2022/03/06
- add ldap starttls support
- add ldaps+starttls support on tests
2022/03/03
- protocol definition in ldap configuration -> ldaps support (@arnaudmm)
2021/03/26
realnamecan have upper case (@fedegiova)
expirydo not require a+
- R1732: Consider using 'with' for resource-allocating operations
- W1401: Anomalous backslash in string: '\d'. String constant might be missing an r prefix.
2021/03/26
- Ability to add numbers in principals
2020/09/21
- Compare ssh public fingerprint instead of raw content
- Force sha512 during fingerprint, instead of default hash algorithm
2020/04/09
- Handle custom_principals as None (old database entry)
- Urldecode 'add' parameter
2020/04/06
- Unblock no-membership/no-bindCN user with a valid login/password
2020/04/03
- Add LDAP mapping with principals
- Add multiple options in LDAP configuration, some breaking changes
- Add OpenLDAP in tests
- LDAP configuration: "filterstr" is deprecated, use "filter_realname_key" instead
- Remove GET /admin/principals (not used in client and not safe)
- Remove deprecated PATCH endpoint for principals
- rename get_principals to clean_principals_output
- add get_ldap_conn, get_memberof, truncate_principals, merge_principals
- Remove py3.4 support (json decoder issues)
- ldap_authentification return when bad options
- ldap_authentification uncatch error if no object in LDAP response
2020/03/26
- upgrade requirements
- Split functions
- Validate all inputs
- remove/add wrong imports
- autoreload bug
- duplicates revoke
2020/03/24
- Remove duplicate principales
2020/03/24
- New user starts with its username as principal
- Purge set the username as principals, instead of nothing
- Unquote action values for Principals and PrincipalsSearch
- Allow multiple actions for Principals
2020/03/24
- Principals CRUD-like endpoint '/admin//principals'
- Principals Search endpoint '/admin/all/principals/search'
- Uniformize PATTERN and reponse
- Warning message when using
PATCH /admin/<username>to update principals - Split tests
- Empty response when no member in cluster, instead of crash
2019/07/29
- Allow dash in principals
- Add tests for PATCH command (principals & expiry)
2019/06/13
- Fix realname regexp
2019/05/28
- Generates KRL files by using a database
- /cluster/updatekrl is removed
- Admin/GET and are removed (it was deprecated)
- Tests are using random usernames
- Add function 'get_pubkey' from database, 'timestamp' and 'get_last_krl'
- Remove function 'cluster_last_krl', 'cluster_update_krl'
2019/05/28
- Add wheel into requirements
- Add build-essential python3-dev dependencies
- Fix cassh.service
2019/05/27
- Python 3.6 support :
- remove future
- use urllib.parse instead of urllib for unquote_plus
- web.data output in encoded in UTF-8
- Used .keys() for dict
- write temporary files in unicode
- check_output in returning an unicode output
- Python 2.x deprecated
- Used web.py version 0.40-dev1 instead of 0.39
2019/05/27
- Add debug parameters in configuration
- Use ldap version 3.2.0 instead of 2.5.2 (open => initialize)
- Edit Dockerfile and requirements.txt
- Tools: Rename cluster_updatekrl into cluster_update_krl
2019/05/24
- split tools functions in another library
2019/05/23
- always return a Content-Type
- Block bad realnames (XSS stored)
- Doesn-t return a blocked username (XSS reflected)
- Fix some missing http code
- Fix according tests
2019/05/22
- Add multi-instance (cluster mode), especially to update the KRL
- ClusterStatus (/cluster/status) : Get the status of the clusted (without auth)
- ClusterUpdateKRL (/cluster/updatekrl) : Update the current KRL to revoke a user, or get the last version of the KRL inside the cluster
- Add a User-Agent
HTTP_USER_AGENT : CASSH-SERVER v1.7.0 - Add the client version in header
HTTP_SERVER_VERSION : 1.7.0 - Add cluster and clustersecret parameters in configuration
- The KRL update is in a separated function
- HTTP code are not always 200
- Disable Debug mode (#shame)
- More tests, with random ssh-key and username
- More documentation