OpenID Connect support (#3975)

Co-authored-by: DieselTech <30128380+DieselTech@users.noreply.github.com>
Co-authored-by: majora2007 <josephmajora@gmail.com>

API/DTOs/Account/UpdateUserDto.cs

@@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
+using API.Entities.Enums;
 
 namespace API.DTOs.Account;
 #nullable enable
@@ -25,4 +26,5 @@ public sealed record UpdateUserDto
     public AgeRestrictionDto AgeRestriction { get; init; } = default!;
     /// <inheritdoc cref="API.Entities.AppUser.Email"/>
     public string? Email { get; set; } = default!;
+    public IdentityProvider IdentityProvider { get; init; } = IdentityProvider.Kavita;
 }

API/DTOs/MemberDto.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using API.DTOs.Account;
+using API.Entities.Enums;
 
 namespace API.DTOs;
 #nullable enable
@@ -24,4 +25,5 @@ public sealed record MemberDto
     public DateTime LastActiveUtc { get; init; }
     public IEnumerable<LibraryDto>? Libraries { get; init; }
     public IEnumerable<string>? Roles { get; init; }
+    public IdentityProvider IdentityProvider { get; init; }
 }

API/DTOs/Settings/AuthorityValidationDto.cs

@@ -0,0 +1,3 @@
+namespace API.DTOs.Settings;
+
+public sealed record AuthorityValidationDto(string Authority);

API/DTOs/Settings/OidcConfigDto.cs

@@ -0,0 +1,68 @@
+#nullable enable
+
+using System.Collections.Generic;
+using System.Security.Claims;
+using API.Entities.Enums;
+
+namespace API.DTOs.Settings;
+
+/// <summary>
+/// All configuration regarding OIDC
+/// </summary>
+/// <remarks>This class is saved as a JsonObject in the DB, assign default values to prevent unexpected NPE</remarks>
+public sealed record OidcConfigDto: OidcPublicConfigDto
+{
+    /// <summary>
+    /// Optional OpenID Connect Authority URL. Not managed in DB. Managed in appsettings.json and synced to DB.
+    /// </summary>
+    public string Authority { get; set; } = string.Empty;
+    /// <summary>
+    /// Optional OpenID Connect ClientId, defaults to kavita. Not managed in DB. Managed in appsettings.json and synced to DB.
+    /// </summary>
+    public string ClientId { get; set; } = string.Empty;
+    /// <summary>
+    /// Optional OpenID Connect Secret. Not managed in DB. Managed in appsettings.json and synced to DB.
+    /// </summary>
+    public string Secret { get; set; } = string.Empty;
+    /// <summary>
+    /// If true, auto creates a new account when someone logs in via OpenID Connect
+    /// </summary>
+    public bool ProvisionAccounts { get; set; } = false;
+    /// <summary>
+    /// Require emails to be verified by the OpenID Connect provider when creating accounts on login
+    /// </summary>
+    public bool RequireVerifiedEmail { get; set; } = true;
+    /// <summary>
+    /// Overwrite Kavita roles, libraries and age rating with OpenIDConnect provided roles on log in.
+    /// </summary>
+    public bool SyncUserSettings { get; set; } = false;
+    /// <summary>
+    /// A prefix that all roles Kavita checks for during sync must have
+    /// </summary>
+    public string RolesPrefix { get; set; } = string.Empty;
+    /// <summary>
+    /// The JWT claim roles are mapped under, defaults to <see cref="ClaimTypes.Role"/>
+    /// </summary>
+    public string RolesClaim { get; set; } = ClaimTypes.Role;
+    /// <summary>
+    /// Custom scopes Kavita should request from your OIDC provider
+    /// </summary>
+    /// <remarks>Advanced setting</remarks>
+    public List<string> CustomScopes { get; set; } = [];
+
+    // Default values used when SyncUserSettings is false
+    #region Default user settings
+
+    public List<string> DefaultRoles { get; set; } = [];
+    public List<int> DefaultLibraries { get; set; } = [];
+    public AgeRating DefaultAgeRestriction { get; set; } = AgeRating.Unknown;
+    public bool DefaultIncludeUnknowns { get; set; } = false;
+
+    #endregion
+
+
+    /// <summary>
+    /// Returns true if the <see cref="OidcPublicConfigDto.Authority"/> has been set
+    /// </summary>
+    public bool Enabled => !string.IsNullOrEmpty(Authority);
+}

API/DTOs/Settings/OidcPublicConfigDto.cs

@@ -0,0 +1,24 @@
+#nullable enable
+
+namespace API.DTOs.Settings;
+
+/**
+ * The part of the OIDC configuration that is returned by the API without authentication
+ */
+public record OidcPublicConfigDto
+{
+    /// <summary>
+    /// Automatically redirect to the Oidc login screen
+    /// </summary>
+    public bool AutoLogin { get; set; }
+    /// <summary>
+    /// Disables password authentication for non-admin users
+    /// </summary>
+    public bool DisablePasswordAuthentication { get; set; }
+    /// <summary>
+    /// Name of your provider, used to display on the login screen
+    /// </summary>
+    /// <remarks>Default to OpenID Connect</remarks>
+    public string ProviderName { get; set; } = "OpenID Connect";
+    public bool Enabled { get; set; } = false;
+}

API/DTOs/Settings/ServerSettingDTO.cs

@@ -92,6 +92,11 @@ public sealed record ServerSettingDto
     /// SMTP Configuration
     /// </summary>
     public SmtpConfigDto SmtpConfig { get; set; }
+    /// <summary>
+    /// OIDC Configuration
+    /// </summary>
+    public OidcConfigDto OidcConfig { get; set; }
+
     /// <summary>
     /// The Date Kavita was first installed
     /// </summary>

API/DTOs/Stats/V3/LibraryStatV3.cs

@@ -22,6 +22,10 @@ public sealed record LibraryStatV3
     /// </summary>
     public bool CreateReadingListsFromMetadata { get; set; }
     /// <summary>
+    /// If the library has metadata turned on
+    /// </summary>
+    public bool EnabledMetadata { get; set; }
+    /// <summary>
     /// Type of the Library
     /// </summary>
     public LibraryType LibraryType { get; set; }

API/DTOs/Stats/V3/ServerInfoV3Dto.cs

@@ -131,6 +131,10 @@ public sealed record ServerInfoV3Dto
     /// Is this server using Kavita+
     /// </summary>
     public bool ActiveKavitaPlusSubscription { get; set; }
+    /// <summary>
+    ///  Is OIDC enabled
+    /// </summary>
+    public bool OidcEnabled { get; set; }
     #endregion
 
     #region Users

API/DTOs/Stats/V3/UserStatV3.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using API.Data.Misc;
+using API.Entities.Enums;
 using API.Entities.Enums.Device;
 
 namespace API.DTOs.Stats.V3;
@@ -76,6 +77,10 @@ public sealed record UserStatV3
     /// Roles for this user
     /// </summary>
     public ICollection<string> Roles { get; set; }
+    /// <summary>
+    /// Who manages the user (OIDC, Kavita)
+    /// </summary>
+    public IdentityProvider IdentityProvider { get; set; }
 
 
 }

API/DTOs/UserDto.cs

@@ -1,6 +1,8 @@
 
-using System;
+using System.Collections.Generic;
 using API.DTOs.Account;
+using API.Entities;
+using API.Entities.Enums;
 
 namespace API.DTOs;
 #nullable enable
@@ -9,10 +11,13 @@ public sealed record UserDto
 {
     public string Username { get; init; } = null!;
     public string Email { get; init; } = null!;
+    public IList<string> Roles { get; set; } = [];
     public string Token { get; set; } = null!;
     public string? RefreshToken { get; set; }
     public string? ApiKey { get; init; }
     public UserPreferencesDto? Preferences { get; set; }
     public AgeRestrictionDto? AgeRestriction { get; init; }
     public string KavitaVersion { get; set; }
+    /// <inheritdoc cref="AppUser.IdentityProvider"/>
+    public IdentityProvider IdentityProvider { get; init; }
 }