Merge branch 'edge' into meteor-1.8

.meteor/versions

@@ -147,7 +147,7 @@ retry@1.1.0
 routepolicy@1.1.0
 rzymek:fullcalendar@3.8.0
 salleman:accounts-oidc@1.0.10
-salleman:oidc@1.0.11
+salleman:oidc@1.0.12
 service-configuration@1.0.11
 session@1.2.0
 sha@1.0.9

CHANGELOG.md

@@ -1,3 +1,16 @@
+# v2.21 2019-02-12 Wekan release
+
+This release adds the following new features:
+
+- [Bump salleman-oidc to 1.0.12](https://github.com/wekan/wekan/commit/352e5c6cb07b1a09ef692af6f6c49c3b1f3e91c1). Thanks to danpatdav.
+- [Added parameters for OIDC claim mapping](https://github.com/wekan/wekan/commit/bdbbb12f967f7e4f605e6c3310290180f6c8c6d1).
+  These mapping parameters take advantage of new code in salleman-oidc 1.0.12 to override the default claim names provided by the userinfo endpoint.
+  Thanks to danpatdav.
+- [Add OIDC claim mapping parameters to docker-compose.yml/Snap/Source](https://github.com/wekan/wekan/commit/59314ab17d65e9579d2f29b32685b7777f2a06a1).
+  Thanks to xet7.
+
+Thanks to above GitHub users for their contributions.
+
 # v2.20 2019-02-11 Wekan release
 
 This release adds the following new features:

Dockerfile

@@ -26,6 +26,10 @@ ARG OAUTH2_SERVER_URL
 ARG OAUTH2_AUTH_ENDPOINT
 ARG OAUTH2_USERINFO_ENDPOINT
 ARG OAUTH2_TOKEN_ENDPOINT
+ARG OAUTH2_ID_MAP
+ARG OAUTH2_USERNAME_MAP
+ARG OAUTH2_FULLNAME_MAP
+ARG OAUTH2_EMAIL_MAP
 ARG LDAP_ENABLE
 ARG LDAP_PORT
 ARG LDAP_HOST
@@ -101,6 +105,10 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
     OAUTH2_AUTH_ENDPOINT="" \
     OAUTH2_USERINFO_ENDPOINT="" \
     OAUTH2_TOKEN_ENDPOINT="" \
+    OAUTH2_ID_MAP="" \
+    OAUTH2_USERNAME_MAP="" \
+    OAUTH2_FULLNAME_MAP="" \
+    OAUTH2_EMAIL_MAP="" \
     LDAP_ENABLE=false \
     LDAP_PORT=389 \
     LDAP_HOST="" \

Stackerfile.yml

@@ -1,5 +1,5 @@
 appId: wekan-public/apps/77b94f60-dec9-0136-304e-16ff53095928
-appVersion: "v2.20.0"
+appVersion: "v2.21.0"
 files:
   userUploads:
     - README.md

docker-compose.yml

@@ -219,23 +219,19 @@ services:
       - WITH_API=true
       #-----------------------------------------------------------------
       # ==== CORS =====
-      # CORS: Set Access-Control-Allow-Origin header. Example: *
+      # CORS: Set Access-Control-Allow-Origin header.
       #- CORS=*
       #-----------------------------------------------------------------
       # ==== MATOMO INTEGRATION ====
       # Optional: Integration with Matomo https://matomo.org that is installed to your server
       # The address of the server where Matomo is hosted.
-      # example: - MATOMO_ADDRESS=https://example.com/matomo
+      #- MATOMO_ADDRESS=https://example.com/matomo
-      #- MATOMO_ADDRESS=
       # The value of the site ID given in Matomo server for Wekan
-      # example: - MATOMO_SITE_ID=12345
+      #- MATOMO_SITE_ID=1
-      #- MATOMO_SITE_ID=
       # The option do not track which enables users to not be tracked by matomo
-      # example:  - MATOMO_DO_NOT_TRACK=false
+      #- MATOMO_DO_NOT_TRACK=true
-      #- MATOMO_DO_NOT_TRACK=
       # The option that allows matomo to retrieve the username:
-      # example: MATOMO_WITH_USERNAME=true
+      #- MATOMO_WITH_USERNAME=true
-      #- MATOMO_WITH_USERNAME=false
       #-----------------------------------------------------------------
       # ==== BROWSER POLICY AND TRUSTED IFRAME URL ====
       # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
@@ -243,41 +239,75 @@ services:
       # and allows all iframing etc. See wekan/server/policy.js
       - BROWSER_POLICY_ENABLED=true
       # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
-      #- TRUSTED_URL=
+      #- TRUSTED_URL=https://intra.example.com
       #-----------------------------------------------------------------
       # ==== OUTGOING WEBHOOKS ====
       # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
-      # example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
+      #- WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
-      #- WEBHOOKS_ATTRIBUTES=
       #-----------------------------------------------------------------
-      # ==== OAUTH2 ONLY WITH OIDC AND DOORKEEPER AS INDENTITY PROVIDER
+      # ==== Debug OIDC OAuth2 etc ====
+      #- DEBUG=true
+      #-----------------------------------------------------------------
+      # ==== OAUTH2 AZURE ====
+      # https://github.com/wekan/wekan/wiki/Azure
+      # 1) Register the application with Azure. Make sure you capture
+      #    the application ID as well as generate a secret key.
+      # 2) Configure the environment variables. This differs slightly
+      #     by installation type, but make sure you have the following:
+      #- OAUTH2_ENABLED=true
+      # Application GUID captured during app registration:
+      #- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
+      # Secret key generated during app registration:
+      #- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+      #- OAUTH2_SERVER_URL=https://login.microsoftonline.com/
+      #- OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
+      #- OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
+      #- OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
+      # The claim name you want to map to the unique ID field:
+      #- OAUTH2_ID_MAP=email
+      # The claim name you want to map to the username field:
+      #- OAUTH2_USERNAME_MAP=email
+      # The claim name you want to map to the full name field:
+      #- OAUTH2_FULLNAME_MAP=name
+      # Tthe claim name you want to map to the email field:
+      #- OAUTH2_EMAIL_MAP=email
+      #-----------------------------------------------------------------
+      # ==== OAUTH2 KEYCLOAK ====
+      # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
+      #- OAUTH2_ENABLED=true
+      #- OAUTH2_CLIENT_ID=<Keycloak create Client ID>
+      #- OAUTH2_SERVER_URL=<Keycloak server name>/auth
+      #- OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
+      #- OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
+      #- OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
+      #- OAUTH2_SECRET=<keycloak client secret>
+      #-----------------------------------------------------------------
+      # ==== OAUTH2 DOORKEEPER ====
       # https://github.com/wekan/wekan/issues/1874
       # https://github.com/wekan/wekan/wiki/OAuth2
       # Enable the OAuth2 connection
-      # example: OAUTH2_ENABLED=true
+      #- OAUTH2_ENABLED=true
-      #- OAUTH2_ENABLED=false
       # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
-      # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
+      # OAuth2 Client ID.
-      # example: OAUTH2_CLIENT_ID=abcde12345
+      #- OAUTH2_CLIENT_ID=abcde12345
-      #- OAUTH2_CLIENT_ID=
+      # OAuth2 Secret.
-      # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde
+      #- OAUTH2_SECRET=54321abcde
-      # example: OAUTH2_SECRET=54321abcde
+      # OAuth2 Server URL.
-      #- OAUTH2_SECRET=
+      #- OAUTH2_SERVER_URL=https://chat.example.com
-      # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com
+      # OAuth2 Authorization Endpoint.
-      # example: OAUTH2_SERVER_URL=https://chat.example.com
+      #- OAUTH2_AUTH_ENDPOINT=/oauth/authorize
-      #- OAUTH2_SERVER_URL=
+      # OAuth2 Userinfo Endpoint.
-      # OAuth2 Authorization Endpoint. Example: /oauth/authorize
+      #- OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
-      # example: OAUTH2_AUTH_ENDPOINT=/oauth/authorize
+      # OAuth2 Token Endpoint.
-      #- OAUTH2_AUTH_ENDPOINT=
+      #- OAUTH2_TOKEN_ENDPOINT=/oauth/token
-      # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo
+      # OAuth2 ID Mapping
-      # example: OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
+      #- OAUTH2_ID_MAP=
-      #- OAUTH2_USERINFO_ENDPOINT=
+      # OAuth2 Username Mapping
-      # OAuth2 Token Endpoint. Example: /oauth/token
+      #- OAUTH2_USERNAME_MAP=
-      # example: OAUTH2_TOKEN_ENDPOINT=/oauth/token
+      # OAuth2 Fullname Mapping
-      #- OAUTH2_TOKEN_ENDPOINT=
+      #- OAUTH2_FULLNAME_MAP=
-      #-----------------------------------------------------------------
+      # OAuth2 Email Mapping
-      # Debug OIDC OAuth2 etc
+      #- OAUTH2_EMAIL_MAP=
-      #- DEBUG=true
       #-----------------------------------------------------------------
       # ==== LDAP ====
       # https://github.com/wekan/wekan/wiki/LDAP

package.json

@@ -1,6 +1,6 @@
 {
   "name": "wekan",
-  "version": "v2.20.0",
+  "version": "v2.21.0",
   "description": "Open-Source kanban",
   "private": true,
   "scripts": {

releases/virtualbox/start-wekan.sh

@@ -1,29 +1,33 @@
 # If you want to restart even on crash, uncomment while and done lines.
 
 #while true; do
-	cd ~/repos/wekan/.build/bundle
+        cd ~/repos/wekan/.build/bundle
-	export MONGO_URL='mongodb://127.0.0.1:27017/admin'
+        #---------------------------------------------
+        # Debug OIDC OAuth2 etc.
+        #export export DEBUG=true
+        #---------------------------------------------
+        export MONGO_URL='mongodb://127.0.0.1:27017/admin'
         # ROOT_URL EXAMPLES FOR WEBSERVERS: https://github.com/wekan/wekan/wiki/Settings
-	# Production: https://example.com/wekan
+        # Production: https://example.com/wekan
-	# Local: http://localhost:3000
+        # Local: http://localhost:3000
-	#export ipaddress=$(ifdata -pa eth0)
+        #export ipaddress=$(ifdata -pa eth0)
-	export ROOT_URL='http://localhost'
+        export ROOT_URL='http://localhost'
         #---------------------------------------------
         # Working email IS NOT REQUIRED to use Wekan.
         # https://github.com/wekan/wekan/wiki/Adding-users
-	# https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
+        # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
-	# https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml
+        # https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml
-	export MAIL_URL='smtp://user:pass@mailserver.example.com:25/'
+        export MAIL_URL='smtp://user:pass@mailserver.example.com:25/'
-	export MAIL_FROM='Wekan Support <support@example.com>'
+        export MAIL_FROM='Wekan Support <support@example.com>'
-	# This is local port where Wekan Node.js runs, same as below on Caddyfile settings.
+        # This is local port where Wekan Node.js runs, same as below on Caddyfile settings.
-	export PORT=80
+        export PORT=80
         #---------------------------------------------
-	# Wekan Export Board works when WITH_API='true'.
+        # Wekan Export Board works when WITH_API='true'.
         # If you disable Wekan API, Export Board does not work.
-	export WITH_API='true'
+        export WITH_API='true'
         #---------------------------------------------
         # CORS: Set Access-Control-Allow-Origin header. Example: *
-        #- CORS=*
+        #export CORS=*
         #---------------------------------------------
         ## Optional: Integration with Matomo https://matomo.org that is installed to your server
         ## The address of the server where Matomo is hosted:
@@ -39,39 +43,77 @@
         # Example: export MATOMO_WITH_USERNAME=true
         #export MATOMO_WITH_USERNAME='false'
         # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
-	# Setting this to false is not recommended, it also disables all other browser policy protections
+        # Setting this to false is not recommended, it also disables all other browser policy protections
-	# and allows all iframing etc. See wekan/server/policy.js
+        # and allows all iframing etc. See wekan/server/policy.js
-	# Default value: true
+        # Default value: true
-	export BROWSER_POLICY_ENABLED=true
+        export BROWSER_POLICY_ENABLED=true
         # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
-	# Example: export TRUSTED_URL=http://example.com
+        # Example: export TRUSTED_URL=http://example.com
         export TRUSTED_URL=''
         # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
         # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
-	export WEBHOOKS_ATTRIBUTES=''
+        export WEBHOOKS_ATTRIBUTES=''
         #---------------------------------------------
+        # ==== OAUTH2 AZURE ====
+        # https://github.com/wekan/wekan/wiki/Azure
+        # 1) Register the application with Azure. Make sure you capture
+        #    the application ID as well as generate a secret key.
+        # 2) Configure the environment variables. This differs slightly
+        #     by installation type, but make sure you have the following:
+        #export OAUTH2_ENABLED=true
+        # Application GUID captured during app registration:
+        #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
+        # Secret key generated during app registration:
+        #export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+        #export OAUTH2_SERVER_URL=https://login.microsoftonline.com/
+        #export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
+        #export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
+        #export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
+        # The claim name you want to map to the unique ID field:
+        #export OAUTH2_ID_MAP=email
+        # The claim name you want to map to the username field:
+        #export OAUTH2_USERNAME_MAP=email
+        # The claim name you want to map to the full name field:
+        #export OAUTH2_FULLNAME_MAP=name
+        # Tthe claim name you want to map to the email field:
+        #export OAUTH2_EMAIL_MAP=email
+        #-----------------------------------------------------------------
+        # ==== OAUTH2 KEYCLOAK ====
+        # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
+        #export OAUTH2_ENABLED=true
+        #export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
+        #export OAUTH2_SERVER_URL=<Keycloak server name>/auth
+        #export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
+        #export OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
+        #export OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
+        #export OAUTH2_SECRET=<keycloak client secret>
+        #-----------------------------------------------------------------
+        # ==== OAUTH2 DOORKEEPER ====
+        # https://github.com/wekan/wekan/issues/1874
+        # https://github.com/wekan/wekan/wiki/OAuth2
+        # Enable the OAuth2 connection
+        #export OAUTH2_ENABLED=true
         # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
-        # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
+        # OAuth2 Client ID.
-        # example: export OAUTH2_CLIENT_ID=abcde12345
+        #export OAUTH2_CLIENT_ID=abcde12345
-        #export OAUTH2_CLIENT_ID=''
+        # OAuth2 Secret.
-        # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde
+        #export OAUTH2_SECRET=54321abcde
-        # example: export OAUTH2_SECRET=54321abcde
+        # OAuth2 Server URL.
-        #export OAUTH2_SECRET=''
+        #export OAUTH2_SERVER_URL=https://chat.example.com
-        # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com
+        # OAuth2 Authorization Endpoint.
-        # example: export OAUTH2_SERVER_URL=https://chat.example.com
+        #export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
-        #export OAUTH2_SERVER_URL=''
+        # OAuth2 Userinfo Endpoint.
-        # OAuth2 Authorization Endpoint. Example: /oauth/authorize
+        #export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
-        # example: export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
+        # OAuth2 Token Endpoint.
-        #export OAUTH2_AUTH_ENDPOINT=''
+        #export OAUTH2_TOKEN_ENDPOINT=/oauth/token
-        # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo
+        # OAuth2 ID Mapping
-        # example: export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
+        #export OAUTH2_ID_MAP=
-        #export OAUTH2_USERINFO_ENDPOINT=''
+        # OAuth2 Username Mapping
-        # OAuth2 Token Endpoint. Example: /oauth/token
+        #export OAUTH2_USERNAME_MAP=
-        # example: export OAUTH2_TOKEN_ENDPOINT=/oauth/token
+        # OAuth2 Fullname Mapping
-        #export OAUTH2_TOKEN_ENDPOINT=''
+        #export OAUTH2_FULLNAME_MAP=
-        #---------------------------------------------
+        # OAuth2 Email Mapping
-        # Debug OIDC OAuth2 etc.
+        #export OAUTH2_EMAIL_MAP=
-        #export DEBUG=true
         #---------------------------------------------
         # LDAP_ENABLE : Enable or not the connection by the LDAP
         # example :  export LDAP_ENABLE=true
@@ -195,15 +237,15 @@
         #export LDAP_DEFAULT_DOMAIN=
         # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
         # example : LOGOUT_WITH_TIMER=true
-        #- LOGOUT_WITH_TIMER=
+        #export LOGOUT_WITH_TIMER=
         # LOGOUT_IN : The number of days
         # example : LOGOUT_IN=1
-        #- LOGOUT_IN=
+        #export LOGOUT_IN=
-        #- LOGOUT_ON_HOURS=
+        #export LOGOUT_ON_HOURS=
         # LOGOUT_ON_MINUTES : The number of minutes
         # example : LOGOUT_ON_MINUTES=55
-        #- LOGOUT_ON_MINUTES=
+        #export LOGOUT_ON_MINUTES=
 
-	node main.js & >> ~/repos/wekan.log
+        node main.js & >> ~/repos/wekan.log
-	cd ~/repos
+        cd ~/repos
 #done

sandstorm-pkgdef.capnp

@@ -22,10 +22,10 @@ const pkgdef :Spk.PackageDefinition = (
     appTitle = (defaultText = "Wekan"),
     # The name of the app as it is displayed to the user.
 
-    appVersion = 222,
+    appVersion = 223,
     # Increment this for every release.
 
-    appMarketingVersion = (defaultText = "2.20.0~2019-02-11"),
+    appMarketingVersion = (defaultText = "2.21.0~2019-02-12"),
     # Human-readable presentation of the app version.
 
     minUpgradableAppVersion = 0,

snap-src/bin/config

@@ -3,9 +3,13 @@
 # All supported keys are defined here together with descriptions and default values
 
 # list of supported keys
-keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD DEBUG"
+keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
 
 # default values
+DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
+DEFAULT_DEBUG="false"
+KEY_DEBUG="debug"
+
 DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\
 "\t\t\t Default behaviour will preffer binding over unix socket, to disable unix socket binding set value to 'nill' string\n"\
 "\t\t\t To bind to instance of mongodb provided through content interface,set value to relative path to the socket inside '$SNAP_DATA/shared' directory"
@@ -114,6 +118,26 @@ DESCRIPTION_OAUTH2_TOKEN_ENDPOINT="OAuth2 token endpoint. Example: /oauth/token"
 DEFAULT_OAUTH2_TOKEN_ENDPOINT=""
 KEY_OAUTH2_TOKEN_ENDPOINT="oauth2-token-endpoint"
 
+DESCRIPTION_OAUTH2_ID_MAP="OAuth2 ID Mapping. Example: email"
+DEFAULT_OAUTH2_ID_MAP=""
+KEY_OAUTH2_ID_MAP="oauth2-id-map"
+
+DESCRIPTION_OAUTH2_USERNAME_MAP="OAuth2 Username Mapping. Example: email"
+DEFAULT_OAUTH2_USERNAME_MAP=""
+KEY_OAUTH2_USERNAME_MAP="oauth2-username-map"
+
+DESCRIPTION_OAUTH2_FULLNAME_MAP="OAuth2 Fullname Mapping. Example: name"
+DEFAULT_OAUTH2_FULLNAME_MAP=""
+KEY_OAUTH2_FULLNAME_MAP="oauth2-fullname-map"
+
+DESCRIPTION_OAUTH2_FULLNAME_MAP="OAuth2 Fullname Mapping. Example: name"
+DEFAULT_OAUTH2_FULLNAME_MAP=""
+KEY_OAUTH2_FULLNAME_MAP="oauth2-fullname-map"
+
+DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email"
+DEFAULT_OAUTH2_EMAIL_MAP=""
+KEY_OAUTH2_EMAIL_MAP="oauth2-email-map"
+
 DESCRIPTION_LDAP_ENABLE="Enable or not the connection by the LDAP"
 DEFAULT_LDAP_ENABLE="false"
 KEY_LDAP_ENABLE="ldap-enable"
@@ -293,7 +317,3 @@ KEY_LOGOUT_ON_MINUTES="logout-on-minutes"
 DESCRIPTION_DEFAULT_AUTHENTICATION_METHOD="The default authentication method used if a user does not exist to create and authenticate. Method can be password or ldap."
 DEFAULT_DEFAULT_AUTHENTICATION_METHOD=""
 KEY_DEFAULT_AUTHENTICATION_METHOD="default-authentication-method"
-
-DESCRIPTION_DEBUG="Debug OIDC etc. Example: sudo snap set wekan debug='true'"
-DEFAULT_DEBUG="false"
-KEY_DEBUG="debug"

snap-src/bin/wekan-help

@@ -8,6 +8,13 @@ if [ "$CADDY_ENABLED" = "true" ]; then
 fi
 
 echo -e "Wekan: The open-source kanban.\n"
+echo -e "\n"
+echo -e "Debug OIDC OAuth2 etc."
+echo -e "To enable the Debug of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME debug='true'"
+echo -e "\t-Disable the Debug of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME debug='false'"
+echo -e "\n"
 echo -e "Make sure you have connected all interfaces, check more by calling $ snap interfaces ${SNAP_NAME}"
 echo -e "\n"
 echo -e "${SNAP_NAME} has multiple services, to check status use systemctl"
@@ -29,256 +36,268 @@ echo -e "\t\t-disable mongodb in $SNAP_NAME by calling: $ snap set $SNAP_NAME se
 echo -e "\t\t-set mongodb-bind-unix-socket to point to serving mongodb. Use relative path inside shared directory, e.g run/mongodb-27017.sock"
 echo -e "\n"
 echo -e "To enable the API of wekan:"
-echo -e "\t$ snap set $SNAP_NAME WITH_API='true'"
+echo -e "\t$ snap set $SNAP_NAME with-api='true'"
 echo -e "\t-Disable the API:"
-echo -e "\t$ snap set $SNAP_NAME WITH_API='false'"
+echo -e "\t$ snap set $SNAP_NAME with-api='false'"
 echo -e "\n"
 echo -e "To enable the CORS of wekan, to set Access-Control-Allow-Origin header:"
-echo -e "\t$ snap set $SNAP_NAME CORS='*'"
+echo -e "\t$ snap set $SNAP_NAME cors='*'"
 echo -e "\t-Disable the CORS:"
-echo -e "\t$ snap set $SNAP_NAME CORS=''"
+echo -e "\t$ snap set $SNAP_NAME cors=''"
 echo -e "\n"
 echo -e "Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside."
 echo -e "\t\t Setting this to false is not recommended, it also disables all other browser policy protections"
 echo -e "\t\t and allows all iframing etc. See wekan/server/policy.js"
-echo -e "To enable the Content Policy of Wekan:"
+echo -e "To enable the Browser Policy of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME CONTENT_POLICY_ENABLED='true'"
+echo -e "\t$ snap set $SNAP_NAME browser-policy-enabled='true'"
-echo -e "\t-Disable the Content Policy of Wekan:"
+echo -e "\t-Disable the Browser Policy of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME CONTENT_POLICY_ENABLED='false'"
+echo -e "\t$ snap set $SNAP_NAME browser-policy-enabled='false'"
 echo -e "\n"
 echo -e "When browser policy is enabled, HTML code at this URL can have iframe that embeds Wekan inside."
 echo -e "To enable the Trusted URL of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME TRUSTED_URL='https://example.com'"
+echo -e "\t$ snap set $SNAP_NAME trusted-url='https://example.com'"
 echo -e "\t-Disable the Trusted URL of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME TRUSTED_URL=''"
+echo -e "\t$ snap set $SNAP_NAME trusted-url=''"
 echo -e "\n"
 echo -e "What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId ."
 echo -e "To enable the Webhooks Attributes of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME WEBHOOKS_ATTRIBUTES='cardId,listId,oldListId,boardId,comment,user,card,commentId'"
+echo -e "\t$ snap set $SNAP_NAME webhooks-attributes='cardId,listId,oldListId,boardId,comment,user,card,commentId'"
 echo -e "\t-Disable the Webhooks Attributes of Wekan to send all default ones:"
-echo -e "\t$ snap set $SNAP_NAME WEBHOOKS_ATTRIBUTES=''"
+echo -e "\t$ snap set $SNAP_NAME webhooks-attributes=''"
 echo -e "\n"
-echo -e "OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345"
+echo -e "OAuth2 Client ID."
 echo -e "To enable the OAuth2 Client ID of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_CLIENT_ID='54321abcde'"
+echo -e "\t$ snap set $SNAP_NAME oauth2-client-id='54321abcde'"
 echo -e "\t-Disable the OAuth2 Client ID of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_CLIENT_ID=''"
+echo -e "\t$ snap set $SNAP_NAME oauth2-client-id=''"
 echo -e "\n"
-echo -e "OAuth2 Secret, for example from Rocket.Chat. Example: 54321abcde"
+echo -e "OAuth2 Secret."
 echo -e "To enable the OAuth2 Secret of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_SECRET='54321abcde'"
+echo -e "\t$ snap set $SNAP_NAME oauth2-secret='54321abcde'"
 echo -e "\t-Disable the OAuth2 Secret of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_SECRET=''"
+echo -e "\t$ snap set $SNAP_NAME oauth2-secret=''"
 echo -e "\n"
-echo -e "OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com"
+echo -e "OAuth2 Server URL."
 echo -e "To enable the OAuth2 Server URL of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_SERVER_URL='https://chat.example.com'"
+echo -e "\t$ snap set $SNAP_NAME oauth2-server-url='https://chat.example.com'"
 echo -e "\t-Disable the OAuth2 Server URL of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_SERVER_URL=''"
+echo -e "\t$ snap set $SNAP_NAME oauth2-server-url=''"
 echo -e "\n"
-echo -e "OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com"
+echo -e "OAuth2 Authorization Endpoint."
-echo -e "To enable the OAuth2 Server URL of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_SERVER_URL='https://chat.example.com'"
-echo -e "\t-Disable the OAuth2 Server URL of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_SERVER_URL=''"
-echo -e "\n"
-echo -e "OAuth2 Authorization Endpoint. Example: /oauth/authorize"
 echo -e "To enable the OAuth2 Authorization Endpoint of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_AUTH_ENDPOINT='/oauth/authorize'"
+echo -e "\t$ snap set $SNAP_NAME oauth2-auth-endpoint='/oauth/authorize'"
 echo -e "\t-Disable the OAuth2 Authorization Endpoint of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_AUTH_ENDPOINT=''"
+echo -e "\t$ snap set $SNAP_NAME oauth2-auth-endpoint=''"
 echo -e "\n"
-echo -e "OAuth2 Userinfo Endpoint. Example: /oauth/userinfo"
+echo -e "OAuth2 Userinfo Endpoint."
 echo -e "To enable the OAuth2 Userinfo Endpoint of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_USERINFO_ENDPOINT='/oauth/authorize'"
+echo -e "\t$ snap set $SNAP_NAME oauth2-userinfo-endpoint='/oauth/authorize'"
 echo -e "\t-Disable the OAuth2 Userinfo Endpoint of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_USERINFO_ENDPOINT=''"
+echo -e "\t$ snap set $SNAP_NAME oauth2-userinfo-endpoint=''"
 echo -e "\n"
-echo -e "OAuth2 Token Endpoint. Example: /oauth/token"
+echo -e "OAuth2 Token Endpoint."
 echo -e "To enable the OAuth2 Token Endpoint of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_TOKEN_ENDPOINT='/oauth/token'"
+echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint='/oauth/token'"
 echo -e "\t-Disable the OAuth2 Token Endpoint of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME OAUTH2_TOKEN_ENDPOINT=''"
+echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint=''"
 echo -e "\n"
-echo -e "Debug OIDC OAuth2 etc."
+echo -e "OAuth2 ID Mapping."
-echo -e "To enable the Debug of Wekan:"
+echo -e "To enable the ID Mapping of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME DEBUG='true'"
+echo -e "\t$ snap set $SNAP_NAME oauth2-id-map='username.uid'"
-echo -e "\t-Disable the Debug of Wekan:"
+echo -e "\t-Disable the ID Mapping of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME DEBUG='false'"
+echo -e "\t$ snap set $SNAP_NAME oauth2-id-map=''"
+echo -e "\n"
+echo -e "OAuth2 Username Mapping."
+echo -e "To enable the Username Mapping of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-username-map='username'"
+echo -e "\t-Disable the Username Mapping of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-username-map=''"
+echo -e "\n"
+echo -e "OAuth2 Fullname Mapping."
+echo -e "To enable the Fullname Mapping of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map='fullname'"
+echo -e "\t-Disable the Fullname Mapping of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map=''"
+echo -e "\n"
+echo -e "OAuth2 Email Mapping."
+echo -e "To enable the Email Mapping of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-email-map='email'"
+echo -e "\t-Disable the Email Mapping of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-email-map=''"
 echo -e "\n"
 echo -e "Ldap Enable."
 echo -e "To enable the ldap of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_ENABLE='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-enable='true'"
 echo -e "\t-Disable the ldap of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_ENABLE='false'"
+echo -e "\t$ snap set $SNAP_NAME ldap-enable='false'"
 echo -e "\n"
 echo -e "Ldap Port."
 echo -e "The port of the ldap server:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_PORT='12345'"
+echo -e "\t$ snap set $SNAP_NAME ldap-port='12345'"
 echo -e "\n"
 echo -e "Ldap Host."
 echo -e "The host server for the LDAP server:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_HOST='localhost'"
+echo -e "\t$ snap set $SNAP_NAME ldap-host='localhost'"
 echo -e "\n"
 echo -e "Ldap Base Dn."
 echo -e "The base DN for the LDAP Tree:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_BASEDN='ou=user,dc=example,dc=org'"
+echo -e "\t$ snap set $SNAP_NAME ldap-basedn='ou=user,dc=example,dc=org'"
 echo -e "\n"
 echo -e "Ldap Login Fallback."
 echo -e "Fallback on the default authentication method:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_LOGIN_FALLBACK='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-login-fallback='true'"
 echo -e "\n"
 echo -e "Ldap Reconnect."
 echo -e "Reconnect to the server if the connection is lost:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_RECONNECT='false'"
+echo -e "\t$ snap set $SNAP_NAME ldap-reconnect='false'"
 echo -e "\n"
 echo -e "Ldap Timeout."
 echo -e "Overall timeout, in milliseconds:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_TIMEOUT='12345'"
+echo -e "\t$ snap set $SNAP_NAME ldap-timeout='12345'"
 echo -e "\n"
 echo -e "Ldap Idle Timeout."
 echo -e "Specifies the timeout for idle LDAP connections in milliseconds:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_IDLE_TIMEOUT='12345'"
+echo -e "\t$ snap set $SNAP_NAME ldap-idle-timeout='12345'"
 echo -e "\n"
 echo -e "Ldap Connect Timeout."
 echo -e "Connection timeout, in milliseconds:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_CONNECT_TIMEOUT='12345'"
+echo -e "\t$ snap set $SNAP_NAME ldap-connect-timeout='12345'"
 echo -e "\n"
 echo -e "Ldap Authentication."
 echo -e "If the LDAP needs a user account to search:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_AUTHENTIFICATION='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-authentication='true'"
 echo -e "\n"
 echo -e "Ldap Authentication User Dn."
 echo -e "The search user Dn:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_AUTHENTIFICATION_USERDN='cn=admin,dc=example,dc=org'"
+echo -e "\t$ snap set $SNAP_NAME ldap-authentication-userdn='cn=admin,dc=example,dc=org'"
 echo -e "\n"
 echo -e "Ldap Authentication Password."
 echo -e "The password for the search user:"
-echo -e "\t$ snap set $SNAP_NAME AUTHENTIFICATION_PASSWORD='admin'"
+echo -e "\t$ snap set $SNAP_NAME ldap-authentication-password='admin'"
 echo -e "\n"
 echo -e "Ldap Log Enabled."
 echo -e "Enable logs for the module:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_LOG_ENABLED='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-log-enabled='true'"
 echo -e "\n"
 echo -e "Ldap Background Sync."
 echo -e "If the sync of the users should be done in the background:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_BACKGROUND_SYNC='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-background-sync='true'"
 echo -e "\n"
 echo -e "Ldap Background Sync Interval."
 echo -e "At which interval does the background task sync in milliseconds:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_BACKGROUND_SYNC_INTERVAL='12345'"
+echo -e "\t$ snap set $SNAP_NAME ldap-background-sync-interval='12345'"
 echo -e "\n"
 echo -e "Ldap Background Sync Keep Existant Users Updated."
-echo -e "\t$ snap set $SNAP_NAME LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-background-sync-keep-existant-users-updated='true'"
 echo -e "\n"
 echo -e "Ldap Background Sync Import New Users."
-echo -e "\t$ snap set $SNAP_NAME LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-background-sync-import-new-users='true'"
 echo -e "\n"
 echo -e "Ldap Encryption."
 echo -e "Allow LDAPS:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_ENCRYPTION='ssl'"
+echo -e "\t$ snap set $SNAP_NAME ldap-encryption='ssl'"
 echo -e "\n"
 echo -e "Ldap Ca Cert."
 echo -e "The certification for the LDAPS server:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----"
+echo -e "\t$ snap set $SNAP_NAME ldap-ca-cert=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----"
 echo -e "\n"
 echo -e "Ldap Reject Unauthorized."
 echo -e "Reject Unauthorized Certificate:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_REJECT_UNAUTHORIZED='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-reject-unauthorized='true'"
 echo -e "\n"
 echo -e "Ldap User Search Filter."
 echo -e "Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_USER_SEARCH_FILTER=''"
+echo -e "\t$ snap set $SNAP_NAME ldap-user-search-filter=''"
 echo -e "\n"
 echo -e "Ldap User Search Scope."
 echo -e "base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree). Example: one"
-echo -e "\t$ snap set $SNAP_NAME LDAP_USER_SEARCH_SCOPE=one"
+echo -e "\t$ snap set $SNAP_NAME ldap-user-search-scope=one"
 echo -e "\n"
 echo -e "Ldap User Search Field."
 echo -e "Which field is used to find the user:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_USER_SEARCH_FIELD='uid'"
+echo -e "\t$ snap set $SNAP_NAME ldap-user-search-field='uid'"
 echo -e "\n"
 echo -e "Ldap Search Page Size."
 echo -e "Used for pagination (0=unlimited):"
-echo -e "\t$ snap set $SNAP_NAME LDAP_SEARCH_PAGE_SIZE='12345'"
+echo -e "\t$ snap set $SNAP_NAME ldap-search-page-size='12345'"
 echo -e "\n"
 echo -e "Ldap Search Size Limit."
 echo -e "The limit number of entries (0=unlimited):"
-echo -e "\t$ snap set $SNAP_NAME LDAP_SEARCH_SIZE_LIMIT='12345'"
+echo -e "\t$ snap set $SNAP_NAME ldap-search-size-limit='12345'"
 echo -e "\n"
 echo -e "Ldap Group Filter Enable."
 echo -e "Enable group filtering:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_ENABLE='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-enable='true'"
 echo -e "\n"
 echo -e "Ldap Group Filter ObjectClass."
 echo -e "The object class for filtering:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_OBJECTCLASS='group'"
+echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-objectclass='group'"
 echo -e "\n"
 echo -e "Ldap Group Filter Id Attribute."
-echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=''"
+echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-id-attribute=''"
 echo -e "\n"
 echo -e "Ldap Group Filter Member Attribute."
-echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=''"
+echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-member-attribute=''"
 echo -e "\n"
 echo -e "Ldap Group Filter Member Format."
-echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=''"
+echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-member-format=''"
 echo -e "\n"
 echo -e "Ldap Group Filter Group Name."
-echo -e "\t$ snap set $SNAP_NAME LDAP_GROUP_FILTER_GROUP_NAME=''"
+echo -e "\t$ snap set $SNAP_NAME ldap-group-filter-group-name=''"
 echo -e "\n"
 echo -e "Ldap Unique Identifier Field."
 echo -e "This field is sometimes class GUID (Globally Unique Identifier):"
-echo -e "\t$ snap set $SNAP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD=guid"
+echo -e "\t$ snap set $SNAP_NAME ldap-unique-identifier-field=guid"
 echo -e "\n"
 echo -e "Ldap Utf8 Names Slugify."
 echo -e "Convert the username to utf8:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_UTF8_NAMES_SLUGIFY='false'"
+echo -e "\t$ snap set $SNAP_NAME ldap-utf8-names-slugify='false'"
 echo -e "\n"
 echo -e "Ldap Username Field."
 echo -e "Which field contains the ldap username:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_USERNAME_FIELD='username'"
+echo -e "\t$ snap set $SNAP_NAME ldap-username-field='username'"
 echo -e "\n"
 echo -e "Ldap Fullname Field."
 echo -e "Which field contains the ldap fullname:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_FULLNAME_FIELD='fullname'"
+echo -e "\t$ snap set $SNAP_NAME ldap-fullname-field='fullname'"
 echo -e "\n"
 echo -e "Ldap Merge Existing Users."
-echo -e "\t$ snap set $SNAP_NAME LDAP_MERGE_EXISTING_USERS='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-merge-existing-users='true'"
 echo -e "\n"
 echo -e "Ldap Sync User Data."
 echo -e "Enable synchronization of user data:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_SYNC_USER_DATA='true'"
+echo -e "\t$ snap set $SNAP_NAME ldap-sync-user-data='true'"
 echo -e "\n"
 echo -e "Ldap Sync User Data Fieldmap."
 echo -e "A field map for the matching:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_SYNC_USER_DATA_FIELDMAP={\"cn\":\"name\", \"mail\":\"email\"}"
+echo -e "\t$ snap set $SNAP_NAME ldap-sync-user-data-fieldmap={\"cn\":\"name\", \"mail\":\"email\"}"
 echo -e "\n"
 echo -e "Ldap Sync Group Roles."
-echo -e "\t$ snap set $SNAP_NAME LDAP_SYNC_GROUP_ROLES=''"
+echo -e "\t$ snap set $SNAP_NAME ldap-sync-group-roles=''"
 echo -e "\n"
 echo -e "Ldap Default Domain."
 echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:"
-echo -e "\t$ snap set $SNAP_NAME LDAP_DEFAULT_DOMAIN=''"
+echo -e "\t$ snap set $SNAP_NAME ldap-default-domain=''"
 echo -e "\n"
 # echo -e "Logout with timer."
 # echo -e "Enable or not the option that allows to disconnect an user after a given time:"
-# echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'"
+# echo -e "\t$ snap set $SNAP_NAME logout-with-timer='true'"
 # echo -e "\n"
 # echo -e "Logout in."
 # echo -e "Logout in how many days:"
-# echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'"
+# echo -e "\t$ snap set $SNAP_NAME logout-in='1'"
 # echo -e "\n"
 # echo -e "Logout on hours."
 # echo -e "Logout in how many hours:"
-# echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'"
+# echo -e "\t$ snap set $SNAP_NAME logout-on-hours='9'"
 # echo -e "\n"
 # echo -e "Logout on minutes."
 # echo -e "Logout in how many minutes:"
-# echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'"
+# echo -e "\t$ snap set $SNAP_NAME logout-on-minutes='5'"
 # echo -e "\n"
 echo -e "Default authentication method."
 echo -e "The default authentication method used if a user does not exist to create and authenticate. Method can be password or ldap."
-echo -e "\t$ snap set $SNAP_NAME DEFAULT_AUTHENTICATION_METHOD='ldap'"
+echo -e "\t$ snap set $SNAP_NAME default-authentication-method='ldap'"
 echo -e "\n"
 # parse config file for supported settings keys
 echo -e "wekan supports settings keys"

start-wekan.bat

@@ -1,3 +1,10 @@
+REM ------------------------------------------------------------
+
+REM # Debug OIDC OAuth2 etc.
+REM SET DEBUG=true
+
+REM ------------------------------------------------------------
+
 SET MONGO_URL=mongodb://127.0.0.1:27017/wekan
 SET ROOT_URL=http://127.0.0.1:2000/
 SET MAIL_URL=smtp://user:pass@mailserver.example.com:25/
@@ -69,11 +76,6 @@ REM SET OAUTH2_TOKEN_ENDPOINT=
 
 REM ------------------------------------------------------------
 
-REM # Debug OIDC OAuth2 etc.
-REM SET DEBUG=true
-
-REM ------------------------------------------------------------
-
 REM # LDAP_ENABLE : Enable or not the connection by the LDAP
 REM # example : LDAP_ENABLE=true
 REM SET LDAP_ENABLE=false

start-wekan.sh

@@ -20,6 +20,10 @@ function wekan_repo_check(){
 #while true; do
       wekan_repo_check
       cd .build/bundle
+      #---------------------------------------------
+      # Debug OIDC OAuth2 etc.
+      #export DEBUG=true
+      #---------------------------------------------
       export MONGO_URL='mongodb://127.0.0.1:27019/wekan'
       #---------------------------------------------
       # Production: https://example.com/wekan
@@ -41,7 +45,7 @@ function wekan_repo_check(){
       export WITH_API='true'
       #---------------------------------------------
       # CORS: Set Access-Control-Allow-Origin header. Example: *
-      #- CORS=*
+      #export CORS=*
       #---------------------------------------------
       ## Optional: Integration with Matomo https://matomo.org that is installed to your server
       ## The address of the server where Matomo is hosted:
@@ -68,28 +72,66 @@ function wekan_repo_check(){
       # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
       export WEBHOOKS_ATTRIBUTES=''
       #---------------------------------------------
+            # ==== OAUTH2 AZURE ====
+      # https://github.com/wekan/wekan/wiki/Azure
+      # 1) Register the application with Azure. Make sure you capture
+      #    the application ID as well as generate a secret key.
+      # 2) Configure the environment variables. This differs slightly
+      #     by installation type, but make sure you have the following:
+      #export OAUTH2_ENABLED=true
+      # Application GUID captured during app registration:
+      #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
+      # Secret key generated during app registration:
+      #export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+      #export OAUTH2_SERVER_URL=https://login.microsoftonline.com/
+      #export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
+      #export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
+      #export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
+      # The claim name you want to map to the unique ID field:
+      #export OAUTH2_ID_MAP=email
+      # The claim name you want to map to the username field:
+      #export OAUTH2_USERNAME_MAP=email
+      # The claim name you want to map to the full name field:
+      #export OAUTH2_FULLNAME_MAP=name
+      # Tthe claim name you want to map to the email field:
+      #export OAUTH2_EMAIL_MAP=email
+      #-----------------------------------------------------------------
+      # ==== OAUTH2 KEYCLOAK ====
+      # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
+      #export OAUTH2_ENABLED=true
+      #export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
+      #export OAUTH2_SERVER_URL=<Keycloak server name>/auth
+      #export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
+      #export OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
+      #export OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
+      #export OAUTH2_SECRET=<keycloak client secret>
+      #-----------------------------------------------------------------
+      # ==== OAUTH2 DOORKEEPER ====
+      # https://github.com/wekan/wekan/issues/1874
+      # https://github.com/wekan/wekan/wiki/OAuth2
+      # Enable the OAuth2 connection
+      #export OAUTH2_ENABLED=true
       # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
-      # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
+      # OAuth2 Client ID.
-      # example: export OAUTH2_CLIENT_ID=abcde12345
+      #export OAUTH2_CLIENT_ID=abcde12345
-      #export OAUTH2_CLIENT_ID=''
+      # OAuth2 Secret.
-      # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde
+      #export OAUTH2_SECRET=54321abcde
-      # example: export OAUTH2_SECRET=54321abcde
+      # OAuth2 Server URL.
-      #export OAUTH2_SECRET=''
+      #export OAUTH2_SERVER_URL=https://chat.example.com
-      # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com
+      # OAuth2 Authorization Endpoint.
-      # example: export OAUTH2_SERVER_URL=https://chat.example.com
+      #export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
-      #export OAUTH2_SERVER_URL=''
+      # OAuth2 Userinfo Endpoint.
-      # OAuth2 Authorization Endpoint. Example: /oauth/authorize
+      #export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
-      # example: export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
+      # OAuth2 Token Endpoint.
-      #export OAUTH2_AUTH_ENDPOINT=''
+      #export OAUTH2_TOKEN_ENDPOINT=/oauth/token
-      # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo
+      # OAuth2 ID Mapping
-      # example: export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
+      #export OAUTH2_ID_MAP=
-      #export OAUTH2_USERINFO_ENDPOINT=''
+      # OAuth2 Username Mapping
-      # OAuth2 Token Endpoint. Example: /oauth/token
+      #export OAUTH2_USERNAME_MAP=
-      # example: export OAUTH2_TOKEN_ENDPOINT=/oauth/token
+      # OAuth2 Fullname Mapping
-      #export OAUTH2_TOKEN_ENDPOINT=''
+      #export OAUTH2_FULLNAME_MAP=
-      #---------------------------------------------
+      # OAuth2 Email Mapping
-      # Debug OIDC OAuth2 etc.
+      #export OAUTH2_EMAIL_MAP=
-      #export DEBUG=true
       #---------------------------------------------
       # LDAP_ENABLE : Enable or not the connection by the LDAP
       # example :  export LDAP_ENABLE=true
@@ -213,14 +255,14 @@ function wekan_repo_check(){
       #export LDAP_DEFAULT_DOMAIN=
       # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
       # example : LOGOUT_WITH_TIMER=true
-      #- LOGOUT_WITH_TIMER=
+      #export LOGOUT_WITH_TIMER=
       # LOGOUT_IN : The number of days
       # example : LOGOUT_IN=1
-      #- LOGOUT_IN=
+      #export LOGOUT_IN=
-      #- LOGOUT_ON_HOURS=
+      #export LOGOUT_ON_HOURS=
       # LOGOUT_ON_MINUTES : The number of minutes
       # example : LOGOUT_ON_MINUTES=55
-      #- LOGOUT_ON_MINUTES=
+      #export LOGOUT_ON_MINUTES=
 
       node main.js
       # & >> ../../wekan.log