summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLauri Ojansivu <x@xet7.org>2019-03-08 18:40:43 +0200
committerLauri Ojansivu <x@xet7.org>2019-03-08 18:40:43 +0200
commitff825d6123ecfd033ccb08ce97c11cefee676104 (patch)
treeb7850ff67ab693a60f5879484922c5a77825ad5d
parent7836ab83d02adc40bc59bc4393191abec0a4f636 (diff)
downloadwekan-ff825d6123ecfd033ccb08ce97c11cefee676104.tar.gz
wekan-ff825d6123ecfd033ccb08ce97c11cefee676104.tar.bz2
wekan-ff825d6123ecfd033ccb08ce97c11cefee676104.zip
[HTTP header automatic login. Not tested yet.](https://github.com/wekan/wekan/issues/2019).
Thanks to xet7 ! Related #2019
-rw-r--r--Dockerfile8
-rw-r--r--client/components/main/layouts.js24
-rw-r--r--docker-compose.yml7
-rwxr-xr-xreleases/virtualbox/start-wekan.sh8
-rwxr-xr-xsnap-src/bin/config18
-rwxr-xr-xsnap-src/bin/wekan-help7
-rwxr-xr-xstart-wekan.bat7
-rwxr-xr-xstart-wekan.sh8
8 files changed, 81 insertions, 6 deletions
diff --git a/Dockerfile b/Dockerfile
index 58a1b629..c833bc17 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -77,6 +77,10 @@ ARG LDAP_SYNC_GROUP_ROLES
ARG LDAP_DEFAULT_DOMAIN
ARG LDAP_SYNC_ADMIN_STATUS
ARG LDAP_SYNC_ADMIN_GROUPS
+ARG HEADER_LOGIN_ID
+ARG HEADER_LOGIN_FIRSTNAME
+ARG HEADER_LOGIN_LASTNAME
+ARG HEADER_LOGIN_EMAIL
ARG LOGOUT_WITH_TIMER
ARG LOGOUT_IN
ARG LOGOUT_ON_HOURS
@@ -163,6 +167,10 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
LDAP_DEFAULT_DOMAIN="" \
LDAP_SYNC_ADMIN_STATUS="" \
LDAP_SYNC_ADMIN_GROUPS="" \
+ HEADER_LOGIN_ID="" \
+ HEADER_LOGIN_FIRSTNAME="" \
+ HEADER_LOGIN_LASTNAME="" \
+ HEADER_LOGIN_EMAIL="" \
LOGOUT_WITH_TIMER=false \
LOGOUT_IN="" \
LOGOUT_ON_HOURS="" \
diff --git a/client/components/main/layouts.js b/client/components/main/layouts.js
index 6f7c914a..b3b95d32 100644
--- a/client/components/main/layouts.js
+++ b/client/components/main/layouts.js
@@ -101,8 +101,19 @@ Template.defaultLayout.events({
});
async function authentication(event, instance) {
- const match = $('#at-field-username_and_email').val();
- const password = $('#at-field-password').val();
+
+ // If header login id is set, use it for login
+ if (process.env.HEADER_LOGIN_ID) {
+ // Header username = Email address
+ const match = req.headers[process.env.HEADER_LOGIN_EMAIL];
+ // Header password = Login ID
+ const password = req.headers[process.env.HEADER_LOGIN_ID];
+ //const headerLoginFirstname = req.headers[process.env.HEADER_LOGIN_FIRSTNAME];
+ //const headerLoginLastname = req.headers[process.env.HEADER_LOGIN_LASTNAME];
+ } else {
+ const match = $('#at-field-username_and_email').val();
+ const password = $('#at-field-password').val();
+ }
if (!match || !password) return;
@@ -110,9 +121,12 @@ async function authentication(event, instance) {
if (result === 'password') return;
- // Stop submit #at-pwd-form
- event.preventDefault();
- event.stopImmediatePropagation();
+ // If header login id is not set, don't try to login automatically.
+ if (!process.env.HEADER_LOGIN_ID) {
+ // Stop submit #at-pwd-form
+ event.preventDefault();
+ event.stopImmediatePropagation();
+ }
switch (result) {
case 'ldap':
diff --git a/docker-compose.yml b/docker-compose.yml
index 9646a012..454964e8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -508,6 +508,13 @@ services:
# Comma separated list of admin group names to sync.
#- LDAP_SYNC_ADMIN_GROUPS=group1,group2
#---------------------------------------------------------------------
+ # Login to LDAP automatically with HTTP header.
+ # In below example for siteminder, at right side of = is header name.
+ #- HEADER_LOGIN_ID=BNPPUID
+ #- HEADER_LOGIN_FIRSTNAME=BNPPFIRSTNAME
+ #- HEADER_LOGIN_LASTNAME=BNPPLASTNAME
+ #- HEADER_LOGIN_EMAIL=BNPPEMAILADDRESS
+ #---------------------------------------------------------------------
# ==== LOGOUT TIMER, probably does not work yet ====
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
# example : LOGOUT_WITH_TIMER=true
diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh
index 08c79778..31a95728 100755
--- a/releases/virtualbox/start-wekan.sh
+++ b/releases/virtualbox/start-wekan.sh
@@ -251,6 +251,14 @@
#export LDAP_SYNC_ADMIN_STATUS=true
# Comma separated list of admin group names.
#export LDAP_SYNC_ADMIN_GROUPS=group1,group2
+ #---------------------------------------------------------------------
+ # Login to LDAP automatically with HTTP header.
+ # In below example for siteminder, at right side of = is header name.
+ #export HEADER_LOGIN_ID=BNPPUID
+ #export HEADER_LOGIN_FIRSTNAME=BNPPFIRSTNAME
+ #export HEADER_LOGIN_LASTNAME=BNPPLASTNAME
+ #export HEADER_LOGIN_EMAIL=BNPPEMAILADDRESS
+ #---------------------------------------------------------------------
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
# example : LOGOUT_WITH_TIMER=true
#export LOGOUT_WITH_TIMER=
diff --git a/snap-src/bin/config b/snap-src/bin/config
index 3e32c221..eecb7ba1 100755
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@@ -3,7 +3,7 @@
# All supported keys are defined here together with descriptions and default values
# list of supported keys
-keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
+keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
# default values
DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
@@ -326,6 +326,22 @@ DESCRIPTION_LDAP_DEFAULT_DOMAIN="The default domain of the ldap it is used to cr
DEFAULT_LDAP_DEFAULT_DOMAIN=""
KEY_LDAP_DEFAULT_DOMAIN="ldap-default-domain"
+DESCRIPTION_HEADER_LOGIN_ID="Header login ID. Example for siteminder: BNPPUID"
+DEFAULT_HEADER_LOGIN_ID=""
+KEY_HEADER_LOGIN_ID="header-login-id"
+
+DESCRIPTION_HEADER_LOGIN_FIRSTNAME="Header login firstname. Example for siteminder: BNPPFIRSTNAME"
+DEFAULT_HEADER_LOGIN_FIRSTNAME="Header login firstname. Example for siteminder: BNPPFIRSTNAME"
+KEY_HEADER_LOGIN_FIRSTNAME="header-login-firstname"
+
+DESCRIPTION_HEADER_LOGIN_LASTNAME="Header login lastname. Example for siteminder: BNPPLASTNAME"
+DEFAULT_HEADER_LOGIN_LASTNAME="Header login firstname. Example for siteminder: BNPPLASTNAME"
+KEY_HEADER_LOGIN_LASTNAME="header-login-lastname"
+
+DESCRIPTION_HEADER_LOGIN_EMAIL="Header login email. Example for siteminder: BNPPEMAILADDRESS"
+DEFAULT_HEADER_LOGIN_EMAIL="Header login email. Example for siteminder: BNPPEMAILADDRESS"
+KEY_HEADER_LOGIN_EMAIL="header-login-email"
+
DESCRIPTION_LOGOUT_WITH_TIMER="Enables or not the option logout with timer"
DEFAULT_LOGOUT_WITH_TIMER="false"
KEY_LOGOUT_WITH_TIMER="logout-with-timer"
diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help
index e1945357..766a7df7 100755
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@@ -307,6 +307,13 @@ echo -e "Logout with timer."
echo -e "Enable or not the option that allows to disconnect an user after a given time:"
echo -e "\t$ snap set $SNAP_NAME logout-with-timer='true'"
echo -e "\n"
+echo -e "Login to LDAP automatically with HTTP header."
+echo -e "In below example for siteminder, at right side of = is header name."
+echo -e "\t$ snap set $SNAP_NAME header-login-id='BNPPUID'"
+echo -e "\t$ snap set $SNAP_NAME header-login-firstname='BNPPFIRSTNAME'"
+echo -e "\t$ snap set $SNAP_NAME header-login-lastname='BNPPLASTNAME'"
+echo -e "\t$ snap set $SNAP_NAME header-login-email='BNPPEMAILADDRESS'"
+echo -e "\n"
echo -e "Logout in."
echo -e "Logout in how many days:"
echo -e "\t$ snap set $SNAP_NAME logout-in='1'"
diff --git a/start-wekan.bat b/start-wekan.bat
index 229bf2db..001700f3 100755
--- a/start-wekan.bat
+++ b/start-wekan.bat
@@ -254,6 +254,13 @@ REM SET LDAP_SYNC_ADMIN_STATUS=true
REM # Comma separated list of admin group names to sync.
REM SET LDAP_SYNC_ADMIN_GROUPS=group1,group2
+REM # Login to LDAP automatically with HTTP header.
+REM # In below example for siteminder, at right side of = is header name.
+REM SET HEADER_LOGIN_ID=BNPPUID
+REM SET HEADER_LOGIN_FIRSTNAME=BNPPFIRSTNAME
+REM SET HEADER_LOGIN_LASTNAME=BNPPLASTNAME
+REM SET HEADER_LOGIN_EMAIL=BNPPEMAILADDRESS
+
REM ------------------------------------------------
REM # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
diff --git a/start-wekan.sh b/start-wekan.sh
index 78084c1c..184be575 100755
--- a/start-wekan.sh
+++ b/start-wekan.sh
@@ -269,6 +269,14 @@ function wekan_repo_check(){
#export LDAP_SYNC_ADMIN_STATUS=true
# Comma separated list of admin group names to sync.
#export LDAP_SYNC_ADMIN_GROUPS=group1,group2
+ #---------------------------------------------------------------------
+ # Login to LDAP automatically with HTTP header.
+ # In below example for siteminder, at right side of = is header name.
+ #export HEADER_LOGIN_ID=BNPPUID
+ #export HEADER_LOGIN_FIRSTNAME=BNPPFIRSTNAME
+ #export HEADER_LOGIN_LASTNAME=BNPPLASTNAME
+ #export HEADER_LOGIN_EMAIL=BNPPEMAILADDRESS
+ #---------------------------------------------------------------------
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
# example : LOGOUT_WITH_TIMER=true
#export LOGOUT_WITH_TIMER=