mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 04:27:02 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

Bump the all group with 22 updates (#3376)

Browse source 
* Bump the all group with 22 updates

Bumps the all group with 22 updates:

| Package | From | To |
| --- | --- | --- |
| [async-trait](https://github.com/dtolnay/async-trait) | `0.1.83` | `0.1.85` |
| [bitflags](https://github.com/bitflags/bitflags) | `2.6.0` | `2.8.0` |
| [clap](https://github.com/clap-rs/clap) | `4.5.23` | `4.5.27` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.40` | `4.5.42` |
| [lodepng](https://github.com/kornelski/lodepng-rust) | `3.10.7` | `3.11.0` |
| [openssl](https://github.com/sfackler/rust-openssl) | `0.10.68` | `0.10.69` |
| [proc-macro2](https://github.com/dtolnay/proc-macro2) | `1.0.92` | `1.0.93` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.11` | `0.12.12` |
| [rustls](https://github.com/rustls/rustls) | `0.23.20` | `0.23.21` |
| [sd-notify](https://github.com/lnicola/sd-notify) | `0.4.4` | `0.4.5` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.134` | `1.0.137` |
| [syn](https://github.com/dtolnay/syn) | `2.0.93` | `2.0.96` |
| [tempfile](https://github.com/Stebalien/tempfile) | `3.14.0` | `3.15.0` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.42.0` | `1.43.0` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.11.0` | `1.12.1` |
| [oauth2](https://github.com/ramosbugs/oauth2-rs) | `4.4.2` | `5.0.0` |
| [cc](https://github.com/rust-lang/cc-rs) | `1.2.6` | `1.2.10` |
| [axum-extra](https://github.com/tokio-rs/axum) | `0.9.6` | `0.10.0` |
| [axum-macros](https://github.com/tokio-rs/axum) | `0.4.2` | `0.5.0` |
| [fantoccini](https://github.com/jonhoo/fantoccini) | `0.21.3` | `0.21.4` |
| [petgraph](https://github.com/petgraph/petgraph) | `0.6.5` | `0.7.1` |
| [jsonschema](https://github.com/Stranger6667/jsonschema) | `0.28.0` | `0.28.3` |


Updates `async-trait` from 0.1.83 to 0.1.85
- [Release notes](https://github.com/dtolnay/async-trait/releases)
- [Commits](https://github.com/dtolnay/async-trait/compare/0.1.83...0.1.85)

Updates `bitflags` from 2.6.0 to 2.8.0
- [Release notes](https://github.com/bitflags/bitflags/releases)
- [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bitflags/bitflags/compare/2.6.0...2.8.0)

Updates `clap` from 4.5.23 to 4.5.27
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.23...clap_complete-v4.5.27)

Updates `clap_complete` from 4.5.40 to 4.5.42
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.40...clap_complete-v4.5.42)

Updates `lodepng` from 3.10.7 to 3.11.0
- [Commits](https://github.com/kornelski/lodepng-rust/compare/v3.10.7...v3.11.0)

Updates `openssl` from 0.10.68 to 0.10.69
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69)

Updates `proc-macro2` from 1.0.92 to 1.0.93
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.92...1.0.93)

Updates `reqwest` from 0.12.11 to 0.12.12
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.11...v0.12.12)

Updates `rustls` from 0.23.20 to 0.23.21
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.20...v/0.23.21)

Updates `sd-notify` from 0.4.4 to 0.4.5
- [Changelog](https://github.com/lnicola/sd-notify/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lnicola/sd-notify/compare/v0.4.4...v0.4.5)

Updates `serde_json` from 1.0.134 to 1.0.137
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.134...v1.0.137)

Updates `syn` from 2.0.93 to 2.0.96
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.93...2.0.96)

Updates `tempfile` from 3.14.0 to 3.15.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.14.0...v3.15.0)

Updates `tokio` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.42.0...tokio-1.43.0)

Updates `uuid` from 1.11.0 to 1.12.1
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.11.0...1.12.1)

Updates `oauth2` from 4.4.2 to 5.0.0
- [Release notes](https://github.com/ramosbugs/oauth2-rs/releases)
- [Upgrade guide](https://github.com/ramosbugs/oauth2-rs/blob/main/UPGRADE.md)
- [Commits](https://github.com/ramosbugs/oauth2-rs/compare/4.4.2...5.0.0)

Updates `cc` from 1.2.6 to 1.2.10
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/cc-rs/compare/cc-v1.2.6...cc-v1.2.10)

Updates `axum-extra` from 0.9.6 to 0.10.0
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.9.6...axum-extra-v0.10.0)

Updates `axum-macros` from 0.4.2 to 0.5.0
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.4.2...axum-macros-v0.5.0)

Updates `fantoccini` from 0.21.3 to 0.21.4
- [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.3...v0.21.4)

Updates `petgraph` from 0.6.5 to 0.7.1
- [Changelog](https://github.com/petgraph/petgraph/blob/master/RELEASES.rst)
- [Commits](https://github.com/petgraph/petgraph/compare/petgraph@v0.6.5...petgraph@v0.7.1)

Updates `jsonschema` from 0.28.0 to 0.28.3
- [Release notes](https://github.com/Stranger6667/jsonschema/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema/compare/rust-v0.28.0...rust-v0.28.3)

---
updated-dependencies:
- dependency-name: async-trait
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: bitflags
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: lodepng
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: openssl
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: proc-macro2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: reqwest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: sd-notify
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: oauth2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: cc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: fantoccini
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: petgraph
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>

* ok the otel stuff works now

* linting fixes

* fix: less parse more from_str, adding a todo

* fix: removing a TODO

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
This commit is contained in:
dependabot[bot] 2025-01-29 13:57:38 +10:00 committed by GitHub
parent 12532ee32d
commit ed76bdbfb1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
16 changed files with 474 additions and 602 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

788
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

43
Cargo.toml
View file

@ -140,7 +140,7 @@ anyhow = { version = "1.0.95" }
argon2 = { version = "0.5.3", features = ["alloc"] }
askama = { version = "0.12.1", features = ["serde", "with-axum"] }
askama_axum = { version = "0.4.0" }
async-trait = "^0.1.83"
async-trait = "^0.1.85"
axum = { version = "0.7.9", features = [
"form",
"json",
@ -155,10 +155,10 @@ axum-htmx = { version = "0.5.0", features = ["serde", "guards"] }
base32 = "^0.5.1"
base64 = "^0.22.1"
base64urlsafedata = "0.5.1"
bitflags = "^2.6.0"
bitflags = "^2.8.0"
bytes = "^1.9.0"
clap = { version = "^4.5.23", features = ["derive", "env"] }
clap_complete = "^4.5.38"
clap = { version = "^4.5.27", features = ["derive", "env"] }
clap_complete = "^4.5.42"
# Forced by saffron/cron
chrono = "^0.4.39"
compact_jwt = { version = "^0.4.2", default-features = false }
@ -199,7 +199,7 @@ ldap3_proto = { version = "^0.5.2", features = ["serde"] }
libc = "^0.2.168"
libnss = "^0.8.0"
libsqlite3-sys = "^0.25.2"
lodepng = "3.10.7"
lodepng = "3.11.0"
lru = "^0.12.5"
mathru = "^0.13.0"
mimalloc = "0.1.43"
@ -207,31 +207,33 @@ notify-debouncer-full = { version = "0.1" }
num_enum = "^0.5.11"
oauth2_ext = { version = "^4.4.2", package = "oauth2", default-features = false }
openssl-sys = "^0.9"
openssl = "^0.10.68"
openssl = "^0.10.69"
opentelemetry = { version = "0.20.0" }
opentelemetry_api = { version = "0.20.0", features = ["logs", "metrics"] }
opentelemetry-otlp = { version = "0.13.0", default-features = false, features = [
opentelemetry = { version = "0.27.0" }
opentelemetry_api = { version = "0.27.0", features = ["logs", "metrics"] }
opentelemetry-otlp = { version = "0.27.0", default-features = false, features = [
"serde",
"logs",
"metrics",
"http-proto",
"grpc-tonic",
] }
opentelemetry_sdk = "0.20.0"
tracing-opentelemetry = "0.21.0"
opentelemetry_sdk = { version = "0.27.0", features = ["rt-tokio"] }
opentelemetry-semantic-conventions = "0.27.0"
tracing-opentelemetry = "0.28.0"
tracing-core = "0.1.33"
paste = "^1.0.14"
peg = "0.8"
pkg-config = "^0.3.31"
prctl = "1.0.0"
proc-macro2 = "1.0.92"
proc-macro2 = "1.0.93"
qrcode = "^0.12.0"
quote = "1"
rand = "^0.8.5"
rand_chacha = "0.3.1"
regex = "1.11.0"
reqwest = { version = "0.12.11", default-features = false, features = [
reqwest = { version = "0.12.12", default-features = false, features = [
"cookies",
"http2",
"json",
@ -239,15 +241,15 @@ reqwest = { version = "0.12.11", default-features = false, features = [
"rustls-tls-native-roots",
] }
rusqlite = { version = "^0.28.0", features = ["array", "bundled"] }
rustls = { version = "0.23.20", default-features = false, features = [
rustls = { version = "0.23.21", default-features = false, features = [
"aws_lc_rs",
] }
sd-notify = "^0.4.4"
sd-notify = "^0.4.5"
selinux = "^0.4.6"
serde = "^1.0.217"
serde_cbor = { version = "0.12.0-dev", package = "serde_cbor_2" }
serde_json = "^1.0.134"
serde_json = "^1.0.137"
serde_urlencoded = "^0.7.1"
serde_with = "3.12.0"
sha-crypt = "0.5.0"
@ -258,12 +260,12 @@ smolset = "^1.3.1"
sshkey-attest = "^0.5.0"
sshkeys = "0.3.3"
svg = "0.13.1"
syn = { version = "2.0.93", features = ["full"] }
tempfile = "3.14.0"
syn = { version = "2.0.96", features = ["full"] }
tempfile = "3.15.0"
testkit-macros = { path = "./server/testkit-macros" }
time = { version = "^0.3.36", features = ["formatting", "local-offset"] }
tokio = "^1.42.0"
tokio = "^1.43.0"
tokio-openssl = "^0.6.5"
tokio-util = "^0.7.13"
@ -279,7 +281,7 @@ url = "^2.5.2"
urlencoding = "2.1.3"
utoipa = { version = "4.2.0", features = ["url", "uuid"] }
utoipa-swagger-ui = "6.0.0"
uuid = "^1.11.0"
uuid = "^1.12.1"
webauthn-authenticator-rs = { version = "0.5.1", features = [
"softpasskey",
@ -297,4 +299,3 @@ x509-cert = "0.2.5"
zxcvbn = "^2.2.2"
nonempty = "0.8.1"

7
libs/sketching/Cargo.toml
View file

@ -19,7 +19,7 @@ doctest = false
[dependencies]
gethostname = "0.5.0"
num_enum = { workspace = true }
opentelemetry = { workspace = true, features = ["metrics", "rt-tokio"] }
opentelemetry = { workspace = true, features = ["metrics"] }
opentelemetry-otlp = { workspace = true, default-features = false, features = [
"serde",
"logs",
@ -27,9 +27,12 @@ opentelemetry-otlp = { workspace = true, default-features = false, features = [
"http-proto",
"grpc-tonic",
] }
opentelemetry_sdk = { workspace = true }
opentelemetry_sdk = { workspace = true, features = ["rt-tokio"] }
opentelemetry-semantic-conventions = { workspace = true }
serde = { workspace = true, features = ["derive"] }
tracing = { workspace = true, features = ["attributes"] }
tracing-core = { workspace = true }
tracing-forest = { workspace = true, features = [
"uuid",
"smallvec",

119
libs/sketching/src/otel.rs
View file

@ -1,16 +1,26 @@
use gethostname::gethostname;
use opentelemetry::KeyValue;
use std::{str::FromStr, time::Duration};
use opentelemetry_otlp::{Protocol, WithExportConfig};
use opentelemetry_sdk::trace::{self, Sampler};
use opentelemetry_sdk::Resource;
use std::time::Duration;
use opentelemetry::{global, trace::TracerProvider as _, KeyValue};
use opentelemetry_sdk::{
trace::{Sampler, TracerProvider},
Resource,
};
use tracing::Subscriber;
use tracing_subscriber::Registry;
use tracing_subscriber::{prelude::*, EnvFilter};
use tracing_core::Level;
use tracing_subscriber::{filter::Directive, prelude::*, EnvFilter, Registry};
pub const MAX_EVENTS_PER_SPAN: u32 = 64 * 1024;
pub const MAX_ATTRIBUTES_PER_SPAN: u32 = 128;
use opentelemetry_semantic_conventions::{
attribute::{SERVICE_NAME, SERVICE_VERSION},
SCHEMA_URL,
};
// TODO: this is coming back later
// #[allow(dead_code)]
// pub fn init_metrics() -> metrics::Result<MeterProvider> {
@ -44,28 +54,26 @@ pub fn start_logging_pipeline(
// adding these filters because when you close out the process the OTLP comms layer is NOISY
let forest_filter = forest_filter
.add_directive(
"tonic=info"
.parse()
.expect("Failed to set tonic logging to info"),
Directive::from_str("tonic=info").expect("Failed to set tonic logging to info"),
)
.add_directive("h2=info".parse().expect("Failed to set h2 logging to info"))
.add_directive(
"hyper=info"
.parse()
.expect("Failed to set hyper logging to info"),
Directive::from_str("h2=info").expect("Failed to set h2 logging to info"),
)
.add_directive(
Directive::from_str("hyper=info").expect("Failed to set hyper logging to info"),
);
let forest_layer = tracing_forest::ForestLayer::default().with_filter(forest_filter);
let t_filter: EnvFilter = EnvFilter::builder()
.with_default_directive(log_filter.into())
.from_env_lossy();
let tracer = opentelemetry_otlp::new_pipeline().tracing().with_exporter(
opentelemetry_otlp::new_exporter()
.tonic()
.with_endpoint(endpoint)
.with_timeout(Duration::from_secs(5))
.with_protocol(Protocol::HttpBinary),
);
let otlp_exporter = opentelemetry_otlp::SpanExporter::builder()
.with_tonic()
.with_endpoint(endpoint)
.with_protocol(Protocol::HttpBinary)
.with_timeout(Duration::from_secs(5))
.build()
.map_err(|err| err.to_string())?;
// this env var gets set at build time, if we can pull it, add it to the metadata
let git_rev = match option_env!("KANIDM_PKG_COMMIT_REV") {
@ -74,39 +82,47 @@ pub fn start_logging_pipeline(
};
let version = format!("{}{}", env!("CARGO_PKG_VERSION"), git_rev);
let hostname = gethostname();
let hostname = hostname.to_string_lossy();
let hostname = hostname.to_lowercase();
// let hostname = gethostname::gethostname();
// let hostname = hostname.to_string_lossy();
// let hostname = hostname.to_lowercase();
let tracer = tracer
.with_trace_config(
trace::config()
// we want *everything!*
.with_sampler(Sampler::AlwaysOn)
.with_max_events_per_span(MAX_EVENTS_PER_SPAN)
.with_max_attributes_per_span(MAX_ATTRIBUTES_PER_SPAN)
.with_resource(Resource::new(vec![
KeyValue::new("service.name", service_name),
KeyValue::new("service.version", version),
KeyValue::new("host.name", hostname),
// TODO: it'd be really nice to be able to set the instance ID here, from the server UUID so we know *which* instance on this host is logging
])),
let resource = Resource::from_schema_url(
[
// TODO: it'd be really nice to be able to set the instance ID here, from the server UUID so we know *which* instance on this host is logging
KeyValue::new(SERVICE_NAME, service_name),
KeyValue::new(SERVICE_VERSION, version),
// TODO: currently marked as an experimental flag, leaving it out for now
// KeyValue::new(DEPLOYMENT_ENVIRONMENT_NAME, hostname),
],
SCHEMA_URL,
);
let provider = TracerProvider::builder()
.with_batch_exporter(otlp_exporter, opentelemetry_sdk::runtime::Tokio)
// we want *everything!*
.with_sampler(Sampler::AlwaysOn)
.with_max_events_per_span(MAX_EVENTS_PER_SPAN)
.with_max_attributes_per_span(MAX_ATTRIBUTES_PER_SPAN)
.with_resource(resource)
.build();
global::set_tracer_provider(provider.clone());
provider.tracer("tracing-otel-subscriber");
use tracing_opentelemetry::OpenTelemetryLayer;
let registry = tracing_subscriber::registry()
.with(
tracing_subscriber::filter::LevelFilter::from_level(Level::INFO)
.with_filter(t_filter),
)
.install_batch(opentelemetry::runtime::Tokio)
.map_err(|err| {
let err = format!("Failed to start OTLP pipeline: {:?}", err);
eprintln!("{}", err);
err
})?;
// Create a tracing layer with the configured tracer;
let telemetry = tracing_opentelemetry::layer()
.with_tracer(tracer)
.with_threads(true)
.with_filter(t_filter);
.with(tracing_subscriber::fmt::layer())
// .with(MetricsLayer::new(meter_provider.clone()))
.with(forest_layer)
.with(OpenTelemetryLayer::new(
provider.tracer("tracing-otel-subscriber"),
));
Ok(Box::new(
Registry::default().with(forest_layer).with(telemetry),
))
Ok(Box::new(registry))
}
None => {
let forest_layer = tracing_forest::ForestLayer::default().with_filter(forest_filter);
@ -122,7 +138,6 @@ pub struct TracingPipelineGuard {}
impl Drop for TracingPipelineGuard {
fn drop(&mut self) {
opentelemetry::global::shutdown_tracer_provider();
opentelemetry::global::shutdown_logger_provider();
eprintln!("Logging pipeline completed shutdown");
}
}

2
server/core/Cargo.toml
View file

@ -25,7 +25,7 @@ askama_axum = { workspace = true }
axum = { workspace = true }
axum-htmx = { workspace = true }
axum-extra = { version = "0.9.6", features = ["cookie"] }
axum-macros = "0.4.1"
axum-macros = "0.4.2"
axum-server = { version = "0.7.1", default-features = false }
bytes = { workspace = true }
chrono = { workspace = true }

2
server/lib/src/idm/application.rs
View file

@ -134,7 +134,7 @@ impl TryFrom<Vec<Arc<EntrySealedCommitted>>> for LdapApplications {
}
}
impl<'a> IdmServerAuthTransaction<'a> {
impl IdmServerAuthTransaction<'_> {
pub async fn application_auth_ldap(
&mut self,
lae: &LdapApplicationAuthEvent,

4
server/lib/src/idm/ldap.rs
View file

@ -693,9 +693,9 @@ impl LdapServer {
} // end match server op
}
async fn bind_target_from_bind_dn<'a>(
async fn bind_target_from_bind_dn(
&self,
idm_auth: &mut IdmServerAuthTransaction<'a>,
idm_auth: &mut IdmServerAuthTransaction<'_>,
dn: &str,
pw: &str,
) -> Result<LdapBindTarget, OperationError> {

2
server/lib/src/idm/oauth2.rs
View file

@ -2968,7 +2968,7 @@ fn host_is_local(host: &Host<&str>) -> bool {
/// Ensure that the redirect URI is a loopback/localhost address
fn check_is_loopback(redirect_uri: &Url) -> bool {
redirect_uri.host().map_or(false, |host| {
redirect_uri.host().is_some_and(|host| {
// Check if the host is a loopback/localhost address.
host_is_local(&host)
})

2
server/lib/src/idm/reauth.rs
View file

@ -17,7 +17,7 @@ use kanidm_proto::v1::AuthIssueSession;
use super::server::CredSoftLockMutex;
impl<'a> IdmServerAuthTransaction<'a> {
impl IdmServerAuthTransaction<'_> {
pub async fn reauth_init(
&mut self,
ident: Identity,

2
server/lib/src/idm/server.rs
View file

@ -1008,7 +1008,7 @@ impl<'a> IdmServerTransaction<'a> for IdmServerAuthTransaction<'a> {
}
}
impl<'a> IdmServerAuthTransaction<'a> {
impl IdmServerAuthTransaction<'_> {
#[cfg(test)]
pub fn is_sessionid_present(&self, sessionid: Uuid) -> bool {
let session_read = self.sessions.read();

5
server/lib/src/modify.rs
View file

@ -214,10 +214,7 @@ impl ModifyList<ModifyInvalid> {
})
.collect();
let valid_mods = match res {
Ok(v) => v,
Err(e) => return Err(e),
};
let valid_mods = res?;
// Return new ModifyList!
Ok(ModifyList {

4
server/lib/src/valueset/eckey.rs
View file

@ -158,8 +158,8 @@ impl ValueSetT for ValueSetEcKeyPrivate {
fn equal(&self, other: &super::ValueSet) -> bool {
#[allow(clippy::expect_used)]
other.as_ec_key_private().map_or(false, |other_key| {
self.set.as_ref().map_or(false, |key| {
other.as_ec_key_private().is_some_and(|other_key| {
self.set.as_ref().is_some_and(|key| {
key.priv_key
.private_key_to_der()
.expect("Failed to retrieve key der")

6
server/testkit/Cargo.toml
View file

@ -53,17 +53,17 @@ assert_cmd = "2.0.16"
compact_jwt = { workspace = true }
escargot = "0.5.13"
# used for webdriver testing
fantoccini = { version = "0.21.3" }
fantoccini = { version = "0.21.4" }
futures = { workspace = true }
oauth2_ext = { workspace = true, default-features = false, features = [
"reqwest",
] }
openssl = { workspace = true }
petgraph = { version = "0.6.4", features = ["serde", "serde-1"] }
petgraph = { version = "0.7.1", features = ["serde", "serde-1"] }
serde_json = { workspace = true }
time = { workspace = true }
tokio-openssl = { workspace = true }
kanidm_lib_crypto = { workspace = true }
uuid = { workspace = true }
webauthn-authenticator-rs = { workspace = true }
jsonschema = "0.28.0"
jsonschema = "0.28.3"

4
tools/device_flow/Cargo.toml
View file

@ -20,8 +20,8 @@ doctest = false
[dependencies]
kanidm_proto = { workspace = true }
anyhow = { workspace = true }
oauth2 = "4.4.2"
reqwest = { version = "0.12.11", default-features = false, features = [
oauth2 = "5.0.0"
reqwest = { version = "0.12.12", default-features = false, features = [
"rustls-tls",
] }

84
tools/device_flow/examples/device_flow.rs
View file

@ -4,10 +4,11 @@ use kanidm_proto::constants::uri::{
OAUTH2_AUTHORISE, OAUTH2_AUTHORISE_DEVICE, OAUTH2_TOKEN_ENDPOINT,
};
use oauth2::basic::BasicClient;
use oauth2::devicecode::StandardDeviceAuthorizationResponse;
use oauth2::http::StatusCode;
use oauth2::{
AuthUrl, ClientId, DeviceAuthorizationUrl, HttpRequest, HttpResponse, Scope, TokenUrl,
AuthUrl, ClientId, DeviceAuthorizationUrl, HttpRequest, HttpResponse, Scope,
StandardDeviceAuthorizationResponse, TokenUrl,
};
use reqwest::Client;
use sketching::tracing_subscriber::layer::SubscriberExt;
@ -16,41 +17,34 @@ use sketching::tracing_subscriber::{fmt, EnvFilter};
use tracing::level_filters::LevelFilter;
use tracing::{debug, error, info};
async fn http_client(
request: HttpRequest,
) -> Result<HttpResponse, oauth2::reqwest::Error<reqwest::Error>> {
async fn http_client(request: HttpRequest) -> Result<HttpResponse, oauth2::reqwest::Error> {
let client = Client::builder()
.danger_accept_invalid_certs(true)
// Following redirects opens the client up to SSRF vulnerabilities.
.redirect(reqwest::redirect::Policy::none())
.build()
.map_err(oauth2::reqwest::Error::Reqwest)?;
.build()?;
let method = reqwest::Method::from_str(request.method.as_str())
.map_err(|err| oauth2::reqwest::Error::Other(err.to_string()))?;
let method = reqwest::Method::from_str(request.method().as_str())
.expect("this is definitely a bug but OK in an example!");
let mut request_builder = client
.request(method, request.url.as_str())
.body(request.body);
.request(method, request.uri().to_string())
.body(request.body().to_vec());
for (name, value) in &request.headers {
for (name, value) in request.headers().iter() {
request_builder = request_builder.header(name.as_str(), value.as_bytes());
}
let response = client
.execute(request_builder.build().map_err(|err| {
error!("Failed to build request... {:?}", err);
oauth2::reqwest::Error::Reqwest(err)
})?)
.execute(request_builder.build()?)
.await
.map_err(|err| {
error!("Failed to query url {} error={:?}", request.url, err);
oauth2::reqwest::Error::Reqwest(err)
.inspect_err(|err| {
error!("Failed to query url {} error={:?}", request.uri(), err);
})?;
let status_code = StatusCode::from_u16(response.status().as_u16())
.map_err(|err| oauth2::reqwest::Error::Other(err.to_string()))?;
let headers = response
let status_code =
StatusCode::from_u16(response.status().as_u16()).expect("This'll work, for an example");
let headers: Vec<(oauth2::http::HeaderName, oauth2::http::HeaderValue)> = response
.headers()
.into_iter()
.map(|(k, v)| {
@ -65,17 +59,17 @@ async fn http_client(
})
.collect();
let body = response.bytes().await.map_err(|err| {
error!("Failed to parse body...? {:?}", err);
oauth2::reqwest::Error::Reqwest(err)
})?;
let body = response.bytes().await?;
info!("Response body: {:?}", String::from_utf8(body.to_vec()));
Ok(HttpResponse {
status_code,
headers,
body: body.to_vec(),
})
let mut response = HttpResponse::new(body.to_vec());
let headers_mut = response.headers_mut();
headers_mut.extend(headers);
*response.status_mut() = status_code;
Ok(response)
}
#[tokio::main]
@ -94,27 +88,25 @@ async fn main() -> anyhow::Result<()> {
info!("building client...");
// kanidm system oauth2 create-public device_flow device_flow 'https://deviceauth'
let client = BasicClient::new(
ClientId::new("device_code".to_string()),
None,
AuthUrl::new(format!("https://localhost:8443{}", OAUTH2_AUTHORISE))?,
Some(TokenUrl::new(format!(
let client = BasicClient::new(ClientId::new("device_code".to_string()))
.set_token_uri(TokenUrl::from_url(
format!("https://localhost:8443{}", OAUTH2_TOKEN_ENDPOINT).parse()?,
))
.set_auth_uri(AuthUrl::from_url(
format!("https://localhost:8443{}", OAUTH2_AUTHORISE).parse()?,
))
.set_device_authorization_url(DeviceAuthorizationUrl::new(format!(
"https://localhost:8443{}",
OAUTH2_TOKEN_ENDPOINT
))?),
)
.set_device_authorization_url(DeviceAuthorizationUrl::new(format!(
"https://localhost:8443{}",
OAUTH2_AUTHORISE_DEVICE
))?);
OAUTH2_AUTHORISE_DEVICE
))?);
info!("Getting details...");
let details: StandardDeviceAuthorizationResponse = client
.exchange_device_code()
.inspect_err(|err| error!("configuration error: {:?}", err))?
// .inspect_err(|err| error!("configuration error: {:?}", err))?
.add_scope(Scope::new("read".to_string()))
.request_async(http_client)
.request_async(&http_client)
.await?;
println!(
@ -129,7 +121,7 @@ async fn main() -> anyhow::Result<()> {
let token_result = client
.exchange_device_access_token(&details)
.request_async(http_client, tokio::time::sleep, None)
.request_async(&http_client, tokio::time::sleep, None)
.await?;
println!("Result: {:?}", token_result);
Ok(())

2
unix_integration/nss_kanidm/Cargo.toml
View file

@ -25,7 +25,7 @@ paste = { workspace = true }
lazy_static = { workspace = true }
[target."cfg(target_os = \"freebsd\")".build-dependencies]
cc = "^1.2.6"
cc = "^1.2.10"
## Debian packaging
# The base metadata does **not** work to build a functioning package!