pangolin

mirror of https://github.com/fosrl/pangolin.git synced 2026-02-11 07:26:39 +00:00

Author	SHA1	Message	Date
Adrian Astles	5009906385	renamed passkey to security key to stay aligned with the UI and other backend naming.	2025-07-05 21:51:31 +08:00
Adrian Astles	6ccc05b183	Update security key error handling and user feedback. Improve user guidance for security key interactions and Implement proper error handling for permission denials and timing issues.	2025-07-05 18:56:32 +08:00
Adrian Astles	5130071a60	improved security key management interface, also updated locales	2025-07-05 18:27:04 +08:00
Adrian Astles	d5e67835aa	improved WebAuthn error messages and session handling. Compatibility guidance in error states, and Improve user guidance for common authentication issues.	2025-07-05 16:52:56 +08:00
Adrian Astles	bf8078ed66	enhance WebAuthn implementation and error handling.	2025-07-05 16:48:37 +08:00
Adrian Astles	f31717145f	feat(passkeys): Add password verification for passkey management - Add password verification requirement when registering passkeys - Add password verification requirement when deleting passkeys - Add support for 2FA verification if enabled - Add new delete confirmation dialog with password field - Add recommendation message when only one passkey is registered - Improve dialog styling and user experience - Fix type issues with WebAuthn credential descriptors Security: This change ensures that sensitive passkey operations require password verification, similar to 2FA management, preventing unauthorized modifications to authentication methods.	2025-07-03 22:57:29 +08:00
Adrian Astles	db76558944	refactor: rename passkeyChallenge to webauthnChallenge - Renamed table for consistency with webauthnCredentials - Created migration script 1.8.1.ts for table rename - Updated schema definitions in SQLite and PostgreSQL - Maintains WebAuthn standard naming convention	2025-07-03 21:53:07 +08:00
miloschwartz	d03f45279c	remove server admin from config and add onboarding ui	2025-06-19 22:11:05 -04:00
miloschwartz	1bf2e23f5d	make username lowercase	2025-06-19 15:41:49 -04:00
Thijs van Loef	cbca88f76b	fix semi colons	2025-06-09 23:52:16 +02:00
miloschwartz	f0cb65f65c	dont import db in nextjs	2025-06-05 14:44:34 -04:00
miloschwartz	2cca561e51	support postgresql as database option	2025-06-04 12:02:07 -04:00
miloschwartz	53be2739bb	successful log in loop poc	2025-04-13 18:29:23 -04:00
miloschwartz	fefb07e14c	move schema.ts to module	2025-03-23 17:11:48 -04:00
Owen	654ed46a46	Return 401 instead of 400 on bad login Resolves #276	2025-03-04 20:32:48 -05:00
miloschwartz	adef93623d	more visual enhancements and use expires instead of max age in cookies	2025-03-02 15:50:03 -05:00
Milo Schwartz	8dd30c88ab	fix reset password sql error	2025-02-14 13:12:29 -05:00
Milo Schwartz	3c7025a327	add strict rate limit to endpoints that send email	2025-02-05 22:46:33 -05:00
Milo Schwartz	58a084426b	allow logout to fail	2025-02-05 22:00:29 -05:00
Milo Schwartz	60110350aa	use smtp user if no no-reply set	2025-01-28 21:26:34 -05:00
Milo Schwartz	a57f0ab360	log password reset token if no smtp to allow reset password	2025-01-28 21:23:19 -05:00
Milo Schwartz	0bd8217d9e	add failed auth logging	2025-01-27 22:43:32 -05:00
Milo Schwartz	9f1f2910e4	refactor auth to work cross domain and with http resources closes #100	2025-01-26 14:42:02 -05:00
Milo Schwartz	5f92b0bbc1	make all emails lowercase closes #89	2025-01-21 19:03:18 -05:00
Milo Schwartz	ab18e15a71	allow controlling cors from config and add cors middleware to traefik	2025-01-13 23:59:10 -05:00
Milo Schwartz	235e91294e	remove `base_url` from config (#13 ) * add example config dir, logos, and update CONTRIBUTING.md * update dockerignore * split base_url into dashboard_url and base_domain * Remove unessicary ports * Allow anything for the ip * Update docker tags * Complex regex for domains/ips * update gitignore --------- Co-authored-by: Owen Schwartz <owen@txv.io>	2025-01-07 22:41:35 -05:00
Milo Schwartz	3b4a993704	refactor and reorganize	2025-01-01 21:41:31 -05:00
Milo Schwartz	9732098799	make config class and separate migrations script	2025-01-01 17:50:12 -05:00
Milo Schwartz	d447de9e8a	improve email formatting and invite flow for new users	2024-12-31 18:25:11 -05:00
Milo Schwartz	4cdaa9b588	Merge branch 'main' of https://github.com/fosrl/pangolin	2024-12-25 15:55:50 -05:00
Milo Schwartz	4a1e869e58	setup server admin	2024-12-25 15:54:32 -05:00
Owen Schwartz	29bd88ebdf	Merge branch 'main' of https://github.com/fosrl/pangolin	2024-12-24 16:01:29 -05:00
Owen Schwartz	2f328fc719	Add basic transactions	2024-12-24 16:00:02 -05:00
Milo Schwartz	cf75be5a6c	disable 2fa and end email notifications	2024-12-24 15:36:55 -05:00
Milo Schwartz	9e50a580a5	enable 2fa flow	2024-12-23 23:59:15 -05:00
Milo Schwartz	af2d78cbfb	send confirm password reset email	2024-12-22 17:27:09 -05:00
Milo Schwartz	4b34353354	allow backup code input for totp	2024-12-22 17:20:24 -05:00
Milo Schwartz	f224bfa4ee	reset password flow	2024-12-22 16:59:30 -05:00
Owen Schwartz	0386d81b95	Merge branch 'main' of https://github.com/fosrl/pangolin	2024-12-22 12:04:57 -05:00
Owen Schwartz	1361b47ef7	Remove dangerous logging	2024-12-22 12:03:46 -05:00
Milo Schwartz	ce5df3b0b9	fix issues from test deploy	2024-12-21 21:01:12 -05:00
Milo Schwartz	72dc02ff2e	access token endpoints and other backend support	2024-12-18 23:14:26 -05:00
Milo Schwartz	998fab6d0a	add otp flow to resource auth portal	2024-12-15 17:47:07 -05:00
Milo Schwartz	5bbf32f6a6	improve verify email redirect flow	2024-11-28 00:11:13 -05:00
Milo Schwartz	8178dd1525	set resource session as base domain cookie	2024-11-27 00:07:40 -05:00
Milo Schwartz	203628341f	test	2024-11-24 14:53:46 -05:00
Milo Schwartz	4e7fa0f2d9	add logging for verifySession	2024-11-24 14:28:23 -05:00
Milo Schwartz	d7c4bc43a4	set resource session cookie in proxy via param	2024-11-23 23:31:22 -05:00
Milo Schwartz	c565c14aa0	move middlewares out of auth	2024-11-16 22:48:10 -05:00
Milo Schwartz	b1e53ed8d7	set users on resource working	2024-11-15 23:38:08 -05:00

1 2

97 Commits