Commit graph

152 commits

Author SHA1 Message Date
Félix Rohrlich
36c73dd3ef Merge branch '173-intruder-lockout-2' into 'main'
Implement intruder lockout

Closes #173

See merge request yaal/canaille!194
2024-12-16 15:32:21 +00:00
Éloi Rivard
9fff4e1f7f
doc: fix invalid references 2024-12-12 22:03:10 +01:00
Éloi Rivard
a299bb92ba
feat: basic SCIM server implementation 2024-12-11 17:35:16 +01:00
Félix Rohrlich
80ef1741a7 feat : Added intruder lockout login delay 2024-12-10 14:23:11 +01:00
Félix Rohrlich
6d48ce9043 feat: Added email OTP authentication 2024-12-10 11:27:18 +01:00
Félix Rohrlich
c8e774ab46 refactor: moved reset-mfa cli function and added documentation and test cases for it 2024-12-10 11:27:18 +01:00
Félix Rohrlich
b01e8323d8 feat : Added HOTP authentication and CLI Multi-factor authentication reset 2024-12-10 11:27:18 +01:00
Félix Rohrlich
74e0c8d635 feat : Added time one-time password (TOTP) authentication 2024-12-10 11:27:18 +01:00
Éloi Rivard
e576a51554
doc: avoid ending sentences with :: 2024-12-08 11:36:38 +01:00
Éloi Rivard
662f60af86
fix: attribute types detection 2024-12-06 17:55:22 +01:00
Éloi Rivard
5bc438d21d
feat: implement OIDC client_credentials flow 2024-12-06 15:09:25 +01:00
Éloi Rivard
19159c5a80
refactor: use @example.com for email placeholders 2024-11-20 23:42:58 +01:00
Éloi Rivard
cd398ffa0a
chore: use the .example domain in placeholders 2024-11-20 14:19:25 +01:00
Éloi Rivard
a012814eca
chore: enable flake8-bugbear ruff rules 2024-11-07 11:44:29 +01:00
Éloi Rivard
6a6350e368
fix: with LDAP backend, edition the admin group would fail
The `match_filter` method evaluate filters, and queries objects from their ids.
The value was stored in the `filter` arg, but being a dict it was
re-used during the following calls of `match_filter`.
After editing the `admin` group (by adding or removing an user), a new page is displayed, and as always it checks the user permissions.
The user permission check would call `match_filter` then compare an
updated version of the admin group (with one less or one new user) with
an unfortunate *cached* version in the `match_filter` `filter` arg.
With the SQL or the memory backend the comparision would be successful,
but it is not with the LDAP backend.
This resulted in permission loss for users after editing the `admin`
group. Being a method default value edited, it would remain until the
Canaille service was reloaded.

Related to https://stackoverflow.com/questions/1132941/least-astonishment-and-the-mutable-default-argument
2024-11-06 15:00:57 +01:00
Éloi Rivard
0b51b01031
refactor: apply ruff migrations for python 3.10+ 2024-10-28 09:13:00 +01:00
Éloi Rivard
86623f6690
refactor: remove useless de-indexation code in MemoryBackend
de-indexation was already achieved with the previous loop
2024-09-19 17:39:24 +02:00
Éloi Rivard
cfabcc485c
chore: automitaclly fix typos 2024-09-11 09:33:42 +02:00
Éloi Rivard
35fab7d321
fix: LDAP backend rdn_value could try to strip a None value 2024-07-25 17:39:40 +02:00
Éloi Rivard
e5328837fd
chore: pre-commit upgrade 2024-07-25 16:47:45 +02:00
Éloi Rivard
25f2b6dedd
feat: model management commands 2024-05-13 14:16:14 +02:00
Éloi Rivard
5beee67a61
fix: User group deletion without reading User.groups with LDAP backend 2024-05-12 22:28:32 +02:00
Éloi Rivard
4e99eaecea
tests: remove SQLAlchemy warnings on double deletions 2024-05-07 16:19:50 +02:00
Éloi Rivard
851b383117
refactor: move listify from MemoryBackend to MemoryBackend 2024-05-03 22:25:21 +02:00
Éloi Rivard
cc9ed335cc
refactor: move MemoryBackend indexation logic into MemoryBackend 2024-05-03 22:25:21 +02:00
Éloi Rivard
16c3021a8f
refactor: Rename BaseBackend in Backend 2024-05-03 22:25:20 +02:00
Éloi Rivard
6ff591b91c
refactor: Move __html__ from BackendModel to Model 2024-05-03 22:25:20 +02:00
Éloi Rivard
b2d5f8d3a1
refactor: move BackendModel.update to Backend.update 2024-05-03 22:25:20 +02:00
Éloi Rivard
473a262ea2
refactor: move BackendModel.reload to Backend.reload 2024-05-03 22:25:20 +02:00
Éloi Rivard
2ccdaeadf6
refactor: move BackendModel.delete to Backend.delete 2024-05-03 22:22:08 +02:00
Éloi Rivard
09588e0f48
refactor: move BackendModel.save to Backend.save 2024-05-03 22:22:06 +02:00
Éloi Rivard
44573713ed
refactor: move BackendModel.get to Backend.get 2024-05-03 21:54:03 +02:00
Éloi Rivard
ccde88b1bf
refactor: BackendModel.get() is now Backend.instance 2024-05-03 21:46:28 +02:00
Éloi Rivard
fa6488bcd1
refactor: move BackendModel.fuzzy to Backend.fuzzy 2024-05-03 21:42:55 +02:00
Éloi Rivard
8425b2a3b8
refactor: move BackendModel.query to Backend.query 2024-05-03 21:42:54 +02:00
Éloi Rivard
93fa708b1c
refactor: move LDAPObjectQuery in its own file 2024-05-03 21:36:15 +02:00
Éloi Rivard
69b565e1ad
refactor: LDAP backend tolerates double deletions 2024-04-28 16:18:36 +02:00
Éloi Rivard
dc89a20b11
chore: configure ruff 2024-04-23 22:12:04 +02:00
Éloi Rivard
256566df94
refactor: Model identifier_attributes are fixed. 2024-04-22 20:04:24 +02:00
Éloi Rivard
9c86f5e9af
refactor: Use annotations to mark model attributes 2024-04-21 11:48:39 +02:00
Éloi Rivard
6601abaeb4
refactor: memory model clears its cache when reading a model 2024-04-17 10:51:53 +02:00
Éloi Rivard
0ba1c93152
chore: add typing to Model._attributes 2024-04-17 09:03:54 +02:00
Éloi Rivard
d9d5c85b51
refactor: memory backend clears its cache on save() calls 2024-04-12 10:55:24 +02:00
Éloi Rivard
6e26656cc4
tests: move test_model_references_set_unsaved_object to the ldap tests directory 2024-04-12 10:49:56 +02:00
Éloi Rivard
fe2665ae32
fix: LDAP user group removal 2024-04-08 14:15:28 +02:00
Éloi Rivard
cbde5ba7b7
fix: LDAP objectClass guessing exception 2024-04-08 11:00:36 +02:00
Éloi Rivard
8c16a9dd6d
fix: Lazy permission loading exception 2024-04-08 10:50:37 +02:00
Éloi Rivard
fbbcd2fe78
fix: saving an object with the LDAP backend keeps the objectClass un-managed by Canaille 2024-04-08 10:29:47 +02:00
Éloi Rivard
fecfcfa8f3
refactor: factorize Model.__html__ 2024-04-07 20:23:43 +02:00
Éloi Rivard
702eec7aca
fix: MemoryModel.model_attribute type hint 2024-04-07 20:21:30 +02:00