Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace basic auth with cookie authentication #440

Merged
merged 6 commits into from
Apr 8, 2020
Merged

Replace basic auth with cookie authentication #440

merged 6 commits into from
Apr 8, 2020

Conversation

WithoutPants
Copy link
Collaborator

Replaces the existing basic authentication with cookie-based authentication.

If credentials are configured and no session is active, then the UI will redirect to a login page, which consists of only the following:

image

(key is a Chrome addition)

Entering invalid credentials gives an error as follows:

image

The login operation should redirect to the page that the user was attempting to access after logging in.

Cookies are JWT based and persist through server restarts.

Added a new configuration option: Maximum Session Age. This is the maximum age - in seconds - of the session cookie before it expires. The cookie is renewed during every request, so this option represents the maximum idle time before the session is expired.

Added a logout button next to the Settings button. This button is only shown when credentials are required and the user is logged in.

image

Clicking on this button expires the session cookie and returns the user to the login page.

Resolves #361.

@WithoutPants WithoutPants added the feature Pull requests that add a new feature label Apr 4, 2020
@WithoutPants WithoutPants added this to the Version 0.2.0 milestone Apr 4, 2020
bnkai
bnkai reviewed Apr 4, 2020
View reviewed changes
pkg/api/server.go Outdated Show resolved Hide resolved
bnkai
bnkai approved these changes Apr 5, 2020
View reviewed changes
Copy link
Collaborator

@bnkai bnkai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks and works great.
Setup can not be accessed now without proper authentication.

@WithoutPants WithoutPants merged commit 15e7756 into stashapp:develop Apr 8, 2020
@rushing-pixel rushing-pixel mentioned this pull request Apr 8, 2020
Closed
Anon247 pushed a commit to Anon247/stash that referenced this pull request Apr 11, 2020
@WithoutPants @Anon247
Replace basic auth with cookie authentication (stashapp#440)
57e405c 
* Add logout functionality and button
* Make session age configurable
Tweeticoats pushed a commit to Tweeticoats/stash that referenced this pull request Feb 1, 2021
@WithoutPants
Replace basic auth with cookie authentication (stashapp#440)
feb2027 
* Add logout functionality and button
* Make session age configurable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bnkai bnkai bnkai approved these changes

Assignees
No one assigned
Labels
feature Pull requests that add a new feature
Projects
None yet
Milestone
Version 0.2.0
Development

Successfully merging this pull request may close these issues.

[Bug Report] Mobile UI doesn’t load when using authentication (IOS)
2 participants
@WithoutPants @bnkai