			
 
				+  if (process.env.OAUTH2_B2C_ENABLED  === 'true'  || process.env.OAUTH2_B2C_ENABLED  === true) {
			
 
				+    serviceData.email = userinfo["emails"][0];
			
 
				+  }
			
 
				+
			
 
				   if (accessToken) {
			
 
				     var tokenContent = getTokenContent(accessToken);
			
 
				     var fields = _.pick(tokenContent, getConfiguration().idTokenWhitelistFields);
			
@@ -76,6 +83,11 @@ OAuth.registerService('oidc', 2, null, function (query) {
 
				 
			
 
				   profile.name = userinfo[process.env.OAUTH2_FULLNAME_MAP]; // || userinfo["displayName"];
			
 
				   profile.email = userinfo[process.env.OAUTH2_EMAIL_MAP]; // || userinfo["email"];
			
 
				+
			
 
				+  if (process.env.OAUTH2_B2C_ENABLED  === 'true'  || process.env.OAUTH2_B2C_ENABLED  === true) {
			
 
				+    profile.email = userinfo["emails"][0];
			
 
				+  }
			
 
				+
			
 
				   if (debug) console.log('XXX: profile:', profile);
			
 
				 
			
 
				 
			
--- a/releases/virtualbox/start-wekan.sh
+++ b/releases/virtualbox/start-wekan.sh
@@ -154,6 +154,8 @@
 
				       #export OAUTH2_ENABLED=true
			
 
				       # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
			
 
				       #export OAUTH2_ADFS_ENABLED=false
			
 
				+      # Azure AD B2C. https://github.com/wekan/wekan/issues/5242
			
 
				+      #- OAUTH2_B2C_ENABLED=false
			
 
				       # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
			
 
				       # OAuth2 login style: popup or redirect.
			
 
				       #export OAUTH2_LOGIN_STYLE=redirect
			
--- a/sandstorm-pkgdef.capnp
+++ b/sandstorm-pkgdef.capnp
@@ -258,6 +258,7 @@ const myCommand :Spk.Manifest.Command = (
 
				     (key = "OAUTH2_ENABLED", value="false"),
			
 
				     (key = "OAUTH2_CA_CERT", value=""),
			
 
				     (key = "OAUTH2_ADFS_ENABLED", value="false"),
			
 
				+    (key = "OAUTH2_B2C_ENABLED", value="false"),
			
 
				     (key = "OAUTH2_CLIENT_ID", value="false"),
			
 
				     (key = "OAUTH2_SECRET", value=""),
			
 
				     (key = "OAUTH2_SERVER_URL", value=""),
			
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@@ -310,6 +310,12 @@ echo -e "\t$ snap set $SNAP_NAME oauth2-adfs-enabled='true'"
 
				 echo -e "\t-Disable the OAuth2 ADFS of Wekan:"
			
 
				 echo -e "\t$ snap unset $SNAP_NAME oauth2-adfs-enabled"
			
 
				 echo -e "\n"
			
 
				+echo -e "OAuth2 Azure AD B2C Enabled. Also requires oauth2-enabled='true' . https://github.com/wekan/wekan/issues/5242."
			
 
				+echo -e "To enable the OAuth2 Azure AD B2C of Wekan:"
			
 
				+echo -e "\t$ snap set $SNAP_NAME oauth2-b2c-enabled='true'"
			
 
				+echo -e "\t-Disable the OAuth2 Azure AD B2C of Wekan:"
			
 
				+echo -e "\t$ snap unset $SNAP_NAME oauth2-b2c-enabled"
			
 
				+echo -e "\n"
			
 
				 echo -e "OAuth2 Client ID."
			
 
				 echo -e "To enable the OAuth2 Client ID of Wekan:"
			
 
				 echo -e "\t$ snap set $SNAP_NAME oauth2-client-id='54321abcde'"
			
--- a/start-wekan.bat
+++ b/start-wekan.bat
@@ -194,6 +194,9 @@ REM SET OAUTH2_CA_CERT=ABCD1234
 
				 REM # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
			
 
				 REM SET OAUTH2_ADFS_ENABLED=false
			
 
				 
			
 
				+REM # Use OAuth2 Azure AD B2C. Also requires OAUTH2_ENABLED=true setting . https://github.com/wekan/wekan/issues/5242
			
 
				+REM SET DEFAULT_OAUTH2_B2C_ENABLED=false
			
 
				+
			
 
				 REM # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
			
 
				 REM # example: OAUTH2_CLIENT_ID=abcde12345
			
 
				 REM SET OAUTH2_CLIENT_ID=
			
--- a/start-wekan.sh
+++ b/start-wekan.sh
@@ -195,6 +195,9 @@
 
				       # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
			
 
				       #export OAUTH2_ADFS_ENABLED=false
			
 
				       #
			
 
				+      # Azure AD B2C. https://github.com/wekan/wekan/issues/5242
			
 
				+      #export OAUTH2_B2C_ENABLED=false
			
 
				+      #
			
 
				       # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
			
 
				       # OAuth2 login style: popup or redirect.
			
 
				       #export OAUTH2_LOGIN_STYLE=redirect
			
--- a/torodb-postgresql/docker-compose.yml
+++ b/torodb-postgresql/docker-compose.yml
@@ -394,6 +394,8 @@ services:
 
				       #- OAUTH2_CA_CERT=ABCD1234
			
 
				       # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
			
 
				       #- OAUTH2_ADFS_ENABLED=false
			
 
				+      # Azure AD B2C. https://github.com/wekan/wekan/issues/5242
			
 
				+      #- OAUTH2_B2C_ENABLED=false
			
 
				       # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
			
 
				       # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
			
 
				       # example: OAUTH2_CLIENT_ID=abcde12345