forked from ubccr/mokey
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmokey.spec
146 lines (134 loc) · 5.22 KB
/
mokey.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
%define __spec_install_post %{nil}
%define debug_package %{nil}
Summary: FreeIPA self-service account managment tool
Name: mokey
Version: 0.5.6
Release: 1%{?dist}
License: BSD
Group: Applications/Internet
SOURCE: %{name}-%{version}-linux-amd64.tar.gz
URL: https://github.com/ubccr/mokey
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires(pre): /usr/sbin/useradd, /usr/bin/getent
%description
mokey is web application that provides self-service user account management
tools for FreeIPA. The motivation for this project was to implement the
self-service password reset functionality missing in FreeIPA.
%pre
getent group mokey &> /dev/null || \
groupadd -r mokey &> /dev/null
getent passwd mokey &> /dev/null || \
useradd -r -g mokey -d %{_datadir}/%{name} -s /sbin/nologin \
-c 'Mokey Server' mokey &> /dev/null
%prep
%setup -q -n %{name}-%{version}-linux-amd64
%build
# TODO: consider actually building from source with "go build"
%install
rm -rf %{buildroot}
install -d %{buildroot}%{_datadir}/%{name}
install -d %{buildroot}%{_sysconfdir}/%{name}
install -d %{buildroot}%{_bindir}
install -d %{buildroot}%{_usr}/lib/systemd/system
cp -a ./%{name}.yaml.sample %{buildroot}%{_sysconfdir}/%{name}/%{name}.yaml
cp -a ./%{name} %{buildroot}%{_bindir}/%{name}
cp -Ra ./templates %{buildroot}%{_datadir}/%{name}
cp -Ra ./ddl %{buildroot}%{_datadir}/%{name}
cat << EOF > %{buildroot}%{_usr}/lib/systemd/system/%{name}.service
[Unit]
Description=mokey server
After=syslog.target network.target mariadb.service
[Service]
Type=simple
User=mokey
Group=mokey
WorkingDirectory=%{_datadir}/%{name}
ExecStart=%{_bindir}/%{name} --debug server
Restart=on-abort
[Install]
WantedBy=multi-user.target
EOF
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%{_datadir}/%{name}/ddl/*
%doc README.rst AUTHORS.rst ChangeLog.rst NOTICE mokey.yaml.sample
%license LICENSE
%config(noreplace) %{_datadir}/%{name}/templates/*
%attr(0755,root,root) %{_bindir}/%{name}
%attr(640,root,mokey) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.yaml
%attr(644,root,root) %{_usr}/lib/systemd/system/%{name}.service
%changelog
* Tue May 18 2021 Andrew E. Bruno <aebruno2@buffalo.edu> 0.5.6-1
- New Features
- Add config option to replace unexpired password tokens
- Add email flag to resetpw command
- Add change expired password login flow
- Bug Fixes
- Relax CSP settings to allow inline images and js
* Thu Mar 25 2021 Andrew E. Bruno <aebruno2@buffalo.edu> 0.5.5-1
- New Features
- Add security related HTTP headers #55
- Upgrade to latest hydra sdk. Tested against hydra v1.9.2
- Add option to require admin verification to enable new account @cmd-ntrf
- Add option to always skip consent in hydra login flow @isard-vdi
- Bug Fixes
- Verify nsaccountlock before sending password reset email @cmd-ntrf
- Restrict username to lowercase and not only number when signing up @cmd-ntrf
* Tue Jul 07 2020 Andrew E. Bruno <aebruno2@buffalo.edu> 0.5.4-1
- Bug Fixes
- Fix bug with missing set-cookie header issue #53
* Tue Oct 29 2019 Andrew E. Bruno <aebruno2@buffalo.edu> 0.5.3-1
- New Features
- Update Login/Conset flow for hydra v1.0.3+oryOS.10
- Add support for SMTP AUTH (@cdwertmann)
- Implement fully encrypted SMTP connection (@g5pw)
- Upgrade to echo v4
- Bug Fixes
- Fix bug if session keys change or session gets corrupted
* Wed Sep 12 2018 Andrew E. Bruno <aebruno2@buffalo.edu> 0.5.2-1
- New Features
- Add option to disable user signup
- Add new command for re-sending verify emails
* Wed Sep 12 2018 Andrew E. Bruno <aebruno2@buffalo.edu> 0.5.1-1
- New Features
- Major code refactor to use echo framework
- Add user signup/registration (Fixes #8)
- Add support for new Login/Conset flow in hydra 1.0.0
- Add ApiKey support for hydra consent
- Add CAPTCHA support
- Add Globus support to user account sign up
- Simplify login to be more like FreeIPA (password+otp)
- Remove security questions
- Remove dependecy on krb5-libs (now using pure go kerberos library)
- Update build to use vgo
* Tue Jan 09 2018 Andrew E. Bruno <aebruno2@buffalo.edu> 0.0.6-14
- New Features
- OAuth/OpenID Connect consent endpoint for Hydra
- API key access to consent endpoint
- User status command
- Bug Fixes
- Fix optional security question on password reset for fresh accounts
- Support for FreeIPA 4.5
* Thu May 25 2017 Andrew E. Bruno <aebruno2@buffalo.edu> 0.0.5-1
- New Features
- Add support for managing SSH Public Keys
- Add support for managing OTP Tokens
- Add support for enabling Two-Factor Authentication
- Refresh UI
* Thu Sep 03 2015 Andrew E. Bruno <aebruno2@buffalo.edu> 0.0.4-1
- New Features
- Min password length configurable option
- Add HMAC signed tokens
* Wed Sep 02 2015 Andrew E. Bruno <aebruno2@buffalo.edu> 0.0.3-1
- New Features
- Rate limiting configurable option
- Re-locate static template directory
- Bug Fixes
- Add check for empty user name in forgot password
* Sat Aug 29 2015 Andrew E. Bruno <aebruno2@buffalo.edu> 0.0.2-1
- New Features
- Set ipahost from /etc/ipa/default.conf
* Fri Aug 28 2015 Andrew E. Bruno <aebruno2@buffalo.edu> 0.0.1-1
- Initial release