✨ allow admins to set the requested permissions for OIDC authenticati…

…on (should fix OpenID with GitLab. #171)
kromitgmbh · Apr 25, 2023 · ad5697a · ad5697a
1 parent 26a3be4
commit ad5697a
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 41 deletions.
diff --git a/.meteor/versions b/.meteor/versions
@@ -7,7 +7,7 @@ [email protected]
 [email protected]
 [email protected]
 [email protected]
-[email protected].1
+[email protected].2
 [email protected]
 [email protected]
 [email protected]

diff --git a/imports/ui/pages/administration/components/oidccomponent.js b/imports/ui/pages/administration/components/oidccomponent.js
@@ -8,7 +8,7 @@ Template.oidccomponent.helpers({
   oidcValue: (name) => getOidcConfiguration(name),
   siteUrl: () => Meteor.absoluteUrl({ replaceLocalhost: true }),
   isCheckbox: (setting) => setting.type === 'checkbox',
-  isChecked: (name) => getOidcConfiguration(name) ? 'checked' : '',  
+  isChecked: (name) => (getOidcConfiguration(name) ? 'checked' : ''),
 })
 Template.oidccomponent.events({
   'click .js-update-oidc': (event, templateInstance) => {

diff --git a/imports/utils/oidc_client.js b/imports/utils/oidc_client.js
@@ -26,7 +26,7 @@ function registerOidc() {
     const mobile = /Android|webOS|iPhone|iPad|iPod|BlackBerry|Windows Phone/i.test(navigator.userAgent)
     const display = mobile ? 'touch' : 'popup'
     const loginStyle = OAuth._loginStyle(SERVICE_NAME, config, options)
-    const scope = config.requestPermissions || ['openid', 'profile', 'email']
+    const scope = config.requestPermissions?.split(',') || ['openid', 'profile', 'email']
 
     // options
     options.client_id = config.clientId

diff --git a/imports/utils/oidc_helper.js b/imports/utils/oidc_helper.js
@@ -4,14 +4,33 @@ import { getGlobalSetting } from './frontend_helpers'
 const SERVICE_NAME = 'oidc'
 
 const oidcFields = [
-  { property: 'disableDefaultLoginForm', label: 'Disable Default Login Form', type: 'checkbox', value: false },
-  { property: 'clientId', label: 'Client ID', type: 'text', value: '' },
-  { property: 'secret', label: 'Client Secret', type: 'text', value: '' },
-  { property: 'serverUrl', label: 'OIDC Server URL', type: 'text', value: '' },
-  { property: 'authorizationEndpoint', label: 'Authorization Endpoint', type: 'text', value: '' },
-  { property: 'tokenEndpoint', label: 'Token Endpoint', type: 'text', value: '' },
-  { property: 'userinfoEndpoint', label: 'Userinfo Endpoint', type: 'text', value: '' },
-  { property: 'idTokenWhitelistFields', label: 'Id Token Fields', type: 'text', value: '' },
+  {
+    property: 'disableDefaultLoginForm', label: 'Disable Default Login Form', type: 'checkbox', value: false,
+  },
+  {
+    property: 'clientId', label: 'Client ID', type: 'text', value: '',
+  },
+  {
+    property: 'secret', label: 'Client Secret', type: 'text', value: '',
+  },
+  {
+    property: 'serverUrl', label: 'OIDC Server URL', type: 'text', value: '',
+  },
+  {
+    property: 'authorizationEndpoint', label: 'Authorization Endpoint', type: 'text', value: '',
+  },
+  {
+    property: 'tokenEndpoint', label: 'Token Endpoint', type: 'text', value: '',
+  },
+  {
+    property: 'userinfoEndpoint', label: 'Userinfo Endpoint', type: 'text', value: '',
+  },
+  {
+    property: 'idTokenWhitelistFields', label: 'Id Token Fields', type: 'text', value: '',
+  },
+  {
+    property: 'requestPermissions', label: 'Request Permissions', type: 'text', value: '"openid", "profile", "email"',
+  },
 ]
 
 function isOidcConfigured() {
@@ -26,8 +45,8 @@ function disableDefaultLoginForm() {
     return false
   }
 
-  var configuration = ServiceConfiguration.configurations.findOne({ service: SERVICE_NAME });
-  if (configuration == undefined) {
+  const configuration = ServiceConfiguration.configurations.findOne({ service: SERVICE_NAME })
+  if (configuration === undefined) {
     return false
   }
 
@@ -41,4 +60,6 @@ function getOidcConfiguration(name) {
   }
   return ''
 }
-export { oidcFields, isOidcConfigured, disableDefaultLoginForm, getOidcConfiguration }
+export {
+  oidcFields, isOidcConfigured, disableDefaultLoginForm, getOidcConfiguration,
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "titra",
-  "version": "0.92.0",
+  "version": "0.92.1",
   "private": true,
   "scripts": {
     "start": "meteor run"
@@ -9,9 +9,9 @@
     "@babel/runtime": "^7.21.0",
     "@dashboardcode/bsmultiselect": "^1.1.18",
     "@fortawesome/fontawesome-free": "^6.4.0",
-    "@fullcalendar/core": "6.1.5",
-    "@fullcalendar/daygrid": "6.1.5",
-    "@fullcalendar/interaction": "6.1.5",
+    "@fullcalendar/core": "6.1.6",
+    "@fullcalendar/daygrid": "6.1.6",
+    "@fullcalendar/interaction": "6.1.6",
     "@neovici/nullxlsx": "^3.0.4",
     "@popperjs/core": "^2.11.7",
     "@simonwep/pickr": "^1.8.2",
@@ -42,12 +42,12 @@
     "raw-body": "^2.5.2",
     "sortablejs": "^1.15.0",
     "tiny-date-picker": "^3.2.8",
-    "vm2": "^3.9.16"
+    "vm2": "^3.9.17"
   },
   "devDependencies": {
     "@babel/core": "^7.21.4",
     "@babel/eslint-parser": "^7.21.3",
-    "eslint": "^8.38.0",
+    "eslint": "^8.39.0",
     "eslint-config-airbnb-base": "^15.0.0",
     "eslint-import-resolver-meteor": "^0.4.0",
     "eslint-plugin-i18next": "^5.2.1",