phil/Gondulf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ea2afcaa47853180f692a8b995b1fa068faf65c
Gondulf/src/gondulf/templates/authorize.html
Phil Skentelbery 9135edfe84 fix(auth): require email authentication every login 
CRITICAL SECURITY FIX:
- Email code required EVERY login (authentication, not verification)
- DNS TXT check cached separately (domain verification)
- New auth_sessions table for per-login state
- Codes hashed with SHA-256, constant-time comparison
- Max 3 attempts, 10-minute session expiry
- OAuth params stored server-side (security improvement)

New files:
- services/auth_session.py
- migrations 004, 005
- ADR-010: domain verification vs user authentication

312 tests passing, 86.21% coverage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-22 15:16:26 -07:00

42 lines
1.3 KiB
HTML
Raw Blame History

{% extends "base.html" %}
{% block title %}Authorization Request - Gondulf{% endblock %}
{% block content %}
<h1>Authorization Request</h1>
{% if client_metadata %}
<div class="client-metadata">
{% if client_metadata.logo %}
<img src="{{ client_metadata.logo }}" alt="{{ client_metadata.name or 'Client' }} logo" class="client-logo" style="max-width: 64px; max-height: 64px;">
{% endif %}
<h2>{{ client_metadata.name or client_id }}</h2>
{% if client_metadata.url %}
<p><a href="{{ client_metadata.url }}" target="_blank">{{ client_metadata.url }}</a></p>
{% endif %}
</div>
<p>The application <strong>{{ client_metadata.name or client_id }}</strong> wants to authenticate you.</p>
{% else %}
<div class="client-info">
<h2>{{ client_id }}</h2>
</div>
<p>The application <strong>{{ client_id }}</strong> wants to authenticate you.</p>
{% endif %}
{% if scope %}
<p>Requested permissions: <code>{{ scope }}</code></p>
{% endif %}
<p>You will be identified as: <strong>{{ me }}</strong></p>
{% if error %}
<p class="error">{{ error }}</p>
{% endif %}
<form method="POST" action="/authorize/consent">
<!-- Session ID contains all authorization state and proves authentication -->
<input type="hidden" name="session_id" value="{{ session_id }}">
<button type="submit">Authorize</button>
</form>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink