auth issueshttps://git.autistici.org/id/auth/-/issues2019-04-03T05:01:45Zhttps://git.autistici.org/id/auth/-/issues/8Replace the socket protocol with something better2019-04-03T05:01:45ZaleReplace the socket protocol with something betterThe custom on-the-wire protocol used by the auth-server is silly, it would probably be best to switch to something more standard.
The reason for the current choice comes from the necessity to have a simple and lightweight C implementati...The custom on-the-wire protocol used by the auth-server is silly, it would probably be best to switch to something more standard.
The reason for the current choice comes from the necessity to have a simple and lightweight C implementation (for the PAM module), but there are self-contained simple libraries for things like JSON that would make it possible to use standard formats. Furthermore, if we are to add TCP support (presumably requiring SSL), we're going to end up writing a lot of code that would be best handled by a third-party library.
HTTP is very verbose for this purpose, and fits badly with UNIX socket connections, so it makes sense to stick with the line-based protocol.https://git.autistici.org/id/auth/-/issues/15Per-backend group membership overrides create too many identical group member...2021-12-06T21:23:46ZalePer-backend group membership overrides create too many identical group membershipsas seen in, e.g.:
> authentication request: user=admin,password,webauthn,device=e771b -> status=ok,groups=[admins,admins,admins,admins]as seen in, e.g.:
> authentication request: user=admin,password,webauthn,device=e771b -> status=ok,groups=[admins,admins,admins,admins]https://git.autistici.org/id/auth/-/issues/17Late initialization for the sql backend2022-03-09T10:39:12ZaleLate initialization for the sql backendThe *sql* backend tries to open a connection to the database at initialization time, so if the db is unavailable the process will immediately exit. This might not be desirable when there are multiple backends, and it is in fact not how t...The *sql* backend tries to open a connection to the database at initialization time, so if the db is unavailable the process will immediately exit. This might not be desirable when there are multiple backends, and it is in fact not how the *ldap* backend (which does a connection per request, so implicitly implements delayed init) works.https://git.autistici.org/id/auth/-/issues/18Replace built-in ratelimit code with golang.org/x/time/rate2022-04-04T14:57:05ZaleReplace built-in ratelimit code with golang.org/x/time/rateIt does support reservations a.k.a. conditional increment, which is required to implement "login failed" rate limiting.It does support reservations a.k.a. conditional increment, which is required to implement "login failed" rate limiting.https://git.autistici.org/id/auth/-/issues/19Record last login data for individual credentials2023-06-07T09:51:57ZaleRecord last login data for individual credentialsIt's useful for users to see last login information for each secondary credential separately (e.g. ASPs, hardware tokens, etc). This requires introducing some sort of credential identity descriptor structure, and pass that to user-meta-s...It's useful for users to see last login information for each secondary credential separately (e.g. ASPs, hardware tokens, etc). This requires introducing some sort of credential identity descriptor structure, and pass that to user-meta-server for logging.https://git.autistici.org/id/auth/-/issues/13Dependency Dashboard2024-03-26T15:33:11ZrenovateDependency DashboardThis issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Repository problems
Renovate tried to run on this repository, but...This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Repository problems
Renovate tried to run on this repository, but found these problems.
- WARN: Package lookup failures
---
> ⚠ **Warning**
>
> Renovate failed to look up the following dependencies: `Could not determine new digest for update (go package github.com/patrickmn/go-cache)`.
>
> Files affected: `go.mod`
---
## Open
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
- [ ] <!-- rebase-branch=renovate/github.com-bradfitz-gomemcache-digest -->[Update github.com/bradfitz/gomemcache digest to 24af94b](!113)
- [ ] <!-- rebase-branch=renovate/github.com-duo-labs-webauthn-digest -->[Update github.com/duo-labs/webauthn digest to ebaf9b7](!108)
- [ ] <!-- rebase-branch=renovate/github.com-go-ldap-ldap-v3-3.x -->[Update module github.com/go-ldap/ldap/v3 to v3.4.6](!112)
- [ ] <!-- rebase-branch=renovate/github.com-mattn-go-sqlite3-1.x -->[Update module github.com/mattn/go-sqlite3 to v1.14.22](!111)
- [ ] <!-- rebase-branch=renovate/github.com-cenkalti-backoff-v4-4.x -->[Update module github.com/cenkalti/backoff/v4 to v4.3.0](!100)
- [ ] <!-- rebase-branch=renovate/github.com-go-sql-driver-mysql-1.x -->[Update module github.com/go-sql-driver/mysql to v1.8.1](!119)
- [ ] <!-- rebase-branch=renovate/github.com-google-go-cmp-0.x -->[Update module github.com/google/go-cmp to v0.6.0](!118)
- [ ] <!-- rebase-branch=renovate/github.com-prometheus-client_golang-1.x -->[Update module github.com/prometheus/client_golang to v1.19.0](!64)
- [ ] <!-- rebase-branch=renovate/golang.org-x-sync-0.x -->[Update module golang.org/x/sync to v0.6.0](!117)
- [ ] <!-- rebase-branch=renovate/opentelemetry-go-monorepo -->[Update opentelemetry-go monorepo to v1.24.0](!95) (`go.opentelemetry.io/otel`, `go.opentelemetry.io/otel/trace`)
- [ ] <!-- rebase-all-open-prs -->**Click on this checkbox to rebase all open MRs at once**
## Detected dependencies
<details><summary>gomod</summary>
<blockquote>
<details><summary>go.mod</summary>
- `go 1.14`
- `git.autistici.org/ai3/go-common v0.0.0-20230816213645-b3aa3fb514d6@b3aa3fb514d6`
- `git.autistici.org/id/usermetadb v0.0.0-20230817075814-ec109f54aa90@ec109f54aa90`
- `github.com/bradfitz/gomemcache v0.0.0-20230124162541-5f7a7d875746@5f7a7d875746`
- `github.com/cenkalti/backoff/v4 v4.1.3`
- `github.com/coreos/go-systemd/v22 v22.5.0`
- `github.com/duo-labs/webauthn v0.0.0-20220330035159-03696f3d4499@03696f3d4499`
- `github.com/go-ldap/ldap/v3 v3.4.4`
- `github.com/go-sql-driver/mysql v1.7.1`
- `github.com/google/go-cmp v0.5.9`
- `github.com/lib/pq v1.10.9`
- `github.com/mattn/go-sqlite3 v1.14.16`
- `github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627@5633e0862627`
- `github.com/pquerna/otp v1.4.0`
- `github.com/prometheus/client_golang v1.12.2`
- `github.com/theckman/go-flock v0.8.1`
- `go.opentelemetry.io/otel v1.10.0`
- `go.opentelemetry.io/otel/trace v1.10.0`
- `golang.org/x/sync v0.3.0`
- `gopkg.in/yaml.v3 v3.0.1`
</details>
</blockquote>
</details>