- Remove mouse scroll settings of already removed custom scrollbar.

- Add setting OAUTH2_ADFS_ENABLED=false
- Add testing for both string and boolean version of true

Thanks to xet7 !

Fixes #2949

.devcontainer/Dockerfile

@@ -39,6 +39,7 @@ ENV \
     TRUSTED_URL="" \
     WEBHOOKS_ATTRIBUTES="" \
     OAUTH2_ENABLED=false \
+    OAUTH2_ADFS_ENABLED=false \
     OAUTH2_LOGIN_STYLE=redirect \
     OAUTH2_CLIENT_ID="" \
     OAUTH2_SECRET="" \
@@ -112,9 +113,6 @@ ENV \
     CORS_ALLOW_HEADERS="" \
     CORS_EXPOSE_HEADERS="" \
     DEFAULT_AUTHENTICATION_METHOD="" \
-    SCROLLINERTIA="0" \
-    SCROLLAMOUNT="auto" \
-    SCROLLDELTAFACTOR="auto" \
     PASSWORD_LOGIN_ENABLED=true
 
 # Install OS

Dockerfile

@@ -41,6 +41,7 @@ ENV BUILD_DEPS="apt-utils libarchive-tools gnupg gosu wget curl bzip2 g++ build-
     TRUSTED_URL="" \
     WEBHOOKS_ATTRIBUTES="" \
     OAUTH2_ENABLED=false \
+    OAUTH2_ADFS_ENABLED=false \
     OAUTH2_LOGIN_STYLE=redirect \
     OAUTH2_CLIENT_ID="" \
     OAUTH2_SECRET="" \
@@ -114,9 +115,6 @@ ENV BUILD_DEPS="apt-utils libarchive-tools gnupg gosu wget curl bzip2 g++ build-
     CORS_ALLOW_HEADERS="" \
     CORS_EXPOSE_HEADERS="" \
     DEFAULT_AUTHENTICATION_METHOD="" \
-    SCROLLINERTIA="0" \
-    SCROLLAMOUNT="auto" \
-    SCROLLDELTAFACTOR="auto" \
     PASSWORD_LOGIN_ENABLED=true
 
 # Copy the app to the image

docker-compose.yml

@@ -242,12 +242,6 @@ services:
       # https://github.com/wekan/wekan/pull/2560
       - RICHER_CARD_COMMENT_EDITOR=false
       #---------------------------------------------------------------
-      # ==== MOUSE SCROLL ====
-      # https://github.com/wekan/wekan/issues/2949
-      - SCROLLINERTIA=0
-      - SCROLLAMOUNT=auto
-      - SCROLLDELTAFACTOR=auto
-      #---------------------------------------------------------------
       # ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
       # https://github.com/wekan/wekan/issues/2518
       - CARD_OPENED_WEBHOOK_ENABLED=false
@@ -336,6 +330,8 @@ services:
       # 2) Configure the environment variables. This differs slightly
       #     by installation type, but make sure you have the following:
       #- OAUTH2_ENABLED=true
+      # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
+      #- OAUTH2_ADFS_ENABLED=false
       # OAuth2 login style: popup or redirect.
       #- OAUTH2_LOGIN_STYLE=redirect
       # Application GUID captured during app registration:

models/settings.js

@@ -187,19 +187,26 @@ if (Meteor.isServer) {
   }
 
   function isLdapEnabled() {
-    return process.env.LDAP_ENABLE === 'true';
+    return (
+      process.env.LDAP_ENABLE === 'true' || process.env.LDAP_ENABLE === true
+    );
   }
 
   function isOauth2Enabled() {
-    return process.env.OAUTH2_ENABLED === 'true';
+    return (
+      process.env.OAUTH2_ENABLED === 'true' ||
+      process.env.OAUTH2_ENABLED === true
+    );
   }
 
   function isCasEnabled() {
-    return process.env.CAS_ENABLED === 'true';
+    return (
+      process.env.CAS_ENABLED === 'true' || process.env.CAS_ENABLED === true
+    );
   }
 
   function isApiEnabled() {
-    return process.env.WITH_API === 'true';
+    return process.env.WITH_API === 'true' || process.env.WITH_API === true;
   }
 
   Meteor.methods({

packages/wekan-oidc/oidc_server.js

@@ -9,9 +9,9 @@ OAuth.registerService('oidc', 2, null, function (query) {
   var accessToken = token.access_token || token.id_token;
   var expiresAt = (+new Date) + (1000 * parseInt(token.expires_in, 10));
 
-  var claimsInAccessToken = process.env.OAUTH2_ADFS || false; 
+  var claimsInAccessToken = (process.env.OAUTH2_ADFS_ENABLED === 'true' || process.env.OAUTH2_ADFS_ENABLED === true) || false;
-  
+
-  var userinfo; 
+  var userinfo;
   if(claimsInAccessToken)
   {
     // hack when using custom claims in the accessToken. On premise ADFS
@@ -22,7 +22,7 @@ OAuth.registerService('oidc', 2, null, function (query) {
     // normal behaviour, getting the claims from UserInfo endpoint.
     userinfo = getUserInfo(accessToken);
   }
-  
+
   if (userinfo.ocs) userinfo = userinfo.ocs.data; // Nextcloud hack
   if (userinfo.metadata) userinfo = userinfo.metadata // Openshift hack
   if (debug) console.log('XXX: userinfo:', userinfo);

releases/virtualbox/start-wekan.sh

@@ -1,351 +1,367 @@
 # If you want to restart even on crash, uncomment while and done lines.
 
 #while true; do
-        cd ~/repos/wekan/.build/bundle
+      cd ~/repos/wekan/.build/bundle
-        #---------------------------------------------
+      #---------------------------------------------
-        # Debug OIDC OAuth2 etc.
+      # Debug OIDC OAuth2 etc.
-        #export export DEBUG=true
+      #export DEBUG=true
-        #---------------------------------------------
+      #---------------------------------------------
-        export MONGO_URL='mongodb://127.0.0.1:27017/admin'
+      export MONGO_URL='mongodb://127.0.0.1:27017/wekan'
-        # ROOT_URL EXAMPLES FOR WEBSERVERS: https://github.com/wekan/wekan/wiki/Settings
+      #---------------------------------------------
-        # Production: https://example.com/wekan
+      # Production: https://example.com/wekan
-        # Local: http://localhost:3000
+      # Local: http://localhost:2000
-        #export ipaddress=$(ifdata -pa eth0)
+      #export ipaddress=$(ifdata -pa eth0)
-        export ROOT_URL='http://localhost'
+      export ROOT_URL='http://localhost:2000'
-        #---------------------------------------------
+      #---------------------------------------------
-        # Working email IS NOT REQUIRED to use Wekan.
+      # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
-        # https://github.com/wekan/wekan/wiki/Adding-users
+      # https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml
-        # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
+      export MAIL_URL='smtp://user:pass@mailserver.example.com:25/'
-        # https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml
+      #---------------------------------------------
-        export MAIL_URL='smtp://user:pass@mailserver.example.com:25/'
+      #export KADIRA_OPTIONS_ENDPOINT=http://127.0.0.1:11011
-        export MAIL_FROM='Wekan Support <support@example.com>'
+      #---------------------------------------------
-        # This is local port where Wekan Node.js runs, same as below on Caddyfile settings.
+      # This is local port where Wekan Node.js runs, same as below on Caddyfile settings.
-        export PORT=80
+      export PORT=2000
-        #---------------------------------------------
+      #---------------------------------------------
-        # Wekan Export Board works when WITH_API='true'.
+      # Wekan Export Board works when WITH_API=true.
-        # If you disable Wekan API, Export Board does not work.
+      # If you disable Wekan API with false, Export Board does not work.
-        export WITH_API='true'
+      export WITH_API='true'
-        #---------------------------------------------------------------
+      #---------------------------------------------------------------
-        # ==== PASSWORD BRUTE FORCE PROTECTION ====
+      # ==== PASSWORD BRUTE FORCE PROTECTION ====
-        #https://atmospherejs.com/lucasantoniassi/accounts-lockout
+      #https://atmospherejs.com/lucasantoniassi/accounts-lockout
-        #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
+      #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
-        #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
+      #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
-        #export ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
+      #export ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
-        #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
+      #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
-        #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
+      #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
-        #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
+      #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
-        #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
+      #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
-        #---------------------------------------------------------------
+      #---------------------------------------------------------------
-        # ==== RICH TEXT EDITOR IN CARD COMMENTS ====
+      # ==== RICH TEXT EDITOR IN CARD COMMENTS ====
-        # https://github.com/wekan/wekan/pull/2560
+      # https://github.com/wekan/wekan/pull/2560
-        export RICHER_CARD_COMMENT_EDITOR=true
+      export RICHER_CARD_COMMENT_EDITOR=false
-        #---------------------------------------------------------------
+      #---------------------------------------------------------------
-        # ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
+      # ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
-        export CARD_OPENED_WEBHOOK_ENABLED=false
+      export CARD_OPENED_WEBHOOK_ENABLED=false
-        #---------------------------------------------------------------
+      #---------------------------------------------------------------
-        # ==== Allow to shrink attached/pasted image ====
+      # ==== Allow to shrink attached/pasted image ====
-        # https://github.com/wekan/wekan/pull/2544
+      # https://github.com/wekan/wekan/pull/2544
-        #export MAX_IMAGE_PIXEL=1024
+      #export MAX_IMAGE_PIXEL=1024
-        #export IMAGE_COMPRESS_RATIO=80
+      #export IMAGE_COMPRESS_RATIO=80
-        #---------------------------------------------------------------
+      #---------------------------------------------------------------
-        # ==== BIGEVENTS DUE ETC NOTIFICATIONS =====
+      # ==== NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE =====
-        # https://github.com/wekan/wekan/pull/2541
+      # Number of days after a notification is read before we remove it.
-        # Introduced a system env var BIGEVENTS_PATTERN default as "NONE",
+      # Default: 2
-        # so any activityType matches the pattern, system will send out
+      #- NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE=2
-        # notifications to all board members no matter they are watching
+      #---------------------------------------------------------------
-        # or tracking the board or not. Owner of the wekan server can
+      # ==== BIGEVENTS DUE ETC NOTIFICATIONS =====
-        # disable the feature by setting this variable to "NONE" or
+      # https://github.com/wekan/wekan/pull/2541
-        # change the pattern to any valid regex. i.e. '|' delimited
+      # Introduced a system env var BIGEVENTS_PATTERN default as "NONE",
-        # activityType names.
+      # so any activityType matches the pattern, system will send out
-        # a) Example
+      # notifications to all board members no matter they are watching
-        #export BIGEVENTS_PATTERN=due
+      # or tracking the board or not. Owner of the wekan server can
-        # b) All
+      # disable the feature by setting this variable to "NONE" or
-        #export BIGEVENTS_PATTERN=received|start|due|end
+      # change the pattern to any valid regex. i.e. '|' delimited
-        # c) Disabled
+      # activityType names.
-        export BIGEVENTS_PATTERN=NONE
+      # a) Example
-        #---------------------------------------------------------------
+      #export BIGEVENTS_PATTERN=due
-        # ==== EMAIL DUE DATE NOTIFICATION =====
+      # b) All
-        # https://github.com/wekan/wekan/pull/2536
+      #export BIGEVENTS_PATTERN=received|start|due|end
-        # System timelines will be showing any user modification for
+      # c) Disabled
-        # dueat startat endat receivedat, also notification to
+      export BIGEVENTS_PATTERN=NONE
-        # the watchers and if any card is due, about due or past due.
+      #---------------------------------------------------------------
-        #
+      # ==== EMAIL DUE DATE NOTIFICATION =====
-        # Notify due days, default is None. 
+      # https://github.com/wekan/wekan/pull/2536
-        #export NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0
+      # System timelines will be showing any user modification for
-        # it will notify user 2 days before due day and on the due day
+      # dueat startat endat receivedat, also notification to
-        #
+      # the watchers and if any card is due, about due or past due.
-        # Notify due at hour of day. Default every morning at 8am. Can be 0-23.
+      #
-        # If env variable has parsing error, use default. Notification sent to watchers.
+      # Notify due days, default is None.
-        #export NOTIFY_DUE_AT_HOUR_OF_DAY=8
+      #export NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0
-        #-----------------------------------------------------------------
+      # it will notify user 2 days before due day and on the due day
-        # ==== EMAIL NOTIFICATION TIMEOUT, ms =====
+      #
-        # Defaut: 30000 ms = 30s
+      # Notify due at hour of day. Default every morning at 8am. Can be 0-23.
-        #export EMAIL_NOTIFICATION_TIMEOUT=30000
+      # If env variable has parsing error, use default. Notification sent to watchers.
-        #-----------------------------------------------------------------
+      #export NOTIFY_DUE_AT_HOUR_OF_DAY=8
-        # CORS: Set Access-Control-Allow-Origin header. Example: *
+      #-----------------------------------------------------------------
-        #export CORS=*
+      # ==== EMAIL NOTIFICATION TIMEOUT, ms =====
-        # To enable the Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API.
+      # Defaut: 30000 ms = 30s
-        #export CORS_ALLOW_HEADERS=Authorization,Content-Type
+      #export EMAIL_NOTIFICATION_TIMEOUT=30000
-        # To enable the Set Access-Control-Expose-Headers header.  This is not needed for typical CORS situations. Example: *
+      #-----------------------------------------------------------------
-        #export CORS_EXPOSE_HEADERS=*
+      # CORS: Set Access-Control-Allow-Origin header. Example: *
-        #---------------------------------------------
+      #export CORS=*
-        ## Optional: Integration with Matomo https://matomo.org that is installed to your server
+      # To enable the Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API.
-        ## The address of the server where Matomo is hosted:
+      #export CORS_ALLOW_HEADERS=Authorization,Content-Type
-        ##export MATOMO_ADDRESS=https://example.com/matomo
+      # To enable the Set Access-Control-Expose-Headers header.  This is not needed for typical CORS situations. Example: *
-        #export MATOMO_ADDRESS=
+      #export CORS_EXPOSE_HEADERS=*
-        ## The value of the site ID given in Matomo server for Wekan
+      #---------------------------------------------
-        # Example: export MATOMO_SITE_ID=123456789
+      ## Optional: Integration with Matomo https://matomo.org that is installed to your server
-        #export MATOMO_SITE_ID=''
+      ## The address of the server where Matomo is hosted:
-        ## The option do not track which enables users to not be tracked by matomo"
+      ##export MATOMO_ADDRESS=https://example.com/matomo
-        #Example: export MATOMO_DO_NOT_TRACK=false
+      #export MATOMO_ADDRESS=
-        #export MATOMO_DO_NOT_TRACK=true
+      ## The value of the site ID given in Matomo server for Wekan
-        ## The option that allows matomo to retrieve the username:
+      # Example: export MATOMO_SITE_ID=123456789
-        # Example: export MATOMO_WITH_USERNAME=true
+      #export MATOMO_SITE_ID=''
-        #export MATOMO_WITH_USERNAME='false'
+      ## The option do not track which enables users to not be tracked by matomo"
-        # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
+      #Example: export MATOMO_DO_NOT_TRACK=false
-        # Setting this to false is not recommended, it also disables all other browser policy protections
+      #export MATOMO_DO_NOT_TRACK=true
-        # and allows all iframing etc. See wekan/server/policy.js
+      ## The option that allows matomo to retrieve the username:
-        # Default value: true
+      # Example: export MATOMO_WITH_USERNAME=true
-        export BROWSER_POLICY_ENABLED=true
+      #export MATOMO_WITH_USERNAME='false'
-        # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
+      # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
-        # Example: export TRUSTED_URL=http://example.com
+      # Setting this to false is not recommended, it also disables all other browser policy protections
-        export TRUSTED_URL=''
+      # and allows all iframing etc. See wekan/server/policy.js
-        # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
+      # Default value: true
-        # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
+      export BROWSER_POLICY_ENABLED=true
-        export WEBHOOKS_ATTRIBUTES=''
+      # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
-        #---------------------------------------------
+      # Example: export TRUSTED_URL=http://example.com
-        # ==== OAUTH2 AZURE ====
+      export TRUSTED_URL=''
-        # https://github.com/wekan/wekan/wiki/Azure
+      # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
-        # 1) Register the application with Azure. Make sure you capture
+      # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
-        #    the application ID as well as generate a secret key.
+      export WEBHOOKS_ATTRIBUTES=''
-        # 2) Configure the environment variables. This differs slightly
+      #---------------------------------------------
-        #     by installation type, but make sure you have the following:
+      # ==== OAUTH2 AZURE ====
-        #export OAUTH2_ENABLED=true
+      # https://github.com/wekan/wekan/wiki/Azure
-        # OAuth2 login style: popup or redirect.
+      # 1) Register the application with Azure. Make sure you capture
-        #export OAUTH2_LOGIN_STYLE=redirect
+      #    the application ID as well as generate a secret key.
-        # Application GUID captured during app registration:
+      # 2) Configure the environment variables. This differs slightly
-        #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
+      #     by installation type, but make sure you have the following:
-        # Secret key generated during app registration:
+      #export OAUTH2_ENABLED=true
-        #export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+      # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
-        #export OAUTH2_SERVER_URL=https://login.microsoftonline.com/
+      #export OAUTH2_ADFS_ENABLED=false
-        #export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
+      # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
-        #export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
+      # OAuth2 login style: popup or redirect.
-        #export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
+      #export OAUTH2_LOGIN_STYLE=redirect
-        # OAUTH2 ID Token Whitelist Fields.
+      # Application GUID captured during app registration:
-        #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
+      #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
-        # OAUTH2 Request Permissions.
+      # Secret key generated during app registration:
-        #export OAUTH2_REQUEST_PERMISSIONS='openid profile email'
+      #export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-        # The claim name you want to map to the unique ID field:
+      #export OAUTH2_SERVER_URL=https://login.microsoftonline.com/
-        #export OAUTH2_ID_MAP=email
+      #export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
-        # The claim name you want to map to the username field:
+      #export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
-        #export OAUTH2_USERNAME_MAP=email
+      #export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
-        # The claim name you want to map to the full name field:
+      # The claim name you want to map to the unique ID field:
-        #export OAUTH2_FULLNAME_MAP=name
+      #export OAUTH2_ID_MAP=email
-        # Tthe claim name you want to map to the email field:
+      # The claim name you want to map to the username field:
-        #export OAUTH2_EMAIL_MAP=email
+      #export OAUTH2_USERNAME_MAP=email
-        #-----------------------------------------------------------------
+      # The claim name you want to map to the full name field:
-        # ==== OAUTH2 KEYCLOAK ====
+      #export OAUTH2_FULLNAME_MAP=name
-        # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
+      # The claim name you want to map to the email field:
-        #export OAUTH2_ENABLED=true
+      #export OAUTH2_EMAIL_MAP=email
-        # OAuth2 login style: popup or redirect.
+      #-----------------------------------------------------------------
-        #export OAUTH2_LOGIN_STYLE=redirect
+      # ==== OAUTH2 KEYCLOAK ====
-        #export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
+      # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
-        #export OAUTH2_SERVER_URL=<Keycloak server name>/auth
+      #export OAUTH2_ENABLED=true
-        #export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
+      # OAuth2 login style: popup or redirect.
-        #export OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
+      #export OAUTH2_LOGIN_STYLE=redirect
-        #export OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
+      #export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
-        #export OAUTH2_SECRET=<keycloak client secret>
+      #export OAUTH2_SERVER_URL=<Keycloak server name>/auth
-        #-----------------------------------------------------------------
+      #export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
-        # ==== OAUTH2 DOORKEEPER ====
+      #export OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
-        # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+      #export OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
-        # https://github.com/wekan/wekan/issues/1874
+      #export OAUTH2_SECRET=<keycloak client secret>
-        # https://github.com/wekan/wekan/wiki/OAuth2
+      #-----------------------------------------------------------------
-        # Enable the OAuth2 connection
+      # ==== OAUTH2 DOORKEEPER ====
-        #export OAUTH2_ENABLED=true
+      # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
-        # OAuth2 login style: popup or redirect.
+      # https://github.com/wekan/wekan/issues/1874
-        #export OAUTH2_LOGIN_STYLE=redirect
+      # https://github.com/wekan/wekan/wiki/OAuth2
-        # OAuth2 Client ID.
+      # Enable the OAuth2 connection
-        #export OAUTH2_CLIENT_ID=abcde12345
+      #export OAUTH2_ENABLED=true
-        # OAuth2 Secret.
+      # OAuth2 login style: popup or redirect.
-        #export OAUTH2_SECRET=54321abcde
+      #export OAUTH2_LOGIN_STYLE=redirect
-        # OAuth2 Server URL.
+      # OAuth2 Client ID.
-        #export OAUTH2_SERVER_URL=https://chat.example.com
+      #export OAUTH2_CLIENT_ID=abcde12345
-        # OAuth2 Authorization Endpoint.
+      # OAuth2 Secret.
-        #export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
+      #export OAUTH2_SECRET=54321abcde
-        # OAuth2 Userinfo Endpoint.
+      # OAuth2 Server URL.
-        #export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
+      #export OAUTH2_SERVER_URL=https://chat.example.com
-        # OAuth2 Token Endpoint.
+      # OAuth2 Authorization Endpoint.
-        #export OAUTH2_TOKEN_ENDPOINT=/oauth/token
+      #export OAUTH2_AUTH_ENDPOINT=/oauth/authorize
-        # OAuth2 ID Mapping
+      # OAuth2 Userinfo Endpoint.
-        #export OAUTH2_ID_MAP=
+      #export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
-        # OAuth2 Username Mapping
+      # OAuth2 Token Endpoint.
-        #export OAUTH2_USERNAME_MAP=
+      #export OAUTH2_TOKEN_ENDPOINT=/oauth/token
-        # OAuth2 Fullname Mapping
+      # OAUTH2 ID Token Whitelist Fields.
-        #export OAUTH2_FULLNAME_MAP=
+      #export OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
-        # OAuth2 Email Mapping
+      # OAUTH2 Request Permissions.
-        #export OAUTH2_EMAIL_MAP=
+      #export OAUTH2_REQUEST_PERMISSIONS='openid profile email'
-        #---------------------------------------------
+      # OAuth2 ID Mapping
-        # LDAP_ENABLE : Enable or not the connection by the LDAP
+      #export OAUTH2_ID_MAP=
-        # example :  export LDAP_ENABLE=true
+      # OAuth2 Username Mapping
-        #export LDAP_ENABLE=false
+      #export OAUTH2_USERNAME_MAP=
-        # LDAP_PORT : The port of the LDAP server
+      # OAuth2 Fullname Mapping
-        # example :  export LDAP_PORT=389
+      #export OAUTH2_FULLNAME_MAP=
-        #export LDAP_PORT=389
+      # OAuth2 Email Mapping
-        # LDAP_HOST : The host server for the LDAP server
+      #export OAUTH2_EMAIL_MAP=
-        # example :  export LDAP_HOST=localhost
+      #---------------------------------------------
-        #export LDAP_HOST=
+      # LDAP_ENABLE : Enable or not the connection by the LDAP
-        # LDAP_BASEDN : The base DN for the LDAP Tree
+      # example :  export LDAP_ENABLE=true
-        # example :  export LDAP_BASEDN=ou=user,dc=example,dc=org
+      #export LDAP_ENABLE=false
-        #export LDAP_BASEDN=
+      # LDAP_PORT : The port of the LDAP server
-        # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
+      # example :  export LDAP_PORT=389
-        # example :  export LDAP_LOGIN_FALLBACK=true
+      #export LDAP_PORT=389
-        #export LDAP_LOGIN_FALLBACK=false
+      # LDAP_HOST : The host server for the LDAP server
-        # LDAP_RECONNECT : Reconnect to the server if the connection is lost
+      # example :  export LDAP_HOST=localhost
-        # example :  export LDAP_RECONNECT=false
+      #export LDAP_HOST=
-        #export LDAP_RECONNECT=true
+      # LDAP_BASEDN : The base DN for the LDAP Tree
-        # LDAP_TIMEOUT : Overall timeout, in milliseconds
+      # example :  export LDAP_BASEDN=ou=user,dc=example,dc=org
-        # example :  export LDAP_TIMEOUT=12345
+      #export LDAP_BASEDN=
-        #export LDAP_TIMEOUT=10000
+      # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
-        # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
+      # example :  export LDAP_LOGIN_FALLBACK=true
-        # example :  export LDAP_IDLE_TIMEOUT=12345
+      #export LDAP_LOGIN_FALLBACK=false
-        #export LDAP_IDLE_TIMEOUT=10000
+      # LDAP_RECONNECT : Reconnect to the server if the connection is lost
-        # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
+      # example :  export LDAP_RECONNECT=false
-        # example :  export LDAP_CONNECT_TIMEOUT=12345
+      #export LDAP_RECONNECT=true
-        #export LDAP_CONNECT_TIMEOUT=10000
+      # LDAP_TIMEOUT : Overall timeout, in milliseconds
-        # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
+      # example :  export LDAP_TIMEOUT=12345
-        # example :  export LDAP_AUTHENTIFICATION=true
+      #export LDAP_TIMEOUT=10000
-        #export LDAP_AUTHENTIFICATION=false
+      # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
-        # LDAP_AUTHENTIFICATION_USERDN : The search user DN
+      # example :  export LDAP_IDLE_TIMEOUT=12345
-        # example :  export LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
+      #export LDAP_IDLE_TIMEOUT=10000
-        #export LDAP_AUTHENTIFICATION_USERDN=
+      # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
-        # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user
+      # example :  export LDAP_CONNECT_TIMEOUT=12345
-        # example : AUTHENTIFICATION_PASSWORD=admin
+      #export LDAP_CONNECT_TIMEOUT=10000
-        #export LDAP_AUTHENTIFICATION_PASSWORD=
+      # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
-        # LDAP_LOG_ENABLED : Enable logs for the module
+      # example :  export LDAP_AUTHENTIFICATION=true
-        # example :  export LDAP_LOG_ENABLED=true
+      #export LDAP_AUTHENTIFICATION=false
-        #export LDAP_LOG_ENABLED=false
+      # LDAP_AUTHENTIFICATION_USERDN : The search user DN
-        # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
+      # example :  export LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
-        # example :  export LDAP_BACKGROUND_SYNC=true
+      #----------------------------------------------------------------------------
-        #export LDAP_BACKGROUND_SYNC=false
+      # The search user DN - You need quotes when you have spaces in parameters
-        # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
+      # 2 examples:
-        # At which interval does the background task sync in milliseconds.
+      #export LDAP_AUTHENTIFICATION_USERDN="CN=ldap admin,CN=users,DC=domainmatter,DC=lan"
-        # Leave this unset, so it uses default, and does not crash.
+      #export LDAP_AUTHENTIFICATION_USERDN="CN=wekan_adm,OU=serviceaccounts,OU=admin,OU=prod,DC=mydomain,DC=com"
-        # https://github.com/wekan/wekan/issues/2354#issuecomment-515305722
+      #---------------------------------------------------------------------------
-        export LDAP_BACKGROUND_SYNC_INTERVAL=''
+      # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user
-        # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
+      # example : AUTHENTIFICATION_PASSWORD=admin
-        # example :  export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
+      #export LDAP_AUTHENTIFICATION_PASSWORD=
-        #export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
+      # LDAP_LOG_ENABLED : Enable logs for the module
-        # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
+      # example :  export LDAP_LOG_ENABLED=true
-        # example :  export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
+      #export LDAP_LOG_ENABLED=false
-        #export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
+      # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
-        # LDAP_ENCRYPTION : If using LDAPS
+      # example :  export LDAP_BACKGROUND_SYNC=true
-        # example :  export LDAP_ENCRYPTION=ssl
+      #export LDAP_BACKGROUND_SYNC=false
-        #export LDAP_ENCRYPTION=false
+      # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
-        # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
+      # At which interval does the background task sync in milliseconds.
-        # example :  export LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----
+      # Leave this unset, so it uses default, and does not crash.
-        #export LDAP_CA_CERT=
+      # https://github.com/wekan/wekan/issues/2354#issuecomment-515305722
-        # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
+      export LDAP_BACKGROUND_SYNC_INTERVAL=''
-        # example :  export LDAP_REJECT_UNAUTHORIZED=true
+      # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
-        #export LDAP_REJECT_UNAUTHORIZED=false
+      # example :  export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
-        # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
+      #export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
-        #export LDAP_USER_AUTHENTICATION=true
+      # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
-        # Which field is used to find the user for the user authentication. Default: uid.
+      # example :  export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
-        #export LDAP_USER_AUTHENTICATION_FIELD=uid
+      #export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
-        # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
+      # LDAP_ENCRYPTION : If using LDAPS
-        # example :  export LDAP_USER_SEARCH_FILTER=
+      # example :  export LDAP_ENCRYPTION=ssl
-        #export LDAP_USER_SEARCH_FILTER=
+      #export LDAP_ENCRYPTION=false
-        # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
+      # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
-        # example :  export LDAP_USER_SEARCH_SCOPE=one
+      # example :  export LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----
-        #export LDAP_USER_SEARCH_SCOPE=
+      #export LDAP_CA_CERT=
-        # LDAP_USER_SEARCH_FIELD : Which field is used to find the user
+      # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
-        # example :  export LDAP_USER_SEARCH_FIELD=uid
+      # example :  export LDAP_REJECT_UNAUTHORIZED=true
-        #export LDAP_USER_SEARCH_FIELD=
+      #export LDAP_REJECT_UNAUTHORIZED=false
-        # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
+      # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
-        # example :  export LDAP_SEARCH_PAGE_SIZE=12345
+      #export LDAP_USER_AUTHENTICATION=true
-        #export LDAP_SEARCH_PAGE_SIZE=0
+      # Which field is used to find the user for the user authentication. Default: uid.
-        # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
+      #export LDAP_USER_AUTHENTICATION_FIELD=uid
-        # example :  export LDAP_SEARCH_SIZE_LIMIT=12345
+      # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
-        #export LDAP_SEARCH_SIZE_LIMIT=0
+      # example :  export LDAP_USER_SEARCH_FILTER=
-        # LDAP_GROUP_FILTER_ENABLE : Enable group filtering
+      #export LDAP_USER_SEARCH_FILTER=
-        # example :  export LDAP_GROUP_FILTER_ENABLE=true
+      # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
-        #export LDAP_GROUP_FILTER_ENABLE=false
+      # example :  export LDAP_USER_SEARCH_SCOPE=one
-        # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
+      #export LDAP_USER_SEARCH_SCOPE=
-        # example :  export LDAP_GROUP_FILTER_OBJECTCLASS=group
+      # LDAP_USER_SEARCH_FIELD : Which field is used to find the user
-        #export LDAP_GROUP_FILTER_OBJECTCLASS=
+      # example :  export LDAP_USER_SEARCH_FIELD=uid
-        # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
+      #export LDAP_USER_SEARCH_FIELD=
-        # example :
+      # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
-        #export LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
+      # example :  export LDAP_SEARCH_PAGE_SIZE=12345
-        # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
+      #export LDAP_SEARCH_PAGE_SIZE=0
-        # example :
+      # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
-        #export LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
+      # example :  export LDAP_SEARCH_SIZE_LIMIT=12345
-        # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
+      #export LDAP_SEARCH_SIZE_LIMIT=0
-        # example :
+      # LDAP_GROUP_FILTER_ENABLE : Enable group filtering
-        #export LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
+      # example :  export LDAP_GROUP_FILTER_ENABLE=true
-        # LDAP_GROUP_FILTER_GROUP_NAME :
+      #export LDAP_GROUP_FILTER_ENABLE=false
-        # example :
+      # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
-        #export LDAP_GROUP_FILTER_GROUP_NAME=
+      # example :  export LDAP_GROUP_FILTER_OBJECTCLASS=group
-        # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
+      #export LDAP_GROUP_FILTER_OBJECTCLASS=
-        # example :  export LDAP_UNIQUE_IDENTIFIER_FIELD=guid
+      # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
-        #export LDAP_UNIQUE_IDENTIFIER_FIELD=
+      # example :
-        # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
+      #export LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
-        # example :  export LDAP_UTF8_NAMES_SLUGIFY=false
+      # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
-        #export LDAP_UTF8_NAMES_SLUGIFY=true
+      # example :
-        # LDAP_USERNAME_FIELD : Which field contains the ldap username
+      #export LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
-        # example :  export LDAP_USERNAME_FIELD=username
+      # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
-        #export LDAP_USERNAME_FIELD=
+      # example :
-        # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname
+      #export LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
-        # example :  export LDAP_FULLNAME_FIELD=fullname
+      # LDAP_GROUP_FILTER_GROUP_NAME :
-        #export LDAP_FULLNAME_FIELD=
+      # example :
-        # LDAP_MERGE_EXISTING_USERS :
+      #export LDAP_GROUP_FILTER_GROUP_NAME=
-        # example :  export LDAP_MERGE_EXISTING_USERS=true
+      # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
-        #export LDAP_MERGE_EXISTING_USERS=false
+      # example :  export LDAP_UNIQUE_IDENTIFIER_FIELD=guid
-        # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match
+      #export LDAP_UNIQUE_IDENTIFIER_FIELD=
-        # example: LDAP_EMAIL_MATCH_ENABLE=true
+      # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
-        #export LDAP_EMAIL_MATCH_ENABLE=false
+      # example :  export LDAP_UTF8_NAMES_SLUGIFY=false
-        # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
+      #export LDAP_UTF8_NAMES_SLUGIFY=true
-        # example: LDAP_EMAIL_MATCH_REQUIRE=true
+      # LDAP_USERNAME_FIELD : Which field contains the ldap username
-        #export LDAP_EMAIL_MATCH_REQUIRE=false
+      # example :  export LDAP_USERNAME_FIELD=username
-        # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
+      #export LDAP_USERNAME_FIELD=
-        # example: LDAP_EMAIL_MATCH_VERIFIED=true
+      # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname
-        #export LDAP_EMAIL_MATCH_VERIFIED=false
+      # example :  export LDAP_FULLNAME_FIELD=fullname
-        # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
+      #export LDAP_FULLNAME_FIELD=
-        # example: LDAP_EMAIL_FIELD=mail
+      # LDAP_MERGE_EXISTING_USERS :
-        #export LDAP_EMAIL_FIELD=
+      # example :  export LDAP_MERGE_EXISTING_USERS=true
-        # LDAP_SYNC_USER_DATA :
+      #export LDAP_MERGE_EXISTING_USERS=false
-        # example :  export LDAP_SYNC_USER_DATA=true
+      # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match
-        #export LDAP_SYNC_USER_DATA=false
+      # example: LDAP_EMAIL_MATCH_ENABLE=true
-        # LDAP_SYNC_USER_DATA_FIELDMAP :
+      #export LDAP_EMAIL_MATCH_ENABLE=false
-        # example :  export LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
+      # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
-        #export LDAP_SYNC_USER_DATA_FIELDMAP=
+      # example: LDAP_EMAIL_MATCH_REQUIRE=true
-        # LDAP_SYNC_GROUP_ROLES :
+      #export LDAP_EMAIL_MATCH_REQUIRE=false
-        # example :
+      # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
-        #export LDAP_SYNC_GROUP_ROLES=
+      # example: LDAP_EMAIL_MATCH_VERIFIED=true
-        # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
+      #export LDAP_EMAIL_MATCH_VERIFIED=false
-        # example :
+      # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
-        #export LDAP_DEFAULT_DOMAIN=
+      # example: LDAP_EMAIL_FIELD=mail
-        # Enable/Disable syncing of admin status based on ldap groups:
+      #export LDAP_EMAIL_FIELD=
-        #export LDAP_SYNC_ADMIN_STATUS=true
+      # LDAP_SYNC_USER_DATA :
-        # Comma separated list of admin group names.
+      # example :  export LDAP_SYNC_USER_DATA=true
-        #export LDAP_SYNC_ADMIN_GROUPS=group1,group2
+      #export LDAP_SYNC_USER_DATA=false
-        #---------------------------------------------------------------------
+      # LDAP_SYNC_USER_DATA_FIELDMAP :
-        # Login to LDAP automatically with HTTP header.
+      # example :  export LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
-        # In below example for siteminder, at right side of = is header name.
+      #export LDAP_SYNC_USER_DATA_FIELDMAP=
-        #export HEADER_LOGIN_ID=HEADERUID
+      # LDAP_SYNC_GROUP_ROLES :
-        #export HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME
+      # example :
-        #export HEADER_LOGIN_LASTNAME=HEADERLASTNAME
+      #export LDAP_SYNC_GROUP_ROLES=
-        #export HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS
+      # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
-        #---------------------------------------------------------------------
+      # example :
-        # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
+      #export LDAP_DEFAULT_DOMAIN=
-        # example : LOGOUT_WITH_TIMER=true
+      # Enable/Disable syncing of admin status based on ldap groups:
-        #export LOGOUT_WITH_TIMER=
+      #export LDAP_SYNC_ADMIN_STATUS=true
-        # LOGOUT_IN : The number of days
+      # Comma separated list of admin group names to sync.
-        # example : LOGOUT_IN=1
+      #export LDAP_SYNC_ADMIN_GROUPS=group1,group2
-        #export LOGOUT_IN=
+      #---------------------------------------------------------------------
-        #export LOGOUT_ON_HOURS=
+      # Login to LDAP automatically with HTTP header.
-        # LOGOUT_ON_MINUTES : The number of minutes
+      # In below example for siteminder, at right side of = is header name.
-        # example : LOGOUT_ON_MINUTES=55
+      #export HEADER_LOGIN_ID=HEADERUID
-        #export LOGOUT_ON_MINUTES=
+      #export HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME
+      #export HEADER_LOGIN_LASTNAME=HEADERLASTNAME
+      #export HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS
+      #---------------------------------------------------------------------
+      # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
+      # example : LOGOUT_WITH_TIMER=true
+      #export LOGOUT_WITH_TIMER=
+      # LOGOUT_IN : The number of days
+      # example : LOGOUT_IN=1
+      #export LOGOUT_IN=
+      #export LOGOUT_ON_HOURS=
+      # LOGOUT_ON_MINUTES : The number of minutes
+      # example : LOGOUT_ON_MINUTES=55
+      #export LOGOUT_ON_MINUTES=
+      #---------------------------------------------------------------------
+      # PASSWORD_LOGIN_ENABLED : Enable or not the password login form.
+      #export PASSWORD_LOGIN_ENABLED=true
 
-        node main.js & >> ~/repos/wekan.log
+      node main.js & >> ~/repos/wekan.log
-        cd ~/repos
+      cd ~/repos
 #done

sandstorm-pkgdef.capnp

@@ -239,9 +239,6 @@ const myCommand :Spk.Manifest.Command = (
     (key = "PATH", value = "/usr/local/bin:/usr/bin:/bin"),
     (key = "WITH_API", value = "true"),
     (key = "RICHER_CARD_COMMENT_EDITOR", value="false"),
-    (key = "SCROLLINERTIA", value="0"),
-    (key = "SCROLLAMOUNT", value="auto"),
-    (key = "SCROLLDELTAFACTOR", value="auto"),
     (key = "CARD_OPENED_WEBHOOK_ENABLED", value="false"),
     (key = "NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE", value=""),
     (key = "BIGEVENTS_PATTERN", value="NONE"),
@@ -252,7 +249,8 @@ const myCommand :Spk.Manifest.Command = (
     (key = "BROWSER_POLICY_ENABLED", value="true"),
     (key = "TRUSTED_URL", value=""),
     (key = "WEBHOOKS_ATTRIBUTES", value=""),
-    (key = "OAUTH2_ENABLED", value=""),
+    (key = "OAUTH2_ENABLED", value="false"),
+    (key = "OAUTH2_ADFS_ENABLED", value="false"),
     (key = "OAUTH2_CLIENT_ID", value="false"),
     (key = "OAUTH2_SECRET", value=""),
     (key = "OAUTH2_SERVER_URL", value=""),

server/scroll.js

@@ -1,22 +0,0 @@
-Meteor.startup(() => {
-  // Mouse Scroll Intertia, issue #2949. Integer.
-  if (process.env.SCROLLINERTIA !== '0') {
-    Meteor.settings.public.SCROLLINERTIA = process.env.SCROLLINERTIA;
-  } else {
-    Meteor.settings.public.SCROLLINERTIA = 0;
-  }
-
-  // Mouse Scroll Amount, issue #2949. "auto" or Integer.
-  if (process.env.SCROLLAMOUNT !== 'auto') {
-    Meteor.settings.public.SCROLLAMOUNT = process.env.SCROLLAMOUNT;
-  } else {
-    Meteor.settings.public.SCROLLAMOUNT = 'auto';
-  }
-
-  // Mouse Scroll DeltaFactor, issue #2949. "auto" or Integer.
-  if (process.env.SCROLLDELTAFACTOR !== 'auto') {
-    Meteor.settings.public.SCROLLDELTAFACTOR = process.env.SCROLLDELTAFACTOR;
-  } else {
-    Meteor.settings.public.SCROLLDELTAFACTOR = 'auto';
-  }
-});

snap-src/bin/config

@@ -3,7 +3,7 @@
 # All supported keys are defined here together with descriptions and default values
 
 # list of supported keys
-keys="DEBUG MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW  MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH SCROLLINERTIA SCROLLAMOUNT SCROLLDELTAFACTOR PASSWORD_LOGIN_ENABLED"
+keys="DEBUG MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW  MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD ATTACHMENTS_STORE_PATH PASSWORD_LOGIN_ENABLED"
 
 # default values
 DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
@@ -168,10 +168,14 @@ DESCRIPTION_WEBHOOKS_ATTRIBUTES="What to send to Outgoing Webhook, or leave out.
 DEFAULT_WEBHOOKS_ATTRIBUTES=""
 KEY_WEBHOOKS_ATTRIBUTES="webhooks-attributes"
 
-DESCRIPTION_OAUTH2_ENABLED="Enable the OAuth2 connection"
+DESCRIPTION_OAUTH2_ENABLED="Enable the OAuth2 connection. Default: false"
 DEFAULT_OAUTH2_ENABLED="false"
 KEY_OAUTH2_ENABLED="oauth2-enabled"
 
+DESCRIPTION_OAUTH2_ADFS_ENABLED="Enable OAuth2 ADFS. Default: false"
+DEFAULT_OAUTH2_ADFS_ENABLED="false"
+KEY_OAUTH2_ADFS_ENABLED="oauth2-adfs-enabled"
+
 DESCRIPTION_OAUTH2_LOGIN_STYLE="OAuth2 login style: popup or redirect. Default: redirect"
 DEFAULT_OAUTH2_LOGIN_STYLE="redirect"
 KEY_OAUTH2_LOGIN_STYLE="oauth2-login-style"
@@ -456,18 +460,6 @@ DESCRIPTION_DEFAULT_AUTHENTICATION_METHOD="The default authentication method use
 DEFAULT_DEFAULT_AUTHENTICATION_METHOD=""
 KEY_DEFAULT_AUTHENTICATION_METHOD="default-authentication-method"
 
-DESCRIPTION_SCROLLINERTIA="Mousewheel scroll inertia, issue #2949. Default: 0"
-DEFAULT_SCROLLINERTIA="0"
-KEY_SCROLLINERTIA="scrollinertia"
-
-DESCRIPTION_SCROLLAMOUNT="Mousewheel scroll amount, issue #2949. Default: 'auto'"
-DEFAULT_SCROLLAMOUNT="auto"
-KEY_SCROLLAMOUNT="scrollamount"
-
-DESCRIPTION_SCROLLDELTAFACTOR="Mousewheel scroll deltafactor, issue #2949. Default: 'auto'"
-DEFAULT_SCROLLDELTAFACTOR="auto"
-KEY_SCROLLDELTAFACTOR="scrolldeltafactor"
-
 DESCRIPTION_PASSWORD_LOGIN_ENABLED="To hide the password login form"
 DEFAULT_PASSWORD_LOGIN_ENABLED="true"
 KEY_PASSWORD_LOGIN_ENABLED="password-login-enabled"

snap-src/bin/wekan-help

@@ -13,12 +13,12 @@ echo -e "Debug OIDC OAuth2 etc."
 echo -e "To enable the Debug of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME debug='true'"
 echo -e "\t-Disable the Debug of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME debug='false'"
+echo -e "\t$ snap unset $SNAP_NAME debug"
 echo -e "\n"
 echo -e "To enable the MONGO_URL of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME mongo-url='...'"
 echo -e "\t-Disable the MONGO_URL of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME mongo-url=''"
+echo -e "\t$ snap unset $SNAP_NAME mongo-url"
 echo -e "\n"
 echo -e "Make sure you have connected all interfaces, check more by calling $ snap interfaces ${SNAP_NAME}"
 echo -e "\n"
@@ -43,78 +43,74 @@ echo -e "\n"
 echo -e "To enable the API of wekan:"
 echo -e "\t$ snap set $SNAP_NAME with-api='true'"
 echo -e "\t-Disable the API:"
-echo -e "\t$ snap set $SNAP_NAME with-api='false'"
+echo -e "\t$ snap unset $SNAP_NAME with-api"
 echo -e "\n"
 echo -e "Accounts lockout known users failures before, greater than 0. Default: 3"
 echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-failures-before='3'"
+echo -e "\t-Restore default:"
+echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-known-users-failures-before"
 echo -e "\n"
 echo -e "Accounts lockout know users period, in seconds. Default: 60"
 echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-period='60'"
+echo -e "\t-Restore default:"
+echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-known-users-period"
 echo -e "\n"
 echo -e "Accounts lockout unknown failure window, in seconds. Default: 15"
 echo -e "\t$ snap set $SNAP_NAME accounts-lockout-known-users-failure-window='15'"
+echo -e "\t-Restore default:"
+echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-known-users-failure-window"
 echo -e "\n"
 echo -e "Accounts lockout unknown users failures before, greater than 0. Default: 3"
 echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-failures-before='3'"
+echo -e "\t-Restore default:"
+echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-unknown-users-failures-before"
 echo -e "\n"
 echo -e "Accounts lockout unknown users lockout period, in seconds. Default: 60"
 echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-lockout-period='60'"
+echo -e "\t-Restore default:"
+echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-unknown-users-lockout-period"
 echo -e "\n"
 echo -e "Accounts lockout unknown users failure window, in seconds. Default: 15"
 echo -e "\t$ snap set $SNAP_NAME accounts-lockout-unknown-users-failure-window='15'"
+echo -e "\t-Restore default:"
+echo -e "\t$ snap unset $SNAP_NAME accounts-lockout-unknown-users-failure-window"
 echo -e "\n"
 echo -e "Rich text editor in card comments. Default: false https://github.com/wekan/wekan/pull/2560"
-echo -e "Default:"
+echo -e "Enable:"
 echo -e "\t$ snap set $SNAP_NAME richer-card-comment-editor='true'"
-echo -e "Disabled:"
+echo -e "Disable:"
-echo -e "\t$ snap set $SNAP_NAME richer-card-comment-editor='false'"
+echo -e "\t$ snap unset $SNAP_NAME richer-card-comment-editor"
-echo -e "\n"
-echo -e "Mousewheel scroll inertia. Default: 0. https://github.com/wekan/wekan/issues/2949"
-echo -e "Enable:"
-echo -e "\t$ snap set $SNAP_NAME scrollinertia='950'"
-echo -e "Disable, default:"
-echo -e "\t$ snap set $SNAP_NAME scrollinertia='0'"
-echo -e "\n"
-echo -e "Mousewheel scroll amount. Default: 'auto'. Allowed: 'auto' or Integer number. https://github.com/wekan/wekan/issues/2949"
-echo -e "Enable:"
-echo -e "\t$ snap set $SNAP_NAME scrollamount='950'"
-echo -e "Disable, default:"
-echo -e "\t$ snap set $SNAP_NAME scrollamount='auto'"
-echo -e "\n"
-echo -e "Mousewheel scroll deltafactor. Default: 'auto'. Allowed: 'auto' or Integer number. https://github.com/wekan/wekan/issues/2949"
-echo -e "Enable:"
-echo -e "\t$ snap set $SNAP_NAME scrolldeltafactor='950'"
-echo -e "Disable, default:"
-echo -e "\t$ snap set $SNAP_NAME scrolldeltafactor='auto'"
 echo -e "\n"
 echo -e "Card opened, send webhook message. Default: false https://github.com/wekan/wekan/issues/2518"
 echo -e "Enable:"
 echo -e "\t$ snap set $SNAP_NAME card-opened-webhook-enabled='true'"
 echo -e "Disable, default:"
-echo -e "\t$ snap set $SNAP_NAME card-opened-webhook-enabled='false'"
+echo -e "\t$ snap unset $SNAP_NAME card-opened-webhook-enabled"
 echo -e "\n"
 echo -e "Max image pixel: Allow to shrink attached/pasted image https://github.com/wekan/wekan/pull/2544"
 echo -e "Example:"
 echo -e "\t$ snap set $SNAP_NAME max-image-pixel='1024'"
-echo -e "Disabled:"
+echo -e "Disable:"
-echo -e "\t$ snap set $SNAP_NAME max-image-pixel=''"
+echo -e "\t$ snap unset $SNAP_NAME max-image-pixel"
 echo -e "\n"
 echo -e "Image compress ratio: Allow to shrink attached/pasted image https://github.com/wekan/wekan/pull/2544"
 echo -e "Example:"
 echo -e "\t$ snap set $SNAP_NAME image-compress-ratio='80'"
-echo -e "Disabled:"
+echo -e "Disable:"
-echo -e "\t$ snap set $SNAP_NAME image-compress-ratio=''"
+echo -e "\t$ snap unset $SNAP_NAME image-compress-ratio"
 echo -e "\n"
 echo -e "Allow to set attachment upload into specified server location. Create that directory first. https://github.com/wekan/wekan/pull/2603"
 echo -e "Example:"
 echo -e "\t$ snap set $SNAP_NAME attachments-store-path='/var/snap/wekan/common/attachments'"
-echo -e "Disabled:"
+echo -e "Disable:"
-echo -e "\t$ snap set $SNAP_NAME attachments-store-path=''"
+echo -e "\t$ snap unset $SNAP_NAME attachments-store-path"
 echo -e "\n"
 echo -e "NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE https://github.com/wekan/wekan/pull/2998"
 echo -e "Number of days after a notification is read before we remove it. Default: 2."
-echo -e "Default:"
+echo -e "Example:"
-echo -e "\t$ snap set $SNAP_NAME notification-tray-after-read-days-before-remove='2'"
+echo -e "\t$ snap set $SNAP_NAME notification-tray-after-read-days-before-remove='4'"
+echo -e "Restore default:"
+echo -e "\t$ snap unset $SNAP_NAME notification-tray-after-read-days-before-remove"
 echo -e "\n"
 echo -e "BIGEVENTS DUE ETC NOTIFICATIONS https://github.com/wekan/wekan/pull/2541"
 echo -e "Big events pattern: Notify always due etc regardless of notification settings. Default: due, All: received|start|due|end, Disabled: NONE"
@@ -131,34 +127,34 @@ echo -e "Notify due days, number less than 15 or negative number accepted, you c
 echo -e "To enable different Notify for Due Days on 2 days before, and on the event day "
 echo -e "\t$ snap set $SNAP_NAME notify-due-days-before-and-after='2,0'"
 echo -e "\t-Disable Notifying for Due Days:"
-echo -e "\t$ snap set $SNAP_NAME notify-due-days-before-and-after=''"
+echo -e "\t$ snap unset $SNAP_NAME notify-due-days-before-and-after"
 echo -e "\n"
 echo -e "Notify due at hour of day. Default every morning at 8am. Can be 0-23."
 echo -e "If env variable has parsing error, use default. Notification sent to watchers."
 echo -e "To enable different Notify Due At Hour Of Day than default 8:"
 echo -e "\t$ snap set $SNAP_NAME notify-due-at-hour-of-day='10'"
 echo -e "\t-To set back default 8 of Notify Due at Hour of Day:"
-echo -e "\t$ snap set $SNAP_NAME notify-due-at-hour-of-day=''"
+echo -e "\t$ snap unset $SNAP_NAME notify-due-at-hour-of-day"
 echo -e "\n"
 echo -e "To enable the Email Notification Timeout of wekan in ms, default 30000 (=30s):"
 echo -e "\t$ snap set $SNAP_NAME email-notification-timeout='10000'"
-echo -e "\t-Disable the Email Notification Timeout of Wekan:"
+echo -e "\t-Restore default:"
-echo -e "\t$ snap set $SNAP_NAME email-notification-timeout='30000'"
+echo -e "\t$ snap unset $SNAP_NAME email-notification-timeout"
 echo -e "\n"
 echo -e "To enable the CORS of wekan, to set Access-Control-Allow-Origin header:"
 echo -e "\t$ snap set $SNAP_NAME cors='*'"
 echo -e "\t-Disable the CORS:"
-echo -e "\t$ snap set $SNAP_NAME cors=''"
+echo -e "\t$ snap unset $SNAP_NAME cors"
 echo -e "\n"
 echo -e "To enable the Set Access-Control-Allow-Headers header. \"Authorization,Content-Type\" is required for cross-origin use of the API."
 echo -e "\t$ snap set $SNAP_NAME cors-allow-headers='Authorization,Content-Type'"
 echo -e "\t-Disable the Set Access-Control-Allow-Headers header. \"Authorization,Content-Type\" is required for cross-origin use of the API."
-echo -e "\t$ snap set $SNAP_NAME cors-allow-headers=''"
+echo -e "\t$ snap unset $SNAP_NAME cors-allow-headers"
 echo -e "\n"
 echo -e "To enable the Set Access-Control-Expose-Headers header.  This is not needed for typical CORS situations. Example: *"
 echo -e "\t$ snap set $SNAP_NAME cors-expose-headers='*'"
 echo -e "\t-Disable the Set Access-Control-Expose-Headers header.  This is not needed for typical CORS situations. Example: ''"
-echo -e "\t$ snap set $SNAP_NAME cors-expose-headers=''"
+echo -e "\t$ snap unset $SNAP_NAME cors-expose-headers"
 echo -e "\n"
 echo -e "Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside."
 echo -e "\t\t Setting this to false is not recommended, it also disables all other browser policy protections"
@@ -172,19 +168,31 @@ echo -e "When browser policy is enabled, HTML code at this URL can have iframe t
 echo -e "To enable the Trusted URL of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME trusted-url='https://example.com'"
 echo -e "\t-Disable the Trusted URL of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME trusted-url=''"
+echo -e "\t$ snap unset $SNAP_NAME trusted-url"
 echo -e "\n"
 echo -e "What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId ."
 echo -e "To enable the Webhooks Attributes of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME webhooks-attributes='cardId,listId,oldListId,boardId,comment,user,card,commentId'"
 echo -e "\t-Disable the Webhooks Attributes of Wekan to send all default ones:"
-echo -e "\t$ snap set $SNAP_NAME webhooks-attributes=''"
+echo -e "\t$ snap unset $SNAP_NAME webhooks-attributes"
+echo -e "\n"
+echo -e "OAuth2 Enabled."
+echo -e "To enable the OAuth2 of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-enabled='true'"
+echo -e "\t-Disable the OAuth2 of Wekan:"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-enabled"
+echo -e "\n"
+echo -e "OAuth2 ADFS Enabled. Also requires oauth2-enabled='true'"
+echo -e "To enable the OAuth2 ADFS of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-adfs-enabled='true'"
+echo -e "\t-Disable the OAuth2 ADFS of Wekan:"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-adfs-enabled"
 echo -e "\n"
 echo -e "OAuth2 Client ID."
 echo -e "To enable the OAuth2 Client ID of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-client-id='54321abcde'"
 echo -e "\t-Disable the OAuth2 Client ID of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-client-id=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-client-id"
 echo -e "\n"
 echo -e "OAuth2 login style: popup or redirect. Default: redirect"
 echo -e "To enable the OAuth2 login style popup of Wekan:"
@@ -196,67 +204,67 @@ echo -e "OAuth2 Secret."
 echo -e "To enable the OAuth2 Secret of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-secret='54321abcde'"
 echo -e "\t-Disable the OAuth2 Secret of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-secret=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-secret"
 echo -e "\n"
 echo -e "OAuth2 Server URL."
 echo -e "To enable the OAuth2 Server URL of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-server-url='https://chat.example.com'"
 echo -e "\t-Disable the OAuth2 Server URL of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-server-url=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-server-url"
 echo -e "\n"
 echo -e "OAuth2 Authorization Endpoint."
 echo -e "To enable the OAuth2 Authorization Endpoint of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-auth-endpoint='/oauth/authorize'"
 echo -e "\t-Disable the OAuth2 Authorization Endpoint of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-auth-endpoint=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-auth-endpoint"
 echo -e "\n"
 echo -e "OAuth2 Userinfo Endpoint."
 echo -e "To enable the OAuth2 Userinfo Endpoint of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-userinfo-endpoint='/oauth/authorize'"
 echo -e "\t-Disable the OAuth2 Userinfo Endpoint of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-userinfo-endpoint=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-userinfo-endpoint"
 echo -e "\n"
 echo -e "OAuth2 Token Endpoint."
 echo -e "To enable the OAuth2 Token Endpoint of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint='/oauth/token'"
 echo -e "\t-Disable the OAuth2 Token Endpoint of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-token-endpoint=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-token-endpoint"
 echo -e "\n"
 echo -e "OAuth2 ID Token Whitelist Fields."
 echo -e "To enable the OAuth2 ID Token Whitelist Fields of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=[]"
 echo -e "\t-Disable the OAuth2 ID Token Whitelist Fields of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-id-token-whitelist-fields=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-id-token-whitelist-fields"
 echo -e "\n"
 echo -e "OAuth2 Request Permissions."
 echo -e "To enable the OAuth2 Request Permissions of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=\"'openid profile email'\""
 echo -e "\t-Disable the OAuth2 Request Permissions of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-request-permissions=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-request-permissions"
 echo -e "\n"
 echo -e "OAuth2 ID Mapping."
 echo -e "To enable the OAuth2 ID Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-id-map='username.uid'"
 echo -e "\t-Disable the OAuth2 ID Mapping of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-id-map=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-id-map"
 echo -e "\n"
 echo -e "OAuth2 Username Mapping."
 echo -e "To enable the OAuth2 Username Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-username-map='username'"
 echo -e "\t-Disable the OAuth2 Username Mapping of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-username-map=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-username-map"
 echo -e "\n"
 echo -e "OAuth2 Fullname Mapping."
 echo -e "To enable the OAuth2 Fullname Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map='fullname'"
 echo -e "\t-Disable the OAuth2 Fullname Mapping of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-fullname-map=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-fullname-map"
 echo -e "\n"
 echo -e "OAuth2 Email Mapping."
 echo -e "To enable the OAuth2 Email Mapping of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-email-map='email'"
 echo -e "\t-Disable the OAuth2 Email Mapping of Wekan:"
-echo -e "\t$ snap set $SNAP_NAME oauth2-email-map=''"
+echo -e "\t$ snap unset $SNAP_NAME oauth2-email-map"
 echo -e "\n"
 echo -e "Ldap Enable."
 echo -e "To enable the ldap of Wekan:"

start-wekan.bat

@@ -22,12 +22,6 @@ REM # ==== RICH TEXT EDITOR IN CARD COMMENTS ====
 REM # https://github.com/wekan/wekan/pull/2560
 SET RICHER_CARD_COMMENT_EDITOR=false
 
-REM # ==== MOUSE SCROLL ====
-REM # https://github.com/wekan/wekan/issues/2949
-SET SCROLLINERTIA=0
-SET SCROLLAMOUNT=auto
-SET SCROLLDELTAFACTOR=auto
-
 REM # ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
 SET CARD_OPENED_WEBHOOK_ENABLED=false
 
@@ -125,6 +119,9 @@ REM # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
 REM # example: OAUTH2_ENABLED=true
 REM SET OAUTH2_ENABLED=false
 
+REM # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
+REM SET OAUTH2_ADFS_ENABLED=false
+
 REM # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
 REM # example: OAUTH2_CLIENT_ID=abcde12345
 REM SET OAUTH2_CLIENT_ID=

start-wekan.sh

@@ -41,12 +41,6 @@
       # https://github.com/wekan/wekan/pull/2560
       export RICHER_CARD_COMMENT_EDITOR=false
       #---------------------------------------------------------------
-      # ==== MOUSE SCROLL ====
-      # https://github.com/wekan/wekan/issues/2949
-      export SCROLLINERTIA=0
-      export SCROLLAMOUNT=auto
-      export SCROLLDELTAFACTOR=auto
-      #---------------------------------------------------------------
       # ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
       export CARD_OPENED_WEBHOOK_ENABLED=false
       #---------------------------------------------------------------
@@ -133,6 +127,8 @@
       # 2) Configure the environment variables. This differs slightly
       #     by installation type, but make sure you have the following:
       #export OAUTH2_ENABLED=true
+      # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
+      #export OAUTH2_ADFS_ENABLED=false
       # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
       # OAuth2 login style: popup or redirect.
       #export OAUTH2_LOGIN_STYLE=redirect

torodb-postgresql/docker-compose.yml

@@ -230,12 +230,6 @@ services:
       # https://github.com/wekan/wekan/pull/2560
       - RICHER_CARD_COMMENT_EDITOR=false
       #---------------------------------------------------------------
-      # ==== MOUSE SCROLL ====
-      # https://github.com/wekan/wekan/issues/2949
-      - SCROLLINERTIA=0
-      - SCROLLAMOUNT=auto
-      - SCROLLDELTAFACTOR=auto
-      #---------------------------------------------------------------
       # ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
       # https://github.com/wekan/wekan/issues/2518
       - CARD_OPENED_WEBHOOK_ENABLED=false
@@ -321,6 +315,8 @@ services:
       # Enable the OAuth2 connection
       # example: OAUTH2_ENABLED=true
       #- OAUTH2_ENABLED=false
+      # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
+      #- OAUTH2_ADFS_ENABLED=false
       # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
       # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
       # example: OAUTH2_CLIENT_ID=abcde12345