mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 12:37:00 +01:00
Fix domain info to properly version and migrate (#909)
This commit is contained in:
Firstyear
GitHub
parent
8b84999640
commit
1d64405387
|
|
@ -456,7 +456,8 @@ pub const JSON_DOMAIN_INFO_V1: &str = r#"{
|
|||
"class": ["object", "domain_info", "system"],
|
||||
"name": ["domain_local"],
|
||||
"uuid": ["00000000-0000-0000-0000-ffffff000025"],
|
||||
"description": ["This local domain's info and metadata object."]
|
||||
"description": ["This local domain's info and metadata object."],
|
||||
"version": ["1"]
|
||||
}
|
||||
}"#;
|
||||
|
||||
|
|
|
|||
|
|
@ -1079,7 +1079,8 @@ pub const JSON_SCHEMA_CLASS_DOMAIN_INFO: &str = r#"
|
|||
"domain_name",
|
||||
"domain_display_name",
|
||||
"fernet_private_key_str",
|
||||
"es256_private_key_der"
|
||||
"es256_private_key_der",
|
||||
"version"
|
||||
],
|
||||
"uuid": [
|
||||
"00000000-0000-0000-0000-ffff00000052"
|
||||
|
|
|
|||
|
|
@ -719,7 +719,10 @@ impl<STATE> Entry<EntryInvalid, STATE> {
|
|||
});
|
||||
|
||||
if !missing_must.is_empty() {
|
||||
admin_warn!("Validation error, the following required (must) attributes are missing - {:?}", missing_must);
|
||||
admin_warn!(
|
||||
"Validation error, the following required (must) attributes are missing - {:?}",
|
||||
missing_must
|
||||
);
|
||||
return Err(SchemaError::MissingMustAttribute(missing_must));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1690,10 +1690,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
|||
let origin = (&wre.ident.origin).into();
|
||||
let label = wre.label.clone();
|
||||
|
||||
let issuer = self
|
||||
.qs_write
|
||||
.get_domain_display_name()
|
||||
.to_string();
|
||||
let issuer = self.qs_write.get_domain_display_name().to_string();
|
||||
|
||||
let (session, mfa_reg_next) =
|
||||
MfaRegSession::webauthn_new(origin, account, label, self.webauthn, issuer)?;
|
||||
|
|
@ -1802,10 +1799,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
|||
|
||||
let origin = (>e.ident.origin).into();
|
||||
|
||||
let issuer = self
|
||||
.qs_write
|
||||
.get_domain_display_name()
|
||||
.to_string();
|
||||
let issuer = self.qs_write.get_domain_display_name().to_string();
|
||||
|
||||
let (session, next) = MfaRegSession::totp_new(origin, account, issuer).map_err(|e| {
|
||||
admin_error!("Unable to start totp MfaRegSession {:?}", e);
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ impl Plugin for Domain {
|
|||
}
|
||||
|
||||
fn pre_modify(
|
||||
_qs: &QueryServerWriteTransaction,
|
||||
qs: &QueryServerWriteTransaction,
|
||||
cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
|
||||
_me: &ModifyEvent,
|
||||
) -> Result<(), OperationError> {
|
||||
|
|
@ -85,6 +85,20 @@ impl Plugin for Domain {
|
|||
if e.attribute_equality("class", &PVCLASS_DOMAIN_INFO)
|
||||
&& e.attribute_equality("uuid", &PVUUID_DOMAIN_INFO)
|
||||
{
|
||||
// We only apply this if one isn't provided.
|
||||
if !e.attribute_pres("domain_name") {
|
||||
let n = Value::new_iname(qs.get_domain_name());
|
||||
e.set_ava("domain_name", once(n));
|
||||
trace!("plugin_domain: Applying domain_name transform");
|
||||
}
|
||||
// create the domain_display_name if it's missing
|
||||
if !e.attribute_pres("domain_display_name") {
|
||||
let domain_display_name = Value::new_utf8(format!("Kanidm {}", qs.get_domain_name()));
|
||||
security_info!("plugin_domain: setting default domain_display_name to {:?}", domain_display_name);
|
||||
|
||||
e.set_ava("domain_display_name", once(domain_display_name));
|
||||
}
|
||||
|
||||
if !e.attribute_pres("fernet_private_key_str") {
|
||||
security_info!("regenerating domain token encryption key");
|
||||
let k = fernet::Fernet::generate_key();
|
||||
|
|
|
|||
|
|
@ -204,7 +204,7 @@ mod tests {
|
|||
],
|
||||
"acp_create_class": ["object", "person", "system", "domain_info"],
|
||||
"acp_create_attr": [
|
||||
"name", "class", "description", "displayname", "domain_name", "domain_display_name", "domain_uuid", "domain_ssid", "uuid", "fernet_private_key_str", "es256_private_key_der"
|
||||
"name", "class", "description", "displayname", "domain_name", "domain_display_name", "domain_uuid", "domain_ssid", "uuid", "fernet_private_key_str", "es256_private_key_der", "version"
|
||||
]
|
||||
}
|
||||
}"#;
|
||||
|
|
@ -343,7 +343,8 @@ mod tests {
|
|||
"domain_display_name": ["example.net.au"],
|
||||
"domain_ssid": ["Example_Wifi"],
|
||||
"fernet_private_key_str": ["ABCD"],
|
||||
"es256_private_key_der" : ["MTIz"]
|
||||
"es256_private_key_der" : ["MTIz"],
|
||||
"version": ["1"]
|
||||
}
|
||||
}"#,
|
||||
);
|
||||
|
|
@ -384,7 +385,8 @@ mod tests {
|
|||
"domain_display_name": ["example.net.au"],
|
||||
"domain_ssid": ["Example_Wifi"],
|
||||
"fernet_private_key_str": ["ABCD"],
|
||||
"es256_private_key_der" : ["MTIz"]
|
||||
"es256_private_key_der" : ["MTIz"],
|
||||
"version": ["1"]
|
||||
}
|
||||
}"#,
|
||||
);
|
||||
|
|
@ -415,7 +417,8 @@ mod tests {
|
|||
"domain_display_name": ["example.net.au"],
|
||||
"domain_ssid": ["Example_Wifi"],
|
||||
"fernet_private_key_str": ["ABCD"],
|
||||
"es256_private_key_der" : ["MTIz"]
|
||||
"es256_private_key_der" : ["MTIz"],
|
||||
"version": ["1"]
|
||||
}
|
||||
}"#,
|
||||
);
|
||||
|
|
|
|||
|
|
@ -1255,12 +1255,7 @@ impl<'a> SchemaWriteTransaction<'a> {
|
|||
description: String::from("System metadata object class"),
|
||||
systemmay: vec![],
|
||||
may: vec![],
|
||||
systemmust: vec![
|
||||
AttrString::from("version"),
|
||||
// Needed when we implement principalnames?
|
||||
// String::from("domain"),
|
||||
// String::from("hostname"),
|
||||
],
|
||||
systemmust: vec![AttrString::from("version")],
|
||||
must: vec![],
|
||||
},
|
||||
);
|
||||
|
|
@ -1934,9 +1929,7 @@ mod tests {
|
|||
|
||||
assert_eq!(
|
||||
e_attr_invalid_may.validate(&schema),
|
||||
Err(SchemaError::AttributeNotValidForClass(
|
||||
"zzzzz".to_string()
|
||||
))
|
||||
Err(SchemaError::AttributeNotValidForClass("zzzzz".to_string()))
|
||||
);
|
||||
|
||||
let e_attr_invalid_syn: Entry<EntryInvalid, EntryNew> = unsafe {
|
||||
|
|
|
|||
Loading…
Reference in a new issue