gaiwan/Oak
4
2
Fork 0
Code Issues 1 Pull requests Projects Releases Packages 1 Wiki Activity Actions

implement the feature that changing password but stays login #12

Merged
arne merged 18 commits from laurence/issue-11 into main 2025-12-15 16:29:39 +00:00
Conversation 2 Commits 18 Files changed 38 +792 -301
laurence commented 2025-12-02 10:10:07 +00:00
Owner
Copy link
  • when changing the password, it immediately logs you out, because now your authentication/claim is older than your credential. This is sort of by design, but it should log out other sessions, so we need to update the claim in the current session.
  • Enforce login when user access /2fa/setup or /2fa/check. When redirect to login page, also shows a flash message to notify the user.
  • Fix all the tests of dashboard previously commented out.
  • Add the docker-compose.test.yml
  • Automatically fetch-and-resize image into Postgres blob.
    bin/oakadm oauth-client create --client-name "kkk" --logo-uri "https://gaiwan.co/content/images/2024/01/Gaiwan-logo-transparent-bg.png"
  • add logout icon && uri 截圖 2025-12-04 下午6.28.31
  • Generate backup code when setting up the TOTP.
  • Allow user to login using backup code.
- [x] when changing the password, it immediately logs you out, because now your authentication/claim is older than your credential. This is sort of by design, but it should log out other sessions, so we need to update the claim in the current session. - [x] Enforce login when user access /2fa/setup or /2fa/check. When redirect to login page, also shows a flash message to notify the user. - [x] Fix all the tests of dashboard previously commented out. - [x] Add the `docker-compose.test.yml` - [x] Automatically fetch-and-resize image into Postgres blob. `bin/oakadm oauth-client create --client-name "kkk" --logo-uri "https://gaiwan.co/content/images/2024/01/Gaiwan-logo-transparent-bg.png"` - [x] add logout icon && uri ![截圖 2025-12-04 下午6.28.31](/attachments/f834a5f4-06cd-4309-ab96-3e76b1c10987) - [x] Generate backup code when setting up the TOTP. - [x] Allow user to login using backup code.
截圖 2025-12-04 下午6.28.31.png
239 KiB
implement the feature that changing password but stays login
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Successful in 2m21s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m33s
Details
693811cb0b
1. Enforce login when user access /2fa/setup or /2fa/check
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m15s
Details
Build And Publish OCI Container / build (push) Successful in 2m43s
Details
4d1d70ca42 
2. When redirect to login page, also shows a flash message to notify the user
laurence force-pushed laurence/issue-11 from 4d1d70ca42
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m15s
Details
Build And Publish OCI Container / build (push) Successful in 2m43s
Details
to e69ea53362
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Successful in 2m36s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m34s
Details
2025-12-03 08:05:43 +00:00 Compare
fix password test using the new testing harness (with a mock router)
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m37s
Details
Build And Publish OCI Container / build (push) Successful in 2m49s
Details
b9b8ba25ee
fix enable/disable-totp-test using the next testing harness (with a mock router)
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Successful in 2m35s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m34s
Details
01ee6abeb4
re-enable full test in forgejo workflow
Some checks failed
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Successful in 2m37s
Details
Kaocha Test Runner / run_kaocha (pull_request) Failing after 2m38s
Details
0a6893dfe1
try to fix the gh actions error: not oak_test postgres db
Some checks failed
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Failing after 2m53s
Details
Build And Publish OCI Container / build (push) Successful in 3m21s
Details
f22220fc4f
change apis test for http-origin
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Successful in 2m34s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m43s
Details
c9af62d5b9
add logout uri
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Successful in 2m39s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m48s
Details
44da982ce5
finish fetch-and-resize
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m50s
Details
Build And Publish OCI Container / build (push) Successful in 3m13s
Details
9af1f69824
change /apis/proxy.clj to let to retrieve the blob from Postgres
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m53s
Details
Build And Publish OCI Container / build (push) Successful in 3m22s
Details
4bb1b3ae5e
add test to oak/lib/image.clj
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m49s
Details
Build And Publish OCI Container / build (push) Successful in 3m10s
Details
aa952bba4d
add middleware wrap-2fa-in-progress
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m52s
Details
Build And Publish OCI Container / build (push) Successful in 3m18s
Details
32db8d371f
add domain module for backup_code
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Successful in 2m44s
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m47s
Details
f5cb305cdf
1. Fix the bug
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 2m52s
Details
Build And Publish OCI Container / build (push) Successful in 3m16s
Details
2fdc2a1c82 
=> Previously, session may have more than one password identity.
2. Show backup codes when 2FA setup
allow user use backup-code to login
All checks were successful
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Kaocha Test Runner / run_kaocha (pull_request) Successful in 3m7s
Details
Build And Publish OCI Container / build (push) Successful in 3m43s
Details
bc9ee255b2
arne reviewed 2025-12-15 12:21:32 +00:00
resources/oak/assets/oak.js Outdated
@ -74,0 +79,4 @@
const codes = JSON.parse(dataStr);
// Alignment: a row for a code
const codesString = codes.join('\n');
const filename = "2fa-backup-codes.txt";
arne commented 2025-12-15 12:21:32 +00:00
Owner
Copy link

This should not be hard coded here, configure it in the DOM

This should not be hard coded here, configure it in the DOM
arne reviewed 2025-12-15 12:22:00 +00:00
deps.edn
@ -50,0 +49,4 @@
toyokumo/tarayo {:mvn/version "0.2.7"}
;; Image manipulation
image-resizer/image-resizer {:mvn/version "0.1.10"}}
arne commented 2025-12-15 12:22:00 +00:00
Owner
Copy link

You can do image scaling in plain Java/Clojure just fine, we can't justify this dependency.

You can do image scaling in plain Java/Clojure just fine, we can't justify this dependency.
Rework auth middleware and redirect handling
Some checks failed
API Doc Generation / generate_docs (pull_request) Has been skipped
Details
Build And Publish OCI Container / build (push) Failing after 7m36s
Details
Kaocha Test Runner / run_kaocha (pull_request) Failing after 13m48s
Details
e2cb352ab0
arne merged commit 4793ffab86 into main 2025-12-15 16:29:39 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

A defect that needs fixing

  
small

Little things that can be fixed trivially, best to batch these up

No labels
bug
small
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
gaiwan/Oak!12
No description provided.