diff --git a/README.md b/README.md index 923d75b..b39a369 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ Standard OAuth2/OIDC provider with endpoints: Features: - **Refresh tokens** - Long-lived tokens (30 days default) with automatic rotation and revocation +- **Token family tracking** - Advanced security detects token replay attacks and revokes compromised token families - **Configurable token expiry** - Set access token (5min-24hr), refresh token (1-90 days), and ID token TTL per application - **Token security** - BCrypt-hashed tokens, automatic cleanup of expired tokens - **Pairwise subject identifiers** - Each user gets a unique, stable `sub` claim per application for enhanced privacy diff --git a/VERSION b/VERSION deleted file mode 100644 index 919d666..0000000 --- a/VERSION +++ /dev/null @@ -1 +0,0 @@ -2025.03 diff --git a/app/controllers/oidc_controller.rb b/app/controllers/oidc_controller.rb index 8da8d4f..6cdf658 100644 --- a/app/controllers/oidc_controller.rb +++ b/app/controllers/oidc_controller.rb @@ -20,7 +20,7 @@ class OidcController < ApplicationController grant_types_supported: ["authorization_code", "refresh_token"], subject_types_supported: ["public"], id_token_signing_alg_values_supported: ["RS256"], - scopes_supported: ["openid", "profile", "email", "groups"], + scopes_supported: ["openid", "profile", "email", "groups", "offline_access"], token_endpoint_auth_methods_supported: ["client_secret_post", "client_secret_basic"], claims_supported: ["sub", "email", "email_verified", "name", "preferred_username", "groups", "admin"], code_challenge_methods_supported: ["plain", "S256"], diff --git a/app/views/admin/applications/_form.html.erb b/app/views/admin/applications/_form.html.erb index 9681d02..c65f988 100644 --- a/app/views/admin/applications/_form.html.erb +++ b/app/views/admin/applications/_form.html.erb @@ -19,14 +19,27 @@
<%= form.label :icon, "Application Icon", class: "block text-sm font-medium text-gray-700" %> - <% if application.icon.attached? %> -
- <%= image_tag application.icon, class: "h-16 w-16 rounded-lg object-cover border border-gray-200", alt: "Current icon" %> -
-

Current icon

-

<%= number_to_human_size(application.icon.blob.byte_size) %>

+ <% begin %> + <% if application.icon.attached? && application.persisted? && application.icon.blob&.persisted? %> +
+ <%= image_tag application.icon, class: "h-16 w-16 rounded-lg object-cover border border-gray-200", alt: "Current icon" %> +
+

Current icon

+

<%= number_to_human_size(application.icon.blob.byte_size) %>

+
-
+ <% end %> + <% rescue ArgumentError => e %> + <%# Handle case where icon attachment exists but can't generate signed_id %> + <% if e.message.include?("Cannot get a signed_id for a new record") %> +
+

Icon uploaded

+

File will be processed shortly

+
+ <% else %> + <%# Re-raise if it's a different error %> + <% raise e %> + <% end %> <% end %>
diff --git a/config/initializers/version.rb b/config/initializers/version.rb index 44088ef..d0948b5 100644 --- a/config/initializers/version.rb +++ b/config/initializers/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Clinch - VERSION = "0.6.0" + VERSION = "0.6.1" end diff --git a/config/storage.yml b/config/storage.yml index 927dc53..70822eb 100644 --- a/config/storage.yml +++ b/config/storage.yml @@ -4,7 +4,7 @@ test: local: service: Disk - root: <%= Rails.root.join("storage") %> + root: <%= Rails.root.join("storage/uploads") %> # Use bin/rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key) # amazon: