starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-12-24 17:25:00 +03:00
Code Issues 418 Packages Projects Releases 12 Wiki Activity
635 Commits 2 Branches 48 Tags
01a7e3a57d962b86fffd1e990f2e25db3dff27e5
Commit Graph

86 Commits

Author SHA1 Message Date
dependabot[bot]
5f6528fa42 chore(deps): Bump rollup from 2.79.1 to 2.79.2 in /client (#898) 
Bumps [rollup](https://github.com/rollup/rollup) from 2.79.1 to 2.79.2.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.79.1...v2.79.2)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-02 12:32:10 +02:00
Maksim Eltyshev
a0f584e814 chore: Update version 2024-09-16 21:21:30 +02:00
Maksim Eltyshev
10001db8cf chore: Update dependencies 2024-09-16 12:04:56 +02:00
dependabot[bot]
1f261fe7b6 chore(deps): Bump micromatch from 4.0.7 to 4.0.8 in /client (#879) 
Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.7 to 4.0.8.
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/micromatch/compare/4.0.7...4.0.8)

---
updated-dependencies:
- dependency-name: micromatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-13 22:43:00 +02:00
dependabot[bot]
a9957481b6 chore(deps): Bump send and express in /client (#877) 
Bumps [send](https://github.com/pillarjs/send) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](https://github.com/pillarjs/send/compare/0.18.0...0.19.0)

Updates `express` from 4.19.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.19.2...4.21.0)

---
updated-dependencies:
- dependency-name: send
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-13 22:42:39 +02:00
dependabot[bot]
36b05a5478 chore(deps): Bump webpack from 5.91.0 to 5.94.0 in /client (#864) 
Bumps [webpack](https://github.com/webpack/webpack) from 5.91.0 to 5.94.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.91.0...v5.94.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-13 22:42:08 +02:00
dependabot[bot]
6a7a582045 chore(deps): Bump socket.io-parser from 3.3.3 to 3.3.4 in /client (#833) 
Bumps [socket.io-parser](https://github.com/Automattic/socket.io-parser) from 3.3.3 to 3.3.4.
- [Release notes](https://github.com/Automattic/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/3.3.4/CHANGELOG.md)
- [Commits](https://github.com/Automattic/socket.io-parser/compare/3.3.3...3.3.4)

---
updated-dependencies:
- dependency-name: socket.io-parser
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-23 12:50:41 +02:00
Maksim Eltyshev
9dc38932fb feat: Languages with country codes 2024-07-21 19:33:57 +02:00
Maksim Eltyshev
b8d7e713b9 chore: Update dependencies 2024-06-02 01:34:03 +02:00
Maksim Eltyshev
fff0552081 chore: Update dependencies 
Closes #726
 2024-04-23 15:45:47 +02:00
HannesOberreiter
cc32daa009 feat: Display clickable links in tasks (#694) 
Closes #330
 2024-04-10 15:53:05 +02:00
Maksim Eltyshev
9e8ff3b579 chore: Revert remark-gfm update 2023-11-23 14:40:44 +01:00
Maksim Eltyshev
239611ad51 chore: Update dependencies 2023-11-17 14:34:10 +01:00
Lorenz Brun
743f2956c8 feat: Improve OIDC SSO (#524) 
The OIDC implementation merged in https://github.com/plankanban/planka/pull/491 is flawed for multiple reasons.

It assumes that the access_token returned by the IDP has to be a JWT parseable by the RP which is not the case [1].
Many major IDPs do issue tokens which are not JWTs and RPs should not rely on the contents of these at all.
The only signed token which has a standardized format for direct RP consumption is the OIDC ID token (id_token), but this by default doesn't contain many claims, especially role claims are omitted from them by default for size reasons. To get these additional claims into the ID token, one needs an IDP with support for the "claims" parameter.

It requires manual specification of the JWKS URL which is mandatory in any OIDC discovery document and thus never needs to be manually specified.

It also makes the questionable decision to use a client-side code flow with PKCE where a normal code flow would be much more appropriate as all user data is processed in the backend which can securely hold a client secret (confidential client). This has far wider IDP support, is safer (due to direct involvement of the IDP in obtaining user information) and doesn't require working with ID tokens and claim parameters.

By using a server-side code flow we can also offload most complexity to the server alone, no longer requiring an additional OIDC library on the web client.

Also silent logout doesn't work on most IDPs for security reasons, one needs to actually redirect the user over to the IDP, which then prompts them once more if they actually want to log out.

This implementation should work with any OIDC-compliant IDP and even OAuth 2.0-only IDPs as long as they serve and OIDC discovery document.

[1] rfc-editor.org/rfc/rfc6749#section-5.1
 2023-10-19 17:39:21 +05:00
Maksim Eltyshev
8e0c60f5be fix: OIDC finalization and refactoring 2023-10-17 19:18:19 +02:00
gorrilla10101
107cb85ba2 feat: OIDC with PKCE flow (#491) 2023-09-04 20:06:59 +05:00
dependabot[bot]
d627a19935 chore(deps): Bump json5 from 1.0.1 to 1.0.2 in /client (#370) 
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 02:26:00 +05:00
Maksim Eltyshev
a858419f3c fix: Fix router synchronization with redux store 2022-12-15 01:34:48 +01:00
Maksim Eltyshev
db4e5a89f9 fix: Improve building 2022-11-30 02:50:38 +01:00
Maksim Eltyshev
b0d23373c0 chore: Update dependencies 2022-11-21 00:54:05 +01:00
Rafly Maulana
5381d45e50 meta: Share global eslint config, move prettier config (#339) 2022-11-21 00:22:01 +05:00
Maksim Eltyshev
9495234066 ref: Little refactoring 2022-11-20 15:05:21 +01:00
Jacques Lorentz
b08e731419 fix: Front-end base url with path (#303) 
Closes #43, closes #111, closes #272
 2022-09-30 14:48:58 +05:00
Maksim Eltyshev
e5bd73f33e fix: Prevent popup from leaving window 2022-09-16 14:39:41 +05:00
Maksim Eltyshev
3df07c10fa fix: Use password strength estimator 
Closes #294
 2022-09-03 22:47:06 +05:00
SimonTagne
7786533a90 feat: Improve security of access tokens (#279) 
Closes #275
 2022-08-09 21:03:21 +05:00
Maksim Eltyshev
fe62180cda chore: Update dependencies 2022-07-24 17:04:26 +02:00
Maksim Eltyshev
86e4864d1b feat: Add gallery for attachments 2022-06-20 18:27:39 +02:00
ejo090
76fcd79203 fix: Fix markdown line breaks 
Closes #257
 2022-06-06 17:37:43 +05:00
Maksim Eltyshev
486e663a3d feat: Store accessToken in cookies instead of localStorage 2022-04-26 18:01:55 +05:00
Maksim Eltyshev
6f219e5368 Fix pre-commit hook, update dependencies 2022-04-19 02:52:19 +05:00
Maksim Eltyshev
e239d85901 Update dependencies 2022-04-16 00:08:14 +05:00
Maksim Eltyshev
f539e7b76d Fix language loading. Closes #207 2022-03-31 02:23:44 +05:00
Maksim Eltyshev
0c92623109 Update dependencies 2022-02-09 00:56:01 +05:00
Maksim Eltyshev
1a5c0f53f8 Fix board deletion, update dependencies. Closes #146 2021-08-02 17:23:56 +05:00
Maksim Eltyshev
b39119ace4 Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00
Maksim Eltyshev
a3d1a8a09a Add support for GitHub Flavored Markdown. Closes #107 2021-03-25 21:32:31 +05:00
Maksim Eltyshev
cf21bef9ee Fix file attach from clipboard when copy from browser. Closes #96 2021-03-20 03:33:16 +05:00
Maksim Eltyshev
f718464940 Fix variables in update-card, update dependencies. Closes #85 2021-02-10 17:39:41 +05:00
Maksim Eltyshev
3d6f9cc0e5 Adjust label width, update dependencies. Closes #75 2021-01-09 18:42:16 +05:00
Maksim Eltyshev
179ad3610f Update dependencies 2020-12-18 01:02:28 +05:00
Maksim Eltyshev
de1f7c7564 Update dependencies 2020-11-20 06:01:42 +05:00
Maksim Eltyshev
c28fada7ee Update readme, update dependencies 2020-10-20 16:10:25 +05:00
Maksim Eltyshev
ab020fc324 Update dependencies 2020-09-28 04:40:10 +05:00
Maksim Eltyshev
767d39586c Add test libs, update dependencies 2020-08-20 15:35:46 +05:00
Maksim Eltyshev
8fc6bb2e3e Update dependencies 2020-08-11 20:45:35 +05:00
Maksim Eltyshev
c6ee7d54bb Prepare for collection board type, refactoring, update dependencies 2020-08-04 01:32:46 +05:00
Maksim Eltyshev
2d92ade8dc Add scrollbar for board tabs, update dependencies 2020-06-08 18:49:40 +05:00
Maksim Eltyshev
ff95a12578 Background gradients, migrate from CSS to SCSS, remove !important 2020-05-29 19:31:19 +05:00
Maksim Eltyshev
38f68c1b82 Update dependencies 2020-05-26 14:10:06 +05:00