Skip to content

SAML Support; user groups; External IDP-authoritative entitlements #3998

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
timfrazee wants to merge 67 commits into
base: docker/digital-ocean
Choose a base branch
from
Open

SAML Support; user groups; External IDP-authoritative entitlements #3998

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
6a46124
[F] Add env config
Sep 26, 2025
53ed09c
[C] Move saml configs to anyway config folder
Nov 6, 2025
ed5547c
[F] Add SAML Attributes
Nov 7, 2025
405cb25
[F] Integrate saml providers into identity record
Nov 13, 2025
63f1d75
[B] Remove validations for now to work around flaky errors
Nov 13, 2025
0625df6
[C] Add Omniauth CSRF gem
timfrazee Nov 17, 2025
c719d08
[E] Add security and claims to SAML provider
timfrazee Nov 17, 2025
920c49a
[E] Add route for SAML callback
timfrazee Nov 17, 2025
0f6acec
[C] Add test SAML env for dev
timfrazee Nov 17, 2025
2f130de
[F] User group scaffold
timfrazee Nov 20, 2025
b79dd4b
[B] Fix user group entitleable filename and inverse reference
timfrazee Nov 21, 2025
e555893
[F] Add external identifier model
Nov 21, 2025
7821f7e
[F] Add external identifier attribute to relevant strong params
timfrazee Nov 25, 2025
99ad835
[E] Add unique index to external_identifiers#identifier
timfrazee Nov 25, 2025
8ab0b2f
[F] Add CSRF handling for OmniAuth requests
timfrazee Nov 26, 2025
afac741
[E] Add externally identifiable scope
timfrazee Nov 26, 2025
03e56b6
[F] Add user group and entitlement parsing on OAuth callback
timfrazee Nov 26, 2025
89dc843
[F] Add authentication settings to settings payload
timfrazee Nov 26, 2025
e2de5e8
[E] Add Oauth redirect route
timfrazee Nov 26, 2025
2f6e11a
[F] Add routes + controller for user_group_membership
1aurend Nov 21, 2025
f985962
[F] Add user group entitleable controller
timfrazee Dec 1, 2025
2f7176a
[B] Fix oauth CSRF cookie generation
timfrazee Dec 4, 2025
cb6b92a
[F] Add support for post-oauth redirect and cookie-based token retrieval
timfrazee Dec 5, 2025
a16502b
[B] Fix external identifier identifiable relation
timfrazee Dec 8, 2025
da163b5
[B] Fix user group membership source relation
timfrazee Dec 8, 2025
56050c4
[E] Update tests; finalize identity-based group/entitlement management
timfrazee Dec 8, 2025
eda579d
[B] Fix omniauth callback route
timfrazee Dec 11, 2025
e61061b
[F] Add user_group_serializer + minor fixes for #index
1aurend Nov 20, 2025
546a3d1
[F] Setup includes for user_group#show
1aurend Nov 21, 2025
bdceae1
[F] Add initial admin routes + UI for user groups
1aurend Nov 20, 2025
b11163b
[F] Scaffold user group users list UI
1aurend Nov 20, 2025
5f81be3
[F] Scaffold login changes
1aurend Nov 20, 2025
70f4678
[F] Add externalId to projects + journals
1aurend Nov 20, 2025
12b0757
[F] Add simple UserGroupRow
1aurend Nov 20, 2025
0c386dc
[F] Wire up user group CRUD
1aurend Nov 21, 2025
5d9fc48
[B] Ensure list refreshes on add
1aurend Nov 21, 2025
a32182e
[C] Remove unused file
1aurend Nov 21, 2025
cfbbd70
[E] Expose external_identifier for user_group/project/journal
1aurend Dec 4, 2025
a6d3616
[F] Wire up external identifier fields
1aurend Dec 4, 2025
44e0f3f
[F] Read IDP values from settings
1aurend Dec 4, 2025
11f9dec
[F] Finish setting up user_group_membership endpoints
1aurend Dec 4, 2025
5cd4cdf
[F] Wire up CRD user group memberships
1aurend Dec 4, 2025
aff7056
[F] Finish setting up user_group_entitleable endpoints
1aurend Dec 4, 2025
06a7d88
[F] Add UI + wire up user group entitlements
1aurend Dec 4, 2025
531f6c3
[E] Add i18n keys + various clean up
1aurend Dec 4, 2025
32a8675
[C] Push updated lockfile
1aurend Dec 4, 2025
033eff0
[F] Scaffold oauth redirect route
1aurend Dec 5, 2025
b45767e
[E] Update defaultIDP handling to match settings structure
1aurend Dec 5, 2025
a3bc997
[B] Fix error param check
1aurend Dec 5, 2025
3c687a2
[F] Move Oauth auth token from session to cookie
timfrazee Dec 11, 2025
c165ed0
[F] Update FE oauth redirect cookie name and redirect parsing
timfrazee Dec 11, 2025
a2f1e1e
[B] Fix assignment and serialization of external identifiers
timfrazee Dec 11, 2025
9cccd3b
[B] Fix provider login button styles
1aurend Dec 15, 2025
9678000
[B] Ensure homepage projects refetch on login/out
1aurend Dec 15, 2025
ff97efb
[E] Use SAML IDP display name for button
timfrazee Dec 15, 2025
3112208
[E] Limit oauth cookie to domain
timfrazee Dec 15, 2025
8d32feb
[B] Fix lookup of existing external identifiers for managed entitlements
timfrazee Dec 16, 2025
5bbf6bf
[C] Update oauth tests
timfrazee Dec 16, 2025
8512ff2
[F] Add ability to hide SAML providers but remain enabled
timfrazee Dec 16, 2025
b3a721f
[B] Fix default login link URL
timfrazee Dec 16, 2025
5875d4a
[B] Add amd64/linux platform to lockfile
timfrazee Dec 16, 2025
2035ce6
[C] Lint
timfrazee Dec 16, 2025
5e7381d
[B] Add null check on UserRow memberIds
1aurend Jan 16, 2026
3015590
[B] Remove duplicate index in structure.sql
timfrazee Feb 16, 2026
fb7c0cb
[B] Fix deprecated syntax for parsing CSS rulesets
timfrazee Feb 16, 2026
dea8d84
[C] Update and fix failing tests
timfrazee Feb 17, 2026
c3286dc
[C] Lint
timfrazee Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions api/Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@ gem "oj", "~> 3.16"
gem "omniauth", "~> 2.1.3"
gem "omniauth-facebook", "~> 4.0.0"
gem "omniauth-google-oauth2", "~> 0.4"
gem "omniauth-rails_csrf_protection", "~> 1.0"
gem 'omniauth-saml'
gem "omniauth-twitter", "~> 1.4.0"
gem "paleta", "~> 0.3.0"
gem "pandoc-ruby", "~> 2.0"
Expand Down
Loading
Loading