mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2191 commits 17 branches 59 tags 246 MiB
Commit graph

226 commits

Author SHA1 Message Date
George Wu 855e45bbb7 Small UI updates. (#3361) 
* Delete unused htmx javascript files.

* Consistently mention applications instead of apps.

* Small formatting change for enrol device.

* Update phrasing in credentials page.
 2025-01-24 09:30:02 +10:30
Firstyear fee2d3b0d6 Resolve passkey regression (#3343) 
During other testing I noticed that passkeys no longer worked
on a reauthentication. This was due to a regression in you
guessed it, cookies, where the auth session id wasn't being
removed properly.
 2025-01-08 09:40:28 +10:00
James Hodgkinson a810bc43c0 Renaming "TOTP" in the login flow (#3338) 2025-01-08 09:40:28 +10:00
Firstyear 095df1b216 cookies don't clear unless you set domain (#3332) 
* make everything cookie consistent
* Stricter on expiry
* Relearn a painful lesson about needing domains in removal cookies
* fix: DRY cookie creation code and reduce the sins
 2025-01-04 10:34:29 +10:00
Firstyear 46ad459a56 Automatically trigger passkeys on login view (#3307) 
Add an on-load handler to pkhtml.js so that when the partial
view is displayed passkey auth is automatically prompted for.
If the users browser blocks this event, the fallback manual
buttons still exist.
 2024-12-21 17:22:02 +10:00
William Brown beb937f303 Re-add enrol another device flow 
This was a commonly requested re-addition to the new webui. This
adds the ability for someone to scan a qr code or follow a link
to enrol another device to their account.
 2024-12-21 17:22:02 +10:00
William Brown ab8dd18e4f Improved Cookie Removal 
If a path isn't set then cookies aren't removed. More aggressively
remove cookies when they are no longer required.
 2024-12-21 17:22:02 +10:00
Firstyear caa8b2d7a6 Limit OAuth2 resumption to session (#3296) 
OAuth2 session resumption was accidentally made a permanent cookie
which led to continuing issues with it causing invalid redirections
after login. Make this a session only cookie.
 2024-12-21 17:21:59 +10:00
Firstyear ab8ef8d977 Use specific errors for intent token revoked (#3291) 
Rather than the generic 'invalid state' error, we now return
proper site-specific errors for credential commit failures, with
error messages to explain what went wrong.
 2024-12-21 17:14:51 +10:00
Firstyear d4a373365e Autocomplete password during reauth with TOTP (#3290) 
During a re-auth flow, the password was not autocompleted once
totp was autocompleted. This is because in a normal login flow
the autocomplete is performed on the first login.html page,
but in a re-auth we skip that page.

This adds the proper handling to allow the pw to autofill
in the background once the TOTP is completed.
 2024-12-21 17:14:51 +10:00
Firstyear 0d967b8dbe Add CORS headers to jwks and userinfo (#3283) 
When using jwks from a single page application, the keys and
userinfo were unable to be retrieved due to missing cors headers.
 2024-12-13 15:26:29 +10:00
James Hodgkinson bc61225600 Check DNS on replication loop start not at task start (#3243) 2024-12-03 14:00:51 +10:00
Firstyear c5f8196666 Correctly display domain name on login (#3254) 2024-12-03 14:00:23 +10:00
Firstyear d058b8c053 Resolve UI Auth Loop with OAuth2 (#3226) 
If an OAuth2 auth request resume cookie was present, and at the same
time the kani instance was restarted, the cookie would now fail
to validate on the instance. This caused the user to experience an auth
loop where after every authentication they would see an error *despite*
logging in correctly, and then a refresh would show the correct
apps page.

This removes the auth_req cookie correctly even if it fails to
deserialise.
 2024-11-22 12:14:06 +10:00
Firstyear abbce9edf3 Improve warning around invalid JWT deserialisation (#3224) 
* Improve warning around invalid JWT deserialisation

* typo
 2024-11-22 12:14:06 +10:00
Georg 6458660a24 Correct spelling of occurred (#3222) 
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2024-11-22 12:14:06 +10:00
Firstyear a6dcb960d7 UI/Feature polish (#3191) 
Post release some small user issues arose

* Optimise the autofocus for logins with passkeys to limit clicks
* Sort login mechs by strength
* Fix cookies to persist between browser restarts
 2024-11-10 14:06:08 +10:00
George Wu 54cea7a9b7 Change CSS for applications so SVG scales nicely in Firefox. (#3200) 2024-11-10 14:06:08 +10:00
Firstyear 99573f2b94 Correct missing CSP header (#3177) 2024-11-05 14:50:27 +10:00
George Wu daba216803 Update missing inputmode numeric when adding a new TOTP. (#3160) 2024-10-30 12:24:36 +10:00
Firstyear 8afdc065bb Improve OAuth2 authorisation ux (#3158) 
- Resolve an issue where oauth2 could trigger the login page to
  incorrectly redirect to an oauth2 application instead of apps
- Add indication of what client application we are accessing
  if the session is not yet authenticated
 2024-10-29 18:16:27 +10:00
George Wu 750932b322 Change to text input and use numeric mode for TOTP prompts. (#3154) 
* Change to text input and use inputmode numeric for TOTP prompts.

* Fix some typos.
 2024-10-29 09:29:53 +10:00
Firstyear 2e6d940691
Remove WASM (#3148) 
liberal party took over, more cuts
 2024-10-26 17:19:13 +10:00
Wei Jian Gan bc55313d87
Harmonize UI and remove unused css (#3033) 
-------

Co-authored-by: Wei Jian Gan <wg@danicapension.dk>
Co-authored-by: William Brown <william@blackhats.net.au>
 2024-10-26 04:47:44 +00:00
James Hodgkinson 151a9ad90f
ripping out some extra packages (#3146) 2024-10-26 02:27:56 +00:00
James Hodgkinson 5a709520dc
OAuth2 Device flow foundations (#3098) 2024-10-26 12:08:48 +10:00
Firstyear b0824fef18
htmx by default (#3145) 
* htmx by default

* restore the webmanifest

* fixing unused import

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-10-26 01:44:00 +00:00
Firstyear d2ae2ca206
20241024 1271 cert reload on SIGHUP (#3140) 
reload certificates and keys on SIGHUP
 2024-10-25 00:01:30 +00:00
Firstyear ccb3848b88
Fix image when too smol (#3138) 2024-10-23 17:11:12 +10:00
James Hodgkinson bbe9ad1a06
yale's rabbit-hole-chasing-htmx-fixing-megapatch (#3135) 2024-10-23 16:04:38 +10:00
Firstyear 31420c3ff9
ipinfo should be single value (#3137) 2024-10-23 02:39:40 +00:00
Firstyear 48cd6638fe
Tidy the reauth ui (#3130) 
* Tidy the reauth ui
 2024-10-23 11:59:05 +10:00
George Wu 8b4d0d6ead
Add missing schemas to get OpenAPI validation to pass. (#3129) 2024-10-22 08:27:37 +10:00
George Wu 7eb54be487
Change some OperationError into HTTP Bad Request (400). (#3125) 2024-10-21 02:57:23 +00:00
George Wu 57aeeb5f94
Fill in some Swagger API docs for a few v1 endpoints. (#3126) 2024-10-20 07:56:34 +00:00
Merlijn 5064712fe6
Fix passkey auth flow redirects (#3123) 
* Fix passkey auth flow redirects
* Handle webauthn error
 2024-10-20 09:24:41 +10:00
George Wu a0944b8601
Log HTTP Not Found (404) as info log level. (#3119) 2024-10-19 07:00:29 +00:00
Firstyear 5a3e5f1e07
20241017 3107 token ttl (#3114) 2024-10-18 03:28:52 +00:00
James Hodgkinson b96eceb205
fix(lint) minor lint fix for unnecessary match use (#3118) 
sorry clippy I'm a better lintyboi naow
 2024-10-17 23:27:49 +00:00
George Wu 9836b2bf12
Totp input changes (#3115) 2024-10-17 06:45:13 +00:00
Firstyear 2075125439
Working scim entry get for person (#3088) 2024-10-15 04:29:45 +00:00
James Hodgkinson c8b3b6214c
Cache buster buster (#3091) 2024-10-15 01:54:46 +00:00
James Hodgkinson 6b48054a2e
fix(http): status content type should be JSON (#3096) 2024-10-15 01:28:07 +00:00
Merlijn 4e125b5043
Scim add EntryReference (#3079) 
Allow references to be displayed as a complex object
 2024-10-10 00:13:45 +00:00
Firstyear 131ff80b32
20240921 ssh keys and unix password in credential update session (#3056) 2024-10-03 05:57:18 +00:00
Merlijn 1778eaa380
[htmx] Make it harder to miss the save button on the cred update page (#3013) 2024-10-03 04:50:38 +00:00
Firstyear cc662f184a
20240925 cleanups (#3060) 2024-10-03 14:04:02 +10:00
CEbbinghaus d109622d71
Make good on some TechDebt (#3084) 
adds MissingClass & MissingAttribute OperationError kinds to more strongly type our error messages.
 2024-10-03 10:48:28 +10:00
dependabot[bot] 2dbeeaaedb
Bump the all group across 1 directory with 13 updates (#3080) 
Bumps the all group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [async-trait](https://github.com/dtolnay/async-trait) | `0.1.82` | `0.1.83` |
| [axum](https://github.com/tokio-rs/axum) | `0.7.6` | `0.7.7` |
| [clap](https://github.com/clap-rs/clap) | `4.5.18` | `4.5.19` |
| [hyper-util](https://github.com/hyperium/hyper-util) | `0.1.8` | `0.1.9` |
| [libc](https://github.com/rust-lang/libc) | `0.2.158` | `0.2.159` |
| [pkg-config](https://github.com/rust-lang/pkg-config-rs) | `0.3.30` | `0.3.31` |
| [regex](https://github.com/rust-lang/regex) | `1.10.6` | `1.11.0` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.7` | `0.12.8` |
| [serde_with](https://github.com/jonasbb/serde_with) | `3.9.0` | `3.10.0` |
| [syn](https://github.com/dtolnay/syn) | `2.0.77` | `2.0.79` |
| [tempfile](https://github.com/Stebalien/tempfile) | `3.12.0` | `3.13.0` |
| [tower-http](https://github.com/tower-rs/tower-http) | `0.6.0` | `0.6.1` |
| [jsonschema](https://github.com/Stranger6667/jsonschema-rs) | `0.20.0` | `0.21.0` |



Updates `async-trait` from 0.1.82 to 0.1.83
- [Release notes](https://github.com/dtolnay/async-trait/releases)
- [Commits](https://github.com/dtolnay/async-trait/compare/0.1.82...0.1.83)

Updates `axum` from 0.7.6 to 0.7.7
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.7.6...axum-v0.7.7)

Updates `clap` from 4.5.18 to 4.5.19
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.18...clap_complete-v4.5.19)

Updates `hyper-util` from 0.1.8 to 0.1.9
- [Release notes](https://github.com/hyperium/hyper-util/releases)
- [Changelog](https://github.com/hyperium/hyper-util/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper-util/compare/v0.1.8...v0.1.9)

Updates `libc` from 0.2.158 to 0.2.159
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.159/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.158...0.2.159)

Updates `pkg-config` from 0.3.30 to 0.3.31
- [Changelog](https://github.com/rust-lang/pkg-config-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/pkg-config-rs/compare/0.3.30...0.3.31)

Updates `regex` from 1.10.6 to 1.11.0
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.6...1.11.0)

Updates `reqwest` from 0.12.7 to 0.12.8
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.7...v0.12.8)

Updates `serde_with` from 3.9.0 to 3.10.0
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.9.0...v3.10.0)

Updates `syn` from 2.0.77 to 2.0.79
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.77...2.0.79)

Updates `tempfile` from 3.12.0 to 3.13.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.12.0...v3.13.0)

Updates `tower-http` from 0.6.0 to 0.6.1
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.6.0...tower-http-0.6.1)

Updates `jsonschema` from 0.20.0 to 0.21.0
- [Release notes](https://github.com/Stranger6667/jsonschema-rs/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema-rs/compare/rust-v0.20.0...rust-v0.21.0)

---
updated-dependencies:
- dependency-name: async-trait
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: hyper-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pkg-config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: reqwest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-02 13:18:53 +10:00
dependabot[bot] 41ac21743a
Bump the all group with 8 updates (#3053) 
Bumps the all group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [axum](https://github.com/tokio-rs/axum) | `0.7.5` | `0.7.6` |
| [bytes](https://github.com/tokio-rs/bytes) | `1.7.1` | `1.7.2` |
| [clap](https://github.com/clap-rs/clap) | `4.5.17` | `4.5.18` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.26` | `4.5.29` |
| [axum-extra](https://github.com/tokio-rs/axum) | `0.9.3` | `0.9.4` |
| [axum-macros](https://github.com/tokio-rs/axum) | `0.4.1` | `0.4.2` |
| [tower-http](https://github.com/tower-rs/tower-http) | `0.5.2` | `0.6.0` |
| [jsonschema](https://github.com/Stranger6667/jsonschema-rs) | `0.19.1` | `0.20.0` |


Updates `axum` from 0.7.5 to 0.7.6
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.7.5...axum-v0.7.6)

Updates `bytes` from 1.7.1 to 1.7.2
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.7.1...v1.7.2)

Updates `clap` from 4.5.17 to 4.5.18
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.17...clap_complete-v4.5.18)

Updates `clap_complete` from 4.5.26 to 4.5.29
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.26...clap_complete-v4.5.29)

Updates `axum-extra` from 0.9.3 to 0.9.4
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.9.3...axum-extra-v0.9.4)

Updates `axum-macros` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.4.1...axum-macros-v0.4.2)

Updates `tower-http` from 0.5.2 to 0.6.0
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.5.2...tower-http-0.6.0)

Updates `jsonschema` from 0.19.1 to 0.20.0
- [Release notes](https://github.com/Stranger6667/jsonschema-rs/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema-rs/compare/rust-v0.19.1...rust-v0.20.0)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-23 09:37:42 +10:00