barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-06-09 13:00:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
858 Commits 27 Branches 125 Tags
ede6e8084d55d9a6cd4049c5c84b5f4a1bdaf81b
Commit Graph

344 Commits

Author SHA1 Message Date
Stavros ede6e8084d fix: support for oidc post (forgot that) 2026-06-08 12:35:13 +03:00
Stavros 4e671ed48c tests: fix proxy controller tests 2026-06-08 12:24:19 +03:00
Stavros a69d22bb0e feat: add new quick actions menu instead of individual dropdowns in frontend 2026-06-08 12:16:40 +03:00
Stavros ace64fa7ee tests: rework oidc tests and aim for better coverage 
Co-Authored-By: Claude <noreply@anthropic.com>
 2026-06-07 18:57:41 +03:00
Stavros 47b7f1e6f2 feat: add back support for request oidc param 2026-06-06 18:01:59 +03:00
Stavros f078e3549e fix: fix oauth oidc flow 2026-06-06 17:02:06 +03:00
Stavros da9079246a Merge branch 'main' into refactor/oidc-authorize 2026-06-06 16:31:13 +03:00
Stavros 426eac2d0b refactor: rework oidc session storage (#913) 2026-06-06 16:26:08 +03:00
Stavros 2454ba58ea refactor: use ticket approach for oidc flow 2026-06-01 17:04:08 +03:00
Stavros 97e0e0dfff wip: backend 2026-06-01 16:26:42 +03:00
Stavros b3c152fa1c chore: rabbit comments 2026-06-01 15:47:19 +03:00
Stavros 5caee887de fix: ensure no oidc code reuse 2026-06-01 12:22:49 +03:00
Stavros b5770ef305 fix: add memory back in the db bootstrap 2026-06-01 12:10:59 +03:00
Stavros 1c4ca8f436 chore: differentiate oauth userinfo from oidc userinfo 2026-06-01 12:02:11 +03:00
Stavros a72300484b tests: fix oidc service tests 2026-06-01 12:00:50 +03:00
Stavros 4fe5de241b chore: fix memory store 2026-06-01 11:55:47 +03:00
Stavros 83ed9ece57 feat: add db cleanup routine back 2026-06-01 11:47:17 +03:00
Stavros 695feca71c refactor: rework oidc session storage 2026-05-31 20:10:53 +03:00
Stavros dac844595d refactor: use new cache store in services (#912) 2026-05-31 18:55:06 +03:00
Stavros 82d21c3b28 Merge branch 'refactor/service-cache' into refactor/oidc-codes 2026-05-31 18:34:52 +03:00
Stavros fe8463890a fix: fix bugs in cache order 2026-05-31 18:29:14 +03:00
Stavros 940ba6dff7 fix: don't allow tagged devices in tailscale integration 2026-05-31 12:42:00 +03:00
Stavros ac9689dc9b tests: add cache store tests 2026-05-30 15:18:23 +03:00
Stavros 3e5757cfc9 fix: fix race conditions 2026-05-30 15:04:53 +03:00
Stavros ed94490efd refactor: use new cache store in auth service 2026-05-29 23:33:35 +03:00
Stavros faee58ca8e feat: use ding for ordered go routine shutdown order (#896) 2026-05-27 12:46:28 +03:00
Stavros e9b8ca3cf8 fix: cleanup acl logic to match stable one 2026-05-27 12:11:17 +03:00
Stavros 4538922caf refactor: simplify error handling in oidc authorize handler (#907) 2026-05-27 11:27:10 +03:00
Stavros 672db84200 feat: make config file a stable feature (#897) 2026-05-27 11:26:09 +03:00
Scott McKendry 359000f731 feat(db): add postgresql support (#892) 2026-05-26 00:08:59 +03:00
Stavros 0a3e7bf265 fix: use policy engine in oauth whitelist check (#904) 2026-05-26 00:07:46 +03:00
Puneet Dixit c3461131f5 feat: support provider-specific OAuth whitelists (#882) 
Co-authored-by: Puneet Dixit <236133619+puneetdixit200@users.noreply.github.com>
 2026-05-24 20:18:33 +03:00
Scott McKendry e532cde2b6 fix: potential nil pointer dereferences (#893) 2026-05-24 17:23:48 +03:00
Stavros 2737a25227 fix: don't point to nil local users in bootstrap app 2026-05-23 20:24:54 +03:00
Scott McKendry 7aa25210f5 feat(config): allow global bypass by ip (#889) 2026-05-23 19:58:48 +03:00
Stavros 55bef72639 fix: ensure domain defined in acls is included in host rules (#884) 2026-05-23 17:13:41 +03:00
Stavros ae17bd3b66 fix: do not log user context not found errors in proxy controller 2026-05-23 16:43:03 +03:00
Stavros 3194f4b987 chore: remove stale error from tailscale service 2026-05-20 23:04:38 +03:00
Stavros 9b50670925 fix: handle panics in tailscale service 2026-05-20 23:01:14 +03:00
Stavros 1166a15aa7 feat: tailscale integration (#847) 2026-05-20 20:10:38 +03:00
Stavros c855f9b8ac feat: add support for deny by default access controls (#852) 2026-05-19 18:07:55 +03:00
Scott McKendry a56c349525 refactor(db): use new store interface (#831) 2026-05-18 22:33:09 +03:00
Stavros 8932f2ad46 feat: ensure public key pairs with private key in oidc service 2026-05-16 20:43:50 +03:00
Stavros 5349f21212 fix: use loaded public key in oidc service, fixes #860 2026-05-16 17:09:21 +03:00
Dreddy e8071a9d80 fix: bug fixes for issues #859, 860, 861, 862, 863, 864, 865, 866 (#867) 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2026-05-16 17:04:01 +03:00
Stavros ca06099466 tests: fix tests for proxy controller 2026-05-15 18:43:18 +03:00
Stavros d4b4245017 chore: revert 4c741a5 and use 403 for acl errors 2026-05-15 18:39:12 +03:00
Stavros 4c741a5990 fix: use 401 errors instead of 403 for nginx responses 2026-05-15 18:12:15 +03:00
Dreddy f9fff24ca5 fix: oidc open redirect (#854) 2026-05-13 17:34:39 +03:00
Ilyas a9eac7edd2 fix(ldap): pass through LDAP mail attribute instead of crafting email (#834) 
* fix(ldap): pass through LDAP mail attribute instead of crafting email

TinyAuth was constructing LDAP user emails as username@CookieDomain
instead of using the mail attribute stored in the directory. This caused
OIDC clients like Grafana to receive a synthetic email rather than the
real one.

Rename GetUserDN to GetUserInfo and extend it to also fetch the mail
attribute in the same LDAP query. Thread the result through UserSearch
and use it in both the login flow and the basic auth middleware, falling
back to the crafted email only when LDAP returns no mail value.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore: add ldap email logic back after main merge

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Stavros <steveiliop56@gmail.com>
 2026-05-11 15:40:15 +03:00