From 1dda14438d3b9f8d3fba53615d49eb92e6a58f21 Mon Sep 17 00:00:00 2001 From: Denis CLAVIER Date: Wed, 24 Nov 2021 16:29:28 +0100 Subject: [PATCH] Patch demo for Mattermost Desktop >= 4.7 (#80) --- Demo/config.json | 205 ++++++++++++++++++++++++++++++-------------- Demo/nginx.conf | 8 ++ LICENSE | 2 +- README.md | 4 +- oauth/authorize.php | 2 +- 5 files changed, 155 insertions(+), 66 deletions(-) diff --git a/Demo/config.json b/Demo/config.json index cee1813..9df1d7d 100644 --- a/Demo/config.json +++ b/Demo/config.json @@ -23,15 +23,16 @@ "IdleTimeout": 60, "MaximumLoginAttempts": 10, "GoroutineHealthThreshold": -1, - "GoogleDeveloperKey": "", "EnableOAuthServiceProvider": false, "EnableIncomingWebhooks": true, "EnableOutgoingWebhooks": true, "EnableCommands": true, - "EnableOnlyAdminIntegrations": true, "EnablePostUsernameOverride": false, "EnablePostIconOverride": false, + "GoogleDeveloperKey": "", "EnableLinkPreviews": false, + "EnablePermalinkPreviews": true, + "RestrictLinkPreviews": "", "EnableTesting": false, "EnableDeveloper": false, "EnableOpenTracing": false, @@ -46,6 +47,7 @@ "CorsAllowCredentials": false, "CorsDebug": false, "AllowCookiesForSubdomains": false, + "ExtendSessionLengthWithActivity": false, "SessionLengthWebInDays": 30, "SessionLengthMobileInDays": 30, "SessionLengthSSOInDays": 30, @@ -54,64 +56,59 @@ "WebsocketSecurePort": 443, "WebsocketPort": 80, "WebserverMode": "gzip", + "EnableGifPicker": false, + "GfycatAPIKey": "2_KtH_W5", + "GfycatAPISecret": "3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof", "EnableCustomEmoji": false, "EnableEmojiPicker": true, - "EnableGifPicker": false, - "GfycatApiKey": "2_KtH_W5", - "GfycatApiSecret": "3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof", - "RestrictCustomEmojiCreation": "all", - "RestrictPostDelete": "all", - "AllowEditPost": "always", "PostEditTimeLimit": -1, "TimeBetweenUserTypingUpdatesMilliseconds": 5000, "EnablePostSearch": true, + "EnableFileSearch": true, "MinimumHashtagLength": 3, "EnableUserTypingMessages": true, "EnableChannelViewedMessages": true, "EnableUserStatuses": true, "ExperimentalEnableAuthenticationTransfer": true, "ClusterLogTimeoutMilliseconds": 2000, - "CloseUnusedDirectMessages": false, "EnablePreviewFeatures": true, "EnableTutorial": true, + "EnableOnboardingFlow": true, "ExperimentalEnableDefaultChannelLeaveJoinMessages": true, "ExperimentalGroupUnreadChannels": "disabled", - "ExperimentalChannelOrganization": false, - "ExperimentalChannelSidebarOrganization": "disabled", - "ImageProxyType": "", - "ImageProxyURL": "", - "ImageProxyOptions": "", "EnableAPITeamDeletion": false, + "EnableAPIUserDeletion": false, "ExperimentalEnableHardenedMode": false, - "DisableLegacyMFA": false, "ExperimentalStrictCSRFEnforcement": false, "EnableEmailInvitations": false, "DisableBotsWhenOwnerIsDeactivated": true, "EnableBotAccountCreation": false, "EnableSVGs": true, - "EnableLatex": true + "EnableLatex": true, + "EnableAPIChannelDeletion": false, + "EnableLocalMode": false, + "LocalModeSocketLocation": "/var/tmp/mattermost_local.socket", + "EnableAWSMetering": false, + "SplitKey": "", + "FeatureFlagSyncIntervalSeconds": 30, + "DebugSplit": false, + "ThreadAutoFollow": true, + "CollapsedThreads": "disabled", + "ManagedResourcePaths": "", + "EnableReliableWebSockets": false }, "TeamSettings": { "SiteName": "Mattermost", "MaxUsersPerTeam": 50, - "EnableTeamCreation": true, "EnableUserCreation": true, "EnableOpenServer": false, "EnableUserDeactivation": false, "RestrictCreationToDomains": "", + "EnableCustomUserStatuses": true, "EnableCustomBrand": false, "CustomBrandText": "", "CustomDescriptionText": "", "RestrictDirectMessage": "any", - "RestrictTeamInvite": "all", - "RestrictPublicChannelManagement": "all", - "RestrictPrivateChannelManagement": "all", - "RestrictPublicChannelCreation": "all", - "RestrictPrivateChannelCreation": "all", - "RestrictPublicChannelDeletion": "all", - "RestrictPrivateChannelDeletion": "all", - "RestrictPrivateChannelManageMembers": "all", - "EnableXToLeaveChannelsFromLHS": false, "UserStatusAwayTimeout": 300, "MaxChannelsPerTeam": 2000, "MaxNotificationsPerChannel": 1000000, @@ -119,8 +116,6 @@ "TeammateNameDisplay": "username", "ExperimentalViewArchivedChannels": false, "ExperimentalEnableAutomaticReplies": false, - "ExperimentalHideTownSquareinLHS": false, - "ExperimentalTownSquareIsReadOnly": false, "LockTeammateNameDisplay": false, "ExperimentalPrimaryTeam": "", "ExperimentalDefaultChannels": [] @@ -140,46 +135,48 @@ "DataSourceSearchReplicas": [], "MaxIdleConns": 20, "ConnMaxLifetimeMilliseconds": 3600000, + "ConnMaxIdleTimeMilliseconds": 300000, "MaxOpenConns": 300, "Trace": false, "AtRestEncryptKey": "95ps7omhzmhusdfqh5bki5ye4xfd4hgw", - "QueryTimeout": 30 + "QueryTimeout": 30, + "DisableDatabaseSearch": false, + "ReplicaLagSettings": [] }, "LogSettings": { "EnableConsole": true, "ConsoleLevel": "DEBUG", "ConsoleJson": true, + "EnableColor": false, "EnableFile": true, "FileLevel": "INFO", "FileJson": true, "FileLocation": "", "EnableWebhookDebugging": true, - "EnableDiagnostics": true + "EnableDiagnostics": true, + "EnableSentry": true, + "AdvancedLoggingConfig": "" }, "ExperimentalAuditSettings": { - "SysLogEnabled": false, - "SysLogIP": "localhost", - "SysLogPort": 6514, - "SysLogTag": "", - "SysLogCert": "", - "SysLogInsecure": false, - "SysLogMaxQueueSize": 1000, "FileEnabled": false, "FileName": "", "FileMaxSizeMB": 100, "FileMaxAgeDays": 0, "FileMaxBackups": 0, "FileCompress": false, - "FileMaxQueueSize": 1000 + "FileMaxQueueSize": 1000, + "AdvancedLoggingConfig": "" }, "NotificationLogSettings": { "EnableConsole": true, "ConsoleLevel": "DEBUG", "ConsoleJson": true, + "EnableColor": false, "EnableFile": true, "FileLevel": "INFO", "FileJson": true, - "FileLocation": "" + "FileLocation": "", + "AdvancedLoggingConfig": "" }, "PasswordSettings": { "MinimumLength": 5, @@ -193,14 +190,18 @@ "EnableMobileUpload": true, "EnableMobileDownload": true, "MaxFileSize": 52428800, + "MaxImageResolution": 33177600, "DriverName": "local", "Directory": "/mm/mattermost-data/", "EnablePublicLink": false, + "ExtractContent": true, + "ArchiveRecursion": false, "PublicLinkSalt": "g3w9kzz9ewg1bskanhruqorygm81rp7j", "InitialFont": "nunito-bold.ttf", "AmazonS3AccessKeyId": "", "AmazonS3SecretAccessKey": "", "AmazonS3Bucket": "", + "AmazonS3PathPrefix": "", "AmazonS3Region": "", "AmazonS3Endpoint": "s3.amazonaws.com", "AmazonS3SSL": true, @@ -229,6 +230,7 @@ "SendPushNotifications": false, "PushNotificationServer": "", "PushNotificationContents": "generic", + "PushNotificationBuffer": 1000, "EnableEmailBatching": false, "EmailBatchingBufferSize": 256, "EmailBatchingInterval": 30, @@ -260,14 +262,20 @@ "ReportAProblemLink": "https://about.mattermost.com/default-report-a-problem/", "SupportEmail": "feedback@mattermost.com", "CustomTermsOfServiceEnabled": false, - "CustomTermsOfServiceReAcceptancePeriod": 365 + "CustomTermsOfServiceReAcceptancePeriod": 365, + "EnableAskCommunityLink": true }, "AnnouncementSettings": { "EnableBanner": false, "BannerText": "", "BannerColor": "#f2a93b", "BannerTextColor": "#333333", - "AllowBannerDismissal": true + "AllowBannerDismissal": true, + "AdminNoticesEnabled": true, + "UserNoticesEnabled": true, + "NoticesURL": "https://notices.mattermost.com/", + "NoticesFetchFrequency": 3600, + "NoticesSkipCache": false }, "ThemeSettings": { "EnableThemeSelection": true, @@ -280,9 +288,12 @@ "Secret": "fedcba987654321fedcba987654321", "Id": "123456789abcdef123456789abcdef", "Scope": "", - "AuthEndpoint": "http://localhost/oauth/authorize.php", + "AuthEndpoint": "http://localhost/oauth/authorize", "TokenEndpoint": "http://localhost/oauth/token.php", - "UserApiEndpoint": "http://localhost/oauth/resource.php" + "UserAPIEndpoint": "http://localhost/oauth/resource.php", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "" }, "GoogleSettings": { "Enable": false, @@ -291,7 +302,10 @@ "Scope": "profile email", "AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", "TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "UserApiEndpoint": "https://www.googleapis.com/plus/v1/people/me" + "UserAPIEndpoint": "https://www.googleapis.com/plus/v1/people/me", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "" }, "Office365Settings": { "Enable": false, @@ -300,9 +314,22 @@ "Scope": "User.Read", "AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize", "TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token", - "UserApiEndpoint": "https://graph.microsoft.com/v1.0/me", + "UserAPIEndpoint": "https://graph.microsoft.com/v1.0/me", + "DiscoveryEndpoint": "", "DirectoryId": "" }, + "OpenIdSettings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "profile openid email", + "AuthEndpoint": "", + "TokenEndpoint": "", + "UserAPIEndpoint": "", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "#145DBF" + }, "LdapSettings": { "Enable": false, "EnableSync": false, @@ -327,8 +354,11 @@ "IdAttribute": "", "PositionAttribute": "", "LoginIdAttribute": "", + "PictureAttribute": "", "SyncIntervalMinutes": 60, "SkipCertificateVerification": false, + "PublicCertificateFile": "", + "PrivateKeyFile": "", "QueryTimeout": 60, "MaxPageSize": 0, "LoginFieldName": "", @@ -340,7 +370,8 @@ "ComplianceSettings": { "Enable": false, "Directory": "./data/", - "EnableDaily": false + "EnableDaily": false, + "BatchSize": 30000 }, "LocalizationSettings": { "DefaultServerLocale": "en", @@ -351,12 +382,14 @@ "Enable": false, "EnableSyncWithLdap": false, "EnableSyncWithLdapIncludeAuth": false, + "IgnoreGuestsLdapSync": false, "Verify": true, "Encrypt": true, "SignRequest": false, - "IdpUrl": "", - "IdpDescriptorUrl": "", - "IdpMetadataUrl": "", + "IdpURL": "", + "IdpDescriptorURL": "", + "IdpMetadataURL": "", + "ServiceProviderIdentifier": "", "AssertionConsumerServiceURL": "", "SignatureAlgorithm": "RSAwithSHA1", "CanonicalAlgorithm": "Canonical1.0", @@ -382,6 +415,10 @@ "LoginButtonTextColor": "" }, "NativeAppSettings": { + "AppCustomURLSchemes": [ + "mmauth://", + "mmauthbeta://" + ], "AppDownloadLink": "https://about.mattermost.com/downloads/", "AndroidAppDownloadLink": "https://about.mattermost.com/mattermost-android-app/", "IosAppDownloadLink": "https://about.mattermost.com/mattermost-ios-app/" @@ -393,8 +430,9 @@ "NetworkInterface": "", "BindAddress": "", "AdvertiseAddress": "", - "UseIpAddress": true, - "UseExperimentalGossip": false, + "UseIPAddress": true, + "EnableGossipCompression": true, + "EnableExperimentalGossipEncryption": false, "ReadOnlyConfig": true, "GossipPort": 8074, "StreamingPort": 8075, @@ -413,13 +451,17 @@ "EnableClickToReply": false, "LinkMetadataTimeoutMilliseconds": 5000, "RestrictSystemAdmin": false, - "UseNewSAMLLibrary": false + "UseNewSAMLLibrary": false, + "CloudUserLimit": 0, + "CloudBilling": false, + "EnableSharedChannels": false, + "EnableRemoteClusterService": false }, "AnalyticsSettings": { "MaxUsersForStatistics": 2500 }, "ElasticsearchSettings": { - "ConnectionUrl": "", + "ConnectionURL": "", "Username": "elastic", "Password": "changeme", "EnableIndexing": false, @@ -441,12 +483,20 @@ "SkipTLSVerification": false, "Trace": "" }, + "BleveSettings": { + "IndexDir": "", + "EnableIndexing": false, + "EnableSearching": false, + "EnableAutocomplete": false, + "BulkIndexingTimeWindowSeconds": 3600 + }, "DataRetentionSettings": { "EnableMessageDeletion": false, "EnableFileDeletion": false, "MessageRetentionDays": 365, "FileRetentionDays": 365, - "DeletionJobStartTime": "02:00" + "DeletionJobStartTime": "02:00", + "BatchSize": 3000 }, "MessageExportSettings": { "EnableExport": false, @@ -454,11 +504,13 @@ "DailyRunTime": "01:00", "ExportFromTimestamp": 0, "BatchSize": 10000, + "DownloadExportResults": false, "GlobalRelaySettings": { "CustomerType": "A9", - "SmtpUsername": "", - "SmtpPassword": "", - "EmailAddress": "" + "SMTPUsername": "", + "SMTPPassword": "", + "EmailAddress": "", + "SMTPServerTimeout": 1800 } }, "JobSettings": { @@ -468,25 +520,42 @@ "PluginSettings": { "Enable": true, "EnableUploads": true, - "AllowInsecureDownloadUrl": false, + "AllowInsecureDownloadURL": false, "EnableHealthCheck": true, "Directory": "./plugins", "ClientDirectory": "./client/plugins", - "Plugins": {}, + "Plugins": { + "com.mattermost.plugin-incident-management": { + "BotUserID": "gawh538krt8w7mj1irqb9k65to" + }, + "playbooks": { + "BotUserID": "cak9zgjpx78x8gbab9w8iftgxc" + } + }, "PluginStates": { "com.mattermost.nps": { "Enable": true + }, + "com.mattermost.plugin-incident-management": { + "Enable": true + }, + "focalboard": { + "Enable": true + }, + "playbooks": { + "Enable": true } }, "EnableMarketplace": true, "EnableRemoteMarketplace": true, "AutomaticPrepackagedPlugins": true, "RequirePluginSignature": false, - "MarketplaceUrl": "https://api.integrations.mattermost.com", - "SignaturePublicKeyFiles": [] + "MarketplaceURL": "https://api.integrations.mattermost.com", + "SignaturePublicKeyFiles": [], + "ChimeraOAuthProxyURL": "" }, "DisplaySettings": { - "CustomUrlSchemes": [], + "CustomURLSchemes": [], "ExperimentalTimezone": false }, "GuestAccountsSettings": { @@ -500,5 +569,17 @@ "ImageProxyType": "local", "RemoteImageProxyURL": "", "RemoteImageProxyOptions": "" + }, + "CloudSettings": { + "CWSURL": "https://customers.mattermost.com", + "CWSAPIURL": "https://portal.internal.prod.cloud.mattermost.com" + }, + "ImportSettings": { + "Directory": "./import", + "RetentionDays": 30 + }, + "ExportSettings": { + "Directory": "./export", + "RetentionDays": 30 } } \ No newline at end of file diff --git a/Demo/nginx.conf b/Demo/nginx.conf index 5e38a83..05a0a31 100644 --- a/Demo/nginx.conf +++ b/Demo/nginx.conf @@ -87,6 +87,14 @@ http { proxy_pass http://mattermost; } + location /oauth/access_token { + try_files $uri /oauth/index.php; + } + + location /oauth/authorize { + try_files $uri /oauth/authorize.php$is_args$args; + } + location ~ /oauth/.*\.php$ { try_files $uri =404; fastcgi_pass php:9000; diff --git a/LICENSE b/LICENSE index 7da069b..3f9ec47 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License -Copyright (c) 2017-2020 Denis CLAVIER +Copyright (c) 2017-2021 Denis CLAVIER Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 5bd408c..b60c255 100755 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ This module provides an external LDAP authentication in Mattermost for the Team Currently, LDAP authentication in Mattermost is not featured in the Team Edition (only in the Enterprise Edition). Thus, the only way to get LDAP authentication in Mattermost is to install Gitlab and use its Single Sign On (SSO) feature. Gitlab allows LDAP authentication and transmits user data to Mattermost. So, anyone who wishes to use LDAP with Mattermost must run Gitlab, even if he does not use it, for the SSO feature. -However, although Gitlab is a nice software, it is resources-consuming and a bit complicated to manage if you just want the SSO feature. That's the reason why, this module provides an oauth server to only reproduce the Gitlab SSO feature and allows a simple and secure LDAP authentication to Mattermost. +However, although Gitlab is a nice software, it is resources-consuming and a bit complicated to manage if you just want the SSO feature. That's the reason why, this module provides an Oauth server to only reproduce the Gitlab SSO feature and allows a simple and secure LDAP authentication to Mattermost. The Mattermost-LDAP project uses the Gitlab authentication feature from Mattermost and substitute Gitlab to LDAP interaction. The main advantage of this module is to provide a light and easy to use LDAP connector for Mattermost not to need Gitlab. @@ -179,7 +179,7 @@ Keep in mind this will create a new account on your Mattermost server with infor ## Limitation -This module has been tested on Centos 7, Fedora and Ubuntu with PostgreSQL and Mattermost Community Edition version 4.1, 4.9, 5.0.1, 5.10, 5.15.1, 5.51.0 and 5.22.0. Mattermost-LDAP is compliant with Mattermost Team Edition 4.x.x and 5.x.x. +This module has been tested on Centos (7, 8, 8 stream), Fedora and Ubuntu with PostgreSQL and Mattermost Community Edition version 4.1, 4.9, 5.0.1, 5.10, 5.15.1, 5.51.0, 5.22.0, 5.36.0 and 6.0.0. Mattermost-LDAP is compliant with Mattermost Team Edition 4.x.x, 5.x.x and 6.x.x. Others operating systems has not been tested yet but should work fine. diff --git a/oauth/authorize.php b/oauth/authorize.php index 28ca1d5..5f3f021 100644 --- a/oauth/authorize.php +++ b/oauth/authorize.php @@ -30,7 +30,7 @@ if (!isset($_SESSION['uid'])) // Store the authorize request $explode_url=explode("/", strip_tags(trim($_SERVER['REQUEST_URI']))); $_SESSION['auth_page']=end($explode_url); - header('Location: index.php'); + header('Location: access_token'); exit(); }