1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-09 18:25:58 +01:00
Commit graph

158 commits

Author SHA1 Message Date
Juliusz Chroboczek
d9e956be48 More JWT paranoia. 2024-05-11 22:45:52 +02:00
Juliusz Chroboczek
4eaf6d058a Remove obsolete ErrAnonymousNotAuthorised. 2024-05-11 13:39:50 +02:00
Juliusz Chroboczek
969354e9e5 Honour the kid field in JWT if present. 2024-05-11 12:29:30 +02:00
Juliusz Chroboczek
6c01925342 Ensure that keys can be parsed in SetKeys. 2024-05-09 18:54:03 +02:00
Juliusz Chroboczek
1315084185 Implement message permission and shutup command. 2024-05-08 16:24:32 +02:00
Juliusz Chroboczek
d29d14da16 Add low-level support for managing wildcard user. 2024-05-08 14:28:28 +02:00
Juliusz Chroboczek
f0ebf4d63c Copy user structure in UpdateUser. 2024-05-08 14:24:37 +02:00
Juliusz Chroboczek
9eb0364016 Allow a single wildcard user.
Rename the fallback-users entry to wildcard-user, and only
allow a single fallback user.  This is missing the HTTP API.
2024-05-03 20:24:32 +02:00
Juliusz Chroboczek
b883171f62 Don't return error when matching empty password.
This avoids displaying "internal server error" when a username
is disabled.
2024-05-02 17:41:50 +02:00
Juliusz Chroboczek
c2260c50db Upgrade description after setting filename.
Otherwise warning messages during upgrading cannot print the
filename.
2024-05-02 00:01:01 +02:00
Juliusz Chroboczek
e7e8a9b555 Add method Addr to client. 2024-05-01 23:38:21 +02:00
Juliusz Chroboczek
841d95d21c Fix handling of AutoSubgroups in readDescriptionFile.
We used to test AutoSubgroups before upgrading the description,
which would break handling of the (obsolete) AllowSubgroups
field.

Thanks to David Saulpic.
2024-04-17 18:50:35 +02:00
Juliusz Chroboczek
19dfccc3d5 Add test for upgrading AllowSubgroups. 2024-04-17 18:48:24 +02:00
Juliusz Chroboczek
3409f5a27f Replace uses of os.IsExist and os.IsNotExist with errors.Is.
The former don't properly unwrap errors.
2024-04-14 13:34:32 +02:00
Juliusz Chroboczek
bbd9ef1f5c Create directories for subgroups. 2024-04-14 00:50:11 +02:00
Juliusz Chroboczek
da4a225e96 Clean up setting up of writable groups in tests.
The previous way depended on implementation details
of GetConfiguration.
2024-04-14 00:39:53 +02:00
Juliusz Chroboczek
3ee5290b71 Test group file permissions. 2024-04-14 00:26:03 +02:00
Juliusz Chroboczek
a3f894a31e Fix JSON formatting of user descriptions. 2024-04-12 01:27:49 +02:00
Juliusz Chroboczek
695c379a6c Distinguish empty key in password from absence of key. 2024-04-12 01:05:48 +02:00
Juliusz Chroboczek
4ad7c2f303 Improve TestUpgradeDescription. 2024-04-12 00:47:51 +02:00
Juliusz Chroboczek
7673a95b05 Implement FallbackUsers in API. 2024-04-11 17:53:48 +02:00
Juliusz Chroboczek
31a18bcf44 Implement keys handling in API. 2024-04-11 14:30:44 +02:00
Juliusz Chroboczek
077ff9a879 Add canChangePassword to group status. 2024-04-11 13:27:08 +02:00
Juliusz Chroboczek
fc6387bb38 Implement accessors for description files.
Allow reading and modifying description files, in a manner
that aligns with the needs of the API.
2024-04-10 14:09:52 +02:00
Juliusz Chroboczek
1666abf2f3 Add allowSubgroups argument to readDescription. 2024-04-09 22:49:03 +02:00
Juliusz Chroboczek
d887a216f0 Rework configuration file format.
The "users" entry is now a dictionary mapping user names to
passwords and permissions.  In order to allow for wildcards,
there is a new type of password, the wildcard password, and
an extra array called "fallback-users".

The field "allow-anonymous" no longer exists, this is now
the default behaviour.  The field "allow-subgroups" has been
renamed to "auto-subgroups".

We provide backwards compatibility for group definition files,
but not for the config.json file, where the old "admin" array
is simply ignored.
2024-04-09 22:49:03 +02:00
Juliusz Chroboczek
de0c42faaf Implement "expires" and "not-before" for groups. 2024-03-03 16:45:54 +01:00
Juliusz Chroboczek
b8f7c68338 Return correct error message for invalid tokens. 2024-03-03 15:42:46 +01:00
Juliusz Chroboczek
89f947df1f Rework handling of authorisation errors.
We'd sometimes return "Internal server error" on authentication
failures.  This should be gone now.
2024-03-03 13:43:50 +01:00
Juliusz Chroboczek
29e006037c Allow proxyURL to contain a path.
We now support or reasonable values for proxyURL, such as "http:"
or "/galene".
2024-02-24 12:46:30 +01:00
Juliusz Chroboczek
bfe83d1a27 Move description code into its own file. 2024-02-20 18:19:24 +01:00
Juliusz Chroboczek
3792800355 Make Update ignore directories starting with colon.
We were already ignoring files starting with colon.
2024-02-13 22:02:57 +01:00
Juliusz Chroboczek
9f3bee8e37 Add missing omitempty to group description. 2024-01-07 00:26:36 +01:00
Juliusz Chroboczek
f9ef43248b Use strings.Cut when parsing fmtp. 2023-12-09 18:23:06 +01:00
Juliusz Chroboczek
dcde4562f5 Avoid code duplication in openDescriptionFile. 2023-12-09 16:17:48 +01:00
Juliusz Chroboczek
8628344a6d Add support for hashing password with BCrypt. 2023-11-23 14:04:43 +01:00
Juliusz Chroboczek
e4682ff283 Revert "Change default video codec to VP9."
This reverts commit 69445d67f5.
2023-09-01 16:00:09 +02:00
Juliusz Chroboczek
27cc8c5273 Deal with missing profile id for VP9 and H.264. 2023-07-18 12:05:26 +02:00
Juliusz Chroboczek
5722270cc7 Disable active TCP candidates.
Active TCP candidates were added in Pion 3.2.11.
2023-07-14 14:44:24 +02:00
Juliusz Chroboczek
c9386eb63d Improve error reporting in CodecPayloadType. 2023-07-12 12:11:40 +02:00
Juliusz Chroboczek
90e2de0b2d Add configuration option publicServer. 2023-07-10 23:59:24 +02:00
Juliusz Chroboczek
69445d67f5 Change default video codec to VP9. 2023-07-09 16:33:39 +02:00
Juliusz Chroboczek
8f1bc93cca Protect against clients with an empty id. 2023-04-28 16:51:17 +02:00
Juliusz Chroboczek
031590b4e9 Rename 'allow-tokens' to 'unrestricted-tokens'. 2023-04-10 14:42:01 +02:00
Juliusz Chroboczek
3a6551c733 Implement "allow-tokens". 2023-04-04 01:22:05 +02:00
Juliusz Chroboczek
a6314a7384 Implement stateful tokens.
Stateful tokens look just like cryptographic tokens to the client.
Unlike cryptographic tokens, they are stored in a file and are
revokable and editable.
2023-04-04 00:59:54 +02:00
Juliusz Chroboczek
aa53b78b2c Distinguish between no username and empty username. 2023-04-03 22:58:38 +02:00
Juliusz Chroboczek
a1c1345719 Server-side support for protocol 2.
The "time" field of messages is now a string in RFC 3339 format,
and there is a new "error" field in messages.
2023-04-03 22:58:38 +02:00
Juliusz Chroboczek
c58064d923 Move token handling into the separate module.
Tokens are now an interface, and all the token logic is encapsulated
in the token module.
2023-04-03 22:58:38 +02:00
Juliusz Chroboczek
f75b964a6b Distinguish tokens with empty sub from no sub
We now distinguish between tokens that specify an empty username
(sub="") and tokens that don't specify sub.  The latter are
considered invalid for now.
2023-01-14 23:19:51 +01:00