starred/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-06-03 01:10:38 +02:00
Code Issues 1.0k Packages Projects Releases 10 Wiki Activity
3,347 Commits 84 Branches 164 Tags
b4eed3bad2669582075efe355b7bf1f1cf7eacfa
Commit Graph

85 Commits

Author SHA1 Message Date
advplyr def2988e12 Update:Passport openid-client request timeout set to 10s (default was 3.5s) #2669 2024-02-26 17:20:11 -06:00
advplyr bf66e13377 Update jsdocs 2024-02-17 16:06:25 -06:00
Denis Arnst c3ba7daa16 Auth: Remove is_rest cookie 2024-01-25 16:05:41 +01:00
Denis Arnst 82048cd4f3 SSO: Also save openid_id_token longer 2024-01-25 15:13:56 +01:00
Denis Arnst edb5ff1e33 SSO: Remove pick function 2024-01-25 11:44:20 +01:00
Denis Arnst d4ed6348ee Auth: Store auth_method longer 
Its not unrealistic that someone keeps being logged into the app for more than a year
if not stored longer logout process might not work anymore
 2024-01-25 11:20:44 +01:00
Denis Arnst f12ac685e8 /auth/openid: Restructure 
- Distingush more explictly between mobile and web flow and simplify logic
- Allow state parameter to be passed in mobile flow
- Additional checks for correct parameters
- Remove unused id_token code
- Enforce S256 and don't allow plain PKCE
 2024-01-25 11:13:34 +01:00
Denis Arnst 87ebf4722b OpenID/SSO: Implement Logout functionality 2024-01-24 22:47:50 +01:00
advplyr 19e1803633 Remove unused import 2024-01-22 17:56:41 -06:00
advplyr 728496010c Update:/auth/openid/config API endpoint to require admin user and validate issuer URL 2023-12-17 10:41:39 -06:00
Denis Arnst cf00650c6d SSO/OpenID: Also fix possible race condition 
- We need to define redirect_uri in the callback again, because the global params of passport can change between calls to the first route (ie. if multiple users log in at same time)
- Removed is_rest parameter as requirement for mobile flow (to maximise compatibility with possible oauth libraries)
- Also renamed some variables for clarity
 2023-12-05 09:43:06 +01:00
Denis Arnst e6ab28365f SSO/OpenID: Remove modifying redirect_uri in the callback 
The redirect URI will be now correctly set to either /callback or /mobile-redirect in the /auth/openid route
 2023-12-05 00:18:58 +01:00
Denis Arnst 80fd2a1a18 SSO/OpenID: Use a mobile-redirect route (Fixes #2379 and #2381) 
- Implement /auth/openid/mobile-redirect this will redirect to an app-link like audiobookshelf://oauth
- An app must provide an `redirect_uri` parameter with the app-link in the authorization request to /auth/openid
- The user will have to whitelist possible URLs, or explicitly allow all
- Also modified MultiSelect to allow to hide the menu/popup
 2023-12-04 22:36:34 +01:00
advplyr 84160b2f07 Fix:Server crash when user without a password attempts to login with a password #2378 2023-12-02 16:17:52 -06:00
advplyr a719065b8d Auto formatting 2023-11-28 16:37:19 -06:00
Denis Arnst 36599a2984 SSO/OpenID: Rename probably misleading message 2023-11-28 21:16:39 +01:00
Denis Arnst 618028503b SSO/OpenID: Also Log token header 2023-11-28 20:07:49 +01:00
Denis Arnst ad53894ea1 SSO/OpenID: Provide detailed error messages 2023-11-28 17:29:22 +01:00
advplyr 9beee3ed65 Fix:Change password api endpoint 2023-11-23 15:14:49 -06:00
advplyr 048e27f03f Update:Openid auth endpoint sets the mobile flag on session to be used in the callback 
Co-authored-by: Denis Arnst <git@sapd.eu>
 2023-11-20 15:41:38 -06:00
advplyr aa933df525 Update oidc redirect_uri to check x-forwarded-proto header for proxies 2023-11-19 14:00:39 -06:00
advplyr dcbfc963c1 Update protocol for redirect_uri in openid strategy to work for reverse proxies 2023-11-19 13:38:09 -06:00
advplyr 89eb857c14 Fix initialize openid auth strategy 2023-11-19 12:57:17 -06:00
advplyr 4c2c320b9d Remove global CORS for api endpoints and setup temp CORS check for ebook endpoint 2023-11-19 11:32:48 -06:00
advplyr fb48636510 Openid auth failures redirect to login page with error message. 
Remove remaining google oauth server settings
 2023-11-11 13:10:24 -06:00
advplyr 1ad6722e6d Remove google-oauth passport strategy 2023-11-11 11:29:59 -06:00
advplyr 557ef2ef79 Update /auth/openid endpoints for correct PKCE handling 
- Provide error handling for /auth/openid
- Add session.mobile inside /auth/openid
- Proper PKCE handling for /auth/openid/callback
- redirect_uri handling for the token url in /auth/openid/callback

Co-authored-by: Denis Arnst <git@sapd.eu>
 2023-11-11 10:52:05 -06:00
advplyr 237fe84c54 Add new API endpoint for updating auth-settings and update passport auth strategies 2023-11-10 16:11:51 -06:00
advplyr ee75d672e6 Matching user by openid sub, email or username based on server settings. Auto register user. Persist sub on User records 2023-11-08 16:14:57 -06:00
advplyr f840aa80f8 Add button to populate openid URLs using the issuer URL 2023-11-05 14:11:37 -06:00
advplyr 309ef807ab Update /auth/openid endpoint to work with PKCE from mobile 
Co-authored-by: Denis Arnst <git@sapd.eu>
 2023-11-05 13:05:16 -06:00
advplyr 840811b464 Replace passport openidconnect plugin with openid-client, add JWKS and logout URL server settings, use email and email_verified instead of username 2023-11-04 15:36:43 -05:00
advplyr 0d5a30b214 Update JWT auth extractors, add state in openid redirect, add back cors for api router 2023-09-25 17:05:58 -05:00
advplyr e282142d3f Add authentication page in config, add /auth-settings GET endpoint, remove authOpenIDCallbackURL server setting 2023-09-24 15:36:35 -05:00
advplyr f6de373388 Update /status endpoint to return available auth methods, fix socket auth, update openid to use username instead of email 2023-09-24 12:36:36 -05:00
advplyr 9922294507 Fix setting tokenSecret on init 2023-09-23 13:42:28 -05:00
advplyr f42ab45e1b Update passwordless root user check to user user.type instead of user.id 2023-09-23 13:30:28 -05:00
lukeIam 2c25f64652 Add /auth_methods route 2023-09-20 19:16:08 +01:00
lukeIam 45cf00bd04 fix openid + jwt auth 2023-09-20 19:06:16 +01:00
lukeIam f6113e85c7 cookie lifetime 2023-09-20 18:48:57 +01:00
lukeIam 2c90bba774 small refactorings 2023-09-20 18:37:55 +01:00
lukeIam 0a6cd89090 Allow rest mode login (?isRest=true) 2023-09-17 18:42:42 +01:00
lukeIam 942aa93f57 Fix: local login not possible 2023-09-16 19:45:04 +00:00
lukeIam 7af3033f8d Fix: ci error - no token sercret 2023-09-16 18:42:48 +00:00
lukeIam 6aaf3f0f02 Fix bug with undefined property 2023-09-16 18:22:11 +00:00
lukeIam af4c35069b Use a short-time cookie to remember where to callback to 2023-09-14 18:49:19 +01:00
lukeIam 405c954b65 Updated + first rough implementation 2023-09-13 16:35:39 +00:00
lukeIam f0f03efe17 Merge remote-tracking branch 'origin/master' into auth_passportjs 2023-09-10 13:11:35 +00:00
advplyr 6c1b4e3a36 Update db model references 2023-08-20 13:34:03 -05:00
lukeIam dd9a3858d7 Merge remote-tracking branch 'origin/master' into auth_passportjs 2023-08-12 16:44:44 +02:00