| Age | Commit message (Expand) | Author |
|---|
| 2024-10-09 | Update application's allowed scopes...The `register-client` and `migrate-data` scopes are not supported for
end-user clients.
| Frederick Muriuki Muriithi |
| 2024-10-09 | Pass the scope from the token, not application...There are at times when a token's scope could be attenuated for
whatever reason from the full scope allowed to the application. In
those instances, it is necessary to use the token's scope rather than
the full scope.
| Frederick Muriuki Muriithi |
| 2024-09-23 | Add method to clear redirect url from session. | Alexander_Kabui |
| 2024-09-18 | Refactor: drop __clear_session__ function. | Alexander_Kabui |
| 2024-09-18 | Refactor: try to build endpoint with get request....If BuildError is raised default to "/"
| Alexander_Kabui |
| 2024-09-18 | fix minor issue for setting redirect url. | Alexander_Kabui |
| 2024-09-18 | feat(auth): implement redirect to login page and save current endpoint to ses......* Redirect users to the login page when authentication is required.
* Save the current endpoint in the session for post-login redirection.
| Alexander_Kabui |
| 2024-09-18 | After login redirect users to the next request endpoint. | Alexander_Kabui |
| 2024-09-18 | Add new optional parameter to session object: redirect_url. | Alexander_Kabui |
| 2024-09-17 | Redirect users to login page if they attempt to access a service that require... | Alexander_Kabui |
| 2024-09-17 | fix: dynamically get the keys that may contain error messages | John Nduli |
| 2024-09-06 | Fail noisily to help with troubleshooting issues. | Frederick Muriuki Muriithi |
| 2024-08-07 | Merge pull request #855 from jnduli/gn2_profiles_pages...Gn2 Fix profiles pages dashboard | Muriithi Frederick Muriuki |
| 2024-08-07 | chore: remove passing bearer token to end user | John Nduli |
| 2024-08-06 | fix: use bearer token to query auth server | John Nduli |
| 2024-08-06 | fix: pass in proper list of priviledge_ids | John Nduli |
| 2024-08-05 | minor code formatting. | Frederick Muriuki Muriithi |
| 2024-08-05 | Update JWKs endpoint documentation. | Frederick Muriuki Muriithi |
| 2024-08-05 | Fix URL | Frederick Muriuki Muriithi |
| 2024-08-05 | Override 'client_secret_post' auth with a JSON equivalent...In order to use JSON consistently across the board, we make even the
authentication method use JSON rather than FORMDATA.
| Frederick Muriuki Muriithi |
| 2024-08-02 | Consistently use JSON for all endpoints. | Frederick Muriuki Muriithi |
| 2024-08-01 | bug: add missing `count_per_page` variable. | Frederick Muriuki Muriithi |
| 2024-08-01 | Use auto-created and auto-rotated JSON Web Keys...Use auto-created JWKs for better security.
| Frederick Muriuki Muriithi |
| 2024-08-01 | Use JWKs from auth server public endpoint...* Fetch keys from auth server
* Validate token is signed with one of the keys from server
* Ensure refreshing of token is still synchronised
| Frederick Muriuki Muriithi |
| 2024-08-01 | Add module to help with rotation of JSON Web Keys. | Frederick Muriuki Muriithi |
| 2024-07-31 | Synchronise token refreshes...The application can be run in a multi-threaded server, leading to a
situation where the multiple threads attempt to get a new JWT using
the exact same refresh token.
This synchronises the various threads ensuring only a single thread is
able to retrieve the new JWT that all the rest of the threads then
use.
| Frederick Muriuki Muriithi |
| 2024-07-26 | Use JSON rather than X-Form-URL-encoded data with auth server. | Frederick Muriuki Muriithi |
| 2024-07-22 | Provide PoC public-jwks endpoint. | Frederick Muriuki Muriithi |
| 2024-07-17 | Fix premature session expiration...With the change to JWTs the time-to-live for each token is severely
curtailed to help with security in case of a token theft. We,
therefore, can no longer rely on the TTL for session expiration,
rather, we will rely of the token-refresh mechanism to expire a token
after a long while.
| Frederick Muriuki Muriithi |
| 2024-07-17 | Remove redundant import. | Frederick Muriuki Muriithi |
| 2024-07-17 | Remove token and user detail handling from @app.before_request...The token and user details information is handled in the
`gn2.wqflask.oauth2.session`. Other parts of the system should make
use of that.
It also helps avoid some weird "action-at-a-distance" interactions -
this forces the code to request what it needs when it needs it and not
rely on some global variables.
| Frederick Muriuki Muriithi |
| 2024-06-25 | Remove flawed "group role" idea: use just "role". | Frederick Muriuki Muriithi |
| 2024-06-17 | Remove deprecated endpoints/views and templates | Frederick Muriuki Muriithi |
| 2024-06-17 | Fix error display logic | Frederick Muriuki Muriithi |
| 2024-06-17 | Fetch the active user's roles on a particular resource. | Frederick Muriuki Muriithi |
| 2024-06-17 | Use privilege objects rather than IDS. | Frederick Muriuki Muriithi |
| 2024-06-17 | Delete request to obsoleted endpoint. | Frederick Muriuki Muriithi |
| 2024-06-17 | Create a new resource role. | Frederick Muriuki Muriithi |
| 2024-06-17 | Update URI forms | Frederick Muriuki Muriithi |
| 2024-06-17 | Use json for communication with gn-auth | Frederick Muriuki Muriithi |
| 2024-06-11 | List user assigned role of interest. | Frederick Muriuki Muriithi |
| 2024-06-10 | Unassign privilege from resource role. | Frederick Muriuki Muriithi |
| 2024-06-10 | Import the UUID class directly. | Frederick Muriuki Muriithi |
| 2024-06-10 | Implement "Resource Role Page"...Show the page, providing all UI elements necessary, even if the
elements themselves are not active.
| Frederick Muriuki Muriithi |
| 2024-06-10 | Generalise `render_ur` for the resources pages | Frederick Muriuki Muriithi |
| 2024-06-10 | Set default headers for OAuth2Client requests. | Frederick Muriuki Muriithi |
| 2024-06-07 | Update UI: Use resource roles rather than obsolete group roles...In a fix to fix a privilege-escalation bug, the `…/group/roles`
endpoint was entirely removed and replaced with the less error-prone
`…/resource/…/roles` endpoint. This commit updates the code to use the
new endpoint's data as appropriate.
We also fix typos in some url_for routing arguments.
| Frederick Muriuki Muriithi |
| 2024-06-06 | Fix displayed error message | Frederick Muriuki Muriithi |
| 2024-06-06 | Remove the "Roles" page. | Frederick Muriuki Muriithi |
| 2024-06-06 | Deactivate the "create_role" function...The `create_role` function could lead to privilege escalation. This
commit deactivates it completely to prevent the chance of that
happening.
| Frederick Muriuki Muriithi |
