mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2225 commits 17 branches 59 tags 246 MiB
Commit graph

131 commits

Author SHA1 Message Date
Firstyear 1983ce19e9
Resolve passkey regression (#3343) 
During other testing I noticed that passkeys no longer worked
on a reauthentication. This was due to a regression in you
guessed it, cookies, where the auth session id wasn't being
removed properly.
 2025-01-07 16:05:14 +10:00
Firstyear 9f499f3913
Further SCIM sync testing, minor fixes (#3305) 
This adds further testing of SCIM sync, especially around
conversion of the SCIM Sync Person and Group types into
SCIM Entry. This test would have prevented #3298 and
 #3299 from occuring.

During testing two more fixes were found. external_id should have
been required (not optional) and a group with no members would
cause a serialisation issue.
 2024-12-20 07:16:07 +00:00
Firstyear 50a7d9d700
Allow opt-in of easter eggs (#3308) 
So that we can start to add some more easter eggs to the server,
we also need to respect user preferences that may not want them.

This adds a configuration setting to the domain allowing a release
build to opt-in to easter eggs, and development builds to opt-out
of them.
 2024-12-19 03:30:35 +00:00
Firstyear 44e7348f3b
Incorrect member name in groups (#3302) 
Member was accidentally set to members which prevented
group synchronisation.
 2024-12-17 06:57:26 +00:00
Firstyear 0b2f349aec
SCIM Sync Missing Annotation (#3300) 
A missing serde annotion in SCIM Sync caused groups to fail to
sync unless they had a description. This resolves the failure
by adding the correct annotation to skip None fields in groups.
 2024-12-17 14:18:30 +10:00
Firstyear 7e9c33ab03
Limit OAuth2 resumption to session (#3296) 
OAuth2 session resumption was accidentally made a permanent cookie
which led to continuing issues with it causing invalid redirections
after login. Make this a session only cookie.
 2024-12-17 11:37:16 +10:00
Firstyear 6c3b8500a2
Use specific errors for intent token revoked (#3291) 
Rather than the generic 'invalid state' error, we now return
proper site-specific errors for credential commit failures, with
error messages to explain what went wrong.
 2024-12-16 10:28:00 +10:00
Firstyear ea0e63cc2a
20240927 SCIM put (#3151) 2024-11-30 06:56:17 +00:00
Firstyear dfbcfa865f
UI/Feature polish (#3191) 
Post release some small user issues arose

* Optimise the autofocus for logins with passkeys to limit clicks
* Sort login mechs by strength
* Fix cookies to persist between browser restarts
 2024-11-10 04:02:27 +00:00
Firstyear 0f3f604ba0
Hoist max_age to prevent incorrect deserialisation (#3190) 2024-11-09 13:28:29 +09:00
Firstyear 53dcb5265a
Fix attribute scim sync attribute naming (#3159) 2024-10-29 14:26:51 +10:00
George Wu d2c329f330
Change to text input and use numeric mode for TOTP prompts. (#3154) 
* Change to text input and use inputmode numeric for TOTP prompts.

* Fix some typos.
 2024-10-27 23:57:28 +00:00
Firstyear 2e6d940691
Remove WASM (#3148) 
liberal party took over, more cuts
 2024-10-26 17:19:13 +10:00
James Hodgkinson 151a9ad90f
ripping out some extra packages (#3146) 2024-10-26 02:27:56 +00:00
James Hodgkinson 5a709520dc
OAuth2 Device flow foundations (#3098) 2024-10-26 12:08:48 +10:00
George Wu 8b4d0d6ead
Add missing schemas to get OpenAPI validation to pass. (#3129) 2024-10-22 08:27:37 +10:00
James Hodgkinson 68119e1067
more errors for the people (#3121) 2024-10-18 23:51:45 +00:00
Firstyear 5a3e5f1e07
20241017 3107 token ttl (#3114) 2024-10-18 03:28:52 +00:00
George Wu 9836b2bf12
Totp input changes (#3115) 2024-10-17 06:45:13 +00:00
Firstyear 2075125439
Working scim entry get for person (#3088) 2024-10-15 04:29:45 +00:00
Merlijn 4e125b5043
Scim add EntryReference (#3079) 
Allow references to be displayed as a complex object
 2024-10-10 00:13:45 +00:00
Firstyear 131ff80b32
20240921 ssh keys and unix password in credential update session (#3056) 2024-10-03 05:57:18 +00:00
Firstyear cc662f184a
20240925 cleanups (#3060) 2024-10-03 14:04:02 +10:00
CEbbinghaus d109622d71
Make good on some TechDebt (#3084) 
adds MissingClass & MissingAttribute OperationError kinds to more strongly type our error messages.
 2024-10-03 10:48:28 +10:00
CEbbinghaus dc4a438c31
Feat: Adding POSIX Password fallback (#3067) 
* Added Schema for credential fallback
* Added account polcity management to ac migration
* Refactored Ldap & Unix auth to be common
* removed unused methods and renamed unused fields
* Fixed LDAP missing Anonymous logic
* Added CLI argument for configuring primary cred fallback
 2024-10-02 19:28:36 +10:00
Firstyear 90afc8207c
20240926 tech debt (#3066) 
Large clean up
 2024-10-01 10:07:08 +10:00
Firstyear fb3e7a01bc
Resolve incorrect SCIM Sync serialisation (#3047) 2024-09-17 06:27:41 +00:00
James Hodgkinson 004e263f90
CLI image error nicening (#3037) 
* fix(scim_proto): fixing an issue with building due to dependencies
* feat(cli): more error message detail when things go wrong with images on the CLI
 2024-09-17 04:07:43 +00:00
Firstyear 6065f2db60
Add rfc7009 and rfc7662 metadata to oidc discovery (#3046) 2024-09-17 03:35:43 +00:00
James Hodgkinson 4cbec48307
More openapi tweaks (#3038) 2024-09-17 13:01:54 +10:00
Firstyear d3891e301f
20240810 SCIM entry basic (#3032) 2024-09-12 12:53:43 +10:00
Firstyear f053ff7fba
CreatedAt/ModifiedAt fix (#3034) 
* fix(repl): CreatedAt/ModifiedAt attributes
 2024-09-12 11:42:16 +10:00
Firstyear 938ad90f3b
20240906 Attribute as an Enum Type (#3025) 
Changes attribute from a string to an enum - this provides many performance improvements and memory savings throughout the server.
 2024-09-09 00:53:10 +00:00
Firstyear 0fac1f301e
20240820 SCIM value (#2992) 
Add the basics of scim value serialisation to entries.
 2024-08-29 11:38:00 +10:00
James Hodgkinson 3eae7be0bb
OAuth2 Token Type (#3008) 
* fix(OAuth2): Invalid `token_type` for token introspection
Fixes #3005

* fix(aut): `assert_eq` instead of `assert ==`

* fix(OAuth2): IANA registry access token types

* fix(OAuth2): deserialize case insensitively
 2024-08-25 23:30:20 +00:00
James Hodgkinson 7c3deab2c4
enforcen den clippen (#2990) 
* enforcen den clippen
* updating outdated oauth2-related docs
* sorry clippy, we tried
 2024-08-21 00:32:56 +00:00
Firstyear 239f4594dd
20240810 application passwords (#2968) 
Add the server side components for application passwords. This adds the needed datatypes and handling via the ldap components.

Admin tools will be in a follow up PR. 

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Co-authored-by: Samuel Cabrero <scabrero@suse.de>
 2024-08-20 06:44:37 +00:00
Firstyear 3ae8453375
In honour of SebaT, error on db lock acq timeout (#2947) 2024-08-02 09:29:46 +10:00
Merlijn f82a52de3b
[htmx] Credential Update page (#2897) 
Implement credential update page in HTMX

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-08-01 01:17:14 +00:00
Firstyear 329750981e
Update to 1.4.0-dev (#2943) 2024-08-01 00:02:11 +10:00
James Hodgkinson 5313c5ffdc
Reorganising the daemon startup so it doesn't fail with OTEL configured (#2934) 2024-07-26 07:28:35 +00:00
Firstyear 21d3f82aa1
Add scim proto to kanidm, refactor to improve serde performance. (#2933) 2024-07-26 15:54:28 +10:00
Firstyear a695e0d75f
Oauth2 in htmx (#2912) 
* Apply suggestions from code review

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-07-20 02:30:06 +00:00
Firstyear c7fcdc3e4e
Strict redirect URL enforcement (#2917) 
Add strict OAuth2 URL enforcement per the RFC. This includes a transition process for the next release so that Admins can come into compliance.
 2024-07-20 02:09:50 +00:00
Alin Trăistaru 562f352516
fix typos (#2908) 
* fix typos and misspellings
* use proper capitalization
* Apply suggestions from code review
---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-07-18 03:22:20 +00:00
James Hodgkinson 7373d9abbe
Forcing the http2 feature on hyper, but also chasing some out of date packages (#2896) 
* Forcing the http2 feature on hyper, but also chasing some out of date packages
 2024-07-16 10:10:46 +10:00
Firstyear d0e57442d2
Tidy up replication poll interval (#2883) 2024-07-15 06:16:24 +00:00
Firstyear a4a06c1172
Add a migration for future versions that will notify and warn about the removal of security keys. (#2885) 2024-07-12 02:19:43 +00:00
Firstyear b1480e36f0
20240703 htmx (#2870) 
Complete the remainder of the HTMX rewrite of the login page.
 2024-07-07 03:36:47 +00:00
Merlijn 4795541719
Offer configuration of images for Oauth2 resources (#2665) 2024-07-06 12:25:55 +10:00