BlackDex
7cf8809d77
Adding Manager Role support
...
This has been requested a few times (#1136 & #246 & forum), and there already were two
(1:1 duplicate) PR's (#1222 & #1223 ) which needed some changes and no
followups or further comments unfortunally.
This PR adds two auth headers.
- ManagerHeaders
Checks if the user-type is Manager or higher and if the manager is
part of that collection or not.
- ManagerHeadersLoose
Check if the user-type is Manager or higher, but does not check if the
user is part of the collection, needed for a few features like
retreiving all the users of an org.
I think this is the safest way to implement this instead of having to
check this within every function which needs this manually.
Also some extra checks if a manager has access to all collections or
just a selection.
fixes #1136
4 years ago
Daniel García
32cfaab5ee
Updated dependencies and changed rocket request imports
4 years ago
Daniel García
668d5c23dc
Removed try_trait and some formatting, particularly around imports
4 years ago
BlackDex
baac8d9627
Fixed issue #908
...
The organization uuid is most of the time within the uri path as a
parameter. But sometimes it only is there as a query value.
This fix checks both, and returns the uuid when possible.
5 years ago
BlackDex
669b101e6a
Fixing issue #908
...
Sometimes an org-uuid is not within the path but in a query value,
This fixes the check for that.
5 years ago
BlackDex
37b212427c
Updated jsonwebtoken
...
Updated to the latest version of jsonwebtoken.
Some small code changes to match the new versions.
5 years ago
Daniel García
3fa78e7bb1
Initial version of policies
5 years ago
Daniel García
70f3ab8ec3
Migrate lazy_static to once_cell, less macro magic and slightly faster
5 years ago
Jeremy Lin
29a0795219
Add backend support for alternate base dir (subdir/subpath) hosting
...
To use this, include a path in the `DOMAIN` URL, e.g.:
* `DOMAIN=https://example.com/custom-path `
* `DOMAIN=https://example.com/multiple/levels/are/ok `
5 years ago
Daniel García
cb6f392774
When receiving a comma separated list as IP, pick the first
5 years ago
Daniel García
88c56de97b
Config option for client IP header
5 years ago
Daniel García
a0ece3754b
Formatting
5 years ago
tomuta
bd1e8be328
Implement change-email, email-verification, account-recovery, and welcome notifications
5 years ago
Daniel García
d29b6bee28
Remove unnecessary clones and other clippy fixes
5 years ago
Emil Madsen
e22e290f67
Fix key and type variable names for mysql
6 years ago
Daniel García
4f45cc081f
Update ring to 0.14, jwt to 6.0, and u2f
6 years ago
Daniel García
04922f6aa0
Some formatting and dependency updates
6 years ago
Daniel García
a1dc47b826
Change config to thread-safe system, needed for a future config panel.
...
Improved some two factor methods.
6 years ago
Daniel García
834c847746
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template
6 years ago
Daniel García
50eeb4f651
Remove whitespace before processing tokens
6 years ago
Nick Fox
0a74e79cea
Refactor generate_invite_claims, make org_name and org_id optional
6 years ago
Nick Fox
cec28a85ac
Update admin page to work with new invitation flow
6 years ago
Nick Fox
736c0e62f2
Send emails to inviters/invitees when invites are accepted/confirmed
6 years ago
Daniel García
30e768613b
Start using rustfmt and some style changes to make some lines shorter
6 years ago
Daniel García
2bb0b15e04
Implemented better errors for JWT
6 years ago
Daniel García
b2fc0499f6
Finish invite functionality, and remove virtual organization
6 years ago
Daniel García
5fecf09631
Initial version of admin panel, list users and reload user list works. No serious auth method yet, password is 'token123'
6 years ago
Nick Fox
26bf7bc12f
Use upstream jslib invite/registration workflow
6 years ago
Nick Fox
680f5e83d8
Add Invite JWT struct and supporting functions
6 years ago
Daniel García
7adc045b80
Updated IP logging to use client_ip, to match old remote behavior.
...
Improved error logging, now it won't show a generic error message in some situations.
Removed delete device, which is not needed as it will be overwritten later.
Logged more info when an error occurs saving a device.
Added orgmanager to JWT claims.
6 years ago
Daniel García
738ad2127b
Fixed some clippy linting issues
6 years ago
Daniel García
94810c106a
Migrate to rust 2018 edition
6 years ago
Daniel García
2fde4e6933
Implemented proper logging, with support for file logging, timestamp and syslog (this last one is untested)
6 years ago
Daniel García
f84cbeaaf8
Merge branch 'master' into rocket-0.4
...
# Conflicts:
# src/db/models/organization.rs
6 years ago
Miroslav Prasil
66a4c5d48b
Implement comparison between i32 and UserOrgType
6 years ago
Daniel García
6eb1c3d638
Fixed change in organizations header, now Request::get_param() are indexed by segment, not dynamic parameter.
6 years ago
Daniel García
c673370103
Updated bw_rs to Rocket version 0.4-rc1
6 years ago
Miroslav Prasil
a28caa33ef
Implement poor man's admin panel
6 years ago
Miroslav Prasil
de72655bb1
Add confirmed check to the OrgHeaders request guard
6 years ago
Daniel García
c722256cbd
Remove debug print
6 years ago
Daniel García
8ff50481e5
Use X-Forwarded-Host if available
6 years ago
Daniel García
4f6f510bd4
Improve domain detection, should fix attachment problems. Otherwise, set the `DOMAIN` env variable to the correct domain
6 years ago
Daniel García
dae92b9018
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.
6 years ago
Daniel García
e88d8c856d
Change host url to https when it's enabled, should fix some problems downloading attachments
6 years ago
Daniel García
483066b9a0
Some style changes, removed useless matches and formats
7 years ago
Miroslav Prasil
4d50014e35
Implement request guards for organization
7 years ago
Daniel García
4093bf92fe
Initial organizations functionality: Creating orgs and inviting users
7 years ago
Daniel García
66097e5f12
r2d2_diesel is included in diesel since 1.1, so we don't need the dependencies directly.
...
Same thing with time, included in chrono
7 years ago
Daniel García
dfefbf1f31
Fixed cipher import, created missing data structs instead of using generic Value, and fixed some warnings
7 years ago
Daniel García
84a75c871b
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery.
...
Known missing:
- import ciphers, create ciphers types other than login and card, update ciphers
- clear and put device_tokens
- Equivalent domains
- Organizations
7 years ago