kolaente
de917467cb
fix(openid): manually fetch providers
...
Partially reverts fcdcdcf46a
Resolves https://github.com/go-vikunja/vikunja/issues/1165
2025-07-28 11:40:09 +02:00
kolaente
bbd3567e43
chore: add debug logging around provider failure
...
https://github.com/go-vikunja/vikunja/issues/1165
2025-07-24 16:00:03 +02:00
kolaente
7243a10fb2
fix(openid): check different provider types
...
Related to https://github.com/go-vikunja/vikunja/issues/1165
2025-07-23 15:40:51 +02:00
kolaente
2b497e6265
fix: pass pointer when fetching provider
...
Resolves https://github.com/go-vikunja/vikunja/issues/1165
2025-07-23 11:09:09 +02:00
kolaente
ad0cf7a13c
fix: improve ldap sanitization ( #1155 )
2025-07-21 21:06:38 +00:00
kolaente
ca83ad1f98
feat: move to slog for logging
2025-07-21 18:15:39 +02:00
kolaente
566657c54a
fix: correctly return cached provider
2025-07-18 18:38:12 +02:00
kolaente
fcdcdcf46a
feat: use keyvalue.Remember where it makes sense
2025-07-17 16:19:13 +02:00
Dominik Pschenitschni
342bbd6192
fix: correct comments
2025-07-02 17:46:21 +02:00
kolaente
0ecbd9e1a3
feat(user): add avatar cache flushing ( #1041 )
2025-06-27 14:01:43 +02:00
Weijie Zhao
a214d68a44
feat(auth): sync avatar from OpenID providers ( #821 )
2025-06-16 15:59:31 +02:00
kolaente
6671ce38a8
chore: rename API test suites ( #938 )
2025-06-13 08:23:17 +00:00
Dominik Pschenitschni
296577a875
fix: correct license header references ( #882 )
...
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
Weijie Zhao
00c4148f05
feat(auth): add ForceUserInfo option to OpenID provider ( #797 )
...
Problem:
When using Casdoor as an OpenID provider, there's an inconsistency between the user information in the JWT token and the UserInfo endpoint. The token contains the user's unique ID in the `name` field, while the UserInfo endpoint correctly returns the user's display name.
Solution:
This PR adds a new `ForceUserInfo` option to the OpenID provider configuration. When enabled, it forces the use of the UserInfo endpoint to retrieve user information instead of relying on claims from the ID token.
Impact:
- Default behavior remains unchanged (backward compatible)
- New option allows administrators to force using UserInfo endpoint data
- Particularly useful for providers like Casdoor that don't fully comply with OIDC standards
Related:
I've opened an issue in the Casdoor repository (https://github.com/casdoor/casdoor/issues/3806 ) to discuss the root cause. However, changing Casdoor's token structure might cause significant compatibility issues for existing integrations, so it's unclear if this can be fixed at the provider level. This PR provides a workaround in Vikunja that doesn't affect existing functionality.
2025-05-20 08:06:34 +00:00
kolaente
6847f44058
chore(openid): add more debug logging when retrieving token
2025-03-29 19:24:07 +01:00
kolaente
4ea3c01b5f
chore: add more debug logging when returning error
2025-03-29 18:21:34 +01:00
kolaente
5a93379d81
fix(ldap): update user name and email during login
2025-03-20 17:24:00 +01:00
kolaente
d585de77a4
fix(ldap): crop avatar when syncing
2025-03-20 17:19:58 +01:00
kolaente
164f2eab9d
feat(ldap): also look for username only when checking group membership
2025-03-19 22:16:12 +01:00
kolaente
f4b9a9cccd
feat(ldap): make member id attribute configurable
2025-03-19 22:15:50 +01:00
kolaente
e12ebfebed
feat(ldap): sync avatar from ldap
2025-03-18 18:28:54 +01:00
kolaente
99213c66ee
chore(openid): use general external team sync
2025-03-18 16:36:00 +00:00
kolaente
216df5bedc
feat(ldap): make group sync configurable
2025-03-18 16:36:00 +00:00
kolaente
a3b19a7b3c
feat(auth): refactor group sync
2025-03-18 16:36:00 +00:00
kolaente
c2f286437c
feat(auth): ldap group sync
2025-03-18 16:36:00 +00:00
kolaente
9f5c761fd9
chore(auth): rename error
2025-03-18 16:36:00 +00:00
kolaente
06851ca639
chore(auth): rename external team id find methods
2025-03-18 16:36:00 +00:00
kolaente
62beb3db2d
feat(auth): rename oidc_id to external_id
2025-03-18 16:36:00 +00:00
kolaente
12aba8e9b1
chore(openid): move openid team struct to openid package
2025-03-17 17:34:49 +01:00
kolaente
87cfe89441
feat(ldap): add tests
2025-03-16 18:23:55 +01:00
kolaente
91f9fe5b96
fix(ldap): return meaningful error when providing wrong credentials
2025-03-16 18:23:55 +01:00
Marc
f4a0c0ef31
feat(auth): sso fallback mapping ( #3068 )
...
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/3068
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Marc <marc88@free.fr>
Co-committed-by: Marc <marc88@free.fr>
2025-03-02 15:21:09 +00:00
kolaente
4e93806a44
fix(auth): load oidc provider before trying to use it
...
Resolves https://kolaente.dev/vikunja/vikunja/issues/3067
2025-03-02 14:09:02 +01:00
kolaente
e9d9f04763
chore: improve debug logging
2025-02-03 17:42:17 +01:00
kolaente
f898bdaf2d
feat(auth): use config variable to check if we should verify tls
2025-01-28 09:59:08 +00:00
kolaente
03412dd358
feat(auth): verify ldap config before trying to connect
2025-01-28 09:59:08 +00:00
kolaente
d22c3fb19e
feat(auth): make ldap user filter configurable
2025-01-28 09:59:08 +00:00
kolaente
71cad7aa13
chore(auth): refactor creating users in openid and ldap
2025-01-28 09:59:08 +00:00
kolaente
38bb8de4f1
feat(auth): authenticate users via ldap
2025-01-28 09:59:08 +00:00
kolaente
090dd4b2f6
fix(user): do not allow changing name in settings when the user originates from an external auth provider
...
This improves the UX because it does not allow external users to change their name in Vikunja, since that change would be overridden once they log in again.
Resolves https://github.com/go-vikunja/vikunja/issues/357
2025-01-21 16:27:06 +01:00
kolaente
c9a68d3a63
fix(openid): lint
2024-12-11 17:10:41 +01:00
kolaente
4512045cbf
fix: check if all required keys are available when parsing openid configuration
...
Related to https://github.com/go-vikunja/vikunja/issues/371
2024-12-11 16:25:41 +01:00
kolaente
b8c4e0a91e
fix(openid): log error when config is still using array value
2024-11-18 12:16:38 +01:00
kolaente
05349ddb5c
feat!: config for auth providers now use a map instead of an array
...
The config values for openid providers now use a map with the provider as key instead of an array. For example before:
auth:
openid:
providers:
- name: foo
clientid: ...
now becomes:
auth:
openid:
providers:
foo:
clientid: ...
This allows us to read values for openid providers from files using the same syntax as everywhere and makes the configuration more predictable. It also allows configuring providers through env variables, though it is still required to set at least one value via the config file because Vikunja won't discover the provider otherwise.
2024-11-18 10:34:30 +01:00
kolaente
329de3aab3
chore(web): remove unused echo context
2024-08-29 16:20:39 +02:00
kolaente
2063da9eec
chore(web): move web handler package to Vikunja
2024-08-29 16:15:28 +02:00
kolaente
66e96322ea
fix: do not remove empty openid teams when none are present
...
Maybe resolves https://community.vikunja.io/t/empty-openid-team-cleanup-cron-error-removing-empty-openid-team-database-is-locked-error-when-exporting-data/2306/3
2024-04-25 14:21:31 +02:00
kolaente
0910d5d2f2
chore(auth): refactor removing empty openid teams to cron job
2024-03-11 17:20:05 +01:00
waza-ari
ffa82556e0
feat(teams): add public flags to teams to allow easier sharing with other teams ( #2179 )
...
Resolves #2173
Co-authored-by: Daniel Herrmann <daniel.herrmann1@gmail.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2179
Reviewed-by: konrad <k@knt.li>
Co-authored-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
Co-committed-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
2024-03-10 14:04:32 +00:00
renovate
d7fdefcead
chore(deps): update golangci/golangci-lint docker tag to v1.56.2 ( #2099 )
...
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2099
Co-authored-by: renovate <renovatebot@kolaente.de>
Co-committed-by: renovate <renovatebot@kolaente.de>
2024-03-10 13:47:19 +00:00