mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2251 commits 17 branches 59 tags 246 MiB
Commit graph

462 commits

Author SHA1 Message Date
Firstyear a1fa59b83c
Clean RUV (#2424) 2024-01-12 09:43:20 +10:00
Firstyear 666448f787
Upgrade replication to use anchors (#2423) 
* Upgrade replication to use anchors
 2024-01-10 04:46:08 +00:00
Firstyear 0e44cc1dcb
Minor fixes for oidc with single page applications (#2420) 2024-01-08 23:57:14 +00:00
Firstyear e9340c682e
Use case insensitive match on substrings in line with ldap (#2419) 2024-01-06 15:52:21 +10:00
Firstyear cc79b2a205
20231222 piv authentication (#2398) 
Foundations of PIV authentication
 2023-12-29 23:15:26 +00:00
James Hodgkinson 307a66ea29
Update docs, closes SQLite Write-Ahead Logging might make page size immutable #2404 (#2405) 2023-12-30 08:34:50 +10:00
Firstyear 7f27a6fcd9
Force apply idm migrations to apply access controls (#2401) 2023-12-28 12:24:29 +10:00
cuberoot74088 a16525d520
fix backup filename and regexp pattern for cleanup (#2386) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-12-24 12:06:43 +00:00
Firstyear fd71a748ca
Add improved domain migration framework and default MFA (#2382) 2023-12-21 14:44:20 +10:00
Firstyear 77b01e3a31
Trim and lowecase usernames (#2380) 2023-12-19 06:41:12 +00:00
Firstyear 3408816932
Add DN as a virtual ldap attr (#2379) 2023-12-19 15:07:19 +10:00
James Hodgkinson a4c44bc5f9
fixing default for oauth2 request_parameter_supported metadata (#2378) 2023-12-19 11:56:47 +10:00
Firstyear 5c445a4704
20231218 ipa sync unix password (#2374) 
* Add support for importing the users password as unix password
 2023-12-18 11:20:37 +10:00
Firstyear d09c2448ff
1481 2024 access control rework (#2366) 
Rework default access controls to better separate roles and access profiles.
 2023-12-17 23:10:13 +00:00
Firstyear 854b696532
249 2024 managed by syntax (#2359) 
Allows hierarchial entry management rules.
 2023-12-07 10:00:09 +00:00
James Hodgkinson 340d41482b
typo (#2356) 2023-12-05 01:22:59 +00:00
Firstyear 4bd5d584cb
20231204 ipa sync minor improvements (#2357) 2023-12-04 16:58:15 +10:00
Firstyear 76269f9de2
20231129 webauthn attestation (#2351) 
This adds full support for attestation of webauthn/passkeys.
 2023-12-03 06:13:52 +00:00
James Hodgkinson 9a464c653c
Using proper axum http headers lib for compatibility (#2348) 2023-12-01 08:55:51 +10:00
Firstyear cbdbaa8fe0
Bearer should send with same caps we accept (#2345) 2023-11-30 09:25:34 +10:00
Firstyear 31b939fca3
20231128 freeipa migration (#2338) 
* Add more weak password formats for freeipa
* Verification of freeipa migration from older ipa versions
 2023-11-29 10:43:15 +10:00
Firstyear ac299b5286
Update to the latest compact-jwt version (#2331) 2023-11-24 02:53:22 +00:00
James Hodgkinson 916bb4ec04
Adding env var configs for the server (#2329) 
* env var config for server
* I am my own clippy now
* Man, that got complicated quick
 2023-11-24 01:27:49 +00:00
Firstyear bb8914c70d
20231120 2320 sssd compat (#2328) 2023-11-22 10:18:03 +10:00
Firstyear b71b0460f3
Add test (#2323) 2023-11-19 21:56:19 +10:00
James Hodgkinson 2be287c1ff
OAuth2 scopes validation logging missing details (#2317) 
* OAuth2 scopes validation logging missing details - Fixes #2316
* clippy was mad
 2023-11-17 16:08:08 +10:00
Firstyear 8f150ad032
20231115 oauth2 authreq (#2310) 
* fix oauth2 requests
* Fix json compat of wasm bindgen
 2023-11-15 12:41:01 +10:00
Firstyear a2a3010860
Remove serde json from wasm (#2304) 
* Remove serde json from wasm
* Fix missing json
 2023-11-12 15:38:37 +10:00
Firstyear 8a40f5ab7b
Fix spelling (#2303) 2023-11-11 03:04:35 +00:00
Firstyear 47bcea7708
20231109 1122 credential class (#2300) 
* Add CredentialType for acc pol
* Reword ui hints
* Finish account policy
* Clean up artefacts
 2023-11-11 09:26:44 +10:00
James Hodgkinson 60e5935faa
Moving daemon tracing to OpenTelemetry (#2292) 
* sally forth into the great otel unknown
* make the build env identification slightly more durable
* docs updates
* wasm recompile
 2023-11-09 05:15:12 +00:00
James Hodgkinson 12f1de8358
Update OpenAPI schema gen to actually... be kinda sorta valid. (#2296) 
* updating lockfile

* OpenAPI validation issues
Fixes #2295

* clippy sez no

* adding another validator, more specs
 2023-11-07 11:35:17 +10:00
Firstyear b7852d1d71
pw min length in account policy (#2289) 2023-11-05 10:33:25 +10:00
James Hodgkinson b9d47fe8f7
oauth2 typo (#2290) 2023-11-04 06:45:40 +00:00
James Hodgkinson 7025a9ff55
Feature: kanidm CLI pulling OpenAPI schema (#2285) 
* diag is super noisy when you actually turn on logging... even though it wasn't an error?
* adding api download-schema to the CLI
* docs
 2023-11-03 17:37:27 +10:00
James Hodgkinson cf35a7e667
Feature: configurable replication poll interval (#2283) 
* Feature: configurable replication poll interval (#2282)
* Updating log messages because REPL != LDAP
 2023-11-02 02:07:53 +00:00
Firstyear 9e5449a644
Minor improvements to incoming replication (#2279) 2023-11-02 01:21:21 +00:00
Allan dbf476fe5e
Remove unused imports and clippy lint (#2276) 
* Fix unused import errors
* Apply clippy get_first lint
* Add contributor

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-11-01 05:54:29 +00:00
Samuel Cabrero c3c0b5f459
Rework ldap bind routine (#2268) 
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
 2023-11-01 15:09:22 +10:00
Firstyear a3266978c8
Disable inconsistent test (#2278) 2023-11-01 02:02:53 +00:00
William Brown 4a08b77285 make versions consistent 2023-10-31 21:24:07 +10:00
James Hodgkinson 6642139900
Release 1.1.0-rc.15-dev 2023-10-31 19:26:18 +10:00
James Hodgkinson ef96ca6aa1
started writing docs and ended up in another rabbit hole (#2267) 
* started writing docs and ended up in another rabbit hole
* updoots
* dangit fedora
 2023-10-31 19:15:35 +10:00
James Hodgkinson 3bfc347c53
CLI integration test beginnings (#2261) 
* more integration test things, using assert_cmd to test the CLI end-to-end
* packagez
* making clippy happy
* making deno happy
 2023-10-30 06:10:54 +00:00
William Brown ecc46bb015 Add book chapter + cli 2023-10-28 13:07:06 +10:00
NavinShrinivas b80a3b271c Cargo fmt and clippy checks 
Signed-off-by: NavinShrinivas <karupal2002@gmail.com>
 2023-10-28 13:07:06 +10:00
NavinShrinivas 12ea1c8702 Restrict posix passwords on ldap bind with config 
Signed-off-by: NavinShrinivas <karupal2002@gmail.com>
 2023-10-28 13:07:06 +10:00
James Hodgkinson e02328ae8b
Splitting the SPAs (#2219) 
* doing some work for enumerating how the accounts work together
* fixing up build scripts and removing extra things
* making JavaScript as_tag use the struct field names
* making shared.js a module, removing wasmloader.js
* don't compress compressed things
 2023-10-27 06:03:58 +00:00
James Hodgkinson ad3c491d07
Bug chasing (#2257) 
* service-account validity expire-at doesn't accept all time nouns as defined by docs
Fixes #2153
* realised a logic bug
* making clippy happy while I'm here
* returning an empty set from the creds if the creds attribute is not found, which is then handled downstream
 2023-10-27 05:30:38 +00:00
Samuel Cabrero 99ba97088d
cargo fmt + clippy (#2241) 
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
 2023-10-27 04:40:24 +00:00
James Hodgkinson 7dc18e4f9e
adding service account patch methods (#2255) 
* adding service_account PATCH
 2023-10-26 13:40:45 +10:00
Firstyear afe9d28754
20231019 1122 account policy basics (#2245) 
---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-10-22 11:16:42 +00:00
Firstyear 6ff9082fd2
20231014 account policy (#2218) 
* Start to prep for unix+ssh keys in credupdate session
 2023-10-19 01:40:06 +00:00
James Hodgkinson 6850a17e8c
Windows build fixes and test coverage (#2220) 
* adding testing for users functions
* turning KanidmClient build error into a ClientError
* removing a redundant closure
 2023-10-17 07:18:07 +00:00
James Hodgkinson eead47aec8
Fixing dependabot and its mistakes (#2232) 
* updating to utoipa 4.0.0
* hi dependabot
 2023-10-16 05:15:53 +00:00
dependabot[bot] 1a36673c46
chore(deps): bump utoipa-swagger-ui from 3.1.5 to 4.0.0 (#2224) 
Bumps [utoipa-swagger-ui](https://github.com/juhaku/utoipa) from 3.1.5 to 4.0.0.
- [Release notes](https://github.com/juhaku/utoipa/releases)
- [Commits](https://github.com/juhaku/utoipa/compare/utoipa-swagger-ui-3.1.5...utoipa-swagger-ui-4.0.0)

---
updated-dependencies:
- dependency-name: utoipa-swagger-ui
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-15 20:45:27 +00:00
James Hodgkinson f28d5cef22
OpenAPI/swagger docs autogen (#2175) 
* always be clippyin'
* pulling oauth2 api things out into their own module
* starting openapi generation
 2023-10-14 12:39:14 +10:00
Firstyear 8bcf1935a5
20231012 346 name deny list (#2214) 
* Migrate to improved system config reload, cleanup acc pol
* Denied names feature
 2023-10-13 08:50:36 +10:00
Firstyear 88da55260a
Add file diagnosis (#2210) 2023-10-12 12:09:54 +10:00
Firstyear fbc62ea51e
fix RUV on startup, improve filter output (#2211) 2023-10-11 21:14:27 +10:00
James Hodgkinson d9da1eeca0
Chasing yaks down dark alleyways (#2207) 
* adding some test coverage because there was some rando panic-inducing thing
* ldap constants
* documenting a macro
* helpful weird errors
* the war on strings continues
* less json more better
* testing things fixing bugs
* idm_domain_reset_token_key wasn't working, added a test and fixed it (we weren't testing it)
* idm_domain_set_ldap_basedn - adding tests
* adding testing for idm_account_credential_update_cancel_mfareg
* warning of deprecation
 2023-10-11 15:44:29 +10:00
dependabot[bot] d538f80fa1
chore(deps): bump axum-auth from 0.4.0 to 0.4.1 (#2200) 
Bumps [axum-auth](https://github.com/owez/axum-auth) from 0.4.0 to 0.4.1.
- [Commits](https://github.com/owez/axum-auth/compare/0.4.0...v0.4.1)

---
updated-dependencies:
- dependency-name: axum-auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-08 21:26:48 +00:00
Firstyear a91bf55471
20231008 remove expect used (#2191) 
* Stop using expect on some tasks
 2023-10-08 17:39:00 +10:00
James Hodgkinson 19f9fde012
Thread naming and display (#2190) 
* sometimes handlers fail
* enums are better than strings
* clippyisms
 2023-10-08 13:08:46 +10:00
James Hodgkinson 48979b8e1a
Replication tweaks - try the most recent successful one and error less (#2189) 
* made an error less error-y and also found a way to try the last-most-working repl peer
 2023-10-07 13:09:42 +10:00
James Hodgkinson 0adc3e0dd9
Chasing wooly quadrapeds again (#2163) 
* I really like well-tended yaks
* documenting yaks
* spellink
* less surprise more good
* schema test fix
* clippyisms
 2023-10-05 12:30:46 +10:00
Firstyear f6d2bcb44b
68 20230929 replication finalisation (#2160) 
Replication is now ready for test deployments!
 2023-10-05 11:11:27 +10:00
James Hodgkinson e7f594a1c1
In-system image storage (#2112) 
* In-system image storage refers to #2057
* adding multipart feature to axum
* thanks to @Firstyear for fixing my bufs
* fixing coverage test things
* clippy-calming
* more tests, jpg acropalypse tests, benches
* spelling
* lockfile updates
* linting
 2023-10-04 17:24:12 +10:00
Firstyear cb985a2fd0
fix credential update intent defaults (#2162) 2023-09-30 20:06:44 +10:00
Firstyear 3e345174b6
68 20230919 replication configuration (#2131) 2023-09-29 12:02:13 +10:00
James Hodgkinson c7a269575c
Enforce TLS key size minimums (#2145) 
* Enforce TLS key size minimums - Fixes #2144
* at some point clippy got mad
 2023-09-26 09:59:00 +10:00
James Hodgkinson c998a1eda5
bindaddress default doesn't match documentation (#2150) 
Fixes #2147
 2023-09-26 09:38:07 +10:00
James Hodgkinson d5ed335b52
Cinco de yakko (#2108) 
* there are always more yaks
* see? ldap yaks.
* fixing stupid radius container build thing
 2023-09-16 12:11:06 +10:00
Firstyear 77da40d528
68 20230912 session consistency (#2110) 
This adds support for special-casing sessions in replication to allow them to internally trim and merge so that session revocations and creations are not lost between replicas.
 2023-09-16 09:22:11 +10:00
James Hodgkinson 383592d921
Schema dooby doo ... yon (#2103) 
Refers #1987

Notable changes:

- in server/lib/src/entry.rs - aiming to pass the enum instead of the strings
    - changed signature of add_ava to take Attribute instead of &str (which is used in the entry_init macro... which was fun)
    - set_ava<T> now takes Attribute
- added TryFrom<&AttrString> for Attribute
 2023-09-12 11:47:24 +10:00
Firstyear b3aed1df34
68 20230908 replication attrunique (#2086) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-09-12 08:50:51 +10:00
James Hodgkinson d3d80e7364
Schema-dooby-doo-part-trois (#2082) 
* adding extra_attributes field to BuiltinGroup, migrating more things.
* checkpoint 3 - ACP, easy as 1,2,3
* codespell
* now throwing error on dyngroup with defined members
 2023-09-09 09:38:47 +10:00
James Hodgkinson 4b7563adc8
CLI and test things (#2080) 
* testing things actually run is handy
* adding build mode to scripts
* uh, so I started messing with handling exit codes...
 2023-09-09 09:35:59 +10:00
Firstyear 61c59d5a5a
68 20230907 replication (#2081) 
* Test replication when nodes are valid beyond cl trim
 2023-09-08 08:59:06 +10:00
James Hodgkinson 2f312e6b2d
Removing default features from git2 package (#2078) 
* don't need ssh or https in git2 - saves 50.69s

* codespell
 2023-09-06 08:25:29 +10:00
Firstyear d1fe7b9127
68 20230829 replication referential integrity (#2048) 
* Member of works!
* Hooray, refint over replication works.
 2023-09-05 21:30:51 +10:00
James Hodgkinson d5d76d1a3c
Schema dooby doo part two (#2071) 
* scim strings!
* mapmapmap
* mapmapmap -comments and map
* updating delete teest
* fixing some tests
 2023-09-05 16:58:42 +10:00
Firstyear 538429838d
When an empty body was returned, do request would error incorrectly (#2074) 2023-09-05 14:14:00 +10:00
James Hodgkinson 1d88cede1b
Yak hassling (#2059) 
* trying this query thing again
* if error show error not panic
* clippyism
* moving dependencies around and fixing log messages for healthcheck
* cleaning up some comment mess
* fixing the "debug thing breaks packaging" issue and test failures
 2023-09-05 11:50:51 +10:00
dependabot[bot] 07c9a9078e
chore(deps): bump tower-http from 0.4.3 to 0.4.4 (#2064) 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-03 21:04:53 +00:00
Sebastiano Tocci f2e9c8a16e
Add tests for X-Forwarded-For header (kinda) (#1957) 
* Add tests for X-Forwarded-For header (kinda)
* testing for invalid header format
* added debug endpoint and got tests working
* various fixing here and there
 2023-08-31 09:31:16 +08:00
Firstyear 5bd69b81b8
Clear cache before verify on some low-level tests (#2044) 2023-08-29 12:26:29 +10:00
Firstyear 0f977d33b9
68 20230828 replication of schema (#2045) 2023-08-29 12:20:27 +10:00
Firstyear da56738dea
pam multistep auth state machine (#2022) 
Himmelblau needs to maintain some data about the state of an authentication across the course of pam exchanges.

Signed-off-by: David Mulder <dmulder@samba.org>
Co-authored-by: David Mulder <dmulder@samba.org>
 2023-08-28 09:27:29 +10:00
Samuel Cabrero 9dda8b1ad3
Authentication shortcut to get a RW session (#1993) 
* auth: Add a privileged flag to AuthStep::Init2 step to request a rw session

The privileged flag is defined as Option<bool> for compatibility with
existing clients.
 2023-08-24 09:54:33 +10:00
Sebastiano Tocci 47e953bfd2
wopsies, missing imports (#2023) 
* wopsies, missing imports
* more clippy and fmt
* adding test build for kanidm with idv-tui feature
* making codespell happy

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-08-23 22:40:25 +10:00
Sebastiano Tocci 70b19f0630
idv cli (#2001) 2023-08-23 20:51:24 +10:00
James Hodgkinson def4420c4c
pykanidm updoots (#2019) 
* fixing some derpitude in headers and auth, adding tests
* dox fox
* cleaning up typing
 2023-08-23 13:55:08 +10:00
Firstyear 2355dbfead
68 20230821 replication (#2020) 
* Resolve spn incremental replication
 2023-08-23 11:17:13 +10:00
Sebastiano Tocci eb7527379b
Configurable session timeouts (#1965) 
* added `auth_session_expiry` and `auth_privilege_expiry`
* Added `AcountPolicy` struct
* spelling and stuff
* added cli tools
 2023-08-22 11:00:43 +10:00
James Hodgkinson 05b35df413
Less human strings more enums (#1989) 
* statics or enums you choose
* acp rewrite, defined SchemaAcp as a test
* macros and targetscopes and filters oh my
 2023-08-21 17:16:43 +10:00
dependabot[bot] 75263c6214
chore(deps): bump gloo-timers from 0.2.6 to 0.3.0 (#2011) 
Bumps [gloo-timers](https://github.com/rustwasm/gloo) from 0.2.6 to 0.3.0.
- [Release notes](https://github.com/rustwasm/gloo/releases)
- [Changelog](https://github.com/rustwasm/gloo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/gloo/compare/gloo-timers-v0.2.6...0.3.0)

---
updated-dependencies:
- dependency-name: gloo-timers
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-20 23:40:42 +00:00
James Hodgkinson 01cdeedc72
reordering layers so the web server works in non-debug-mode (#1999) 2023-08-19 11:00:53 +10:00
Firstyear f6001504a9
20230817 idv migration (#1992) 
* Must attr
* Post merge cleanup of idv
 2023-08-18 20:29:00 +10:00
Samuel Cabrero 17741c4929
daemon: kanidmd version requires a config file to run (#1959) (#1990) 
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
 2023-08-17 17:02:24 +10:00
Firstyear bc341af9d8
Resolve issues with dyngroup members (#1986) 2023-08-17 15:52:12 +10:00
Firstyear 0183ae6c71
Revert "sqlite where IN for id entry (#1988)" (#1991) 
This reverts commit 46f9a36a1c.
 2023-08-17 13:47:11 +10:00
James Hodgkinson 46f9a36a1c
sqlite where IN for id entry (#1988) 
Fixes #258
 2023-08-17 13:32:41 +10:00
Sebastiano Tocci 003234c2d0
Identity verification feature (#1819) 2023-08-16 21:02:48 +10:00
Firstyear 87866c568b
1982 service account access (#1985) 
* Fix issue with incorrect filter class preventing service account delete
 2023-08-16 15:33:28 +10:00
James Hodgkinson 9a6168b67d
Fixing test release (#1983) 
* Fixing cargo test --release

* more tracing less dbg
 2023-08-15 15:42:15 +10:00
James Hodgkinson 83f189fed3
error handling and web server logging fixes (#1960) 
* Fixing the setup_dev_environment script
* clippy calming
* handle_internalunixusertokenread throwing 500's without context
Fixes #1958
 2023-08-14 20:47:49 +10:00
James Hodgkinson aba9f6a724
Struct-ifying schema things (#1971) 
* structifying things
 2023-08-14 19:39:49 +10:00
James Hodgkinson 9246293922
Fighting with zypper, tagging our images (#1964) 
* fighting weird build issues

* labels are better outside

* ugh that stupid linter

* why do you always lint on me

* neat

* adding comments
 2023-08-14 10:06:53 +10:00
James Hodgkinson cc79f7eba1
Are we JSON yet? Kinda. But we're closer. (#1967) 2023-08-14 08:51:44 +10:00
J. B. Crawford 054b580fe6
Allow one-character usernames (#1941) 2023-08-10 08:09:18 +10:00
Sebastiano Tocci c742497866
providing server configuration in the testkit::test macro (#1953) 2023-08-08 20:01:18 +10:00
Sebastiano Tocci 5d96412181
replaced skip_serializing_if with skip_serializing_none (#1932) 
* replaced `skip_serializing_if` with `skip_serializing_none`
 2023-08-03 08:51:30 +10:00
Sebastiano Tocci d50373e64b
fixed serialization of oauth2 token scope (#1930) 2023-08-02 09:50:57 +10:00
Sebastiano Tocci de45732322
added compression layer for the pkg route (#1928) 2023-08-02 08:10:46 +10:00
Firstyear bf3e16cbd3
Resolve issue with publishing (#1925) 
* Resolve issue with publishing

* Fix version
 2023-08-01 17:25:32 +10:00
Firstyear 0fe5ff0f87
Set dev version (#1924) 2023-08-01 15:23:07 +10:00
Firstyear 689c7c74f6
Release 1.1.0-beta.13 (#1922) 2023-08-01 15:12:35 +10:00
Firstyear cccc20ea42
20230731 release (#1921) 
* Cleanup how we check for last git commit to avoid an insecure dep
* Resolve unmaintained or old deps
* Fix ci
 2023-07-31 22:27:21 +10:00
Firstyear 62ce42f8c1
Improve default shells for distros (#1920) 2023-07-31 14:58:27 +10:00
Firstyear d731b20a9d
20230728 techdebt paydown (#1909) 2023-07-31 12:20:52 +10:00
James Hodgkinson ea4d755d7b
chasing weirdness (#1910) 
* security headers, fixing error on empty username, handling login without SPN better

* making deno happy

* cleaning up windows build
 2023-07-31 10:49:59 +10:00
Firstyear 99b761c966
20230727 unix int modularity (#1907) 2023-07-28 10:48:56 +10:00
Firstyear 8f282e3a30
68 20230720 replication improvements (#1905) 2023-07-27 12:30:22 +10:00
Firstyear 54544075c1
Improve service file for host installs (#1901) 2023-07-25 12:23:47 +10:00
Firstyear e17dcc0ddb
1788 admin unix socket (#1880) 2023-07-24 10:05:10 +10:00
dependabot[bot] 2a65bc11a3
chore(deps): bump axum-macros from 0.3.7 to 0.3.8 (#1892) 
Bumps [axum-macros](https://github.com/tokio-rs/axum) from 0.3.7 to 0.3.8.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.3.7...axum-macros-v0.3.8)

---
updated-dependencies:
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-23 21:30:20 +00:00
dependabot[bot] f76edfc995
chore(deps): bump tower-http from 0.4.1 to 0.4.3 (#1888) 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.1 to 0.4.3.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.1...tower-http-0.4.3)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-23 21:02:56 +00:00
Sebastiano Tocci fa78c4bbb4
added hsts header middleware (#1882) 
* added hsts header middleware
* Update header to use the strongly typed version
 2023-07-22 13:16:10 -07:00
Firstyear 79ff5e9775
1785 allow sync attr yielding via partial write admin (#1879) 2023-07-19 11:42:53 +10:00
Firstyear 4f3f7e2708
Revert to opensuse based radius container. (#1878) 2023-07-19 11:41:57 +10:00
Sebastiano Tocci e5748fdebb
Unix gid duplicate fix (#1876) 
* added gid removal only when the gid is actually set and updated tests

---------

Signed-off-by: Sebastiano Tocci <seba.tocci@gmail.com>
 2023-07-19 09:44:51 +10:00
Firstyear 60a1cdf9d8
Sync account import improvements (#1873) 2023-07-18 08:49:22 +10:00
James Hodgkinson 5cd62eb974
Upgraded clap, removing atty as a dependency (#1849) 
* upgraded clap, removing atty as a dependency
* changing the PR template so when you add a list up the top it doesn't break the bottom
 2023-07-13 12:19:28 +10:00
Firstyear c260f1244d
Ensure we dont use std hashmaps (#1848) 
* Ensure we dont use std hashmaps
* coalescing the clippy config files

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-07-13 06:51:40 +10:00
Firstyear 07580cf57a
Improve selinux in tasks daemon (#1847) 2023-07-11 15:39:28 +10:00
James Hodgkinson 749522418c
headless webdriver testing, starting on brotli feature (#1844) 
* headless chromedriver testing
* updating build scripts
 2023-07-10 16:49:09 +10:00
dependabot[bot] 9562accde0
chore(deps): bump is-terminal from 0.4.8 to 0.4.9 (#1837) 
Bumps [is-terminal](https://github.com/sunfishcode/is-terminal) from 0.4.8 to 0.4.9.
- [Commits](https://github.com/sunfishcode/is-terminal/compare/v0.4.8...v0.4.9)

---
updated-dependencies:
- dependency-name: is-terminal
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-09 21:41:11 +00:00
Yuri Iozzelli e2d7b53367
Allow Authorization header in CORS preflight response (#1831) 
This is needed for public clients running as SPAs (like OCIS).
 2023-07-10 06:53:02 +10:00
Firstyear a818cebc85
Add preflight headers (#1829) 2023-07-09 12:06:40 +10:00
Firstyear 0e53476a76
Persist nonce through refresh to support client (#1826) 2023-07-08 20:30:30 +10:00
Firstyear 72bca853f7
Cleanup spa handling (#1825) 2023-07-08 16:37:15 +10:00
Firstyear 8e1e533f40
1792 public oauth clients (#1821) 2023-07-07 18:53:31 +10:00
Firstyear d1f51f0a84
1812 1813 post axum cleanup (#1817) 2023-07-06 19:34:53 +10:00
James Hodgkinson cc35654388
Converting from tide to axum (#1797) 
* Starting to chase down testing
* commenting out unused/inactive endpoints, adding more tests
* clippyism
* making clippy happy v2
* testing when things are not right
* moar checkpoint
* splitting up testkit things a bit
* moving https -> tide
* mad lad be crabbin
* spawning like a frog
* something something different spawning
* woot it works ish
* more server things
* adding version header to requests
* adding kopid_middleware
* well that was supposed to be an hour... four later
* more nonsense
* carrying on with the conversion
* first pass through the conversion is DONE!
* less pub more better
* session storage works better, fixed some paths
* axum-csp version thing
* try a typedheader
* better openssl config things
* updating lockfile
* http2
* actually sending JSON when we say we will!
* just about to do something dumb
* flargl
* more yak shaving
* So many clippy-isms, fixing up a query handler bleep bloop
* So many clippy-isms, fixing up a query handler bleep bloop
* fmt
* all tests pass including basic web logins and nav
* so much clippyism
* stripping out old comments
* fmt
* commenty things
* stripping out tide
* updates
* de-tiding things
* fmt
* adding optional header matching ,thanks @cuberoot74088
* oauth2 stuff to match #1807 but in axum
* CLIPPY IS FINALLY SATED
* moving scim from /v1/scim to /scim
* one day clippy will make sense
* cleanups
* removing sketching middleware
* cleanup, strip a broken test endpoint (routemap), more clippy
* docs fmt
* pulling axum-csp from the wrong cargo.toml
* docs fmt
* fmt fixes
 2023-07-05 22:26:39 +10:00
Firstyear 17fa61ceeb
Add client UX for redirecting to an external portal for synced accounts (#1791) 2023-07-05 09:13:06 +10:00
Firstyear 9d462b4b00
Add cors policy (#1807) 2023-07-04 19:20:31 +10:00
Firstyear 83e4d3a85e
Improve durability of migrations (#1804) 2023-07-03 12:20:11 +10:00
James Hodgkinson cd7f1781ad
clippy-izing an unsafe in pam (#1795) 2023-07-03 11:13:45 +10:00
James Hodgkinson 3e4c8f6241
Fixing the kanidmd healthcheck (#1789) 
* fixing the health check
* fixing pages while I am here
* flipping options like I flip burgers
* using the config-supplied cert
 2023-06-28 19:41:24 +10:00
Sebastiano Tocci 9a3c12a79d
Name change history (#1727) 2023-06-28 18:34:44 +10:00
James Hodgkinson cc1cc691f3
Started chasing noise, found some code to delete... (#1768) 
logging changes:

* Offering auth mechanisms -> debug
* 404's aren't really warnings
* double tombstone message, one goes to debug

other changes:

* CSP changes to allow the bootstrap images to load
* more testing javascriptfile things, I R 
* it's nice to know where things are
* putting non-rust web things in static/ instead of src/
* RequestCredentials::SameOrigin is the default, also adding a utility function to save dupe code. Wow this saved... kilobytes.
* removing commented code, fixing up codespell config
* clippyisms
* wtf, gha
* dee-gloo-ing some things
* adding some ubuntu build test things
* sigh rustwasm/wasm-pack/issues/1138
* more do_request things
* packaging things
* hilarious dev env setup script
* updated script works, all the UI works, including the experimental UI for naughty crabs
* deb package fixes
* fixed some notes
* setup experimental UI tweaks
 2023-06-27 11:38:22 +10:00
Firstyear a20dd3b113
Remove r2d2 - sad beep noises (#1766) 2023-06-24 16:15:31 +10:00
James Hodgkinson f25bd5bb65
Kanidmd is a bit noisy (#1765) 
* the log_level config option works in kanidmd now
* anon event -> debug
* some more debuggy things
* removing some dupe events for the same thing
 2023-06-24 15:56:01 +10:00
Firstyear d5670d0add
Ux improvements - Allow enrolling other devices (#1764) 2023-06-24 12:24:13 +10:00
Firstyear f3080df628
Implement tpm binding of cached password hashes (#1754) 2023-06-21 20:33:01 +10:00
Firstyear 4725d625af
Remove scripts that are no longer required (#1759) 2023-06-21 15:52:19 +10:00
James Hodgkinson 41d8fece68
OAuth2 secret JSON (#1758) 
* clippyisms
* adding JSON support for oauth2 show-basic-token, slight refactor on OutputMode
 2023-06-21 13:53:22 +10:00
Firstyear 8d2565773e
Resolve codespell issues (#1753) 2023-06-20 13:19:21 +10:00
Firstyear 8b331325ae
Add tls generator to main kanidmd (#1743) 2023-06-19 20:51:44 +10:00
Firstyear 6513fae5e2
1737 1739 sync - map uidnumbers mail (#1741) 2023-06-16 19:15:36 +10:00
Firstyear c65be8174a
Add support for argon2id (#1736) 2023-06-16 13:26:05 +10:00
Firstyear a77a7aa2a4
20230614 unix account security - move account name deny to unixd (#1733) 2023-06-15 13:24:53 +10:00
Sebastiano Tocci 76cee8cecb
fixed return value of add_ava_int (#1735) 2023-06-14 21:28:43 +10:00
Sebastiano Tocci cc5f21eee5
added pre_cand entries to both pre_modify and pre_batch_modify plugin functions (#1732) 2023-06-13 19:46:41 +10:00
Firstyear 0eaab19775
20230608 ldap sync (#1728) 2023-06-13 14:26:50 +10:00
Firstyear c5c483be98
Add acp allowing service accounts to clear their own sessions (#1731) 2023-06-13 14:10:28 +10:00
Firstyear 8cd45eaa35
Declare when no applications are available (#1730) 2023-06-13 11:11:43 +10:00
Firstyear 38f8ab2f99
Fix ip addr parse (#1729) 2023-06-13 11:11:27 +10:00
James Hodgkinson 18fe86db26
X-Forwarded-For catcher - improve ip addr parsing (#1725) 2023-06-12 12:14:34 +10:00
Firstyear 0ba4aec86b
Absolutely minimal implementation (#1711) 
* Absolutely minimal implementation

* Add support for ip address to audit event
 2023-06-08 20:17:46 +10:00
Firstyear 152bf95e71
Add further incremental replication tests (#1707) 2023-06-07 14:14:43 +10:00
Firstyear 6862a529ab
Improve diagnostic and docs of ldap bind requiring posix password (#1702) 2023-06-05 22:08:16 +10:00
Sebastiano Tocci 1c1b54df86
Crono expression parser fix (#1682) 2023-06-03 13:07:29 +10:00
Firstyear 10fa229cf1
Resolve ability to delete ssh keys with spaces in tags (#1674) 2023-05-29 16:11:00 +10:00
Firstyear 8a548fe13e
20230526 incremental replication improvements (#1659) 
* Improve refresh ruv checking
* Expand comments for tests, add basic attribute merge statemachine
 2023-05-29 08:53:27 +10:00
Firstyear 2752965de1
Add more replication tests, improve some handling of tombstones. (#1656) 2023-05-26 12:18:53 +10:00
Firstyear 0a16434bdc
during service account recovery, remove incompatible credentials (#1650) 2023-05-25 10:47:39 +10:00
James Hodgkinson fcab605320
Time travelling (#1648) 
* yeet the time package into the future (updating min time version to 0.3.21)
* CI change to catch web ui builds in future, updating SCIM requirements
* removing allow deprecated flag
* making references to rfc3339 formatter shorter
* clippyisms
* fmt
 2023-05-25 08:25:16 +10:00
Firstyear 48c620e43a
20230508 replication incremental (#1620) 2023-05-23 13:25:22 +10:00
James Hodgkinson 6e559a2eb4
fixing up some spelling errors (#1618) 2023-05-11 08:30:13 +10:00
Firstyear 6afb15ca92
20230505 replication groundwork - ruv consistency improvements (#1606) 2023-05-08 18:25:27 +10:00
Firstyear 125f138a50
20230506 ignore some references (#1600) 
* Self heal from some invalid ref type issues
 2023-05-06 23:09:38 +10:00
Firstyear d9b79ba6d1
Harden migrate session to prevent duplicate migration errors (#1599) 2023-05-06 22:56:52 +10:00
Firstyear 8eb031424a
Start next dev cycle (#1589) 2023-05-01 12:33:12 +10:00
Firstyear bcdbb1837a
Release 1.1.0-alpha.12 (#1588) 2023-05-01 11:07:44 +10:00
Firstyear ca5ed43b5d
Correctly prevent start up when https sockets in use (#1579) 2023-04-28 19:36:47 +10:00
Firstyear 1974d27dd8
Filter rdns and dns for ldap filters (#1576) 2023-04-27 22:37:44 +10:00
Firstyear 49a767179c
Cleanup incorrect log errors of denied entries (#1577) 2023-04-27 15:38:45 +10:00
Firstyear 33f0034b80
20230424 clippppppppppppyyyyyyyy (#1574) 
* Resolve a lot of clips
 2023-04-26 21:55:42 +10:00
Firstyear c670069db1
Add exclusive process lock to Kanidm to prevent accidental duplicate commands. (#1575) 2023-04-26 21:09:18 +10:00
Firstyear ea57b7e990
Improve user experince of refreshing with intent tokens during cred update (#1556) 2023-04-24 09:47:34 +10:00
Firstyear db8cf8883b
Fix incompatible future warnings by removing older crates (#1554) 2023-04-20 15:49:51 +10:00
Firstyear 155c93c931
20230330 oauth2 refresh tokens (#1502) 2023-04-20 08:34:21 +10:00
MinhPhan8803 3e860feb13
AuthSession non empty vec part 2 (#1543) 2023-04-18 10:19:52 +10:00
Firstyear 68b8bf71fb
Improve unicode control character detection (#1539) 2023-04-12 15:53:02 +10:00
MinhPhan8803 bd1215299a
Authsession non empty vec (#1522) 2023-04-08 10:00:45 +10:00
dependabot[bot] 9fa3e4b889
chore(deps): bump syn from 1.0.109 to 2.0.10 (#1499) 
* chore(deps): bump syn from 1.0.109 to 2.0.10

Bumps [syn](https://github.com/dtolnay/syn) from 1.0.109 to 2.0.10.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.109...2.0.10)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* minor fixes to support new syn version

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-03-30 16:35:10 +10:00
MinhPhan8803 f5fbf43991
Be non empty vec (#1501) 2023-03-30 11:41:52 +10:00
Firstyear c1f62674f5
1496 ldap basedn config (#1500) 2023-03-29 09:34:43 +10:00
Firstyear 2095efe45d
Improve string validation (#1497) 2023-03-28 12:42:06 +10:00
Firstyear 4718f2dc6b
1115 priv (reauth, sudo) mode (#1479) 2023-03-27 11:38:09 +10:00
MinhPhan8803 00f36f280e
Server daemon logging and exit codes (#1475) 2023-03-23 14:35:42 +10:00
James Hodgkinson 6d2b7dd504
Image fixes in the build (#1441) 
* Crabs were not waving - Fixes #1440
* codespell fixes
 2023-03-13 10:41:16 +10:00
Sebastiano Tocci 36f1efa559
User auth token session display implementation (#1415) 
* removed old todo from #62
* implemented proper display for user_auth_token_session
* auth-token-session display fixes
* updated contributors list

---------

Co-authored-by: Firstyear <william@blackhats.net.au>
 2023-03-07 14:33:51 +10:00
James Hodgkinson 5573ab9224
RADIUS container fixes (#1424) 2023-03-07 11:50:45 +10:00
Firstyear ff78dc8f38
Hopefully fix exp issues by making it a stable part of the access token. (#1434) 2023-03-06 16:17:19 +10:00
dependabot[bot] 113258d523
chore(deps): bump base64 from 0.13.1 to 0.21.0 (#1350) 
* chore(deps): bump base64 from 0.13.1 to 0.21.0

Bumps [base64](https://github.com/marshallpierce/rust-base64) from 0.13.1 to 0.21.0.
- [Release notes](https://github.com/marshallpierce/rust-base64/releases)
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md)
- [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.13.1...v0.21.0)

---
updated-dependencies:
- dependency-name: base64
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* base64 fixes

* fmt fixes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-03-06 13:57:21 +10:00
Firstyear 0e57b6f914
1399 some async cleanup (#1421) 
* More cleanerer
* More async!
* Fix up tests
 2023-03-03 17:53:54 +10:00
Christopher Acosta 3c3e8b1e82
Web UI: Sort group memberships of profile (#1410) 2023-03-03 09:21:26 +10:00
Firstyear e33beea89d
1399 cleanup cli docs (#1413) 
* Cleanup cli args
* Update book
* Update wasm
* making the CI happy


---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-03-02 12:47:23 +10:00
Firstyear 00cca81012
1399 cleanup reorg (#1412) 2023-03-01 13:10:52 +10:00