Michael Manganiello
252722e3bc
misc: Apply pyupgrade changes for Python 3.12 compatibility
...
Command applied:
```
find ./backend/ -type f -name "*.py" -exec pyupgrade --py312-plus {} \;
```
2025-06-29 12:27:16 -03:00
zurdi
7d27e368f1
feat: add SESSION_MAX_AGE_SECONDS configuration for session middleware
2025-06-13 12:54:31 +00:00
mjmfighter
c709b8ae2e
fix: correct user creation logic in OpenIDHandler
2025-05-21 23:07:53 -05:00
zurdi
0d09f510de
feat: implement invite link creation with role assignment and user registration
2025-05-13 22:28:46 +00:00
zurdi
1c7f8fff88
feat: add InviteLink dialog and update invite link handling in user table
2025-05-13 17:52:33 +00:00
zurdi
500ff5e67f
add: endpoint to generate invite link token
2025-05-13 17:40:07 +00:00
zurdi
1103700d00
feat: implement one-time use for password reset tokens with Redis
2025-05-13 09:36:14 +00:00
zurdi
d27f4d626b
feat: Reset forgotten password added
2025-05-13 09:35:53 +00:00
zurdi
14761c2c83
refactor: enhance logging with highlighted output for improved readability
2025-05-09 09:05:59 +00:00
Georges-Antoine Assi
0f8d51193a
kiosk mode allows viewing without auth
2025-02-07 00:18:52 -05:00
Georges-Antoine Assi
6c95a03746
Read-only kiosk mode for viewers
2025-02-06 09:04:41 -05:00
Georges-Antoine Assi
8e5d4cdcb5
disable pyright
2025-01-26 11:29:33 -05:00
Georges-Antoine Assi
2859ac04c8
fix pyright issues
2025-01-26 10:57:27 -05:00
Georges-Antoine Assi
a35701396c
Merge branch 'master' into rom-hashing-background-task
2025-01-25 23:30:15 -05:00
Georges-Antoine Assi
6927a976df
improved check
2025-01-22 18:55:57 -05:00
Georges-Antoine Assi
0bc093996f
[ROMM-1505] Skip CSRF checks when request has Authorization header
2025-01-20 19:10:08 -05:00
Georges-Antoine Assi
696a1c6122
Merge branch 'master' into rom-hashing-background-task
2025-01-15 21:51:23 -05:00
Michael Manganiello
8c8cd759d9
misc: Add tests
2025-01-09 01:48:14 -03:00
Michael Manganiello
7fedaca59a
fix: Improve OIDC email verified check
...
The OIDC email verified check now fails if the email is explicitly
unverified, or if the `email_verified` claim is supported and the email
is not explicitly verified.
Previously, the OIDC implementation failed for any OIDC provider that
did not include the `email_verified` claim in the userinfo response.
Providers like Synology do not include this claim, so the check always
failed with error "Email is not verified."
I haven't found a formal specification for the `email_verified` claim,
and how it should be handled, but this implementation should be more
robust and work with more OIDC providers.
Fixes #1446 .
2025-01-09 00:55:20 -03:00
Michael Manganiello
865370ec13
misc: Move auth constants to separate file
...
This simplifies avoiding circular imports when trying to use auth
handlers.
2025-01-08 22:16:31 -03:00
Georges-Antoine Assi
4473b6e498
fix formatting and tests
2024-12-28 10:11:36 -05:00
Anthony Uk
d96f11d56f
Fix preferred_username
2024-12-28 07:11:23 +01:00
Anthony Uk
920aee5095
Rework OIDC base_handler
2024-12-28 07:05:29 +01:00
Georges-Antoine Assi
84813bd962
Merge branch 'master' into rom-hashing-background-task
2024-12-27 12:02:04 -05:00
zurdi
f6673dd707
fix: Use preferred_username for new user creation instead of email prefix
2024-12-27 15:43:37 +00:00
zurdi
ff03d8e125
refactor: Remove OIDC_CREATE_USER configuration and generate an uuid in a OIDC created user password
2024-12-27 14:49:23 +00:00
zurdi
ffbebc2f46
fix: Rename CREATE_OIDC_USER to OIDC_CREATE_USER for consistency
2024-12-27 12:32:49 +00:00
zurdi
e52ebcbc5a
feat: Add CREATE_OIDC_USER configuration to enable automatic user creation
2024-12-27 12:04:49 +00:00
Georges-Antoine Assi
dbb3b6083b
only json() once
2024-12-23 14:03:24 -05:00
Georges-Antoine Assi
8332c7b27b
fetch jwks_url from server metadata endppoint
2024-12-23 09:34:38 -05:00
Georges-Antoine Assi
c9bc15c100
fix auth tests
2024-12-22 14:17:12 -05:00
Georges-Antoine Assi
7bde4aee70
complete the rst of the files
2024-12-20 23:45:25 -05:00
Georges-Antoine Assi
37db255328
refactor oidc handler and fix tests
2024-12-18 10:49:45 -05:00
Georges-Antoine Assi
34d49e6494
changes from self review
2024-12-13 11:33:39 -05:00
Georges-Antoine Assi
2d5bc34e9c
add tests for oidc handler
2024-12-12 17:37:30 -05:00
Georges-Antoine Assi
82ac766c9e
oidc login using email
2024-12-12 10:08:27 -05:00
Georges-Antoine Assi
0e2866f0f5
dont setup OIDC if disabled
2024-12-11 23:20:21 -05:00
Georges-Antoine Assi
cae4089ccf
add email field
2024-12-09 19:57:13 -05:00
Georges-Antoine Assi
b7dac4743a
Merge branch 'master' into openid-connect
2024-12-07 22:19:24 -05:00
Zurdi
219145e000
Update middleware based on review
2024-12-02 18:56:58 +01:00
zurdi
caa24433b1
refactor: improve user authentication handling without requesting to database
2024-12-02 15:37:13 +00:00
zurdi
44afc718a6
refactor: check user existence only for /api/heartbeat endpoint
2024-12-02 15:09:36 +00:00
zurdi
bf41d9ff05
fixed total crash on a fresh installation having session cookies from previous installation
2024-11-28 12:30:13 +00:00
Georges-Antoine Assi
1866cfdbae
revert one oauth to oidc change
2024-11-27 23:39:53 -05:00
Georges-Antoine Assi
a2179604bf
fix trunk error
2024-11-27 23:36:41 -05:00
Georges-Antoine Assi
3abf50b056
changes from self review
2024-11-27 23:28:54 -05:00
Georges-Antoine Assi
11923786be
fetch and use rsa key
2024-11-27 22:40:02 -05:00
Georges-Antoine Assi
bc5c2e45f3
wokring oidc setup with authentik
2024-11-26 23:57:15 -05:00
Michael Manganiello
beeb9f0c31
misc: Create enum for authorization scopes
...
Instead of using just strings, this change converts the scopes to a
`StrEnum`, to be compatible with places where a string is expected. This
avoids typos when using these scopes, simplifies searching for usages,
and improves type hints.
An extra change was the fix to the Firmware download endpoint, which
wasn't respecting the `DISABLE_DOWNLOAD_ENDPOINT_AUTH` flag.
2024-10-18 23:57:42 -03:00
Georges-Antoine Assi
8fc25cde99
use timezone aware datetimes
2024-09-09 10:11:46 -04:00
