CreatBot/CreatBotMoonraker
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,382 Commits 3 Branches 8 Tags
Commit Graph

41 Commits

Author SHA1 Message Date
Eric Callahan
4bed314b0a
authorizaton: fix static type checks 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2022-06-17 17:56:47 -04:00
Eric Callahan
8266376f46
authorization: fix minor typing issues 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2022-06-17 17:07:58 -04:00
Luca Schöneberg
58fa361c8c
authorization: implement /access/info endpoint 
Signed-off-by: Luca Schöneberg <luca-schoeneberg@outlook.com>
 2022-06-17 11:19:12 -04:00
Eric Callahan
7780a8a09e
authorization: add ldap support 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2022-06-10 11:19:52 -04:00
Eric Callahan
5081321a32
Revert "authorization: add LDAP support" 
This reverts commit a86cbc77f6182198e1058752a8ee77a516b01b7e.
 2022-06-08 06:23:19 -04:00
Luca Schöneberg
a86cbc77f6
authorization: add LDAP support 
Signed-off-by: Luca Schöneberg luca-schoeneberg@outlook.com
 2022-06-07 06:46:08 -04:00
Eric Callahan
d11357e5f2
authorization: add status methods 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2022-03-30 14:35:39 -04:00
Eric Callahan
b43f4623fc authorization: update for changes in the database 
Since the User DB is not going to be large cache the users
in local memory and sync with the DB when changes are
made to the local user store.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2022-02-17 11:19:57 -05:00
Eric Callahan
1072958534 authorization: start the prune timer in component_init() 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2022-02-05 06:56:29 -05:00
Eric Callahan
7d1cf435f7 authorization: report invalid "trusted_clients" 
Add warnings that are reported to clients and logged if an
invalid trusted client is detected.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-12-20 08:37:54 -05:00
Eric Callahan
4e625aef37 authorization: replace PeriodicCallback 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-12-10 11:32:52 -05:00
Eric Callahan
7a99f83396 server: refactor get_host_info method 
Return a dict with the host name, server address, server port, and ssl port.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-11-25 05:43:49 -05:00
Eric Callahan
22807ee393 authorization: use extended confighelper methods 
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
 2021-11-20 11:40:57 -05:00
Eric Callahan
adb88fd8cf authorization: validate user data on startup 
This provides corrective action in the event that an
invalid user entry makes its way into the database.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-11-15 06:00:59 -05:00
Eric Callahan
245053434f authorization: specifically identify basic auth 
Raise an exception when a request with Basic Auth is received, however do not log the username/password.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-08-28 08:54:40 -04:00
Eric Callahan
dfb8da6e3e authorization: improve error message for invalid auth headers 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-08-27 06:11:55 -04:00
Eric Callahan
7f740ccb5a authorization: add warning if a domian in "cors_domains" contains a trailing slash 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-07-12 15:47:38 -04:00
Eric Callahan
e4ecc1febe authorization: replace references to ioloop with eventloop 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-07-12 06:16:18 -04:00
Eric Callahan
40f21b10cd app: allow transport registration 
This allows eligible components to register themselves as API transports.  By default the WebsocketManager is registered.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-06-25 17:46:43 -04:00
Eric Callahan
936d766cae authorization: correctly handle the transition from a deprecated signature algorithm 
SIgned-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-06-04 14:48:21 -04:00
Eric Callahan
39343f984a authorization: switch to EdDSA signatures 
This removes the cryptography dependency in favor of libsodium.  Also removed is python-jose, as we must generate our own JWTs for use with EdDSA.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>

use libnacl instead of pynacl
 2021-06-03 05:45:56 -04:00
Eric Callahan
793ab6b24b app: add a redirect endpoint 
Clients can use this in situations where a browser may
prompt the user to take action prior to sending the
request.  After the user accepts, Moonraker will redirect the user to the url provided in the request.

SIgned-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-28 21:03:03 -04:00
Eric Callahan
082134b9a0 authorization: raise a 401 error in the event that a JWT failes decoding 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-28 18:26:32 -04:00
Arksine
5f7cff9af8 authorization: attempt to resolve cryptography import issues 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-24 07:25:31 -04:00
Arksine
aa9641024a authorization: restrict CORS headers on non-options requests 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-23 20:36:26 -04:00
Arksine
dc4da6087f authorization: rename the oneshot request handler 
Naming the method "_handle_oneshot_request" is less ambiguous than "_handle_token_request".

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-23 14:46:46 -04:00
Arksine
8a3b885eca authorization: use ES256 algorithm for JWT signatures 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-23 14:46:46 -04:00
Arksine
ce7f659a32 authorization: use python_jose dependency for jwt management 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-23 09:09:53 -04:00
Arksine
b8cf0d7fd2 authorization: check the query string for jwts 
Clients may pass a json web token via the query string's "access_token" argument to authorize requests that do not allow modified headers.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-19 19:18:23 -04:00
Arksine
dca7bd51cd authorization: add 'force_logins' option 
When "force_logins" is enabled a user login is required if at least one user is registered, overriding the "trusted_clients" configuration.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-19 19:05:48 -04:00
Arksine
41ddbb16a8 authorization: add annotations 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-18 19:16:49 -04:00
Arksine
2ba85533c2 authorization: refactor user delete API 
It is now possible for any authorized request to delete a user, however a logged in user cannot delete its own account.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-14 12:59:30 -04:00
Arksine
490e66fe07 authorization: bypass authorization check when the request method is OPTIONS 
If CORS is enabled then then OPTIONS should always return 204.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-13 19:33:42 -04:00
Arksine
b3187710d0 authorization: Return more detail in "/access/users/list" 
Return a list of objects with username and creation date fields.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-13 17:58:07 -04:00
Arksine
1af7f7d550 authorization: send websocket notifications when a user is created or deleted 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-13 15:24:41 -04:00
Arksine
400cefebc8 authorization: add '/access/users/list' API request 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-05-13 14:58:22 -04:00
Arksine
46e1d7b66b authorization: support fqdns as "trusted_clients" 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-04-29 19:16:57 -04:00
Arksine
4e0e223599 authorization: allow auth related CORS Headers 
Allow Authorization, X-Api-Key, and X-Access-Token headers when CORS is enabled.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-04-19 20:46:17 -04:00
Arksine
7eba8e58e3 authorization: add support for JWT User Authorizaton 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-04-19 20:46:17 -04:00
Arksine
24e6fded91 authorization: use database to store API Key 
Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-04-18 07:25:12 -04:00
Arksine
14991ac3b9 authorization: convert module to component 
CONFIG CHANGE:  This deprecates the "enabled" option in the [authorization] section.  Authorization will be enabled if the section is included in moonraker.conf,  otherwise it will be disabled.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
 2021-04-18 07:25:12 -04:00