Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-08-08 23:15:31 +02:00
Code Issues Releases Activity
620 commits 2 branches 41 tags 49 MiB
Commit graph

59 commits

Author SHA1 Message Date
Maël Gangloff
8fd0f682d9
feat: Google Chat notifications (#867) 2024-09-04 15:33:43 +02:00
Maksim Eltyshev
9699fbe76a feat: Additional httpOnly token for enhanced security in browsers 2024-09-01 09:31:04 +02:00
Aurélien Troncy
e6644eb745
feat: Ability to show detailed auth errors, set to false by default (#860) 2024-08-30 11:47:29 +02:00
Aurélien Troncy
e9b4a4adfc
fix: Disable x-powered-by header (#829) 2024-07-21 18:27:26 +02:00
Maksim Eltyshev
aff853c602 ref: Refactoring, fix linting 2024-07-16 12:33:38 +02:00
aleb_the_flash
ad2966c5d6
feat: Improve OIDC support for strict providers (#824) 2024-07-16 12:19:27 +02:00
NathanVss
cc1e886a31
feat: Ability to allow everyone to create projects (#787) 2024-06-14 16:38:06 +02:00
Gavin Mogan
5fcea5d651
fix: Handle WEBHOOKS env variable being unset (#785) 
Closes #784
 2024-06-12 08:59:36 +02:00
Maksim Eltyshev
c065566c15 feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00
HannesOberreiter
3779bdb053
feat: Events via webhook (#771) 
Closes #215, closes #656
 2024-06-06 20:22:14 +02:00
Smiley3112
2d6666d693
feat: Add SMTP_NAME environment variable (#761) 
Closes #758
 2024-05-18 15:02:21 +02:00
Maksim Eltyshev
fff0552081 chore: Update dependencies 
Closes #726
 2024-04-23 15:45:47 +02:00
Samuel
934dcdf39b
feat: Sort cards within list (#717) 
Closes #390
 2024-04-22 21:56:07 +02:00
Matthieu Bollot
2f3dfe775e
feat: Slack bot notifications (#676) 2024-04-08 00:33:29 +02:00
Matthieu Bollot
6cd9da844f
feat: Add ability to duplicate card (#668) 2024-04-05 22:40:35 +02:00
Edouard
9f0fce098e
feat: SMTP integration and email notifications (#631) 2024-03-22 00:14:09 +01:00
Maksim Eltyshev
6802a0dc69 fix: Fix case sensitivity of default admin environment variables 2024-03-12 20:40:46 +01:00
Maksim Eltyshev
b8d262f745 feat: Add ability to enforce SSO 
Closes #543, closes #545
 2024-02-01 00:31:15 +01:00
Maksim Eltyshev
634d6ceab1 feat: Add ability to map OIDC attributes and ignore username
Some checks failed
Build and push Docker DEV image / build ([self-hosted arm64], linux/arm/v7) (push) Has been cancelled
Details
Build and push Docker DEV image / build ([self-hosted arm64], linux/arm64) (push) Has been cancelled
Details
Build and push Docker DEV image / build ([self-hosted x64], linux/amd64) (push) Has been cancelled
Details
Build and push Docker DEV image / merge (push) Has been cancelled
Details
Build and push Docker DEV image / rerun-failed-jobs (push) Has been cancelled
Details 
Closes #554
 2024-01-25 23:01:59 +01:00
Maksim Eltyshev
6dc9e4ed99 fix: Disable role change when OIDC roles are not ignored 2023-10-25 23:39:34 +02:00
Balthasar Hofer
d4b64b90fc
feat: Add ability to ignore roles when logging in with SSO (#534) 
Closes #533
 2023-10-26 02:01:35 +05:00
Maksim Eltyshev
40c04c35ff ref: Refactoring 2023-10-19 16:05:34 +02:00
Lorenz Brun
743f2956c8
feat: Improve OIDC SSO (#524) 
The OIDC implementation merged in https://github.com/plankanban/planka/pull/491 is flawed for multiple reasons.

It assumes that the access_token returned by the IDP has to be a JWT parseable by the RP which is not the case [1].
Many major IDPs do issue tokens which are not JWTs and RPs should not rely on the contents of these at all.
The only signed token which has a standardized format for direct RP consumption is the OIDC ID token (id_token), but this by default doesn't contain many claims, especially role claims are omitted from them by default for size reasons. To get these additional claims into the ID token, one needs an IDP with support for the "claims" parameter.

It requires manual specification of the JWKS URL which is mandatory in any OIDC discovery document and thus never needs to be manually specified.

It also makes the questionable decision to use a client-side code flow with PKCE where a normal code flow would be much more appropriate as all user data is processed in the backend which can securely hold a client secret (confidential client). This has far wider IDP support, is safer (due to direct involvement of the IDP in obtaining user information) and doesn't require working with ID tokens and claim parameters.

By using a server-side code flow we can also offload most complexity to the server alone, no longer requiring an additional OIDC library on the web client.

Also silent logout doesn't work on most IDPs for security reasons, one needs to actually redirect the user over to the IDP, which then prompts them once more if they actually want to log out.

This implementation should work with any OIDC-compliant IDP and even OAuth 2.0-only IDPs as long as they serve and OIDC discovery document.

[1] rfc-editor.org/rfc/rfc6749#section-5.1
 2023-10-19 17:39:21 +05:00
Maksim Eltyshev
8e0c60f5be fix: OIDC finalization and refactoring 2023-10-17 19:18:19 +02:00
Maksim Eltyshev
875895b331 fix: Fix starting without OIDC environment variables 
Closes #503
 2023-09-12 01:20:21 +02:00
Maksim Eltyshev
91bc889fed feat: Use environment variables for default admin configuration 2023-09-12 01:12:38 +02:00
gorrilla10101
107cb85ba2
feat: OIDC with PKCE flow (#491) 2023-09-04 20:06:59 +05:00
Maksim Eltyshev
d386c82973 fix: Fix saving milliseconds for timestamps 2023-06-12 23:54:57 +02:00
Maksim Eltyshev
6ffa817b53 ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00
Maksim Eltyshev
0a5210dd21 feat: Preserve original format of images, change interpolation kernel 
Closes #349
 2022-12-24 00:47:59 +01:00
Jacques Lorentz
b08e731419
fix: Front-end base url with path (#303) 
Closes #43, closes #111, closes #272
 2022-09-30 14:48:58 +05:00
Maksim Eltyshev
8109936ce2 feat: Invalidate access token on logout 2022-09-07 18:39:33 +05:00
Steven Correia
543a992d98
fix: Fix proxy forwarding (#295) 2022-09-03 20:00:23 +05:00
Maksim Eltyshev
07867fc0b2 fix: Use custom logger only for production 2022-08-23 20:45:42 +02:00
Steven Correia
6429e22d59
feat: Modify logger to log to file that supports fail2ban (#284) 2022-08-23 03:42:56 +05:00
Maksim Eltyshev
51fa7df69c feat: Permissions for board members 
Closes #262
 2022-08-19 14:00:40 +02:00
Maksim Eltyshev
d38e555293 fix: Provide default value for token expiration 2022-08-09 19:09:07 +02:00
SimonTagne
7786533a90
feat: Improve security of access tokens (#279) 
Closes #275
 2022-08-09 21:03:21 +05:00
Maksim Eltyshev
ac1df5201d fix: Fix path traversal vulnerability 2022-08-04 00:37:30 +02:00
Maksim Eltyshev
e7495e0067 fix: Fix routes again 2022-06-20 18:48:13 +02:00
Maksim Eltyshev
b8c065e0c8 fix: Fix routes 2022-06-20 18:46:03 +02:00
Maksim Eltyshev
86e4864d1b feat: Add gallery for attachments 2022-06-20 18:27:39 +02:00
Maksim Eltyshev
36e4bef21b feat: Remove attachments from public access 
Closes #219
 2022-04-26 22:20:20 +05:00
Maksim Eltyshev
486e663a3d feat: Store accessToken in cookies instead of localStorage 2022-04-26 18:01:55 +05:00
dbrennand
729e5dac5e
Make trustProxy configurable via environment variable 2021-10-21 01:24:19 +05:00
Maksim Eltyshev
b39119ace4 Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00
Maksim Eltyshev
08aef7c052 Change database adapter to support the new Node. Closes #32 2020-08-31 16:45:22 +05:00
Maksim Eltyshev
767d39586c Add test libs, update dependencies 2020-08-20 15:35:46 +05:00
Maksim Eltyshev
c6ee7d54bb Prepare for collection board type, refactoring, update dependencies 2020-08-04 01:32:46 +05:00
Maksim Eltyshev
2f7a244807 Add project backgrounds 2020-05-26 00:46:04 +05:00