Commits · faa8a699d393233542c31dff0dc110a38ad26560 · Luca (strifel) / uffd

Oct 02, 2021

Move User, Group and Mail models from LDAP to DB · 4a9c455f

Julian authored 3 years ago

* Removal of ldapalchemy and LDAP mocking support
* Removal of dependency on ldap3 (except for the migration)
* Remaining "LDAP_<name>" config keys are renamed to "<name>"
* Web interface to create, edit and delete groups
* Consistent foreign key, cascading and nullable configuration on all models
* User/Group.dn is replaced with numeric User/Group.id
* User.uid is renamed to User.unix_uid (to differentiate with new User.id)
* Group.gid is renamed to Group.unix_gid (to differentiate with new Group.id)
* All User/Group/Mail related routes now use the database ids instead of uid/gid/dn
* PasswordToken/MailToken now reference users directly instead of storing loginnames

The database migration (optionally) uses the v1 config keys to connect to
an LDAP server and to import all users, groups and mail forwardings.

4a9c455f

Sep 05, 2021

Refactor permission checking and differenciate login and selfservice access · e6df5bbe

Julian authored 3 years ago

Fixes #104.

Replaced "group" keyword argument for login_required with "permission_check".
Most views already define a *_acl_check function that returns whether the
current user has the required permissions for use with register_navbar. The
same function can now be passed to login_required as the "permission_check"
argument.

Differenciated login and selfservice access permissions. Previously
ACL_SELFSERVICE_GROUP was required to login. Now ACL_ACCESS_GROUP is required
to login and ACL_SELFSERVICE_GROUP is required to access selfservice functions
(and to use role-granting invite links). A user with just ACL_ACCESS_GROUP can
now login, access the services overview page and authenticate with OAuth2
services he has access to, but not change his user attributes, password or
roles/permissions.

e6df5bbe

Aug 30, 2021

Catch LDAPSASLPrepError on login · 3f6a67ea

Julian authored 3 years ago

Ldap3 raises LDAPSASLPrepError on bind if the password contains characters
forbidden by SASLPrep (string preperation/normalization algorithm for user
names and passwords). Examples are carriage return ("\r") or newline ("\n")
characters. See #100.

3f6a67ea

Jul 26, 2021
- Auto-convert loginnames to lowercase on login and password reset · e28b2f1f
  Julian authored 3 years ago
  
  For password reset this prevents circumventing the loginname/email-based ratelimit.
  e28b2f1f
- Rework of the tests · 9ff22abb
  sistason authored 3 years ago and Julian committed 3 years ago
  
  9ff22abb
Jul 23, 2021
- Implemented device login for OAuth2 authorizations · 2bb08aba
  Julian authored 3 years ago
  
  2bb08aba
Jun 13, 2021
- Replace get_current_user/is_valid_session with request.user · 0d48e6cb
  Julian authored 3 years ago
  
  0d48e6cb
May 01, 2021
- Add user-connection and proper connection teardowns · 13c4f75f
  sistason authored 3 years ago
  
  13c4f75f
Feb 15, 2021
- Add OpenLDAP support in unit tests · d8fc586c
  Julian authored 4 years ago
  
  d8fc586c
Nov 04, 2020
- handle LDAPPasswordIsMandatoryError in user_conn, closes #27 · 8cdadd69
  Julian authored 4 years ago
  
  8cdadd69
Nov 03, 2020
- Resolve "Rate Limits" · eb7e2911
  Julian authored 4 years ago
  
  eb7e2911
Oct 26, 2020
- Add a few unit tests as well as integration tests that cover almost all views.... · c0f281c0
  Julian authored 4 years ago
  
  Add a few unit tests as well as integration tests that cover almost all views. Also fixed a lot of HTML validator errors.
  c0f281c0