nephayr
/
planka_custom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
398 Commits
3 Branches
127 Tags
51 MiB
master
gh-pages
translations
planka-0.1.0
planka-0.1.1
planka-0.1.10
planka-0.1.11
planka-0.1.12
planka-0.1.13
planka-0.1.14
planka-0.1.15
planka-0.1.16
planka-0.1.17
planka-0.1.18
planka-0.1.19
planka-0.1.2
planka-0.1.20
planka-0.1.21
planka-0.1.22
planka-0.1.23
planka-0.1.24
planka-0.1.25
planka-0.1.26
planka-0.1.27
planka-0.1.28
planka-0.1.29
planka-0.1.3
planka-0.1.30
planka-0.1.31
planka-0.1.32
planka-0.1.33
planka-0.1.34
planka-0.1.35
planka-0.1.4
planka-0.1.5
planka-0.1.6
planka-0.1.7
planka-0.1.8
planka-0.1.9
planka-0.2.0
planka-0.2.1
planka-0.2.2
planka-0.2.3
planka-0.2.4
planka-0.2.5
planka-0.2.6
planka-0.2.7
planka-0.2.8
v1.0.0
v1.0.0-beta.0
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.11.0
v1.12.0
v1.13.0
v1.13.1
v1.14.0
v1.14.1
v1.14.2
v1.14.3
v1.15.0
v1.15.1
v1.15.2
v1.15.3
v1.15.4
v1.15.5
v1.15.6
v1.15.7
v1.16.0
v1.16.1
v1.16.2
v1.16.3
v1.16.4
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.18.0
v1.18.1
v1.19.0
v1.19.1
v1.19.2
v1.2.0
v1.2.1
v1.20.0
v1.20.1
v1.21.0
v1.21.1
v1.22.0
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9
v1.9.0
v1.9.1
v1.9.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '23ee815200'
${ noResults }
Commit Graph

151 Commits (23ee81520021dd1762c48e0dc891b63bb62b19d8)

Author SHA1 Message Date
Maksim Eltyshev 40c04c35ff ref: Refactoring 2 years ago
Lorenz Brun 743f2956c8
feat: Improve OIDC SSO (#524) 
The OIDC implementation merged in https://github.com/plankanban/planka/pull/491 is flawed for multiple reasons.

It assumes that the access_token returned by the IDP has to be a JWT parseable by the RP which is not the case [1].
Many major IDPs do issue tokens which are not JWTs and RPs should not rely on the contents of these at all.
The only signed token which has a standardized format for direct RP consumption is the OIDC ID token (id_token), but this by default doesn't contain many claims, especially role claims are omitted from them by default for size reasons. To get these additional claims into the ID token, one needs an IDP with support for the "claims" parameter.

It requires manual specification of the JWKS URL which is mandatory in any OIDC discovery document and thus never needs to be manually specified.

It also makes the questionable decision to use a client-side code flow with PKCE where a normal code flow would be much more appropriate as all user data is processed in the backend which can securely hold a client secret (confidential client). This has far wider IDP support, is safer (due to direct involvement of the IDP in obtaining user information) and doesn't require working with ID tokens and claim parameters.

By using a server-side code flow we can also offload most complexity to the server alone, no longer requiring an additional OIDC library on the web client.

Also silent logout doesn't work on most IDPs for security reasons, one needs to actually redirect the user over to the IDP, which then prompts them once more if they actually want to log out.

This implementation should work with any OIDC-compliant IDP and even OAuth 2.0-only IDPs as long as they serve and OIDC discovery document.

[1] rfc-editor.org/rfc/rfc6749#section-5.1
 2 years ago
Maksim Eltyshev 6662b0a717 fix: Fix order of checks when logging in 2 years ago
Maksim Eltyshev 3bc73c43ea chore: Bump sails version 2 years ago
Maksim Eltyshev 8e0c60f5be fix: OIDC finalization and refactoring 2 years ago
Maksim Eltyshev 875895b331 fix: Fix starting without OIDC environment variables 
Closes #503
 2 years ago
Maksim Eltyshev 91bc889fed feat: Use environment variables for default admin configuration 2 years ago
gorrilla10101 107cb85ba2
feat: OIDC with PKCE flow (#491) 2 years ago
Maksim Eltyshev d386c82973 fix: Fix saving milliseconds for timestamps 3 years ago
orbatschow 0d481703da
feat: Allow postgres connections that require ssl mode (#409) 
Closes #261
 3 years ago
Maksim Eltyshev 3d84888eb1
revert: Allow postgres connections that require ssl mode (#408) 
This reverts commit eea57ff121.
 3 years ago
Maksim Eltyshev d0a2734161 fix: Rename timer to stopwatch 
Closes #392
 3 years ago
orbatschow eea57ff121
feat: Allow postgres connections that require ssl mode (#404) 
Closes #261
 3 years ago
Maksim Eltyshev 8012f5319c fix: Fix import from Trello 
Closes #397
 3 years ago
Maksim Eltyshev 0f50dbde92 fix: Preserve orientation of images 
Closes #384
 3 years ago
Maksim Eltyshev aa69bb8d1e feat: Labels reordering 
Closes #289
 3 years ago
dependabot[bot] b7cf1853f5
chore(deps): Bump json5 from 1.0.1 to 1.0.2 in /server (#369) 
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 3 years ago
dependabot[bot] 4850fc5fc8
chore(deps): Bump jsonwebtoken from 8.5.1 to 9.0.0 in /server (#357) 
Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0.
- [Release notes](https://github.com/auth0/node-jsonwebtoken/releases)
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 3 years ago
Maksim Eltyshev b58b91baa1 ref: Little refactoring 3 years ago
Maksim Eltyshev 6021d67a00 fix: Subscribe only when needed 3 years ago
Maksim Eltyshev 7e07a75124 fix: Improve quality of resized images 3 years ago
Maksim Eltyshev 6ffa817b53 ref: Remove board types, refactoring 3 years ago
Maksim Eltyshev 2b131f76c1 fix: Proper image error handling during migration 3 years ago
Maksim Eltyshev 2bc82d557a fix: Fix image size for animated attachments 3 years ago
Maksim Eltyshev 0a5210dd21 feat: Preserve original format of images, change interpolation kernel 
Closes #349
 3 years ago
Christoph Enne 738ed19e7f
feat: Trello board JSON import (#352) 
Closes #27, closes #105
 3 years ago
Maksim Eltyshev c181731870 fix: Fix card repositioning 
Closes #340
 3 years ago
Maksim Eltyshev b0d23373c0 chore: Update dependencies 3 years ago
Rafly Maulana 5381d45e50
meta: Share global eslint config, move prettier config (#339) 3 years ago
Maksim Eltyshev 172f4fcf34 fix: Fix missing board memberships loading 3 years ago
Maksim Eltyshev 9f16881965 fix: Socket bug fixes and improvements 3 years ago
Jacques Lorentz b08e731419
fix: Front-end base url with path (#303) 
Closes #43, closes #111, closes #272
 3 years ago
Maksim Eltyshev 8109936ce2 feat: Invalidate access token on logout 3 years ago
Maksim Eltyshev 3df07c10fa fix: Use password strength estimator 
Closes #294
 3 years ago
Steven Correia 543a992d98
fix: Fix proxy forwarding (#295) 3 years ago
Maksim Eltyshev 5c91bddfe7 feat: Stronger password policy 3 years ago
Maksim Eltyshev 5b64d465e2 fix: Use move-file instead of rename 3 years ago
Maksim Eltyshev cece2254d7 fix: Change mechanics of file uploading 3 years ago
Maksim Eltyshev 052ab7f653 chore: Update version 3 years ago
Maksim Eltyshev 039eee0aac ref: Little refactoring 3 years ago
Maksim Eltyshev 07867fc0b2 fix: Use custom logger only for production 3 years ago
Maksim Eltyshev 289d2bf5ae meta: Fix ignore files for logs 3 years ago
Steven Correia 6429e22d59
feat: Modify logger to log to file that supports fail2ban (#284) 3 years ago
Maksim Eltyshev 51fa7df69c feat: Permissions for board members 
Closes #262
 3 years ago
Maksim Eltyshev eea94e0ee2 ref: Little change for consistency 3 years ago
Maksim Eltyshev 95ebb27042 ref: Prettify env sample 3 years ago
Maksim Eltyshev d38e555293 fix: Provide default value for token expiration 3 years ago
SimonTagne 7786533a90
feat: Improve security of access tokens (#279) 
Closes #275
 3 years ago
SimonTagne dab38cbc18
ref: Ignore public js linting (#278) 3 years ago
Maksim Eltyshev 3714bbc06f ref: Refactoring 3 years ago