advplyr
6cc7a44a22
Update oidc redirect to pass both new and old token in url
Run Component Tests / Run Component Tests (push) Waiting to run
Integration Test / build and test (push) Waiting to run
Run Unit Tests / Run Unit Tests (push) Waiting to run
2025-07-07 17:21:25 -05:00
advplyr
ac381854e5
Add rate limiter for auth endpoints
2025-07-07 16:23:15 -05:00
advplyr
9c8900560c
Seperate out auth strategies, update change password to return error status codes
2025-07-07 15:04:40 -05:00
advplyr
d9cfcc86e7
Update oidc to return refresh token in response body for mobile
2025-07-07 09:16:07 -05:00
advplyr
97afd22f81
Refactor Auth to breakout functions in TokenManager, handle token generation for OIDC
Run Component Tests / Run Component Tests (push) Waiting to run
Integration Test / build and test (push) Waiting to run
Run Unit Tests / Run Unit Tests (push) Waiting to run
Verify all i18n files are alphabetized / update_translations (push) Has been cancelled
2025-07-06 16:43:03 -05:00
advplyr
e24eaab3f1
Log when token expiry is set via env var, api-keys create/update returns with user association
2025-07-06 13:10:14 -05:00
advplyr
e201247d69
Handle socket re-authentication, fix socket toast to be re-usable, socket cleanup
2025-07-06 11:07:01 -05:00
advplyr
e59babdf24
Force re-login if using old token, show alert if admin user, add isOldToken flag to user
Run Component Tests / Run Component Tests (push) Waiting to run
Integration Test / build and test (push) Waiting to run
Run Unit Tests / Run Unit Tests (push) Waiting to run
2025-07-05 17:46:18 -05:00
advplyr
cdc37ddb0f
Use x-refresh-token for alt method of passing refresh token, check x-refresh-token for logout
Integration Test / build and test (push) Waiting to run
Run Unit Tests / Run Unit Tests (push) Waiting to run
2025-07-04 13:54:37 -05:00
advplyr
44ff90a6f2
Update refresh endpoint to support override cookie token
Integration Test / build and test (push) Has been cancelled
Run Unit Tests / Run Unit Tests (push) Has been cancelled
2025-07-01 16:31:26 -05:00
advplyr
8b995a179d
Add support for returning refresh token for mobile clients
Integration Test / build and test (push) Waiting to run
Run Unit Tests / Run Unit Tests (push) Waiting to run
Run Component Tests / Run Component Tests (push) Has been cancelled
Verify all i18n files are alphabetized / update_translations (push) Has been cancelled
2025-06-30 17:31:31 -05:00
advplyr
4d32a22de9
Update API Keys to be tied to a user, add apikey lru-cache, handle deactivating expired keys
2025-06-30 14:53:11 -05:00
advplyr
4f5123e842
Implement new JWT auth
2025-06-29 17:22:58 -05:00
advplyr
a992400d6a
Add ENV REACT_CLIENT_PATH to target a Nextjs frontend instead of Nuxt
2025-06-23 16:56:08 -05:00
advplyr
2ef827e3fa
Add restart server message on authentication page when oidc is enabled #4064
CodeQL / Analyze (push) Waiting to run
Run Component Tests / Run Component Tests (push) Waiting to run
Build and Push Docker Image / build (push) Waiting to run
Verify all i18n files are alphabetized / update_translations (push) Waiting to run
Integration Test / build and test (push) Waiting to run
Run Unit Tests / Run Unit Tests (push) Waiting to run
2025-05-13 17:01:00 -05:00
mikiher
ec65376569
Security fix for GHSA-pg8v-5jcv-wrvw
2025-02-11 22:02:51 +02:00
mikiher
6d8720b404
Subfolder support for OIDC auth
2024-11-29 04:28:50 +02:00
mikiher
a382482173
Add in-memory user cache
2024-11-10 08:34:47 +02:00
mikiher
bf8407274e
No auth for author images
2024-11-03 08:45:43 +02:00
advplyr
7a1623e6a1
Move cover path func to LibraryItem model
2024-11-02 12:56:40 -05:00
mikiher
4224b8a486
No auth and req.user for cover images
2024-11-02 15:17:11 +02:00
advplyr
5308fd8b46
Update:Create & update API endpoints to create with new data model
2024-08-17 17:18:40 -05:00
advplyr
1b914d5d4f
Update:Log local auth login attempts for failed and successful #2533 #2579
2024-08-17 15:02:59 -05:00
advplyr
2472b86284
Update:Express middleware sets req.user to new data model, openid permissions functions moved to new data model
2024-08-11 16:07:29 -05:00
advplyr
9facf77ff1
Update remove old sync local sessions endpoint & update MeController routes to use new user model
2024-08-11 13:09:53 -05:00
advplyr
202ceb02b5
Update:Auth to use new user model
...
- Express requests include userNew to start migrating API controllers to new user model
2024-08-10 15:46:04 -05:00
advplyr
eca51457b7
Update jsdocs and auto-formatting
2024-08-04 16:13:40 -05:00
apocer
f75f0b8cc8
show dropdown if issuer has list of algorithms
2024-04-09 22:29:06 +02:00
basti
304d0f6d43
id_token_signed_respo... should be in new Client
2024-04-03 22:52:49 +02:00
basti
6c9a811472
Add ui and settings for OpenID Signing Algorithm
2024-04-03 16:18:13 +02:00
advplyr
a5d7a81519
Clean up formatting of advanced group/permission claims on authentication page
2024-03-30 14:17:34 -05:00
advplyr
7e8fd91fc5
Update OIDC advanced permissions check to only perform an update on changes
...
- Update permissions example to use UUIDv4 strings for allowedLibraries
- More validation on advanced permission JSON to ensure arrays are array of strings
- Only set allowedTags and allowedLibraries if the corresponding access all permission is false
2024-03-30 14:04:02 -05:00
Denis Arnst
90e1283058
OpenID: Allow email_verified null and also check username
...
Only disallow when email_verified explicitly false
Also check username besides preferred_username, even when its not included in OIDC checks (synology uses username)
2024-03-29 15:11:56 +01:00
Denis Arnst
8cd50d5684
OpenID: Don't downgrade root
2024-03-29 14:51:34 +01:00
Denis Arnst
1646f0ebc2
OpenID: Ignore admin for advanced permissions
...
Also removed some semicolons
2024-03-19 19:35:34 +01:00
Denis Arnst
f661e0835c
Auth: Simplify Code
2024-03-19 19:18:38 +01:00
Denis Arnst
56f1bfef50
Auth/OpenID: Implement Permissions via OpenID
...
* Ability to set group
* Ability to set more advanced permissions
* Modified TextInputWithLabel to provide an ability to specify a different placeholder then the name
2024-03-19 17:57:24 +01:00
Denis Arnst
2a722ab163
Auth: Fix crash on missing logout URL
...
When using OpenID
Also added debug information on openid errors
2024-03-12 18:07:13 +01:00
advplyr
def2988e12
Update:Passport openid-client request timeout set to 10s (default was 3.5s) #2669
2024-02-26 17:20:11 -06:00
advplyr
bf66e13377
Update jsdocs
2024-02-17 16:06:25 -06:00
Denis Arnst
c3ba7daa16
Auth: Remove is_rest cookie
2024-01-25 16:05:41 +01:00
Denis Arnst
82048cd4f3
SSO: Also save openid_id_token longer
2024-01-25 15:13:56 +01:00
Denis Arnst
edb5ff1e33
SSO: Remove pick function
2024-01-25 11:44:20 +01:00
Denis Arnst
d4ed6348ee
Auth: Store auth_method longer
...
Its not unrealistic that someone keeps being logged into the app for more than a year
if not stored longer logout process might not work anymore
2024-01-25 11:20:44 +01:00
Denis Arnst
f12ac685e8
/auth/openid: Restructure
...
- Distingush more explictly between mobile and web flow and simplify logic
- Allow state parameter to be passed in mobile flow
- Additional checks for correct parameters
- Remove unused id_token code
- Enforce S256 and don't allow plain PKCE
2024-01-25 11:13:34 +01:00
Denis Arnst
87ebf4722b
OpenID/SSO: Implement Logout functionality
2024-01-24 22:47:50 +01:00
advplyr
19e1803633
Remove unused import
2024-01-22 17:56:41 -06:00
advplyr
728496010c
Update:/auth/openid/config API endpoint to require admin user and validate issuer URL
2023-12-17 10:41:39 -06:00
Denis Arnst
cf00650c6d
SSO/OpenID: Also fix possible race condition
...
- We need to define redirect_uri in the callback again, because the global params of passport can change between calls to the first route (ie. if multiple users log in at same time)
- Removed is_rest parameter as requirement for mobile flow (to maximise compatibility with possible oauth libraries)
- Also renamed some variables for clarity
2023-12-05 09:43:06 +01:00
Denis Arnst
e6ab28365f
SSO/OpenID: Remove modifying redirect_uri in the callback
...
The redirect URI will be now correctly set to either /callback or /mobile-redirect in the /auth/openid route
2023-12-05 00:18:58 +01:00
