* change ALLOW_SIGNUP to default to false
* add 1.4.0 tag for OIDC docs
* new notes on security inline with security/policy review
* safer transport for external requests
* fix linter errors
* docs: Tidy up wording/formatting
* fix request errors
* whoops
* fix implementation with std lib
* format
* Remove check on netloc_parts. It only includes URL after any @
---------
Co-authored-by: boc-the-git <3479092+boc-the-git@users.noreply.github.com>
Co-authored-by: Brendan <b.oconnell14@gmail.com>
* initial oidc implementation
* add dynamic scheme
* e2e test setup
* add caching
* fix
* try this
* add libldap-2.5 to runtime dependencies (#2849)
* New translations en-us.json (Norwegian) (#2851)
* New Crowdin updates (#2855)
* New translations en-us.json (Italian)
* New translations en-us.json (Norwegian)
* New translations en-us.json (Portuguese)
* fix
* remove cache
* cache yarn deps
* cache docker image
* cleanup action
* lint
* fix tests
* remove not needed variables
* run code gen
* fix tests
* add docs
* move code into custom scheme
* remove unneeded type
* fix oidc admin
* add more tests
* add better spacing on login page
* create auth providers
* clean up testing stuff
* type fixes
* add OIDC auth method to postgres enum
* add option to bypass login screen and go directly to iDP
* remove check so we can fallback to another auth method oauth fails
* Add provider name to be shown at the login screen
* add new properties to admin about api
* fix spec
* add a prompt to change auth method when changing password
* Create new auth section. Add more info on auth methods
* update docs
* run ruff
* update docs
* format
* docs gen
* formatting
* initialize logger in class
* mypy type fixes
* docs gen
* add models to get proper fields in docs and fix serialization
* validate id token before using it
* only request a mealie token on initial callback
* remove unused method
* fix unit tests
* docs gen
* check for valid idToken before getting token
* add iss to mealie token
* check to see if we already have a mealie token before getting one
* fix lock file
* update authlib
* update lock file
* add remember me environment variable
* add user group setting to allow only certain groups to log in
---------
Co-authored-by: Carter Mintey <cmintey8@gmail.com>
Co-authored-by: Carter <35710697+cmintey@users.noreply.github.com>
* 'hide' default email and password env variables
* first login API endpoint
* run code-generators
* frontend indicators for default username and pw
* remove old env variables from docs
* fix env set variable
* remove password from tests
* add groupSlug to most routes
* fixed more routing issues
* fixed jank and incorrect routes
* remove public explore links
* remove unused groupSlug and explore routes
* nuked explore pages
* fixed public toolstore bug
* fixed various routes missing group slug
* restored public app header menu
* fix janky login redirect
* 404 recipe API call returns to login
* removed unused explore layout
* force redirect when using the wrong group slug
* fixed dead admin links
* removed unused middleware from earlier attempt
* 🧹
* improve cookbooks sidebar
fixed sidebar link not working
fixed sidebar link target
hide cookbooks header when there are none
* added group slug to user
* fix $auth typehints
* vastly simplified groupSlug logic
* allow logged-in users to view other groups
* fixed some edgecases that bypassed isOwnGroup
* fixed static home ref
* 🧹
* fixed redirect logic
* lint warning
* removed group slug from group and user pages
refactored all components to use route groupSlug or user group slug
moved some group pages to recipe pages
* fixed some bad types
* 🧹
* moved groupSlug routes under /g/groupSlug
* move /recipe/ to /r/
* fix backend url generation and metadata injection
* moved shopping lists to root/other route fixes
* changed shared from /recipes/ to /r/
* fixed 404 redirect not awaiting
* removed unused import
* fix doc links
* fix public recipe setting not affecting public API
* fixed backend tests
* fix nuxt-generate command
---------
Co-authored-by: Hayden <64056131+hay-kot@users.noreply.github.com>
* fix(security): reset login attempts after successful login
Enforce a maximum number of consecutive failed logins. Successfully logging in should reset the
count.
#2569
* fix(security): fix when user is unlocked
The user should be unlocked when locked_at is set, but the lock has expired.
#2569
`email.com` is not a reserved domain, incorrect configuration could result in unintentional effects.
`example.com` is reserved by IANA for bogus purposes, see RFC 6761.
