mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2198 commits 17 branches 59 tags 246 MiB
Commit graph

2198 commits

This branch
This branch
All branches
Author SHA1 Message Date
Firstyear 0b2f349aec
SCIM Sync Missing Annotation (#3300) 
A missing serde annotion in SCIM Sync caused groups to fail to
sync unless they had a description. This resolves the failure
by adding the correct annotation to skip None fields in groups.
 2024-12-17 14:18:30 +10:00
Firstyear eba8dff23a
Ignore system users for UPG synthesiseation (#3297) 
Our unix resolver would attempt the right thing to synthesise
user private groups on linux as these are an important security
boundary. However, it turns out that almost every distro has
botched their default system user accounts, and many are
installed with numeric-only UPGs that don't resolve. In the
case that later the user does attempt to fix that, because we
synthesised as UPG for the system account, the user trying to
add the UPG would now fail. In some cases this could cause
system updates to be prevented from installing.

This change limits UPG synth to user accounts only (uid > 1000)
which is the common uid boundary on unix-like platforms.
 2024-12-17 13:08:17 +10:00
Firstyear 7e9c33ab03
Limit OAuth2 resumption to session (#3296) 
OAuth2 session resumption was accidentally made a permanent cookie
which led to continuing issues with it causing invalid redirections
after login. Make this a session only cookie.
 2024-12-17 11:37:16 +10:00
Firstyear 6c3b8500a2
Use specific errors for intent token revoked (#3291) 
Rather than the generic 'invalid state' error, we now return
proper site-specific errors for credential commit failures, with
error messages to explain what went wrong.
 2024-12-16 10:28:00 +10:00
Firstyear 5d75c9b247
Autocomplete password during reauth with TOTP (#3290) 
During a re-auth flow, the password was not autocompleted once
totp was autocompleted. This is because in a normal login flow
the autocomplete is performed on the first login.html page,
but in a re-auth we skip that page.

This adds the proper handling to allow the pw to autofill
in the background once the TOTP is completed.
 2024-12-15 23:43:29 +00:00
dependabot[bot] 6db0cdc345
Bump the all group with 6 updates (#3294) 
Bumps the all group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [chrono](https://github.com/chronotope/chrono) | `0.4.38` | `0.4.39` |
| [libc](https://github.com/rust-lang/libc) | `0.2.167` | `0.2.168` |
| [rustls](https://github.com/rustls/rustls) | `0.23.19` | `0.23.20` |
| [serde](https://github.com/serde-rs/serde) | `1.0.215` | `1.0.216` |
| [tower](https://github.com/tower-rs/tower) | `0.5.1` | `0.5.2` |
| [fantoccini](https://github.com/jonhoo/fantoccini) | `0.21.2` | `0.21.3` |


Updates `chrono` from 0.4.38 to 0.4.39
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.38...v0.4.39)

Updates `libc` from 0.2.167 to 0.2.168
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.168/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.167...0.2.168)

Updates `rustls` from 0.23.19 to 0.23.20
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.19...v/0.23.20)

Updates `serde` from 1.0.215 to 1.0.216
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.215...v1.0.216)

Updates `tower` from 0.5.1 to 0.5.2
- [Release notes](https://github.com/tower-rs/tower/releases)
- [Commits](https://github.com/tower-rs/tower/compare/tower-0.5.1...tower-0.5.2)

Updates `fantoccini` from 0.21.2 to 0.21.3
- [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.2...v0.21.3)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tower
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: fantoccini
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-15 22:17:05 +00:00
dependabot[bot] 6abdb12e35
Bump mozilla-actions/sccache-action from 0.0.6 to 0.0.7 in the all group (#3295) 
Bumps the all group with 1 update: [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action).


Updates `mozilla-actions/sccache-action` from 0.0.6 to 0.0.7
- [Release notes](https://github.com/mozilla-actions/sccache-action/releases)
- [Commits](https://github.com/mozilla-actions/sccache-action/compare/v0.0.6...v0.0.7)

---
updated-dependencies:
- dependency-name: mozilla-actions/sccache-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-16 07:50:01 +10:00
dependabot[bot] d62c17cd0e
Bump the all group in /pykanidm with 2 updates (#3293) 
Bumps the all group in /pykanidm with 2 updates: [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [ruff](https://github.com/astral-sh/ruff).


Updates `pytest-asyncio` from 0.24.0 to 0.25.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.24.0...v0.25.0)

Updates `ruff` from 0.8.2 to 0.8.3
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.2...0.8.3)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-15 20:27:40 +00:00
Firstyear a8d149db16
remove unused webauthn features. (#3286) 
While improving the webauthn feature handling yesterday I accidentally left mozilla enabled on linux which doesn't need it and u2fhid on macos.

In the future the plan is to swap fully to u2fhid, but in the mean time we need mozilla for freebsd support. That's something I'll need to work on later with @micolous.
 2024-12-12 22:19:10 -05:00
Firstyear 5dfba2a0ef
Add CORS headers to jwks and userinfo (#3283) 
When using jwks from a single page application, the keys and
userinfo were unable to be retrieved due to missing cors headers.
 2024-12-13 00:23:54 +00:00
Firstyear 60cc830ebd
Cleanup webauthn features (#3285) 2024-12-12 06:56:12 -05:00
Firstyear 4ee9a3a098
Minor tweaks to cred reset ui (#3284) 2024-12-11 21:53:22 +00:00
dependabot[bot] b2906829e2
Bump the all group across 1 directory with 6 updates (#3280) 
Bumps the all group with 6 updates in the /pykanidm directory:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.10.2` | `2.10.3` |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.11.8` | `3.11.10` |
| [pylint-pydantic](https://github.com/fcfangcc/pylint-pydantic) | `0.3.2` | `0.3.4` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.6.8` | `7.6.9` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.47` | `9.5.48` |
| [ruff](https://github.com/astral-sh/ruff) | `0.8.1` | `0.8.2` |



Updates `pydantic` from 2.10.2 to 2.10.3
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.10.2...v2.10.3)

Updates `aiohttp` from 3.11.8 to 3.11.10
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.11.8...v3.11.10)

Updates `pylint-pydantic` from 0.3.2 to 0.3.4
- [Release notes](https://github.com/fcfangcc/pylint-pydantic/releases)
- [Commits](https://github.com/fcfangcc/pylint-pydantic/compare/v0.3.2...v0.3.4)

Updates `coverage` from 7.6.8 to 7.6.9
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.8...7.6.9)

Updates `mkdocs-material` from 9.5.47 to 9.5.48
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.47...9.5.48)

Updates `ruff` from 0.8.1 to 0.8.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.1...0.8.2)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pylint-pydantic
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-11 14:49:46 +00:00
Firstyear 07b9ca8939
Allow group managers to modify entry-managed-by (#3272) 
When we added entry-managed-by, we allowed it to be set on group creation but not post-group-creation. The idea was to delegate ownership of the group. However, this has the obvious trap that an account group like idm_admins can't alter entry-managed-by post creation, needing the use of the admin account which has access control privs, or a delete and recreate of the entry.

Since the idm admin could delete and recreate the group with a new entry manager, there is functionally no difference to allowing them to modify the entry-managed-by here of low priv groups. This changes the group manager access control by default to allow this.
 2024-12-10 03:49:57 +00:00
George Wu cae780e091
pykanidm: Make a little dry. (#3281) 
* pykanidm: Make a little dry
 2024-12-09 04:50:20 +00:00
dependabot[bot] 5dfbf7ca79
Bump the all group with 5 updates (#3278) 
Bumps the all group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [anyhow](https://github.com/dtolnay/anyhow) | `1.0.93` | `1.0.94` |
| [clap](https://github.com/clap-rs/clap) | `4.5.21` | `4.5.23` |
| [http](https://github.com/hyperium/http) | `1.1.0` | `1.2.0` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.41.1` | `1.42.0` |
| [tokio-util](https://github.com/tokio-rs/tokio) | `0.7.12` | `0.7.13` |


Updates `anyhow` from 1.0.93 to 1.0.94
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.93...1.0.94)

Updates `clap` from 4.5.21 to 4.5.23
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.21...clap_complete-v4.5.23)

Updates `http` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/hyperium/http/releases)
- [Changelog](https://github.com/hyperium/http/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/http/compare/v1.1.0...v1.2.0)

Updates `tokio` from 1.41.1 to 1.42.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.41.1...tokio-1.42.0)

Updates `tokio-util` from 0.7.12 to 0.7.13
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-util-0.7.12...tokio-util-0.7.13)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: http
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tokio-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-09 03:44:41 +00:00
George Wu 97a1c39d62
pykanidm: Add retrieving credential reset token for a person. (#3279) 2024-12-08 21:52:51 -05:00
Firstyear 9b3350f753
Cleanup of println and other outputs (#3266) 2024-12-04 15:13:14 +10:00
James Hodgkinson 516874460b
Canonicalize path for user shell check (#3265) 2024-12-04 11:55:30 +10:00
James Hodgkinson 388ed679a8
Check DNS on replication loop start not at task start (#3243) 2024-12-03 03:58:16 +00:00
Firstyear 64fcb61d5e
Work around systemd race condition (#3262) 
Systemd reload can't handle us reloading so quickly which
causes "reload or restart" to always "restart" kanidm incorrectly.
 2024-12-03 03:09:05 +00:00
James Hodgkinson 42459f56b0
fix(docstrings): minor lack of formatting breaking things (#3260) 2024-12-03 12:52:31 +10:00
James Hodgkinson 4f53bce3d3
Devcontainertainertainer (#3251) 2024-12-02 11:02:56 +00:00
Peter Lehmann ac3cf1f363
grafana: update example to work with strict redirect uri checking (#3259) 2024-12-02 05:40:01 +00:00
dependabot[bot] b4ca356b8d
Bump the all group in /pykanidm with 5 updates (#3257) 
Bumps the all group in /pykanidm with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.10.1` | `2.10.2` |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.11.7` | `3.11.8` |
| [pytest](https://github.com/pytest-dev/pytest) | `8.3.3` | `8.3.4` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.45` | `9.5.47` |
| [ruff](https://github.com/astral-sh/ruff) | `0.8.0` | `0.8.1` |


Updates `pydantic` from 2.10.1 to 2.10.2
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.10.1...v2.10.2)

Updates `aiohttp` from 3.11.7 to 3.11.8
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.11.7...v3.11.8)

Updates `pytest` from 8.3.3 to 8.3.4
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/8.3.3...8.3.4)

Updates `mkdocs-material` from 9.5.45 to 9.5.47
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.45...9.5.47)

Updates `ruff` from 0.8.0 to 0.8.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.0...0.8.1)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-01 22:20:14 +00:00
dependabot[bot] a9c354d578
Bump the all group with 6 updates (#3258) 
Bumps the all group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [bytes](https://github.com/tokio-rs/bytes) | `1.8.0` | `1.9.0` |
| [libc](https://github.com/rust-lang/libc) | `0.2.164` | `0.2.167` |
| [rustls](https://github.com/rustls/rustls) | `0.23.18` | `0.23.19` |
| [syn](https://github.com/dtolnay/syn) | `2.0.89` | `2.0.90` |
| [tracing](https://github.com/tokio-rs/tracing) | `0.1.40` | `0.1.41` |
| [tracing-subscriber](https://github.com/tokio-rs/tracing) | `0.3.18` | `0.3.19` |


Updates `bytes` from 1.8.0 to 1.9.0
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.8.0...v1.9.0)

Updates `libc` from 0.2.164 to 0.2.167
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.167/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.164...0.2.167)

Updates `rustls` from 0.23.18 to 0.23.19
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.18...v/0.23.19)

Updates `syn` from 2.0.89 to 2.0.90
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.89...2.0.90)

Updates `tracing` from 0.1.40 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.40...tracing-0.1.41)

Updates `tracing-subscriber` from 0.3.18 to 0.3.19
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.18...tracing-subscriber-0.3.19)

---
updated-dependencies:
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tracing-subscriber
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 07:56:02 +10:00
Firstyear ea0e63cc2a
20240927 SCIM put (#3151) 2024-11-30 06:56:17 +00:00
Firstyear 8bbdf6bd6a
Clear invalid tokens from unix resolver (#3256) 2024-11-30 06:32:10 +00:00
Firstyear db101e6d26
Clippy Lints (#3255) 2024-11-30 06:13:26 +00:00
James Hodgkinson c1ed939c28
Allow OAuth2 loopback redirects if the path matches (#3252) 2024-11-30 05:40:05 +00:00
Firstyear 4528a1bda0
Correctly display domain name on login (#3254) 2024-11-30 04:13:27 +00:00
Firstyear 52987ab8b2
Display account_id during success/deny paths in unixd (#3253) 2024-11-30 13:57:01 +10:00
George Wu 974fec1d93
s/idm_people_self_write_mail/idm_people_self_mail_write/g (#3250) 2024-11-30 09:13:34 +10:00
James Hodgkinson a5adf8bcad
handle missing map_group setting in config (#3242) 2024-11-29 02:03:48 +00:00
micolous fa77076a95
owncloud: Add SameSite=Lax config for cross-domain auth (#3245) 2024-11-28 17:44:12 +10:00
dependabot[bot] 615f07f7d3
Bump the all group across 1 directory with 7 updates (#3238) 
* Bump the all group across 1 directory with 7 updates

Bumps the all group with 7 updates in the /pykanidm directory:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.9.2` | `2.10.1` |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.10.11` | `3.11.7` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.6.4` | `7.6.8` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.44` | `9.5.45` |
| [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings) | `0.26.2` | `0.27.0` |
| [pook](https://github.com/h2non/pook) | `2.1.1` | `2.1.2` |
| [ruff](https://github.com/astral-sh/ruff) | `0.7.2` | `0.8.0` |



Updates `pydantic` from 2.9.2 to 2.10.1
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.9.2...v2.10.1)

Updates `aiohttp` from 3.10.11 to 3.11.7
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.10.11...v3.11.7)

Updates `coverage` from 7.6.4 to 7.6.8
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.4...7.6.8)

Updates `mkdocs-material` from 9.5.44 to 9.5.45
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.44...9.5.45)

Updates `mkdocstrings` from 0.26.2 to 0.27.0
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.26.2...0.27.0)

Updates `pook` from 2.1.1 to 2.1.2
- [Release notes](https://github.com/h2non/pook/releases)
- [Changelog](https://github.com/h2non/pook/blob/master/History.rst)
- [Commits](https://github.com/h2non/pook/compare/v2.1.1...v2.1.2)

Updates `ruff` from 0.7.2 to 0.8.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.2...0.8.0)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: pook
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>

* fixing minor mypy issue

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-11-25 20:33:18 +10:00
James Hodgkinson 0054fe17fe
Yaleman/issue3229 (#3239) 
* Fix wrong success message on kanidm group set-entry-manager #3229
 2024-11-25 09:38:46 +10:00
dependabot[bot] 767c5014d5
Bump the all group across 1 directory with 12 updates (#3235) 
Bumps the all group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axum](https://github.com/tokio-rs/axum) | `0.7.7` | `0.7.9` |
| [clap](https://github.com/clap-rs/clap) | `4.5.20` | `4.5.21` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.37` | `4.5.38` |
| [hyper](https://github.com/hyperium/hyper) | `1.5.0` | `1.5.1` |
| [libc](https://github.com/rust-lang/libc) | `0.2.162` | `0.2.164` |
| [proc-macro2](https://github.com/dtolnay/proc-macro2) | `1.0.89` | `1.0.92` |
| [rustls](https://github.com/rustls/rustls) | `0.23.16` | `0.23.18` |
| [serde](https://github.com/serde-rs/serde) | `1.0.214` | `1.0.215` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.132` | `1.0.133` |
| [syn](https://github.com/dtolnay/syn) | `2.0.87` | `2.0.89` |
| [axum-extra](https://github.com/tokio-rs/axum) | `0.9.4` | `0.9.6` |
| [tower-http](https://github.com/tower-rs/tower-http) | `0.6.1` | `0.6.2` |



Updates `axum` from 0.7.7 to 0.7.9
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.7.7...axum-v0.7.9)

Updates `clap` from 4.5.20 to 4.5.21
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.20...clap_complete-v4.5.21)

Updates `clap_complete` from 4.5.37 to 4.5.38
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.37...clap_complete-v4.5.38)

Updates `hyper` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper/compare/v1.5.0...v1.5.1)

Updates `libc` from 0.2.162 to 0.2.164
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.162...0.2.164)

Updates `proc-macro2` from 1.0.89 to 1.0.92
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.89...1.0.92)

Updates `rustls` from 0.23.16 to 0.23.18
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.16...v/0.23.18)

Updates `serde` from 1.0.214 to 1.0.215
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.214...v1.0.215)

Updates `serde_json` from 1.0.132 to 1.0.133
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.132...v1.0.133)

Updates `syn` from 2.0.87 to 2.0.89
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.87...2.0.89)

Updates `axum-extra` from 0.9.4 to 0.9.6
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.9.4...axum-extra-v0.9.6)

Updates `tower-http` from 0.6.1 to 0.6.2
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.6.1...tower-http-0.6.2)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: hyper
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: proc-macro2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-24 23:18:24 +10:00
Firstyear bd53c88229
Update to latest fido-mds-tool (#3230) 2024-11-22 06:57:39 +00:00
Firstyear d2f5e13c97
Warn when v2 options are used in v1 unixd config (#3228) 
Options like map_group would fail silently when version=2 wasn't
set in our unix config. this detects that case and warns that it
is occuring.

To prevent this in the future, we deny unknown keys in v2 so that
if (when?) we add v3, new keys will cause an error.
 2024-11-22 02:02:04 +00:00
dependabot[bot] 5393891ea8
Bump aiohttp from 3.10.10 to 3.10.11 in /pykanidm in the pip group (#3223) 
Bumps the pip group in /pykanidm with 1 update: [aiohttp](https://github.com/aio-libs/aiohttp).


Updates `aiohttp` from 3.10.10 to 3.10.11
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.10.10...v3.10.11)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-21 10:27:43 +00:00
Firstyear 809cacdb85
Resolve UI Auth Loop with OAuth2 (#3226) 
If an OAuth2 auth request resume cookie was present, and at the same
time the kani instance was restarted, the cookie would now fail
to validate on the instance. This caused the user to experience an auth
loop where after every authentication they would see an error *despite*
logging in correctly, and then a refresh would show the correct
apps page.

This removes the auth_req cookie correctly even if it fails to
deserialise.
 2024-11-21 09:29:35 +00:00
Firstyear ce0ad8f854
Harden transport in pam unixd (#3227) 
In some cases if the transport drops out from underneath unixd,
it can be difficult to diagnose and leads to inconsistent errors
and output such as prompting for a password multiple times when
it can't succeed.

This makes it clearer that the transport had an error, and it
denies the inflight authsession to prevent spurious password
prompts.
 2024-11-21 07:43:14 +00:00
Firstyear 7348c0348a
Improve warning around invalid JWT deserialisation (#3224) 
* Improve warning around invalid JWT deserialisation

* typo
 2024-11-21 06:52:43 +00:00
George Wu 505e7d9530
Update and fix server config files in examples. (#3225) 2024-11-20 16:57:49 +10:00
George Wu ed38e92448
Change CLI oauth2 command from set-display-name to set-displayname for consistency. (#3212) 
* Change CLI domain command from set-display-name to set-displayname for consistency.

* Also fix CLI.
 2024-11-19 04:28:07 +00:00
George Wu 155225c0f9
Add docs on customising Kanidm. (#3209) 
* Add docs on customising Kanidm.

* Add more info about images that can be used.

* s/set-display-name/set-displayname/g
 2024-11-19 01:37:44 +00:00
Georg 77e13b817a
Correct spelling of occurred (#3222) 
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2024-11-19 00:37:51 +00:00
dependabot[bot] 9c49c831c1
Bump the all group across 1 directory with 13 updates (#3202) 
Bumps the all group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [anyhow](https://github.com/dtolnay/anyhow) | `1.0.91` | `1.0.93` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.35` | `4.5.37` |
| [csv](https://github.com/BurntSushi/rust-csv) | `1.3.0` | `1.3.1` |
| [hyper-util](https://github.com/hyperium/hyper-util) | `0.1.9` | `0.1.10` |
| [libc](https://github.com/rust-lang/libc) | `0.2.161` | `0.2.162` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.8` | `0.12.9` |
| [rustls](https://github.com/rustls/rustls) | `0.23.15` | `0.23.16` |
| [serde](https://github.com/serde-rs/serde) | `1.0.213` | `1.0.214` |
| [syn](https://github.com/dtolnay/syn) | `2.0.85` | `2.0.87` |
| [tempfile](https://github.com/Stebalien/tempfile) | `3.13.0` | `3.14.0` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.41.0` | `1.41.1` |
| [escargot](https://github.com/crate-ci/escargot) | `0.5.12` | `0.5.13` |
| [jsonschema](https://github.com/Stranger6667/jsonschema) | `0.26.0` | `0.26.1` |



Updates `anyhow` from 1.0.91 to 1.0.93
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.91...1.0.93)

Updates `clap_complete` from 4.5.35 to 4.5.37
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.35...clap_complete-v4.5.37)

Updates `csv` from 1.3.0 to 1.3.1
- [Commits](https://github.com/BurntSushi/rust-csv/compare/1.3.0...1.3.1)

Updates `hyper-util` from 0.1.9 to 0.1.10
- [Release notes](https://github.com/hyperium/hyper-util/releases)
- [Changelog](https://github.com/hyperium/hyper-util/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper-util/compare/v0.1.9...v0.1.10)

Updates `libc` from 0.2.161 to 0.2.162
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.162/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.161...0.2.162)

Updates `reqwest` from 0.12.8 to 0.12.9
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.8...v0.12.9)

Updates `rustls` from 0.23.15 to 0.23.16
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.15...v/0.23.16)

Updates `serde` from 1.0.213 to 1.0.214
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.213...v1.0.214)

Updates `syn` from 2.0.85 to 2.0.87
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.85...2.0.87)

Updates `tempfile` from 3.13.0 to 3.14.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.13.0...v3.14.0)

Updates `tokio` from 1.41.0 to 1.41.1
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.41.0...tokio-1.41.1)

Updates `escargot` from 0.5.12 to 0.5.13
- [Changelog](https://github.com/crate-ci/escargot/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/escargot/compare/v0.5.12...v0.5.13)

Updates `jsonschema` from 0.26.0 to 0.26.1
- [Release notes](https://github.com/Stranger6667/jsonschema/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema/compare/rust-v0.26.0...rust-v0.26.1)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: csv
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: hyper-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: reqwest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: escargot
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-12 20:01:35 +09:00
Firstyear dfbcfa865f
UI/Feature polish (#3191) 
Post release some small user issues arose

* Optimise the autofocus for logins with passkeys to limit clicks
* Sort login mechs by strength
* Fix cookies to persist between browser restarts
 2024-11-10 04:02:27 +00:00