Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FIX] Create Custom OAuth services from environment variables #17377

Conversation

mrtndwrd
Copy link
Contributor

Closes #10420

This PR adds a function customOAuthServicesInit() that checks if there are environment variables set for custom OAuth services. If they are set, they get added to the settings.

Without this function, these environment variables are only parsed and added to settings after the custom OAuth service is created through the administration interface.

I currently call this function in the oAuthServicesUpdate.js file. I'm not sure if this is the best way to call a start-up function. All suggestions for improvement are more than welcome!

@CLAassistant
Copy link

CLAassistant commented Apr 21, 2020

CLA assistant check
All committers have signed the CLA.

@mrtndwrd
Copy link
Contributor Author

It seems the build-image-pr test failed due to something I didn't change. Is there anything I can do to fix this, or maybe retrigger the build?

Maarten de Waard added 2 commits April 28, 2020 14:16
@varac
Copy link

varac commented Apr 30, 2020

Dear Rocket.Chat devs, can anybody please review ? This is a very needed and useful feature.

@mrtndwrd
Copy link
Contributor Author

@engelgabriel I have the feeling this PR might have slipped through the cracks. I would really like to have it reviewed and merged, because now I'm maintaining a fork of Rocket.Chat. As can be seen in #10420 I'm also not the only one that runs into the problem that this PR solves.

Is there anything I can do to help you start or speed up the review process? Thank you!

@varac
Copy link

varac commented Aug 13, 2020

Ping

@mrtndwrd
Copy link
Contributor Author

@sampaiodiego you seemed to have an interest in #10420 (you put it on the todo list). Is there anything I can do to help speed up the review process a bit?

@sampaiodiego
Copy link
Member

thanks @mrtndwrd .. I'll ask @pierre-lehnen-rc to review it for next release 👍

@sampaiodiego sampaiodiego added this to the 3.7.0 milestone Aug 28, 2020
@sampaiodiego sampaiodiego merged commit 266f5ad into RocketChat:develop Sep 8, 2020
@mrtndwrd
Copy link
Contributor Author

mrtndwrd commented Sep 9, 2020

Thank you for merging!

@sampaiodiego sampaiodiego modified the milestones: 3.7.0, 3.6.2 Sep 17, 2020
@sampaiodiego sampaiodiego mentioned this pull request Sep 17, 2020
ear-dev pushed a commit to WideChat/Rocket.Chat that referenced this pull request Sep 21, 2020
* [FIX] Omnichannel Current Chats open status filter not working (RocketChat#18795)

* [FIX][ENTERPRISE] Omnichannel service status switching to unavailable (RocketChat#18835)

* [FIX] File upload (Avatars, Emoji, Sounds) (RocketChat#18841)

* [FIX] IE11 support livechat widget  (RocketChat#18850)

* [FIX] Admin user blank page (RocketChat#18851)

* [FIX] User can't invite or join other Omnichannel rooms (RocketChat#18852)

* [FIX] Showing alerts during setup wizard (RocketChat#18862)

* Remember users' 2FA right after registration

* Change register server to false by default

* Bump version to 3.6.1

* [FIX] invite-all-from and invite-all-to commands don't work with multibyte room names (RocketChat#18919)

* [FIX] Create Custom OAuth services from environment variables (RocketChat#17377)

* [FIX] Read receipts showing blank names and not marking messages as read (RocketChat#18918)

* [FIX] Version update check cron job (RocketChat#18916)

* [FIX] Ignore User action from user card (RocketChat#18866)

* [FIX] Deactivate users that are the last owner of a room using REST API (RocketChat#18864)

* test: add e2e tests for REST API user deactivation

* fix(app): read confirmRelinquish from HTTP request

* chore(app): remove unnecessary console.log

* [FIX] Show custom fields of invalid type (RocketChat#18794)

* Bump version to 3.6.2

* Update package-lock.json

Co-authored-by: Renato Becker <[email protected]>
Co-authored-by: Guilherme Gazzo <[email protected]>
Co-authored-by: Diego Sampaio <[email protected]>
Co-authored-by: Felipe Parreira <[email protected]>
Co-authored-by: Maarten <[email protected]>
Co-authored-by: William Reiske <[email protected]>
Co-authored-by: pierre-lehnen-rc <[email protected]>
Co-authored-by: gabriellsh <[email protected]>
Co-authored-by: Shailesh Baldaniya <[email protected]>
@sampaiodiego sampaiodiego mentioned this pull request Sep 29, 2020
ear-dev pushed a commit to WideChat/Rocket.Chat that referenced this pull request Sep 30, 2020
* [FIX] Omnichannel Current Chats open status filter not working (RocketChat#18795)

* [FIX][ENTERPRISE] Omnichannel service status switching to unavailable (RocketChat#18835)

* [FIX] File upload (Avatars, Emoji, Sounds) (RocketChat#18841)

* [FIX] IE11 support livechat widget  (RocketChat#18850)

* [FIX] Admin user blank page (RocketChat#18851)

* [FIX] User can't invite or join other Omnichannel rooms (RocketChat#18852)

* [FIX] Showing alerts during setup wizard (RocketChat#18862)

* Remember users' 2FA right after registration

* Change register server to false by default

* Bump version to 3.6.1

* [FIX] invite-all-from and invite-all-to commands don't work with multibyte room names (RocketChat#18919)

* [FIX] Create Custom OAuth services from environment variables (RocketChat#17377)

* [FIX] Read receipts showing blank names and not marking messages as read (RocketChat#18918)

* [FIX] Version update check cron job (RocketChat#18916)

* [FIX] Ignore User action from user card (RocketChat#18866)

* [FIX] Deactivate users that are the last owner of a room using REST API (RocketChat#18864)

* test: add e2e tests for REST API user deactivation

* fix(app): read confirmRelinquish from HTTP request

* chore(app): remove unnecessary console.log

* [FIX] Show custom fields of invalid type (RocketChat#18794)

* Bump version to 3.6.2

* [FIX] PDF not rendering (RocketChat#18956)

* [FIX] Errors in LDAP avatar sync preventing login (RocketChat#18948)

* [FIX] LDAP avatar upload (RocketChat#18994)

* [FIX] Federation issues (RocketChat#18978)

* fixed message sending, you should not filter the domains, specially filter by only the local origin/source

* Fixing callback registration

* Increased the rate limiting

* Obbey to settings properties (RocketChat#19020)

* Bump version to 3.6.3

* Update package-lock.json

Co-authored-by: Renato Becker <[email protected]>
Co-authored-by: Guilherme Gazzo <[email protected]>
Co-authored-by: Diego Sampaio <[email protected]>
Co-authored-by: Felipe Parreira <[email protected]>
Co-authored-by: Maarten <[email protected]>
Co-authored-by: William Reiske <[email protected]>
Co-authored-by: pierre-lehnen-rc <[email protected]>
Co-authored-by: gabriellsh <[email protected]>
Co-authored-by: Alan Sikora <[email protected]>
Co-authored-by: Shailesh Baldaniya <[email protected]>
ear-dev pushed a commit to WideChat/Rocket.Chat that referenced this pull request Oct 5, 2020
* Bump version to 3.7.0-develop

* Do not use deprecated express method (RocketChat#18686)

* Replace assets copy on postinstall with symlinks (RocketChat#18707)

* Update Meteor to 1.11 (RocketChat#18754)

* Update Meteor to 1.11

* Update Node version

* Fix livechat view creation

* LingoHub Update 🚀 (RocketChat#18761)

Manual push by LingoHub User: Diego Sampaio.
Project: Rocket.Chat

Made with ❤️ by https://lingohub.com

Co-authored-by: Diego Sampaio <[email protected]>

* Fix french translations (RocketChat#18746)

Replace [Nom du site] by [Site_Name]...

* Refactor: Omnichannel Realtime Monitoring (RocketChat#18666)

Co-authored-by: Guilherme Gazzo <[email protected]>

* [FIX] Create Custom OAuth services from environment variables (RocketChat#17377)

* Fix saveRoomSettings method complexity (RocketChat#18840)

* [FIX] e.sendToBottomIfNecessaryDebounced is not a function (RocketChat#18834)

* Log WebDav upload errors (RocketChat#18849)

* [FIX] File upload (Avatars, Emoji, Sounds) (RocketChat#18841)

* [FIX] IE11 support livechat widget  (RocketChat#18850)

* [FIX] Can't change password (RocketChat#18836)

* [FIX] Admin user blank page (RocketChat#18851)

* [FIX][ENTERPRISE] Omnichannel service status switching to unavailable (RocketChat#18835)

* [FIX] User can't invite or join other Omnichannel rooms (RocketChat#18852)

* [FIX] Omnichannel Current Chats open status filter not working (RocketChat#18795)

* [FIX] Jitsi call start updating subscriptions (RocketChat#18837)

* [FIX] Showing alerts during setup wizard (RocketChat#18862)

* Remember users' 2FA right after registration

* Change register server to false by default

* [FIX] Omnichannel Current Chats open status filter not working (RocketChat#18795)

* [FIX][ENTERPRISE] Omnichannel service status switching to unavailable (RocketChat#18835)

* [FIX] File upload (Avatars, Emoji, Sounds) (RocketChat#18841)

* [FIX] IE11 support livechat widget  (RocketChat#18850)

* [FIX] Admin user blank page (RocketChat#18851)

* [FIX] User can't invite or join other Omnichannel rooms (RocketChat#18852)

* [FIX] Showing alerts during setup wizard (RocketChat#18862)

* Remember users' 2FA right after registration

* Change register server to false by default

* Bump version to 3.6.1

* LingoHub based on develop (RocketChat#18828)

* LingoHub Update 🚀

Manual push by LingoHub User: Diego Sampaio.
Project: Rocket.Chat

Made with ❤️ by https://lingohub.com

* LingoHub Update 🚀

Manual push by LingoHub User: Diego Sampaio.
Project: Rocket.Chat

Made with ❤️ by https://lingohub.com

Co-authored-by: Diego Sampaio <[email protected]>

* [FIX] invite-all-from and invite-all-to commands don't work with multibyte room names (RocketChat#18919)

* [FIX] If there is `ufs` somewhere in url the request to api always returns 404 (RocketChat#18874)

* chore(packages): add fixed version of ufs

* test(e2e): test usernames with 'ufs'

* test(ufs-router): remove expect for header

* test: turn test callback synchronous

* test: fix async to use done

* chore(packages/meteor-jalik-ufs): add ufs package

* Revert "test: fix async to use done"

This reverts commit 6276e0b.

* Revert "test: turn test callback synchronous"

This reverts commit 2af11bb.

* Revert "test(ufs-router): remove expect for header"

This reverts commit 2c4eeb0.

* [FIX] "Save to WebDav" not working (RocketChat#18883)

* [FIX] Read receipts showing blank names and not marking messages as read (RocketChat#18918)

* [FIX] Non-upload requests being passed to UFS proxy middleware (RocketChat#18931)

* fix(ufs-proxy): correct routing pattern

* chore(ufs-proxy): add deprecation console warning

* [FIX] Version update check cron job (RocketChat#18916)

* [FIX] Ignore User action from user card (RocketChat#18866)

* [FIX] Custom fields required if minLength set and no text typed (RocketChat#18838)

* [FIX] Dutch: add translations for missing variables (RocketChat#18814)

* [FIX] French: Add missing __online__ var (RocketChat#18813)

* [FIX] Deactivate users that are the last owner of a room using REST API (RocketChat#18864)

* test: add e2e tests for REST API user deactivation

* fix(app): read confirmRelinquish from HTTP request

* chore(app): remove unnecessary console.log

* [FIX] Show custom fields of invalid type (RocketChat#18794)

* [FIX] Create Custom OAuth services from environment variables (RocketChat#17377)

* [FIX] Read receipts showing blank names and not marking messages as read (RocketChat#18918)

* [FIX] Version update check cron job (RocketChat#18916)

* [FIX] Ignore User action from user card (RocketChat#18866)

* [FIX] Deactivate users that are the last owner of a room using REST API (RocketChat#18864)

* test: add e2e tests for REST API user deactivation

* fix(app): read confirmRelinquish from HTTP request

* chore(app): remove unnecessary console.log

* [FIX] Show custom fields of invalid type (RocketChat#18794)

* Bump version to 3.6.2

* [FIX] Stop adding push messages to queue if push is disabled (RocketChat#18830)

* [NEW] "Room avatar changed" system messages (RocketChat#18839)

* [FIX] PDF not rendering (RocketChat#18956)

* [FIX] Spurious expert role in startup data (RocketChat#18667)

* [FIX] Open room after guest registration (RocketChat#18755)

* [FIX] Block user action (RocketChat#18950)

* Refactor: Omnichannel Analytics (RocketChat#18766)

* [FIX] Deactivated users show as offline (RocketChat#18767)

* [FIX] Reaction buttons not behaving properly (RocketChat#18832)

* Refactor: Message Audit page & Audit logs (RocketChat#18808)

* [FIX] "Download my data" popup showing HTML code. (RocketChat#18947)

* [IMPROVE] Move jump to message outside menu (RocketChat#18928)

* [FIX] Users not being able to activate/deactivate E2E in DMs (RocketChat#18943)

* Refactor: Admin permissions page (RocketChat#18932)

Co-authored-by: Guilherme Gazzo <[email protected]>

* [IMPROVEMENT] Add "Allow_Save_Media_to_Gallery" setting to mobile (RocketChat#18875)

* Bump lodash.merge from 4.6.1 to 4.6.2 (RocketChat#18800)

* [FIX] Errors in LDAP avatar sync preventing login (RocketChat#18948)

* [NEW][Apps] Add support for new livechat guest's and room's events (RocketChat#18946)

* Add support for new livechat's guest and room events

* Update trigger calls

* Update Apps-Engine version

Co-authored-by: Douglas Gubert <[email protected]>

* [NEW][Apps] Add a Livechat API - setCustomFields (RocketChat#18912)

* Map livechatData to customFields

* Add livechatData field to apps converter

Co-authored-by: Thassio Victor <[email protected]>
Co-authored-by: Douglas Gubert <[email protected]>

* [NEW] UploadFS respects $TMPDIR environment variable (RocketChat#17012)

* [IMPROVE] Stop re-sending push notifications rejected by the gateway (RocketChat#18608)

Co-authored-by: Diego Sampaio <[email protected]>

* [FIX] User Info: Email and name/username display (RocketChat#18976)

* Update Meteor to 1.11.1 (RocketChat#18959)

* [FIX] API call users.setStatus does not trigger status update of clients (RocketChat#18961)

* LingoHub Update 🚀 (RocketChat#18973)

Manual push by LingoHub User: Gabriel Engel.
Project: Rocket.Chat

Made with ❤️ by https://lingohub.com

Co-authored-by: Gabriel Engel <[email protected]>

* Bump marked from 0.6.3 to 0.7.0 (RocketChat#18801)

Bumps [marked](https://github.com/markedjs/marked) from 0.6.3 to 0.7.0.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Commits](markedjs/marked@v0.6.3...v0.7.0)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump Livechat widget (RocketChat#18977)

* [NEW] Option to require settings on wizard UI via ENV variables (RocketChat#18974)

Co-authored-by: Martin <[email protected]>

* [NEW] Retention policy precision defined by a cron job expression (RocketChat#18975)

Co-authored-by: Diego Sampaio <[email protected]>

* Set some queries to prefer the secondary database (RocketChat#18887)

* Check i18n file for missing variables (RocketChat#18762)

* [FIX] Scrollbar mention ticks always rendering as white (RocketChat#18979)

* [FIX] Purged threads still show as unread (RocketChat#18944)

Co-authored-by: Diego Sampaio <[email protected]>
Co-authored-by: Rodrigo Nascimento <[email protected]>

* [NEW][Apps] Add a new upload API (RocketChat#18955)

Co-authored-by: Douglas Gubert <[email protected]>

* [NEW] Send E2E encrypted messages’ content on push notifications (RocketChat#18882)

* New: Use database change streams when available (RocketChat#18892)

Co-authored-by: Diego Sampaio <[email protected]>

* Bump version to 3.7.0-rc.0

* Regression: Handle MongoDB authentication issues (RocketChat#18993)

* [FIX] LDAP avatar upload (RocketChat#18994)

* Bump version to 3.7.0-rc.1

* [FIX] Federation issues (RocketChat#18978)

* fixed message sending, you should not filter the domains, specially filter by only the local origin/source

* Fixing callback registration

* Increased the rate limiting

* Obbey to settings properties (RocketChat#19020)

* [FIX] PDF not rendering (RocketChat#18956)

* [FIX] Errors in LDAP avatar sync preventing login (RocketChat#18948)

* [FIX] LDAP avatar upload (RocketChat#18994)

* [FIX] Federation issues (RocketChat#18978)

* fixed message sending, you should not filter the domains, specially filter by only the local origin/source

* Fixing callback registration

* Increased the rate limiting

* Obbey to settings properties (RocketChat#19020)

* Bump version to 3.7.0-rc.2

* Bump version to 3.6.3

* Create VIP Sponsors.md

* Regression: Fix login screen reactivity of external login providers (RocketChat#19033)

* [NEW][Apps] Add support to the "encoding" option in http requests from Apps (RocketChat#19002)

* Allow specify the encoding of the response data

* Update Apps-Engine version

Co-authored-by: Douglas Gubert <[email protected]>
Co-authored-by: Douglas Gubert <[email protected]>

* Regression: File upload via apps not working in some scenarios (RocketChat#18995)

* [FIX] [Apps] Fix app user doesn't has permission to upload files

* Fix errorClass [Error]: Forbidden [forbidden]

In `app/file-upload/lib/FileUploadBase.js`, we configured `UploadFS.config.defaultStorePermissions`, which validates `insert(userId, doc)` etc. But the parameter userId cann't be always obtained by this validation method correctly (sometimes it's undefined). Meteor use the Meteor.userId() as its fallback option. So we can wrap the original call with `Meteor.runAsUser` to solve issue.

* Add a new validator into canAccessRoom

canAccessRoom (`app/authorization/server/functions/canAccessRoom.js`) is an essential validator for Rocket.Chat to check whether some user has permissions to access some room. In this PR, we added a new validator that allows app users to access any room on a Rocket.Chat server even if it is not a member of the room.

*  An attempt to fix Meteor code must always run within a Fiber Error

Original Error: "Error: Meteor code must always run within a Fiber. Try wrapping callbacks that you pass to non-Meteor libraries with Meteor.bindEnvironment."

* Add support for uploading files by a livecaht visitor

* Support upload files with livechat visitors

* Reduce an unnecessary DB query - Users.findOneById

* Move the "bypass" out of canAccessRoom

Adding a bypass inside canAccessRoom can potentially allow apps to do stuff we're not prepared (yet)

* Update Apps-Engine version

* Some refactoring

* Fix a rateada

Co-authored-by: Douglas Gubert <[email protected]>

* [NEW] Apps-Engine v1.18.0 (RocketChat#19047)

* Regression: Elements select & multiSelect not rendered correctly in the App Settings (RocketChat#19005)

Co-authored-by: Douglas Gubert <[email protected]>

* Bump version to 3.7.0-rc.3

* Bump version to 3.7.0-rc.4

* Bump version to 3.7.0

* Update package-lock.json

* Fix import in Omnichannel Filter

* Remove duplicate function

Co-authored-by: Diego Sampaio <[email protected]>
Co-authored-by: Tasso Evangelista <[email protected]>
Co-authored-by: Gabriel Engel <[email protected]>
Co-authored-by: lsignac <[email protected]>
Co-authored-by: gabriellsh <[email protected]>
Co-authored-by: Guilherme Gazzo <[email protected]>
Co-authored-by: Maarten <[email protected]>
Co-authored-by: pierre-lehnen-rc <[email protected]>
Co-authored-by: Guilherme Gazzo <[email protected]>
Co-authored-by: Renato Becker <[email protected]>
Co-authored-by: Felipe Parreira <[email protected]>
Co-authored-by: William Reiske <[email protected]>
Co-authored-by: Karting06 <[email protected]>
Co-authored-by: Gilles Meyer <[email protected]>
Co-authored-by: Martin Schoeler <[email protected]>
Co-authored-by: Diego Mello <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thassio Victor <[email protected]>
Co-authored-by: Douglas Gubert <[email protected]>
Co-authored-by: Shiqi Mei <[email protected]>
Co-authored-by: Dustin Skoracki <[email protected]>
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
Co-authored-by: Rodrigo Nascimento <[email protected]>
Co-authored-by: Alan Sikora <[email protected]>
Co-authored-by: Marcelo Schmidt <[email protected]>
Co-authored-by: Douglas Gubert <[email protected]>
Co-authored-by: Shailesh Baldaniya <[email protected]>
@geekgonecrazy
Copy link
Contributor

geekgonecrazy commented Nov 2, 2020

@mrtndwrd did you manage to actually use this? I'm fighting with every shell I try with rejecting environment variables with a - in them.

I'm wondering if we don't need to make this more clever and match on all underscore and transform

@mrtndwrd
Copy link
Contributor Author

mrtndwrd commented Nov 3, 2020

You're right, I can't think of a shell that will allow dashes in the environment variable name.

I can tell you that this does work if you install rocket.chat with the helm chart. You need to set the extraEnv variable to set the variables used here. I can imagine you can do something similar with Docker or Docker-compose, but I haven't tried.

The way I use it is a bit complicated, but it boils down to that this is the helm values file we use: https://open.greenhost.net/openappstack/openappstack/-/blob/master/ansible/roles/apps/templates/settings/rocketchat.yaml (templated by ansible, don't ask me why 😅)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Custom OAuth config not created even if all env vars are set
6 participants