pangolin

mirror of https://github.com/fosrl/pangolin.git synced 2026-02-02 16:19:08 +00:00

Author	SHA1	Message	Date
Adrian Astles	6ccc05b183	Update security key error handling and user feedback. Improve user guidance for security key interactions and Implement proper error handling for permission denials and timing issues.	2025-07-05 18:56:32 +08:00
Adrian Astles	5130071a60	improved security key management interface, also updated locales	2025-07-05 18:27:04 +08:00
Adrian Astles	d5e67835aa	improved WebAuthn error messages and session handling. Compatibility guidance in error states, and Improve user guidance for common authentication issues.	2025-07-05 16:52:56 +08:00
Adrian Astles	bf8078ed66	enhance WebAuthn implementation and error handling.	2025-07-05 16:48:37 +08:00
Adrian Astles	f31717145f	feat(passkeys): Add password verification for passkey management - Add password verification requirement when registering passkeys - Add password verification requirement when deleting passkeys - Add support for 2FA verification if enabled - Add new delete confirmation dialog with password field - Add recommendation message when only one passkey is registered - Improve dialog styling and user experience - Fix type issues with WebAuthn credential descriptors Security: This change ensures that sensitive passkey operations require password verification, similar to 2FA management, preventing unauthorized modifications to authentication methods.	2025-07-03 22:57:29 +08:00
Adrian Astles	db76558944	refactor: rename passkeyChallenge to webauthnChallenge - Renamed table for consistency with webauthnCredentials - Created migration script 1.8.1.ts for table rename - Updated schema definitions in SQLite and PostgreSQL - Maintains WebAuthn standard naming convention	2025-07-03 21:53:07 +08:00
miloschwartz	7bf9cccbf6	show account already exists if email not verified	2025-06-25 16:54:33 -04:00
miloschwartz	d03f45279c	remove server admin from config and add onboarding ui	2025-06-19 22:11:05 -04:00
miloschwartz	1bf2e23f5d	make username lowercase	2025-06-19 15:41:49 -04:00
Thijs van Loef	cbca88f76b	fix semi colons	2025-06-09 23:52:16 +02:00
miloschwartz	f0cb65f65c	dont import db in nextjs	2025-06-05 14:44:34 -04:00
miloschwartz	2cca561e51	support postgresql as database option	2025-06-04 12:02:07 -04:00
miloschwartz	53be2739bb	successful log in loop poc	2025-04-13 18:29:23 -04:00
miloschwartz	fefb07e14c	move schema.ts to module	2025-03-23 17:11:48 -04:00
Owen	654ed46a46	Return 401 instead of 400 on bad login Resolves #276	2025-03-04 20:32:48 -05:00
miloschwartz	adef93623d	more visual enhancements and use expires instead of max age in cookies	2025-03-02 15:50:03 -05:00
Milo Schwartz	8dd30c88ab	fix reset password sql error	2025-02-14 13:12:29 -05:00
Milo Schwartz	3c7025a327	add strict rate limit to endpoints that send email	2025-02-05 22:46:33 -05:00
Milo Schwartz	58a084426b	allow logout to fail	2025-02-05 22:00:29 -05:00
Milo Schwartz	60110350aa	use smtp user if no no-reply set	2025-01-28 21:26:34 -05:00
Milo Schwartz	a57f0ab360	log password reset token if no smtp to allow reset password	2025-01-28 21:23:19 -05:00
Milo Schwartz	0bd8217d9e	add failed auth logging	2025-01-27 22:43:32 -05:00
Milo Schwartz	9f1f2910e4	refactor auth to work cross domain and with http resources closes #100	2025-01-26 14:42:02 -05:00
Milo Schwartz	5f92b0bbc1	make all emails lowercase closes #89	2025-01-21 19:03:18 -05:00
Milo Schwartz	ab18e15a71	allow controlling cors from config and add cors middleware to traefik	2025-01-13 23:59:10 -05:00
Milo Schwartz	235e91294e	remove `base_url` from config (#13 ) * add example config dir, logos, and update CONTRIBUTING.md * update dockerignore * split base_url into dashboard_url and base_domain * Remove unessicary ports * Allow anything for the ip * Update docker tags * Complex regex for domains/ips * update gitignore --------- Co-authored-by: Owen Schwartz <owen@txv.io>	2025-01-07 22:41:35 -05:00
Milo Schwartz	3b4a993704	refactor and reorganize	2025-01-01 21:41:31 -05:00
Milo Schwartz	9732098799	make config class and separate migrations script	2025-01-01 17:50:12 -05:00
Milo Schwartz	d447de9e8a	improve email formatting and invite flow for new users	2024-12-31 18:25:11 -05:00
Milo Schwartz	4cdaa9b588	Merge branch 'main' of https://github.com/fosrl/pangolin	2024-12-25 15:55:50 -05:00
Milo Schwartz	4a1e869e58	setup server admin	2024-12-25 15:54:32 -05:00
Owen Schwartz	29bd88ebdf	Merge branch 'main' of https://github.com/fosrl/pangolin	2024-12-24 16:01:29 -05:00
Owen Schwartz	2f328fc719	Add basic transactions	2024-12-24 16:00:02 -05:00
Milo Schwartz	cf75be5a6c	disable 2fa and end email notifications	2024-12-24 15:36:55 -05:00
Milo Schwartz	9e50a580a5	enable 2fa flow	2024-12-23 23:59:15 -05:00
Milo Schwartz	af2d78cbfb	send confirm password reset email	2024-12-22 17:27:09 -05:00
Milo Schwartz	4b34353354	allow backup code input for totp	2024-12-22 17:20:24 -05:00
Milo Schwartz	f224bfa4ee	reset password flow	2024-12-22 16:59:30 -05:00
Owen Schwartz	0386d81b95	Merge branch 'main' of https://github.com/fosrl/pangolin	2024-12-22 12:04:57 -05:00
Owen Schwartz	1361b47ef7	Remove dangerous logging	2024-12-22 12:03:46 -05:00
Milo Schwartz	ce5df3b0b9	fix issues from test deploy	2024-12-21 21:01:12 -05:00
Milo Schwartz	72dc02ff2e	access token endpoints and other backend support	2024-12-18 23:14:26 -05:00
Milo Schwartz	998fab6d0a	add otp flow to resource auth portal	2024-12-15 17:47:07 -05:00
Milo Schwartz	5bbf32f6a6	improve verify email redirect flow	2024-11-28 00:11:13 -05:00
Milo Schwartz	8178dd1525	set resource session as base domain cookie	2024-11-27 00:07:40 -05:00
Milo Schwartz	203628341f	test	2024-11-24 14:53:46 -05:00
Milo Schwartz	4e7fa0f2d9	add logging for verifySession	2024-11-24 14:28:23 -05:00
Milo Schwartz	d7c4bc43a4	set resource session cookie in proxy via param	2024-11-23 23:31:22 -05:00
Milo Schwartz	c565c14aa0	move middlewares out of auth	2024-11-16 22:48:10 -05:00
Milo Schwartz	b1e53ed8d7	set users on resource working	2024-11-15 23:38:08 -05:00

1 2 3

147 Commits