From f6bdb4d694453d73f4bfa6a75814833594cf5000 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Sun, 13 Sep 2020 09:41:53 +0300 Subject: [PATCH] - Remove mouse scroll settings of already removed custom scrollbar. - Add setting OAUTH2_ADFS_ENABLED=false - Add testing for both string and boolean version of true Thanks to xet7 ! Fixes #2949 --- .devcontainer/Dockerfile | 4 +- Dockerfile | 4 +- docker-compose.yml | 8 +- models/settings.js | 15 +- packages/wekan-oidc/oidc_server.js | 8 +- releases/virtualbox/start-wekan.sh | 708 ++++++++++++++------------- sandstorm-pkgdef.capnp | 6 +- server/scroll.js | 22 - snap-src/bin/config | 20 +- snap-src/bin/wekan-help | 116 +++-- start-wekan.bat | 9 +- start-wekan.sh | 8 +- torodb-postgresql/docker-compose.yml | 8 +- 13 files changed, 458 insertions(+), 478 deletions(-) delete mode 100644 server/scroll.js diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 0da6c8bc3..37f4c99d6 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -39,6 +39,7 @@ ENV \ TRUSTED_URL="" \ WEBHOOKS_ATTRIBUTES="" \ OAUTH2_ENABLED=false \ + OAUTH2_ADFS_ENABLED=false \ OAUTH2_LOGIN_STYLE=redirect \ OAUTH2_CLIENT_ID="" \ OAUTH2_SECRET="" \ @@ -112,9 +113,6 @@ ENV \ CORS_ALLOW_HEADERS="" \ CORS_EXPOSE_HEADERS="" \ DEFAULT_AUTHENTICATION_METHOD="" \ - SCROLLINERTIA="0" \ - SCROLLAMOUNT="auto" \ - SCROLLDELTAFACTOR="auto" \ PASSWORD_LOGIN_ENABLED=true # Install OS diff --git a/Dockerfile b/Dockerfile index e0a93f641..de84d6659 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,6 +41,7 @@ ENV BUILD_DEPS="apt-utils libarchive-tools gnupg gosu wget curl bzip2 g++ build- TRUSTED_URL="" \ WEBHOOKS_ATTRIBUTES="" \ OAUTH2_ENABLED=false \ + OAUTH2_ADFS_ENABLED=false \ OAUTH2_LOGIN_STYLE=redirect \ OAUTH2_CLIENT_ID="" \ OAUTH2_SECRET="" \ @@ -114,9 +115,6 @@ ENV BUILD_DEPS="apt-utils libarchive-tools gnupg gosu wget curl bzip2 g++ build- CORS_ALLOW_HEADERS="" \ CORS_EXPOSE_HEADERS="" \ DEFAULT_AUTHENTICATION_METHOD="" \ - SCROLLINERTIA="0" \ - SCROLLAMOUNT="auto" \ - SCROLLDELTAFACTOR="auto" \ PASSWORD_LOGIN_ENABLED=true # Copy the app to the image diff --git a/docker-compose.yml b/docker-compose.yml index da8a2566e..ac4e6d6b1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -242,12 +242,6 @@ services: # https://github.com/wekan/wekan/pull/2560 - RICHER_CARD_COMMENT_EDITOR=false #--------------------------------------------------------------- - # ==== MOUSE SCROLL ==== - # https://github.com/wekan/wekan/issues/2949 - - SCROLLINERTIA=0 - - SCROLLAMOUNT=auto - - SCROLLDELTAFACTOR=auto - #--------------------------------------------------------------- # ==== CARD OPENED, SEND WEBHOOK MESSAGE ==== # https://github.com/wekan/wekan/issues/2518 - CARD_OPENED_WEBHOOK_ENABLED=false @@ -336,6 +330,8 @@ services: # 2) Configure the environment variables. This differs slightly # by installation type, but make sure you have the following: #- OAUTH2_ENABLED=true + # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting. + #- OAUTH2_ADFS_ENABLED=false # OAuth2 login style: popup or redirect. #- OAUTH2_LOGIN_STYLE=redirect # Application GUID captured during app registration: diff --git a/models/settings.js b/models/settings.js index 90c231b77..8845fbd54 100644 --- a/models/settings.js +++ b/models/settings.js @@ -187,19 +187,26 @@ if (Meteor.isServer) { } function isLdapEnabled() { - return process.env.LDAP_ENABLE === 'true'; + return ( + process.env.LDAP_ENABLE === 'true' || process.env.LDAP_ENABLE === true + ); } function isOauth2Enabled() { - return process.env.OAUTH2_ENABLED === 'true'; + return ( + process.env.OAUTH2_ENABLED === 'true' || + process.env.OAUTH2_ENABLED === true + ); } function isCasEnabled() { - return process.env.CAS_ENABLED === 'true'; + return ( + process.env.CAS_ENABLED === 'true' || process.env.CAS_ENABLED === true + ); } function isApiEnabled() { - return process.env.WITH_API === 'true'; + return process.env.WITH_API === 'true' || process.env.WITH_API === true; } Meteor.methods({ diff --git a/packages/wekan-oidc/oidc_server.js b/packages/wekan-oidc/oidc_server.js index 09ba76a84..0483cfaf1 100644 --- a/packages/wekan-oidc/oidc_server.js +++ b/packages/wekan-oidc/oidc_server.js @@ -9,9 +9,9 @@ OAuth.registerService('oidc', 2, null, function (query) { var accessToken = token.access_token || token.id_token; var expiresAt = (+new Date) + (1000 * parseInt(token.expires_in, 10)); - var claimsInAccessToken = process.env.OAUTH2_ADFS || false; - - var userinfo; + var claimsInAccessToken = (process.env.OAUTH2_ADFS_ENABLED === 'true' || process.env.OAUTH2_ADFS_ENABLED === true) || false; + + var userinfo; if(claimsInAccessToken) { // hack when using custom claims in the accessToken. On premise ADFS @@ -22,7 +22,7 @@ OAuth.registerService('oidc', 2, null, function (query) { // normal behaviour, getting the claims from UserInfo endpoint. userinfo = getUserInfo(accessToken); } - + if (userinfo.ocs) userinfo = userinfo.ocs.data; // Nextcloud hack if (userinfo.metadata) userinfo = userinfo.metadata // Openshift hack if (debug) console.log('XXX: userinfo:', userinfo); diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh index 8d1f48e63..00320c051 100755 --- a/releases/virtualbox/start-wekan.sh +++ b/releases/virtualbox/start-wekan.sh @@ -1,351 +1,367 @@ # If you want to restart even on crash, uncomment while and done lines. #while true; do - cd ~/repos/wekan/.build/bundle - #--------------------------------------------- - # Debug OIDC OAuth2 etc. - #export export DEBUG=true - #--------------------------------------------- - export MONGO_URL='mongodb://127.0.0.1:27017/admin' - # ROOT_URL EXAMPLES FOR WEBSERVERS: https://github.com/wekan/wekan/wiki/Settings - # Production: https://example.com/wekan - # Local: http://localhost:3000 - #export ipaddress=$(ifdata -pa eth0) - export ROOT_URL='http://localhost' - #--------------------------------------------- - # Working email IS NOT REQUIRED to use Wekan. - # https://github.com/wekan/wekan/wiki/Adding-users - # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail - # https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml - export MAIL_URL='smtp://user:pass@mailserver.example.com:25/' - export MAIL_FROM='Wekan Support ' - # This is local port where Wekan Node.js runs, same as below on Caddyfile settings. - export PORT=80 - #--------------------------------------------- - # Wekan Export Board works when WITH_API='true'. - # If you disable Wekan API, Export Board does not work. - export WITH_API='true' - #--------------------------------------------------------------- - # ==== PASSWORD BRUTE FORCE PROTECTION ==== - #https://atmospherejs.com/lucasantoniassi/accounts-lockout - #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js - #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3 - #export ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60 - #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15 - #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3 - #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60 - #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15 - #--------------------------------------------------------------- - # ==== RICH TEXT EDITOR IN CARD COMMENTS ==== - # https://github.com/wekan/wekan/pull/2560 - export RICHER_CARD_COMMENT_EDITOR=true - #--------------------------------------------------------------- - # ==== CARD OPENED, SEND WEBHOOK MESSAGE ==== - export CARD_OPENED_WEBHOOK_ENABLED=false - #--------------------------------------------------------------- - # ==== Allow to shrink attached/pasted image ==== - # https://github.com/wekan/wekan/pull/2544 - #export MAX_IMAGE_PIXEL=1024 - #export IMAGE_COMPRESS_RATIO=80 - #--------------------------------------------------------------- - # ==== BIGEVENTS DUE ETC NOTIFICATIONS ===== - # https://github.com/wekan/wekan/pull/2541 - # Introduced a system env var BIGEVENTS_PATTERN default as "NONE", - # so any activityType matches the pattern, system will send out - # notifications to all board members no matter they are watching - # or tracking the board or not. Owner of the wekan server can - # disable the feature by setting this variable to "NONE" or - # change the pattern to any valid regex. i.e. '|' delimited - # activityType names. - # a) Example - #export BIGEVENTS_PATTERN=due - # b) All - #export BIGEVENTS_PATTERN=received|start|due|end - # c) Disabled - export BIGEVENTS_PATTERN=NONE - #--------------------------------------------------------------- - # ==== EMAIL DUE DATE NOTIFICATION ===== - # https://github.com/wekan/wekan/pull/2536 - # System timelines will be showing any user modification for - # dueat startat endat receivedat, also notification to - # the watchers and if any card is due, about due or past due. - # - # Notify due days, default is None. - #export NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0 - # it will notify user 2 days before due day and on the due day - # - # Notify due at hour of day. Default every morning at 8am. Can be 0-23. - # If env variable has parsing error, use default. Notification sent to watchers. - #export NOTIFY_DUE_AT_HOUR_OF_DAY=8 - #----------------------------------------------------------------- - # ==== EMAIL NOTIFICATION TIMEOUT, ms ===== - # Defaut: 30000 ms = 30s - #export EMAIL_NOTIFICATION_TIMEOUT=30000 - #----------------------------------------------------------------- - # CORS: Set Access-Control-Allow-Origin header. Example: * - #export CORS=* - # To enable the Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API. - #export CORS_ALLOW_HEADERS=Authorization,Content-Type - # To enable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: * - #export CORS_EXPOSE_HEADERS=* - #--------------------------------------------- - ## Optional: Integration with Matomo https://matomo.org that is installed to your server - ## The address of the server where Matomo is hosted: - ##export MATOMO_ADDRESS=https://example.com/matomo - #export MATOMO_ADDRESS= - ## The value of the site ID given in Matomo server for Wekan - # Example: export MATOMO_SITE_ID=123456789 - #export MATOMO_SITE_ID='' - ## The option do not track which enables users to not be tracked by matomo" - #Example: export MATOMO_DO_NOT_TRACK=false - #export MATOMO_DO_NOT_TRACK=true - ## The option that allows matomo to retrieve the username: - # Example: export MATOMO_WITH_USERNAME=true - #export MATOMO_WITH_USERNAME='false' - # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. - # Setting this to false is not recommended, it also disables all other browser policy protections - # and allows all iframing etc. See wekan/server/policy.js - # Default value: true - export BROWSER_POLICY_ENABLED=true - # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. - # Example: export TRUSTED_URL=http://example.com - export TRUSTED_URL='' - # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . - # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId - export WEBHOOKS_ATTRIBUTES='' - #--------------------------------------------- - # ==== OAUTH2 AZURE ==== - # https://github.com/wekan/wekan/wiki/Azure - # 1) Register the application with Azure. Make sure you capture - # the application ID as well as generate a secret key. - # 2) Configure the environment variables. This differs slightly - # by installation type, but make sure you have the following: - #export OAUTH2_ENABLED=true - # OAuth2 login style: popup or redirect. - #export OAUTH2_LOGIN_STYLE=redirect - # Application GUID captured during app registration: - #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx - # Secret key generated during app registration: - #export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx - #export OAUTH2_SERVER_URL=https://login.microsoftonline.com/ - #export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize - #export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo - #export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token - # OAUTH2 ID Token Whitelist Fields. - #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[] - # OAUTH2 Request Permissions. - #export OAUTH2_REQUEST_PERMISSIONS='openid profile email' - # The claim name you want to map to the unique ID field: - #export OAUTH2_ID_MAP=email - # The claim name you want to map to the username field: - #export OAUTH2_USERNAME_MAP=email - # The claim name you want to map to the full name field: - #export OAUTH2_FULLNAME_MAP=name - # Tthe claim name you want to map to the email field: - #export OAUTH2_EMAIL_MAP=email - #----------------------------------------------------------------- - # ==== OAUTH2 KEYCLOAK ==== - # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED - #export OAUTH2_ENABLED=true - # OAuth2 login style: popup or redirect. - #export OAUTH2_LOGIN_STYLE=redirect - #export OAUTH2_CLIENT_ID= - #export OAUTH2_SERVER_URL=/auth - #export OAUTH2_AUTH_ENDPOINT=/realms//protocol/openid-connect/auth - #export OAUTH2_USERINFO_ENDPOINT=/realms//protocol/openid-connect/userinfo - #export OAUTH2_TOKEN_ENDPOINT=/realms//protocol/openid-connect/token - #export OAUTH2_SECRET= - #----------------------------------------------------------------- - # ==== OAUTH2 DOORKEEPER ==== - # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 - # https://github.com/wekan/wekan/issues/1874 - # https://github.com/wekan/wekan/wiki/OAuth2 - # Enable the OAuth2 connection - #export OAUTH2_ENABLED=true - # OAuth2 login style: popup or redirect. - #export OAUTH2_LOGIN_STYLE=redirect - # OAuth2 Client ID. - #export OAUTH2_CLIENT_ID=abcde12345 - # OAuth2 Secret. - #export OAUTH2_SECRET=54321abcde - # OAuth2 Server URL. - #export OAUTH2_SERVER_URL=https://chat.example.com - # OAuth2 Authorization Endpoint. - #export OAUTH2_AUTH_ENDPOINT=/oauth/authorize - # OAuth2 Userinfo Endpoint. - #export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo - # OAuth2 Token Endpoint. - #export OAUTH2_TOKEN_ENDPOINT=/oauth/token - # OAuth2 ID Mapping - #export OAUTH2_ID_MAP= - # OAuth2 Username Mapping - #export OAUTH2_USERNAME_MAP= - # OAuth2 Fullname Mapping - #export OAUTH2_FULLNAME_MAP= - # OAuth2 Email Mapping - #export OAUTH2_EMAIL_MAP= - #--------------------------------------------- - # LDAP_ENABLE : Enable or not the connection by the LDAP - # example : export LDAP_ENABLE=true - #export LDAP_ENABLE=false - # LDAP_PORT : The port of the LDAP server - # example : export LDAP_PORT=389 - #export LDAP_PORT=389 - # LDAP_HOST : The host server for the LDAP server - # example : export LDAP_HOST=localhost - #export LDAP_HOST= - # LDAP_BASEDN : The base DN for the LDAP Tree - # example : export LDAP_BASEDN=ou=user,dc=example,dc=org - #export LDAP_BASEDN= - # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method - # example : export LDAP_LOGIN_FALLBACK=true - #export LDAP_LOGIN_FALLBACK=false - # LDAP_RECONNECT : Reconnect to the server if the connection is lost - # example : export LDAP_RECONNECT=false - #export LDAP_RECONNECT=true - # LDAP_TIMEOUT : Overall timeout, in milliseconds - # example : export LDAP_TIMEOUT=12345 - #export LDAP_TIMEOUT=10000 - # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds - # example : export LDAP_IDLE_TIMEOUT=12345 - #export LDAP_IDLE_TIMEOUT=10000 - # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds - # example : export LDAP_CONNECT_TIMEOUT=12345 - #export LDAP_CONNECT_TIMEOUT=10000 - # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search - # example : export LDAP_AUTHENTIFICATION=true - #export LDAP_AUTHENTIFICATION=false - # LDAP_AUTHENTIFICATION_USERDN : The search user DN - # example : export LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org - #export LDAP_AUTHENTIFICATION_USERDN= - # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user - # example : AUTHENTIFICATION_PASSWORD=admin - #export LDAP_AUTHENTIFICATION_PASSWORD= - # LDAP_LOG_ENABLED : Enable logs for the module - # example : export LDAP_LOG_ENABLED=true - #export LDAP_LOG_ENABLED=false - # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background - # example : export LDAP_BACKGROUND_SYNC=true - #export LDAP_BACKGROUND_SYNC=false - # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds - # At which interval does the background task sync in milliseconds. - # Leave this unset, so it uses default, and does not crash. - # https://github.com/wekan/wekan/issues/2354#issuecomment-515305722 - export LDAP_BACKGROUND_SYNC_INTERVAL='' - # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : - # example : export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true - #export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false - # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : - # example : export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true - #export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false - # LDAP_ENCRYPTION : If using LDAPS - # example : export LDAP_ENCRYPTION=ssl - #export LDAP_ENCRYPTION=false - # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. - # example : export LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- - #export LDAP_CA_CERT= - # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate - # example : export LDAP_REJECT_UNAUTHORIZED=true - #export LDAP_REJECT_UNAUTHORIZED=false - # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key). - #export LDAP_USER_AUTHENTICATION=true - # Which field is used to find the user for the user authentication. Default: uid. - #export LDAP_USER_AUTHENTICATION_FIELD=uid - # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed - # example : export LDAP_USER_SEARCH_FILTER= - #export LDAP_USER_SEARCH_FILTER= - # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) - # example : export LDAP_USER_SEARCH_SCOPE=one - #export LDAP_USER_SEARCH_SCOPE= - # LDAP_USER_SEARCH_FIELD : Which field is used to find the user - # example : export LDAP_USER_SEARCH_FIELD=uid - #export LDAP_USER_SEARCH_FIELD= - # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) - # example : export LDAP_SEARCH_PAGE_SIZE=12345 - #export LDAP_SEARCH_PAGE_SIZE=0 - # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) - # example : export LDAP_SEARCH_SIZE_LIMIT=12345 - #export LDAP_SEARCH_SIZE_LIMIT=0 - # LDAP_GROUP_FILTER_ENABLE : Enable group filtering - # example : export LDAP_GROUP_FILTER_ENABLE=true - #export LDAP_GROUP_FILTER_ENABLE=false - # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering - # example : export LDAP_GROUP_FILTER_OBJECTCLASS=group - #export LDAP_GROUP_FILTER_OBJECTCLASS= - # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : - # example : - #export LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= - # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : - # example : - #export LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= - # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : - # example : - #export LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= - # LDAP_GROUP_FILTER_GROUP_NAME : - # example : - #export LDAP_GROUP_FILTER_GROUP_NAME= - # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) - # example : export LDAP_UNIQUE_IDENTIFIER_FIELD=guid - #export LDAP_UNIQUE_IDENTIFIER_FIELD= - # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 - # example : export LDAP_UTF8_NAMES_SLUGIFY=false - #export LDAP_UTF8_NAMES_SLUGIFY=true - # LDAP_USERNAME_FIELD : Which field contains the ldap username - # example : export LDAP_USERNAME_FIELD=username - #export LDAP_USERNAME_FIELD= - # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname - # example : export LDAP_FULLNAME_FIELD=fullname - #export LDAP_FULLNAME_FIELD= - # LDAP_MERGE_EXISTING_USERS : - # example : export LDAP_MERGE_EXISTING_USERS=true - #export LDAP_MERGE_EXISTING_USERS=false - # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match - # example: LDAP_EMAIL_MATCH_ENABLE=true - #export LDAP_EMAIL_MATCH_ENABLE=false - # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match - # example: LDAP_EMAIL_MATCH_REQUIRE=true - #export LDAP_EMAIL_MATCH_REQUIRE=false - # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching - # example: LDAP_EMAIL_MATCH_VERIFIED=true - #export LDAP_EMAIL_MATCH_VERIFIED=false - # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address - # example: LDAP_EMAIL_FIELD=mail - #export LDAP_EMAIL_FIELD= - # LDAP_SYNC_USER_DATA : - # example : export LDAP_SYNC_USER_DATA=true - #export LDAP_SYNC_USER_DATA=false - # LDAP_SYNC_USER_DATA_FIELDMAP : - # example : export LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} - #export LDAP_SYNC_USER_DATA_FIELDMAP= - # LDAP_SYNC_GROUP_ROLES : - # example : - #export LDAP_SYNC_GROUP_ROLES= - # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP - # example : - #export LDAP_DEFAULT_DOMAIN= - # Enable/Disable syncing of admin status based on ldap groups: - #export LDAP_SYNC_ADMIN_STATUS=true - # Comma separated list of admin group names. - #export LDAP_SYNC_ADMIN_GROUPS=group1,group2 - #--------------------------------------------------------------------- - # Login to LDAP automatically with HTTP header. - # In below example for siteminder, at right side of = is header name. - #export HEADER_LOGIN_ID=HEADERUID - #export HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME - #export HEADER_LOGIN_LASTNAME=HEADERLASTNAME - #export HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS - #--------------------------------------------------------------------- - # LOGOUT_WITH_TIMER : Enables or not the option logout with timer - # example : LOGOUT_WITH_TIMER=true - #export LOGOUT_WITH_TIMER= - # LOGOUT_IN : The number of days - # example : LOGOUT_IN=1 - #export LOGOUT_IN= - #export LOGOUT_ON_HOURS= - # LOGOUT_ON_MINUTES : The number of minutes - # example : LOGOUT_ON_MINUTES=55 - #export LOGOUT_ON_MINUTES= + cd ~/repos/wekan/.build/bundle + #--------------------------------------------- + # Debug OIDC OAuth2 etc. + #export DEBUG=true + #--------------------------------------------- + export MONGO_URL='mongodb://127.0.0.1:27017/wekan' + #--------------------------------------------- + # Production: https://example.com/wekan + # Local: http://localhost:2000 + #export ipaddress=$(ifdata -pa eth0) + export ROOT_URL='http://localhost:2000' + #--------------------------------------------- + # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail + # https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml + export MAIL_URL='smtp://user:pass@mailserver.example.com:25/' + #--------------------------------------------- + #export KADIRA_OPTIONS_ENDPOINT=http://127.0.0.1:11011 + #--------------------------------------------- + # This is local port where Wekan Node.js runs, same as below on Caddyfile settings. + export PORT=2000 + #--------------------------------------------- + # Wekan Export Board works when WITH_API=true. + # If you disable Wekan API with false, Export Board does not work. + export WITH_API='true' + #--------------------------------------------------------------- + # ==== PASSWORD BRUTE FORCE PROTECTION ==== + #https://atmospherejs.com/lucasantoniassi/accounts-lockout + #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js + #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3 + #export ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60 + #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15 + #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3 + #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60 + #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15 + #--------------------------------------------------------------- + # ==== RICH TEXT EDITOR IN CARD COMMENTS ==== + # https://github.com/wekan/wekan/pull/2560 + export RICHER_CARD_COMMENT_EDITOR=false + #--------------------------------------------------------------- + # ==== CARD OPENED, SEND WEBHOOK MESSAGE ==== + export CARD_OPENED_WEBHOOK_ENABLED=false + #--------------------------------------------------------------- + # ==== Allow to shrink attached/pasted image ==== + # https://github.com/wekan/wekan/pull/2544 + #export MAX_IMAGE_PIXEL=1024 + #export IMAGE_COMPRESS_RATIO=80 + #--------------------------------------------------------------- + # ==== NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE ===== + # Number of days after a notification is read before we remove it. + # Default: 2 + #- NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE=2 + #--------------------------------------------------------------- + # ==== BIGEVENTS DUE ETC NOTIFICATIONS ===== + # https://github.com/wekan/wekan/pull/2541 + # Introduced a system env var BIGEVENTS_PATTERN default as "NONE", + # so any activityType matches the pattern, system will send out + # notifications to all board members no matter they are watching + # or tracking the board or not. Owner of the wekan server can + # disable the feature by setting this variable to "NONE" or + # change the pattern to any valid regex. i.e. '|' delimited + # activityType names. + # a) Example + #export BIGEVENTS_PATTERN=due + # b) All + #export BIGEVENTS_PATTERN=received|start|due|end + # c) Disabled + export BIGEVENTS_PATTERN=NONE + #--------------------------------------------------------------- + # ==== EMAIL DUE DATE NOTIFICATION ===== + # https://github.com/wekan/wekan/pull/2536 + # System timelines will be showing any user modification for + # dueat startat endat receivedat, also notification to + # the watchers and if any card is due, about due or past due. + # + # Notify due days, default is None. + #export NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0 + # it will notify user 2 days before due day and on the due day + # + # Notify due at hour of day. Default every morning at 8am. Can be 0-23. + # If env variable has parsing error, use default. Notification sent to watchers. + #export NOTIFY_DUE_AT_HOUR_OF_DAY=8 + #----------------------------------------------------------------- + # ==== EMAIL NOTIFICATION TIMEOUT, ms ===== + # Defaut: 30000 ms = 30s + #export EMAIL_NOTIFICATION_TIMEOUT=30000 + #----------------------------------------------------------------- + # CORS: Set Access-Control-Allow-Origin header. Example: * + #export CORS=* + # To enable the Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API. + #export CORS_ALLOW_HEADERS=Authorization,Content-Type + # To enable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: * + #export CORS_EXPOSE_HEADERS=* + #--------------------------------------------- + ## Optional: Integration with Matomo https://matomo.org that is installed to your server + ## The address of the server where Matomo is hosted: + ##export MATOMO_ADDRESS=https://example.com/matomo + #export MATOMO_ADDRESS= + ## The value of the site ID given in Matomo server for Wekan + # Example: export MATOMO_SITE_ID=123456789 + #export MATOMO_SITE_ID='' + ## The option do not track which enables users to not be tracked by matomo" + #Example: export MATOMO_DO_NOT_TRACK=false + #export MATOMO_DO_NOT_TRACK=true + ## The option that allows matomo to retrieve the username: + # Example: export MATOMO_WITH_USERNAME=true + #export MATOMO_WITH_USERNAME='false' + # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. + # Setting this to false is not recommended, it also disables all other browser policy protections + # and allows all iframing etc. See wekan/server/policy.js + # Default value: true + export BROWSER_POLICY_ENABLED=true + # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. + # Example: export TRUSTED_URL=http://example.com + export TRUSTED_URL='' + # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . + # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId + export WEBHOOKS_ATTRIBUTES='' + #--------------------------------------------- + # ==== OAUTH2 AZURE ==== + # https://github.com/wekan/wekan/wiki/Azure + # 1) Register the application with Azure. Make sure you capture + # the application ID as well as generate a secret key. + # 2) Configure the environment variables. This differs slightly + # by installation type, but make sure you have the following: + #export OAUTH2_ENABLED=true + # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting. + #export OAUTH2_ADFS_ENABLED=false + # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect + # Application GUID captured during app registration: + #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx + # Secret key generated during app registration: + #export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + #export OAUTH2_SERVER_URL=https://login.microsoftonline.com/ + #export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize + #export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo + #export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token + # The claim name you want to map to the unique ID field: + #export OAUTH2_ID_MAP=email + # The claim name you want to map to the username field: + #export OAUTH2_USERNAME_MAP=email + # The claim name you want to map to the full name field: + #export OAUTH2_FULLNAME_MAP=name + # The claim name you want to map to the email field: + #export OAUTH2_EMAIL_MAP=email + #----------------------------------------------------------------- + # ==== OAUTH2 KEYCLOAK ==== + # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED + #export OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect + #export OAUTH2_CLIENT_ID= + #export OAUTH2_SERVER_URL=/auth + #export OAUTH2_AUTH_ENDPOINT=/realms//protocol/openid-connect/auth + #export OAUTH2_USERINFO_ENDPOINT=/realms//protocol/openid-connect/userinfo + #export OAUTH2_TOKEN_ENDPOINT=/realms//protocol/openid-connect/token + #export OAUTH2_SECRET= + #----------------------------------------------------------------- + # ==== OAUTH2 DOORKEEPER ==== + # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 + # https://github.com/wekan/wekan/issues/1874 + # https://github.com/wekan/wekan/wiki/OAuth2 + # Enable the OAuth2 connection + #export OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect + # OAuth2 Client ID. + #export OAUTH2_CLIENT_ID=abcde12345 + # OAuth2 Secret. + #export OAUTH2_SECRET=54321abcde + # OAuth2 Server URL. + #export OAUTH2_SERVER_URL=https://chat.example.com + # OAuth2 Authorization Endpoint. + #export OAUTH2_AUTH_ENDPOINT=/oauth/authorize + # OAuth2 Userinfo Endpoint. + #export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo + # OAuth2 Token Endpoint. + #export OAUTH2_TOKEN_ENDPOINT=/oauth/token + # OAUTH2 ID Token Whitelist Fields. + #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[] + # OAUTH2 Request Permissions. + #export OAUTH2_REQUEST_PERMISSIONS='openid profile email' + # OAuth2 ID Mapping + #export OAUTH2_ID_MAP= + # OAuth2 Username Mapping + #export OAUTH2_USERNAME_MAP= + # OAuth2 Fullname Mapping + #export OAUTH2_FULLNAME_MAP= + # OAuth2 Email Mapping + #export OAUTH2_EMAIL_MAP= + #--------------------------------------------- + # LDAP_ENABLE : Enable or not the connection by the LDAP + # example : export LDAP_ENABLE=true + #export LDAP_ENABLE=false + # LDAP_PORT : The port of the LDAP server + # example : export LDAP_PORT=389 + #export LDAP_PORT=389 + # LDAP_HOST : The host server for the LDAP server + # example : export LDAP_HOST=localhost + #export LDAP_HOST= + # LDAP_BASEDN : The base DN for the LDAP Tree + # example : export LDAP_BASEDN=ou=user,dc=example,dc=org + #export LDAP_BASEDN= + # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method + # example : export LDAP_LOGIN_FALLBACK=true + #export LDAP_LOGIN_FALLBACK=false + # LDAP_RECONNECT : Reconnect to the server if the connection is lost + # example : export LDAP_RECONNECT=false + #export LDAP_RECONNECT=true + # LDAP_TIMEOUT : Overall timeout, in milliseconds + # example : export LDAP_TIMEOUT=12345 + #export LDAP_TIMEOUT=10000 + # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds + # example : export LDAP_IDLE_TIMEOUT=12345 + #export LDAP_IDLE_TIMEOUT=10000 + # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds + # example : export LDAP_CONNECT_TIMEOUT=12345 + #export LDAP_CONNECT_TIMEOUT=10000 + # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search + # example : export LDAP_AUTHENTIFICATION=true + #export LDAP_AUTHENTIFICATION=false + # LDAP_AUTHENTIFICATION_USERDN : The search user DN + # example : export LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org + #---------------------------------------------------------------------------- + # The search user DN - You need quotes when you have spaces in parameters + # 2 examples: + #export LDAP_AUTHENTIFICATION_USERDN="CN=ldap admin,CN=users,DC=domainmatter,DC=lan" + #export LDAP_AUTHENTIFICATION_USERDN="CN=wekan_adm,OU=serviceaccounts,OU=admin,OU=prod,DC=mydomain,DC=com" + #--------------------------------------------------------------------------- + # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user + # example : AUTHENTIFICATION_PASSWORD=admin + #export LDAP_AUTHENTIFICATION_PASSWORD= + # LDAP_LOG_ENABLED : Enable logs for the module + # example : export LDAP_LOG_ENABLED=true + #export LDAP_LOG_ENABLED=false + # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background + # example : export LDAP_BACKGROUND_SYNC=true + #export LDAP_BACKGROUND_SYNC=false + # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds + # At which interval does the background task sync in milliseconds. + # Leave this unset, so it uses default, and does not crash. + # https://github.com/wekan/wekan/issues/2354#issuecomment-515305722 + export LDAP_BACKGROUND_SYNC_INTERVAL='' + # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : + # example : export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true + #export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false + # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : + # example : export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true + #export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false + # LDAP_ENCRYPTION : If using LDAPS + # example : export LDAP_ENCRYPTION=ssl + #export LDAP_ENCRYPTION=false + # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. + # example : export LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- + #export LDAP_CA_CERT= + # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate + # example : export LDAP_REJECT_UNAUTHORIZED=true + #export LDAP_REJECT_UNAUTHORIZED=false + # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key). + #export LDAP_USER_AUTHENTICATION=true + # Which field is used to find the user for the user authentication. Default: uid. + #export LDAP_USER_AUTHENTICATION_FIELD=uid + # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed + # example : export LDAP_USER_SEARCH_FILTER= + #export LDAP_USER_SEARCH_FILTER= + # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) + # example : export LDAP_USER_SEARCH_SCOPE=one + #export LDAP_USER_SEARCH_SCOPE= + # LDAP_USER_SEARCH_FIELD : Which field is used to find the user + # example : export LDAP_USER_SEARCH_FIELD=uid + #export LDAP_USER_SEARCH_FIELD= + # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) + # example : export LDAP_SEARCH_PAGE_SIZE=12345 + #export LDAP_SEARCH_PAGE_SIZE=0 + # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) + # example : export LDAP_SEARCH_SIZE_LIMIT=12345 + #export LDAP_SEARCH_SIZE_LIMIT=0 + # LDAP_GROUP_FILTER_ENABLE : Enable group filtering + # example : export LDAP_GROUP_FILTER_ENABLE=true + #export LDAP_GROUP_FILTER_ENABLE=false + # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering + # example : export LDAP_GROUP_FILTER_OBJECTCLASS=group + #export LDAP_GROUP_FILTER_OBJECTCLASS= + # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : + # example : + #export LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= + # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : + # example : + #export LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= + # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : + # example : + #export LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= + # LDAP_GROUP_FILTER_GROUP_NAME : + # example : + #export LDAP_GROUP_FILTER_GROUP_NAME= + # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) + # example : export LDAP_UNIQUE_IDENTIFIER_FIELD=guid + #export LDAP_UNIQUE_IDENTIFIER_FIELD= + # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 + # example : export LDAP_UTF8_NAMES_SLUGIFY=false + #export LDAP_UTF8_NAMES_SLUGIFY=true + # LDAP_USERNAME_FIELD : Which field contains the ldap username + # example : export LDAP_USERNAME_FIELD=username + #export LDAP_USERNAME_FIELD= + # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname + # example : export LDAP_FULLNAME_FIELD=fullname + #export LDAP_FULLNAME_FIELD= + # LDAP_MERGE_EXISTING_USERS : + # example : export LDAP_MERGE_EXISTING_USERS=true + #export LDAP_MERGE_EXISTING_USERS=false + # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match + # example: LDAP_EMAIL_MATCH_ENABLE=true + #export LDAP_EMAIL_MATCH_ENABLE=false + # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match + # example: LDAP_EMAIL_MATCH_REQUIRE=true + #export LDAP_EMAIL_MATCH_REQUIRE=false + # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching + # example: LDAP_EMAIL_MATCH_VERIFIED=true + #export LDAP_EMAIL_MATCH_VERIFIED=false + # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address + # example: LDAP_EMAIL_FIELD=mail + #export LDAP_EMAIL_FIELD= + # LDAP_SYNC_USER_DATA : + # example : export LDAP_SYNC_USER_DATA=true + #export LDAP_SYNC_USER_DATA=false + # LDAP_SYNC_USER_DATA_FIELDMAP : + # example : export LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} + #export LDAP_SYNC_USER_DATA_FIELDMAP= + # LDAP_SYNC_GROUP_ROLES : + # example : + #export LDAP_SYNC_GROUP_ROLES= + # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP + # example : + #export LDAP_DEFAULT_DOMAIN= + # Enable/Disable syncing of admin status based on ldap groups: + #export LDAP_SYNC_ADMIN_STATUS=true + # Comma separated list of admin group names to sync. + #export LDAP_SYNC_ADMIN_GROUPS=group1,group2 + #--------------------------------------------------------------------- + # Login to LDAP automatically with HTTP header. + # In below example for siteminder, at right side of = is header name. + #export HEADER_LOGIN_ID=HEADERUID + #export HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME + #export HEADER_LOGIN_LASTNAME=HEADERLASTNAME + #export HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS + #--------------------------------------------------------------------- + # LOGOUT_WITH_TIMER : Enables or not the option logout with timer + # example : LOGOUT_WITH_TIMER=true + #export LOGOUT_WITH_TIMER= + # LOGOUT_IN : The number of days + # example : LOGOUT_IN=1 + #export LOGOUT_IN= + #export LOGOUT_ON_HOURS= + # LOGOUT_ON_MINUTES : The number of minutes + # example : LOGOUT_ON_MINUTES=55 + #export LOGOUT_ON_MINUTES= + #--------------------------------------------------------------------- + # PASSWORD_LOGIN_ENABLED : Enable or not the password login form. + #export PASSWORD_LOGIN_ENABLED=true - node main.js & >> ~/repos/wekan.log - cd ~/repos + node main.js & >> ~/repos/wekan.log + cd ~/repos #done diff --git a/sandstorm-pkgdef.capnp b/sandstorm-pkgdef.capnp index 56a47817f..e84a2641d 100644 --- a/sandstorm-pkgdef.capnp +++ b/sandstorm-pkgdef.capnp @@ -239,9 +239,6 @@ const myCommand :Spk.Manifest.Command = ( (key = "PATH", value = "/usr/local/bin:/usr/bin:/bin"), (key = "WITH_API", value = "true"), (key = "RICHER_CARD_COMMENT_EDITOR", value="false"), - (key = "SCROLLINERTIA", value="0"), - (key = "SCROLLAMOUNT", value="auto"), - (key = "SCROLLDELTAFACTOR", value="auto"), (key = "CARD_OPENED_WEBHOOK_ENABLED", value="false"), (key = "NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE", value=""), (key = "BIGEVENTS_PATTERN", value="NONE"), @@ -252,7 +249,8 @@ const myCommand :Spk.Manifest.Command = ( (key = "BROWSER_POLICY_ENABLED", value="true"), (key = "TRUSTED_URL", value=""), (key = "WEBHOOKS_ATTRIBUTES", value=""), - (key = "OAUTH2_ENABLED", value=""), + (key = "OAUTH2_ENABLED", value="false"), + (key = "OAUTH2_ADFS_ENABLED", value="false"), (key = "OAUTH2_CLIENT_ID", value="false"), (key = "OAUTH2_SECRET", value=""), (key = "OAUTH2_SERVER_URL", value=""), diff --git a/server/scroll.js b/server/scroll.js deleted file mode 100644 index e0cdc8493..000000000 --- a/server/scroll.js +++ /dev/null @@ -1,22 +0,0 @@ -Meteor.startup(() => { - // Mouse Scroll Intertia, issue #2949. Integer. - if (process.env.SCROLLINERTIA !== '0') { - Meteor.settings.public.SCROLLINERTIA = process.env.SCROLLINERTIA; - } else { - Meteor.settings.public.SCROLLINERTIA = 0; - } - - // Mouse Scroll Amount, issue #2949. "auto" or Integer. - if (process.env.SCROLLAMOUNT !== 'auto') { - Meteor.settings.public.SCROLLAMOUNT = process.env.SCROLLAMOUNT; - } else { - Meteor.settings.public.SCROLLAMOUNT = 'auto'; - } - - // Mouse Scroll DeltaFactor, issue #2949. "auto" or Integer. - if (process.env.SCROLLDELTAFACTOR !== 'auto') { - Meteor.settings.public.SCROLLDELTAFACTOR = process.env.SCROLLDELTAFACTOR; - } else { - Meteor.settings.public.SCROLLDELTAFACTOR = 'auto'; - } -}); diff --git a/snap-src/bin/config b/snap-src/bin/config index 1da986b01..fe2939ee8 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="DEBUG MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH SCROLLINERTIA SCROLLAMOUNT SCROLLDELTAFACTOR PASSWORD_LOGIN_ENABLED" +keys="DEBUG MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH PASSWORD_LOGIN_ENABLED" # default values DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'" @@ -168,10 +168,14 @@ DESCRIPTION_WEBHOOKS_ATTRIBUTES="What to send to Outgoing Webhook, or leave out. DEFAULT_WEBHOOKS_ATTRIBUTES="" KEY_WEBHOOKS_ATTRIBUTES="webhooks-attributes" -DESCRIPTION_OAUTH2_ENABLED="Enable the OAuth2 connection" +DESCRIPTION_OAUTH2_ENABLED="Enable the OAuth2 connection. Default: false" DEFAULT_OAUTH2_ENABLED="false" KEY_OAUTH2_ENABLED="oauth2-enabled" +DESCRIPTION_OAUTH2_ADFS_ENABLED="Enable OAuth2 ADFS. Default: false" +DEFAULT_OAUTH2_ADFS_ENABLED="false" +KEY_OAUTH2_ADFS_ENABLED="oauth2-adfs-enabled" + DESCRIPTION_OAUTH2_LOGIN_STYLE="OAuth2 login style: popup or redirect. Default: redirect" DEFAULT_OAUTH2_LOGIN_STYLE="redirect" KEY_OAUTH2_LOGIN_STYLE="oauth2-login-style" @@ -456,18 +460,6 @@ DESCRIPTION_DEFAULT_AUTHENTICATION_METHOD="The default authentication method use DEFAULT_DEFAULT_AUTHENTICATION_METHOD="" KEY_DEFAULT_AUTHENTICATION_METHOD="default-authentication-method" -DESCRIPTION_SCROLLINERTIA="Mousewheel scroll inertia, issue #2949. Default: 0" -DEFAULT_SCROLLINERTIA="0" -KEY_SCROLLINERTIA="scrollinertia" - -DESCRIPTION_SCROLLAMOUNT="Mousewheel scroll amount, issue #2949. Default: 'auto'" -DEFAULT_SCROLLAMOUNT="auto" -KEY_SCROLLAMOUNT="scrollamount" - -DESCRIPTION_SCROLLDELTAFACTOR="Mousewheel scroll deltafactor, issue #2949. Default: 'auto'" -DEFAULT_SCROLLDELTAFACTOR="auto" -KEY_SCROLLDELTAFACTOR="scrolldeltafactor" - DESCRIPTION_PASSWORD_LOGIN_ENABLED="To hide the password login form" DEFAULT_PASSWORD_LOGIN_ENABLED="true" KEY_PASSWORD_LOGIN_ENABLED="password-login-enabled" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index 9191209df..5547d14e6 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -13,12 +13,12 @@ echo -e "Debug OIDC OAuth2 etc." echo -e "To enable the Debug of Wekan:" echo -e "\t$ snap set $SNAP_NAME debug='true'" echo -e "\t-Disable the Debug of Wekan:" -echo -e "\t$ snap set $SNAP_NAME debug='false'" +echo -e "\t$ snap unset $SNAP_NAME debug" echo -e "\n" echo -e "To enable the MONGO_URL of Wekan:" echo -e "\t$ snap set $SNAP_NAME mongo-url='...'" echo -e "\t-Disable the MONGO_URL of Wekan:" -echo -e "\t$ snap set $SNAP_NAME mongo-url=''" +echo -e "\t$ snap unset $SNAP_NAME mongo-url" echo -e "\n" echo -e "Make sure you have connected all interfaces, check more by calling $ snap interfaces ${SNAP_NAME}" echo -e "\n" @@ -43,78 +43,74 @@ echo -e "\n" echo -e "To enable the API of wekan:" echo -e "\t$ snap set $SNAP_NAME with-api='true'" echo -e "\t-Disable the API:" -echo -e "\t$ snap set $SNAP_NAME with-api='false'" +echo -e "\t$ snap unset $SNAP_NAME with-api" echo -e "\n" echo -e "Accounts lockout known users failures before, greater than 0. Default: 3" echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-failures-before='3'" +echo -e "\t-Restore default:" +echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-known-users-failures-before" echo -e "\n" echo -e "Accounts lockout know users period, in seconds. Default: 60" echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-period='60'" +echo -e "\t-Restore default:" +echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-known-users-period" echo -e "\n" echo -e "Accounts lockout unknown failure window, in seconds. Default: 15" echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-failure-window='15'" +echo -e "\t-Restore default:" +echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-known-users-failure-window" echo -e "\n" echo -e "Accounts lockout unknown users failures before, greater than 0. Default: 3" echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-failures-before='3'" +echo -e "\t-Restore default:" +echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-unknown-users-failures-before" echo -e "\n" echo -e "Accounts lockout unknown users lockout period, in seconds. Default: 60" echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-lockout-period='60'" +echo -e "\t-Restore default:" +echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-unknown-users-lockout-period" echo -e "\n" echo -e "Accounts lockout unknown users failure window, in seconds. Default: 15" echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-failure-window='15'" +echo -e "\t-Restore default:" +echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-unknown-users-failure-window" echo -e "\n" echo -e "Rich text editor in card comments. Default: false https://github.com/wekan/wekan/pull/2560" -echo -e "Default:" +echo -e "Enable:" echo -e "\t$ snap set $SNAP_NAME richer-card-comment-editor='true'" -echo -e "Disabled:" -echo -e "\t$ snap set $SNAP_NAME richer-card-comment-editor='false'" -echo -e "\n" -echo -e "Mousewheel scroll inertia. Default: 0. https://github.com/wekan/wekan/issues/2949" -echo -e "Enable:" -echo -e "\t$ snap set $SNAP_NAME scrollinertia='950'" -echo -e "Disable, default:" -echo -e "\t$ snap set $SNAP_NAME scrollinertia='0'" -echo -e "\n" -echo -e "Mousewheel scroll amount. Default: 'auto'. Allowed: 'auto' or Integer number. https://github.com/wekan/wekan/issues/2949" -echo -e "Enable:" -echo -e "\t$ snap set $SNAP_NAME scrollamount='950'" -echo -e "Disable, default:" -echo -e "\t$ snap set $SNAP_NAME scrollamount='auto'" -echo -e "\n" -echo -e "Mousewheel scroll deltafactor. Default: 'auto'. Allowed: 'auto' or Integer number. https://github.com/wekan/wekan/issues/2949" -echo -e "Enable:" -echo -e "\t$ snap set $SNAP_NAME scrolldeltafactor='950'" -echo -e "Disable, default:" -echo -e "\t$ snap set $SNAP_NAME scrolldeltafactor='auto'" +echo -e "Disable:" +echo -e "\t$ snap unset $SNAP_NAME richer-card-comment-editor" echo -e "\n" echo -e "Card opened, send webhook message. Default: false https://github.com/wekan/wekan/issues/2518" echo -e "Enable:" echo -e "\t$ snap set $SNAP_NAME card-opened-webhook-enabled='true'" echo -e "Disable, default:" -echo -e "\t$ snap set $SNAP_NAME card-opened-webhook-enabled='false'" +echo -e "\t$ snap unset $SNAP_NAME card-opened-webhook-enabled" echo -e "\n" echo -e "Max image pixel: Allow to shrink attached/pasted image https://github.com/wekan/wekan/pull/2544" echo -e "Example:" echo -e "\t$ snap set $SNAP_NAME max-image-pixel='1024'" -echo -e "Disabled:" -echo -e "\t$ snap set $SNAP_NAME max-image-pixel=''" +echo -e "Disable:" +echo -e "\t$ snap unset $SNAP_NAME max-image-pixel" echo -e "\n" echo -e "Image compress ratio: Allow to shrink attached/pasted image https://github.com/wekan/wekan/pull/2544" echo -e "Example:" echo -e "\t$ snap set $SNAP_NAME image-compress-ratio='80'" -echo -e "Disabled:" -echo -e "\t$ snap set $SNAP_NAME image-compress-ratio=''" +echo -e "Disable:" +echo -e "\t$ snap unset $SNAP_NAME image-compress-ratio" echo -e "\n" echo -e "Allow to set attachment upload into specified server location. Create that directory first. https://github.com/wekan/wekan/pull/2603" echo -e "Example:" echo -e "\t$ snap set $SNAP_NAME attachments-store-path='/var/snap/wekan/common/attachments'" -echo -e "Disabled:" -echo -e "\t$ snap set $SNAP_NAME attachments-store-path=''" +echo -e "Disable:" +echo -e "\t$ snap unset $SNAP_NAME attachments-store-path" echo -e "\n" echo -e "NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE https://github.com/wekan/wekan/pull/2998" echo -e "Number of days after a notification is read before we remove it. Default: 2." -echo -e "Default:" -echo -e "\t$ snap set $SNAP_NAME notification-tray-after-read-days-before-remove='2'" +echo -e "Example:" +echo -e "\t$ snap set $SNAP_NAME notification-tray-after-read-days-before-remove='4'" +echo -e "Restore default:" +echo -e "\t$ snap unset $SNAP_NAME notification-tray-after-read-days-before-remove" echo -e "\n" echo -e "BIGEVENTS DUE ETC NOTIFICATIONS https://github.com/wekan/wekan/pull/2541" echo -e "Big events pattern: Notify always due etc regardless of notification settings. Default: due, All: received|start|due|end, Disabled: NONE" @@ -131,34 +127,34 @@ echo -e "Notify due days, number less than 15 or negative number accepted, you c echo -e "To enable different Notify for Due Days on 2 days before, and on the event day " echo -e "\t$ snap set $SNAP_NAME notify-due-days-before-and-after='2,0'" echo -e "\t-Disable Notifying for Due Days:" -echo -e "\t$ snap set $SNAP_NAME notify-due-days-before-and-after=''" +echo -e "\t$ snap unset $SNAP_NAME notify-due-days-before-and-after" echo -e "\n" echo -e "Notify due at hour of day. Default every morning at 8am. Can be 0-23." echo -e "If env variable has parsing error, use default. Notification sent to watchers." echo -e "To enable different Notify Due At Hour Of Day than default 8:" echo -e "\t$ snap set $SNAP_NAME notify-due-at-hour-of-day='10'" echo -e "\t-To set back default 8 of Notify Due at Hour of Day:" -echo -e "\t$ snap set $SNAP_NAME notify-due-at-hour-of-day=''" +echo -e "\t$ snap unset $SNAP_NAME notify-due-at-hour-of-day" echo -e "\n" echo -e "To enable the Email Notification Timeout of wekan in ms, default 30000 (=30s):" echo -e "\t$ snap set $SNAP_NAME email-notification-timeout='10000'" -echo -e "\t-Disable the Email Notification Timeout of Wekan:" -echo -e "\t$ snap set $SNAP_NAME email-notification-timeout='30000'" +echo -e "\t-Restore default:" +echo -e "\t$ snap unset $SNAP_NAME email-notification-timeout" echo -e "\n" echo -e "To enable the CORS of wekan, to set Access-Control-Allow-Origin header:" echo -e "\t$ snap set $SNAP_NAME cors='*'" echo -e "\t-Disable the CORS:" -echo -e "\t$ snap set $SNAP_NAME cors=''" +echo -e "\t$ snap unset $SNAP_NAME cors" echo -e "\n" echo -e "To enable the Set Access-Control-Allow-Headers header. \"Authorization,Content-Type\" is required for cross-origin use of the API." echo -e "\t$ snap set $SNAP_NAME cors-allow-headers='Authorization,Content-Type'" echo -e "\t-Disable the Set Access-Control-Allow-Headers header. \"Authorization,Content-Type\" is required for cross-origin use of the API." -echo -e "\t$ snap set $SNAP_NAME cors-allow-headers=''" +echo -e "\t$ snap unset $SNAP_NAME cors-allow-headers" echo -e "\n" echo -e "To enable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: *" echo -e "\t$ snap set $SNAP_NAME cors-expose-headers='*'" echo -e "\t-Disable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: ''" -echo -e "\t$ snap set $SNAP_NAME cors-expose-headers=''" +echo -e "\t$ snap unset $SNAP_NAME cors-expose-headers" echo -e "\n" echo -e "Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside." echo -e "\t\t Setting this to false is not recommended, it also disables all other browser policy protections" @@ -172,19 +168,31 @@ echo -e "When browser policy is enabled, HTML code at this URL can have iframe t echo -e "To enable the Trusted URL of Wekan:" echo -e "\t$ snap set $SNAP_NAME trusted-url='https://example.com'" echo -e "\t-Disable the Trusted URL of Wekan:" -echo -e "\t$ snap set $SNAP_NAME trusted-url=''" +echo -e "\t$ snap unset $SNAP_NAME trusted-url" echo -e "\n" echo -e "What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId ." echo -e "To enable the Webhooks Attributes of Wekan:" echo -e "\t$ snap set $SNAP_NAME webhooks-attributes='cardId,listId,oldListId,boardId,comment,user,card,commentId'" echo -e "\t-Disable the Webhooks Attributes of Wekan to send all default ones:" -echo -e "\t$ snap set $SNAP_NAME webhooks-attributes=''" +echo -e "\t$ snap unset $SNAP_NAME webhooks-attributes" +echo -e "\n" +echo -e "OAuth2 Enabled." +echo -e "To enable the OAuth2 of Wekan:" +echo -e "\t$ snap set $SNAP_NAME oauth2-enabled='true'" +echo -e "\t-Disable the OAuth2 of Wekan:" +echo -e "\t$ snap unset $SNAP_NAME oauth2-enabled" +echo -e "\n" +echo -e "OAuth2 ADFS Enabled. Also requires oauth2-enabled='true'" +echo -e "To enable the OAuth2 ADFS of Wekan:" +echo -e "\t$ snap set $SNAP_NAME oauth2-adfs-enabled='true'" +echo -e "\t-Disable the OAuth2 ADFS of Wekan:" +echo -e "\t$ snap unset $SNAP_NAME oauth2-adfs-enabled" echo -e "\n" echo -e "OAuth2 Client ID." echo -e "To enable the OAuth2 Client ID of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-client-id='54321abcde'" echo -e "\t-Disable the OAuth2 Client ID of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-client-id=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-client-id" echo -e "\n" echo -e "OAuth2 login style: popup or redirect. Default: redirect" echo -e "To enable the OAuth2 login style popup of Wekan:" @@ -196,67 +204,67 @@ echo -e "OAuth2 Secret." echo -e "To enable the OAuth2 Secret of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-secret='54321abcde'" echo -e "\t-Disable the OAuth2 Secret of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-secret=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-secret" echo -e "\n" echo -e "OAuth2 Server URL." echo -e "To enable the OAuth2 Server URL of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-server-url='https://chat.example.com'" echo -e "\t-Disable the OAuth2 Server URL of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-server-url=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-server-url" echo -e "\n" echo -e "OAuth2 Authorization Endpoint." echo -e "To enable the OAuth2 Authorization Endpoint of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-auth-endpoint='/oauth/authorize'" echo -e "\t-Disable the OAuth2 Authorization Endpoint of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-auth-endpoint=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-auth-endpoint" echo -e "\n" echo -e "OAuth2 Userinfo Endpoint." echo -e "To enable the OAuth2 Userinfo Endpoint of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-userinfo-endpoint='/oauth/authorize'" echo -e "\t-Disable the OAuth2 Userinfo Endpoint of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-userinfo-endpoint=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-userinfo-endpoint" echo -e "\n" echo -e "OAuth2 Token Endpoint." echo -e "To enable the OAuth2 Token Endpoint of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint='/oauth/token'" echo -e "\t-Disable the OAuth2 Token Endpoint of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-token-endpoint" echo -e "\n" echo -e "OAuth2 ID Token Whitelist Fields." echo -e "To enable the OAuth2 ID Token Whitelist Fields of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=[]" echo -e "\t-Disable the OAuth2 ID Token Whitelist Fields of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-id-token-whitelist-fields" echo -e "\n" echo -e "OAuth2 Request Permissions." echo -e "To enable the OAuth2 Request Permissions of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=\"'openid profile email'\"" echo -e "\t-Disable the OAuth2 Request Permissions of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-request-permissions" echo -e "\n" echo -e "OAuth2 ID Mapping." echo -e "To enable the OAuth2 ID Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-id-map='username.uid'" echo -e "\t-Disable the OAuth2 ID Mapping of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-id-map=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-id-map" echo -e "\n" echo -e "OAuth2 Username Mapping." echo -e "To enable the OAuth2 Username Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-username-map='username'" echo -e "\t-Disable the OAuth2 Username Mapping of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-username-map=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-username-map" echo -e "\n" echo -e "OAuth2 Fullname Mapping." echo -e "To enable the OAuth2 Fullname Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map='fullname'" echo -e "\t-Disable the OAuth2 Fullname Mapping of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-fullname-map" echo -e "\n" echo -e "OAuth2 Email Mapping." echo -e "To enable the OAuth2 Email Mapping of Wekan:" echo -e "\t$ snap set $SNAP_NAME oauth2-email-map='email'" echo -e "\t-Disable the OAuth2 Email Mapping of Wekan:" -echo -e "\t$ snap set $SNAP_NAME oauth2-email-map=''" +echo -e "\t$ snap unset $SNAP_NAME oauth2-email-map" echo -e "\n" echo -e "Ldap Enable." echo -e "To enable the ldap of Wekan:" diff --git a/start-wekan.bat b/start-wekan.bat index c87d6770c..c15ccd96a 100644 --- a/start-wekan.bat +++ b/start-wekan.bat @@ -22,12 +22,6 @@ REM # ==== RICH TEXT EDITOR IN CARD COMMENTS ==== REM # https://github.com/wekan/wekan/pull/2560 SET RICHER_CARD_COMMENT_EDITOR=false -REM # ==== MOUSE SCROLL ==== -REM # https://github.com/wekan/wekan/issues/2949 -SET SCROLLINERTIA=0 -SET SCROLLAMOUNT=auto -SET SCROLLDELTAFACTOR=auto - REM # ==== CARD OPENED, SEND WEBHOOK MESSAGE ==== SET CARD_OPENED_WEBHOOK_ENABLED=false @@ -125,6 +119,9 @@ REM # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 REM # example: OAUTH2_ENABLED=true REM SET OAUTH2_ENABLED=false +REM # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting. +REM SET OAUTH2_ADFS_ENABLED=false + REM # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345 REM # example: OAUTH2_CLIENT_ID=abcde12345 REM SET OAUTH2_CLIENT_ID= diff --git a/start-wekan.sh b/start-wekan.sh index b3dfce5a1..48f2a13bf 100755 --- a/start-wekan.sh +++ b/start-wekan.sh @@ -41,12 +41,6 @@ # https://github.com/wekan/wekan/pull/2560 export RICHER_CARD_COMMENT_EDITOR=false #--------------------------------------------------------------- - # ==== MOUSE SCROLL ==== - # https://github.com/wekan/wekan/issues/2949 - export SCROLLINERTIA=0 - export SCROLLAMOUNT=auto - export SCROLLDELTAFACTOR=auto - #--------------------------------------------------------------- # ==== CARD OPENED, SEND WEBHOOK MESSAGE ==== export CARD_OPENED_WEBHOOK_ENABLED=false #--------------------------------------------------------------- @@ -133,6 +127,8 @@ # 2) Configure the environment variables. This differs slightly # by installation type, but make sure you have the following: #export OAUTH2_ENABLED=true + # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting. + #export OAUTH2_ADFS_ENABLED=false # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 # OAuth2 login style: popup or redirect. #export OAUTH2_LOGIN_STYLE=redirect diff --git a/torodb-postgresql/docker-compose.yml b/torodb-postgresql/docker-compose.yml index f629379ef..940958abf 100644 --- a/torodb-postgresql/docker-compose.yml +++ b/torodb-postgresql/docker-compose.yml @@ -230,12 +230,6 @@ services: # https://github.com/wekan/wekan/pull/2560 - RICHER_CARD_COMMENT_EDITOR=false #--------------------------------------------------------------- - # ==== MOUSE SCROLL ==== - # https://github.com/wekan/wekan/issues/2949 - - SCROLLINERTIA=0 - - SCROLLAMOUNT=auto - - SCROLLDELTAFACTOR=auto - #--------------------------------------------------------------- # ==== CARD OPENED, SEND WEBHOOK MESSAGE ==== # https://github.com/wekan/wekan/issues/2518 - CARD_OPENED_WEBHOOK_ENABLED=false @@ -321,6 +315,8 @@ services: # Enable the OAuth2 connection # example: OAUTH2_ENABLED=true #- OAUTH2_ENABLED=false + # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting. + #- OAUTH2_ADFS_ENABLED=false # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345 # example: OAUTH2_CLIENT_ID=abcde12345