aboutsummaryrefslogtreecommitdiff
path: root/gn2/wqflask/oauth2
AgeCommit message (Collapse)Author
2024-09-23Add method to clear redirect url from session.Alexander_Kabui
2024-09-18Refactor: drop __clear_session__ function.Alexander_Kabui
2024-09-18Refactor: try to build endpoint with get request.Alexander_Kabui
If BuildError is raised default to "/"
2024-09-18fix minor issue for setting redirect url.Alexander_Kabui
2024-09-18feat(auth): implement redirect to login page and save current endpoint to ↵Alexander_Kabui
session * Redirect users to the login page when authentication is required. * Save the current endpoint in the session for post-login redirection.
2024-09-18After login redirect users to the next request endpoint.Alexander_Kabui
2024-09-18Add new optional parameter to session object: redirect_url.Alexander_Kabui
2024-09-17Redirect users to login page if they attempt to access a service that ↵Alexander_Kabui
requires authentication but are not logged in
2024-09-17fix: dynamically get the keys that may contain error messagesJohn Nduli
2024-09-06Fail noisily to help with troubleshooting issues.Frederick Muriuki Muriithi
2024-08-07Merge pull request #855 from jnduli/gn2_profiles_pagesMuriithi Frederick Muriuki
Gn2 Fix profiles pages dashboard
2024-08-07chore: remove passing bearer token to end userJohn Nduli
2024-08-06fix: use bearer token to query auth serverJohn Nduli
2024-08-06fix: pass in proper list of priviledge_idsJohn Nduli
2024-08-05minor code formatting.Frederick Muriuki Muriithi
2024-08-05Update JWKs endpoint documentation.Frederick Muriuki Muriithi
2024-08-05Fix URLFrederick Muriuki Muriithi
2024-08-05Override 'client_secret_post' auth with a JSON equivalentFrederick Muriuki Muriithi
In order to use JSON consistently across the board, we make even the authentication method use JSON rather than FORMDATA.
2024-08-02Consistently use JSON for all endpoints.Frederick Muriuki Muriithi
2024-08-01bug: add missing `count_per_page` variable.Frederick Muriuki Muriithi
2024-08-01Use auto-created and auto-rotated JSON Web KeysFrederick Muriuki Muriithi
Use auto-created JWKs for better security.
2024-08-01Use JWKs from auth server public endpointFrederick Muriuki Muriithi
* Fetch keys from auth server * Validate token is signed with one of the keys from server * Ensure refreshing of token is still synchronised
2024-08-01Add module to help with rotation of JSON Web Keys.Frederick Muriuki Muriithi
2024-07-31Synchronise token refreshesFrederick Muriuki Muriithi
The application can be run in a multi-threaded server, leading to a situation where the multiple threads attempt to get a new JWT using the exact same refresh token. This synchronises the various threads ensuring only a single thread is able to retrieve the new JWT that all the rest of the threads then use.
2024-07-26Use JSON rather than X-Form-URL-encoded data with auth server.Frederick Muriuki Muriithi
2024-07-22Provide PoC public-jwks endpoint.Frederick Muriuki Muriithi
2024-07-17Fix premature session expirationFrederick Muriuki Muriithi
With the change to JWTs the time-to-live for each token is severely curtailed to help with security in case of a token theft. We, therefore, can no longer rely on the TTL for session expiration, rather, we will rely of the token-refresh mechanism to expire a token after a long while.
2024-07-17Remove redundant import.Frederick Muriuki Muriithi
2024-07-17Remove token and user detail handling from @app.before_requestFrederick Muriuki Muriithi
The token and user details information is handled in the `gn2.wqflask.oauth2.session`. Other parts of the system should make use of that. It also helps avoid some weird "action-at-a-distance" interactions - this forces the code to request what it needs when it needs it and not rely on some global variables.
2024-06-25Remove flawed "group role" idea: use just "role".Frederick Muriuki Muriithi
2024-06-17Remove deprecated endpoints/views and templatesFrederick Muriuki Muriithi
2024-06-17Fix error display logicFrederick Muriuki Muriithi
2024-06-17Fetch the active user's roles on a particular resource.Frederick Muriuki Muriithi
2024-06-17Use privilege objects rather than IDS.Frederick Muriuki Muriithi
2024-06-17Delete request to obsoleted endpoint.Frederick Muriuki Muriithi
2024-06-17Create a new resource role.Frederick Muriuki Muriithi
2024-06-17Update URI formsFrederick Muriuki Muriithi
2024-06-17Use json for communication with gn-authFrederick Muriuki Muriithi
2024-06-11List user assigned role of interest.Frederick Muriuki Muriithi
2024-06-10Unassign privilege from resource role.Frederick Muriuki Muriithi
2024-06-10Import the UUID class directly.Frederick Muriuki Muriithi
2024-06-10Implement "Resource Role Page"Frederick Muriuki Muriithi
Show the page, providing all UI elements necessary, even if the elements themselves are not active.
2024-06-10Generalise `render_ur` for the resources pagesFrederick Muriuki Muriithi
2024-06-10Set default headers for OAuth2Client requests.Frederick Muriuki Muriithi
2024-06-07Update UI: Use resource roles rather than obsolete group rolesFrederick Muriuki Muriithi
In a fix to fix a privilege-escalation bug, the `…/group/roles` endpoint was entirely removed and replaced with the less error-prone `…/resource/…/roles` endpoint. This commit updates the code to use the new endpoint's data as appropriate. We also fix typos in some url_for routing arguments.
2024-06-06Fix displayed error messageFrederick Muriuki Muriithi
2024-06-06Remove the "Roles" page.Frederick Muriuki Muriithi
2024-06-06Deactivate the "create_role" functionFrederick Muriuki Muriithi
The `create_role` function could lead to privilege escalation. This commit deactivates it completely to prevent the chance of that happening.
2024-06-05Bug: Add missing data to search query.Frederick Muriuki Muriithi
2024-06-05Build search URI endpoint on server rather than on JSFrederick Muriuki Muriithi
To help with maintenance, build the search URI on the server rather than in the javascript.