kanidm: update provisioning patches to 1.4.0 (#352857)

    ''

      cp ${format profile} libs/profiles/${KANIDM_BUILD_PROFILE}.toml

      substituteInPlace libs/profiles/${KANIDM_BUILD_PROFILE}.toml \

        --replace-fail '@htmx_ui_pkg_path@' "$out/ui/hpkg" \

        --replace-fail '@htmx_ui_pkg_path@' "$out/ui/hpkg"

    '';

  nativeBuildInputs = [

From 44dfbc2b9dccce86c7d7e7b54db4c989344b8c56 Mon Sep 17 00:00:00 2001

From e9dfca73e6fb80faf6fc106e7aee6b93c0908525 Mon Sep 17 00:00:00 2001

From: oddlama <oddlama@oddlama.org>

Date: Mon, 12 Aug 2024 23:17:25 +0200

Date: Fri, 1 Nov 2024 12:26:17 +0100

Subject: [PATCH 1/2] oauth2 basic secret modify

---

 4 files changed, 82 insertions(+), 1 deletion(-)

diff --git a/server/core/src/actors/v1_write.rs b/server/core/src/actors/v1_write.rs

index e00a969fb..1cacc67b8 100644

index 732e826c8..0fe66503f 100644

--- a/server/core/src/actors/v1_write.rs

+++ b/server/core/src/actors/v1_write.rs

@@ -315,20 +315,62 @@ impl QueryServerWriteV1 {

@@ -317,20 +317,62 @@ impl QueryServerWriteV1 {

         };

         trace!(?del, "Begin delete event");

+    ) -> Result<(), OperationError> {

+        // Given a protoEntry, turn this into a modification set.

+        let ct = duration_from_epoch_now();

+        let mut idms_prox_write = self.idms.proxy_write(ct).await;

+        let mut idms_prox_write = self.idms.proxy_write(ct).await?;

+        let ident = idms_prox_write

+            .validate_client_auth_info_to_ident(client_auth_info, ct)

+            .map_err(|e| {

         filter: Filter<FilterInvalid>,

         eventid: Uuid,

diff --git a/server/core/src/https/v1.rs b/server/core/src/https/v1.rs

index 8aba83bb2..f1f815026 100644

index c410a4b5d..cc67cac6c 100644

--- a/server/core/src/https/v1.rs

+++ b/server/core/src/https/v1.rs

@@ -1,17 +1,17 @@

 use kanidm_proto::internal::{

     ApiToken, AppLink, CUIntentToken, CURequest, CUSessionToken, CUStatus, CreateRequest,

     CredentialStatus, DeleteRequest, IdentifyUserRequest, IdentifyUserResponse, ModifyRequest,

@@ -3119,20 +3119,24 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {

@@ -3120,20 +3120,24 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {

         )

         .route(

             "/v1/oauth2/:rs_name/_image",

                 .delete(super::v1_oauth2::oauth2_id_sup_scopemap_delete),

         )

diff --git a/server/core/src/https/v1_oauth2.rs b/server/core/src/https/v1_oauth2.rs

index 5e481afab..a771aed04 100644

index d3966a7ad..f89c02c69 100644

--- a/server/core/src/https/v1_oauth2.rs

+++ b/server/core/src/https/v1_oauth2.rs

@@ -144,20 +144,49 @@ pub(crate) async fn oauth2_id_get_basic_secret(

     tag = "v1/oauth2",

     operation_id = "oauth2_id_patch"

diff --git a/server/lib/src/constants/acp.rs b/server/lib/src/constants/acp.rs

index f3409649d..42e407b7d 100644

index be1836345..ebf4445be 100644

--- a/server/lib/src/constants/acp.rs

+++ b/server/lib/src/constants/acp.rs

@@ -645,34 +645,36 @@ lazy_static! {

@@ -658,36 +658,38 @@ lazy_static! {

             Attribute::Image,

         ],

         modify_present_attrs: vec![

             Attribute::OAuth2AllowInsecureClientDisablePkce,

             Attribute::OAuth2JwtLegacyCryptoEnable,

             Attribute::OAuth2PreferShortUsername,

             Attribute::OAuth2AllowLocalhostRedirect,

             Attribute::OAuth2RsClaimMap,

             Attribute::Image,

         ],

         create_attrs: vec![

             Attribute::OAuth2AllowInsecureClientDisablePkce,

             Attribute::OAuth2JwtLegacyCryptoEnable,

             Attribute::OAuth2PreferShortUsername,

             Attribute::OAuth2AllowLocalhostRedirect,

             Attribute::OAuth2RsClaimMap,

             Attribute::Image,

         ],

         create_classes: vec![

             EntryClass::Object,

             EntryClass::OAuth2ResourceServer,

             EntryClass::OAuth2ResourceServerBasic,

             EntryClass::OAuth2ResourceServerPublic,

@@ -739,36 +741,38 @@ lazy_static! {

@@ -759,37 +761,39 @@ lazy_static! {

             Attribute::Image,

         ],

         modify_present_attrs: vec![

             Attribute::Description,

             Attribute::DisplayName,

             Attribute::OAuth2RsName,

             Attribute::Name,

             Attribute::OAuth2RsOrigin,

             Attribute::OAuth2RsOriginLanding,

             Attribute::OAuth2RsSupScopeMap,

         create_attrs: vec![

             Attribute::Class,

             Attribute::Description,

             Attribute::Name,

             Attribute::DisplayName,

             Attribute::OAuth2RsName,

             Attribute::OAuth2RsOrigin,

         ],

         create_classes: vec![

             EntryClass::Object,

             EntryClass::OAuth2ResourceServer,

@@ -840,36 +844,38 @@ lazy_static! {

             Attribute::Image,

             EntryClass::Account,

@@ -864,38 +868,40 @@ lazy_static! {

             Attribute::OAuth2StrictRedirectUri,

         ],

         modify_present_attrs: vec![

             Attribute::Description,

             Attribute::OAuth2AllowLocalhostRedirect,

             Attribute::OAuth2RsClaimMap,

             Attribute::Image,

             Attribute::OAuth2StrictRedirectUri,

         ],

         create_attrs: vec![

             Attribute::Class,

             Attribute::Description,

             Attribute::Name,

             Attribute::DisplayName,

             Attribute::OAuth2RsName,

             Attribute::OAuth2RsOrigin,

             Attribute::OAuth2RsOriginLanding,

             Attribute::OAuth2AllowLocalhostRedirect,

             Attribute::OAuth2RsClaimMap,

             Attribute::Image,

             Attribute::OAuth2StrictRedirectUri,

         ],

         create_classes: vec![

             EntryClass::Object,

             EntryClass::Account,

-- 

2.45.2

2.46.1

From cc8269489b56755714f07eee4671f8aa2659c014 Mon Sep 17 00:00:00 2001

From c8ed69efe3f702b19834c2659be1dd3ec2d41c17 Mon Sep 17 00:00:00 2001

From: oddlama <oddlama@oddlama.org>

Date: Mon, 12 Aug 2024 23:17:42 +0200

Date: Fri, 1 Nov 2024 12:27:43 +0100

Subject: [PATCH 2/2] recover account

---

 4 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/server/core/src/actors/internal.rs b/server/core/src/actors/internal.rs

index 40c18777f..40d553b40 100644

index 420e72c6c..5c4353116 100644

--- a/server/core/src/actors/internal.rs

+++ b/server/core/src/actors/internal.rs

@@ -153,25 +153,26 @@ impl QueryServerWriteV1 {

@@ -171,25 +171,26 @@ impl QueryServerWriteV1 {

     }

     #[instrument(

         eventid: Uuid,

     ) -> Result<String, OperationError> {

         let ct = duration_from_epoch_now();

         let mut idms_prox_write = self.idms.proxy_write(ct).await;

         let mut idms_prox_write = self.idms.proxy_write(ct).await?;

-        let pw = idms_prox_write.recover_account(name.as_str(), None)?;

+        let pw = idms_prox_write.recover_account(name.as_str(), password.as_deref())?;

                     Some(ctrl_tx) => show_replication_certificate(ctrl_tx).await,

                     None => {

diff --git a/server/daemon/src/main.rs b/server/daemon/src/main.rs

index 577995615..a967928c9 100644

index 7486d34a8..784106352 100644

--- a/server/daemon/src/main.rs

+++ b/server/daemon/src/main.rs

@@ -894,27 +894,39 @@ async fn kanidm_main(

@@ -903,27 +903,39 @@ async fn kanidm_main(

             } else {

                 let output_mode: ConsoleOutputMode = commonopts.output_mode.to_owned().into();

                 submit_admin_req(

     /// Renew this server's replication certificate

     RenewReplicationCertificate {

-- 

2.45.2

2.46.1