mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

chore(deps): bump base64 from 0.13.1 to 0.21.0 (#1350)

Browse source 
* chore(deps): bump base64 from 0.13.1 to 0.21.0

Bumps [base64](https://github.com/marshallpierce/rust-base64) from 0.13.1 to 0.21.0.
- [Release notes](https://github.com/marshallpierce/rust-base64/releases)
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md)
- [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.13.1...v0.21.0)

---
updated-dependencies:
- dependency-name: base64
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* base64 fixes

* fmt fixes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
This commit is contained in:
dependabot[bot] 2023-03-06 13:57:21 +10:00 committed by GitHub
parent 30a6e100be
commit 113258d523
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 62 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Cargo.lock generated
View file

@ -2273,7 +2273,7 @@ dependencies = [
name = "kanidm_lib_crypto"
version = "0.1.0"
dependencies = [
"base64 0.13.1",
"base64 0.21.0",
"base64urlsafedata",
"hex",
"kanidm_proto",
@ -2410,7 +2410,7 @@ name = "kanidmd_lib"
version = "1.1.0-alpha.12-dev"
dependencies = [
"async-trait",
"base64 0.13.1",
"base64 0.21.0",
"base64urlsafedata",
"compact_jwt",
"concread",
@ -3426,7 +3426,7 @@ dependencies = [
name = "profiles"
version = "1.1.0-alpha.12-dev"
dependencies = [
"base64 0.13.1",
"base64 0.21.0",
"serde",
"toml",
]

2
Cargo.toml
View file

@ -40,7 +40,7 @@ repository = "https://github.com/kanidm/kanidm/"
[workspace.dependencies]
async-trait = "^0.1.62"
base32 = "^0.4.0"
base64 = "^0.13.1"
base64 = "^0.21.0"
base64urlsafedata = "0.1.3"
bytes = "^1.3.0"
clap = { version = "^3.2", features = ["derive"] }

32
libs/crypto/src/lib.rs
View file

@ -1,5 +1,8 @@
use base64::engine::GeneralPurpose;
use base64::{alphabet, Engine};
use tracing::{debug, error, warn};
use base64::engine::general_purpose;
use base64urlsafedata::Base64UrlSafeData;
use rand::Rng;
use serde::{Deserialize, Serialize};
@ -235,7 +238,7 @@ impl TryFrom<&str> for Password {
"pbkdf2_sha256" => {
let c = cost.parse::<usize>().map_err(|_| ())?;
let s: Vec<_> = salt.as_bytes().to_vec();
let h = base64::decode(hash).map_err(|_| ())?;
let h = general_purpose::STANDARD.decode(hash).map_err(|_| ())?;
if h.len() < PBKDF2_MIN_NIST_KEY_LEN {
return Err(());
}
@ -255,7 +258,10 @@ impl TryFrom<&str> for Password {
}
};
let h = base64::decode_config(nt_md4, base64::STANDARD_NO_PAD).map_err(|_| ())?;
let h = base64::engine::general_purpose::STANDARD_NO_PAD
.decode(nt_md4)
.map_err(|_| ())?;
return Ok(Password {
material: Kdf::NT_MD4(h),
});
@ -277,7 +283,9 @@ impl TryFrom<&str> for Password {
// Test 389ds formats
if let Some(ds_ssha512) = value.strip_prefix("{SSHA512}") {
let sh = base64::decode(ds_ssha512).map_err(|_| ())?;
let sh = general_purpose::STANDARD
.decode(ds_ssha512)
.map_err(|_| ())?;
let (h, s) = sh.split_at(DS_SSHA512_HASH_LEN);
if s.len() != DS_SSHA512_SALT_LEN {
return Err(());
@ -309,16 +317,18 @@ impl TryFrom<&str> for Password {
let c = cost.parse::<usize>().map_err(|_| ())?;
let s = ab64_to_b64!(salt);
let s = base64::decode_config(s, base64::STANDARD.decode_allow_trailing_bits(true))
.map_err(|e| {
error!(?e, "Invalid base64 in oldap pbkdf2-sha1");
})?;
let base64_decoder_config = general_purpose::GeneralPurposeConfig::new()
.with_decode_allow_trailing_bits(true);
let base64_decoder =
GeneralPurpose::new(&alphabet::STANDARD, base64_decoder_config);
let s = base64_decoder.decode(s).map_err(|e| {
error!(?e, "Invalid base64 in oldap pbkdf2-sha1");
})?;
let h = ab64_to_b64!(hash);
let h = base64::decode_config(h, base64::STANDARD.decode_allow_trailing_bits(true))
.map_err(|e| {
error!(?e, "Invalid base64 in oldap pbkdf2-sha1");
})?;
let h = base64_decoder.decode(h).map_err(|e| {
error!(?e, "Invalid base64 in oldap pbkdf2-sha1");
})?;
// This is just sha1 in a trenchcoat.
if value.strip_prefix("{PBKDF2}").is_some()

4
libs/profiles/build.rs
View file

@ -1,6 +1,8 @@
use std::path::PathBuf;
use std::{env, fs};
use base64::{engine::general_purpose, Engine as _};
fn main() {
println!("cargo:rerun-if-env-changed=KANIDM_BUILD_PROFILE");
@ -13,7 +15,7 @@ fn main() {
let data =
fs::read(&profile_path).unwrap_or_else(|_| panic!("Failed to read {:?}", profile_path));
let contents = base64::encode(data);
let contents = general_purpose::STANDARD.encode(data);
println!("cargo:rerun-if-changed={}", profile_path.to_str().unwrap());

4
libs/profiles/src/lib.rs
View file

@ -1,5 +1,6 @@
use std::env;
use base64::{engine::general_purpose, Engine as _};
use serde::Deserialize;
#[derive(Debug, Deserialize)]
@ -52,7 +53,8 @@ pub fn apply_profile() {
let profile = env!("KANIDM_BUILD_PROFILE");
let contents = env!("KANIDM_BUILD_PROFILE_TOML");
let data = base64::decode(contents)
let data = general_purpose::STANDARD
.decode(contents)
.unwrap_or_else(|_| panic!("Failed to parse profile - {} - {}", profile, contents));
let profile_cfg: ProfileConfig = toml::from_slice(&data)

5
server/lib/src/be/dbvalue.rs
View file

@ -660,6 +660,7 @@ impl DbValueSetV2 {
#[cfg(test)]
mod tests {
use base64::{engine::general_purpose, Engine as _};
use serde::{Deserialize, Serialize};
use uuid::Uuid;
@ -707,10 +708,10 @@ mod tests {
uuid: Uuid::new_v4(),
};
let data = serde_cbor::to_vec(&dbcred).unwrap();
let s = base64::encode(data);
let s = general_purpose::STANDARD.encode(data);
*/
let s = "o2hwYXNzd29yZKFmUEJLREYygwCBAIEAZmNsYWltc4BkdXVpZFAjkHFm4q5M86UcNRi4hBjN";
let data = base64::decode(s).unwrap();
let data = general_purpose::STANDARD.decode(s).unwrap();
let dbcred: DbCredV1 = serde_cbor::from_slice(data.as_slice()).unwrap();
// Test converting to the new enum format

37
server/lib/src/idm/oauth2.rs
View file

@ -10,6 +10,8 @@ use std::fmt;
use std::sync::Arc;
use std::time::Duration;
use base64::{engine::general_purpose, Engine as _};
use base64urlsafedata::Base64UrlSafeData;
pub use compact_jwt::{JwkKeySet, OidcToken};
use compact_jwt::{JwsSigner, OidcClaims, OidcSubject};
@ -1545,7 +1547,8 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
fn parse_basic_authz(client_authz: &str) -> Result<(String, String), Oauth2Error> {
// Check the client_authz
let authz = base64::decode(client_authz)
let authz = general_purpose::STANDARD
.decode(client_authz)
.map_err(|_| {
admin_error!("Basic authz invalid base64");
Oauth2Error::AuthenticationRequired
@ -1616,6 +1619,7 @@ fn extra_claims_for_account(
#[cfg(test)]
mod tests {
use base64::{engine::general_purpose, Engine as _};
use std::convert::TryFrom;
use std::str::FromStr;
use std::time::Duration;
@ -2181,7 +2185,8 @@ mod tests {
);
// * doesn't have :
let client_authz = Some(base64::encode(format!("test_resource_server {secret}")));
let client_authz =
Some(general_purpose::STANDARD.encode(format!("test_resource_server {secret}")));
assert!(
idms_prox_read
.check_oauth2_token_exchange(client_authz.as_deref(), &token_req, ct)
@ -2190,7 +2195,8 @@ mod tests {
);
// * invalid client_id
let client_authz = Some(base64::encode(format!("NOT A REAL SERVER:{secret}")));
let client_authz =
Some(general_purpose::STANDARD.encode(format!("NOT A REAL SERVER:{secret}")));
assert!(
idms_prox_read
.check_oauth2_token_exchange(client_authz.as_deref(), &token_req, ct)
@ -2199,7 +2205,7 @@ mod tests {
);
// * valid client_id, but invalid secret
let client_authz = Some(base64::encode("test_resource_server:12345"));
let client_authz = Some(general_purpose::STANDARD.encode("test_resource_server:12345"));
assert!(
idms_prox_read
.check_oauth2_token_exchange(client_authz.as_deref(), &token_req, ct)
@ -2208,7 +2214,8 @@ mod tests {
);
// ✅ Now the valid client_authz is in place.
let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
let client_authz =
Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
// * expired exchange code (took too long)
assert!(
idms_prox_read
@ -2291,7 +2298,8 @@ mod tests {
let ct = Duration::from_secs(TEST_CURRENT_TIME);
let (secret, uat, ident, _) =
setup_oauth2_resource_server(idms, ct, true, false, false).await;
let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
let client_authz =
Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
let mut idms_prox_read = idms.proxy_read().await;
@ -2395,7 +2403,8 @@ mod tests {
let ct = Duration::from_secs(TEST_CURRENT_TIME);
let (secret, uat, ident, _) =
setup_oauth2_resource_server(idms, ct, true, false, false).await;
let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
let client_authz =
Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
let mut idms_prox_read = idms.proxy_read().await;
@ -2473,7 +2482,7 @@ mod tests {
// First, the revoke needs basic auth. Provide incorrect auth, and we fail.
let mut idms_prox_write = idms.proxy_write(ct).await;
let bad_client_authz = Some(base64::encode("test_resource_server:12345"));
let bad_client_authz = Some(general_purpose::STANDARD.encode("test_resource_server:12345"));
let revoke_request = TokenRevokeRequest {
token: oauth2_token.access_token.clone(),
token_type_hint: None,
@ -2557,7 +2566,8 @@ mod tests {
let ct = Duration::from_secs(TEST_CURRENT_TIME);
let (secret, uat, ident, _) =
setup_oauth2_resource_server(idms, ct, true, false, false).await;
let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
let client_authz =
Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
let mut idms_prox_read = idms.proxy_read().await;
@ -2892,7 +2902,8 @@ mod tests {
let ct = Duration::from_secs(TEST_CURRENT_TIME);
let (secret, uat, ident, _) =
setup_oauth2_resource_server(idms, ct, true, false, false).await;
let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
let client_authz =
Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
let mut idms_prox_read = idms.proxy_read().await;
@ -3024,7 +3035,8 @@ mod tests {
let ct = Duration::from_secs(TEST_CURRENT_TIME);
let (secret, uat, ident, _) =
setup_oauth2_resource_server(idms, ct, true, false, true).await;
let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
let client_authz =
Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
let mut idms_prox_read = idms.proxy_read().await;
@ -3117,7 +3129,8 @@ mod tests {
let ct = Duration::from_secs(TEST_CURRENT_TIME);
let (secret, uat, ident, _) =
setup_oauth2_resource_server(idms, ct, true, false, true).await;
let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
let client_authz =
Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
let mut idms_prox_read = idms.proxy_read().await;

4
server/lib/src/value.rs
View file

@ -11,6 +11,8 @@ use std::fmt;
use std::str::FromStr;
use std::time::Duration;
#[cfg(test)]
use base64::{engine::general_purpose, Engine as _};
use compact_jwt::JwsSigner;
use hashbrown::HashSet;
use kanidm_proto::v1::ApiTokenPurpose;
@ -1290,7 +1292,7 @@ impl Value {
#[cfg(test)]
pub fn new_privatebinary_base64(der: &str) -> Self {
let der = base64::decode(der).unwrap();
let der = general_purpose::STANDARD.decode(der).unwrap();
Value::PrivateBinary(der)
}