kanidm

mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00

Author	SHA1	Message	Date
Firstyear	d42268269a	20240125 2217 client credentials grant (#2456 ) * Huge fix of a replication problem. * Update test * Increase min replication level * Client Credentials Grant implementation	2024-02-01 02:00:29 +00:00
James Hodgkinson	c8bd1739f9	PyKanidm updates and testing (#2301 ) * otel can eprintln kthx * started python integration tests, features * more tests more things * adding heaps more things * updating docs * fixing python test * fixing errors, updating integration test * Add models for OAuth2, Person, ServiceAccount and add missing endpoints * Alias Group to GroupInfo to keep it retrocompatible * Fixed issues from review * adding oauth2rs_get_basic_secret * adding oauth2rs_get_basic_secret * Fixed mypy issues * adding more error logs * updating test scripts and configs * fixing tests and validating things * more errors --------- Co-authored-by: Dogeek <simon.bordeyne@gmail.com>	2024-01-31 03:27:43 +00:00
Firstyear	50c324c063	Fix inverted key/chain logic from TLS error improvement (#2453 )	2024-01-24 16:51:41 +10:00
Firstyear	967bc7c9df	Improve TLS configuration errors (#2447 ) This improves the errors during TLS configuration to localise them to the error site, as well as calling our file path diagnostics tool to assist with permission errors.	2024-01-23 16:13:14 +10:00
Firstyear	86916a3d87	Return sshkey label to cli fields (#2440 ) * Return ssh label to cli fields	2024-01-20 17:17:57 +10:00
Firstyear	b1e7cb13a5	Add rfc8414 metadata (#2434 )	2024-01-19 04:14:52 +00:00
Firstyear	8e4980b2c1	Add test for delete referer invalid (#2435 ) When a delete of an entry occurs which is reference by another entry, if the entry has a MUST schema condition on the deleted entry then the delete should be blocked to prevent the entries structure becoming invalid.	2024-01-19 02:18:11 +00:00
Firstyear	8dc884f38e	2390 1980 allow native applications (#2428 )	2024-01-16 10:44:12 +10:00
Firstyear	a1fa59b83c	Clean RUV (#2424 )	2024-01-12 09:43:20 +10:00
Firstyear	666448f787	Upgrade replication to use anchors (#2423 ) * Upgrade replication to use anchors	2024-01-10 04:46:08 +00:00
Firstyear	0e44cc1dcb	Minor fixes for oidc with single page applications (#2420 )	2024-01-08 23:57:14 +00:00
Firstyear	e9340c682e	Use case insensitive match on substrings in line with ldap (#2419 )	2024-01-06 15:52:21 +10:00
Firstyear	cc79b2a205	20231222 piv authentication (#2398 ) Foundations of PIV authentication	2023-12-29 23:15:26 +00:00
James Hodgkinson	307a66ea29	Update docs, closes SQLite Write-Ahead Logging might make page size immutable #2404 (#2405 )	2023-12-30 08:34:50 +10:00
Firstyear	7f27a6fcd9	Force apply idm migrations to apply access controls (#2401 )	2023-12-28 12:24:29 +10:00
cuberoot74088	a16525d520	fix backup filename and regexp pattern for cleanup (#2386 ) Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2023-12-24 12:06:43 +00:00
Firstyear	fd71a748ca	Add improved domain migration framework and default MFA (#2382 )	2023-12-21 14:44:20 +10:00
Firstyear	77b01e3a31	Trim and lowecase usernames (#2380 )	2023-12-19 06:41:12 +00:00
Firstyear	3408816932	Add DN as a virtual ldap attr (#2379 )	2023-12-19 15:07:19 +10:00
James Hodgkinson	a4c44bc5f9	fixing default for oauth2 request_parameter_supported metadata (#2378 )	2023-12-19 11:56:47 +10:00
Firstyear	5c445a4704	20231218 ipa sync unix password (#2374 ) * Add support for importing the users password as unix password	2023-12-18 11:20:37 +10:00
Firstyear	d09c2448ff	1481 2024 access control rework (#2366 ) Rework default access controls to better separate roles and access profiles.	2023-12-17 23:10:13 +00:00
Firstyear	854b696532	249 2024 managed by syntax (#2359 ) Allows hierarchial entry management rules.	2023-12-07 10:00:09 +00:00
James Hodgkinson	340d41482b	typo (#2356 )	2023-12-05 01:22:59 +00:00
Firstyear	4bd5d584cb	20231204 ipa sync minor improvements (#2357 )	2023-12-04 16:58:15 +10:00
Firstyear	76269f9de2	20231129 webauthn attestation (#2351 ) This adds full support for attestation of webauthn/passkeys.	2023-12-03 06:13:52 +00:00
James Hodgkinson	9a464c653c	Using proper axum http headers lib for compatibility (#2348 )	2023-12-01 08:55:51 +10:00
Firstyear	cbdbaa8fe0	Bearer should send with same caps we accept (#2345 )	2023-11-30 09:25:34 +10:00
Firstyear	31b939fca3	20231128 freeipa migration (#2338 ) * Add more weak password formats for freeipa * Verification of freeipa migration from older ipa versions	2023-11-29 10:43:15 +10:00
Firstyear	ac299b5286	Update to the latest compact-jwt version (#2331 )	2023-11-24 02:53:22 +00:00
James Hodgkinson	916bb4ec04	Adding env var configs for the server (#2329 ) * env var config for server * I am my own clippy now * Man, that got complicated quick	2023-11-24 01:27:49 +00:00
Firstyear	bb8914c70d	20231120 2320 sssd compat (#2328 )	2023-11-22 10:18:03 +10:00
Firstyear	b71b0460f3	Add test (#2323 )	2023-11-19 21:56:19 +10:00
James Hodgkinson	2be287c1ff	OAuth2 scopes validation logging missing details (#2317 ) * OAuth2 scopes validation logging missing details - Fixes #2316 * clippy was mad	2023-11-17 16:08:08 +10:00
Firstyear	8f150ad032	20231115 oauth2 authreq (#2310 ) * fix oauth2 requests * Fix json compat of wasm bindgen	2023-11-15 12:41:01 +10:00
Firstyear	a2a3010860	Remove serde json from wasm (#2304 ) * Remove serde json from wasm * Fix missing json	2023-11-12 15:38:37 +10:00
Firstyear	8a40f5ab7b	Fix spelling (#2303 )	2023-11-11 03:04:35 +00:00
Firstyear	47bcea7708	20231109 1122 credential class (#2300 ) * Add CredentialType for acc pol * Reword ui hints * Finish account policy * Clean up artefacts	2023-11-11 09:26:44 +10:00
James Hodgkinson	60e5935faa	Moving daemon tracing to OpenTelemetry (#2292 ) * sally forth into the great otel unknown * make the build env identification slightly more durable * docs updates * wasm recompile	2023-11-09 05:15:12 +00:00
James Hodgkinson	12f1de8358	Update OpenAPI schema gen to actually... be kinda sorta valid. (#2296 ) * updating lockfile * OpenAPI validation issues Fixes #2295 * clippy sez no * adding another validator, more specs	2023-11-07 11:35:17 +10:00
Firstyear	b7852d1d71	pw min length in account policy (#2289 )	2023-11-05 10:33:25 +10:00
James Hodgkinson	b9d47fe8f7	oauth2 typo (#2290 )	2023-11-04 06:45:40 +00:00
James Hodgkinson	7025a9ff55	Feature: kanidm CLI pulling OpenAPI schema (#2285 ) * diag is super noisy when you actually turn on logging... even though it wasn't an error? * adding api download-schema to the CLI * docs	2023-11-03 17:37:27 +10:00
James Hodgkinson	cf35a7e667	Feature: configurable replication poll interval (#2283 ) * Feature: configurable replication poll interval (#2282) * Updating log messages because REPL != LDAP	2023-11-02 02:07:53 +00:00
Firstyear	9e5449a644	Minor improvements to incoming replication (#2279 )	2023-11-02 01:21:21 +00:00
Allan	dbf476fe5e	Remove unused imports and clippy lint (#2276 ) * Fix unused import errors * Apply clippy get_first lint * Add contributor --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2023-11-01 05:54:29 +00:00
Samuel Cabrero	c3c0b5f459	Rework ldap bind routine (#2268 ) Signed-off-by: Samuel Cabrero <scabrero@suse.de>	2023-11-01 15:09:22 +10:00
Firstyear	a3266978c8	Disable inconsistent test (#2278 )	2023-11-01 02:02:53 +00:00
William Brown	4a08b77285	make versions consistent	2023-10-31 21:24:07 +10:00
James Hodgkinson	6642139900	Release 1.1.0-rc.15-dev	2023-10-31 19:26:18 +10:00
James Hodgkinson	ef96ca6aa1	started writing docs and ended up in another rabbit hole (#2267 ) * started writing docs and ended up in another rabbit hole * updoots * dangit fedora	2023-10-31 19:15:35 +10:00
James Hodgkinson	3bfc347c53	CLI integration test beginnings (#2261 ) * more integration test things, using assert_cmd to test the CLI end-to-end * packagez * making clippy happy * making deno happy	2023-10-30 06:10:54 +00:00
William Brown	ecc46bb015	Add book chapter + cli	2023-10-28 13:07:06 +10:00
NavinShrinivas	b80a3b271c	Cargo fmt and clippy checks Signed-off-by: NavinShrinivas <karupal2002@gmail.com>	2023-10-28 13:07:06 +10:00
NavinShrinivas	12ea1c8702	Restrict posix passwords on ldap bind with config Signed-off-by: NavinShrinivas <karupal2002@gmail.com>	2023-10-28 13:07:06 +10:00
James Hodgkinson	e02328ae8b	Splitting the SPAs (#2219 ) * doing some work for enumerating how the accounts work together * fixing up build scripts and removing extra things * making JavaScript as_tag use the struct field names * making shared.js a module, removing wasmloader.js * don't compress compressed things	2023-10-27 06:03:58 +00:00
James Hodgkinson	ad3c491d07	Bug chasing (#2257 ) * service-account validity expire-at doesn't accept all time nouns as defined by docs Fixes #2153 * realised a logic bug * making clippy happy while I'm here * returning an empty set from the creds if the creds attribute is not found, which is then handled downstream	2023-10-27 05:30:38 +00:00
Samuel Cabrero	99ba97088d	cargo fmt + clippy (#2241 ) Signed-off-by: Samuel Cabrero <scabrero@suse.de>	2023-10-27 04:40:24 +00:00
James Hodgkinson	7dc18e4f9e	adding service account patch methods (#2255 ) * adding service_account PATCH	2023-10-26 13:40:45 +10:00
Firstyear	afe9d28754	20231019 1122 account policy basics (#2245 ) --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2023-10-22 11:16:42 +00:00
Firstyear	6ff9082fd2	20231014 account policy (#2218 ) * Start to prep for unix+ssh keys in credupdate session	2023-10-19 01:40:06 +00:00
James Hodgkinson	6850a17e8c	Windows build fixes and test coverage (#2220 ) * adding testing for users functions * turning KanidmClient build error into a ClientError * removing a redundant closure	2023-10-17 07:18:07 +00:00
James Hodgkinson	eead47aec8	Fixing dependabot and its mistakes (#2232 ) * updating to utoipa 4.0.0 * hi dependabot	2023-10-16 05:15:53 +00:00
dependabot[bot]	1a36673c46	chore(deps): bump utoipa-swagger-ui from 3.1.5 to 4.0.0 (#2224 ) Bumps [utoipa-swagger-ui](https://github.com/juhaku/utoipa) from 3.1.5 to 4.0.0. - [Release notes](https://github.com/juhaku/utoipa/releases) - [Commits](https://github.com/juhaku/utoipa/compare/utoipa-swagger-ui-3.1.5...utoipa-swagger-ui-4.0.0) --- updated-dependencies: - dependency-name: utoipa-swagger-ui dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-15 20:45:27 +00:00
James Hodgkinson	f28d5cef22	OpenAPI/swagger docs autogen (#2175 ) * always be clippyin' * pulling oauth2 api things out into their own module * starting openapi generation	2023-10-14 12:39:14 +10:00
Firstyear	8bcf1935a5	20231012 346 name deny list (#2214 ) * Migrate to improved system config reload, cleanup acc pol * Denied names feature	2023-10-13 08:50:36 +10:00
Firstyear	88da55260a	Add file diagnosis (#2210 )	2023-10-12 12:09:54 +10:00
Firstyear	fbc62ea51e	fix RUV on startup, improve filter output (#2211 )	2023-10-11 21:14:27 +10:00
James Hodgkinson	d9da1eeca0	Chasing yaks down dark alleyways (#2207 ) * adding some test coverage because there was some rando panic-inducing thing * ldap constants * documenting a macro * helpful weird errors * the war on strings continues * less json more better * testing things fixing bugs * idm_domain_reset_token_key wasn't working, added a test and fixed it (we weren't testing it) * idm_domain_set_ldap_basedn - adding tests * adding testing for idm_account_credential_update_cancel_mfareg * warning of deprecation	2023-10-11 15:44:29 +10:00
dependabot[bot]	d538f80fa1	chore(deps): bump axum-auth from 0.4.0 to 0.4.1 (#2200 ) Bumps [axum-auth](https://github.com/owez/axum-auth) from 0.4.0 to 0.4.1. - [Commits](https://github.com/owez/axum-auth/compare/0.4.0...v0.4.1) --- updated-dependencies: - dependency-name: axum-auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-08 21:26:48 +00:00
Firstyear	a91bf55471	20231008 remove expect used (#2191 ) * Stop using expect on some tasks	2023-10-08 17:39:00 +10:00
James Hodgkinson	19f9fde012	Thread naming and display (#2190 ) * sometimes handlers fail * enums are better than strings * clippyisms	2023-10-08 13:08:46 +10:00
James Hodgkinson	48979b8e1a	Replication tweaks - try the most recent successful one and error less (#2189 ) * made an error less error-y and also found a way to try the last-most-working repl peer	2023-10-07 13:09:42 +10:00
James Hodgkinson	0adc3e0dd9	Chasing wooly quadrapeds again (#2163 ) * I really like well-tended yaks * documenting yaks * spellink * less surprise more good * schema test fix * clippyisms	2023-10-05 12:30:46 +10:00
Firstyear	f6d2bcb44b	68 20230929 replication finalisation (#2160 ) Replication is now ready for test deployments!	2023-10-05 11:11:27 +10:00
James Hodgkinson	e7f594a1c1	In-system image storage (#2112 ) * In-system image storage refers to #2057 * adding multipart feature to axum * thanks to @Firstyear for fixing my bufs * fixing coverage test things * clippy-calming * more tests, jpg acropalypse tests, benches * spelling * lockfile updates * linting	2023-10-04 17:24:12 +10:00
Firstyear	cb985a2fd0	fix credential update intent defaults (#2162 )	2023-09-30 20:06:44 +10:00
Firstyear	3e345174b6	68 20230919 replication configuration (#2131 )	2023-09-29 12:02:13 +10:00
James Hodgkinson	c7a269575c	Enforce TLS key size minimums (#2145 ) * Enforce TLS key size minimums - Fixes #2144 * at some point clippy got mad	2023-09-26 09:59:00 +10:00
James Hodgkinson	c998a1eda5	bindaddress default doesn't match documentation (#2150 ) Fixes #2147	2023-09-26 09:38:07 +10:00
James Hodgkinson	d5ed335b52	Cinco de yakko (#2108 ) * there are always more yaks * see? ldap yaks. * fixing stupid radius container build thing	2023-09-16 12:11:06 +10:00
Firstyear	77da40d528	68 20230912 session consistency (#2110 ) This adds support for special-casing sessions in replication to allow them to internally trim and merge so that session revocations and creations are not lost between replicas.	2023-09-16 09:22:11 +10:00
James Hodgkinson	383592d921	Schema dooby doo ... yon (#2103 ) Refers #1987 Notable changes: - in server/lib/src/entry.rs - aiming to pass the enum instead of the strings - changed signature of add_ava to take Attribute instead of &str (which is used in the entry_init macro... which was fun) - set_ava<T> now takes Attribute - added TryFrom<&AttrString> for Attribute	2023-09-12 11:47:24 +10:00
Firstyear	b3aed1df34	68 20230908 replication attrunique (#2086 ) Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2023-09-12 08:50:51 +10:00
James Hodgkinson	d3d80e7364	Schema-dooby-doo-part-trois (#2082 ) * adding extra_attributes field to BuiltinGroup, migrating more things. * checkpoint 3 - ACP, easy as 1,2,3 * codespell * now throwing error on dyngroup with defined members	2023-09-09 09:38:47 +10:00
James Hodgkinson	4b7563adc8	CLI and test things (#2080 ) * testing things actually run is handy * adding build mode to scripts * uh, so I started messing with handling exit codes...	2023-09-09 09:35:59 +10:00
Firstyear	61c59d5a5a	68 20230907 replication (#2081 ) * Test replication when nodes are valid beyond cl trim	2023-09-08 08:59:06 +10:00
James Hodgkinson	2f312e6b2d	Removing default features from git2 package (#2078 ) * don't need ssh or https in git2 - saves 50.69s * codespell	2023-09-06 08:25:29 +10:00
Firstyear	d1fe7b9127	68 20230829 replication referential integrity (#2048 ) * Member of works! * Hooray, refint over replication works.	2023-09-05 21:30:51 +10:00
James Hodgkinson	d5d76d1a3c	Schema dooby doo part two (#2071 ) * scim strings! * mapmapmap * mapmapmap -comments and map * updating delete teest * fixing some tests	2023-09-05 16:58:42 +10:00
Firstyear	538429838d	When an empty body was returned, do request would error incorrectly (#2074 )	2023-09-05 14:14:00 +10:00
James Hodgkinson	1d88cede1b	Yak hassling (#2059 ) * trying this query thing again * if error show error not panic * clippyism * moving dependencies around and fixing log messages for healthcheck * cleaning up some comment mess * fixing the "debug thing breaks packaging" issue and test failures	2023-09-05 11:50:51 +10:00
dependabot[bot]	07c9a9078e	chore(deps): bump tower-http from 0.4.3 to 0.4.4 (#2064 ) Bumps [tower-http](https://github.com/tower-rs/tower-http) from 0.4.3 to 0.4.4. - [Release notes](https://github.com/tower-rs/tower-http/releases) - [Commits](https://github.com/tower-rs/tower-http/compare/tower-http-0.4.3...tower-http-0.4.4) --- updated-dependencies: - dependency-name: tower-http dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-03 21:04:53 +00:00
Sebastiano Tocci	f2e9c8a16e	Add tests for X-Forwarded-For header (kinda) (#1957 ) * Add tests for X-Forwarded-For header (kinda) * testing for invalid header format * added debug endpoint and got tests working * various fixing here and there	2023-08-31 09:31:16 +08:00
Firstyear	5bd69b81b8	Clear cache before verify on some low-level tests (#2044 )	2023-08-29 12:26:29 +10:00
Firstyear	0f977d33b9	68 20230828 replication of schema (#2045 )	2023-08-29 12:20:27 +10:00
Firstyear	da56738dea	pam multistep auth state machine (#2022 ) Himmelblau needs to maintain some data about the state of an authentication across the course of pam exchanges. Signed-off-by: David Mulder <dmulder@samba.org> Co-authored-by: David Mulder <dmulder@samba.org>	2023-08-28 09:27:29 +10:00
Samuel Cabrero	9dda8b1ad3	Authentication shortcut to get a RW session (#1993 ) * auth: Add a privileged flag to AuthStep::Init2 step to request a rw session The privileged flag is defined as Option<bool> for compatibility with existing clients.	2023-08-24 09:54:33 +10:00
Sebastiano Tocci	47e953bfd2	wopsies, missing imports (#2023 ) * wopsies, missing imports * more clippy and fmt * adding test build for kanidm with idv-tui feature * making codespell happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>	2023-08-23 22:40:25 +10:00
Sebastiano Tocci	70b19f0630	idv cli (#2001 )	2023-08-23 20:51:24 +10:00

1 2 3 4 5 ...

270 commits