dkam/clinch
1
0
Fork 0
Code Issues 2 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Commit Graph

  • ab362aabac Remove the rate limit for the forward auth system main Dan Milne 2025-12-28 14:40:53 +11:00
  • 283feea175 Update depenencies, bump versoin Dan Milne 2025-11-30 23:13:25 +11:00
  • 7af8624bf8 Handle empty backchannel logout urls Dan Milne 2025-11-27 19:19:34 +11:00
  • f8543f98cc Add a subdirectory for active storage Dan Milne 2025-11-27 19:12:09 +11:00
  • 6be23c2c37 Add backchannel logout, per application logout. Dan Milne 2025-11-27 16:38:27 +11:00
  • eb2d7379bf Backchannel complete - improve oidc credential display Dan Milne 2025-11-27 11:52:25 +11:00
  • 67d86e5835 Add Icons for apps Dan Milne 2025-11-25 19:11:22 +11:00
  • d6029556d3 Add OIDC fixes, add prefered_username, add application-user claims Dan Milne 2025-11-25 16:29:40 +11:00
  • 7796c38c08 Add pairwise SID with a UUIDv4, a significatant upgrade over User.id.to_s. Complete allowing admin to enforce TOTP per user Dan Milne 2025-11-23 11:16:06 +11:00
  • e882a4d6d1 More complete oidc feature/enhance-jwt Dan Milne 2025-11-18 20:03:03 +11:00
  • ab0085e9c9 More complete oidc Dan Milne 2025-11-18 20:02:45 +11:00
  • 1ee3302319 Improvements derived from rodauth-oauth Dan Milne 2025-11-12 22:17:55 +11:00
  • 67f28faaca Improve some front end views. More descriptive error condition reporting. Updates to CLINCH_HOST for better WEBAUTHN Dan Milne 2025-11-12 16:24:05 +11:00
  • 33ad956508 Add test Dan Milne 2025-11-12 15:50:04 +11:00
  • 11ec753c68 Bump up the forward auth token ttl, fix leaking of error data Dan Milne 2025-11-09 12:27:53 +11:00
  • 4df2eee4d9 Bug fix for domain names with empty string instead of null. Form errors and some security fixes Dan Milne 2025-11-09 12:22:41 +11:00
  • d9f11abbbf Fixes for OIDC and HTML Dan Milne 2025-11-09 12:04:26 +11:00
  • c92e69fa4a Add PCKE Dan Milne 2025-11-09 11:54:45 +11:00
  • 038801f34b Add pkce Dan Milne 2025-11-09 10:21:29 +11:00
  • 8e0b2c28eb CSP fixes 2025.02 Dan Milne 2025-11-08 20:01:07 +11:00
  • f02665f690 Consolidate all the error messages - add some stimulus controller. Dan Milne 2025-11-07 16:58:28 +11:00
  • 631b2b53bb Fix CSP reporting endpoitn. Fix the SER for CSP Dan Milne 2025-11-04 23:22:15 +11:00
  • 6049429a41 Fix mobile view menu popout. Add an option SENTRY_DSN support, which uses rails event reporting Dan Milne 2025-11-04 23:16:28 +11:00
  • 2b15aa2c40 Add sentry, set csp reporting API Dan Milne 2025-11-04 22:58:32 +11:00
  • 4f5974dd37 bah Dan Milne 2025-11-04 21:33:52 +11:00
  • 5de53f1841 bug fix Dan Milne 2025-11-04 21:21:00 +11:00
  • 73b2ae2f02 Add some docs Dan Milne 2025-11-04 21:13:46 +11:00
  • 4c5ac344bd Bug updating OIDC apps. Update readme Dan Milne 2025-11-04 20:14:41 +11:00
  • 044b9239d6 Ok - this time add the new controllers we stripped out of inline and add back the csp Dan Milne 2025-11-04 18:55:20 +11:00
  • e9b1995e89 Remove unneeded stuff Dan Milne 2025-11-04 18:47:31 +11:00
  • fb14ce032f Strip out more inline javascript code. Encrypt backup codes and treat the backup codes attribute as a json array Dan Milne 2025-11-04 18:46:11 +11:00
  • bf104a9983 Fix CSP errors - migrate inline JS to stimulus controllers. Add a URL for applications so users can discover them Dan Milne 2025-11-04 17:06:53 +11:00
  • ec13dd2b60 Fix storing passkeys Dan Milne 2025-11-04 16:32:50 +11:00
  • 57abc0b804 Add webauthn Dan Milne 2025-11-04 16:20:11 +11:00
  • 19bfc21f11 Move sessions into their own view for easier management Dan Milne 2025-11-04 15:19:39 +11:00
  • ef15db77f9 Massive refactor. Merge forward_auth into App, remove references to unimplemented OIDC federation and SAML features. Add group and user custom claims. Groups now allocate which apps a user can use Dan Milne 2025-11-04 13:21:55 +11:00
  • 4d1bc1ab66 Update readme Dan Milne 2025-10-29 22:39:49 +11:00
  • 517029247d Update the .env.example file Dan Milne 2025-10-29 16:35:27 +11:00
  • bfcc5cdc84 More nuanced domain fetching for host validation Dan Milne 2025-10-29 16:31:56 +11:00
  • 81871426e9 Update docs Dan Milne 2025-10-29 16:08:49 +11:00
  • ddcb297c74 Add comprhensive csp polices and reporting endpoint. Add environment support require for protecting against rebinding attacks on ip addresses Dan Milne 2025-10-29 15:37:53 +11:00
  • 6f7de94623 Rate limit the forward_auth controller Dan Milne 2025-10-29 13:55:36 +11:00
  • baa75a3456 Use the IPAddr library to detect ipv4 and ipv6 addresses Dan Milne 2025-10-29 13:47:02 +11:00
  • c3205abffa Improve finding the requested host's domain for setting the domain cookie Dan Milne 2025-10-29 10:19:51 +11:00
  • a2008d0750 remove incorrectly named files Dan Milne 2025-10-28 09:01:27 +11:00
  • 810561d74b Rename thumbshots Dan Milne 2025-10-28 08:58:05 +11:00
  • 2ee895888d Add screenshots Dan Milne 2025-10-28 08:52:15 +11:00
  • 6c9fc429f1 Increase thumb Dan Milne 2025-10-28 08:35:09 +11:00
  • 7d200b849e Add a screenshot Dan Milne 2025-10-28 08:33:50 +11:00
  • 7074242907 Update docs. Implemented a one-time token to work around domain cookies not being immediately return by the browser. Reduce db queries on /api/verify requests. Dan Milne 2025-10-28 08:20:12 +11:00
  • da6fd5b800 More logs Dan Milne 2025-10-27 23:54:34 +11:00
  • cfab21b130 More tests Dan Milne 2025-10-26 23:56:02 +11:00
  • c80bcafdb7 Bug fix Dan Milne 2025-10-26 23:20:44 +11:00
  • f050541e14 Merge pull request #1 from dkam/dependabot/github_actions/actions/upload-artifact-5 Dan Milne 2025-10-27 20:05:01 +11:00
  • 431e947a4c Some more tests. Fix invitation link and password reset links. After creating their account and setting a password, the user is logged in Dan Milne 2025-10-26 23:09:38 +11:00
  • 8dd3e60071 Add a list_sign_in_at field for users so magick links work Dan Milne 2025-10-26 22:40:54 +11:00
  • e4e7a0873e Fixes Dan Milne 2025-10-26 22:03:03 +11:00
  • b5b1d94d47 Fix the CLINCH_HOST issue. Dan Milne 2025-10-26 21:59:27 +11:00
  • 52cfd6122c Typo. More tests Dan Milne 2025-10-26 20:42:18 +11:00
  • 87796e0478 Type Dan Milne 2025-10-26 20:28:14 +11:00
  • 227e29ce0a Fix/add some tests. Configure email sending address Dan Milne 2025-10-26 20:13:39 +11:00
  • d98f777e7d Refactor email delivery and background jobs system Dan Milne 2025-10-26 16:30:02 +11:00
  • 88428bfd97 Add configuration foward-auth headers Dan Milne 2025-10-26 14:41:20 +11:00
  • 2679634a2b Port 3000 Dan Milne 2025-10-25 16:00:09 +11:00
  • 2d5823213c Update readme Dan Milne 2025-10-25 13:50:15 +11:00
  • 5921cf82c2 Add invite button and routes for resending invitations Dan Milne 2025-10-25 13:49:10 +11:00
  • df834b6e57 Add license Dan Milne 2025-10-25 13:34:33 +11:00
  • 471c16890b Bump actions/upload-artifact from 4 to 5 dependabot[bot] 2025-10-25 02:34:28 +00:00
  • 39757a43dc Add an invite system Dan Milne 2025-10-24 23:26:07 +11:00
  • 5463723455 Increase the thing Dan Milne 2025-10-24 20:48:58 +11:00
  • e36850f8ba Bug fix Dan Milne 2025-10-24 17:07:12 +11:00
  • 0af3dbefed Remember that we concented. Dan Milne 2025-10-24 17:01:03 +11:00
  • d6c24e50df Whoops - add oidc logout Dan Milne 2025-10-24 16:47:55 +11:00
  • 8c80343b89 Add nonce to the auth codes Dan Milne 2025-10-24 16:34:38 +11:00
  • 2db7f6a9df Don't use turbo when we expect to redirect Dan Milne 2025-10-24 16:27:05 +11:00
  • e3f202f574 Fix and cleanup Dan Milne 2025-10-24 16:17:56 +11:00
  • c7f391541a Fix - remove debug Dan Milne 2025-10-24 16:08:01 +11:00
  • 8e56210b74 More debugging Dan Milne 2025-10-24 16:01:18 +11:00
  • 056c69e002 More debugging Dan Milne 2025-10-24 15:54:08 +11:00
  • 225b6b0bb6 Debuging Dan Milne 2025-10-24 15:47:29 +11:00
  • fbda018065 Bug fix approving an Application Dan Milne 2025-10-24 15:41:31 +11:00
  • 12e0ef66ed OIDC app creation with encrypted secrets and application roles Dan Milne 2025-10-24 14:47:24 +11:00
  • 831bd083c2 Update readme 2025.01 Dan Milne 2025-10-24 12:02:38 +11:00
  • 1212e0f22e Allow redirection to 3rd party sites Dan Milne 2025-10-24 11:52:58 +11:00
  • a21b21ace2 remove unneeded action Dan Milne 2025-10-24 11:43:34 +11:00
  • ad70841689 Pass the redirect url through the forms Dan Milne 2025-10-24 11:36:11 +11:00
  • 9be6ef09ff Add missing file Dan Milne 2025-10-24 11:08:43 +11:00
  • 21bdc21486 Switch menu order Dan Milne 2025-10-24 11:08:28 +11:00
  • fc9afcd1b7 Separate Forward auth into it's own models + controller Dan Milne 2025-10-24 10:56:27 +11:00
  • ee4af20000 Updates Dan Milne 2025-10-23 23:55:21 +11:00
  • 7200a6735f OK - 302 + Location Dan Milne 2025-10-23 23:52:01 +11:00
  • e3e2a565e7 Oh - we do use a 401, but with a Location header Dan Milne 2025-10-23 22:27:11 +11:00
  • 19cc425f94 Annnd let extract the correct headers so we can redirect Dan Milne 2025-10-23 22:16:28 +11:00
  • 96a9ce2258 Redirect when auth fails - I think! Dan Milne 2025-10-23 22:07:58 +11:00
  • ec2eb27da1 Add user admin Dan Milne 2025-10-23 21:13:50 +11:00
  • 8cbf0731e0 JWT service Dan Milne 2025-10-23 20:39:45 +11:00
  • 7f075391c1 Switch user status to enum Dan Milne 2025-10-23 20:24:19 +11:00
  • 91573ee2b9 Add OIDC capability Dan Milne 2025-10-23 20:04:46 +11:00
  • d480d7dd0a Start implementing OIDC Dan Milne 2025-10-23 18:22:52 +11:00
  • 07e87dbaeb User registation working. Sidebar built. Dashboard built. TOTP enable works - TOTP login works Dan Milne 2025-10-23 18:07:49 +11:00