Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bookworm + portal rework #342

Merged
merged 31 commits into from
Oct 31, 2024
Merged

Bookworm + portal rework #342

merged 31 commits into from
Oct 31, 2024

Conversation

alexAubin
Copy link
Member

No description provided.

alexAubin and others added 19 commits May 4, 2023 22:38
@alexAubin
Update changelog for 12.0.0
e8f10ce
@alexAubin
Fix boring login API expecting a weird form/multiparam thing instead …
34a2a66 
…of classic JSON for credentials ...
@alexAubin
Moulinette logging is an unecessarily complex mess, episode 57682
0f056d6
@Tagadda
Merge branch 'dev' into bookworm
3ad7335
@Axolotle
allow json requests
4104704
@alexAubin
api: Add a proper mechanism to allow specific, configurable CORS origins
328107c
@alexAubin
api: fix authentication failure not deleting expired cookies
a6c7e55
@selfhoster1312
/yunohost/sso/log{in,out} 303 to referer when GET/POST param referer_…
e24d56d 
…redirect is set
@selfhoster1312
Bypass CSRF protection for the /yunohost/portalapi/login route
7daa504 
Allowing login from simple HTML form
Also allow to pass username/password as two params instead of a combined "credentials"
@alexAubin
Merge pull request #337 from YunoHost/logging-is-a-mess
8016725 
Moulinette logging is an unecessarily complex mess, episode 57682
@alexAubin
Merge pull request #341 from YunoHost/portal-api
75f522b 
Tweaks and fixes for new portal API / ssowat refactoring
@alexAubin
quality: make linter gods happy
2696e81
@alexAubin
quality: update tox.ini, bookworm has python 3.11
7210b66
@alexAubin
quality: fix test/conftest.py, there's no ActionFilter anymore
37331cb
@alexAubin
quality: we're in python 3.11 bruh
fc1eef2
@alexAubin
quality: we're in python 3.11 bruh²
8c28a57
@alexAubin
quality: we're in python 3.11 bruh³
bd9736e
@alexAubin
fix old logger mechanism remants
f562a9b
@alexAubin
fix test ... apparently the API now returns 405 when no action is spe…
20d3b82 
…cified, I guess that's okay
@selfhoster1312
Copy link
Contributor

selfhoster1312 commented Nov 3, 2023
edited
Loading

I don't think a6c7e55 fixes YunoHost/issues#2238

The cookie should be deleted by the client but other copies of it (or if the client doesn't honor the request) remain valid for SSOWat... or did i miss something? So that's more like "delete cookies" than "logout" effectively, which i think is a security problem.

EDIT: This should have been fixed in the meantime

@selfhoster1312
Copy link
Contributor

I think all the building blocks are here to have a portal without javascript. I'll try and let you know. Thanks a lot!!!

@selfhoster1312
Copy link
Contributor

Soooo after messing around a little bit i realized we don't have the building blocks at all: yunohost-portal-api has no privileged API for a backend/daemon to know what permissions a user has, which was possible previously with /etc/ssowat/ssowat.json (although it was a hack and not intended). I opened #2433 to discuss it

@alexAubin alexAubin merged commit 62c0cf6 into dev Oct 31, 2024
1 of 2 checks passed
@alexAubin alexAubin deleted the bookworm branch October 31, 2024 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@alexAubin @selfhoster1312 @Tagadda @Axolotle @tituspijean