Alexandre Aubin
|
0566f31c4b
|
Auth header : apparently doesn't work as expect if password is emtpy, so let's add a dummy char
|
2024-01-30 17:44:26 +01:00 |
|
Alexandre Aubin
|
e9a335eaf7
|
Simplify/optimize url/acl matching algorithm : drop support for legacy lua regexes, only use regexes for actual regexes, otherwise use a simple 'startswith' check
|
2023-12-23 20:39:07 +01:00 |
|
Alexandre Aubin
|
493ba581bb
|
Remove the part that injects the password inside the Authorization header ... in the vast majority of cases, only the username should be necessary and trusted by the app
|
2023-12-23 20:08:35 +01:00 |
|
Alexandre Aubin
|
f81ae9d5c5
|
Add a query string 'msg=access_denied' when denying access to a logged-in user, such that we may display it nicely on the frontend?
|
2023-11-28 19:59:13 +01:00 |
|
Alexandre Aubin
|
3336464481
|
auth: also confirm that the cookie was delivered for this domain (or parent)
|
2023-11-28 19:57:57 +01:00 |
|
Alexandre Aubin
|
6263195756
|
ew, /tabz/
|
2023-11-28 19:26:03 +01:00 |
|
Alexandre Aubin
|
d6d775f0dc
|
Uuuuh how was it even supposed to work eh
|
2023-11-28 19:14:19 +01:00 |
|
Alexandre Aubin
|
31a325dc8c
|
Typoz
|
2023-11-28 19:14:19 +01:00 |
|
Alexandre Aubin
|
6223239e94
|
implement proper expiration/prolong mechanism for cookies
|
2023-11-28 19:14:19 +01:00 |
|
Alexandre Aubin
|
b0b128f53d
|
Remove unused 'redirected_regex' mechanism, + we don't need the label and show_tile property on acls
|
2023-10-07 17:49:49 +02:00 |
|
Alexandre Aubin
|
8d2acdd174
|
Fix the boring case where the cookie secret doesnt exist yet
|
2023-10-06 14:44:05 +02:00 |
|
Alexandre Aubin
|
a3d54635e0
|
Prevent epic crash when domain_portal_urls or permissions are not defined in the conf
|
2023-10-03 19:58:55 +02:00 |
|
Alexandre Aubin
|
769f5f9cfa
|
access.lua: add special 'default' key in 'domain_portal_urls' to handle case where we reach an unmanaged domain
|
2023-09-29 14:31:30 +02:00 |
|
Alexandre Aubin
|
cac360bee9
|
access.lua: move helper at the top with the other sugar stuff
|
2023-09-29 14:30:36 +02:00 |
|
Alexandre Aubin
|
99749decdc
|
access.lua: rework again ACL check because the previous code sometimes ended up with error 500 because of permission = nil
|
2023-09-29 14:30:14 +02:00 |
|
Alexandre Aubin
|
12466db0d7
|
debian: we need lua-cjson, dependency for the jwt thing
|
2023-09-29 14:28:26 +02:00 |
|
Alexandre Aubin
|
aa7f607750
|
debian: we need lua-filesystem dependency
|
2023-09-28 19:31:13 +02:00 |
|
Alexandre Aubin
|
a2dc0bfb08
|
cleanup: remove dummy portal example
|
2023-09-27 20:35:57 +02:00 |
|
Alexandre Aubin
|
a130dec731
|
debian: propagate changes to install declarations
|
2023-09-27 20:35:35 +02:00 |
|
Alexandre Aubin
|
53700e72e9
|
Merge remote-tracking branch 'origin/dev' into bookworm
|
2023-09-27 20:34:04 +02:00 |
|
Alexandre Aubin
|
e6ffae75bd
|
Merge pull request #217 from YunoHost/portal-api
SSOwat epic refactoring / Portal API
|
2023-09-27 18:50:21 +02:00 |
|
Alexandre Aubin
|
e04e601455
|
Merge remote-tracking branch 'origin/bookworm' into portal-api
|
2023-09-27 18:49:28 +02:00 |
|
Alexandre Aubin
|
ea9e084688
|
Merge pull request #220 from selfhoster1312/lua-optimizations
portal-api: Optimization by caching & no check on public routes
|
2023-09-27 18:43:26 +02:00 |
|
Alexandre Aubin
|
46352e6a7f
|
fix cached_jwt_verify signature
|
2023-09-27 18:43:13 +02:00 |
|
Alexandre Aubin
|
809a2a93b6
|
Merge pull request #221 from orhtej2/pcre2
Fix helper for bookworm.
|
2023-09-08 19:59:28 +02:00 |
|
orhtej2
|
2880d1cfb9
|
Fix helper for bookworm.
|
2023-09-08 19:57:36 +02:00 |
|
selfhoster1312
|
5eff85928e
|
Cache JWT crypto work, only check auth on non-public routes
|
2023-09-02 19:39:07 +02:00 |
|
Alexandre Aubin
|
38a6f23f38
|
Merge pull request #219 from yunohost-bot/weblate-yunohost-ssowat
Translations update from Weblate
|
2023-08-31 17:29:31 +02:00 |
|
ButterflyOfFire
|
79d0e7b497
|
Translated using Weblate (Kabyle)
Currently translated at 31.9% (15 of 47 strings)
Translation: YunoHost/SSOwat
Translate-URL: https://translate.yunohost.org/projects/yunohost/ssowat/kab/
|
2023-08-31 00:25:46 +02:00 |
|
Alexandre Aubin
|
5da36abb74
|
Merge pull request #215 from selfhoster1312/epic_refactoring
Do not 500 when a requested domain is not configured for SSOWat
|
2023-08-13 18:55:02 +02:00 |
|
selfhoster1312
|
5fcfd9ede6
|
Do not 500 when a requested domain is not configured for SSOWat
|
2023-08-13 18:17:52 +02:00 |
|
Tagada
|
1b44ec4898
|
Merge branch 'dev' into bookworm
|
2023-07-20 15:55:18 +02:00 |
|
Alexandre Aubin
|
1ac6388242
|
Misc fixes after tests on the battlefield
|
2023-07-18 01:26:56 +02:00 |
|
Alexandre Aubin
|
c68f90b83e
|
Update changelog for 11.2
|
2023-07-17 16:34:57 +02:00 |
|
Alexandre Aubin
|
85591a5744
|
Merge pull request #214 from yunohost-bot/weblate-yunohost-ssowat
Translations update from Weblate
|
2023-07-17 15:48:29 +02:00 |
|
Alexandre Aubin
|
6044595ca1
|
Merge remote-tracking branch 'origin/dev' into epic_refactoring
|
2023-07-16 00:49:43 +02:00 |
|
Alexandre Aubin
|
24b7630d3c
|
epic refactoring: refactor the 'portal url' logic, we shall now have a dict mapping domains to portal urls (which is anyway imposed by cookie management unless we reintroduce complex cross-domain authentication...)
|
2023-07-15 21:27:40 +02:00 |
|
Alexandre Aubin
|
93ee6371ae
|
refactoring: drop the complex redirection check which was meant to check the callback URLs ... this is to be handled in the future new portal (or whatever is going to implement the callback redirection logic)
|
2023-07-15 21:22:27 +02:00 |
|
Alexandre Aubin
|
02952d0202
|
Moar epic refactoring ... merge 'helpers.lua' inside 'access.lua' to reduce complexity ...
|
2023-07-15 19:51:31 +02:00 |
|
Alexandre Aubin
|
df094ea0e3
|
Cleanup unused stuff
|
2023-07-13 16:41:17 +02:00 |
|
motcha
|
429db4e2d5
|
Translated using Weblate (Japanese)
Currently translated at 100.0% (47 of 47 strings)
Translation: YunoHost/SSOwat
Translate-URL: https://translate.yunohost.org/projects/yunohost/ssowat/ja/
|
2023-07-12 01:35:13 +02:00 |
|
Alexandre Aubin
|
ea0bc8a89c
|
portalapi: propagate changes on the new API, decrypt the AES256-encrypted password found in user cookie to be able to construct the basic auth headers
|
2023-07-11 22:41:09 +02:00 |
|
Alexandre Aubin
|
40389a9aff
|
Merge pull request #213 from yunohost-bot/weblate-yunohost-ssowat
Translations update from Weblate
|
2023-07-11 16:34:00 +02:00 |
|
motcha
|
936ae051fc
|
Translated using Weblate (Japanese)
Currently translated at 100.0% (47 of 47 strings)
Translation: YunoHost/SSOwat
Translate-URL: https://translate.yunohost.org/projects/yunohost/ssowat/ja/
|
2023-07-11 00:51:19 +02:00 |
|
Weblate
|
2e2c37700b
|
Added translation using Weblate (Japanese)
|
2023-07-09 04:32:44 +02:00 |
|
Alexandre Aubin
|
5d207184fd
|
debian: we need lua-ldap >=1.3.1, version 1.3.0 is buggy
|
2023-06-13 14:33:33 +02:00 |
|
Alexandre Aubin
|
c0e38b19a0
|
rex_pcre is now rex_pcre2
|
2023-05-15 17:22:50 +02:00 |
|
Alexandre Aubin
|
8554e696f3
|
Merge pull request #211 from yunohost-bot/weblate-yunohost-ssowat
Translations update from Weblate
|
2023-05-08 15:47:31 +02:00 |
|
Neko Nekowazarashi
|
09914c6c4d
|
Translated using Weblate (Indonesian)
Currently translated at 100.0% (47 of 47 strings)
Translation: YunoHost/SSOwat
Translate-URL: https://translate.yunohost.org/projects/yunohost/ssowat/id/
|
2023-05-05 09:22:03 +02:00 |
|
Alexandre Aubin
|
5dd7c7269f
|
Update changelog for 12.0.0
|
2023-05-04 22:38:42 +02:00 |
|