mirror of
https://github.com/kanidm/kanidm.git
synced 2025-05-31 21:33:54 +02:00
Compare commits
7 commits
04085e44b4
...
6426237c0b
Author | SHA1 | Date | |
---|---|---|---|
|
6426237c0b | ||
|
1a39c5f5a2 | ||
|
5a6f4fdb22 | ||
|
e54be6726e | ||
|
730fd63657 | ||
|
968b6e9bf2 | ||
|
6dab433b71 |
Cargo.lockCargo.toml
book/src/integrations
libs
proto/src
pykanidm
server/core
unix_integration/nss_kanidm
299
Cargo.lock
generated
299
Cargo.lock
generated
|
@ -117,6 +117,15 @@ version = "1.0.98"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e16d2d3311acee920a9eb8d33b8cbc1787ce4a264e85f964c2404b969bdcd487"
|
||||
|
||||
[[package]]
|
||||
name = "arbitrary"
|
||||
version = "1.4.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "dde20b3d026af13f561bdd0f15edf01fc734f0dafcedbaf42bba506a9517f223"
|
||||
dependencies = [
|
||||
"derive_arbitrary",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "arc-swap"
|
||||
version = "1.7.1"
|
||||
|
@ -137,60 +146,69 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "askama"
|
||||
version = "0.12.1"
|
||||
version = "0.14.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b79091df18a97caea757e28cd2d5fda49c6cd4bd01ddffd7ff01ace0c0ad2c28"
|
||||
checksum = "f75363874b771be265f4ffe307ca705ef6f3baa19011c149da8674a87f1b75c4"
|
||||
dependencies = [
|
||||
"askama_derive",
|
||||
"askama_escape",
|
||||
"humansize",
|
||||
"num-traits",
|
||||
"itoa",
|
||||
"percent-encoding",
|
||||
"serde",
|
||||
"serde_json",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "askama_axum"
|
||||
version = "0.4.0"
|
||||
name = "askama_derive"
|
||||
version = "0.14.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a41603f7cdbf5ac4af60760f17253eb6adf6ec5b6f14a7ed830cf687d375f163"
|
||||
checksum = "129397200fe83088e8a68407a8e2b1f826cf0086b21ccdb866a722c8bcd3a94f"
|
||||
dependencies = [
|
||||
"askama_parser",
|
||||
"basic-toml",
|
||||
"memchr",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"rustc-hash 2.1.1",
|
||||
"serde",
|
||||
"serde_derive",
|
||||
"syn 2.0.101",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "askama_parser"
|
||||
version = "0.14.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d6ab5630b3d5eaf232620167977f95eb51f3432fc76852328774afbd242d4358"
|
||||
dependencies = [
|
||||
"memchr",
|
||||
"serde",
|
||||
"serde_derive",
|
||||
"winnow 0.7.9",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "askama_web"
|
||||
version = "0.14.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0715e988725139fa7e73a3d5c1c5e2931ad6f7ebe8e378d1e7925d8e6a687fcf"
|
||||
dependencies = [
|
||||
"askama",
|
||||
"askama_web_derive",
|
||||
"axum-core",
|
||||
"http 1.3.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "askama_derive"
|
||||
version = "0.12.5"
|
||||
name = "askama_web_derive"
|
||||
version = "0.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "19fe8d6cb13c4714962c072ea496f3392015f0989b1a2847bb4b2d9effd71d83"
|
||||
checksum = "34921de3d57974069bad483fdfe0ec65d88c4ff892edd1ab4d8b03be0dda1b9b"
|
||||
dependencies = [
|
||||
"askama_parser",
|
||||
"basic-toml",
|
||||
"mime",
|
||||
"mime_guess",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"serde",
|
||||
"syn 2.0.101",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "askama_escape"
|
||||
version = "0.10.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "619743e34b5ba4e9703bba34deac3427c72507c7159f5fd030aea8cac0cfe341"
|
||||
|
||||
[[package]]
|
||||
name = "askama_parser"
|
||||
version = "0.2.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "acb1161c6b64d1c3d83108213c2a2533a342ac225aabd0bda218278c2ddb00c0"
|
||||
dependencies = [
|
||||
"nom 7.1.3",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "asn1-rs"
|
||||
version = "0.6.2"
|
||||
|
@ -317,14 +335,14 @@ checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
|
|||
|
||||
[[package]]
|
||||
name = "axum"
|
||||
version = "0.7.9"
|
||||
version = "0.8.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "edca88bc138befd0323b20752846e6587272d3b03b0343c8ea28a6f819e6e71f"
|
||||
checksum = "de45108900e1f9b9242f7f2e254aa3e2c029c921c258fe9e6b4217eeebd54288"
|
||||
dependencies = [
|
||||
"async-trait",
|
||||
"axum-core",
|
||||
"axum-macros",
|
||||
"axum-macros 0.5.0",
|
||||
"bytes",
|
||||
"form_urlencoded",
|
||||
"futures-util",
|
||||
"http 1.3.1",
|
||||
"http-body 1.0.1",
|
||||
|
@ -353,13 +371,12 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "axum-core"
|
||||
version = "0.4.5"
|
||||
version = "0.5.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "09f2bd6146b97ae3359fa0cc6d6b376d9539582c7b4220f041a33ec24c226199"
|
||||
checksum = "68464cd0412f486726fb3373129ef5d2993f90c34bc2bc1c1e9943b2f4fc7ca6"
|
||||
dependencies = [
|
||||
"async-trait",
|
||||
"bytes",
|
||||
"futures-util",
|
||||
"futures-core",
|
||||
"http 1.3.1",
|
||||
"http-body 1.0.1",
|
||||
"http-body-util",
|
||||
|
@ -374,22 +391,21 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "axum-extra"
|
||||
version = "0.9.6"
|
||||
version = "0.10.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c794b30c904f0a1c2fb7740f7df7f7972dfaa14ef6f57cb6178dc63e5dca2f04"
|
||||
checksum = "45bf463831f5131b7d3c756525b305d40f1185b688565648a92e1392ca35713d"
|
||||
dependencies = [
|
||||
"axum",
|
||||
"axum-core",
|
||||
"bytes",
|
||||
"cookie 0.18.1",
|
||||
"fastrand",
|
||||
"futures-util",
|
||||
"http 1.3.1",
|
||||
"http-body 1.0.1",
|
||||
"http-body-util",
|
||||
"mime",
|
||||
"multer",
|
||||
"pin-project-lite",
|
||||
"rustversion",
|
||||
"serde",
|
||||
"tower 0.5.2",
|
||||
"tower-layer",
|
||||
|
@ -398,18 +414,17 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "axum-htmx"
|
||||
version = "0.5.0"
|
||||
version = "0.7.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "40f7051fdc094b6e5ea06cab9bca4b198c54dee4472a9419155f0ff19f19901e"
|
||||
checksum = "d16a4be621f96b959fc829e4cbf02fd79ffb8427525002af31a9e2979599fbb7"
|
||||
dependencies = [
|
||||
"async-trait",
|
||||
"axum-core",
|
||||
"futures-core",
|
||||
"http 1.3.1",
|
||||
"pin-project-lite",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"tower 0.4.13",
|
||||
"tower 0.5.2",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -423,6 +438,17 @@ dependencies = [
|
|||
"syn 2.0.101",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "axum-macros"
|
||||
version = "0.5.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "604fde5e028fea851ce1d8570bbdc034bec850d157f7569d10f347d06808c05c"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn 2.0.101",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "backtrace"
|
||||
version = "0.3.74"
|
||||
|
@ -652,9 +678,9 @@ checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
|
|||
|
||||
[[package]]
|
||||
name = "cc"
|
||||
version = "1.2.21"
|
||||
version = "1.2.22"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8691782945451c1c383942c4874dbe63814f61cb57ef773cda2972682b7bb3c0"
|
||||
checksum = "32db95edf998450acc7881c932f94cd9b05c87b4b2599e8bab064753da4acfd1"
|
||||
dependencies = [
|
||||
"shlex",
|
||||
]
|
||||
|
@ -708,9 +734,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "clap"
|
||||
version = "4.5.37"
|
||||
version = "4.5.38"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "eccb054f56cbd38340b380d4a8e69ef1f02f1af43db2f0cc817a4774d80ae071"
|
||||
checksum = "ed93b9805f8ba930df42c2590f05453d5ec36cbb85d018868a5b24d31f6ac000"
|
||||
dependencies = [
|
||||
"clap_builder",
|
||||
"clap_derive",
|
||||
|
@ -718,9 +744,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "clap_builder"
|
||||
version = "4.5.37"
|
||||
version = "4.5.38"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "efd9466fac8543255d3b1fcad4762c5e116ffe808c8a3043d4263cd4fd4862a2"
|
||||
checksum = "379026ff283facf611b0ea629334361c4211d1b12ee01024eec1591133b04120"
|
||||
dependencies = [
|
||||
"anstream",
|
||||
"anstyle",
|
||||
|
@ -730,9 +756,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "clap_complete"
|
||||
version = "4.5.48"
|
||||
version = "4.5.50"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "be8c97f3a6f02b9e24cadc12aaba75201d18754b53ea0a9d99642f806ccdb4c9"
|
||||
checksum = "c91d3baa3bcd889d60e6ef28874126a0b384fd225ab83aa6d8a801c519194ce1"
|
||||
dependencies = [
|
||||
"clap",
|
||||
]
|
||||
|
@ -1123,6 +1149,17 @@ dependencies = [
|
|||
"serde",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "derive_arbitrary"
|
||||
version = "1.4.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "30542c1ad912e0e3d22a1935c290e12e8a29d704a420177a31faad4a601a0800"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn 2.0.101",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "derive_builder"
|
||||
version = "0.20.2"
|
||||
|
@ -2510,15 +2547,6 @@ version = "1.0.3"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
|
||||
|
||||
[[package]]
|
||||
name = "humansize"
|
||||
version = "2.1.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6cb51c9a029ddc91b07a787f1d86b53ccfa49b0e86688c946ebe8d3555685dd7"
|
||||
dependencies = [
|
||||
"libm",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hyper"
|
||||
version = "0.14.32"
|
||||
|
@ -3267,11 +3295,11 @@ name = "kanidmd_core"
|
|||
version = "1.7.0-dev"
|
||||
dependencies = [
|
||||
"askama",
|
||||
"askama_axum",
|
||||
"askama_web",
|
||||
"axum",
|
||||
"axum-extra",
|
||||
"axum-htmx",
|
||||
"axum-macros",
|
||||
"axum-macros 0.4.2",
|
||||
"bytes",
|
||||
"chrono",
|
||||
"compact_jwt",
|
||||
|
@ -3522,12 +3550,6 @@ dependencies = [
|
|||
"windows-targets 0.52.6",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "libm"
|
||||
version = "0.2.13"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c9627da5196e5d8ed0b0495e61e518847578da83483c37288316d9b2e03a7f72"
|
||||
|
||||
[[package]]
|
||||
name = "libmimalloc-sys"
|
||||
version = "0.1.42"
|
||||
|
@ -3677,9 +3699,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "matchit"
|
||||
version = "0.7.3"
|
||||
version = "0.8.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94"
|
||||
checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3"
|
||||
|
||||
[[package]]
|
||||
name = "mathru"
|
||||
|
@ -4205,37 +4227,37 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "opentelemetry"
|
||||
version = "0.27.1"
|
||||
version = "0.29.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ab70038c28ed37b97d8ed414b6429d343a8bbf44c9f79ec854f3a643029ba6d7"
|
||||
checksum = "9e87237e2775f74896f9ad219d26a2081751187eb7c9f5c58dde20a23b95d16c"
|
||||
dependencies = [
|
||||
"futures-core",
|
||||
"futures-sink",
|
||||
"js-sys",
|
||||
"pin-project-lite",
|
||||
"thiserror 1.0.69",
|
||||
"thiserror 2.0.12",
|
||||
"tracing",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "opentelemetry-http"
|
||||
version = "0.27.0"
|
||||
version = "0.29.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "10a8a7f5f6ba7c1b286c2fbca0454eaba116f63bbe69ed250b642d36fbb04d80"
|
||||
checksum = "46d7ab32b827b5b495bd90fa95a6cb65ccc293555dcc3199ae2937d2d237c8ed"
|
||||
dependencies = [
|
||||
"async-trait",
|
||||
"bytes",
|
||||
"http 1.3.1",
|
||||
"opentelemetry",
|
||||
"tracing",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "opentelemetry-otlp"
|
||||
version = "0.27.0"
|
||||
version = "0.29.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "91cf61a1868dacc576bf2b2a1c3e9ab150af7272909e80085c3173384fe11f76"
|
||||
checksum = "d899720fe06916ccba71c01d04ecd77312734e2de3467fd30d9d580c8ce85656"
|
||||
dependencies = [
|
||||
"async-trait",
|
||||
"futures-core",
|
||||
"http 1.3.1",
|
||||
"opentelemetry",
|
||||
|
@ -4244,16 +4266,16 @@ dependencies = [
|
|||
"opentelemetry_sdk",
|
||||
"prost",
|
||||
"serde",
|
||||
"thiserror 1.0.69",
|
||||
"thiserror 2.0.12",
|
||||
"tokio",
|
||||
"tonic",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "opentelemetry-proto"
|
||||
version = "0.27.0"
|
||||
version = "0.29.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a6e05acbfada5ec79023c85368af14abd0b307c015e9064d249b2a950ef459a6"
|
||||
checksum = "8c40da242381435e18570d5b9d50aca2a4f4f4d8e146231adb4e7768023309b3"
|
||||
dependencies = [
|
||||
"opentelemetry",
|
||||
"opentelemetry_sdk",
|
||||
|
@ -4263,26 +4285,25 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "opentelemetry-semantic-conventions"
|
||||
version = "0.27.0"
|
||||
version = "0.29.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "bc1b6902ff63b32ef6c489e8048c5e253e2e4a803ea3ea7e783914536eb15c52"
|
||||
checksum = "84b29a9f89f1a954936d5aa92f19b2feec3c8f3971d3e96206640db7f9706ae3"
|
||||
|
||||
[[package]]
|
||||
name = "opentelemetry_sdk"
|
||||
version = "0.27.1"
|
||||
version = "0.29.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "231e9d6ceef9b0b2546ddf52335785ce41252bc7474ee8ba05bfad277be13ab8"
|
||||
checksum = "afdefb21d1d47394abc1ba6c57363ab141be19e27cc70d0e422b7f303e4d290b"
|
||||
dependencies = [
|
||||
"async-trait",
|
||||
"futures-channel",
|
||||
"futures-executor",
|
||||
"futures-util",
|
||||
"glob",
|
||||
"opentelemetry",
|
||||
"percent-encoding",
|
||||
"rand 0.8.5",
|
||||
"rand 0.9.1",
|
||||
"serde_json",
|
||||
"thiserror 1.0.69",
|
||||
"thiserror 2.0.12",
|
||||
"tokio",
|
||||
"tokio-stream",
|
||||
"tracing",
|
||||
|
@ -4575,30 +4596,6 @@ dependencies = [
|
|||
"toml_edit",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro-error"
|
||||
version = "1.0.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
|
||||
dependencies = [
|
||||
"proc-macro-error-attr",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn 1.0.109",
|
||||
"version_check",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro-error-attr"
|
||||
version = "1.0.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"version_check",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro2"
|
||||
version = "1.0.95"
|
||||
|
@ -5133,9 +5130,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "rustls"
|
||||
version = "0.23.26"
|
||||
version = "0.23.27"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "df51b5869f3a441595eac5e8ff14d486ff285f7b8c0df8770e49c3b56351f0f0"
|
||||
checksum = "730944ca083c1c233a75c09f199e973ca499344a2b7ba9e755c457e86fb4a321"
|
||||
dependencies = [
|
||||
"once_cell",
|
||||
"ring",
|
||||
|
@ -5177,9 +5174,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "rustls-webpki"
|
||||
version = "0.103.1"
|
||||
version = "0.103.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "fef8b8769aaccf73098557a87cd1816b4f9c7c16811c9c77142aa695c16f2c03"
|
||||
checksum = "e4a72fe2bcf7a6ac6fd7d0b9e5cb68aeb7d4c0a0271730218b3e92d43b4eb435"
|
||||
dependencies = [
|
||||
"ring",
|
||||
"rustls-pki-types",
|
||||
|
@ -5521,6 +5518,12 @@ dependencies = [
|
|||
"libc",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "simd-adler32"
|
||||
version = "0.3.7"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d66dc143e6b11c1eddc06d5c423cfc97062865baf299914ab64caa38182078fe"
|
||||
|
||||
[[package]]
|
||||
name = "sketching"
|
||||
version = "1.7.0-dev"
|
||||
|
@ -5745,9 +5748,9 @@ checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1"
|
|||
|
||||
[[package]]
|
||||
name = "tempfile"
|
||||
version = "3.19.1"
|
||||
version = "3.20.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7437ac7763b9b123ccf33c338a5cc1bac6f69b45a136c19bdd8a65e3916435bf"
|
||||
checksum = "e8a64e3985349f2441a1a9ef0b853f869006c3855f2cda6862a94d26ebb9d6a1"
|
||||
dependencies = [
|
||||
"fastrand",
|
||||
"getrandom 0.3.2",
|
||||
|
@ -5911,9 +5914,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "tokio"
|
||||
version = "1.44.2"
|
||||
version = "1.45.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e6b88822cbe49de4185e3a4cbf8321dd487cf5fe0c5c65695fef6346371e9c48"
|
||||
checksum = "2513ca694ef9ede0fb23fe71a4ee4107cb102b9dc1930f6d0fd77aae068ae165"
|
||||
dependencies = [
|
||||
"backtrace",
|
||||
"bytes",
|
||||
|
@ -6041,12 +6044,9 @@ version = "0.12.3"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "877c5b330756d856ffcc4553ab34a5684481ade925ecc54bcd1bf02b1d0d4d52"
|
||||
dependencies = [
|
||||
"async-stream",
|
||||
"async-trait",
|
||||
"axum",
|
||||
"base64 0.22.1",
|
||||
"bytes",
|
||||
"h2 0.4.9",
|
||||
"http 1.3.1",
|
||||
"http-body 1.0.1",
|
||||
"http-body-util",
|
||||
|
@ -6056,7 +6056,6 @@ dependencies = [
|
|||
"percent-encoding",
|
||||
"pin-project",
|
||||
"prost",
|
||||
"socket2",
|
||||
"tokio",
|
||||
"tokio-stream",
|
||||
"tower 0.4.13",
|
||||
|
@ -6104,9 +6103,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "tower-http"
|
||||
version = "0.6.2"
|
||||
version = "0.6.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "403fa3b783d4b626a8ad51d766ab03cb6d2dbfc46b1c5d4448395e6628dc9697"
|
||||
checksum = "0fdb0c213ca27a9f57ab69ddb290fd80d970922355b83ae380b395d3986b8a2e"
|
||||
dependencies = [
|
||||
"async-compression",
|
||||
"bitflags 2.9.0",
|
||||
|
@ -6202,9 +6201,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "tracing-opentelemetry"
|
||||
version = "0.28.0"
|
||||
version = "0.30.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "97a971f6058498b5c0f1affa23e7ea202057a7301dbff68e968b2d578bcbd053"
|
||||
checksum = "fd8e764bd6f5813fd8bebc3117875190c5b0415be8f7f8059bffb6ecd979c444"
|
||||
dependencies = [
|
||||
"js-sys",
|
||||
"once_cell",
|
||||
|
@ -6367,9 +6366,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
|
|||
|
||||
[[package]]
|
||||
name = "utoipa"
|
||||
version = "4.2.3"
|
||||
version = "5.3.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c5afb1a60e207dca502682537fefcfd9921e71d0b83e9576060f09abc6efab23"
|
||||
checksum = "435c6f69ef38c9017b4b4eea965dfb91e71e53d869e896db40d1cf2441dd75c0"
|
||||
dependencies = [
|
||||
"indexmap 2.9.0",
|
||||
"serde",
|
||||
|
@ -6379,11 +6378,10 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "utoipa-gen"
|
||||
version = "4.3.1"
|
||||
version = "5.3.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "20c24e8ab68ff9ee746aad22d39b5535601e6416d1b0feeabf78be986a5c4392"
|
||||
checksum = "a77d306bc75294fd52f3e99b13ece67c02c1a2789190a6f31d32f736624326f7"
|
||||
dependencies = [
|
||||
"proc-macro-error",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"regex",
|
||||
|
@ -6394,16 +6392,18 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "utoipa-swagger-ui"
|
||||
version = "6.0.0"
|
||||
version = "9.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0b39868d43c011961e04b41623e050aedf2cc93652562ff7935ce0f819aaf2da"
|
||||
checksum = "d29519b3c485df6b13f4478ac909a491387e9ef70204487c3b64b53749aec0be"
|
||||
dependencies = [
|
||||
"axum",
|
||||
"base64 0.22.1",
|
||||
"mime_guess",
|
||||
"regex",
|
||||
"rust-embed",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"url",
|
||||
"utoipa",
|
||||
"zip",
|
||||
]
|
||||
|
@ -7329,14 +7329,29 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "zip"
|
||||
version = "0.6.6"
|
||||
version = "2.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "760394e246e4c28189f19d488c058bf16f564016aefac5d32bb1f3b51d5e9261"
|
||||
checksum = "1dcb24d0152526ae49b9b96c1dcf71850ca1e0b882e4e28ed898a93c41334744"
|
||||
dependencies = [
|
||||
"byteorder",
|
||||
"arbitrary",
|
||||
"crc32fast",
|
||||
"crossbeam-utils",
|
||||
"flate2",
|
||||
"indexmap 2.9.0",
|
||||
"memchr",
|
||||
"zopfli",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "zopfli"
|
||||
version = "0.8.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "edfc5ee405f504cd4984ecc6f14d02d55cfda60fa4b689434ef4102aae150cd7"
|
||||
dependencies = [
|
||||
"bumpalo",
|
||||
"crc32fast",
|
||||
"log",
|
||||
"simd-adler32",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
36
Cargo.toml
36
Cargo.toml
|
@ -145,10 +145,10 @@ sketching = { path = "./libs/sketching", version = "=1.7.0-dev" }
|
|||
|
||||
anyhow = { version = "1.0.98" }
|
||||
argon2 = { version = "0.5.3", features = ["alloc"] }
|
||||
askama = { version = "0.12.1", features = ["serde", "with-axum"] }
|
||||
askama_axum = { version = "0.4.0" }
|
||||
askama = { version = "0.14.0", features = ["serde_json"] }
|
||||
askama_web = { version = "0.14.0", features = ["axum-0.8"] }
|
||||
async-trait = "^0.1.85"
|
||||
axum = { version = "0.7.9", features = [
|
||||
axum = { version = "^0.8.0", features = [
|
||||
"form",
|
||||
"json",
|
||||
"macros",
|
||||
|
@ -158,16 +158,16 @@ axum = { version = "0.7.9", features = [
|
|||
"tokio",
|
||||
"tracing",
|
||||
] }
|
||||
axum-extra = { version = "0.9.6", features = ["cookie"] }
|
||||
axum-extra = { version = "0.10.1", features = ["cookie"] }
|
||||
axum-macros = "0.4.2"
|
||||
axum-htmx = { version = "0.5.0", features = ["serde", "guards"] }
|
||||
axum-htmx = { version = "0.7.0", features = ["serde", "guards"] }
|
||||
base32 = "^0.5.1"
|
||||
base64 = "^0.22.1"
|
||||
base64urlsafedata = "0.5.1"
|
||||
bitflags = "^2.8.0"
|
||||
bytes = "^1.9.0"
|
||||
clap = { version = "4.5.37", features = ["derive", "env"] }
|
||||
clap_complete = "^4.5.42"
|
||||
clap = { version = "4.5.38", features = ["derive", "env"] }
|
||||
clap_complete = "^4.5.50"
|
||||
# Forced by saffron/cron
|
||||
chrono = "^0.4.39"
|
||||
compact_jwt = { version = "^0.4.2", default-features = false }
|
||||
|
@ -222,18 +222,18 @@ oauth2_ext = { version = "^4.4.2", package = "oauth2", default-features = false
|
|||
openssl-sys = "^0.9"
|
||||
openssl = "^0.10.72"
|
||||
|
||||
opentelemetry = { version = "0.27.0" }
|
||||
opentelemetry_api = { version = "0.27.0", features = ["logs", "metrics"] }
|
||||
opentelemetry-otlp = { version = "0.27.0", default-features = false, features = [
|
||||
opentelemetry = { version = "0.29.0" }
|
||||
opentelemetry_api = { version = "0.29.0", features = ["logs", "metrics"] }
|
||||
opentelemetry-otlp = { version = "0.29.0", default-features = false, features = [
|
||||
"serde",
|
||||
"logs",
|
||||
"metrics",
|
||||
"http-proto",
|
||||
"grpc-tonic",
|
||||
] }
|
||||
opentelemetry_sdk = { version = "0.27.0", features = ["rt-tokio"] }
|
||||
opentelemetry-semantic-conventions = "0.27.0"
|
||||
tracing-opentelemetry = "0.28.0"
|
||||
opentelemetry_sdk = { version = "0.29.0", features = ["rt-tokio"] }
|
||||
opentelemetry-semantic-conventions = "0.29.0"
|
||||
tracing-opentelemetry = "0.30.0"
|
||||
tracing-core = "0.1.33"
|
||||
|
||||
peg = "0.8"
|
||||
|
@ -254,7 +254,7 @@ reqwest = { version = "0.12.12", default-features = false, features = [
|
|||
"rustls-tls-native-roots-no-provider",
|
||||
] }
|
||||
rusqlite = { version = "0.35.0", features = ["array", "bundled"] }
|
||||
rustls = { version = "0.23.26", default-features = false, features = [
|
||||
rustls = { version = "0.23.27", default-features = false, features = [
|
||||
"aws_lc_rs",
|
||||
] }
|
||||
|
||||
|
@ -274,11 +274,11 @@ sshkey-attest = "^0.5.0"
|
|||
sshkeys = "0.3.3"
|
||||
svg = "0.18.0"
|
||||
syn = { version = "2.0.100", features = ["full"] }
|
||||
tempfile = "3.15.0"
|
||||
tempfile = "3.20.0"
|
||||
testkit-macros = { path = "./server/testkit-macros" }
|
||||
time = { version = "^0.3.36", features = ["formatting", "local-offset"] }
|
||||
|
||||
tokio = "^1.44.2"
|
||||
tokio = "^1.45.0"
|
||||
tokio-openssl = "^0.6.5"
|
||||
tokio-util = "^0.7.13"
|
||||
|
||||
|
@ -292,8 +292,8 @@ tracing-forest = "^0.1.6"
|
|||
|
||||
url = "^2.5.2"
|
||||
urlencoding = "2.1.3"
|
||||
utoipa = { version = "4.2.0", features = ["url", "uuid"] }
|
||||
utoipa-swagger-ui = "6.0.0"
|
||||
utoipa = { version = "5.3.1", features = ["url", "uuid"] }
|
||||
utoipa-swagger-ui = "9.0.1"
|
||||
uuid = "^1.12.1"
|
||||
|
||||
webauthn-authenticator-rs = { version = "0.5.1", features = [
|
||||
|
|
|
@ -44,7 +44,7 @@ introspection.
|
|||
## Kanidm's OAuth2 URLs
|
||||
|
||||
Kanidm will expose its OAuth2 APIs at the following URLs, substituting
|
||||
`:client_id:` with an OAuth2 client ID.
|
||||
`{client_id}:` with an OAuth2 client ID.
|
||||
<!-- markdownlint-disable MD033 -->
|
||||
|
||||
<dl>
|
||||
|
@ -57,7 +57,7 @@ URL **(recommended)**
|
|||
</dt>
|
||||
<dd>
|
||||
|
||||
`https://idm.example.com/oauth2/openid/:client_id:/.well-known/openid-configuration`
|
||||
`https://idm.example.com/oauth2/openid/{client_id}:/.well-known/openid-configuration`
|
||||
|
||||
This document includes all the URLs and attributes an app needs to be able to
|
||||
authenticate using OIDC with Kanidm, _except_ for the `client_id` and
|
||||
|
@ -79,7 +79,7 @@ URL **(recommended)**
|
|||
|
||||
<dd>
|
||||
|
||||
`https://idm.example.com/oauth2/openid/:client_id:/.well-known/oauth-authorization-server`
|
||||
`https://idm.example.com/oauth2/openid/{client_id}:/.well-known/oauth-authorization-server`
|
||||
|
||||
</dd>
|
||||
|
||||
|
@ -91,7 +91,7 @@ URL **(recommended)**
|
|||
|
||||
<dd>
|
||||
|
||||
`https://idm.example.com/oauth2/openid/:client_id:/.well-known/webfinger`
|
||||
`https://idm.example.com/oauth2/openid/{client_id}:/.well-known/webfinger`
|
||||
|
||||
See [the WebFinger section](#webfinger) for more details, as there a number of
|
||||
caveats for WebFinger clients.
|
||||
|
@ -168,7 +168,7 @@ OpenID Connect Issuer URL
|
|||
|
||||
<dd>
|
||||
|
||||
`https://idm.example.com/oauth2/openid/:client_id:`
|
||||
`https://idm.example.com/oauth2/openid/{client_id}:`
|
||||
|
||||
</dd>
|
||||
|
||||
|
@ -180,7 +180,7 @@ OpenID Connect user info
|
|||
|
||||
<dd>
|
||||
|
||||
`https://idm.example.com/oauth2/openid/:client_id:/userinfo`
|
||||
`https://idm.example.com/oauth2/openid/{client_id}:/userinfo`
|
||||
|
||||
</dd>
|
||||
|
||||
|
@ -192,7 +192,7 @@ Token signing public key
|
|||
|
||||
<dd>
|
||||
|
||||
`https://idm.example.com/oauth2/openid/:client_id:/public_key.jwk`
|
||||
`https://idm.example.com/oauth2/openid/{client_id}:/public_key.jwk`
|
||||
|
||||
</dd>
|
||||
|
||||
|
@ -497,14 +497,14 @@ difficult to use with Kanidm:
|
|||
|
||||
You will need a load balancer in front of Kanidm's HTTPS server to send a HTTP
|
||||
307 redirect to the appropriate
|
||||
`/oauth2/openid/:client_id:/.well-known/webfinger` URL, *while preserving all
|
||||
`/oauth2/openid/{client_id}:/.well-known/webfinger` URL, *while preserving all
|
||||
query parameters*. For example, with Caddy:
|
||||
|
||||
```caddy
|
||||
# Match on a prefix, and use {uri} to preserve all query parameters.
|
||||
# This only supports *one* client.
|
||||
example.com {
|
||||
redir /.well-known/webfinger https://idm.example.com/oauth2/openid/:client_id:{uri} 307
|
||||
redir /.well-known/webfinger https://idm.example.com/oauth2/openid/{client_id}:{uri} 307
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
@ -981,7 +981,7 @@ server.config.yaml:
|
|||
GUI:
|
||||
authenticator:
|
||||
type: OIDC
|
||||
oidc_issuer: https://idm.example.com/oauth2/openid/:client_id:/
|
||||
oidc_issuer: https://idm.example.com/oauth2/openid/{client_id}:/
|
||||
oauth_client_id: <client name/>
|
||||
oauth_client_secret: <client secret>
|
||||
```
|
||||
|
|
|
@ -29,6 +29,7 @@ pub mod prelude {
|
|||
pub use crate::{ScimAttr, ScimComplexAttr, ScimEntry, ScimEntryHeader, ScimMeta, ScimValue};
|
||||
}
|
||||
|
||||
|
||||
#[derive(Deserialize, Serialize, Debug, Clone, ToSchema)]
|
||||
#[serde(untagged)]
|
||||
pub enum ScimAttr {
|
||||
|
@ -41,7 +42,7 @@ pub enum ScimAttr {
|
|||
// this point.
|
||||
#[serde(with = "time::serde::rfc3339")]
|
||||
DateTime(OffsetDateTime),
|
||||
|
||||
#[schema(value_type = Object)]
|
||||
Binary(Base64UrlSafeData),
|
||||
Reference(Url),
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ use opentelemetry_otlp::{Protocol, WithExportConfig};
|
|||
use opentelemetry::{global, trace::TracerProvider as _, KeyValue};
|
||||
|
||||
use opentelemetry_sdk::{
|
||||
trace::{Sampler, TracerProvider},
|
||||
trace::{Sampler, TracerProviderBuilder},
|
||||
Resource,
|
||||
};
|
||||
use tracing::Subscriber;
|
||||
|
@ -86,19 +86,27 @@ pub fn start_logging_pipeline(
|
|||
// let hostname = hostname.to_string_lossy();
|
||||
// let hostname = hostname.to_lowercase();
|
||||
|
||||
let resource = Resource::from_schema_url(
|
||||
[
|
||||
let resource = Resource::builder()
|
||||
.with_schema_url(vec![
|
||||
// TODO: it'd be really nice to be able to set the instance ID here, from the server UUID so we know *which* instance on this host is logging
|
||||
KeyValue::new(SERVICE_NAME, service_name),
|
||||
KeyValue::new(SERVICE_VERSION, version),
|
||||
// TODO: currently marked as an experimental flag, leaving it out for now
|
||||
// KeyValue::new(DEPLOYMENT_ENVIRONMENT_NAME, hostname),
|
||||
],
|
||||
SCHEMA_URL,
|
||||
);
|
||||
], SCHEMA_URL)
|
||||
.build();
|
||||
// .with_attributes(vec![
|
||||
// // TODO: it'd be really nice to be able to set the instance ID here, from the server UUID so we know *which* instance on this host is logging
|
||||
// KeyValue::new(SERVICE_NAME, service_name),
|
||||
// KeyValue::new(SERVICE_VERSION, version),
|
||||
// // TODO: currently marked as an experimental flag, leaving it out for now
|
||||
// // KeyValue::new(DEPLOYMENT_ENVIRONMENT_NAME, hostname),
|
||||
// ],
|
||||
// SCHEMA_URL,
|
||||
// );
|
||||
|
||||
let provider = TracerProvider::builder()
|
||||
.with_batch_exporter(otlp_exporter, opentelemetry_sdk::runtime::Tokio)
|
||||
let provider = TracerProviderBuilder::default()
|
||||
.with_batch_exporter(otlp_exporter)
|
||||
// we want *everything!*
|
||||
.with_sampler(Sampler::AlwaysOn)
|
||||
.with_max_events_per_span(MAX_EVENTS_PER_SPAN)
|
||||
|
@ -137,7 +145,8 @@ pub struct TracingPipelineGuard {}
|
|||
|
||||
impl Drop for TracingPipelineGuard {
|
||||
fn drop(&mut self) {
|
||||
opentelemetry::global::shutdown_tracer_provider();
|
||||
// TODO: https://github.com/open-telemetry/opentelemetry-rust/blob/main/opentelemetry-sdk/CHANGELOG.md how to remove tihs?
|
||||
// opentelemetry::global::shutdown_tracer_provider();
|
||||
eprintln!("Logging pipeline completed shutdown");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -133,7 +133,9 @@ pub enum CURegState {
|
|||
TotpNameTryAgain(String),
|
||||
TotpInvalidSha1,
|
||||
BackupCodes(Vec<String>),
|
||||
#[schema(value_type = Object)]
|
||||
Passkey(CreationChallengeResponse),
|
||||
#[schema(value_type = Object)]
|
||||
AttestedPasskey(CreationChallengeResponse),
|
||||
}
|
||||
|
||||
|
@ -185,7 +187,7 @@ pub struct CUStatus {
|
|||
|
||||
pub unixcred: Option<CredentialDetail>,
|
||||
pub unixcred_state: CUCredState,
|
||||
|
||||
#[schema(value_type = Object)]
|
||||
pub sshkeys: BTreeMap<String, SshPublicKey>,
|
||||
pub sshkeys_state: CUCredState,
|
||||
}
|
||||
|
|
|
@ -83,6 +83,7 @@ pub struct ScimMail {
|
|||
#[serde(rename_all = "camelCase")]
|
||||
pub struct ScimSshPublicKey {
|
||||
pub label: String,
|
||||
#[schema(value_type = Object)]
|
||||
pub value: SshPublicKey,
|
||||
}
|
||||
|
||||
|
|
|
@ -60,9 +60,11 @@ pub enum AuthCredential {
|
|||
Anonymous,
|
||||
Password(String),
|
||||
Totp(u32),
|
||||
#[schema(value_type = Object)]
|
||||
SecurityKey(Box<PublicKeyCredential>),
|
||||
BackupCode(String),
|
||||
// Should this just be discoverable?
|
||||
#[schema(value_type = Object)]
|
||||
Passkey(Box<PublicKeyCredential>),
|
||||
}
|
||||
|
||||
|
@ -151,7 +153,9 @@ pub enum AuthAllowed {
|
|||
BackupCode,
|
||||
Password,
|
||||
Totp,
|
||||
#[schema(value_type = Object)]
|
||||
SecurityKey(RequestChallengeResponse),
|
||||
#[schema(value_type = Object)]
|
||||
Passkey(RequestChallengeResponse),
|
||||
}
|
||||
|
||||
|
|
|
@ -12,6 +12,7 @@ use crate::constants::{ATTR_GROUP, ATTR_LDAP_SSHPUBLICKEY};
|
|||
#[allow(dead_code)]
|
||||
#[derive(ToSchema)]
|
||||
#[schema(as = KeyTypeKind)]
|
||||
#[schema(value_type = Object)]
|
||||
pub struct KeyTypeKindSchema(KeyTypeKind);
|
||||
|
||||
#[derive(ToSchema)]
|
||||
|
@ -21,6 +22,7 @@ pub struct KeyTypeSchema {
|
|||
pub short_name: &'static str,
|
||||
pub is_cert: bool,
|
||||
pub is_sk: bool,
|
||||
#[schema(value_type = Object)]
|
||||
pub kind: KeyTypeKind,
|
||||
pub plain: &'static str,
|
||||
}
|
||||
|
@ -28,12 +30,15 @@ pub struct KeyTypeSchema {
|
|||
#[allow(dead_code)]
|
||||
#[derive(ToSchema)]
|
||||
#[schema(as = PublicKeyKind)]
|
||||
#[schema(value_type = Object)]
|
||||
pub struct PublicKeyKindSchema(PublicKeyKind);
|
||||
|
||||
#[derive(ToSchema)]
|
||||
#[schema(as = SshPublicKey)]
|
||||
pub struct SshPublicKeySchema {
|
||||
#[schema(value_type = Object)]
|
||||
pub key_type: KeyType,
|
||||
#[schema(value_type = Object)]
|
||||
pub kind: PublicKeyKind,
|
||||
pub comment: Option<String>,
|
||||
}
|
||||
|
@ -74,6 +79,7 @@ pub struct UnixUserToken {
|
|||
pub uuid: Uuid,
|
||||
pub shell: Option<String>,
|
||||
pub groups: Vec<UnixGroupToken>,
|
||||
#[schema(value_type = Object)]
|
||||
pub sshkeys: Vec<SshPublicKey>,
|
||||
// The default value of bool is false.
|
||||
#[serde(default)]
|
||||
|
|
46
pykanidm/poetry.lock
generated
46
pykanidm/poetry.lock
generated
|
@ -1051,14 +1051,14 @@ pyyaml = ">=5.1"
|
|||
|
||||
[[package]]
|
||||
name = "mkdocs-material"
|
||||
version = "9.6.12"
|
||||
version = "9.6.13"
|
||||
description = "Documentation that simply works"
|
||||
optional = false
|
||||
python-versions = ">=3.8"
|
||||
groups = ["dev"]
|
||||
files = [
|
||||
{file = "mkdocs_material-9.6.12-py3-none-any.whl", hash = "sha256:92b4fbdc329e4febc267ca6e2c51e8501fa97b2225c5f4deb4d4e43550f8e61e"},
|
||||
{file = "mkdocs_material-9.6.12.tar.gz", hash = "sha256:add6a6337b29f9ea7912cb1efc661de2c369060b040eb5119855d794ea85b473"},
|
||||
{file = "mkdocs_material-9.6.13-py3-none-any.whl", hash = "sha256:3730730314e065f422cc04eacbc8c6084530de90f4654a1482472283a38e30d3"},
|
||||
{file = "mkdocs_material-9.6.13.tar.gz", hash = "sha256:7bde7ebf33cfd687c1c86c08ed8f6470d9a5ba737bd89e7b3e5d9f94f8c72c16"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
|
@ -2083,30 +2083,30 @@ files = [
|
|||
|
||||
[[package]]
|
||||
name = "ruff"
|
||||
version = "0.11.8"
|
||||
version = "0.11.9"
|
||||
description = "An extremely fast Python linter and code formatter, written in Rust."
|
||||
optional = false
|
||||
python-versions = ">=3.7"
|
||||
groups = ["dev"]
|
||||
files = [
|
||||
{file = "ruff-0.11.8-py3-none-linux_armv6l.whl", hash = "sha256:896a37516c594805e34020c4a7546c8f8a234b679a7716a3f08197f38913e1a3"},
|
||||
{file = "ruff-0.11.8-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:ab86d22d3d721a40dd3ecbb5e86ab03b2e053bc93c700dc68d1c3346b36ce835"},
|
||||
{file = "ruff-0.11.8-py3-none-macosx_11_0_arm64.whl", hash = "sha256:258f3585057508d317610e8a412788cf726efeefa2fec4dba4001d9e6f90d46c"},
|
||||
{file = "ruff-0.11.8-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:727d01702f7c30baed3fc3a34901a640001a2828c793525043c29f7614994a8c"},
|
||||
{file = "ruff-0.11.8-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:3dca977cc4fc8f66e89900fa415ffe4dbc2e969da9d7a54bfca81a128c5ac219"},
|
||||
{file = "ruff-0.11.8-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c657fa987d60b104d2be8b052d66da0a2a88f9bd1d66b2254333e84ea2720c7f"},
|
||||
{file = "ruff-0.11.8-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:f2e74b021d0de5eceb8bd32919f6ff8a9b40ee62ed97becd44993ae5b9949474"},
|
||||
{file = "ruff-0.11.8-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f9b5ef39820abc0f2c62111f7045009e46b275f5b99d5e59dda113c39b7f4f38"},
|
||||
{file = "ruff-0.11.8-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c1dba3135ca503727aa4648152c0fa67c3b1385d3dc81c75cd8a229c4b2a1458"},
|
||||
{file = "ruff-0.11.8-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7f024d32e62faad0f76b2d6afd141b8c171515e4fb91ce9fd6464335c81244e5"},
|
||||
{file = "ruff-0.11.8-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:d365618d3ad747432e1ae50d61775b78c055fee5936d77fb4d92c6f559741948"},
|
||||
{file = "ruff-0.11.8-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:4d9aaa91035bdf612c8ee7266153bcf16005c7c7e2f5878406911c92a31633cb"},
|
||||
{file = "ruff-0.11.8-py3-none-musllinux_1_2_i686.whl", hash = "sha256:0eba551324733efc76116d9f3a0d52946bc2751f0cd30661564117d6fd60897c"},
|
||||
{file = "ruff-0.11.8-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:161eb4cff5cfefdb6c9b8b3671d09f7def2f960cee33481dd898caf2bcd02304"},
|
||||
{file = "ruff-0.11.8-py3-none-win32.whl", hash = "sha256:5b18caa297a786465cc511d7f8be19226acf9c0a1127e06e736cd4e1878c3ea2"},
|
||||
{file = "ruff-0.11.8-py3-none-win_amd64.whl", hash = "sha256:6e70d11043bef637c5617297bdedec9632af15d53ac1e1ba29c448da9341b0c4"},
|
||||
{file = "ruff-0.11.8-py3-none-win_arm64.whl", hash = "sha256:304432e4c4a792e3da85b7699feb3426a0908ab98bf29df22a31b0cdd098fac2"},
|
||||
{file = "ruff-0.11.8.tar.gz", hash = "sha256:6d742d10626f9004b781f4558154bb226620a7242080e11caeffab1a40e99df8"},
|
||||
{file = "ruff-0.11.9-py3-none-linux_armv6l.whl", hash = "sha256:a31a1d143a5e6f499d1fb480f8e1e780b4dfdd580f86e05e87b835d22c5c6f8c"},
|
||||
{file = "ruff-0.11.9-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:66bc18ca783b97186a1f3100e91e492615767ae0a3be584e1266aa9051990722"},
|
||||
{file = "ruff-0.11.9-py3-none-macosx_11_0_arm64.whl", hash = "sha256:bd576cd06962825de8aece49f28707662ada6a1ff2db848d1348e12c580acbf1"},
|
||||
{file = "ruff-0.11.9-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5b1d18b4be8182cc6fddf859ce432cc9631556e9f371ada52f3eaefc10d878de"},
|
||||
{file = "ruff-0.11.9-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:0f3f46f759ac623e94824b1e5a687a0df5cd7f5b00718ff9c24f0a894a683be7"},
|
||||
{file = "ruff-0.11.9-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f34847eea11932d97b521450cf3e1d17863cfa5a94f21a056b93fb86f3f3dba2"},
|
||||
{file = "ruff-0.11.9-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:f33b15e00435773df97cddcd263578aa83af996b913721d86f47f4e0ee0ff271"},
|
||||
{file = "ruff-0.11.9-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:7b27613a683b086f2aca8996f63cb3dd7bc49e6eccf590563221f7b43ded3f65"},
|
||||
{file = "ruff-0.11.9-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9e0d88756e63e8302e630cee3ce2ffb77859797cc84a830a24473939e6da3ca6"},
|
||||
{file = "ruff-0.11.9-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:537c82c9829d7811e3aa680205f94c81a2958a122ac391c0eb60336ace741a70"},
|
||||
{file = "ruff-0.11.9-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:440ac6a7029f3dee7d46ab7de6f54b19e34c2b090bb4f2480d0a2d635228f381"},
|
||||
{file = "ruff-0.11.9-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:71c539bac63d0788a30227ed4d43b81353c89437d355fdc52e0cda4ce5651787"},
|
||||
{file = "ruff-0.11.9-py3-none-musllinux_1_2_i686.whl", hash = "sha256:c67117bc82457e4501473c5f5217d49d9222a360794bfb63968e09e70f340abd"},
|
||||
{file = "ruff-0.11.9-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:e4b78454f97aa454586e8a5557facb40d683e74246c97372af3c2d76901d697b"},
|
||||
{file = "ruff-0.11.9-py3-none-win32.whl", hash = "sha256:7fe1bc950e7d7b42caaee2a8a3bc27410547cc032c9558ee2e0f6d3b209e845a"},
|
||||
{file = "ruff-0.11.9-py3-none-win_amd64.whl", hash = "sha256:52edaa4a6d70f8180343a5b7f030c7edd36ad180c9f4d224959c2d689962d964"},
|
||||
{file = "ruff-0.11.9-py3-none-win_arm64.whl", hash = "sha256:bcf42689c22f2e240f496d0c183ef2c6f7b35e809f12c1db58f75d9aa8d630ca"},
|
||||
{file = "ruff-0.11.9.tar.gz", hash = "sha256:ebd58d4f67a00afb3a30bf7d383e52d0e036e6195143c6db7019604a05335517"},
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -2406,4 +2406,4 @@ type = ["pytest-mypy"]
|
|||
[metadata]
|
||||
lock-version = "2.1"
|
||||
python-versions = "^3.9"
|
||||
content-hash = "270e31ed5f90704d65cb517ec04f2eb537522f3ee6211f4524a422bb029e0bf5"
|
||||
content-hash = "c5cebc391ff22aa895c2e501029f5984c00d7e182f7908154567a579657824be"
|
||||
|
|
|
@ -29,7 +29,7 @@ Authlib = "^1.2.0"
|
|||
|
||||
|
||||
[tool.poetry.group.dev.dependencies]
|
||||
ruff = ">=0.5.1,<0.11.9"
|
||||
ruff = ">=0.5.1,<0.11.10"
|
||||
pytest = "^8.3.4"
|
||||
mypy = "^1.14.1"
|
||||
types-requests = "^2.32.0.20241016"
|
||||
|
|
|
@ -20,8 +20,8 @@ default = []
|
|||
dev-oauth2-device-flow = []
|
||||
|
||||
[dependencies]
|
||||
askama = { workspace = true, features = ["with-axum"] }
|
||||
askama_axum = { workspace = true }
|
||||
askama = { workspace = true }
|
||||
askama_web = { workspace = true }
|
||||
axum = { workspace = true }
|
||||
axum-htmx = { workspace = true }
|
||||
axum-extra = { workspace = true }
|
||||
|
@ -60,7 +60,7 @@ tokio-openssl = { workspace = true }
|
|||
tokio-util = { workspace = true, features = ["codec"] }
|
||||
toml = { workspace = true }
|
||||
tower = { version = "0.5.2", features = ["tokio-stream", "tracing"] }
|
||||
tower-http = { version = "0.6.2", features = [
|
||||
tower-http = { version = "0.6.4", features = [
|
||||
"compression-gzip",
|
||||
"fs",
|
||||
"tokio",
|
||||
|
|
|
@ -55,8 +55,8 @@ impl Modify for SecurityAddon {
|
|||
super::v1::raw_modify,
|
||||
super::v1::raw_search,
|
||||
|
||||
super::v1_oauth2::oauth2_id_image_delete,
|
||||
super::v1_oauth2::oauth2_id_image_post,
|
||||
// super::v1_oauth2::oauth2_id_image_delete,
|
||||
// super::v1_oauth2::oauth2_id_image_post,
|
||||
super::v1_oauth2::oauth2_get,
|
||||
super::v1_oauth2::oauth2_basic_post,
|
||||
super::v1_oauth2::oauth2_public_post,
|
||||
|
@ -89,10 +89,10 @@ impl Modify for SecurityAddon {
|
|||
super::v1::schema_classtype_get_id,
|
||||
super::v1::person_get,
|
||||
super::v1::person_post,
|
||||
super::v1::service_account_credential_generate,
|
||||
super::v1::service_account_api_token_delete,
|
||||
super::v1::service_account_api_token_get,
|
||||
super::v1::service_account_api_token_post,
|
||||
// super::v1::service_account_credential_generate,
|
||||
// super::v1::service_account_api_token_delete,
|
||||
// super::v1::service_account_api_token_get,
|
||||
// super::v1::service_account_api_token_post,
|
||||
super::v1::person_search_id,
|
||||
super::v1::person_id_get,
|
||||
super::v1::person_id_patch,
|
||||
|
@ -121,7 +121,7 @@ impl Modify for SecurityAddon {
|
|||
super::v1::person_id_radius_delete,
|
||||
super::v1::person_id_radius_token_get,
|
||||
|
||||
super::v1::account_id_ssh_pubkeys_get,
|
||||
// super::v1::account_id_ssh_pubkeys_get,
|
||||
super::v1::account_id_radius_token_post,
|
||||
super::v1::person_id_unix_post,
|
||||
super::v1::person_id_unix_credential_put,
|
||||
|
@ -129,8 +129,8 @@ impl Modify for SecurityAddon {
|
|||
super::v1::person_identify_user_post,
|
||||
super::v1::service_account_get,
|
||||
super::v1::service_account_post,
|
||||
super::v1::service_account_get,
|
||||
super::v1::service_account_post,
|
||||
// super::v1::service_account_get,
|
||||
// super::v1::service_account_post,
|
||||
super::v1::service_account_id_get,
|
||||
super::v1::service_account_id_delete,
|
||||
super::v1::service_account_id_patch,
|
||||
|
@ -150,9 +150,9 @@ impl Modify for SecurityAddon {
|
|||
super::v1::account_id_unix_post,
|
||||
super::v1::account_id_unix_auth_post,
|
||||
super::v1::account_id_unix_token,
|
||||
super::v1::account_id_unix_token,
|
||||
super::v1::account_id_radius_token_post,
|
||||
super::v1::account_id_radius_token_get,
|
||||
// super::v1::account_id_unix_token,
|
||||
// super::v1::account_id_radius_token_post,
|
||||
// super::v1::account_id_radius_token_get,
|
||||
super::v1::account_id_ssh_pubkeys_get,
|
||||
super::v1::account_id_ssh_pubkeys_tag_get,
|
||||
super::v1::account_id_user_auth_token_get,
|
||||
|
|
|
@ -1,11 +1,7 @@
|
|||
use axum::{
|
||||
async_trait,
|
||||
extract::connect_info::{ConnectInfo, Connected},
|
||||
extract::FromRequestParts,
|
||||
http::{
|
||||
header::HeaderName, header::AUTHORIZATION as AUTHORISATION, request::Parts, StatusCode,
|
||||
},
|
||||
RequestPartsExt,
|
||||
extract::{connect_info::{ConnectInfo, Connected}, FromRequestParts}, http::{
|
||||
header::{HeaderName, AUTHORIZATION as AUTHORISATION}, request::Parts, StatusCode,
|
||||
}, serve::IncomingStream, RequestPartsExt
|
||||
};
|
||||
|
||||
use axum_extra::extract::cookie::CookieJar;
|
||||
|
@ -17,6 +13,7 @@ use kanidmd_lib::prelude::{ClientAuthInfo, ClientCertInfo, Source};
|
|||
pub use kanidmd_lib::idm::server::DomainInfoRead;
|
||||
|
||||
use compact_jwt::JwsCompact;
|
||||
use tokio::net::TcpListener;
|
||||
use std::str::FromStr;
|
||||
|
||||
use std::net::{IpAddr, SocketAddr};
|
||||
|
@ -28,7 +25,6 @@ const X_FORWARDED_FOR_HEADER: HeaderName = HeaderName::from_static(X_FORWARDED_F
|
|||
|
||||
pub struct TrustedClientIp(pub IpAddr);
|
||||
|
||||
#[async_trait]
|
||||
impl FromRequestParts<ServerState> for TrustedClientIp {
|
||||
type Rejection = (StatusCode, &'static str);
|
||||
|
||||
|
@ -45,8 +41,8 @@ impl FromRequestParts<ServerState> for TrustedClientIp {
|
|||
}) = parts
|
||||
.extract::<ConnectInfo<ClientConnInfo>>()
|
||||
.await
|
||||
.map_err(|_| {
|
||||
error!("Connect info contains invalid data");
|
||||
.map_err(|e| {
|
||||
error!("Connect info contains invalid data: {:}", e);
|
||||
(
|
||||
StatusCode::BAD_REQUEST,
|
||||
"connect info contains invalid data",
|
||||
|
@ -97,7 +93,6 @@ impl FromRequestParts<ServerState> for TrustedClientIp {
|
|||
|
||||
pub struct VerifiedClientInformation(pub ClientAuthInfo);
|
||||
|
||||
#[async_trait]
|
||||
impl FromRequestParts<ServerState> for VerifiedClientInformation {
|
||||
type Rejection = (StatusCode, &'static str);
|
||||
|
||||
|
@ -114,8 +109,8 @@ impl FromRequestParts<ServerState> for VerifiedClientInformation {
|
|||
}) = parts
|
||||
.extract::<ConnectInfo<ClientConnInfo>>()
|
||||
.await
|
||||
.map_err(|_| {
|
||||
error!("Connect info contains invalid data");
|
||||
.map_err(|e| {
|
||||
error!("Connect info contains invalid data: {:}", e);
|
||||
(
|
||||
StatusCode::BAD_REQUEST,
|
||||
"connect info contains invalid data",
|
||||
|
@ -205,7 +200,6 @@ impl FromRequestParts<ServerState> for VerifiedClientInformation {
|
|||
|
||||
pub struct DomainInfo(pub DomainInfoRead);
|
||||
|
||||
#[async_trait]
|
||||
impl FromRequestParts<ServerState> for DomainInfo {
|
||||
type Rejection = (StatusCode, &'static str);
|
||||
|
||||
|
@ -249,3 +243,16 @@ impl Connected<SocketAddr> for ClientConnInfo {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Connected<IncomingStream<'_, TcpListener>> for ClientConnInfo {
|
||||
fn connect_info(target: IncomingStream<'_, TcpListener>) -> Self {
|
||||
let local_addr = target.io().local_addr().unwrap();
|
||||
let remote_addr = target.remote_addr();
|
||||
|
||||
ClientConnInfo {
|
||||
client_addr: remote_addr.clone(),
|
||||
connection_addr: local_addr,
|
||||
client_cert: None,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
mod apidocs;
|
||||
|
||||
pub(crate) mod cache_buster;
|
||||
pub(crate) mod errors;
|
||||
mod extractors;
|
||||
|
@ -242,7 +243,7 @@ pub async fn create_https_server(
|
|||
let static_routes = match config.role {
|
||||
ServerRole::WriteReplica | ServerRole::ReadOnlyReplica => {
|
||||
Router::new()
|
||||
.route("/ui/images/oauth2/:rs_name", get(oauth2::oauth2_image_get))
|
||||
.route("/ui/images/oauth2/{rs_name}", get(oauth2::oauth2_image_get))
|
||||
.route("/ui/images/domain", get(v1_domain::image_get))
|
||||
.route("/manifest.webmanifest", get(manifest::manifest)) // skip_route_check
|
||||
// Layers only apply to routes that are *already* added, not the ones
|
||||
|
@ -356,6 +357,7 @@ pub async fn create_https_server(
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
async fn server_tls_loop(
|
||||
mut tls_acceptor: SslAcceptor,
|
||||
listener: TcpListener,
|
||||
|
|
|
@ -807,17 +807,17 @@ pub fn route_setup(state: ServerState) -> Router<ServerState> {
|
|||
// // ⚠️ ⚠️ WARNING ⚠️ ⚠️
|
||||
// // IF YOU CHANGE THESE VALUES YOU MUST UPDATE OIDC DISCOVERY URLS
|
||||
.route(
|
||||
"/oauth2/openid/:client_id/.well-known/openid-configuration",
|
||||
"/oauth2/openid/{client_id}/.well-known/openid-configuration",
|
||||
get(oauth2_openid_discovery_get).options(oauth2_preflight_options),
|
||||
)
|
||||
.route(
|
||||
"/oauth2/openid/:client_id/.well-known/webfinger",
|
||||
"/oauth2/openid/{client_id}/.well-known/webfinger",
|
||||
get(oauth2_openid_webfinger_get).options(oauth2_preflight_options),
|
||||
)
|
||||
// // ⚠️ ⚠️ WARNING ⚠️ ⚠️
|
||||
// // IF YOU CHANGE THESE VALUES YOU MUST UPDATE OIDC DISCOVERY URLS
|
||||
.route(
|
||||
"/oauth2/openid/:client_id/userinfo",
|
||||
"/oauth2/openid/{client_id}/userinfo",
|
||||
get(oauth2_openid_userinfo_get)
|
||||
.post(oauth2_openid_userinfo_get)
|
||||
.options(oauth2_preflight_options),
|
||||
|
@ -825,13 +825,13 @@ pub fn route_setup(state: ServerState) -> Router<ServerState> {
|
|||
// // ⚠️ ⚠️ WARNING ⚠️ ⚠️
|
||||
// // IF YOU CHANGE THESE VALUES YOU MUST UPDATE OIDC DISCOVERY URLS
|
||||
.route(
|
||||
"/oauth2/openid/:client_id/public_key.jwk",
|
||||
"/oauth2/openid/{client_id}/public_key.jwk",
|
||||
get(oauth2_openid_publickey_get).options(oauth2_preflight_options),
|
||||
)
|
||||
// // ⚠️ ⚠️ WARNING ⚠️ ⚠️
|
||||
// // IF YOU CHANGE THESE VALUES YOU MUST UPDATE OAUTH2 DISCOVERY URLS
|
||||
.route(
|
||||
"/oauth2/openid/:client_id/.well-known/oauth-authorization-server",
|
||||
"/oauth2/openid/{client_id}/.well-known/oauth-authorization-server",
|
||||
get(oauth2_rfc8414_metadata_get).options(oauth2_preflight_options),
|
||||
)
|
||||
.with_state(state.clone());
|
||||
|
|
|
@ -11,6 +11,7 @@ use compact_jwt::{Jwk, Jws, JwsSigner};
|
|||
use kanidm_proto::constants::uri::V1_AUTH_VALID;
|
||||
use std::net::IpAddr;
|
||||
use uuid::Uuid;
|
||||
use crate::https::apidocs::response_schema::Jwk as JwkResponse;
|
||||
|
||||
use kanidm_proto::internal::{
|
||||
ApiToken, AppLink, CUIntentToken, CURequest, CUSessionToken, CUStatus, CreateRequest,
|
||||
|
@ -1902,7 +1903,7 @@ pub async fn person_id_radius_token_get(
|
|||
person_id_radius_handler(state, id, kopid, client_auth_info).await
|
||||
}
|
||||
|
||||
// /v1/account/:id/_radius/_token
|
||||
// /v1/account/{id}/_radius/_token
|
||||
#[utoipa::path(
|
||||
get,
|
||||
path = "/v1/account/{id}/_radius/_token",
|
||||
|
@ -3053,11 +3054,13 @@ pub async fn debug_ipinfo(
|
|||
Ok(Json::from(ip_addr))
|
||||
}
|
||||
|
||||
|
||||
|
||||
#[utoipa::path(
|
||||
get,
|
||||
path = "/v1/jwk/{key_id}",
|
||||
responses(
|
||||
(status=200, body=Jwk, content_type="application/json"),
|
||||
(status=200, body=JwkResponse, content_type="application/json"),
|
||||
ApiResponseWithout200,
|
||||
),
|
||||
security(("token_jwt" = [])),
|
||||
|
@ -3083,14 +3086,14 @@ pub async fn public_jwk_key_id_get(
|
|||
|
||||
fn cacheable_routes(state: ServerState) -> Router<ServerState> {
|
||||
Router::new()
|
||||
.route("/v1/jwk/:key_id", get(public_jwk_key_id_get))
|
||||
.route("/v1/jwk/{key_id}", get(public_jwk_key_id_get))
|
||||
.route(
|
||||
"/v1/person/:id/_radius/_token",
|
||||
"/v1/person/{id}/_radius/_token",
|
||||
get(person_id_radius_token_get),
|
||||
)
|
||||
.route("/v1/account/:id/_unix/_token", get(account_id_unix_token))
|
||||
.route("/v1/account/{id}/_unix/_token", get(account_id_unix_token))
|
||||
.route(
|
||||
"/v1/account/:id/_radius/_token",
|
||||
"/v1/account/{id}/_radius/_token",
|
||||
get(account_id_radius_token_get),
|
||||
)
|
||||
.layer(from_fn(cache_me_short))
|
||||
|
@ -3110,42 +3113,42 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {
|
|||
post(super::v1_oauth2::oauth2_public_post),
|
||||
)
|
||||
.route(
|
||||
"/v1/oauth2/:rs_name",
|
||||
"/v1/oauth2/{rs_name}",
|
||||
get(super::v1_oauth2::oauth2_id_get)
|
||||
.patch(super::v1_oauth2::oauth2_id_patch)
|
||||
.delete(super::v1_oauth2::oauth2_id_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/oauth2/:rs_name/_attr/:attr",
|
||||
"/v1/oauth2/{rs_name}/_attr/{attr}",
|
||||
post(super::v1_oauth2::oauth2_id_attr_post)
|
||||
.delete(super::v1_oauth2::oauth2_id_attr_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/oauth2/:rs_name/_image",
|
||||
"/v1/oauth2/{rs_name}/_image",
|
||||
post(super::v1_oauth2::oauth2_id_image_post)
|
||||
.delete(super::v1_oauth2::oauth2_id_image_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/oauth2/:rs_name/_basic_secret",
|
||||
"/v1/oauth2/{rs_name}/_basic_secret",
|
||||
get(super::v1_oauth2::oauth2_id_get_basic_secret),
|
||||
)
|
||||
.route(
|
||||
"/v1/oauth2/:rs_name/_scopemap/:group",
|
||||
"/v1/oauth2/{rs_name}/_scopemap/{group}",
|
||||
post(super::v1_oauth2::oauth2_id_scopemap_post)
|
||||
.delete(super::v1_oauth2::oauth2_id_scopemap_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/oauth2/:rs_name/_sup_scopemap/:group",
|
||||
"/v1/oauth2/{rs_name}/_sup_scopemap/{group}",
|
||||
post(super::v1_oauth2::oauth2_id_sup_scopemap_post)
|
||||
.delete(super::v1_oauth2::oauth2_id_sup_scopemap_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/oauth2/:rs_name/_claimmap/:claim_name/:group",
|
||||
"/v1/oauth2/{rs_name}/_claimmap/{claim_name}/{group}",
|
||||
post(super::v1_oauth2::oauth2_id_claimmap_post)
|
||||
.delete(super::v1_oauth2::oauth2_id_claimmap_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/oauth2/:rs_name/_claimmap/:claim_name",
|
||||
"/v1/oauth2/{rs_name}/_claimmap/{claim_name}",
|
||||
post(super::v1_oauth2::oauth2_id_claimmap_join_post),
|
||||
)
|
||||
.route("/v1/raw/create", post(raw_create))
|
||||
|
@ -3158,24 +3161,24 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {
|
|||
get(schema_attributetype_get), // post(|| async { "TODO" })
|
||||
)
|
||||
.route(
|
||||
"/v1/schema/attributetype/:id",
|
||||
"/v1/schema/attributetype/{id}",
|
||||
get(schema_attributetype_get_id),
|
||||
)
|
||||
// .route("/schema/attributetype/:id", put(|| async { "TODO" }).patch(|| async { "TODO" }))
|
||||
// .route("/schema/attributetype/{id}", put(|| async { "TODO" }).patch(|| async { "TODO" }))
|
||||
.route(
|
||||
"/v1/schema/classtype",
|
||||
get(schema_classtype_get), // .post(|| async { "TODO" })
|
||||
)
|
||||
.route(
|
||||
"/v1/schema/classtype/:id",
|
||||
"/v1/schema/classtype/{id}",
|
||||
get(schema_classtype_get_id), // .put(|| async { "TODO" })
|
||||
// .patch(|| async { "TODO" }),
|
||||
)
|
||||
.route("/v1/self", get(whoami))
|
||||
.route("/v1/self/_uat", get(whoami_uat))
|
||||
// .route("/v1/self/_attr/:attr", get(|| async { "TODO" }))
|
||||
// .route("/v1/self/_attr/{attr}", get(|| async { "TODO" }))
|
||||
// .route("/v1/self/_credential", get(|| async { "TODO" }))
|
||||
// .route("/v1/self/_credential/:cid/_lock", get(|| async { "TODO" }))
|
||||
// .route("/v1/self/_credential/{cid}/_lock", get(|| async { "TODO" }))
|
||||
// .route(
|
||||
// "/v1/self/_radius",
|
||||
// get(|| async { "TODO" })
|
||||
|
@ -3183,70 +3186,70 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {
|
|||
// .post(|| async { "TODO" }),
|
||||
// )
|
||||
// .route("/v1/self/_radius/_config", post(|| async { "TODO" }))
|
||||
// .route("/v1/self/_radius/_config/:token", get(|| async { "TODO" }))
|
||||
// .route("/v1/self/_radius/_config/{token}", get(|| async { "TODO" }))
|
||||
// .route(
|
||||
// "/v1/self/_radius/_config/:token/apple",
|
||||
// "/v1/self/_radius/_config/{token}/apple",
|
||||
// get(|| async { "TODO" }),
|
||||
// )
|
||||
// Applinks are the list of apps this account can access.
|
||||
.route("/v1/self/_applinks", get(applinks_get))
|
||||
// Person routes
|
||||
.route("/v1/person", get(person_get).post(person_post))
|
||||
.route("/v1/person/_search/:id", get(person_search_id))
|
||||
.route("/v1/person/_search/{id}", get(person_search_id))
|
||||
.route(
|
||||
"/v1/person/:id",
|
||||
"/v1/person/{id}",
|
||||
get(person_id_get)
|
||||
.patch(person_id_patch)
|
||||
.delete(person_id_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/person/:id/_attr/:attr",
|
||||
"/v1/person/{id}/_attr/{attr}",
|
||||
get(person_id_get_attr)
|
||||
.put(person_id_put_attr)
|
||||
.post(person_id_post_attr)
|
||||
.delete(person_id_delete_attr),
|
||||
)
|
||||
.route(
|
||||
"/v1/person/:id/_certificate",
|
||||
"/v1/person/{id}/_certificate",
|
||||
get(person_get_id_certificate).post(person_post_id_certificate),
|
||||
)
|
||||
.route(
|
||||
"/v1/person/:id/_credential/_status",
|
||||
"/v1/person/{id}/_credential/_status",
|
||||
get(person_get_id_credential_status),
|
||||
)
|
||||
.route(
|
||||
"/v1/person/:id/_credential/_update",
|
||||
"/v1/person/{id}/_credential/_update",
|
||||
get(person_id_credential_update_get),
|
||||
)
|
||||
.route(
|
||||
"/v1/person/:id/_credential/_update_intent/:ttl",
|
||||
"/v1/person/{id}/_credential/_update_intent/{ttl}",
|
||||
get(person_id_credential_update_intent_ttl_get),
|
||||
)
|
||||
.route(
|
||||
"/v1/person/:id/_credential/_update_intent",
|
||||
"/v1/person/{id}/_credential/_update_intent",
|
||||
get(person_id_credential_update_intent_get),
|
||||
)
|
||||
.route(
|
||||
"/v1/person/:id/_ssh_pubkeys",
|
||||
"/v1/person/{id}/_ssh_pubkeys",
|
||||
get(person_id_ssh_pubkeys_get).post(person_id_ssh_pubkeys_post),
|
||||
)
|
||||
.route(
|
||||
"/v1/person/:id/_ssh_pubkeys/:tag",
|
||||
"/v1/person/{id}/_ssh_pubkeys/{tag}",
|
||||
get(person_id_ssh_pubkeys_tag_get).delete(person_id_ssh_pubkeys_tag_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/person/:id/_radius",
|
||||
"/v1/person/{id}/_radius",
|
||||
get(person_id_radius_get)
|
||||
.post(person_id_radius_post)
|
||||
.delete(person_id_radius_delete),
|
||||
)
|
||||
.route("/v1/person/:id/_unix", post(person_id_unix_post))
|
||||
.route("/v1/person/{id}/_unix", post(person_id_unix_post))
|
||||
.route(
|
||||
"/v1/person/:id/_unix/_credential",
|
||||
"/v1/person/{id}/_unix/_credential",
|
||||
put(person_id_unix_credential_put).delete(person_id_unix_credential_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/person/:id/_identify_user",
|
||||
"/v1/person/{id}/_identify_user",
|
||||
post(person_identify_user_post),
|
||||
)
|
||||
// Service accounts
|
||||
|
@ -3259,85 +3262,85 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {
|
|||
get(service_account_get).post(service_account_post),
|
||||
)
|
||||
.route(
|
||||
"/v1/service_account/:id",
|
||||
"/v1/service_account/{id}",
|
||||
get(service_account_id_get)
|
||||
.delete(service_account_id_delete)
|
||||
.patch(service_account_id_patch),
|
||||
)
|
||||
.route(
|
||||
"/v1/service_account/:id/_attr/:attr",
|
||||
"/v1/service_account/{id}/_attr/{attr}",
|
||||
get(service_account_id_get_attr)
|
||||
.put(service_account_id_put_attr)
|
||||
.post(service_account_id_post_attr)
|
||||
.delete(service_account_id_delete_attr),
|
||||
)
|
||||
// .route("/v1/service_account/:id/_lock", get(|| async { "TODO" }))
|
||||
// .route("/v1/service_account/{id}/_lock", get(|| async { "TODO" }))
|
||||
.route(
|
||||
"/v1/service_account/:id/_into_person",
|
||||
"/v1/service_account/{id}/_into_person",
|
||||
#[allow(deprecated)]
|
||||
post(service_account_into_person),
|
||||
)
|
||||
.route(
|
||||
"/v1/service_account/:id/_api_token",
|
||||
"/v1/service_account/{id}/_api_token",
|
||||
post(service_account_api_token_post).get(service_account_api_token_get),
|
||||
)
|
||||
.route(
|
||||
"/v1/service_account/:id/_api_token/:token_id",
|
||||
"/v1/service_account/{id}/_api_token/{token_id}",
|
||||
delete(service_account_api_token_delete),
|
||||
)
|
||||
// .route(
|
||||
// "/v1/service_account/:id/_credential",
|
||||
// "/v1/service_account/{id}/_credential",
|
||||
// get(|| async { "TODO" }),
|
||||
// )
|
||||
.route(
|
||||
"/v1/service_account/:id/_credential/_generate",
|
||||
"/v1/service_account/{id}/_credential/_generate",
|
||||
get(service_account_credential_generate),
|
||||
)
|
||||
.route(
|
||||
"/v1/service_account/:id/_credential/_status",
|
||||
"/v1/service_account/{id}/_credential/_status",
|
||||
get(service_account_id_credential_status_get),
|
||||
)
|
||||
// .route(
|
||||
// "/v1/service_account/:id/_credential/:cid/_lock",
|
||||
// "/v1/service_account/{id}/_credential/{cid}/_lock",
|
||||
// get(|| async { "TODO" }),
|
||||
// )
|
||||
.route(
|
||||
"/v1/service_account/:id/_ssh_pubkeys",
|
||||
"/v1/service_account/{id}/_ssh_pubkeys",
|
||||
get(service_account_id_ssh_pubkeys_get).post(service_account_id_ssh_pubkeys_post),
|
||||
)
|
||||
.route(
|
||||
"/v1/service_account/:id/_ssh_pubkeys/:tag",
|
||||
"/v1/service_account/{id}/_ssh_pubkeys/{tag}",
|
||||
get(service_account_id_ssh_pubkeys_tag_get)
|
||||
.delete(service_account_id_ssh_pubkeys_tag_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/service_account/:id/_unix",
|
||||
"/v1/service_account/{id}/_unix",
|
||||
post(service_account_id_unix_post),
|
||||
)
|
||||
.route(
|
||||
"/v1/account/:id/_unix/_auth",
|
||||
"/v1/account/{id}/_unix/_auth",
|
||||
post(account_id_unix_auth_post),
|
||||
)
|
||||
.route("/v1/account/:id/_unix/_token", post(account_id_unix_token))
|
||||
.route("/v1/account/{id}/_unix/_token", post(account_id_unix_token))
|
||||
.route(
|
||||
"/v1/account/:id/_radius/_token",
|
||||
"/v1/account/{id}/_radius/_token",
|
||||
post(account_id_radius_token_post),
|
||||
)
|
||||
.route(
|
||||
"/v1/account/:id/_ssh_pubkeys",
|
||||
"/v1/account/{id}/_ssh_pubkeys",
|
||||
#[allow(deprecated)]
|
||||
get(account_id_ssh_pubkeys_get),
|
||||
)
|
||||
.route(
|
||||
"/v1/account/:id/_ssh_pubkeys/:tag",
|
||||
"/v1/account/{id}/_ssh_pubkeys/{tag}",
|
||||
get(account_id_ssh_pubkeys_tag_get),
|
||||
)
|
||||
.route(
|
||||
"/v1/account/:id/_user_auth_token",
|
||||
"/v1/account/{id}/_user_auth_token",
|
||||
get(account_id_user_auth_token_get),
|
||||
)
|
||||
.route(
|
||||
"/v1/account/:id/_user_auth_token/:token_id",
|
||||
"/v1/account/{id}/_user_auth_token/{token_id}",
|
||||
delete(account_user_auth_token_delete),
|
||||
)
|
||||
.route(
|
||||
|
@ -3355,23 +3358,23 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {
|
|||
post(super::v1_domain::image_post).delete(super::v1_domain::image_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/domain/_attr/:attr",
|
||||
"/v1/domain/_attr/{attr}",
|
||||
get(domain_attr_get)
|
||||
.put(domain_attr_put)
|
||||
.delete(domain_attr_delete),
|
||||
)
|
||||
.route("/v1/group/:id/_unix/_token", get(group_id_unix_token_get))
|
||||
.route("/v1/group/:id/_unix", post(group_id_unix_post))
|
||||
.route("/v1/group/{id}/_unix/_token", get(group_id_unix_token_get))
|
||||
.route("/v1/group/{id}/_unix", post(group_id_unix_post))
|
||||
.route("/v1/group", get(group_get).post(group_post))
|
||||
.route("/v1/group/_search/:id", get(group_search_id))
|
||||
.route("/v1/group/_search/{id}", get(group_search_id))
|
||||
.route(
|
||||
"/v1/group/:id",
|
||||
"/v1/group/{id}",
|
||||
get(group_id_get)
|
||||
.patch(group_id_patch)
|
||||
.delete(group_id_delete),
|
||||
)
|
||||
.route(
|
||||
"/v1/group/:id/_attr/:attr",
|
||||
"/v1/group/{id}/_attr/{attr}",
|
||||
delete(group_id_attr_delete)
|
||||
.get(group_id_attr_get)
|
||||
.put(group_id_attr_put)
|
||||
|
@ -3380,22 +3383,22 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {
|
|||
.with_state(state.clone())
|
||||
.route("/v1/system", get(system_get))
|
||||
.route(
|
||||
"/v1/system/_attr/:attr",
|
||||
"/v1/system/_attr/{attr}",
|
||||
get(system_attr_get)
|
||||
.post(system_attr_post)
|
||||
.put(system_attr_put)
|
||||
.delete(system_attr_delete),
|
||||
)
|
||||
.route("/v1/recycle_bin", get(recycle_bin_get))
|
||||
.route("/v1/recycle_bin/:id", get(recycle_bin_id_get))
|
||||
.route("/v1/recycle_bin/{id}", get(recycle_bin_id_get))
|
||||
.route(
|
||||
"/v1/recycle_bin/:id/_revive",
|
||||
"/v1/recycle_bin/{id}/_revive",
|
||||
post(recycle_bin_revive_id_post),
|
||||
)
|
||||
// .route("/v1/access_profile", get(|| async { "TODO" }))
|
||||
// .route("/v1/access_profile/:id", get(|| async { "TODO" }))
|
||||
// .route("/v1/access_profile/{id}", get(|| async { "TODO" }))
|
||||
// .route(
|
||||
// "/v1/access_profile/:id/_attr/:attr",
|
||||
// "/v1/access_profile/{id}/_attr/{attr}",
|
||||
// get(|| async { "TODO" }),
|
||||
// )
|
||||
.route("/v1/auth", post(auth))
|
||||
|
|
|
@ -16,6 +16,7 @@ use kanidm_proto::scim_v1::{
|
|||
};
|
||||
use kanidm_proto::v1::Entry as ProtoEntry;
|
||||
use kanidmd_lib::prelude::*;
|
||||
use crate::https::apidocs::response_schema::ScimEntry;
|
||||
|
||||
const DEFAULT_SCIM_SYNC_BYTES: usize = 1024 * 1024 * 32;
|
||||
|
||||
|
@ -319,6 +320,7 @@ async fn scim_sync_get(
|
|||
.map_err(WebError::from)
|
||||
}
|
||||
|
||||
|
||||
#[utoipa::path(
|
||||
get,
|
||||
path = "/scim/v1/Entry/{id}",
|
||||
|
@ -390,23 +392,23 @@ pub fn route_setup() -> Router<ServerState> {
|
|||
get(sync_account_get).post(sync_account_post),
|
||||
)
|
||||
.route(
|
||||
"/v1/sync_account/:id",
|
||||
"/v1/sync_account/{id}",
|
||||
get(sync_account_id_get).patch(sync_account_id_patch),
|
||||
)
|
||||
.route(
|
||||
"/v1/sync_account/:id/_attr/:attr",
|
||||
"/v1/sync_account/{id}/_attr/{attr}",
|
||||
get(sync_account_id_attr_get).put(sync_account_id_attr_put),
|
||||
)
|
||||
.route(
|
||||
"/v1/sync_account/:id/_finalise",
|
||||
"/v1/sync_account/{id}/_finalise",
|
||||
get(sync_account_id_finalise_get),
|
||||
)
|
||||
.route(
|
||||
"/v1/sync_account/:id/_terminate",
|
||||
"/v1/sync_account/{id}/_terminate",
|
||||
get(sync_account_id_terminate_get),
|
||||
)
|
||||
.route(
|
||||
"/v1/sync_account/:id/_sync_token",
|
||||
"/v1/sync_account/{id}/_sync_token",
|
||||
post(sync_account_token_post).delete(sync_account_token_delete),
|
||||
)
|
||||
// https://datatracker.ietf.org/doc/html/rfc7644#section-3.2
|
||||
|
@ -473,11 +475,11 @@ pub fn route_setup() -> Router<ServerState> {
|
|||
// Entry /Entry/{id} GET Retrieve a generic entry
|
||||
// of any kind from the database.
|
||||
// {id} is any unique id.
|
||||
.route("/scim/v1/Entry/:id", get(scim_entry_id_get))
|
||||
.route("/scim/v1/Entry/{id}", get(scim_entry_id_get))
|
||||
// Person /Person/{id} GET Retrieve a a person from the
|
||||
// database.
|
||||
// {id} is any unique id.
|
||||
.route("/scim/v1/Person/:id", get(scim_person_id_get))
|
||||
.route("/scim/v1/Person/{id}", get(scim_person_id_get))
|
||||
//
|
||||
// Sync /Sync GET Retrieve the current
|
||||
// sync state associated
|
||||
|
|
|
@ -9,7 +9,7 @@ pub fn admin_router() -> Router<ServerState> {
|
|||
let unguarded_router = Router::new()
|
||||
.route("/persons", get(persons::view_persons_get))
|
||||
.route(
|
||||
"/person/:person_uuid/view",
|
||||
"/person/{person_uuid}/view",
|
||||
get(persons::view_person_view_get),
|
||||
);
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@ use crate::https::views::navbar::NavbarCtx;
|
|||
use crate::https::views::Urls;
|
||||
use crate::https::ServerState;
|
||||
use askama::Template;
|
||||
use askama_web::WebTemplate;
|
||||
use axum::extract::{Path, State};
|
||||
use axum::http::Uri;
|
||||
use axum::response::{ErrorResponse, IntoResponse, Response};
|
||||
|
@ -34,27 +35,27 @@ const PERSON_ATTRIBUTES: [Attribute; 9] = [
|
|||
Attribute::DirectMemberOf,
|
||||
];
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "admin/admin_panel_template.html")]
|
||||
pub(crate) struct PersonsView {
|
||||
navbar_ctx: NavbarCtx,
|
||||
partial: PersonsPartialView,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "admin/admin_persons_partial.html")]
|
||||
struct PersonsPartialView {
|
||||
persons: Vec<(ScimPerson, ScimEffectiveAccess)>,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "admin/admin_panel_template.html")]
|
||||
struct PersonView {
|
||||
partial: PersonViewPartial,
|
||||
navbar_ctx: NavbarCtx,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "admin/admin_person_view_partial.html")]
|
||||
struct PersonViewPartial {
|
||||
person: ScimPerson,
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
use askama::Template;
|
||||
use askama_web::WebTemplate;
|
||||
use axum::{
|
||||
extract::State,
|
||||
http::uri::Uri,
|
||||
|
@ -16,14 +17,14 @@ use crate::https::{
|
|||
extractors::DomainInfo, extractors::VerifiedClientInformation, middleware::KOpId, ServerState,
|
||||
};
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "apps.html")]
|
||||
struct AppsView {
|
||||
navbar_ctx: NavbarCtx,
|
||||
apps_partial: AppsPartialView,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "apps_partial.html")]
|
||||
struct AppsPartialView {
|
||||
apps: Vec<AppLink>,
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
use askama::Template;
|
||||
use askama_axum::IntoResponse;
|
||||
use askama_web::WebTemplate;
|
||||
|
||||
use axum::extract::State;
|
||||
use axum::response::Response;
|
||||
use axum::response::{IntoResponse, Response};
|
||||
use axum::Extension;
|
||||
|
||||
use axum_extra::extract::CookieJar;
|
||||
|
@ -23,14 +23,14 @@ use crate::https::views::errors::HtmxError;
|
|||
use crate::https::views::login::{LoginDisplayCtx, Reauth, ReauthPurpose};
|
||||
use crate::https::ServerState;
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "user_settings.html")]
|
||||
struct ProfileView {
|
||||
navbar_ctx: NavbarCtx,
|
||||
profile_partial: EnrolDeviceView,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "enrol_device.html")]
|
||||
pub(crate) struct EnrolDeviceView {
|
||||
menu_active_item: ProfileMenuItems,
|
||||
|
|
|
@ -7,6 +7,7 @@ use crate::https::{
|
|||
ServerState,
|
||||
};
|
||||
use askama::Template;
|
||||
use askama_web::WebTemplate;
|
||||
use axum::{
|
||||
extract::State,
|
||||
response::{IntoResponse, Redirect, Response},
|
||||
|
@ -91,7 +92,7 @@ pub struct LoginDisplayCtx {
|
|||
pub error: Option<LoginError>,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "login.html")]
|
||||
struct LoginView {
|
||||
display_ctx: LoginDisplayCtx,
|
||||
|
@ -105,7 +106,7 @@ pub struct Mech<'a> {
|
|||
autofocus: bool,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "login_mech_choose.html")]
|
||||
struct LoginMechView<'a> {
|
||||
display_ctx: LoginDisplayCtx,
|
||||
|
@ -119,7 +120,7 @@ enum LoginTotpError {
|
|||
Syntax,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "login_totp.html")]
|
||||
struct LoginTotpView {
|
||||
display_ctx: LoginDisplayCtx,
|
||||
|
@ -127,20 +128,20 @@ struct LoginTotpView {
|
|||
errors: LoginTotpError,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "login_password.html")]
|
||||
struct LoginPasswordView {
|
||||
display_ctx: LoginDisplayCtx,
|
||||
password: String,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "login_backupcode.html")]
|
||||
struct LoginBackupCodeView {
|
||||
display_ctx: LoginDisplayCtx,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "login_webauthn.html")]
|
||||
struct LoginWebauthnView {
|
||||
display_ctx: LoginDisplayCtx,
|
||||
|
@ -150,7 +151,7 @@ struct LoginWebauthnView {
|
|||
chal: String,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "login_denied.html")]
|
||||
struct LoginDeniedView {
|
||||
display_ctx: LoginDisplayCtx,
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
use askama::Template;
|
||||
use askama_web::WebTemplate;
|
||||
|
||||
use axum::{
|
||||
response::Redirect,
|
||||
|
@ -29,7 +30,7 @@ mod oauth2;
|
|||
mod profile;
|
||||
mod reset;
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "unrecoverable_error.html")]
|
||||
struct UnrecoverableErrorView {
|
||||
err_code: OperationError,
|
||||
|
@ -38,7 +39,7 @@ struct UnrecoverableErrorView {
|
|||
domain_info: DomainInfoRead,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "admin/error_toast.html")]
|
||||
struct ErrorToastPartial {
|
||||
err_code: OperationError,
|
||||
|
@ -159,7 +160,9 @@ where
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use askama_axum::IntoResponse;
|
||||
// use askama_axum::IntoResponse;
|
||||
|
||||
use axum::response::IntoResponse;
|
||||
|
||||
use super::*;
|
||||
#[tokio::test]
|
||||
|
|
|
@ -11,6 +11,7 @@ use kanidm_proto::internal::COOKIE_OAUTH2_REQ;
|
|||
use std::collections::BTreeSet;
|
||||
|
||||
use askama::Template;
|
||||
use askama_web::WebTemplate;
|
||||
|
||||
#[cfg(feature = "dev-oauth2-device-flow")]
|
||||
use axum::http::StatusCode;
|
||||
|
@ -27,7 +28,7 @@ use serde::Deserialize;
|
|||
use super::login::{LoginDisplayCtx, Oauth2Ctx};
|
||||
use super::{cookies, UnrecoverableErrorView};
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "oauth2_consent_request.html")]
|
||||
struct ConsentRequestView {
|
||||
client_name: String,
|
||||
|
@ -37,7 +38,7 @@ struct ConsentRequestView {
|
|||
redirect: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "oauth2_access_denied.html")]
|
||||
struct AccessDeniedView {
|
||||
operation_id: Uuid,
|
||||
|
@ -124,7 +125,7 @@ async fn oauth2_auth_req(
|
|||
[
|
||||
(HX_REDIRECT, redirect_uri.as_str().to_string()),
|
||||
(
|
||||
ACCESS_CONTROL_ALLOW_ORIGIN.as_str(),
|
||||
ACCESS_CONTROL_ALLOW_ORIGIN,
|
||||
redirect_uri.origin().ascii_serialization(),
|
||||
),
|
||||
],
|
||||
|
@ -262,7 +263,7 @@ pub async fn view_consent_post(
|
|||
[
|
||||
(HX_REDIRECT, success.redirect_uri.as_str().to_string()),
|
||||
(
|
||||
ACCESS_CONTROL_ALLOW_ORIGIN.as_str(),
|
||||
ACCESS_CONTROL_ALLOW_ORIGIN,
|
||||
success.redirect_uri.origin().ascii_serialization(),
|
||||
),
|
||||
],
|
||||
|
@ -276,7 +277,7 @@ pub async fn view_consent_post(
|
|||
[
|
||||
(HX_REDIRECT, redirect_uri.as_str().to_string()),
|
||||
(
|
||||
ACCESS_CONTROL_ALLOW_ORIGIN.as_str(),
|
||||
ACCESS_CONTROL_ALLOW_ORIGIN,
|
||||
redirect_uri.origin().ascii_serialization(),
|
||||
),
|
||||
],
|
||||
|
|
|
@ -3,6 +3,7 @@ use crate::https::extractors::{DomainInfo, VerifiedClientInformation};
|
|||
use crate::https::middleware::KOpId;
|
||||
use crate::https::ServerState;
|
||||
use askama::Template;
|
||||
use askama_web::WebTemplate;
|
||||
use axum::extract::State;
|
||||
use axum::response::Response;
|
||||
use axum::Extension;
|
||||
|
@ -14,14 +15,14 @@ use super::errors::HtmxError;
|
|||
use super::login::{LoginDisplayCtx, Reauth, ReauthPurpose};
|
||||
use super::navbar::NavbarCtx;
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "user_settings.html")]
|
||||
pub(crate) struct ProfileView {
|
||||
navbar_ctx: NavbarCtx,
|
||||
profile_partial: ProfilePartialView,
|
||||
}
|
||||
|
||||
#[derive(Template, Clone)]
|
||||
#[derive(Template, WebTemplate, Clone)]
|
||||
#[template(path = "user_settings_profile_partial.html")]
|
||||
struct ProfilePartialView {
|
||||
menu_active_item: ProfileMenuItems,
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
use askama::Template;
|
||||
use askama_web::WebTemplate;
|
||||
use axum::extract::{Query, State};
|
||||
use axum::http::{StatusCode, Uri};
|
||||
use axum::response::{ErrorResponse, IntoResponse, Redirect, Response};
|
||||
|
@ -42,21 +43,21 @@ use crate::https::ServerState;
|
|||
|
||||
use super::UnrecoverableErrorView;
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "user_settings.html")]
|
||||
struct ProfileView {
|
||||
navbar_ctx: NavbarCtx,
|
||||
profile_partial: CredStatusView,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "credentials_reset_form.html")]
|
||||
struct ResetCredFormView {
|
||||
domain_info: DomainInfoRead,
|
||||
wrong_code: bool,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "credentials_reset.html")]
|
||||
struct CredResetView {
|
||||
domain_info: DomainInfoRead,
|
||||
|
@ -64,7 +65,7 @@ struct CredResetView {
|
|||
credentials_update_partial: CredResetPartialView,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "credentials_status.html")]
|
||||
struct CredStatusView {
|
||||
domain_info: DomainInfoRead,
|
||||
|
@ -79,7 +80,7 @@ struct SshKey {
|
|||
comment: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "credentials_update_partial.html")]
|
||||
struct CredResetPartialView {
|
||||
ext_cred_portal: CUExtPortal,
|
||||
|
@ -104,19 +105,19 @@ pub(crate) struct ResetTokenParam {
|
|||
token: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "credential_update_add_password_partial.html")]
|
||||
struct AddPasswordPartial {
|
||||
check_res: PwdCheckResult,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "credential_update_set_unixcred_partial.html")]
|
||||
struct SetUnixCredPartial {
|
||||
check_res: PwdCheckResult,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "credential_update_add_ssh_publickey_partial.html")]
|
||||
struct AddSshPublicKeyPartial {
|
||||
title_error: Option<String>,
|
||||
|
@ -160,7 +161,7 @@ pub(crate) struct NewTotp {
|
|||
ignore_broken_app: bool,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "credential_update_add_passkey_partial.html")]
|
||||
struct AddPasskeyPartial {
|
||||
// Passkey challenge for adding a new passkey
|
||||
|
@ -215,7 +216,7 @@ pub(crate) struct TotpCheck {
|
|||
taken_name: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[derive(Template, WebTemplate)]
|
||||
#[template(path = "credential_update_add_totp_partial.html")]
|
||||
struct AddTotpPartial {
|
||||
totp_init: Option<TotpInit>,
|
||||
|
@ -691,14 +692,14 @@ pub(crate) async fn view_new_pwd(
|
|||
VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
|
||||
DomainInfo(domain_info): DomainInfo,
|
||||
jar: CookieJar,
|
||||
opt_form: Option<Form<NewPassword>>,
|
||||
opt_form: Result<Form<NewPassword>, axum::extract::rejection::FormRejection>,
|
||||
) -> axum::response::Result<Response> {
|
||||
let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
|
||||
let swapped_handler_trigger =
|
||||
HxResponseTrigger::after_swap([HxEvent::new("addPasswordSwapped".to_string())]);
|
||||
|
||||
let new_passwords = match opt_form {
|
||||
None => {
|
||||
Err(_) => {
|
||||
return Ok((
|
||||
swapped_handler_trigger,
|
||||
AddPasswordPartial {
|
||||
|
@ -707,7 +708,7 @@ pub(crate) async fn view_new_pwd(
|
|||
)
|
||||
.into_response());
|
||||
}
|
||||
Some(Form(new_passwords)) => new_passwords,
|
||||
Ok(Form(new_passwords)) => new_passwords,
|
||||
};
|
||||
|
||||
let pwd_equal = new_passwords.new_password == new_passwords.new_password_check;
|
||||
|
@ -822,14 +823,14 @@ pub(crate) async fn view_set_unixcred(
|
|||
VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
|
||||
DomainInfo(domain_info): DomainInfo,
|
||||
jar: CookieJar,
|
||||
opt_form: Option<Form<NewPassword>>,
|
||||
opt_form: Result<Form<NewPassword>, axum::extract::rejection::FormRejection>,
|
||||
) -> axum::response::Result<Response> {
|
||||
let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
|
||||
let swapped_handler_trigger =
|
||||
HxResponseTrigger::after_swap([HxEvent::new("addPasswordSwapped".to_string())]);
|
||||
|
||||
let new_passwords = match opt_form {
|
||||
None => {
|
||||
Err(_) => {
|
||||
return Ok((
|
||||
swapped_handler_trigger,
|
||||
SetUnixCredPartial {
|
||||
|
@ -838,7 +839,7 @@ pub(crate) async fn view_set_unixcred(
|
|||
)
|
||||
.into_response());
|
||||
}
|
||||
Some(Form(new_passwords)) => new_passwords,
|
||||
Ok(Form(new_passwords)) => new_passwords,
|
||||
};
|
||||
|
||||
let pwd_equal = new_passwords.new_password == new_passwords.new_password_check;
|
||||
|
@ -887,6 +888,7 @@ struct AddSshPublicKeyError {
|
|||
title: Option<String>,
|
||||
}
|
||||
|
||||
#[axum::debug_handler]
|
||||
pub(crate) async fn view_add_ssh_publickey(
|
||||
State(state): State<ServerState>,
|
||||
Extension(kopid): Extension<KOpId>,
|
||||
|
@ -894,12 +896,13 @@ pub(crate) async fn view_add_ssh_publickey(
|
|||
VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
|
||||
DomainInfo(domain_info): DomainInfo,
|
||||
jar: CookieJar,
|
||||
opt_form: Option<Form<NewPublicKey>>,
|
||||
) -> axum::response::Result<Response> {
|
||||
opt_form: Result<Form<NewPublicKey>, axum::extract::rejection::FormRejection>,
|
||||
|
||||
) -> impl IntoResponse {
|
||||
let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
|
||||
|
||||
let new_key = match opt_form {
|
||||
None => {
|
||||
Err(_e) => {
|
||||
return Ok((AddSshPublicKeyPartial {
|
||||
title_error: None,
|
||||
key_error: None,
|
||||
|
@ -907,7 +910,7 @@ pub(crate) async fn view_add_ssh_publickey(
|
|||
},)
|
||||
.into_response());
|
||||
}
|
||||
Some(Form(new_key)) => new_key,
|
||||
Ok(Form(new_key)) => new_key,
|
||||
};
|
||||
|
||||
let (
|
||||
|
|
|
@ -38,7 +38,7 @@ mod utils;
|
|||
|
||||
use crate::actors::{QueryServerReadV1, QueryServerWriteV1};
|
||||
use crate::admin::AdminActor;
|
||||
use crate::config::{Configuration, ServerRole};
|
||||
use crate::config::ServerRole;
|
||||
use crate::interval::IntervalActor;
|
||||
use crate::utils::touch_file_or_quit;
|
||||
use compact_jwt::{JwsHs256Signer, JwsSigner};
|
||||
|
@ -58,6 +58,7 @@ use tokio::sync::broadcast;
|
|||
use tokio::sync::mpsc;
|
||||
use tokio::sync::Notify;
|
||||
use tokio::task;
|
||||
use config::Configuration;
|
||||
|
||||
// === internal setup helpers
|
||||
|
||||
|
@ -1204,4 +1205,4 @@ pub async fn create_server_core(
|
|||
tx: broadcast_tx,
|
||||
handles,
|
||||
})
|
||||
}
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
(% macro string_attr(dispname, name, value, editable, attribute) %)
|
||||
(% if scim_effective_access.search.check(attribute|as_ref) %)
|
||||
(% if scim_effective_access.search.check(attribute | ref) %)
|
||||
<div class="row mt-3">
|
||||
<label for="person(( name ))" class="col-12 col-md-3 col-lg-2 col-form-label fw-bold py-0">(( dispname ))</label>
|
||||
<div class="col-12 col-md-8 col-lg-6">
|
||||
|
|
|
@ -14,7 +14,8 @@
|
|||
|
||||
<hr>
|
||||
|
||||
(% if scim_effective_access.search.check(Attribute::Mail|as_ref) %)
|
||||
<!-- TODO: issues with as_ref -->
|
||||
(% if scim_effective_access.search.check(Attribute::Mail | ref) %)
|
||||
<label class="mt-3 fw-bold">Emails</label>
|
||||
<form hx-validate="true" hx-ext="bs-validation">
|
||||
(% if person.mails.len() == 0 %)
|
||||
|
@ -33,7 +34,8 @@
|
|||
</form>
|
||||
(% endif %)
|
||||
|
||||
(% if scim_effective_access.search.check(Attribute::DirectMemberOf|as_ref) %)
|
||||
<!-- TODO: issues with as_ref -->
|
||||
(% if scim_effective_access.search.check(Attribute::DirectMemberOf | ref) %)
|
||||
<label class="mt-3 fw-bold">DirectMemberOf</label>
|
||||
<form hx-validate="true" hx-ext="bs-validation">
|
||||
(% if person.groups.len() == 0 %)
|
||||
|
|
|
@ -24,7 +24,7 @@ libc = { workspace = true }
|
|||
lazy_static = { workspace = true }
|
||||
|
||||
[target."cfg(target_os = \"freebsd\")".build-dependencies]
|
||||
cc = "^1.2.10"
|
||||
cc = "^1.2.22"
|
||||
|
||||
## Debian packaging
|
||||
[package.metadata.deb]
|
||||
|
|
Loading…
Reference in a new issue