Commit Graph

128 Commits

Author SHA1 Message Date
Valentin Tolmer
4c69f917e7 server: Improve equality handling in filters
Now the columns are checked and mapped to user columns, to avoid any
ambiguity.

Fixes #341.
2022-10-19 08:43:38 +02:00
Valentin Tolmer
8d19678e39 server: refactor sql backend handler
And add some missing tests
2022-10-18 13:04:59 +02:00
Valentin Tolmer
35aa656677 server: refactor ldap_handler
Split it into several files, move them into the domain folder, introduce
`LdapError` for better control flow.
2022-10-17 14:39:44 +02:00
Valentin Tolmer
0be440efc8 server: Start versioning the DB schema
In preparation for #67.
2022-10-17 09:38:37 +02:00
Valentin Tolmer
32850d4ff9 ldap: add entryUUID to the default fields
It should help with #293.
2022-10-12 18:35:40 +02:00
Valentin Tolmer
3aaf53442b server: implement healthcheck 2022-10-12 16:44:52 +02:00
Valentin Tolmer
5402aa5aa2 server: Silence error message when creating DB
Fixes #300
2022-09-30 15:12:15 +02:00
Valentin Tolmer
8069516283 server: Add support for PKCS1 keys
Fixes #288
2022-09-30 13:56:03 +02:00
Valentin Tolmer
6c21f2ef4b clippy: fix warning by implementing Eq 2022-09-27 06:54:29 +02:00
Valentin Tolmer
516893f1f7 server: Fix query building of chained ands/ors
Fixes #303
2022-09-27 05:14:57 +02:00
Valentin Tolmer
7e1ce10df1 server: allow every config value to be specified as a file
By using https://crates.io/crates/figment_file_provider_adapter

Fixes https://github.com/nitnelave/lldap/issues/263
2022-09-14 11:16:50 +02:00
Valentin Tolmer
60c594438c ldap: Stop returning empty attributes 2022-08-09 13:03:28 +02:00
Valentin Tolmer
b130965264 ldap: return user's avatar 2022-08-09 13:03:28 +02:00
Valentin Tolmer
697a64991d server: Change attribute values to bytes 2022-08-09 13:03:28 +02:00
Valentin Tolmer
3acc448048 server: Add support for users' avatars in GrahpQL 2022-08-09 13:03:28 +02:00
Valentin Tolmer
64556fc744 server: stop returning "dn" as an attribute
It's already part of the base response

Fixes #254.
2022-08-01 18:26:47 +02:00
Valentin Tolmer
134a9366f5 server: create private key with 400 permissions
Fixes #261.
2022-08-01 17:43:37 +02:00
Valentin Tolmer
c108921dcf server: Add a log message when search is restricted
Fixes #264.
2022-08-01 14:02:24 +02:00
Valentin Tolmer
897704fab3 server: Fix extra error message when DB doesn't exist
Fixes #270
2022-08-01 09:14:39 +02:00
Valentin Tolmer
8c1ea11b95 server: add an option to use STARTTLS for smtp 2022-07-30 15:58:58 +02:00
Valentin Tolmer
cd0ab378ef server: deprecate smtp.tls_required, add smtp_encryption 2022-07-30 15:58:58 +02:00
Iván Izaguirre
5c584536b5
frontend: Add UUID and creation date
This exposes the new info in the GraphQL API, and adds it to the frontend.
2022-07-21 12:10:37 +02:00
Valentin Tolmer
c399ff2bfa server: switch from OpenSSL to Rustls 2022-07-15 15:49:15 +02:00
Frank Moskal
9e37a06514
server: allow admin email to be set via config 2022-07-13 14:32:35 +02:00
Valentin Tolmer
294ce77a47 server: Fix misc clippy warnings 2022-07-13 12:43:51 +02:00
Valentin Tolmer
cf19fd41b0 server: Update permission checks for strict_readonly 2022-07-08 19:02:20 +02:00
Valentin Tolmer
500a441df7 server: Migrate from lldap_readonly to lldap_strict_readonly 2022-07-08 19:02:20 +02:00
Valentin Tolmer
fab884711f server: Make objectClass matching case-insensitive
Fixes https://github.com/nitnelave/lldap/issues/189
2022-07-08 12:00:55 +02:00
Valentin Tolmer
1a37e1ee04 server: Allow readonly users to change non-admin passwords 2022-07-08 11:49:13 +02:00
Valentin Tolmer
8c3a168c7f server: remove spurious debug message 2022-07-06 00:15:08 +02:00
Valentin Tolmer
c6ffaa2abf server: fix member_of for users with no groups 2022-07-05 18:15:38 +02:00
Valentin Tolmer
4092b2e5b1 server: Print version on startup 2022-07-01 14:57:22 +02:00
Valentin Tolmer
c5017bbd42 ldap: remove copies from the wildcard expansion 2022-07-01 12:41:12 +02:00
Valentin Tolmer
c72c1fdf2c server: Add a Uuid attribute to every user and group 2022-07-01 12:41:12 +02:00
Valentin Tolmer
1a03346a38 server: refactor auth_service to use Results
This simplifies the flow, and gets rid of wrong clippy warnings about
missing awaits due to the instrumentation.
2022-06-30 17:14:13 +02:00
Valentin Tolmer
23a4763914 server: Add tracing logging
Fixes #17
2022-06-30 17:14:13 +02:00
Valentin Tolmer
a512b1844a server: Disambiguate list_users query
The confusion of display_name caused every user to be called like the
first group they belonged to.
2022-06-30 10:32:52 +02:00
Valentin Tolmer
5e2eea0d97 sqlx: update dependency and protect against injections 2022-06-26 11:55:37 +02:00
Valentin Tolmer
733d363e25 ldap: handle full scope searches
Nextcloud searches for users by specifying the entire user DN as the
scope. This commit adds support for these specific scopes.
2022-06-10 17:18:46 +02:00
Valentin Tolmer
da186fab38 ldap: add support for memberOf attribute
The "memberOf" filter was already supported, but not the attribute.

Fixes #179
2022-06-10 15:22:06 +02:00
Valentin Tolmer
ff698df280 server: Introduce a read-only user 2022-06-06 17:27:37 +02:00
Valentin Tolmer
1efab58d0c ldap: add an option to silence unknown fields in the config 2022-05-30 20:08:02 +02:00
Valentin Tolmer
a0b0b455ed ldap: ignore unknown filters 2022-05-30 20:08:02 +02:00
Valentin Tolmer
1d8582f937 ldap: lowercase all DN, fields, values 2022-05-30 19:23:29 +02:00
Valentin Tolmer
7e62cc6eda ldap: handle "present" filters for groups 2022-05-29 19:30:07 +02:00
Matthew Strasiotto
b7957f598b ldap wildcard handler, error if '*' attribute makes it to get_x_attribute 2022-05-12 13:14:04 +02:00
Matthew Strasiotto
5150d8341f ldap wildcard handler, add tests 2022-05-12 13:14:04 +02:00
Matthew Strasiotto
e5c80b9f17 handle wildcards being given as ldap attribute params
fix wildcard expansion

address some pr comments

Move ldap attribute expansion lists to constants

As per: https://github.com/nitnelave/lldap/pull/164#discussion_r867348971

lldap *+ expansion: remove unneccesary cloning

https://github.com/nitnelave/lldap/pull/164#discussion_r867349805

ldap attribute wildcard handling: remove duplicated wildcards

https://github.com/nitnelave/lldap/pull/164#issuecomment-1120211031

ldap wildcard expansion: refactor

ldap attribute handlers: handle '+' by ignoring, '*' and unmatched by warning and ignoring

attribute wildcard expansion: refactor, don't remove '+'
2022-05-12 13:14:04 +02:00
Matthew Strasiotto
875c59758b handle dn attribute being queried as distinguishedname 2022-05-12 13:14:04 +02:00
Valentin Tolmer
ebffc1c086 server, ldap: Use group membership for admin status 2022-05-08 20:36:57 +02:00