Commit Graph

63 Commits

Author SHA1 Message Date
kolaente 99213c66ee chore(openid): use general external team sync 2025-03-18 16:36:00 +00:00
kolaente 9f5c761fd9 chore(auth): rename error 2025-03-18 16:36:00 +00:00
kolaente 06851ca639 chore(auth): rename external team id find methods 2025-03-18 16:36:00 +00:00
kolaente 62beb3db2d feat(auth): rename oidc_id to external_id 2025-03-18 16:36:00 +00:00
kolaente 12aba8e9b1
chore(openid): move openid team struct to openid package 2025-03-17 17:34:49 +01:00
kolaente 87cfe89441
feat(ldap): add tests 2025-03-16 18:23:55 +01:00
Marc f4a0c0ef31 feat(auth): sso fallback mapping (#3068)
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/3068
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Marc <marc88@free.fr>
Co-committed-by: Marc <marc88@free.fr>
2025-03-02 15:21:09 +00:00
kolaente 4e93806a44
fix(auth): load oidc provider before trying to use it
Resolves https://kolaente.dev/vikunja/vikunja/issues/3067
2025-03-02 14:09:02 +01:00
kolaente e9d9f04763
chore: improve debug logging 2025-02-03 17:42:17 +01:00
kolaente 71cad7aa13 chore(auth): refactor creating users in openid and ldap 2025-01-28 09:59:08 +00:00
kolaente 090dd4b2f6
fix(user): do not allow changing name in settings when the user originates from an external auth provider
This improves the UX because it does not allow external users to change their name in Vikunja, since that change would be overridden once they log in again.

Resolves https://github.com/go-vikunja/vikunja/issues/357
2025-01-21 16:27:06 +01:00
kolaente c9a68d3a63
fix(openid): lint 2024-12-11 17:10:41 +01:00
kolaente 4512045cbf
fix: check if all required keys are available when parsing openid configuration
Related to https://github.com/go-vikunja/vikunja/issues/371
2024-12-11 16:25:41 +01:00
kolaente b8c4e0a91e
fix(openid): log error when config is still using array value 2024-11-18 12:16:38 +01:00
kolaente 05349ddb5c
feat!: config for auth providers now use a map instead of an array
The config values for openid providers now use a map with the provider as key instead of an array. For example before:

auth:
  openid:
    providers:
      - name: foo
        clientid: ...

now becomes:

auth:
  openid:
    providers:
      foo:
        clientid: ...

This allows us to read values for openid providers from files using the same syntax as everywhere and makes the configuration more predictable. It also allows configuring providers through env variables, though it is still required to set at least one value via the config file because Vikunja won't discover the provider otherwise.
2024-11-18 10:34:30 +01:00
kolaente 329de3aab3
chore(web): remove unused echo context 2024-08-29 16:20:39 +02:00
kolaente 2063da9eec
chore(web): move web handler package to Vikunja 2024-08-29 16:15:28 +02:00
kolaente 66e96322ea
fix: do not remove empty openid teams when none are present
Maybe resolves https://community.vikunja.io/t/empty-openid-team-cleanup-cron-error-removing-empty-openid-team-database-is-locked-error-when-exporting-data/2306/3
2024-04-25 14:21:31 +02:00
kolaente 0910d5d2f2
chore(auth): refactor removing empty openid teams to cron job 2024-03-11 17:20:05 +01:00
waza-ari ffa82556e0 feat(teams): add public flags to teams to allow easier sharing with other teams (#2179)
Resolves #2173
Co-authored-by: Daniel Herrmann <daniel.herrmann1@gmail.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2179
Reviewed-by: konrad <k@knt.li>
Co-authored-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
Co-committed-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
2024-03-10 14:04:32 +00:00
renovate d7fdefcead chore(deps): update golangci/golangci-lint docker tag to v1.56.2 (#2099)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2099
Co-authored-by: renovate <renovatebot@kolaente.de>
Co-committed-by: renovate <renovatebot@kolaente.de>
2024-03-10 13:47:19 +00:00
waza-ari d69fc28125 fix(openid): OIDC teams should not have admins (#2161)
This PR fixes an issue discussed in #2152. Before this PR, the user who triggered team creation automatically got the admin flag set for this group, which makes perfect sense for the normal UI workflow. OIDC managed teams cannot be edited in Vikunja, and they're created automatically by the first user logging in having this team assigned. This PR therefore makes sure that OIDC managed team members do not receive the admin flag.

Co-authored-by: Daniel Herrmann <daniel.herrmann1@gmail.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2161
Reviewed-by: konrad <k@knt.li>
Co-authored-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
Co-committed-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
2024-03-05 22:08:39 +00:00
waza-ari a3154e805c fix(auth): use (issuer, name) to check for uniqueness of oidc teams (#2152)
The change introduced in #2150 introduces a bug where a Team would be re-created every time a user logs in, as the check if a team already exists was based on both the unique `oidcID` and the `name`. This PR proposes to only base the check on the ID, as this should be unique.

Co-authored-by: Daniel Herrmann <daniel.herrmann1@gmail.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2152
Reviewed-by: konrad <k@knt.li>
Co-authored-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
Co-committed-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
2024-03-04 20:26:45 +00:00
kolaente 379b0b24b3
fix(auth): test assertion 2024-03-02 15:38:01 +01:00
kolaente a4a0ea973a
feat(auth): update team name in Vikunja when it was changed in the openid provider 2024-03-02 15:27:15 +01:00
kolaente fc4303a778
chore(auth): add oidc suffix to openid team name in db
Related to https://kolaente.dev/vikunja/vikunja/issues/2150
2024-03-02 15:23:19 +01:00
kolaente 4f1f96f1e9
chore(auth): refactor openid team creation 2024-03-02 15:22:37 +01:00
viehlieb ed4da96ab1 feat: assign users to teams via OIDC claims (#1393)
This change adds the ability to sync teams via a custom openid claim. Vikunja will automatically create and delete teams as necessary, it will also add and remove users when they log in. These teams are fully managed by Vikunja and cannot be updated by a user.

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/1393
Resolves https://kolaente.dev/vikunja/vikunja/issues/1279
Resolves https://github.com/go-vikunja/vikunja/issues/42
Resolves https://kolaente.dev/vikunja/vikunja/issues/950
Co-authored-by: viehlieb <pf@pragma-shift.net>
Co-committed-by: viehlieb <pf@pragma-shift.net>
2024-03-02 08:47:10 +00:00
kolaente 30a2dcd04c
fix: lint 2024-01-28 15:27:14 +01:00
kolaente ce53663a88
fix(openid): use the calculated redirect url when authenticating with openid providers 2024-01-28 12:41:35 +01:00
kolaente a5a6aba7c8
fix(auth): don't reset user settings when updating name or email from external auth provider
Resolves https://github.com/go-vikunja/api/issues/102
2023-12-25 17:09:19 +01:00
kolaente c05f51b923
chore(deps): update golangci-lint rules 2023-12-19 13:34:31 +01:00
kolaente ab2eda4bd5
fix(openid): make sure usernames with spaces work 2023-11-13 11:38:24 +01:00
kolaente e518fb1191
chore: remove year from copyright headers
Resolves https://kolaente.dev/vikunja/api/pulls/1483
2023-09-01 08:32:28 +02:00
kolaente fef253312c
feat(projects): cleanup namespace leftovers 2023-05-24 15:51:54 +02:00
kolaente 16de7cd591
feat(projects): remove namespaces 2023-05-24 15:51:54 +02:00
kolaente 9bf535d06f
fix: remove old saved openid provider settings from cache when starting Vikunja
Resolves https://kolaente.dev/vikunja/api/issues/1487
2023-04-10 13:32:20 +02:00
Dominik Pschenitschni 4f7d69a108 fix: docs auth openID method 2023-04-03 05:19:32 +00:00
kolaente 9f14466dfa
fix: lint 2023-03-05 22:24:29 +01:00
kolaente 530bb0a63c
fix(user): make reset the user's name to empty actually work 2023-01-23 18:30:01 +01:00
viehlieb a79b1de2d0 feat: provide logout url for openid providers (#1340)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1340
Co-authored-by: viehlieb <pf@pragma-shift.net>
Co-committed-by: viehlieb <pf@pragma-shift.net>
2022-12-18 18:26:28 +00:00
kolaente 25ffa1bc2e
fix: prevent logging openid provider errors twice 2022-07-07 15:47:37 +02:00
kolaente 5cf263a86f
feat: upgrade golangci-lint to 1.45.2 2022-03-27 16:55:37 +02:00
konrad 1322cb16d7 feat: add long-lived api tokens (#1085)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1085
Co-authored-by: konrad <k@knt.li>
Co-committed-by: konrad <k@knt.li>
2022-02-06 13:18:08 +00:00
kolaente 190a9f2a4c
fix: friendly name not getting synced on first login from openid
Resolves #874
2021-12-12 12:35:13 +01:00
konrad 4216ed7277 Refactor user email confirmation + password reset handling (#919)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/919
Co-authored-by: konrad <konrad@kola-entertainments.de>
Co-committed-by: konrad <konrad@kola-entertainments.de>
2021-07-13 20:56:02 +00:00
renovate 6018573d81 Update module github.com/coreos/go-oidc to v3 (#885)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/885
Co-authored-by: renovate <renovatebot@kolaente.de>
Co-committed-by: renovate <renovatebot@kolaente.de>
2021-06-14 20:56:29 +00:00
kolaente 9147e6739f
Fix authentication callback 2021-06-09 23:00:42 +02:00
kolaente 570d146b21
Fix parsing openid config when using a json config file 2021-06-09 21:56:17 +02:00
kolaente d48aa101cf
Refactor & fix storing struct-values in redis keyvalue 2021-05-28 10:52:51 +02:00