Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-10-09 | Update application's allowed scopes | Frederick Muriuki Muriithi | |
The `register-client` and `migrate-data` scopes are not supported for end-user clients. | |||
2024-10-09 | Pass the scope from the token, not application | Frederick Muriuki Muriithi | |
There are at times when a token's scope could be attenuated for whatever reason from the full scope allowed to the application. In those instances, it is necessary to use the token's scope rather than the full scope. | |||
2024-09-23 | Add method to clear redirect url from session. | Alexander_Kabui | |
2024-09-18 | Refactor: drop __clear_session__ function. | Alexander_Kabui | |
2024-09-18 | Refactor: try to build endpoint with get request. | Alexander_Kabui | |
If BuildError is raised default to "/" | |||
2024-09-18 | fix minor issue for setting redirect url. | Alexander_Kabui | |
2024-09-18 | feat(auth): implement redirect to login page and save current endpoint to ↵ | Alexander_Kabui | |
session * Redirect users to the login page when authentication is required. * Save the current endpoint in the session for post-login redirection. | |||
2024-09-18 | After login redirect users to the next request endpoint. | Alexander_Kabui | |
2024-09-18 | Add new optional parameter to session object: redirect_url. | Alexander_Kabui | |
2024-09-17 | Redirect users to login page if they attempt to access a service that ↵ | Alexander_Kabui | |
requires authentication but are not logged in | |||
2024-09-17 | fix: dynamically get the keys that may contain error messages | John Nduli | |
2024-09-06 | Fail noisily to help with troubleshooting issues. | Frederick Muriuki Muriithi | |
2024-08-07 | Merge pull request #855 from jnduli/gn2_profiles_pages | Muriithi Frederick Muriuki | |
Gn2 Fix profiles pages dashboard | |||
2024-08-07 | chore: remove passing bearer token to end user | John Nduli | |
2024-08-06 | fix: use bearer token to query auth server | John Nduli | |
2024-08-06 | fix: pass in proper list of priviledge_ids | John Nduli | |
2024-08-05 | minor code formatting. | Frederick Muriuki Muriithi | |
2024-08-05 | Update JWKs endpoint documentation. | Frederick Muriuki Muriithi | |
2024-08-05 | Fix URL | Frederick Muriuki Muriithi | |
2024-08-05 | Override 'client_secret_post' auth with a JSON equivalent | Frederick Muriuki Muriithi | |
In order to use JSON consistently across the board, we make even the authentication method use JSON rather than FORMDATA. | |||
2024-08-02 | Consistently use JSON for all endpoints. | Frederick Muriuki Muriithi | |
2024-08-01 | bug: add missing `count_per_page` variable. | Frederick Muriuki Muriithi | |
2024-08-01 | Use auto-created and auto-rotated JSON Web Keys | Frederick Muriuki Muriithi | |
Use auto-created JWKs for better security. | |||
2024-08-01 | Use JWKs from auth server public endpoint | Frederick Muriuki Muriithi | |
* Fetch keys from auth server * Validate token is signed with one of the keys from server * Ensure refreshing of token is still synchronised | |||
2024-08-01 | Add module to help with rotation of JSON Web Keys. | Frederick Muriuki Muriithi | |
2024-07-31 | Synchronise token refreshes | Frederick Muriuki Muriithi | |
The application can be run in a multi-threaded server, leading to a situation where the multiple threads attempt to get a new JWT using the exact same refresh token. This synchronises the various threads ensuring only a single thread is able to retrieve the new JWT that all the rest of the threads then use. | |||
2024-07-26 | Use JSON rather than X-Form-URL-encoded data with auth server. | Frederick Muriuki Muriithi | |
2024-07-22 | Provide PoC public-jwks endpoint. | Frederick Muriuki Muriithi | |
2024-07-17 | Fix premature session expiration | Frederick Muriuki Muriithi | |
With the change to JWTs the time-to-live for each token is severely curtailed to help with security in case of a token theft. We, therefore, can no longer rely on the TTL for session expiration, rather, we will rely of the token-refresh mechanism to expire a token after a long while. | |||
2024-07-17 | Remove redundant import. | Frederick Muriuki Muriithi | |
2024-07-17 | Remove token and user detail handling from @app.before_request | Frederick Muriuki Muriithi | |
The token and user details information is handled in the `gn2.wqflask.oauth2.session`. Other parts of the system should make use of that. It also helps avoid some weird "action-at-a-distance" interactions - this forces the code to request what it needs when it needs it and not rely on some global variables. | |||
2024-06-25 | Remove flawed "group role" idea: use just "role". | Frederick Muriuki Muriithi | |
2024-06-17 | Remove deprecated endpoints/views and templates | Frederick Muriuki Muriithi | |
2024-06-17 | Fix error display logic | Frederick Muriuki Muriithi | |
2024-06-17 | Fetch the active user's roles on a particular resource. | Frederick Muriuki Muriithi | |
2024-06-17 | Use privilege objects rather than IDS. | Frederick Muriuki Muriithi | |
2024-06-17 | Delete request to obsoleted endpoint. | Frederick Muriuki Muriithi | |
2024-06-17 | Create a new resource role. | Frederick Muriuki Muriithi | |
2024-06-17 | Update URI forms | Frederick Muriuki Muriithi | |
2024-06-17 | Use json for communication with gn-auth | Frederick Muriuki Muriithi | |
2024-06-11 | List user assigned role of interest. | Frederick Muriuki Muriithi | |
2024-06-10 | Unassign privilege from resource role. | Frederick Muriuki Muriithi | |
2024-06-10 | Import the UUID class directly. | Frederick Muriuki Muriithi | |
2024-06-10 | Implement "Resource Role Page" | Frederick Muriuki Muriithi | |
Show the page, providing all UI elements necessary, even if the elements themselves are not active. | |||
2024-06-10 | Generalise `render_ur` for the resources pages | Frederick Muriuki Muriithi | |
2024-06-10 | Set default headers for OAuth2Client requests. | Frederick Muriuki Muriithi | |
2024-06-07 | Update UI: Use resource roles rather than obsolete group roles | Frederick Muriuki Muriithi | |
In a fix to fix a privilege-escalation bug, the `…/group/roles` endpoint was entirely removed and replaced with the less error-prone `…/resource/…/roles` endpoint. This commit updates the code to use the new endpoint's data as appropriate. We also fix typos in some url_for routing arguments. | |||
2024-06-06 | Fix displayed error message | Frederick Muriuki Muriithi | |
2024-06-06 | Remove the "Roles" page. | Frederick Muriuki Muriithi | |
2024-06-06 | Deactivate the "create_role" function | Frederick Muriuki Muriithi | |
The `create_role` function could lead to privilege escalation. This commit deactivates it completely to prevent the chance of that happening. |