642fd5cc91
Merge branch 'master' into 236-user-authentication-using-keycloak-or-any-openid-client-for-using-external-auth-providers-such-as-ldap-github-google
2024-03-28 12:07:58 +01:00
e8fb5a0030
Add OpenID Connect authentication
...
Fixes #236
Template conditional not yet working
Needs more testing
2024-03-28 12:01:13 +01:00
1e5f2944cf
Upgrade dependencies. Port to jwt-auth v5.
2024-03-21 22:02:59 +01:00
e92e727279
Extend oidc auth provider
2024-03-13 17:09:36 +01:00
f761900a3e
Add initial code for oidc authentication support
2024-03-13 09:37:12 +01:00
bb1c8cc25d
fix: Move name extract from token in else branch
2023-09-08 12:11:49 +02:00
4b06fa788d
fix: Fix buggy logic and simplify code if ValidateUser enabled
2023-09-08 11:50:28 +02:00
Pay Giesselmann
fd94d30a8e
make ldap username attribute configurable
2023-08-29 09:30:57 +02:00
ebcae32e23
Update docs and cleanup
2023-08-18 15:56:11 +02:00
3028f60807
Reformat and add debug output
2023-08-18 11:59:16 +02:00
Christoph Kluge
734e818b19
Merge branch '189-refactor-authentication-module' of https://github.com/ClusterCockpit/cc-backend into 189-refactor-authentication-module
2023-08-18 11:17:33 +02:00
Christoph Kluge
57bda63506
Cleanup some error strings
2023-08-18 11:17:31 +02:00
da551a0bb4
Repair broken error handlng
2023-08-18 11:00:13 +02:00
32b0c8bdd7
Refactor and cleanup Auth configuration
2023-08-18 10:43:06 +02:00
56d559fdd7
Fix bug with jwt max-age option
2023-08-18 09:19:30 +02:00
cfcf939339
Add config to jwt again
2023-08-18 08:57:56 +02:00
d51be5c308
Formatting and minor fixes
2023-08-18 08:49:25 +02:00
29552fadc3
Cleanup SyncOnLogin Handling
2023-08-17 14:02:04 +02:00
15231bc683
Cleanup and adapt to new structure
2023-08-17 12:34:30 +02:00
87ce4f63d4
Refactor auth module
...
Separate parts
Add user repository
Add user schema
2023-08-17 10:29:00 +02:00
80aed87415
Retry fetching user after CanLogin
2023-08-16 17:21:12 +02:00
65cf86586a
Merge branch '105_modify_user_via_api' into 189-refactor-authentication-module
2023-08-16 09:46:41 +02:00
4f6d1fec68
Fix errors in ldap auth
2023-08-16 09:19:41 +02:00
Christoph Kluge
fe6de5bc68
Merge branch '189-refactor-authentication-module' of https://github.com/ClusterCockpit/cc-backend into 189-refactor-authentication-module
2023-08-14 13:52:29 +02:00
Christoph Kluge
e550e57ac0
Fix Java/Grails issued token parsing
...
- Tested locally until successfull login
- Initialize empty projects array
2023-08-14 13:52:26 +02:00
4a2afc7a5a
Add LDAPSyncOnLogin option
...
Cleanup
Extend docs
Remove obsolete Expiration attribute
2023-08-14 12:40:21 +02:00
19d645f65c
Readd URL token and cleanup
...
Fix session values.
2023-08-12 09:02:41 +02:00
b8273a9b02
refactor auth module
...
Restructure module
Separate JWT auth variants
Cleanup code
Fixes #189
2023-08-11 10:00:23 +02:00
Jan Eitzinger
c0ab5de2f1
Merge pull request #182 from ClusterCockpit/179_fix_frontend_apiusers
...
Fix frontend render for users with api role
2023-07-20 07:42:15 +02:00
04e8279ae4
Change log level for JWT Cross login warning to debug
2023-07-19 09:04:27 +02:00
Christoph Kluge
55943cacbf
Fix frontend render for users with api role
2023-07-17 12:19:49 +02:00
df9fd77d06
Refactor auth and add docs
...
Cleanup and reformat
2023-07-05 09:50:44 +02:00
Pay Giesselmann
a9544f5609
lower log level for frequent messages
2023-06-20 15:47:38 +02:00
f0685919fd
Streamline auth error handling
2023-06-15 12:00:45 +02:00
e6a5874999
Fix bug if local login provides wrong pw
...
Fixes #140
2023-06-14 14:35:25 +02:00
Christoph Kluge
14665df439
Better test array
2023-03-06 16:35:14 +01:00
Christoph Kluge
cae7257673
Add tests for role checks, update test.db
2023-03-06 16:32:58 +01:00
Christoph Kluge
f37e7c26f6
Rework roles as enum, change AuthSource to enum
2023-03-06 11:44:38 +01:00
Christoph Kluge
8bd72ce807
Small fixes after full file review
...
- Remove unnecessary field 'project' from GQl and regenerate
- Add newlines to file ends
- Fix command-line manager user addition
2023-02-23 12:33:14 +01:00
Christoph Kluge
e0e51813ad
Merge branch 'master' into 40_45_82_update_roles
2023-02-21 17:17:41 +01:00
8ffb562d6b
Introduce db migration support
2023-02-21 10:57:22 +01:00
Christoph Kluge
397ab08b3b
Add support for multiple projects per manager
...
- Handled like roles in admin view
- !! NEW COLUMN CHANGED TO "projects"
2023-02-17 15:45:31 +01:00
033598a656
Remove loglevel notice
2023-02-15 11:50:51 +01:00
Christoph Kluge
a2ebebd7f6
Remove role label array from frontend
...
- made centralized role array uncentralized again
2023-02-01 14:49:10 +01:00
Christoph Kluge
a885e69125
Adapt loglevel for logs, shorten strings, fix formats, streamline
...
- Switched to Warn for most errors, reduces bloat, improves log control
2023-02-01 11:58:27 +01:00
Christoph Kluge
b77bd078e5
Add log messages to error events w/o log message, primaryly error level
...
- "log spam" to be controlled via loglevel flag on startup
2023-01-31 18:28:44 +01:00
Christoph Kluge
7fb94c33cf
Add API call for frontend to fetch list of valid roles from backend
...
- only relevant for admin config (addUser, editRole)
- admin only (double-checked)
2023-01-30 17:01:11 +01:00
Christoph Kluge
b2aed2f16b
Add 'project' to user table, add 'manager' role, conditional web render
...
- Addresses issues #40 #45 #82
- Reworked Navigation Header for all roles
- 'Manager' role added, can be assigned a project-id in config by admins
- BREAKING! -> Added 'project' column in SQLite3 table 'user'
- Manager-Assigned project will be added to all graphql filters: Only show Jobs and Users of given project
- 'My Jobs' Tab for all Roles
- Switched from Bool "isAdmin" to integer authLevels
- Removed critical data frontend logging
- Reworked repo.query.SecurityCheck()
2023-01-27 18:36:58 +01:00
Christoph Kluge
834f9d9085
Add role helper functions, add project role barebone, add valid role arr
...
- HasAnyRoles([]string): Checks if user has *one* of the roles
- HasAllRoles([]string): Cheks if user has *all* of the roles
- HasNotRoles([]string): Checks if user has *none* of the roles
- IsValidRole(string): Checks if given string is known valid role
2023-01-25 16:59:16 +01:00
Christoph Kluge
79a949b55e
Rework pkg/log, add 'loglevel' and 'logdate' flags, streamline
...
- removes some previously added manual location strings: now handled by pkg/log depending on loglevel
- kept manual string locations on fmt print functions
- add 'notice' and 'critical' loglevels
- add 'Panic' and 'Panicf' functions to log panics
- adresses issue #26
2023-01-23 18:48:06 +01:00