clone/vikunja
1
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-04-25 14:45:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,206 Commits 88 Branches 59 Tags
8a4e43fb96246841b01971f4e4e608f9bcd265f8
Commit Graph

106 Commits

Author SHA1 Message Date
Copilot
c7a26d81fe fix(auth): do not panic with invalid openid provider configuration (#1354) 2025-08-31 07:17:50 +00:00
Copilot
5ca637a7e6 feat(auth): add oauth require availability configuration on startup (#1358) 2025-08-30 22:15:20 +00:00
kolaente
a81a3ee0e5 feat!: rename right to permission (#1277) 2025-08-13 11:05:05 +02:00
kolaente
da0f6fb366 feat(auth): allow passing custom settings links to user account via openid claims 2025-08-03 13:25:32 +02:00
kolaente
de917467cb fix(openid): manually fetch providers 
Partially reverts fcdcdcf46a
Resolves https://github.com/go-vikunja/vikunja/issues/1165
 2025-07-28 11:40:09 +02:00
kolaente
bbd3567e43 chore: add debug logging around provider failure 
https://github.com/go-vikunja/vikunja/issues/1165
 2025-07-24 16:00:03 +02:00
kolaente
7243a10fb2 fix(openid): check different provider types 
Related to https://github.com/go-vikunja/vikunja/issues/1165
 2025-07-23 15:40:51 +02:00
kolaente
2b497e6265 fix: pass pointer when fetching provider 
Resolves https://github.com/go-vikunja/vikunja/issues/1165
 2025-07-23 11:09:09 +02:00
kolaente
ad0cf7a13c fix: improve ldap sanitization (#1155) 2025-07-21 21:06:38 +00:00
kolaente
ca83ad1f98 feat: move to slog for logging 2025-07-21 18:15:39 +02:00
kolaente
566657c54a fix: correctly return cached provider 2025-07-18 18:38:12 +02:00
kolaente
fcdcdcf46a feat: use keyvalue.Remember where it makes sense 2025-07-17 16:19:13 +02:00
Dominik Pschenitschni
342bbd6192 fix: correct comments 2025-07-02 17:46:21 +02:00
kolaente
0ecbd9e1a3 feat(user): add avatar cache flushing (#1041) 2025-06-27 14:01:43 +02:00
Weijie Zhao
a214d68a44 feat(auth): sync avatar from OpenID providers (#821) 2025-06-16 15:59:31 +02:00
kolaente
6671ce38a8 chore: rename API test suites (#938) 2025-06-13 08:23:17 +00:00
Dominik Pschenitschni
296577a875 fix: correct license header references (#882) 
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
 2025-06-10 12:18:38 +02:00
Weijie Zhao
00c4148f05 feat(auth): add ForceUserInfo option to OpenID provider (#797) 
Problem:

When using Casdoor as an OpenID provider, there's an inconsistency between the user information in the JWT token and the UserInfo endpoint. The token contains the user's unique ID in the `name` field, while the UserInfo endpoint correctly returns the user's display name.

Solution:

This PR adds a new `ForceUserInfo` option to the OpenID provider configuration. When enabled, it forces the use of the UserInfo endpoint to retrieve user information instead of relying on claims from the ID token.

Impact:

- Default behavior remains unchanged (backward compatible)
- New option allows administrators to force using UserInfo endpoint data
- Particularly useful for providers like Casdoor that don't fully comply with OIDC standards

Related:

I've opened an issue in the Casdoor repository (https://github.com/casdoor/casdoor/issues/3806) to discuss the root cause. However, changing Casdoor's token structure might cause significant compatibility issues for existing integrations, so it's unclear if this can be fixed at the provider level. This PR provides a workaround in Vikunja that doesn't affect existing functionality.
 2025-05-20 08:06:34 +00:00
kolaente
6847f44058 chore(openid): add more debug logging when retrieving token 2025-03-29 19:24:07 +01:00
kolaente
4ea3c01b5f chore: add more debug logging when returning error 2025-03-29 18:21:34 +01:00
kolaente
5a93379d81 fix(ldap): update user name and email during login 2025-03-20 17:24:00 +01:00
kolaente
d585de77a4 fix(ldap): crop avatar when syncing 2025-03-20 17:19:58 +01:00
kolaente
164f2eab9d feat(ldap): also look for username only when checking group membership 2025-03-19 22:16:12 +01:00
kolaente
f4b9a9cccd feat(ldap): make member id attribute configurable 2025-03-19 22:15:50 +01:00
kolaente
e12ebfebed feat(ldap): sync avatar from ldap 2025-03-18 18:28:54 +01:00
kolaente
99213c66ee chore(openid): use general external team sync 2025-03-18 16:36:00 +00:00
kolaente
216df5bedc feat(ldap): make group sync configurable 2025-03-18 16:36:00 +00:00
kolaente
a3b19a7b3c feat(auth): refactor group sync 2025-03-18 16:36:00 +00:00
kolaente
c2f286437c feat(auth): ldap group sync 2025-03-18 16:36:00 +00:00
kolaente
9f5c761fd9 chore(auth): rename error 2025-03-18 16:36:00 +00:00
kolaente
06851ca639 chore(auth): rename external team id find methods 2025-03-18 16:36:00 +00:00
kolaente
62beb3db2d feat(auth): rename oidc_id to external_id 2025-03-18 16:36:00 +00:00
kolaente
12aba8e9b1 chore(openid): move openid team struct to openid package 2025-03-17 17:34:49 +01:00
kolaente
87cfe89441 feat(ldap): add tests 2025-03-16 18:23:55 +01:00
kolaente
91f9fe5b96 fix(ldap): return meaningful error when providing wrong credentials 2025-03-16 18:23:55 +01:00
Marc
f4a0c0ef31 feat(auth): sso fallback mapping (#3068) 
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/3068
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Marc <marc88@free.fr>
Co-committed-by: Marc <marc88@free.fr>
 2025-03-02 15:21:09 +00:00
kolaente
4e93806a44 fix(auth): load oidc provider before trying to use it 
Resolves https://kolaente.dev/vikunja/vikunja/issues/3067
 2025-03-02 14:09:02 +01:00
kolaente
e9d9f04763 chore: improve debug logging 2025-02-03 17:42:17 +01:00
kolaente
f898bdaf2d feat(auth): use config variable to check if we should verify tls 2025-01-28 09:59:08 +00:00
kolaente
03412dd358 feat(auth): verify ldap config before trying to connect 2025-01-28 09:59:08 +00:00
kolaente
d22c3fb19e feat(auth): make ldap user filter configurable 2025-01-28 09:59:08 +00:00
kolaente
71cad7aa13 chore(auth): refactor creating users in openid and ldap 2025-01-28 09:59:08 +00:00
kolaente
38bb8de4f1 feat(auth): authenticate users via ldap 2025-01-28 09:59:08 +00:00
kolaente
090dd4b2f6 fix(user): do not allow changing name in settings when the user originates from an external auth provider 
This improves the UX because it does not allow external users to change their name in Vikunja, since that change would be overridden once they log in again.

Resolves https://github.com/go-vikunja/vikunja/issues/357
 2025-01-21 16:27:06 +01:00
kolaente
c9a68d3a63 fix(openid): lint 2024-12-11 17:10:41 +01:00
kolaente
4512045cbf fix: check if all required keys are available when parsing openid configuration 
Related to https://github.com/go-vikunja/vikunja/issues/371
 2024-12-11 16:25:41 +01:00
kolaente
b8c4e0a91e fix(openid): log error when config is still using array value 2024-11-18 12:16:38 +01:00
kolaente
05349ddb5c feat!: config for auth providers now use a map instead of an array 
The config values for openid providers now use a map with the provider as key instead of an array. For example before:

auth:
  openid:
    providers:
      - name: foo
        clientid: ...

now becomes:

auth:
  openid:
    providers:
      foo:
        clientid: ...

This allows us to read values for openid providers from files using the same syntax as everywhere and makes the configuration more predictable. It also allows configuring providers through env variables, though it is still required to set at least one value via the config file because Vikunja won't discover the provider otherwise.
 2024-11-18 10:34:30 +01:00
kolaente
329de3aab3 chore(web): remove unused echo context 2024-08-29 16:20:39 +02:00
kolaente
2063da9eec chore(web): move web handler package to Vikunja 2024-08-29 16:15:28 +02:00