Merge branch 'devel' of https://github.com/Akuket/wekan into Akuket-devel

Dockerfile

@@ -70,6 +70,7 @@ ARG LOGOUT_IN
 ARG LOGOUT_ON_HOURS
 ARG LOGOUT_ON_MINUTES
 ARG CORS
+ARG DEFAULT_AUTHENTICATION_METHOD
 
 # Set the environment variables (defaults where required)
 # DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303
@@ -142,7 +143,8 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
     LOGOUT_IN="" \
     LOGOUT_ON_HOURS="" \
     LOGOUT_ON_MINUTES="" \
-    CORS=""
+    CORS="" \
+    DEFAULT_AUTHENTICATION_METHOD=""
 
 # Copy the app to the image
 COPY ${SRC_PATH} /home/wekan/app

client/components/main/editor.js

@@ -9,10 +9,12 @@ Template.editor.onRendered(() => {
       match: /\B@([\w.]*)$/,
       search(term, callback) {
         const currentBoard = Boards.findOne(Session.get('currentBoard'));
-        callback(currentBoard.activeMembers().map((member) => {
-          const username = Users.findOne(member.userId).username;
-          return username.includes(term) ? username : null;
-        }).filter(Boolean));
+        if (currentBoard) {
+          callback(currentBoard.activeMembers().map((member) => {
+            const username = Users.findOne(member.userId).username;
+            return username.includes(term) ? username : null;
+          }).filter(Boolean));
+        }
       },
       template(value) {
         return value;
@@ -37,6 +39,9 @@ const at = HTML.CharRef({html: '@', str: '@'});
 Blaze.Template.registerHelper('mentions', new Template('mentions', function() {
   const view = this;
   const currentBoard = Boards.findOne(Session.get('currentBoard'));
+  if (!currentBoard) {
+    return HTML.Raw("");
+  }
   const knowedUsers = currentBoard.members.map((member) => {
     const u = Users.findOne(member.userId);
     if(u){

client/components/main/layouts.jade

@@ -23,7 +23,6 @@ template(name="userFormsLayout")
         br
     section.auth-dialog
       +Template.dynamic(template=content)
-      +connectionMethod
       if isCas
         .at-form
           button#cas(class='at-btn submit' type='submit') {{casSignInLabel}}

client/components/main/layouts.js

@@ -6,29 +6,14 @@ const i18nTagToT9n = (i18nTag) => {
   return i18nTag;
 };
 
-const validator = {
-  set(obj, prop, value) {
-    if (prop === 'state' && value !== 'signIn') {
-      $('.at-form-authentication').hide();
-    } else if (prop === 'state' && value === 'signIn') {
-      $('.at-form-authentication').show();
-    }
-    // The default behavior to store the value
-    obj[prop] = value;
-    // Indicate success
-    return true;
-  },
-};
-
-Template.userFormsLayout.onCreated(() => {
+Template.userFormsLayout.onCreated(function() {
+  Meteor.call('getDefaultAuthenticationMethod', (error, result) => {
+    this.data.defaultAuthenticationMethod = new ReactiveVar(error ? undefined : result);
+  });
   Meteor.subscribe('setting');
-
 });
 
 Template.userFormsLayout.onRendered(() => {
-
-  AccountsTemplates.state.form.keys = new Proxy(AccountsTemplates.state.form.keys, validator);
-
   const i18nTag = navigator.language;
   if (i18nTag) {
     T9n.setLanguage(i18nTagToT9n(i18nTag));
@@ -101,13 +86,11 @@ Template.userFormsLayout.events({
       }
     });
   },
-  'click #at-btn'(event) {
-    /* All authentication method can be managed/called here.
-       !! DON'T FORGET to correctly fill the fields of the user during its creation if necessary authenticationMethod : String !!
-    */
-    const authenticationMethodSelected = $('.select-authentication').val();
-    // Local account
-    if (authenticationMethodSelected === 'password') {
+  'click #at-btn'(event, instance) {
+    const email = $('#at-field-username_and_email').val();
+    const password = $('#at-field-password').val();
+
+    if (FlowRouter.getRouteName() !== 'atSignIn' || password === '' || email === '') {
       return;
     }
 
@@ -115,29 +98,11 @@ Template.userFormsLayout.events({
     event.preventDefault();
     event.stopImmediatePropagation();
 
-    const email = $('#at-field-username_and_email').val();
-    const password = $('#at-field-password').val();
-
-    // Ldap account
-    if (authenticationMethodSelected === 'ldap') {
-      // Check if the user can use the ldap connection
-      Meteor.subscribe('user-authenticationMethod', email, {
-        onReady() {
-          const user = Users.findOne();
-          if (user === undefined || user.authenticationMethod === 'ldap') {
-            // Use the ldap connection package
-            Meteor.loginWithLDAP(email, password, function(error) {
-              if (!error) {
-                // Connection
-                return FlowRouter.go('/');
-              }
-              return error;
-            });
-          }
-          return this.stop();
-        },
-      });
-    }
+    Meteor.subscribe('user-authenticationMethod', email, {
+      onReady() {
+        return authentication.call(this, instance, email, password);
+      },
+    });
   },
 });
 
@@ -146,3 +111,45 @@ Template.defaultLayout.events({
     Modal.close();
   },
 });
+
+function authentication(instance, email, password) {
+  const user = Users.findOne();
+
+  // Authentication with password
+  if (user && user.authenticationMethod === 'password') {
+    $('#at-pwd-form').submit();
+    return this.stop();
+  }
+
+  const authenticationMethod = user
+    ? user.authenticationMethod
+    : instance.data.defaultAuthenticationMethod.get();
+
+  switch (authenticationMethod) {
+    case 'ldap':
+      // Use the ldap connection package
+      Meteor.loginWithLDAP(email, password, function(error) {
+        if (!error) return FlowRouter.go('/');
+        displayError('error-ldap-login');
+      });
+      break;
+
+    default:
+      displayError('error-undefined');
+  }
+
+  return this.stop();
+}
+
+function displayError(code) {
+  const translated = TAPi18n.__(code);
+
+  if (translated === code) {
+    return;
+  }
+
+  if(!$('.at-error').length) {
+    $('.at-pwd-form').before('<div class="at-error"><p></p></div>');
+  }
+  $('.at-error p').text(translated);
+}

client/components/settings/connectionMethod.jade

@@ -1,6 +0,0 @@
-template(name='connectionMethod')
-  div.at-form-authentication
-    label {{_ 'authentication-method'}}
-    select.select-authentication
-        each authentications
-            option(value="{{value}}") {{_ value}}

client/components/settings/connectionMethod.js

@@ -1,34 +0,0 @@
-Template.connectionMethod.onCreated(function() {
-  this.authenticationMethods = new ReactiveVar([]);
-
-  Meteor.call('getAuthenticationsEnabled', (_, result) => {
-    if (result) {
-      // TODO : add a management of different languages
-      // (ex {value: ldap, text: TAPi18n.__('ldap', {}, T9n.getLanguage() || 'en')})
-      this.authenticationMethods.set([
-        {value: 'password'},
-        // Gets only the authentication methods availables
-        ...Object.entries(result).filter((e) => e[1]).map((e) => ({value: e[0]})),
-      ]);
-    }
-
-    // If only the default authentication available, hides the select boxe
-    const content = $('.at-form-authentication');
-    if (!(this.authenticationMethods.get().length > 1)) {
-      content.hide();
-    } else {
-      content.show();
-    }
-  });
-});
-
-Template.connectionMethod.onRendered(() => {
-  // Moves the select boxe in the first place of the at-pwd-form div
-  $('.at-form-authentication').detach().prependTo('.at-pwd-form');
-});
-
-Template.connectionMethod.helpers({
-  authentications() {
-    return Template.instance().authenticationMethods.get();
-  },
-});

docker-compose-build.yml

@@ -223,6 +223,9 @@ services:
       # LOGOUT_ON_MINUTES : The number of minutes
       # example : LOGOUT_ON_MINUTES=55
       #- LOGOUT_ON_MINUTES=
+      # DEFAULT_AUTHENTICATION_METHOD : The default authentication method used if a user does not exist to create and authenticate him
+      # example : DEFAULT_AUTHENTICATION_METHOD=ldap
+      #- DEFAULT_AUTHENTICATION_METHOD=
 
     depends_on:
       - wekandb

docker-compose-postgresql.yml

@@ -245,6 +245,9 @@ services:
       # LOGOUT_ON_MINUTES : The number of minutes
       # example : LOGOUT_ON_MINUTES=55
       #- LOGOUT_ON_MINUTES=
+      # DEFAULT_AUTHENTICATION_METHOD : The default authentication method used if a user does not exist to create and authenticate him
+      # example : DEFAULT_AUTHENTICATION_METHOD=ldap
+      #- DEFAULT_AUTHENTICATION_METHOD=
 
     depends_on:
       - mongodb

docker-compose.yml

@@ -212,6 +212,9 @@ services:
       # LOGOUT_ON_MINUTES : The number of minutes
       # example : LOGOUT_ON_MINUTES=55
       #- LOGOUT_ON_MINUTES=
+      # DEFAULT_AUTHENTICATION_METHOD : The default authentication method used if a user does not exist to create and authenticate him
+      # example : DEFAULT_AUTHENTICATION_METHOD=ldap
+      #- DEFAULT_AUTHENTICATION_METHOD=
 
     depends_on:
       - wekandb

i18n/en.i18n.json

@@ -620,5 +620,7 @@
     "layout": "Layout",
     "hide-logo": "Hide Logo",
     "add-custom-html-after-body-start": "Add Custom HTML after <body> start",
-    "add-custom-html-before-body-end": "Add Custom HTML before </body> end"
+    "add-custom-html-before-body-end": "Add Custom HTML before </body> end",
+    "error-undefined": "Something went wrong",
+    "error-ldap-login": "An error occurred while trying to login"
 }

i18n/fr.i18n.json

@@ -619,5 +619,7 @@
     "layout": "Interface",
     "hide-logo": "Cacher le logo",
     "add-custom-html-after-body-start": "Add Custom HTML after <body> start",
-    "add-custom-html-before-body-end": "Add Custom HTML before </body> end"
+    "add-custom-html-before-body-end": "Add Custom HTML before </body> end",
+    "error-undefined": "Une erreur inconnue s'est produite",
+    "error-ldap-login": "Une erreur s'est produite lors de la tentative de connexion"
 }

models/settings.js

@@ -260,5 +260,9 @@ if (Meteor.isServer) {
         cas: isCasEnabled(),
       };
     },
+
+    getDefaultAuthenticationMethod() {
+      return process.env.DEFAULT_AUTHENTICATION_METHOD;
+    }
   });
 }

sandstorm-pkgdef.capnp

@@ -254,6 +254,7 @@ const myCommand :Spk.Manifest.Command = (
     (key = "OAUTH2_TOKEN_ENDPOINT", value=""),
     (key = "LDAP_ENABLE", value="false"),
     (key = "SANDSTORM", value = "1"),
-    (key = "METEOR_SETTINGS", value = "{\"public\": {\"sandstorm\": true}}")
+    (key = "METEOR_SETTINGS", value = "{\"public\": {\"sandstorm\": true}}"),
+    (key = "DEFAULT_AUTHENTICATION_METHOD", value = "")
   ]
 );

snap-src/bin/config

@@ -3,7 +3,7 @@
 # All supported keys are defined here together with descriptions and default values
 
 # list of supported keys
-keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES"
+keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
 
 # default values
 DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\
@@ -289,3 +289,8 @@ KEY_LOGOUT_ON_HOURS="logout-on-hours"
 DESCRIPTION_LOGOUT_ON_MINUTES="The number of minutes"
 DEFAULT_LOGOUT_ON_MINUTES=""
 KEY_LOGOUT_ON_MINUTES="logout-on-minutes"
+
+
+DESCRIPTION_DEFAULT_AUTHENTICATION_METHOD="The default authentication method used if a user does not exist to create and authenticate him"
+DEFAULT_DEFAULT_AUTHENTICATION_METHOD=""
+KEY_DEFAULT_AUTHENTICATION_METHOD="default-authentication-method"

snap-src/bin/wekan-help

@@ -254,21 +254,25 @@ echo -e "Ldap Default Domain."
 echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:"
 echo -e "\t$ snap set $SNAP_NAME LDAP_DEFAULT_DOMAIN=''"
 echo -e "\n"
-echo -e "Logout with timer."
-echo -e "Enable or not the option that allows to disconnect an user after a given time:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'"
-echo -e "\n"
-echo -e "Logout in."
-echo -e "Logout in how many days:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'"
-echo -e "\n"
-echo -e "Logout on hours."
-echo -e "Logout in how many hours:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'"
-echo -e "\n"
-echo -e "Logout on minutes."
-echo -e "Logout in how many minutes:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'"
+# echo -e "Logout with timer."
+# echo -e "Enable or not the option that allows to disconnect an user after a given time:"
+# echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'"
+# echo -e "\n"
+# echo -e "Logout in."
+# echo -e "Logout in how many days:"
+# echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'"
+# echo -e "\n"
+# echo -e "Logout on hours."
+# echo -e "Logout in how many hours:"
+# echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'"
+# echo -e "\n"
+# echo -e "Logout on minutes."
+# echo -e "Logout in how many minutes:"
+# echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'"
+# echo -e "\n"
+echo -e "Default authentication method."
+echo -e "The default authentication method used if a user does not exist to create and authenticate him"
+echo -e "\t$ snap set $SNAP_NAME DEFAULT_AUTHENTICATION_METHOD='ldap'"
 echo -e "\n"
 # parse config file for supported settings keys
 echo -e "wekan supports settings keys"