1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-08-05 13:35:23 +02:00

feat: Login with OAuth via OpenID Connect (OIDC) (#3280)
Some checks are pending
CodeQL / Analyze (javascript-typescript) (push) Waiting to run
CodeQL / Analyze (python) (push) Waiting to run
Docker Nightly Production / Frontend and End-to-End Tests (push) Waiting to run
Docker Nightly Production / Build Tagged Release (push) Blocked by required conditions
Docker Nightly Production / Backend Server Tests (push) Waiting to run
Docker Nightly Production / Notify Discord (push) Blocked by required conditions

* initial oidc implementation

* add dynamic scheme

* e2e test setup

* add caching

* fix

* try this

* add libldap-2.5 to runtime dependencies (#2849)

* New translations en-us.json (Norwegian) (#2851)

* New Crowdin updates (#2855)

* New translations en-us.json (Italian)

* New translations en-us.json (Norwegian)

* New translations en-us.json (Portuguese)

* fix

* remove cache

* cache yarn deps

* cache docker image

* cleanup action

* lint

* fix tests

* remove not needed variables

* run code gen

* fix tests

* add docs

* move code into custom scheme

* remove unneeded type

* fix oidc admin

* add more tests

* add better spacing on login page

* create auth providers

* clean up testing stuff

* type fixes

* add OIDC auth method to postgres enum

* add option to bypass login screen and go directly to iDP

* remove check so we can fallback to another auth method oauth fails

* Add provider name to be shown at the login screen

* add new properties to admin about api

* fix spec

* add a prompt to change auth method when changing password

* Create new auth section. Add more info on auth methods

* update docs

* run ruff

* update docs

* format

* docs gen

* formatting

* initialize logger in class

* mypy type fixes

* docs gen

* add models to get proper fields in docs and fix serialization

* validate id token before using it

* only request a mealie token on initial callback

* remove unused method

* fix unit tests

* docs gen

* check for valid idToken before getting token

* add iss to mealie token

* check to see if we already have a mealie token before getting one

* fix lock file

* update authlib

* update lock file

* add remember me environment variable

* add user group setting to allow only certain groups to log in

---------

Co-authored-by: Carter Mintey <cmintey8@gmail.com>
Co-authored-by: Carter <35710697+cmintey@users.noreply.github.com>
This commit is contained in:
Hayden 2024-03-10 13:51:36 -05:00 committed by GitHub
parent bea1a592d7
commit 5f6844eceb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
53 changed files with 1533 additions and 400 deletions

View file

@ -0,0 +1,52 @@
version: "3.4"
services:
oidc-mock-server:
container_name: oidc-mock-server
image: ghcr.io/navikt/mock-oauth2-server:2.1.0
network_mode: host
environment:
LOG_LEVEL: "debug"
SERVER_PORT: 8080
ldap:
image: rroemhild/test-openldap
ports:
- 10389:10389
mealie:
container_name: mealie
image: mealie:e2e
build:
context: ../../../
target: production
dockerfile: ./docker/Dockerfile
restart: always
volumes:
- mealie-data:/app/data/
network_mode: host
environment:
ALLOW_SIGNUP: True
DB_ENGINE: sqlite
OIDC_AUTH_ENABLED: True
OIDC_SIGNUP_ENABLED: True
OIDC_ADMIN_GROUP: admin
OIDC_CONFIGURATION_URL: http://localhost:8080/default/.well-known/openid-configuration
OIDC_CLIENT_ID: default
LDAP_AUTH_ENABLED: True
LDAP_SERVER_URL: ldap://localhost:10389
LDAP_TLS_INSECURE: true
LDAP_ENABLE_STARTTLS: false
LDAP_BASE_DN: "ou=people,dc=planetexpress,dc=com"
LDAP_QUERY_BIND: "cn=admin,dc=planetexpress,dc=com"
LDAP_QUERY_PASSWORD: "GoodNewsEveryone"
LDAP_USER_FILTER: "(&(|({id_attribute}={input})({mail_attribute}={input}))(|(memberOf=cn=ship_crew,ou=people,dc=planetexpress,dc=com)(memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com)))"
LDAP_ADMIN_FILTER: "memberOf=cn=admin_staff,ou=people,dc=planetexpress,dc=com"
LDAP_ID_ATTRIBUTE: uid
LDAP_NAME_ATTRIBUTE: cn
LDAP_MAIL_ATTRIBUTE: mail
volumes:
mealie-data:
driver: local