diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/api-json-rpc.markdown | 42 | ||||
| -rw-r--r-- | doc/ldap-authentication.markdown | 65 | ||||
| -rw-r--r-- | doc/plugins.markdown | 21 | ||||
| -rw-r--r-- | doc/vagrant.markdown | 50 |
4 files changed, 110 insertions, 68 deletions
diff --git a/doc/api-json-rpc.markdown b/doc/api-json-rpc.markdown index a7a8b546..359f8b05 100644 --- a/doc/api-json-rpc.markdown +++ b/doc/api-json-rpc.markdown @@ -248,6 +248,46 @@ end puts response.body ``` + +### Example with Java + +This is a basic example using Spring. For proper usage see [this link](http://spring.io/guides/gs/consuming-rest). + +```java +import java.io.UnsupportedEncodingException; +import java.util.Base64; + +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.web.client.RestTemplate; + +public class ProjectService { + + public void getAllProjects() throws UnsupportedEncodingException { + + RestTemplate restTemplate = new RestTemplate(); + + String url = "http://localhost/kanboard/jsonrpc.php"; + String requestJson = "{\"jsonrpc\": \"2.0\", \"method\": \"getAllProjects\", \"id\": 1}"; + String user = "jsonrpc"; + String apiToken = "19ffd9709d03ce50675c3a43d1c49c1ac207f4bc45f06c5b2701fbdf8929"; + + // encode api token + byte[] xApiAuthTokenBytes = String.join(":", user, apiToken).getBytes("utf-8"); + String xApiAuthToken = Base64.getEncoder().encodeToString(xApiAuthTokenBytes); + + // consume request + HttpHeaders headers = new HttpHeaders(); + headers.add("X-API-Auth", xApiAuthToken); + headers.setContentType(MediaType.APPLICATION_JSON); + HttpEntity<String> entity = new HttpEntity<String>(requestJson, headers); + String answer = restTemplate.postForObject(url, entity, String.class); + System.out.println(answer); + } +} +``` + Procedures ---------- @@ -4510,4 +4550,4 @@ Response example: } ] } -```
\ No newline at end of file +``` diff --git a/doc/ldap-authentication.markdown b/doc/ldap-authentication.markdown index 136aa9ac..f2e4869a 100644 --- a/doc/ldap-authentication.markdown +++ b/doc/ldap-authentication.markdown @@ -4,7 +4,7 @@ LDAP authentication Requirements ------------ -- LDAP extension for PHP +- PHP LDAP extension enabled - LDAP server: - OpenLDAP - Microsoft Active Directory @@ -23,8 +23,6 @@ When the LDAP authentication is activated, the login process work like that: - LDAP users have no local passwords - LDAP users can't modify their password with the user interface -- By default, all LDAP users have no admin privileges -- To become administrator, a LDAP user must be promoted by another administrator The full name and the email address are automatically fetched from the LDAP server. @@ -36,9 +34,9 @@ This file must be stored in the root directory of Kanboard. ### LDAP bind type -There is 3 possible ways to browse the LDAP directory: +There are 3 possible ways to browse the LDAP directory: -#### Anonymous browsing +#### Anonymous mode ```php define('LDAP_BIND_TYPE', 'anonymous'); @@ -48,10 +46,9 @@ define('LDAP_PASSWORD', null); This is the default value but some LDAP servers don't allow that. -#### Proxy user +#### Proxy mode -A specific user is used to browse the LDAP directory. -By example, Novell eDirectory use that method. +A specific user is used to browse the LDAP directory: ```php define('LDAP_BIND_TYPE', 'proxy'); @@ -59,33 +56,28 @@ define('LDAP_USERNAME', 'my proxy user'); define('LDAP_PASSWORD', 'my proxy password'); ``` -#### User credentials +#### User mode + +This method uses the credentials provided by the end-user. -This method use the credentials provided by the end-user. By example, Microsoft Active Directory doesn't allow anonymous browsing by default and if you don't want to use a proxy user you can use this method. ```php define('LDAP_BIND_TYPE', 'user'); -define('LDAP_USERNAME', '%s@mydomain.local'); +define('LDAP_USERNAME', '%s@kanboard.local'); define('LDAP_PASSWORD', null); ``` -Here, the `LDAP_USERNAME` is use to define a replacement pattern: - -```php -define('LDAP_USERNAME', '%s@mydomain.local'); - -// Another way to do the same: +In this case, the constant `LDAP_USERNAME` is used as a pattern to the ldap username, examples: -define('LDAP_USERNAME', 'MYDOMAIN\\%s'); -``` +- `%s@kanboard.local` will be replaced by `my_user@kanboard.local` +- `KANBOARD\\%s` will be replaced by `KANBOARD\my_user` ### Example for Microsoft Active Directory Let's say we have a domain `KANBOARD` (kanboard.local) and the primary controller is `myserver.kanboard.local`. -Microsoft Active Directory doesn't allow anonymous binding by default. -First example with a proxy user: +First example with proxy mode: ```php <?php @@ -93,7 +85,6 @@ First example with a proxy user: // Enable LDAP authentication (false by default) define('LDAP_AUTH', true); -// Credentials to be allowed to browse the LDAP directory define('LDAP_BIND_TYPE', 'proxy'); define('LDAP_USERNAME', 'administrator@kanboard.local'); define('LDAP_PASSWORD', 'my super secret password'); @@ -104,11 +95,9 @@ define('LDAP_SERVER', 'myserver.kanboard.local'); // LDAP properties define('LDAP_ACCOUNT_BASE', 'CN=Users,DC=kanboard,DC=local'); define('LDAP_USER_PATTERN', '(&(objectClass=user)(sAMAccountName=%s))'); -define('LDAP_ACCOUNT_FULLNAME', 'displayname'); -define('LDAP_ACCOUNT_EMAIL', 'mail'); ``` -Another way with no proxy user: +Second example with user mode: ```php <?php @@ -116,9 +105,8 @@ Another way with no proxy user: // Enable LDAP authentication (false by default) define('LDAP_AUTH', true); -// Credentials to be allowed to browse the LDAP directory define('LDAP_BIND_TYPE', 'user'); -define('LDAP_USERNAME', '%s@kanboard.local'); // or 'KANBOARD\\%s' +define('LDAP_USERNAME', '%s@kanboard.local'); define('LDAP_PASSWORD', null); // LDAP server hostname @@ -127,15 +115,13 @@ define('LDAP_SERVER', 'myserver.kanboard.local'); // LDAP properties define('LDAP_ACCOUNT_BASE', 'CN=Users,DC=kanboard,DC=local'); define('LDAP_USER_PATTERN', '(&(objectClass=user)(sAMAccountName=%s))'); -define('LDAP_ACCOUNT_FULLNAME', 'displayname'); -define('LDAP_ACCOUNT_EMAIL', 'mail'); ``` ### Example for OpenLDAP -Our LDAP server is `myserver.example.com` and all users are stored in the hierarchy `ou=People,dc=example,dc=com`. +Our LDAP server is `myserver.example.com` and all users are stored under `ou=People,dc=example,dc=com`. -For this example with use the anonymous binding. +For this example we use the anonymous binding. ```php <?php @@ -149,11 +135,9 @@ define('LDAP_SERVER', 'myserver.example.com'); // LDAP properties define('LDAP_ACCOUNT_BASE', 'ou=People,dc=example,dc=com'); define('LDAP_USER_PATTERN', 'uid=%s'); -define('LDAP_ACCOUNT_FULLNAME', 'displayname'); -define('LDAP_ACCOUNT_EMAIL', 'mail'); ``` -The `%s` is replaced by the username for the parameter `LDAP_USER_PATTERN`, so you can define a custom Distinguished Name (example: ` (&(objectClass=user)(uid=%s)(!(ou:dn::=trainees)))`). +The `%s` is replaced by the username for the parameter `LDAP_USER_PATTERN`, so you can define a custom Distinguished Name: ` (&(objectClass=user)(uid=%s)(!(ou:dn::=trainees)))`. ### Disable automatic account creation @@ -168,7 +152,7 @@ Just change the value of `LDAP_ACCOUNT_CREATION` to `false`: define('LDAP_ACCOUNT_CREATION', false); ``` -### SELinux on RHEL-based like CentOS +### SELinux restrictions If SELinux is enabled, you have to allow Apache to reach out your LDAP server. @@ -189,20 +173,19 @@ define('LDAP_SERVER', ''); // LDAP server port (389 by default) define('LDAP_PORT', 389); -// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification. +// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification define('LDAP_SSL_VERIFY', true); // Enable LDAP START_TLS define('LDAP_START_TLS', false); -// LDAP bind type: "anonymous", "user" (use the given user/password from the form) and "proxy" (a specific user to browse the LDAP directory) +// LDAP bind type: "anonymous", "user" or "proxy" define('LDAP_BIND_TYPE', 'anonymous'); -// LDAP username to connect with. null for anonymous bind (by default). -// Or for user bind type, you can use a pattern like that %s@kanboard.local +// LDAP username to connect with. null for anonymous bind (default). define('LDAP_USERNAME', null); -// LDAP password to connect with. null for anonymous bind (by default). +// LDAP password to connect with. null for anonymous bind (default). define('LDAP_PASSWORD', null); // LDAP account base, i.e. root of all user account @@ -223,7 +206,7 @@ define('LDAP_ACCOUNT_EMAIL', 'mail'); // Name of an attribute of the user account object which should be used as the id of the user. // Example for ActiveDirectory: 'samaccountname' // Example for OpenLDAP: 'uid' -define('LDAP_ACCOUNT_ID', 'samaccountname'); +define('LDAP_ACCOUNT_ID', ''); // LDAP Attribute for group membership define('LDAP_ACCOUNT_MEMBEROF', 'memberof'); diff --git a/doc/plugins.markdown b/doc/plugins.markdown index 031bf963..9e0a4cfe 100644 --- a/doc/plugins.markdown +++ b/doc/plugins.markdown @@ -198,7 +198,7 @@ Example to add new content in the dashboard sidebar: $this->template->hook->attach('template:dashboard:sidebar', 'myplugin:dashboard/sidebar'); ``` -This call is usually defined in the `initialize()` method. +This call is usually defined in the `initialize()` method. The first argument is name of the hook and the second argument is the template name. Template names prefixed with the plugin name and colon indicate the location of the template. @@ -329,6 +329,25 @@ $this->on('session.bootstrap', function($container) { The translations must be stored in `plugins/Myplugin/Locale/xx_XX/translations.php`. +Override HTTP Content Security Policy +------------------------------------- + +If you would like to replace the default HTTP Content Security Policy header, you can use the method `setContentSecurityPolicy()`: + +```php +<?php + +namespace Plugin\Csp; + +class Plugin extends \Core\Plugin\Base +{ + public function initialize() + { + $this->setContentSecurityPolicy(array('script-src' => 'something')); + } +} +``` + Dependency Injection Container ------------------------------ diff --git a/doc/vagrant.markdown b/doc/vagrant.markdown index beebb323..8c41e141 100644 --- a/doc/vagrant.markdown +++ b/doc/vagrant.markdown @@ -5,15 +5,13 @@ Vagrant is used to test Kanboard in different environments. Several configurations are available: -- Ubuntu 14.04 LTS with Sqlite -- Ubuntu 14.04 LTS with Mysql -- Ubuntu 14.04 LTS with Postgresql -- Debian 8 with sqlite -- Debian 7.6 with Sqlite -- Debian 6 with Sqlite -- Centos 7 with Sqlite -- Centos 6.5 with Sqlite -- Freebsd 10 with Sqlite +- Ubuntu 14.04 LTS +- Debian 8 +- Debian 7 +- Debian 6 +- Centos 7 +- Centos 6.7 +- Freebsd 10 The installation process is not fully automated for all VM, manual configuration can be required. @@ -24,10 +22,10 @@ Standard boxes can be downloaded from Vagrant: ```bash vagrant box add ubuntu/trusty64 vagrant box add debian/jessie64 -vagrant box add chef/debian-7.6 -vagrant box add chef/debian-6.0.10 -vagrant box add chef/centos-7.0 -vagrant box add chef/centos-6.5 +vagrant box add debian/wheezy64 +vagrant box add bento/debian-6.0.10 +vagrant box add centos/7 +vagrant box add bento/centos-6.7 vagrant box add freebsd/FreeBSD-10.2-STABLE ``` @@ -39,26 +37,28 @@ If you want to test Kanboard on Ubuntu with Sqlite: vagrant up sqlite ``` -Run composer: +The current directory is synced to the Apache document root. -```bash -vagrant ssh sqlite -cd /var/www/html # change the path according to the chosen distribution -sudo composer install -``` +Composer dependencies have to be there, so if you didn't run `composer install` on your host machine you can also do it on the guest machine. -After the initialization, go to **http://localhost:8001/**. +Each box have its own TCP port: -If you want to use Postgresql or Mysql, you have to configure Kanboard manually (`config.php`) and configure the database inside the virtual machine. +- ubuntu: http://localhost:8001/ +- debian8: http://localhost:8002/ +- debian7: http://localhost:8003/ +- debian6: http://localhost:8004/ +- centos7: http://localhost:8005/ +- centos6: http://localhost:8006/ +- freebsd10: http://localhost:8007/ Available boxes are: -- `vagrant up sqlite` -- `vagrant up mysql` -- `vagrant up postgres` +- `vagrant up ubuntu` - `vagrant up debian8` - `vagrant up debian7` - `vagrant up debian6` - `vagrant up centos7` -- `vagrant up centos65` +- `vagrant up centos6` - `vagrant up freebsd10` + +Any specific configuration have to done manually (Postgres or Mysql). |