Valentin Tolmer
733d363e25
ldap: handle full scope searches
...
Nextcloud searches for users by specifying the entire user DN as the
scope. This commit adds support for these specific scopes.
2022-06-10 17:18:46 +02:00
Valentin Tolmer
da186fab38
ldap: add support for memberOf attribute
...
The "memberOf" filter was already supported, but not the attribute.
Fixes #179
2022-06-10 15:22:06 +02:00
Valentin Tolmer
ff698df280
server: Introduce a read-only user
2022-06-06 17:27:37 +02:00
Valentin Tolmer
1efab58d0c
ldap: add an option to silence unknown fields in the config
2022-05-30 20:08:02 +02:00
Valentin Tolmer
a0b0b455ed
ldap: ignore unknown filters
2022-05-30 20:08:02 +02:00
Valentin Tolmer
1d8582f937
ldap: lowercase all DN, fields, values
2022-05-30 19:23:29 +02:00
Valentin Tolmer
7e62cc6eda
ldap: handle "present" filters for groups
2022-05-29 19:30:07 +02:00
Matthew Strasiotto
b7957f598b
ldap wildcard handler, error if '*' attribute makes it to get_x_attribute
2022-05-12 13:14:04 +02:00
Matthew Strasiotto
5150d8341f
ldap wildcard handler, add tests
2022-05-12 13:14:04 +02:00
Matthew Strasiotto
e5c80b9f17
handle wildcards being given as ldap attribute params
...
fix wildcard expansion
address some pr comments
Move ldap attribute expansion lists to constants
As per: https://github.com/nitnelave/lldap/pull/164#discussion_r867348971
lldap *+ expansion: remove unneccesary cloning
https://github.com/nitnelave/lldap/pull/164#discussion_r867349805
ldap attribute wildcard handling: remove duplicated wildcards
https://github.com/nitnelave/lldap/pull/164#issuecomment-1120211031
ldap wildcard expansion: refactor
ldap attribute handlers: handle '+' by ignoring, '*' and unmatched by warning and ignoring
attribute wildcard expansion: refactor, don't remove '+'
2022-05-12 13:14:04 +02:00
Matthew Strasiotto
875c59758b
handle dn attribute being queried as distinguishedname
2022-05-12 13:14:04 +02:00
Valentin Tolmer
ebffc1c086
server, ldap: Use group membership for admin status
2022-05-08 20:36:57 +02:00
Valentin Tolmer
d6c2805847
server: don't try to load the certificates if they're not needed
2022-05-07 15:01:54 +02:00
Valentin Tolmer
f689458aa2
server: Implement LDAPS support
2022-05-05 17:19:11 +02:00
Valentin Tolmer
6b6f11db1b
server: update clap and add LDAPS options
2022-05-05 17:19:11 +02:00
Valentin Tolmer
f1b86a16ee
ldap: return uids instead of cns for users
2022-05-03 12:13:43 +02:00
Valentin Tolmer
bd90a3a426
ldap: return actual "cn" value instead of "uid" in LDAP messages
2022-04-29 10:02:43 +02:00
Valentin Tolmer
e1e1d6cd20
ldap: accept "uid" or "cn" as username
2022-04-29 10:02:43 +02:00
Valentin Tolmer
f52197e76f
server: allow non-admin user to do limited searches
2022-04-25 09:34:25 +02:00
Valentin Tolmer
3ac38bb96f
ldap_handler: Reports groups as groupOfNames as well
2022-04-20 10:54:21 +02:00
Valentin Tolmer
2197fe77a5
server: Handle "1.1" special attribute
2022-04-18 12:01:58 +02:00
Valentin Tolmer
3a6c5fdc65
server: Report errors sending email
2022-04-17 23:14:10 +02:00
Valentin Tolmer
ca19e61f50
domain: introduce UserId to make uid case insensitive
...
Note that if there was a non-lowercase user already in the DB, it cannot
be found again. To fix this, run in the DB:
sqlite> UPDATE users SET user_id = LOWER(user_id);
2022-03-26 18:23:19 +01:00
Hendrik Schlehlein
82df8d4ca1
feat: add simple login
2022-03-04 12:04:10 +01:00
Valentin Tolmer
c850fa4273
server: refactor group requests to use filters
2022-02-12 14:27:02 +01:00
Valentin Tolmer
a1fe703bf0
server: rename RequestFilter to UserRequestFilter
2022-02-12 14:27:02 +01:00
Valentin Tolmer
d20bd196bc
ldap_handler: trim spaces in LDAP identifiers
2022-02-11 09:34:21 +01:00
Valentin Tolmer
8e8614fe2e
server: fix clippy warning
2021-12-08 12:01:56 +01:00
Valentin Tolmer
110b7c7d5b
server: fix command line version stuck at 0.1
2021-12-08 12:01:56 +01:00
kaysond
82770a5ff0
restore comment
2021-12-01 00:38:54 +01:00
kaysond
e11a8460ff
add SRI for other resources; add routing for all root requests
2021-12-01 00:38:54 +01:00
kaysond
7731b8e593
download static fonts to their own directory
2021-12-01 00:38:54 +01:00
kaysond
45c50923b7
fix rust formatting
2021-12-01 00:38:54 +01:00
kaysond
9f138ec4ac
server libraries locally in the docker container
2021-12-01 00:38:54 +01:00
Valentin Tolmer
9653d64eb1
config: Prevent loading the wrong server_key
2021-11-28 00:55:35 +01:00
Valentin Tolmer
789c8f367e
server: Send an email for password resets
2021-11-23 00:25:47 +01:00
Valentin Tolmer
db2b5cbae0
server: Add http_url to the configuration
2021-11-23 00:25:47 +01:00
Valentin Tolmer
a13bfc3575
server: Implement password reset
...
It's still missing the email.
This also secures the password change method with a JWT token check: you
have to be logged in to change the password.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
7b5ad47ee2
server: Make the JWT cookies valid for /
...
This will be used to secure the password change API.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
e1503743b5
server: Add methods to get/set a password reset token
2021-11-23 00:25:47 +01:00
Valentin Tolmer
88732556c1
server: Add an SQL table to store password reset tokens
2021-11-23 00:25:47 +01:00
Valentin Tolmer
790fd7c5d1
cargo: Update to 2021 edition
2021-11-23 00:25:47 +01:00
Valentin Tolmer
ad1ee52d76
server: Prevent sqlx from logging unless verbose
2021-11-23 00:25:47 +01:00
Valentin Tolmer
9124339b96
server: Prevent passwords and secrets from being printed
2021-11-23 00:25:47 +01:00
Valentin Tolmer
617a0f53fa
server: Send an email with the test command
2021-11-23 00:25:47 +01:00
Valentin Tolmer
1d54ca8040
server: Load config for both run and mail
2021-11-23 00:25:47 +01:00
Valentin Tolmer
77ced7ea43
misc: Forbid non-ascii identifiers
...
That prevents a class of unicode attacks, e.g. invisible characters.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
fa0105fa96
cli: Add a "send test email" command
...
Still unimplemented. This re-organizes the command-line flags.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
18e3892e55
configuration: Add smtp config values.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
350fdcdf9b
server: improve error messages
2021-11-23 00:25:47 +01:00
Valentin Tolmer
adf088c74b
configuration: move default values inline
2021-11-23 00:25:47 +01:00
Valentin Tolmer
47ee56873e
ldap: Improve coverage of filters
2021-11-08 11:10:40 +01:00
Valentin Tolmer
ee863f74fc
ldap: Add tests for password change
2021-11-08 11:10:40 +01:00
Valentin Tolmer
24e3125e34
ldap: Test the "memberOf" filter
2021-11-08 11:10:40 +01:00
Valentin Tolmer
06b6653dff
ldap: Test more invalid DNs
2021-11-08 11:10:40 +01:00
Valentin Tolmer
62745970c6
ldap: Add context to the errors
2021-11-08 11:10:40 +01:00
Valentin Tolmer
ea3142da5d
ldap: test message handler
2021-11-08 11:10:40 +01:00
Valentin Tolmer
d96b534921
ldap: Improve debug messages
2021-11-08 09:31:29 +01:00
Valentin Tolmer
9a024cd7fc
ldap: Fix response when both users and groups are returned
2021-11-08 09:31:29 +01:00
Valentin Tolmer
c964428858
fixup: group filters
2021-11-08 09:31:29 +01:00
Valentin Tolmer
f98023e67f
ldap: Improve support for group filters
2021-11-08 09:31:29 +01:00
Valentin Tolmer
e68d46d4fe
ldap: Make attribute matching case insensitive
2021-11-08 09:31:29 +01:00
Valentin Tolmer
9a680a7d06
server: Add a debug log for LDAP messages
2021-11-08 09:31:29 +01:00
Valentin Tolmer
7345cc42d0
ldap: Add support for createTimestamp and modifyTimestamp
...
This should help with KeyCloak support.
2021-11-08 09:31:29 +01:00
Valentin Tolmer
43ffeca24d
ldap: Add support for password modify extension
...
This allows other systems (e.g. Authelia) to reset passwords for users.
2021-10-28 18:20:01 +02:00
Valentin Tolmer
31e1ff358b
ldap: Implement a rootDSE response
...
This is the message that broadcasts the capabilities of the server,
including the supported extensions.
2021-10-28 18:20:01 +02:00
Valentin Tolmer
d423c64d57
ldap: Switch to using LdapOp instead of ServerOp
...
This is in preparation of supporting the password change message, since
this is from the Extended Operations that is not available in the simple
ServerOp.
2021-10-28 18:20:01 +02:00
Valentin Tolmer
438ac2818a
ldap: Add support for "dn" attribute
2021-10-28 16:36:13 +02:00
Valentin Tolmer
107c8ec96e
ldap: Implement group listing, fix various bugs
2021-10-23 18:24:03 +02:00
Valentin Tolmer
eef3afd2e2
server: Improve startup error messages and fail fast
2021-10-20 08:58:36 +02:00
Valentin Tolmer
7d9c1b1eec
readme: Add more information about the configuration of LDAP clients
2021-10-19 08:29:34 +02:00
Valentin Tolmer
f4edb99379
app: Add style.css, improve classes
...
Also change the server to be able to serve style.css.
2021-10-15 10:46:17 +02:00
Valentin Tolmer
263fd44156
server: add a display name to the administrator user
2021-10-15 08:05:50 +02:00
Valentin Tolmer
35ee2834a3
graphql: Add a method to create a group
2021-10-15 08:05:50 +02:00
Valentin Tolmer
42da86cf72
graphql: Implement looking up a group's users
2021-10-15 08:05:50 +02:00
Valentin Tolmer
65780ae0fe
graphql: Add a method to look up a group's details
2021-10-15 08:05:50 +02:00
Valentin Tolmer
d9abcd335d
config: Add a minimum password length
2021-10-07 18:33:47 +02:00
Valentin Tolmer
54b6f7d726
graphql: Add guardrails to prevent deleting all the admins
2021-09-28 13:50:56 +02:00
Valentin Tolmer
eb974e781c
graphql: Add a filter by group
2021-09-28 13:50:56 +02:00
Valentin Tolmer
09a23a1e59
ldap: Add support for memberOf and wildcards
2021-09-28 13:50:56 +02:00
Valentin Tolmer
c0d866b77b
graphql: Add a method to update group details
2021-09-28 13:50:56 +02:00
Valentin Tolmer
3b70762b42
graphql: Add a method to delete a group
2021-09-28 13:50:56 +02:00
Valentin Tolmer
e8831f607b
graphql: Add a method to delete a user
2021-09-24 16:46:30 +02:00
Valentin Tolmer
63467e5050
server: Prevent user updates from applying to everyone
2021-09-20 11:23:57 +02:00
Valentin Tolmer
480f48f820
graphql: Add a method to list groups
2021-09-20 11:23:57 +02:00
Valentin Tolmer
e4d6b122c5
graphql: Add methods to add/remove group memberships
2021-09-20 11:23:57 +02:00
Valentin Tolmer
005e18472e
app: reorganize and add a page to change the password
2021-09-13 10:35:39 +02:00
Valentin Tolmer
2954109d96
graphql: Add a method to update a user
2021-09-03 14:32:33 +02:00
Valentin Tolmer
0ac9e134de
schema: make user fields non-nullable
...
They can always be empty. This simplifies mutation, since graphql_client
doesn't have an easy way to conditionally leave out fields (we could do
that with `@include`, but that's one bool per field in addition to the
field, a bit ugly).
2021-09-03 14:32:33 +02:00
Valentin Tolmer
d8df47b35d
Move backend source to server/ subpackage
...
To clarify the organization.
2021-08-31 20:32:55 +02:00