|
|
b65c1ed3a0
|
Add inja
Requries update to C++17 standard
|
2022-05-13 09:34:15 -07:00 |
|
|
|
59151fbf86
|
remove max count for xread
|
2022-04-28 13:10:07 -07:00 |
|
|
|
1c700b7b41
|
Fix redis cluster usage
|
2022-04-28 13:05:02 -07:00 |
|
|
|
ff18bacd94
|
fix XREAD commands for redis message queue
|
2022-04-28 11:16:45 -07:00 |
|
|
|
ef08346a74
|
Fix a possible excessive memory use issue in controller and clean up a bunch of COM handling and other code in the normal node.
|
2022-04-19 19:59:54 -04:00 |
|
|
|
912036b260
|
Push credentials always if updated (client-side) and some controller-side cleanup that should be logically irrelevant but will prevent unnecessary DB lookups.
|
2022-04-19 12:41:38 -04:00 |
|
|
|
a4e8847664
|
Restore sending of rejections but move it exclusively to a thread, widen netconf window to 30 minutes.
|
2022-04-19 10:37:58 -04:00 |
|
|
|
c492bf7eea
|
Forgot to send error on v0 auth expiry.
|
2022-04-18 16:36:09 -04:00 |
|
|
|
cb086ff97f
|
Simplify SSO logic. SSO should just normally expire when it expires. No full deauth needed. Deauth is for really giving someone the boot.
|
2022-04-18 16:32:05 -04:00 |
|
|
|
55a99f34d0
|
Tighten certificate window and deprecate sending of revocations for ordinary SSO timeouts. Revocations should only be for deliberate deauth to kick people off networks. Cert window should now stay within refresh window for SSO so normal cert expiration should handle it just fine.
|
2022-04-15 14:23:26 -04:00 |
|
|
|
58119598ae
|
comment out some new deauth code
|
2022-04-13 23:10:11 -04:00 |
|
|
|
42a2afaef9
|
This may improve controller behavior with SSO and mixed SSO, needs testing!
|
2022-04-13 21:39:56 -04:00 |
|
|
|
f8e24f4629
|
Fix issue where restarting a controller causes a DB write for each network member
|
2022-02-28 12:26:32 -08:00 |
|
|
|
c09010c25a
|
handle nonce rotation in controller better
Won't generate new nonces until there are no active ones.
|
2022-01-20 15:14:29 -08:00 |
|
|
|
b3fbbd3124
|
refresh tokens now working
Still investigating the best way to do a couple things, but we have something working
|
2021-12-07 16:29:50 -08:00 |
|
|
|
730482e62f
|
encode network ID into sso state param
|
2021-12-01 15:02:21 -08:00 |
|
|
|
663a09b38d
|
oidc stuff coming across the wire properly and generating a working login URL
|
2021-12-01 13:01:32 -08:00 |
|
|
|
7cce23ae79
|
wip
|
2021-12-01 10:44:29 -08:00 |
|
|
|
dfdac7adbd
|
iomanip
|
2021-11-30 17:31:46 -08:00 |
|
|
|
a33d7c64fe
|
more fixin
|
2021-11-30 17:27:13 -08:00 |
|
|
|
d15516f0ef
|
query fix & controller build fix
|
2021-11-30 16:18:34 -08:00 |
|
|
|
fa21fdc1cc
|
rename stuff for clarity
authenticationURL will still be used by the client for v1 and v2 of sso
|
2021-11-11 16:19:26 -08:00 |
|
|
|
43433cdb5a
|
integrate rust build of zeroidc to linux
|
2021-11-04 17:16:23 -07:00 |
|
|
|
8d39c9a861
|
plumbing full flow from controller -> client network
|
2021-11-04 15:40:08 -07:00 |
|
|
|
3818351287
|
use pqxx::pipeline for online update thread
|
2021-10-06 09:39:30 -07:00 |
|
|
|
4d26b5a868
|
no reason for this to be a pointer
|
2021-10-05 17:02:50 -07:00 |
|
|
|
ac0dc7844f
|
rework commit thread & some connection pool borrowing issues
|
2021-10-05 09:25:24 -07:00 |
|
|
|
134d33c218
|
Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.
|
2021-09-20 15:40:55 -07:00 |
|
|
|
46adc1f059
|
ifdef this out
|
2021-09-20 15:39:53 -07:00 |
|
|
|
9002555596
|
ensure count > 0
|
2021-09-20 15:39:44 -07:00 |
|
|
|
c3a42bf590
|
remove heartbeat log
|
2021-09-02 16:46:42 -07:00 |
|
|
|
8b95afa96a
|
logging
|
2021-09-02 16:32:40 -07:00 |
|
|
|
6a49a766ca
|
logging
|
2021-09-02 16:22:59 -07:00 |
|
|
|
16ff14bda7
|
identify controller in pool stats
|
2021-09-02 13:48:08 -07:00 |
|
|
|
57c1d96b71
|
math
|
2021-09-02 12:48:49 -07:00 |
|
|
|
40f376e2b9
|
print db pool stats periodically
|
2021-09-02 12:45:26 -07:00 |
|
|
|
dc61f78916
|
set psql application_name in startup script
|
2021-09-02 11:24:07 -07:00 |
|
|
|
a2ffe8c05e
|
dont generate nonce for deleted members
|
2021-09-02 11:24:04 -07:00 |
|
|
|
d0f4cfe6b4
|
print load status messages a little less often now that things go brrrrrrrrr
|
2021-08-20 10:34:00 -07:00 |
|
|
|
3ec23f92ec
|
helps to add part of the query
|
2021-08-20 10:30:37 -07:00 |
|
|
|
6baac1b4e0
|
more query optimizations
|
2021-08-20 10:27:45 -07:00 |
|
|
|
50b0b2e2e9
|
query optimization
|
2021-08-19 17:55:30 -07:00 |
|
|
|
20721491e8
|
kill some noisy logs
|
2021-08-19 13:03:56 -07:00 |
|
|
|
eec46a137e
|
optimize data loading from psql on startup
|
2021-08-19 12:44:02 -07:00 |
|
|
|
9eae444104
|
kill some verbose logs
|
2021-08-19 09:21:52 -07:00 |
|
|
|
576b4f03a5
|
Adjust deauth time window and send revocation when SSO members expire.
|
2021-08-18 12:17:40 -04:00 |
|
|
|
461810b06a
|
Move return so record gets created before URL.
|
2021-08-10 11:22:29 -04:00 |
|
|
|
613d7b5ece
|
fix backwards logic
|
2021-08-04 09:16:04 -07:00 |
|
|
|
c101d71d7c
|
Tweak auth timeout notify.
|
2021-07-30 18:44:34 -04:00 |
|
|
|
663e748b8d
|
Deauth expiring members right away.
|
2021-07-26 23:45:18 -04:00 |
|
