mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix (#1134)

Browse source
This commit is contained in:
Firstyear 2022-10-18 19:21:08 +10:00 committed by GitHub
parent 6c67041fda
commit a3e8be76a5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 50 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
kanidm_tools/src/cli/oauth2.rs
View file

@ -14,6 +14,7 @@ impl Oauth2Opt {
Oauth2Opt::ShowBasicSecret(nopt) => nopt.copt.debug,
Oauth2Opt::Delete(nopt) => nopt.copt.debug,
Oauth2Opt::SetDisplayname(cbopt) => cbopt.nopt.copt.debug,
Oauth2Opt::SetName { nopt, .. } => nopt.copt.debug,
Oauth2Opt::EnablePkce(nopt) => nopt.copt.debug,
Oauth2Opt::DisablePkce(nopt) => nopt.copt.debug,
Oauth2Opt::EnableLegacyCrypto(nopt) => nopt.copt.debug,
@ -156,6 +157,24 @@ impl Oauth2Opt {
Err(e) => error!("Error -> {:?}", e),
}
}
Oauth2Opt::SetName { nopt, name } => {
let client = nopt.copt.to_client().await;
match client
.idm_oauth2_rs_update(
nopt.name.as_str(),
Some(name.as_str()),
None,
None,
false,
false,
false,
)
.await
{
Ok(_) => println!("Success"),
Err(e) => error!("Error -> {:?}", e),
}
}
Oauth2Opt::EnablePkce(nopt) => {
let client = nopt.copt.to_client().await;
match client.idm_oauth2_rs_enable_pkce(nopt.name.as_str()).await {

10
kanidm_tools/src/opt/kanidm.rs
View file

@ -650,6 +650,16 @@ pub enum Oauth2Opt {
/// Set a new displayname for a resource server
#[clap(name = "set_displayname")]
SetDisplayname(Oauth2SetDisplayname),
/// Set a new name for this resource server. You may need to update
/// your integrated applications after this so that they continue to
/// function correctly.
#[clap(name = "set_name")]
SetName {
#[clap(flatten)]
nopt: Named,
#[clap(name = "newname")]
name: String,
},
#[clap(name = "enable_pkce")]
/// Enable PKCE on this oauth2 resource server. This defaults to being enabled.
EnablePkce(Named),

28
kanidmd/lib/src/value.rs
View file

@ -1542,14 +1542,7 @@ impl Value {
// valid. IE json filter is really a filter, or cred types have supplemental
// data.
match &self {
Value::Iname(s) => {
match Uuid::parse_str(s) {
// It is a uuid, disallow.
Ok(_) => false,
// Not a uuid, check it against the re.
Err(_) => INAME_RE.is_match(s) && !DISALLOWED_NAMES.contains(s.as_str()),
}
}
Value::Iname(s) => Value::validate_iname(s),
/*
Value::Cred(_) => match &self.data {
Some(v) => matches!(v.as_ref(), DataValue::Cred(_)),
@ -1566,6 +1559,25 @@ impl Value {
_ => true,
}
}
pub(crate) fn validate_iname(s: &str) -> bool {
match Uuid::parse_str(s) {
// It is a uuid, disallow.
Ok(_) => false,
// Not a uuid, check it against the re.
Err(_) => {
if !INAME_RE.is_match(s) {
warn!("iname values may only contain limited characters - \"{}\" does not pass regex pattern \"{}\"", s, *INAME_RE);
false
} else if DISALLOWED_NAMES.contains(s) {
warn!("iname value \"{}\" is in denied list", s);
false
} else {
true
}
}
}
}
}
#[cfg(test)]

10
kanidmd/lib/src/valueset/iname.rs
View file

@ -2,7 +2,6 @@ use std::collections::BTreeSet;
use crate::prelude::*;
use crate::schema::SchemaAttribute;
use crate::value::{DISALLOWED_NAMES, INAME_RE};
use crate::valueset::{DbValueSetV2, ValueSet};
#[derive(Debug, Clone)]
@ -97,14 +96,7 @@ impl ValueSetT for ValueSetIname {
}
fn validate(&self, _schema_attr: &SchemaAttribute) -> bool {
self.set.iter().all(|s| {
match Uuid::parse_str(s) {
// It is a uuid, disallow.
Ok(_) => false,
// Not a uuid, check it against the re.
Err(_) => INAME_RE.is_match(s) && !DISALLOWED_NAMES.contains(s.as_str()),
}
})
self.set.iter().all(|s| Value::validate_iname(s.as_str()))
}
fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {