revert changes for patch authentication

2025-04-22 21:17:18 -04:00 · 2018-11-22 18:00:21 +01:00 · 2018-11-22 18:00:21 +01:00 · f23448be33
commit f23448be33
parent a27c16e434
11 changed files with 133 additions and 52 deletions
--- a/.meteor/packages
+++ b/.meteor/packages
@ -89,3 +89,4 @@ mquandalle:moment
 msavin:usercache
 wekan:wekan-ldap
 wekan:accounts-cas
+msavin:sjobs
--- a/.meteor/versions
+++ b/.meteor/versions
@ -117,6 +117,7 @@ mquandalle:jquery-ui-drag-drop-sort@0.2.0
 mquandalle:moment@1.0.1
 mquandalle:mousetrap-bindglobal@0.0.1
 mquandalle:perfect-scrollbar@0.6.5_2
+msavin:sjobs@3.0.6
 msavin:usercache@1.0.0
 npm-bcrypt@0.9.3
 npm-mongo@2.2.33
--- a/8
+++ b/8
@ -65,6 +65,10 @@ ARG LDAP_SYNC_USER_DATA
 ARG LDAP_SYNC_USER_DATA_FIELDMAP
 ARG LDAP_SYNC_GROUP_ROLES
 ARG LDAP_DEFAULT_DOMAIN
+ARG LOGOUT_WITH_TIMER
+ARG LOGOUT_IN
+ARG LOGOUT_ON_HOURS
+ARG LOGOUT_ON_MINUTES

 # Set the environment variables (defaults where required)
 # DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303
@ -133,6 +137,10 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
    LDAP_SYNC_USER_DATA_FIELDMAP="" \
    LDAP_SYNC_GROUP_ROLES="" \
    LDAP_DEFAULT_DOMAIN=""
+    LOGOUT_WITH_TIMER="false" \
+    LOGOUT_IN="" \
+    LOGOUT_ON_HOURS="" \
+    LOGOUT_ON_MINUTES=""

 # Copy the app to the image
 COPY ${SRC_PATH} /home/wekan/app
--- a/client/components/main/layouts.jade
+++ b/client/components/main/layouts.jade
@ -23,7 +23,6 @@ template(name="userFormsLayout")
        br
    section.auth-dialog
      +Template.dynamic(template=content)
-      +connectionMethod
      if isCas
        .at-form
          button#cas(class='at-btn submit' type='submit') {{casSignInLabel}}
--- a/client/components/main/layouts.js
+++ b/client/components/main/layouts.js
@ -6,29 +6,14 @@ const i18nTagToT9n = (i18nTag) => {
  return i18nTag;
 };

-const validator = {
-  set(obj, prop, value) {
-    if (prop === 'state' && value !== 'signIn') {
-      $('.at-form-authentication').hide();
-    } else if (prop === 'state' && value === 'signIn') {
-      $('.at-form-authentication').show();
-    }
-    // The default behavior to store the value
-    obj[prop] = value;
-    // Indicate success
-    return true;
-  },
-};
-
 Template.userFormsLayout.onCreated(() => {
  Meteor.subscribe('setting');
-
+  Meteor.call('getDefaultAuthenticationMethod', (error, result) => {
+    this.data.defaultAuthenticationMethod = new ReactiveVar(error ? undefined : result);
+  });
 });

 Template.userFormsLayout.onRendered(() => {
-
-  AccountsTemplates.state.form.keys = new Proxy(AccountsTemplates.state.form.keys, validator);
-
  const i18nTag = navigator.language;
  if (i18nTag) {
    T9n.setLanguage(i18nTagToT9n(i18nTag));
@ -37,7 +22,6 @@ Template.userFormsLayout.onRendered(() => {
 });

 Template.userFormsLayout.helpers({
-
  currentSetting() {
    return Settings.findOne();
  },
@ -92,13 +76,14 @@ Template.userFormsLayout.events({
      }
    });
  },
-  'click #at-btn'(event) {
+  'click #at-btn'(event, instance) {
    /* All authentication method can be managed/called here.
       !! DON'T FORGET to correctly fill the fields of the user during its creation if necessary authenticationMethod : String !!
    */
-    const authenticationMethodSelected = $('.select-authentication').val();
-    // Local account
-    if (authenticationMethodSelected === 'password') {
+    const email = $('#at-field-username_and_email').val();
+    const password = $('#at-field-password').val();
+
+    if (FlowRouter.getRouteName() !== 'atSignIn' || password === '') {
      return;
    }

@ -106,29 +91,11 @@ Template.userFormsLayout.events({
    event.preventDefault();
    event.stopImmediatePropagation();

-    const email = $('#at-field-username_and_email').val();
-    const password = $('#at-field-password').val();
-
-    // Ldap account
-    if (authenticationMethodSelected === 'ldap') {
-      // Check if the user can use the ldap connection
-      Meteor.subscribe('user-authenticationMethod', email, {
-        onReady() {
-          const user = Users.findOne();
-          if (user === undefined || user.authenticationMethod === 'ldap') {
-            // Use the ldap connection package
-            Meteor.loginWithLDAP(email, password, function(error) {
-              if (!error) {
-                // Connection
-                return FlowRouter.go('/');
-              }
-              return error;
-            });
-          }
-          return this.stop();
-        },
-      });
-    }
+    Meteor.subscribe('user-authenticationMethod', email, {
+      onReady() { 
+        return authentication.call(this, instance, email, password);
+      },
+    });
  },
 });

@ -137,3 +104,33 @@ Template.defaultLayout.events({
    Modal.close();
  },
 });
+
+function authentication(instance, email, password) {
+  let user = Users.findOne();
+  // Authentication with password
+  if (user && user.authenticationMethod === 'password') {
+    $('#at-pwd-form').submit();
+    // Meteor.call('logoutWithTimer', user._id, () => {});
+    return this.stop();
+  }
+
+  // If user doesn't exist, uses the default authentication method if it defined
+  if (user === undefined) {
+    user = {
+      'authenticationMethod': instance.data.defaultAuthenticationMethod.get(),
+    };
+  }
+
+  // Authentication with LDAP
+  if (user.authenticationMethod === 'ldap') {
+    // Use the ldap connection package
+    Meteor.loginWithLDAP(email, password, function(error) {
+      if (!error) {
+        // Meteor.call('logoutWithTimer', Users.findOne()._id, () => {});
+        return FlowRouter.go('/');
+      }
+      return error;
+    });
+  }
+  return this.stop();
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -198,6 +198,18 @@ services:
      # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
      # example :
      #- LDAP_DEFAULT_DOMAIN=
+      # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
+      # example : LOGOUT_WITH_TIMER=true
+      #- LOGOUT_WITH_TIMER=
+      # LOGOUT_IN : The number of days
+      # example : LOGOUT_IN=1
+      #- LOGOUT_IN=
+      # LOGOUT_ON_HOURS : The number of hours
+      # example : LOGOUT_ON_HOURS=9
+      #- LOGOUT_ON_HOURS=
+      # LOGOUT_ON_MINUTES : The number of minutes
+      # example : LOGOUT_ON_MINUTES=55
+      #- LOGOUT_ON_MINUTES=

    depends_on:
      - wekandb
--- a/models/settings.js
+++ b/models/settings.js
@ -239,5 +239,35 @@ if (Meteor.isServer) {
        cas: isCasEnabled(),
      };
    },
+
+    getDefaultAuthenticationMethod() {
+      return process.env.DEFAULT_AUTHENTICATION_METHOD;
+    },
+
+    // TODO: patch error : did not check all arguments during call
+    logoutWithTimer(userId) {
+      if (process.env.LOGOUT_WITH_TIMER) {
+        Jobs.run('logOut', userId, {
+          in: {
+            days: process.env.LOGOUT_IN,
+          },
+          on: {
+            hour: process.env.LOGOUT_ON_HOURS,
+            minute: process.env.LOGOUT_ON_MINUTES,
+          },
+          priority: 1,
+        });
+      }
+    },
+  });
+  
+  Jobs.register({
+    logOut(userId) {
+      Meteor.users.update(
+        {_id: userId},
+        {$set: {'services.resume.loginTokens': []}}
+      );
+      this.success();
+    },
  });
 }
--- a/models/users.js
+++ b/models/users.js
@ -520,10 +520,10 @@ if (Meteor.isServer) {
    }

    const disableRegistration = Settings.findOne().disableRegistration;
-    // If ldap, bypass the inviation code if the self registration isn't allowed.
-    // TODO : pay attention if ldap field in the user model change to another content ex : ldap field to connection_type
-    if (options.ldap || !disableRegistration) {
-      user.authenticationMethod = 'ldap';
+    if (!disableRegistration) {
+      if (options.ldap) {
+        user.authenticationMethod = 'ldap';
+      }
      return user;
    }

--- a/server/publications/users.js
+++ b/server/publications/users.js
@ -22,6 +22,7 @@ Meteor.publish('user-authenticationMethod', function(match) {
  check(match, String);
  return Users.find({$or: [{_id: match}, {email: match}, {username: match}]}, {
    fields: {
+      '_id': 1,
      'authenticationMethod': 1,
    },
  });
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@ -3,7 +3,7 @@
 # All supported keys are defined here together with descriptions and default values

 # list of supported keys
-keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN"
+keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER, LOGOUT_IN, LOGOUT_ON_HOURS, LOGOUT_ON_MINUTES"

 # default values
 DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\
@ -269,3 +269,19 @@ KEY_LDAP_SYNC_GROUP_ROLES="ldap-sync-group-roles"
 DESCRIPTION_LDAP_DEFAULT_DOMAIN="The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP"
 DEFAULT_LDAP_DEFAULT_DOMAIN=""
 KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain"
+
+DESCRIPTION_LOGOUT_WITH_TIMER="Enables or not the option logout with timer"
+DEFAULT_LOGOUT_WITH_TIMER="false"
+KEY_LOGOUT_WITH_TIMER="logout-with-timer"
+
+DESCRIPTION_LOGOUT_IN="The number of days"
+DEFAULT_LOGOUT_IN=""
+KEY_LOGOUT_IN="logout-in"
+
+DESCRIPTION_LOGOUT_ON_HOURS="The number of hours"
+DEFAULT_LOGOUT_ON_HOURS=""
+KEY_LOGOUT_ON_HOURS="logout-on-hours"
+
+DESCRIPTION_LOGOUT_ON_MINUTES="The number of minutes"
+DEFAULT_LOGOUT_ON_MINUTES=""
+KEY_LOGOUT_ON_MINUTES="logout-on-minutes"
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@ -249,6 +249,22 @@ echo -e "Ldap Default Domain."
 echo -e "The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP:"
 echo -e "\t$ snap set $SNAP_NAME LDAP_DEFAULT_DOMAIN=''"
 echo -e "\n"
+echo -e "Logout with timer."
+echo -e "Enable or not the option that allows to disconnect an user after a given time:"
+echo -e "\t$ snap set $SNAP_NAME LOGOUT_WITH_TIMER='true'"
+echo -e "\n"
+echo -e "Logout in."
+echo -e "Logout in how many days:"
+echo -e "\t$ snap set $SNAP_NAME LOGOUT_IN='1'"
+echo -e "\n"
+echo -e "Logout on hours."
+echo -e "Logout in how many hours:"
+echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_HOURS='9'"
+echo -e "\n"
+echo -e "Logout on minutes."
+echo -e "Logout in how many minutes:"
+echo -e "\t$ snap set $SNAP_NAME LOGOUT_ON_MINUTES='5'"
+echo -e "\n"
 # parse config file for supported settings keys
 echo -e "wekan supports settings keys"
 echo -e "values can be changed by calling\n$ snap set $SNAP_NAME <key name>='<key value>'"