Security refactor - Githubissues

jasperweyne / helpless-kiwi

Manage members, create and manage activities, send mails and more

Apache License 2.0

11 stars 7 forks source link

Security refactor #319

Closed mkrugr closed 1 year ago

mkrugr commented 1 year ago

This pull-request fixes the 'optional' oidc-client class, some broken yaml configs. In addition it provides our third authentication method. This time by means of access tokens, which is the correct way of implementing this.

Lastly it updates a few packages, including a lot of symfony bundles. Symfony 5.4 is now enforced across all bundles.

mkrugr commented 1 year ago

I will fix these tests later

jasperweyne commented 1 year ago

I see that currently, the OptionalOidcClient has been removed, but no alternative solution has been implemented. How are you planning on supporting setups without OIDC enabled? eg.: Screenshot 2022-11-05 at 15-27-28 Invalid well known url (http ___ well-known_openid-configuration) for OIDC (500 Internal Server Error)

mkrugr commented 1 year ago

I agree with Jasper that this pull request should be split in multiple ones.

mkrugr commented 1 year ago

I therefore close this branch and shall upload seperate pull requests.