summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Dockerfile4
-rw-r--r--docker-compose.yml4
-rwxr-xr-xreleases/virtualbox/start-wekan.sh4
-rw-r--r--server/authentication.js4
-rwxr-xr-xsnap-src/bin/config10
-rwxr-xr-xsnap-src/bin/wekan-help12
-rwxr-xr-xstart-wekan.bat5
-rwxr-xr-xstart-wekan.sh4
8 files changed, 3 insertions, 44 deletions
diff --git a/Dockerfile b/Dockerfile
index f4297bb8..10995252 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,8 +31,6 @@ ARG OAUTH2_ID_MAP
ARG OAUTH2_USERNAME_MAP
ARG OAUTH2_FULLNAME_MAP
ARG OAUTH2_EMAIL_MAP
-ARG OAUTH2_ID_TOKEN_WHITELIST_FIELDS
-ARG OAUTH2_REQUEST_PERMISSIONS
ARG LDAP_ENABLE
ARG LDAP_PORT
ARG LDAP_HOST
@@ -117,8 +115,6 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
OAUTH2_USERNAME_MAP="" \
OAUTH2_FULLNAME_MAP="" \
OAUTH2_EMAIL_MAP="" \
- OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[] \
- OAUTH2_REQUEST_PERMISSIONS=[openid] \
LDAP_ENABLE=false \
LDAP_PORT=389 \
LDAP_HOST="" \
diff --git a/docker-compose.yml b/docker-compose.yml
index deccd265..c5eb74b0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -315,10 +315,6 @@ services:
#- OAUTH2_FULLNAME_MAP=
# OAuth2 Email Mapping
#- OAUTH2_EMAIL_MAP=
- # OAUTH2 ID Token Whitelist Fields.
- #- OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
- # OAUTH2 Request Permissions.
- #- OAUTH2_REQUEST_PERMISSIONS=[openid email profile]
#-----------------------------------------------------------------
# ==== LDAP ====
# https://github.com/wekan/wekan/wiki/LDAP
diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh
index 2f2e9ea3..e04209d0 100755
--- a/releases/virtualbox/start-wekan.sh
+++ b/releases/virtualbox/start-wekan.sh
@@ -114,10 +114,6 @@
#export OAUTH2_FULLNAME_MAP=
# OAuth2 Email Mapping
#export OAUTH2_EMAIL_MAP=
- # OAUTH2 ID Token Whitelist Fields.
- #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
- # OAUTH2 Request Permissions.
- #export OAUTH2_REQUEST_PERMISSIONS=[openid profile email]
#---------------------------------------------
# LDAP_ENABLE : Enable or not the connection by the LDAP
# example : export LDAP_ENABLE=true
diff --git a/server/authentication.js b/server/authentication.js
index bbe655a2..4d3cc53e 100644
--- a/server/authentication.js
+++ b/server/authentication.js
@@ -76,8 +76,8 @@ Meteor.startup(() => {
authorizationEndpoint: process.env.OAUTH2_AUTH_ENDPOINT,
userinfoEndpoint: process.env.OAUTH2_USERINFO_ENDPOINT,
tokenEndpoint: process.env.OAUTH2_TOKEN_ENDPOINT,
- idTokenWhitelistFields: process.env.OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [],
- requestPermissions: process.env.OAUTH2_REQUEST_PERMISSIONS || ['openid', 'profile', 'email'],
+ idTokenWhitelistFields: [],
+ requestPermissions: ['openid'],
},
}
);
diff --git a/snap-src/bin/config b/snap-src/bin/config
index e510838c..9945cd5a 100755
--- a/snap-src/bin/config
+++ b/snap-src/bin/config
@@ -3,7 +3,7 @@
# All supported keys are defined here together with descriptions and default values
# list of supported keys
-keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
+keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
# default values
DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
@@ -142,14 +142,6 @@ DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email"
DEFAULT_OAUTH2_EMAIL_MAP=""
KEY_OAUTH2_EMAIL_MAP="oauth2-email-map"
-DESCRIPTION_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="OAuth2 ID Token Whitelist Fields. Example: []"
-DEFAULT_OAUTH2_ID_TOKEN_WHITELIST_FIELDS=""
-KEY_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="oauth2-id-token-whitelist-fields"
-
-DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: [openid profile email]"
-DEFAULT_OAUTH2_REQUEST_PERMISSIONS=""
-KEY_OAUTH2_REQUEST_PERMISSIONS="oauth2-request-permissions"
-
DESCRIPTION_LDAP_ENABLE="Enable or not the connection by the LDAP"
DEFAULT_LDAP_ENABLE="false"
KEY_LDAP_ENABLE="ldap-enable"
diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help
index f9847063..8d88527f 100755
--- a/snap-src/bin/wekan-help
+++ b/snap-src/bin/wekan-help
@@ -130,18 +130,6 @@ echo -e "\t$ snap set $SNAP_NAME oauth2-email-map='email'"
echo -e "\t-Disable the OAuth2 Email Mapping of Wekan:"
echo -e "\t$ snap set $SNAP_NAME oauth2-email-map=''"
echo -e "\n"
-echo -e "OAuth2 ID Token Whitelist Fields."
-echo -e "To enable the OAuth2 ID Token Whitelist Fields of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields='[]'"
-echo -e "\t-Disable the OAuth2 ID Token Whitelist Fields of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=''"
-echo -e "\n"
-echo -e "OAuth2 Request Permissions."
-echo -e "To enable the OAuth2 Request Permissions of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions='[openid profile email]'"
-echo -e "\t-Disable the OAuth2 Request Permissions of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=''"
-echo -e "\n"
echo -e "Ldap Enable."
echo -e "To enable the ldap of Wekan:"
echo -e "\t$ snap set $SNAP_NAME ldap-enable='true'"
diff --git a/start-wekan.bat b/start-wekan.bat
index 7ccf0c0e..eebfa607 100755
--- a/start-wekan.bat
+++ b/start-wekan.bat
@@ -74,11 +74,6 @@ REM # OAuth2 Token Endpoint. Example: /oauth/token
REM # example: OAUTH2_TOKEN_ENDPOINT=/oauth/token
REM SET OAUTH2_TOKEN_ENDPOINT=
-REM # OAUTH2 ID Token Whitelist Fields.
-REM SET OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
-REM # OAUTH2 Request Permissions.
-REM SET OAUTH2_REQUEST_PERMISSIONS=[openid email profile]
-
REM ------------------------------------------------------------
REM # LDAP_ENABLE : Enable or not the connection by the LDAP
diff --git a/start-wekan.sh b/start-wekan.sh
index c9745af9..7b7cd6a9 100755
--- a/start-wekan.sh
+++ b/start-wekan.sh
@@ -95,10 +95,6 @@ function wekan_repo_check(){
#export OAUTH2_FULLNAME_MAP=name
# The claim name you want to map to the email field:
#export OAUTH2_EMAIL_MAP=email
- # OAUTH2 ID Token Whitelist Fields.
- #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
- # OAUTH2 Request Permissions.
- #export OAUTH2_REQUEST_PERMISSIONS=[openid profile email]
#-----------------------------------------------------------------
# ==== OAUTH2 KEYCLOAK ====
# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-09 21:00:16 +0000