@mashroom/mashroom-security-provider-ldap
Advanced tools
@mashroom/mashroom-security-provider-ldap - npm Package Versions
Changelog
1.4.4 (May 4, 2020)
- Upgraded libraries with known vulnerabilities
- Default Login Webapp: Renamed the redirect query parameter to redirectUrl
- Portal: The logout route accepts now a redirectUrl parameter with the page that should be redirected to after revoking the authentication (default is still the Site's index page)
Changelog
1.4.3 (May 2, 2020)
- Portal: Keep query parameters when redirecting to default site
- OIDC Security Provider: Added a rejectUnauthorized config property for Identity Providers with self-signed certificates
- Portal: Fixed mapping of email property in the portalAppSetup
Changelog
1.4.2 (April 25, 2020)
- Security Provider: Added new method getApiSecurityHeaders(req, targetUri) that allows it to add security headers to backend/API calls. Useful to add extra user context or access tokens to backend requests.
- Portal: Removed the REST proxy property sendRoles because the concept of permissions should be used in backends as well.
- Portal: If the REST proxy property sendUserHeaders is true the following headers will be sent additionally with each REST request:
- X-USER-DISPLAY-NAME
- X-USER-EMAIL
- Portal: Fixed mapping Sites to virtual hosts when the frontend base path is /
- Virtual host path mapper: Added a config property to explicitly set the http headers that should be considered (default is x-forwarded-host) to determine the actual host
Changelog
1.4.1 (April 20, 2020)
-
Added a virtual host path mapper plugin: Allows it to map internal paths based on virtual hosts and web apps to get the actual "frontend path" to generate absolute links at the same time. Can be used to expose Portal Sites to virtual hosts like so:
https://www.my-company.com/new-portal -> http://internal-portal-host/portal/web
For this example configure your reverse proxy to forward calls from https://www.my-company.com/public to http://internal-portal-host/ and additionally configure the new plugin like this:
"Mashroom VHost Path Mapper Middleware": { "hosts": { "www.my-company.com": { "frontendBasePath": "/new-portal", "mapping": { "/login": "/login", "/": "/portal/web" } } } }
Changelog
1.4.0 (April 6, 2020)
- Portal: The sites work now completely independent (all URLs are relative to <portal_path>/<site_path>).
That means in particular you can have both public sites and private (protected) sites at the same time with an ACL configuration like this:
{ "/portal/public-site/**": { "*": { "allow": "any" } } "/portal/**": { "*": { "allow": { "roles": ["Authenticated"] } } } } - Security: Extended the ACL rules:
- "any" is now a possible value for allow/deny; this matches also anonymous users which is useful for public sub-pages
- it is now possible to pass an object to allow/deny with a list of roles and ip addresses
{ "/portal/**": { "*": { "allow": { "roles": ["Authenticated"], "ips": ["10.1.2.*", "168.**"] }, "deny": { "ips": ["1.2.3.4"] } } } } - Security: Added a new method canAuthenticateWithoutUserInteraction() to the Security Provider interface that allows it to check if a user could be logged in silently on public pages, which could be desirable
- Security: Added a new config property to the mashroom-security plugin that allows to forward specific query parameters
to the authorization system (e.g. a hint which identity provider to use):
"Mashroom Security Services": { "provider": "Mashroom Security Simple Provider", "forwardQueryHintsToProvider": ["kc_idp_hint"] } - Portal: Fixed anonymous access to pages
- Added OpenID Connect security provider
- Angular Demo Portal App: Works now with AOP and the Ivy Compiler
- External MQTT Messaging Provider: Supports now MQTT 5
- Removed support for Node 8
- Added MongoDB storage provider
- Security: The middleware regenerates the session now before and after a login instead of destroying it. Because session.destroy() removes the request.session property completely but some security provider might need a session during authentication.
Changelog
1.3.2 (February 22, 2020)
- File Storage: Locking works now also on NFS correctly
- Removed log statements that could expose passwords
Changelog
1.3.1 (February 8, 2020)
- Remote App Registry Kubernetes: Show all Kubernetes services matching the pattern and a proper error message if no portal apps could be found. Remove portal apps after some time if the Kubernetes services disappeared.
- Remote App Registry: Added plugin config property to hide the Add a new Remote Portal App Endpoint form from the Admin UI
- Remote App Registry: Moved config properties from the Mashroom Portal Remote App Registry Webapp plugin to the Mashroom Portal Remote App Registry plugin where it belongs (BREAKING CHANGE)
Changelog
1.3.0 (January 27, 2020)
- Portal: Fixed broken IE11 support
- Portal: Admin Toolbar cleanup and small fixes
- Added support for messaging via AMQP (Advanced Messaging Queuing) protocol, supported by almost all message brokers (RabbitMQ, Qpid, ActiveMQ, Artemis, Azure Service Bus, ...)
- Added Remote Portal App registry that automatically scans Kubernetes namespaces for apps
- Tabify App: The tab buttons have now a new attribute (data-app-ref) that contains the id of the corresponding app wrapper div. This is useful for end-2-end tests to determine if an app is visible.
- Sandbox App: Fixed loading of portal apps with bootstrap methods that don't return anything
- Core: Made it possible to use environment variables in server and plugin configuration. If the config value is a valid
template string it gets evaluated and the
environment variables are accessible through the env object. Example:
{ "name": "${env.USER}'s Mashroom Server", "port": 5050 } - Added TypeScript definitions for all API's. Works now similar than with flow:
// index.ts import {MashroomPortalAppPluginBootstrapFunction} from '@mashroom/mashroom-portal/type-definitions'; const bootstrap: MashroomPortalAppPluginBootstrapFunction = (hostElement, portalAppSetup, portalClientServices) => { // ... }
Changelog
1.2.3 (January 11, 2020)
- Core: Added health checks that can for example be used as readiness/liveness probes in Kubernetes (/mashroom/health)
- Core: Moved Admin UI from /mashroom to /mashroom/admin
- Svelte based demo Portal App added
- Sandbox App: Loads now also shared resources properly
- Portal: When a portal app gets unloaded all its message bus listeners will automatically be unregistered (in case the app does not unregister the listeners properly on onmount)