forgejo-tickets

Commit Graph

Author	SHA1	Message	Date
Matthew Knight	4298b7f5f5	Use dropdowns for filters	2026-02-18 19:07:04 -08:00
Matthew Knight	e0b5fd8938	Merge pull request 'Fix rendering, create render tests' (#64 ) from frontend-fixes into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/64	2026-02-19 01:59:00 +00:00
Matthew Knight	2687fe3603	Fix rendering, create render tests	2026-02-18 17:37:31 -08:00
Matthew Knight	51eeb4c9c1	Merge pull request 'Add pagination and filters to ticket tables' (#63 ) from pagination-and-filtering into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/63	2026-02-19 00:23:00 +00:00
Matthew Knight	537199169e	Add pagination and filters to ticket tables	2026-02-18 16:21:38 -08:00
Matthew Knight	0f4286032d	Merge pull request 'Handle 201 when ensuring ticket is open' (#62 ) from update-fix into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/62	2026-02-18 23:40:02 +00:00
Matthew Knight	ee703b08e4	Handle 201 when ensuring ticket is open	2026-02-18 15:38:49 -08:00
Matthew Knight	a59088dc35	Merge pull request 'Fix security vulnerabilities identified in pre-deployment audit' (#61 ) from more-security-fixes into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/61	2026-02-18 20:31:34 +00:00
Matthew Knight	199642242f	Fix security vulnerabilities identified in pre-deployment audit - Regenerate session ID on login to prevent session fixation (H1) - Add mutex to login lockout counters to fix race condition (H2) - Validate issuer/audience claims on Apple ID tokens (M2) - Verify comment belongs to ticket's issue to prevent attachment IDOR (M4) - Stop SSO from re-approving admin-disapproved users (M3) - Add Content-Security-Policy header (M1) - Configure trusted proxies via TRUSTED_PROXIES env var (M6) - Cap password length at 128 for bcrypt truncation (L1) - Set Secure flag on flash cookies over HTTPS (L2) - Rate-limit POST /reset-password (L3) - Add authenticated password change at /account/password (L4) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 12:30:23 -08:00
Matthew Knight	08dd063049	Merge pull request 'Fixes #7' (#60 ) from email-settings into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/60	2026-02-18 17:26:03 +00:00
Matthew Knight	793b1883a9	Fixes #7	2026-02-18 09:24:42 -08:00
Matthew Knight	09a3155870	Merge pull request 'Remove dead code' (#59 ) from dead-code into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/59	2026-02-18 01:14:06 +00:00
Matthew Knight	8eaa27bb31	Remove dead code	2026-02-17 17:07:32 -08:00
Matthew Knight	86cfdcff52	Merge pull request 'Unify UI' (#58 ) from unify-ui into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/58	2026-02-18 00:48:42 +00:00
Matthew Knight	d9eede4c15	Merge branch 'main' into unify-ui	2026-02-17 16:46:48 -08:00
Matthew Knight	413f3e0015	Merge pull request 'Configure file upload size limit' (#57 ) from fix/upload-size-limit into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/57	2026-02-18 00:36:46 +00:00
Matthew Knight	3884124a3d	Merge pull request 'Add logging for SSO user creation' (#56 ) from fix/sso-rate-logging into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/56	2026-02-18 00:35:54 +00:00
Matthew Knight	24f2522830	Merge pull request 'Remove dummy user_id from OAuth state sessions' (#55 ) from fix/oauth-state-session into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/55	2026-02-18 00:35:25 +00:00
Matthew Knight	e5be422854	Merge pull request 'Verify Apple ID token signature against JWKS' (#53 ) from fix/apple-token-verification into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/53	2026-02-18 00:35:17 +00:00
Matthew Knight	eee2a0c6dd	Merge pull request 'Limit webhook body size to 1MB' (#52 ) from fix/webhook-body-limit into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/52	2026-02-18 00:35:11 +00:00
Matthew Knight	731a928316	Merge pull request 'Disable static file directory listing' (#51 ) from fix/static-dir-listing into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/51	2026-02-18 00:28:19 +00:00
Matthew Knight	8e0cbf196b	Merge pull request 'Add server binary to .gitignore' (#50 ) from fix/gitignore-server into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/50	2026-02-18 00:27:28 +00:00
Matthew Knight	dcea18bcac	Merge pull request 'Add password complexity requirements' (#49 ) from fix/password-complexity into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/49	2026-02-18 00:26:40 +00:00
Matthew Knight	2b2f7b84f0	Merge pull request 'Add account lockout after failed login attempts' (#48 ) from fix/account-lockout into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/48	2026-02-18 00:25:49 +00:00
Matthew Knight	0982129bf1	Merge pull request 'Add periodic cleanup for expired email tokens' (#47 ) from fix/email-token-cleanup into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/47	2026-02-18 00:24:50 +00:00
Matthew Knight	dca569b278	Merge pull request 'Use session-based flash messages instead of query params' (#46 ) from fix/session-flash into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/46	2026-02-18 00:24:02 +00:00
Matthew Knight	9449b271f5	Add periodic cleanup for expired email tokens Fixes #34 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:20:24 -08:00
Matthew Knight	8603b0bfb5	Use session-based flash messages instead of query params Fixes #33 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:19:06 -08:00
Matthew Knight	9e4eef294a	Merge pull request 'Add security response headers' (#45 ) from fix/security-headers into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/45	2026-02-18 00:17:41 +00:00
Matthew Knight	576d44427a	Merge pull request 'Pin Mermaid.js version with SRI integrity hash' (#44 ) from fix/mermaid-sri into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/44	2026-02-18 00:16:51 +00:00
Matthew Knight	f258429557	Add account lockout after failed login attempts Fixes #32 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:15:02 -08:00
Matthew Knight	ec94d94453	Merge pull request 'Sanitize Content-Disposition filename in downloads' (#43 ) from fix/content-disposition-injection into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/43	2026-02-18 00:14:50 +00:00
Matthew Knight	cba9b5c408	Add password complexity requirements Require at least one uppercase letter, one lowercase letter, and one digit in addition to the existing 8-character minimum. Fixes #31 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:14:01 -08:00
Matthew Knight	fdcccce476	Merge pull request 'Validate proxy download URL host to prevent SSRF' (#42 ) from fix/ssrf-proxy-download into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/42	2026-02-18 00:13:09 +00:00
Matthew Knight	b8ff9df7ca	Add server binary to .gitignore Fixes #29 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:13:02 -08:00
Matthew Knight	f839444d3b	Disable static file directory listing Fixes #28 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:12:47 -08:00
Matthew Knight	5761872988	Pin Mermaid.js version with SRI integrity hash Fixes #27 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:12:25 -08:00
Matthew Knight	f1b20edbe3	Merge pull request 'Require minimum 32-byte SESSION_SECRET' (#41 ) from fix/session-secret-validation into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/41	2026-02-18 00:11:21 +00:00
Matthew Knight	d33c138867	Merge pull request 'Escape user-supplied values in HTML email templates' (#40 ) from fix/email-html-injection into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/40	2026-02-18 00:10:34 +00:00
Matthew Knight	c56b803010	Validate proxy download URL host to prevent SSRF Fixes #26 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:07:31 -08:00
Matthew Knight	d780a3403a	Verify Apple ID token signature against JWKS Fixes #25 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:06:41 -08:00
Matthew Knight	c24f712cb6	Remove dummy user_id from OAuth state sessions Use a simple signed cookie for OAuth state instead of PGStore, which required a dummy user_id placeholder to satisfy the session store's save logic. Fixes #24 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:05:33 -08:00
Matthew Knight	1c0eb3be86	Configure file upload size limit Fixes #23 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:04:35 -08:00
Matthew Knight	b6c15e4d5c	Add logging for SSO user creation Fixes #22 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:04:08 -08:00
Matthew Knight	f4049d3015	Limit webhook body size to 1MB Fixes #21 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:03:43 -08:00
Matthew Knight	1af9d67525	Require minimum 32-byte SESSION_SECRET Fixes #20 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:03:05 -08:00
Matthew Knight	244e530d4a	Escape user-supplied values in HTML email templates Fixes #19 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:02:01 -08:00
Matthew Knight	bcc912077d	Add security response headers Fixes #18 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 16:00:56 -08:00
Matthew Knight	ace0c06362	Sanitize Content-Disposition filename in downloads Fixes #17 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-17 15:59:54 -08:00
Matthew Knight	e3ef03ddcd	Merge pull request 'Add rate limiting to authentication endpoints' (#39 ) from fix/auth-rate-limiting into main Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/39	2026-02-17 23:59:36 +00:00

1 2

90 Commits All Branches Search

90 Commits

All Branches