apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-04 00:02:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,668 Commits 308 Branches 324 Tags
Commit Graph

361 Commits

Author SHA1 Message Date
Vishesh
87b55af197
Fixup response code on incorrect credentials (#8671) 2024-05-30 08:48:53 +02:00
Abhishek Kumar
a7b97ff3b0 Updating pom.xml version numbers for release 4.19.1.0-SNAPSHOT 
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
 2024-02-02 18:06:04 +05:30
Abhishek Kumar
2746225b99 Updating pom.xml version numbers for release 4.19.0.0 
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
 2024-01-29 10:21:52 +05:30
Harikrishna
235e4fe190
Oauth2 integration with CloudStack (#7996) 
OAuth2, the industry-standard authorization or authentication framework, simplifies the process of
granting access to resources. CloudStack supports OAuth2 authentication wherein users can login into
CloudStack without using a username and password. Support for Google and Github providers has been added.
Other OAuth2 providers can be easily integrated with CloudStack using its plugin framework.

The login page will show provider options when the OAuth2 is enabled and corresponding providers are configured.

"OAuth configuration" sub-section is present under "Configuration" where admins can register the corresponding
OAuth providers.
 2023-10-31 13:25:28 +05:30
Vishesh
84e770bf95
Remove powermock from pom.xml (#8000) 2023-09-26 13:31:56 +02:00
Daan Hoogland
0375714ded Merge release branch 4.18 to main 
* 4.18:
  ldap trust map cleanup on domain delete (#7915)
  upgrade: fix upgrade from 4.18.1.0 to 4.18.2.0-SNAPSHOT (#7959)
 2023-09-19 11:20:58 +02:00
dahn
09ae0499b2
ldap trust map cleanup on domain delete (#7915) 
Co-authored-by: Wei Zhou <weizhou@apache.org>
 2023-09-19 08:01:15 +02:00
John Bampton
4eb110af73
Remove unneeded duplicate words (#7850) 2023-09-18 13:16:33 +02:00
Wei Zhou
246bb24b0f Updating pom.xml version numbers for release 4.18.2.0-SNAPSHOT 
Signed-off-by: Wei Zhou <weizhou@apache.org>
 2023-09-12 17:26:53 +02:00
Wei Zhou
4bdff06acd Updating pom.xml version numbers for release 4.18.1.0 
Signed-off-by: Wei Zhou <weizhou@apache.org>
 2023-09-07 08:50:50 +02:00
Daan Hoogland
ea832bce13 Merge branch '4.18' 2023-08-22 11:44:45 +02:00
Sina Kashipazha
d296f54c7f
Api: update command domainId/account descriptions (#7876) 2023-08-20 15:44:31 +02:00
John Bampton
6f4503488b
pre-commit: apply end-of-file-fixer to all files (#7551) 2023-08-02 13:47:21 +02:00
Vishesh
594c70dde0
Sync precommit config from main (#7732) 
Co-authored-by: John Bampton <jbampton@users.noreply.github.com>
Co-authored-by: dahn <daan@onecht.net>
 2023-07-07 11:18:16 +02:00
Vishesh
908b3b7dfa
Remove powermock from ldap & project-role-based plugin (#7658) 
This PR removes powermock from tests & fixes the path for tests of project-role-based plugin.
 2023-06-27 14:53:00 +05:30
Abhishek Kumar
82a6a1f6c4 Merge remote-tracking branch 'apache/4.18' into main 2023-04-04 16:10:12 +05:30
Marcus Sorensen
5d5fa04c8b
saml: Add EncryptedElementType key resolver to SAML plugin (#7268) 
There are multiple ways in which a SAML response can be formatted, especially when encryption is enabled. This PR removes the hardcoding of EncryptedKeyResolver= InlineEncryptedKeyResolver in favor of using a ChainingEncryptedKeyResolver which will try multiple resolvers. It preserves the InlineEncryptedKeyResolver as the first option but adds EncryptedElementTypeEncryptedKeyResolver to the chain of resolvers to try.

ChainingEncryptedKeyResolver is a bit finicky in that you can't provide it a list of resolvers, you can only fetch its internal list and add to it.

Theoretically we could add all of the resolver types to the chain, but for now just preserving the ones known to be in use.

Co-authored-by: Marcus Sorensen <mls@apple.com>
 2023-04-03 15:16:03 +05:30
John Bampton
c2e17310d6
Add three more pre-commit checks (#7083) 
Co-authored-by: dahn <daan@onecht.net>
 2023-03-27 13:28:55 +02:00
Daan Hoogland
fb4f6a334d Updating pom.xml version numbers for release 4.19.0.0-SNAPSHOT 
Signed-off-by: Daan Hoogland <daan@onecht.net>
 2023-03-15 19:46:01 +01:00
Daan Hoogland
05cda2729f Updating pom.xml version numbers for release 4.18.1.0-SNAPSHOT 
Signed-off-by: Daan Hoogland <daan@onecht.net>
 2023-03-15 19:38:14 +01:00
Daan Hoogland
0574087284 Updating pom.xml version numbers for release 4.18.0.0 
Signed-off-by: Daan Hoogland <daan@onecht.net>
 2023-03-11 09:35:41 +01:00
Harikrishna
a3feccf70c
User two factor authentication (#6924) 
Co-authored-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2023-02-13 09:14:17 +01:00
Suresh Kumar Anaparti
d8c7e34b38
Improve global settings UI to be more intuitive/logical (#5797) 
Co-authored-by: Suresh Kumar Anaparti <suresh.anaparti@shapeblue.com>
Co-authored-by: nvazquez <nicovazquez90@gmail.com>
Co-authored-by: davidjumani <dj.davidjumani1994@gmail.com>
Co-authored-by: dahn <daan.hoogland@gmail.com>
Co-authored-by: dahn <daan@onecht.net>
 2023-01-31 11:23:43 +01:00
John Bampton
52c321a0c6
Fix spelling (#7087) 2023-01-16 10:56:07 +01:00
Daan Hoogland
f3e05543cc Merge release branch 4.17 to main 
* 4.17:
  escapes for injection prtection (#7069)
 2023-01-10 11:58:01 +01:00
Daan Hoogland
03674ce174 Merge release branch 4.16 to 4.17 
* 4.16:
  escapes for injection prtection (#7069)
 2023-01-10 11:55:58 +01:00
dahn
dffbc87278
escapes for injection prtection (#7069) 2023-01-10 11:54:51 +01:00
Eduardo Zanetta
a9b49f3ae9
Cleanup APIs getCommandName (#7022) 
Co-authored-by: Eduardo Zanetta <eduardo.zanetta@scclouds.com.br>
 2023-01-03 12:11:52 +01:00
Rohit Yadav
458883575a Updating pom.xml version numbers for release 4.17.3.0-SNAPSHOT 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-12-16 15:25:16 +00:00
Rohit Yadav
5b9a989ab0 Updating pom.xml version numbers for release 4.17.2.0 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-12-14 05:22:52 +00:00
John Bampton
def7ce655d
Fix spelling (#6898) 
Co-authored-by: davidjumani <dj.davidjumani1994@gmail.com>
 2022-12-13 14:58:14 +01:00
John Bampton
e65c22d883
Fix spelling (#6860) 2022-11-13 10:56:15 +01:00
Abhishek Kumar
d724a9d15c Updating pom.xml version numbers for release 4.17.2.0-SNAPSHOT 
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
 2022-09-19 16:21:35 +05:30
Abhishek Kumar
350ef38e1c Updating pom.xml version numbers for release 4.17.1.0 
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
 2022-09-14 12:58:03 +05:30
John Bampton
f9347ecf2c
Fix spelling (#6597) 2022-08-03 15:43:47 +05:30
Rohit Yadav
5f04018bf0 Merge remote-tracking branch 'origin/4.17' 2022-07-27 12:41:31 +02:00
Rohit Yadav
441edf3ca7
utils: use safer parsing utility across codebase (#6562) 
This addresses SonarQube/SonarCloud quality checks to use safer xml
parser to resist potential XXE attacks.

https://sonarcloud.io/organizations/apache/rules?open=java%3AS2755&rule_key=java%3AS2755

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-27 14:31:51 +05:30
Harikrishna
d4460a8afc
Scope setting changes in ldap and utils pom.xml files (#6557) 2022-07-20 13:42:44 +05:30
Rohit Yadav
4baaf736b9 Merge remote-tracking branch 'origin/4.17' 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-18 19:42:44 +05:30
Rohit Yadav
7a3e97d67e Tagging release 4.17.0.1 on branch b30a4a99d1b530efbf652373eda229f2cd5133b1. 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEXtHhEi3F6KSkURLCSEJIIQ7j2IQFAmLRYi0ACgkQSEJIIQ7j
 2ISTWxAAlozJuDMoRnr4D1TDbNCr2hzWSgVn5AK+IZGwnd22OnaZnS7tVQUheTCq
 t9aQgRLb7oUGAzNngHEjDaQBnxlHdLHMKby+QGe+RjX/d9urFoEyHe2xyvCJPkwM
 hFM1uesMqtH/HKwhIL3l8fATGPHlucdhQEZ+XA4bu91IVzxog0gikSnm7SjbaljF
 yYNkn9CgOWtZYFek7lcOM7iuKB79QSdpYxN8PYLpE7esyQSu4KjU4Ekufv1u6Tql
 ILsY5PA5tzzxS7ArfW5PICgSxkXOUIkflBbPHObGgduKw9Q36bmnRM/701lNb2re
 EWE4NMlM2PDn8kKZ2zULD2VBIq5tVdJuZjXbjDyD17z/KiU9pd6hGeHABSitnpDW
 vAS6rLJVY3YT9eqoVDVhpkpFQZmvdfDC8L4nYU2E7dCHj4lF9FlsgYO08SCfSgvP
 InAnfg1jZvbhA9EDL+LiuhxCStn6ZpjRuRCC89hYfRfRM1ZdrT2FazDj8KwPuC0P
 xfEr8eTnMm7xM+B9JCBQ2Lskl3jxQk3KAYQX13LtZCUj05Y1f3crx/iq6t0qIrAH
 PU9keojKMZffLz5MBlFU8qor32stw+uNMky8dZgtDIx6kRjnuYuPYOxpcPDzl+Cs
 KBRcwpIP+GR9mePU8PKBNDClLA45vDE1XqeK6KnOOf7MBSprU5o=
 =ETOD
 -----END PGP SIGNATURE-----

Merge tag '4.17.0.1' into 4.17

Tagging release 4.17.0.1 on branch b30a4a99d1b530efbf652373eda229f2cd5133b1.
 2022-07-18 19:40:53 +05:30
Rohit Yadav
4ed1be821c Tagging release 4.16.1.1 on branch b7415bf127ee3317554af752c0f83e2b580dd7bd. 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEXtHhEi3F6KSkURLCSEJIIQ7j2IQFAmLQBOkACgkQSEJIIQ7j
 2IS+nRAAl8qEGHMCtbh64Uc517UwsATEZwEqm+s5cWrbi6GpkuJ00ITnchgK1QvY
 q9NQudL548oYWB8pvmeql8eeVJFGx4loh8e32GXdW5dNDcmIC/0YZ7VJFokPuHf6
 79GEDfcui5A15mvIL8DyTSHlZd/6x3LKusfM5Nu3f88B75yy1AkfxH8JcVTM8P9/
 ijtVTpy8zWkBWO+nnFUiwRjcQStOwNKd1jHxoapJIpFlNcUZw2DkRlaVIV7uU+ne
 Z7Y4JAJHzvki4ewkl/F5XwkRPiZlEMXVgEAb4dUmt5hg4GCWQvuDvHDio4fQ6Ws1
 CSNdiSV5rKMxa/fcE4l/oxvZ5oGxA7afbyJWo6Y4/s+UENKmZ3LiehkTptuOTSh0
 rgBTUKO7ZPtYuqD6kwaKYoxL431zYRJsdF1TUnts4nJTQQsWn6JlA3oTsX7nxlte
 qdxRtqmE7NTcpNH/+sU8MDKBYaHEqF3VOfzhw5Ta8ztQhebrGMHPJX0i3ypDBAll
 QEVH+cMpIoo5MQZWRFnIeKW/uTZuEZAMcJ8a/AS7gHSjLtiNGJExE5qvVXVnP8Im
 PruZSmk1ZovQ/XbtN0SD0DDS93CppYFH6fJRAeq6yqkEnYUm+dxFkBvEZqp8nr/X
 Z3vySZlH08+iz3fLlpbkGJRZSUfFXYKrGyZjLaFvKIf0FpedfOM=
 =/arX
 -----END PGP SIGNATURE-----

Merge tag '4.16.1.1' into 4.16

Tagging release 4.16.1.1 on branch b7415bf127ee3317554af752c0f83e2b580dd7bd.
 2022-07-18 19:34:32 +05:30
Rohit Yadav
1c7efcbd0d Updating pom.xml version numbers for release 4.17.0.1 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-15 18:18:40 +05:30
Rohit Yadav
f27de63644 saml: Safer DocumentBuilderFactory and ParserPool configuration 
This implements safer DocumentBuilderFactory and ParserPool utilities
to be used throughout the codebase to prevent potential XXE exploits.

References:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 8e0e68ef368ebe2793ef80e2c3821eaecb47b593)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-14 17:31:12 +05:30
Rohit Yadav
ebfdef5777 Updating pom.xml version numbers for release 4.16.1.1 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-14 17:28:08 +05:30
Rohit Yadav
b7415bf127 saml: Safer DocumentBuilderFactory and ParserPool configuration 
This implements safer DocumentBuilderFactory and ParserPool utilities
to be used throughout the codebase to prevent potential XXE exploits.

References:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 8e0e68ef368ebe2793ef80e2c3821eaecb47b593)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2022-07-14 16:58:08 +05:30
Rohit Yadav
e57a0f9980 Merge remote-tracking branch 'origin/4.17' 2022-07-06 09:34:02 +05:30
Luis Moreira
c6b611433b
saml: Fix SAML SSO plugin redirect URL (#6457) 
This PR fixes the issue #6427 -> SAML request must be appended to an IdP URL as a query param with an ampersand, if the URL already contains a question mark, as opposed to always assume that IdP URLs don't have any query params.
Google's IdP URL for instance looks like this: https://accounts.google.com/o/saml2/idp?idpid=<ID>, therefore the expected redirect URL would be https://accounts.google.com/o/saml2/idp?idpid=<ID>&SAMLRequest=<SAMLRequest>

This code change is backwards compatible with the current behaviour.
 2022-07-06 09:28:37 +05:30
Daan Hoogland
a470f3353a Merge branch '4.17' 2022-07-05 09:11:45 +02:00
John Bampton
7d23a0a759
Fix spelling (#6272) 2022-07-05 09:08:53 +02:00
nvazquez
0bcc609f05
Updating pom.xml version numbers for release 4.18.0.0-SNAPSHOT 
Signed-off-by: nvazquez <nicovazquez90@gmail.com>
 2022-06-06 12:25:35 -03:00