Feat(Chore): Verify Flow, Invites, Suspend, Depart Cert Policy

feat: add password reset and email verification flow feat: add org invite listing, cancellation, and invite link fallback feat: add user suspend/unsuspend with audit logging feat: add department certificate policy (expiry, extensions) feat: enforce dept cert policy on SSH certificate signing feat: wire up OIDC consent and token flow (replace mocks) feat: rework CLI auth bridge to use frontend login flow feat: add admin OAuth provider management (CRUD) chore: refactor model import paths after module reorganisation chore: clean up config, decorators, and dev tooling
2026-03-01 16:50:27 +05:45
parent 07193a2d2e
commit a0d4e59c24
39 changed files with 2035 additions and 611 deletions
@@ -1,5 +1,6 @@
 """Security headers middleware."""
-from flask import request
+import os
+from flask import current_app, request


 class SecurityHeadersMiddleware:
@@ -34,13 +35,22 @@ class SecurityHeadersMiddleware:
            )

        # Content Security Policy
+        try:
+            flask_env = current_app.config.get("ENV") or os.environ.get("FLASK_ENV", "production")
+            if flask_env == "development":
+                connect_src = "connect-src 'self' http://localhost:5000 http://127.0.0.1:5000"
+            else:
+                connect_src = "connect-src 'self'"
+        except RuntimeError:
+            connect_src = "connect-src 'self'"
+
        response.headers["Content-Security-Policy"] = (
            "default-src 'self'; "
            "script-src 'self' 'unsafe-inline'; "
            "style-src 'self' 'unsafe-inline'; "
            "img-src 'self' data: https:; "
            "font-src 'self' data:; "
-            "connect-src 'self'"
+            + connect_src
        )

        # Referrer Policy