rommapp/romm
1
0
Fork 0
mirror of https://github.com/rommapp/romm.git synced 2026-02-18 00:27:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,704 Commits 29 Branches 168 Tags
master
Commit Graph

97 Commits

Author SHA1 Message Date
nendo
36eec298d1 Add device-based save synchronization 
Implement device registration and save sync tracking to enable
multi-device save management with conflict detection.

- Device CRUD endpoints (POST/GET/PUT/DELETE /api/devices)
- Save sync state tracking per device
- Conflict detection on upload (409 when device has stale sync)
- Download sync tracking (optimistic and confirmed modes)
- Track/untrack saves per device
- DEVICES_READ/WRITE scopes for authorization
 2026-01-18 16:50:44 +09:00
Georges-Antoine Assi
baddeea972 type ignore 2025-12-08 12:58:01 -05:00
Georges-Antoine Assi
85bf51d088 raise error is prefered username is none 2025-12-08 12:57:20 -05:00
Georges-Antoine Assi
50ddb42c25 [ROMM-2748] Add OIDC_USERNAME_ATTRIBUTE 2025-12-08 10:27:15 -05:00
Georges-Antoine Assi
f2774b9395 Merge pull request #2716 from rommapp/redis-backed-sessions 
Add redis-backed session middleware
 2025-11-22 18:40:43 -05:00
Georges-Antoine Assi
ac43b0aa94 changes from bot review 2025-11-22 11:22:45 -05:00
Georges-Antoine Assi
615e3132e4 changes from bot review 2025-11-22 10:55:14 -05:00
Georges-Antoine Assi
27e02fa2a2 consume the token as soon as its read 2025-11-22 10:51:41 -05:00
Georges-Antoine Assi
ec6bb24662 Add new redis-backed session middleware 2025-11-22 10:47:59 -05:00
Georges-Antoine Assi
4f6442a6ad catch typeerror in csrf token and return false 2025-11-18 16:56:10 -05:00
Georges-Antoine Assi
156d31b62a Fix CSRF failure on first admin signup 2025-11-18 14:04:47 -05:00
Georges-Antoine Assi
91ad9f7b7f fix trunk check issues 2025-11-18 10:12:58 -05:00
Georges-Antoine Assi
ee39fe1aba changes from bot review 2025-11-18 10:09:00 -05:00
Georges-Antoine Assi
d1824bf894 manually fix tests 2025-11-18 00:00:49 -05:00
Georges-Antoine Assi
6a1a344ba2 add tests for middlewares 2025-11-17 23:40:00 -05:00
Georges-Antoine Assi
551ff72a8a implement csrf middleware directly in repo 2025-11-17 21:12:29 -05:00
Tarow
cb2015fc4d fix: type error when role claim is null 2025-10-19 11:49:31 +02:00
Georges-Antoine Assi
154df816cf only set algos on decode calls 2025-10-03 12:54:42 -04:00
Georges-Antoine Assi
d863ca9e90 Explicitly set supported algorithms on jwt encode/decode 2025-10-03 11:18:01 -04:00
Georges-Antoine Assi
ab06a321e0 Check if user is enabled before generating auth tokne 2025-10-03 09:34:40 -04:00
Michon van Dooren
240f348f92 Add support for OIDC role claim 2025-09-29 22:27:10 +02:00
Michael Manganiello
e4e3928d1b misc: Apply import sorting 2025-09-04 11:17:00 -03:00
Michael Manganiello
ba21cbc1e1 misc: Separate tests folder from backend code 
Create separate `tests/` folder for all tests. This will also simplify
not copying tests code into the Docker image.
 2025-08-08 12:49:13 -03:00
Georges-Antoine Assi
8ce943a514 use fastapi status 2025-08-02 22:17:07 -04:00
Georges-Antoine Assi
8061db40b2 fix tests and cleanup 2025-08-02 17:55:43 -04:00
Georges-Antoine Assi
9079954a3c fix tests 2025-07-19 22:27:05 -04:00
Georges-Antoine Assi
d9f97ee510 replace assert with explicit checks 2025-07-19 22:17:57 -04:00
Michael Manganiello
252722e3bc misc: Apply pyupgrade changes for Python 3.12 compatibility 
Command applied:
```
find ./backend/ -type f -name "*.py" -exec pyupgrade --py312-plus {} \;
```
 2025-06-29 12:27:16 -03:00
zurdi
7d27e368f1 feat: add SESSION_MAX_AGE_SECONDS configuration for session middleware 2025-06-13 12:54:31 +00:00
mjmfighter
c709b8ae2e fix: correct user creation logic in OpenIDHandler 2025-05-21 23:07:53 -05:00
zurdi
0d09f510de feat: implement invite link creation with role assignment and user registration 2025-05-13 22:28:46 +00:00
zurdi
1c7f8fff88 feat: add InviteLink dialog and update invite link handling in user table 2025-05-13 17:52:33 +00:00
zurdi
500ff5e67f add: endpoint to generate invite link token 2025-05-13 17:40:07 +00:00
zurdi
1103700d00 feat: implement one-time use for password reset tokens with Redis 2025-05-13 09:36:14 +00:00
zurdi
d27f4d626b feat: Reset forgotten password added 2025-05-13 09:35:53 +00:00
zurdi
14761c2c83 refactor: enhance logging with highlighted output for improved readability 2025-05-09 09:05:59 +00:00
Georges-Antoine Assi
0f8d51193a kiosk mode allows viewing without auth 2025-02-07 00:18:52 -05:00
Georges-Antoine Assi
6c95a03746 Read-only kiosk mode for viewers 2025-02-06 09:04:41 -05:00
Georges-Antoine Assi
8e5d4cdcb5 disable pyright 2025-01-26 11:29:33 -05:00
Georges-Antoine Assi
2859ac04c8 fix pyright issues 2025-01-26 10:57:27 -05:00
Georges-Antoine Assi
a35701396c Merge branch 'master' into rom-hashing-background-task 2025-01-25 23:30:15 -05:00
Georges-Antoine Assi
6927a976df improved check 2025-01-22 18:55:57 -05:00
Georges-Antoine Assi
0bc093996f [ROMM-1505] Skip CSRF checks when request has Authorization header 2025-01-20 19:10:08 -05:00
Georges-Antoine Assi
696a1c6122 Merge branch 'master' into rom-hashing-background-task 2025-01-15 21:51:23 -05:00
Michael Manganiello
8c8cd759d9 misc: Add tests 2025-01-09 01:48:14 -03:00
Michael Manganiello
7fedaca59a fix: Improve OIDC email verified check 
The OIDC email verified check now fails if the email is explicitly
unverified, or if the `email_verified` claim is supported and the email
is not explicitly verified.

Previously, the OIDC implementation failed for any OIDC provider that
did not include the `email_verified` claim in the userinfo response.
Providers like Synology do not include this claim, so the check always
failed with error "Email is not verified."

I haven't found a formal specification for the `email_verified` claim,
and how it should be handled, but this implementation should be more
robust and work with more OIDC providers.

Fixes #1446.
 2025-01-09 00:55:20 -03:00
Michael Manganiello
865370ec13 misc: Move auth constants to separate file 
This simplifies avoiding circular imports when trying to use auth
handlers.
 2025-01-08 22:16:31 -03:00
Georges-Antoine Assi
4473b6e498 fix formatting and tests 2024-12-28 10:11:36 -05:00
Anthony Uk
d96f11d56f Fix preferred_username 2024-12-28 07:11:23 +01:00
Anthony Uk
920aee5095 Rework OIDC base_handler 2024-12-28 07:05:29 +01:00