de148cb2ad
feat: add WebUI API token authorization ( #4197 )
...
* return 401 instead of 403, provide www-authenticate header, redirect to the login page, add cookie token support
* set cookies completely through js in auth page
2024-11-19 18:43:02 +01:00
a1634b219a
fix: roll out bluemonday Sanitize more widely ( #3794 )
...
* initial pass: roll out bluemonday sanitization more widely
Signed-off-by: Dave Lee <dave@gray101.com >
* add one additional sanitize - the overall modelslist used by the docs site
Signed-off-by: Dave Lee <dave@gray101.com >
---------
Signed-off-by: Dave Lee <dave@gray101.com >
2024-10-12 09:45:47 +02:00
90cacb9692
test: preliminary tests and merge fix for authv2 ( #3584 )
...
* add api key to existing app tests, add preliminary auth test
Signed-off-by: Dave Lee <dave@gray101.com >
* small fix, run test
Signed-off-by: Dave Lee <dave@gray101.com >
* status on non-opaque
Signed-off-by: Dave Lee <dave@gray101.com >
* tweak auth error
Signed-off-by: Dave Lee <dave@gray101.com >
* exp
Signed-off-by: Dave Lee <dave@gray101.com >
* quick fix on real laptop
Signed-off-by: Dave Lee <dave@gray101.com >
* add downloader version that allows providing an auth header
Signed-off-by: Dave Lee <dave@gray101.com >
* stash some devcontainer fixes during testing
Signed-off-by: Dave Lee <dave@gray101.com >
* s2
Signed-off-by: Dave Lee <dave@gray101.com >
* s
Signed-off-by: Dave Lee <dave@gray101.com >
* done with experiment
Signed-off-by: Dave Lee <dave@gray101.com >
* done with experiment
Signed-off-by: Dave Lee <dave@gray101.com >
* after merge fix
Signed-off-by: Dave Lee <dave@gray101.com >
* rename and fix
Signed-off-by: Dave Lee <dave@gray101.com >
---------
Signed-off-by: Dave Lee <dave@gray101.com >
Co-authored-by: Ettore Di Giacinto <mudler@users.noreply.github.com >
2024-09-24 09:32:48 +02:00
db1159b651
feat: auth v2 - supersedes #2894 ( #3476 )
...
feat: auth v2 - supercedes #2894 , metrics to follow later
Signed-off-by: Dave Lee <dave@gray101.com >
2024-09-16 23:29:07 -04:00
