feat: Login with OAuth via OpenID Connect (OIDC) (#3280)

* initial oidc implementation * add dynamic scheme * e2e test setup * add caching * fix * try this * add libldap-2.5 to runtime dependencies (#2849) * New translations en-us.json (Norwegian) (#2851) * New Crowdin updates (#2855) * New translations en-us.json (Italian) * New translations en-us.json (Norwegian) * New translations en-us.json (Portuguese) * fix * remove cache * cache yarn deps * cache docker image * cleanup action * lint * fix tests * remove not needed variables * run code gen * fix tests * add docs * move code into custom scheme * remove unneeded type * fix oidc admin * add more tests * add better spacing on login page * create auth providers * clean up testing stuff * type fixes * add OIDC auth method to postgres enum * add option to bypass login screen and go directly to iDP * remove check so we can fallback to another auth method oauth fails * Add provider name to be shown at the login screen * add new properties to admin about api * fix spec * add a prompt to change auth method when changing password * Create new auth section. Add more info on auth methods * update docs * run ruff * update docs * format * docs gen * formatting * initialize logger in class * mypy type fixes * docs gen * add models to get proper fields in docs and fix serialization * validate id token before using it * only request a mealie token on initial callback * remove unused method * fix unit tests * docs gen * check for valid idToken before getting token * add iss to mealie token * check to see if we already have a mealie token before getting one * fix lock file * update authlib * update lock file * add remember me environment variable * add user group setting to allow only certain groups to log in --------- Co-authored-by: Carter Mintey <cmintey8@gmail.com> Co-authored-by: Carter <35710697+cmintey@users.noreply.github.com>
2025-08-05 05:25:26 +02:00 · 2024-03-10 13:51:36 -05:00 · 2024-03-10 13:51:36 -05:00 · 5f6844eceb
commit 5f6844eceb
parent bea1a592d7
53 changed files with 1533 additions and 400 deletions
--- a/tests/e2e/docker/docker-compose.yml
+++ b/tests/e2e/docker/docker-compose.yml
@ -0,0 +1,52 @@
+version: "3.4"
+services:
+  oidc-mock-server:
+    container_name: oidc-mock-server
+    image: ghcr.io/navikt/mock-oauth2-server:2.1.0
+    network_mode: host
+    environment:
+      LOG_LEVEL: "debug"
+      SERVER_PORT: 8080
+
+  ldap:
+    image: rroemhild/test-openldap
+    ports:
+      - 10389:10389
+
+  mealie:
+    container_name: mealie
+    image: mealie:e2e
+    build:
+      context: ../../../
+      target: production
+      dockerfile: ./docker/Dockerfile
+    restart: always
+    volumes:
+      - mealie-data:/app/data/
+    network_mode: host
+    environment:
+      ALLOW_SIGNUP: True
+      DB_ENGINE: sqlite
+
+      OIDC_AUTH_ENABLED: True
+      OIDC_SIGNUP_ENABLED: True
+      OIDC_ADMIN_GROUP: admin
+      OIDC_CONFIGURATION_URL: http://localhost:8080/default/.well-known/openid-configuration
+      OIDC_CLIENT_ID: default
+
+      LDAP_AUTH_ENABLED: True
+      LDAP_SERVER_URL: ldap://localhost:10389
+      LDAP_TLS_INSECURE: true
+      LDAP_ENABLE_STARTTLS: false
+      LDAP_BASE_DN: "ou=people,dc=planetexpress,dc=com"
+      LDAP_QUERY_BIND: "cn=admin,dc=planetexpress,dc=com"
+      LDAP_QUERY_PASSWORD: "GoodNewsEveryone"
+      LDAP_USER_FILTER: "(&(|({id_attribute}={input})({mail_attribute}={input}))(|(memberOf=cn=ship_crew,ou=people,dc=planetexpress,dc=com)(memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com)))"
+      LDAP_ADMIN_FILTER: "memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com"
+      LDAP_ID_ATTRIBUTE: uid
+      LDAP_NAME_ATTRIBUTE: cn
+      LDAP_MAIL_ATTRIBUTE: mail
+
+volumes:
+  mealie-data:
+    driver: local