linux_patch_manager

git-echo/linux_patch_manager

Private

Public Access

Fork 0

Commit Graph

Author	SHA1	Message	Date
Draco-Lunaris-Echo	88b190ac8d	fix(security): restrict auth-config mutations to Admin role (#5 ) Restrict manager-wide authentication configuration mutations (OIDC, SMTP, IP allowlist) to Admin role. Operators now receive 403 forbidden_role. - New admin_required helper in settings.rs - 4 gate changes: update_settings, discover_oidc, test_oidc, update_ip_whitelist - 5 new AuditAction variants + migration 019 - SPA friendly error message on 403 - 3 admin_required unit tests pass (43/43) - Full integration tests deferred to issue #15 Closes #5	2026-06-03 09:16:41 -05:00
Draco-Lunaris-Echo	f58d7a6f17	fix(security): stop embedding JWT tokens in SSO callback redirect URL (#4 ) (#14 ) Replaces URL-embedded JWT tokens with a single-use, 60-second handoff code that the SPA exchanges via server-to-server POST. The URL now contains only `?handoff=<code>` — no tokens are placed in the browser history, proxy access logs, or Referer header. Backend: new SsoHandoff store (DashMap, 60s TTL, atomic DashMap::remove for single-use), POST /api/v1/auth/sso/handoff endpoint, 7 new tests. Frontend: SsoCallbackPage rewritten to use useSearchParams + POST exchange, with history.replaceState to clear the handoff code from the address bar. Switched from window.location.search to useSearchParams() for test compatibility. New Vitest infrastructure (vitest, @testing-library/react, jsdom) and 6 new tests. CI fix in ccba9e3: cargo fmt --all and added searchParams to useEffect dep array to satisfy CI's Rust Format and Frontend Lint checks. Refs: closes #4	2026-06-03 06:28:08 -05:00
Echo	3aff64afb7	docs: add REST API reference and update README version to v0.1.7 All checks were successful CI Pipeline / Rust Format Check (push) Successful in 4s Details CI Pipeline / Clippy Lints (push) Successful in 53s Details CI Pipeline / Rust Unit Tests (push) Successful in 1m11s Details CI Pipeline / Security Audit (push) Successful in 4s Details CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s Details CI Pipeline / Build .deb & Release (push) Has been skipped Details	2026-05-16 19:14:08 +00:00

Author

SHA1

Message

Date

Draco-Lunaris-Echo

88b190ac8d

fix(security): restrict auth-config mutations to Admin role (#5 )

Restrict manager-wide authentication configuration mutations (OIDC, SMTP, IP allowlist) to Admin role. Operators now receive 403 forbidden_role.

- New admin_required helper in settings.rs
- 4 gate changes: update_settings, discover_oidc, test_oidc, update_ip_whitelist
- 5 new AuditAction variants + migration 019
- SPA friendly error message on 403
- 3 admin_required unit tests pass (43/43)
- Full integration tests deferred to issue #15

Closes #5

2026-06-03 09:16:41 -05:00

Draco-Lunaris-Echo

f58d7a6f17

fix(security): stop embedding JWT tokens in SSO callback redirect URL (#4 ) (#14 )

Replaces URL-embedded JWT tokens with a single-use, 60-second handoff code that the SPA exchanges via server-to-server POST. The URL now contains only `?handoff=<code>` — no tokens are placed in the browser history, proxy access logs, or Referer header.

Backend: new SsoHandoff store (DashMap, 60s TTL, atomic DashMap::remove for single-use), POST /api/v1/auth/sso/handoff endpoint, 7 new tests.

Frontend: SsoCallbackPage rewritten to use useSearchParams + POST exchange, with history.replaceState to clear the handoff code from the address bar. Switched from window.location.search to useSearchParams() for test compatibility. New Vitest infrastructure (vitest, @testing-library/react, jsdom) and 6 new tests.

CI fix in ccba9e3: cargo fmt --all and added searchParams to useEffect dep array to satisfy CI's Rust Format and Frontend Lint checks.

Refs: closes #4

2026-06-03 06:28:08 -05:00

Echo

3aff64afb7

docs: add REST API reference and update README version to v0.1.7

CI Pipeline / Rust Format Check (push) Successful in 4s

Details

CI Pipeline / Clippy Lints (push) Successful in 53s

Details

CI Pipeline / Rust Unit Tests (push) Successful in 1m11s

Details

CI Pipeline / Security Audit (push) Successful in 4s

Details

CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s

Details

CI Pipeline / Build .deb & Release (push) Has been skipped

Details

2026-05-16 19:14:08 +00:00

3 Commits