2038a98e61
oidc: remove dead code
2023-03-19 16:01:22 +01:00
51831e4bdf
oidc: Some more claims debug
2023-03-19 16:01:22 +01:00
9089616e85
Store oidc data in platformdata/oidc
2023-03-19 16:01:22 +01:00
df53cfb14c
oidc: implement real profile claims
2023-03-19 16:01:22 +01:00
aae4acc419
oidc: Handle login without redirect from backend and set some default
...
ttls
2023-03-19 16:01:22 +01:00
5e4e292b4d
oidc: Remove rpInitiatedLogout again
2023-03-19 16:01:16 +01:00
05a1cc58eb
oidc: als add basic style for autorize page
2023-03-19 13:08:06 +01:00
3b9336d3c9
oidc: Initial auth against our userdb is working
2023-03-19 13:08:06 +01:00
57689ffdf4
oidc: apply basic style to login view
2023-03-19 13:08:06 +01:00
36f8bfc229
Add oidc logout hooks
2023-03-19 13:08:06 +01:00
d6adbf46e6
Add initial oidc interaction pages
2023-03-19 13:08:06 +01:00
31e900cb9c
Add hooks for providing our own login UI
2023-03-19 13:08:06 +01:00
bab3de137b
Fix typo
2023-03-19 13:08:06 +01:00
4ac70d70f9
oidc: set interaction routes prefix to the same as the main oidc routes
2023-03-19 13:08:06 +01:00
1ea76ebb60
oidc: add initial findAccount and fixup findByUid
2023-03-19 13:08:06 +01:00
47e35d0b06
Support consume api
2023-03-19 13:08:06 +01:00
5fcadcce9c
Add initial OpenID connect support
...
This currently uses a fake json file storage and does not yet verify
credentials
2023-03-19 13:08:06 +01:00
33ad0829ad
Add workaround for porkbun rate limit
2023-03-18 16:20:17 +01:00
f74e2cbee3
porkbun: cleanup implementation
2023-03-18 09:58:04 +01:00
3616fbb51c
dns: add porkbun
...
domain setup ui
2023-03-16 20:21:39 +01:00
45a1122889
Revert back infra version to match 7.3
...
The code is not smart enough to do both infra bump and database major upgrades.
The db upgrade logic relies on the container to be running to export and re-import.
2023-03-15 21:16:08 +01:00
abd6ab06de
mongodb: fix restart
2023-03-14 11:59:25 +01:00
e86a613d86
proxyauth: typo in basic auth validation
2023-03-14 11:35:24 +01:00
ef3d23ebd9
Fix error message
2023-03-14 11:35:10 +01:00
53e9eccf72
unify totp check
...
the totp check is done in several places causing errors like 3552232e99
2023-03-12 16:01:12 +01:00
8e0d1b61af
Make tests run again
2023-03-11 23:41:01 +01:00
3aa040bf01
apps: remove repository
2023-03-11 16:25:39 +01:00
d242afd9fc
pass debug object
2023-03-10 12:10:40 +01:00
5e606c50a4
docker: better error message when out of disk space
2023-03-10 12:09:23 +01:00
59a8b001b7
Fix tests
2023-03-09 19:50:14 +01:00
d2f0bb2b44
sftp: ed25519 keys
2023-03-09 11:03:13 +01:00
d20958760b
rename constant to have RSA in it
2023-03-09 10:36:49 +01:00
d1398659a3
Move sftp to new base image
2023-03-09 09:18:26 +01:00
5d425fbce5
Update graphite
2023-03-09 01:55:12 +01:00
2402bf45f4
hold off on mongodb update because it needs avx
2023-03-09 00:44:58 +01:00
b9a484f72e
Update mongodb
2023-03-08 23:44:21 +01:00
8448d28f6f
Implement HSTS preload
...
This allows browsers to query https directly instead of the initial http redirect
https://hstspreload.org/#opt-in says it should be explicitly opt in
2023-03-06 11:46:05 +01:00
5bbeb1196a
add root as reserved name for gogs
2023-03-05 10:52:30 +01:00
9cd3874b57
mysql: set secure_file_priv
2023-03-02 21:20:46 +01:00
03a77ddf01
Fix validation of hostPath
...
When adding a volume, this comes in mountOptions. The hostPath in the
database is the computed host path.
2023-02-25 23:41:11 +01:00
abacc60181
tls: fix wildcard alias cert file names
...
also, do not provision redirect certs. redirect domains can never
hit the server anyway.
2023-02-25 20:22:09 +01:00
dbbe93955c
acme2: add bare domain to altNames when requesting wildcard cert
...
this is primarily to support DoT + ClientID. the adguard package
can now use this cert when the DoT port is enabled.
we thought of adding a "dot: true" flag for the manifest. that flag
would request a special wildcard cert as well as setup the dns. setting
up the dns is complicated ux wise because it would be totally hidden
from the user. It's better they add an alias and thus we make things
a bit more explicit (what if user was using the wildcard domain for something
else etc).
2023-02-25 20:22:09 +01:00
bfeea414d8
Use sftp 3.6.2
2023-02-25 15:38:41 +01:00
edf87739fc
eventlog: only prune login and logout events
2023-02-25 01:20:43 +01:00
582994b9d6
addons: stable IPv4 addresses
...
give addons static IPv4 so one can reliably connect from outside via
SSH tunnel
2023-02-21 12:20:44 +01:00
8c59528cc2
eventlog: keep 3 months
2023-02-21 10:38:15 +01:00
f9ec2bc06a
cloudflare: add config for default value of proxied
2023-02-11 10:07:46 +01:00
3bdc5731ea
syncDns: sync secondary dns records
2023-02-08 23:16:48 +01:00
c33266ce03
dyndns: update secondary/redirect/alias domains as well
2023-02-08 23:07:53 +01:00
d4be2b54a2
typo
2023-02-02 11:32:42 +01:00
Johannes Zellner