clone/vikunja
1
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-04-25 22:55:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,206 Commits 88 Branches 59 Tags
8a4e43fb96246841b01971f4e4e608f9bcd265f8
Commit Graph

55 Commits

Author SHA1 Message Date
Copilot
5ca637a7e6 feat(auth): add oauth require availability configuration on startup (#1358) 2025-08-30 22:15:20 +00:00
kolaente
da0f6fb366 feat(auth): allow passing custom settings links to user account via openid claims 2025-08-03 13:25:32 +02:00
kolaente
0ecbd9e1a3 feat(user): add avatar cache flushing (#1041) 2025-06-27 14:01:43 +02:00
Weijie Zhao
a214d68a44 feat(auth): sync avatar from OpenID providers (#821) 2025-06-16 15:59:31 +02:00
Dominik Pschenitschni
296577a875 fix: correct license header references (#882) 
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
 2025-06-10 12:18:38 +02:00
Weijie Zhao
00c4148f05 feat(auth): add ForceUserInfo option to OpenID provider (#797) 
Problem:

When using Casdoor as an OpenID provider, there's an inconsistency between the user information in the JWT token and the UserInfo endpoint. The token contains the user's unique ID in the `name` field, while the UserInfo endpoint correctly returns the user's display name.

Solution:

This PR adds a new `ForceUserInfo` option to the OpenID provider configuration. When enabled, it forces the use of the UserInfo endpoint to retrieve user information instead of relying on claims from the ID token.

Impact:

- Default behavior remains unchanged (backward compatible)
- New option allows administrators to force using UserInfo endpoint data
- Particularly useful for providers like Casdoor that don't fully comply with OIDC standards

Related:

I've opened an issue in the Casdoor repository (https://github.com/casdoor/casdoor/issues/3806) to discuss the root cause. However, changing Casdoor's token structure might cause significant compatibility issues for existing integrations, so it's unclear if this can be fixed at the provider level. This PR provides a workaround in Vikunja that doesn't affect existing functionality.
 2025-05-20 08:06:34 +00:00
kolaente
6847f44058 chore(openid): add more debug logging when retrieving token 2025-03-29 19:24:07 +01:00
kolaente
4ea3c01b5f chore: add more debug logging when returning error 2025-03-29 18:21:34 +01:00
kolaente
99213c66ee chore(openid): use general external team sync 2025-03-18 16:36:00 +00:00
kolaente
9f5c761fd9 chore(auth): rename error 2025-03-18 16:36:00 +00:00
kolaente
06851ca639 chore(auth): rename external team id find methods 2025-03-18 16:36:00 +00:00
kolaente
62beb3db2d feat(auth): rename oidc_id to external_id 2025-03-18 16:36:00 +00:00
kolaente
12aba8e9b1 chore(openid): move openid team struct to openid package 2025-03-17 17:34:49 +01:00
Marc
f4a0c0ef31 feat(auth): sso fallback mapping (#3068) 
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/3068
Reviewed-by: konrad <k@knt.li>
Co-authored-by: Marc <marc88@free.fr>
Co-committed-by: Marc <marc88@free.fr>
 2025-03-02 15:21:09 +00:00
kolaente
4e93806a44 fix(auth): load oidc provider before trying to use it 
Resolves https://kolaente.dev/vikunja/vikunja/issues/3067
 2025-03-02 14:09:02 +01:00
kolaente
e9d9f04763 chore: improve debug logging 2025-02-03 17:42:17 +01:00
kolaente
71cad7aa13 chore(auth): refactor creating users in openid and ldap 2025-01-28 09:59:08 +00:00
kolaente
090dd4b2f6 fix(user): do not allow changing name in settings when the user originates from an external auth provider 
This improves the UX because it does not allow external users to change their name in Vikunja, since that change would be overridden once they log in again.

Resolves https://github.com/go-vikunja/vikunja/issues/357
 2025-01-21 16:27:06 +01:00
kolaente
05349ddb5c feat!: config for auth providers now use a map instead of an array 
The config values for openid providers now use a map with the provider as key instead of an array. For example before:

auth:
  openid:
    providers:
      - name: foo
        clientid: ...

now becomes:

auth:
  openid:
    providers:
      foo:
        clientid: ...

This allows us to read values for openid providers from files using the same syntax as everywhere and makes the configuration more predictable. It also allows configuring providers through env variables, though it is still required to set at least one value via the config file because Vikunja won't discover the provider otherwise.
 2024-11-18 10:34:30 +01:00
kolaente
329de3aab3 chore(web): remove unused echo context 2024-08-29 16:20:39 +02:00
kolaente
2063da9eec chore(web): move web handler package to Vikunja 2024-08-29 16:15:28 +02:00
kolaente
0910d5d2f2 chore(auth): refactor removing empty openid teams to cron job 2024-03-11 17:20:05 +01:00
waza-ari
ffa82556e0 feat(teams): add public flags to teams to allow easier sharing with other teams (#2179) 
Resolves #2173
Co-authored-by: Daniel Herrmann <daniel.herrmann1@gmail.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2179
Reviewed-by: konrad <k@knt.li>
Co-authored-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
Co-committed-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
 2024-03-10 14:04:32 +00:00
renovate
d7fdefcead chore(deps): update golangci/golangci-lint docker tag to v1.56.2 (#2099) 
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2099
Co-authored-by: renovate <renovatebot@kolaente.de>
Co-committed-by: renovate <renovatebot@kolaente.de>
 2024-03-10 13:47:19 +00:00
waza-ari
d69fc28125 fix(openid): OIDC teams should not have admins (#2161) 
This PR fixes an issue discussed in #2152. Before this PR, the user who triggered team creation automatically got the admin flag set for this group, which makes perfect sense for the normal UI workflow. OIDC managed teams cannot be edited in Vikunja, and they're created automatically by the first user logging in having this team assigned. This PR therefore makes sure that OIDC managed team members do not receive the admin flag.

Co-authored-by: Daniel Herrmann <daniel.herrmann1@gmail.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2161
Reviewed-by: konrad <k@knt.li>
Co-authored-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
Co-committed-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
 2024-03-05 22:08:39 +00:00
waza-ari
a3154e805c fix(auth): use (issuer, name) to check for uniqueness of oidc teams (#2152) 
The change introduced in #2150 introduces a bug where a Team would be re-created every time a user logs in, as the check if a team already exists was based on both the unique `oidcID` and the `name`. This PR proposes to only base the check on the ID, as this should be unique.

Co-authored-by: Daniel Herrmann <daniel.herrmann1@gmail.com>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/2152
Reviewed-by: konrad <k@knt.li>
Co-authored-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
Co-committed-by: waza-ari <daniel.herrmann@makerspace-darmstadt.de>
 2024-03-04 20:26:45 +00:00
kolaente
a4a0ea973a feat(auth): update team name in Vikunja when it was changed in the openid provider 2024-03-02 15:27:15 +01:00
kolaente
fc4303a778 chore(auth): add oidc suffix to openid team name in db 
Related to https://kolaente.dev/vikunja/vikunja/issues/2150
 2024-03-02 15:23:19 +01:00
kolaente
4f1f96f1e9 chore(auth): refactor openid team creation 2024-03-02 15:22:37 +01:00
viehlieb
ed4da96ab1 feat: assign users to teams via OIDC claims (#1393) 
This change adds the ability to sync teams via a custom openid claim. Vikunja will automatically create and delete teams as necessary, it will also add and remove users when they log in. These teams are fully managed by Vikunja and cannot be updated by a user.

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/vikunja/pulls/1393
Resolves https://kolaente.dev/vikunja/vikunja/issues/1279
Resolves https://github.com/go-vikunja/vikunja/issues/42
Resolves https://kolaente.dev/vikunja/vikunja/issues/950
Co-authored-by: viehlieb <pf@pragma-shift.net>
Co-committed-by: viehlieb <pf@pragma-shift.net>
 2024-03-02 08:47:10 +00:00
kolaente
30a2dcd04c fix: lint 2024-01-28 15:27:14 +01:00
kolaente
ce53663a88 fix(openid): use the calculated redirect url when authenticating with openid providers 2024-01-28 12:41:35 +01:00
kolaente
a5a6aba7c8 fix(auth): don't reset user settings when updating name or email from external auth provider 
Resolves https://github.com/go-vikunja/api/issues/102
 2023-12-25 17:09:19 +01:00
kolaente
ab2eda4bd5 fix(openid): make sure usernames with spaces work 2023-11-13 11:38:24 +01:00
kolaente
e518fb1191 chore: remove year from copyright headers 
Resolves https://kolaente.dev/vikunja/api/pulls/1483
 2023-09-01 08:32:28 +02:00
kolaente
fef253312c feat(projects): cleanup namespace leftovers 2023-05-24 15:51:54 +02:00
kolaente
16de7cd591 feat(projects): remove namespaces 2023-05-24 15:51:54 +02:00
Dominik Pschenitschni
4f7d69a108 fix: docs auth openID method 2023-04-03 05:19:32 +00:00
kolaente
9f14466dfa fix: lint 2023-03-05 22:24:29 +01:00
kolaente
530bb0a63c fix(user): make reset the user's name to empty actually work 2023-01-23 18:30:01 +01:00
viehlieb
a79b1de2d0 feat: provide logout url for openid providers (#1340) 
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1340
Co-authored-by: viehlieb <pf@pragma-shift.net>
Co-committed-by: viehlieb <pf@pragma-shift.net>
 2022-12-18 18:26:28 +00:00
kolaente
5cf263a86f feat: upgrade golangci-lint to 1.45.2 2022-03-27 16:55:37 +02:00
konrad
1322cb16d7 feat: add long-lived api tokens (#1085) 
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1085
Co-authored-by: konrad <k@knt.li>
Co-committed-by: konrad <k@knt.li>
 2022-02-06 13:18:08 +00:00
kolaente
190a9f2a4c fix: friendly name not getting synced on first login from openid 
Resolves #874
 2021-12-12 12:35:13 +01:00
konrad
4216ed7277 Refactor user email confirmation + password reset handling (#919) 
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/919
Co-authored-by: konrad <konrad@kola-entertainments.de>
Co-committed-by: konrad <konrad@kola-entertainments.de>
 2021-07-13 20:56:02 +00:00
renovate
6018573d81 Update module github.com/coreos/go-oidc to v3 (#885) 
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/885
Co-authored-by: renovate <renovatebot@kolaente.de>
Co-committed-by: renovate <renovatebot@kolaente.de>
 2021-06-14 20:56:29 +00:00
kolaente
9147e6739f Fix authentication callback 2021-06-09 23:00:42 +02:00
kolaente
d48aa101cf Refactor & fix storing struct-values in redis keyvalue 2021-05-28 10:52:51 +02:00
kolaente
3973ce985d Try to get more information about the user when authenticating with openid 2021-05-19 14:45:24 +02:00
kolaente
b76ad8efe2 Add more logging and better error messages for openid authentication + clarify docs 2021-05-16 13:23:10 +02:00