Commit graph

80 commits

Author SHA1 Message Date
Johan Lundberg
d7cdedbd5f
style: apply ruff formatting to new files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 15:36:08 +02:00
Johan Lundberg
a65af90320
feat: require current password when changing password, add zxcvbn strength check
Use PasswordChange model (requires current password) for users with
existing passwords and PasswordSet for first-time setup. Add zxcvbn
strength validation and current password field to credentials template.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 15:34:43 +02:00
Johan Lundberg
72a93984f2
feat: wire validation models into admin routes and deduplicate error handling
Replace manual validation error formatting with shared helper in both
admin and manage profile routes. Add UsernameInput validation to invite
route and GroupListInput validation to groups route.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 15:34:28 +02:00
Johan Lundberg
56c177c817
fix: add CSRF tokens to admin forms and HTML5 validation hints
Add hidden CSRF token inputs to admin profile, groups, and invite
forms. Add maxlength, pattern, and title attributes to invite input.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 15:24:16 +02:00
Johan Lundberg
d4acb46cf5
feat: add rate limiting middleware for authentication endpoints
Add slowapi-based rate limiting: 5/min on password login, 10/min on
WebAuthn login. Includes shared rate limiter reset fixture for tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 15:23:51 +02:00
Johan Lundberg
23ca6272a2
fix: block inactive users from all authentication paths
Add active-user checks to password login, WebAuthn login, and magic
link registration to prevent deactivated accounts from authenticating.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 15:18:51 +02:00
Johan Lundberg
aff6ddb99b
feat: add validation models (locale, username, groups, password) and error helper
Add BCP 47 locale validator to ProfileUpdate, UsernameInput model,
GroupListInput model, PasswordSet/PasswordChange with zxcvbn strength
checking, and shared format_validation_errors HTML helper.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 15:18:24 +02:00
Johan Lundberg
752bf87b7c
style: apply ruff SIM108 ternary to validation error handling 2026-03-13 20:46:12 +01:00
Johan Lundberg
86deb56524
style: add E.164 format hint to phone number inputs 2026-03-13 20:44:30 +01:00
Johan Lundberg
7bfea306ab
refactor: use shared ProfileUpdate validation in admin routes 2026-03-13 20:43:52 +01:00
Johan Lundberg
5fd63d61ff
feat: wire ProfileUpdate validation into manage profile route 2026-03-10 15:36:47 +01:00
Johan Lundberg
db94294d6d
feat: add logout buttons to admin and manage navigation bars 2026-02-20 15:41:45 +01:00
Johan Lundberg
7c9e426bb8
feat: add ProfileUpdate pydantic model with email and phone validation 2026-02-20 15:21:28 +01:00
Johan Lundberg
a5198148a3
make output from cli commands easier to read 2026-02-20 15:03:45 +01:00
Johan Lundberg
0435b81c5a
feat: add landing page at / with navigation links
Route GET / to a landing page with the Porchlight logo, tagline,
and card-style navigation links to My Account and Administration.
2026-02-19 15:38:09 +01:00
Johan Lundberg
4242f1a40f
style: update logo and favicon with new pentagon house design 2026-02-19 15:03:31 +01:00
Johan Lundberg
33a61ecc2a
Merge branch 'feature/admin-pages'
# Conflicts:
#	src/porchlight/app.py
2026-02-19 14:36:48 +01:00
Johan Lundberg
34450aa38f
style: fix import sort order in app.py 2026-02-19 14:33:57 +01:00
Johan Lundberg
1054feb534
fix: reorder imports and use ty-compatible type suppression 2026-02-19 14:29:01 +01:00
Johan Lundberg
7ad794170d
feat: show admin link in manage nav for admin users 2026-02-19 14:20:57 +01:00
Johan Lundberg
9e5773f52f
feat: add CSRF tokens to templates and JS fetch calls 2026-02-19 14:03:34 +01:00
Johan Lundberg
3975d5ce88
feat: add admin action routes (profile, groups, activate, credentials, invite, delete) 2026-02-19 13:47:36 +01:00
Johan Lundberg
d1f2b39cb6
feat: wire CSRF middleware and harden session cookie 2026-02-19 13:45:58 +01:00
Johan Lundberg
2b8d3e9800
feat: add admin user detail page with profile, groups, credentials, and actions 2026-02-19 13:44:14 +01:00
Johan Lundberg
b5ea9950a2
fix: use frozenset for SAFE_METHODS and extract SESSION_KEY constant 2026-02-19 13:42:18 +01:00
Johan Lundberg
6a9e32f74d
feat: add admin invite creation endpoint 2026-02-19 13:36:11 +01:00
Johan Lundberg
f93290d43e
feat: add CSRF middleware with synchronizer token pattern 2026-02-19 13:26:33 +01:00
Johan Lundberg
1a795914f9
feat: add admin user list page with search and pagination 2026-02-19 11:35:25 +01:00
Johan Lundberg
f2d669d705
feat: add admin base template and CSS styles 2026-02-19 11:30:35 +01:00
Johan Lundberg
dd1f85d8d3
feat: add admin router with admin group guard 2026-02-19 11:18:50 +01:00
Johan Lundberg
be35c17fa5
Merge branch 'feature/consent-screen' 2026-02-19 11:16:51 +01:00
Johan Lundberg
3b1c145e31
fix: add type annotation to approved_scopes for type checker 2026-02-19 11:16:01 +01:00
Johan Lundberg
078892a413
fix: validate consent action and add error check after re-parse 2026-02-19 11:09:14 +01:00
Johan Lundberg
7e9eeb1339
feat: add search_users and count_users to user repository 2026-02-19 11:00:47 +01:00
Johan Lundberg
5c4269fd6e
feat: add consent page template 2026-02-19 09:52:45 +01:00
Johan Lundberg
1d8fd91f68
feat: add consent check to authorization flow 2026-02-19 09:47:59 +01:00
Johan Lundberg
9ccc6c885f
feat: add Consent model, migration, and repository 2026-02-18 15:01:35 +01:00
Johan Lundberg
8a610a0cd6
feat: add self-service profile page with manage navigation
Add /manage/profile page where authenticated users can view and edit
their OIDC profile fields (given_name, family_name, preferred_username,
email, phone_number, picture, locale).

- Create manage/base.html with tab-style nav for Profile/Credentials
- Update credentials.html to extend manage/base.html
- Add GET/POST routes with server-side validation
- Add input styling for tel and url input types
- Add profile test user with pre-filled data in setup_db.py
- Add 19 E2E tests covering structure, navigation, updates, validation
- All 76 E2E tests and 172 Python tests pass
2026-02-18 14:35:17 +01:00
Johan Lundberg
64f8c1936b
refactor: fix lint warnings and remove stale type: ignore comments 2026-02-18 13:08:03 +01:00
Johan Lundberg
eeb09321e2
feat: register OIDC clients from config file 2026-02-18 12:48:23 +01:00
Johan Lundberg
61ca3063ca
feat: add TOML config file support with client registrations 2026-02-18 12:44:00 +01:00
Johan Lundberg
80960d5a1f
Merge branch 'feature/cli-module' 2026-02-18 11:35:15 +01:00
Johan Lundberg
e43720cd62
refactor: fix lint and type check issues in CLI module 2026-02-18 11:34:00 +01:00
Johan Lundberg
4e83c3807e
feat: add initial-admin CLI command 2026-02-18 11:29:13 +01:00
Johan Lundberg
bcddf5d1c8
feat: add create-invite CLI command 2026-02-18 11:27:36 +01:00
Johan Lundberg
0c3157ea3a
feat: handle pre-existing users in register_magic_link route 2026-02-18 10:29:44 +01:00
Johan Lundberg
ebe5497879
feat: update login UI and JS for usernameless WebAuthn authentication 2026-02-17 13:42:35 +01:00
Johan Lundberg
32567b5484
feat: rewrite WebAuthn login routes for usernameless discoverable credential flow 2026-02-17 13:38:17 +01:00
Johan Lundberg
2ffe968342
feat: require discoverable credentials and prefer user verification in WebAuthnService 2026-02-17 13:18:46 +01:00
Johan Lundberg
51d03bc780
refactor: extract open_db() context manager from lifespan 2026-02-16 15:41:15 +01:00