- Revert Improve authentication to [fix Login failure](https://github.com/wekan/wekan/issues/2004).

Thanks to xet7 !

Closes #2004

.meteor/packages

@@ -89,4 +89,3 @@ mquandalle:moment
 msavin:usercache
 wekan:wekan-ldap
 wekan:accounts-cas
-msavin:sjobs

.meteor/versions

@@ -117,7 +117,6 @@ mquandalle:jquery-ui-drag-drop-sort@0.2.0
 mquandalle:moment@1.0.1
 mquandalle:mousetrap-bindglobal@0.0.1
 mquandalle:perfect-scrollbar@0.6.5_2
-msavin:sjobs@3.0.6
 msavin:usercache@1.0.0
 npm-bcrypt@0.9.3
 npm-mongo@2.2.33

Dockerfile

@@ -64,10 +64,6 @@ ARG LDAP_SYNC_USER_DATA
 ARG LDAP_SYNC_USER_DATA_FIELDMAP
 ARG LDAP_SYNC_GROUP_ROLES
 ARG LDAP_DEFAULT_DOMAIN
-ARG LOGOUT_WITH_TIMER
-ARG LOGOUT_IN
-ARG LOGOUT_ON_HOURS
-ARG LOGOUT_ON_MINUTES
 
 # Set the environment variables (defaults where required)
 # DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303
@@ -134,11 +130,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
     LDAP_SYNC_USER_DATA=false \
     LDAP_SYNC_USER_DATA_FIELDMAP="" \
     LDAP_SYNC_GROUP_ROLES="" \
-    LDAP_DEFAULT_DOMAIN="" \
-    LOGOUT_WITH_TIMER="false" \
-    LOGOUT_IN="" \
-    LOGOUT_ON_HOURS="" \
-    LOGOUT_ON_MINUTES=""
+    LDAP_DEFAULT_DOMAIN=""
 
 # Copy the app to the image
 COPY ${SRC_PATH} /home/wekan/app

client/components/main/layouts.jade

@@ -18,6 +18,7 @@ template(name="userFormsLayout")
       img(src="{{pathFor '/wekan-logo.png'}}" alt="Wekan")
     section.auth-dialog
       +Template.dynamic(template=content)
+      +connectionMethod
       if isCas
         .at-form
           button#cas(class='at-btn submit' type='submit') {{casSignInLabel}}

client/components/main/layouts.js

@@ -6,13 +6,23 @@ const i18nTagToT9n = (i18nTag) => {
   return i18nTag;
 };
 
-Template.userFormsLayout.onCreated(function() {
-  Meteor.call('getDefaultAuthenticationMethod', (error, result) => {
-    this.data.defaultAuthenticationMethod = new ReactiveVar(error ? undefined : result);
-  });
-});
+const validator = {
+  set(obj, prop, value) {
+    if (prop === 'state' && value !== 'signIn') {
+      $('.at-form-authentication').hide();
+    } else if (prop === 'state' && value === 'signIn') {
+      $('.at-form-authentication').show();
+    }
+    // The default behavior to store the value
+    obj[prop] = value;
+    // Indicate success
+    return true;
+  },
+};
 
 Template.userFormsLayout.onRendered(() => {
+  AccountsTemplates.state.form.keys = new Proxy(AccountsTemplates.state.form.keys, validator);
+
   const i18nTag = navigator.language;
   if (i18nTag) {
     T9n.setLanguage(i18nTagToT9n(i18nTag));
@@ -71,14 +81,13 @@ Template.userFormsLayout.events({
       }
     });
   },
-  'click #at-btn'(event, instance) {
+  'click #at-btn'(event) {
     /* All authentication method can be managed/called here.
        !! DON'T FORGET to correctly fill the fields of the user during its creation if necessary authenticationMethod : String !!
     */
-    const email = $('#at-field-username_and_email').val();
-    const password = $('#at-field-password').val();
-
-    if (FlowRouter.getRouteName() !== 'atSignIn' || password === '') {
+    const authenticationMethodSelected = $('.select-authentication').val();
+    // Local account
+    if (authenticationMethodSelected === 'password') {
       return;
     }
 
@@ -86,11 +95,29 @@ Template.userFormsLayout.events({
     event.preventDefault();
     event.stopImmediatePropagation();
 
-    Meteor.subscribe('user-authenticationMethod', email, {
-      onReady() {
-        return authentication.call(this, instance, email, password);
-      },
-    });
+    const email = $('#at-field-username_and_email').val();
+    const password = $('#at-field-password').val();
+
+    // Ldap account
+    if (authenticationMethodSelected === 'ldap') {
+      // Check if the user can use the ldap connection
+      Meteor.subscribe('user-authenticationMethod', email, {
+        onReady() {
+          const user = Users.findOne();
+          if (user === undefined || user.authenticationMethod === 'ldap') {
+            // Use the ldap connection package
+            Meteor.loginWithLDAP(email, password, function(error) {
+              if (!error) {
+                // Connection
+                return FlowRouter.go('/');
+              }
+              return error;
+            });
+          }
+          return this.stop();
+        },
+      });
+    }
   },
 });
 
@@ -99,33 +126,3 @@ Template.defaultLayout.events({
     Modal.close();
   },
 });
-
-function authentication(instance, email, password) {
-  let user = Users.findOne();
-  // Authentication with password
-  if (user && user.authenticationMethod === 'password') {
-    $('#at-pwd-form').submit();
-    // Meteor.call('logoutWithTimer', user._id, () => {});
-    return this.stop();
-  }
-
-  // If user doesn't exist, uses the default authentication method if it defined
-  if (user === undefined) {
-    user = {
-      'authenticationMethod': instance.data.defaultAuthenticationMethod.get(),
-    };
-  }
-
-  // Authentication with LDAP
-  if (user.authenticationMethod === 'ldap') {
-    // Use the ldap connection package
-    Meteor.loginWithLDAP(email, password, function(error) {
-      if (!error) {
-        // Meteor.call('logoutWithTimer', Users.findOne()._id, () => {});
-        return FlowRouter.go('/');
-      }
-      return error;
-    });
-  }
-  return this.stop();
-}

client/components/settings/connectionMethod.jade

@@ -0,0 +1,6 @@
+template(name='connectionMethod')
+  div.at-form-authentication
+    label {{_ 'authentication-method'}}
+    select.select-authentication
+        each authentications
+            option(value="{{value}}") {{_ value}}

client/components/settings/connectionMethod.js

@@ -0,0 +1,34 @@
+Template.connectionMethod.onCreated(function() {
+  this.authenticationMethods = new ReactiveVar([]);
+
+  Meteor.call('getAuthenticationsEnabled', (_, result) => {
+    if (result) {
+      // TODO : add a management of different languages
+      // (ex {value: ldap, text: TAPi18n.__('ldap', {}, T9n.getLanguage() || 'en')})
+      this.authenticationMethods.set([
+        {value: 'password'},
+        // Gets only the authentication methods availables
+        ...Object.entries(result).filter((e) => e[1]).map((e) => ({value: e[0]})),
+      ]);
+    }
+
+    // If only the default authentication available, hides the select boxe
+    const content = $('.at-form-authentication');
+    if (!(this.authenticationMethods.get().length > 1)) {
+      content.hide();
+    } else {
+      content.show();
+    }
+  });
+});
+
+Template.connectionMethod.onRendered(() => {
+  // Moves the select boxe in the first place of the at-pwd-form div
+  $('.at-form-authentication').detach().prependTo('.at-pwd-form');
+});
+
+Template.connectionMethod.helpers({
+  authentications() {
+    return Template.instance().authenticationMethods.get();
+  },
+});

docker-compose.yml

@@ -195,18 +195,6 @@ services:
       # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
       # example :
       #- LDAP_DEFAULT_DOMAIN=
-      # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
-      # example : LOGOUT_WITH_TIMER=true
-      #- LOGOUT_WITH_TIMER=
-      # LOGOUT_IN : The number of days
-      # example : LOGOUT_IN=1
-      #- LOGOUT_IN=
-      # LOGOUT_ON_HOURS : The number of hours
-      # example : LOGOUT_ON_HOURS=9
-      #- LOGOUT_ON_HOURS=
-      # LOGOUT_ON_MINUTES : The number of minutes
-      # example : LOGOUT_ON_MINUTES=55
-      #- LOGOUT_ON_MINUTES=
 
     depends_on:
       - wekandb

models/settings.js

@@ -76,7 +76,6 @@ if (Meteor.isServer) {
       }, createdAt: now, modifiedAt: now};
       Settings.insert(defaultSetting);
     }
-
     const newSetting = Settings.findOne();
     if (!process.env.MAIL_URL && newSetting.mailUrl())
       process.env.MAIL_URL = newSetting.mailUrl();
@@ -236,35 +235,5 @@ if (Meteor.isServer) {
         cas: isCasEnabled(),
       };
     },
-
-    getDefaultAuthenticationMethod() {
-      return process.env.DEFAULT_AUTHENTICATION_METHOD;
-    },
-
-    // TODO: patch error : did not check all arguments during call
-    logoutWithTimer(userId) {
-      if (process.env.LOGOUT_WITH_TIMER) {
-        Jobs.run('logOut', userId, {
-          in: {
-            days: process.env.LOGOUT_IN,
-          },
-          on: {
-            hour: process.env.LOGOUT_ON_HOURS,
-            minute: process.env.LOGOUT_ON_MINUTES,
-          },
-          priority: 1,
-        });
-      }
-    },
-  });
-
-  Jobs.register({
-    logOut(userId) {
-      Meteor.users.update(
-        {_id: userId},
-        {$set: {'services.resume.loginTokens': []}}
-      );
-      this.success();
-    },
   });
 }

models/users.js

@@ -520,10 +520,10 @@ if (Meteor.isServer) {
     }
 
     const disableRegistration = Settings.findOne().disableRegistration;
-    if (!disableRegistration) {
-      if (options.ldap) {
-        user.authenticationMethod = 'ldap';
-      }
+    // If ldap, bypass the inviation code if the self registration isn't allowed.
+    // TODO : pay attention if ldap field in the user model change to another content ex : ldap field to connection_type
+    if (options.ldap || !disableRegistration) {
+      user.authenticationMethod = 'ldap';
       return user;
     }
 

server/publications/users.js

@@ -22,7 +22,6 @@ Meteor.publish('user-authenticationMethod', function(match) {
   check(match, String);
   return Users.find({$or: [{_id: match}, {email: match}, {username: match}]}, {
     fields: {
-      '_id': 1,
       'authenticationMethod': 1,
     },
   });

snap-src/bin/config

@@ -3,7 +3,7 @@
 # All supported keys are defined here together with descriptions and default values
 
 # list of supported keys
-keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER, LOGOUT_IN, LOGOUT_ON_HOURS, LOGOUT_ON_MINUTES"
+keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN"
 
 # default values
 DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\
@@ -265,19 +265,3 @@ KEY_LDAP_SYNC_GROUP_ROLES="ldap-sync-group-roles"
 DESCRIPTION_LDAP_DEFAULT_DOMAIN="The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP"
 DEFAULT_LDAP_DEFAULT_DOMAIN=""
 KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain"
-
-DESCRIPTION_LOGOUT_WITH_TIMER="Enables or not the option logout with timer"
-DEFAULT_LOGOUT_WITH_TIMER="false"
-KEY_LOGOUT_WITH_TIMER="logout-with-timer"
-
-DESCRIPTION_LOGOUT_IN="The number of days"
-DEFAULT_LOGOUT_IN=""
-KEY_LOGOUT_IN="logout-in"
-
-DESCRIPTION_LOGOUT_ON_HOURS="The number of hours"
-DEFAULT_LOGOUT_ON_HOURS=""
-KEY_LOGOUT_ON_HOURS="logout-on-hours"
-
-DESCRIPTION_LOGOUT_ON_MINUTES="The number of minutes"
-DEFAULT_LOGOUT_ON_MINUTES=""
-KEY_LOGOUT_ON_MINUTES="logout-on-minutes"

snap-src/bin/wekan-help

@@ -245,22 +245,6 @@ echo -e "Ldap Default Domain."
 echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:"
 echo -e "\t$ snap set $SNAP_NAME LDAP_DEFAULT_DOMAIN=''"
 echo -e "\n"
-echo -e "Logout with timer."
-echo -e "Enable or not the option that allows to disconnect an user after a given time:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'"
-echo -e "\n"
-echo -e "Logout in."
-echo -e "Logout in how many days:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'"
-echo -e "\n"
-echo -e "Logout on hours."
-echo -e "Logout in how many hours:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'"
-echo -e "\n"
-echo -e "Logout on minutes."
-echo -e "Logout in how many minutes:"
-echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'"
-echo -e "\n"
 # parse config file for supported settings keys
 echo -e "wekan supports settings keys"
 echo -e "values can be changed by calling\n$ snap set $SNAP_NAME <key name>='<key value>'"