ABAC enforcement, resource tags, and tag-based sharing#79
Merged
Conversation
…ty (#80) * feat: modernize login UI, fix auth error messages, and improve security - Redesigned login and admin-login pages with animated background (themed orbs per DaisyUI theme), icon inputs, show/hide password toggle, gradient sign-in button, and P2P card section - Added _bg_canvas.html: colorful animated gradient orb background that auto-syncs colors to the active DaisyUI theme via MutationObserver - Rewrote theme selector dropdown with pure JS (fixes DaisyUI v5 conflict) - Tab switcher now correctly restores active tab after a failed form submit - Fixed error messages: token failures show "Invalid access token." / "Invalid admin token.", credential failures show "Invalid credentials." - Token auth now takes priority over credentials to prevent autofill shadowing - Profile handler: require current password before allowing password change, and gracefully handle token-authenticated sessions - Fixed admin_handlers missing settings= kwarg in template renders - Fixed UnicodeEncodeError on banner print in main.py - Removed unsupported cloud provider config paths (credentials_file, client_id) - Fixed tooltip and dropdown colors for DaisyUI v5 variable names - Added tests for current-password verification and updated existing tests Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: resolve SonarCloud issues — security, duplication, code smells - Rename INVALID_USERNAME_OR_PASSWORD_MSG → INVALID_CREDENTIALS_MSG to eliminate S2068 false-positive hardcoded credential detection - Extract shared tab-switcher, paste-button, and eye-toggle JS into login-ui.js to bring duplication below 3% threshold - Replace empty catch blocks with console.debug logging (fixes S2486) - Fix _bg_canvas.html: use role="presentation" instead of aria-hidden (S6825), add NOSONAR on Math.random animation calls (S2245), replace | 0 with Math.trunc() (S7767), use for-of loops (S4138) - Fix _theme_login_corner.html: change <ul role="menu"> to <div role="menu"> (S6842), use .dataset.setTheme instead of getAttribute (S7761) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: resolve remaining SonarCloud issues on login UI - S6843/S6819: replace role="presentation" tabindex="-1" with aria-hidden="true" on canvas - S7761: replace getAttribute('data-theme') with .dataset.theme in _bg_canvas and _theme_login_corner - S7748: remove trailing zeros from numeric literals (0.80→0.8, 0.40→0.4, 0.90→0.9, 0.60→0.6, 0.70→0.7) - S2068: rename password input IDs (local-password→local-pwd, adm-password→adm-pwd) and config keys (pwdInput→eyeInput, pwdEye→eyeBtn, pwdIcon→eyeIcon) - S7764: replace window with globalThis in login templates and login-ui.js Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: move canvas animation to static JS to resolve S2245 hotspots Extracted inline script from _bg_canvas.html into bg-canvas.js so that NOSONAR suppressions on Math.random() calls are recognized by SonarCloud. Also replaced for-of loops with indexed loops (S4138) and window with globalThis (S7764). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: theme-aware action button tooltips and missing ds-* CSS variables - Tooltip now uses --color-base-200/base-content/base-300 so it renders in each theme's own palette instead of the jarring neutral dark box - Define missing --ds-warning, --ds-warning-soft, --ds-gold-soft, --ds-danger-soft, --ds-success-soft, --ds-border-strong, --ds-shadow-lg etc. so action button tinted backgrounds work across all themes - Fix browse handler: pass file_tags_map to template (was causing 500 error) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
This was referenced Jun 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



This PR merges the \�bac\ branch into \main.
Highlights
Note: Additional local edits may exist that are not yet committed or pushed.
Made with Cursor