mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 04:27:02 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity
2255 commits 17 branches 59 tags 246 MiB
Commit graph

2255 commits

This branch
This branch
All branches
Author SHA1 Message Date
Wei Jian Gan 0ce1bbeddc
SSH Keys in Credentials Update (#3027) 2025-02-08 11:54:41 +10:00
Firstyear ad3cf8828f
20250205 3369 firefox pin (#3403) 
Improve error message when passkey is missing PIN

Firefox still doesn't support setting a PIN on new devices. Because
of this we need a way to return a better error message for devices
that don't have UV configured.
 2025-02-06 00:33:59 +00:00
Firstyear 43b7f80535
Correctly return that uuid2spn changed on domain rename (#3402) 
Due to a missing equality check in value, when a domain
rename occured, the uuid2spn index differential function
did not correctly detect that the domain name had updated
which meant that the uuid2spn index was not updated. Only
this index was affected, and a manual reindex would
resolve.
 2025-02-06 08:50:45 +10:00
Firstyear 41b2eac1f4
Fix the password reset form and possible resolver issue (#3398) 
While testing for everything open I noticed two possible
issues. This PR fixes both.

The first is a possible recursion in the resolver. I think
I need to fix up it's transactions a bit in another PR.

The second was that the submit button on the reset form
doesn't work. This fixes that as well as post reset redirecting
to the correct location.
 2025-02-05 14:18:09 +10:00
James 4938c6796b
Add handle_group_error to cli client (#3399) 
Closes #2616
 2025-02-05 02:52:20 +00:00
Firstyear 9c2825b9dc
Improve spans in unixd (#3397) 
Some areas of the code were emitting 0 uuids, rather than associating
a client/connection uuid. This improves the startup and client handling
code so that we have stable uuids present during operation.
 2025-02-05 01:33:30 +00:00
Firstyear 9505b5a732
Allow OAuth2 with empty state parameter (#3396) 2025-02-05 00:39:53 +00:00
James Hodgkinson 3b3c029e30
#3387 - RADIUS Startup fixin's (#3388) 
* fix: outdated poetry.toml entries
* fix: better handling errors on startup in radius_entrypoint
* fix: radiusd eap config, removing dh_file per error message in freeradius startup
* fix: updating docs to be a little clearer and reflect new config
* fix: fixing up handling dhparam, trying to throw better errors
* fix: unified how the config path is found in pykanidm radius, new default config path

---------

Co-authored-by: Firstyear <william@blackhats.net.au>
 2025-02-04 09:30:25 +00:00
Jason 99e37e987a
Allow POST on oauth userinfo (#3395) 2025-02-04 06:22:32 +00:00
Andris Raugulis d4c5a6f4a9
OpenBSD support (#3381) 
* Implement OpenBSD support.
 2025-02-03 22:39:50 +00:00
dependabot[bot] d3457ff3c1
Bump openssl from 0.10.69 to 0.10.70 in the cargo group (#3391) 
Bumps the cargo group with 1 update: [openssl](https://github.com/sfackler/rust-openssl).


Updates `openssl` from 0.10.69 to 0.10.70
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: direct:production
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-04 08:21:03 +10:00
James f93d07b6cc
Add /.well-known/change-password endpoint (#3382) 
* feat: Add /.well-known/change-password endpoint
* fix: make the https view constants available inside the crate

---------
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2025-02-03 00:57:05 +00:00
dependabot[bot] 351fdcdef0
Bump the all group across 1 directory with 7 updates (#3385) 
Bumps the all group with 7 updates in the /pykanidm directory:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.10.5` | `2.10.6` |
| [authlib](https://github.com/lepture/authlib) | `1.4.0` | `1.4.1` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `0.25.2` | `0.25.3` |
| [pytest-aiohttp](https://github.com/aio-libs/pytest-aiohttp) | `1.0.5` | `1.1.0` |
| [black](https://github.com/psf/black) | `24.10.0` | `25.1.0` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.50` | `9.6.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.9.2` | `0.9.4` |



Updates `pydantic` from 2.10.5 to 2.10.6
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.10.5...v2.10.6)

Updates `authlib` from 1.4.0 to 1.4.1
- [Release notes](https://github.com/lepture/authlib/releases)
- [Changelog](https://github.com/lepture/authlib/blob/master/docs/changelog.rst)
- [Commits](https://github.com/lepture/authlib/compare/v1.4.0...v1.4.1)

Updates `pytest-asyncio` from 0.25.2 to 0.25.3
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.25.2...v0.25.3)

Updates `pytest-aiohttp` from 1.0.5 to 1.1.0
- [Release notes](https://github.com/aio-libs/pytest-aiohttp/releases)
- [Changelog](https://github.com/aio-libs/pytest-aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/pytest-aiohttp/compare/v1.0.5...v1.1.0)

Updates `black` from 24.10.0 to 25.1.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/24.10.0...25.1.0)

Updates `mkdocs-material` from 9.5.50 to 9.6.1
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.50...9.6.1)

Updates `ruff` from 0.9.2 to 0.9.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.2...0.9.4)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: authlib
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-aiohttp
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-03 09:05:30 +11:00
Fabian Kammel 1453ba5d74
extend oauth2 examples with gitea (#3351) 
* extend oauth2 examples with gitea
* add myself to contributors

---------

Signed-off-by: Fabian Kammel <fabian@kammel.dev>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2025-01-29 05:41:03 +00:00
dependabot[bot] ed76bdbfb1
Bump the all group with 22 updates (#3376) 
* Bump the all group with 22 updates

Bumps the all group with 22 updates:

| Package | From | To |
| --- | --- | --- |
| [async-trait](https://github.com/dtolnay/async-trait) | `0.1.83` | `0.1.85` |
| [bitflags](https://github.com/bitflags/bitflags) | `2.6.0` | `2.8.0` |
| [clap](https://github.com/clap-rs/clap) | `4.5.23` | `4.5.27` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.40` | `4.5.42` |
| [lodepng](https://github.com/kornelski/lodepng-rust) | `3.10.7` | `3.11.0` |
| [openssl](https://github.com/sfackler/rust-openssl) | `0.10.68` | `0.10.69` |
| [proc-macro2](https://github.com/dtolnay/proc-macro2) | `1.0.92` | `1.0.93` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.11` | `0.12.12` |
| [rustls](https://github.com/rustls/rustls) | `0.23.20` | `0.23.21` |
| [sd-notify](https://github.com/lnicola/sd-notify) | `0.4.4` | `0.4.5` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.134` | `1.0.137` |
| [syn](https://github.com/dtolnay/syn) | `2.0.93` | `2.0.96` |
| [tempfile](https://github.com/Stebalien/tempfile) | `3.14.0` | `3.15.0` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.42.0` | `1.43.0` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.11.0` | `1.12.1` |
| [oauth2](https://github.com/ramosbugs/oauth2-rs) | `4.4.2` | `5.0.0` |
| [cc](https://github.com/rust-lang/cc-rs) | `1.2.6` | `1.2.10` |
| [axum-extra](https://github.com/tokio-rs/axum) | `0.9.6` | `0.10.0` |
| [axum-macros](https://github.com/tokio-rs/axum) | `0.4.2` | `0.5.0` |
| [fantoccini](https://github.com/jonhoo/fantoccini) | `0.21.3` | `0.21.4` |
| [petgraph](https://github.com/petgraph/petgraph) | `0.6.5` | `0.7.1` |
| [jsonschema](https://github.com/Stranger6667/jsonschema) | `0.28.0` | `0.28.3` |


Updates `async-trait` from 0.1.83 to 0.1.85
- [Release notes](https://github.com/dtolnay/async-trait/releases)
- [Commits](https://github.com/dtolnay/async-trait/compare/0.1.83...0.1.85)

Updates `bitflags` from 2.6.0 to 2.8.0
- [Release notes](https://github.com/bitflags/bitflags/releases)
- [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bitflags/bitflags/compare/2.6.0...2.8.0)

Updates `clap` from 4.5.23 to 4.5.27
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.23...clap_complete-v4.5.27)

Updates `clap_complete` from 4.5.40 to 4.5.42
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.40...clap_complete-v4.5.42)

Updates `lodepng` from 3.10.7 to 3.11.0
- [Commits](https://github.com/kornelski/lodepng-rust/compare/v3.10.7...v3.11.0)

Updates `openssl` from 0.10.68 to 0.10.69
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69)

Updates `proc-macro2` from 1.0.92 to 1.0.93
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.92...1.0.93)

Updates `reqwest` from 0.12.11 to 0.12.12
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.11...v0.12.12)

Updates `rustls` from 0.23.20 to 0.23.21
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.20...v/0.23.21)

Updates `sd-notify` from 0.4.4 to 0.4.5
- [Changelog](https://github.com/lnicola/sd-notify/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lnicola/sd-notify/compare/v0.4.4...v0.4.5)

Updates `serde_json` from 1.0.134 to 1.0.137
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.134...v1.0.137)

Updates `syn` from 2.0.93 to 2.0.96
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.93...2.0.96)

Updates `tempfile` from 3.14.0 to 3.15.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.14.0...v3.15.0)

Updates `tokio` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.42.0...tokio-1.43.0)

Updates `uuid` from 1.11.0 to 1.12.1
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.11.0...1.12.1)

Updates `oauth2` from 4.4.2 to 5.0.0
- [Release notes](https://github.com/ramosbugs/oauth2-rs/releases)
- [Upgrade guide](https://github.com/ramosbugs/oauth2-rs/blob/main/UPGRADE.md)
- [Commits](https://github.com/ramosbugs/oauth2-rs/compare/4.4.2...5.0.0)

Updates `cc` from 1.2.6 to 1.2.10
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/cc-rs/compare/cc-v1.2.6...cc-v1.2.10)

Updates `axum-extra` from 0.9.6 to 0.10.0
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.9.6...axum-extra-v0.10.0)

Updates `axum-macros` from 0.4.2 to 0.5.0
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.4.2...axum-macros-v0.5.0)

Updates `fantoccini` from 0.21.3 to 0.21.4
- [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.3...v0.21.4)

Updates `petgraph` from 0.6.5 to 0.7.1
- [Changelog](https://github.com/petgraph/petgraph/blob/master/RELEASES.rst)
- [Commits](https://github.com/petgraph/petgraph/compare/petgraph@v0.6.5...petgraph@v0.7.1)

Updates `jsonschema` from 0.28.0 to 0.28.3
- [Release notes](https://github.com/Stranger6667/jsonschema/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema/compare/rust-v0.28.0...rust-v0.28.3)

---
updated-dependencies:
- dependency-name: async-trait
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: bitflags
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: lodepng
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: openssl
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: proc-macro2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: reqwest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: sd-notify
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: oauth2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: cc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: fantoccini
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: petgraph
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>

* ok the otel stuff works now

* linting fixes

* fix: less parse more from_str, adding a todo

* fix: removing a TODO

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2025-01-29 13:57:38 +10:00
CEbbinghaus 12532ee32d
Book: Added small section on primary cred fallback (#3365) 2025-01-21 09:45:06 +00:00
CEbbinghaus 10f03e19c0
Added shell.nix to create dev environment (#3362) 2025-01-21 09:26:43 +00:00
George Wu c324fa92f5
fix(ci): Add setup-oras step to include ORAS CLI for container builds on ubuntu-24.04. (#3368) 2025-01-21 09:43:26 +13:00
Firstyear b3be758b74
20250114 3325 SCIM access control (#3359) 
Add an extended query operation to return effective access controls so that UI's can dynamically display what is or is not editable on an entry.
 2025-01-20 11:28:22 +00:00
George Wu b03f842728
Small UI updates. (#3361) 
* Delete unused htmx javascript files.

* Consistently mention applications instead of apps.

* Small formatting change for enrol device.

* Update phrasing in credentials page.
 2025-01-20 04:52:53 +00:00
dependabot[bot] 27cc31dace
Bump the all group in /pykanidm with 2 updates (#3366) 
Bumps the all group in /pykanidm with 2 updates: [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [ruff](https://github.com/astral-sh/ruff).


Updates `mkdocs-material` from 9.5.49 to 9.5.50
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.49...9.5.50)

Updates `ruff` from 0.9.1 to 0.9.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.1...0.9.2)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-20 16:39:34 +13:00
Georg dd1d148543
Repair systemd reload notifications (#3355) 
In order for the RELOAD and the subsequent READY notifications to be
correctly processed, the RELOAD notification must be accompanied with a
MONOTONIC_USEC one.
 2025-01-17 15:17:58 +10:00
James Hodgkinson 419c4a1827
fix: unrecoverable error page doesn't include logo or domain name (#3352) 2025-01-14 03:49:20 +00:00
dependabot[bot] 2d439c508f
Bump jinja2 from 3.1.4 to 3.1.5 in /pykanidm in the pip group (#3358) 
Bumps the pip group in /pykanidm with 1 update: [jinja2](https://github.com/pallets/jinja).


Updates `jinja2` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.5)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-13 07:46:33 +10:00
dependabot[bot] ba24ffb1e0
Bump the all group in /pykanidm with 4 updates (#3356) 
Bumps the all group in /pykanidm with 4 updates: [pydantic](https://github.com/pydantic/pydantic), [pylint-pydantic](https://github.com/fcfangcc/pylint-pydantic), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [ruff](https://github.com/astral-sh/ruff).


Updates `pydantic` from 2.10.4 to 2.10.5
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.10.4...v2.10.5)

Updates `pylint-pydantic` from 0.3.4 to 0.3.5
- [Release notes](https://github.com/fcfangcc/pylint-pydantic/releases)
- [Commits](https://github.com/fcfangcc/pylint-pydantic/compare/v0.3.4...v0.3.5)

Updates `pytest-asyncio` from 0.25.1 to 0.25.2
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.25.1...v0.25.2)

Updates `ruff` from 0.8.6 to 0.9.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.6...0.9.1)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pylint-pydantic
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-13 07:15:39 +10:00
Firstyear e7d91ed55d
20250110 eo fixes (#3353) 
While preparing for everything open, I found a small number of doc/book issues, some logging issues, and some minor performance wins. This pr is just small bits of various polish around the place.
 2025-01-12 03:53:31 +00:00
Jalil David Salamé Messina c4bc1ff546
fix(server/config): reduce string allocations (#3350) 
Previously the code would do `key.replace("KANIDM_", "")`, this
allocates a new string, which is unnecessary, as we can simply call
`strip_prefix("KANIDM_")`.

This removes the `KANIDM_` prefix from a bunch of places, and doubles as
a check that the variable is prefixed with `KANIDM_`. Overall I believe
this change makes the code more robust and slightly reduces allocations,
speeding up an admittedly cold function (only called very infrequently).
 2025-01-10 23:20:15 +00:00
Firstyear 1a29aa7301
Add ssh_publickeys as a claim for oauth2 (#3346) 
Allow ssh_publickeys to be exposed as a claim for oauth2 and oidc
applications so that they can consume these keys for various uses.
An example could be something like gitlab which can then associate
the public keys with the users account.
 2025-01-08 08:21:28 +00:00
Firstyear 063366cba4
Allow modification of password minimum length (#3345) 
Allow all account policy values to be altered on system protected
objects.
 2025-01-08 06:51:46 +00:00
micolous 16591007dd
Add OAuth2 response_mode=fragment (#3335) 
* Add response_mode=fragment to discovery documents
* Add test for `response_mode=query`
* refactor OAuth 2.0 tests back into regular functions, because macros are messy
* Disallow some `response_type` x `response_mode` combinations per spec
 2025-01-08 15:41:01 +10:00
Firstyear 1983ce19e9
Resolve passkey regression (#3343) 
During other testing I noticed that passkeys no longer worked
on a reauthentication. This was due to a regression in you
guessed it, cookies, where the auth session id wasn't being
removed properly.
 2025-01-07 16:05:14 +10:00
James Hodgkinson ccf6792104
Renaming "TOTP" in the login flow (#3338) 2025-01-07 00:05:07 +00:00
dependabot[bot] 028bd93059
Bump the all group in /pykanidm with 3 updates (#3339) 
Bumps the all group in /pykanidm with 3 updates: [mypy](https://github.com/python/mypy), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [ruff](https://github.com/astral-sh/ruff).


Updates `mypy` from 1.14.0 to 1.14.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.14.0...v1.14.1)

Updates `pytest-asyncio` from 0.25.0 to 0.25.1
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.25.0...v0.25.1)

Updates `ruff` from 0.8.4 to 0.8.6
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.4...0.8.6)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-06 14:26:00 +00:00
dependabot[bot] 8ef7d6cb4a
Bump actions/checkout from 2 to 4 in the all group (#3341) 
Bumps the all group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 2 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-06 13:35:25 +00:00
George Wu a3358828a8
Add support for prefers-color-scheme using Bootstrap classes. (#3327) 
* Add support for prefers-color-scheme using Bootstrap classes.
* Move stylesheet changes to separate javascript file.
* fix(html): don't specify the integrity hash in the tag for style.js
* fix(log): debug-log integrity hashes for troubleshooting
* fix(css): move to using bootstrap standard variables for colours and theming
* fix(js): rewrite to simplify and use standard bootstrap functionality
* fix(makefile): codespell thingie was complaining
* run prettier on css/js.

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2025-01-06 10:58:42 +00:00
Firstyear 761dda688e
Fix /var/run/kanidm-unixd permission (#3342) 
This folder was set to 750 which prevented non-root users from reading the
localhost unixd socket which is required for nss/pam to operate.
 2025-01-06 15:58:40 +10:00
James Hodgkinson b74883ae0d
Javascript linting (#3329) 
* feat(ci/dev): adding npm/eslint config for javascript linting
* feat(ci/dev): adding js-prettier config for consistency in formatting
* fix(css): linting
* fix(js): linting the js things
 2025-01-04 15:25:46 +10:00
Firstyear 3430a1c31d
Ignore anonymous in oauth2 read allow access (#3336) 
Administrators will sometimes configure oauth2 clients with `idm_all_accounts`
as an allowed scope group. Despite anonymous being *unable* to interact with
oauth2, this still allowed oauth2 clients to be read by anonymous in this
configuration. For some users, this may be considered a public info
disclosure.
 2025-01-04 03:09:48 +00:00
Firstyear 5562625d75
cookies don't clear unless you set domain (#3332) 
* make everything cookie consistent
* Stricter on expiry
* Relearn a painful lesson about needing domains in removal cookies
* fix: DRY cookie creation code and reduce the sins
 2025-01-04 00:33:01 +00:00
Firstyear 226274da23
20250102 freebsd client (#3333) 
Support freebsd as a unix client
 2025-01-04 09:22:44 +10:00
Jinna Kiisuo 5eb9a4430f
fix: PAM on Debian, enable use_first_pass by default (#3326) 
Since we use Debian's PAM autoconf, pam_unix isn't disabled and remains active.
This means pam_unix triggers first and pam_kanidm should use the password it already tried to match to a local user.

This change also moves the postinst hook for PAM config correctly to the libpam-kanidm package,
since that's the one that delivers the config that needs a reinstall!
 2025-01-01 08:40:14 +10:00
dependabot[bot] 227853f8cd
Bump the all group with 6 updates (#3324) 
Bumps the all group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [quote](https://github.com/dtolnay/quote) | `1.0.37` | `1.0.38` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.9` | `0.12.11` |
| [serde](https://github.com/serde-rs/serde) | `1.0.216` | `1.0.217` |
| [serde_with](https://github.com/jonasbb/serde_with) | `3.11.0` | `3.12.0` |
| [syn](https://github.com/dtolnay/syn) | `2.0.91` | `2.0.93` |
| [jsonschema](https://github.com/Stranger6667/jsonschema) | `0.26.2` | `0.28.0` |


Updates `quote` from 1.0.37 to 1.0.38
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](https://github.com/dtolnay/quote/compare/1.0.37...1.0.38)

Updates `reqwest` from 0.12.9 to 0.12.11
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.9...v0.12.11)

Updates `serde` from 1.0.216 to 1.0.217
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.216...v1.0.217)

Updates `serde_with` from 3.11.0 to 3.12.0
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.11.0...v3.12.0)

Updates `syn` from 2.0.91 to 2.0.93
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.91...2.0.93)

Updates `jsonschema` from 0.26.2 to 0.28.0
- [Release notes](https://github.com/Stranger6667/jsonschema/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema/compare/rust-v0.26.2...rust-v0.28.0)

---
updated-dependencies:
- dependency-name: quote
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: reqwest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-29 22:46:26 +00:00
dependabot[bot] c0e733629f
Bump the all group in /pykanidm with 2 updates (#3323) 
Bumps the all group in /pykanidm with 2 updates: [coverage](https://github.com/nedbat/coveragepy) and [mkdocstrings-python](https://github.com/mkdocstrings/python).


Updates `coverage` from 7.6.9 to 7.6.10
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.9...7.6.10)

Updates `mkdocstrings-python` from 1.12.2 to 1.13.0
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.12.2...1.13.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-30 08:18:58 +10:00
dependabot[bot] 009200375f
Bump the all group with 3 updates (#3317) 
Bumps the all group with 3 updates: [anyhow](https://github.com/dtolnay/anyhow), [serde_json](https://github.com/serde-rs/json) and [syn](https://github.com/dtolnay/syn).


Updates `anyhow` from 1.0.94 to 1.0.95
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.94...1.0.95)

Updates `serde_json` from 1.0.133 to 1.0.134
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.133...v1.0.134)

Updates `syn` from 2.0.90 to 2.0.91
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.90...2.0.91)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-23 00:29:06 +00:00
dependabot[bot] 4113c291ed
Bump the all group in /pykanidm with 7 updates (#3316) 
---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: authlib
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pook
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-23 10:02:30 +10:00
Firstyear c4441c1fca
nss/pam resolver should reauth faster (#3309) 
This can have visible impacts on accounts that don't have a pam password
cached yet, but then appear to "stall" for a minute or two until it works
due to the fact that the provider was offline and waiting to reauth.

When we are still connected but our provider auth session has expired
we should reconnect faster. This reduces the timeout for reauthentication
for the provider so that it can return to the online state sooner. We
also loop when we detect the provider session is no longer authenticated
so that we can reauth immediately, rather than causing a noticable
interuption.
 2024-12-21 07:08:39 +00:00
Firstyear bbefb0b1b1
Update to latest webauthn-rs/time (#3315) 
This updates to the latest webauthn-rs release. When
updating, an issue with time was found that changes
the behaviour of it's parser for rfc3339. This also
updates our tests to accomodate that change.

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-12-21 06:45:06 +00:00
James Hodgkinson b6f63f3605
kanidm-unixd example config enfixening (#3314) 
* kanidm-unixd default config via PPA problem with version 2 on debian bookworm
Fixes #3312

* fix(coverage): moving to using cargo-tarpaulin

* kanidm-unixd default config via PPA problem with version 2 on debian bookworm
Fixes #3312
 2024-12-21 15:17:12 +10:00
Firstyear 9f499f3913
Further SCIM sync testing, minor fixes (#3305) 
This adds further testing of SCIM sync, especially around
conversion of the SCIM Sync Person and Group types into
SCIM Entry. This test would have prevented #3298 and
 #3299 from occuring.

During testing two more fixes were found. external_id should have
been required (not optional) and a group with no members would
cause a serialisation issue.
 2024-12-20 07:16:07 +00:00
Be c6432cad83
book: explain how to use fido-mds-tool (#3231) 
explain how to use fido-mds-tool  to configure Webauthn attestation
 2024-12-20 03:18:52 +00:00