Commit graph

114 commits

Author SHA1 Message Date
zeripath
7fc5fd6415
Do not send activation email if manual confirm is set ()
If the mailer is configured then even if Manual confirm is set an activation email
is still being sent because `handleUserCreated` is not checking for this case.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-03-18 17:57:07 +08:00
KN4CK3R
c88f2e2acc
Handle email address not exist. () 2022-03-15 10:18:39 +01:00
Lunny Xiao
18033f49ba
Restrict email address validation ()
This didn't follow the RFC but it's a subset of that. I think we should narrow the allowed chars at first and discuss more possibility in future PRs.
2022-03-14 18:39:54 +01:00
zeripath
1c5afd17ee
Prevent panic on prohibited user login with oauth2 ()
There was an unfortunate regression in  where following detection of the
UserProhibitLogin error the err is cast to a pointer by mistake.

This causes a panic due to an interface error.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-03 10:44:18 +00:00
zeripath
7d452558f0
Fix OAuth Source Edit Page ()
* Fix OAuth Source Edit Page to ensure restricted and group settings are set
* Also tolerate []interface in the groups

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-31 20:41:11 +00:00
wxiaoguang
49dd906753
Use base32 for 2FA scratch token ()
* Use base32 for 2FA scratch token
* rename Secure* to Crypto*, add comments
2022-01-26 12:10:10 +08:00
zeripath
44deae8f3d
Refactor jwt.StandardClaims to RegisteredClaims ()
* Refactor jwt.StandardClaims to RegisteredClaims

go-jwt/jwt has deprecated the StandardClaims interface to use RegisteredClaims
instead. This PR migrates to use this new format.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: Gusted <williamzijl7@hotmail.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2022-01-20 22:52:56 +01:00
6543
54e9ee37a7
format with gofumpt ()
* gofumpt -w -l .

* gofumpt -w -l -extra .

* Add linter

* manual fix

* change make fmt
2022-01-20 18:46:10 +01:00
Gusted
1d98d205f5
Enable deprecation error for v1.17.0 ()
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-01-20 18:00:38 +01:00
wxiaoguang
6fba174606
Fix incorrect OAuth message ()
As the title,

Fix 
2022-01-19 19:05:06 +00:00
zeripath
d7c2a2951c
Webauthn nits ()
This contains some additional fixes and small nits related to  

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-15 17:52:56 +01:00
Lunny Xiao
35c3553870
Support webauthn ()
Migrate from U2F to Webauthn

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-14 16:03:31 +01:00
KN4CK3R
e30b20dc68
Show OAuth callback error message ()
* Show callback error message.

* lint

* Use error code to display a message.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-01-07 21:02:09 +00:00
Lunny Xiao
de8e3948a5
Refactor auth package () 2022-01-02 21:12:35 +08:00