Cutlery/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-10-26 08:12:25 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,572 Commits 83 Branches 155 Tags
Commit Graph

96 Commits

Author SHA1 Message Date
apocer
f75f0b8cc8 show dropdown if issuer has list of algorithms 2024-04-09 22:29:06 +02:00
basti
304d0f6d43 id_token_signed_respo... should be in new Client 2024-04-03 22:52:49 +02:00
basti
6c9a811472 Add ui and settings for OpenID Signing Algorithm 2024-04-03 16:18:13 +02:00
advplyr
a5d7a81519 Clean up formatting of advanced group/permission claims on authentication page 2024-03-30 14:17:34 -05:00
advplyr
7e8fd91fc5 Update OIDC advanced permissions check to only perform an update on changes 
- Update permissions example to use UUIDv4 strings for allowedLibraries
- More validation on advanced permission JSON to ensure arrays are array of strings
- Only set allowedTags and allowedLibraries if the corresponding access all permission is false
 2024-03-30 14:04:02 -05:00
Denis Arnst
90e1283058
OpenID: Allow email_verified null and also check username 
Only disallow when email_verified explicitly false
Also check username besides preferred_username, even when its not included in OIDC checks (synology uses username)
 2024-03-29 15:11:56 +01:00
Denis Arnst
8cd50d5684
OpenID: Don't downgrade root 2024-03-29 14:51:34 +01:00
Denis Arnst
1646f0ebc2
OpenID: Ignore admin for advanced permissions 
Also removed some semicolons
 2024-03-19 19:35:34 +01:00
Denis Arnst
f661e0835c
Auth: Simplify Code 2024-03-19 19:18:38 +01:00
Denis Arnst
56f1bfef50
Auth/OpenID: Implement Permissions via OpenID 
* Ability to set group
* Ability to set more advanced permissions
* Modified TextInputWithLabel to provide an ability to specify a different placeholder then the name
 2024-03-19 17:57:24 +01:00
Denis Arnst
2a722ab163
Auth: Fix crash on missing logout URL 
When using OpenID
Also added debug information on openid errors
 2024-03-12 18:07:13 +01:00
advplyr
def2988e12 Update:Passport openid-client request timeout set to 10s (default was 3.5s) #2669 2024-02-26 17:20:11 -06:00
advplyr
bf66e13377 Update jsdocs 2024-02-17 16:06:25 -06:00
Denis Arnst
c3ba7daa16 Auth: Remove is_rest cookie 2024-01-25 16:05:41 +01:00
Denis Arnst
82048cd4f3 SSO: Also save openid_id_token longer 2024-01-25 15:13:56 +01:00
Denis Arnst
edb5ff1e33 SSO: Remove pick function 2024-01-25 11:44:20 +01:00
Denis Arnst
d4ed6348ee Auth: Store auth_method longer 
Its not unrealistic that someone keeps being logged into the app for more than a year
if not stored longer logout process might not work anymore
 2024-01-25 11:20:44 +01:00
Denis Arnst
f12ac685e8 /auth/openid: Restructure 
- Distingush more explictly between mobile and web flow and simplify logic
- Allow state parameter to be passed in mobile flow
- Additional checks for correct parameters
- Remove unused id_token code
- Enforce S256 and don't allow plain PKCE
 2024-01-25 11:13:34 +01:00
Denis Arnst
87ebf4722b OpenID/SSO: Implement Logout functionality 2024-01-24 22:47:50 +01:00
advplyr
19e1803633 Remove unused import 2024-01-22 17:56:41 -06:00
advplyr
728496010c Update:/auth/openid/config API endpoint to require admin user and validate issuer URL 2023-12-17 10:41:39 -06:00
Denis Arnst
cf00650c6d SSO/OpenID: Also fix possible race condition 
- We need to define redirect_uri in the callback again, because the global params of passport can change between calls to the first route (ie. if multiple users log in at same time)
- Removed is_rest parameter as requirement for mobile flow (to maximise compatibility with possible oauth libraries)
- Also renamed some variables for clarity
 2023-12-05 09:43:06 +01:00
Denis Arnst
e6ab28365f SSO/OpenID: Remove modifying redirect_uri in the callback 
The redirect URI will be now correctly set to either /callback or /mobile-redirect in the /auth/openid route
 2023-12-05 00:18:58 +01:00
Denis Arnst
80fd2a1a18 SSO/OpenID: Use a mobile-redirect route (Fixes #2379 and #2381) 
- Implement /auth/openid/mobile-redirect this will redirect to an app-link like audiobookshelf://oauth
- An app must provide an `redirect_uri` parameter with the app-link in the authorization request to /auth/openid
- The user will have to whitelist possible URLs, or explicitly allow all
- Also modified MultiSelect to allow to hide the menu/popup
 2023-12-04 22:36:34 +01:00
advplyr
84160b2f07 Fix:Server crash when user without a password attempts to login with a password #2378 2023-12-02 16:17:52 -06:00
advplyr
a719065b8d Auto formatting 2023-11-28 16:37:19 -06:00
Denis Arnst
36599a2984 SSO/OpenID: Rename probably misleading message 2023-11-28 21:16:39 +01:00
Denis Arnst
618028503b SSO/OpenID: Also Log token header 2023-11-28 20:07:49 +01:00
Denis Arnst
ad53894ea1 SSO/OpenID: Provide detailed error messages 2023-11-28 17:29:22 +01:00
advplyr
9beee3ed65 Fix:Change password api endpoint 2023-11-23 15:14:49 -06:00
advplyr
048e27f03f Update:Openid auth endpoint sets the mobile flag on session to be used in the callback 
Co-authored-by: Denis Arnst <git@sapd.eu>
 2023-11-20 15:41:38 -06:00
advplyr
aa933df525 Update oidc redirect_uri to check x-forwarded-proto header for proxies 2023-11-19 14:00:39 -06:00
advplyr
dcbfc963c1 Update protocol for redirect_uri in openid strategy to work for reverse proxies 2023-11-19 13:38:09 -06:00
advplyr
89eb857c14 Fix initialize openid auth strategy 2023-11-19 12:57:17 -06:00
advplyr
4c2c320b9d Remove global CORS for api endpoints and setup temp CORS check for ebook endpoint 2023-11-19 11:32:48 -06:00
advplyr
fb48636510 Openid auth failures redirect to login page with error message. 
Remove remaining google oauth server settings
 2023-11-11 13:10:24 -06:00
advplyr
1ad6722e6d Remove google-oauth passport strategy 2023-11-11 11:29:59 -06:00
advplyr
557ef2ef79 Update /auth/openid endpoints for correct PKCE handling 
- Provide error handling for /auth/openid
- Add session.mobile inside /auth/openid
- Proper PKCE handling for /auth/openid/callback
- redirect_uri handling for the token url in /auth/openid/callback

Co-authored-by: Denis Arnst <git@sapd.eu>
 2023-11-11 10:52:05 -06:00
advplyr
237fe84c54 Add new API endpoint for updating auth-settings and update passport auth strategies 2023-11-10 16:11:51 -06:00
advplyr
ee75d672e6 Matching user by openid sub, email or username based on server settings. Auto register user. Persist sub on User records 2023-11-08 16:14:57 -06:00
advplyr
f840aa80f8 Add button to populate openid URLs using the issuer URL 2023-11-05 14:11:37 -06:00
advplyr
309ef807ab Update /auth/openid endpoint to work with PKCE from mobile 
Co-authored-by: Denis Arnst <git@sapd.eu>
 2023-11-05 13:05:16 -06:00
advplyr
840811b464 Replace passport openidconnect plugin with openid-client, add JWKS and logout URL server settings, use email and email_verified instead of username 2023-11-04 15:36:43 -05:00
advplyr
0d5a30b214 Update JWT auth extractors, add state in openid redirect, add back cors for api router 2023-09-25 17:05:58 -05:00
advplyr
e282142d3f Add authentication page in config, add /auth-settings GET endpoint, remove authOpenIDCallbackURL server setting 2023-09-24 15:36:35 -05:00
advplyr
f6de373388 Update /status endpoint to return available auth methods, fix socket auth, update openid to use username instead of email 2023-09-24 12:36:36 -05:00
advplyr
9922294507 Fix setting tokenSecret on init 2023-09-23 13:42:28 -05:00
advplyr
f42ab45e1b Update passwordless root user check to user user.type instead of user.id 2023-09-23 13:30:28 -05:00
lukeIam
2c25f64652 Add /auth_methods route 2023-09-20 19:16:08 +01:00
lukeIam
45cf00bd04 fix openid + jwt auth 2023-09-20 19:06:16 +01:00