add heater authentication

.github/workflows/partial-builder.yml

@@ -22,13 +22,6 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Log in to the Container registry (ghcr.io)
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Log in to the Container registry (dockerhub)
         uses: docker/login-action@v3
         with:
@@ -53,8 +46,7 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           tags: |
-            hkotel/mealie:${{ inputs.tag }}
-            ghcr.io/${{ github.repository }}:${{ inputs.tag }}
+            markus364/mealie:${{ inputs.tag }}
             ${{ inputs.tags }}
           build-args: |
             COMMIT=${{ github.sha }}

mealie/core/security/security.py

@@ -11,7 +11,9 @@
 from mealie.db.models.users.users import AuthMethod
 from mealie.repos.all_repositories import get_repositories
 from mealie.schema.user import PrivateUser
+from mealie.schema.user.registration import CreateUserRegistration
 from mealie.services.user_services.user_service import UserService
+from mealie.services.user_services.registration_service import RegistrationService
 
 ALGORITHM = "HS256"
 
@@ -44,6 +46,26 @@ def create_recipe_slug_token(file_path: str | Path) -> str:
     return create_access_token(token_data, expires_delta=timedelta(minutes=30))
 
 
+def authenticate_user_remote(session, email: str, username: str) -> PrivateUser | bool:
+    settings = get_app_settings()
+
+    db = get_repositories(session)
+    user = db.users.get_one(email, "email", any_case=True)
+
+    if not user:
+        registration = CreateUserRegistration(
+            email=email, group=settings.DEFAULT_GROUP, username=username, password="123", password_confirm="123"
+        )
+        user = RegistrationService.register_user(registration)
+    if not user:
+        return False
+    if user.login_attemps >= settings.SECURITY_MAX_LOGIN_ATTEMPTS or user.is_locked:
+        raise UserLockedOut()
+
+    user.login_attemps = 0
+    return db.users.update(user.id, user)
+
+
 def authenticate_user(session, email: str, password: str) -> PrivateUser | bool:
     settings = get_app_settings()
 

mealie/routes/auth/auth.py

@@ -9,7 +9,7 @@
 from mealie.core import root_logger, security
 from mealie.core.config import get_app_settings
 from mealie.core.dependencies import get_current_user
-from mealie.core.security import authenticate_user
+from mealie.core.security import authenticate_user, authenticate_user_remote
 from mealie.core.security.security import UserLockedOut
 from mealie.db.db_setup import generate_session
 from mealie.routes._base.routers import UserAPIRouter
@@ -70,7 +70,12 @@ def get_token(
         ip = request.client.host
 
     try:
-        user = authenticate_user(session, email, password)  # type: ignore
+        if "Remote-User" in request.headers and "Remote-Email" in request.headers:
+            email = request.headers["Remote-Email"]
+            username = request.headers["Remote-User"]
+            user = authenticate_user_remote(session, email, username)
+        else:
+            user = authenticate_user(session, email, password)  # type: ignore
     except UserLockedOut as e:
         logger.error(f"User is locked out from {ip}")
         raise HTTPException(status_code=status.HTTP_423_LOCKED, detail="User is locked out") from e

mealie/services/user_services/registration_service.py

@@ -3,7 +3,6 @@
 
 from fastapi import HTTPException, status
 
-from mealie.core.security import hash_password
 from mealie.lang.providers import Translator
 from mealie.repos.repository_factory import AllRepositories
 from mealie.schema.group.group_preferences import CreateGroupPreferences
@@ -102,3 +101,8 @@ def register_user(self, registration: CreateUserRegistration) -> PrivateUser:
                 self.repos.group_invite_tokens.update(token_entry.token, token_entry)
 
         return user
+
+
+def hash_password(password: str) -> str:
+    """Takes in a raw password and hashes it. Used prior to saving a new password to the database."""
+    return get_hasher().hash(password)