Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-10-27 11:18:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,975 Commits 83 Branches 155 Tags 117 MiB
d8f07eb956
Commit Graph

127 Commits

Author SHA1 Message Date
advplyr
99a3867ce9 Update callback url check 
Co-authored-by: Denis Arnst <git@sapd.eu>
 2025-08-10 17:08:25 -05:00
advplyr
806c0a2991 Remove return_tokens query param for login 2025-07-11 16:01:45 -05:00
advplyr
7d6d3e6687 Move invalidate refresh token to TokenManager 2025-07-11 14:43:07 -05:00
advplyr
8775e55762 Update jwt secret handling 2025-07-08 16:39:50 -05:00
advplyr
6cc7a44a22 Update oidc redirect to pass both new and old token in url 2025-07-07 17:21:25 -05:00
advplyr
ac381854e5 Add rate limiter for auth endpoints 2025-07-07 16:23:15 -05:00
advplyr
9c8900560c Seperate out auth strategies, update change password to return error status codes 2025-07-07 15:04:40 -05:00
advplyr
d9cfcc86e7 Update oidc to return refresh token in response body for mobile 2025-07-07 09:16:07 -05:00
advplyr
97afd22f81 Refactor Auth to breakout functions in TokenManager, handle token generation for OIDC 2025-07-06 16:43:03 -05:00
advplyr
e24eaab3f1 Log when token expiry is set via env var, api-keys create/update returns with user association 2025-07-06 13:10:14 -05:00
advplyr
e201247d69 Handle socket re-authentication, fix socket toast to be re-usable, socket cleanup 2025-07-06 11:07:01 -05:00
advplyr
e59babdf24 Force re-login if using old token, show alert if admin user, add isOldToken flag to user 2025-07-05 17:46:18 -05:00
advplyr
cdc37ddb0f Use x-refresh-token for alt method of passing refresh token, check x-refresh-token for logout 2025-07-04 13:54:37 -05:00
advplyr
44ff90a6f2 Update refresh endpoint to support override cookie token 2025-07-01 16:31:26 -05:00
advplyr
8b995a179d Add support for returning refresh token for mobile clients 2025-06-30 17:31:31 -05:00
advplyr
4d32a22de9 Update API Keys to be tied to a user, add apikey lru-cache, handle deactivating expired keys 2025-06-30 14:53:11 -05:00
advplyr
4f5123e842 Implement new JWT auth 2025-06-29 17:22:58 -05:00
advplyr
a992400d6a Add ENV REACT_CLIENT_PATH to target a Nextjs frontend instead of Nuxt 2025-06-23 16:56:08 -05:00
advplyr
2ef827e3fa Add restart server message on authentication page when oidc is enabled #4064 2025-05-13 17:01:00 -05:00
mikiher
ec65376569 Security fix for GHSA-pg8v-5jcv-wrvw 2025-02-11 22:02:51 +02:00
mikiher
6d8720b404 Subfolder support for OIDC auth 2024-11-29 04:28:50 +02:00
mikiher
a382482173 Add in-memory user cache 2024-11-10 08:34:47 +02:00
mikiher
bf8407274e No auth for author images 2024-11-03 08:45:43 +02:00
advplyr
7a1623e6a1 Move cover path func to LibraryItem model 2024-11-02 12:56:40 -05:00
mikiher
4224b8a486 No auth and req.user for cover images 2024-11-02 15:17:11 +02:00
advplyr
5308fd8b46 Update:Create & update API endpoints to create with new data model 2024-08-17 17:18:40 -05:00
advplyr
1b914d5d4f Update:Log local auth login attempts for failed and successful #2533 #2579 2024-08-17 15:02:59 -05:00
advplyr
2472b86284 Update:Express middleware sets req.user to new data model, openid permissions functions moved to new data model 2024-08-11 16:07:29 -05:00
advplyr
9facf77ff1 Update remove old sync local sessions endpoint & update MeController routes to use new user model 2024-08-11 13:09:53 -05:00
advplyr
202ceb02b5 Update:Auth to use new user model 
- Express requests include userNew to start migrating API controllers to new user model
 2024-08-10 15:46:04 -05:00
advplyr
eca51457b7 Update jsdocs and auto-formatting 2024-08-04 16:13:40 -05:00
apocer
f75f0b8cc8 show dropdown if issuer has list of algorithms 2024-04-09 22:29:06 +02:00
basti
304d0f6d43 id_token_signed_respo... should be in new Client 2024-04-03 22:52:49 +02:00
basti
6c9a811472 Add ui and settings for OpenID Signing Algorithm 2024-04-03 16:18:13 +02:00
advplyr
a5d7a81519 Clean up formatting of advanced group/permission claims on authentication page 2024-03-30 14:17:34 -05:00
advplyr
7e8fd91fc5 Update OIDC advanced permissions check to only perform an update on changes 
- Update permissions example to use UUIDv4 strings for allowedLibraries
- More validation on advanced permission JSON to ensure arrays are array of strings
- Only set allowedTags and allowedLibraries if the corresponding access all permission is false
 2024-03-30 14:04:02 -05:00
Denis Arnst
90e1283058
OpenID: Allow email_verified null and also check username 
Only disallow when email_verified explicitly false
Also check username besides preferred_username, even when its not included in OIDC checks (synology uses username)
 2024-03-29 15:11:56 +01:00
Denis Arnst
8cd50d5684
OpenID: Don't downgrade root 2024-03-29 14:51:34 +01:00
Denis Arnst
1646f0ebc2
OpenID: Ignore admin for advanced permissions 
Also removed some semicolons
 2024-03-19 19:35:34 +01:00
Denis Arnst
f661e0835c
Auth: Simplify Code 2024-03-19 19:18:38 +01:00
Denis Arnst
56f1bfef50
Auth/OpenID: Implement Permissions via OpenID 
* Ability to set group
* Ability to set more advanced permissions
* Modified TextInputWithLabel to provide an ability to specify a different placeholder then the name
 2024-03-19 17:57:24 +01:00
Denis Arnst
2a722ab163
Auth: Fix crash on missing logout URL 
When using OpenID
Also added debug information on openid errors
 2024-03-12 18:07:13 +01:00
advplyr
def2988e12 Update:Passport openid-client request timeout set to 10s (default was 3.5s) #2669 2024-02-26 17:20:11 -06:00
advplyr
bf66e13377 Update jsdocs 2024-02-17 16:06:25 -06:00
Denis Arnst
c3ba7daa16 Auth: Remove is_rest cookie 2024-01-25 16:05:41 +01:00
Denis Arnst
82048cd4f3 SSO: Also save openid_id_token longer 2024-01-25 15:13:56 +01:00
Denis Arnst
edb5ff1e33 SSO: Remove pick function 2024-01-25 11:44:20 +01:00
Denis Arnst
d4ed6348ee Auth: Store auth_method longer 
Its not unrealistic that someone keeps being logged into the app for more than a year
if not stored longer logout process might not work anymore
 2024-01-25 11:20:44 +01:00
Denis Arnst
f12ac685e8 /auth/openid: Restructure 
- Distingush more explictly between mobile and web flow and simplify logic
- Allow state parameter to be passed in mobile flow
- Additional checks for correct parameters
- Remove unused id_token code
- Enforce S256 and don't allow plain PKCE
 2024-01-25 11:13:34 +01:00
Denis Arnst
87ebf4722b OpenID/SSO: Implement Logout functionality 2024-01-24 22:47:50 +01:00