Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MeB OAuth - latest iteration #477

Open
wants to merge 93 commits into
base: master
Choose a base branch
from
Open

MeB OAuth - latest iteration #477

wants to merge 93 commits into from

Conversation

amCap1712
Copy link
Member

No description provided.

MonkeyDo and others added 30 commits August 30, 2024 22:08
@MonkeyDo @amCap1712
Create new OAuth login page
6639879 
Initial commit with basic HTML + CSS
@MonkeyDo @amCap1712
Use more generic css class names
ca77eec 
 so that we can use the same styles for the signup (create account) page
@MonkeyDo @amCap1712
Add initial signup page
ec32347
@MonkeyDo @amCap1712
Small improvements of the signup page
3a24b94 
+ made some links real
@MonkeyDo @amCap1712
Bigger TOC modal
fe3e68e
@MonkeyDo @amCap1712
Improve login/signup logos
8c6ab8c
@MonkeyDo @amCap1712
Change sign in page header
ad1f7fa
@amCap1712
Fix typos
425e882
@amCap1712
Initial Login System
b65403b
@amCap1712
Add errors to login forms
5f46ea2
@amCap1712
Remove user to supporter throughout the codebase - 2
0727b5d 
Rename the actual tables and some changes that I missed the last time around.
@amCap1712
Initial OAuth Work commit
5406520
@amCap1712
Add CodeChallenge extension to authorization code flow
f9fa516
@amCap1712
Add ImplicitGrant
30cd2a2
@amCap1712
Add RefreshTokenGrant
ff71f97
@amCap1712
Add revocation endpoint
4700ac1
@amCap1712
second commit
28f444c
@amCap1712
Update models
0af3895
@amCap1712
misc updates
ad9d678
@amCap1712
update authlib and implementation
dc44709
@amCap1712
more updates
6cb6885
@amCap1712
misc fixes
a7827d9
@amCap1712
misc fixes - 2
7697bec
@amCap1712
add introspection endpoint
320d110
@amCap1712
fix return
33168eb
@amCap1712
fix bugs
7ff6a54
@amCap1712
Create dummy oauth."user" table
2ac29e6
@amCap1712
temp fix for create_tables oauth
63d0ccb
@amCap1712
fix before_first_request
913ea21
@amCap1712
fix before_first_request -2
8eeb00a
amCap1712 and others added 16 commits August 30, 2024 22:08
@amCap1712
misc fixes - 2
04457fb
@amCap1712
misc improvements
0f9d2f5 
security hardening by detecting code reuse, adding arbitrary fragment. improved
token format. made static resources work in dev and prod.
@amCap1712
add post method to authorization endpoint - 2
a62bf81 
add post method to authorization endpoint
@amCap1712
add security headers to oauth2 blueprint
ebe028c
@amCap1712
add form post response mode
06e253f
@amCap1712
revoke tokens if old refresh token is used
85435bb
@amCap1712
do not auto approve for implicit grant
5c35f9f
@amCap1712
add more tests
fcdb514
@amCap1712
refactor tests
7243681
@amCap1712
remove post authentication from authorize endpoint
00af984 
need to look into security concerns about previous oauth attempts' data left
in session. because the post data needs to be saved in session while the user is
redirected to login. considered server side sessions but not sure if its enough.
will probably need timestamps and some hashing to invalidate and careful checks
to ensure data between two requests is not mixed. not worth the pains for now.
@amCap1712
Add header tests
f601784
@amCap1712
remove post authentication tests
dcd10c7
@amCap1712
add tests for access token and refresh token format
cf10335
@amCap1712
fix delete application and improve delete flow
85ed247
@amCap1712
allow any client to introspect any token
36e0d3d
@MonkeyDo @amCap1712
Fix applications page table overflow
835d2db
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 30, 2024
edited
Loading

Test Results

179 tests  +112   109 ✅ +42   26s ⏱️ +17s
  1 suites ±  0     5 💤 + 5 
  1 files   ±  0    65 ❌ +65 

For more details on these failures, see this check.

Results for commit 7271352. ± Comparison against base commit d35a224.

♻️ This comment has been updated with latest results.

@MonkeyDo
Copy link
Member

I have applied the last bits of feedback to the OAuth applications pages based on the comments of the design figma
https://www.figma.com/design/L0qNv3z5vSkNDoiX7BzaY5/MetaBrainz-redesign?node-id=0-1&node-type=canvas

We might eventually want to restyle these pages, but as aerozol commented on that figma: "Looks good, just needs to be functional"

MonkeyDo
MonkeyDo reviewed Nov 7, 2024
View reviewed changes
frontend/js/src/forms/DeleteApplication.tsx
Comment on lines +46 to +57
<div className="form-group">
<div className="col-md-offset-3 col-md-1">
<a href={cancel_url} className="btn btn-default">
Cancel
</a>
</div>
<div className="col-md-1" style={{ marginLeft: "8px" }}>
<button type="submit" className="btn btn-danger">
Delete
</button>
</div>
</div>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On smaller sizes the button stack up weirdly.
image

You can use a bootstrap btn-group instead of using col-* utilities like so:

Suggested change
<div className="form-group">
<div className="col-md-offset-3 col-md-1">
<a href={cancel_url} className="btn btn-default">
Cancel
</a>
</div>
<div className="col-md-1" style={{ marginLeft: "8px" }}>
<button type="submit" className="btn btn-danger">
Delete
</button>
</div>
</div>
<div className="btn-group">
<a href={cancel_url} className="btn btn-default">
Cancel
</a>
<button type="submit" className="btn btn-danger" style={{ marginLeft: "8px" }}>
Delete
</button>
</div>

Result
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MonkeyDo MonkeyDo MonkeyDo left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amCap1712 @MonkeyDo