mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-28 04:56:46 -05:00
Code Issues Packages Projects Releases Wiki Activity
22,773 Commits 52 Branches 48 Tags
eca28fd99698a2cab44707202ccbb55d557e4a3c
Commit Graph

22773 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pascal Bleser
eca28fd996 Groupware improvements: refactoring, k6 tests 
* refactored the models to be strongly typed with structs and mapstruct
   to decompose the dynamic parts of the JMAP payloads

 * externalized large JSON strings for tests into .json files under
   testdata/

 * added a couple of fantasy Graph groupware APIs to explore further
   options

 * added k6 scripts to test those graph/me/messages APIs, with a setup
   program to set up users in LDAP, fill their IMAP inbox, activate them
   in Stalwart, cleaning things up, etc...
 2026-02-27 14:46:42 +01:00
Pascal Bleser
8b28e5312b fix Stalwart LDAP configuration 2026-02-27 14:46:42 +01:00
Pascal Bleser
04266bc8ab Use password policy overlay in LDAP and configure Stalwart to use it 2026-02-27 14:46:42 +01:00
Pascal Bleser
4a620a66ee upgrade Stalwart to 0.12.4 2026-02-27 14:46:42 +01:00
Pascal Bleser
05a3b8fc32 groupware: removed debugging logs 2026-02-27 14:46:42 +01:00
Pascal Bleser
482d81bc89 jwkset: remove debugging printlns 2026-02-27 14:46:42 +01:00
Pascal Bleser
5d67e7b515 auth-api: fix: was missing newly introduced metrics 2026-02-27 14:46:42 +01:00
Pascal Bleser
b09161cfcb groupware and jmap improvements and refactoring 2026-02-27 14:46:42 +01:00
Pascal Bleser
78264ed7c8 upgrade Stalwart to 0.12 2026-02-27 14:46:42 +01:00
Pascal Bleser
19725610c1 minor corrections to the Stalwart configuration 2026-02-27 14:46:42 +01:00
Pascal Bleser
75dac3645b Introduce a the auth-api service 
* primitive implementation to demonstrate how it could work, still to
   be considered WIP at best

 * add new dependency: MicahParks/jwkset and MicahParks/keyfunc to
   retrieve the JWK set from KeyCloak to verify the signature of the
   JWTs sent as part of Bearer authentication in the /auth API

 * (minor) opencloud/.../service.go: clean up a logging statement that
   was introduced earlier to hunt down why the auth-api service was not
   being started
 2026-02-27 14:46:41 +01:00
Pascal Bleser
bb2874177f add an auth-api service to make an exemplary implementation of an external authentication API for third party services such as Stalwart 2026-02-27 14:46:41 +01:00
Pascal Bleser
de4b154391 move services/groupware/pkg/jmap to pkg/jmap 2026-02-27 14:46:41 +01:00
Pascal Bleser
46aa800152 WIP: restructure the Jmap client, and implement the /me/messages Graph API endpoint with it 2026-02-27 14:46:41 +01:00
Pascal Bleser
f43880d75b add an OIDC Directory to Stalwart, requires exposing Keycloak port 8080 directly to access the userinfo endpoint using HTTP since the certificates in traefik are self-signed and end up being rejected by Stalwart with no option to bypass the certificate check 2026-02-27 14:46:41 +01:00
Pascal Bleser
116cecd84f rename Stalwart fallback admin username from 'admin' to 'mailadmin' since 'admin' exists as a regular user in LDAP and thus won't have access to the administration 2026-02-27 14:46:41 +01:00
Pascal Bleser
df5514a1ed add missing routing for /groupware (currently unprotected for testing) 2026-02-27 14:46:41 +01:00
Pascal Bleser
b12e0d5b29 WIP: initial implementation of the groupware service 2026-02-27 14:46:41 +01:00
Pascal Bleser
8c9a71a17d Add Stalwart container to the opencloud_full deployment, using the OpenLDAP container as a directory for user authentication 2026-02-27 14:46:41 +01:00
dependabot[bot]
6cdf229979 build(deps): bump github.com/kovidgoyal/imaging from 1.8.19 to 1.8.20 
Bumps [github.com/kovidgoyal/imaging](https://github.com/kovidgoyal/imaging) from 1.8.19 to 1.8.20.
- [Release notes](https://github.com/kovidgoyal/imaging/releases)
- [Commits](https://github.com/kovidgoyal/imaging/compare/v1.8.19...v1.8.20)

---
updated-dependencies:
- dependency-name: github.com/kovidgoyal/imaging
  dependency-version: 1.8.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-26 18:38:29 +01:00
Mahdi Baghbani
d7cb432b4d fix(ocm): allow insecure tls for wayf discovery (#2404) 
* fix(ocm): allow insecure tls for wayf discovery

Signed-off-by: Mahdi Baghbani <mahdi-baghbani@azadehafzar.io>
 2026-02-26 14:44:38 +01:00
Florian Schade
b69b9cd569 fix: simplify subject.session key parsing 2026-02-25 14:02:09 +01:00
Florian Schade
e8ecbd7af1 refactor: make the logout mode private 2026-02-25 14:02:09 +01:00
Florian Schade
fd614eacf1 fix: use base64 record keys to prevent separator clashes with subjects or sessionIds that contain a dot 2026-02-25 14:02:09 +01:00
Florian Schade
910298aa05 chore: change naming 2026-02-25 14:02:09 +01:00
Florian Schade
7350050a05 test: add more backchannellogout tests 2026-02-25 14:02:09 +01:00
Florian Schade
f72e3f1e32 chore: cleanup backchannel logout pr for review 2026-02-25 14:02:09 +01:00
Florian Schade
0c62c45494 enhancement: document idp side-effects 2026-02-25 14:02:09 +01:00
Florian Schade
f6553498f6 enhancement: finalize backchannel logout 2026-02-25 14:02:09 +01:00
Christian Richter
6a0fd89475 refactor deletion 
Co-authored-by: Jörn Dreyer <j.dreyer@opencloud.eu>
Co-authored-by: Michael Barz <m.barz@opencloud.eu>
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-25 14:02:09 +01:00
Christian Richter
cb38aaab16 create mapping in cache for subject => sessionid 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-25 14:02:09 +01:00
Christian Richter
762062bfa3 add mapping to backchannel logout for subject => sessionid 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
 2026-02-25 14:02:09 +01:00
Christian Richter
291265afb0 add additional validation to logout token 
Signed-off-by: Christian Richter <c.richter@opencloud.eu>
Co-authored-by: Michael Barz <m.barz@opencloud.eu>
 2026-02-25 14:02:09 +01:00
opencloudeu
49a018e973 [tx] updated from transifex 2026-02-24 00:12:39 +00:00
Ralf Haferkamp
372bb04ee8 chore(idp): Bump dependencies 
The axios bump addresses CVE-2025-7783
 2026-02-23 09:38:12 +01:00
dependabot[bot]
b7eb6f768d build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 
Bumps [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) from 2.27.7 to 2.28.0.
- [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases)
- [Commits](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.27.7...v2.28.0)

---
updated-dependencies:
- dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2
  dependency-version: 2.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 09:34:09 +01:00
dependabot[bot]
e13ba4af06 build(deps): bump github.com/open-policy-agent/opa from 1.13.1 to 1.13.2 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.13.1 to 1.13.2.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.13.1...v1.13.2)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-23 09:31:49 +01:00
Jannik Stehle
2a2e882a59 Merge pull request #2377 from opencloud-eu/feat/web-adjust-surface-colors 
feat(web): change surface colors to more modern ones
 2026-02-23 07:34:59 +01:00
opencloudeu
42e9c27174 [tx] updated from transifex 2026-02-22 00:13:15 +00:00
Jannik Stehle
02d73157c1 feat(web): change surface colors to more modern ones 2026-02-20 16:13:32 +01:00
dependabot[bot]
801a4ce8c4 build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.1 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.78.0 to 1.79.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-19 18:27:12 +01:00
dependabot[bot]
74ff47e4c2 build(deps): bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.28.0 to 2.28.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.28.0...v2.28.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.28.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-19 17:04:06 +01:00
dependabot[bot]
5851db3d93 build(deps): bump go.opentelemetry.io/contrib/zpages 
Bumps [go.opentelemetry.io/contrib/zpages](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.64.0 to 0.65.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.64.0...zpages/v0.65.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/zpages
  dependency-version: 0.65.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-19 13:27:49 +01:00
Ralf Haferkamp
6dde2839df fix(oidc_auth): Fix userinfo cache expiration logic 
When the userinfo claims store in the usercache is found to be expired,
do not return an error but ignore the cached entry and force a
re-verification of the access token (either via parsing the JWT again or
via a UserInfo lookup).
This is required for setups with non-JWT access tokes where the expiry
date set in the cached claims does not reflect the actual token expiry,
but just the CacheTTL.

Fixes: #1493
 2026-02-19 13:17:17 +01:00
Ralf Haferkamp
212846f2f4 fix(idp): Remove kpop dependency 
The built package (https://download.kopano.io/community/kapp:/kpop-2.7.2.tgz)
seems to be no longer available and upstream lico already switched away
from it quite a while ago.

Fixes: #2364
 2026-02-19 12:16:30 +01:00
opencloudeu
4447893aeb [tx] updated from transifex 2026-02-18 00:15:57 +00:00
Jörn Friedrich Dreyer
cd655f3ac7 Add openCloudEducationExternalId to user 2026-02-17 17:57:39 +01:00
dependabot[bot]
44d2f95fa6 build(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.49.0 to 0.50.0.
- [Commits](https://github.com/golang/net/compare/v0.49.0...v0.50.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 16:53:59 +01:00
dependabot[bot]
d0edd5bf99 build(deps): bump github.com/go-resty/resty/v2 from 2.17.1 to 2.17.2 
Bumps [github.com/go-resty/resty/v2](https://github.com/go-resty/resty) from 2.17.1 to 2.17.2.
- [Release notes](https://github.com/go-resty/resty/releases)
- [Commits](https://github.com/go-resty/resty/compare/v2.17.1...v2.17.2)

---
updated-dependencies:
- dependency-name: github.com/go-resty/resty/v2
  dependency-version: 2.17.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-17 16:51:33 +01:00
Alex
cdb942a093 feat: app-registry adjust default mime-types (#2354) 2026-02-17 16:39:55 +01:00