github/paralus
1
0
Fork 0
mirror of https://github.com/paralus/paralus.git synced 2026-05-06 16:36:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
345 Commits 39 Branches 21 Tags
7bb0bf565cf4c69ac62f636edfeb529c5e88fae8
Commit Graph

345 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Akshay Gaikwad
7bb0bf565c CI(Release): Build image on push to main branch 
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
 2022-05-26 12:52:00 +05:30
Nirav Parikh
d6bff5ed26 Merge pull request #147 from RafayLabs/forgot-password 
Create endpoint to generate recovery link
 2022-05-25 10:25:46 +05:30
Nirav Parikh
691d94e841 Merge pull request #140 from RafayLabs/kratos-oidc-mapper-configs 
Added mapper configs for known OIdC providers
 2022-05-24 14:07:27 +05:30
Abin Simon
aa4bea1654 Fix tests for user delete 2022-05-24 12:37:50 +05:30
Abin Simon
446ae18798 Don't let users delete their own accounts 2022-05-24 12:27:41 +05:30
Abin Simon
c576932eda Create /user/:username/forgotpassword endpoint 2022-05-24 12:08:37 +05:30
Nirav Parikh
2bca7b4624 Merge pull request #141 from RafayLabs/fix-audit-stuff 
More fixes
 2022-05-23 12:28:07 +05:30
Abin Simon
bebffe2c25 Changes to support audit log change in prompt 2022-05-20 15:02:18 +05:30
Akshay Gaikwad
01c84a6275 Change fallback name to "Rafay User" for OIDC users 
When name cannot fetched from the OIDC response, the default name set
to "Rafay User".
 2022-05-20 12:23:34 +05:30
Akshay Gaikwad
2a0354dbb6 Added mapper configs for known OIdC providers 
- These mapper configs are prefilled in the UI automatically.
- Removed description from required in Kratos identity schema.
 2022-05-20 12:18:12 +05:30
Abin Simon
bdc1052662 Cleanup some TODO items 2022-05-20 11:27:29 +05:30
Abin Simon
4d9d8dc4cf Fix user test with compound filtering 2022-05-20 10:53:21 +05:30
Abin Simon
aabf2e600e Fix group filter for users 
The following could be used as an optimisation when we are filtering
just by user, but decided to omit as of now.

```
usrs, err = dao.ListFilteredUsersWithGroup(ctx, s.db,
    []uuid.UUID{}, groupId, queryOptions.Q, queryOptions.Type,
    queryOptions.OrderBy, queryOptions.Order,
    int(queryOptions.Limit), int(queryOptions.Offset))
```
 2022-05-20 10:29:35 +05:30
Abin Simon
6d3aef400a Add auth to missing rest endpoints 2022-05-20 10:29:34 +05:30
Abin Simon
60dda7cb3c Switch to default UI port 3000 in kratos debug conf 2022-05-20 10:29:34 +05:30
Abin Simon
6e2d7bb7b1 Update audit default prefix 2022-05-20 10:29:34 +05:30
Abin Simon
ed93614e97 Enable grpc reflection if using dev 2022-05-20 10:29:34 +05:30
Abin Simon
68bd13b891 Use projcts instead of projectids for search 2022-05-20 10:29:34 +05:30
Abin Simon
2cdb45e6e9 Update audit logs to use project name instead of id 2022-05-20 10:29:34 +05:30
Abin Simon
0d6269bf4e Add groups to audit logs 2022-05-20 10:29:34 +05:30
Nirav Parikh
550398d212 Merge pull request #139 from RafayLabs/user-listing-fix 
Fix user listing
 2022-05-20 10:15:33 +05:30
Abin Simon
dd3a1fd4b1 Fix tests for user list fetch 2022-05-19 14:58:49 +05:30
Abin Simon
a6a3e20738 Fix user listing 2022-05-18 15:13:54 +05:30
Nirav Parikh
0d828f1272 Merge pull request #134 from RafayLabs/idp-groups-and-updating-same 
Add IdP groups in Identities table
 2022-05-17 19:09:43 +05:30
Akshay Gaikwad
d26dfa5e55 Fix: go formatting 2022-05-17 13:20:10 +05:30
Akshay Gaikwad
2e4d802995 Fix: Type assertion error on IdPGroups 2022-05-17 13:16:59 +05:30
Abin Simon
5c68a33537 Prevent combining idp and managed groups 2022-05-13 16:24:58 +05:30
Abin Simon
ed81980a7f Merge pull request #136 from RafayLabs/oidc-provider-update-secret-issuer 
[OIdC Provider] Return client secret on GET requests
 2022-05-13 13:50:55 +05:30
Abin Simon
f3de101f94 Update User spec to include IDPGroups 2022-05-13 13:37:07 +05:30
Akshay Gaikwad
f604768865 [OIdC Provider] Return client secret on GET requests 
- Returns client secret on GET request, so that when UI made
modification to OIdC provider, it should be able to send back the
client secret to PUT request.
- Fix issuer url validation when udpate.
 2022-05-12 19:15:10 +05:30
Akshay Gaikwad
a0424f4000 Modify groupaccount table instead of just policy rules 2022-05-12 18:11:10 +05:30
Abin Simon
51db33f8b9 Merge pull request #133 from RafayLabs/fix-prompt-access 
Ignore unnecessary error checks
 2022-05-12 18:01:48 +05:30
Akshay Gaikwad
5e7fc110b2 Add IdP groups in Identities table 
The idp_groups is list of groups IdP user belongs to that is returning
in the OIdC providers token response. The flow of Idp Group mapping is
as follows:
    OIdC Provider (OP) return custom claim with groups in a token when
    authentication event
        |
    The value of custom claim is mapped to `idp_groups` of identity
    traint using JsonNet mapper.
        |
    On inserting/updating/deleting `identities` table, Postgresql
    sends a pg_notification with
    `PG_OPERATION,IDENTITY_ID,IDENTITY_TRAIN` as a payload.
       |
    The `pkg/service/user.UserService.UpdateIdpUserGroupPolicy` update
    the casbin policies for each notification based on payload received.
 2022-05-12 12:32:30 +05:30
akshay196-rafay
da1d8c9331 Merge pull request #131 from RafayLabs/oidc-improvements 
OIDC Provider improvements
 2022-05-12 11:29:13 +05:30
Akshay Gaikwad
243c7645b5 Remove file:// from OIDC urls validation 2022-05-12 11:10:56 +05:30
Abin Simon
7e025813d9 Drop unnecessary error checks 2022-05-11 17:17:36 +05:30
Abin Simon
cfccc1f55c Merge pull request #132 from RafayLabs/remote-auth 
Add auth service
 2022-05-10 10:44:21 +05:30
Abin Simon
5b5d099abd Improve auth service 2022-05-10 09:28:42 +05:30
Abin Simon
34ff1f6e32 Add auth service 2022-05-09 10:13:05 +05:30
Akshay Gaikwad
a308b59b07 OIdC Provider: Replace new client secret on Update provider request 2022-05-06 13:00:46 +05:30
Akshay Gaikwad
1f1d04ac29 OIdC Provider: Validate Urls 
The mapperUrl, issuerUrl, authUrl and tokenUrl supports file://,
http(s):// and base64:// urls.
 2022-05-06 12:31:19 +05:30
Akshay Gaikwad
38a2dd50cd OIdC Provider: Deny duplicate Issuer Url 
Duplicate email from different provider applications with same issuer
url cause problems.
 2022-05-06 12:09:59 +05:30
Akshay Gaikwad
eb0b7d3ef2 Provision to create new oidc provider with same name that of deleted 
When we soft delete oidc provider entry which we are doing for delete
provider API endpoint, we cannot create new oidc provider entry with a
same name due to unique constraint violation on name. Applying unique
constraint to name,trash will allow to create new oidc provider entry
with a same name, but fail on deleting that entry because it violates
unique constraint. Hence this commit adds unique constraint
to (id,name) combined.
 2022-05-06 11:31:48 +05:30
Abin Simon
721f995db6 Merge pull request #129 from RafayLabs/hasher-upd 
removing references to sensitive hash information
 2022-05-05 11:11:16 +05:30
niravparikh05
cb485e426e removing references to sensitive hash information 2022-05-03 17:19:10 +05:30
Nirav Parikh
a26a54574d Merge pull request #128 from RafayLabs/oidc-updates 
fixes to callback url and associate default org admin group to role
 2022-05-03 17:09:27 +05:30
niravparikh05
27b2b2f8d9 fixes to callback url and associate default org admin group to role 2022-05-03 13:08:23 +05:30
Nirav Parikh
597be0538e Merge pull request #127 from RafayLabs/synchronizer-udpate 
[synchronizer] Run once before start listening for database udpate
 2022-05-03 13:05:30 +05:30
Nirav Parikh
d0bae84476 Merge pull request #126 from RafayLabs/fix-tests 
Fix tests
 2022-05-03 13:04:02 +05:30
Akshay Gaikwad
6fda5831ee [synchronizer] Run once before start listening for database udpate 
At a time of restarting Kratos pod, we noticed to update the Kratos
config we need modify something in IdP UI to trigger the
synchronizer. Instead this change will run synchronizer initially so
it will update Kratos config with database IdP entries if any.
 2022-05-03 12:50:32 +05:30