Valentin Tolmer
134a9366f5
server: create private key with 400 permissions
...
Fixes #261 .
2022-08-01 17:43:37 +02:00
Valentin Tolmer
c108921dcf
server: Add a log message when search is restricted
...
Fixes #264 .
2022-08-01 14:02:24 +02:00
Valentin Tolmer
897704fab3
server: Fix extra error message when DB doesn't exist
...
Fixes #270
2022-08-01 09:14:39 +02:00
dependabot[bot]
3e3c9b97ae
build(deps): bump juniper from 0.15.9 to 0.15.10
...
Bumps [juniper](https://github.com/graphql-rust/juniper ) from 0.15.9 to 0.15.10.
- [Release notes](https://github.com/graphql-rust/juniper/releases )
- [Changelog](https://github.com/graphql-rust/juniper/blob/master/release.toml )
- [Commits](https://github.com/graphql-rust/juniper/compare/juniper-v0.15.9...juniper-v0.15.10 )
---
updated-dependencies:
- dependency-name: juniper
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-30 19:22:59 +02:00
Valentin Tolmer
8c1ea11b95
server: add an option to use STARTTLS for smtp
2022-07-30 15:58:58 +02:00
Valentin Tolmer
cd0ab378ef
server: deprecate smtp.tls_required, add smtp_encryption
2022-07-30 15:58:58 +02:00
Iván Izaguirre
5c584536b5
frontend: Add UUID and creation date
...
This exposes the new info in the GraphQL API, and adds it to the frontend.
2022-07-21 12:10:37 +02:00
Valentin Tolmer
c399ff2bfa
server: switch from OpenSSL to Rustls
2022-07-15 15:49:15 +02:00
Frank Moskal
9e37a06514
server: allow admin email to be set via config
2022-07-13 14:32:35 +02:00
Valentin Tolmer
294ce77a47
server: Fix misc clippy warnings
2022-07-13 12:43:51 +02:00
Valentin Tolmer
91d12a7e97
release: v0.4.0
2022-07-08 19:02:20 +02:00
Valentin Tolmer
cf19fd41b0
server: Update permission checks for strict_readonly
2022-07-08 19:02:20 +02:00
Valentin Tolmer
500a441df7
server: Migrate from lldap_readonly to lldap_strict_readonly
2022-07-08 19:02:20 +02:00
Valentin Tolmer
6701027002
release: Release version 0.3.0
2022-07-08 14:49:01 +02:00
Valentin Tolmer
fab884711f
server: Make objectClass matching case-insensitive
...
Fixes https://github.com/nitnelave/lldap/issues/189
2022-07-08 12:00:55 +02:00
Valentin Tolmer
1a37e1ee04
server: Allow readonly users to change non-admin passwords
2022-07-08 11:49:13 +02:00
Valentin Tolmer
8c3a168c7f
server: remove spurious debug message
2022-07-06 00:15:08 +02:00
Valentin Tolmer
c6ffaa2abf
server: fix member_of for users with no groups
2022-07-05 18:15:38 +02:00
Valentin Tolmer
8101ddc85f
server: Create release candidate 0.3.0-rc.1
2022-07-01 14:57:22 +02:00
Valentin Tolmer
49f4e48aae
cargo: update various dependencies
2022-07-01 14:57:22 +02:00
Valentin Tolmer
4092b2e5b1
server: Print version on startup
2022-07-01 14:57:22 +02:00
Valentin Tolmer
c5017bbd42
ldap: remove copies from the wildcard expansion
2022-07-01 12:41:12 +02:00
Valentin Tolmer
c72c1fdf2c
server: Add a Uuid attribute to every user and group
2022-07-01 12:41:12 +02:00
Valentin Tolmer
1a03346a38
server: refactor auth_service to use Results
...
This simplifies the flow, and gets rid of wrong clippy warnings about
missing awaits due to the instrumentation.
2022-06-30 17:14:13 +02:00
Valentin Tolmer
23a4763914
server: Add tracing logging
...
Fixes #17
2022-06-30 17:14:13 +02:00
Valentin Tolmer
a512b1844a
server: Disambiguate list_users query
...
The confusion of display_name caused every user to be called like the
first group they belonged to.
2022-06-30 10:32:52 +02:00
Valentin Tolmer
5e2eea0d97
sqlx: update dependency and protect against injections
2022-06-26 11:55:37 +02:00
dependabot[bot]
bafb1dc5cc
build(deps): bump tokio from 1.11.0 to 1.13.1
...
Bumps [tokio](https://github.com/tokio-rs/tokio ) from 1.11.0 to 1.13.1.
- [Release notes](https://github.com/tokio-rs/tokio/releases )
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.11.0...tokio-1.13.1 )
---
updated-dependencies:
- dependency-name: tokio
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-24 18:01:25 +02:00
Valentin Tolmer
733d363e25
ldap: handle full scope searches
...
Nextcloud searches for users by specifying the entire user DN as the
scope. This commit adds support for these specific scopes.
2022-06-10 17:18:46 +02:00
Valentin Tolmer
da186fab38
ldap: add support for memberOf attribute
...
The "memberOf" filter was already supported, but not the attribute.
Fixes #179
2022-06-10 15:22:06 +02:00
Valentin Tolmer
ff698df280
server: Introduce a read-only user
2022-06-06 17:27:37 +02:00
Valentin Tolmer
1efab58d0c
ldap: add an option to silence unknown fields in the config
2022-05-30 20:08:02 +02:00
Valentin Tolmer
a0b0b455ed
ldap: ignore unknown filters
2022-05-30 20:08:02 +02:00
Valentin Tolmer
1d8582f937
ldap: lowercase all DN, fields, values
2022-05-30 19:23:29 +02:00
Valentin Tolmer
7e62cc6eda
ldap: handle "present" filters for groups
2022-05-29 19:30:07 +02:00
Matthew Strasiotto
b7957f598b
ldap wildcard handler, error if '*' attribute makes it to get_x_attribute
2022-05-12 13:14:04 +02:00
Matthew Strasiotto
5150d8341f
ldap wildcard handler, add tests
2022-05-12 13:14:04 +02:00
Matthew Strasiotto
e5c80b9f17
handle wildcards being given as ldap attribute params
...
fix wildcard expansion
address some pr comments
Move ldap attribute expansion lists to constants
As per: https://github.com/nitnelave/lldap/pull/164#discussion_r867348971
lldap *+ expansion: remove unneccesary cloning
https://github.com/nitnelave/lldap/pull/164#discussion_r867349805
ldap attribute wildcard handling: remove duplicated wildcards
https://github.com/nitnelave/lldap/pull/164#issuecomment-1120211031
ldap wildcard expansion: refactor
ldap attribute handlers: handle '+' by ignoring, '*' and unmatched by warning and ignoring
attribute wildcard expansion: refactor, don't remove '+'
2022-05-12 13:14:04 +02:00
Matthew Strasiotto
875c59758b
handle dn attribute being queried as distinguishedname
2022-05-12 13:14:04 +02:00
Valentin Tolmer
ebffc1c086
server, ldap: Use group membership for admin status
2022-05-08 20:36:57 +02:00
Valentin Tolmer
d6c2805847
server: don't try to load the certificates if they're not needed
2022-05-07 15:01:54 +02:00
Valentin Tolmer
f689458aa2
server: Implement LDAPS support
2022-05-05 17:19:11 +02:00
Valentin Tolmer
6b6f11db1b
server: update clap and add LDAPS options
2022-05-05 17:19:11 +02:00
Valentin Tolmer
f1b86a16ee
ldap: return uids instead of cns for users
2022-05-03 12:13:43 +02:00
Valentin Tolmer
bd90a3a426
ldap: return actual "cn" value instead of "uid" in LDAP messages
2022-04-29 10:02:43 +02:00
Valentin Tolmer
e1e1d6cd20
ldap: accept "uid" or "cn" as username
2022-04-29 10:02:43 +02:00
Valentin Tolmer
f52197e76f
server: allow non-admin user to do limited searches
2022-04-25 09:34:25 +02:00
Valentin Tolmer
3ac38bb96f
ldap_handler: Reports groups as groupOfNames as well
2022-04-20 10:54:21 +02:00
Valentin Tolmer
2197fe77a5
server: Handle "1.1" special attribute
2022-04-18 12:01:58 +02:00
Valentin Tolmer
3a6c5fdc65
server: Report errors sending email
2022-04-17 23:14:10 +02:00
Valentin Tolmer
ca19e61f50
domain: introduce UserId to make uid case insensitive
...
Note that if there was a non-lowercase user already in the DB, it cannot
be found again. To fix this, run in the DB:
sqlite> UPDATE users SET user_id = LOWER(user_id);
2022-03-26 18:23:19 +01:00
Hendrik Schlehlein
82df8d4ca1
feat: add simple login
2022-03-04 12:04:10 +01:00
Valentin Tolmer
c850fa4273
server: refactor group requests to use filters
2022-02-12 14:27:02 +01:00
Valentin Tolmer
a1fe703bf0
server: rename RequestFilter to UserRequestFilter
2022-02-12 14:27:02 +01:00
Valentin Tolmer
d20bd196bc
ldap_handler: trim spaces in LDAP identifiers
2022-02-11 09:34:21 +01:00
Valentin Tolmer
8e8614fe2e
server: fix clippy warning
2021-12-08 12:01:56 +01:00
Valentin Tolmer
110b7c7d5b
server: fix command line version stuck at 0.1
2021-12-08 12:01:56 +01:00
kaysond
82770a5ff0
restore comment
2021-12-01 00:38:54 +01:00
kaysond
e11a8460ff
add SRI for other resources; add routing for all root requests
2021-12-01 00:38:54 +01:00
kaysond
7731b8e593
download static fonts to their own directory
2021-12-01 00:38:54 +01:00
kaysond
45c50923b7
fix rust formatting
2021-12-01 00:38:54 +01:00
kaysond
9f138ec4ac
server libraries locally in the docker container
2021-12-01 00:38:54 +01:00
Valentin Tolmer
ddeb4c3ce3
cargo: Bump the version number to 0.3.0-alpha.1
2021-11-29 15:50:43 +01:00
Valentin Tolmer
9653d64eb1
config: Prevent loading the wrong server_key
2021-11-28 00:55:35 +01:00
Valentin Tolmer
789c8f367e
server: Send an email for password resets
2021-11-23 00:25:47 +01:00
Valentin Tolmer
db2b5cbae0
server: Add http_url to the configuration
2021-11-23 00:25:47 +01:00
Valentin Tolmer
a13bfc3575
server: Implement password reset
...
It's still missing the email.
This also secures the password change method with a JWT token check: you
have to be logged in to change the password.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
7b5ad47ee2
server: Make the JWT cookies valid for /
...
This will be used to secure the password change API.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
e1503743b5
server: Add methods to get/set a password reset token
2021-11-23 00:25:47 +01:00
Valentin Tolmer
88732556c1
server: Add an SQL table to store password reset tokens
2021-11-23 00:25:47 +01:00
Valentin Tolmer
f1bda21cad
misc: Make openssl vendored for cross-compil
2021-11-23 00:25:47 +01:00
Valentin Tolmer
790fd7c5d1
cargo: Update to 2021 edition
2021-11-23 00:25:47 +01:00
Valentin Tolmer
4551e27b55
server, auth: Update some dependencies
2021-11-23 00:25:47 +01:00
Valentin Tolmer
ad1ee52d76
server: Prevent sqlx from logging unless verbose
2021-11-23 00:25:47 +01:00
Valentin Tolmer
9124339b96
server: Prevent passwords and secrets from being printed
2021-11-23 00:25:47 +01:00
Valentin Tolmer
617a0f53fa
server: Send an email with the test command
2021-11-23 00:25:47 +01:00
Valentin Tolmer
1d54ca8040
server: Load config for both run and mail
2021-11-23 00:25:47 +01:00
Valentin Tolmer
77ced7ea43
misc: Forbid non-ascii identifiers
...
That prevents a class of unicode attacks, e.g. invisible characters.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
fa0105fa96
cli: Add a "send test email" command
...
Still unimplemented. This re-organizes the command-line flags.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
18e3892e55
configuration: Add smtp config values.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
350fdcdf9b
server: improve error messages
2021-11-23 00:25:47 +01:00
Valentin Tolmer
adf088c74b
configuration: move default values inline
2021-11-23 00:25:47 +01:00
Valentin Tolmer
c055c4e671
server: Add lettre dependency to handle emails
2021-11-23 00:25:47 +01:00
Valentin Tolmer
47ee56873e
ldap: Improve coverage of filters
2021-11-08 11:10:40 +01:00
Valentin Tolmer
ee863f74fc
ldap: Add tests for password change
2021-11-08 11:10:40 +01:00
Valentin Tolmer
24e3125e34
ldap: Test the "memberOf" filter
2021-11-08 11:10:40 +01:00
Valentin Tolmer
06b6653dff
ldap: Test more invalid DNs
2021-11-08 11:10:40 +01:00
Valentin Tolmer
62745970c6
ldap: Add context to the errors
2021-11-08 11:10:40 +01:00
Valentin Tolmer
ea3142da5d
ldap: test message handler
2021-11-08 11:10:40 +01:00
Valentin Tolmer
d96b534921
ldap: Improve debug messages
2021-11-08 09:31:29 +01:00
Valentin Tolmer
9a024cd7fc
ldap: Fix response when both users and groups are returned
2021-11-08 09:31:29 +01:00
Valentin Tolmer
c964428858
fixup: group filters
2021-11-08 09:31:29 +01:00
Valentin Tolmer
f98023e67f
ldap: Improve support for group filters
2021-11-08 09:31:29 +01:00
Valentin Tolmer
e68d46d4fe
ldap: Make attribute matching case insensitive
2021-11-08 09:31:29 +01:00
Valentin Tolmer
9a680a7d06
server: Add a debug log for LDAP messages
2021-11-08 09:31:29 +01:00
Valentin Tolmer
7345cc42d0
ldap: Add support for createTimestamp and modifyTimestamp
...
This should help with KeyCloak support.
2021-11-08 09:31:29 +01:00
Valentin Tolmer
43ffeca24d
ldap: Add support for password modify extension
...
This allows other systems (e.g. Authelia) to reset passwords for users.
2021-10-28 18:20:01 +02:00
Valentin Tolmer
31e1ff358b
ldap: Implement a rootDSE response
...
This is the message that broadcasts the capabilities of the server,
including the supported extensions.
2021-10-28 18:20:01 +02:00
Valentin Tolmer
d423c64d57
ldap: Switch to using LdapOp instead of ServerOp
...
This is in preparation of supporting the password change message, since
this is from the Extended Operations that is not available in the simple
ServerOp.
2021-10-28 18:20:01 +02:00
Valentin Tolmer
438ac2818a
ldap: Add support for "dn" attribute
2021-10-28 16:36:13 +02:00