aboutsummaryrefslogtreecommitdiff
path: root/gn2/wqflask/oauth2
AgeCommit message (Expand)Author
2024-09-23Add method to clear redirect url from session.Alexander_Kabui
2024-09-18Refactor: drop __clear_session__ function.Alexander_Kabui
2024-09-18Refactor: try to build endpoint with get request.•••If BuildError is raised default to "/" Alexander_Kabui
2024-09-18fix minor issue for setting redirect url.Alexander_Kabui
2024-09-18feat(auth): implement redirect to login page and save current endpoint to ses...•••* Redirect users to the login page when authentication is required. * Save the current endpoint in the session for post-login redirection. Alexander_Kabui
2024-09-18After login redirect users to the next request endpoint.Alexander_Kabui
2024-09-18Add new optional parameter to session object: redirect_url.Alexander_Kabui
2024-09-17Redirect users to login page if they attempt to access a service that require...Alexander_Kabui
2024-09-17fix: dynamically get the keys that may contain error messagesJohn Nduli
2024-09-06Fail noisily to help with troubleshooting issues.Frederick Muriuki Muriithi
2024-08-07Merge pull request #855 from jnduli/gn2_profiles_pages•••Gn2 Fix profiles pages dashboardMuriithi Frederick Muriuki
2024-08-07chore: remove passing bearer token to end userJohn Nduli
2024-08-06fix: use bearer token to query auth serverJohn Nduli
2024-08-06fix: pass in proper list of priviledge_idsJohn Nduli
2024-08-05minor code formatting.Frederick Muriuki Muriithi
2024-08-05Update JWKs endpoint documentation.Frederick Muriuki Muriithi
2024-08-05Fix URLFrederick Muriuki Muriithi
2024-08-05Override 'client_secret_post' auth with a JSON equivalent•••In order to use JSON consistently across the board, we make even the authentication method use JSON rather than FORMDATA. Frederick Muriuki Muriithi
2024-08-02Consistently use JSON for all endpoints.Frederick Muriuki Muriithi
2024-08-01bug: add missing `count_per_page` variable.Frederick Muriuki Muriithi
2024-08-01Use auto-created and auto-rotated JSON Web Keys•••Use auto-created JWKs for better security. Frederick Muriuki Muriithi
2024-08-01Use JWKs from auth server public endpoint•••* Fetch keys from auth server * Validate token is signed with one of the keys from server * Ensure refreshing of token is still synchronised Frederick Muriuki Muriithi
2024-08-01Add module to help with rotation of JSON Web Keys.Frederick Muriuki Muriithi
2024-07-31Synchronise token refreshes•••The application can be run in a multi-threaded server, leading to a situation where the multiple threads attempt to get a new JWT using the exact same refresh token. This synchronises the various threads ensuring only a single thread is able to retrieve the new JWT that all the rest of the threads then use. Frederick Muriuki Muriithi
2024-07-26Use JSON rather than X-Form-URL-encoded data with auth server.Frederick Muriuki Muriithi
2024-07-22Provide PoC public-jwks endpoint.Frederick Muriuki Muriithi
2024-07-17Fix premature session expiration•••With the change to JWTs the time-to-live for each token is severely curtailed to help with security in case of a token theft. We, therefore, can no longer rely on the TTL for session expiration, rather, we will rely of the token-refresh mechanism to expire a token after a long while. Frederick Muriuki Muriithi
2024-07-17Remove redundant import.Frederick Muriuki Muriithi
2024-07-17Remove token and user detail handling from @app.before_request•••The token and user details information is handled in the `gn2.wqflask.oauth2.session`. Other parts of the system should make use of that. It also helps avoid some weird "action-at-a-distance" interactions - this forces the code to request what it needs when it needs it and not rely on some global variables. Frederick Muriuki Muriithi
2024-06-25Remove flawed "group role" idea: use just "role".Frederick Muriuki Muriithi
2024-06-17Remove deprecated endpoints/views and templatesFrederick Muriuki Muriithi
2024-06-17Fix error display logicFrederick Muriuki Muriithi
2024-06-17Fetch the active user's roles on a particular resource.Frederick Muriuki Muriithi
2024-06-17Use privilege objects rather than IDS.Frederick Muriuki Muriithi
2024-06-17Delete request to obsoleted endpoint.Frederick Muriuki Muriithi
2024-06-17Create a new resource role.Frederick Muriuki Muriithi
2024-06-17Update URI formsFrederick Muriuki Muriithi
2024-06-17Use json for communication with gn-authFrederick Muriuki Muriithi
2024-06-11List user assigned role of interest.Frederick Muriuki Muriithi
2024-06-10Unassign privilege from resource role.Frederick Muriuki Muriithi
2024-06-10Import the UUID class directly.Frederick Muriuki Muriithi
2024-06-10Implement "Resource Role Page"•••Show the page, providing all UI elements necessary, even if the elements themselves are not active. Frederick Muriuki Muriithi
2024-06-10Generalise `render_ur` for the resources pagesFrederick Muriuki Muriithi
2024-06-10Set default headers for OAuth2Client requests.Frederick Muriuki Muriithi
2024-06-07Update UI: Use resource roles rather than obsolete group roles•••In a fix to fix a privilege-escalation bug, the `…/group/roles` endpoint was entirely removed and replaced with the less error-prone `…/resource/…/roles` endpoint. This commit updates the code to use the new endpoint's data as appropriate. We also fix typos in some url_for routing arguments. Frederick Muriuki Muriithi
2024-06-06Fix displayed error messageFrederick Muriuki Muriithi
2024-06-06Remove the "Roles" page.Frederick Muriuki Muriithi
2024-06-06Deactivate the "create_role" function•••The `create_role` function could lead to privilege escalation. This commit deactivates it completely to prevent the chance of that happening. Frederick Muriuki Muriithi
2024-06-05Bug: Add missing data to search query.Frederick Muriuki Muriithi
2024-06-05Build search URI endpoint on server rather than on JS•••To help with maintenance, build the search URI on the server rather than in the javascript. Frederick Muriuki Muriithi
generated by cgit v1.2.3 (git 2.47.1) at 2025-07-31 14:21:51 +0000