mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-28 04:56:46 -05:00
Code Issues Packages Projects Releases Wiki Activity
22,762 Commits 52 Branches 48 Tags
bb2874177f48ae1ea185986dcf6cd4e618e6a6c8
Commit Graph

22762 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pascal Bleser
bb2874177f add an auth-api service to make an exemplary implementation of an external authentication API for third party services such as Stalwart 2026-02-27 14:46:41 +01:00
Pascal Bleser
de4b154391 move services/groupware/pkg/jmap to pkg/jmap 2026-02-27 14:46:41 +01:00
Pascal Bleser
46aa800152 WIP: restructure the Jmap client, and implement the /me/messages Graph API endpoint with it 2026-02-27 14:46:41 +01:00
Pascal Bleser
f43880d75b add an OIDC Directory to Stalwart, requires exposing Keycloak port 8080 directly to access the userinfo endpoint using HTTP since the certificates in traefik are self-signed and end up being rejected by Stalwart with no option to bypass the certificate check 2026-02-27 14:46:41 +01:00
Pascal Bleser
116cecd84f rename Stalwart fallback admin username from 'admin' to 'mailadmin' since 'admin' exists as a regular user in LDAP and thus won't have access to the administration 2026-02-27 14:46:41 +01:00
Pascal Bleser
df5514a1ed add missing routing for /groupware (currently unprotected for testing) 2026-02-27 14:46:41 +01:00
Pascal Bleser
b12e0d5b29 WIP: initial implementation of the groupware service 2026-02-27 14:46:41 +01:00
Pascal Bleser
8c9a71a17d Add Stalwart container to the opencloud_full deployment, using the OpenLDAP container as a directory for user authentication 2026-02-27 14:46:41 +01:00
dependabot[bot]
6cdf229979 build(deps): bump github.com/kovidgoyal/imaging from 1.8.19 to 1.8.20 
Bumps [github.com/kovidgoyal/imaging](https://github.com/kovidgoyal/imaging) from 1.8.19 to 1.8.20.
- [Release notes](https://github.com/kovidgoyal/imaging/releases)
- [Commits](https://github.com/kovidgoyal/imaging/compare/v1.8.19...v1.8.20)

---
updated-dependencies:
- dependency-name: github.com/kovidgoyal/imaging
  dependency-version: 1.8.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 18:38:29 +01:00
Mahdi Baghbani
d7cb432b4d fix(ocm): allow insecure tls for wayf discovery (#2404) 
* fix(ocm): allow insecure tls for wayf discovery

Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>
 2026-02-26 14:44:38 +01:00
Florian Schade
b69b9cd569 fix: simplify subject.session key parsing 2026-02-25 14:02:09 +01:00
Florian Schade
e8ecbd7af1 refactor: make the logout mode private 2026-02-25 14:02:09 +01:00
Florian Schade
fd614eacf1 fix: use base64 record keys to prevent separator clashes with subjects or sessionIds that contain a dot 2026-02-25 14:02:09 +01:00
Florian Schade
910298aa05 chore: change naming 2026-02-25 14:02:09 +01:00
Florian Schade
7350050a05 test: add more backchannellogout tests 2026-02-25 14:02:09 +01:00
Florian Schade
f72e3f1e32 chore: cleanup backchannel logout pr for review 2026-02-25 14:02:09 +01:00
Florian Schade
0c62c45494 enhancement: document idp side-effects 2026-02-25 14:02:09 +01:00
Florian Schade
f6553498f6 enhancement: finalize backchannel logout 2026-02-25 14:02:09 +01:00
Christian Richter
6a0fd89475 refactor deletion 
Co-authored-by: Jörn Dreyer <j.dreyer@opencloud.eu>
Co-authored-by: Michael Barz <m.barz@opencloud.eu>
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-25 14:02:09 +01:00
Christian Richter
cb38aaab16 create mapping in cache for subject => sessionid 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-25 14:02:09 +01:00
Christian Richter
762062bfa3 add mapping to backchannel logout for subject => sessionid 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-25 14:02:09 +01:00
Christian Richter
291265afb0 add additional validation to logout token 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
Co-authored-by: Michael Barz <m.barz@opencloud.eu>
 2026-02-25 14:02:09 +01:00
opencloudeu
49a018e973 [tx] updated from transifex 2026-02-24 00:12:39 +00:00
Ralf Haferkamp
372bb04ee8 chore(idp): Bump dependencies 
The axios bump addresses CVE-2025-7783
 2026-02-23 09:38:12 +01:00
dependabot[bot]
b7eb6f768d build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 
Bumps [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) from 2.27.7 to 2.28.0.
- [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases)
- [Commits](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.27.7...v2.28.0)

---
updated-dependencies:
- dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2
  dependency-version: 2.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 09:34:09 +01:00
dependabot[bot]
e13ba4af06 build(deps): bump github.com/open-policy-agent/opa from 1.13.1 to 1.13.2 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.13.1 to 1.13.2.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.13.1...v1.13.2)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 09:31:49 +01:00
Jannik Stehle
2a2e882a59 Merge pull request #2377 from opencloud-eu/feat/web-adjust-surface-colors 
feat(web): change surface colors to more modern ones
 2026-02-23 07:34:59 +01:00
opencloudeu
42e9c27174 [tx] updated from transifex 2026-02-22 00:13:15 +00:00
Jannik Stehle
02d73157c1 feat(web): change surface colors to more modern ones 2026-02-20 16:13:32 +01:00
dependabot[bot]
801a4ce8c4 build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.1 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.78.0 to 1.79.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-19 18:27:12 +01:00
dependabot[bot]
74ff47e4c2 build(deps): bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.28.0 to 2.28.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.28.0...v2.28.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.28.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-19 17:04:06 +01:00
dependabot[bot]
5851db3d93 build(deps): bump go.opentelemetry.io/contrib/zpages 
Bumps [go.opentelemetry.io/contrib/zpages](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.64.0 to 0.65.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.64.0...zpages/v0.65.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/zpages
  dependency-version: 0.65.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-19 13:27:49 +01:00
Ralf Haferkamp
6dde2839df fix(oidc_auth): Fix userinfo cache expiration logic 
When the userinfo claims store in the usercache is found to be expired,
do not return an error but ignore the cached entry and force a
re-verification of the access token (either via parsing the JWT again or
via a UserInfo lookup).
This is required for setups with non-JWT access tokes where the expiry
date set in the cached claims does not reflect the actual token expiry,
but just the CacheTTL.

Fixes: #1493
 2026-02-19 13:17:17 +01:00
Ralf Haferkamp
212846f2f4 fix(idp): Remove kpop dependency 
The built package (https://download.kopano.io/community/kapp:/kpop-2.7.2.tgz)
seems to be no longer available and upstream lico already switched away
from it quite a while ago.

Fixes: #2364
 2026-02-19 12:16:30 +01:00
opencloudeu
4447893aeb [tx] updated from transifex 2026-02-18 00:15:57 +00:00
Jörn Friedrich Dreyer
cd655f3ac7 Add openCloudEducationExternalId to user 2026-02-17 17:57:39 +01:00
dependabot[bot]
44d2f95fa6 build(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.49.0 to 0.50.0.
- [Commits](https://github.com/golang/net/compare/v0.49.0...v0.50.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 16:53:59 +01:00
dependabot[bot]
d0edd5bf99 build(deps): bump github.com/go-resty/resty/v2 from 2.17.1 to 2.17.2 
Bumps [github.com/go-resty/resty/v2](https://github.com/go-resty/resty) from 2.17.1 to 2.17.2.
- [Release notes](https://github.com/go-resty/resty/releases)
- [Commits](https://github.com/go-resty/resty/compare/v2.17.1...v2.17.2)

---
updated-dependencies:
- dependency-name: github.com/go-resty/resty/v2
  dependency-version: 2.17.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 16:51:33 +01:00
Alex
cdb942a093 feat: app-registry adjust default mime-types (#2354) 2026-02-17 16:39:55 +01:00
Ralf Haferkamp
342cb3df95 adr(webfinger): Align example config with implementation 2026-02-17 12:13:43 +01:00
Ralf Haferkamp
78703806e4 feat(webfinger): add fallbacks for CLIENT_ID and SCOPE setting 
This adds the variables 'OC_OIDC_CLIENT_ID' and
'OC_OIDC_CLIENT_SCOPES' as fallbacks for the platform specific settings.

For backwards compatibility with the "old" settings for the 'web'
service we also allow 'WEB_OIDC_CLIENT_ID' and 'WEB_OIDC_SCOPE' for the
"web" platform.
 2026-02-17 10:41:35 +01:00
Ralf Haferkamp
4f1aca6d90 feat(webfinger): use webfinger properties instead new relations 
This works the previous commits so that clients can add an addtional
'platform' query parameter to the webfinger request that  can be used
to query the oidc client id and list of scopes that the clients need
to use when connecting to the IDP.

This also removes the non-standard issuer relatation introduced in a
previous commit as we can just introduce new relations in the
http://openid.net name space.

For IDP like Authentik that create a separate issuer url per Client
(Application in Authentik's terms) it is suggested to just configure
as single Client and use that id for all platforms (i.e. setting
'WEBFINGER_ANDROID_OIDC_CLIENT_ID', 'WEBFINGER_DESKTOP_OIDC_CLIENT_ID',
'WEBFINGER_IOS_OIDC_CLIENT_ID' and 'WEBFINGER_WEB_OIDC_CLIENT_ID' to
same value.

Related: #2088
Related: https://github.com/opencloud-eu/desktop/issues/246
 2026-02-17 10:41:35 +01:00
Ralf Haferkamp
24aaeb46ba chore(webfinger): Simplify weird Query parameter extraction loop 2026-02-17 10:41:35 +01:00
pat-s
daeae1f443 feat(webfinger): support desktop and mobile specific OIDC client_id 2026-02-17 10:41:35 +01:00
pat-s
84da592c88 feat(webfinger): add desktop-specific OIDC issuer support 2026-02-17 10:41:35 +01:00
dependabot[bot]
5058e2ffc2 build(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 
Bumps [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.64.0 to 0.65.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.64.0...zpages/v0.65.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-version: 0.65.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 09:25:43 +01:00
dependabot[bot]
5daeada697 build(deps): bump github.com/open-policy-agent/opa from 1.12.3 to 1.13.1 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.12.3 to 1.13.1.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.12.3...v1.13.1)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 09:02:30 +01:00
opencloudeu
4e9eb596f0 [tx] updated from transifex 2026-02-17 00:17:42 +00:00
Ralf Haferkamp
a1b6f534f7 adr(webfinger): Change status to accepted 2026-02-16 17:40:19 +01:00
Ralf Haferkamp
815b049321 adr(webfinger): Apply suggestions from code review 
Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz>
 2026-02-16 17:40:19 +01:00