Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-09-18 | Refactor: try to build endpoint with get request. | Alexander_Kabui | |
If BuildError is raised default to "/" | |||
2024-09-18 | fix minor issue for setting redirect url. | Alexander_Kabui | |
2024-09-18 | feat(auth): implement redirect to login page and save current endpoint to ↵ | Alexander_Kabui | |
session * Redirect users to the login page when authentication is required. * Save the current endpoint in the session for post-login redirection. | |||
2024-09-18 | After login redirect users to the next request endpoint. | Alexander_Kabui | |
2024-09-18 | Add new optional parameter to session object: redirect_url. | Alexander_Kabui | |
2024-09-17 | Redirect users to login page if they attempt to access a service that ↵ | Alexander_Kabui | |
requires authentication but are not logged in | |||
2024-09-17 | fix: dynamically get the keys that may contain error messages | John Nduli | |
2024-09-06 | Fail noisily to help with troubleshooting issues. | Frederick Muriuki Muriithi | |
2024-08-07 | Merge pull request #855 from jnduli/gn2_profiles_pages | Muriithi Frederick Muriuki | |
Gn2 Fix profiles pages dashboard | |||
2024-08-07 | chore: remove passing bearer token to end user | John Nduli | |
2024-08-06 | fix: use bearer token to query auth server | John Nduli | |
2024-08-06 | fix: pass in proper list of priviledge_ids | John Nduli | |
2024-08-05 | minor code formatting. | Frederick Muriuki Muriithi | |
2024-08-05 | Update JWKs endpoint documentation. | Frederick Muriuki Muriithi | |
2024-08-05 | Fix URL | Frederick Muriuki Muriithi | |
2024-08-05 | Override 'client_secret_post' auth with a JSON equivalent | Frederick Muriuki Muriithi | |
In order to use JSON consistently across the board, we make even the authentication method use JSON rather than FORMDATA. | |||
2024-08-02 | Consistently use JSON for all endpoints. | Frederick Muriuki Muriithi | |
2024-08-01 | bug: add missing `count_per_page` variable. | Frederick Muriuki Muriithi | |
2024-08-01 | Use auto-created and auto-rotated JSON Web Keys | Frederick Muriuki Muriithi | |
Use auto-created JWKs for better security. | |||
2024-08-01 | Use JWKs from auth server public endpoint | Frederick Muriuki Muriithi | |
* Fetch keys from auth server * Validate token is signed with one of the keys from server * Ensure refreshing of token is still synchronised | |||
2024-08-01 | Add module to help with rotation of JSON Web Keys. | Frederick Muriuki Muriithi | |
2024-07-31 | Synchronise token refreshes | Frederick Muriuki Muriithi | |
The application can be run in a multi-threaded server, leading to a situation where the multiple threads attempt to get a new JWT using the exact same refresh token. This synchronises the various threads ensuring only a single thread is able to retrieve the new JWT that all the rest of the threads then use. | |||
2024-07-26 | Use JSON rather than X-Form-URL-encoded data with auth server. | Frederick Muriuki Muriithi | |
2024-07-22 | Provide PoC public-jwks endpoint. | Frederick Muriuki Muriithi | |
2024-07-17 | Fix premature session expiration | Frederick Muriuki Muriithi | |
With the change to JWTs the time-to-live for each token is severely curtailed to help with security in case of a token theft. We, therefore, can no longer rely on the TTL for session expiration, rather, we will rely of the token-refresh mechanism to expire a token after a long while. | |||
2024-07-17 | Remove redundant import. | Frederick Muriuki Muriithi | |
2024-07-17 | Remove token and user detail handling from @app.before_request | Frederick Muriuki Muriithi | |
The token and user details information is handled in the `gn2.wqflask.oauth2.session`. Other parts of the system should make use of that. It also helps avoid some weird "action-at-a-distance" interactions - this forces the code to request what it needs when it needs it and not rely on some global variables. | |||
2024-06-25 | Remove flawed "group role" idea: use just "role". | Frederick Muriuki Muriithi | |
2024-06-17 | Remove deprecated endpoints/views and templates | Frederick Muriuki Muriithi | |
2024-06-17 | Fix error display logic | Frederick Muriuki Muriithi | |
2024-06-17 | Fetch the active user's roles on a particular resource. | Frederick Muriuki Muriithi | |
2024-06-17 | Use privilege objects rather than IDS. | Frederick Muriuki Muriithi | |
2024-06-17 | Delete request to obsoleted endpoint. | Frederick Muriuki Muriithi | |
2024-06-17 | Create a new resource role. | Frederick Muriuki Muriithi | |
2024-06-17 | Update URI forms | Frederick Muriuki Muriithi | |
2024-06-17 | Use json for communication with gn-auth | Frederick Muriuki Muriithi | |
2024-06-11 | List user assigned role of interest. | Frederick Muriuki Muriithi | |
2024-06-10 | Unassign privilege from resource role. | Frederick Muriuki Muriithi | |
2024-06-10 | Import the UUID class directly. | Frederick Muriuki Muriithi | |
2024-06-10 | Implement "Resource Role Page" | Frederick Muriuki Muriithi | |
Show the page, providing all UI elements necessary, even if the elements themselves are not active. | |||
2024-06-10 | Generalise `render_ur` for the resources pages | Frederick Muriuki Muriithi | |
2024-06-10 | Set default headers for OAuth2Client requests. | Frederick Muriuki Muriithi | |
2024-06-07 | Update UI: Use resource roles rather than obsolete group roles | Frederick Muriuki Muriithi | |
In a fix to fix a privilege-escalation bug, the `…/group/roles` endpoint was entirely removed and replaced with the less error-prone `…/resource/…/roles` endpoint. This commit updates the code to use the new endpoint's data as appropriate. We also fix typos in some url_for routing arguments. | |||
2024-06-06 | Fix displayed error message | Frederick Muriuki Muriithi | |
2024-06-06 | Remove the "Roles" page. | Frederick Muriuki Muriithi | |
2024-06-06 | Deactivate the "create_role" function | Frederick Muriuki Muriithi | |
The `create_role` function could lead to privilege escalation. This commit deactivates it completely to prevent the chance of that happening. | |||
2024-06-05 | Bug: Add missing data to search query. | Frederick Muriuki Muriithi | |
2024-06-05 | Build search URI endpoint on server rather than on JS | Frederick Muriuki Muriithi | |
To help with maintenance, build the search URI on the server rather than in the javascript. | |||
2024-06-05 | Build phenotype results template URI on backend | Frederick Muriuki Muriithi | |
Build the template URI on the backend to remove the need to remember to update the javascript if the URI changes in the future. | |||
2024-06-04 | Provide client data used for user verification. | Frederick Muriuki Muriithi | |