From b66f471e530d41a3f12e4bfc29548313e9a73c35 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Wed, 13 Feb 2019 03:01:10 +0200 Subject: - Add configurable settings OAUTH2_ID_TOKEN_WHITELIST_FIELDS and OAUTH2_REQUEST_PERMISSIONS. Thanks to xet7. Related #1874 --- snap-src/bin/config | 10 +++++++++- snap-src/bin/wekan-help | 28 ++++++++++++++++++++-------- 2 files changed, 29 insertions(+), 9 deletions(-) (limited to 'snap-src/bin') diff --git a/snap-src/bin/config b/snap-src/bin/config index 31605b2f..e674afa0 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD" +keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD" # default values DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'" @@ -138,6 +138,14 @@ DESCRIPTION_OAUTH2_EMAIL_MAP="OAuth2 Email Mapping. Example: email" DEFAULT_OAUTH2_EMAIL_MAP="" KEY_OAUTH2_EMAIL_MAP="oauth2-email-map" +DESCRIPTION_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="OAuth2 ID Token Whitelist Fields. Example: []" +DEFAULT_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="" +KEY_OAUTH2_ID_TOKEN_WHITELIST_FIELDS="oauth2-id-token-whitelist-fields" + +DESCRIPTION_OAUTH2_REQUEST_PERMISSIONS="OAuth2 Request Permissions. Example: [openid profile email]" +DEFAULT_OAUTH2_REQUEST_PERMISSIONS="" +KEY_OAUTH2_REQUEST_PERMISSIONS="oauth2-request-permissions" + DESCRIPTION_LDAP_ENABLE="Enable or not the connection by the LDAP" DEFAULT_LDAP_ENABLE="false" KEY_LDAP_ENABLE="ldap-enable" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index 431be029..80cbc7ad 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -102,29 +102,41 @@ echo -e "\t-Disable the OAuth2 Token Endpoint of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint=''" echo -e "\n" echo -e "OAuth2 ID Mapping." -echo -e "To enable the ID Mapping of Wekan:" +echo -e "To enable the OAuth2 ID Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-id-map='username.uid'" -echo -e "\t-Disable the ID Mapping of Wekan:" +echo -e "\t-Disable the OAuth2 ID Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-id-map=''" echo -e "\n" echo -e "OAuth2 Username Mapping." -echo -e "To enable the Username Mapping of Wekan:" +echo -e "To enable the OAuth2 Username Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-username-map='username'" -echo -e "\t-Disable the Username Mapping of Wekan:" +echo -e "\t-Disable the OAuth2 Username Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-username-map=''" echo -e "\n" echo -e "OAuth2 Fullname Mapping." -echo -e "To enable the Fullname Mapping of Wekan:" +echo -e "To enable the OAuth2 Fullname Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map='fullname'" -echo -e "\t-Disable the Fullname Mapping of Wekan:" +echo -e "\t-Disable the OAuth2 Fullname Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map=''" echo -e "\n" echo -e "OAuth2 Email Mapping." -echo -e "To enable the Email Mapping of Wekan:" +echo -e "To enable the OAuth2 Email Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-email-map='email'" -echo -e "\t-Disable the Email Mapping of Wekan:" +echo -e "\t-Disable the OAuth2 Email Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-email-map=''" echo -e "\n" +echo -e "OAuth2 ID Token Whitelist Fields." +echo -e "To enable the OAuth2 ID Token Whitelist Fields of Wekan:" +echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields='[]'" +echo -e "\t-Disable the OAuth2 ID Token Whitelist Fields of Wekan:" +echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=''" +echo -e "\n" +echo -e "OAuth2 Request Permissions." +echo -e "To enable the OAuth2 Request Permissions of Wekan:" +echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions='[openid profile email]'" +echo -e "\t-Disable the OAuth2 Request Permissions of Wekan:" +echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=''" +echo -e "\n" echo -e "Ldap Enable." echo -e "To enable the ldap of Wekan:" echo -e "\t$ snap set $SNAP_NAME ldap-enable='true'" -- cgit v1.2.3-1-g7c22