mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2272 commits 17 branches 59 tags 246 MiB
Commit graph

475 commits

Author SHA1 Message Date
Merlijn 4e125b5043
Scim add EntryReference (#3079) 
Allow references to be displayed as a complex object
 2024-10-10 00:13:45 +00:00
Firstyear c779443454
Fix Increment Replication Post Upgrade (#3089) 2024-10-05 19:53:39 +10:00
Firstyear 131ff80b32
20240921 ssh keys and unix password in credential update session (#3056) 2024-10-03 05:57:18 +00:00
Merlijn 1778eaa380
[htmx] Make it harder to miss the save button on the cred update page (#3013) 2024-10-03 04:50:38 +00:00
Firstyear cc662f184a
20240925 cleanups (#3060) 2024-10-03 14:04:02 +10:00
CEbbinghaus d109622d71
Make good on some TechDebt (#3084) 
adds MissingClass & MissingAttribute OperationError kinds to more strongly type our error messages.
 2024-10-03 10:48:28 +10:00
CEbbinghaus dc4a438c31
Feat: Adding POSIX Password fallback (#3067) 
* Added Schema for credential fallback
* Added account polcity management to ac migration
* Refactored Ldap & Unix auth to be common
* removed unused methods and renamed unused fields
* Fixed LDAP missing Anonymous logic
* Added CLI argument for configuring primary cred fallback
 2024-10-02 19:28:36 +10:00
dependabot[bot] 2dbeeaaedb
Bump the all group across 1 directory with 13 updates (#3080) 
Bumps the all group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [async-trait](https://github.com/dtolnay/async-trait) | `0.1.82` | `0.1.83` |
| [axum](https://github.com/tokio-rs/axum) | `0.7.6` | `0.7.7` |
| [clap](https://github.com/clap-rs/clap) | `4.5.18` | `4.5.19` |
| [hyper-util](https://github.com/hyperium/hyper-util) | `0.1.8` | `0.1.9` |
| [libc](https://github.com/rust-lang/libc) | `0.2.158` | `0.2.159` |
| [pkg-config](https://github.com/rust-lang/pkg-config-rs) | `0.3.30` | `0.3.31` |
| [regex](https://github.com/rust-lang/regex) | `1.10.6` | `1.11.0` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.7` | `0.12.8` |
| [serde_with](https://github.com/jonasbb/serde_with) | `3.9.0` | `3.10.0` |
| [syn](https://github.com/dtolnay/syn) | `2.0.77` | `2.0.79` |
| [tempfile](https://github.com/Stebalien/tempfile) | `3.12.0` | `3.13.0` |
| [tower-http](https://github.com/tower-rs/tower-http) | `0.6.0` | `0.6.1` |
| [jsonschema](https://github.com/Stranger6667/jsonschema-rs) | `0.20.0` | `0.21.0` |



Updates `async-trait` from 0.1.82 to 0.1.83
- [Release notes](https://github.com/dtolnay/async-trait/releases)
- [Commits](https://github.com/dtolnay/async-trait/compare/0.1.82...0.1.83)

Updates `axum` from 0.7.6 to 0.7.7
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.7.6...axum-v0.7.7)

Updates `clap` from 4.5.18 to 4.5.19
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.18...clap_complete-v4.5.19)

Updates `hyper-util` from 0.1.8 to 0.1.9
- [Release notes](https://github.com/hyperium/hyper-util/releases)
- [Changelog](https://github.com/hyperium/hyper-util/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper-util/compare/v0.1.8...v0.1.9)

Updates `libc` from 0.2.158 to 0.2.159
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.159/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.158...0.2.159)

Updates `pkg-config` from 0.3.30 to 0.3.31
- [Changelog](https://github.com/rust-lang/pkg-config-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/pkg-config-rs/compare/0.3.30...0.3.31)

Updates `regex` from 1.10.6 to 1.11.0
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.6...1.11.0)

Updates `reqwest` from 0.12.7 to 0.12.8
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.7...v0.12.8)

Updates `serde_with` from 3.9.0 to 3.10.0
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.9.0...v3.10.0)

Updates `syn` from 2.0.77 to 2.0.79
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.77...2.0.79)

Updates `tempfile` from 3.12.0 to 3.13.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.12.0...v3.13.0)

Updates `tower-http` from 0.6.0 to 0.6.1
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.6.0...tower-http-0.6.1)

Updates `jsonschema` from 0.20.0 to 0.21.0
- [Release notes](https://github.com/Stranger6667/jsonschema-rs/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema-rs/compare/rust-v0.20.0...rust-v0.21.0)

---
updated-dependencies:
- dependency-name: async-trait
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: hyper-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pkg-config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: reqwest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-02 13:18:53 +10:00
Firstyear cf63c6b98b
Complete the implementation of the posix account cache (#3041) 
Allow caching and checking of shadow entries (passwords)
    Cache and serve system id's
    improve some security warnings
    prepare for multi-resolver
    Allow the kanidm provider to be not configured
    Allow group extension
 2024-10-02 02:12:13 +00:00
Firstyear 90afc8207c
20240926 tech debt (#3066) 
Large clean up
 2024-10-01 10:07:08 +10:00
Firstyear 23636acbf7
Fix migration of last mod cid (#3065) 2024-09-30 09:56:48 +00:00
Firstyear e4f5c2313d
Increase totp secret size (#3061) 2024-09-30 07:45:43 +00:00
dependabot[bot] 41ac21743a
Bump the all group with 8 updates (#3053) 
Bumps the all group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [axum](https://github.com/tokio-rs/axum) | `0.7.5` | `0.7.6` |
| [bytes](https://github.com/tokio-rs/bytes) | `1.7.1` | `1.7.2` |
| [clap](https://github.com/clap-rs/clap) | `4.5.17` | `4.5.18` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.26` | `4.5.29` |
| [axum-extra](https://github.com/tokio-rs/axum) | `0.9.3` | `0.9.4` |
| [axum-macros](https://github.com/tokio-rs/axum) | `0.4.1` | `0.4.2` |
| [tower-http](https://github.com/tower-rs/tower-http) | `0.5.2` | `0.6.0` |
| [jsonschema](https://github.com/Stranger6667/jsonschema-rs) | `0.19.1` | `0.20.0` |


Updates `axum` from 0.7.5 to 0.7.6
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.7.5...axum-v0.7.6)

Updates `bytes` from 1.7.1 to 1.7.2
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.7.1...v1.7.2)

Updates `clap` from 4.5.17 to 4.5.18
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.17...clap_complete-v4.5.18)

Updates `clap_complete` from 4.5.26 to 4.5.29
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.26...clap_complete-v4.5.29)

Updates `axum-extra` from 0.9.3 to 0.9.4
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.9.3...axum-extra-v0.9.4)

Updates `axum-macros` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.4.1...axum-macros-v0.4.2)

Updates `tower-http` from 0.5.2 to 0.6.0
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.5.2...tower-http-0.6.0)

Updates `jsonschema` from 0.19.1 to 0.20.0
- [Release notes](https://github.com/Stranger6667/jsonschema-rs/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema-rs/compare/rust-v0.19.1...rust-v0.20.0)

---
updated-dependencies:
- dependency-name: axum
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tower-http
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-23 09:37:42 +10:00
Firstyear 6065f2db60
Add rfc7009 and rfc7662 metadata to oidc discovery (#3046) 2024-09-17 03:35:43 +00:00
James Hodgkinson 4cbec48307
More openapi tweaks (#3038) 2024-09-17 13:01:54 +10:00
dependabot[bot] a2cdb810a2
Bump the all group with 6 updates (#3044) 
Bumps the all group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [anyhow](https://github.com/dtolnay/anyhow) | `1.0.87` | `1.0.89` |
| [hyper-util](https://github.com/hyperium/hyper-util) | `0.1.7` | `0.1.8` |
| selinux | `0.4.5` | `0.4.6` |
| [tokio-openssl](https://github.com/tokio-rs/tokio-openssl) | `0.6.4` | `0.6.5` |
| [tower](https://github.com/tower-rs/tower) | `0.5.0` | `0.5.1` |
| [jsonschema](https://github.com/Stranger6667/jsonschema-rs) | `0.18.1` | `0.19.1` |


Updates `anyhow` from 1.0.87 to 1.0.89
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.87...1.0.89)

Updates `hyper-util` from 0.1.7 to 0.1.8
- [Release notes](https://github.com/hyperium/hyper-util/releases)
- [Changelog](https://github.com/hyperium/hyper-util/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper-util/compare/v0.1.7...v0.1.8)

Updates `selinux` from 0.4.5 to 0.4.6

Updates `tokio-openssl` from 0.6.4 to 0.6.5
- [Release notes](https://github.com/tokio-rs/tokio-openssl/releases)
- [Commits](https://github.com/tokio-rs/tokio-openssl/compare/0.6.4...0.6.5)

Updates `tower` from 0.5.0 to 0.5.1
- [Release notes](https://github.com/tower-rs/tower/releases)
- [Commits](https://github.com/tower-rs/tower/compare/tower-0.5.0...tower-0.5.1)

Updates `jsonschema` from 0.18.1 to 0.19.1
- [Release notes](https://github.com/Stranger6667/jsonschema-rs/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema-rs/compare/rust-v0.18.1...rust-v0.19.1)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: hyper-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: selinux
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tokio-openssl
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tower
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-15 22:39:49 +00:00
Firstyear d3891e301f
20240810 SCIM entry basic (#3032) 2024-09-12 12:53:43 +10:00
Firstyear f053ff7fba
CreatedAt/ModifiedAt fix (#3034) 
* fix(repl): CreatedAt/ModifiedAt attributes
 2024-09-12 11:42:16 +10:00
Firstyear 938ad90f3b
20240906 Attribute as an Enum Type (#3025) 
Changes attribute from a string to an enum - this provides many performance improvements and memory savings throughout the server.
 2024-09-09 00:53:10 +00:00
Wei Jian Gan 72393996a7
Credentials page/Self cred update flow UI improvements (#3012) 2024-09-07 14:56:58 +10:00
Firstyear 95fc6fc5bf
20240828 Support Larger Images, Allow Custom Domain Icons (#3016) 
Allow setting custom domain icons.
 2024-09-05 04:19:27 +00:00
Firstyear e5a5de8de3
MemberOf in search implies DirectMemberOf (#3024) 2024-09-04 22:19:40 +10:00
Adam C. Stephens 1161da69ef
generate completions for elvish and fish (#3015) 2024-09-03 23:50:59 +00:00
dependabot[bot] 399a1c0c52
Bump the all group with 4 updates (#3021) 
Bumps the all group with 4 updates: [lodepng](https://github.com/kornelski/lodepng-rust), [syn](https://github.com/dtolnay/syn), [tokio](https://github.com/tokio-rs/tokio) and [fantoccini](https://github.com/jonhoo/fantoccini).


Updates `lodepng` from 3.10.5 to 3.10.6
- [Commits](https://github.com/kornelski/lodepng-rust/commits)

Updates `syn` from 2.0.76 to 2.0.77
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.76...2.0.77)

Updates `tokio` from 1.39.3 to 1.40.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.39.3...tokio-1.40.0)

Updates `fantoccini` from 0.21.1 to 0.21.2
- [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.1...v0.21.2)

---
updated-dependencies:
- dependency-name: lodepng
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: fantoccini
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-01 22:34:55 +00:00
Firstyear 0fac1f301e
20240820 SCIM value (#2992) 
Add the basics of scim value serialisation to entries.
 2024-08-29 11:38:00 +10:00
James Hodgkinson 413ef9210a
fix(daemon): handling IPv6 addresses in healthcheck (#3004) 
* fix(daemon): handling IPv6 addresses propertly in healthcheck Fixes #3002
 2024-08-28 08:33:08 +00:00
James Hodgkinson 0e352cf47c
fix(webui): Javascript errors after server-side update blocking login. Fixed after cache invalidating (#3011) 2024-08-28 13:07:14 +10:00
James Hodgkinson 3eae7be0bb
OAuth2 Token Type (#3008) 
* fix(OAuth2): Invalid `token_type` for token introspection
Fixes #3005

* fix(aut): `assert_eq` instead of `assert ==`

* fix(OAuth2): IANA registry access token types

* fix(OAuth2): deserialize case insensitively
 2024-08-25 23:30:20 +00:00
dependabot[bot] 86dec89286
Bump the all group with 8 updates (#3006) 
Bumps the all group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.18` | `4.5.23` |
| [libc](https://github.com/rust-lang/libc) | `0.2.157` | `0.2.158` |
| [quote](https://github.com/dtolnay/quote) | `1.0.36` | `1.0.37` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.5` | `0.12.7` |
| [serde](https://github.com/serde-rs/serde) | `1.0.208` | `1.0.209` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.125` | `1.0.127` |
| [syn](https://github.com/dtolnay/syn) | `2.0.75` | `2.0.76` |
| [jsonschema](https://github.com/Stranger6667/jsonschema-rs) | `0.18.0` | `0.18.1` |


Updates `clap_complete` from 4.5.18 to 4.5.23
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.18...clap_complete-v4.5.23)

Updates `libc` from 0.2.157 to 0.2.158
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.158/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.157...0.2.158)

Updates `quote` from 1.0.36 to 1.0.37
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](https://github.com/dtolnay/quote/compare/1.0.36...1.0.37)

Updates `reqwest` from 0.12.5 to 0.12.7
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.5...v0.12.7)

Updates `serde` from 1.0.208 to 1.0.209
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.208...v1.0.209)

Updates `serde_json` from 1.0.125 to 1.0.127
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/1.0.125...1.0.127)

Updates `syn` from 2.0.75 to 2.0.76
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.75...2.0.76)

Updates `jsonschema` from 0.18.0 to 0.18.1
- [Release notes](https://github.com/Stranger6667/jsonschema-rs/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema-rs/compare/rust-v0.18.0...rust-v0.18.1)

---
updated-dependencies:
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: quote
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: reqwest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-26 07:36:12 +10:00
Firstyear c8b9ff3274
Spattering of oauth2 stuff (#3000) 
* fix(oauth2): refresh scope constraints
 2024-08-24 14:02:16 +10:00
Merlijn 87b20d22d1
feat: self cred update flow (#2995) 2024-08-23 04:05:32 +00:00
Firstyear 77938ed85f
Add missing group for application admin (#2991) 2024-08-21 16:58:31 +10:00
James Hodgkinson 7c3deab2c4
enforcen den clippen (#2990) 
* enforcen den clippen
* updating outdated oauth2-related docs
* sorry clippy, we tried
 2024-08-21 00:32:56 +00:00
Firstyear fbfea05c6c
20240817 group mail acp (#2982) 2024-08-21 09:59:50 +10:00
Firstyear 239f4594dd
20240810 application passwords (#2968) 
Add the server side components for application passwords. This adds the needed datatypes and handling via the ldap components.

Admin tools will be in a follow up PR. 

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Co-authored-by: Samuel Cabrero <scabrero@suse.de>
 2024-08-20 06:44:37 +00:00
dependabot[bot] 9f4cc984db
Bump the all group with 17 updates (#2986) 
* Bump the all group with 17 updates


| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.5.15` | `4.5.16` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.14` | `4.5.18` |
| [concread](https://github.com/kanidm/concread) | `0.5.2` | `0.5.3` |
| [js-sys](https://github.com/rustwasm/wasm-bindgen) | `0.3.69` | `0.3.70` |
| [ldap3_client](https://github.com/kanidm/ldap3) | `0.5.0` | `0.5.1` |
| [ldap3_proto](https://github.com/kanidm/ldap3) | `0.5.0` | `0.5.1` |
| [libc](https://github.com/rust-lang/libc) | `0.2.155` | `0.2.157` |
| [lodepng](https://github.com/kornelski/lodepng-rust) | `3.10.4` | `3.10.5` |
| [serde](https://github.com/serde-rs/serde) | `1.0.206` | `1.0.208` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.124` | `1.0.125` |
| [syn](https://github.com/dtolnay/syn) | `2.0.74` | `2.0.75` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.39.2` | `1.39.3` |
| [wasm-bindgen](https://github.com/rustwasm/wasm-bindgen) | `0.2.92` | `0.2.93` |
| [wasm-bindgen-futures](https://github.com/rustwasm/wasm-bindgen) | `0.4.42` | `0.4.43` |
| [wasm-bindgen-test](https://github.com/rustwasm/wasm-bindgen) | `0.3.42` | `0.3.43` |
| [web-sys](https://github.com/rustwasm/wasm-bindgen) | `0.3.69` | `0.3.70` |
| [tower](https://github.com/tower-rs/tower) | `0.4.13` | `0.5.0` |


Updates `clap` from 4.5.15 to 4.5.16
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.15...clap_complete-v4.5.16)

Updates `clap_complete` from 4.5.14 to 4.5.18
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.14...clap_complete-v4.5.18)

Updates `concread` from 0.5.2 to 0.5.3
- [Commits](https://github.com/kanidm/concread/commits)

Updates `js-sys` from 0.3.69 to 0.3.70
- [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
- [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/wasm-bindgen/commits)

Updates `ldap3_client` from 0.5.0 to 0.5.1
- [Changelog](https://github.com/kanidm/ldap3/blob/master/RELEASE_NOTES.md)
- [Commits](https://github.com/kanidm/ldap3/commits)

Updates `ldap3_proto` from 0.5.0 to 0.5.1
- [Changelog](https://github.com/kanidm/ldap3/blob/master/RELEASE_NOTES.md)
- [Commits](https://github.com/kanidm/ldap3/commits)

Updates `libc` from 0.2.155 to 0.2.157
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.157/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.155...0.2.157)

Updates `lodepng` from 3.10.4 to 3.10.5
- [Commits](https://github.com/kornelski/lodepng-rust/compare/v3.10.4...v3.10.5)

Updates `serde` from 1.0.206 to 1.0.208
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.206...v1.0.208)

Updates `serde_json` from 1.0.124 to 1.0.125
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.124...1.0.125)

Updates `syn` from 2.0.74 to 2.0.75
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.74...2.0.75)

Updates `tokio` from 1.39.2 to 1.39.3
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.39.2...tokio-1.39.3)

Updates `wasm-bindgen` from 0.2.92 to 0.2.93
- [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
- [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/wasm-bindgen/compare/0.2.92...0.2.93)

Updates `wasm-bindgen-futures` from 0.4.42 to 0.4.43
- [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
- [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/wasm-bindgen/commits)

Updates `wasm-bindgen-test` from 0.3.42 to 0.3.43
- [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
- [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/wasm-bindgen/commits)

Updates `web-sys` from 0.3.69 to 0.3.70
- [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
- [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/wasm-bindgen/commits)

Updates `tower` from 0.4.13 to 0.5.0
- [Release notes](https://github.com/tower-rs/tower/releases)
- [Commits](https://github.com/tower-rs/tower/compare/tower-0.4.13...tower-0.5.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: concread
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: js-sys
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ldap3_client
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ldap3_proto
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: lodepng
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: wasm-bindgen
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: wasm-bindgen-futures
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: wasm-bindgen-test
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: web-sys
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tower
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>

* updates to source/packages

* making the nightly build happy

* making the nightly build happy

* making the nightly build happy

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-08-19 23:22:23 +10:00
Firstyear 36b6fda787
Mail substr index (#2981) 2024-08-18 02:49:24 +00:00
Wei Jian Gan d1e5426de2
[HTMX] small profile improvements (#2974) 2024-08-16 02:29:43 +00:00
dependabot[bot] 802becd8b3
Bump the all group across 1 directory with 10 updates (#2966) 
Bumps the all group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.5.13` | `4.5.15` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.12` | `4.5.14` |
| [filetime](https://github.com/alexcrichton/filetime) | `0.2.23` | `0.2.24` |
| [hyper-util](https://github.com/hyperium/hyper-util) | `0.1.6` | `0.1.7` |
| [lodepng](https://github.com/kornelski/lodepng-rust) | `3.10.3` | `3.10.4` |
| [serde](https://github.com/serde-rs/serde) | `1.0.204` | `1.0.206` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.122` | `1.0.124` |
| [syn](https://github.com/dtolnay/syn) | `2.0.72` | `2.0.74` |
| [tempfile](https://github.com/Stebalien/tempfile) | `3.11.0` | `3.12.0` |
| [assert_cmd](https://github.com/assert-rs/assert_cmd) | `2.0.15` | `2.0.16` |



Updates `clap` from 4.5.13 to 4.5.15
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.13...v4.5.15)

Updates `clap_complete` from 4.5.12 to 4.5.14
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.12...clap_complete-v4.5.14)

Updates `filetime` from 0.2.23 to 0.2.24
- [Commits](https://github.com/alexcrichton/filetime/compare/0.2.23...0.2.24)

Updates `hyper-util` from 0.1.6 to 0.1.7
- [Release notes](https://github.com/hyperium/hyper-util/releases)
- [Changelog](https://github.com/hyperium/hyper-util/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper-util/compare/v0.1.6...v0.1.7)

Updates `lodepng` from 3.10.3 to 3.10.4
- [Commits](https://github.com/kornelski/lodepng-rust/compare/v3.10.3...v3.10.4)

Updates `serde` from 1.0.204 to 1.0.206
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.204...v1.0.206)

Updates `serde_json` from 1.0.122 to 1.0.124
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.122...v1.0.124)

Updates `syn` from 2.0.72 to 2.0.74
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.72...2.0.74)

Updates `tempfile` from 3.11.0 to 3.12.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/commits)

Updates `assert_cmd` from 2.0.15 to 2.0.16
- [Changelog](https://github.com/assert-rs/assert_cmd/blob/master/CHANGELOG.md)
- [Commits](https://github.com/assert-rs/assert_cmd/compare/v2.0.15...v2.0.16)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: filetime
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: hyper-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: lodepng
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: assert_cmd
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-12 12:58:35 +00:00
Merlijn f1dfbcc253
[HTMX] User settings (#2929) 
* Initial structure of user settings in htmx
 2024-08-12 17:20:50 +10:00
James Hodgkinson 3cbda02aa8
Docs updates (#2961) 2024-08-10 09:30:51 +00:00
cuberoot74088 eee2df8894
Improve migration error message (#2959) 
In this migration we have checked for legacy security_keys and not gid. This makes it easier for users to understand what the issue is.
 2024-08-08 21:43:03 +00:00
James Hodgkinson d512954fe6
Docker-and-docs-fixes (#2954) 
* removing VOLUME entry from server container

* link fixing

* link fixing in docs
 2024-08-05 00:27:45 +00:00
dependabot[bot] 02342659a2
Bump the all group with 10 updates (#2953) 
Bumps the all group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [bytes](https://github.com/tokio-rs/bytes) | `1.6.1` | `1.7.1` |
| [clap](https://github.com/clap-rs/clap) | `4.5.11` | `4.5.13` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.11` | `4.5.12` |
| [lodepng](https://github.com/kornelski/lodepng-rust) | `3.10.2` | `3.10.3` |
| [lru](https://github.com/jeromefroe/lru-rs) | `0.12.3` | `0.12.4` |
| [regex](https://github.com/rust-lang/regex) | `1.10.5` | `1.10.6` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.121` | `1.0.122` |
| [tempfile](https://github.com/Stebalien/tempfile) | `3.10.1` | `3.11.0` |
| [axum-server](https://github.com/programatik29/axum-server) | `0.6.0` | `0.7.1` |
| [fantoccini](https://github.com/jonhoo/fantoccini) | `0.21.0` | `0.21.1` |


Updates `bytes` from 1.6.1 to 1.7.1
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.6.1...v1.7.1)

Updates `clap` from 4.5.11 to 4.5.13
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.11...v4.5.13)

Updates `clap_complete` from 4.5.11 to 4.5.12
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.11...clap_complete-v4.5.12)

Updates `lodepng` from 3.10.2 to 3.10.3
- [Commits](https://github.com/kornelski/lodepng-rust/compare/v3.10.2...v3.10.3)

Updates `lru` from 0.12.3 to 0.12.4
- [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jeromefroe/lru-rs/compare/0.12.3...0.12.4)

Updates `regex` from 1.10.5 to 1.10.6
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.5...1.10.6)

Updates `serde_json` from 1.0.121 to 1.0.122
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.121...v1.0.122)

Updates `tempfile` from 3.10.1 to 3.11.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.10.1...v3.11.0)

Updates `axum-server` from 0.6.0 to 0.7.1
- [Release notes](https://github.com/programatik29/axum-server/releases)
- [Changelog](https://github.com/programatik29/axum-server/blob/master/CHANGELOG.md)
- [Commits](https://github.com/programatik29/axum-server/compare/v0.6.0...v0.7.1)

Updates `fantoccini` from 0.21.0 to 0.21.1
- [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.0...v0.21.1)

---
updated-dependencies:
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: lodepng
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: lru
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: axum-server
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: fantoccini
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-04 14:57:19 -07:00
Firstyear 3ae8453375
In honour of SebaT, error on db lock acq timeout (#2947) 2024-08-02 09:29:46 +10:00
Firstyear 1fbe65b351
Add measurement of lock acquisition (#2946) 2024-08-01 01:43:55 +00:00
Merlijn f82a52de3b
[htmx] Credential Update page (#2897) 
Implement credential update page in HTMX

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-08-01 01:17:14 +00:00
Firstyear 329750981e
Update to 1.4.0-dev (#2943) 2024-08-01 00:02:11 +10:00
dependabot[bot] b669a681f1
Bump the all group across 1 directory with 9 updates (#2938) 
Bumps the all group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.5.9` | `4.5.11` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.8` | `4.5.11` |
| [peg](https://github.com/kevinmehall/rust-peg) | `0.8.3` | `0.8.4` |
| selinux | `0.4.4` | `0.4.5` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.120` | `1.0.121` |
| [syn](https://github.com/dtolnay/syn) | `2.0.71` | `2.0.72` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.38.1` | `1.39.2` |
| [assert_cmd](https://github.com/assert-rs/assert_cmd) | `2.0.14` | `2.0.15` |
| [escargot](https://github.com/crate-ci/escargot) | `0.5.11` | `0.5.12` |



Updates `clap` from 4.5.9 to 4.5.11
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.9...clap_complete-v4.5.11)

Updates `clap_complete` from 4.5.8 to 4.5.11
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.8...clap_complete-v4.5.11)

Updates `peg` from 0.8.3 to 0.8.4
- [Release notes](https://github.com/kevinmehall/rust-peg/releases)
- [Commits](https://github.com/kevinmehall/rust-peg/compare/0.8.3...0.8.4)

Updates `selinux` from 0.4.4 to 0.4.5

Updates `serde_json` from 1.0.120 to 1.0.121
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.120...v1.0.121)

Updates `syn` from 2.0.71 to 2.0.72
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.71...2.0.72)

Updates `tokio` from 1.38.1 to 1.39.2
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.38.1...tokio-1.39.2)

Updates `assert_cmd` from 2.0.14 to 2.0.15
- [Changelog](https://github.com/assert-rs/assert_cmd/blob/master/CHANGELOG.md)
- [Commits](https://github.com/assert-rs/assert_cmd/compare/v2.0.14...v2.0.15)

Updates `escargot` from 0.5.11 to 0.5.12
- [Changelog](https://github.com/crate-ci/escargot/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/escargot/compare/v0.5.11...v0.5.12)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: peg
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: selinux
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: assert_cmd
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: escargot
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-29 12:02:59 +10:00
James Hodgkinson 9f7c8310eb
fixing println bug (#2935) 
* fixing println bug

* fixing schema requirement for OpenAPI

* moar scim

* moar OpenAPI

* schema all the things
 2024-07-27 10:01:21 +10:00
James Hodgkinson 5313c5ffdc
Reorganising the daemon startup so it doesn't fail with OTEL configured (#2934) 2024-07-26 07:28:35 +00:00
James Hodgkinson 2a7a009482
clippying all the things (#2931) 
* clippying all the things
 2024-07-26 07:02:37 +00:00
Firstyear 21d3f82aa1
Add scim proto to kanidm, refactor to improve serde performance. (#2933) 2024-07-26 15:54:28 +10:00
James Hodgkinson e1a1bff94d
Docs rework (#2919) 
* more markdowny linty things
* Fixes #2572 by replacing mdbook-template with github-flavoured and more markdowny alerts
 2024-07-23 02:21:56 +00:00
Firstyear da7ed77dfa
Substring Indexing (#2905) 2024-07-20 03:12:49 +00:00
Firstyear a695e0d75f
Oauth2 in htmx (#2912) 
* Apply suggestions from code review

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-07-20 02:30:06 +00:00
Firstyear c7fcdc3e4e
Strict redirect URL enforcement (#2917) 
Add strict OAuth2 URL enforcement per the RFC. This includes a transition process for the next release so that Admins can come into compliance.
 2024-07-20 02:09:50 +00:00
Alin Trăistaru 562f352516
fix typos (#2908) 
* fix typos and misspellings
* use proper capitalization
* Apply suggestions from code review
---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-07-18 03:22:20 +00:00
Firstyear faef3d0a4b
Fix issues with suspend reported by himmelblau (#2911) 2024-07-17 10:33:04 +10:00
James Hodgkinson eddec88429
making the internals of kanidmclientconfig public for other users (#2895) 
* making the internals of kanidmclientconfig public for other users
* clippyisms
 2024-07-15 10:28:23 +00:00
Firstyear bf73332088
enable build htmx in docker (#2893) 2024-07-15 08:06:15 +00:00
Firstyear 966e26f874
Fixes the logout flow in htmx and improves the login error dialog (#2889) 2024-07-15 07:34:01 +00:00
Firstyear d7a5097527
htmx logout tidy up (#2884) 2024-07-15 07:11:00 +00:00
Firstyear d0e57442d2
Tidy up replication poll interval (#2883) 2024-07-15 06:16:24 +00:00
dependabot[bot] 404f9de47e
Bump the all group with 8 updates (#2899) 
Bumps the all group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [bytes](https://github.com/tokio-rs/bytes) | `1.6.0` | `1.6.1` |
| [clap](https://github.com/clap-rs/clap) | `4.5.8` | `4.5.9` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.7` | `4.5.8` |
| [hyper](https://github.com/hyperium/hyper) | `1.4.0` | `1.4.1` |
| [serde_with](https://github.com/jonasbb/serde_with) | `3.8.3` | `3.9.0` |
| [syn](https://github.com/dtolnay/syn) | `2.0.69` | `2.0.71` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.9.1` | `1.10.0` |
| [fantoccini](https://github.com/jonhoo/fantoccini) | `0.19.3` | `0.21.0` |


Updates `bytes` from 1.6.0 to 1.6.1
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.6.0...v1.6.1)

Updates `clap` from 4.5.8 to 4.5.9
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.8...v4.5.9)

Updates `clap_complete` from 4.5.7 to 4.5.8
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.7...clap_complete-v4.5.8)

Updates `hyper` from 1.4.0 to 1.4.1
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper/compare/v1.4.0...v1.4.1)

Updates `serde_with` from 3.8.3 to 3.9.0
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.8.3...v3.9.0)

Updates `syn` from 2.0.69 to 2.0.71
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.69...2.0.71)

Updates `uuid` from 1.9.1 to 1.10.0
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.9.1...1.10.0)

Updates `fantoccini` from 0.19.3 to 0.21.0
- [Commits](https://github.com/jonhoo/fantoccini/compare/v0.19.3...v0.21.0)

---
updated-dependencies:
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: hyper
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: fantoccini
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-07-14 15:22:08 -07:00
Firstyear a4a06c1172
Add a migration for future versions that will notify and warn about the removal of security keys. (#2885) 2024-07-12 02:19:43 +00:00
Firstyear 5af33ade0a
Update mtls cert lifetime (#2886) 2024-07-10 21:35:24 +00:00
Merlijn 33ca757bed
[htmx] Apps page (#2868) 
* Add htmx Apps page with halfworking navbar

Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-07-10 12:07:11 +10:00
Firstyear b1480e36f0
20240703 htmx (#2870) 
Complete the remainder of the HTMX rewrite of the login page.
 2024-07-07 03:36:47 +00:00
Merlijn 4795541719
Offer configuration of images for Oauth2 resources (#2665) 2024-07-06 12:25:55 +10:00
Firstyear f9a77ee1f3
2818 2511 oauth2 urls (#2867) 
* Allow multiple origins
* Docs
* Capitalization 'n stuff

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-07-05 23:17:26 +00:00
Firstyear 3ec9b320a1
20240620 htmx (#2854) 
* progress
* Okay, main swap works and can login with pw+totp
* Feedback
* bypassing docs tests temporarily
 2024-07-02 10:59:06 +00:00
Firstyear b58370adc8
Configurable thread count (#2847) 
* added `thread_count` configuration for the server
* added `thread_count` to orca

---------

Co-authored-by: Sebastiano Tocci <sebastiano.tocci@proton.me>
 2024-06-21 11:47:36 +10:00
Firstyear 10e15fd6b3
20240613 performance improvements (#2844) 
Thanks to @Seba-T's work with Orca, we were able to identify a number of performance issues in certain high load conditions.

This commit contains fixes for the following issues

* Unbounded Memory Growth - due to how ARCache works, to maintain temporal consistency it must retain copies of keys (not values) in a special data set for tracking. The Filter Resolve Cache was using unresolved filters as keys. This caused memory explosions when refint or memberof were updating a group with a large number of members because they would emit a query with hundreds of filter terms that would only be used once and never again, causing the ARCache haunted set to grow without bound. To limit this, we no longer cache large/complex queries for resolution, and in future we may implement some other methods to reduce this like sha256/hmac of the queries.

* When creating a new account, dyngroups would be engaged to add the account as a member due to the matching scope. However the change to the dyngroup was triggering an update of all the dyngroups *members* related memberof attributes. This would mean that adding an account would trigger every other account to be loaded an updated.

* When memberof would iterate over leaf entries and update them one at a time. This mean a large number of small fragmented queries in the case of a lot of leaf entries being updated. Now leaf entries are updated in a single stripe once groups are stabilised.

* Member of would always trigger it's members to always update. Instead, we should only update members where a difference is observed, or all members if the group's memberof itself has changed since this needs to propogate to all leaf entries. This significantly reduces the amount of writes and operations to examine the changed member of set.

* Referential integrity would examine all reference uuids on entries for validity rather than just the reference uuids that were altered within the transaction. This change means that only uuids that were *added* are validated during an operation. 

* During async write backs (delayed actions) these were performed one at a time. Instead, when possible this should be done in a single transaction as the write transaction caches all writes in memory until the commit meaning that by batching we reduce overall latency.

* In the server there can only be one write transaction and many readers. These are guarded by tokio semaphores that act as fair queues - first in gets the lock next. Due to the design of the server readers would be blocked on the *database* semaphore, and writers would block on the write semaphore and THEN the database semaphore. This arrangement was creating a situation which unfairly advantaged readers over writers, as any write would first have to become the head of it's queue, and then compete with all readers to access a db transaction. Instead, we now have a reader semaphore with size threads minus 1, clamped at a minimum of 1. This means that provided there are two or more threads, then a writer will *always* have a database handle available, and readers will pre-queue with each other before queueing on the db ticket. If there is only one thread, then writes and reads will alternate between each other fairly.
 2024-06-20 02:50:00 +00:00
Joshua M. Clulow e591b5f2cc
illumos support (#2838) 
* disable mimalloc on illumos, in part because it immediately segfaults,
  but also because we prefer libumem and link it into all Rust binaries

* switch from fs2 (unmaintained crate) to fs4 which provides the same
  interface and has wider platform support
 2024-06-15 05:20:11 +00:00
Firstyear 9c4e8bb90a
20240611 performance (#2836) 
While basking under the shade of the coolabah tree, I was overcome by an intense desire to improve the performance and memory usage of Kanidm.

This pr reduces a major source of repeated small clones, lowers default log level in testing, removes some trace fields that are both large and probably shouldn't be traced, and also changes some lto settings for release builds.
 2024-06-12 16:48:49 -07:00
dependabot[bot] ea7e52326d
Bump the all group across 1 directory with 5 updates (#2835) 
Bumps the all group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [clap](https://github.com/clap-rs/clap) | `4.5.4` | `4.5.7` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.2` | `4.5.5` |
| [regex](https://github.com/rust-lang/regex) | `1.10.4` | `1.10.5` |
| [url](https://github.com/servo/rust-url) | `2.5.0` | `2.5.1` |
| [escargot](https://github.com/crate-ci/escargot) | `0.5.10` | `0.5.11` |



Updates `clap` from 4.5.4 to 4.5.7
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.4...v4.5.7)

Updates `clap_complete` from 4.5.2 to 4.5.5
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.2...clap_complete-v4.5.5)

Updates `regex` from 1.10.4 to 1.10.5
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.10.4...1.10.5)

Updates `url` from 2.5.0 to 2.5.1
- [Release notes](https://github.com/servo/rust-url/releases)
- [Commits](https://github.com/servo/rust-url/compare/v2.5.0...v2.5.1)

Updates `escargot` from 0.5.10 to 0.5.11
- [Changelog](https://github.com/crate-ci/escargot/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/escargot/compare/v0.5.10...v0.5.11)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: url
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: escargot
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-11 07:47:49 -07:00
Firstyear bd6d9284c0
20240607 2417 piv (#2829) 
Add some more ground work for future PIV/x509 authentication.
 2024-06-11 00:54:57 +00:00
Daniil Egortsev 074646bcf3
fix: typos in OpenApi (#2827) 2024-06-10 17:37:19 +00:00
dependabot[bot] a3f66225de
Bump the all group with 7 updates (#2811) 
* Bump the all group with 7 updates

Bumps the all group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [kanidm-hsm-crypto](https://github.com/kanidm/hsm-crypto) | `0.1.6` | `0.2.0` |
| [base64](https://github.com/marshallpierce/rust-base64) | `0.21.7` | `0.22.1` |
| [lru](https://github.com/jeromefroe/lru-rs) | `0.8.1` | `0.12.3` |
| [proc-macro2](https://github.com/dtolnay/proc-macro2) | `1.0.84` | `1.0.85` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.37.0` | `1.38.0` |
| [axum-auth](https://github.com/owez/axum-auth) | `0.4.1` | `0.7.0` |
| [jsonschema](https://github.com/Stranger6667/jsonschema-rs) | `0.17.1` | `0.18.0` |


Updates `kanidm-hsm-crypto` from 0.1.6 to 0.2.0
- [Commits](https://github.com/kanidm/hsm-crypto/commits)

Updates `base64` from 0.21.7 to 0.22.1
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md)
- [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.21.7...v0.22.1)

Updates `lru` from 0.8.1 to 0.12.3
- [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jeromefroe/lru-rs/compare/0.8.1...0.12.3)

Updates `proc-macro2` from 1.0.84 to 1.0.85
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.84...1.0.85)

Updates `tokio` from 1.37.0 to 1.38.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.37.0...tokio-1.38.0)

Updates `axum-auth` from 0.4.1 to 0.7.0
- [Commits](https://github.com/owez/axum-auth/commits)

Updates `jsonschema` from 0.17.1 to 0.18.0
- [Release notes](https://github.com/Stranger6667/jsonschema-rs/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema-rs/compare/rust-v0.17.1...rust-v0.18.0)

---
updated-dependencies:
- dependency-name: kanidm-hsm-crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: base64
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: lru
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: proc-macro2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: axum-auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>

* updating for kanidm-hsm change

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-06-08 11:25:09 +00:00
James Hodgkinson a8b47f50d7
Double shutdown doesn't help! (#2828) 
Fixes the fact that the HTTPS server wouldn't shut down while OTLP export was enabled.
 2024-06-08 03:04:36 +00:00
Firstyear f39dd7d7a2
Add development taint flag to prevent mismatch of server versions (#2821) 
* Add development taint flag to prevent mismatch of server versions
* Update server/lib/src/constants/schema.rs

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-06-07 09:53:30 +10:00
James Hodgkinson b074330ac5
lowering "access search" security log levels (#2819) 
They were very, very noisy, now they're only debug-noisy.
 2024-06-06 11:07:23 +10:00
James Hodgkinson 3c01a96348
Better WebAuthn and other error responses (#2608) 2024-06-05 09:57:16 +10:00
Firstyear 2c0ff46a32
20240530 nightly warnings (#2806) 
* Cleaneup
* Lots of ram saving
 2024-05-30 20:22:19 +10:00
Firstyear 1e7b94b7cf
Regrets Dot Pee Enn Gee (#2804) 
Upgrade Axum

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-05-30 12:50:45 +10:00
Firstyear a8b9dc8ee8
2756 - resolve invalid loading of dyngroups at startup (#2779) 
* 2756 - resolve invalid loading of dyngroups at startup
* Add a "patch level" migration for domain one shot fixes
 2024-05-28 02:12:44 +00:00
James Hodgkinson 1d0a606e69
WIP: serialization and domain info setting wonkiness (#2791) 2024-05-28 11:49:30 +10:00
Lukas Schulte Pelkum f5be44f2fc
fix DB_PATH variable propagation (#2797) 2024-05-25 23:27:08 +00:00
Tobias Krischer 814380a7f4
feat: add support for ldap compare request (#2780) 2024-05-25 08:28:52 +10:00
Firstyear 1e1414b38b
Add ACP checking to exists operations. (#2790) 2024-05-24 13:28:01 +10:00
Firstyear 3723abb25d
Allow name write privileges to be withheld (#2773) 2024-05-23 15:58:49 +10:00
Firstyear c1235a7186
Check for same version with backup/restore (#2789) 2024-05-23 01:48:37 +00:00
Firstyear 1e4f6e85ca
Revive Cookies. (#2788) 
* Revive Cookies.
* change from tikv-jemalloc to mimalloc.
 2024-05-23 00:45:42 +00:00
Firstyear 39ac38e266
Update our domain TGT level (#2776) 2024-05-17 16:06:14 +10:00
Firstyear 03f9943d41
Update design for KRC (#2713) 2024-05-15 01:05:11 +00:00
James Hodgkinson 7964f55d59
strip out some debug messages unless *really* debugging. (#2767) 
* kanidm cli logs on debug level - Fixes #2745
* such clippy like wow
* It's important for a wordsmith to know when to get its fixes in.
* updootin' wasms
 2024-05-14 14:56:55 +10:00
James Hodgkinson 9370eeb450
Changing TOTP "copy" box from form field to code block. (#2765) 
* Horizontal scroll bar missing from otp url box, causing potential miss copy/paste
Fixes #2762
 2024-05-14 11:16:48 +10:00
James Hodgkinson aefcdc5ee8
Fixing up build for rust 1.78, hiding things behind cfg(test) etc. (#2753) 
* fixing up build for rust 1.78, hiding things behind cfg(test) etc.
* cleaning up version identifier handling in book gen
 2024-05-07 09:00:55 +10:00
Firstyear 1fb8165825
Update Webauthn and Base64 (#2734) 2024-05-01 04:10:18 +00:00
Firstyear 59162236f5
Add some metadata for lib macros (#2735) 2024-05-01 13:34:39 +10:00
Firstyear 5ff482542b
Clean up utils password rand generation. (#2727) 
We previously used a "performance" optimisation in our password generation
that was likely not needed. This optimisation did *not* impact password
entropy or quality in the generation.

To improve clarity, swap to the Uniform distribution instead.
 2024-04-27 23:22:39 +10:00
Firstyear 2e206b2488
Release 1.2.0 prep (#2724) 
* Release 1.2.0 prep

* Update release notes based on feedback
 2024-04-26 06:56:47 +00:00
Firstyear 58cfc8bdf9
Minor upgrade fixes (#2722) 2024-04-24 17:21:45 +10:00
Firstyear afc130ab89
Support 1.1 attribute in LDAP (#2720) 2024-04-24 13:46:56 +10:00
Firstyear afd674d346
Add mail support to groups (#2718) 
* Add mail support to groups

* Update libs/client/src/group.rs

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-04-23 07:08:28 +00:00
Firstyear 604adccdae
Add session limit (#2714) 2024-04-23 16:02:42 +10:00
Joost Rijneveld 5485483aba
Fix typo in oauth2 error message (#2715) 
Removes a duplicate 'again'
 2024-04-20 22:55:35 +00:00
Firstyear d7834b52e6
Begin the basis of the key provider model (#2640) 
This completely reworks how we approach and handle cryptographic keys in Kanidm. This is needed as a foundation for replication coordination which will require handling and rotation of cryptographic keys in automated ways. 

This change influences many other parts of the code base in it's implementation.

The primary influences are:

* Modification of how domain user signing keys are revoked or rotated.
* Merging of all existing service-account token keys are retired (retained) keys into the domain to simplify token signing and validation
* Allowing multiple configurations of local command line tools to swap between instances using disparate signing keys.
* Modification of key retrieval to be key id based (KID), removing the need to embed the JWK into tokens

A side effect of this change is that most user authentication sessions and oauth2 sessions will have to be re-established after upgrade. However we feel that session renewal after upgrade is an expected side effect of an upgrade. 

In the future this lays the ground work to remove a large number of legacy key handling processes that have evolved, which will allow large parts of code to be removed.
 2024-04-15 23:44:37 +00:00
Daniil Egortsev f252035254
fix(TotpDigits): fix typo in TryFrom impl (#2702) 2024-04-11 10:31:34 +10:00
Firstyear c09daa4643
kanidm unixd mfa capabilities (#2672) 
Improve the support for the resolver to support MFA options with pam. This enables async task spawning and cancelation via the resolver backend as well. 

Co-authored-by: David Mulder <dmulder@samba.org>
 2024-03-28 01:17:21 +00:00
Firstyear 10ad183732
[SECURITY: LOW] Administrator triggered thread crash in oauth2 claim maps #2686 (#2686) 
When an admin configured oauth2 custom claims during the creation it
was not enforced that at least one value must be present. This led to
an incorrect logic flaw in str_concat! which didn't handle the 0 case.

This hardens str_concat! to prevent the thread crash by using itertools
for the join instead, and it enforces stricter validation on the valueset
to deny creation of empty claims.

This fix has a low security impact as only an administrator or high
level user can trigger this as a possible denial of service.

Fixes #2680 Fixes #2681
 2024-03-26 01:43:03 +00:00
Firstyear fcc65e6fbe
20240312 concread upgrade (#2668) 
* Update concread
 2024-03-19 12:06:52 +07:00
Vladimir Dronnikov 3e0ec78a61
fix api typo (#2657) 2024-03-18 16:29:28 +07:00
Merlijn a3ab0e39a6
Update bootstrap 5.0.2 to 5.3.3 & minor UI fixes (#2650) 2024-03-13 00:38:24 +00:00
Vladimir Dronnikov 45f26888be
increase severity for "{:?} !⊆ allowed: {:?}" (#2648) 
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-03-12 03:08:50 +00:00
Firstyear 285f4362b2
20230224 2437 orca remodel (#2591) 2024-03-09 16:09:15 +10:00
Firstyear b4d9cdd7d5
20240301 systemd uid (#2602) 
Fixes #2601 Fixes #393 - gid numbers can be part of the systemd nspawn range.

Previously we allocated gid numbers based on the fact that uid_t is a u32, so we allowed 65536 through u32::max. However, there are two major issues with this that I didn't realise. The first is that anything greater than i32::max (2147483648) can confuse the linux kernel. 

The second is that systemd allocates 524288 through 1879048191 to itself for nspawn.

This leaves with with only a few usable ranges.

1000 through 60000
60578 through 61183
65520 through 65533
65536 through 524287
1879048192 through 2147483647

The last range being the largest is the natural and obvious area we should allocate from. This happens to nicely fall in the pattern of 0x7000_0000 through 0x7fff_ffff which allows us to take the last 24 bits of the uuid then applying a bit mask we can ensure that we end up in this range. 

There are now two major issues.

We have now changed our validation code to enforce a tighter range, but we may have already allocated users into these ranges. 

External systems like FreeIPA allocated uid/gid numbers with reckless abandon directly into these ranges. 

As a result we need to make two concessions.

We *secretly* still allow manual allocation of id's from 65536 through to 1879048191 which is the nspawn container range. This happens to be the range that freeipa allocates into. We will never generate an ID in this range, but we will allow it to ease imports since the users of these ranges already have shown they 'don't care' about that range. This also affects SCIM imports for longer term migrations. 

Second is id's that fall outside the valid ranges. In the extremely unlikely event this has occurred, a startup migration has been added to regenerate these id values for affected entries to prevent upgrade issues. 

An accidental effect of this is freeing up the range 524288 to 1879048191 for other subuid uses.
 2024-03-07 03:25:54 +00:00
Vladimir Dronnikov 221445d387
expose group patch for parity (#2628) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-03-07 09:54:20 +10:00
James Hodgkinson 4c1fa0d644
Adding a builtin class for all built-in things (#2603) 
* adding builtin class to builtin objects
* Resolve issues with builtin PR

---------

Co-authored-by: William Brown <william@blackhats.net.au>
 2024-03-06 01:33:14 +00:00
Vladimir Dronnikov 8175253bae
apidoc tag fixes (#2625) 
* apidoc tag fixes
* apidoc typo fixed
 2024-03-06 00:41:47 +00:00
Firstyear 47fe9c78e6
Fix missing entry managed by on anonymouns (#2623) 2024-03-05 03:43:19 +00:00
James Hodgkinson 9d05b797ed
SPAs really are stupid sometimes (#2609) 2024-03-04 13:14:51 +10:00
Vladimir Dronnikov 1a81b437d8
apidoc fixes (#2614) 2024-03-04 02:10:01 +00:00
Vladimir Dronnikov e1f3703f0c
Typo fixes (#2610) 
* api typo fix
* schema description typo fix
* v1 group post typo fix
 2024-03-03 17:25:44 +10:00
Firstyear 633d11a21e
Return consent scope to service account (#2605) 2024-03-02 01:30:59 +00:00
James Hodgkinson dbf59474bb
OpenAPI schema fixes (#2590) 
* OpenAPI schema fixes
* Adding OpenAPI schema checks to the release script
 2024-03-01 16:57:36 +10:00
James Hodgkinson e35f5093a0
WASM test fixing (#2595) 
* wasm test fixing
* remove flaky skip
 2024-02-29 05:13:47 +00:00
Merlijn eddca4fc86
Feature object graph (#2518) 
* Refactor: move the object graph ui to admin web ui
* Add dynamic js loading support
Load viz.js dynamically
* Add some js docs
* chore: cleanup imports
* chore: remove unused clipboard feature
chore: remove unused mermaid.sh
* Messing with the profile.release settings and reverting the changes I tried has now made the build much smaller yay :D
* Refactor: user raw search requests
Assert service-accounts properly
* refactor: new v1 proto structure
* Add self to CONTRIBUTORS.md

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-02-29 02:25:40 +00:00
Firstyear 3760951b6d
Add domain version test framework (#2576) 
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-02-28 21:04:33 +00:00
Firstyear fbc021f487
20240221 2489 cleanup api v1 (#2573) 2024-02-27 09:25:02 +00:00
James Hodgkinson 4096b8f02d
Changing to allow startup without a config file (#2582) 
* Changing to allow startup without a config file, using environment variables
 2024-02-27 15:40:00 +10:00
Firstyear adb575947f
Adjust output of claim maps for better parsing (#2566) 
* Adjust output of claim maps for better parsing
* Update python tests for OAuth2 bits
* fixing workflows for container builds

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-02-26 13:33:32 +10:00
Sebastiano Tocci d3af1a9e1b
improved error description for commit_credential_update (#2579) 2024-02-24 00:18:38 +00:00
Firstyear 3bf16d4253
Make /status less noisy (#2574) 2024-02-22 17:34:46 +10:00
Firstyear 752bdf7578
Add system range protection (#2565) 2024-02-21 23:27:37 +10:00
James Hodgkinson 4efdb7208f
of course I started looking at clippy things and now I can't stop (#2560) 2024-02-21 00:52:10 +00:00
Firstyear 68d788a9f7
20240216 308 resource limits (#2559) 
This adds account policy based resource limits to control the maximum
number of entries that an account may query
 2024-02-21 00:15:43 +00:00
Daniil Egortsev 5701da8f23
fix(oauth2): typo in basic path (#2562) 2024-02-20 22:20:37 +00:00
James Hodgkinson 097db70c3d
prctl compile-time fixes, also chasing lints (#2558) 
* fixing up error handling for prctl calls
* minor clippy lintypoos
* making clippy happier
* clippizing a test
* more clippy-calming
* adding tpm-udev to ubuntu flows for testing
* rebuilt wasm
* moving from rg to grep because someone doesn't like nice things
* such clippy like wow
* clippy config to the rescue
 2024-02-20 18:21:33 +10:00
James Hodgkinson 84b2c4956d
Removing unused constant and updating docstring for LDAP bind address (#2556) 2024-02-20 11:10:02 +10:00
Firstyear cc28fb2c4b
Re-enable HW tpm support (#2531) 2024-02-17 01:30:08 +00:00
Firstyear 62dff7565e
Add further hardening for system services (#2542) 2024-02-17 00:11:32 +00:00
James Hodgkinson 48f33fb8c9
when the HTTPS server fails, handle that gracefully (#2546) 2024-02-16 08:30:43 +00:00
Firstyear 816fde766f
Fix update intent ttl parameters (#2540) 2024-02-16 07:02:36 +00:00
Firstyear a4c2e66afd
Fix incorrect documentation elements (#2533) 
This adds the account-policy section for credential-type-minimums
and fixes the replication config defaults to match the documented
behaviour.
 2024-02-16 01:58:41 +00:00
Firstyear 3549c8562f
Remove replication is in dev flag (#2535) 2024-02-16 11:39:43 +10:00
Firstyear 002ab13698
Add code_challenge_methods_supported to OIDC discovery (#2525) 2024-02-15 09:17:08 +10:00
Firstyear e3e77fe7b4
Update to latest dev version (#2486) 2024-02-08 09:54:07 +10:00
Firstyear 7567514044
Release 1.1.0-rc.16 (#2483) 2024-02-07 04:39:02 +00:00