* fix(ldap): pass through LDAP mail attribute instead of crafting email
TinyAuth was constructing LDAP user emails as username@CookieDomain
instead of using the mail attribute stored in the directory. This caused
OIDC clients like Grafana to receive a synthetic email rather than the
real one.
Rename GetUserDN to GetUserInfo and extend it to also fetch the mail
attribute in the same LDAP query. Thread the result through UserSearch
and use it in both the login flow and the basic auth middleware, falling
back to the crafted email only when LDAP returns no mail value.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: add ldap email logic back after main merge
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Stavros <steveiliop56@gmail.com>
* feat: add new logger
* refactor: use one struct for context handling and cancellation
* refactor: rework logging and config in controllers
* refactor: rework logging and config in middlewares
* refactor: rework logging and cancellation in services
* refactor: rework cli logging
* fix: improve logging in routines
* feat: use sync groups for better cancellation
* refactor: simplify middleware, controller and service init
* tests: fix controller tests
* tests: use require instead of assert where previous step is required
* tests: fix middleware tests
* tests: fix service tests
* tests: fix context tests
* fix: fix typos
* feat: add option to enable or disable concurrent listeners
* fix: assign public key correctly in oidc server
* tests: fix don't try to test logger with char size
* fix: coderabbit comments
* tests: use filepath join instead of path join
* fix: ensure unix socket shutdown doesn't run twice
* chore: remove temp lint file
* Add TINYAUTH_AUTH_SUBDOMAINSENABLED option
Setting it to false allows to use Tinyauth on top-level domain only,
but forbids automatic cross-app authentication using Traefik/Nginx.
* fix: inform services and controllers if subdomain cookie domain is enabled
* chore: rabbit feedback
* fix: deny ip addresses for standalone domain
---------
Co-authored-by: Stavros <steveiliop56@gmail.com>
* feat(access-control): Add support for Kubernetes Label
* feat(access-control): Defaults to Docker
* feat(access-control): Remove kubeconfig fallback
* feat(watcher): Watcher for kubernetes service
* feat(watcher): Merge with main + remove nightly fix redirect
* fix(go): Go mod + Go sum after sync with main
* fix(config): Ser default value for LabelProvider to Docker
* feat(go): go mod tidy
* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22
* feat(k8s_service): (Watcher) -> Wait 5s before breaking to outer loop again
* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22
* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22
* feat(k8s_service): Remove logic for deprecated Ingress k8s v1.22
* feat(k8s_service): Remove
var _ = unstructured.Unstructured{} + comments + msg edits
* feat(bootstrap): Remove dockerService from bootstrap svc
* feat(auth_svc): Remove dockerService from authservice
* feat(test): Add tests for kubernetes_services
* feat(test): Remove docker serivce form proxy/user test
* fix(refactor): Remove update logic from watcher and resync
* fix(refactor): Split watchGVR to make it more readable
* fix(refactor): Remove discovery + drop K 1.22 completely
* fix(refactor): Move interface to acess_controls_service
* feat: Autodetect labelprovider if TINYAUTH_LABELPROVIDER not set
* fix(test): Match testing scheme to the controllers
* fix: service bootstrap import after merge
* fix: service bootstrap import after merge
* feat(oidc): support for all in-spec attributes and scopes
* add tests
* assert phone/email verified when either is set
* update tests
* add claims back to userinfo
* remove redundant column drop in migration
* fix duplicate migration id
* fix clobbered imports post-rebase
Stavros