warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2024-09-20 06:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
597 commits 47 branches 34 tags 6.5 MiB
Commit graph

597 commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Shea Smith 5551c33259
Switch OOB SSO authentication for SSH to use the instructions instead of the name (#964) 
Some SFTP clients (specifically WinSCP) truncate the name parameter for
keyboard interactive login (WinSCP specifically puts it in the
titlebar):

![image](https://github.com/warp-tech/warpgate/assets/51303984/dc90ad67-e383-4cba-8326-79f08405fde6)

This PR changes the Warpgate authentication flow to use the keyboard
interactive parameter for instructions for the primary instructions for
SSO web-based auth, instead of the name. This results in the following
UI for WinSCP:

![image](https://github.com/warp-tech/warpgate/assets/51303984/0893f9c3-8724-4a4e-8c62-3e1d1484f2f0)

Filezilla:

![image](https://github.com/warp-tech/warpgate/assets/51303984/089f7f72-73e2-4d0e-bb45-4d470b8fb39b)

and OpenSSH:

![image](https://github.com/warp-tech/warpgate/assets/51303984/02ff7fbd-4bc6-47a0-aadc-b8d32c42fb59)

Perhaps some changes to the wording may be in order (e.g. to prevent the
duplication of 'Warpgate authentication' in OpenSSH and FileZilla, but I
thought I would leave this PR as being as minimal as possible for the
meantime.
 2024-03-23 21:50:11 +01:00
Eugene 47c943d201
lint 2024-03-23 12:24:52 +01:00
Skyler Mansfield 916d51a4e8
Add support for role mappings on custom SSO providers. (#920) 
This is done using the `role_mappings` property.
Roles to be mapped are gotten from the 'warp_groups` oidc claim:
```sso_providers: 
  - name: custom_sso
    label: Custom SSO
    provider:
      type: custom
      client_id: <client_id>
      client_secret: <client_secret>
      issuer_url: <issuer_url>
      scopes: ["email", "profile", "openid", "warp_groups"] #warp_groups is scope name to request for my demo case, which adds a "warpgate_groups" claim to the userinfo
      role_mappings: 
        - ["warpgate:admin", "warpgate:admin"]
```
This maps the `warpgate:admin` group from OIDC to the `warpgate:admin`
role.

This [video on YouTube](https://youtu.be/XCYSGGCgk9Q) demonstrates the
functionality

---------

Co-authored-by: Eugene <inbox@null.page>
 2024-03-23 12:05:12 +01:00
Eugene 1395d64eac
fixed #967 - upgrade node (#969) 2024-03-14 23:00:24 +01:00
Eugene 65f0056490
bumped russh (#958) 2024-03-04 10:19:41 +01:00
Eugene bcba6763ae
cargo fmt 2024-03-04 10:15:27 +01:00
Thibaud Lepretre f3dc1ad668
Enhance ticket creation api and UI to support ticket number of usage (#959) 
Ticket uses left was already supported on core but no way to defined it,
neither from UI neither from API

Changed API to accept new optional field and update UI form to be able
to set it from UI

related #924

---

UI changes

<img width="1370" alt="Screenshot 2024-03-04 at 00 15 11"
src="https://github.com/warp-tech/warpgate/assets/275609/76510a58-e232-46af-bf50-9444e5950507">
<img width="1360" alt="Screenshot 2024-03-04 at 00 13 58"
src="https://github.com/warp-tech/warpgate/assets/275609/814d2ce2-6f6c-48eb-b066-ecec039530fc">

---------

Co-authored-by: Eugene <inbox@null.page>
 2024-03-04 10:14:14 +01:00
Eugene 24f1b03bff
Update FUNDING.yml 2024-03-01 19:33:00 +01:00
Thibaud Lepretre 257fb38a21
Enhance ticket creation api and UI to support ticket expiry (#957) 
Ticket expiry was already supported on core but no way to defined it,
neither from UI neither from API

Changed API to accept new optional field `expiry` and update UI form to
be able to set it from UI

closes #924
 2024-03-01 19:27:48 +01:00
Eugene 4a833c5559
Update README.md 2024-02-20 19:02:20 +01:00
Eugene ea07658f0b
fixed test 2024-02-04 21:09:26 +01:00
Néfix Estrada 0ddc7979ea feat(http): add remote_addr to logs 
With this change, the remote address will be logged. This enables other
software, such as fail2ban, to monitor the logs and make actions if
required.

Closes #944
 2024-02-04 21:03:33 +01:00
Eugene 79bfa3c81a
Update conftest.py 2024-01-23 12:31:00 +01:00
Eugene eee486a596
Update run.sh 2024-01-23 12:20:19 +01:00
Eugene 2d6621f5c8
bumped rust 2024-01-23 12:05:59 +01:00
Eugene 75a2b8c5c6
fixed #929 - support additional trusted OIDC audiences 2024-01-13 11:07:26 +01:00
Zasda Yusuf Mikail 92dc88558a ci: add arm64 docker image 
Signed-off-by: Zasda Yusuf Mikail <zasdaym@gmail.com>
 2023-12-26 12:53:30 +01:00
Eugene 7e260e84e6
Bump version: 0.9.0 → 0.9.1 2023-12-18 16:24:44 +01:00
Eugene 12fdf628a5
bumped russh to fix CVE-2023-48795 2023-12-18 16:18:05 +01:00
Eugene 2bdb69e8d1
bumped russh 2023-12-12 21:47:05 +01:00
Nicolas SEYS 8c1dab63c5 Move session and cookie age in http config section 2023-11-29 11:03:17 +01:00
Nicolas SEYS 21d6ab4beb Make session and cookie age configurable 2023-11-29 11:03:17 +01:00
Eugene 74d4db9f3c
Update Cargo.lock 2023-11-23 19:42:55 +01:00
Eugene 0baf2e3b97
Bump version: 0.8.1 → 0.9.0 2023-11-23 19:41:07 +01:00
Eugene 6cace24fe8
lint 2023-11-23 19:40:53 +01:00
Eugene b346ca3d0b
don't suggest public key auth in the web auth API 2023-11-23 19:36:05 +01:00
Eugene e3b26b2699
fixed GHSA-c94j-vqr5-3mxr - privilege escalation during web auth 2023-11-23 18:35:27 +01:00
Eugene 80ec7444f9
Update Cargo.lock 2023-11-23 17:30:52 +01:00
Eugene f55fcc3972 clean up #921 for readability 2023-11-16 19:53:14 +01:00
Skyler Mansfield b982abb5fd fix port in external host causing url parse fail 2023-11-16 19:53:14 +01:00
Skyler Mansfield d9af7470a4 Add better support for X-Forward- headers when constructing external url 2023-11-16 19:53:14 +01:00
Skyler Mansfield b0a9130a51 Add support for trusting X-Forwarded-For header to get client IP 
falls back to remote ip if header unavailable
 2023-11-16 19:53:14 +01:00
Eugene 8b91e4a328
Bump version: 0.8.0 → 0.8.1 2023-09-27 22:09:03 +02:00
Eugene a4df7f7a21
fixed GHSA-3cjp-w4cp-m9c8 - interpreting SSH public key offers as a successful authentication 2023-09-27 22:08:49 +02:00
Eugene 1cdd29b6b8
bumped Docker build image 2023-09-26 15:54:04 +02:00
Nicolas SEYS dec0b97a0d Fix redirection with a relative location 2023-09-26 15:53:51 +02:00
Eugene Pankov 4ecc6b653f
Bump version: 0.7.4 → 0.8.0 2023-08-20 19:06:49 +02:00
Eugene Pankov 983d0ad49b
bumped russh 2023-08-17 22:02:14 +02:00
Eugene Pankov aca8d3d515 fixed #857 - fixed default ticket expiry on MySQL, bumped sea-orm 2023-08-08 21:06:01 +02:00
Eugene Pankov d9385ca44b lint 2023-08-08 21:06:01 +02:00
dependabot[bot] 9637f11cb9 Bump word-wrap from 1.2.3 to 1.2.4 in /warpgate-web 
Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4)

---
updated-dependencies:
- dependency-name: word-wrap
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-08 09:57:48 +02:00
Eugene Pankov 49b92cde7a fixed #855 - log client IPs and credentials used 2023-08-08 09:56:41 +02:00
Eugene Pankov 0c7ed120b9
Revert "Add linux/arm64 docker build" 
This reverts commit fc1a93b9e3.
 2023-08-08 09:52:21 +02:00
Eugene Pankov 673f5192e9 lint 2023-08-07 22:58:49 +02:00
Eugene Pankov f0bc1db9ae fixed #358 - quotes in connection instructions on Windows 2023-08-07 22:58:49 +02:00
Eugene Pankov 0bc9ae1b1a fixed #854 - show session details during OOB auth 2023-08-07 22:28:15 +02:00
Zasda Yusuf Mikail fc1a93b9e3 Add linux/arm64 docker build 2023-08-03 10:17:01 +02:00
Eugene Pankov 4eb791f189
Bump version: 0.7.3 → 0.7.4 2023-08-02 09:05:59 +02:00
Eugene Pankov 1a025dd138
fixed #830 - docker builds 2023-07-10 21:38:08 +02:00
Eugene Pankov 2b6531c97b
Update Cargo.lock 2023-07-10 12:36:14 +02:00