mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-04 11:19:39 -06:00
Code Issues Packages Projects Releases Wiki Activity
6,085 Commits 52 Branches 39 Tags
15080fc5e6cb35d31cca7ca97615874c034d5899
Commit Graph

55 Commits

Author SHA1 Message Date
David Christofas
f6ac50244b update invocations of MintToken and DismantleToken 2021-05-11 14:18:43 +02:00
David Christofas
c532073dd1 remove JWT from logs 
secrets should not be exposed in the logs
 2021-03-03 15:30:11 +01:00
David Christofas
cfcd4b5992 resolve linter issues 2021-02-26 14:24:25 +01:00
David Christofas
7ad38d7757 fix token cache TTL 
The TTL was supplied to the middleware as a duration and then in that middleware multiplied by `time.Second` again. Durations should not be multiplied because they result in unintended values.
```go
	time.Second * 1 = 1s
	time.Second * time.Second = 277777h46m40s
```
 2021-02-22 18:40:15 +01:00
Pascal Wengerter
d7b1ecb3dc Change (ocis,OCIS) to oCIS, unify GitHub branding 2021-01-28 00:32:47 +00:00
Florian Schade
af870e005e add more tests and benchmark for cache 
refactor cache to use atomic uint
 2021-01-19 23:23:41 +01:00
Florian Schade
f13530425a move cache to sync package 
rollback indexer map
use sync.pool for cache entries
add tests for cache
remove main locks from nrwmutex and use sync.map and sync.pool instead
bump dockerfile go version
 2021-01-19 23:23:41 +01:00
Florian Schade
a02fb890f7 remove locking from accounts service 
add a cached named rwlock pkg
use sync.map in the cache pkg
use named rwlock in indexer pkg
use sync.map in indexer pkg
remove husky
 2021-01-19 23:23:41 +01:00
Ilja Neumann
cd2eb0e39b Accounts UserBackend tests 2020-12-22 17:27:55 +01:00
Ilja Neumann
1b29e56d12 account_resolver_test.go 2020-12-22 16:16:57 +01:00
Ilja Neumann
92a1bc8fb6 Make it possible to use CS3 as accounts backend instead of account-service 
Configureable via:
PROXY_ACCOUNT_BACKEND_TYPE=cs3
PROXY_ACCOUNT_BACKEND_TYPE=accounts (default)

By using a backend which implements the CS3 user-api (currently provided by reva/storage) it is possible to bypass
the ocis-accounts service and for example use ldap directly.

Hides user and auth related communication behind a facade (user/backend) to minimize logic-duplication across middlewares.
Allows to switich the account backend from accounts to cs3.

Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2020-12-11 18:34:43 +01:00
Alex Unger
beb83f3f40 Merge pull request #1025 from owncloud/remove-unused-errors 
Remove unused errors
 2020-12-04 18:46:51 +01:00
Ilja Neumann
61a8f00837 Remove unused errors 2020-12-04 15:50:22 +01:00
A.Unger
2cddc0a23c fix leftover typo 2020-12-04 13:53:34 +01:00
A.Unger
f1521e4df7 refactor authentication.go 2020-12-04 13:51:48 +01:00
A.Unger
7d8336ce4b use regexp to assert routes, remove StatusRecorder 2020-12-04 13:17:25 +01:00
A.Unger
9a253370e8 export StatusRecorder 2020-12-03 12:22:35 +01:00
A.Unger
c89ead3fc5 fix linter 2020-12-03 12:19:49 +01:00
A.Unger
e4974e020d minimal refactor 2020-12-02 15:51:39 +01:00
A.Unger
2910e88ba5 ugly working draft 2020-12-02 15:31:17 +01:00
A.Unger
752cd4f626 first draft for configuring user agent multiplex on ocis 2020-12-02 12:04:09 +01:00
A.Unger
28e8f75ebd whitelist depending on the URI 2020-12-01 17:10:04 +01:00
A.Unger
348c54f2e7 write www-authenticate and delegate to reva 2020-12-01 16:57:36 +01:00
A.Unger
5cb359d877 WIP 2020-11-30 17:19:03 +01:00
Jörn Friedrich Dreyer
dbb52f29ad Merge pull request #958 from owncloud/basic-auth-cache 
implement basic auth cache
 2020-11-26 17:33:47 +01:00
Florian Schade
cb2e2a3896 add changelog 
remove unused mux
cleanup k6 test
 2020-11-26 14:46:44 +01:00
Florian Schade
11ba46eb88 remove accounts cache from basic auth middleware 
move cache to ocis-pkg
add password validation cache to accounts service
 2020-11-26 13:52:24 +01:00
Florian Schade
e334759874 implement basic auth cache 2020-11-26 10:33:46 +01:00
Florian Schade
ab85245093 fix oidc middleware provider lazy initialization 2020-11-25 22:50:11 +01:00
Benedikt Kulmann
bc6227e8fd Fix test 2020-11-21 07:58:19 +01:00
Benedikt Kulmann
edc252e1a0 Add option to disable signing keys in the proxy 2020-11-20 16:04:22 +01:00
David Christofas
2f69265a66 add permission check to role management 2020-11-18 16:30:51 +01:00
Phil Davis
a643ad4acd Merge pull request #886 from owncloud/show-basic-auth-warning-on-startup-only 
Show basic_auth warning only on startup
 2020-11-18 19:25:33 +05:45
Ilja Neumann
79e7f85a57 Show basic_auth warning only on startup 2020-11-18 12:51:41 +01:00
Benedikt Kulmann
08e218aa3e Use expiration from access token if available 2020-11-18 12:08:23 +01:00
Benedikt Kulmann
a410d40166 Make userinfo cache configurable 2020-11-18 11:15:51 +01:00
Benedikt Kulmann
f1082ca033 Fix comments 2020-11-18 08:48:38 +01:00
Benedikt Kulmann
b136966b51 Move claim retrieval (from endpoint or cache) into function 2020-11-17 17:25:48 +01:00
Benedikt Kulmann
a5c09453b9 First implementation for userinfo cache without config 2020-11-17 17:10:14 +01:00
Benedikt Kulmann
3600d17eba Fix basic auth middleware for public links context 2020-11-17 12:39:56 +01:00
Benedikt Kulmann
1bcdf15bde Remove already implemented TODO 2020-11-17 12:23:40 +01:00
Benedikt Kulmann
f721caac90 Fix logs messages 2020-11-17 12:19:59 +01:00
Florian Schade
982223c7be fix signedURL expiry validation 2020-11-17 11:32:12 +01:00
Florian Schade
8be5323276 linting and other cleanups 2020-11-17 11:32:12 +01:00
Florian Schade
f8aa1a5e08 refactor middlewares and reduce technical complexity 
restructure server command and remove cfg.OIDC.Issuer switch, oidc middleware detects now if it should used or not
fix #761
 2020-11-17 11:32:12 +01:00
Jörn Friedrich Dreyer
54c78adcb3 pass on basic auth for public links 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2020-11-05 13:06:05 +01:00
Jörn Friedrich Dreyer
6f46e1bccb use the account.id as ocis userid, tests 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2020-11-05 13:06:05 +01:00
Jörn Friedrich Dreyer
b288fae10a update tests, forward failed basic auth to render correct error body 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2020-11-05 13:06:05 +01:00
Jörn Friedrich Dreyer
fbfa05e9b6 always return 401 when auth fails 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2020-11-05 13:06:05 +01:00
Jörn Friedrich Dreyer
cbbf31a7ce end requesrt when basic auth fails 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
 2020-11-05 13:06:05 +01:00