* change ALLOW_SIGNUP to default to false
* add 1.4.0 tag for OIDC docs
* new notes on security inline with security/policy review
* safer transport for external requests
* fix linter errors
* docs: Tidy up wording/formatting
* fix request errors
* whoops
* fix implementation with std lib
* format
* Remove check on netloc_parts. It only includes URL after any @
---------
Co-authored-by: boc-the-git <3479092+boc-the-git@users.noreply.github.com>
Co-authored-by: Brendan <b.oconnell14@gmail.com>
* initial oidc implementation
* add dynamic scheme
* e2e test setup
* add caching
* fix
* try this
* add libldap-2.5 to runtime dependencies (#2849)
* New translations en-us.json (Norwegian) (#2851)
* New Crowdin updates (#2855)
* New translations en-us.json (Italian)
* New translations en-us.json (Norwegian)
* New translations en-us.json (Portuguese)
* fix
* remove cache
* cache yarn deps
* cache docker image
* cleanup action
* lint
* fix tests
* remove not needed variables
* run code gen
* fix tests
* add docs
* move code into custom scheme
* remove unneeded type
* fix oidc admin
* add more tests
* add better spacing on login page
* create auth providers
* clean up testing stuff
* type fixes
* add OIDC auth method to postgres enum
* add option to bypass login screen and go directly to iDP
* remove check so we can fallback to another auth method oauth fails
* Add provider name to be shown at the login screen
* add new properties to admin about api
* fix spec
* add a prompt to change auth method when changing password
* Create new auth section. Add more info on auth methods
* update docs
* run ruff
* update docs
* format
* docs gen
* formatting
* initialize logger in class
* mypy type fixes
* docs gen
* add models to get proper fields in docs and fix serialization
* validate id token before using it
* only request a mealie token on initial callback
* remove unused method
* fix unit tests
* docs gen
* check for valid idToken before getting token
* add iss to mealie token
* check to see if we already have a mealie token before getting one
* fix lock file
* update authlib
* update lock file
* add remember me environment variable
* add user group setting to allow only certain groups to log in
---------
Co-authored-by: Carter Mintey <cmintey8@gmail.com>
Co-authored-by: Carter <35710697+cmintey@users.noreply.github.com>
* 'hide' default email and password env variables
* first login API endpoint
* run code-generators
* frontend indicators for default username and pw
* remove old env variables from docs
* fix env set variable
* remove password from tests
* add groupSlug to most routes
* fixed more routing issues
* fixed jank and incorrect routes
* remove public explore links
* remove unused groupSlug and explore routes
* nuked explore pages
* fixed public toolstore bug
* fixed various routes missing group slug
* restored public app header menu
* fix janky login redirect
* 404 recipe API call returns to login
* removed unused explore layout
* force redirect when using the wrong group slug
* fixed dead admin links
* removed unused middleware from earlier attempt
* 🧹
* improve cookbooks sidebar
fixed sidebar link not working
fixed sidebar link target
hide cookbooks header when there are none
* added group slug to user
* fix $auth typehints
* vastly simplified groupSlug logic
* allow logged-in users to view other groups
* fixed some edgecases that bypassed isOwnGroup
* fixed static home ref
* 🧹
* fixed redirect logic
* lint warning
* removed group slug from group and user pages
refactored all components to use route groupSlug or user group slug
moved some group pages to recipe pages
* fixed some bad types
* 🧹
* moved groupSlug routes under /g/groupSlug
* move /recipe/ to /r/
* fix backend url generation and metadata injection
* moved shopping lists to root/other route fixes
* changed shared from /recipes/ to /r/
* fixed 404 redirect not awaiting
* removed unused import
* fix doc links
* fix public recipe setting not affecting public API
* fixed backend tests
* fix nuxt-generate command
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* fix(security): reset login attempts after successful login
Enforce a maximum number of consecutive failed logins. Successfully logging in should reset the
count.
#2569
* fix(security): fix when user is unlocked
The user should be unlocked when locked_at is set, but the lock has expired.
#2569
`email.com` is not a reserved domain, incorrect configuration could result in unintentional effects.
`example.com` is reserved by IANA for bogus purposes, see RFC 6761.
* WIP: proof of concept
* basic meta tag injection
* add support for scraping public/private links
* make tests go brrrrr
* cleanup initialization
* rewrite build config
* remove recipe meta on frontend
* make type checker happy
* remove other deployment methods
* fix issue with JSON response on un-authenticated request
* docs updates
* update tivy scanner
* fix linter stuff
* change registry tag
* build fixes
* fix same mistake I always make
* fixed incorrect var ref
* added public recipe pagination route
* refactored frontend public/explore API
* fixed broken public cards
* hid context menu from cards when public
* fixed public app header
* fixed random recipe
* added public food, category, tag, and tool routes
* not sure why I thought that would work
* added public organizer/foods stores
* disabled clicking on tags/categories
* added public link to profile page
* linting
* force a 404 if the group slug is missing or invalid
* oops
* refactored to fit sidebar into explore
* fixed invalid logic for app header
* removed most sidebar options from public
* added backend routes for public cookbooks
* added explore cookbook pages/apis
* codegen
* added backend tests
* lint
* fixes v-for keys
* I do not understand but sure why not
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* validate user attributes on user creation
add logs for invalid or missing attributes
* only update admin flag when admin status changes
* move ldap functions into separate file
* fix linter issues
* actually use the search_user function
* fix types
* add option to enable starttls for ldap
* add integration test for ldap service
* document new, optional environment variable
* fix: support anonymous bind
* id and mail attributes in LDAP_USER_FILTER should be implied
* remove print statement
* adds authentication method for users
* fix db migration with postgres
* tests for auth method
* update migration ids
* hide auth method on user creation form
* (docs): Added documentation for the new authentication method
* update migration
* add to auto-form instead of having hidden fields
* Corrected if statement to check if a results was returned by the LDAP search. And decoded the user_attributes from binary data to string
* removed trailing spaces
* Revert asserts in LDAP unit test back
Since an empty tuple is still a result, an user is created and the result should not be false.
* Simplified code
* Extended the LDAP implementation
* fix ldap authentication and user creation
* modified docs to include new LDAP environment variables
* update tests and linting
* add libldap-2.4-2 as runtime dependency for the api
---------
Co-authored-by: Erik Landkroon <eriklandkroon@gmail.com>
* Scheduled tasks log to Debug, not Info
* Add LOG_LEVEL config to .env
* Update some other log levels and fix typos
* fix logger initializer
---------
Co-authored-by: Jakob Rubin <647846+Grygon@users.noreply.github.com>
* docs: fix typos
* typos: fix typos found by `codespell` across the codebase
* docs: fix `macOS` spelling
* docs: fix `authentification` terminology
"Authentification" is not a thing.
* docs: fix `localhost` typo in example link
* typos: fix in-code typos
These are potentially higher risk, but no other mentions of these typos
show up in the codebase.
* Use Base DN for LDAP and fetch user attrs
Requires that a Base DN be set for LDAP
Set `full_name` and `email` based on LDAP attributes when creating user
* Add support for secure LDAP
Allow insecure LDAP connection (disabled by default)
Use CA when connecting to secure LDAP server
* Added missing quotes to example
* Update security.py
* Update security.py formatting
* Update security.py
Switched to f-String formatting
* formatting
* Update test_security.py
Added at attributes for testing
* Update test_security.py
Modified tests for base DN
* Update test_security.py
Set proper base DN for testing
* Update test_security.py
Corrected testing for LDAP
* Update test_security.py
Defined base_dn
* Authenticated user not in base DN
Add check for when user can authenticate but is not in base DN
* Update test_security.py
LDAP user cannot exist as it is searched before it is created and the list returns False
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
