lundberg/porchlight
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
106 commits 1 branch 0 tags 566 KiB
Commit graph

106 commits

This branch
This branch
All branches
Author SHA1 Message Date
Johan Lundberg
befcef9395
fix: add CSRF token handling to admin tests after merge 
The CSRF middleware added to main after the admin-pages branch was
created caused all admin test POSTs/DELETEs to be rejected. Add
get_csrf_token() calls and X-CSRF-Token headers to login helpers and
all mutation requests, matching the pattern used by other tests.
 2026-02-19 15:02:51 +01:00
Johan Lundberg
33a61ecc2a
Merge branch 'feature/admin-pages' 
# Conflicts:
#	src/porchlight/app.py
 2026-02-19 14:36:48 +01:00
Johan Lundberg
34450aa38f
style: fix import sort order in app.py 2026-02-19 14:33:57 +01:00
Johan Lundberg
5a24a9c70b
test: add E2E tests for admin pages 2026-02-19 14:31:41 +01:00
Johan Lundberg
1054feb534
fix: reorder imports and use ty-compatible type suppression 2026-02-19 14:29:01 +01:00
Johan Lundberg
7ad794170d
feat: show admin link in manage nav for admin users 2026-02-19 14:20:57 +01:00
Johan Lundberg
f648422227
test: update all tests to include CSRF tokens 2026-02-19 14:19:47 +01:00
Johan Lundberg
186be17b97
test: add comprehensive unit tests for admin routes 2026-02-19 14:17:41 +01:00
Johan Lundberg
9e5773f52f
feat: add CSRF tokens to templates and JS fetch calls 2026-02-19 14:03:34 +01:00
Johan Lundberg
3975d5ce88
feat: add admin action routes (profile, groups, activate, credentials, invite, delete) 2026-02-19 13:47:36 +01:00
Johan Lundberg
d1f2b39cb6
feat: wire CSRF middleware and harden session cookie 2026-02-19 13:45:58 +01:00
Johan Lundberg
2b8d3e9800
feat: add admin user detail page with profile, groups, credentials, and actions 2026-02-19 13:44:14 +01:00
Johan Lundberg
b5ea9950a2
fix: use frozenset for SAFE_METHODS and extract SESSION_KEY constant 2026-02-19 13:42:18 +01:00
Johan Lundberg
6a9e32f74d
feat: add admin invite creation endpoint 2026-02-19 13:36:11 +01:00
Johan Lundberg
f93290d43e
feat: add CSRF middleware with synchronizer token pattern 2026-02-19 13:26:33 +01:00
Johan Lundberg
1a795914f9
feat: add admin user list page with search and pagination 2026-02-19 11:35:25 +01:00
Johan Lundberg
b1291c801e
docs: add CSRF protection implementation plan 2026-02-19 11:32:51 +01:00
Johan Lundberg
f2d669d705
feat: add admin base template and CSS styles 2026-02-19 11:30:35 +01:00
Johan Lundberg
94c14af8cc
docs: add CSRF protection design document 2026-02-19 11:29:19 +01:00
Johan Lundberg
dd1f85d8d3
feat: add admin router with admin group guard 2026-02-19 11:18:50 +01:00
Johan Lundberg
be35c17fa5
Merge branch 'feature/consent-screen' 2026-02-19 11:16:51 +01:00
Johan Lundberg
3b1c145e31
fix: add type annotation to approved_scopes for type checker 2026-02-19 11:16:01 +01:00
Johan Lundberg
b8464284c2
test: update existing tests to handle consent step 2026-02-19 11:13:11 +01:00
Johan Lundberg
078892a413
fix: validate consent action and add error check after re-parse 2026-02-19 11:09:14 +01:00
Johan Lundberg
7e9eeb1339
feat: add search_users and count_users to user repository 2026-02-19 11:00:47 +01:00
Johan Lundberg
5c4269fd6e
feat: add consent page template 2026-02-19 09:52:45 +01:00
Johan Lundberg
1d8fd91f68
feat: add consent check to authorization flow 2026-02-19 09:47:59 +01:00
Johan Lundberg
9ccc6c885f
feat: add Consent model, migration, and repository 2026-02-18 15:01:35 +01:00
Johan Lundberg
b22dabbbb0
Merge branch 'feature/profile-page' 2026-02-18 14:38:53 +01:00
Johan Lundberg
8a610a0cd6
feat: add self-service profile page with manage navigation 
Add /manage/profile page where authenticated users can view and edit
their OIDC profile fields (given_name, family_name, preferred_username,
email, phone_number, picture, locale).

- Create manage/base.html with tab-style nav for Profile/Credentials
- Update credentials.html to extend manage/base.html
- Add GET/POST routes with server-side validation
- Add input styling for tel and url input types
- Add profile test user with pre-filled data in setup_db.py
- Add 19 E2E tests covering structure, navigation, updates, validation
- All 76 E2E tests and 172 Python tests pass
 2026-02-18 14:35:17 +01:00
Johan Lundberg
16f3e039d9
docs: add consent screen design 2026-02-18 13:50:56 +01:00
Johan Lundberg
404fcac4dd
Merge branch 'feature/config-file' 2026-02-18 13:09:58 +01:00
Johan Lundberg
64f8c1936b
refactor: fix lint warnings and remove stale type: ignore comments 2026-02-18 13:08:03 +01:00
Johan Lundberg
8c91edf137
docs: add example config file and update README 2026-02-18 12:54:43 +01:00
Johan Lundberg
eeb09321e2
feat: register OIDC clients from config file 2026-02-18 12:48:23 +01:00
Johan Lundberg
fa614e9321
Merge branch 'feature/playwright-webauthn-e2e' 2026-02-18 12:48:03 +01:00
Johan Lundberg
70c97233c5
fix(e2e): fix WebAuthn and integration test failures 
- Use localhost instead of 127.0.0.1 as TARGET_URL so the WebAuthn RP ID
  is a valid domain (the spec forbids IP addresses)
- Replace request.post('/logout') with page.context().clearCookies() since
  Playwright's request fixture has a separate cookie jar from the page
- Add registerPasskey() helper that waits for 'load' event to reliably
  detect the page reload after successful registration
- Track credential count with getCredentialCount() since credentials
  accumulate across serial tests sharing the same database
- Fix login.spec.js selector from #webauthn-login-form to #webauthn-login-btn
  to match the actual template

All 57 E2E tests now pass (50 migrated + 7 WebAuthn).
 2026-02-18 12:45:03 +01:00
Johan Lundberg
61ca3063ca
feat: add TOML config file support with client registrations 2026-02-18 12:44:00 +01:00
Johan Lundberg
94f777fc8f
docs: add config file implementation plan 2026-02-18 12:12:49 +01:00
Johan Lundberg
edeb036086
docs: add TOML config file design 2026-02-18 12:09:43 +01:00
Johan Lundberg
71ddf5d8ff
feat(e2e): add WebAuthn E2E tests with CDP virtual authenticator 2026-02-18 11:52:47 +01:00
Johan Lundberg
c96ebe1b64
feat(e2e): add WebAuthn test user to fixture seeding 2026-02-18 11:47:11 +01:00
Johan Lundberg
c726ae18d3
chore: remove completed implementation plan docs 2026-02-18 11:46:37 +01:00
Johan Lundberg
dee1b1e3bc
docs: update README with CLI commands and fix stale module name 2026-02-18 11:43:56 +01:00
Johan Lundberg
ef8bf10555
refactor(e2e): remove old custom test runner 2026-02-18 11:43:17 +01:00
Johan Lundberg
7900f264ba
refactor(e2e): migrate all tests to Playwright Test 2026-02-18 11:37:23 +01:00
Johan Lundberg
80960d5a1f
Merge branch 'feature/cli-module' 2026-02-18 11:35:15 +01:00
Johan Lundberg
e43720cd62
refactor: fix lint and type check issues in CLI module 2026-02-18 11:34:00 +01:00
Johan Lundberg
4e83c3807e
feat: add initial-admin CLI command 2026-02-18 11:29:13 +01:00
Johan Lundberg
bcddf5d1c8
feat: add create-invite CLI command 2026-02-18 11:27:36 +01:00