clinch

Author	SHA1	Message	Date
Dan Milne	782e197d91	Fix access check form: use GET so results render Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details Build and publish image / build (push) Has been cancelled Details The access check form POSTed and re-rendered :new with a 200 HTML response, which Turbo rejects ("Form responses must redirect to another location"), so the result panel never appeared. Since the check is a read-only query, switch to a GET form and fold the lookup into the new action. Results are now bookmarkable via the URL. Bump version to 0.16.2. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-21 15:42:57 +10:00
Dan Milne	2843790cef	Apps index access column + summary + admin access checker Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details The Applications index used to render "All users" whenever an app had no allowed_groups; under default-deny that's the opposite of the truth. Replaced with a "No one" badge and, when groups are present, a "N users · M groups" cell so the access reality is visible at a glance. Added a small stats strip above the apps table: applications, users with access, and groups granting access. Backed by preloaded counts in the controller to avoid N+1. Added /admin/access — a small "Access check" tool that takes a user and an application and reports whether the user can reach it, with the granting group(s) when allowed, and the specific reason when not (inactive app/user, no allowed groups, or no shared group). Wired into the admin sidebar. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-06-07 18:38:56 +10:00
Dan Milne	fd8785a43d	Add API keys / bearer tokens for forward auth Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details Enables server-to-server authentication for forward auth applications (e.g., video players accessing WebDAV) where browser cookies aren't available. API keys use clk_ prefixed tokens stored as HMAC hashes. Bearer token auth is checked before cookie auth in /api/verify. Invalid tokens return 401 JSON (no redirect). Requests without bearer tokens fall through to existing cookie flow unchanged. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 21:45:40 +11:00
Dan Milne	16e34ffaf0	Updates for oidc conformance	2026-01-03 10:11:10 +11:00
Dan Milne	f67a73821c	OpenID Conformance: user info endpoint should support get and post requets, not just get Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-02 15:26:39 +11:00
Dan Milne	93a0edb0a2	StandardRB fixes Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2026-01-01 13:29:44 +11:00
Dan Milne	6be23c2c37	Add backchannel logout, per application logout. Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-11-27 16:38:27 +11:00
Dan Milne	d6029556d3	Add OIDC fixes, add prefered_username, add application-user claims	2025-11-25 16:29:40 +11:00
Dan Milne	7796c38c08	Add pairwise SID with a UUIDv4, a significatant upgrade over User.id.to_s. Complete allowing admin to enforce TOTP per user Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-11-23 11:16:06 +11:00
Dan Milne	e882a4d6d1	More complete oidc Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-11-18 20:03:03 +11:00
Dan Milne	fb14ce032f	Strip out more inline javascript code. Encrypt backup codes and treat the backup codes attribute as a json array	2025-11-04 18:46:11 +11:00
Dan Milne	57abc0b804	Add webauthn Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-11-04 16:20:11 +11:00
Dan Milne	19bfc21f11	Move sessions into their own view for easier management Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-11-04 15:19:39 +11:00
Dan Milne	ef15db77f9	Massive refactor. Merge forward_auth into App, remove references to unimplemented OIDC federation and SAML features. Add group and user custom claims. Groups now allocate which apps a user can use Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-11-04 13:21:55 +11:00
Dan Milne	ddcb297c74	Add comprhensive csp polices and reporting endpoint. Add environment support require for protecting against rebinding attacks on ip addresses Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-29 15:37:53 +11:00
Dan Milne	5921cf82c2	Add invite button and routes for resending invitations	2025-10-25 13:49:10 +11:00
Dan Milne	5463723455	Increase the thing Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-24 20:48:58 +11:00
Dan Milne	d6c24e50df	Whoops - add oidc logout Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-24 16:47:55 +11:00
Dan Milne	12e0ef66ed	OIDC app creation with encrypted secrets and application roles Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-24 14:47:24 +11:00
Dan Milne	fc9afcd1b7	Separate Forward auth into it's own models + controller Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-24 10:56:27 +11:00
Dan Milne	ec2eb27da1	Add user admin	2025-10-23 21:13:50 +11:00
Dan Milne	7f075391c1	Switch user status to enum Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-23 20:24:19 +11:00
Dan Milne	91573ee2b9	Add OIDC capability	2025-10-23 20:04:46 +11:00
Dan Milne	07e87dbaeb	User registation working. Sidebar built. Dashboard built. TOTP enable works - TOTP login works Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-23 18:07:49 +11:00
Dan Milne	256cbe3a48	User registation working. Sidebar built. Dashboard built. TOTP enable works - TOTP login works Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-23 18:07:27 +11:00
Dan Milne	56f7dd7b3c	First crack Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-23 16:45:00 +11:00
Dan Milne	1ff0a95392	First commit Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details	2025-10-23 16:19:56 +11:00

27 Commits