Sebastiano Tocci
9611a7f976
Fixes #3406 : add configurable maximum queryable attributes for LDAP ( #3431 )
Linting checks / clippy (push) Has been cancelled
Linting checks / fmt (push) Has been cancelled
Spell Check / codespell (push) Has been cancelled
Container - Kanidm / Set image tag values (push) Has been cancelled
Container - Kanidmd / Set image tag values (push) Has been cancelled
Container - Radiusd / Set image tag values (push) Has been cancelled
Javascript Linting / javascript_lint (push) Has been cancelled
Javascript Linting / javascript_fmt (push) Has been cancelled
GitHub Pages / pre_deploy (push) Has been cancelled
GitHub Pages / docs_master (push) Has been cancelled
PyKanidm tests / tests (push) Has been cancelled
Linux Build and Test / rust_build (push) Has been cancelled
Linux Build and Test / rust_build_next (beta) (push) Has been cancelled
Linux Build and Test / rust_build_next (nightly) (push) Has been cancelled
Linux Build and Test / run_release (push) Has been cancelled
Windows Build and Test / windows_build_kanidm (push) Has been cancelled
Container - Kanidm / Build kanidm Docker image (push) Has been cancelled
Container - Kanidm / Push kanidm Docker image (push) Has been cancelled
Container - Kanidmd / Build kanidmd Docker image (push) Has been cancelled
Container - Kanidmd / Push kanidmd Docker image (push) Has been cancelled
Container - Radiusd / Build radius Docker image (push) Has been cancelled
Container - Radiusd / Push radius Docker image (push) Has been cancelled
GitHub Pages / fanout (${{ needs.pre_deploy.outputs.latest}}) (push) Has been cancelled
GitHub Pages / deploy (push) Has been cancelled
2025-02-21 12:14:47 +10:00
CEbbinghaus
848af4cecd
TOTP label verification ( #3419 )
...
Linting checks / clippy (push) Waiting to run
Linting checks / fmt (push) Waiting to run
Spell Check / codespell (push) Waiting to run
Container - Kanidm / Set image tag values (push) Waiting to run
Container - Kanidm / Build kanidm Docker image (push) Blocked by required conditions
Container - Kanidm / Push kanidm Docker image (push) Blocked by required conditions
Container - Kanidmd / Set image tag values (push) Waiting to run
Container - Kanidmd / Build kanidmd Docker image (push) Blocked by required conditions
Container - Kanidmd / Push kanidmd Docker image (push) Blocked by required conditions
Container - Radiusd / Set image tag values (push) Waiting to run
Container - Radiusd / Build radius Docker image (push) Blocked by required conditions
Container - Radiusd / Push radius Docker image (push) Blocked by required conditions
Javascript Linting / javascript_lint (push) Waiting to run
Javascript Linting / javascript_fmt (push) Waiting to run
GitHub Pages / pre_deploy (push) Waiting to run
GitHub Pages / fanout (${{ needs.pre_deploy.outputs.latest}}) (push) Blocked by required conditions
GitHub Pages / docs_master (push) Waiting to run
GitHub Pages / deploy (push) Blocked by required conditions
PyKanidm tests / tests (push) Waiting to run
Linux Build and Test / rust_build (push) Waiting to run
Linux Build and Test / rust_build_next (beta) (push) Waiting to run
Linux Build and Test / rust_build_next (nightly) (push) Waiting to run
Linux Build and Test / run_release (push) Waiting to run
Windows Build and Test / windows_build_kanidm (push) Waiting to run
* Adding TOTP Label verification (for both empty and duplicate)
2025-02-19 06:54:50 +00:00
CEbbinghaus
ccde675cd2
feat: Added webfinger implementation ( #3410 )
...
Adds WebFinger endpoints to every oauth2 client
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2025-02-10 06:10:12 +00:00
Firstyear
b15ff89b39
20250206 freebsd ports ( #3404 )
...
* Remove unneeded files
* Ensure we config client config for freebsd
* Improve shell handling
* Use freebsd compat nss
2025-02-09 08:57:15 +00:00
Firstyear
ad3cf8828f
20250205 3369 firefox pin ( #3403 )
...
Improve error message when passkey is missing PIN
Firefox still doesn't support setting a PIN on new devices. Because
of this we need a way to return a better error message for devices
that don't have UV configured.
2025-02-06 00:33:59 +00:00
Firstyear
9505b5a732
Allow OAuth2 with empty state parameter ( #3396 )
2025-02-05 00:39:53 +00:00
Firstyear
b3be758b74
20250114 3325 SCIM access control ( #3359 )
...
Add an extended query operation to return effective access controls so that UI's can dynamically display what is or is not editable on an entry.
2025-01-20 11:28:22 +00:00
Firstyear
1a29aa7301
Add ssh_publickeys as a claim for oauth2 ( #3346 )
...
Allow ssh_publickeys to be exposed as a claim for oauth2 and oidc
applications so that they can consume these keys for various uses.
An example could be something like gitlab which can then associate
the public keys with the users account.
2025-01-08 08:21:28 +00:00
micolous
16591007dd
Add OAuth2 response_mode=fragment ( #3335 )
...
* Add response_mode=fragment to discovery documents
* Add test for `response_mode=query`
* refactor OAuth 2.0 tests back into regular functions, because macros are messy
* Disallow some `response_type` x `response_mode` combinations per spec
2025-01-08 15:41:01 +10:00
Firstyear
1983ce19e9
Resolve passkey regression ( #3343 )
...
During other testing I noticed that passkeys no longer worked
on a reauthentication. This was due to a regression in you
guessed it, cookies, where the auth session id wasn't being
removed properly.
2025-01-07 16:05:14 +10:00
Firstyear
9f499f3913
Further SCIM sync testing, minor fixes ( #3305 )
...
This adds further testing of SCIM sync, especially around
conversion of the SCIM Sync Person and Group types into
SCIM Entry. This test would have prevented #3298 and
#3299 from occuring.
During testing two more fixes were found. external_id should have
been required (not optional) and a group with no members would
cause a serialisation issue.
2024-12-20 07:16:07 +00:00
Firstyear
50a7d9d700
Allow opt-in of easter eggs ( #3308 )
...
So that we can start to add some more easter eggs to the server,
we also need to respect user preferences that may not want them.
This adds a configuration setting to the domain allowing a release
build to opt-in to easter eggs, and development builds to opt-out
of them.
2024-12-19 03:30:35 +00:00
Firstyear
44e7348f3b
Incorrect member name in groups ( #3302 )
...
Member was accidentally set to members which prevented
group synchronisation.
2024-12-17 06:57:26 +00:00
Firstyear
0b2f349aec
SCIM Sync Missing Annotation ( #3300 )
...
A missing serde annotion in SCIM Sync caused groups to fail to
sync unless they had a description. This resolves the failure
by adding the correct annotation to skip None fields in groups.
2024-12-17 14:18:30 +10:00
Firstyear
7e9c33ab03
Limit OAuth2 resumption to session ( #3296 )
...
OAuth2 session resumption was accidentally made a permanent cookie
which led to continuing issues with it causing invalid redirections
after login. Make this a session only cookie.
2024-12-17 11:37:16 +10:00
Firstyear
6c3b8500a2
Use specific errors for intent token revoked ( #3291 )
...
Rather than the generic 'invalid state' error, we now return
proper site-specific errors for credential commit failures, with
error messages to explain what went wrong.
2024-12-16 10:28:00 +10:00
Firstyear
ea0e63cc2a
20240927 SCIM put ( #3151 )
2024-11-30 06:56:17 +00:00
Firstyear
dfbcfa865f
UI/Feature polish ( #3191 )
...
Post release some small user issues arose
* Optimise the autofocus for logins with passkeys to limit clicks
* Sort login mechs by strength
* Fix cookies to persist between browser restarts
2024-11-10 04:02:27 +00:00
Firstyear
0f3f604ba0
Hoist max_age to prevent incorrect deserialisation ( #3190 )
2024-11-09 13:28:29 +09:00
Firstyear
53dcb5265a
Fix attribute scim sync attribute naming ( #3159 )
2024-10-29 14:26:51 +10:00
George Wu
d2c329f330
Change to text input and use numeric mode for TOTP prompts. ( #3154 )
...
* Change to text input and use inputmode numeric for TOTP prompts.
* Fix some typos.
2024-10-27 23:57:28 +00:00
Firstyear
2e6d940691
Remove WASM ( #3148 )
...
liberal party took over, more cuts
2024-10-26 17:19:13 +10:00
James Hodgkinson
151a9ad90f
ripping out some extra packages ( #3146 )
2024-10-26 02:27:56 +00:00
James Hodgkinson
5a709520dc
OAuth2 Device flow foundations ( #3098 )
2024-10-26 12:08:48 +10:00
George Wu
8b4d0d6ead
Add missing schemas to get OpenAPI validation to pass. ( #3129 )
2024-10-22 08:27:37 +10:00
James Hodgkinson
68119e1067
more errors for the people ( #3121 )
2024-10-18 23:51:45 +00:00
Firstyear
5a3e5f1e07
20241017 3107 token ttl ( #3114 )
2024-10-18 03:28:52 +00:00
George Wu
9836b2bf12
Totp input changes ( #3115 )
2024-10-17 06:45:13 +00:00
Firstyear
2075125439
Working scim entry get for person ( #3088 )
2024-10-15 04:29:45 +00:00
Merlijn
4e125b5043
Scim add EntryReference ( #3079 )
...
Allow references to be displayed as a complex object
2024-10-10 00:13:45 +00:00
Firstyear
131ff80b32
20240921 ssh keys and unix password in credential update session ( #3056 )
2024-10-03 05:57:18 +00:00
Firstyear
cc662f184a
20240925 cleanups ( #3060 )
2024-10-03 14:04:02 +10:00
CEbbinghaus
d109622d71
Make good on some TechDebt ( #3084 )
...
adds MissingClass & MissingAttribute OperationError kinds to more strongly type our error messages.
2024-10-03 10:48:28 +10:00
CEbbinghaus
dc4a438c31
Feat: Adding POSIX Password fallback ( #3067 )
...
* Added Schema for credential fallback
* Added account polcity management to ac migration
* Refactored Ldap & Unix auth to be common
* removed unused methods and renamed unused fields
* Fixed LDAP missing Anonymous logic
* Added CLI argument for configuring primary cred fallback
2024-10-02 19:28:36 +10:00
Firstyear
90afc8207c
20240926 tech debt ( #3066 )
...
Large clean up
2024-10-01 10:07:08 +10:00
Firstyear
fb3e7a01bc
Resolve incorrect SCIM Sync serialisation ( #3047 )
2024-09-17 06:27:41 +00:00
James Hodgkinson
004e263f90
CLI image error nicening ( #3037 )
...
* fix(scim_proto): fixing an issue with building due to dependencies
* feat(cli): more error message detail when things go wrong with images on the CLI
2024-09-17 04:07:43 +00:00
Firstyear
6065f2db60
Add rfc7009 and rfc7662 metadata to oidc discovery ( #3046 )
2024-09-17 03:35:43 +00:00
James Hodgkinson
4cbec48307
More openapi tweaks ( #3038 )
2024-09-17 13:01:54 +10:00
Firstyear
d3891e301f
20240810 SCIM entry basic ( #3032 )
2024-09-12 12:53:43 +10:00
Firstyear
f053ff7fba
CreatedAt/ModifiedAt fix ( #3034 )
...
* fix(repl): CreatedAt/ModifiedAt attributes
2024-09-12 11:42:16 +10:00
Firstyear
938ad90f3b
20240906 Attribute as an Enum Type ( #3025 )
...
Changes attribute from a string to an enum - this provides many performance improvements and memory savings throughout the server.
2024-09-09 00:53:10 +00:00
Firstyear
0fac1f301e
20240820 SCIM value ( #2992 )
...
Add the basics of scim value serialisation to entries.
2024-08-29 11:38:00 +10:00
James Hodgkinson
3eae7be0bb
OAuth2 Token Type ( #3008 )
...
* fix(OAuth2): Invalid `token_type` for token introspection
Fixes #3005
* fix(aut): `assert_eq` instead of `assert ==`
* fix(OAuth2): IANA registry access token types
* fix(OAuth2): deserialize case insensitively
2024-08-25 23:30:20 +00:00
James Hodgkinson
7c3deab2c4
enforcen den clippen ( #2990 )
...
* enforcen den clippen
* updating outdated oauth2-related docs
* sorry clippy, we tried
2024-08-21 00:32:56 +00:00
Firstyear
239f4594dd
20240810 application passwords ( #2968 )
...
Add the server side components for application passwords. This adds the needed datatypes and handling via the ldap components.
Admin tools will be in a follow up PR.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Co-authored-by: Samuel Cabrero <scabrero@suse.de>
2024-08-20 06:44:37 +00:00
Firstyear
3ae8453375
In honour of SebaT, error on db lock acq timeout ( #2947 )
2024-08-02 09:29:46 +10:00
Merlijn
f82a52de3b
[htmx] Credential Update page ( #2897 )
...
Implement credential update page in HTMX
---------
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
Co-authored-by: Firstyear <william@blackhats.net.au>
2024-08-01 01:17:14 +00:00
Firstyear
329750981e
Update to 1.4.0-dev ( #2943 )
2024-08-01 00:02:11 +10:00
James Hodgkinson
5313c5ffdc
Reorganising the daemon startup so it doesn't fail with OTEL configured ( #2934 )
2024-07-26 07:28:35 +00:00
