Commit graph

948 commits

Author SHA1 Message Date
Alexandre Aubin
0566f31c4b Auth header : apparently doesn't work as expect if password is emtpy, so let's add a dummy char 2024-01-30 17:44:26 +01:00
Alexandre Aubin
e9a335eaf7 Simplify/optimize url/acl matching algorithm : drop support for legacy lua regexes, only use regexes for actual regexes, otherwise use a simple 'startswith' check 2023-12-23 20:39:07 +01:00
Alexandre Aubin
493ba581bb Remove the part that injects the password inside the Authorization header ... in the vast majority of cases, only the username should be necessary and trusted by the app 2023-12-23 20:08:35 +01:00
Alexandre Aubin
f81ae9d5c5 Add a query string 'msg=access_denied' when denying access to a logged-in user, such that we may display it nicely on the frontend? 2023-11-28 19:59:13 +01:00
Alexandre Aubin
3336464481 auth: also confirm that the cookie was delivered for this domain (or parent) 2023-11-28 19:57:57 +01:00
Alexandre Aubin
6263195756 ew, /tabz/ 2023-11-28 19:26:03 +01:00
Alexandre Aubin
d6d775f0dc Uuuuh how was it even supposed to work eh 2023-11-28 19:14:19 +01:00
Alexandre Aubin
31a325dc8c Typoz 2023-11-28 19:14:19 +01:00
Alexandre Aubin
6223239e94 implement proper expiration/prolong mechanism for cookies 2023-11-28 19:14:19 +01:00
Alexandre Aubin
b0b128f53d Remove unused 'redirected_regex' mechanism, + we don't need the label and show_tile property on acls 2023-10-07 17:49:49 +02:00
Alexandre Aubin
8d2acdd174 Fix the boring case where the cookie secret doesnt exist yet 2023-10-06 14:44:05 +02:00
Alexandre Aubin
a3d54635e0 Prevent epic crash when domain_portal_urls or permissions are not defined in the conf 2023-10-03 19:58:55 +02:00
Alexandre Aubin
769f5f9cfa access.lua: add special 'default' key in 'domain_portal_urls' to handle case where we reach an unmanaged domain 2023-09-29 14:31:30 +02:00
Alexandre Aubin
cac360bee9 access.lua: move helper at the top with the other sugar stuff 2023-09-29 14:30:36 +02:00
Alexandre Aubin
99749decdc access.lua: rework again ACL check because the previous code sometimes ended up with error 500 because of permission = nil 2023-09-29 14:30:14 +02:00
Alexandre Aubin
12466db0d7 debian: we need lua-cjson, dependency for the jwt thing 2023-09-29 14:28:26 +02:00
Alexandre Aubin
aa7f607750 debian: we need lua-filesystem dependency 2023-09-28 19:31:13 +02:00
Alexandre Aubin
a2dc0bfb08 cleanup: remove dummy portal example 2023-09-27 20:35:57 +02:00
Alexandre Aubin
a130dec731 debian: propagate changes to install declarations 2023-09-27 20:35:35 +02:00
Alexandre Aubin
53700e72e9 Merge remote-tracking branch 'origin/dev' into bookworm 2023-09-27 20:34:04 +02:00
Alexandre Aubin
e6ffae75bd
Merge pull request #217 from YunoHost/portal-api
SSOwat epic refactoring / Portal API
2023-09-27 18:50:21 +02:00
Alexandre Aubin
e04e601455 Merge remote-tracking branch 'origin/bookworm' into portal-api 2023-09-27 18:49:28 +02:00
Alexandre Aubin
ea9e084688
Merge pull request #220 from selfhoster1312/lua-optimizations
portal-api: Optimization by caching & no check on public routes
2023-09-27 18:43:26 +02:00
Alexandre Aubin
46352e6a7f
fix cached_jwt_verify signature 2023-09-27 18:43:13 +02:00
Alexandre Aubin
809a2a93b6
Merge pull request #221 from orhtej2/pcre2
Fix helper for bookworm.
2023-09-08 19:59:28 +02:00
orhtej2
2880d1cfb9 Fix helper for bookworm. 2023-09-08 19:57:36 +02:00
selfhoster1312
5eff85928e Cache JWT crypto work, only check auth on non-public routes 2023-09-02 19:39:07 +02:00
Alexandre Aubin
38a6f23f38
Merge pull request #219 from yunohost-bot/weblate-yunohost-ssowat
Translations update from Weblate
2023-08-31 17:29:31 +02:00
ButterflyOfFire
79d0e7b497 Translated using Weblate (Kabyle)
Currently translated at 31.9% (15 of 47 strings)

Translation: YunoHost/SSOwat
Translate-URL: https://translate.yunohost.org/projects/yunohost/ssowat/kab/
2023-08-31 00:25:46 +02:00
Alexandre Aubin
5da36abb74
Merge pull request #215 from selfhoster1312/epic_refactoring
Do not 500 when a requested domain is not configured for SSOWat
2023-08-13 18:55:02 +02:00
selfhoster1312
5fcfd9ede6 Do not 500 when a requested domain is not configured for SSOWat 2023-08-13 18:17:52 +02:00
Tagada
1b44ec4898 Merge branch 'dev' into bookworm 2023-07-20 15:55:18 +02:00
Alexandre Aubin
1ac6388242 Misc fixes after tests on the battlefield 2023-07-18 01:26:56 +02:00
Alexandre Aubin
c68f90b83e Update changelog for 11.2 2023-07-17 16:34:57 +02:00
Alexandre Aubin
85591a5744
Merge pull request #214 from yunohost-bot/weblate-yunohost-ssowat
Translations update from Weblate
2023-07-17 15:48:29 +02:00
Alexandre Aubin
6044595ca1 Merge remote-tracking branch 'origin/dev' into epic_refactoring 2023-07-16 00:49:43 +02:00
Alexandre Aubin
24b7630d3c epic refactoring: refactor the 'portal url' logic, we shall now have a dict mapping domains to portal urls (which is anyway imposed by cookie management unless we reintroduce complex cross-domain authentication...) 2023-07-15 21:27:40 +02:00
Alexandre Aubin
93ee6371ae refactoring: drop the complex redirection check which was meant to check the callback URLs ... this is to be handled in the future new portal (or whatever is going to implement the callback redirection logic) 2023-07-15 21:22:27 +02:00
Alexandre Aubin
02952d0202 Moar epic refactoring ... merge 'helpers.lua' inside 'access.lua' to reduce complexity ... 2023-07-15 19:51:31 +02:00
Alexandre Aubin
df094ea0e3 Cleanup unused stuff 2023-07-13 16:41:17 +02:00
motcha
429db4e2d5 Translated using Weblate (Japanese)
Currently translated at 100.0% (47 of 47 strings)

Translation: YunoHost/SSOwat
Translate-URL: https://translate.yunohost.org/projects/yunohost/ssowat/ja/
2023-07-12 01:35:13 +02:00
Alexandre Aubin
ea0bc8a89c portalapi: propagate changes on the new API, decrypt the AES256-encrypted password found in user cookie to be able to construct the basic auth headers 2023-07-11 22:41:09 +02:00
Alexandre Aubin
40389a9aff
Merge pull request #213 from yunohost-bot/weblate-yunohost-ssowat
Translations update from Weblate
2023-07-11 16:34:00 +02:00
motcha
936ae051fc Translated using Weblate (Japanese)
Currently translated at 100.0% (47 of 47 strings)

Translation: YunoHost/SSOwat
Translate-URL: https://translate.yunohost.org/projects/yunohost/ssowat/ja/
2023-07-11 00:51:19 +02:00
Weblate
2e2c37700b Added translation using Weblate (Japanese) 2023-07-09 04:32:44 +02:00
Alexandre Aubin
5d207184fd debian: we need lua-ldap >=1.3.1, version 1.3.0 is buggy 2023-06-13 14:33:33 +02:00
Alexandre Aubin
c0e38b19a0 rex_pcre is now rex_pcre2 2023-05-15 17:22:50 +02:00
Alexandre Aubin
8554e696f3
Merge pull request #211 from yunohost-bot/weblate-yunohost-ssowat
Translations update from Weblate
2023-05-08 15:47:31 +02:00
Neko Nekowazarashi
09914c6c4d Translated using Weblate (Indonesian)
Currently translated at 100.0% (47 of 47 strings)

Translation: YunoHost/SSOwat
Translate-URL: https://translate.yunohost.org/projects/yunohost/ssowat/id/
2023-05-05 09:22:03 +02:00
Alexandre Aubin
5dd7c7269f Update changelog for 12.0.0 2023-05-04 22:38:42 +02:00