feat: Login with OAuth via OpenID Connect (OIDC) (#3280)

* initial oidc implementation

* add dynamic scheme

* e2e test setup

* add caching

* fix

* try this

* add libldap-2.5 to runtime dependencies (#2849)

* New translations en-us.json (Norwegian) (#2851)

* New Crowdin updates (#2855)

* New translations en-us.json (Italian)

* New translations en-us.json (Norwegian)

* New translations en-us.json (Portuguese)

* fix

* remove cache

* cache yarn deps

* cache docker image

* cleanup action

* lint

* fix tests

* remove not needed variables

* run code gen

* fix tests

* add docs

* move code into custom scheme

* remove unneeded type

* fix oidc admin

* add more tests

* add better spacing on login page

* create auth providers

* clean up testing stuff

* type fixes

* add OIDC auth method to postgres enum

* add option to bypass login screen and go directly to iDP

* remove check so we can fallback to another auth method oauth fails

* Add provider name to be shown at the login screen

* add new properties to admin about api

* fix spec

* add a prompt to change auth method when changing password

* Create new auth section. Add more info on auth methods

* update docs

* run ruff

* update docs

* format

* docs gen

* formatting

* initialize logger in class

* mypy type fixes

* docs gen

* add models to get proper fields in docs and fix serialization

* validate id token before using it

* only request a mealie token on initial callback

* remove unused method

* fix unit tests

* docs gen

* check for valid idToken before getting token

* add iss to mealie token

* check to see if we already have a mealie token before getting one

* fix lock file

* update authlib

* update lock file

* add remember me environment variable

* add user group setting to allow only certain groups to log in

---------

Co-authored-by: Carter Mintey <cmintey8@gmail.com>
Co-authored-by: Carter <35710697+cmintey@users.noreply.github.com>
This commit is contained in:
Hayden 2024-03-10 13:51:36 -05:00 committed by GitHub
parent bea1a592d7
commit 5f6844eceb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
53 changed files with 1533 additions and 400 deletions

View file

@ -10,6 +10,9 @@ export interface AdminAboutInfo {
version: string;
demoStatus: boolean;
allowSignup: boolean;
enableOidc: boolean;
oidcRedirect: boolean;
oidcProviderName: string;
versionLatest: string;
apiPort: number;
apiDocs: boolean;
@ -34,6 +37,9 @@ export interface AppInfo {
demoStatus: boolean;
allowSignup: boolean;
defaultGroupSlug?: string;
enableOidc: boolean;
oidcRedirect: boolean;
oidcProviderName: string;
}
export interface AppStartupInfo {
isFirstLogin: boolean;
@ -72,6 +78,7 @@ export interface BackupOptions {
export interface CheckAppConfig {
emailReady: boolean;
ldapReady: boolean;
oidcReady: boolean;
baseUrlSet: boolean;
isUpToDate: boolean;
}
@ -218,6 +225,10 @@ export interface NotificationImport {
status: boolean;
exception?: string;
}
export interface OIDCInfo {
configurationUrl?: string;
clientId?: string;
}
export interface RecipeImport {
name: string;
status: boolean;

View file

@ -5,7 +5,7 @@
/* Do not modify it by hand - just update the pydantic models and then re-run the script
*/
export type AuthMethod = "Mealie" | "LDAP";
export type AuthMethod = "Mealie" | "LDAP" | "OIDC";
export interface ChangePassword {
currentPassword: string;