barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-06-21 19:00:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
864 Commits 28 Branches 127 Tags
6249228039a8c3737def3901dd9fec8d0f5db3cb
Commit Graph

344 Commits

Author SHA1 Message Date
Stavros 76aebc5728 fix: cleanup oauth provider redirect url 2026-06-21 20:54:53 +03:00
Stavros 8a8426c705 chore: more rabbit comments 2026-06-21 20:44:40 +03:00
Stavros c9337da4d4 chore: review comments 2026-06-21 18:29:51 +03:00
Stavros e53cbf414d fix: remove port from cookie domain 2026-06-21 17:32:36 +03:00
Stavros a4f9c897a6 tests: fix tests 2026-06-21 17:15:09 +03:00
Stavros d87be8676c fix: use case insensitive check in the oauth controller 2026-06-21 16:53:31 +03:00
Stavros 21877190e4 refactor: rework cookie domain logic 2026-06-21 16:51:39 +03:00
Stavros 8c739c68e3 feat: add support for tailscale funnel 2026-06-21 16:23:20 +03:00
Stavros 2ab24432bb feat: add option to listen on tailscale 2026-06-21 16:20:31 +03:00
Stavros 8e35631ec8 chore: remove trusted domains and rely on single app url 2026-06-21 15:49:17 +03:00
Stavros efe373084f feat: support for oidc max age (#949) 2026-06-20 00:21:22 +03:00
Stavros 7f18b45e21 feat: support for the prompt parameter in the oidc flow (#948) 2026-06-20 00:04:41 +03:00
Stavros 6ccc894570 tests: improve test coverage for controllers (#946) 2026-06-19 11:59:16 +03:00
Stavros 53af1b99c0 tests: don't use _test suffix in service and controller tests (#944) 2026-06-17 17:03:30 +03:00
Stavros 654b5cc436 fix: use better limits in lockdown to limit dos attack window (#943) 2026-06-17 13:10:58 +03:00
Stavros f7d7f1c4f0 feat: add psl checks to the oauth controller is safe redirect check 2026-06-17 13:05:42 +03:00
Stavros e7d26f497d fix: use runtime trusted uris in oauth controller 2026-06-17 12:33:09 +03:00
Stavros a9face749d chore: remove leftover debug log line from tailscale service 2026-06-17 12:15:51 +03:00
Stavros c825d81b2d feat: add support for webfinger (#941) 2026-06-16 15:05:11 +03:00
Stavros f404c2ef16 feat: use dig for di in services and controllers (#936) 2026-06-16 13:00:48 +03:00
Stavros a0e74cd5f2 refactor: move oidc handling to backend and add support for oidc post (#923) 
Co-authored-by: Claude <noreply@anthropic.com>
 2026-06-13 16:45:12 +03:00
Ryc O'Chet 49105ce5ff feat: add ldap bind password file (#929) 2026-06-11 13:25:22 +03:00
Stavros 426eac2d0b refactor: rework oidc session storage (#913) 2026-06-06 16:26:08 +03:00
Stavros dac844595d refactor: use new cache store in services (#912) 2026-05-31 18:55:06 +03:00
Stavros 940ba6dff7 fix: don't allow tagged devices in tailscale integration 2026-05-31 12:42:00 +03:00
Stavros faee58ca8e feat: use ding for ordered go routine shutdown order (#896) 2026-05-27 12:46:28 +03:00
Stavros e9b8ca3cf8 fix: cleanup acl logic to match stable one 2026-05-27 12:11:17 +03:00
Stavros 4538922caf refactor: simplify error handling in oidc authorize handler (#907) 2026-05-27 11:27:10 +03:00
Stavros 672db84200 feat: make config file a stable feature (#897) 2026-05-27 11:26:09 +03:00
Scott McKendry 359000f731 feat(db): add postgresql support (#892) 2026-05-26 00:08:59 +03:00
Stavros 0a3e7bf265 fix: use policy engine in oauth whitelist check (#904) 2026-05-26 00:07:46 +03:00
Puneet Dixit c3461131f5 feat: support provider-specific OAuth whitelists (#882) 
Co-authored-by: Puneet Dixit <236133619+puneetdixit200@users.noreply.github.com>
 2026-05-24 20:18:33 +03:00
Scott McKendry e532cde2b6 fix: potential nil pointer dereferences (#893) 2026-05-24 17:23:48 +03:00
Stavros 2737a25227 fix: don't point to nil local users in bootstrap app 2026-05-23 20:24:54 +03:00
Scott McKendry 7aa25210f5 feat(config): allow global bypass by ip (#889) 2026-05-23 19:58:48 +03:00
Stavros 55bef72639 fix: ensure domain defined in acls is included in host rules (#884) 2026-05-23 17:13:41 +03:00
Stavros ae17bd3b66 fix: do not log user context not found errors in proxy controller 2026-05-23 16:43:03 +03:00
Stavros 3194f4b987 chore: remove stale error from tailscale service 2026-05-20 23:04:38 +03:00
Stavros 9b50670925 fix: handle panics in tailscale service 2026-05-20 23:01:14 +03:00
Stavros 1166a15aa7 feat: tailscale integration (#847) 2026-05-20 20:10:38 +03:00
Stavros c855f9b8ac feat: add support for deny by default access controls (#852) 2026-05-19 18:07:55 +03:00
Scott McKendry a56c349525 refactor(db): use new store interface (#831) 2026-05-18 22:33:09 +03:00
Stavros 8932f2ad46 feat: ensure public key pairs with private key in oidc service 2026-05-16 20:43:50 +03:00
Stavros 5349f21212 fix: use loaded public key in oidc service, fixes #860 2026-05-16 17:09:21 +03:00
Dreddy e8071a9d80 fix: bug fixes for issues #859, 860, 861, 862, 863, 864, 865, 866 (#867) 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2026-05-16 17:04:01 +03:00
Stavros ca06099466 tests: fix tests for proxy controller 2026-05-15 18:43:18 +03:00
Stavros d4b4245017 chore: revert 4c741a5 and use 403 for acl errors 2026-05-15 18:39:12 +03:00
Stavros 4c741a5990 fix: use 401 errors instead of 403 for nginx responses 2026-05-15 18:12:15 +03:00
Dreddy f9fff24ca5 fix: oidc open redirect (#854) 2026-05-13 17:34:39 +03:00
Ilyas a9eac7edd2 fix(ldap): pass through LDAP mail attribute instead of crafting email (#834) 
* fix(ldap): pass through LDAP mail attribute instead of crafting email

TinyAuth was constructing LDAP user emails as username@CookieDomain
instead of using the mail attribute stored in the directory. This caused
OIDC clients like Grafana to receive a synthetic email rather than the
real one.

Rename GetUserDN to GetUserInfo and extend it to also fetch the mail
attribute in the same LDAP query. Thread the result through UserSearch
and use it in both the login flow and the basic auth middleware, falling
back to the crafted email only when LDAP returns no mail value.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore: add ldap email logic back after main merge

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Stavros <steveiliop56@gmail.com>
 2026-05-11 15:40:15 +03:00