Add default entries test to apply behaviours according to
`designs/default_idm_layout.rst`.
Add expected behaviours for:
- Users
- Account managers
- Group managers
- Admins
- People Managers
- Anonymous clients
- Radius servers
Also, refactor `kanidmd_client` tests to separate into different files
and fix some documentation typos
Resolves: #108
Use matrix and Makefile to build both images in the same workflow.
Kanidmd image remove muslc version and come back to SUSE version because
performance problems.
Also fix a typo bug with kanidmd image build on CI.
- Change base builder image to `ekidd/rust-musl-builder` for create static
binaries.
- Add two flavours: alpine and stand alone binary.
- Add makefile commands for build, test and push kanidmd images and
refactor previous code.
- Add missing things to `.dockerignore`.
- Refactor CI to use Makefile.
Add `libsqlite3-sys` crate to avoid sqlite3 missmatching version.
From [https://lib.rs/crates/libsqlite3-sys](https://lib.rs/crates/libsqlite3-sys)
> If you use the bundled feature, libsqlite3-sys will use the cc crate to compile SQLite from source and link against that. This source is embedded in the libsqlite3-sys crate and is currently SQLite 3.30.1 (as of rusqlite 0.21.0 / libsqlite3-sys 0.17.0). This is probably the simplest solution to any build problems.
Remove sqlite OS packages dependencies for build.
Also, we fix a format error to allow CI tests to pass again.
Implements #12, TOTP. This adds support for TOTP to the api and server, with server side token generation, authentication and the correct URI for encoding into QR codes for client token addition. Some extra measures have been taken such as in the stepped auth to always notify on the success or failure of the TOTP first (regardless of order) to prevent PW bruteforce attacks.
Implements #122 password import. This adds most of the server core framework to allow password imports from other sources, with new types easily able to be added in credential.rs.
Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with.
Implements #137 and parts of #132. This adds full support for CID's to the server, and some parts for recyclebin to work such as internal lessthan queries.
Implements #129, pam and nsswitch daemon capability. This is stage 1, which adds a localhost unix domain socket resolver, a ssh key client, support to the server for generating unix tokens, an async client lib, and client handles for adding posix extensions to accounts and groups.
Implements #49, revive directmemberships if possible on revive. As items that are deleted are able to maintain and preserve their directmembership from MO, this allows a way to back-create group memberships when we revive a user from the recycle bin.
Note that if the group was itself deleted and revived, this breaks the relationship because it causes ref int to remove all the references. This could be a reason to change the refint policy to allow keeping dead-references, but I think I want to think about that more before I change that policy too quickly.
Saying this, most groups are long lived, we are really wanting to handle the case where you delete and revive a user, or delete and revive a group to restore consistency. Deletenig and reviveng groups and users at the same time will lead to some hairy-complex cases.
Implements #133, limit password generators to distict human readable characters. This removes the common confusions such as I,l, 1, 0, O, o, m,rn, etc . This in mind, they may not all have been found, but it should be easier now to improve upon.
Implements #29 password badlist and quality checking. This checks all new passwords are at least length 10, pass zxcvbn and are not container in a badlist. The current badlist is a preprocessed content of rockyou from seclists, but later wwe'll update this to the top 10million badlist which when processed is about 70k entries..
