16 files changed, 87 insertions, 20 deletions

diff --git a/.meteor/packages b/.meteor/packages
index 2029cb42..bfc18103 100644
--- a/.meteor/packages
+++ b/.meteor/packages
@@ -90,3 +90,4 @@ wekan:wekan-ldap
 wekan:accounts-cas
 wekan-scrollbar
 mquandalle:perfect-scrollbar
+mdg:meteor-apm-agent
diff --git a/.meteor/versions b/.meteor/versions
index 1d6737bb..345b26c9 100644
--- a/.meteor/versions
+++ b/.meteor/versions
@@ -85,6 +85,7 @@ localstorage@1.2.0
 logging@1.1.20
 matb33:collection-hooks@0.8.4
 matteodem:easy-search@1.6.4
+mdg:meteor-apm-agent@3.1.2
 mdg:validation-error@0.5.1
 meteor@1.9.2
 meteor-base@1.4.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ed2af4de..d77f13ee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,20 @@
+# v2.22 2019-02-13 Wekan release
+
+This release adds the following new features:
+
+- [Kadira integration](https://github.com/wekan/wekan/issues/2152). Thanks to GavinLilly.
+- Add [configurable](https://github.com/wekan/wekan/issues/1874#issuecomment-462759627)
+  settings [OAUTH2_ID_TOKEN_WHITELIST_FIELDS and
+  OAUTH2_REQUEST_PERMISSIONS](https://github.com/wekan/wekan/commit/b66f471e530d41a3f12e4bfc29548313e9a73c35).
+  Thanks to xet7.
+
+and fixes the following bugs:
+
+- [Fix: Remove overlap of side bar button with card/list menu button on
+   mobile browser](https://github.com/wekan/wekan/issues/2183). Thanks to xet7.
+
+Thanks to above GitHub users for their contributions, and translators for their translations.
+    
 # v2.21 2019-02-12 Wekan release
 
 This release adds the following new features:
diff --git a/Dockerfile b/Dockerfile
index 283cc853..7957c72c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,6 +30,8 @@ ARG OAUTH2_ID_MAP
 ARG OAUTH2_USERNAME_MAP
 ARG OAUTH2_FULLNAME_MAP
 ARG OAUTH2_EMAIL_MAP
+ARG OAUTH2_ID_TOKEN_WHITELIST_FIELDS
+ARG OAUTH2_REQUEST_PERMISSIONS
 ARG LDAP_ENABLE
 ARG LDAP_PORT
 ARG LDAP_HOST
@@ -109,6 +111,8 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
     OAUTH2_USERNAME_MAP="" \
     OAUTH2_FULLNAME_MAP="" \
     OAUTH2_EMAIL_MAP="" \
+    OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[] \
+    OAUTH2_REQUEST_PERMISSIONS=[openid] \
     LDAP_ENABLE=false \
     LDAP_PORT=389 \
     LDAP_HOST="" \
diff --git a/Stackerfile.yml b/Stackerfile.yml
index 536a2690..7a6c5396 100644
--- a/Stackerfile.yml
+++ b/Stackerfile.yml
@@ -1,5 +1,5 @@
 appId: wekan-public/apps/77b94f60-dec9-0136-304e-16ff53095928
-appVersion: "v2.21.0"
+appVersion: "v2.22.0"
 files:
   userUploads:
     - README.md
diff --git a/client/components/lists/list.styl b/client/components/lists/list.styl
index 70502083..7e4550a4 100644
--- a/client/components/lists/list.styl
+++ b/client/components/lists/list.styl
@@ -84,6 +84,7 @@
     padding-left: 10px
     color: #a6a6a6
 
+
   .list-header-menu
     position: absolute
     padding: 27px 19px
@@ -155,6 +156,9 @@
     float: left
 
 @media screen and (max-width: 800px)
+  .list-header-menu
+    margin-right: 30px
+
   .mini-list
     flex: 0 0 60px
     height: 60px
diff --git a/docker-compose.yml b/docker-compose.yml
index 869415a8..a9f11569 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -191,9 +191,12 @@ services:
       # - MONGO_OPLOG_URL=mongodb://<username>:<password>@<mongoDbURL>/local?authSource=admin&replicaSet=rsWekan
       #---------------------------------------------------------------
       # ==== OPTIONAL: KADIRA PERFORMANCE MONITORING FOR METEOR ====
-      # https://github.com/smeijer/kadira
+      # https://github.com/edemaine/kadira-compose
+      # https://github.com/meteor/meteor-apm-agent
       # https://blog.meteor.com/kadira-apm-is-now-open-source-490469ffc85f
-      # - export KADIRA_OPTIONS_ENDPOINT=http://127.0.0.1:11011
+      #- APM_OPTIONS_ENDPOINT=http://<kadira-ip>:11011
+      #- APM_APP_ID=
+      #- APM_APP_SECRET=
       #---------------------------------------------------------------
       # ==== OPTIONAL: LOGS AND STATS ====
       # https://github.com/wekan/wekan/wiki/Logs
@@ -308,6 +311,10 @@ services:
       #- OAUTH2_FULLNAME_MAP=
       # OAuth2 Email Mapping
       #- OAUTH2_EMAIL_MAP=
+      # OAUTH2 ID Token Whitelist Fields.
+      #- OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
+      # OAUTH2 Request Permissions.
+      #- OAUTH2_REQUEST_PERMISSIONS=[openid email profile]
       #-----------------------------------------------------------------
       # ==== LDAP ====
       # https://github.com/wekan/wekan/wiki/LDAP
diff --git a/i18n/pt-BR.i18n.json b/i18n/pt-BR.i18n.json
index 49c2eea3..2fb9c420 100644
--- a/i18n/pt-BR.i18n.json
+++ b/i18n/pt-BR.i18n.json
@@ -654,7 +654,7 @@
     "authentication-method": "Método de autenticação",
     "authentication-type": "Tipo de autenticação",
     "custom-product-name": "Nome Customizado do Produto",
-    "layout": "Leiaute",
+    "layout": "Layout",
     "hide-logo": "Esconder Logo",
     "add-custom-html-after-body-start": "Adicionar HTML Customizado depois do início do <body>",
     "add-custom-html-before-body-end": "Adicionar HTML Customizado antes do fim do </body>",
diff --git a/package.json b/package.json
index d253b80c..92ef5d65 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "wekan",
-  "version": "v2.21.0",
+  "version": "v2.22.0",
   "description": "Open-Source kanban",
   "private": true,
   "scripts": {
diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh
index 31d4df58..d8ac716e 100755
--- a/releases/virtualbox/start-wekan.sh
+++ b/releases/virtualbox/start-wekan.sh
@@ -114,6 +114,10 @@
         #export OAUTH2_FULLNAME_MAP=
         # OAuth2 Email Mapping
         #export OAUTH2_EMAIL_MAP=
+        # OAUTH2 ID Token Whitelist Fields.
+        #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
+        # OAUTH2 Request Permissions.
+        #export OAUTH2_REQUEST_PERMISSIONS=[openid profile email]
         #---------------------------------------------
         # LDAP_ENABLE : Enable or not the connection by the LDAP
         # example :  export LDAP_ENABLE=true
diff --git a/sandstorm-pkgdef.capnp b/sandstorm-pkgdef.capnp
index c224f649..5b0d993d 100644
--- a/sandstorm-pkgdef.capnp
+++ b/sandstorm-pkgdef.capnp
@@ -22,10 +22,10 @@ const pkgdef :Spk.PackageDefinition = (
     appTitle = (defaultText = "Wekan"),
     # The name of the app as it is displayed to the user.
 
-    appVersion = 223,
+    appVersion = 224,
     # Increment this for every release.
 
-    appMarketingVersion = (defaultText = "2.21.0~2019-02-12"),
+    appMarketingVersion = (defaultText = "2.22.0~2019-02-13"),
     # Human-readable presentation of the app version.
 
     minUpgradableAppVersion = 0,
diff --git a/server/authentication.js b/server/authentication.js
index 4d3cc53e..76ab6cf1 100644
--- a/server/authentication.js
+++ b/server/authentication.js
@@ -76,8 +76,8 @@ Meteor.startup(() => {
             authorizationEndpoint: process.env.OAUTH2_AUTH_ENDPOINT,
             userinfoEndpoint: process.env.OAUTH2_USERINFO_ENDPOINT,
             tokenEndpoint: process.env.OAUTH2_TOKEN_ENDPOINT,
-            idTokenWhitelistFields: [],
-            requestPermissions: ['openid'],
+            idTokenWhitelistFields: process.env.OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
+            requestPermissions: process.OAUTH2_REQUEST_PERMISSIONS || ['openid'],
           },
         }
       );
diff --git a/snap-src/bin/config b/snap-src/bin/config
index 31605b2f..e674afa0 100755
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@@ -3,7 +3,7 @@
 # All supported keys are defined here together with descriptions and default values
 
 # list of supported keys
-keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
+keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
 
 # default values
 DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
@@ -138,6 +138,14 @@ DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email"
 DEFAULT_OAUTH2_EMAIL_MAP=""
 KEY_OAUTH2_EMAIL_MAP="oauth2-email-map"
 
+DESCRIPTION_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="OAuth2 ID Token Whitelist Fields. Example: []"
+DEFAULT_OAUTH2_ID_TOKEN_WHITELIST_FIELDS=""
+KEY_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="oauth2-id-token-whitelist-fields"
+
+DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: [openid profile email]"
+DEFAULT_OAUTH2_REQUEST_PERMISSIONS=""
+KEY_OAUTH2_REQUEST_PERMISSIONS="oauth2-request-permissions"
+
 DESCRIPTION_LDAP_ENABLE="Enable or not the connection by the LDAP"
 DEFAULT_LDAP_ENABLE="false"
 KEY_LDAP_ENABLE="ldap-enable"
diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help
index 431be029..80cbc7ad 100755
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@@ -102,29 +102,41 @@ echo -e "\t-Disable the OAuth2 Token Endpoint of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint=''"
 echo -e "\n"
 echo -e "OAuth2 ID Mapping."
-echo -e "To enable the ID Mapping of Wekan:"
+echo -e "To enable the OAuth2 ID Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-id-map='username.uid'"
-echo -e "\t-Disable the ID Mapping of Wekan:"
+echo -e "\t-Disable the OAuth2 ID Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-id-map=''"
 echo -e "\n"
 echo -e "OAuth2 Username Mapping."
-echo -e "To enable the Username Mapping of Wekan:"
+echo -e "To enable the OAuth2 Username Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-username-map='username'"
-echo -e "\t-Disable the Username Mapping of Wekan:"
+echo -e "\t-Disable the OAuth2 Username Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-username-map=''"
 echo -e "\n"
 echo -e "OAuth2 Fullname Mapping."
-echo -e "To enable the Fullname Mapping of Wekan:"
+echo -e "To enable the OAuth2 Fullname Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map='fullname'"
-echo -e "\t-Disable the Fullname Mapping of Wekan:"
+echo -e "\t-Disable the OAuth2 Fullname Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map=''"
 echo -e "\n"
 echo -e "OAuth2 Email Mapping."
-echo -e "To enable the Email Mapping of Wekan:"
+echo -e "To enable the OAuth2 Email Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-email-map='email'"
-echo -e "\t-Disable the Email Mapping of Wekan:"
+echo -e "\t-Disable the OAuth2 Email Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-email-map=''"
 echo -e "\n"
+echo -e "OAuth2 ID Token Whitelist Fields."
+echo -e "To enable the OAuth2 ID Token Whitelist Fields of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields='[]'"
+echo -e "\t-Disable the OAuth2 ID Token Whitelist Fields of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=''"
+echo -e "\n"
+echo -e "OAuth2 Request Permissions."
+echo -e "To enable the OAuth2 Request Permissions of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions='[openid profile email]'"
+echo -e "\t-Disable the OAuth2 Request Permissions of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=''"
+echo -e "\n"
 echo -e "Ldap Enable."
 echo -e "To enable the ldap of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME ldap-enable='true'"
diff --git a/start-wekan.bat b/start-wekan.bat
index 02e9258e..9d6305b6 100644
--- a/start-wekan.bat
+++ b/start-wekan.bat
@@ -74,6 +74,11 @@ REM # OAuth2 Token Endpoint. Example: /oauth/token
 REM # example: OAUTH2_TOKEN_ENDPOINT=/oauth/token
 REM SET OAUTH2_TOKEN_ENDPOINT=
 
+REM # OAUTH2 ID Token Whitelist Fields.
+REM SET OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
+REM # OAUTH2 Request Permissions.
+REM SET OAUTH2_REQUEST_PERMISSIONS=[openid email profile]
+
 REM ------------------------------------------------------------
 
 REM # LDAP_ENABLE : Enable or not the connection by the LDAP
diff --git a/start-wekan.sh b/start-wekan.sh
index dd639aae..bbfbff2b 100755
--- a/start-wekan.sh
+++ b/start-wekan.sh
@@ -72,7 +72,7 @@ function wekan_repo_check(){
       # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
       export WEBHOOKS_ATTRIBUTES=''
       #---------------------------------------------
-            # ==== OAUTH2 AZURE ====
+      # ==== OAUTH2 AZURE ====
       # https://github.com/wekan/wekan/wiki/Azure
       # 1) Register the application with Azure. Make sure you capture
       #    the application ID as well as generate a secret key.
@@ -93,8 +93,12 @@ function wekan_repo_check(){
       #export OAUTH2_USERNAME_MAP=email
       # The claim name you want to map to the full name field:
       #export OAUTH2_FULLNAME_MAP=name
-      # Tthe claim name you want to map to the email field:
+      # The claim name you want to map to the email field:
       #export OAUTH2_EMAIL_MAP=email
+      # OAUTH2 ID Token Whitelist Fields.
+      #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
+      # OAUTH2 Request Permissions.
+      #export OAUTH2_REQUEST_PERMISSIONS=[openid profile email]
       #-----------------------------------------------------------------
       # ==== OAUTH2 KEYCLOAK ====
       # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED