feat: Login with OAuth via OpenID Connect (OIDC) (#3280)

* initial oidc implementation

* add dynamic scheme

* e2e test setup

* add caching

* fix

* try this

* add libldap-2.5 to runtime dependencies (#2849)

* New translations en-us.json (Norwegian) (#2851)

* New Crowdin updates (#2855)

* New translations en-us.json (Italian)

* New translations en-us.json (Norwegian)

* New translations en-us.json (Portuguese)

* fix

* remove cache

* cache yarn deps

* cache docker image

* cleanup action

* lint

* fix tests

* remove not needed variables

* run code gen

* fix tests

* add docs

* move code into custom scheme

* remove unneeded type

* fix oidc admin

* add more tests

* add better spacing on login page

* create auth providers

* clean up testing stuff

* type fixes

* add OIDC auth method to postgres enum

* add option to bypass login screen and go directly to iDP

* remove check so we can fallback to another auth method oauth fails

* Add provider name to be shown at the login screen

* add new properties to admin about api

* fix spec

* add a prompt to change auth method when changing password

* Create new auth section. Add more info on auth methods

* update docs

* run ruff

* update docs

* format

* docs gen

* formatting

* initialize logger in class

* mypy type fixes

* docs gen

* add models to get proper fields in docs and fix serialization

* validate id token before using it

* only request a mealie token on initial callback

* remove unused method

* fix unit tests

* docs gen

* check for valid idToken before getting token

* add iss to mealie token

* check to see if we already have a mealie token before getting one

* fix lock file

* update authlib

* update lock file

* add remember me environment variable

* add user group setting to allow only certain groups to log in

---------

Co-authored-by: Carter Mintey <cmintey8@gmail.com>
Co-authored-by: Carter <35710697+cmintey@users.noreply.github.com>

mealie/scripts/change_password.py

@@ -1,8 +1,10 @@
+import sys
 from getpass import getpass
 
 from mealie.core import root_logger
 from mealie.core.security.security import hash_password
 from mealie.db.db_setup import session_context
+from mealie.db.models.users.users import AuthMethod
 from mealie.repos.repository_factory import AllRepositories
 
 
@@ -18,22 +20,32 @@ def main():
 
         if not user:
             logger.error("no user found")
-            exit(1)
+            sys.exit(1)
 
-        logger.info(f"changing password for {user.username}")
+        reset_auth_method = False
+        if user.auth_method != AuthMethod.MEALIE:
+            logger.warning("%s is using external authentication.", user.username)
+            response = input("Would you like to change your authentication method back to local? (y/n): ")
+            reset_auth_method = response.lower() == "yes" or response.lower() == "y"
+
+        logger.info("changing password for %s", user.username)
 
         pw = getpass("Please enter the new password: ")
         pw2 = getpass("Please enter the new password again: ")
 
         if pw != pw2:
             logger.error("passwords do not match")
+            sys.exit(1)
 
         hashed_password = hash_password(pw)
         repos.users.update_password(user.id, hashed_password)
+        if reset_auth_method:
+            user.auth_method = AuthMethod.MEALIE
+            repos.users.update(user.id, user)
 
     logger.info("password change successful")
     input("press enter to exit ")
-    exit(0)
+    sys.exit(0)
 
 
 if __name__ == "__main__":