6cd9da844f
feat: Add ability to duplicate card ( #668 )
2 years ago
9f0fce098e
feat: SMTP integration and email notifications ( #631 )
2 years ago
6802a0dc69
fix: Fix case sensitivity of default admin environment variables
2 years ago
ca6a1a14f5
fix: Fix nullable boolean inputs
2 years ago
51d05f3cd3
fix: Include due date when importing from Trello
...
Closes #598
2 years ago
b8d262f745
feat: Add ability to enforce SSO
...
Closes #543 , closes #545
2 years ago
634d6ceab1
feat: Add ability to map OIDC attributes and ignore username
...
Closes #554
2 years ago
3f99438402
fix: Fix images becoming black and white when resizing
...
Closes #574 , closes #585
2 years ago
7e7727e3e1
chore: Bump sharp version
2 years ago
28c3f28e01
fix: Add issuer to OIDC callback parameters
...
Closes #562
2 years ago
f1fed3e533
build: Stop using base image
2 years ago
239611ad51
chore: Update dependencies
2 years ago
6dc9e4ed99
fix: Disable role change when OIDC roles are not ignored
2 years ago
d4b64b90fc
feat: Add ability to ignore roles when logging in with SSO ( #534 )
...
Closes #533
2 years ago
3ef5b3ead8
fix: Make default admin environment variables optional
...
Closes #526
2 years ago
40c04c35ff
ref: Refactoring
2 years ago
743f2956c8
feat: Improve OIDC SSO ( #524 )
...
The OIDC implementation merged in https://github.com/plankanban/planka/pull/491 is flawed for multiple reasons.
It assumes that the access_token returned by the IDP has to be a JWT parseable by the RP which is not the case [1].
Many major IDPs do issue tokens which are not JWTs and RPs should not rely on the contents of these at all.
The only signed token which has a standardized format for direct RP consumption is the OIDC ID token (id_token), but this by default doesn't contain many claims, especially role claims are omitted from them by default for size reasons. To get these additional claims into the ID token, one needs an IDP with support for the "claims" parameter.
It requires manual specification of the JWKS URL which is mandatory in any OIDC discovery document and thus never needs to be manually specified.
It also makes the questionable decision to use a client-side code flow with PKCE where a normal code flow would be much more appropriate as all user data is processed in the backend which can securely hold a client secret (confidential client). This has far wider IDP support, is safer (due to direct involvement of the IDP in obtaining user information) and doesn't require working with ID tokens and claim parameters.
By using a server-side code flow we can also offload most complexity to the server alone, no longer requiring an additional OIDC library on the web client.
Also silent logout doesn't work on most IDPs for security reasons, one needs to actually redirect the user over to the IDP, which then prompts them once more if they actually want to log out.
This implementation should work with any OIDC-compliant IDP and even OAuth 2.0-only IDPs as long as they serve and OIDC discovery document.
[1] rfc-editor.org/rfc/rfc6749#section-5.1
2 years ago
6662b0a717
fix: Fix order of checks when logging in
2 years ago
3bc73c43ea
chore: Bump sails version
2 years ago
8e0c60f5be
fix: OIDC finalization and refactoring
2 years ago
875895b331
fix: Fix starting without OIDC environment variables
...
Closes #503
2 years ago
91bc889fed
feat: Use environment variables for default admin configuration
2 years ago
107cb85ba2
feat: OIDC with PKCE flow ( #491 )
2 years ago
d386c82973
fix: Fix saving milliseconds for timestamps
3 years ago
0d481703da
feat: Allow postgres connections that require ssl mode ( #409 )
...
Closes #261
3 years ago
3d84888eb1
revert: Allow postgres connections that require ssl mode ( #408 )
...
This reverts commit eea57ff121
3 years ago
d0a2734161
fix: Rename timer to stopwatch
...
Closes #392
3 years ago
eea57ff121
feat: Allow postgres connections that require ssl mode ( #404 )
...
Closes #261
3 years ago
8012f5319c
fix: Fix import from Trello
...
Closes #397
3 years ago
0f50dbde92
fix: Preserve orientation of images
...
Closes #384
3 years ago
aa69bb8d1e
feat: Labels reordering
...
Closes #289
3 years ago
b7cf1853f5
chore(deps): Bump json5 from 1.0.1 to 1.0.2 in /server ( #369 )
...
Bumps [json5](https://github.com/json5/json5 ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases )
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md )
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2 )
---
updated-dependencies:
- dependency-name: json5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
4850fc5fc8
chore(deps): Bump jsonwebtoken from 8.5.1 to 9.0.0 in /server ( #357 )
...
Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken ) from 8.5.1 to 9.0.0.
- [Release notes](https://github.com/auth0/node-jsonwebtoken/releases )
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md )
- [Commits](https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0 )
---
updated-dependencies:
- dependency-name: jsonwebtoken
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
b58b91baa1
ref: Little refactoring
3 years ago
6021d67a00
fix: Subscribe only when needed
3 years ago
7e07a75124
fix: Improve quality of resized images
3 years ago
6ffa817b53
ref: Remove board types, refactoring
3 years ago
2b131f76c1
fix: Proper image error handling during migration
3 years ago
2bc82d557a
fix: Fix image size for animated attachments
3 years ago
0a5210dd21
feat: Preserve original format of images, change interpolation kernel
...
Closes #349
3 years ago
738ed19e7f
feat: Trello board JSON import ( #352 )
...
Closes #27 , closes #105
3 years ago
c181731870
fix: Fix card repositioning
...
Closes #340
3 years ago
b0d23373c0
chore: Update dependencies
3 years ago
5381d45e50
meta: Share global eslint config, move prettier config ( #339 )
3 years ago
172f4fcf34
fix: Fix missing board memberships loading
3 years ago
9f16881965
fix: Socket bug fixes and improvements
3 years ago
b08e731419
fix: Front-end base url with path ( #303 )
...
Closes #43 , closes #111 , closes #272
3 years ago
8109936ce2
feat: Invalidate access token on logout
3 years ago
3df07c10fa
fix: Use password strength estimator
...
Closes #294
3 years ago
543a992d98
fix: Fix proxy forwarding ( #295 )
3 years ago
Matthieu Bollot
Edouard
Maksim Eltyshev
Balthasar Hofer
Lorenz Brun
gorrilla10101
orbatschow
dependabot[bot]
Christoph Enne
Rafly Maulana
Jacques Lorentz
Steven Correia