jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ghostguild-org/server/utils
History
Jennie Robinson Faber 39eb9e039a
Some checks failed
Test / vitest (push) Failing after 6m9s
Details
Test / playwright (push) Has been skipped
Details
Test / visual (push) Has been skipped
Details
Test / Notify on failure (push) Successful in 2s
Details
fix(auth): auto-submit OIDC logout form to eliminate xsrf desync 
Users clicking sign-out in the wiki were getting 'xsrf token invalid'.
The old logoutSource extracted the xsrf from oidc-provider's form into
a separate short-lived cookie and bounced through /auth/logout-confirm,
but that dance kept desyncing — the xsrf on the eventual submit didn't
always match the session state on /oidc/session/end/confirm.

Drop the custom confirmation page and auto-submit oidc-provider's own
form inline from logoutSource. The xsrf stays inside the original form
HTML the provider generated, so the validation is guaranteed to match.
Clicking sign-out in the wiki is already confirmation enough.

Also clear the Ghost Guild auth-token cookie in postLogoutSuccessSource
so signing out of the wiki fully signs the user out rather than leaving
a stale ghostguild.org session behind.
2026-04-15 18:26:51 +01:00
..
activityLog.js feat: board post + channel API routes 2026-04-14 16:25:42 +01:00
adminAlerts.js feat(admin): add restore dismissed alerts flow 2026-04-08 12:22:35 +01:00
auth.js fix: use private helcimApiToken for all server-side Helcim API calls 2026-04-04 13:37:34 +01:00
checkSlackJoins.js feat(slack): add background job to detect Slack workspace joins 2026-04-09 22:32:48 +01:00
escapeHtml.js Implement OWASP ASVS L1 security remediation (Phases 0-2) 2026-03-01 12:53:18 +00:00
escapeRegex.js refactor: extract escapeRegex and validateTagSlugs server utils 2026-04-09 23:51:56 +01:00
helcim.js refactor(helcim): make helcimFetch body check consistent 2026-04-08 21:40:53 +01:00
memberNumber.js Huge bunch of UI/UX improvements and tweaks! 2026-04-06 16:17:12 +01:00
mongoose.js Enhance application structure: Add runtime configuration for environment variables, integrate new dependencies for Cloudinary and UI components, and refactor member management features including improved forms and member dashboard. Update styles and layout for better user experience. 2025-08-27 16:49:51 +01:00
oidc-mongodb-adapter.ts Add OIDC provider for Outline wiki SSO 2026-03-01 15:46:01 +00:00
oidc-provider.ts fix(auth): auto-submit OIDC logout form to eliminate xsrf desync 2026-04-15 18:26:51 +01:00
outline.js Member/Ecology revamp. 2026-04-14 09:25:09 +01:00
resend.js feat: wire welcome email for new member creation 2026-04-04 12:40:15 +01:00
schemas.js Updates 2026-04-15 17:45:09 +01:00
slack.ts feat(board): redesign classifieds + Slack channel creation 2026-04-14 20:20:17 +01:00
syncWikiArticles.js Member/Ecology revamp. 2026-04-14 09:25:09 +01:00
tickets.js Add landing page 2025-11-03 11:17:51 +00:00
validateBody.js Add Zod validation, fix mass assignment, remove test endpoints and dead code 2026-03-01 14:02:46 +00:00
validateTagSlugs.js refactor: extract escapeRegex and validateTagSlugs server utils 2026-04-09 23:51:56 +01:00