ThetaDev/pangolin
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity
2098 commits 2 branches 2 tags 34 MiB
Commit graph

112 commits

Author SHA1 Message Date
Owen
907dab7d05
 		Move docker podman question and add hybird question 
Allow empty config

Continue to adjust config for hybrid
 2025-08-20 11:20:34 -07:00
Adrian Astles
69baa6785f feat: Add setup token security for initial server setup 
- Add setupTokens database table with proper schema
- Implement setup token generation on first server startup
- Add token validation endpoint and modify admin creation
- Update initial setup page to require setup token
- Add migration scripts for both SQLite and PostgreSQL
- Add internationalization support for setup token fields
- Implement proper error handling and logging
- Add CLI command for resetting user security keys

This prevents unauthorized access during initial server setup by requiring
a token that is generated and displayed in the server console.
 2025-08-03 21:17:18 +08:00
miloschwartz
114ce8997f
 		add tos and pp consent 2025-07-21 16:57:21 -07:00
miloschwartz
053acef728
 		allow using password to log in if security keys are available 2025-07-21 14:28:32 -07:00
Owen
3dc79da2fa
 		Merge branch 'dev' into clients-pops-dev 2025-07-14 16:59:00 -07:00
miloschwartz
3505342a8d
 		style consistency changes to add security key form 2025-07-14 15:43:33 -07:00
Milo Schwartz
9075ecb007
 		Merge branch 'dev' into feat/internal-user-passkey-support 2025-07-14 17:43:01 -04:00
Owen
a35add3fc6
 		Consolidate imports 2025-07-14 10:56:24 -07:00
miloschwartz
915ccdc007
 		server admin enforce 2fa per user 2025-07-13 21:58:37 -07:00
Owen
98a261e38c
 		Pull up downstream changes 2025-07-13 21:57:24 -07:00
Adrian Astles
c9f5ffae42
 		Merge branch 'dev' into feat/internal-user-passkey-support 2025-07-14 07:20:33 +08:00
J. Newing
2a6298e9eb Admins can enable 2FA 
Added the feature for admins to force 2FA on accounts. The next time the
user logs in they will have to setup 2FA on their account.
 2025-07-08 10:21:24 -04:00
Adrian Astles
f97b133c8c Resolved build error. 2025-07-08 22:04:24 +08:00
Adrian Astles
f0a1c10ec5 fix(auth): improve security key login flow. 
- Fix login to verify password before showing security key prompt
- Add proper 2FA verification flow when deleting security keys

Previously, users with security keys would see the security key prompt
even if they entered an incorrect password. Now the password is verified
first. Additionally, security key deletion now properly handles 2FA
verification when enabled.
 2025-07-07 17:48:23 +08:00
Adrian Astles
5009906385 renamed passkey to security key to stay aligned with the UI and other backend naming. 2025-07-05 21:51:31 +08:00
Adrian Astles
6ccc05b183 Update security key error handling and user feedback. Improve user guidance for security key interactions and Implement proper error handling for permission denials and timing issues. 2025-07-05 18:56:32 +08:00
Adrian Astles
5130071a60 improved security key management interface, also updated locales 2025-07-05 18:27:04 +08:00
Adrian Astles
d5e67835aa improved WebAuthn error messages and session handling. Compatibility guidance in error states, and Improve user guidance for common authentication issues. 2025-07-05 16:52:56 +08:00
Adrian Astles
bf8078ed66 enhance WebAuthn implementation and error handling. 2025-07-05 16:48:37 +08:00
Adrian Astles
f31717145f feat(passkeys): Add password verification for passkey management 
- Add password verification requirement when registering passkeys
- Add password verification requirement when deleting passkeys
- Add support for 2FA verification if enabled
- Add new delete confirmation dialog with password field
- Add recommendation message when only one passkey is registered
- Improve dialog styling and user experience
- Fix type issues with WebAuthn credential descriptors

Security: This change ensures that sensitive passkey operations require
password verification, similar to 2FA management, preventing unauthorized
modifications to authentication methods.
 2025-07-03 22:57:29 +08:00
Adrian Astles
db76558944 refactor: rename passkeyChallenge to webauthnChallenge 
- Renamed table for consistency with webauthnCredentials
- Created migration script 1.8.1.ts for table rename
- Updated schema definitions in SQLite and PostgreSQL
- Maintains WebAuthn standard naming convention
 2025-07-03 21:53:07 +08:00
miloschwartz
7bf9cccbf6
 		show account already exists if email not verified 2025-06-25 16:54:33 -04:00
miloschwartz
d03f45279c
 		remove server admin from config and add onboarding ui 2025-06-19 22:11:05 -04:00
miloschwartz
1bf2e23f5d
 		make username lowercase 2025-06-19 15:41:49 -04:00
Thijs van Loef
cbca88f76b fix semi colons 2025-06-09 23:52:16 +02:00
miloschwartz
f0cb65f65c
 		dont import db in nextjs 2025-06-05 14:44:34 -04:00
miloschwartz
2cca561e51
 		support postgresql as database option 2025-06-04 12:02:07 -04:00
miloschwartz
53be2739bb
 		successful log in loop poc 2025-04-13 18:29:23 -04:00
miloschwartz
fefb07e14c
 		move schema.ts to module 2025-03-23 17:11:48 -04:00
Owen
654ed46a46
 		Return 401 instead of 400 on bad login 
Resolves #276
 2025-03-04 20:32:48 -05:00
miloschwartz
adef93623d
 		more visual enhancements and use expires instead of max age in cookies 2025-03-02 15:50:03 -05:00
Milo Schwartz
8dd30c88ab
 		fix reset password sql error 2025-02-14 13:12:29 -05:00
Milo Schwartz
3c7025a327
 		add strict rate limit to endpoints that send email 2025-02-05 22:46:33 -05:00
Milo Schwartz
58a084426b
 		allow logout to fail 2025-02-05 22:00:29 -05:00
Milo Schwartz
60110350aa
 		use smtp user if no no-reply set 2025-01-28 21:26:34 -05:00
Milo Schwartz
a57f0ab360
 		log password reset token if no smtp to allow reset password 2025-01-28 21:23:19 -05:00
Milo Schwartz
0bd8217d9e
 		add failed auth logging 2025-01-27 22:43:32 -05:00
Milo Schwartz
9f1f2910e4
 		refactor auth to work cross domain and with http resources closes #100 2025-01-26 14:42:02 -05:00
Milo Schwartz
5f92b0bbc1
 		make all emails lowercase closes #89 2025-01-21 19:03:18 -05:00
Milo Schwartz
ab18e15a71
 		allow controlling cors from config and add cors middleware to traefik 2025-01-13 23:59:10 -05:00
Milo Schwartz
235e91294e
 		remove base_url from config (#13) 
* add example config dir, logos, and update CONTRIBUTING.md

* update dockerignore

* split base_url into dashboard_url and base_domain

* Remove unessicary ports

* Allow anything for the ip

* Update docker tags

* Complex regex for domains/ips

* update gitignore

---------

Co-authored-by: Owen Schwartz <owen@txv.io>
 2025-01-07 22:41:35 -05:00
Milo Schwartz
3b4a993704
 		refactor and reorganize 2025-01-01 21:41:31 -05:00
Milo Schwartz
9732098799
 		make config class and separate migrations script 2025-01-01 17:50:12 -05:00
Milo Schwartz
d447de9e8a
 		improve email formatting and invite flow for new users 2024-12-31 18:25:11 -05:00
Milo Schwartz
4cdaa9b588
 		Merge branch 'main' of https://github.com/fosrl/pangolin 2024-12-25 15:55:50 -05:00
Milo Schwartz
4a1e869e58
 		setup server admin 2024-12-25 15:54:32 -05:00
Owen Schwartz
29bd88ebdf
 		Merge branch 'main' of https://github.com/fosrl/pangolin 2024-12-24 16:01:29 -05:00
Owen Schwartz
2f328fc719
 		Add basic transactions 2024-12-24 16:00:02 -05:00
Milo Schwartz
cf75be5a6c
 		disable 2fa and end email notifications 2024-12-24 15:36:55 -05:00
Milo Schwartz
9e50a580a5
 		enable 2fa flow 2024-12-23 23:59:15 -05:00