mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 12:37:00 +01:00
Firstyear
GitHub
parent
c670069db1
commit
33f0034b80
|
|
@ -7,19 +7,14 @@ use serde::{Deserialize, Serialize};
|
|||
|
||||
/// This is used in user-facing CLIs to set the formatting for output,
|
||||
/// and defaults to text.
|
||||
#[derive(Debug, Serialize, Deserialize, Clone, Copy, PartialEq, Eq)]
|
||||
#[derive(Debug, Serialize, Deserialize, Clone, Copy, PartialEq, Eq, Default)]
|
||||
#[serde(rename_all = "lowercase")]
|
||||
pub enum ConsoleOutputMode {
|
||||
#[default]
|
||||
Text,
|
||||
JSON,
|
||||
}
|
||||
|
||||
impl Default for ConsoleOutputMode {
|
||||
fn default() -> Self {
|
||||
ConsoleOutputMode::Text
|
||||
}
|
||||
}
|
||||
|
||||
impl FromStr for ConsoleOutputMode {
|
||||
type Err = &'static str;
|
||||
|
||||
|
|
|
|||
|
|
@ -75,19 +75,14 @@ impl ServerConfig {
|
|||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize, Clone, Copy)]
|
||||
#[derive(Debug, Serialize, Deserialize, Clone, Copy, Default)]
|
||||
pub enum ServerRole {
|
||||
#[default]
|
||||
WriteReplica,
|
||||
WriteReplicaNoUI,
|
||||
ReadOnlyReplica,
|
||||
}
|
||||
|
||||
impl Default for ServerRole {
|
||||
fn default() -> Self {
|
||||
ServerRole::WriteReplica
|
||||
}
|
||||
}
|
||||
|
||||
impl ToString for ServerRole {
|
||||
fn to_string(&self) -> String {
|
||||
match self {
|
||||
|
|
|
|||
|
|
@ -294,12 +294,10 @@ async fn index_view(req: tide::Request<AppState>) -> tide::Result {
|
|||
pub fn generate_integrity_hash(filename: String) -> Result<String, String> {
|
||||
let wasm_filepath = PathBuf::from(filename);
|
||||
match wasm_filepath.exists() {
|
||||
false => {
|
||||
return Err(format!(
|
||||
"Can't find {:?} to generate file hash",
|
||||
&wasm_filepath
|
||||
));
|
||||
}
|
||||
false => Err(format!(
|
||||
"Can't find {:?} to generate file hash",
|
||||
&wasm_filepath
|
||||
)),
|
||||
true => {
|
||||
let filecontents = match std::fs::read(&wasm_filepath) {
|
||||
Ok(value) => value,
|
||||
|
|
|
|||
|
|
@ -77,7 +77,6 @@ pub fn scaling_user_create_batched(c: &mut Criterion) {
|
|||
println!("iters, size -> {iters:?}, {size:?}");
|
||||
|
||||
let data: Vec<_> = (0..size)
|
||||
.into_iter()
|
||||
.map(|i| {
|
||||
let name = format!("testperson_{i}");
|
||||
entry_init!(
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
#![allow(clippy::expect_used)]
|
||||
|
||||
use crate::constants::uuids::*;
|
||||
///! Constant Entries for the IDM
|
||||
use crate::constants::values::*;
|
||||
|
|
@ -18,7 +20,8 @@ lazy_static! {
|
|||
("acp_receiver_group", Value::Refer(UUID_SYSTEM_ADMINS)),
|
||||
(
|
||||
"acp_targetscope",
|
||||
Value::new_json_filter_s("{\"eq\": [\"class\", \"recycled\"]}").unwrap()
|
||||
Value::new_json_filter_s("{\"eq\": [\"class\", \"recycled\"]}")
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
|
|
@ -41,7 +44,8 @@ lazy_static! {
|
|||
("acp_receiver_group", Value::Refer(UUID_SYSTEM_ADMINS)),
|
||||
(
|
||||
"acp_targetscope",
|
||||
Value::new_json_filter_s("{\"eq\":[\"class\",\"recycled\"]}").unwrap()
|
||||
Value::new_json_filter_s("{\"eq\":[\"class\",\"recycled\"]}")
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("class")),
|
||||
("acp_modify_class", Value::new_iutf8("recycled"))
|
||||
|
|
@ -64,7 +68,7 @@ lazy_static! {
|
|||
("acp_receiver_group", Value::Refer(UUID_IDM_ALL_ACCOUNTS)),
|
||||
(
|
||||
"acp_targetscope",
|
||||
Value::new_json_filter_s("\"self\"").unwrap()
|
||||
Value::new_json_filter_s("\"self\"").expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
("acp_search_attr", Value::new_iutf8("spn")),
|
||||
|
|
@ -108,7 +112,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"class\",\"account\"]}, \"self\"]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||
|
|
@ -152,7 +157,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"class\",\"account\"]}, \"self\"]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("mail")),
|
||||
("acp_modify_presentattr", Value::new_iutf8("mail"))
|
||||
|
|
@ -178,7 +184,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"pres\": \"class\"}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
("acp_search_attr", Value::new_iutf8("spn")),
|
||||
|
|
@ -212,7 +219,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
("acp_search_attr", Value::new_iutf8("displayname")),
|
||||
|
|
@ -240,7 +248,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||
|
|
@ -274,7 +283,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"class\",\"person\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_create_attr", Value::new_iutf8("class")),
|
||||
("acp_create_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -316,7 +326,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("password_import")),
|
||||
("acp_modify_presentattr", Value::new_iutf8("password_import"))
|
||||
|
|
@ -342,7 +353,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||
|
|
@ -376,7 +388,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
("acp_search_attr", Value::new_iutf8("displayname")),
|
||||
|
|
@ -410,8 +423,8 @@ lazy_static! {
|
|||
),
|
||||
(
|
||||
"acp_targetscope",
|
||||
#[allow(clippy::expect_used)]
|
||||
Value::new_json_filter_s("{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}").expect("filter")
|
||||
Value::new_json_filter_s("{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}")
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("mail"))
|
||||
);
|
||||
|
|
@ -436,7 +449,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"person\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||
|
|
@ -468,7 +482,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||
|
|
@ -505,7 +520,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
("acp_search_attr", Value::new_iutf8("uuid")),
|
||||
|
|
@ -541,7 +557,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -581,7 +598,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||
|
|
@ -628,7 +646,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_create_attr", Value::new_iutf8("class")),
|
||||
("acp_create_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -670,7 +689,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("radius_secret"))
|
||||
);
|
||||
|
|
@ -695,7 +715,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("radius_secret")),
|
||||
("acp_modify_presentattr", Value::new_iutf8("radius_secret"))
|
||||
|
|
@ -722,7 +743,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"pres\": \"class\"}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
("acp_search_attr", Value::new_iutf8("spn")),
|
||||
|
|
@ -750,7 +772,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -788,7 +811,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_modify_removedattr", Value::new_iutf8("name")),
|
||||
("acp_modify_removedattr", Value::new_iutf8("displayname")),
|
||||
|
|
@ -833,7 +857,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
("acp_search_attr", Value::new_iutf8("uuid")),
|
||||
|
|
@ -871,7 +896,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"attributetype\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("description")),
|
||||
|
|
@ -930,7 +956,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"access_control_profile\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -1020,7 +1047,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"classtype\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("classname")),
|
||||
|
|
@ -1071,7 +1099,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_create_attr", Value::new_iutf8("class")),
|
||||
("acp_create_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -1102,7 +1131,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_create_attr", Value::new_iutf8("class")),
|
||||
("acp_create_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -1140,7 +1170,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_create_attr", Value::new_iutf8("class")),
|
||||
("acp_create_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -1171,7 +1202,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"uuid\",\"00000000-0000-0000-0000-ffffff000025\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
("acp_search_attr", Value::new_iutf8("uuid")),
|
||||
|
|
@ -1215,7 +1247,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"uuid\",\"00000000-0000-0000-0000-ffffff000027\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
("acp_search_attr", Value::new_iutf8("uuid")),
|
||||
|
|
@ -1246,7 +1279,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -1287,7 +1321,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -1323,7 +1358,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -1364,7 +1400,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"group\"]}, {\"eq\": [\"memberof\",\"00000000-0000-0000-0000-000000001000\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -1402,7 +1439,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"oauth2_resource_server\"]},{\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("description")),
|
||||
|
|
@ -1486,7 +1524,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
|
|
@ -1520,7 +1559,8 @@ lazy_static! {
|
|||
"acp_targetscope",
|
||||
Value::new_json_filter_s(
|
||||
"{\"and\": [{\"eq\": [\"class\",\"sync_account\"]},{\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}"
|
||||
).unwrap()
|
||||
)
|
||||
.expect("Invalid JSON filter")
|
||||
),
|
||||
("acp_search_attr", Value::new_iutf8("class")),
|
||||
("acp_search_attr", Value::new_iutf8("name")),
|
||||
|
|
|
|||
|
|
@ -369,7 +369,7 @@ impl TryFrom<DbCred> for Credential {
|
|||
}
|
||||
|
||||
impl Credential {
|
||||
pub fn try_from_repl_v1(rc: &ReplCredV1) -> Result<(String, Self), ()> {
|
||||
pub fn try_from_repl_v1(rc: &ReplCredV1) -> Result<(String, Self), OperationError> {
|
||||
match rc {
|
||||
ReplCredV1::TmpWn { tag, set } => {
|
||||
let m_uuid: Option<Uuid> = set.get(0).map(|v| v.uuid);
|
||||
|
|
@ -382,7 +382,7 @@ impl Credential {
|
|||
|
||||
match (m_uuid, type_.is_valid()) {
|
||||
(Some(uuid), true) => Ok((tag.clone(), Credential { type_, uuid })),
|
||||
_ => Err(()),
|
||||
_ => Err(OperationError::InvalidValueState),
|
||||
}
|
||||
}
|
||||
ReplCredV1::Password {
|
||||
|
|
@ -390,12 +390,13 @@ impl Credential {
|
|||
password,
|
||||
uuid,
|
||||
} => {
|
||||
let v_password = Password::try_from(password)?;
|
||||
let v_password =
|
||||
Password::try_from(password).map_err(|()| OperationError::InvalidValueState)?;
|
||||
let type_ = CredentialType::Password(v_password);
|
||||
if type_.is_valid() {
|
||||
Ok((tag.clone(), Credential { type_, uuid: *uuid }))
|
||||
} else {
|
||||
Err(())
|
||||
Err(OperationError::InvalidValueState)
|
||||
}
|
||||
}
|
||||
ReplCredV1::GenPassword {
|
||||
|
|
@ -403,12 +404,13 @@ impl Credential {
|
|||
password,
|
||||
uuid,
|
||||
} => {
|
||||
let v_password = Password::try_from(password)?;
|
||||
let v_password =
|
||||
Password::try_from(password).map_err(|()| OperationError::InvalidValueState)?;
|
||||
let type_ = CredentialType::GeneratedPassword(v_password);
|
||||
if type_.is_valid() {
|
||||
Ok((tag.clone(), Credential { type_, uuid: *uuid }))
|
||||
} else {
|
||||
Err(())
|
||||
Err(OperationError::InvalidValueState)
|
||||
}
|
||||
}
|
||||
ReplCredV1::PasswordMfa {
|
||||
|
|
@ -419,15 +421,20 @@ impl Credential {
|
|||
webauthn,
|
||||
uuid,
|
||||
} => {
|
||||
let v_password = Password::try_from(password)?;
|
||||
let v_password =
|
||||
Password::try_from(password).map_err(|()| OperationError::InvalidValueState)?;
|
||||
|
||||
let v_totp = totp
|
||||
.iter()
|
||||
.map(|(l, dbt)| Totp::try_from(dbt).map(|t| (l.clone(), t)))
|
||||
.collect::<Result<Map<_, _>, _>>()?;
|
||||
.collect::<Result<Map<_, _>, _>>()
|
||||
.map_err(|()| OperationError::InvalidValueState)?;
|
||||
|
||||
let v_backup_code = match backup_code {
|
||||
Some(rbc) => Some(BackupCodes::try_from(rbc)?),
|
||||
Some(rbc) => Some(
|
||||
BackupCodes::try_from(rbc)
|
||||
.map_err(|()| OperationError::InvalidValueState)?,
|
||||
),
|
||||
None => None,
|
||||
};
|
||||
|
||||
|
|
@ -442,7 +449,7 @@ impl Credential {
|
|||
if type_.is_valid() {
|
||||
Ok((tag.clone(), Credential { type_, uuid: *uuid }))
|
||||
} else {
|
||||
Err(())
|
||||
Err(OperationError::InvalidValueState)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -279,13 +279,13 @@ impl Filter<FilterValid> {
|
|||
}
|
||||
}
|
||||
|
||||
pub fn resolve<'a>(
|
||||
pub fn resolve(
|
||||
&self,
|
||||
ev: &Identity,
|
||||
idxmeta: Option<&IdxMeta>,
|
||||
mut rsv_cache: Option<
|
||||
&mut ARCacheReadTxn<
|
||||
'a,
|
||||
'_,
|
||||
(IdentityId, Filter<FilterValid>),
|
||||
Filter<FilterValidResolved>,
|
||||
(),
|
||||
|
|
@ -1493,19 +1493,19 @@ mod tests {
|
|||
let f_t1b = filter!(f_pres("userid"));
|
||||
let f_t1c = filter!(f_pres("zzzz"));
|
||||
|
||||
assert_eq!(f_t1a == f_t1b, true);
|
||||
assert_eq!(f_t1a == f_t1c, false);
|
||||
assert_eq!(f_t1b == f_t1c, false);
|
||||
assert!(f_t1a == f_t1b);
|
||||
assert!(f_t1a != f_t1c);
|
||||
assert!(f_t1b != f_t1c);
|
||||
|
||||
let f_t2a = filter!(f_and!([f_pres("userid")]));
|
||||
let f_t2b = filter!(f_and!([f_pres("userid")]));
|
||||
let f_t2c = filter!(f_and!([f_pres("zzzz")]));
|
||||
assert_eq!(f_t2a == f_t2b, true);
|
||||
assert_eq!(f_t2a == f_t2c, false);
|
||||
assert_eq!(f_t2b == f_t2c, false);
|
||||
assert!(f_t2a == f_t2b);
|
||||
assert!(f_t2a != f_t2c);
|
||||
assert!(f_t2b != f_t2c);
|
||||
|
||||
assert_eq!(f_t2c == f_t1a, false);
|
||||
assert_eq!(f_t2c == f_t1c, false);
|
||||
assert!(f_t2c != f_t1a);
|
||||
assert!(f_t2c != f_t1c);
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
|
@ -1547,15 +1547,15 @@ mod tests {
|
|||
let f_t1b = f_t1a.clone();
|
||||
let f_t1c = unsafe { filter_resolved!(f_pres("zzzz")) };
|
||||
|
||||
assert_eq!(f_t1a == f_t1b, true);
|
||||
assert_eq!(f_t1a == f_t1c, false);
|
||||
assert!(f_t1a == f_t1b);
|
||||
assert!(f_t1a != f_t1c);
|
||||
|
||||
let f_t2a = unsafe { filter_resolved!(f_and!([f_pres("userid")])) };
|
||||
let f_t2b = f_t2a.clone();
|
||||
let f_t2c = unsafe { filter_resolved!(f_and!([f_pres("zzzz")])) };
|
||||
|
||||
assert_eq!(f_t2a == f_t2b, true);
|
||||
assert_eq!(f_t2a == f_t2c, false);
|
||||
assert!(f_t2a == f_t2b);
|
||||
assert!(f_t2a != f_t2c);
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
|
|
|||
|
|
@ -891,7 +891,7 @@ impl AuthSession {
|
|||
issue,
|
||||
intent: AuthIntent::Reauth {
|
||||
session_id,
|
||||
session_expiry: session.expiry.clone(),
|
||||
session_expiry: session.expiry,
|
||||
},
|
||||
};
|
||||
|
||||
|
|
@ -1016,7 +1016,7 @@ impl AuthSession {
|
|||
) {
|
||||
CredState::Success { auth_type, cred_id } => {
|
||||
// Issue the uat based on a set of factors.
|
||||
let uat = self.issue_uat(auth_type, time, async_tx, cred_id)?;
|
||||
let uat = self.issue_uat(&auth_type, time, async_tx, cred_id)?;
|
||||
let jwt = Jws::new(uat);
|
||||
|
||||
// Now encrypt and prepare the token for return to the client.
|
||||
|
|
@ -1072,7 +1072,7 @@ impl AuthSession {
|
|||
|
||||
fn issue_uat(
|
||||
&mut self,
|
||||
auth_type: AuthType,
|
||||
auth_type: &AuthType,
|
||||
time: Duration,
|
||||
async_tx: &Sender<DelayedAction>,
|
||||
cred_id: Uuid,
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ impl LdapServer {
|
|||
.or_else(|| {
|
||||
domain_entry
|
||||
.get_ava_single_iname("domain_name")
|
||||
.map(|domain_name| ldap_domain_to_dc(domain_name))
|
||||
.map(ldap_domain_to_dc)
|
||||
})
|
||||
.ok_or(OperationError::InvalidEntryState)?;
|
||||
|
||||
|
|
|
|||
|
|
@ -596,15 +596,15 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
|||
code_verifier,
|
||||
} => self.check_oauth2_token_exchange_authorization_code(
|
||||
o2rs,
|
||||
&code,
|
||||
&redirect_uri,
|
||||
code,
|
||||
redirect_uri,
|
||||
code_verifier.as_deref(),
|
||||
ct,
|
||||
),
|
||||
GrantTypeReq::RefreshToken {
|
||||
refresh_token,
|
||||
scope,
|
||||
} => self.check_oauth2_token_refresh(o2rs, &refresh_token, scope.as_ref(), ct),
|
||||
} => self.check_oauth2_token_refresh(o2rs, refresh_token, scope.as_ref(), ct),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -730,7 +730,6 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
|||
if let Some(code_challenge) = code_xchg.code_challenge {
|
||||
// Validate the code_verifier
|
||||
let code_verifier = token_req_code_verifier
|
||||
.as_deref()
|
||||
.ok_or_else(|| {
|
||||
security_info!("PKCE code verification failed - code challenge is present, but no verifier was provided");
|
||||
Oauth2Error::InvalidRequest
|
||||
|
|
@ -804,7 +803,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
|||
// Validate the refresh token decrypts and it's expiry is within the valid window.
|
||||
let token: Oauth2TokenType = o2rs
|
||||
.token_fernet
|
||||
.decrypt(&refresh_token)
|
||||
.decrypt(refresh_token)
|
||||
.map_err(|_| {
|
||||
admin_error!("Failed to decrypt refresh token request");
|
||||
Oauth2Error::InvalidRequest
|
||||
|
|
@ -951,7 +950,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
|||
|
||||
let expiry = odt_ct + Duration::from_secs(OAUTH2_ACCESS_TOKEN_EXPIRY as u64);
|
||||
let expires_in = OAUTH2_ACCESS_TOKEN_EXPIRY;
|
||||
let refresh_expiry = odt_ct + Duration::from_secs(OAUTH_REFRESH_TOKEN_EXPIRY as u64);
|
||||
let refresh_expiry = odt_ct + Duration::from_secs(OAUTH_REFRESH_TOKEN_EXPIRY);
|
||||
|
||||
let scope = if scopes.is_empty() {
|
||||
None
|
||||
|
|
@ -1053,7 +1052,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
|
|||
.encrypt_at_time(&access_token_data, ct.as_secs());
|
||||
|
||||
let refresh_token_raw = Oauth2TokenType::Refresh {
|
||||
scopes: scopes,
|
||||
scopes,
|
||||
parent_session_id,
|
||||
session_id,
|
||||
expiry: refresh_expiry,
|
||||
|
|
@ -1877,7 +1876,7 @@ fn str_join(set: &BTreeSet<String>) -> String {
|
|||
let alloc_len = set.iter().fold(0, |acc, s| acc + s.len() + 1);
|
||||
let mut buf = String::with_capacity(alloc_len);
|
||||
set.iter().for_each(|s| {
|
||||
buf.push_str(&s);
|
||||
buf.push_str(s);
|
||||
buf.push(' ');
|
||||
});
|
||||
|
||||
|
|
@ -3250,7 +3249,7 @@ mod tests {
|
|||
assert!(oidc.nonce == Some("abcdef".to_string()));
|
||||
assert!(oidc.at_hash.is_none());
|
||||
assert!(oidc.acr.is_none());
|
||||
assert!(oidc.amr == None);
|
||||
assert!(oidc.amr.is_none());
|
||||
assert!(oidc.azp == Some("test_resource_server".to_string()));
|
||||
assert!(oidc.jti.is_none());
|
||||
assert!(oidc.s_claims.name == Some("System Administrator".to_string()));
|
||||
|
|
@ -4286,7 +4285,9 @@ mod tests {
|
|||
let (access_token_response_1, mut client_authz) =
|
||||
setup_refresh_token(idms, idms_delayed, ct).await;
|
||||
|
||||
client_authz.as_mut().map(|s| s.push_str("invalid"));
|
||||
if let Some(s) = client_authz.as_mut() {
|
||||
s.push_str("invalid")
|
||||
}
|
||||
|
||||
// ============================================
|
||||
// Refresh with invalid client authz
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ impl EntryChangeState {
|
|||
}
|
||||
}
|
||||
State::Tombstone { .. } => {
|
||||
assert!(false)
|
||||
unreachable!();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -499,7 +499,8 @@ pub trait SchemaTransaction {
|
|||
match self.get_attributes().get(attr) {
|
||||
Some(a_schema) => {
|
||||
// We'll likely add more conditions here later.
|
||||
!(a_schema.phantom || !a_schema.replicated)
|
||||
// Allow items that are replicated and not phantoms
|
||||
a_schema.replicated && !a_schema.phantom
|
||||
}
|
||||
None => {
|
||||
warn!(
|
||||
|
|
|
|||
|
|
@ -143,7 +143,7 @@ fn create_filter_entry<'a>(
|
|||
}
|
||||
}
|
||||
|
||||
fn protected_filter_entry<'a>(ident: &Identity, entry: &'a Entry<EntryInit, EntryNew>) -> IResult {
|
||||
fn protected_filter_entry(ident: &Identity, entry: &Entry<EntryInit, EntryNew>) -> IResult {
|
||||
match &ident.origin {
|
||||
IdentType::Internal => {
|
||||
trace!("Internal operation, protected rules do not apply.");
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ fn delete_filter_entry<'a>(
|
|||
}
|
||||
}
|
||||
|
||||
fn protected_filter_entry<'a>(ident: &Identity, entry: &'a Arc<EntrySealedCommitted>) -> IResult {
|
||||
fn protected_filter_entry(ident: &Identity, entry: &Arc<EntrySealedCommitted>) -> IResult {
|
||||
match &ident.origin {
|
||||
IdentType::Internal => {
|
||||
trace!("Internal operation, protected rules do not apply.");
|
||||
|
|
|
|||
|
|
@ -118,31 +118,30 @@ fn search_oauth2_filter_entry<'a>(
|
|||
match &ident.origin {
|
||||
IdentType::Internal | IdentType::Synch(_) => AccessResult::Ignore,
|
||||
IdentType::User(iuser) => {
|
||||
if entry
|
||||
let contains_o2_rs = entry
|
||||
.get_ava_as_iutf8("class")
|
||||
.map(|set| {
|
||||
trace!(?set);
|
||||
set.contains("oauth2_resource_server")
|
||||
})
|
||||
.unwrap_or(false)
|
||||
{
|
||||
if entry
|
||||
.get_ava_as_oauthscopemaps("oauth2_rs_scope_map")
|
||||
.and_then(|maps| ident.get_memberof().map(|mo| (maps, mo)))
|
||||
.map(|(maps, mo)| maps.keys().any(|k| mo.contains(k)))
|
||||
.unwrap_or(false)
|
||||
{
|
||||
security_access!(entry = ?entry.get_uuid(), ident = ?iuser.entry.get_uuid2rdn(), "ident is a memberof a group granted an oauth2 scope by this entry");
|
||||
.unwrap_or(false);
|
||||
let contains_o2_scope_member = entry
|
||||
.get_ava_as_oauthscopemaps("oauth2_rs_scope_map")
|
||||
.and_then(|maps| ident.get_memberof().map(|mo| (maps, mo)))
|
||||
.map(|(maps, mo)| maps.keys().any(|k| mo.contains(k)))
|
||||
.unwrap_or(false);
|
||||
|
||||
return AccessResult::Allow(btreeset!(
|
||||
"class",
|
||||
"displayname",
|
||||
"uuid",
|
||||
"oauth2_rs_name",
|
||||
"oauth2_rs_origin",
|
||||
"oauth2_rs_origin_landing"
|
||||
));
|
||||
}
|
||||
if contains_o2_rs && contains_o2_scope_member {
|
||||
security_access!(entry = ?entry.get_uuid(), ident = ?iuser.entry.get_uuid2rdn(), "ident is a memberof a group granted an oauth2 scope by this entry");
|
||||
|
||||
return AccessResult::Allow(btreeset!(
|
||||
"class",
|
||||
"displayname",
|
||||
"uuid",
|
||||
"oauth2_rs_name",
|
||||
"oauth2_rs_origin",
|
||||
"oauth2_rs_origin_landing"
|
||||
));
|
||||
}
|
||||
AccessResult::Ignore
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,10 +52,7 @@ pub fn password_from_random() -> String {
|
|||
}
|
||||
|
||||
pub fn backup_code_from_random() -> HashSet<String> {
|
||||
(0..8)
|
||||
.into_iter()
|
||||
.map(|_| readable_password_from_random())
|
||||
.collect()
|
||||
(0..8).map(|_| readable_password_from_random()).collect()
|
||||
}
|
||||
|
||||
pub fn readable_password_from_random() -> String {
|
||||
|
|
|
|||
|
|
@ -46,9 +46,7 @@ impl ValueSetCredential {
|
|||
pub fn from_repl_v1(data: &[ReplCredV1]) -> Result<ValueSet, OperationError> {
|
||||
let map = data
|
||||
.iter()
|
||||
.map(|dc| {
|
||||
Credential::try_from_repl_v1(dc).map_err(|()| OperationError::InvalidValueState)
|
||||
})
|
||||
.map(Credential::try_from_repl_v1)
|
||||
.collect::<Result<_, _>>()?;
|
||||
Ok(Box::new(ValueSetCredential { map }))
|
||||
}
|
||||
|
|
@ -468,9 +466,7 @@ impl ValueSetPasskey {
|
|||
let map = data
|
||||
.iter()
|
||||
.cloned()
|
||||
.map(|k| match k {
|
||||
ReplPasskeyV4V1 { uuid, tag, key } => Ok((uuid, (tag, key))),
|
||||
})
|
||||
.map(|ReplPasskeyV4V1 { uuid, tag, key }| Ok((uuid, (tag, key))))
|
||||
.collect::<Result<_, _>>()?;
|
||||
Ok(Box::new(ValueSetPasskey { map }))
|
||||
}
|
||||
|
|
@ -654,9 +650,7 @@ impl ValueSetDeviceKey {
|
|||
let map = data
|
||||
.iter()
|
||||
.cloned()
|
||||
.map(|k| match k {
|
||||
ReplDeviceKeyV4V1 { uuid, tag, key } => Ok((uuid, (tag, key))),
|
||||
})
|
||||
.map(|ReplDeviceKeyV4V1 { uuid, tag, key }| Ok((uuid, (tag, key))))
|
||||
.collect::<Result<_, _>>()?;
|
||||
Ok(Box::new(ValueSetDeviceKey { map }))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -455,8 +455,7 @@ impl ValueSetT for ValueSetSession {
|
|||
let map = self
|
||||
.as_session_map()
|
||||
.iter()
|
||||
.map(|m| m.iter())
|
||||
.flatten()
|
||||
.flat_map(|m| m.iter())
|
||||
.map(
|
||||
|(
|
||||
u,
|
||||
|
|
@ -473,8 +472,8 @@ impl ValueSetT for ValueSetSession {
|
|||
*u,
|
||||
ApiToken {
|
||||
label: label.clone(),
|
||||
expiry: expiry.clone(),
|
||||
issued_at: issued_at.clone(),
|
||||
expiry: *expiry,
|
||||
issued_at: *issued_at,
|
||||
issued_by: issued_by.clone(),
|
||||
scope: match scope {
|
||||
SessionScope::Synchronise => ApiTokenScope::Synchronise,
|
||||
|
|
|
|||
|
|
@ -1371,7 +1371,7 @@ async fn test_server_user_auth_reauthentication(rsclient: KanidmClient) {
|
|||
.expect("Unable to open up token.");
|
||||
|
||||
let now = time::OffsetDateTime::now_utc();
|
||||
assert!(uat.purpose_readwrite_active(now) == false);
|
||||
assert!(!uat.purpose_readwrite_active(now));
|
||||
|
||||
// The auth is done, now we have to setup to re-auth for our session.
|
||||
// Should we bother looking at the internals of the token here to assert
|
||||
|
|
@ -1407,5 +1407,5 @@ async fn test_server_user_auth_reauthentication(rsclient: KanidmClient) {
|
|||
|
||||
let now = time::OffsetDateTime::now_utc();
|
||||
eprintln!("{:?} {:?}", now, uat.purpose);
|
||||
assert!(uat.purpose_readwrite_active(now) == true);
|
||||
assert!(uat.purpose_readwrite_active(now));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -130,7 +130,7 @@ impl Component for SecurityApp {
|
|||
let isotime: String = jsdate.to_iso_string().into();
|
||||
// TODO: Actually check the time of expiry on the uat and have a timer set that
|
||||
// re-locks things nicely.
|
||||
let time = time::OffsetDateTime::parse(&isotime, time::Format::Rfc3339)
|
||||
let time = time::OffsetDateTime::parse(isotime, time::Format::Rfc3339)
|
||||
.map(|odt| odt + time::Duration::new(60, 0))
|
||||
.expect_throw("Unable to process time stamp");
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ impl DomainOpt {
|
|||
new_basedn
|
||||
);
|
||||
let client = copt.to_client(OpType::Write).await;
|
||||
match client.idm_domain_set_ldap_basedn(&new_basedn).await {
|
||||
match client.idm_domain_set_ldap_basedn(new_basedn).await {
|
||||
Ok(_) => println!("Success"),
|
||||
Err(e) => eprintln!("{:?}", e),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,7 +27,11 @@ impl GroupOpt {
|
|||
match client.idm_group_list().await {
|
||||
Ok(r) => r.iter().for_each(|ent| match copt.output_mode.as_str() {
|
||||
"json" => {
|
||||
println!("{}", serde_json::to_string(&ent.attrs).unwrap());
|
||||
println!(
|
||||
"{}",
|
||||
serde_json::to_string(&ent.attrs)
|
||||
.expect("Failed to serialise json")
|
||||
);
|
||||
}
|
||||
_ => println!("{}", ent),
|
||||
}),
|
||||
|
|
@ -40,7 +44,10 @@ impl GroupOpt {
|
|||
match client.idm_group_get(gcopt.name.as_str()).await {
|
||||
Ok(Some(e)) => match gcopt.copt.output_mode.as_str() {
|
||||
"json" => {
|
||||
println!("{}", serde_json::to_string(&e.attrs).unwrap());
|
||||
println!(
|
||||
"{}",
|
||||
serde_json::to_string(&e.attrs).expect("Failed to serialise json")
|
||||
);
|
||||
}
|
||||
_ => println!("{}", e),
|
||||
},
|
||||
|
|
|
|||
|
|
@ -148,7 +148,7 @@ impl ServiceAccountOpt {
|
|||
src_user: copt.username.clone().unwrap(),
|
||||
dest_user: aopts.account_id.clone(),
|
||||
};
|
||||
println!("{}", message.to_string());
|
||||
println!("{}", message);
|
||||
}
|
||||
_ => {
|
||||
println!("Success: This token will only be displayed ONCE");
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ fn main() {
|
|||
Shell::Bash,
|
||||
&mut KanidmUnixParser::command(),
|
||||
"kanidm_unix",
|
||||
comp_dir.clone(),
|
||||
comp_dir,
|
||||
)
|
||||
.ok();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ use crate::db::Db;
|
|||
use crate::unix_config::{HomeAttr, UidAttr};
|
||||
use crate::unix_proto::{HomeDirectoryInfo, NssGroup, NssUser};
|
||||
|
||||
const NXCACHE_SIZE: usize = 2048;
|
||||
const NXCACHE_SIZE: NonZeroUsize = unsafe { NonZeroUsize::new_unchecked(2048) };
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
|
||||
pub enum Id {
|
||||
|
|
@ -100,7 +100,7 @@ impl CacheLayer {
|
|||
home_alias,
|
||||
uid_attr_map,
|
||||
gid_attr_map,
|
||||
nxcache: Mutex::new(LruCache::new(NonZeroUsize::new(NXCACHE_SIZE).unwrap())),
|
||||
nxcache: Mutex::new(LruCache::new(NXCACHE_SIZE)),
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue