From 0b9f50246c10b7b58aff91f849ae3615e0fc2df6 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sun, 29 Mar 2020 19:39:25 +0200 Subject: [PATCH 01/15] closing the files when we're done reading them --- config.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/config.lua b/config.lua index 1bf9151..d8f3ef4 100644 --- a/config.lua +++ b/config.lua @@ -11,14 +11,16 @@ function get_config() -- Load the configuration file local conf_file = assert(io.open(conf_path, "r"), "Configuration file is missing") local conf = json.decode(conf_file:read("*all")) - + conf_file:close() -- Load additional rules from the `.persistent` configuration file. -- The `.persistent` file contains rules that will overwrite previous rules. -- It typically enables you to set custom rules. local persistent_conf_file = io.open(conf_path..".persistent", "r") if persistent_conf_file ~= nil then - for k, v in pairs(json.decode(persistent_conf_file:read("*all"))) do + perm_conf = json.decode(persistent_conf_file:read("*all")) + persistent_conf_file:close() + for k, v in pairs(perm_conf) do -- If the configuration key already exists and is a table, merge it if conf[k] and type(v) == "table" then From e0a66428ea148b968aaa492077a94c884da6ecdb Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 17 Apr 2020 00:56:40 +0200 Subject: [PATCH 02/15] [fix] invalid more cookies --- helpers.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpers.lua b/helpers.lua index 4ca3b1a..91a31c8 100644 --- a/helpers.lua +++ b/helpers.lua @@ -214,7 +214,7 @@ function delete_redirect_cookie() "; Expires="..expired_time.. "; Secure".. "; HttpOnly".. - "; SameSite=Lax ;;" + "; SameSite=Lax" ngx.header["Set-Cookie"] = "SSOwAuthRedirect=;" ..cookie_str end From e4b415a64e9d1346bba4f464bbeaa09d937fc209 Mon Sep 17 00:00:00 2001 From: SilverViper Date: Thu, 30 Apr 2020 15:45:41 +0200 Subject: [PATCH 03/15] Remove all ;; in Set-Cookie --- helpers.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helpers.lua b/helpers.lua index 91a31c8..c6bf93c 100644 --- a/helpers.lua +++ b/helpers.lua @@ -177,7 +177,7 @@ function set_auth_cookie(user, domain) "; Expires="..os.date("%a, %d %b %Y %X UTC", expire).. "; Secure".. "; HttpOnly".. - "; SameSite=Lax ;;" + "; SameSite=Lax" ngx.header["Set-Cookie"] = { "SSOwAuthUser="..user..cookie_str, @@ -197,7 +197,7 @@ function delete_cookie() "; Expires="..expired_time.. "; Secure".. "; HttpOnly".. - "; SameSite=Lax ;;" + "; SameSite=Lax" ngx.header["Set-Cookie"] = { "SSOwAuthUser="..cookie_str, "SSOwAuthHash="..cookie_str, From 728620778e959b5c9b21571934f70e308fb97620 Mon Sep 17 00:00:00 2001 From: SilverViper Date: Thu, 30 Apr 2020 17:39:07 +0200 Subject: [PATCH 04/15] prevent SSOwAuthRedirect=;; --- helpers.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpers.lua b/helpers.lua index c6bf93c..e8a46e5 100644 --- a/helpers.lua +++ b/helpers.lua @@ -215,7 +215,7 @@ function delete_redirect_cookie() "; Secure".. "; HttpOnly".. "; SameSite=Lax" - ngx.header["Set-Cookie"] = "SSOwAuthRedirect=;" ..cookie_str + ngx.header["Set-Cookie"] = "SSOwAuthRedirect=" ..cookie_str end From 6a14e78617d49adb14b175205c53329daca4f436 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 26 May 2020 23:58:40 +0200 Subject: [PATCH 05/15] Update author/maintainer information --- debian/control | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/debian/control b/debian/control index f6722ab..6d30ec7 100644 --- a/debian/control +++ b/debian/control @@ -1,14 +1,14 @@ Source: ssowat Section: net Priority: extra -Maintainer: Adrien Beudin +Maintainer: YunoHost Contributors Build-Depends: debhelper (>=8.0.0) Standards-Version: 3.9.1 Package: ssowat Architecture: all Depends: nginx-extras (>=1.6.2), lua-ldap, lua-json, lua-rex-pcre, whois -Homepage: http://www.yunohost.org -Description: SSOWAT - Websso for yunohost - +Homepage: https://yunohost.org +Description: user portal with single sign-on designed for Yunohost + A minimalist user portal with single sign-on, designed to be + interfaced with Yunohost. From 70c81c6b894c85557c5eb9a69064da599282da2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Allan=20Nordh=C3=B8y?= Date: Tue, 16 Jun 2020 15:48:56 +0000 Subject: [PATCH 06/15] README reworked (#165) --- README.md | 80 +++++++++++++++++++++++++++---------------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/README.md b/README.md index d084b79..c180a89 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ SSOwat ====== -A simple LDAP SSO for nginx, written in Lua +A simple LDAP SSO for NGINX, written in Lua. Translation status @@ -10,25 +10,25 @@ A simple LDAP SSO for nginx, written in Lua Issues ------ -- [Please report issues on YunoHost bugtracker](https://github.com/YunoHost/issues). +- [Please report issues to the YunoHost bugtracker](https://github.com/YunoHost/issues). Requirements ------------ -- Nginx-extras from Debian wheezy-backports -- lua-json -- lua-ldap -- lua-filesystem -- lua-socket -- lua-rex-pcre +- `nginx-extras` from Debian wheezy-backports +- `lua-json` +- `lua-ldap` +- `lua-filesystem` +- `lua-socket` +- `lua-rex-pcre` **OR** -- Nginx "Openresty" flavored : http://openresty.org/ -- lua-ldap -- lua-filesystem -- lua-socket -- lua-rex-pcre +- "OpenResty" flavored NGINX: https://openresty.org/ +- `lua-ldap` +- `lua-filesystem` +- `lua-socket` +- `lua-rex-pcre` Installation ------------ @@ -40,10 +40,10 @@ git clone https://github.com/YunoHost/SSOwat /etc/ssowat ``` -Nginx configuration +NGINX configuration ------------------- -* Add SSOwat's Nginx configuration (`http{}` scope) +* Add SSOwat's NGINX configuration (`http{}` scope) ```bash nano /etc/nginx/conf.d/ssowat.conf @@ -72,11 +72,11 @@ If you use YunoHost, you may want to edit the `/etc/ssowat/conf.json.persistent` ## Available parameters -These are the SSOwat's configuration parameters. Only `portal_domain` is required, but it is recommended to know the others to fully understand what you can do with SSOwat. +Only the `portal_domain` SSOwat configuration parameters is required, but it is recommended to know the others to fully understand what you can do with it. #### portal_domain -Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**) +Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**). #### portal_path @@ -84,92 +84,92 @@ URI of the authentication portal (**default**: `/ssowat/`). This path **must** e #### portal_port -Web port of the authentication portal (**default**: `443` for `https`, `80` for `http`) +Web port of the authentication portal (**default**: `443` for `https`, `80` for `http`). #### portal_scheme -Whether authentication should use secure connection or not (**default**: `https`) +Whether authentication should use secure connection or not (**default**: `https`). #### domains -List of handled domains (**default**: similar to `portal_domain`) +List of handled domains (**default**: similar to `portal_domain`). #### ldap_host -LDAP server hostname (**default**: `localhost`) +LDAP server hostname (**default**: `localhost`). #### ldap_group -LDAP group to search in (**default**: `ou=users,dc=yunohost,dc=org`) +LDAP group to search in (**default**: `ou=users,dc=yunohost,dc=org`). #### ldap_identifier -LDAP user identifier (**default**: `uid`) +LDAP user identifier (**default**: `uid`). #### ldap_attributes -User's attributes to fetch from LDAP (**default**: `["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]`) +User's attributes to fetch from LDAP (**default**: `["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]`). #### ldap_enforce_crypt -Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (**default**: `true`) +Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (**default**: `true`). #### allow_mail_authentication -Whether users can authenticate with their mail address (**default**: `true`) +Whether users can authenticate with their mail address (**default**: `true`). #### login_arg -URI argument to use for cross-domain authentication (**default**: `sso_login`) +URI argument to use for cross-domain authentication (**default**: `sso_login`). #### additional_headers -Array of additionnal HTTP headers to set once user is authenticated (**default**: `{ "Remote-User": "uid" }`) +Array of additionnal HTTP headers to set once user is authenticated (**default**: `{ "Remote-User": "uid" }`). #### session_timeout -The session expiracy time limit in seconds, since the last connection (**default**: `86400` / one day) +The session expiracy time limit in seconds, since the last connection (**default**: `86400` / one day). #### session_max_timeout -The session expiracy time limit in seconds (**default**: `604800` / one week) +The session expiracy time limit in seconds (**default**: `604800` / one week). #### protected_urls -List of priorily protected URLs and/or URIs (**by default, every URL is protected**) +List of priorily protected URLs and/or URIs (**by default, every URL is protected**). #### protected_regex -List of regular expressions to be matched against URLs **and** URIs to protect them +List of regular expressions to be matched against URLs **and** URIs to protect them. #### skipped_urls -List of URLs and/or URIs that will not be affected by SSOwat. This must be a JSON array, and SSOwat automatically adds itself to this array. +List of URLs and/or URIs that will not be affected by SSOwat. This must be a JSON array, and SSOwat automatically adds itself to it. #### skipped_regex -List of regular expressions to be matched against URLs **and** URIs to ignore them +List of regular expressions to be matched against URLs **and** URIs to ignore them. #### unprotected_urls -List of URLs and/or URIs that will not be affected by SSOwat **unless user is authenticated** +List of URLs and/or URIs that will not be affected by SSOwat **unless a user is authenticated**. #### unprotected_regex -List of regular expressions to be matched against URLs **and** URIs to ignore them **unless user is authenticated** +List of regular expressions to be matched against URLs **and** URIs to ignore them **unless a user is authenticated**. #### redirected_urls -Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ "/": "example.org/subpath" }`) +Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ "/": "example.org/subpath" }`). #### redirected_regex -Array of regular expressions to be matched against URLS **and** URIs and their redirect URI/URL (**example**: `{ "example.org/megusta$": "example.org/subpath" }`) +Array of regular expressions to be matched against URLs **and** URIs and their redirect URI/URL (**example**: `{ "example.org/megusta$": "example.org/subpath" }`). #### users -2-level array containing usernames and their allowed URLs along with an App name (**example**: `{ "kload": { "kload.fr/myapp/": "My App" } }`) +2-level array containing usernames and their allowed URLs along with an app name (**example**: `{ "kload": { "kload.fr/myapp/": "My App" } }`). #### default_language -Language code used by default in views (**default**: `en`) +Language code used by default in views (**default**: `en`). From 20de3f5f37aa29847c97375cf69f89c188463ce0 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Thu, 18 Jun 2020 14:49:26 +0200 Subject: [PATCH 07/15] fix theme loading --- access.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/access.lua b/access.lua index a7d3034..7c51cd1 100644 --- a/access.lua +++ b/access.lua @@ -272,7 +272,7 @@ end function scandir(directory, callback) -- use find (and not ls) to list only files recursively and with their full path relative to the asked directory - local pfile = io.popen('find "'..directory..'" -type f') + local pfile = io.popen('find "'..directory..'" -type f -printf \"%f\n\"') for filename in pfile:lines() do callback(filename) end From b5a1d8dfed1523d696329249d535f39f6aca9655 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Thu, 18 Jun 2020 15:20:11 +0200 Subject: [PATCH 08/15] find recursively relative to the theme directory --- access.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/access.lua b/access.lua index 7c51cd1..a7443bd 100644 --- a/access.lua +++ b/access.lua @@ -272,7 +272,7 @@ end function scandir(directory, callback) -- use find (and not ls) to list only files recursively and with their full path relative to the asked directory - local pfile = io.popen('find "'..directory..'" -type f -printf \"%f\n\"') + local pfile = io.popen('find "'..directory..'" -type f -exec realpath --relative-to "'..directory..'" {} \\;') for filename in pfile:lines() do callback(filename) end From 514c416c683727f5d5108644e95f7454eb4efeac Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 18 Jun 2020 16:11:55 +0200 Subject: [PATCH 09/15] Update changelog for 3.8.0.2 --- debian/changelog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/debian/changelog b/debian/changelog index 270b871..16fec41 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +ssowat (3.8.0.2) stable; urgency=low + + - [mod] Update author/maintainer information (6a14e78) + - [enh] README reworked (#165) (70c81c6) + - [fix] theme loading (#167, #168) + + Thanks to all contributors <3 ! (Allan Nordhøy, Kay0u) + + -- Alexandre Aubin Thu, 18 Jun 2020 16:10:00 +0200 + ssowat (3.8.0.1) stable; urgency=low - [i18n] Improved translations for Chinese (Simplified), Dutch, Greek, Nepali, Polish, Spanish From 1dae6e8a1e806b360a26bb750fdbc48ff4fe1d85 Mon Sep 17 00:00:00 2001 From: Emmanuel Counasse Date: Sat, 11 Jul 2020 23:01:54 +0200 Subject: [PATCH 10/15] allow the user's password manager to automatically enter the password/username/new-password --- portal/login.html | 4 ++-- portal/password.html | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/portal/login.html b/portal/login.html index 0c36519..0b176b9 100644 --- a/portal/login.html +++ b/portal/login.html @@ -2,11 +2,11 @@ diff --git a/portal/password.html b/portal/password.html index 4d20418..9441db0 100644 --- a/portal/password.html +++ b/portal/password.html @@ -20,14 +20,14 @@
- +
- - + +
{{t_cancel}} From 971cd1802cc1a1f4b36ce5ebd0e04b88b8e6b537 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 27 Jul 2020 15:44:58 +0200 Subject: [PATCH 11/15] Update config.lua Co-authored-by: Kayou --- config.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config.lua b/config.lua index d8f3ef4..90141f8 100644 --- a/config.lua +++ b/config.lua @@ -11,7 +11,9 @@ function get_config() -- Load the configuration file local conf_file = assert(io.open(conf_path, "r"), "Configuration file is missing") local conf = json.decode(conf_file:read("*all")) - conf_file:close() + if conf_file ~= nil then + conf_file:close() + end -- Load additional rules from the `.persistent` configuration file. -- The `.persistent` file contains rules that will overwrite previous rules. From 90fdbf1564d8ed22711fee3e95a707f7e884ceb9 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 27 Jul 2020 17:56:56 +0200 Subject: [PATCH 12/15] Update changelog for 3.8.0.3 --- debian/changelog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/debian/changelog b/debian/changelog index 16fec41..a04c28e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +ssowat (3.8.0.3) stable; urgency=low + + - [enh] Allow the user's password manager to automatically enter the password/username/new-password (1dae6e8) + - [fix] Closing the files when we're done reading them ([#160](https://github.com/YunoHost/SSOwat/pull/160)) + - [fix] Clear cookies more properly ([#163](https://github.com/YunoHost/SSOwat/pull/163)) + + Thanks to all contributors <3 ! (Bram, E. Counasse, Kay0u, SilverViper) + + -- Alexandre Aubin Mon, 27 Jul 2020 17:50:44 +0200 + ssowat (3.8.0.2) stable; urgency=low - [mod] Update author/maintainer information (6a14e78) From 074eef4a52b3152adfe096a9b12426910880deab Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 5 Jun 2020 17:29:50 +0200 Subject: [PATCH 13/15] Update changelog for 4.0.1~alpha --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index a04c28e..af06d5f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ssowat (4.0.1~alpha) testing; urgency=low + + - Bump version number for buster release + + -- Alexandre Aubin Fri, 05 Jun 2020 17:26:35 +0200 + ssowat (3.8.0.3) stable; urgency=low - [enh] Allow the user's password manager to automatically enter the password/username/new-password (1dae6e8) From 9a140ae0ad3ba44089d679b022466a4bc987b180 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 19 Jun 2020 15:29:33 +0200 Subject: [PATCH 14/15] Bump version to 4.0.2~beta --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index af06d5f..a106915 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ssowat (4.0.2~beta) testing; urgency=low + + - Rebase on stretch-unstable and bump vrsion number for beta + + -- Alexandre Aubin Fri, 19 Jun 2020 15:29:05 +0200 + ssowat (4.0.1~alpha) testing; urgency=low - Bump version number for buster release From 3f362be3710c114af2bbff1fbf5d887d027d5614 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 29 Jul 2020 17:06:41 +0200 Subject: [PATCH 15/15] Update changelog for 4.0.3 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index a106915..536ca95 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ssowat (4.0.3) stable; urgency=low + + - Bump version number for stable release + + -- Alexandre Aubin Wed, 29 Jul 2020 17:00:00 +0200 + ssowat (4.0.2~beta) testing; urgency=low - Rebase on stretch-unstable and bump vrsion number for beta