Dan Milne 49068aa344 Add tests

2026-06-15 08:22:23 +10:00

..

admin

Apps index access column + summary + admin access checker

2026-06-07 18:38:56 +10:00

api

Require CLINCH_HOST in deployed environments; drop request-host fallback

2026-06-11 08:04:42 +10:00

concerns

Add tests

2026-06-15 08:22:23 +10:00

active_sessions_controller.rb

Add skip-consent, correctly use 303, rather than 302, actually rename per app 'logout' to 'require re-auth'. Add helper methods for token lifetime - allowing 10d for 10days for example.

2026-01-05 12:03:01 +11:00

api_keys_controller.rb

Notify users out-of-band when security settings change

2026-05-02 23:52:12 +10:00

application_controller.rb

Notify users out-of-band when security settings change

2026-05-02 23:52:12 +10:00

dashboard_controller.rb

Fix CSP errors - migrate inline JS to stimulus controllers. Add a URL for applications so users can discover them

2025-11-04 17:06:53 +11:00

invitations_controller.rb

Add remainging rate limits. Add docker compose production example. Update beta-checklist.

2026-01-02 12:14:13 +11:00

oidc_controller.rb

Fix ForwardAuth fail-open and consent CSRF bypass

2026-06-11 07:52:56 +10:00

passwords_controller.rb

Notify users out-of-band when security settings change

2026-05-02 23:52:12 +10:00

profiles_controller.rb

Notify users out-of-band when security settings change

2026-05-02 23:52:12 +10:00

sessions_controller.rb

Make WebAuthn clone detection actually block, and fix false positives

2026-06-11 20:28:38 +10:00

totp_controller.rb

Notify users out-of-band when security settings change

2026-05-02 23:52:12 +10:00

users_controller.rb

Default-deny access control with group flags and access enumeration

2026-06-07 15:53:27 +10:00

webauthn_controller.rb

Notify users out-of-band when security settings change

2026-05-02 23:52:12 +10:00