hswaw
/
ldapweb
4
0
Fork 0
Code Issues 3 Pull Requests 1 Packages Projects Releases Wiki Activity
66 Commits
2 Branches
0 Tags
1.4 MiB
Commit Graph

48 Commits (master)

Author SHA1 Message Date
radex 60d6f2e9d5 Admin: tighter user list layout 2023-10-29 19:36:56 +01:00
radex d29a57233f Admin: Important avatar changes lmao 2023-10-28 15:36:19 +02:00
radex 564b3e9888 vcard: fix avatar preview 2023-10-24 10:21:10 +02:00
radex f59886c33f ldaputils: allow dot in names 
turns out we have 3 users with dots in their uid ¯\_(ツ)_/¯
 2023-10-23 19:50:30 +02:00
radex 6f51489194 Add Gravatar-style avatar endpoint, rename user-based requests to /avatar/user/<uid> 2023-10-23 19:48:03 +02:00
radex 20acdee93c avatar: remove expired cache entries 2023-10-14 16:03:39 +02:00
radex b10f6478da avatar: don't generate avatars for non-users 2023-10-14 16:02:47 +02:00
radex a6cc147595 avatar: move timeout to config 2023-10-14 15:59:55 +02:00
radex fede3f68e5 preprocess avatar when uploading 2023-10-14 15:53:06 +02:00
radex e01267c49f upload avatar 2023-10-14 15:32:20 +02:00
radex 92a5ebac2f delete user avatar 2023-10-14 15:31:27 +02:00
radex a38c451c66 show user avatar in /vcard 2023-10-14 14:35:32 +02:00
radex 7afee30c14 clean up vcard template 2023-10-13 23:05:05 +02:00
q3k a435e15698 Implement LDAP avatar serving 
This adds a /avatar/<uid> endpoint which serves any jpegPhoto associated
with a given user account.

In true 'lol ldap' fashion, only `photo` and `jpegPhoto` fields are
defined. The first one is for G3 photos (a fax format!). The latter is
technically for JPEG. But we expect to abuse this and basically contain
_any_ sensible photo format in there, as long as Python's PIL can parse
it.

The serving function always resamples images to a 256x256 PNG. This
makes sure people don't leak EXIF and lets us depend on square avatars.

This entire code assumes that it is safe to PIL.Image.open untrusted
user data. My understanding is that it is, bar some DoS for very large
images. We limit the potential for DoS by storing the images in LDAP,
which I hope has some kind of field length limit...

Oh, and this also adds a 'default avatar' functionality which serves
simple generative mermaid art for any user who doesn't have an explicit
avatar set. To prevent leaking the existence of users who don't have an
avatar set, we serve such a generated avatar for all UIDs, including
UIDs which don't exist.
 2023-10-08 18:14:00 +02:00
radex 3752e0c558 rename config.py.dist to config.py 2023-09-23 18:28:02 +02:00
radex bdd0de0b53 admin: add group list and group details pages 2023-09-23 18:25:37 +02:00
radex dc2bb81f61 config and ldap handling refactor 2023-09-23 15:56:06 +02:00
radex 64d62692d4 clean up python2 syntax 2023-09-23 11:23:28 +02:00
radex 78458f6211 tweaks to vcard 2023-09-23 10:55:17 +02:00
radex e358bafcca clean up 2023-09-23 10:45:52 +02:00
radex 3fd36123de split views into blueprints 2023-09-23 10:30:58 +02:00
radex f82e60e277 remove dead code 2023-09-23 10:04:46 +02:00
radex b4e185ff31 tweaks based on q3k's feedback 2023-09-22 22:35:14 +02:00
radex def69fb5d3 ldap user: show groups 2023-09-22 21:58:49 +02:00
radex 84abc355b9 remove dead code 2023-09-22 21:18:53 +02:00
radex bdfefcb234 require admin for /admin/* paths 2023-09-22 21:15:02 +02:00
radex 3fcb7d2a4f link from admin user profile to kasownik 2023-09-20 23:12:13 +02:00
radex 4732fb7066 render barebones ldap profile of any user 2023-09-20 23:02:56 +02:00
radex a94c138829 render list of all ldap users 2023-09-20 22:00:23 +02:00
radex e876fd65a5 show "admin" link if user is ldap admin 2023-09-20 20:51:47 +02:00
radex ccdacec835 deps: update flask to latest 2023-09-19 22:42:12 +02:00
radex ad93a80fac remove unused header image 2023-09-19 18:45:51 +02:00
radex 50891a9b08 remove unused dependencies 2023-09-19 18:43:07 +02:00
radex 7796c3273a cleanup: remove legacy coding directive & shebang 2023-09-19 17:18:02 +02:00
radex 33693311ae remove unused /keys, /key/*, /upload_key 2023-09-19 17:15:27 +02:00
radex ee95d91d4d remove unused /ldap/claim_nick 2023-09-19 17:12:47 +02:00
radex f26ce59bbf add configurable mifareHashID 2023-09-18 23:59:22 +02:00
radex b9f45d8bff sync default config with hscloud 2023-09-18 23:59:06 +02:00
informatic cde7e6cf76 webapp: move secret_key and debug flags to config 2021-10-09 11:15:24 +02:00
informatic 50e47d2413 webapp: remove DST Root CA X3 certificate pin 2021-10-09 11:06:55 +02:00
q3k 1cced0d613 login: use case-sensitive names for display/kerberos 2020-08-15 20:26:05 +02:00
q3k 50dbd3087a *: port to python3, update deps, fix cn mod 2019-10-18 14:13:10 +02:00
q3k 46ee9f5334 Allow modifying personal data, fix ssh key css 2019-10-18 13:20:06 +02:00
informatic d468b6ad71 Cleanup CSS 2018-03-18 14:56:12 +01:00
informatic ee8ca0e1e6 Migrate to kerberos module 2018-03-18 14:42:27 +01:00
q3k a097e314a0 Add hackerspace name config option 
Also move config.py to config.py.dist for distribution purposes :)
 2018-02-26 10:03:33 +00:00
q3k 0b9e737dba Import changes from Tog development repo 
Most notably, this adds Kerberos support and changes the theme.
 2018-01-26 17:45:24 +00:00
q3k d03f876670 First public import 2016-02-15 20:30:53 +00:00