* Improve password reset to preserve encrypted data during active sessions
Enhances password reset logic to preserve encrypted user data when the user is logged in and has an active session. Introduces a fallback mechanism to create a new data encryption key (DEK) if preservation fails, ensuring user data integrity.
Adds a dedicated method for preserving the DEK during password reset and updates related session management. Includes improved logging for better tracking of password reset operations and potential data loss scenarios.
Fixes inefficiencies in password change and reset workflows by persisting encryption key changes promptly and cleaning up sensitive data from memory.
* fix(auth): preserve user credentials during password change/reset
- Maintain session during password change to prevent credential loss
- Add intelligent password reset that preserves data when logged in
- Improve Buffer handling and session cleanup
- Remove dead code that could fail for OIDC users
The DEK is now properly maintained in session memory when password
changes, preventing apparent data loss. Password reset intelligently
detects active sessions and preserves credentials when possible.
* Removes redundant comments to improve code readability
Corrects the property name for key-based authentication from `key_password` to `keyPassword` to ensure consistency with the expected data structure. This resolves potential issues with mismatched property names during SSH host configuration.
* Refactor key_password to keyPassword for consistency across SSH routes
* Standardizes keyPassword field handling and simplifies auth field logic
Standardizes the handling of the `keyPassword` field by converting
`key_password` to camelCase and ensuring consistent output while
preserving resolved credentials. Removes redundant snake_case
fields to avoid duplication.
Simplifies UI handling of authentication fields by allowing
non-relevant fields to persist, delegating filtering logic to the
backend for cleaner and more maintainable code.
Improves code clarity and aligns with consistent data handling
practices.
* Cleanup code + resolve conversion logic
---------
Co-authored-by: LukeGus <bugattiguy527@gmail.com>
* v1.7.2 (#364)
* Feature request: Add delete confirmation dialog to file manager (#344)
* Feature request: Add delete confirmation dialog to file manager
- Added confirmation dialog before deleting files/folders
- Users must confirm deletion with a warning message
- Works for both Delete key and right-click delete
- Shows different messages for single file, folder, or multiple items
- Includes permanent deletion warning
- Follows existing design patterns using confirmWithToast
* Adds confirmation for deletion of items including folders
Updates the file deletion confirmation logic to distinguish between
deleting multiple items with or without folders. Introduces a new
translation string for a clearer user prompt when folders and their
contents are included in the deletion.
Improves clarity and reduces user error when performing bulk deletions.
* feat: Add Chinese translations for delete confirmation messages
* Adds camelCase support for encrypted field mappings (#342)
Extends encrypted field mappings to include camelCase variants
to support consistency and compatibility with different naming
conventions. Updates reverse mappings for Drizzle ORM to allow
conversion between camelCase and snake_case field names.
Improves integration with systems using mixed naming styles.
* Run code cleanup, add sidebar persistence, fix OIDC credentials, force SSH password.
* Fix snake case mismatching
* Add real client IP
* Fix OIDC credential persistence issue
The issue was that OIDC users were getting a new random Data Encryption Key (DEK)
on every login, which made previously encrypted credentials inaccessible.
Changes:
- Modified setupOIDCUserEncryption() to persist the DEK encrypted with a system-derived key
- Updated authenticateOIDCUser() to properly retrieve and use the persisted DEK
- Ensured OIDC users now have the same encryption persistence as password-based users
This fix ensures that credentials created by OIDC users remain accessible across
multiple login sessions.
* Fix race condition and remove redundant kekSalt for OIDC users
Critical fixes:
1. Race Condition Mitigation:
- Added read-after-write verification in setupOIDCUserEncryption()
- Ensures session uses the DEK that's actually in the database
- Prevents data loss when concurrent logins occur for new OIDC users
- If race is detected, discards generated DEK and uses stored one
2. Remove Redundant kekSalt Logic:
- Removed unnecessary kekSalt generation and checks for OIDC users
- kekSalt is not used in OIDC key derivation (uses userId as salt)
- Reduces database operations from 4 to 2 per authentication
- Simplifies code and removes potential confusion
3. Improved Error Handling:
- systemKey cleanup moved to finally block
- Ensures sensitive key material is always cleared from memory
These changes ensure data consistency and prevent potential data loss
in high-concurrency scenarios.
* Cleanup OIDC pr and run prettier
---------
Co-authored-by: Ved Prakash <54140516+thorved@users.noreply.github.com>
* Fix typos and improve wording in README.md
Corrected grammar and punctuation in README.
* Image 7.png
* Rename 3gi3b3os5psf1.png to Image 7.png
* Add video demonstration to README
Added a video demonstration to the README.
* Delete repo-images/Image 7.png
* Add files via upload
* Delete repo-images/Image 7.png
* Add files via upload
* Initial German translation
* German translation (#281)
* German translation (#281)
* Implementation of German language support (#281)
* Update src/locales/de/translation.json
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update src/locales/de/translation.json
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update src/locales/de/translation.json
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update src/locales/de/translation.json
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update src/locales/de/translation.json
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Update src/locales/de/translation.json
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
---------
Co-authored-by: Karmaa <88517757+LukeGus@users.noreply.github.com>
Co-authored-by: Ved Prakash <54140516+thorved@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Critical fixes:
1. Race Condition Mitigation:
- Added read-after-write verification in setupOIDCUserEncryption()
- Ensures session uses the DEK that's actually in the database
- Prevents data loss when concurrent logins occur for new OIDC users
- If race is detected, discards generated DEK and uses stored one
2. Remove Redundant kekSalt Logic:
- Removed unnecessary kekSalt generation and checks for OIDC users
- kekSalt is not used in OIDC key derivation (uses userId as salt)
- Reduces database operations from 4 to 2 per authentication
- Simplifies code and removes potential confusion
3. Improved Error Handling:
- systemKey cleanup moved to finally block
- Ensures sensitive key material is always cleared from memory
These changes ensure data consistency and prevent potential data loss
in high-concurrency scenarios.
The issue was that OIDC users were getting a new random Data Encryption Key (DEK)
on every login, which made previously encrypted credentials inaccessible.
Changes:
- Modified setupOIDCUserEncryption() to persist the DEK encrypted with a system-derived key
- Updated authenticateOIDCUser() to properly retrieve and use the persisted DEK
- Ensured OIDC users now have the same encryption persistence as password-based users
This fix ensures that credentials created by OIDC users remain accessible across
multiple login sessions.
Extends encrypted field mappings to include camelCase variants
to support consistency and compatibility with different naming
conventions. Updates reverse mappings for Drizzle ORM to allow
conversion between camelCase and snake_case field names.
Improves integration with systems using mixed naming styles.
* Feature request: Add delete confirmation dialog to file manager
- Added confirmation dialog before deleting files/folders
- Users must confirm deletion with a warning message
- Works for both Delete key and right-click delete
- Shows different messages for single file, folder, or multiple items
- Includes permanent deletion warning
- Follows existing design patterns using confirmWithToast
* Adds confirmation for deletion of items including folders
Updates the file deletion confirmation logic to distinguish between
deleting multiple items with or without folders. Introduces a new
translation string for a clearer user prompt when folders and their
contents are included in the deletion.
Improves clarity and reduces user error when performing bulk deletions.
* feat: Add Chinese translations for delete confirmation messages
