mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2270 commits 17 branches 59 tags 246 MiB
Commit graph

2270 commits

This branch
This branch
All branches
Author SHA1 Message Date
Firstyear 761dda688e
Fix /var/run/kanidm-unixd permission (#3342) 
This folder was set to 750 which prevented non-root users from reading the
localhost unixd socket which is required for nss/pam to operate.
 2025-01-06 15:58:40 +10:00
James Hodgkinson b74883ae0d
Javascript linting (#3329) 
* feat(ci/dev): adding npm/eslint config for javascript linting
* feat(ci/dev): adding js-prettier config for consistency in formatting
* fix(css): linting
* fix(js): linting the js things
 2025-01-04 15:25:46 +10:00
Firstyear 3430a1c31d
Ignore anonymous in oauth2 read allow access (#3336) 
Administrators will sometimes configure oauth2 clients with `idm_all_accounts`
as an allowed scope group. Despite anonymous being *unable* to interact with
oauth2, this still allowed oauth2 clients to be read by anonymous in this
configuration. For some users, this may be considered a public info
disclosure.
 2025-01-04 03:09:48 +00:00
Firstyear 5562625d75
cookies don't clear unless you set domain (#3332) 
* make everything cookie consistent
* Stricter on expiry
* Relearn a painful lesson about needing domains in removal cookies
* fix: DRY cookie creation code and reduce the sins
 2025-01-04 00:33:01 +00:00
Firstyear 226274da23
20250102 freebsd client (#3333) 
Support freebsd as a unix client
 2025-01-04 09:22:44 +10:00
Jinna Kiisuo 5eb9a4430f
fix: PAM on Debian, enable use_first_pass by default (#3326) 
Since we use Debian's PAM autoconf, pam_unix isn't disabled and remains active.
This means pam_unix triggers first and pam_kanidm should use the password it already tried to match to a local user.

This change also moves the postinst hook for PAM config correctly to the libpam-kanidm package,
since that's the one that delivers the config that needs a reinstall!
 2025-01-01 08:40:14 +10:00
dependabot[bot] 227853f8cd
Bump the all group with 6 updates (#3324) 
Bumps the all group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [quote](https://github.com/dtolnay/quote) | `1.0.37` | `1.0.38` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.9` | `0.12.11` |
| [serde](https://github.com/serde-rs/serde) | `1.0.216` | `1.0.217` |
| [serde_with](https://github.com/jonasbb/serde_with) | `3.11.0` | `3.12.0` |
| [syn](https://github.com/dtolnay/syn) | `2.0.91` | `2.0.93` |
| [jsonschema](https://github.com/Stranger6667/jsonschema) | `0.26.2` | `0.28.0` |


Updates `quote` from 1.0.37 to 1.0.38
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](https://github.com/dtolnay/quote/compare/1.0.37...1.0.38)

Updates `reqwest` from 0.12.9 to 0.12.11
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.9...v0.12.11)

Updates `serde` from 1.0.216 to 1.0.217
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.216...v1.0.217)

Updates `serde_with` from 3.11.0 to 3.12.0
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.11.0...v3.12.0)

Updates `syn` from 2.0.91 to 2.0.93
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.91...2.0.93)

Updates `jsonschema` from 0.26.2 to 0.28.0
- [Release notes](https://github.com/Stranger6667/jsonschema/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema/compare/rust-v0.26.2...rust-v0.28.0)

---
updated-dependencies:
- dependency-name: quote
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: reqwest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-29 22:46:26 +00:00
dependabot[bot] c0e733629f
Bump the all group in /pykanidm with 2 updates (#3323) 
Bumps the all group in /pykanidm with 2 updates: [coverage](https://github.com/nedbat/coveragepy) and [mkdocstrings-python](https://github.com/mkdocstrings/python).


Updates `coverage` from 7.6.9 to 7.6.10
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.9...7.6.10)

Updates `mkdocstrings-python` from 1.12.2 to 1.13.0
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.12.2...1.13.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-30 08:18:58 +10:00
dependabot[bot] 009200375f
Bump the all group with 3 updates (#3317) 
Bumps the all group with 3 updates: [anyhow](https://github.com/dtolnay/anyhow), [serde_json](https://github.com/serde-rs/json) and [syn](https://github.com/dtolnay/syn).


Updates `anyhow` from 1.0.94 to 1.0.95
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.94...1.0.95)

Updates `serde_json` from 1.0.133 to 1.0.134
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.133...v1.0.134)

Updates `syn` from 2.0.90 to 2.0.91
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.90...2.0.91)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-23 00:29:06 +00:00
dependabot[bot] 4113c291ed
Bump the all group in /pykanidm with 7 updates (#3316) 
---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: authlib
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pook
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-23 10:02:30 +10:00
Firstyear c4441c1fca
nss/pam resolver should reauth faster (#3309) 
This can have visible impacts on accounts that don't have a pam password
cached yet, but then appear to "stall" for a minute or two until it works
due to the fact that the provider was offline and waiting to reauth.

When we are still connected but our provider auth session has expired
we should reconnect faster. This reduces the timeout for reauthentication
for the provider so that it can return to the online state sooner. We
also loop when we detect the provider session is no longer authenticated
so that we can reauth immediately, rather than causing a noticable
interuption.
 2024-12-21 07:08:39 +00:00
Firstyear bbefb0b1b1
Update to latest webauthn-rs/time (#3315) 
This updates to the latest webauthn-rs release. When
updating, an issue with time was found that changes
the behaviour of it's parser for rfc3339. This also
updates our tests to accomodate that change.

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
 2024-12-21 06:45:06 +00:00
James Hodgkinson b6f63f3605
kanidm-unixd example config enfixening (#3314) 
* kanidm-unixd default config via PPA problem with version 2 on debian bookworm
Fixes #3312

* fix(coverage): moving to using cargo-tarpaulin

* kanidm-unixd default config via PPA problem with version 2 on debian bookworm
Fixes #3312
 2024-12-21 15:17:12 +10:00
Firstyear 9f499f3913
Further SCIM sync testing, minor fixes (#3305) 
This adds further testing of SCIM sync, especially around
conversion of the SCIM Sync Person and Group types into
SCIM Entry. This test would have prevented #3298 and
 #3299 from occuring.

During testing two more fixes were found. external_id should have
been required (not optional) and a group with no members would
cause a serialisation issue.
 2024-12-20 07:16:07 +00:00
Be c6432cad83
book: explain how to use fido-mds-tool (#3231) 
explain how to use fido-mds-tool  to configure Webauthn attestation
 2024-12-20 03:18:52 +00:00
Be 2174b9b251
client: read attestation CA list JSON from file (#3232) 
instead of passing a giant blob of JSON as a command argument.
Before, it was not possible to allow all valid authenticators
certified by the FIDO Alliance because

fido-mds-list query -o "status gte valid"

outputs a JSON string longer than Linux allows for command
arguments.

Co-authored-by: Firstyear <william@blackhats.net.au>
 2024-12-20 03:02:02 +00:00
Firstyear 4f2eb8b5f8
Automatically trigger passkeys on login view (#3307) 
Add an on-load handler to pkhtml.js so that when the partial
view is displayed passkey auth is automatically prompted for.
If the users browser blocks this event, the fallback manual
buttons still exist.
 2024-12-19 05:46:15 +00:00
William Brown c59f560e50 Re-add enrol another device flow 
This was a commonly requested re-addition to the new webui. This
adds the ability for someone to scan a qr code or follow a link
to enrol another device to their account.
 2024-12-19 13:48:59 +10:00
William Brown 11438a9dd5 Improved Cookie Removal 
If a path isn't set then cookies aren't removed. More aggressively
remove cookies when they are no longer required.
 2024-12-19 13:48:59 +10:00
Firstyear 50a7d9d700
Allow opt-in of easter eggs (#3308) 
So that we can start to add some more easter eggs to the server,
we also need to respect user preferences that may not want them.

This adds a configuration setting to the domain allowing a release
build to opt-in to easter eggs, and development builds to opt-out
of them.
 2024-12-19 03:30:35 +00:00
Firstyear 1fbbf323fa
Allow reseting account policy values to defaults (#3306) 
* Allow reseting account policy values to defaults

This allows the admin cli to reset account policy values to
defaults by clearing them. Due to how account policy resolves
a lack of value implies the default.
 2024-12-18 17:43:56 +10:00
Firstyear 44e7348f3b
Incorrect member name in groups (#3302) 
Member was accidentally set to members which prevented
group synchronisation.
 2024-12-17 06:57:26 +00:00
Firstyear 0b2f349aec
SCIM Sync Missing Annotation (#3300) 
A missing serde annotion in SCIM Sync caused groups to fail to
sync unless they had a description. This resolves the failure
by adding the correct annotation to skip None fields in groups.
 2024-12-17 14:18:30 +10:00
Firstyear eba8dff23a
Ignore system users for UPG synthesiseation (#3297) 
Our unix resolver would attempt the right thing to synthesise
user private groups on linux as these are an important security
boundary. However, it turns out that almost every distro has
botched their default system user accounts, and many are
installed with numeric-only UPGs that don't resolve. In the
case that later the user does attempt to fix that, because we
synthesised as UPG for the system account, the user trying to
add the UPG would now fail. In some cases this could cause
system updates to be prevented from installing.

This change limits UPG synth to user accounts only (uid > 1000)
which is the common uid boundary on unix-like platforms.
 2024-12-17 13:08:17 +10:00
Firstyear 7e9c33ab03
Limit OAuth2 resumption to session (#3296) 
OAuth2 session resumption was accidentally made a permanent cookie
which led to continuing issues with it causing invalid redirections
after login. Make this a session only cookie.
 2024-12-17 11:37:16 +10:00
Firstyear 6c3b8500a2
Use specific errors for intent token revoked (#3291) 
Rather than the generic 'invalid state' error, we now return
proper site-specific errors for credential commit failures, with
error messages to explain what went wrong.
 2024-12-16 10:28:00 +10:00
Firstyear 5d75c9b247
Autocomplete password during reauth with TOTP (#3290) 
During a re-auth flow, the password was not autocompleted once
totp was autocompleted. This is because in a normal login flow
the autocomplete is performed on the first login.html page,
but in a re-auth we skip that page.

This adds the proper handling to allow the pw to autofill
in the background once the TOTP is completed.
 2024-12-15 23:43:29 +00:00
dependabot[bot] 6db0cdc345
Bump the all group with 6 updates (#3294) 
Bumps the all group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [chrono](https://github.com/chronotope/chrono) | `0.4.38` | `0.4.39` |
| [libc](https://github.com/rust-lang/libc) | `0.2.167` | `0.2.168` |
| [rustls](https://github.com/rustls/rustls) | `0.23.19` | `0.23.20` |
| [serde](https://github.com/serde-rs/serde) | `1.0.215` | `1.0.216` |
| [tower](https://github.com/tower-rs/tower) | `0.5.1` | `0.5.2` |
| [fantoccini](https://github.com/jonhoo/fantoccini) | `0.21.2` | `0.21.3` |


Updates `chrono` from 0.4.38 to 0.4.39
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.38...v0.4.39)

Updates `libc` from 0.2.167 to 0.2.168
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.168/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.167...0.2.168)

Updates `rustls` from 0.23.19 to 0.23.20
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.19...v/0.23.20)

Updates `serde` from 1.0.215 to 1.0.216
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.215...v1.0.216)

Updates `tower` from 0.5.1 to 0.5.2
- [Release notes](https://github.com/tower-rs/tower/releases)
- [Commits](https://github.com/tower-rs/tower/compare/tower-0.5.1...tower-0.5.2)

Updates `fantoccini` from 0.21.2 to 0.21.3
- [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.2...v0.21.3)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tower
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: fantoccini
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-15 22:17:05 +00:00
dependabot[bot] 6abdb12e35
Bump mozilla-actions/sccache-action from 0.0.6 to 0.0.7 in the all group (#3295) 
Bumps the all group with 1 update: [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action).


Updates `mozilla-actions/sccache-action` from 0.0.6 to 0.0.7
- [Release notes](https://github.com/mozilla-actions/sccache-action/releases)
- [Commits](https://github.com/mozilla-actions/sccache-action/compare/v0.0.6...v0.0.7)

---
updated-dependencies:
- dependency-name: mozilla-actions/sccache-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-16 07:50:01 +10:00
dependabot[bot] d62c17cd0e
Bump the all group in /pykanidm with 2 updates (#3293) 
Bumps the all group in /pykanidm with 2 updates: [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [ruff](https://github.com/astral-sh/ruff).


Updates `pytest-asyncio` from 0.24.0 to 0.25.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.24.0...v0.25.0)

Updates `ruff` from 0.8.2 to 0.8.3
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.2...0.8.3)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-15 20:27:40 +00:00
Firstyear a8d149db16
remove unused webauthn features. (#3286) 
While improving the webauthn feature handling yesterday I accidentally left mozilla enabled on linux which doesn't need it and u2fhid on macos.

In the future the plan is to swap fully to u2fhid, but in the mean time we need mozilla for freebsd support. That's something I'll need to work on later with @micolous.
 2024-12-12 22:19:10 -05:00
Firstyear 5dfba2a0ef
Add CORS headers to jwks and userinfo (#3283) 
When using jwks from a single page application, the keys and
userinfo were unable to be retrieved due to missing cors headers.
 2024-12-13 00:23:54 +00:00
Firstyear 60cc830ebd
Cleanup webauthn features (#3285) 2024-12-12 06:56:12 -05:00
Firstyear 4ee9a3a098
Minor tweaks to cred reset ui (#3284) 2024-12-11 21:53:22 +00:00
dependabot[bot] b2906829e2
Bump the all group across 1 directory with 6 updates (#3280) 
Bumps the all group with 6 updates in the /pykanidm directory:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.10.2` | `2.10.3` |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.11.8` | `3.11.10` |
| [pylint-pydantic](https://github.com/fcfangcc/pylint-pydantic) | `0.3.2` | `0.3.4` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.6.8` | `7.6.9` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.47` | `9.5.48` |
| [ruff](https://github.com/astral-sh/ruff) | `0.8.1` | `0.8.2` |



Updates `pydantic` from 2.10.2 to 2.10.3
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.10.2...v2.10.3)

Updates `aiohttp` from 3.11.8 to 3.11.10
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.11.8...v3.11.10)

Updates `pylint-pydantic` from 0.3.2 to 0.3.4
- [Release notes](https://github.com/fcfangcc/pylint-pydantic/releases)
- [Commits](https://github.com/fcfangcc/pylint-pydantic/compare/v0.3.2...v0.3.4)

Updates `coverage` from 7.6.8 to 7.6.9
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.8...7.6.9)

Updates `mkdocs-material` from 9.5.47 to 9.5.48
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.47...9.5.48)

Updates `ruff` from 0.8.1 to 0.8.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.1...0.8.2)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pylint-pydantic
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-11 14:49:46 +00:00
Firstyear 07b9ca8939
Allow group managers to modify entry-managed-by (#3272) 
When we added entry-managed-by, we allowed it to be set on group creation but not post-group-creation. The idea was to delegate ownership of the group. However, this has the obvious trap that an account group like idm_admins can't alter entry-managed-by post creation, needing the use of the admin account which has access control privs, or a delete and recreate of the entry.

Since the idm admin could delete and recreate the group with a new entry manager, there is functionally no difference to allowing them to modify the entry-managed-by here of low priv groups. This changes the group manager access control by default to allow this.
 2024-12-10 03:49:57 +00:00
George Wu cae780e091
pykanidm: Make a little dry. (#3281) 
* pykanidm: Make a little dry
 2024-12-09 04:50:20 +00:00
dependabot[bot] 5dfbf7ca79
Bump the all group with 5 updates (#3278) 
Bumps the all group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [anyhow](https://github.com/dtolnay/anyhow) | `1.0.93` | `1.0.94` |
| [clap](https://github.com/clap-rs/clap) | `4.5.21` | `4.5.23` |
| [http](https://github.com/hyperium/http) | `1.1.0` | `1.2.0` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.41.1` | `1.42.0` |
| [tokio-util](https://github.com/tokio-rs/tokio) | `0.7.12` | `0.7.13` |


Updates `anyhow` from 1.0.93 to 1.0.94
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.93...1.0.94)

Updates `clap` from 4.5.21 to 4.5.23
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.21...clap_complete-v4.5.23)

Updates `http` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/hyperium/http/releases)
- [Changelog](https://github.com/hyperium/http/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/http/compare/v1.1.0...v1.2.0)

Updates `tokio` from 1.41.1 to 1.42.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.41.1...tokio-1.42.0)

Updates `tokio-util` from 0.7.12 to 0.7.13
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-util-0.7.12...tokio-util-0.7.13)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: http
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tokio-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-09 03:44:41 +00:00
George Wu 97a1c39d62
pykanidm: Add retrieving credential reset token for a person. (#3279) 2024-12-08 21:52:51 -05:00
Firstyear 9b3350f753
Cleanup of println and other outputs (#3266) 2024-12-04 15:13:14 +10:00
James Hodgkinson 516874460b
Canonicalize path for user shell check (#3265) 2024-12-04 11:55:30 +10:00
James Hodgkinson 388ed679a8
Check DNS on replication loop start not at task start (#3243) 2024-12-03 03:58:16 +00:00
Firstyear 64fcb61d5e
Work around systemd race condition (#3262) 
Systemd reload can't handle us reloading so quickly which
causes "reload or restart" to always "restart" kanidm incorrectly.
 2024-12-03 03:09:05 +00:00
James Hodgkinson 42459f56b0
fix(docstrings): minor lack of formatting breaking things (#3260) 2024-12-03 12:52:31 +10:00
James Hodgkinson 4f53bce3d3
Devcontainertainertainer (#3251) 2024-12-02 11:02:56 +00:00
Peter Lehmann ac3cf1f363
grafana: update example to work with strict redirect uri checking (#3259) 2024-12-02 05:40:01 +00:00
dependabot[bot] b4ca356b8d
Bump the all group in /pykanidm with 5 updates (#3257) 
Bumps the all group in /pykanidm with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.10.1` | `2.10.2` |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.11.7` | `3.11.8` |
| [pytest](https://github.com/pytest-dev/pytest) | `8.3.3` | `8.3.4` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.45` | `9.5.47` |
| [ruff](https://github.com/astral-sh/ruff) | `0.8.0` | `0.8.1` |


Updates `pydantic` from 2.10.1 to 2.10.2
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.10.1...v2.10.2)

Updates `aiohttp` from 3.11.7 to 3.11.8
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.11.7...v3.11.8)

Updates `pytest` from 8.3.3 to 8.3.4
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/8.3.3...8.3.4)

Updates `mkdocs-material` from 9.5.45 to 9.5.47
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.45...9.5.47)

Updates `ruff` from 0.8.0 to 0.8.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.0...0.8.1)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-01 22:20:14 +00:00
dependabot[bot] a9c354d578
Bump the all group with 6 updates (#3258) 
Bumps the all group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [bytes](https://github.com/tokio-rs/bytes) | `1.8.0` | `1.9.0` |
| [libc](https://github.com/rust-lang/libc) | `0.2.164` | `0.2.167` |
| [rustls](https://github.com/rustls/rustls) | `0.23.18` | `0.23.19` |
| [syn](https://github.com/dtolnay/syn) | `2.0.89` | `2.0.90` |
| [tracing](https://github.com/tokio-rs/tracing) | `0.1.40` | `0.1.41` |
| [tracing-subscriber](https://github.com/tokio-rs/tracing) | `0.3.18` | `0.3.19` |


Updates `bytes` from 1.8.0 to 1.9.0
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/bytes/compare/v1.8.0...v1.9.0)

Updates `libc` from 0.2.164 to 0.2.167
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.167/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.164...0.2.167)

Updates `rustls` from 0.23.18 to 0.23.19
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.18...v/0.23.19)

Updates `syn` from 2.0.89 to 2.0.90
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.89...2.0.90)

Updates `tracing` from 0.1.40 to 0.1.41
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.40...tracing-0.1.41)

Updates `tracing-subscriber` from 0.3.18 to 0.3.19
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.18...tracing-subscriber-0.3.19)

---
updated-dependencies:
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tracing
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tracing-subscriber
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 07:56:02 +10:00
Firstyear ea0e63cc2a
20240927 SCIM put (#3151) 2024-11-30 06:56:17 +00:00
Firstyear 8bbdf6bd6a
Clear invalid tokens from unix resolver (#3256) 2024-11-30 06:32:10 +00:00