0.7 (#204)

Author: zachmann

.github/dependabot.yml

@@ -10,4 +10,3 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 15
-    target-branch: "prerelease"

.gitlab-ci-scripts/goreleaser.sh

@@ -3,7 +3,7 @@ first=$(grep '^## ' -nm1 CHANGELOG.md | cut -d':' -f1); \
   second=$(grep '^## ' -nm2 CHANGELOG.md | tail -n1 | cut -d':' -f1); \
   tail -n+$first CHANGELOG.md | head -n$(($second-$first)) > ../shared/release.md
 GORELEASER_CONFIG=".goreleaser.yml"
-if [ -n "$CI_COMMIT_TAG" ] && echo "$CI_COMMIT_TAG" | grep -qv '-'; then
+if [ -n "$CI_COMMIT_TAG" ] && echo "$CI_COMMIT_TAG" | grep -qv '~'; then
 GORELEASER_CONFIG=".goreleaser-release.yml"
 fi
 BASEDIR=/go/src/github.com/oidc-mytoken/server

.gitlab-ci-scripts/set-prerel-version

@@ -0,0 +1,54 @@
+#!/bin/sh
+
+DEVSTRING="pr"
+VERSION_FILE=internal/model/version/VERSION
+
+while [ $# -gt 0 ]; do
+  case $1 in
+    --devstring)
+      DEVSTRING="$2"
+      shift # past argument
+      shift # past value
+      ;;
+    --version_file)
+      VERSION_FILE="$2"
+      shift # past argument
+      shift # past value
+      ;;
+    --*|-*)
+      echo "Unknown option $1"
+      exit 1
+      ;;
+  esac
+done
+
+git config user.email || {
+    echo "Setting up git in CI"
+    git config --global --add safe.directory "$PWD"
+    git config user.email "[email protected]"
+    git config user.name "cicd"
+}
+
+# Get master branch name:
+#   use origin if exists
+#   else use last found remote
+REMOTES=$(git remote show)
+for R in $REMOTES; do
+    MASTER=master
+    MASTER_BRANCH="refs/remotes/${R}/${MASTER}"
+    #echo "Master-branch: ${MASTER_BRANCH}"
+    [ "x${R}" = "xorigin" ] && break
+done
+
+PREREL=$(git rev-list --count HEAD ^"$MASTER_BRANCH")
+
+# use version file:
+VERSION=$(cat "$VERSION_FILE")
+PR_VERSION="${VERSION}-${DEVSTRING}${PREREL}"
+echo "$PR_VERSION" > "$VERSION_FILE"
+echo "$PR_VERSION"
+
+echo "$PR_VERSION" > "$VERSION_FILE"
+git add "$VERSION_FILE"
+git commit -m "dummy prerel version"
+git tag "v${PR_VERSION}"

.gitlab-ci-scripts/set-prerel-version.sh

@@ -1,6 +1,6 @@
 
 REPO_TARGET="/prerel"
-if [ -n "$CI_COMMIT_TAG" ] && echo "$CI_COMMIT_TAG" | grep -qv '-'; then
+if [ -n "$CI_COMMIT_TAG" ] && echo "$CI_COMMIT_TAG" | grep -qv '~'; then
   REPO_TARGET="/preprod"
 fi
 

.gitlab-ci-scripts/upload.sh

@@ -4,6 +4,7 @@ stages:
   - test
   - lint
   - release
+  - deploy
 
 default:
   tags:
@@ -27,12 +28,12 @@ test_race:
   script:
     - go test -race -v ./...
 
-lint:
+staticcheck:
   stage: lint
   before_script:
-    - go install golang.org/x/lint/golint@latest
+    - go install honnef.co/go/tools/cmd/staticcheck@latest
   script:
-    - golint -set_exit_status ./...
+    - staticcheck ./...
 
 vet:
   stage: lint
@@ -72,8 +73,18 @@ prerelease:
     REPO_HOST: repo.data.kit.edu
     REPO_USER: cicd
   script:
-    - if [ -z "$CI_COMMIT_TAG" ]; then docker run --rm -v $PWD:/tmp/mytoken -w /tmp/mytoken bitnami/git .gitlab-ci-scripts/set-prerel-version; fi;
+    - if [ -z "$CI_COMMIT_TAG" ]; then docker run --rm -v $PWD:/tmp/mytoken -w /tmp/mytoken bitnami/git .gitlab-ci-scripts/set-prerel-version.sh; fi;
     - .gitlab-ci-scripts/goreleaser.sh
     - .gitlab-ci-scripts/upload.sh
   after_script:
     - docker run --rm curlimages/curl -d "repo=github.com/oidc-mytoken/server" https://goreportcard.com/checks
+
+deploy-dev:
+  stage: deploy
+  before_script:
+    - mkdir -p /root/.ssh
+    - cp $KNOWN_HOSTS /root/.ssh/known_hosts
+    - cp $DEPLOYMENT_SSH_KEY /root/.ssh/id_ed25519 && chmod 0600 /root/.ssh/id_ed25519
+  script:
+    - ssh mytoken-dev.vm.fedcloud.eu
+

.gitlab-ci.yml

@@ -12,6 +12,49 @@
 <!-- ### Dependencies -->
 <!--  -->
 
+## mytoken 0.7.0
+
+### Features
+
+- Webinterface has option to show event history for other mytokens in mytoken list.
+- Webinterface has a new option in the tokeninfo pane to create a new mytoken with the same properties.
+- Added server side `profiles` and `templates`
+  - Can be used in the API, i.e. mytoken requests can include profiles, the capability, restrictions, and rotation
+    claims can use templates
+  - Can be used in the webinterface
+
+### Enhancements
+
+- Improved responsiveness of webinterface
+- Expired mytokens are now greyed-out in webinterface mytoken list
+- The database auto-cleanup now only removes mytokens expired more than a month ago.
+  - This allows expired tokens to be shown in a mytoken list for extended periods.
+  - This also allows to obtain history for expired tokens (by using a mytoken with the `manage_mytokens:list`
+    capability) for a longer time.
+  - Mytokens are still directly deleted when revoked.
+- Requests from private IPs (e.g. from within the same entwork where the server is located) are now geolocated to
+  the country where the server stands.
+- The 'Create Mytoken' tab in the webitnerface now supports an `r` query parameter that takes a base64 encoded
+  request from which the form is prefilled.
+  - This allows 'create-a-mytoken-with-these-properties' links.
+
+### API
+
+- Added profile endpoint:
+  - Any user can get list of groups
+  - Any user can get profiles, and templates (capabilities, restrictions, rotation) for all the groups
+  - Groups credentials are defined in the config file
+    - With Basic authentication profiles and templates for the authenticated group can be created, updated, and deleted.
+- Renamed `revocation_id` to `mom_id`
+- Restructured capabilities related to other mytokens
+- Added possibility to obtain history information for children and other tokens (capability)
+- Added a name for OPs in the `supported_providers` of the mytoken configuration endpoint
+
+### Bugfixes
+
+- Fixed a bug where transfer codes could be used just like a short token (but only while the transfer code did not
+  expire)
+
 ## mytoken 0.6.1
 
 ### API

CHANGELOG.md

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020-2022 Gabriel Zachmann
+Copyright (c) 2020-2023 Gabriel Zachmann
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

LICENSE

@@ -6,20 +6,19 @@ import (
 	"os/signal"
 	"syscall"
 
+	"github.com/oidc-mytoken/utils/httpclient"
 	log "github.com/sirupsen/logrus"
 
-	"github.com/oidc-mytoken/server/internal/db/dbrepo/versionrepo"
-	"github.com/oidc-mytoken/server/internal/endpoints/settings"
-	"github.com/oidc-mytoken/server/internal/model/version"
-	"github.com/oidc-mytoken/server/internal/utils/cookies"
-	"github.com/oidc-mytoken/server/shared/httpclient"
-
 	"github.com/oidc-mytoken/server/internal/config"
 	"github.com/oidc-mytoken/server/internal/db"
+	"github.com/oidc-mytoken/server/internal/db/dbrepo/versionrepo"
 	configurationEndpoint "github.com/oidc-mytoken/server/internal/endpoints/configuration"
+	"github.com/oidc-mytoken/server/internal/endpoints/settings"
 	"github.com/oidc-mytoken/server/internal/jws"
+	"github.com/oidc-mytoken/server/internal/model/version"
 	"github.com/oidc-mytoken/server/internal/oidc/authcode"
 	"github.com/oidc-mytoken/server/internal/server"
+	"github.com/oidc-mytoken/server/internal/utils/cookies"
 	"github.com/oidc-mytoken/server/internal/utils/geoip"
 	loggerUtils "github.com/oidc-mytoken/server/internal/utils/logger"
 )

cmd/mytoken-server/main.go

@@ -7,14 +7,14 @@ import (
 	"time"
 
 	"github.com/Songmu/prompter"
+	"github.com/oidc-mytoken/utils/utils/fileutil"
 	log "github.com/sirupsen/logrus"
 	"github.com/urfave/cli/v2"
 	"golang.org/x/term"
 
 	"github.com/oidc-mytoken/server/internal/config"
 	"github.com/oidc-mytoken/server/internal/db"
 	"github.com/oidc-mytoken/server/internal/model/version"
-	"github.com/oidc-mytoken/server/shared/utils/fileutil"
 )
 
 var configFile string
@@ -116,7 +116,7 @@ var app = &cli.App{
 		},
 	},
 	Action: func(context *cli.Context) error {
-		mytokenNodes := []string{}
+		var mytokenNodes []string
 		if context.Args().Len() > 0 {
 			mytokenNodes = context.Args().Slice()
 		} else if configFile != "" {