mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
1958 commits 17 branches 59 tags 246 MiB
Commit graph

309 commits

Author SHA1 Message Date
Sebastiano Tocci 003234c2d0
Identity verification feature (#1819) 2023-08-16 21:02:48 +10:00
Firstyear 87866c568b
1982 service account access (#1985) 
* Fix issue with incorrect filter class preventing service account delete
 2023-08-16 15:33:28 +10:00
James Hodgkinson 9a6168b67d
Fixing test release (#1983) 
* Fixing cargo test --release

* more tracing less dbg
 2023-08-15 15:42:15 +10:00
James Hodgkinson 83f189fed3
error handling and web server logging fixes (#1960) 
* Fixing the setup_dev_environment script
* clippy calming
* handle_internalunixusertokenread throwing 500's without context
Fixes #1958
 2023-08-14 20:47:49 +10:00
James Hodgkinson aba9f6a724
Struct-ifying schema things (#1971) 
* structifying things
 2023-08-14 19:39:49 +10:00
James Hodgkinson 9246293922
Fighting with zypper, tagging our images (#1964) 
* fighting weird build issues

* labels are better outside

* ugh that stupid linter

* why do you always lint on me

* neat

* adding comments
 2023-08-14 10:06:53 +10:00
James Hodgkinson cc79f7eba1
Are we JSON yet? Kinda. But we're closer. (#1967) 2023-08-14 08:51:44 +10:00
J. B. Crawford 054b580fe6
Allow one-character usernames (#1941) 2023-08-10 08:09:18 +10:00
Sebastiano Tocci c742497866
providing server configuration in the testkit::test macro (#1953) 2023-08-08 20:01:18 +10:00
Sebastiano Tocci 5d96412181
replaced skip_serializing_if with skip_serializing_none (#1932) 
* replaced `skip_serializing_if` with `skip_serializing_none`
 2023-08-03 08:51:30 +10:00
Sebastiano Tocci d50373e64b
fixed serialization of oauth2 token scope (#1930) 2023-08-02 09:50:57 +10:00
Sebastiano Tocci de45732322
added compression layer for the pkg route (#1928) 2023-08-02 08:10:46 +10:00
Firstyear bf3e16cbd3
Resolve issue with publishing (#1925) 
* Resolve issue with publishing

* Fix version
 2023-08-01 17:25:32 +10:00
Firstyear 0fe5ff0f87
Set dev version (#1924) 2023-08-01 15:23:07 +10:00
Firstyear 689c7c74f6
Release 1.1.0-beta.13 (#1922) 2023-08-01 15:12:35 +10:00
Firstyear cccc20ea42
20230731 release (#1921) 
* Cleanup how we check for last git commit to avoid an insecure dep
* Resolve unmaintained or old deps
* Fix ci
 2023-07-31 22:27:21 +10:00
Firstyear 62ce42f8c1
Improve default shells for distros (#1920) 2023-07-31 14:58:27 +10:00
Firstyear d731b20a9d
20230728 techdebt paydown (#1909) 2023-07-31 12:20:52 +10:00
James Hodgkinson ea4d755d7b
chasing weirdness (#1910) 
* security headers, fixing error on empty username, handling login without SPN better

* making deno happy

* cleaning up windows build
 2023-07-31 10:49:59 +10:00
Firstyear 99b761c966
20230727 unix int modularity (#1907) 2023-07-28 10:48:56 +10:00
Firstyear 8f282e3a30
68 20230720 replication improvements (#1905) 2023-07-27 12:30:22 +10:00
Firstyear 54544075c1
Improve service file for host installs (#1901) 2023-07-25 12:23:47 +10:00
Firstyear e17dcc0ddb
1788 admin unix socket (#1880) 2023-07-24 10:05:10 +10:00
dependabot[bot] 2a65bc11a3
chore(deps): bump axum-macros from 0.3.7 to 0.3.8 (#1892) 
Bumps [axum-macros](https://github.com/tokio-rs/axum) from 0.3.7 to 0.3.8.
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.3.7...axum-macros-v0.3.8)

---
updated-dependencies:
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-23 21:30:20 +00:00
dependabot[bot] f76edfc995
chore(deps): bump tower-http from 0.4.1 to 0.4.3 (#1888) 
Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.1 to 0.4.3.
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.1...tower-http-0.4.3)

---
updated-dependencies:
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-23 21:02:56 +00:00
Sebastiano Tocci fa78c4bbb4
added hsts header middleware (#1882) 
* added hsts header middleware
* Update header to use the strongly typed version
 2023-07-22 13:16:10 -07:00
Firstyear 79ff5e9775
1785 allow sync attr yielding via partial write admin (#1879) 2023-07-19 11:42:53 +10:00
Firstyear 4f3f7e2708
Revert to opensuse based radius container. (#1878) 2023-07-19 11:41:57 +10:00
Sebastiano Tocci e5748fdebb
Unix gid duplicate fix (#1876) 
* added gid removal only when the gid is actually set and updated tests

---------

Signed-off-by: Sebastiano Tocci <seba.tocci@gmail.com>
 2023-07-19 09:44:51 +10:00
Firstyear 60a1cdf9d8
Sync account import improvements (#1873) 2023-07-18 08:49:22 +10:00
James Hodgkinson 5cd62eb974
Upgraded clap, removing atty as a dependency (#1849) 
* upgraded clap, removing atty as a dependency
* changing the PR template so when you add a list up the top it doesn't break the bottom
 2023-07-13 12:19:28 +10:00
Firstyear c260f1244d
Ensure we dont use std hashmaps (#1848) 
* Ensure we dont use std hashmaps
* coalescing the clippy config files

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-07-13 06:51:40 +10:00
Firstyear 07580cf57a
Improve selinux in tasks daemon (#1847) 2023-07-11 15:39:28 +10:00
James Hodgkinson 749522418c
headless webdriver testing, starting on brotli feature (#1844) 
* headless chromedriver testing
* updating build scripts
 2023-07-10 16:49:09 +10:00
dependabot[bot] 9562accde0
chore(deps): bump is-terminal from 0.4.8 to 0.4.9 (#1837) 
Bumps [is-terminal](https://github.com/sunfishcode/is-terminal) from 0.4.8 to 0.4.9.
- [Commits](https://github.com/sunfishcode/is-terminal/compare/v0.4.8...v0.4.9)

---
updated-dependencies:
- dependency-name: is-terminal
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-09 21:41:11 +00:00
Yuri Iozzelli e2d7b53367
Allow Authorization header in CORS preflight response (#1831) 
This is needed for public clients running as SPAs (like OCIS).
 2023-07-10 06:53:02 +10:00
Firstyear a818cebc85
Add preflight headers (#1829) 2023-07-09 12:06:40 +10:00
Firstyear 0e53476a76
Persist nonce through refresh to support client (#1826) 2023-07-08 20:30:30 +10:00
Firstyear 72bca853f7
Cleanup spa handling (#1825) 2023-07-08 16:37:15 +10:00
Firstyear 8e1e533f40
1792 public oauth clients (#1821) 2023-07-07 18:53:31 +10:00
Firstyear d1f51f0a84
1812 1813 post axum cleanup (#1817) 2023-07-06 19:34:53 +10:00
James Hodgkinson cc35654388
Converting from tide to axum (#1797) 
* Starting to chase down testing
* commenting out unused/inactive endpoints, adding more tests
* clippyism
* making clippy happy v2
* testing when things are not right
* moar checkpoint
* splitting up testkit things a bit
* moving https -> tide
* mad lad be crabbin
* spawning like a frog
* something something different spawning
* woot it works ish
* more server things
* adding version header to requests
* adding kopid_middleware
* well that was supposed to be an hour... four later
* more nonsense
* carrying on with the conversion
* first pass through the conversion is DONE!
* less pub more better
* session storage works better, fixed some paths
* axum-csp version thing
* try a typedheader
* better openssl config things
* updating lockfile
* http2
* actually sending JSON when we say we will!
* just about to do something dumb
* flargl
* more yak shaving
* So many clippy-isms, fixing up a query handler bleep bloop
* So many clippy-isms, fixing up a query handler bleep bloop
* fmt
* all tests pass including basic web logins and nav
* so much clippyism
* stripping out old comments
* fmt
* commenty things
* stripping out tide
* updates
* de-tiding things
* fmt
* adding optional header matching ,thanks @cuberoot74088
* oauth2 stuff to match #1807 but in axum
* CLIPPY IS FINALLY SATED
* moving scim from /v1/scim to /scim
* one day clippy will make sense
* cleanups
* removing sketching middleware
* cleanup, strip a broken test endpoint (routemap), more clippy
* docs fmt
* pulling axum-csp from the wrong cargo.toml
* docs fmt
* fmt fixes
 2023-07-05 22:26:39 +10:00
Firstyear 17fa61ceeb
Add client UX for redirecting to an external portal for synced accounts (#1791) 2023-07-05 09:13:06 +10:00
Firstyear 9d462b4b00
Add cors policy (#1807) 2023-07-04 19:20:31 +10:00
Firstyear 83e4d3a85e
Improve durability of migrations (#1804) 2023-07-03 12:20:11 +10:00
James Hodgkinson cd7f1781ad
clippy-izing an unsafe in pam (#1795) 2023-07-03 11:13:45 +10:00
James Hodgkinson 3e4c8f6241
Fixing the kanidmd healthcheck (#1789) 
* fixing the health check
* fixing pages while I am here
* flipping options like I flip burgers
* using the config-supplied cert
 2023-06-28 19:41:24 +10:00
Sebastiano Tocci 9a3c12a79d
Name change history (#1727) 2023-06-28 18:34:44 +10:00
James Hodgkinson cc1cc691f3
Started chasing noise, found some code to delete... (#1768) 
logging changes:

* Offering auth mechanisms -> debug
* 404's aren't really warnings
* double tombstone message, one goes to debug

other changes:

* CSP changes to allow the bootstrap images to load
* more testing javascriptfile things, I R 
* it's nice to know where things are
* putting non-rust web things in static/ instead of src/
* RequestCredentials::SameOrigin is the default, also adding a utility function to save dupe code. Wow this saved... kilobytes.
* removing commented code, fixing up codespell config
* clippyisms
* wtf, gha
* dee-gloo-ing some things
* adding some ubuntu build test things
* sigh rustwasm/wasm-pack/issues/1138
* more do_request things
* packaging things
* hilarious dev env setup script
* updated script works, all the UI works, including the experimental UI for naughty crabs
* deb package fixes
* fixed some notes
* setup experimental UI tweaks
 2023-06-27 11:38:22 +10:00
Firstyear a20dd3b113
Remove r2d2 - sad beep noises (#1766) 2023-06-24 16:15:31 +10:00
James Hodgkinson f25bd5bb65
Kanidmd is a bit noisy (#1765) 
* the log_level config option works in kanidmd now
* anon event -> debug
* some more debuggy things
* removing some dupe events for the same thing
 2023-06-24 15:56:01 +10:00
Firstyear d5670d0add
Ux improvements - Allow enrolling other devices (#1764) 2023-06-24 12:24:13 +10:00
Firstyear f3080df628
Implement tpm binding of cached password hashes (#1754) 2023-06-21 20:33:01 +10:00
Firstyear 4725d625af
Remove scripts that are no longer required (#1759) 2023-06-21 15:52:19 +10:00
James Hodgkinson 41d8fece68
OAuth2 secret JSON (#1758) 
* clippyisms
* adding JSON support for oauth2 show-basic-token, slight refactor on OutputMode
 2023-06-21 13:53:22 +10:00
Firstyear 8d2565773e
Resolve codespell issues (#1753) 2023-06-20 13:19:21 +10:00
Firstyear 8b331325ae
Add tls generator to main kanidmd (#1743) 2023-06-19 20:51:44 +10:00
Firstyear 6513fae5e2
1737 1739 sync - map uidnumbers mail (#1741) 2023-06-16 19:15:36 +10:00
Firstyear c65be8174a
Add support for argon2id (#1736) 2023-06-16 13:26:05 +10:00
Firstyear a77a7aa2a4
20230614 unix account security - move account name deny to unixd (#1733) 2023-06-15 13:24:53 +10:00
Sebastiano Tocci 76cee8cecb
fixed return value of add_ava_int (#1735) 2023-06-14 21:28:43 +10:00
Sebastiano Tocci cc5f21eee5
added pre_cand entries to both pre_modify and pre_batch_modify plugin functions (#1732) 2023-06-13 19:46:41 +10:00
Firstyear 0eaab19775
20230608 ldap sync (#1728) 2023-06-13 14:26:50 +10:00
Firstyear c5c483be98
Add acp allowing service accounts to clear their own sessions (#1731) 2023-06-13 14:10:28 +10:00
Firstyear 8cd45eaa35
Declare when no applications are available (#1730) 2023-06-13 11:11:43 +10:00
Firstyear 38f8ab2f99
Fix ip addr parse (#1729) 2023-06-13 11:11:27 +10:00
James Hodgkinson 18fe86db26
X-Forwarded-For catcher - improve ip addr parsing (#1725) 2023-06-12 12:14:34 +10:00
Firstyear 0ba4aec86b
Absolutely minimal implementation (#1711) 
* Absolutely minimal implementation

* Add support for ip address to audit event
 2023-06-08 20:17:46 +10:00
Firstyear 152bf95e71
Add further incremental replication tests (#1707) 2023-06-07 14:14:43 +10:00
Firstyear 6862a529ab
Improve diagnostic and docs of ldap bind requiring posix password (#1702) 2023-06-05 22:08:16 +10:00
Sebastiano Tocci 1c1b54df86
Crono expression parser fix (#1682) 2023-06-03 13:07:29 +10:00
Firstyear 10fa229cf1
Resolve ability to delete ssh keys with spaces in tags (#1674) 2023-05-29 16:11:00 +10:00
Firstyear 8a548fe13e
20230526 incremental replication improvements (#1659) 
* Improve refresh ruv checking
* Expand comments for tests, add basic attribute merge statemachine
 2023-05-29 08:53:27 +10:00
Firstyear 2752965de1
Add more replication tests, improve some handling of tombstones. (#1656) 2023-05-26 12:18:53 +10:00
Firstyear 0a16434bdc
during service account recovery, remove incompatible credentials (#1650) 2023-05-25 10:47:39 +10:00
James Hodgkinson fcab605320
Time travelling (#1648) 
* yeet the time package into the future (updating min time version to 0.3.21)
* CI change to catch web ui builds in future, updating SCIM requirements
* removing allow deprecated flag
* making references to rfc3339 formatter shorter
* clippyisms
* fmt
 2023-05-25 08:25:16 +10:00
Firstyear 48c620e43a
20230508 replication incremental (#1620) 2023-05-23 13:25:22 +10:00
James Hodgkinson 6e559a2eb4
fixing up some spelling errors (#1618) 2023-05-11 08:30:13 +10:00
Firstyear 6afb15ca92
20230505 replication groundwork - ruv consistency improvements (#1606) 2023-05-08 18:25:27 +10:00
Firstyear 125f138a50
20230506 ignore some references (#1600) 
* Self heal from some invalid ref type issues
 2023-05-06 23:09:38 +10:00
Firstyear d9b79ba6d1
Harden migrate session to prevent duplicate migration errors (#1599) 2023-05-06 22:56:52 +10:00
Firstyear 8eb031424a
Start next dev cycle (#1589) 2023-05-01 12:33:12 +10:00
Firstyear bcdbb1837a
Release 1.1.0-alpha.12 (#1588) 2023-05-01 11:07:44 +10:00
Firstyear ca5ed43b5d
Correctly prevent start up when https sockets in use (#1579) 2023-04-28 19:36:47 +10:00
Firstyear 1974d27dd8
Filter rdns and dns for ldap filters (#1576) 2023-04-27 22:37:44 +10:00
Firstyear 49a767179c
Cleanup incorrect log errors of denied entries (#1577) 2023-04-27 15:38:45 +10:00
Firstyear 33f0034b80
20230424 clippppppppppppyyyyyyyy (#1574) 
* Resolve a lot of clips
 2023-04-26 21:55:42 +10:00
Firstyear c670069db1
Add exclusive process lock to Kanidm to prevent accidental duplicate commands. (#1575) 2023-04-26 21:09:18 +10:00
Firstyear ea57b7e990
Improve user experince of refreshing with intent tokens during cred update (#1556) 2023-04-24 09:47:34 +10:00
Firstyear db8cf8883b
Fix incompatible future warnings by removing older crates (#1554) 2023-04-20 15:49:51 +10:00
Firstyear 155c93c931
20230330 oauth2 refresh tokens (#1502) 2023-04-20 08:34:21 +10:00
MinhPhan8803 3e860feb13
AuthSession non empty vec part 2 (#1543) 2023-04-18 10:19:52 +10:00
Firstyear 68b8bf71fb
Improve unicode control character detection (#1539) 2023-04-12 15:53:02 +10:00
MinhPhan8803 bd1215299a
Authsession non empty vec (#1522) 2023-04-08 10:00:45 +10:00
dependabot[bot] 9fa3e4b889
chore(deps): bump syn from 1.0.109 to 2.0.10 (#1499) 
* chore(deps): bump syn from 1.0.109 to 2.0.10

Bumps [syn](https://github.com/dtolnay/syn) from 1.0.109 to 2.0.10.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/1.0.109...2.0.10)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* minor fixes to support new syn version

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-03-30 16:35:10 +10:00
MinhPhan8803 f5fbf43991
Be non empty vec (#1501) 2023-03-30 11:41:52 +10:00
Firstyear c1f62674f5
1496 ldap basedn config (#1500) 2023-03-29 09:34:43 +10:00
Firstyear 2095efe45d
Improve string validation (#1497) 2023-03-28 12:42:06 +10:00
Firstyear 4718f2dc6b
1115 priv (reauth, sudo) mode (#1479) 2023-03-27 11:38:09 +10:00
MinhPhan8803 00f36f280e
Server daemon logging and exit codes (#1475) 2023-03-23 14:35:42 +10:00
James Hodgkinson 6d2b7dd504
Image fixes in the build (#1441) 
* Crabs were not waving - Fixes #1440
* codespell fixes
 2023-03-13 10:41:16 +10:00
Sebastiano Tocci 36f1efa559
User auth token session display implementation (#1415) 
* removed old todo from #62
* implemented proper display for user_auth_token_session
* auth-token-session display fixes
* updated contributors list

---------

Co-authored-by: Firstyear <william@blackhats.net.au>
 2023-03-07 14:33:51 +10:00
James Hodgkinson 5573ab9224
RADIUS container fixes (#1424) 2023-03-07 11:50:45 +10:00
Firstyear ff78dc8f38
Hopefully fix exp issues by making it a stable part of the access token. (#1434) 2023-03-06 16:17:19 +10:00
dependabot[bot] 113258d523
chore(deps): bump base64 from 0.13.1 to 0.21.0 (#1350) 
* chore(deps): bump base64 from 0.13.1 to 0.21.0

Bumps [base64](https://github.com/marshallpierce/rust-base64) from 0.13.1 to 0.21.0.
- [Release notes](https://github.com/marshallpierce/rust-base64/releases)
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md)
- [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.13.1...v0.21.0)

---
updated-dependencies:
- dependency-name: base64
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* base64 fixes

* fmt fixes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-03-06 13:57:21 +10:00
Firstyear 0e57b6f914
1399 some async cleanup (#1421) 
* More cleanerer
* More async!
* Fix up tests
 2023-03-03 17:53:54 +10:00
Christopher Acosta 3c3e8b1e82
Web UI: Sort group memberships of profile (#1410) 2023-03-03 09:21:26 +10:00
Firstyear e33beea89d
1399 cleanup cli docs (#1413) 
* Cleanup cli args
* Update book
* Update wasm
* making the CI happy


---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2023-03-02 12:47:23 +10:00
Firstyear 00cca81012
1399 cleanup reorg (#1412) 2023-03-01 13:10:52 +10:00