diff --git a/.github/workflows/partial-builder.yml b/.github/workflows/partial-builder.yml index 2af0f128f71..345d2eedc87 100644 --- a/.github/workflows/partial-builder.yml +++ b/.github/workflows/partial-builder.yml @@ -22,13 +22,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Log in to the Container registry (ghcr.io) - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Log in to the Container registry (dockerhub) uses: docker/login-action@v3 with: @@ -53,8 +46,7 @@ jobs: platforms: linux/amd64,linux/arm64 push: true tags: | - hkotel/mealie:${{ inputs.tag }} - ghcr.io/${{ github.repository }}:${{ inputs.tag }} + markus364/mealie:${{ inputs.tag }} ${{ inputs.tags }} build-args: | COMMIT=${{ github.sha }} diff --git a/mealie/core/security/security.py b/mealie/core/security/security.py index 7cd8dd42c3a..8a938704661 100644 --- a/mealie/core/security/security.py +++ b/mealie/core/security/security.py @@ -11,7 +11,9 @@ from mealie.db.models.users.users import AuthMethod from mealie.repos.all_repositories import get_repositories from mealie.schema.user import PrivateUser +from mealie.schema.user.registration import CreateUserRegistration from mealie.services.user_services.user_service import UserService +from mealie.services.user_services.registration_service import RegistrationService ALGORITHM = "HS256" @@ -44,6 +46,26 @@ def create_recipe_slug_token(file_path: str | Path) -> str: return create_access_token(token_data, expires_delta=timedelta(minutes=30)) +def authenticate_user_remote(session, email: str, username: str) -> PrivateUser | bool: + settings = get_app_settings() + + db = get_repositories(session) + user = db.users.get_one(email, "email", any_case=True) + + if not user: + registration = CreateUserRegistration( + email=email, group=settings.DEFAULT_GROUP, username=username, password="123", password_confirm="123" + ) + user = RegistrationService.register_user(registration) + if not user: + return False + if user.login_attemps >= settings.SECURITY_MAX_LOGIN_ATTEMPTS or user.is_locked: + raise UserLockedOut() + + user.login_attemps = 0 + return db.users.update(user.id, user) + + def authenticate_user(session, email: str, password: str) -> PrivateUser | bool: settings = get_app_settings() diff --git a/mealie/routes/auth/auth.py b/mealie/routes/auth/auth.py index 080b68f80f9..3e64be1d9c9 100644 --- a/mealie/routes/auth/auth.py +++ b/mealie/routes/auth/auth.py @@ -9,7 +9,7 @@ from mealie.core import root_logger, security from mealie.core.config import get_app_settings from mealie.core.dependencies import get_current_user -from mealie.core.security import authenticate_user +from mealie.core.security import authenticate_user, authenticate_user_remote from mealie.core.security.security import UserLockedOut from mealie.db.db_setup import generate_session from mealie.routes._base.routers import UserAPIRouter @@ -70,7 +70,12 @@ def get_token( ip = request.client.host try: - user = authenticate_user(session, email, password) # type: ignore + if "Remote-User" in request.headers and "Remote-Email" in request.headers: + email = request.headers["Remote-Email"] + username = request.headers["Remote-User"] + user = authenticate_user_remote(session, email, username) + else: + user = authenticate_user(session, email, password) # type: ignore except UserLockedOut as e: logger.error(f"User is locked out from {ip}") raise HTTPException(status_code=status.HTTP_423_LOCKED, detail="User is locked out") from e diff --git a/mealie/services/user_services/registration_service.py b/mealie/services/user_services/registration_service.py index a294e8152e9..4ef42017bed 100644 --- a/mealie/services/user_services/registration_service.py +++ b/mealie/services/user_services/registration_service.py @@ -3,7 +3,6 @@ from fastapi import HTTPException, status -from mealie.core.security import hash_password from mealie.lang.providers import Translator from mealie.repos.repository_factory import AllRepositories from mealie.schema.group.group_preferences import CreateGroupPreferences @@ -102,3 +101,8 @@ def register_user(self, registration: CreateUserRegistration) -> PrivateUser: self.repos.group_invite_tokens.update(token_entry.token, token_entry) return user + + +def hash_password(password: str) -> str: + """Takes in a raw password and hashes it. Used prior to saving a new password to the database.""" + return get_hasher().hash(password)