Skip to content

PGP login, sessions management, dashboard stabilization, CopyButton unification + SMTP registration fix#14

Merged
TymekV merged 10 commits into
aginrocks:masterfrom
PawiX25:master
Apr 7, 2026
Merged

PGP login, sessions management, dashboard stabilization, CopyButton unification + SMTP registration fix#14
TymekV merged 10 commits into
aginrocks:masterfrom
PawiX25:master

Conversation

@PawiX25

@PawiX25 PawiX25 commented Apr 7, 2026

Copy link
Copy Markdown
Contributor

Summary

Security

  • Harden recovery code login — prevent replay of used codes via $elemMatch, fix wrong factor type

Features

  • PGP login screen — full challenge/sign/verify flow
  • Sessions management — dashboard sessions UI + backend session listing/revoke with public IDs + Redis-backed tracking

Fixes

  • Stabilize security dashboard — preserve modal contents during close animations across all factor flows, add optimistic cache updates, relax authenticated rate limiting
  • Match skeleton heights to real content — UI polish for dashboard loading states
  • Allow registration when SMTP is not configured — auto-confirm email instead of blocking registration

Refactors

  • Extract components, use useClipboard, move utils — split PGP into sub-components, move shared utils to lib/utils.ts, extract SessionsSkeleton, move extract_client_ip to auth-core
  • Unify CopyButton into shared component — single components/copy-button.tsx using useClipboard from @mantine/hooks with optional compact prop, remove duplicate, remove TOTP 'Verifying' layout shift

PawiX25 added 8 commits April 7, 2026 14:38
- add the dashboard sessions screen and shared dashboard navigation
- add backend session listing and revoke endpoints with public session IDs
- persist and validate session state through Redis-backed tracking
- keep profile, sessions, and security factor UI in sync after successful actions
- preserve modal contents until close animations finish across password, TOTP, passkey, PGP, and recovery codes flows
- relax authenticated dashboard rate limiting and improve dashboard error messaging
- Extract SessionsSkeleton and update DashboardSkeleton (3 sections)
- Replace useState clipboard pattern with useClipboard from @mantine/hooks
- Split pgp.tsx into step components (challenge, quick-sign, signature)
- Move parseUserAgent and timeAgo to lib/utils.ts
- Move extract_client_ip to auth-core crate
- Create components/copy-button.tsx with useClipboard from @mantine/hooks
- Remove duplicate PGP-specific copy-button.tsx
- Re-export from dashboard helpers.tsx
- Add compact prop for smaller variant (used in both PGP and dashboard)
- Remove 'Verifying...' text from TOTP dialog to prevent layout shift
Comment thread apps/frontend/app/(loginform)/login/pgp.tsx Outdated
Comment thread apps/frontend/app/dashboard/components/totp-row.tsx
Comment thread apps/frontend/app/dashboard/sessions/page.tsx Outdated
Comment thread auth-core/src/util.rs Outdated
Comment thread server/src/routes/api/settings/sessions.rs Outdated
Comment thread server/src/routes/api/settings/sessions.rs Outdated
Comment thread server/src/state.rs Outdated
…on components, fix Rust types

- Convert PGP challenge fetching from useMutation to useQuery
- Extract TotpSetupDialog and TotpDisableDialog into separate components
- Extract SessionCard into a separate component
- Remove extract_client_ip from auth-core, use axum_client_ip in server
- Add IntoParams derive to DeleteSessionPath, use params(DeleteSessionPath) in utoipa macro
- Add fred as a direct dependency, import Pool from fred directly in state.rs
Comment thread server/src/middlewares/require_auth.rs Outdated

let db = state.database.clone();
let sid = session_id.to_string();
let uid = user_id;

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unneeded

Comment thread server/src/middlewares/require_auth.rs Outdated
@TymekV TymekV merged commit f9d809a into aginrocks:master Apr 7, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants