Fix an issue when the DNS AD referal is in the path.
An Exception is raised, with the following stacktrace::
Traceback (most recent call last):
File "/www/lemur/lemur/auth/views.py", line 317, in post
user = ldap_principal.authenticate()
File "/www/lemur/lemur/auth/ldap.py", line 147, in authenticate
self._bind()
File "/www/lemur/lemur/auth/ldap.py", line 216, in _bind
self.ldap_groups.append(values["cn"][0].decode("ascii"))
TypeError: list indices must be integers or slices, not str
This is issue is trigerred by some extra rows that referrences
the DNS subtree::
['ldaps://DomainDnsZones.xxxx']
Limiting the extraction to the expected dicts fix this issue.
This commit fixes the ability to assign roles to people in the ui
when the user is SSO. The idea is if a role is ever assigned via
SSO it becomes a "SSO Role" or a "Third Party" Role. by setting
third_party to true on the role object.
Once a role is marked as third party it can no longer be controlled
through the ui for SSO Users. (for ui users this poses no functional
change). It must be controlled via SSO.
Adds in per user api keys to the backend of lemur.
the basics are:
- API Keys are really just JWTs with custom second length TTLs.
- API Keys are provided in the exact same ways JWTs are now.
- API Keys can be revoked/unrevoked at any time by their creator
as well as have their TTL Change at anytime.
- Users can create/view/list their own API Keys at will, and
an admin role has permission to modify all api keys in the
instance.
Adds in support for lemur api keys to the frontend of lemur.
doing this required a few changes to the backend as well, but it is
now all working (maybe not the best way though, review will determine
that).
- fixes inconsistency in moduleauthor name I inputted during the
first commit.
- Allows the revoke schema to optionally allow a full api_key object.
- Adds `/users/:user_id/api_keys/:api_key` and `/users/:user_id/api_keys`
endpoints.
- normalizes use of `userId` vs `userId`
- makes `put` call respond with a JWT so the frontend can show
the token on updating.
- adds in the API Key views for clicking "API Keys" on the main nav.
- adds in the API Key views for clicking into a users edit page.
- adds tests for the API Key backend views I added.
* Added ability to ignore cert for oauth2 provider
This is useful for development environments where the OAuth provider
doesn't have a valid cert!
* Setting default for OAUTH2_VERIFY_CERT to true
* Documentation fixes
* Various docstring and help string fixes
* Minor code cleanups
* Removed redundant .gitignore entry, ignored package-lock.json.
* 'return' statement in certificates.service.render was redundant
* Split up too long line
* Non-matching tags in templates
Jasmine Schladen
sayali
sirferl
Frederic Brin
David Stipp
Gutttlt
Curtis Castrapel
Curtis
Jose Plana
Hossein Shafagh
Ronald Moesbergen
Marti Raudsepp
iTitou
kevgliss
Eric
Johannes Langer
Ian Stahnke
Michael LoSapio
Nevins