mirror
/
pixelfed
kopia lustrzana https://github.com/pixelfed/pixelfed
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność
11 568 Commity
17 Gałęzie
44 Tagi
119 MiB
Wykres commitów

3 Commity (26887c7672526f463f0a2db56f3e953df7a55613)

Autor SHA1 Wiadomość Data
Daniel Supernault 26887c7672
Update OIDC config with comments, and disable tests as we dont have db tests configured 2025-05-02 00:40:12 -06:00
Gavin Mogan 70584b47c5 Fixes for items highlighted by review.ai 
* Consider using `hash_equals()` instead of `==` when comparing the state values to prevent timing attacks:
`abort_unless(hash_equals($request->input('state'), $request->session()->pull('oauth2state')), 400, 'invalid
state');`
* For better data integrity, consider adding a foreign key constraint to the user_id column: `$table-
>foreign('user_id')->references('id')->on('users')->onDelete('cascade');`
* Does the OIDC provider guarantee that the username field exists in the userInfo data? Consider adding a
null check or fallback: `$userInfoData[config('remote-auth.oidc.field_username')] ?? null`
 2025-04-24 21:28:44 -07:00
Gavin Mogan 441c8e0d4c Generic OIDC Support 
* Everything should be configurable by env variables
* Basic request tests
 2025-04-24 21:28:44 -07:00