loreal-global-kickoff

Oliver/loreal-global-kickoff

Fork 0

Commit graph

Author	SHA1	Message	Date
Vadym Samoilenko	9036bafc0d	Log every user login to Activity Logs Track all logins (not just first) via ApplicationLogger user_login action. Add User Login filter option to logs-viewer. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 20:54:07 +00:00
Vadym Samoilenko	0280b94154	Fix MSAL redirect_uri to match Azure AD registered URI Change redirect_uri to app root (without /auth.php) to match what's registered in Azure portal. Use relative URLs for auth fetch and reload on success instead of computed absolute paths. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 20:39:12 +00:00
Vadym Samoilenko	53e9365c01	Add Azure AD SSO, RBAC (admin/user roles), and server-setup improvements - Enable SSO with Azure AD credentials (tenant + client ID + redirect_uri) - Add JWTValidator.php: RS256 idToken validation via Azure JWKS with 1h cache - Add auth.php: POST login handler sets auth cookie, GET logout clears it - Add UserRoleManager.php: file-based role CRUD in data/user_roles.json - Add admin.php: admin-only role management panel - AuthMiddleware: add requireAdmin(), role in user array, fix MSAL redirect - header.php: hide Activity Logs + Admin Panel tabs for non-admin users - logs-viewer.php: protect with requireAdmin() instead of requireAuth() - server-setup.sh: add composer check, data/ dir, PHP extension checks, SSO validation - .gitignore: add data/ directory Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-02 20:34:50 +00:00

Author

SHA1

Message

Date

Vadym Samoilenko

9036bafc0d

Log every user login to Activity Logs

Track all logins (not just first) via ApplicationLogger user_login action.
Add User Login filter option to logs-viewer.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-02 20:54:07 +00:00

Vadym Samoilenko

0280b94154

Fix MSAL redirect_uri to match Azure AD registered URI

Change redirect_uri to app root (without /auth.php) to match what's
registered in Azure portal. Use relative URLs for auth fetch and reload
on success instead of computed absolute paths.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-02 20:39:12 +00:00

Vadym Samoilenko

53e9365c01

Add Azure AD SSO, RBAC (admin/user roles), and server-setup improvements

- Enable SSO with Azure AD credentials (tenant + client ID + redirect_uri)
- Add JWTValidator.php: RS256 idToken validation via Azure JWKS with 1h cache
- Add auth.php: POST login handler sets auth cookie, GET logout clears it
- Add UserRoleManager.php: file-based role CRUD in data/user_roles.json
- Add admin.php: admin-only role management panel
- AuthMiddleware: add requireAdmin(), role in user array, fix MSAL redirect
- header.php: hide Activity Logs + Admin Panel tabs for non-admin users
- logs-viewer.php: protect with requireAdmin() instead of requireAuth()
- server-setup.sh: add composer check, data/ dir, PHP extension checks, SSO validation
- .gitignore: add data/ directory

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-02 20:34:50 +00:00

3 commits