Valentin Tolmer
0be440efc8
server: Start versioning the DB schema
...
In preparation for #67 .
2022-10-17 09:38:37 +02:00
Valentin Tolmer
32850d4ff9
ldap: add entryUUID to the default fields
...
It should help with #293 .
2022-10-12 18:35:40 +02:00
Valentin Tolmer
3aaf53442b
server: implement healthcheck
2022-10-12 16:44:52 +02:00
Valentin Tolmer
5402aa5aa2
server: Silence error message when creating DB
...
Fixes #300
2022-09-30 15:12:15 +02:00
Valentin Tolmer
8069516283
server: Add support for PKCS1 keys
...
Fixes #288
2022-09-30 13:56:03 +02:00
Valentin Tolmer
6c21f2ef4b
clippy: fix warning by implementing Eq
2022-09-27 06:54:29 +02:00
Valentin Tolmer
516893f1f7
server: Fix query building of chained ands/ors
...
Fixes #303
2022-09-27 05:14:57 +02:00
Valentin Tolmer
7e1ce10df1
server: allow every config value to be specified as a file
...
By using https://crates.io/crates/figment_file_provider_adapter
Fixes https://github.com/nitnelave/lldap/issues/263
2022-09-14 11:16:50 +02:00
Valentin Tolmer
60c594438c
ldap: Stop returning empty attributes
2022-08-09 13:03:28 +02:00
Valentin Tolmer
b130965264
ldap: return user's avatar
2022-08-09 13:03:28 +02:00
Valentin Tolmer
697a64991d
server: Change attribute values to bytes
2022-08-09 13:03:28 +02:00
Valentin Tolmer
3acc448048
server: Add support for users' avatars in GrahpQL
2022-08-09 13:03:28 +02:00
Valentin Tolmer
64556fc744
server: stop returning "dn" as an attribute
...
It's already part of the base response
Fixes #254 .
2022-08-01 18:26:47 +02:00
Valentin Tolmer
134a9366f5
server: create private key with 400 permissions
...
Fixes #261 .
2022-08-01 17:43:37 +02:00
Valentin Tolmer
c108921dcf
server: Add a log message when search is restricted
...
Fixes #264 .
2022-08-01 14:02:24 +02:00
Valentin Tolmer
897704fab3
server: Fix extra error message when DB doesn't exist
...
Fixes #270
2022-08-01 09:14:39 +02:00
Valentin Tolmer
8c1ea11b95
server: add an option to use STARTTLS for smtp
2022-07-30 15:58:58 +02:00
Valentin Tolmer
cd0ab378ef
server: deprecate smtp.tls_required, add smtp_encryption
2022-07-30 15:58:58 +02:00
Iván Izaguirre
5c584536b5
frontend: Add UUID and creation date
...
This exposes the new info in the GraphQL API, and adds it to the frontend.
2022-07-21 12:10:37 +02:00
Valentin Tolmer
c399ff2bfa
server: switch from OpenSSL to Rustls
2022-07-15 15:49:15 +02:00
Frank Moskal
9e37a06514
server: allow admin email to be set via config
2022-07-13 14:32:35 +02:00
Valentin Tolmer
294ce77a47
server: Fix misc clippy warnings
2022-07-13 12:43:51 +02:00
Valentin Tolmer
cf19fd41b0
server: Update permission checks for strict_readonly
2022-07-08 19:02:20 +02:00
Valentin Tolmer
500a441df7
server: Migrate from lldap_readonly to lldap_strict_readonly
2022-07-08 19:02:20 +02:00
Valentin Tolmer
fab884711f
server: Make objectClass matching case-insensitive
...
Fixes https://github.com/nitnelave/lldap/issues/189
2022-07-08 12:00:55 +02:00
Valentin Tolmer
1a37e1ee04
server: Allow readonly users to change non-admin passwords
2022-07-08 11:49:13 +02:00
Valentin Tolmer
8c3a168c7f
server: remove spurious debug message
2022-07-06 00:15:08 +02:00
Valentin Tolmer
c6ffaa2abf
server: fix member_of for users with no groups
2022-07-05 18:15:38 +02:00
Valentin Tolmer
4092b2e5b1
server: Print version on startup
2022-07-01 14:57:22 +02:00
Valentin Tolmer
c5017bbd42
ldap: remove copies from the wildcard expansion
2022-07-01 12:41:12 +02:00
Valentin Tolmer
c72c1fdf2c
server: Add a Uuid attribute to every user and group
2022-07-01 12:41:12 +02:00
Valentin Tolmer
1a03346a38
server: refactor auth_service to use Results
...
This simplifies the flow, and gets rid of wrong clippy warnings about
missing awaits due to the instrumentation.
2022-06-30 17:14:13 +02:00
Valentin Tolmer
23a4763914
server: Add tracing logging
...
Fixes #17
2022-06-30 17:14:13 +02:00
Valentin Tolmer
a512b1844a
server: Disambiguate list_users query
...
The confusion of display_name caused every user to be called like the
first group they belonged to.
2022-06-30 10:32:52 +02:00
Valentin Tolmer
5e2eea0d97
sqlx: update dependency and protect against injections
2022-06-26 11:55:37 +02:00
Valentin Tolmer
733d363e25
ldap: handle full scope searches
...
Nextcloud searches for users by specifying the entire user DN as the
scope. This commit adds support for these specific scopes.
2022-06-10 17:18:46 +02:00
Valentin Tolmer
da186fab38
ldap: add support for memberOf attribute
...
The "memberOf" filter was already supported, but not the attribute.
Fixes #179
2022-06-10 15:22:06 +02:00
Valentin Tolmer
ff698df280
server: Introduce a read-only user
2022-06-06 17:27:37 +02:00
Valentin Tolmer
1efab58d0c
ldap: add an option to silence unknown fields in the config
2022-05-30 20:08:02 +02:00
Valentin Tolmer
a0b0b455ed
ldap: ignore unknown filters
2022-05-30 20:08:02 +02:00
Valentin Tolmer
1d8582f937
ldap: lowercase all DN, fields, values
2022-05-30 19:23:29 +02:00
Valentin Tolmer
7e62cc6eda
ldap: handle "present" filters for groups
2022-05-29 19:30:07 +02:00
Matthew Strasiotto
b7957f598b
ldap wildcard handler, error if '*' attribute makes it to get_x_attribute
2022-05-12 13:14:04 +02:00
Matthew Strasiotto
5150d8341f
ldap wildcard handler, add tests
2022-05-12 13:14:04 +02:00
Matthew Strasiotto
e5c80b9f17
handle wildcards being given as ldap attribute params
...
fix wildcard expansion
address some pr comments
Move ldap attribute expansion lists to constants
As per: https://github.com/nitnelave/lldap/pull/164#discussion_r867348971
lldap *+ expansion: remove unneccesary cloning
https://github.com/nitnelave/lldap/pull/164#discussion_r867349805
ldap attribute wildcard handling: remove duplicated wildcards
https://github.com/nitnelave/lldap/pull/164#issuecomment-1120211031
ldap wildcard expansion: refactor
ldap attribute handlers: handle '+' by ignoring, '*' and unmatched by warning and ignoring
attribute wildcard expansion: refactor, don't remove '+'
2022-05-12 13:14:04 +02:00
Matthew Strasiotto
875c59758b
handle dn attribute being queried as distinguishedname
2022-05-12 13:14:04 +02:00
Valentin Tolmer
ebffc1c086
server, ldap: Use group membership for admin status
2022-05-08 20:36:57 +02:00
Valentin Tolmer
d6c2805847
server: don't try to load the certificates if they're not needed
2022-05-07 15:01:54 +02:00
Valentin Tolmer
f689458aa2
server: Implement LDAPS support
2022-05-05 17:19:11 +02:00
Valentin Tolmer
6b6f11db1b
server: update clap and add LDAPS options
2022-05-05 17:19:11 +02:00
Valentin Tolmer
f1b86a16ee
ldap: return uids instead of cns for users
2022-05-03 12:13:43 +02:00
Valentin Tolmer
bd90a3a426
ldap: return actual "cn" value instead of "uid" in LDAP messages
2022-04-29 10:02:43 +02:00
Valentin Tolmer
e1e1d6cd20
ldap: accept "uid" or "cn" as username
2022-04-29 10:02:43 +02:00
Valentin Tolmer
f52197e76f
server: allow non-admin user to do limited searches
2022-04-25 09:34:25 +02:00
Valentin Tolmer
3ac38bb96f
ldap_handler: Reports groups as groupOfNames as well
2022-04-20 10:54:21 +02:00
Valentin Tolmer
2197fe77a5
server: Handle "1.1" special attribute
2022-04-18 12:01:58 +02:00
Valentin Tolmer
3a6c5fdc65
server: Report errors sending email
2022-04-17 23:14:10 +02:00
Valentin Tolmer
ca19e61f50
domain: introduce UserId to make uid case insensitive
...
Note that if there was a non-lowercase user already in the DB, it cannot
be found again. To fix this, run in the DB:
sqlite> UPDATE users SET user_id = LOWER(user_id);
2022-03-26 18:23:19 +01:00
Hendrik Schlehlein
82df8d4ca1
feat: add simple login
2022-03-04 12:04:10 +01:00
Valentin Tolmer
c850fa4273
server: refactor group requests to use filters
2022-02-12 14:27:02 +01:00
Valentin Tolmer
a1fe703bf0
server: rename RequestFilter to UserRequestFilter
2022-02-12 14:27:02 +01:00
Valentin Tolmer
d20bd196bc
ldap_handler: trim spaces in LDAP identifiers
2022-02-11 09:34:21 +01:00
Valentin Tolmer
8e8614fe2e
server: fix clippy warning
2021-12-08 12:01:56 +01:00
Valentin Tolmer
110b7c7d5b
server: fix command line version stuck at 0.1
2021-12-08 12:01:56 +01:00
kaysond
82770a5ff0
restore comment
2021-12-01 00:38:54 +01:00
kaysond
e11a8460ff
add SRI for other resources; add routing for all root requests
2021-12-01 00:38:54 +01:00
kaysond
7731b8e593
download static fonts to their own directory
2021-12-01 00:38:54 +01:00
kaysond
45c50923b7
fix rust formatting
2021-12-01 00:38:54 +01:00
kaysond
9f138ec4ac
server libraries locally in the docker container
2021-12-01 00:38:54 +01:00
Valentin Tolmer
9653d64eb1
config: Prevent loading the wrong server_key
2021-11-28 00:55:35 +01:00
Valentin Tolmer
789c8f367e
server: Send an email for password resets
2021-11-23 00:25:47 +01:00
Valentin Tolmer
db2b5cbae0
server: Add http_url to the configuration
2021-11-23 00:25:47 +01:00
Valentin Tolmer
a13bfc3575
server: Implement password reset
...
It's still missing the email.
This also secures the password change method with a JWT token check: you
have to be logged in to change the password.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
7b5ad47ee2
server: Make the JWT cookies valid for /
...
This will be used to secure the password change API.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
e1503743b5
server: Add methods to get/set a password reset token
2021-11-23 00:25:47 +01:00
Valentin Tolmer
88732556c1
server: Add an SQL table to store password reset tokens
2021-11-23 00:25:47 +01:00
Valentin Tolmer
790fd7c5d1
cargo: Update to 2021 edition
2021-11-23 00:25:47 +01:00
Valentin Tolmer
ad1ee52d76
server: Prevent sqlx from logging unless verbose
2021-11-23 00:25:47 +01:00
Valentin Tolmer
9124339b96
server: Prevent passwords and secrets from being printed
2021-11-23 00:25:47 +01:00
Valentin Tolmer
617a0f53fa
server: Send an email with the test command
2021-11-23 00:25:47 +01:00
Valentin Tolmer
1d54ca8040
server: Load config for both run and mail
2021-11-23 00:25:47 +01:00
Valentin Tolmer
77ced7ea43
misc: Forbid non-ascii identifiers
...
That prevents a class of unicode attacks, e.g. invisible characters.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
fa0105fa96
cli: Add a "send test email" command
...
Still unimplemented. This re-organizes the command-line flags.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
18e3892e55
configuration: Add smtp config values.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
350fdcdf9b
server: improve error messages
2021-11-23 00:25:47 +01:00
Valentin Tolmer
adf088c74b
configuration: move default values inline
2021-11-23 00:25:47 +01:00
Valentin Tolmer
47ee56873e
ldap: Improve coverage of filters
2021-11-08 11:10:40 +01:00
Valentin Tolmer
ee863f74fc
ldap: Add tests for password change
2021-11-08 11:10:40 +01:00
Valentin Tolmer
24e3125e34
ldap: Test the "memberOf" filter
2021-11-08 11:10:40 +01:00
Valentin Tolmer
06b6653dff
ldap: Test more invalid DNs
2021-11-08 11:10:40 +01:00
Valentin Tolmer
62745970c6
ldap: Add context to the errors
2021-11-08 11:10:40 +01:00
Valentin Tolmer
ea3142da5d
ldap: test message handler
2021-11-08 11:10:40 +01:00
Valentin Tolmer
d96b534921
ldap: Improve debug messages
2021-11-08 09:31:29 +01:00
Valentin Tolmer
9a024cd7fc
ldap: Fix response when both users and groups are returned
2021-11-08 09:31:29 +01:00
Valentin Tolmer
c964428858
fixup: group filters
2021-11-08 09:31:29 +01:00
Valentin Tolmer
f98023e67f
ldap: Improve support for group filters
2021-11-08 09:31:29 +01:00
Valentin Tolmer
e68d46d4fe
ldap: Make attribute matching case insensitive
2021-11-08 09:31:29 +01:00
Valentin Tolmer
9a680a7d06
server: Add a debug log for LDAP messages
2021-11-08 09:31:29 +01:00
Valentin Tolmer
7345cc42d0
ldap: Add support for createTimestamp and modifyTimestamp
...
This should help with KeyCloak support.
2021-11-08 09:31:29 +01:00
Valentin Tolmer
43ffeca24d
ldap: Add support for password modify extension
...
This allows other systems (e.g. Authelia) to reset passwords for users.
2021-10-28 18:20:01 +02:00