Commit Graph

110 Commits

Author SHA1 Message Date
kolaente 4df8da549e fix(auth): scope query binding
Resolves https://github.com/go-vikunja/vikunja/issues/2146
2026-01-24 17:51:35 +01:00
kolaente 39b4568bc5
refactor: centralize HTTP error handling (#2062)
This changes the error handling to a centralized HTTP error handler in `pkg/routes/error_handler.go` that converts all error types to proper HTTP responses. This simplifies the overall error handling because http handler now only need to return the error instead of calling HandleHTTPError as previously.
It also removes the duplication between handling errors with and without Sentry.

🐰 Hop along, dear errors, no more wrapping today!
We've centralized handlers in a shiny new way,
From scattered to unified, the code flows so clean,
ValidationHTTPError marshals JSON supreme!
Direct propagation hops forward with glee,
A refactor so grand—what a sight to see! 🎉
2026-01-08 10:02:59 +00:00
kolaente c6fe4c1a6e fix(auth): retry up to three times when an auth provider cannot be reached
Resolves https://github.com/go-vikunja/vikunja/issues/2050
2026-01-05 21:50:40 +01:00
kolaente 541a38456e
chore(deps): update golangci-lint to 2.6.0 (#1737) 2025-10-31 17:28:52 +00:00
Copilot c7a26d81fe
fix(auth): do not panic with invalid openid provider configuration (#1354) 2025-08-31 07:17:50 +00:00
Copilot 5ca637a7e6
feat(auth): add oauth require availability configuration on startup (#1358) 2025-08-30 22:15:20 +00:00
kolaente a81a3ee0e5
feat!: rename right to permission (#1277) 2025-08-13 11:05:05 +02:00
kolaente da0f6fb366 feat(auth): allow passing custom settings links to user account via openid claims 2025-08-03 13:25:32 +02:00
kolaente de917467cb
fix(openid): manually fetch providers
Partially reverts fcdcdcf46a
Resolves https://github.com/go-vikunja/vikunja/issues/1165
2025-07-28 11:40:09 +02:00
kolaente bbd3567e43
chore: add debug logging around provider failure
https://github.com/go-vikunja/vikunja/issues/1165
2025-07-24 16:00:03 +02:00
kolaente 7243a10fb2
fix(openid): check different provider types
Related to https://github.com/go-vikunja/vikunja/issues/1165
2025-07-23 15:40:51 +02:00
kolaente 2b497e6265
fix: pass pointer when fetching provider
Resolves https://github.com/go-vikunja/vikunja/issues/1165
2025-07-23 11:09:09 +02:00
kolaente ad0cf7a13c
fix: improve ldap sanitization (#1155) 2025-07-21 21:06:38 +00:00
kolaente ca83ad1f98 feat: move to slog for logging 2025-07-21 18:15:39 +02:00
kolaente 566657c54a fix: correctly return cached provider 2025-07-18 18:38:12 +02:00
kolaente fcdcdcf46a feat: use keyvalue.Remember where it makes sense 2025-07-17 16:19:13 +02:00
Dominik Pschenitschni 342bbd6192 fix: correct comments 2025-07-02 17:46:21 +02:00
kolaente 0ecbd9e1a3
feat(user): add avatar cache flushing (#1041) 2025-06-27 14:01:43 +02:00
Weijie Zhao a214d68a44
feat(auth): sync avatar from OpenID providers (#821) 2025-06-16 15:59:31 +02:00
kolaente 6671ce38a8
chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
Dominik Pschenitschni 296577a875
fix: correct license header references (#882)
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
Weijie Zhao 00c4148f05
feat(auth): add ForceUserInfo option to OpenID provider (#797)
Problem:

When using Casdoor as an OpenID provider, there's an inconsistency between the user information in the JWT token and the UserInfo endpoint. The token contains the user's unique ID in the `name` field, while the UserInfo endpoint correctly returns the user's display name.

Solution:

This PR adds a new `ForceUserInfo` option to the OpenID provider configuration. When enabled, it forces the use of the UserInfo endpoint to retrieve user information instead of relying on claims from the ID token.

Impact:

- Default behavior remains unchanged (backward compatible)
- New option allows administrators to force using UserInfo endpoint data
- Particularly useful for providers like Casdoor that don't fully comply with OIDC standards

Related:

I've opened an issue in the Casdoor repository (https://github.com/casdoor/casdoor/issues/3806) to discuss the root cause. However, changing Casdoor's token structure might cause significant compatibility issues for existing integrations, so it's unclear if this can be fixed at the provider level. This PR provides a workaround in Vikunja that doesn't affect existing functionality.
2025-05-20 08:06:34 +00:00
kolaente 6847f44058
chore(openid): add more debug logging when retrieving token 2025-03-29 19:24:07 +01:00
kolaente 4ea3c01b5f
chore: add more debug logging when returning error 2025-03-29 18:21:34 +01:00
kolaente 5a93379d81
fix(ldap): update user name and email during login 2025-03-20 17:24:00 +01:00
kolaente d585de77a4
fix(ldap): crop avatar when syncing 2025-03-20 17:19:58 +01:00
kolaente 164f2eab9d
feat(ldap): also look for username only when checking group membership 2025-03-19 22:16:12 +01:00
kolaente f4b9a9cccd
feat(ldap): make member id attribute configurable 2025-03-19 22:15:50 +01:00
kolaente e12ebfebed
feat(ldap): sync avatar from ldap 2025-03-18 18:28:54 +01:00
kolaente 99213c66ee chore(openid): use general external team sync 2025-03-18 16:36:00 +00:00
kolaente 216df5bedc feat(ldap): make group sync configurable 2025-03-18 16:36:00 +00:00
kolaente a3b19a7b3c feat(auth): refactor group sync 2025-03-18 16:36:00 +00:00
kolaente c2f286437c feat(auth): ldap group sync 2025-03-18 16:36:00 +00:00
kolaente 9f5c761fd9 chore(auth): rename error 2025-03-18 16:36:00 +00:00
kolaente 06851ca639 chore(auth): rename external team id find methods 2025-03-18 16:36:00 +00:00
kolaente 62beb3db2d feat(auth): rename oidc_id to external_id 2025-03-18 16:36:00 +00:00
kolaente 12aba8e9b1
chore(openid): move openid team struct to openid package 2025-03-17 17:34:49 +01:00
kolaente 87cfe89441
feat(ldap): add tests 2025-03-16 18:23:55 +01:00
kolaente 91f9fe5b96
fix(ldap): return meaningful error when providing wrong credentials 2025-03-16 18:23:55 +01:00
Marc f4a0c0ef31 feat(auth): sso fallback mapping (#3068)
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/3068
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Marc <marc88@free.fr>
Co-committed-by: Marc <marc88@free.fr>
2025-03-02 15:21:09 +00:00
kolaente 4e93806a44
fix(auth): load oidc provider before trying to use it
Resolves https://kolaente.dev/vikunja/vikunja/issues/3067
2025-03-02 14:09:02 +01:00
kolaente e9d9f04763
chore: improve debug logging 2025-02-03 17:42:17 +01:00
kolaente f898bdaf2d feat(auth): use config variable to check if we should verify tls 2025-01-28 09:59:08 +00:00
kolaente 03412dd358 feat(auth): verify ldap config before trying to connect 2025-01-28 09:59:08 +00:00
kolaente d22c3fb19e feat(auth): make ldap user filter configurable 2025-01-28 09:59:08 +00:00
kolaente 71cad7aa13 chore(auth): refactor creating users in openid and ldap 2025-01-28 09:59:08 +00:00
kolaente 38bb8de4f1 feat(auth): authenticate users via ldap 2025-01-28 09:59:08 +00:00
kolaente 090dd4b2f6
fix(user): do not allow changing name in settings when the user originates from an external auth provider
This improves the UX because it does not allow external users to change their name in Vikunja, since that change would be overridden once they log in again.

Resolves https://github.com/go-vikunja/vikunja/issues/357
2025-01-21 16:27:06 +01:00
kolaente c9a68d3a63
fix(openid): lint 2024-12-11 17:10:41 +01:00
kolaente 4512045cbf
fix: check if all required keys are available when parsing openid configuration
Related to https://github.com/go-vikunja/vikunja/issues/371
2024-12-11 16:25:41 +01:00