747 Commits

Author	SHA1	Message	Date
amaankm	01000f7022	feat: update parameter descriptions in Session API (#4140)	2025-09-02 16:31:06 +08:00
gongzhongqiang	8fa681f883	feat: add password change validation to ensure new password differs from current password (#4134)	2025-09-01 17:22:06 +08:00
DacongDA	3b16406442	feat: add signinMethod in JWT token (#4136)	2025-08-31 18:01:05 +08:00
DacongDA	f26f56e88b	feat: support auto signup with SAML (#4129)	2025-08-29 11:51:52 +08:00
DacongDA	a23033758f	feat: Add "Send Invitation Email" action to User Invitation flow (#4113)	2025-08-21 18:53:43 +08:00
kevin kwok	e533ff1ee1	feat: add support for casbin-dotnet-cli auto-download (#4110)	2025-08-20 18:38:00 +08:00
DacongDA	ad6080e763	feat: fix issue that signing up via provider in shared application will sign up to built-in app (#4093)	2025-08-17 22:32:47 +08:00
Attack825	b5c80513fb	feat: change username too when "username as email" switch is enabled in ResetEmailOrPhone API (#4081)	2025-08-14 21:03:45 +08:00
IsAurora6	49d734d249	feat: standardize Resource APIs by handling path prefix internally and returning clean paths (#4047)	2025-08-08 23:31:22 +08:00
iderr	76f322861a	feat: Refactor GetFilteredPolicies to support multiple filters via POST (#4037)	2025-08-04 19:51:25 +08:00
raiki02	462ecce43b	feat: check args in Enforce and BatchEnforce APIs (#4029)	2025-08-02 13:39:05 +08:00
raiki02	c1c2dcab38	feat: can disable signin within application and organization (#4012)	2025-07-30 21:07:35 +08:00
Robin Ye	f9264f700b	feat: add get-filtered-policies API, improve Swagger docs (#4006)	2025-07-29 23:51:01 +08:00
kevin kwok	8d1fdc3a08	feat: add support for casbin-python-cli auto-download (#4004)	2025-07-27 14:00:00 +08:00
DacongDA	fea6317430	feat: add back support for non-discoverable credential WebAuthn login and display WebAuthn ID again (#3998)	2025-07-25 18:34:37 +08:00
DacongDA	5f702ca418	feat: make enableErrorMask work for corner cases by moving checks from controller to Translate() (#3996)	2025-07-25 00:39:01 +08:00
Attack825	a92430e8fd	feat: fix auto sign-in flow on result page (#3983)	2025-07-22 20:19:45 +08:00
DacongDA	a120734bb1	feat: support links in email to reset password (#3939)	2025-07-12 00:18:56 +08:00
Attack825	2da597b26f	feat: add support for per-account MFA validity period in org setting to reduce repeated prompts (#3917)	2025-07-11 00:24:33 +08:00
raiki02	6598f0ccdf	feat: use token's client ID instead in IntrospectToken() API (#3948)	2025-07-09 22:07:44 +08:00
DacongDA	b42391c6ce	feat: move needUpdatePassword to response's Data3 field to avoid refresh token conflict (#3931)	2025-07-05 22:48:44 +08:00
Raiki	fb035a5353	feat: CredManager.GetHashedPassword() only contains one salt arg now (#3928)	2025-07-05 18:41:37 +08:00
Robin Ye	bf91ad6c97	feat: add Internet-Only captcha rule (#3919)	2025-07-03 02:39:06 +08:00
DacongDA	e2e3c1fbb8	feat: support Product.SuccessUrl (#3908)	2025-06-26 22:52:07 +08:00
XiangYe	b36fb50239	feat: fix check bug to allow logged-in users to buy product (#3897)	2025-06-25 10:49:20 +08:00
Attack825	ca224fdd4c	feat: add group xlsx upload button (#3885)	2025-06-17 23:43:38 +08:00
DacongDA	6dc7b4d533	feat: get-user API respects org's account item's view rules now (#3882)	2025-06-16 20:09:21 +08:00
DacongDA	8cc22dec91	feat: upgrade Alibaba cloud captcha provider from v1 to v2 (#3879)	2025-06-12 23:02:36 +08:00
千石	0c08ae5365	feat: Add support for email verification logic (#3875)	2025-06-11 19:17:16 +08:00
Yang Luo	c3485268d3	feat: fix "Display name cannot be empty" in /update-user API	2025-06-11 00:32:05 +08:00
DacongDA	4cb0cd7c5a	feat: add Organization.HasPrivilegeConsent to block add-user API for the "built-in" org (#3864)	2025-06-06 23:05:01 +08:00
DacongDA	c6a50349cc	feat: add missing backend i18n texts (#3863)	2025-06-06 00:03:04 +08:00
DacongDA	4e17dae2c2	feat: fix unable to remove user from group bug (#3847)	2025-05-28 22:29:40 +08:00
DacongDA	0ad4d82d9c	feat: fix GetGroups() API bug when parentGroup is in next page (#3843)	2025-05-28 18:31:52 +08:00
DacongDA	9190db1099	feat: fix bug that token endpoint doesn't return 400/401 when type is object.TokenError (#3808)	2025-05-20 10:39:55 +08:00
DacongDA	1173f75794	feat: return HTTP status 400 instead of 200 in GetOAuthToken() (#3807)	2025-05-20 01:05:43 +08:00
DacongDA	521f90a603	feat: fix access_token endpoint cannot read clientId in form when using device code flow (#3800)	2025-05-17 18:53:38 +08:00
DacongDA	f8f864c5b9	feat: add logged-in IDP provider info to access token (#3776)	2025-05-11 09:51:51 +08:00
DacongDA	383bf44391	feat: support OIDC device flow: "/api/device-auth" (#3757)	2025-04-30 23:42:26 +08:00
Gabriel Brecci	fc618b9bd5	feat: add validation for optional fields in IntrospectionToken for custom token types (#3717)	2025-04-09 22:27:19 +08:00
Gabriel Brecci	77ef5828dd	feat(introspection): return correct active status for expired or revoked tokens (#3716)	2025-04-09 02:00:30 +08:00
DacongDA	c11f013e04	feat: return "Active: false" for expired token in IntrospectToken() (#3714)	2025-04-08 23:20:44 +08:00
WindSpiritSR	952538916d	feat: check application existence in object.AddUser() (#3686)	2025-04-05 16:38:20 +08:00
Eng Zer Jun	18bb445e71	feat: update github.com/golang-jwt/jwt dependency to v5 (#3708)	2025-04-05 02:05:41 +08:00
DacongDA	cca88e2cb0	feat: fix bug that when email/sms mfa is not preferred, message will send to masked address (#3705)	2025-04-04 01:08:29 +08:00
DacongDA	b6f943e326	feat: support WebAuthn login without username and upgrade Go to 1.21 (#3695)	2025-04-01 16:35:59 +08:00
DacongDA	e55cd94298	feat: fix issue that user email is still unverified after signup (#3685)	2025-03-29 21:24:01 +08:00
WindSpiritSR	08f7a05e61	feat: fix MFA + LDAP bug in /check-user-password API (#3681)	2025-03-26 22:11:58 +08:00
DacongDA	141372cb86	feat: support face ID provider (#3666)	2025-03-19 22:57:35 +08:00
Anton Berezhnyi	3e7938e5f6	feat: don't panic when provider not found in Login() API (#3659)	2025-03-13 21:35:51 +08:00