Eugene
9bfaa3a7fd
typo
2024-07-09 22:43:35 +02:00
Eugene
7df98f73e0
bumped russh
2024-07-09 22:43:14 +02:00
Néfix Estrada
9582a6e0ae
feat(ssh): make inactivity timeout configurable ( #990 )
...
With this change, the SSH inactivity timeout is now configurable. By
default, is set at 5 minutes (300 seconds), which was the already
existing value.
Solves #943
2024-05-31 12:52:27 +02:00
Eugene
72236d004a
fixed #748 - per-protocol external ports ( #973 )
2024-03-26 10:16:22 +01:00
Eugene
8896bb361e
fixed #961 - added option to allow insecure ssh kex ( #971 )
2024-03-24 14:09:20 +01:00
Eugene
21e0008695
updated russh to 0.43 ( #970 )
2024-03-24 11:04:21 +01:00
Eugene
81cefebe96
fixed #966 - don't try to change config permissions unless necessary
2024-03-23 22:03:18 +01:00
Eugene
32078670a8
missed rename
2024-03-23 22:02:48 +01:00
Eugene
c23bd08135
Add @SheaSmith as a contributor
2024-03-23 21:59:52 +01:00
Eugene
5c0e695faa
Merge branch 'main' of https://github.com/warp-tech/warpgate
2024-03-23 21:54:23 +01:00
Eugene
ef3c20719f
word
2024-03-23 21:54:21 +01:00
Shea Smith
5551c33259
Switch OOB SSO authentication for SSH to use the instructions instead of the name ( #964 )
...
Some SFTP clients (specifically WinSCP) truncate the name parameter for
keyboard interactive login (WinSCP specifically puts it in the
titlebar):
![image](https://github.com/warp-tech/warpgate/assets/51303984/dc90ad67-e383-4cba-8326-79f08405fde6 )
This PR changes the Warpgate authentication flow to use the keyboard
interactive parameter for instructions for the primary instructions for
SSO web-based auth, instead of the name. This results in the following
UI for WinSCP:
![image](https://github.com/warp-tech/warpgate/assets/51303984/0893f9c3-8724-4a4e-8c62-3e1d1484f2f0 )
Filezilla:
![image](https://github.com/warp-tech/warpgate/assets/51303984/089f7f72-73e2-4d0e-bb45-4d470b8fb39b )
and OpenSSH:
![image](https://github.com/warp-tech/warpgate/assets/51303984/02ff7fbd-4bc6-47a0-aadc-b8d32c42fb59 )
Perhaps some changes to the wording may be in order (e.g. to prevent the
duplication of 'Warpgate authentication' in OpenSSH and FileZilla, but I
thought I would leave this PR as being as minimal as possible for the
meantime.
2024-03-23 21:50:11 +01:00
Eugene
47c943d201
lint
2024-03-23 12:24:52 +01:00
Skyler Mansfield
916d51a4e8
Add support for role mappings on custom SSO providers. ( #920 )
...
This is done using the `role_mappings` property.
Roles to be mapped are gotten from the 'warp_groups` oidc claim:
```sso_providers:
- name: custom_sso
label: Custom SSO
provider:
type: custom
client_id: <client_id>
client_secret: <client_secret>
issuer_url: <issuer_url>
scopes: ["email", "profile", "openid", "warp_groups"] #warp_groups is scope name to request for my demo case, which adds a "warpgate_groups" claim to the userinfo
role_mappings:
- ["warpgate:admin", "warpgate:admin"]
```
This maps the `warpgate:admin` group from OIDC to the `warpgate:admin`
role.
This [video on YouTube](https://youtu.be/XCYSGGCgk9Q ) demonstrates the
functionality
---------
Co-authored-by: Eugene <inbox@null.page>
2024-03-23 12:05:12 +01:00
Eugene
1395d64eac
fixed #967 - upgrade node ( #969 )
2024-03-14 23:00:24 +01:00
Eugene
65f0056490
bumped russh ( #958 )
2024-03-04 10:19:41 +01:00
Eugene
bcba6763ae
cargo fmt
2024-03-04 10:15:27 +01:00
Thibaud Lepretre
f3dc1ad668
Enhance ticket creation api and UI to support ticket number of usage ( #959 )
...
Ticket uses left was already supported on core but no way to defined it,
neither from UI neither from API
Changed API to accept new optional field and update UI form to be able
to set it from UI
related #924
---
UI changes
<img width="1370" alt="Screenshot 2024-03-04 at 00 15 11"
src="https://github.com/warp-tech/warpgate/assets/275609/76510a58-e232-46af-bf50-9444e5950507 ">
<img width="1360" alt="Screenshot 2024-03-04 at 00 13 58"
src="https://github.com/warp-tech/warpgate/assets/275609/814d2ce2-6f6c-48eb-b066-ecec039530fc ">
---------
Co-authored-by: Eugene <inbox@null.page>
2024-03-04 10:14:14 +01:00
Eugene
24f1b03bff
Update FUNDING.yml
2024-03-01 19:33:00 +01:00
Thibaud Lepretre
257fb38a21
Enhance ticket creation api and UI to support ticket expiry ( #957 )
...
Ticket expiry was already supported on core but no way to defined it,
neither from UI neither from API
Changed API to accept new optional field `expiry` and update UI form to
be able to set it from UI
closes #924
2024-03-01 19:27:48 +01:00
Eugene
4a833c5559
Update README.md
2024-02-20 19:02:20 +01:00
Eugene
ea07658f0b
fixed test
2024-02-04 21:09:26 +01:00
Néfix Estrada
0ddc7979ea
feat(http): add remote_addr to logs
...
With this change, the remote address will be logged. This enables other
software, such as fail2ban, to monitor the logs and make actions if
required.
Closes #944
2024-02-04 21:03:33 +01:00
Eugene
79bfa3c81a
Update conftest.py
2024-01-23 12:31:00 +01:00
Eugene
eee486a596
Update run.sh
2024-01-23 12:20:19 +01:00
Eugene
2d6621f5c8
bumped rust
2024-01-23 12:05:59 +01:00
Eugene
75a2b8c5c6
fixed #929 - support additional trusted OIDC audiences
2024-01-13 11:07:26 +01:00
Zasda Yusuf Mikail
92dc88558a
ci: add arm64 docker image
...
Signed-off-by: Zasda Yusuf Mikail <zasdaym@gmail.com>
2023-12-26 12:53:30 +01:00
Eugene
7e260e84e6
Bump version: 0.9.0 → 0.9.1
2023-12-18 16:24:44 +01:00
Eugene
12fdf628a5
bumped russh to fix CVE-2023-48795
2023-12-18 16:18:05 +01:00
Eugene
2bdb69e8d1
bumped russh
2023-12-12 21:47:05 +01:00
Nicolas SEYS
8c1dab63c5
Move session and cookie age in http config section
2023-11-29 11:03:17 +01:00
Nicolas SEYS
21d6ab4beb
Make session and cookie age configurable
2023-11-29 11:03:17 +01:00
Eugene
74d4db9f3c
Update Cargo.lock
2023-11-23 19:42:55 +01:00
Eugene
0baf2e3b97
Bump version: 0.8.1 → 0.9.0
2023-11-23 19:41:07 +01:00
Eugene
6cace24fe8
lint
2023-11-23 19:40:53 +01:00
Eugene
b346ca3d0b
don't suggest public key auth in the web auth API
2023-11-23 19:36:05 +01:00
Eugene
e3b26b2699
fixed GHSA-c94j-vqr5-3mxr - privilege escalation during web auth
2023-11-23 18:35:27 +01:00
Eugene
80ec7444f9
Update Cargo.lock
2023-11-23 17:30:52 +01:00
Eugene
f55fcc3972
clean up #921 for readability
2023-11-16 19:53:14 +01:00
Skyler Mansfield
b982abb5fd
fix port in external host causing url parse fail
2023-11-16 19:53:14 +01:00
Skyler Mansfield
d9af7470a4
Add better support for X-Forward- headers when constructing external url
2023-11-16 19:53:14 +01:00
Skyler Mansfield
b0a9130a51
Add support for trusting X-Forwarded-For header to get client IP
...
falls back to remote ip if header unavailable
2023-11-16 19:53:14 +01:00
Eugene
8b91e4a328
Bump version: 0.8.0 → 0.8.1
2023-09-27 22:09:03 +02:00
Eugene
a4df7f7a21
fixed GHSA-3cjp-w4cp-m9c8 - interpreting SSH public key offers as a successful authentication
2023-09-27 22:08:49 +02:00
Eugene
1cdd29b6b8
bumped Docker build image
2023-09-26 15:54:04 +02:00
Nicolas SEYS
dec0b97a0d
Fix redirection with a relative location
2023-09-26 15:53:51 +02:00
Eugene Pankov
4ecc6b653f
Bump version: 0.7.4 → 0.8.0
2023-08-20 19:06:49 +02:00
Eugene Pankov
983d0ad49b
bumped russh
2023-08-17 22:02:14 +02:00
Eugene Pankov
aca8d3d515
fixed #857 - fixed default ticket expiry on MySQL, bumped sea-orm
2023-08-08 21:06:01 +02:00