Raise an exception when a request with Basic Auth is received, however do not log the username/password.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This allows eligible components to register themselves as API transports. By default the WebsocketManager is registered.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This removes the cryptography dependency in favor of libsodium. Also removed is python-jose, as we must generate our own JWTs for use with EdDSA.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
use libnacl instead of pynacl
Clients can use this in situations where a browser may
prompt the user to take action prior to sending the
request. After the user accepts, Moonraker will redirect the user to the url provided in the request.
SIgned-off-by: Eric Callahan <arksine.code@gmail.com>
Clients may pass a json web token via the query string's "access_token" argument to authorize requests that do not allow modified headers.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
When "force_logins" is enabled a user login is required if at least one user is registered, overriding the "trusted_clients" configuration.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
It is now possible for any authorized request to delete a user, however a logged in user cannot delete its own account.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
CONFIG CHANGE: This deprecates the "enabled" option in the [authorization] section. Authorization will be enabled if the section is included in moonraker.conf, otherwise it will be disabled.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
