Eric Callahan
4bed314b0a
authorizaton: fix static type checks
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2022-06-17 17:56:47 -04:00
Eric Callahan
8266376f46
authorization: fix minor typing issues
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2022-06-17 17:07:58 -04:00
Luca Schöneberg
58fa361c8c
authorization: implement /access/info endpoint
...
Signed-off-by: Luca Schöneberg <luca-schoeneberg@outlook.com>
2022-06-17 11:19:12 -04:00
Eric Callahan
7780a8a09e
authorization: add ldap support
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2022-06-10 11:19:52 -04:00
Eric Callahan
5081321a32
Revert "authorization: add LDAP support"
...
This reverts commit a86cbc77f6182198e1058752a8ee77a516b01b7e.
2022-06-08 06:23:19 -04:00
Luca Schöneberg
a86cbc77f6
authorization: add LDAP support
...
Signed-off-by: Luca Schöneberg luca-schoeneberg@outlook.com
2022-06-07 06:46:08 -04:00
Eric Callahan
d11357e5f2
authorization: add status methods
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2022-03-30 14:35:39 -04:00
Eric Callahan
b43f4623fc
authorization: update for changes in the database
...
Since the User DB is not going to be large cache the users
in local memory and sync with the DB when changes are
made to the local user store.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2022-02-17 11:19:57 -05:00
Eric Callahan
1072958534
authorization: start the prune timer in component_init()
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2022-02-05 06:56:29 -05:00
Eric Callahan
7d1cf435f7
authorization: report invalid "trusted_clients"
...
Add warnings that are reported to clients and logged if an
invalid trusted client is detected.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-12-20 08:37:54 -05:00
Eric Callahan
4e625aef37
authorization: replace PeriodicCallback
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-12-10 11:32:52 -05:00
Eric Callahan
7a99f83396
server: refactor get_host_info method
...
Return a dict with the host name, server address, server port, and ssl port.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-11-25 05:43:49 -05:00
Eric Callahan
22807ee393
authorization: use extended confighelper methods
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-11-20 11:40:57 -05:00
Eric Callahan
adb88fd8cf
authorization: validate user data on startup
...
This provides corrective action in the event that an
invalid user entry makes its way into the database.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-11-15 06:00:59 -05:00
Eric Callahan
245053434f
authorization: specifically identify basic auth
...
Raise an exception when a request with Basic Auth is received, however do not log the username/password.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-08-28 08:54:40 -04:00
Eric Callahan
dfb8da6e3e
authorization: improve error message for invalid auth headers
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-08-27 06:11:55 -04:00
Eric Callahan
7f740ccb5a
authorization: add warning if a domian in "cors_domains" contains a trailing slash
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-07-12 15:47:38 -04:00
Eric Callahan
e4ecc1febe
authorization: replace references to ioloop with eventloop
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-07-12 06:16:18 -04:00
Eric Callahan
40f21b10cd
app: allow transport registration
...
This allows eligible components to register themselves as API transports. By default the WebsocketManager is registered.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-06-25 17:46:43 -04:00
Eric Callahan
936d766cae
authorization: correctly handle the transition from a deprecated signature algorithm
...
SIgned-off-by: Eric Callahan <arksine.code@gmail.com>
2021-06-04 14:48:21 -04:00
Eric Callahan
39343f984a
authorization: switch to EdDSA signatures
...
This removes the cryptography dependency in favor of libsodium. Also removed is python-jose, as we must generate our own JWTs for use with EdDSA.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
use libnacl instead of pynacl
2021-06-03 05:45:56 -04:00
Eric Callahan
793ab6b24b
app: add a redirect endpoint
...
Clients can use this in situations where a browser may
prompt the user to take action prior to sending the
request. After the user accepts, Moonraker will redirect the user to the url provided in the request.
SIgned-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-28 21:03:03 -04:00
Eric Callahan
082134b9a0
authorization: raise a 401 error in the event that a JWT failes decoding
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-28 18:26:32 -04:00
Arksine
5f7cff9af8
authorization: attempt to resolve cryptography import issues
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-24 07:25:31 -04:00
Arksine
aa9641024a
authorization: restrict CORS headers on non-options requests
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-23 20:36:26 -04:00
Arksine
dc4da6087f
authorization: rename the oneshot request handler
...
Naming the method "_handle_oneshot_request" is less ambiguous than "_handle_token_request".
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-23 14:46:46 -04:00
Arksine
8a3b885eca
authorization: use ES256 algorithm for JWT signatures
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-23 14:46:46 -04:00
Arksine
ce7f659a32
authorization: use python_jose dependency for jwt management
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-23 09:09:53 -04:00
Arksine
b8cf0d7fd2
authorization: check the query string for jwts
...
Clients may pass a json web token via the query string's "access_token" argument to authorize requests that do not allow modified headers.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-19 19:18:23 -04:00
Arksine
dca7bd51cd
authorization: add 'force_logins' option
...
When "force_logins" is enabled a user login is required if at least one user is registered, overriding the "trusted_clients" configuration.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-19 19:05:48 -04:00
Arksine
41ddbb16a8
authorization: add annotations
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-18 19:16:49 -04:00
Arksine
2ba85533c2
authorization: refactor user delete API
...
It is now possible for any authorized request to delete a user, however a logged in user cannot delete its own account.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-14 12:59:30 -04:00
Arksine
490e66fe07
authorization: bypass authorization check when the request method is OPTIONS
...
If CORS is enabled then then OPTIONS should always return 204.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-13 19:33:42 -04:00
Arksine
b3187710d0
authorization: Return more detail in "/access/users/list"
...
Return a list of objects with username and creation date fields.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-13 17:58:07 -04:00
Arksine
1af7f7d550
authorization: send websocket notifications when a user is created or deleted
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-13 15:24:41 -04:00
Arksine
400cefebc8
authorization: add '/access/users/list' API request
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-13 14:58:22 -04:00
Arksine
46e1d7b66b
authorization: support fqdns as "trusted_clients"
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-04-29 19:16:57 -04:00
Arksine
4e0e223599
authorization: allow auth related CORS Headers
...
Allow Authorization, X-Api-Key, and X-Access-Token headers when CORS is enabled.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-04-19 20:46:17 -04:00
Arksine
7eba8e58e3
authorization: add support for JWT User Authorizaton
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-04-19 20:46:17 -04:00
Arksine
24e6fded91
authorization: use database to store API Key
...
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-04-18 07:25:12 -04:00
Arksine
14991ac3b9
authorization: convert module to component
...
CONFIG CHANGE: This deprecates the "enabled" option in the [authorization] section. Authorization will be enabled if the section is included in moonraker.conf, otherwise it will be disabled.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-04-18 07:25:12 -04:00