mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2140 commits 17 branches 59 tags 246 MiB
Commit graph

2140 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot] 540de971ad
chore(deps-dev): bump the all group in /pykanidm with 3 updates (#2747) 
Bumps the all group in /pykanidm with 3 updates: [coverage](https://github.com/nedbat/coveragepy), [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings) and [ruff](https://github.com/astral-sh/ruff).


Updates `coverage` from 7.5.0 to 7.5.1
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.5.0...7.5.1)

Updates `mkdocstrings` from 0.25.0 to 0.25.1
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.25.0...0.25.1)

Updates `ruff` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.4.2...v0.4.3)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-07 00:09:53 +00:00
dependabot[bot] d816123c09
chore(deps-dev): bump jinja2 from 3.1.3 to 3.1.4 in /pykanidm (#2752) 
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-06 23:41:16 +00:00
James Hodgkinson aefcdc5ee8
Fixing up build for rust 1.78, hiding things behind cfg(test) etc. (#2753) 
* fixing up build for rust 1.78, hiding things behind cfg(test) etc.
* cleaning up version identifier handling in book gen
 2024-05-07 09:00:55 +10:00
Matthew Wilks a67d1f5160
Fix broken links in <details> sections (#2737) 2024-05-01 05:06:59 +00:00
Firstyear 1fb8165825
Update Webauthn and Base64 (#2734) 2024-05-01 04:10:18 +00:00
Firstyear 59162236f5
Add some metadata for lib macros (#2735) 2024-05-01 13:34:39 +10:00
dependabot[bot] ef2701687e
chore(deps): bump the all group in /pykanidm with 7 updates (#2729) 
Bumps the all group in /pykanidm with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.7.0` | `2.7.1` |
| [mypy](https://github.com/python/mypy) | `1.9.0` | `1.10.0` |
| [pytest](https://github.com/pytest-dev/pytest) | `8.1.1` | `8.2.0` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.4.4` | `7.5.0` |
| [black](https://github.com/psf/black) | `24.4.0` | `24.4.2` |
| [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings) | `0.24.3` | `0.25.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.4.1` | `0.4.2` |


Updates `pydantic` from 2.7.0 to 2.7.1
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.7.0...v2.7.1)

Updates `mypy` from 1.9.0 to 1.10.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/1.9.0...v1.10.0)

Updates `pytest` from 8.1.1 to 8.2.0
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/8.1.1...8.2.0)

Updates `coverage` from 7.4.4 to 7.5.0
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.4...7.5.0)

Updates `black` from 24.4.0 to 24.4.2
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/24.4.0...24.4.2)

Updates `mkdocstrings` from 0.24.3 to 0.25.0
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.24.3...0.25.0)

Updates `ruff` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.4.1...v0.4.2)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-29 07:19:45 +10:00
Firstyear 5ff482542b
Clean up utils password rand generation. (#2727) 
We previously used a "performance" optimisation in our password generation
that was likely not needed. This optimisation did *not* impact password
entropy or quality in the generation.

To improve clarity, swap to the Uniform distribution instead.
 2024-04-27 23:22:39 +10:00
Firstyear 2e206b2488
Release 1.2.0 prep (#2724) 
* Release 1.2.0 prep

* Update release notes based on feedback
 2024-04-26 06:56:47 +00:00
Firstyear 58cfc8bdf9
Minor upgrade fixes (#2722) 2024-04-24 17:21:45 +10:00
Firstyear acc800f00e
Resolve OAuth2 client/rs confusion (#2719) 
* Resolve OAuth2 client/rs confusion

* feedback
 2024-04-24 15:34:50 +10:00
Firstyear 3707124218
Improve access control doc to describe privilege access mode (#2721) 
* Improve access control doc to describe privilege access mode

* Update book/src/access_control/intro.md

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-04-24 04:29:58 +00:00
Firstyear afc130ab89
Support 1.1 attribute in LDAP (#2720) 2024-04-24 13:46:56 +10:00
Firstyear afd674d346
Add mail support to groups (#2718) 
* Add mail support to groups

* Update libs/client/src/group.rs

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-04-23 07:08:28 +00:00
Firstyear 604adccdae
Add session limit (#2714) 2024-04-23 16:02:42 +10:00
Sebastiano Tocci 9354c180af
added profile and memberof search to the basic model (#2712) 
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-04-23 10:30:38 +10:00
dependabot[bot] a0f743d8c8
chore(deps): bump the all group in /pykanidm with 4 updates (#2717) 
Bumps the all group in /pykanidm with 4 updates: [aiohttp](https://github.com/aio-libs/aiohttp), [mkdocs-material](https://github.com/squidfunk/mkdocs-material), [mkdocstrings-python](https://github.com/mkdocstrings/python) and [ruff](https://github.com/astral-sh/ruff).


Updates `aiohttp` from 3.9.4 to 3.9.5
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.9.4...v3.9.5)

Updates `mkdocs-material` from 9.5.17 to 9.5.18
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.17...9.5.18)

Updates `mkdocstrings-python` from 1.9.2 to 1.10.0
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.9.2...1.10.0)

Updates `ruff` from 0.3.7 to 0.4.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.7...v0.4.1)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-22 07:25:52 +10:00
Joost Rijneveld 5485483aba
Fix typo in oauth2 error message (#2715) 
Removes a duplicate 'again'
 2024-04-20 22:55:35 +00:00
Firstyear 62bbd7e3ea
20240409 rework orca markov (#2699) 
Improve the models and what can be performed in the orca benchmarks.

---------

Co-authored-by: Sebastiano Tocci <seba.tocci@gmail.com>
Co-authored-by: Sebastiano Tocci <sebastiano.tocci@proton.me>
 2024-04-16 23:35:16 +00:00
Firstyear d7834b52e6
Begin the basis of the key provider model (#2640) 
This completely reworks how we approach and handle cryptographic keys in Kanidm. This is needed as a foundation for replication coordination which will require handling and rotation of cryptographic keys in automated ways. 

This change influences many other parts of the code base in it's implementation.

The primary influences are:

* Modification of how domain user signing keys are revoked or rotated.
* Merging of all existing service-account token keys are retired (retained) keys into the domain to simplify token signing and validation
* Allowing multiple configurations of local command line tools to swap between instances using disparate signing keys.
* Modification of key retrieval to be key id based (KID), removing the need to embed the JWK into tokens

A side effect of this change is that most user authentication sessions and oauth2 sessions will have to be re-established after upgrade. However we feel that session renewal after upgrade is an expected side effect of an upgrade. 

In the future this lays the ground work to remove a large number of legacy key handling processes that have evolved, which will allow large parts of code to be removed.
 2024-04-15 23:44:37 +00:00
dependabot[bot] dfac06608a
chore(deps): bump the all group in /pykanidm with 4 updates (#2707) 
Bumps the all group in /pykanidm with 4 updates: [pydantic](https://github.com/pydantic/pydantic), [aiohttp](https://github.com/aio-libs/aiohttp), [black](https://github.com/psf/black) and [ruff](https://github.com/astral-sh/ruff).


Updates `pydantic` from 2.6.4 to 2.7.0
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.6.4...v2.7.0)

Updates `aiohttp` from 3.9.3 to 3.9.4
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.9.3...v3.9.4)

Updates `black` from 24.3.0 to 24.4.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/24.3.0...24.4.0)

Updates `ruff` from 0.3.5 to 0.3.7
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.5...v0.3.7)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-14 22:50:07 +00:00
dependabot[bot] 5deab930aa
chore(deps): bump peaceiris/actions-mdbook from 1 to 2 in the all group (#2706) 
Bumps the all group with 1 update: [peaceiris/actions-mdbook](https://github.com/peaceiris/actions-mdbook).


Updates `peaceiris/actions-mdbook` from 1 to 2
- [Release notes](https://github.com/peaceiris/actions-mdbook/releases)
- [Changelog](https://github.com/peaceiris/actions-mdbook/blob/main/CHANGELOG.md)
- [Commits](https://github.com/peaceiris/actions-mdbook/compare/v1...v2)

---
updated-dependencies:
- dependency-name: peaceiris/actions-mdbook
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-15 08:25:44 +10:00
dependabot[bot] b65172a6aa
chore(deps): bump idna from 3.4 to 3.7 in /pykanidm (#2703) 
Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.4...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-12 01:57:15 +00:00
Daniil Egortsev f252035254
fix(TotpDigits): fix typo in TryFrom impl (#2702) 2024-04-11 10:31:34 +10:00
dependabot[bot] 2ef84d8606
chore(deps-dev): bump the all group in /pykanidm with 4 updates (#2696) 
Bumps the all group in /pykanidm with 4 updates: [mkdocs-material](https://github.com/squidfunk/mkdocs-material), [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings), [mkdocstrings-python](https://github.com/mkdocstrings/python) and [ruff](https://github.com/astral-sh/ruff).


Updates `mkdocs-material` from 9.5.16 to 9.5.17
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.16...9.5.17)

Updates `mkdocstrings` from 0.24.1 to 0.24.3
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.24.1...0.24.3)

Updates `mkdocstrings-python` from 1.9.0 to 1.9.2
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.9.0...1.9.2)

Updates `ruff` from 0.3.4 to 0.3.5
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.4...v0.3.5)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-08 08:28:39 +10:00
dependabot[bot] 29b7c63b91
chore(deps): bump h2 from 0.3.25 to 0.3.26 (#2694) 
Bumps [h2](https://github.com/hyperium/h2) from 0.3.25 to 0.3.26.
- [Release notes](https://github.com/hyperium/h2/releases)
- [Changelog](https://github.com/hyperium/h2/blob/v0.3.26/CHANGELOG.md)
- [Commits](https://github.com/hyperium/h2/compare/v0.3.25...v0.3.26)

---
updated-dependencies:
- dependency-name: h2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-06 13:07:22 +10:00
David Mulder bec8c9058c
Windows Hello Authentication requirements (#2688) 
* Add keystore to unix_user_online_auth_init

Himmelblau needs this to check whether the device
is enrolled in the domain (via the presence of
TPM keys), to know whether to attempt Windows
Hello PIN auth, or to enroll first in the domain.

Signed-off-by: David Mulder <dmulder@samba.org>

* Implement PIN setup

After enrolling in a domain, Himmelblau will
prompt the user to choose a pin, which will be
the auth value for an associated Windows Hello
TPM key. We loop here until the values match.
Otherwise no validation is performed. Validation
can be done by the id provider, and can send an
additional request to PAM if the PIN is invalid.

Signed-off-by: David Mulder <dmulder@samba.org>

* Add Pin authentication

After setting up a Windows Hello pin, users can
authentication using this pin.

Signed-off-by: David Mulder <dmulder@samba.org>
 2024-04-05 08:50:37 +10:00
dependabot[bot] 30179e900c
chore(deps): bump the all group with 1 update (#2690) 
Bumps the all group with 1 update: [actions/configure-pages](https://github.com/actions/configure-pages).


Updates `actions/configure-pages` from 4 to 5
- [Release notes](https://github.com/actions/configure-pages/releases)
- [Commits](https://github.com/actions/configure-pages/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/configure-pages
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-02 07:49:02 +10:00
dependabot[bot] 898ab53035
chore(deps-dev): bump the all group in /pykanidm with 1 update (#2691) 
Bumps the all group in /pykanidm with 1 update: [mkdocs-material](https://github.com/squidfunk/mkdocs-material).


Updates `mkdocs-material` from 9.5.15 to 9.5.16
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.15...9.5.16)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-01 09:09:53 +10:00
Georg a61038f400
Require kanidm-unixd before kanidm-unixd-tasks (#2687) 
The kanidm-unixd-tasks service refuses to start before kanidm-unixd:

```
systemd[1]: Started Kanidm Local Tasks.
(xd_tasks)[29469]: kanidm-unixd-tasks.service: Failed to set up mount namespacing: /run/systemd/unit-root/run/kanidm-unixd: No such file or directory
(xd_tasks)[29469]: kanidm-unixd-tasks.service: Failed at step NAMESPACE spawning /usr/sbin/kanidm_unixd_tasks: No such file or directory
systemd[1]: kanidm-unixd-tasks.service: Main process exited, code=exited, status=226/NAMESPACE
systemd[1]: kanidm-unixd-tasks.service: Failed with result 'exit-code'.
```

Resolve this by ensuring kanidm-unixd gets activated as a dependency.
The ordering ("After") is already in place.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2024-03-29 05:23:13 +00:00
Firstyear c09daa4643
kanidm unixd mfa capabilities (#2672) 
Improve the support for the resolver to support MFA options with pam. This enables async task spawning and cancelation via the resolver backend as well. 

Co-authored-by: David Mulder <dmulder@samba.org>
 2024-03-28 01:17:21 +00:00
Pavel Dostál 03ce2a0c32
Add Grafana integration to OAuth2 documentation (#2685) 
Signed-off-by: Pavel Dostál <pdostal@pdostal.cz>
 2024-03-26 09:43:43 +00:00
Firstyear 10ad183732
[SECURITY: LOW] Administrator triggered thread crash in oauth2 claim maps #2686 (#2686) 
When an admin configured oauth2 custom claims during the creation it
was not enforced that at least one value must be present. This led to
an incorrect logic flaw in str_concat! which didn't handle the 0 case.

This hardens str_concat! to prevent the thread crash by using itertools
for the join instead, and it enforces stricter validation on the valueset
to deny creation of empty claims.

This fix has a low security impact as only an administrator or high
level user can trigger this as a possible denial of service.

Fixes #2680 Fixes #2681
 2024-03-26 01:43:03 +00:00
Dustin Frisch e5702909d0
ldap-sync: allow to use attrs more than once (#2676) 2024-03-25 09:41:24 +00:00
dependabot[bot] acf05ca924
chore(deps-dev): bump the all group in /pykanidm with 4 updates (#2683) 
Bumps the all group in /pykanidm with 4 updates: [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio), [pytest-mock](https://github.com/pytest-dev/pytest-mock), [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [ruff](https://github.com/astral-sh/ruff).


Updates `pytest-asyncio` from 0.23.5.post1 to 0.23.6
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.23.5.post1...v0.23.6)

Updates `pytest-mock` from 3.12.0 to 3.14.0
- [Release notes](https://github.com/pytest-dev/pytest-mock/releases)
- [Changelog](https://github.com/pytest-dev/pytest-mock/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-mock/compare/v3.12.0...v3.14.0)

Updates `mkdocs-material` from 9.5.13 to 9.5.15
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.13...9.5.15)

Updates `ruff` from 0.3.3 to 0.3.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.3...v0.3.4)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-mock
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-25 00:01:55 +00:00
dependabot[bot] 7439093269
chore(deps): bump the all group with 1 update (#2682) 
Bumps the all group with 1 update: [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata).


Updates `dependabot/fetch-metadata` from 1 to 2
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](https://github.com/dependabot/fetch-metadata/compare/v1...v2)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-25 09:29:46 +10:00
alexvonme cc36fe7228
fix(docs): packaging section improved (#2677) 
* fix(docs): packaging section improved
* Update ppa_packages.md
 2024-03-23 22:54:52 +00:00
Matthew 1c124bdc20
Fix developer ethics link (#2674) 2024-03-21 23:29:40 +00:00
alexvonme 4849d9844b
fix(docs): filename, header and title mismatch fixes (#2660) 2024-03-20 12:43:33 +10:00
Firstyear fcc65e6fbe
20240312 concread upgrade (#2668) 
* Update concread
 2024-03-19 12:06:52 +07:00
alexvonme 9c40a18b01
fix(docs): capitalization fixes (#2659) 2024-03-19 01:01:13 +00:00
alexvonme ce526012da
fix(docs): links corrected (#2661) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-03-18 09:52:30 +00:00
Vladimir Dronnikov 3e0ec78a61
fix api typo (#2657) 2024-03-18 16:29:28 +07:00
dependabot[bot] e537cef5c3
chore(deps-dev): bump the all group in /pykanidm with 2 updates (#2662) 
Bumps the all group in /pykanidm with 2 updates: [black](https://github.com/psf/black) and [ruff](https://github.com/astral-sh/ruff).


Updates `black` from 24.2.0 to 24.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/24.2.0...24.3.0)

Updates `ruff` from 0.3.2 to 0.3.3
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.2...v0.3.3)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-18 11:06:39 +07:00
dependabot[bot] e62f7113a6
chore(deps): bump the all group in /pykanidm with 9 updates (#2656) 
Bumps the all group in /pykanidm with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.6.3` | `2.6.4` |
| [mypy](https://github.com/python/mypy) | `1.8.0` | `1.9.0` |
| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `8.1.1` |
| [types-toml](https://github.com/python/typeshed) | `0.10.8.7` | `0.10.8.20240310` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.4.3` | `7.4.4` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `0.23.5` | `0.23.5.post1` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.12` | `9.5.13` |
| [mkdocstrings-python](https://github.com/mkdocstrings/python) | `1.8.0` | `1.9.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.3.0` | `0.3.2` |


Updates `pydantic` from 2.6.3 to 2.6.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.6.3...v2.6.4)

Updates `mypy` from 1.8.0 to 1.9.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.8.0...1.9.0)

Updates `pytest` from 7.4.4 to 8.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.4.4...8.1.1)

Updates `types-toml` from 0.10.8.7 to 0.10.8.20240310
- [Commits](https://github.com/python/typeshed/commits)

Updates `coverage` from 7.4.3 to 7.4.4
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.4.3...7.4.4)

Updates `pytest-asyncio` from 0.23.5 to 0.23.5.post1
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.23.5...v0.23.5.post1)

Updates `mkdocs-material` from 9.5.12 to 9.5.13
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.12...9.5.13)

Updates `mkdocstrings-python` from 1.8.0 to 1.9.0
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.8.0...1.9.0)

Updates `ruff` from 0.3.0 to 0.3.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.0...v0.3.2)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: types-toml
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-15 10:20:07 +00:00
Merlijn a3ab0e39a6
Update bootstrap 5.0.2 to 5.3.3 & minor UI fixes (#2650) 2024-03-13 00:38:24 +00:00
José Fortún eec7b3fa05
fix(docs): typos, grammar and broken link fixes (#2644) 
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-03-12 03:38:43 +00:00
Vladimir Dronnikov 45f26888be
increase severity for "{:?} !⊆ allowed: {:?}" (#2648) 
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-03-12 03:08:50 +00:00
Martin Wurm a0357ad227
Add instructions on how to enable PKCE in Nextcloud (#2647) 2024-03-12 02:42:04 +00:00
Firstyear 285f4362b2
20230224 2437 orca remodel (#2591) 2024-03-09 16:09:15 +10:00