Feat/forward auth sso#4555
Merged
Merged
Conversation
The empty-records branch of `main()` returned without calling `process.exit(0)`, leaving the Drizzle Postgres connection pool holding the event loop open. The `migrate-auth-secret` process then hangs indefinitely after printing "No 2FA records found, nothing to migrate." causing the upstream `0.29.3.sh` security migration script (which calls this via `docker exec`) to never reach its final `docker service update` step that mounts the new Docker Secret. Operators end up with the new secret created but the dokploy service still configured with the hardcoded `BETTER_AUTH_SECRET`, while believing the migration completed. Match the success branch a few lines below which already does `process.exit(0)`, and the pattern used in sibling scripts `reset-password.ts` and `reset-2fa.ts`. Closes #4392
…t-on-empty fix(migrate-auth-secret): exit cleanly when there are no 2FA records
Adds an "Import" option to the Create Service dropdown that lets users paste a base64-encoded compose export, preview the template (compose YAML, domains, envs, mounts) before confirming, and create the service only on confirm. Adds a `previewTemplate` tRPC procedure that processes the base64 without touching the DB, with server access validation via session.
feat(compose): add import from base64 in create service dropdown
- Updated the GitHub Actions workflow to sync versioning across MCP, CLI, and SDK repositories. - Added steps to bump the version in the SDK repository and regenerate tools from the latest OpenAPI spec. - Improved commit message formatting to include source and release information for all repositories. - Ensured successful synchronization messages for each repository after the version update.
- Introduced a new `readLogs` procedure that allows users to retrieve logs for a specific deployment by providing the deployment ID and an optional tail parameter. - Implemented permission checks to ensure users have access to the requested logs. - Enhanced log retrieval for both cloud and non-cloud environments, utilizing appropriate commands based on the server context. Resolve Dokploy/mcp#14
- Implemented server access validation in deployment procedures to ensure users can only access deployments associated with their active organization. - Added checks to throw an UNAUTHORIZED error if a user attempts to access a deployment linked to a server outside their organization. This enhancement improves security and access control within the deployment management system.
- Added validation to prevent users from being invited with the owner role in the organization and user routers. - Implemented TRPCError responses to ensure proper error handling when attempting to assign the owner role. This change enhances role management and security within the organization structure. https://github.com/Dokploy/dokploy/security/advisories/GHSA-fm9p-wmpw-gxjh
- Added functionality to delete old sessions when a user updates their password, ensuring that only the current session remains active. - This change enhances security by preventing unauthorized access from previous sessions after a password change. Close here https://github.com/Dokploy/dokploy/security/advisories/GHSA-rr9m-w87g-46f3
* fix: copy Dokploy server IP when clicking server badge When a service runs on the local Dokploy server (no remote server), clicking the server badge did nothing because `data.server` is null. Now falls back to the server IP from settings so the badge always copies an IP address. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat(copy-ip): implement IP address copying functionality across database service components - Added the ability to copy the server IP address to the clipboard when clicking the server badge in various database service components (Libsql, MariaDB, MongoDB, MySQL, PostgreSQL, Redis). - Integrated the `copy-to-clipboard` library and `sonner` for user feedback upon successful copy action. - Ensured fallback to the server IP from settings when the service data is not available, enhancing user experience and functionality. --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
Signed-off-by: Nahidujjaman Hridoy <hridoyboss12@gmail.com>
…of register, and build for extra. (#4382)
… routes (#4468) * fix: allow square brackets in zip drop path validation for Next.js dynamic routes ZIP uploads containing Next.js dynamic route files (e.g. app/api/[id]/route.ts, pages/[slug].tsx) were rejected by readValidDirectory because the path regex did not include square bracket characters. * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
…es (#4470) shouldDeploy passed undefined/null entries from commit.modified straight into micromatch, which throws "Expected input to be a string" and fails every webhook deployment when watch paths are configured. Filter out non-string values before matching.
…t accidental submission (#4422) Co-authored-by: Maks Pikov <mixelburg@users.noreply.github.com>
Upgraded next dependency in apps/dokploy to 16.2.6 exactly. Verified typescript typecheck passes successfully.
…nforce-sso) (#4511) * feat: add self-hosted enterprise restrictions (remote-servers-only, enforce-sso) - Add `remoteServersOnly` field to webServerSettings: prevents creating services on the local Dokploy VM, forcing all deployments to remote servers. Validated in all 8 service routers (application, compose, postgres, mysql, mongo, redis, mariadb, libsql). - Add `enforceSSO` field to webServerSettings: hides the email/password login form and shows only the SSO button on the login page. - Both settings are enterprise-only (enterpriseProcedure) and self-hosted-only (blocked at the API level when IS_CLOUD=true). - UI toggles added to the SSO settings page under a new "Self-hosted Restrictions" card (hidden in cloud). Login page reads enforceSSO from getServerSideProps to avoid client-side flash. - Migrations: 0167_fresh_goliath.sql, 0168_long_justice.sql * fix: add missing final newlines to migration files * refactor: improve code formatting for better readability in multiple components - Adjusted formatting in `add-application.tsx`, `add-compose.tsx`, and `add-database.tsx` to enhance readability by adding line breaks and consistent indentation. - Updated `toggle-enforce-sso.tsx` to simplify the Switch component's props. - Reformatted imports in `index.tsx` and `sso.tsx` for consistency. - Cleaned up conditional statements in various router files for improved clarity. * fix: add enforceSSO to test mock
…eys is enabled for members (#4512)
On settings/servers, a long server name in the card title (h3) did not wrap and overflowed its container, overlapping nearby content and squeezing the three-dots actions menu until it disappeared. Allow the title block to shrink and wrap (min-w-0 + break-words), keep the server icon and the actions trigger from being crushed (shrink-0), and add gap between the title and the actions button.
… docker config (#4485) The compose/stack deploy command runs under `env -i PATH="$PATH"`, which clears the environment except for PATH. That strips HOME, so when the generated command is `docker stack deploy --prune --with-registry-auth` the docker CLI cannot resolve `~/.docker/config.json` (e.g. `/root/.docker/config.json`) and ships no registry credentials to the swarm. Private-registry images then fail to pull on the nodes: image registry.example.com/... could not be accessed on a registry to record its digest. Each node will access ... independently while the deploy still logs "Docker Compose Deployed: ✅". Keep PATH isolation but preserve HOME so docker can read its config for both `stack deploy --with-registry-auth` and `compose up -d --build`. Add a regression test asserting the generated command preserves `HOME="$HOME"` for both stack and docker-compose deploys. Fixes #4401 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…4526) * fix: scope dokploy-server schedules to organization instead of user Replaces userId with organizationId on the schedule table so that global (dokploy-server) schedules are shared across all owners and admins of the same organization, while remaining isolated between different organizations. Includes a data migration that backfills organizationId from the owner membership record for any existing dokploy-server schedules. Closes #4300 * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
- Added a new `forward_auth_settings` table to manage authentication domains and their configurations. - Introduced UI components for handling forward authentication, including enabling/disabling SSO for domains and selecting SSO providers. - Updated existing tests to include validation for the new `forwardAuthProviderId` field in domain configurations. - Enhanced the dashboard to integrate forward authentication management, allowing users to configure SSO settings directly from the application interface. This update improves the flexibility and security of application authentication by allowing integration with various identity providers.
- Removed the selection of SSO providers from the UI, streamlining the process to enable/disable SSO for domains. - Updated the API to eliminate the need for a provider ID when enabling forward authentication, relying on the configured settings instead. - Enhanced user feedback by updating toast messages to reflect the current state of SSO authentication. - Improved the UI layout for better clarity on SSO status and actions. This refactor enhances the user experience by simplifying the SSO configuration process and ensuring clearer communication of actions taken.
dosubot
Bot
added
size:XL
- Added the `VALID_BRANCH_REGEX` import to all Git provider components to ensure consistent branch validation. - Removed duplicate imports of `VALID_BRANCH_REGEX` to streamline the code and improve readability. This change enhances maintainability by centralizing branch validation logic across the application.
- Deleted several SQL migration files related to the `webServerSettings` and `schedule` tables, which included adding and dropping columns and constraints. - Removed snapshots corresponding to the deleted migrations to maintain consistency in the database schema history. This cleanup enhances the maintainability of the migration history by removing outdated and unused files.
dosubot
Bot
added
size:XXL
… tests - Replaced `forwardAuthProviderId` with `forwardAuthEnabled` in the domain schema to simplify the configuration of forward authentication. - Updated related tests to reflect this change, ensuring consistency across the application. - Introduced a new SQL migration to create the `forward_auth_settings` table for managing authentication domains and their configurations. This refactor enhances the clarity and maintainability of the forward authentication logic within the application.
Deleted the `.github/workflows/pr-quality.yml` file, which contained the configuration for the PR Quality workflow. This removal streamlines the repository by eliminating unused workflow files.
- Updated the alert block in the HandleForwardAuth component to provide clearer requirements for deploying the authentication proxy. - Added a DnsHelperModal to assist with DNS configuration in the ForwardAuthServers component. - Refined API input schemas for forward authentication operations to improve type safety and clarity. - Removed the obsolete forward-auth SSO design document to streamline documentation. These changes improve the user experience and maintainability of the forward authentication feature across the application.
…ints - Introduced a new SQL migration file `0171_lucky_echo.sql` to modify the foreign key constraint on the `sso_provider` table, changing the `ON DELETE` behavior from `cascade` to `set null`. - Updated the journal to include the new migration version and its associated tag. - Added a snapshot file for version 7 of the database schema, reflecting the current state of the `sso_provider` and other related tables. These changes enhance the integrity of the database by ensuring that user references are set to null instead of being deleted when the referenced user is removed.
- Enhanced the `apiReadTraefikConfig` schema by reintroducing path validation logic to prevent directory traversal attacks and unauthorized access. - The validation now includes checks for null bytes and ensures paths start with a defined main Traefik path, improving security and robustness. These changes strengthen the integrity of the configuration handling by ensuring only valid paths are accepted.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is this PR about?
Implement auth SSO for applications for OIDC enterprise
Checklist
Before submitting this PR, please make sure that:
canarybranch.Issues related (if applicable)
closes #123
Screenshots (if applicable)