Add a subdirectory for active storage

README.md

@@ -94,6 +94,7 @@ Standard OAuth2/OIDC provider with endpoints:
 
 Features:
 - **Refresh tokens** - Long-lived tokens (30 days default) with automatic rotation and revocation
+- **Token family tracking** - Advanced security detects token replay attacks and revokes compromised token families
 - **Configurable token expiry** - Set access token (5min-24hr), refresh token (1-90 days), and ID token TTL per application
 - **Token security** - BCrypt-hashed tokens, automatic cleanup of expired tokens
 - **Pairwise subject identifiers** - Each user gets a unique, stable `sub` claim per application for enhanced privacy

VERSION

@@ -1 +0,0 @@
-2025.03

app/controllers/oidc_controller.rb

@@ -20,7 +20,7 @@ class OidcController < ApplicationController
       grant_types_supported: ["authorization_code", "refresh_token"],
       subject_types_supported: ["public"],
       id_token_signing_alg_values_supported: ["RS256"],
-      scopes_supported: ["openid", "profile", "email", "groups"],
+      scopes_supported: ["openid", "profile", "email", "groups", "offline_access"],
       token_endpoint_auth_methods_supported: ["client_secret_post", "client_secret_basic"],
       claims_supported: ["sub", "email", "email_verified", "name", "preferred_username", "groups", "admin"],
       code_challenge_methods_supported: ["plain", "S256"],

app/views/admin/applications/_form.html.erb

@@ -19,14 +19,27 @@
 
   <div>
     <%= form.label :icon, "Application Icon", class: "block text-sm font-medium text-gray-700" %>
-    <% if application.icon.attached? %>
-      <div class="mt-2 mb-3 flex items-center gap-4">
-        <%= image_tag application.icon, class: "h-16 w-16 rounded-lg object-cover border border-gray-200", alt: "Current icon" %>
-        <div class="text-sm text-gray-600">
-          <p class="font-medium">Current icon</p>
-          <p class="text-xs"><%= number_to_human_size(application.icon.blob.byte_size) %></p>
+    <% begin %>
+      <% if application.icon.attached? && application.persisted? && application.icon.blob&.persisted? %>
+        <div class="mt-2 mb-3 flex items-center gap-4">
+          <%= image_tag application.icon, class: "h-16 w-16 rounded-lg object-cover border border-gray-200", alt: "Current icon" %>
+          <div class="text-sm text-gray-600">
+            <p class="font-medium">Current icon</p>
+            <p class="text-xs"><%= number_to_human_size(application.icon.blob.byte_size) %></p>
+          </div>
         </div>
-      </div>
+      <% end %>
+    <% rescue ArgumentError => e %>
+      <%# Handle case where icon attachment exists but can't generate signed_id %>
+      <% if e.message.include?("Cannot get a signed_id for a new record") %>
+        <div class="mt-2 mb-3 text-sm text-gray-600">
+          <p class="font-medium">Icon uploaded</p>
+          <p class="text-xs">File will be processed shortly</p>
+        </div>
+      <% else %>
+        <%# Re-raise if it's a different error %>
+        <% raise e %>
+      <% end %>
     <% end %>
 
     <div class="mt-2" data-controller="file-drop">

config/initializers/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Clinch
-  VERSION = "0.6.0"
+  VERSION = "0.6.1"
 end

config/storage.yml

@@ -4,7 +4,7 @@ test:
 
 local:
   service: Disk
-  root: <%= Rails.root.join("storage") %>
+  root: <%= Rails.root.join("storage/uploads") %>
 
 # Use bin/rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
 # amazon: