root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 10 Packages Projects Releases Wiki Activity
59,186 Commits 177 Branches 546 Tags 272 MiB
Commit Graph

90 Commits

Author SHA1 Message Date
Aaron Seo 3a319c2792 Filter out sockOrAddr from http auth backend's request query 
(cherry picked from commit 844f25d77a)
(cherry picked from commit 85e14c74fa)
 2025-04-27 08:58:58 +00:00
Marcial Rosales 335eb0052e Do not propagate none password for http auth backend 
(cherry picked from commit b09bfb25b6)
 2025-02-25 18:28:18 +00:00
Michael Klishin 968eefa1bb
Bump (c) line year 
There are no functional changes to this massive diff.
 2025-01-01 17:54:10 -05:00
Lois Soto Lopez 3ff7e82c5c Provide specific f. to fix client ssl options 
Provides a specific function to fix client ssl options, i.e.: apply all
fixes that are applied for TLS listeneres and clients on previous
versions but also sets `cacerts` option to CA certificates obtained by
`public_key:cacerts_get`, only when no `cacertfile` or `cacerts` are
provided.
 2024-10-21 18:00:06 -04:00
Marcial Rosales 9ca24f706b Fix issue 
ssl_options must be encapsulated within an ssl property
 2024-05-31 12:34:30 -07:00
Luke Bakken 2070758f92 Actually do something with ssl_hostname_verification 2024-05-31 12:34:30 -07:00
Arnaud Cogoluègnes 1f89ede396
Remove rabbit_authz_backend:state_can_expire/0 
Use expiry_timestamp/1 instead, which returns 'never'
if the credentials do not expire.

Fixes #10382
 2024-01-24 09:58:59 +01:00
Arnaud Cogoluègnes 33c64d06ea
Add expiry_timestamp/1 callback to authz backend behavior 
Backends return 'never' or the timestamp of the expiry time
of the credentials. Only the OAuth2 backend returns a timestamp,
other RabbitMQ authz backends return 'never'.

Client code uses rabbit_access_control, so it contains now
a new expiry_timestamp/1 function that returns the earliest
expiry time of the underlying backends.

Fixes #10298
 2024-01-19 14:46:47 +01:00
Michael Klishin 01092ff31f
(c) year bumps 2024-01-01 22:02:20 -05:00
Michael Klishin ec2bbb4ea3
More cosmetics 2023-12-22 22:31:46 -05:00
Michael Klishin 83d7920166
authN/authZ backend HTTP: cosmetics 2023-12-22 22:31:12 -05:00
Michael Klishin 87c961b892
Use snake_case for these two functions 2023-12-22 10:10:14 -05:00
Marcial Rosales 04658fbb6f Improve docs wording 2023-12-22 14:05:05 +00:00
Marcial Rosales 2fc8d2b3ae Propagate all credentials to http backend 2023-12-22 13:54:34 +00:00
Michael Klishin 1b642353ca
Update (c) according to [1] 
1. https://investors.broadcom.com/news-releases/news-release-details/broadcom-and-vmware-intend-close-transaction-november-22-2023
 2023-11-21 23:18:22 -05:00
Marcial Rosales a70539a1a1 Remove debug log statements 2023-08-14 13:09:58 +01:00
Marcial Rosales dbffccba9d Fix #9043 2023-08-14 11:51:46 +01:00
Luke Bakken 6c39f6812a Make dialyzer happy by ensuring `rabbit_data_coercion:to_list/1` can handle `inet:ip_address()` 2023-04-24 11:39:16 -07:00
Luke Bakken 667db16949 Tweak type spec 2023-04-24 11:39:16 -07:00
Luke Bakken 3f27a1c27b Special case "unknown" 
Fixes #7864
 2023-04-24 11:39:16 -07:00
Alexey Lebedeff 8164df8bb2 Fix all dialyzer warnings in auth backends 2023-01-19 16:01:30 +01:00
Michael Klishin ec4f1dba7d
(c) year bump: 2022 => 2023 2023-01-01 23:17:36 -05:00
Rin Kuryloski bef2756b5f Fixes for various dialyzer warnings 2022-12-02 09:14:08 +01:00
Simon Unge 09d84e6bd5 See #4842. Obfuscate impl value 2022-11-09 15:14:51 -08:00
Luke Bakken 7fe159edef
Yolo-replace format strings 
Replaces `~s` and `~p` with their unicode-friendly counterparts.

```
git ls-files *.erl | xargs sed -i.ORIG -e s/~s>/~ts/g -e s/~p>/~tp/g
```
 2022-10-10 10:32:03 +04:00
Michael Klishin c38a3d697d
Bump (c) year 2022-03-21 01:21:56 +04:00
Michael Klishin 471294af67
AuthN/Z backend HTTP: rename two new settings, add tests 2021-06-24 23:26:13 +10:00
SzumiecM bfe648e92d Add configurable timeout to HTTP connections 2021-06-24 02:02:54 -07:00
Michael Klishin 52479099ec
Bump (c) year 2021-01-22 09:00:14 +03:00
dcorbacho 52eb308ea4 Switch to Mozilla Public License 2.0 (MPL 2.0) 2020-07-10 20:14:09 +01:00
Luke Bakken 2914f86a6d Handle `undefined` case for AuthzData 
Fixes #100
 2020-06-30 06:33:51 -07:00
Jean-Sébastien Pédron 8299fb28c0 Update copyright (year 2020) 2020-03-10 16:02:32 +01:00
Michael Klishin d280e96139 Add some essential debug logging of requests issued 
Per rabbitmq-users feedback.
 2020-02-29 19:42:01 +03:00
Michael Klishin c7176c9123 (c) bump 2019-12-29 05:50:24 +03:00
Michael Klishin a484ede8f8 Adapt to rabbit_authz_backend interface changes 
from rabbitmq/rabbitmq-auth-backend-oauth2#28.
 2019-07-03 09:54:14 +02:00
Arnaud Cogoluègnes ff2ed6e831 Propagate protocol-specific context to HTTP backend 
Information like MQTT client ID is now propagated to the backend for
all authentication and authorization functions.

References rabbitmq/rabbitmq-server#1767
 2019-06-03 14:35:53 +02:00
Michael Klishin 9b332d1868 Error message wording 2019-05-23 10:35:21 +01:00
Szympon Mentel bc88164b0a Correctly recognise when access is denied for user 
So far, the "deny" resopnse from an HTTP authentication server was parsed
as a string while an atom was expected. As a result, if the server denied
a user it simply happend to work as the plugin would return an error
because of the type mismatch and the user would not be accepted anyway.
 2019-05-22 15:17:17 +02:00
Luke Bakken 4e96813930 Take peeraddr as binary() into account 2019-03-25 15:10:45 -07:00
Luke Bakken 68c70c006a Ensure tuple IP is formatted correctly 2019-03-22 16:07:14 -07:00
Luke Bakken c76a927b5c Remove unused code 2019-03-22 10:32:56 -07:00
Luke Bakken 0fa8c8bc41 Modify check_vhost_access/3 to use map of data 
Part of rabbitmq/rabbitmq-auth-backend-cache#20
 2019-03-22 07:24:19 -07:00
Michael Klishin d47c658220 Post space-separated tags, add tests 2019-02-27 21:10:25 +03:00
romerod 30e8a3f31c Pass tags to http backends 2019-02-27 21:10:25 +03:00
Michael Klishin 8d6ee4051d Accept authentication context in user_login_authorization/2 
Part of rabbitmq/rabbitmq-server#1633.

[#158805410]
 2018-07-03 23:30:53 +03:00
Michael Klishin deacd34548 Manually apply #68 with reduced duplication 
Closes #68.
 2018-05-16 21:49:51 -03:00
Michael Klishin d033cf88de Use get_env/2 here to avoid a badmatch 
It was a temporary drive by change that's made it through to the
commit.

Fixes #62.

[#153877066]

(cherry picked from commit 2274efd30bfc29f11f641b896f8efff595d7309b)
 2017-12-22 20:25:07 +04:00
Michael Klishin 84c7093e88 Add HTTP method field to Cuttlefish schema 
Fixes #61.

(cherry picked from commit 38f77443935f4dc873429830bc57489051fa656d)
 2017-12-19 18:33:37 +03:00
Michael Klishin eebc26d0b0 Use rabbit_data_coercion here as well 2017-06-26 23:34:01 +03:00
Arnaud Cogoluègnes f4818557a8 Handle map in HTTP parameters 
An Erlang map is turned into several HTTP parameters. E.g.
{variable_map, #{username => guest, vhost = some-vhost}} is
converted into 2 HTTP parameters: variable_map.username=guest
and variable_map.vhost=some-vhost.

Fixes #53
 2017-06-26 15:23:52 +02:00