- Add LDAP. In progress.

Thanks to maximest-pierre, Akuket and xet. Related #119
7 years ago · 288800eafc
parent 18a1d4c5c6
commit 288800eafc
9 changed files with 139 additions and 4 deletions
--- a/.meteor/packages
+++ b/.meteor/packages
@ -87,4 +87,5 @@ momentjs:moment@2.22.2
 browser-policy-framing
 mquandalle:moment
 msavin:usercache
+wekan:wekan-ldap
 wekan:accounts-cas
--- a/.meteor/versions
+++ b/.meteor/versions
@ -179,5 +179,7 @@ useraccounts:unstyled@1.14.2
 verron:autosize@3.0.8
 webapp@1.4.0
 webapp-hashing@1.0.9
+wekan:wekan-ldap@0.0.2
+yasaricli:slugify@0.0.7
 wekan:accounts-cas@0.1.0
 zimme:active-route@2.3.2
--- a/client/components/main/layouts.jade
+++ b/client/components/main/layouts.jade
@ -18,6 +18,7 @@ template(name="userFormsLayout")
      img(src="{{pathFor '/wekan-logo.png'}}" alt="Wekan")
    section.auth-dialog
      +Template.dynamic(template=content)
+      +connectionMethod
      if isCas
        .at-form
          button#cas(class='at-btn submit' type='submit') {{casSignInLabel}}
--- a/client/components/main/layouts.js
+++ b/client/components/main/layouts.js
@ -39,7 +39,7 @@ Template.userFormsLayout.helpers({
    const curLang = T9n.getLanguage() || 'en';
    return t9nTag === curLang;
  },
-
+/*
  isCas() {
    return Meteor.settings.public &&
      Meteor.settings.public.cas &&
@ -49,6 +49,7 @@ Template.userFormsLayout.helpers({
  casSignInLabel() {
    return TAPi18n.__('casSignIn', {}, T9n.getLanguage() || 'en');
  },
+*/
 });

 Template.userFormsLayout.events({
@ -64,6 +65,44 @@ Template.userFormsLayout.events({
      }
    });
  },
+  'submit form'(event) {
+    const connectionMethod = $('.select-connection').val();
+
+    // Local account
+    if (connectionMethod === 'default') {
+      return;
+    }
+
+    // TODO : find a way to block "submit #at-pwd-form" of the at_pwd_form.js
+
+    const inputs = event.target.getElementsByTagName('input');
+
+    const email = inputs.namedItem('at-field-username_and_email').value;
+    const password = inputs.namedItem('at-field-password').value;
+
+    // Ldap account
+    if (connectionMethod === 'ldap') {
+      // Check if the user can use the ldap connection
+      Meteor.subscribe('user-connection-method', email, {
+        onReady() {
+          const ldap = Users.findOne();
+
+          if (ldap) {
+            // Use the ldap connection package
+            Meteor.loginWithLDAP(email, password, function(error) {
+              if (!error) {
+                // Connection
+                return FlowRouter.go('/');
+              } else {
+                return error;
+              }
+            });
+          }
+          return this.stop();
+        },
+      });
+    }
+  },
 });

 Template.defaultLayout.events({
--- a/client/components/settings/connectionMethod.jade
+++ b/client/components/settings/connectionMethod.jade
@ -0,0 +1,6 @@
+template(name='connectionMethod')
+  div.at-form-connection
+    label Authentication method
+    select.select-connection
+        each connections
+            option(value="{{value}}") {{_ value}}
--- a/client/components/settings/connectionMethod.js
+++ b/client/components/settings/connectionMethod.js
@ -0,0 +1,34 @@
+Template.connectionMethod.onCreated(function() {
+  this.connectionMethods = new ReactiveVar([]);
+
+  Meteor.call('getConnectionsEnabled', (_, result) => {
+    if (result) {
+      // TODO : add a management of different languages
+      // (ex {value: ldap, text: TAPi18n.__('ldap', {}, T9n.getLanguage() || 'en')})
+      this.connectionMethods.set([
+        {value: 'default'},
+        // Gets only the connection methods availables
+        ...Object.entries(result).filter((e) => e[1]).map((e) => ({value: e[0]})),
+      ]);
+    }
+
+    // If only the default authentication available, hides the select boxe
+    const content = $('.at-form-connection');
+    if (!(this.connectionMethods.get().length > 1)) {
+      content.hide();
+    } else {
+      content.show();
+    }
+  });
+});
+
+Template.connectionMethod.onRendered(() => {
+  // Moves the select boxe in the first place of the at-pwd-form div
+  $('.at-form-connection').detach().prependTo('.at-pwd-form');
+});
+
+Template.connectionMethod.helpers({
+  connections() {
+    return Template.instance().connectionMethods.get();
+  },
+});
--- a/models/settings.js
+++ b/models/settings.js
@ -128,6 +128,18 @@ if (Meteor.isServer) {
    }
  }

+  function isLdapEnabled() {
+    return process.env.LDAP_ENABLE === 'true';
+  }
+
+  function isOauth2Enabled() {
+    return process.env.OAUTH2_ENABLED === 'true';
+  }
+
+  function isCasEnabled() {
+    return process.env.CAS_ENABLED === 'true';
+  }
+
  Meteor.methods({
    sendInvitation(emails, boards) {
      check(emails, [String]);
@ -197,5 +209,26 @@ if (Meteor.isServer) {
        withUserName: process.env.MATOMO_WITH_USERNAME || false,
      };
    },
+
+    _isLdapEnabled() {
+      return isLdapEnabled();
+    },
+
+    _isOauth2Enabled() {
+      return isOauth2Enabled();
+    },
+
+    _isCasEnabled() {
+      return isCasEnabled();
+    },
+
+    // Gets all connection methods to use it in the Template
+    getConnectionsEnabled() {
+      return {
+        ldap: isLdapEnabled(),
+        oauth2: isOauth2Enabled(),
+        cas: isCasEnabled(),
+      };
+    },
  });
 }
--- a/models/users.js
+++ b/models/users.js
@ -127,6 +127,11 @@ Users.attachSchema(new SimpleSchema({
    type: Boolean,
    optional: true,
  },
+  // TODO : write a migration and check if using a ldap parameter is better than a connection_type parameter
+  ldap: {
+    type: Boolean,
+    optional: true,
+  },
 }));

 Users.allow({
@ -490,7 +495,6 @@ if (Meteor.isServer) {

    if (user.services.oidc) {
      const email = user.services.oidc.email.toLowerCase();
-
      user.username = user.services.oidc.username;
      user.emails = [{ address: email, verified: true }];
      const initials = user.services.oidc.fullname.match(/\b[a-zA-Z]/g).join('').toUpperCase();
@ -518,7 +522,10 @@ if (Meteor.isServer) {
    }

    const disableRegistration = Settings.findOne().disableRegistration;
-    if (!disableRegistration) {
+    // If ldap, bypass the inviation code if the self registration isn't allowed.
+    // TODO : pay attention if ldap field in the user model change to another content ex : ldap field to connection_type
+    if (options.ldap || !disableRegistration) {
+      user.ldap = true;
      return user;
    }

@ -636,7 +643,9 @@ if (Meteor.isServer) {

    //invite user to corresponding boards
    const disableRegistration = Settings.findOne().disableRegistration;
-    if (disableRegistration) {
+    // If ldap, bypass the inviation code if the self registration isn't allowed.
+    // TODO : pay attention if ldap field in the user model change to another content ex : ldap field to connection_type
+    if (!doc.ldap && disableRegistration) {
      const invitationCode = InvitationCodes.findOne({code: doc.profile.icode, valid: true});
      if (!invitationCode) {
        throw new Meteor.Error('error-invitation-code-not-exist');
--- a/server/publications/users.js
+++ b/server/publications/users.js
@ -17,3 +17,13 @@ Meteor.publish('user-admin', function() {
    },
  });
 });
+
+Meteor.publish('user-connection-method', function(match) {
+  check(match, String);
+
+  return Users.find({$or: [{email: match}, {username: match}]}, {
+    fields: {
+      ldap: 1,
+    },
+  });
+});