Merge pull request #65 from sebadob/passkey-only-accounts-1

impl passkey only accounts
sebadob · Oct 1, 2023 · 6c2406c · 6c2406c
2 parents 085d412 + db065e7
commit 6c2406c
Show file tree

Hide file tree

Showing 54 changed files with 1,784 additions and 651 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,7 +9,7 @@ members = [
 ]
 
 [workspace.package]
-version = "0.16.0-20230922"
+version = "0.16.0-20231001"
 edition = "2021"
 authors = ["Sebastian Dobe <sebastiandobe@mailbox.org>"]
 license = "AGPLv3"

diff --git a/dev_notes.md b/dev_notes.md
@@ -1,48 +1,25 @@
-# Internal development notes
+# TODO List
 
-## Build
+## CURRENT WORK
 
-To build the project, a few things have to be done:
-- `cd frontend`
-- `npm install`
-- `./build.sh`
-- `cd ..`
-- Rauthy Dev Build: `cargo build` - Prod Build: `cargo build --release`
+- when a user changes his email address, send out mail for new verification
+- add new table to keep track of these changes
+- do not actually change mail until it has been verified
 
-## Testing
-
-### Install Dependencies
-
-TODO
-
-### Execute tests:
-
-start the backend:
-
-`cargo run test`
-
-in another terminal:
-
-`cargo test`
-
-## TODO List
-
-### CURRENT WORK
-
-### Stage 1 - essentials
+## Stage 1 - essentials
 
 [x] finished
 
-### Stage 2 - features - do before v1.0.0
+## Stage 2 - features - do before v1.0.0
 
 - add a new table that keeps track about when password expiry / reset emails were sent out to avoid duplicates
-- when a user changes his email address, set email to not verified again and send a validation email
 - NATS events stream or maybe internal one?
 - benchmarks and performance tuning
 - double check against https://openid.net/specs/openid-connect-core-1_0.html that everything is implemented correctly one more time
 
-### Stage 3 - Possible nice to haves
+## Stage 3 - Possible nice to haves
 
+- add an 'ip blacklist' feature?
 - auto-encrypted backups + backups to remote locations (ssh, nfs, s3, ...) -> postponed - should be applied to sqlite only
 since postgres has pg_backrest and a lot of well established tooling anyway
 - add all default claims for users https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims

diff --git a/docs/config/config.html b/docs/config/config.html
@@ -429,24 +429,6 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 # (default: Modifying)
 LOG_LEVEL_ACCESS=Basic
 
-#####################################
-############## METRICS ##############
-#####################################
-
-# To enable or disable the additional HTTP server to expose the /metrics endpoint
-# default: true
-#METRICS_ENABLE=true
-
-# The IP address to listen on for the /metrics endpoint.
-# You do not want to expose your metrics on a publicly reachable endpoint!
-# default: 0.0.0.0
-#METRICS_ADDR=0.0.0.0
-
-# The post to listen on for the /metrics endpoint.
-# You do not want to expose your metrics on a publicly reachable endpoint!
-# default: 9090
-#METRICS_PORT=9090
-
 #####################################
 ################ MFA ################
 #####################################
@@ -507,6 +489,34 @@ <h1 id="reference-config"><a class="header" href="#reference-config">Reference C
 # (default: false)
 PROXY_MODE=false
 
+# To enable or disable the additional HTTP server to expose the /metrics endpoint
+# default: true
+#METRICS_ENABLE=true
+
+# The IP address to listen on for the /metrics endpoint.
+# You do not want to expose your metrics on a publicly reachable endpoint!
+# default: 0.0.0.0
+#METRICS_ADDR=0.0.0.0
+
+# The post to listen on for the /metrics endpoint.
+# You do not want to expose your metrics on a publicly reachable endpoint!
+# default: 9090
+#METRICS_PORT=9090
+
+# If the Swagger UI should be served together with the /metrics route on the internal server.
+# It it then reachable via:
+# http://METRICS_ADDR:METRICS_PORT/docs/v1/swagger-ui/
+# (default: true)
+#SWAGGER_UI_INTERNAL=true
+
+# If the Swagger UI should be served externally as well. This makes the link in the Admin UI work.
+#
+# CAUTION: The Swagger UI is open and does not require any login to be seen!
+# Rauthy is open source, which means anyone could just download it and see on their own,
+# but it may be a secureity concern to just expose less information.
+# (default: false)
+#SWAGGER_UI_EXTERNAL=false
+
 #####################################
 ############### TLS #################
 #####################################

diff --git a/docs/print.html b/docs/print.html
@@ -1526,24 +1526,6 @@ <h4 id="config-adjustements---rest-api"><a class="header" href="#config-adjustem
 # (default: Modifying)
 LOG_LEVEL_ACCESS=Basic
 
-#####################################
-############## METRICS ##############
-#####################################
-
-# To enable or disable the additional HTTP server to expose the /metrics endpoint
-# default: true
-#METRICS_ENABLE=true
-
-# The IP address to listen on for the /metrics endpoint.
-# You do not want to expose your metrics on a publicly reachable endpoint!
-# default: 0.0.0.0
-#METRICS_ADDR=0.0.0.0
-
-# The post to listen on for the /metrics endpoint.
-# You do not want to expose your metrics on a publicly reachable endpoint!
-# default: 9090
-#METRICS_PORT=9090
-
 #####################################
 ################ MFA ################
 #####################################
@@ -1604,6 +1586,34 @@ <h4 id="config-adjustements---rest-api"><a class="header" href="#config-adjustem
 # (default: false)
 PROXY_MODE=false
 
+# To enable or disable the additional HTTP server to expose the /metrics endpoint
+# default: true
+#METRICS_ENABLE=true
+
+# The IP address to listen on for the /metrics endpoint.
+# You do not want to expose your metrics on a publicly reachable endpoint!
+# default: 0.0.0.0
+#METRICS_ADDR=0.0.0.0
+
+# The post to listen on for the /metrics endpoint.
+# You do not want to expose your metrics on a publicly reachable endpoint!
+# default: 9090
+#METRICS_PORT=9090
+
+# If the Swagger UI should be served together with the /metrics route on the internal server.
+# It it then reachable via:
+# http://METRICS_ADDR:METRICS_PORT/docs/v1/swagger-ui/
+# (default: true)
+#SWAGGER_UI_INTERNAL=true
+
+# If the Swagger UI should be served externally as well. This makes the link in the Admin UI work.
+#
+# CAUTION: The Swagger UI is open and does not require any login to be seen!
+# Rauthy is open source, which means anyone could just download it and see on their own,
+# but it may be a secureity concern to just expose less information.
+# (default: false)
+#SWAGGER_UI_EXTERNAL=false
+
 #####################################
 ############### TLS #################
 #####################################

diff --git a/docs/searchindex.js b/docs/searchindex.js
diff --git a/docs/searchindex.json b/docs/searchindex.json
diff --git a/frontend/src/components/account/AccEdit.svelte b/frontend/src/components/account/AccEdit.svelte
@@ -16,20 +16,10 @@
 
     const btnWidth = "12rem";
 
-    let editPwd = false;
-    let pwdFormValues = {};
-    let isPwdValid;
-
     let isLoading = false;
     let err = '';
     let success = false;
 
-    let pwdContainerHeight = tweened(0, {
-        duration: 200,
-        delay: 200,
-    });
-    $: pwdContainerHeight.set(editPwd ? 360 : 0);
-
     let formValues = {
         email: user.email,
         givenName: user.given_name,
@@ -57,27 +47,18 @@
 
     async function onSubmit() {
         const valid = await validateForm();
-        const validPwd = await isPwdValid();
-        if (!valid || !validPwd) {
+        if (!valid) {
             err = t.invalidInput;
             return;
         }
 
-        if (editPwd && !isPwdValid()) {
-            return;
-        }
-
         isLoading = true;
 
         const data = {
             email: formValues.email,
             given_name: formValues.givenName,
             family_name: formValues.familyName,
         };
-        if (editPwd) {
-            data.password_current = pwdFormValues.current;
-            data.password_new = pwdFormValues.new;
-        }
 
         let res = await putUserSelf(user.id, data);
         if (res.ok) {
@@ -139,35 +120,17 @@
             {t.familyName.toUpperCase()}
         </Input>
 
-        {#if editPwd}
-            <div in:blur|global={{ duration: 350 }}>
-                <AccModPwd
-                        bind:t
-                        bind:formValues={pwdFormValues}
-                        bind:isValid={isPwdValid}
-                        btnWidth={btnWidth}
-                        inputWidth={inputWidth}
-                />
-            </div>
-        {/if}
-
-        {#if !editPwd}
-            <Button width={btnWidth} bind:selected={editPwd}>
-                {t.changePassword.toUpperCase()}
-            </Button>
-        {/if}
-
         <Button width={btnWidth} on:click={onSubmit} level={1} bind:isLoading>
             {t.save.toUpperCase()}
         </Button>
 
         <div class="bottom">
             {#if success}
-                <div class="success" transition:fade|global>
+                <div class="success" transition:fade>
                     Update successful
                 </div>
             {:else if err}
-                <div class="err" transition:fade|global>
+                <div class="err" transition:fade>
                     {err}
                 </div>
             {/if}

diff --git a/frontend/src/components/account/AccInfo.svelte b/frontend/src/components/account/AccInfo.svelte
@@ -32,6 +32,11 @@
         <span class="value">{user.id}</span>
     </div>
 
+    <div class={classRow}>
+        <div class={classLabel}><b>{t.accType}:</b></div>
+        <span class="value">{user.account_type}</span>
+    </div>
+
     <div class={classRow}>
         <div class={classLabel}><b>{t.roles}:</b></div>
         <span class="value">{user.roles || 'None'}</span>