From 43a709675394f6aade42033c14c7fb5b78ac25c8 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Tue, 30 Aug 2022 23:12:23 +0300 Subject: [PATCH] Revert autologin, because it broke OIDC login with Keycloak. Thanks to wb9688 and xet7 ! Fixes #4660, related https://github.com/wekan/wekan/pull/4588 --- client/components/main/layouts.js | 63 ++++++++++++---------------- config/accounts.js | 40 +++--------------- models/settings.js | 18 -------- packages/wekan-accounts-oidc/oidc.js | 4 +- server/authentication.js | 2 +- 5 files changed, 34 insertions(+), 93 deletions(-) diff --git a/client/components/main/layouts.js b/client/components/main/layouts.js index f160150a5..8e0ca4217 100644 --- a/client/components/main/layouts.js +++ b/client/components/main/layouts.js @@ -4,7 +4,7 @@ BlazeLayout.setRoot('body'); let alreadyCheck = 1; let isCheckDone = false; -let counter = 0; + const validator = { set(obj, prop, value) { if (prop === 'state' && value !== 'signIn') { @@ -21,7 +21,7 @@ const validator = { // let isSettingDatabaseFctCallDone = false; -Template.userFormsLayout.onCreated(function () { +Template.userFormsLayout.onCreated(function() { const templateInstance = this; templateInstance.currentSetting = new ReactiveVar(); templateInstance.isLoading = new ReactiveVar(false); @@ -37,7 +37,7 @@ Template.userFormsLayout.onCreated(function () { } // isSettingDatabaseFctCallDone = true; - if (currSetting && currSetting !== undefined && currSetting.customLoginLogoImageUrl !== undefined) + if(currSetting && currSetting !== undefined && currSetting.customLoginLogoImageUrl !== undefined) document.getElementById("isSettingDatabaseCallDone").style.display = 'none'; else document.getElementById("isSettingDatabaseCallDone").style.display = 'block'; @@ -50,18 +50,6 @@ Template.userFormsLayout.onCreated(function () { } }); - if (!Meteor.user()?.profile) { - Meteor.call('isOidcRedirectionEnabled', (_, result) => { - if (result) { - AccountsTemplates.options.socialLoginStyle = 'redirect'; - options = { - loginStyle: AccountsTemplates.options.socialLoginStyle, - }; - Meteor.loginWithOidc(options); - } - else console.log("oidc redirect not set"); - }); - } Meteor.call('isDisableRegistration', (_, result) => { if (result) { $('.at-signup-link').hide(); @@ -93,22 +81,22 @@ Template.userFormsLayout.helpers({ // return isSettingDatabaseFctCallDone; // }, - isLegalNoticeLinkExist() { + isLegalNoticeLinkExist(){ const currSet = Template.instance().currentSetting.get(); - if (currSet && currSet !== undefined && currSet != null) { + if(currSet && currSet !== undefined && currSet != null){ return currSet.legalNotice !== undefined && currSet.legalNotice.trim() != ""; } else return false; }, - getLegalNoticeWithWritTraduction() { + getLegalNoticeWithWritTraduction(){ let spanLegalNoticeElt = $("#legalNoticeSpan"); - if (spanLegalNoticeElt != null && spanLegalNoticeElt != undefined) { + if(spanLegalNoticeElt != null && spanLegalNoticeElt != undefined){ spanLegalNoticeElt.html(TAPi18n.__('acceptance_of_our_legalNotice', {})); } let atLinkLegalNoticeElt = $("#legalNoticeAtLink"); - if (atLinkLegalNoticeElt != null && atLinkLegalNoticeElt != undefined) { + if(atLinkLegalNoticeElt != null && atLinkLegalNoticeElt != undefined){ atLinkLegalNoticeElt.html(TAPi18n.__('legalNotice', {})); } return true; @@ -159,41 +147,41 @@ Template.userFormsLayout.events({ } isCheckDone = false; }, - 'click #at-signUp'(event, templateInstance) { + 'click #at-signUp'(event, templateInstance){ isCheckDone = false; }, - 'DOMSubtreeModified #at-oidc'(event) { - if (alreadyCheck <= 2) { + 'DOMSubtreeModified #at-oidc'(event){ + if(alreadyCheck <= 2){ let currSetting = Settings.findOne(); let oidcBtnElt = $("#at-oidc"); - if (currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined) { + if(currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined){ let htmlvalue = "" + currSetting.oidcBtnText; - if (alreadyCheck == 1) { + if(alreadyCheck == 1){ alreadyCheck++; oidcBtnElt.html(""); } - else { + else{ alreadyCheck++; oidcBtnElt.html(htmlvalue); } } } - else { + else{ alreadyCheck = 1; } }, - 'DOMSubtreeModified .at-form'(event) { - if (alreadyCheck <= 2 && !isCheckDone) { - if (document.getElementById("at-oidc") != null) { + 'DOMSubtreeModified .at-form'(event){ + if(alreadyCheck <= 2 && !isCheckDone){ + if(document.getElementById("at-oidc") != null){ let currSetting = Settings.findOne(); let oidcBtnElt = $("#at-oidc"); - if (currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined) { + if(currSetting && currSetting !== undefined && currSetting.oidcBtnText !== undefined && oidcBtnElt != null && oidcBtnElt != undefined){ let htmlvalue = "" + currSetting.oidcBtnText; - if (alreadyCheck == 1) { + if(alreadyCheck == 1){ alreadyCheck++; oidcBtnElt.html(""); } - else { + else{ alreadyCheck++; isCheckDone = true; oidcBtnElt.html(htmlvalue); @@ -201,7 +189,7 @@ Template.userFormsLayout.events({ } } } - else { + else{ alreadyCheck = 1; } }, @@ -233,7 +221,7 @@ async function authentication(event, templateInstance) { switch (result) { case 'ldap': return new Promise(resolve => { - Meteor.loginWithLDAP(match, password, function () { + Meteor.loginWithLDAP(match, password, function() { resolve(FlowRouter.go('/')); }); }); @@ -245,7 +233,7 @@ async function authentication(event, templateInstance) { { provider, }, - function () { + function() { resolve(FlowRouter.go('/')); }, ); @@ -253,7 +241,7 @@ async function authentication(event, templateInstance) { case 'cas': return new Promise(resolve => { - Meteor.loginWithCas(match, password, function () { + Meteor.loginWithCas(match, password, function() { resolve(FlowRouter.go('/')); }); }); @@ -279,6 +267,7 @@ function getUserAuthenticationMethod(defaultAuthenticationMethod, match) { Meteor.subscribe('user-authenticationMethod', match, { onReady() { const user = Users.findOne(); + const authenticationMethod = user ? user.authenticationMethod : defaultAuthenticationMethod; diff --git a/config/accounts.js b/config/accounts.js index e256a8039..64317d08b 100644 --- a/config/accounts.js +++ b/config/accounts.js @@ -5,16 +5,6 @@ const emailField = AccountsTemplates.removeField('email'); let disableRegistration = false; let disableForgotPassword = false; let passwordLoginDisabled = false; -let oidcRedirectionEnabled = false; -let oauthServerUrl = "home"; -let oauthDashboardUrl = ""; - -Meteor.call('isOidcRedirectionEnabled', (_, result) => { - if(result) - { - oidcRedirectionEnabled = true; - } -}); Meteor.call('isPasswordLoginDisabled', (_, result) => { if (result) { @@ -24,18 +14,6 @@ Meteor.call('isPasswordLoginDisabled', (_, result) => { } }); -Meteor.call('getOauthServerUrl', (_, result) => { - if (result) { - oauthServerUrl = result; - } -}); - -Meteor.call('getOauthDashboardUrl', (_, result) => { - if (result) { - oauthDashboardUrl = result; - } -}); - Meteor.call('isDisableRegistration', (_, result) => { if (result) { disableRegistration = true; @@ -81,19 +59,11 @@ AccountsTemplates.configure({ showForgotPasswordLink: !disableForgotPassword, forbidClientAccountCreation: disableRegistration, onLogoutHook() { - // here comeslogic for redirect - if(oidcRedirectionEnabled) - { - window.location = oauthServerUrl + oauthDashboardUrl; - } - else - { - const homePage = 'home'; - if (FlowRouter.getRouteName() === homePage) { - FlowRouter.reload(); - } else { - FlowRouter.go(homePage); - } + const homePage = 'home'; + if (FlowRouter.getRouteName() === homePage) { + FlowRouter.reload(); + } else { + FlowRouter.go(homePage); } }, }); diff --git a/models/settings.js b/models/settings.js index 69e41e642..2e159d3ff 100644 --- a/models/settings.js +++ b/models/settings.js @@ -229,12 +229,6 @@ if (Meteor.isServer) { ]); } - function loadOidcConfig(service){ - check(service, String); - var config = ServiceConfiguration.configurations.findOne({service: service}); - return config; - } - function sendInvitationEmail(_id) { const icode = InvitationCodes.findOne(_id); const author = Users.findOne(Meteor.userId()); @@ -501,12 +495,6 @@ if (Meteor.isServer) { }; }, - getOauthServerUrl(){ - return process.env.OAUTH2_SERVER_URL; - }, - getOauthDashboardUrl(){ - return process.env.DASHBOARD_URL; - }, getDefaultAuthenticationMethod() { return process.env.DEFAULT_AUTHENTICATION_METHOD; }, @@ -514,12 +502,6 @@ if (Meteor.isServer) { isPasswordLoginDisabled() { return process.env.PASSWORD_LOGIN_ENABLED === 'false'; }, - isOidcRedirectionEnabled(){ - return process.env.OIDC_REDIRECTION_ENABLED === 'true' && Object.keys(loadOidcConfig("oidc")).length > 0; - }, - getServiceConfiguration(service){ - return loadOidcConfig(service); - } }); } diff --git a/packages/wekan-accounts-oidc/oidc.js b/packages/wekan-accounts-oidc/oidc.js index 56664ce89..75cd89aeb 100644 --- a/packages/wekan-accounts-oidc/oidc.js +++ b/packages/wekan-accounts-oidc/oidc.js @@ -7,11 +7,11 @@ if (Meteor.isClient) { callback = options; options = null; } + var credentialRequestCompleteCallback = Accounts.oauth.credentialRequestCompleteHandler(callback); Oidc.requestCredential(options, credentialRequestCompleteCallback); }; - } - else { +} else { Accounts.addAutopublishFields({ // not sure whether the OIDC api can be used from the browser, // thus not sure if we should be sending access tokens; but we do it diff --git a/server/authentication.js b/server/authentication.js index df8a5980b..965f16695 100644 --- a/server/authentication.js +++ b/server/authentication.js @@ -108,7 +108,7 @@ Meteor.startup(() => { // OAUTH2_ID_TOKEN_WHITELIST_FIELDS || [], // OAUTH2_REQUEST_PERMISSIONS || 'openid profile email', }, - ); + ); } else if ( process.env.CAS_ENABLED === 'true' || process.env.CAS_ENABLED === true