mirror of
https://github.com/wekan/wekan.git
synced 2025-04-24 14:08:31 -04:00
Merge branch 'edge' into meteor-1.8
This commit is contained in:
Lauri Ojansivu
commit
93ae4e504e
12 changed files with 388 additions and 212 deletions
|
|
@ -147,7 +147,7 @@ retry@1.1.0
|
|||
routepolicy@1.1.0
|
||||
rzymek:fullcalendar@3.8.0
|
||||
salleman:accounts-oidc@1.0.10
|
||||
salleman:oidc@1.0.11
|
||||
salleman:oidc@1.0.12
|
||||
service-configuration@1.0.11
|
||||
session@1.2.0
|
||||
sha@1.0.9
|
||||
|
|
|
|||
13
CHANGELOG.md
13
CHANGELOG.md
|
|
@ -1,3 +1,16 @@
|
|||
# v2.21 2019-02-12 Wekan release
|
||||
|
||||
This release adds the following new features:
|
||||
|
||||
- [Bump salleman-oidc to 1.0.12](https://github.com/wekan/wekan/commit/352e5c6cb07b1a09ef692af6f6c49c3b1f3e91c1). Thanks to danpatdav.
|
||||
- [Added parameters for OIDC claim mapping](https://github.com/wekan/wekan/commit/bdbbb12f967f7e4f605e6c3310290180f6c8c6d1).
|
||||
These mapping parameters take advantage of new code in salleman-oidc 1.0.12 to override the default claim names provided by the userinfo endpoint.
|
||||
Thanks to danpatdav.
|
||||
- [Add OIDC claim mapping parameters to docker-compose.yml/Snap/Source](https://github.com/wekan/wekan/commit/59314ab17d65e9579d2f29b32685b7777f2a06a1).
|
||||
Thanks to xet7.
|
||||
|
||||
Thanks to above GitHub users for their contributions.
|
||||
|
||||
# v2.20 2019-02-11 Wekan release
|
||||
|
||||
This release adds the following new features:
|
||||
|
|
|
|||
|
|
@ -26,6 +26,10 @@ ARG OAUTH2_SERVER_URL
|
|||
ARG OAUTH2_AUTH_ENDPOINT
|
||||
ARG OAUTH2_USERINFO_ENDPOINT
|
||||
ARG OAUTH2_TOKEN_ENDPOINT
|
||||
ARG OAUTH2_ID_MAP
|
||||
ARG OAUTH2_USERNAME_MAP
|
||||
ARG OAUTH2_FULLNAME_MAP
|
||||
ARG OAUTH2_EMAIL_MAP
|
||||
ARG LDAP_ENABLE
|
||||
ARG LDAP_PORT
|
||||
ARG LDAP_HOST
|
||||
|
|
@ -101,6 +105,10 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
|
|||
OAUTH2_AUTH_ENDPOINT="" \
|
||||
OAUTH2_USERINFO_ENDPOINT="" \
|
||||
OAUTH2_TOKEN_ENDPOINT="" \
|
||||
OAUTH2_ID_MAP="" \
|
||||
OAUTH2_USERNAME_MAP="" \
|
||||
OAUTH2_FULLNAME_MAP="" \
|
||||
OAUTH2_EMAIL_MAP="" \
|
||||
LDAP_ENABLE=false \
|
||||
LDAP_PORT=389 \
|
||||
LDAP_HOST="" \
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
appId: wekan-public/apps/77b94f60-dec9-0136-304e-16ff53095928
|
||||
appVersion: "v2.20.0"
|
||||
appVersion: "v2.21.0"
|
||||
files:
|
||||
userUploads:
|
||||
- README.md
|
||||
|
|
|
|||
|
|
@ -219,23 +219,19 @@ services:
|
|||
- WITH_API=true
|
||||
#-----------------------------------------------------------------
|
||||
# ==== CORS =====
|
||||
# CORS: Set Access-Control-Allow-Origin header. Example: *
|
||||
# CORS: Set Access-Control-Allow-Origin header.
|
||||
#- CORS=*
|
||||
#-----------------------------------------------------------------
|
||||
# ==== MATOMO INTEGRATION ====
|
||||
# Optional: Integration with Matomo https://matomo.org that is installed to your server
|
||||
# The address of the server where Matomo is hosted.
|
||||
# example: - MATOMO_ADDRESS=https://example.com/matomo
|
||||
#- MATOMO_ADDRESS=
|
||||
#- MATOMO_ADDRESS=https://example.com/matomo
|
||||
# The value of the site ID given in Matomo server for Wekan
|
||||
# example: - MATOMO_SITE_ID=12345
|
||||
#- MATOMO_SITE_ID=
|
||||
#- MATOMO_SITE_ID=1
|
||||
# The option do not track which enables users to not be tracked by matomo
|
||||
# example: - MATOMO_DO_NOT_TRACK=false
|
||||
#- MATOMO_DO_NOT_TRACK=
|
||||
#- MATOMO_DO_NOT_TRACK=true
|
||||
# The option that allows matomo to retrieve the username:
|
||||
# example: MATOMO_WITH_USERNAME=true
|
||||
#- MATOMO_WITH_USERNAME=false
|
||||
#- MATOMO_WITH_USERNAME=true
|
||||
#-----------------------------------------------------------------
|
||||
# ==== BROWSER POLICY AND TRUSTED IFRAME URL ====
|
||||
# Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
|
||||
|
|
@ -243,41 +239,75 @@ services:
|
|||
# and allows all iframing etc. See wekan/server/policy.js
|
||||
- BROWSER_POLICY_ENABLED=true
|
||||
# When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
|
||||
#- TRUSTED_URL=
|
||||
#- TRUSTED_URL=https://intra.example.com
|
||||
#-----------------------------------------------------------------
|
||||
# ==== OUTGOING WEBHOOKS ====
|
||||
# What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
|
||||
# example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
|
||||
#- WEBHOOKS_ATTRIBUTES=
|
||||
#- WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
|
||||
#-----------------------------------------------------------------
|
||||
# ==== OAUTH2 ONLY WITH OIDC AND DOORKEEPER AS INDENTITY PROVIDER
|
||||
# ==== Debug OIDC OAuth2 etc ====
|
||||
#- DEBUG=true
|
||||
#-----------------------------------------------------------------
|
||||
# ==== OAUTH2 AZURE ====
|
||||
# https://github.com/wekan/wekan/wiki/Azure
|
||||
# 1) Register the application with Azure. Make sure you capture
|
||||
# the application ID as well as generate a secret key.
|
||||
# 2) Configure the environment variables. This differs slightly
|
||||
# by installation type, but make sure you have the following:
|
||||
#- OAUTH2_ENABLED=true
|
||||
# Application GUID captured during app registration:
|
||||
#- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
|
||||
# Secret key generated during app registration:
|
||||
#- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
#- OAUTH2_SERVER_URL=https://login.microsoftonline.com/
|
||||
#- OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
|
||||
#- OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
|
||||
#- OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
|
||||
# The claim name you want to map to the unique ID field:
|
||||
#- OAUTH2_ID_MAP=email
|
||||
# The claim name you want to map to the username field:
|
||||
#- OAUTH2_USERNAME_MAP=email
|
||||
# The claim name you want to map to the full name field:
|
||||
#- OAUTH2_FULLNAME_MAP=name
|
||||
# Tthe claim name you want to map to the email field:
|
||||
#- OAUTH2_EMAIL_MAP=email
|
||||
#-----------------------------------------------------------------
|
||||
# ==== OAUTH2 KEYCLOAK ====
|
||||
# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
|
||||
#- OAUTH2_ENABLED=true
|
||||
#- OAUTH2_CLIENT_ID=<Keycloak create Client ID>
|
||||
#- OAUTH2_SERVER_URL=<Keycloak server name>/auth
|
||||
#- OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
|
||||
#- OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
|
||||
#- OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
|
||||
#- OAUTH2_SECRET=<keycloak client secret>
|
||||
#-----------------------------------------------------------------
|
||||
# ==== OAUTH2 DOORKEEPER ====
|
||||
# https://github.com/wekan/wekan/issues/1874
|
||||
# https://github.com/wekan/wekan/wiki/OAuth2
|
||||
# Enable the OAuth2 connection
|
||||
# example: OAUTH2_ENABLED=true
|
||||
#- OAUTH2_ENABLED=false
|
||||
#- OAUTH2_ENABLED=true
|
||||
# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
|
||||
# OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
|
||||
# example: OAUTH2_CLIENT_ID=abcde12345
|
||||
#- OAUTH2_CLIENT_ID=
|
||||
# OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde
|
||||
# example: OAUTH2_SECRET=54321abcde
|
||||
#- OAUTH2_SECRET=
|
||||
# OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com
|
||||
# example: OAUTH2_SERVER_URL=https://chat.example.com
|
||||
#- OAUTH2_SERVER_URL=
|
||||
# OAuth2 Authorization Endpoint. Example: /oauth/authorize
|
||||
# example: OAUTH2_AUTH_ENDPOINT=/oauth/authorize
|
||||
#- OAUTH2_AUTH_ENDPOINT=
|
||||
# OAuth2 Userinfo Endpoint. Example: /oauth/userinfo
|
||||
# example: OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
|
||||
#- OAUTH2_USERINFO_ENDPOINT=
|
||||
# OAuth2 Token Endpoint. Example: /oauth/token
|
||||
# example: OAUTH2_TOKEN_ENDPOINT=/oauth/token
|
||||
#- OAUTH2_TOKEN_ENDPOINT=
|
||||
#-----------------------------------------------------------------
|
||||
# Debug OIDC OAuth2 etc
|
||||
#- DEBUG=true
|
||||
# OAuth2 Client ID.
|
||||
#- OAUTH2_CLIENT_ID=abcde12345
|
||||
# OAuth2 Secret.
|
||||
#- OAUTH2_SECRET=54321abcde
|
||||
# OAuth2 Server URL.
|
||||
#- OAUTH2_SERVER_URL=https://chat.example.com
|
||||
# OAuth2 Authorization Endpoint.
|
||||
#- OAUTH2_AUTH_ENDPOINT=/oauth/authorize
|
||||
# OAuth2 Userinfo Endpoint.
|
||||
#- OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
|
||||
# OAuth2 Token Endpoint.
|
||||
#- OAUTH2_TOKEN_ENDPOINT=/oauth/token
|
||||
# OAuth2 ID Mapping
|
||||
#- OAUTH2_ID_MAP=
|
||||
# OAuth2 Username Mapping
|
||||
#- OAUTH2_USERNAME_MAP=
|
||||
# OAuth2 Fullname Mapping
|
||||
#- OAUTH2_FULLNAME_MAP=
|
||||
# OAuth2 Email Mapping
|
||||
#- OAUTH2_EMAIL_MAP=
|
||||
#-----------------------------------------------------------------
|
||||
# ==== LDAP ====
|
||||
# https://github.com/wekan/wekan/wiki/LDAP
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "wekan",
|
||||
"version": "v2.20.0",
|
||||
"version": "v2.21.0",
|
||||
"description": "Open-Source kanban",
|
||||
"private": true,
|
||||
"scripts": {
|
||||
|
|
|
|||
|
|
@ -1,29 +1,33 @@
|
|||
# If you want to restart even on crash, uncomment while and done lines.
|
||||
|
||||
#while true; do
|
||||
cd ~/repos/wekan/.build/bundle
|
||||
export MONGO_URL='mongodb://127.0.0.1:27017/admin'
|
||||
cd ~/repos/wekan/.build/bundle
|
||||
#---------------------------------------------
|
||||
# Debug OIDC OAuth2 etc.
|
||||
#export export DEBUG=true
|
||||
#---------------------------------------------
|
||||
export MONGO_URL='mongodb://127.0.0.1:27017/admin'
|
||||
# ROOT_URL EXAMPLES FOR WEBSERVERS: https://github.com/wekan/wekan/wiki/Settings
|
||||
# Production: https://example.com/wekan
|
||||
# Local: http://localhost:3000
|
||||
#export ipaddress=$(ifdata -pa eth0)
|
||||
export ROOT_URL='http://localhost'
|
||||
# Production: https://example.com/wekan
|
||||
# Local: http://localhost:3000
|
||||
#export ipaddress=$(ifdata -pa eth0)
|
||||
export ROOT_URL='http://localhost'
|
||||
#---------------------------------------------
|
||||
# Working email IS NOT REQUIRED to use Wekan.
|
||||
# https://github.com/wekan/wekan/wiki/Adding-users
|
||||
# https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
|
||||
# https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml
|
||||
export MAIL_URL='smtp://user:pass@mailserver.example.com:25/'
|
||||
export MAIL_FROM='Wekan Support <support@example.com>'
|
||||
# This is local port where Wekan Node.js runs, same as below on Caddyfile settings.
|
||||
export PORT=80
|
||||
# https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
|
||||
# https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml
|
||||
export MAIL_URL='smtp://user:pass@mailserver.example.com:25/'
|
||||
export MAIL_FROM='Wekan Support <support@example.com>'
|
||||
# This is local port where Wekan Node.js runs, same as below on Caddyfile settings.
|
||||
export PORT=80
|
||||
#---------------------------------------------
|
||||
# Wekan Export Board works when WITH_API='true'.
|
||||
# Wekan Export Board works when WITH_API='true'.
|
||||
# If you disable Wekan API, Export Board does not work.
|
||||
export WITH_API='true'
|
||||
export WITH_API='true'
|
||||
#---------------------------------------------
|
||||
# CORS: Set Access-Control-Allow-Origin header. Example: *
|
||||
#- CORS=*
|
||||
#export CORS=*
|
||||
#---------------------------------------------
|
||||
## Optional: Integration with Matomo https://matomo.org that is installed to your server
|
||||
## The address of the server where Matomo is hosted:
|
||||
|
|
@ -39,39 +43,77 @@
|
|||
# Example: export MATOMO_WITH_USERNAME=true
|
||||
#export MATOMO_WITH_USERNAME='false'
|
||||
# Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
|
||||
# Setting this to false is not recommended, it also disables all other browser policy protections
|
||||
# and allows all iframing etc. See wekan/server/policy.js
|
||||
# Default value: true
|
||||
export BROWSER_POLICY_ENABLED=true
|
||||
# Setting this to false is not recommended, it also disables all other browser policy protections
|
||||
# and allows all iframing etc. See wekan/server/policy.js
|
||||
# Default value: true
|
||||
export BROWSER_POLICY_ENABLED=true
|
||||
# When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
|
||||
# Example: export TRUSTED_URL=http://example.com
|
||||
# Example: export TRUSTED_URL=http://example.com
|
||||
export TRUSTED_URL=''
|
||||
# What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
|
||||
# Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
|
||||
export WEBHOOKS_ATTRIBUTES=''
|
||||
export WEBHOOKS_ATTRIBUTES=''
|
||||
#---------------------------------------------
|
||||
# ==== OAUTH2 AZURE ====
|
||||
# https://github.com/wekan/wekan/wiki/Azure
|
||||
# 1) Register the application with Azure. Make sure you capture
|
||||
# the application ID as well as generate a secret key.
|
||||
# 2) Configure the environment variables. This differs slightly
|
||||
# by installation type, but make sure you have the following:
|
||||
#export OAUTH2_ENABLED=true
|
||||
# Application GUID captured during app registration:
|
||||
#export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
|
||||
# Secret key generated during app registration:
|
||||
#export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
#export OAUTH2_SERVER_URL=https://login.microsoftonline.com/
|
||||
#export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
|
||||
#export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
|
||||
#export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
|
||||
# The claim name you want to map to the unique ID field:
|
||||
#export OAUTH2_ID_MAP=email
|
||||
# The claim name you want to map to the username field:
|
||||
#export OAUTH2_USERNAME_MAP=email
|
||||
# The claim name you want to map to the full name field:
|
||||
#export OAUTH2_FULLNAME_MAP=name
|
||||
# Tthe claim name you want to map to the email field:
|
||||
#export OAUTH2_EMAIL_MAP=email
|
||||
#-----------------------------------------------------------------
|
||||
# ==== OAUTH2 KEYCLOAK ====
|
||||
# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
|
||||
#export OAUTH2_ENABLED=true
|
||||
#export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
|
||||
#export OAUTH2_SERVER_URL=<Keycloak server name>/auth
|
||||
#export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
|
||||
#export OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
|
||||
#export OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
|
||||
#export OAUTH2_SECRET=<keycloak client secret>
|
||||
#-----------------------------------------------------------------
|
||||
# ==== OAUTH2 DOORKEEPER ====
|
||||
# https://github.com/wekan/wekan/issues/1874
|
||||
# https://github.com/wekan/wekan/wiki/OAuth2
|
||||
# Enable the OAuth2 connection
|
||||
#export OAUTH2_ENABLED=true
|
||||
# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
|
||||
# OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
|
||||
# example: export OAUTH2_CLIENT_ID=abcde12345
|
||||
#export OAUTH2_CLIENT_ID=''
|
||||
# OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde
|
||||
# example: export OAUTH2_SECRET=54321abcde
|
||||
#export OAUTH2_SECRET=''
|
||||
# OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com
|
||||
# example: export OAUTH2_SERVER_URL=https://chat.example.com
|
||||
#export OAUTH2_SERVER_URL=''
|
||||
# OAuth2 Authorization Endpoint. Example: /oauth/authorize
|
||||
# example: export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
|
||||
#export OAUTH2_AUTH_ENDPOINT=''
|
||||
# OAuth2 Userinfo Endpoint. Example: /oauth/userinfo
|
||||
# example: export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
|
||||
#export OAUTH2_USERINFO_ENDPOINT=''
|
||||
# OAuth2 Token Endpoint. Example: /oauth/token
|
||||
# example: export OAUTH2_TOKEN_ENDPOINT=/oauth/token
|
||||
#export OAUTH2_TOKEN_ENDPOINT=''
|
||||
#---------------------------------------------
|
||||
# Debug OIDC OAuth2 etc.
|
||||
#export DEBUG=true
|
||||
# OAuth2 Client ID.
|
||||
#export OAUTH2_CLIENT_ID=abcde12345
|
||||
# OAuth2 Secret.
|
||||
#export OAUTH2_SECRET=54321abcde
|
||||
# OAuth2 Server URL.
|
||||
#export OAUTH2_SERVER_URL=https://chat.example.com
|
||||
# OAuth2 Authorization Endpoint.
|
||||
#export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
|
||||
# OAuth2 Userinfo Endpoint.
|
||||
#export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
|
||||
# OAuth2 Token Endpoint.
|
||||
#export OAUTH2_TOKEN_ENDPOINT=/oauth/token
|
||||
# OAuth2 ID Mapping
|
||||
#export OAUTH2_ID_MAP=
|
||||
# OAuth2 Username Mapping
|
||||
#export OAUTH2_USERNAME_MAP=
|
||||
# OAuth2 Fullname Mapping
|
||||
#export OAUTH2_FULLNAME_MAP=
|
||||
# OAuth2 Email Mapping
|
||||
#export OAUTH2_EMAIL_MAP=
|
||||
#---------------------------------------------
|
||||
# LDAP_ENABLE : Enable or not the connection by the LDAP
|
||||
# example : export LDAP_ENABLE=true
|
||||
|
|
@ -195,15 +237,15 @@
|
|||
#export LDAP_DEFAULT_DOMAIN=
|
||||
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
|
||||
# example : LOGOUT_WITH_TIMER=true
|
||||
#- LOGOUT_WITH_TIMER=
|
||||
#export LOGOUT_WITH_TIMER=
|
||||
# LOGOUT_IN : The number of days
|
||||
# example : LOGOUT_IN=1
|
||||
#- LOGOUT_IN=
|
||||
#- LOGOUT_ON_HOURS=
|
||||
#export LOGOUT_IN=
|
||||
#export LOGOUT_ON_HOURS=
|
||||
# LOGOUT_ON_MINUTES : The number of minutes
|
||||
# example : LOGOUT_ON_MINUTES=55
|
||||
#- LOGOUT_ON_MINUTES=
|
||||
#export LOGOUT_ON_MINUTES=
|
||||
|
||||
node main.js & >> ~/repos/wekan.log
|
||||
cd ~/repos
|
||||
node main.js & >> ~/repos/wekan.log
|
||||
cd ~/repos
|
||||
#done
|
||||
|
|
|
|||
|
|
@ -22,10 +22,10 @@ const pkgdef :Spk.PackageDefinition = (
|
|||
appTitle = (defaultText = "Wekan"),
|
||||
# The name of the app as it is displayed to the user.
|
||||
|
||||
appVersion = 222,
|
||||
appVersion = 223,
|
||||
# Increment this for every release.
|
||||
|
||||
appMarketingVersion = (defaultText = "2.20.0~2019-02-11"),
|
||||
appMarketingVersion = (defaultText = "2.21.0~2019-02-12"),
|
||||
# Human-readable presentation of the app version.
|
||||
|
||||
minUpgradableAppVersion = 0,
|
||||
|
|
|
|||
|
|
@ -3,9 +3,13 @@
|
|||
# All supported keys are defined here together with descriptions and default values
|
||||
|
||||
# list of supported keys
|
||||
keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD DEBUG"
|
||||
keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
|
||||
|
||||
# default values
|
||||
DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
|
||||
DEFAULT_DEBUG="false"
|
||||
KEY_DEBUG="debug"
|
||||
|
||||
DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\
|
||||
"\t\t\t Default behaviour will preffer binding over unix socket, to disable unix socket binding set value to 'nill' string\n"\
|
||||
"\t\t\t To bind to instance of mongodb provided through content interface,set value to relative path to the socket inside '$SNAP_DATA/shared' directory"
|
||||
|
|
@ -114,6 +118,26 @@ DESCRIPTION_OAUTH2_TOKEN_ENDPOINT="OAuth2 token endpoint. Example: /oauth/token"
|
|||
DEFAULT_OAUTH2_TOKEN_ENDPOINT=""
|
||||
KEY_OAUTH2_TOKEN_ENDPOINT="oauth2-token-endpoint"
|
||||
|
||||
DESCRIPTION_OAUTH2_ID_MAP="OAuth2 ID Mapping. Example: email"
|
||||
DEFAULT_OAUTH2_ID_MAP=""
|
||||
KEY_OAUTH2_ID_MAP="oauth2-id-map"
|
||||
|
||||
DESCRIPTION_OAUTH2_USERNAME_MAP="OAuth2 Username Mapping. Example: email"
|
||||
DEFAULT_OAUTH2_USERNAME_MAP=""
|
||||
KEY_OAUTH2_USERNAME_MAP="oauth2-username-map"
|
||||
|
||||
DESCRIPTION_OAUTH2_FULLNAME_MAP="OAuth2 Fullname Mapping. Example: name"
|
||||
DEFAULT_OAUTH2_FULLNAME_MAP=""
|
||||
KEY_OAUTH2_FULLNAME_MAP="oauth2-fullname-map"
|
||||
|
||||
DESCRIPTION_OAUTH2_FULLNAME_MAP="OAuth2 Fullname Mapping. Example: name"
|
||||
DEFAULT_OAUTH2_FULLNAME_MAP=""
|
||||
KEY_OAUTH2_FULLNAME_MAP="oauth2-fullname-map"
|
||||
|
||||
DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email"
|
||||
DEFAULT_OAUTH2_EMAIL_MAP=""
|
||||
KEY_OAUTH2_EMAIL_MAP="oauth2-email-map"
|
||||
|
||||
DESCRIPTION_LDAP_ENABLE="Enable or not the connection by the LDAP"
|
||||
DEFAULT_LDAP_ENABLE="false"
|
||||
KEY_LDAP_ENABLE="ldap-enable"
|
||||
|
|
@ -293,7 +317,3 @@ KEY_LOGOUT_ON_MINUTES="logout-on-minutes"
|
|||
DESCRIPTION_DEFAULT_AUTHENTICATION_METHOD="The default authentication method used if a user does not exist to create and authenticate. Method can be password or ldap."
|
||||
DEFAULT_DEFAULT_AUTHENTICATION_METHOD=""
|
||||
KEY_DEFAULT_AUTHENTICATION_METHOD="default-authentication-method"
|
||||
|
||||
DESCRIPTION_DEBUG="Debug OIDC etc. Example: sudo snap set wekan debug='true'"
|
||||
DEFAULT_DEBUG="false"
|
||||
KEY_DEBUG="debug"
|
||||
|
|
|
|||
|
|
@ -8,6 +8,13 @@ if [ "$CADDY_ENABLED" = "true" ]; then
|
|||
fi
|
||||
|
||||
echo -e "Wekan: The open-source kanban.\n"
|
||||
echo -e "\n"
|
||||
echo -e "Debug OIDC OAuth2 etc."
|
||||
echo -e "To enable the Debug of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME debug='true'"
|
||||
echo -e "\t-Disable the Debug of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME debug='false'"
|
||||
echo -e "\n"
|
||||
echo -e "Make sure you have connected all interfaces, check more by calling $ snap interfaces ${SNAP_NAME}"
|
||||
echo -e "\n"
|
||||
echo -e "${SNAP_NAME} has multiple services, to check status use systemctl"
|
||||
|
|
@ -29,256 +36,268 @@ echo -e "\t\t-disable mongodb in $SNAP_NAME by calling: $ snap set $SNAP_NAME se
|
|||
echo -e "\t\t-set mongodb-bind-unix-socket to point to serving mongodb. Use relative path inside shared directory, e.g run/mongodb-27017.sock"
|
||||
echo -e "\n"
|
||||
echo -e "To enable the API of wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME WITH_API='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME with-api='true'"
|
||||
echo -e "\t-Disable the API:"
|
||||
echo -e "\t$ snap set $SNAP_NAME WITH_API='false'"
|
||||
echo -e "\t$ snap set $SNAP_NAME with-api='false'"
|
||||
echo -e "\n"
|
||||
echo -e "To enable the CORS of wekan, to set Access-Control-Allow-Origin header:"
|
||||
echo -e "\t$ snap set $SNAP_NAME CORS='*'"
|
||||
echo -e "\t$ snap set $SNAP_NAME cors='*'"
|
||||
echo -e "\t-Disable the CORS:"
|
||||
echo -e "\t$ snap set $SNAP_NAME CORS=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME cors=''"
|
||||
echo -e "\n"
|
||||
echo -e "Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside."
|
||||
echo -e "\t\t Setting this to false is not recommended, it also disables all other browser policy protections"
|
||||
echo -e "\t\t and allows all iframing etc. See wekan/server/policy.js"
|
||||
echo -e "To enable the Content Policy of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME CONTENT_POLICY_ENABLED='true'"
|
||||
echo -e "\t-Disable the Content Policy of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME CONTENT_POLICY_ENABLED='false'"
|
||||
echo -e "To enable the Browser Policy of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME browser-policy-enabled='true'"
|
||||
echo -e "\t-Disable the Browser Policy of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME browser-policy-enabled='false'"
|
||||
echo -e "\n"
|
||||
echo -e "When browser policy is enabled, HTML code at this URL can have iframe that embeds Wekan inside."
|
||||
echo -e "To enable the Trusted URL of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME TRUSTED_URL='https://example.com'"
|
||||
echo -e "\t$ snap set $SNAP_NAME trusted-url='https://example.com'"
|
||||
echo -e "\t-Disable the Trusted URL of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME TRUSTED_URL=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME trusted-url=''"
|
||||
echo -e "\n"
|
||||
echo -e "What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId ."
|
||||
echo -e "To enable the Webhooks Attributes of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME WEBHOOKS_ATTRIBUTES='cardId,listId,oldListId,boardId,comment,user,card,commentId'"
|
||||
echo -e "\t$ snap set $SNAP_NAME webhooks-attributes='cardId,listId,oldListId,boardId,comment,user,card,commentId'"
|
||||
echo -e "\t-Disable the Webhooks Attributes of Wekan to send all default ones:"
|
||||
echo -e "\t$ snap set $SNAP_NAME WEBHOOKS_ATTRIBUTES=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME webhooks-attributes=''"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345"
|
||||
echo -e "OAuth2 Client ID."
|
||||
echo -e "To enable the OAuth2 Client ID of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_CLIENT_ID='54321abcde'"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-client-id='54321abcde'"
|
||||
echo -e "\t-Disable the OAuth2 Client ID of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_CLIENT_ID=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-client-id=''"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Secret, for example from Rocket.Chat. Example: 54321abcde"
|
||||
echo -e "OAuth2 Secret."
|
||||
echo -e "To enable the OAuth2 Secret of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_SECRET='54321abcde'"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-secret='54321abcde'"
|
||||
echo -e "\t-Disable the OAuth2 Secret of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_SECRET=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-secret=''"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com"
|
||||
echo -e "OAuth2 Server URL."
|
||||
echo -e "To enable the OAuth2 Server URL of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_SERVER_URL='https://chat.example.com'"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-server-url='https://chat.example.com'"
|
||||
echo -e "\t-Disable the OAuth2 Server URL of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_SERVER_URL=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-server-url=''"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com"
|
||||
echo -e "To enable the OAuth2 Server URL of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_SERVER_URL='https://chat.example.com'"
|
||||
echo -e "\t-Disable the OAuth2 Server URL of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_SERVER_URL=''"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Authorization Endpoint. Example: /oauth/authorize"
|
||||
echo -e "OAuth2 Authorization Endpoint."
|
||||
echo -e "To enable the OAuth2 Authorization Endpoint of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_AUTH_ENDPOINT='/oauth/authorize'"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-auth-endpoint='/oauth/authorize'"
|
||||
echo -e "\t-Disable the OAuth2 Authorization Endpoint of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_AUTH_ENDPOINT=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-auth-endpoint=''"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Userinfo Endpoint. Example: /oauth/userinfo"
|
||||
echo -e "OAuth2 Userinfo Endpoint."
|
||||
echo -e "To enable the OAuth2 Userinfo Endpoint of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_USERINFO_ENDPOINT='/oauth/authorize'"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-userinfo-endpoint='/oauth/authorize'"
|
||||
echo -e "\t-Disable the OAuth2 Userinfo Endpoint of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_USERINFO_ENDPOINT=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-userinfo-endpoint=''"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Token Endpoint. Example: /oauth/token"
|
||||
echo -e "OAuth2 Token Endpoint."
|
||||
echo -e "To enable the OAuth2 Token Endpoint of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_TOKEN_ENDPOINT='/oauth/token'"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint='/oauth/token'"
|
||||
echo -e "\t-Disable the OAuth2 Token Endpoint of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME OAUTH2_TOKEN_ENDPOINT=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint=''"
|
||||
echo -e "\n"
|
||||
echo -e "Debug OIDC OAuth2 etc."
|
||||
echo -e "To enable the Debug of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME DEBUG='true'"
|
||||
echo -e "\t-Disable the Debug of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME DEBUG='false'"
|
||||
echo -e "OAuth2 ID Mapping."
|
||||
echo -e "To enable the ID Mapping of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-id-map='username.uid'"
|
||||
echo -e "\t-Disable the ID Mapping of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-id-map=''"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Username Mapping."
|
||||
echo -e "To enable the Username Mapping of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-username-map='username'"
|
||||
echo -e "\t-Disable the Username Mapping of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-username-map=''"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Fullname Mapping."
|
||||
echo -e "To enable the Fullname Mapping of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map='fullname'"
|
||||
echo -e "\t-Disable the Fullname Mapping of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map=''"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Email Mapping."
|
||||
echo -e "To enable the Email Mapping of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-email-map='email'"
|
||||
echo -e "\t-Disable the Email Mapping of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-email-map=''"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Enable."
|
||||
echo -e "To enable the ldap of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_ENABLE='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-enable='true'"
|
||||
echo -e "\t-Disable the ldap of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_ENABLE='false'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-enable='false'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Port."
|
||||
echo -e "The port of the ldap server:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_PORT='12345'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-port='12345'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Host."
|
||||
echo -e "The host server for the LDAP server:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_HOST='localhost'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-host='localhost'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Base Dn."
|
||||
echo -e "The base DN for the LDAP Tree:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_BASEDN='ou=user,dc=example,dc=org'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-basedn='ou=user,dc=example,dc=org'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Login Fallback."
|
||||
echo -e "Fallback on the default authentication method:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_LOGIN_FALLBACK='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-login-fallback='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Reconnect."
|
||||
echo -e "Reconnect to the server if the connection is lost:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_RECONNECT='false'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-reconnect='false'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Timeout."
|
||||
echo -e "Overall timeout, in milliseconds:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_TIMEOUT='12345'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-timeout='12345'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Idle Timeout."
|
||||
echo -e "Specifies the timeout for idle LDAP connections in milliseconds:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_IDLE_TIMEOUT='12345'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-idle-timeout='12345'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Connect Timeout."
|
||||
echo -e "Connection timeout, in milliseconds:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_CONNECT_TIMEOUT='12345'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-connect-timeout='12345'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Authentication."
|
||||
echo -e "If the LDAP needs a user account to search:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_AUTHENTIFICATION='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-authentication='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Authentication User Dn."
|
||||
echo -e "The search user Dn:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_AUTHENTIFICATION_USERDN='cn=admin,dc=example,dc=org'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-authentication-userdn='cn=admin,dc=example,dc=org'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Authentication Password."
|
||||
echo -e "The password for the search user:"
|
||||
echo -e "\t$ snap set $SNAP_NAME AUTHENTIFICATION_PASSWORD='admin'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-authentication-password='admin'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Log Enabled."
|
||||
echo -e "Enable logs for the module:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_LOG_ENABLED='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-log-enabled='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Background Sync."
|
||||
echo -e "If the sync of the users should be done in the background:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_BACKGROUND_SYNC='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-background-sync='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Background Sync Interval."
|
||||
echo -e "At which interval does the background task sync in milliseconds:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_BACKGROUND_SYNC_INTERVAL='12345'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-background-sync-interval='12345'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Background Sync Keep Existant Users Updated."
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-background-sync-keep-existant-users-updated='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Background Sync Import New Users."
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-background-sync-import-new-users='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Encryption."
|
||||
echo -e "Allow LDAPS:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_ENCRYPTION='ssl'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-encryption='ssl'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Ca Cert."
|
||||
echo -e "The certification for the LDAPS server:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-ca-cert=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Reject Unauthorized."
|
||||
echo -e "Reject Unauthorized Certificate:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_REJECT_UNAUTHORIZED='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-reject-unauthorized='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap User Search Filter."
|
||||
echo -e "Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_USER_SEARCH_FILTER=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-user-search-filter=''"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap User Search Scope."
|
||||
echo -e "base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree). Example: one"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_USER_SEARCH_SCOPE=one"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-user-search-scope=one"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap User Search Field."
|
||||
echo -e "Which field is used to find the user:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_USER_SEARCH_FIELD='uid'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-user-search-field='uid'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Search Page Size."
|
||||
echo -e "Used for pagination (0=unlimited):"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_SEARCH_PAGE_SIZE='12345'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-search-page-size='12345'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Search Size Limit."
|
||||
echo -e "The limit number of entries (0=unlimited):"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_SEARCH_SIZE_LIMIT='12345'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-search-size-limit='12345'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Group Filter Enable."
|
||||
echo -e "Enable group filtering:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_ENABLE='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-enable='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Group Filter ObjectClass."
|
||||
echo -e "The object class for filtering:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_OBJECTCLASS='group'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-objectclass='group'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Group Filter Id Attribute."
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-id-attribute=''"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Group Filter Member Attribute."
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-member-attribute=''"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Group Filter Member Format."
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-member-format=''"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Group Filter Group Name."
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_GROUP_NAME=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-name=''"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Unique Identifier Field."
|
||||
echo -e "This field is sometimes class GUID (Globally Unique Identifier):"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD=guid"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-unique-identifier-field=guid"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Utf8 Names Slugify."
|
||||
echo -e "Convert the username to utf8:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_UTF8_NAMES_SLUGIFY='false'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-utf8-names-slugify='false'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Username Field."
|
||||
echo -e "Which field contains the ldap username:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_USERNAME_FIELD='username'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-username-field='username'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Fullname Field."
|
||||
echo -e "Which field contains the ldap fullname:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_FULLNAME_FIELD='fullname'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-fullname-field='fullname'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Merge Existing Users."
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_MERGE_EXISTING_USERS='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-merge-existing-users='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Sync User Data."
|
||||
echo -e "Enable synchronization of user data:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_SYNC_USER_DATA='true'"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-sync-user-data='true'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Sync User Data Fieldmap."
|
||||
echo -e "A field map for the matching:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_SYNC_USER_DATA_FIELDMAP={\"cn\":\"name\", \"mail\":\"email\"}"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-sync-user-data-fieldmap={\"cn\":\"name\", \"mail\":\"email\"}"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Sync Group Roles."
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_SYNC_GROUP_ROLES=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-sync-group-roles=''"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Default Domain."
|
||||
echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:"
|
||||
echo -e "\t$ snap set $SNAP_NAME LDAP_DEFAULT_DOMAIN=''"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-default-domain=''"
|
||||
echo -e "\n"
|
||||
# echo -e "Logout with timer."
|
||||
# echo -e "Enable or not the option that allows to disconnect an user after a given time:"
|
||||
# echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'"
|
||||
# echo -e "\t$ snap set $SNAP_NAME logout-with-timer='true'"
|
||||
# echo -e "\n"
|
||||
# echo -e "Logout in."
|
||||
# echo -e "Logout in how many days:"
|
||||
# echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'"
|
||||
# echo -e "\t$ snap set $SNAP_NAME logout-in='1'"
|
||||
# echo -e "\n"
|
||||
# echo -e "Logout on hours."
|
||||
# echo -e "Logout in how many hours:"
|
||||
# echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'"
|
||||
# echo -e "\t$ snap set $SNAP_NAME logout-on-hours='9'"
|
||||
# echo -e "\n"
|
||||
# echo -e "Logout on minutes."
|
||||
# echo -e "Logout in how many minutes:"
|
||||
# echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'"
|
||||
# echo -e "\t$ snap set $SNAP_NAME logout-on-minutes='5'"
|
||||
# echo -e "\n"
|
||||
echo -e "Default authentication method."
|
||||
echo -e "The default authentication method used if a user does not exist to create and authenticate. Method can be password or ldap."
|
||||
echo -e "\t$ snap set $SNAP_NAME DEFAULT_AUTHENTICATION_METHOD='ldap'"
|
||||
echo -e "\t$ snap set $SNAP_NAME default-authentication-method='ldap'"
|
||||
echo -e "\n"
|
||||
# parse config file for supported settings keys
|
||||
echo -e "wekan supports settings keys"
|
||||
|
|
|
|||
|
|
@ -1,3 +1,10 @@
|
|||
REM ------------------------------------------------------------
|
||||
|
||||
REM # Debug OIDC OAuth2 etc.
|
||||
REM SET DEBUG=true
|
||||
|
||||
REM ------------------------------------------------------------
|
||||
|
||||
SET MONGO_URL=mongodb://127.0.0.1:27017/wekan
|
||||
SET ROOT_URL=http://127.0.0.1:2000/
|
||||
SET MAIL_URL=smtp://user:pass@mailserver.example.com:25/
|
||||
|
|
@ -69,11 +76,6 @@ REM SET OAUTH2_TOKEN_ENDPOINT=
|
|||
|
||||
REM ------------------------------------------------------------
|
||||
|
||||
REM # Debug OIDC OAuth2 etc.
|
||||
REM SET DEBUG=true
|
||||
|
||||
REM ------------------------------------------------------------
|
||||
|
||||
REM # LDAP_ENABLE : Enable or not the connection by the LDAP
|
||||
REM # example : LDAP_ENABLE=true
|
||||
REM SET LDAP_ENABLE=false
|
||||
|
|
|
|||
|
|
@ -20,6 +20,10 @@ function wekan_repo_check(){
|
|||
#while true; do
|
||||
wekan_repo_check
|
||||
cd .build/bundle
|
||||
#---------------------------------------------
|
||||
# Debug OIDC OAuth2 etc.
|
||||
#export DEBUG=true
|
||||
#---------------------------------------------
|
||||
export MONGO_URL='mongodb://127.0.0.1:27019/wekan'
|
||||
#---------------------------------------------
|
||||
# Production: https://example.com/wekan
|
||||
|
|
@ -41,7 +45,7 @@ function wekan_repo_check(){
|
|||
export WITH_API='true'
|
||||
#---------------------------------------------
|
||||
# CORS: Set Access-Control-Allow-Origin header. Example: *
|
||||
#- CORS=*
|
||||
#export CORS=*
|
||||
#---------------------------------------------
|
||||
## Optional: Integration with Matomo https://matomo.org that is installed to your server
|
||||
## The address of the server where Matomo is hosted:
|
||||
|
|
@ -68,28 +72,66 @@ function wekan_repo_check(){
|
|||
# Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
|
||||
export WEBHOOKS_ATTRIBUTES=''
|
||||
#---------------------------------------------
|
||||
# ==== OAUTH2 AZURE ====
|
||||
# https://github.com/wekan/wekan/wiki/Azure
|
||||
# 1) Register the application with Azure. Make sure you capture
|
||||
# the application ID as well as generate a secret key.
|
||||
# 2) Configure the environment variables. This differs slightly
|
||||
# by installation type, but make sure you have the following:
|
||||
#export OAUTH2_ENABLED=true
|
||||
# Application GUID captured during app registration:
|
||||
#export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
|
||||
# Secret key generated during app registration:
|
||||
#export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
#export OAUTH2_SERVER_URL=https://login.microsoftonline.com/
|
||||
#export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
|
||||
#export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
|
||||
#export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
|
||||
# The claim name you want to map to the unique ID field:
|
||||
#export OAUTH2_ID_MAP=email
|
||||
# The claim name you want to map to the username field:
|
||||
#export OAUTH2_USERNAME_MAP=email
|
||||
# The claim name you want to map to the full name field:
|
||||
#export OAUTH2_FULLNAME_MAP=name
|
||||
# Tthe claim name you want to map to the email field:
|
||||
#export OAUTH2_EMAIL_MAP=email
|
||||
#-----------------------------------------------------------------
|
||||
# ==== OAUTH2 KEYCLOAK ====
|
||||
# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
|
||||
#export OAUTH2_ENABLED=true
|
||||
#export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
|
||||
#export OAUTH2_SERVER_URL=<Keycloak server name>/auth
|
||||
#export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
|
||||
#export OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
|
||||
#export OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
|
||||
#export OAUTH2_SECRET=<keycloak client secret>
|
||||
#-----------------------------------------------------------------
|
||||
# ==== OAUTH2 DOORKEEPER ====
|
||||
# https://github.com/wekan/wekan/issues/1874
|
||||
# https://github.com/wekan/wekan/wiki/OAuth2
|
||||
# Enable the OAuth2 connection
|
||||
#export OAUTH2_ENABLED=true
|
||||
# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
|
||||
# OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
|
||||
# example: export OAUTH2_CLIENT_ID=abcde12345
|
||||
#export OAUTH2_CLIENT_ID=''
|
||||
# OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde
|
||||
# example: export OAUTH2_SECRET=54321abcde
|
||||
#export OAUTH2_SECRET=''
|
||||
# OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com
|
||||
# example: export OAUTH2_SERVER_URL=https://chat.example.com
|
||||
#export OAUTH2_SERVER_URL=''
|
||||
# OAuth2 Authorization Endpoint. Example: /oauth/authorize
|
||||
# example: export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
|
||||
#export OAUTH2_AUTH_ENDPOINT=''
|
||||
# OAuth2 Userinfo Endpoint. Example: /oauth/userinfo
|
||||
# example: export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
|
||||
#export OAUTH2_USERINFO_ENDPOINT=''
|
||||
# OAuth2 Token Endpoint. Example: /oauth/token
|
||||
# example: export OAUTH2_TOKEN_ENDPOINT=/oauth/token
|
||||
#export OAUTH2_TOKEN_ENDPOINT=''
|
||||
#---------------------------------------------
|
||||
# Debug OIDC OAuth2 etc.
|
||||
#export DEBUG=true
|
||||
# OAuth2 Client ID.
|
||||
#export OAUTH2_CLIENT_ID=abcde12345
|
||||
# OAuth2 Secret.
|
||||
#export OAUTH2_SECRET=54321abcde
|
||||
# OAuth2 Server URL.
|
||||
#export OAUTH2_SERVER_URL=https://chat.example.com
|
||||
# OAuth2 Authorization Endpoint.
|
||||
#export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
|
||||
# OAuth2 Userinfo Endpoint.
|
||||
#export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
|
||||
# OAuth2 Token Endpoint.
|
||||
#export OAUTH2_TOKEN_ENDPOINT=/oauth/token
|
||||
# OAuth2 ID Mapping
|
||||
#export OAUTH2_ID_MAP=
|
||||
# OAuth2 Username Mapping
|
||||
#export OAUTH2_USERNAME_MAP=
|
||||
# OAuth2 Fullname Mapping
|
||||
#export OAUTH2_FULLNAME_MAP=
|
||||
# OAuth2 Email Mapping
|
||||
#export OAUTH2_EMAIL_MAP=
|
||||
#---------------------------------------------
|
||||
# LDAP_ENABLE : Enable or not the connection by the LDAP
|
||||
# example : export LDAP_ENABLE=true
|
||||
|
|
@ -213,14 +255,14 @@ function wekan_repo_check(){
|
|||
#export LDAP_DEFAULT_DOMAIN=
|
||||
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
|
||||
# example : LOGOUT_WITH_TIMER=true
|
||||
#- LOGOUT_WITH_TIMER=
|
||||
#export LOGOUT_WITH_TIMER=
|
||||
# LOGOUT_IN : The number of days
|
||||
# example : LOGOUT_IN=1
|
||||
#- LOGOUT_IN=
|
||||
#- LOGOUT_ON_HOURS=
|
||||
#export LOGOUT_IN=
|
||||
#export LOGOUT_ON_HOURS=
|
||||
# LOGOUT_ON_MINUTES : The number of minutes
|
||||
# example : LOGOUT_ON_MINUTES=55
|
||||
#- LOGOUT_ON_MINUTES=
|
||||
#export LOGOUT_ON_MINUTES=
|
||||
|
||||
node main.js
|
||||
# & >> ../../wekan.log
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue