rommapp/romm - romm - Gitea: Git with a cup of tea

mirror of https://github.com/rommapp/romm.git synced 2026-02-18 00:27:41 +01:00

Author	SHA1	Message	Date
Georges-Antoine Assi	baddeea972	type ignore	2025-12-08 12:58:01 -05:00
Georges-Antoine Assi	85bf51d088	raise error is prefered username is none	2025-12-08 12:57:20 -05:00
Georges-Antoine Assi	50ddb42c25	[ROMM-2748] Add OIDC_USERNAME_ATTRIBUTE	2025-12-08 10:27:15 -05:00
Georges-Antoine Assi	f2774b9395	Merge pull request #2716 from rommapp/redis-backed-sessions Add redis-backed session middleware	2025-11-22 18:40:43 -05:00
Georges-Antoine Assi	615e3132e4	changes from bot review	2025-11-22 10:55:14 -05:00
Georges-Antoine Assi	27e02fa2a2	consume the token as soon as its read	2025-11-22 10:51:41 -05:00
Georges-Antoine Assi	ec6bb24662	Add new redis-backed session middleware	2025-11-22 10:47:59 -05:00
Tarow	cb2015fc4d	fix: type error when role claim is null	2025-10-19 11:49:31 +02:00
Georges-Antoine Assi	154df816cf	only set algos on decode calls	2025-10-03 12:54:42 -04:00
Georges-Antoine Assi	d863ca9e90	Explicitly set supported algorithms on jwt encode/decode	2025-10-03 11:18:01 -04:00
Michon van Dooren	240f348f92	Add support for OIDC role claim	2025-09-29 22:27:10 +02:00
Michael Manganiello	e4e3928d1b	misc: Apply import sorting	2025-09-04 11:17:00 -03:00
Georges-Antoine Assi	9079954a3c	fix tests	2025-07-19 22:27:05 -04:00
Michael Manganiello	252722e3bc	misc: Apply pyupgrade changes for Python 3.12 compatibility Command applied: ``` find ./backend/ -type f -name "*.py" -exec pyupgrade --py312-plus {} \; ```	2025-06-29 12:27:16 -03:00
mjmfighter	c709b8ae2e	fix: correct user creation logic in OpenIDHandler	2025-05-21 23:07:53 -05:00
zurdi	0d09f510de	feat: implement invite link creation with role assignment and user registration	2025-05-13 22:28:46 +00:00
zurdi	1c7f8fff88	feat: add InviteLink dialog and update invite link handling in user table	2025-05-13 17:52:33 +00:00
zurdi	500ff5e67f	add: endpoint to generate invite link token	2025-05-13 17:40:07 +00:00
zurdi	1103700d00	feat: implement one-time use for password reset tokens with Redis	2025-05-13 09:36:14 +00:00
zurdi	d27f4d626b	feat: Reset forgotten password added	2025-05-13 09:35:53 +00:00
zurdi	14761c2c83	refactor: enhance logging with highlighted output for improved readability	2025-05-09 09:05:59 +00:00
Michael Manganiello	7fedaca59a	fix: Improve OIDC email verified check The OIDC email verified check now fails if the email is explicitly unverified, or if the `email_verified` claim is supported and the email is not explicitly verified. Previously, the OIDC implementation failed for any OIDC provider that did not include the `email_verified` claim in the userinfo response. Providers like Synology do not include this claim, so the check always failed with error "Email is not verified." I haven't found a formal specification for the `email_verified` claim, and how it should be handled, but this implementation should be more robust and work with more OIDC providers. Fixes #1446.	2025-01-09 00:55:20 -03:00
Michael Manganiello	865370ec13	misc: Move auth constants to separate file This simplifies avoiding circular imports when trying to use auth handlers.	2025-01-08 22:16:31 -03:00
Georges-Antoine Assi	4473b6e498	fix formatting and tests	2024-12-28 10:11:36 -05:00
Anthony Uk	d96f11d56f	Fix preferred_username	2024-12-28 07:11:23 +01:00
Anthony Uk	920aee5095	Rework OIDC base_handler	2024-12-28 07:05:29 +01:00
zurdi	f6673dd707	fix: Use preferred_username for new user creation instead of email prefix	2024-12-27 15:43:37 +00:00
zurdi	ff03d8e125	refactor: Remove OIDC_CREATE_USER configuration and generate an uuid in a OIDC created user password	2024-12-27 14:49:23 +00:00
zurdi	ffbebc2f46	fix: Rename CREATE_OIDC_USER to OIDC_CREATE_USER for consistency	2024-12-27 12:32:49 +00:00
zurdi	e52ebcbc5a	feat: Add CREATE_OIDC_USER configuration to enable automatic user creation	2024-12-27 12:04:49 +00:00
Georges-Antoine Assi	dbb3b6083b	only json() once	2024-12-23 14:03:24 -05:00
Georges-Antoine Assi	8332c7b27b	fetch jwks_url from server metadata endppoint	2024-12-23 09:34:38 -05:00
Georges-Antoine Assi	37db255328	refactor oidc handler and fix tests	2024-12-18 10:49:45 -05:00
Georges-Antoine Assi	34d49e6494	changes from self review	2024-12-13 11:33:39 -05:00
Georges-Antoine Assi	2d5bc34e9c	add tests for oidc handler	2024-12-12 17:37:30 -05:00
Georges-Antoine Assi	82ac766c9e	oidc login using email	2024-12-12 10:08:27 -05:00
Georges-Antoine Assi	0e2866f0f5	dont setup OIDC if disabled	2024-12-11 23:20:21 -05:00
Georges-Antoine Assi	cae4089ccf	add email field	2024-12-09 19:57:13 -05:00
Georges-Antoine Assi	b7dac4743a	Merge branch 'master' into openid-connect	2024-12-07 22:19:24 -05:00
zurdi	caa24433b1	refactor: improve user authentication handling without requesting to database	2024-12-02 15:37:13 +00:00
Georges-Antoine Assi	1866cfdbae	revert one oauth to oidc change	2024-11-27 23:39:53 -05:00
Georges-Antoine Assi	a2179604bf	fix trunk error	2024-11-27 23:36:41 -05:00
Georges-Antoine Assi	3abf50b056	changes from self review	2024-11-27 23:28:54 -05:00
Georges-Antoine Assi	11923786be	fetch and use rsa key	2024-11-27 22:40:02 -05:00
Georges-Antoine Assi	bc5c2e45f3	wokring oidc setup with authentik	2024-11-26 23:57:15 -05:00
Michael Manganiello	beeb9f0c31	misc: Create enum for authorization scopes Instead of using just strings, this change converts the scopes to a `StrEnum`, to be compatible with places where a string is expected. This avoids typos when using these scopes, simplifies searching for usages, and improves type hints. An extra change was the fix to the Firmware download endpoint, which wasn't respecting the `DISABLE_DOWNLOAD_ENDPOINT_AUTH` flag.	2024-10-18 23:57:42 -03:00
Georges-Antoine Assi	8fc25cde99	use timezone aware datetimes	2024-09-09 10:11:46 -04:00
zurdi	8a2a4d6099	fixes from trunk	2024-07-04 23:54:18 +02:00
zurdi	3d27a05c22	fixes from trunk	2024-07-04 23:47:14 +02:00
zurdi	4b81c01140	fixed tests	2024-07-04 22:26:35 +02:00

1 2

64 Commits