mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-03-02 05:57:09 -05:00
Code Issues Packages Projects Releases Wiki Activity
22,798 Commits 52 Branches 48 Tags
31109dc9064606cee3cc6d5ecdfd94079367ebd1
Commit Graph

4347 Commits

Author SHA1 Message Date
Mahdi Baghbani
d7cb432b4d fix(ocm): allow insecure tls for wayf discovery (#2404) 
* fix(ocm): allow insecure tls for wayf discovery

Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>
 2026-02-26 14:44:38 +01:00
Florian Schade
b69b9cd569 fix: simplify subject.session key parsing 2026-02-25 14:02:09 +01:00
Florian Schade
e8ecbd7af1 refactor: make the logout mode private 2026-02-25 14:02:09 +01:00
Florian Schade
fd614eacf1 fix: use base64 record keys to prevent separator clashes with subjects or sessionIds that contain a dot 2026-02-25 14:02:09 +01:00
Florian Schade
910298aa05 chore: change naming 2026-02-25 14:02:09 +01:00
Florian Schade
7350050a05 test: add more backchannellogout tests 2026-02-25 14:02:09 +01:00
Florian Schade
f72e3f1e32 chore: cleanup backchannel logout pr for review 2026-02-25 14:02:09 +01:00
Florian Schade
0c62c45494 enhancement: document idp side-effects 2026-02-25 14:02:09 +01:00
Florian Schade
f6553498f6 enhancement: finalize backchannel logout 2026-02-25 14:02:09 +01:00
Christian Richter
6a0fd89475 refactor deletion 
Co-authored-by: Jörn Dreyer <j.dreyer@opencloud.eu>
Co-authored-by: Michael Barz <m.barz@opencloud.eu>
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-25 14:02:09 +01:00
Christian Richter
cb38aaab16 create mapping in cache for subject => sessionid 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-25 14:02:09 +01:00
Christian Richter
762062bfa3 add mapping to backchannel logout for subject => sessionid 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-25 14:02:09 +01:00
Christian Richter
291265afb0 add additional validation to logout token 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
Co-authored-by: Michael Barz <m.barz@opencloud.eu>
 2026-02-25 14:02:09 +01:00
opencloudeu
49a018e973 [tx] updated from transifex 2026-02-24 00:12:39 +00:00
Ralf Haferkamp
372bb04ee8 chore(idp): Bump dependencies 
The axios bump addresses CVE-2025-7783
 2026-02-23 09:38:12 +01:00
Jannik Stehle
2a2e882a59 Merge pull request #2377 from opencloud-eu/feat/web-adjust-surface-colors 
feat(web): change surface colors to more modern ones
 2026-02-23 07:34:59 +01:00
opencloudeu
42e9c27174 [tx] updated from transifex 2026-02-22 00:13:15 +00:00
Jannik Stehle
02d73157c1 feat(web): change surface colors to more modern ones 2026-02-20 16:13:32 +01:00
Ralf Haferkamp
6dde2839df fix(oidc_auth): Fix userinfo cache expiration logic 
When the userinfo claims store in the usercache is found to be expired,
do not return an error but ignore the cached entry and force a
re-verification of the access token (either via parsing the JWT again or
via a UserInfo lookup).
This is required for setups with non-JWT access tokes where the expiry
date set in the cached claims does not reflect the actual token expiry,
but just the CacheTTL.

Fixes: #1493
 2026-02-19 13:17:17 +01:00
Ralf Haferkamp
212846f2f4 fix(idp): Remove kpop dependency 
The built package (https://download.kopano.io/community/kapp:/kpop-2.7.2.tgz)
seems to be no longer available and upstream lico already switched away
from it quite a while ago.

Fixes: #2364
 2026-02-19 12:16:30 +01:00
opencloudeu
4447893aeb [tx] updated from transifex 2026-02-18 00:15:57 +00:00
Alex
cdb942a093 feat: app-registry adjust default mime-types (#2354) 2026-02-17 16:39:55 +01:00
Ralf Haferkamp
78703806e4 feat(webfinger): add fallbacks for CLIENT_ID and SCOPE setting 
This adds the variables 'OC_OIDC_CLIENT_ID' and
'OC_OIDC_CLIENT_SCOPES' as fallbacks for the platform specific settings.

For backwards compatibility with the "old" settings for the 'web'
service we also allow 'WEB_OIDC_CLIENT_ID' and 'WEB_OIDC_SCOPE' for the
"web" platform.
 2026-02-17 10:41:35 +01:00
Ralf Haferkamp
4f1aca6d90 feat(webfinger): use webfinger properties instead new relations 
This works the previous commits so that clients can add an addtional
'platform' query parameter to the webfinger request that  can be used
to query the oidc client id and list of scopes that the clients need
to use when connecting to the IDP.

This also removes the non-standard issuer relatation introduced in a
previous commit as we can just introduce new relations in the
http://openid.net name space.

For IDP like Authentik that create a separate issuer url per Client
(Application in Authentik's terms) it is suggested to just configure
as single Client and use that id for all platforms (i.e. setting
'WEBFINGER_ANDROID_OIDC_CLIENT_ID', 'WEBFINGER_DESKTOP_OIDC_CLIENT_ID',
'WEBFINGER_IOS_OIDC_CLIENT_ID' and 'WEBFINGER_WEB_OIDC_CLIENT_ID' to
same value.

Related: #2088
Related: https://github.com/opencloud-eu/desktop/issues/246
 2026-02-17 10:41:35 +01:00
Ralf Haferkamp
24aaeb46ba chore(webfinger): Simplify weird Query parameter extraction loop 2026-02-17 10:41:35 +01:00
pat-s
daeae1f443 feat(webfinger): support desktop and mobile specific OIDC client_id 2026-02-17 10:41:35 +01:00
pat-s
84da592c88 feat(webfinger): add desktop-specific OIDC issuer support 2026-02-17 10:41:35 +01:00
opencloudeu
4e9eb596f0 [tx] updated from transifex 2026-02-17 00:17:42 +00:00
Benedikt Kulmann
5be98670f4 chore: bump web to v5.1.0 2026-02-16 11:01:47 +01:00
opencloudeu
e698a35aef [tx] updated from transifex 2026-02-16 00:16:53 +00:00
opencloudeu
d867665dc1 [tx] updated from transifex 2026-02-15 00:16:35 +00:00
opencloudeu
e0b465342f [tx] updated from transifex 2026-02-14 00:16:38 +00:00
Thomas Schweiger
8f3714f08f Merge pull request #2333 from opencloud-eu/fix/fix-typo-in-var-description 
fix: fix typo in variable description
 2026-02-12 18:13:02 +01:00
Michael Barz
1c493ec46b fix: include sessionID in sse logout event (#2327) 2026-02-12 17:21:09 +01:00
Thomas Schweiger
bac83c4729 fix: fix typo in variable description 2026-02-12 16:48:12 +01:00
Thomas Schweiger
2f7422538b fix: fix typo in gateway service documentation 2026-02-12 15:43:00 +01:00
opencloudeu
d14ae65eba [tx] updated from transifex 2026-02-12 00:16:05 +00:00
opencloudeu
1c80721aff [tx] updated from transifex 2026-02-11 00:15:55 +00:00
Christian Richter
6f7160556f fix tests 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-10 10:45:09 +01:00
Christian Richter
7d5d8f3484 adapt graph service 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
Co-authored-by: Ralf Haferkamp <r.haferkamp@opencloud.eu>
 2026-02-10 10:45:09 +01:00
Christian Richter
5877bfa8a2 initial skel for external tenant id 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-10 10:45:09 +01:00
VicDeo
ab9c4d8f23 Sanitize web config only once 2026-02-09 14:09:33 +01:00
Ralf Haferkamp
0639304e96 docs(proxy): Clarify PROXY_OIDC_USERINFO_CACHE_TTL value 
Try to make it more precise when that value is actually relevant.

Closes: #2252
 2026-02-03 15:36:37 +01:00
opencloudeu
7a0bbd93b4 [tx] updated from transifex 2026-02-03 00:14:43 +00:00
opencloudeu
158c920e3d [tx] updated from transifex 2026-02-01 00:13:47 +00:00
opencloudeu
cad6a61120 [tx] updated from transifex 2026-01-29 00:13:28 +00:00
André Duffeck
e2f6a68810 Do not ever set a TTL for the ID cache. It's not supposed to expire. 2026-01-28 12:52:24 +01:00
opencloudeu
47d5d8c1b8 [tx] updated from transifex 2026-01-28 00:12:56 +00:00
opencloudeu
08a87ad1a3 [tx] updated from transifex 2026-01-27 00:12:45 +00:00
Viktor Scharf
6cefc94493 bump-web-5.0.0 (#2216) 2026-01-26 15:33:43 +01:00