* feat(auth): implement oidc
* refactor(auth): centralize OIDC state cookie handling
* fix(web): resolve unused error variables in route handlers
* docs(readme): add OIDC authentication feature to list
* fix(auth): improve OIDC cookie handling for reverse proxy setups
The OIDC state cookie's Secure flag is now properly set when running behind a reverse proxy by checking both direct TLS and X-Forwarded-Proto header. This fixes authentication issues in common setups where:
- autobrr runs behind a reverse proxy that terminates HTTPS
- local development environments without TLS
- mixed protocol environments (internal HTTP, external HTTPS)
* fix: use crypt/random if argon2id fails
* feat(auth): show both login options when user exists in db
if user doesn't exist, e.g. canOnboard=true then we only show the OIDC button, since regular login makes no sense in that case
If user does not exist in db and the user wants to create a local user, OIDC needs to be disabled first
* feat(auth): improve OIDC provider initialization with discovery logging
* revert(issuer): do not remove trailing slash
* feat(auth): improve OIDC username resolution with additional claims
* fix(auth): handle OIDC issuer URLs with and without trailing slashes
When initializing the OIDC provider, automatically retry with/without trailing
slash if the first attempt fails.
- First attempts with original issuer URL
- If fails with trailing slash, retries without
- If fails without trailing slash, retries with
* feat(oidc): add gorilla sessions store for secure state management
Add gorilla sessions store to handle encrypted state cookies in OIDC flow,
while removing redundant session validation checks
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* fix(auth): prevent duplicate OIDC state cookies for authenticated sessions
Modify OIDC config handler to check for existing authenticated sessions
before setting state cookie. Still returns OIDC enabled status to maintain
UI state, but prevents unnecessary cookie creation for authenticated users.
* feat(oidc): use random secret for temporary state cookies
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* feat(auth): add rate limiting to OIDC endpoints
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* fix(auth): validate OIDC authorization code presence in callback
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* fix(auth): properly handle OIDC session errors
Improve error handling in OIDC login flow by properly handling cookie store
session errors. Return HTTP 500 if session cannot be retrieved instead of
silently continuing with potentially invalid state.
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
* feat(auth): track and display authentication method for oidc and password logins
* fix: tests
* docs(readme): add environment variable section
* go mod tidy
* chore: log style and errors
---------
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
Co-authored-by: ze0s <ze0s@riseup.net>
* feat(web): add theme toggle to navbar
* refactor: move OS theme detection to App.tsx
* fix: disallowed unused variables
* fix: removed unused variable
* refactor: check for os color scheme in SettingsContextDefaults
* refactor: remove unnecessary iconTheme variable
* fix: add title tag to button
* feat(backend): added change password api endpoint.
* feat(web): added profile UI to change password.
I think we can change the username too, but I don't know if we should for now disabled the username field.
* refactor: don't leak username or password.
* refactor: protect the route.
* generic
* feat: add ChangeUsername
* fix(tests): speculative fix for TestUserRepo_Update
* Revert "feat: add ChangeUsername"
This reverts commit d4c1645002883a278aa45dec3c8c19fa1cc75d9b.
* refactor into 1 endpoint that handles both
* feat: added option to change username as well. :pain:
* refactor: frontend
* refactor: function names in backend
I think this makes it more clear what their function is
* fix: change to 2 cols with separator
* refactor: update user
* fix: test db create user
---------
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
Co-authored-by: soup <soup@r4tio.dev>
Co-authored-by: martylukyy <35452459+martylukyy@users.noreply.github.com>
Co-authored-by: ze0s <ze0s@riseup.net>
* Various WebUI changes and fixes.
* feat(tooltip): make tooltip display upwards
* fix(tooltip): place tooltip to the right
* fix(web): add missing ml-px to SwitchGroup header
current: https://i.imgur.com/2WXstPV.png
new: https://i.imgur.com/QGQ49mP.png
* fix(web): collapse sections
* fix(web): improve freeleech section
* fix(web): rename action to action_components
Renamed the 'action' folder to 'action_components' to resolve import issues due to case sensitivity.
* fix(web): align CollapsibleSection
Old Advanced tab: https://i.imgur.com/MXaJ5eJ.png
New Advanced tab: https://i.imgur.com/4nPJJRw.png
Music tab for comparison: https://i.imgur.com/I59X7ot.png
* fix(web): remove invalid CSS class
* revert: vertical padding on switchgroup
added py-0 on the freeleech part instead
* feat(settings): add back log files
* fix(settings): irc channels and font sizes
* fix(components): radio select roundness
* fix(styling): various minor changes
* fix(filters): remove jitter fields
---------
Co-authored-by: ze0s <43699394+zze0s@users.noreply.github.com>
Co-authored-by: soup <soup@r4tio.dev>
Co-authored-by: ze0s <ze0s@riseup.net>
* add react suspense, fix broken stuff, clean up code, improve DX
enhancement: added react suspense + spinner to show loading (still can be added in certain places)
chore: cleaned up Header/NavBar code
chore: cleaned up DeleteModal code
chore: cleaned up other relevant code
enhancement: changed remove button style to be much more pleasant (see e.g. filter tabs)
fix: made active tab on filters page to be blue (as it should've been) when active
fix: fixed ghost delimiter which was only visible when DeleteModal was active in FormButtonGroup
chore: removed most of linter warnings/errors
fix: fixed incorrect/double modal transition in FilterExternalItem
fix: fixed incorrect z-height on Options popover in Settings/IRC (would've been visible when Add new was clicked)
enhancement: improved robustness of all Context classes to support seamless new-feature expansion (#866)
enhancement: improved expand logic (see #994 comments)
* reverted irc expand view to previous design
* forgot to propagate previous z-height fix
* jinxed it
* add license header to new files
---------
Co-authored-by: martylukyy <35452459+martylukyy@users.noreply.github.com>
Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
