Version 1.11.1

delete oidc config only on first run
Fix up tests
2024-06-13 12:00:02 +02:00 · 2024-06-13 11:14:20 +02:00 · 2024-06-13 10:56:00 +02:00 · 2024-06-13 10:55:52 +02:00 · 2024-06-06 14:58:20 +02:00 · 2024-06-06 15:56:06 +04:00
9 changed files with 119 additions and 50 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -100,3 +100,20 @@
 * Update traccar to 6.1
 * [Full changelog](https://www.traccar.org/blog/traccar-6-1/)
 [1.10.0]
 * Update traccar to 6.2
 * [Full changelog](https://www.traccar.org/blog/traccar-6-2/)
 * Computed attributes can now be ordered using priority
 * Support token authentication for WebSocket
 * Allow regular users to edit hours and total distance
 * Support for right-to-left languages on map
 * Terms and privacy policy option
 * Engine hours are now calculated after computed attributes
 * Default configuration file is now removed to avoid confusion and misconfiguration
 [1.11.0]
 * Migrate to OIDC login
 [1.11.1]
 * Fix bug where OIDC configuration was cleared in non-sso mode
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -5,8 +5,8 @@
  "description": "file://DESCRIPTION.md",
  "changelog": "file://CHANGELOG.md",
  "tagline": "Modern GPS Tracking Platform",
-  "version": "1.9.0",
+  "version": "1.11.1",
-  "upstreamVersion": "6.1",
+  "upstreamVersion": "6.2",
  "minBoxVersion": "7.1.0",
  "memoryLimit": 1073741824,
  "healthCheckPath": "/",
@@ -20,10 +20,10 @@
    }
  },
  "addons": {
    "ldap": {},
    "sendmail": { "supportsDisplayName": false },
    "localstorage": {},
-    "mysql": {}
+    "mysql": {},
    "oidc": { "loginRedirectUri": "/api/session/openid/callback" }
  },
  "optionalSso": true,
  "manifestVersion": 2,
--- a/2
+++ b/2
@@ -3,7 +3,7 @@ FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768
 RUN mkdir -p /app/code
 WORKDIR /app/code
-ARG VERSION=6.1
+ARG VERSION=6.2
 RUN wget https://github.com/traccar/traccar/releases/download/v${VERSION}/traccar-linux-64-${VERSION}.zip -O traccar.zip && \
    unzip traccar.zip && \
--- a/POSTINSTALL.md
+++ b/POSTINSTALL.md
@@ -4,3 +4,7 @@ This app is pre-setup with an admin account. The initial credentials are:
 **Password**: admin<br/>
 Please change the admin email and password credentials immediately.
 <sso>
 By default, Cloudron users have regular users permissions. Permissions can be updated on the user profile page in the admin back-end.
 </sso>
--- a/start.sh
+++ b/start.sh
@@ -39,6 +39,7 @@ ensure_admin_account() {
 echo "=> Ensure traccar.xml config"
 if [[ ! -f /app/data/traccar.xml ]]; then
    cp /app/pkg/traccar.xml.template /app/data/traccar.xml
    [[ -z "${CLOUDRON_OIDC_ISSUER:-}" ]] && sed -e 's/^.*openid\..*$//g' -i /app/data/traccar.xml # do this only first run
 fi
 echo "=> Ensure database settings"
@@ -52,20 +53,17 @@ xmlstarlet ed --inplace \
 # origin
 xmlstarlet ed --inplace --update '//properties/entry[@key="web.url"]' -v "${CLOUDRON_APP_ORIGIN}" /app/data/traccar.xml
-# ldap
+# OIDC
-if [[ -n "${CLOUDRON_LDAP_URL:-}" ]]; then
+if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
-    echo "=> Ensure LDAP settings"
+    echo "=> Ensure OIDC settings"
    xmlstarlet ed --inplace \
-        --update '//properties/entry[@key="ldap.enable"]' -v "true" \
+        --update '//properties/entry[@key="openid.clientId"]' -v "${CLOUDRON_OIDC_CLIENT_ID}" \
-        --update '//properties/entry[@key="ldap.url"]' -v "${CLOUDRON_LDAP_URL}" \
+        --update '//properties/entry[@key="openid.clientSecret"]' -v "${CLOUDRON_OIDC_CLIENT_SECRET}" \
-        --update '//properties/entry[@key="ldap.base"]' -v "${CLOUDRON_LDAP_USERS_BASE_DN}" \
+        --update '//properties/entry[@key="openid.issuerUrl"]' -v "${CLOUDRON_OIDC_ISSUER}" \
-        --update '//properties/entry[@key="ldap.idAttribute"]' -v "username" \
+        --update '//properties/entry[@key="openid.authUrl"]' -v "${CLOUDRON_OIDC_AUTH_ENDPOINT}" \
-        --update '//properties/entry[@key="ldap.searchFilter"]' -v '(|(username=:login)(mail=:login))' \
+        --update '//properties/entry[@key="openid.tokenUrl"]' -v "${CLOUDRON_OIDC_TOKEN_ENDPOINT}" \
-        --update '//properties/entry[@key="ldap.user"]' -v "${CLOUDRON_LDAP_BIND_DN}" \
+        --update '//properties/entry[@key="openid.userInfoUrl"]' -v "${CLOUDRON_OIDC_PROFILE_ENDPOINT}" \
        --update '//properties/entry[@key="ldap.password"]' -v "${CLOUDRON_LDAP_BIND_PASSWORD}" \
        /app/data/traccar.xml
 else
    xmlstarlet ed --inplace --update '//properties/entry[@key="ldap.enable"]' -v "false" /app/data/traccar.xml
 fi
 # email
--- a/test/package-lock.json
+++ b/test/package-lock.json
@@ -9,12 +9,12 @@
      "version": "1.0.0",
      "license": "ISC",
      "dependencies": {
-        "chromedriver": "^123.0.3"
+        "chromedriver": "^126.0.0"
      },
      "devDependencies": {
        "expect.js": "^0.3.1",
        "mocha": "^10.4.0",
-        "selenium-webdriver": "^4.19.0"
+        "selenium-webdriver": "^4.21.0"
      }
    },
    "node_modules/@testim/chrome-version": {
@@ -248,9 +248,9 @@
      }
    },
    "node_modules/chromedriver": {
-      "version": "123.0.3",
+      "version": "126.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-123.0.3.tgz",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-126.0.0.tgz",
-      "integrity": "sha512-35IeTqDLcVR0htF9nD/Lh+g24EG088WHVKXBXiFyWq+2lelnoM0B3tKTBiUEjLng0GnELI4QyQPFK7i97Fz1fQ==",
+      "integrity": "sha512-rzwKp1okI9RmFtSyIzkk9+GTlTK62ai5P3/AS2qMwl86+gw84d2S/IyLkQMm5cqieFs4dgDAuqqPu0AqQACScg==",
      "hasInstallScript": true,
      "dependencies": {
        "@testim/chrome-version": "^1.1.4",
@@ -1262,9 +1262,9 @@
      ]
    },
    "node_modules/selenium-webdriver": {
-      "version": "4.19.0",
+      "version": "4.21.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.19.0.tgz",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.21.0.tgz",
-      "integrity": "sha512-8XHW8m9V2XN2/SC1kr4bWzMtGvjmKUEZ6S0UBoDBqonhmwEIzKOLbzhanBd08HCOg1s1O0XrDWCD71NnA8Zt0g==",
+      "integrity": "sha512-WaEJHZjOWNth1QG5FEpxpREER0qptZBMonFU6GtAqdCNLJVxbtC3E7oS/I/+Q1sf1W032Wg0Ebk+m46lANOXyQ==",
      "dev": true,
      "dependencies": {
        "jszip": "^3.10.1",
@@ -1272,7 +1272,7 @@
        "ws": ">=8.16.0"
      },
      "engines": {
-        "node": ">= 14.20.0"
+        "node": ">= 14.21.0"
      }
    },
    "node_modules/serialize-javascript": {
@@ -1769,9 +1769,9 @@
      }
    },
    "chromedriver": {
-      "version": "123.0.3",
+      "version": "126.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-123.0.3.tgz",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-126.0.0.tgz",
-      "integrity": "sha512-35IeTqDLcVR0htF9nD/Lh+g24EG088WHVKXBXiFyWq+2lelnoM0B3tKTBiUEjLng0GnELI4QyQPFK7i97Fz1fQ==",
+      "integrity": "sha512-rzwKp1okI9RmFtSyIzkk9+GTlTK62ai5P3/AS2qMwl86+gw84d2S/IyLkQMm5cqieFs4dgDAuqqPu0AqQACScg==",
      "requires": {
        "@testim/chrome-version": "^1.1.4",
        "axios": "^1.6.7",
@@ -2512,9 +2512,9 @@
      "dev": true
    },
    "selenium-webdriver": {
-      "version": "4.19.0",
+      "version": "4.21.0",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.19.0.tgz",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.21.0.tgz",
-      "integrity": "sha512-8XHW8m9V2XN2/SC1kr4bWzMtGvjmKUEZ6S0UBoDBqonhmwEIzKOLbzhanBd08HCOg1s1O0XrDWCD71NnA8Zt0g==",
+      "integrity": "sha512-WaEJHZjOWNth1QG5FEpxpREER0qptZBMonFU6GtAqdCNLJVxbtC3E7oS/I/+Q1sf1W032Wg0Ebk+m46lANOXyQ==",
      "dev": true,
      "requires": {
        "jszip": "^3.10.1",
--- a/test/package.json
+++ b/test/package.json
@@ -11,9 +11,9 @@
  "devDependencies": {
    "expect.js": "^0.3.1",
    "mocha": "^10.4.0",
-    "selenium-webdriver": "^4.19.0"
+    "selenium-webdriver": "^4.21.0"
  },
  "dependencies": {
-    "chromedriver": "^123.0.3"
+    "chromedriver": "^126.0.0"
  }
 }
--- a/test/test.js
+++ b/test/test.js
@@ -16,8 +16,8 @@ const execSync = require('child_process').execSync,
    { Builder, By, Key, until } = require('selenium-webdriver'),
    { Options } = require('selenium-webdriver/chrome');
-if (!process.env.EMAIL || !process.env.PASSWORD) {
+if (!process.env.USERNAME || !process.env.EMAIL || !process.env.PASSWORD) {
-    console.log('EMAIL and PASSWORD env vars need to be set');
+    console.log('USERNAME, EMAIL and PASSWORD env vars need to be set');
    process.exit(1);
 }
@@ -25,16 +25,18 @@ describe('Application life cycle test', function () {
    this.timeout(0);
    const LOCATION = 'test';
-    const TEST_TIMEOUT = 10000;
+    const TEST_TIMEOUT = 20000;
    const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
    const DEVICE_NAME = 'FancyDevice';
    const DEVICE_IDENTIFIER = 'device1';
    const ADMIN_USERNAME = 'admin@cloudron.local';
    const ADMIN_PASSWORD = 'admin';
    const USERNAME = process.env.USERNAME;
    const EMAIL = process.env.EMAIL;
    const PASSWORD = process.env.PASSWORD;
    let browser, app;
    let athenticated_by_oidc = false;
    before(function () {
        const options = new Options().windowSize({ width: 1280, height: 1024 });
@@ -61,10 +63,35 @@ describe('Application life cycle test', function () {
    async function login(emailOrUsername, password) {
        await browser.get(`https://${app.fqdn}/login`);
        await waitForElement(By.xpath('//input[@name="email"]'));
-        await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys(Key.CONTROL + 'a');
+        await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys(Key.CONTROL + 'a' + Key.BACK_SPACE + Key.COMMAND + 'a' + Key.BACK_SPACE);
        await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys(emailOrUsername);
        await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
        await browser.findElement(By.xpath('//button[text()="Login"]')).click();
        await browser.sleep(3000);
        await waitForElement(By.xpath('//span[text()="Account"]'));
    }
    async function loginOIDC(username, password) {
        browser.manage().deleteAllCookies();
        await browser.get(`https://${app.fqdn}/login`);
        await browser.sleep(2000);
        await waitForElement(By.xpath('//button[contains(., "Login with OpenID")]'));
        await browser.findElement(By.xpath('//button[contains(., "Login with OpenID")]')).click();
        await browser.sleep(2000);
        if (!athenticated_by_oidc) {
            await waitForElement(By.xpath('//input[@name="username"]'));
            await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
            await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
            await browser.sleep(2000);
            await browser.findElement(By.xpath('//button[@type="submit" and contains(text(), "Sign in")]')).click();
            await browser.sleep(2000);
            athenticated_by_oidc = true;
        }
        await browser.sleep(3000);
        await waitForElement(By.xpath('//span[text()="Account"]'));
    }
@@ -93,7 +120,8 @@ describe('Application life cycle test', function () {
    }
    xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
-    it('install app', function () { execSync(`cloudron install --location ${LOCATION}`, EXEC_ARGS); });
+    // no sso
    it('install app (no sso)', function () { execSync(`cloudron install --no-sso --location ${LOCATION}`, EXEC_ARGS); });
    it('can get app information', getAppInfo);
    it('can login as admin', login.bind(null, ADMIN_USERNAME, ADMIN_PASSWORD));
@@ -101,10 +129,22 @@ describe('Application life cycle test', function () {
    it('device exists', deviceExists);
    it('can logout', logout);
-    it('can login as normal user with email', login.bind(null, process.env.EMAIL, process.env.PASSWORD));
+    it('uninstall app', async function () {
        // ensure we don't hit NXDOMAIN in the mean time
        await browser.get('about:blank');
        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
    });
    // sso
    it('install app (sso)', function () { execSync(`cloudron install --location ${LOCATION}`, EXEC_ARGS); });
    it('can get app information', getAppInfo);
    it('can login as admin', login.bind(null, ADMIN_USERNAME, ADMIN_PASSWORD));
    it('can add device', addDevice);
    it('device exists', deviceExists);
    it('can logout', logout);
-    it('can login as normal user with username', login.bind(null, process.env.USERNAME, process.env.PASSWORD));
+    it('can login as normal user via OIDC', loginOIDC.bind(null, process.env.USERNAME, process.env.PASSWORD));
    it('can logout', logout);
    it('can restart app', function () { execSync(`cloudron restart --app ${app.id}`); });
@@ -126,6 +166,9 @@ describe('Application life cycle test', function () {
    it('device exists', deviceExists);
    it('can logout', logout);
    it('can login as normal user via OIDC', loginOIDC.bind(null, process.env.USERNAME, process.env.PASSWORD));
    it('can logout', logout);
    it('move to different location', async function () {
        // ensure we don't hit NXDOMAIN in the mean time
        await browser.get('about:blank');
@@ -137,6 +180,9 @@ describe('Application life cycle test', function () {
    it('device exists', deviceExists);
    it('can logout', logout);
    it('can login as normal user via OIDC', loginOIDC.bind(null, process.env.USERNAME, process.env.PASSWORD));
    it('can logout', logout);
    it('uninstall app', async function () {
        // ensure we don't hit NXDOMAIN in the mean time
        await browser.get('about:blank');
@@ -144,20 +190,25 @@ describe('Application life cycle test', function () {
    });
    // test update
-    it('can install app', function () { execSync(`cloudron install --appstore-id org.traccar.cloudronapp --location ${LOCATION}`, EXEC_ARGS); });
+    it('can install app for update', function () { execSync(`cloudron install --appstore-id org.traccar.cloudronapp --location ${LOCATION}`, EXEC_ARGS); });
    it('can get app information', getAppInfo);
    it('can login', login.bind(null, ADMIN_USERNAME, ADMIN_PASSWORD));
    it('can add device', addDevice);
    it('device exists', deviceExists);
    it('can logout', logout);
    it('can login as normal user via OIDC', loginOIDC.bind(null, process.env.USERNAME, process.env.PASSWORD));
    it('can logout', logout);
    it('can update', function () { execSync(`cloudron update --app ${app.id}`, EXEC_ARGS); });
    it('can login', login.bind(null, ADMIN_USERNAME, ADMIN_PASSWORD));
    it('device exists', deviceExists);
    it('can logout', logout);
-    it('can login as normal user with username', login.bind(null, process.env.USERNAME, process.env.PASSWORD));
+    // OIDC login
    it('can login as normal user via OIDC', loginOIDC.bind(null, process.env.USERNAME, process.env.PASSWORD));
    it('can logout', logout);
    it('uninstall app', async function () {
--- a/traccar.xml.template
+++ b/traccar.xml.template
@@ -25,13 +25,12 @@
    <entry key='web.url'>##CLOUDRON_APP_ORIGIN##</entry>
-    <entry key='ldap.enable'>true</entry>
+    <entry key='openid.clientId'>##CLOUDRON_OIDC_CLIENT_ID##</entry>
-    <entry key='ldap.url'>##CLOUDRON_LDAP_URL##</entry>
+    <entry key='openid.clientSecret'>##CLOUDRON_OIDC_CLIENT_SECRET##</entry>
-    <entry key='ldap.base'>##CLOUDRON_LDAP_USERS_BASE_DN##</entry>
+    <entry key='openid.issuerUrl'>##CLOUDRON_OIDC_ISSUER##</entry>
-    <entry key='ldap.idAttribute'>username</entry>
+    <entry key='openid.authUrl'>##CLOUDRON_OIDC_AUTH_ENDPOINT##</entry>
-    <entry key='ldap.searchFilter'>username=:login</entry>
+    <entry key='openid.tokenUrl'>##CLOUDRON_OIDC_TOKEN_ENDPOINT##</entry>
-    <entry key='ldap.user'>##CLOUDRON_LDAP_BIND_DN##</entry>
+    <entry key='openid.userInfoUrl'>##CLOUDRON_OIDC_PROFILE_ENDPOINT##</entry>
    <entry key='ldap.password'>##CLOUDRON_LDAP_BIND_PASSWORD##</entry>
    <entry key='mail.smtp.host'>smtp.gmail.com</entry>
    <entry key='mail.smtp.port'>587</entry>
Author	SHA1	Message	Date
Girish Ramakrishnan	e507297c6e	Version 1.11.1	2024-06-13 12:00:02 +02:00
Girish Ramakrishnan	734dd6c167	delete oidc config only on first run	2024-06-13 11:14:20 +02:00
Girish Ramakrishnan	fc14c89b3e	Fix up tests	2024-06-13 10:56:00 +02:00
Girish Ramakrishnan	a0e893fbde	do not delete oidc config in non-sso mode	2024-06-13 10:55:52 +02:00
Girish Ramakrishnan	8a4cdc2b03	Version 1.11.0	2024-06-06 14:58:20 +02:00
Vladimir D	b6945531b8	OIDC auth implemented, tests updated	2024-06-06 15:56:06 +04:00
Girish Ramakrishnan	b5a542e2b1	Version 1.10.0	2024-06-03 11:32:29 +02:00
Girish Ramakrishnan	1565a0f774	Update test packages	2024-06-03 11:18:26 +02:00
Girish Ramakrishnan	4dbbc317a8	Update Traccar to 6.2	2024-06-03 11:04:33 +02:00