Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-18 20:59:44 +02:00
Code Issues Releases Activity
555 commits 2 branches 41 tags 48 MiB
Commit graph

179 commits

Author SHA1 Message Date
Smiley3112
3b43d7d2c9 feat: Add SMTP_NAME environment variable (#761) 
Closes #758
 2024-05-18 15:02:21 +02:00
Maksim Eltyshev
52fb86f9e9 chore: Update dependencies 
Closes #726
 2024-04-23 15:45:47 +02:00
Samuel
3ce2e8ef91 feat: Sort cards within list (#717) 
Closes #390
 2024-04-22 21:56:07 +02:00
Maksim Eltyshev
d9b17d72f9 fix: Fix error output when sending email or message to Slack 2024-04-12 12:07:19 +02:00
Maksim Eltyshev
4fe77c305c feat: Automatic logout when session expires 
Closes #693
 2024-04-09 15:12:46 +02:00
Maksim Eltyshev
7273b33768 chore: Cleanup 2024-04-08 01:47:24 +02:00
Matthieu Bollot
2eff8b80f1 feat: Slack bot notifications (#676) 2024-04-08 01:27:10 +02:00
Matthieu Bollot
c61b23c713 feat: Add ability to duplicate card (#668) 2024-04-08 01:24:50 +02:00
Edouard
ca4d6761cd feat: SMTP integration and email notifications (#631) 2024-04-08 01:24:50 +02:00
Maksim Eltyshev
d202dd15bc fix: Fix case sensitivity of default admin environment variables 2024-04-08 01:24:50 +02:00
Maksim Eltyshev
d297e2340a fix: Fix nullable boolean inputs 2024-04-08 01:24:50 +02:00
Maksim Eltyshev
6a635e44a2 fix: Include due date when importing from Trello 
Closes #598
 2024-04-08 01:24:50 +02:00
Maksim Eltyshev
6c826c7127 feat: Add ability to enforce SSO 
Closes #543, closes #545
 2024-04-08 01:24:10 +02:00
Maksim Eltyshev
def2327165 feat: Add ability to map OIDC attributes and ignore username 
Closes #554
 2024-04-08 01:18:26 +02:00
Maksim Eltyshev
1e78c7df8f fix: Fix images becoming black and white when resizing 
Closes #574, closes #585
 2024-04-08 01:18:26 +02:00
Maksim Eltyshev
f0b2de8c40 chore: Bump sharp version 2024-04-08 01:18:26 +02:00
GlitchWitch
75e642cd73 Remove unused code and comments 2023-12-28 12:01:38 -06:00
Brad Bahls
f11fa8d504 updated to use currentUser.name for messages 2023-12-28 09:03:41 -07:00
GlitchWitch
719ba9fc9c Rename custom.js -> slack.js 2023-12-23 10:52:15 -06:00
GlitchWitch
22ffa77966 Replace plankaProdUrl with one set by environment. Remove hardcoded channel and unused variables. 2023-12-23 10:48:50 -06:00
Brad Bahls
4d12fbf72d removed test webhook url 2023-12-23 08:58:22 -07:00
Brad Bahls
b8ce112dc3 added new custom service with slack integration helper functions; added axios package; added notifications for card create, delete, and update (move); added notifications for comment create 2023-12-23 08:52:07 -07:00
Maksim Eltyshev
8018b74038 fix: Add issuer to OIDC callback parameters 
Closes #562
 2023-12-09 16:28:24 +01:00
Maksim Eltyshev
0af96a21c8 build: Stop using base image 2023-12-01 18:02:19 +01:00
Maksim Eltyshev
22aa3c4adf chore: Update dependencies 2023-11-17 14:34:10 +01:00
Maksim Eltyshev
d951ba59dd fix: Disable role change when OIDC roles are not ignored 2023-10-25 23:39:34 +02:00
Balthasar Hofer
e41a434fc8 feat: Add ability to ignore roles when logging in with SSO (#534) 
Closes #533
 2023-10-26 02:01:35 +05:00
Maksim Eltyshev
6a09e9a984 fix: Make default admin environment variables optional 
Closes #526
 2023-10-20 21:52:12 +02:00
Maksim Eltyshev
0fab6075bd ref: Refactoring 2023-10-19 16:05:34 +02:00
Lorenz Brun
9011ee61da feat: Improve OIDC SSO (#524) 
The OIDC implementation merged in https://github.com/plankanban/planka/pull/491 is flawed for multiple reasons.

It assumes that the access_token returned by the IDP has to be a JWT parseable by the RP which is not the case [1].
Many major IDPs do issue tokens which are not JWTs and RPs should not rely on the contents of these at all.
The only signed token which has a standardized format for direct RP consumption is the OIDC ID token (id_token), but this by default doesn't contain many claims, especially role claims are omitted from them by default for size reasons. To get these additional claims into the ID token, one needs an IDP with support for the "claims" parameter.

It requires manual specification of the JWKS URL which is mandatory in any OIDC discovery document and thus never needs to be manually specified.

It also makes the questionable decision to use a client-side code flow with PKCE where a normal code flow would be much more appropriate as all user data is processed in the backend which can securely hold a client secret (confidential client). This has far wider IDP support, is safer (due to direct involvement of the IDP in obtaining user information) and doesn't require working with ID tokens and claim parameters.

By using a server-side code flow we can also offload most complexity to the server alone, no longer requiring an additional OIDC library on the web client.

Also silent logout doesn't work on most IDPs for security reasons, one needs to actually redirect the user over to the IDP, which then prompts them once more if they actually want to log out.

This implementation should work with any OIDC-compliant IDP and even OAuth 2.0-only IDPs as long as they serve and OIDC discovery document.

[1] rfc-editor.org/rfc/rfc6749#section-5.1
 2023-10-19 17:39:21 +05:00
Maksim Eltyshev
1ef736106c fix: Fix order of checks when logging in 2023-10-18 23:07:57 +02:00
Maksim Eltyshev
afe83d2760 chore: Bump sails version 2023-10-17 19:23:09 +02:00
Maksim Eltyshev
b9716c6e3a fix: OIDC finalization and refactoring 2023-10-17 19:18:19 +02:00
Maksim Eltyshev
6aefccf543 fix: Fix starting without OIDC environment variables 
Closes #503
 2023-09-12 01:20:21 +02:00
Maksim Eltyshev
e59535b9b4 feat: Use environment variables for default admin configuration 2023-09-12 01:12:38 +02:00
gorrilla10101
6941500c7b feat: OIDC with PKCE flow (#491) 2023-09-04 20:06:59 +05:00
Maksim Eltyshev
8578883fac fix: Fix saving milliseconds for timestamps 2023-06-12 23:54:57 +02:00
orbatschow
18e231fcaa feat: Allow postgres connections that require ssl mode (#409) 
Closes #261
 2023-03-06 17:54:52 +05:00
Maksim Eltyshev
e93cc88f5c revert: Allow postgres connections that require ssl mode (#408) 
This reverts commit d627a5660a.
 2023-02-28 02:56:16 +05:00
Maksim Eltyshev
22ec8707ac fix: Rename timer to stopwatch 
Closes #392
 2023-02-27 19:09:51 +01:00
orbatschow
d627a5660a feat: Allow postgres connections that require ssl mode (#404) 
Closes #261
 2023-02-27 21:16:51 +05:00
Maksim Eltyshev
a8b7b4dd26 fix: Fix import from Trello 
Closes #397
 2023-02-20 11:24:17 +01:00
Maksim Eltyshev
6fd42e3b62 fix: Preserve orientation of images 
Closes #384
 2023-01-17 22:14:39 +01:00
Maksim Eltyshev
a741e26ccb feat: Labels reordering 
Closes #289
 2023-01-09 12:17:06 +01:00
dependabot[bot]
d510708e66 chore(deps): Bump json5 from 1.0.1 to 1.0.2 in /server (#369) 
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 02:23:01 +05:00
dependabot[bot]
bf8980ce34 chore(deps): Bump jsonwebtoken from 8.5.1 to 9.0.0 in /server (#357) 
Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0.
- [Release notes](https://github.com/auth0/node-jsonwebtoken/releases)
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 02:20:25 +05:00
Maksim Eltyshev
6f79fc45eb ref: Little refactoring 2023-01-08 22:10:41 +01:00
Maksim Eltyshev
58eda7d555 fix: Subscribe only when needed 2023-01-05 15:03:06 +01:00
Maksim Eltyshev
0ad9cffb08 fix: Improve quality of resized images 2022-12-26 22:43:21 +01:00
Maksim Eltyshev
5cd025ffb7 ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00