github/zot

Fork 0

mirror of https://github.com/project-zot/zot.git synced 2026-06-17 21:17:58 +08:00

Commit Graph

Author	SHA1	Message	Date
Andrei Aaron	9425ca8b7d	fix(auth): prevent open redirect via callback_ui (#3844 ) Validate callback_ui and default invalid values to /. Allow absolute callback_ui only when its origin is allowlisted via http.auth.openid.callbackAllowOrigins (and externalUrl). Add/adjust unit + controller tests and update examples/docs for relative vs allowlisted absolute redirect Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>	2026-03-08 08:13:16 +02:00
Ramkumar Chinchani	64829f9502	feat: allow claim mapping for user name with oidc (#3540 ) * feat: allow claim mapping for user name with oidc * feat: bats test for claim mapping * test: fix dex config in openid mapping test Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * test: add panva idp Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix: address copilot comments Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> Co-authored-by: Sky Moore <i@msky.me>	2025-11-20 08:54:56 -08:00

Author

SHA1

Message

Date

Andrei Aaron

9425ca8b7d

fix(auth): prevent open redirect via callback_ui (#3844 )

Validate callback_ui and default invalid values to /.
Allow absolute callback_ui only when its origin is allowlisted via http.auth.openid.callbackAllowOrigins (and externalUrl).
Add/adjust unit + controller tests and update examples/docs for relative vs allowlisted absolute redirect

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

2026-03-08 08:13:16 +02:00

Ramkumar Chinchani

64829f9502

feat: allow claim mapping for user name with oidc (#3540 )

* feat: allow claim mapping for user name with oidc

* feat: bats test for claim mapping

* test: fix dex config in openid mapping test

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* test: add panva idp

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix: address copilot comments

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
Co-authored-by: Sky Moore <i@msky.me>

2025-11-20 08:54:56 -08:00

2 Commits