From 6d4286ec664f1df8b0e97b759075afbf34d9620a Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sun, 6 Dec 2015 10:53:33 -0500 Subject: Update LDAP documentation --- doc/config.markdown | 79 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 31 deletions(-) (limited to 'doc/config.markdown') diff --git a/doc/config.markdown b/doc/config.markdown index f375b2fc..8ae56df6 100644 --- a/doc/config.markdown +++ b/doc/config.markdown @@ -2,7 +2,7 @@ Config file =========== You can customize the default settings of Kanboard by adding a file `config.php` at the project root. -You can also rename the `config.default.php` and change the desired values. +You can also rename the file `config.default.php` to `config.php` and change the desired values. Enable/Disable debug mode ------------------------- @@ -102,59 +102,76 @@ define('LDAP_SERVER', ''); // LDAP server port (389 by default) define('LDAP_PORT', 389); -// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification. +// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification define('LDAP_SSL_VERIFY', true); // Enable LDAP START_TLS define('LDAP_START_TLS', false); -// LDAP bind type: "anonymous", "user" (use the given user/password from the form) and "proxy" (a specific user to browse the LDAP directory) +// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive) +// Set to true if you want to preserve the case +define('LDAP_USERNAME_CASE_SENSITIVE', false); + +// LDAP bind type: "anonymous", "user" or "proxy" define('LDAP_BIND_TYPE', 'anonymous'); -// LDAP username to connect with. null for anonymous bind (by default). -// Or for user bind type, you can use a pattern: %s@kanboard.local +// LDAP username to use with proxy mode +// LDAP username pattern to use with user mode define('LDAP_USERNAME', null); -// LDAP password to connect with. null for anonymous bind (by default). +// LDAP password to use for proxy mode define('LDAP_PASSWORD', null); -// LDAP account base, i.e. root of all user account -// Example: ou=People,dc=example,dc=com -define('LDAP_ACCOUNT_BASE', ''); +// LDAP DN for users +// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local +// Example for OpenLDAP: ou=People,dc=example,dc=com +define('LDAP_USER_BASE_DN', ''); -// LDAP query pattern to use when searching for a user account +// LDAP pattern to use when searching for a user account // Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))' // Example for OpenLDAP: 'uid=%s' -define('LDAP_USER_PATTERN', ''); +define('LDAP_USER_FILTER', ''); -// Name of an attribute of the user account object which should be used as the full name of the user. -define('LDAP_ACCOUNT_FULLNAME', 'displayname'); - -// Name of an attribute of the user account object which should be used as the email of the user. -define('LDAP_ACCOUNT_EMAIL', 'mail'); - -// Name of an attribute of the user account object which should be used as the id of the user. +// LDAP attribute for username // Example for ActiveDirectory: 'samaccountname' // Example for OpenLDAP: 'uid' -define('LDAP_ACCOUNT_ID', 'samaccountname'); +define('LDAP_USER_ATTRIBUTE_USERNAME', 'uid'); + +// LDAP attribute for user full name +// Example for ActiveDirectory: 'displayname' +// Example for OpenLDAP: 'cn' +define('LDAP_USER_ATTRIBUTE_FULLNAME', 'cn'); -// LDAP Attribute for group membership -define('LDAP_ACCOUNT_MEMBEROF', 'memberof'); +// LDAP attribute for user email +define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail'); -// DN for administrators -// Example: CN=Kanboard Admins,CN=Users,DC=kanboard,DC=local +// LDAP attribute to find groups in user profile +define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof'); + +// Allow automatic LDAP user creation +define('LDAP_USER_CREATION', true); + +// LDAP DN for administrators +// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local define('LDAP_GROUP_ADMIN_DN', ''); -// DN for project administrators -// Example: CN=Kanboard Project Admins,CN=Users,DC=kanboard,DC=local -define('LDAP_GROUP_PROJECT_ADMIN_DN', ''); +// LDAP DN for managers +// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local +define('LDAP_GROUP_MANAGER_DN', ''); -// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive) -// Set to true if you want to preserve the case -define('LDAP_USERNAME_CASE_SENSITIVE', false); +// Enable LDAP group provider for project permissions +// The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects +define('LDAP_GROUP_PROVIDER', false); + +// LDAP Base DN for groups +define('LDAP_GROUP_BASE_DN', ''); + +// LDAP group filter +// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*)) +define('LDAP_GROUP_FILTER', ''); -// Automatically create user account -define('LDAP_ACCOUNT_CREATION', true); +// LDAP attribute for the group name +define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn'); ``` Google Authentication settings -- cgit v1.2.3 From 756e8697c04dc0d4ba053f81a99022273377be35 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sun, 6 Dec 2015 18:13:49 -0500 Subject: Add the possibility to define API token in config file --- ChangeLog | 1 + app/Api/Auth.php | 17 ++++++++++++++++- doc/config.markdown | 3 +++ 3 files changed, 20 insertions(+), 1 deletion(-) (limited to 'doc/config.markdown') diff --git a/ChangeLog b/ChangeLog index 4d0e919c..06fbe4af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,7 @@ New features: * Add new project role Viewer (Work in progress) * Add generic LDAP client library * Add search query attribute for task link +* Add the possibility to define API token in config file Version 1.0.21 -------------- diff --git a/app/Api/Auth.php b/app/Api/Auth.php index 0a911796..a9d1617c 100644 --- a/app/Api/Auth.php +++ b/app/Api/Auth.php @@ -60,6 +60,21 @@ class Auth extends Base */ private function isAppAuthenticated($username, $password) { - return $username === 'jsonrpc' && $password === $this->config->get('api_token'); + return $username === 'jsonrpc' && $password === $this->getApiToken(); + } + + /** + * Get API Token + * + * @access private + * @return string + */ + private function getApiToken() + { + if (defined('API_AUTHENTICATION_TOKEN')) { + return API_AUTHENTICATION_TOKEN; + } + + return $this->config->get('api_token'); } } diff --git a/doc/config.markdown b/doc/config.markdown index 8ae56df6..e7916454 100644 --- a/doc/config.markdown +++ b/doc/config.markdown @@ -294,4 +294,7 @@ define('API_AUTHENTICATION_HEADER', ''); // Hide login form, useful if all your users use Google/Github/ReverseProxy authentication define('HIDE_LOGIN_FORM', false); + +// Override API token stored in the database, useful for automated tests +define('API_AUTHENTICATION_TOKEN', 'My unique API Token'); ``` -- cgit v1.2.3 From 786e360d0b8a18f6810ff798824c6ae3f5583ec0 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Thu, 10 Dec 2015 20:01:52 -0500 Subject: Try to load config.php from /data if not available --- ChangeLog | 1 + app/common.php | 2 ++ doc/config.markdown | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) (limited to 'doc/config.markdown') diff --git a/ChangeLog b/ChangeLog index 3a2513ab..b94c7e31 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,7 @@ New features: * Add search query attribute for task link * Add the possibility to define API token in config file * Add capability to reopen Gitlab issues +* Try to load config.php from /data if not available Version 1.0.21 -------------- diff --git a/app/common.php b/app/common.php index fe5a7e69..91e24c65 100644 --- a/app/common.php +++ b/app/common.php @@ -16,6 +16,8 @@ if (getenv('DATABASE_URL')) { if (file_exists('config.php')) { require 'config.php'; +} elseif (file_exists('data'.DIRECTORY_SEPARATOR.'config.php')) { + require 'data'.DIRECTORY_SEPARATOR.'config.php'; } require __DIR__.'/constants.php'; diff --git a/doc/config.markdown b/doc/config.markdown index e7916454..393efbae 100644 --- a/doc/config.markdown +++ b/doc/config.markdown @@ -1,7 +1,7 @@ Config file =========== -You can customize the default settings of Kanboard by adding a file `config.php` at the project root. +You can customize the default settings of Kanboard by adding a file `config.php` at the project root or in the `data` folder. You can also rename the file `config.default.php` to `config.php` and change the desired values. Enable/Disable debug mode -- cgit v1.2.3 From e31dbe18ce4f156c7a0fcb286c60c9b2617c2f47 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sat, 30 Jan 2016 07:47:16 -0500 Subject: Load ActionProvider in unit tests --- doc/config.markdown | 28 ---------------------- .../AverageTimeSpentColumnAnalyticTest.php | 3 ++- tests/units/Base.php | 6 ++--- 3 files changed, 5 insertions(+), 32 deletions(-) (limited to 'doc/config.markdown') diff --git a/doc/config.markdown b/doc/config.markdown index 393efbae..92ff2217 100644 --- a/doc/config.markdown +++ b/doc/config.markdown @@ -174,34 +174,6 @@ define('LDAP_GROUP_FILTER', ''); define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn'); ``` -Google Authentication settings ------------------------------- - -```php -// Enable/disable Google authentication -define('GOOGLE_AUTH', false); - -// Google client id (Get this value from the Google developer console) -define('GOOGLE_CLIENT_ID', ''); - -// Google client secret key (Get this value from the Google developer console) -define('GOOGLE_CLIENT_SECRET', ''); -``` - -Github Authentication settings ------------------------------- - -```php -// Enable/disable GitHub authentication -define('GITHUB_AUTH', false); - -// GitHub client id (Copy it from your settings -> Applications -> Developer applications) -define('GITHUB_CLIENT_ID', ''); - -// GitHub client secret key (Copy it from your settings -> Applications -> Developer applications) -define('GITHUB_CLIENT_SECRET', ''); -``` - Reverse-Proxy Authentication settings ------------------------------------- diff --git a/tests/units/Analytic/AverageTimeSpentColumnAnalyticTest.php b/tests/units/Analytic/AverageTimeSpentColumnAnalyticTest.php index 75cb181d..8eb370a2 100644 --- a/tests/units/Analytic/AverageTimeSpentColumnAnalyticTest.php +++ b/tests/units/Analytic/AverageTimeSpentColumnAnalyticTest.php @@ -16,13 +16,14 @@ class AverageTimeSpentColumnAnalyticTest extends Base $taskCreationModel = new TaskCreation($this->container); $projectModel = new Project($this->container); $averageLeadCycleTimeAnalytic = new AverageTimeSpentColumnAnalytic($this->container); - $now = time(); $this->assertEquals(1, $projectModel->create(array('name' => 'test1'))); $this->assertEquals(1, $taskCreationModel->create(array('project_id' => 1, 'title' => 'test'))); $this->assertEquals(2, $taskCreationModel->create(array('project_id' => 1, 'title' => 'test'))); + $now = time(); + $this->container['db']->table(Task::TABLE)->eq('id', 1)->update(array('date_completed' => $now + 3600)); $this->container['db']->table(Task::TABLE)->eq('id', 2)->update(array('date_completed' => $now + 1800)); diff --git a/tests/units/Base.php b/tests/units/Base.php index 1eb9a9df..bfcef418 100644 --- a/tests/units/Base.php +++ b/tests/units/Base.php @@ -10,7 +10,7 @@ use SimpleLogger\Logger; use SimpleLogger\File; use Kanboard\Core\Session\FlashMessage; use Kanboard\Core\Session\SessionStorage; -use Kanboard\Core\Action\ActionManager; +use Kanboard\ServiceProvider\ActionProvider; class FakeHttpClient { @@ -105,9 +105,9 @@ abstract class Base extends PHPUnit_Framework_TestCase ->getMock(); $this->container['sessionStorage'] = new SessionStorage; - $this->container['actionManager'] = new ActionManager($this->container); + $this->container->register(new ActionProvider); - $this->container['flash'] = function($c) { + $this->container['flash'] = function ($c) { return new FlashMessage($c); }; } -- cgit v1.2.3 From 047236711e0e92a4d00d3009eb2fccf97b78a538 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sat, 13 Feb 2016 10:55:50 -0500 Subject: Update doc and default config file for new config option --- CONTRIBUTORS.md | 1 + app/constants.php | 6 +++--- config.default.php | 3 +++ doc/config.markdown | 3 +++ 4 files changed, 10 insertions(+), 3 deletions(-) (limited to 'doc/config.markdown') diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 118a837d..7cd2f446 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -28,6 +28,7 @@ Contributors: - [Daniel Raknes](https://github.com/danielraknes) - [David-Norris](https://github.com/David-Norris) - [Dmitry](https://github.com/dmkcv) +- [Djpadz](https://github.com/djpadz) - [Draza (bdpsoft)](https://github.com/bdpsoft) - [Eskiso](https://github.com/eSkiSo) - [Esteban Monge](https://github.com/EstebanMonge) diff --git a/app/constants.php b/app/constants.php index 955edeb5..011fa784 100644 --- a/app/constants.php +++ b/app/constants.php @@ -97,6 +97,9 @@ defined('ENABLE_URL_REWRITE') or define('ENABLE_URL_REWRITE', isset($_SERVER['HT // Hide login form defined('HIDE_LOGIN_FORM') or define('HIDE_LOGIN_FORM', false); +// Disabling logout (for external SSO authentication) +defined('DISABLE_LOGOUT') or define('DISABLE_LOGOUT', false); + // Bruteforce protection defined('BRUTEFORCE_CAPTCHA') or define('BRUTEFORCE_CAPTCHA', 3); defined('BRUTEFORCE_LOCKDOWN') or define('BRUTEFORCE_LOCKDOWN', 6); @@ -111,6 +114,3 @@ defined('HTTP_PROXY_HOSTNAME') or define('HTTP_PROXY_HOSTNAME', ''); defined('HTTP_PROXY_PORT') or define('HTTP_PROXY_PORT', '3128'); defined('HTTP_PROXY_USERNAME') or define('HTTP_PROXY_USERNAME', ''); defined('HTTP_PROXY_PASSWORD') or define('HTTP_PROXY_PASSWORD', ''); - -// Disabling logout (for external SSO authentication) -defined('DISABLE_LOGOUT') or define('DISABLE_LOGOUT', 0); diff --git a/config.default.php b/config.default.php index cc92daa3..52c0c143 100644 --- a/config.default.php +++ b/config.default.php @@ -166,6 +166,9 @@ define('ENABLE_URL_REWRITE', false); // Hide login form, useful if all your users use Google/Github/ReverseProxy authentication define('HIDE_LOGIN_FORM', false); +// Disabling logout (for external SSO authentication) +define('DISABLE_LOGOUT', false); + // Enable captcha after 3 authentication failure define('BRUTEFORCE_CAPTCHA', 3); diff --git a/doc/config.markdown b/doc/config.markdown index 92ff2217..150cb6dc 100644 --- a/doc/config.markdown +++ b/doc/config.markdown @@ -267,6 +267,9 @@ define('API_AUTHENTICATION_HEADER', ''); // Hide login form, useful if all your users use Google/Github/ReverseProxy authentication define('HIDE_LOGIN_FORM', false); +// Disabling logout (for external SSO authentication) +define('DISABLE_LOGOUT', false); + // Override API token stored in the database, useful for automated tests define('API_AUTHENTICATION_TOKEN', 'My unique API Token'); ``` -- cgit v1.2.3