mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2156 commits 17 branches 59 tags 246 MiB
Commit graph

2156 commits

This branch
This branch
All branches
Author SHA1 Message Date
Firstyear e04d0680a4 Warn when v2 options are used in v1 unixd config (#3228) 
Options like map_group would fail silently when version=2 wasn't
set in our unix config. this detects that case and warns that it
is occuring.

To prevent this in the future, we deny unknown keys in v2 so that
if (when?) we add v3, new keys will cause an error.
 2024-11-22 12:14:06 +10:00
Firstyear d058b8c053 Resolve UI Auth Loop with OAuth2 (#3226) 
If an OAuth2 auth request resume cookie was present, and at the same
time the kani instance was restarted, the cookie would now fail
to validate on the instance. This caused the user to experience an auth
loop where after every authentication they would see an error *despite*
logging in correctly, and then a refresh would show the correct
apps page.

This removes the auth_req cookie correctly even if it fails to
deserialise.
 2024-11-22 12:14:06 +10:00
Firstyear 2dd8891d51 Harden transport in pam unixd (#3227) 
In some cases if the transport drops out from underneath unixd,
it can be difficult to diagnose and leads to inconsistent errors
and output such as prompting for a password multiple times when
it can't succeed.

This makes it clearer that the transport had an error, and it
denies the inflight authsession to prevent spurious password
prompts.
 2024-11-22 12:14:06 +10:00
Firstyear abbce9edf3 Improve warning around invalid JWT deserialisation (#3224) 
* Improve warning around invalid JWT deserialisation

* typo
 2024-11-22 12:14:06 +10:00
George Wu 9bd1fe1481 Update and fix server config files in examples. (#3225) 2024-11-22 12:14:06 +10:00
George Wu f6d16ff08a Change CLI oauth2 command from set-display-name to set-displayname for consistency. (#3212) 
* Change CLI domain command from set-display-name to set-displayname for consistency.

* Also fix CLI.
 2024-11-22 12:14:06 +10:00
George Wu e4c6ca767e Add docs on customising Kanidm. (#3209) 
* Add docs on customising Kanidm.

* Add more info about images that can be used.

* s/set-display-name/set-displayname/g
 2024-11-22 12:14:06 +10:00
Georg 6458660a24 Correct spelling of occurred (#3222) 
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2024-11-22 12:14:06 +10:00
Firstyear a6dcb960d7 UI/Feature polish (#3191) 
Post release some small user issues arose

* Optimise the autofocus for logins with passkeys to limit clicks
* Sort login mechs by strength
* Fix cookies to persist between browser restarts
 2024-11-10 14:06:08 +10:00
Firstyear a6ecff0caa Prevent Invalid MFA Reg States (#3194) 2024-11-10 14:06:08 +10:00
George Wu 54cea7a9b7 Change CSS for applications so SVG scales nicely in Firefox. (#3200) 2024-11-10 14:06:08 +10:00
Firstyear ed20725817 20241109 3185 max age (#3196) 2024-11-10 14:06:08 +10:00
Firstyear 69ceb6c4f7 Hoist max_age to prevent incorrect deserialisation (#3190) 2024-11-10 14:06:08 +10:00
William Brown ee5c382d8e Release 1.4.2 2024-11-08 14:20:27 +10:00
Firstyear 4f55b1cc33 Re-migrate all acps to force updating (#3184) 
* Re-migrate all acps to force updating

* Update server/lib/src/server/migrations.rs

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-11-08 14:19:10 +10:00
Firstyear c3e42ba257 security - low - fault in migrations (#3182) 
A fault existed in the server's internal migration code, where attributes
that were multivalued would be merged rather than replaced in certain
contexts. This migration path is used for access controls, meaning that
on upgrades, attributes that were meant to be removed from access
controls or changes to access control target groups were not reflected
during the upgrade process.

This has a potentially low security impact as it may have allowed
users to change their name/displayname even if the administrator
had disable the name_self_write access control.
 2024-11-07 14:33:11 +10:00
William Brown ad93202992 Release 1.4.1 2024-11-05 14:56:33 +10:00
Firstyear 99573f2b94 Correct missing CSP header (#3177) 2024-11-05 14:50:27 +10:00
Firstyear 78ced241eb Resolve pam services not always having a tty (#3176) 2024-11-05 11:06:57 +10:00
Firstyear 770efa80f0 Resolve incorrect handling of rhost in pam (#3171) 2024-11-03 10:13:50 +10:00
William Brown c297c3f5d9 Docker makefile latest 2024-11-01 12:18:05 +10:00
William Brown 26321bc6ed Release 1.4.0 2024-11-01 12:08:35 +10:00
CEbbinghaus d72b551d2f chore: Made oauth2 scopes required in CLI (#3165) 2024-11-01 12:05:51 +10:00
micolous e50e967880 More "choosing a domain" revision (#3161) 
* More "choosing a domain" revision:

* Link to the domain rename process
* Add some hyphens to make things easier to read
* Move the OAuth 2.0 domain sharing guidance into the origin section
* Add DNS -> IP as a potential issue
* Discourage requesting public suffix list inclusion as a workaround

* Add "own hostname" section
 2024-10-30 12:24:42 +10:00
George Wu daba216803 Update missing inputmode numeric when adding a new TOTP. (#3160) 2024-10-30 12:24:36 +10:00
Firstyear 8afdc065bb Improve OAuth2 authorisation ux (#3158) 
- Resolve an issue where oauth2 could trigger the login page to
  incorrectly redirect to an oauth2 application instead of apps
- Add indication of what client application we are accessing
  if the session is not yet authenticated
 2024-10-29 18:16:27 +10:00
Firstyear b8811c9eaf Fix attribute scim sync attribute naming (#3159) 2024-10-29 14:27:19 +10:00
George Wu 750932b322 Change to text input and use numeric mode for TOTP prompts. (#3154) 
* Change to text input and use inputmode numeric for TOTP prompts.

* Fix some typos.
 2024-10-29 09:29:53 +10:00
Firstyear 6232206d43 Fix release note date and typos (#3153) 2024-10-27 13:10:35 +10:00
William Brown b7ce4350e3 Release 1.4.0-pre 2024-10-27 10:50:09 +10:00
Firstyear 243a020bdb
Release Notes (#3149) 
* Update RELEASE_NOTES.md
 2024-10-27 00:46:25 +00:00
Firstyear 2e6d940691
Remove WASM (#3148) 
liberal party took over, more cuts
 2024-10-26 17:19:13 +10:00
micolous 5c9eb87a75
Rewrite "choosing a domain", add other considerations (#3147) 
Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-10-26 05:31:01 +00:00
Wei Jian Gan bc55313d87
Harmonize UI and remove unused css (#3033) 
-------

Co-authored-by: Wei Jian Gan <wg@danicapension.dk>
Co-authored-by: William Brown <william@blackhats.net.au>
 2024-10-26 04:47:44 +00:00
James Hodgkinson 151a9ad90f
ripping out some extra packages (#3146) 2024-10-26 02:27:56 +00:00
James Hodgkinson 5a709520dc
OAuth2 Device flow foundations (#3098) 2024-10-26 12:08:48 +10:00
Firstyear b0824fef18
htmx by default (#3145) 
* htmx by default

* restore the webmanifest

* fixing unused import

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-10-26 01:44:00 +00:00
Firstyear b7e682c43f
Support reloading via systemd (#3144) 2024-10-26 01:24:58 +00:00
CEbbinghaus dc56a3217d
Chore: Refactor Groups to be more generic (#3136) 2024-10-25 00:36:20 +00:00
Firstyear d2ae2ca206
20241024 1271 cert reload on SIGHUP (#3140) 
reload certificates and keys on SIGHUP
 2024-10-25 00:01:30 +00:00
Firstyear 4c2eeeb135
Update docs, improve locking (#3141) 2024-10-25 09:42:52 +10:00
James Hodgkinson 120f990ce1
2856 - use tags for containers on build (#3139) 
* ci: push docker image for git tags
* tweaking tag references, such tag, many build

---------

Co-authored-by: guillaumedsde <30023543+guillaumedsde@users.noreply.github.com>
 2024-10-24 02:12:20 +00:00
Firstyear ccb3848b88
Fix image when too smol (#3138) 2024-10-23 17:11:12 +10:00
James Hodgkinson bbe9ad1a06
yale's rabbit-hole-chasing-htmx-fixing-megapatch (#3135) 2024-10-23 16:04:38 +10:00
Firstyear 31420c3ff9
ipinfo should be single value (#3137) 2024-10-23 02:39:40 +00:00
Firstyear 48cd6638fe
Tidy the reauth ui (#3130) 
* Tidy the reauth ui
 2024-10-23 11:59:05 +10:00
George Wu 8b4d0d6ead
Add missing schemas to get OpenAPI validation to pass. (#3129) 2024-10-22 08:27:37 +10:00
George Wu 7eb54be487
Change some OperationError into HTTP Bad Request (400). (#3125) 2024-10-21 02:57:23 +00:00
dependabot[bot] bdc0dc6190
Bump the all group with 11 updates (#3127) 
Bumps the all group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [anyhow](https://github.com/dtolnay/anyhow) | `1.0.89` | `1.0.90` |
| [hyper](https://github.com/hyperium/hyper) | `1.4.1` | `1.5.0` |
| [libc](https://github.com/rust-lang/libc) | `0.2.159` | `0.2.161` |
| [openssl-sys](https://github.com/sfackler/rust-openssl) | `0.9.103` | `0.9.104` |
| [openssl](https://github.com/sfackler/rust-openssl) | `0.10.66` | `0.10.68` |
| [proc-macro2](https://github.com/dtolnay/proc-macro2) | `1.0.87` | `1.0.88` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.128` | `1.0.132` |
| [syn](https://github.com/dtolnay/syn) | `2.0.79` | `2.0.82` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.10.0` | `1.11.0` |
| [wasm-bindgen-futures](https://github.com/rustwasm/wasm-bindgen) | `0.4.43` | `0.4.45` |
| [wasm-bindgen-test](https://github.com/rustwasm/wasm-bindgen) | `0.3.43` | `0.3.45` |


Updates `anyhow` from 1.0.89 to 1.0.90
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.89...1.0.90)

Updates `hyper` from 1.4.1 to 1.5.0
- [Release notes](https://github.com/hyperium/hyper/releases)
- [Changelog](https://github.com/hyperium/hyper/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/hyper/compare/v1.4.1...v1.5.0)

Updates `libc` from 0.2.159 to 0.2.161
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.161/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.159...0.2.161)

Updates `openssl-sys` from 0.9.103 to 0.9.104
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.103...openssl-sys-v0.9.104)

Updates `openssl` from 0.10.66 to 0.10.68
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.66...openssl-v0.10.68)

Updates `proc-macro2` from 1.0.87 to 1.0.88
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.87...1.0.88)

Updates `serde_json` from 1.0.128 to 1.0.132
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/1.0.128...1.0.132)

Updates `syn` from 2.0.79 to 2.0.82
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.79...2.0.82)

Updates `uuid` from 1.10.0 to 1.11.0
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.10.0...1.11.0)

Updates `wasm-bindgen-futures` from 0.4.43 to 0.4.45
- [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
- [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/wasm-bindgen/commits)

Updates `wasm-bindgen-test` from 0.3.43 to 0.3.45
- [Release notes](https://github.com/rustwasm/wasm-bindgen/releases)
- [Changelog](https://github.com/rustwasm/wasm-bindgen/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustwasm/wasm-bindgen/commits)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: hyper
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: openssl-sys
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: openssl
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: proc-macro2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: wasm-bindgen-futures
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: wasm-bindgen-test
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-20 22:27:26 +00:00
dependabot[bot] ab84b0a081
Bump the all group in /pykanidm with 5 updates (#3128) 
Bumps the all group in /pykanidm with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [mypy](https://github.com/python/mypy) | `1.11.2` | `1.12.1` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.40` | `9.5.42` |
| [mkdocstrings-python](https://github.com/mkdocstrings/python) | `1.12.0` | `1.12.2` |
| [pook](https://github.com/h2non/pook) | `2.1.0` | `2.1.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.6.9` | `0.7.0` |


Updates `mypy` from 1.11.2 to 1.12.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.11.2...v1.12.1)

Updates `mkdocs-material` from 9.5.40 to 9.5.42
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.40...9.5.42)

Updates `mkdocstrings-python` from 1.12.0 to 1.12.2
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.12.0...1.12.2)

Updates `pook` from 2.1.0 to 2.1.1
- [Release notes](https://github.com/h2non/pook/releases)
- [Changelog](https://github.com/h2non/pook/blob/master/History.rst)
- [Commits](https://github.com/h2non/pook/compare/v2.1.0...v2.1.1)

Updates `ruff` from 0.6.9 to 0.7.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.6.9...0.7.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pook
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-21 08:07:33 +10:00