YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity
10205 commits 33 branches 409 tags 24 MiB
Commit graph

30 commits

Author SHA1 Message Date
selfhoster1312
5e406a55fa Allow users to access their own domain portal without app permission 2024-05-07 12:04:49 +02:00
Alexandre Aubin
99e252107f Dafuq Aleks, we do need to send the SSO cookie on all route not just the portal API route 2024-02-04 15:18:48 +01:00
Alexandre Aubin
6a3c77eda1 auth: restrict cookies to the appropriate api 2024-02-03 17:29:19 +01:00
Alexandre Aubin
570a22a31c Make linters happy 2023-12-27 04:28:08 +01:00
Alexandre Aubin
7f02fcd985 portalapi/sso: add a first bunch of unit tests 2023-12-27 02:41:24 +01:00
Alexandre Aubin
2be1dccb91 mypy doesn't like the function attribute trick 2023-12-22 00:34:15 +01:00
Alexandre Aubin
6022be5ff1 Prevent unecessary import resulting in catastrophies + lazy-load the session secrets 2023-12-22 00:25:08 +01:00
Alexandre Aubin
38b3cfddd8 quality: make linter gods happy 2023-12-22 00:00:49 +01:00
Alexandre Aubin
c19e2b7b19 auth/portal/acl: allow admins to log on any main domain 2023-12-21 23:52:04 +01:00
Alexandre Aubin
746433c5d1 Whoopsies 2023-12-21 19:48:57 +01:00
Alexandre Aubin
d0f1d9201c auth/portal/acl : add 'user is allowed for domain X' mechanism, such that users can't log in or add mail aliases for a domain they aint allowed to access. The fact that they are able to access a domain is derived from the fact that they have access to at least one app on that domain (actually .. we may want to bypass this check for admins, otherwise this is gonna be hella confusing for fresh intalls). 2023-12-21 18:36:15 +01:00
Alexandre Aubin
9a45a6ccf2 auth/quality: replace os.path stuff with Path from pathlib 2023-12-21 17:18:06 +01:00
Alexandre Aubin
3922ba9c68 Implement similar cookie mechanism for admin api (compared to portal) with static secret (cookies aint invalidated by api restart) and rolling session validity 2023-12-19 20:01:40 +01:00
axolotle
3f320a2358 portal:auth: samesite=None in dev mode 2023-11-30 14:04:13 +01:00
axolotle
246c513796 portal:auth: remove touch in delete_session_cookie 2023-11-29 14:32:11 +01:00
Alexandre Aubin
9a4b0e422d quality: unused import, missing import 2023-11-28 20:19:06 +01:00
Alexandre Aubin
356c081a4f portalapi: implement a proper expiration/prolong mechanism for session cookies 2023-11-28 18:40:49 +01:00
axolotle
4a270b88b6 quality: fix lint + some formatting 2023-11-26 17:42:48 +01:00
axolotle
d65cca5ab1 portal: fix decode error 2023-10-17 14:15:59 +02:00
axolotle
0645d18e67 add host as session cookie info 2023-09-04 16:19:07 +02:00
selfhoster1312
101b5704c4 Serialize the JWT token to a cookie string instead of failing 2023-08-15 12:23:56 +02:00
selfhoster1312
6f8b3fd57f Handle both cookies in the same way (please let me logout) 2023-08-13 23:11:31 +02:00
Alexandre Aubin
704e42a6af portalapi: fix cookie not being deleted because maxage=-1 or something 2023-07-29 19:13:00 +02:00
Alexandre Aubin
ec96558c81 portalapi: add FIXMEs about auth layer 2023-07-15 20:07:18 +02:00
Alexandre Aubin
6c6dd318fb portalapi: implement encrypted password storage in the user's cookie using AES256 2023-07-11 22:39:22 +02:00
Alexandre Aubin
9a5080ea16 portalapi: fix split or user/password in auth code 2023-07-11 17:49:25 +02:00
Alexandre Aubin
45baaead36 Fix typo + unused import 2021-12-26 18:22:33 +01:00
Alexandre Aubin
62808152ee Cookie handling for the new portal API 2021-12-26 16:52:48 +01:00
Alexandre Aubin
1efb50c7ab Iterate on new portal API design: nginx config, cookie format, be able to open a non-root ldap session, 2021-12-25 15:44:14 +01:00
Alexandre Aubin
2845914d44 WIP: foundation for a new portal API to partially replace SSOwat 2021-12-04 03:27:23 +01:00