mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
1679 commits 17 branches 59 tags 246 MiB
Commit graph

181 commits

Author SHA1 Message Date
James Hodgkinson d5d76d1a3c
Schema dooby doo part two (#2071) 
* scim strings!
* mapmapmap
* mapmapmap -comments and map
* updating delete teest
* fixing some tests
 2023-09-05 16:58:42 +10:00
Firstyear 538429838d
When an empty body was returned, do request would error incorrectly (#2074) 2023-09-05 14:14:00 +10:00
James Hodgkinson 1d88cede1b
Yak hassling (#2059) 
* trying this query thing again
* if error show error not panic
* clippyism
* moving dependencies around and fixing log messages for healthcheck
* cleaning up some comment mess
* fixing the "debug thing breaks packaging" issue and test failures
 2023-09-05 11:50:51 +10:00
dependabot[bot] 07c9a9078e
chore(deps): bump tower-http from 0.4.3 to 0.4.4 (#2064) 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-03 21:04:53 +00:00
Sebastiano Tocci f2e9c8a16e
Add tests for X-Forwarded-For header (kinda) (#1957) 
* Add tests for X-Forwarded-For header (kinda)
* testing for invalid header format
* added debug endpoint and got tests working
* various fixing here and there
 2023-08-31 09:31:16 +08:00
Firstyear 5bd69b81b8
Clear cache before verify on some low-level tests (#2044) 2023-08-29 12:26:29 +10:00
Firstyear 0f977d33b9
68 20230828 replication of schema (#2045) 2023-08-29 12:20:27 +10:00
Firstyear da56738dea
pam multistep auth state machine (#2022) 
Himmelblau needs to maintain some data about the state of an authentication across the course of pam exchanges.

Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: David Mulder <dmulder@samba.org>
 2023-08-28 09:27:29 +10:00
Samuel Cabrero 9dda8b1ad3
Authentication shortcut to get a RW session (#1993) 
* auth: Add a privileged flag to AuthStep::Init2 step to request a rw session

The privileged flag is defined as Option<bool> for compatibility with
existing clients.
 2023-08-24 09:54:33 +10:00
Sebastiano Tocci 47e953bfd2
wopsies, missing imports (#2023) 
* wopsies, missing imports
* more clippy and fmt
* adding test build for kanidm with idv-tui feature
* making codespell happy

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-08-23 22:40:25 +10:00
Sebastiano Tocci 70b19f0630
idv cli (#2001) 2023-08-23 20:51:24 +10:00
James Hodgkinson def4420c4c
pykanidm updoots (#2019) 
* fixing some derpitude in headers and auth, adding tests
* dox fox
* cleaning up typing
 2023-08-23 13:55:08 +10:00
Firstyear 2355dbfead
68 20230821 replication (#2020) 
* Resolve spn incremental replication
 2023-08-23 11:17:13 +10:00
Sebastiano Tocci eb7527379b
Configurable session timeouts (#1965) 
* added `auth_session_expiry` and `auth_privilege_expiry`
* Added `AcountPolicy` struct
* spelling and stuff
* added cli tools
 2023-08-22 11:00:43 +10:00
James Hodgkinson 05b35df413
Less human strings more enums (#1989) 
* statics or enums you choose
* acp rewrite, defined SchemaAcp as a test
* macros and targetscopes and filters oh my
 2023-08-21 17:16:43 +10:00
dependabot[bot] 75263c6214
chore(deps): bump gloo-timers from 0.2.6 to 0.3.0 (#2011) 
Bumps [gloo-timers](https://github.com/rustwasm/gloo) from 0.2.6 to 0.3.0.
- [Release notes](https://github.com/rustwasm/gloo/releases)
- [Changelog](https://github.com/rustwasm/gloo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/gloo/compare/gloo-timers-v0.2.6...0.3.0)

---
updated-dependencies:
- dependency-name: gloo-timers
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-20 23:40:42 +00:00
James Hodgkinson 01cdeedc72
reordering layers so the web server works in non-debug-mode (#1999) 2023-08-19 11:00:53 +10:00
Firstyear f6001504a9
20230817 idv migration (#1992) 
* Must attr
* Post merge cleanup of idv
 2023-08-18 20:29:00 +10:00
Samuel Cabrero 17741c4929
daemon: kanidmd version requires a config file to run (#1959) (#1990) 
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
 2023-08-17 17:02:24 +10:00
Firstyear bc341af9d8
Resolve issues with dyngroup members (#1986) 2023-08-17 15:52:12 +10:00
Firstyear 0183ae6c71
Revert "sqlite where IN for id entry (#1988)" (#1991) 
This reverts commit 46f9a36a1c.
 2023-08-17 13:47:11 +10:00
James Hodgkinson 46f9a36a1c
sqlite where IN for id entry (#1988) 
Fixes #258
 2023-08-17 13:32:41 +10:00
Sebastiano Tocci 003234c2d0
Identity verification feature (#1819) 2023-08-16 21:02:48 +10:00
Firstyear 87866c568b
1982 service account access (#1985) 
* Fix issue with incorrect filter class preventing service account delete
 2023-08-16 15:33:28 +10:00
James Hodgkinson 9a6168b67d
Fixing test release (#1983) 
* Fixing cargo test --release

* more tracing less dbg
 2023-08-15 15:42:15 +10:00
James Hodgkinson 83f189fed3
error handling and web server logging fixes (#1960) 
* Fixing the setup_dev_environment script
* clippy calming
* handle_internalunixusertokenread throwing 500's without context
Fixes #1958
 2023-08-14 20:47:49 +10:00
James Hodgkinson aba9f6a724
Struct-ifying schema things (#1971) 
* structifying things
 2023-08-14 19:39:49 +10:00
James Hodgkinson 9246293922
Fighting with zypper, tagging our images (#1964) 
* fighting weird build issues

* labels are better outside

* ugh that stupid linter

* why do you always lint on me

* neat

* adding comments
 2023-08-14 10:06:53 +10:00
James Hodgkinson cc79f7eba1
Are we JSON yet? Kinda. But we're closer. (#1967) 2023-08-14 08:51:44 +10:00
J. B. Crawford 054b580fe6
Allow one-character usernames (#1941) 2023-08-10 08:09:18 +10:00
Sebastiano Tocci c742497866
providing server configuration in the testkit::test macro (#1953) 2023-08-08 20:01:18 +10:00
Sebastiano Tocci 5d96412181
replaced skip_serializing_if with skip_serializing_none (#1932) 
* replaced `skip_serializing_if` with `skip_serializing_none`
 2023-08-03 08:51:30 +10:00
Sebastiano Tocci d50373e64b
fixed serialization of oauth2 token scope (#1930) 2023-08-02 09:50:57 +10:00
Sebastiano Tocci de45732322
added compression layer for the pkg route (#1928) 2023-08-02 08:10:46 +10:00
Firstyear bf3e16cbd3
Resolve issue with publishing (#1925) 
* Resolve issue with publishing

* Fix version
 2023-08-01 17:25:32 +10:00
Firstyear 0fe5ff0f87
Set dev version (#1924) 2023-08-01 15:23:07 +10:00
Firstyear 689c7c74f6
Release 1.1.0-beta.13 (#1922) 2023-08-01 15:12:35 +10:00
Firstyear cccc20ea42
20230731 release (#1921) 
* Cleanup how we check for last git commit to avoid an insecure dep
* Resolve unmaintained or old deps
* Fix ci
 2023-07-31 22:27:21 +10:00
Firstyear 62ce42f8c1
Improve default shells for distros (#1920) 2023-07-31 14:58:27 +10:00
Firstyear d731b20a9d
20230728 techdebt paydown (#1909) 2023-07-31 12:20:52 +10:00
James Hodgkinson ea4d755d7b
chasing weirdness (#1910) 
* security headers, fixing error on empty username, handling login without SPN better

* making deno happy

* cleaning up windows build
 2023-07-31 10:49:59 +10:00
Firstyear 99b761c966
20230727 unix int modularity (#1907) 2023-07-28 10:48:56 +10:00
Firstyear 8f282e3a30
68 20230720 replication improvements (#1905) 2023-07-27 12:30:22 +10:00
Firstyear 54544075c1
Improve service file for host installs (#1901) 2023-07-25 12:23:47 +10:00
Firstyear e17dcc0ddb
1788 admin unix socket (#1880) 2023-07-24 10:05:10 +10:00
dependabot[bot] 2a65bc11a3
chore(deps): bump axum-macros from 0.3.7 to 0.3.8 (#1892) 
Bumps [axum-macros](https://github.com/tokio-rs/axum) from 0.3.7 to 0.3.8.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.3.7...axum-macros-v0.3.8)

---
updated-dependencies:
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-23 21:30:20 +00:00
dependabot[bot] f76edfc995
chore(deps): bump tower-http from 0.4.1 to 0.4.3 (#1888) 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.1 to 0.4.3.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.1...tower-http-0.4.3)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-23 21:02:56 +00:00
Sebastiano Tocci fa78c4bbb4
added hsts header middleware (#1882) 
* added hsts header middleware
* Update header to use the strongly typed version
 2023-07-22 13:16:10 -07:00
Firstyear 79ff5e9775
1785 allow sync attr yielding via partial write admin (#1879) 2023-07-19 11:42:53 +10:00
Firstyear 4f3f7e2708
Revert to opensuse based radius container. (#1878) 2023-07-19 11:41:57 +10:00
Sebastiano Tocci e5748fdebb
Unix gid duplicate fix (#1876) 
* added gid removal only when the gid is actually set and updated tests

---------

Signed-off-by: Sebastiano Tocci <seba.tocci@gmail.com>
 2023-07-19 09:44:51 +10:00
Firstyear 60a1cdf9d8
Sync account import improvements (#1873) 2023-07-18 08:49:22 +10:00
James Hodgkinson 5cd62eb974
Upgraded clap, removing atty as a dependency (#1849) 
* upgraded clap, removing atty as a dependency
* changing the PR template so when you add a list up the top it doesn't break the bottom
 2023-07-13 12:19:28 +10:00
Firstyear c260f1244d
Ensure we dont use std hashmaps (#1848) 
* Ensure we dont use std hashmaps
* coalescing the clippy config files

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-07-13 06:51:40 +10:00
Firstyear 07580cf57a
Improve selinux in tasks daemon (#1847) 2023-07-11 15:39:28 +10:00
James Hodgkinson 749522418c
headless webdriver testing, starting on brotli feature (#1844) 
* headless chromedriver testing
* updating build scripts
 2023-07-10 16:49:09 +10:00
dependabot[bot] 9562accde0
chore(deps): bump is-terminal from 0.4.8 to 0.4.9 (#1837) 
Bumps [is-terminal](https://github.com/sunfishcode/is-terminal) from 0.4.8 to 0.4.9.
- [Commits](https://github.com/sunfishcode/is-terminal/compare/v0.4.8...v0.4.9)

---
updated-dependencies:
- dependency-name: is-terminal
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-09 21:41:11 +00:00
Yuri Iozzelli e2d7b53367
Allow Authorization header in CORS preflight response (#1831) 
This is needed for public clients running as SPAs (like OCIS).
 2023-07-10 06:53:02 +10:00
Firstyear a818cebc85
Add preflight headers (#1829) 2023-07-09 12:06:40 +10:00
Firstyear 0e53476a76
Persist nonce through refresh to support client (#1826) 2023-07-08 20:30:30 +10:00
Firstyear 72bca853f7
Cleanup spa handling (#1825) 2023-07-08 16:37:15 +10:00
Firstyear 8e1e533f40
1792 public oauth clients (#1821) 2023-07-07 18:53:31 +10:00
Firstyear d1f51f0a84
1812 1813 post axum cleanup (#1817) 2023-07-06 19:34:53 +10:00
James Hodgkinson cc35654388
Converting from tide to axum (#1797) 
* Starting to chase down testing
* commenting out unused/inactive endpoints, adding more tests
* clippyism
* making clippy happy v2
* testing when things are not right
* moar checkpoint
* splitting up testkit things a bit
* moving https -> tide
* mad lad be crabbin
* spawning like a frog
* something something different spawning
* woot it works ish
* more server things
* adding version header to requests
* adding kopid_middleware
* well that was supposed to be an hour... four later
* more nonsense
* carrying on with the conversion
* first pass through the conversion is DONE!
* less pub more better
* session storage works better, fixed some paths
* axum-csp version thing
* try a typedheader
* better openssl config things
* updating lockfile
* http2
* actually sending JSON when we say we will!
* just about to do something dumb
* flargl
* more yak shaving
* So many clippy-isms, fixing up a query handler bleep bloop
* So many clippy-isms, fixing up a query handler bleep bloop
* fmt
* all tests pass including basic web logins and nav
* so much clippyism
* stripping out old comments
* fmt
* commenty things
* stripping out tide
* updates
* de-tiding things
* fmt
* adding optional header matching ,thanks @cuberoot74088
* oauth2 stuff to match #1807 but in axum
* CLIPPY IS FINALLY SATED
* moving scim from /v1/scim to /scim
* one day clippy will make sense
* cleanups
* removing sketching middleware
* cleanup, strip a broken test endpoint (routemap), more clippy
* docs fmt
* pulling axum-csp from the wrong cargo.toml
* docs fmt
* fmt fixes
 2023-07-05 22:26:39 +10:00
Firstyear 17fa61ceeb
Add client UX for redirecting to an external portal for synced accounts (#1791) 2023-07-05 09:13:06 +10:00
Firstyear 9d462b4b00
Add cors policy (#1807) 2023-07-04 19:20:31 +10:00
Firstyear 83e4d3a85e
Improve durability of migrations (#1804) 2023-07-03 12:20:11 +10:00
James Hodgkinson cd7f1781ad
clippy-izing an unsafe in pam (#1795) 2023-07-03 11:13:45 +10:00
James Hodgkinson 3e4c8f6241
Fixing the kanidmd healthcheck (#1789) 
* fixing the health check
* fixing pages while I am here
* flipping options like I flip burgers
* using the config-supplied cert
 2023-06-28 19:41:24 +10:00
Sebastiano Tocci 9a3c12a79d
Name change history (#1727) 2023-06-28 18:34:44 +10:00
James Hodgkinson cc1cc691f3
Started chasing noise, found some code to delete... (#1768) 
logging changes:

* Offering auth mechanisms -> debug
* 404's aren't really warnings
* double tombstone message, one goes to debug

other changes:

* CSP changes to allow the bootstrap images to load
* more testing javascriptfile things, I R 
* it's nice to know where things are
* putting non-rust web things in static/ instead of src/
* RequestCredentials::SameOrigin is the default, also adding a utility function to save dupe code. Wow this saved... kilobytes.
* removing commented code, fixing up codespell config
* clippyisms
* wtf, gha
* dee-gloo-ing some things
* adding some ubuntu build test things
* sigh rustwasm/wasm-pack/issues/1138
* more do_request things
* packaging things
* hilarious dev env setup script
* updated script works, all the UI works, including the experimental UI for naughty crabs
* deb package fixes
* fixed some notes
* setup experimental UI tweaks
 2023-06-27 11:38:22 +10:00
Firstyear a20dd3b113
Remove r2d2 - sad beep noises (#1766) 2023-06-24 16:15:31 +10:00
James Hodgkinson f25bd5bb65
Kanidmd is a bit noisy (#1765) 
* the log_level config option works in kanidmd now
* anon event -> debug
* some more debuggy things
* removing some dupe events for the same thing
 2023-06-24 15:56:01 +10:00
Firstyear d5670d0add
Ux improvements - Allow enrolling other devices (#1764) 2023-06-24 12:24:13 +10:00
Firstyear f3080df628
Implement tpm binding of cached password hashes (#1754) 2023-06-21 20:33:01 +10:00
Firstyear 4725d625af
Remove scripts that are no longer required (#1759) 2023-06-21 15:52:19 +10:00
James Hodgkinson 41d8fece68
OAuth2 secret JSON (#1758) 
* clippyisms
* adding JSON support for oauth2 show-basic-token, slight refactor on OutputMode
 2023-06-21 13:53:22 +10:00
Firstyear 8d2565773e
Resolve codespell issues (#1753) 2023-06-20 13:19:21 +10:00
Firstyear 8b331325ae
Add tls generator to main kanidmd (#1743) 2023-06-19 20:51:44 +10:00
Firstyear 6513fae5e2
1737 1739 sync - map uidnumbers mail (#1741) 2023-06-16 19:15:36 +10:00
Firstyear c65be8174a
Add support for argon2id (#1736) 2023-06-16 13:26:05 +10:00
Firstyear a77a7aa2a4
20230614 unix account security - move account name deny to unixd (#1733) 2023-06-15 13:24:53 +10:00
Sebastiano Tocci 76cee8cecb
fixed return value of add_ava_int (#1735) 2023-06-14 21:28:43 +10:00
Sebastiano Tocci cc5f21eee5
added pre_cand entries to both pre_modify and pre_batch_modify plugin functions (#1732) 2023-06-13 19:46:41 +10:00
Firstyear 0eaab19775
20230608 ldap sync (#1728) 2023-06-13 14:26:50 +10:00
Firstyear c5c483be98
Add acp allowing service accounts to clear their own sessions (#1731) 2023-06-13 14:10:28 +10:00
Firstyear 8cd45eaa35
Declare when no applications are available (#1730) 2023-06-13 11:11:43 +10:00
Firstyear 38f8ab2f99
Fix ip addr parse (#1729) 2023-06-13 11:11:27 +10:00
James Hodgkinson 18fe86db26
X-Forwarded-For catcher - improve ip addr parsing (#1725) 2023-06-12 12:14:34 +10:00
Firstyear 0ba4aec86b
Absolutely minimal implementation (#1711) 
* Absolutely minimal implementation

* Add support for ip address to audit event
 2023-06-08 20:17:46 +10:00
Firstyear 152bf95e71
Add further incremental replication tests (#1707) 2023-06-07 14:14:43 +10:00
Firstyear 6862a529ab
Improve diagnostic and docs of ldap bind requiring posix password (#1702) 2023-06-05 22:08:16 +10:00
Sebastiano Tocci 1c1b54df86
Crono expression parser fix (#1682) 2023-06-03 13:07:29 +10:00
Firstyear 10fa229cf1
Resolve ability to delete ssh keys with spaces in tags (#1674) 2023-05-29 16:11:00 +10:00
Firstyear 8a548fe13e
20230526 incremental replication improvements (#1659) 
* Improve refresh ruv checking
* Expand comments for tests, add basic attribute merge statemachine
 2023-05-29 08:53:27 +10:00
Firstyear 2752965de1
Add more replication tests, improve some handling of tombstones. (#1656) 2023-05-26 12:18:53 +10:00
Firstyear 0a16434bdc
during service account recovery, remove incompatible credentials (#1650) 2023-05-25 10:47:39 +10:00
James Hodgkinson fcab605320
Time travelling (#1648) 
* yeet the time package into the future (updating min time version to 0.3.21)
* CI change to catch web ui builds in future, updating SCIM requirements
* removing allow deprecated flag
* making references to rfc3339 formatter shorter
* clippyisms
* fmt
 2023-05-25 08:25:16 +10:00
Firstyear 48c620e43a
20230508 replication incremental (#1620) 2023-05-23 13:25:22 +10:00
James Hodgkinson 6e559a2eb4
fixing up some spelling errors (#1618) 2023-05-11 08:30:13 +10:00