Commit Graph

25 Commits

Author SHA1 Message Date
Lucas Smith 22ceff43e3 feat: admin-configurable email blocklist (#2884) 2026-05-29 01:12:55 +10:00
Lucas Smith 7e8da85bd8 feat: block disposable email signups (#2883)
Reject disposable / throwaway email providers (mailinator, yopmail,
10minutemail, ...) across all signup paths: email/password, Google,
Microsoft, personal OIDC and organisation OIDC. Backed by the
mailchecker package (offline, ~55k domains, subdomain-aware).

Exposes a SIGNUP_DISPOSABLE_EMAIL error code so the signup form and
SSO redirect alert can show a dedicated message instead of the
generic 'signup disabled' one.
2026-05-28 21:15:27 +09:00
David Nguyen 886c40a46b fix: add constraint on name schema (#2866) 2026-05-26 15:39:35 +10:00
Lucas Smith 0b86ece1d5 feat: add custom branding for signing pages (#2785)
Platform-plan organisations and teams can now customise non-embed
signing pages with six brand colour tokens, a border-radius, and
a free-text custom CSS block (up to 256 KB).

- Stored on OrganisationGlobalSettings / TeamGlobalSettings;
  teams inherit from the org via brandingEnabled === null.
- CSS is sanitised on save (PostCSS) so we can inline it at SSR
  with no per-render parsing.
- Rendered via a nonce'd <style> scoped under .documenso-branded,
  using native CSS nesting so user selectors don't need scoping.
- Gated on the existing embedSigningWhiteLabel claim (or
  self-hosted) — reuses the embed white-label decision.
2026-05-11 13:03:02 +10:00
Ephraim Duncan a197bf113f feat: add granular signup disable flags (#2765) 2026-05-09 01:16:13 +00:00
David Nguyen 8671f269e8 fix: lint project (#2693) 2026-05-08 16:04:22 +10:00
Catalin Pit ae497092d7 fix: security improvements (#2593) 2026-04-30 14:43:20 +10:00
Ephraim Duncan 66e357c9b3 feat: add email domain restriction for signups (#2266)
Co-authored-by: Lucas Smith <me@lucasjamessmith.me>
2026-03-14 16:32:34 +11:00
Ephraim Duncan 4a3859ec60 feat: signin with microsoft (#1998) 2025-10-22 12:05:11 +11:00
David Nguyen 9ac7b94d9a feat: add organisation sso portal (#1946)
Allow organisations to manage an SSO OIDC compliant portal. This method
is intended to streamline the onboarding process and paves the way to
allow organisations to manage their members in a more strict way.
2025-09-09 17:14:07 +10:00
Ephraim Duncan 400d2a2b1a feat: sign out of all sessions (#1797) 2025-06-11 17:57:38 +10:00
David Nguyen 1ed1cb0773 chore: refactor sessions 2025-02-16 00:44:01 +11:00
David Nguyen 180656978b feat: add themes 2025-02-14 17:50:23 +11:00
David Nguyen 92db4d68db fix: cleanup env variables 2025-02-13 20:56:44 +11:00
David Nguyen 383b5f78f0 feat: migrate nextjs to rr7 2025-02-13 14:10:38 +11:00
David Nguyen 161d40cde7 fix: secure passkey cookies (#1533) 2024-12-12 01:16:29 +09:00
Rene Steen 5582f29bda feat: make oidc sign in button text configurable (#1209)
Adds a configurable label for the OIDC connection's button.
2024-07-31 22:22:52 +10:00
Matt Kilgore e0440fd8a2 feat: add oidc support 2024-04-13 20:46:08 -04:00
David Nguyen 5210fe2963 feat: add passkeys (#989)
## Description

Add support to login with passkeys.

Passkeys can be added via the user security settings page.

Note: Currently left out adding the type of authentication method for
the 'user security audit logs' because we're using the `signIn`
next-auth event which doesn't appear to provide the context. Will look
into it at another time.

## Changes Made

- Add passkeys to login
- Add passkeys feature flag
- Add page to manage passkeys
- Add audit logs relating to passkeys
- Updated prisma schema to support passkeys & anonymous verification
tokens

## Testing Performed

To be done.

MacOS:
- Safari  
- Chrome  
- Firefox 

Windows:
- Chrome [Untested] 
- Firefox [Untested]

Linux:
- Chrome [Untested]
- Firefox [Untested]

iOS:
- Safari 

## Checklist

<!--- Please check the boxes that apply to this pull request. -->
<!--- You can add or remove items as needed. -->

- [X] I have tested these changes locally and they work as expected.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Introduced Passkey authentication, including creation, sign-in, and
management of passkeys.
- Added a Passkeys section in Security Settings for managing user
passkeys.
- Implemented UI updates for Passkey authentication, including a new
dialog for creating passkeys and a data table for managing them.
- Enhanced security settings with server-side feature flags to
conditionally display new security features.
- **Bug Fixes**
	- Improved UI consistency in the Settings Security Activity Page.
- Updated button styling in the 2FA Recovery Codes component for better
visibility.
- **Refactor**
- Streamlined authentication options to include WebAuthn credentials
provider.
- **Chores**
- Updated database schema to support passkeys and related functionality.
	- Added new audit log types for passkey-related activities.
- Enhanced server-only authentication utilities for passkey registration
and management.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-03-26 21:11:59 +08:00
David Nguyen ada46a5f47 feat: add auth fail logs 2024-01-31 12:27:40 +11:00
David Nguyen 9427143951 fix: remove account create log 2024-01-30 18:26:46 +11:00
David Nguyen 7e15058a3a feat: add user security audit logs 2024-01-30 17:32:20 +11:00
Anik Dhabal Babu 61967b22c1 fix: visibility of security fields using identityprovider (#709)
fixes #690
2024-01-24 11:34:30 +11:00
Anurag Sharma 6aed075c56 fix: add conditional rendering of OAuth providers (#736)
Now google OAuth provider is not rendered if client id is not provided
2024-01-23 17:08:48 +11:00
Mythie 159bcade7b wip: refresh design 2023-11-06 13:01:06 +11:00