ff6674f97b
Fix fallout of reva bump
...
reva tries to avoid copying proto messages now. This changed some calls
to take pointers now (mainly e.g. FormatResourceId())
2024-07-11 15:21:56 +02:00
60741472ac
Apply suggestions from proof reading
...
Co-authored-by: Martin <github@diemattels.at >
2024-07-08 09:32:23 +02:00
bda35131bd
proxy: Document automatic user and group provisioning
...
Closes : #9193
2024-07-08 09:32:23 +02:00
0d65908e82
autoprovisioning: sync group memberships
...
Add support for autoprovisioning group memberships from OIDC claims.
Users are added to and removed from groups based on the value of an OIDC
claim. If a group does not exist, it is created.
Closes : #5538
2024-07-08 09:32:23 +02:00
eac5eaea8f
Add the backchannel logout event
2024-06-25 12:13:24 +02:00
949c5d0848
enhancement(activitylog): enhance activitylog graph endpoint
...
- make use of libregraph artifacts
- add a basic activity kql ast parser
2024-06-24 16:23:54 +02:00
882689549f
feat(activitylog): add api
...
Signed-off-by: jkoberg <jkoberg@owncloud.com >
2024-06-24 16:23:54 +02:00
b04f3209d4
chore: prepare release, bump version
2024-06-19 19:45:57 +02:00
ccb8228edd
fix: bump upstream sec middleware
2024-06-10 17:20:38 +02:00
b892a9ab28
Merge pull request #9312 from owncloud/var-placeholders
...
docs: use placeholder for next release
2024-06-05 21:36:25 +02:00
03bd1d5272
fix: CSP frame-src to enable PDF viewing ( #9313 )
2024-06-04 14:29:21 +02:00
5d99688161
docs: use placeholder for next release
2024-06-04 10:28:42 +02:00
c7281599d4
replacement for TokenInfo endpoint
2024-05-28 09:29:08 +02:00
2440ccb8b9
fix(autoprovision): fixup the service name of the graph service
...
This is a fixup for commit 799b12b8ddCloses : #9258
2024-05-27 14:00:46 +02:00
7b47d55837
Merge pull request #9149 from owncloud/correct-servicenames
...
fix service names for userlog, graph, invitations, sse and web
2024-05-24 10:40:31 +02:00
9bc958e8be
fix: token refresh in single binary and wopi deployment example ( #9167 )
2024-05-16 18:20:18 +02:00
7ca8391ce2
feat(proxy): Update selected attributes of autoprovisioned users
...
When autoprovisioning is enabled, we now update autoprovisioned users when their
display name or email address claims change.
Closes : #8955
2024-05-15 13:30:45 +02:00
ad4b3fc55c
proxy(autoprovision): Save the subject and issuer claims when creating a user
...
We now use the graph user's identities property to store the subject and issuer claims
when autoprovisioning a user. The attrbute is not really used anywhere yet, but will
allow us to detect renames and other changes in the future.
Closes : #8956
2024-05-13 17:22:37 +02:00
799b12b8dd
fix service names for userlog, graph, invitations, sse and web
...
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
2024-05-13 17:04:01 +02:00
6356be8d51
Merge pull request #8952 from rhafer/issue/8635
...
Autoprovsioning fixes
2024-05-02 16:06:45 +02:00
a8cbc612cc
chore: remove unused return value from BindSourcesToStructs ( #9033 )
2024-04-30 18:18:31 +02:00
4f7480d322
feat: drop github.com/a8m/envsubst in favor of gookit/config ( #9028 )
2024-04-30 18:05:58 +02:00
54bb4b44b0
chore: Fix some linter complaints
2024-04-30 17:09:21 +02:00
0da7eccd1d
fix(autoprovision): make email optional
...
The mail address is not a required attrbute for our users. So we can auto-provision users without it.
Fixes : #6909
2024-04-30 17:09:21 +02:00
741dce501b
enhancement(autoprovision): Allow to configure which claims to use for auto-provisioning user accounts
...
When auto-provisioning user accounts we used a fixed mapping for claims
for the userinfo response to user attributes. This change introduces
configuration options to defined which claims should be user for the
username, display name and email address of the auto-provisioned
accounts.
This also removes the automatic fallback to use the 'mail' claim as the
username when the 'preferred_username' claim does not exist.
Fixes : #8635
2024-04-30 17:09:19 +02:00
bdbba929d0
feat: add CSP and other security related headers in the oCIS proxy service ( #8777 )
...
* feat: add CSP and other security related headers in the oCIS proxy service
* fix: consolidate security related headers - drop middleware.Secure
* fix: use github.com/DeepDiver1975/secure
* fix: acceptance tests
* feat: support env var replacements in csp.yaml
2024-04-26 09:10:35 +02:00
f8f864e566
always initialize http handler
...
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
2024-04-24 10:39:12 +02:00
8d5a0c6dd8
fix(public-share-auth): allow to create new documents in public share folder
...
The public share authentication middleware only allowed to open existing documents
the /app/new route was missing.
Fixes #8691
2024-04-15 16:35:13 +02:00
07f0cd5574
fix: typos, naming clashes, error messages and deprecations
2024-04-03 15:34:36 +02:00
5cc286b8ef
incorporate requested changes
...
Signed-off-by: Christian Richter <crichter@owncloud.com >
2024-03-19 08:38:54 +01:00
d31f5b9e15
remove obsolete comment
...
Signed-off-by: Christian Richter <crichter@owncloud.com >
2024-03-18 16:56:10 +01:00
29549fade7
kill oidc well known middleware and move it to static route
...
Signed-off-by: Christian Richter <crichter@owncloud.com >
2024-03-18 16:56:10 +01:00
1323a554bc
move static routes to seperate package
...
Signed-off-by: Christian Richter <crichter@owncloud.com >
2024-03-18 16:56:10 +01:00
49a2202bdf
chore: set introductionVersion 5.0 in services/proxy
2024-03-06 17:50:21 +05:45
9d2be66a85
chore: add introductionVersion pre5.0 to environment variable docs
2024-03-06 17:50:20 +05:45
2dce3e997d
Merge pull request #8546 from owncloud/verify-service-accounts-are-set
...
verify all system accounts are set
2024-02-29 17:29:08 +01:00
972adafd29
verify all system accounts are set
...
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
2024-02-29 15:51:37 +01:00
643d4ccbfb
fix: change default config for the role mapping
2024-02-28 12:04:57 +01:00
26136f8f81
drop store service in favor of a micro store implementation ( #8419 )
...
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
2024-02-26 16:08:03 +01:00
3d3f8949f5
Bump mockery to 2.40.2
...
to address issues when building with go1.22:
https://github.com/vektra/mockery/pull/753
2024-02-09 11:48:45 +01:00
b12cff1016
fix: properly check expiry and verify signature of signed urls ( #8385 )
...
fix: signed url expiry validation only checks for expiry and not for used before
2024-02-07 15:44:33 +01:00
07860ef8e7
Fix some fallout of recent mockery changes ( #8341 )
...
* Fix mockery setup for graph service
Add missing interfaces to .mockery.yaml. Use existing mocks from protogen
where possible. Remove remaining //go:generate call.
* Add mockery config for settings service
* Add mockery config for proxy service
2024-02-01 21:09:01 +01:00
fad94d2038
bump mockery, add test stub for oidc_auth.go, align mock generation ( #8321 )
...
* bump mockery, add test stub for oidc_auth.go
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
* use .mockery.yaml for all mocks
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
* drop legacy go:generate mockery
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
* align mock placement
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
---------
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
2024-02-01 10:07:44 +01:00
45d1936384
verify expiry of cached claims ( #8310 )
...
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de >
2024-01-31 14:58:18 +01:00
60a67d7b0a
Fix proxy debug env name
2024-01-19 10:29:33 +01:00
158e27d31d
docs: add dev docs
2023-12-21 15:32:41 +01:00
14553dd6b1
feat: RED metrics
2023-12-20 14:53:16 +01:00
2284fe388d
Also log the traceid alongside the request id ( #8023 )
...
* Also log the traceid alongside the request id
* Add changelog
2023-12-20 09:32:57 +01:00
de4f9d78f4
allow authentication for stores
...
Signed-off-by: jkoberg <jkoberg@owncloud.com >
2023-12-19 10:44:05 +01:00
423c28b298
improve store readmes
...
Co-authored-by: Martin <github@diemattels.at >
2023-12-15 13:25:10 +01:00
Ralf Haferkamp