apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-04 00:02:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,094 Commits 308 Branches 324 Tags
Commit Graph

352 Commits

Author SHA1 Message Date
Abhishek Kumar
22baf2494d Updating pom.xml version numbers for release 4.18.2.2 
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
 2024-07-15 17:37:07 +05:30
Abhishek Kumar
f0faa4a6b3 saml: signature check improvements 
Adminstrators should ensure that IDP configuration has a signing certificate for the actual signature check to be performed. In addition to this, this change introduces a new global setting saml2.check.signature, with the default value of true, which can deliberately fail a SAML login attempt when the SAML response has a missing signature.
Purges the SAML token upon handling the first SAML response.

Authored-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
 2024-07-15 17:35:07 +05:30
Abhishek Kumar
ef5b5bbd4e Updating pom.xml version numbers for release 4.18.2.1 
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
 2024-07-04 16:16:56 +05:30
João Jandre
154566f914 Updating pom.xml version numbers for release 4.18.2.0 
Signed-off-by: João Jandre <48719461+JoaoJandre@users.noreply.github.com>
 2024-04-12 08:25:04 -03:00
dahn
09ae0499b2
ldap trust map cleanup on domain delete (#7915) 
Co-authored-by: Wei Zhou <weizhou@apache.org>
 2023-09-19 08:01:15 +02:00
Wei Zhou
246bb24b0f Updating pom.xml version numbers for release 4.18.2.0-SNAPSHOT 
Signed-off-by: Wei Zhou <weizhou@apache.org>
 2023-09-12 17:26:53 +02:00
Wei Zhou
4bdff06acd Updating pom.xml version numbers for release 4.18.1.0 
Signed-off-by: Wei Zhou <weizhou@apache.org>
 2023-09-07 08:50:50 +02:00
Sina Kashipazha
d296f54c7f
Api: update command domainId/account descriptions (#7876) 2023-08-20 15:44:31 +02:00
Vishesh
594c70dde0
Sync precommit config from main (#7732) 
Co-authored-by: John Bampton <jbampton@users.noreply.github.com>
Co-authored-by: dahn <daan@onecht.net>
 2023-07-07 11:18:16 +02:00
Marcus Sorensen
5d5fa04c8b
saml: Add EncryptedElementType key resolver to SAML plugin (#7268) 
There are multiple ways in which a SAML response can be formatted, especially when encryption is enabled. This PR removes the hardcoding of EncryptedKeyResolver= InlineEncryptedKeyResolver in favor of using a ChainingEncryptedKeyResolver which will try multiple resolvers. It preserves the InlineEncryptedKeyResolver as the first option but adds EncryptedElementTypeEncryptedKeyResolver to the chain of resolvers to try.

ChainingEncryptedKeyResolver is a bit finicky in that you can't provide it a list of resolvers, you can only fetch its internal list and add to it.

Theoretically we could add all of the resolver types to the chain, but for now just preserving the ones known to be in use.

Co-authored-by: Marcus Sorensen <mls@apple.com>
 2023-04-03 15:16:03 +05:30
Daan Hoogland
05cda2729f Updating pom.xml version numbers for release 4.18.1.0-SNAPSHOT 
Signed-off-by: Daan Hoogland <daan@onecht.net>
 2023-03-15 19:38:14 +01:00
Daan Hoogland
0574087284 Updating pom.xml version numbers for release 4.18.0.0 
Signed-off-by: Daan Hoogland <daan@onecht.net>
 2023-03-11 09:35:41 +01:00
Harikrishna
a3feccf70c
User two factor authentication (#6924) 
Co-authored-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2023-02-13 09:14:17 +01:00
Suresh Kumar Anaparti
d8c7e34b38
Improve global settings UI to be more intuitive/logical (#5797) 
Co-authored-by: Suresh Kumar Anaparti <suresh.anaparti@shapeblue.com>
Co-authored-by: nvazquez <nicovazquez90@gmail.com>
Co-authored-by: davidjumani <dj.davidjumani1994@gmail.com>
Co-authored-by: dahn <daan.hoogland@gmail.com>
Co-authored-by: dahn <daan@onecht.net>
 2023-01-31 11:23:43 +01:00
John Bampton
52c321a0c6
Fix spelling (#7087) 2023-01-16 10:56:07 +01:00
Daan Hoogland
f3e05543cc Merge release branch 4.17 to main 
* 4.17:
  escapes for injection prtection (#7069)
 2023-01-10 11:58:01 +01:00
Daan Hoogland
03674ce174 Merge release branch 4.16 to 4.17 
* 4.16:
  escapes for injection prtection (#7069)
 2023-01-10 11:55:58 +01:00
dahn
dffbc87278
escapes for injection prtection (#7069) 2023-01-10 11:54:51 +01:00
Eduardo Zanetta
a9b49f3ae9
Cleanup APIs getCommandName (#7022) 
Co-authored-by: Eduardo Zanetta <eduardo.zanetta@scclouds.com.br>
 2023-01-03 12:11:52 +01:00
Rohit Yadav
458883575a Updating pom.xml version numbers for release 4.17.3.0-SNAPSHOT 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-12-16 15:25:16 +00:00
Rohit Yadav
5b9a989ab0 Updating pom.xml version numbers for release 4.17.2.0 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-12-14 05:22:52 +00:00
John Bampton
def7ce655d
Fix spelling (#6898) 
Co-authored-by: davidjumani <dj.davidjumani1994@gmail.com>
 2022-12-13 14:58:14 +01:00
John Bampton
e65c22d883
Fix spelling (#6860) 2022-11-13 10:56:15 +01:00
Abhishek Kumar
d724a9d15c Updating pom.xml version numbers for release 4.17.2.0-SNAPSHOT 
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
 2022-09-19 16:21:35 +05:30
Abhishek Kumar
350ef38e1c Updating pom.xml version numbers for release 4.17.1.0 
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
 2022-09-14 12:58:03 +05:30
John Bampton
f9347ecf2c
Fix spelling (#6597) 2022-08-03 15:43:47 +05:30
Rohit Yadav
5f04018bf0 Merge remote-tracking branch 'origin/4.17' 2022-07-27 12:41:31 +02:00
Rohit Yadav
441edf3ca7
utils: use safer parsing utility across codebase (#6562) 
This addresses SonarQube/SonarCloud quality checks to use safer xml
parser to resist potential XXE attacks.

https://sonarcloud.io/organizations/apache/rules?open=java%3AS2755&rule_key=java%3AS2755

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-27 14:31:51 +05:30
Harikrishna
d4460a8afc
Scope setting changes in ldap and utils pom.xml files (#6557) 2022-07-20 13:42:44 +05:30
Rohit Yadav
4baaf736b9 Merge remote-tracking branch 'origin/4.17' 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-18 19:42:44 +05:30
Rohit Yadav
7a3e97d67e Tagging release 4.17.0.1 on branch b30a4a99d1b530efbf652373eda229f2cd5133b1. 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEXtHhEi3F6KSkURLCSEJIIQ7j2IQFAmLRYi0ACgkQSEJIIQ7j
 2ISTWxAAlozJuDMoRnr4D1TDbNCr2hzWSgVn5AK+IZGwnd22OnaZnS7tVQUheTCq
 t9aQgRLb7oUGAzNngHEjDaQBnxlHdLHMKby+QGe+RjX/d9urFoEyHe2xyvCJPkwM
 hFM1uesMqtH/HKwhIL3l8fATGPHlucdhQEZ+XA4bu91IVzxog0gikSnm7SjbaljF
 yYNkn9CgOWtZYFek7lcOM7iuKB79QSdpYxN8PYLpE7esyQSu4KjU4Ekufv1u6Tql
 ILsY5PA5tzzxS7ArfW5PICgSxkXOUIkflBbPHObGgduKw9Q36bmnRM/701lNb2re
 EWE4NMlM2PDn8kKZ2zULD2VBIq5tVdJuZjXbjDyD17z/KiU9pd6hGeHABSitnpDW
 vAS6rLJVY3YT9eqoVDVhpkpFQZmvdfDC8L4nYU2E7dCHj4lF9FlsgYO08SCfSgvP
 InAnfg1jZvbhA9EDL+LiuhxCStn6ZpjRuRCC89hYfRfRM1ZdrT2FazDj8KwPuC0P
 xfEr8eTnMm7xM+B9JCBQ2Lskl3jxQk3KAYQX13LtZCUj05Y1f3crx/iq6t0qIrAH
 PU9keojKMZffLz5MBlFU8qor32stw+uNMky8dZgtDIx6kRjnuYuPYOxpcPDzl+Cs
 KBRcwpIP+GR9mePU8PKBNDClLA45vDE1XqeK6KnOOf7MBSprU5o=
 =ETOD
 -----END PGP SIGNATURE-----

Merge tag '4.17.0.1' into 4.17

Tagging release 4.17.0.1 on branch b30a4a99d1b530efbf652373eda229f2cd5133b1.
 2022-07-18 19:40:53 +05:30
Rohit Yadav
4ed1be821c Tagging release 4.16.1.1 on branch b7415bf127ee3317554af752c0f83e2b580dd7bd. 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEXtHhEi3F6KSkURLCSEJIIQ7j2IQFAmLQBOkACgkQSEJIIQ7j
 2IS+nRAAl8qEGHMCtbh64Uc517UwsATEZwEqm+s5cWrbi6GpkuJ00ITnchgK1QvY
 q9NQudL548oYWB8pvmeql8eeVJFGx4loh8e32GXdW5dNDcmIC/0YZ7VJFokPuHf6
 79GEDfcui5A15mvIL8DyTSHlZd/6x3LKusfM5Nu3f88B75yy1AkfxH8JcVTM8P9/
 ijtVTpy8zWkBWO+nnFUiwRjcQStOwNKd1jHxoapJIpFlNcUZw2DkRlaVIV7uU+ne
 Z7Y4JAJHzvki4ewkl/F5XwkRPiZlEMXVgEAb4dUmt5hg4GCWQvuDvHDio4fQ6Ws1
 CSNdiSV5rKMxa/fcE4l/oxvZ5oGxA7afbyJWo6Y4/s+UENKmZ3LiehkTptuOTSh0
 rgBTUKO7ZPtYuqD6kwaKYoxL431zYRJsdF1TUnts4nJTQQsWn6JlA3oTsX7nxlte
 qdxRtqmE7NTcpNH/+sU8MDKBYaHEqF3VOfzhw5Ta8ztQhebrGMHPJX0i3ypDBAll
 QEVH+cMpIoo5MQZWRFnIeKW/uTZuEZAMcJ8a/AS7gHSjLtiNGJExE5qvVXVnP8Im
 PruZSmk1ZovQ/XbtN0SD0DDS93CppYFH6fJRAeq6yqkEnYUm+dxFkBvEZqp8nr/X
 Z3vySZlH08+iz3fLlpbkGJRZSUfFXYKrGyZjLaFvKIf0FpedfOM=
 =/arX
 -----END PGP SIGNATURE-----

Merge tag '4.16.1.1' into 4.16

Tagging release 4.16.1.1 on branch b7415bf127ee3317554af752c0f83e2b580dd7bd.
 2022-07-18 19:34:32 +05:30
Rohit Yadav
1c7efcbd0d Updating pom.xml version numbers for release 4.17.0.1 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-15 18:18:40 +05:30
Rohit Yadav
f27de63644 saml: Safer DocumentBuilderFactory and ParserPool configuration 
This implements safer DocumentBuilderFactory and ParserPool utilities
to be used throughout the codebase to prevent potential XXE exploits.

References:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 8e0e68ef368ebe2793ef80e2c3821eaecb47b593)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-14 17:31:12 +05:30
Rohit Yadav
ebfdef5777 Updating pom.xml version numbers for release 4.16.1.1 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-14 17:28:08 +05:30
Rohit Yadav
b7415bf127 saml: Safer DocumentBuilderFactory and ParserPool configuration 
This implements safer DocumentBuilderFactory and ParserPool utilities
to be used throughout the codebase to prevent potential XXE exploits.

References:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 8e0e68ef368ebe2793ef80e2c3821eaecb47b593)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-14 16:58:08 +05:30
Rohit Yadav
e57a0f9980 Merge remote-tracking branch 'origin/4.17' 2022-07-06 09:34:02 +05:30
Luis Moreira
c6b611433b
saml: Fix SAML SSO plugin redirect URL (#6457) 
This PR fixes the issue #6427 -> SAML request must be appended to an IdP URL as a query param with an ampersand, if the URL already contains a question mark, as opposed to always assume that IdP URLs don't have any query params.
Google's IdP URL for instance looks like this: https://accounts.google.com/o/saml2/idp?idpid=<ID>, therefore the expected redirect URL would be https://accounts.google.com/o/saml2/idp?idpid=<ID>&SAMLRequest=<SAMLRequest>

This code change is backwards compatible with the current behaviour.
 2022-07-06 09:28:37 +05:30
Daan Hoogland
a470f3353a Merge branch '4.17' 2022-07-05 09:11:45 +02:00
John Bampton
7d23a0a759
Fix spelling (#6272) 2022-07-05 09:08:53 +02:00
nvazquez
0bcc609f05
Updating pom.xml version numbers for release 4.18.0.0-SNAPSHOT 
Signed-off-by: nvazquez <nicovazquez90@gmail.com>
 2022-06-06 12:25:35 -03:00
nvazquez
038a669d6b
Updating pom.xml version numbers for release 4.17.1.0-SNAPSHOT 
Signed-off-by: nvazquez <nicovazquez90@gmail.com>
 2022-06-06 12:19:44 -03:00
nvazquez
c56220fcf2
Updating pom.xml version numbers for release 4.17.0.0 
Signed-off-by: nvazquez <nicovazquez90@gmail.com>
 2022-05-31 14:33:47 -03:00
dahn
c123c3fd2f
remove request listener to prevent untimely session invalidation (#6393) 
* login/-out constants

* no request listener

* store session as value, using id as key

* Apply suggestions from sonarcloud.io code review

three instances of unsafe parameters to logging

* new sonar issues

* sonar issues
 2022-05-24 10:00:06 -03:00
Marcus Sorensen
3dcb93d981
maven: Move apache DS dependencies to test scope (#6347) 
Fixes: #6346

Move LDAP embedded server dependencies to test scope so they aren't packaged in final management server jar.

Co-authored-by: Marcus Sorensen <mls@apple.com>
 2022-05-04 11:49:29 +05:30
Abhishek Kumar
523805c8bc
schema,server,api: events improvement (#5997) 
* schema,server,api: events improvement

Add resource ID and resource type to event.

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* wip

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* refactor resourcetype association with API class

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* add resource anme to the response

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* test

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* more tests

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* new line

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* add resource test

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* smoke test for events resource

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ui improvements

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* refactor

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* api,ui: add support for listing events for a resource

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* since key

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* tests and permission changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* missing test

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* events for domain

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* improvements

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* add missing license

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* ui: fix js console errors

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* sort enumeration

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix event resource for vpc

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* feedback changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix order

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* events with parent resource

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* missing UI labels

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* donot call cmd resource methods before dispatch

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* add restore vm to procedure

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* add missing imports

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* resource details for more events

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* add test for changes

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* more test, license fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* wrong merge fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix for more event types

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
 2022-04-25 09:05:17 -03:00
Leo
70122007bb
Updated SAML2 auth sessionkey cookie path (#6149) 
This change will set the sessionkey under the /client/api path. This commit should prevent duplicate sessionkey cookies from being set on both /client (incorrect) and /client/api (correct). Prior to this commit, the /client version was being set while the /client/api version remained unchanged with an invalid sessionkey. As a result, subsequent requests after the SAML2 authentication would immediately fail with an invalid session and results in the user being logged out.

The sessionkey is now set explicitly for the /client/api path which should fix this issue, regardless of the SSO URL and path that's being used.
 2022-04-18 17:16:20 +05:30
nvazquez
1c238e101d
Merge branch '4.16' 2022-03-30 00:00:34 -03:00
Wei Zhou
ee27708ffb
SAML: replace first number with random alphabet if request ID starts with a number (#6165) 2022-03-29 23:59:44 -03:00
JoaoJandre
5f07ddaca9
Refactor account type (#6048) 
* Refactor account type

* Added license.

* Address reviews

* Address review.

Co-authored-by: João Paraquetti <joao@scclouds.com.br>
Co-authored-by: Joao <JoaoJandre@gitlab.com>
 2022-03-09 11:14:19 -03:00