github-mirrors/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-04-23 21:47:10 -04:00
Code Issues Projects Releases Packages Wiki Activity

Fix Scope parsing Issue for OAuth2 Login

Browse source
This commit is contained in:
DominikPf 2019-05-23 10:28:08 +02:00
parent d83cb75f95
commit 892ee60527
9 changed files with 11 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -41,7 +41,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
OAUTH2_USERNAME_MAP="" \
OAUTH2_FULLNAME_MAP="" \
OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[] \
OAUTH2_REQUEST_PERMISSIONS=['openid','profiles','email'] \
OAUTH2_REQUEST_PERMISSIONS='openid profiles email' \
OAUTH2_EMAIL_MAP="" \
LDAP_ENABLE=false \
LDAP_PORT=389 \

2
docker-compose.yml
View file

@ -327,7 +327,7 @@ services:
# OAUTH2 ID Token Whitelist Fields.
#- OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
# OAUTH2 Request Permissions.
#- OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
#- OAUTH2_REQUEST_PERMISSIONS='openid profile email'
# OAuth2 ID Mapping
#- OAUTH2_ID_MAP=
# OAuth2 Username Mapping

5
packages/wekan-oidc/oidc_client.js
View file

@ -18,10 +18,9 @@ Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
new ServiceConfiguration.ConfigError('Service oidc not configured.'));
return;
}
var credentialToken = Random.secret();
var loginStyle = OAuth._loginStyle('oidc', config, options);
var scope = config.requestPermissions || ['openid', 'profile', 'email'];
// options
options = options || {};
@ -29,7 +28,7 @@ Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
options.response_type = options.response_type || 'code';
options.redirect_uri = OAuth._redirectUri('oidc', config);
options.state = OAuth._stateParam(loginStyle, credentialToken, options.redirectUrl);
options.scope = scope.join(' ');
options.scope = config.requestPermissions || 'openid profile email';
if (config.loginStyle && config.loginStyle == 'popup') {
options.display = 'popup';

2
releases/virtualbox/start-wekan.sh
View file

@ -84,7 +84,7 @@
# OAUTH2 ID Token Whitelist Fields.
#export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
# OAUTH2 Request Permissions.
#export OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
#export OAUTH2_REQUEST_PERMISSIONS='openid profile email'
# The claim name you want to map to the unique ID field:
#export OAUTH2_ID_MAP=email
# The claim name you want to map to the username field:

2
server/authentication.js
View file

@ -77,7 +77,7 @@ Meteor.startup(() => {
userinfoEndpoint: process.env.OAUTH2_USERINFO_ENDPOINT,
tokenEndpoint: process.env.OAUTH2_TOKEN_ENDPOINT,
idTokenWhitelistFields: process.env.OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
requestPermissions: process.env.OAUTH2_REQUEST_PERMISSIONS || ['openid','profile','email'],
requestPermissions: process.env.OAUTH2_REQUEST_PERMISSIONS || 'openid profile email',
},
}
);

4
snap-src/bin/config
View file

@ -170,8 +170,8 @@ DESCRIPTION_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="OAuth2 ID Token Whitelist Fields.
DEFAULT_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="[]"
KEY_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="oauth2-id-token-whitelist-fields"
DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: ['openid','profile','email']"
DEFAULT_OAUTH2_REQUEST_PERMISSIONS="['openid','profile','email']"
DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: 'openid profile email'"
DEFAULT_OAUTH2_REQUEST_PERMISSIONS="'openid profile email'"
KEY_OAUTH2_REQUEST_PERMISSIONS="oauth2-request-permissions"
DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email"

2
snap-src/bin/wekan-help
View file

@ -138,7 +138,7 @@ echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=''"
echo -e "\n"
echo -e "OAuth2 Request Permissions."
echo -e "To enable the OAuth2 Request Permissions of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=\"['openid','profile','email']\""
echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=\"'openid profile email'\""
echo -e "\t-Disable the OAuth2 Request Permissions of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=''"
echo -e "\n"

2
start-wekan.bat
View file

@ -96,7 +96,7 @@ REM # OAUTH2 ID Token Whitelist Fields.
REM SET OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
REM # OAUTH2 Request Permissions.
REM SET OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
REM SET OAUTH2_REQUEST_PERMISSIONS='openid profile email'
REM # OAuth2 ID Mapping
REM SET OAUTH2_ID_MAP=

2
start-wekan.sh
View file

@ -144,7 +144,7 @@ function wekan_repo_check(){
# OAUTH2 ID Token Whitelist Fields.
#export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
# OAUTH2 Request Permissions.
#export OAUTH2_REQUEST_PERMISSIONS=['openid','profile','email']
#export OAUTH2_REQUEST_PERMISSIONS='openid profile email'
# OAuth2 ID Mapping
#export OAUTH2_ID_MAP=
# OAuth2 Username Mapping