Releases v1.22.0
1.22.0 (2024-12-04)Features
actual link authentication users to authorization model + tests (8063b73 )
add /auth/me endpoint handler to return json with principal info (9fa92a3 )
add github.com/wneessen/go-mail v0.4.4 dependency (5182270 )
add HTTPClientFromContext + improved OtelHTTPClientFromContext func (fa1b3e8 )
add payload_validation_enabled config key (419b042 )
add 2 implementations of token verifier + tests (1d1c5f9 )
add AuthCookieManager implementation (ed18cf5 )
add authn middleware for disabled authentication (c232cfe )
add built verification email (5a43aef )
add constructor for validator + use json tags for validation errors (44d7223 )
add context path spec to correctly handle redirect (71aef28 )
add custom axios instance (722a331 )
add encrypt implementation (1a88aad )
add entitlements service by Rebac (64b8326 )
add env vars for mail client (3ab1acb )
add externalized Kube config file env var (9a63fe3 )
add full validation implementation for schemas (45993ed )
add granular checks method to interface + expose BatchCheck from client (645a9fd )
add hydra admin url to config + add comment for env var expectation (b36e498 )
add hydra clients to OAuth2Context struct (0072078 )
add interfaces + implement emailservice (b2f0ae9 )
add interfaces for oauth2 integration (684abac )
add log tailing to skaffold run (a9725da )
add login screen (1befe87 )
add Logout function and HTTPClientInterface (98e4ec3 )
add logout handler (5ea5742 )
add logout implementation (3c435d4 )
add NextTo cookie handling to cookie manager and interface (5a5cc30 )
add OAuth2 and OIDC related env vars to the Spec struct (b900cc4 )
add OAuth2 authentication middleware + tests (e054552 )
add oauth2 context to manage oauth2/oidc operations + tests (62bff44 )
add OAuth2 login handler + tests (88c29e6 )
add OAuth2Helper implementation (00c5bc1 )
add pagination to clients, schemas and identity lists in ui. Add identity creation form WD-10253 (5f55463 )
add ResourcesService (f5a2008 )
add SendUserCreationEmail method (0cc1d3f )
add template loading + test + TEMPORARY mail template (6c95a25 )
add the cli command for compensating user invitation email failure (55f557e )
add the create-identity CLI (464c697 )
add URL param validation for groups handlers (24c8d99 )
add user invite email template (64743cf )
add user session cookies ttl external config (b4da23d )
add validation implementation for clients (549d985 )
add validation implementation for groups (700cf04 )
add validation middlewareonly if payload validation is enabled + reorder middleware and endpoints registration (32814e8 )
add validation setup for groups endpoint (06fb9f4 )
add validation setup for identities endpoint (b4178c9 )
add validation setup for schemas endpoint (8c5e173 )
adjust identity api to accept page token (beb0d42 ), closes #256
adjust pagination for schemas endpoints (e2a2df3 ), closes #44
adopt new oauth2 integration (912029c )
cookie + refresh token support for middleware (cab3f84 )
create-group: allow creator user to view group (efcaeec )delete-group: delete all relation for group to delete (883b513 )dependencies: add coreos/go-oidc v3 dependency (fe20b2f )display login on 401 responses (5031b32 )
drop LOG_FILE support (1618b13 )
enable authorization by default (6f61651 )
enhance ValidationRegistry with PayloadValidator and adjust in handlers + enhance Middleware + add func for ApiKey retrieval from endpoint (313617a )
enhanced ValidationError with specific field errors and common errors (a21462c )
expand cookie manager interface + implementation for tokens cookies + tests (a026e24 )
expand on Principal attributes + improve PrincipalFromContext (4104b3a )
groups: add CanAssignRoles and CanAssignIdentities implementation (b5e551a )groups: add granular CanAssign{Identities,Roles} checks in handlers (d25b430 )handle case principal is not found in authorizer middleware + switch to CheckAdmin method (182e469 )
handle optional next parameter for FE use (1f4ca15 )
handler: add state check + improve structure/implementation (2c29251 )identities service implementation (b840cf4 )
idp: add validation implementation (71ff661 )implement GroupService based on the rebac lib (709906b )
implement new Create{Group,Role} interface + adjust handlers (0adce3c )
implement RolesService for the rebac module (8835e29 )
include roles and groups from ReBAC Admin (5d03914 )
introduce hierarchy for can_relations (596b448 )
introduce IdentityProviders v1 api (7a2719d )
introduce UserPrincipal and ServicePrincipal + move Principal structs and logic to ad hoc file + tests (69dbeb9 )
invoke setup validation on registered APIs (de16a0b )
let Create{Group,Role} return newly created object (e1ba968 )
log in via OIDC (9fbf310 )
log out with OIDC (4b268aa )
parse and expose link header from hydra (7c2d3f6 )
return to URL that initiated login (99da50a )
roles: add validation implementation (6bf72e5 )rules: add validation implementation (c42bd45 )set tokens cookies in callback and redirect to UI url + adjust tests (f6e8277 )
switch to html/template for rendering context path dynamically for index.html (81f8a9c )
uniform rules handlers to pageToken pagination (7c70cc6 )
upgrade rebac-admin to 0.0.1-alpha.3 (96aca77 )
wire up all the rebac handlers (f23cc1f )
Bug Fixes
add back URL Param validation from previous commit (ebe07a5 )
add check for mock calls in DeleteRole (e9e3d54 )
add contextual tuples to openfga (03d313d )
add extra check on list schemas test for navigation (2afec86 )
add filters to listPermissions store method (84b531a )
add helper function for constructing assignee (cfa1a08 )
add id validation to make sure it's never empty (fc7d560 ), closes #239
add json parsing error (8713366 )
add page tokens to the response (5a13e4e )
add resource creation logic to authz (c8e3588 )
add security headers to UI handler (ea3c6ba )
add todo comment to catch issue with the user-identities sync (ed66418 )
add uri permissions converters for v1 (9e59915 )
address empty schema id but enforce passing of the field (fa915f2 )
adjust logic for pagination (e852914 )
adjust page offset for oathkeeper apis (7c22e06 )
adopt disabledAuthnMiddleware to not break app when authentication disabled (963f07a )
allow UI port to be set (3da1b25 )
always add tuples for global read and admins (992f283 )
annotate responses with the full type (1cd4b98 )
api base path (d83e0ab )
avoid escaping when passing URL to template (0702053 )
clear cookie functions (3a1b2e4 )
clients: validation and improved tests (129a8a8 )create openfga store to enhance basic client and offload core application logic (3f0465b )
delete role implementation (4b71734 )
disable validation due to missing implementation of api validators (5c06b9b )
drop ctx param from NewV1Service creation (972bef4 )
enforce id on idp creation, moving validation to validator object (9633937 ), closes #391
enhance registerValidation log message with error (ae95fa8 )
fix authorizer init logic (a8fb9c3 )
fix the kratos admin url (4846fad )
fix wrong title displayed once logged in (5ef6371 )
get 404 with not found role (with can view) - get 403 (without can_view) (2a22054 )
groups: validation and improved tests (255733e )handleDetail to return 404 on missing group for authorized users + typo (b1a1e02 )
identities: validation and improved tests (b4fa762 )improve validation error messages (c20ff4a )
initialize idps configmap.Data field if empty (fba4479 ), closes #392
listing not working for user that created a role (b54d681 )
local dev env for OIDC provider discovery (03f5499 )
offload idp types to constant (d15ecf2 )
remove assignees tuples on DeleteGroup (1107165 )
remove assignees tuples on DeleteRole (5772334 ), closes #285
remove fetch mock definition (2a1889e )
remove login component from ui (51deb06 )
remove page param (585f713 )
remove page_token field in meta response (3756f0d ), closes #271
removing extra #member on assignIdentities service call (bfde070 ), closes #283
removing extra #member on removeIdentities service call (74ab0ff )
rename admin user (2f01a27 )
rename Urn to URN (603418d )
return empty slice when no idps found (429591a ), closes #388
role: error out when ID is passed for creation (2a46a5e )role: use Name field for creation (e63fdaa )schemas: validation and improved tests (ab8652f )serve the same file for all ui routes (29ee190 )
serve ui assets under relative path (c3f21a9 )
serve UI files (9007b77 )
serve UI from root path (e5ecf42 )
set cookie path to / (9c95b0b )
set necessary oauth2 scopes as default (9c36e95 )
set OtelHTTPClient in context correctly (e514b37 )
standardize on types.Response (02cc8ce ), closes #244
standardize page token in clients api (7bdd3e7 )
sync resource creation/delation with authz (55d02df )
temporary fix to allow time for new solution on the frontend (6ee0ac3 )
typo in variable name (4558fd0 )
ui redirection with context path (61451f6 )
UI serving handlers (b4070b1 )
ui use react routers base path and add tests for base path calculation (85da4c0 )
ui uses relative base path. in case /ui/ is found in the current page url, all urls and api routes use the found prefix from the path. If /ui/ is not found, fall back to / as the base path. Fixes #317 Fixes IAM-911 Fixes WD-12306 (709399c )
unauthenticated handlers were called twice (1d7ebb9 )
update email template to fix issues in email clients (3f9726b )
update rock to go 1.23.2 to deal with CVE-2024-34156 (db82abd ), closes #449
update tracing signature (d22fad9 )
use BASE_URL to add trailing slash (30b7b1b )
use contextPath to redirect to UI (8a7540d )
use contextual tuples for admin role (37efc1e )
use contextual tuples to give admin access to all APIs (0e27337 )
use correct method to invoke backend (64f68a6 )
use idp ID if passed in (023c8e3 )
use worker pool in authorizer (67bf82d )
You can’t perform that action at this time.
