This website requires JavaScript.
Explore
Help
Sign In
dkam
/
clinch
Watch
1
Star
0
Fork
0
You've already forked clinch
Code
Issues
4
Pull Requests
Actions
Packages
Projects
Releases
Wiki
Activity
Files
25e1043312e0be3b4c40ee82a44baeaee80e7f09
clinch
/
app
/
controllers
History
Dan Milne
25e1043312
Add skip-consent, correctly use 303, rather than 302, actually rename per app 'logout' to 'require re-auth'. Add helper methods for token lifetime - allowing 10d for 10days for example.
2026-01-05 12:03:01 +11:00
..
admin
Add skip-consent, correctly use 303, rather than 302, actually rename per app 'logout' to 'require re-auth'. Add helper methods for token lifetime - allowing 10d for 10days for example.
2026-01-05 12:03:01 +11:00
api
StandardRB fixes
2026-01-01 13:29:44 +11:00
concerns
More OpenID Conformance test fixes - work with POST, correct auth code character set, correct no-store cache headers
2026-01-03 12:28:43 +11:00
active_sessions_controller.rb
Add skip-consent, correctly use 303, rather than 302, actually rename per app 'logout' to 'require re-auth'. Add helper methods for token lifetime - allowing 10d for 10days for example.
2026-01-05 12:03:01 +11:00
application_controller.rb
StandardRB fixes
2026-01-01 13:29:44 +11:00
dashboard_controller.rb
Fix CSP errors - migrate inline JS to stimulus controllers. Add a URL for applications so users can discover them
2025-11-04 17:06:53 +11:00
invitations_controller.rb
Add remainging rate limits. Add docker compose production example. Update beta-checklist.
2026-01-02 12:14:13 +11:00
oidc_controller.rb
Better error messages
2026-01-03 12:29:27 +11:00
passwords_controller.rb
Add remainging rate limits. Add docker compose production example. Update beta-checklist.
2026-01-02 12:14:13 +11:00
profiles_controller.rb
Add rails encryption for totp - allow configuration of encryption secrets from env, or derive them from SECRET_KEY_BASE. Don't leak email address via web_authn, rate limit web_authn, escape oidc state value, require password for changing email address, allow settings the hmac secret for token prefix generation
2025-12-31 10:33:56 +11:00
sessions_controller.rb
Add skip-consent, correctly use 303, rather than 302, actually rename per app 'logout' to 'require re-auth'. Add helper methods for token lifetime - allowing 10d for 10days for example.
2026-01-05 12:03:01 +11:00
totp_controller.rb
Add pairwise SID with a UUIDv4, a significatant upgrade over User.id.to_s. Complete allowing admin to enforce TOTP per user
2025-11-23 11:16:06 +11:00
users_controller.rb
StandardRB fixes
2026-01-01 13:29:44 +11:00
webauthn_controller.rb
StandardRB fixes
2026-01-01 13:29:44 +11:00
