luisgulo/photoprism
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
8455 commits 22 branches 65 tags 324 MiB
Commit graph

25 commits

Author SHA1 Message Date
Michael Mayer
d481bc3d34 WebDAV: Add token authentication tests #808 #3943 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2024-01-11 12:08:39 +01:00
Michael Mayer
94e361a8fd WebDAV: Add authorization check based on auth tokens #782 #808 #3943 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2024-01-10 16:54:13 +01:00
Michael Mayer
e03dbe5d16 OAuth2: Refactor limit for number of access tokens / sessions #808 #3943 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2024-01-09 13:46:55 +01:00
Michael Mayer
3e924b70c7 API: Move handling of HTTP auth headers to pkg/header #808 #3943 #3959 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2024-01-09 10:58:47 +01:00
Michael Mayer
ec13ccb6d5 OAuth2: Enforce limit for number of access tokens / sessions #808 #3943 
These changes ensure that OAuth2 clients cannot create an unlimited
number of access tokens (sessions) with their client credentials.

Signed-off-by: Michael Mayer <michael@photoprism.app>
 2024-01-08 16:57:07 +01:00
Michael Mayer
0e4d81853c API: Add .well-known/oauth-authorization-server route handler #808 #3943 
This commit also adds an /api/v1/oauth/logout endpoint that allows
clients to delete their sessions (access tokens) as needed.

Signed-off-by: Michael Mayer <michael@photoprism.app>
 2024-01-08 14:53:39 +01:00
Michael Mayer
f8e0615cc8 Auth: Ensure backwards compatibility for existing API clients #808 #3943 
These changes ensure that the new (SHA256) session ID is returned in the
"session_id" field, so that developers have time to update their client
implementations to use the new "access_token" field.

Signed-off-by: Michael Mayer <michael@photoprism.app>
 2024-01-07 12:25:56 +01:00
Michael Mayer
0d2f8be522 Auth: Use hashed auth tokens for enhanced security #3943 #808 #782 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2024-01-06 17:35:19 +01:00
Michael Mayer
713593da4e Auth: Add CLI command to create access tokens for apps #782 #808 #3943 
You can now run "photoprism auth add" to create new client access tokens
that allow external applications to use the built-in REST API.

Signed-off-by: Michael Mayer <michael@photoprism.app>
 2024-01-05 16:31:07 +01:00
Michael Mayer
467f7b1585 OAuth2: Add Client Credentials Authentication #213 #782 #808 #3730 #3943 
This adds standard OAuth2 client credentials and bearer token support as
well as scope-based authorization checks for REST API clients. Note that
this initial implementation should not be used in production and that
the access token limit has not been implemented yet.

Signed-off-by: Michael Mayer <michael@photoprism.app>
 2023-12-12 18:42:50 +01:00
Michael Mayer
c4593b750e Help & Support: Improve about.vue and connect.vue pages 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2023-03-29 12:53:51 +02:00
Michael Mayer
0a5dce5aeb Auth: Refactor sessions API and model #98 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2023-03-09 18:45:04 +01:00
Michael Mayer
d8ab9616a5 Auth: Refactor user management API and CLI commands #98 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2023-03-09 15:12:10 +01:00
Michael Mayer
60162b3fc5 Auth: Refactor user management API and CLI commands #98 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2023-03-08 23:30:39 +01:00
Michael Mayer
a3ee21897d Auth: Improve display of username #98 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2023-02-02 17:11:35 +01:00
Michael Mayer
cc38922cbe Auth: Add dummy LDAP service #98 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2022-11-22 22:14:34 +01:00
Michael Mayer
59da5037e6 Server: Add Error 404 Not Found template and change ext to .gohtml #840 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2022-10-18 22:19:41 +02:00
Michael Mayer
837669f796 Auth: Extend account settings with user details and avatar upload #98 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2022-10-17 19:07:38 +02:00
Michael Mayer
884dea17de Security: Use individual preview tokens for each user account #98 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2022-10-13 22:11:02 +02:00
Michael Mayer
05cdcbaf9d Sessions: Cache pointers to improve performance #98 #782 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2022-10-03 23:39:36 +02:00
Michael Mayer
bac6ae0cbd Sessions: Add max age and timeout config options #98 #782 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2022-10-03 22:59:29 +02:00
Michael Mayer
4c516cac38 Auth: Rename database tables and delete temporary tables #98 #782 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2022-10-02 22:09:02 +02:00
Michael Mayer
6e74f16a77 Auth: Open album share links in the regular user interface #98 #782 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2022-10-02 11:38:30 +02:00
Michael Mayer
323d495840 Auth: Apply user rights and permissions in the search API #98 #782 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2022-09-30 00:42:19 +02:00
Michael Mayer
f5a8c5a45d Auth: Session and ACL enhancements #98 #1746 
Signed-off-by: Michael Mayer <michael@photoprism.app>
 2022-09-28 09:01:17 +02:00